From 7ec382baebf84c397538e680d122e3a7d2f7d4d1 Mon Sep 17 00:00:00 2001
From: Pier Carlo Chiodi <pierky@pierky.com>
Date: Sat, 24 Sep 2022 17:21:33 +0200
Subject: [PATCH 1/5] OpenBGPD 7.6

---
 .github/workflows/cicd.yml                       |  2 +-
 docs/FEATURES.rst                                |  2 +-
 pierky/arouteserver/builder.py                   |  3 ++-
 pierky/arouteserver/tests/live_tests/openbgpd.py | 14 ++++++++++++--
 4 files changed, 16 insertions(+), 5 deletions(-)

diff --git a/.github/workflows/cicd.yml b/.github/workflows/cicd.yml
index d90382f6..541a736c 100644
--- a/.github/workflows/cicd.yml
+++ b/.github/workflows/cicd.yml
@@ -69,8 +69,8 @@ jobs:
           echo "$DOCKER_PASSWORD" | docker login --username "$DOCKER_USERNAME" --password-stdin
           docker pull pierky/bird:1.6.8
           docker pull pierky/bird:2.0.10
-          docker pull pierky/openbgpd:7.4
           docker pull pierky/openbgpd:7.5
+          docker pull pierky/openbgpd:7.6
           docker pull pierky/exabgp:4.2.7
           docker pull nlnetlabs/routinator:v0.8.3
         env:
diff --git a/docs/FEATURES.rst b/docs/FEATURES.rst
index ddb21f7b..fdcd4357 100644
--- a/docs/FEATURES.rst
+++ b/docs/FEATURES.rst
@@ -33,7 +33,7 @@ How it works
 
 #. `Jinja2`_ built-in templates are used to render the final route server's configuration file.
 
-   Currently, **BIRD** (>= 1.6.3 up to 1.6.8), **BIRD v2** (starting from 2.0.7) and **OpenBGPD** (OpenBSD 6.1 up to 7.5 and also OpenBGPD Portable 6.5p1 up to 7.5) are supported, with almost `feature parity <https://arouteserver.readthedocs.io/en/latest/SUPPORTED_SPEAKERS.html#supported-features>`__ between them.
+   Currently, **BIRD** (>= 1.6.3 up to 1.6.8), **BIRD v2** (starting from 2.0.7) and **OpenBGPD** (OpenBSD 6.1 up to 7.6 and also OpenBGPD Portable 6.5p1 up to 7.6) are supported, with almost `feature parity <https://arouteserver.readthedocs.io/en/latest/SUPPORTED_SPEAKERS.html#supported-features>`__ between them.
 
 **Validation** and testing of the configurations generated with this tool are performed using the built-in **live tests** framework: `Docker`_ instances are used to simulate several scenarios and to validate the behaviour of the route server after configuring it with ARouteServer. More details on the `Live tests <https://arouteserver.readthedocs.io/en/latest/LIVETESTS.html>`__ section.
 
diff --git a/pierky/arouteserver/builder.py b/pierky/arouteserver/builder.py
index feb16f47..7ec45cda 100644
--- a/pierky/arouteserver/builder.py
+++ b/pierky/arouteserver/builder.py
@@ -953,7 +953,8 @@ class OpenBGPDConfigBuilder(ConfigBuilder):
     LOCAL_FILES_BASE_DIR = "/etc/bgpd"
 
     AVAILABLE_VERSION = ["6.0", "6.1", "6.2", "6.3", "6.4", "6.5", "6.6", "6.7",
-                         "6.8", "6.9", "7.0", "7.1", "7.2", "7.3", "7.4", "7.5"]
+                         "6.8", "6.9", "7.0", "7.1", "7.2", "7.3", "7.4", "7.5",
+                         "7.6"]
     DEFAULT_VERSION = AVAILABLE_VERSION[-1]
 
     IGNORABLE_ISSUES = ConfigBuilder.IGNORABLE_ISSUES + \
diff --git a/pierky/arouteserver/tests/live_tests/openbgpd.py b/pierky/arouteserver/tests/live_tests/openbgpd.py
index 43ff8279..6dec01e1 100644
--- a/pierky/arouteserver/tests/live_tests/openbgpd.py
+++ b/pierky/arouteserver/tests/live_tests/openbgpd.py
@@ -607,5 +607,15 @@ class OpenBGPD75PortableInstance(OpenBGPDPortableInstance):
     TARGET_VERSION = "7.5"
 
 
-OpenBGPDPortablePreviousInstance = OpenBGPD74PortableInstance
-OpenBGPDPortableLatestInstance = OpenBGPD75PortableInstance
+class OpenBGPD76PortableInstance(OpenBGPDPortableInstance):
+
+    DOCKER_IMAGE = "pierky/openbgpd:7.6"
+
+    TAG = "openbgpd76p"
+
+    BGP_SPEAKER_VERSION = "7.6"
+    TARGET_VERSION = "7.6"
+
+
+OpenBGPDPortablePreviousInstance = OpenBGPD75PortableInstance
+OpenBGPDPortableLatestInstance = OpenBGPD76PortableInstance

From 11b04eb01451cd0298157aa8d418fc41ec722566 Mon Sep 17 00:00:00 2001
From: Pier Carlo Chiodi <pierky@pierky.com>
Date: Sat, 24 Sep 2022 17:21:49 +0200
Subject: [PATCH 2/5] Enable `rde evaluate all` with ADD-PATH in 7.6

This is to enable `rde evaluate all` again in 7.6 when ADD-PATH is
turned on.

https://github.com/openbgpd-portable/openbgpd-portable/issues/37
---
 templates/fingerprints.yml                     | 2 +-
 templates/openbgpd/clients.j2                  | 2 +-
 tests/live_tests/scenarios/path_hiding/base.py | 1 +
 3 files changed, 3 insertions(+), 2 deletions(-)

diff --git a/templates/fingerprints.yml b/templates/fingerprints.yml
index 9a96c62a..86ab484c 100644
--- a/templates/fingerprints.yml
+++ b/templates/fingerprints.yml
@@ -16,7 +16,7 @@ md:
   macros.j2: bb4c38f830831d476840c228ede6de8cc778de55b74b2882451b1ce980a47cea56b0f9426236dc5c0f844af4fbc73642e85efb510b24b26ddc96ab1206942c88
   main.j2: be98308fd4c8f4992e58cebcdd41b6bbb59122763bbbf1c3d74dc5e980db59aabd716e8d809a5bee05b60be6530e4704026cb054235c1f4c35b23d450f9bd59b
 openbgpd:
-  clients.j2: 5518aff8ce7e928f449867ca9edce5a11c7dee879279b6a9db1037425f96c1faa5c0bbb6f6b1ad5eb415554be59273ab91225852db4037fbe475e4cceba439c1
+  clients.j2: b3e5cee4cfeb581b15462055d2c6283fe648750312f8f98d7676b374f7fa4d48e2e249f13d847c80e39be449e0b19cd7f832163dc7da0e3c9727d9f092eb477c
   filters.j2: 67230b4a9841be775a0edb724f408a651c42469c1535b360c3b0ee3af5bff2929964540514d64ac320116f2c0faed22c089f51d647c455b9316dd3975d583d2d
   header.j2: 9b6700145069c22bb51f0a694f984da3babecc2528555e2afa8f50d347424508fe8a9868fffae956bf1a7801545fcd278cb08bece8855ead71ad262c181496d0
   irrdb.j2: a41aff6077c4b7ddd8ae03f0ac33f3ff47c9812350204d929a8b02fe63d023a813e802a7c9183528058b55d7502f7aeaef77a65acc906022586510f37453b88a
diff --git a/templates/openbgpd/clients.j2 b/templates/openbgpd/clients.j2
index b39573ab..cf3ad9dc 100644
--- a/templates/openbgpd/clients.j2
+++ b/templates/openbgpd/clients.j2
@@ -27,7 +27,7 @@ group "clients" {
 		remote-as {{ client.asn }}
 
 {% if cfg.path_hiding and "6.9"|target_version_ge %}
-{%		if "7.5"|target_version_ge and client.cfg.add_path %}
+{%		if "7.5"|target_version_ge and "7.5"|target_version_le and client.cfg.add_path %}
 		# This is needed to avoid the bgpd error
 		#	"neighbors with add-path send cannot use 'rde evaluate all'"
 		# It overrides the global 'rde evaluate all' setting for
diff --git a/tests/live_tests/scenarios/path_hiding/base.py b/tests/live_tests/scenarios/path_hiding/base.py
index 1407a85b..f5f145b1 100644
--- a/tests/live_tests/scenarios/path_hiding/base.py
+++ b/tests/live_tests/scenarios/path_hiding/base.py
@@ -207,6 +207,7 @@ def test_040_AS3_and_AS4_prefix_via_AS2(self):
         for inst in (self.AS3, self.AS4):
             if isinstance(self.rs, OpenBGPDInstance) and \
                 version.parse(target_version) >= version.parse("7.5") and \
+                version.parse(target_version) < version.parse("7.6") and \
                 inst is self.AS3:
                 # On OpenBGPD 7.5, ADD_PATH support was introduced: however,
                 # when it is set, the 'rde evaluate all' config knob that allows

From 046099122fb940a61e42cc8d757d753f1b70fdb2 Mon Sep 17 00:00:00 2001
From: Pier Carlo Chiodi <pierky@pierky.com>
Date: Sun, 25 Sep 2022 12:54:07 +0200
Subject: [PATCH 3/5] Prevent calls to external APIs

---
 pierky/arouteserver/tests/base.py             |  24 ++++++++++++++++++
 requirements-dev.txt                          |   1 +
 .../static/data/arin-whois-originas.json.bz2  | Bin 0 -> 1513935 bytes
 .../static/data/peeringdb_net_3333_10745.json |   1 +
 tests/static/test_enricher_irrdb.py           |   5 ++++
 5 files changed, 31 insertions(+)
 create mode 100644 tests/static/data/arin-whois-originas.json.bz2
 create mode 100644 tests/static/data/peeringdb_net_3333_10745.json

diff --git a/pierky/arouteserver/tests/base.py b/pierky/arouteserver/tests/base.py
index c54213ac..edb08a95 100644
--- a/pierky/arouteserver/tests/base.py
+++ b/pierky/arouteserver/tests/base.py
@@ -17,6 +17,26 @@
 import os
 import sys
 import unittest
+import requests_mock
+import json
+
+
+def setup_requests_mock():
+    res = requests_mock.Mocker()
+    res.start()
+    res.get(
+        "https://www.peeringdb.com/api/net?info_never_via_route_servers=1",
+        json={}
+    )
+    res.get(
+        "https://www.peeringdb.com/api/net?asn__in=3333,10745",
+        json=json.load(open("tests/static/data/peeringdb_net_3333_10745.json"))
+    )
+    res.get(
+        "http://irrexplorer.nlnog.net/static/dumps/arin-whois-originas.json.bz2",
+        content=open("tests/static/data/arin-whois-originas.json.bz2", "br").read()
+    )
+    return res
 
 
 class CaptureLog(logging.Handler):
@@ -46,6 +66,7 @@ def reset(self):
         finally:
             self.release()
 
+
 class ARouteServerTestCase(unittest.TestCase):
 
     NEED_TO_CAPTURE_LOG = False
@@ -79,6 +100,8 @@ def _setUpClass(cls):
 
     @classmethod
     def setUpClass(cls):
+        # Prevent actual calls to external APIs.
+        cls.requests_mock = setup_requests_mock()
         cls._setUpClass()
 
     @classmethod
@@ -87,6 +110,7 @@ def _tearDownClass(cls):
 
     @classmethod
     def tearDownClass(cls):
+        cls.requests_mock.stop()
         cls._tearDownClass()
 
     @classmethod
diff --git a/requirements-dev.txt b/requirements-dev.txt
index 220e5938..d443b346 100644
--- a/requirements-dev.txt
+++ b/requirements-dev.txt
@@ -2,3 +2,4 @@ nose>=1.3.7
 mock>=2.0.0;python_version<"3.3"
 flake8
 coveralls
+requests-mock==1.9.3
diff --git a/tests/static/data/arin-whois-originas.json.bz2 b/tests/static/data/arin-whois-originas.json.bz2
new file mode 100644
index 0000000000000000000000000000000000000000..7e489384d33fcf3a03aecfb1570f0c7986c2aa54
GIT binary patch
literal 1513935
zcmb4~Wl$VS*XIY9;O@a4f;(K?-90!28Jq!z$;BOlYaqA`ZZp6D!3i4Nh8Z9PLXg2B
z2{-rIyzlOQ*biG<+uhaGA5NdHt~%9y{?)%$xA&13SF_`_u<PReZI8dCz8|Y;X-e>)
zYfjhqsU1)IXRf}^N&o<Wpb8LJ`BD|YOXIw_9lmP*G!51XsvU$$$Uz<i69s=s5ve8$
zQq>SP)1;eHv2zmB)X)+p)>x@(AR@LRRyO;wW_6pY04>sehM=J<7XaP(6AlO@3yNMZ
zloxW)_Ecs#3=r?i)Nn$rlo@8lpr~tTqraJMLh(d=U$r~`dSbo!LGh+*b|(V!+F>d~
zolh<GG*H8sOW7MT2j~M*&|oL2V#fk-v+(fRyr^wge_`HOPpHR{3R463b)uL&XaH6G
z)%sPs8LGkCp;Foz(gtb{=xbJpbSwUk<6WHnP<z)@Yx`~ouXUteo8WF)IsJ=H73PsD
z`guHimDor03Xj^zNMN#z2T!p>3lZ=et|Fo;11e3Yaw*5TMv?4UqE+8nJfe(E_Phmi
z;1pqk56@IzL1IbS8XN88HL;#57*y<Y+xVqhcu8PwshIZA!4x?RtEfH1hYXCPLY9q6
zf$s-q%j1`^9AC7R8UH|CTpm8PKS8#FoX!aBwvzcjD;8ZYdCMC6A}T^z26nR}Dzg0|
z`gWF{(UCu&EHSeafo)IWfYj<uvsfQ;S4SOtz?H(x=ZYmn7pi@45h?3m3XC{LBIpB<
zb}`=@Iw1pYO?8<7g3yfWDzV##p0(h|@LD9;I-sQOgG$1-%9#_BrKN~e_R`5xr!*pz
z5s78;UPVvatIn*^c%S_;BKr9&F@y;+qxr$!gkmlh-km0xu`LBv*4Z4rdZ()C+}q+W
z_#Ar=@iehGK5;pVba@_-S>zo?IVB@CW@cqNy~(qL<~1PlIG2sNd1<E|ur>jW^TKT@
zmCGA_$nxty@df}W-#?pD(h6efYt{>>@-Hls!p!`U9!Y{LS)Kf5w1B7B|F-%+x)+FD
zUu}_EQ<*iNHvqG?Q2?olT7zYse(c*CQUJgMfM3F?r=RoRQ?L!|X$ZCW*C>_&9;1fr
zRMGW%RZ`6bvH1VxmQ$UbMnCo4DydGB&jS<l2D63FI+ZU4cV4pw`?wEaSzKIdrS2a>
zPC(0le5e5IjsKcbT9L&8ta?>xeeg6jjVDdb)cJ|i3B&j~iT_%r#iRM_!<m;k#Tzbn
zU;cD`VJ&~N3^lWEGk?v(bOVMJGc7aQ78+lebklAYO__+lpPmDqbk$Usy)>Z}kEOd&
zx>4+cgBCvVz5y`T-HW@O)jnO=GFRq&P$t1FU4to0kiRf!Q}8$#)f?(KouIwaqCG9;
zZW^F1-c_sJ&U7M^#Z<M-K<cht>oQ@9X(<z-^37@uV5%;#%7V#^Ww`q@2~KtO`g^qD
zPj9aWm}|9hYk$(}YN2iFwckuPg30XoBbla{M6_3WF-RL3q+j7YkF}vap)TjNhR?d)
zl8~=V>gMtIu8fGkRZWJLwRF=4ciEKB=9KMjtuH^U1}bHX<eg5ipQ;U@^??ll3;oKr
zL^OSNUuf@2`DqV?NSoOixVs1Zac>{rr3Do#+gtG~I@ZdfBlWj5t66`&_ix9=-??p8
zF!W}Jq;G~V4il`a)mMbB)~Bs*MUyVykFGDDnJG2jXI1x233n#5s-LfP$J?_E{5&tH
zI1Lp)F~Z%|P@sF=tgesQS2{ht2`0EY-8SLVv@zgX)Q8&L6M;&HYr*(i=L`dynvi9C
z+c1$XD`sDb|HDXT7h!6PbVKR~Fl#Yobr<%?v}KrO`3lzB3i&Zu*sj<McKZF<vldJ`
zi+6e>!_2m+&1$}2u?@f1RoH^dJfNo2&&#(qKn>a?Zi}?fbYRG$lhSJ19gFQ{kP%`s
z*FRqLshbS2%49-6c3}R!_=rj4>iugl?%&g|Cp;@^_}C9v?lQ6FSdBjF`9KK*(Tsa+
zuq%%yp-$^L9yc*5TU3}6AfR#5g#HWPKy2F>N=IxShSAdm&Pw+bsX8u?G98_D1cuYP
zd3;gFbeYe*w5xfS$|dy5>4}i{XNY$DfM@i!M)fy%5n{QQg4Jfy3F&sa^(OP#*qMN`
zMR7vZ=w-Bd^_}u2(U%m8{S4<g`^nbc5!Cey&#$ec_bT<;={02CWZUUUR(I;+Wi$1`
zE=B}J&P(tzxn~@<1Zb@p?3NN+-T6czMoN&^yLxd}Scv|!mW|KYpztqntd_{;6Encg
zf0qot;DUQo@z!A)9jK4Q^|C?)>X;UaBERxbf^a0oD5?+DTbi`gNNAN#p9QB_&%AJ~
z?9sq_CxeL8brR6FZ_V1!;<?kB*J;q`T3r4C;E5v6EphXeW;=(c^=q;go@gx20}`S~
z;%a<{FowM%LEoWK+2Gaj%Gb>7ud~fh?MejNpdBHH!k>&R#t_582TvK)=%*pJF3GVu
zf)+is;f?O+q5Lb)XSVAUAXuZQ`U#s%fzVmW%UR4j>K8sldx@;Ms$FDt=tb1G?(2yA
zaH1fa*6S8G`p>-muM`=(S$RWnyhw0tZKbeKHtoS2UwwoCly*7mtcm_jtfq9XcgpAO
z92J*2w)eQv8AP2bwTE6aouo)8c_~PWa`XlD!{07{8Dn}YS(|lraBla4x?kzsJPA)^
z#}dfLf`^qlqxfrh2ylj)@JP<|4B71ihL`pA);9))a~gIKilcUPnwDh~rT|tfQ-#o;
zwZ$hCTh1+|7jHxnx%Ii!+00&B7nErD>w+iCXX#Qh672E^a{)RpBAPrsCG0hAA@t+3
z+9!!kqTO@JDSqPA=Pm1XBMu)Zf97Jvx}uH``iGNQazEqh&(BVw(d9A>C<^YC0gk#1
z_D-U^-0Y-8tsB)v$<>R{ZwU?gpRqkm-g%;NagZR2ADBFiBZNeJSw)MLrk2&P6?9|u
z&I`P|C7`8c`KN4w7M9cBMS=F|SqIpg<4yR%fK)2IeC9MNUG|G#m=>%#njRA?Dn0i6
zXs#-!2(kn7vzqWN@TTWCrb~<S7D_8h=M7>`XiIRlJ*oz~iIXJm^4DOf8<aC}8a}@m
zaIOJ{l(aN0H>Ia@oz=evUWQv~nWjUVpe<!+8~D`)x6;omDs@!=2l*Q&D@`j+?OJut
zyBWx(pLQQ~vnk>lgG;5x{4mDxkvC2?exe)aORsOOL!myDYp|O3WAxmd728>lv&1Xb
z=V4lVsFfpeH51gz>KH^0@n|~butbBl4L)#BVg1yO%>{6B5OgZh6O#NDOaJ9HTz)G-
zNzcOZZP?{xxeH9R|JUytP!e;@16f2G47A>V{``r=>G9XWj{~a0n}zl8*qZbCHLTk)
zmY+<gFBXFdq&Mn+er|x_aEG)|^tPqs8oKKBv-)zg`3aLyJJJ*f$iC4W#LYbuO+Mw;
zGuD31-hXg{)Q^om7P-}a*fGB4TKg{WQ@h~7oPG|GKR-0&Mg4B%@}1AbaKWz8P%vQ)
zXF8z4N>3ox>nUKf!Y;?E3(Dd<*FCS@425MqkCZ*A+42UgluAlVwqJZ~fr~?>VY3qf
zYBu5lmNIB|me|lV88K0SQ}2a7KMV<p+_DhR4-gRaEtvD9G551OP#*F{)3r(DN;6TG
zNl2vI->exDlGvEiv{Z3mX;YX+%~4b7VU}4`6(rjaO6OEHsFDQJlO7$5j-6&XeF%!N
zC|y7X=Nv?nIpSYL>KbsgXlzXZ%$;&^)=Cm{O-Z<>xYMRVhiB+Ts)OX37QK;t<23t_
z_~fiQeM0@D`lJ%+XeL*NyZ5^+<}i>+Utigr=pzy(X_%aoX&+QXBuYwe|5;YKAGg#<
zi^eQCxqYs)I_cQH7~8O_u6$B{=Q4m0cl0uQaL`#{Z@ppFqo&)u=+hw!D}|7C8%{B{
zI^Czb8vVWR9<XDCgg>y%jFGZtJcE+KcJY|Gb<;ilfcqUh7&R19ryA{{<NiVO#8CBu
z{g9G1HTIoL?AIg~`E4{Gi$fGHA$w|rCX&5eVpgAbwr<mcv*<=Pc_{K+&q+{AFyCW6
zl@XNcLuH~Mn`%|hD^~TQA;KxUmL-li$Em&Vh%sV3*_6%2f<8AL7z9nf>oE(i!CNr|
zwg~=*MwRyO`~NgGz54f4tl)pLi1};(`b2?en~L4>&wsuUVt3em`ZIj00kr)4B^O{-
z5F0D_`RVf$!7pq;3oZrT>xU29e+~Zq@t^<j{awCd1ODgDQpZVhp!>gOS*6^A^JRh~
zNMf9?`-_y`kXN%D;pqKbGamd<w&?2#x_XDOHmn$m>O{S;IzQp7fE%lWci_>qpyGq)
zc>Klt83ve~bkp!U?%fp_HBDh45TpO#%aR$p_T%(*===HI6_czU$5*(tcE{OkI=o7b
zrefBt7?ocE=icG)s-xl!Mq2&(tNiM$xPR!CIXE{9MLUHYM%z~N181SAmRhTcsjGKk
zOe2SH+rh1QYzn@rRze>`whBqvqd0ujyNO8Rd1V$f>2yk5cRfTnOZc_jO*L8YYDjoe
zq=(}-z+gY&W4)%v+AwBL0d+sBUEN<09Z-35l`9yEXg-@*QppuZm7;vRZ=n4lNx>H*
znPDf-Hd${5hZ!RjozTXo&x7iU2zo+o404AnV3vDvmRDv~4-}HdUFqc&3e?@_F2H1a
zTCe9(qvj8fWIw|Ki2WQnWwV;`KST_Cs$DUH`ke8cH?PQY=jr`dd#6^L(nc7hM1uQe
zf8_Y-g_Sc(Df_C<_;+9<dEdN3j-FdGi-tH{bWUhzb)ajm1!)}4G@WjXTnVtZO#9tZ
zux0zjr@YaAy?7vYi470S22C5_f3RN+QNSh2xWdx_<|QJ6C;XhvO2`YHWZzy_OX@KM
zdpc2d4EiGxgE_r!sAb<GzjFB<c;R#Kgwro0dRq*UpHJLaHjB#9)JNG@MbqOD`KQVI
zl{SYay9slFR;{v94oy%0j}`3wtJCSzjCXeT0Xg)U!aiK9b52=<!!0vL_DgNK;jUEd
z>?=r8Z~DFzpJxcL4u0ukv70agIcl#;R6DQaNniOXeE41IX4AAAx+D%t2#73=@3cw5
zqH{VJ=;vDaCMlW<^ORk03so3`^@QE}cAqR3@@Z_n4Oj&sw=hMY{Q_O{<ZtzPU=Wj;
zVd%6C=}wI0dl3uKnud38X8JyZ>YsT63}8O@mxEpWyIU!KWengXC9iAzEZ}lqzf}50
zMNGjtG^>vdGg*)+9aRPj1>QUFm)Bc$K&;c-%URZ=oJza<g(hzq8|v?({6G$NB@eCb
zF{F3d2W5kf3?9WPc&JS;iy``pE`;y3#u^Sj<CgN~?~UUZ@VSnWD`;$8|3_ZRw_>S<
z&7I3EP{wyi8zqmxSCz7I&!;LZHu*g9C%dvv`PPt2ANF^U`ykDsq{e}Kii9YK%fH!Z
z1xCV(eH^-Wtgd*!FBwD`D_XR#W6bq2mnckWh#t*%?%dwI@;Kd_0hV}mkAO#%kZGl+
zRBeF}xUL;@X@}?$%sctH@0<w=2Q~&+csvNiTa;ydy-%!jne@6?OU^*FeGo3(*(=|x
zd+*IRG?T3ge!GnucxC#@61VGXj83Z5Mnk`=tZ-LcW@&rjKM@ee4UQYF>Zm@&rH+6k
z^02sYvsa2FuDMWEUgm>>>LlaJi1+rSU-tW656xH_=Y4p^caAexh>Su19tksc7Ed@m
z%+jLt=dpV0%xtTMO_#5%a;wPNQqmBb<ucgaBk8VWrf4aMxxFw#j#Vvxhe;YOm1LFm
z<u!+U3C%j?8k5d{8&)ajd#__5J#-tN?A?%6V7}k;Mw7xPVk+1_Fr<}b4|d9qI(`at
zzW4qnuf6NHDfZU1|J;j;aZ2WfoIm<gpg!BS!OuX;QLlf3qtkekn0UZ#((AnFmW`~R
zDQcDC3?783)v%N<>n|KHrjTrx0j(FU=r;STi?aKW5*@K84aIHEav*F8US4$*GV9jl
z>7<bEcxDb067%wkC!*gfwGF!Cv*nY`E%6C=qD|D;de;#W!Bz0ux#(HH7tyI?gOU|&
zc7GQnifs3?9AA5S?M)V8a3_2E8>SV7LFFHxe>DESW-tC}M>pnQzLv_4t9QfF4G1gI
zk6ynS)zUo6?wgqdWCj9v|9yP4r*y`bGk>8@xGq^iYo}W|AMey|P)QuvdP$nYxn#TC
z011Qa=8A#)ki3(#_+hHu%BbjF=R&*h>4?yfhO9PJg`D`Obq#XQBmozQ>GH_bDzNCK
zAd7a+?bz`==c3dP=EcioJc^%@pUG7qjz{qGk0PRNK}Xs>c<C}k8JYQpw?~*EgKPmL
z^)Fzl{c40@LE4i_8S1%WA2hi2G`JtFXEXjif6l)Z^IcMsJ*fda@GV#wNF^%~etV2+
zN3C&To}+)?I$c5hu5`1I%s@2k2@UUnpf-`ffA&WT?fVAyt;++yQ|syG>0>rz*C<7}
zlfAscFqmmi?xv<ZZQuiIivyomcyjB;ry|S}HTJBpznM@H%bC1|AK|K52MbRC%MH1I
zB+G;v{bxElH|N(*-MV%*=#$-jOXY8EcPFp4k&f;G!;6^qDcL+`1fmC|AdMJ;%PU54
zms92Gaq79h;odvTI1LKLS32GHPWAt1822w($jE_jBhGno<~9G6dM4Z_+2}!7n#Z#e
zYG;>s6qS<<c3J@rA4f^{*&cVFy$|HsBZZ@O_dy_u*6l*~ZWzosuk!r>2&8@ZU_a2z
z28q1vN6R1s0yPVHP{@}cP$&w8Hk9XrqzYOL%1bmOWSlo--Sz{ex?q>H+-ATC=LMtQ
zrCVtBb>)#x$Do&xb#a83asX@>`9k8oM_%Mly;UFGes`wr;K#Wv_T&Lsua(dJs;1=%
zf@OzVYYkaD6Bq}%i(`{?m*v5zp<g*(P>;!9SFKz$nA4*G7%~^W04LewD;sL###m=!
z7W7!Y`167D)(jM#zv}D!uZt?HrGyswbGV#V%^m&zmX2@t3)|sZd#`en(Ol`P%f>HS
zFG2_!_&HsiLojf^h)I||F}EFV9t=q;@RW-hM$^xm#P(J;Fd`+0xY3=Rzt7P(xj*kz
z6v61=t+j85Sa%I-DukRbhTm?0iq}%XkWQxEav~x>HUe}7_JK+5kqaj>xZit^TPbJx
zX_&YDz4We9hZg3WZ&qpTD_?=3+HdCl%o1lmf{w+H2iigm+<^n2h`#o)owg%XFhUwp
z-0I+t5Z)sG8X{W=13?>17eJH*`G^ZeZBgS#;Jt|)rdrx(r;VPxjMgO3tUVQICsZA{
z(5Lu`ZkGTF#T`E8I{9pK+0(1c)v|8*DLi#1Z1`hHRR=#j`J|0VO0b*lQ?dRJi{=-T
zg05W0oP0BtAAy2`G?(`kQk^4?>?*nWu*Kx?@PG7noU0pYX%QLVDBa&^hn*t-jB;y2
zb6Yh%j;FjGZwY;m5m(V<!GE`XUx3aO2d_=vMP>79AXHXlFol->c8<aS6tDKt;Oa5&
z;O6O8Lv!D#erWsU^IpK!8Zmpz!zEvPKdm$({r$Z9QsPIj4iKs|#Bzp|cc(&amx`u8
zcKUxx&UI7gCA_ENHqG>Z`*@z7*DFPu%H{wWc`B)?mp!E2GGkgJ{H4uTfL!r^v~upp
z@NGz{4O#Ohl?2;%HOcBh!ak@(gDvQ@;8#s5)Eye<=(j~@=)7RptjB$-z}J7h7Jm17
z>>o-CASz#93Y7E<_*<Ru!3@&;YEZW)qUbPkYWvUvx)d&G1F?eye)!+9^*>Xg|5q>J
zgsRJOqBQB;+e0Bc{RDu&cv}Pnr1Xe(l|RGI-M@1CRxS^S{o5&hY*1TP$0WycWFo{*
zt<$8korm#`zIZmqH~d@QC97)fZMmU`)P5dVk4%nIjXRTqGFRqMLKS<K+NU~cd?8nu
zC!WPe%>Eq_v3gtz6MM%981W8cI4uk)3(*wn`LJgH1m1lL$7F%K4HqJo9rN_11H7DB
z#zU?VZ|u*r?9Y>W(RKNqdA+&4#oj_@t9ov|bn?R$vzWb8(eK`x#r8HSV*3s|b3c*c
zgAclOL{w=OEF?UehA$8WubFQT#$R)m+0VDiWYVAgxFn9*Vs@=Kx;Y#qaWoVv_pW(^
z*SbOnHVw0TvN(KAd32fB!GOag5KqnGtlAnu^*uM4mAO?;u5w<q-&=K3&z*s2!my&B
zUwkzgLGKF2KFb-iPAycs;8H`;=`Lufv8g@hs3&i`{i86pXOdVKKBS!;Wx#KXUdfkK
zObW6POJqn4`bzlCTKM`^Xy;xx*>i_;OIM;#@UN<~f~<_M8wt&1j<S&vSMVYtP}s}x
zR36HbXGT2kUcJK4fo-_YNx!u7Hj`WCmtQF@G^yC8aFh;iyXofNP#p_X<#eSvq1wwq
z@wG^fjqS%5YX!6L!H9vo9G=f+ETgS=V<nKDK(?P?9ZByTw8gv|ycQmOo6_Hh%wBK%
zf+iKac$bI497NApZoSlXYy9N*IIQtCfteT46F}<Os79OtXF|)Dg0=9<JgtD*)k?>T
zy>NRqo_C=H7K21(+M-0Jf+4`4>u26M7GaH`?=fYF2P=FpAJks3<evTIjIZ@gAbv@N
z&MXKNq&xt&?ReEgW?ii2VBMr&?dm18krC$f|Gi2?nrCiL@yLD>^MZam_9vMJjriR~
zZ;=mwu{e*okGz`v{Z&nbFjEYc!{5y%#=gdQOT+q;y(ia;vBRR+cJn}=aOb^_+Rh!A
z$O9)KEKwi^BqfykBHU0SL2%AxZ2CsjBave@4%iKsu^MUC;XqvP^zyH%7qyiU;l!9w
z9zJE^%;b<wcaj>$C~sbg-*eXRaeRHL5$z=q-Jz=bgED-geN0i+r*CV$de@iIP$Q^2
z3#O~N(jz_0yhmA8GK!U|*-5dEG9(NglM#3MN<n59U=?1aVc(KEciuCQmiI<>Ew6k1
zw8}Kcj#5x4jHP(!i<1q@Nl5In0>@>w2CI%c7Tb%lTp;)*sSY-CprH%fY^|~fznw&U
zVPOl?hWhMCGm~qrdY?n#6zc3Ch%n7kHpFVrpxu$!2;<9GApc&Dxs3AoO~0fdRo=zn
zWvIHZA4i`X_LO|v4y*44M#_C){5BRLEE`;CIUh8jbxF=^TJ`Gk=ho~u2$#?{&;^Lo
z#ln6<DtesTLZrJO?Y2{QV*LQq!2RS~73vQdM9^m$4Y*fz5?Z_MCQ-z1me@M*V6SFd
zO|U9b!0<Tw*hwF4=|tnSkja}zV{sxM0dKHR99!Q*#vg>MK}824b_?(UQ0j3H+_I=k
zqZLg6i9?-FQUhTdq69?&wx>TFINE97iH0v%ckYTQy_>#q4v-=bFpHNAVr~MJQ~3`Y
z`N%sqs_+fCwaYlH4L7zOw4UEF?m8g9bU9y$vAfkp4zr}?DW9b&PFF-D@b)RDw|7uG
zri;4b`S=8_io^49dI5ZO@~~G<rknhB_R8KCK-i>JSzon?PlIEpuf5o{(zn6KT!)S>
z<wkdp<|xH2Z{YEgG0F7hYnZb$bJzpWSu*7HU`?a-d%nZF%}-gq<m3t9$luKPs297U
zznk)V6vvpn!(>pVkMC_}nV3K<Gv3`?v&yZbLPS(k50WucIX^cm8PO>73w@?B#zDUT
z;LiE=pkZOJ!3%!W`C!?8JERWGAJw7I{#a7HbTss)qWQ8JlGn`s>;C*0bJTbF&`#Yo
zLTir1cn!~sxO$U8Z~9jnb>9Cvb$u~8@0}bIudF!R!FOZ#))bfh@wU<k>v(Fcr?6J*
z%gEn+!%bB3aK-Z{AA27Bz}%LZt6DnU4?)(~5Rc^>qeZvG_}-MF1xc)}@rsBvrC))O
zEV=3Hpsjatteiuf3EQwwu>rUDhjeqhNSN3I2}}Y=a<txjaPD8`nq?_l9&Gi+5k)9`
zFxoRjo*elKym1BQ7F7=Qmagf9LQ>3A6bGK^GFE_9T`c<wllA`$-#M4g4{v}}euVbv
zOc=d=qHe6*vYQ`jFm^mm!G3Pg>K=R+8laxrMChJa!A?Ljd*>Jo>O1pZmyfdn9ni`#
zc?zf}Ssrl=#FP(BlCdh*<=5rw>X_0cak&p-o&#j~QBjNCA+_={^%>vbhI1*x=nZ_q
z-k>gIUfX2o=x1Uxw{wg}fV2{QGW8I{p^mQ?CVc{x-Pkhu?sXhtcG!U^Gd`tiN))tT
zH}O)169;$8u+phihjhXTnZOdR=h{5EAm-L8$E2Y#f#s5l8K^a}{v?rQ(AH0k7IQyC
zj4)vJ%Q)3guVS4!;o+T3(#b`9^jUGqRl_C=&u%LaR*TdjOa9!1%}$|KJ6M!Tp;+_O
z)JCB7BcluLSh8YQ7eCG-7YZynooBhQqhKFny}PoQj^qfO*lDhc9aL0)AmFt{7fMVG
zfA7VVehV^$+q{ZrlJlvymWxp_G}}3@#+PDG!O^~U86ybV0Hnx8fEBx!*u-weGx?2+
zBCo}j%VuOJ#lEW@%8+@oC`5-U*lB07l{PPu;Rabi3FWvYww22mIumI`lam?REy%zS
zQMaIb{*~lLUN%Loaw-3Plb3RGb_1(#7AbNGW1oFgPFg#V)vS#X!EG~JO6toX=nct7
zt?+(?Cw<}S##pyd&sd_mBO>AEs-!aCy1-7wIB;+8&{;Qy*#`-qdu;7$Q#l8J5^b0I
z0tIiKgT^Q187-HeN>E?p8<w7JMw~(-$y*u4U7fHM-jeHIt6~f4jGI7oXE$(~o1R$O
zSO#XDWzrVblhTdT=r>%<TrARb8M|o=lG9JXB}SNr(gbnI&p|`N1Ev~p28QW;q(t<L
z9*kK~r_}ZZL{p@}5!+{i>YVHsY<Ul@I{2LH(S%^{&o)PUaujU^Cr^4I4O5DIp0=gQ
zH&_0A%4C6&t(NcF%&OY;QUtFZFJ;{%GW;(b;mf@vE8pzr@ojx?x*J1$Sx{`s!pxW4
zWM9eRugtXa&G>CpWHWx=)(yuVwV1oK#1}OLFV)wl<G68tFWo}Bz3?x&a7pfwiYR+T
zIc5l8s>zubxdN;mXKk7?TMRLZW0LlQ1M605>)!_oXF$qOm*IIvTQ<6{i$h&|$&El1
z0k(z+Ayr^7$z0dGl$kEYH!dlIORDe(l>8onf9u(3hr)4-`|EIPX=~<cr{alFm_F5%
zw}GUhr~)!Boygqn^@|viuBD59q0hPR+CIBO0Ne>P=@H~kX1x{GWZA{xj<1?J<+Av#
z>pkojxf=MO?n()5baF{+*#U+Z$Y!g=slg|O3Mc+ow86ET&MmFk-X>h7?vy^x^M$)Y
z(xRWjK%Q2k;6F)&&wbnYPfM}zK3l<-AUg8_s~wo9{G5H$Rdq|th^z;v1|iAYH0MRe
z%AEX{;R^B2KD&X^8SU$DdOmI2=((e1{Clr02gzY%3p{%bHiY~}dBAW@ocgy+<Rm1f
zWB67D?46Voy&?<Cu|G7Ww9Y8r;;PO5E>!nFgi1wA*0}cY5thl>ePq#K`y56-l;oox
zPb1|sr!<vGO2&5kgos+V%|~!f6Eq#ti=?9oD)JKo<^K{X;5uc!nX57laeC+th8k$q
zz}NA&`a!_p8;Wz972JTU9!a(wyc)qTicO>1mZyZaHnro^=ipj9L=lY?mnvS6o&TsY
z6}DNUu!W>q7cm(N+lz_`I_@rbs95gXg?;jugJ4l%?L^H3T|t0EA{BpXQ4GkOmb1G$
z?yO}3&tlxg*!R8?q&B=yk|LLx|84Xyicd>FOnM_`;P@=Frq8ieoZPA#vD|4yHKub)
zZjE82?78OS#Db?e3s`jw;YuQjxGX8zIlR4PE_J#qiX?=I0*yvK#Gc$_9<7?hE5_GV
z`)Us7*N-{)Z+2(HHDda%2gW0rwVz+s4p)QMIV}%R0Z5Y5VF8@@ME((bqhdk|)eoyA
z<&Vm^y%^ySiYa?y0u9S_Q+3-_A?eu#Cs#pQJoIYS<|z^llu#an6y}BUIhHoUFtj9Z
zGwaGma}M@<HsZ64fvBFyo7(V^OdJyD8?M1Fa0SkpNfs`{B@JMY_P7^s1?@t}zOKgj
zQAhROMVL}64tFR;Qv%c7j5m(*GFT@z+N%<#jk?l64=GovM60m(|J-wYQOAuvegHWy
zL#MwIWd>S>w|kq@AC~xHu(nMJ`aJrv-;g{3I#ydr_Q=KjsWKNDcA2007Efjp3)mTq
zcC@n|lRK0{1OJMl+*G{=xGao{iyt6j_*2Xy+Q^d=)AiVu2susIuD>I?w;c9k;aFdU
z3_Dm0oxMOqJL`?6DW3Y+bhMg$3eE(6t;^MGHdCI55#Z?n0x3mr;CuMKGYyqm-^bKT
zl@SVq{CQmkB~ix};6b#V=Xb^Bb&;OI8u}U3e)8p1vwdw)p48%xa4YSKkK`RzNy=>F
zCJFooZOtMFSkSA$waZY95Ew^tgenF$I$S@U-^ywc4fdLnq!=BOwz8{KjrFJ!s*M5_
zR}0=Se=z|FQxMpl_1^DZ#^5kcx^e-s>pL)PBK`=&z3c1Zq2a6I!dVvOnoyhxaruZ>
z)c$?gCCaA+O;}fEebg2pP4u!7f96{)dT+)FC568b@juhH%#Gv7z*o9R4i?Q=7q37&
zt~4*1q|<BbYol04X{;=pGWjy<(anre!SjWMC6S<^u(oH^^_?Z;z=_aBD)vw#m`)+f
zY;kqe6}Vx1Gr_;;T6Pe0gR9QcX?*q*1V=3WJo`353-Z!8p1fEw|5AX}!0TV14QF#Y
zva;4)Xf4men$+9yx7}Wop6gm$Z05KTea$>V-;iXFGrP-b&&3?=mxF;OmY!A_rIv8#
zY4sJ9;_N2B6XoR>?3eyTsbioojWza#Q*}L$P)bID$yRLGyr2lr?dt}3_)@$wI$80l
zUvFeNoca5%m&JJ5<U~qSM47~#Btd`p`ue-yRqTW_36hc{8Xxg~Ms|oe)avW=>%>)^
znxt~iFI(k2UJ{cWa#WE~lHR5gU}xVED!8)Kh*H?9CgLG@h@e$O%~j=?Uj9(Xmt;T?
zmFlk@%{)bU7s&!9lBz1bFw@ukq|1(bqsttw{<XzwIJmeJX`E^@&cjz74i9EGPvOIa
zf+E;#6|ZHV_I*@{aP)Zu^i1((|0qAULZ$q$YZlqT2PcGYj^E0t&lp5;CYm!f{YCrf
zq4N`pIpo?_@8J2JNEUYwBA>yE33sK|M7(iKWHN^eI~rqDP3IpmH{G1c0+g4ZEQiAj
zU%8=_+ho?xpzWgeGD{?2ThWGYkYadf6sTD_1)pp6JJ8rf?Xu+8@eS~7#$@yUDn^Fg
z-|sX-tC7UVW#Rm(x^(Zcf(dP%RYyjI<J@-=B+Ql?(WjW?s@<uoB#5@pd2vk#S(>C(
z1|<_z>@^F1wk{v`v#;@6|A@smu1B$RRD1q;xNNu#y^5zsNl8hgo0D3C!z@ko>upDv
zdV8Lv7%BNvD_zhp@9?@sw1$`ud%UDr=&<w-kE&O^m`khQ<3~$r6iP!95BlfjqY9st
z`sy_-E!}va{^ZkZ8@JXTtH@Vo>9nGY1MSeWcxaV|w`_PYb3av-!whm!Hlx@EI!rvS
z#;M^`p9Y0Co9ik0p%gC*-wD}Y&QnFXa|~K6mbW_kxPBz7CL24&UAd2IsEv=Sa=GRb
z3mUHV?qJ`Qo~^%B^&(YsNY<fTSU4aFLoA1SVyeUU0iz7>GVgE12fyQBv&3O)IzfU`
zNco8E(&D{lQ2jlXef{UKDNrOmeKQ`%JheA)KS1PY`aGihDGewZQ$RdrJQ!od-@LqM
zujSGeb{-kSwZ^Hh3-}};4Qx4mj%aa-7e@|r;Eali#p4qUg7##;4>EcWcFo<5>crsy
zlp`MR8Zb+Wd#Vde>7tQ*_7b*DBqTVqikpq1UgTgxI4;|dM=p}9@aVS0xC7N#TGvgc
zUA891hN%{|i=i7aQvmRU1Yo)!N#nL!{>pV*EH;%QS~3Z-57~U^kyabP8~qXOg(@4o
zX8T#+KV#>f0eX@_gWOP4`yl(n9@IC^dm3}Rig}b1DhWVm9#C|uA&GN}G|U93YAP!l
zSzF`amP>10v<$|j)@kDE+7-vZt`~7Q#9VPk6qUcQ+yibVa!C8=w*wJ1G%3Aa6L1T+
z4Efb&p;-uV%f`g$J9Z&C1+1lW^T$C44;VaksTkH~VSkn_yhbx!f8aR@U9It))HGrt
zhzdj(za2hjdK#Dej6a4+{gh{Y03c^2g4?v_t#1_0W`UT{@Hz1)<GB^Qa2r`a?gvyR
z7sU6x*to_|?c^+<ELt&eis<rrh&&#-5zd-eBnJ>6AY^>K1~x{T3k);_a7ilZ#a{j>
zSy-@b%}pI--UpRBPPc})bH=@p_+4Cy3Oe>Hbo?eJj77z|A#IV`O^}QZjKW71k5VR#
zx&p8e9cDnv*cWK(V%R-m7kITBUtj=kbGANHiU(xj5CF7EZ=aLuZQB8o-+CiG_~)gD
zau3i6TRozuT>W^<fa*61iC9%sLauNge;;J~AKJ&=(BIwY`<1#{JykymSzb}!r65We
zYChLnS6A;@S6{DZzAZ~uH&^R?&E`Tu&<^*D3grlacVwvA0!VG3w;e)~)tYhco}~PG
zUoLz7rr53-^nePHR-0{2eP<$vmW7ne->Z!YU|ql-nFyaDmXqrtx@e97_?GWor1FtM
zNMrvm2H}x5**=5|xwdjjmscNM*4h2kuALewcIZZj&t`}8fyTJ5?ZK?Nx=qykX`{PW
z=#Id8;H^2+C%L0nqA!}F$dhfpDk}X&44+3_?QVQ0*_Vvj!nLZZ;HIRW!ctA7P@|;M
zq{QXqrpT%7bNp!21iReqO{^w~veF~+4hN06+q7xK=JC@Eo=T`o0&2Bh!+Z^5NHXAP
zZ<qi$6GI(StBh(V_u&__P~-h{SfZ#N^ojexhhIE?7~F~!Sq-B|V33FxdxPTXC1l`-
z{4MkyT@5nW8zR8QWl-Yajp&=cy(Q+aV@Mui8ovv1b5N#XOoRqSpLo*~Rj$O~9d0w=
za(g&M2gdllhdEZhIAuE-a_)6A;!eRm_>&g`^l4oZ35BJM<u}hB3`*NeI86;H)><6~
zao<xUCo{KsJwbofUt~{z*+n%f<bt<Cd(USwB&O3s&I(Oi=f+9JCLA)jH{alug@)od
z>}on4n2hY^YQN6;;HOojO9=SI*qDGu%k@@{_nR^)*!G62OocnmSB>hatZbcew=fiD
zjhm3+l(}CpUuDT=r!)nB#UoE;Lw`A|+9=k-C1;9waGA7l+r*=yr!cBw9~+c&!bwFx
zFH9a0<gmxQ-Fu}yNYpYxUu;bu%6a)L;u@*CudYfMWZ34{9^4YP>jwr>YxjillD?@c
zr*UDAE4}_0_WYGLFyerp2?||Sl6wgN)P!ah@0|^Zr0=~&UeRx%H4at0LS|@E$&=Hc
z!ehS%lO(JK76CI?B7@=@K6h~qqXc-rheqRPj+N2-AX^PYG}NdsG0&TJh^{<6esOE0
z$mUsZQFbSxgB7{6beXx0z?kQ<@|Le~a!(6I_w_v68930`ovUDk^^JA(Q(b;*hyha1
z+9lC!DRs-}Qygb&5aYT_&91IjqP`{G!N92P;!25(Eg)Evv`v5f9U7a$+Q+ZKmR=ym
zs~MmZi$!KB_~qRzP)kY}j_Rl?F3YtXHo(|E?=1}^`XYFiL|2fKKfQ&9&ZC9115i3&
zh(KEuqDc1ESVlZddmMib6e}QXi!RL&wU(bf?BEWFTCQ6<Am+3W_(Ot}B^U10wku1d
z>aBn0rN=#}IJ74;giKK^n?RJxP=MBwa|oYiY#?v#M(Mh}8>8Nt7KFs_2x2hT<m`lO
zMOz+l7wc6a0U8$WGAKI%u%S{d$As~Yq~LTR^xQpFPKzB|JQpOH+Fmj4Lc3$<>%5GL
zd1^oLU=EuJ6?AP)gDy^l+ga&;%0QeszGh5Ldk5<kj_kGz((n+O)T1Mmwv3S@SrNwN
z;65@oC|WTk^u)mej0enoy*Dnz)UF-qm3|;``9Wd!<D^A*2;jwO%(+$e#f@T&vJYo0
z5rer>Bg4jzOQgIKf$e}u2+jCwrq|w*9y$r0-hcf{{193O(!MwA)(&#P04`|#4*5%Q
zSja_kPx&)k9lT(^(61w7xPO#LgsOEafL0J0F4&gW;%6t*XC;EC#h!`9u4c+MBU?e$
z?NG4E26;NNvYN&rNVsZ~QrO;)_h-+fpdk4EcMQ7n%JkPwyvb{mi0~^pIiA#l<jgIp
z(Q_F!za|PIZZ`%1z|1;XEntrLCvRR53FGy~K^#vIg<pt}n_xjHtw)~2c|CTnDwY;I
zCt*lRK;e~iiTfcI_o$>~9Ajyp@0(L5s-oYumTrry?A(QJ%WE9u?`tnEUdlO7b!sd9
zEA?vu?@b%dgeGIGl?4|z<(u~$kbut=j2CV`CveF(yVdKBEW6)6i>J&hmr%o3S}n0^
zl$5d9a4D}0jMtzvej!S(KUP@X-hhi(dA{v<;*~0rtqfIA)Co52<KF6P7uJ_5cpI6B
zTrw$lhO<r$=2el(zLT>%TzR-&G%o3yz}CUWKr?*VQ;GRh7Zy=wdmB`4yFY@)QvEmC
z9?y`q*4ON~zMYGrgZu+Ios&VI41G*BzYLiMq!PB3Uk%CbL-yV(zcjI(wHTgwOaJyJ
zOiT?SL$B4fY(?{0&NTX8AvpWE<jkmxdw1Bt6<2Tc&nVP4cw_JJQ7pB(s%G4mNw5|t
zp?Gi}H#d&04wR22>rIi|TAHYM$#!bYrDk1M^Tn_1y~hNV1F@iIy-F)Ww@)N-lT?Dq
z>I#0&O%VXD$sOoK9QZ-ng<733r;HPuP?JK9o0y_VgO4oM$>`0_X0PLpLdeqPQiZgE
zLf$~W7h6xs&3qjc-dOfj*P^HYb#BYNo`<_PuV~JC&cR$2U`55LCSEpzCH`dzNN1Mj
zew4Xu2cHe+BUf<EBz^pSiS@POuoLqbLV@|VksJ1d1kC89A*v{1*s4j>j`;;0z7!EK
zF!1lYE)6$#;LbC*66y{gw70j%bzyf`+wFN(oE%ZX@pX3YO^qo(`0&tA%!;B4yJlLL
zW8pv>))Jj4g18%s@mrX)6Vf-}X%;X5;8IYjQDM_BMOdDK;#q~>uVT{#-wvhkja^Q5
z%yg!IB9FwVG!~BqVoQp>WyA7U-dA*hKXIoEu;;Nch;^z8>!xa|QN+i9(e3w-o@Ulw
z`Ejb4`bU;9_b59%zvlLA839wLe9Dn;AEc>Wo|}#83v4N>7Ht2BTpaA?_ZJk4amh&L
z_BjD2+!Uz<Cm?cTYF6|n^_kD$a{0*xV#U$ZKg{;*s}R$f7TOWkGyUBrpbHLHi(oKz
zfirBb`VlC#BtX6NY@D_SY2;U3Q*#Bb53q;o9|&JIu2ev;1az+eMycNNQtj;*(7B;G
z)&frd#1e<g!0^(tMOl}N{2GlElhFC;bMd)TH*zB0>p`E<(aOcg_6}0)bncuR)U6;f
z5qB)UsVXi-v(BYs!}|B&w(6#AvZk`?(RZ=zrd7hyiYbr`=_vD;h|m4GxbB`9b?`1s
zaq=yDbpk)G$9cFkHx0>{PzH0554)G0J~xf3J3B5w4JRf96r{(?o$MgMp&CC{MTYD8
zr@F9R*?i7OMud?pIDZf<XDm}b#bR5S2*!aY_(WojUsTTd^6*inT`MzOZoSXH%<zrC
zEL+#@A_wM^Xx283vgEVB4&*~$EJAR1KxFqpe}uvWe#DH(<3C5MgI&WrLwMA28i!af
zr24uBGMm?}X*}`W)Uj%#jTCP~!Ha=zLobH6`^a=xu)nY{3CYi+oOK<{v0d|t+2QBP
zw-ui~b~;M6;cCH&A7TwI*Rter&UJ6RwD>#o^wg6ndlut8I~5w^sOQvhLp144(yHrL
zbxGzw&n0!7VK6=QDb4&2dWxvQ@H?A`fK9xg0d01`PCahDZd3{g+Y%5jL~BHJi1Z78
zZ;zLGp@hEiy_M_!@x=y_QF(jmL^jyB9kDsb$z~IpFzb$Iu~ZVh_DG2;o5q^E5BmdM
zJhrF$ee`%nw#h%Nj^2dma*(|O#6cdMjT{|di`IXo1Wv?|yst|#y>unjEjYE&&^A;a
zN0^L0yk>g1BItpmq(o}lcMXP2i1{Gz=N5XTh&rXXxd_L3$UDH6#jYr?ci3u{DzTq<
zYt;BA%5I24Cf-^aMyRGIg#U^s$2Pkrl}Hzwn{-o~iFz?8*UZ+>c9vBzVwPCW_BMu*
z$|MQWG0wg859dCjv}kf1;il#xAMAF1L<)F|g9c!^WCi3wyDbaq{p?qZkc$)J2K1lB
zkAIs#K?fT9rhNYnmkAAJD|&5w^4x3~3VbF#9jvi!HE^_p_}?Eyh}eOp=Tg7E-z;Bh
zXChCN3heQ5+H}Q9i6v%fL@*z?A3N2&HgJ@15~zvHQ)Rthr#2=TE!NT`)1$hU!5zMf
z-FQ~xhHeK@+Eo(!9e>IQj80^=QNsw4K8fzlfuY|5IcXy+4|dcxteh~}afj?_Qms{b
zDbtKsy(lv<{7V@Wx&v5*I4})%j^+g(Q8HRted?!TS{Sq+?2d^vt74}ec|2|D{yAlC
z3LqEX8eO;!M^?n=e04gM-dqZkdw<Nousam67&Z4(<y=v|QPLT0KKhD|ZMT_v7veXN
zz2O0Lm!F4g(im~<Bx=t2@;Vr%oS%S_Yj$XLgf>%B6>HzU93WIrU!TF&!|W_J623hD
z_v7#XbpH+e&+q?y_yvBtyPE$i>qC*N=8zz5sg<bbPO)gZaDn<Ky$|b%-_HNS&@hlg
z)F63aBpCMH@##t*$gWj*2x%Kih&yd0Gvv#Nk*MMvDlnL5-z-)!c$I7v_&y7!*dIpT
z4+?#M*dBHo?I=Z&pWehn%Cq6LVHUH3Y;$UmA9%icspJR(>0a-xdZbRKdUi3Z)icC1
zvS-1#lcdtMIFUSkaoAYq+8oBNgq>?4dQ9tgCYGm_SBlw-GoVW4&rV~J>Kc@zsj4}t
z@ouJS-0Iq;n&K~T)i`YpCbID<T>3kUIqWF#k{xp7UW~D1&T?mQGik}FQ|286ce9I1
zPzCq8sE*_2NYnVse9hA)G1ooJDfyZwV;;zYuf6i7e>H~+na#+Z#s4K&H=mv6eV)`8
zUV;B&ijq3Z$+V9I#%pa=?I>J^;^K*8r5LAe<34dGsj7)e{Q<E8bn~=vCq~g?mbg;c
z^w^aAIdXfVccG^5#Sh0Qzp+HxW>YFrPw;n5kcb%?^0!dsbk9>73isq_9wlC9lM^20
zab?RTE3qDW;^Pw~d(t^26B!j*YR`q7jmtB>5z`c*WTcpx5M4aq2VX_~#{C;IVA-NY
zrf%2VKpRrz)yQ_@Mcw>>T7MhxEi`7X0=1SIFf^o(3UopZysLFU%!fK;4Nw8~WI_K8
zjHT04?OjL|>nQl0we$5v*|s6%vd@rsKC)p%mU<mwPUjBY^BbG|o_*YO3S9T0N)#&u
z2t}pF1fuB34;((#8=a~`KWAmReY6YwzTcbMo=oL7bNtOdnIt%;&A$dD;(8-hkf+Hg
z!M$VtviunHj8d1(#{<>Z!0PTmC2na@J(@JV$|)yz%cOv8nYp(?3Tr=|+J{q{=5wW0
zKG@aT;|<p8VISl%Qt1zmAaq28BiFv(k-3k|)0>|xB^@1>!=80IHvA0DzFfp{BPpwC
z-tb?N^dqS(xFQ%;;7k;P><4jV*hU{2<>%yY72#!irf6lt-pM2Z<`VnJuj&*xvsk{-
zD@Y{bF5n5|5HRwL7~CI$Um*}}z1IRBzaknUWTa1)JZ+O6(T=uP<Y2*PJA#hSzG@m@
z*>_09cPLmG{svw&=;rz3qo9j9V<@Idpz*iMhvBC`Xxzyb$iE^0GK~xz$?rg^^hg+?
zc2+?kHhr&ihk)ZO#w=-vox=76h17@5zExh7jD;uF)?!NdaO1eq<LvpW4yicYLo1FY
zk&;0B-|GI5w01}nwPk}El~EOE&Ln&8ha7Ns8{L&GIOeLrnWO4Aw?T&qyrcDz5+>3x
zj4Y{a0ZFoyNI-kW5lVasPeZ>;Z6Z1|e*T68LSp`TF1u`>y~RY+qcq@%x&P+5{{*)G
zlca@s03*a|TK$bb>JMF)1<%t9EUar5#h_CVh=D&EftMwBWRg|@#S&DPXKvRcUs(FC
z)5EghJnc~%HNc&&XRfji8c>;+5izoIvV7t_5BcA||G58uwgligNYdkfnW=k>)r#6M
zwyn+v2ct7&B@sQ`lkHcMgGFm7NJ*Q$Nsst>0Bm#HuAr!_#ReW#BJAoEEH+-T#pkJK
z+z*8z{~+#qd_K}ZPk7h=g{ot8q<`}PykZ^5bFXglS8oFH<QG#qBBB|-)xOf3^$5Zy
z2s#8595QXRF463Rf>y8zP*qt>0t<ve>|Gk#2eWMH_3sm~0k=V2;3h0X_Gv795|RKA
zkc_Q2{4$fZ);l=AjM>zj(6&|JMuB<5y`KY*6w!isYg0o;Lr2u7PU5RplZ*wanR+--
z2c}G_Kv|@VmmGa4AeePt5?%3eBUP6!*Avp)o0T<fTwy^vg$cKRRN2Mj3FU&=vsrOb
zs1%(S6t<Y^+W4m)wDJ`r7Ly|WRMz$A!C2e=i_Ws0Rx%QoaYD`4FNo2uAiFYtA9q`q
zqEt7r*czCX!x@95@7&BNTksH}=Yk_h^a>tw-N2=P*WSu*VO5(qfI=dA1bmIJ%G;;J
z=>)&$vRu;3JHd=(V2>vrsF?U6$dUk`(=PPT%A%pWnY%~a%L^Fhj!5G%FkRY<s5eF-
z%1+)_7~~Aq(T0QkR0pHR?<3-Bg3wF5WuoxGHCE##hY-FJazaV1lON7^CF9ltk0O9v
z@3_O{^Y@uv&N>z4#cC%(Vr;|i(!>Xbr^D%Yxn~a=8D2Moa7o2sH8+QisfG@J|5n?S
zhAR>Ia*x=Q%Q8O1cQpnGF`&(n;oHTRS2d3y9}#o@>O+h={T_$=x!MDk_Nv`cvw<0D
zFCj|&I6dAE&GKrUL%I|6+M+#HUCCjmhA?kIzvv{J>GuTQJ!ta%pU=SQOLWqA$${*(
zj;rR6snu@bS`1DnPbm7@oFnNY(*889eTA#YxJj&Tcs^vkN8{urh%~&5t^{za=NU-4
z*QJpRmHLiQ;tDuA9QSPahv+Fw+y-+Qrl|BPm9}vqY|%(AFHHak2!>1eo6FAvPdv7^
z-1km}%Nkg^oF*XdLc-2&Dw;n7Y8FF}YYn*K(vr;W?@T&tT~NNqFhVDgRZlFt;Wyp~
zjO(Q(T{bd3EQ&z5YkYbmYe~PGshzG%$YG-YnY?`|Aoa(|15Z;nb(0UK{-y0f`2wb@
zpdGuyr5UXCt+5P4?cJ~A<LPg0@ll^DBH~LqpRomE&{*%y5^7sEm~`7*h3!eWI6+z%
zQH865#nTEnFZ&uAt?=s!;|v>Jx3Y96?37;9_*`LJSz3Y{!lto>INZG>pi;#-s(cC@
zstM*65icD+v4ITbu^N4of3Hq1%fcdOg%mlewdwDh%NLp$pQZLajl1$nDe_xFqJ0L~
zr`fzMqV;3Rn2$W8Ka#M?$7SE9|Kj_O?{ZYIdtv4RSkCEz4ICZ=mIhJIa`@*E@EFnQ
zf!^!z?9epky+3C!*dw7|GaeNf-iF5U>dm#Qyb^v&{A_lMa!UUJLR4u?{vaigk`Qp%
z>TFGnB+CQZw^}&;h!ky?Wo#W%K6{F7op<a&<2lq)+@B37dJlz4WrFu8&s5|SqWc-j
zC!(Lv*`8!RpxJX1Kv~E~3V@S&(>%oji`flx%M4)6s&d$G(~M{H>`ss&K7OoL>E!*G
z^-v?=e*kGfmcJYko&t!z<G%{%`Aa@;)7FNR=sUZYDLG4-&4+A+00Z1^`cC9>nVELm
z>gx%y7fA$fhj!!9uS8+Y%iPRpfFUQtf$6AbC93oQ8Mwvi@dN@p_a*b3^PJAyA;~PS
zbGh$L-%@~3PVOoQj}E-R_m4>fi600&eeWvky{%LL8P%+BSDkdBi7wr18lm7p@Y<KB
zW>&HU*1DT_&1D|uj<iDs7(&pL#-z&9B3YtoMK&&V?@<-o0xllyo*4^Fb02PdyZ3u!
zp4tajDWYHkudy&{Nnpc8^tEbPfI&g3cxw1X!8+h#p;^x@<m87(-R_KZOFO#x_V(ce
z&JK45<@?IVg@A79=3I!gtPKptQwc|Tzg6#9%sOZeumb8di^Gb?i4>_H4`3-<&LIQu
zA|YdT#=YzV!*gr|^If5?xeg$WP5VMgCU=q*(JIcG%&rv-W7)HLy_E^HEgc(U!F9{W
z$>^pr^Fq8K@boukxm0v0gh2NDuJIwX4m3d_Oo2-zj0Ma=4)7bW-v%)pSP~g&%E00<
zQZDltcJs`cmCIylK*U_K@1C{Y%t-SyAdob*sHbvzG~~d5qJ^uL`J7(v9Y(o0HiTnj
ztU5Gs?!QYtRbZz)6wdC<?(n(VsEY9+G_Z}sDwdS2jPT;d3ouJNw`TRRyMmH)yy3IQ
zo?{`z0N+5{)EZE>x3UhInc$YXNqGX6?g#H$Vb))0GMilJ4|}`2bd_yqXyJuNvfl#f
zwXK@>E0x13?qRCZHN*n6Fhy!|zRT>%>n*-FbEhszZgiZl)2CU@zOePYE&yrSvc~zo
zX3g}!MFpK@2b{l2uSS!vKxU|5&C`QuYOYg;2<dw8PS`VPan&`YS6dcCg2J_rh|Igg
zgHGd6avCeIu^_c*(FBfy7CgZoC`qNA3|7vA9|4P@#M7+x07q!*-0<ucI9SCGE+Yks
z14c-iD6y~9E2ttg7W+0W$*(wE?Vi@60W_kW(bPno9;_TRZp^!~%G(kNJ-eDbJ02s;
zHAI25)mDdEpd{|9-R{koGX?f^!W<Cbkfl0NMb{5iT^K^8XKuB2ZBQlZbn%#TRem=x
z0tR|&U5k_`Ok@@qn*>T9wEBJS)17=+pt4a59COqJ8LI#To5L$QZ1ov|CpS-cISGgY
zfQm4Rto1^e0HhStR@bY#xc537%+5KP4#9U=4oy4q9!xu0h#mM{4TsDxJnpzA^hh`1
z=6nhFuAf}tZ!*KW4F&{R*0GLj+BcGFM%#_{=3{L>v`NlHt!j&c@Ok%})=f}r!`|$>
z9oV>+)_cRy_g=R5ET;T8V5!&6t6BBRvw5{@h8{z&3C@ZyW{D)@fj1Ip)|(67QdHac
zTRAWWd~gDA3Bqwi{5MmSuWBdIQ|O{)#_GJi++PICYO}hvVAlBIeC2^OiwUTLBt%9)
zrbXDg!9xam`b<h<vCCb<xmp+`4+23R(`%(78WUvJO3?s}ST|R$(bPHPRAo`iGWjl#
z9OThE-5BQX+ABH$(nN$JMPhJ5fRR;HP!g7<Fkrx7lDXyOm37|g_T<sN^ut~2taUo0
z6oM>R3L_8%L6BGpzi~6&I%(e9=W{*6d$(Q6hFC)CZ<3nyXkcu?o)a^VaSpS+-~#Rw
zQ|}oYMG425V{?#)Fb^&`{JcjSvWeckH_l0Y@;vP*JNI&51R^6~>lc}iebRK?$+AZn
z4bu&`B$Oy8HS4VFV`)@kZr+F?>5PCx^WI^cF@f#&20(cEfc4dlPqV8mhs_;B1`siL
zNqN1azQcDY^-nj`*k#|Rb2+Zb#trf6r;oICj7EbLYSqpLuEsa-dKU>>N;B(oB%zu%
z>hHS}yGtOI2bY};SMIWCFmHmMKRxgi4=flxyoYH(ja(JM1C)+bc!d`4rx)f24nr_f
z0W+ZyVBIiRomy2xj`ajbW_M_iL0OpmLOwT*XI-IDK5s<p><km(?g!kKU_)##VVi+n
zb#Q`cG@lm-yeWx;b6*Xv$J;2-)_N6w%4;P>TL|~N+!p~uXhVCuVRPf^zi1#5mHV-)
zIlf#yweL8xbQ|lD5X=l6j2m<hjuV975(n@J-S|o%-HUT$(U%(1Q1`uU$t*B;Pzx-;
zaO>*DZ#yaFNAEy=qgcTpv29zOTVRN|=@Yh=-+&p+i6~z2SO(1%UX;CvLG0pqCk4Wl
zcHFm%GD)o|((dik;oXCFL=#K0&Ukx}VOg7Fm$Qcxs;1C1NwRm@A+y&fdP}HC=@t#@
zyXjc~?l$O=TQ;*#RSdwwA;G@UQ`FvOUu)@$hAk4n-(;Sn%o}ROi|rfLbRg<ekG<%-
zID0K$Jf-1Qw!yM971Q^;T}9yqB8l}@fl>^iUAj@+SE4l^P<^L3;>#Q4CzAJfT=v8-
zL1ulsgLMpN>N-}~`zF*v3$BBENEl+jWmh1=cxL8=5IyO%G-{$ME_cH+OrgN%QD%lX
zD%Vb;_HN&W3Bgditrx6OP$EP)I=ZE;^E4~lHmgM131;-?$>n!th3{o7^sDrzMKPQY
ztUpYx9`{L<MMC#DP%fYef-YYTs?Q3(p%+ek0*?4wywNOJiD$i3GY!pv8V+*A6xyKg
zL~@4RJm&3GoII>zoEi%r=;9WEzchY8+PuQqb&nh!Cah?B-3rkP?2$<zZNBd5+&Xeo
zMBT^Rqj@*o>E0d0JQr3V4h_-GFD<cXR?Cj`=3tkjEvLb3^0#Oksbz}np$zV@H?<C#
zN(&>C2fJ@N2)sdUq4x{uc^#uZpB3Sg4GMC?_7UDf&kL)tW?cmkbvKQO!xz&~c;g&l
zJY;98h|2=9A`2Z_=PR`<pcKeqi%)5LvI&ekfFtAM<8-S69m3kde9W%iu%ly+XvhZz
ztr#p`>Qzw0kGlK9)Zbw0wgd6|uMU~kJ?i7sGZ?D!tVmU=+ZIgsoX~i^3`$k6OdUr!
zJer<6Oe)IL032nE2X@CH?Un`i&8>SA_Vxy&L&bmxReIp}4SUF8!P!!9d%PpgS&^T2
zt_4b!jO)H9tV;#jz9>Mw?_@$7;cM_=eIIYYZb?S~)vDupggg~gHl>N<b;5G$zLpKw
zdOQ=Vxr^50mMYh0U5DKAY~wEbKnK0Sm1u3%-IiF`3yR*(+w4y*F<AGpa!Do9PDv<6
zZA@Xe!=6=%h4vYO_q*Bv2=L3?n^V~3D>io#7q7fk5dwA3UZ>qMQD9T+D<ZQ`d(Lt#
z)%x!tSnmgfGF%JHm<1x4B5kV3jEV4`vqrBC`$b%nMv$X!MAol>_js6bo{KnJ-#f@B
zKE7qnv7@<CDBb$zx`$yRYS!Xc<3#Ab&RX^1L{iQ*BW)##A|8VtFCOukSSZn#z0L?d
z*vRTCg?Ad8d7`BU$Zwx)3+5#_yL9~@4kL~Na*%<>+YdeP_-Mcmk5h;R=fYgg4@Kj)
zX{cF)GBI(Txu#E_qI)il9)g6vCJe#4%v>J9-W%0KX`phs%b*<R20%enIp?@sD6;kH
zH3E+Mz#Z<76c7$OJFQ`h3wnAz4}7GnRRJ4;!9DMIa`(O4>!cgL7VP@PQVh#u*HE4k
z=$S(?)9|#W=^RNo#M&AuiyO~I?&#j;8n08>w`U0(k!%|S_N!j?)~aJ6)X$n#y<p!)
z7Kd84$WU6Pr^YhP?yqI{0wd*&;M~Y5D|9`1z2$V;q-6nU%C_?S?-p2WDi^m049RLV
zK_bkw{qJ6pOZEqV0<Y>I3csKDq5!Mbz5!7GI0^_X0RUB~2m-J8A^@xYI4A<I-^f?r
zl~Pr5Q8Zq(QI(f}sBdL<X1|b{KdLVLbDPDwe22{zhj7uEEyKu&y}i8031sj9|Ayzs
zeF)vG_pbp!Sjm15zEW@(^6i_LI)Q8eJ?rM+Cgkh?cPA@LIxaojFLGy^fQ~-`O;nwp
z@ySG+7JXVkrp+P-?Gx)hcS5bHRZehG_H5kSpLVkHOsv4-OcY0udfS&)YJIN#?fu_(
zN4oQ1(ANH-`&ithn`PTj)3Yg3s)77?vj{|e`40{Jp_gqzTN&L<{)+o}aNp0reEfc{
zPIvK8G7x%E@t<gTBA<*114Nx7$k}_2xnBL$4Ey8Pv+N?J08iSHz=#ve2NJ<o->+_?
zn<vHv`{d~qmVO}Ge^<wWyHqMPSV!KU9c@z^L7w?<vMgih$vqQDBtt=A5159pN!r1~
zUQgz>cKw&|d~W!SSQ+;Et9GXRw1r5T6!c3i@#<qRt-@VS%**OkwMQ$QBe&-#W-W<W
z%Ix*&N7rM(`n_I~@jPcUyXI#@=ZQ%?pE6=z`x`d%)wdgD-3=1{#McQNUpe!q-6mb{
z$gQD<v|7!zSCwg|^c#Ojl0KdXj+#Gb)-d?peV=SJe2XWyF6iUhcqew(+7i#M?p=KE
zToCy*)ZKBk7mY5dNwgO-fx7#1dLG-tUyw}@kAWGbl4qTW=j0Hj8k8E?^dyp|gpbWu
zw0W{~msXjR_vznr)E#{_J)eCfk^Bx-)q5(mhW^|f>UQqwI#HOA$k4(X!Ak}Z5y)^$
zEpwF?{_gIL-tA_el)WEOP7OZ=S5@X-5-+NaUK?45^d~_cVc4^U+C1qEjvsgo;yEBN
zao?8JO4#0@02Jf*BzSnU+>ckiQxtWN%2AT2;D*a|dvAK4DC-y#YIgeTGnFymm9kER
zU<?EWfRP{|_;{EdeJgYARl6_Yo86Oo8(l{#VPx;G+EXIBoxP|!?X4~jG8+&?BbTU2
z+1cE?Cn>WwVCve%TI{jJV#VR^r+DhDQsYEt2S_1-iyLBxGmB8<1Q~(?JyYB)PV*0k
z2pH<Z$yhGuW|`XEBhpx)C;}Pe)(*OGy>j+<m36E1-+S8YG50R#T-g%vOG8yi@%GA5
zBE*@K;~&}}`+*%n90;$1uz_R}YiM8~+OrL*Yc&z0EwrOnOWLR^4+X*k5H&=gt;v$)
zs4XirNs<c)S!nxw_8LsP*0^lsgn*8fA$O;B%Py?U1`(PVPP2%#kT6BDlP_D&y}QiT
z_hy8csK}!f6afL-exa+QGcQ)Q-I-W9N~)@o-mOrP2rjcl-PwqNhXE$lkhly+9OpZm
zO=e!TqQY)Z1b`5`6zE+FLV*Mlvc2jSvo98<01t{DNHoY}4q?Pe8?uMBq@6YcfmA75
z8VH<j)~(Iw6)y8c!X;M5;OS4J&EW0E@OPIj#?K5GxMCe7h07ZX61UU3%cnD;+%_dx
zBMVhnD2l?KTUT^WEM<+2JohZOB=SkHbvBxBC?gr-62t-^gW^>Iw{Ll?F7q`t)v8%I
z8A9}Bh{aJnuA9Dn?>V`Z%F@B`jCvxhwNU=qm(6+K>T<d2=RW&;-=vaFA_$=JDA36y
zfLbT$*!@wMq6&x@gi6RMF#=K9C2+x8r5GI%w=lUQB4b8y@7k*7@80+u%xi=okskbo
zBjON&3Lt-n;0T@S_)VR@em&Rk*Qcrvl*r%N^pHD)WS?E!-I2YDRP>29h{Jm8trSpc
zHrs!ch$13rydgN?i71dkhw`6Sery*~NhFeOw3B4b=99Gh@l;V>cX>ruoySwnB2nje
zRrhywRhArgn=>+e{*Iq_X~(;tNaT|=?Pi^T;tOu>`sz#Au-b!%+%RCTru{%?mkHap
z2j2yud)b^h3=n)kZimVe)U4d!Z+r9Mxs*^N>Mq~;Zy5e)b?c@K5Jg9yz0PlKQ{+Eq
zcyhx+MLeB)z+_qW-8m*%4Eb@O?(7eK1=o_dYN$~*kkTpRhJ}DNxv~ui4KG5(Kqni&
zc+h#9Z>4;~ghbY}+4reo_Db6hIdmBA*`fBvM;%MY14+GOw{hXCSTE=_+OYUA>}3?z
zP_bjgpLk1C2VaE}Av{75Q-}~D0T9h<g9xfj0wWzRC+_{fHNusux8AyyOnIsCZiZOU
zc!8%vL9t|nR<_5YCGUDtK0D<QDV+EnKLbs&2*#9@G6tG@SE6RUk`c+eqK*oXv5riK
zrBF*VG*Lkl%MoPWy95DO_=p0nS)+YRq8#^KZnwK`LlTn^$T5luL(@NNT{c~1cbvP!
zLSDtyR5+@nKw_i7fp%h$Gr{m7WaY}66YxNQa6<|<T9-gjTpZCyRj@2h>DxGD7JlxH
zMh2Y93?dpA@jvB=j71Sj6GgL07HmE5XUBa0bHT6bsej$yX9QGKK~aK?pYS2~+|^gy
z`+sB-&$NHOoVNMXm-h$&3He4Wj0rdqDhaC}hz9${zyQc9RKh+)3?d;=0T>0+18iXs
z0~iWWLPP^EzVJsxMK<LKHxU5Ws)|%d0*h=?FhqE|0ISATwI<c7_x<~|7^0RGno5RE
zET(B1-mO~vx1Xm^x^=&F>iropk(pP$TjJh+<kY~a#uf2L-t;%Sn-2{DiOB&|#*z_%
zFcLvWMWBbw5r9BcPahs^5Cb5Jt-w`jh=U*iq-f*T!uRgS1I^7?UGA;JbiJ?AEw&0_
z6k>`=8+x_2+D@Q`{JQSL%=cvxl1&hO`+{$LaYaBBRv@ayMT;k)C*!);+wrU1?R)+4
zJ@-BK&!SfXNdS0^RbVNwfh*y@&Gm`uc|~6Q<0h7>gU)@?fMrq~M)}uWw_e)o+xONA
zER>XuNJug)k|dHJC?@&i%Jm!b4}kQ6A!5N`u*lS<ixm(=7A!jh>Ae}=&-Z`6(d^wG
z9Ch!Y4^xtBdW0uLfFOwkArKfNBF(h4+TU|+Nv@kEw3ei$brq6ku##ANX;HF@6-^W(
zMF=TOH~yPR_kyB-b9I{J@>|EgxsL`@SEzT1b|DTr#Itbps@k>te&sBfQL<87Od`NR
zfQX1xAWZjP$A<p@3Mmm05LHNsD#-98^gGY@`oF8TZLL;32pT%RdeQ>&F+dn4L?a|-
zY42;9nkd^E!K-~$`@Qbo)}ArLAt{?DlEN{U-5G#XXGnrt`u)XXA)*sYB1xvG#dWsc
zemwg1-<~~BJt!oU(lAyc3Os>2bHDBsf4TlMQ=hfNIjQ(f`NepXg4rKAqdMTHpAL{$
zV-NxftF3L*ZK+p9DFP+!c1=}G2?-UDSp(x|v>n3tPQ>gE^SwJ5?zynnwZO$WP(C~Y
z2?iu2X(5qID6t7?o~vzq{raz7I{N$Go8Q#2MKO|6Q6W15c>UfU<IDeX-$|MKw!ePA
zzSbYTAVUV#tKW42Oo!IjEzP$6Z;Se0A{EJP9u`|>RObH0vh(ah{iG`zc@KNV<8I%7
z(`<z^D4S_1lT8|!Voi-S+a^O~)S@3Mr=0iq7y0hJ_>+zyATW|C86qTXl}0jbn^cix
zup}WQk3gp+Uk;`@@w@X|z1{M0U3Y$Xhu-+#-tBj=I0GU01PWk4p^zZg%ofEZAyzGk
zqt1|ks}v$2XZSdKxrEH4gaYUf%@^N$UaxOjwYRtL=4M#Yf&z#nESeJ0YBnlOiwF<M
zAbOxYFy;Hp?*7^Ky@`-Mf*a~fd>}$5Nl0VwSDdm>Samz|a?YoHo*nnjyXfO!yu~B3
zlvRP`WJp2;<YYu7Tt0m()2uL$Id=p3CX!*z0jxhW-{`>>D2$3^%*MtVXsD@{je;no
zq$^W0Yb0z^SV@U(WSJUdRg&9Znt~hWem}0QyGJHn;Q{|(nkYu_D$s-($&v~yt%8C{
z)eC8$QX%04=3+}STnMpCI8Y$Kt!h|lI33C$cO_>VaioQ^Awfi7Bq0zCjBKa`K%-L$
z1R+wATQrv50R#>S2z7>GpeO@Ej*4*6tzLqGF3U6`<E&^bnVEXgRjk4&V-RFPDk?Wj
zO6$O4gu5_S6bi`5nF6GWi$J+lL{t^3kU<#%4kblm;V@YxG{jb9PK5x21dXWJk+U0;
z5~RZgNvJAdhin8E6>z2_I6$Jt1%U)aPRtPCIB~^{faMI6W5%ICFvG%7rXcM!LT*tq
zP=R4KK_-=e3Xw&bY=Rlq&bG#lLL^{RnI>ISpf;5eFhodV(&-8f2~ZGaGBc@B#6;^Q
zskI`kxg{Km)d`Gz8(>r)G-!5j&1**+`)OK|YR%Sbf~N)SFtLnNf9m5?lYeqF=$n_L
zG@9PHbiuq8<jM`%MGKU`+m(7}ksg=kf77@FBMaVFahVEx@3SkXGwpTC-m($_NI*Y)
zllWC$02Y0R7(XT4<PFtOA0E2+S(Tkj9bov5-6BgEmSo{byn2FLx7PJ=`tWW_)IN{x
zbgO2*GmxkD(`x3ss-Q<*-W$6U4onC;`j-g@)E?&0!S~lQZnsl*mh)pm!$>^s`|Npm
zpK*V6nwx5Ul@+{|)VsN1di$gf1ocCQh|BwiV9do-A<QQ}t<FQ^M{27Vee{w~hMoG%
zmfl^p@;OXT7f+Q3_ru`!MYWW+>+SpP=hPk;=X<U9w09o#uYJPdHj+d-lt2ZL1)C~L
zW@l!bw_0kIENQHzOHPruX40EUX{kYABO*i)SUUCYp6@eT-d-71e|_6`DwaH<xxC?R
z0}`PPOWdM_Zw)N%GW$91sk5-0>|xOgv3NSgf>&`5vb4opY#Jr_ZXGki#<D4z8oSWh
zK#r@ygiYizySlF-fat-X@WBR73j?v6Idj8%iG{e;B(<sz-*E(zJ?KCO#CZ6Oh$Lrd
zx0lnf!+x&a`<I#Aql?n-Iu>BcPpzBC-i`%eWp^i?nK)Lg5eY_%<#*KkJ;IDI+?Z>-
z_i<8)0#YqiX{))Is=DIswvDX~bYSe{Fjx?_Lb@p}>eUvCsI1(y)RK}45VbW$SE{@3
zdb2mJ>^T>{WdNjv1tho2QXJgXW_q=)X0W@WdXR7s4d7t>^c6;c#yK~@cauvax~=H(
zhSgPq9u^9e9;J}91Yp4DzWdnK7oE&JB~f-xm{B@Qgh$7Yo$oEXygobFzjS_~LKg!N
z5Mt1zIqz@UOsdUjR|281Xb}!tEng|5Xko*htkT`*!Na9P1_enZv0N?>dCvD&cdc&%
zbFx5XkfM=(yxLV&-@f&H-CgIWh>DUZ#S$V#BqEXQvfBhA!BaQaGmgnws@57C1RMwK
zMG=7n2*L;yc`H|FLPc)2*287eq43rGRozjqbEUV1Yf|>9@cThb9T&~*W}C{)JAe=3
zAv5!{-(E`SH$Pvy%@dGOP5jrn^131I=Np^2G&SyfwY`|*+@E#K&!lomySuXP))JT0
zISqQ;=c6lv4h`EDC>!_-34ALD5d#d+?D$>$9Xl8IJ%cZg-LgD<`*vbgTApQQNGgdq
z1PbMdq1%xB1mqbckqITUyYJn+PBMlsLC$%=o`(MxV#mD&@2CtSLBa(!TU*fa#w*%;
z1$n))ucpK1d;~u7Hr_kYzCwi%P^u@(e(!?m&qI|69y#qoMKXKL2mwE<4E|mFzIFrq
zfl9gH%lOzl+8xpD&w6{f1y)h;8>D#A%#Oqf2s0mnt9L~dIKb4EaylE51W9;BH#Ys7
zefHbH@u!RVFOE01Hf1<Ua6Az~Xk+r0Jx&v)(wy+0QNKMMYDd_o1Pew309i5Zb4zJ!
ziD+Uf>@>hz0Gt_)Nlo$_z7w1;S&>cR+r53#x9)2&PsJ)U#2Th8P|%|_LrzGASV(H8
z81XZ|ug}ki&+SUfFf6d_`n*pa58l@G#*8=jbTLh4TWGC|;#DT4DpJX+O_MCyH6<^L
zt+we>ldsq;#ImKCN+^_-!h9ChF0HtgBPgn<yq)t;0J~T3tU|~^AcP?Vzr4Y544@RK
zFhuf%3Lpegz6%t!AdCU<Oy`{n=!6#l?!|5k0C(+xSQ_*{5hMv2s}yS{(w0pTsFPG_
zO^V5pDU};yOw7zuY?>-6O&f1*t5?6j>+Z?={*OPu?EXJ<X;~4HMHW?JQB@~2kx~o+
zAdmn&zBF_DRp#{qe&>^})(9Dy={o0t;UfsM!l;1?yHd)NZ6&oP+fr>((!Y-K66`lO
zdDl@FUCp!^0F^+bfzE(zArbwc8i24zcA0`GVnARbS?kscVw<omM%C9a=)rJJyjZ29
zqhVk+ErD>^fCd2ATVj@tpQ;_fBovTXq{&(~OBRxr1W~mD8#1XZMySTJX_7JthzsA}
zozJX4Jh~M3^bg8pdy0`LjV2^2Hjot5z`J0biNxZnLPrX@H^yAx0B|^-yz#Bw^W6Q`
zOsT+UzTUCT89egNE35O%=QVYjmB7>y5nwPFK?F#a3<*R9V8jFxh6xkT;!;1$sRBkc
zLf{29YDu4rX!9I45IF+Pwl*T%+eMA8nzuDkW*B9(Q6Py4Wyph+5d_IK-MWih*tOah
zXhyo}l1d0%3;SCUbO3(^3KF3PkE}+*5nD`*mMdz|r`8K#5K;pH2q9rY6ods*3=v?e
z@OD@YkPw2q4v*k6EQ=zt4Kh_4k}YFqQ6))6ii)wUZKTyjWU-Kv5R4-Mk;Os2{sO$~
z^Yix4&!JF1hu7=Dz{^DIIf@#xD1s7iVg8-#-!IFkeseFGTG`F&-H;?YBm`Mj*Yx}_
z{OxtFj_)?Vkjl+TGQ=d)y0}(0Y?6_XQlOF{ph`#zkOj>jfe3Y>O#~GPAoZT$jxZI9
zBoUB7f`{=$9IzV*Dn$a<@UU%wBoVPR*q~e#AfszQ6#!TWP>1Jc0N_9XfTkY-Virqn
zm21Y|&3?p4BSjlYw9RcMwl$=y8)=nHt*ENgHnh!ZDJ`*DO&c0DGZbo>q_ul$we$P@
zK7U8+*!T2r@HY8Ak?lmxs-je_LX|}cO)OOxunF|!_xvCD4zooaKH1$~n#$kr9C5~p
zwFg93uu{KXB$7r|RX0~lyz9d4GfFLF$thBT5+mn35y%Qf1NVp)EsPa{ndiOe0Mi8`
zj>9Yvu?yocL`)#0031xN@C2d)5KzZ<AXxxNh*$*zP(czZ)2Mzr_-F%SI|v9xT{I04
zQXo)%{6!-rB_%<nCK{7kO2)EPGZrf*%t}*ZOt#UgHpZh?O2k<$QV9THv5J@q2y^WB
z&(8dFf2zFk5#Lg+HAN`YQo;NUkJt6{-=Y5hb*b+G?}v5YGro?_&b8lEbVs|Z+|F%R
zz)Wy~v7hYuMTk)t`!Jv2YNu_YOo$^umO&Cg-ob7Hz+d7a`C?eXNC9O6G{G3CR&hMg
zx?lknI?u37NGd>Fp(tRX3f}isbgh=svRhMDRi$eFuq}eIL$~;hAjTmhAdrM*sWE0~
znQY3G%+(QDDUwvCRAI6fWhF^$RAP;jDKgiMw$=Od@%nat_IU&k!|Z|lQFY{jB#?l0
z8jM0pWvNW7na!k|Dk!2Lvz8o_MP<n58xj_BuE69b6h+P|s2LXmlOaH{;qTZ1J%hhr
zt=0O)ARSZ}=vbc<bL{|c%QlspD{EiV!)VQsKO3Z>5|tHlrqTq4YFcX~KX$xEsEtLo
z7@|r7NYNr2B_O24W<2?Y0>}VG1pVzSM#w7xaO%J=01yX2fPG+=5JZZ-bXX0c1z;|p
zYztrv0JRY)QkDWS5Y?%aU^u`63TGVX_hOF7AV5=mb%NkP1}gMuUmw(wAjL|>lB8v0
zMk2+PEhUO7qLj&LnWl}Bq}3*}YD+~L(?d)GMI<2yLIc0e`!C$7`VQZ=Mx{cu)C#1t
zp{j|(iE3p<h*eQlM#LV!A^X0v=Nb>oz3R*3f(ypH{gidnt*SkN6kw4Mf~x-a218T1
z-Ei!eNzOc?B(^O@6jesXHb9ITR49#vLnuhHm+^f1_^Zv9$rO0hiC|a|QY%dY&_GxV
z#ruF5K|(0zK!^p4V+3F)r3*m?2qQ(k-~bp95(tN-00jUVC_<6|#7(p%K>`YRt6O-V
zpT?6-EhSV%nG$3uw#Lz_BBCoon@VbC(pf4s6%=Y_N;Xp^OvbWp=G#}swYBy9FXbQ0
z6aBCz{QMUFzP`V+2jS*ll!|4d(yCh23o23zmS~0|ij`DRR8>%N0*l`2y5{wBdEEB*
zuQ{VX4Jo|6^-axp$2-HKC?|segjNEW{|}G9>{y5vT8U|kCbZwZ0=>3`q`6l}Ez_b{
zt~Ti{BPPjGh32){YHeO@?ZL<c75*HaeV`2xQYdJ<0I(nl0dj=`mI6dl3PgZKaK01@
zA%Hj#5Q4U2m<|v^D}btQ24I1K1qcXT14#kO*SC-6`;?GbO(xkYWs;3EQBqjcWU)yV
zEUcyrBx*}RL}axfMn*7;CY4w7^M9XJeO_+;58|Vp0;#?RoUMu$Qi!Fb6qty}MBo4q
z1NmK?_1wcR_g!<$lhVs|-#{pDldUD*8qq+CctjvUM1mZNfJ8BY{?Acnq=Xz>Mf1B`
z!&|bsR_s$%CZ#4Z2`46mZGsR}^mwprSRh49RG?5PATd-ZXjX(czRVTG3wp5|2oYOe
z>_D;*Li>e^TmmaW$3_6-2#$LT7QzVuzYo?xqcqT_N==xWN@T_+Ei#zGMAlIOLj?x-
z_EmgWa`6N5K+Mf)%7z7nRE<qkwY^Ch7Oc{u+;bs~%D}cYBmu$*X0b@P5zG<Wf&f#l
z6)mnIFtHO16iz#05t&SMjKxK<f(1C6VByBvV3O;UB}!K<E=OURg(Ks6;c}#t-tP`P
zh<l!2RS^#^gEmNrjl9MvZ5#&05m+q%w_Od?Y@tYS*y(Z+O$f>+WFrA&60kCogfL01
z27xFD(hQje4OClhwiE@1fKG<;Lhd(Z7X)xja{(|`NMKf>3aVjfM8-0uEDMIBtF{4c
zPzz*5M~o7PHpWAWirAtU!XejiczbztS1sK_auc3|vi90=0(G{kQ<6c2TscuiVavkq
z;ln+2MX^L|%PNUCNf%l$rW|yf-OJdz(cE1dqf-J2%iYdI3b^K3>yGVk+a=Yd#HwIi
zP=T;e1ou`mgNyquogp<ue;>w`NM=^y)!R&3=b=?jr^7J4Eq34pviKg&oYCEz!+P&7
zNg>F1(Ud~v>Y;JT2TseH-r(YAY_C8l0K6GM1>V<iZs4BL*G2)E&rR(E*LdOE!`Y5r
z_rTH4dfMC%At44tAw75HWV#(bm-lua*V&lreZ%5<(%jtLoQf0)CXc8ei8OImoBD;G
zUlQVv>mM|G<bJ_c97@tv6_!JYH}#dyQl9JVQoUDn&E{D6iftpk`Y+aeHQ%jM>fD#;
zg!@;>BTYZPThEPQAd_@B*ebbDWN08W7Vab`$9~&c_I5Nk&k-M04q}0-gb%Yz2`p5w
zeklD@3P{X@&>0j=Q*?eU(}=X2ERtl1>zT!UUXjA-3`Osn$M;cwygJ|96{xYcI~8z`
zB&c>zlSaeF^pI#8pe(hYK=+Q+?fGlyN<VMQ?$uVkvbrJiTW>SB?7QIx9u|Ff$$b9%
zx$LYt89AbfA5jnL&98~ND~PP27I-FfwuIoJC9Zh18Sl>feX5_@yO$V7gcdjNtQV{|
zqLE5UYqjd3y0dzi#}G3Qia%Zb5eBR+G+GNySVHpl_q9|~31UGaQbM-hzTWTN{rBH%
zRS(gAPIKPpsP4#geqoTwYL*Bj1PXFUPp|FJr!C#Wa}c-Df!ZG11A?e8#V?hNtAd>$
zf*mJ~_;;R)I@CSku71qO?2K|B8!M@IeaEi&eQ><n`z~i~xA&^o%;n$0TYk-7*?!Jy
z`h5;l%)p_{C66MCKsQb;q&8d&i$=y2#ud;63c?J8A}u8`AwtL^m8<4nX0EkXVp;4t
zWXh?ZH7qVD=4$I2>Si2Vkvmnn+akfe>pRO2y4<aqK!kC<gW0OCS3bI`!cdhjA+2+K
z83c9plSaiN4st45^<8RFyT5J<Uj5K<J6PW{I7vLHTF~-=6b!+LQph{jFfl-|f*Uws
z(DyRZnN4FeM(>0>;0J{eJRgJ^d~`o+dzo^pskU`n7M2^bsa<b6@HR!?GBuL6O3g0b
zs|f^BwT)8mRfU5f(L-2lqi0TV-5SkmZaW~1Bv2wS3eqfK(gqh|hhoOljA~aqcC{5M
zZELl4lr3(heZGxR1EA?Zk%DNTn(xh2I$^lMK~V_`&W&B$RH}zNeSSVxi_JHUR_CCi
zPKZGgX1%&<(<IzQnm8lV?q|igU1qih1H^=ZLV5_KoG^e_Zz}Hj-*wevjv279LLy1*
zx@y9YR9X;3H_p~uMcGCgf{XF9rU7@=qZ(GID8m7PpkziAAzSXg`et3`zBmQ~RSf}_
zwF!__Mo~a#mV&-o0_^8jt(n1(#RQfl%NslxV2J8O7=?mJf)iTi+N;45Nw`IWCECzf
zEEOma=hry%-D}`+=?TZcSQBK*iIh+f5MsnZ2|2xP_hq%1Xv|syge%KLhJEdoSAl?o
zOGO40Saq)FcIK~I-EeTja!O)={IK<Vl~sBkoxc06D{9{k0|-D4?u!y|3NeCJAB6Y5
z9lpBPxBl!n2Sy;(Qqf8yNx<C}gC(d~AccWP3rvEbZ8%Jkr5KSw8<B>P4YdKjW1`QO
z;rM(IU}!_|d>CSc2ynq-_qB{<?AI3V+RS=0euC<do)R+vP?AteM%pc?1aXGjZ3c?O
zyxU2BX_S#5k_&8>P&h{Y&Rq`qr^-rbD6aYLd+zVAjyY<p<gSS+CKF_Wbs~QDW;O|u
zs{Qu&cYWR8e*2kZ^vubz{Un>apDIW1q(iBT%jWn!cE=%tUxyn+eZqkf{@3?LGYw|z
zyZgK0%f}}yMZY~&s#Rv#f)Te;st^k!Bnh7yX#jjRV9{@~cn}2hO{7l6<2wE1ueKgY
zEWT>GVO@K=yXp4BTxg5;r5znOhia>vuKV2_;X*|^lh>-TVG1i^NIQnF9{oJPX`%25
zL=FN;`1{(!zkSGO-&MV69@m&!A8u{3xl-Gt_qU*%;YRvVj=QfIVy7&i<0wNDd%tEg
ziQN}hAz4OMD-x(a-`R6TIu#kG5oeOe8Vy7OGxRO8;D84fT4-X&@T<P<7V#y?0ZA#I
zhPjRrWe_Wb5o!)tqG}ls4J2^`E>h_UlTdK^U%77ZEauQbX@+@)nhn@A!4(inYzr${
z838AujcN*+49H*GY~P>@z^C$J{PAxH@}m=}Mlm2`L=pi_rhz92mHtRoMx1hqMCEty
z+d2N<#*N<!NL3*Ng+y|s<_6YA0)c`oSc6nBooL7bfd*urEOw0nj;XMExMdPu&2(j*
zR}WHVtUo{((zgnrDIrYExFMX>$rY6m9g>Es7Sk4pr6MIQ=omkv<BzYu&%bhY-5cl6
zaFSYStFLEGU;rNs08H#{gxU}UK*Au1e?GQ)qF6}~f*F8Fhb147DV3c7*47a~R9vQ_
z#F&Kl>-F*|Xb1EU;4%R>_JK4efmF~yMi4;;5KuoNqMCpzfx3poHivpqQ4SygDLfzF
z&nPR91C<S>2+;)?0#SX^CJ11Zb^C%i!V8%!Lc$PFs1ynj4!{i5K5t!n+TQY;Zr{`S
zlv8CfC?jaH+f>k~jiscdj7I@e;rZgJ`}l>Qgb6>02>s9DRS9aMSW1@r0NZ}Fe`n9@
zi+Qh}zWm>ZAe7y4v&{XyAS>Yk7(o&V1WbMrvG^g842hfjDu{~wHv;LC9GcW-Cty$%
z5AV|(fJ}q{C{FB4Lehbtbz{b~27?X``p}wT2UlR&LM^;lfLI~fheilswsB%MfzgTt
zCb`h2m=PTA)%;5{2+1QPl5Hi0l14!!WWYf+x%Bw%pSAjeENhA*Ei~e!a<wy)NX!)n
z^a`&*_O4Og{^{e&-muxO{Of3g$yL?ve)4i&)lobi$U+?uXdp6(euSwiFjIsb?k&q{
zI+WQ!+#nD}5bfRu#0>-jB7TJlLk0m~6UxC1U=bdI&Tw235DeKna8(RQ3=~b_r+ytA
z030w@D(UyE5iuYFL{}526EIwW3l(0CVS*+Q1&9u{qW~~S06-eay>H;MXe31$F|3kM
zLJ|aGNewCio&I_5efpxIj~>dXnUrZ=OGrftLHWMFqx<;!U$s6mZX2NeJvk?|ZWd8T
zPcy|-5Dy3$5H=A2+a7ECiYb~!2|hOe3s$SzYO!sKsI9V9Y+G&3wzO@wsM^}awy?{Z
z-~a()(S_JBrZya7oE!*=MzZ6!2zJt)7{E?85%L3*Vus)VgisUsA}s<?!2pUU<&47x
z93cU76Qf!bG{FD}2!@aiK=Yjl=z<IsF`)_|D6v&&FYFb-fQb-aN>rsZ=;^>57d;fQ
zEKd*Qgk%^(Owwa4(S#FGCX|U1Xv&sWiZU^l*tSHmLFxDMxcA@L^dbCIL{fDP%8g2c
z6pm4-nNu+8WYa39oku7#JFWyfu|{0#m8t}z3ZXisGlV9hKvp0!cX2Thi7WG7esAgg
zeR<zCJU!7`Iw5x+Gu`Jq@OdDi1cF1a$XPb9qTyAVi&2tk708OBU?Qcd8{LINl0<Oi
zT)EI7pb)taPfP%I*bndPg=_<QK1>C{f-F%zUF^Ud2qO@8-HKX3BD<jq7!gmX28G_U
ziqN_T0_+j7U457dfaicAWRN|?$KA+#53e;cgL|T-1N<tT9y(yRT)R7ij_9t)MfG!e
zTc`b+)zSS|e$U?heXqCQws_G$1VL0yDO)K~A+l0hpI4)(l`N5&^I&umLLwq!QPB`W
zLaOP+g3wtPJ^)xap=lui!=sfj0|dT;!Lcm#v20E#0)X6g@_2K`m#yyDWD1DiVw2K9
zoBwn@?rF^**l?;SD4?nerjdDdcXPYBa3U!Q88Rj(XMen&)%$tx?QG|1(bu{D{1hO7
zfXzWkY?O*aO2kzIB}uX)ZIdNQN@FslsYw$NSLc40T}f{4q;sancbdB7r4(agXGGDb
z6N(v~IB*ImR3j8pK$D>oAdsBOLLz>?;rV)c`x%2bT%^cmA($}4`ZF=T5{lPhfnRHl
z==t9$Y{l06GXew)a=j6L5l;B_KUbI0*O#qxBqX0QRT8ABDuSZYRYjtOEcZLhJe~Vm
z%^WJ`iZp+xw|&*O%(Y1*mXef`Ql%uRw2~r8C4!{^B$ASnOo5XE**2(UVm1jZl9(c|
z@qbJ#Lr^Py0c^O%Mi*{7xuQWUy5g1)3{n6@0TSIyyM;1Paw0kz!$cyqG&!l3T12X#
z=i5(S{LVYs@tj(4QJICWv>3J%Nnut92NQhh(VMe(t6I%fr)V#x3?H8X_BYx2`af6i
z&#W~FMGO*RYlV#Kr*^Jrw1(y)w=gscRhL78O$ZttiQ6?zB?*wSk`yAf2(5$cJ^CNN
z)i1l}Us(JZ@@;^?7xe3A@Br8}1p)yAZIdJ-S%yXwXs8rZB_$=PH3vBE3fBv2%NZge
zA_&0<K$;>pA;Va02!aGKqC^njoG2m%KfEoB6xzrs8p%R!AOeX=InSaU(IFz^BC%Ak
zvzI6%fpGTRcJ6>ucIdNHMS@6mcL?M}9IoQWQjZ9W$#sV4lbmu?5&Qf6#uht)zD=HQ
zz0hm#ta3Qc9;gec)$kWVzIx+Ff}r}Ky1zc7&SzZ(LUTl>h){zO8Y!g|7J44mHN9qp
zq@+3Z`}v>a`cC8YA7W$a1qP<bNa%uw4I_|;N`gR<w2pR_GDf9wv^Z5XH~|nxYSl!3
z&LqmzRbPP<jzM7|x;w3rC!R-!+8j<}m%4>VD6U+BbtId+K%l9IXrUgKOX`!<4$2QZ
zq@l`q2oEtYBO9~fe5zMO5|GxL>{am<Iq%9E+3g}gu^)t0#YGrERf~`aipO2KSZFBh
z!D0eL2qH$L1hZ2XV<0<4Zd#NqIs{Bq&RD}JR4oeNq6b4sCe#9;L{${T1=xuML5L!%
zaKV)bSS6I3WK_})&?T5FmgAC`L9``gf-^}dye%@Jg=oiG#?4f-8U_wpq$vin#$*WM
z5wOk(=y)o%09#@~Y=8w75wS=Z5d^xk1&)IR5HJHLB3Lol!8U^uQK$r>NDV+9AV)^$
zVqaj~JfaT~(RhcfraHQ`OVBvsaWc~IN|sXzLIfJ1y;2zE)VXDrW`i&&S|TziYayp%
z(*olS5uKp|u#yh4sjA52tVmhf(+a|llTKiyZM5xH$U9J&T_Tf<GU>#u#VMOK3#8T_
z$8Nh3mn3x&$6eB9DkPFdh@nmf#ZJ(!v{XdoB~<$R_4Z|bSD6;|^Znw_0PB)HF|uew
zRUM`{(kUJHn7bJIQ}jt8z>yCil0Xztl`E`MszKo9)pT${y(y}1c_APntrZ|#KsLe_
zfG&`mKq-e92U%$*qYWVr41tU`^8MZKjZv>Qy%9;mNFGSCK$G#O>*a2V*VUhEGgf`N
zXufNG*IsPbs^|so*_?MRlRk1|kYt}}A8vNlk9<7#+L=$Pr#r!7il@i9VFeKle5ySi
zgFT{(`@X_V_<PR?n^8IYcf3lF&k74pP<8yd_)BfxOY$d+UCA%S#<h#_{Jt?0`&%LY
z-Y&R&tG#R;#Pp%6Y<Zhqd&PIu_6s*8=Lb)!oBMvxzU0N8!S?-BbeZ1YzURJf@E^6}
z)sSea+!dJ#ZDiOt<CL%?1)HA}x0#gIVq-HEo!Rr}B%b@X<;-sOl{+Wde_0ra%C-y=
zwDG$T5N(@k(R%NV_g@~~=J24cA3{cBmsDAMxS7)YZuii=^WiG2W`%;pyQ=SM&fKiW
zF8H@Gs1EN_rY^ITtJoC*6Ilzs<#u|WQlixE#P|)GNP4RH*jg)m<ZTPJN{IonqeJlO
z+XZ<M!d;BXSf1J=1cNYj1>-}a?G^|^65<m9_YFpS+8FA3L&7TtjP$y!+D9a{QpFlW
zR#F(8v7lFTy9Ln9C{0v1B}`p#Q70C57|vL?;6mFL3m3Uu^IP8UYs?Uf03ZVt4#P!=
ztv!t1$k13YA)*TCg6*LSQNg2J=a#O`gsTx0<k>WI*ocT0N;*F0xks}_iLA|Pv{kKa
zgq4DnKspR4!T^LIs6q+^AfpH?C0hFFbrox+t%%mxEwsZ5EfgdX01*OJEd)2)%jasZ
zS(?~LhyaNoA`%FM1W68Ut!Z@H!B$GLRY`56gakrQsc3*ALLx~nK@9IHu1o+1_Q^u9
zfCM0nAc+Vfm1MP~wMtuLs^0rAX>GQ=O01P+s*>80wo0{|yxZ2btk$$_31UbhLLvZg
zlf_;oQd-GvCAB^U*3w!^)Rm;Rq_(}OTWh6KTSog^?YDVCs7=Uh;ba6mUEgy$OiM>K
ztRI5ucv;{Q!7M<c8bt!Yzy$$7fJ6im43wJ5RjRjA8C6wC$4dZV69(UBa`CakV?(q$
z69I$j%VTZB5d;Z<0V3E1a$*y1GlQ3c4YY9>+$eY|$47g0H|={`m6^TiFk(9dp*%eT
zPZa6%D*D%(ttGD2d946~f<gm?1qu=fq!>XQdGD%{uFZ)@1VY3p)?GE^Xz8FOY*F_%
zRo$B*F-W>JT?mZdGox3A1BAdrdLkfTKL{gWGC0~0HP+?Iy2JVA{5$0HnfP0I*`ouF
zBfaaK_cLkVCr94>arlcE`*BVc*Oxlk8Vh!MPkYC^EnVb~<~n^;-@@*1*^7Sp{UjT@
zPJDinGd8YAcq=pFWaB;?j64JZ0QdwK-1<S9aOht4jT;A3QwGFE_73ILh~Gi)xL>E2
zKLST1y#g?Vf@l^s<rGsg&0tXI{Au3l_`5lPQKFU;j1CGoFwLF(aARbP-qoZMbB)LA
z&p(NC`dy;oRDrrGKte@AMOguMMx(J582l*MQ*5EP*MxEadL)t`8LY`7DiPHXdq%tL
z-hwCs$VRp0%TiV~jbgD>TU^|@At1BLK&Xs}7o2Yp2U#gt+kCmKR)bjD@aD8?lWpR#
zZ-m=oI-RlI9PDt&0_+M%p$ao+dA)>E8fk=357bhCp%q|o?H0%l8r_*7p`R6OfTR?G
zrjR7IkTzT{<eDpc_pcP*sOvA)C8Zj^PHOpGD!F|d8$ymm6!p^VbSLLSd_?=~`@dfD
z?yQt!b_6K{Z^ydW<TIJlP6Gq@#@m|njv@dO=t2-RRdIS?ca?+{tfXvcExD-YzWwe<
z5`sgLK`u%L+a5v@sFNy)lqWL|wQ32BUf`juq*8_17KKD4{`|xdp`(TRzi2d$TwtXd
zpky!zn1nD~c^%F-NSRhcpe7t5NdgEEA(TKNVM)OS1q`tAjW-~sj0n(Dk0MOk1<XV-
zK@R~iCXo5$3{BJ_MT2ja==_2sw3Tsyk2+lnu-gz&C?_(+5zti&L!}k5Cqo5AOm#*U
zW~rLuo96THySN686%;z=2*81TA)-193RdJ;i&A_^%*rT2xv9HU^McJxL<u%QT!P6&
zIMr*ruCNPr=X>O=H<V`lLcFF;VYhSGRaFZ@O;AFNR8>@@LMc^BsYwYVBlua*v(lyW
ztya4`b6Yj2WPAGVym+s=z2zo`U3DY?qAbCK1_^7CuxpA%h)63YOK<?y!mFL#%chdB
zYT;;#$yBaFGC>KXP$3`$hhr+>5y6mzh=fA@(zaoA#Y&cPBVSu52O^5JD6Z-TA|<>i
z+)d%Y*ek)~xE$c9oTgBdDb6QJ%64MtIV9+w1ssmKCt_@_(+DUir9DZ>#}NJFw)y^n
zwWK0$bK&NWGzSoQ!iF(Kh2|A!C?fesVj<w796qP4=zfg8osts?2_%ZGHB{9j6<94p
zlYZX+uKyojtNrWE_x5*Y=^bSkv$~&wAc$;9K}85Dz!lvUYps@6?uuC}AmBv8JN87C
z3b5LX=s2*aBs12YT}L}*4%sM>uCYqo$<9bix+|fj-O@-JqV>8vcXMnpsW74VOaLq?
z{}w7D?XbH{3n<`FI#oJ(``44>>OQ}F-^KDiq9Y}9j^M6mUAGKXI0#oR%PvV>AfY;`
zG~z;MW!P+6PHkaTMa5NBQ4tXYL{(3v>salo?!E81emsZ!Rm?drUFBV)&yJ9j@Ra|l
zBveI-j@=gIn9M4<SlaHBE|Pb>bBQ)kp)89aNFgG^DR3$jarcwlt{_lDQGP9;ApqXn
zOY#?OT*&2OTKf(|>|8KJ;%naC0oeTl6G80V@b#61`tR`(%fD-v4W%N98rrn8HBm|^
zvZ|<P1H{Apb+|p_t?CB;{~4*h-|uV3$fl$KL;(;186t}$N~GK?bgB(*l$s4eg4ano
z-03yLE2%2Fck>o;DiqX0phNScp4=gkv9-$Oa_MOzcT`kVZtEO?q$cECxKTruT7r9A
zqs2Dm$f<>7jbgqp8|STci<iIwO|ZR(S%ZRr_SWTA2c`#lNCd*n7y)v@s*eqa`0o3|
z>spk40#0*~`=0&r$6xNl{m8KmwNxoWPKGJNREtHS8io<VD->7h`}Z{Ox3E6=uf-cE
z_8vcNyx%9__kzQ8xe#=>WL+zyl3EScms_N^Nh`SO%P4-_i^HKQT;zq$aeQqZ$1wMC
z$o0ZK4@B_7W$ZTYpqzr0infObcO8&%AfTZMsB_#o?q1iZKN-pPJTS`m3)e1i%uU{l
ze0cb_OgZ%d_pR~YoN{|yMFOC#gCH3CO^klOik}NpETbVaP|BqgBB}V_<KF%Fbo++B
z{R-QfD6u_9P1o+e*0{-%6Rdwwp(tdF6eR*BTrTe2-BA))ijrLe0J%{Diz6V20?kHI
zxB#`ntVN`?>2=B6y0m5eZ2-G>TTTTuD~Xvo(x9`dxnSWqLV4jQgi#SwJ>9~uS5&T(
zs9Y)zD$*5AMUpl~`8Y5yk1#=T>HFK@3ZeJD8rX(#764blt=ooEq}UY^&pilE_b2!1
z{i`&8k#vg5O*DeiQ%cjBs>G70%&dYq6b7o%QKqS;s+OvXoS)s-`9IlXci(IA`<iv&
zw^z+>jIK|8oh;lvzS3&?Xz}nLBFPa|EE>N8x@)Hmb#-+zu!2aTLg4-<E;ChREXrb4
zXtYW65OaY*5@eMeJaQ8y&rcSd&>ZO(YnehstCbj2VeiF^E_XRGXzS~31%9HMq^QG~
z{jF;QDRsO!!vN^)5NkXDZ$Oa0I=^lA;`m09`#EvTj-1?XgXH_&{eE?)VI^qMhKi&*
zzX@f7(Fe8!35<dQK_9nBm1sW$g$W_Fu`Phei9;bwA}cB71^v%MF?^uq@=@Wz$5S?I
z3DySs99v&X*=An?&CHMKAq=%O&VJ^2=2z=VxvQ+shAMvLXi+Cl7Lt~w(ymcdRfosk
z_P@V9pR4Z&H=|Rdtw}oXyZ!eI@5gzy`6(%7NkqwPrAR@*Dx2^3T1XKV+LG6paUzwV
zQChY{gmmFZaU!7@N~&SQe>_rj2VS1y9+s3RT(g@8lY{SYs913KZTcYjSvij-Wrg+y
zQis~!)xDEQzv`xnC}~oup(rPRbm>k0|8;gB(N&Ss8TdY%U1GRDsD2ViAde)pl1VM3
z$kqu-KoJCRe&3N2!&}&e%8=@)rP2hsbhTx{AkYxN;*CiPl_aFtMd}!IN8d4i5HcaG
z#=%3{Xi+|{OGOGGDnN*b5LKcehiWI@=_in?zWkM%Ggp&ZVN@b)q*){@3=D%A$P}<)
zYbY_c&IKT-xG|=fB8dwT5J@1A2___>)`iu<WKuPn)kicySSU16qTxne?E-;1-fq#t
z?mN4aNW&dfAmwS$fs7`ZcbQp9NFxylq7R;@z1f|-aG<)Z<d1E+z@i$UDFu<Mz{3(+
zC{h}|R$vCI?$9lhNihnDD2TFEy3=??kdQT!^i;v9jooCqbZWtEs#f(()w3`N?Mo&S
z4jLTCf{{W(fkF(5Woogg$rCC8Wos~#Ni?x>aJ68nt!3D#D2q;JwJ}=2tjZR|P9cIE
zhb}jbNW>_aVUHpJ)>FZSs6xa|0gy1sDimf>QYqMuGm1#x4*>4;?Y;2rH=dZUPC*h?
zD^;>YB&bM@k<E$3C>2<(2$^sYmXfrJRLek{3_}B1(p8dG&1N$SImuFzhK7V`770<Q
zpBb{*f7}cY?7%Xc{SF^ueg{1uuc;Zr_zy2Q!1RN?#>mZnjy}_Oc59RNUuA>bDmW6N
zYimLIjQWTGV>nLldARP!T11jy`8<I8jh@|{Fuw-$NEk3tMFL2qgeId~RYhx26%{jW
zTDSi~i0)Nl2P`kU?i3Ox{f51YySp`mI8oFt@$l6Q-5sM&RlM8`5=6s<J--h=;J<+P
zu%Dy8NWJ;y7_`&(yO7Bsqhs!1A@82<(7Mq+TleR>{Ui+!tC@!&IEpBq)W^kPh@K60
zF29o`!$UQUAVd@o?RvF*R3QXXBbq+_9VYm_SlWBu-W~4x2tEUM^jJ(z>{H2y!60yu
zSQQ{gC~>8Tu4$rQ!MIYn-<_*gH-!Dt)QD%>7?ga#rf<Qx7V8}p(n@97_RAjIIxRZB
zGOc&W1A1sn_S)vIjEK8~{MZDQLi?G!SqrH9mv3EvZiqD^ue0sor4BZTAW+(NZx%1N
zT3c_AW{13nua!|8ssOo$_B6MOaaf{m>bmbC141>|qYzhp*7Lq*(kI_t3D-{*k%u27
zKSE7H%lRY9pE~E_-s;7?wfg=yD#Z>bsRzGFJ@jz^2_XnpVFwAzSB{v<7-FfUfmRiT
zmUe3qqInNIQEf|iwn-E?yh+I<op^{JRUz=Zv+5w~5VTx`!iXfak!EV?Zi~j-d)vRe
zMAKq~j)$Ed9N0Wa{4VL??iPqVBMX8^LD2=_;*@&FNzoJK9*2agZN65-XNR=6v(oym
z9&@IvVl%_Ex3kjsT<<lU)0=s>D`~Mi4FUoR$OSp^O)1#|CPRN5oR93@?Ar{KO<gy-
zUyg~-B<EJv?%=F=JIqn5Re+6F!@w_g%Wbe+!2HW?_3ypy^P^)f-U>R2HDppw=P}qD
zqU0O#qK5+q=F;rH4`%`l_Y4UUs8)m+!P)@?O@|LYIL=PwXG6oh0Dhg<a0GX+v~K}f
zy1ONUd`{6gwAq#FciE<^(Cd5)BZ|a3vrW)_OUJtdH)i{=Gu`odv(yKn1^~#BU<?Kt
z;P@=b4VYjs*rue>YtM6>wyzTOusB1KP1yWY4fnb+tE^15<O0tbN`fC?p>4HQiX(J4
zXDXVin5!TiyDGF<;GqpbJD+dAV|v!UG>)CTp{lxQTNDuSQ03`qF2~0#&Q!Lp#TaTw
zgIX9S0u=%$H>=xjH;J&iQ(_`+imqCOp0(mt9Rq+oPb89HG|@<sMuaBseX+MLjRD#e
zg+f?RWB1#-%gw?e%N@mVpJ7$c4$m7!I8n?PN>&pHl1%c^D|lsnW!ZVdlVFF#g&0^>
zQq>z7ohpQNJ=?D(-RF&%d`Ha{Mu99GS_%utm3_*x^C5@D2MQ?QC7&AKJGS#P$HHi{
z#go>l<z)wb+orD#n)fW%wXNzs^_=PBQu{?vX%$usD5k22u_->lsr3YSJ?Dp&mFv#r
zq0i~sU7^_}Hbxk3C1YyVO9X<zK-k5x5k`%B?PG-mLBocGG(>+xbZ*Y@`=8oN@3-#o
zJjhK~7;rpcpn{F;mIqRjK_vOVrpWX#<55CMME*&o-(BP540&B>sz!Bwef;_FwOS&8
zl1Uiv-<6sTZMPyZBuGoevOqNoBopEY@g)666}g$)y&LWOtDwC(jr~57LA$%^*1qjc
zyU(ZFO^ZAk5zEaKDuT|^C~b@jMvEQw;F0{O1{Zz9h|iw)BpVOVohqy+9IUAXEMblu
zNKgqSauVILgwGSoXrFwj9Cz_tKv=t?Gv5RrY9GER!*rn32gpJ`i?+T6p##1?`|Tcf
zY`aF^ICC|VJ>t~XLzl4L%WknrAwKRrHE|`0(ica3G;r#5hT6-qRh@m)Q4WC8EOp-&
z6q)x<AKDUdueKlG&GjVm%`vyssqiAfKxte2v}x3hpHSBD?f1L+@Zcub5a>5oN5YuW
zqwWw7SLLEkszYoeW{BGR@L}hVVF!-_B$E^nUl<I5wh0FgAG@GA5G$B)gEJUtfWyWf
z==Yv(=mm2WAXa}U+|(@vPq#!fUk(b2aTFD>C4^j&<>;7*YC0{ye*JO+eTi!=CXg&2
zCLe$%Pq#E`E$a_zXcIJ29*__q<}bd3gx>P;sV$-h$V3_o7`~VT3;HyYID!c(lW43;
zkc1&hQzA52lX4AlH#w!w$47RY9dx$kuE{H$$OX>s?93zlOgZ0yhny))vBLZ9ci6Pq
zs^Q-cfgT|wsVY`VQdFg1uYJ)fAyU&Yx<SZ_;L>d{t1gm%SQ^Euno$~og%Mgdgdrp$
z7cPW@<G1!0$KT&+tU|1yJfx+~+hir(j_`8YPGyj^j}bL=lm{ZI-<{62a(DNd4`op)
zkXcntQc*%OnnIPOXnpNp``y=lue@^q+d03E`;Tu5=T6X@DEuIZA|Q)WNo6S|C4N}X
z*B3~$`^6(l)f0j$sa8diO)^U0og{Cc-S!`Gy!*HF_isKM9=b>~iVeQyog%v8b?1D|
zXNN@Dm8V=yC*GPB{#3C8Qk7Op8HXcUmI^8HoZquV`|BtBba>SCGWYRENTF+_yQgrJ
zrDV5Bbm2lo1VI8uU))->t1{H*H`c><Ay9I>!XvpAt#VD)4&uSdu8tgz+=n<*bDA;4
zOL)POj-qgGk{!KSmU-%9ie+)|i4V0wMjrKH`ba?z{(5h{uZ^$k6AJ}DXv8r^LPXVC
zf>mIDCVD^T@5!QhK2wZ3cC#~|sV;-!BK{qfbiz&wo2O0Cy>{e<Iw2zY4amHtk0&Em
zXw+C+DulYE3xd=@E~xJflf$Y5?9Y6yCtRH73&-3Rm}aBADS_Ccd>wjE%j+%j-@eC@
zQQC6G+)a*GEz-GivB1XMxK}xX>#PzIE>s;m1ep<JGgVb6QyQqS;C}jd-TpXu`+kkx
zYuILdSl7ZOrr~t8(z;tNlwXPkmYnLG;LEgzQ&kMq#0rh{8<Mv!;ai@1vxIrXi)kr{
zBB@9ggr-4xkp0>xd9UOQ<UBGL@O_rO#OUCmo+t(Kc`}+le9zaP&w&0f@PcKm&8j6Q
zQdLn^RJ4+sN~#Y|^Yi!K-_^YKp=S)q-}X-Pa<}%p-Top7D!~#&K>~pZ8zKS-A^Uk3
zD-^R3=BD~LZW)}rDQzl`ATh1E6IC#f3Lw!3s!u#;)p*4D({=?z5rJnLJuev?i8se8
zkH;FPJKdLt2bD_7<&k8DA|xhS$}K4?73Agq!*w~{8J`-T>^=T99?Y#**KFE+`S$z2
zEtE{MR+5tVMe6R{<O8nkx!$$jH!GmWDU`?wQK$@oQEDDp>E(U2e&>w_pJtYAIhuy1
z77SB(8@z)l-jhLLH~fX}0SdRsK_>jz4e{sLeg1}|tx`>iDVZ2mnmx<y`ybcu&)?VE
z-uicD|F|bFwcNf|kN4vQL=g}~Ac)CnOA_C{{T$<h?swjByQE@A1h%3DRh%p)1dpTg
z*X@NJ=e88_?=V9f!t6E~y;cF0uTE$*Z~F9*&VG^+``tCoOGBWLHR~Q?{>V`#MF2-N
zB+BYwijheL%ci7Nh9<2liL#1fa4_0RwG*aPm9})YpT3%}ou6m>uKDg7-|F`2+3=u=
zA`nMpOW)Tv=)}9Z)12faO9FsM%*0GY`-Q4jws1>KrDDldPzqs5vf;DU9Vgo6fd6ie
zIHfX+mgEXNc$Rc3d7bmwbn%oSN9*z53qwl^mQaRK%E=)Vv^sVCKAGS3YgQCzmV4)!
z&irU1BtJ*!QC$>NBUE{cfgI+whAfEkSaSV#9&gVvc=wra+umW7eqqU`Yj`}GD123P
z04OIMRNMr<>RhtlH|qD&&`|To9ngEcQar5j$dTA8wn88%ylsL-6$)t#grGn)U~M=c
zak+^=va^N^Ni>T?9Es*)C^|x3RMR18qzs~_Ftx0*G+tRl0ip+h#+aleQoxEBO=vSS
z974>JIz%8WE`}sP5EMk@2L+i}jwdHwj(kA!;**V!1r$+os;Z=$WXXpGAtr=@90H09
zU{L5x<XIpUfeNr7q|9a<7UW<$h764(D#@T2Xj-E(^^#Mnr&o6YFsoakBxxaKg8{08
zg8(3sB|tk_C^pG(TW)dVXhLW!Sd8rD&W5HaB_<W2L=7OI8bUzZ5@5;(Qznp52^&s@
zSb_x^sX@>~2reyzDs~kVWhR1)NK-Pf4iFI!cmPkRjQR}Wn}56fu+!&dy~u7`bm=-G
z`hA*D6@g^)=7+iNZ$~8LJAwA#C+eH+CoiGKcP=Kh<Cm{nB-<f~6KtGhJ-JFs)d6nO
z6)>Vfae-!4ca{bQaAtUcl;*{Na^@#yW_rTh+r7U}7u~O#rnQQ#qkQ-Fu$(6+&*1mr
z_tw6-Fa^GYsgzG;u@#Xym6=z6US8i`e06sWD9!rtSt!@ZZ0>Um$X3Z+HqooDco^3H
zj!SJWGRo)E?|smA#QxHj-d!qgspga~YKhOc?V*6|$aKo8?BA78r3~nksh;Wk_4w}a
z^imnZeXGIR*XzCR8%mhcuI;$yUEX&+7uX$!eScIod(?+*Em)rPl1bRGA8ys!b#q1g
zf;TXlRxll?FLl_#@FJ5G?+a&rXi~Iw9R)c3fC+%$Iha5=1pI?t;Fa>xv2AvII?h*{
zq+;dD&R*8nYBzQp)w~ZR)Nxfvmhj@unjLk;(wX2<+yrqun{;!7wq$i{ZQ4SEHE8(g
z_JKH-hdO*H_#wlA6nkLrVuM4S0}CKSM&}KI2ix25suFdq-3Kg7rH8bS03cOWQgjp|
z^EZm6bhv0NEXS^v%XdXxb+J`c?y9!voVgZC$2G@&HZ|1{Tw~#PeXn2}!r9pwHI>ch
zf^tL%ix`3ujUsSx)vBtjQHUzdK`bI#r*~z`N-t&G6o%wYq{MQClXdsAtv2b+S=eDm
z9HywV(uQgh?P6-EYfHSg%b>bks=99Mvr;7<3OERC(LH0@8Y_utQ%Okh-Hj2UhQM^G
zqk%^=e<fYsV)QKN7ekaNVh;j@C_vF=23HRHimT0&dl^K+gM}1HLL`LIMHVM3jZxi=
za!6UCRD@0gYMd{9=8DV8I1`jS2tr(h;Wygt-QSKK(9TH>m{bWvAmZRy62vGA!MIPf
zb^B6{QA<tb8sV}wDG@j#j~W`uYO1Q*q06s!^!Yb>yw?6HR|PHz_Pmu;PO(G6X%s7c
zxp!Bp5fs`fNQj7>7?)z}pL{LMD10OAC`kR#$-szkhMkGF^(3olvYGCp-Jyr~uikxw
zovYC$-MTw`Qxt|Zg?ek4Np}0n%qA?N`)|6s`#MG3e^lSw@!j9P`{^V}FKw!|Qc^zE
z_6KfV-gJ&ZRz9)aNI@!v`0Wpd4g_G~)vANb59$;e=f6{3V$jSuykiQAgTz4Kt7S$j
zg31_ICL~x?pB&opS5-r+ptMotO1;+bqz#E}oS+>(GJWqlem`?j1X2VST^fW%D#Hea
zpon<#Kx;uAHD}F)X$OY7Cw^1IyM;804FrM`1KSu_He}i1@$Nn&ky(hG!H0_I6$$e@
zSyd6BkkHwSIdzUmfIK`+&>hMl>C!tA^KViYemD@wAR5%G@(8jfchx-dHfbm^BMgg2
zmTU-E=}bVu8)Sr(R*32wLc?xiU%mUb{E`(Q-@M}issds_S&ko(m=U1yv>{p6HH1h+
zKJ(M=2_5n%08zC05ke3J1xHr5wTBxZ09*|bD2atkT5|pN^{k<!c&ZnONNceoCX-V~
zMxX)}%}_(SP>Tj4{pmKe{p;0hFqNy4ICjA4J<e%=4Kh?(loV7-YN@Jes$&WfYy0=S
z`0vl$nuK+m=k0f!=gH68*S&LrCZFVJRHB+_sZv+PK@>%dL?Vzv2l&?Kd)YH@!)KSo
zH%2&cP|?2&9P(3|<hJsPwGp@i+v1>dU%qm4ck|pKMM*_fGNDj{wJB<Le*M3kpEX_R
z-!m`Vz5RG;teQ`eK}9hM`m++kG7sPklGLF^gcP(XmUjxD-3kj~w%FYo%~v?l)h0uc
zMC8_?-<E(pb4sb}E5r4%7&hbU>EEOFJ1@kx7G|1ebW*iaB$}88s?OPPxDbB;71>A&
zfrJF`+Vw2@-EhCn{Q8DZC0`!#-++FEGGs(V{kY${qFhdGvoS*+Z3M~)HbZH|gqn#^
zLYn2LlIo!O<Et$)y266p(r;;5$q6;Re*Iq-s=iJB80A$7BUB9(qKL(m!CI+M_cf~R
zRX@!JxA*g|Q@R~)ZmWnd<M%WW{E<ogkJQwWN~d+#dsV|?LkSml?P#?Kf#*5p6#SJ%
z2N!mS6cogYdr3js>b~PaVrzTE!n;Lq<{x}>SJA<~=nsB>hp7A&7NsGX%*;>U$@Fyn
z-u#AhUwyTDsB)ee*Ei1jq{#GlzARMwrBp|EI_2|Mj21Lz#?iEGq$C9E#V~jDfM2*4
zp88p8=B>A6I`qW1jvFlk4BQv1ZpI#(!vkk#2w-Elc!D1D&wY2{_Y$f?RW(IGlB$oW
z(V|`&`WW(e4E>7zw+C|)YOBMCkG8Mh&PR7gMftViO-4{g$OIyZL-C>npn*ouLoH5<
zJNE37;uIwDlpQriRRLZklfLgC*gvY%+t*sURr|d*nIvM0Ac<nAc<(!}v$<RQ`t*J5
zG-|tfp7-iM2#s6S31|$Lt#@~GkYJF=jEy|?QYR5Bx_&Iau*BAZ)&&;o$5>o*I8{9H
z`;C+8vYVGY6Vu`mf{2V&J-hr*_5S!U?)fnMd~E&I_TRbi?|pr3tI-6Xb;+_M#x+Q=
zh(<kdVD|5#)8oHHvD`>RkY*qOyDfuM&~%{t>B+9_I#bu;EL9X#K~WYcv!`}%{d~}V
zx%T<~)rakGnWymy{35ELWR!|AiV6bB5d{kQnm6<++3E`oLj3nd8tU4zfTEqtPAj2P
zIi1ewQ0+Yu5Q4?uH=nQi{eNdLKK{%d^L<Cw5cooWLl*hEq`A;qiqD^qSDo;$UzWY#
z%pY|=3u_E2g5Z=SPq3iI52%TVf(h(~sHdN27m!U|)~v??jbjn0(Ro@3z;H=RW;6s#
z12v|K!%<=>X#`e?G*t_Zg8*hi3IRZIVes>`oaKCrrQUH8X?ouI#}-_X5Q8aH+-xKf
z0=VIa5x^`#l5#X7NZ<k>lNAOFsnBi^z)2ecYzT>u1+9R{faO_SK~Qi9AWVWw3_(Nz
z5Y0fWK!i=ef_T_ML1iN$WmzkfQUD}lik!$nZRTQBwS)^4)>vjH6j)winUzvgB^8z$
zQm}WTp7!<I&1jt{m`G5J1CdNsY0Ls(iis0Spz6$GaZ<!J7PVN)z}S(rO*mkHS0v<F
z6;%p!P=qTkSfDBWzpinBJH9?o1DARE`r0|$9>^FquWdn{TL#hwuwbZwemljlx43<|
zrt1@#*=4ubLKjB-*Z>EVBVldm)m4>-mP)%Mk~}?K=U%kokT*^4kEhv#Gfahg^z!$4
zKr2XDS3AC5=dgQBDCB|*0^r*u{8Wgb7HPs{s($mkd${E3GWg^YeZCz=>>_?=uyM=J
z4w_3sx_2+_97OB3gtTgo>WfUSq<=Zu79X2Rma58YzORXqoMR{wa-q!csUl4(A`YS|
zhh<$FL|Qz1x+m3LC)egt%Qy6xkp!CcN}y=>Z%s$&gPTO{CWijlAxj8}0z(}A!rN5*
z+xh#%p?QywMRK_IeYgnkn;3L5>`$HG(Fr?l*_rQyhhuxD#&1nonQ+^*g(*^~=+nNa
z?Vj^u>s@#EzenBmmd=P%8B2$)?p-za&gT7Vaf_i@R1dn%RlA@_E3E7IT|-xSJklvG
zUpJ?r+B{V$cE)8&N|X1;!>Oq2UVxn}5Ms7MPvVO=OhuAO2_SzgM=#B!i8-fTZlK9g
z50%l2D&nmmo~U>nHO+Q+eB_!i-fr+P*Ki>4Na1X<LP@aO6|7{)q}N97?(S9_6`4nM
zp-1ZY(r52q-%h3r`vuB-2K+Ad)q{rxSJi@qxs%|!msON65Q3oA-qs^`L*jet`PwOM
zZ`pc{R&UoR>3>g~J(gcR#|~!`hiBGyx9_dd)A!$e+3d3W)_db86A!<2{0i#Ft)z`i
zBnRvSW)KiS88VBe{vT6Ijr+9k)m6`XeAjU}<5VfP<?_@5)9Suy=HmFocFCSzA&c^i
zcA>m}fpd^W0`sG|@RMoMd%*Z@P|_S)jk?&FnYI+F5>f0f4tfxxr>Y-4_EoSj{Ct^F
zcyL&_Q1eG$gTH2kJSu>X4g?|5kAn(!_udPq&1=-19MZ%+1p&`HJQSYL&K7Gcjf+?7
ztEZB(8@gyCS9NwI=icp|soA+Cig%u9tLwb)Bp|uyC|HnaLOPi<IYGn6z>(wOHgN5O
z(6;qd1|ovmRO}gM1P6Xy+ymKWOR4G*l1VHCi9jUMO}3L{2KF@E7^5wh!!rm#9LS?;
z?t;jx5JVF7zWaR3*7v>iB+)=JP5a*V0YLc|J7iruD>IY9jp-zk1rkI65HaDZ@E8U3
z*#|8;bs&i4*SYJ<3!Aq{fdmrJkpbY!5CxO@`27-fnek!C!m&~AmaGKSgwbz3?e}wA
zy>EHZlm|p74)VE|c$t$?Cv{awmGN9N6=i%n^T~PZN~`Q1cbCV6-fH!%Az~<{P^}GJ
zEr!ss0TRIh<`%+R>$lsYn=a}CGI0Py96{_M1T!!YMrJQ=-A2o36A>s8%Yz{{vJi?P
zW)!!~7~IB5I6R73oy_a??t^v5-ONNu5Ck*gPBKftwNJaf-rLi;zW1}nB7i{9WF-g=
zLP{i%n5xv^ju6Q>Kp+r6{DS<q^?OdfQOA?J@9RoG1rn=-9WTkjP$eC~-2Y)k#!3Z(
zWCg;*jktk?6x?Jei?+%?vb)msoW65@G$ow)`8Zkj9u62j96k(o4iSb3>luAmELc>y
z)5@B@mm%-7=*K|4!Pvh9Q+E!u8AZU{pIc$v?)Iu%^N-HFwGtw#+FGB_Jn(R%<5#3z
zHfa`T#^$AZqe0eqUSC?QyIGHMeCD?Pi|+2__uoe(%+1}!xgmYmN9={tNbvZ4t3$tF
zW8nJUdj^i)B0Ugb!6^@ghxfkWTrpQ=-ckz)MG1q|NsujJlnH{lL=J#b1Q3Zh3IRFi
z#u^eq4QVz**&vNF+7jy1AgH6sSDNSFUZLLfv^!Z^?|bD_9eLGBndp6j=;lb7BfFAV
zbqb;_P__BLeE&o>Dn~k)4v#S8-@KoXb|Zlv1zcUrH0~Yz(IBFaB@m2+PJIv%S_g=L
zK!mVD5df5NE`1PmZ<>J%z0Cp>l*maH#NPUiqe?niF>s5`O-T!hjYc$H7#d_SX(mu<
z5>GX{))Tl>+(M{ODC8AHlrrF=25A*S96;O!Nxt@I-8yg(f++jNx>^QI4)|5*!Uhr{
z!V<ed5JqlEBWgpIH)_m9*;ta*B2A$kNsIH3P-y86Rj!<{L!~q)&^n_;GCN}xP-Ol2
zEca1<EgKsZlNu^8S~Vt38jV<s0>d$pz5frt9{Z;Gns@Hq_KW&*K%bOG3X(+#sTBZ8
zTjhsfyfyx;h1YD%=W}RtwPypx)=*b(Q}4wb^|F5|h=`z!QHrcaFxF|^^M7VmkK8jo
z-nSVl0C-6W2$3Nb_q;jK@6yK8A=T5Yy0Iu@U1gLsLg3kCSY~s2^RoQetnvr)#ww_&
z#D;6Nv%JSLt2LU<2Wq|hpJf`d0r*5jRfq@F58ugjI=WjsYV!hzFtfOstSZozPDFSF
z19c?LSlCq>!jv(Eq1Sv)`tk3ID`DuWj75qo5k!aD{?{Gl^D8~7N_W1F4ruRH%BkrX
zNHP#o(AzDeZ>IV*%kY{c4TqZy$*A(U(Qv0XZ(GtE1YCE=dP_BybR9IpyoIpqyz{+x
ztzka?FRxzaSgMUhGg&Q3P-xM%jRjO#Hm}d0ua56`-)je^-D|&7don_JVjzA-1XU3Q
zgceA$K~WM4C~qv6eQq8X)C&tG>t0_*$J49P=7X|4cR@#Xae?1+uD+_~|B1aK<o;4D
z1qC9Pc6VjF$;WlY-piu6^v(o)5=j^j39B9#6a>q1217-MHqok0oKR;%R|0KH&4-%q
z^k(>Cd)&b9;MYU&q(v22sKrJiC@80YcQv^8;|#-B?(n{*j+byG{0OKjtP&HIy}4y>
zph><GkA2hT2O?lm#~~;?g*Qp7!&kmFsr7FDU{pCL^hOI6mClxYQ|!#|_ch}R`_*oa
zk{=9*<W*u3VU$CLsE1883}k)zVR9G`-6%DbXK%lL?m6}QUjANh4PS=A17xE#P=YZ5
zR1sA>&&RC&q1PGSR()69a3nt}iU_a~6(aycehzo`q}5a!Y0XD>*(eek(5n+b1^aoA
zumAv27TNfSD-=Oh0jJeXKA(&3Yr2=N^Pj6{?*LE2qQqDrMs)6BfmcOU=9CR*sC8qg
z_H}KCQ0X23;M9DD&G<0DvH&{&5Qwb)5=OYjLQW@%r3w%|;_ng(_PAe8_q87PAjhN}
zAdS6FH+Nq7B`U}#cXm8`x@HUjM=OdzL?8l~AsP^30NQ{+utqVKf`B}t<#JJGM1_M2
z5QYI5Pzj<_ND7!?91c*d8DhW-4S>r@kYo%3A&&_FS!@6(7E(l_z|j%4V1QX<1Q-et
zWN1c27{RW=fnYe53}|Fg1PvKRS%r|*<$)@C<9c{{Q0^_{K9(oWgL~rv)vU-P33|J_
zvsIB2%fmAgX&AuKsvSm*%*ixq)mxO5h6ybyq?C+s(Wua_M%uPmqasczB^GkxT;vr3
zsF1SBQcIGEq=>n9GNd}{Zo8vdgk5T~M3q+e>*Ici^}Ju#&(GN0K%rW!Y7bOnM%<8Z
zRWW;2a)BjSlV;13lV%>Ltsi^<XLOBD06naVA_C0G>wyn%S%bp?OkEyu46A+M*K6u4
zMQO}kU0M%;4pAvm%q6$noXL0ZCts$8vs&d<TPq*h{>7FC-x*r+{;XZ7Wfr$-Z#FpP
zXV-pgKeMpM9QgKjubf{~h3?(iJ9jHG=r66trq<nj<>muz-lS=DR}p=sW?9wta5L-;
z0urEV=q_`kzpdvf)9uV%j?m7n`t_;xYb$W((8nFlu8+~K^q%|Y_s8>uBW-8P7<iC|
z#Ni_=1nL`$cUMRBnl`&j;E79cDNLUGa9|_nK`cgOS+!1uo$TyaK@_p$*?xdQ5M+R|
zX{L(0*qPJo?@FB4Ih@Qj-)3O;=v8`D;f5KWf+e)`G<JJ3OjtFn=-qd=aAggnm~Q*C
zc3)OPL3vg#>Yoy*X027J`yJTORVi}=6#PYyvdDvk(1*i;qi&GQX8YaF$vzmy5&-b2
z+RZKa3#e;3@J5Yn-yEy%4oEJqELg=wuBkGpU0#f;DqJWl8|vW{J`@H9^;gx<ax6fC
z#UK%2F{4GUNe>MSM^OnVW_Q=TZ!<z64TWrEfw904LaAsJMP%=F%I^2fcdhGO<mm82
zLPTP{5|F}HW))Ugh=@7mJ?p!%-PA24f!Tu6a3BD#S6X?i)}g!hR%T&hh{0c}cPiGw
z1zD}~+q>bek9noAK~+Y4G^vFYbgg}zTfBjQf+4sRZpv5UgsKokt=`=(OGqQIAcl7$
zmSPhG0frU**VfA|$)O@iB$66Hq!9<O0DwdkQS}&=NnQ{wQfQUkjbuCaUTfKvdfsh>
zRfkoDJ65Qqdk2b^F&o>s?zs$mYbCO4SB``ZfQ*Smpb{jm@HeWr9CB8vsu99TMC(fm
zz=01CC<baP0|Q^?ZF1c@(y>+|2q48^f(ch!-fMa<cdhGNqD2RF79&hkwN%m-%d)Q1
z=jq$!Y}>FQ10d)egNZcXfrLVeh!=r)McX1k!lRVsApH*nI=t@>pTCpy>XaAXPB2qW
z^j+D1P#}|Qux1ff4PS+;4|_M0%#U?fB)(Smwokk7q|D9Sy~9~j9V341baQhvUtiGt
zSI_F9!?;2A1)(ul=7XUKzh){Y;J*7Wef!A0{8xQ<K2!4U(jCUYgW(X82ELlkltCom
zPk&x|@iYdICbYmHf{;Lr`OWR{<S&q90!ZYTEvS-6l1qF$w4B;U4Q1K_=6di`8WZZG
ztF9&`cbx9?bR`Kw>+7+3+P(ej3=u_F=T%oK?0LOy(>={#7!pgbb=rw1QUu~iYD3``
zc;#pnRBE?b-?nKc(BfURDaxU4s6|2kiUlx<9tq=F#MTt!@E0k15j2CSq;UdbPJ$W<
zlxu`BAjO+mb)kz5(^k*Jb%d7|^_b9tVJ349(1{8N$hC?pbSV=gw>yO!Yh-c6aB&tP
z4UocMNsB}nup?e7{C9LVG$JCyMzUo0zTJz*zGlN55_5iWPpF(IBep6jdR0m-4=7+p
zkSVQXO!FObHEQLW)2Bz!o#C!5{IV*7#ft+-U*b$doKXD0lgE}mp1r4GiWYtEczyy%
zK_Cn(+8`>GS94b5d3AI>Lw<J>&HF6oWtVr0XNur8G=D*4QB+Y~`S<mIH4hyte(Hx4
zy}yoVJ{be@gd##jETqC5DnzcJ`z<HAV_j7Ia*qt0<rBQtZ<WgT?tH_i;Yg^(Mj)Vq
zilTywu@!aRbK0#w)x!V2!pgU&-7`7poY%cjllT>4AjOc3K=n3x)1viEjX*fuX*)Ql
zJl8!HFGFS07LlyqURRiE&iR6MrGyiZ^+pU-ScbWIv-_W4*@t#~b5A?dR%_kyvoC-{
z@+gA{GjRI7lpQ7Ad$t-Oo!jq}m@tQrg_d{brX~kS+*63@4lw?RAd5e>mwRgeyY?1u
zJXbrbchb1sVlQL}L3hcw4P6`@UadCi3JG^X3x^8)8v4U!AA9eneZ1N5eo+-7iXrzi
zzP`jnqji4Du2mYCfe(dMj3CVkt`!5H!1DXb2qx-L&ta0VrMNZ4S4RMVM!2nEd-CFM
zTFJHYBo#<%BWX4?V8#fvP>KSq1MOC|E1$RfD>jm&&wcAR%EU)wVFUDI5<y7>84c9L
zIQNuy3WZe-Fz+=D1{JF}00WYVqn`2i+5)@unV|fTSrG+<Q@q~({dcRPj}N(5l@p|s
z@<c)m(XCt-PB6~U?5id2hth=<tm~7$yFK0E&YurRLNY~EMGlWmd;0If>dczImZp8%
zD?Yx?nk%|UPr{-g6|M$Dpvgy!u;M+(-MX;X6l+wn=Q54pUb-!?<GyM&*uq0MC-9=h
z1^3$7&i?)@<EKiiv+SdoVj<%Q#0_y9W9;e99ceq@1X~VhqE&vdv%gJXO^7MkyUkH4
zeyCX=*F`jgQN#6SqDqboHDzMKm8;W{L91*mF>d2>q*W;~QeG}tvCw1!G9`it*g!nY
z37G<DSzZHHQyQ}y#RnZ(2J+zDvcjW?BPAykP#_u-5e6r4yvCCv2|{R)4rMV4SaC4W
z2?dV;B?)MtW2GbkQi2v{C>S&|GLk_C$}OOR1<10Ac*~Db9o~6v&P$tfi^IAi5eVWG
zOqgIG2NXzCl9VveoHnv@39VHLVuhwiAen`%EnN*_;jE9n?}9${-WPNOML}%7FGl26
z_t(!h=XagR-d)YxD!QP8BNBn7*eD@U(QOFBsTVF0A<jihO0olpiz2L~+7MO3>2!e6
zH0X5TsiwgSrKwUZECq&?WQB5tG!+CSj8LeEy+p`~xx1i`6IrV>J~q9dnhK?<h$nXF
zwd(10abm^@h)^YjFNRs^zCBNDS_iq}b*nnFTCfHCu##J)u2)ceH~_ESmOKIm_uaMB
z`UQmNz=XV?dS&|j0Q=PQQ!cz1H6J0B`a5cUGWL+#tm{MsTeY1iT%lEO<S`U4aAn`b
z<5yy#yHu{}BY>1eOTt`wZ%=fjs}P0#7QT=}e2Tsu-lO5YnS+9>P@Q|>je4d`z54d(
zb#crUL_#g>$6}Y*yQ8xP=2hug@!j}#Mkd}2l1$P@5l4^2P`j~TAF8Z<x0sFnB-pq~
zLlVQaK{YTv<L$vIp$^@3$4Bbl5J<ecuCgC$TB*pkG@3E#$YCB>T6&vrd42m|GqdBs
znGbY^Yuf(^AvM{{U&(PhMp-HySFGtt+BxpPj}Nu@UhbV<!2HAby+yt`a?t3rM{WzT
z4{jv>uD`jTvfNUNIwno4`y^f4t2ky!_Ux8ToTWC!8vE$SI;BmEW$qAtW~c&4C*7M<
zA9bSODT0hDXk*&h@%vuy=^FSI$zuKWDjnCihBFuzsa#E;IGf4aq*dB&F!-o~!b$Q#
z&39V9fr>AlnXJS48q6iE?WNu3IWMSIkcqxuHvW<;G&GwYt;4PAOZ5%}IYwA<u&JUo
z$9ZpWw$g9kcJ1_vaW{39K996se}nEpfMn5rs;_1I!P8+_6cCb<B81vJzC53C_U+*j
zCr*|y&W?T`G<cq?pHf%8f4@-rMyp4{>W!1iy8hB>{eOL;`bMjKx5A0}Il{V{=NENL
zNeKo5MnDjOAVI^JZ~@9v+75<+y)UN;^BSx7>W9MfJEQ7iX^wVXl&V35FipjF@3S52
zx4~Q1m$z#L>w_393tH_j1@C(6G8#BTd+fP+fdy0y&bSK8x*em4NLZoIX9|!u;80+`
zp#bZJdjXfB;x1lG#*cddKxVh~zdZv9%kUC}q5{1rrp;<l?Yi#Wt`u83<wO=$>{KdV
z#-2LwQy_X3+<f<J40!<N>>4_6u1A1eBn(n%sMVTVH;<#nuexP2VGcm<!Kw<OWSBBo
z6attDVKnc*XLYK(46Rsf(LsvI(8zQUNWldN8p&*`Rjmw@t$SA%o6I>T%mlj7(<p4K
zV?~G=4iJR}jNN<P>%HFhy@tzcDZ7O$4JwEydRZmA8ls7T9s9Recf0l5cXsfU6d-UW
z%npD<MFzR*YKc!#LYgo;4xJz-j0+)L#!;bdaxBmy;e1W=yUVG0X2Vpwl&BjMl4z`2
zBo1h3Aq*vn-e-BvUO4Z2-$ITM0?wQ$p`}e4Gz7B`O?L~n-30KGbV<U3gfu4j*!ny+
zH+VSu+EfULB9|H@^$gJhZ@2ApHFvF1vH>wzbgEYBRYR490wtEvDiK%;kw^ffAc{oj
z&{zUkK~gEL6J2x8^}OA0Ti*Z(bOeMD5<*uN!od4G3YB6C;RFlszW0*vG$W!8%Gn`B
z5{e56EDP?RvhK4eEi@X^-3U<0VG1c2B>-^GwAoggMLGzDabY3D01RM>VA)^IEkHPx
z)&`Pr4fx~zm)gyG$!yJgzjJVh5!%6_M55APK;|t`myS1zn*(_xiZvUy6>P1N?Zs_&
zR*|+hgd`Y#_w&8J@P`L}UupU;fM8H#gd7Ob0T?xl;7%H`l|JS23+lw?bafZQzCx<L
z%=>pJW?AaH7qlw<WYw-Uwo7f2Hs7p?9SJ13gjiCoUESSXsaEfA&zSdoD@!GOPfBz(
zRT1snjI36gJiC;B{P@ew+nZbV^mn@clXrgm@4k{|ZaPSrlk0MUcFh&_{qxM+Ib;#R
z0Q;rRz=eQ!?jD3wIgh~vG5Baf{o6tpe{*Wz+v`xXWHhG5u+u>Vef=?mMI%xqWjV(P
zp#e?_P+xcR-P|7{ek1Gy8WN<FIfqw>la{blV3vbSf!Hu|4BGzp+oQR@=I}q2Adi-1
zFPV8s?=hkM-OF<tLp1X`1TwX{-@N+d%Bnr+5WDM*o~+E1L>ZAnFL-wb`5YQ!OE3!%
z!GYv!_cJ-}oq!p>@~WwIpq{-NyZU!z>n9kT`iV^TNK3v6*~Vg8RW&o>w*ont?&igH
z1@F2Jy1Oo{-BE%kd7-gTt_j780dW-G_aR^<MNJr9yYG`*s)qm<vXyv%$gd<EC@B*1
z!qj1Vu=9&719niQ>vpdY47vo=6_7@?fCipMzW#0u+vCtglF7}{8#vs4qRddREDp;E
z(V0fQ%^^e%2x9FFE;SO?U0K{PUD8Ajw<Ma<Y~-&%5)a<j2L;a;fCvVa1cb{{!GDA7
z%;B6UC1907JM_im$cHqVDVzBXAHd+$FKv3?DmJoMHa4V!ktjrA1y~A6{hsOfzVW<u
z=|+P)K9yCW4;c_7Bx4jvNJb&?&u0@>uXNMJS4Aapd4gX}8a9+yM@fmsW@lmhdNkI9
z^Za6~6ct1GuNwC?)AmxCTXTOJm95kFH_mT7d<Y^4BB~+`i%g61+(@M$BLR>-ODo)?
z+p)IGFtzSHkPUSx_f(gsz5b(os)vW3{^@<(Kb8o<QB*|`iy>co>f_Bf?P59Ca<)|7
z>*oRKza)vOPr}G+2_iOo<>WzyReeE%9PL2W>cZImHv9l<_DS?aL0GMKJ}l#>E&0RW
zjys*vvomMEi_ZB~^$~`Wl-iblG?0{rNi8+K)qE?vy)Peq+G_T<b)I+_;Sv-ZmF;?a
zJb^TC)4(JoVX$gUWX7PeQLE3-dHeCPTVZ#Gb$dbxS4$4}wu=q;czzH8D2f6h79${s
z_k3K{46k)6EX7L9Y%QpJGL1W)S4r%WNWpm3Q6+oa@=^VpuaA6Rct-2bGVjnoM3Sr3
zM7;h02a490aCZ$lrb=~{VF{~Mu!HgQ?DtR3zcJ_EUZx>UkR(laH>x|I-tl>(Lzr&A
zVVuH~mEsWmD+UNb1no+iD9&r^J@w6oZiCvDeytikTCQ~O-k+lwF$EDnYfm2i&3#<?
zK4!OikUud*j0SUs6hOE>uvuOT_o?2ZqLj%Wb(brW6md=mtRV=pF$OXTlV~gw*UjhE
z>)*z3)v*0(qm^8@PTM!jup#<HVyMN00x*J+G{$gh#`8t5arfLQur_<PLuhJiTAyde
zjMH9_h`>+}G7<{_3P==%0)l)W(TWP^@qXVtw&=sW4o`vRsFHp~6p@8QpPAq4CRb{7
zLFSL3hD&H1^@Z{0j0@KaY5ovDk)b73;t}9>2*n8kQh2~np$J0^jpHD&vfF`$TfnMd
zla@rqjU<=?G|WUS!YZU93ke2egfar*cJgR*@1@4__i#&ho!)T5XK#D5aV~J4h{q9a
zz~iGWw~<A%<%Coi3<g079F4pU*aQMw2?7aLWoC<nfN4VDS1{thtOf;?s%BU{joc8U
zk3HMF$;v0ZJREn4-aZKWd82cjqUAJZMPSsT*?7XQ5vwK3S59KW?pa||451QU1Bek6
zf(DcgNq{PBa~%Z-U{dc5Wuc@-mWqlgqFsfQWtT9>;Bw(`Q91^Z(FUVCKo)YE2S~CZ
zO4|xEGRQ3qSZy<mTWN+EQ6OQ}fo!@=<-#IXs!|}D)@oZ(Qi{<ux+POOA}ogi0e=|G
z13!|mdc6L4?~v{_8Fu}=h0?S`aRsdap@Pa6o;axW?WgZk=DyLUGc{F#s{=2YdJUq5
zMIi!3Nt7HQ0cco{7fG{Dp&+s(go1^HiB^E)t||#pT8)wF2pLoZsG&j-MUYd7f?d#=
zZ9?gJRP~&FTrUQpK`h!RUe?*FU#DdJnAx+p==J>=GMmmGxm$ZVYRC`1(~okpa?abW
zMN+$yv3%_PPj&r1`o426>Vm(Pb$wd;y^F|Ry16SI{U(}NfwT7hbIOT7c?x_^-uJ~$
zm4AIuc4oMzEXiWA@RinYkKNx~M^vFypzpW7ufEKxm-edex!+io@$AM-^ZUJOmq%8E
zRrt~wM9oW2d|}&8zSlmINM;KuH&1A&EAObvvu4H%uDZOY?^l;p<>hMdMPLUYBossd
zKuAQ9g2ES3`ss3t=IGCRhc%<U`&-n*rZ1$SyH~j#bG+f3Oe13Vnz&6yXRYDw`(MVS
zUi65OX!fn}=B-Tq$%w@+;71YECWtIL61h4H0wH4*LlwdKjUDJ9tr!;pZh{XUuI}no
z8JCj+G{oir_kcA-W{&iGkV0B}ZPzjtZwz-?Cix#QAul1T%E7O#-(?fe4#{*I+QWv-
z&m7&HJDazaU6&$2BLoP@)n=s{ZG6{jkr&3h$=2`{vL6&l0>eG^wpCT#sLNf+pew^B
z8}4&H-At_B_p_ur0YSl43!3HSq|gumJ^?}rcmVu>-Tkly9JCI*`)?5wlInoaKqJ5a
zLi^s|+aq%690mo0WzSzys;Dp_fhaCb3_@TfYi&{+kceQSA|o+ba0Hldy2E#Oj$y#^
zDyf1UlJ8Ac1=`hIT8M}uAc+FRFat1Wk8{g*(P6<NY@sTLgbE12Cr+zV>-MYelxAk8
zVzY}2Mz+5Dz1P*N)@s6}kWh=Cfsd<($ZA*)1VQ0|_UI1pU$jcH%dn&f;0Rp_#xMv1
z1o;*2-#1NOSXjeKf^Mps*nCi6F!SA@(_#V|qCnuH4u6O7Z|{7<pKmYazg%bUKZ#9#
z-OysxS}h>jLz#Z*A8#5v<o?Z+lAnF_lQVJB3TM}PZQJh4aqjcKzM+T^!0jkOk7&8J
zWD>yDFW&7K7&qz{?6P0qMVzl5@@NW<8vYgrbmIqz4|C+f@dH?7JAL;6G;b_bE?9){
z`9Tr`@eS`zBHBM{l7tXzK8j8KyQLAmEQORaC&*xzuFzG|s>)^IMrV1=+IV5ad34=e
zq0=ZMlwp49?%Hovgf<XFX0J-P<OX|7rNv+1XM6JMiWCG-ADpm+93CrXwEih|uo#5K
zr2FsP&2$pvk?svHWltGPXlqT}nIbx-3?D552GAPJbAiY<{r2GRb@n0;s=hKca)W{z
za}Z=i1rgze{bYZ?euI7Vm>}_}RuoOS@98mr1E_=^z>g}>4SNlk?{w7|QLxYKRYXx@
zD+LinjAF#w@tWn;=>E&D^Fv1exx*~!-(NMANogd#aWuwCWt1!xd!nI#s5p~@Rp6H)
zspy)kD>Q}mhE-AC{-f16U+s8L(~7EysId{4b?(fE-pF5!zfPRz3EmW$hk%(NR+7yI
zj9Y!~qE!<hv5E@`%IvdUs30>zhNKFzu&3`1t#om`hc<cFkg)gDrIC<WK?pHgD7H4y
zjZn-`k-cZD_E){Rzq6;!cxZS~d<cLj#DrUZb!bUVwumHZN-}qK@##87z`5vM&P)n8
z!lxJUh~co`G!|)&cu`!Ho*nM`P%6Mh<H88Yu~tMuVX)uo@m%{~n>lqKbu@Eze6PE&
zfg$=TD37XsdLh_|U*P`6@O!kNU@(FgOSxhk(&+Lo8_4@d>dqR@elUW7pol7p^YQ)7
zxxAXs+8ugdA+Bx8=nxKmU?UL{5I4(A61*<Qu54{L5|}`XstN~wXuN|1)Kr>aY~5cz
zYr6`GN6ILIqAH3h5LH$EhB~_LcDwq-(ZgQ+_?@j@K);AV5&|Rvf%sU6phbYN58(j(
ze9Nn{ocqVOCXH@`wmXBD?8kv%K{>*Z&cWqzhJ>^Z<zR@IHVG$t_}B1N%r54$Uxvj%
zXlb@ART?Oy(X^T@R+$ztWZI1=ckKK>%=_(V*VyY}hraRWyY}x#i$5rARHoK7n<E)~
z`JOXNOXLQ#Ez}Z-FSHZ{2nJ=Q*wzKZznxx?n0xlhx(e@a`=WxdMk^91Dl8IrT3yxt
z=AZA6yH~yalibc~2jEnSDgqpYsXhZ`6cVVYeDK2|V0h3_7dbBXg&2kjo7Ko-a0@7&
zsey8AVay85DhD`q4t=}wcC~<Oa=t%2i!qFllM^YCch8?UFO6s}NnYPdFWNV~JN(bl
zRAQ?b#P;rN=^}N5VL@)JB|zIzg!Wcssu*`>5wa+S0Z`v=$qj#Wz{%t`R*o<<8k3;S
zA@=?HkLmoNs)`~>1eN#@M`0s5ixdy&QN{DM?0Z$4ldDR32_qOpjx1tdZMH4ZNqVrb
z^|Hx&U=$2Ks8qB$urPspbl5m3_rqHxAHiWKD{P|RQ5B7=P_HRr7+PXR3BqI|1|T6M
z4N!-G<#otW%4<}nfG9jf!66xNfM8cM9A(i}cPOk(uv0^(Sc0xq5t_VZf&o-`1hk5T
z7aV3LMlw(^Mj^<eLKct+K#2{YtzwW!k}(Qb3rP{ou(APGm|mSI#>~1vs?5S>in$vk
zqe-D-u`x)Dw8A8)WkO7hytqySk_MB4(T-y(N*g%~f=J7%`+JjPHGAIq;E#<udAMX(
zFOP(5O%y4s)WR6$lvZP9RuaIKC@;H@FMRL<^SJY|2A)Bh$Wka!IW161qU0PQTM|h)
z0)dc7h)HS?ktl*=L~NK$5HTX=keLTi(yX(Asab+oStS;toU@lhQ9`I{1s?*SqKEi@
zKtL6D$ij(csH0?}q_mq;Ha60cOv)6R!dfg$v1GF(G$9hCOCm*0WT4eeHKmP=t(sG4
zv9w4P6D>l^A!Za1%?wISBxr(@Cdg%JF-(&pq$Q%pl+6OvOrvTjtWmZ#M%dQIH5(cv
z$+09N7)g?BsX(PEs6r5k0x1-X0ECihfg4e=tp+i)2}3keYGtU=t)psF281>+%4Euu
zVhTnSm^4}gB54|vV<wd$l!_%96-1O<GOUOwXr_Y6LQ@c?RLTt4Nra5RNsR`Ifh~+!
z%%Y95L`70mSlTryXtv2l%7$4qgtA0NO%{_?7J#Egqe-euQLRB6Orn`>0ZJsGW=7E3
z(N?2VZ3#(OEf}$>H3};x17h1vqS+Z*MVe_935v2|g|L<^nrtR$!bMEV5;6%;%2>8Z
z1f~ihv?Q8j!J11NSwRw5tl5&vSW|5*nHozpl1Y+msU<0FhDkLg38c}fO{CjNnXHmi
zX|ZNmtji>mNm-i3vP&x}X&~CkrdusCnl>!5O=y!=md4GqBNAH}qSj2(k}_npn^=Mi
zV;M^pO+^Hl(rqQQQJ|=VEX}b=u?EFuENV7{&_;tuCZc6VO-Uf^{mU!y{rd3T8h>*$
zt=_-XD_qxitjX=OMIfE99!#zod7Td8Mi%AP)mhC0Ge+oVUfXprl&_6w%(EIm9dkTy
zrb=7{SRs3@51l$3Ra~l$+t!~qsB7u1rZgsg>Ujr9zaO}wj1I>SzQ1<y-67C^ZUIyt
zW}O7pjq15lVX`QKkVKM}d{M%AaH#Zo#HrGsboUL6eFan;%hvAT5<IxeAi)W)!C`O+
z?!j$v7&I5xV1sLL*Wel?L4vysg9Vqt0)&v{yve!e{p-H<-dq1)tEXz$u3g{W-CbQ(
zJ*%ts_g9+J*Lddf3E08hmOMC!I1ZW>%2e(HfUR3l9A&l3Edgx{I=Q5%ge7<H?KTOz
z^jLWROfH;tC$@!B;<O|WAI7bQ=ZNS0;<RzJ$;zTI-ylD})o*al*3tjV9qN_l7J9rb
zK><O*s(g5%Iet=?1T20ci6MAuvVOk>>_|5S0`WFLI_?5IsL`uAqn(D#40VJyPkrZE
z92SYnL<_N%D7u3orzxun@z}wMo|hB)GVOSs(FWZZ(U<*~0xqLb-)OJo^y)6F@JlZf
z-dai4`cBf+{30gyVXHwCLPwlYE6K*!P8-bc6l#+hZXF6XQ)HYKOq;txT(SwI-M^JS
z#_?u#HFmAwuJTMiOMa*&&_WlZsPYj|P_%%wI^h@H_avD52|oB;5G0X|M4ubKKo5(<
zit_FrQ4x8~tkLt_zb;s<ZwnEVxieYO_kE}QJ9Od4uMRE6kRBn?kO8k(%F?l)xhY;E
zhM()d5V?o#MPgmV0#LXwLbE&J)!;&*HyfR$YNNHC>3eTw1j?<($?jLr-t=s%`ZWcM
ziBLpGP~j)-X$XoP2Dop~@~tWO;zOuu!__nq=rgNb%~tg6&wK<f4Y%VmLAZu|LSU*^
zc@|t*zqX`01$6xH5!J^UGCj|o>}g*3_?qI$k?P<lV)woQM*5)zDz`HB)$U_&ZfmPk
zWUR`x>ss&82+)f9i`rjf32w*@4M`G;cDhm4TJHDFhbQEW=-8j+A4?QO=1gK*btMnY
zM_<fyk%)*7LG~pr)X1_N2&6x!3(92rG7vrbo(Osj?9=Tb90=aHRIf>!O8oFV7*TnT
zEpjIpJVC+<H_NoHxC~URUzqx`gi&GhAsfd!tvd@#jRu!xTj$df3~K+n9plDyKmx_O
z00>?hIGJC@#g^8K`9wV5)Jr{QFfrW4pUU5a`*w>-nXrpChiZQLb!`Ptld$}X2;&|V
z>LXT>J-!$teTT-pUF0xfI7FpusL4PI`pE8%x&8X0?N!dJ(9>&}OlQpf{4IJ=;z=nS
zp`AfQ{0aZYqvKr-Z@tZz;f~K44E@=8&%TO{87T1OBrg>Dly#@nFFT562HFr*3>_NZ
z`Zl$R^(}6#$q>0_pM7?+-XK3spY)43>FLQE?>49Pb=7e6SQNkdy7}^#T-w{A{8a*`
zUhSR+Y2?Q&x?5!$Uj+htVHB=3OM%D7jMY{F@G>hlk-#M8f~F%##E0F_e4h0Fd``|J
z^=s1v3O;gQ>9H!^EQBtcV*HH6jw%qYWqIB|RcUg#<clS<p(ttRPvtbH(hG;D^z|6?
zsN@HSb#%$n0^I&t>Lcp@p9Z{gz%ima%CXi1Lx~-gUAf;dv0KT^M3?hKo957+j0c#k
zLyGR7LOO-$)n)XNOT0H8s-Ls;x8(JCwUnT^J58bv(P<r0xH&C%+UNpb1tu=>j@Cp5
z`gsu!p6uaZw=64~P?XPgaIB`)Jy$p`IqTVASr&APw#97ln=IQkWSsTfIQBy&k_r<O
zZKE$S3yn%#<ff)$l&Cb8s227LaGF^*h++3pBA7=%UYqCKBi))5XrbB$p<#8PK;U7f
zW-i}q>FZ0<D_G|vl=a0lR6U}JW~`hASw(Z&KK<zXeNZkN7ejH$^pVe<nc4&|q+N`O
z^l>v?Ve(2NA&3=xu}8{6nUU&HwJc{YQ$Ib3hbb{UzJonsZyokv_jQjuM)8Bh{2sS`
zZ-5?Ij$^+Httf{T>+tvUa~?nK!WdT-(WwEG@t1kxvR+~2QHpH3dNMUq;rp*mIYEaC
z1h_szvGSDIrZ3;unn`WFuXsf0E;!7WtvaDz4!9a0eNG}AD@LKc%w%e3;k=@de*?ir
ztarBs4wTdtdCrKBB*qy$Ue(1<u|3o~(*=&+GftbFU!b14Ym_~2ka}*aet>J0$5-}c
zz{1pL*upJTYsN`%M7E2B5#e+D+5=0EsyDafdRZStAu<Y~VWCSzlWJNQ7K!xt&%8|P
zz0My>uA{+H8Kn-+>}qov<eoetW{0Nw)jB7^W%{@9jHriBi?4WKPO_?!51~s=!1n`^
zjCg80z_<_1wc5Jkrz;*z8tf*lSPrcl{ZBCUO|Ae+j=6cicf3WrBjl?%T01OWM4c#O
zsqrd{VRFBQQuGO{qw_CZn668riA=FOPv&*Mxv4hwcZq+BDVKSrqLTBJ-P9N!DQ+$i
zLr_Vmuys$vY9_pjySxu5%HGjwk|xYDAC|S*t`|Ap)>(OP;KZF`*`p{YH{xkP+L>v-
zvD=&D_U)Y@mz-any3dB(_sQMhlI`j}QG~^+<{Q|YFHL^L$V?P;Ct>6CmYSB9*Q}pf
zvi0qP*Mnu=kQ$MgXZFiSn;a#JDukzm5XWnD_wp8`uUGj&?J%E#eW4H#*gjq7qp<r5
zZ_G>iv0#{c2dc1-#WBb*6Bfj1i$;cPFkCG`swwSNHSP?P*si0MPahMWzQI>R^c-G#
z6hGmNn6&5|$|nR%2N(nm>B(8Lf51xG`I6+5t-4QFRJp}ZKl;rj@RD_kga94>ZE2z(
zhv8Yzn2I>@%U>eqj)?oaFDjOUL7`lyzu%iH_;8PG``+H{I&SGX#txU<8p}KpIitNT
ztUgrH%n{kHvFJ8gHCE1&(uuPUY(!kro7%8wgT!Vf&Qht?bS35aldQ}69bY|jb$2uo
z>nvIE@Ym&z%`ddRxiT)i>C2xL00o>RJ@~CC3}5B%agI903hNuwl*;fCYVPbl;17^G
zmwk=VSIK;A2|LoHedx|KP%I#oWKCp>wlg^=b~jrpdeaI&mTT#SWwp##Xj`lpC<^gA
z#DYtuXbAVwO1o8@uIxl)@Z7)X9;v!HBvHUi8W4ANfFg@P1xDqYBfSGObUt0K;tw)X
z44jN#Ek82IopcQ=$WXs~nLq>P&=`PNoQHHnlqxo0C0t`Wxy+}pUx*ETL)RUp`G~Xa
za#b0vuCVh~teS<Qa^QG0p`&u)s?@v8H{^F|s#1J_3o%7c&+YrbO^Rc2JQ@1A6Jxpv
zwaG>@jUXRkPvoNHX4hz)f#Ny%`C@r{TY%xRZj=E{ax|UsOZ|KP;WF+OK6@G4j-T|O
zqw*&ZjeGzgN+s=b;F&9Y6VN**EqP|@`Wb#yBlt{4cjTLL979M*pG5r9cx(!u@3fo>
zMq@a$(lWDH)Tr@-B!~Z;nI(FJR*l6#fCzPL{XFhoa0}NPr**Eufl7zFS&<|!Y%#It
zMxx|?pi6OW(@0V8@o}HzyAfZZ=6U*A2Zv{iWp(KZhP)*)?(yXYm_BZI*&6hx6n@Zi
z-K%!-+6!9h`B5&QXJ2`Mb^ZAob&mp3fAMUD_~%*ICb<%?a$#zj_ZHje1B&IuneOY@
zsGp}H!R?KV(O?4)+bp8$j<puz@jS9h=R+E|yLr32ckrH0j9B?@e?z0jj$ctGfcI}K
z8m~Fm8&*8T%*F{nd@8Y(Hd*=ZEGEMH@`uxFi6Q8f?+JXDcT<>>R><|)$;E2;uJzHg
z3w{r`Oe&+xm(jSB{Vj2IFcWib<4=?<Ml>P5KF%1-kzBd+-KD85MsIIO;%q&Wh;3t{
z0>#BIaKr3OP%Lnfu7`~0$QZSilideLj?U&n><zYMj{+Xw4BUJQlPh5KE_yn~xcMSO
zFjXBwI;NbanitMIAc?{l=giv401a)*n+v#kk5BZ3vmv41s<NbTijsK-!(YHGxQHCv
zL2dUNyYhkOz6%;VCVFdyni%J+X?R8pwqfGLwg?dTGSp9{;oR<RZ!H}uUk_oxYs8nt
zg!33WT<r8bv?Xdm`zUcbkQ)HY^DsZzg9~GQB}eNwC_WrM(**L>t4nS~Z9KQx@^ku*
znPXE>BBpL<f+4}8ym&UKJh?jvj$Zj0)GuzGx3~IfE~;~ocs)fx#g+AG`KXxlNV1v8
z62`Nypx7+TNT^mn1fgo&_FLN(k-F)=47|Uo;3BN1^W_=|zmBM_skLymECtm4{zimh
zb@uCDO?SWZp&%dt0Km*cMt=f&7&7|r0?B_T@c$`S{VzUMj5SqmI50P(_zw#`3;_72
z3_a{m27tl{AVL2A4(MS3q(TzCFaWvnzc~)b?7yl1v;>6_$@>F?9)^tmEBTxL8}V-n
zB{%0E&VME(=wW}d=wZkRiT-b6{*E2~s6ffVv?d|>$3$fQ{}Ir`{%zFXLVp{I9)`jQ
z0ARcTh5-Nor1k%!@VAn`RWc&wQ5ezxK6xbh$0!gZk_8MyVFVzt)d0xw&-wp5A^FE{
z0D#(w#JMt$#$mk!4E-baM-YSKpJMc|KaBqf|A71l=f5LS82>wo|GS(-0{~3@zu8F6
zqJrkX`HPxDfK(u`;vXrzL1dXMAQdq64+97AhxI=UsIsWC0AytV096($3j_es_yJH^
z0J6QO0#lJODw04ZP<eS-R9PG#@J|5_Fcr;V@DKOzBlX|X0Kgw%<YR&ZgvuiK)`Wrp
zH~=8h(mz%HkWhIL4iFUy^zV9qiva(C0sbTWsRvwd2I2sbsDFTwYr2qHWufx2e`k=i
z{NHx`ll{X)l1SzME>1-PXy%K!iMahi!U3SlA`SRc0SEA>2x%Zv7-{DprGFA62k=M5
z9|+`?M_#*OdE~|XPn(dY{AWO((tl?Ee>5r*1qa!pK)?QVkc#X`P9p$yzXoQHF7MyI
zKV32V)kiS6@KQ#d_4n}mwL)H~cL4Y9P~s(F7fVr>>8X4rj}ui63Y}N5-G>l~43#Az
zFy$AG+Nw~<;hOhG`V^B2F7yQqmM*k2TPoOL67gCVA?#tzz#Ko?S#Gl^T=uqipZCyQ
z`c1vEsvz69FX4xe=id&W4BeWX4fJ<TDY2kN?r83+{pZsLwtBrC3h3)shyAb!GNK~-
zWnW9dp7nFYh(uXAAy-dlMfEKWJaY~Et6I@_KVr%=Aqxfq&Z{z=r=WMSOFyJ4@a~vo
z+jjs$ic%8c(uZ6oJuzpCegkEbK=zhZ!}Jc#s%SR-16!#3SJMGw^4^)Y+uqc@(p1GA
z5C42lP>sD4*}SQ%aEURswkS<mw?zypMHt}e3<CpKe&%L1C`CU+8!uvLaUqP1#q>wf
zdCBVuhVDQaYT7f%rFQXU<DuP_wjf0zQ>q{9ZO=~ybSOv(SM&6ct>|uGW`cB4JH4mw
zp^4zY$f!xe;9Yy#N*<Z9=!@EVe7VxYzR<vDZ?k}|$7Sb5{K?Wa@8eXGop#bFcJ3_W
zPQzoBA-n|y3;KypzNUg+k7>MB!Z7T!`@0fno{4;$b7!JDKM#-QTK$)2DV3)q2fABu
z%Y%s?<2)7O9a)0-4u#c=GfRbLg%Cti52K!q5|b+R*XgG!Sxtum<{r=GI@wW+JCwY}
zLZi|vu{_Wxi8PfqH7#s<&2sUg4`5s+ak=;v>Un(NvPD)5lQT!{3l_@{bQ+3s@~J#%
z@>n`Tg|fWIi8xE)L##~Xq%nwynYkBE&j{iTP$<ddY+Tf*&z8hLv=U!Xm)2=Iy7+6Q
zHV{>djQdBRi6@m7IZibpy^22{6iFC8+yDKMA&~kqn6OW>tolbLeP!u{&<i;{ZBMGU
zA@OQ5v%6bai>!6-n$i5AX?P$xvtRkk2yEJ{qKjQ@qiE=v6IXVDkS;x~GA$&3f(T<v
zr%dFwpgei*O+sABHP*=l`|23eRSO<oI5}ZpDz0s=k;P%-eu4E<|1m-Dn?i!gHy!@{
zA#OXwud%i+oo<{&Vk>yHB$;)87|IzKHBu*(=PXkz-xWC%X#;)n=)R?ljmL|}4bRmx
zIf^T#3NLP1ma<F6KPF+WP@{`H<6!@2JS*V1%}1ivwJSRnz(R7>4~R~#{$WphZ)r&C
z`IPw%-w^|Mq53vXL&E){IyjVON$Y2eG}Zo3vmeh!&7^6b3^&@-U~uh$C7|WA`jJxF
zgVFB;dzW>A^@Sy_fd|GOHlRSojoPwUSF<aEFB@j3qJ3mK3!HdIuuTDd6({hG&XY$$
zg#o61cY_$6Cp`2E-MVd2AJOR{%@m{kb&gzPt;|M$Xl>>z?B`TiA_NlR&YpF8qXalt
zwPeMm0xN}P!9tKW^Dy_of`RDv`PHm|`lY#2vb-|tofEtA1<KY|0@)Wu`XTsgm>nYu
zQN<4wE#vsUxjo?ifgVMlC}u2DiCikZ<G9csQE3we^%Vb_jFixDN$!tQ2awlQhhlsc
z5(D3bzv}fmoJtKR9JG0AwVHpZTtySP(dE!sVS=6dR#Hvz4j@*JxT!U_kd6U+Zo=9%
z6D3Wi0i4I?y<YAphYPgz{(*F|N74i4si#EglG#0M>(4}Est*fOglG>ko=NyUF4?XL
zq!|Y%i?8Ii4pds=AEfcIt+M9G?ib5ZcM)F)HUAn}8)30f!XJ~E<F!DW4<bDI{c86Y
z`>%g}{7oK*+W6ORMHC~eEo{_AR6t$cU;BTp{I&3LBM!AGpA^OD=f_#AuYYN$0SwCe
z{t}WUv&KekIx&CiAsfcIfFytQp`#f6RgI0>fSkKM4m08oAk)`(L>QJ0$lt$$k;vn5
zsP#x8OJ+dbzkWpk>c)<K{)Nqf+O&XV43*20IT2x)|7G+O1z->s#(9CP_4xafELp(Q
z<E(WU=h>^kL8MY7F2l*gk8engKji=h=g2BZ<ZB`flh3Gty1znxZ_gpCpraW2y+7IJ
zV8s21ghJNyyuECC;vvGY_!lw2;PxT($`@(qAALtZKf;jTk>h^+E2p?V{YCwWhXx@E
zo_o_EBPR#iU*CxVF#w8dggt)=13f9T4hLcIi6m@peqXvB;o~j<4^Q*%xTODHqe==O
zNg&}=ERltB$TO0WaRAcvQ&9ncs=4oer7@V{YCsguQvGJI8Y@t*B@=VQX^}-=2te#)
zn1F%Jhyy^8)zQJ_z-W+fFX7?Rk7vcuWmdxB>)QdKeL@NNdxRUVHMIdLhU+phgGj1D
zav)t@QXE}C8fkfjT2nG2gA_$N^pdvsGNkrLN?03VXoF1TbC^Y8^Xn>2i7L0sjh-h6
z#Q<kw;sBs%Aw>$H<2-~CmY)~$M4{sD$bV4iQ*h}1&=YWLR`_OAGFjMf8op{W?Jo|2
zEhGQMMB6I7sV>$J?jqZkmc?nNzY;sq10)ZO!IMQgAi*iT6pa=={_Fl7v!*cW<0HUi
zYi9_`e3`V2SnwhYz>4@9n&)dY4^QIrFb70o;|4uNS2xCrZhhAQD6}dEJ&B+xHk2Es
zpg@XTE7z$@VqGnA{psLd#3~*>x&)&fDR1I|h-I}#+ACao?cVKB$<7eAutNNHlJpf3
z>tfXtxNT^sbH5tfHV%NLKI2Fz2-kiG48(c{YdkmeYwYzLPwpKgz0)3$(IF#=D4;>-
z;{+p@BZGrmYlGmP8K>`qXTtz0@G<q!V+`>fZf2jwDu_?z#j2)|zr=c~Z2)FlHvF=L
zkFbTp<=$u|c>_vL&(j9^GXcTBT}n{nNKFVUt<WPO1~HQu=<~p8BckH<7_qkheb4^S
zsfoZWb673PH@erdM%rP3WhqL%ay@0F2$}{lFaw&Rh$L~eUywXkB4eCG(&@`Dh;a1M
z!jzFRc^PrJ3Yz-PWwPTzk=n1nU?{4RD(aOXr5I#L)hM7*uWX{kbYAco=%<+`#H)Qz
zFnIp7tf%x=Wu+l&{=>$anQ}WBsTo<isfe0zo6|CRODz|5qLOa2c4I>~jje8*{+BhF
z%~}WZ3TK<G8MVj~2t|a|t<Hvgp`(Kath&-p-Oe^-T>H75ytEyorFOo>rKQ29y-c|p
z%|zHt8K%6_0xq*z<7sax9$^7HEw^<frL}b^cBtEHmN%4&M2HxO@YH}=TeM4~gnbM?
zkbU5(b1_pwsRxrOm9|ipLX*mjJ4DJ{ZC$C`Njv1+Dq7m={D!-epdHHdwgzp+4b)4n
z#!I#~(9)Ln1~M}mC1V)4Uf+<j^z%DI5q0Bbn~emX(zVih8)ji*Csh1;r{$Jf;kbs{
zgxW*{@}V{tgBCL~9%u)!qt2!_p%k}F(SVq8W4`S7zy9(@VZsK0fKg!pdGv55Mpbku
zfJB}Igu}#yoaFxR*A3*`40;%P)WcuGmjC*+%J4XSDZK?*34(NRmhOFxNch)hSjgk*
zL66k{shOqL>yd#|DICBqW2zi0cgMQstVuypEmvPU(ghEs@b=x)N4YPqyW4yXn^f<$
z`}wUtl!pjeGDd)a5$ZpJ0d>KfIov;)MZWtx4dq~<G4kQv_pTBqvPZ>|sJ?L%2kp1>
zDC^rZa|*w9@tF*W-)@pQIF2qUp`jAQE?2vKPu<9FMJmP4_0i=>VI<_uOmd+!&FdN9
zxAcR(PjeSVhfiPMOm)faJdh0?vc4gGo{7*vV~E>Pdb+p)ZT@%~%<k{iEoctVIu9mc
z5tZy&8=-2JD$diC>dGZ!R)}r4`I5D&&Sw9qQNY8pgKjCa9+wV^pEh|1rS<6d4rKkH
zO&xGOw5I-9JyFW#u7(Ppc=tmkqeK1m;mCUjw}*9lZAX?5ZX2^Uty|hJ`_GbFxq72(
z`mAq@DvkJZBhNgt6ax>X$Y;2ga_!3}i|Y9U89i;qqnzgZClP~!D;}>rdJkpHPO`^2
z<Z+nFtqGeknP#J^Vu^G0+b@fLPT$-eNofZh6(q9MOFiCzSYEJ^QPxD1>LnPECcFUY
zs=XksP<o-Hmr=n9GLW__f~>5s5<~dBw(!rBF8q(|HXF65OB0n>NU&uAybqKLs=OfV
ztF(1b2hU+FcApwaFSP<UI3@p+CB)*}!)lT26l(GkwU{saW*$E+JJFRJ0i=>x)OUm4
z2Yh&KVOQ&zEp9L|MViBUwAyf*rz9fqrc6k;<)zbnnMP%Tx=5x=LakNM+D4-CIuJ2I
z4EM{GsI!~$N-j`<_Cml%;y8vT>Rv?1HPWJAXXUmMg4P6Qf?)KEoxWYYWfkyM5%e^w
zm#GZg5<5iX3Y5mGzsT9zUhC@&buyI%4e?{IV>@kSI1g%xPkGK^&rzTOxvQy&M^kg;
ztWn_W8IIm7gaZ8>XA5G50pUdjgD<zS`qtE^{dLwV*f@#RwJbYT)PYhdR=hu?KSMd{
zGL7Y#WpX#l=7W6*J<#&hbJ3IC$6l;EN?__}gPY#Ed-qz2JVN<$y)~RN3?^bJOQ$)=
zDKPz})X<@%)6adug``RIl08Sf&uv!roA+~3nc5+-Vk9MEo_Zt!<^h5%eT!LrTS~o&
z4Ny>PSI>!h`RHz0+&)m{C0PCof!8hpueUg_qE^s1pDygMGDIjTG#W^!Z`%|serW#?
zd{72%kys5pfUQczX42`u{9IAGmU{>;#L1nZNhtMReaW*>;%jH~a%Ea5f@g_VMaV5q
zbs3`SKRrJW=ZL3@=05ZgqNn!ka=Okku<x9S^K;nhWY74b7;vjDOboD{%vnruwn;z%
z&R3%Qk_mddIx&KP?@Wcv$TKG3>!OBI%W*OJL!(NKmK>*(c1i|~^{`CXK<_?g5+Fwx
znCeZ_n=2P{9s@j9FvJ%2sSBUU1q6<i#qAvhp)3V&Ax01Kx?#4NhU@IQGwB7quLqKo
zS>Tsrt2L+X0Ug+-8>6*6b=x~Sv9}xw_vK7K7Kr}xj(W9Ig51XKRhm3y2_A0rZ&MPb
zw+A@6e`(<j3i3NRUNKz!h4B~R0|Vmnr|-vy%kPhP-(XFRh#N=QSK|RkX1$3`UVX%g
zG<@_nsM~U$LYM@n((jVs8$@4>7Hdp+NP@d8ASR3QMw2b0Dfns+$#h@C?d5|%jBXg+
zAS`bMgQ|kc-#BXEC}y=ye#F>!TXZD9gLtS@giK<t%&6x1ndH6>&NEmPx6)dgtWc5K
zu<5-isM18f-fMIM<2hig6F@ok4*&HI5SI5D#?!tEZe68;Wm4Yfv9$UDQCDiEMkb%Y
zZOXTG8&93753v!94CIw{q-^5@D$DMRotM&4%eCTEUN!W&tQ5XQEs~|Rt)d-bHXt^O
zOC#@of?E(fZxPt#B+K(?1Hs)x1%oy5X)SYT)`&uaqo5!<yh(%3PUq+F8uMO3ZO4~^
z3B`3iG~QP=3!e?}NpETTj4$burtQJ+*q!bN2KA<%ql#tLVs;2lUt6%)w|Ay}Se$^v
z$Q=Eoyy8@=^gKp5X!|A#^G>5#QC>*v$>u(k^!@I?2@WCL3UNL-b`0&!Y=`9e`&4$Q
zR<_b4CL5R@>5}wz=j7Lgu1cuxR&<$g`O!A$RvN%_Iqgz7_orsQ(ju=@($J{syN({@
zvi(yLM-uSq@r-+}=~Jy?`35i}-u2~@8uQ|2qR=<h#x1>0Kd+=ADgo9Qc^juG5C_bo
z65;5fJi$f|N)XwHf?juu+9im<9DCbuo!MaCARrRm9c&TrdthaM?*}JwZH?S(=&;wo
zxL}4yoK`%0#zA>PG|Q8rV_NBdUV{N|JkgwAfzGp`1&a8@mlArfcX``b$d`paxSj7q
zTuP?$SAyL0QwSa;x;ZyZ#=I7>)J$IJPx|FNd#;(C60~xJHokEtlIeqZ3DG#8Xy>@Z
z&F>q_u4B=$X#Zuek+<Fudfl?@JO2%iZLmRi-ROe;_3dNgg~tFz&$b6`Aw%8QyHGz#
zg!_k<EITNOE7-y>+91$RAv%i0`qzaYqo13z$hGYI8UJQP4#Rd}NS|cLhFg%lv_g~`
zSW({{GtxSX4&1y>L&vI|aQ#E8qkrq7Y1MV<ckk<bb3NUT6q8oJ=|V(|tJvGa`T6Wn
zVp45NJwhdCLmb&+s7PoimPcQ2x(eS1fkS%9EJ;)EoDoHajyad)m%{3$zl=f+pX?MA
z6l+!2IcjjJ(m+)1Bz-AU&(b~?ZU<iue0S#i9EIcj4!I=Bwcfn;mK+y;*5C`t6JC)2
z+D7}?{hG?cjm5>@Lr{~O!qFvWjw;(Pnld7c(#CmQ(Q6o*fU|;y#?Gy1>st5THL6Vb
z1x<p|a~xG&rr5p^_P%(jKr8V#Z901B)Vc=MF+Zfg8Xv!~H60*pR}iqr9Z8Q+n;t#L
z-`P4>mG?roZ%?R#OQgdGxFu3@EO3P)>p}<+H1OtceuhqsU#jR2RP^yyfm5r?=^llK
zUiR*pg3l)6HfldK-Xrek($Xht%v-whHp;aIF0&VnCbRicCbM}B3=Fi4(+vV$9=(@u
z4kis7jQm`dYpY8W7|Y_TOTAfX;*}?W+3vUQ;LoC-oF!SDb!WK-c@T#W2b=CJ3zhRD
zC>hI*g)pb<b8WH{Dbb?d?x2Y8Cksxlb<gy8c+GLyW8uV2u)WY5gp0_AZpRY1L-1vh
z4E0v*a3`ltc0enGvV&%M8XG$k9M0aMG18w~$Q+NHIRD+clR9ATe-ls;a{EvkVES_q
zi8=VR%WH4Tpv0KHC=E+k=fvRgMHTKxdYk+uzP^C+)*f*h4@dXW3AT4s{&_m^&V~sf
zRQ1g+yuK8aC{SJ@D$E0it06&^x9Iy;CIl*<1j)^&URQUjguA@y?Ju0!_M2#40>anL
z^T%>OUj??X<%5fAg}|nIY$wYP?#uSL`JIp!@~l;M)T0n4KQlq$8=iv|^=XhrUfK(8
zjg?8FO2f=OJkV_2Y{cVNkE+l^<D|@*XbLo~XNSqC0j@J*F=x(*(Qjvh+&dre4<dxr
zs<V9T5#JI!5IN@qiHZTESeuy<Q&ZgrCW#0SS4>-pdLzF%pNSt9DF+X(-UmJH3@>$4
z-h239MfI^Sw=XMZNV25SgDl|m%b&GB$WwEa%?#n_2;lGpDsk6VS7quN7+7FAa$!{n
zzs#E9J@p~0w10lDn_C8KjaV34oK%y5Tk-XCvj<J<eYUpix3t1P@@JK);gqJS2dV{V
z`!F#1USNE6aEVv&LRS=`5ElU*P6TBtbEN7V$0%mlb(s>2DO}eZ{@&s<SQC)Twlc13
zmw)JaZdT=l$kF?hS#%!5ty<IoA6b}i?l@82ehxF_T;)X|rW@cEy`6<{Shp~=R6R(g
zp*+~X6T%>Gst9pEK^&S&LP+g9X_IdS+^6B^MnU&4zvnyjzu`%omXNMB9rqR_I^elS
ztk&5;mF~Q_boJJDT0qP>`nnTDz)@>G)Cea9+@uISpOal7X==G2m?IzL<WK+~Gf11T
zTn~*Mso0t9+Ps!+wK^TL?pzTUU`<ulK*RQn$@+6hw&QbM8`e=|@5<r~Omha>fJ~gV
z)I?z5j;D@=0;*O8fi|d`#+URS<Ui@-OWDA*TMwE>#Ki##FrAz&Z9m;&E~nfsokWj+
zy}R=R6;m<{<dSp_?uZB80HF&Y;5=}bM<gCNx?jTruB1VB;c0I3p`@BQ8km5T&l}79
z)#gzzX}G@!Sy;-vJEK^{H$=<q?0yFB*w|q4phuJtV?bmsg63a*!vi9ne$yx`XGBwG
z!8^`I#};?6>F*&tmdG8;K`b$T9cyNW?ud&R)&2KoN>3i0a9D>Jo)idyIM$PH>a7-8
z&}Ao4>3QmvpzK6kEcf<`tTX<3;(YW=WYnz}Lf}3>S}6$7UCww5ZPNTGde_y?auCb&
zLIpsm8i-Z@pQjUwB(oUO?nNC}@|NIk?xXMC6&m(h*tbJJI~pF2&q9Q!yYW@EG*)^|
z61E=1zSYWpN>FXz7;`<S?ewFs=?QKsRX2zFLaEq9CGFDlfk*67tD4gWIN%I62LsX8
z-kyIReV}S#YR>=GsR{$JQX~6?Kjx~!z+LgcM)*3j-PhHIuD^#wEd=5a$%cVDnGhaU
zUh&L!;7)33_*C02@&<^EN`og@l{XgLZh2T~z<*F$xIwHe;8Giq%Aesh^#S6WHUUga
zFV87+7WrEVQjf*GFoa`U6zT613S#KLOuW%fbRI2sQNF4V7Y9Pc9L>Pd?T+q9N5sjX
zGpCQ>`=?(2aUiTGxVMKi#T9Xi-<ARTl!h2U%*3#euuZUQ`y-Oz$S`k`5Vd)BSP3G9
zY9UUjCLFYO1f%*Flpa_kbKz}|v~u2-ga`LwdOc;^<u?wE{@d>=yF#xcI#$Y`AQv-s
z?W#F#`DuNVn<Ha!M?L3Hmkgxhqrb0Zwsi+KV9~1kOlU*ptyNwxZc0JC{)lDQw3opp
zX&lg`94H8RPMVW}u#J;mRSG6p?-@Z-WRUzDxr!(fG@K98t$v}fE%*meZ|K3W^zxxP
z{r6YlZxHXBq-)foT<E?HoJk0h`@1u%7@Vz6P5ilP|I<TbvR68Hb3M0^tW-lwwYL{~
z@tXhA!BKVbzX1ND!{;oAA_tyN3yRq^?rLPnn|**(^nw?}hCqy$cLR~F1_Uew<^$91
zkWI)As%n=FgetKjWyJorrxy8afxJP$ml{xz1V{wLHUT^VP5?o=)m|(12nT!9?b@4y
zs4Z`f{diVp@TZK_9GI7w%>=rde0p@-29GEWlz-D3b012+m{z&rLO!AMVV^?<O($ay
zLnO^poS7FyoAv<)<=BM2{L=oCw79ew3L;I)(0`jj&SfZO9?#CGDpr;>MjX%fMT?3G
z9K)hazUNuNoGeOZqqX)^(`<<$Gei0^5X8I<YT5?hB7R&g^#ECr7`nqdV0M=1@g=Cp
zM!e8o0`|U|9E+afmw5S2sF)c~vp!SlkdpE~RC)5zcj2x<i%-I|1H_{HDc_mD+>_bb
zF6&#U2+9~Wb>*AS+2RMwMW&EQGPwoWxd>o^T2!p5_t9`b&`@bG_HEg2+3vTioYe0;
z*nH}!Z<lB|T=WTT=X;K?y2~Qr%U3&}A$HmL`6XFH->?X$xG2j7ucyWjVn8(R&zS^9
zfJvRev<li}Dj>KUh`ej56D;5h1BaQDDQIw-nyuZXK)XSdP9K@91*$PCqn=5L5Ri~j
zpp7w0Xi;X(a6wU|_=`P2O&+~0vdm?LI7(Jt1aS?F`s(I0zD%|Y@6^1+PbS|>V;d$a
zT0tQ0`;|}RRB;rc`f^aH61kjox2HMX&fsj0Nt(&|q2w{o=F~j814>wm8bQcA6vnon
z{4?{MgBXlqC>y?X?}k`Ve<dP{W;=!+R^JV{EY2aE`3A`EW_o*Hw|^BgKe%3xOa-2O
zhU`Ne{9vQBg`pc+fiicCWBHJ69JEUTDm{od{>u1|%15Y`^UA{tue(O)Y?=G7CT)`U
zTtsMk&A0%=JBC;a`B(u{8BF!$R*FwFT;jpmNw))3`D3Wdg-0Rkv63I8@(kZZ1)mNm
zNIj>1*}ut8Z#hnN*}WlIbK68+6yUpE_l#}nNB0zKR<~WS@`MfyCyS-WvEVF7=BRbb
zs~$0?XC!@hkUljqW@apUS#sX*&^sROUnmbKor=OBnwpW^y<iBCl?e~O`r$`ocm1Kj
z|88;FD9LxUWh~xG%KthgDdfa-x2cG$^+@}@WWe=V@}}3<B-@cjxY%m4jP0s>fq(7E
zS*M$SZOGT7cR{Xn?Tf2~r1F3mq83@tK}9?!Ou%R|DlV3zibAVb=*{AL|7pk8cf|RH
zY-!myhSB)2pbd42dE7+02kY+>WYhy&XZoa6J&S}v60c+fgppeYp9xb~Z<==r8)f_+
zu~npISEjW2y&XlQwnlm6d}moe=$$mIJCe%)oCxr{@LP!teC=v4N#;Kni4Z+<DKew9
zr|b0Ca+2+63TIjAzO0YcIvwxfZ{@4N#;5&p=6nn{=@MBG59$;kdJskBiaD^)W$+NG
zIKpMmnchU4W^&7mcQ_n20MjJE&jhmy8Z$SZ7dB>by~gWfqB;B0m9q=)U|vj>-#j26
zSu^{*KH7X&Z{hv$a-c@V!3b?rp>;?a{&>Wg9|QIOuG#0de6Xz0{o+DR*c+RdmEZ<a
zHNZWlI`>KZy#-6`XcY4;r1=tybPu^JNK2+cLMD4p6H#}m@`vwQ@>SGYwMDx=cv8po
zU*xCE@WLC}lB<Hd3GvB-PNbHxL_X&AhSE$4vxkU!5Q)}4MEho$MjffK>sy5y>0f?W
zAkq;1d~aLUY2hoNIcCgnq{BE=saLhSdGlbxxWS~p3{N4Kzpzj~yk%hEUfHfH%v$a3
zC9hQV8C4SgcKc(S)8gAl```|otklaY&Bg1ge#E0z+B$<<2WKbS@dnB9wuhQQq!Kua
zn6qu4eA(AIQN;kR_ZqCTqK&WL?)v2@Ly)WUG@9<bxyK)DMWNFdof+K~beP^?Foy-@
z`<fNrKjtq8nD#BV!Rq+>sm);quIFc$i`+^q?oBDUsQzT8@mWY0xZtbz=@@t{B{!M#
zU^VZ;g*nAw>%hVxK1x*0wwF7(?#tPi6iLa3J%U}4sSelfo4VQ5`k8V!n<|MSKkE~>
z&4IY0a$-erEv!qj-LO&f()ciIS&#09Ms=liTW+LtcX;Q{il==;vm;E%nkKgZ({reR
z-*IFFYtTCMsNxlGzv!iV@*D06`Nrm3Qa1HWzJsZ$NhAEZ;BF_dr+S;rW#R1u`{}Uk
z+;>8+ZVT9@#|p&sd_0l21l9vFN4WUW2GD!XjOaEweKcEmAJX&cwbDnfgY|KK{q4H%
zS#vsZ<aauV!@B2t^)xX>5oU>OfH5q^i|bmp8e)}dwc?(<v@fq)QTum^w4>h*;NybE
z0`$z06B`-C{I<^eUEFVqrT(34$y;ot8_K@aSFchOs^2qkqT(kp=t&o-K1HGphF=--
zm~9b(zoZMin3sO7scwTnJ$+(BT<8~$$eK%VG@s-)O-^C<Jy&@vWt6#0^K?ND)h6YF
z6v!g#-0d$mL=^~?)NyK43N1=D7pn{+5Y%R-zPAckRHXZ7`NarMr|cJG8Q;?w+JB5;
zDP24UUuvK}uZnRHEkg*_&t%xEwhQCO8a0_bhhNT?HT2rn7qpKaHDQ}Lb1SC2V7#S!
z44q}qbzSGqU6?q%fQpB^m|^zh?D0_EI=J?`o4iMQ`SE&)JTF3a8^iLCmsI{{Z*RM8
zp=0R-)ju$~8I_~3cZb40p<6R1k&1a9WUFTnvn6*M%&}Oc&KfF)h6aYv(0!^S7TAn_
zd6BEQ1vbW%W{x6%cD~h5JM}1Vbs4AkDorvu_F)cQAi5W0nW3;=L_c({jy|(t%|Mo)
z*h1Ly^T)_G=u*>vq4(^h)?Xr$@38i>@q4^tYpz%U&)M!kUPvg%WsCdXG(Nr&`Y`_P
zE@q@^?s%|}+`#SQHc5}eZYbqb{;u`C&QGzB{)qvjuXkrCPhsY%ToA!yLTPM`H+>du
zRJ0TjdsM-_Cw~uE!<sGjkqw?=JQF*2Y=B#xTHB$-%yZNMBa!dP3=CK-dIHj9=t9F>
zjVT0qZ{g>i16LMR`tw<5m6~uVT@O~ctR-TLEU@tw7out~?j+C)jrF$YU2MmdG<;^h
zN`Flj9P|?mOXFFK@|}UyFa5TB%GP>2>)B))-v~Q0V$!PfU~rNO6+cz_$b{v4(FiMO
z3IZA8V!qJJvRHYM6RY-kaH+bDU5sG7E(^Zv&-cE!*p{8I?qJJw*I`v3Xk~`^D<3+n
z`0~@3H;z(OL{_=Vta26E7E9mkJT6wsEzun80oRQ4HmSz5%zH}w1*C9W*}$T{ElJN!
zCTE5UB!zxiERubIFz{4FSTC&?vxQ6UIBumy-hAOA<@p9%FKMZ>oz<$dF;hy)fA6_M
zYxB5{sU}`<$xmwF|By#6*xi!6>bK%j(b+^|e;qP}aNeG}c2nqHv0e1uveNVaeDm#y
z1ttm97rPI1wCs7>e9sAEU;N-`w5<4ZPBKR*xJznk%LY|Qe0P@)d~f|Z3CfnC&jcu)
z@53VO9R3j{t|yOOXw}ft+A|^S^~S}%jXlFVHCSQj`it~!obAJxg4`UQ8&ukBK!fAX
zR{ErbilL%U%+F-VXh3j7r_Cd_sKc-KZocndw{0GOoun^?94h)DSk9i;0i`}jRJ}bD
zK5}g744$}1hXM_hjH#rPAxrk@7c$p+KDo5^8aT^Y&@Zgx?_MJu#rr0jSGVz~mfq4~
zGUGCj8O<dXqZI!J$TLc&OyM1rSW+$%DVE+m;)`)Es?z%K<mRV$_WM1A=S5#ust5?5
zs$N&~Z4f_aPQ<(#WUIoO!ls!oi>v87iW~3C-n<ohCBh$o_co=Kk`6^8fb6bi&^+vl
zQI;b*bTBff_YC)ipFt2ex;vG{T_6v3*swh9)KqeKZf<U*VCBR|0sCOTBfjYRUv101
z!Y*`O9DpYof}d>CLA<ESA&rB%HyBy~)S-{gRNc3j+9^^K1dn@<p9{^l>HWB2QBqf~
zfRt3K94CNP&?3>@c4y@Gs@KOqx1Rc)hQ_k{()Eb=9RPa!6?W-8TN(K2IoQnrtgeV)
z6t;<G&P$mxoaI%FY!1pNnZ<0F{*B=QR|+r(bdI)jy!5DD`)!T<biM*5_eSx4;B+{|
z%535D@_;lgd0A<Imb5%VA!2tP(LT8vXt(X{<0r>;<I#V@q|<OTshPKO+9P%}d0WGt
z(Y6`-rbDV@>-xxq;P=%na#+EmEt$2p<{r9GFrrx<=xe`!C^)Qdn`FHZ;BH~>ol$Im
z*6%MKCNKKw4R>;Gq>TD#jfpsYE6CTC?<J9_e3&&h4~F1Fic>||@MpxTP}IXdE$v81
z;MG3A0}B2P0>{gYJD)sNP!M1Qi5Ph5T_Jg}2|YwQGL_uu0?sR+37RZXZ7y5%_SUpP
z5p`b{I8s^xL%77j?=#@Gw)6GYT*gt&9mrj8Ut_p%DZjG;U`p%HSX8(?bAi+O!p3vB
zFUYU8RoIu<#Qovabg)M0`QC0pL-;d|mUf6x3K|UFq}1CJJL@bc_D;T1<rBd!I#uzK
z)M3GFMCthN{r9mWn^OzyW$hjQkXLT~LwHYug8ca8E?1B5NFVyJLDAW3%{B#c(~N0E
zgG7d`IaFIi-cH}02p}I)2<F3xXRW$Po<D4Se>`h==oiu!94M?Mj;rjT`7l?%+)PLz
zewC*Jnsjq%v`wW(WZIJ(;`X4hxCJx#hKk26S}e4Q^Hvp8<tB*p!kG>5mxP$gmW?Gd
zuHVj;uOnbs8P_lTlkSvd3+s#{2nzf6-aau*8-fj%czuE)Nry_JF*I?asnRyh-Y9qB
z8KjLk{<xWmk>Jow+-D+}Vh<4a*PARX`xjA0`b-nkFlCi)?1xNE7cj>j08gQHC7|e(
zecZhFn3BA7EBV>OY;Z6FvgEV4MiLNw;T7XyqWKa|Qc}~@A_5B^p-rknB`(e&l0(BG
zy>5%d$vlq24V0+%pCC?+8P>(#Bw=F7XLKoZq$;;+Pd>1`;z##043foka4&X`#v?)J
z$37A$*lU>)O&C^Q@d%s|pHfWW700Q`|9VGVZP)TuXa0N&Ysbn~FvM0aj4z+`Wfa<L
z$x%d%#dRMCio-&~=63X&s2W#snAs*BRV2#BXbF&jdk~G=7q9tCD&rg_e;a9J<PX*!
z`Xrp4p@@dCRo~2U_Wky!_J&J_;>%R&M)2aECC5&2jnwm`uhQ_1=FaF{47@>1<?uFq
zoV98bc>qd&dq!hG7c_i<3t-)jHj|A0g2q>>tbECDq%1k;lD;VdFS-x;=`<%PkOteq
zULPRL>+u3T3SAE4dT8gVk$!3+6<{t9UF}d17LNQFh0b_r(Egg>VNR^REm%jYtC1Ev
zRn6v&Gc_gP8HZh3sEOGoJ`|@u$F;=$Tn+l$9N%sp8gN2i^!A6bD?LU9W(yvXA|}dJ
zM3Y?U8ybIbgj106S2RIP{F<8AFE>V(L2t9)awHcnT=e=ThbRCK0is3;kq4|U39bBi
zC{WJ(!f84&|FivBf^drniB=Eg)%h}Y4)esbbIeZ-e)C?G0D@1|b#;OexgHNIp0b9l
zbGiB${|7bkh|IkSrXy;QysKY`25p9M;hlCym9?SsA%nemSdx#Qj@ywwmo}$4#{GHu
za76CfcvwPbpk!~a8?@-gqj!N_iatbz(3TJ-0_Pq7?`nc6e<gX;L;igX=-R*BDAJdd
z3x70b%U3{nQze_DV4)~#*v4MtJMW6)TojTrti2r)F|g#nu747q^ozBZTv!`A?vaDb
znQaKElg#%B$$Iz%zQn_4ra~d=yOnH>BbC19lX|<qH%1n1fe`2R*36S9il_S^E>~@>
zi~CKzN=w_r7t+O{q+J@ezh&JxCp<<|>P+3M9M>CgGTsU4R5~gMlJ(G)ca~G47H0n5
z)!_Y_KF&|271A;l2p!oHvcd});RGja9^7B_bT25TJ#!k(<oMi?GWfCcgvHlAZFIw6
zEfQ9$na9e(Maj7|sbd;T@DLl9n7D1v{Z1Brkn)?2bm+a;^X3;Z5q0s=XFQ6!?kOEV
z3Dc93Wk%<+W5M}iTG&iALZ>K*X4l>X<^57;aXSp~G>b+Sj@vwjn6Ez~?kQrO{&-G#
z-~go#aleqoY=l2>e<_XO$vj+t*S0`8MJeehYj^;zCX0WEhSr`R;(g)YpCdbkW_lo$
z@HM$vmJ;P+gFA$scVUS7$itw&sbY!B<yh7lEtW||dT|(IxF05_g=~^|yDFYef&KJj
zTN^?3=O&D|icDpfVUYvl?;UuiwDGXZly7b{`nOP|c_l_OlF$Kw2Og0JpU_Ro)S)m|
zwwTMs@kETJ?%Qt`4Z*>Xxj4d{L(}q_vDXisHmi;B*Zs!<l=lzynC?=vKdzatfz?*D
zRQ(DK5Nd7-uA-mN`wx=*D0vyJTRWFXhdP?3--xQIi@xmImq3D@RLOIKSTA(-MC+_I
zPWO|pSBUl*cxSxm5nEVb_`EqAaj^HXds|IOgMu$j#&Qn{zbXmM)zmgquQ$@uJys^&
zAZye#k#*-e4a&U(Q{kjgDmK-6iZfN%t3JR`?oDBPQP|qJ;dIYRr=9E0+b5?jZl2ao
zo<t*8JX>5#xQ=05()J4es*I+TU%w*wBD(iff8e=0J-e0@Cld;h2-Sh=&D`@~%DJo(
z`<GvYW1IYsYn3XQ`>_1A(YX_S(T^1-0&%Ja`zd?}iIh9#%XQpHtmtMPUvQ^H>`8L*
zLo`uE?MviIl&eLwEH=SdFzF+ee*16N2oIi)h?Wf30D~R<XMCdZ0Z@YwPlqVb04bSk
zX$0o4tw>q#1&!I_S$XRLy9ffK0_h&5nNyi!hNgERn|d_9Rl5Ty%@?kQlEq{~mnnoT
z(yL|42fpxu2P;Cqw`aZ6^IeYppJw(0s7Q&(Cy9vSz4mEGP)G^5HI=n4J*^`ztysR+
zP2!y$NJTvKNfC(B%k5m?=<bm=^w6s_@#3S)TbnTcaKOt@D|u@oxLPMB7(Yxo{lqsH
zx{}H-^ma-gRdB`n`|-;?TfwH3H*Ey(3nnl_Sd-cw)G5aYVo~ew(A|X%N}r|FAC(P8
zvp_7JR)BbHBkF4_BP*^9kWUlU55;*$MZEzbEW2AKO(Q~yEdtmJllKwaDpBxq4j~T~
zK@!k2&d(2?eIFa^?<7ijUgijm;E)ehOS);0RpR?v)F~&>*7-UqfK6koP{i*iEu`4e
z`Z0K{H|Rm(il3fSq8~m5_#;|w7xN_1SOlU}zdAQA;~V|OJ&1{iwl&MZbQ#7k!2CuJ
z*Np_{#Y;l|(i){7Z~3;!JHt~fTpK^4eh**F?mww?nx$VY1(a*ZdW%^Hg+s-TO;|{~
zczBGI=;d#U5H<l24YU0*Ph-eRzzgMEC1p9Ra|VD6>JP7u$QgDDq8tF5_jj_GbExDe
zmC&cDl}`#8u(zvySAG^VyTR|(WnVSLhHVpg;k6)E<nD~3vN-Qz$4_Y=A+Lh1RtVQ~
zbHnhcc4wPT?y@F+ytNN%{H{_j7!jQ?RbsEzm;Wy5oy^&I?-6`cp2#9xjU8=GhOdwa
zeaZ&Ar?i-p6&+vwO@?Q>9-LZ86nD+notf4-zEg3s$G^2Vd<=ayreD<Z`f<i=qze**
zExCj)D!F1LBo*lsV?C4@P}jiwLq)bUo8FO6a^TFc`@xGp^a|DKBR-&lmXKp=NX&_A
zIPK)zR1kYujkE3}Mc?E~6IWWTz~t9i_WmEYY|IK1V_UStR*Y@n2-914&ynrm$Q|bM
z^WFEJjG<R_CG!>47|9SlH;*OQq$l3cd+k0<sO>vk+_#cgpDY_*prb*;=vK9-`PeMH
zH+!VeswDSg(Z?ePeV@sq?TPaE=9^$zEQ=~$*v?<Bt87bR#cKDZykaV%M&03!xQmf@
zy$mI=9z;KTa<PKNg??!s$b9#loyq(l`9e;CbzVF>MAvO<!k<y>v*XHO%L*SCpq5e#
z4~Q~GY|&Nn`ZD%&K&8CHFRG8m!Z!nl!8A!vZymTlOs>3XDWv}NBV0W09e|nHsINF?
zU43HPXXl}8V<S7j(N`Qz{N1Yv%gOF+{s`pA^?7$-bj5>2xeAv1U>tC>RR=sBFZueO
zMrQu2#p3D0z}2hZ{*QsUBGd*^!_nPcLJ*r2@o}grUu`q>)GTtJ@|?YH)BS8Ynil?g
zJv--|z2QPMfXv0|nl4t_slmPG#`kKU^4*7R5BZoahl^Fh7;ChV#&2|=DrsA_z^30(
zBH7wpoLk5I>K<}y3AW6*n<r|{gI4|aWz&1PyjF^vI)<SZ&si_<-r4E%zFY6*^7jvY
zcqa66>SF5)UEy|UIgAh8j2FwJ%<p!Qv03IjVOgX8hx-Rej2OB3DEAfF*8OY{x}<1!
zd+_{~H9)|-k6KIF7>(aMBjGp6X2yK6^$=&hzQ3fMVa5B<he3Z|_jUs>gX;YbO}i~!
z{Os5&_7HEsoSX8xdLLl!7Yz_^t3hPg_Ygq(`=n<R5_cuN&DKNlHFu<D;7S~^8S<o}
zvg9$intEOTp!GEL?(ki2?<c|mlw&HQ3x$km&ff1U>Nf8w3+7}1kSfMd)C3$d0N&8;
zw*}s9{1k{}6+TrM3S3FE6+o39?Eivd+Ud#1J0KXg&^Z3{*YWd0$3XQj+pd)S7=foG
zAfl;R@S-`B2dsx{P5HC12|cG-ERffmrn@i5uBp5r*7rbE$Rk8Nem97?zT*+A<FrAl
z4<ysSBytJyE?Q}oEuw&Q7aojs+&weT*a*ECC};?6tvyc8awLEkTJ#S^njR=@WQopA
zu-*ADTfKVsMus!Qcee6}`U4z3YB<wgwf8mc`5uWB^B6Fk+|kq@UW%9yRhRNskpjo3
zxfJcT>PKk#{(6>1{=fJ->!>z@_TSUu6u06U+#O1x1%d=C1b3%}5*&il;!-FC_u>$&
zSdgH_-QB%~lC)3?McSM9y}x_z{p-%zlarIl?#}F<WapXZ^ZicAN=GaH`m2$+h3RAz
z#C>&&vQ^@v0QRu4w@JkiN0#)Mv?42!p#Q=2-ln`;p<gk}kBzfjXhWAgH1E~RKCv9M
z%r_qkPk1zvcDxNiG*D&Woh*IYe&T~d#S|WZBCL#`MOV$fx7Q7N&O?5(U2yfh4B?7e
zONL5ql-Sr<($w2XB?fwBHp|e2RztDzc@x+VH>_&E9=x^Ra;isJGgcTV-T;#C{HujJ
ztQy8puKu*!d1V%2h@VLoZqKxwV|(&^Gq<k=j4yS-6X7gpou&e7GV2fPj-f}V&UarH
zj^h*t(}jhD*#iaK%by(lWTr#`TnbTZ=)Bk?zqacg=T&6JXkCq{t#c?<^p~>F6~*sy
zp72#zzvu~t*08?00I#4{T19BSX|Uo?w*yjGe2&Ch_SN!Q>$ddI{9Qk~e<p22PSb_;
zykuPGDew5L^7?UU|LOj;3B)0DZ?m%)NxUTv$nvu`NEk|mX82=ad|at&e{MIDwCG*x
zu9Sq_sEq&e9huAO^1tS3U8QO9y(ZV*Cak*+yuDp0*cc3z{c7%qu@d$XelLZczBLW)
z=r{4y%efN%cDnwvf?P!}{_GeOxE;84$k5?DJc;Tox5(}~_6qRHn0ButEEVBciMezD
zH3@reNy;&{;Y?71SfnS%-j~JmYH)fm0)XVsJnS&Fjd&a_r)*8WQO8uot}GDdkW@{a
zGz=E!F3}Yu7OYy3U37!dgH<pYEJos#N!9k!7<I<fHpX~~M*#9YE(D?bf2zoxK5sbE
zkYe0V2hAw4ad;~>-dCl^Xl!r+@>DD7b%2yGx=-&?_DHxVATeORsIpW9C$SQNv&Oz&
z_M*G=W;`DSguBd3))FSo2;yYW%ishJ7K_t?Y{xi(`5+jzvl@LW51kz@Cs20nBe`J3
zCPg!4N(TjTwz;O-K@5lqM~xlQgt0=xfvKfvBdB%QEI?cU$d~>263aO5H6dPYuCiQi
zRX|D(rC@~vTUCxr8;2$(Af6A9T2=g^DIKUnCC+W=*@gq*$fHohWI#E<O6>7f0L(5)
z&4fx(+D=~_N!kE_Yzr>f0TKCnD#F1Pupa@UcL8GNtFVd1aLAQ#h+nD@iw=q<IWQbx
z2GUX^49oc@beK0^8e?P+lHMAbFSpjZw%5}Q%dRka4J6BAs_GyUQ^%CXN|>eFKXG%L
zLZk>kq#q_zacB~3*n`+TM*yk7To5K@4gx^R^7(;>DPt6#a-3eU1pVPLr*?ZW9LH#E
zI-#=t57~fZ>T!+CP4AZ&i7+>}86OXhDy%p@hB2v<Eww!&0steDVI(QB<Y#A(ikpm3
zJMg9;6l<l6;U;>+jsyA>3E`p;qN4ghtqDPlxyuo~X)*`Ph~@xDqVm1kHvtiB8hnJ_
z^i!`zBzyvG_#4kEKeBWM{5-()C=w5kO$mpbGnSP6WdxI~UNJW2O3;bg_A5<yH@2f2
zn-;w_4nP1OiW9%}&cfr#=c$4P-9c#~2Tc&k3Riue|C0+>lM#1={kNz8p(OIzB8Y?6
zs4}SeX@fiJA)~I!-p;M-lg8H_BjsQ`09dttS>8s-2w8Qdv#=FPX?~bimNF*Ru>r_m
z<B@yL-RbUHrR7#EAs+wjvUEnE5U)DHz|WefJ|`Xe3hE%?zoXUYY!0FVb9EQ2tU);}
z*oA>GFjqEAzsVv2Chj6_5B3QqbR22Iq``SG337n$sP=ydsQ+$|GFXz@24w8NHwCc?
zg!xEFJL^mipK6rwVp6#vlu@l#DJGAeiWoET)1>0s2nI}YAx=vjTM0etop-GCVXE`~
z6Nj1k)A{xA8VBc$<?Z9DLwRy|e-V#7g&0>VV8hG3%N>yS-&5dY*7JlQHZkNy%C$^G
z`(UcL^hOd32Ke!Wfn1nY)_svYzAZ?E)wxQ65lk}q$|qhOfI@9kVw!3QspFmzpVvoh
zU^32ml!Gv^^g1^n9n&-zhztq^F~LCe&oH258m9WcUE|tuF!4^h44MNI0#e%y|EG`t
zt@__z`2W5-I}1RY&Q%41oi035CtEx83$|dSDAYHJ#~>&lBc$gXnJDHJee7!-FDA!<
zLTR=B7hU7j{ZDiLyJ482|7i#S{(srE_7(Sict=iGEo!dkJJ@Fs(dzb5z6`_%fJwtZ
zw6L!rx5DFj%mGjfJf5#5{sSAmOpn*A9fYNhV~z{9gy}47ejbyr2LWP0FwEV=U=3>+
z3?c`^Lts$cR1g>hNG8ObUqS+))$SHW&qyx4Vb@0bVK5T|>f>6pS|q4)z>dcN2N)J2
ztqj9XxWRN`+Atup<Rm3W9`j>k%K&Sn=fFTrIf4J}2=|F+<5oOPHIXubj06By2K#@&
zC(P20`W&E)4P<5f5@CWGNQ{e<Brh+R9Y%NFl3BG0DFXp6{|9@5EdXKK$(k6b!LAJh
zpWsBk+;gOs;gUhODY0Bv=Fb1_H9=}gRRM`bIwPb4#gteUr8%QQjhNTTO3OsY7fWqN
ze&@0?kf^|XPQL8{J(S3Z1RF%z!->@ANgU4CTqrY2wsvA83}eNv@@L;9AmL2H_$&#p
z$|<<m?$$4Jg8^=Q6DR%GUcZ>fkD0dxU+R5AJs&V1Ts??5Fk=4f5hkqEzuu<yE^5Jz
zP6A7Pm`I5fq`Z(**eOdRUq_#%b^01fYAEQ^s5Bi>Ko%qLhpo9rxm5*?ASE>IiMcBj
zBU7wvTVAi-M+>|Bm_NMuIh8A|U`|#EHR>Kt9Qf#%w;a%GM!rIKzU?6qJmUgT@KG36
zoI!@|{|-=#fNqQ5e#cKQ_!6jel=IH^<#sPLdc}l{O(EtZ{D+<=yEoSBR{|F*8XO&F
zyVm~9oH6IC&nWX8>ooSU^~{?kg+Onx>yy-{PM^;}!GE@hCO}IMKbX65tug$1|2q`!
z`_r*ck07}3r@z_K88IGj+HEs`#RM|;$0c))ll1*T+q#?i1AC<v#FL*re|`VmRywe(
z`1D7Jtoqhg!(;YZ?A-~w+%E%lbVCQN;USRcZr`nbD-iV2luxeJPp-)L@`-e`NB(FY
zjurXRNMk69_v(Y<`SFdIUrgag1a7UF?d%~1;1j!-CxmfnHcpgEUDmu7HM#c=h5Sqa
z*c^-{dN(;!H1e(WG9r5NQRMquc4>ONgwM8jRgTTB{n_LPbL{28ebZF4Z&|FFzr>K!
zzx$)iqu2L%cD2|ohs_kvhZf*rgePcv6C%sfY{~g-c8lZJ<+;x@daxS>#ZoB?**jLv
z*<g}41MePPC>nZh4C6Ip{j`t!_WmyC>Xs~cWsFFHu1|~(NaAci$FNgw^u+XBIeOmq
zQRuQO_o;-3s#a0xVko-U;pBIdl@?))xZelt#K;C8WG>ZOq^NCV>#6?lPoKZFVB{l0
zWb2`-S`v!%qh2u#tTUp-k3F|=<&g)IZ+-x8Hal1UJlXhpmx<$3*nM8MGee%<5I8OC
zO&D?e^E@<cS>aa$ox>RoSN~36)k+Z&Gg}T0ne+A=&}&jo++i66I!2_URrerkl@3*$
z=7`T*aNb{X!^9Y<7%O?iv<dswdA5w2##5%H+;b4&#E*pF$u#u{8K=Hx4(+5|pNbf1
z#(iQ6x-ICEfkrXtQ_exvnzK?-Pv2-?S2IFBe@%;h=FgV5s(QZuDQ>k;Kvv$Hq+hyN
zgEGzq!Hm%6tn{{B+uAzsW(-A^T74BUBDS%sT$PiQG+*dfjx<%<Sizxb8fP@}Ra2jR
zGqz&1Df^nmcGsZs*FYZipL2#5(aJ3!Jc2i~t8e|WM1B9PbgX|rio~*_$4!FNe9Ojq
zc?aEWT3A<Fa1y@3l7`WDk`F%h#0s&fWAy!^(2m9z+6=|SN%Q5rKjgUI|G+h!$QF^Z
zJqEj-wZf-eJLU3Y1^E2CyG){(6eJ@QP7BJIMYcR2<qdc5-?c!Vv~UU?$kOe3TgLM$
zvFzX<l)7A(cNTupHYXQ!Tl*=MCVBqw<;K+Tqp{w(Gknv{B~U-f%$|5^JdwWcG#&U%
zxM*XkkfAAFi@dn*XiRHk>slnRDB!Lx5?wK*XwLO#KoK!#|877CW#P+0SXk`M_@4Z&
zbaU%ifiHcA30EO~i|%m1?|kZULwXBiv7wa~Yj-eRyTy|?uSuO2<;W+<4di3u21G{-
zkNY_chriCmZ&C~VtiTl@LXc5ECqGnJSM;%23V<T|=BJt_bM>URr0B2H@O>3TuRkJs
z-}W#^C#>Nt3$;`e^X|Ejo^{ud@MLxOOD7WUI0vssvTQazW<P4Y&bZrJ5_X^Ee!Hjk
z(MbYm;=WAsG*~XB1MlX$i75|MW$QOl7cw^W_l>cpqjZ#h+!*1^$E6U|gLV9Fk6kPi
zIdC-)=b69$^)^3g4`(Pof+(TkxLUcS&VEY1%Gj|fK`3b^Elj1zV>?p4$G=z=7=m>}
zN;)JQU_r*(2Og}Sr^^UYBwpH1o%_BjZ56{~IfPA=f%LK9Q<stcx_sYJ`3v>)W5;)D
zDL-*p-kYx}<4@h5ai?=`)CbftZhRq&L(Jj7eKzy9gvu83Myq25w`T7Lt3hno@>Y8L
zambND!*+`Nk4dbkNQSR=7C8|gBcjYgf(X%NEIST(<gsQI_?;41v*@xHuejDz&C!w9
zn{0P@#5N`pRu0QDhtk1OWS?Ce!n&8~Ki?gt8+?Zis{1@IzMDTO%|^!#7pgC{YL4G+
zD*nj1-d^O#|ITcsC(&XvDqM^dCPEE`G|+v5IeY|^?G;aL+cqJr>>|Y;cJJF>#dQ~c
zlMrQ$c}q$@-;65g`L*eDE;BNtiBK*m-QYeEbid2u8C0AUOC)P~_|k7<{UVQ!zUlXR
z^VNJ%kmH`o)g#<Q%?rYm#3ST!?9->b_eCOPK{26kwm@W7?N~#<Otc>1!Fg6X<prcR
zHGOW4NaG)_XM&PTZCT!)7e_tj8ff0D@g?qi9Np7Eeghs17cy;fSiq03LD}G<u<@vl
zh8+~CAA)|^ysE{GJYapSUe1brnJFPSNwiEW;@@=IBmoV~a?en+nyz{6gUVI>bA11)
z+VfY4we_?smHhKozWu7iQ%BqJS5WUCKoVhM#mTw=$Ew(!N54s*M?iCwPqpw}iKVWd
zJ>_Fh7($*8lUo8>?HfF*&SO8~Q77+7vocZYVuHq}TBW&2vK6kSAJ0Pl`Z8_%UJbI=
zuv*Dj?XM`4KD6WE$KumP9y3~tCJu~c72n$Skt;sY1g!l^c$@j%cchny_i!@l$jE@L
zt)^N0E|IKg&4;E`5qtNM2=tKc!1;ht(z7tpI|RU-oAbv*n@)^$kByDPV|z>D7`}E@
zB>lB}@28j5L9OjfTQ=LuMQ2XS&w%J{a-CmiuS7+$3sZhZtd$lrA4<c>@~&krcA~C_
zZLxyhUOIiOK)*p%%2pT$7`OJci`v?C&&ix$i_mcHDB)b~Hk}oD3_D{zLVj{6Ae<e>
z?f;;qv2_!AIeAWBxl6ijiTJzwYQEtVSt?$yz4=U*vr(t%`r`nW>x~C=FwhmZ2*w2S
z*j8m#1clVh^zZ;x^tovgT=CUIS2_ja2PyeYLgPakl4DpzTC6>nT6R1;y(=?ru3rWH
zxtDf*0^e0KvssV~dWjypncfcByzSWwwW*}M4IZ)Uj>hBZOT2QvANnQI9jgAR%xz*f
z%)-uwG4DgNOoKRArR!U2D&07B{7~KPw7w&Sr`IHlQf=3Y{q_|ezWMSo9s|xUMW(5k
zD0icZS9{gu`FO<U*|%pbwD0zP#OvAIp^K+c-##B(5lt@So_!-kcM|8H4jB*VSy5z>
z{-Am*33*XNvZ~T59UY@4rA_q7Gw15fK*6Gbhf+swfZ-?}6P;Wq!;{57xj~-p&u8Li
zs!V1|BJOf)r`uVwJ5)N}`J*E^wHO3iY!XKHvjS)D6*<pzS&;`WGf@VODg_4)+o5{R
zs<{f+Z4x->xcIr7QeNeY!Ma+;*X+Yy{8Cz^)&_|!Pg;bwmcQ1{?mA`7I#qsJ)cY`(
zwNCJ?puhfyqPPz0qidp@XwMMDR~xJQWBWB%=?=eSYxhvzn~S^tv7v>HZ=H0}RTI7e
zRy@0zEG%&vR<NXGioOS?SX91D7`~oFY@OHT&5uAv_PJAvt`J0zu&9^ep$|*$EY#@S
z8|JaGLQyYY;nfg&VgDdf@hU$QBe(*%mQ&)WG`KBs9E+$hyw^F<D7^gaeKHr|hkRYF
zWP;DN{KLXX=cSo@-GhO#(ZQKRbm|$qdc*r2q7f0p>rvgGa2a*~rQxTCA1>xhLdx>H
zS5)pI@&apj{Iib9w1W`O+^m~jQPbHB@3;6FmoDj{VAHMEx24=A#U(DMT}d01>9}ae
z=}8NB0_O+(sQ~G}EZ>j26miKAuLTc@T|cG|5u5$E5lKkQyjoW<)jv}HLou1UYK7fS
zBBc`T6uXSXn=NUAfh=pBSM7V8gAF`?KD*{AL%nyrX$Tqm5JOx4f=!10Q_!khYA4(x
zH9qlu!H05ES_FmJ*Jn?ja>?r?BKvE3yP4a(KL%F+4iHGUb_qs>JR_4NR4oK*k|UBL
zXLjDC?aug8xa+|dS7(upy>Dw@XeGYG{Bux7?v-)ebSfCWVCy;N-6>iW4iUJrO#gH7
z)p(UH0v9{I163J{n_SxnMkdr}1~P}^UeEoRlTnq8h?CMg4Bp$PVG#-52)H^u>+YB+
zeE5Sz7lvGgW7L<`%B&b!W>eG)C(7stBJw?D){h>&$cMl`ms<xu)*e$@GSii$-y{a@
zq2{{#FHiDjNE-_NZSM%S)fP$tIqh4~;pFkZ6W0GYEpb-K-&D(2-4wOoC(-(Pkw9n!
zZTL#9%U&6w|3EjN_63@HJ16KAxl4LzU0lQyl{2opOKr_&Fz+<Ln!=X5yn}4YO_1)T
z2`(2^uap&QQ6%>xoi9d3N<OA*)K}c|JD^Y(A#WXj!!46K@y}`i?s-8X<-;>cnU})f
zx1JCt{E!+UdyW@<-E|`8ZadX)CYBYb7HdLrPBsvoyocZ1S9_TG)qgGLWzEs{=ImFk
zRIcNB8nz+vU%_ieXvVe<v`i$c@Zdw9N2rnEqk(5LA>yq_OrC0<l)Sr1v!a(5G|(E>
z8yj1)+dp7;@<ydy`D3R?@<Ll^sM%7BNDqtDbFE(&u){1UpfHsS<`HtgQXOEhkXK}4
zWE96{O3{6k6}xeAxP#o<`bK~eSzYL_7&<qjA*d^@+o%1ctcvwNoo4uipJf4Z*3jKO
z{af&PYY}HFk>Dp}&o7>3i3wlAl!Q?l^MPhbt&EUP&3pSw0p9@(NAI<W3AQ^9ea<`v
zJ^WE)8*QbcSAMC=LqQ~G-3?YBUqh)w(IEb^B*eP4ZZ>30;Ts@j;o21y^+7_%^QZjz
zhPfR8PB^+#glr2Uygq|Gh3xfMDi%!j^QZ+S8nxc!bk<R%X#Xns^x>*Ews{~T2%od-
zYP;|@n`E`Tn)~x#aILyHjBF@Bb~AEj^bsW!sY+Dr$Vh|5$x5%ZOrA%pI2B)>rY7vZ
z;nm1NOo2>I=z&lDv25e@beMJbpM@@|<$3}4{cXzBZz?qD+Y_DjB6x2(K65Tr3@1yk
zcNCi+dUrNOhd!PQvi>wIG(O<vRUh&_1Xp-ra}hy%WIQPmown|sqH>qb%E0?t-lSj;
zEmdmCg9Tt>i$5p)<H=P(`Q2cjZzj9rm&|Jjo{jTYOLW`8Rdd#g{3qR9PQ!ZU&X41F
zXb*+!4aiZsVCHhUv|wXh+N)Nqk20EPuR{Ggh9(5+!esK0$d>fa`|L~s$3~5VL+|2z
zC`KQBq4uI+#7EY-yDcO;%a^_(&+*9;@K3herE~TvS*oouG&~EjT+KFfvtaTFPx9x4
z7D$i<wVVEOI7UOE_HyrHxj>2JMY7AI1x_tP&gYXuYN!LX?6-;U8Jo>qcTfAZ%H=;p
zQV3jd;<=>h319p<xklGIk({jMM7|#y8d1a>5Qn%pBN65hBx0k6(k(O2t;s;OqVd+T
zsB}osO=FFNs5XhIT29C>;)0{jsYN-WWuH%N08b4!nUc-8oKmACeb|B{{xKb|Z6pvU
zjO;O;eLoJx<2%TXU@M~V8Y-S{1XBNgWj|y&{zTe}MglyN99Mr1M)i-3z(bE2s0FW%
zSJyMn9OC+vsLA7Bv#lkqey8*C(tHyXa}w~Tdw}D*EakU}XG#WgEEv}Mb-z?P+W75p
z*9K(XB6m+5#1)+E(Tx(9PQ~v^cUN9%tC@#c@W4sU(7_=gxnCQYWVRGeg{nn*q0sJ|
zh_Kh+i;e1H^nvUguV|5t)w&rgxO??wWA#X5L$2s$`arc}F5Yr8P<1>tx$ONRR#`Gl
zrQQcfNCY<rXP9>55P`v5y*Nvp%^SP<D8oJyPF>Sfi}G0C&niU3l#l5*m|}6*VBSpX
zbX?V{^7P_epk@^v{;R4t@zKRro!Qzi_5Hrns(a?);5f#&V7W=b2Q)anj?v%sV&{~Z
zdbTc>mzNiuqtl1`=pwNwFqRtt+{(K@X&q>kpUgS>+<JQ#w~v%53dX6C%XMfVRMYkF
z(8eSZoV#D{idwa@^PV&AhqrY%{Bdri)c=sVz@YfTe<yb9M;-xPvBX0U+Pe4oB|1Fl
z+95oP)x+oK!|Cu{&dMogUz4F}8AQw3tWJQ-+1Lr>YS?1IZ$Xo5o>|`P3X&|z;j3%C
ziv)$7Rlx-uAhe5)Fb<B?m`J=q?a8yZ4+6A1kUHbp4%@eyW^hD?9L#$$V%b8YBXxpy
z354DnV|JCQGMdoqFrzZ3oT@V!^7st{(aov76cDLHH0*SrN10KxJ$}p&FR9AK-|Jy|
zb$;24356;f6l`W#TMn{po;DPTq55j@w>Kbf&1xSh`ghbiR%0dbNv}c-(iMHzGq^`Z
zhN~^BsjjJ{=st>&Yb$Xxha0a60ZNo9sHj(ouoAdL-^JXn!*`0H>vmC=`ZTJlzI`ux
zWr})w3pSGPF7KA0;T@HG0xLZaCuzY`_rZ@9f}Jw!5IcUZy@(Z&%p-=2zq#536g1`O
zQ#sOF2Kr4-rW+1s881VOjBoDmwi+^H9)n$!qq5&c48}bM3>SBs-(Rkvm;U|<``6vO
z6Rxn+w$prBvw6KU?K6!$`>nJ-#s#i3geAI8nQTi)VDoW34q5+JMg>VSgfRTGfqbhu
z?=rgCG|FS8FwDyB@pfIRS^(!@Re;6MASNf<cYrVPKza@!RbZ>l`N<%92Nll!&j$Ih
z;}LWp6#J2NU}tOMq*(%MaIg+++?0VRLsV>R7N=42z>$K^5Y;kDncMEf8s^jA)#ldv
zL>E2IcBP;)gboRPIs(Fdx)d66cBqld;h-EvE?{Ih|DpkH)5Dr2cv@hyvCoMXs9v!+
z4KEBWLQ7rOx%M>7@=<VTb^>Nj{msa5d9G`~nL_cdf@2@b^3=F+(rJ^*a}!VAn&0%U
zhZ1TLMh#L>t5WpO&g>M0L+_@0-`yb}PDoj|@3(XAdVKOGLhr6NwH}w0#rfY0AwX1Q
zd62(|p5ulsr{I5Yw<O>5ntc`%T@VM^*F`6C)R|`9M5&D+SYs!v#NR})M>&Zl5!k<r
zAm{j?pJ@FyNCHP&X#kt)MQ6yv-+T1OX2-7H5aE9zE0-rH&+lh!tkzawpxvgmCqz}5
zcvlu-g9i4dIeZH1h~A};1tpHMhv@JZl`f7#2wK?cxL_TZ>9WRLlZzCh&Q_?xHM428
zViB`;K&Xw4?}yoRP9m*~R@AtM#I2b{gZ%HXhvG1W+pb#1KigyW<LLe$cZXO%{TdWF
zP)&_7X-|lkn}FZ8%;8NNBET2T;W0|*N%~85&u&luSsa@?CEAN2IBIi0OfbxIbBw)N
zZOL@rP;;(AObM2!+4B~@yE+-UxHtP_;p2$d_7OVb+&Zp61BSHxzuT&vev2unB$j=a
z)*s#XgS+2W<6W(aMkJx~OO<rfU22U&J2~5zkH>k$UN%xPI*2~UOU-2C7!&MBp%kkm
zv47`DTbspV=aYc84Adn}FJM_7ir%oKA^_}tsp&I)X=pK--bxig=e=Rc<X1{<(1}kK
z;kWN4k&aV9zUfJe$G-$xQ8N;(v;8bcz3`4Zt(MTWiBj7wLm6w7owhUy$6TGQL`l_D
zg|IQ9jNXlaq`pruyX=cf1jF%eE`Wl(eb-4P)s}ZOO_f>95{m7#nO5L!pqeH*9f?fr
zG~1l+%-HnRj;r=ZB5Y_78xG>r0bzmJWGVElUC)7a=fQnw`RU%_rRd)vKb;bkx>;5O
z5azei?S2W(col7BD)*ydV={Ce;@w1F019Tjc+Lm8WwCr~v84?c8S$rdl+U){-?;o5
zIICNHWtzBAaP7r%`HN*Q5c>V6$d*-dofR>$Z9!W>kM1|97s^R4w=tO2NN}(EI^c%|
zT&_oVXYEx_)=Q?TtIN*~F;M??>*_(0;#F%A4VcHKJTmW>E{p~8r~RE`#@Xb~>+~$N
z){go|&0Y~G^zCI*XD3DgC}Mk!+`jJG2-9p60N0kq^6NzA<Qp@}E-B=3dV_L23-=uh
zQ<MPLCz!GmdcEU)x3=Q0TiPb>C&Wi>^f_MSC>!>nOv{T)|1!zf_uE&8NG9i~hj9MI
z+mBkPwDjbh*FF1Q=yhph;#$;~<fCL=n~g8zS3lNhH=mA%c0s`}LL0~13rSW3n(~T5
zK8}KEaZ0dAwNQL7sJan7Za1llWE~+p<Ft%31?^9nU0o#k3nE!<xchGWuy8|dLXF<p
zvb`gve8fWLfVSz@*)C3EZkG#LV))BIZ_Rj)wa@l2*Z7?F$DdGh|CR&F;F(d1LrHaM
z_lL7x;WFfQl;z~CsIzh2IMN+{MrrIXv{55@3aIaRcjJqe?s7JF?a>a@<}`sqP5sR%
zGs~MKaQnUF$-KR^`*gkGHiasdMn(qtYg<Vsl7b=b(x~Hr>}>WaRPq_=L_#}U>(HX6
zV(tw*n?-b^gu_jrAX#sXfP2LPiZL@+QP-!?_5@<rN~+V9C)mY#SzB%+kpq>_3_3Nw
z&JS`?D@Sz9)7vd-ym982Yct<w?5BvMQHufsRoSbnEuTIbe3jo0E#J08lfG7$pz!Pq
zK{j`O{mvW56TD5+rGTTI9-pdXeT(u<n+Ziv=by-Lewzd`g(M`xQ{qbBZ9uvMPcphr
z3Mg1O4%y<f16n@C#|Rk^OmVxPArMK932_OsIomVlZMycQ!^P^z&W+CcFA0*o>df;9
z8TWHH`5Luciv#LdHo5Z0dALyoTVQb&ua_WxxIbNUs-8xKTwNV<s@-_4gpqndi+UhF
z;Th@*8radl(OE;yYlfosOC-?S?Qp;JJ_ZSfotMUjo?ZM-1%Fvt7x8L-zTp;(^p|SQ
zUwQB3?08+KwUpI%N`HV3o<rPcqDHl08ZvJi5FSt}fCR-r6Blbdet9iswAF&T)lCo)
zzUcPEs6=5rATsGy{_^^}Kl!o~+ZvrU$EZ5WdGD<v`AV9Q?aL2&$h|h%7T)qh>2nb)
zD>GnIZ0oeyx@=X~YnOy0tF~^`W|zG8US~N(P^?@);bI%uqS?wN4!>Jy3*32?Yg(yb
z0k|#hhUQb~8|t5l6b1%v_ZWOY!S;=M0#6D9>L`T+)pJZSI5DFOTZ&|Tkbe?R5`&r7
zXG%tdk%byZM5%$YagrppLz#?e%6a2D9WL)#L^?S;102SW!Yp10Ox?nFvr{Xq@EzO`
z%HY*gDR1J#VM`(aHu5Hj5t3^>-%18CN|nc|)W@b)<#W(Lia*7a(UMybn_$ON9>>Ql
zKA}C`P*KIMQwBzhXA$wS4#k5T^^Hs`()g<>%W~l`{RB|?z?8PSghJ6)*k78RlH*PI
z{b0q{$8T8KZ`KLO^g0Q5I>R3Q9M=?V3b8<#=Z;kyn44#mH#@18yHGFYu2+gqK2ZHI
zqmC~zqqR3LR~W5Yl}ZFU0p1a*rKwVv0v`YAUT@HBGM7#_hG)W?Rq&x)Ue7N`jWgip
zI_4i<&EHEhvai&Eq)B_@CDjJ?1=9*^{tAT|m^PWiN|vP?L57)&d1^z{d9>2alJo%0
zgoIMHk~uiPd7|xCkm6tDP1l5%TYL2fb3qOM=<yt5dckAI$C24(n)l()(DEmjwRbN*
zqC;K~+(#*R%{-sFzjIjQX(}_~5*Q#T8-z9K!<vY+_2AK(n#K0T#_+icno{%JRtfz&
zQML%I*O#Yej%s$r8SaNpjr#94)Yb^*N+{@Ti3vn2u!dDSOdyo4PqJpfe&)qyAny+4
zy<#muezb^!>YOUf&5o0c(2mY6Nn=qeLY(Rvn_?jb=1RX;TowpvyE9oZkaU$|1i=!t
z7l6RrVOV-&6*tHkl9Vb1Dk&LmbP}{!s_X4tgCzcC{o5<B_GkH<H!8tvDCaefc9fcG
z#T#RQ6E{29wc;rwztdPFUUL4S?g6sHN_y`B>68a)smcsb3UB?p_1FC4&eTrh_4!@R
zwyw<x7$i1x{j=8kpF};n+wC_dE>LhR)-=`vAC(%FEY3N@7iWt#$~n?`s|?HZva#bM
zv$3;n!@}F=9K;Mr$me($TMkrI2xPhjJco#B8cn6E){_|el{B?8?HsW1aHv!hUwa}G
z%|F8Vy@mOgD+N*xWjmfyBg>whYQZJrH9pvLYZ%hty^p7h{K=sdPcRx+WkhJ}%42e$
z3mfHg9HIrKqzurOtsCfQ<~Yu~2)%XDac;C=Sdd=vqWQT~RPSkNjgy$NTDz1^+#&FK
za$s+u@6F5#`sVHZ&B>3yB06l%MQ{IX<67H33OBsMD5}<$A5IB>eY_l>$Z>WS=JPp}
zp0dvhPblPX)izEf5m3Klk8}KBC&tW>tFc6>#m@LXrI?yaqgtPu0e0qIURVA$_#cc*
z3ZTj`?<zT!<{~LUQ&KHBp^9*BtaSzRNi~|hb7tN7b|!PADqCVGr=skXrb@YNtZFQ$
zgPlDXGC=%K<DWu!0b1hX#ddhE-*NEYzkwGTsozm<-GN0uQvq?2+qSQ7L~ydpT=`7x
z$&c9*Tws%F{6e&?4;I!=F0Sxf)RvLo8#@>A*;avigo)laS1m(tIgX=h19qbLH(Y?C
zO)468rLubc(K~OWDNV;3wb{8)k<58Xgtl63x{FSFE`$bS*{H?k`XRlUOB*g!Eyd^}
z=m2(2NOY{u$rXd^lw3kShyGJ^X6fC$>%oN9iCS7fE<+$E^^4-1*xP{c*a>v9;`ROY
z%ym!T+0+*;lCJf^v%<g3qLZ@Fd!R7`E&B{_L$^Rh3>o~eo`+^U8LvFE+*QsyV>neX
zVy^lmL)fUe+Pp#%qp61(KC`tqihcE)vf9YlG+Kx<O+qM9d=bLcWSFbzq*lkL-&mVR
zJ7imyL~W9b_?PHW)7G#2B~e;cqZUCdT5^!6C7Mh;XAC}&z@~2H6<w3yr~xlVa0d;D
zD?Z%)4eBMnTE6a|+VTtT{ujbM?K}N%t21;J__sfyD#72B&(+gAKY=O6O#EolA|L-0
z#Qh#5m~^J$YW%_6D1CnXz8*AQM{6L;4a}M8`Knv?Eb=~Bi@(lPS~HP0r-d$V&Rj6J
zswF)S)M8pqG&@x%Ro)c8MP_|{oUvl#?rsS&olsKN?#HE8Czg2e<O1C+e>eT-!T4Ze
zjR!K__ONqxbtw!}y0kgAl--gqJzef~-QsGycZYv(S)QawDDjKSp>kw@H_DqG(4pz6
zBVdp*F1ws0z+bwz8lD1PGK3qpx<zLsq=6a4^(OS`)wEY91XEQw9hM*sXQ+RX5@fHB
zeKi;~siU3poipJzTopJ89J2J;p)a7zf1xk7LrK=Iw%cZ|Et^}mb;1z}-3#?$!2^o-
z^M7B4y}k()Y}69m-~9r`CR@Ok!lzp8Fo;xjRjdaeDF|!qr_zuw;0zIzy#jzD9IK)u
zTsqatH3T&-AKQP@=V9uMe8U9;t=wL@&aZMfrBuN<9ZRK~h4}a^G|c(P*B>jxtwHRS
zv3Ha-XBn_1XG`-*qfaiT%|9kd?yi@9tXxk#T<=_;^b(L=H6I;l(PxVW|CXPSwAvw?
z5w(5%<nI{e=kfLi!WVIp)qpBZ)pXV3P*Nq!MgtlXnsG}JkK?jDcI9L`DvB4`^qkh=
zG+P3l=9!fm(9mE6LUIa0?7-Vd=vGdTHg5fcRzLdd{-W#n1nY>i@+g*+5#im3f{|kF
z229G)b3VdxOmP@*Z1ilRYGC%v#%1Sn0?$T&c<l6)(@i^$KZ1p;Yr$&>hlxtwZVN06
zb8FPJ-5;No7G0(xpw?50=_?+lgXgG@5SnTTJ$JI#kV+I(+VwlEGI671iz6V9V=p#L
zp>}*HtKnwooHw>4rs3{VDPO6J&*|d>Fx^@g6kPBvu(Vtq$h_3sW!3<o<xA&OTM0?V
zr;<)2JdZLcQYj(`#Eqs#)TWLLI@Wjdb>CceO`-C28S-8Q_(at2GKoz}O64rhTE(}@
zfRt9J^faHCnKt1Q;^sfWOVH6-9`N*D@PleA`G~LPSxu6(LGry8)AKhomN^zJ#K(}W
z(Xd2No4Oq{^!n&v_>g8?uHVcnj1oERpCiZXTFSla;3F*#$)P~J=+xMp_}sUZ9*dz8
zXKcJLAt$oGN#iAV9<w}r>!tX)@E8M?xix%TTvw_)@t3*rv~PA#PT4UiZxQ_i22t(T
zBwZPbCHHJf$vD>i+E%N|c?^LC`KImb*09`MccXbYB`=PHu-j&52G#y4q9XmQAUhu2
zu-5#UR{?^`(@yTT^;?B41x%`x4JoD_8=vX~8-kJ)I#1Fbu7VmTx69M*6^;_%Xz{x9
z<>}eyp`+{}qEG^E{08sKnElDv2|UMqn5IT1m^zvW-!-p6vP(TW$oXbr`an3y4*A`}
zCe-Uq64mv=V^Qx6Qj>|8IK>3d&kfLTB^C9@VkfqS{OG13zv#T2rqqQKo^CWDe_1Nk
z*7gfZiu|oxe2W&5W&VI%%b3Rx3JU&!MG#xcf~!sO81T9E_i5w+Zc=?ueQEK@2XOE_
zW+J?>Jh+)%s$u)JN8zdYh=jNM9Zy+OBGMZKNNb1s!lXCi8Dey)95pr8D<N(CCiSXY
zePu%EjeVMjUuj>WsLy`=_?%VwY~8<lE^&+48??2C!9+PgxTlc2?O$mabGu(m>uyEa
zV2;;I7FzE&Fep2OSZ>+0h_9m2jrK2c(Ea??H-0^Jnywa9L*Zt#L`<<h1^+)>COd#0
zFSSWlcOw&Zp!Hu5lH<($g@m8Nz=Q<_bL;P7kjLV1usB!ryT`J&pCnD~3D_Fn?O4$K
zZbiuG*Na7JW!Iig?VCLtHJ41J-CHejUqT6~yMTkt`ykNO{JxA|OIx5q$w;%>^DW!W
zC-`<XIJCo{B2SIvPZDnHZXFXOrIY)`c#kf(g=cWJSk}BP1+Vq`oGK;x8$(x&)}=EE
zje`WlwlBN4>O3lSZ@W-Jzg2MbHL9KEy*5TX9(^x~*|;I>sxYtX`#tpGJ7r1adpQCt
znPp1Si-u(=`2jlO<P3+lvBu=xbwh8F_20i8#u7mc9Xd{G5Lw9Sxc$@51A#6k_!#>#
ztCQR#WN8d#yGDgIeZ@RMHewLwVcy#8OGdF^jUg|Qd(&u{Sk3?r4h~sgCUKTV)k$-E
zOeh9)&N19g>OMY4{E}00ABV#e_&*O64EEb80fD<elgp7=I6!r*_fbG~sTez1fPl72
zfj85EPmTOEgYfhH`ZUQ>MvK<GCxWt`5L$CN^Yc!@b)-x4+a~x$OI>;2R|a#;q@>)E
zGL7EB$0wL%_%DP^0OxSFrs*fWwDQD+H{Zpp#wUoXR)Ck*L4`pu4F-MeWj<dWoC2O|
zE2Xosqmw}L{$zYkFInZ6l-McdRG#VpB1(;9Go1n0P}d35)(Hy{_m6Gq&acCl0n)kL
z!#^jiy@!0}@cn!ezOp6A&8Y_(A*XaU41D~nHf7AUX*{fbig#oNu;KfkN(^X#2K?2M
zQ3H;~(!{sOuC0S<=W}!Oi=1uAOl9|E9k;g=f#d5{ZBVFjpmd&_`;wqAT5iDdxDBI9
zm-CRD&JI}l$f_9hk5wTk=!c3I*(->7qMs{@X*}h`j0a<<M2p{sv^Y~lj?=%=j(~SX
z0+<vg)_qOdZ6<L<9aHay<d3%=!Y+TOZp&~}S%TEn24!rDVAk&6Vb*mEJy{OE6K%&2
z-vBk;dn#=hs(Vul>WDF#Y6~uKA)ZbEq@{8N^7vY0^VAHhqseT#(ZSnq3ut8xsWCQd
zrM<z6q5VD%U)gTkm?93{*ez&AVhEJul(~WZ0Y08bRSI+UDp7R$hML?h%;shQ@Jj;Y
zF}8WcL3Ka%9P4YHQ+V=|wtBDm6kuxiJf&+eqo!z(iY6P3kXvo6JQJkxou(fY4}hC0
zwf1P0rkNiF74uzvksC^|nqP{s_Mpm-m+ZIuYyn`&m;xa%aHpRG&X(OZ^qD1^tLj`{
zm0<jqsV%UxzOuA?V@Aj%Ju$Ak+;FA7ZeV<e5f2t=htII=nzA@B*P;m-WE?Tnkf#yw
z$0>}2mtsp0sOw5ExkUqYD5W5L=4FCPqzI^QR=HGzr7H(-(>E0*WzJ&Jh54_dgUYY`
zJDGE9HV7j%+}ZJx${@v5;!)AnZCvekpXnHRXuGn^gVMo|ugDYOGUj@`hqz_$^^!gx
zk)X2q-<lbTYRYc73~ICzeSi1e7sv34ZU<XEU^kv4n|pU&h_aPsf}I4%fyBI$EFiqy
z8OvoU+&ME^pRF9k;WC<qTa{o}TkXnZSezO|nd|(7;1_+)*Q<g2yT7j$w;t};yHNJm
z_cI2=0r!_VD_uX)92zW~BG>G&rns0)<1zl+v2mdLl3&@qk%^a$%`oAjmBD+zRNPd3
zwwOrUQ9_bMX&&=M?k~=ij%l9sfD%J~fNA`@)Hqvv&f<ShxLV#4Cu(uME1A>?s=-Ft
z#okMZPEHreHuA6G%<pL#i{)faK*m!40NC$e?EfqLH`0s#c~$6lbXN!xI1|c!mBTDz
zeWIta__skQvspsezTR8KE&i5N>Gt3A-F%q8Z9UgnhNX@cZIX~`)lY8|u4&MCJ^N^T
z5lxscVok_xeBr5*$)rs--?wYjiZFyGo>M22Q;2e~HGMHzr+wrw<?Jr}py=49cisCE
zb#)TL^J2TRc_-|h)k)daN&PK)CfAuBt-!k2e#9lXm?a~)c>%r~^W&~gG#qbnQAoae
z)TE?bQkF^jZ%Sj{rCHC7+n!j3dF;hFKYvxiWWND>w~@#7tx)fQ>r&FKz>lYtjky5$
zFb7jc(+l+<|M25hdk-s4ew2o<we`+@pbMZ@W5gvTvw;!B^p1r)8#!AdCZ}O9_JPW4
z>_i&=$zyW(cVxcOY9rVCfP6rHoY${6c~oOj*-WEyCW9SZqb<(-8R;1%OYm0Vt}B7^
zvKED>OHM70h+N<+^vVN}++}Y-5I#N;!#_H?%)y^VYQO;iQO{=(I_~F4)^ZYw=7@s;
zV-heO(`5njW)66(gg{(2^Zm*1#J|wr+u8QvJ>h-Zh24dIcWAfE?H2?vewe<IKD!~z
zRSROS1v1Li1c5X&Kmd4ogc6PZBO?Lj+}VWXlDFWu`sRx<El<or)h<G=2H>&;a5_95
zVDMMqLL)p{h+s{!y@X&gkzPuZ&*0e!W1&I)p-`z@N0Y!C0q3PsRkLI-3fc`qMC%lo
zQJ*A2Zp@3`#e!eQX==jqOCIhNxF(moDkob-SRXJx!R8dtmkm7e2P^ZfuUIYDZUF>J
zHr*{d+Jvfv-L2V>hD(x$ykYSXj+zl=hWsxA=A`viJn8ib_0s6#MXQbZTg={=8y!av
z8Jz1ctmme5a7hB-=|I?L#0#c>ACHe4UNp?)H>?;WrQKc*T<l-=)}3v|o|R-ssXA;<
z&dm1hX2%fF<y6&Hmz$e|%IdVF68~K4OP3RIW!Q(0d>8F^O5Poaab`ka51g2KSsKA2
z25sY_D>C4X@w6^ryXGH%6<)mBy1%7kjUlWHdxCbyxlD79{G0#y<1ccID|x9fpQN$$
zI|i($KVn%&o}fTOrY}BRP=*5w!~WWY-8Um)^#Y<_3@BR+1YwO7w_y)EGI!{clIz}W
zY@8pQq3!m6uNxwFo`>)9Mi6OGQ%>Z<49GTLwB`WV#+QXZh_H$Nl^`A%AfCi-jR7T4
z@wWg+b&2>hKq<%CdMY0@c83I#=nQxl1tizxq8ja$H8?&;_~4O6W%rU@UL!w;6Po_S
z_UovWz>@u|nMR(Hk)%bGkO7%?_wo56-qDTDF(|ZRnjzxZE+x&zdtJI*tC{Wy<iZ9<
zEa}w_B{PI@-gH0QZ|#KKLVqaS|GB%YEK>{&8aZhwlG$m-RtTH0uNER72$q0YP-vXT
z<vpxA24_QSVdeP|wE{jZtc&sT4_9uP-9P{2bqh^*4tmP&CUm~xhikxNHEPXi%*<PM
zImX{dedtg|L@ZM(S46S{4psO0<swovGjkrj%q;fT2Wb)z#Lcm(cDif6bF@p2Fnt;Q
zQjWttVu+YQqipfC`SG|OWepyd7G(y9EL*a``%Ur%*OXyGGI{|j*;PQrEc+fM`v=}(
z@CLEQ2Cg_YTNzs-fnUT~->7m2cG)nm=l~c{R@+vb!=4rJwc=;v^o86s(~AC344!wX
zaQ-Hhn~Z~uW)RciQP<aaeqwD+NpNO09|vHPy^&Vz1DhzLst>;xY>l?x&G<yh)h$(>
zAxjJtlV3^e*5^nt84Jkb$Bp~!<RggFCn1zsufptqRy11FJE>wVN0#i%qaYI2x_apo
zCI0Pad;Q&eZ*X8A7JV`k4}m13B*DLVmZgiO>mX*T1G&acf9a2SzD*H;+bmezuL~`?
zRoYSOl<y+X?i8nLmnGmU%|#d`&a>%mKdX--T+=U={6g-Q@1Idfh<2a>U7POTSV~7t
z8inD;4cjK)&rn$|JMgb=ezcwPl}y=Z+J)qVTEGdRAo;demKvX6$PU(~6F-uaHyKA;
zg<CjNOT)nu+dVTLWss#M#GE1$_|rv1=4=j4aA<Mfy)xiHhjDz5`u27f^8iP-Ik<3d
zLfVYJVIm03XkU0EmC($eF`y%K?}`X3)CN$Vx?t7qU?cnWppwK79eN%b*rT`g6pv_N
z#&*L2ycI0FOkmsNx?+z^Xp^b^tv6G&<>lm|S6W8r+}TNm)304YE7Gy+H#^(mT%^Ly
znHN;+|Dkh5u4AzQHc9vJtG_d(Ja2d^wokR<MUVF~G4opq$tUW28uq--_yJVd82^-)
zV<)f0CYTZGFGt>RlJCNuL~0$jH-<*Ita;*9#r^sv1hSpBW)i<#Cbt@?*>t0P&aYQ=
zAtzf8D=zyQ<*EthW=wvNMX;0rL4}Oaf|zqDHQO;amoQ9@`ry->57N%mOO{-QS+veh
zJ%d305-CQ+DIBOaESi#&kN__?+>`-Bfsa065o6JbVquCK)}x4iyyZxg$<Wp1<=O9a
zXrNcuB+HEZH7n+lAHk;sem`67Z2fX?l7~D$DMkl<^Fg+h0rVB=JF_sZs5fc*ue!f+
zEop6@X*hG_f}{`p%wzx-IsDxRoY%4SteEy+T7E^v2&3AJA2tS%FzW|Y+1<=`otTxc
zT57R$_1i#i+4=Q?;L?Tws<goZKSDGFj<rxn>jf}2Q_6_hFg)ZZ*SCdP5rMf)>Fg*4
zqP|dYiM|C(?yq<2x^D!sMOPs>B}6RO2<#)J-=ifbpEwXtQ6!xReDK~T3m&57U~}By
zbB=eTnRl!z=2q9ilVOTOM7ci(>sJ-008C3_UCYXbz9@mEk919`;-na2)K-00ZEG1e
zgg8J_3-R#+UPPA4vU9G*bargHEvAON15xd4O)|DF?VQefLye+y$rISFjY4?U+HXqZ
z*Eyo$8RQWhnsZ>_lGC7LYcaJSFJ0qogdZN4V~InK5I=d->ME#O)i+jC$&C0ZA-^Q0
z?lTK=N+sI}g6MK~V(A*7DQ80V+&kJ&(iZX+-xSc$uIU-cPP=Qhu>@5(f5lKPh25BW
zwUc=TB`LN3P*8Zmk?>4CZTtH&i$AR&XM>e&-l30v_DT3{?y7r1gPI_k|Ja`hHSvQ5
z(<{E@vd>QbX07xMeFD>`krY>M5sViSRA(u8`0M+kCkq|kM%Ie{960*za)z_;f~@HI
zt+U<T50x)WM#kya_L0d+d9;|>^opM2ng@g6m9Q19tamq@y^8v;%*!_s9%kbw6jjjx
z_WZIaPowJ5PnNYAHTc}46^3S-{Om>=k@@k0#{XHqv<H(zw_%0y?98l4<k>AgD1=-G
zADsPoz*ek+S8?3N8G)U0DVfaRWyV0eKQW+|=og8CX7Xy<=~^`5p1!lD%-9l@VkTq?
z;3VaF?b)a)>hWe;6Ew-g?IpTx#^SnYX9V+*sI2U1VEOguvfINZ>q?cQm3#n7OspKP
zf5M&TXzm9S7ZNA^F}<&X?p^yHq@@Flo63}JS&-0cH5MLvuYCGAoaap7Dy;e9aaGve
zfQjetF|Ye8wC={v&cGf`lEf1M4)As)mS=DC;~O?+nU#0=z34E02_qrxxXHN8kmu;4
zp4yGe@UA4!G>f#e<$s~;4bYQchh9*Y-(3jt4V^HPyP7{~@!%YiVViSWXGeT*DzyH?
zpCV@0>P%|8FB}{()o=83YvH)rxwJ-VqnZ31nN@I_S2LA+1BGG#!opbPFS{>q_jY8K
zWh$;i!qB6&s+vYzsx<FaaH$_DsZf!fVSksP5i)qJ*Gj9!4<E9&&CC9jq?Uk0me;#V
zO>WNV+qN|1UhtVPxn9v9*o0iF9;^3;5pfdDfseHLtLh3_3;%W9sc;oU8i&;dtK<Jp
zcxYk`-VSVh)WRPfs=h8*tWm5=?M3ayFQ}}%C6MZG;8SnKTcHoCn&Kb^1A+8>e460&
z64;zLw>dWuXqr=NKRB9DR_`M(15O{1uum`No34BY%Rlw;;|KrmlD>J0+R`rP`_G<v
ze0qc0@iD}hXdjqv<ej6+MXj&O#ivSb-tvKyhE`wSp7)4InRm8~Bbl8`HLf(BSL29=
zmMufvOjVVC2=hVKSu1~??9iyR-8?@4=*I~>@;(|1JjsfSOBBaUC}326M=OFbGY&p}
zK8_B{E?taYb`$6+6lk@g2?So&17Vl-sQ@5MQxgcoG(j~`V9ZMRe1)T!pI3u=R2!&I
zMXlG8Ko_M6c(Y(f1*TZ>U0krID51>K(xF)V+4uKVvfZC#hwNBStiPgUg(JKB6kH^!
z#zurXadon5MnVbdF-0WjVe!`mDtCL~K^~zyEP=bXc{2-P%qO!X<Y7iYpfUxnu(DG^
zlw1V(m}4{(SO%Mr;;#Su(+9?3kVLt}XN;3>08*t&IXr2!fOzp{gD~zsOx5nj7RCk~
z>HOiWqvFn2&HIIRF&<qCJTY+DJ3y|JS_b8(Mv>@$WPe=l3-E8kvu?PXC;H*f{lZCC
z?$&BP5OLyiaj`-81>>GLuG2qkqS}Q?QRh|)?xzGFGToA={Ro)X_fdXF4MPpr7-h*M
z><ZF``pfPT{)G}GM#T_~qa04>tjs@RyAAAwZE<XWlk;(#mdiiL$$joQ>*7|6HD~WQ
zx=fqW5>L^-i2s<58n5R4qO8^QSD#ecSI|mkNz3DLd`fLL|CsL`HQf$&?31y?sV0_l
z({pX&EwL@<ldaoO9$nFGhgJf@+M0J+B!-l1b#cmUC>|Au63AnV(oxBM*@Gz(DToD?
z-`g~I(IeHaHLq&0pIaFze_}FZYJIXq;{CQyTK<ScWOq~Gv^xQI>{G<|xoxQSN-_~v
zP0WSt?j+Mw2L8BAeI;|(0b+axulIye48|p#V*c$N>1qWs?gt1^W3yA;l#7(Rh2@Z{
z8?s*B*^K@}m=f7G^nMCDk`xYj*)>`)5<=AQ(fVy6H0fZ+O4usuvKlOnXFJogMiHkm
zvhlwFv_MP0p@#Y|Ac}A|{*7p&MSW87-ktkBm#Xd2FRt%vMICM#<}!OMD;tzM9q8l1
ztEpD5OX1mA%1tTUqEmfa)5o`W-l3X>=XbY_?)Ifl{LSeUIA`AVGlqCE+B~;wH*jZT
z!KVe9-+N>3D}OMJMI8I`jxo){^$H|Nt^AQwe|x)RZN;j@%$3yc{V=NocWQFTH)Xs;
z`ujK8p2h1tkb^~Lp<WP;93X?nw_v61c`Km1_X-ZVb{p9difoT@ofnh9_c-sud(HYc
zl|A>Uj0O{yeba}~lI<Ry!*gAmH0y*CtRV+RV!b`cX$z8}*V|p{YH_D?KKWJd#GHys
zuY2D2y$K}b72eHv8Op1nLaWOLRY!QpZWh$)_q}tQNm06l#m>NfeM2hgvg?ANjRo|v
zXW6!VSG^RKCVMm9_q|@>o)0s0Z)iF5cKP~=c?0iHZoGbz&DB*#NhNo8a*d>ykG9CV
zkJ&Gw^N~qXXR|%;dTx7b&V|vT-PqH|PIqol$gtOJW4fYuo|-vWLzi#8=jkNP%x$up
zayH#l^pbnhNhL1q@%?C07PQN3k%y*vTjzONB#J>_?X+7u4yNwz{vqz{={<LCtTye5
zQCwBY3MTt84*Wbl&lZjSZ<u<=&r(Q~kqD*xTriS>9K7eFBrrp;Sz0du&qa%5r9-#Q
z-#m2VkDp0v+t+II2VL$2k5pZi2`e$>>#fe2^@vsssvO_fGWT9()y=6i)(e%n#*FIO
zuBB^PqV*iXo8NAOu&^Jm-SsU#b?!<}-ovxN@QGHZfZMlqp)bDs;rGD{1xPx@1a^p|
zh1D7p2Yta;&SUwIez+xQ%?WL7(Ai-N!F{fEwiLNpeVAs{Ref3wY(q5?JKgR|mRT(n
zCGg1sUMixg5)`Q=DPH@FnntRrB~pUBxVdz%R;_ixEp0(ml0x&FwzqX8BWl!Dw#pc)
zg03K<oebAj>4tFK?wf3F5kQoZRa6X%*Iqp~cZ=2PRd01KJR}hep8I!Zi6z@{2+X$$
z8J6NCaFlMWW*9KW0o~QKz{hoM3@~o<D&84@WyOFDrGUbe<W`x1o2wa_+`=Pl7b7z)
z;w)@1U{a)Em|+RqR*f(U=-Orm0}07(I2`Dm*4lEl)m3rWsuvd(QL2e|BZI3LQYu9*
zD&i`Nh{Y^vhHkux%HTSxgRbX}?(*8x!>w9M+LEmevuI!rtN>>LE^@5^2Uak^d%b&c
zUAE?(%mXYgEy37gmhJ)4=Q~#Jt5YE=t5VeKU2*SH;CbEM!v(^)4>hxP67|t~^5eU_
zW09bU^@QT)*DBaG!D?EScXxMpS2I}d=XDwaKmZBc>z9^HRc*}7m1dJwCOUMc!BA&9
zuoyxBVV%{2-K$LEE@Y}mOICt$NfFjAB!+KUb4Y_~)I_R~HmxE=+{Mg98YX5UNTycl
zw#JGn(Kzv_!ww9nU}Y>~>f2gw?V2G)Fo=ZO#j&Osa$JQG)}XN}t&VPHYebSNs;sMh
z>%HT?_teKR9K}STg(oJ;m6@8RQUwAEDFC+$EQJt;DCBUtBW<N3Mns%xL`p~~*g(vX
znG8-x9FR!kA_!ZJ$^L<eq;0aNT}_e!5(qZJ3{YVRJQyN{4+s!J4+b=ArSA&3WasXk
z<K(N&$bH<c-sI-?6E3T}AyW<SyC`U<mFbr_#IDexqr*lH`!lMSo0n-X0(+fJIETB_
z#;csU?;Y}K6x;W`vAy>5zk74lm)k?j-bCfW+1ty_q?A7H=?R|nlJ2)jyyDtLHso!v
zl2N{<>ZiPY?|P_vx8C=>WQ;v?bZ2H`Wg=>i?cck&aYc|q!k39n2xCZz5HP|*Jmku;
zY$P(`$t&#hzBL?HERw?Wx(t%rQdZi%uYSAK+g7>DGge;<j2-8mdh^c=K?d2G)>W&|
zFFY=&8OL{OiE%iWFwDw;!@=E*!mP}~tTPI;GEXhpBfZBnnuyN#o1BnL%n7@?MrSPU
zU}agDsWxU=yBp6f<Y0NG?iqswNvd7|D{n9i0V5L&T&_Y%iE87j3armsj~%e3sPdIn
zcCPNOl&d?XrWkSEurOTA1q=>u>I}>Y%g%FTldHRl4P$xMZ%`QN!&G&a+jUr>DJ&q8
zl9kgULUi5jcPZm<G&N51O&-@+)SOU?1?$dpPbk(`j_fFIyP}$sp(K!EPBsa~k=U6e
zk~V945(`f33b;hs3;<-2%dHUz)^KY~6jPG`1))x6ZjgY?08rKp8KkAC8uhn^-L&1^
zoT&+uyPHCF%Zp@3I(5zC1_zPYYQcb1B4Mpy3;;{HUQE-267OAR@RNC+Ga?yX)Eymi
z+o>c1MrLUY!v(Jf0B(n;GY%)Ir63VfPEz9{CL%2cHOpH9%#TR1CL75dQXMSd!E4x(
zP^6H+F)15FC?1CMYDrVN!-Z;0<E}~)auFpg9ookX6P=4Rm`^V65*Xgb>ug=&!-t+;
zA(@zWN4&WCjjJ<e_RptmViH`eVWnsxg=ZHP5t0!mk|z~c8yQKJfmyIha!K7fN!)aT
zcXI&l;YbicIhpT=<M+1F{%`kAs`JrW{XO*qFkgt!?*4VFq+=ZI*IaX(krR}pgwTyb
z$}rtG5i=RKNsAraL!4(D{jTkH)k`z^a&4JR7R0Md$cg=jj;DrJu~sJ}nV1opSXHHn
zKaJl1e;&H?@1?%D|3~-EdG9`sVV}#G{>w^dUDNA#i<D&)7B+VHTYoD5ZKn6NYkd4k
zFP=c|>DuPyGnNz#(o(9}#1cObpEmRF59SB@H{>UWIM)%{f7j57C7Zh!3N!W)4k@av
zixGor{Su?Yo!obH8?L*(TJvtU;Tvco(NtnJWbVd_H+NC4?#3wAl%gxE%Wv^g5gHjM
z;-AWQRZ;UHe3B!t<gO>)<fM@jlEq>p4AoGpM6qHA_xbz3wR|ZYe*`?_{~I(L{RQ*U
zm@t2Z(NwI$s*x4wGh9&|98np7gd`ydK_rOAk|P>5SI?ENEt_9d*Q&O@zc1_H$@SZ-
zqq~82QWr5Gq>zxb%_&5}(9>2l*eWWx(&VuzRZ3K<E=Ulcf%y4v-$%ba%6IbpJpDgE
zFVCT$GZj%5#BGAfAZ!{9gF&!t5=nz<4Pdbm6{NOJ1g&4)t-pHXN>pVKG9n|4%Tg;-
z3-Ziv#m-xYHtEU|josHSVu~OunB3T+HjQ%S-P~N+OB5K<h>}{XUE({b{ImL&K9PHb
zpWS{wSK}*;#3U<Ch~y}%RZC=ket!PFr+>c>-L@=n&bkBfXRZ%U(S!5iC<+uPC~8X0
zU>hl<)Rs+?10u3hSt%+DB>o=pn2JWFq<$2`D~KtIlX7InD5En)I3``(1z4gbWYA6@
zm*bg^e6yLDXTM&2k8j1HQK)Q0q>740qLx)w8CJr+pNEC9?=x%O{qH?_ecOLMWWGMX
zE53WXlEEebM0Y!|StLj#(J~^_xtyx+*t|J(<NywjttXy5-Z(_hJEI;t9o>_n?z&-X
zcSS9=WvZXL&+Rb<Op$DpKHv}L;psQgfu8+zrO9ZDVald51c_y;s+DS~U~r4s^Y72U
zzWn~)zl|QV``PQ7efVe8L_|bW6jrk$l8Dfh+bJwkMI=QL5=0n^$+Q+gw3>p{NfwBw
z`XVZZ8WF0hqOO4it0=Bo>4?TujRY9LM!Fp3a+8#fZZh56j8_YYT<2Leeg9jl<*NGl
z*kRM>zh-<vM+GM`l}jaXqL~R<M<!}SpsFGnS|psMq!wsJs!^5}rBP~55=kVavp&(E
z-N6kGU-S8o@&7eN&#;Fl*PpMe&)v55HByqvFw~WsyStZTO5uYsmD6j0Tc-_!WJ{)#
ztEptEN=qe4Ep0)!Z|zYS9vsUmQ82WVR8tbA6iZP^*P+bKa1F{sX&e;CW>G36W+dH#
z5ZVO=CmRvPz>HDnR9X_0vQ|x?#*LC9P0O2W@m1EgzCN=L!`bWG6;P~*B2vQQDzvL9
zEV1z6@a6R8oOkcP!{g7-e?9j7^Pfc}zO%c#rNc=|+i-BI?f{ZfB0+BJxZ|Z0ew&Uh
zMJ-BFPopTSG^!+Yh|JAv0wZW_N=a;0baZu!x!Rx0Ke79Xu4G#d$e+}K7(ds(z_oRO
zfs~pYO|b)ZnF>&_0K2<9b8Mc*uH*y7us2?4M|+{(DI5w|QiBO~r;LCe9AMTYXh_xw
z=59T6t{7`2-fmV4nPLv^_q_;EjYkG$AwcC6V<IPQ%m6`=s8l6fT)<JxH+M9-!@cQN
z81{!bvB@6jbkYvDcbf1yn+*X4XAlQgKuHCP#tDZ25R5e<p+gzUt9HB&re|8UGi|qa
zHJorj>YD&*s3Bt*NG72e%yF>M1!hbnG|P5K<+PUz2X)*zcW@0Jvze%Cnw)h`Qm*Jt
z-3;#0c2#y<t#Vb%b6qV=NzPoPcTL@LySr4TjGV5ZvQoRZcXiM*w3|hjD(t1rYXY)m
z%#uI1`n_}W+5Lw+`<#*DdooD)DJI96Bzmc~N$-5*@%Ns4$2Xj_&iF=g?cDv}j|7r;
z<TE+psjigP!W$ay-3Jf5x;EWq_2j;$-EuD7-itBzXSr){dwU<U$a$5y-z}b0J5lV;
z%jfMq;|ruQ?goOe#7XyhkDbn1GrH%iZ;c)==pJ`&8_dpqa-XWKs++9syi1})>*tw;
z9!(dCdV6sxcB^gi%6oqH#FDDJNY3obqY^yZb>-u@-YwsAYsaD5!H<Rv_WQTF_oMW3
zN!yKT<Wxy2q`chsq>_ETbnBm&=epycop;xHZ;2X(g2f6SSHs{icp;;N7#Kps26LeT
zJ$NP+XGJlxv~z3d5tPLXX6tdLGQ&$o6iz2A;`+7lLB@HUb=!Au1Q}KH>{)91Uv9_&
z9WRWw?@5+$=FKdHT>jeZ&I?J5n$7m`HiZF10tarugVbRqkF`yxdMprpA#^e4M{^%F
zC|MuV=l8v3SLcNZELgVX2=p$l2Y5(=(BoID236i}9^)l+ywr{*up7XZbQCv0fnIHs
z-7D0sNXoKRTC*cAt{LUJY@N<?mfhURHB&9dBFJlld4**xMSO2wajx!pd#%*fmB&iM
za||hSAf@Lm-M4X6QQ%-95=>C0*kOr;3<O{!QgB;ig3_)8t|FZ?5_vaG%-dbvu~hEp
zrQ9+DqF5ObmhU-pcbZ0U<VBMfs;Zhv44ate8_rHsIJJ^=^`&)o-7RNK7$OlR4Irb6
zt_Y$mG$^G-Xh|h7SF9{Z5JC<NQP=I>Kj+_%ZQ9?fFWu~~Q?5|qoc7XbCfB_R_50E+
zLvB^yuaTX>`EeE1-N^Twbr-vP-Y4GllKp+j3sZNwmE=h7s`ozI2P&HJp7*M~-uJ!k
zNhap#&dkWmMC;}mu&Gtui=nrfJg^8vIgmIwBeZ%*69^neVP%|*EW!vA0zgZG$ZS-G
zl&dON2Pk1i?W&K3FH5gZcqg6_h~Y)&o;(E7idiJhCAlz|X2GOuK^$Sn3#%H8GC>D5
zZmU!zvf)9H2;SI>0w_6DER2H~=XYx+YMY2KY8yp$<dki8)(F%ClV#LOs1ZU%;mb{<
zWpyw^Ro7sGy1=1}E!fRbrkv0lyKF8(h%aDe4be4?I@1XUs>&%E_-e_8ab31R(gj&N
z@aO#r&`C%nP)4GPg(8ZQ2P{d8BBhFvq*lpgg;5~*eDmeLz5ae4{(9X#|9kcDe0+Yz
z9?njR(;{T3Xr&c#R1*EMB&nHlB_)}qRa#p0n`V@`s0|4e6*g|}m@@@J<v`{iiGl18
z{Kui(3^;sGj(P9Qek%(?BsNhLvVlnxh#-kTiU?!-kAF$KR*^r=)%TnIyYIff{Z+T(
zTS2zTu^SC<-_Gi?u~AxD@PR<dLK7qbW_Na(JGG`k-+5coi(T7!v4=uO9@wo5lA~1C
zG>KHu(8Ns@87Sgal8P)rEJak<)U>6af_v}b`|tP8=dII!W1Ic=+kH2wetdVa^rx2J
zx{TD)D^jdR)HQ4S<4|_#&XT&|)fBEIRYgjuvC}s)C2JF|>Bnj{bnXa<iGf|*ia<MZ
zOmlY4l3x~vc;TOM4qzB*pT52O8O5Qhq9UqlODI-RCRWSv_Fj7X>+^>5JlmZ=bEC}u
ze*S(r-#X@ZKT1VX$dassJ}O{jA}N>b!Xs6Z(Ka>pwq9B;>{4bFkeV|x?z#|cWDw9i
z?pQNpW+8x}8_S|yU)0z6O;#2u@?#~Agm*kn@~vE}iy|d0D<otvGmR38s|_;3mP!4Y
z!}fQ5{>SgF-d(@FH%@Q1545C`NhF_6=SdMHlR+j0lK=(I#_rnJQ7TQ5H6lr5*(yY~
zfhw>7DFP;xQ&~wxHAtG$RHoQUfI=vz;EAatEF>yX0Cyi7P0#`7ap!UbMqK0t=XTyI
z<rxf8Vn~W8qNKHf9d~oEk<G!*iXtnb=IKFqaiWdaT?l5pT`3E}&z)Xv`<YHxQYbTe
zwQtS-`uaE0P|-lmD%Lb8iDP1OJ-zXBzdt{}f4@Cm&UJr19QoJid=SGQ=MmIJcXxLm
zo6jq<+6A_i{-ZY7-D<C2zny%<nVSg|L_mgv5R8!6#VzOe?f$>dKEKfaUM2AhKOYC)
z+G4)D@4#pyFak~z2*5;|!qxjyBvCOjA(0LAxwSIobf|8PXiG9bv_Eh4<jBR5(35(H
zZz`>*h^UGvq9@_>{g3Wpyx+dRugyQbcY)Wuci)}(@85rK-G26}v=*&NEmd0E5p9UJ
z#9Lx5u@=~iVk|^S7x2VneQx1YYLcj`Dvey*n&#I4EEx$^nN?D<tf|B3;rB4n^C=p9
z>2mQ&@~K_l9<8%%h=O5ENr9z#Jzsynz8CuCarf)dr%ydy^Uq&-r`1&y5phMYl1njX
z@;=D?uV0xRZW7bU3HV9ACi>s9nlU3WK4<&$<IkM^&xenub@`q*9P;0MeoJcDv!u!l
zpUMxQFXVDWl6ev&hv%8^o#wcPZrgh1W`gHVY0c#38mNgD&RB`lo2Eh}ScO<x7!8ex
zg26>$5Dkq=S`_lbd!5bdW_L2UZc3OqbEFtb<^>vTp-{|3U~HgB1=S%9x@&+kax^8T
zh%i@UnTa_ZWr}S;!m?F3mv=av=5DJ75l;k8Luk9shJ@P~#sR<sjM<GUB8D8s1TQ3U
zw%9_|NGAyxS}G>M6vKcx<*I;j0wN8UW(g{=Ly?9a1zV>OD3T0EGninOSPDwn4M9?q
zP$P*zgt(zZkvL$6D3&f@RlkGn>#N`MjlZwD&hLpm=^BK&&v+Ua03HEgd{@IU&Ai-D
z&ro-^Res%`R+V+#(%!yQLT7fI%c=Ui=~>{x<Bjz-cPRRKd0!x@yl(uLOQGEMw=B6C
zC8V6n-m!x3W^Yw$Jv$_-_09EXx(`qtwZnD_#Rd^|TVU?*8L!cIZ@ucFsXO*%8aC5d
zgXTX!7OA!VtB-O#P(O;7TAOSx#%aCf?cCFl{_|x1*&z38_#eUuG;m|y72)r4vEhRA
zp1(RfwN;@$6UE<~-S>@Ug5Pe3=<5bX-Y+HX(U*{Fysgh@TQm~vSi8>mcTLx(tr*$A
zsda}g;;h>UA5~G%ZtE~-sO0TQVoL7Uo1TZaV1v8L+Q^n&4pL?2QGUN>_gl(+xxG@~
zpP}c+vufeeh|STr-7+ona&(nad*1h@Ih4*N>@12^Mx7s2<E<|!*=Uk|?@3hIB%R&e
ziAfuNNq4n8y?);*CrMQ&z3+HcdbYNDmi)cqa%NYX%c)(OM(FJn8aZyeDtTZwbdsc!
ztGl;aB&wvRr|;js`|rN{%5M}KahAd{l;yV4hV3$xn?|%7o}#xCr7HYcqP^K=HvZkQ
z>Tr*i=KLV{L!Skg)2$y{@SLP5ppsN|?!r0Fesi0<&T$=;ci5qh7?_!iaDjvn@b-cb
zfejRRFv9KnqBm*4?k}lP=gO4{cdYZyu-OD2l}g6}z4zK{Vlfg8F<>cFGIQy2TCA1}
ztwzo4OrC4U(}*B_5zQwsd3<wKu%p`-E>Y)b-y$p}eWxlbH|pr{<G*N`+{O$G?}m%G
zUv~jt3GlFjOvwY#@MY)Ge1dR^T@#rfMt!h)9;&_Gkdm6vtMK@J@>5UL^Gn2)zbBpc
zpj3f?0l;%GfGQ-F3j)a@>mh!&#p^RL#c~zNE6ev+y~gi3CfifG?JnD7w$^i|zHDn7
zBguTi$ybF%DyoRD9csi;IhoAn%}UWt%8PnrF~bAF0iX;h9D)#59483Lm~4-CP3fu2
zcP(yaX=14dbEb}QV}{}`F|SRs*P3wdW;xDP90xbAHrIG_6=6<=qKUC^(eF8?yf~*a
z3}x?B^l5_!ktyrE_Vwp@?;afo2~h{D0l01uql%omZ+B;S^ASflt&5!??;@<?q6wV9
zca?W-?po`o9%gc?#8J3R$3O<*Q5Oa@P696$gfSf6aZ*lZs;ikRgs5w})NbUcj2JW)
z?z_(1<>#8a&Ub7WsBd}B8@tXNM0KkgYZX8>=GD4qp07LSmoq&1Q5ed}FqF+r1W+j)
zOIWfbBPtkCg(O=}M%soZ$c%^)VkiuN$dh>qgs8zuIPjA2mnx%4;&YU+^Ilu*>Fm-z
z2qD1=6bStS2=GDB4cy;*&$;y7*uiPPd9KXqcTq^@6CYlbmyHm8qF!{FuXndA!SXBA
zFhQdQ+uHF?S#6(Zsjk!I<>u(PX4&1|g}3P^p(M)oY*^ubW)pNXeOJBFzewBiTe5da
z?@2qm%TmlczJ{`F#vWBYF?xFI+wXhc_nEU|v1NPO=f_vw?|a&hG0Z$ZTgM_<63Hl#
z0%-}(G7-mnI&fO5RbAZ_+jn}C2}G+9NraLRXpl%Tvoa{;0kB9+q|#)R6NtH;B!Ggc
zk^)iCnA4VbnmiFwS@UFeRnoV+cIG0!o^Ks-<tndkowzAdi^H7f1qmlhiq;~4kdg$j
z+G?cGiL=OVRlJHt4aJ-htpi}^Vr93Y2UvJwofxvR`Ve%*&p`w+W~zX^Uoa({31Q~i
zw2c-w95-8~6qH)QS$R(8IrXIks08ui?$(e*7)J4IQ`;=l!a&||E=Ux5EOsK*K*ywM
zx)nig>`??2d((?Lx1s|uQZRVt58=R(gq8zFq=GdPXn@9338<_a88iq*8n3s<-`CgF
z``-V4J^Z@-U%snRkTk$xhBjNJZRFSP^`ikuI0?XT=ZEjfdVf$u5BJqy!=7CJWzPO2
znp&|vEBcWj^AFoMtVUU?nZJKIG|3@07)A+|FU$J-uE)>R@2cJX<mZ0vzrJsmbM;h5
z5pZ&^pY7W}J6)Hr<kJWwO!%*#zs&yqLm%Bgl{ca2g1g7KKf}b6gn}?2KFK_){lV%A
zO%VsbzSLTaETRh<B+*6+g3*Zzf+H9sSfcs9FE4(5`u_aykFLFb`ue>1KQ*=J15%94
z!)?dk#>cWgWPVZY^Lagf+bY>@UO#z1Kds>F{tD-Q+u=Wpe|PaG2>28M%mcGC4}5-G
zdewgVG?@^Ph@_Cw`}lj>N1vVVJHMOvKRCSb`UonnDz?8{`B#4Wujs@vBMeEtufOB_
zyZr1>S%1&-tlxZ?-Tow#gpf!l1`;y(sd+Z_`R{(TL{dzX0TpbvTNQ1zwe!!t@66}t
zJM;6T>r?S&npjF}=Bci8QfrgqwXKPtn2I6_;sPPhT=etNvh(lWbDQ0MbN27;TP3w6
z3jQ+)=X&=u_nz!?b~Yn45aTq%LL^ATm0*CG7y^cnO9Cej0T517Sd@uG43NSV%5hAl
z0^-4m6Du}@P!TLl((=~8B!hqhT!11>$_T_0hA~K>*(i<5!K2+Q4tHK1I&qMSGb^U%
zf}Q27hc0t~rw$x6Ia)n%H%F7$o-GQ*i&ljuG!_c87?QXHwdD%9M3BJ+B;d8tQlyxe
z1i0BYFvbdGq`U%{R%43;k&_b=VMw${NI4rx#zR)%;k%}xQWrOy%nZXdJ62dDm6EiT
z4OGCxiG^Vn3z;|&kxQA3MNpVd3nJ6iow<>UHs+#>blSS6(E>=}Bsr8Ip3dJ)=hv7V
z@bJPi`v-Z++~=CTkoJ4~nV7@PcD0lEk6PI^CF=C|wfMf$kFS{|l-~}WeaPxbcQ6~n
z3hsE`yos`LS?(~^o_ThVEMDq7Mku@>3=|fj?S4L3NhHZ1XRCFyFk|Bpk9`hhOsyOj
zRb>NqJL>GQmEl9(lX?1#m*kIbdvLHtU7vG@Gdq&!c5}K#9o@Lw-%P81i?al}f~&iI
zGTZTKVl_s2&hFoOM(UD2MB>bi#7HNm*_bOcW$3(pzV%tWC~gXv=d}5+NiOaZNis&;
zs%}qv-jYb~+i~yAXiQ(v$-QqK29*^o6=a<{I(Fm7kHLR9!X0A9y!dWPp*WN#jLw4Y
zXw9#o+gnndGzp{j95wd+7@OI_+u^-36mSl4dv`<ojrp2m_cJ@V_tf(Zs2CUtJtWE)
zhZ%xoE$7d98HaMuU^l~}ua67!VM%l<03IU=7{v%t!_9386!%A{T%4q=yq^U&19c*-
z>wz?)*LN}1j?GJ;=7O1WgoZq%Rbz<uv}{n2RcI>pg0^ifO>0H3isV@Lu(3v%A*G3=
z9$L%IYP{x)<@4p+#^;^n@F|9xTi#xi-Q`U$E$A8oEE)h*dv|pOw{YXYR8$Z_&T~y<
zYj)8QP8+$znK`hsisGX0Jl-R`^UOvu6h+D1C#{VwK}2}l3N^cEiVBLz$wP`c%mFu#
z0o|h9-9jgKbs5PPVUk8jQOd~{Vdi6!Dmd&+jSXW$%q<+)ZL>uj;BJDO%O+<U%VDiy
z-Lp|`jYVr3Ty~vC-G_z@@f$ekJCK#TyQ+|aiX*O6voPU_J#DMby*r&rdSjh2i7{no
z1r!$)P+hHLk*(d)p0wo>PbWzfMG-_%6h$6e%e+w}Q75kN9J!s|dFO~wkwlS1P&6VX
zOd^7a%#f2Xh=}mRU`J<;+pfYQBa15_p(PP_CvxUJX7kSHD2fFJhNmQ`P+bFHY{M`h
zKq4_l0@Hc8ZMLcu4VF$UlZ@nQRTYIK3ZSU&?%}(-2B3|sYF5_dh#=w;4FfT$w$6hj
z4ko1#A_^L9n{;=1cpBa|D)1cFbAv)I4k+d-qDfAhx<)N&phAcOn7N3fnT1ulWY&(Z
z0$Ak=8aQAVaY<;BdqzhQOA)Fw@zxu!G`0IZxzoK8Z^ir6myPz<dSjWAdBR_;J0Vq`
zCHWEw=iS_iQb;#O`YzPH+{r86Y@Xc6xjtfLQ`Y?_uD!wg*YA7G*|AE}&mT11-M=>A
z1SxdjuFV%;W#<j)Mv%=QBKG(5>%81EG7FmI;`7bi7Z(xf-P2c*4kA81?+0!as&kT>
zsEfO%xVX5oO5BZCoFi4m#v&YZcGB-Trv{fQSs@aM^08E1N`{rWrik^9ay7**-CJW^
zQ)?ZK(#x+rcbm<_2TO(x=ba_s!ON6m(&w*UJlrsMag1P!G0TUg!u8&-E*UVG$7RC@
zOMq_k&Yl79&b(mD6^kVFNyW{nCl@VGIm3x(5NQI!I^H^TY!(uQt0b&rWTC8;hU*OA
zB<mH--9a5V5jL<`C>cpiQnC(kV|Xz3IBz%4IB4}?wmj4luTgRYa@GcdZ4Bl!TF7B1
z8H0Pd%yD^myOKp>-8Wvv=GNqr65QO@yP@H>F6ncTRlFU}Hw&GE*PVJ^z8@Z8E8*kg
z%KaHL7=$<p!-Menj~}nY_wI7@pLO$X(fVHj{e+6OY+F~E4E{{}5J`}3u`})Uf<Jh;
zD~>3lB6{Zj{k?wgpT2YV&Kur(@cipvsW3*oyK=RD^qEGPM9?J3FhesDf@^2z?p^(U
z@8{+Hd)|A#_1DI#L-H9dSgJMy8Ah%4uK4P=&f9)`do+uPiYlXmsEO>;+uy%_M1AM4
zyX&V_-h0<Gzn`^g(%V%Z#^M%8LGG*b&2M(CUj>)&p+uofoLpQSL={hGhwpz6-TdL+
zUx%K0eE5C>gc&epwf3#`_4n?-5sXK|g$l2*Nq?*>e+v8*@n)vR2c23Tixtl}&U`|C
zdo4>=AlYF3mUKOSoxdk*eIP0zkWEDyF{2ob5forHuDxG(@2m4WyY)NA-=966=e#=l
z!!z+vR6!L)3=^AM)oW__mfKfeTk8DyG{Hqt97V-N&xe`!@5=SReEaa-JUQ>n<>$}G
z&&2ut_6d-hzSb_Tx|3wL_4D)b@8bPqB9x3k#8Cts5Pln4ujW6){tKh&qj&rcc)>mB
z)q?)S5@tdhZ|1%0HS_KLUlMRtMNtvNM?D+w;&<N-ey2Kg^SA4#<+V#H+P0n7>>51N
z)jX`*JD6q{-#rKc=nz|kt?!$|VdcmhQ>0oPz^H*M8dbn$ELJ5_m`NxsuE8=JV5SIY
zB<4W`u3>T)02MHmLS`0Pm6t`sf<*vo0x*`tQ7j=4uoVHsz>SwPBaSlE2ttreC%w3L
zymOZh@Zqyqg1m6iP<Fr<Qr_rj+@_<w=IL{1Iyks-z?&S2xl(1(OEA%fhg75o70T<!
z#Vy_DXCs3+rHk8fQwOEqTwb%;vqMZo&D<kErZGi<K&86Yb5^Uh%H?x&mKc`Y$uKTV
z;VFn=IAv7h7$~!Klt(jjc6V;>+=^RV=FCW@0)SBwS%yevE@oj^Ns|+TkVzQ{CT;<N
z`M(|g^jpsP?JvE18?A73v_*8qu&x@UMon!!^R~{F_quUA^wY$V&w7f`qy|Y1$?A#|
zxVGOtf%skjJM}~3<dR6BYkCYAU5Z<<U(@vNzfYCrUU+>=GjrSCurD3)toIyf>+;20
zYs{W2yiXKNB=Y+AxXM1o7X-oMHE!ips=d6#D(P=-(Ai^l#dFN|_8Jyz%Li^rJek~&
zJSO^{+J3paQtKw=jqa|Q9nX4bH0X1~Ic(jYFP6REH7(`ckEtBp9eBDr%Pd$T2sm)?
zP)~c8vV+w&sZGw@xs0Pr*AnjTie~Vx+jf=Udc5>&l4JA8*`vL!;0GaSde*wF+*e!G
zTRRQadhB3co1<%Q!$CCGn|$A16_)4+%Qs<$J8j+DZclsLvU>fVbWW-#bAYR?@)g;c
z<Pvvz&r9}s<vT=^cV)#JO1zhReQg|2HZ<3>GjeA6zFv65l23cjv#@37yhYKv^5Sp1
z*IrZ7CfX<7Xgc#rE4xZ4+ijA1UFpEJMLEZeNhJ5YZ`dcc{avexF}beW>Yo?0C2+5~
z4f0u@<tTM-+0y)6^pft`B$8WghTN0h^pZuR+tt~x_tC@A$S>{NwJjvZ<*>k#mVGJT
z*Yu{xB<<UNv%YSRJ8fnr$L_M~(a;O~+~>o~+CK>c(JU1NkwpTER!K8Fa{5JF($(u(
zrrKE6S*lVJ#3dB39-cjR{Cerzp6l<kB-}*(qQksZA>qrIQ*6(pl<6)uc9fyZX65fH
zkES{x?TyFqtGuhK-7Pk;=<EY8I9pokJlR}Z%|@O>qYYl<5hg_+53CE~XfL;^sRr*J
zmzMl00N&7t#o&VBPeSHJE`++ED!6D}+|PFX+_FEQ__o9hc0m3)yc{9$=BEtekl{)y
zeM8;vdTlu->HFKs9WORBqz@c=SAoNGoVS8<ELj#<qQa~%9aY%_bTt%whJi&CcQ7Hq
zp-pJHBvs|ydc3KntE%xN0&#~Zjm(UVmq8^#*=I8;Vi8w7I2+DQQWXXSsiFa>pjd`Z
zE~18RW;v0uGz6-<N{YKvVOYB8imK{U8<+?difCyntD<OH>e9tQE2d_`kRl=iG&V*y
z?8%BWA|fKF)ldpFG&xgHtC%Q^v|_A{3P{ybVYwud4(@kul1QQ<6ckWVaGYpSN7tV>
zn7yq74=Rz7qN<#hswRj@X`_JrglGIz*F}`2l1il{g$Y90V=4t4QKKV7(AyBhiZ*3V
zn&e6n+<V!*eZ5)raNvc4JP7dMhl30c1Q75+3KRl<@q4@3?{!ys#aHGVr2bQd+VPi~
z)Vs_tG|-ZIc$yJf4W)l@vD2%EWpeX*Wx3hzMJw+0*Oc^!(=KCveYSAFGZbj~q`Y-&
z@(FuXS%k+EtjgNFY^d99le?}&q>@!lH^S?>YDAMG?87rULZ;~5*C)N~yCw9w-2Kvu
zRa@QLcYW`7-tj+qv*06*h4I2iC4_=OIF6QW27u3Wz?{tG1}TOvVVt6)1q>K*J03Z%
zy?X1)0io?D&Tfri#16P|4@jnU&rWAuPPiJwt%{<JTDxu{xi+dSJJu21lPH9<N@|)y
zBE(2~nAJfWTSscssU#64l>yLn5E@As&g%jgcXnyCq7~hOL=i^ePh@9EW)x`Eg+`-&
zMHS>-^JEqx&mFE6z3({q-W0t&H+;&LX`D#9>bm7NO{BNO)b;V#zg*uQ@7Xmbk(NqB
zW|)+qsU*ac42mktR?9_MAHDu{-=CkI=Uw=|ProVpi9-xgn-WA2P4200wO;hw*NbcQ
zBpM1af^Hk%Kj2P}@4rvwKA%o>Y#pWz&*A|j5<xA0P5ISRw!T|k`SI6$U(+EFr6nX_
zFd30wf4|;eKOfh{=l6Yc*N?A_@6q1{w!Wv(Q3VAQQN?_Uk@yugxO2>py#$W`ZL4Jv
zK^RUPAmbmvj{47?{(p~uZm2!pq>ew{$|hxB%KTM*de!?Rf-uC%5LuX+iIhf!RSyr>
z<)^Q|PCsMJ^nT~(&r|91nVFb<MZtoYLNG<GHuK%p<2$P6d|k5NnY7z&dAI1K13@@^
zHvAXw$zSMwy1Rdsw+0L!#E?iN5(wrd*_9`sziY1KNz~J?D^Q+UC(n!Z3`Wd}Fu+45
z-o8ICUq1TJzP~2#c~1K5`IumR!9g(<R0g#ynv#l_<U<f95D6fW;E&7k`Ec_a{rz|s
z?`<;>!GL}w2^&<kjq1Et?KSIPx=IrPVw5t&W=xSHoJABwTvYr&54wEe=ifZN`SjD*
zt4H2yuiaunm{9;Bja2Dfy6>jd=~t)Tub(f>h|pkgfIue+!f=8(Z1?H-dt1lPso;Ny
zhxc0iN<~Ciip&E+uq=TSU}yzv^h7~MgwaOAV@gO<3q^_f`7`-rmVUn~_kWMh+?Kaf
zIn8r<0*NT4$r!*XD%>fd6^*JJ#&Mu)%V4$BjTwMo0pMm@z?e`@RW4<~U0BG#NiYTo
zt(0UqmK+2~z>eAA2M)W=C<hJ}3EoEI+;+C7v{*Td5H;XIi2^cO!vRKVuLYr|ElTQj
zrtb5cs}ff4IC7O%L>*ZU**G^e%{PH_n&#QT9neG!9vbsQgxK6IGj`0}29nA(+%>>W
zv@w8YLzn=TM5;kJE0K&!tOgeuW(!ytV78(SZJ}TVtO&D=G!W+_MXLw9Xt}1g+m?%o
zyy42zoH661^M@Qbm~L{+<BuZ&!b<E1cOYz>f^key$wpTv5URr{XdFyti7-(VP(q|E
z!fbOS!a$WGGbbpdA<PkFSu&QDjFvfuIlW>g@WM~qAF%IdgohN8ZG>7AnaBqvBpk8>
z$rS_n*0Ubv_9Qo*`;m|nIR!!gbpJVf*Eqxb%$sB)`rlu-ujsSar9wf7t+^X*rreW>
zu8$$JCe_z>W3PET&@AtuzQ1^@=Bs>DolM^O@s;rh&K17O=DW1QTGw>Pp92O!>hMwT
zDjpWSf=PE^gIV?4_bgeKidZ+}Lp3->O<bD#RNcdu-FI?D?^M_5BZAG=BR9z+QIhG$
z=2Bj5Pf04Il1Uz1$s~?R0rEOM>C?ULx7X#|twE13B$3G`Q%Q13HroxkB=@9}9`P~w
zcp!cv7Oy9yQliDORgly1+P!PldLZG<Ra4}&D$F&}aP8&0^|>x!c^x|n&w`&PH^bJ!
z_mdE6r|v~1sLi5C`!w@nE^JkDot6`|k*bt$PhR%sz0xV?-5KY}P^_>45Z#xY9RyoO
zvqc&dfgHSecfOtx2n+E`-wAW>bTL@LnYb_z4gr_}&J1>wtLx!!#Cz!V;VPItYY;Mn
zg7_9JvB#d>Ivaa}eH!k9SxWQkc<a{ZO&S&qwyiO%Ri!LgD%g=}V#L-V*^zD2YG!$^
zDZt^nF&l`W?71+g?q|%~%gIXWQk@X>UDrtvXoQZIO+r{gj%#a44HVN!V^oIbZmyGg
zxbEU$aOQ4_M46LuY1d7T46Z7iY-oox4B2$%+f-v&o4dPWxM=V~Rl2it(cG|9!mlfI
z+g`nR;&)j#fN!g=h{1Wz>f~x7G8kc@qcB(-J7{mB4@a)%DM+c&S?(rFryt{{yiR5A
zNeWT=NTN%-WazJSjE-H|;~S0*9b20ujmaQBUES|_uX;&0MPzO9X-3*zxfZTb2RBCU
z$tS&-EF6wj$L^F;>)y-myS4AT@6>O@^A8Dsg8krdqC|mfuB1Vmte!npdEYlVf<35a
z1>l>pEi5RMcXw%otg7+TOf7WN4L42JMICP#*6!v<ZffpH!7O<eC=hT;-a!K*u^7~n
zDa>XOZZP$nAp}Kqk`kBd?9k&n$}NX%BEuQz3BwE)XpkWddy8DqTtZZZ7Lt+Oym4_w
zuvd0oAf4f-ch5Q)cp!HDL{S+rg9amg-#1@(*U!T1zuG&$4tlhTu>SDp*Z>3g5J@8e
zCPv#U#;;FpZ?C_1txNajG7$kFf^Zxlj}87G$N6~=H{$mE?y^+#y!G!~&cr`0vemU^
zq$yHZ7u9OMRb93D3W%c-kfMqW7}`?7vRH^UDON?Y*&)BLopGLTTi4t9&az84b>Xk5
z8)~n-BVbvAFhsS5WqsA|%QK7JR#$5K@Na(gd~arqGBHf`A0EEE`}6hr_oeB(&Axf*
z__D34?N6xs#NPP5IKMx3>-0oOh9(g}WWKM@SDWhl{a+XFr+W8(O%TizYn89oy-j_6
z*T2i<lNpqRNjJsk*N5ZZ(p6{Q($d9-IsKoBIB=3lAaTrbFyTXf^Y%wp)TO0MVQf`_
znW0H01qh<a6<aM>sc9?q_~+Zb<@0&>=brlZckq%+^J=}qQb>_8B9d0szbU;nPoJAw
z_xtnF0t^hvXXEkCdEK11YxUOi=31*Ps(xd9ay^2h^Q=d9C+~b8t7@&Kl|_}LBn%*v
zHTin=^ZR{2e{%W0K0beMkFTGvzdG-~-jY)xfFM@AeD7MS^4rfhX}^8s$jK1NnZJL2
zJ>Pe~$H(ulUmu^pzeEIt)@xss7NwFFBNMk#kIQWH%ucF!=YNpMKQxD&O0iBPNwnmI
z0?TL%T}Ci1Lb%ySAR!V!K!FU1lZ2dkBya>ljxcMuAqLr4%%YS46oG)GSu9I35o}@-
zSpl46U~mGK2Hs-A7%vm4oq3h6^2@QhF}Fv6cHPc4*msfMmbsJ4fE{Bn-L`X`bGyXd
z?<Pe<uUt0Fvr{BO-reDxb&-z@BN4+R6=9AB1t0+}7)_SIVu;<ldfp+<nH-ZHSshuz
z#h8{_U~8F&3uAKEmWMi6ZMNoWFB3V~?TiY*%vgy?pt8#FLNhHOgP4X5;Dnf1mP%O6
z&`D#6$sn-6)X+pJIOR;TGhndMG66XiE(|o_R#;(TB80)H*`m2qv`*!6AZ@lTXE~ac
zsBKx!epOOMe-eZ|)jZl3w6$wlTGeVvD`l;+Ax5N`g9b|_g@%!oX+n%Lk(e@;B(%+w
zP@$GaOKj4anIx365?YMOrVXQ5)h5-7qeY2JWid-6q|$7ysYSLR#<eD8Fo@A&!zk2Z
z)M&*;wHs7Lv~7%38p*S1hH5dj6h(^}G^Q|UjH;tCN);xi8pejovsqguR920U)k(FW
z+ABqAYRJ)wZCJErsM?B<)ru@ww$fIkYAj<jEXt_c8mcuLB@;!6)M6uI#G$n*K}AN5
zlVY$%jM0&#&}>+fQAtHoRGSiG852bmV`QQt&@7snjA^A!tjek_q^)T+5k{gYHiSx%
zk)Xy(iYV4*El?C<i$oBWpt3?jSfZm?WoRNmq9Zn`CYYkNr82B0$x#-NhG^K^AV#Ev
zVy23MiYn1$&5T-_MT#qA$}LK?X*C;6O_o}TEloDbnKLPZN;OG~QfAB&MuI3vHc3e_
zh$&4nlR%~~ucxPvqxAE(_s37(e(ZblBQw!oT)?5arwS<96f5ekz8J=nL*fBDqp9+X
zvvrwbpk~ETDz7zR(S4k-Bp9tW?b|^nIg&{vg3q=*%_V%8z4zVp?^?F36*`cQYclwV
zn^Z0DHXTm0cOZjur)Z+DzS2d<%F3EK;Ju}Hw(^kXi+rG@`Zwa4fvqU_-)_0no8(z6
zic(ZGv7PA!oCT=3IduM+gvPl8b3j$~?d{BwY~F?38Mf~pol<86NWo7ppu0QT9Zqm#
z;zH3{?A{_?bIR`Pv^u+m%A|lOFSpnLWc+aZ?D)wT0ud+QFfLBMnbeW&_^Y>;M7%VS
zfQsv^4_;UcD-F2ijNXG_u?W^~uB_t?^}ZpgyHsGmEfRD4*9Lq+xqEw{(eEvTXRNO`
zDZf!Z%F{lI^1lP*OurCC8WlRYbQ9~`I&@WQnXT)gTU~Q6=XU_hofdUn{0I?nL?17;
zORks3=Y8n@^76<$zU2bkJWTFvO^X)JoTz@Rh^~!-AB_0~lm?%Yrzep54;CucqJ?hE
zRZctzYqGDYYlm~XD?ZxJb~-z|8hK$_Zl0kfuG+aEKp<Hhe4gm{zTVE2Y-`4^wxp?8
z1`I?10u0}uph$dIHrc5==f>GQpWg3zY_o+Bi$hxPsXFJNMsJ(j<=V)MaIME33i(UX
zSvu<Q#~KzR;IT&gs^@2C8B)~2v}_0jTmnlv*5_vz!;%W>>V8P#XQh-I&T(xFM=~Aq
zzMg-5v+o0BDSXvgz9B$nuaA=9tHf6*u|OmGBstV5j(S2y@6XaszZ{gLZ{0ri^W{nO
zFWOaERQl1$HLN&?i%ZP??~Ap-*~Pt>7EA0MPcBq@BOQ2<&9I#zNo;qt_qu~vy6BGB
z2-=b=S~pv-nI?&NByd>=w|1`R$TaO7zpDZW*5D*{yvY0Hb;0*geIGn>A@TV4S7(Qq
z_&*6lm)QHeY6;w7H`>LCg15V@+^j9F+^1LG+HHnLA^8hqQq8N~-c>kJ@@PWOpWi9J
zE<IAJ+kTPHFMOT(9A|}G=SMItVz7c+!j~s~554F;+Vf=loCl8*2_O^EQY~iu{z#Dr
zF3_D<1+wh!-+lMURFUF?HRp)a4{BtRH(s3##z86%cmePz<_x7^@Kn<N1^6=0wu0wh
zU#@AxQY4)}e2h{3B1oE$B6LBAr>nVUP{>u!mR%$<tw%Dcr;-RX?^r<kU{2~vy!-7Z
zep*5_omf3rd;;PX1~Mm~G2a31IzWCSk?)YaeEGMI*us<Vd>Hne%w$OZ=kpwp27;y5
zYDOHju`SwnXI==1tF_PWHCti80ITd>1iWIMWjrp9d+)d9MRI%3Q5sS48g&MCtO^Hs
zIf5X86zi*H{dM%E*Q2iSN{trtHZ9HJ%Ib?bM-|FXC`D7SZaW!TuyOhKRX}ppKGWYW
zcfRe_@|@F+EXC>^-78g*R6k1E_y_gLc_#MXU{)%|{OtIklOZbU^1M+C;It-sp*uW9
zw2%sUwp^WtiX)547pq`_sRn@Y49Zw$Xv+ER^qX1@oXf=)nPO(;)B5@A9BYoQOnGZ<
zv5D(5lOC(+E-m_cc?~Wn^5NQF$pT8|x@>)wh{)-?zJ9&WN%eg-`@Z^IlQl*HH^qcg
zjUltdBlo+NwET8$nC!n+B3}9g4*RgH@UuN<&)A~fsJbBZ8yF<HoAaS`vX*2hR$6+=
zYPd03QO9zk&Ap|t{U~(|K@7ZfC_d6p*y%q@vQjU5AGy8;{PK&3<y9IN7hwBQc?lJK
zby@c4`{l(EeJbtV$09xAX2E^5AGu~y{s5t;8rPZ(1Iy^RsD@}i6pec0A1?*vFcL#2
z+(!4b^~4J_?=qg;6lKuL9hM>EnNC^z4NAtI7hhnPmcsj*+7=LMF{Z+phVF@W>+h9g
zwYCOOTWs2?Un*O9EPbuib%AOJMGfC~-R^OFCm$FaN8tU^=~_wXykTJ=YLXX}sF}@g
z%LV|(*!$tGV3nK6&OKe&YlOi>ObaYWD)->!iC=y9zz(VmnP~Y2JP<$}2fmD25Fm=M
zlO!JddCDZbXWb<$tQ|B=f}|JQr{Mlxs-hw1Rf$>E_Bq<>(A*Syw_LQN>DIpPyLMfR
zNN#5R+L)D;roNS8wMskDVA0nrC{sivjtAu)mReRKN45G8K5G4axp@2}2Yukd4gKL2
z*8Z7X1dzzV@d0b{;H%;B-b_Ako3-7SBx{jk81n`4%r^cah2t1u1&E#LOH8yVjR>h#
zxpjjeQ=oXRQVN^w<wo(Q(bd&Lx{<j{;3|jK5X^YS1e{ve3*FqYrBW-Zl&u)JO<b-F
z2ew|C*eLYqD>kl>Zy?%y#rNMb6ocrv{Sv9|AhO}r_J%ea@2iRZz8RPjymZpvVXx5-
zy{(JTZ;PJ32jzcjhjcIr$BJS&&K_5J(xzoz(56Balk2&c^<c_9l~(5!kw?*iy(}iE
z@cA`|B-iz)$HU%a_KF9e(F71!wh`R5A!Q8V@^`du{-bxfPiejeSXQK(nk#r;wqziO
z=Ewwnyu$|!96bZ;v!8pMkX{2)#hZ-JyNmeMox9RUXI6*SD$m#vPWlorpgx1w(*3Zy
z!9<gO0i%TGW$4t#Ms0H4W8s0Sb_9DgR$<Y-02|`CdQXG->G;G%`T3!g5QZH9u9(Nm
zn3nwaMcy7*$#sai(f2Vye3RGSOAn1v_~^qA7<|+3F>5T+f@=oU3E{k1ftE-o+2VmM
zpvw@WzIm`{YWSAiVV+uoldrq1VkayXHt=P9DuAjLc6VcQBin9B3JOUeqTr!XiLr9I
zdt9QgYtpEwo?TZ!44?&2x*J2`C}MXAyjta%avS?9moHCVsx9-4@h05&&HH1p1iP0L
zgFHYr_b{&?()GuXaygrVR~!>-Ggj6OAboD&<hb{>>KxV>(BdwtLw<hIH4CWloPw~a
z=HQQSV=;^ht=CenvYf7I{6V!o^oz!>L`1x=vQHYmAqX^VJLV^N^?JS+@4kTj#*pC5
zeHm(fa6|C`m{4nqpKjgznTiqd4DBByOAxd7mWo9MRzBSp`^j$#Y(W%^Gh=?*I4>}H
zdIwGqKDT~@>Eup=qLxv}2;ZD%P@FF}?aWndthxp~4)3UARAsljyoQav!X5i$(q^)K
z<2+*{yxaQ_*Ub4I`I$FnWgGXD1c~w=9HgLt<2->ed*GCfRL^n)N8JMOR?O4!w1xJp
zAAFAD2z*2OLqPY#;4cpPduj>u@{TBwYt53&q-|WwD?u4!=LK&Y6lI0>EHbujg76(0
zDwLYG#`WdhENi0r!FCvg)7%-E8l|~(E?b6ldM4?+K3hBn^%w4n%{NyA^2@vT-%E{e
z)^sEw27-=!Va_z=i3myunBS(JUEDpH;O^|n@(gvNebskP<#loq&ScxV`i?uv#pDB4
zRSB4Tl*CY6pu`d_%dEWVg;_hdeVFJ2QiLe|i62jFJnNd-<w2fKP&EzUog(--4&6_?
zv|(W2l901bcJRt2=VWJu<on|8#8YVM_^*j4zDRlsIFd(;BQzWnqX&|~Zq3!Y{IARC
z4)+hd6K0ye=!6$&Zv{ts9=uz9bfMlHr#^i1NZuibDXtq^M!G)PxiT9xPjla+0ge|p
z;#;B)Zk2)N@fF=cEa)<)$43Z)64hF%5MW~bkB<w_6^rB_n>+8Dw?^_V#QKT$nEmN}
z?|O0b-wt!xrvv0O8NiN>%3mAgeM}w&_>?%p%P7(}H3raYnK`A1{%P?&ejexY4bVo8
z5+lES>@9is9p?0p9&cZ}wML27AwL|SD3E3O0D&`17wI;i4>lO)*q6Yhq-cnPGr<=}
zc`+*t`+nF0J6L(@vpG^b-KA-iZ`AkR(C8>6H|EMke1Mp7w7msf+uyb)n&585p|}<(
z65NV=aVhRW0~8Ao;Exq44lP<}@fLRv#iayq@ergq1SnqGb0+`)otbm)nS1Bm_ukA(
zva_;f{r1k@`6OB2C9G*hS9_{Ie}x=0bhgT#LU*LC<VU|Ka?GNl=S0cjb|Lqu?uf51
z^8i!20GCJk?;_p}$6rrrZ8WBwv7z4wW%9y98-JIx|5PXV12Tz87hmUPHLr~c#PMIc
z|JQo`XTqW|F^+&O4geq<hQW!#6jYcSKnufQ2qy|a1!QNlbO8Jl0onfX0+^o%!1+ry
z8$g>Yzrcel>VJ&=N2mXc!->L)X2XdBV2BFn8l}Y~sm%j+tc;7I(xPIBi_7}6;r}pE
z{r83auVQhc{;Jc`!UMa+MRUcwL~~_nQGuznwAub@_@@FV3IODa0sw&QJTCDL01V;s
z{ZF|}k^lfs6sGR~nQ)@0fNa#2j%-xg`D}l62eJXVvH%zjAR84<7VxjS|0(#d4*$i1
zA?m-_@&8)4KPLcW1K>mf{(q1b;6GRhF5mxmp+KGgWHy*1|L3-8{dxBP;{H+o$zcxU
zpG`nE4F4~L6NRbxvjDQQ;kiV!0oj1;-2B}9YyjgZEu1JI+yD4H{M$wXx%srH0GKNQ
z^8m)tY=A%M->&%=`~RZA{yWj)>e?SW5Nj{U?fL!BnaN97&mX;I8egt6ahl(Lo*YL#
zHQGf_ecpx5JbH4>E_`oyMA^QK9?r3IL-<(c%8h4!lj`O4Xg5&UE4+<7N9FgR)>Y99
z)(RKVjpQ}ZaXiJOnb(S{tI=%6(wRc5f?O%M4x@_qDM0$5#R{wul*V{QH>*usFw5dE
z#iP3jrCEQQcXmKiN}|9cIsVGgxy0i;@+fNFfI}J2+-s7b)%6c&(s=I^$qnT8Tg^4%
z6*)m^U?2guC}ker)wt4`0OO?peNicn?tANtX!1AP!Z|APO1BwzX`G{NqhczInbd<f
zXp#E2IzQ7^^WR8rtq#2;zGM4nohMX`ANx?s`QrVfLpt*JzCIyTWaO{M!~6P}oRyOX
ze=*0ADi|pIL4y_rYSN+~A~by(tq&LRKoW#MC}iha<Y$vlKigL&D#vJXZIRuiV)l!3
z^+Vs~sT+)hlvs1#5GW1gcv>p<g%eu^yKq@FTxGz#*TsPgJLGFbTRtXIE|uK=mU`JI
zi~0L%G0J{H4$726oGidRnFW^A$#x*~VK<A>w%ZKOW`(I-o7XY<=m^8C;}Gg)vaC-U
z1LYl6-}yo~2*6=H;OIIDG`HM@de)tYKwe3npoYo)lo=!wI~(`kif?Yu@7%(o*p!L*
zx74w8pD-&0`O(~rgm>77scyRUc~&2}3{pHTzpnUbAeW+f!ABnnJ`?VYzI~;Wd}Gk;
z|K;oMO}3)qv6YMakG=TtuQcJls~yAU#E99UMJ%?6?|q<+505NKB(&B6L8CA5<P^5F
z6;-{_XYO_~XMFw?ezgPkFfmjviPeB2u|a_~-$zz|E6p(+nM3>8XZC$kx$hSf${PAF
zn?5~V_LONDmCs!ogKk|GZ-dpYb5?C)*p~YV*ee~4zUlS7jsu4;7rj%Hm7p7v!^+o>
zA6XNlEGhf0M@%@=S9sRt&ahL3P4XG4xSh!RDYATzVJm+x2%hyz(<J|s0@YY`E7`8V
zFd=k{&^m6DB#y!Et2C!RE#Q`9Kb;B18JaoCa-6%QuAkn%Y{BH02Pi-XxZ>rebI6p7
z@M9$=?#8%TP#-<GG{9QY&g^EWrC7{ikqx@=D9+;h_hob|uAKND^nW|E7uUoM(;HV}
zx#ZP#*Tde)>vX0fRKEC`4{&wpy-#P7o05a7hUq&Lp9Y?5NesWlk$5ruNLjcTh;6(3
zrr7YrStDi0fy#zCTnn_5e|S4?v?boHICn9Iw{W0!ALO?BLbd9n2G-wfvUHmp44|d6
z&yiu&Kg#u4TB0_T_J@;d4{l0v8QUoQK;`{<fDH2Y<ug$%9C<euv)u&sa4bp&wzq_w
z!NRRXSU&G5(?08RB3&n91IcVV%uWDcQZ``GdS>BtozBf|f32O|Co<nYk9t-SB>AJ+
zPh0j54{XCqOb9-5*Vmo#y|Md~)Gq|{t*H?}KgkQqY^6Jrh6EJW70~MLQFIEYmDI$p
zcf4OVLDc2Xl!By3N~8EBbg1Bw<V@-AP5h`S)o5mdo7cZ=?qq(wruh3{+_PvE=5qEc
z!-Pvd)xYad{H=l@a-N%b*f7B<PE>`pj-C8#3Hf>nxjI28HT#8@>J6Xj-#!sUju3?L
zsZOXcW+dFdVgF&6;7SmwLvdkDfk~G;LJ)ZsC;x^Wosp2K!t$Epq=fuq3HgCxJfG^E
z3d<J?%%uucSbGf<{+{=tHk-dTr6DZ}_ygtJ&-R25`|o#@fOr7i1=>}l@;y10jv>Xp
zeE=%}5d8rlUK%Bp-V4xHi2`JOc+EwPr505}q+~`wSH=YZ00EwI4l=2Y08C&56E;$y
z5}#o$(Sd{(kb<}tXo?dBFpmNN@S^ad#EBh%8OCz%d_bj=Spb0MEf<YS$zN?HglYh4
z008SFK%4=9`E@|_=PN!;!5r+*75C9fToyV9R+MAr=iE%mg}=j{r<)f^%Inu&(;_;3
zUFX@2Zz>BZpEL)MJPil9H<3kUcJdIK8FauJVs33qCcSd}avwX6LjCbhk?XtDFOGu}
ztn(zB))k}3R`0pgjpSO|AMf*D&Cchh$H|uJ;9>>sX!iHiuaO}Ir3IiK{bP=0CEY!R
za5o5eaxKs+gyGSQuK}x(vYAw(V%EwAaRU~&5KKQ%h8JXZ^Tk4vs@($?@;L0R&pwp#
zhnBoS{g+QPT)0y6ntkR~VMB8>(P3M+3)0vlCufkAx89N~mFCNEDCy~2g?7^qw?0*K
zI3*6p^I4Yz9z?NUZrAE>%vTqW(-hq5Y8UyiHG5>PO*uZcGHxW4^<OG=YwLoItBI;f
z-aZFKQLy^?`AM}-TESaS-$LS-2dnQ9J4b42mf}+3j!*Vue4<#Yt03)*?GiM2Z>^7!
z$D1CFUVw<(5W8}k$&;fBI*k%9yw?Kz#h8sqfJXoT?f?L0o3NFzl?*XY&oLY0hk5)f
z`Ca*Z!?bgo@&d5<x51uf#svL9G4}-=#;VP@@~rAV`!mAKwBp2dVzI;k;<Hp?6>8(2
zPYO~n4Om&3kJt*bQVIY7k3*aSwHPX$asVR$@OO)wOPyB+iEnBihAV6`jCk9W`M$j7
zP{69z{bhzzc9VWgJL$e6`AM>JUMN!%qA>t5%A=trdTy2KP5+Jd$tTj+613u`UQWwv
zE@ehdZLbAhtTr*3zg}MRhB#ZRdntK)euYp%Xi_y=O`RdJM&4ddZCNSS>a^8!br5Y6
z5ASlwBbWB}$}bS}e#j$FZzgR?RRN7uCZjfI_ixT-?UIgWl<lQ+b+l!kl2c4fJl}q+
zRoLuW>r{Sy#pLX{yxQcjIQL?%I`#E(8KlgKNGP>5wS2j9!ISnYq)Aug+v|_363*_+
zrKM%+O--prb;)LorK6?oO?9QKPd?VrFbbunST%X3T1j%6y<To~Z?tA&9R0A^YQ!i+
zsT})ajfsBELDboSV@;!pw$`e&I@Sa4tK`RJ?Ka8h)nNOzU#vR-`G}#3zdgQu+3x*E
zdeAffdYFcO<Kgj&fmJ+W(y>X>+PGa{6|Qyu9sS{Y-;t7r(rki@m$!wOP2a7PTCWRo
z*?ZPELveM%G1z8i5=y}ABA<0#yz2JZkNL3uB6hV_H=fUKeU&N{)xnPZ!tADZJ;B|0
zbjj0?qT4a6{wZL!SpCt=5K9Xm8t~>t=?FfQR#Hi30J!G+rQU3@CaeRwSvdFdLSBzT
z|FNE_WeyE*#63!etWAm_EJ4cdciq9(9OvXxPZTAOewSX{k!pH*W>l8r^d(#WV_CWW
zZR0$<>khOz?-CX<xhamcBSpOZ$XB?}x9{4rg0tYJDTAh&*d-!QbBRiawe*T10(f4-
z*F<fZJ{CHI)%h>jr6;*N!$<P?hOpz2ANHQ3^;Y~p>Cc}o+$3L|;>ePyY6}d%)SmU`
ziu;|=D|d#)f@Gm;J4$HH3{gbmvpw@o1AVoKcWY1Ve#lK%$PV$pP)aMk7?$`IP=3dp
zknn{4521VQwy9n84Nk|r&0S9tu8QT!#`>1RanF*_1~h4Nd39s52CZoj5&V|#;Gv_t
zQ=P5$G#|RbGC5~)MV___Z}DzBQykL_%W3mbFbFsIq5K3oBW*CoKI^0VJ1t4aRk5sE
zs~DLgQ%MB9ePhI%NP2BN<_mfHl|;8%T}biOnf6o<dAYMN4D>24#49AsC8ASa*LF+y
zak3(*gFUc8J#s+1`2N+o<|!R}zy_l}>Ae(kvcE7Wswet5c3n$7)to@JlIrnoxj{fe
z=YGU(*l8b?HnIrwVU<6M3IY>7f0__M9o0A6^de48*xZ?ZvF$Kpc+{f)guwZWujC^J
zjsb^N?4IauOUuV47;G}8zjjz0{=Hz(wT@4;cMw6tm@}G=&%DT9%y_6wNkK{VdLo}N
zo6jZw4Q{4WN@5vqd{NQkcwkKMk0N!v#MjjHMXsX6_3DqfjjZ$It#NCgR9gv_S(%sh
z4%u!v#=QNC(9X#fptdm@<A$^{02xx6xE)1a^5v{@Q}j2M4@B#<nKy5^B*=dNm@;N}
z$kGOFELurhi8r?p<vovK!@$iP&;(O|U<q~1$!J{ap$JHg*3B3h{ZXD`({X`BJ$smM
zoNZ7<n?ifIS~M{y$3G#&M;kn++1sz7rc7qZWk|^P<z^)`{W-SbW*!Jf_GqB7aT99n
z@r^9Dahf48Q_|V7^ux7oj#*;fmuB9_yJXZIugtzyY<&<Fj~OW#EPIa5t=-~Pm43xA
z`_n-$=a+nFbUbMIl$nq7o8cPqHm-;<_=Ur&`8Q4~nkN{r@e@QSwQ+P*k1+}nA{t<|
zz~=%5fllttJoPf)7*YIzqefPBNm8ZdwbwxUeWl;!d-Bwv^+d2oWf6_Y#;5)R*=?Gn
zE@5d|@UB$KLabl$?c&LSF-&Smo>`ifP*}^Qb@=G*v<>35w-{06<H&NuwOInqlU{cY
z5nluynVU$(JD<%au%C(S#9XQ6P?4jFzD=FTu!)UGMPWRdWI))~qDhG+OUmH-eun0A
z6}~6QKxO5`5?X!=b)Za!e$U1_8E_ViY)cbM{+df=Dyz3(gJ(h9+l&k;3{BE~EYfY$
z+UaC80VVqG?E}Vs!&Ep#roI=TH#hoSgXyD5q29ju4vUY)BjU8fLKkYR@+XwaD%C3O
z%diA^G3<@J{Ez!R?XxFiV-_4`0U0hDMZep;ydZx&`0ESAexK^?AB)^i{@$!(wuNEe
z=$K_0*Krs(TqWsz{-Rc4|9++6_~BXI;@|$T_~YX5iVw7VF!rvSslP#9XjWcTk=9AP
z{#E6Jw72`<d8^nDT6qs!=ef8OlVyi@wmA2M-znVq_yooa{h%QSl^QLG&`=>xV@8MB
zA0AnSj|_xSWz7VO5(+)c$n`XkGc5p%2RlP0;?LTh=dx_WEEH#*L@;g?XZha=V>7t5
zkew63-dWDZ+Pv?p+8s@tAlw2W={~2zT(;2I9(374C9A|V+Cfy^BDs>NXemDQ5+zwN
z6?j-ob+;`XJb24}6K2$XdQ$ZIEyW^Yx4EP0y-cH+oWQKo5csm7J`m@jMosnO{E9m4
z+hbHf7=>EfcdM(4A*M`F@=BaUF`ix|dd3=pTpypT4n4IREgT-0Cq`UPI}^RN$S-^&
z0!E`-xzAuLXIQkMxrGvipZ08Ks*k@6ZA_2s2h-$B&6pH0ok704uM}vOUZ=1!fuLeD
z&ly^UE#LxQ2}k3GJJ*?~)6A5v6s(Ws!;PrEo~{WgRaSzlHe|ImE%)prx~f*iJ$aQ3
zh1?-3>RsQrF0vqK1w!P}q8?GMSC^r1SK4|>Y(=!e#!Ftw-u3C*Mw^O#yS;}FF?T!o
zmchhbx$c$5<FY`<n+FgEZOJgbSZC08q<OJ~$qyru(@%=m;`8mE8-0pE%=q^BGBi|5
zu32ThY<3RP4OTkT5J*IPd%@3drCrundM$k9Z%*tjCqAAPOso8ENxfi!Zb_jimh5+^
zTSF<MCS)W*9urindgClOki>yNMRofay0Osfl>8pLTnXp03sV|%<IS5_+UiMjYwa|R
zUIiZvw3qfkn{Qz)?Q2W2W4XDiKi*S?-WHy`b4d0-Io!C?S?a6`R>vpfpOnQRjNNd{
z>EkKc(cVzbr%NuL4(VOWc_60u9p1UjZV}6uT~%mR;hk`SbymG4fe6p%e^1P?QlX}9
z${qiN#dhfI-~7GLbMuNqr7B<>BBQ*@&b6a`Y1rm1*XNujNJ;|U9aQgp)z0M7u@<*?
z#Hh(+E(=9=6LHy?EbT16ZNI;WFIm3rgroQ{ao;@p7h-rEczH-y`VfCQBts?F902(B
zXtzMb*TNe!?ISU9#PDbX)L&{Dk-6WnSf_hw7wFBP!O^?xJeI51D)rIRwXdl7g-<JZ
zg);%9_bm&4CGoaz8nLBqm*D$MfAt|iip<S1q`qOK4i1t8zs=ULXb~ovomxj=T|VAD
zhRJDLrTN^ey>DOhJI$V)`_TK7qj=jZK>ngMzPX~ZMj>-c0CACSC|MDw7ed^d>orzG
zb@g?{b8#o6fC<2;%~hf>tH9=sdKWVB1BqaLwLRlyne+^1bMI=A!LdKSYUO%VZFUpt
zQ!wmm36VUkt2%uh=KcKvQvUl$0JPTGB7YqD#O}7~>D4vFHglhF6{WW#42I_WoZLJ|
zd;&Lwt_Jzf$ik=JVzfgSZ7Z)6J2tX>SE|a_#9(gOf@kdCTr-TTMB4&q=)>qqJNWr$
zz_3T&y5X=%>w}i3r-K3b?cd0YgG5hVhcOoTHS|}gz#@PBLt#zs?=F-3#rZ=DUJ&Nu
zqP40usq(kBHo0Zv?N`>GIj2v~I?OBMtDe3ugn+>s-<;qJcCBDWub6a#NE2z7?X}uE
z2uESl=P=L)eql=h_07Sg&%RqbkE8OJ+9ICti4(gOk^O+kN`~1>PL#>2fXEY8?-D0E
z>XfMQ5LQmRR9<{u{2Ylkvwb~My~X4~|BxnXUU8pd<N!Vs3`@R_yXE6-c;ogdp>O^S
zck##fC5FQcr+Xwi@)!B~CP9@0#pMDb)?G&{HzR1}u2Aplp1cKDtPI^8e1hT0Bpe;a
z1#a~nxAds_<Wek5rdZ4g0KpaGniYl{REDZM3B4enbTZ7@)Rc+L+*f`?(`yT-Ju>w*
zH)Udpk%%x{VXAoUck=0dReyY<M7~<x6GO!uO?&@cvG?pq75T~0fiWJG{(;7^$E<zI
z!yLXowexV@E=T$!cYeydWJSATBy!!Im#Iv}!e!9&1!#{dpZnX&$xaC+?xBQ<u3nM%
z*9o1=wRrk@z-%SPU5BC49l#w7oAw#NSx1#|+^)&(JRxGR9Z%j<P{@_qxa8nj7LHqy
zaDC=*@VgIXHcVyAGX2x<Mjm}*mea90W8sIgsxP~K^j+K5+NS=2X*jei<H0$B2V>)e
zh*qv<d>e_36st&@yu?Iy&Yx0{h?n=Sym?u+Va%r>eb}ojSwpi?TzpNCN^jvh!f+#X
z#3dE*p{T3}gj|gd_2x<ObiRFCW?<o@Ve!R)!cS@E#TP0QH+XRk@oTqUt^~&{^=gv~
z^V94_*JkbZ4Md07nqKCF0;DJB=TwKQm|jm&-dJE#=ugL%2uN?&ZTsr&A}e)63#5g&
zt{skOv&qtfujJ<!cEE~vvosHnPi~>XyDc_PJ6w|Z*@}B2*WDdR+t<9Q)~`S1*+n87
z<Uo?_X1P$1dfuDVuHzE~qJJ6;xiu>1DqY$VBK<JchmYqTdPaB%-CqcECMrN9qTxY1
zR=3Wu%qAq*DNR3edL4n7LTQA&?OYoe;{4cQc}VXY5z)6H6onPn5iq(ZWF^{-$hyQf
zc8~<%5f(?gzyz>$CuUfh0~RdI3JbTs62$Tmvk<h;>oGyf<JTPUj*)^BQdU-Ln2Z$d
zSz2=#4KvUQfk=9K+as{&`UBB0qp`0X&)S+jqU~2B#SasBQtinjA#96y{+Tfk8`5hm
zgcK!PgWR|OT10P^3boT`d$1ofb>+hp`p{?^NaoPhq0=+YkpdM<TZIU7p2ZZzppczh
z0gVUbLQvH$7-nH2^FD6(RP}U(j|cH2G~ujokB?_VwY0b0hN;H2kD-6Z-&gHv%hC7y
z_Y7q+wv#o$jTf3W!cLRH>x<4)UHi3lV=+GRiAUpJRq*BJ2ig$MmHl4x`!p0Rx3|%i
zcRm;lk)O_?u4f7^>FL{l4F*Tg(OBX4hPiy!@OG%CG}V47a`VgRqpfvO`M}Qfp-tOQ
zH(snYScg7(uUDr-)2-LbgAEn>`5Bg(9F2(#EqeF7(my_=Oy?Odqw{mw=ieH2xL%D;
zW)dL$cCHX(F6*Is0>j{4`BCtr7$-<oewJQQWpBIs?hK>7Njz&-8t3jM8Atdq#odl|
zZS1Sm+^Xf@1yX$SEh06w>yhj5A22aCFDO(EgU|`X5dCAF8(@V1ObUCbT9&pD@-~*P
zSKf&Uqh-KvqkCx<0EN;76<?WY!h_Ga?~i8z*sRrw<bXHj9eV#Xb2IhfZ>BXEx@=3<
z_*2V(GY(eT;}HXUEkLbxd?-(^J;)<xdgXb3e|Yw?bG2W_P48JmdEEk6(v>dU@f~R4
z-RVxciS3eehlfq6Sm~mkQeJA<CzM-H?8rih;lW^X*UD$ZpvGkDgV@*2^CnO3a)=CT
zqxCA9jg<x?`AXuG=_REqnS4k5Nneq923ILoyt1?`?9&F|fnoimjchpeNW@PlRGsW}
zZL&b1A1^gan5O5n@95fmH4TLG^_?W|^9R#Luld6!2<gWIOv362U%nBp^^pc`nHWf5
z4Y$yYB!IL$_kCTXmJfRT8~`A+jd!5z+GokrFAct~9Mu9~5n+@wjeve~01H3_s~=nG
z1AsycfXxN~P~rjr699m+62P4nKo8u+?#KHl?ghY|8h}Lz0Jvb@G(F4+E&vc00Q~R*
z;D8@Rj_L0J{9p(mz|>{{00c2n0GB8L8%7C8j7joxjuG}xoFG7)2mr*10*GNm@nA+|
z0RWf*vw{E-?0)<x5<nwhmJfhK1ptg=_6IW`F(m+nA%GD#3J(y15f=3ijuumk8LR~O
zQv>)2GvZ$t@Xyo6!pw((4M4yLAjK>kAdeB&{|}BBQyT?PW&@B!0RZ_JasN9a<Z+51
ztFv!dfF3o3nI`d=<}TvEGekcg#s{2C-|R-jrjoM08J25yqAr&>{3BfPBgnv1YUV6r
zs~8U-fhBJHct!5i7s$DGgMyc7L{Q!r)1*b@MIwAq<<xW}Og9m1ZHaFx7?>)xsf@LN
zsY#r7ua=HTN<R^EmBR()EVoWvKT403O8n3f5Hoz~!2c_<TADCkivDGB(8sls2qG<d
zDt3yU41%R+Ww>1G5-K|Z=`<dQUUmA`x`)Vhi3vhHB^6%R(j^Wbk)h-~G&<N_R6!pW
zM$X^ZmdH7#dlJU&@T@E74*Lr2mokvz#Tx#@*?H@H8dMY4hsO&;^<7V_pEwvX%blQt
zr(6z>=sFb-YU0I_h^gTZXO28LT$=%*qWv9%ytcvm_e-**xGEkCZdyT8E0bv{ciX0R
zIZukdTR**e_|A&mt8kMtDu`-Lj6cW&0-v5d+5{f?9R>fi!VX8c$h%oiC{K_uG!_l%
zcGFMriG2Ox(WQ?SG^Cg5!plIUJN?7Ce=8k;HGNN3N<W=+2I>qG!y38dHOmdw3TDd{
zo!-u2km<k|8LJSI1t}!KT|~8CxR4v`Dk#7oQ)KHU=vQ7*e@MXJm}gp;p&m?lMYiRr
z``wNIYu?%uGkko4<>Z&7c1+GO63WHQb`23&F9T~kv#j$<D(HM}8Ja9{KPy*%|G0)+
zN7*JB>ps2tD)F$9yNz|FD4u=omlj-IHO!0?*JscCjE(TVIrjc+sNL#5)J5tOdi^1n
zII`np252lvq-eJw1>+f#hKYy8*~`mJFW3XCYD)#YmXglGwouYt+~j<1g+8}7c2CAV
z1n`BxG;JW3FYWquk|K=$cwr9teLi|3nN#S8m$7X(?+M(MU(55ImyB&Iv#>j?b~)Zs
zY2##95G)y;G$x9$=|{|1xJ#YEE1oicNVI$E%uG;nqd3!|gA*H0Fb4dQUjtiB?39jp
zZ^R6rJ7g*LTCA5#kKsCCmO<Iu$k;AdvO*-wa=Rpw3vQn#RO1$QcJ)6+k;SpJM3l`Q
znAmiRqMzSZJ#tpNB}3^Ur<g#2$Bl1d$k)YRm*UH67Z!f?bxKn>wel>d5O@C&Cms^Q
zz7-o!!i-Jf?mVP{B~LLM$4n8cjAL}x(@qLJLv~lAj8e7-p{p}>Z#nTm1=SAw+-VWn
z?+K*h%LO;ac8cu=D01!HqNS9*scjc%-?K;_aE_3Nd{I~%c!-=@FT}GaQ7EFa>bG`#
z7X~FQ)htkbn++TL`mFv=k8{Dk(e@z-lpLrIpPq~;p#wqZCzsT;8Yt==o3HGQoA*e#
z-?kWWYNtn7H}QN5I%$=uLwUHOk7!9zFNaj*h126dOv&;o)lb~O)ecsc6vp~a31Fj#
zROu|t`CeqtrS07~>{!7`hKWJb^kU$2p%spp+N-ObFJcr{B7Os!yz;+e+*k5O!!Efe
zq`y+WaV(blCVp{3Zk=QBh1zxGrz7cyyFnt5TxFgAPg4%L;)~sq2T=Ys1fGV;(E*<z
zAY-PM&GLR20F#GqJinL^!Uj$FJk0hj_|dThddVKx;ma})Y%T6siEP{u4PDL^2EKne
zG_XGA&c4?P??JA!XGnDpf3x{)(e4SSlF!9{)wB>PT80dO!;q*zcNhvgJ(7+iL2&5i
z`)MzzddH8|sI0Gd8-t5FJM2x(2gpT7gy%o{E^XPCU6si>6VV`V-}%`d?A`_qH@%8D
zS>d@8ubdLyQ&z~Z#qaB^$**f4PB(*0v2b!k#C|ZMvs_QRxi5NpPjTP7p59SRM|Bkh
z)0k-muHx|SM20Am9&^&3Dcq;LkW6RI<nmSe0Lx3s!{H50BvK-p<S1zeI#v*FJFv55
z22urEsgA0($356jZU4-?oek%I*hNU-E+^>ahR1ykWTo^c8S{G(P38VhGkETqX5dxo
zl<@Rx49a)jX>K1q?>BX0rRp_2@-nS6FSHKrczBrCL1q>7{CEdxrYqI<?!x@1;7->b
z9ZNW?k+5Np)QBH>$OR^q6WHgP#`6&C^x{%rPD+ArWJ4r)ul{(lI5!_Uch?p!wAa#D
z+t)YrG+vBZg}y45A)nXjD04CKMWuxS<;Z)lZrbjI5b8SK@<ZuQSvPwjV>cf3g4zBm
z!U~q6^+Q85PCBHYeOp*dB#75wMfBlUurT7}*z3%vE3c+?<&=eZZlQRAeX~I_xso24
zhd29SOV*Xi>-#xx#U;X@_7o05YzoFs?jPa>6jV8zrf$8jeoooOF6}Pa`=Rp~q93E4
ze)%z?u)F@-E$#$2b!^Si?qOm6xSfI3UyXKh$)$Sy39>u+Qnx2KIAER0Rk~BV!}?<K
z^irx-GaF`Z6T)z8Gx-h`&8@z7chv!Tga^@+=DDWUXtV6p7LgN3SnCQoRhKy&lj`Dt
zu6=;kLt|1+jy|5qrFi6yje@7bDtFptA6mkLZ$T?rt&qn)Bq)9^mNHcWpVLPN;@kn4
z_@Km*`_nvDzF6oPFN6XetczX-DeH&oKr?c9okl^&?daktB9z~3z>-%dSeBOJRq$}|
z8;`uwYi|?0{vdgz?mQbnlWL*Jf3adnuFFu2iC!hz_xQaC4<6mh4ElmBfi~j3L<DG8
zN}&gnJE5R!{wXu7OXHMxL1Y*#*f+Rb%~qq%uC(mnT?hQtUDsiu<ngf+Q&$J$j29<j
zzeVQPP|dQ8u^{4`WNzof`m6OS_p2Q_YIfhw*o&XxkuyD~_ty^;foUuhiZicR9u)t0
zu}fuoj)`?@B|**&2EXYGjSKUrQ#e?6Zmk8M$V)&*7I!~I)?sqbJ{CcfHEa;CT9?NX
z#J%J-|2=7|9H!lsBp8!%yMDVgENnJYI(Zh*Q<(PKz(OR20e$mO7_lF5l07r{{>7@n
zG4+qnBunR)H~ef~K=MkM0tuop{3o-ez>Bvf3(7=j@gI3FX3G`=$f%#$*0>ZcPOvHl
zj5@s=g$3S;p4glG`1bhfD_PE~N`fj^xV^%0b~r-mNKq`<mYiZ?xN<WW55-kP@6xS0
z6vYBB(jIz4wtOF~Z1AXxeSwz>-yGRBI1wN+N9phiomU`oh`gefwGBTxER+qq@zqqA
z4%YLHtY${vWI+=Yq?z#)KuJ_X83j+{Ur;vypU@XrDOpUpGWYv>FypUkKFe_%raLcG
zAyLIIj@L%XVv-AFMDGWp!f+05pepJnUQ1oG$Hig#nQkdl18)j5yxriB8V?p9Q%%Ya
z?yzjw@iy|3o3utBZ$Dn+#Ji)sT%VGAnV@B292LF1@QGMjWK_vWt3oC4cFgXlyfDl6
zBGtO%%o`{>UV@5bw0`PP`8TQ`L!8AM^e<RG1iv~L+W0}hbpsvjJI}x^+bO;SETN3X
z;+q1UsxRvmXyn)lxwy`f57F1~qfaCIGE;K>6zy$X7fS%&mwUfkyncqF^6dG5_=h41
z+6lbPmi@-CaZ_2j9DVu)*B#kB6P`v27KDopHsLHGnOZ#Xd|+wT=F|?4$r&BG4*!@?
zXST>{5XR5(>8t}@AWhyGz_Lyna55M5rp51hp>%{YQ^v*;7Yw9FUG1MpMwk!vcLz8r
zhbbTnzn%*o#9tRJ;iJf;RR(#Bnd%nut`g)4RFpx&?m^#8z0d>sYV>+kn~2bocV6l%
zH7;fQQz<7_=KF+~med<^Zh^_NV1aj(L+$93cliBR%Pc7cZZ;!534u3oF7S!V^LOo)
zM<KGl-s9o`x?m^kvRD00Vmzl^!RM?t4$$~yG`%zo8=s6#18@8pt8jHyBUdj)_F~we
zdo;iCnce-FuUq(j#Ox2wT^H&dve}^s`ElOfqUqfg6fC`%Y1)+$l&Sp`e1C#u|2UAH
zpjj0vcJ_E6@C{FDwR2CNA}hmo1zq5;jd$N(pO&4q^{tA3Ci-b(neCtP%h7Wt$fl!v
zuOZk?b*<Vr!K-%sH*0-OGZBHBX*?(O%1ABv^(8lJxJ4d<PG_oWMcpLiN?xv`KCaxR
zFkN;e7teV-SAP1zRdb*Z9Vy4!vl8tkFgO#2f5ENT*Ka&PGf{RH{Y<IU__V}rg|vZ}
z8CTc^vB5O_?lG);6UT4E20$NQbM?LP>ZVBhTS7R>q>ndD6(A>nnTe8yd67)m(|9Iz
zzXKB0D?ZHK&QV^eNmo#2@@#~tp!mri$apo|m6F*^x90LJ-cw9)w!!ayUvdI)`ifcT
zf+aFElE*jO)#|O7(rK0?=W4_?oRAwQXx&#uNIyVZlR5Y&e%KRL6$EluQ$I|D)lEUj
zH-DnAjOR0X%vcLyW^TUSc+C-r)n@v@^n2HyG>5v;#X1$jNNK%!Qs?D6R$yM=m*1Dj
z+P$A-`Zp9FZgQ2GN`oTulTgrGvm9q6OzEM7157%Wcs1F>F1NNd))5g5+zNVwb@GSq
zDDHxsbM%>i#<{JO^W~LV5#JR{#yT2(lXEE_{=~$wbi}1xW&5(vH%y^O=Q(ayfhG|F
z8wK{AJ6CX;foj=Dk0L#G_HVts^j`A3>WvBPE#>`p5f^q*D!@d)mWdl4e<rbhe8YJ&
zl&`zoo3)<YsIqM!4u>|Y*y&1zfR78KA`S%w8-dB=bRLnb;I(LxuO|s|vcI$j&Uc*<
z>#toWKNzYlf<$|21+)0`ODpR_3A0S13<)^5C6^?SOTkmzyBl&20;fxJ0jt5b)7Cw=
zgHvn$-*ef9E}yP^_Bmh|L@alpeL-aBOGVd3w<QDx1><xJWV%YH30%~Va0F@W6p~D+
ze-!0M*fiG4J%&XBnlSkWsLv@#9;x1q-CSQ@-TYoEq4q{|ruNYRb5?Fi^$96H@?%>U
z_&m?W`Wc0v4H9*h8$SyMKYho>f<vLm7Ndv*P-0W(X!@M#soX9XFcggT`F)P>@WkpI
zn#0_?IFX<9n07Xl1OZQXMVfdb41_(OL&x+_Pkz=SCO?E<Z%N8e#+hjcyUZl?J6JB+
zt&bOU@I>DZv4`r*W!HDdJ$14G_mamSuQS9UCbPE`@Aj)2A^2oCcncS=GqrGjClbc)
zs6CjU*-$ig<DPT5#h=*bjgQ)amCxyCS|%mstv};1vU-%du5_|b;q#zhH0BFUq%0CN
z50s*h83)I0v(ThWS+#?yI@Uj06-x@=E~z(&SlISwAc)0Qm9y;MmUU36BJHU{k4~a{
zT#vwR5<T`*Ar@wB?^CiCeVJZ=hkZ1a7;WFn!i_vZmix4HxA+_qU>A4#K+&VVVwNxA
z-iRMCZj?W_{Oxlxfi3LY#?YscF=qiA(sI~qu^f`5WfF>rD^`UV8^IsZLevnKouO}j
z`gAQ_xt}1j#Y&#Z&{il{t_|~KM?|fC@W_6CALid{Hk#*WP07CT_oO{nhHr)42{1T{
za&kWR%&qUXwo1(BB?I$VM{ojlLr+UJ0S)KGdbh3*l&T)N%;E1hFtcqa7Z6Bd4u&M|
zBJxDh<jlkMWjxgwCy`jO5w3676-pXgF<r{^SY!??&+vVFQ_r#(@zV!>-<IPK4Ny)8
z!y>21pPphLh>f|;dE-i&ea0$>4o~<nm$?K*yrkbI;Ab|rX*eNt4UG+E&6?~fU2u)@
z;HUEbY^2s6RYAz)j@8)gH@~xPDa;q_NiTRj+Y~^k1r{{0vlgkH0KMj1Mf>K<WFdZr
zTW4lyY0p>+&E<nYY8;6Jyr<7NySA0M3_>XP#wJm$%t}PeeP;>4vCYb53O`>XIa<0F
zz>3RUyRCS{c?sB1`?br>ibtX2BQcdSRE}New@DUDF+_Pdi<8vT-Qmd=P(}Oi$egts
z5&z9{8h^ZM4FW#_{)trjZ2xuYSNWn+DivQ03t#JvU91t5co~2so|P56LLx6_Ix5k=
z{P3Am<UD;kZ60BMfqL*TyT2>m^GAA2RLsQp>8)-rC%+2AGd`1R6Rpf(SL){cob<=@
z+tCEEJ=H7k5^Uib$eopRo}bJQkaORM$I2yAFRwnM@KF13X%}$Pil*z`0DJMW1OO@0
z`>C=Fe3JYGe4Iw|&E@a2s>drrl-ne{2la-0Y#0=BgFB{}<#?v%VoOh_x&!y(pe(2D
zt7_v}V`*DVF6~RMr@hP6{y(NwSbl0yaKg8m1ct*Ch+d{A$Q)xmNHxfv6KGcwo@p3>
zkkj%nEF$Fsq%f*7o&*{XDPJOb&a*yFpyE^EN}rw^8TXmk3Gv-jB-;T-y%cQoo__rq
z#tsTFTH6Npx+hhU%MOeJ07zj_v-VXH@+bg_;GUW20Xss~83bjUi;6gB0+|<yPudRL
zFbDTWNxih`I+q6AMZ_og$oi;f)05~~2Oo$1;LRU73*-;hU9#lYe%A$`hx&XW#l)kT
zuBD`XPxdpa?^_r3I?HnZLoWU#n@NxjB1v#ukr=Ab2G>XA`!ApLT+;i4-PX=u*@>Ym
z^yab((6+PqgOhpASyA}NX5_k#bpe1iTyd@$J)rDkgS~Y-Oji>!HMMhbd84{@@VkPO
z{K?&`!tc%S{6b2Gx}?KQ-ri5}iCf?Ba09U3@)L6#dS&W`Z3<q49$k7orQvbQJA;=O
zcjTQgkoaeY)k&r-)7y}U+i=z#%kEeBV)6(;IDnkSe7$oTp9C?}$BO4817^tk-W9uv
zj}o=Yag65K?N?-txJ~ulX;R(G4LE6QO<Ej<eMrozB6B|rEuQG#o-W!@IG{^%-UKka
z!H@Y(*Z3Yb6@e9|=AE3)gx)df8P6ha1VJDk*A~#$xfe4%qRTC1u9ZRGb?$Sx;={|y
zTt!aiuGrn3voJsv%4O}W_%?y;7y9va-%2A@a4lc=VB`8Mz5`qX4X#Uk9VfYY=ghKS
z5AFfpgRS2<a{WHPBTsW_5e4h!Dq;r~brlwetL=Gu>-gFp>u${DpldBFk;sRwbB5^2
zWd6a5PIqh`Cq(;-UpT;FPp^~3W+Y?$Tl05mMb_}A%=uY`LUUa=HWOOSYv*_20G?#X
z8*a#(i1RzZ*idX2Pm6E5rb+R^6uzKL0uj9dc4*If#2=oCxd$d0&PjriBNajoakZ1d
zr}xag&+fw&?||p5_}fmr8*7}bpCga`USI3wEecF;7j>guPXu`gfH4F(Sio&O^d2f6
z?25SC9?02wBj^bxWd)Xr?eQvCeu=CJU~$4xCKGgYok^6&M_KKbE(u{w(s_Qn))Nu2
zO{xQcGu-2&B%v?&msv`p1Kp&+rAWUMJdtC>N^}ffQ9kDUb&z%4X+-~=^W`plff9Mx
zm~n9N1AA7+LZZQX4_*s7E-}PlMuui9+`37#7v-J0X}gj=8S4g5LQN1|o^)cC2YV+g
z0qV%EPmYuMLb<|2XciW#1as3ILlr*1`)lt}k{jGUOLO*={CohL+q?79LHnWMfJSCx
zm`j!~cvrJN%uS}{-O{^*qae9Wlb)@w9|h&5FJ@RA$$AD3a4us)!c<A$lg!v<%Q>si
zn<AF^$WO&nSSdi8vyX3C3t6Pj6e*796fYki9z|2@3bICQ-IR>X!at@&3VsH#etlIA
z9Pr^ALGcle??<uFuqF|o#M^>@y=x@7%Z>})^NENR0}}vT!aXin6#xg$8Pr*0#cK=S
zw$6%M*i^dR@|ADvQ|Y9jn?dr*QE`!v&Ia&r$&n3X0{efED0A!YZsEu4t%+7$Wuv7v
z_A++*OMIa9=m!Os<BN_>E#Ns>N(0=tM<XD#cZJ+y5`GOk{dVkYy?DLVf38ENLltBA
zibKUvS96B!*V)ug??y<lR*10?+XN2bC^Lv;QZ&zHB0S`Ja$)Of%jFQ%@Y_vh0MSZA
zP>HCeaV3u6Qs~wa<zDLEoP^Zl4Js;}cUy&_tuc>^vCnd&e^=c+Kbr~6+E|C-<9GY{
zz7>Wy!n@36p7Y|-SXl&8JR?u&#{z7e?#@w~cHpA`iFo@R`rDTeVg#cDKF4>z@Yl(_
zTX?@|`-S62u>r<8#i3Qby|)%SU5br83soV&+f4$@@1;A6S-0}D`i{?5fx1O@T}y5;
z92{yfA{hWoZ1I)*y2Zac{Z8~I0=ozsV1fKS*XO5w;N3UrG0bjfxPj2Bkp>pA$NJRo
zSNQQhR6k}X^M!5WH-a7F2_FNV;x$G0PB`jVxpOu;ba}NeQX6Nvb}Bw>CQ9Mkt_M@3
zh6I2#Q4!~AEDBYjG|1HNz7!w%S^~7QdC+965$7)91jHf8^#P`zi42q3EK!ME;LXa-
z6p9+-O;++g0vj^F!X6u|FPyw<PmjMSvWl)n`@WYbHh5XZEJ%A}<%F{)ICb8$-%|+M
z>FFs<wmcbqQ%{loOxLVZd$Omy66}TDmJ(B4%l6m|e!UWnXM@Zs*XCu=*)ytzPjmVY
z$eN4pBJqQ^y~NoRS;3y4b!kuEq{!5xm##k&dv+1Cx8#GLeXt>(peNaLDFjXcah_XU
zm&I<5`H$sSD%=%M<AZYX^EW_3=Hxb0g-ga)jKaPfH!haR@C-Ioj|A1et6X0PY;uuJ
z%T;S^IQE>9eXAEGcUvE<01Z2?|H(zn!N<mR^4Zt_tkoYeMWHrr6lm7-4iBAQ*fnH0
z7a*C&im?I;+L)4|Kw5iKWyUnxq2H&`Z=y=fBdmHAnUx>Z1_M|YwVP>=JH@F8StBlR
z!s+Bm)-6<U8Gi`mvTM$9KS<y_iJUSJ@Y%8D6_@?OG9aNS_fg3I!|wo%um}SAh~>Za
zV-rBk-Qw^`sGO$&>;c$PSZxt1FO?>9Qdj|_+fq_$oFdwG?yPo*ykgagGaMpe?$9~U
zX~dE7+*Ha)O{bD7vO`KbJRbcRBzbH(;KX=lvra6F22fvBjO;B`TAh=(o#MoH-rTRe
za~_-XP}R|7fy(0&-iE^5jKd`b;C%`wXxbQZX;s?2!h}fVYS@e|fDIpsgOaGp+xEwk
z5J(S+I3GJ@yxxz&@#=xPeI;pMiZvQ#0lO2kHVPGHO%teBqSE#-35q=1d$DS~Hffyw
zG}DzS2@{^W#A^0Gi`Vm_U!bZbI{w39DRW!o0e+lcl@@zhSJ>>xTYqxedLP2U<h&_=
zOSAzV6X>VJ$4xQ+Wv09&(20*CRY~;fAJC{07%;q%rL}0`{G!{r5k=!1@mX`G#a1Rd
zg8CyLF2Ph`OB6Om-;aq#m2rgs&cFvOMYi-<CK2Q2-farUh#qmYLfPhJ{d2dZiJb2t
zfUQl)$z;{Ia-hrG1j&SoqE_CnzUu>u@;Z6t_$QVZ1I3-e&*zT2q02W9D=T%eSmVn$
z;wdTkEddZ~o?yC!mtbT|JbyJ|fHmpCs$61yr`>5ph~Ne~I~Lbt43=wmvO_NZVQERO
z*-&v)W!SK`(DX$71szL%VXIyHhIDtCDcZIozwg7-4n-p27@-~JV68njFeCBl*lkr1
z;&$WLtvpN#dsaD#{z)d8_<ZM%-w<P2JiSp@uG|obm(6JA2oHt33R4;vTN=Y7p<z|9
zCQb^m`?r<1OaATK=pOYRzV)u)Z=&%ZT=Kq)X}$3mAC8ydqR3m*reBX!>tmB3)Y8}=
z*02$rASP|jM0C9xUGqn~?|Hqh=uDaVVmjwT96*)yoDwlNHQ5y)>DmFZ)tHUR<R{US
zqDYZ^XN1?Mr!m3Zye9bO1AnuFUWQ{PftHi>f-5y=z`-C6I}VxJHa`_fW)_j&`1d5N
zIEMj3c3wt*mBB2L622@-qxQATSn`p|vL`Ag+S*J$+Ds6hEc5jRF`vD{Zl}Udhl5=y
z5XTy>VEX>0<6xN*PqcCcr}jr1eXKr6k4NQJAv8b;*`~7vo_gH9{S-{#d!U=fQO3<z
z5TnMR)WxL!k;+d)4I-%*jc2JsoAkWBG)<eysEaFJ>pP@;{$;C`cj-GrT1y@J@+@r}
zN^UAG5Or#nj>B*%?hxa8n(Jh+rJ8Qtg5*-bOUPtE(DN0pxCu^ADXt`bu2c>x-1Z3^
zrAhG$B%;#?UD!H=Q!y!}S0_;5bDV~@kP?fRwr$VPGdBr7D3JY*tbt5Eua~H|3`UYp
z^~B~mE%|*)(s`ZtrYm?7idSGAAYlDm$hUoucfu#d<zJxZe+Ha^7$lh_1As#fz>9VO
zMzLUEV26Kj7>GGq3BZ;Cz*E9N&%+pq`d^^ue+M`x@&WMv1yTP`uyrga3`G4e(DT0o
zoYkoRS490k#@2zN7>N2`7Vz(;&4B^e{}oaHkFj-PL@fe<@u@+^0|2YqT%L^Dgi>Z|
z)nDJ%tY7bODFJn%5m9lwjR3<ObjbQhjfRxvt3AA9mLn!eQdF5mPK`OXZ+K{P6S`8?
zbh96OMpv5)8`7GAv7JG}8ZEPYVlloTOxiw4q-#K3#G75O0ASvfDa&=&)!j9C@4$qr
zfvfHrY;_G00`G2O>*+y|^k<>;dm0LFoaP~)plNPgPQ~z(I`ohi2nsrRP)zqi#*dHd
zQ1h`xl?>79Rdf@A!C<yhpE|Cba$GaaI{vrxh@ZRfwzo+DK#KQcEz(yB2NNg_iA2u+
zH3$Ru)B2zrY(Ip&eSX(De#NRWz`*c`;mQHku{lBwJBuj26DH!z`X%nWqLIdQuA*@&
z8oGNHYmP=A^yAbIiGV;Lybfrf3dT$PwiiJHOWku`3NnC7{hOi6djHZH9@d|RDxf*D
zGy0oJ`C;^FPjhvv-Hp1r{UT$g<xzRxQVz-&Hh<C(uKTmEARyUF>o%CubBFS9?yTP6
z1yhjk1`FEl6$Km{q>pM@H_yK~3;W$+s-?ww!Z?RSiAEuYBl-q#oh5h995zy5hR%a&
zU#dE_TEey2(dP`Q71dy{V|G3$j}hbb9dja2gmHYY@5h=4^5#e9dH}fN!Mhu$9jXJT
zH31VIt}loBiqgQ>#~Y14$8RkQebv;z6=suqh%A0T{az07km*)OhSZs8uk$=HIq0;2
z#pidh6lm61xf*xoD*?pU;Cw8?R!N_E{huRd;8k$N+w>*R@a1#Q5JLspf`Iwwe82gm
z$xe3y%k<JpKbkobGz$v!-F7DXR7w7<*_eHjsqvkChV7S5S2)8M?NHzQ(2Q3CB`x~e
z$p;9*U5CIkVcgHeto*y$yUN?Y!Wo|lMZn)|N{gtCLf>;<!iJ%#b~lyn8so}KSbM_l
z_uaxVw*d@I`G~BY&bPc$r4mQLhsP|BFP1M^Kr!57n~KfH)2pmu_p>p24;?GfpIv(u
zm%iQFy7c9vgovddF}9=qe3j?&-vFByZ=u+*bCmNPIc%tnH6m|hc|@-3C<h;2D8TeN
zSX<_#fOPEUEW=@<r=k32(+J%=)&ki&?;4|AKj|ihz^B(*Dr84Can5?^f_iw3IuceN
znp5ZE#2>Il)iXWKezUsOd76H(v-`;j`nu@joBZPf6CLIUj*zatTe|Fi!m#$39jVcQ
zP2U3-^+4W_edeH>GY3>q(N0>od{xrn#{K!})<M^Em9}K*Rm#(ctz5Gyxci{F<IrcF
z2b+Sxv!Px;iL*3YgN-wLJXSDYoSY-6{xkQfp99^fwX(n;4ubTsrP@Z9;#w{E$@yHW
z!!jJ%cV~BBhP!@;7+A9pD7u04-g(=+qw52PR}9#+wD;bh^*M_d?Jm^JWG^aCi$1a#
zaCnGw>rO5>PJQr<gtbCwcLiR^Ub(<gBHBO0m1j)P6fZi4bS}6k#9z&Xr35z8K;+|i
zF5Bwm<+ce4aFN;id%p-tqO*~{Ip79iv&GXP6h3shJ2;qy(W3sBFV+1%CP1~bTsIr<
zHq5(wV!t<l_7f@?j*5S50u2D|Cg^2rph*yj>25_<R>PmrkdPW&E^&i+>z*&q524Y4
zQEa1+RwNhlq091GciHD`6q;S765h2|4K3oou%1r@yxuvfB2<l=k`3utS$l1GAx}q^
z-a)n0EtVO($vUy;O8aB(b|61E&~*AsS^^}9slRt5Up&AbxRsXWw9@*tPnEt-?u~$-
zy~D{p`0=-?xtthC`?uhe$?nNe59e1_aoy--2W}E_sTsM$)TGq&Bi(Cq>Y3)BzmwmM
z)~-^mZ6}aL^b82yz8N^G&C=ct|DCemX_)YO$q}?zW$(_BW@3Kf^!jUUN>h!y-DJq`
zxG?_trDTa!c~>;U%-UfQx%cDrW}zv{bjs`ixiXCT;d$K>)<>57+QlE$Yw<P+iKeb0
z+(BV4ox?Uq%XCqu4|_IcGELWyG+J}EYDU3=38JKu$a#`>Ca8dA#@@-imRwKysp(GW
zn?j46Mor2Sg@sjVv~!P-$hwjI)Z)lP5Ts__o$0U;TfV$F+6*SQ&V@$zHOhSse}r;_
zAeyZoo1B7{Ry$g}gWZ*0tU+nzPBtuhI$`@S1-WX{n4ci%S7jWDALZp3XecuT*=Rnk
z6Tm^#*P;&;%s0-+gvCyJl4|Q2#6o*z%CLC-Q+CvcTZGmaVp^iH*V+%ZyM1gESnNPq
zUjBmPGlLgX<|92MI~rvTQUTE@7LVYI6a8ejdOO>N&}6gqaS80g^6u@z?x`}W{P$4X
zZ}q>V<o`zM4`07hB}av8c6mJ0cibtuyY$;n_t)lv$R5|HVZw}K98bam#srIe$;uQT
zFe&5CXnMM(@cRLHc8!R8p$VUo+kQU@G<-E)+E9kf!spL_Szx`f$kOEa+QIv?KsT?k
zb+fiFG#$tx(QxwTO<ukB?+^`g(k@yvdTuTC&#|}iL^Xc=z8#A2E^I$*1>O#w@%D7@
zGO=o+>@=H3n6evBJzaKu){u#dh1Uz-b+2ba-o1eLAx&trm%R-7hOH6{B~wa7&jF;I
zP)VUR%DZsc@b<knC}yq+2t>#tIO6=_?CnFVS2%u=OnQPrRWU3<IaWfm{if<1Kva3M
zK0t>8p5y3sURa2g(vAP(`;LWZq5T~7>bP5CodQXj-uE-zve1sWBx0=xp7HJul8>yP
z^NYjpk0>6!J{kB(&hXzDd#j*0{x5nE2p-&myA#|cxVsH5!3G@&Iyi(7EWzD_yE}sf
zcL>1(!$5$*KnP4=fI;(Jezh-K|E=2Ee(A36r|!O=?tAV%_Z;)M;N+9OlWz;lGO!I@
z*jXuY^uP_)I`}Q+{(OEZnv{`CuXk6<5jtv=CZ7?A1q<stuasv(6MZM$;w(eFOB_x5
z&eJe+rMdA$j(L~G!7XLs0o$f|F`nbqG$A{Q8l-8rCv>3(_}zQwmgrTFSwQ8F8!n-=
zcI#>4x))T=W6xS#Qq%KuT3yjNDWOkxFb>~RpR`dwf4P`0jZPRL=^1RxKMd^ef;rXx
zA$tvsJHr<2qO#dS<-I>21SRXsTXkdhXPEH|A%D9q+r1a^=Rr@X)bL~eX#5ST@J(&R
z$KOn%)gz($t!HI|y`7BmVJ%;SmWpVWI)!82?uLZ{S>%P8eGKy5v+!P)CWLKD=EO$c
z1q+7Ipi<8J+TI@rX2#vX-`Tr{51j7Czco!v71fy`C!Y>`XZQz=n5`5CwTnsi@RRe`
zwOwopS|<mwB)C5;a!|HzS0T~vPii8j+g>-kH`SNi`9UyuuD=mikmW@6_G3G8rgxx^
zLo9PY`Usv*5m7dOx-s|y+f=?ToRkRPI3JzCszcmfV`XadgBBBs!MKva{NsLP;W^{N
z1EKls(b-MW!(Pqa1#<*a@7q8u+u%Z)tfn1Kmz(6f#V<p2CB=q?-(~r6T6R2tzf_=5
zvVT=Ikm@Bz0HgaBF}lv3n0;JY{L3lra{DHgz}oEnOgLE7bHIYk``>1d-aW_Eu9R3F
z-rH;bg}K5T{)-_o0|gv}K_E$(ImmWOl-Bs@k)ERy8wZQa{7ancHk>#(80?`m@LnV2
zu&4tOEs%2BtHwlc@lS=47=7lVw;y(pM%-ce;%$X%4>gcP)ebO!u@p^&g=29!YjVR~
zaJe#aFja4csTv`ing807mir%W#py`LX|rk2`6CwXMMh`(j}rfUlq!zAdvO@slJn^t
zxcF+mi}cOq!coB{JXC(s6H$GLBD|t|IXjhh<@0;}4(IHg=B8-IQFeLX<h%6G<6%BX
zmHmKV&0Iog0TK<7W~fBgI*TnGQGBeqCvTZ9U^pzSY(RHSjtLxX!WoS(jriNj)Uh*U
zYesL6^C#!N`P}cr+01YRYV^Yi7^gFEo<05$xs5|DHFzT1nW4S&o>v658_vC9_OtU-
zSwOH*{2$cV@;S#I!Ocg69;!KRpKmp+g2jgASWwI4+r`M=hdrgTwz0G;!tyqZK!Ho7
z?0d(*se33-VYb>7z7B?OW$~?)G3kGrW`e4en~>T;EFt47qCivGz*k946f^_WJ!Fap
z_hKRk8H6-gcpkBzytEXQE)C}VDKGXZFutS?T<|5NakK4fJ^aL8=?DlD2Ox2g45|~a
zobHxHH}}c}7JG%UsFr-$5*Nn`#onW4<vy$JqjGm(PS_ervgSM2<z;&b>>r6sN(P5H
z#1IT&@n@umeN4#&0uzUbyw|K8jHy(2!*c$Jf!Fjm;jdwV@{^utlP~{PEWFdGfA|(w
z7jq5}<3Hc{)7^O5ADWF|EBp5Fs%aht`>Q~lI#z_wR~ovBDUAs0K(kh2(EllJ?|b%Q
zPf>w{cqM*NP2)SE3{fY|tvmMts_snGJ}%CcHHN0G_1%7Q%bN{E3iABCxP%!s)n)tR
z1xty7@424)z7h>M!@54SEcaKRS$vAPuqnnbPlV(Y70)n^de95-VXmAsk@e}ypK^>s
zMz|o81v88t4ewU2;zvIeOq5zMavsl$MMX=#GkEis#M5UJ5t6b>cCIqZF#}j)whA7d
ztQvVT{@syGfE==;P*6Y*tdeh$3)`9Ri;=@=U;9lwfH?<W=CTjE`EH;pxH%ukN!>x&
zxDNS=D`dOZPV5Ctq`wigwPVuETl2D$YBJ@ivlf=<!sN@PvkMbCkX+Uu^mj|Lc9U77
zEQeDE|D2lI%YIpmDVAUlG%9ute;VL?nA>6L8`N|ha1eii7dYR+0S-^?V&-phwLO}V
zM|KZhmW*|5F0rOgX-tjoee-+ztPFU6GNP}sN_bcH0UEI>hmyKPa@4NTzFF~R@>UVJ
zC9Y0+u=PKIan_>iJscx9A|hR!{T#^U@(~e#i?wcCySKEM&-b<`#J>5y{IGpwEgJdz
z9S<0{WU6ncfOf6P8^u@L@k0zWQPV&#Y6kTAywflkb6Z6;6W>)lFZ3C-x46YTGWco`
zQGALrDVaLISc|#K#iCFOCT;!BYj>dxI2%*$(c?C7djYz*x+W8p@{7%r?1}WmziG7^
z4u!^LaTYl`DlkloFV&8|_*=5buF3OhXy`%mFn;S5WLLra5ywK4!oDr!NM`~lr&z~l
z6xIOG=)MvB78ZW!<-UNbkWZ{jpCbtoiuhY0V9X^KQ9yZp&u~y^7OF&K*b^T*2SuKd
zfYIv(<BC@hD!p&z?;j)j>EpkRX}ky0KF#12TG^mwfV;UGc1XhvHPi}kp1!;f2DbNT
z=5lSL-<HNTqOFUDpuuF%TVrIr)AOiQ>EcayJ}CZBzsUc2_EXWRthg^v=!^0<?;`Va
zop2r0;NOu`hYiWtOpNnb;vkwvNxJY}rP;B3=&P<5R@aAI^GRZkVSQUSel65{-^M?m
z$l%BN6iW?NJ-(|dPUUR)l;CT?B)-2O@3iyWyl}qpca3lP@x6dy_B>2@$el|~MZ|mz
zdwZKYk6{k1S?rkNQs^(DmuSZxF(y+$%MfW;HsRRpGZmi<e_*e&f7H?*{*jR#{88)a
z3Sd-cSofb;Rzo_E`NlrZ&dcqEYyL;Q#ex4M6YusBcV&Yt)xq*vNWY@YtSK%zl>XzN
zu^Eb;Qlii300_o&kM66%)2V%=ecN`f096}hKiOER6Y3A+{LS4*>l}S#_W7^;t8-7_
zn?v7|q`$I)1EKv}Ny)L2;4N=L&6Z=9C*L-4Vzz1-kWBEYBg2vWspcSTE?5lj4$Ly7
z|L}I7l|nxK_K}W7W$B&E{abqyb<bw|k_xKL1U;q9hpZ!r*k>_{^0q9-7z6jt_uvHC
zl5qDCm#5!jVM`_JNIzKi3Jt=}_Ua1WeNv`(?>ubgPIa@kjUISnhKdOGX)9JUXG}F?
zC7^gTZ`+=py;NMnel%@rEmKQJd;?YPp|5zGRv3z~KAQjzc6L!pds^Tcyx7SXa9=Qm
z9Uf*@1!>fs`M9#O?f6>`<z)~K+XfwX%myBhWj;@raiG02W&BHLE}4P~x=PY^;e%)a
zuX#86N&`j@acg}$cwT>k0GCuzg9!3iREF&X(mviJ#I)pEK9JYoYvd=bCk64}T9jYT
zCN@|X7sz>7W8E&IA6|?cB6gd3QXbFO5#3LLvVRM%t{pke148e;5j5<t2#-)~Iq0}$
z5!b4eng#@huW$vUq}Y~C$cgGp!w!~$VTGjw;buYVuw(*_#j5iJX)JVrB7FerdHja?
z3vca<l#=uF^IsItl^5TY=R(SMOmzJh!si3D7v2o3x~fa2;}O^3O~!i(K9R`0l?UTn
z&&4^EXOwF6PojMq09o0}8Ow$YvZ&}vM2IxH0xMlnCR_%*6ZC61o$g!u4?8VlL{FH;
z(EM15d_M<LHt_RtN_f>3Bjbzso|KypTS#dr<9pR1SmW|SSZZ+-k(I1g$w17fSn6Ab
zz^gko7sqKGdS|u~y6f9(tB*l{zqYAA{Z)v#xLYy|?mOfU<#xqi4;c_EzHDbJs=Rb&
z(w_s@p(-!~bygv-<l(iq(t{oehGtA15oe5;1_^JFH05_Yh_3UGL&%Xx4f~}wCur}r
zN-QaO^jvCce2nLVg*^{%_TfTz;%TR)Uid$~0N-9*0ZH=2JS8&L1bg;P5cUjr><j+t
zP4?=d->{s#Bx`Gc_jB3v{J>wpY;&5EOflMlGf)`t2Pt>S67uP5@W5mD(HUnSNHdqu
z8!f?Rax)HS?a`|uK(&XdJ4NU5R+(eTUsP04qKRE%&ucF4H05X^pa*b!;`Qfzhi`kr
z)RIyapq8$>I_7h7r8@p8zk@GVl$1wsq2|()+~8;hq>$MxP48TMoAh00KTEGW(b_r*
z)l)QizHnIO^*zv>oWBWRDzZW6w=b|h0kEu`t>;PV(eV#m5RF4fS@nNkGfrTWmd9#>
zjN=KFVG~|&NRJ#12mfWynBgScZ(-O!-@xO5ujGP1Qv>hU0Y8JO@rT|6%&uwxAf6>3
zxeK^la0kaERJ)dU!ZNhiI*pVi+nqF)-%?R^fxv$b`{=|`GzTdvJmLp+A!#<-Z^&-*
z>(rp1*J{_QpRUNt#N+NXWd07-dfd{&#N+8Ko$oYXF3<3g$irnSF!$#%wqbj9R2U`F
z!KNRcC{bGw#aUHvcBrX?uf@miEuzKWnNK8=E=-ZAOXn|L*w-tq4r?msZ)$V*IOMT7
z6Q}{i7HDZvB(gVxMSjisW$3@w6Vnos%%%FZO4Ab<uAUK)f%uQeHGd~$@Om*uGl;uh
zm{LvuT!4Rm95ib-L10cfS~gd$x7|Yo{3{9Ki97I~&`VBmU=ga+<hCKuglh2+B-F_Z
z(a~l4e?_9KM;|1?cRed$RB8NY)dx{3*A(t`tgfG&$`53b+uq4jl(UCHxc`6F9<d^w
za1dS77;LK;=Ji{$5z@dg$d(Ltmw=+Z?}h<G*_Ih|P@DNFE^k&iZ+??XP||ggM|nNB
z9aGJ9Nz(hS>@25m!NYz}?^>3Rm8?C=@s9zDW45FkC(NLBKaoB5&Y5cGFNIl}diqCN
zIX&{+WyvDOdhAe+n0v5<wepb-mZ*qJ-&_!0Uz*K)Gf9f{(ffR7hOu|^8}z<+-Mk2!
z`EThwtk#5S#(JXU3t%$MmI+a6P`efXo?0b=Zk9G7aElc`JzE)10BBQtMq&K9MmqTN
zvbl$}^RQJ@^V4as0=<FW_VKmslJVeu;esCTZv;{OkoGP?y~vK8%fj@5V{P*w(1i-(
zGLG=CzdD_p)9%ZjpA&E_qMuc9Rev_0c8_A!)Q)R3`?i(Xs#KMp_h)+4MMcNALUrz1
zAS)(WObb(aTkxpNiQIQjao+5MZl5=M3dVqq(T}EAfVRE3@$s*h<qf*spSlxR)il{=
z#rv8RlD0D>&Js70S7OrqCPdWvec89%Uz32kILd^q%9Vi=b%&6K{k4f362DfVauO-h
z!eMXsZ;{#(iqG7Cn_FcvGJ`8zO)VKY4Mc!wBR+b&3maNpZKa9sC#;0&`Z}_|QjbCh
zk%8N%Exq3K_jZqP*&!SPcx~V|3(HnJ?{vLtVEqS>Qdhkd^LQFIfd-_hwqCfct1n5o
z8ARE%V6%1p$L#|thm#^Yo#SK(>cJbeb+qesit(}P(jt7MtToS4QD)YeMzH0Ngx5mn
zY&ZL+o*pnA9bJhf|2X8bBz!SDy8I;#Yklj#_^u^|u!FsyAt4d@sR+UFNuzU;KNhpk
zf-xR_(hHS`S#vyXx-P<56CWF^XMrX(y0eqwmidhyy7j%FMl^2mhb`Vuel@n;No`%U
zP&y}NBdSa~c1>I@ynHTc?6+F^>@-@m*j<mbjk_{hlZtE4M8s45eC@4R&)3uT2H`b&
zn%%rX4chwdt(<KIua?FT%u2XFCMt|-Ke$Bxh9d7y;loRGqh1&)_=&u%BLE{;)sJ_N
zSC7Xag@C}mC%E9;C=^wPgpVwGU9o(XHRGK&X8%CeT#>E9Q*EMKZK;<v#*@j@+HIn4
zB2r+f+j*ctu<kZ5qLQ5Ntg9GJKw)gx4Qr-7aodLaQ;-^|TC9;a&`wZyTCDfYzfQ|%
zP5AP;(kLdjKvfMhksX_jQ`s;kwk%dj`1`(c;08zizoz{9t+k6z0cR)noC!jqdiRUm
z#o|L$%d7R%dZg(dAH3rG<0KT1w5`#dRd;$4I5`Ap@_2X{{&Z)|ldPsFQu7skcQ|V4
z-_otU8T4N&XE5QvUBr<A<!*&^&u;4tKaC#0Ii1J>V6xeGuPdN?pX#gwuwt9D;>nY&
zFD~uiHtWe&=$RyvPovu=;i2v|Cd#S1-t`WfPy^PymE2r#wA~EpvuMug>uXBxS}5<c
z>UE2rP^!#i#T=(#u1x#FJWYT*?tt`sCgN!I<PSDnhajx}Wh8T(@+P};CzL16zy1Cl
z^hp!S@2MB3&Uj*OpK2Ew2{{;S-@;>8S5GGWvMEMZUoKp%95EDhh<F&5ei$y@Y(pM1
zdEcf^F)_*ChuvQc4!N~d=ZQPI(wLK5O6ciGWHs^Gwi`Vwf8k3GLY%03f_{r?X(rYJ
zw@RU*ww*nVYyI)fuu@6@;3(3`y~Cl<1$&{fU0hV}eFJ+r9jF7)K=o}^TKhq6XYkoL
zbAcVbRUQ2eC=5{woj}0OQM;1&*H8LOkt3+)h|}GY$KPBVZ{*Y76XDXGd-Qv(yu;__
zYJxy)y1WzwOt@N_X|m^RJwmj!FU(O+rkt5tBFpu$S?fBUoY+ll*~B%2r<*6;Kfb;c
zbDThfo|>Va?3bb}CMy1U_ann1QXiwxhGJU28SGv%qM>W-Vzt-RTUv@|dg$h;HgIS)
zacFgJZR{IjstcN(l~0bOEvS{zvZ`ihKW*K%OzK2*KXq@~)&Fa+Yu$9{%4p&Mk#N+m
z>oCuGm>7$CDLH>QVUeE>k&gn>{IQY$_q4paOiE3iNPrQs`}~|9VD6}AgIwgUe3ZS+
z_5z}(MMZkIpUubcR@sl4ousteMUQi}5Hw`|7B_+M42rvT(roQxHr##HQa1#pI=wkV
zz@2+wPpqp2`IWjkiCElQ9(bnJm2P5IW56vaxue9LX$kR%yJ0&y1%<H5e0<FbW@VwI
z7a|iRT5)e_n2QzP*VtE<PBW3WY$jiza_^9cg<-A5p&|K5xnfbP?7i_{o0OBvj!*TR
zlVa#GV)hoib955j!^CFS4I==j;QhdsUhAIRUuMe^5=|LfRPO4V8Oe!!)Ic3ItB3XO
zfB#8r-42I)9u2feAa7z+laooY0D3Zb#2Gl1OD8)xLnYVWd_uiLUNjz_KFCxdYZg;q
zy#1<<_BIxihC>_F`Go#~`o2O8>eJI5ABtGoP(vC0U7g=-6g6Bns)edoh<fmUHsx~z
zcGWIOq_?iqWEd+s{9->vMM_OjGRY$oR$STpatr4}EEll&;R1=hPT81?7IevR)AU-3
z%dZ3(_KI){Kd8Ey?hPD47GPhGw)Ki$FO*IC`F=hmko3cDcO~+d0{#^iwbCsk5Mo%g
zGf&%_lAg*i$@8q*aOKY=|M-(eD%w9l6ddqzuh)aQ=#W#HfO4-;3XWe-D|A>U3eKO)
ze<s?##9Wxcv3rFjWtLGTC{aD_j>){AjB)PlH<1}nMBgH%CUj6(PoC@jC;wx$h16!Y
zKVFvZh_l4^6xzb(Z)yn}0o$v6St~YsV25&<BiEM@^&-DS?!zx%3Ja^-2Ed{YaXH9N
z4<F9#E$t7Y-l_z@14t|-RaMoRk0I9HXV4Dw*9jX|)pT_@GVR{yeKv>wZ+Qo;*0;#m
zi8K`yI2qqY?&@6=4K6%8Wm?A<Bblb%(J_>0N6}G_d9-v0-IX#=hOth!^)Gr)=yBjp
zdbDtPn$*7&ZDNP@uFEBmj02O^9AaPNqU02V$+8`T7RVZaTr~8&0bxATZx<)M+p6}&
z6?#*aB-#txE-VnqAEG<Zg&NCjkxe07dj`AAAup8$L}=I_6R&O_J`a}Ev-S4$IEEu>
zUv=!{3Nq<}H@IXgmS8VK2k}tU%Et9BYLwp_EtUd+^|BM(sBHYUiLIjpR{HbvUQ-Ps
z&(H^HP5WxM#^h`7{18T#`LH8UuKMb9bs&}UN1_JUD_T1R+h51G12;{uvme$?@_QN2
z&<Gsx441$JY0r2GQUQTLdY#_`6d7O)&p2s}9lsv!dH)T~E_3Ye38DUUWxs3i6>XA4
zk4z-3R;vMmC<#Gy2zrFBrZY|_n)~8)+L+dUcbippj24~a$LSWJCl7q3&mdj^H~q=&
zO$tuou824>vSVCf)d70*gj7}t{%ALQ9OCo&5mp4Z_4iLRd-u#ELD$rr429H$EtRH8
ziV``0c5#*Ya9$5k(kO$Q4=o(bhV6HZOpEmG+qc#8jr7c^(!HN$zCr&*u-;DUgS9!>
z`)}Bz9NTCoLb0YzV)xCdoV}or<tDt(M{|0F5Gz)d#lad+IY-kBgNjN!L!8uXhS=l6
zQqGJ%sEfkm1I4e8iOeGcxT$mzf9K+Uj)%IfGZ4Yrt%K&AtdcxpHW5={1~gnADg5<g
zA9UwH(|#gqhJTzZgso~n3-36+!xuF)diH{1#hp<Tg7o$X1sgSdTU=xLAWNf4THM{K
z8fvAY#t9H|K0Eq-?jFNRXO=Mbxk7Af&8t4c?W<A&=V#Uybhqzb>C17vqzvX(jS~(d
z{#o5e4J<8kryN?A?3EeXCpMDbpj9^CL`_ZTUPHy(MqrcM7%@imqs7lGRg55!d4#A8
zBtKg$k0skJ;q&xf9=`~0CMGF$uebL(wD3jMTS`lzJ!==v_e^LctCtu><67)b|Ctug
zRZwv-F6<n{X;PY^!<L`l`nHH-{THJ1lxGb6e+J4o?1gQ)P-t?DvF4IqcK2y!=G3f=
z9LVgq78v~nsK03b_{Zmj;sP9mrRdMa!cRrDd6zm)WmVac@X6+on^17M<K@5Iz-Ol#
z=PONibnfvCzC<yx0f+mn;KW3-cjay{M_i-vp)uSo;YTrEBN?7N?DAqx(V!$B>F9P@
zw<Mmpy`m-=PpFJ<((5A|t0Uzt2Ja)-JUMM`A8c<l`{#mhekV@MW<F5JxZZTLFmCb{
zk7bjR881t+iq-0Y@tGvpws4fp8rMOHRXOugeTG}CyNm-bg_MkgcD;BTGp2-{!hq~`
z2k)>Zl$#byK>J<QBvNR>cb$@K>+g<t$_^*{0*f?f5m2EqjaumOeJn4-d+ndl79lu=
z@3z>H_qH@($83S8Z5mK-m0}3xjIQjQ!}6t=OUdU>8-=9IOMU_u3I}ruxbXOp)}<fG
z0rN?L@7Yy5TzC>FvlX+u6W+QKN+;FMoAyMvy;p3{)*arJh~{SJ2Z}dxIL<Vg_D#D?
zHg!^1gSw%5vD49|Q`=$lvZsUd_drRRl!%vzq4}DZ{etpg!e;KI9akDq%w-;YYY^x9
zjFu%OYS<1t`ej1FOs3~W{xWQHbwwEFZ_~pC)=|#{^}>gi(1L|MQr^+eu@&)5d;mC#
zr`P!>HPh6$H_<ppZTH6GA#aauE%NpMZ47-qABny7H7Bq#VEpf6>kr*o5MhN|p?c>k
zs9vHxsdj=i*?NIYr5$JYjgqRT{lMMF&rLa70A*`JK-`)l4)AR733P#cyx)}+yp|5<
z%D|M~z5DNt|J+ji`ZJ+@w^Y&Dp{?ucYX8`G_E07M^`wV>uJ_SDJ2dtcOS6Sr7`#xB
zGce}J?vZrg!Nu-rV?D?`#L7UQLkd_Qg|AaH=KcNL#W84)KED=)6v+5ZU0t_}HIcO@
z4KMG1B}GJDA4M6SO)=-8M`|Me36RvyC#wEqQ$l-!!+A41ALOK$>Cy!=y-Quv5Bq1|
zl7hT$iVJ$>vQ}v0FYer2tkmYu1-8+ZUiJ@=pak}#2^DX_b{U#s(4ehzttGwxYX6&h
z>I%P`D-Hi|NI3%S+^^&fjrqwU)sx_GB=|2II_rePRqJy_fsig}ccsU1)tW)nJt>-K
z`_R@lY)!4a%Z~PFgbc$mLHmWBr}YBpAMH>9Ai&&=hCVn_mb}k)$@XQn9x->rP*OkO
zaJ0|aBcD^aK1e(G{(gY+=S1R<BIYANqFk>zmAc71>fTG&c_t2M!dapIQZ;YB-N<d(
z^kbWPq1l{EyF`bH!#4N*eQ@~SY<c^r)nEVB#EwvYKJ3)dQBuMJD0M?YotK)y_OU<z
z^$iO?octGw$N?YhM*4&;Imz5A-e4X(%V%+LCyX$`L(m9v7Mq8{Ad5|F?Pu`f)_kA{
zx>angS_YJ8ES57JPuN}q-`8MQa>-p*#BK1ew9v%v3UUYjQBHT_cZ3X4V=_@o1lcJk
zj<&DOyp+s|x#4fMjfJiF0Gaa^D8j3dzk5q;p<Gn!wPTgUC!X4R3E?Duq0R_UcMD?b
zHYz-K0X72ZlMJHk!L4G4zt)64uMLH9<iCe-_)R$c39fLsBcrK>+Sm`AeLUS;4|U2v
znI@xPo>onBepaE`m1u%SnTmFzNxxoR7$UEe5H<Zlr_~Dl;3!tW5=)Y$LO_x)X8Cd~
zKSNc}o<cpME+kKcsmGq7YHPYZwP8IV<=Mc-H@$2uMv6=Jgu$ZAHk_@>9ANKF9>?=O
z+e3E0NFZ`4$J)gGvsZ_@ZXTgkleJoV{Q{LoPU{cbsyA~>OUS=<_X7in?uA0B*5$@$
zinbe8=kQM!V%fRB(kDxQ5Jq?Kr_J>%J=Ey+kUwg7DT*Nkxd-`ebZI3rQFk>`kg>_n
z<H^Ac_{aGC-G1Kk8fPq#Tj$LPj{XXdP0lahzc$i5+m&~7R~iQ3I&&d--$~<4Y0K21
zzWxFuDrHRA_?GZ|&D0x~DBn4019Eo$8{-r=QqO0%<Oiy-d1^IL<Rp8FxX=;CLFqu>
ziE|Gkmjgl_ADSrX*Rl@hxp_BrWeL(7$EVE2J@(bBo;}2$1BZg9ogPutv3nob`R~u7
zKh1w3@55y?{)3UE$tirqjVZxh)&61i4ehrh{oVPTH)0(M4uLk10}`fBll*Ki%(<U>
z>Ge$q1I!Ii6Ampo`6d)10mz>vuRTIEPA(@}t&Q5c-I7T~UVDk~3j=dNx+_jJTe-RL
zGvXfb`r)Fa_<O#tHT+|=-Jx^n{bM-dB#Ix_l3OS6IDoJjJUUrs$8;uRPD6qZyn~)@
z(flmq?PWddA$EZR-J*`Cgr!S(K`jUGN8z~pa&N8#s<x^|ee-SJ*#K)0WYSt6_!{6t
zGn=ySQQ!LwNQSjra<;s@wyc2?s!0;=>g625s$L@yfIK2}n7Sk?b(5(j{_moVZ;!b1
zJkj^|#$Ww;6=qaWQ2AmR3o&XD2n;8``>)JraR@0FFP+OIH5TQAhIf_r@Net;y7BXK
z?A{FN^_}?(Tu4@Tgm%%_oudK-a;RnYi_Fxk)w09yj*E4g`&FtG>_T4|e;q$j5JPST
z$;-MTI>>>A;=oMcv&Gm#=lDX`{;So9@PFk)ORuUH_}4j}1*R-Ha=uY*8U9Kue)53~
zqfkbR|F}v*)_sZT;(TOU>XAc{L&e<)iQA`WBIk4IQriBOgX0oj)T4LynoKi$@7hNf
zk^aH(n_Q2xy`$@&C4Ay?QUYvaF?;??+JWZ7j9?d-tbyxAA)66i<&5KNWmOL-v&tUy
zYr}pH`PqVcWdEhw>VlM~9zg&Dp?j@wO6R!sqPJJSw-(_MeXh6h8GcVlNJuJ?U$x>&
zrf&z>H?{#R<w2!yw2j9M+Z!YJrQ<!O`tDn!=+7;JrED^ERf$@xC;@MvJH=7$ky7<r
zVBvtBZVf>J@Lj-%MWCcVA&}NbLdWC<`_IEQY4aky`H+5UqbX+KrexgSI4L2YE;*xD
zzRTAxXxkCg6&L9+>25e5>|Vnt7sxsw@k=zGCzGb%{r$rBhiYuPHi4pgS@QxUIiUb7
zuwedUMGMh8at1iX=8RN@wBCx?R1w`*3CqOU54yBDKN2}<Jauw~vO8<P2)E~hzF4q)
zjN#;c3*>Oj&T@YB(y-!vUW&7eIc;`YD<{pn7X&gGWRY=S4}+Nxb6MUyT!X)zZNQ)P
zMlO*3xAw93xApRc1zZJ~?B0sXbr*<)U49k9w?VFw^_Z*~m`U_Y#d4<u$47AM-ntpy
zb4N4V7M?H#!N{oL$X`9ze<2O0cZ2<}JQkU9Mr&_wwYDw?j=`_Y%`Z32D*K29@)N(j
z+ky-%Q5rC3XhD;A`Q{5!n&}0x;U`VcYAZ!`PY;!gYh#y|NKVILBfOTI?xfl<U8a`v
zrw?xwh&M}P!XK!-w&A7Xbx@S9A<diUKR2G&-;*2OxVqskMy~DDSx5dE?aqpY?XKiw
zr@L;1H+>L%?yEIohAn5Fjh|cJpc}?={uk!nckgw2S6As&`XRhwDjx{+w}^;;x5#2q
z`TI;-2+?(bg2<HV&p+1Q$liU*D;&K>9;6)O<!r_F(;e)fT1HyFqZR~?ee4Vyn%8eO
ziY?m^Aze3r#CZf9PV0X3qact{2B-@R<7UUFS^(9sEZon=!z-}$@q>^%Ft}+vmHDZ;
z@}1yh1g~Da%jqE^2WYCGM<bdz{P}9ESGF8})_lhFB{*4}i&>XJ@PNyJh8IhL=Z?`7
z5%Ef}1b85P&)>C^tmC<pGRg7$9cF+5Y+)m4XbjH@^%?-SO@fC0|2heK#$08Hux~;2
zVj#TPxI3)*H+PTczkig}E_)6Pzf|H6AzqHaYSt`-6~2A3cl-9?z*jnHoi?c<N3Ap2
zDMlUh6NX{^2tG;CHgafVvw`t%&5ztO#*(vZC7G^<n{t`FS;*xiH)`kQSol-x@3Zwc
zH}3A1LLZ@EjW(8~Z;!88EV9p(c^Z=69~IJ^I`2m=gZ5iE<wMr}xoY)GnUzKGFsaG&
z5e&Pbm7&reRnW>CjoPBc;D8H%jS`zBJH47P!OcI{XSH|ZxAoJ0N3Jbu$G#r7Mf6Oo
zK_QwNx|f-7>>%O@lCy(6PxI}XDF}R9$9ln3-#XcMzVcD)79Z`FkXCrio5R28NKKN;
z&+I!40^3O9riFpg(7O)!N(Uj3Xtb`Q``!q<a5ZdFz1muvZTO;W(H;hlvVKW}i<w}4
z@@VKA#TWwgW7Xe{fYjXPYlJ*FJz7xPdTk>b{eyfzl()VgKjvf>qK{m-Xhs(GsHR9%
zPUbA`Q!{@q>=B;F7h0vWbFnK)2bkN*1z!M;DFNC^FUV|BvZpBsX)W8PrY6$j*T=O>
z7^tEtk+&5rRS;{bx}*tfM(NeUG0(9n*=Sa~qrGg0awB#8j&Tqu`t4#WuK<$HIS1-S
z59BQ$cg2ijO*6*Bd{_IO+ORH_zq9stdwr5n#mMCPJShvQaQAAJ`b1-Ji4P-JNRto6
zdYkUyiX|yY{dXO+3{4Kd9t`qq7qY^zW}0$#!Ujse*P#>+B~b6*8wH(f&CB@pMfzag
z-&Rze{O3?tjoDUlizGSo9zKAnarkajKa&XDF70Q1eavV5Dgd8V1@HH81&ON;^EhPV
z^(Z~@3Aq=yvake+vIaXR#!r$MYJHLNJ2I0LEZTbvnhgY#$wQRA{U(@u@ML`#c6+EJ
zKO(uA|4{g&^EFcuo5T0b5^JL-^Ut9-nE#(a{{M*looET(=JL;>t(&kPq_4oEi$kei
zf#40Y4w(jjY33I@)lgWK({pDPHTLEq5dJG0b;htHoJn8`2!8uWF(h5u?DDkNEB-*H
zJM*yfEuMMfXGWMqDJvgkEQO(nil(XwYofO92c61#?YcyMEEz|a2HS-3L|<GtR+~j@
zGdZnuQ@f_7U})B<HzZemkg73}?IP}zbGCGn%XE4&LEES{o8WwL;5y^k<h3I!JmS2(
z&Cb%)@f26aGp{Y9j+bkp<P?uRCT*<RCCY4*{X30>(0)LfX89DlSQ)=><tGmgT*D{4
zO`moQp=0Sp<^t1rBxFMjs%FP&=RJ`GO-$M^>)x*&>@oY%{5<57fYR@nFOco2AkxxP
zz|be4$vrY-*Hkd49=CLeH5tYjBBB`Om@|2e^|rbb_C?gNv*2&*tY5#_4$T6{TbkcL
z|CN7%r=&_8T85VLw%Cu8PKdjBT2*6xay5qs=*O>8wruvj+fR1F9@%)T3S>AFONFG9
z<C^^+%eV{DjX7dej};89oMo;1{7Ed{=jT|Knqy*VyT{~II(AN%ui|mYtf*#rIAm40
zd?{?AAc?j3ks_-?MK)6bM>mB!r>!Fi$3UT@WS0Yr(#7xgbAuhqc+Gw%jI#m?9gLqV
zz}R0nXgKsb$doL8d9YTRnjWWpIZhdM#H*&w*3!LGPBXrDB9X{bqnaS>wo{$OdSrf^
z=V-5Ps8xQJ!mbIz1>w<n1Zo#$mGOew0mfF&0^Qx5+=5h?!=&i<K$WDq3uD@OLx~CX
zvlUy&JAd&pn%QMNQUBb`r5ufa>}j%G=o;4+UyQfJnzG9qUN^1P^MDnx#jhbC#3^*6
zR6aElKFrAIs+y0I)PW<DG*#a!;l@Nz26i_YH>-cMNJ<#_vK2G#MVZI>!HR$~V{682
z$k_aPVH^xbJ8>1uLG={$1cP#2a?Mqp@}PMY4s32I)<w&h?ds(*A86SVbc*uC&@oe^
zqLzZTt}Ov(<xB?GwfAQXn*cLIne-hVg}O+odbV?6or9k(AF}~2O5d_lx!|Sf2P8Di
zXLsLZCTOb=eE|%*%h{fIZ{=@mc$W7AKGoT|1K<-sf@B^IPOZ&m=QNG5N3fZ{Oluvj
zmZBcwAJdGS?`Qw}iOF&+YrodiY4y8YDNQxIvRe_W^t&S0KZfws;owK;@_+Ha9@hT6
z9|C&AChkfYTlD+jY5E0RA5L<ds{KJyJp>}nfBvD7`2*9nW!c>mKe^}Ywv(CgsOrw=
zIT`_RoR5cy8&E;|f1FQSB&9cPTMObD7;cL5O(_3f9JKx!(ZT3{C+%pav_a;#!1XfW
zmy4Cn!wG|#Gh)~t;yj;cNS&~3v0C+#3s>=p7-c^(OkBtl6*Z2lG8WZD=i<`tJl|1h
zC8i_O<>evqoc-oRMdQgnKu~WK&LekHR$2tPHE{|f&-U)1B_%7Xc<dsI_l>M=nILmd
zZ&+8;kmr4axgzFDq0AsCz^N!<%60<7%d=04JCS=vjrOC`mjryh7-u(p5husbPU`49
z(YDYQ*58iU^^61h8K>;ikvsPq>VVh0_xnZT4J6>NMfopyZHgIi%#3KW0!RFu-K7xa
zfg<7zT)CQo8C@o9uiFBj4JYzjSF<WB$f)VC+S=d_k$}6qmf<0DvyEM@W8T|KppSUp
ztN?I@D!ab16V0AUez-I>YMn_!0U;ayXE@{;5#JRTpPa&@(BvD~6QK4|zne1v-=S4j
znbzJ+8__Ss;O@EbAS8$(7vL>p(Hv|?Y9qb(J^7$N-BEW&D^0l5VfJ{Ysd~Bn)bGq(
zm-SooutPvfqgdY_Wq^i}qZ7MFjmC!RNu2qTYs6f)%H3>fG4J6=alVOzyB}aCdJTdE
zXN_j^Oddk^@Tv2hF;B4{n>1Yo0j3uS<n;}2?cZVkmPJTqUt<1jjs|VlR+mcyrKjdE
ze<26)dPk{B@e!}}PBg3j{`KTeJ4DB|(0?sYOBX96PxB8$#0VKg336j^mA_}z_oJp0
zeuW5-!$epOs6DCKLE!v(8mJ9q7bT<lMDS9iagOED!&<y+Lwb>OQ~2{&^jLo#QTupZ
zxZ#myag>IzF-=m1XXBA}^(>#eWu-M;VTMH9_aZnM9lM0ZnqKr`1t&Iemd}28svjDb
z?Ui}3dHKh7<#Z_PBs~iyca@UkjGV9;oe4Jjx|iTwYU`bJ$~y~rIMM%r7e|{r|I<%C
z!7sjJZ>oE<A6nEyVD-s(<TdasMnq(!{F}R{wcm)dd(VQu2=||MWDMLx%g*fh*50Sq
zp4Oh8kp3;$Ff$rqd!mjjOEkC9q_VCibv9O(bJr}71dO&JZ>wKxh%0751-oV}(T|3<
zRDfgr?d;hl;2H&a6Qw~sa9I2pLHQ<@Gs<1}BI=V@g$46kS9g0tdi07ciwzow&(iM3
z+OSG|_J94Nd%GyPm#AS!zrp1!#Ehmw0{aJK^VWtrOh6(U&33&%{G7+DdyHPul1j4@
z#8HMv5WiUW7*WM0(^|5yDOB+FF2j;|Z@ZoQRKVs}h2Q>=Lj*vu;WSb~8hIIVN=Ii@
zE!&V%4nre{hwT!d^!R^#8bI#;IoO5O2u98$;Va+%Mn@+<puM&I`mlL~obB>Bg}8Ke
zFV-9;n=DL>27eC^_{BFQn=&lZd|%uz>v0Ot6-=mUGjI$=t%$jeH#PDK^O>zSaZhsx
zx<IX9Hln&Y6&eD+`n#KY6w$q#ZLK2*A3=N1T|vkH?04XcKDNK)aGFyM(5Y1^l7z{O
zO*1kIC7K@dWX@$pdok81-8Dwye&@3Ijb_(=0&$R)0V=SB-aKu~7f7GY%+!Q>fO$4_
z?|i4`vM+BEB3ZcJ#g@8tC^zxBWM|VEZ*g=(pJ!4*-K$ISqOhlRCeepsgaYH?oBTrf
zc;7e@Uegn@Vdt$!a?cziq@K~&@CQxUL>F{BAbz0TY3(kY`;x#phiS{;^BK{Q;eF;q
zJXcBGP_cno=Ni)RUiI<n!RBGq%1&GQpTN{>LJD09PSRE_E$m!Czy`iy`m5P4%~HXt
zY=dG_&O-O$WGoXs&r?h)O&)$0MO{<#Y3}_LDSqFVsOe9(0UKCO@V^0q2~p~Nn%q1j
zT_ncBxR@W=<Jfhc>0Ex0i{=;?(5DNbjI3uPCxY-3f@-oIV3I2x5XprJ)_N`EyRZTZ
z`YS!Z`pWw}j=rt`SMbG%(l!v<_yPbTGgQa2xHVf92zUH4n+Hq;-6kD&$IwWqsNJXA
zzQ?f|Hlt3nW-GOR!6c>p@Y}X7HJ>PMByp3+l$49mYs6o&2u??E^zNYf&#x3eY8bSG
z<H*rJUf@sM3<f?Xesm?XTANvS-zSeYo2?#vs6Qy5uB|^^#QWSUrFp%Re$LHrcCBlR
zO;)sT-NF<<CWeZn>?LMpccMDsfhbwuq9l1<^Sj5`q5g)%;ac=G+`Evmheo2uvhRyk
ziSYp<NBRRtNdFEfJn1DkSX$iS{5p+U#fhB>T^0d-rqfQ^$AK_ty9dyVwtGaJamF&{
zCW;vv%m4m+dc!y_aDU{gFoyn(8s$(N6_&YpHSy&dW8re=Opa}pt{2R4zt&*XJ6AQ$
zp=N`sPF2gLjI{2(bFKC|{B*SwX-g396&qT*8>g=kK2`YSd$=yJV@{1&mhP4W>fihL
zc!moG(mUmfi%XXT!cy9~g8Cl^Lik}RcM)>?y`ZHG(GgRJF2D>1RKvzBc=X*0E-EO*
zm#M9drt;t8e{}aX+j6<X1STjYedmgnm`Rl5BYe9{$QgYD{0t?(KTA!&XhuAP#Y!~v
zG#uOA=ce8NM6rn=L+5AD*Ux`q2{8O3-N{ePM>HJYa~&rp+(+Kac>Xe(uah?SWwd6?
zlcY})-SsjV6`>#{C&m3J3At>Ah+Uh1iKoL11<Q%Qu_3uoc*!UzX9*uY8T_eJ6PM(_
zoNZ1UyWf0mMHB1E!EYJIo#(yV-sO9BsdrP1L2tnI$%@8uHvM^YWz0$2Z?06(`8Hom
z1|P=a*f-Y|HXJ5?u=5~TH9KhnnHw-=v-^B<BTBq&8-Y_`MZ)2;6AszQ45!%WCsLr~
zoEUdNBc&k=;+>rFml1IC1c5++-h+W)001Bi=n3Vm4Ia2ekpACW_qyCpNC+u=E-9mH
zi3RKLt?wr#H%zjF*M(&p=0jOVGF?6UWl19d#|aDda2}TiV*4Dc40=Z6bt692Mt~YM
z_TgfOx7QlLS$Gb_PoW5K;ZJ-Mx;!tWNzwhW%h<0;s)34~xAjyy=OO5JAcRH4E75Zv
zLSy5w;S12918J(iR;HP^&a4Wy>ivYPXU3bBJGz$#eC~X^mE(TtR8?<qZejDLew|fr
zhOfn*N$|}9kkks0QSQPo74Q%67w|eW38`=LgxL&M|ETV2V)gSr5+YL#=vBqOSUh_1
zzdOXxN7&ni-`$7sVcC=Esj+HBog$8gUZVY>Zgu+%g*^P-`#;|Q`T75*!5P32&vEcS
zad4UQ2gu;0hVk|Gu;UVI10k>XhP@@RHlqAswE@3r{#P_{XrWI~b!1Y4^{zVoY1TuB
z?rdG{@1l)AXGlM@$*>;Z00ze2#S5zZOKR4xH=G5ajF-pkpWuI0_QyVviHJmc?7SJc
zEE)J~-Z9!_UeaP$68k<wO9BR}A|s50Ddl7cS7+Fh`R^ga5JQj&o34vSQ^yhV^)Bg)
z?ZyiWM?rNPT_$qMBk6+yHOm#D@6h~&7X6=gcm1+1etxSbM^-ZHj{ZTYUhZ*ys}9<(
z3T><9^_Xn@uglQ5mmB>0AgQ7`t4|5R{=OPH>oL3y6h&Yk@AJJPN$GLY41iu)B>{8J
zC>AHJu@X;ooN-V)%uN;jZUiHvJL6tLN0>#8SCt|;T?Mb5ltqfp19uFq`X#}TN#J&J
zHvhh5Q6J616zGTa`*Ydx6(zY)iEK!IK1X-sUf6cN_w0UoZBZZzl(|MZoi$_FFh8#P
z8*ZgP#z3GiS&#1+f%Jlgp7>0GWUfDsbS42sXO+jh?Xk2fbG@Uc4)$`B)T6%*i7~B$
zLkwbWR#PbA1m(UaQayf}wX9WFH1-T8(to%AwfeUsyrYJD1P7m%-`ST$-hg*~`3;}p
z4=47=bS<-PNYI)sZ0%;98BMzp7KrNa>uUz}NWP8>=o4^~@-s?*f!){VkW5nk_1(Wa
zUtx4+uuIM;IWuVnJ%+&vhCw*a!w{S#ILpnn!N@IvhyB^FTjVFxPwGbn#GU<o)K>V%
zzT%y5q&y`BseBAs0&m0p^G|ZJ$>Y{+i^Kij>({KAWZLW*TY6lP77@}a2JMDrE@@#k
zmj)LYpc-zI?_^AG^{2@UP{VA<O`Ac@t1g$fO<QiKGP$(PKR#*G0P0-of~vB;^gp|}
z9slq5y9Icy_5oQ6+glmRZGzhoBd#Ad<nGQxdIRmHf}Xe(GjOAEV^}z04`<M|20+(9
z6GyVG$`^DV<31GB=g?M^uXzpTY3kN!F464a`3h_cjY}I>$4c(b^pxPKwHhyedOsZ%
zr>d~p7Jv5oYh#+irjQ0cH-T&#`;)vv^ix)yyOkB6YWbKgAKHucVR=*`5(2w_@_{c!
z_4D*?1YQrH6W;X{3$fpGkBE_Fc}n{1d_}LVUtnT@E<m!itv}BBQN9;4vM1!aeAejw
z^4cR(pTXh|EES44fAEIs+H*~V5j{gY_Oc;9gH0z!Zc^*q>9xxg?awz3b-#Q<Z2G${
z_Uvk)BEZEV@O-#N2e}+_JM7koS!J0$fgMwCxAC%02Mr@@*E&kj&c9(M2@~)fb_?1L
zFD)wHO%oZuv+({AMWY*4PD33DCEJVrtynsEH>B`pEu2>QS2_?4>v~n@A@2UxABA#!
z*oX|-eOM74u4H9aC3P~h2V3_C8taq?em_6R$~8VQO>^h1tUv9K`t<Nd5!<g2wUZCB
z9zf<kXT2k_5SLE;9#Eg{HcWWlxUXtXjlw!VXKjA;@Fiwl&IFZAevX35iF4!Q$9Ou)
zv*MqTc?Oqynpc)0%Aq8s(93{Q1!-$DegK7)*?RlhraSY2g&~_+SKXS>Is^@EE_ArW
zC-?O36!mb$5Q%_YhD#ThkQv01k+J_H`$*yLO__xz*1?l&FCVnt<=Mk|$eJc%kwhbM
z!L)MrTIvXA4A=b^h91FXj*2Fe3NbWJx#XP5G4O_j*j44`TYdQaXz6lO{VpAsso$@!
zXipLUT2iMr5D0twuok;utE+(Frsp{Hu-XhEaNxx8qOZA*ljb3UazcMB$syP;F-zv3
zT+biu2d{@X$1N;$WgGByenl$%Z`q{Z>bS<W94mDE8==N4^6pubU8@-m>{u%0jv&z_
z#f*+Yt5&CRBByQ?YRk?P&i*{dlQc#n{4qylBA>vKy3H~@uLE<Ajg5LDlP5ouQ%Kl(
zB54v^l*WmV(+SIBhU0URMUS;L_yU0fSfSxjI>Eaj3si3NV#~?EXWpua*Rq5<h(D`9
zdp_S<MTFJ`n4B}}sZJk|<KB6GCYG%uR=p_eovoQG<FyR7=3E6-IR99bR`S;oJMe!!
zK~rT!m8=C)Phtqt34TER6Aavr5{7*mH1~3>sblQBD;etBfZN?X^mJ6%G<T6X2cR)=
zE&ls&K$5ZgztWoQmGL*!Y{W4}38UCOggutBkUjxAeacN<?PdmEow(*=ohswgwn>`L
z8`PE`KKD*cHt<6Wpn|Pvb*39bNDZ^g+Sc(pVT{R~iI43`FFCYhRwsc}UnEA`9FMGO
z8`z8+Dg5SrEt-u@8yk%|t>#C0e%&3PbSS)b9O^t!15dFX-_69nxc`_IBSPMdGp!|y
zf}gHV%>L4>IikHI`DJgY%+WcMU8Z+e=;&64jKg26YT(ly&*oPi0?E9jq`FwwXJwT;
z@>g!-%n#`zLyFUjy~qdsT;uol#bquU_}Y<jNC%NOBKLUP%a9PG$Nj?1AyzrSBCq?K
zyq`s6cZF8#_@QnzfAhF}U9I26BDKKJWFl*+BEI>fqo%4&HgxO!FJDEFxPCf$Z);wK
z6nJccUP2a@&G2T6M&^TQsoaBIAblYNgwmhJ;x5Y;7O32*@NK_1C5~777xowJ___H;
z8*yjjS@XF;oU33-+xbvYI)8I-(D)~C;3B9!!-TzdyDg|KW3KbOUD6vY5Y!K6ssDi1
zriyQ<P2o;9DdES&M%*HTO~U?fY!Gp=E4dmSyqG!I?lxA7+UZTL$CvzSOZq;tCTb|`
z_)l#T-f(%%&kL?MgU+$I=ohiEY;d`ar}=^H!+l}5ZtGV&_~^Vbo?P~g=}bR6pA?8j
zFSp>o)x*{wSMMZJ#c6dR);-q~5r)}PexYQSl|A#@7e-BYq*)$Gi6-yj{?!p_dpe*0
zYK(hr`%tyt8)B~EU>X#8O(HHoGb{oO8Yty2^RO(qq%^7gG8}d_QL-Ycb>KL(7Bi1C
zHjsMS#L+Vx{Hf#jafn&}$fp7|a1P_W4+y6I%ed=WcS>aMuf$bUmBE!EtEbmp0DgEm
zh4R$N%L-b0;zW3HZg=O1KP^|`V`Sbi2o7rS?nlk7vz>9_UBR|cZiRb&-ej73?dN|8
zXt+KqQK=t=*skkJ7h1=Cg@c2{fq;b@jml<}zpHgd5i;(i9mv-Dncwoy49R8<X>6(z
z?L>1MYiCuT^Z<n8x21lV_k5sf=EH{J12q4=$ef!B4hI?cK6qObg!Q4$NA%4-{P*;0
z{;*JchEWA@3OLo*Hg#6uG-kX0!32}+)yDr4w$*1H&X=dp-b?4dpB-mDUjHw#4}3O^
zQNBk&`n->Tkxvgh$cu;+1|6QWyhJjhC=i~5Ce_$#gvtBJ5K`tmb*A(=by`B!aQR31
z^n<^h>DSfK19VRt;tSjvc>1RgDbWXiXrzIJB)AIL4}(i-0D>C>v&TmP!Xw=#NxA-a
zZ+jrLv@eS-uaVUE$vTGb!&;vQqxG#tu^F~+iI~FW?<<CkTuX3u=5xT$I>~Gi6!hIU
zWLAym0@kTJdTF5mRzFf5J}1BJF?&Lz6hYcz%NZi+f>*)%0zoNe`vk{3$lMlEM`a>5
ztitWZhyu}_?WVgov$~WD@n4^Lk8)D179^<2{q0ambAD@&Z0-7b$0Cyh?{j32-({xm
zbU~7eCakHQE6ecBV$%?9kP;DFn!oUTHQ#H-4N*SBF6D%5W7ejQS>%$ez?@mSq}6&l
zsd&@i{Zvb^VAyPZJ;cFdfjzj^b<SG*GXM~m7BaiVP%+yc#2lcJ6n9Py+?t1g-9Z8~
z1-0)~9AsoP>b`u5M#HHCH2J6~(yp~I5_Nf2885(Hi5C01ePe<3DuwTS1NxCYCWQ{z
z7d<#}IJ#<mlv<$9s#=NFtU}J@LQ}Zivp_??;z_o^rnYY^DaPlIX3A=zLVBWAhZNMR
z5U94OLoKM2*B_)PB}AmSaOBcAmcQ87m*0<rO^?M|Ur#1yrTlhOg)&3U4NjX24jDWJ
zLWcN83tJhIKrVVinpxz}K980e@E^VuxZIf-Q|v}Fyw{0IcU=hH3jn~pTwrapJ`d{Q
z-v)VZTXmlUZTg!9G4(3k_N~6JfpsVIb?2;>3kSpC1hAbqFDmibzSo#q30SRv5?Sw3
zGg4KfP&JX2uIlrN@Gl#ZyX!h6W&gj}d+Vq;f?#iSaY=9q5;Q=7;O=gVySqC9f=eL5
z-QC??65I(MAh>J@!DWF37FZx}lY8$w-*>-z&U@$m{p#$Q-l?vcp6Q;Ms_IkyD-=Y3
z;fe#*G<(TX4J1l_ug(uMuXHa5yYnGWOKc_w+%2zTm~dru4Dcp3tDUqp+G1dy$G<X4
zDcrgCcWa#SNuoR~<souI77EPt_qiGz^5!m_ew{FG)svH4SSQrhIzO`0oAQ(hMb3A<
zGNAb=oalhxUso`P=H^a0`}Tw@UU+-DjLrPt>(JfZ1y6rO6ZF>~-ujDy)z=MwZO)6}
z>7mR_pgy)f&Nd&W`vqoJRegNe9<FfwwCUX&U8jK@IQ}^X=?s){vEQnZm(P!M6av_?
zN*n@<{cn-v-bPqtel)CF$*xm#9WJ%Pt1>V{A*uUJlZMAL9xVcyRO~IFON^Z($lW^L
zHht=BcE3-etG^Fa?XrsdB**tGOC8<Br&RmiRokW=MK_~S&wplL^Q@FF!z$k_kw{y0
z{rV<t$=@CO`~KQ=BFEI2jVjH`>-{3Y3jp93G7Tq+CNi6*#F#b>Wlk1PRXqFwi}<=5
z$%%S7+(Thw<Y`$;U(#mD7vI<@7Dz&_-TkAIV|sNz&&Jem)~gGWzhHb|BC{xMqb8KJ
zf1-{s@^Ue6-_7WUK$=EJ-CKD*K?{K)k^$C^oAT8>AExLZQ~rxu-oK0r2_>nsVtdAn
z;)uU9zHa+WFI)CWbGQY)xo&8~UYbmjSxR|eKB`*LvE53psTe=!RxiF&;}!iEY{Z=Q
z6nrzQ_oensqj<>FRjx}K2^l}AKgaLlY-RrBDtV@U(}BfJVpB%$t2JUMH^!zBMiw2$
zCGl;9RxO1@Cx&R~ckZ&cXZV}C@Yf7{BxxPa4=XHjJWf)yTJ1?c_?pP6P&arDNbstN
zn?KXi&?f6^{a}KfQNQ@v-mVkeUX$J2*3Ai2)v3iID!0mNFM6rmRkJUfZ`cMPnekey
zd{Wzaepb5Z4<5ez7(g!6BN$kSgY``E#~XG>zSY%`UXux=$20km`C-ik6riW>pv)I5
z%K>1nS^^ae&q5x+x@R3dH!%i;n=Oh1?;<o8s4f})m~HTehTz5B|Nc@l`{mcl%=_!l
zbER{!K_4D;^b*>MWHW6_*0P*mz=3oGg@mB6VvxYc>bciG(1&YwTi8lLkO(jpbwQC9
z2vo?f)val-UxxVuUfNeR+^?2ZdutlTwWfVPs?o+AF(-=bP!plCkY5e3o@x208W8#$
zoeD$?ThR{=y~~c*A&b!|)iX*mv~6z!Am4AS9PIi9_Sv1AesmSzb~Bo@nJZAa&yzll
z8bn5OGBN@e`m@!AAl6kI?HV2#H|@=@c-wCAHR!lzg<DcI!)zh+c=#3<K~Ff9LEbkE
zP}QDRIf_4a6M#hUN3^AYmT0MXmzssYeu_&+B6I}`w)p-SX(sYvc-F5QbkiCz+uLt)
zf1QjMCP#;Z{LBpx%|l63tIugSoSd>LoT}~aj0g*>oifUV)<0>n>#WfCJue=ZBOIhQ
zhMsP?Xx7vbYZ%$jrmyHOO&&QqCOGGib=PVh0@ymbI!`X|?;ga1-DW$_z$cLL#*cc5
z1$~bJ_gttE6B6XkIVZZHfbFfGT9zf->;XUvQx3EXVrUo}VOZF+JRg%HC}m{M7sv3s
z5A8$Y^gHpz6a>48S~VIvmOpAZhkt^GXN1HPqgV|3m|CWnYii|=XY>JRqTwfV<8z4_
zAgCPdKyNX#G&^8>TP+q}vS-SR>756!VW#7z0AhWAVf#;jRdnQT_sI46wm)Rq<l7g%
z&4|6w&j=P6F4BC2<|V??9J)V@BQ4Q}og2Ak+8*CRa0Y(@d;qYe<HBvK<h^$`Y4tAZ
zOLeDhtW0s`%K&_tt=IjbR`Q`lYOt%d=i56I`CqN?arzPJ+dI9wgC;-B0#M&6zA`!P
znzi=w`kFzpRgr1&`Z`zoaki6A?6i~|Fg-y+PHNL~tDqVza({OJNR)uW<kC_9LYK4N
zLARXs@AyS}!g`;2!Qx%~ov`<%)5u_<Il)7F%%)`gx0n8Z1;QP0)e0u_Gp1@zYR>9C
z_Vb+VUhRS-cg4=kT-^H9YSlUlzTtaOlfo_va}75LOKSBEoLvl$>Ydv)sOf9<oeZ+y
z8+L>sB+nI&-Q8a=-{188aezX%TZOvMdU0lhc<>^RNTNn*uWoW?1mI$Ig`%AW{MzZE
zIwt^8lGZUb<j4!7w+R&Aq$4j+aeMP0eQBJGWaO%q6xUJyI$DwaUyeagSmUu8)dLUJ
zuil&9M*wu?6oAAD5}k2vIIrJw0U5O-&5^zCK-Kq9fG<t}ctcl>)e2=iaFScH7-@6D
z<(?SDX{B0H?28DrbXOcu9)Bj!MG>P~N=%r462jVdn1}#l?bHu8ZFDScH0@gqS~fq1
zTcU<ZY?xrLTiJXXfM<lDCFPX;lw$MABPrD{mp|%tTUH)0uSLrwd%CvAO8G;#;LN^j
zf-0a5nHgK{Q_?DvhrGp|S-35~J?5I^$nUQ6E&dm2v_EI26_}!45YFs`=T*`%cxEY(
zM_nFp`%3aLDef6!N*JJQj?+wDuw??XnUd2|_H*eNuCUK2N|6a)E}XBTzUEhTXZwjC
zjjFsWB|OdbdwN%D^OaMkkPYDpJgwwJ9+2G2rQO?PWOFN@WWHUfgGVzNKP`Q(3G*98
z@O|0pYau2ya7alY&VX8lz1bIyO0}irxvIY7(oi}I&pGAW1EhX-H&Ghi6tsfWh{VkC
z=kf#N6a&?_v3jBWklL$9eqkusJJF@Xyt5bQY|dx(4@#oMBaj#QxH$OqkSA43gZbio
zCX3mzDpH=O_sH~SYI=IAth?^EimjC3A_xUMkWR_^^w7BOV?4KZlt5W9!4N#gQ19ar
zAP;U3R3V)T1lO&3vc=WSiJAI>TaznCnzw=GjqL9yNEgZ1hM-cfssc(N4-7<0mtZ_a
zTVu+%Gb-P6X4ls7p(!uA69v@0!FCA=37PpDe)-u>dhSIUJ}ZB%gk^a4#aBT=fB(X>
zKmIr7gzGuj2O(SS)CmqtRcb2+JBrFmEd41z4$hPsB@+oTs3rEtzS{{%e24idm|+!{
zaplYY%hh;a5t6}DfB#-+&1`sN^GOQbdT(|+(T%gR0F7x+qEdVD!Hyf1lo>wQf~~^n
z!2ZJY3alp<u#Xdn3-buzPCMkU8ril=q3k=#-<zTv$}*7LgrEgBK~?Q<z6hC2G}0z0
zTP6fcJnig+hRq;g3*3DF&j0Qp^#B^MycEbISbFj*sb}Zu!a5TV_c<!6u!JG_F3cQ>
zNx}O*V_%t*puJ6b^XlBh2cz3Ble6?YE`fA0L)4GD9$u3{#rGi&O$p1N81-CQmUQrT
zzIfqqg?q}|f6JeEvCmf|hLwo(a+;+UYr`eA1bJ0Qpr+cVGg0I+JrHh})^2Z5Pi^<c
zYT-D}<Bdvv@=%@5_lJ}u*lct$6n!}KZ`g{f9o?un@p<n_D8nb+`VtTS<-Dp+Ix%hZ
za7!cwYH?3}MUA5BdxIRKMTsD68^Rumo|qfHOC)5~F2>j0oMT`2Sv#HF3AIvwsOx&c
zGZpEqejxEUB9|pJ{dFF7SWubmpQB1Sx;WMzaLIRUe7!f>rK?ikqNb%ksv|LV;%aVP
zQ<MKriYD4KW9dylF2;Z^Q5fI)YXpE)iaa>i@HkFEo0U3-?$HT@?*+1A{|e?rSjx7k
zp&e?dEXeHd3aGznI8AP#f4wg_!s>rxy6SmooSc?3F|6mG09~wNWl!Mwz5HC(q8Sjt
zT4Alsim|Z?AwMz*+B}YuUa2aNo(FtCe&zE<FTQ}li^8{bvx>#I0@oq#`)-CzPBWcq
z$C-yjgvW8tIUD_!>*kkvt(P^mmDE0?vRBKZVlUG7Fa$oQhX#vY%R~@5r`8(Mr6j3q
zzc5Q-#m5yX%s`V=H6q&3kR@LD-t|i$-+0cW$$hWYh484xy>+~<xW|*7jaj7POMI<B
z?^+Bu*(E1-XQkit)cHmxC9kY!w~#bmjaFXC?Y>64X(J_F3a;UR&9c6VV|YRvYEgo;
zQYezXwWbxbKxiU~6gvvHQ*LCyd`M^pu}m0CA%k^jQ?cD%FmH?nQQNa@COUn)0}(yO
zCk}<ExzDVE`q^2W5<`s$lBBrRa*gvbD--%|$W%+l%7anDIMc?VT*0WwoG6?flGG_K
zDvYJha-=j7F9^rO$<jGPZ-P4>luKr;2uW-5tIiDHHMg;<sskL`Z=fJ?;SDl&mc^v!
zkDcO8Zo&MwREdpn^ti}7Uq?nl049QREcZc&i(&g4%QQmFF+FIoch3{FP_!LZxi|U9
zeO!Gvm3RN5I?y!e86KzFKkHz^LS4_*^u>A=kfL^`68{two;R6j(+X;}{zJ6`$Gj3B
zO8f?>!Bhq}oH%Zo7&)1Il>yQ)>XfSV*Mhb9R|u}(%Df;%P8DyB6Q)ag2;RQ9$8310
z$d0pQQeJansX#&SZZ4(O24J=Z`Q`YCK_N(y6<)A8Hzx4qEJ&>^=`koG*3v@vO9+Y*
z;oeE7lVb^&25CoCeI*3a{&czW?z}8cG>&obFog=#3o4@0d#AXtynwy@RolZ5fCg&p
z*Sg()ItSkzke@qs^7nt9xDZPPPyIF4T9!(?_D;z7*6)2PKtC3?yUT<696Y6iHQjDR
zG2RLUidK&Fd$G2(JGa@^y92XZisf1cRx#+{@5gvB)!N6=KWjUaf8s&Ar%yArV4Q$E
z?5#EEjgvMt;2q&-Cy3K%6Scm~B5j!hatZnnkel#Z5g<;=<?(*wH)#2Bq5Ed0_d}n)
z1r7!V40ZtCdyYwW!Ay6qFV^nBWR?48Ox|z12`z$+dycO^vNsC#QWg00Pv3cNT|7vA
z)XIQMEUY<x-`0Caz}sw4Au2Aguw2ut{uPRyMb%%Vgx$NZ3SGnCp(_YD9j-Bf-M>K}
zW3bE$`GlNZOri<ERBJ4p>o*ne>pyrD*LQk;BGF0}lu!0{>%0*W{eu&I_X&tj+Ju0A
zUtj)F_qL(1{wlf9NJJVO7AE`{_>6~4Qbi4fn;Xm@OM9Qu#801zYNo%#+JgrpJ8YkH
zbQy<#1D*g6p{b=MNk7is-qzHsv~C&p1@|ZR&lLppS72a#LdPhRKmp%xnO1%Up={4T
zKgF5+`KqV1WP<@d0sq9MMuI*nP$MGJKQ_PaB3a&Faq|NWTRas8+mk;1{2kep)PnXC
zeBZx#r=bx`s4c0Z>o+PUdF7X5`*{7admAJcFg5%2DFe2WCl*iu<35xq?5nAX`2ua2
z(4J3Wj7#C9Bht}iENa%L%6gyl{1kcNR-7`^qAQ)R?}M&3LPPVmhSF!*&xm8@w|5*r
z!}(kORJz^h&j@6MCC22KsYIppDpSLG9z?_ZdQ8zy6@$EMpFQ@;hdr}>U%DP!73Y=j
zO&5`>%yM{dQR=-ywD>$TZqCG?b6$t=yJw(dJ}mRYkRql)?#sR3%42&CCP|#8uB=}L
zB8g%cM^R#FX&MFAij13xkvCZ~cm`wetgwVMnh0?l4~cLkNlJq9zOjrDGiRoa5`E%&
z-|Aj$>y-9uN|2ka=S$w^bj0P>wh~X)pjG9|q%ksAYa%vJfuG&kW5iO?3B#U_Ilo)V
zYtd|C^_VtI-U#i?o2)Z-vc67h>ZnW8Zpq*z6^|kpkkF>Zvydv}!1yo?hD|+z**T`!
z`Bi-Veuq!5bq@9#^xae=*b8q#K|!}c7gT=nHfnbkUo&13jzMs_`*GB7F!shTxAgm+
zYU9DY;qspptM=FfV(VkB{g**(;1A3<X5vx$WbayEfI<B%A{|=b#ll1H>)X<-_g%V|
zvbuq+U`+P;<d53R<E4vW0b#Sa9uRqR+c%T@ql!%AUT&H-{)Rn@d>)b6+MFW@h+ch{
zKQg!?e=eHVX?1NH#<dlcvSAv$?i%cu<L}vhb>^*%EGv$*z5Lb8*L5G!%dpG%EB#0_
z(F<CN`S@il^q&;&OVY^4jm)1FW9M^gGwNlEqxA~{xb%b@V7=uws?UpS1-)wx{>R$~
zxjzS(tIpBMUDyM*PyJ@6INT@)kEhEuI<e2;m^IEdzZ0nWJ%sYd=uKwOJW^$UEm!60
z=t{Nr>Q`mzwDh~Si!MaqK`zB;0#>1eVZ#=@xoDlWwnF(ZH`|~fVV$IQk9fyQ?fwsQ
z0cE!iYwYo1X@fX3`1ei5Bm|*cUS}eAEaPI`(b*b0CY`^a{7rLCNPwEZtB<?8djRG{
z+J6<Yk59-;#F~V^Gd$<;jM_RHTU!&XTifR^*~#nV$XtmAfMNmH6gyjrHxt)ydLpR4
z%#XkR@q@e8zkKZw{UuU^zybGg)5QrVmh_b5d0h`0YT#HHW@qo3A1pUuba-b64LhIT
zH7^rqt?A8*&Z~_f$SY}g1%^3If7;<$N-&mIS#a29KK6=e#v{Mz&L@McNWT}`Q&<J9
zb=&t_hBs7_%A;S-y+w>tUqJd!%qr4K7iR5zGFvFNSxJ!<=LI(^Sbc~{ukTywVhaQI
zg^wb)J*E>U;$iCp0Z136_&mmLYcvO@0mqf_0JWgCHM}?yAT8h%iev4CdQGuZMtezj
z_v{(U`Es!w@;Ca>S`#rrPmWYcn!^Z8Uw2c~Bsr<iktGJlMP8%VJIx5_WE_Xqp#kKj
zVI0bY>N1>{ofwU9xK&l=TD}d(CJysW{zUBa1HD`>Hs8EW2A%TSfcvv)xUTURli<<O
zYng9PZ(07)XfsMQ_j1a++mm&kap`N0>t2Nk*||VGU-nn;hL&t6VC|Pi|B}oCi09JQ
zw8iJl;ecELuk!84vHe$uj~fGtfsY-80u6c5v2nG$*UNh__LZcf6t<GwudCa$eWv?&
zf1kI%1O||x=urH%$hY7**Z=oX_fSe%S`$H1^6>6X+3Wcg-(8>8ecIjhBa8F{-*zoK
zIOtCH;dfH-QvpbPCUb(>e`?nGBRddAWxKloJ_jvA4}s;+z0hD;D_}&wTpDNi<!B?3
z_tNi9R>$_N)fk!V_YlFDpHm;2zV%1clPuG7BWO@L7FNmAbN@m%!|UqOZ9yT|+6@g<
zE{k+=tyQAVFeJ=`s1hzIb6J-VDYcC;@d8Fvq>9pUkHxYtGpXMY+2#0Ia8_b|`FvN$
z!sRwmosx0Lek%SZWQT5njD~nDuuef6GgQ$2qn3I-K1qFEB-`0fDe1oL#5y_V7#2cQ
zO${sc9Aqw%6vY%K6deN;!p%$&_SZsocG2S-e}3*@w3$<Ae<;QUbr6bd40BaYHX&C1
z`AmNcXl&)OvA>`{DA@6lG=}C=65>60rQfIVAhWR=dN4j)DAGsaM$kw4^9+3Zq@(kR
znX!kDQ22Mn!B3jxI5j5GNu0JiA#ecn@{Mu}axy(9H4;1bT;!bCGdTD)7z-o}&JPq*
ztEs6e8j-QWDbN?W56vM@#n!Yae|v67<$zreIf0nDgoROOX#?<qZ*-r_(Vp>6WSJ+Q
zy)k(UsBnfy(lyLSbYf`^X02Py@)PEo1l}vta(Qh?szh<OV91o`L8<YBe?Ni2iRqVB
zV-?YI^Qc3Tj*RO(0DQwfpMIfB(8uwk-DUO(NMB;0k7*zV&Vs}*^im=nKsdS4rFd$$
z$$D%s9Hb@p>c+nn9!Go9Hfd%y)i36>E|X=6SyP!G0NU*@*rVz-3!3h>(-VPMTu@Ve
z1W1tUT$<Fo)t4_nfP_7gV2V+1ASGyq6wXM}eXSG1B%EXf)bS|PSbl+z(5rKBEqEIW
z7KQ*TXFb`C3Adlow$bZ!bS$fya70>n87K_mTm&OG<L@~#tC!8J54W2{FHvb<YDmV^
zl$cuId-g~51#O>u)WK%+MIimym3)1v!8KJeb^0Gtm(f3Y1L?zs#MHkEYQd9%|9Kh5
zi3wCrQp8Wz*4ELnXgvT%uWS-*ch;`x%_WGzpXi_<w`GT74kQ|RP(v+vD{98#_ds}L
z9r?Gxfpcj9z2MU2eNC<2@+x@in=B_iA!eP3DD+_d43;T;B7DMs<k|N`^Fyqrs;W-^
z?Icy4bUz=Jn8A<KbsTRJjxk1BI?F&|lb0vcoLDOvS9Y(BvpaoT?7>(AzUNzrWbV63
zy8=k~4w0lK!>(Vh5;?j}J?!}N{PJ3Dx#lgEg4?Q`sK^Q@4CCw2HE4_V8}Q^u1Qpn7
z5!w`@sTk_eWi^=Na{Y2n1S57B;v$N4k#alv6ohB#`T4VO_XWc^HI1hYcqoneGm}xG
z7o2dP7|WiJ`R4JOI4`gbg4^DqcYlGHYO)%CA?ltU^_$ri0U{t>Q*$A_J-9&>RF0cV
z`@p27I;k~`ZOYWesr9Z$Phuq_Qc!_}&L`{q7~&xni9Vt)ql7q0?t&dPF?OKgKHKWm
zu)pD2o+e3Hmr;*f8o3oVej9jovtqpJ5X-*NOE?|Su1Y?eq3s_9oo_H7s)%w!`qf)-
za<0tfHg|MX7m&yvbb%!J=S!8kqk=M0p{=3X0kIc%5NvH^{MAmu3B=o<@Pl7E>ABC^
z5u|$dB;3o(>vx38$o9xX2XWv-`MF#y|GT6o`W<0?CC%2>dBKpAWWCi5kB-sE+?Gbw
zzG&ek?bFOW<m0n%`7s)XyiVrlFRy)n{8E@WPW0&W8)}rAjsPpME`+O?^7IzC?XPFb
z^KJg#cSV@+&DwgED(Z)RVsRpxQQ`R+m@nvL5NEwyofVF0MLRI{+5OhmC(~672SG>j
z-`95);U{yI@IR#s5JAyF`=@iw(cmD7=jT9Hctqi?FBgSOe+l7;jPf|h;+P@1l<Z9~
zEMDBN_yW4=TgN(5K*-}GCwL$2;|T;S8-ZPEazbDF@b$c*Y_Scin0eDYM;dGi6f=6a
zd9Yrg2N^!|PDEMZ9Cd<r(6DT`4q(|Ki`>Abh(!?duXnrqG?RtvWNcuIo_hu_RvnkX
z0esMPf66R0y5m=UIP)sFUW=D2Q>|)ogsOdhSD*p}+MJ+0w>bL9$Q?OYVPX7kKksJN
zye*kwdv^N8tn%CG@}AK<58JCwbPqyv3l3yVeZh>)Yp82>_WXnp?x8HnFlM|jUy=fy
z1qT~8z}LdkLE+I9TJz&)l;<mKawIt!AX}py0+OupXeHvW5{C#3Meip*m}g&WLmw<J
z_&<6HuFXyX7ev|=|N1k860zp<zwT^88qiVq@o|NEES=`<KQ6i`HSDj?yw;@ZRjvZ7
zo~^=DS&8m+W|s%K@2&;EM0V9a$QvEU($ko!ta6W}Ad&BBBLhy?imZaj7k5(kC(R>D
zSu=dJkOWJqWssTf^6W<nj~;qU(W9u7Wq+|b5r*T^DG(@*uv`r$)2r=|doWaGQDnFU
zg%77>Ue1`i3|E(F{4kUxT>D5EZu{ASb~23^^$kx9QJf;9GHxrf07q(E(&dU&NfZfB
z#91hA(U86sN&~%nZf=+PqW^H-R92=ZQZkzhM}!320yTR#Ae*d=MF$9_8ajtgJE*z8
z7wS)Y-h-4H+PdvrJd<HiBhz<6);9ugyqw&GuByTNm%Ur-pnkDGPCwF+a1n1VkH+Uf
zefixxpuj+IY2U+1omou{Gwr}G64drQHA!lOl!Pwd0vd(cY~E^Vg-FU5#V0`${N@q5
z{$~PBYbW(d^jY(RXU7I8glZT(5Qk0=u*7dvy4rHQTTDfC(>EWDKFA7=n2pO!V~PC1
z=y?x2xW9rt_FL01;&DqLiVCYd`7c5v-d}gRo%>CJ1%m<4I{LM_To1!wwrsItlb(bG
zuG9PW#`2DpZqDSe7)AvYEhM;RoSysI{}n9a0*0y@om6&~?jW7XAw<Z?>eValxxHG6
zoxEyH=@+~0={{&I>^ub+NXY_HB<7u-U@)Bhk2+h8s+^;suOuR9<98`_+IYIE<vr5T
zSf3=t7Mzd*AMRITU3xdb90pnOxWEcInbEL$1pt|q$fMx07O&@l*nu=OKOj;Twvu}=
z{7w1<kC>AV0VUO}#zF76S8?$h0Pd^wz!yDkUW?*sXyEFo!@YW?=R{aP18oo0PPR7^
zY#VB)oDocVfgUHz4|aLjtUV~`3H0iR<6I6La=f(n_PGrJMSf$BiIX)SiA9O2X?POr
zcRdfdJlr^&3vgHodN2HS=D^UXz|${n9`c?01W!jBk2)yeHff>>(A#v!!95FO4}L9U
zg=ayX1oxyr){q``?|pQW%!(0ys`L3N2E9PmX#b`2n6?tH3*8MgQwom$E<FQ-iYA2_
zycB&sps{VmV^q{?$JI(*)I5W&XIsSWm)(^&oCV>!va#NG$aZ&n=c7NfHkA2(dI_^B
zDw+Cq;ahy2B3W;aT2$Q;yajaUOlccV$!cBekWbHdGQWuo9C#vFc>@nCh?E&JwMzJ3
zn{Obr8KShOLWh#k@6Adjo1C#0Wf*t{JF#D6F-#E9bEhq`XtKTE)?(c%{}ld_1}hW;
zEA<G;neaz^6@ezOd)AcP)zb%c$DqYca5w`@$D?3egw2s{DUs)jzZ;f*!M4G^OkiJf
zyePo$YCPj@Q-;-vkH7VmH+jQ#%Mr|KZ^h4=z*nzZYv9mwR{d#4tG!jyskybG`?Jb&
z#x9q|)~0PbQ~sinYdX1PEqPV@)(Ywiv$kdid?iQ{(g9LA1F^mrN~8{rP>X_AKh42;
zi5>rDMWe{}{gg=1C>5U^vXIIl_b1w(yFl?vT!8dd>@`Na@R4BR!+s(7JoRI#(Gk|$
z*4~v%s&2BUqk_yUBQA<;$#)>FMlB=JD~fw|P|~H5Q_W$IqltW;85dSs>QRX|S8Sus
z><y@qHc*_+uRoPLLq{*^TkCZmpTWvvVn5yrrLmcgQq9(cK|wX<N%VMlM@uSOQh~LP
zXKh04EO)K0-@5=Me#?B`kA%#v+~}u$h8!M`a)mg0u#X1(gQ#@pB!@cUKlp$C@uH%6
z<Ao4;S_^SDb<Ie^aCH&<b;Hti_OVkb7)gQUVE>mx!Mm%c(N7>*Ls~l<f3Bd|UNGqZ
z-$qTvEHy%3@XdPm_FTYrBJ19e0+%BLSNBH8LVo=zVqxb>IO@^3h^c5dT1nUQp)WK}
z+$n{9>q;5+Vo7?6&#vvgMSu0<Jlz3!3+;rX2lcmo-c`IqcBYRD4Enw!m5vSj)H3*D
zdU6T5ht|nFHj4X_Hi@F=+VGZDJ-}tj_F<oP^NE$BL9<Z|>zoC%2I=3|zwHHLO~^l2
z=L~V6rszL3tV9!Y74|uNlIt9YZS(WhX{MY0%cpa4w=IysWHAlMrH>%r5Mz4w>uf!b
zaB300Br<>mh>PwyeF-w&QXiAvy?Q^4QGJjpSP-z{xs*UKW&3ggD0*<R={qiP3|6!3
z8;HQd?~GJ)-vz%-wDK3B10lZ$4hPe%MzS%~G$CL!JnH2Icu3DDu72-HUt*-r!|Ar!
z&ptK7ic|yH4Hx*DT+hds_D+bu>aCpgX~=2xTH*gto4xy*Y_@v&z#3X~w#Y|u`B`g5
zNp+ct($kFAEU-C5dd_%&In`Y7!~;i!z-L<0tz#)MQfT%Ol6JzbG~U-k-j^yHM$DN+
zQJ*_woY&Q9oeU)MQc@Fa7U8PQJK-0Q=eF$5+9uqsTVu^di*rui5X^1*DLhl{RiC!y
z>6vaa(!%~S>}bz9mzJ@JAZ7?CV6JHQ!C_Dt=_RAH1mow9a2Jl0q$~u<FGllaWpty~
z#|hGiBqa3=3Nk5q99aZD>8)6ZbX{$9l}evkcxGP4aX1R@brEG_WOFkSTerUHP-^vW
z*;Jts!Ur;7&{47?;D+1UsB(yKWLTf<PI*>xTgwsToe0fFNvGG>*V@;px0XHgzkYhH
z7*&m}`6(o2p^Wat!-xWF!7w}$$vuX;keRTg7`@^L)AVc(@yS47E62cMOZkr@3xi}e
z%RQ+ucGI!3F`Fy*&TPuQYq72O+kFoi5F|5V6dgDy0G!rQ;J|DDY%uRoa~*Yxf6O9%
zB5gFdA;I77#Ax8xi(Dgz*UjC_Y-8h76MkB$6Htv4(h?BqHAe&i$-iyw_9}bdi;hhB
ze2eMX-3mRSkC0*C^$Tu)Hsxkii4t5ho6Tq%L%vDcuEO7YN39)F7W<Yz#iwdtrL@O*
za$~moKzb}gv{jQJ3b~r$V*7fLr9t2ulhJ3EH@t5J?D!*<>1uKv(8{Jm+FwPpc`Oq1
zrSNAW;r<d{uzukQXq%pz+&1o}nRPw&;cWjJmOF(l(ng~mE`@4*z@29?y?>OmYT1>P
z4v3|T8d5NDek*AFb&@<c$&}+41DIjRlyrF@Z;$OJ)qgXBBQ<%)6R~&<4d20WL~>@x
z4ck~fJ3}fXzEaRLtxDP45nG*JS`M|Tc6x$84=kIV29LN}@brIZVbKIKWoM8|hP8we
z(SE9_Njd>nQucrwx&1{?+*W3d{2SLh`*Vuv6admZ?H_}15)`aIqr>=-k{Qu`sD6kJ
zoE`@SnX!}KMyE(~Wb*(-{GgdHV0lB&@Cdxf(=VEjw}pu4(c;X-w8N|zW~0Hi_Xmv~
zefyoDhDJ~$e}BLg4M$iq0|0}n!p^Ep!0ux1>RG8vk!uJhJ?{gL$XD0V!6Q<ENiR;l
z6jP$Yun@<7fGj_)Z@48Ea$^#bAoLfC7gB`_S#hZT!LqwgC|%HtUE8?Bcm&dY!jnZR
z7FBDyilC_zg|MMM!9clg{iN~Cq#AH6*Fo#B6yRM7#)B7v@2hOscJfD;QGcXZf5}}?
zfBzI{uQ5fA8rg!YajT!69vEe0r%GuNDkh_4LGxX5mB{~|3m%*TVE>rA0!~a!oC^;2
zIorH>SCM&=(|SP)Z#zYjE*Tn%izH&+1nE*aPJ*F&L2!g%vk!ZBGEvlwF||aN%r)Qg
zQDI**CxiGwy;En9zE|1Xdf$;B2H~!7od&LG)e38Krw(KsoEY436`q1hQo=%{qrKQK
zdXPCM2muSgvJbxOdjy;;JU;aWAfR%K+rmLgUHTn7wqa1G$y%SKD=1W%Pfq4r40SOR
z3n1DF)Guyk+8_Azd>{fjgKXjWPr=~>n?>isaLVo&Lu!~Ma3u{YdJMWiL9Q#^&A+I!
zf<sh&aMYyn)GcFb8Uq8Njcd2hbNNTZqTB6@Oud0GZggY`MQp>8B+j|_S`T!|m&9@v
zMuf6KCRS?Q+gVPzJv0Kw6Lb?D=WNKDu39v+4)1fE*UhmwXVz`a?Z+G{2y&+;<K8bw
z$u`lJb0arMY1zT!ksq~WBCI+ye#$3!T;|aYZabwYsc<0RBhs%URG~JptRwsN%!H0i
z(X}wLDgsIGX`k75uQ*X4octFpTLMH4*%7Kvxl@S(li9O^nA}qBcO0KlzaU4qUl9>n
z-7g}v2<@d;kBoWxT4-ryXJcf(<)H`SnwPopu$e5Jw8^sBY<RN#$ndcpTV7t_!(tWw
zI@Q{mcYY?w-Q3}Np5>XJ*i}>7P+Cpt@<L}5ZQjIr&3T&m9j+!91?fB;P;3=tyO7Z{
zA3>s}`i8UttMBl|om+q(*ln;bvuTaTQfUHF{>(^e?G%i|KD%A$DFlbrI^e5TwG#=P
zeq$xl(YuwEAd9!b*B~f-vt)y{7`L`=7!5T%bL9ZK>1p{K4d=aM06SK=LVG`yd-*T%
z&IzZf+jY9tM8A90y>&c_w<vH058kX5IU8yC+Mu_x1$3Q-aQQQghTe83s><s&?b3Rj
zCGCU#>@t>I!MLgiJsYz@d2hI*`j#6fDD$_j+r<r)=Zu4=mt3E$A3rjQz)FO3-}r1l
zePe_pTK-eb|Iz~d``UV7!qxRZCH?hp{s4-Zjtw)h0B{dPP0>wVn3ND9=`)Sc$@ZIy
z^zKan<)PVH7y6q@s*sO3FY*D2%}K)AhHk4cdGld7c&T~L3r{pFsD{V>`I2kh5|pA4
zk5?^yRisU2rBd*A2WHx1HTWS6RySv5`fiF@4APGv0aYO|csu9`F*xG2#W=`5iu4)x
z+wsd~u1VO4spQJT?eyMHnVwV%ylmT4jWsgm;wM(dPxKQURth_Qb&^C1MsV1Il|U(b
zGy6PSBgD)CAv55XmokLW$Rtr5cj~zplG+8^EuBo?KYXyzFpuNTUg}KR$M`-}yXNZ`
zVaw21XJ!$Oot`>En9Gp2-!YZm5h#eHeC_}9`%l<X=RRrpeJ9_!!CRt4?4}R)3%SzD
z1PI*a-wR42>2QB0o#|U6QzuyqG^fcb6eNncSkK2L_!$8?W$|SYe@)TI&}5qE{-nSr
zY=}pUBGqA%!SmWx>AA`sV@vj`|CKxb4PvVho!Q;x@NW93ido4NS0RL4rt}IK_v1%G
zP^IZyFdRdgJz#>}_kS6izdG?>8VBrugD5GXqmJec_Q^Mfx_Yy&=m2T-mExRJsvq8V
zTng0!`vOq|Cj4x)SLTzw6weoxbONg($2a44mD&-lt?#Y3n77V6=b&vJ>6W<bA8lFg
zk}+dPb~pSKf4IFCNEhlUAoKrawN6>wteHcVex22KdS&rRL>?3+8}|ahBI)z~BpXGH
z{yw0yvW-w6293m9WZm)VaqlKi*<X5uN2=UdxNX-bQ(_=Yp5%+iFQy#lj~`U65@IfD
z`s$eCmy4oEQZ#F@7%QY0OXC;0$w!gLt?iH}R9UbGq&VJMxmzR?XQA@Uzn;ggnO)O2
z&&1OaZ~LZ8bV<V=Q&d6_-j?$YlX{hM8vEB+$ck;Qr_l7~VZjHlLR-uz+7ia*DEN2V
zH1@7V?&OgO%5~chW^O8JU>_FaKpuN>au3~|?&P1I)Np$dv~C2hoq|9iw|(m}pC&?Z
zE+1Q|0_!&Ne~HhW&2KPJ^@wiWA@q-=c+b?@WGejn3X<3Oc~Fp;QegzgW2m|3bu<0L
ze{4`RNP;Ab%9Cu(Gr-8m%qWAWqbqUHuh#d9yU@?a`yRqx*bN39_&+snrRVBEl)nLx
zF-OhERIXVBk*^dcN=2keIqA}2{x^=3klvuDVmhuQP0N~EG3fMlubtZzXrcXJPINyT
zG>{6aflr|}lfIoN2i`piPl#q)eD}i%=Jma7cuI2<dw9AG{)s4IEsJbP9aB?dzq11d
z`!p8f%*+X`Y@UL*-M;R7&Dsr!JTNoYl*H6X0xvR#Qo9jTk1V8dqLT*98O2*`mmV)0
z&E|MvurFa1SzIA>e*$jRDzEy%+U1M)!o4ulTfsi65cH4HbO7|Sm6er~x!ho<U?1fL
zO~)ysgDzm>oVb_2M%5ZFV+Rw93z-tx04lM9SELOLoERkTmv1L@2<z1v{tg2ONm#@H
zN;u>1VM}+dfoFTWhtr&e`d-wbpUIc*vI3{iZvC5OWJpFe^h+>nYQY6m{^w61pF$yy
zO~^Y?L}GzhA$&f!B$iMz^!Rn;P)ZY|^(Ah8-~>m6I-{3#VV}i8pE&>AY|mq3ykrg;
zU0t#SkS<9=e82n;xdAQQS%12#YI%Qq#j<^Q#U+7jxzY!okn6o%|7jcHiU%xGOPu*W
z<cCSDE3$K|noJ}oX$=o8AKp5Dy1((i-uDUIp4s>5^#c`(Lbvk7km1wXwdj6(EQN>;
z$S)%Z)>NsyN#3B5vx-@;hDS)hXoF|=k;)IcpT#BWvYB<M5EABDCjB(Q^zfv>xQ5&I
zPQMuc6Y-Q_ho@k|Dun+9o6St});4DkL$<Z5`;a9XYOAUNzjKmKsO#o$>1<C{b~Kt<
zTOd438iaT9)F{K!)0NJqN%BhL@#H-&a>s_b^(rGxi3_^3*FJ*Jd*j(xfUgm+GD&)x
zrb53NJLP%rd#s}BWw~*4()M^V%Nlxe5oE>>)faO?yvwT7ruo@vQNpq<2}^#q?p$Ls
ziBakPwgyPE=?(Zz{;uGAJ>xasv4M@>lJP@*!C<m#*7$41>RN^K`k9k^9%_g2ipK_P
zJL{TD-P$a-;Y4B0Cyi$eCcS8l%c2g(HH8^l?bQtfzIkVt`lxt0AnmA?v*YS=QOCSa
zyc3p2vbBrl24Bu<eY}+sVcd`w)*CWz8Wme5TuIto;%bEwCoS`KB2+%~s;CV)rX&|B
zd>48q#<e(7X(>_yTdv7?LThzQhg6-MDdt61L>I16dS~WRXZsQ!N4}JH)|_09!7{Fh
zYSOv|#%9?Xn+_X|R7=fxg($M=8k?N-TzYy2Mdh?|`gCsHA5!>Stn?N(rPgst61JLz
z){7eS$mNWVm@aZHX%&ibF6E5htvQufH{g+3xw7=7Bn$>IlCpfZsPPK6DN@9IC8LT=
zr5gGw=A-t-ZKNf9>SZHo)@5ykDz>)7b&I^}OXVuO9c$St%IafDtybD8tc2>rax7#i
ztg<rMvYcdTNqo8QoYVBbM-+d?*IwrvvV%RURsQS;&EbPi;9-X+8*9S;N^;iDh+Z2J
zSe4xh#>>!REbwew(z2>8IKBwM5U~7w$8#6|S+Xm_k|Az3po`lZazwG?^CdGwo9OES
z?bksV1E>iU_tuPxQs_}hS`i30_MgTiVlZem@FBx}1?1m?R3jBdOWO)eO;2Bil^DNh
zcb<U`M-m9JH#6%qohms48+$><BVPv3vVWJHz1aB5&3^`A&fnfcNAu)axP*pB9?bh5
zHdvytd9xQ-eS5VU+%<eZY7*06@C&c3T;bAwu*Ys{Bz9bwMarAQ^~FFNFP1M2STgqA
zi=`bQ(P}d%6P!Ws%t&zeoCxciTJuyfU>!?a6!5jGeC%xI?*$LH4tC1*os;x$jT<zX
zfzPLSYWjgZS$&t8Gu{Jh<@qxq%N`j|G-Ns|H3lSXrtQw_(ejG)ZXMV|t)g75bIV3%
zQIwF%>YWRuaX<ds(H-HbaUSC!-J5b-CroelXsfBzdt}Ei9~^#O?(b5r#Xvo8QF)uz
zxZay7o6eJ*Rv$8R_dFbIOP9I_Xf36niuU`wRCyo{GW+yml$ayR^HA>E3hT`;2RlYH
zwt73_{rFX3y2XNVkY+o<HLnP8A0)rtv+eT@>`R8ov?B7AF#lTI`Evo(fSkjNTAHdL
zfDI$`C8x52-(i<DbmPTD35|%q(@#w6>d2t(jq8G?+0)A^_JHpJ@2jF5tR?R51g&&#
z{q09LYOQ^S@i{FEH2RzSOh+j@OXaan)zIBk_{Vh`rw6$*-UqyYUm#{hQ4p<f`P*`B
zwMTd@dwDk)LT(vfF6F$D%F>GSUBc&E(%gEF3!-u#-a&vhCic!6hkJfb6DQ{>$X1dF
zIu3H0oj;cA7k3rwuJ9n29&f)Xw4VmGZFt@K=7<PgUeSnQ?#sM}R`?lDPv6W2W!><F
zmc}`q`R<oFDveTwP1cM16flWeZtosAg$b=hf5eAQt<kRx7kciuP7M#eBpYD|zLEEs
z-XadlB6Po)KWh5Ld6^j0caisj&YrZ9lmrzUt(daBCwDf0_mR5tEATdToV?Oh>K-t>
z-7?4<_^#w(J}?D2Pz<54k1zsncJei_j`V72oB%7XA4jh?tZ{Lmp|Y@|?)JRA@|ZYN
zUxw=fhO)h+a>nB`?G*fttKoL`S}?Im(*1gVTW<EVonH>#6&>-;kYDX@or+sZ7k}or
zM=0zx&ivWrB#F&K$$W8Oq@T?kz)_YJQj(O~;1ONB#2P9V3X!Wi;oOqFAk&5J#RLsv
z6-A1xOY2YL$f}50k!Dm10;F?+<DI>UKJ*J?Eze_?JOOmA0cStBUIubY7f{ZW`Jr6C
zJ(gMG@m9F(+5ple8bZfSVXXr`fR!MKEfQp@^0)jNqDhdhTM*cuzuhW4Pc*Mr>kO%q
zDuF#v4Al|wHBVyoo%?MAvOA1_<kmHir`15<hzh6Ad|Ih9J~unGzhdV#L}^J>#H@E`
zmFk_WE5&4NK|Hd1o~M?izv}74YL3G4W2%#_!fa}Og7RokX|xa<h+Yr^ZT@L+)F0&5
zJ@qDw(4vs*nd@DaZP2mj<g%}_*v0R=YpF8<C4+twF6O76fMI6Sz-%C0LK$TD%5yG-
z$&FI=N2cJL@b-1OFuG)oH<z;#@}GUupc(!e@)16-Y%e5oM1zYU8LYZP?|otR(9UYc
z`?d>y*0|+V&ep53iv~@Jxj@Z(x*nn;NLTu0-n+rIQwmO3pJAdoPp6}KSW)k3Hqv1*
zuAPkxwRRAVzmrT?(~uvlM6!m1Um^|`>giEweo{aviP*ycCEje$gBK=do;cF*v}`oN
zD|gQ-8N%vTGlMV-l5#8iq07p6Mfd1JZpnx9%}vTds=4h{tf}p$pzT9J8pEPb36$St
zM>(~Ad74nC4WfVg(D>#X$3g4F;fce|1sdD#XI^M6IBi{YM(Fzfp@^?d8-Y<{m`*zB
zMxrKuk<(}@s^(s?ge@TG2l>pUUI6tW^}r94zVjPA1`CvhY!t3=4z4GWjv;rhTiM?w
z0;-LqdWprgXX~o>omH;>UEQ4ZIKEt=s#iVyU;OS`6C{a;=8@eaX`v&@^DV(lVUuGj
z2aqr=Ui^yM!q)?)>=^vStAg(--y9pj6kwHK_Uf|Muihq2$Ft*=u^EWTzWx279>XAY
z?w5Dmvh8E%{9uDx6I<lG?aXV7VxKmT;#(Yao`goA_lIHq*T27~26M^f%JBzzFlzu=
z3<#-@>n-G{{H;1WPi_dvE+f^UmAyjh5XSu0fjcp`Qbb%D<12#Lf~0P<l|T`rlbx8t
z-l_m*E}_eWnZ8%m>)l%u?1J5FG9|$jK?IzFI)rk3jv(?^$X|N57L0hWuoCXXt7v5w
z-37$%SrucJ1A`y@*r_#TEzyaS?vA0I{G0L_gK4m-hy~~DzCkiip%;ZJA=i_S(rna6
zE59hv%!adGjNJ8nUWkWfi84$K?m5bFM_`}qtT9oN1c4*4t!4<M2zbN|$;9>rbhhs}
z_t_CvMPzSnHU)a23S3Y-y=isbFTH`VNu;%_6`v7IAV4kK`P2HSyO7G}x_4R<s*1lw
zne<h(e`c}DEOj$=3`rGoMjtTRxQsS2U~q?Lk8=EH@LEA?CVxQ*XWh?rj2sa#%6@Yh
zjf5;d9ez*P((SZG+d58|Z}4r7%IJ>+#`f!NqXnJcCPN&FG^5EyBU9W23<l?7_su{2
zdp5tAdfuM%OIz<g^d}?51UrAqBu4+p$AW$&Ei%ktd9k!%5!|m8`3tMplSj-sCyCC&
zH=sSOLDBrT{x?0mk)U`?39IkFNj?$cVi4KBcdOYAyz%88u7SQBe9Onre72r!Dhy`#
zoIreo^m=U5>g>S22%oR09hoywL9)2352gg&D%9JK%ye_B+UQ;QpyE5T#Tbwx-^%uj
z_(tdV3csAg*g+fjweh}NVWBGv`H$$mf<#WpfyON)Hz>;da1&`5aaw6#ByT!2N}Wcw
zK(cCtlR32^s}1BROZMqy-H!?CB!xW##v;7}X!jWP)Awnz-i*U*X{xQ(zR|_u<7eZb
zL(&2Mj7h54qea;c7&{%|bX&@+=m~7X4A!XrUTeA=8CAxEg_ZiLpy~88QVS5$h$|v+
z7QN!!2^v{Ox3d2hp^nQP15zAV`*!hgP_{70FBaMusULJDPUGh`=eZREHa-rj+z34H
zw-91?)dG9@>pnF%>qJnow^$C0$?}?#ri<=N6`WFFoz}C9J6%8}`RX;@K3MT1pKrl}
z8e-WKZ0Az<@urPGbiAtI+^BQ4W34X#c|m0n+<S^8^oES5F)JUfb;c(u;_f6*l$ofo
zG2hK}Z)ody>qG#WHrbF7v!dB7??4hyg25PBt4v)OW1J~Fic5LBTXc7zwc>8{)3fhJ
zs*JZdXkP$Vz#2xq!cOhZopa2<yzBTXtzSl?Z2n*;?)q(R{-qsPqhBAI^5OGaRmwv3
zq0P$|>bMEN#yz&>iFiyWNsOsd`3tOr?~kvxJk4!2a4g>lQJ3W0^T}yTk_Dd+eur&I
zDg=mL@+s#>EcTAq&-RhlC0tWZ_?{j&3Coc6wW88gCXjLWlD!c-Uk1$iJ@$N#k`hBL
z`i2zv$}MX&nq4h&d~Z)r^!#CeEBJaXFmwrzpGvmOR+-9<ZQ%lD$|8-1*S$2+R$T1>
zwR;n2(ZQN&@9yVyQFQ1-g=OR&P!DZ)n0-AYN!&)9@<swkjaTJTXf4eNwWR1yRapCM
zH;z6pin%RGF%0$bJ)D^nNkmg`7WV_SV}&Y)9W}i~?(hgANjER#&)DGZBqug`-AI|{
zx7fkT&c-vmT;|KG_U@=H1>-gF?etE{WAE?Bh(Ir^OP6MB?7D({vE7r_NF_Cw@0m5R
z>Uy=XGg{r}Apji)qeMr~`<_8UO}mbtyo8`{X)zbfiZnnq`)flBwDI<l&dQZek;k)#
zq~43O2s<Hp-6st;8f;lw7t~Lc`*LL8nbjmHqNm3M5W8oQ)Ur={a?h4;UrxDVlh~}y
z6~`WE^A`0aQIFkP$>0L_vPfLZ7^{6SN9fbhGu`}BQQ2;lwn@KOpPWdST{H%4iv^6_
z2Tk}_yl}GQbup4pDKm?a%>&_aXWSN5sLWoT1kZih{2^v7UbeM&7RLS|F~eL;l1}7%
zcOt^A7WUP+FF2>Yz2i@Qt&x%2p9aAHPw*bV#|P4d{O>)1ZwsW!Rs;Z$|98Ga5#T=v
zIXi?j1OYDaSA?+WZ}}gDK>fGW41sSDsQ*?XP}|xnC@2t?r2zh)2^qfJ@89p=ng2r`
zA0L1~tpGp{3k#)2H3#6suNOH4ISk&uf`Tn+Sc)yGxq<?~767odbtnsgSA`(Zr6>UY
z5?uBlAxGrEMgHFrkotd=L&*9c+5hdV@at!={&xd^i|p*|zju?J9Ts67f{(9&52T^V
zrVE8L{&N3{{kOya$0q(U{|YMny>$QzBLIOKzW4uu{;M_Qun_ps3h<M`dkR1r0zeM=
z+ouRw@Ui+^p#b0iOUNPc4FV1Ie{~~#4><*aE(Bh}`PA^uf6#xOR{=;D@|S}^4d47H
z{a4+8?f;+Ue@c+q|DRR=IH);)FSH^AfItlZ;4Azs;J^PQ1q2#u_}~A#6?pysO2EIB
z|0Dg!v-__K{XYf%WYoL3^dC4bFK?Xp1&JsB33^L)gq;xbF&s&~QXbaG<7uy%wOt=+
zb`ajzo6**pL~~}wJI<5Lmn0;?8&dW%=k}ziEK)bc>kN@eIln@|Jw;lu;*@9)#{k`H
zX0b%IUC6Pw-S$;4Q=6LD7a+5Y6yktt<~RmQO4DpL<tdH6=W?F4%|5=h^-Y-8w!X48
zb{BXnpegJuDfDO?LDRO}{627Ipn&gUgN)N{tk&O=$8vv9&+ygjnLZ(@1$%?x9ggs-
z9V;@c#NiWRNr^Kg1D6-}8tLH@zBxBtOh!FEj+J7EJOUiI(^FAByFz}Cy;ZvgCBWl=
zpm{fKNZ;?R>Aj0Sl9}GTtn)i00vwHTlvpqj9d-9kb$Nn1CFa#Ol=l8;wqR0O8|*3;
zJ*Q|=K2A$tt^MYgTB;-cFM=yGp7-Iudh1iDXML{*Xke1iSe&T!Xo(oX{tg3#c<gtb
z`MlDc0dHx;h8E0peSfCn7U%2xUeOLm_v@@l(xxTD5MZibE+)=qsDGXeVuL$(FTKP+
zn;}PJh;<e}u&j-b9*)`)Tr;*pKO4m+c>DCyWcLP3^V(AvHU-Y{aeXdxe<>v*kH!BD
zFUc)js2RN2;ITP#=fq`)C=kcydz`6xzB8JhOKA_Z7cgBqDv5II3Z#MUkj=ew&F1<P
z(NLCx<cM_y_=s>p`R2F$cNaRELOq{3{?UkR*z9KlnO_hJ5!v17;n(?q*ybm&UO(cu
z-(K)V<^VSk+w`<&`2vqU&`xyPeU+X7%v`N@iXG<tF2@|B1L+X&PXF`O&#NB&0aS#Q
zO_kf?koYZnq~ON2eCOX>jUo$bffDXzpz&id(%CPoALY>@6lw1FzwCYcbClWLzF0+4
zrC|C!CFUtHHaCYi!RE*WD}T_ct{5A!I3=4lM}1qMyM0SjlB5972p@Ec?&tPBw4&&P
z{oPK~FGE>n+Tq`Cdj!Tc9t!gc1*6h5-u11nVuH1<A+Jg55PhEtw0A7Vs;<<6$lwWn
zqVFPcNdTLc#+$eyVnYaoQBjeS3uyzfNG&B=a~?gzflLmx1spU%fxg@>b%Fb6l-(EQ
zv8StPK8QGTXZPN5)K?PQekUV|$laqnA(cJg%<ONt&;-{4ps+HRcj|0qfrP?$q~qW_
zhgZt1U(~9Fzxxwp)jEsxIyTSd9`p$ct=Db{o_zhkC_BrrwwAT;2X`%QMS@FlhmDh9
z#e#<d1&RiW1u6UBuEDjq1a}Fr@#4iTghFu(v=pf9ea@Sn_jx|NAKzSaC2Os@*DRY^
zGnx6#|K{ct70>0n*Yu?PDUn3_I2Qaz|2s&jeCQ0V&bn>e)T1H?#~H1YnCu?G;nQSf
zsrpxLGSevj$4l*F$9tQMTLr17A$`v`QcPVgT;KMLAafe(uMd9qEdDX_U1;QZoj_c$
z(4qx;^(oX(bS&nzn)C3A#y4&BaBy@niKB>RL+7t@ABnSamGAdwAzykQFSdT@)V}(a
zZ1C4QA}@en<R9G934Pwb9{EN7b8G<lXRgv>iarmnQ)`FYpqShA_h<9AZ(xIAV6CG^
zZqsLek$+zZTmRd|yzQ1gFC1(zH2K@`*MHs_K&s4JakifgAcwf*F#IC3!qz`^Y8`Q=
zZ-uRk`9;1V@<I@Kf365y<I-&T@7}{TwT=k$HYuDXuX)>l3M-m(gqvfrdA$UZ1#P3;
zB0>cJ`A!E&05E^Sx=Gg2sN!B~G?91s1od$0)zWC58Q*lLZIZ;yMuRMqc6v?vhNxVC
zE^RImtp+eRiFgz*#oXKjn4(KSSXZ2fhuN#rNf6LAb*n<#fek8kyxNzg8HI(`a{-k;
z8w{oZ{8(*h(1rbLJI{*6sAV<+b)rFQ^<NySk!`R0iyQTNn%4{(To-T488sM2-v55P
zDg#J=Tq#-bWYKEnnXe$Z4f4$6)!7O1^SC!W$Qdl`%ti2rPBJu*NP`<~{Rs5Uj-9+y
zc;Z;u^_%XUr!qF*2GHgXeM?c7y!<*>x5K()gr&$*Nn6yKl;JR|3W16nJiecj&@XYK
zY$9K&Q}L+(Xb{FH58BJ_FEg7c!pK;iOub!PdbC=MiO9?&G;b>(TPp=@MDld2as!Bu
zB1hU6ZzeI$lS@a17gI%E<%3V<r7GwTJ<ZW7BLEGhbLM4u%!39?##wRi?kBh!4#Q#Y
z5((O(fukIsIwNc;;X}_Eh-jQ!B1lHitcPFBvM5scmh(GY`}VN>Jt13SkO*=4r0d&U
z;V$u!`=d4cF%N?4pFeJ(oenqSPd(xHgY))2Rp_nW9HRH;*&;bUB@rKoLf^g6+}~_~
zd}}c!dceHW{kDu60i*=)i;na{ZsX7R%t)&8z^`nUxf){Bf0~<t><EAD@K`FUnw*-d
zZhVtgzN)(7LY^x>rG66P=X@zo-lDe+6RfYmvwv<0KmsCfZU)<2e?J*mBpG1}0};5c
zvDcJ-1<^od)nJCit6=2S_%-@F{{Q_D?1fJ_BfX+b0R;L{cno)A2DOAvQDd^6QF5x>
z<~b0}I9B2`d=KCp7!-vB5NH7KUs~2gX_|ZBk|7c%qY^OF(q8xMPKbSJ@vR~U=gJyv
z8HKZYzV`QDe;U*@o@Yb;rWff33k$YGghr7K8I#Yv|5c7edwczd|6f@(Wc+gMKK4v#
zw(V}aqz-%B>?Uz`w%HbTU&N$Kr>}0WczUB;Lrco`2B=fi($ZTGO^i%g@wO9p*-fuP
zQZQ=b)MH-z*xSi@Y@=VZY&NVgdaPU8dkOW*S>h6PX||H@m2b&f<a3cN!vH;ch&s%A
zbdfPrRecI_eqSKI0UL}B(@n(N9muK*+|+Ady=5OSS*z_ab1yNkl&am?9^@Chi)K6I
z6xc@#!nD#`ZI^<xb6NLg5=U%{=h(?_eZR5m-3jQ<wMr3@-xUY#gxj5XrN||%Af~4q
zHoQ_cl6F^oESXjqt7LHwHGI77J-Y4Liob2%^srRPrA%+cb+h#_rB_T-*|YmH?M_#v
zx3t@dr%X>Vc(bMXI+u9L=_U*HN_E>zH{0=<F~z#BbV(uk%%B)AQQc}Ed#47p55&?7
zS?y~j>O(XS33Tb`=<uj3b~kgi*`|1gf=ui7Ztu1foc(z9<3H+Y@MC-5zs}#z4kb$a
z_@p%0T9XiitX!;!r7cs*S_ZNXuGMw^H3>5-nHG1jf$)0;5!A*CIohU+{-w6788TcT
z>GUv^_fc+C^ELO0ob(a2=lEWJDKudC=ABs91q>i;^^}OOc63WmM8I-~KdVxbBS(%5
zb#IyeN6s&lSL5#P(<|6m7Fv*!Z<1HUDHJY*Rk<tZecAnM{F*i{RC<u#$EGyo@=An8
z<UothZung8jB@tlOe`OU%@4Kil>L(h_-8`6{<&-B@<-4=l(_ZQd@|_L0+UwwKa>II
z+^WRyDaE4H4k6Cxi}GCAkT6?9xoc3)`AjVt;rAMdvcj5NacFq@^$Ab#;(a|aZ3<!B
zfeUf+G=2FtUZ|f50Utf3t?D=!DC--O9WipHu;u&Zw%l6=^;P_|<4)lO>sOW-xuYDN
zglEP|=qyNYh9COflZGBC@#8N~A_fTQOq?E_ZkEO?xrG-))IXXD-VAOPsSNd;p*HaO
zc$-1MXK74jd-cc!q2?E<y(a_xr2_#M^tEn1R=wjlPa>jQeUWm1(N|@@)8qBr_ZVAl
zkcih9$rZMNveg84+b%Kc>TtYEoaH!H%?6&YX~8yODz`tNh<{MUq(68;+z5KwC_GX^
zLfpR(05`5!f&d^wO?quqO<atI69NoimiG%G`r(T2`MuO2i{h*w1PbEj!t3zxEVHeO
z>!^sLU)5QaVXhX!jCc>Q4?6i3x`Tx1TxF$&JV{A3NGE8|o?&oJ8R!p%L1;jNJ8e<m
zkQ(IVmZu<URDjBl`jFpTxGPh2{DShRYuj|;@I<E1R(q4fxhG6DB;oB-d04ByMZ!Z;
zTgk#V+9)Dtfq@$pAFN96--j%}WG70S5`0UOAKo<D#p%$^NmS`GCOx-G9|-zUZwGsb
zf%=Bv&UXNyIC&##XK(3}rW+H-bDoj@Gti&#jam;ZHlgo$P<$q<DqAs?O_ovC+_`uO
z9?D_dKfyvHSE{y-&~wiSxFkLZH35-41NWr?6K)d9k~Cbn*DxAe!A7%UAGHZGORQe$
zFq~y*@eJ?z(==fJ`30|N7&7M2YE9DPI>7QIHf7|*WDuJK&{8c{a~8myJ-VyYrg`#f
zr5+J$Yio8z$AO`#iCL;352a}0owQem*o@%%cK^jJox1!t#aXHvDbE`DJ>oTKnKVAB
zEM1ph*$CBn3Lz0yRW)_?F5A_5DYeDh8}D{nBMKk3V(v|sQd?g=C(Y(}MRIY}q~JZb
zqpvX+Nd*>tlE8W_tfGUlTS+8o&GCf1mfc_)g^4w)YZ*Jrw2f!E==Jh%Undq{(we^{
zcC&EjF3r#n=9=+Sv>-dh69r#d8{uhr&plp6sPQg@PEZ%!ituR<(U`0Xzo-scl>ESm
z@V1QyGo<h`QYM!NBCTz8Ilr79B(=A;pEPEz&=xXO(p5_HCw+%=09|`WZ8Xx7vMQ+@
z>YNMuJtLZ3W@$k&9dWC*H=>1U!sVX>RIGi4T)sb*J6ahVYBj9a)nz>vql8@e<;`nl
z>wI#hH=phisZ;&~y#@n1*5Y?f`77Q9IgHzT*OfyBR1D<gKQfF0^Ph=xy9iaK7#Soe
zExid2|E4c|R;bM-yFV}_Iao+N?;dB`ytYD#S>imxuq(AmstWhHWR!X-GaNdXGpx<d
z`BZzmeIOw!t$il<>7}9U*RrATi^M!*%6Jxb1E6xTGo`bo0m9K=jU`ioSn^Da_=+rW
zKwbv?f^R5mq)VFljR~7V=k5N*A~prNC`#yj>agEQTvlr!U<c{7>f9GU-n4W5Wybhw
z8&|>Me)f}){~4x({3nICsg@4%517$b2jZ*)`B#jt^@C7K8~XmoKbvpvkAD2iIC$x=
z{Qs2uDg48b<xiBddwMQ0W2*elZ}$6pLYMyFL4mIiYIL8knIvBkTg4Pze)1TgD|Q{t
z&7MRepQ>`hFwUn2iCg(4*4;9V`Q6uM$MTbFp7(m#!E}mhiwNnwf<j5?r*a!NThU^0
z@7+V{c)j?b-zyU;y8c(}#zMP#ui!o}&P<IWsNK+AR{g{(>}YiTgb%bJcYx~{3F@Q7
z#@*Vk=+Mo?ajdNQ1tL)b%catT%qdFN(SaR$UkDtMx$V!YefE+J`9g?;Ps?YUe2A((
z;ZNao25xfkRgD2K%xmflA~>9AmasC<IzP;cF{3y9F)(d~+`gv=g^6lp#RDmf)DxZ0
zu_$59>vT~ULw7kP5&r5a7p|pDU+POOXQe$ALS|~>Ypfe$PjiTD)2f)Co9&J*k0f}D
zlNmI>%^P6(16tT)<L$Y>>F(%ASDf(3nZR(&hbosYY)TZ`m+*s)nKN9TbdmcPFb(~*
z3LI!~YYJD&m`enps?4u3t${`yE!XUo9kzkyB+$gNKsH{zYv=SczK?Y~lV1Z{N_B2_
zuRFWULzLQ0T8l){l@6hbqVwd{)0G(N!C;uJug}+(;G-C%_`K71+bW~^V{>i~a}RTV
z*LScCpmEJg(l@NWm+4FP(V>*iy9>RR*UVrbzT}&Ymnuz--lyhZC3at6bzBxORtgwP
zQ4o-pL7KHs?T<J@fY2UVhOWgJ4FBx!J|+ZCUZVj_o1X)mbkU6B$)08R1XjZ|fn~Tz
zcHi!57(Mu=y|ggbw;*ijH4tIs+XtLpDZONE3%bVJGU{-D2%%LV8##y|VK057h;&@s
z`h>?+di{CTrU}2ueOStEAs`qc)X1zh%j~}FEN~*AThnYNWoT%;`z0wTufR1YPtVsr
znG@EiMiEltF%i00w&VV9tOO99SvxN{__&~@`0p)|(TrZ;eMggKEr;esjdoIO{Zd7v
zRg=)`d{f)gpRIX&dG=ut&0C4^b`LO4^~b@C=XGyko$Vtle4cGp57zKc*R$YAizXW-
zbKY+pjrxYNW{*~rOFM&XQ=aI@({@_dOL)T1rIjI;Xwi4`zAYK-g`Iq%ko;XkBI==Y
zA%aqtf00``E|rA&sIz?S<LVim7wN4eL4H)_#}+ThV)lhJ5b}gu{Qg6h!FffQeacS2
z)1w&^Zx%_f1*#r!Lsbgy?egCcAP{4~lYwlMqbo9%&RIGO?lDpwxwH>0aG|WQ#Jdk{
zkxG39P-4zwJo)x4!{I6yaXGbpjFKz**n@MfXlb61YPvy5l^>(}oU<=YWqABYjRImG
z6FK?789`AM;&Hj)6SzB%u*Xzq*k(?aiqy><+GX=@hJPr-(~9Osc;)HhS3S#U9Panr
ze^S1&&n>e6@rIe#9J~X#1*I7l8<_}8gMkU)PB1sZ1OZ+J6C!*N!1u40bcgq(-)maH
zdu)b2Qzdj3h%M|XkgT4kp@i1?WC}&xgF9si-s18R7?@NdYr<1zF1?nD3g$10!(}hM
zS>R;N?@R^;F5p(dd^n{U+%on8RY3+ss2(ZN;hZcej{^OSXJ1gmEp_EFmvYFOGn;;u
zdYv+3i4VQ48Ktpdq1#KC@~+Ciw6DV~W^44yd840{ppN)6^266~^O-7qw2hd79ZG7W
zmy0jT^vFOOzbw0RkI{MUyce>$(C0Ec7a&^2X-K8bhD^R`S{N}EMW|woN$4SjlCsf0
z<;d~m9)q>w^7Ru~;u}-A3esWRPRW)u*&1TfG+6KU3_NMO)7fw_>)L55&V-bik<Ass
z<_2$*=~Byhf7q1BU?XmhyUnr`5)o?$5{^yHo*5IGf)gm`A(*SVR^jp>R*z&Lf`MES
z63oZY0jyVY_k~g2m<|v3^nbA2oD~>!Xr84K-}ZOwVP)!HQB60S^fO)wH)eG4s#{m-
zjN98K6bbb*Z~{hpwuX=~Fw~1K;5>{sV0?`b9*e{DZdkF!$oz|48tTv2szt~67(tUo
zXyaR3GydKkO_s+N=`d@m*UqOVKzg?UabTBU5U4N2+qVW#5Q*~~*})q(xcRmCD^^rO
zv%l(vvM|&6!Ww#z{$<_ilJAHCV`PEIXhi?sx!nB$0HBU_7N14jkt*Nzs_4k`#9fvo
z^d+^QroCYU*~S?Wb&l*J#>rT~ldxAVxi&3gYuF*qA}C)5=OXcgi|LH*1)#Fq+JJ}E
z;kNNWrP5t=(BGIixv*uu8+ihqGYF8Lp#>YyLCpP8%&?nwV^SQpgc;0TTA<D>Q_2o@
z+a&tzxDZR#aA0MC4oMh#Nu_GE!*>ktPd$K<l{r0-=G2C$yp+CGp*0j$$0+a7iw!NQ
zq>WK$Ip_pcXs5M%YFaBlCBUE=TJR9K=WfrA*G*D~;{Mp6&Uk3<j-RAM9O~yq`@>-+
zNBjVg)5V?3K>}4BUoNfj1(P#LToQh!Vw=nCoFG{WyYej^%om3~+tT(+^aI988R|$9
zpeAD@iuz=CY)hKbS0X>Yd`8R`o)cflLCgQb#YfI;Tpx!UQ#GL{6|Al%m}J@!MAG<D
zdS6J=fjm-O7W5sfpm5`&73Ytlp#z)lWR0xPu2rq^)_<j8xLJW&`A@Ilfzx}MPp{Lk
z>qkY;y>p~*npje7z@#Sp-9cI?acRv2ld}8^DEf+|8(^v3V-M~0wQID?hnVy~@knnq
z(N4Tsr>Q%_&lbsSj_S>9r8+6`33VpisJwMs+1{VEZT;Bro$p$mmpjK523@&RuXe9h
zAEvjpwtNb|mB2O{NF$4yjM0dipx>o80jFILszEp)EX{=raC0{0cKd7E>uROlgB>xB
z+-%wNxUy~TiqK;ZU(GBr>-`~gkbP>5+W@A-MNsMGlfKlI%%N|<%I12m1>oKaP%xjT
z9Y|e}ECA$IlYGQ?dR)3|uu7-T5iQtK%MQu~Z)1aYr~#SyXb@Yn&|cPD4(O5>^b}0`
z#T}R*yU;#I)mj$bPv-Zc&@4wKXtId*lFs=>rj20m9l7EP0HAc7lYYVAVh(0^Qa8Qv
zwaj?DtwTqoyeE2HqDw1u&@#-)Cofc;`1TF>MT)2d_MYAZEZ}G<uYHoKqxCB!CxqB^
zaDVSZ(~VxBa4#CHhbS5R0P9`AsW)M8Ts<2<?4&C)M@Av^x$AW{uO$NXvUoR!&Fu@N
zVU-lgTwhsfrPBj)ueq$=I9(q_y#>WE(D-jZOUfzAES1WtUXu#T6Bt=S&7+X!X~;US
zwUFaR_6pps;*bX8deeZ2V?<RpxL{4iFx>wU4rv;xU&e%-rZ0f1vI`94_pZm38Xx*h
zZ@khQj#H1*oqZk&u{HQ)yaq+Qup)EI^+2Cb^yuY(mu2>)oF=ml$h5r=hTvoo*}b_G
z`kazoa#EgaQ6LN?ve~kcEw7*L-{iW}yj>m+Ix|O}SyJueG{l@G;M=UMmhBlcz^_^`
zGUzrcdwCOLFgMjI|0PD0ft?d9ZL_<0MPtSn%DN=p?)93Vm04R-_g0HScI5>-|D1Q2
z+tETY@4C2lXPZHg)aQ$g8-aU>yS4E24iu=i1lcnIW%DDXTk059r>13-!)pe3%}><E
zZ*9-Q{o<*O%q^m~-1+EO`o0Zz(3^dbz-2rz0<3}>)D^&?$g}cbAU&>%QpVL)#<<*-
zgBuU48Ng|giQqC7SfUkY{XbdJ1dIK>BTyP=Mu-T))odVOjw?bNI15Aw|4wxd7x}+|
zp$M2$gCN7L^8gX9xatq&iU20jbI%IF1B~@>18)I1CW}>IRspPP6pk=b0A@Jk^z@F!
z75*Yya~;=qMc4*hp3dU7BEY=K!0a>xSehOzfOC5CZ81In`1esjwMJQ4J~_Z_9fYy1
zAcJ78ComSl%3J20F+qt-{I`i=9D<4!x8yN5hp8&YwbuBh9Ws<8XS_-gdI;lWisb%W
zNr6;pQgm8FR=glbg6wfx|Dh3Z&3}M_=VsvwS%>PqrSsgx+~f_<ZlejbBU^bg@rki_
zgljvfHePp@J@F4b!c**7jRXPw<k<pr;+;M-4PTHC!%AhA8_SVlZ_OQky&kc5XO0*z
zh%CK>wPv#MBXR@SWQ6d5C3wh2I?Z36;|Yn+UD{W_blZKS-<{9(*Z|Y(PeaX+^*{uf
z)D0SyV<*sEj>X<w9pK+A`&>v)!&#S>uDNNVxFsC2fzdU$IL$==brn5)ye>>c?{PMW
z0Re6cY3q`<+yWvLUFDHxoR}tVf($r(!c1-EfOC|7np;*`*@cbRU|Bi}s|;R+w<Sz$
zf;bf~!m}3YKKZ&ri)2(}f@F+hv!3y0gV{V1xwYMPhFQ(sSKADyER!h-h3LqIO~1%`
zrBR9RoTwS0yE031F$Bh+*pQSAnnHkhVP0RvR?M5C3{y0DnT7#y;|00++7}~|cXj+p
z#D*UdQh4PL1;^fp>8g_5iP1ui^M`g(K|m=&eC{e9I%%?OjeUjAV=k}RXXAj+zOozT
zop~v5Y%mWQ`II22CNGbd*_~X;tu$Uu0`ZtC<L0pHY;jLPqmWx1w*B#5MZ2_+V%@kr
z;7o-4>*cd;d;*x}VM#TGTj*-%r+zYmA#N6mp2}B^p<$*ywqX_K6d>D$*HIZ>R|!^{
z)Mvvlv;`8&wu{CL!h@(WdB$U%fiIkucnv`0w5(#-WU@Ao5b_!Q2yD8)vruBGL`MHp
zVsVsf3!df;eqyu%sRZ2t-`!YDK?`MKu~K6By|jNqtTdxUb2&Fj$_(v8TxlFv65Gjx
z6uSFX?ez2`MTqyxR6M%uR;0@|{NCq~WM7@@t4)a7gBVSHIY4?{eJ<m`#}riLu+?I-
zbqWH;xRWLQ<x7K?Mo1!jc38qf`U`)8KK!h-!8IpIdZ`o6Y~x%!(Hr#bY51VGpTss4
zC;LT6SnZ*`zYhoe#d}U8_@+bTF=8w0uRkI(vk58edoHcDk?onBE#h|!1fol)58v@Z
zhX@|pC_4&93SVrT8(V&Z8gkQ2tdq0WgBrw1Gs7FpS5kVu&uy8B_)A%lv;(W}X_l#Z
zoIXMJD(#X==dQNG+$&pg1!H3Cl1R7jEOH0POyebeuP^wdsOVx{{FOstVPvCV^oybV
zTttqX8$qaJ<HobT{7yfG#i$E~6651{a;csi%K3dS8%k}gXAS9s9KgGn-UfJpo^WKF
zAcb^+23AOf-4%20yN@AX()9k`M52-wLy7Clb@V7}rPye%ooSM#m1KM4?;5>QG0BmT
z%HAK_zyH#rCUUzy1oGLeKzER8Cx<u$s36LyZs+yU(c(gkLDP0{bWYlo8D*d+JXodj
zBA;b*_k!`jcHy?!a@=AOd8y^-a4w_<>vc7M+!dk154fxoY&=S%)-obP+z#Jn1S_nl
z-S=Mqa5`MkJx~_-mD;_TOVC=p3&}0#=ZQ^{cuxtDe<Ww049WI+8?l*U(&xjY*eLPI
z%pE3Wcgp`VeTc?sSb5+B!G@xHVx(M;|GqftvX2OvC8J_Mf=Z=s?gQ=<3@&Q-?L_if
z`BN>POY{rK75Iox8INsV*<Z#&T(No*eI2i;0}~C8%XLdc3a{?CDgPYbQ%bfel(>Hj
z&@{I7>J$WUk|;$?*p(Ej!-7UQQ^!f!KtcIb6*HYp&zor*i4o(fLt=;b>hZMrA5A~G
zr_bmPKQ8Tgt+R{#%pmD&{=<<w{8HUQ?w1-7DTx(zOKe9eqr<yvH#1VHCK>H7gl;>4
z6yzXN<Ppn9+NtQ34C?^ON@62hYi;R&{*2|g2@c&1fLODl8JHXBM*YVov^ZG!^zgY4
zV|7yrO=Bn-xMLDh3Gw-;f4!Y9@y(Q2Dp8X{XUMKi_=Kv;hEa0}l_<ZWq!UimPWVX8
zp(?J|{ISYY_UA{H=CPDIpC3})_)S;WXoFWSm2ZR7D<|U#wm#&kGbQqQezoZfm8--)
zl`!@!+ZX#IP&rW#55fdX-a=2*#Vx~mAE{e8SY%a{2Q4IyD^3Fy1U?4`_qN5Qw{LFN
zWwczYUh01oDzV9k#Zz8PlXxwA<>?q~1LW|qZ?bYnO1>`58Q-|&7-J|fq?>PS=qjam
zNYRAqL4$)feW0gtqKHeqZ-Ft60oHWw#e$^A*t@0U)suNtYgXwmX39lOE{%mpIjOF@
ziNvX2yBnsfDHh|oI9Ybw9NbOgK4$YlWHg=A9^MjW%N_iAkU1*lX!eNs+UHUmZ`cw2
z(hym39n$xga=SnYzTn+-P^zsD?--H92S)SdZCNY3{I@F<y<`2h3{4|yABi{*t_4$)
zL`;jN>z41tZ#)K45w+(iWp+->W1=tCGn;OEC0Qw?CMfgK&3_au%T&d3sI6>RUPLW&
zHIUW=+bnEEHJ0mH=TnwtqXu3@+2K(ijFGrN&`LXJ?VCNFJQo*aEY{PN1)huEVDiP*
zr`c>8Ixc5NCO?O(qBwy21@J??MMTNH6Ug=x^_$A#l1Ds26>*iCQ7*P_>MQc;=hP<C
zCGlr<#Onz-9lscggl-u1L(n{-%Z}XUNRA>nY^l~6i&#ddW}Mi$)}61-=`=SJND)vu
z9@$9~h=W9?ybh+8XU?EKc0#ZG<5yKan9WY;LOfHJS9(Q_&6NqYL&)&@bnM##Y<TfI
zvrVv=2)FMPckBlWqkjN~h(akJJnuLU6fqQ<pWJpUMLWpnRRXDviweI78{M>U5LIvA
z<Ke>$G<an#8F0gYB{p5JnndRFJX53lSFI{q9oD9-*YhZH@>AOJc5U(Dx~3b^EgqY{
z-cyyq%H_Yl?m5T1JAhrJl~>3_Mb^0eTFQzXZBOGYUnO}{kwtx?@@|SU%A4IvRqqcW
z4Y3VJQ%bXkmwJI>wWMiEfMUFx$56Aob~kBS#tNjyOF}WpXZRO8&_DnD=zs8HZpOvu
zqiU~y(3)b3>?eDbolil`j^F!HRTpx#>^r3#v-3<&3KaDd7L#|J($~R7dtXCShU!Tt
z+}MMS@~K2R`;)Q*3?9-L-VQnJ%lakQ6Av;M*({zCncGU|9qbW^z;(0=;qnc-<5&3G
zYeO0?%`V~bh3JUsJ!JiSQ&WyctHy-ai7~ogdZ&N%qMC}#wz;;b3P!R8itmo_!zW}L
zE||U-lPx@b6nAg=XX{DK7PO2!zP_8N$Sq$W2%Lpl{Rm&GE^ttVJyn)2F2Hh0lJmdb
zi*R1lQn5o;>@Y4naH`>%;)5=Y+%Aa{uV3({=KPP|!3v~G@8UJ)=GY?zoAkca=f$Xw
zwPkRfPa19h<SECJbcR0g1oqyJ7<>{YF3Nw)*f-I<zGEHvabK{cr_9-}TXTv$qJzWO
zeedLjFSa0qs@Uk-^*g?r>aEHUiuF|xM8{Pmyfmh=a=+_OeksMpC-kRhWpvb=8G>Ys
z#ZRR}Mjy%la$NoP(X(Ug;2)WfUC@ZcAr0OonKM#6oGx$JR4y^8jci3zf<=)oKJ|~p
zH*a3=#RCdRRNTV|iVjCum+Hww+toA}p=z1@bY`}!^UrZp*rS31drrrBqgYA@DM%V1
zneu>lQI0yki?JF<RI8lI2@$R5Po8bs>twxFMo*XzW`jcW<#((nLa7|Ab&*9ykb`*1
zu4Nk&XyGMeZQsVXWz*mrN*?jqcgGcf<^-oESrh{RPy)4EKzs)wEnH9L9rvMvX>dg$
zw|lJhNDBk0%B_UZkMJbwI)C(^U$V()Blb5%$O-1gmVbn$Ydg}&Xk`gX=Kv%DH^_+3
zV?|*uH;cb^Xn5Lm?pMlQG}K_8{P)kOF5yMf8W+R_(a~3)9gcv5cG~<}2ul4iILAp+
zlHLM0FNpHE(<X*UHLFB6fFUh2uy9~kbMsb%L^9mUnac>UI7!oa4SrXR>j%UF;;{k@
zx1<c<rr_1l#jih}X(~J3nsY`sOB-cVdrYW=?G9#(6F{FPG}!6k<j{S7?gs&F(bEs>
z#+k8<y<M{1+%shc)(=!gPvdHz=Zz5xK_jo6dC15V&KgI421PzKiDzsMwsel8Yo~bp
z5}~*m9kPX-+0XvmFOIBkwV#++I*yW9{mx`!bDQz0c9nHaj|NCiOPJ7JXzHQp74~TD
zD$yV6zhx9CLg4Z}6oP&&H)ed(ECj7TeJ3ORQe`mi{O)P^urDlvv5fcj1+^o$Du8SI
z8jI*{lP{V`b@#+9GHA9T@XK=2hvkbycIvz@r@wSSHN4-**Y3VHQfDvfZdwZ_PIhyJ
zq%>E;;g;il66j94S_s5da+HA|b8MZy+sqmk2T;Bpg$)i5*qu=1o;OXY&hnX@UX+Ku
z)THvtvyC@jC@Km&W@N7TgU0!(O2d=u?oNkPBDN?-C!iooW!8+qyj7j+F3NX5duwQ)
zoOl!J?l#@5#Z~`WX%;MZkXdeYCXzFIxE~4&U0AtdT|UIn)PqbWa@L4XH3^F+cF9`c
zfzR-C4Wd>Sng-n$F%C{HT>-6TsKHJ)`w=|%iH}>Ox9-+BMPA7{mn&}yKcj}S+9Q;T
za`0{1#io3=@2_<pEb&u0qixpE0#ZZ%nqy4*XyU{+TBS0Ti-Az3v>v{HWp`DCb_^`t
z3N%Yf18F;z-`_o2w|^dj1e1ogJM?NNy?1wQUU=wM<W3TB?^V4GE9g^L!nLF$Jh{1X
zzMh<-j7!hwKfJ?ws{~I(_Lw|LJ4A(s#*hpV_WLL1({_oax?p#aMDje^n>YI&s!tA>
z`Su|F0HU(um3^<{YELpwZz>*-SB5)p0?titCtUG1e!Y8>*y1RSv?2&IsH42VnB4Me
zkwNCYaqdy$)48~~nBI}G#gqP8ur?b%{v1qQ<UBmi8a))Y2*XoV0%>VCq!JMfDSA8-
zyiwMkw0aTd#8#>GaIQ|sU7>yy#vBFe?0|if%L}U=>ha{BVIL^USb5M_RW)N4zCmE#
zL)Qm&O!dCoj)MkkUYc>265r)KK%r1skw%ej#<V8(ga_DX+anJu`-Cvu10sx=5Drx8
z@fFz5y%+ADwtzI@L7SM0(YCsL!FPsaA7WETQa1Lo*bO>F8Fkz#zGgM%Ml?6QX}|LH
zZg~`S7Sf(`!FaqocL+%|{qxdk+}v_zu>f%;Dfl5mplG!#$sRMcQ?J)`!~d*o^f8}y
zS37$=&O_2A`FvFERJxLeL4uAm6o5ZUyR0Mj`2+UyL@N8TCvi{CiF))DFcZg?*g&jv
zXDZo7<$j+FgGBY-&MR@3O1Ds?;oTYpUy6;N0Mu>>-7rpkJS_ZsC=dquR`HrYl%Tg7
zH)Jj>OB*|`HN{Ror65%NR!7q5ZnnTz@0dKXn-+lY`?^!la*^7dy(lPM2Bx6p=mC$V
zHL3@gb2S(yXE{_JAd}^rJIE8H)D9zER89lJLSJZ?KkEs)cTbF|H5Z56;yEXXI;i@=
zg_bw$ZMul5{9*-9?x6BTP2!X?Nj06j&Ln+i?mu{gPB=`Gk&J|w!8(=T4M8E6Jp=lp
zK!DR;hs*nb9AsmW!+o6_5%R&Vv<B*X)j~6|?_+H@gzIh@3hTYn)XSA<kitVR7&Od1
z4g_b#k2eLq5uEaW-7fLYbST(1i>j*67(v6VBJ1t=6nUDjIedeCSZ_bD(mBXA{^9<e
zibF$-BJ4I|9Oa4irA}#aZkiOgRx@sRT@kTXglX;xv40S0s`7VR^Q@9)dQS<>&1#7p
zd_g~kLOB%T!IDvK$BR@6*G5w>sA7BD`~`M9y{;iJcZJE#oiQE!7bZ4yTE=QEmrA+R
zj()15&pr&ZE`+5GGQ%Z#!lTP3LC5#s9=z+_5sc>j?jk%Ct~PTAVw86lA7iJu`>JZV
zhx=t04(9XyLqj9Rt(7!iI74PJj%r=x@17{q3iJKkgK*eMS+@$#q2IO;-r@C;Y1v4M
z+CVLLZBy$7xAuz=Y*`|Wm7&AiqfJ(_I+hOIT$>mBPs7(k5it{5SVMyqruQkH_3|)u
zZPL)eBlc^1$o&C+ND++z;bV-6Y`zt4OeMMD3;9CxJQwvr0u718W#vYq5K_0dO~5UJ
ziAg)+O;XQg(YdY=OQ>?Qfj++a`WT0!$K#EEkI=7d#;f^(!y3x=I#V@?mW^NhXbUN4
zQ6de%-E?@5O**pfgxKD<qW{6Ri`>dJ0P_jZIBqH=e_(BzJMJvG9Q(n6vh(EXbaFnL
zDEw2<{9%LpPM;dlC+LZ8N3iR$l*CQNGgL!OfjP^1cEzf%zzSAjAYcm>6zdS=Xj&(i
z@Jl1>1wLIDJ;88zy!amPeVbm`{;A4FoBh`31A<YHE_r)fRH}?Ss7c;@PNjzZTJI=8
zf!8&m#AFZY1<^EeZXj`opjsm8wg*2z@;jDo{N8Q?Z*8c>7^*yz_GGWLXk}+p8e-ut
z)m}o^j)^%^v1s`;k@)MO@cRv%A37hkTp{Qich@h6Hq(?AO3`sYhlvm3twj9=gy`?n
zIdqA=piNaCcn5^L(;*nJftI;!3gj7Oo04qyaLnbz(Lny;(CEFK*$P_H?D}=mAqGQ=
zr<q(&Wr$CXwq?V%blK`P#G&t2BwF64DB_$xZb}@>X<3v0B$ra6Mp%q`%*elG41x|0
z1cO6oSV00+?Ps}SN-@<^6=h#D`oE#Cnok?FF1D?2=>d=NFGsPNc(<X(olG~!If2p&
zE{6+w;Q)fM?4xUumvmuW15Ia=nBE`n&dMFR-jrpX1GD*ng7GRf9s%<lo7Ag9bNYU7
z_f%vU>ii1@(}4w$^OWXJZ1V<Yc*C*?;ZdS`tA`ET^z_rXYIRgOZfbs;)2|sU!OY=|
zr-AElU(N!trvP`klh1av6pz;Tt<rxu$rWTjzS)%B6FgtaGIBosJML;gQ9Z8cm|o2P
zla?4Qff)6?_GnO>1?ZGwM6L}QjtV_XF6&qIE}$l4(SOx#YW4o5=FP$MGNGeyebJd7
z_U6oe1HxU+;6z%Y<i9?j;lUMKnRYW~Ut*?sD7(;{DMQsD`BGxaU#}`Uc64#HMQb8o
z%n?(84ie&u48ock6qk5+`Z1S8)yW$>wRCig1~Tg%AH1Y2fJ;n4Y#%6%HgrmrIttZp
z{r&1%S%{gQG&H}b<5SR5KE5Ehe(Dsde+Az#7OCuN#T<c~CybXjTz1904_})JZdebt
zvu}Wl&5CKp>+E_80swIPAVFjK)kZJ@VKmQLI27-&(l%{~ybJ28f^WLk9nQW4ay{7-
zISZuY)ly+3?=8-~BvI*yey~C|pUZjOC>F)XxP2&=-+=W=DYr=6%gXH@BSzosI4Efu
zwRlJi;$*ROU#F&No-}HIa7m2T6bf;zksuNvQ5)Dfaph=HtJS=z7q{qE3k2X#O%-jb
zw8;+X${6fKI|9JJJnoi-|DHEOL$^IkGu<4|KRY`3gLFvuhqT%}i-RGyOggN^amERz
z+z+1B)}@yjb*x)$3Ja=)3%>f<hTc-U;ybFe5y#;i?cA!WvU1o2i6;S;$vf==JDEL|
zO`*=8Tb<D-(g$jLmmtf=GL(hu2Sa?UKCcZ>rlr&cX<@H2z%dn6F*i7%>D+=7!KjM4
zo~c(y#9VAR;siMlh$%vRw`Wc)YPHyz1BT(8&>pWt*}q+3IBZXTc|o4H3PZeT$W=wP
zK*L~`1VU`<xmmhLH{-AL6sAcFpU0DOujRnq+w}%Bh2uP#wV@|sn~HKh%bp9HlnU5;
zxy4gXMFXGc50Te$3IYcOBnryP_`cjy&uOvjYL_o1e%zKlMe6#!6^&xJq|V;o`BA(o
zod^}X;<2yMJhMtMnj_KOm&w~QOpX=pSZCosq_*2t?1S&o7@qD@o66aJa`BcR&!sYq
zGG$?FZ7!S`%oCm7r^XvG3Z)5qdc7C>&d1YlTklaZGVZEO8$}n&j^DaXdKOMGu=lPt
zLuMd2H88{;A^uMIE6V(DW!LO+E*qZZcTtR@y#cX1YoHNKzr<J34}s#vpA?m+hj24Z
zh)VM>C>4r>M~TqGvr;-LBgg!pOoF-}HXsUa>bd<<<3?xWvJY~GXskr=v3|LI5yp?n
za9gcQ_}*pPu|jnC7SDB``yC#suZTpWkxx5qF{wzKF4k)hQ__P1;hBayzZugz??ieG
zx5~VWML%#H#p>Nfy3x=HK{5&X*3ey^>|@qN#Uw+34mXcf8CkUk{*%4o8QA0D-QC?c
zE}Fr@PgH%brm8f<ol``T+-hSJyVOV}+u+ra;Fqv^S6M*e;X$UfF?vmRI06((<6Y$P
z2VZokhKE)o7!IVRGjwkN#oW0imVXU@-Z{M~ZaefyL{zz9iG=Gfm(AY7pus*j-aR8m
zY?5HAkz8NHnzpTGNBY_pg{wICCb>pOZ^t5jt9|Y%j77#A>}&JMK9BFowo7OzZ6qEc
zbHvC8MD~1+z`C5rXW<ifj)tCe;bOTWKMo#;;LrdgxQ*)Q;NY0Yo7klvIM*yiXAx~G
zZSnv%!Ypc1Fo9s;Qf9f=&{gv%t|w?;<T@Sh6I0?wKMUsP$Bm}&y4D!|9$f)jBESd;
ze_rlP&4i&aD7oFTHVkfH$nTmhVuY{}5<`H&_t20WaHH&a%`76%Rfmq3SK2fab#Xd?
z3B7U*tRMNYRL8R&${r@~`>^R}`ZPq+Pg_c*ZNA}Q2b!rG{}{-rdBME5En?hL`tM)2
zO&!zmw%t>646W~@o`zW@OnX8d=B7O{t_1r4X=6pwW;q0#MC*Fh=-4%BB;*wrlcXo4
zKf7S|QQuaqeu7A-Znoaj{ZN$z;4SPZBX;sR>;=QjULj3l)4wfiYFZ-AFGA&<*4c@7
zskZz%Mg1uOOw(W+I!P8ffTa19n6Fe!vrA=~*=tG{OXu8HwhOQ@u*uxcpx4j~=d7kt
zyrm|;CXe5)QM`9n*vrt)K_N;bhLm7kvoYLG*`+D+Tj$rf$%JckNo<ssX0>twm`o1t
z*z<xUarib=^IoS3`uIfZS)D7=dH7d*-4n9>!au+L@!P$PyRXC4cDbn<r$%_4$UuO7
zzTQ1NpStymNtZ&VlffxaiI23G2X<Q%b^QRb{uKFOy}0l#unWCg$9AO|?+Z%}K#m}P
zHke-yCOYkI3fQdSsr!WV$-GoL9jYI^$Atd{h^MDbB*c-Y0LiiEy4H^;P0!THEg4JF
z+*MaB>8l&IIR298#rR3w`|HQNj7viB^70z8q_WU|^H`&_=|~VDqc@B=du985Han{{
z;EOYoDPQwI5I?pgOjZ!?C+UvSd)$0?YKmbgNwk~IiKs*0a6Qnz96r1xrf%xm^cbV<
zAkx6;VPKov$}n^8H_SSQfS=233dgbx-Tpc{I-1dR2rh5cufM`h!;YU&nBZH9q56^2
zVIw+1Pz*jdX;M@SX&f!)4C<Asu(uxOS^G&bq5JE7slj6I;4g(6-8oGNQlVhpF(W-K
zWe|zQny@AiG~8M>tjzOfn4_3$r2uST?&w>ZXn@vB-`cj8{fWqw^%kFdWBK&RhsXze
zhp-FIy{EnmafTG>k;-#Yf_*O5xGd<|{#7{og|Zp7A;G~<AzLFcsa2^PKkc2AyAeY_
zuTp}XLrCHqqlH~~y8-tGBs_kX*+p)8=rcWEY<yxXCc#VJY)liM6Kq6U6Biyu6A{W4
zO&P6n)v@=*f1V?Ual`6MPF>?loh+Wg>D5*rVak%_RQWRCDY0R%1PN8{fu9KL<7LZ{
z4wB%Vee7|m&4BsGHfYOd3@o)-doW13fKq@-kH&19U0`m!ZUcAN=i<$tW&%)q&ggr3
zlIUd{>c$_vm>f8T{Eh8gOIW5P`{2Q@zH#qjFg1JpmBucZKc=-G&;uMI-baPq)aj1F
zO%9@>028M{Zqw#Vw-coc_lt)ghHoQmfwGd>tlXr0qxdvK9~@Oj4(n5^wTaGP_w_~4
zJ$3da#fL<J2m5OL>Qu7{=M~sI50~uT9DM4uN3u$ip*JAyZnp4jqvvVs?G|d^8}@Xb
zluQVsqodc+6iuoP%D%Z&(0M-+TtOccLP3CR0sz*~>m9soiHeqKK38SW1tog(9D`RQ
zgIJ|j$&m$#G5F>&$QprSWIc-$UU3k;LgzgmuoO9EEpmP3Z}p&G77yB}F6w>T{dpbu
zo-J2YG%*M=3h-*Wu47Jwl<g^14$kazMxe5xu?dF@8M#gd5Iaah!U-17hNyUO@Q3wc
zolNmjB0T7Xzht1})Q|G+PJ`}H<9jH8wyE2~!ZWS96ai}bG=ltf7Sb1ElR$~Xx(V=X
z^xThEZ`|EZ$SKX({w6|>$-=Gj((s?!x!!fX?X8)cmay;e5npe4Et38nCUP@d-iKLN
zRXV!!4OIoizZO=WpF`O|PTlZXC<$^%;nt)*?gu?Eh6GVSOf#8^|IwoNyZv&7cVUaU
zJY-9g<p-w_b`sU~$yTM}P1l7@SKk?s2-7i4LE85$dfRIzWVgrm<rdq>DWUX2E--^X
zo@*03c<)Ggvx{-9B;y|(!CHFDW%MPCZ#6af%ECE6?U?=piK`@biS0L$oou}}8ptr4
zpV`V?y80LzaQCEILq?9Q!fCg~;OCeDiHO<shgIkKw*@Y*%CW~s{U>1&1LhL;?~j&$
zg-}$vs0L#;^BoT&r<O=gb9s{Zz5zko(a&jFJ(E(L73rfVPCpyH|3g7A2?tQ7Pu8T@
z*}E!M;)D5|_1S4Ab1k#78M3MvobpWtR~0{-=~U@~O5=)1ed`>aGQ%$h1}=tIUgUo{
zn}i!heAKEo7RaS!`g_-ZjKfUmO*N%ZrOr>(7HTkJUO~{w-$sR`J%VHipNk9(v{=Zm
z($qOiGaGky)29VaR_e(gX;kwNYZ#^IQaUE<n8ztFkajx|%W=FFa&b~1c$>RIub5d1
z&Q={KrJbbIB&5}tB-F&G)rg}7X(Cwpa8QKr06Wzzu3{w1kUzp92wC!mZzq7+{6HK+
z7oay00Qy~R`p+2o&+-~i0TJ>?FfhCG4EpW(VVZnSdIKU$GFym=6eN3$(BbpQ=5rBn
zAQ^ZFv<~|QuSY%&_^B@l>+XLf&N9c<y_$r+8q1o*XxAh}dIARmxa!HhCnoeJ$5?3H
zm-Ybk;duB1aO8=0ANwq3GW00pPB2sPC`0iGCiQ{iEiTk^cz)m*sNzF^Nc!?wHSBqq
z7w_4ypu?0p_^$FcV(_a%>PN13{kGwmi(S@z!Qtxx`u{_Xu=rjXsQc=nkE>(A3UK?}
zUriP4@?e&X-$)XAjsCcf-UY%rjYwC9;ZD-95$N0J+ZkHQKg*Mk5KPM~K?Hh=p6I_7
z@=q;vKU37nd2Jw{EtEgV8dtO;2J9xs-JXCN+!yLMNZa?eIeWz9u1klF-vZOnd$DhA
zCfM^%V5NCM6&~<;8S(oz{5Ql!2Rnh;|4WMC;FUnyVrBXPIbc>cFbzki{DyD;3!?1c
zP#0+&4rGYi>Awd-=zw{3xvPsj_QCaO=A1(T=X;z4U_K@*w&99Rpiy2N##Ytn|Brn!
z8~|oX_tDo>(;LHz!FuQ%d)GX&O;!L*e%3akn02_bZ$O3J$-}Q_QtChhvkxebnaMpI
z-=xZGIMaEZa0y=h-%I-Mh2dsc|KBU*wLtM|K%;V_0EE9IaMX+w0Qg^M1_5s5=YED7
z)ZhgW)(rlpc5u%r3jp}v0L%vdzMlv%Lt_>-6CnbW%uj)TjIRS00`uUQoc}#sK7ivl
z?V~?*^iDjB9Cg0V7~TIrWLONrG^=KJT&}-H^g!R5rR&n_staYA7{2T#KKvE!aXKx4
zG~<VJ85<U(+cO6PWt}DdMuZaEicVERn;I20l3E1RQGo|v)Gq{_wt%HfzD>tD5!G;=
zn?#i3D>GkbOiN2kK#e5=U&p9%@GBZ-Yi^KUYseXF(kNot#8N6NV&Rv^)hJqr>a@U}
zA<DN;Wf07V1C?|TxE5G85RnsNjM<U35xAy!<MB_PwjLE5i&G5CpU#A|e@3N0{)()M
zzje_p;%0V&VP^%f=KvTs`ZtdR!(wqAiu{AK1y;lXilK-;xNDvW91i`4$_9cJ0$2d_
z{M;8n+9`47jO+Wb3^#%z*{_2yn%@Mma@8}dzY8m#v?JFi<4{5M%eVQdNMeWR*RWC<
zpegoAF4?TOX;BlWGR)?$0^@dqbEw*W!nP`ji3}NF0C=3=iakjNC0v#j{zOChF`q<u
z@uJJ?N|FFT9*>?XkKnnWMeMNDg%5zGbo(Yi6nk@yK6|%;8EKEuAkt9^go?r93!Tm*
z;D8~8YKihEYsFpKBF?0!2o$9ms`r=^`k*1jHml4qdb3|v6y&b`I%-`W818-c$&C#~
z-4Q5SM5hZzV}m?SAyf9wbhbWavu6oxd(3Yluc0M?$G7*FC=@Z5I(~w9(93`))ee)q
zL*?g|Yx=sQXUJmKlrgECITm>Jd;}fOwwtnd0@A>HkHAw<@~oI_0W&x5zkip5$wi=^
z>cFZS2uJV8y?8Ja-Vxs68EBeM`EK`XXYriWFo~^hVs13Lh#OY!8U@!a9{zIwT<!Cf
zLl=|$`JI|_i+lJzaU2FayvInWrk5B)+*@OG<39f;^6)m)hL1^k^$7|9a9!BMHRTWp
zY4;9bvGU9ARjS^Xm}V)+-Wrv+ntJ$>^kttv0#D&FxGS`PTCI1TtHL@;p^)Dxq3o1H
zwPlXI2MIk1d72Lsp3UCa=`$7LJBdDBQ4Y=Jl~}uZ-1tlELE?_1Amlyg`OSgs_uS$9
zE0+2wY(MQ&(w-8EQ;kpa<tT0-hZjD=Y*#`|doVjo{UA5OaedfSRjjMF4@aG%&Wum}
z0*K>cX5J#0EziOX!@N2_&*iGB=|qg`=A~QN((_JK(Uy5G=)_~N)jN@}E<xdaJPb)+
zf2Pp%&gO7<r*?wpmf_+~fkf{?L5cL0+hIK!)pLMBhxq2zx&#|q{Z9OHyY@7@CvLdu
zl;8!k>5ySpbRD>PmGu(c<h-Z#fk&k8_$4bZYeb*jqw1Mgv`XsPge__yY+N;wSmYEa
z5gI-lY#GY{co1*Kv;+&Vy`?BoB}vA=T-<F74X=8%EFjhs=FdV8#LUdGBuz8i?Lb1l
zKr9X6A5CrR9ZkCq0J%X^73bB1c7Bl01)etWO$l4xzZnX>7^sezg51CU6`W2Z1k>b9
zq956T<rw55jl4c%cLo$H5P1!YHgjvX<q~(n`>!NR(ZGlWWtteh2@TV*R#JoN3gLjB
z_@?fI5aErx!9!M>(jUgQif6t=Ew*a%7q2UlbWdFyy!P2tg3J12SC#$DsW&zUIC~m{
zPbv6J2$*2TWod5Jwp#*JM{;ki5CLxIbA#`NhgMJy=HoPCxZwi{gJDZ4uWL4th2c}w
zH=RbGw2$si3%LfD*nIK8<U(HM%0HimPs<xaTc7AyH5*uV?VVTm6k2AHzIzKU02!zi
ziccV-)-dFDyr2v6D7JQBzU-<nU_J9urLPR~$`ZXzO%>@&6q23ZY8-GKjB9|Baul??
zKZ`!AsU-;SD@5+jLV^1s-`SV_q%5e`3%KDf$B0>S=gakb$nD01Rg~^|#g;^vN9iH;
zC!SHaIAJVZ2(n&^`+8Qde^(opNW?EVkH;w4a$RjLBr08b-bCy9q#2G}(-)v@)dt(_
ze>Hz>cu50bOc^(5-D)AT(#cDg(NDxvXrx3{ewFg+Zp4Z=!dVB*0`x8)rYam>SmZ4w
zM|_l}tjsW`zL?vK7o0a{v$-a&n!XX{+zv*y-0Wk{@u=Dq1D9AQ;y)^2exRt^Q-p-X
zR6$>qx&tHlFW9J*ufRBeF`<HH9MqqY^e3zz^g{#-b)R_qlFqDhyxV}`g&nej0$qI4
z<tHAP?OsP;*D`zSMMPMM1Z49|^=Qs?7taB&K2w|ob_B)!9beC_U(A8M=CORP$Hz!v
zPe2ByT=2<h1N!QZI<3o9O-4k?Yl5(0@{Mpof~|Nv+WFc&StBKHA9ibr2h>Ay@Z3G$
zV(yN?YS$n+hR)9MGsd>bD!!s%h(MiSpYU#f<S%lqg4YYM)e;krg&jA@L0OC3Y)EMV
zzw}L`e@tgC1o8Nbl6@}6DD~GMez?bi#Fhv$Y`{My<<No(n8M4TXl-mftfVcb(8XA;
zEZXrbFVdUfc(6@(WVDuBUhUvO)^oR}-|!uh(Bp3zcr*5o+KrB+(kqM5F6ihf%U5TU
z>h7gzVv`6X7U}+FRCA|9T{L$=NI*0D!F^KGqR9CE7xHxTqA;orlHeEf{D#j+o48l6
z@ZFGm!E6k_M80)D99_&;^*}+|TYB!#s=kf^4>w~rNd8bevTgQylqm3mz&4!^WVTP{
zL;X5AS(SD;$Qd_?HzVU=4S)LNc?1Wny{_X8U%cBBVMr+D|33hqKw!TomwA2A8tw23
zjyKtiDsL1$#*N|ZdvZxvMzkCp<aR<`n)uO^62qvYPld##vp4Je;Y^O=I<OI@rq(#F
zyB|P0)7REDqJ1F2p;Yc|?Ha?VClYn{)m69DKz8uAnMn^14;ecV6{-8L2Ux2SNy_w0
za}{3etvdV%wBGn+RBxbsyeJcN?NF24I$c*^WE-W;xPqTyFQA=C*7b$B8NxDv)sL}S
z+*}+hG4tkaa;~j3uBH~ZHK0Zg$+z5PU$4yUvytXac7n$Jhs<D=6=NB!&Am1w+>uoe
z1G&BpmEZ&0ejf6O4^SgE*{pP#6~5iYR}8`{LaM{GWsvhLZo6+fUO$O~kv7KQ9KHuh
z0lifmvl*>fDN#5j=WbHrV(0({pLhX>!`=edjrTE`(pfuu1iZHT?xL-wt1v<dF;W<U
zC(m#~B!C3eBq}n<AWV`N(q6lT77~IZ6eZ)PF+>zW6h=xMG&i!>)IMWeJ3}Yb!kMWz
zjn+7h2E*Tbz<9Y^#_zMMg5cY>x<sw}-V!@hi(nK)Ck!HuG>zhvYYqFu-mc6WgAaF5
zq{QJ@Nxwlb9i)~~+`kV1Dyu0~B)A>}9f{i5tQFC;@0J@F&;WSZyRiqEa*tgAPhXb@
zoq_}vJQti8t+ie1RyhP~3R*jKrz~fT_In<7S0Y@d)oyRc&G(Fwc!gmW3JMWKKvfk~
zSgJu_0>Tb^zjL=(b?w%7y30XOu=22V+E_N04pMc9EbX;;orQwr=`q(A+lGX@&DJ|`
zRCH#)k#8>L5pZ#Y>gk5pR26k4-cokEjV9P3X8IFCF&@rioW-!z-Rru+$Afv<0?b+#
z9Wl6Vp<3x{LFDPXDJ|;Ms)|(WM}0Kb?A%>dq&_%@Eb=Ia&UNj~@)tMGY<BT?BIYbt
z!l%TdbPOVOBSB^XwR98eG`d#`8gVI)6S}<^8dVlM=Huy?#vVv-cI7%)-N=NrJU9{I
zLNw`s^o?d4ObkJIA`K3N(Z#n>c3N1mv>aXmpoQa_Yo5WwE|aejT2Xg;RaEP<wY=Cb
zYjs?7MSIMF?{?u?*2Pe}_WB5V0AAbMX5VQJ?ugA-bQ*4|y$s6g<(xb3r=I!8S?<>}
zYO0JPkl5gthNRxJZJ$-u7wc*xSzZD$d%2sC>%0S5_Vq=Gf`F<Bib3;OXt%rb&viWP
z_6T!}@D>Rj;26+!5uxVR)bW-Qat9@xv<6yubLh6~W{$g@Us;-1%XQY~4XG_nLOiJ!
zW~1!ZR(K#shn%20dWTg4pQ*NHv8X67DOV#Zjp-aOY<PRaw>@yG@uLQttvP*|yJS0O
z1%*Opu9>3N<R)5spe9(21AWgZ^<WOFN{XIcsDSC>EbNthREI@%y<0Yo)T&ba-?;ET
zdYA}RTQ4pWHs@loS^*%1!+Se%Y#CH_YNS#uZi@_Fc5_215fH0Wv0{fJSPZg`rFEZO
z)s5e}x%~@!Q<!JUY}q$h<$A=tG<M~M)PX`hO3AC)#SLzR_NH-et%RJVwbZ?<pChXv
z7Pe>#R~p{qV)Oy;4<fRyZOMIBuEX|dIMs7)8(Na8n1vRydNJCk4k20W+0S@9pxS0)
z&aJL51|iOdTKTRtOz*E4pnEF@oqEIs4*&*wvWnZ`Lqry^Q6glqtCt$75uOZ>d%&L$
zOxT2#x3+Uc7+KAf{R0z|&BML82xvS!Xu&eBWz%kjF&`{LU|pv2=4*lptz^@9cIn%B
znClw{n+fy225Ji96;-rHY%9QZEY0?XApi@~#z(zZ&xO<o(ObG@j|ZF+y5|FX!uOl!
zzH>a`sUfCFvI4*f0ovF|?C`Uxu+L)|c$yVQ4`%V@m;uh0kLOi<?%{-N6!F2CIi7v@
z!czqiVQgLkQ5Voxb#{v#?7E#U5_}2p9weW5kYw#`dbx>4kGm=Pv^+Cz)gD&m)MMy7
zMD3NDV;oOj(o(*w8qi%IDs~&gae~7z7|#sQsvQyTGp%)XGbd2TcB)voEZNLi(+=&a
zu(=5El44CccIy%bf~snLEGPwEbfD)g8&|jY*ibQ{K{d`|=fYrGHsT#6jq1yrhK*m>
zfp5XbXMXG22@{z5B=8HdbZH$X<KfC6UZkYW*;`<F#5wwinj^G^dV>yu!$)$S?x1<X
z7GFuQxxBI0!c3)goJW$%<<Y*1n^$c6H#UK2jJ=-l$3RgW80*p8^KOSh;lPhs9smop
zLglO*Ua(d7U8#GqjIROjRrq^oLhKwgq$y#*+M#%*?N;q11OoO$id4d~?u@QkCq3I+
zc=)1jx(*q;ZA`xbwh+;h<GM^>>9%xuXsp_I%S;$-6qb(;(iZ0vPV+X!3VU=pP%6b*
zL%dM1s)vCtv$0LwnR+NIs(W`M(%eBKXRUU3Te)3PCh*%~k0anb3Gnxb?N@B8q&qgI
zshc7&NqXyjb&Y!8eRlDydh4dTy?;6)tNrMTulZ3GTcRqzid2<9)`&?ZkRVAX&-eIW
zepypK*>L^5>W5BPgVj+H9a^wrNp>WcwiCbW3^F+Vbo0U4Jh|sRcU-$w9P{3uIo5Uk
zyYn^QO`RvMsg=2TcT3lUmB=x3#)3y!jYnTA8of~~j8teyJbowyQ6p0$+m=N+!XPUb
zw~(l-?VVR>eHVi)h;1-?zN+l2s-QDrS`*FszU%Xh6w<p%5=kX)x<@zJF^>b7w->Xy
zYF)p2{@c(qfD^~!4@V`xh|{GXV06G|b~DSsUoRln-!A)mdN-#PHXzOx7_qbsb7O_%
z)14sCRn!qyCjj$lgDa)m$)1}SWM@yV`|Qleln*RjpIaX_<VO%ZfdC6W_gBr{8^)+n
z#OqSA5S1u(r*`TuB4{edw}#`h5@C{8#g#*>aU*vR3_5pJt&V1_dD#t0AQfrV_a8e;
z-M4sdw*IIIk1qu=xzjmp_*9+{#(6n8O*P_2w3(_|X*IQEp6ja_RPMJPH!}Hqx8A#L
zo2k&dyQ594ymHje=kN%CPk<T-@be<8?^VaZZ%py_VpRlk<cD{4ww<=~G3H&)`xkb{
zjgTVJ;T+f7ujeVj$JI`&yc_YJy6nrCj_H_t&w8tGiLZ4eMBbU#$!1i%vpqELCEO@8
zr^+hEz`c*+J-A}b-fp=2HNb%Kp^mh=#Fayes;bY0SGxMRmnXeFey@Ap_r2*Pl1b*<
z%WK|t(`~}uB=P!BK$Sg5+AF);({{88L0;uN+jYn9wUADbE*Z^17EP25C_+BV11sC0
z9qZ~~B$Xo)B(!`<pv#GQzWcsA`179SEoVEM)kk(?D~Xk%iC6%jLNM>hIZdB8RV5+s
zS@2D_Xfh<CkZ*UV3J0MNgg_WEVuJwy1Fpd{p{`a4OptqqvNEcDQ2O1RM^A23;nZd{
zW&vYz#<9=It=qz0x2EautE)S^bunir33!F<$pwh~J)A(GL=-*40tSWM=ETOtmGe()
zIZCuwPjtJ+(0jzx+Um2wlmM=h_GW?!q1Tl;A?Qf=hk=~!))$v!s4B~#rKwVAtS;Rc
z(5SAvfj%R^j}UwT+z%RgSz?gPm}DJ{cJ*h2o)k4p9d>Vs9s<em1b{4<iH0T?Ga}D&
zl9if4^;>PPsamTw!s#kXuIMR*#xhD^Cvz)ri=t>j5P~GD7_o>Lz!-2v)-c7Hw;x`c
zgLf{06Ldebju8_gduz^{!ltXITBNA<6sV$#s}>>y&gXXsh@M@*26*JqX&uHXRbADZ
zl~+io;dd;a4<7fXg(PT^RaI318`kbKKo_0Uy1pgqdd2`%RekG`?%=pn*gJPk5<jb+
zak)xipzs1nbO=LYLFX%Qq{Ap~Ap{eS<k3)lyki#f;Pgn`Mov42f-aUyrc8UIDUTlR
zSvcu(tauZ<)qbAkx;G0lBKjSB-N4Q9>$|(q_#7JFa<?X8=(@_>CW0mi790YSKsUYC
z;6f8*O=)QYVrQG)WyH{%5)OysjR+rtVh{{u@c}~{^SY}`#Vf^A!`xTw@Iqwg%W>SX
zOB*sQV{nIZq#%Rem#Df$hrn%&f<k&+tD~Xf_i=Y|9w}g@fGK0>bZA2c5e#gCca%AY
z6Y=AO5jHRcU_-!odTcVK<W)y3xVi{6f9MZ*d)O);#`-Lj9nAFh?RC>|<y5%<V)G%l
z0uef96eT!W@CbNHh|y5ROi(nSX%bWnAi$v{s&K&D4oM`EK_xcj7~zf@ZHh?*zc%K5
z^;doI+vRpA)0YNFp#l^rSCB)ap-`s9s~kg0+iOQ{_Ift0x0#K+o7H!_9Jx^?>EI*M
z$@iVQEc$!iiDge-_pe3n_r32%+spTj@E(#jlYV~|Kv;?A#@1(TBh}r)M!vh(l-nPA
zv+s3}4)%{u3BM{)?y7IzsJC-)c*?-}F6HK?*MXJl?_F=h+&<TBw#S?RWPK9l$35QZ
z1aADi-rbQ*F550#04M+>>)aOF#hHA{tY4Q~oU52A+eH;(o;nc#xzz}Jyz`<Qyt|IO
zs)fj_mntfiZ__HOw|4~<N`5?aJ@JDVTYI~&C%j%!=8J=|gt5$Zmg|nWn5~q|%rU6a
z<CJdMR7CicVtbVF>R&w0rkk5{Fe)0+ypjQRypV+3n1_dnRO!VTk<zCVXj6njj3j^w
z_poMt-t%uwy!wy5?cV3*9&ZJB@}9^q%2|wBY_CwH>Z5Lh^M3R6U_u}shMTDflxY@>
zQIx?Hoj~WRnLv6%U8QiY8y!t=ds|mp8>_5MIANp3@3`)^^XJ}Y^7kiqk9gckg9^Ad
z=01NM@_2pgiu6GeV+X@gCF+Q({ZSQLo|v7p*R5tVGHNJdW=RbqK>`y4Gzo|XUw+%#
z^S?at>(7sERC(+7H`sgVKqnQD09BGfL>)#X1c*jLm$qvqwl>!0t#VDE#xkAUnVS?L
z3=6lv=fM2DUd!R>Ui(d?wd~E9@uN&;M;)f7*^D2~*WA>?DhO&@O{AESMvW|KqLMJp
zU!Pk1{b&!<tcZZ1tNcSVUw>Pf@4NF|eY)R$hI!6>@#pV7ynFNSp6Z^(hAEMOhFdEw
zl`WRbWi2eNGPGEXtWygWg@uy?CMyJzQc_ZsmQ`);4S8j@lCiZLXx1$jf;5t&8DfSZ
zf(rpDh{X|`uiQ$nFV5DlCfJmiF(VkL@sKpKlrfZrlPXNbGbE3kno@4XTY38HYTh=r
zirZJl*X>D@Kx`73D>D@)pH`~*-(JepNsT6HNX$V&8uF*#emc*eb))z9;Q6`k{O8DF
z4)>KENg?3ETGM*V02C*h#?@an<+h(}sWP$(F_6qjOXdYDB#4p#Ws+=$6uFZibYVIC
zj8R038xsj>8boX`eA{ZT&yBu!%%d3!0|luhKYxAx{5cQrvz!mP;C=48bMF1}duiwZ
zPo(0asICM7{(=s9d>DRYvLWZ&4(O+QeEwprU@#&If};{FWi*Kp$_st%t@&+VzpLg`
zX^EyrYz!bkVNxVj7AUTu2lu)6``~%z%<w1hRr}91YQ3ekZ))Qur7;RHs>M~p3kXz_
zEdH66PM!A;9&WD|PE6Fr&r%XTyR4YA8H`3UVni}iBw~s}Q)P%+?X6!Pz2=P(LQ;!_
zKd+is`{C6*pV~i<;pcvC{PBLk_n!}Ta$ml95=c>!5F#3as4+Gbfs8M{a-WoA)-CNN
zqs8*qr9`*yZS$FvL{kF{P*j;LQ*9v{2zIus+wt}B_jnXy42uy~F+*S&e}5ma{-yi3
zfM@n|4(uce;K)P|MT)^hX8~qnnT7T52JCT#ysJz{fwb+b=UJ*%ZTqVDz)eV@Qb8pY
zWSU4tX(~vu8yX_o`P*B0^?Uu(>ieWd3l<2)c_cZ1ukY-A&FJgTews=be|g@mJ$LJK
zzW+C`$R`;S@sNyGn8rx;q20|zV{QAZZ`9j<WFByy*+-U1*@=4lJ7XBkDK;&p%v%`&
zWXuthYZ{`9TEt1B+ay|~pju_N)|K~ax96+kiY29_f=J9GN>~FzL6D<Og&Ba?*R84I
zJT_6I+l)Y;@_#Q_Ro(*zP8AJ!1Oc|iMW$<Qz3-)|sEPzkS(sxpF~mO!)>Lr!y;U|h
zwA)<UQLEJauYD65u%(2OnMQ=$6dI~b6l$4F(PnDVM4Cd^#!>Imd3^R~-RT47+CDj%
zn8O&c6%bWN&VoVxw*P$Qvsdx6?d5&XK<>MAd-k7oufINg18jmMiv$t?9|v1`En4f8
zM9lfFCoOKix9;z@9}xJ%b1V<<83>>PFj*p!M6I-IMWoTJ$k|PlEX@*S4Ml1#V->9$
z#Uhk!Y-p6<du^|a?)$$bmePFvt!Rphi&EBI-DdXa!42Jc<Hv+KM}6*i^Wi<_N6#>-
zw~)JLy;uk5+yi}ZG1p%w90!E!z{Cg)GEkygkqIA^ji@{lE>oL<S+UHCyxtJd#2hxd
zvg&5FmlDVs6;zd1sW8iuF+qB$Ha#Gs%_@{AvJ(;mz3JV$*fFN=2Fl&G<~h28Q(}Z9
znxKg?G{rO-Bv7Ojl@TS;q}c?>8Ilv?LNP+YRV4z7AtN0cK8+DnVM-Q>0v2FIHB=gH
zha)IbO(9gGlwhU`rBIkXQbP)(4HBB(j9o;<H<=~F8<>+~UEST}vs5e4iBts@RK*br
zi@=0xpi(9Y0W`N!-p$IGX3=cI!!oQ*$|Pm9R8?rFXi?Bk(q>F35^NStrz(PuQl=<y
z(5BcG3!AY*b<Av?)w<lS!L_6cNF8dxgDQ(*DPmTJG)h2Gnz68qlCk-Xh)7Al@32uC
zU3Py=r|=iwo_TlPY6~@SNtd=!MHEp*6j4PKe2ht*A2mp3_PX;NyWgB<W0REv&QolV
z_DLbcE3WA!mpc)y`)ep@;z{^bjVKpbThRP|glxWE+j%*ky1FzH@+R!EPm)dD%*?SN
zW0p@I9>Di#d;;<If~&W0K`hs`d&8jg@dWmY@^&Y1PtCT#3){YP$?Pz<(QW2w9V)$i
zx61o72z<?S@%0u)RLkDQo(|JF=%1<YT9kd`SDn)Fty?M0KBYu%`<CwB(of#dGo?o+
z?mtNBHIH6rV9d-VE#mCCM3z(T(!#OFCl|h?FFKC0MD97g(rv*?q-);yz3TOQ-uJ!f
zB$7!ZZRPlSxDQC9Nxw2q-Er<Y!iwLIx#s!W9>{ErSQCO3Aqb*UAXtEmWQC(-q(E5)
zJm1ak`1$vdiPu$#@mAMV?oN34v^Zw~#V)K`RTI~{Q&g_)!gG*<_70hH?58w2sxbh;
z!tvgPr@1kfAj!>TYT1iMn^IyJcRcBxJ@<UNysmeA*7%;XT8spUvG<l$WfCZ5?93gU
zq6+h^%MDwK3E(L&1P6%>U$*6qn|-xnq}Z{M%@aU0&%XCt$Ce)YOFX{!)7$T9kWwhI
zVDy2AmnL@5Y$%RhwjhK{8l4*JR^?c>vRQ7*Z(-)xIlzdDgmL-$>abl@<!Y!$<Pw+d
z!Xc2^91dW7Ovs{-#FQ$rB`T{`C4<7_4rQ&_0STdy%v4c|vYYo@Pkirnk9*ALJBA)0
z!pgHLQr3@!E($8|IaCLT6;*yc-FJ1t$8GF6Mj(6cySY_VM<E{Vl}y19Yi>rQkZ3@U
zd*1X!h6#<f+x8N8yV9l|#TYs{p=K+Js}skY-nFdK2O}4Ts)(x2s;b*<g;X?Ztlu2w
zooiaSQ%cP_TUAvJ$s;C}<D%HB4V-no?=H2i>aPG~M}vyZs>NWd2sXCR@Cgadx~-RM
zccrMBt3-QZz*3qW;?&uejWu1})pT^J!SFik$6atQFV#~`N~Z^M@37@xD~VmP$#%!b
z7gAHf#U#i^_A*dZP(0r=W@fd*Cahf}Ou>q&94ejDaiKJds;f~lb=}p^RZ8wxZ*}q4
z9I_9}^;P^UFhx^CDzR5XFd67c165hw=Uv_mW5kN8D5{%>O6S#5Pq8iuv<QIU2iJ=&
zqh4605kvL-GWOpA&KPMm?VZw1-REy`3FTg|B&6^gff^q7s8^Y8d(pQ0blo(d^WJVx
zNZWaS9<Bq@DAI4uTXm(knYo8{_O`fiTe?Iv73#`K4)@#i7JM#pB?!GWYNhQz3>QuP
zM+QCFcFQNIZ`4v&iNhrTQKbG=`}c1p;#&7gpRY)x;+82^mw81M7v{6g-U-gMVry;F
zbZXxnBCiJM#^9lC;`3%=t~}YNeePX#WRg2`oXu$K*IOH#rZ}Q&R_n&5^_Z%7^>MRa
zT;&~jJk(XLlx8K}Tuoiuy=_}*gQCz=Z023ggoM`4alEe_T(wNy-lpxg+g!ym+*1{I
zZCdX~H@0my<29L>o$b;+u{Uj9PWIuwS_nY4SeaEwVfGql3phX+m~6jQw63Kqb#Klw
zip5F>6mh175ZxqEM-oxqDv8?2m?T{=4KVzbDpvKomw|>F*RowI!^~mL*JPAvu`)Q2
zu<pWXJ-azpV1*E{)l?{Z-T=%+V{uSJ!@`zjB7t^|+jR|Clwt_VK?!V2W}v&KrB7I^
z$OTDOY7<St);9#@^9=8X^=~rF%wMrqiZu~!8dZX=jZ~_YMYO3Vh6c`e*M@xl$*ph7
z>z{t-!f(&L=gi*R;6S4YDkNYy4d6fz)-UbNQmUdY8cX8FTgWrObXC&@QzDo9Xj)(k
zB^Q^^m0x-js~Ard(pr|96|7>dTiCXZ-kU>pd$gvk42L|nRkSwHv||IS`CpAj(XwLE
zR8~!mh^;9_79%7Qk*KpWQ%Ox2s#3(IjRjt{ZEwB%{`>lZGE)2E<OR)9Z4JO;KtzYn
zzwh@xn!}g<y!-!r$tC-<%)amK)|T{}WCRdYf(aPN4#?ox;lLm7@2M3<YC(Pt&L;`F
z!waYFu-t3c#{qDcDf3|5o4z)qXvAS#ypv^b5;BXvdf`VTZ^5#*#Rfucp*4sYq|u_Z
zz{Rh>HTV6DrijT<YZx_?Nfi~6#frs^8fMTjl*T4yn3<J~4vH>(@AcWid496&DuP9p
zNQPrsMq+YGNlPPC*(Hjl5R+9REV6{FRaGR5BT~}QSyHv1WCIxpl0pe2KivNxJnt7K
zlAq$<2X1q;@Eha2|98(duO#5X1Z81`k&`PHQHClj+bJ{cgZ+rbsH$3FL1~C(VwFUe
zvn?N+Zg2tP0CE`&AE8=PO3=|XVUpD}jTo4%RM4$4EJ>#}R>MsdrYsJcOI2z(m)SwZ
zRO1br+TOag%B;0t&3r>rXtAtpOtMr)O^q_trL1bwShUMomeiFclWZ(9NeS=x@7(x*
zFZ@rW@l}E-$55!PZK9>Ima5fQe-IA;zwMvH!-jr$`RDI%>(2;hT=(Uk90&)2{$2&P
zlytIMYvW^Y?8bz_lVC##npq?F?)-44BH_zvZen6K@XGJUNp!)G=QfS7MoN0%Y)#`N
z*7Ie%3>vqOyhj+Ax0hDCYrnetmP$<;#AvoLMJb7qlF_8f8pRrt%-9QTlw=}J>e55;
z@ju_cpTJ@Gf9OK>Q^M7vrArbbbDYaUsx3-MD?r*+t5%fh06*TRf8jN<dVc%E{+E2F
z7vt^j0DQxDT|&pZB)lXcWDT$UwyoC;CR}s1&~H^&VXP8n7GlglCGk^&=kEK$a+|A2
z(Q4*x8<rJg3c{LiWZ8A1YFw=bqf13JrnHSlo<F)KVU~?aQDZW*85)yV*)0^xEJmWF
zq}aAK6l)}wHVf5lM?QW2`Kbf`B!l>RTSTm?F%_{|ipy%Mt5sj(LPNjyykC9)x33v{
z%jUf6*RE^lD2MNi+nM8?685a8O%-DP-Q1Iq=Wc`E-M5|A3XH{~#iKz+Ws>~(tMygy
zOsd8)U$f5Cw^gm}Evu~yRD01iEJ=d(q-l(gdP_*&n|9atSKPBxW~G#kfW|2eVyv46
zj8<$}qB3g4l_fHY(HnVM+Rw+F@BBy-^X;K&Nm9VHwuoA*S{j-}iiJ|d!ljW~YNl#|
zrX*yQU`SO}s#>dR6-#Yes=v}mZ2u;F@I?G?G1;sBdP9HkSl(-2sd)jAC&7o&3KXzV
zs_*DR69SGv*%Ke`x-zICV5L&3v_vv3Ln5%mh^19G=H1AMypw@fhZ{{AOo+tA&CoP@
zsx&9=&}oXR6fl@tAhfMUniEwu=-Re7P<4%!v1z4RRuz(X-+WG1|7Ghez!sTgu_P?0
zB(*aUsL^Rmn6YHER8{JLpWpA};C#$~;z%0euG*^=5n9V`<D3D`Kn^Ee`?Y+2y`Mgx
z_qT`DuDkxjvO`2OJj+x5*$5mG2h!k@uGN=N2UT6Q!wiyHAW2H5g3&WjRVJa3S`0E!
zG#}Mp?y^cUIZBm(F-nR~q?T}%W>%*x#WL1%A}&%US0d8Ok)uvYCDT&kp;au<t5<+K
zWBwvB7=y@drLzpH?)DoRg=reGVPa(Q&pc4#jz*JH6_M1?)cJgWYWibsTSn1IqQym~
z($bk3L`K++pp6?TAc(PJuz+|UMGt@JARXQov0SY|R8lLbs)&)PS&6pQRBKgLD{3Q4
zHzXnC{_Z|&Os@aj|F<jy{inM=audX!CX0XW_?RA(R{W{5`Wdjmu@sdcY#RlX3X;TY
z1z8D&6v?pupY_X<DQcOaRtvk1ao*l*#KKXEP0mpcNz(|{%dsRlP>m*0K|xiFiz3Yg
z3P^ezQ}uL7pg4K!g~9upR;Af|HY;koI=R5)xJS*YxpSLV)1g$+8j#j`q8fp{8&ALR
z!HS5f1|le|D=Ca^q^y{VqSTZjLGNw1&-ZHG@i*(b<GYB7%eoc8bCQFOUB`XfR@v|S
z`+v!spX2d|pD?lzm$!G`^80xJljno0O3O>7yIF0zTFGilNSH)K!T$eUD%4C%G>WYk
zz|P7Ou(_;gtP6`25|sr;P+TZ3P*i+uM%@5feytR=mDZK2ZnUPQr@fZO%dBk;v53}-
zN!2&Uu7j#=s@=E8^Fu8eX%@s38Ze^}5D;((AKyFLdTR?aL!V{QiVWL^8yH~d(3!31
z*{#gCH3L-Bq$E)4MGvk;DlR*4ksn$W%BluYKC1Gd6$BXxuQe$N3H4NfKWH_ZK#ofo
zo4K<<<jmGlXqrqEWOTd2>~5k=O<-ngHerb2y>9DserVE!L}@T6imyTu6rC6(s-Z*|
zPC72jvD8bMGF-!3uJygR7=gEW3^2=H!Nv9Do7awzWbb{~-N!xd;y}GsRRE(!23cds
zgd|FW6TrHI!g?rWI-}x!JpuudDS4JmZ^bGR0H>x*8=+{KG;3PZK+8eVxEt1u?aEYD
zlqA=i;oXf-TrUlXPL{UYrh47XneN;uc1?-ys#Y4^9GqHCN*yBI0fafQ6Or5@JiSg7
z?i@Up;N&}kwXM`3c5>lY4H1;dI2hvQ6oFvFDPSA`k{SK8T&E3%zqS4UbaTt{lKW>z
zv!23wkP{|8Z$=1jcda|><J5AZ^PZC>7lX#{9(Ln1aCm#be4at5?s_g}@^uCaYeC7U
zM4en8*zHpQwj}8lxlaxX!(V6E!@@3>4vc+?22r|?5W~b>LAp6RUIS4S&iv@bg+((l
z`9w(`Slu+wo^Rcot}I!dGegfg=PD~Y;|rG1qTu0;F<K6+&3R^|$h~$*S~M|Y#*eI%
zBsqL=vMatZs@@O2`zBLgUjhSth-AiZ4nT{3UTun?nCwQr*nX&eQ$&^@&cz;3`)f5}
zN#&>I7qHzKOgI=v5;UrmF}uZ5R2dnp0F^$6Z&8=Awkmar_t~rJIO-LaAr;mcnDOli
zbP%VB8C^?;Rj5@V)zu687`Xn1<AY--=&Pi^to=UtI?T_TPGEi9y}N4bYUx1zbc$W-
z9yyLa_0*L%dw1RF-6C6ZNMe5Xq&+(BwfJ=*T6nzf84+nWm3teoQQWf%>Uz9{qSj;d
z<$Fd_x;v+0_~*1!5A0%yszEUPOR8t#+i5-kI;xvnFO>85z3QI7d*1iG?^KdT+ikqe
zB+voK{U^QeW&6`rUha;&dtE48S4%NWcJHh`frCq`q@^7PQZQFPw|Mt;*Z@!)wY%K_
z7hpjNBzIiMNvm#yltl5<9T=O0>6E1<OUMSJrb4?{vZT?7W+`jc#m3Z<v~6o$AtzUB
zO=)UXDFVhqvIJrRhG)ZPuDR!h_e-xlIYqh=cS~kfaL$`+3EaAKzzhcTRaiLO7n`Rt
ziokI?4ymkn?GP*&Wc3K?2;u>NR3y4Bz+&m??peN}cUm-XLWC4JA$=ab$O@raG;xm8
z9nTE7mo<{1mfMxKwHuIS!KCb&wO5bSNEz>Y!53Xmac=0|l&$?$(i8(5w++MEA(P?W
zHf)9gJ_HfsNPXGcwFPGB?7(GK?`LTdoMv}0b98IHu7Zgm_!;049ssPaqq(*=(p_^U
zPLjqcmZupvZnC3EWQ?~`Fcwqe#@#~vf#&yaO(fS$(1xI0?YT6QR{=#6qo^6Cz`Qk~
z?*a(ONGdQE5*^~<Hg*Ou8gUumY6h4NXi+o<`hrCQFq-czxE$;ZWT|#yI0hshfiwvG
zyLGKobGGX1nmNs0a)g1<Jb<i>A*0Q!L~CxePMX!NP1WE@qYMP!1Z0rZ!Je0Dh9Wn&
zE>PLVF(C;Knhi(N*!JObC3{=bqJf~%u2sCyh|M=Or!}f<;J~JAQk!!MnUo9xq|0sr
zKmuqC7mqPFBqY!v5YZ^QRaIWin>DP*Gd5(<h>mLI%4j}hp;6FjpfC?mxnU~|5$Gat
zrr5CKP8*x&ayK*)F2rkZ1F;xJXzuc&M~@;t?=(X~>*<nLOf@N~39T-)EniA(m?s8|
zlxI!zcHJ8jrJ_*al!7yJY<gC<vX1!sxo$5ns;Jz0=DpKiI#{KIEUqJahBtU%^11zW
zTy9j-mzLv%-OKlfxqNh~8^?w9Y1Gti0hifZda629JOU^00-;_39{_>y5`hFCufJ+u
z{q~iAIvHd=;OBn#yg)X@SjWK{3~jBYSc&TeFieUzU@;&ho^mvwfM}$dEja^?rwnPP
z#1JtAk+w^aNZ4*R$#Nv5B%+fjG6YKMy+lFs`xkw=Ukc%pmn1NB3~&}WXOKgql3jZ4
z%~ixGo?3eOHt7=i>z?;;HtzepE6dp1e)Ao=c}mCauJw{<z3Cfo-J@^IZvrc#T9V9!
z=xoHKlBcF)az<lgM(<?IwZ!Gukf!jA%1^oHtEwCHj2|anF8XK#ewq}RJ9bo?Go%&v
zU&*z3+APxv_$qCCq8>@7L`dm^N7<iv1m{-BUHA)g#DY3_2{M(<d!7P2C#QgpLJ|SI
z72q98H<63*7hrjV@JJRXwOtQ*3i?Q3F1%6+!S79Q7JhArkv9|du(YA{l29Vh<7`X1
zB;%)4G=&4eV--j^yn&I8H<x!*l0cTANg`y}q^xX`VW+0cHsrfzTy^6-6{S@`NhZ3X
zhr;fwEICzrEr~`P^N<l3RvH-<G(l(~9aU668fPtBr=&@YKxJM9qKZrj4OK5|8Ar+l
zT?d|#1!m8QxnfLJMqMRYQ!<4(AgUy^i7PSI8jxB|q8gxEIaF$m3QUVsBcTtK3$GP~
zWs9%?VnvP6#Y@E#34VTcw8RRUAYipjML@QND#~|s%c2NMsD`drg{iFwP_l)wCzXn4
z5Mo0OUSy3cP!*6A<5>n$N*WL(*{Cj|VGB~~?ZXun21e+Nr$!74rOyP5yOdhXE`XGv
zikQyu1o%AB-Cg$FqdeATr@tUjNiR?Ml0g06TO*_<Au2G^#4s^JLNhT_N-U&KqN=Gx
z5gBt>LRM;-RU~R=zed<UAM0Q9#UH<aZu3lee;dDh!@^Qq-^U2Z{3wCxKMV|INnlS#
z4%nG9CV!lCBWnaDomA725=e<v9G!GKpBI|(s^wuO1S7+2tI;ATA{0jPgF+6=_NVzl
zwYbza%BhNEq*v>Ta$8bWbHT#peB|1u>@qLA8%@}-Vlp&nwPPzy1k$HeTh5x|xW*4(
z$&AApV;IG=B-?4I$%K<s(q@Q_E6Uc_-|zf3)x6v32_BskuqeeSqAJ(;ZG(Tm?yva&
z$MpY2-}|2T?z_ka{P#89&~<erk`v&_LJ<nzf4Br+UC5KKZqq6@DN{08oK~1*eytj;
zWv*>T=-u1-aGaMPn?~V<lNnoS7O{zIn@!EV54=-~^K_GH+Gx9fRBC24n6g;fYfY0$
zsWoLH!$C2!%956$B%U6>>O=R*{}Kd&!}%Ba5mMUFh;+28RZ2xkBCAaw07!p4*Sz~b
z%U`?mzj?1f4R2Y`GWdVqaF7ey*GVmJ#9Fq$zB)^taUwZR<af<Ybk)c&7Tl=XD4>GH
zn=ufOGEsnltiVYP6V<l7u*#ijYIUI0#HEr~X{D)yEBBx^L%q3hIZdq-O4ZiYxYTc8
z+MRW@+;jH3nVDr+C~Ts&HqA{KQKZ%Cs;{r-?k?5+*4o#um*A3jc5GJ4)ru;uWPi^8
zlfHqmyTA8_XGnMb#_u)Gf4MuY?D>G62#N?4L@)Y^s^*DRZy35bgrUjSFjZ4BI4y_j
zX<9LZN6nG7G~d1}hA?c>tyQQREhf9#8<=Gty|y-<8dj6KoY>ujwd-HX`$=OqMA(sx
zsG>H=#%4@dw)M8Pez*7I`>4h+e?Kdf5r2~mkd*4ERV^&a%#^}KB<iSTrj=o(sil;b
ztg5wAs?_Rg+P2$ml@=HI|EJA5pW65S{==K{_wRH=e;@5_rAG~d7M5vIMG{m|TB@mJ
zhb#Gl5m8YPaWgTMnH&5l<_x65V!BUli*VyXqVV0YY(Hh|Xxy-vv6RIzU3cq>oH2sM
zWp)P8V+Zm6;~##HKg=->D$JzIHi*itt+Lv!w%XJC_xG9m%+KEW_j=a#+HZaH?|Z#x
zhv(&ORJPk~ElSeYAf9{pM;OX6Se-YtTZ`tEsQaX}!I1SdEm+BImrnI{mnuI{zaa_I
zNg?~`!1{T%(zeo;!qkykVwgsxnObHER;p1``|+>Nzm@X(ceMUF_kIEWrj%-^qg7EA
zYGU>dKor>h$B*+Lz!VES%nU&oOHKQu$-U$gQc$B4R(MDsq$J<Z$26a7X+&cZ+bykZ
z2`MB=M3Rz85`z4fSNk{k@y}GR+b8Kyrg!_{`BYVPZMMqR${%0_hRs2zUvCk;KQ@-_
z*q$kuL>3yu#l3+K;y@?Uz>oolwwQM<Y--st%1EwrXt{JYj%eL3n362fK-EjKCY?Aa
zmQ5`&Wy%Qcq{KB;Rg}^S2_%w0k9cR`@6n_y>wz(RX*Ic@yDbmrE4CB*=dfT}ks-`f
zwIxHOT+2-bOAF&gVWbx#kr^VwqYkH7Fo{0$>U)k!!VsPk1pD9MpL%Ke_o6=*iELG4
zZA4o}w%b_SRmr`0^V1AG55B$6(~Jy(@0-J<_zEb256G+^mbJAP9q(^9l(!OQj17v7
zuD;ZL)WMy4)8-vxSY08_H6sih2?^jxA3P6YGv-qJ{LRN<cZ|&r=)eS&U#gHIsyGoI
zs!$&UsrXYUPaift<N^js9T`YODx>ufAr#Xn2AOQr6VcByn4X5JGD0Z%no-aoAiY)M
zO6!b|W&3^a7$=^i)MHKe-70A$*0;Swc|f;VO{TENdq`|#BIQqzx%;TG5?K4S)4RUo
z9oLF9hyk`sL@89nDw_lX3}nWl1o`}3!|37oOWx@AeVm@jJW!|J&df2IVp_SDDh#`G
z7EIHZ2x#5d=JK!%lN=ch3AA-+yVmyXuJ+YC*Uyl02aF~pAXZUZ3$&3$s04wtTNosh
zV#E$)S%F0bg32IG6i_h(qA6mL3ky?_awv$TFoaA@J6S3xP9(|+SRzMcg%K!Gb3nP3
z5(bT4;2ZoL-)!#gPqo}&zn|>!=Ac=`n=#eb!?<n$8bBrM2_t=q7D)~5*;Kq+?{U|z
z)LwB_n5kw&%wqrni^+Y8uCw0>-0~}wa{GDn(u64l4dfNT8ue`0s3ivPT*EIoY+!Ts
z;(RaDi6(o_nn;pa_q(Utp@|TggAv(^_-Cc`5~X13RoXL#OWF*cXWTwdvlEGUdA0y_
zwp>JgQgl>qTf51TC0}p7wa>QUCoNYD;=F6T{qZq%Z2Qz^qul%}pSMk1^?KOmA@K%u
z-W=SV*&M2+t6KQpliuB4k~@!P?4I|#-j9UcZ@bx#+rG}Xn3f(18})kyikfv#dun&L
zA$}QlOZS}jz3abw-uJ!ld(|Y3B}&rGxiKW9M5y1cdPv%sS60>O=d~nErLXFxRabv~
zR0tpu;q2u_*n=awKX&dn2-BB0dWUVEx*5>Bp*%h1ZV(N(VV$lRE`mDD8#Mdcw(OG#
zn59C^Aqymx>h9H;ELz~x0InC?NH8Ga#);OoM4sI(y4wX*aqSy!s#Lp*beX%Wfq+<+
zdgcux0qVnhU@_sQDzV*_S4hOb+lQKisBt%{>PvZ8-+R0QC<W!@0q}El^is8oq*XJo
z0vI2d5MDSA@>!NURe`&F!(bdC7D0qb7$Xm7S0$_Rs;^5_#lnImMK;yk3TPSTt+e8^
zKs>N&Sk$pg8}JXk>c2HAZHF@}aG+<L71lJ!(+<s;V1N>2!vsRgQXZKM>Y`|dNM<eq
zWHPIYcWZVU+MO>J<0yv1WZc^9(2P|r-wT<*hWNXcaFNAL>wL!IXy*z|iIQ(zwwGMY
zxtz;w#Z_P{Il|2<Xw;WWNQgML9L1po69PCtM|Y~UziMrG>0qx_Z~<}M-QC;(9o^l)
z2i4bibi1jkRqCmFnrWuG?(UUUS9NvW-72cD<IN|>-Vqpt)#|t@Q{j|Hk8s3mqPVzX
z5{2dQ-OYI0gaH#LbvGYy!H7gb<%mX9@;qEh2zrZ2Fc2U_N&zBkyuSO*=gn;ARO^2&
zkHi*4<-0xU9mlsfB=^1D3eT@Qygh33&A0DB1$N6L-Rr-380VvDcyu1eoDJ@RqDqok
z=#erKWN+6!Bq;~Fyr>7`k<PB$RgrjL?8<|*`mVa6zeGXub$8?55V8#Eyg7;C_qWK#
zIe47gr;8R*8qI@HND!i;H0m0v5ibH9iv|KcUv0~XyE4a;=yYnEO#_sc+04ww-;Fdt
zVYgD<o+3;(%t-hTQ6BfSjP}V1&M3Gc;k|mg>o@|=Z+gwQn%m@juJsDbZ3IIoZVS6L
z2qc2-W!>zp$&&DlcdZK*WHS=GG*wWiX+*t80$UN%{C3rCW>ONyY!=XKWDe8Y4KS59
zj2@~Gbz#Hfg7-S_Rgl<Ndvm645*`@dDpf>Kf(Il7NUn}XZjc;iX<?9{j7LMx$O~0k
z!ia5A!xj?VqHw)ZkdHHIQaO(dNIOEtt9nICG+|{B^;o(Eim7BrimeO92q)7v+@(Q>
ziEg~KD8dLU5Ku^!Xk%};Jxa#kORnUJs+6{o_-L?ieo8tYCv*e*n8TE4kSJ&imC$4d
zWXw0CM^<%UtE-{3!)PTEK-Hnfx|h{Nl{S^orG_iX_s~}F-rP+3ZO3DWb#Hc#E~O6x
zLvE_VLWIdGxZ71)FK~mB^rPFow!8w&y$JYv5LQ^o+Kpqu+qmk6X(mpf;FB*XFR}W+
zuZGoCM3Giuhe=eFD@xV1wp(RmZEDo>*YBCFVc$NtpO)*$PkHFy4>wKIynOecBqyQ@
zpdt#k01O)?U<{VQs)KC?)(xp85m7&1UOCArQ--E#EYwHl+$e5x;}j%fxm*p6QLJ*M
z#DOUw6Q!94RDV7GV`CyD_!plf(M*A2L<SN`{X+8Qiw?_M>eX-8>;MQKUmu&<m(Fq;
znZ*>U!#YW6RH{b)|IfX{&VN3f=goAMp9wSwgoq?X5=2llzoj$OkhIZK-p4(+3L2MA
zldh@B8)Y<9nv>_RSiR-j=8VPXd);os>m#$R+q+bJgb$ui567i8l_*+LjT(g&gGJC~
z7S2jps3EFXX0(o=oif!zl?JM%S!k$KkVzzw@K8P(>xg-j6+p+zZ|K&)o$UAfx8IzX
z&&K&IlA&8_t+A!GWo!~r8pKkvjVHmdaetZKEo6~s!u0Zm-i*N|k|68py=#4d2LB(h
z{VG4>GZTbSW}#;y(AcCwNTK{w`E=*w<G`PPH}oLBr)K>&aLOJ|{Q<%#e}-0>b3)VX
z9HKL1B>VmMg#?>5awZ>Wbksh44QF?wMC_TqA9iGe50D6ZKYo2ZKcd@8f;5F{hdL`R
zT4hC~Wko5KTG>)Iu_~{w=>7fupTmCe`I)|O;m<z$Z@xks1L6DfixOh3vRhV_R@k<s
z)QSkXVF}48jN(t;SRI;zNhOEjH{_5rzfk$rEf|q)r5h1O*=<#p)v3$o`S-m2-%rfb
zvwHXS_4k~;JMq1*!|Z}Z6d;JAh#`<nZ|#4C3YL+fFTm%qWs@8(xbB+nIkG7m7^t(3
z_ZcfD5$Q<|GD)xxl#_9W;D_@B{Lv?*fO+13L^JG*5q<>(wXm@X1(cc<$jS(*QmWF_
zs#Q{2N@glpW&ZvBpRepL{VAtLpMP@GLhBEk{+lpQ=(buV8D_H;E|$?LShB=dn%ZQB
ze?wIJzGU8*2ZWeV%1V3OlHUkG`R|SNko3v?9k!|hs*40li%*D1q9^Yzz!2es_`iGb
z?(@qFFEf^zr;nsh%Oal=l%YoGGbjSWr1ne)MU(p}zkhz-=7=WCBz9!Fu)YL`@$UX{
z{Lmu|4u=a4nNg*hV#{S|qhE7(JpS9y3Vr*&bKm2~=n_K}Wo(wgt&+8Vw@-<2-OanJ
zw`a3#RYhp9QDO`pann^wD6VcoT;gb9u5gV(C11Vy*WP~a>vNmGI=4F0?L9pMwELa2
z3n}PpUHj|ua|i5Ik~L~tn5j}>$mIS%x9{Lune*zuuU_YO?#yMtc(1?!@MpyP-uJv|
zY?h?e1y#4}e4cjXNy#QE^adB5wj{w0%Yi^rxllx!#>UzUMJ0$7P>Kq8Cp8NL_>34s
z)AKOMRxx_d6KyY<Em>0-Cu+Yr^UL4fK~AWM;(maSRS818-B3QNGK3BnUIB7pvt}W!
z*@lviIH@qo*LpRgY;NgI&0}taHMF`yx*h9gwI~}&i1hP<cz91XNMy$R(uI;kRZ&!Q
zg(4tzUav5fN+wlMg$U1qYtb(wP%knK?NQq}=uGzq%}2Y$i}HQr?{8a<?vn1-j@dPr
z7&>!qmKbAku2vd34su5vj}y{2Q292zcnFp$Q=v%5O*)}HMw%4jEGF3Vgs_-oL@0&{
z1w@5a0qQIzQKkZ_bydXIbM$-A;XHe`I8vn_V%V4|#Og(>Eei!8Weu}oAzfh{K*K|)
z1XGoel~9BbgDg>I2G){_Yy_w^wx7o5@BQ9xc6t40JN<jZ{7KDB9c2dK{Q&R}5ZAtJ
zkoTK6-(e@LP#~%)BB-#JcJH0d;pp_%6lX2)AV4bsGbA%4%#l`Q6EGGw)f86MWU-`8
zGS;+DfbijqZ}Ya7PggX0u+$I8h7XRt?aQ18N+h6D`C@D~G+D?&KR&Bh_A1FW{K}^V
zbi8DJF<PT_^9!tVcKd7DOFRPrN>HnENjL1lnSFP6ee-`r8;Gl^3>`uH;w$dLc9<uT
z;7BA~$Apr7PbQ!cr$a#N);cCDt52xVp-j|YF5a;FlC7JT0JmZNPcYf+&mWju()8Vx
z;Q;ZGj|SK@=KHAM2i~l+?^x@4Dq?hVO)mQGw;^U(KS~;vnn*fQJCzN)PYMf-5{`}+
z*UI;>_i<ih(cnyT`zMWa@T<anv@qULtR~Lob>kbe-F^i7I(kKBuCa>5IF>?7jaj;#
zl>ND#Jvc~_U>t-#=EDFkzAflIzHg3OgF?{_^6=oSy_+RA);-pgZ7h?!UzkVDE`9Gg
zwmTTbAl01si(921MxO0A-QAgXF6&1De30O*`+c$zxZif?7<B0RP~uhPo;GeP1itM-
z!h1Wt-I-TvsGg*qH-&)PyAieN?|avN_r33X-uJyEk+$t)YBtMBB%QbH$?ti@M#_Q{
z<*D1=XjXGf1G`U^?PYk==1c53l{;$eaPSm8WPv~c2X_!C8y(N1B+ynoW$m*lKZ(4z
zb(E6%^6Og>a|#C9yVe`F=<jXeJ`xD<0Dwo2yg=|fjYa7;5k9(dPZ@GqUG3wNEx%yR
zSwMPb`Hu{{O6Nfxa<U?(_`(hYv6={Y*0ANRs;n1&oR}bu2w-6WVU8DqgUjWttIjkg
z?)Km!?4_pgOImq74=iEs*<^{Nb_qV+`=t@B&fLW^x<M|ot%2(R4L+%SZC=%PAsaXs
zT1}P){nxthy*vgXqJ@I6JPvrf0ef^P9|$XOOQCcRm!Len3OEmI4sl+)^XJE}7#U)*
z44F(!#?4XihGCKhdE0KuH%D@8MnP9G9^A_1)9#k%3^@%eBDn}*ykA5%cqI-<94RnE
zA$6|fa}7c`y9sq|v^5fnsS#Jf6Ch!Omvzj6spf}9jS1+H5Xv;bg()Tp!88Z2V|iWg
zHs}|s%cUfeQc1O<9vH^scz`XqQQHqJAFZt<O=)m0v|8Vp?wr=ORaIiBfIcqct+v<4
z9zEU80f)3nDk6q|O7M!kO<84SRaAwk_<8*E-N;>acP&)@O+QscpIyP(9C&uUHR!02
zwwEs&)?u?)vJP_`%t{>S{5U>)@>`?do&N^0*Ha(6en2{k3)@Jxi(1h=#gag8<{SyM
z#DQH19AWqh9udkhDN(0VBFRL>Mo|znf)p63RU2}us7k7;k+A60RNV<is)|X*TBDk;
zK3PcO$97e1RE0mIIL8YRP$Gi%1?)6C>?-*TJ=~mSrIL4R^nhkpps!>LzzeX6_ouiA
z6%O|czj>tn=-YL@eY@-M?|71I=e$WEcN-MiUc%p`oZp<x4X|f@dr9b(H{mnkNs=-K
z2%y8QS}DA}ng($m;M!f%B8Fn$Ui{7-;MXk{cw4KO`-<ebj|SX}(6nJNgA6F;5aOcD
zPlk9uC>vNv_pMbz$Oxtyx{OjGv@C*DHOtb0LXVbf6;hZx6BX|i0uGX@(M#sEYkSGJ
zE@yh*j9t6SSZy&nn>Xe>zGyQGH*Xp!u7<3OyFl|GQSj5_brHzrrW32o%fi8zl%`c(
zjJNgOZYeICXemvT64wfmd*1hk-QhP4%)lwtHXE$BLU~ev_)}R9Ge(8UhU%%6OkG40
zX;f_Eh&651O7d4!tHQBWB}?8)gvnMe^T1W#y%&H?EO3V-5a)<SC{oD<dZG1R8E9vc
zQH04j2^ek#L5m1njEYrBvqVKs{0=)F57ja;JVjvevpfQArDe$)v;<ZdpoeZ7O7DhY
zb34J`F8V^|o?iSi6OunoB9s#*T@Z{Gp(bE05{x;m5V&NfX>!u76-!l9SV~z|p<IkH
zRZ|lMhjyQR`~5y>_<7!)_dI<(J-WXSRY8yhcK)y1I|?pR(4v)?s+J+LB`hT2l@^tv
z`L(3ZP)8zZBPb{PlW#WutX*gM;~&@U;4t4v5c*g5zYnXrH5iuGT9%eAElM=BYb{l$
zzdrwO`@)aUy3aoQ-FMD&PXhFoefmgA?LS*ZiB{ViRXe{c%V4mUppXd)WFQJGB4;c{
zPkcXQ+$YLbRtNDrN5VpM_CxFR5%ok%Ew&bdB~@xtmA2Z^jkc9@-5-CwGxx|CdU@Y9
z^ZPh=yZM9XIp+S5fPOz4D64HMqutzGPI}%I6^b>DLS-b=MMYvXS(=$;y}tKvyBY^4
z%f@04B>R)_Pe>ED@7X;1G({GSsSbu&Mj}R5CjNh?_prY%vi|wXcpLZS4}l>*&sUX7
zs<m%-8PA=!kkOF^6KJH8At2CWMkI&|3Lt|K7&VQkwHtBwA>@|8zt`u=RM3$U9U%kk
z*q%?ce@OpWl2ld5vqL#Dxss%cpmmUGr5aI1S|>Fkw$)WzOKrBIj_3Eiem?%df0q6C
zn%JA{n?4AMC)g_?`mF+%*sY+dsw|L=D&ZBVmi|qY@yg|LOGbq7RPNZQfMzzn=JU+G
zbyQnl*De~gxD|J3upq^uSc?{i0KvULaVQP}3KVxQR@_|*6bV`=?oup3DK5c-l>Tns
z@BPj_-#zz?d(I#Cj&bMMd)c0Qjf^$dPG;7c`*|Xc&HsvcBVD4_J2H+ts8-;AuJCW-
zEu2-`BH~=|hDvxd>YU!G@=Po~PTlYQ?RctP6op>C3CHoheaU&au$Y=X9=wC!jJU@H
zdw|SV*Gnj4*E>yrV+){|xQ}z{6!q(m(_H9GJaZirYDnu^U(K8D6Eu!RVxdBJy3llW
z0DQv(MMPxD+I{$Kt2w!(b=;C2rlUzq7O#6;T7qq-=Xk7cLT6I#rDxyIAK}+HM%Or4
z*<p>u;f)Pw=<uf0zIb{<-bl{|IDTv>c=<}Q_sG%$<^XS>-<Mu_dUi`XPx@R~6QoMT
z^@QC!$L%?I<LG$a`fVszP<Z%KdIC}5`P!&9lRrus@E*BYbHSx#{IyaDEIc#U1gR#a
z`RIF&+`kKY5_`J(z5Hda=I;Y$s{G?e$FI$0#a!}TEt_t8bw<3-ieKlxPCDY|;Irsk
zK$rfCUHv*ewwUBCZ5)YZlp;Av)mr`g^l^^rE-O~)<pq(gJ|49~jJB6v-^>yVEjtP)
z$RS&ic9Fc68v=@#SA=lZAg_=|TH(`O&)?lmAj{jYs(SPE{{Ep3sUaWNAL1DlRRhU$
z#?A?frk+tQhG$`&H~zzDNF5b*Kz@L^fBo8R{A1KP(ez~;3h>LOFx*j=f;*z1BDiuR
z$QtsuyNBtcRCl0`GCAqjE*zYI!TE8H0mi_+q>F;UwGN5tiUAcFIW!z5K``dyk&{lA
zsdtJRUlUbgP9=kAbozl76PlC}4{b2IwyI`7V<^%GX-1%YVbJL-et|Tw(!f&{-;N9?
zjU=$@1;{72WAKp3lThra&BKATWe`w682Da9oi_fn0ZUs|Eq9$|t;R}MhJXv4N+@8i
zGEbZNF)2u_>H2QpvPa^qKBFlTSxb0gFDCHK6r3or0Y4C6KfBZ~T`6&J7mbuqx2e}P
z#Lt|h3Ye|THhwESPlMg*vvr1GKNK>)Q5o!Jfk!lQ*m4L(Rx0D`*t1hH*ORN`qT!q*
zWQ2Q`+c$P#+IzQz`xyHivF6$@`$FhUeG=#ejUYUvMnE1)9TcEI{a=j=!A~nP!6kc5
zYs`jke!AGp^od74PlkT??{PNY^m9jc6Is4Ty6sX(ja65;Obtc3K3xQ|ThltO^5vM!
z$jW)#5Rwa<Qy~IGmt#17tlkZ&m8`@YSS$sNKR0eyAFXFiX^5IW0*6)7jqiyeng~y`
zJMtU2$joJQ-r#lh4|WN{N(3VqrzrW)SBuWL)KYaMde#iqZ9y$t-zkWU@yQt8WiVVw
z`ls(+8H7BzT%VbV@cFZq?E9?2is0Md#5T^ZQrg9At|NdgqZFnp8ybH$htI7GXRW#_
z^P6rv!|breml1SdL62Ax^FIC@|HTpPUIP|buaE(WcC1U)a?LuC&r=*MosxWWjvj&e
zDa^`6)P4Dn8(n9}eYaP+Lokp7VY1`tOqq^*spESB{zsUBKAH%pqh<qZy9$IwUZPXh
zJU{*++Ak>I(COQ+L!AWe`a1|tY|%L6=#x@G+OVf`1$#9G<r|wRs}1~9MdJ?RjyTh{
zp~SCJOx@2yF#A=DtJ>`?yxrH>3_?8e%S3vR6364wlGlO+i5R5mIeXr3vktk@xFIt`
z*B>pWoofV_<lAcH^`&k$&AZMMcL-|ZM>A~2zt)=AEziK5VMg-ynajotT@KEe7F>H9
z=4EpYvIg~1ZDue6Xl7Y^+i{MgJ@_#rLX_s+Fb<0}Mk4-a5}X%<(a))LeSYGwxf}L{
zdi-UIqKh1u0@(l~Da>(0*y#vZfZv+M71nTK^1|MA!NerrIWxVI^9YSs-NJYlP~({i
zQAab6a4%gmh7$&4i?pp6(6eiPb~Si5P)$9&T)hG+MuDvM)t^>9@A*3|0(V-IIv#Ct
zKRAS6Cwz0ODZR*<WFQaeNj3{ff=LgTL#2JUcM#CodC1wthJ@$(6!X(Bm8{l#);DLO
zAcb<u$9ZdqNZ9!Xk{nYCnk~dtV(5B^m$B&GtDVPPz?<_hB5;cA`mCW=_g?MO@Y>r7
zwfT7)uglH6muhvUi>?D_`K4>o#foplPl<QmZD#W2-{ey*d%|Hy#tRR5{VIm~NnAd>
z_3Pszna@NLsf{^lEE2>I4C)a6k+pl*PS}YpXwKlA#oU?Pjmcvuy?W=M9N?tfHJq6z
z6hm}AF-s0V5g6i`NfIlyJD`Hzf_)|ExbDNjfOG6h{mUGzDa6)_;!8W=0=5{Bycs$1
z`;}u$4wxg8J73b&HL3{sY&@FUxwzQvU$-xmWv%Dl@{SoT+Y&9tyM^6WAUSvPw`fl5
zbBA2Gow(gaCxO^6Sy}Yd=mH(>*bkA(=_Gj?ORMVkL~lQ;g4jd|u&lD8KnIQAXIZNt
z%FBp{zkVN~%hSO(B}uQp_$~86<#gLXY|zCkw3_Et)zwN7f3>a!;_(yOcI#Tl4e><k
zVtAWm+g1mRfoqV80_Vs2maDoyRa8%ZRRDr+%_@Zdlu~Nl$o$p&Tll?gQIapZLbb9a
zoVG08@_t{w<L|B1>z1y=tI7N+r@<`}X8YnNZPP`F9GCWA^r!~_9vuz(kdn1}`Se)r
z)4M^*{)hJ^FGf^ee{6@_MUo`T98f!yRSxUS(w4SJIApumWsj3Dki}1=^JVIT$jBWl
zYXs9!p24ctY0&<p1@fU!dVjj7^ajJO0eYOa=DYWo?AfAC>hp`YPq$beD-JIDoQwP#
z+|6pZ_<{nDaKU5$eG`L(=18tGH6<=#G6$Wr;xli~0S7KonjDK-@3^zo0+04drS_M(
zQlVFAe>gv~KP6TgFbgOMrI;9_;CSjP3wljXfcFj7%)Y_4do2a46Jn&@{{&rK2mj<z
z{aQmxnc>F5tUHQDhD-COQnF=_#3nQO8jmWKWVvN~nkncng`P`hSY`=tU8_U76^TkQ
z1&tLqqT>ns$&h$Y>2XQlU-sa&+>`BN^Fw<p+HwI}#rI<)UgH_Ic0^P^3SRO|yi(cV
zHQGqkh{f4_b1R1=Ram$CnqWO-1!C)pilP-%0JJl#obaD~{HC5ryvlgezFniYSDydZ
z`@@)jb&wWGAdH!58S#k4USvlS&Y;1jH#e?t96?8cUFWj*Pw(cy%7yg8RUXoK^VVDJ
z_6yQN?C=&l^4WEVa`U47eEsP9FGLVal+T{9V`Q)IGM#9He#$`qOg*B&3u%5u6W<@7
zo{FhbI6#9%8ZWCy3Whu(n94r}Esqw=`|eBe{k=c;Z#S8cy1v?<VGa(x1#y$;8Cs5V
z!M@J6rDl}z_H?>UIQo8GA5&+5-!P^?1NZA5|GXB!`L1A13nqGcg#P{OW|9B*@7l`Y
z^eKY43mI?^56F8^X*sVUS5Pn-EvV7eSM0ts$$u>j9osxa%c^lf?Tfht{cUSS!FCA`
z>lM*Z*I<&9KK=cNL*m2c#q>1F7lZ4-k8}QB1s8|}hhsc6ky3J|C|IAouo;ali+3JD
zp1Q%lF7F?D;SI_&OSObzAV##PReoO|ftW#IvG}B6vFz>Bk`2Ah7b1BG(WmK+J=i03
zvow{dawOicDFC3%jYU!1%$XwK2)RJ4HQz&!E-&Cpwtk_fU@FG6@hg+P+=i~Q$y`t4
zrEvHqwxX|?JA>d^-vFDoYqdQ3HETr`^CEx0hD71ur9DlKkO`dIC6;xmCR^QlVhLG7
z=zKzX@q@7|?%NrC%7u^IVh}O}qK+liP15id!tp7T^yn&HAy*?gWYVR>*Ij9?g1_=$
z#Y4#H>!NoVi5jV%UQ!hY8;XBcF?oTF3Ow&1OHP&xkxK{m9TpRcVq9zY;vSj18nEOJ
z0&+I^>Mt|!;@4mjgc6qVohzZ8>LHQuc$OMPb8?$$y+B4txY(xg7km{+x>cbrwJw@s
z2(UPEIKpZaUG=BuD{f;>2LlmxkqR;uNeHk`!Vb;74b0kVq$j5)Upun!btqi!=kRy3
zI82HNTk5g3r(+C=yZ@`)zrBU4re*=2WnTdcmCK!f<TIazoYRm1h)pgq0KeXLKkIdK
za>KuM4Ls6*WH+RkWvK7FMQ1&4p#2dw1zxY4rxPV6+&43%3oXj>Kp?&q_OR#&`gaN?
zh2*2XF3nzlX|?z4!_~#53f9&$qe&Bax6mRfwR};7udzbXj*l<K0u=9%9qP0yI%lCe
z&2=x<mWOY4U`*KbcVHT|DVOGJqnG^FI8bg4ebObT4fysJ+2G`v&#yz~r2bKW5&Uvu
zeayr$3%W7rDgMyDo;)9)O7Gt6QLLm?tf?UR>mkF#*sd>`RsYP+qbi|2%>4I!62^OR
zh8Xq%bg7OVD_0uMc{O+VoPqC6g!^w({(QO-|A!yc@86Joa^JogDGAs+e!ql528}TD
z`F$G9o%;DhX{v5l>o7WZ6Likp*Hy-Vt|{x{n}PL_fj<pNDTuF>q-w3Ju)ss}OvFr~
zYNy&KwPD3bKln!p<*o!J-}-HZ{z~Cn3a*p$;nB|CuAcwCiww_MHT~Q|oA5QW^lNSl
z8Th7sBGx`(2J7H(u<(#sdE5-1YhdL>cw1o?QEpeIcQj?Y5sLzhJ@Nt-CsYCx8duCN
z=`yx>TBdv#aP?p&-Lm6J`Q++p)EL<4vcQSCKOGT!w>l0M0+pQtJ???zU1mPAcgGn}
zsl!B}a@zr%sZJG7$OPyHY~^=~laCpNEp9lYNb^ah9b<Tp_C{<xu63#S>j_ZTU7wWL
z)ps#1K;xypT}LiNspgQ4*9j=sxq;cUF46$qwek3A53YPHnSPnGb0Tf??)d;S3RXaR
z33er--YqGILHT?TH0KGB@MyGkh?Bzh!!t{K-1m)b=5MlT9<ya=rLDDZqWj1c{=#Q~
zr7*-jwnI6ZRKNw()-+SLpLS#r_}M#fa(mCHELV+ppZ2s>hU#-`$6@H%OO{!HLWoWc
zYdtrHwZAB#DrJ5FfkbW0T%_3V>t)y5lcx>O{efO-X@oM<b2iYb{%T`NLfDAYULHZ;
zC!$vvu9#B9A)Lv{I#{H#-<jDkr?W`jlE>n{a2Z9VtSaICA0oa8T%X~}cRb?`Tb}EQ
zuUW?t82C=fL!uOGhLo3)_Ub}mvvg{aslL!V57X=HM#4G_pP|-kV%onTyf<TzFloB-
zKhN0U!Hi@R(SQ>UGX7L7P8I&TpuLWl?<13q-$tf+*0&3JL<vBS@P0sU^@KDKa#xt2
zoQCec`wj-QRc`)tBkM$zBzZlzgHBeI_0tOmbp*ZbIU_%&G~nzGe+^7p9}N~xW5G#g
zAPFW3pW&Dwvx;)e-4hK|y4<QCs8$@qs+ttpws~e{TpAalQ$xC2$;lJ8Zo?cz^Af@Y
z*ivRwZpLsaNb3tL36A0B9u3Hf*Q?a=qNj&c`LMFb3kP8Z(BKl7^-KSJ;zRP;FLeY?
zNCi(**Fw<1m`Vg>I@*28DZoKyGF(8I%8T!$D4Yj4xpJplu!z&Hw~jB04Xfs?S9)&2
z5+|iumX+fZ$BfNiD_z}mOsxT0e?fWVX~XpN*yBLRs&X88jt2ZGIQUBV(X}J{SI~XV
zq?HVc(jXZur^2I{!K08ms@hD59j3@-#L5aX*qu~ilM89G8RCkz)>q;mb=yfPvuJ>~
zRbJss@{fEJ47|7bMaK#*=p3{cI|xh{A}uYAM+3Sw$UOCo**_s4y8{B3W!&bs<m6B0
zO2MSq_;_D_1zyy^O~x;Um;9Jp?T7V<gPztdHHU2UK|JK779U@GKZ@J;wrnAZu4U{u
zi<qBZh_iwe{)U3M1fdU)$jgHdwwct;?jrWqIYn)cR@(zw1-S9DA;lrzb$I1S0dk6^
zz<B%WYIIg$n#_Iy{Pp^MH(dYX_9U{`?C7zVw`N_5i$+=Xx!7T7n~%-siouEdTb~JO
zxkgL=?UNbN0&=jPEGZWGe#Pk(a*F=SxBJAM_;c%HZ}4=i0J%3RWCXB%1r{s_S!!0X
z3~Kr1lqnfi@R61xhB~$pV#r#nfLe~ozur9a&p8V|+z)dl{mB@$iq{WTkPUxq-XX?j
zN|u<|#Z50i&$;cP1zWNXv&M&U@16Z)?skjVc->L~cgk{`hHhZ)^oBozisNI%MlGHH
z^&N9J?TgF~ZfLw#;dEes!Ag!BEm)gs(ej$^gIDkO@rQKRW6jhZqmPCUl|SnBuTXQL
zahOcSPMETXuIJkCIPmw95Tk8eLH>+%6UMaI%6$rjH7n~N^vZT~Lh|BqKgTE4Kc6Xn
zVvxo-%@l7P1@+I-t>G^;c{NQ#=;l62Dl6;iT$EEO$zNm!^%Z4oyV!&xg4$P)vyuM9
zy0gyrTwY(jb648<?6#-{?PeOulXa*Fx7jyx2>Ifd5`cq36lg+vi^Jt-4xV1axs!HC
zkMg>V=NhYS9;_T3ursP+WNyICa@Lvo@8a=Fz2I<KqA%zN%2qnXdV_2M!nowPK?YLz
z>%d3|7L)moWO2_)KrK<_FSb#b|2DC&&+>%r<HSmiya|^gO)kjR(>H*J%n^ad+~Sgy
zx+Ew2jKah)4kQ;nfwvF_)RhHsW}pwI7?R@HuD&T|HUL)}&KV7-J;#i27*LmEE5`>_
zSqpj<5P33i6^QNmvM`Cj-e>QxUY}Q2M2YR#-KToa_jKm-ujJ<^rt8YSLEC<NA9Qi%
zWs_*eGtyTO<VZgtH~kE_Y|d~@`D8wI=x2yR(%sB;X?ue58d7t+3FefYJCO|y;aBNW
zhW6+O`Ab2JCzv3l>l0&FE5#J>J@~l!#JJ%p-z!<ZL|qv6-5>Mq%hk`PZQ7G<(MS)o
zJoH;LkQl{I_j9Vu#hA8@m*{FP^k3>HE{jHpxsmz4-&SutX=zb`I*3=ahR8Xwb&k@*
zwYH}2mlP;&*RiFeLB<9*m^gZnDPj=`;}2C*?*e8^|CfCxW{f3Z47Cb+IxwUe$wxDv
zaq0enVSqSVl?a7jMTUm4EVfhB)&r_6<`x<&$R4=j>8hqI2m}s_y>)Ya3yYKrAA~vT
zZO8E?QlCd>0ySN?%1rB!QxU4(t(TVYIO@S{rx*@sCnJZ5N3Y3X<i6*Wzt~z9=2A5B
z6FO8$eLWYyv${+=7~LR5<EA1uox`cfG7ZMw9sm0#i{LAd>fpxZ!(%>T{ypEHvkw`T
zMT#yotGG0uOT^_ZYn@bNXaUUFs$;hNO+24ltN6bU5)h%dE;zr9r%S8yy3<H<hme?}
z@QVHs$=soTi_Y@%0OI$_-TN~WZestRsBaKU0lWC}H5W^bgUMXyergS4@i%=^cyvu<
z-GrF{!FS3<ht)*CMZvfstj_^l*_3fX3BR}(%Byc2kNr|p3rvYZ_Gs1ISN6qSgoKnr
zNi=X(liobFCko=GF^4%}uNA&yGjq)mJ$vi23>F?v?|;t4J$7jPB`L0+&Yw$joFvz(
zxj$M7i)kG4<4tk#vY8K)zEiRBrCF4Yp^^FXP!dKga%;>YNC+AxbOe*1B$WB-?zN;)
zk6Un@oEhKmRHh%Wf7x4ktS;BYU>tT_1H6aAv7~~LW+7TA#HiKm6`S3M$G0IwKVbj<
zX(VHEh+6NOx2RB!QS@m}ns5Fr({w|7DQ&Q#y=!RmQZ!L>+0I}4_p^+L@rQ&jV-H(k
zCZf~bK}7o|Yjt>GDtpAeu?}mr3nwR+PRVd|-jZbn+5SsmUA^7%R<0NYu>4+Cxo1np
z&L^4|Q<BZtoM++uLG+<;d9;Ub>)N%70Q;8<Oh4pzh4J(_GiS9t^0ait(9?%wIb*IQ
z>liO4Ueykil$GPgD+!QhkI-fee%<)yc<d|Rbf0>WyH<kfcdC!Wsv35nFe!_rjSojJ
z3{ssC!=ut!Z(_*KN~Lp+!zibC6-hJsDmRws>l3<pGkzP9ak62%2Cem)D2`p7|7xL2
zc#vIvtzjmfo^$lia7>q<Kyq5u!iHCRi|FyO6|momt=pg>)CS<>hpl7pJv@vZO_h!t
zeNZ$jPU%%|;F*8&augg<;Ctoj#y2XG|CCkvT~DhokcLGzY7LL0O6+zz|8v&}Z9x+@
zYjkCCUS}}EKr5&7qX*(6DmH#m2w5gmtF3+a#4jEBEZa&5ziGL8a?`(N$DoXz(`G<d
z5o}nESM6r>W6yEFK%*dd7ruuAECF71T^Vczum+`I8dle$z-lMAi8uMrV7tky`V7h&
z$G-~z?*mIy-EUiSdXDZxNeR&7rl&vpCP}-M|G1s%-1LwykWN)Ow+YcItyN-;M&al2
zh!4n|k&MueIqjvN9<9Rvc`b215=xSab#sqg_B1bWpLDc!>p%M&i10ryR=fv9DPY>N
zLGI0PfvR7@C635!X-f~;*Gy%zH&VnT??|I#VY3adoh}fkr<=ZCo&X5Dps2-oBZ*P|
zFkg{Fg8@XBR_CJ0m05fa7Z<@85VM%oHai(B7N@$pcH*x4^4R+!An>ZK>k@5~A;`kF
zZGk)*JuEpXC4FLiiisbw=jiy>Fm#7Yqr=k#fr<@BG&p_<@)vlMEo{-Uzq$IDoipv*
zo0r9XRfQoWP2BkKo!TX3yE|Mel}t7dC=P1U#|h&H7sv$3INV>p=fOxs&V+7hR)b1t
zqLITj-ATDe&Q74aA9i$uuQ>rs`F4Vs1vreXaad^7H7y9~*S;2f6PtX~(od5rMETI2
zb7uJyjv+-uGA5%3c_PbTF`N6#D4G?S+{n0(;&Ia&Rz>Oz*)ari2NP7r6GkG{&vDV^
zok5b5*%;cBcIBCwMg}T%2iXkU<(;;TIR@;l8s+7CNZ;-*Va43ZoW(E-TI~8cdyVwE
zZ#(oGUU=%cJ%+pYz^n7e8OdBeN@awvG0=s;Rea-^wZ#~orf6B=>qEYxx!>WLArORs
z;!#JMrn~`LQfXA$wbpGoza{LP_e3kF6Z6rt%5_fuo>9-X)=s#QtvBq7kR>EYfPbL{
zQ`^q13BH-wP(uFj+dl+$e_w1c_l09j0e<d3>wgt$Q#-2z4&hb7tu<am#kF;Ek~mCN
zfUPz3GKCYcj2wMJQ{VGU<Rox@!<36@3mxej6J<+LW-e3Be9Eut&7CH^^3V4l?0~z^
zCIg5Bsk%JqH(ud(;QvYv?}BkyNEk7H+zMe}5{dd4g4~yUnmYQtA71w3Ttv2W&<3gH
zX41*!8z_nO_%>Goud@qO{b}7bDTEcY?w-p1O+fVvOX=~^X^qr}PdD2AF8i+#A}TML
zfa=$06BJ)1y39LaSDW<YL^|)vq7v0&mZVIySnj1+1NS>Y?4Q}*l+1Pe$29e;6z-y)
zOU^YJ|Hyc)jbA^~N*2)9+k}patXGRVMtwGHXU37RF`@l&rbuK`yHn7otvBJ8iR!QI
zt>dX`y!eup$B8C`L}v@tw(C=?h1S#6e#ev52N(qT2N;apWx5(q(n!LuzhgG>8${kc
zhCNWga=SL44<h2=j#)M*%0|o1)|HqQNmX`%SEub#i3ixNd7kNaS4M5QcZfBl3%4ZD
zxaZhQlev4wnTc%v$A;@88KPaV>0Pj@=-S3c!dDSl(X%CR15_H`d3JEU{gLE>k2Ae)
z!S|-?k<7xU-$#_kiO*m;Pz9Nr4KM8JzcFcO-~Ot;g^rn=I{^vOpMzoVE(UcNqRV)~
z{{tcDKSE9r&m0fI9Pr>&=$z=9L9p8#=xv3!Fsq{Z_mtaq?bl+_RGmz)fxlhFAa)$q
z%dBmqb;(Xd7Eufk`C+4L1^@^RG3%N*rh=H5R*Ap;N!6H^B$E&H&l54w#NW@J^20nD
zrD4V4!ir6n(?ky60^uDOk1elmU29D6$s3|HVK|-ne4)pM=O2c-JoW@kVU+crH?h7#
zxaMT8yRT*;KT2f7YPES>bFXQcw*ifj@i;9eL0Daw)_hIca`0?p#ml4mU#+O<^<CAR
z6{<8%YLMZ1Fd*fZk}q%VRSl((D68`wx|9gZU>P3KMw56L+D)d=Lap^+t_?DHdp>9H
z_T3aBM<NfA=oDjfZL4W75|um6ps{<PKpxLrBZ9YLw-N-!AL};o6Z<w-7>s*ffQ_Q?
z>MCjH?#!7h4{={}83fBiJ3F!?S;wk=4LjwYL0h_)kW;j~Qt{cDOVQE1U)vy>!(@!s
zR+wJ#WG^ok-$tn&e1t6fO0n`e7N%U(z@|M#cvZpAb!fTLEcn<a`c_1J)e6BVd`^Yg
z5_*^WPgka=Qzmt$3l#cGGY7sD)BcI?Cf9syCI*FgolK%I`J&#4{aPm+w7c#kH=@vR
zBT3wqCD}1sKF;5UtXJWt>*`oq2(RXZ*vqkAnf?&cv6s!@`AeAn2f0rS9o<%>fO-2m
zKupHgV0PEX#u}h%yRYltXHYP&PGYd*fJOKgsDEsgTyFMThaz`(M^=_SDO#G(T8kKp
zSZS2P1`^U>-?-<Qw+3^9a`eI<Yz)lvE}xR90=2Nrq_ATM_O}4EXdJS@;%Jo@eV10G
z97EBYdF;ZV+~`kR6#Ncv*|<mqA=s<cE-%bOv6%}aAbKcnsRZRB5%65$dbMC2^D;0o
zrz+@Ts_?_9fL8Ex4av(3oIsLKN|+?d5Xt(qqmxE>o!R{KY}+RHwl#FTk9MP$>PycT
z6esyUg2Lk|<LqBkJY`Qo{8_-c|Ks-=#%p%gIa%>1=2Qt@YL|<mfnug-U#znnYkpbY
zi|EEb{Cx;l(-i5d^Le^GQRW_QIsHM~OZ8!KTAM9ZN(irW>t1BDRR#D;DA-hGfh(Y+
zJ5JZ}&&H<ovZocy39rnl#&Ea#MdB;UM_c#q!Doqi?<#}{z8mlcE>AJ(^j734lc<=k
zy?3)svkzBMTiQ9y@Wy3n+g4H-;N_QbiC%RMQI_Q<m;5kPWmv|0G3aGF{dNi|agaxS
zFs5h!_3VgLLEFlT5rBSnpf}<7!YlWK8PB&9;X2lXh3Yq1sRJb4{$6Y|`CNFMwB@rm
zU?t|TPt1+3i=S{Q-`N(rEB{GOzanoZ|Ey4%BLd13t(@U2>DBWYXse~fs$r#0uF=UT
zkXIGxpcamtsI4ok3^`uuIK9>WgZWNJ)+UC=rm~QgfEF0SdVk{|^hX8;4T3(wlOjX|
zB|lF&1zwgCpxBGgQ=dXWLkhBFs%#B0ZW|lby&6aG7d@N#dJ5G1vd<6q=aCIz!MWeA
zcJ`{5dtaU6Uu<V**%<VV%*GAt>F)ard?Ha&06(Addz|0P?uB=DFNAIqZ{i|JwUq-?
zaRTKXhy-&Z<AEpAZ#bl0k;+CFhOrljT!`$o`D_+=Q6IZ7+cDfxH|kYkY|f>H!JU>{
z-D1?Pas^m$`qc!L=U4<^;9w<l#s+R6r-EMfZgwxh<Cx7iwJMr<48w-vNMnIuJ^Ag+
z!A-aBhb!pb*$%twv{BmRE#p|&5V>V6P6_Ta>Qx3U#Hh_*9I<6cYW44QwQ2y)?)`!M
zVJitZHd*E`5QxtLwKNT_o}T1O{_{iEr$_CowToT7d00Wux<+U-?c+x)@0PO`M&#*I
zcQRdvEi?!cv`JD-9brE9U=aIfWN_bEN~AlgB1a}rJZu=m1F^>2-*mm}WeoZNdmP#O
z3q6-fTh!JoP{f=6pe?AZf*p8`w3P}!>y{!RSDuU!0xAfr_o=`A9`aET{4sBEQ@hcu
zW!1*_-YghRF>1S4Y+O|VsQZGA9qG7x$T9pZrlGN6Vo`p+17psW6@*g(6N8z(ciXtn
z&I^731V-Y40GFeevMdFvYE~Q*kv;|C{M&cE5yZ8B_8cy@Wsn#_`;5aBQY-sI8&_iP
zMmjY1hCiK9&s&LJSDAjNm`K(@r?HM(R}yS)-FxG=%;@a1FzJPPG2Q0@d>C)K<Ps0x
zx(@QdsR8u-deyLL!CM3u!u+n==e`f`M)&!ILLA$o04^&aCH}P%?8S?3@GfFJiI)Z4
z8i=ghi({CIUt^?Yyr$1tJ8>eukIdu1qva*d2RFvk?V$6ZvqY)<FTbMJKTOwTKUUNs
zO{Em`k)DgBfK;3g=YC*DZFDjo4o04J)n~gG25(Z9`OG9eC4SAOw0r?3rWsYekmK`C
z3i90i6?xJEyb5oP&5pE=|IU*-V9^Qh{%0Uul#E^l$IP><?N8Uls|w&<&H#WR3QV#1
zd|hhf6^oMF09rJurE>jN=$AwfLcdPfGSB25F^%(>Lkgem;{4mF%7R*1cZ!yZ9qu6z
zYl52f+*gC-c2nZvbK8f1_`?Tsw@t5{6A?Z)p{yEgCljZ~C&3*KR+F#MRukfeyn7VY
z`Ryn=C57EoAU+*W5`Q0s=%urYx6v(hDfQ+7lfgsY!BGBt&yu8WnC;ip8nOr`KdAj{
zqNafsn9L~<?Ij;_@?OM+408W)7*MuyDJ9vZhD_D^@Sq~K=HmKdcc=R?((+MHu76Er
zV5N&Hs&fn7kt)-PPBj1uZ$Mf1-+`(J%3X}fS#c_uJHg2@8*vBAgVejDe`ZjeKQkws
z9Qo%2cj#ysa2dd3ANt#v^M-o;AgHLc8uo%{&2dkWce;H-Cviz_d`#_44nu*k6Y~p_
zlU7QHtEqR9g#96roak7K?z4KAX<c&MP1YKb^x@_`c^{Z-C4{FY*69UXEp+z!i2MBf
zk{=^|V1X|&Dm0wLrLa)Jt3O0~&NsV#7{kGs+V7Z%dMGY4XXU!JVf0*@HQ6g3?F}SS
z0+OZj?}Gie&-zALlWoY*QLEFqSTC?F<53K==DZ>nd{)tN*$F%&slB#8*yIxYoCiGf
zw|CAb;m{5NuX)@*(2Zs3ah=J#WvxJb+py8_bd5J_z0df|KEVwfNp@1*>g~(~EDze#
z$+i6`JH}ycy3bwbAxTy|+%)Ako&p^S6Nc4gibL|ny6)xf4hr24{<5;N>QipQc1{9j
zgw(rjKf9B;zAH?*Zs*KbuN5g7d(zqogT<-rZuf}R$(YxZW|)k<R^9!=VtW0Q)vmER
zTqa0K>%O^RJF`umPK*pWG|||;)b=QHxr;C&v2DY=P~;?`+7_bI?RN0k6B8)O`a14p
zPRvaEbMSW%E*~V;f{uv+(c^l|AacRLKOir*x@xb`951gUeYQT~khOjlYQTt;-k8={
zvz7_kJA=$h2}65sY7#qLf363{yAesA`!n*(A}s>V5WZVix0IbuLm$+u4y={4{){>I
zeU5W(TS(+A4ee8=lAKudG>DzzjEmRSemCyYqNy*A!sB!(jbYX5CzVkoQiR_*L$|wn
z>i5fY91K;;vmlCQ+#39sa(X3`EO$vW-;g=p!aHNBFRRORik06)%L=b(l&-j>uV^%q
z;<9A>lFbIpqcZ|L3qFswiwW+-5dI8{X#iyBfh8ldBDSXZ3SP&63fP!zlTMm$;cH%V
zf&<NBSOh3jafhFPSEz|kRRItHw}pFKKB#4%+WmN$wiID7E%B|`Vy!DT%H!-DiLpuA
zKwsJMn@KsNp9R^iRk){PW<}6XKPnUy0PhaiYjLSl3R6yrm{ol#n&wjKFgjHFP6Oni
zG$JAh+?b=RuL#u}y<qL*)mL&#H{@`&?Z|4a7yr@z&TLKeG-LHB%Zhm%NUFCMBRc9x
z8%Cyq#Tr}v1>MROvRuukk^IvpJhxCU0>fPo4}FmW+cs7>wyf++xroB7OGr*DflMf7
z3jYtOCiyCT-SF=Ua=!+2-4j?z1axs<B$Sfb&y94avL^qawxy@c#`{F&O=O2!f!NUQ
z01`4mOqka^$d2lUi>YbH%9J<2D$m3?jn<9jVsyyDAo4c$CWNLY>T@ot<SQ5K^*coT
zf{opmxLHG{R1j<B=44UO!g#RDnhR#8sfW^t%1d$uEGgbq>P7S#c2!EEoB)jXS{XZ*
zo2{y{zt;8T3@K>HxJ)v(sFSTJtL51w%OH_<7E-fwPogiVV~b;%qhoPQ479%fB-_mE
zkg>(Gcu)Kt2QxYFZBo*l^&fDi_08uNzQ7K|h7{EIY}im1tcY5vX_)`AEWX*f-2K$;
z=Cmo}v>E>T1C|nN4Tpo$ygXMUSMbUkIf>Hy@cVCeS{VHbHij>lV=~!|gvssnRYyoj
z_4H*m5#~<4K2n3*H}?o=$#ggi$JQE{rx_>9$p!l4;_Y=y(vDcq9`}`pC%!>%R`!)T
zNRidE289hpAHywrP4_4LoFCbL>?H|h@%=%X9_Iv;0QYCK4WnyVF!D*t1>S#>@aY>x
zuCU9$BJRAZ$h`w`Q-4=bBvk@&1>J81@!$8NPde>GH>E^!5!n;o2TVcaq}K5^GD1@`
zciV*NAkNs~pdu?ze}+`eK~?716n#+1VcpYV!H1U<Ql9ILVjBfPR|Uk4Hx!1UC%1+r
zWHwRrI9u|<v%+L)B6c*kGSH^`VCVrW3%Q`uEDjlM7%#PozN{W4XALgjmDhf7p7_-n
zGE(jMY8iH;cDYEWAjc(3lI497$4Jfz6b>=KCwj)dm_h+Y0mH|MtkXgZybKa8dICdX
z`A#$U(z1FGN^kbiG+PmtFX4hIB-Tzq!EKTBS$Tqrb)^56y<+rteY_ItCcVvRbKjin
z`@HVQ(yIc3y&g2?peSq3;u2tJ!%$Y5jlxa-YJcW~{X%Y$k1LtP1vn1Nh?Ei(8GOGp
z-StNo+0hX7dD<7clP5#MBK=4X2B*qdPRpMXmloJu4~o#}qbrJQ7k(G~>2PwNC1V$^
zO^w)xD<Hi$<`Vl!-2$G+A)>oO!c!?;3p!-$aV9~?ZB@3-0bhUH$}3I4iz*}S;<M^<
zIIZ_4X$g4iX*518&3J+)COq@JM>fSOUe#8!#Fk5e<!9RQ8Dso0fbL1`-6JX6<O)mR
z4@>QJR+$>EOLhlzrf`kjpi5uzfR|-U00}AL#53G4MH+5|pwf1z*BgFY_@suiMvDtI
zHp9$^Aun`1&$D?1r7yf0+A3DJcTotjj7fCJvUJGt!WB{Sx!GMCz8x)%3_yV|efa(&
zg%ztZmRFucuny%&ejSL8$WZYq%FbK}J9Le&KJ2VD{pHp22ytm`{g~^x*an9maoM@F
zf$;E+6ZC~?RlmAW7M3;v<G-fp=(xz15b#8b3Mg{MG?nMl>4{d#rsA?IhJ}93g-|;X
z(#ATZ+F}^?gM_ovcsQHE)Gm4>t$4XuB?@)TL&dX3)GN5`X*RRzPAbN_%5$^eua*f4
z;3nExV_acHHQw@fG;AVtEY_dovTdzJMQKVW?6WK7-l>SX#Ovx6XJl6|=+}rSQG$%E
z<JtJt?Y=Xo2+NYo7Du2}PN=lylyQk>SMwIJ5z?vJDKF6S3a7I=k~m~JK3A&ZOa%)8
zX|+>H9jGH?xN_Nq^zEx{Oeo?fb#YY^DB~<ARLbkJ)tBb<GI*+NMnMx9yyd{+oEl2G
zT4RwqZeAnxaitXpA)DIdVu3U^>z_mAu}gwkaWtWoA_^vyaf%6G+_IcOL0k3G96NP3
zH62P9HjyF`Az)TQ0*|ps$-6hBv^qc_^@O4QY`H_^5;tXx^2CsJ3Qsw~7^}JwDV7ly
zOG7U_-;*u)FWe!q`>X@$2oqO$)&1&tph-mW(+^JZ3cp8}m=MBRig|GCQ|buoGVK(n
zyqeMqFr(ApXAf7rxbLY?Fu{`TZ7Eky<7apAxy>4X2|cYGMRXO3LABCG*O=}fF#qBD
zS%Zyw_-&lKCcWj%Nz_TWv7PMX>8D{2SN|ed6Mbi3)%rMVLzGW_iCR8hfOV^HN0F3F
zDhIf&HI4ohFJ|vgs*#|rCYYSc8rGh5Ao<wb6=!+V*G%|(k9NA|=oz0OO&C|;b^X9l
z{-^fVQ7g6byVTG;y$nqjhTD~MqWHS!eV&>bZO|5*!v4`D@Blh+J4XylTfvA<;cz#p
z&mwJmtR2J~@3m&a%@Xaiq%CqBhhe0ue&j{7P~Wxe^wN;iTwlQCB#c%yy(ZPgfVQam
zsRJDv*Qb)uSVHYH%b@$ptKP(HT|fCn0I_?Kx50-P!e<~?D(#a8lrz-JskvTzln$Pe
zM3);e5vsIXYwe+Xu5VqnWT569xHF4DL!iTSpGDYQ?$7-SL_O{Mr`U}|G4{>4l}#0l
zB8|IBDIA)4uX37rMfAdq<~`yZ6xcVlHO#LjI-QT!#ZM)Q)Jul2yWRKH>A;ByA(A3i
z-vH^83DSrX44JSxRVThxiE9~Nr&OfVyhBg5oMD-5eXNU9rSQ=L-bs+*4Ac}%?QJ0-
zep5NT?=ENS11HIKBYCe9G;F@AMsjzGK2WRfSzlzlVEBobEZ};Q#L~C?Ss)_c56wPd
zrL5jB=!`N^nPJe2c0-Wf+msQ#(8lqC>kH)Ddi_{A8a-7=AOoy3elY=>F3In|=&Y7R
z<bBGDdd=;7yA+lk9>mPvPn(k`ef!nINr`Wcg`x1}8(4aYWH%AvcSgIJ`b2_r;wUFS
z>C<12ksyP7GnxjTFRKHTLSZ)fU74;ZE+h=_i=!9T_?`P*l8Fv<p_}v``k2hGTz5>w
z&sl=n;J(kWT^z?3cz6sYf!WQ@TcPAQ=j7uflI%MiI2A5mYJ(;m(=v}bg@>03?;HIZ
z!&~H91YGL3+2NjO^q;skN8;bes@gr{_FYbWP$vkTX<yayj>wLJzwbktpt80k$UK0}
z6aHSZTqLB04+GB)Hv41A_p^!b*|)oQ$BZr~gw+(kl-!q=iE{9;j}EmvFwYK!AbJ$}
zg@3&L#+Iar`jvj5@orR)3kX2`IAn}d78ldZ&~)u36C&gjX`4ZZR!3MitK0eLX>|58
zR8TRcSQr(<%nn<eN$F1^TS~;cqm~<7igozd`aCX$++T2UCT}U_EnjhKHAR@De7`sq
z=B8!+Fqg^^g^hXqVSATli3f!`+7j$l)7w70Xe`{Rx#vIZ={%X?{u_g?Qx@8r?E!m7
zlUpyfXh&<?^@li?)y-eIELKxBT4~u^q@5o7{HlD_|3$i_7P=tvFe=5O;?VN_1?Y`!
zTvuz})uatMC2V8Un{Hvi@UlefLtm~((}v`I=5gdc;28RH7rsurlz?v|VYR$%8{t5x
zd;?N#Ygplgj?DBlaTo5=yr3j?!~0dg<mfO?F4%<wqk9+PN#CqGkl018Zl=%mo&aMb
z9<z8ut7Gx^cX1=k*kbCndbqkB>jP`3`La<*OGPEd+b{iV?V}4-&?WT+NqB~QreGu0
z*T${7ARMTp#~wR>eokrk=+O`;Pcwg~y3@R-N$Cnp7j&U!PiNCSCDE;--#L~p#F@uU
z?78u9@+-raYsard?2D~~|2JPw)cgJ2&U}kS`ZI^ev|=rMb`^0r?~}TtF%J|h=&8>J
zV#xg#vBHvEZl%Vc6W2TGlG#<O!bUAh?h`tvXsS9sm0@6d|0|sI%3W)QzOzMb0HDyv
zz%~}2&u6dknp+gJwdt|cJvKK#+`V+Pv!!ka@9fLPXH&A>M7h8FKH@WO47QFFTu*E2
zlu2M8kH~b^V*L<9h8z97EplfEdNFc31<{s1ZIT8w&f{~s_Rz(X@-{KF^{l}b$!9Wx
z7*37@V<cb}&CE!aLWkUpPB~F~bNsgVe8k_bAd*T1J~a*=m;~>*dKy_sG~2v*zcW76
z+EHW+sB!Kyl(~Ib{+_EZocp3}_9zxxboU|o-80bbnS@RZ5wJG7Yv>3m%u{swVqNxq
zz{LFSucSB0GUEm%ewcx1GV~$BgwJelNI@de=Nr<;w4W^)Yst3!`g_sB`uj9X6;p7E
zd16Zmb&IDWwrAddCi3pfvcJ8@4Lr%C$<?`$5HT~n`cNEAts+&T5WB4z-{m#)yLtE2
z<4tlm8o@CcM-=qa6u+wf(a)~K4TmA3;tyPJ2hq3g#=Zn0=UL{b2x@_r6TU=tY87Zn
z8{&hX>xxLbD!jd&ChPA5caP6js}BNhxXZ>xhu^b~ezi$>=7-J<g|nI(<am@t<@#Y)
zD{d_>QR$8`;T<pbdg?+jW<q#>ruzsrG8VbDg}rOr*T8Y^wxLMWKZ(tslUDNqfi<90
zr=^M5jk~6hE^kJw$dQ`;fnTx*UXZPF_f>hKJaP3pmc~cs0R#U*Jo5>EjeSq)kyD?d
zcP;tQ%2Oo!r1Ow-QLL4s3l^H>s5#53P_nvjfeoCFWGpDRL@2y=Ha0v}+Gg=~(+uC6
zRe)E-w$h{CuDCv0?(XM0n}zAt@NT;BgNWC)2ywk-wA!sq5h}0~+6YEP9`zA_PHF<T
zpb>4n$88U)yko@STpQqTCL||fF%F69iyI5us6G{aoOYA&jl|=2=7u5HN{{?cDY#|M
zNoE6UTplUhl^iO3w)#Q>DLy&%_*YHla|raDtcshFkNj%z<x^v+x(rjlioc87M4S82
zxoXsk<*JJ}ubeBoR=1Bc;o5{3CreBAsSjxVCNrNMpS6jPi-F#DA=|NxC7`)l+jVrV
z%)`L34M*QbNQ{K?q4D^OcAW-nb&lB?dpSf%&?W#;Behd9V@|ls6#a89qbs=E{QXGF
zeop04TnHKoAly$|<{SfOUKp$&3EwGZb0rW<Gd>i!(M@UxRvvm6et>*#Eo4PwA(5IF
zl`ZtN<y3sfvr;8nw4zFAz(9G~ZtnOnbrXME&;Gd~EsKmb=2R=5x-;MamuswZGD>uN
zLNzsal{+2%HZFL-My`fPOi?^qgxb$5RZxuQr31O}J&9tL;57bEeS9005*51iIW;WF
z*fn*ahtk-qs#2B~Jr8AkY=t<oL1^~ko}!YY7Cqk?3M%*E<mx#ak$4M=UJb84F!`9F
z_Gg_ApK9a_;n+@bCEG8PugVY#%AGGAV$z4YWHzop@R4_(fI9O5JQW=&r)-c<39$>7
zcMBb=h*n!o1#EU%@0RC!jEvb6`<!hE2Z4NfM*+@&%Ji*yNq6yCJF{`G8qccg&A9e&
z9|}d}?7=lh{3W8LwU3DOm&qkJ;Hh;^3^Ir%A}&K*r|(ojQR4IDZHiZSU9v>PhVJN=
z_{^cO>g745c0GJKp&0efukb~<w}2hrk&KR;WrnZ8z-Zxn-Xx>h`O_LrmtP~EwyF|3
zF3;4s>H6Qgp1mQm^)j|tDLkAC^3a^U<jeEdqNI_<nDE8WJSkdPxXztl)KXkTL21d}
z8jC|;3Qj)K0Dd#*m6IEuOs-+Nqz7!EefQi0(VwbhqtUjO(&p*VL)$r78Vai#vq`Ro
zYt}GyYZhl9c8-%%EBOqa)}NH;74cq}Z_M>0P*{ZwhuxyyLci6|Hvw+8<=(#d^SKp)
zqBCz-oe>GrMlgrkjqM!x_1W|oiZ8O7wdRjFfCK=r1N?s@m>~ev@gJfB{C62G3jp}n
z`9Bpj=KpE)e>S24L;h7lV+H`QI8iAX0Du{a>PlG|b^b>);6DVr{Qn}B07sOd^#8Zy
zU!8`aG-*PCA+$OFDq(S=lK<BPjro74tN$`Wl!pI1H~c^9DC<N{hWyLMs1q{;mH#gV
ztvpp3Gvq(i(6UfN@-MLipfRH|Y@6&*mVXrhXv_dKRaA}{9)e2$CI6mB*fy!kWN6HQ
ze;MfCnKBwM6#xLJFrzF*rh>8@8VfL#-6mBh1l9UK7iBw??!QF^n4OB^@B1GPI~7z1
z|87(MA1?j7YG<dC4NSHBk4iWy&qme$Qy<kYW(X?z|EHia|F_SD83M5T&(Z&HO#lFS
zAsX|4ul+AesA2psv+4gVWB$t^SY?H%^#3le_gfv;+#XzN^w)wv$~+m5w0@Q0co0G$
zf!H4tKYkX@8$TvIG*qUrj&$>|#NpJ1mw!8a@1fzv`%<3u*95K43jrcIYVo(m8oR?<
z3BbGN>C8{s)L%G3-uSO_!*gZ)!kJS*U0;gLLP*;cX=@o4P7EYr85$qd+szEWO>MEP
z?*A;n+A0k=^(OYqUq@!<?yz_4GPFC_o2XCxlrMarNw;Yl>CD-ex6*UHZ6rLgjKc^&
z!QF6zEj|36q-t(?Ux~Kc-Qz69+W#T)2dOen*r2_NO}^B$rr!XqjmQ~nAD6{PGmk~$
zrI3fvmzyA^M05OM+>^-!)4Ene)!UJ(0{q(TJ^)(fpAo}0j>S5@b>X%Ffv!68{ud$V
z%~C?kS>Xrt3aX{@rh?ssiSn*|c~ZFMGNQI0;AS{)6>~0{s33AINYC$VU$Mk*GqWgW
zT!6>G$eDa*-vA#or_a*JVEE@rvyu$8_pjMA;YFX&YuAVNIdhbOm2BS6<~cOKL17yn
zr?WpP)<Z^ng*}6lg|HKluq{b6i5ZE&9CII=oP?rJy3ZZut!9FAMwveyu`s=D-Oz{n
z&0zPT$9Goyh#MH~U&Oi?@io*-_;D=!oh8@lkgGIE;EHTh5qwS0@MUB6ZS|L%i8nq$
zU!3v|-?&jjspa*&=sxRm{c-I-;nsQg!Rx%9Vp)XWE<P7N^XdoXZ@-k%>r-z|eyb7%
ze2{C`EiuL!U2OeQtf%>}HbMdGO$~+Uwi<2?w?;BHj#zBw;=uig_*D^fmbnw>1nP~f
zf{?+pThKAKL|6SS%V*h}JrdCYO8=MI$b3N@1w%(-zi-|T(Eit|VT5#kGc*gZ_hjd(
zHsO}0_+=r;3Mk&27F_B*^XNeSR7=8_?+DYVuq#)pi{@5DDoxEX2o{_V#?>eybhUYA
zl!i{vHg)L0dpX%gMxCr+=bo!(a|65`V`c4wFd^HAuAJlqw;a)g8Sc5z0DYebYn~=O
zVR$~p7XKnz*yK(aHbw;tHA8(^ghl9ii$`)CRdED7mRDzt2d#=C6N@J)!9?8kn^1kL
z6#7x0_S^&qHZJxh{04U&>hSz1<>ybP_*XSEFHXP9x>jS6jOhz8ed~`}>hDh}T34@9
z`{X$4U1sY8)`d4e<*hHXnkuGzKBa9aDka;ai?={+_rKG*8K0bc+byZ|TCs!Cdl6&8
zBz|71kAS=Aw<S6qP9$-?2n~v13zL>RBS*M%MMFv=bDALX?N)R^U7JzM&oVHnWZaK6
z_@)M3OZ8-!m>u!+iPa*V6Z{e>QJTUPub1f?xg~>xaEfG`=7=o{>|Tgr9XjmmwLT6S
zjh}1FpsoF^T}DQ6@+bzWKeS7*7RhAvtPkgu@h~`_Az<#-253p#kJEw`59mjr{sC^v
zT06iB{VTSli$W!_V~jgbI$8bBTleHI=51F2SDw$*-eGIY(bS)OUYB2#;*!V-L9779
z=Vb%N$A6Ds3nH|q<)knUOWG0yY!sdaJP_<+Z7{N2nbImh^7=+~vzGef#8$igjJw9l
z*D~+ZidMQ<F{NN=yNe+SA+w{|S?aALh5R$1XmDK&YE^&)k5X9tOo9BfigIdD#R0tx
ziOSe|&e&QY<YNG9&0{L4cZd{%;txG926fL;SfDEZpq!t(Vh{{WVUE&6QD#r1KyIU}
zw^?g$6d+!x`f7AF%18Qxy3YOQya;j@U42;$LWNg#qOK*UK>n8g>n>CsHcMe%8QVav
zXmCdc>iugS)~sIM;?LQWk2^!x3kaz!B>rbh0i7CP@uMSsp!W}>HlT>*K&-St1pRi?
z$-(}y-MH=jCdZF_sH2loDC^2L5|=gOO(lhLsVqRdG^9EiJ%$;8#ioGArNfE$8)PI>
z+p5Q+jagh-oE|Fz2}iGt0qL*lVTOmLFLGL=RnNv&DYeD~=}Sx-sWr!<a{)jx+IYpq
zqGNdIVJU2?6u7c)>WTV@Vrhq3Z{|uNZ+3wIKr&_sW;Hp5GW$$v9Ue#(gi~0U3Vu_~
z2CN3Eauz2^>XxRHV*H+Y-@s%ZT6g|Q7P;<Z$ZK2e1Zi7r(r7g?QEhGt!8p~0?y5#3
z-y4gI063BU+7k4ev`mzpUbr56NA6MH?jB<kxUP*K*3+UWfB)e9-ni4%{HlM3*@Ei^
z5Sv7@tT^q$xn|)q*`5@0RD?AqL;UTGVZD6Yq?Z1NCSAa*)!QMpdQ-VK<e@V6dWuCE
z$nNhZZY_wIn%NsqSqH^(wLQT`=Ncgso4TCTT*2Ce0|37T*EyzaiTd@8Dj^mqM+W{7
zeuF26tG~YA23lQRDPyx+!ln@vY>IE2t2qeZ&W}I3)2YMW;N+A>s0?dsnNQTB7J02a
z9apN)W}=VvRyJHiLiZP{IMa_Npa@V;DgM$XRx0z=nb)q5lZ{<<7&G8b1kq+4c0Jn@
z+MsCC?}hU~!Sa8w^_G8aZGE>l?q1xA1Pkt(ZoIe$55?Uj0n+XpcPIqc;_glY6n7|Y
zAt~-wDA3*R>v|r}{q~&o2dvMUYfbshxyBe@3t&zI2uCgA98hl#A6N;c#1Z33CtS?|
zg2865g+5O7Gw43^52{#Uk)FEclDp#FA7En+nOVIO&PS^MU6n&FNook9ftr=7@jy~A
z+&k9{p-!XMKnDiX#q|H*>o)EyBqE275Dbh<t_6_92I9y{tT6!1T%C#VWJU^PRk+L$
zCagI4YMG=`IY|blCPb<@IDjX;q%}jGde7I}5%L*wMdeDR%TOf58iKg8bu!gW&2T7j
zaQ?^Yd#))kQV0A$uJKlSxqvSuHG*^X^`E`z&Hnq-EGOb?u^Yc%Z!P*QrmDH2$8vc`
zXPZsOk8B6*n_gKM-zn@qSKpiJE#jx;Yu&@xPN==X=A-4y?W3j1KUS>o>c`zJCz|S9
zzq?&N#e;V7PC@JcTiOSd?dV|v&gAtlcKg~fq-$4sPxj{7$X3b;qAhHN87Hkpytk_-
zoe@pi+Z(B#yX$`5q6|b;5KKq?MwObW9e)p>mM2iI*>*IQak7W6!#$VIPJ7qT#d_Vs
z!nVUePt%wQW}mzXoMc9OqMhr%9Bj-q0IGZhQjv1$&3>$yCH&w@QTLYe?W?xS%*K7B
zv!AfL9c!;_{q_cPOF(Vw11u0GW5-}!S#Owby$MX&UZHJFo1^e?aeZwZo4akdg|DA;
zt@h^Fw&k4tN?5j=ooNr)usXRtZ`EMEn7PV_&9stk-OonE!a2QiGut+mb$i*OHoX^E
zWm{$1Tog;#VZ9k^;p--quu-Nwz+G8csWmm$N+D)n5l`vZC}Pbu$;Kkf@N;t@rCYlv
ziKZS=DSKeMH(S5%my+$d?t6ra9jM$O^z4<@a$%IC-xbxe-$Z(D_?a!_w%0Ck9It)(
z{@?$8ja2xK{c6>&ce5I;8UaW9^u#c)<26eYiyP7HT1Ao{aTnFeV%wCI=Z}b+F9zZq
zB*9l2&9Oz<%^Xoa&zT&&!^;`H_-v^T8J2-jMu1Kiw`*?T*5LK|KBcw{?E&eJOO`vr
zyy^7Kx{?fU0c*~uD}m->E?Da3X?i6De$`@}F1B-J!kkH|dKI}eaHn3FsX}eUV`}FM
zs>pb^T0HugkMcV;H%kir4o9%OrL*iQ|7Y-<Cth3<EAl0F;kBHH1h`5E^p-K^86htg
z`|`B-74yaH?aH`y^n8|ohtJU9_&F?+d^MEOa`X4FZ-Y~}84=Nuba#!KpiYXNc4_sb
zQ6=;%aRf$IOc5bd@j`nZLkIg$gf8Rp_n%xsJQ6s#e@DLq(CGp`JKGG7OIerUD785{
zJO!~$%5a|ik0es@Wt)U9&fph(v*A1cEyaBp@cL~24ripIO@3^;`?GarLQhn?BKA({
z=UP&9c@!)g{`*%Wut6`uy9Z2`ZDIDBORjmv`GS9_xhJmhjKhrFsYt#Pc+>x;VK!RT
zJFJv>hzT=zaHj~OWg0&66*G_GiY8wQq65LvP9{X9xb;!VKi&a0it(blZu)dK&GhIC
zFEKCg@sk4Ysq<A{>Jo`bQ5Kz;SIke7=Z0d=6@of*;XBx>U&az0Zhus{!j?{(aPlF=
zi#$l2=HpFXhM<C9A?dXtTWutK6WG|;_URjb*sH?z|6CE@AzPoy!Xxl2Nyi*scG42H
zZPHRv^+~c@Iq|gVI|><*EngYlW^ziT-Qz}o<BCZvZ>*v^$;;0+7iM^hs(pr$yl=EW
zsRz%-N$9Sms`MGg>Ai&#??kPY?tj6A8)d3A;Oo-7Q`DhA_M}5kpw`EmOq!K3Niyp4
z#*<HH3%)Suv(=s?(LgB4y4oDG<Pyukp<bA2Gtmt)>}o)lgq2?87w_?<ufGxhGNTe}
zl|d?l3UPe9f}NN}9_W<80;#qcu@(k&NU7JkeyRNu_>Le(7hj8EYfq#EF$n@prZS3H
zmsb`K!R|^qsSWN6VEc4)zMhc`P<+QP`lV{opnc}0n1J?}M&9Ui-=)vSpeV3L#44*(
z#MY1n82<{9vd1D7g?t+68l}datbUv%>{g*62xVQi*(`~pcyYNtm228zCOWV}`hI9j
zmeRPKqVdbr7Fs4^q39%a6Hj%`TU&BtQfRQl9zQ7s^GH!W@@8rzLIRgeZXb(usWJid
z0y;{YE1QkTvE2mE+Ett0DS%{5Agks(x+Zo7QzmtZNe?e;HJa9=t*k)<uPHaIev#jz
zXk+bqSR-<=MlQ#X!!v|?QE{y$y~#V7b$g)IhhMhax7aG#USqRJ)*ewEWAL=*j}-mX
zvs#WAF1E}35&EdKDzzb3KKS&RLjIVJc*2%YoG+pT?bnNjf;4eMrTeQ9x?!KK-;Ln_
z$S*NhOD}GA`in7&QzS7Zy@vh){7T8=g^8jBie`D*7J~!P8b<e&fr7OvzVWL4V0tE8
z27z+wC>cFM9@?SYpze6zDRhOZgSYO8vWMdLV&UASTUJZ@<wseQ(kBhF2e~QwZL^3x
zYoCRwTD;HE8*bU5()yBD5hF03olxavVJ;uSZ1+-P)}J924Z!lGnjZ)R5A!T%Yue2K
zUNMi@uQxj<T*}#!gGM2RU6dh0ZUi3T3WjGA3fY-g32x+5Tt18MdT{NoW2Lr5DjZ|t
zvu@vg)g$95HS2=c@vw|XaNtWFD+F28T0-b<?NwP|{@MPh66Gt7^Ye*miS$Z)iF2Kh
zoRhsA9g_V-;zXe(U0yGlJB#6gj=DYw{2vr22ggQIBK*Cq0Ux2MmQK^oQaG#Y9HG;w
zFi$un6iHp2${6lfCu6RmA2~PWUNuUpk%O0XPumroqDZW{l*WFZR8rMVRaJDx9tu$c
zI$DLOBvK7@O>t0^g(MJA#A;DBI*92Egu8VMoxbxGNM6XLr%A@6!<Pxy<Q`9!tLHP^
zc`hD%{GNazEG>Clm>io2C_6Gpg$Segd4S@s8gv@)E8M%GU0&uJKN-3w{CY=bk~b-e
z%*keF5a-7d+QrnQji8&7AGatA$DB_Jq>2>qpV~hWM0Sl9{9H3Lw0?iQ`boy`2z+Ue
zT}^2@|IEh?K@XCF96FWsY6cpTA%fBXC*}7`eR+SB1%EBu__^<1QIDxN{cFbXVTT+1
z-v+X_Kh?mm_nD3NujNIIdJ_QHp4s^Sz1A7ONXgo6|9oHj{rB^Kk<+lhT2B9}lmGG#
z^|<u=e<1(ycPV?xo;;2rP8XAN+8@MyzOigm?s?xg&3s6<Uk9LXYW<lX<uLOlCW^Oj
z4_K?~g+3U9_QhlT)nIC9{0=Gn{;e<3s#zWFabw<Jz!>seLd+lCOpAraWGEswDW}hS
zakKVC-k5vWN8u>y>aw!0AuX)Z2xcL&3L!j{51^)F*c1l$HvXCvIzBYKcm77~+xuee
zF_mE9J6wT*AnmsI&c(V6m~c0mSRMrQ6*W^e_w&>X$*##AFq?g-w!N|&-L&SSfh@a(
zurp5gZlP}<bf@SdH;RuV+#4X&uz}~4$b-|<erbx3EJ^&@^9RYzK83ldRdU0VpIg%5
zCzFxh7eSkg-m<#~A$`iV=bxy(coVEeh1vJQQej+ndp}qxMU$O+Z2mUP_d0$me<7=e
zODA95Y_*q8Pr5|x)z~9%r;uV^!?vFbr~1lU8cP}&RtX&UraL*Co0iM$C+B9n+T`7j
zOXV%<TqI}HMv0~g$;pl<?F_ZaE9Zk`)?KPE{5IsN@>lZ~TQ-fE3qY`sQ>;6?Z9y8l
zUksHAAI|GMK1dD<)02A#f)+x$IF0sULa^W+%p@sNisj?Z!iL?v$+hTlfBH4Qp>b%o
zui_59Vz$@NofVYZ+`Q>{{cL?jPqUak!BD)rIA?{pC@2jfkxwOLe~B_@6HTMevr_U}
zJ<q3V2ElqZe>^8FwqzoT2qssXYFKMs-H~S^6Etm{BmZb!6+0}|`W}o(?J1~g@?LX^
z+^2dZ<Pn5+cr{&wd9l8iQ0FzAx}@=3v5Zw3nra-6!afk98|lkT?N=onb7`AzORNWd
zAMNFBv1s)+*V<aJvWHR0h}{M)I=|s*=?DotamN%`<hjROc?Prb-Iz;$XwI5=)u{85
zzR@{Jpq;pLMS^TN4z=`PJ?iX@;&w87-u|aC|J*s%j+KrZ0k4iW5<*TkFeuWl=4%Ys
zbc0iKen$F*+4xgWLKhxP+G%z38sUn#o5@#WmO~j<c!+snhWj(X$ft|Hg{5ZeT`I%V
zZr~Qit<}vwkpf%l$05L2{|l&=p|m%4D=2sm<kxGq`iH?iY-AU1i0;<y3J)>25u4@q
zVsrmSca)N@E2;U#e7F#!*=76OAV<&o5GMwHh|C4Cpip*O0p36FY=tV27qL8+zHBPZ
z+m({%xe2-88~Q)t^OviA929<avmZ!{NeAc@`R(o6MAQb9oo%#>znQ4c#r8K>>1)QP
z&L;aHuRk?K+V&g!NYV7eaCG=BH$pc9Di1^ilpEi`v*qzd8PA)XCzS@rl}dmm6Sw1-
z+HN5#j;gjc@0*9HWOWbFo=4V#S$@?(M4nX|N_8@_wzyOP>fS^=B>#nJ$IkmSW#lo<
zBO*Kb@WNhd;y`41daGhsi2fviR9;$~E!mBCW#=qUQ{>3Lh~MDWeG)Qs-9(4_%p<jI
z>aMKs>jymdZ4tGrHM*_tqa7L*2M!6;if%8u6=(9Rr)#9tO8P4Y*+NBkErMI!C|9^*
zbx2Y#h6FiUw+FQPCxIT=XR5##FGVsyrSYH~n!HXm7(IEzeaU|ZJp15=!T$80xsZa%
za5i<xnUzB9Z^@C_{bwR)J>alfR{b{0g(ZG;aW^)7ca!=(!@^Wm=RX_3<7W0LH@};=
zk>9$ujmy6}y(89rj!K}!iQ&q_nKm%x2NvXNXV05*du9xz{PHFin?Zx9E(;zVM^~}I
zS55)sPZDRG3IlE?j+l5E#B=8*Aw4=5+}Aj3`;$tvbYr<(>$SJ#R2$mw=-Io1y+boj
zcEV2h)GHj^)3fM^64+TU|6`DMUl<od{VrdKebn;yk5pD?td_8WGJ_ck))z@*CTzYc
zNlwp~*;V?NnZ8fh-1`hG_r_zm^PNr83)SPOhA5rV3Y{ss{aelKWfC8xh@7r%<OA!a
zqm}ti&xC?nbX3&)j>*wXsq3y|nX@p9>3N~R{PZkmUTY&MIU9v1mPw~p4vY)sDLm9a
zX$n8PFC}PY&g3ZcO5<`e0?nyqtCivr3qCrkcCfGI0n(~{FZ9jH#osV6fcLZu*V5*=
z`%GE>C135Q**uk-9Zdku75o*yxFmP0zLwQ(oAk%v9U?c}R9&yDYc4zdP?W}=_D6Ad
zh#|7U%1L<>crc!RyPjCHuhznCX|rB!NV`}@^XR#8{zlQJSm|6Di=KPWtq@$^EEXqG
ze4`xF3>}(IL<U;)UyiFcq!PYg4a*Xit|QCQXRP_(KMh%YfUHE$kqd^D7s(F7I2o6!
zSm92$P?s-sTI31+*2cd4f|@6thj~s;zlEFW`t2>V^n08jdyrd?AhhDfU|{j!vro4g
zJ#}7W-xh9Y1l7;I1DB5)2Fpt$E%He1hJl4`Q5);)K?{A>j$_!Y$>0ownkmC+>9MnX
zW#^P&PjJMLjr+!pOb&fejDlhlgV>y`x0Vf}T(x9L%q<L*vFm@_Jdaw~Z3KH_Fe~cs
zq(u~$_V2q2G){$ex=lnf`r7}(cjz4j`A<`fVihEm8c?6~n2joybqW1A9Dc|Lw`l7%
zb^ECAu}CZWPkb{S%|kG&e(G(_c!s*a5nZbI*eA-kE8-)l2J=6(vZxOGcze`u;LYqL
zr4)Mc2t1K5xUj8t9CYf{a4LEXY`FL=cDWH583b>9YF>+gN!BsAT^3jEkp#|CEk)Ax
z_SKkBh%KZul56%1C^hPVaxHe&ZB2b9x^GS}J~xsuX~q6WsrK6ywk(5E#E;9#x}K{(
zOQ#a?n!OWhV$a(Tpgrt-I1JWT0V?IMt~?KM;|o!?N71aqHrn)<zA3po+LV;O;vpID
zpbf8~`#xd5T@-umhSS~g4wpW`Zd&sw$=Jyg_hL!kfX-j7jZk!{U)iepPO99EKl==v
zzaJ<B$ePmyRKeK%dUp`I0x+>I<)XT+j6N&rJ&1MFskL<B*4C22?RDv@cf%A5-C2Xk
zX|~^xzb?Sb@>*g7t!>J$v2+8dT$qQVKUM|nHP7#`iT$Bc_#T2%y6PFTGj=`<>1^bO
zImqZQ^#2gMUOH{y2@})rQrK0Br2DRb4!mh)!Sv^Qs4ST5Uf<Fi*+aAj%!0w2D07=#
zmm17?=bb;Bz`*qpCb1mRzvbFxiv}DIVm(-t*DRZkT$)-l<eOX$UjlE>eED?H=lL)l
zbg(YKPwX}&$FEu$Rm=<3^bXs4ov%)R0D1%@E6-H4@{V&0axjV2W~voD0g%1VFh{Hl
zimF89@>9+W58wf^s6llas{Lxe5~_wY^Rr-B26!>E6QT=+d3hZ1qPu%nkY+?kCm$-j
z@i$6b5sleKk2wMPxdEeW*}>IFKB)GG(4jdjI`~iXW#nvP_<)bxiqIfPOK%qP8RCLH
z+;FD19S`YgGWP~!w1`{>WX~h21s??;hNFEWA9{a>`2`j93l!3-p!&-~XYJnmn=ZXa
zqRLKe{5R+NN{;9F(hAJ48{TXKABNQ0*K<WC{O^e-u@LAJ#!=?I=a%#rYp~GBoM(Y>
zntAX`9(|W2moh)qjT=Da!et=8+pO5})M;J;p7)&F0Qo>hahpuHv22T3^44k{Ka}dM
z9+z2ONC*~(bwL<g)4IYThucf_2T%1w{usXC%SDg+!D_=!Kf5dX=c<y|T@(PJ^SjuK
z#|kuuu|O*qmv1#zG3z!CFwexC__wP0I9$`(L{28OM+Lyeu0`qs_4x4ENfqtKn|H&Y
z&(Thsv|Mh89xa^d%|TUwZ5RrFVbF0$F_yd+sMwX34d<`UXgz~rh`|14BsNyiJt@13
z0aR{@xq)@PfO>DEOB2njLts^^{U0Z0aB`1jFUpshz+q}s{#y(w@ueCW(H2FLfgiJT
zOGl`M)6sYYJ_`ewY5=PJY%{pHE3_9>nQRc#w_{};YOz&x7hXl3Y5k!X9Dmtc>PMWc
zFA`L}#~Y(;^6b+6fb53aM$EMNb^C;*SP#j;LVBi^<(;Q@UrY^uVD`=k8NSV=kzK^@
zbJK*u^q$uVYj#lZ!Y!EF>fb;y@BcXOkvx?RE$n8~fu}(SjDEItXe%#qOTUR{onwUV
z-qSjLoR4<5hf?7tE6}?@W`6jp+=~^NUAs_7YhI@hvDtH_O7<>5w=^#&U334mS%U>$
zy9Hq`*gS$<Fg0Q==6Ut34K-{RLzQtx=3;{Ctln8~-a4`qLaY)JFuy|kI*<fABhMvI
zp%;d@Be&bLH|sLa>^<?My-7ivC$|vHoi6|J$J7h<f)}=>)ewHs9(T&ii$3M*C8Iw7
zT4;IzQ%#4-Tm_fT?~X2MMv<B$O|rr61MNlkI^4=c&bgbbI?kIFNz#&WNuFry4BAjH
zGnz>di>)hJjPX=rgJ9rB%6G?Dtz^L7NW2Gol@Xq9P+@=+ML7c-8Z(4!$fWBfNb2kS
zKo=EWAt?E2?i`Rl4g;I;>6jI>y_=Y6jZW&R7UxPa+vMNet3U@N*QPp~FE)Y-dWN=q
z)`dF=It7;-bmBe<ev^MMKq3+N8fca9O0pRTJPLfOYHDsCIZ0G1o(mD@DBW><mR^%K
zz$hBc--ZTm3!QR@NnCY(9Jel!W#oW{e+mEk-e)6<mVds(`QOaBq$r!H=hbh13pix&
z?mycopNoXD$Y$y=g8pvNjP)L)BcBogkMB2-IJ@H%W<}0mL;nrvBj|~x?G$Qbs%jS+
zJDS;T7@N*<hX#}!!^Q9>sm1wi&iYGxoA(zMB4@u!D6~t3giQRU_z4120Ub(Y8ivns
z9{7Tm!WI{Os}X-{S;oCI`vyKH4wtU}IxBY$#J>Ls5)bbkQ~j|g)HD*Yg-|%5fBpv>
z*Y8cV&&dgrd3b1I`j%k+^Cj=YKp9?uSt{*{Q9a%H?;eO#xsZLl1f}=Avo|((f|@#j
zB-GGxg+q6Z=f)q?qRNSb^E*Hs{!P`({78kh?&OWlE>}m=@=Nv)iIfu%LFJlb0EAu%
z4}YWV;5Bn0^x%8P66xl0$Hw&-A6)HFp#9}bvBS9tfQ|xxuCERtjb8zB09C6iC+p{J
z6sivng6#Gwek6r@E;26rcGz6ie{xPBD3h9uI*3LY>?fZg*b-^ZBiHiaBW~12Dv!gs
zX^Nlhq#VqbjjGOS`MF*|Pa|GUG=$roXXRT$goh)CiZGNmc61{RALogjV&>m^)dm)a
z(bo8s3bp0grYVx~K0FKj#ZoSVf@u7Ym$qH*aS07!Z=kT&sYzvgS9AEGO|eJcM*;h*
z(u~dk?J(<HDqw`Z#H`@X%4d%4@yznx41eJn566b_Tr%S+>DCKB!|Yv}c9?+`299W$
zD#dQE52p3C`8t3`=cU>a@H!?r8Q@jG`%phVu&Y)|0`jOy``$vg>s;I2zVbn@qMET(
zf4DCJ8Hw@J(-~Deb@N)*t3bL4Q91+kn{NCDSGf{<YlKp;%Upfa*@Ibx1Hq2S6C(DU
zNJ?7?HulgfnE+zF>grHo=+7NFN~Pf?Bjg8A*lDn|ePGe5HY?A-tBpTz7X!BM&r*BS
z!<&SG1iu#r2_RZ>YcFfI{Gi#*fRARriQ!aaH2{WlktX#x$>iNn=61&@sx1dMBJ}>L
zeOL0;LNg-<b8Z=sn#a8SojxX{j;;5qW8s~R1~lnVA}u(~!DU)e`%M^O&+dlfdL6UO
zlZ^~2%z@XG&&H~zUsvo34e7Y=++~$(n0Llk%GWkx6_8=vKJydf-oYpDSEA<#uJ;iV
z8e9ue-jzpW%H%P`Gm>3c$h{iH8v+-X@~!*}c3G<h*Y{Z1z3iGY*d*T{=UbV{iD3q`
zZjCyqwp-`XGC3F0-4vG^S)0PzdBU3gc>UHtxSsuzHtKrWZDcMo+!=CABAh2Z*s0}k
zfGfD9n#$5dMWp8?N>?SAGQ<~x-qzTi+-^ona+F`APlRY6$QM;szWr7CO+hQT9)0<h
zcJVS*UoJfjX5C;HJ*0-(E7VJgaA{-G-;7a+EPym%e^z?i2j@Z>YFIzs1`Y{%lg?eo
z`t1FYis$<_-E1@|5f)Sk?h)4^5tcKsl#qV2{(<TiIb9@_pP81Qd&xmfFs;j%)?E8b
zdMPb6NTUzoEX<V+eYykHcu!P}qAjr}ar+exuXxvCuB(l!x_W5Q`7ay6-_RiWm1}Zg
zBryWBmF?0;w3Rj}!PTFx@~nSJ?!&XFQlR}OL!V(cKdv#;QfSMC_Jop9-2mOyKqV@X
zRJmR_NTSNgF-+jHtr?4wCyI|5J3%yh__SPklvNsQWRb}zT4IybRerv)=YO*vVd~N@
zMv-}6TIvD=snb)2V%@8id&=g8G=1Es+ao85aYwPEz15`-$ykRMo6{dl?wXdyTKTr2
zyrCfqWZ0D=@h`MW<6O@oF;IseMV4ttJHANS_3L~2`Vt6x>3MEB%x@Wc0bI|`ZYvDN
z{J0>@wOh$cFWM>2yGeOczG0T&9?AERq($J`74GC;>yck;cSOx|(ztpz`S!Fv{Yj<l
zb;pwlbkTIZQ3mn`Kr7E>+Miy482`o4+X(?^M&;TNgDo}Bww7EDGR}ZZ$lCiqVag`K
zV%d{ttVI7g+3Qjg3jm%>ieS_6R$Gk9O7*hvM=<U9<%V_6lrfE&qXuT3b0%@S<?SER
zm3{zzlT5TXW@Vj{`jS8Fxrimu-h$k}(KtWy;ySH#&>X)hA#Dv?g8n1FSXaO>%y3EV
zxc1T7+M1gdgzM}VejcT2cl8}t#gf?nBIEdd=;hGijLM__=HNV^%EG#`2PN-PnwNip
zHifldteRVj0MII#-nx-qF#nq`ap+Iu;B?>9)2G%JLiFj2SRem219`5i^i6^L5|l`B
z(e?^$+odSdu;c6swv?9cFe`YZaB*FmRU%!OE$Mch=-Q!(dODb!)tYzpFOb{-j9=P(
zTxgB}Mzv?C^(vJLYx?0=kj$oU36$zZl9w{*H%{hhUcuJCnc0ewBKJR$Q+OXvW@VS`
zAYW20#7KQhxw0i=^_2k2>Fn~5(KjU2&JEKTOH7*^jpRPp{_Tw47j3ye&D?We;*%6y
z;L7019;^tNuhWhrfg*%Z@M2Cj3I~jkpjPRxY5Pk&a9&9HevHkiULV7%VBn!MTpwTK
z93hz_x_!?|6+OWzcE?CSEf}kw{8CjeK3+?B%$R<^z^iEN*@1N)O9EEJrI~$+sq%|V
zY}y-Cy)!oU=t3W>45>s&mTxc0cfRAPXIdO%Fev|5ZdH^=y|H6BM4Ye$OV!R6MNZ&P
z7?YS6ZjF4Do2kqfo|#bPbLtpAaeDg6mvUt-qAD238~as41RkX^@fYqJ{DF|X5D{!D
zn|iydr^Ti$oPtHd*{31YZ!hc+?>TJ(e*&!-K1Esdm|vH`59Q=O4rzY4WvLt}x}VG2
zC9XI<^#eC5_hls+jjv;mTJ|F(LlTXSdoK=$?(AjMe|7|KFhXH(AyZO#JQXJ-NsTFN
zsH2a}U#V`n+O@A+IQK^!DR83j@aFRZ$jcl0e^{~?kUq~}VxPzxL7vLP9_Ud1=?x(s
zb%#pP&^oj|w=vaK5Zl$GjEvge7BsPY$3pD4Nu|VFqO8U>%jK+*V8@)y`NEu_`!M@Q
zd83WraliwP=>nek?dS!e4~Ak)3c@kZ$rLw&BF$Dw5!8@5-1O1EzjI|1_s@b{tq6>}
z!-cJ12cHCENQ15NHIF_^5CmSDq!6~5faQuL5xdun`AWDGc9lfVz$5Xicu6t#OIMdR
zb6EH3hlrG>2w0zy-~L@MIfcx7y-Jpf^xKxtqlC`0-@=_<ga|J_>Hhl8#^e&soBm7j
z4tKtfVVQH&D55R~;rs0Dx%B(4q(-T$lLg`h?G99N?X8<}7`l)#c~$>#OvdOkOTLBB
zVd1I?Mj>wvbIv4&#w)Moo3^sN9kS^)@B*0dNO<b<0MWH9WkigO2B>adP1m21gw{@{
zcOBv41o9zhLSwx853SdN?H@YFqz1TC&bescb%mBTaetxXd0@Jrw4uMmEIYo%Gjd@W
zb#KHa_SgayAK>FN)$=t<NSqN~+WwPmz`*Hckb-V=1cVP!o_27xA8-um0Az8OEM&?*
zqScZdD02i)XYSLu^b1YLC;&cVi`f3)wT1XZQHpOem7m289>0;EN3oB`D8MFOT8Ztk
zQ1;STwQRm85GVf+%BKFG=J!s&>?v#T@oM{X-5S#PMa&YH$;z9JX|<!76)lT?tgScp
zfysV;n#}5!`4vQSlHV|S`r?Y4Md~I=>p)`Q@XQ=aBMhW5?vidD!Ld>K_%{5~YLJe3
zPwE{zsk9jEJnWJ|9KS}gH~$;pw84KtLd7RBAfWw#S<^8NCj*Z(=BFId#8l?4&K(bg
zp`L3D`aX?D?rnL79Ihe#IsrefYV{{Rc7fbKz%jZJCv#@Im{{z+hIiCg)2a*IGzJ?{
z8#a@^Nt$utZ;h&2IcaBoxE;3B9Sr-zKq+d5vqPf5=`#E0tnM4J8WMGyte1~N1Nm|#
z-n+Y6wMRLco<>FgMljtHz#Gm<vr0bVJtHIuIFn3jhiV&e^ePLNLYWA&KYuRez|&;C
z`*@+)NB6KFDv*JHev_)|*v2D;R~4P@0Bw!Jl}iwIb99JfD9iG+WVS?&aD7T$S*7F*
z58bG3w>0)GTfh0~8k!^hS@shoT$C@jSlCAWVe+j8pN565C>eU8QwE7zM1ze*$4-uu
zw`lbT9$TBjoS!>bq0!}e5|h2NO~H>+05`_wuV9P|illg!zDfN7?I0>u>oAxwrllnF
zC{35vU^nXxabORBs1~A_|I|Y0bp>)s?M10G>(vb)erwysp{feT*Yb^{zDo$pz$xk=
zwl7x3Hj@<=>+E_XS^MCzIIKNlZsNQ4GMi>ModF&xAidh)QE}M(&65T5hC_sE9@Ltj
zlI}HY_Ft7wuM0zioBq#`^EYL|y2R)^Ui@C1cTQ9T5m5J?NY`m4WmafA_9Bt0UtF|d
zz<kE^Rx^r}LO;7?C^M{bf&3eh=e)VjSMt63B(eYG33?Rpj^NqbpB2kMs?E%9m3>X_
zIjOl828UGhzl~&JaP^2+YYhu?HtGW+-pK?u&xtn1y`_eao!QUwAhNlrx$_>jND}p%
za~%h3L3h*?IkQLPR1z0*y@{^RiB0jEi|$@KK|vuOdRFDb8X_BXwQp}n-@GZV^?Uyj
zInKgi8-cKboc_GW(buf2bF^SZ6bO%x)d6pT8!%UaU6hJaob!M5C?W}mnK>_!ZCu>6
z<Gb5DdUuu=qdWMC{Okpgm6JeTosA;YeXiBO&S6xW`jv$BjC9ItNhI7gVFa9`iA))X
zU%h$`#^UV%jE_f*7rOFjd%d_`p7^h+IDGNyvfaYEOUN8J-c=*DMT)}RjvJ@v*^!Gr
z48_z=?_OG4j5rMji0qIYL}%IRO~5N)xIduOfKb4Kyp0+!KylqU$I}eaFoT1iHlEuR
zAn5-Tz-bQ~iMVM9h^XY5Ynoo@yyN^FPVR4XW~Jq=Kd3^0m9k659m-R^B{!9PK2r@B
z>U0xBsZ2BlpQg*;LzAXq#Yd$Ow6{f7k0GYMPPh)bmXI>_jKz3-LHdjJ-j)jy$b6t`
z6>>U=3OAGQ^D7{uk`&y&zv*hybX6fCM|idNsa5vV^2_kE1EY<%G~O1J$b*Oo4S!MF
ze4~yqqMsqJW<Um}G#T!i5pvxxKTr9A(XQyG;0A6lL==AB_rRIUVj)|f*JPIbd4)y^
z%2D*Fh-z304oM9lg;bX4*YM?1#2FZtBzil1>x0%Em-ckE?We|{HENyLb8Zl4Yfg;D
zq2@AcuxHRislmsAS&_SXYOzryIGWcXWuQMxfr|&FVJiWSJZjv8AHw0S6Kk1)SRDX|
zP?w@!EATB>9H%*v2dW#?un-uPH9i85;99(o6$111u?g1=-uHb%GJ0ox2J)p;pM;a?
zu7a-0?i9D=TOWt+QjLUZ2{bin726zMwgNt(46cU%pm46~c({0Id3Z=FNoGdG?XR%N
z@yIi!Gp#p(I972XL^|_{=2ks?%uh_Alo+wrU#@a2l|~>^2xFa*+=*I#NsKM6vBXBt
zm4<zXxIcbX89k@P(M*a{<4SJM&Gpr4h;r=(3Uj`Dx>Fq8U*E&jiP31{GAE@7HIwtz
z<aBG+G``|OhOupSTS9$GOYK)`1ZrGaF_L%!gCx9IuFqznkavAW8DDYQQ~pLMvB;{K
z;@X9!dERp}7`=MuyvN#<P+@+6n3ZyBa#sx_ahtXAKH;ID{6c6(>Fyly?k@xOsP^|3
zu{fcW@a3<BP=_!6z}Jr}uaQ4=7j9!G<WRfbc#k*NEPz@H4_ON#hQq&qdTFDeQKKQy
zROe+-)uy#b%EHmuYEv0vmz0h;n*Lj94{N&bYVGd2;BK&-LP8R!6!6(YJ%s9u$enx%
z9Q{3<|2FV?wJ!i?q7+SVY7ob<?XP_1zxnX|MX#exSe63Cu)gLSNeR=fpRlAhy((P7
zc5gt>6u0b|q$LiPX@H$HI5D7ooVdo^)<aZNRw_RBB_{IDsD)cbs`cS)kT@Ff89qK8
zAZfQqkrs{hfPduD*wOA9{$sz-!T55KDVKw9#C}iKsG<*6Rm~{)rq-`4vClf~Ek2$r
z(e{S<Bj|F)H4FQ<oQkqA?a-p<yj%ofaV}T6SG+hS)`^m>SE4i`)a;I2q)6p6>p(WB
zy&bf=*^FVTmo$1pJzYL(u%nq0H~q+&Fb*Emel6BNV-U=sgD@id;&n<4Mkoa5C(Oo9
zhL4q8%pNrvOXb=|;N4hGpn~3Ih+Ijp%^6~Bks_1;ZFkCGom!huH+ykDO`gM%23_yP
zu1g}tcB28i-npmm!4WlD1$?(x=AnO7eV=)C_+4^98uPFOi(F9RXz>qDieIc}7c?gW
zSy1OYhjGhmIA)+Sfpc~7!Pms8RAQ$sEMk{4KN-J@>P(1THJs3@zel-FJG)8lXSnjB
zmg|W+KDz|~mTwd!Brl}qfcuoB;ZN8@KF~I28m9NT{xw+IhER!!89+}&A?M%RtJf8C
zsYVp$p0#kim($3}4%`*bZif}?ehn{MseB1Fxo3+TCh)&lRUY3txRbcTOBe(%a!D!p
zVfs5KF5tKdJmL9WM2_#cGD-12Ru2AP!sGd@I}<1%I1&s0`$VQy_cquqa-Ea2$*T^(
z+V>>Iwjtjro-EP|kJ7({rystgQnM&{$xA5ir_Dz)sTaAB&6lp?ooll<gv8X7wG&5i
zXEte1=+{}~BHl-l2Pt5|Eim;9_Sp!W`==YXvzYX`b`=%w0C@DZSm(8yByrmH1v(=a
zxiHUp|7719JM`-EkUJ_(V!YTy{O8P;iRQ?)frj@znWn7S3B?;9b*13rHR3Q0y~-@T
z5)~ElwEn%0H#uwWvH0WIIs@=rMowj7;!x;&yB4Y+zc9qt`mu&jq4E*1q90?1$DMC&
zTh3&$H<0e7@_pnyv6p+ir{(%UfP8JDguR?!6Mg){{K#FQJ7^Gd`PEg-RXx?<8RShQ
zs@x*~K5f=YUn+I8j8(=-tln--y4d!~zcunqplA#7%szB|)S)XPHdOL&ux`DOv0Qb5
z>`7iJI2#>&e+zM0jAaRsXvC{$o)U0VvqBDn9Aetzt_cJc#WK|$>-y<FNzdTk;hxq!
zuFM{-UgV&6+pKC{VL(2Tx51cz(%WHp)d*ZS0Sg8JZJzV%H{Mx7o0cf^!*tY(axy*y
zt^};|++JI0w?l5o%$j#jLWY#$ffPeV&DmR%N__!gZcfO{-MQ(c9zb<#rW}81>)-^R
zrCZUMJIiFGMsraGkcX_=dagliyH54H(G8BxPOiHBL0_+;=h(sSReAZayvNw8hkvwz
zbI|C>vzxYFiXKxH@!Qu}>NxmvdNt?U@JynJ8w#%XfC_sNJQ*Lhe4kw!@(i1o3cqN_
z-&8jvBtK<nMMD%#i0<B7{w2hL+5Yj>U}&%Bn1&xbd)akeM0CE{TVG4--++9?dnS>p
z{n5?oKxnT|wbJBDiyV-?Zp2L;E*D3MMUGbLmtWkXV8Q5G@G1%3DP}4&G912;in-m$
z;xHUC7^W}2@<B;8B}UE2y9g_D;JIN<`r^WE>HFvsEqK6E%ylj!@(`bT6*48=jjEdj
z;M0bqCBqd7>#(n-is_}T7q3aDRRZBg>PEnbhwr@)J>#=4%ugWSwY#ef7RC8E$I9&$
zV9+slH34|>ZynvRbB)#O<89{c5)a)0xvGLFs^2PwUBC~Tfwu84VGfCq{e45$d4rtW
zE2ZX|Xb)dTD(@OE<PutTa4(Np)Z$b|Y&6n5uhoDt-4aR*p`aHd`<unNP-KSY;O0ai
zk@Ig0^_*548fqCo5qo)Mi4{4qdIw8N{4t~zEkJ07J|%HTV)@8;Oxfb7FXvQ)DoXhb
zF3r5Yuux-2!d@C`E3X+^&>X(0-y4OtHZi&Q(J?Mz5xc2t2B}Jzyg60VG3Hz@t|uNO
z#`*p5BSg-Kg?n)JJ?QqNIvN)J1WSF$&p9%@p^E-Y-dMDMO}_Ingy_2%V55x&XFNk=
zzpb^4jd}5?Mi9$Qhy&Wk-)p1nibiX<)>KQpcI2K0H}|ZHBBS*tR9>DZ=SyN`Q_<ae
z>kVc<iW<HKPUXyHEHZjEkmqUQ;D-K;wq!74(6PSf92}V5%A++{0keTU6=_^vAFZW-
zwC0j1-AhFU2iNwy{j)DE#Rz4f0(H8ORA!&E*RF-nF2h7yD2t0vlEX%o@z5zWiY53?
zZaRV?_~A;DQIo`z@_2q@Jn_Awq)};Ij-{IYDS;rZQLSVu)lJKEXoF~xkF>#<;Rhp0
zQ@_jkra=vI*}`mT?2#+dwiVA8W8343Ov05+mDd|LNkzF*yJDL2g9jhueQO=fgD&^r
z={Rd_k;aVE=1F6Ln=Xr-_~Q%R0i~42j?>=;ZhC=la9)NYVKMN0JFu@u6sO7#rsWo@
zJ1%G6QjDk6l(H=@=qQ^4M(Mf{;Y@FN@Me!=@lu6{6p0nAN*Zw9Z($v(mRuih<f9}^
zc751RwGLuqDY4rF2|EAb$$WKf27mL%&(9X;D4ArNpy9-odu!NzyJzLey^kXtlGWox
zyfNsl-D^e2#7j3&(Tnp)#Tui_8s)R1_k}2nb|s-XoLb#muvOt$szGxE$L}rfY1jj3
z;0QLXPC05VE*ECQf$#fFxW^Y_J%(xgJBQ|mhy2cd&0gg-PW9T+y-q*nmLl*lA)J8O
zhwv}l9O5VvtC)(7<swr*(0(JlvnJN|lS0~I^o{QqO%dhxL*Y!X=!1<aW~Pt)S*S?o
zXU4Ye2{ZpdediIc?eekW%^B*JL~!Mzds6K!FvH2Bm|MOID@U~+sf9m1VQf1$s&-gC
z$D*3LdYQ<rsELdVr+qIIIaK>1N+L6i1|X)Rj;2Eu$0Lg>eab6bn$0^7<QBC8Gs?Zg
zPpq>i0o1vgOQ(5aePfvDePOUcM>38f*1=@FAU7?0DJVaoy=ab61xH_4^`=!z1~b0b
zlulKCks$9~?vw%zjlFt!x39~<xV%7|zC4Ue!B(B-+)GdTvlcL_Zl2L-Of8gjNmQCh
z{t|BP1Ws{6sHM?q=`>r9$R+n&Z|xcf3O=arQ(~LkM@DP#18`N$P_6YvUEg%JtlW*T
zC45}`WM6UQ20XgVW%cwr_Hp{o`h!k*j>K;7!(CDKZQ%z)%9!B?gtxEs>|LNC2An))
zi{HO<NK6F+JHp3q9&HSQ$re5621FH8qRK&6$G@7;0x0Z#l*wgv7jD=Z73{OS4MV@B
zGcS`<$H9KpD)(-lh78)NyYb->5BGC8URPvo?{&^41f$OteOc7lmYZb+nZqZ})JnNM
zf<Xh6GVgP#R*juvY{Yy%^Nh~ik?%Gx$b!i@U#c4$w6)9%G)9lC!01v<rPrLw9yUga
za2zVmbhW6MgUfu&a%4`c`gxrJJ;QTTKeIR3nsZq@B=oklpmZKpt3oi{Jh)B*1|lr9
zqBy8FvAJoyr<E3^#wHz!fScA8<3fp(7suPV(L3rl<fWZc^eJj^?5iC={psd~6Jy*$
z*J!~zPO6u1)}OWH+6_*fcUGsQriS|t#0|Wm2kp~p=c0S-i;$L@_@lBtPMK?se{*s&
zQY&xt)72Cf#;EPH^<Qm>%MWJwr+Go|USS!@Tqo8z5%K=xF9zxJDV0nH+y|=bV|Uj1
zmaV6Ff2~u)u{iMWfxocOf$!4oOgScYk^1_+xEe>%wcsW_{2IXCC!m|#yZcg0uD&^=
z>x+n}Jx4#*-PPQa-g7|V7wSBBr^3vIH<IQOUGxPD3nL36a|`bLj_$w(ZEJ7=xr95t
zG>tpIbB<fGo9k$nwKKq-RK$@MmnMoE3ID!CkAz^Q_cgi4mOnSp&K5CP`p&&14pPVj
zvs*hNyTV}4Q95{}ja6#c7HID~u#{HGBgtt%99}pMnVK?grfJ~Fzn~L&*GXWhsm6%E
zVEVS5_JhL|2CcB@??V+uiXU?ynsGyFaigdApMztx_};H&vX<pWD_qr;FsR0(>Sr94
z&g~_F%4#rSI9Xj`mEj3Zi$K0JTV22#0vv{c!|W(;mT)!EC$mtV3M1kuI1c`5PK8#w
zlc^D8WD@rbp~r$^kAU}}?kHWP2~u<xMnHexQwX!=RL)H)*DQEgg}I9aQE*x-YsQ3e
zBRY8oM1huz-ff2NamvJ&1RwQqLLM2Qj_gbH|F#wuW?G8dta4>LN)nPI5KM9VP+dUg
zpy(Zh>YI9+XmY->=vQi-gN8dh2fzN0s+`XP`V_(?D64^KTSl*5u9x0+w_A5Tx?LkT
zi>~Yu(`I62i9w?@T?|m7vDwDcc|8AMU)o}nKJzVnBcBR`_llG|@&~KAjL+Ok8Debd
zfwW?`ZFSM_9&w0DKF3xz*6U0+3Lqgj7d!IAWiXX`t`DCM&m6M}s)}}Eh`Fhr5tr}R
z*AsG?llF)1%;P&_b!doNpAA7x(m4t*M01Ah`Bq+0jzZE*BCz$%e}2wQ?in-7YX4K!
z^C<|}F(yz9LC}r^j*w(X7Kiz7xEzlcl9LHNSNa|_c&MRUUz5p&3isze(-zgwxR=@d
zev6A7T->Eg2lZD}1Ir;Av`c5?SOy20`SOsl@({RHIYEQid?<0`kBmE|tE%ter*|g&
zB)}09Q&;-Va5|9s5>2ZS>wa;G&B<B6w_lOlLc(~^uKTXS&8(O8rB#TdZtr-8!mht0
zvpQWYmj*#}CkgA`f}1cqdG~;&_e~Y@b`J(~LUk&KY6vyco!-nRr>Cc9IEDI?948Su
zsc}__Xs<dvsOGaJkBfQx_1SOO<h!M|F7HWurBB)9IQ3Rbmal0M;sI52Bx^}cdhPiB
zAvi`*Gco@yIYAdAQ&pxm^0E9ujO3E}$ltCw!P_k-n6)rH-_(k%xQhd_CFbufwnvCr
zw5ct!$IMsen%gggXxOvw(V^1!*fS*FxXJMZ^RpuuaB1_%r5Ih33lr?gGx~4zW#$UZ
z&ELb^iXjDA^lzNCzoqE(W<|vU(kgci1g#Tpk<QL}g3{a&jOT$rzoEUX&~L60L9WBh
zd|Z<P{0#ca6zwruK{HP|wBN|y-@Y0wYB^SeQG5dw>FqkEwE$NdgznT@3f`;{4S6&k
zmufP%_@X@Ef8{s`gifX|mjPcrmkypYP%c(-08l0-wIil#Jh(2JmqRE`uO%28H>%u>
zjO9;k?CgU{hNxXdC>MR2hRz8CoAi_^rmp-AS_+Gkoe9l9Y2;z++v79-ac{l&#^IFU
zIGi7nqry=&@TpVL&!+`*b8hUR+aQQ!-_fhdJK0W9x!me1n3TZO6wa<e_B{MwyyyU3
zl5RZ#krl-mV?-A>tu+yQMX236nMY8;=;1?~ymHPY6mxR`vAF3|LW8R7;6=I9g_+NW
zfv*lD-W<g1(ctSV=mH>&ZXxb4S>rYi|5lIw6#9SiC{Dwk9<!BE0-;5XK?#}zm-@;B
zfV?^YLMAs`iPNy#jm}l&cJ-BL-sjghCl6>`7|QCrYd_Y>g@##qyY`k%PMo<}7~Bqe
z<`)JXLNKV08vvu4*}#P(&x>>Yk4Jvvz5O20LrBS^q=rvdzo}wS7~{gg8^YoBO=!Wz
zs|E*!PME!oJUj-BYp!1K-?y-h*KfClJ+R{;d#Is_&7sR)fGz=+@tUC4Sr=Z)Y{X+k
zVOM|aM&qyV7V5{7H9>ZD(r_oB_IFJbQX7qUwOznMEvo#uF?%~~oxztW7nBPV*%OHM
zlIb>Xdt)&v!&%!LOp#qiC>b696K1xM;FNT{j$G-x8)zn3B|pSue4rE!2K+w-YdnS=
zSNb;Z1jJx~5Unt%Lr5R0Qy7z3Ul5l~;BPo;2BGs8&GDKGo>iVNl(=JJROoDA1+ou|
z%@54=FE%3+bvuMDmIexPE}NP}-1V{@h>O%eOMMnTXPj=K|Dl$<8x#`pzgo30)J~mQ
z2(8R@KjQZG)>#|vdV(P{vOkGSC2&u*fmZiR<u%VEbO_&|9N1ooh|I+c3OnUxTR|s1
zt7-%J+GWehkX=8K%i3A7rT}(qeUb}J98HK1EYWnBaNcU+%>N8J%ju(oaK&sW=XC+{
zF{oSt_oqR=o0iYiK=X|H3#p)So?>Of^vJ%zJ80}C9&_p;CH=Wx_n(EjeEcD|iQn<&
z6+N(Iw}3VY877i#giaO_DHy|3ZQI4eWGM)jh`d{+4h#ID_ecuBzh>_X1Jp?$#v)6t
zQ1Q7#>I=7*tjUaB3X+U6VL_KDBtr=43ek_3Hw^Nk&7-Bc0!2daS6@e<UIPH5+^JK(
z0u6lHksAuLh?@diP{jB#NqsY8{nq~c@}_rnqkzfzL~EjA_n5?)K$6(vJ%OOLI#q93
zlOh!E@6c~I@Bb&PRFpPyFO&oO${R1}hrTIakcmb&yd?}GnmdPv=<<rt*sP$G+k%@N
zPf1r2wdAafZn?g@zoI4rl+$kYMJyfY{^YtXSBCL;?u6g_n=lkw<Yedq5=C2@l%+WT
z&orU?*4z)EcQ#;G4=p__xltJ%FWj_!l})Dic2Aa0q@z-!_DR_B@uT*+So;9V^L?!z
zA(YKphc;q5m;ROzH;vIG8jXZh<_;5MM{!AoJfRS=(a8|bmLYv(u$uv-|4*yUoMh{#
zLfb{AHw8ae2MXaD%8VTB-)t6RlwC`;t$A@sMY*q96i_3?1h{rs9ekcbr;dnp@;LHo
zhxxGFp<Wr5;tJxW)-E&7vaW@~gZDaH70a&gZ~{~qs;2s_!lF671Nu#R-NxNUNHB|0
zqwFLUbJ+<Q-Atk14Dv#En{7{+*Y+j<c)J>haI_Z6xU*QP%Dp%*2tj0Xe!KZ5h^AY9
zcDQ-(Gv|K$2&=N|)Nh`1PM)7KSzcZQ$<wT)_rVZuX`+C@6O52O)FE|Yqxp9CGSVAM
zKr%N(PWYis$lPUwN2wBC@m9+Ndrw{8zHv3o>EhJpKkogb<&dkijPqVVP`J?ro9G%=
z<0<ij^Zq`F1}?hIEFXV^zUlXl&Ep8d2O+0rJ@2ghe>d5U&8BQg;PA*vfz_8M664OV
z=a2lpnS3&G)M{lvwY~>w#_m;Le^zv-2-}aeR^mIvk1JBrn{#-Hn~-BdEY6=3SK7~^
zv2%x`t~hkPRCC3H(^1RLRR2`242)CU1BY&+BQg+O1*)FHqtFM<SY-2Jd_gTGJaRfd
zppGkpwLJ6L|JLC%M`BjtFy!VS3h&xtGpyR}5B5j46g*K~MJbxt(BWyjRJP}+)`s?_
zSb|z!GNV&puM!6?-WR^e3eqn{1Iy`g1mq<GbED8BEcfp?34TR(>{eJTcI4;UgeCJ&
zX6gVC)Sp{!zz)h>B-F`V)y|dm9r#9n<`=(3Hpg+CdZ_GGMW{w!bmwl>?gvHZIMf$5
zpV{3}<DY%<P#pdV8&^3$;)%&(7U9VvWyIr2<v~Epe!IyVe!Smy#!E?=i5X4GGL3?L
zH;x!sf{nLkkV!ZT#<?<T5$wb66o<+JlpbNN{XyZ>lt-HvuOt_;j`c5z(bW;(qt+}8
zBfgh@k9+|g@<cUi(KBkL($M`g@J+E#Xq^flkE@y9TEv-5bt^3<ks^-bky_UL%BxCS
z-Zxqw=4%&5GP`-0BUsi(fwnchT+~NjGR%r#14^9mnN{hzIEztRc3X71RO0SIH%Z~)
zz?VT#)RiyK(=Teu`&pEiFh?7P`5nI-);V@iHjYRhMf!$qAfj|4FkPQmSf^F|ZJ=uO
zaR{mm^IUOcw=Oq!eRgccxwL!T?A*s@3sZde_tTRko7XbgRCDX;m2&RQLqrt<IrgU}
zmE%ZOfa(mFVn>6zQ)E_S#1@OP$r5&8B5rrHy)}~Se!4_tvNybE^V#TFWV(anK@#qx
z>qshgJlVlcGeIzam(_m!!RL1t-E5rTlUc4r_(G*+pZpvC@W_i_-g>A=d2<U-uBODE
zLCoMt#XNL8<H95@*wphDqYR6-j|wL=hS+v^kKjp$I1dT)ozWg#HB<+{!l|i_k`$o!
z*Oxz4TK`aa41#)p+F$(5$slS~&M&KjGNGpC#C59|`<^%?JrjxiNp{B^Lj3_>mSR(L
zse(^4x}m~XKKFBs)Vs~uRQswutS@R~WsefZxahoxyh!-}0dPQ%zqsXKU7Ng(S0yWm
z3{Kvcl19<Nw&D+IbZe_eBEjm#$Cga;koNP~ml*XQ0qntNp`D$ybF9a+oK6`j*AQwu
z>&|Op6*;48n!9>t6za-^<>sJ!4p()%+BRj28#}wL7W+V8<(VF~VfG(;E85!^k1M+S
z7}(Zw8afGGRDo*cW~5Hh(CY53ivq8ZsVlZdv~AVLcS#5jC_74}Va(yTk3q}Fi0jyv
z-d!PKRY^{?(iftuF>dd?v%ToyQ^s8F+1(?y=YTEK%H6)oXTvh+6!T+PR(J!KIYDz7
z)}38BoxzU}dWkdLaqO<Kdg?0Yd$!<teb9QhwJ9dnr_7D6Dha-oOPY78g;mnfft@b{
zL{pN@pizRkRUXxxRjL8c6Pqd?IOu_+(z4fC3G9GbfO<R~=U~^obFHKY90p<b05IO+
z0E+Y;0;W|SF!f{=>(13_H;VbGfNCDxm2Ms;ix-;D05=USTh__K1&@2c1=&UKQs59C
z@Ed1rsz-(}{5|38sy0_Nk9d3Dc7xovY=A%kJmT;KhlijFsA*E|SkNgC0qD)<8Z>IT
z_kaLk7UqidRS9{FEMP8rGrUwyc@hxKn_E`rPdVML;Z-g+byDy*9&dG5ZjAMH0D88H
zwchc3(U@e#Y$bbvYP#y9T^iTmJUrXzROIcg(I1DsmClMb+5mXgoM4UBW3lDUBZqS;
zJ>MDu>a(KQ00&)@Z>jkK;fit2w@7#iKsg@lE?}w4a!0qod!6qqte)Zp&^u3Z3m*5H
z78n&~-H6rC01(7ly3ti(!DCET@*>FL>FRa5*&Y`LR}v{MgEdfsidV0_p;T?{fIGzH
zP$RNX$~jQBi|`9xI)2?8?+s+`L=JWhoT&PF!QeZ`Dc1{kiAQavVvzMWyFsw4M=dvO
zSV@^+92<So8$-}e&0$D}bwasI_lXv(t>Ghb4gm}fb5ltj-~jFu$oZPL-WMUvW%o|+
z2utr!lAl5^70soQdzHH_JTncrHaXTic!$`wpN^X_H7Lwx--m??AkKJHLcN}Nw;bh&
z9I@eB)(0+Vt3KzbA8u6(>hOF^KEvP~BckC{b=nJ2s>jbLTLZ%_2M#K4r*g4LXS@R{
zT%axuA&&u%x4P;JEi#MWVDk?oi3{&`--eB@?aRFJ6?DC9m6|b>hSvKztE%Im5v~b`
z!xlRN_D(2>=DO>``<7b1(WTZNsAw`Dj#asJ3IGG-Y)wLLIO_rR6o%rHPl7>h)B`tY
zK}xV`E<{&VO;5l8v#U6Rf!#IlAol4pPZ3>LR$UOd&n_3~ZbDPC_ExdwRZ`_!%pE}_
z`ul}~`xVX{d<F>m#9FHSGb3mus?2wJ$!d5C7);&K&}3ofCVX={$zJYo>s)*Xs)UJ#
z(}#lV%e}D=5#izLkA>Hr0`c8Fxie@6)8Sl7rN%_IfUtIX3ZO=d!_TqI7BnhgmshV*
z_lLQsVAWHpcXk(^#&b`+1mRMUz$3$i;>6U)VM}m$DH07CG-l9xPSd{Y@E#Y;w0sR#
zaS`sxu%7_ttTx@-aE?MguS@Q{H!{NY)#$F|yRQA<C_o;V8RvOI_-3%UjcdbWj{(x1
zSn}Wm1vs-BBV|@Cn(KAZcT(?nWO%(s+J1cVw0C9ZNxPs$F2Ub47bF6lFt@Yb9`o$(
z*zT8|9=qub7ntKN>Uvo9bnqOznOH_N2b#1xlL$v3qRPDR_lJ8>fb8&M>XIs&oou1z
z^S4B5_+7ok<_Dg$?{T~2uH+ZJyL_>gDGvc|g-~VX<qpLn7$S9WSH0~>J%~&j!Q*zF
zJRTK{WK^<>HpNgNEMm136$-GLhZXVKV|T;Xnx1=vL!Gc5qy|-RxHiUGj5(S_#XBJI
z9>%QR9rf;zM%@{@tINWrh`npPHrO2`durg@jK=!}4*UT=t#@eI%DCqt!m{NTDM#0*
zaNmz;UN*|R2vF8NI4^s{nAgH;VS6c#=sQN?T0D<gac6NAbF%0YJvj%1+%Vu(kl&O=
zRrB>;;PjX?z-SRxjC#rUqrq%85gT3AVA_K>*E6R}A`F!LMmVw~Q8<QZq6MtHx)fpT
z9eg5Yr0Tu)+7uIffr8x<s0SRuS2m!sGs|nL_eF@t?4W=nW?>?TS}IT!e6>ZgG-+bi
zv>zdHUOa=qS3Mq~1T>ay<m%aeG6C-)p!m}AgHx^uG14uWnH5iaNy-N`*}L5nDeYwA
zSz`At0SH0$vNRR37q%6Ov{BL^Db;M!DyM)LH9rRTGrJ2`W>MX>fZ_M6E>y66k7K6X
zjn<EPhn`|Wlv&4s7HtjHEWnOrte%917?aOp3i(YS(V<cF&hg{m`#ocw#|XL^5nl8b
zD0nRv$7`Ty2C7sws<+-YE1!Uqyo1r(%VyZ)zB+y3GSdiHMx|r1lo+HZ9X$6Y_fc+_
zdu*?ETfDfsaJLdy+=fams?`V^6^n-QN)^FX8mXDvJ8&{?bXu5U1Idd5#t76k*?NNA
z@E)Ef>C^4$Da)c~fZKkp3)X|oGO1;I$Mi^5f1*OG{s{`Nw1rppRT8K9Br3W{RegTP
z#roepAM1DclUNF?1BdyifOWWc{!@q}zCzMtUG^3qP{Bfg-xH(2f-^&QFH4^1Q>}a(
zP~#n$c5?>z-*?ksq@DrEAR5Ju_q;p+%mD&GAs=4Nwa5I4`&vE91#nLyM!HXLQ2PEK
zadyYS{C!(#nIF$3zE^ieI{NhE_kF)3(VMq!cg5iQlW|OY_RLl|_4)Yw)L9+^-?f>U
z-wyikCHPHr@|&D9uN~*qDwk_P96(9-PeO>E-puR!=(znK+dgec_i`jo)!nF^@vL_S
z>Uo3ZV}mwNJl=_0u3<;lvZ=0wJ$>(ax2N6`DAunJu4hEH=+WA4uBc!LR#~r_Hz<<$
zErL}xe%;#nbNe-1*>y4e4O87s(7yMEEA!8?ki;nU8s+rrDV-8yk!qz#F&4yqxpD$i
zK$o9&U88{U3>MHQ<6Lsy{b7#!?boWlnY{(#B#z3s4Y%F%&eX&@*Q!-+S~P<2zZ*C7
z*e!f7zRb@b2~mlQ&(c1KD5Xaxn^xUj=J(yj)K)h8Y6<dcEZ(4t)b-?MiTf))F0*TR
zr3$X<c9$IM9nh!p;$G;}m`}pspI>A@G~|N`Bz$)}=EEcC$=kKK9x<nTRC`mVsWIM4
z*0fI2_dy(UichW5&V85lg+BVnUv;;?5nvbsr{?~*ft_^K=@P+%PWtZH#!GnaHp?m1
zeOW#uBD;8g+NjNO-vi^1J;$!EQqPQj72*j;wtG&f(li~@9zPGgbHw>t39ojb4zB69
zwOLh!8!Ir2%(z#IV~3H#AZcU{=+Y(mySjSnsAe2#&969@i5@mG_RA$GHVs7?DlJ4&
zDGF&T5p6QXGK3NUz5AUwpFHD#L)xyNN-1}+)diYNeWPOpy_IMPd@O`QKJp@x0O|t{
zM&7N^m1rDf?e+SB9j9kyvW?N{S-~tc6gVdC%EEiS&6upP{RN0;Wnza0+M~3|uG?9O
zioCwIXAyvrnHcxHd=G#l$H^qkOBWN%w6b8fNC24YCTpduEd$<huXWk#x@X<%_4wt0
zFSk^*4vhkZWmG_M)(p&^6GI8pxMP#v3&a!PB$TR(O+-OO5^QZ6iZ&);MK;oy*`cvx
zO<|gkl1VG&&Rb2Dn+(mo`1-rQFE`eSk_^!Zv%T2c*Q-MO9S*=w$W|&cP65geoYkG@
z9qOCAx*?(1ody#MV)D|^#8A6ibike%W5l-aDBW>6-FBs0RS<R$Z^K?59CAEy#9}EF
z81PJ9LMCXzHx|kwJK(|+0)iAQKR^$xdbZ)Al-Y8n0bqmZ5(LAeWs0hu4|ta?9LqYA
z7_REfFcT+(sllxiN1^CF!B0&noD-0l7B{70$Fh?EV05$q;Dq#mXi`k=Q?r4Xyge}C
zhXm+?PW&7XHOp$A7<hDWXeeNbr4AhDJmZ%)bW;wCr*Hle5Hy0UNQy2N3-~8V6emT?
z#C15j?3o-WCS{n{7_SVbV5m{eKJsTMPeLg=MaKyeC18<NGc+sYBgY3jn<v;kTaI+A
zY2eWX-tCs>U6)Kzn0tGtGm(A5>m}z}qg54TDzj^Nr3$X<c9$IM9nh!p;$G<6z1Fwm
zqE_49UpXaK5=i*&cg==<Uq*CoE!9tQZJy<=EvelzHt;1>oA01DxQ^ZU88Szw6Ti2E
zvzdYdM7k2lfa>{WY$^O6V0Y_-Ga$y1>#=((@!cg`p@)euAhGe~7<Hy#<xG$qh!b}>
z9HwCVEsve~i4blu?jboqv0F71WikVZPE^;bf@OqT354su4jZwUf_h%IsP0DPRjtcs
zJ8+X#LBY^z4%W0uH=b>mELHlfFov~&h-h)njM0zTlfa|^vd2&*f={s6uLI*8OnQpv
z4NYRk83-`>0wRs;5K6QlK13LOcT%8NPC2+JG$R34!L&#hXi!SXVf)ZaVpyPtX6{_a
zjm-HWRr-*s?0sJS-xpsuPoDMGYiWo>CTIyDW+o^g_dDhJp~>FoK4F)aA9FZx=A#8s
zRYoeRG15WmAA29W^O#wm07DIipryf+Fg_YhL5L6*Kqub&x0M~_C$2st`e55@X|iUU
zB7nvOPz55O_8gn%UoibopcVDJxAMOdh9D9qYx=JJy#9BGo?ZEV9B&iAiR<6J>oocO
zaqFGJNhjGyGi<i*S4yYml`pTqu2go?Y^ojZ+MshqPqFpUL+{T-JTyV$6gp`w4Jy29
zr%W-GS7uRlq8?oH$g8~@6<&OFRm?W2UeC>28!cwR5s_lZD;W>65+A+(FWm3zeohbf
z>8X7~F`7)m2`MAqsJ{T#v)e<Cr=IiV-ysnGVa|1j)_hOB_1C&eeR^$X+cPb@q10F8
z)PrcXg;$n}I?6Ud*Vv%p;LAJ%WWevLCmrSlhyn6*eEvm639woy)+U%H%%2DZJL}J(
z{eXS;NztESKb!rfI<HJcDH3F+A!Plnx6QpZy!raWqkeVa&mbqLbI07|kdP_h!HOyf
z;Ut6n59NM`?ah=v9rf-Tk3I$K4&E+w_#c{0ip-_4wHsBn^+-wQ?+?d@|8w_8_ear;
zL{vo>2nh-W7?Ke*(V{)nK4(<;_h^WGVGHx4u5z=FecyRyzLS1<``X&CHufZ9goH@S
z6+3_ipVL0l|8;q~&&)p`ES)g!9bg|_^L+^@`ad;WHk(nkv9jrEufJQ{^T+jfi@?HU
z#F;5TkzPOtp!l3*pUms+^C{MIAb0?tbMKSowT}dczc|gCX3dP`M-S3{_QNtt9UlK=
z@_sBkGW8Me--H5G`7g~4t*d34YUoSH+uMBg=v&&uODQI35<+Oc;3f0(58{?U@c_qY
z+-365%nuq*2p#0&9e-W!huTp?J0yge(uk@t6<EokA^o4M@8d(;a6sfZg`LCCJzv#X
zSjn<MsM<6V5nn)%KSNH7;AVeGfiJNXMl2Z>5m+$>EMBCOknq>Ow&WziKQr$~gAZ--
zx^8PeEn0@kX_}Url-XrWw%Xn=WdH>cS7ayS58C`;^tNL?Y~=|+-e&cGB|({tflO*L
zOF+Pj6=I;r(1e;3=Y;Svx$;mvB(aGZXu*h$MIo`a*=;P;aPeuWtxT^ov<|(_xA}*h
zDaT(SJOj)>e_6gjEXU;SJWEVi#Ksz03^KuH*G+9%w%);HpiwexSpfYzjO*n%ND0(A
zWX2cof23H(wUkKHB#jgp(WsI`8jU1UYAY0$gkmtBfe3$h2mnLp_uaYrf%@ZxGwl?V
zm@Jsg>uc7frr03D`h8>$eZ0$$1V59o1E2!@drRrox^<_E#5B}s)mXJGWNNT#W=X~b
z^mNwEw%R))kT0YCVo>ky2U|(cEU7XB!FAg%ejf3d)-c*^)?tlI%2d)K$&k}2i7AyM
z6^lls$wZZzNod%r(wd^tw5E`#fO<$t-v1Ax3{1Xc)k7`9?%}YkntxfvGMYMbl-zGK
zo6O0U(0Pt9d2Y<joHg4HJ1tP)b6mPv7H(ZbQ%syP3C6b`XtNuY=LX=qmEg*;AiT1M
z4q-{4!w{p7DVcY7V5XNxmq`rc&9c{ZC0dlc%m;ar;l}}W3dvR|t04uD5M%{~C{&{*
zytxc;&D}Aa-UjAon(J5`INW5+%mil=9C4Ylg2Ppsz*8O>W+uGgYzfS8(9}7Z#pc+&
z!G^nefevzmZjq5V(AFF>$cVVhmZX@JH&Mxy)0#rs1&YnyWGkwQ4s!{}sA?GQSSTqz
zdhp<Klt9^`6-x`U?9n@-=Rjh)%C2H}8atVErJ59I$mmd@Rgose-8k$b-032MS4DSj
zmBg?JfgxIPGQ$x9nb@p0vkEa;3egc&>@kdDPsiD`>QB%O)@gV6!_J6uPd$Elhkk?$
z#tXTcg@8RU2a~}HKJd}Cj9lU2$}?y<=mCDN-WWHQRPgY002UA+0I3t+_Cf*SU_W>S
z$AUX|e#Nv1r~m`U3#qNSROnZ<rwO@BDJ-#>Uu1Kn&~q{EefPy3-1|<)sY&poC09N@
zRh!Oz&g!aM!}omh;Q3SK<Tg}Du#u_8zQDveFc>S-g2i(t*KV;&`V4(jp4)@$=yCkc
zeP^)y>RnbMrzq*G?*={`ZOhK&lYB)^wq@B}Sq0@iK4Q_xyNTR-YHj5PXqY3%#QLl{
z>*KApl>%taA$N5+{=(7EuIJf4Igwr5Ju89Cxh9XXjZf+E>gcZRB>O&NJ9~-RR{o~r
z`lnSNvrYXC$a*KW^OCXr>*YCu^&xVZSbjTuLfi_O>nnQpqy<c$Rl(e}Z!odj%B%>X
zp)arJAHnWW`x;ED!_FxL-vWFOfdu#iT2m;tq>NV0ek|^!nMM^^D2WC#D5OU>GU(>>
z&iV6^gRfSVN!aQWqBM&3<Ce27QbgoexNZb&%q!mYp9_t~5N0Guat+$!kZj60Xi75a
z>Bz5iO)O!lyhNyc&h3M7kY<!q9zC@9jM<9<yvde=o3iLpy6DW5rgNd^t?y1jfQl0Z
z6o`-{5=jLMPO<3AfmpNPF93L?dUMu+^rJ7VF#JHIL!z&$oG4yq9RluJV+!6If!R8#
z`)K3afhihz=a?iAPoO^0Wilja?G_uY6d8*Kjflxfq%C%n8fKMrv0{xDv}Kf4#uUw>
zi(NKSL@29-hAnjfq>?h22@g6Lqvbrs%rs9G?qH}adj>%i)}Yu}P}kk&LGPmR^&&S`
z!;y+4k_ZJo_ANMI=zF^6vW~j;DFso19vs_S0VY7v86*{kn5~8@1p=6MCd~y%K}mMj
zr$-Kf5a(k!PS6oMFqFiC3G-J&pjF^-MFd}l2f6Nc`n=rYbA}%;t-LZ(o9hF3EFLjy
zDa=}4u9<TTCtV<lFgRhvY0=g#GZ#vYH0bIuN^p71GchfK!J~z}VV5c6gIY7AwME0D
z!-(~wosJ4&*J%O6JfaHTN+_y<yk%tZcue0%oq5zs)`Kblz))cpFmz=>Svg$mIyW~=
zP0@u4Gica2KHc2QnVD^l4Gbx{OKz<h3W}7X35Es&tUTWuNbpDESVv@ik9!-%ct}DV
zYl2%fBt}wX;VH!k^$SkztV6E3xyLi5-NVwmXztvTNBU$MpVQ;j(Oud}_I$>6_Y<_e
zZ|ZJ8s&!HOG~dwNhHc|NWU4s+b@H6SdXTyCzV_n#x2bhO0^SX)S*oEI1$nlS(MRgH
zwl49$4+jyJNWq}o6}i&*FTN1P_iuGjw4?jv&XEQw9Sj|PkyQdlTF`?O@pv*wI+4o=
zolr6e;t+N)HyPcbUKAAsNeLu4D>73p-3NxrqKIE1v&-u9fZOeyMNqB!QD;GO#6)em
z97%#vWGLb+L}!v=HiBj_;SFPCy>1(5vwlXHjRZ&)rKK(hn}-f(T=AycODL%8)JwF%
z#SpbKGO$$}O{~VzSo{bms$vG?CdxNq1_ZRkK37hPK)`4ckXl)*OtWNMj}|d9Gv*!`
z@FVD`&~K?!2DuEotEU2rQm+U$=)_X=3Wy@QsQS-X`_T-MDK$7OjID(lp;pvL)1hk+
zu>9i?2m^p*k&qb){W@fkd+we6r0{j4E8#q$@!!vieE08<o#*4?p9(a!MjERVRBACX
zs>2;RPnIr*jKa*OG?|cUbk^73OC+@lu|zEp(!TbRfRx)?ZP!%$o)GYs7OU@~x~u&C
z{dQMj@!)Y60nSf8FABUvy6oW`smF`q^Wd))ci_H{eie8}bMu9A9$n2F@AYQQW-M!A
zwMC-(T+yacR!d1@+ALVKYKq0CS~k(FTN*W!MX0e+V#e6XR>8Gwt*N!r7k_^)zhr)W
z`0e@Y2$B&&9XVwggc^dX0=PI@88vBY_<s5K%g<lD_nxw^-)Wdihq7cLLTl0s(=PCg
zk}zZzjYQIDHE2D$ol5D{=`RV=gBXluQKek{>!Yr^bDMW?m)&r?QH_X#BN?>YW@_2k
zoy-h}>^uDIj@Y9L?w^(T?NQl<G?TwNMsIzSyrz?m%^A3>j8bVARXPrnsnSl2%5>(V
z<Fva>%H&^MP~{Fg;ar&+PG6(zQra6E2GcT<jjU@J+A9@{QfRSMRg$r_iZz)=lA}z~
z*q4*le*NfvVs*!T{J!|?_4#UItTrKX&KQ*tT}%onODySOn1q}oAr4VTuAO6Tw(%v)
zNV3%o#QgI0^aq>n=BN{XdxYru*6(R;hsb;&TxDeV`tPKtZ@cau!g>J4NP-eF2m$QY
zEsPNXY!FyaWw8m2WR|jQr75J_No133niF6le^r^*Y^*a7$}$s|)p2g_#xj~>HAWex
zKv4lq40)>FWwNUA_@%^hy06|P!x%Z=3B`3ogM~SPq;=9=GMOxfU}!nY-#<I2<atxg
zki~iO`5K-)1w1h_i_c1RGGOyp_g}4(Qc{?i6jD=4HKL6)(3OcPn@rY9mTZ(!GNh=s
ziq(?KHMEw>X-S$56&rcPkUalC!_V_Dhtxk$@|t<rI@+SEYQ&07P}U`7nUc*Z@*5w|
z=`+d^>-@t!xHGvUJ6=%T06GMS$YbQh0sSx1%1x=UNf)r}n#FZ&%q_O1v*YRH9vC!U
zJ~&QHs?j}o@z^`Tr2XyTU8}V0yZiEZQ^9x~IIE0J7Ypx&ae~5ecGkW2j`C%9S8gMW
zR;kLn_&XPDl+j()<9^lgsMd`|DWa0GVzWzV(W(<gWYr9l8n%|rq}a0?CTqb-`|I9)
z{yO?S_zF5lSw#|X%ua=2qG6<}YZV>_0sfDv{7!u9`WNTlr_YbqYIX6wb=QYFcNIG=
zOpQYUy@R&cMaq9s4NAi4$vMxNV-_@91$Es<kk}xZ6tN+gq9zIJ?`r)+%N2p$AFYj-
zvg}>47L{;xlIcsR?@lGdDTUWH-)dduCMe+O9WhG89egFha={r%$vPKIscH_Y`QleH
zCPB&H5ahyX9FLFGwi_D_qcv@2ShhARC8CPOMY2k3V{InVY-%=$){K~J#+ya4c1eDE
z^!)md&*1gb^Q&D2H6%2Qu!{+PhQNLNe?PuC{v_tMaXduGLV5m_0`G2pU`aj*A@FRN
z_dnRBR;tbKDqApR0Cw$HOckmh!u_rlPAZ&*(4A1}9$G#2tGc*%@%eaE@MVSZeegLh
zdf^;pQe+pd)#tKzlBTG*cf_U1OBAw~K7W%kYb`L=F^g+j!)jTqnpvroW}9X+YEsFR
zsVa@CLe@1JnrlV0W?C$5NwzGSf&w}~kn_J+{QD&H`~84;Lq989YgCw-iI+sIB+!zm
znRKkSiXlZ|byHJAO32VQ!rMmHtX0`0Ki|iAea}*PIxHTFYw^91v){RE3`?GE2_(8H
z4}%1MLuDMRjumxl6-`YeFd^vFlez*-C3s-k!fZQjzWto17_>iX=&q6J^x~Y3-aK}P
zY+9#od-^Yzl|139^IisVE)2@(k5?7Q;y%-W;fzjRHv^2dI$qJce%1G>u+40nQ#MU)
zCM=doG-@(p#G0A4MlF*`WYI|*88Na_Y*dkBY|XY!qguSeJ`X=We>>ejVtIMySczyR
zw9Mx&S(a6*vZvxepV#N9CmjE8`MqJkeDk<))2<LR4<ULv_s&khB=ltXN+t<G0wRBz
zmcnLPR<bI67<ifPxMf|i=Od7t!(tN%2lcT5t%8FRGP?0Mj?=u$qmjW}E0;mmGGtj-
zKaM59@J}2rV#VSIIHxgaefobSW|K79+D4+-)fG`~6%~sqv9e^^$*Gbv6lmCp*lg^B
z<M)1i_4>Kr=Y0MCRbJ1{@Y}5pQHsniSZqYG4zoCDs@jOws4HwmTJ-`+*U@MD@6LSt
z(KnaBJTnq=$P@=?9x#?Owt3M=Bd?j(LZLeeB=`pb_=^(JLX;6QtAK?B{*mI67^13L
zL}pTLL|fM=Qk~g(IOO4~%L5z&+GI46X#$6k_?_?}!3ziN^SyR1;m0m3k=ICcVHj6W
zjr@+qc2`R1uB=N5)5bo#4%rh0!9F-HSzzS#ml4dRi1qdSvkj)ECL2RSp-C)gjLJq>
znrhQ3G-8G+nXHvEQYtZ;QWj0T>aF+g`S<=K8wZ%ZX-2YIu!}<pT9s0bqKGDhlfU&3
z$u!%C`*k>+0dd#oFI)xfs%L?NGR$UXz>CiOm1`qNvO!*rqo+VFQj<wiEch55kTIM9
zex8$o$&$2=m)@&_j!8ORIIEE7c>Z>$a^*a&aU71Rbf;A6ohj8ic+WerJ4>n^71gW9
zi~Ia$N)S|rl9YpOkhBy{mXxz0A@#N)@ZsPj{J&G?8j1#R-c6iA<I3>fGH!0@a8%^E
zqoCoUye`a_md<I37bUy217WW-L^ooKw#3U(QNs+%OU%P9Gag`W?qdUT!!%~#VTTNX
zu8E0>nr`fyw}UHr&IZeRj=^i!Z3mmz8@PbthPgbT@MP9b8cRiB)!e91XE5GwJI9>f
zFiqqMkPtG&<t}q2Kx;|7pzk*9IGSDNJQD1<t>o0+7c-Qc%4TeeIAMl3&D_YhS<7%W
zSyc?&#WCB%0L#oY-fPX|xD+<+%U3fPrP{DuP2A?3VN{OohKOBU$x4$9$*%6Y(F;6L
z!6dqz!rgUuO2=0&nCG}n)y|$%ok7GToSk=4$<TE#4v?pZx|Deo?l|mlrw0qu9P@H?
zmv>N=#E9JXc<$@E;;8P3D|5$MFul2hoR?FpnC?55y@4Q4^!|*%>zx@V_;0;)JsZ-s
z>!SxVIiL@CbphV+_Z{u`hkjS#n?i}Ehq=lFB$6@jdzN7DWU9^1a*^9U@E7R7qhRn8
z(2$$G2avK)bDfu*19x`laSpk~T`bylA7r(*6sOYpoaq_mwJu~+=04tnUwn?rXLA|B
z5K4vpR{p>^Y8A6`VlzH}XD+=Q9O<7f7JE>ybw-0PkPy-?W-CZ(%naR9TeRf?vZ{SM
zX~8Bk68NCdDOH!QU_UFms0qqYKal&f?vna_TlTtteBEki!)@%gUwvGAGwpm{9d|Z~
z3o_@8Y<cq)^)Hy$Wm%s!_dLGt90o}1wO%Zy#qL$A^P}}6fm=Z=liMl{0S_y$u4%4g
zRU^f685HsLB}E{pl1M*Pyw9HeZmiOtZ9*{7_uo}a1Yp{BblAK}*l1~AQuW2+h!^r2
z$6DRV_WOZ`wS9wJS#F(N<67z%K7O6uhZMVUyyQ2C$(Z<FxtR%xnes>}UtIg<+m~~`
z?3mC;@4GT*-y?Ra<0)y0FQ?x|8(}CLNnPC8o{7PFx4J_yOFbrUR@Dus^``j(3;G`U
z^z71Z>XQUbR<r~4A|ux!rB-E{$$L#MLh7!Hq4Xsl3q1H(pB02_%En&A{s*A>H^7i>
zvNr{0Tqp=W$GLYw5nVXfSR3GSsv+_!x&?fWX<&|Su>vJ~ex;TuO;l*YkQ%bKwPYMg
zARN%9G}@$%`)Cfjjftf*EwPr`nRLyFYg?qG+bn6NE4j0#CbZ1~01^Qtp8`PuZZDU@
z=?y(gU7_1n`xxXK#*T;)g`o+obz<G~bgW&feU#v4g_R4%(x_{oNCb;VU#N$EZ@?51
zq-wd-!fozV#t?2$xp(4)pK$JBZcRN;bcIB>?r3G{*g+Y?U<cb()qO5r2Emlwij1*?
z7q4@&rE5*QO%_t5?ed$`yfuRmQIuFgh{%x`hr)S+L59*+?yT8>$`{t9mro`bl(Y$C
z8dpXVK~7aC7RK``OAel?fq|NXKy7=+pknE631DDIAyT_Q!%#R+3~w<BfQMnuy?Wc%
zT_<M9!4@4rg$as9b#lw8B@)RpAz=`yMb+Bv7E^>JaE?TF^hN`Zc^(Ceo1Dq(7e&Rl
z7n4y@5Rf<=5Yvg&@+o~XHIi*!B6zx-EL7h+_uDf!UbtGGc?6OrJR;Sl5$SDLCX9-n
z)!&QCEIfHyWP5LS2VA??t&>}6UUlFJB$CB&$Oxl4HQlS0xr(PlHBwMb2yl#4g11$X
z=6RXBw48*PEKx5?ft_`2rV-!>ie7}l4t(RglK7g!s;>9x1UXliIPz#t=)2Im`ub8j
z-Xyy4NNCP3)e#YgcfRYH$%{H9?GEJ8kxk>l7V7amXw!P`?(7&O<GQ29u1@yqM@`1e
z*0pV>Qi%?4GcIPubkh}PWVV+ZY0!oX$CIcjGD)QrNO-$nUcDZxyu9`y#{s}la!FZK
zgM)+<qk%~;XGNK-ES@8HZyd8qao%QJ!+?kz${LPl2wBC@`PRMb*WLGiYPgn-mPr_{
zb=;*CMZ}RSFbdy0<hYIJJXe%(F#&;x5ha$I9)bqrX`;a*vzpan?P-)Z8O#=5pq>9D
zT`iBi-rZe~q91QG#__8OH?e2PZyP@~puJ0E&$74VkW#+6_szF1=Y82RppV~nWY4}u
zn#A4w$*cIu_MYx;NAPX7;AtznTJzB{eTGP8NP4sBJ@)6(Wo_u6cRODo?tD+mYg}Ir
z(9~2;eW8zu_1^treE!&etN7OD2KHUvM9#K==q3l<y0}uLBtdCB6?j@)G}4=L9o))h
znA0d_-UTj|EeJ(3bD+jIR{4}k)b2Wu;}6E|2u3Qjv>h!~RB71U9#a#f=9fl@5WKeP
zde5yPNqXwb1kr%9*Fg!z<gU`HE^{z4^zMa+2KRc+aaEbl_qS^DRtly;7ma&s7a3D6
z-S37}<v2XZ-CX0DaX6Y@WaS*L+l~!0tjC+oKpLA?_0DWe<<4o8Fk4Hc7)jEjOqxj+
zVxlO*D2fqAQD~zRY^o?4gAkJqg6+^Aj1ZJ10!0KwfEXer;DXYXN+jqRO(1C4K?hbS
zNMZ?v<Qo+tkQ8pkP`V(36m)Lmu{`ODjG$8r5Q3nE+6{$dNP}DxNC(Yu@7zDxApq>2
zeoCooRB1A<hASfqD^W<A7YOCeBIb&UBxtKt!yh=<`S|<(dUk&Wo@P(JT8C`(BhK=A
z2Hn0sXhIw~42SUB2q5f!i2D_Ru~IH-h=~U!6#L;$HYM5|3Kaz&0gDFy&%Xjbf6tAF
zpuimA7v1PRCnSm9lq(j6R$(Ok`|ziVz4($#$?mh_uO#wZzCJ&m6+9K;>qoD@1n^!j
zo+ZS2TsT)D;m<3s(7Q8Hc~SN1K%J|(n05Wr^47G>+iA9>N}Fw_B56r8D55kW1Ha#X
ze*b_0Iu4dUmNaE67*dUj+S;hLG%5a)0DKSe^`3vjyqf&~ZSwSs8v<T9o*}({q$HEV
zeIifwe@!YZHbxabH(AgS>?j@>IgB3N3#@5((H%2M_tG6J`Qcu>RoRV4-%9Gr%JEa2
z6Ooai;e2hxxXGcx<8dxBHBWBuM)7QO!k!D2{I8a@lVaH>RElcGr6^M>AjHs;A5X{m
zJ;U@r&HrR1Cuirj+RG_HP@zRbVy0-Ji%K<2)e^8NIHLZrY#+n=LwfjwmVd9gvpc+c
zX6Ya_pEsFb9+ZF{fF23*AVO>h_uQy7sMRu66eT54%6d4;W1F31US&Y6n#z($lCn&^
z+iA6T{CM-=UNK~Mdg7-Ul;htD;yK$L_2BSD;LAyPyKkQdg1lI<J3LIjU8?TH$#E`v
zS7h$W(Cqln9iiI>OUU)z*t;uI+kIc+`4~#fn50;nEt_nIaHos+<?;9Y`~Dza?)cd2
zEXqrq=22GGW@u(rT7_-0`ZnL|k%#(!uil-9N%7y;r(a3_{O)LGRTiZcg(e%#h1kon
zx96{~LU?4+dj5AGuLyWBXuJ5K#Z+-rarx=>;V%|aFsD3DC08X^PBn2(VOFSh%!dHr
zJUS;?7NO(0!Z|S(A>?$YMnJ_K|31xRwn}Q7WvNDHN+O`DB-oH^5P7z(`ETam-TeIi
z_BIS--up0)9OL5*)RtMrT8mQ|aSSs$N{rT$a<a({I&iWG&Xh?FCR`)u6Q}(5m<#?l
z<)7<!v-|HRCtZA)a1Q|u_6TVHf+GPeRE##2S!9N&h_U9<A|mD>Bb6c9TMf23yF%=j
z$Il7IT3<aX=sdmft{Aa7@n;lrj=DpviDawepmfPvQ|qF2g2;R>km^s5d@GDHJN`bU
zU8+O(iS!TP?>F{DAA!{VL;HuVMp_NFsHhlfNNHuN7L}<{{(4&Xq(|k+X%Cj`z53Gh
zseiHnuYk{f6XG%$6j0Eafk7f6&+SyTLd1ybXg%$u%dS(7&5Z+;ox7~u7AJGIISz5)
z0C)lKqIHney7j`2VQP%6V@6YCSf*1f4ORHhE{Q~=7*Mm06D;TnH~}Z_;n&Q`3Ex5}
zi<Qcw>Sqa7S!T5&qSUIkTUw%LU46f{@&5gM()1yXc~f}(`o5_z+p12PY=LR~3Pe;{
zC95EZ#u!-cokwt%Frx~5yFVNxe*FHh;B3?baHcJ~@Q+dF@zmgKCS}gD6Ce*kL!#zG
z2(KCJk{<|34!6So??Aao{YYmhdwoJ$u}D%($gQGMDEK^i{C|HP@Lto@;%8o99Vf$>
z9}0~TB{ZsJOo$=`CPh!pLKQU^pyE1R1RYtVY6k~a7x;Yv@#-JD4`DxuX|hOnOD8?=
zPWc5P^uwydZ_eEZD$zQ#FHdfq^YhE<LI>zVA5HGa9${aFF^JAYTEJB{Zbi*T<z3fg
zsN1C!YVMtDk;Iw98Jwvxg;ZEY0x3TCKC|;g-d^MVls`W>t?TQH;64FAgh3Gz2$>)d
zLtwuOwWv)CD2Y<Bl|B+4u6wFo!Er7HBwOotKK}iI-@YPg2MPQVX75~@eWvUIpqme2
zARiz|dF!ks{{2H|e}lIu)>|t}1)~y*wyIR6ttkIrXWt5TonL#;hwi-g=JUV4bZgl|
z=>#oQ1Sv@hB|i$ZszeZk-fd9!D7zd-cHHG~as-fHKKMKD1b*zGZ>S)X$t9%n0X>8X
z`{&O*K5sZ_%;s6k0+)|C?<LD72R7F4Igt%!WzJbe&E9ex4sR~aGdO5Dc{Y(Wp<LzE
z*HGchqX^<<cP_x*Z!T;ujFuc$Lt9%lkj&hd3K*_UrX;*H+cp~Iyts36oXuu&vT`Gq
zyIEp^s=!<uv^ke_p_pE0F6ntGb>Nu-yts38<t0tb!b~#Jj_yI>LQP>Ii7Uyvm}tlx
zTT^+=(rKkNHQr|?hn;suYZejnxZOT*6HSRKH#jm(w-iZ&!RF>ILtA*|VaCcPvkQke
zVa?|gQU>nm9JUx<PHf1i@h}@zA|{cDiUd_?9I!)|NXbi7>L)2=r5igqv{0&|vm}ue
z$f`AoGC5FawAi$bkcwi0lUXKRjO5!^twPeu6swyitd=Q_J7RH^*pM$~1NU8y=S<7@
zDd2w2y5#<rd_h&uICT4+M}RJ7-mUM@>PhDyh#=FKyP?2(diO>UUwMFiW5WFUz3yp-
z`ziu4dG+^Wx<lRp!Ci13R=K%50H=Y71eNL<_<P(u00Y=y6i6fzTSIebOsSKPEW^B>
z95FPyw`m(zWR<(0aX&AX-bsAyHJO%C-AHs#LG|bq^7l6h#%Tk3$Z~C}JgD!~mD&3m
zJ8?daT;pdZ3z{mCFY2;BM;F`l74Z7qr}tlSN{9$tN9SFYWX|upDP%D~6?4;5k3$em
zckuP!F8k?K+218k=&c3yRnyI9DTaqgHhsS`mY_2AaV+MYwaW+Hl5)pB`a6kkw_^ER
z`{vKt1l93e4EnnrtuDjWh|i+<HqwV?cRs_8-`$^l-_U3(#p-Sw=aI{{*$7R(5ATER
zO5i(iF`o=GN73prW%0kS>KR+r>kVx_2cGqL^RB)$_!TXydm-4#89Y3E0rB^S@T8YX
zVJ1h(Di_o=*6f9h#0-eE!7T10crxY-YuJYbFtgO)B*daeP(a$u1mzr=N&2oDTr|i~
zRamZa*hHl*@Y&AZW5sUwt=Cj-VGjTzn7v~d?<h9H9HH&dMso=c+tG^c(U6`82W<hT
zz-PVVxraTssc45zrJ?nL<%OBYC|xn!rUNEX27uckd7_=Ls|IXlsut)DL3F31z19Vf
zQZ}gNh7MMYXvVEks}s+zb-KfJ%zl_<_f^1>tW$GQ$E+TDQvs(jg^JV?h{bkONFjo+
zJ9oz}8>&`40oJM@aFSpcVT7Czr%a^Gr#joECrpKyOEM0bD(-W`cI`yVB_?92n2_w}
zZQ<kNZzy!Jag(A$s0Ru|tr`*((mEtHQelOMw6zL|jMHWr)vdH=3Q;-^K*E9{q9Q=L
zG=Y?8NwOLglcru73$UF!Ou@TuiW4v!W*ElUIK}TP=cc34x^n=CM;4M0ltMx{qQRhW
znTl%mM@)mAH$u#%m>tR28?7eV>9=_m;A)AbMAy{06&&+)b1*g{BC3WXN;O(CB9$$r
zMk>J#PkD1LGgzwd6&rS?w@db`tEVa~ykl+mUOk=n-4|v}ZpHGs_syTO39I6`8TEEM
zT2+HfMc`t==Y-F`Uk2Jx?9S)daohW|>-oQ+(Uq7PR6x3tvlKTI<MrOy=kct`+<?*T
zNmeCcy!4ww!TDX@U$~k<kC?x^n{MvLFc(;>-QJa{D+r3|)6obhmK&u4t`#eI^LL!p
zUb$`;6s>K`hg(e2A%aMrD5GUEl^a5<X&Ru##ud6LA=Hy?Cfm|TRD?QfAo9pTU=c*N
zgU>pZbH4lTiLEI!Dw!bw&T;pgkkp*Oq`a`}X|~RC!#0u`hNm73-OO5wduSs0xy`)|
zQ>%G<<EW<|?Saj(9Hf{sZ&q<4nD2JlOdR9lfcHVL9=*mk$04-aU_*#PM5gJpCFTW4
z?U012F`pMOS3F=`VdyeD0HB})Q6dC3SBN6jB~?sOrc{a26r*T1j3Igok`+pep&O<X
z2f|M}sKN?VGm^}@xp>s8#_|lN^K%RnmvW{kwA~nJMG}!mN{b14f;CdSoAXGvRHSOE
zf|RIL6v!jN#{_~P)L^KBW{-hzQ7Qx}AjLKmGK5jn6v9rb1Oy5L6+{~KM;WIaO~BHm
ziEgKy2-GN51yjw`f;kYV%ID{3MOI0HE@ml(P2YMtc?}Eo8kV&R)~jrEH8LcytgBU0
z=7e;zwxtmVug8y!_@8sXOXqodJ7nJ_=zD&0Zf2c=d?YA^0R*8!pN9skRZ{92Vx*Tg
zh$qp|_aLOiz((YY0}>8)1^xrODTsXeo^o<e?y13)HeUS9ftH+~rg)zKlkAcc;h=r?
z;(Vu{j?N+v3R;O(5ki#?rlP1?i4<6hqr2pPVn|*b@>FTt0sbM{2wr1#Q+^gb?;Zq>
zEW08B83?8O6RH-XMs#Rmm*HCzf$OrMp~Jw=NGUNcQ|+E1tm0~DU+kD*b0Php&TXBN
zL%<~8A^9Yp{y7f~Z4nt*P7siVlL(b$P)#D@ttFMylBO7lsLa8XRC5JTQl(|=<2b|f
zCvWp#8T`QqVqN*IZzEc=C8W@8Ud6UcaJnW9aITb<ZkGPFQ-(<hs48s4M68q^hhtO<
zY$yw`xM^`#QyhWLRZ^wh7YdM^&m|<P<WXWQa+W9Yv-$!d1Z8BM;r)d``KkT0o^_D^
zqn;TjI8s1kgb+H(^W+03&!0a(J;&$W@NB<?qd`$cRMb_gYiQL*+KBr-@`iGg_qXRe
z??1ZgMfrT|=f3c-rCu+RL`k5sQq@6*X)Uy@MI=n9l$-2-Io&uJa&>vr!3HjJTI8D>
z8yu4Eb3|;U5&;2%F_Wk$)|P@=SqCFaL`MC=_Tqv<Z7<(wlW7U@0(sflgOYwap~H^}
zv(gZp`aX5}m>nW9Rs6<VMqNT9H9FLaQbkJXsQ8`wbbfa)_a@;@ePWWb5d@MQkUSMr
zV`NouWO0q{`=+xhQdM2V$2{6b-UlNESlb%iE!aq7yMtsxhKXTU@7<ZexWhk_+|m*H
zb$Nef?}l^D&L3Wr58?-Ke!zj}@jkTu)c*CfrHGc=(UcW}(2**}M5&M8&!F}vPV<@P
z?zA?0Z<m?;_!4#?kp>?Ykrl4vu9aY_mHkVO1GKtksqjstL_@5mD(+zrL}D^3jbUOa
zq-IO})80eO(gBkHe_`4E!;&9g%$dW}Ofy5XE)-+~>5P5j_t(F#tO?g2il^;q2~vd?
zg(lJ{w4&NsCMKnY7w7mNZ9M(f4j0?~_kQi1eLnaohzKBvWDpc~5KNf;b!Lc`MX}N}
z>&w8Tjnv&JS6VPp3dpb)%mn(+aQ=bX8!}mAEL1F^RFlE(Kn>_Veh<G-hJPLFMTx??
zt7gedN{B;6Rz07-dVBZW^P?PoP;*a2PXM5lC?rV`$e41dWKH?d%I6Zap;xfaF9b0i
zBsD5ZRe@3jRaCa8l78}>pU1s@J=e_sA>X4p{YT|HH>~q>tvEy2S$g{<hxPnIczE=3
z{}a<}B~Gb9g++y#!>uheky@yTi*2;Fo*di9KX;SIeXq3R;AUaw8$DJciU=`Mi3AXo
zYpPOcDN0EzrEHe{jz@Nunq?+omm`l`qmcweoFk5TI1zG)oKl^{C<=ltXs@~S;2(Z}
z93|PfPG6I#pTZ|0(<qT;h<t<(l72kvubgOorxAZ|PF?6&qNy6OSxA^@h7qN<jfZ{*
zZMT2DhGKh}^!a{t(nJvc2#E<4qOlmVxQ9cL0VNnp1hP?$rgwLC<4RZqB?gsn*GjrU
zHv0tOti=enSxK)gp*dNpd#rHo4!IN+6jdIyi?h|7h$1Mvu_~f-0`y7B)r>qd_~z$-
z-zUlZlas&?X+j6FhK_XQJL)~^j&yr+u9`WguRSUAPy^>A?w`-5y8X@Fb#q1z?r#@s
zrsh+Ltg%r;W)~D3GAT@gn}&lp@&M&HtPo>{2H~QPmH_R@v8EeycGApCY|IACSBY7=
zIWi*Qf{K}(&Klsk#21|1sBYa!%yXRMXoxU`<*4O_*D;E#a@?&hWGKR$xtVo_m}+F$
z=JSQva9MHS>8Lj|1-1_Jo6W?Dgfldm40kPaFBd4X<5mVN6LXkdTJtw6O*zfNVh=ep
za|2FNZzgkrnlmosd2?-`?oMsOoNcB`XqaKdE-i+z(S~h?WGOjyyT#x$d5|*#=*TsB
zlJK)#yM(KGkZ90GD~f1aAnfE8CZ|P_gl&sOB1%dyu3ba|AX1~Mbh^&7tpdS7kcuuy
zGgh1iY!eP?Y9~cP=TONcrIcq%Nl303kSY?a3k5_&@PBpobF60F?&D4V{vv$5>UW(l
z&DtIf>+yJ#&@@9pX}@^*(;oDpRdm2p-1Ezn&0$*$#84P;1O<V<P&(Z8s~;hf5(FXR
zK6kkxqb0UY--Wr)o8O)<EEZ+!vblTbV!N2)UB_E|aawv=cHZCLYIyEan=538w@rp7
zzmx4VCT0_MsC=!FP06{YfhsKp5y=eISC>ZB5=?;hpS!S;l2bEf#8&H9vt{*-`|1+2
z34Ct%g1yQNjrp#-%7eKnImaG+F7PgsZo24Df|I*VVP6t(nNHB#8YcDQEcbwfXx|kp
zMGNVhzI)H<q&+!4y@n(v4)xX>jhB1X5|qvSmVB`9ogG-`i}<qHVyDCGb!U&leYtCM
zbd)o#=OQAETMAz{mTt(KVD;Lb-d$PoE9L2T^75-meb-&LkG9#QycVZ9V3lO;R@)En
zvAX-de;lWo%yfSf^AfpXdn)rj>^gU|=W83LbLPS2x|?5Jzq-ErDXq`6nvcGed*k*_
z`qrp)pNU#}{yNseS4VyF`xkfHZ|kggu<y`s$LpVC!4GzOuGh;kN5;XJ-yPVUXH*+L
zuv#Ypqi{2Bv+0A50`*<$W6M?AFA+MQ2Jlg@t5K<+V}nj{S2yWbrq2AX9X|Uli-cz&
zt~AD08@{&wI6K4bmq;pYN^BBIWK$#|Xj4~>98jim_RfI#L4-y~ARt8M=RMA5b$Gi~
z_{oA%rd4H9ndsfdjUG7oK{;C6sUf5VU|t+-h<vdQD3@rzBj*t+*IjjMQ%;sl1iWq{
z))6w@skKz)V#Yfdr@-G8qNH1R?&{9p9pV_mGzJiuFPxgG0=BJ3GimPVEscZT6o`B3
z&MPHiHfC-LVt}@%SB3cBhqVt>T0v-0&u2R1D+-D3=Z4=odpjt4L^<t&+YJ(TygfId
z?yQ|MT=Ok2qw78Q-5_{W%4(*gRMKfocjIo^*hk{O1jUZlrAOr(Oy*&kht1;L_eY&z
z-S$L=&ueNxJn!Ao=I($&Xvl4km2hu5?ruY49aDFAcPDaXrL@e<E@l88W@U3J1Hw*p
zJ0Kn#)8M5Wd!nFGLlP(ezBNFXnYS)%AS#jqgV{+Za1-E=(E#vCB<51uK%x+8&<WU(
zWsDTDupaRc9YsJ2C>m{AXPLh<b2LYUARFE`;1EP4IajP6$YFpS5=aPu9KQ<MUW=Tz
z(}eDqE;yM(PGaH1u#}SXu$=kB3B07<YN&%1RVb&Ya&~Y+2W6deuXiqQG<rJXp-CrX
zh)K|ZV2JQ!I$;dU;gq~glbk(-z#%gh$VuzsHlCY3Uzfbgn5*e0!0dEs0%^j7t8KRC
z3KpxFHgXWa!6NOoRRWaUtheFFY0X*zClN|;>v!fkkvoMw;?i%vHtkrdaBJ;u7<}UR
zL%^N)Jt|mF1mWU50p;Ip^4B+(>&)_Hdpbu@(vngn1c!WG;_!fQB4@>*8^xdm+O&w8
zAtCN92@-_}bDi$G;GAV1xwl1eWm%Jqfzxd+0BD4b`CEYr)$X?f5S#@!rsx*wx+d>#
zi8^F<!FduHi)UjbB=2)=%+Q6*ZNd^5tlsiA-~r6S+zA{SKy+vv5)%2%ae&<{1v!HO
z?)Nts>0r}K-3H(|4Fe9!PWQUpAqks}xCIb^^t1?X7Jz7x)uAP;NiA9gzd5~gyxZ3G
z)gg+)Nx>jya5vR;{dxTLt>$Sc6CyM3ou?clMG!3tSxIUvM-BWV$skS;?WgF2r{ZFu
zf|Ml)C3;hoR-CV)K;8v~YgRhH8Mn`Qy6wT8BtZPI#CX@&KE3X$sh8a9*!agxn)&C`
zihF8RPR8wSx0d_uV@_dfzPn#_PqL(Ee%>|o=cWDiYQfpXTt8oLGo<`V)7K8QzY@AT
z@0ZKFlpSSk!PdSy7kwgcbdQ$D*dv&}O5o^z9!85@7kiY<`!ztr7NzXbcUm|e`EPu~
zXo0%(>da?PeJO2}FY8>A1@lMB$@22^Rjb@|=!q;VkdE4_ZSHl|JnFzWx4iKJ7bzq=
zVJpj-Bp}*NmM%sVYyc4}81TACG(0xj^;>$20y$wfGjxGj1BYRJ+5z!}KzZ&-CpN(A
z&a;URpEJDzbiplwZIA^mvI_|^-g9}*yAJ!^$Ur;Zx#t2EBs{%kKzU?<pdJql=QACd
zzHHsZE!&6QLv#nCzTGFp5=jV3gm?;hFWt`fI`44jsj!muWbxt35IYzJNJSw9ogfoS
zm;h}+lD`m^*h%PV<-@;vJ?!znlK5$Bz<Z*wib^z>L`zYE!bAemArVTP2DMZ`4|&vd
zMJl|Z^+IlaYt=qbk}H#Du;BLQ05PT@018ePek#}4E6isJ;5xSFyx|MLTr{qD0a&6#
z%Nse>lfF2a06W_Yr%p`Sh0f4|CT$?~$=6&Cx+xC%xd>K3?91MCcc3C1*kvvqQI<)0
zhC_6)0-bMs+sQa}rgXw-Te-hB1mn%~2tsAc*N+1@mv)eqBph=HUbdUg5QSiLZu1Ua
zd%#PQ%&!bS3bEW;M~A()M76na0S}~%4|riy1I(bn0-0=k)E-q=fVP0d`LLAhcdkGt
z8JHWGU>9#l61?9s6)z1w15~XD?S#tpNwLoybjEqrI&r?Rfvkk026fivh8bWSZ*(Ew
zC>F`zQLqWI;ljz^c;^vhj}60kKBdXC;MQu05$}1xyahi`b_Mhp`?>8QD0{>4!~B&Y
zTGEDGpw#B7Ar?esWEUvJ3X~ODXsTGsivemYY>N`o+E;jd`QPHtz4f`l=QpG??Z>m<
zX6hYv%*uQLfQlrRq|i$Kd)16h%a?Q=yQ-Ffno>lGocs?1q>9BxL|JKNmce8%d%w{B
zWSju~rV#2trGyP77=Ke7Ea?8`?fb&^LGE*=ggGg2u=xO<`h55D_7mzG`r4MosEt)b
z&YZ-^s#LX^9Q?0mIDXvknGaJE_I4zPf=VEWKtAMEDq2{SX_)nviNVP|+nLQ=WXRMs
zEQqJ>^Naf*o^l5alqvnaX}w!Y2k;M)5^{a-`d>a@%UoY4NKTIKPIPhxreYl;s<I&b
z@?-Dv!sF*We19KyqLFiHI_UY6XH<bteh3K2iLf7-`&O7|OhZ((6F!W0F)ndCuC{4n
z(u&cw0S~x;eUf?6KJe;V2Oa7MFgE@SmEq4zf@QPL;23)$1MVNW1LXRAvS07Xnjb_z
zW@=WUNE*^bQo%|!TN_%``X2rJklRgseFwv@xi>E~p{TzR#p~{cd+W*uqXbFx3POUR
z`6|Ow#i&}nnBf#$^trZFRmF_Ngisa=MI`)8p3dxt_eFnF^3CcNZ{pAI;u81vpF&CA
zPk^7H`>zJoHnUMGqEihCK^aLQYff2-Ybyl9Hk^>OtT<{<f2w}@y>xY(`#Mg1>zSkF
zw*GhL=-9{N82hwDsS|3XmI>CRx%Ipo0Saj&5u{k!LMloK(LVltYxgyHdAIcnUw)j^
zu7Tm5Ci}^U!cTz+A5HT9{GvP`A^iQ7DU~eID~iHaC8celR-)8pQAzptzkK(+zsb>G
zm#4+*`nx?}kr*o~U<jHGq?TZ*Dqpu&UB_K@(z_0_*Ii)h>n)-n!NXjOG$|KNlc3rO
zHcLy9TcB1AEUQVhKxC}KH5Q68Wd3&NP^7XfmYkI@t(GKc&?2biGPx8K9_|z_swP`l
ztg&v^#EL1&AmmrN2080UvZRs|bIG`53U!IVs!G-sP#B6uB9uJroQL=C?gq^I8ZgQA
z59u{5tULMMbI!UTe@-7@K>6(Y1AcL${c?=DRl<z3DG23SB3Wr!iWAqb$leXVKD*z~
zaIYUu*NdxuO|MwWNkFzuF{N~?bfmIXn@Oe}b;Ll3N}>pYApJE2trE*E42~Z}XQOsR
zRd!s0NsdlM${E7uYr5p_El}{uM5rx7iS~iyA<1MD=o(Xf3LBuA{j)k4P)YI+KJ3U7
z^)Hj;kU8st`}xWH_>|L963PtP8Yw1iRkcv7YZ|?G^Qw6N4~;K7-O%uId6m+xmq~X;
z6D83yq{D8mr2>-6ASGmil$5$^Rw=qx>?@#`+MLZQ(xlSUlCMC7bayaw%RuuystT@%
zbC)2BnOB%-uC%OC+*~Nal?=?4ub*;g&$I9p`TFn=zdE{Ta-Y2J8Hfwdq>%1=-v3|U
z3w|6#XYe$orD%xF3`!{NQWRtz4pO3B-A8EY8J8V{bQA9L^VjcBXV2cAkRkY!lGdQ8
zsZ!ciM%z^^Ri^i|V4NwJWd#LRD2krso_%`rNxyz)pueg8OE1|V9`*D-ksm$ZfSn(?
zXq9NyQI#ucLZ?Lzl_{oGk%Cw4{r()Ezc(+JzT15|u3x1C=SxUX5)_OIGx_Z4TB)We
zmraM+1<}r6sxd{#(SnJTsb?S?Pu|K;p4rTMeDwGEAByG4o5J(HZvLTu2`Fz}4F~IF
zo28RCb38P_H-;IyP{WPONby}wIm0<^(83o2<GHtn$)=WWb1TG|$)z{}q}^h3oaHG>
zgQnmYhclK+T;vImw=X%#46&5UL(r)KU^x^-)1l{5gPt@)G65Q;PsGIH8FsiF!-2W5
z)Y9d*cXXgcfrt=LhcXt`hNl@h&Sb$S3&!2jvKL2k>A3?pT4WAWIkyT;=Ga*EL?t)j
zMUmke9!e+SRT@5Sr8+G}j%Ko^B;wSqHgeq*mv@>;oCr@NWz-Zd5fqT9QIl*7F_sl^
ziKxY_+DA--rgV0@BXbcHxsB7fbtb8WX*8}W)tOd7(Gto^u^A|$w5q9Ms*;N&g_k)f
z8B$fmP;G{>7X3dGb&u~eq}$IrY5gk#hv;6pq#?Z=I`6m6&VcOhQ02s(ya_%_CG(xv
znZ7~Mx#P%9NJIejK>+K)7G*Gi6fZgvLqaH^dW;TYbPqc7K;7PUXS2?Uo>(~lg!KR}
z-Tp%y^&{Vl=qv4mT~oJbGrOuD=5U;`W*^4h@<`sfeNVV{^|bew-5Pw44*C*r=XI}s
zyCrBC$)QsTx^l1Fy9!?tJHFAiaN$EO?)|)YI;pkvj;-PkakpFFWr27!o5PrvbTE72
zh0tyfn3=hNu5x_}`5r%gHQgPuC*OT|4u!&{-)rMBcet7#4B@$@-_GjC#X8-4Ha+{}
zB?)G^{UeL+;!D2cxtK0l&D2eO&bI5+%lo#kOg~hks*~8v=RV5PbLfNzKKb4z!GCDQ
zX9m%1*UwtCKKMtPeVd)$dt|+-buY9oe_S_eh<o?dcAe%G-yWbFh0a+!B%Q_*41xq?
z1_V96dS`y;zUNw+hK`61*m5lG#^~nSkc@dXx&fa8O%z%xKB{7YK=@C2^s0i^?s4pW
z+O{|p9WeBk4T{6If*FctqKT>4YkMwT+m6Lfcn$QhmxQUiS6HnFn{)sb;o<8F%PoYX
zE8Q#*D@9PL=Yw=008`xdz1nK%(p}@~Dzn(0a}IjLgq*78x@U-Y+fN6x!0!2j=Q#=F
z2rvc^7!C&+#vK;No|lUWGgybsyf_|#PRu6}?H;7Pk6_LSiUx8P?q(Mm=EdU|s79#8
zL`aZTvqT6cUt}c+`Xb>^03(gVr0{f|(cXOX8;1o1LshEu65_bEiy?S4@3oUoBh(H|
zcGAtvZR*=>wOS}?N^Y+L9vQsOQq9fUW>u$Sh745{dW0#(b=9R2t70ryypydQ!fOXd
zq6QW`8Z$;;&YHX#hDX3hhV_dR!d^m?QDsK=nC4`~m_vXRm?m(w)^3eYj#m0*GPE>G
zau{yf+eH&3(Sg{2=S{dnf(f2WTWRvz=tBCDc25U{SgRI#jVb9$Lj<7c^klt!u4Vug
z6pE^_HD1+_yvp8&zNsY?Sc_mH-T=!LN)-^03<Gp;-?hH6#f|&0$+M^9-@Y<erT1OG
zq;Y-RNq5|LGX={yH&He9>4@d(HT8PolCG~(hw7?2sXdI&bL_1rK8QgdP2Br_`#tns
zvX{<Ue`WK!oh-c3@4g$|Rto484ZUA*%Q+>$M8T^~YZoO~!>|+dFca56F+RFo^?d$n
z>cGQwo^P<$T;@p2Z!-wu+EqET=O)9P^6F}+WH)|kQ;4XFr)gCf#|Del!NSB@H>=kC
z=-543xmwv+an69LMw|#ZmmzSHy-7OXMI$J&jg#O(A{JaJV{9)JJTcP}+;EnVX%+Oj
zZ%=(3+svZZh~<?#%vTEp<3kip5YkBfgQO7AXeNOm>^6vZGuDYb67l(O%nS7Z&oxWI
zn+*sW4ODFyQGQ89Jbt<t?-_On*LDb2Xdv#37(^FLi@J2^?K?CG@w5UX%wLeA+AUB>
zR4q3bkny8OZ4X*P!5HI2djs;)q44IoJ?XryF)=NrYbCW{9MaCL@6NkdpnFcU<UR!@
z`}Ix@s#wLg)>Nl7I!JV}R8+)}i$$G(EbohP^J!P*PiMWJ0|V7aQ44i-NlQy^n?YN2
zw33o0L4L%V(#2BL!!b^ejZ+6Es#iT|A-3lV2Rm~)6s@C5%Bs^a5A)#+G41$a_X+gO
z>tWRPK%M*hz{9?eWI4%n_L&c`d>La^B&xwEgBGc26{uxc+P?ojrR$lAHSeBWJ^uTI
zLkZS)@%tz2(pB<S=_aykWT}x7Op>B4vRN#f2CwH$Q$tZKqhgc8cIPN^X<e1ENrW_O
zz{Wu5Cw4VsP`P{bJN}cCkU2<M3HLDT_w48=C_O^YVF-KE`~-*J<KW*oA9p|xr}d*N
zI;vq|QB@)p2$ia#%T)}sRJAs2uAJtwpCnn^EKR-ocg?$oA0<;6>KsD7bEBsx!acHO
zm}W7Itad)S!n(*gS{Y`UswO2QY4C75f(Fe61d2s2#N#<eFTw$QKHivsXR9V;Prq!)
z9I$+lCj)`lQk&L8;Zx-;N*1z~D9TzTDMs2gs!=MT*$=*S_3`lQ-Ti`Yo4uEr4y^b|
z2}FSeLLYvKgh-88psI(~I00130^wlMwc)v}Y_MuHk{KfsL`$4TB{Y}LzW$%j6T$vA
zmT<4$jD{xgwsZN-o9PH|@$dIr=HFhvt<L>_YL<$X7Zf&;aw6MWQqiSBvdDAy!1$im
zoXfu)O?k=aH>2bC)EGF(VPDoosi8``cTrCWqioSv6I|Lz#ey<;7|jpnBm?JoVh^JR
zmP$H@Iw^s|_Cf~^bF<`01n~Rwp`tSC9XOO_YL*%iJM#7Q`+a%w=(_8l8NE}d`k!WX
z)_Qz7(bv*aNQpm`e$}d4k_7d;GODh^NwnZB{yu4t$ahM3&)Gk(^qy>_Pn}b|p^5WT
z^Vh_6KQ*UA=U<PBjcjdd&5)!+NJ!Ezo_&5>;(mWU`PsdE+)TZHeb(gU$s~u-fC37r
ziixDHs4`nvinAmEgFz*wznM&gk|CHpWvI5?+ir9Oxy@UajPAR;aM+}*?&1j<mCJ2W
zVv7c)>^>k)>xby+%1wcR`e`PI_c`<MPG>lIH0eG_L*eA$AKyFXKK=uMuwo)Aq6+!q
ze6;Jkw{lm%UDNvY`{MemdrYD*R#MW+sV$f(Qku!NlB!=fL=r>B<7<W@-Pdt9T%;6H
zMHe(flxdZT9TAS0$&(zp8zh^R>Z{tweEZM6bJk7?*UFNVW<c{S6VQ?$WZwS1_4$6^
z48%x8hG_)6clGi9%6|646Qiu&xz8l=P$Urm5ffP<B9ykI+vE~OAoDZ2w*rh+ySl4}
z$VOHzBDu&TgmBUEZ{7A_gW&Rp=iD#M&AY^#H|Ypd;R1K${7HVp@`$iS7>rnotLIaG
z{?Fd)koWB-zWsCMQ|S{CkG*DVTW(m|tG3*#H6v@b3n3=2ZTI=}*gn4Adfa>I>F!nO
z3a4vYId$Xq8!9E)y0UCV9n1p-e)CL$xx<5cdX432%g(_liti$<Zs|0(=0jZ-D5e(@
z3OSC~Imm9<YY00|Wi7BAvK8V%W;P)>-O~UrUA(+`oRA9LDVst~FyzQ%4rLYG=91ma
zcH_flq}FEc0lMK#g}~PV!pPim6_VOxyKUt%^KwI(%PnqZP}I$Cp)WRIyh*HiVIAFc
zo6W~<4CX=RvjJtar#Av~X}qMS>r_ezmJI|7v^KC-nO3xuS%rZdIbxXrk;JWR;G0>p
zB{Jz0%qdeiWTB;9S}25VLxh#cxu}^2igGq_Lxn6dLJF(4(M0NWDVCp~G3opc?|&8#
zhVSM_UhzIe3h<qDY<0SY3?yI!M-T_FY4Hk$pK$k|SOeYf4ck5@q=IG3;bWhM;1ymO
z2!22Ts2?GV2$kRjpbqt3_5O)lvu`v{V<yCHne}0l@4C#dvk%Q>P>1SWpxg6Yr#>oC
zeEL|K(M9S@cF{EcbG6+^+dJ&hdw{=}E@er$s*KGA1pd({*T5T<%RaS1?GbgxeR&RQ
z$M&r}xEy`D=vGptJB-Sfc-B1nbw;jo6GeRaI_m0feFN3?xAxv{&!q`bquBC&-)$c4
z8V<ApKVYgpgE6(92%O08+I6mEy9PaM*^>uDlq$2YF7~mkc%bDLk_KnR;?PY2(w<zf
zn$M_b+Zl9to;Q25G8%5K>rh~lJ5v@(gki&3HRz>?TvHwb(sn9V=Jx$cRm#7)`*+$_
zCQ?;@V%ydAJY0U3zRvFJKV~=fO@^qyn@gqrw=?G9thThWH16c-+Pb%M7E#Ht@oi;o
zj{3ga*z4=NR|vzFs-47Y1cklg$9yPm{B(+`KD7kDf_URT77sk}dsrXGJ9gN7I}PO@
zd}{W(eCjxRyoLRoG87wbwRBNtXUREdq?_|`bhUBk+sxtTa<Fqwn<39P8uSjHW()*F
ziy<S>0p0-!Fo^_&U~jKGL%zN1Hs<G^X5-g86|39s7JJ8eFD+y<s>9vSFtVPg{K0*%
zS&1?6CMo5LURVxz^>pt&OkL9!^0QvxmGnE0({PGacDu#O_F$o?mc)|m(3eRI4sFpA
zEE%j@<|@^UqcUjg#%23$bzgLPK%%>o9?h2rfFr=&tVs=IzHeNQeYr><VWQ{(icckV
zps6hnU$9R=rx9LZrZUr+eG#{7I(TLHFI^8oq|`EMWtC|4ckgxAcCWt(Y#YqMC)H)<
z&%ZZvQCExA7GTbZa<5V~SRx`$j=HoF9J4NuL?4S7tZ-5qS}CA9n`Tl+)kK!-#k^db
z_oBr_oMO@02jK4c@wYuWH>TGHVW@NuRd(qjTehBsykDF4@H@rE+!KI2U861Q*E1=m
z9nnsvO;J@|s<8b34ms{DdIa~q!)QIChI>m<GZh%G2}4!IN<S-|Ihf;>-XY@F_i)TD
z!78)wW4u#?($-^{t`CM}oGy5L8?e?`ELbc~0Ea^{T@?^{w&o`!bWvU9%*-%cw%U%6
zh`>e>mMw&`zYbfL=Xg1FZ6SNPt=!z+EtrY4ZN*80qs4hfj@<3HcLYsVVBpw}6vSFN
zX_Vi7JDbCuVRUz~<3^W@dAc`C5i_fA%)+%@TJ*LrLqkJ*cx1q$`c%p-S}Ax@CB021
zT>=a7NQ=L>x4_@)@Mh2(-kg-_p%p3?hdGg<$cI?vJzb7FDAe8Cmv-B$j+i;Rl#P8o
zO=GZv7%r&aQu~q0X&`7pnRujcj0&(`4542SxVD$cZR~aSE;3sC4_9@cvm5&+!VCGd
zy1vVK5_oTJ>pk+`d^a-TiWaDx$CPqvJX=V<6XWxFyOp10jyn6QC66#Xt+PdFHKuYy
zz8<@dFS{Mx{m6!7(_sAHm6))7Tf6M$nkPO0ox5%AuIXqmv;Zs(Mf?^;4a850434c+
zg}9>idDRVgqb;gc*|5z|1sbs9Raq5RK|9JPb3;Bb>EH;X#dp>9U8X{Z=7}VdNEm#z
zd=gEu8Y15r39^G}1BpV*0Q@<>3$^6XVES(2i#FQa_-;_ULf%_&GGVwLW*g>k6f*6&
z3JMJAt}*T0=1N;$Ta8=BcXMBg)g9Y%?^eD#<5A|D)l4Gwotao396qcK?~kq=ZKUq1
zojDruY?@_L@^Ylpb>t_^DJR=<&LzYl6R6~rr4viUqV<X4DuaQyA!!gniFC0N2xeJf
z6hb1>DF&2H-UJVWiK5-ILpZ$|+ENA*B;Y4T0e=<>10}SS8Zt&Gu_-dKwkV5V9$$og
z_vc@}{I}PYSJksEW;V33?W@~ex$(k!ZHEk|!qfUtnTNgp0Y3V7$e#S{A(#YV*W5RU
znP=e<h{RP97@<}9dyxHEN9~x$)3VM0J{|y&Nbm>Wgb;!%q(E5(IW(cyR!sc}u{n^*
z1LO<6$t?SnJmE?De(UUqf+&crnE?U_l0=W^j{N)k?+?$nd0wr4YwtmjXhUOH*Y97K
z?fs+5T>vSh-_jXsaTM=M1Kw?(IrsVb;qU5TiAH3Iln*|?p8b7$<IB%}_jivT)ljdi
z&6{m&U(r+v6Y=!?C+wfxDxbqghv*x>Qu!>=J|EHdvHsJum>z!yF%VT)u~sZwSdA4%
zjf!L&GL51vf{4Uo{PF9~I$PLpeswsT;o7k&Mp+dM!kLmO@ha^pBMieR-`95v8ltTl
z+BJ)7NEJn+Q5M44R>;_^Wm9C@R@F;tt7~N0N;4&fnzUA$s&%NXpxUZVw1-%t$q538
zC@BEtJpBnUXWqXY>)qkKe%^qf$<T(t-V-tqwj3<4T})?1zAw$`ZR^VM?)iP986-&v
zRfwpPXJ4;J^Y^}woj*If!_o+m53CSC)JBZHSC@|$)79gC(|hoiemc`6oP=!23p9bA
z;lBOOZw}rwUn|H+VkHzwD2auc#&>ov*8cB@;63VkB1l8wSfa2+jAE!rI|hfpZ~*f`
z^X>uB*AJodc|1+qnR3IQd_Q5_@;{LgA|z1+Sfq}5_3FEY=_xGl442P`OhFb!BQlhe
z<(wJfQ2julFa~qoug^!DUcObxNo65|M1mm11crG1>z=-Te11OveS4C&OXq16r6idG
zi(vN{-mo|b>D2kS2TzzC8<`G?4!dwV>ot=;k;5{-cfOC2ipYw@SdlpPdiUoz=VzLD
zNFbBj5LFRIK^c@oaPc%hLxjig%+H+=GGW<fVct#6JMwHecxPQ0D5@&Yh*VtHPTk_f
zSDL(YnTAMnZt>%XGccKwn3I@kkSmb`a}w@_xXyEPgm^s4oTXe6j1!ldw54p;KyJAQ
zn^kfP3OubQHPYFe%}F)|b2-80T;VsHoM2R#!2yd*<_4)57?tMGj{|nQCk<%{L^y`C
zoC;0b1v7I46Glgr+;QQg$;LJrv?*+y+nDC)26Dn{DnU6*%go7Ixj4mnm<Lpzp5~uj
z80AcP+S`-TXfq=N3M?&{f{`MMiAouT8z?HVm0{Y|IBQ8r<;h|elPRzffug{a<QG|z
zNNt5$VN+_zqDYRYXj*qoJ3E`M2;(GTSf)a1Ajk`?E^Mf>l_mNcgX#lI^|SgWiX)1^
zDGu=0=>Qo*^2WaaurLq2ZdqBmy|v^o!^~HDA`G?ke0Z;(?^`MF)m2qhRYfiA-&en(
z;dj915j+$jZL#lXfbhvru!$F>uWOU3<i3(y&J796nZ=!bmHJwD>IGO!vQL-KAKAU#
z&1Y*?ckOzs<9}~vB8>Z&U(LtD_mH%!+n9<UC6qVmx+#3V8%F-7`0kKw_unn`{I=5j
zElX|dCFf@K@7<pbN9mR1z5>-($*uWIg+5|ZHO~pn<r7N2Mf4V!-IGr5$TQ?eWmgeC
z*Y(l+exGgW&$H~q!*`iEyh`PWnbYaVP1I&;qVopnxXkJDBOT<aHa^^nAC>*~=PTQv
zM}Iw11z1=WZ;rKH^<v+pGS|>bqO-b2Alq<=_jusw45`CJy*8^XH!|w;RI0wdGdeFT
zMpL6rHoZg=MSH_N;0OR9B!odA!I1Roym!@k&v%Di=eTM{J=0^T^|}sUdR3n-N(+?$
zvOy-wq=+Fl8LnPt9JDvKv$q&DiPo<;<Q$)9VsPwK4Aohqs`P2_i1!P!Z<h|j{p=3<
z(&Jad24WQFh!_{Ls_qr+%7nC{H2eYp_yTtN>}MiQ`MCKjBW8{n!DKH2(Lh4I1ogNr
zR9PpeUT_7?8#>Ip-wVO&JKuK$Vk)ArfWcxy&8$|99XfPn;JD>+Ow~e)iJ^ho3(e1&
zb9YV|SK2+ubtUX$!QpjNMC#?yH+I!$M2R&PP6?{YD!U+QopXTZ5Xv_iTfm0OrV6N0
z4G|ctpl@Ap8<W2K>gBk=)1sP+W)10jqMg9#uR~&pk7X&a9^%dhnGr~7D0SZVipMaW
zDygCjAo&Ic`@%wOgMz~r2`^<kkvhn+*sxV+nlz)x3D+%a;E2UlUas!$#}X={i@p(0
zWDJ*Ww)I<uqURfWSD=_*Io-_70*7TfCL9uk(2R(L>lTtD3BxgR1=X@!oa*5dcQ>vg
z#tO_inOj0V$u|-)xZ{VWknb;Euy}cn2D=c=H69~DE{d^A;M!5@X!Us19%VU_xqOGi
zhn8WaNhJFz1gL7Kcj(y~m1-4_=ks;L1y-qNH4^z^CUpExI&PygRTr2u<OcTV&u%}G
zh>XXZDou;GB8GhPKHTMdbLj8qs!M#0eVl0vIzIdFj<Q_2wOv<TOk<)v-r+U#dEWc7
zpTiH@g=Xub`1XCo#W0vpOvF!vuAAGe@~@|LJo?w58)gyX>!wmoBEV<Kz=jb=Td`EF
z3PGk77>;vt*{D?Q<HV}#dZy6Ksh0-1Z<|Dt3An+fLoL4wq!`5JKV^kfnI{q~lNmt(
zNG!S%?_FLXf@vh$t87p<eMzK+nvl8+5)@-Z5>UpPq?r_uYsk?|q9S_Sq?MsnSGAA?
zDJBa6G#ob*f+Viw0=&q-BCPpT3R0@|c~Nablc4=5wuN~B)h`+p;#2|!tI>L!H0B$W
zWzEdPDz4@l3DZY5QkLnqaNb-LG2At;4m`}x4(XIAu0q#A?&n21k>DV033~YCmY;hV
zDKRkEAONH<KK}l7b<?!H<?A=^SRM!>A@;EmRaI6jSc)oj5b*nda8HoK0R5l_!gGh$
zws!Q+9T5HRl6;;bqY+R@ixp!OQ5W~l`u%-8e;)VO&a|87UkFY6gD_J@x6=LArSJ1v
zy7hire%@)~PY5LE%LCRs-B;JYo{EuBRK-OTD1s>7{d(`8ua~dh^IpFHD_ibVmf1?a
zZP3zaN=QhcvP41h&)sY@GcBG?o%nT->u=uw212KmpSR;D;Mrv_EBE)|V<52=Q+L0<
zo7#KVGlBQ7e7kw@_#Fs+lvW7Ehs0t-@(0W=g^<hXesJnUWZ<tq%io=Rt=-o6{l06;
zhC?AS5sE4Zim3hiboGqR{Pq0$9)uB6N}tOakj*5L(Ly+Z_vJGuh7>s&GbW75kiVl0
zB5#z=V^hE1Psi)_eo;|X7>I6l_k8X5=Z)W=4#Vhz#YD;GPNXci!R#=(N`0`hMEPJs
zhtT`f_b0pNd)LG0s)(2*Ac%z62#qr`s3;v?c;5Sd6y$wD`{Sw0=_EY*nvn*CO-9=M
zo9pj(HT%CV-8bIJ)!E<Pp2xx+L+{DK1XWd0A}XrH6;gfk<@0^>tWUGow4XVBJ+!{B
z+g~rRpu!5@Q+2E7SJc0k4jlG!KbzO$*$({qe62G&_I!#l0YwoMT+^R>{rfjRVRZOC
zKNyF>1}f72Q6yp!B7416;=As;_@9^|)Br4^bFInI6MuEtp6{P8km2l~qzC{B2Dj()
z@87HW>(A}(`u*=6*PpBRP}Hek$P&p(rjgnlA?g+f<DU=Pd6iHwCuuc0O;5gfR1|=A
zw#=vHZPQ`*T)Yl%10Fa;JzQis?)BaaneLHuL$w8sUEKpFjA2VvVjIUd6LSZ1FE~te
zcTQwCGjeDgdBbouoME|S%;Ip_Al_uu-foVDnr1PNIl}BOGi$O$=H){344B=ZJD6?P
z42qL4Ff}oQyi6vmj@-;Q3>S#nrprib7l~9*M9Onj<{Va%(SU}IYjzI1GV<6FIGn}2
z6N-gH5jM*3tqV50iEbO5%chr@UUE&t4L5ggW>RkC-8XY}Om>z@ETUQqRE<&%sTE?I
z2{5oojS?a{bkzfr%~q0W3o{hOB2iTo!&F6TY@)VhV%Bpd0^vbPNeK-lLt-atD@7Qy
zB0KPVgD1`Osk0_Co(D{aEP=;!xw}X1=eYZJ9l$92!`)R^-~@!5Jw$Sp&ToStQVCVa
z)^T0O-Vl0KPTj<v3-`V6BrbV7(^-P6m_D!8xnTycq(oxd&bM8v;?ncJ&LvO2B6iXH
z<*)7e_uYh*+_P#DA~$^dTs*P-v2u>C?oP0m!UZ@3L&Aj%b};YG$$wfJ=nD3AC_C4@
zkrQ>U-n*>gyXF_N!pYI0bUJ1g()YL;Tuf%VmFuM`y{+W6{TAO)LoZ2RZ`~x7y*=Cu
zy&m~sc0u?SyX>i&Wtw;Luyp&{6hBXi9dn_)v_6Xp`EljHU)D9%r#I*>EpO@f!|EhO
zTDOfQA5%wiy-RE{LERpA_tO<BA5b41o9}kFzEnPZPu;_rkB(;cEv@6!FWE?D@?(Bd
z_1z-)KS8N|Gm^>J=w*ExXi_w*w(g3Rh*3H9JNphIs7`3T-TMYiv}DQM^=YrME5Ebs
z%+TI_DBU~gq>;JuyeaF<6I?g9^ryd1t9S3R?Yidnw3lk7W&+*V`P2}L4{B<a1-h-6
zZffdSvn-)*Uw3pIB0WC7`>l5c&YE%8mVB@2*YJcZm`Bst7iAsz-^Qp9tG;G~KCrCu
zkqjGWRdQXQNXYveMMVoJ+?~`0Bmp^Fe_dDKEuSEH0OAwPX$Xc#53Ms;a`l%lI_U4C
zoI<BYQ=2|OV2ZFtvWsm^p_HXDB5nKb=us_NSErW@-kd=-o}M?thfrBLbE@0jYSq6q
ziO_(8^DXiW<?geYwK7RvjBW-sZ5@#LTBX)p+*~ONB0y=SVdt3p-sPQVTY@^4+L_Y{
z!Xm6uAtQ*iu3bX-%S9aBm~(V#%)VKJNGW97fxrNeO)P*g(Zl27&$RU-MC3I42e1SN
zp2CF)w1HrWTT?8m<lmASO8J4(v$jt;k?Ev05e1Qq77HU~O+`s$BAIRPdOUd47?Fe-
z-mIO%j=<4_2nIu&EvTK~Jz}3VZXJQq+$t<aCjj9+vwa$4Ly{aR*k0F#;Iba-@Zrvv
z75RdOq9W+_37#(~rvt;H5ZmX1n3TlpJ+{-&N1}$BT0Ri9ebtz+y>rh8a}D9)BckH?
zW_UG}Q?QHogJ9gEQ6%j-Q>__wcWHuj5=lW-SE{}fqMACal~q+?+jiy5I1#LRDn1xy
zDqK|A6SK0a&pGBfm?wohAeA3&wzJWcMfalSCLI&4Ui|NLxtmW7Cv6&0v}bS&V)(^G
zGD#7W%^M6EGgiUx-WhWz2TdUA%)VP*2w;UB@19pOCs;KTp}~@j=<KIJ!<^#gC$Dbw
z?(VdPqK8Kg1v)v!rc2RnG_wYL@2>mji+bL5PJx~t_vZ7s1oz+#2CSnR!j{@mOBSt^
zqdw+&-!_+rIitC)-Kf%nsnay*CJayqN>ZR`CWe!@cb10*$3*u|nb}M=J|z|{EeIj>
zJF{4-izmx=g(L^uOWHZr*_f4`$Db8JbVcS)4FjEZjqG0+N9A^s`TX01F@2`E=X6p?
z+CLdO>V|1gpJ<8JREqX(UiH;%nK~pPZcw)N$IAP01=xP|Wvt_tP4%rm9J!xX7EOus
zHS-y-*=1qS?({9)`=0z4!sGdk)&j7;4Wk;kJ6fPSmgu4*!%+b|i3S3Rvl{t2p0hpj
z9T9|Bw+}v{Rbii>y$ND4_LDGO`m@dTjM_s@Qb4!ob}sh9CF6KO6jF5xCli}2>$<g7
z>z5N5Rb$rSf^d7xF}R&wG;=M{NqCd1NMsmwWVkRao+k04!$AOn0C77u2T-Ot;}Dus
zWx$ZSwbv?B%vQ?xp{=aZ212mxUXe4e8^DFsc4sJVXf{GV#1ODiA+?PUR#}2idEkzt
zV!bg`bmBnLlg@<%88w^sUmbbo*5@wVK0hy8J{W<?^+7~c7>H$NYGkIy6Bym~`FZ<Z
zbIO~{a%ArL;XV*O6=E<{MhiQS<DXm)a~$)M%*uZIO=nU)cbVzXCNSEaFLtN%K1dV-
zY*JE1iY!Dh=SN36{r2XEd4WAeMT!a{pvm$Ud*EcqdHR)(-&y<X?DwypJ^1eqU&zu7
z!dQ?-5g*%r`*Aa+B|V*&;Km9ns)&a#hDc)$KV`CVH}2#$InS@cKu&tG1w~XBpD#M=
zkK0aOjNZEJ@5Nw;#E60UC!NF0#F=P*zd`JWmir8g1XLu{prMe7Zyvn-_219GAHLsP
z*GD_&W}l|lv%{kc%>&?)3M`RWAZiMU5F1|_Cd?GfmMax9XwZXZr{`YOr`tC>23bB^
z!!VhoohM8rID82e%X+fy^VNIG6$T-QW;b8Ao;~L#dcGbAL_z{WAfE+bQXsKvYa@Ru
z+FPGJ{w=Hw_yyog@X61~CFXtlJnr~g&%KJqC`d?+D3Ti@Prt5t{qEN9JNe7a;oy=)
zNP-B6fS)QYl0suC8)GCC_e=G>2|jdrcQ&JFUrJZgqZmzkWPfS$43M)88U$V8_jljt
z&);|6`h53Qzhz{tGJLl&AuVFXq*6Y~O9&fqJxWf}o?Gn~veOew@1A)8+uWJpdMF|&
zvN0A4un<Wn#QVp?^Hq1}-BS4pZ(VNHy~u|T3Tx$=P?1Ops$af+`Mlfb?ga4<dgF&(
z{3I~XN*!Q(_oHN=H|9nJIB}m&;<17Xim0r(^-jK--nrAyRqB+al%;C-08CjTDk4Bm
zpP7AUSB@Wgr_2l8`&fzava2P-?%do(9MY%F!GT>#fe6emIa3>&26HyuG1T5tYYHu8
zG`(@watOkm2aVpih3Y*gjAAfb$BTDGn)7L|F7k%L@Vs>krtaekf}6uJO~zTAyUCfX
zfMwgs%5w_l2OLf2<Z<9oz_cz~mRM$HC^49&;f`R29La>r=QPJ?lHJR+&TQmh={cBl
zLz$~LK~Xb!-OfCY;N%NLV{r?EcPMg(xJQo7Dkg5)Of*heOqAjchc23m?6Scs6<E80
z&DB?U=4F&lD^Rp`3USaucovQ2=Fy19FB^%-^+$o|C_r7~CTT>Pr4%6|%B52RsYRtz
zC{>yT(>1AUMAMQ%iWG(cWv5wm;*^}Z&R{}ln#v7SP|~o-EZS96no*@tl+uX^(;^rb
zYGzVjt5TP|9<q|WuUpR%PGq6s0!j0Q@qS&eOjzf<?B2S`-z1UVL&_a03`pKnw{y=X
zTV8uPFCpU&>D2b)&U?;IqIz`>`H!TYST~&H2ypHlS4wxNKNSVla=#(r?*P5E=-~<Z
zxP4Y;N8gXLhdDI;ch#EakCn`$K3CYhvKeO%YvuCcP;`SYorpvo_tTV*=I1)wDyiq)
z#~t0Dh2IrkSV})}NvjuvUE^OY%tr41sJZ-67)|BNfnL1kmVI%EE#%)jwgdXDW=4AB
zyq1&pt<H}HeA7Aar_bz@?{MaCkz?(}RjU3vCG(3o{0>{G^t*`5uAgoq@hNI<=f~&M
z67Qax`>Ts&m&w->Un3l-s#3bgZ(RBwud?$V=3{HVOdp8MvUcc7v!6c86*e09eX;#+
zLW=AUIs7QUf|W$ty{&4lD!6s&!+D=nfo%dF@!WM@cCV_&q*GZWX^fGPMgm2F=Y74`
zzVog*=biEIdfRzdA%?2EbTJ{g7N1cm070Y>M;e4CBNGGEs`hoUs6o85UuZjb*wNYU
z2<)k7ZD7@#tHXe?$&BQ4WPKBN(*l6`d*O@2&OzTf&TYM50gy<rf~a}!E2Fk89^i6O
zBF+(HJr$}mJdp>&i&D{Dqo0h<^Bt2-fJ9s~tH43xPl552v{OcrB?V&yQ7Ke}mdeU0
zB2AQ{#eq?z#S(_~KTlr2F5}g=<+UoNt44VwqE68mF^*t}`1Nf}RtllrThxa@p&aXb
zxs3Q+1sf#;K9bdfuBz(z7&qRYMEgM^orz6>DNju=&h5Tp{BqmF!W+I8(mst7P894+
zf#<&bGc)FT+u1uMhiZr+V1`A08m%;+K5Xwj^PBHpe7x_gm|ok*wk#km=xDIP?|KL*
z1LO=ZO}Ud*@84Xx;RwzS`Os7@`nxetEpJC)9e2e`+1T%XW0|22;qCctWbj}LvtTEQ
ztLLT1cLZeV*4iRl<++(+qGEFv<8^z1l3>M95wdV(h{@oP(UKnb^Q&^0L0-fJRb#f-
zv|JGiHE`bdlZ|(7(o-n#-uZ4H1|Av`78%D69ptsEFsH)uw%mDIaKY;a^*5n=Wydr!
z2@Avrk;$K5RAf#$`H}T}^FCS9Kda}{67Qax`>Ts&m&w->Un3l-s&=7w95t%u_uW=+
z=;PSit;_o~SJWHVnTLvo@pGA<b~lOE!fu9quYw-h1&>TRE_|-qSG=Ee9lQ6@3*oq~
zMqK%Q)$!CfZoZrKpP0V5p5*r~s6C5)qQDsr17213m4{mKFro+~yjo%LB89g~KRAx1
z@ppDFwO}}Kk);#QU&orww)6<m>Q5Kl-%qlb;{Akz0te<vUIYsZ?}6XG;g}JaOK=oM
zxM3Tbtkzv=jYLknH7(uA=8*CAhlmR+=Uo}E5N%s;nMLDuD7=Uy0%Qy<k4IRxXRFrH
z6n+hoDcWs7&yC`6BMD%%n-)w0G@AfAQ`H_jG)&5fU6~uXE!cD^SE6k<8#GU>ry-)Q
zCuYymKw5y%%dtrVjiGkw-1CP@J$a~U(e)5wELJg8MNv>ufWeGnPOn?b?>*|9w-2oJ
z=ScWrGR3ymWXw$Z>cAw7!dfd#*fd&u-@ng0<tU%1jv+GGU$767A5ge_QBed%6^Np_
zyYqBD?gyOb?I3t02`M+WLPlyeM1MN!{O-M2)V3c&-ZEK?rfK)6>^nqa$S%-q8cQ0*
zq9WQT6cK`iP*Nxgj2!dl&zshs6!zY}di=kAe$=&B$cccMk(N)MXMa2#Is`s-K&kVG
zo&3P<lfXU*sgkiI%q-Cu-Y=d!-!DFIFF5z~pC(U29iL*cK_ZBwA)hC%N!ogF8lu4`
zl<yv)&C@|Nn=?L`{&%bM?)M~#A)rADOm2MW_dfUYI9%}geI(DQpsIo-4D+o9cB#k-
zuq-Ur#FKEM2?r^bQz7TMlk7eQHfd}Kfs^M5iy0L}6#3UA`<`Mg_<5!&*h9(jMT}Mx
zke)v>Q+#qvF(m}4>5_~P&>~G_$2$4(@g%_ykUjYh&_sg81uYtqqgb?S2oPWh9dvJS
z@9oQnoq_NqJrXFfVycWl`}Y$cDM*aUlez_)0?qJPI{LqT-#q#G-<IC~L<SfsfQ3~X
z_nuR|Zr_{N*r=$Z6iu}DGS#Wg&CseF1{WNAO)#^2=OM`_pTEz~K03aB)%IdC6pCa7
zg+)bG6=I?%Jk{sEa<`l2<foST_wLodYs!g)1Sv9Rsn=)O=F5(TLz%C>^AFlg>PT-y
zoot}&log(N`)_th<~{FI&gGBo{C7DIpM(_|6=0$$g0Fe=@4fXtXSkVr`Lp2zexfLf
z3JDE8p?P6Ry`K#Y1Ym>JC83x0^k>!c8H1QqFLxAmSz8f_r{-8Nl4LaC5F`l^${tRI
z3TD~@8Lk*MuQI8Eu9=b}kYQ45FvD^#Ms0TlV7S8!3{0DuxwxCW<9W!dIP-3bL0}G-
zj%B>JnQ_txZ3&sk^OhV-%d?c)JA%z~ORAiM5-}zr3gK6Ga<f}GaSSO}nZPqdGUd%V
zrW|*SvSl`$c8Lw<nQl1|Ih(o)G~0&;pe*KQJmZpX;hGGB?&Fej+nh211)R$#2b`R_
z3wC5t<qf!THcjSkO_0Pc8r{b<tS>pt+qXxK4BF;Q<;O>(fbNYPi3?Pq=tm-x4#`tO
z!YKm9p%%?ffi0&)F*X&7NW~6{Av8k4rKE^rgr-TDoZ)C`tu(6?f`Y?NVWi6}$dn9B
zDqHlyv9Yj!pvD7jzBRtlnru>RnA$9A3X}>ejA(*1S~VuYqiuq$Vu}V9l9ObSDm8^9
z))PUg7(x>;$uXeTiLq>2Ln(_HtyyVhV?r`PMGcLkS*o!UVuHx9(%3YTmMAEUn5fD$
z$%{5nl4&+AL6SBti&3d;Y*@lciiKkpi$zAZHm!)Z(HJPjv1o{j%2Ghh2AY*7k)}gw
zG6qDV(V)gjVU%fTHlmrcY$at9jiwoDQ%xI6ixMVmrKuYks%aZ!nl&~iDk_Wwp#==E
zX*OVLjkIfNm5mcoY^8+=u@=fr6dH(9CJk&vOw%JKre?+vsEcCDG@6T1QpU-RlF6vn
z5fo9ROlldWGQulODS}zDjbNiDl*WxABvB%oiGpl~mY60>Q4uM$ES9pvR!b5oLTNEY
zq5>_1w6!9dsIoINNR5gL0VHIKM3hY$QEb_%Ni$8FSw)#i2s0GMWXm*#6Jj8yh>=M#
zNkF7SCZk3)QDj?1vR0Ia!9yh_BxVUqNu)9rv=$;uWu+{LVWLs0OqOZ3p&10S8yPZ6
zgHWv*O=T=;G^L3oWSUY5F+~<DWQKtlqCqw?KoP8%G9pVFG=+n2ukZWwc<=A}jWNxA
zbZ};Etu^>x4(*7M$7*to4cP{Ch7u9A*S$+f!L@igu3`fRyd{(XcJmhiW^b%UD6V!A
zesE~cR5uMleXQ#}dNF1`xvR2Ypfb=FXF)2u^qM#C19Z=O-C&A!aaSs(qXvYdZ8i?(
z=$++|^BO8|2SM|{XIzNm>)$iR)q_Y@P$)b*R2Fr;5#r+GqUjB(UDoMio0%t%44{%Y
z^Es1Zfh(%5Rh}Tp%{=Qn(0KP<L!9#{N`on!TfPIk3!<he+pQQ?3)_6mn?oKO+vqr>
zEm>J{<g3uOaW4aIn&RjW4{H=HWV_C|PKuNcYZbj$wno(nt?X@kg&0uaIt0Qpw(vU+
zh{JHimDLr7YmTqS(RZ~od!=2zyxZ-(f{eg9S218Ks3s$`4b*5LrtrP%qca6yml%XI
z38*f{5|~3-Qo)Cy(DKx%`P0NX+gsum-r-dHGFI^SW|5BG1-u<)Y$}f1(G#2EyD|7<
zNfC{^)cd<&w>^h2#-MO8iU_Eaq%h4KPic5ul+SaQ<CC_R009;$!$y_*^?17}G%WVy
z73-EVEwMReA)fPh;Se-OiHsw<o$T%e^|Tp8`pTg;KVcWcrP8;ao0kykc#z}l<j^*n
z))N4er1&-twSh4~tL8YdR-GKHH7fe9VcT7xokhW}#5twNvhIa$!`v!)VICxVNEe7<
z6;|l0+kD+ES7F<>CQCK2)6VH<SZ4;laMHG>U3CZDGotEZg6nkyelwmY<eqL)+C|c|
zO>;Eg4l?~#hh1KPP@|Bu>)^8T)E+cZ$+C{`j#gXtPe4RHlSL6+yg}4L5Je!7qq(<t
zC0h4CV6GNIsnmx19K2JE@TB3^DFW}<Y-O3-ob;-?FKphidnJ%dFkUy!G1Da|@Ca0h
z5W)<=i|MX{jO^;W6UYmLZN)FR>#0@GvsYk+G{kTv7P70K8s}z(Yq<=q3){T&8kw@R
zDjKLd4M`w~B*wTbJFKHcRdo#4x!7UbCJ>vLCBpWwfCdPjHd~Yvwwf7Lk9jFP)6T^*
z<&#!kr+fuwP=R)16Wi0;?*yk|HOs{AZOzG{a+q!koX1NRsxa)~<B|&vZ-aejV@U5=
z9cCG{C0Y@d@f*2`N6f4f3KLDxj+sdfMZ;CfsSF~}?(DZ@J`7=;Chl(;NGhP&8(c`t
zH&|b2Lbd^<S*4N{AT%n^Fp%uEX0wyz@79{6ATa36nGZN{)tpZ-S?#-?_RZcc3+o58
zx}fyACSP#O1U~Xk8I{?qQ`%RwbhGUR<VyxLD~a*kv178-n^H78D>C?RaPFglFLnlt
zHC5+c3m%K2cJaI&x_lw>)tikJKu6d@IBbB39PxzAYuU$5giwYLCscD5aNlPyYhLw&
zJ!Cz+(UO8Z7=Vr7x~w+?HYz}StD@7Hl=q)zfG-Nd11$Ie$N}49*q6P+JgKg)Dl@vz
zH{(17?=j?6EG*c0Q?WOT7)t!f$GKGu1Rm2*-om8ol-C8q8?6|kdhGQJP<TIe9=cn2
ziPIo`!?0b{V!*=b4Qe;Gv3Yjl*tUiwCe|C~*0<qzGBM%QCC)i{LDhKXxwy@~A+x~M
zQ5^eqND_5vz70Lp_3BEr4A*vy2^{t4N(xS}W%9nt%y#YM)6r3R)u(S@>bc+m)`qDl
znySf=og-s@?%mF-aGLJn#ww7B&E~VTaeI^3Y$ITKbyUX;3`*}&G&PTA+YsQtaNHL(
z%?CKy$OnV*ST2t0o}q#p?rA{ot*(o5m4nkF<O|;$6K=#^YkHS)OUge_01+Mn!>qWD
zRC-&{GuOe0(X3Bc>5m*kj?D6O%!VwRpt;Wvb5YjjL~hC11nUEul~xS&eJgZR8w=cq
z>UiGHtrm(Lc)Lv5<V4=lbb!0}kQ?RT6%SOu2CNM>1(9OqferZOBsh>|-ty`<Q#R0J
zf-aDdvJW{m?yf#pkxmAzR?4&3x!U!cg0A*fo_ykI%;#^b-toKbt7BeXyIrRF5^}W7
z&P4EI2?t^wo>{l*#Nw&|oGxT_r+0bW68xoKMiC~&+{-UFi-NWpqWU`%G~Ib|&gXby
zyiZMg##mdm9u1+CfJeiRhqQsj2uG?;&?kv6c6+u1fkIc*F4B9~p8EB&*5wZ!4+b6p
zRmbJ&fbqkQ-=6oESR*@`1a9o^YQwKCuQJu~IoU^FG(@XJXM-M3SGYW|6`=S_^^={8
zNyIJH_Pmv3Kn>E@GVe9vcNLC1x^UuTTo11OK%*tz47M}4DGp-s!8(TB*LPDqBrJ7v
z$aG9M9%U8`-6>n9`&i8afjOzjuboxz9CQ-B_1**|D{-nh?X9(zk<H$*g1yu+rI-LL
zRCeU?OkkZ+IbIkb2wV2XUeJ1_N6WLcP*tmG>UXpoMmM*dIgFH~7<(p~BBAMvG`w9#
zuvX*4WUf~DS-!n4>Qk*j1I3SC)DVH_grX5R2WxiKxOsY=2fM(pTwd_-5Rx<9T*Vih
zUjr|zTPUvVb=m1&z_%~7XxsO^Pk_qG;V$<iK;9iG@}%h1?I32Tk-1h*ot*+081=5I
zu119*?QD*qSZgH*95%tItlxRt+ig{LQ<H!oQGnP2SFo)2uDmv!Wt!yqo_Tbz>ST`B
z*5pGm)?XAW3&9o~3&5qjw`^q)BoK$C0JES&n-!+|P0hB1y{FMp<tDdvt2psy?9gTl
zA@xEMstt7#I16ElHBGgms5L@{-0t-5<a+%s=5j|0uLt4B2bLPatZi)GcjkAfa6JbK
z21-5MVRAnAhR_}X3IIY4^S~@ClbQ>h6`*0P22hreEE;GVW7w))1Io7YQEBlhv6!+z
zGq&{%RP(Mj+`2&<!Bi-v=q~J$w$y%nn00U6<V+oP&Rty^z89<_RH?<a?+U~T6Ggs<
zE`@H@US?U#qPq581&IrZFd!5L0oDSb1<*C`WZ<&rumoi$`oUtE1D!gsvqtx9m$?TU
zo+h0$#(IIRW~L0j2K47;>OC#*bE(WbD(=SB5T~~ZzOwAHjSX6a0GyWq<HK*)THlCH
zZ(C;2ytp{LRz=B=Iwg5^crF`L*;Lm&3eIqNdX&zPGmlfmD+{x(C~;*|z3|SX3ykTm
z+;r7Wrm=5w=Z7}AUuyzPcHkqS0Q66TY+*S?dXKRAnzV@6031gjdn?&TqrUQYEZuL1
zyawB_g#<YUv1Vu(TB0oMK3pg)E#6a4%9`HDk0AqGat;{w=ycuHRR)tmYzq3gb=f<<
zy03ONV?A@5gqT27;?tu&Sx3R0wG8vTs;<rq>4K!btx^$TROeP?-folYw^8pQR)~QC
zNYc`@O}bBDl9<RY^}=6?=g`nNJ8{@r^`Z&D)tkKwJ=JWXbuYKCAF;lK+*xdOjJMg?
zcQ=lSO`x7Uvk)Ss(hcQtK{5p@+`w;n&E<QjVJ`BU(3QOq;N8A9@=gU<YPjrIX8ib6
zw|?okb($ndRcJN1f)Nq75YryZODP`G#%CRN>Z8f81&lqsm<jI&>#+?tN7iqyiItAm
zMQJUbgvOq5)spX$J5n0Vy>(Pu+x9OWptuw$ZiV9R4n4u0VnGYVJ$Moz<s96hKyfQB
z3GO67u@<Meg&>9EgtnB@(sS<lr9Iz!e|P+T@4q+R7;g^POZJ>|&9(O4E6JXpwdT{e
zPD`q#Me`w_ZBZ0UU2R{G3+=>Rcc`?$DxjruaE#c74~01ov4jQ38H+7U;R}uizX7hI
zfu`>FJ8Nu$>N^j=+kj8n6E?CaYPP$E(JPr&=KwPVJ^~+sP{-{n$xs&6YR!vj8ud41
zZRvW_PHD6knfH}Kt5ILsRqe)v*E(L2u<Cw32G;ft$~LZU3^Fqo)BKg$bwuYqHThs1
z{DFMy7&Hgctcsb}vL>;Suj&^xU0!y_=?8HQtp%Xm3}<v40np*;F_#9FZ$`hnI!NXl
zx7TgVq5S;HiWKfqb#op3J~!Ga>4TK$M`WmJs(1@#*gjtF53hk`*1p9*pM}P_Hh9L(
zH-auA@9$-t8(hu@DG@$yGU(6(K9P3;fmvZoiurPEua$A$8=y(@j0zzr<GZpv(a4qr
z_oUbt?e}@9Gvvs&1jBYB#=5?~Q7!tN{!nF75ZSY<E^My=%}Sk}YCd=^=^*j(ycZrZ
zc%<G!IEp$=J=Z+Po#bb(Dxvq?7t<<5KdPw#ZU<kV+OL9pzXbt)Qr55IKL-l4|0?`n
znEh{C|5xVm0cL+z69NI`RKr;SasYrx>Sx9ODf-pg|CVyX-2aI4{mgB40J8`UeqI&A
z+@BS)0IFep@~h*G7Fs`h^D9r-Xob%Layr_6CV0ZL%@Uaa_yBx_KztD|`;+gdDgYty
z9~pf1e@(M|<b+ELgfn=t|J(upGjLf{!-ToDfR{2rxdpuNY!==kJmE(ckVU8oB*c$2
zzJdR@6L^bdsqkCf4$scMl$8O>%2JBW{xeGC{}_SSOa4>(C;d#x0n0#qlEnwe!fWQk
z+yAqK|Nqqo03i?{w^VEJGyNa>|K@TG%>cE0_+IDWS@^Q>ivEiTH8l-{4fyb<$b}6p
z3@v8(YK4ImX8$$-KnTP$XW^T}v+(_6=dUV!EkIVRt(FkTm-X)<$-+zFNBNhz_|w01
zkmK70{L}~_G$8*u^#54?Q~ZDESH&-z2!XSNz+bhpcsu{+^nWLWctf>J{-^W!mVWl-
zr)_e}Qa`QFt^MclQwM&;g$<~Nf9d^?D!!awJ^hc$Uw6)bO8=GlDTbH&DJa(VtN!Oz
z!D|Hq00e)lnj!v{(L}DFUtc2+u5Pd1{T8)51i!_8`gA;`9x?3{?j>=nURn|IQMNj~
z;)VTGQzO7RR(jn4qDX{s3zzd-pYoKNihU7%3$r@!+D6LPQUk-`NH`Yugq9BP7Ew%e
zQ4g@*YeEEBBkMk4vF&p!xEa}}*Mx{MdBYfpx`=c|&2WiZn&-7#&pFJRQ|=|B0j5AV
z1G_{&L+-lt)J8hIHrDW%6z2QRuMFbnZ4dMXsIGFXuP?bqvCOQy^OWV;F?-AW7*OBi
zz!q(N?PciAtl6L^hGau5aLJjCdLbVvZ-yW?A>=|L1Ba-X%uhB(ZD2ZE<s`eTMZ)|9
zkY~UoXCqYHT5J*JAsf}c8h<w$bb0+4b?-izB5T+W5d`Hs^N)OlCNZ8<^isk@AB5I4
zxsK=}@ARrpcPPsp^I>&rxkup*C}I<uK2FDz<N3ag_Pp3aH~juQv(>iT`6k{`){$l8
zHIlwN72BH|oTRxd6~zq#(%k$ciA}*VN-<8u(M836P2`t!(QiHr3X}Qj2WKZD)!$fC
z+kf6Iyv(>cez|lWA9Q5-wqt^LpUrjhfq?DO<f8@wN5!?CRkbWXyytqr3vBrWwxTk!
zXw#=SMNT0%t=9jM=ZVO&ja=rQWGZ1v4LSByukpJq-Hd#xGY@N-fKk2#wb~CU;Td?Y
zW!1H{Zym>(3Km8_S*mWP`Y2=jO%tt`(~nk9)ad!P$ACn|a<`eqKm&{6*2EQkBXxDZ
z8>&Gx#NjN0c<DCCv4*<HDDXKJI^5wb{=TlR@_49o-<F<t7yuSxbaxvL!&xvd;S#hm
zOUe>(HsyUT7h3vr7w1f-R?@){Fffea$b@BQb*SzfQJYyqm{;wj2v@Wue?LpWlzD(a
ziHN-QvY2WH`DH_G`5Mcjf>)Qo)GH6#2Wr~%tjq9GC*vc-d@nQQwdVKSgkmLD6le_d
z-um5dI&vA__qXrrKkaRHE=h+6N!p349{Zo9A6#Op6lW#FC9NU1{zEa9*5Q4JyM!SJ
z^Ea|EweN>3DtGpt30UZFbbuUe6<3X9KFAvj{WRnvn%Wf8I};xNEa0QW2;1e0$Uhwx
z=opY4xY2<3-D*7xvt)Ou0p6VmCG1I*K-c$DQl<|jR*bWGTtw}uOWYeDoQ?6jAUCMT
z1s84cjX6r4;>2YhzRZ8t8DQ?Z6Wp=Dhp2mZAM&z#Mp$fwb8&dCh;UfJ+c7%xgyW`x
zr*Wrw(Y`6b!K)=5eT;wI*nS8Y{CYZdrCm}z@OcH5B7y4^d(Y`rmSOuMSYU3WQ^SL~
z1(Xf`p*`#&g1E1J-acWpc6OLnx?`gphx&j%fR;~JI!&+4wB?85_d5vJw69XQ4j7;0
zPHrXBaddJ@)5Q2-$?jGhoYOfs1W64?61P-rGQ1T&ez*G?p4Pr9Y^GK%Tsj!1Me?S&
z<#J`ITIVi5*D3sd!22fIR>^{lv{>nfP86aW+Ly>n{6d+(l*EU-Q)hj6nEZ)M*0kq?
zIJ8*aSaPHzCRu7W3d)mVN%7nip|sBL&x#34?vW2|C(d!8XdSUmh3`)?uvBOAy#zz0
zN`cXFSm*D1^wy@SS#6)`Kg80NH^tt}obW`p1u}@Bc($KGZ4>CtKYvwO=Z{=tV;H%d
z`IN{S5^G6n$zS@08*WeS*!IyrN&hQrgIaId+M8(cjjZc^WXIh(9l1!6ly~iP%c?ZX
zlUxA7o5(n!W$x8wnY(=Gx2#AZA4^_P+4zIadxE{9l8Tts5O<q~rJamboZyuTC1$0P
zB5CjgEblCt#WX0&!wywv#ao~ViMP@TY*O>JkzlcwQoo{Feb7?fKor%|@WSOY>Ecbe
zGoy{c<FJyEF-;Y}#NQ~}K;jH>G^USbxMbL5X+p_3WopW9fyYB$zn$?=wEl}v<TXMQ
zS(9M%i3jvAVSGi6$m>NO&|i7ljeA*$i!8(xMeB_|=np*8Upb6UON>qi6s`C_{F%R(
zG?72}L<Va_25Lk)G?D-Ep=cdXu)!Z!5^Q2Mk$)~R+ToQ>QM3wEw8kgc<Y*$dG?85i
zHXre_d<oY2Ah<s0`M(vs-oV#>Po<cWDV}lN&S7~_G4v-PVO8{Rf5*_0ITQTBb!18L
z>>B`Zb3%w&Mn@_7vH^DP5QM^nvC%0etooSy{wku6Y8I<f`K>^l&Hw;_49C~18ivJk
zDz;EFdzqq^v^Oh6*VU6Mm#u^ix>t(=wn}$;gRxwf7q`sKYFk2ta01jsL52E8s}_(=
z?TA#o{c^stMBjTZT69xkP5<5?wLZO7G{em>Q!;>z!JG%!005}!C_pFpN!Im<^`R@`
z=_o2wph&F&HsHjsr<u~ZDuF@5D-&0h3co)TZb8jlGLSM1>yC|Ws1??%(SKA`tHa;g
zqZ8yccBoNEJ>k^-Qj}^>aiP%$ep<mmPk>?MwyGhlA^>Mq8ZbC`=XJMRZxTz16v@V&
zJaoA(<GX!E?91r=c30i<c`QJ()oU10Y2&Yn;5OuOf72uCU#Ht43lLzs9ikKZdeU@#
zW@wQVr7_g-C|c|4m5HiruJwksy`PDX4!EhlE^oLu<_k#Yi@JLBy%YfHvuBTW!-3zs
z0E$?4u_kb{IyI!(^9RaLq7%TbgT_Y*#5~`EEpXq-H(lvFU!MtiVLN(8@J%u-$oGJ(
zyTvOwl>~RK7?LojV&6o53^hLfptpOkwZ~A{sy>=Zc8H&LXFZDR$5hK5@5Icm5QVvw
zWN#$J0M+g4WtI80{O0q!s1n|&&w4?3?59Eia#6NJmZOh%$*`bZ@JBe4{PpDZU`#i^
zb#W@9M4lJGLX{w7cCP`iTKypy36AP1Zoz=+w(8!rogzs6nn%!#s9xQ}Hd1?{nm7!6
zbLoN$e-r)xNaAYfM3ZTxL@^-qGLOQtS(R@q9Pp@|#5d2pK^G{cn;|2WQuru0H5xBT
zQXiv@s1qpUC6IBx#|EaSk8fz0l!^lsI~)F9tFP(ZC^XE=OBa1lnC#J`9J%repStqO
zln=j6(9!Cc<^e!|djJ`O=@_)1Fy1rQ1OlySFX^-y{y1!Sl=^VwkD55c1nyjJ0v(=z
zaa(c=6AO{#QD_Jono}?c>D1`PYc|wUxKj8~h~y_G#@iFrQdsj)05ocWwe)#H!jH^r
zYYDtH?9I%CY3Z{l?g51>*|ewh_^RS-31cb@Q$%uoYDl7g8z!UZAamzl)g}S~g@MTn
zDL`VOShECfBK_35N=xpF8VcV=T|SF=@>#1Xdto8F20)5$yf>R6VYX0JR#jeAZcSZ&
zd<}`Sko`SvA#LIcA<YEu8kSez{(kjmhTXpc9?o&dzx(YlS|yf0B5+;p$@9I4dB{xU
z*Xsh{RXwuU()oTH@#^f(HRQwgps&schD2&%omYPe?-;y(Rr>Ydn*rp-z@I1QbC4DY
zP6>YagVWSj`a|}(w$>ci3xXJ_`@IiN<&@na-0qr0_K(%}#v*aM`6l86kTOWy;Zoi<
ztGuT6f|<FI*6UE+?rBRWpZWgXq8+rV{1Rl`sEkB)vATNec927n4%F$xc`?=-SYWqi
z)aq4b(!E=&M2<7FaVu4S&-6+!$#d}h`Gi*#!Q6?dqseK+>1(x>Nm#LEi&?!H&HfXY
zublJ1rIaZOZLUDTp}=9~A(?x<MUq*{q0o~0XoGvj5U?sTVl9hKJ)5Q?bf{_m?nUI4
zZi-d1+HcAxtUrcf;Kx5SrvF7jLqY)v4a6J{y}7VS6Vd!Gq(+--bowS@cIsnUz5LLy
zJWpA~>3TRTKR<|$L4F8<bMskMVcZd{$~}v}O^Z?1QvOO>4x5KhtV6o#bfHQ3Sm1ir
zPdwtem&ihJkO7521&n+qD{1K_y`j`>1(lvN01(Z$|NLdrgI%bslAG>r&EU=~DpW_<
z|CJiM5B%UYk!`_SuG=f+wQIXsu7Un_8nWmBLqlQ%m>w+1EKi3SrlV}d!zcnG(p>Ck
zqtAXsJH>+3@aAE*OZCkBVyPLZ8%PnW7zb+k_$DotGMwjA*8KaU<_2#Sj&Tzxb4KhF
z5r9BEu+EUIc2rMXS6h1%qOv1kx470TadB>M&_mWgDe`px9w3<|nK(m*g(3Dnt%w<`
zs6OMAj8!Ki)yphjYW-X}l9~|nl|;>cKoNySp`p9VVys8wBq`qmi@MrHA%++rLuzA(
zN&>ZhW7?1p5*I1dzn-BsoT@xQKX^X=e!}`d-@21ds8)u0y6?*VO6Q1;w~Prn|J84b
z6cty_CP~#}-oPRKG2@bkR2u%W>$=$caEDYj;4Z7rr3Ya77D$*A%|;+hT&bHyTcMf7
zX61da((z_pVLjjA4go;^Ee~Y;W8)t2vp)gR$iFAaC|=(X5ZFZH(~}0mCPKm{0Jq5B
zs0w@$pZV9r-f!=&zPA6({Wn3-?B9}~l}eA{yJjIDftG>0xd&IKceF$FzY#0~cbwd?
zU|RmQ5XS00XZcc3$_}+C>%WHTHj6B$LPxU)=SB5%S|nP2-?1`j0U70bO~+`w$b^<X
zp6hpaUAl4lI9R3Y-IruB)a8uW9QT(1w#=Phv<ns27Mr@I7Kx-3D9YIT_xDiN*93~J
z!6XxoN!Cd;53?;Lp`ZPZ^(P#ZPHz$m2H%w*`5VZ;ad_`==`coL)RLECug`H_l;?<k
z0k*$Zl1Z)^**@0^w0=)hyAuz=&1@4|oNM)}a^&5IcnEqNdDgYIHnw}^GF97}OpBU6
zmNJXx3hXK?>1&xHmI<Y};Ouy&a+dq$eAiaoY1DFWHDN#q;yp`t<|fDhQ19nnc6`|}
z?vzqGVK>Bzy*#C05AL_hpd5jnhCYdXZCm)Fywb3EvI;6R_hB9>kcL`7Md<cT;wJd@
z<bzh<N0O`?GC+KrGMj|v<=@nlwqX3k-@fg*W$Wf#`Ao9E5tU+e%2%Mm>8KyWf^FF0
z!qtR0HjuS-PB9lJs-b;NOHZb%8W3(TCA>qv%I|N~HJmqgf(@*0+n=y<cgx`;RseYB
z?5EE_3bJ}(lqvR;lET3a!Rc<%5lsFtvN}+)^o+Q>;yWZNm_9gLur~<Wck?lMN61B|
z2o;8`3$;bh(eG~ve=R-jqZmikBSVe&i_wXM)OPWt5xEhn5Q$|yHY*{#x2hA8Up#P9
zK4V@#|9uZTbKIB`c}%9j*9#;F_}WwN>bR1Wzv)RT`_yge+Ty95ysyX);{m95;X5ei
zEPH;rTdJ(tAJo5@g6b~e1U(+^eZooPEUL1r7HtvfR-^C<M^uoG(`Z~h;$)0|!<MbU
zv=MompZLb<rD3Uxc6bNe0{rwvC;eWa^-Hc6EIwdu32s5E1~{$BKChQkw!Ni2Rnk9F
zQB!N=z7_Gj{VLdsU6S~IuM-{OdtWf)o;-)4!3Gu=fTe7yZ`V`I4^z9JK++g+{1_;!
zsO)~!UB!c4$HJylw)tyVm$g_Jd^Xv~JWqJWNi6-O9l!?DZLo|FikL2wY88}(T9fns
zL8LHtT`e$?dM5M<)!;h#%i6bmCp*lPi+AFkZ`fp!;v~%U%psyB{#=ko%ojkDb7;6f
zzlW}uo+dUob;#aR*r!Suvt;7V-B`E!;(hM*kh!4f`O^Zbjrp+B)W#N6&6%&nfd_CK
zGFommvxr{JGrbApD29HUHvE__ixTkh;N|*Sz;1>15q%#RKFF_{9~#J&5U*>D-fwt+
zB9&m{SpBq1PohOU(6c*Y;C>5LR%&>@%Vag1mFmU$Q<z*mVy`N_0*lb@F_GtqM`JIT
z4R;*5Z^{Nw%FWkE1%q6x^VXvxvc6r6Un^N#n<<P<Jwb051%iXgc{&XEpyL_Vpd3+t
z-vkSXAjrIq!PB)fLtHnme>`AJoMvmqfVw6T=jrLrxzSl$ne%ORhkcrGnoTj}ypNR!
z*9^_vX3Tt9Pb7#&AQe4fP|q4N0aZaVE_Ij1?Olh+{I`piJQ8kDMxIgeW^DHi`QU`(
zw7=%}qx=T%+{jm+UJvv#=%=d0hA?8jzgu{*^9hya+h1NH>dug+SY8-t$9Sx%@rW7B
znk6I<mU;3RC#7etrpM)SsWvw|i=IHu%0;4U4-*)d{A$vVaw4sBU`{9GP66w-EJd?(
zTd8*xJ_JZv;ZOX*RXzi=a;Ba%mm4{e?w7rj)cYI7P6dZTrn<sSjB6uoOhZv}rfV`g
zx*i}MduM;6X1btj)6G-^$dw~c>^y`;r_}K4a<L*1mlR)&eO$j9Qrcg@*T}5mA1s^9
zx&b(O(zg1ceU591efEt?&$r93^e~5<mY#gR>@HKPucv~UDUFXr<_*g#91j9z!wf`m
z1mK&5vWtU1V6*<mt_&jJ=St6>Rg-B;`Bg51SIyRNBdZ`z?Dm`#H;5g~k0s@pL5`pu
znlJ3Lv9r@B2KE6{*oY#fBX@vVmcGeupsyZ^UCtDD<Pne&rNC>939Brrrr|)pL1mwq
z0J&V)my@vurlQG#vh-G)f?@N@MJmtWk(~QOF>()d-X;5Q#aPf$`1i?7R@(&7009JL
zFjYTD&~9LXyK>1~kh9NR&>UAk$?A@Td*N3(43PqDSDu>YDdSQ4+$!~;e1de<br<`#
zdVx{bYjZ^6Gc-tAnEI7`^Ct@SsEg;%RnIMI7YFJaYqFJ#48EStkv(LW2|s%J@>a*<
znMONnD3O^l@YAue{`RWF*1%>rn(3^QL(Ve7NL5RCz^vJE%1&&KA$zH8x0q-;ky<&s
zu*>~@G@0`of4Lb`t;EYcmrLpeB-bav!O&Z#4^Yn2uyE5^bY%DhhbAf-)d?LtS#D-I
zyQ~zLJGp2Ws=5-0zfJGwLl>_xJ92)xn4RNO-QGAEq{mgbCM=d(%w_CNtbImh(iUHi
zY%xAAp2bylDz=Q;5Et$!t^`yBavDI^epL7C+H+wxEgHPzOS0L=UsBxb5nt(py1eY0
z;gwa5!LYULf`fR{S$y9ma0)N+Lk_B?{0|@MJoK5DQG^<bSjXa$)g=4(_CA@2&H@|G
zo+^<axee%edW_=OQ)t@)c1_kAYK&cj;OQ_TpPFYTHoZA*N6h0_;;FS&?&nkh!Xu*r
ztx_5+G=EF01ZRIX;pus~y#W?lm)4y|Z8^}JjIMiLFVtJA7Ax#^cPCLc&qlC#n9)mY
zUlfsWs;D&WtClL|`D$}}Rh{%k<!>&gZ(EnUEfGHo;-F*}Z{7;*1-UB;vNth7=W0#C
z%FWo)CKIq~M{OZyPce*I)^qa`tMZ+uI?{+rVj!Mwo9ED3Nn=8;YD2ZAnA@>K6)0E^
zMZXNIK(VMY-cveVe#tkFoneD9`GVq32kS*H4wqMo5vrkWIM$L4k{X42PT8(uhB7$P
z%M-m~Xn&^-B-ol`S4Gz~2}YB1!uqmmxwhd<MU&C_rcf>;x_ja1r#uU4cA`*B;L}r5
zrtglWV(ns7EmI=V*n$4(9ar>Vcm~4Nd?O9JUG+i7boE^Kt8jH-9}BuV(5WXUvCep+
zgLz<SxyaoCH&;^c`;tiV<un(#1zZ2z#`jWDw)^CJBge~{ORJphlLzHBj)`%XI9|R?
zdLtotz@o1;|3)TOgKSi^8*?;&yw>EKpFOJ~2k|1Ld~fmIZI!z;yi>=|C3N-CR*^!2
z(6|iXz(BYvIwPz&zxJW2+fzIG{v!GK{9C!+h)}-rdTr}1)mOfovjMx(-M#*iTeLek
z=Y?W!*+|pO&?q8TV-@#pS;n1~*%eobyRYxXns#Q7;<GjYB!{gnQ;Ix_ef;%^c2E3t
zo+!*rMtr!XTtFdcVHn_#3D5#xwcLmwWKzr{ThO|TNAC#GJgmJ1aib|r%2JC{Lh|?W
z`t6>mn63o!)qQ<hA@)s>UIs>sx^9?zJ|t)_VR(?18@XiCN6Y#&5GI$jg=<In$x?4Q
ziu7JqcSUi)IQSB`uw$k^3QKHH`Lgg!Ah6r}o}TL9^vRZHXtAlF>{BIdLI-n-vKB(@
z19l!J)Kc^V8Z>?9DRAa{Lu6{N1re{rN8<vh`iSYnUS=(An^)v`gL^i}Vxs}>W!O!u
zmgCx|6XG5W06;^7X&HJd%jJj(h>7OLzk~r0@JkExMY~4>xGMlklmKeLFcE;7y$%x?
z3rC|%41Dl&=0A%5i$fF^81{>IexENt+7=M>1O^MF2LLAVZa5qcM`h#oeB%K(3>F%-
zK3AAi10drA5a4|f_W+Py@Q^=%2;E<ken14+1IQ5pBs-;wXaF#%3jh%4=}fK<Afy1`
z_tOI`PywU>%jo`2bf0ofj+Q&#=YhA7l^Z}N1fU@tCIU*~Ed~CxLg4#A&-XS(IJ)oN
zPaCMQ*v%9G;AfAjp}o+N-i+RKkp?k<5(Nq7=tCR8)j*891-JK)rrFuyJuwxOzp(h=
zA_mU_Ah;LJzKBH;1+W0{0W5<4Jt)6A>U0@!2>`?b0W>(=J}m(jzd-k&Q6m@t5BO67
z<N$aV4iNyK!P^&I0ie|f5OL$3Ev_1{z$d=A`7<DECmO{@5KRKevB3@pF#rhhz8H5r
z2fmqKM9_nY+<<XnXMj89INX19{k#<6`516L-fJV%GZATpedd6RLcbH<>;k*6s98{k
zx6IBug0J}syL(np9v)JrZpk0gFGMU*K`xg?GU|;V0_Jkt$Z-1(h}bPh{4U>4H!|Pv
z3kWU{Y9yU&s~em3?u5<%X<TXE*NYq-yk#D|s@72(XkWFDs+U17dqW<&eYygTytC^0
zs$W%4di~UIb9oAJJ(9<Tdv7>kdi+cb8gh~T{SL~$)yX_jT`sq&Gb?yRr#1W{$awFW
z=h5@h8j14m4??r=`3@a<n<0Pd2MM%AzoPyNngN<Q${(bEr?hMENvNX5HBQsE%YHrX
zLed`(EVn{Nys!j?cFsk(niEr>MJdnB?2*VW*zNa4da$Zh#IBy(sPVivyqY1M|J;}+
zUHarGy9x(c+nIy4$``MtI1IK5KD}O4FofWjU>Tp&ovo!)&~%ctb!W;jKsb-6v81rD
z{f+77eL5PXApbrj2cBFd{MUAYtlVpx<kct-k!MlN145N&LVuP0z)3LqekkOAbJs`r
z5Y`m=LwuO)`TiKIyoi!`5u5MTg51<tQDH)UMd{n_^?8Or_(ehoFV;Ma8lF)O?)~dW
z2PGp~66{}l-*((wG*Hy42G&8GdUvtKMWdgjc)|AkBu&@LVR^TcxmbPk7^a;b7;bY5
zpkMi&EGyh@j}k%SqQz~oHno}XCM(TTsES8<c<)-N(E@usPME6s*tr@PSg><MB)1n>
z_Tog}U6)$0rC^@m6DM!={=KZ0LiHEVrL~#&pK<a@)+S_8M16O71eGX|)ealE9r}R@
zQmYqC5a`wVAO}%y@E%YRPMf`uRMWp2cvnS7_!x;5`_t&1IUJqsJ}ju;H2klkpjW2U
zWDg&xmfeltBRUvP7%=6rq|!*yh#E>CJKptCzPT!xJ;%-UA9>&wnb}aaUzoJ^7n!vi
z+=JEcH+=b~ij$zd`~F(KZs){E7OUcK@%1|rQ!x|u^sv8xQgbhoiwy#=!d1<!ZsxU@
z%voQ7?3y^SD?zcQ4d2EY`}_N6yY$RxA6G&F#bXC`cWY7xiluK+J^e(hopm0IhO?1M
z85|U~;*Pen@9A_MJ(2ZU<pWAxfB>U&!j_n)GZe~;soyiZtdgf@$_wx>AuYZuh<f(y
z2iuI!?NUdqeM{~qeH#(TY?Ij24CuBs1fEzAz8~E|*<tMJQh{}xbln;O)@$Dum9zUA
z&*<B4z<O_P_8_`%IH%E}l#k>{AHeE%!*&>08{e!-@4VGLSgkR5Qr6DD7)7_h=e_@k
zNzrDPRVpC-#xY*Dc_z?eC@i%$6du>>|8((u7G_%O<JOa9M}s*zt>jvNI;WXnt2lJW
z+kBi9DOpyZcQvrH3qKn38bx$C(iBb*-<Y(VSEj2D@yIgLS!GQ1s`pMMA;F_>S5UgK
zg^AZ&N`S--YoFQIue>OgN(%B~5!l63wB;bMMa1P~-470LJ8iK#`@vsBO#y?i@uzo1
zQ1(2FzkU{?$bWa#J}K}!R&<%3m8JY$0_rLGISW$d^b#$7%<sHVWSzyKoJ+SlIOBNJ
zE7a-Q8l2XQiH0ed_&Z_(#Y8&cn`>v!OokQ?y?3+|zB%KUD8rLyka3zEZMa<(PUY>J
zQ;RY~##ZMN0Zr6Ws4e?qam<9LIisn_k8Y8N#s}D7b3wa)3cm81lO&rt(5&1L6mc%H
zIwu(zK!IM4*k;GPjBOfvqGzk0`Q$!of6Vn5yu#iG-lDPuxxs72yp8R*tSG@;2Z3zr
z;Y^-q`;1=_*)A#z{XiVIX;Frf9`x(RTR9TYT0NCA#l~A@|JTj^8BO^32K4)i?$1mP
z=bwa`362l_pvsQxfI2-FzkbXbD=+o1i{^<Kw!pfjTt}5Z4%Vyj86;qWnZ|C7lJ#uB
zX%=Sf8>)gCNI)qy^1ajfH?Apjk0TFwI~&WU-v0Ss`lX59LTzk)MD}`0*r~MliS_7%
zdF=gruN@t>b<!^|<E~I7nx)M2TG89Kx!SC~#w)pz*!LjW@^tm(L;p$bYwgQmmPS#}
zqR49~u4C#65BQP-EFLl4pCTTrf{rxNJY*W49}7n3#GGN+lM-i|r>C`(LOMyT&hWuT
z>JzF9GTwMc_xASPxOL4Z_MnVBYu-A20LQ)!(yYWzh4l1bA5vEwXZ_HgZA6HaHTJ=~
zzSj32vIf?E@Nlyma9;57@ttSAOw3S$l-Wt2*GnqyI&s0*gR5UZ-`|4WhnBBuZPL`z
z^skNVyUr1x=tx2=jcq)2^f~P|i_D4R?iZo6I<?lD<T)tI$cg6+Vv(fJRTZ~c9=c7E
zyo+2XerBycGQ`%}JFM}sL(~!+bxb=~_)QRZ;1hH-I+aHgwJr#965v<UvywPx!3+^z
zqb{xAhQbuiS!R8JFJDtOz%#rfTdqXChzosnip(jA8u-{R6coybP?m+ND~Kx(Dwsr5
z?;FUj0<OX{F=Vd5mbmHCGU#dLdn>v3h+ZzqUR0cKW$fjEz~_$20wWZ&mFum_tu+nX
ziD(XBu4$x8#;3~^JlFT9Xl?<tZ(4(PBExSBZa|=W_Vr|;slY)*tT@u>sYlI7Qz4hP
z|JvdU$l7CunU;xUo?Jx+e`c4{67CuP<FdD^@`G1KS3_9*3Jt87&(KDMnTAr0j;;HO
z(L^W>2%GyNj8vO-`&L!t%ykXL3By1;;W37-1eV6O^H$g*MSHZV3gaQ@anPl7*Jekn
zs;|h0FH`YPrqX7$%EwI4TTnz}5-P;}CGxwrVNeyhQ;X)aLSd022b57Ch_wr9I~h_5
zN}D<I=(xd*N_*)-uEY{sFc))`TGQ4gUF2nU{YIQrxjp#s<soIp0_R)Zt7Uyk3omr}
z!wi+Ey%BRqVph$8z7+IEfnkD$%~~qPxT4GgrTs*Z3cNk)fsaRm-UGE>*&ImQwU^Iq
zfWAuQKtZH8#Bcw(V~wQ8KHTiwW+m%#lMu9G`qBmLm?WC#aRXVifux@{yl)Fi9&1WF
zwXM7%OGGfPDk=21)xOykVUJK`+UvqGKEb~<8yfy#&!`m{;jxn~T|RiQy=FA9>?&4L
zv)OOduxu7wptsbShukrjeeQReBs>;2m3sbGcXedrm_jFPeDe6xY?)68GwoyLAHZ-B
zo-**^p#wafyPw99H&TT5<Bo(B!Dpgm3l#_fq&KcD1wMT(LgZTR7yr&*(+&Rgbp(lZ
z+Sy;)3aNx-LCUw@!S)sW{_lS4b6su#qQt&edTpl6t=C>*az3YFDu=kPqhGt6pTE6d
za?-7-B1#%v`1?t_2?0y2>u20+Q}H)ZJ%25VIiU|)yd2xHg|6}fKPsznnw`BOIzYr(
z9+b_1^5aRbQzs?|)$$iEQu0A<fyFluwa=dgarsjhG#?+TMC~V^!*Y}1Q)8_$Mda18
z<Dc@G1+r*p4P2?6OP5RcM1|EM@NOoo5#3yYT~YDJ2oG4e%W7WP&QP^!&Y>ge?O>VT
zkl<E#REn}}sn(1Y^Gilnj;Eq6DNB!7o-KZXO&6@_ye)B*@L*$TDsF{O(=wS<T|`Qa
zi^_X=8mwM*h6om1Sy^q_B{&Whmu<XSZ)_}3VNR(9!Supcf3r-ZZ_q!vG|q9sy^3g6
z<9>nu9i&zFp}8gh3YIv3d;BPn;oFBC_H6^#W-+kXXOZjo_XV@QO45IQ&>Lw`5ap+t
ze4p&3?qhTbmCHPfIW37$8xZ<M>-F<Lg}?NMHV0*2)z_=aiuMG$+<b@}G(XRs$2>l3
zxdH!JQP=3#`AoENUv2o&6*M%`t?A~0G<A*aU%P9y&Mh|}kPUL@mWuR=frMD$p{RYi
z0=6G)T2$LBH5aw*7nj&V6O`fV=)g0L`pm!jeR+NI1)IUVV5lrT9JNFNS(oTkxwg?P
z$vw(^rcedn;VwHOEU+$nRA7JbI8f!3?lZBx5YcvA4y${h6luha;oIew$ntafro&ec
z`1%u!ABmt^EeZeH{wh(d7&`5JtMup!+$&yPg!BIJ<f5xpwWQxRW^&d-$0p1&Mbtn{
zl*tJ|s1NOFz9nc(sqmliB!mS!e#utM-2l^6+tthVI-R#2rDI1>4>@Yw6LLR40)1F=
zK%${19Vjti^4+6XhSAE9H`@LaiwwBPIDTq_h6iS4)1@(2O^#f+$euqXN&`_}QI0Cc
zs~N8ykTKgwH&)fih(Oq&(^~rMcwezyYLYhF_w~5>o9aM4L&^pqIko^Um-bqfrhL96
zdx^iAVQ`*yfe2{cZ=749B=qzmo&JY2z?y8B?Ya76oAV(~^-KMg8<6Tyj{Yf@FSh{X
zbaM$gml!T7UgUh&9-~)wjvacseTzUOj6!96KY!{ma#p#CM7W<H`2^Gq>=U{U$nbY5
zDQ$!|ml@J71x-nC9Fyt=uF79tF^d!jo%jDXl>BWr7U|v7c9|Sujl<d~-1Y&8t|)!B
zplR_>YMs_qhe;oQGFCkgP?nT=B24tNC5WWodw=Yj6VTux#I|jf<{_6>)WG}2+bY$|
z8J&`&*gMrgp7fkm$i<of3jyFphUFmrqhMLYElE7lzPy;``L(s+JUIkT-`=S-^oPj{
zf2X(QsXbLDI6CrUwhU%*0!KZ`j(mfCAJFpoOEIpT1V(-(t8GAVKT(LCXpRvX000Nq
zq6Z!ZsQQ*asvmT^4G=L|b5_;!tm~DrTC!9GfzCLnYu}9IxN4H0AzI1w=)+WLKC6f!
zifpfWnXlkGjdu0<Ozsmo+Mi9YqiH0Po|#IjHnyMDJPD!+a;@ja0bK{Q;@B!<)V{)X
zOe{l|MowXU>;l6@E#P>Hi+<Z5%rp@V{@bI=Q+*h&5#4NNY>vqEl^tcCA!6e?ceJQ3
z2q&_KLNl}5hWZJBCpC;!DH%I71|8?+wMb}u_UV@BS4p!Kyq)a4GY32zstfgfN}yY(
zBR<2Zu)(?IVwmMx?X$tNRx9lrXNO1Ia75-s@d~OHz9Bw1!V<9N>F`*re*Bp|Lx@fm
z%8#4m0u^8QWihl<w@Kyw`f<I}Vv{(=K*a?m_mcdf<ftgL_K<oMi{va+g~W;R!8PjF
zS7_2lnP;$mSwY#OKq3g|MC37~+{@PCWDY*5UhcT{ieGPKl|v4ZXM^_n>b}raMTi=F
z3J(R2D5zrTtxX!3dYx`;kajsO`epi5HLfpq@Ff`UdUv#Vlwz7}2t+DkB&|$;p^)7w
zs9&|kpi||0Uf4wys<nMxBwQ&VYvNuPVj906n8jlF+4t!3X&tLVdqR6GzrmvvS#bmF
z<q(xz-Vj`ak++YYQv)D_grmZ=QZt!SA7!-(2KyIaiZiixmB>*&(*8Ht0h<{D^~YY)
z$8%!Ry-7Q<5fcxy%hBg*>l4aH1w^*_3wQmP<Y4lel1qq=&89H9&^(bhlkcB88zL!6
znzuc{$Ip@0<#FOG@JE-5(=f-#!7I4;9F^~wzB7*sqSdB1Lbz=B^L_1J4#CJl&>3Rk
z=;(~$N2hAb`mWx>_sq2!(rVMRKAa#m8&0&$y{9=)tlPj^#E8U^NVQf}ATH+fG87`U
zl9%XeER-ZNgM7_<)*9iJ9I5{9Nko^WHqBvFLErNvY}r-R+5J$mO^YtIt^`W1f>lVj
z(_<U*>@OGZ2uj*@daZg*7A|+%gj;N~w!*a<Q90~&@dL^FqaDFA;r=0dc13*TN|8=N
zqboVfRf7tiJpHY!JtQf%OreZc51nQWy%6n%LP=yKsZ_2O9)i4P$_XcLe+0Ak2;fZM
zG%>nOqZe{p<W)v9oI!}UVT}?GBKQo7)rJE#kR(baJDjzHb)ajf=D{n>+1rqa-|ED)
zKQac(Pa`>y38Y}7m@AJ_SZFwTX`WW`auSrU=gg%F=KH8Lf>WT9e`xuIA`okgbHmQ5
z#z1IyJsz1$*IBlck<(P>);Y<x8+yBEYiV{s5)tmQaD&P~Sr(5m&+c2nic5`ZFOk&J
zFdUr8g*k`b_e?6pN?hY@%Z>lrivgJ*%aZ{=!c$wlDztUj^3sSP>+dPQC(za!F_t>z
zt)-vMD_i7&Z8)%%sqnQ9I2GBF`iG8Q;>a)7MT2Ax*-ody{`Sj?mIg>9x;|x&6Jwc4
zS+kGxPieSuABi<N^Tyq}_KVyy;XMxi9&HCX9=pbuXP0)1bn%pSHbOL61(|l?aT31O
zrq}M+xsU_4wXA&6QFaGuV+r~?D`jb{L-s_0InbR~kuWB)jeELh0np1gNagDg*>&C%
zzld_1t9`Vt;AhKWztu6n(u={^Hm9PmUxRdoBrS%xO9n<{T8+ir_bp257V3+wE&>!O
zQ-16qRtGuDi`J3ixQoaZ8@@HQuw~z`4cpTJZ)^*rns(W|yiAZ^_QTaj``HH`NM?L6
z3{($P?tkaOc0)Ak_)Kx4N1W2yQG6NU2w#_@)R|KiII>#|0DnCt9n~PW;_roN4W1#P
zm|&u$9i}EoINzekSb@BWe?R036#2E%8tFlY7FeU+?BuHPSVyj&uXt?LN%igfynkCI
zaW>FlCA{W_-!Skns0xQ%Nq#RGuF?fbz8}?B29L?tfTSHl1RT7*c?IVPJ=Wz~v%W()
zz1ME4o9M_?d6}L3R|2f}AJ92^UiN#+KHVW`lRo%yxpy)W02=fNg#>ISkEbO|ZJ%)a
zuPT^q#)_kE5j8Wmr+X3_?Ctu6wd;t|8qVwh4T};Avf5P}WGlK1Tv<{Y!CDFW+_?S9
z(Wdas)|Bc6Wo`O0KcdykWblPVp&rbszLKDa(Wm$ffk4WgJo+JUj)llO&S`n5+z#Fc
z<rpQwj4(~84YR)af?g-Y{9cQHj#Md$V-R1``mVsA-(TqNtaustkUl3PN{=Q#z8Ba!
zaZY=i_yZr$sIz{fum!`=faX2lCj7V~ZXqB^twezTz+P-XPS#8fV&SQ-kCV^r5=s0B
zQsh{XkE(b*CSY)fbwS5$W8gFA!fwUFYCVHyMF{AWdX}?k4ua|obqc`RAf>J>nDI-G
zXxz>6T$yI&VGQAvvQ!2iSoV!O-xf*+B(Juu9pPq`ZtVhjCcn)|M!tYY!FqPXZ;F2e
z4jg`OOr!rUm#HgH<oQkXyq);BR?XjlHbn>PhRU5(bkeL*nAeu&QEQGJv{m&$O<hl!
zq7W3h^_Fm1&y@XTdRlq&hVK<bvGBXTpSc6%47aLFg|)9M@(jr9b;9ghwEK<Q$kcVI
zcEtwP`rGJQ`QB^9si&m2f}8^0m(iTZQ*D+o&9qt$uL)aHnwC@X=+Rr8?=(l+2Ka@_
zuxsk|I}PB-BXD3JR(PMnvT7vR6A}Czyy`5w2Bp?iEi#+7I%CSmdcarDZhOoZT12O8
zAM+8Sa@9UvV42{M^kd~0qyW>(s=d9l$Hd8f13x~sj2-j0BR+CC-SkKNS*~#9Ay|~@
z3{tLh%>PucS|))h?Um+gwP|#p^qG_;1qq^Vtz+Wh6GcVHS|XU#Sg0~BCF6>=b`;{7
z)z;kc`~g^bXf|nWdpzn()F=Cijd5@GEn3!PI<8u}k)C$XsdijEVC~iv3%3b6)yLVm
zT+StXUV>}eZr~dNwlx)rZVjm#!-g<B&{Z&d!rG}MD4@HaE64hS&EVxOJnuC1FFZmU
z0z$ct9SoK2>-x1*gTR@gb>lpH?#6w}d-rzOk2M%f{1{wUXIS5av!+RAUh4^USooo?
zd4(Jhr}eX{;+EN^0~*oLE*TQ;Ddd;JS6ULKrg~gA%flBYs%Qtav$T8}1`!Y_CKlTZ
zpf>cLn)RZ}n?}}-sJJ&Y`MiHgj9r)h@>G$<e7y9T^1P%A=J<E+V9CKJjaUUfft6Ke
zm`O6-$cP%qALeSzT=;oe$jNathp%;21E+pEI0zh$E33aZPmJ4za_J9Ff3*>7HaK#L
z(XE{*AfYgAkmx<T&Gg?|ULjs;>$8b$ySpp5HlJ&UR7K-V{VuESNn4nSqUG5QjF4mf
zy7lg<C7Oq^pmhYI8jy}bxeK$%)!8)|7J<%gTzA-->+O4d7dhi3A=9Xvyhr>=_w(iH
z6G7`pj2?s_f`gmB<*78^eyyE53UxbJz~Cx(5Ufn+J#sdUKv=Su${M7$q=Q2~5}FRX
zjRGfLlKkFyIkKcIVHEab<>TO4E+U(PV%yqXl@C2z6l0&=b*Un{{d}J-cju;9`<+x|
zQc;G=70_$0oal3F9|Pvg9?^w}G-<2fI(K#KCG_Q0(JQ#iJWcj|7%hR%_Z)4dr0SjP
zWk)a2@yo+<O=TD{MM)N?K18l$AWy;Y@O!<ZmyMb%x}|9+)88Oav$VsL(u}VLCuQ<G
z0<ro;R=uc*Nw)ABUM>PMd~%>T`sVjDFA3qU_3D;@caGS1R1=L)GiO&$u1Z!Q{oA?G
z$yA><xxR&|Un)Pe-{as?<2K#ZhZ}l#NGrrOoPeFA1z7J%u)J)vXC{=^=zNA;Iwgmc
zcNe}@#qI~$iYl-(`DjJ)-u)$CEZW?)oP86(5pjQ(mM)x2>cs=^K87Tl;9IntK7?mY
zjbqh!e{L<R92L(m)wdy|T{=dAJHoonJ}{IumJe?pO~oMit;xw#3cAB5$2}70rd7+J
zEnyi+x~@hXv`A#D)qLk<a7nmjoL0DFavLY=#=6|rPlP44Cs{t6ofy7zV>!#lm%bmr
zWWf-CD1l3qDS?!w+-=E6kG(|p9Z)xPFTzCaX_{}wVg~NXP%n2-3pz(4-P1(YaB(kT
z&%2L~z)n3f<*GxIyfLIj&NmWo*?*T{_oqm5mNyV>ktc6UvG1vV@P{q9{Wp{NP7jVh
z)ZJ=0<=h@j#IrLoI#FEU-!Zd`$`Y4tRIlfkFnPM3cCFkWyga|sTiq#}9Y^m(o<nNI
zX8m}x1^#l#^|O7!H$j~W{jh4eJdwCMk)|aGgLuqMU4bIJ^3!{4pqTX@Nn2?!P9{qQ
z!gS^w%Bf$ZCrXoEUz|MlNI=Wn-jiYEF=|#&II+Z~F59=PxxmlOiG6(?mDs-v@d*z)
z74-BFof&bc?Gw<<Q?hr8exR=V%}Nx32WS<(Det&_SIk-O_MBA#AhoFo(0IP?71`d?
z+s=9;4{57A7}(ouihhve#8=gn#Vf*+?Q}cn7&})`NV!VEfKw`ll@$7Zprw3%rb4?h
z_DECYR08b<eLx5<UvCNDXy&0xymlA{rk^wZaqNU>#m~DmKaO0NZFf`*iq3A4t01RF
zQ^|S`BRC@#Y>ZtGqW*f^m{8K`xmyx0tgm>XvD8ohyyXrlbD^`zPlS6n_?~PrxhW=>
z{pBm~HO}Iv)wVv()Lq$*OZGElGaMDXmZTU5SEU_M+ad*7O>z@*X&J&~f~wqGWFmXA
zqb7O!R+YG8kA29w+(~_?ivjvv2XU(2v2z{c<Fn)!y|`G@OABmO>zuC?pDRkIbP4b^
zx%@JqXx3vnYF=|GK-dCuAJjpZZaD!^`Caf1aPny|G+otyoNi>y_we&Y)ZiG`hXBW9
z<1b}<@j-h9&Al>Ty9k=viHCK29Ibr#p-V>Y75OUhMInM@6*5Y59l|q@gv)rvKC!pY
z&0!%`oHq`~RDHwd4VK+dy41+lDs`ec(+mSTtM@`8$EjsaqsvNW%q}_av@pbu7b;nC
zMuW=y9?d#VICE6D@no4!u7Jn)QHydE<MT#kKBIeuB9H8oT?$JI4?<}*#@%2b5?2~!
z2ITmGp~otis22(ITszsMa=743L?~ymdU~)X(lM^u44!?V-3uPS+#VKwYmEPGj>K%4
zzKVpuZT-#e3jQo8C@3_ADGBt_Q#wAmNDTi22XtkB32Ybh%<b)`ejgy}-w1mSo#idQ
z#FP~%IP%m#4W@t8_a4>#*8f<V<z?8agZ_bZ)a}Ciei&s5%zo{B7mnWsocf3IT|z*?
z=o#X+B{DSwj{8e-$k#M#yW9)m`3goqFQ4%~kW)8yilA=cK7&tXx6Jd)fRt|jxE>wp
z0frEfbV@O*e1WsZ92I`<G%%4^Lyz{1)gxkV`bq9sA-)|=R$WYm#kA_v%%v%Pf$axv
z2~c;2mQ5=<bIYFGb^zAgz#m$ro51^sFTY#b$ZW;B2Ww&6fS^ifSD8LEjBRQ37tx-f
z<gGEbFwPVv)eE9`1(PEgt*GSml57hiBum**YXQA+52=-|Uzrx8-AKKy?mAT)n&xa=
zL}O<I+0PWsG4&ze+}L)X7GJY&Ht2-x0YU=1N>LZX60LkY$Bz_K1Q^Ku9U6l!#sq`&
zb-7hzG1QJjt7S!)P_oMDDw%fQOZjo_omt1Deq6g~e@PF<XGTAuwo9SJA3zG`Poeo7
z!sd`FM{h#igCU?b15mw0qg5OHP&?{?9z5EBU<3nMpGkC^L4y~h?%_St003VdKVKGA
z7T_KOfRw<Qpn?V9Oi&$$0e@mgS4VB=;?97-APIQS{J*gV|3MPqRM9_?1i|cRbR{={
zDjL6b1D%m&z)hZo#Tr3x<LIple|p|of4a$Y4DfgYGzuLJ0RO}Z5F%pT0gPrY0D>0A
z<%unrI2OB-mIWZefTKmzdNW!waY=o;=ZQHKgt+&^B$xnp7k~x;K;4(Wt+2;>?+y0Z
zFm>&dh@{GxIUo1ja?g%j)-5vvuaKd-NwO&s*JZ?+@vM%JhH6nULDPhhHDrZq=$5xH
zyuLv^VmsFU%9lOIY(0676Ip_p9XzrcxAuH0vEP?XNecdg<t{*ze1xZ)kSyyTBpwbU
zrDAk^WUb%mdOi@ejVPoiaG48lwjO)uj=PX?X2Ib;qT9C2=UtOQb_UuhYtY<z7gMiL
z-R;`$xCj4+9PRXH!I{c9ZS=^u_lLK-b9f2WnRU<?J@e_FqEDnx$u^Z}h+E6o&O+4W
zU{>u5xVfs7uA^S4=dxkhCdjzuQUU`Dd{E-m8`h$}5@_I(u$~o%8FMKp9CxJ_>Y+Im
zNM`oW+~&mtjy6$dCoC6RWWh_~2N6qkwg-Kk7Gql%VwmXA5=9H&hRgY}KF>gBwrp&}
zL~?k`&7)_J{VNUnOX|r39I;<6RlNz+n?`X<Dp$cghU$G^#bvVz#7ZyJ@*k0Xg7#@u
zgm+kA`}x)fxp8cJ9Cvg}TnFj9p0E&Lno{`}fVgbF=a<~sy&UDy4<1dFUIHG++`G^(
zQS6a7UAgkopim>_GSp{8$Z>3OAg6^JZX0Q5;!0Or`q0h1MY|i>>-Yuyr38^<p-vdO
zlGe5mH8}2`J!%kD*5F;rKgKItY>BGpYVy+^+zGUe{@+3zHP1I`hDNSf2cw_AUBkAY
zduv5uQR+R-P6B)qPj`VEFKOZg-rKf1mCnfoOw4`So`tQ{h4joGExg2oV4!14^$|hU
z(h7yNo}R{g#?glQlLJLF(<R8Jaxk!Hl>^rz%?w>T12RL^>aOx%dE#otQ9DszbSpK>
z#w-ni0Q@7#K^#pI?TiPMlws$}up{_@3hX?1pbRkpFa-c;00BWvfM0MEHiBVWKtL@t
z2gp8%-Ts9-A;IA;#-jl;cs=Gnzkg%iV%{=ZG2vAbfv-b00G!yh{WV<AKTor#r*jY!
zr@4kB242+$*b@TWqbDd~?*m{G@qF0re?xLqGjSg(nDN?x0PZY2%m>}4O@J;@tpMPG
zNPA)=pL#yENdXq{Pw+2r&jKYL$P*3F_~&saPa(z*D)rhxxT!X=*q<;YA~fn2_zxrp
zAcLP@@V)v)_~~eEtPh8?{|}mm4L{k82jFn=Js7YO06^NOk_>`<ZWx5Gw7f{k<Uo;(
z^2F)Afj+(a%0F<|zn{*k@WVqU8F`KxU9$LGRHSzws+XqZg`^f5_l%PHIDv4;%8GaR
z1B$hUM19DdIl9kn9Toae-1QHgsw%F1AULuqXgeit0GFge!pP%g0;^MY`|9|ZD)kcb
ze7zv`v>*nd1#SLf&8+i)>Ejcbj_{JJw6n<X&qCt_>b;%}Y1NMv48G_zrX2gNV?56i
z<(DGcd<UlYLVIO5ix~NOQLI^>=B-o}JfXcVdb9eu{++H_kdbRjqF}$o@Feeid;Kfb
zMRgE_x22!s2EP7$?Z!LO^KsV4T@c8w-ACc}Je)m^zOMInr}i%5mBHsXF{yb^18f|3
z@gI)b9JC}7_{FM^Vf^On+oYb3Wj7#eVOrlLfFNSv&WS$Us&McOK_%Yqj2(DBAB?O<
z1gue&BW|rP{j=~ah)zj%u<98ftJ7_#D!eBE=VcLKMoMJT9QC^&dH@jm=tu19XZ9L6
z01bWX&h$HUWWydu74U_9he5_R$6ml2V{#lw@d8WZo@$0IkgqN1k;S<6!W>@8ivm=u
zH}Zi1Gtki`4PYy`)4$6=_N+Zmx@k*(BIfHC%hwMhuA_qlrF1-$=l7S?ui&Co`BERo
z2%;fE&$w|jZ8AX)!_>OsbDpks3j{bWNgw`P?faqx5e?}kdp2p(VL^_U7qukWPKX=l
zfz^)7d*lBPRbL&~<omrpLQ2q4zG(qzk!F%gH%KGWT^rq9l7cY0ySqjVkj~M~*g!=l
zIg}Dn{O<Gn@Av$@z3#K!=ef^)&biKY(OR|`U13R4CL-R0Bu~yJnV=3o@n;APP8ruc
z_%3&ah=c2&9mai@DNgar;F~~`&Nk(Cwkf23duTZLTlUA@m<Ppj?V0k&1_tqpF>~lU
z7X#gIbDCR;F6*`ELW9fMoxqzS)3}AcY)3o(fZo%VLUr4z{#QD8*wFjEuta+$by2!+
zj|-1K4#wxbwK9q=cv9F4EnfcS>HyI;rW^4{<bdXfLB@NtfdBn`csp7nnx|4r&Z2CH
zkkC<T&|Q+|9ICQ-lsGF3`b!$)%`{h8+m3mQ#xGVps%j?4K2`g!L)g~aZR0!T0ZCc%
zA%h2*3c&*wRb2t?Jxz-*<N#Tkl{#=wN5?7GpUjzGmo=YvInTWjI|cB5Vczf%d5cu>
zhQ^85iEzXubfIdGllKVs9!@nDH+tAT4fCcs=Bb0P)YUCn&=xQ@!uwo{K0S85y5@Fo
z@n3{4*Mz0h=Dqfb50%d4%-S;HVbWg5J}_T@`_rJVR^4#HqRO8-ifJ|<W@KI^W@j2g
zf-cL+(f9OuDdg^8mP6l{lj@Dg9ES}NzhEdU5LDg?2_84kF#bLSf~n-%vKbw{MC~-V
zV?4~Ev6W*X$#V01$KJ=Z>*nD^$>YmEu~L8ENG4>ir&{`6<RH<TcTGVGI8V{uTGQ76
zk|qQ&Qz3P#5IcV_Rd*yHrxo;T1|64SPr2baxKm1$-y%>0Dw!&pbi79XAP7^LpXCp8
zpZ{AR7$U+bHEEG+=VN$V164r<*IJ&9hyr^!f7fd0bGYv17#-<G{t}SoHA<ZqKM}BJ
zw=*Psb>794H`mJ980=bK->BTI-@IZcW>Rb7P{-rEn444JXNj0cy(^s#uhV}Nkmhh^
z*vfutU?Hj#p3pAvgl6%#d*+xDFMIDG^{-l08FBaP4KG5nUPqSG_nga;BN77dT;on%
z3jB^_T)yw)XS2UcmShr~tDrPhEqq`+C&>dy>V4|?J`Zl<XJ{Rii8eacdcV_U78Zxm
zJ$;M5THe>zCJ?E~&+GHK^iw3zFZ6Q{?-4>x)L%ZYa1@t5J5ASU%uVphBy7+9wlik<
zO?&kxX<pp%8j%6j*MgAh<K{NfK6E<f$jvk_xA({6kd3D6s}Q8b#S{Jo?u9Ndzb_m`
zJA%!3fQrTFs&hrq@!HW9<xJ{w&PxlFu?gM2px=C)MF_fSig)#ma-7aSvL$%nw4U}%
z9_!(I^3v#NVtuYj%WWqhz+$!<YeRw|!v^#BOO;jb$bEQubZz0kKIdt_GwO#8R(WAP
z#Yny;dlKYDEnSJ>ACaVW|JJ><T!R4+YMu4y*ctZ)GO8?S^0oP2zN_}OM@*uG+r;0Z
zMH`LxaufLFx{Qs-*R)iZd`O$XhS5LI=A9a<WWRW`9KQ6(2D4iw5hS>f<q#m4ryHPW
z6OI}TPdLLG&AUPY59h+1m)@wV;mUXgXTLhGi5I?+SX#iJqgI0BCEayzMd6v-*PLn?
zW|PvX%~$LeMusHonlpQ6&ORMPk$5!TwpzX~K6<>6Xm9F-WspaErxNH6ykXYt?|Twx
zTh!~mRx2v{7UZvF5reEZ4qT@xA(MLaODikdRQ0`Wqs*v4S-laQnr=K@UrRdGTqZa0
zx5L`1mfcJiFbvUuCYhJD^;W)<s@so!*i_PRErW;>R!pCjpZs91){PX8*M#jP=BZl3
zY^(eTOxGPvOq6aLH0j_^nSTTeoWI6C4jF3Cz|2k2^GL(B)-f!ktL}2>q!6LE9vyz`
zyH#fgr_vw+itU`az#EgFvbS%_&Ds5)Jo^<~pd8J|)*aq#o<ERi^ZDbNDuG=p|D=aJ
z*qg@n*;Lg{6t*P{Tel$r-D7$xEP9QB`BHyjyP!t5u+v_L{|spc<eywu(0;X`A3`>E
zRkz15q;9e8O-mG}qp<R38m~i6uI^Tf-&>VCKX0*Z;CX|0Lo#3)%#$Qt+?QEte<iCU
zz43X&`F&75(`3Tjpg2Q6tq<z}h4)|}F1-0C?ZBk=ZtKnmo(;y^3~Z<=w7XWe9l52S
zI)y%!#drz^3>ts4Gof0SC{f8r+rqeV?<2YLZv(y-OZ7BiTns*21@st*Rw)cbd-av;
zQIB64c^g*>zvNtA4GrlJsR)z6cJI>aU0Na#a=pv;H;l-43jEzI@%_on1W_~+PeX6I
zA-sRMRZg4C3UVL#&^B%6$QnN;f?&*z@_Nt2^^^_kT)H(nl&)*+zTei!+*F#Zo4QgD
z$aYm{>KP;Fm^nl{-qH|Y%-x&5X^YYdoUzfUISCjQ;&g;fD*M{-9b78g0V2nq9xp_$
z@i?A4DXM=#wB-ZvyM>m$Y@^l-U9?Y}z}#D^-c`;}rB_2)dnllFdN(py&f&{Z@6BvO
zndG-9V?*BH3%T}IKZrnR)!xZm_4EKic)Z?5Lq6{|9<5bK&TtTWSVm9&&onW;y8&?O
z>1fE(;g4(0p_%?UU!O>BQQrYz_Im?~Fckx?a_0fhQUY<KlS-HE%~(qL3sGUI_|W~B
zVHLZ(GK#^58l||!wt|x<-D0K=KfAbTPzrTf*Co1HEPKwD^Oga=>%=qj=@xE!=a19M
za%E0ko>WQ%VfmlOwgtPgyyE-Vq2k9{<7AxJ$?Pxr;?&YRs4bc}rZOnle_z(Ls99MZ
zjTaZ$ONFky_Fr3DR{53x@Ui2tG-$K73SyrXto@K~vULFvoU!z09>aB^*zQf-++Ek9
zC;q2^VBiAyH1z414xw>bP^-o5!)#ue#FdbaBJ_-EkH7xx)arjiXU99%Y%y{J(@3*U
z1A!M|U0KPT+gDme?Hc%KAXpj^?`oeLX_BIsXexYC7nH`2Z_)ua_?)ffdm7RZO3)S_
zHudEpNq7tSH-C3%x07w2W{QeIr-&?a-(q~zcrSv(bdKx(d-3>7H<DK#+3BiZv_!gB
zgY>s`mGvAl4!1tOm!={(lHGbpj`n5x-r<XVguYhRO>01(oVhq=_GKR!U0*;c#xvXD
za@iN048Dr*;vzTm15i-E&y>Gghz3O>JvKfI7<K=22EL)Y))u?E%a3dSH8mluviY?r
zWPJ6L%2W1}`a0jh!HN9|si?7N#2}_%U`Zbn`vFd_aMuSX@5+<mBrtsohfby?o8?w9
z&8mMlm#$15Wu;GYl{DE}dEt2HOV#dm#Mo4It{(QJ^l8qUj~}^y3>LsQJ#=K|@MPrP
z(hjW`7!o^>oislhCxv>&uZRkuH3p_#jLFv&u9gEH4iN1!J@K}Jw@nhepl8DCJZ)1T
z+V~IG7qNcd&%(aYM`yH>jblw9u@g2VzYD=9wf=uq%FNZ8CJ8Zl*$Ee2;r}i6CUcl<
z9U5VS2mHPhlx2_}_>a#2Jl>MiY#um3m<xOhu5TD=0~@;8h|~(y@_;i>VlP$fP_wwQ
zeaLoooyd5`4wicaGNgVR7^d)f-Nj3(vz3XU@cnNmn}yXf^Re9aUl3-u^5X4TGm+$O
zc|Gsng+`9r)JbKlF7}p>9wFN8*Z#AzbTDRW6{3w7>MKMPaWlzb1MK`PheJ{b+Wec(
zqFsGy&tD=2rrC~4dAD66gW;HPtmJO-aml$Mp2_`8B;UVM60(8F$cFo=1ooQ006C)}
zAZ<i3%fHut+1JPBZ!p;JzNCK?TV!6`oH=E3%d6p?6Dr<y`ozQxUVn+?P%;Sr@x3*q
zLgZ;n{^RFZzTCR%b%Ua7g$@CM{rT_9+opN(yH@Q-Rcnrpd2LcjnH8pC-IoW`+jU2x
z&wa!{qGhQqB2<mnL+el1wCT>xx=`?ZJ<<B9i-0`;N~TVuSHb3DGFSLn)F|&kh9dSK
zENeXeg4Ly?SL^n{@+B{rV{GfXZg#!O9}oS(7YiNOb=)2GNV+b*8T+sjWEoiJ6+X|q
z`?AEUwtw60#Qadbcd*TzhXGskVpgQ1qV=6&bM`6tq)g`!^|ZYr`834u$kf6FV4Plb
zwcVf|ppm6)Y@+%Dc`nFfY!R@b_IGYR*e%$6$F65K@9^r5s>JY^fme|J+c8!rWcyOQ
zj?ZR>t=8L9`R{f7v9Q4FXHp5J(&>uW(y#NcKK4E2=OowEGIq7FnovqH`wugKz#iPo
z{=sxaeGIYDSMxXsC#nc2`KU5k?H&G6ak7rZcNMld%_zf!dMSdm13V6yp7oKfbpOr@
z={7{l1cw4#4WVk<-3K>W9QC!}ABX1vAHTi4|C*0PX75hxZ<C8BAzE7g?wGC;nLodK
z<^1rEV=~__E^EYg5*lWZi{TkAsu?IvjlPhl;KT&8E;=}Jiwrsh_q{gsIaIM4B0DVq
z;X&_FF}s3GmfmuUA>zaOQD=tDa@`?*(~dn;Rn1~gDR9j|&TR(fJodr{jrldhs;dDJ
z!_d@vQ%3}x(&FoU@aI|CfmyscznNg3^2ky<_<-}QWk@mFKjc#w`p*C_bD2o2k(-I{
z2LWXDaWZ3kvF(^2?Q?%aGNZWxTCwQty5jIFl*R7>zvHVYeFUC7a7bfT_&KEpN2nYg
z?d2R<W_h$OPbd=wGoulOLTx4=93&UoidclV`ujteiImB$qg99`tarZItE?KtF;T2h
zrh`Wbciy_BuoQ^HwvtX|y85p6^1fwcpDDHhg%*{cWNFbW#lM{M5PgScM5(GU0X#=E
zs+&$=Bo}1j#x~mT2pqq73cV*}CwvrR$zq`%VAB#I>M@IozOlYKKq@%v%eRd)2JQf^
zIvcZ<si?HY)~52;r*`DfYy^R%DKb`ZYd>CpCpoH3YVH$vlc#K4s-I=M4(W*^z#ld4
zw|dcnoAdfDtaQ*6^uuQ&t}%B(Fr;!@FR`{+W<tu<3~ZlL{K&l^57G(MoJ;8~UV&>N
z5L6h{>M_N*;CpnE@2gWEmhZRcVNP(%xXyeC!qH%Q_`jR&r;THM3sXAfJdgHu@4ic1
ze5^Q&o+VYJTA|IlHl?&JO8sT{?UT<1qz`g8S+g+YY6$Py&$tMgff^Zt0xy377{f`^
zEl&`t77h7{bu$HKq96BMDu0}7mj$LgW<t-z$4qun%c}xaid+ITic0}56tZ@%KSV&A
zV@MQjVD(%!!8%2goeoNfA*vmQo(4vbP>^&)f_-*S&dpj&nskZk!zl%AYueM=0qPB|
z(Sh4RKFR{$rL6Qjlqt-K8XO_dn{n`pR5<0N*k@+3B>mG#8YOx7tl4^pqp_3tIgV3d
zkA$qJ*x!MYhXcb-f{#!1qw@>qP&~98_50pM@W0S`$}eLpF4bQ1K)i-$Me}?E;U=RO
zPd$g8S)}IaR#lm78VN;55wyLYd8btR>S^(P;HUWaKtoC+U2UTW+D73Y;|u=m2Ow@_
zeOh$p?r)2nhWi5+g8y#J72`{&)l>qt)U4IwfTR3Wqy$kMhC_q|*v2jw|BTv1VJ@n)
z+VG)x>C456b^voL>)x0`tvabf^JiibWeT-NgjGCo8m0CGRMB~Sj}$W4rPXyOlu0sO
zlqfv^Mmh67N%#m<RK!I3(o>s1Qj#aeJBAM)e?|9QA79+aoLbEZz81BT{jN7+Opnh=
z65sHNJK$X-J8R^Pz5-1i7w`p78ri)Fxms=A78yMWo(MZIfGzUP$t%{HueYT?-fXht
z$Cg?<JAN$h+U>@0GvjAMnFuWWZjP~iv#(A9m@gt~&RS5v2TG(zuP>r&D&>Va6h_&|
zqX@@%ga!=tSsz=BrIn@z7#4adDrA;aOr7E1JaW+zCvD38@!z#!d1P4`VfFcg5R6H#
zo|?J@lqsPQfT!1K8G{bPEJz($9M2g%?H6ynq+r4+4PtSG+2$Ln2Z2e2Y-&*nv<Y&w
zw>*&?z{m4v)IDd=%+l8c92?S0R`!2WbG3g(1GpnU9`ag8=l@sy^i^N@5}~$XhT)o_
zk%=4&(apl#M@+$J(AuwnPsEe+A4vaR4C3Z~!h?R8jOcUfCc65aljuhM**mMivFH7L
zlt?kXJx^UJWn}mUomr~!wRt1J@8-rzH;tE<kcyX;L|*3Tcq2UG6Z+pLtJk$Vucr6=
zHmrJY7jj;O9OnP_lFr=dy=h_w5HF=gt7TKEkdTmAvqrHdSf|CNv2rF5u@)a)%>yc<
z32%IQdd~JGq|2r%*$F9WpntUktzYGAiUukjS3TZhXD@ScE-UK?Je|Zm-mPh))EZOP
zSE4jDdZQNl)Kb0Z?;rF@YDk<)=<&f|_$?+8I}mhnbkPzJKjLkB+ktU%R#>E@WRr`p
z5Ykd4Oq%%v@GT@>TS>s^jfY3Tm%sP@wrn})m8jj1t>G!>sK}^MDwkv%!Oix|>9Fk>
zgh%nF87`?($5f;-l>$D_Uu|eia|3_pU0gWjun$6m?k?W&zdZjn;1hm-*NV76S~^}G
zw`JqoWM)M=aD@tyKOyHJjLov8AqfPec`Ljs{Orws^v@^yk`yno{b|MHg0Vk2SLd9L
z66KOh-pOS=OnW+1oC;D>0)*vBWRBJeyzEcqiK9-eIJM+74)6b7<S?;jGARS%)^vbn
zq=X^?r?<D5@T*0?#}+s1y?28dQWx{L-=oikeN|6hhfZKnzXKW7NF1VB9au@!DCme-
z)!x_m7OiRaQ>O}0o@ex^<cwaGTXUrOT=DQG*eAGDt4C#%S|{+4CbFBS`;;e2snzb+
zNNFaeN=ZRe)%jBUdf7AcauaxXiDF8DA)k@xu$4H@pQ&SLPNwKZk0<$6Gh^+VMwQQV
z1T^O)^HM8cHXUb72Q>oMZKhm5ki4*!n3Paz<~w8}0@WI_7@Lu_X%ls50%;HIkX;;g
zuwzp^3p)3?XSIuN`Md_P-cuAh9eGu~g}q!S(XsP(r93XxFXx@fzj1M#PA7xc;+p0H
zkuEjNX3(ASDsc^HHn%Xt%;E)YQ2MuSE{?AJ4{ya^DibFbfQ^+hHXPje)4Ni8(<=oW
zs{#bR7OrP!p$4p7f$Qe(FM{&H&0jUyQx5Ifj5S_nRj@b&9h|^7U=6D<?QDz_qpuFq
z{}hI5KlxI+ZETU1jkGu8t&TCHZ%&3w?H@Vrlks;M6iuM&e2P#-c9|xs7DbcdwY>tf
z^c@r`>bV*R^fr{awic{_q^puZ1|7s)7~`n;+|#Dsz<z9Tyu~(Z-qXYV6d^_tvL>e=
z-Tvpn!tR1#<Ay&vZP28f+RAjmcj7b&Zn~-e#JwY=g}85zp?O^H!$5{TzUP-K#2!bE
z`;K3;#!^+hBzwt9IV4NH(D3Ew=mjk|%yi8))`$(^i*Y;yk<EJXw}>i7IPukPmALMG
z_7#{4Pc)Hb4#X)NJZC$bxbh3B)~+iNH%Bvg-AN6a6g&y@8eQuO=GXO$AT+`n%~pr+
zyetVroljcGH`(xTh<+jZJO3_%^V6Gz718jQKdc;!%br63L__C(KY!Mbhr513NJg5z
z-%oJ~K#6R)<e)%{^0OX7+fCVLXGfrR*^J#sL@csxh5-ZL&w@^iNH47AMu%3i56mDO
zIZ!GC*}-S<kFSFyAuAr}n~H@Y0eyInI`_c_uey=$7Vc04P<$es+BTazb`aN6644b8
ziZ0XqV4$oGO_Y2uPs=f;n!mJuu^>B=C27*o2?>xzB0d4qxZMQXd45=I<?+~@QLt7X
znKooOh$bE^CpcWxi1abFwp}qx>BH-#Eo>jH_pa60#7VciVE8$*<a_hNwl(|Sgk<z(
z9qrYw<b?{-uKU&4{+G!-_B;EoIIFhTyxnNG`K-P#j`1?V-D1F$w-dDM;1%-zw2)Zp
zD9x9st;1JGmY|ZQXawYwtvrO6GV3ZqPJ&J9Y34vMF*LrI_$zujrlkb`31>y6l}|lt
z-l?LhpO=<==Er1awDIE7a^SSTC5&`<qnM?t0DSstdkd3|VxlcoP8bax6@8<ow|*Sw
zBZ64{iDt19jINo2_gsa(37o!Q358}OiH^b3vtU;O??w6mYKXF6y6i7pjRjt)GjO*x
zK;Zb;b_v$RSluhHmhQRI9+)LCZ;;*H1iRVz<S2t$v205RF|s;CP9ct5NIi$@(%hAa
z0{vMBXerpNEtazqs+zl+`2f<c?)(+Jk-I*jbV1Sa;&8;n00J9$*b1n;I&MDVOWkXr
zR#GaQS#*0J&z|(3S&icyy^-PfP6*7yx389*{Y7$z_zM{p^MPc!pV;ugpaTf{{gH!l
z-Q1HDcNX{7(MJr}@;S;iz2~|d>m00O>mDy{ILCXC!(!<U@~-JUX^Gz3-|7>;Et7xH
zf>brdxN_yYRM&2`rcc3GZ6V!qWVOh5T|<0f>Jz(ok$dw3?}&JvvQfuD;@hD#IkiEM
z7U82S&f^iXA%YeKT*YnSvCPFrlTo^t1soEfIVjvON><Wv{`X;6vXkm7FbQ2CgZIuX
zq!Rj5LBpv#fVO9rhST%dX}%`t6IFwx|A=hP8(LBBt?S<(yj+=1QAm?DhyU-DD1I7z
z%A0<DC)fvR0eT}5pazGpA7*|+T+gFRh4y}WBdd1@u&O1I=2Zcn&^L3<`q28a4)kT<
z|GR0z*OzI31{WgftCv#Afg~RDz$7vTUPdrg693q~usUETEtlSoWIvQEYlvm`LzZyu
z5u~cmz2~x3s|gsJ-nq=5!BCeyrRW}2(fgu}V*M+TI7n^HnUt^s(uoG44Gh<wOcJd`
zTT384fIEaUI8{q3&6c#0GS2p__wStiDx)>b{$u}^--Vwg`@)E(r`#9*ysN-AGigh!
zPB&9Mu2HYs0%|-;1ar{RWTf1rQcg|hV9+#pko{u$+;Fu3Z0$8gDW%?b=GOH1`5f1p
zdOM6?2~?<5Yf(?5&bLKjG&1Eck{<%=`GpZ9DTf};yuao!L|QfN*(1TY>bj7r^X6P*
zSHu4pt`Rec(If?^NEtp2+ufDk-ReC;xXsWb;?;uJ8^^G-dOwa|Yu2yDk=ulb2juBO
zT1mNTF?(tNC3XpgQi)z8x!qjT0<e!Wq^kggWDHyCEwYu&bJSC&c~7i9WXVAa7!f5U
z@gNjo6JL)N<9LoA(M)D75m08q>ZVt!O;8a*x!JrVf$Q*=Om2~+MQaeTvg1dU;YYK%
zsO3||rIBeoh&Iesh|APa;AGd(&?}>h%W~G|EOXYk&sE6cC9}YPcqx54DA+dE!DzcZ
zG1m!O>S~{ZfskgRqR&M}7380>a*&g0_?Nsv|Gv2Ve*fkIA@#XwGW6A$Q^@7U#&_oG
zZwrF~h_(Ln6W>w3X)-D;e34dmpjH^UA={p9I#k~}m7LI8F$T!~Swat=&YJuw9MY9x
z#=ljKwDXvE(?QX@YM6B%yDulvqk`crhP9cmqat(V_<5|Q#rUKQt?Ai-Y0M923~H>2
zHYsDZ_fiS@<l@M@7X_d|2SwnJBArnrvvsXCDgI)lM)mvSUv*T`N~8)8@bwX$96*``
zEkXq`Ub#g!jb$2|_qhF0qls1EkW=Cx1wJ60(tki=lncd}{0XwH2gT*a5#R~Y#YOI{
zIM7cpf`+;#9XFAVxJMf3Ng@|#QhIxPcQ@25`K;jYhK1F_U`^a_{tNY|g5<aJQ}~ey
zRQPo23M7iED>|7%LTu0?b7+=;zTa}zH>u?+JaQquhd_QV;6G7deFswt>=>{DflcoG
zoKKac>1tpet$)_12p8=+lk$Jw8A-2uk55M$1t4U%iR=L;^W@U8+L6WL9{|1r$jL?s
z73u)QXCz-q$ocN?oc~h?RI=|qB8%foiz4&;<4hN4&6-xmo67~L<WkROeVd-(qCsYe
zQTEOnHY{TH4dA5Y#8cDlY$5=XYS6wkv9$1uX!#WuzFQ}I1w+8VNKGfOuzC;D3)d!Z
z``Zl14ut>xUE$u9Ke+SJJzzH^B7I)LHUKT~RQ9-Kzb2s12j2gm-&90LeufvU3-_Im
z%`Fm@8B$Yx0bV;4!W6X1ob;rZuK_x&=jK3ReE<(oUCswUPD1<s%^uyuXa-N<nA#J-
zvUTdS)V|H;F;LMtMH1Lz;2%COXQc)(0YB3@ku_hr%uzo&id}_{hn?N1(uF~vm4UD<
zkxY%lRyPrZU-R^J{FQI$=TyDCygX%7hdjzW7bJKr1-5>Qv#0e_j!9VGqr2U+yYEZH
z7gh_>t4znYdDwy*lz(Y_)brJP&E5d1m@*x~U+e2g`xMwV5(0b8_Y?FLm;jx7*wI<h
zAkfjy$|I6k=_6DxDm*3go7Edg1!RdJmg}>T=fE2hk{i+zBBmV0W5TD^mp30a*Nx>A
zmR_umX7!E3|H6gCH^mYEcr^7k=`AM@ULqYwWhpOFCOa2hI`5OTM18h;{8)AsC_QOf
z8PD6iIG)n<gm(<o)}`V9UcJJq>~M`Nn?abfx8|xM$8gjvL<?=4(c{0v>!b$9wp)Up
zVlT`v=Ev69U#d3+n1P+MFAs-eSziHod6IhP|D`v%L8{_#n*t6u!bmbSHNsG3Qqifd
z>GiJx6txlZpu{o?;Ly-}Km%D+<*=5GuFZq-A#)OWd_%>O>L@X2B7k8?5fC!OMD!q2
zN`irMk?2#!H`MfMs=j$)4Ts_3YJ#p91skQpqHYF1wa9YXG?l)-wn(Osw#c-yFdH>c
zE0d;?T1%T$gppSD^WE;HMa=nyC^^`BVn(~stop#rp{X~O0fI9RfqNz%CzS?AgnqVU
zj%QIvfP8M}D}u420N>0AKd0a`%+2{2P?nUPC<_%aX~pIWY2(U(y})fR?5@A37NhJ*
zB_HA5ceQvyC~Q8&^j{oVE-8Xm2yhJWw1_Z>Euh`xVmpiU707ttMMaw?{N-1K3Tt9C
ziFJZq()V5|6KUvKYGobJML(N8lAWCtn#~ri#_2*tLiawJD3aHOolJtgBqIFrC3Qq-
zu1F(d_8ED3;!FEEd;853NU|9YUj_i=-y_C4j{d>_y)OBIzKWQ|1pPI*^M5>2D1MWV
z<0^U@JZ?Zl^5DJ?kt`~d0!f|N{NK9*LpRL#oMn-!DT%4>39P;@i<W4XV70A${yZj<
zh}G9x01$4S7%jxc?nq`0*EM(`L}0Zlowva};%iV?r0*ra!Q`cCB#ByDqsj7m@SqiN
zcN+3%W9&YG@v!<3F*7MDN;YNY?DfJEg<I?$($TD~6@)YO%#rgf;CA=dj*`gz<Ui?~
zKYyP%rB?Ey_Jf-H0Kes_<Vw_tZ~wz<C0ZoGBatI_NsI&#dpkV{9A@Sy)NUT_E^a>B
zspOG+y@MyL*a#3-{2bX+Ht4J>msdrBe~3>R$!bbXILrk2b8;W6i;$D2F&slA==ea*
zzfnqgd1vX#^RH0~KUz{OSyO#<ZxF``LlyX^6lL3gI1sTN!r6y+n@n}|@8hq>x5Aol
ztHb~0Aagrh{$326U<>B|9s)w?sMyqgDWub6!l8%MnN<OQ1hrw~od+T~M}ok1i@hx&
zD2FGg&2+k68hhF(LNmO@PXo@>N*XRqKrJ>71F3uq00W!D8ys^GfeHydVOiu};s+if
z61!+3V8Te$?&V^00zI{}wSZjOqos|K&7|7OyjX6|VPcX(FXb^PnHS(GX5dlixcDCw
zczdZrK8e)EvD<l(!B2%Ng$9gj6_b0{(r47usm|uc)yDbm?U62jrzl5uXPy`;ABwD6
z6X*AruP~s}&T%oe-9#Y#wbr4XTmIdNO586}xF6&^6y@!?8ad!HX;W#o-B!t_;B41Q
zGwpVdS!2+d>JUGZT6b7$R|j6Oz{pNMvL{KhB|b1ve9{S%O|(NDzT4rNx3)KsS4Ye^
zC!o8$W?QJlx<qUtpdYL$<@|c$;&meVeod~q>z%IE2Lj>@tRvG-S}C1&+Q+79TN-W8
z*$n!Y7gJq;9B8i1F?474DVO6U`&gxIHFx3kdq%dd&j)Bwf!!?Q=z=H+UY-<)qGe3X
zungK;q0yI6SzPwYEllB=s8H{vD+i~*NJ;ng%C!RbBH6)#tNL^{*>nO1MI=$TcbG$L
zAmrRmREa3+;?}nC*8zhR7SBXFMwB{p$*n15LwD4QMbIPqXe?*Qk^gsjgi96aj!Ab-
z>rw4}vX>Ls1+(k=DSgdxU%?RX!;JPz<hrtdn#HS69bai*e#8zwD&H-t%5TO#9%?T2
z_kkDKw(TJ#=}E_9$_8XZ-7lnhE_^`OM}9ifQ;h>gejeZO*29vwzl6(57QXiP{{Bgk
z%xrd?c3=qu##D!03cxC)FMcHx2m5#rCaz!Bc7Q(DIJN}fwO!`!z0obR64X|x<(oAA
z+yLjNd%muL2neSQaHoX9S=U{ChvV8`6wpZgET6m%yPiS#p+O=)IAIQyI@yN5y00|$
zzz1^T2L3*$ze9--@ZZ%0yGm*@_jj5e2ijg-k}ZexR>N0#nk9?-R_^1AQQ{$${7YG`
zE>Tx%aO_Lje)ZqdW^M&FSx<1Y-MvNog`C7uJ>j^f1Nvjgnh`c+t_n4x=x4ZrBm9lW
zhAd%&YtR>-D;8ML=i6TzR2Q0aJvg>QfE<8$083myfDIW`=h18nv#g(r{Lqt(Y6<7b
z`cw3-$j?4ie#3NnS=Fq{U8hDN1M2;|HHjAdH?(c0$~Cl81HRsUoYD2@GvVO5b+h;N
z`LhDKHM}I}>i?t+0=*ib)0$@5kREH>F@Cuu?GK&hoj^lN-{^_6sLHg~>44yDcK-|K
z;xwaO-;;zVM5g+@Dw8x$#+Hu4@<=ig&Tm%3pWq=UTeApS78<s546h6`;YH-Pz2MK{
zeDANZeaZ&SH4`H@W#eR&v<=>I&jOq?<O&6_jBirNGXy&_>sI6tb}pwrlF#Y<rCOy^
z_WTkAkn{2>VJnE;qT_*UQtirURxWSoh&8XuUUh)f*}jH8ywG7@(Lt1eZc!~T#LzZ2
z*!g815g5<}uanVV<QvP^u3mnJRIqQSqUdkX*FIbSPxu96Qy(&ofX8`%k^`!0Px_LF
z@ZB<`yA6ju+(fRU_0>6s04d!nkHxE@Phb~je%)|;jtqN_F(jDId>skqZ88xR6|S%E
z&9;l1gEtc;`j}Z0sq8GpXsCQaKI2&JrhdaP$a0M&Zi4MF{S4Y0P!kWP1O0?uwo|F$
zF+#d~>o~TDdkshnK#;ht4#(jGqz7?}K~C`iq_gF@-4GKVb`EyD+w&sis(?69h8YdG
zSSjC#ItD#@L{2aVL&N8FvzDY8eXWNhkxf11!eBb%Ejih>lbSa&1W{PfqYGSo3Oe`+
z+C(-`8NVX}ZO<}3cjwQ><EtzvL_0#ZXqIT_934C9H2Z7F4Z(<ZHgZJ|IRJpsF;Z+h
za2o<b-f~+IL=px+V9e@wz^5o{g}_eSK_luM?dlv&ZQaSkaTKuGFVfRE-TOeCJ*eUf
z860B#c=3c_4pZzQLoW0fgp`@Xp~&~H&@7sxeA)#Ek^4#?-17_i`{tf}eYcp4j1D3~
zc(n{1wpo7a>kY+N4c>k7;9Ywh(*8*~WKEuu;M#-*%kh~<hGO&_5Q4r8LF0x%&=xqb
zQt=KVR22@d7&h`e8@f|4>mqM={$sR3vTN8(^aYQ~i1wwW<xO3E-X&kZjJv~U^u_$y
zjiY>Caz=!X_x<BqGV}Xbf-5bHE;_;DbVaVFcwCA+a8wd9H>w@bkBrBB=FyxJ1byx{
zk^>Mxei37hLeST3<HJS<US6@5pa=gEqQJWU;loJ1s@~38ug37SZ#!--g=%*?_^5s6
z%rt#0iLWuPPt&29{B8{_ZCQUX?SlVK?nU8RgRl58D?Ksj?Iy)6yN3%5;sEQJ*!<eA
zPL{>UlmY{Q059=D_+G+ki`qkdGsQHEM(df7>Y;<Fatgck9g?Aas6w||+Yi+9{e4JV
zYK*osmCD3Or-BrpVbW~#+TMYm*8{trrQRp@TxMNn5|<eyAJUJjO`gmPEj5(tza;nf
znz&w#K0r)2dOv&D{IkD#jqnOO{oFlCkMOWa{F|jKu0I=Zz;4eVldiT#Y~+*V>RXO7
zw0WYO^mY&7*5<hd)+zfSKVBF&QQ9Ba&u=2npb7+eL{6OrN$qpZ+QcxJ@unT}HY;)+
ztZ$d`WtSx^m96)DC6s-U$L2q-p5Ha@V%SsOZZI61bo>#Ro&;&8v!}`2^KHF~Yr<P6
zq|nYT5RHc0%hXuZOLzGMq-;GB3|X7Xj+jBb{RI6Js;1QegXHCA^LGw2R`0iNM$+X1
zC?WxVoOvbtpM<rg@2;lxGt~LSUi}p`3Nn^yTK|3z_jRACziB`puc55E1wJiXZB@ax
zz{_AaNDKrPA>GAP=$o2$QRHH%*QTgeau6LAEin|^5Xs7zMQil~zzeL^PmreFVFP?2
zDLuAHs0T7q?%=BtE#w2mfFjk`w{6U=X|X(70K(F=Mmgx?j|cCyg<_vCR{wt78jbHs
z9m|1t|0*_#huPPshh3NB8%Av~zU}_OV}C=+i)Z}8GmSjSOi<q~cO)2h_pu3vHyr)T
z!QR|IF8D`@srfi~a}q+|QS|S_+@IB8UlOH+jevkZp)rtbjCQs*4Cyr31ystM6F1aX
z($}_%hN~&y9pic0(5pJ#gwTNGG=Sv857+VchD7+E@#4!#3&{;@k<*SnCMOi84iS4;
z<#%QDkK53kMsKmaNJ@>Tls%=qW})Ru**ENle`J&&0ZU1NWl-4lb`Y&^ZXPTH7y$tK
zlC9hvFHe*E2u#-n<2ZxlpT0Rq4{3p=4M{k4??SF)V1x`FL77Zuj=G=5zhuZN(xErT
z4JQWyL%wQSadXUoHBIwG_OYuSM>cdeU{2RU`g;C}u{u-Z?23&N9%izM6!ugeie#m3
zB6I#vi;xXKLrU`Hwv1Uw<7BH$Q8%d)km|iyR!yV)-U$0kYixY1_E6F%rq7#Q04IeB
zh(cZ(?CvG}!HklNit<bqb`*f;8X(~O4pCuTEd<iFRdoOF^_zGL&A%6U^EVs2AveXr
zgtvaJ=cUE>8kG%|Ouf$|vLT(Wh~)yD#Yauf>xDn69u#d!PVuQr@wCIbZM>G!p^TJ^
z@TZuAA&ORZ4)*F+zzCfJkcXDj1oyv2DM!l1+OSf|vEnBZ9FWmJB)Pad8=|Ou#(oz`
z1bj|boDgB_=*q6aQxB-lhq80!^VYE|s^R<H{UxOC!#4ap-X@=Y0n6Xnvf)D3FoNb!
zPH={7A|X|wIX4*W#bc~xK#}T#<nF~UAB5Be;ug~##{wh-;_v6Eqs)&||KU<!|F4eQ
zNL*xDvkaW^RTXdbnoA~N)H>CWE<GeUPWX~o>vXQX1;pzo916F_`v8o4F9aAS(Jf<T
zw#G}QBE%`FkrY{z#u5_b^4XC;0|2?zqM~_68(R?~{G4%arcK~wRAfO{Z+7Ro+z<c^
zARWKEwdG^DxIg&yXUXTrabXW5C18o&Ut`y(ZgUh*;h)&}Nd&1}a(6*=<6Iow_p^U{
zU%K{m)`G@Yj^^{iX+W?IAWO#@FO~%Q5I{*-hClX<WQb#^Jqkbxpo;p-Y-jyNZPSU8
zIpO1w)Xn8TtJ&3u7)D3|mkZqVp_BX27-$HOoCpBe1o%aK+U;BWx=<9J?|F6?&~eb)
z{0HXrY61{SR$pJ`Z8UAd$+`MZya191$sdKlx^NLb%r9us((@7D%zQ_sUN-Dhaz6Pz
z#^kVFSd?<)gDBHb|580vBI!QL=weWRglbdEJwF@L7*!1_#<%|8iV`&^fBhmNn(ny|
z;D0b7e=l!Q@!{V;ELA;?V(+x-&CAPf-xB8k-(D2cE{IQf8)Rxo^zf)k-eB%-cc1IO
z8(Z+2d+IBN|409guHq%7qQ(7Rf=?y$OIG~b>t9m33LRnW?hc)9_Ftu@{PSQFjz~u_
zT={^JXt**b;NtEyuq*UmNx-M%j&*~aKOUI>$j9??`?Brc+;&pz4H3P7z{c}njuQ)+
zM+xvgfiE~>a;eYUtdF92lGve%k0g3lZcN`a5U<j-Td_ySSIYg-)sbEHKfHnQ@8Doy
zO|ZF?Y&#bafgA-X3`h2Ay}V|1gFXHEIjH~VnqTut^2JSIk=cz+q9gz0??nKCsb~in
zwlmk(v3lIh_qALgx$jGAdFi15j}#w%^nM>N;T|^J1ii!J$h{!E|C#tGgFT&v>{9|y
z2zJ4VTc7rZXT9m*A5)N?TQElAUDdSMa<*Gt=k`oh)|Y2hC^hYsms(xIJS$#}4DASw
zI1Y5GHY%C%gLj2cjM3D#nhU5hzu7e?`K{FF^0(Xx&Ow&8oeYX8e9MqwwabTOZB2@8
z2o14#R_8XiS&-vlqEc-IqV7wVfxAtD@H@vBsEyj4X;bRe`fc|wW(}5o?JK@xU2@eF
z4aCGLi`rEwE{PO!<HVpY7KAs*?WLEfKVMqD#)`1(im0C^-`KnIDLmWpCuOR6gw<<(
zQtnbKV@aJG5<h+Ajg06KDWEpAT`xw=$J*uK(J_C%@dv~xBXCq`WJGyVH2~D%=HzRf
z<FaZ((@SG+ygHXZwq4-%&fKgMV+Y<wW_O!zcyG`1t-qao(A3ylQ0e2B<L|FFOPYX~
z;rb5xzETv1y88Q{?2@(L^?^XWt$BuWdPMS1ggMrUPrW(x<<GU4m=aHJJ+{c{3zSsO
z(M@{HYj`uZ#bNnsUXb#$z*blN$f!qn;XsH;cago<#iO|tnH-%0@X-^@z^wG>O~XoB
zMe0t2!)c(CjkI*wQM0Ri{ojEgroVjY#|>HJNNH4Wen~&K1!Mo;{NKbZ=v_Um@vEp1
zkq+nJ9fMR2H<V;R@lADg7}jsnsd)U_^8EJOHmS*Wy?M-*<MEdu#~2SO%{|c;p`wOD
zLE-q1Yt<=5s`hj5>zbNj!YMBN1*W6f<uyBe->)Mj+?L(c;BTB(SkU2HB?i|aJ0WOp
z+t9PE!=S>??nmQ&Kb=I7Xve*fr;)2VpO_`ZC%e(QX1_x9xh2;fC~hJp&-31E^BO-I
zZYfClt*<#R{|hgTxEYJSDRDo$>s|1G1;~@z;~lqz3~5kVx=elq;0caGYAE{Z0dy3w
z74Q}64t*0}r{6a{o5BC9#*IfqL{5z+Af(`>G}>3esyVL-SY}4wP-PIeO4WCyD$R$@
zxBqjC9KS$cCH^|@V|>$ZwoX68!%hbQ%%hm#nvy?yUA)RNnt#K$++3o&-0da1dQEaL
zMl}}RWsa|!9ud+p7k+nRE<8o;KS-`Jo1I|M77S@v3&|5gZ4JJnFJP#ma&rEm`cWme
zHtR~U^!A<Nf5xhY?f%{kW_(BF(d4tp`L}x)^GO{=KG|2h^}Zaf?L%s6>K$3mZ$z@!
z9qlah5{-tQMVfINxz{p!$dMqE7^%EL<a64t+I>j(Qn1|E4>L32RYXNd1>SdrUPtg&
z$L1u_@oq7sM~Y~!z+G%?-HtK6A1N0%^h}9POZ}$y3bw<-HL<xqu}NW!4wgBWd_KIh
zEe!TMZm^36P2eIgo`{fL;#aj{GAc4Eem=+UR28I$fU=n{fH5$7L>+{*-s(UjZLlqY
z7ih>yAU*-H3Pl2Q8kEL*h+?7%02u&qMcP980Cq<1_6mtd&f4zcL9p#<^c{QvZSpaw
z{#s~crvvQG2w-s5G9n1cEgqw^205~VHSKGm`;3q_ekh)BEz&(DzJ)8M>+E85aR~I{
z2&rrqxcA^8Q@UQ4fwrWaNF-&qv<-(x0^zou2i0OMYbm*}H3+#kXFayEj<(>B#U)tI
zkbcG>FIWXc1@Hq_;9A4>EPWt}U@IVe*O-xfaIJ~6V67tIT~gkLe~a-T2K6fwdXW|m
zz_}LuW&neP51#pK6R$>|rSlu*Tp&yQ1~>9l@CeiLmj!NM>K{E`gBR-VWY1)=)NQW<
zz?c2=p51=7s36fi2v*cn_T!K%w^eFk{#PWHM{wZf$&TbP_QB4xz&_;g!iJzDay1I)
z(*syM9`&Fa78wBHCkj|0=%^Ne`wiM18v)pmEylIOXCfXeetP1ukS3R!)J<`}PR{0m
zO6{o{Mw^eK9~kt-+UeExJM9rWyh#O+AImR!L247(tEYZ*0?RM7`sCV{fognd@&e2m
z%Tqc$)P*z8-oM)dlC?T`Q?}Xx3SbHR8PU{lp3m9FykVrv9sBO%Ti>pRbXlGy-xFX5
z{Z!dQi>ZAj8mb<(oN#0GBvX)h;%!mNOFGRvE%sH>FJ*wPxNT9F!M0qvjl0s5*H0x$
zO{v|m=B;hL`GUANO=8y6+h|v+uX$~$GBHl%55`^nNaqZI8!SorTZ@W3a%1!~GGnfE
ze7*(T!nKrbQ{7_bYyZ)3eJ?H5XWxOM@H|x-rgN22tz(j6FFeN*{bNruWnZ*Yly@Wv
zmuu08^-ZBGm~>sy^Cwc`b(bsbFox33>hF3po$o7Ajbo&Q69VF9l}7fBO^lq6^3y2{
zL?XvOq|)t}y`(|3HwjI9ZW<S{k!2V{XDi4*jFnaKbta?~QQB!Xd5;rzD_4UKo3|A;
zL`Y&*U$!IIY}2DhlJ#SrS#a<t6}(LB{3I6`%ZgXM0*oEf7AAKor3L`GSczi*005Zo
zQ!jVXb#t~jC_E=Z&~E?F;>PZ$j&G3wd^!?pAc6Jf>ui37e_ks5M3V%Rw}~GWKF5c-
zJg+;Y{c~J@aVL#Uo^!JWZ_hze*XOpjpKKPyKpN+8^?LACgdkROKK`IAz#;kBrLQIC
z^vB)dmEFyNWs6C83kd0NjQcEjE~R9~Vky8kz)RI)Qg7Ugo0*NZTth9No0@y*Hh${y
zI&bRxma7e`1q}A|?xb_^ManczyKS?x^F&I_-*Ey26PhjnfQi~*8-hE3Oj@Y!UBb>I
z2C!Y=f8mC&0tT21FAb&G@NHwCF8Z*>upt#YK%!kR&_aOoaYA%-kBm{Xxmr6!r-+1`
z+q1A}QJI7Jn^onf5+O15+o<GF#CnEea~i=#M@vufZ<C9bbB9JGOxm~;X{&0#^Z`UK
z4#OQipU@?;9yc2plbhS6T}#XRyU^SH;){96?f_XJC4fUtQ<v$V5@`iJvVajXa23co
zEIp0%D>Aom5NFEt<MyUir5rc^7PNc(d#7xk%MCF?XWd<}H1McYAl7Q^;-sV`>;4sV
zi?`Z88@KRW<EFI`ktop$SUmx+6%QQ0bN??~0D-+}kv<9S664-_6Mp;2=y4^_Sk>BJ
zZ1&Rj&K%6~1dO{F|2|ry9N%*GHpi$cVP3Sc5)wis<T)fNqVP2&pQk>n6r4Hb_711W
zOJG(%+^qNozS*9A$nMR5LbcVQ@|96+XKO2)(H8Q*MV}XAE=oQW-{05$$+~_ej>7JL
zEBx`Tc(+`WHllR1U}B7Jc<(3D9+y<ynht9g60#}d8L}l~dgAMT*V?2x^`vrJYy@C1
zH@D2funr$Ft%*h?bM`vJL}xbA4wn=;9R0cf^t5ET$qM@kiCz73za?{cH_g5K?DYsW
z0Mc*v){VghhV(EoDq8RV7aBCb=Sp6u9aP|7l07(#jmG;$ys(%gkQwk*JF-B#L%7|I
z!R@&%{%Y3;NGDj<^3yK1;pUHzWYck&pyoXmGIyl84|RL(CH{K|?3``}WY~hG<osk>
z19S3P`F0<$P`T<1jPGQBkk093K!<wt!nU`PamhiaOClT(WcOiH0hd;H!M4zSw-*?z
zh(~wpVVwbMMQ)$s1wiI~;WTnev?$)G-T=S5Ff=3h$!Q0Z<6QMR(xdr+za3fIxnc%A
z_8Mo>l`GjbZdqfFXy}gL_0%c*nEH5478r1QJ;X8j)Aw_>qZkaS?LG_MY@c(ZZzUQc
z{F8<GegAOKqd8o&<_P<G7pIl;8}mu_lKPNjj9>NJFQd!@z4UA|TwL_nUNZI@clGYu
zP5s^Tr(`LbBlb7l(|j+d4IvV?A4W-5AFP^^e~jalCC)hS>HXV|QDfRh$}C2SX{fa<
z3zZm$_3W-Zvv&tR1-mrmtmxi%9f1=`WR;`&2SY(QkeQ6G>dsz9epjTI^I0Dh&Yv6r
zTnlm-ZZOtlZbL!c9bH8E0pi329hoMIKyMam()R7+(7hLG=?{3Dte;c8dt^kLUv3Pt
z<=9{ZyR4=yf1vfUi{((%bR2K75dXP(rochYD&V|c?>}!Y4iBA;<MorQ9#57>McZdQ
zR|7&r{MXyM`dqWLAR=2{ooGolq#NtYWJTqIv3&-RX%nMDA$nW9RD>z^t7$Un+p7bu
zz`BR<XUxR87KswqMyEjsXZ`)N&-MCrR`S=|rD1ChSq^Td3_X1bRZV?cb|BAXaoD`A
zWQ{ajx{q&uX1mLb-ysFgD3zL*G^@kD{N=1#THDKy-W-RY*(z|=)_xh_E?BdV7k+ta
zc_UMQQ*W@<uX?wm{jA}!mE?deOU#}eNuokRlpL!8Zcb$FwCe6DlY~~~#lbAL^FYy$
zn&?L%vx+qu>h+6pq-<ZrH~Fj1TAkpqE6v0V(-SF_Y*2^$(V?u;yCDfBtS7T~V;J&z
z=^5Z?bIyqM?d@^|P`QzZEiivK9yJ7a3`H0AJ#{phXmlDX>WLInM9prnu9ndhr`(0-
zzS_EEKa(`z`|j(n$a|M!R*c5VxH9v<HzW;VHi6H^r(PUA+OE3}Gbs@+u{B&zw{oEr
z?^Z$0j)i#tC`@Cs=+vPYy3RU<ap?u=OBzo%)8`CFYe{N?PT?QoKZZP>{3>YFU3|yA
zW_nm6W%R12FkqjVw)d5$<?66Tn2C5%f#88uXWlB^%i0gW?~2s$0kSLkad-V^rwG~u
zoz*kY>eaFkDrWU-+nS)@hbr|@svI+?D8^mo-j1i%?#(BfdnO@*(q%dpchUtv!xlNx
zW^h6q?|<WN+Wi7&XW#cKp%=dW$k3f`hfPq;0O}h${wo^Cycx2JQ^<IDg+nQU#Gn_b
z!G*!6VK>tp-4K2c35NgPz8Sa*Zdt=xcmnbEhzn~G^ul7SYeF)r@F?iJbE9~v+g8s9
z?Np*I4ZJsa;Nima2H$yY$C>PJbQIquwas%f_$(MZCrg|g*57Ae2n;t1bZGOBPqQA`
z8<Zk?M&A!c|A-cn39~o}$r&xjjAj$PU6+cXdY6`_iCVnO-a2l)z5Fp+13#oHp$30%
zjOBuCRc0Tm9K6&xl>QV<eiQIGI1{n*67sFE*=VzPpk}s_n&BqCzJAd@jWw1-FQ+5)
z;KO=PURM7xgtG|-I?2X$ARw^4A*JV}h_S+TCd3#2s1~`@($CZNvlc8w#+!R1Q|c0J
zRO{-9Y#|7)O5s|Q-fiYBFk}y0Ij}d#21Z8;SFen{A}<1Dv`sTYVB3rIMPn3KPlSfM
z3zHNSNL)_9kVL1T0GAi1fF>NI4TcN_FuLoKARGRZfI+GF6BNOaV@M1UaxH;zmEuB9
z2HDi_X+894M3n=;=z;4**_`>nw%oL9Z~`ZI-7y|hb+-b?UZFX?rz^BC))G>M(;dN)
z%Jw!?LtxWHn`b0#wj(N({6s@KE8PX(=iH2pJasSfJH*(WTM5^@^74t>i8daJ0Uo@M
zh8+`%f%q*<QH^{UR!Yu%5ND!%8>h-xQ;|{@XNp*xJPa8*D%H`BPV0p1S3Kg^1)EZq
z+rQ1wwvDkJOYj-=i0c|Sr!^375LHMRsCn14)-m8FDn^nx;EGth%8Dca^1vCX-bS_Y
zn^{xx&wx1d3K8EL8MG^pP9yErn+nsQjY=Qb->Qx9zlG1j`MdRvHJP&PS?3)ErbZ1n
zNBGqRG;KIFpRj`8QY1eiutiLPIG|tVJ;b5r>Ym{77md(HZSiEkz6PBG$Ol>o7gCOV
zGIB&<*5(;ZL{)`uUPZkXpMXreGrQG#I0n)RoOWSj>LsG=wy}dgQP2iXXajP|#q_rv
za#*<Q2x5p#y@2CjND2%|Y{!8IQ=1m<iB6=TAb>R3kwvwWGeBek%xzHTN)A?}aCaqA
z-A$KBO(>~rR^8>TkeH2`9k{I%%^h34?XLPPRh0=w_Vxd`d(Wt*y6;^yR0S20CS7_5
z3%yE}-U+=6NDDoL{vse%kRqJ`(h0pJfrO%h2-2kYfYJ#hNCc$$-u%x0oO8#x<KFw>
zjQin?J3p+o_S$PDdyL)YUe7b1iKtulw<8iNL49^E;x2<aGM|TZMp$;s0Jp9P*tP46
z)9Xe$?hAO$yswvKj8l0fQ>wDXl7;Pr%l(PJP7}u8l5wWxMhxm{EOv);@+~iV*En^#
z-vicV#n<bU@oebsd(hQu6pr&n<e(eb?1NGHoFMn(1_cH02A;nlt$axL<5s82{^Vsc
zT>0y+<jEHBY%CYqntYuEUJ)H+7Mv@;vs{XL!PXj45~@(WeVEqfZhoBKoAX<v6Z_)&
zqTBCAbzScqk{|KtUF1g!zMfNIj>|)mwyON@ZqfA|!hfv9(TUokpXa;TJzsz8(ghj0
zeZ$ZitBS}^2{QA7KGkiAjW0T5x{ZW(-kQLkgt)xvCd9JN`@8zUdzAFb<jI-k<9k1{
zTbF3~dHtnyN14*RswCdp(hojeDw-I+Vi#*4RWn!;A7!*Euxd)kdC(*hG`vQ6#IkQ&
zK9HPE26?k~+6z-%*!E?siWKxZIe#S^NUdAw3oZ6;)g5>$)^1?kuFC{ygS_(vtqyj(
z4aVv}O!J=TF^@;^WvhA!)`-1ML-^J#wt0HE`O=}b?ES<2JY?E5V)wd1&8ZrJsv{vt
zI)B<b55=I^=HO%)#6NO6x!0rl+{g9-eZ+jJ2S7>)HAX)6Np`~D^I)gds>t(ptq;^M
z?uvcGVQyvS6Q6T{IS^@vSSc3Yk{Nl**9~f5;(Bt|W<*eaI1>PRxzBReW$~^4A>&=F
zG=z^mLCJ+V`DiHl^K!}NbRo$%oPkf_pw94DZm+M!Ou1%X$?L1_tiNqHroOF{K{qO7
zC+6HqopgK0Y;=5&wC!+tIypCkq~eYh)RKzRmBL|mi`^~p6qyUu{0Il36h@I^qQTGT
zW|u?^%f}JIV3T}lJJo?V4rN@;2VfD_?d09B<@4W4HG~4<x|<7D$!WB?WR)7`{ahN~
z3^duk#p?0q=zF*sd-=iCxwM$gC)j)nT_++14T{;u9~7wZZ#cuN*o~A@-oK@hXg$ys
zwn){p^ny3}+hU{6CrR)Da}=jTMK7PU^NJ4@v%CS-`LV!rUs5Ilh{)P=e`P#Q&B-X{
zZ`9v^{1rOTBS5PYOH_Zo?>J&;Y<xhn9n^9DIiv9~C#?#b@iVr<yedB9VUZK=aov+a
zhQwgoS!P#e7go~m1C<Ogo5KFl=l%T(@cvJ&taq7<0L(ICtiGOV>5`NmNoq(U{(W?{
zF5Y`~?Qi9PhhBse<2e?_&Le1J+SIu<KMG#_0ksu`B9Lw?{u6|TR$Swrg#54!F_CAG
zSqKAjMtEBMJdJ*vb`h#UEOiWl7)t&=<O}j#D)z8*=JJq|0o;2+F?tPLUfvwDJKz1M
zw|@fv9Id=|8Thl-qO|zLY2-t^r!Ps{TS_TrX6_o2!4C52FD0g8X-~?Q9Q6Yk|J<lJ
zl=K_$bUYcA6hTZcdyPI@>UcnbC}IY9#RlW?1jmxAt9plj(r$Xd;pZw&{U!f=mswm&
zFGv<hL13`x>X?zUn7^)%UVeTS3A{(x_#I(-X_M*RzGCMwwre!ofjBDE2hocaOL}z^
zKN=QSSfcv=?GOH=SosTx!O;FKu>Ds#^>-fHwV6jHSwP?=wq7VzkEl9!mA8fvBx7k`
z92#3ImON;+4-8yY`@+B3Jc^=v^@?dZ1)(jD=1tYy6WUiopDB)+FNTv`h9uwWQxbW+
zDk6G&NnTnK-nzm9Lb7z`4Uthw0WZ=n{nwF2{~AR{K40#ND8oO0Jo)8({F?A9hU@vD
z-G4^HJ3PV?KWNZz3@4HbJdzRIdJ3Eu8yg>*Utsf?N}L}@EOjs=9dB+T+i|s5*E@u(
zy`=S??o#^mb=NVchqx7Adf#Qqwhq}jqsm;hJ9Lb$`$^r#-+67`-koL12vn6`NLs)5
ziT;A#$R$scCHbX?z|;FAw@IXktLBtX{{H(<vwM0IUi4;Zz4j1Ic`CcSS7MAWTTt(H
zLJx!5cqW$TR}6e7Cz^Ijwxw7#!pdyq$+n^oO>?xOe_a#BT?!G0Nv_3qR71gjhZ-;D
zS11aZiQdJ^!zcpbBK)*}T3<13y<dAXbmW2fBK9AVUdKu+qUjN?Fq&f%o(P#y4|l{T
z7E2H3+RVX58r__%oIIMUh<2lNSkjIN`{BXi*w|ZGKrK~z-cn5pyz%ag8|#y0HUP!h
zzru4j$n#(STH&HkuFzB`=fm&tqYLjQpXU=Hk({~o^o{_JVu3kJk5{bjLe4^@fAlUj
z2&>PdzMee&W%2Vipcp^1x_@`I&=UCp;#b?QtwEQ}kU0B*Un<xTD4nvSG?vZpJN+eK
zY|6VZInjl)IGCrHPG`F7wTE72XZz^W+ufpHoP~Y!AMlOTy<?~t1pz&1=iAqUnLHoL
zx_c)#7D4AMe1zdPrZSqD=6+&RI?K9-)m`ngVg~9q;v;Dyadu27SrOBsJCZV>+!O)7
zH6Iz<1E67w&|ICC<O8?h(4X^1@vJtUXMP>vcMs@O`9uYp=rrFq_{cC<geiF};%Isk
z{rtvsKRXo7e`hWyda8DC0~?PcUDhgHwW9eK{JHq?RXp9GBva^?!ixCkjWMP>g(=n|
zOs)c|rZRS+Yh%j@?#hf}L~)L<c2KZwv3s7@kmkH(ycVc^CVQ<L;V>O@YIQLOwsI=p
zQ+=*D!Xdyl4FDJT&~Suz3PdH={2WX9>F{T7)L$9<BLw<yB<?(hd@-?Q;d~uZrUVLn
zeeSt3ytcaeVr|>}&7^&&oBT9FbjhsNFXCKL0~uX<R_cRq?GeQHIfWdKG)s>6itZkd
zhB2jvsUx+zy8e09ely1TwjqQ=d1`sq0y7XyF41&#OS?b1UWQ-~mH-AIUie`C0L$-O
zR;*nF90c4idZcn0{X)WtDuCIYDKsP0gPQz6I*%xaetLF;J`+6s>Q5?rw!6TgeDF@|
z@=63hhYx@GVW2o=QGqaT_)9h>)Wf;w75EzI(0IhR8|s1mtnw%ED#q^fvC-KjsMmOH
zD>M8G)mwUA{`;rEO-eLkW$Jv+M-UmjL8pqbnxwqeuhrmG*>HZYLxPW-CyQ9AjVV9x
zIfn!>LxKr@*DJ&hcd{t#8pdvq82%GWts8#eSPQ`dKq>r3etOC==RL%akgkRj{Fq3G
zqV`~BHnW=%A~*uxNL22Rd{^5bs^t&?{ZLsdKZkZEJ$}M*C3hb9qJs`CXi+jNY$CV#
zt>Q6RaiIAL<)4l000>qs;BiUx=+Z&&qbzIVH|K*UeHL$^ww<4EMbOi9Iz@f|?Vu6m
zokZ5#-jcpbVL8j(I-;N$J;=y!uh%{LLF8Tjx<+HjnyEnOp-0eR#C}~-iJZvCz*+B>
z<QGmpake3k`5QCsbFt&yVRbBXw>y1a+=1jX0sD%X4DY;4hn@x8*L4=4B(=!-{)zXa
zo&#S`{-@>YgHtbyT*z|)+IzG@1?qQINodImt-07<-n$LywJ8R;0&XWb1+|j!065*9
zVLqbdlw1spo<Dc6%UwbO?#`klxr%hpnn<Y%t%U@i#kYTlWqx97cukp{_`|iFjHLWy
zz_$K^!n}`d<fnCEmrox#>>9Q)*HSahzZFg$4lp(7`e>RnHX<|hKG-*+DLn{vvK^+_
zm&k?zVH(yB8b%kfnDIVGXTT|_v;#8QXXSl98M?|G%Ffv>J<!d{`Jl1RVTfzHj;o5&
z$T@+)HZN5w<4(jDAjM-CevFGBdcDOkR;A(Pr|pG;1xvyZ#$nCrDa?!zfjDWAa{OA(
zX>kbTVUQFh<&w{hy9@3a8%Hdv+&8moBFKiD>4N8a{|wp`lw%|SEcB)b9#v@zShDpy
zB@hu+w-WaCMo2I4_Zrf~am|~UClD2pGU9l+7?~3Qklfhhw%c*bg7^Gw3O}4WIE0Zp
z&(@GU4M;ri8oPmfJ<QvA-dFbIQ5E347faF$n&~%*#6+UI?<%5X_f-T}vzro1uBv+b
zGX}y7D+(!SQ1`J9cRf7r48<&*tc53sW(T7s!9N~FX++(i|L<>vw5VM)^lCPe>B=J%
z)_e4e=5!`JW7-hw2fcjV2gc#Wf6L<k%b$L1jy{c*8O%OI@^kh_Vm>|d7JLS4SulU@
zr`2?@U|eAaoF{m6n4(BuM~<mV_H_ysXL<t4*~e(bgQdt+DLWoSj*$qF?6}s?pH@-6
zHd25e!HM3e^)nxGdPxTQu;5V{81yA{X?0t9hxE=CK!6486>TWkGhMa3`qG3Rgxrbk
zeDXBB`8eG#(bZm7t2K80HF1?NC6NWn^T4)Bm5QAr&qBSNG(n`fF<Uo6gxz}XEvOA^
zig?GrnA^)71i$lgN<Bd*@3k9J%5qJwfWfz5S1MGf6PC77&;a&sO15m?SOUo2nIe>s
zp>@a2Z*{Z-a>lGrT${(AGU5&p0uafkvIXz);izRxrh+^sh#IMtlV-j_xFTi>#8_~5
z^23HgmJ&Nj3g51rXtYmN#+mo~3QTbp*v-@9n=}(6a3kBXvr&nTO;AoWgRB|xx;Tn`
z!N*TRqSMza6J<T|i5dtAJ)Qp@fNw^3myBq!i)E7R;i36*agQU%^+?aBdLa`Wknv?~
zG$9pSaF}&-_E_pE3%me?7?!=)8T-<}mma|UeUa4l@7T>beh(3R>a*T=LRk03j)Tj>
z2@}`77wfPap#-51PJ^fO9xL({FTH$09Y?|ic{31i$~lx4UzNTU{>vAY)?2D&RCIxd
zj01hqj|O(%L<TW@A8tjAgWyF9V=FH;hGY^yKC(Jk$02)fFl9mceQE92g!@W23-*NF
zs%T~&t|xD~-t(v_)&*tT&KqUte$&6&%^Mow@VL9N0y>?Ul%pBnDZ&cF=Q9bD_hl(S
z=rrz$;y?s=6@|L&IekndRul|^s_evTHjGw0(n1%Dh*Swu0HsBlO5X*><8ci2quN@h
zlF9HTe8K(RV#RYO61Cra<|mSO?<g7~1nig)(>}h@3;B)`SjCKkjIH2W2Dxf>RVdO8
zm&}_bmyr=mT6B+v;#`tF=zh`QUVK0R1Hr$g@=DU3_;KY*^n5x;_3!$!(i15mv7ny0
z;PZdPZnO#CCgmsI9^lcXd)MRP8?l;vPsI&QtOE3NA9a9`ARiAI+oAczsAfE=+)p`m
zx%~-w_{$fIN9hebJjrqLqbY-?x?fD!9%{>(K9Fb7))1f1de6|ws))a}b#nWkfDg$i
zTAGY_d{lqSh-9@p0-izd>%+G^Qv4J#)!9Bq1V0gMyZ^*Edd{rH5&b>*eZo1mp)rRS
zFPP^MwF2rQQOv0psj5?~f+fSUv0WMHs*-;YGb#UV`i$Mn?X@485Kfuz>_P4f5ch{n
z;2|p)o3;4lgbWTkoh|n|K$W^th+KS&#8J|j-QZ3-tHsj^k)#QZvhIR8jU38l+eO5R
zsGV<06U!z5pen=M9JBlL=iiwee~C20Ddv3b?@2t=(ckf{rlvYA37zgmVPV048|^m^
zN<YC<<@qk|9lcBvrV<pwDtxY#dQ?X9TcF8Pvfi-w=ULp3^LIaJ>5SwbFlegA?rLcP
zxsi^zOYoy!_TUI&{P;S~-{FjaCaiDop4{Nm;xl&{04mL?mA@lr&h8l>KDhM0R$X?Z
zgcm7lMO_n!!*}s#7b73(Gvahf*+Bo+M)dpxk2z6%o`wi^RNlq+^wa&l@j@(70j}lH
zEu&EmgCQ;FK<a`_jaDl>W?(qGqOPunT=TZ7V{gnl-hb(eaC$OX8hmrzvR)d#5bd`<
zak)MbwRE9rF=lEAj7U4CCriczKiqNtLG?ZDfbcq2d+TSA<{NGKARSeef5R^r1w*fc
zS~h<Kmwo?R_U@GbW_ATsgHZwjW5^hEo`o1|J~tVow;!h`hK&RhS-`IN6S<CFx}t^;
z>@YuE-huUq!yt?=0GN)X%`Ez^tHaL*lFc47qN<srvx94X?j>?aK)&AY^Mgui9Zcrr
z9U8WSfFe@qf+gOS)OY4GjplZ4AVfAITk)=eudkPIXb0p;?n;{Z7gn44p}bzu&$$<~
zo|U#Wi$%72J42T9JMu3Dj%J5fzi?t-aM62)Wu6GV<S(I?`Rw|ge}nF1fC?P+z&$R&
z3=m07=PRmi5$a~BoTW@BB&q4;cK`%=KOHmuIbUQlW>(PH!89u~CGHEao?o_6K*Q$|
z9f{lS^FCfHwr+)^;$|7Bu{~5;2WqqfEw`5;Dg#~8u~C#;PI@A~BI)r~0x?76+JWpk
zk6QJ}`ADDF?s~ZHK0G%w{%VGK<^SsRtYLM+=u1bCxJ?-qbD5d4yq%WrUJX3(Q9w$(
z*)Je$|A~Fwx{{ss(B{h9;qT$Lvh>L1iyu=GmF<^hyKOU~%OzxyEcm!J4I`iEc!2rg
zmzCUy;~S4G<Igs_*Huo4;-5AS#l?|pnJhDT()ftzq!t;E{2mNw-^<ZA9Hg7X0Ym-c
z{lorJtnZ55Cnmi!COp!0f5Btx@^E*du%DvViqd%9<EDt`N;(Q`6Ip+qZ#u!C)kH>q
zxA9Y3X5<h1r;2~>mpv@F<jp=i#7`id)E=u!iJ##g_Oz9Yz|YK23$^UHmscRsONyb0
z%heiW$d{O3nFgX~3%x?yhxFCMC)oZz9-X8ow}r@lDdA)?`eRvM9&LS3AX0J*d)C*&
zt$01(%WR8YD1000B+CnetgH-?J{1J+ZUB^HF){~b@kB0)E`N!^MOETTAFdAvBZkbF
zWZP=QP_7U<dwx9znjaHm0wNayo(4otbJ$Yd+5*^e{hOahu*j~;)!w`4-v*-Gq}hD2
z!Ip4Bw1>y}tI+e{@mHk`NJ?+bqY<s~hOgtkGzi!qk)gaI!XXo+whpJ-_36bHw|0p+
z6A4%RsrCFc7B|s5W&7?n6Gl8LcZ`mUyxXP9eHj;tkehgszQ`#4YqU_Jb6(uWV0va0
zGQ+)3(;G26iAvJGbr+awtse<px9nYZtk%cH_H@^&Ofbg}FC67Bgt799*~@D;z<%_a
zRfql@$2AltoBnwF>wIiC8r)Q}y>mM5--Dl2ka`=Zr^EL|tcq7iJK>D^Y5BB^t)vu2
zzeTjZq9<89sdN&Evbq)iV>dKEnW!8{gB~77Hm+p%u;ZU@?}4{^A>z)T9Rn8lD}=#K
ze#c%sg5f^x0%Vr^4|6_GPlboJ4viRQzsrMr_!Ms!b`%S`xKJf-z=2s2xz+p<I*ir3
z?^(s!?lE(662d(u;098*3eveKSFOpKpEC?zvxAtRaG61#&XsP@o}PvV#)$`uInAHA
zcSmpU(S7|yv)GnA2({X|2Ha}Zn+EDnV$O?BbYIc`<Fk{=K-#=F=i_~{wuaFQbYXC4
z=sF2SL-J%)aPV!D8jjMI2&?W$^8L^a6ds?P%{@j;pnh$vm|oekL1}#zF2ybR%ts)P
z;1kolu)O$I*#%j6hQnc7_!re3eL)w?j$!$*`afhuxaANaC7?m9F)Cn7gE?bFC{pGX
z@3WK0%Am*CDuyL$X`$ETISmuvNw}X3JQ*OZ5vC+~<*tEYLwDH%rKtKOWrjQ1yy}L2
z)eMbEiRDSjte{E+B`9-3k>ph5+?jes&f@WKN$VGz?^IFLt@q|-eWrzZR)fv+-?V>F
zMKc@PE+ynU&}oXNG0Xz@)IBt}vMMxk^WIINGqT8=EKS$i>u*&-*xi@(kwW|>(mMrO
zh_jns$O9b>=tKTbw;}7}$A=3DaK3`_#r!4ad@nir7qu6R$6Lr`ONvw7?ZkLVI{4Mk
z)8-+MRG3IXkseIsih$oH6k)nCL}`<~9gkN<$lZ$C2?I?-X|3CPuadsA+w(eUlOaN*
z6%?`er8OBWG?E_B$lWf*H{JaGNBQ5Vb*0n&>j?be)z#G{;gasQiMG}iGUD&n7v;ex
zJKD8<N$V=t&u_=o2voRoa0`;qgwQ4^&;0VEzkKw8aQMnU=IP#6)<MhMnuEh74u^vY
ziKIGBN>@z@X0q^ob$DcQjSCz^-D1x$oeHiWq4-K0`~K!;UFinXU;1(ZiTissX&kY=
zPScFsh^;F#dCCKGtxtgUe<rPne0RV>62H58Ybzk8Krndaq(57AOPxHE>z~NO>$8a_
z?aA(<vE4G+(wNIveb-vF<k%yNSxunTK?R_&KhEx+*i&4(Abva&StIFEoWmQN4QY!B
z=A6tmFuT1?tNuVWw!iOR)Q^}QkC;e^6Eq670D)fMmH$Nl0Rm06w4^OEad`cU#y^5x
z9)0`LEw$lCfGtue3E%De_%f&G{VmGjH}kl0@KKWN39JYv08?M*pbK-KhrsLzXQwd<
z$srjW0RbX<Fj(EYn44Wm{Mh_?A-HIs09m~t{8(T1f>|dE!RjBi^#>{?pr@iEF4oPH
z-&dB$0+Qb4BPQTJ|2)3`xONPShRt-ulzGP0CBy2@#~d^I$$oSocWA^3+bQGU*^C*}
zNrNC;76l>|i|%wSj(4<j-%_O1g6#N*r$x=Z$I`rjj7$ru2A>oWpr?jnOrl~SadzNr
zI{Q+=*%F8KPn2JE(}R6VC=8Tb01X^_;l&pOmzLzU#l>r|j*G8!<*pfdC@jLOq}iJd
z7cJx&ZLGI5#DgtTSUuRP2FXmqDxWEoici6d?bLw|OQ`n?hy_-iX{^ZIPs$7S)}l;v
z=|5YZ4vOj9n!D*VdpGUq6}uSd(KV5KkJqtBHcnAF3*Y9;YNp}0HS}!t;kF0KzN2$I
zZJ#%+0NElArw40_G9)&=>X!nw!R||;5Sv$l9xhGY-6igMaLLf(m+pwrH-3_8^Ld_z
zX@I9=pFh9t{*9GJ2X0VvFRuqT2~S)spH55+5_-_{P5w%|dOYu9OYa8&QKLQ87c8g8
zTNWCr6>DcgAKs77z3qXk&c_5ep|Ge<#vqNrLp#JKL!Ez_@!Fuv*M@;86vo4;N$aYk
zGl#4x!XE>PIs1xUjp#d#RDQ@atI(?)fvQ``k4E20wXU=eJ=-OfeQMHXm5aishmN}5
z8<)qL`|ZCrP(Z3|0=@fWzX>mwYVXuoY=yPhE8^wqlQ`Rd;_4p37%`fwuNgllfl2fZ
zZ{AK%c2Zi?Jt(&p+y=vY;-mb@Y5G$Cv`*9_V*X)@!UwIQMK}0mblGI^yGAFQOp9|W
zJTjC}4Ov#U{>U8NSCDLF3(DA%EA&!+PCl@8+u^a6q1L>IQ+dQTkgqM=dQFc&@Ioe8
zL4e_r#Amdlt`ogV6a-?o)5dRc4dA|Fv)a=Qzd-K%3Sa(>^8W~+MBKb~yuweGsYF8X
zy*}%qkmEOAq;6FFR6T}bs>N6nZr*<!Cm#t+*4{doTU(Yx%N1pr$tohenv?8&5Bw{+
ze@yy0)2s##)P{s$p&92B-kk8z%ox1P^)&0zFW-Po*$T|uoBToUr3k-`Z@1pvlhCtT
z1kKHH@tsEHQC6s(IpQtu(uB<;Br(e^4s(%B-w&rfDm^Z@zDWT-s5jT!w#uD+dR$k{
zH#RO}rjM$&ZzMV)^U~SMYfLC)Dnjbn!D$_^`eo${v1j8XRCj5!Omy+?ODJOpN0|7J
z7Dv?`vN=)Rp&gfGKQ3QWH|xhjneTOMV9QUjQKnjB72)+jGjEZKIwsjt3uAxF<CRLJ
zkFL15cqqI&I^x7_>&W&v;^>JTXHPbyp&AQj^X+)n&>p7n<crm9{e-<YX8P-;9pMqZ
zE+WQ`#mdI^g7+=tZ7~VfG!MFwC2wkVZS0a6BGj5@TShKAR|Xo;u>UOAjX&mVNhwo7
z{a^wxpwN1|sTngvGoqHyI*YD=*VeDhSCsyWU0}AmL#;mQ`DV+2)+eCbL*i|)C{5pc
z3W<JFvN0Fq*-U?P`o?fuq`^462WSkplGwr7uwtLb2kQacjv1P}q;re`UGzAH_DU2V
z14x?soef^&Bj-XZzn4U=JnT1$mh&|*n6m`AjT!ix$om?8BgwE3WLmk^lh@z?WPnZZ
z6LueihQHryOK+>uEB0ET9r_q|H*3uIk!I-VI8fP7ag--dH*X=I(q@!DTb;}!^zQp8
zS}u$Fz?rthW?t6JYBg;(y{7$mHMo6TLZUQp%CHjBacQ_)%=Uq_Rf}@WF%40KZ-X7+
z7){W2dNvT|(}&uH5_ThIBOV#fjswks=I3G0GY06Hwf!BzGpo8l^8lU964g85c*2G3
z0uq0YJs|W;#$1%npEidED_p5PFqH&aC*D`%KHd=>b`4LOub~nVppHuwa4mv~RJLO$
z{C8CdJLpN&F<yRGX}&3ZElSa~u1LU@r=cwHf@iJB5B|skC*)isKwX$p1B1aTGHxy=
zn*1Xt%Yy#+=UYWxmQDc~2B)NfkFx({pFU43sHJzmsWpl%*(ll9h$XSOAhh_46XPlR
z&SN5vjk_3ucWJeN`duo+S@$R4#}n^5wxt>9HRZ`;NdyU4%;h<Jck=OiK4Bed`FCA<
zp`YS$8}I?6CeWgJUV|^_-oQG|JqwE&Ev>s_xtgXxEue0HaVNMmcpZiH=p&4M#rMZV
z`^UuGtU~1&=wh+k+;?g;HI@I=Mwl{0T&nSzjEq+3vg?rHFCxNUm4%<5DqkO5l|t4n
z|2p8KA;*8BMW}grQem)%g=yc7w|P5Su{9or<ps$Vsj#|*zQ0k=@5@#eUGM(b>FAG`
zydUd-;+m2wQm^cykS-*A|9kpm_%+d`&?JwC%4<>pA_*H%yDt}ED^uYo*D>$W3DTz#
zJ=l|G+(8|z29~K3O!f=o9m6Z+-=FVr-9~@0gL}u+#QuUs+Ac?Y8f)8#@)Oz1NgmdW
zl1>)u>0}aqFkz+E{ykNJ8Jf!$+KCVpuRm&*$xK98724V~_^mF;I?kWSv7w7qHR2+5
z%@S87l)c4Mw?s{JH>dZqi(Fbgy>ok>DVjxgy|+VXv1U{Q1B`@99bjTWJMV8#T_ZbF
ziTL`IYb-6Z5!{{csl}6eZx_2^U-4sgU2n7rT#($CWX$X+59ke3;_~51&=>fspCRm!
zSX4k&Z?W0-{@~OO(}aA8C|KbMmNbMeJ1pfcEr-~1K;3p`K#kH~6*K8~Sf@q;msZ4=
zflD5HW<ZV^zXpZ*HY+cV1rDYVj#s8E^A5StfpoN;7gC=e`E1{Fxw?M&-wHJ9j-!~*
z$v=>VXs_)@2N8pPy3r}Jg=OwK6e+?}5`%FD=F-|LT4DVT@MkZ-`|B+FnbCMydCi#d
z1a}1+@mBAQR~yXX!Sda-6)il!Bv$yUF_tG*<_?oQC|QkQEGH`?l-02E-Y?POqo%V3
zM7A=fv&0zDnp(J6T-05Ixl~$ME6%h#&0qTSNWCs(1^ZS-G7a<iI~}J2;<Gtg8?n|X
zKm9i=haL%*17G(jTOMr=PRH;n#=X}<9-g}~w+$6PspO{aM{CbKnDE%zWnF6+$=`mN
z8hOuB#yS5-ZtbhFhFgNoH6;LakiqKrwq<AbN$Aa)hmG0SQJoz!cJPRp3<DY5hBM3<
zs?EybqpZ?cnvv#+ckMiAb}}O(C$<N5_eS+jf>sZ4V^@+iQn+9h<-RYi@#n)se;wPo
zLc!Cpoj!F|j&(zoY+D<Q)c}m(#g|kUx;pB6-unY_y@LD+iyr{NOGJs%X*a~=)#tJE
z^^kyscO;{;E3p4aO@#sG*Zzpq-H%+n>0OBSJy9-h#M)T6zo|RAFxN~FqotcsSJULQ
zTZot&o@nmwe+iCEf;<Rcwj0P#$}`&wf8f$QkmukoaL`<07w59tbgKS-&!a8B9JBSo
zCaC3h@7p)sIV=w>=U<A$?b^QIvD9dk<F&q>x}C2Fb%|_6jj}5^R4b*S!-n34hcAEb
zghUOI)9P}?e^%vlt2b~LMoI12{#1xbqJE}jDiKsEzBC07L+O00m*fUJMyYg}(v$1i
zNmW=dX0SBFL027pOe-8Kc->0ROXNiS$1qj$Y-4h52ZjtQ$admHGQMG0j&y4kx`Q1_
z3R3{)>+#cR`duv2#`&1Vhe4U|A%0Q<WF7HJ0J4a2bU#0?dgEmAjBI6gGzABPH#>Cu
z)r%OuH>ygBjor4DqP#CXju`R8xPdlS=F)ipuSgOo=>V#v0G3>V>~1y<5Q2;ZDVg6Q
z>DNo1eH_sp)uQmlQCm}~o(2}udQuE)Z=xP#{WiE`>6ph&u6Zc;A_JIiC*}P5JEY}9
zcsM_Pe#M!cWG|G6!blRKmhjzTX8;)igq@W6+OxLMwn_kXF37B~jsd@>q}4jU`ke{9
zqwcJ^2O8_M6s7OQClWS@nKE)n=?_iFJuTk<+SI#1edx@75zr+3zU(z5oXSkVjE>+~
z2lG=VrwW06wVLd;R&D|JqAgSuw(>Y1Lhoh$es198Ki~GQrM<7#=uz2lN_X7p)_fxF
zOLyUF#Be4XFUZy^W^5o`v1Ia{KU{P&!tV!|Q<CBxt7SHfc=6!@Y%?n;QtjC71JIl~
z5y<NS`1oDZ^BxNsglFZL1L-Ub2FE66lx&XnzrrHc^ZOxPed2g!-&^B}D;Dn*j^+7f
zli9aZUJMmv;yPs-X1}kzPT%$`R2&5lWgdsIr;_u@S(^+>v&Dg0ooB_q6@wQl*v7pE
zM86ER3x3=+(y(CH-XdnrVlotdpRn9|`H93`-L7-VJ~><T3+SC;BEtU`W2O3&tsM#K
zBOZW-;d|yk<07QK?6EUj_gYOsZIm7CXdh=m8y9BF+K<0A_7~=*(&mImtP6BeRpw<L
z)oHyqhEm0T832k2qrls73JNfhy7*`a9?Cxd&Tw}EeOXIcSI3nCP`qr(>41)|A2leh
zAEXSDZY$83D%@uD`KRby%6}L0N&$-lU&Mf$4z4JOf-?_*W`7-Z+hwWd4*UP1(KKab
zcqlxOeVg`{RqfGD<mv8Czf82s%5Dj^git0Tl2QOmg~5NbQ)~sOZjqN+y7JtvcP>w@
zfYn``@5<(NUi2$mltr#b&1WbrEpSFeJQC3n;(?Vb#*bVd+*P5YoK4S&#vV`JFDo-N
zWyoPrGbNv*2Lgds6TSUPYdcX$yhAt!>>q`JOoSI-^uIoLGceV9@IcFW__v#s?&^nM
zYQ|-<2h={3Wy%7sb#X!h74^xm)Z#7wb*aenndXZH#A%6q&w4aL<&{-5^roVsq8^r-
zTZO_JC2%P^sZL7cq7__I>+0ev;;3LmfAknne8XR@M=4woFjmka+(I<?+uoHH!>6ZO
zjw8o?nhB-D*Y_1K88x*mO!>_DftqkrD~GkK;HK-VbDLlYbOm3G#|N9L@+AWo)}l`S
z1_cECn8_f~0?_`Aj<_a5H4DY-r4gI>GQ;4aINA9d6%Hw&=7^@DaAa{OdD*?iqKx0Z
zS34n`<fi7&=(Bie*&#b;k>@Q<7uV-I{^1L<%^A^4;Y+_^!WBXlo?%so9V*t@VYy*t
zUCv9r`>q@dlnwD!b-Lmd<t*ld-}zZJc?<<b+ANo;d<}a*Q!h3uWu5QIzZQDvcjQ>}
zd)eZ#T)R6KgTI5p`#(%g@vE=U3gEKbi)%{YZsAzOedN2V?Fq=b!=0`BK~#+C!vi(i
zH_rJFn2^Alk*{Hy_R000HI`{Vm>bz8#!_U#D}lw${9t__-EOy~msLfG#S#?!pfymh
zsK8H7wTjhH?zmf57%5{bYx{kT!O+%*%o1C3PpRlA_^#o%#3@v@kyn#As@m2ev?1Tl
zl}$sphHu%BEbK&~eYB|~x5}r(oykX2-}S{rMZ$itmpkeRHQuCw)c37esgOHjSX{L9
zFlV;*Q#m@AioMPq=D@?(=A*I{79sa_$K=3wMu4p3v?S%$4Ih8)jE&huMUY=B39mtL
zey5=fzvV5l%lY0v16|;SU#uW8K+-)E3-hVS8RVUY=se%N#;=U#d_VPiDv@D^RD2n{
z6MT;w*DA+M_gg?_{f;1|F&pXNqqAn_oZ1F$ew|44Y7Na%*P)0)w~MdJZ^o71bC2;2
zKO}~)WExjwA1Zs`Wxn;MIwAueMXqJYy^-L12={ZnYW{V{e^vJ9#~H0Mvw&+ALC_lJ
zlvPNMY3FE1IkaymIIi{4=;CMF+<c#yuNl9tRjVtyqF)JBI5wHuTp@8UA5G#rb7Zp~
zXG1YDVBN>EgM8UBk!+>=(Pn=yESxyLRkn9@NGh&5teFjbd_tJ57k;032R%Y<`YfMQ
zH(Z>N5B48gb?m);9BzXxhAh7x2{a^vzW*gx&-M#1{bL<H4`1l(E^J|--<r;%Wf;Bp
z(ud7Zx+Fn8dG9*MY6;)6D<~42KIzRQF?VoZ=je^-*vrHpHTA*q$Y*h9-_T=gg^veX
zL(NdPTJ6!;#fon(p%oP9Tw}HzVIn1vk7nJ9`q@5qmj6ecQf;+uym27Tz6CDpL5{Ew
zLkcl)B$uP8S%rkz7RSSjhB0sP5$B=jyHU#@Bno=>OX)gEl!RvIIB%~<DwZtngZx<M
ztn7tPMJ-$J9gZzOD|!84)Zug&0q%#a+fPQGf1QB9_q}YLMTFka)tYH*8R@PDSH8#f
z#&GOrKy`=9vG(jFYt4CR^U9n`h%H!TF*JlOP+o{`A@q@*ozH0gIvV7Ton#ABq#5Yp
zIM{dQOq5vzc;EXO;H(M2@x2jt<2A3ah1Gh$IL&*RtE8TZp0_EqJP7#7?9m}9k|(7&
z$8QD_32DVUFrlP8F~8Np<}*B+-*m-6KNl!Hr0#7JgWfeth+%e5C^@1yT*Bz%M?uf}
zAmhq?VT4JAGg{Rv#AVOW@qO6I#g?%nsOJu-h!eZEWuz;Dx}6|xmPOXrA(rGuf_m>A
z!p=@&?XZ3;R&i1};`AYSvzgzarnXju3R#8mi6&kP@h2onrPaCyRZko+I%X;FyZZUD
zU67Vf>{apfH6n&`06F93-nU{-J~GvPWw-gaG^uSxljeg``48q8%g`}9Pp|)8=?WJY
z4jteK1ek7kA2(mlxs0sJ*Kf~S`#sj3Tx~^kfij%Lx30f21Oiw&X74pb!9c{=*jTdS
z7V_csH@ytaDjD}@b>i5PCZrvGfYr7UK4WQ{JfW`{(zQ9Y(~&H+a?^lhugvziv9txN
zdBV=5Z=Y<z=5msj8iwu1`ons~y!^V+Iw2TJVHv9N(mqU@p3c*cSEe@wOkn=LG)znN
zS@#x6h%}XtP9S-r%6n3660DWpX-XC&)_tiVSX%ybz#4yMJ2zRP{0Ikybc)Y-k)fJn
zuWyHRL%Un<;Nn*sM4lFZtYNNq#57|&n)=roGO+H%#Mb{Ih3pvz)kFe2tq}4nc6TBD
z)W4T=w=4P&+ohHTP)+Joa9Wx>x}jf!a7M)9&q>)!xBy%Y_;JjQ(iQtM+hhqgVmBsu
zS9<sgs0lQc*5}=f!;#}hl+2$PM_!p~8!-ehYzu-p_#bePs|ILCUtg`i_#6FqUHQ6S
zMdj~le_S!Fo>s3~RV0=N_zK&clTAX(`z8QlX2NB{z;lhi^|m;+hDw0(Vt20h#_^A4
zMo>utZ-OCW8HBugytzeocD6p~gn@KKUi@iu)i=`}Xx=!eQ#hzX_Xm+a`1BDA1K>7c
z83)vWtNmY6TLRVZ5FYV~Infu#dlOgw6Hq~6zDykwvZxC%=H{aJ;1WV;#OGc10`BK>
zaor5TDnyb~>jBlYF?we@ti{?9#w4e*y8}9{Y`=dcr>4TZ>)3T^V^#Z~=i_d!uFtRk
zK5iMCXu5zLpP_&B%-{UEO>!K|Lu-x$kY`bm9@N#r(0Df566>#2Lov=_eWm#F!#L*x
z9)@J<6ghzKQ=+q=0_pFMK-Nv11+N`0CSL;}06;Rw+(g7$I03?ef$m&{uN|CR%Q0|I
z+~WI5RCEGKt@sR|UY~FNT;aIc|3?XKP6@$47UJ$#kzQAL74f8sh*Yssy#GyrPt{Q+
zk%bjsRh)NdY4Okm(69$5q}*z8j2t8EmxV;;Ru(2iAO8^~B_+MzWfGJTz|}3R|I2av
zLb2#520d|v>}y)^fh`PX(#p@ysaa@Q#hmX4+Y)}9<0nvi>q@ft7@sMXyYH53U^=jD
zx8skKIv*q#(>F|_p|qSObLY}~ej%P8=hHnk&J5CP=ID(X^W9$zW4bndG?f;_3$162
zZ3kH2+vG^WSy|c;ReDH1PX>Mz@EM}W&+AUHS#w)sSdLYw-(rGi;>L*}>Seg?JKG}9
zdj58AI`uVU(?AQ*TEY|~$SoLb*o?AI1<BxmpoRJ#|GQ$W%>z8(URO=t75-w|u3}ZO
zsyR#T+#C<Py5+nn*%mfk!xsX-dh_JYgk^mq=6s$ZJ%$bj+ceEwzu3|nwtvtZI!NQz
zeapF|DmMHyb9j1MoY5HgB2Ftvhi}MFX<URAI=hUd@-cw0disc4hKx`A5M*58=$;nV
z&-R+fNsJbIeKBmB;}2Y0viW2?4|TJwCCiYbJ}fp<6U~5lScVKWt$m^RST#Qco(gG1
zO>9!j2#X<B>_BN=O$&j+mvua;kA9JmSoIZrNRAUoBu^1$f~D%l@!!s>VBccMq$$bR
z3&<Cq&E}X^w@;;$Q0zL;i>pNKs%Mz}RE*6?GOJaumB{YauX?7&ZAhz^L#?6thTh67
z)j<y`lmwQ`rM5S7xMixl#sFRA7c?htl=>n@t42=CWg;!wt=QFU_CwI#;)5_vS7mc^
zkfxFD;AUkPYBM9QZlAA?Loc>6wW13bgj3LwD`%zDNzu)!iQ`Mv@rV#QFyrANugKW=
zL6)7to6T1zcfcE4kwT}gPQKYyb&yel3kfcvGNO^^3*t>H|9LwjqoT5|ezyCT$gSX7
zDhhg3zOeAfL-sCRp5(pCRQZ6A5GW({&nj&F*8p^UhRAyd-PkJi0#|3ItYlV^gxlor
zt2~9hDYzcIrfSAz@KkKpT7YL6bXRrX)D@)i=TRr7y6EuO?}IsnRTXsYZ&BznY%6S4
zD|XKwSaj`LK(rsq8zt|Ds2e%Zr9#ZWjH7R+B~m}sh<I7^xp8H)lBzS>S5|d%h}fHn
zfQ5s(baaLXH9x7{A-N-dH&ct2A%QlFdh`xA4^+>>j9=mXfjRW6fJdePKlcZ2Hz8&!
z^*9{?^*C!?u0+*1Kw0$V_4w7<zt4Frgy*)JZ7Psj9*x1loF)2f@7p62AEy5jOmuQg
zmKE?!3Y;A+5S^YM^xM5x5!P5zDl!tYPZ7!{d{>Sl^pQc`1xsNOqmX=E@yaOBKM0j5
zms;FRsE{o#6kfOGv<pA#3shPNqn~?9l?wl|ru$jc@%NJlP~6-n^D5C^yBIF9`wC{?
zMzI}*cQz{poc!2Qx9@`3pdZ*6tX-P72fXyR7scPk4n6510X6X3GXz>U;O@&lq!WD-
zx;)pNkRC3bt`oag#06Psld7ni4*x~>15_6MdjX8II1Ac1Iwgvf!QR@!-|Np=F;Vw@
zp=j#PA4hi;e9C5&RgAd(N2`aH#&*dTaf!~ck>zPzMV%U$l{&ULQ!~-EF*Dh*Qgmb0
zoN>vDCi@qKUMi1$(@yG}7ZLFLx3BgU7}JM5X5*F{`Z9j9@6=ntyL4W>PtJ`n8wnQ;
ziv6Hr+u0JmjeqmIO5$|A^0xY0-Q?@G&fFNQmIZMY<wU8Isz%p!HfajZIjbickhpby
z_5|rjKDVop453^?d798~6X*)(Stm+CNCs+oa}N_bVFokjmUWXW<v0X~mt<h3l)mS3
zSIytIW_SHj`D}J9JM`=}>px<jV_SPve4lJ`C}p8%qJ<w@kG2&yo85ZNmV^dTtRkB{
zJEcsU;rk2T7cGM2=rfh{{=QFLX$^C|xmS4Frw&(}Bq{<PQ{U$2agO|oEqzjv&_62L
zJW`3@HHy&3Ob0t%gO;*6ifSW+-=dF9jZ;?+<+L^%<~ocSbz|lhwMm*@f$v13*4iRX
z>QE<a>}TF4DXj7pOTb=uZuV|qld7dt!<*gi<8PgTEn(@Og(HM@IGn<+^(P<_Z_PNq
zQ1co&$F+Cv$v(C`>bwYHdlfe>8v>d8ous|uzFDjrP5FD!TQTF-9!Y=nuRID0qrIYE
z&rrcz!<yo=xn66E!aoxC&-LE&-mB`%W!e}ncv)GxGGbCwE%&&08Zn+D%5sR9zOUie
z`?ma4VppTRcaiK(yhgQBFXzGNk8C8DjB`URy5&Ian-Ax={ctuf>#3Qn&w{YdAP!`D
z2+AruHRA*am1+yk;9&{zcZ}d9x3bXro#ySDFP|pU?%;Pe@n!s=5J_1J;TzdIxtg=w
zw1iuOhTb_@n!KLnSdSbI8<hGdnx@_KB~x8QcAuMz%UQ3Me$B**yeQ*A&kjquV5?>E
zQ6q+PVbZpIde6svw9wdy$4M@Js}tww-aVn95X@ulCPc4k4@V$w(VHM-x2eAq_2h-`
z#>HY^)|^u>;+;J*jarSPH@}rHgtdY16&EQdF4iQ{acp;>T6Eq-|Kga7L=O3pEE$7j
zzrwkxB<XxF)rQkxp9;;6cVkPH2<ahBuIM+1Q@9Y}EIOr*E1s$+mnWRrI#o8aU)npG
z$Ul&5?DSDTNB_e6zqbqVgT7NSB~xI4FSeo!dh3_N96)NOjO~98sk?WLs9dCT;a=b3
znlFotmEG9ckj6-_GiHYUt{0o=X89hqR@`guc{ZK<cJ^k?OHHO!m-S{9Fu3E+i0>Z>
zcu4bwy>0cEJ}XLAH%1?7<2W-D!re51phr$xQDp`?_R6nK^qdkZ#A6mAYXUUMGK9)u
zHfXn1z*I$3xcimDZ+*6Mo2O#fP%_KQ$nZ7S5+jd~z2I(533hn~{gJ5PO6f`XAueXs
zUkYma*;l+N!jionA$pHm!2?yYCl}n!+mpZ$R?Yfjdh@NOXEk(N^CuRsw-9-Dq>7DX
zyfp1~uq$r+Ztt(!X-L-Hb$TYAC_PG1u`FS;q;0kxn^o&|OH}zW$bm}juJE_=%<@mS
zrex1!c+4V8_8lj2vwQIfw~oZbp4C^qB0GA~yv_EX=;JdE@Jrc4Y%?Fbk1tfR_0FT>
zzDrb{W7c`aNL|h4vK-RCeD+=_F1IJ=>=XI(y}KcZ^Kp%1Ps5QF4|?2t6Jjapyr(e)
z6Sw%0{}Dsjwo~i#RbaDvKgDM!j!bekWJSDoPz9%@Sgv5!{Y?&xQhZlQXAU}iOPkhC
zS7MJ12oKdyF8@@89&EtF5Ee~3rfu13wwz=86UjZeH?z`6YPR^k?yLGw%HnRp7eGHx
zyAF{=KPEh*vPxDPoktn%u@3YUN(CzO#mc_WGUhE)?15E34LAr~H7gk5?#?iGKi-tI
zoqxv>F6VS-*~h<cQ94TZN%P%ZyCr1fw+!1e+lZ`L#igt-9~Vvik%d>qVZZad{(RI%
zrCCOn+6;9(<nUPY800j!KWK77QeHqY@@w=5^tL0noZKCAzNDzxCqWWL15fG3-+EMq
z?wx#kiGK3R+3_ocZj#D4^J59{y=Y^)dSv={c8SxRH?)$u8))7SntR@*py|{<V8@ZK
z9W;G)1QKx!^%>{xi^8bc!&KpXimo09+0PQ)!nD5RUwUjn(Gfs*+n=vzb{kv?6ODpU
zW7eG&e6*CuNf>R7<~Pmx+9=%Vctf|mB}I)pwG951Jsb*PD`!<;8yXL_G<%r=>-M{o
z!}uj0X5ft%XP*ef=-z2R4k=ZZ0YC3ni~^q3J7~-u{ZUROYJR!SIBqGdt9?VdbJ~lq
zEY=xyxUo<i>laaX1E-aUnM#1x>o4ZKsHQBD!jm@DkKXeh9ZBwK>f#@loM+{B`S%3I
z%vl@+q&K5VrI{VJ3{p;m66S<IyL_>K{A|;6MRxS4Pg@ZqY2J~(_>6uk3Lc&EV{bkc
zIQPEODcqn@(MG+MTfx<&Ypoxof|dL#5TAa*Y#9IpPDNwCiWw#cWv<^V#~K@UfV0?|
zH2kYc5F{&~uzF;xLwvs5w;Mq+qK$=ysSlUTg$sQGu4wvgd+WjU#0>1Ym*~cQQ1SZf
zq4NpC)Xfjm+wasCO@pDO7wXoEQDmNF6_@&U{Y=}VvZ#`s(e6_37ky(#84JwNntJ6W
zR5A1ovMSA&<1Dl88!sZFJ-IHtpJr?IR^ROTnuDiFx>ZF%ffJin0F!2A6d3v(ID@-!
zFCU1`#*}`Q=Ksb|OYvYO-9QYNB!aO54{0=hd2Jq^V`mexORd-?*5dpVE{er&JhfnX
zmgNvptUF)Q`7GZG+^~!>%G8e*4DBQL#KzNDym9%}O#Ob91>=77R?*e;L+`@4tnt11
z0EvrR(Eu8U^v1S$PS4?*xrej<ULna3Bs(3znKFmJ*Pi|yvAq@wb#Cez3ltx{XT>qN
zZIEujn3}gWHSNskdimM3+70TsU1+TNigZ)L5n5bv&_gkoL1Fb|$1l#r?F0N%+<NE-
z=RFpVJF8aAq4#BU?aVFMZE)A~(X*~!r={{juA(`Zwh^C;LZkkagYjYRzuQowjXf6D
z`&Qkloe&bc+hOeTc-Rl>ijjmI{%)jg9cKJ!u*BHp6LQv$=N#;w%3@W^vXGk!PT%ML
zCQ74!v<gQ&IlV2+saRaNZM629nvs7=w!6hMKGu$@TS>QvG<hTd^x7<_p@7Io@v5u%
z;&;MSg?lTzTl_)qV2l!<+$mKr1`5*5J1$uXa5$HLfot3xE~w{Fi4T^$TZztU9BKr}
zpth_KbUy6^W9Wg}>R+)<Hl(X)5l4qOvJsY<$+2sW><dQ*#WAM)81XThi#zCt_HA4n
z_LW(udJn%G^%z6vj*8`2_sAO2ohFdR=_QCEkRO@}UrQ`=((Y9kpJD$Tj!@yU8vDzB
z_~%jD6)DT(jigK`%O}1l#KmnA_3Nvlx+KiihbW~&&n1#Ak>8*HP}py;HNM0wBe5%0
zE&kTVHlr1f<=?htI&xwfM3G1a3*>_%@Mn?2@QFzWF*@&WtaCDsS+6Iy3vET`f?VKm
z5tou^FsX+jo{m9T!{cb6gY{w6*|T};VtAZx7%iR4{t(|AvqL3brLTO$s|x8OSz3N4
zdSGSMUw?A+q#n^GCxr(*;#MQ$yidO;!|1Yh7~tihCA9a8%g=VeeyHPp_b)d8SolGb
zlU>r%z}}}jMxD3iv~cu#X#$T$at3ahy&5#I7kca*{^lCt^`S4Sd?Z)oQli9mc5$_~
zAe&it*catYt95oV{u0#Vfz4p;wk`50lW6_r7u@IaDC;6o`zw>WZte=*<pt-+;dLk4
z5W3goH}91JmR1;1G#0IEKme9Uqxerx>$H^h6{9JYpkM=uUU<;)k?7a7y_pcH=)HmM
zXzDT<J&nUiYeP}o=dh!G?;~WIi+1CYcI0P7G2v7Fj{Ga$1{M^V0094u;HR7`Ojf7v
z;M?s7Xht)1At_e3k)GO(KWb%I*e5JcK7T+Cbcp(d^nTHT)_^cHVH?k0chPC{=nF`E
zLxk|AH|t0GC1h<h`>6MAFF{!%-Z$J0^<&p=QD~f$Pzh$tDh0RPv&9xR5@d@u7rqnI
zy3P@EzFxP-61AMn{!{$F8y$dz>;GW{$pnC8rktT10H6>G&gM|ixn-0POAb{aS;YYW
zbi}<xBjF+z|9hJb@$hs=xQG>r-hZpeW9i7V0RV<_9Xb+jF2H~G6OBBUSp1ifZ~=&P
zkC}4f76})z`0qv@`#)O$HHU=je{K_p|DPNGv-f|c@&DED{IC4?|4wtbgLdWqbCq$C
z#{vKx3jdcwBjF?V{+E$({pY0q_mfDR@jv>BHHn@Mc`P7gkJu#M31Ed-V&ng}M#9CQ
zNkkR3{`pNx+Hwht6(KH-7XSNd_sSGWXE%AqVtLl#Sp2u_*Yv5X6Nv83mDhZ&eZi-u
z><=H?Lc%6{j~Ky3&kuMX*sYR`tz{YBFXl0<%ldLS<^&NWxp-omgJ<Ym(?)Kb&zC%f
zzIa}J_kt<q*B`M<aCARYr*v8H*GkE)KWotQ0L^IGWa`SFh_}(ZQT&N4FN-*zcaR}2
zoH$o@QEFUuYeEA%-5;N7$H#JBs?Y@72o?Sxe7$8<9823aI=}#fW^gCS;7)K0?gV!U
z?hHB%mc4Oz4H_)S;4TAf+#$FR0fM`ekiDPh%zn?e&W~@s>&)sO)!ld9)m>dxT|M_z
z*Ttd^A-V}t*q9Iup8ulTG@}14;i7rRlwO{x(B|p*2G@_HT{v1B`ymzcr%t7kg`8+p
zVL|5r=Cb|X7-Jt<m}pmk-fP(F!Yy38iF6ryn8x00vFZy;wt^Y<iY%?ZKtI(DxF)_>
zT2$O>#-;CXsWr|tc&0TpK95pu$c_GrzjZCpW9@y~3IlzM5eQ+Yu`BxMNAn)<Zv5e^
z@2&lS(vQJ!STa|S#}9dK52EovIj%7ks^G^+7YSc+<|pa*h%nGUN7@{t*$RA>V^{g}
zksg)H8zp>h?|onWoBD)0mrDz@%H3J`{X%|Jc^K~}TW(IMPmV_%Naah?%Y~gtV8_*_
z$7Q?>eyj*cF0CUrP-vxFYk04WulGm-!p7NFX7pBP`JK$zxWf1F>z{}tnGNP2^I=LD
zCRmJka%H!kLHcjjp8M*$+jRlqOFYHt@k$?5H}92mRc;Dp=>Bq&aOs!$Hfx)YN*H+l
z@zVPx3NdnYT1|W4QNVWG>Q04x*nH_}?CV-bY|cH;?7USX3*fplC1z)W<?{$LO6H|<
z7|Un2NjVI#yL_Sklvx>E4sa%YG8_;;B2#}2x!6O6hm&Bvj~nWBBEQR8-uW`{YyOMP
zq~B?sR*LC&B)JEN=iTP|Zj>g}RLH{^R=*&w2g8F2G}1Tp&u%bI!yHs>hn4mfONPWO
zZ;ImW@eZ)F9>b_3$}j(UynW!>;bL;GJJiuPd`~8=pO+*z6_WB2`euvhdT`+ChKu}R
z^yfTDd;{w@s_}m|#E$>aNlzofpZyqTcEnnI^#@Zx#+&%F-%$tHM2~S%5k@5bKW-9f
ztOwtQRhJyB*G+VU&QV;mhDyTfy>a86tfliRvHkH^yxB#GpKTB&mL+tljg6oXx%LNv
zHa)!&`|PlwR;8YY>K~(=H-1KS&+P9;y<9uClEVM<Cl@`OdfTIVha#l=3Gok1b$jBZ
zB>tzpG@a?JjX{u{%>CE*X)?Zdj1qV4avbKk4aRV@wM*l_@)k$p9S+Hd@MPa4<qr?Y
zvZ47lsP0c4#wg)AHCdJ%Gh@4@2^<cia-8XsS-Pq8><g?3Hz7pwj0+^MEN6c@f_q>}
zhe&m!*E0rAUC>JOr-9)w6^mdRYpduIS1@6zI&dAFDq5f$g1lCZ${>1+mb8m@Y%1q<
zY?=}MmVWuP;LPy`g&(bkcym*2@uzN@<ylB+JX3@&^NB9C%ty6WTJ3(az7&}3NBq_A
zyv4s><a7*C{RO;m88zmUm4u^V1(~R~UnKreNLP4%S$gu1Jew~bc;G0>q1jE>0B5e^
zJtJ+LgFFHQ*}3t3o-<2hB99t<N`hv`;B9s>)!!i-C6~LL(6Xny1^9VkC0^Ug-<+%n
zj^iM;;1$9PkIReolIE6dJfGsk#@F8o%QK6syI)Hh=Q+7Sec{fnEyUHm3(S-RGFdxq
z0}q^p&k^{{L@Q0xP2s5X3Ds{rjNURgOIN*qD%0az>*RFftHTnX$n5TAgO}I)2IfP8
zlYjBKfhgr(ByM^pRvVc}?sl#SS{HXcY3ZfDN>PTqG#HYa@!IXB{CsFvGw1Qw+`@Ed
z-t+t2AHuuz$LutfMb@$aLOpoAyTptxKl1kMIB!kV{W!kseBdKIr|XZeHdXM*PeTK*
zx&;|Rk!6P8Y<^O`EQ~jWWWOa{+XweF4KTDbZM9`VsiQ0ZG48sk^)H9IV#XC{es88H
zB*F~(80RY9dh?dp{|iPurpN8iL_UW7%iM?J3yQaC8$@tivHv#X0_YF^yQzo$@h3L`
ztsKDpUt@sre+x?S|9U}3E&g*J&i&uka!~D%9=0|5<TQHs8vRcA4+YxD2TT!$w)qE%
z&Vg3ewn9%8|B;tB{;w_iI67Slra-6ud_pIm(76$Sy1&uZ;UN6Ko-i;>{>?ZjZ+wO>
z7@g+~Z8RoN5r}sEh)(`DMxMe+{(roqC!zlqf_C=j&cA0K$SE?NMAOd$Dob6#V?Tk|
zDu6%#i^&8Y#Qcx!Y!!v+kKr0F1$hblih)7=&V@kK;P1A1_1@*io(}Vf&ag0<Y*36r
zO(qzERz0K8!@#Cc29(F3Au;5&@{I@{v$E{caxN||buZ1~2#B$Yl03OVW=FoBQ#_Fg
zi99Dc{;PgvrRo;_@zDZiI}tXGD;67(<CKve5qCJgD^55$$EQI(j6w9YAYHGNu>j57
zDq=6ZYRogg=d-LyVQgH%B_Exk$&Ib2**>i=z9yx@9X{||^0FIaugsM3O%Ofq_aIHP
zaRYr7E-v!&XE!Z)0OE&TN#HO@4gl{yb*XU;ZKeuh@&mqXi-w)Nqc?#|TaW)pnJ?Zk
z?@@;HAAUYKVV~fy7M+k3BiT8P6W}R_P=3+SG&byieyQF>9(9(qHMk^}g!kC|4Dh#P
zfPHAZu_10*dvZXn^M9TlYvbPBGb|?Fzr|?NbkSQ<+`IGx@IRNh^pwpSaBmh1FZbl|
zw{CWd#J2PHXXa3#iDN#=Kwct<0I8X41;1N!NB9feDia$vr<U6BnnX3L+Qt27Ydv(j
zaB%|x+>;ubyP|$XZCp7JW1hwz^)syQeFlgqRl3RN?>1NG&jJ45adAsS?)0ax><}5&
zG+b;{0f~`gdjv{0p*njbYQg%YSp9+1pEj56YE3&eddZoI-WnL_yEU|&q**Bhfw6YW
zjY!y7@RfI2&YTHnwhUsOlfGexNH8wY?@neXb`-l?tgRb_huxwd4(`A!S{DT$Uk_lC
zqL-0T`c)5@$Wn@pscF>k@3Z^AezH-!;pC;9BChdkaR3ZNkl<G%_N+y~R0U|#t_rN7
zTtia9$~27gStExOj8;aNM9=<95XzXEwKaoiPdb{>D+?sdV&Ry$wXb^0(d-GF2v-1>
zJl63)$W|4CMTIwG3dG!{v7=v=pY$OnAU2*UF8%ih<?2oCzprxIW9z*r92`tSk9^Ug
z;3SnKiz)k>PO+NRnyn<t7E5LKmd<xXHH#f)2vPf*Z3<e^%G?<zzC=$$*WA(0$}x+S
zBzIASsF8(;1&?b=O(7q`(~@>BcD0j}CuPcPOVn(|B1zrLw^58ph{uB0{Y0|GM2yEs
zzmB@50ixQXq7Ozd;>=;L_j2&<BB>Qka@|%jX>rV*?u=>iH1sOOZqXlaWYzajU8|sT
z&=*GVdXcNtu_K%}w#KxaEU9)&V{6Ba8gj?#Jyh7+JygsIR69k>BkK*kXlokiyliV0
zK{+Zd?!0d6eBG;+?Ir}CCfyxluAO`hlqsd1d`Vsu2w|@_4W1OParRbAO)r)WeNXnq
zj+&Z!)e0j^y^QjjHEvPY4hLh9hZc|7Mo0NpV!KHSZ9}!>7<QEc37SHwMzjUN_rY&F
z#f#3q)nux(yowG@_*pKhEvjH-=>_8AYAfpOJXnm};?bb97?Zo|Tt`Dnf4^`055fB`
z*!!!|Tk>xZ&mepzOinLjzr7nD<lzV)9dw^Y$l6V+Zzc3SHp6yNE57Da(kghdIDolq
zl1aY#Zw*MM22Ypz0aYe57$jGUVMfomS~3uuiOnDu!!as%yTxc-(zhcb+T^Q3RI>dj
z&M6kNI}E*7P@I5<{0esEQKNfE`Dkpge?v#<PGT3;(a@%MTzDbvUPHY0GrPsn@dcJ<
zTH=8`y7-Hu?VH)(-CsEJVoE>xZyh{uY8b=2%`o<uy`^m|p3|&<TWxm^n083t-JoUl
zwh)Ml%gzVzkg;m4t_E&ekmFU)QTZFYl3YmvMcKN33pC#+zRh=t7UcE3XF(hfc=%Z4
z3hM`Nwhq&roch%TUc?xm0rmzN0AL5+#G$za_3%kr!8jwA+1_)UXSbGghzwUWkun{7
zuo@$ipa9RPk!5(Kx}dE|;)Uh<A%1?6@Cecr9_!3IGxCno>40$|0Z<SUPTy7GMGBZ{
z35sZZiv93ZuE12DfC&gE=Q`UhdJCc9{AgYsToufFi}7^R3a^VrukC~-t^N>#>afEJ
z9woP}N3dagG2sE%7^Be>-UVMZYbUTb5RlMs0hBC92jhfK<gOVM=7c<mL9;7LU4ZD?
z!gyc$YIjp81TlsS{nK<)Ia1@@cz@-nbic#iPf~R%tYg`xh3i=naEx_CNW$gv^vi@R
zz^5rtQ2UM#h|d(rvLJIPDUQbt)u^nj=~mfUk%<yuTX(!L9of~$uwEUtu6tM_W)P11
z*xGVYWNqXUmYkePiao$k@_~S-Bv5B<e(bL|xg7cGAKyg2Re-io4>nkGYJ}uIx#ag<
zq8c?5AOy_%j)CN^Zae5!#37KD711`JG$7#K{;{ya2M^*%sZLv}4j|=B*O0z`uGglV
zR$CDl3lZ>l4_&X!RF`Npp#zt@Zh*G$%ie56?_v=Cp6eX(irxM`;NR6-LJYygfUI%@
z7&c3i_#aj+R*C2$HYxD;-A52cDL{>WsnV_uDAAQa`&2ys;sG8o>iajDhxY5fmr(lz
zu7^0i=wYpg#xfD8znv<mpov71Qu!|q*nA;+QFy-64rNPu75Bd4osyC4kHQQ0#n8%v
zA6hZJJrtSJ&1}xOwLbI|VU5Ts)VVwW0>Q(S$5d3*05C(MLGtNndErcXW+vrKbua{g
zhu%YTZfF27VLR|kOtp+0zog0NSEKY`-kOqAT?!RaJ@y1(5f(*^&8N8s$^JoF)&$n9
zHyZu0fRog`P&u?x00_V+13M6{gC1|OT-`1EsxOLD)L=l8W>$OWY}Lf^SFzoTY0Fha
z5spfF83f@r?$%?`S_zpY{u##WUI8b}01r!c&KsHgH<V?PlW!%v;oZGZB|Bbsabn_l
zO%c~Q(=1agpPEgIOlCt<AEG>s^n`*AVN#iR;uQTj&S9BY-_Zkt$!2D&r{(g1v-L!e
znSe9=AZDKS{MBl3Xe#lxR~K@k`|0%LEBQS^UtWSR_k1wpf9k&1<(E)66{!c)CFpJA
z7baGMpj?g11G__xQKndg3<^8)vF>_K#-tcy=2-fZMR6G`SXnAmvtH01Q#*bt0u`ms
zaH_vp{Era2${3@>AS$co$*M^|bE-K#I>AacPZ~))qm~catxBqPwdt9CnyKyTUQC{K
zC;aCIna1kbo!kbMIw_Kn9-n<O-pbwjHtu?edz2lgB7hx1ssdEaa1<sxm~al<Xs@xm
z^v745P{|Kp3OxUfx8*3@I!wa19_nA?E18w;`=d<_ENf|Yqw`JXCe9f}vJ<IY0*24Z
zr<JH-Eof&83X_Q1#^Lagg5v=)TOA5Dcz88sekxMdRz#yZ9~4B(6OW|Uf{QWNP|gG}
zWwQ=@^JriNiPtI$uL;gxlr0}U)rvE$&VR+tW&q`*f{L1HM6>9Sws`DG0md^lBSf$)
zPDz%?8W{FRYL_FyhST~wJ3lrLZXX$T!hEGkJ*)6WR~$EW3o<pt+&jvywrt^{q>{=>
zCw}W}U?-=l^9b?c?u;2OMR|~dfP%7QBefzav!7S%#H2g#XA`5InKhh9nUO#&M*Vcc
z>ELXQ9%eRG=p1svHGY$n^sCJ!uCj6~SIy)kMsRcK(6BdqMM8!!!o7IU*je4EJb<26
zy%~dw@v>V}omL|kL&Qjp!6s}%kory35Z2K4TLLg=w0b&|N@)H&T4__6Ry}jVNWqDO
zm?PI5N6dIarV{qQ!YNe#yscsWS;PEl1pY4t@co>^8w!Ot^QEyh%!tys^U}BzW8iy%
zroWD!Pa6N^KKko@H_`8b-+#ZCcl#qpDJh}xic0jn^B~f)ImQnIZxwz!*&dmF%3bJ~
z(>m6lT0Wt-w#El`KmEXFoNwSwWQ`j7Q118BZElGd4t%}QmkcrXpRP-<7<G0Ao$KGW
z1pU@H?3fR9K}M>2>PRqJzy5R8CbL?Rw3`R>3nCTL31<0Aj5$wS_%do<b7d<*Y&-AC
z*voj;fr<xNPZALHJj%@*xF%5N!TpNW-wsn5`8?Hh+0afF{rEUA*7`d>-|rO6yTF8&
zjX8^GEo>~f=sKSYYpQ(-dnn3vQd#VRXda^6Ah}e@bFO||j9o2S`tHg%)IrxK^XFrj
zMReyPH$`PZLUd!$?!*aKew=D{!Oq7IXP*j_8ee%EWxIV17DISEk2HA$A7Ye<VDq5_
z(=t7z3)Ml4hbtxg)%tC)_Rd>ItIc4qwkBo+!%qT~-m*IS??!Q?V$+#pK)9`6rHv@^
z>_9oas<mVW#b(c_y-Hupm|2tI4mhx+xx0do)P~yguz0;7j`xqf-`iJtgV<;t;LU};
z@g|@7GL(6B)O=iM3yp3(_a!B>Gm-Ty$%f;+Y0>j#K?7Y7pz&f_Gyc-w9Xt5x%)r;r
zb9wkk3vuz2I4J`3{5N(u8w0?Y@4cd@q1X#b7zgD(@y2z$@p90(Q{?!<{Axt7;OjeA
zR(u46<U<lUT?a){no}nK@9xldOzHHKGM4(kv5F_v#>-mMmqLR!`+{3F44V?5*3V)m
z??yM<oM&edc>-Qjekhb2_{Bwf)P#nn0<~Qqh(=VW7ZtM7w={3>9w&_1(R|x%{JYPe
z<VW;Cg>DXb0t?yb<vFdHUT=uKRZ#*@=@I!}O{EBCvQhU(%q;C*?`p4siWI*F_Z4`v
zov#TEx*>NbOFIhOr3S_@k&@d^_OFdsekbhD&W6dGo84L_Wqi)hyEo7?4`i>u-+|)n
z9<<rPP-*R?+09C9LxM)k$Z~)qr_uUzi@hK3yp3+QYzr_ea%t@7&`|CV<$K+2e#<Vu
z)tu1I-dbx@{x;~*OkP1nSEy$l9F>5~--6cEk5sMJC0cbsQB%&GJs<i<@7Fv{dz+@A
z_xA~tky2}q%9#=DqA0h(7Y;<YZJOfW)h!?0UP2zopH8IjW{=u`eJyK!p`#i85&5IH
z*r$U;P7|k}S1hG@+2S+Uj*%*OGWLN0HSAox{FVPQl4_Y~ZeV`9tKU4<F)Q6n=*Wg|
z!QDlzqLyNVtsS*QEmHDpr`mmd!}0D6K~q*=pH|n=ZkUPYqUk|T1(>^dY8JPD@y~Yh
zmf5%1ZjIemkJpx4Sh-n0Td1t;R6aevw|@2^MQgFj78-WUU!#;Si(6lKT*0Li_)uKy
zrE92*dD4e0n@8k)cXZJ7buP1WZaN9em-xPmcf6O|cgwlLq2Aj+IwUnOxY(E>t)|>v
z-ky5W!K<4l{PAa>EyurLDs-Rn%_%_^dSc2QGSoPbd0()P&CdEz%AuQVoC{q3lZ}^a
zWaAk-S3{}JTUUtM_~#P*jCZy(Bp>Qh6mU`));)iw?EB2x?oT*<Ow4dDBt|qCvV4Iy
zUaRt#ui9&cG+P@KiX-3{V(A@;1G}?Fy$?a<tqvQNnveS2&(6#gyV`Rdfj@#mkvV$r
zh<NHoG_lh<qoX@U_<xmGM#BT=P<3>sg(6$@hXH=MM-TCpd5T*6q9UtFi-EDlJayi|
zI-*wIHkJt{79^^sa8eumLetM8#@ZgevCs4x6fT8n_*U=49yg6X+E|wKkN11~`)y4Y
z7^ca1FFr_wc{=U(F-ZG7b^tr1ot`~+ek@(++yvTdH_XxG*9P`p?fA{c6<+&&?%%$Y
z3d-cknX40(xR0go5)VM^v_maAhIfr%+>KsNY)Em+iv!(vJ3Y__fgXF56%t;Fq8Xr9
znqaxx(;Vwr6bYy}_|A|v(?mc?(&X8`dYUk^bQuG}C)IDWl|yFKm_v?jtaG=n{h(**
zCDi7W%<Yk_6Sge@v}Ec+_tu@hKIs0$KOU+EMb3BrhN!b>+&389d}G8u@b$aj*-k@j
zTzsMrsc(-lg|YkPGiV}uaLto7ALmGa{!V{q@N8J%r`(Sz1PX10FugisFdwJF1J`AL
z?iH!xM@nl)6r@jj(F|l>P#ja*kNb*JTKyq?p~{zT>7Mc;t9Ftbaw6ReWd4A6H`kRu
zn`dwU)Hh>epyuVLn{kusKN=s$BsOYsze*axNO5|4D$Hd*GwllY_9}i4lj$I`TMuNw
zu&)D>2U!G}OXQbXN>^q~XFz&*48(pT;dCBGneM6yGLSY%CJnoWVr7=4x1~2EQwf6Z
z8(iEPkc=U8A7S-sgYh5(%!dj$MWE2YBX8TS1|FL{xO<&+{paVZubFHulm5aQ`Rk!I
zd-gSs^)zNxE0ZqVGZHDXStX`Z`iL3xu;RoqtIAKP+m<e8Wv${0i`AV(sEiSxbpw8r
zfi(QZ2JS<_uj(oP!NysfY!+Vf&872tSJ5$fD){0Ob<$m0xP)n1xL%8(hCOf<lVMb*
zw@0e-wVP=dKkXC>v1OvR?xDCXTpYnaziGcPe-5)GQ93DvPLX<ad<{_$sc`$I<)jdk
zPptjelKX|e<dojY>*J_rRw@cLXuUBlDfspC7n#`!$#vVund4i~F6mHeq+-zB)s1RZ
z*VSRuR+GT?C0r~}+$DPieiidQDmE51EpNx`QM(|7kZErU<w&qFQi3qZDsIee6#8jE
zxJ^2D^O3E+N$|qXYgt+Mxm_jBWTUwBPm5DrTbDFB`2%TN_quk|E39AS79vMQ3Dlab
zh97A94Ne!YS8wdPe4vE`X8an!Oa(}~288tA#Jk;+AyBSW=RuIu-tABqUZN}aOCUj&
zYzbxbU+g{?hdMch*I3F!UR5*$)l*)lW>trUy{XkL*Ju8I=YA(SJ;gKp^H000;?i1U
zeLI=|en~TVwUg=((D}0HXQ26jYLPY9M;~PS9vax*wWSuLC3G#rkbI7sPyI$Oe(e?D
zvyEtvfM;Imek4N6@x(uf<D=is_>=4sOvj+-v!7pH<=kZ#iu4*`9dLg=ne$|Bt_Xup
z{(Lf+wa`lGqEmmIzi`St7u!ZxPNMqIY3&?!-GRxvnFZrHpEx8_`{)5ZEXI~xpKMR$
zLhl+ywGT2m4>NeO9K9d~kuPr8q0i1gowKeo<KrSJ(@jL=<)yv=Qv*3F1Dyh|c#c{g
zGg>vgThu$`y5Md{bU^g$Xnr}t?fP0s7KP#v>h~(2iXS7@kUQ$=nIV353E0z`?ZRYh
z3lQWUs95*Ir0s%ZXE*HHiRE0qDkF8eEVD$QFxClA*#1rLQ0sGPn+T02gKVQ4n^&jC
z>%b1R*n`eSeeW-u3UbJ_u_{_OUSoZ`R=KWqRy-#OngZR%sWCcu^(^@Ad+E<7?jF<c
z9k3Mi%ip(E<CAz-(t4wh7;JXtbINeD7{!tczw+L7BZpK6eh{VDJ!*yX3KiRNtWhAc
zwA1DiqFg7ci4?$=mYo)sL<J_}K?`r{2}U+WAN|y~l|M%W*!2Z@dpDciw8q#S7p58|
zuuWNHbfLDpw=F8O3`8{c+43RjQ^J}QkU~gSW!C@Qso6C{b3S#yjyX<X8Bagf`_;I6
z7++fQR4+}3;f=1AMoD}gtum?a<j4N8MdCo(_Xmn*uIw)sxSug%8&3J$u!UdQUB!YX
zqI1G_&Di?-soeiJ$eX>S$FNN|j5uXAi&sXx+_)F{o}mX8<a&LgOqW#O*!}dKZHCl1
zy09#%;g0=z2|L+&T~bY*MgV)iEc+d-wic(e$F@94W8&X|M+4nfgtap@q%_1d*ry<8
zkSX-t@T1$0Cc63hpj)tdX&zdc`+qh4|IMethL85(SDC3nj&`7g_KU6^$4t-651HuV
z2s01S@X}heXCT@t5f6P8|EuZ$n=ey?z4N%efjW@QT^wRygdQp*(O0I~JG3n1<nYN|
zdowBU4Nv19Sd0~N(Kv9mA@<MIqtNv_>}dOZ?U(pB6S!(2vWEMfySBW7i&pPN+Enxk
zh_alPy8S04r(xh{`CMvL<A$lpg+aQYOgF4?O^+|Dt1;Ko(h@m$e}yW`ChFNtKOsy%
z^n1?hpQRW`GA-HvvFW{g`j*NrTOY%sE}fLU_UP0!_&upY>`DEU<k7LiBTc5G&=h(A
z_@9k-aJSQ^7&X_hb>HKBSo9!tF!^<0MogvTGtD+$OG2LgwBw9#6*BB7DuO_$bcUTo
zqE_Vg_)GN4!+0>sNOgbLx|5C9kXz+G2Cs(vuY5i<v45>!vSnw6ZKiIu{W~Ff&pImC
zwhw|P-|H0@+lPTs$x5|_7^DfRGk2d0>+Y5G-|gDZS}7%Lb2u&ZE_e4<@$VLg`1$OT
zm&4Oc66~L6Y5VT>b%1kMfbb^6x(NmEKwXAR2Cl_-g}gh&WE%Y<!Ssv!ZJ#)JTcUl*
zr3f~S*iVy$o?=0T#`UF$h~<cr<heVZ_;tohnqu~Vsp97K{H}IqI#?)0^DJMEF&2}E
zO6;<u9&EQHMke(aiul8d>p(<?2v5V~e7Mq7c1iF^AKij7y9?pzsf-Nwd9<O75VTjv
zl#y&M5@BRX4w8;Kq%8HtvR!!7g!zY3_+X?gE+0d?>^Xvw6`yYRMtY!lWt3S3Iy|bB
zCW<#l3Hufv4tNH5<@zv^k(J^sP&{6QU@vTuRsk3M8)z)<&!d`>DsW<*(xSPB?3noI
zZCz>zJ!j;`nXafiDU8?rYCtrIm3V9PBDvV_>SsiyM0$$IFcBvHDm_Nnftdf@dFj$^
zYi|MzmxQc+V4EMc_uPyq4z`9g4X}wrThZq<BJ@ClA8Tc-c_9o;!97dW&K?|rF_hR%
z%IPbU47Os#-eh%&LTrR)T-e<1%yKZ4M^wh(>$*j(m))2;*_^BD0k7}FF<`cY1#lyv
zh<EqMh;I8%{(9F6bkYjV$V^`t`3;MAZoOE)u};Lr1J$EdnA_I-oq@&yN%`H4X4&|R
zgFQxawE1J;d#^qNk8hmDhYObquD4c_Zulkc=3<vBj5EJGd(O9eS8#yxQWFY*AuMtM
zRVxFxI38(jQJ&5hfr_?LT9tjWjRbQ?dE2?oN|f{Wri~Ze4ze$-x6PJfrY?iG1(%=7
z+@dO`>3C>k<lW6w(JRL!w>~$8Lo(#Ai33Ehu_9yqcib%LVEXmv{-*G)*JGxYd9Dw=
z@W%+vCZuF)Pq`v7O`!k9>#j|6qo?f;Fs;cLw;QmV#O=wkB~bo*jY65LxI&q?r03I4
zL{GlL{RKRtaj0W=r<cUT2MW8WhK9#{Dd_!3%tR!fAHr3BO=x$2omS@+dr+fVXa#Wb
zKlA4``coyS`>D4N-qG2s;=(kCV%0NyGas)IDT<kb(a8zo#QruBWphzLId_iLreoea
zUm3k%%}W^cCh)h5uXxNi?~>{~nLM%P+lk-^X_~gQ=6St?&vwN<xu?U?d#avSPG+q!
zRcp%wTPo&BBK%6r!jum~H(xBIkgM2dQj6aiyeTQ+6!$N&Z62v3&VL7}3dWXGHPL6S
zS$BdNG~YH(aOZ{mrx9hBLAB9^-<2k&<j<JgaC}6(4r?6t<GX-}OPm-lhJDpFzZi-R
zH7imc%Bj^+h$Y677(S-EL%g<!^)xP129Bf|O(EnCQPy=8CTcbd7p<eOnrf==@>Vqm
z3eZT^JPwyBvd58#$Vh<?N5z!XS1*dlerHjPMcO07(8-N^NsW(f>n#yD#FR1;eY})R
zGgWlp4<e@?Cmoo<TFC|2Uwh0uL;WV9B*Dy&uCBN{tudQQme#XHdRjzMu#TMEwGWmk
z)YUwDWnF>b-V~3k>upQKAkU#InUxFn;5h{_s#ck3wkG+5b;I5>OKZp5&^J0uIyZvP
z&h$m=p3+1+%WTP1VN>2BD-3IZ`9&xTi=^1yKe#)B3U-l9tdaD*W=c^Y`EV9|dQh``
zcp@Q*0zN(U5DrknY#*Q$hY4=6O`^n!1}Q{RmyS?NFw6T4VW*<?vq2;gM1+FlIGlQA
zn6#kslw7;z*c5W5s?->AB`lXWn9{)p-4;};NPcs<+$igT%Wo{IODzL&vK^zF$K<YJ
zKCP1hqs`s14{fg6H36UV*cq^0O*>izFzuzm`R?u3>sjQu{p~~tDVOA?!7;{v_`USz
zzJ(d5)_;|`VYcwWTn;I{pHU-*d&mDG+G)t8x>&TkubLzL8aY>5O=<+DT@nPilAt(w
zN{<S=<GtPZdqTI1(2JMmM{|-cst0eax5smRPF54qfhvlQ@*znB`=03rev9*7tKMD=
z1^>DqUwEkI;_YR3MycgWfuZxc=s@(si30}_?;xiwOFJ=>S)f`vGD^H>zW!lbjJafM
zDMXs-a@qCkeW|3;<fC;-qv><m43DAM-i(UF(zIF@e(s!%G|n-#5c<#i)bkeevV`q4
zPyl@ewE6VN?>tL7&M6m4Z_fT)*k@9-)u%aRU1sX0dhP7@V?o=|pRS|E#(E1_rL$N|
zI<hS6C2eTm(x`gB8+!rO<8l7ZcizK4M#X1z06P)+78hvG-%7)J9O7JeXMH3#e!E|~
z8y{-<fLn{x7eYNz+Gn;FBaYd{T(|1rka%5GP?d;6wEr%4)8?6De;q#t`MY@YSZ`}O
zThD1^a84C_AUwCmgx4+d`!{^tLOy=1j@hfHR^1%@O80erQjm`<$Nr7c5>*vhf1ylu
z$t;Sgvi7T|G%B`&`|efou=Al|RPR}(=+WR@Bm}0NIsP|^^m^$*@be4zr*irOpQ|}d
ztHs2@ms*|^==3MJ;(W+M^i_#~SjnYzyTp&ImPC^)A+wMN-wjGayx{N`6ImS@yD{lW
zm}maXgx_wOC4%nuLr1<kYN8X_J$ZfrCW%UOqbcIP4I94hTfj6=N?0D6g?xM)8||mE
zDUuhQS~0fTgPh5}`sB&2)up%F&#>g6wo8rkK}3gC9U{l?^?H+*E@q|!^fc(tA9U3I
zD{qHmB((~4vO4_8G)4#%!a2GviGTgPUrL}^%UE}te8One#~)WC#h`=&Ko$r*f_(ND
z=XVPJrduBA&+}Pr4t9JNP##ftv}B>A_3#1?ul^zLCZZZSU-}3q?RW|FrI+C39>)<g
zj~ID_MJP=up%fQO%ee^JURG14T=TgD3My7uTU6_c^)Y?7l0S$RvW?gu9=0__^b;rT
z+Vj&~P9)P7C)Z>v_JJk;*mn>$V_sk^<%4^H7Xl(^v8=Ay95Hd*p{Qh4`npnr;521K
zWx1Zy?ydtC(NMXVKWGu7EL#NI!TJdhw64rT#pZ?p0eP!CW8~_FyL=*Xd3tZZk#bYA
z5{Fu7&Mv2F2xfq0CRUZx^uXMe;zU{|g=3&?aou#drP^2XteyBh;^qxNuz_(@I2DLD
z(flvb@@+dnzXe(8MS8Z8%(Mh;A-NJ)kX0!zA(pWqU1OyL?|z&(qr#rIaY~u<Z`o-d
z$_rDNJkNHI$=?DTt>9wZaN}4y;#$x4!Qeq7b%JQVJpj>*<&-3iTGDZ_aD;#pj=RS!
z2K6DKeR$ax)83?B#2+#fA@87tWcp7`);L6%U}<tSiI8Z-eeFr-SFdRLNWi&YY$GnT
z)%C_&*{>WL7xowa2srvBW)$ab0I@B&ru#*wePf6)<7*yG04X=oMWd(Ljd$s~O}3^Q
z5X`OvBrM1o{un!A4bf1T(gk|^tZ_lwkMvHfK~}D}vq7GV!no|C!aRXiG}k{uB*#-I
zphGn(lnJahO8lKQ&gIaA_7kmvV9}FMi@CgwhrW==$Rr7w%dOdEqIQX|lKor3V^V(x
zl$9FRgGY4a6NvQ<E#epyYA$;3c=v;D(8Dr<5d}Mx2{Ob7B_yvq?cnqY3s?bCk$Ktg
zHoamaUP^q3x51+F9?!NfWWCr0nPh^(BBpbJ$U0o=b<q4djisr1Gww(DCX?3;UUX;=
zfuztV2y0Ki<YFUSfq;rrozL7AUBi#%YE>>wlb7Z?XZv0)w^WT$sgLck{I~{6#+Dt?
zP(l<7%CaZ*aI^lN5^tuJ)zo#&t%x-%&RIv{3Ne9c!I;v(5EY=a5se&Y7WZJpFSArY
zeN)>1oUxY@he>jg<0t4rQ-KWa1Pp}-b>#Gq4ATb*-|(FwTddL-3#=4=JYx*_uMJC4
zoJ!9rmF@@I-p#f)RW;v8^*5}!;!1DR9Bt+^9$BRxK_~Yrnnw!bp%+jYEYfHlzqLcc
z1^b$HjNluvz;Hsk3odrzTfFw+wLCXGIC(gA4FhideZ!(1omS>sjCI(`(8*HGX;Smb
zW$d$Kb8BQ>FI}6kjaAJs6^i{VfWb?oRa-3GNFLGH9O_wc&0;nT8PDzmZ(DHcopF2B
zW2{`v_Rei7oOi2+W5>8}8ErX|rbpK3y^&~*{t>;uJCxU}P`K9lYc-LY^$oe3D3O8@
zVYPlz-(b-Y-+nY9CZb-E*ZOngbm~<Hx#E~!BNR3+)QjtLo#snUGwU!~Vam7CF0$ZB
zC!KC=xX(Bwz}mq0bSv?Ng#D;!#6N%baB+_Q)>8pTg&iFs4W5afmT&IEkc+6ZQmpw*
z{zhf1`4>8H16VwvyZ4%{RcD<@S<U9o7bvHG>DGcoC=(N>{?<P;gFM(L9^yK=E=bqm
zyp36Y4|UU@rBCRq*EFf&%SpV_>S$H>^(oBJOd$T1GCxwCrUQ)U<6j{rFp2Zi`h$&W
zxgMn!%=43v{_Yg6(4{CCXH(cEGIxqhZl*H*6p@Y!pWj>Ta)9G;>q;o@8F!9$@8tfr
z?a1}JVSgt~5n)E4r05;KW8!8w{xHkWKpuItusAU)4zKQ;Ly2@sgo}r55S6m+LydrY
zU9j8p3)yV3sjZf(&Ku$5qmzhwno~U3n-DEkyim_}cou`rncb#oV5Jqd!42W3`AR%0
zz9eb@xd=X1o7hc#F!nJ3FtwWF1NdOoI)@?b-zi%XnfnoB1ZxL`<-tU+$G3Xw75Paw
zka|AWef_!OCCRO|vVDbN=m;}oq~JkkIhzWonbX*qaeJ|oUlxBT_cD&W&)heK+(Q34
zTDgsXBV3Q%!ToOmVNm0Ng!QqIEnRcWwoiq4+;??*S%2S0x)I{U1vSzy^oorWbVTA^
z>RWmItgc+H%}Y+r<9Ze$hK!8m4IyU<oo~||0Opt`NzBw*50n^na#}KA;5TDCO0|zp
zB)K@HeE?2qL<wVv;68B#rUj+%X^>7Lg;Lfd^@t_E5-cx|XS<te_5*Vq;jFEl*gLGq
z`>_oZKlQm|pVXbL**-tEd||qwKW?bIgie-YPULl*cN!_&_d5(ruX^L40Xy4N{)`qE
zcsjTOjyRHop+43J8db$T{@BFZu1@j!AFPpG_Tiyx0*k=Q1bzj)Tq|J{B9Kf1AqS;&
zPwWkS2W%+m>=-*1z}~gnOVx>8SI4{~zNs6J^cSeHFXc46Ejv0E;%XMY9toeZluf;q
z&t*#JGfiO4FO_yurS_`fbgDCM7f<X7N}*q~;70);)52vq?a%}x4LzQ=0Q_%I)YhCN
zX5ZX)AfTR+Kj{2o0QNlzQ6s9MVXNg?1+?GYM8&uMrgkBA9IG-bQ;fJ**j3kVKiaTI
zM6(9VOko#NdEzsc>*(V|Io5Jl=HzywZr(8XPw0MHqH!mI2VtAK-adfIv0Nr!<9nx~
zMn1GG79?};be`Bu#PiXEFfSR$`@tn%eqH$!G;c(UTLRxHD(r0I+%eZM(%*#%U$^eZ
zQ(*;h4&=5quIYC-xxzw&B1e|bU~AdWDew`?g=RM$Tz;*6MGRZqWuyr{iR;cB5^FQm
z!Mt5L-*IynD+ZrxJ)QAWQWIXkmA)O09A>K^GGCegdM+2<!lv7HVv;c!=gfQU<WAXm
zY_Z(it_LPD!T<sks4}d~F+TIObs^f?-ssKfMtR*+x@G3S|0GJIPmqn)USJOr<RUUf
zF>(jJLq^ahu73tda3f;s84X?C!yBss8+d}!^Y@luYF8pcz2vpmZRVcga0ZXokFo_f
zfunPQH~@L3L?#lWP^*4gbg<*WQxEHk(uQ?7sc_<4UM<u<wzHT&=TD%R_9WnKSo8JT
zisnngn43)`AQtt4mXD=Uy@r3MlB6~6GdM^y4&&4V=#_G><mO~YIkDv$*!&Y5_#iCR
z-L@mUOeMOrLTe|N^05IarM*AATQq;>_*c8+9G3=1Z++D`te^OosbgPo7B)bnVKu+p
z`S=<Mz_1|v`lf!1DU*hw@lcL+*fDwK3JV1AT>6kK`8mCw^tIM2V`8JxlFEa-CX{0T
zk-!x-;lU__8BQiy-|RCb<aD%w*{l!5Bml;q&$-`N6s*})U@EFaQwu7BL8_$w@L2DV
zes6gHZWJ&Aq^N;2Wnkd|sdEw|@M1BU*0eCvvFV%nOMt#V<aTp*#-HJIlz-bxL23A<
z9$I%rpk2^mfe|hT6ihRR>E`&+ySb@1<9@e^y_fS`oO#7|X>774r~S2b(wl(joV#1z
zxkPpH-~TNm5#gKvBM^G}7BW}@!mM0fd&Fp)1DK(u^eP8?Td<U|JQJx4o}&KP`XOOj
zzFZApw2|*+A0rSZ?hk4}9ht&A%s=n*lR>Wy_w(SH+v5+EiGpWXhBf~b#IEUvZd7F9
z*rPmy{vy6yYm<aV8n*vbxoTg^X$mfmntsM{`(pCyKmsvO!=Tt`3$i~6Jl>UE01)*Y
zmwT2jK~;6aF(H2Lv6kbKv!6+~Y@NMY!c9MX7*~R}Hfwnv%#s|M2gKr+jmpeL$3w3o
zXwBL7)^bln^Sc3W`1i55l_eIt`GzpaF{l}I#&)BH%3kXMoKBmh?P{5mm<Rjtx~w?=
zEMJv%8EoKpF8;E@wU-KGy<}Bf58hxgB5`=05b3S6_5%KQdVac3$=?HhHO#3aVSKX4
zjPy2>qhtIQNKLmH5R8qb+_iFG48e%x&8H*!DUXfyF68KXQp8Tce$@kZ70K=x6dA8Z
zPY*(TO*BtlEiFX)5CHU=<=rh9`E9$Hk&0TRgcQmo$|UlbzY1t200A%7P{#=Kpfoxx
zBVFZTOKM7shJhX*E08xvIih#H>fXegsc%+H3>?lVGhLjmb?W_x??dd~WH4Zokw$nh
z+Lz?FS1v<g>|~ws`QmW`pV;SNs~7VYG~rm^I0+oO7a2pMOzOYxiQ5xD`Hs4tlE@hU
z@VgBqqm2z6H8zO0`_pz_;sdb`7Jw;IE0mB_evp-D24yR6-j!@OQ)axN^)%*-TKn}>
z+kX+V`y${x$qNz<cC2gmi8L)1qcL4-hT+wuVHshFg5+tFmfMNvxE)dF80&2-7o+>M
zd?(6Axt!*Q^SaLGD|}<Yu!?}{$k-@(y?zf-s~&y=>;?&`*pt9#Vo(Dl`9OmyLjKcS
z$@%P_K&uO!yV=DDA&%<U7;Ovn?C6Z{4CDosE&bpNCQO^-YTej_?WqTt%G(sJr7$-*
zuH9f0`t9@(bOFg?ah(&WBQ#4Bk}$)m+Ofx?M&c|9Q$}+D8IyYJz2y7GgG3DC(r?w*
ztT77ME-Z9orwplw;+=dJV(?#V6EKkK5o@sX#o=fNw@tF(Whj0XbCKsxZZwj@oPAuj
z$(LU70kl~VUdlG$pxWPgAdxj%nt2tM>2yk=uuDJ2k~u!+&`C_$y_tEJPwasi0d`u$
zD()4&uv$3Y-9wblrO=e_;wdsf8qAw}*D8!llR<mPO-v*bW8e+0LP0Y{VTHHO;ErX^
zia5NREC0T9LFbgu7!YYxFN4|TgGapZCKo97v@X(QU|na5KUjBQ33)0b+h!M#$%D)?
zq+3UdzFU%ooB;a(Wfa1UE_D0h+H-Tm^?JC=BVmDGIRyvInm?Lw^d~En>XCB-aA5C}
zdy*~vdEW(R;xC%Q`e3}+H{!W#R{s7rzp(a=fOGgST1GVNxNOz7<br^+NTljWq}apo
z^CdLN;tJwbhrz#{KkS&FI)=FhWi1qKqj%mJ$rp3Y@>fzOx5LlxKR=yaYg3KEoCGKm
z0m=Kxxg+U3pVCA<*#+(Q7&ET-Fvvf=4S&b7L;n;O73d<=?<QkBChImp$8^xveZ|jh
zka#$}t;`X0h7x<NamAWcI{iH7Z9lh@o2ez51OPlsUd{1}!r#GhFpT9D@-_-?98P5(
zFQSM}3QvkcAr#RVQ5a0P1t+1$uKDc77o7b*z<p*CkXrYM)m-p28Lwz-d^7Lw`3FBt
z&&q{c5w;=gfyD2`hXUZt+tVKsyFn-<tI>vW9(P^hli$RFMIhCu_DK4_Bn(fAvnGtC
zAtP9hAnCz5IZz5?=d8NMm7SN61*zho99Qv8n3L-&wmEq$mJ#--bf{;o%7d~MuJP|g
z&fDO3P<s5^`0_4)3CyTV#&Fy{q7PWqz^?%k?=e$0=p=vsv|eQ1ZoE~ude)u^&d&lg
z5n?H|_+!iT3|=G4n*t7xf9<ciGkL9N7t@Kzhi#ySKlQeHtT#S5SrfE~lM%H9_BboV
z{)2%mVI)u`<s^+S^|nsu%}imk^qA1tBVO2IvK0#u@Q{W(H1>X^Yl|Tqau6Q5!8VwS
zVAqZUlt<16GRRY3$CWqx3vEHv_O-$}d=hrvN;7Pw*#00?>tUU7_fUuC{!~$LCycfs
z$e$(J%%bfx@mt1>D$AF3!VN0Xq>3Gzg^raT?I59+0Q{+HI5N)<wL5>g!5umCwa>Fe
z##`+>2;Da3%5)Ai#AA2kO688fn5|=@lKWT&8w$aT!R$pFFD7H+;j)4Cj#LrmYy_WM
zM;8@iu1`y}v!?9Ks1$Wz&}SIt8|$5l(c%j+5of`{vd@|iWRz`;gwQFIajwz5f&}{D
z8!tFxThtyd%3=&tVov#d&y-^5yl%|-$_NQI<6N4hqHH)dPLoyH4U&|)ym6_zf3sK{
zd;dts5$5ff0sMhkXUn2G#D^3ZH<nm21lG`RX!A?ek#kCc?3zQp{n@Rt2>Fj)ym&i@
zV%68m&Ks`$eIr@`aIt=4BSO0QA9?6HNhg+po$}gsIW6**j~!$QkG6*?&3jRRkWIGZ
zp8gz4NJ-C`;kA^Z&pzldQxyLtM*(+?G?l4W25H7mLUQiRg;qXkmw>_@8nU_I-rK8d
zM<sa*^?K4PiAFAOsb5EdQB8plydGIW#()oa29ELDruO)lCQnj%wSpg8AI;`hzJ0Ts
zZ|VQctvzW);JYd0_<DokuSCaxFK7K(B-<amGMN4@;wk~+`E$_DdDKJ#0Hq#!@C8{U
z{g*;s579`r!1uu>#m?Vi13x~kqd=CoZr84$v_TuXF=T{IH!vTGimG%POx0!?qP|Ne
zD#dss==9XT)8`y6UAv3dX|YWOv)iWPwrY8jcaM$Bx80|_!r>Pa0F)`5*nlX(8=Vax
zZ$MjNkd)ODxWB(el&Fv8bzwKOQ+d5RRYy8d8Gq)7Q&yt%P@djEps^M&8AU&APTGOl
z;0KWIGn2Aq%b#X5!NM#i`~W?m<dJikBg<?vpl(DEYY#SoJwe(Lu6K81x!-Uh5O0La
zyic5VNu&76&6N839W2Fr%usS@XD+2ZmQ)VdD9y<6j4W{MEWB+7R9`mR01y2jtHJ<_
zkqilxo^MyBmEvM|QTtJs?N{&uHsY=&f!0@|9v@LY4iWHCWa8SgCvO}aWVC516uWYa
zw6x$xgaf{(M}L@9q;5Q#b+w_qiZ`HXwv~)i3e9|>R4bswsJf$TNwbk%%|r4d)|@Pv
zIV(Xk=t--Ur0?g#Tp>!&fEh8z4u;B0^PYfG-+9Wb9ylWrt$>=)!rAV2K5?F#jW+;?
zkmWW>fuBUMc*9xo21x8%)KXxgrz9PUR0oxdt{{Gzd@b)w2VSf@pmym`?IeTTPq6lV
ze(2MTNqE3~rDuG<0k<)`a3gM<)v?<dnFGI~#Y#)rX9BuJpyqW$6hmFqDNbIli08eI
z#O<2Z^gWXVD(%p~K?@uNG1Tktw?iAJOjLpdOj>1Oa$;4m!RDwcorOS+8roO4AEC6r
zY~(icM&y3)fy$J)d1ttIpT2qc6`NZVH1wV*4DX#s#ryuqi<;-UznmHmZ_#F2a;G6u
zq00o~`$Q(GXV62`vm;ohQYsyi#fI1xR7eZZJo73o%)IQz9P;UQ*z$&W6HH+0De`cq
zaVGX~jqK5g1c)+N0b|_2=#XDXMQk#qvIqoRE@i>ap3SZVsUNBqkxvoj4r@!$Gj|rT
zYk=8E(*sz2LCio!rCI~9V?=j$a$o+=zQ){SWBT(!;Kg!efLf6hVa9j{_E$oA!NUw7
z6AOzn#^-H?Xnb(zF!tyi4y|4Jj-NpVYx-nC{5veKDb`p;hgkJ(cjfKWq8Re&@I@jJ
z0dI#!43luFXBP;p07+4&w!@_luZrgyWsSg@id9Y!YExF<Cj=MzNbw8qC)Z3Suv<Vl
z9aU9m!KLmZ7D6~b?5KbdM%cM@F=FcI__Mm8BSe!q(#SQB#tTTnR0&+NW#5sHS7M$t
z^i$2$X$BJM^Cf75qBOGz<xfS@nWXzp|7q2A{H`02CB0a2v3=|S4_T644>j7k5}<rQ
zN9oZ4?TF3=4b`7sqY0{N+sNLk>k4F!#Ph>^d-nXi6x?6v&g=fNBZFt{$q+TYl&n-8
zSVo7kP9wg7USw`c?(E{N)#v^nL`zBUW)LM>hic)Pah5~UB!|OyvnXdhkV!qy+@P|I
zl$uwsDZZjdVkalR;tg-D^|EsbspAIRIV)O__$(?SRctF@```Gw*=Xjjkk@Uux!XCz
zH~wqp3Z*cA!k+kH&VXw)gu|OnOenJ&YI*JTxhNs<nr$*4lG3@Q-=6K&#ip_Dw9&xA
zNN6Io!abbrw^EcqteOKkz}ubK84Jy_DN!6x=_N1oojgL9!i5G!#A=`yHT(;c*n|{A
z^3hl>wkb4%!axI(iifTka#A#=;eR##|IY_0`_}^+)xh#ED8do#HvkQj(8<(TLKnxJ
zX@&NjgT`U(q3<<A0euz!tLgvArvX{pS<9&)9&J!P{Qn>v8pYc^307O(|A`9c$lOUz
zSyh(su-8g6)*h>z-1cox)4uLB7YJ=!P{O)A-yyg>er~N-|K?C0+I+C_@P#bsg5P?+
z0n;L8<}}S>(hz+WVH#JnRaY4-&fmmIH6@K9`30d_;&XDr&kJ1EK2fT%D9@jSx_fU1
z-wt4rl=sdVXI2ONDRNpg?Eenp_dhKN?ITlcN5jd$(rI~B!}Im0LS9`CLXe@&dIPEw
zZ2pNjC(ur<I)IFjPcck?_dery;qxq;yZS42Lv7sp^$y>;fyJ)1z%o>_+&z~$UCtpi
zMIeHE8}VC;B8@1pu4aFgE>nYT<3sU@Gusk$-iiNuq^nme$MbHY8?JfyYv01~(>jbB
zanEJ0@Xn;M6((!iRP_Y+l}v!-_8@2d&CDfA5<>gotPZUkNK^as68E2W!6@nG*T4NY
z19#U_WjhF^2>8ejkG=&3IVJSY=)Mz-l!gr)1{3>Imutu_s78%^Szzq3jiiqJ84H%b
zVJ=3Z#BRCYejFa4yRAQgzlFfaoH>7FWCrSZcVGRD^^t8Q{uH9YIc1+Qo^&kbi$Y}#
z+-Qns*BO8Bhu;MEhpzLLMZ^kXmlIUX&P*G3SoAW?Y<^xra)g?@NSlo0uY7~j?IuC1
zl(M0zD2^U@#*Mqm2nXZI2TyG|a$?X2aSQ$ka%^IHuw5)uL_DVgCWt8x2yTuB3y#oB
z_$*dn5emjeGev?#m?FqQOsSY4UJ@Xhf)l6!q-Kf?FGHux(S)2nkszj_|8txYZOs%3
zWQvUbm#R|%3yj|TpY4lM^@soQ*<|K>wsgNO6Si34VlCx2%WBYz;Obmb&nMLf+qNpB
zjR~0|(UuB81#zz@L{zg$@9#fG(O-1%1E73L{_3!qjQlbMo*IMIAGd_^_qM%(eE$r)
z$Q*-fFpC#Y@vm-W1GsEmNeS)VNokG@%~8Llw{_;V{=-DjOEdaeOb9_PqS&eTv-TUC
zg052V!(OV70&^0v+wmU+>WJ(CM1B-vLiFLLw=v=sDWFLR={6;`*jD5je#tYZVzqt-
zdAFPG%@}ZY{3Ew-8^+!GyY;7Z%V0PbMWrvbsz$*}G5$}GcaR-@P#=zFKa|U*+H^&b
z5%x^aaYa9^cs^b*gKEL8Zg;xs2TM`d^e4?fMBpRB?*v;Pv<c0~YI%-O>tr9zesXY{
z9Qy|kk?D4|e#8>0Z2cN<VFvmZ_g$YBCfC)3=japVs&|Dci)tVKe*lX>bidW_Y@z_&
z(WcVJSyU(okqifPX=U##LD2PxaLWV$ZNV$8iAS~LRvikg)wT|6n+ze<3fkedIIpZ9
zfaSva&fe>mbA&xQeb_LJoG@UAG4jX=yR&0p<!@iiZ+vRcG=;cOlGe+ANH8&II?K&r
z1%Od=rp^#$cDoN2;%D85F^rYH;4J{SgF)n=cPnuOz<^jB_iwdu#pa>HJqaF|E1*V<
z7&+)~!@{eenSeQi02Dngmh1xo#7{egZ+v_;-xXDovOC@HGeRo!ejB;mI;U&~HPUWI
zNX)@%#Q|0{dmu9j-GIy(6e8}$)o(C{Z>Wp*8{_3HP8Vz?AjM+u10$74Ah-ZGckdhw
z?Nw05gt^j%&B8er3HugJ3Ye?}UDcC>5T;w?f+KeX-nMKElnt!CxhL2j<(1nXK$6j*
zuzHQo!Vkd}mD$wu2Ydo?UCo9e4%WR^{kryDum&*lE2KT!g7o<G^dfsfz~NZU(Bad2
zGdgwdgK>?ZEx=WbGX?+!AuZy|@>_sbbFW<OV@&`g0zyE9RuQti!@A~IIpyaoP!T-J
zz3S(6R)d}HXEjzuJd!dJ1c4v{BvAsYuw)N0zClT%styH($1C24F8Qmv`Wk#bthpgE
zSQ%X%!D6aG*_jt}_Kbe&3Lzfu^#ErWJ>5F=ESL#9Va3H9rLb%G4a{FOUi6!!Uu(An
z7GFoc7Dmt*YJemHW-G~zf*eX<yWMlfz1V`-=NKSj#oTSQ>uL1?wSC$c08L#r`+I##
z#sUeV2(Ge$%bS}t04ZKH{uIW``+8$c1|k4`^-)PLi=+YIyLL?XyVD{Z_GV+<bVvY@
zXaZ;vL=r$CnlwQ)UT%jxadf=B3uMFVy}|7s69kiXTyRWcsk&N&KL8ogyM*v;{qP@S
z%+F=fss~4&9gjy>o=^Zg2xQM>J7%`?idQ*qbI*5<_lhx@sGvQ0^XJRYnUesbjWDf}
zjkO4@BqBtK$u|qG8r}1G&68T@j87KXZr{)EfVd7;5^E4<x-dTZa_p4Aj2MOuIn=Pd
z8)^&cX*$~td=gVl0w^c8mWq2>IxL}!fkz+RDtv|az=vXScCkQEs}93$+K^dN^+>wx
za~tzFHxdgX00fg}*66#;!~p86?F-{&gJb6U{wH;PfTzzhF?ZhvD3hA6Hc8T<LgWu}
zfc9bB3ei}s&>m)H?d8xx43;=cnX*;j0q%utUx@Yl+*6rvabk$KkDz1<2Z33LJPnUq
zf>i)d9jBY`96t8x7R*jGCYlwzhTXN1IJtpAl82Z8-W#pibz3&I84xhuazW}Bo*T1M
z$pg2B7sD3SQ5t6FqLV2a0W>WUy_tKywd}$&?u8md-J;b`WFvbn?15FGW(khR!;++@
zTMH;vHji+iW@lK_v_Q$neCmb}B<z#R#Oxd6xG>caVkK4Gx~OOw96AUX7{|M#Fx=Hc
zNE8muGVdOgQL$4b3z9I9MOAz<8~b-_k9<3aGeh0SM{+S@UbKYvjLc^(2Y2Jt1j?W}
z$1sdw3Le>D(Yq7?j%a=y4Rxo==IsD+WsVeg*&laM7vnwPO3r|al_Pg8hydj>c)xB4
zC<NALa5}jJu5rp+LW87|c~Ht+wr5a`VE8PsUFmWvquB$hp*ImL0Z|8`P~8?d=5}DP
zyU%x2B?O;3<3q9R!^lJSPTjLfwZB63D!#F~xrRCFpfno8xp}QWU;@RYrf@Cq4!n{P
zLZ|=?#-4R;O&s^<^t+hmLt9VRa6#=JssoTB&gURuV#ZN7#0icki?odmj?;nLT<w%>
z4Zb%jWof9569$B8g&e+vx^|~vPz-<pB8O()cel7i?YK9L5OP)}t9ru^;etS0I~CA7
z^-|!5<{de{8Y-v@f_s;7PtSZuja3o?Fkdxc!+v(JwbNnHNhA=Gq<7peFlv37)y*)O
z_W8eGqdcFaBs*p8#Vzd8(xEcPh}%OSUuLv9kes^Nq$9!DXy7~8`$)k_LEf3d>>y%r
zSDognnokSSTOODx3mj_Ca8O6v@HO@Hgy6DI-Mem4=UvONg%v6nLyt+2O%IM)WG<Xx
zGsXv?wR5NpN6VAF<*zcHUx$fS*F$5TScq=~cDaSmzQ2HJ)g$vOgzJ?jOBy+j(GGOq
zhghl7T0;ffU9V-Y4Y(fT$zXshRfDe8KHSS3tS;`}WkQF;Fg#Qne_e@Vxrl02zH}Zw
zh#$TacjfYCSe(x57t*iple<Ds7QdKVd6*+r)o?k87B*iO)lSIx&<<Vp)<p$W%Rg|$
zHEhO$e7>)kK-X>{SRV=&7@Bjw<$rd%6w`lkh9k-vJJQ|2_osJ3fen>{!h}n@ny{Ky
z8XsK)QG=&f+9{X59`*Xgu0e_!cyX2<uMV_}R2v69J;%{Y%{m6Bm{%F*m54VVZt-{>
z04mlPG@D8J-Mh)y52#%2O(B`-?&|cRV9Wq6hON(a<KTRuS$>t^d3oPi7h|<>#VYDR
zSwaJNC&MGb&ez>JhX$Iqx!~wAfJbS&<T{3?Zn+#Hhu?F)U6X;yd#G#B^mZYk9E_fw
z!UNrohVPhWy<~fDu#YZ}sCv4E4CsNSkBM9^4&%Xfp&!+~MzM}P*YIPMxJ@!JS$j)J
zTJ_YL9o~iAjf<PtQu8|q+Ex)Nl7BzG_;)b=MzAUrU)ne#0tW+RU&3fYF(D3!Z^Lk3
zgk9&d^vV}b&fx=!>(uWrrqUNs;SkQEYrecTLc`2Yi|M21jGWDki<oRu65MbiGH9c2
zqlEy7+O8a|XSy#fLqMu08p0nX<8nQ*=n>#)s*sH}K>R-YEkTQPoNkSkXoLsfIZ+3g
z=Mg|Oi-U8tz3i?C+7?R|M^N5bO2D0BP#e8iHOp9~3HQJpH<*pF*jWXku0oFRx&r+-
zd^$t!9eG$BnjV}Z5vl>8xDZ9gr3I_)5`3nSU@KQ;<-7Ndi==MNSO_)QS)>rx5w47H
z#E(6+2=$&}V&ptLu>j9Ot9t^DE%&70;9>2RcTMWe-5NxVdUPWcUPvgm2E}{Ihb-`r
zd5lW!Ue^c-y-x5T;I%Md*@QdAKo-vBod~kg%LY#=UY^3d>~Kd%5-E6IVR#V1LWH|s
zzJRp0OzQ9uN02>NkXS>rkVqUtl+~-@RJx(~QPl@W&70`=!*vO^HZ#VQ)o>iryHvn>
z^kM3ZjYZucMKNh|7Au7=(X$oe@t)qxbHpR#?ym?t#AN`+!Zav#P%`jpV=U*RFUFQO
zs01HsJH6gVx7WlJ5>F1@v5vC5Ajmo8+TC*ZSWlwA3*#ED0)V!7Yw_M=0l^^RWF47W
zR9Gxk21SnUdNgc40a6D8?ZEw}=WsIP$AJCtq!fb11CZzzG#=Tx29AKEo0Ju?n)MCc
zs|u~MgCd4}K*AL_#<wOZCZzafv3G&71%N8h_qHI0TgHLjW`(Lj3%ZNyZSU1YjutvK
zqVbNlcu6DZ9-07&?lF=eLo)Z#&R3hJ`nLEh^Lm=o;BUN%*h<a#y1mVL-SMEeA$>N3
zPj9+jrZ@zJjR;u8d<_ovA)JWVE|73}k8I{p!J<4CH>Qi*BPyzZ11|JVox>>#?RhHs
zMZo=KI-sa$)IoCr3GRajX0E|IDM1AeBf8k3(<OZd-wM%9p`b1h`!BdE!47G<uqaSt
zjj0zoj_;19h+^1dj|D{n8|<+s&}Ix`khUyi4|gyut3x_A?)W3SRx~6K(iWSI2z^pe
zVdSxRfzI6EmTc-Ly~4);BncqIpeJ_->jr0K@XVpX@Y)o|VOmH8Xn$j3IZJBZyGijh
zr%pD<+kXugwJP<XSZgHvMf@AiriSVt8llka2_b@l_o3VbPc9cys(|dfIR;QRJzBS?
z3D9zw)sHU0m6Ynez8dKdQo-z4yBQY+&Gx%ThMe-dxqcFOTrxMl(f<S$MSuA~A^YkG
zdsGno5-4BVrBPY|R9F0;;0N^g{QLN?^IEQRH(K397=NNqa0yHqN`M?HoS|cT-LE-l
z-uBUmWz5l{#Jv^NGrfi^gCL%RC;`2q5=lA3!wibXb!`e_fS?C$+!82de~+GVr=MhM
zah0Pk!i^R01mUgsOUw4&kll?JK6`*72AZ#u0+_A~;@LnG?AEL<>w4B=<BR7$>6Q`k
z4twY!QE6Vk8R_ndsZf{diRP~dx0!Xc7U8bE;q8tEGMQIibwhy&XNC_U;pw%)cslr<
z!JU5uuvc>R*Dq9^<K0(5i64ph8UWCF9VNS<=K5^2WZXXMyh$LP!_N2Vuh(&AIGUcf
z=%-~q_T+Hay^j{&Y72V09+GF9-N)gK5vxyjp`&{ERaaE^EwSKmjtQw<*2)Tq-VZz%
zZ`is;acWdUWc{bFd+hgkEqOD&Lu%6Y_XlG%+wXPv2CjpBGlkLl2gn(W1_;rp5vhIS
z=`G2oht2J8dL4@*yWaRJ5nI<;D0g)y%8vMEjJn9nTkY!FHggHZrab8~)yUiKQoeP2
zk16|my#=s4*OyZp;x>rxF+P7P`Sa@C<Mrc${^#!Znp`YC_nDmKcOA-E552d)JKC*P
z8}st%L@~Ly^6@<m!T_xK=fUIc1(JQWb7E7<OOjpOl6rc*?|a_&l$RvCxg_-7%6IqB
zUU+8f)!?@IQVRuwZm1-ryX^Jh;g(xf#gJTL3S_1tgbr}4v(B$#<S=mh$mDY15OBLm
zL`{vBQEbC9GTRaj50(>f@R#omg6W(XF;*@3&>DENniD*8YXcgPw=7<h-%OdO-n2rH
z-g>koDul7jV8|rUx9ewX=vD1iL3}q^Sh8<Wzy?@=5P=9FK^7q3L}KPleW<)bF(D)*
zBFygmo=s<)!^2g}t=BU(+dIW)OTmut6**^FSB)IVL<d6hxJ_chWI-DZQD@gAHsh~K
za)hin>!539`8H5!@Y~skUJ#IA$Py3;O+#%fDAsExhRH3jy0)#Yz1LN`q^CU6Qc_Y<
zl$4Z|>dC92sa&tF>zuhsWV6WEvF2WNs<#!fZCJMNpe^E<Q1LqVoI1JH(aY7#)|J2;
zZc?rb)Z78|aCdJ!HPF~J9)|*00|tY+a0bEGo_EJOcQw{rh#ExLH!|J_Ks{XH;9&92
zy5~CSzE;(*I_akH17N}BUMu1ks;z}l9m6EA6>6>DJnwp4yV+kVs@`*#H#DzsB(GJ{
zwcc}_<CiMCoT`=RZzaf{E96vCs<Nmk<;yG4H;-C^?Nd#62!bIJFbIL@G#uMHoVS|e
z8%xHGHuNnbSG94~Q4fmmFt~O@lxp5;saGoHSCd@&^Kv=Dc=LqI#ad}sw+?bS9G5Q%
zDYVmbmCh=>nrVrerB(@_oaI}ubR$YhDNWm#7b#?vr722CC5Y{zCy&dzb@75oO!)Wb
zuJ``>+P)H51}O<8o)e!gbQ5GUo2J+;Fvx8b3uUlMMKl{W83qD};sg-XsVJu{LP0hg
z3PQtlfhmGR;VJf<PvUfK@#@cIP2=x}*C)58`+ByGoWgNwcES?Y&8zgUOV72}rB?dl
z(nj#^)8gqQ+xL{0B)hpJ^!0n*_r32aE=hNCN!)c|!#l9YePE(?RUox{d(vmracG_?
zA4(l{s=F16>Jxc(S3`{6%=%F52Ml;^G(0dNK?Eo;*n$raI$@7F2y3O6SJkdiVFI-H
zNJws|A5Uw7iYSxu;pGdLKTi5f-mfj-&7V7a*E#J4TxaE_ewp<A@;lg4a{7x3qU9BL
zjdRZPuqv)Z6yAHc8kf>OS1&M}R1{;*6Q058AqC>suRT2LK2>tKaTlD9Jm)!QbCuan
zsP$T`<x)a=k0go%*q}NcLdQjiExw=#7F`Y4NQ{87CYc1<jFi<|36cvkuq$@Q5tg-J
zc|lx=yGm=y1`~=qY?Eb|VJTC?t4bL5+i|c7(8G7EG7Jx-fQ(JvAj(Q+g2Xc!NtSaP
zf?YPpo5jH8PHb#!u@xp4X-lADtbnMPkRr_39>9vAgBFlCqLUJ2l&EWTf(n<w0Eg8<
z4{pz29r5YY&egS+ZLNuhSxJCVi4!3LOX;3{-uGv4=CxS!zEy_E<b+8G!a^jGBw|<(
zhWtHS2yY=xfdZ@qqwFlf41`FiULRVCj6xAm(0%QI83cq>Go$|mj1Z6+AO@REVr4W)
zN(qd*>(;C9_ji2n>CJxc@0$LgQwXFIL--e;+CKI;Ms&}w&3LuU<n*sT^OxeMCZw$?
zrIe=BnJY?LRJZDCVX0m2GBz^QVvtH8)MQ~jq)`4Kih1@z(HvsdsJO`|6_TFXMaGcT
zsuv#IMOQ4OyRN4Q<&~^TTxgdJiE;18b&7RrCGfLq+}T>&yZ!XYr5h4RK`kY<5fW8`
ztg~zTYgexywO`A8f1e+`+s!bs224~V0wj_?A)fLk?_aXx-|D@ko(rCRzHV#n&{qLN
z;D|p776d^d3L{lbt)(qx%oL!t-E!vKDw3li6$w4>+7M6VAc%leMOumjROhq}e9=az
z7?3MU{^S5Mz5kU)O-ZVh{cUSkuUq@v-Cyp%-XEbFGHpm;m#Wsf{{Hs&m3QZ#){Yf<
zqPjP~yoHt<kFeT+Y-K50O_N&F)a6NAQ*H@rhzVm|S(3@lTx?>~b8~2rq^UGzn)%HC
zUF(G1xtaRWJsl>jyDbCtG#=3Bo8|!(^55p$QnP7lV=ZQ75u#|>HlM3&ef9g-KQH%J
z+VGH26Aa8rD44>H>uX=x=P#y5aOn!w_;@SL>%MgU_uhX_-Fk}rO4iDoWY*bUR#8lt
z84_J>lV&Bcsw&sd_2s-RE>WZk@9ma;-8t!I$$_34!}R$P1h3!Z$x6#wWLqjGs#;>V
zHEVhCmFPKszODD~^~q$Rq=6)0Ng+H`-w$^Ko32YMMC1MEyZ1TbZtH+2NQ($52oQ*b
zA~0nwHMG~t5@i=!*ARnJF<BIlL%+N<h@>cqLqqO+VVXX5FfRSErUu4X2?I9r&r}6R
z=D)Pt7|T+clxi&!teZ^Jl~w)y{qp5}#Dzq%ED&UZSBlm9`^Udaj{NfR>zj;zzwhJ2
z)!w|{dQ>ufTou?vAizcuvc;7pWT`D|imqUYWX-#|V@5MZ*))~@`or9@za<aSAp?oF
zimO^I{_!M8qPE1bR!udeSyeM7N)zU`ukT;J^IcV{{j22~837|O2;OU7rd59Xysv8V
z-l?Z_hQGFXqu(ors=fBRq^s>&x2YI}OyEqQ?C8;m&_;p?1aXA6O_N(Gw56)eZR`*l
zNlx}?h=7(hD3TBek`SK$L)iS^mj4HjJ;zZ`2y3>#)LS&nMk372u(nNT!AgxLR+6QR
zDS~_mnm>YbuW!`PkKFsgB#Z(=LPHq>2_(@oNl`{1(h(S*HGEYzTD$l1|9@Kb2iV|B
z>FL+lhrRTz+%wKf%jupArGb!4I8zCM$DmA_#TbCXV6~DpgshKh%-XYCWD0iCQ&klI
zZyNK@R$gx#S2qLJn(IhVI95dX5<UKrP#_Q?iKa{`nUgk2rIkshkwn%cYDP4hG_Ttr
z?NwjDpWlzmmHN-+x>JY;=;(tZM4ARA6bsJzSyZW*!Qa8TQ1TvKJt2Gd+^MtE(b$~!
zx4a&|+r1uq^H+DRb!8Szn@Ok2#(>a4kpt*W2xLGL2#AJu23rA=3mC&L5EBS0sIFY7
zcw{DA;Xtg!HIgYo5UB`46*>GHh8!*yn>{`I7Wb#Ul`E?AuB!Qep{bNBDMd!nMx`Rz
zErP-%(WYjNA*M51X)I|mlEF;hs@s0`zn9N<?zfIO@p6u6JLBWY+rAMF9XrnRyy=63
zbIzA1$nZ1W-x0dQQPT41(4&t7gxIq}M(XLX#hWa`ET9oLC0dTG0D`s<ut-X+m@WV=
z%3!d83gw{cSw-rTR#9eKs0J5RcS@NMv5Z1M!lDuZ36VBO8##%R?>fP%0K;txvP>YO
z7$vD_yRj@A0Lp-yNwgWO77%SvLAJ^;wuwc%vS7Ha$4Far%@T#nw{Xw_*@%Z!${<LX
zEy`+)H9@;5Gj}C~skF^d64g0w@UlK$d3oOhxPg&@&PH&RvX+)y6-%Y0v!GH%oGw};
zD78WhBI46ftsy$gmQtpuW->Uc6<jq4jWEnI1u7sZ9<Xd18+!Bi_TU;tRgdHTSH5KM
zM(?g2+HM1l9=)zK9={J*S(`3}0eC!t0LmO{>W<FfmC^4();-8=QPJA#rHCwn!j2(Y
z9o<z2qS|Cy5KIFg8J&JTmt(@{SEvREj5`s~6aeoEpa*-(Pa_n#CEc)lvK;0rp?IcN
zESq^%c*)E71Gf^n=?t@D-ZisKuQczVv7LNqH1!^vHJ+Nn;*j4Vw&%6h>W9^1-sc8L
ze7c<rSu<wyd0r`$7FG6&?^L|RSGu2|^P{ZG3Oc*c(=Mww)yAUfhc((`QJmI>;4;#K
zrwkQY?`YLr-@WEpUhUr<_p=S&jlH2eeYxACmSqj}RAJA)MFCOfO?sQ0VwU#J+O>!{
zpsAOdiq&^`E-S=tvv-Xc5|G{<DSO&D*Cp?JLwXRzv#O(;x$a<-={@M>NiOb5J?{^D
z-uJ!e<w-8>x5kykGS2UsHSeBxe7`*QI_1jDFo#cAECh&6YFOL5ON~UdhQxD?rZhzw
zKq>@KBqM@s-8Q`3&w1_L@E%>=nt71su#m8j+e}*?o`bs(#D;<wUsl{<`*>Hp6R^C?
z1bMld$A!XD!OPfIp0P|>Q{}vni-fb)PMEK*iy96TsXt!~qr=sb`K4`_t1M_@$AS!K
zAr2Y>rU>VuigiXBAdy6R4ZQ9=joaXYqSqgC(I*TKyAFqTBgcDvuUSq;?BUEvKHOL2
zG3#_gmV|OYdmA{)2NBOJ()07()z5dUy774Pn2z-fm_;`umoq5Y7TL&7a<eTsR7lW9
z1a`=dA<pnP0l^A|=cumUDaF!Ah`YL#Bjn{24Ui+jN5xZuk~bxCw<WonX!*{~$yrkL
zs-W=~)-a~n%N-FMa8N-J?KeF6=a5OxM_4@bE3)VgtFgs#)M}JS1h@($&_oxdWX9#0
zY!JyjNj~|{T<3Y+!0WO$QFyGVB4gOy6W1z@M>uikB1lptbLy&9S0avhi5l$I)9ak&
z&T)4Y$=2N*ZY#>GFpg9gVTn-n$`z;ybqJsonj$@tT$1ZotIW)Slq)unZd&Mh70Q~r
z?v7oJyn9PlJbb7{9Gj}`)pmhA^Sy4p?cTl8s-li+XpvRxO~iSR2XHuwRWcU`CL+cn
zAhPTr-VY9Jkbz}L`bV4`Ag2hycZnibsdgSqQqQif#5DJ>E*dkp4<+1G+!XNd7jws^
zXMlAVz;TZi@mD;WRaI%c-0^kSI(64v=QscyiNF8>ET~Fu;1bWGfHf}8Mq4EWf(LT~
z>^XxJD`RtvQr_9SR<Q>b*$`kqOWRkSruC)w<v4UIKYBS*OS_U!d&A!Mz3+NCQcJsS
z=WOceVN7k)UR-5Yz+}$ujpOt8u2k*F55l5VwB6mh!<)O<?VDUQQ8P|GmNJGrT%3cp
zcyJ&wqJao_czAp~7-QS+K+!qi9755iloli)h=!0aX$A->2vG#I+kv+OXq1}?M+C+b
z1rljd1dRz=n?o*uW`rcvE!&2q8m2j5oIKKY#59t^h+KptyBQU%hRD=`Jdq%STw!An
z;6eqKV?Z-isfNuGIizWkR%m7_!Zi4^eBTf_`(SpFPY)pT$dKcXp<VL3#Z?oOigxkq
zmyCx!`sSV^@$aGU4uq-`6@W$9MAfpj<IG6V2#H&=MyLcvY;~5b6e1ZCv`~!@YQlSL
zVY1DWk1UIbAk~8-616%Q4dOwerh^S`Qx33*i)@o-%PLzog{1RY#1mEvIznz4BO$k9
zDGq9CWS5Pr3^o#oCz&Qd+X-H{_KSCymso8>WH_Mr&T;w7V)FQY9?6MRQA!e|nuR9O
zO0`qqXfj|y!-U2&IsJ1dU|f+sbAk~E-tSlSpLiOEq2=VUrKz=9G+M1OTFis+Oo@bW
zV0Z7?NF!Bfk+e+#QV>v)I2Ah$fSMG5kV~LKprHW|s8FH+5m){rzi<G{O3>+75^+_+
zm32j>%_`L>Y_J<v!`lQc64XDe7T~i~xlg6<nzLrcvejc|tYnsm+6<bFRualav}nwu
zZ50-Qm9e|D2iLEM&+Bd*oBZ?#_>Y3j$p}!8lR2oAMkNudi@O9S9gzqmUaXGu{GF_S
z$mBN-y+6X8ogJm~h18zehYFL~(uzGW==4Ys0x=Ax%{E)*&8}9G_=-(rQnJY{qAjG`
zR_auiw&BSHB&=j3{5Wt}QL1dU4H0`az&L{QHpphO)s7svRB>04&OmTh5a&&W0Wfp?
z+hfIbCsRtva-Mmia?&*w<E5G}e*5?NPcdFrlES?O<(H14x;0j*%6fZCsJgUD(JryH
zY!YEHqY;8Y90lpz3>>W^RXC%?a}I42Npsa_)mQ3NNo;90qSTdRZAnJS8l<SyXxdG&
zf=Cet5Mdb^5YVdUhxz;WzgOm4&xII~6~f`A1tySTqa;JALUAo=)2abhqcuyX9C2FH
z#V%&0G^#LGt4A=I{%6{UkY4Y9=J&^(^x5a5wGVmr{QK<C``q_>)#_T+S!l+q3rkHY
zroP>x>e{u*X}D?t+nX543aAhfgxMl8U~!=gnMWHq#j%(Cg2=QZHB?HnQz9q41H_1z
z3c6v!W?XTzY+7c`X4K=U9SZu1_b?L`Fh^1Z8x^$*OKb+wpe!s@wM#Gd2pA!kVwM4B
zDd%FtLb?Rf97F67M<6UzUAq0w>fNfet#5k2;@9$`ibgVKW|G9SOw(r4%wpP88H*}S
zM#jl3*wl*5i)hTXWZAN749i#%1EH~xd((~c=HbJ(sa&wQkYytxis@vip&7EZRFy>N
zD0+D6HM&2bc?}m%)AfIDO`F~So89<W^BZqNzRW^l5jF?>S%k8+Rz--S5jthyxho4|
z5)g?^q{Kx<v9IfG-Dn1dS0`JVoa#ZMs?dZ8MG6jlU=9Qj7>eik1E9fN7(feL7{Kr*
z02l#^8?i#vY!mv#uq;DGidr_d5wUq!4t}SzD`u><lUS>2+Dx%V*(sVdnuBbmV@VrC
z%^4{(B+;yt3?LE$$)!c#<u&0z{}1CP!IX<r1VmX7a_Fs>D1<YlVn%AJCPlvujr4x`
z?}7d6{O7IbJn6DDP8-6D)g!NU%iDX+il;&%h5-ip5d;Gw28{@RjEn@1YO1Ay6fNus
zphZaBXo)r`fkiTII|$=(Hk@?E?gRY6k&m9}M@kt$1t3sRjVo7TA!sF`LekQd15ikT
zLOxifkU|1j8;mqR+7LAeA*2piE^4_u)9LG}wPr=Nty?Cw6$?uyu|=q)iyLCuHj`N*
zshX(Rwxrgrmekp1Z5vMlFOLsxSIgskUt@dN?nA`~O*p4jWTato)m0l1U4MFN9lHL3
z{=;+QULs!d<nH&ohnbDhp#{(}76?QbBAp<F5JV623Oc5$n#--`5CL{F@idOhu_lmE
zk`W)9&tHby+X5hegT*2Ea9m)J8y@-QfejEs0_g+widg^#D7M&GrI02UbBN((MhBH#
z_VMSstG1~ul<%}Ti=7Kfy5{b6E2~nCLDj_^T8&51?}pV`lBBCitW_4tZ5E16ShkZ>
zG^HCR(Nbz=Wu{T18WR+mNZFQR*=(B4rCU_wrPsfreLxQS-U`-{3L#KMq@r4~3pG({
ziK=8~gjt5E3M7>%l64mRKg%n~hw)c#ODFn!iKIE(-}~mLn3d<6CU1FyDjpC5REk0X
zgZ+%I&W37&plYn42%dsDtfoo`5Rg#O_+uNQ86)l8b4upcD^%K9SAIMa>JBgxDq0px
z0W5?>yvzm03IsrJ1dsy3Y+3@wSOH)Z<dLu&V8v;*C;DKn5C|b>Kh!qNwPG!bsL6~`
zXwj)GGPG#XtW<5J)gs7|fS8CTg#LN&^l%)i1*k9kw#SA&2j*)uQdJZwOH{%61^&<X
z@}5J!|G0kYj?K|^Jk0ir1zH>i{4t{<0v!+Z=4zsBBzROiDuX)+>WsKVocZhX*c+ls
z!S<X|;i{&Q>CCSBsOh0GOPJzS!mbs0+QH0RwSlX3FjEL1un;W%EJQ6(x)s3hh`6+?
zQQTegE1K0)D{t+q{uO?jO37HXlv`q%LoFGFizz0iNwgGdHKSsR#<kt8ua~>|e|53-
zkKd#H!Gq@S_K}+;ia|836^LSq)TtE<RV9yx!2h4`_osRKiv670c#gku2f4hTuR!|(
z5psI~))b7RLL>1M2oO_c1tAZD${^5!0w7@$$m0Ju0alXQs#+*Sk7K8Ek2xB6+GNt<
zNrfbZ#m4DQICb4ytt<f%O}Ao}!A1%i0r<=j$N&)(vA-M@K*dlm4eLTW0NJu1?>De^
z!6KW`>X0i00{{%QELOq*u|%W~tU<5>+=Hl?I`2tamu>$F`q62rnJKDaHj%R_Lo*a;
zW;G@&RBWb}ic?LQv0;gt%UadpLEp!}9j~j8mBQ!dzRHYz-nnM5!%lW;T3DiL!&OrV
zp0?W@_I;n~4p*GK{f>W|&o9%_qWlB>{-D=t@a<k@dS1F{(yDquaG@*+5F%`X36H@r
zh#%-YTEkR?q#+*l#L$aOgo?yOE0-@K5z1*Kave4}ZT@ZM%ml!L5ydw?{b8V0(FPy}
zk$D751hN1SMy?y5Xa`IHh?W|Ca0JK<M8piR638h83bn8c5}tYep&cXuf|_*!H-I>{
zn`^%H`rq)VvW&$@%QH!!$jr(jNTp4MX%vzKniU70rvE|dhDrMFsKR8t(PqUW)yNEz
zppgJ1HtHrts0<2$xSSyoNL+UsbR9C-AQ5CMGRT!xYcC=fmsW&^vsr@#fYxddqSCO-
zM7b&e47L)moeL@wkSJ4f0U;n;;`a^bHm-9KdBWVdhfY^W<eY8@Lr6&jjgaC^D3Adl
zWUGo;1s0o<*p%I%TQ=jWD1<GOAVk4P(j<rp1b|qI0BW2FHf+S;CBYgX2TE@9&UFDy
z2&a#e=Q^Fc!c&|?>Ed2^E8fa=I;0PI4tdLf;O9KK)C3cQ=I@?n^UjAk+lOi8Jjx4-
zBmx@*%Z;m$5frPV9fwRn4PA??cEAza7RAcBD2q_sp)G<{0E2B)0+6U&O0;o<khtW$
zI3vdxQ)f!LpvX@+PdUyGg(Hc;dC1@(k12B0T%?zY&TQ8>DTL<@v(9i-=A?vhInkbT
zPYXqhiClHU+!12dJqE#t`}_}=&Ym!TC{>|u@BY5~I6ejk!stc9sXXxa^w1qO*(8!l
zq0k8OIXUH<GSKtGD~A(iOn_$kLCJ6c5&^?hmjE_g>6KNLP}bLnvWGEt##K-iPy~4n
zyVmbArMxuzI^ScV!|+b#A8i3ZRf^uh+a{;uQrVwlz+%$cpFqr^9s=mg;^wI?&bH?#
zc6o*J(30&Fui2RaHZ)pB!`oNZAoMvPt;u*58wz`I(VAZA=5xYy@W?cw;e*1%@b+DL
zO|tzjOjCIMUd$qip*`p81%1RFe#-;utZ&?%wWSoEF1s9X4b_u*UiN`|>vuD13zu;t
zSo&A2R-U6dy^+oLb&hYkkC>ZwFJ^Z-_R1VK?B<VKH(z;KyYoj1_>X6SvOF&~>&2J~
z%5YgLh8^!~**u}Th<YCqa<Z!InY!|v$?LwV%9QPAgu-*XGpjFA&gO9MiaL1g+g0wC
z1NkYAJ=FmuG~TK{P+wy`o5pm9-Mh_C9iH7=GIw^`f+4;2Rjbo`+nI2MPBo=$#xU>O
z)J2rH>Ga|DWb5-z-R8~JJbJ^r4Nw=Jys1M{Ue&UBIQJgt?{l>t5i^&r-XD`=Uwn|h
zvY?ryP1O{h_q;vtUEjU$NF<U;J@0sX-n+kh-nOwJnC|MmK>R@?N4o^qLvDp1c%LMy
zz5Dgo$LZ3qKGR$yw&x^CTCLRQ82V_kWR;bb;7gUsvaKy5)qzelt1zpJTCEUVAW&^*
z3Il<_`20KXzUSfNwlsD*83b%=x_27~b};vjo<MLRj<i1UQpiH8hVaF|0X_n{PIFz{
z1))w44+d(?9>)e;#TC02<5VnfEwmSg@bGgZxwmvlI4oS_fs7mh3}Au)#|=7JvU6J5
z4jfG|BuMc|0w6$q(@LvgOYgR~8P2+D2=e<kU86p!*!LPzi`C0xoOif`+eV1ZVK;S`
zvsLzrt}ORiQ{G&akeEZ0dt$}9wPNMeeRKjmu5-h~%Wp%sOoC-)#7L`vYE35M<5DS_
zn{vfm;RvFp;MSYPa?@+5xpfSqgkbaMA8g6Pp9Y9L^to^XLShR5A_)K#%1bi2Ce$`1
zvm3H#sv5df#ZvXUi>s{)@UErAuCzJHjB9h{QNySTK2(>Z(1}_XhI4OlHLG})yP9G~
z2_&v7-Qw@Smv+70cH>#C=JUL|3Y57Chk=HR=^dhNffm9AGG+4fb*`j@Q`ZP`?uu7a
zU^4m=5llm56TBXAG!}s&HwcVU*H?vu+PPN>s;ZDMqLqP9&9s^Uml<uMNhA<$GL_=T
zI(SevUY-%dfx!qt_s=|@cfRj^@11<tkB>E8lA#nEb-6+#LRc(~6GVcGI{5lJJXnd)
zB%vZqnFv(`q~Kskfox0jv@S9(i}by_y)2AgnAj$Gc=aK=Ho4i~CTB>0KHcZ4UHCd6
zhw}%Y-7v10^?2ur&v1R*{XOq{!`}7X``+||NhFir_lLdfyZ61~H+OfrVlI@y;%GTu
zhbM^EsM&jWd&c!?^25$}Z*7Jr4H1G7kS|cWAAM}c?`!)$^q9LZdT_7^;6ol77|_HX
z8a^Knch0F#Iw%lOpGL~H>O@%#pl+Xr7cnn^MzM?`kd1C_aKWsN79UXrZ(NySw5+U{
zR<>-kjMNVZ+_=*T5-+BhFl7$T%AAsL&=LIwiU?o5w&FzujD-f2<Q<`Uf;L+1%8Fh(
zO$4LKhC!t}yxU1iyNWqj;4Tyh5|M4#C|SIYWyo+`cIc}Y4JfE#rY(7igKtf=i`EIi
z!*0>Y)5vfwb$Ntifgq5DQ`Kl2GOa|zvoZ$?+><GUNH?VD+}O6ptq55#T-kWlfW#WJ
zgj;00tV!kI;j{ihP!HXcqa>9HML?jajZ+q=qH8HQs2OW0G7RWyshvzBzV_RGeRBu<
z_&<H4^fwpwZ1F>c{aW5--I6dMf}!w+{(lWQi4q2ul0mA|O#qiJ_T3Fk)HKZ^Nr>Cx
z7d2N;zwSv}RW0**?k?J;gTPAhEg@N1QnhLoTU84(s;#6azfkEpl||Q~#G-NS#1q@4
z+;-7gPU6ucV1<fS&!J0L0gzTIexO`hi&DDc92SwNxa#!kCDPE<9la%XRIZ}x(P+53
zUlo2$O_n6ZvfFK@th^C=_q@Ir?$O`ApYjF+hq3l8FtXDy#Z=QNBUM}2VAs!)^N0H5
z{C8@pnf~tZ!{Uz+tj*o%-mm^cMIIg^0(>9q^i@piT%>p#jxqXe&5#8ZWja?`dvy+`
zk%@CoeXgW26aAn{f<<*e)EEU=AZ+@>e+=M{1_DGII3(30?u9gsjvt+x1knIsrd-me
zdHuk6kOl~7e7yg|{X|(d%SfR%qijVW5&}q@5g$Jve{zz4s)EDTPEiseCS{0HWNj&;
zs;U#(iuixAKiFP-I)Ar{I{0P(y4~};Z?qZb-(X<;2t?`r#1&O6uqhsdOR7b{M4=P?
z*I(@jX$?QqdeDZU1iV+x=mSXrfZ_@L&oltKQFM~@+|s$UR!ZRJ+{)(Atpb-5iGTx$
zrXEN33OKMB2xfQd-Q7#No+aj++4jw<+Ossw(SZ>H#9PIx-@R-1@A$jtTm9c(v(NM~
zfQfg_Qbbcy)Xst=gpxr3znz~`A{zL!Ps#is{*mk#Yj?{*@cRTnP5wVqs;12nM?mB;
zM1-h;Ac2Awz+%7WASd07j(`I|1{#WZxF}-;NFslxJ%RZ9V(bhP3l*{mKpO!LSOIGV
zNQhanihlLbsi;I9I_KIKL<oo5-T>k`g1rn7$U!sx{s=-e%4RB4Qe}-vgCdelL3Vxm
zzrOzeK}AHtKSEC-Qbmdo;cSvc8fGRWVyg&)ScIs}YG5R2QB|1AwM;5ZGp9S}kH3-g
z=>LD-?r|r_(Zixm^X-QDiw;FYC{+*WKT$x0Kq!QgOwghxk`tR4KMVoH*b`%apK!5T
z2mt{&P@zl(APLMRh~=fFXspp$OM<R$Wn8Q=0>ic{Tp|zq(^vt42!&mO+}aIMrDm$D
zDPE$k6tU}m{@=fUnBTeY+4J&7BNaMbIx3~m+Y1m@q$O&kf&M-I2ix!K-w(sX&z}AD
z^|!wbfq!&D)iWj%HylaUx>H6Vg@mzJ+QuVv08|13Ys&yG3dLU=0>X0CD@eNHp~Vh8
zxr*k|C@TMRMVDy^clU>WoOi&vo@gv`iurav&9Ha}-{0o>_v?6tWu~%Bj6{+%RZ!Zr
zH}B6+IA6cl5_pHh_|e`Ot?$pg`<<=$mMS06_M|0MRTM&sIV+u7M$=Ph$(4e!Mu|qx
zb<qBDW)-t4!s!p8P~_>S3!<yc!oeW}LQEyG>WTcI2c9PQck*AJW6xa!*B<T*?FuAp
zq_UAPj3lbVY1AcD!Ow<|gd9EmOToWR-0<_)L;LKv)-WHZsB={;?oJT7bJm)eOpqWL
z$eA>XSDm`6`@8lw-Feiz)!ZnLN-olyDnp_rty>__)fDG~1NcFHPW+ysbN4m*ad{YJ
zR0NTu6AH?~4haBVm1fZzr!p=VX(mBUI|+o4Z5eXyI;=@JT@30aDyAm^Ra8od$V2+}
z&2*``<eyGiqq-qpo?cI0K6`tOdzZcPyvrq|vPx}jKaARKI%b)ws<VP^NTge#!g7<Q
z%3*5SO!@cmTz_|$w*Qjs(I(ZUp!_gCp|~)#>YzWuA@k2-uB+-ZC1L0GYdIlslqEtG
zMKM$}1hz8OEHc$=7tfyV-z9k{FzK0?eZ#-Td##X_xwQl7AcA2ruhDH)I3`jSMIzn@
zTCSFw=B`ss5=!^|ujh+3?MHuyxIb@ZVtFlZ%JB%d=n(NT50MQ92TFkkDijXvEN%y?
zKPo5YQ25|}3;;`YA%YO0F$RB71jw8=6G$-X7-?B%+@RwDfS63fL8J>po!cZML0ne@
zP}&z@69Xkx2M{8~pv5*~VyuLsu>fcwF3JMwM@Wl`fDDTSSO%;+xg@zv$kJg(WEAb(
zWRL<bT!Ms%3kIMTof>NGK~ac90#=hSD2_|J)s=yxK;5QRV}^(Ykr+e-<Pxby$*2=`
zP^-BGniLpKTZFc#o40CGF4Z$t3?f1h2+3}N*Isj{aVn>Z?2~QBj?QqZa){?1HODIu
zaJkPO6@$+C=W&CE)kSK?)+=n4wOnh6=H$_(Ln_#$Fr@57Mk<sN1yx66BP3A6v6yLt
zHbunch^?xkF*wNVLR!d3H6W9yBvFG7#7K)QP)8ku_)@lpLU4fs`7c@f4eX$w-^Q<I
zaj;DlDu>>sLtum3kJK)oS28m~ptgl9&3k$@UR#zd04&hJcfeBzx#X~5uExj!0B~&t
zNaHh|3Rq^tzKZyJxI`!p0)+rG(b|JgTB#Dt%B|M;_{%W&10`*72yaBens8?D0n&bR
z<4XQ=_D?Thc=Y7WnX<C!;W|y-Pj=sjySpbbJ7x~t-f-`GJ7e-SlvlgXctdM_=Bd7R
zieA&Ihlz{sW~~v|lRejximO>lMYrrQ<;lu#ZANJM_CDTK@@oc)8`-VW7wsG{Z+4GM
zb;fFYuik|!xq^);SMCX8^0>_!KHQ_gQS8KrO}0IMd{A6tDb7ruk{L1dc25jXw@eMu
z_U6~U<&v%(^whd5yT5N%^*5%gT)j^AwtHIL_q{%pB@(!idhgGxbu}b#Nj;gK_r33W
zq>@P-5>IA(-ta<Qd97Tzd!I;ax7qJb_qV-o-fuU(XufigC}1Q}2&otV3fZyO9}ks_
zBNtA@o!Hajx!}>X&gO2OA;p*pVs2g8<~=T8ymSXp4KH=m&Lg^m;lZi2M29)<+nsul
z+tim4dj`kA`@<?g`<0I<IR%SF%Xyw4vsf$)0t^rlVsUslS5W3=E$d@c?d+KNwMc=o
zh7S8usG@hlRf~63d6F8drKn9_!X+#M!tAjcD$2-TuKh8I(?&hl+;nT)p`yd8x6?4#
zY>pN>v^F5k90Euz2*4Q-(S?ga;pGH_!X6wFjiK36sn|fo2xAAp?_RUY=C?uPho?oR
zJoW3%OqZY&isfH*RTNkz#KT4@=CbPU<eoH4S{j6x75Os`W%~8WgkN30&POZ>y&@`b
zRaI5b+i~T|;Y1=T=eVxTthrY>>v}nG5fSrk!<=#=BC4y^OT~ypNs1+WF`^)rl1W$y
zru*Q<*szV*b#vlKBoZPhoQR+#eSyQpdUlGBh^FTvp+~n4T;a|tu6)~v9m?0UhL1w(
zt6+r`Mo{XwX)s77{E4c*i6g-6Kp_U`5^OOjF_yWO*g#t*(*Yy^<WV?^aKao%!k(c}
z9X7-`Ozpm(u2(poOCKD#j}`hkDhfNN$$bY|uS)4#jFL&kNmTVy(COX9#8Rha+&)Xt
z_b%KXAev;55IB{fIKxe;fZx3y;8+@&GrB^0NMy&+**&{%$K)^{Z+kSeP+0YFwJGvP
zj`r3|b;zXs91>4vXT9%x-l-&#M+B4Ep7*`b+4rx*sMBkG6j&ZkTb@rmyV>m`?uOX*
z<+IV+@^R7idbunf@G&l-L{TH*fj8KO4(phC%NiC83{cUdMjoCRVd3fN>FMtbo{+dY
z?(CyjXqFiS7|hf{Izw}38uuZ<j~ekSNu@);Z?et=m?(qT(<feJq(TiYdodshxVa=s
zZ`ztsq4OL@g9$zJWD-<MlD!!oyyS`}eq2X|O#Gn{I^L_)OUC=8dG8)`gY(VlXj7C5
zBq5DD()Cg>f>pK%ES@gl8z$~M!4CCx1&Dk?zCKBqO(@rl!J$cR6lf3{K$ws%SBMZ;
zJXOTRm5yNqpG$KwrEby?5vdO?V3czVas-gj_A_KwTD)bvz+x5_JG>S!2{KcJEkWs-
z1}0pzAq*&(PMyJHP)^=E7@eESabR$a$e9)$%c($F!&cx>Ok*fxP%Bt&K^!<jwh|Vh
zhGfGO5GuxCyhef%tHLZ{!A}DN2t**m306$j>>-vTBr=(TBIu1UJW}RjEL~`|*Fz>T
zV=G&CVUUS|@SgT@HTX1mq6z^jQ8G+WC`hV`MO8ze-%01@`*%H~!1z4XM4v}cBKP4$
zKtKQss-bO3t*r%8Y7J{(+PCmrRY?RhG&{q91ely{IM)`4*0&XNoYAfd1f-~v#f@U4
zoaKPc5{)4vCz$_x6;Hpt(SmA+E$ro(7jXwxl=<Wv3nW7#&{dqW0(nnVU*y={zn@=R
z{^#quhx7QO@oI9kMN*1V%q3AQQsTokQt$6yIrLu(G)FHRHewp*-@BmNyGgj<@Bmlg
zCaOw+18Rd>4OAOc2?h;d+XR}R))yGYRoO@Msw8Tf6qRA7^=_?;TvTh015|AqqSelD
zh}ft#7AuQtGDMnGB|xAg&;}-E5JU+@igTQs=Z#P_x+5dHuZptjpy6Y6Px6QCwiY@n
zg2EjYKan2}{5AO{Pb;gHh<(FJ`ZWZssSc<qV=g5|QClo46f7%+M>)+b=$TYeQ3Vl^
zDxgxO0&uzEcz1CN{`33IKS$%!gyuW*&KUa>SLK6TJs8LKFeJ$em1RhERD%&fmqU<3
zI1v@fDjCX(!{Wlsf06rM7&wL!iK|QuFmQqT%3o+SS*@7bTpOyE6;UjL>W%2;x&rC@
zlko%R(?4Y*Tp!o{n+mF?NeLN>nXIVJrgX(rG3VE>$dJ!#&9K8*9_!rRlgRT5zv8{n
zgYb|xKtmVxnw6@QijkwZ<C7H@=9<b^1lZV_6(q6;?=k+O8vez;8Cs8YnQOv3Da^tV
z$|c!^Dg((PKiQ46P;6Uwqgpilyx&;cbT9AM^ZDR+@7MPVH5O)tXkjJNl&s8%R3y~Z
z6{w(!Ndiz`&wJDmWPVSg{oBqMN5jxiaQ$;0v$i*gW!Uy$^M1tD5`|Q&3l=L-k<4WT
z5zaQs2Ne$xFfHcnu_AV-Y%KG3AKN!&X#h28SFp0vs3+feO{It1`(M+a+VWKt6o~@N
zL`gM66||I<Q(hK3BmJ-)mOj55*@<m3H}&`eD1d$?0EvjeFzujC0Y9lyl~N0$E$a}(
zH!cL6bHGO#4st3elS1lTqUxKMSNi?PubuC3C<@1jT><=hEr-=db_K#Ic76!0#2<uD
zv)=B#{v|E@WDnv>sL@m?jXH%9t(2!J1f?r9=s{|dm_}fE=dk)XC(i!!*~{yJsm=dx
z`OKTT)Q5cn5FIqee@cN>B%w-mR8&oiJEs>i1P;nBN0b=9e^X&ZiTZ;rkPPGYhXWAZ
zg`$C!6g<0b9v}zo`k0;X<SHlke*aHDhuILUl~pA~K~+)p{C-a(%fueb`|lg|_vB8-
z55P16C=cCgkV>JV-ohEmN-CqAF2?k22fx0y%>89au3C6iIyGO~2ALVKCpn3HI)Iz6
z!OpurNOnqz8fr>tg%XMqr%RS5h_Y2d@8_-gkE!eX+m}HxY*@d4KOTLnKLhRj1NQik
zf;2)&B2gM6RS4~Df`q?czOS+7(yqmCADSHfTZ~8%;X&0$&9XZh{eFuu&fnqoc5*|B
zr3N7@EEQEL@Atj??tcAO?yyIz((qTnSF7~e1SFE8k|7l1V^oV@K+o-2z!UA3X-L5X
zaSxYl#=$?Oa+c$`<U@C1Y8rt{5IP9`r`V95)g}Ig+X-^AQ6^pF`+V^OhEDaHM40hB
z?Z|^}#BO;es%o<qG)C`HBxDOUg<9Ta-Q|omMxa4J)@tymnR%@int~T}1;lm3&SE*^
z!^H=jD0byka74Rc>DcY(ImqNguG|y4E-y|85#}U3@Q%1s4)dou;)or4T=GV6kAu8P
zJRKq0>CSRnmo_}@<qOB0rVtIMWvdd6+Y#KcaDio^QHm{6tDMJC^PB_EJlsT6uC8-)
z6)TS}oG{heYgt(_sbo_PYOQ1=B#g?{jh=Iz45k$E3ri4+P$DWMtVB7AOgYp@P{hil
zAjIrg(Q2u*HX=}%X+@>22q|Ql%PO-eG@$G)2tcT^rBMh-d{1;AZ$^$9;+6e8*;P|L
zf)W7Xj@*;CkmG^e%TW4-pLr}~2iGlng>`8Iq62uBRd;TMP9lboNRkprPcx!-!f^pq
zO7C@CnuT7oTEDe+RS(HtpmIxms-XK6m&3B3rtp~8B4(5)&c2@dX7-vUvcOE%me537
z2jRZ4hPTTrs`dRUz;-yyKKc(1?HYS2i;dl0XabgTSG3<{-93F*>;`y;2O$Irh4d4*
z!05oL_a27w;K8aD_9_&r&g6;@Yd5=?^8gAx`EFV}G%^T7?Oz)t9j+XzuDMtivZq6L
zc(*9zGIaIBN~1U3<)Nb%`?q!TH*V=@g?5fPnZ0K_tBT8Wqx!x%tXhbIigw)lZq9oH
zJL$zv;hV2|#uoDm%=Q%h>8|BksSCATX2O$l(tjOV#!b1NS~wa9$-5l9TCpxTMTRfS
z1=z#CT+T=!9@dW@>-!bmq~qr-T)cRsnQzCB8LrVjzrL|(C*{_T@!YmIZLNBpU&m4>
zv)@uRbSRzQXR>(0NcG6lM8B=!`&Zj<H}9jCU%cO4m+`yB?9G%wSGB!wyEE9Qz3l35
zwQ@@bULzkMshb(~UhW>czT<s@y06CF@h!-tsWaK0_r33X*CdifB}tySA<evuF;x8;
zOT>7-*I@ilwCrwW*u6P?g~d;kEu#d#eDEGx$GT@Bf^5C@TU*=rc8wD}1lJ;g;_g-?
zxD<DHhvI&4r?|UQ+}+)s;tmCh1WzfY=jD99*ZbR(KOo7KwRZO0bFO;~3$R)l-kmzT
zi9aV^RaPya5rGC`{ln`m%4Kd7+Od-cna}pW6>+Pn+b(HCZ%Cr@C>p=C9u{1?>d%mg
zUw1k=?GEjJpiCYegIVtQrR@%2RP)D)I?7H8g+6r@?BhFfj>w|pU{PcS?AgLaFKq_&
zN3toK8P%`IZ=GuYGUdh{?dVcIc}_pgJ!N9me^>Y*_RRa1Jh126xorVtr%Etf9n$P|
z&}Du`@kWHGx}~Iibs2uCBQ~pvTdu!|lm2EtW|ytstB;N(w9i()$81~d3n|(pa&vD_
zXX2BJCyq!n!|>5nZ8uCt2e{-_hl^5-TEuo4s8_z56DOs@aB#3BX}cNvKx&k^l@J!<
z!=bcE?Cmm!?|P`=jvgw>2p>^2ClFnOF9wH(Mrlzdu?PtX;jNp8wL@oEma;!aAn)GC
zb$8Ntt=8LQj`5;_O(!MAU1MzowD9J#=&G}+Bl5;rB=umG`+`JwCts3}_l4K)y(2mF
z_MPNJxLargtsQ%RTh-oE4}SMO*zk4{2ih-5pz)DEt@)OZ)EWy1dVKwW+*R~M`ut<2
z#KCOukkiD*!*SE@(|=1m``>c!{ZBWh^fZNFQ0SwRu&mZYuI*WWLv}u2@Dpowu0{O2
z=yi3$$E`W$1-~loK!Xh7Eo4f3v5Pn^8o4w7DlISEj3GiE+%VKg1Yp?6a3IRT^**wq
z_a(oo5h0#B<mV82C^Ff5k*5tv%koBH5w!i5#dTUMB8`LNQbbBYeHicqoS_-ALY0}s
z!Ll1ZL}sST6B2p5%t&Q@NTcMogd`52YA5>~ar97GtkQHLY9^54D<k3-cG&?>Q_h2e
z;?6ZFIWArtv5Oii#foSdyo@$(w<EdDFSi6Qqpk!BV<pJU!lyCqK>^nm$zvCdvL%e-
zx-m6h8C4BMS7{(oh1hLKz^%|6gzV0gdtsH;a%><|0eGY<Fo?BQX~r?MliD|$6|Cpl
zStl~X^8lvUvn3M4K$=m<4R6bslRF63DZY3p0^0#()7z7x@gSPYNG1*aYD}K|gllmY
z$-PhRdj6@u-&902h(+PTu(3KdOW%@O+OvW#mWd?4TvEdNo0|Oe!&zbfn~8bgufRY4
zXZ{gnOF2-E>idT;^)cs3GU!7%ixBD896I$}Eu~?G39kd%S%}r<cRYF$zOdI1^Ar8Z
zG2MS-mo_8sXR~(g`7+diOJ?!|F;CWlzh21!l<EOAAND(#65QLkKb2)85X&&AH7R@(
z8a}tRq6Vjk2PONV0_}#nKVE5G`8J%|bS(U8*`fNdK%tDK$uXHMJwmSoCm*=WXfh;!
zE?${-)=IqIE_hHK=o2`#7f5!?DeUqo>ds1z0OY}&0%qosF3zVaQK_y<<ox=!_6Onq
z=&i>5ni_R@h!FeW&zy&dOYzFB_{2eB1HNqtNsDH=lHpE4>zP0>FESp3xez`};#lE+
zvEOFJy*hsDX<0~Z(UMm{z=3;WDN4fA>wvWH*+8M4HGvT?7c(X+BQKvhD=T`N7W!Ln
zUr<3N{(fco!#|_E`TZUooc4YnH<R&b0zdRdR_UcHl$e>bON^n+)0<&-q7BiD{mak!
z8xnPU+W&{h0}?tv$Q`<L#CZDf3N!vaVEC6bVfc`4CYcu3wYZWQ%!M?`w5-T<!YU2c
z0`Ss;zyU<BZlA<TVFUcT(6f$~!<*B23dD1-?LE%ltIOZ*-p@tWsB^2UW;~j?mDpEA
zPvR1aCtFej#X7Fto{J<J|9*-X=wLRf@m<arBfUiIkF6WnTl=uE2Zcgm$FE2%<pk2g
zs^#elT5|X)ygFTvLa856PQ(}&QlRM7Wq@J=Rqo%3hgyQO+R=%ay7(J;+zJ>WU!o8j
zla3P$23Q>m#eeUg2hFm-8gIzuVB$DBoT?TSq@MrY-<OTf{;MZ}OYO+5p{NN49%^}N
zBv&(*Jl+1n{FJw$Q2F_XVq>NN<U>Cp04_<MKKQLnOHallNxJViMhKNy!1vJ{<JC9h
zj7k>x7EdxrulO33g_D+}4y2r~D)6>q$$S6U7i!;@-(}^Y1Q0o58?Ll9Wi6eBGIx`A
zdGGOM!#rhJNYpR8>Ky%Q+d2?m5-nUZaDP7RbsDQvRp)@)79R7nM}BkRQ6a5zVI9^Q
z<)66zflr@hHy>SazQ6qu|2s2F17ToQO`(>|PHQ}kQ9~xuC^5HZL|d_6U9+NznY$eL
z+&6!7x$nFH#Sz&TJ*6O{V*bMj01?oscP862R99sII)%UHRg6mWX7B&lw<sLY=WFP2
zNm>%3YL5&O-WOZgFMWJq`)gjItzTWvPz?d9y)(S1|Jtm6fc7s<)&B0~TR&?-Nwwc^
zlw$;^Ix*_0Hw&X~zpB_*X-0bZkaN%=m2xq)HKBcrWwb4EwF2<`W4;<f{m8t<aIsBM
zJ97UnC8xfp0Z{s1FCD6Dc&j=88NnlGnmtRDyqK5kT<aR-7Z_w$%p-%8ccjiH<`eb)
zWE~5j%_7R%If<eGgtc$P#+RBBGoj?CRENq40fh3-Xrlo987e!*qc|9iNGGl(4D=Al
zWY6qzZy{~(fp?LZTRyy_9E8C9I_<hxixuUZR-Fkrf{i0IQe{ZKvC&f~aw|~a#b!i~
zA_=50T5FtXpM)eOjR1_Axg?a19@0m$H4N`>ZUdMpeHVnA8UQN^UEV$KywCLfLe`|N
z+3EuK@CO^@q_cn@AESNpq{$Q_^Q;;8#t^vT*yNGt5GwF#(8z!r_M=uaH3Cs8C7>ZN
zofa~B@DKbLHPUoQS|~458Ghl0w-~00fY#XeYa^$|+Vxv8IhCjggk<y|UvtjgGpi5j
zmFE$w6s}~_puQm(2M9}NgPaGlej(m{Bh%daJHiMdUoUPpPl~<||3-||E?`u7`SZeo
z7>wqFEZj|s97m#y63uKx9r@f5zA&w_Ex^H!+CP9TJR7RoCK`dGSR_opptR0@HFf=Z
zFbi(|yWcXGx<yd5V}TL2;;I`_MFI8t^76J;XtEn9;q@o8y!J)0Z-wBMy65D!=86&H
zaU!*GCbH1qCso$ciZ*ba>}G9&?!4;ZxUUlN(6qLcyMOq3f=6$5f$;5Or9a6{#Mv1C
z%j7HAf1&rZ{`Duc-&2>9>}-!F#(`ufo2F_HM(_{sX7rosm$P2By@XqbZ|iC3vhCDh
z5@@aDu`Jj{@VEb}tYDy1TTo9>pFv+zgC7aq?85)rU9jeNYoB6v!GixD7R<k=awNbu
zB2jMuJzZ;rkYSLj6fU;kr9jNPm$wf2@s+$=aydQv<3AKy4`|6Km8snDh8r7Y->nl^
zZ->*a&w2W{H=VruHbd{uOT|dG)TF!Xe@TSNVo;+Hhl(Kt|Dq}sQP<|RgbyEgY73Y%
znX|xVrcfr)VLacGD&JGs`CKD;5g>fUM#R{?@<fj?f9TU{jL5KZJVQX++HpcqLG_Ts
z9r+px)a5jfSEs`BrHkuFFQT2Y*Uyk0Y(%=XR~`Gn3sT}!sMutran-g0ouki+7pXFY
z#iu2M`Q-cq<1%I0#+`Q-olryzMJb#43;Y=6Y<Rw_$q*aXa+GMu6|_I1)&^H%mlV92
zXneu$wL8Dn@-8p`)i5}*!1b`+z;uW<MB-wopYamRFSz%RcP2ipG{rO~?@gy0&2^)&
z3{6U&U1IhlHjBgw&^_h_<Xkmd%9a%g)D!C_je`<^w!!r+f;BU<kc-8zL5?TWv88y&
zm@$7G4K#Gk=99d6H~ae8k!DpOpN~&Bj~*$lL<#98v6&f{5<`ofMDyTPW6V1>EgZWL
zn;cgZ4d5R8EKFE^vv@#&zW8UG@e$0WF3*A_2<<(bch5=RUek1DszKZP;!Ipt%95rk
ziC%1dqkzhu?Wq%cDv#QaGZN*;CzjYyZ7cLgpA&Jc_%owz`qZk?W%?(v$X_0cXY^03
znC(+w`bP{tbSgd^mUn8U9vB7S?zN^?eM;o*4M_cxD->CRuZ>TZ;M0U7ikbI=K+xDd
z6L_cLLw?ccJHy^C$&k@ZF_~66@bv|4IOJCFBkTRr1~b-$fP&lqbNh9Fa%npo|FgHO
z-{`e`vk-hHET~v#42$mb)D#iw?cqv8UDMQ^pC`iLmv9Ye14{6HwNf8v;24i5<`5sH
z{D2enttjvs$tNJs^P3`oOmdhDqsdYYu;{$ciYS3jrd*^JoU$d0fLqm<af69L!^iV2
zg8oL?acYGHt8eD2#M6VEo0|X}s*n+$gAQJ%L#l-jZk(d+i<dC~m_d9K3VLn9nUNKl
z;uKK*?;)U@YmM32QHh@3fZFM`H8sDuv?yPzYg9qAqg{_&XJ2SLCe2{cGCrv$Q;cQw
zDR92s*tYk|1Gtw&lfuc?R3c$d_ysQ2wiyk}GOf-7(i|N=I0L1m*qaIXV@)Rvd~8=M
zQPMgOiCys^X$|4k68|hR6|?BJyFhU2;#@N);w6>CKCXtGHU8<dhkQ#CM=0r{1PBFj
zE1MV_G^j)oC96ybj4>F5>d!o6mz#~W*Wxp5wBmGlBqR5c*6)dA{7JW1yzo2*ijmDi
zh}kgA@0D5Nc34p-^)^0G16jjLuqOect0>L<PH@id+tccvJvmhF-nqmMx{F^i`#SW|
zPNK}QFq%vezhj#nK;s5bQoi7?4k?W?wMNrXrO+XyX!HyOvERRO0}y40|Hj=xmsW12
z2AaF_*0}jd_MC;Ikvh!Yrd7sW7HsY+>d8VP-3=Jqwg9+JN4N@d9>9U)g&kzRH9hUc
zbtx}V(?Q?gf4>!z+A-)s!n2Lgc;zK%{{DG2@xKxB|N5^<l>g=J=ZW>8zSlqd!4ha>
zfKd8ydAz6UJOOzF;SCOhP`9ooh%f<TjH~^(hHKc#5O?bf>hG#Nxga<Ul<rs(<G+6;
z$VGbAC2RNoD&;Pml+-pdqD$dHewtO-xy4E$bHsAdF>8YN-hKr-9KJc1tzHM!vcP!!
z{q{bW&+@<%$}l1Tg4UR3TUm=0zO|^CgTLmen0YeSSuhkeULg3^Ff!u&6F>AUWTKtf
zd#5UVKqh8m_j@47|M?%k7<{?()pk8OJ3DD<u(~|WLN@fs1PAzY;vlsEn*~emua5s7
zZ?n86R;Xiq>`<yYho!0<CL9<pl|~;@B+q~l8;gK2@J(4u+P*CMscmh#Y?YHE7gv&=
zKrda(UQLt0GD2arGc8swK90IqFm)R{(LYO#|Bt$s*;_(J1pU9_Z`P@;>EcrN#h3j{
zM2kV7f3+=3WZX?NKqV23l3JO%ZmC*ohZjMgYJTmT;E4QqsO)P-3_Ca>r-w%Zgkl1~
zn$5_+6s;q2s;pQNXm9xi=}lV`8REF$rEHDX4NJP^D>Tz-EX&HOV$?d3wRVxNqee~b
zBTiS*MQ@0EegMhj{%mYO-;X2+ZXh1Q(75$Hv*fH8i_Pe3pojZ7hHr;w7d{W;u=AHS
z6Z&t$n|unGX=Q2Ab##`k>2!?h8(<IGXo7$2zeQ)redZJVnwRTo<epXEH5o1EM98B?
z=WZApBhQ1*UC$EdDFF#YNZFr5RK{-1(1Tr+|6M9rLiq?|ZhC^;K@)p$jz)BZ+5ee)
zcwJ>c$72YAm<NX^r^w;yFAZSlm0Wf?xfn5=fsyb|)_1Zwiji`Z@4L8`s`-}em9xf@
z=e3VN?HV_fh!_2Z`&x4Lldh!oUz9H_EN3iBpg+=Pe?F!3ZW<5oZ`E`L1jz&B5UG{K
zRR#iH70>>0IQ8^}o#nejdv2cm+SkwFk@>w&ITR6MxNyk?176Q+0u2UW{NAtqz1w)4
z(%KSbV6IbwAcn%O*WF=>=hvgZHHQEC%BhoZB6Gu^Kw(dAmnZ3h2M%J>HDbS7BtHNp
zK3q_9NYLGP)g*M*$drt=*fol)$%9GaG8aDFl>Rc^@P}B3651TJ{w*qJ{)h0PB=h&$
z!pi>Zskg~dBm$`g3W7X152m{41G_P8`pv)J?FXWR_G03T)um`_<@~jT&zh<3s^l|D
z@sy+qZIndsT6%f?nwV5XGx+yDc($l`4Y}y`GfeICDZJW(&hJzEd0oY|Fm_gi*tN7&
zEIq)C0=IUGVT5X=VY#w=mVE;%{#OKBa8a9lZZlpmh=DnSoIqPTmTi!U&4D-A4h$kf
zPry@UL-d2f;n2U!EqtB~yhlQ2acp}?e7p_l%u?q~p#ZcE!|zAFr=te#a57X!$ra))
zW>Hj?PD0`O?MPNU;qNjHyB_U9Uh%3t0=yDpEgR1Xih~J957}X(ea@w>WVM+ln#nSS
zuhqeGdL@eNWOK+FgCh_IJoL<Ly`))L40MHQ3TY2ahUm8Nk1P_z3d7P|1m-Dm+Q?CC
z<s}#jDM-VmYPRY$q()e#<{(t72m%Ng6xQ4E`OZq+F_rzk3Ii^rZ?|pqKsJAgH^V3A
z3RI6BDSmQ)7jW2HB%%r0=-VTL8j;n(kMJNHvQ^nl640oV-ihosP{B{<?mid|-o&Q&
zS$vzP2qRD?26a1BKBO+H8wb;IKG(zWt`yK)cKbfmchnpUpJ<cW*o2T(*Ul2gMBz|Q
z*BL(g{KmnWDEXz4<p*tSS(^!rHg8A>Cmsw5^#>G(Hnf~aX)8wi<Tm~lbKUowJ(@D+
z()n8GL&IV7jv7nV(ZS&Rd3#7K=!MVMCT!GT(7k<UT>Y547|q$hWI3`3t#aQo$PQ6m
z2r0_{WqNR+8}=A<GdQXlMD@i3KzS$~nnD}&JjpKd=jBKDj93sXJ74rhi-EaU58`6u
zwEKFAaI_lz$^M>v%nn`}^y=I}e?$VYcvhyUW}~SBB-&rA@lDN+W!pIB`$v&hbrJM9
zh>V1uRDrX(tzVncgQU3pt|;b=?+?<8`Tc!#itBHvE}oB=`MoZ`+hms3#`>$}n(fQ4
z=gq~6QMCEh_h+EV1~v-{$$Pv17oPOrdwy3{)9t>OzmI0t*x4D?;J|{XLcE)HAJalt
zZN`VOD-l-3li3s8>#l&JBYuC;+&I4{^xe}3J;5rg2buK}aT;+NFu4GUE-j-D80CEH
z38P%tma-ERe7Nw9S>p>YM_upB+%F{fU%HXZUW5<5Bf&p+B|9Z#oQ*i<RL0j$Hf+zn
z9I@@AR9h`k=9MZCWGhicq5uy~eN1U(zcJW4sp0cv5VFODT_)|`()~UnI!+R2{oM$4
z{N6DZ?-SYjdqkLnQvm7ZdOu{1WnQ5IDbtq@_ldj8C_P9PxeY?#DIbHt85}zrim5Ri
z=7)9|*j#6rQ9di#Mc39l{pwq<U6t+7rLNy||4wGE@n#L-2vtL-hS!ylNjfaT#!51)
zkng4+={v0HZh@CI2NG!A28RKt<+7Lc66Ga_5v1hN`5;5hR4DB|-@DC`CbMusYl_2c
z>UT3*QwDU^Q{s)m;=wGnGd(>V;XrCQRI<;6ak=Vs_BqQr%LH?(SeIH_=2la4hUsC=
zaH1uuJQ9#b{6X<x<YrZTq8J9xu=6MS6_l~o429N5HZ7GiR_&AaJu3PJKc-f_B7G_h
zZ#o1$6d*%LD-Cs|?#6?Qh%x+G95D}AGMeRkxlUvPI=%!vk7JQz=$XJeCUIXaF=QJU
z9g22fxqP&$tgpYyTP2W5MBpF}46as<jAmqSt{xl#V4-c&p~TL9bbj^JX`VzY!52pX
zsz<z!>bf)9b}HS|>rbcbb1@EC)NF$f(Wyc=;dCV=fs$dFB|nKcG#$Xr$e|&1&I-BT
zPmQkNG>by~=@1YR5CKepT)M!wKg0eH`(qmdesU3(C?5sfL6bAt>@DHux3$lL)1A6*
za66HVm?7#3doPy_F5DlzeTY<=Cph_e%jkdv=xa0}Q0|vzcTQ`)JgN2lL}THveqNCc
zLwl`d56|-ad$7v)z`Fnc?dt!q;yqpO+xtY;QN-KbYM8Ed+<5>wx?4)yqu57aQ7qo?
z>L<96J-nwX*Wvh9%lr~6@Zu3KZiTx+bondrLKcgXl0wMiuEG-57+LDDJ<VE>lOE~u
z6iWo8TgGiCpkZ%Bssd3D@T;$qq!nd@N>b1#OQ)q0NR$Sc60Xi#{Dx#FV{2%_Xej!L
z^3$5pFv_b!Cu7uPxrJ6Zt9aFKPwe9?v|=;F!_}6A>+Gh0U{!DYwZ#xBE~-fe5vtN*
z`ah@T?)<v<aPz9G>h?EBBp!5LE%W!!^2G}Av6Kq;sz_@z`h)thH)xr&y@W-qMrdDB
zEhoVtfz{FWR?E55n9~v|<<bl6Im;0cq#e>YPcLdU^}o85&DUQ=ia*Gi-5)viQ`vr@
zs(n8?dBs(QAfXv~H`7}sx{F5tVpHjvgD`)q8qAO^wPvMPO`0?sK~~d;Jy=xo7!kkH
z^_@X-4vuLww^4<Vx|cw~f<6M9*ojC>3Q*7G6didX<B-GKNAS&GI*G7q?@r2BPHlh%
zV-~(Cn%pfIKZNuYlQeayO8k;`?g~A@e(n}n#n_HG^PqE<i^-K_Wd?415VU0_kv{|i
z`D?$Q&Jk2=%GZ(g%&@&T_LD3%xxQIjX;<dm^uG4$9NHEkV8O|uaOi_ar(?mUG;-mg
za_+8kfrmKCm-`O$kGD~!Zt~_%-<X_go)hq+<>IqdrO;jY0;x`Gw>Rf5?*8t(s=ghY
z`o2~ceqQ16_ex+~qP00MLqj5`$Jdlz@T2sF1vR^YUY-Ie^M9MN;)y<x?zaS-&KQ}v
zh-}Bzj2J$_bPKwmL9_8@@YE4h{sVqN_b`|G-ZO7e*h3|>&6rLRT>FP4gd|s*qsaug
z&V7x<ds^7Jl41O^_WgMvhmXdi2m85upfBhtJPZLGNrig(3l@~Sd&xBSS0ISju%1$_
zr=?7frfL12Dm(^VbG_c>pMmc3x4>7J>OS_1h32%<?u-Jlu`{f0l56=<hvPLhbGup<
z3SAwSumtN7N`fsn#JBNnm!f%8B|_0TEVQ9r&<PkU(GWVbbG^{NJ$@HZ^IX@dIzwtY
zWw3ua_69244(kQAT(WQ*z7;QKN>tzLG0S%M?9{DaI|<)C^y$oJye83$gTo+6wjhar
z1}Y2BuwR?)p-KHkqCq~&3zXj*di1LmQrc?E+tL;3(wf!NwbNb3)njV@eQwiKbI{{!
zuHZ6PK#KNYc^<umVElyxNDu5C>0U}b4nOG>FCuk_lu9HBxBYE6-F!<KhgJW}5tBk9
zDIfd*TY$ZPaqm2j*WLZ;_U~=|E(d^Q#kY4cik(P!R$oc=^%qw+pVxJ(kwCw@=Qor6
zpnuUx08=tF8dRwZHS19wGxc2oeLCH1DS@MC@1flf!<hMSJz~!zcd&1E20sKcagTWn
zNorUW-QD-;Br<QZ#8c2s7iECKSnHxMy`F0emziH*VUI6+`(H{_<r&lW{&w}YJuGj7
zyvR}bq3ve6y2jySOOb6s-P=w_XWzPwzL_*Tfi*xpP8`$X;NNe7updwBY`qV#%-xw?
zmkkMC+!U@HHvhVPtxu6{Y20aYm#D77{v&YnCoBxSH93NZD+C7~<~NqYBk;q%6STpq
zawwz7s1jMH`Ute<;uJ~mIu10A$-_O5i{;zpNFR2=+y)Mc3pQi<Ga)yl$td)(A%Wnp
z+YLBOz%3O>H9S22WKB6DJh!(OZVjOYW;4@9h8Y%txx!amPX>dp-@=pxq&e7hi@%IA
z5)q&%0yHI}uw+&M7|ScE{l2?y4|CBR$0bfQMi2AhizNU;L%Z;?qA8S|s$&9TyJd5#
ze(%o(6nE!7#)cduJG!=6W^pvJjOOmu+25@hAPB121jzW!T~;HJ^o=FKVBNgoHA2IB
zYEVUVnv&p>5IKmOIC9J4gGreJDHU}RyE4vvTg{a|Bc?^ALU-AS?yL7cZf=x1s_@qy
zBmd)(<j7&Dg|F%X%atND_r#FcwzOlZ#LKmqKSxCgLog}pvj76JK@+Op&ipP>wsn;V
z%Qgq?#PA-Q%a%1!vkcDFuc7U7W~Cd!@d91Z>k{_m2`8_OxW1tFx9eT>H=R_|+**O}
ztRfVfJ~uA~JIlzjCrj!yzo_yHRO~5)1&_jN){@uTr~Pw<_180?BICzr#*%(Z3yx7P
z$Yg{}8#4DFv;JfSxd}So%-FrqG3Mf-Y)aK1A?xcn=WU^^R$tHPboKW2<F$LtV$N;F
zi5UNoN;UT{v1$G~a@~-Km1dB+aT88I9CU{<x3t^SB?|6?6*vhjtz^UOpS|5rPB!Uw
zr`~UB{}pa!sg{{uZ(u{p-~PILIy=cdtk!0)*YOinX>gHMYw$?n(UTHpgk<{#KN9I4
z3>rLf93}$JBG}Nq^r^|Rxti=+tb|80e!|c2BYC#Mu%x;R+_ec@GV5V}PuG}Bgfp#J
zZX6`$BzzRUJ1n7qrUM?J2yrmGL@{O>GEnLViJ-O=@yIiQ6WzRt@k=k+N8`AV$2!4G
z?O)HjBT}x%kZQ2@>Ge3XjXRAgJGM@J^zP++TP;;Y$l?0T*s<SUs!Lj~?Up^a6mKfS
z>Ks>!f%P8Kj}DA8o!T0_%yq}MCumQm-~_wBRkBR;!5B&~vqY(Q4hujQl%DhJ&2N-z
zZHIEF)3EP%^A3OBjE_^e`yN7Mjq-`#)%}kvoPp2qS)y=}hq%_Q4ejmeeN8K*JsSHQ
zhHhHtisW3uNerd9^+yV2T{IL}$n{OhPrM{pX(ry@Z0EyKyF}nRHF8qCiXJD0$T%Kq
z3;u1(DpON6*9^jl2vXL26(ARg5W5SFMHsxTsZhj|MXWDKPn{E<<qSegD8!ALx9YTz
zQ9v1|0t#BiyWjjUh#C;iIS36K`q@N;`6@~wMgfh|JEJmesCr%yB+v?r{dGEen%AjE
z>cHF47D$z7EOI&)rqXi<9e?!Re~)m(mexHC1{q4PqypTYL|Mi3?2$zm8L9edCK(t?
zLc{h2un_gkQ1iMfjzOAunea#GUxXI|pu&5{1?k`_ac*Jf+*??))XrNz+1)L_KR}n|
zF9_jd-=-1xprfrZFsXEDs#&q;J*@TLg8=MZ$HI2~TRzl?48$p{Ck#!cL}qodI(+Is
z?w*+DtPJ8GP<FyvjFUPr@y}`&F86N!lQQ7XyzOmNYnv^HTZ{yhlEM5hu7#*03^hkx
z#C-&f)yQRki8}azZ3<#ny^06nizh_`g4?jE1E0m|iv+1fB9bP<_2793io;mH{*p;_
z_2?QDyK6d+uhj4qqm#|z=_9Uu;>#hHpp7oXv32W?xC?v$`c2rL6~*zw`aSn<^gIPM
zfqZzwLkk!m-W9sGl6U4zopI&FRc^z}%zW`=38A*3#367;Aio2}#wu275D8{<Y4V}H
z8Ex*Ue9bt%lpITAi%fDOC=ADvn0}@yk$6Ued=(cnba5QWij<@svdW5OT4Qcc<l2aS
z*tpNJg=&E6Pv!KE(Y;Ozki`Xr4pE7P?ls<5Ss@CI{h&^n?6!wc78m0=S{F?wG-au(
zj}n=w&jy1dio&WkoSL%2sI~|jsKmn|LNd17&!&e)vu@tVxu-gXpF|AY>mG8Tr~C&r
zwiajznBXLl&8<!UvuyY6^eR2ki*qn?3oUZ9fpy(WHd0DVxEDl~$nnax=e1F)J4(<L
zAQB?$?~lErBkqu<t}1kI|NYOA7h{rcQVc5e=HI%r(}e=(zJQ10vCEP5uie@WVJLM2
zV9YT-G&KBwv@pg)`@~v>k?w{Iq&I?U_@5j27YG8g$`s_9(Pc2zh!=68XA8yy^>4q<
zpvEsgX9GHwg^8b4T*M189UWNPTUds_7`qDI@C2CenU9?~@B8-&hqAun{@RWcs`Ghz
zaNMdX=(v|RlY%70bJzddu)n+e&|uQ*^?Jnax8KSL4z~>d%*Y0BOI8Pbozn~2jVu-v
z^lss6TYGB|d465z>$s&(N?HLWp)EiQ_Zleq`)_>i&U)rd)T`<>K4mbE1b?zxhPh6}
zbb3uBE71fl=l7gRwguuWM?HY!EyKfz<-y>1(LX^jpS;^^(jV5A4{EqU@hOt>U_j`b
zg5&C@h2eeeJ!xe9S6q4@JqQN0$XPC)&pq^Gd*vcHCPrq`9E*-?JQ@v5LjL0|?{mY<
zVJTNngHdQ88VMSQ6$<aQ&i7vT^s@<}vc0wWOQ-h07g$f=3-l?F8<eD)HirgI^{2Rl
zF<#N%?1*t}&Uy3+<wVTh&A&FJ+dl-QaYCfqd>r5Af~u)M<cKs@31IpCe%q(8Ykf=(
zp|S-5z#uvBlDSdC;wS%4s75f;gD)C+$FG461kGzK&3`8cQ!+*Y6IG)pABIQ~2#{ie
z|59cAO<cOE$2k`HxH*!Jv*!gnJD5!2pry*1l*23Vy@Z<J^#{P%wRSIG_xJyCnEM9)
zKGl|y-Y^A($RJ6|<AWtJ@ou)e8UDe#klgj76FkBXycYY=VHaR~jO`Hs+m!956DEXj
zSFNC^0UBW6j0u-vMN(TA5gA=QZ~QzSK0Po(tW@zHb(Pw|<+tUa>hf|_Z-sB7ZD+wH
z?UGZh_LRuM1<Xp;HBn>lBHakmST@d>8W34yRAV1`uprujLuh^qTWb}m1B>NKh~*k%
z!sU_LYgKKH);3DW%)0p##icRtAv_2EXNc*0DqlP-@HHitE$OA(f$Bvu-RLM;3I?X(
z^}6te64Aj)Tw_HMn?*x3RY}BN7NF^HCSY&^o;9j^{%RYQ6*_~2c@9buQY4u~)-ZN3
zI%p(T&a0Cm6qgEu`%y?yWvN0tBC<pxn@$G-gvW}`OiOP|CE*FzNrB#j-6qEePs~d-
zuSp_Hts0_E4MLMfe0@QAgOL_EcSkD8_&X<9d-{AolSBufVryPDx_Q`2$e9-HgHlk%
zhYt9JYKk10DCdIvn+MNy6^Yp_4z;VkxPs)>JnnbRiEggYuY(!<*y<^G`l-SnoJ=yM
z#b-+a1PmiRSG=#qCgJ^l-}@N^JLpDpx|;92^e=xu(9X2_s}f)(5p$F!S*1Q|+@vv+
z!jtQpaw@J;Bw8S)j4x8<jPY+~1;O_A@z(N9R1Ymg54|LRBe4%9`oPn!Up#F0Pz9bS
z(H=jl89;m1bK?ROUjEqSZ>N=@jIDSN*EsI?PE^+W@B1$l^$V{|*ru>uZi>}|_Y-^1
zI%HD53DxoW!G=_PZyq-@58OC=YIO@aK5~?EH9xGY(?HLx7oR*x(AoGT`NCAfe#4Nz
zlFuOQ$x{B%D+qcI49_h#Sex@+nfXf%c>Tgbx_`Uyeb_nmS+>KyGpv3V;T$cD`$(u?
zT-u@e(vta%E!L`X{W4u?b(|IuWU-geyxwsJ<#jXhPP^|k^6Rh<iNU{c()xiJopZQa
zWlX8uv1VWEU#p-iUq9Wtd^v_~wetfP9IQVXSvC4fY<GlmJ(imtl=}Xhy6zc7NeXM5
zTM<bS9j`JrnJF*(?70@G^582a%JmNR{rrDr*SLJjJ9_NBTlNx*{>MY-gYlaOQdRis
zY(oylca7cc9{M*|h*PLTKsCNqot$1Xk1?TfjfU&@^D#aU*n&7-9>iF}lmG;fA4qA9
zu|3gdv20^p4h{cJ6k24+2i#gaZ5mq?$qm}tY4TuA*?ViS;OgJAtnD(I^I)5dcZ)W@
zIO<dw?}*(#H@alQ)eghg19^Jb)-K2eC{g10Y;QS*F6X|KErAh`sKF%{5<YYJO%T-&
z?_q%HN>aI`j5F@;Z&{m{!+|$J#_Q7*`Z<qQ9#3~CA#}flD0z<|<oZ8*k9*pcLEMrG
ze2^mN>G9TRSMe${<gn$r5rgR?ao3r06wL1S^V(@VCuXK;MTH2CinL~@jLLT@q51=x
zYtnHZB_Y1FasiwF-p-kTaDLWz6wn6({sGPfQP)#X;U9xu?=ZNF&>~egiis$Gu1b~U
zQHYa%3Zi^IwU5GSazq|=QzUSh<?9c)uu*S05{poQ@hMmDyxx03`beg9ReVwuwBTeU
zcDALI>v*`}NCZ}d(Goa4JNjL&8P-KdaA>u1$f#U#IJK#fv0}0y6CQ%@ipt1QU-jB}
z>i4PndcS(}dS!3m!TamVCC~6<ryp|q6NXisB2c{MwjB3}vjZc{&-mOMGUwfQO>u=&
zFj5dczk&9omOKPnq*1d<pwq@(KkX0PV}jHtL~hDuvXRARx1trZwtzl)=>(Q;PW0kK
zJ->=hFNz+nZ3ew02CRF+c-E!@_cW#tDTgw?P+@t~!Rt=g)ACL6@nz7BxiNJ8KlT<1
zbivgrLI>IBx7sJTaf3%C0}UCM%D&QoO0(0;+qo`13(J05TYY0=Sl&ybL_*h9gTiBs
zb0G=`RU{^%2=T4O$l<N#H}5?OMA#T3h{aHcS{k@z&Cems3G5Aa)z}Gdl)>kTT%?MZ
z13sb14>Mmnv7uJ-P^-ZuYnfA}9FZ}e&iBwX?(Se0an5$nNT;%?#_Xh&T5_zR)^$l(
zxFM)3Z>v$0m5gX=C^R)IGp#9Q0S5tBR;g|mkJ#gp$Ulj!<c=@kd}<>?Ib2voNFp}J
z@hh^t<_M{15tSpaQsSE!<2~t02*S&eGbK8QF~i~UIE@Zs!=+n@i3jBxYa>CRp&noy
zyxIuZE18!35qicS(0A$mN-CG7M#y0<j|P_lN%pV*We?o4T?l{$Oh-wUwb8W?IK@by
z*pnutru}8AvA?07is8m-bjRpv-EIAl`W`>n;oXa}%CKb$noT|8h&Q7K%Oh|B!;_Lu
z-EZ7=?waG@uF3ZF7EfE#%Bj>B&0~`3DjI&kgEI(+C3w`i<Z0vzGf>CKItZxnW<<tr
zKZ)$uy}9_exh$(ACxbu2YWC|d?;`O7yI~@0o5neJKrst&Qg~7{N{M9X!PT_NDDPPY
zPhL^dy7vIZsb)?SOz1hepZF7JwA{Fy+$5Nq1RTH4U)uNkroj^`U^{>>E|wxsLW>^@
zC%zLz%>M~@A0bCj-i2v*?fJ>uX+ZzY)BE}KEjWkTbU8RYw@_>y7PX%k#BS{W0D}g;
z{90)9Hi=0NrCBd9Ts!RdblbJ5dW!)4=}>h!7$As#jbbzUQdGoUpJ+x1OtPc~XZOBx
zXQ;p+zs?GLf2gUSi9W2|SHCb=e-CZcF04Xhg=8$5Z@+4H5V2ma^DS%@|A8v_N8{t!
z7Y2^9mk&NFrzj|Zke01bNH_+19zN{-?)!BKTM+eb5cO|wXtx3nG6IUX#5&&z2jWph
zY10B&uUofYdrRW@e0PsDTpfDE0F%SGDZqHkc*_`SF#VgLr-=(rZG*dB{b!ZXemV3u
zV6Ha3<tAOZg1RmtMBTugRn@5uU%v^LpbcN^lO-B{T6M}+%6D*ydJ2tt906gefpo1L
zf?Nn$<)|maWFczX<1<@w&g(+<_klj0`s<rsx66N&xFo4kAW7dqX`w*Y%Za^#bRV6c
z)IS1a)GPX+-Whr((M=(=;BZ<n6=XocDX)CVrrVC2kq^vfTM^?hVtB{gt_ZUpWsX{m
zp$5E*X5rw*M1x*l&y4>(ot?egxpE5w{Q8age@f7DargUa|8#m96T1vediLP}-02p(
z1`ny|fr2BNEI*1Tf^IiZpjecKBD=Tu2fiyIAfajBJ*Q40;kgspkYo4!tC*pfbmDg|
zspQl=@+f}6grM)x&ID4lba-?I4KEXd`IqT50=S(Lni@+3Afz}t**T=sA~vEZrE!=A
zs7gOJm}0w#lxdD;olKLIv4a~*V;*^EF}*X?%jI_W&?Bq0$IdB<2cPcCTN7CkZO67V
zoQ2z&O=Uzxe7R?lw@Dj%^B8}e)q>-I;4CY++A>m%4@lm+^3ahL5H=*EuOXHM+Ml-|
z>Lha$Dzru$q@vYynM#-eM$kfO*@Qykln~LXlfp2&FuH5xbz^mzbbBC#$kmw3gqgIA
znZ9}L_{h@&IVnYWy3#{5xGeapweV&XD&inTIH@uOWop(~nhj(MMvmbm?GXvhbIUJa
zVK&gJ9ZDqqm<?klZiZZ6Z1s(EFIMt$XUJ}+LtfoyY<F!d|JhD*HLb;Za=~vue%a)&
z-uyZEXBhhl^L6xHmg$E~h+{jA>LfxYh4ev=%7m`!b;X{_zNlIS1B2zAt;02_wg;U?
z7GY;ro!8PE+~*iV&kCk<%kKG*kT;FbjO>YZ(6>b7y(Fk3YD~oS;(H;VXtJ@@v;Fu0
zndV<UfWJiyvh@2!av2iaH=L{??P+bhJ26wx#qVw7XB$*1(&T{$#SC{%{~3G!)UV@j
zYvVgFw$OliYxQ7$wl6tC84{rOV0-;`dEt8>chdKh<F^=0;)q}6vcP|*KnoLPI5nfN
zdgRikriI?>&Sme6-Aj3&-LHkj!!LB_Iq?4VI#e+OgqitIpx1wLQ09zhUkWxTVb6g3
z_{q8aN1fW#p8SrBC>t)?!?g*mSXgC8Z6?v)J(-19O~+>Dvfy>*9iAC2{i*u>?vK7x
zx~c!+fB#qZ{GZwYYM=kn*-2X)<jQ)7LC>gFJNM(y)y(V|7f=sB9!v`i0mn9_pdpCI
zfkP<`_vYQ+R@dpFQ}bR?j$bc2GL&{mDzKM;bAe{vcN18L=@te8{A*z*A=h36Hzs02
z>b}BL<d$Z&dT65!TGx9nLyD-RV3w)Odo(>8j0JzG1XGKV5#*4NXn0Z%*FlKd8dHfJ
zyxHUCwT&53L5&hxh;N5YK;oA*y}3hIzxkdYA~x6z?*!o1Gt&D_-Z+2Kn{+Q=7KJ71
zrHb?|dP)Z0SR`L>KzdKC2ALvjXoaH#VXlb{i<W=iCcX6NrK0rY={)PS4x4MutZl0q
z9<~I`?Tj|>a3l&>Ng<_pa3@{oyt5Y&Y$dJZ)wwn*;JVD!OY6$J)OC5|Kf7aGW~w}d
zOi3*FbgM3c`~fTZ{MSbW!8?oInGvcR9rbRtQbA{(bho3`^P-%IsLyhbFNetFh?au_
zKlc){%!2X#^ej^(*?^kV^G2s!P+FXM;bAisXN0e=)gKZ2pt6;CeLu@Y#ilbNgaZaU
z+3wWNOFM-n&JV9bxj@e`lfNZYqQdUTavWK=d!K9CX2>4T<r(tClS8Hw&W$B5;%Kek
zhqS7@PG!AiUGMG0kN@la{Qt{+Ab-6jm~Nm$8tCzHkUcoxsOOzDUK5bv>rNTs?Fwr!
zYjj}w+{bhUqbE~z)i}(9ebMNDoyl3za6Nn^C%z3s!N8=N2&beZ`R9{r(OBHU;O`G5
z+GCBGgz#W8Dmqf|5hR7g5X5eH<P5%?4*Y$F9AMTpPqnDDWDWi!KvjjP6bi^5+Mrj3
z7*$MR7ph7E(cfp8YBMoO-<rO@Ak)FAimSG_*2Qd<x-28=B${n%J2Lkt7)drauSK_D
zrA0`(>JoCr*pj1!siQIx(j-)pS@NPOr-v}Nw|vmWN(znn!(m+18TS+37}?QEq$&vv
z1d+~3utftPv+&ej66h$qhQZAU_C_f`uTFUN%b*I}QKOds)e5FE!1oKPH(;-?>-2c|
zHD~qI{x`zM`N?WQ2|mtWDMzjO0q!st#2I&+fx@8cAE&Q{r7TIr?^Y97LC-66f-bw%
z#A=_ve(6K!!2274a5E9CXSiE|R%mH$Bp#Yr4|!g>r5U=Pb3E)A6j=0?<Rucw;32w;
z=D|$74LBbHALd~B?|zfFuHB#e`mJe}R)`2PxZ%{~qz=DRQiS;Lxp%MtZt4;^Ou>GP
zh2NCp^%M2k8l|3xIFd%=gZaIUCe}@6*46u$BLCdHJoe{2%z0;=!~I4|rbPpUL|{%U
zM!+PbBL<oC`6IM=$jW;PL`b2YyZd7I`fo;7S;#2C@&KJcZzxQt=j{Pj7&IX2cYha{
z(%fuPW@=f^qh~SN^?t7x+@;4Ec|xVCp#Jb7la<R%=N_uKUUO!&+8qEJV5GN~bR<D%
z2@elXN{%q;J<NZwB6~T@^lcgo(m~6k$>#2xf5UcYJ!>?nOg<pa0gaSLARn4}0e9OL
zx(4m56wey2>F^<r?^sG@>2d`1Eu=;#IV;X0geC^30G$Enx<up#`8UzEMhT7p06vyU
zUE6RRa4?J~P9ac9!3IPBUX?^so_x1_w%d6jp1R`o%xG^Qupb(ei^pTdiQND8(zl7j
z^%uI{`}n9SRwWOPPvHnI4;Sm-GFmVoOGj$v?#r1w7ZO8R{wV4^;NM$wkur{u7A8ma
z{x^$nGD3W~9Zo%RfB6A>;<4ZO1A6_FNo#NxNZGpK#$h3+#jl%c&RT#d6Rt5)KJ6PD
zf=Py>_9cH|PxoG*`}cwF{t`>1MrBfz7;uR9l_eEBabc$*`$r!EPk0lMocz1xLj&D0
zOfd6@n)LYIgFj|<D@JiRhejn$INk~WQ)6C;K$0tNoRm$$ppOsq1MmlVk$dW};GWMI
z@(_@dPl;Z^1I$89gA&36H2Wa@PO3eP@^xlR&CMD8^)$3J>zzp(#X1S~pI}V4jl#)4
zJd685)}Dict4vxQI{I}69%wXyC2JNVe<E>kL8*2k*KMVkh!>u}BXXuG8>L^*<U7$v
zfPcJrAQa~KF??6ZThmwXN-oE0nqp~a*(PVxejQ!dTXdC4YW}ekulvzEG)f{;4TM{X
z1xk(NO&iX_-zec*6=Fz*(3A@!5)ii7ajNTk;cwW66KLX21I<_g+SI&XG{0wmadPGk
z)RZT9tp<2&-qeLzShn%TIIgv@yfcp-wPHD&Qq>^#L*<H=+l+1WWfhh!jMe&S)oPZS
z`X~+<d|WY>&EHa#;u-m->=Z35H(DJuXqEXAxT({Y)$n9uzGah2ldiUJ%d~H0S7dB9
zl{0MdP2qDSmz7L1tga9yq-~ZlGJfM3w~dvi<4AFAO~8fJ;n}9?HtVi%@MKswYgTN0
zFK4k(t46c1YMoxLmiY!~XR?EU)pHrMsTJhpM&KZk^s_wCEOyLX`Z>gE((#g#;kZZ^
za!E1Ycyg5N(sJzS^=Y!I%9g%aPL-1~%d-+NR47%<C4kN1H^8xW-ym}7meMTtww&}z
zWm+Tz2^BIq5uhpqCK}FG)rbW8Ers#2vK0+N$FkOnsj3-LJtsP*gj!zS@C?SXMtM-$
zxH4E<+scfuc7>2>DOQn;{{2^*(yMjip)021gk#ALlXsA}S2SR(p0Z*pSJ+fvVz!=a
z-BMb1z=}=fcC?EwS7ek#B1V!?`Q!YOK=OPwu=h4!>E0r1tXd>JKPZq+#vg%U=%7PL
zP%5rB8sbrtnZAV~>K+(ueRMSMs%njDlWVpcZ-4$i(a?_8m3LDT=_hzdL?t^T8UD7x
zZ&?5Eg(1q>Qsz-rTI)G7q|yVs-(u1N2psjaq&5=g)YvSlU%$kO(-1yD(;Zt|m-#*R
zSRXiiX?LC-5JohuJB=u3<jNtn>ae$S*_1(BaMjtsp41SG6(BZtXQKG&<8Vzrc3_lw
zQdS-*95bUyxXsqj#D;~+v=gPK3l#5kw6R^AC=5!d0p<JLTI`n7SP+SaYF!&Zi>0G_
z;Xig=74bOT3TP@q%OHg5?LE>ZV029CXR!jI9tNXCwVZ^j7Q{V3i*ODtlgJZ5@IrLv
zDi`|WHAFC<MJl-2W#mJ1oY&sZSss;^e7C)?l?Q61fUh@sPuCIa&5k6zsr9>8d5^I;
zL$TGFISxb7VS(+?Km!3B;?{(=K$hdnna=i0_;&B1VlS?<EDjg$2wiz3fk=#{;=w^j
zf1+CV9&x*x5&#uV;kQUk27;?GwtHWV`X5$$(!ASeTO64!Bhlx$2s#m!W_~?}M5c{n
zNipD1iG5P2?%+Yu;3#vFIEO<4VSwA(zAaFXf7E{~CNd1elZ=e#_XW?#hM@&O$mL~*
zgfNdqPa4Ac?0}V7G%HeaBUdQK;9;8Mb1lPR@U1{7v4U>BPjgeR0D3{&)eeS^SLM$G
z$nZj)OQ-_=C4;U7=YTv9&)2BL!Lfc~dS9B6%V+eTp=koeBYY0Rp6Tzcbg3O?_DmOL
z))xm%!5@xo^jBfhNgh@rD3yLo^M*9R&-Gt7_EpKR^&UlS{7TbO7U)A@c|Cr@>)xIY
zp@yK$66hF8ff~Tc>eahLw8E773`ckyqy$=HlrokMF+!1`wg=$;prxe7Y?@J3B76(n
z67~3Cc2_iBoyQ#Rx$Z>$?L5bq6zNT)dtqBABGL7#gxL38-V5~UL(h2hpQ04(HMWJd
znGJ_h^*%L99{?wGM8M0yUgAdAwU9@DUnz(VJa(ihZ+kRJFLoWC_oS&7z2%Cy>ppJt
zem1YGvoi3Qe60X+j!i6VqcpYP*De-e0C~@fSJ-ab;Q@sB*jO0Ll`(_xJ4OS9x+!l^
zruEnL@=-_$@Ig+smvjig(ii<o77^+XY++ck+Z6vLg4g2R(2ZLP-(wgp+8UZK{_F{L
zu{gBtgTwPFp5%2MetHl@{z2Pw1z*5-qevMNoWPFq5E!_o2{&imcBW5JDTRYhp^93d
z66_tAn;C7q8!M%8M|6(UMsX4#sPGwCs2MeW%y171M|-tVx9J;mh0?RjC*0vlaDGn)
zKiGroN0%X*ClHU31t>Jb<d9fk<v{exKPV!hG@M9kvKY+<_DnZu6%pJ@wH84;MW2d(
z;SG66Y_BHv6+bW5SRU~S2O*5k05)8(&l$ejCQW_wq356)lraCkJtMtj`PFuMIGN?p
zJ+M^PA+U7PP%%Gbv(xdKoVxRw{xcR{8G>z+Vp~7@90LFR_+v+$JN;~D^8=0Jm#VK+
z-mN0=5yfE0#NrmIOg?WJyoU_AfDGk%t%?iR+s(+4>jS7OxkIR^SG6Oh#wRLibsE)`
z`9)`k<K{jqPHJSOX)t2TK3E%I_#uAdHDYA^Z0KguD0?c&QKm>&xI6pO{U+4u?X(Fi
zgF`xa=h?p~0t3Vmn!HIyFs5@tZ9|;LOm3z$$-Z~B=PJOyntynDsm2Z_d`V7n_G}72
z@1<>wr0FA^V~HXP3nI(qCwQUJTCYXZc6vORUhs!x`*Q@Ohl-KulxRmiNv8$_!r8hs
z+zlkd4cRJ|cMQ2QkvOMTYTV|uv|OB~5btO+40d6Be20?_C8e$ukLZgZIkD)2MIf|M
z!TN-~q~5a_wurq9;(9)KO=ogImJktIJa^MdUL5mzyYO;%cJ1c^<l+?uhB!041<t;u
zIW@nc{`=)qpb8ip!cUNlXQ>qNnI<>^i-+kBlZF&lo9y-+-*mMt<pOuoU~Fp%8ALj3
z>7x4ywcY5Us|FB|vzkHZIhQb)lJX0d3hw%Ym&pxXc8CxJRHrl=u83BAg$db>5!}M?
z$SS-I8a<7E>DCfg;ow-H%kh}Kdpc0a7CoO`uP%d=-B!aIee{4e@htFKPw+Q{0_0Or
zti3}9jOJ0X>f`k}%F-N#%N>KCk={gQq5L{MS$9y@j?aKQpX_kmlvD5C;CUQkH|^x<
z>{(=D{e>^aLv>Ens0Oc|=u5@XA?ntiHSJ=b6ETSCe9QZ^$uI`3V+G5|;`={uFKgMs
z`K+NMVuoP$5BK)$J?DK%XbHhWEsB;Klexh7$Fn3zq60R25ZI>0__G}lCJ~oM*)$Sq
z|Aer(v^E0lIoN&o8tr=RsV+LIWk~jS0=rB-1II*bGO$pVu8<8)Go$J~x`b)>;sPih
zDT_DHe+eJjXp+17;9A(n0q9Cxn=TQ1xa>~Qk$6NGb)QRnl#)$HaeDFU$wNe>%pU0|
zz|mGkm+RGI7XwyQ`<`0nG-KA>nC!_6yk9Vc{MX&Krz{AbJJX>SNuUJ!{mKe^ip~*g
zy4Ht{Ke-F`t)fl?)c&GVs$t?CQjW~WHi*(10gR!oFr(-rqEjJTSW|@L4Y|&WMk7x3
zdXZwLXJ17FDsYJO%%0ysFfRC*z~IJsZH7o$BQ(!+ZjJ44mi@?5z;oMu&twvP8sRCY
zWMln2O2}X^zJOwtahthA^KF=F3Cp&!*o~IU3NL2~LtcM2%Ih37wzcczWc=En^U67d
zM}qMG<L#}Z;#!u6(ZL58+}#G3;0|YSC%8ih?(UL<YjD@#?iv^%xI=IsoZy2)LUPW1
zlXHLHUElrI`{TX$$E&qh@7lYox~sc-_U`H3Rh25*jgOeGzRf+YjEMLa_QAyp5Vd5F
zKf8LbrUjE2HZ7PThgO+CNjv^gJ%6fo;if1QzZRguv|ZZQ<$`C02A{J44TVZB;kgmk
z$){c*6ZlbVUO5)30o|qI2A*1VM`+*4oZ1<WXBh_UX5Em$Eg0%MycjSIJMYW7^7C-t
z`ABpD9f<RP(g0EOBDp8UtECt%ecw@1f(l(2hH$YDMor;U%-ExJTJzrR+$phpC<?{$
zi2}ebT%)n@Bs^&NS7VZI1!Izm2?M25_z{D$C#tbrzE-c_iGg**#eE0gVpES`%t#-y
z&qTvVQ5(KmJsB+)$4bR(E){w6S|l2=uj9^{`u(-TRt?3n+Set|W0hXxGQq~*rP0MP
zir;;@>&_luZ#zRj6OeP!xFriqC)~5zhaEaunbZV~04<~CBU;0SgO<p`oE`#DEIk_r
zYdwra>&UrsA~opA_|_UpT9jtpgB#R?go02XhQ45jEJU`O5ilv#8GP!U-*~K)cMuJE
zPY>%uf80NaH*Z{z;v`mzt*!w-FMODD6(C<C2j8Ug=Hh=-+#G_=GGtwIEJ@Qdq1ljo
zU-MTkW)HWQXZCzyKq3>@qjcvm63&-CE!aM2q#>KI?7hn`VTsdaK6U5(VgRZ$z|U<h
zL-)R0P<S2mV7?rml&5p`v9a&S=@aAk^e@EVHM6(#8pWIo;@K3zAm$^+$3fM1rpyi>
z@)*?tFRl<!L#$1iO@QH1{Fq1nDWtuZZ|1Y;%Y&9oOeSoeKB9V%9Zp&Ps4R6@c*SZY
z4VVuhAazXXiF;#_q@T$#!80royS3T#-l;S+qp3_}D7uWGPs*hU(o%~}llNg|Qi|fE
zGm)o>#_`;jfOo#bNw42zPWxrllp>(Shw_59`}zJpYipp+s_(uM+;am`GDMa;*d5Il
zEwn8Wi3?-CR*K*0y|VblA|!XyPUsr`_`_{ODQat^5f>OaWQcz}f^0QB^SvNLY+mi#
zSTZSfxB27Xt^V1MOv~}`s#uR!EDB#;q!rP<YKHFesy|W_<f5jeg&P=JFTRT-*J@cM
zg=YG_7O6anH^qe2ta@onNXQ9c#5A%-zR?hrqZ(k@erbCZZCf&WF&N7*c;gD&r60mp
zw7wwacuCSA$t^N?k`CA6)5d*Y=2mAWfpcSbnNz-xh_iecR>$+NlrX@50Qo=I|0@I;
zk`DO~0~mo}=|E-yl>k6$DkeBJ^*>n%1d)r)RjY--kRgZ!0Ki1h0str)U;r`%^Y>kB
zE<hzFCLk5S)q=?W4TviQ;AlVq;MCux|5t&(^N}Hl6aX4TB$)pu{(YSeK_vgCO=U;y
z?f5_0e$)K_2*`38f=jXxumETflO2L+2MRA3Ah>{#05tW#i-DZ^&lU0v;)DzV0A>;A
z{|%63e`ox6AN+UA5Ivp_L0BrKtNiY>mHz>Of6744T!#Fkgk?G2)YMsU`oAmtC-47E
z{^@l9vI@d<{~yi#7wK<3{98U0eh32lry;*@{cnH}>wlD=u099=BO3CX3QOmog22d-
z{~`UqWBqs5{~|$#{7(x(gNWV(gArZ#o8Wg-5E}oTAb=f$44KW)Kwznu07PqlvmloD
z5xsyIAIK2I)hwbhzY$~=#KrGy%-_QWg})MU4@H9=f}qaeMU1h3R|W<wYX~Ba-{bf{
zfTF7fKxhxap89VY{znnNS!NONZ^BstWJsz2qTdkvjM5RK_CM_ZH^@K3G8It?LTO+C
z_@AG~KMcrnyf}jYG~jnR|DTS3B=~>A`Jdti1i-Vu_dy{VlbWtRjHp+Ac6RXJivCA<
zWLXFbqL2TpWaezsKl3B#&b8!rv+h3$4|HO2pi2Mc>qSBI>tBD&VW9qtz6ZIiMT|m>
zONF#fD}0W+@D25;wiEEX+mlgI9MvUgRy892bBb3aOIbTqZca`X{eAFsLbF?j$8{$4
zny%IPIaES7;E*OkFc4g7gEA=ugY34;MkB>lZWS;X7w;&>fcz=@fykBGB)**wextc|
z#@1KwRO`-JJt`iqNS1i^^M=QWM%}*sG)28*jLtDZ3#Lg;h8U3bE<|0wked*5L?vGd
z4fel?)E=8MKSEzP)ijH)fM!T2?{WN$jBl8GN;R2Zasx~}f)-p84bq<aXdoH@RHv2&
zTE@RV%oa_1k2#OGoMBgg_Ht>r;-~8C1r+gViB>a&aXm+tZj0e3DtqE^yt;L?K&V%T
zKRyovFG-4@wNbIplxjc*s7o8D;YTC=qSycwzBovWJBlhFG1*Okm+wK=bhcag&Rh!Q
zFPmJJ@BDOqW9&i2!Kn18z=pNKJ--tvXpXsnUuxx7bPs2Z@=)q6Za+IsJf^xWCcTc;
z*NjD%GvS^=mFY6b=UT6r`C<SeAQFg+JT%M}fM0qr4>iU<b6hh+GEY8mt})38+Z||-
zW1R%xEIkGkdv3&lxnjG^YxUYKBe|q6zqkoEtVKwq57=brHf~S&#s}^Pei(I&jvkKM
zM+^Aa8fwC|Mi9C`L^BXau%9|O{{98^?0jY!eQvZPNY}GpFJh#@!62Gxymkw`1hd50
zeTw^<Z5%f`!$c~*=be`-POh@#_E-LA?DYkdIAZ6eV2rfY9=D19F^)oJ#DXI#LkGY{
zt4d~sdnt4#&}*AwO{a_(n~GM9|8Igv8I}#O5xt(ZmV-5Um}2AsRq+Oj`EV*P!%Cy;
z4`1aziBUjY8!P>EYE3H36zX@Bi&YU9uEs4A;4MQ^2hxo;MsoHNiVkXo>?m&{lWN4%
zf%7i^R5tHTpb47UhF}AT1K(67xpZ`O&nn}MN6D#}tPKwePb`qK|3M~bgWMUFRG`5Q
z^hnz?jJCs2LT4n84aR@crz`_fhW3u{VTWlIx(V}5MfnXHlRq)Gz~@F$o|9e(LPZzJ
z2K>HRxa6@t%@mro<SUyyzz5)4Wj7f=nf+6rK_O?JUM=FFg-Bn<;~PrK9Fh#Q>=fd`
zIoUqH?Z-Wok}~f=W7PZ)H?kbHYOvYfF7aVXZK`a#=DuGBwV7y7zb-7EIpU=81jAEt
zM+D!8_VI|-ce(bYw{a0HMb^pqkRmaWt&tBfe~Mj&$QFh#P=(5RA5Fiik~8NqV-#}v
zIa9}0CquXkr<eB!@5*ilzgu*AV$_JzZ?~Ocnm}CSq}*btn2K{p<tk9dv7n@sRn>;6
z{YJ{ylW~J8ig$5u37;IB3RZTLyo^Wytt$^B6-9T4H0c4AX2T7PmU{ugF|CC_+)L#H
zAqP+ljV*RRnQ|I{&KDppApHXsS(%-y>`hMwdOtO1T0ak;O0oXcjQ(0Beg9XXRvV;E
zdpsPhR-$e;qC>8Tz?-@N{TD|~qiuS914<HE0?FM-KLTROK32BRq}QHQ7_HyN0ezFW
z<ChM43^;3OyFz=7KUVPn)f++ADuc@b46OtHX%a#AQ%mk&9Ka9631smyxOEYfC9#Ny
z*<%gE>k9sZmRzR{o@xYLLIfQGztfVNj-Xk=Uq$^RJ%Ww{=&L1nQ4*U_68l=iPzU_b
zi7KHbw^kDC6hZs`&$aYa1o;gc!(S`-)4-q={O1~mOD#D>-3=wN|H>_C$Y5_M{aSH@
zgj{kn$jiZo@~`g%fEWPT9o&|;`3)`Nd5f1a@Dutqcx|(tzM2}gD>1h~!M^T-Rl*}O
z{++m_Bo$amh@`KDq)&{gs-njc7fxS-1V9dx>}oegpQSGWuwep9wYw^?v;d_#vfCzE
zZENk622-tQ&W!BrGE5qJ$RsLMPGw|Mo3J(2C@gTA!zwUKc3Vq6uB4Q8k7l60ovb7n
z7)_w*1RzF&7@;R1Btljo)MM8o&Wvn_JE$^N)M+8=1AKNgFJi+&dM6_4sGyHpUGTQ+
z6hI?Ift&jTTtL}<8ki$bq7v##P@N$zizqO1G?>F1(8-MSyhXPt61~MU=)6v^>*EEW
zpU!Ul@Lle;B8T~_%k>sS!5fDqDtk6OwyCWp>`rlgwsT>IxWS_kJn~oKxU^mCY9-nw
z@%;IXTYA7mf6k!BOV8ZFcJ{o_^_mE1f|ab<AA0$wLE)MIajtH`(p3^gmcMeu5MK)?
zVD-dh(v%D4FXY<qZ&}m3);>n+;C9pEpas0dw0mUl5(NUd3{mUqgc@4~-5Z5nyTjH%
z0m!|&(2taEgeJH!$LmZ47fiL=-nG~5ehqTVN1`Lw>YC?QQHZG;a9fIXUHNtZ<|Cfa
z`woDMZa?TU6$lF;mQI=&%OtY;DO<zwXrr303uBk3@!Ty-Am+Fqsg{^)i_}22Xp<Y<
z^m}onE<{g#cG4%&H@~*gi=>*yNJ`!=zCh-TM30q}CD|4h0*g>CZPVcY^Gc>UE%~hk
zEEPQxy-K!608$(PO-rkkK{adlpZxz$=)4D!EA$~8CB<88l_cDQfR%enAysDWs*eO2
z^nB=)mhsFgS%MA@h-oQ!TAKk?AAkY@AhFh^J7BTbG0CKr(^CR;w820j`Fz@v(Pf5<
zpih;k$}*U2bqG2D-Ir7QK5dQ=d5$mPSWOH%Do^a}irORu4;*P~f9s@Y{>ky_D-}uZ
zMpA}Tk`=dhXD4NYv*Na5BPpk1l2ut}qAO+1f{UxQtGugXxvLYW(ME?8m($p9%SaNV
zuJnz?nym(BJ(GkLXG(5|4q|8RniV})Yg30hP7{uVwS)x5nxsZ5MCe40Bz?*bR~`L?
zFm45#ZN)l~E?hn*?mA&%CZp9z(iH;@nHnKQ`ZbQSnq_XvgjJWyt|jhVQ!H{*M{XB=
z6%wPhEpF097gq>rQi7ms#9G24dux*Z-!PNLE~g_`ZEf@pXCrRyR+2_4uxlBYeuj%)
zwk}sqT|~JJj^bEdLb-yANeQ>9i?fMvB4wgOD=B1SHPIxA7)_xQz13l3ZPB4q+r_nJ
zqrp@mu8oqfD@+LC7_X7EOQ^-g#l@C?&Z>*si7WGb0@u{jluF)}v}Ua=cPT-LG^uQB
zjLNEFs<pwYu~Bi=K&UQZtkIz%)1j5h#VT$!sX?zw9TOF7K(zPcQI771ul~RAemv;c
zjmmjot<no*CYSwj%g7qVf#ruBh+nfWk1>%cRfjKBXQ=Iurkh+|Mu=Lad8R3Vd_uii
zj<L6Fm=c;gKt=iE$6i#4_Y<21?dKSG?&`&T<VMq*ccMyZ;Gg_PHvW2F^u@LOAH`hw
zk1n+{U`tL&zSo71Md2I8<d?d_&INx+@`r{B&d%0?E*$e#<deKk-TDG7`a>?dyPHkF
zn5Cu@sxUAxV1lC%(_efQn~;>@-~q{RKfYiT0m_Bu@d<GE4*}Q0>BXoL4Jeu-=H58y
z_FelaUF#LzOf`f^4N-&l%Hnmj{so2kINwDEb2^X8+eqgUrG-n_-r#ve(+PzUWm?VN
zl{Nc$uTTa6Xop{wLI&A{URt=K=!a#A6a(dgP(U{W3-(3sMH655kcEJQFT<2O$gxht
zKhWid0&*>bLkB<EBuH-b4WX^MB`k{9bCg$OL!bHKrvyizo1IX+uZEah3&*1cKD;8M
z+;7ND^*{D}mDEJPF^(_!<LIF!iir@ZkyN^82QFJC3+WeDVQ6?v|7+p>3-?>^f>UD)
z5JY)wqpK}}2I5Y%uMCb{s{6LPupAmi4ZksuuI`;%U6+BU_<okGMj7z3=+4?T#s^yE
z&<PdeR>~Ch8`sZY1lH!yrtvNX{9q18o<yr!4)aqQ?G)E4R+@}{`O{fa!tCHGO>Oy1
z@0mrZV#3G`dhN59R(cbyy4%c<{nA@rQ&PZ~&|RiNgA~e+k22#G_52A>NwVo9Ul8t3
zr4#qvDD6XOhMx!ruS!e!yz8BXYlA$q!WOB8#)kECf%`}XDx%4ypQGr1kgz4P7IeXa
zPv;C)k6M7Ti1-nZR4^v8tO^4lN;2T7KZx=B*TOvsGt;dfgjR6|e`mm@@pc<@1qPR4
z(nTK`H5dp1oQdDbNxyk@SmTL@N<#7x&Nd9I0+)_dBu;X+TE%a#*5CKSDOW7Wj)@GF
z|9FeU-q$x0jFh--HW?y<{+)%_o#PEIPY&hy7$v7nBa7G)QqT6oFs~OnG0JF$EngK)
zyzp?wM=MY7;g5_K7VJZZGO}YkDIgyU-@frTACf<~wq}2~B_{!u3yl=`D}IZt4a1i#
z9qA1{<t0Sfkx5l1&!bQ2!isy_<I@U}L)8rj$bQrw5*IL00@xD7dFkotMqxVDWzs)N
zJ{;0ae4?59#`Cl9u-hQB)|Hv7H1(x=I#A^OEnV_Wv3sbbRAGA(i*E4sQ3~t(dnss&
z?)J3JJ7c7?-IC8sJZG_A@d71v87*!-7~lFm#5GV$Ue&jWie+glYN~~ykv~35&YR_Q
z-K9}`y)ABIIQ6$4KQ-z}=1kM{WYkWs?&V=>6!H9;^wsAna<nhb8yS<4IGZ0cJ#`AR
z#Ixp`q|keuRvm>@<w1EdF!EsCC@!UzYa(l0=F2>$h?YwK8K~l@|5?nFzF)!gt^b>%
zb9itqun&GZ8*qe-48Y>5(2a}Zi41=h<i8*EYxzU_S@Z#}x+Qlmb~3<<eBGWZIr(Gz
z+w0@Y66PpXo}QBBz6|5A8Gg;jIAPu_AXT(K^fbsz%0u<!=gaBP<q(~jCfNLoRO`)w
z>q<v{66tukwyAbSoeh4PR;m_}5{^mkdwx~q3>F3%dC@~fO%B2A)&-Aye!<Zkf10Ml
zLn;MviIO1vsAC3N&PECPrU_uyvd5yox5{KZq{{;`D=JTW8AZT>-vd`*t;8itzzr`I
z?ZFMG(K+=e^O9uB4A3E#tt9hP2h|yqp5jo#(&kmBx89o5mlZUAZF=<&cJl;Csfw%?
zaHJRXx{!Hkri%573~QSnj6dk`O+xFvBmCs2|A_u70s2*bFiJ8E$BHUs$KHZ-Hqp?C
z?JLI<62N(wYOWb}>haWNF?R|ThUpwEX#GjAVdZH@ot_@4<rr8ShiW#&)G2<-QQEZ!
zY@*%3+v8G#`B`m6Dbc8*gLKqepbY&_LTV6F*Yiz&o3dP<!ZZU`X_l!2K9bP!n2J?}
z$}qy2X7+lRtTH>ZGv$43)O*TS0Ax8#k*~V624R^`9}WZ(P*=68<AG=2=aUBj6?KWe
z(S`Qla=$6B#tPm$h(zkzdpRU|H!55I6Y=6+W6=LsZnR;AZ2c>{{GZA4iD_63h})l|
z4IddvOmBYBUH=XF`t%9**WStQ-~YPtFOEIu#0xpyZS=IBYpysMxX$VqPCg&7HY8gi
zhKhXjOE?}K6vA}ItZ(;KbqMA3GusmJ;W~pExp!EdkGtgg9iCPf8u@z3XwGdzq2~iV
zrSuxKO<T|zsdDr@qV22gE&&pRRkY_t#C>7G9BVhQ37e=lrw6(W^}FP7Wk6SNY&u&I
zaW}orneb}WoD#A3$wFZb&N}dYRk1vKf$qM@E^kQJehL-81Uk<gH`gX{uWIaMr+HWV
z&CgIZT_sd5H;Y{pfC^_CO#?{RPBc=iGjgc(bgVx{&}m;Y!3&y=RYMo!%_CgZ&U7fb
zd72t##5XRXS82LfuOfo2q2@hMH8(?d1E~yieT|)?prJ~A;qIVkH}Q;q@uF`e&F)g|
z0?o<W0oqET#$k6-=Ak<**LQj%#^>oXxa;q1^ZPsGYFeQ?qKT5do_$f5o$kP#yw)A5
zKI^(E=j=}eaNf#JDPpPsqJCk<@Qi|2hpdQnrTA`lx0e2jL$Q8?>!&;zt7egvo|z-u
z{K&97SlDDr1iRPc(DuYB(Aztxu7jtwkmJX*(!ZB@MErxCwvI2OSZ4d0P9Qjm^`5(x
z?tGb8EJOPAT4}Hl9EAn14O`Ia{zFU68&a?O=#42E7sp9Lrpkf-mwZIj&WD%1;5Tnv
za!n-^)Iwr@eGpjr!z<%j&eC-Uo;|lbvt~X&-SJMN-lehbx}iZ(wYucS$g+)z<Hzd8
zay>tknlqf$#?V(QUr52tDo0cEK-jUa(HIPkc#dJ}fR$!Z32V4^P5Nd)dGVb^7vA>P
z{i>PPJgjfgDL00pBtPevpC<RV2PXI|R2xb(_R;v-*C*Rcj48|6cNuL??(?oO>FI2^
z-2~TAuGiC-j#Y)seCW{Lo^==YRS#ag9#cJaz1DuVSX~LIb$dEEK3jw5ly#-{>WnXk
z9Rn98fh8-KBeHNusl5{WF@MEMp^i_rE|KVI$v?W|%Y$cwo92ITeKE(Z_6tnLv;So8
zR;&tbr{UC0DqM+<El1(^+t|+oatOMy9P+r9Ici3bbGzWspSt4DVImvxOo@3DEhaa}
zn%Q!ijT5H6bmq2d>)}`XXxGfnUL-N~<u6qAiNxDh=mumH+&8VsfntW^D=IK6DsTu*
z_^QHLP-hcFC<x@ER4SG{NSACGOXEN1#V}BrH8hR46cYZS{hqDRs0Rd1ZdhP^N)&&*
zP$54rX11MfSRHk!`Js1^yxfn@v%bJ{UEAR{M?|y)_HBvJ=CyK=R~b&VNftlbtj!FU
z<r0`0jzY!Ha1p0Z(>qwMcB=F71+IG3L}Je9mPX8>3YRO7kAzBn(MH<K#|gw&tjS>J
zrC>k-y+7icECdy%D;$oZHYe1)Rs5bmsx`drSVAdtx}e<}I-7lifx#V#c<sS|`u5`{
z<ln8T9^ShuzSkJ*LZa7~AQ&zBxgapo2O_FocHGs9Av6$4UV-U02R8M48qC)<cH#*K
zeg7zc<=(sbCh24JV~UE~<c1Yn(66CLwWCfSxt^x!_ns!|rNUF;l8oL%&fUvh8d!V&
zgI{qUwbmHO%$JvU7#a0emsXyRx2uNcTi5f#$}BdvYTHRE)T}I`;eQdlgu)G&4zOnA
zcIy@17#lhk&2;TrwrFfj^AzUIvD<9PwH4+T)Tg@i!!C`fL2EC5kL2lwA;jC44VMLZ
z$v2<;sC~M8)l|UH&rSFiZu;PN;@#WnhVRfH>I1r7vkZ<@WX9H>u2=O>>3h|6@>L&?
z2Rc%rqu9nnT6&H-A=T<DgkWc0?~C)igloUX3sZ&-ix<}-Z~g=5WtQs4y4n^ce@E`i
z&EPk-iT%lSwTK9!wDs$X3myJR&sXqu;oh+gIQ%#p-c!peBEad(Y(B+Zxozy`iUZqT
z=N-4_4thQBZ&XIA@2+TANmrJJb|jxFu&tu$pOWY^^CfiL;Gbd!x*P0yV(R$cSiG?N
z9%F9_;WR<a9(5LF`^|G@th0{Kw@cWaUfH+J&N#R9*OdIHc1--E=vS|&H4-ftWfhdM
z-tk4Gb{<;P&$iv$JtEeOYyDjp`;L@#4KUu*C*D^nsVTE!w(%cD6I(0z(*EIl_;cMQ
zk!r!Om8bvS&hvc=w7>U>F5XQPtF3AvS8<}6oyfQI+#V!GYHl~vCkAU%fwuMLl&{pI
z9IHST=!qfYYdvf(;CQgnQW_(1I=Iw>Y%JT_av{n)q!z3L&vs7Js%byd=gVFNEr64v
zD%eGc6BMJ^YgXb%GjWB8!YdNhsA=|a3!1YwpMQqEbZj^p$p7tV;7d93qb0Ztlhcy1
zk=QFaAvd<)xHtS~q1tv^Cqy<R#!iE#kmgeIm&H{E)L$F-qRnilNFoVKeRm2!e&x=H
zkfcZU*3zJs#hRkyr5gJw7Itttch%<f<5j^TJJIF4&|}Z)+h%Ax168Mj{)3T6gr85{
zEE8M2zkKwBghs%sL_UY!z`WFI-j2BB<#n~(QXmC$fxF5RiN_hExV3k!V6e-(5ZjDd
zjCA+LWvAV<zV;%+nDZH^jrrZ1dJf;sm)r>!bki}_THdd|9cTGl`ft{wU2pQr&*!rC
z_|@TD_eskytA3q<Wr1?s$_;gz>OP^;5&nIDONQ*c^spEz3s9JT6|aI#j@#-udp%!t
zbvo)Ns81!9az@TW=P5NFdK-^Dr^_5z);~=>@r6v@RJL$Gh3NPD{VKcc$WGyI=*<z*
zEC{Jnzj_-;ZC+&F9;AT?pVrS|uzBNl>+XA%^5F%;_idj44e8aB?>DM`c#7ROqPcqF
zrW1+4gzRn>_)udvg}Z>TSi6@K3|5rdH`}nT(Ovk?d>0N=5NpGU)w_OTxreqLXHJ;U
zrUVOgYSc7+tU2}nU*ASjE5#b+Lsu6JGgT=^zr3sPA;exP;lVr~rS^^Zb)N5zKFi84
zmBM2VJDz;usWx@rQ(^n`hr<(xm!_g@%3`m@tfsq3L)}`Ic3@*al)~(1v2F$*L#+93
z>&jC1){DQLt&zr5fIp|gTz^*f$<vd@(Pr;%V`t@N-(`+ByXLkH?KOP<dQqQI7%!9W
z=8Yo<(_{bnjxtk#a9_}6WrWtxq1St~&X&j{uC`5(Ov2LP3C|A+!q!ZwZ-0F_cr&0L
zvvR%-k6iD3SNBo%GjnZ1q^F;y%G8_%$MQ@8w08#<80znz!L-v`l$Xa0J6UAB*oI$&
zM7qh<B!au4Rae{a&C+R+GL?4QZ|PSCv*nZ&LxwG0(D^CVQ;A-YtO>XB>Yb;79=}zm
z<JYvS56WQtYU8x7-OHr;t~t=TQ&SCfxf&1rT%L!8jhW^~<;*_VZ%la!8VX;WC=d@~
zSJfC}Oe@855@PgZMoE(2cjU=ZcsHva-^P_?USQgF&#~X74j(C6?mW9vzj3<COX3zX
z>QL(+WF;YPjr8xj9?b|{QUSNArypxgvFw0p2c2?7>e=|~XGULBE8M#-1FYdvol6(B
zzI((zwB0-=qu-M!R*1e@PQK9A)HP!gHQjJS6)DA#57R!qQ#bwap@Z-#CANFBXvG`d
z&la|Q-fjnbn$VQr_D9&;LW{sPFyZC2ZQE`Z-fcIPd?7dZRS_s%g=MlLUHLc*oNkkD
zmadkrlCEys1uf|MS@GYW$XMWT_<6d*&fTH6+oipMBrCttk_v1`1p`_zZW_9zk){Gp
zo8nLb59Q_MfHRo<Jye7ScKs>cl)$y%40Jp0orbwBMEJcl6-N~?JmUB81oFGV`z6{C
z0(ATP`TMGX^I)qm*g7L(_3$?xw5QkKrjH_{>l?Iv`>nl(mmWek6)zPY6&4j{6>zdL
zLclf(aJuI2!j$sz(*4%EDI4@r6;!}UGMMQKDCxq7X@YrNp9@vR82D<o<8v6(70YA9
z7`Q8`bkMLJC-Y?4iM6^x>1@Ygxksw9JD~AxLd6O~1*#b33RPxc{0LEW?lCSq7T;)@
zlNdNni8>wOe3gyCV{`|n?KnYniAQnBGlwvZgxE2MAx+s*QFMn;getzKkcHHm;B#hb
z6}2YIvG#a4kMeAq2$POtsT&5iXIDX7EVgGBy#oD?rl=XZ;-RAoB>`JvG&^xR3l%~(
z1<?$K$&YpvV4EskjWMu#&5mO=wGMbWDWbxmW;;#R6ybQlv+GDkS=%v>Fs+NpOMWI@
zG(U}%F@bd3jjcRgc17;=5)ox!FO;~cOl->;H&^yD=cM-PcVznC$IqMortj~JW3O2=
zh{E+-j*vjf6Nvw%QtyIK<)F`vNpVQs@6#2xqpH;K<B5@mD7B}EmO(YW)@~t<5pi*O
zsM;Ffg{5$MP2}(fmc%j^2GPGcP)b8-%jsOnzWsu>hXKM9#rGR$Z7;ix!hRO%;&bD2
zRWapGGWR3d@{+HSVwQ>CQ-WGLbu6<!3J;d7Q=L1ac;%4)sNO<97R-<Ry2Df6Wjn;g
z5qawc$N7L3fql|}^0B4l1zflLP*q+tg^dVcC2XHh<Cw&SDt?32-P`!ywH`K4rR>};
zpFjvO*Jgd&b9f6vrWM4`T7P(_Z+VN-61*dhACv~9|4gz^2dD{4>NP-SiojnS{H|@E
zh9U-L@tG!sO7dMVqQalPNiy~uRc;GXlt|tWR$CP3^MCgv$SG~2!3KQW|JeninM|~f
zU>0^(ro`d~N}a2G;i@_tHY6l#r<5D{7E_{NH5b2GtKG{52;cEB_o}z`Kz4YTUc|{r
zIP0dRa{>#B=JD|>WqV=>&f0ex-O@_jXj8Kr1z!Z+dT_o63iGiteR+elFXSjCoNEEl
zVq(>PUZ@_n-j=12+U`@7nZl~Z3n8{JVVosL{uv%@a&bB+ugnT4Q>S<!i~a!F2mz?S
z#SW7kiZdD%^ktcm!zDIIl}<k}_KYECz`*~S692X|sCJNjHdCFJ;7ru8hZpniZsPu+
zn6-=uaGE9=_Hnr;wAGElTjJ{*q5j=4W&e?0fhw9ip-9_wBW)uKxcGyHcoVs3x;Y`Y
zkCFLXQ;CZ`0v<OJ-Hd}(DS6NxEh&Vm24#5kWSzF4Ad+g&K_tXXHLPhJ=?%F@w37X2
zYE;^t=pWg28mLO?sF5>K;{$zo<Ric@GLvEW`+VQn58saZY+tEi#GwR+kwtmy&DhIa
zE}=5fES+{sNX6PTtII7biWCpfyyvrEGR&z-cDsEawqht0WY23dn2u^gJ{R8Tn{2Pi
zFV07lFSu2%SUe)Qd*-RNA}K2+|E&JSpW$sWFXBtLezE{t^lC0`6IvRJi%>mLe}v`8
zXTKI^8*G1Wno^5um&;le|A2QjyRT|ppLA38b)E$A0Pl(}cJtYeLYsUpDl~oIR&JUX
z*X_m@(Jo~8h2wc&tFp}ZX9p^Hl8}32K_DY5EK(pfJ>(+@ol7QS3`CVlAt=neI#Wbo
z-qk{V|11)I(R)5J(%BX{wB9Et7cHs#+2gbL#p`;*eL(NrclgD^7;XT|#EupER<5rd
zOU<`c3RWWs-|B{^zs6-`<+9D<0dyN!Ced4LXI8GPVEv}Rq^+eTiw>Y=Jc2M$Dsp$W
zvk*{JjV!FmBc?rkGoP%LW#0Mu4d;ZYLd2O#xIojbn`P>hAGei13UVQ;Yx0MyM}0Z|
zVT7q<cy+cvpXYLZOlDRrjG<LtTXW38AfKj?){tr@dX>v@gCZ>1@<#-I>-7H2GC_kf
z-{#Ex#Z~WR)#pm8ZDSBeCRjDmDcKdY@F3wkYZTlzdXHhWaOrO+zd<8`qZ<10o~94F
zQhDts(OgGsQw4@u@BhW~J?O@R)y?kI*7@n=D1*7_LV(qsOQ2y5G&2F!V7!&$FL*0J
zwareDtyPh^-Nj_MIX+fm1f4H4D(KuMVv=YT3VIIIg3aPF%!u&Mba%Z~OfmO25OBC#
ziyt9#fVMs0=dWq+nM~QC)aYFat>y%m)i0gnN@}>#*7Ok9^{f@Nwu@9O_Na+uH+*qT
zHc=Ahg?qzcu)4rp`hK;yek=a&YOAqde0F-+`=t(~U!ZjbZnp((`8!=93mczurljt^
z>*{7{yp*Gxe&Hngtoat<N9$ZiWs`;}xWL>r)!yqU#H!12-qAw=O;>$$)%~5iNWm(~
zb&g|emgxo_|BINI>Xir4c7LdbkLiV};Ng)1Ne@r+1iLQPSD(o2lKS&{M$Z?=c~YFm
z#v(ZRZXNt2d9Zb($F=@FBCOS$s!>@p@3|P#YkNnmrpx?qDbm}AAatoS8;aG{tu|PL
zc_5y-*4*rM>nifh<&avdw9!?oxrH6G=GPwPHR0!zFRED2O@wqjTE*s)1Ys9TQl^it
z&Mxdav-PzVa+$)f4++8^#Jq)~eo34YJ~eKmoJw3kzVcY4l0=YEB%ovrVPT3&PA;bq
z2MkB$azG7CMg`I@3{i7=XY}fAx=y)xUoJ{^o=wwiph<fR$}8S*hL2=5H(q`WmbrnN
zOMd8uIz_IU&KuA_Qp90|)OY(>k_+OwS~AQ&yx%8gM~ea}&0;B!$sWq20ACi|!`J2$
z^o7sZ+fyherQXx|m6i`mE*Dfpfe;2TUtGv1#T11e=veytTtt6}%-wWD98Y9H1lKsn
zbNDS#M&yL&69>kk9|QR;%O!YyUx7mDA+-e0dMzA~BS0x0S}9wGw8&0S-PVGhCZ%Cg
zhkUbLo!O!PT>g1SDN~B=E0c1f9?SgC9EPC2d);1VOj)x%_Kj=l5B1~X`Zb<>ZwGd7
z2hN`sZa+!qxt)PS{2G1?`iPeGItXz5oDk8Pzc8$0_<XG&#qpVH<1#VezL7e7SC^*u
z4&3=YJgcqqi96EQ1V|wUcx)L-$v)39PXGRlaRX5|0-)jm=p_f~DOV%$i^`R7P$7|&
zqR8|S<6)!Y=O=Ta-Cmu~iB1<cU=rG;hdm|8oq<5>#}Ch&*Wutj(?KU&GfnqTyU$(N
z8!RYn2M6uq=O<&t-32bE%<ma2<NDskKU?;ZIXUmX=Ue8~=$V(i3N%HXKjf(SYu5`!
zeJQBujmY`{hloe_N=W-BafvS5-uikWeO3aM%ob2y;d{7YqyB@|j|jHG$*cCa<IPlC
z$33Qn^K{+;CX^Lv4B(H(P+8j(G_AGV7h&HUNql+HIPZ^%?EJDl`hxcnV+7}ccD6-F
z{f#uO{Z>9lo&8NcMI&54yG1uHq8vl%e7fKY8N5Xf7Z<Fp^=3W8BIXVkOwJ00wXzSN
zUr6=8HIa<#k_QJ1u8J!@nA`eb(Q4Rw4-obnU07JqQCQBLlL@r+m6kK#27i9;lEn1)
zFqUuEU+q~Mlf`Gek!<(Ue|B*;JLW##n#V@M_l~yS8lX;kiab}j$kcoy|H|0L?6335
zm$oxlt?)81<n?~+s&h3kSe!_*L-R>#G^WiX)Au9pECI1ITLD!B#k)G!qGfuqs{8x0
zo^ZIUYj+~9UDf&0hPI*EQ@ZboOf1uuDHRBfL(3T##Api8D$b?pF1|cNpM6+)avF1Z
z?@Ut%<RX&^+%+4Z7G$@28U236Fk68cIPe5l>xJc#pJDiHA||YJD7%CKR1-kGq%x}2
zTvaw4Mh^OQ^@C;r0d|dNy7jtphu=Hv9dcKux&dQZQ6+|}<!6Jf1y7&VXF$)lRAmd|
z?<v$p?^5;CzO4pc%K)#7QN3CT7{?7;(g8!$NXLG^{<6+Nfp^P$Z`J1bi^R|mBN0P(
zf206UlgP<%@!z2JmM2oiE?<*Wcw@jCbR<@e9I8M;<~{@8Jy2?{2nVDY@Y^rOUP8ow
zZJbxVZ?sgtH=zwUQHM(YVq3hy=Rp1bR~d+v@nsW?c}ATg^}$1{OY#j=25?8F4GW~P
zLUlB?r2GiKtPP05o>30esYB8ay1n;EYZ(Vl^sxzt-k37J_#r)N2Fu6F1VOHHjiwJQ
zl(rQ#kYl3x0^~5mBj|zFhLISg4rcv>I=IIfbT$_5fiV&XwRvW>Y%G)|$LJ;K`|xC=
zZqV#X4DMoC6!vo>Dl4vzC=Dg8VE^>%2|=9*TTB<K-{<$+Jf}D`(Qg^DZSv}ZX9VZc
z2?+`D3m&3W%!S&hrI}7JkbobgMF8|>%Hd&PkZ|bPdhFz$kdv5NNU<;O^YHCA7fF#5
z$_>F7>RSpaq~el@kIuKIa3&$Y{XuPMfr%0N=ac$KRHBD~HwCvysMNHAcQ}6uVn80`
zQ`w4<S{0}&-UOmWYTDy64L@i$R6><~6Ni$UaQkDPf%Ic$ZpA<CI-%|Jl|!^GV))0n
zBWa>CAvq%<q7IQGwQtp&&XI*GLpx0)6cYOV&@EAT?VLL&3ApK3q|Yv*JIZz;K-u1-
zZ%=y-5us+m>!wOxxY&}R0C6`#YsHFf2C;H}G<2>=ppjwtjE6yd)S`v!gom!ek_f==
z!YRWhmK0P=$B;&uqwhFWVMmBcyVhxEIq4C=FBTsD>K-i%Ar$-KziTF0))~0v=x@>o
z^?5;isW2}c<=$?(7hWb~<%Tv?^Bp=;_Ci@}1X6oxLhigGL!y-5y1fjftHAT-yfrFs
za%TN1@tHe0Zx<lIx?#uC)N3;TGV%J_7ImfG_oHf*5~H^d<ud&NI^(96e!$@IMn;U>
zgY^YAACDJ%lt(YdfFVP(CKn3NEBu4Z9|T~*QH~TL&Y14?pdEoq2|^jm;;I`K9q4SI
zieZ3Us(SzJts~J*fFo%n8gV>|;&cSWHLMZ$j*Kl{3nGS(B6MJSn$x#ZsG*+2Zn0i?
zY2@BT)H9$Nck!(EfV{NvjBX3V1uUd6LF|?j_L~R8{thiy-J^~HNFS8_1<|I+-r5X*
z2kKS1UZxuKxILI#AknvW4%#!?4LDxx#o52C^%hcxXV+cfzm^*Y5QhAqFrb`6<75@P
z%FD|uu3>ol#{e#dzF<B+GFTY>9)HS;FNxcCt*pzs5^w|c50tI2<=ES{_}QD#w`jfI
z-%~K)p6OUkJiNg0>gzv*jjGb$wpvS8Hokyu5G>y%ItPT7pUJ)MJm3fK4hTsT)8!Lw
zr5>fmUa+CMZ5E=TI{dJ&38D}A+9_7mUv>)Vvw@3$I2aStk%9qk9QqTjZYSHOaz`ak
zYGvMZv#A$^SIzXvO_^W89>z9ELp@q}6rVaVK(i>SaBDo3$XPWs&jU%N{*>sJOCxO7
zOon&<!Pra!0{xfDkDgLOStg=Unp1vqf;aKA=Q^Kq_oN<uavRIf8Hqz8HYixNI$bwN
z_nZV~yIs?L?)E}P`X1Bi3=xr33MUjt)4f}<bjLJmw3#e_k#kLfkYV%X2ICFxb!FAV
zg)=jP6mubbry2=oan2Hkm{-S8t!bZRmQt*CyZg@?w_>?smG<gK-Ru^d;;&7{Z%lU)
z+mmkweol9KZ?UYI$2#RWP~=u%TCx=ZkSv1-eRsX6It8g0dEWJ(Nnub1#5mnh><W5p
zlo!!4(iprJ-(IHV)G~9u2?&V5q&QlgDp=sYcSRkt(71utz{F#E7Tbag7{hpN^l~F?
z1pwq2#Nxrd7TE%Ny)W(47o3a_1OmZ&Z+G`&`)^RoUMjq(!T`V|VFkZTOoK#M{!DKH
zUJ4?|Y+k!ilQpSMJm}H2;ny2MXp!@wyU?AO=ajzwl33W&Os};7n+4H?Y0zIx3%dF;
z!sVS<SobBlz_fTw6X4u2<#^@~e^kh)04{*JJYQVU8(MmYN6&k53i9tf7RbI|!|&v#
zvN6%tFElTt`^i>s-Z=Xf->9gXbr14S@*88!HVZin$sqNZgd>HAK)XM?&bn)voWJX4
zGwsZ=0v}JTE<I8jSPay!r~2-T82H(l*vtj9*xA|p<1D9f)H-8M5u~P?7L7#h7C4_k
zxAp+MISmS}Lu#FznAYQv?)oRG_OA9`zxxfyEJZxd9`INYMDfW#r~sb#q9e{%<{fiE
zWpe$laGj0Q7Z^^zqH9(qA1QE9BIQ9Sz>C-7>+Ty=&(%r)_a|n~CKaO(lUGs0$KvRK
z;rk#4rp@*W5raLm8dyF_-h>>@SH@jfMA+qk_UJ)x6cvoV&IPyV7CF3Rr1LY#W1&>f
z4!2d*1D;<6fxF9f$AppjSU3x*7?IMX>z!0==Y{bX866~(@&+~tC2E<-M7S3BZik~Z
z8yb;^AW1)`5>P@0d-n+Jz0CSfF6RJzyG@i=c*v}JE%>h27fad$_G}JG?jTdWUr>>D
z2hegQR$-i4&-?kAc0wM5t>pG1=eiY4e_F&?oG)k>iq?xpW-%EE^|3HLFC0m-vx4={
z^poD$h^#K*&UOkcBca)0Bw7`s-4Fk`(zgdr<<fx~D!bT>O>NdDes{fCA7$){hJK)C
zB&~tIdva<I<D|x0McqGfYvED-@7yMPeN4JMwb+9jGR$GDGMViN)0s_F{dU|mOIP#^
z87u9m`Nci=;LC$cc$C|9$)~O~%j=W-pX~y?`T7M!*^KP8w|#4RjLxiYEocLeV<YI9
z1=yqa`6I~rf9+cF+R-abtb}JtFvBbao#+Hq!%H$>!Y&$ZF9LY%j5=X`f$(MkfO9r5
zp`J9s7zJHti|ZkXDmALEbkOvD7ag^x@+?6WrsBJr*Rh-Qa9rz-7=UkoVB_*KReQ<g
z%DH;dWqlcU{+K-3<>m0G#fkC&>>Tm1Tyi?WSK#@X_DMoNrVxO%`;BfO$hPr<%m62*
zw=ixP9jUrsy$9*L{OD=*vEbp4U+h>!vUnJiCACg1A%9tX)Iyz{y=D3=Rs?gWxfdLo
z-qBpSHm_x6Uu;2AA8lUxW>^0~%>au{2%1lhVm1x+pFTI#SP!$DVTrCvJxQlrl%h(5
znG;fyDRbz#SkJHbOU%!_=n>RU<fVe858TdQwx7R?P$bRL@<mD2=sI))?~6|k%kyq<
z#{|q@)LNju3hv^sjrO4gv)_}K{&xIznORGv51c}wAz-uf9*iQZ9qjO>jod1sMVcl@
z`9{!9XwB;dw2xcVrg63~2Za5#at}$(zDaW4^j&f_l<NhhU)j{xK~ZA>3~-;}G^qL8
zEXgj>ZAxCrp@>se{X;&rsp5v*rfw1Do!Hh{SdMDvQn?Po`BT(ZPWC}@XI>F(SwMi_
zG05&wO0K14)zntUf6&enOuf2YUa2R>m^=-kcSMV4EK>m|Ffz81GL|v2rSk{)ucuHy
z^y<~AV%AzUE^`i|Bja+`NDw#-AEOAci&vd7`GuaZ_}vk_@|XrEzsBGIqE&E69iZ6t
zwYI~^c(&eik^)P2r(eupFTYlc&CGQpJE<eJxvF%^1YGu9c~2xa<@j~SgEN8j0N~7x
zrf>Sti*FwYH!jEoS>Yo{+t!&`mO83AwnB6Wxp0`TCDMub{mj9Z7i^|vg@>IfzX`Re
zQ~uuk7h?Zr_4$X+K7%c*$f37hF9Yv%oG!l8I`)?8`3Ki!rvm0G6#070M?i@oosY}V
z6W1r9xHaNusq@^5sD)cJGgJ#7a#>l^a&)Wm5QIY@uanq#1Kso8TY5Wt9nJgk{4h%Z
z+s~W`I^4U<ujdy1=KkEYc0FAZg<I0MNCT^*+6K*lp<HVGg8^)v0vJo-!jC9nKhRVK
zd(r2889`E`MrQ}S06%-rMP1y=@s3H-+1Am>X2Hu1JLYT&Z>dOI-Puh);rp{r;pkg8
zLvJB%N;n)b`U_qAf!HX!x5*Np`6U`A9KYcOfHIXiK!my=bmJB`drgc(lAmb|DMi$`
z_ESaTw3gxWk)x^esUD0DI-&P}>Ro$`ScK;Sto0=Pf_Dq%Nu+k%n?4R=lqCIX3?Kj4
znagWA-lsc&XM;UO#0*z-p!!-N#|x@;lJCevK}Xfl8tSItCgCC;%8N|$X$N~C<x0QC
z*?q-=9!qvP&z&+iI!Xpgl)1i`zZiT3;K|}jZ_4;>0Z=$rcgbSABe5;+Rn7bM<pASZ
zFMl{;a^?7~AyI@`A?6r;Qkv9w&5~QzEd-lKk!TySrOysZ*9-I;_metJ&wIkZe6)}v
z&tAeHtNPW!4wkO^`O_}JyLWx1!=9veofEtxY1q80Zv-#iIse=X-3>|`%H<Q3^AVNt
zXaLwzJ(2on6i!o~I-mCm@EhPCM!G<F@r-wbaowA<boHssSY0<VI(=8neL3TfsalAD
zC$7-O-nOgjm8O-SP#Y+;uw$hQSuQZoY#^z|7Rk8%rjzX$mJ9-TMbwWe9yOhj<57hk
zue&PH?w&VkR(H4j^l@=iCP4m37vR8T5x&gI=2>@OdAmfg6$)HkH6y$euNMuIk>K%N
z!LrsG*E~MuBnz%w&ztm1+LX9NQrH%1b>}|K7{usXIw(Gi$22z@rRAcfy+uD?<j6|F
z!yd>TIrv(|t>Rqh3O)NQS}?WF(Yx>x#(plJSvQE<*r7eR>Y}Zx;zq**PY%Zbm-GWD
zf+%F5C;PPBWmyJ|$`<&TS^*v}tz<NR%5Oz{10Y$@F-0RU;9H`6+`jb7?I7H=B%vaM
z<pYTZ(+*{K;Y2&dT6=Gin9eU~%gg3=O<RN6>%Dw?X_%P;6|YwH%Yyu-^0K&rfV<Y!
zToZ%u<XYQ68TFy2he#+A#mstaVQ3IT@$oM?W?lc_<xAJw`T>v1dw4hjF_%1QqO%U4
zq<)yjPoGNTMqpRHux02N%x2qhAiS%9S^QJ%v<BtEpZ+C17fpaRl85EOMd4J2=$x;W
zYF)y<^s06Hl8!}$CAYLtfi9Zhy43*W?M~>?g2NH7i-@Hssu{#`_Q8M_<j5^}$<|vo
ztTYD4nWGk!q=D_swEYyL%KTmtzTTHaOGQz4zOaDmO?6hlud)9s&Qptp>L1IX8Q<(q
z7W6eMTp^W$+9gcWz3;DT4}wAc!$LAa6T7@=kY(?o1@=(ro9Oxkr1H*rjfA0t&wWUu
zkTy2A#-KMghQaImk|L0nvjTd|x}P3YbixO2yn9>HoDu2)V&r>ynmj2XHxxL5hE|gK
zayUi-2nU{fLiV|zzZZ&X35Uk?pI=!_t6$+_nKxwn<vQqz^nlp_cEbzS35G%gC@R=9
zu$JAtAt}zy>t>&@cM?-v1*0udT$OnqS|W4e(lXx}O1yhQ`Cc>RZOlZa_BZxr!z}-#
z5}pWmxRbQ7dq}V6u53Mj!kSQtTMolR3r@EWFM9bTqv#H-8k;V=7-ZW{?AuHE<NYu$
zpP#_Kjc#w%KwAy@pQ_ZdOBJKf<h9I;;^);uesTRhxd`vB%t12E%_6JNyo+;7)f6kh
z{o;C&gWK)pC}D;sHcdOnJIzBcm)~>m>x^<c7==cCuPgOTAX>~_EZBX8-*p*nv+dm1
z$DmBVO{dIru?(Ko)>A4`3X5WBO`Ty7fdK<G7ss2nCp4?BSC2IA#A%yF=KnJA+w&`c
zXxHIv@61ZxoxP3GH?+e&=T@r`J%`rtB%(K3h-16?!sZqh6i7+{OLm72wG5uE<hb;4
zwz&c*tn+^11K!Fj_C8f}2@fzDw}B$*Q>+Kg0-INHAzJR2*&nK8E_VawhJyLGfC)Oi
zc8;zG-wO))Yj=eng=>Bb*=Xgqubq4S+=vaM-x9a_Ns_!_FKgTGNjJ$9@GjBPqFV)$
zec|NY_b-xO)fJ9ZBm8gQI&sx=<zq>7mlTJ*D85t{>T6%})<RFOq!-`zMGDvJ@nCU9
zD46*gmRl6~^67V;4e~GS#s=_x(I~cPT+vLn7%}c`Mnmg!MuBf`=J{{P!_t#G?=E7!
z33s+S%F|2fdwFppQr%jPT&B@2IqPtc4Or2C!H2%EzXW`N?!86!abA@A@M^atQ5ZoE
zd%z0k&Zdgnly;bQ+AxEbUX!Cxjlj|xFV91byK47b&t~wmRQ)@hds9>i^%Vu|JN=s0
z-ZZ<|#z8sR-Cbs`>ttFqY#POcG`BcsME_bMg7)v3x(@t2Kx}?=oD@JuCahFf8Mm<(
zKv5fm=<tc5TMiKi4<FWlxksU;Kmo)f!k}6!@~5}6jWZMRNAen{QAFjX8%H!uqFZxi
z*@0*4(mrB@(bC88B31zEQ(sqOx)K6=bMSD$$G_-X8W@pT<k_ut#<<N6!fnc&cG5f2
z+w|fvQS)NZX-cCa_&QjYvh=bV+UnBNJDF8bC{SgDl_T({Qmy&A#%-#s)W?j|1&B?u
zrfhJ~+FZ@r^s_3Noo#KI*-fUz2uoJcXu6`}Hb%HyqclD;lCQLO@iQc;k#7>AS8lQE
zTV)xr`|;N#G|656{IH+gdl!(!Zj*&vBb-^;0RiB5p{6qrD_3t16rQVBVXyK$8$57V
zZ19n`I1N&%fU{K8G#FJ}#<1G-(HEQ|YK2QyPmA4o7=7pa*8Qz5hf20ewp}Q@bQbYV
z<TJZU)*?*+TR0BFLy<=5Dy*X!SF-rG{<yO@MVqJ-q1*a8K0wgJAMeW1*>=kD2PC!^
zBZV+%R*WgGvp+Y+rBXG<C=0x8-hFYTy?2SK+<i_32+m{D=i%FPZ7SAG@(GjpO7SjH
z>InFC^n7XF<GYD`czk#`q{^%J774HyR1eO`#McsOw9U>T;~P`hhDj7mtu)Mu`7G6)
z7JbegsHs|Wb0u=qM9fE0?Fb;jBkSOKbIWYE8|;|{bda7lzGIoO8kQAkkZ-O5mSl3V
z7-lIj@H6<pP&OPqxyP*J_x#<?4q52OYlw@lNe5^s%17IgxkATDJCc_Lqy%KEERo6O
z<!04?dg(X#^&FI8SF%;F;<6j7%uukKr@@?*lbq}s=x55Te>2I%$yKxH`3Jzcvy@UH
zbt%A14^7MY`cLh7=G}LH_!JI6sqIJqdf65K04O?Jh!Y_bHa*;opPZmnOQozICgBF3
zc+`KpQ&O7ta?pF&THEoU(yV)7^mtyC<zLaUu#iv}D-7zg*N%cF`yu{pId`nb-<!v@
zh1XYF5rBSXk8F)f!lGf9*JfG@0=NGc0HZ)$zkc!+mO}#Wh#j4KvJJt4=H1Y<;u~*=
z1KYLIA++-Fys0YfIWshFWqO52#`?r&a^`XM^?rN#eMn%DR8bI9=x;Z5&v#cRTrP<?
zzPEC{<+~kso^!`j<W4BjafK2J2HK4{;W7{+GZ--lo_LapUBq?Lo*s9e4BMWTPI)4n
zhDjT4HxiOY+ayGqivWoffhf2EFh&egNLq?O)WtC*(k>=SO%P#DLWu=NOJU?M5;4e3
z5++Ju$q0-#<Vg}EZzPfi+hP?2VaXf~xMG0<))M4!#F20{AuWg+WycN_ktRtZO*Ts?
zz~jcFE=Y=zF$*p+0}2q@lL;h9*@8A&A~HjV1cWgmVY3u42#`)fn?X4ektkYil+%(x
zl7X0kY@#A;xZ5rmQo^H&wuo^gTX43bDZ=rm8x6RWY{?`>I1x=q+i)0Tfde9uMH!JG
zn^CzVaKwU8lLUfEAcVq<SDg2p^7o!RiNttEhlF?#LS@KFVn$3%OeluJFa#WIh$AGD
zSPKIR7b8t5T5dAJB)JSl6wD|yiZILs#R`f<nt`^I$s}qh$q^Y6O_&%-h|E!?8bqie
zaI~P1#?)>Z8)&r%k{KhCNTF@U+inKjahRl$vkHi?+XTqlk{Hus0*Z<gBQ2#NaR$+C
z2$F@S%PKa6NG9NrNfe4mB2btZjgm}l$tECz5D*B&um-_V85AXn9Eg&fj6#wyuI@T6
z^O?HkJGm##+Pn_&ReT2mln^k)2q1(6K>%R{B#4rm3CIviNF#+rQ4Ka?aw3vWG+GJ(
z!!R`xMHPfL0|pS2a!Dg?$dZCdAcVF^ZW2g@q@!vQ9Bri3Ns}XLHk6DskuoIIM5dA?
znIj0nB5p!p1}Gy+6CzDClqI&}Bq<V5l4KB&*l7eBN(hpPC?jOHBXL8+jyya(6T&<r
zj{}H{qVZi^-YW$gk2p@vSx<*vTA`O+eRti}HFaNhtlO@TJj~j@?#+pGVr5cma`x)9
zGq_}_Yj{Lzhi6^qGo<Hj)pJ9W*;GvhrY5P1;V6f*8?d(4m15p*MQd^4G>)wmmr~~4
zPRyv^Dw8)9;eFZF+c%`0-QC@ImS$gd-S+PVnZ0*TO{{9=8p+11FS4<$!moRy*}0gP
zQ&SdQ)4a@7wYfKT4Q;r~d6}`zo0C@V?Cgc+WoEi<yW_r+cXWR*tss`u>+ZJnFxKZ%
zX!~z=9+cguD(DQ4uO?-V%eDq|f<C&}S`g0O;#Y3r8ShAOPM|0Y0PR(=C}?8Ej1Xvo
z2q1$1!D56K0vreqhPuw`=a}d3yS=@;R<B!+6}Mk;-Plh_wfzO)-RUKQH+J`TXLomV
zk91XTn0vgcS;bwGs=2$cx<eOP6xLST>newLcFDaYl1U_zNhFd<7eg}MAWgb(XuiyC
z)kmFGDD{gMFS9O_j^xbPh%9omyD8n<+pJy!I$G6Nx!t|%kej)7qwel*wm^K5#B3&2
z$~o4}c1g8WQ>2nfB<GT(mvzf@p`!(B?U|G?U`cJ=%}cKDa(2lil4OfXcXwjOnyLb{
z@zAS^-Q94-Q?D0y4Uf7>B$7!al1U_!n{Bzdl1Z71w{JH|+MV0ko!xiRZe6;pk{z|z
z-6wZ<cDJWHFEUQrMx?&(-Og+h^Si2PIqW9JUTl2uXLV(s-j0)VgvzQtNP}9Eyy+&T
zvSmnfGdFd%_au_D7G^0jvkqjJgEKNoGe)i5-IJk`NhH}6l1Utrq>@aMOOi=)Nis{r
znY)>pyCjlHB$7!al1U_zNhFd<&9>arB#XJbZf)Ic>c@oUNcu@TyNMw8W?mf5?viYZ
zNhFR*Qb{HZ%*?qYnH#%;Nv-ztxZJh19FnAxOc|KBa<eyTNhESbC8Z>jx(OtbNhBc2
zySnu5$t0U1-QC&U)g+Q<cUO0JT#2^nxg>H$Chq3x-IDNTPTQL9&uu-OHOW#*CP^j9
zB)KG+B$XtRIU<rtCdg!xNjeE6l1T_6B%#XaUmcfkuu@xeUG$jn?CB((d%L4XjS_Cf
z%euB@oRgnr)x5dgOm*DI_p>`;LJsPyd%0_gLi2MwZt}VJSXm{~<#lCDtAuZH?2;|T
zM=Cy~mjT`)s{5qwo0%p_l5JkL)$`2Vo87wuyT?%@CwArKE?0TgjYrq(hkA}fXBrmm
z<i}dY-xeq%RzYBmyhL!Mv#oP{g6lxy>*-pw+2HXnd3d^~aFjvJz0Z_tkCd?QsP^md
zS=qzv;3l5~?}qXRCaF}OeLMj@uGJ>hPo7{aip|zDF6=w!!0>&yhTgU@4qQlB3bdN)
z$9H7tm5{x+MC(^ma$4ORZ5|kGtYEw^vo9qsw6nKqErfSY+h&RF`NKC*AdrZUd|$+Y
zH?`jGCnr1^Te)`~yxz*lF3*lSrr5A~u-P*eb?Cdydv(d>cpV(HwwxK-!kF?~?WK~T
z>WV6TdiYIdW-x8tcI`HTP1qG~hLGaLBV-v^_Vm@h==au8XebYo4H}=tL_S>Cx;>*)
zK|G;+!n8V^?|km3XGERGcI9;CbwCXo;)Wf^rDeBNj(GWM*KX2mYs#+N#Koo3>{N!d
zt+AF`K6?ePZK#Mid(;?wHW$m@E#98^R-oJuD{GsHKGLy_k$W)U>$!K<Gb1937pKd^
z=6t0_f@~R?XODn4QCc$qVZHl6f_nFRb)Pm}0|rR}GpHB=@Es|0@3(rE{`7(`lwbjp
zYfhtW00F8rLXTL}6#xu-6N$VTihbUz<VV*5lHlv+;9)^mMqsRUN4Xw6I?-crFx3<>
zQ!oQP?bbwyU%Q8t_^qk|Yrd7l1?G<Y5W(K}yW8(19bwnnrb!pO?l%WM(K}Ti2@Iz?
z`_vn{%%fFcYtdV~dKumv>F(lKaLNTc(Ryst7oH3mkj=(k4-a`hycV*DCRyI&tFL>!
zHR;hk2Y~E;jmQkjGLFG835;$k8P9WdTL9&YXL{;{Sq|bhTI&wRKpw26Z+ca@!@<p#
z`dG@=Z8QKJeRP@12z$xhovl_Yo4R(E*M@62SiRHAbE{W0l3Gs9QlX$L?(4e)H`F_?
z7F?^WCnS#B#(S8XeX8^vIntaK#4}*Ky~<=nu9P0>IZ>iH^M2MRzE@Y<s`Tx&b9D9c
zS`&W0J$48@Ztm@7p-w}14i22U@=|sX9`c=7VdJnbcyzHzC4K{aHx9j)dtmp^Gc$5l
zDPr3p12U!RBZjBE{z7muaE~QW)8Xc@52POpBrbVeiu^X~$jg)uJ>y0^c@;~;c?HvG
z00B>Id+(l@S%m{47zM%JQXeIv7v!%!fJ*h(?Po9y)|FC`Ls}=KsSlD3FF%GYB7!;;
z?Y*qIk062zyALQkx*J)RUJh2>*N0)pxF0;d*WH5R1=niCZmU?!OWsG4tmwF7<hD*j
zGj^*}0MN{DZf#C=$1;yqzIo4ZW4lf92q+#3?rCA^yTgR-2zAzue)qgC4iw4ZzS}y3
zAQ7MpM#UN<1<rHNJ6?Kmgf*pD0|xujXA9j7STiM8=LgDnHOz0)X#)V4SV9YogMbXX
zKAz$4C2sa@wb2qnNdiP95S8bbnwhQTI!6g4fJgusD}=UfFsD1C!*MM-l8@edN?l#@
z)xtgQ79t|AxD#T%<_MiVmE4}-%zn$^ao+JB?{?tKRQv2Rr;zi500G4(UEpw2ow<r;
zWo-rk7s|62YR>`h390bG74+~iF@7G}=q_Jf*RuM$@O#6stiT^XY~I1UEG^w3QQj)m
zL6WM)>=!syW<W>1;YFgv*^k4)uDqvenD>ASkOEDO==Xcb8gl?2I7>^NAYjA6xf?^n
zW~IMA7zTY)H1k6S540#E^7GYT4>qeas{B3SRR*~ZT&U<pd5~<$#O7eyxtF$#12*_K
z*V;#88-QlaXuPm{){McP-$1_fnwlAzNIK@be&$Ed<j{&W@{EClI2H}{kRyWzaMU!K
z>Ia(b01B)JDOdn`jiW=4XKXJjSry0>C`<0~mWNR=o|`&GYXt>-J;1k&=67`pthSdh
z0Gfv;^d+yrCypGPZwv0$HFMB8dW`p+3fJ-&GI%VX9BbjzUx&N{af`QDufxK$IW1?O
zY!Z#w(PFnS53w`eTNBVYgKvq|1W!y8tg6jEVsYi{0l7TFi|x$I<Hh$q?u&2$D||Q#
ztndK(>rQHUVf4;U*@ITCq{trPI;t-$4sKDd8A&~^p1HzYq1i1g71!y&bROWlS;@YG
zZ;zgfFIp-+LmxH)-Zk6ZK)AC3Rdv$i-wdcsu;9@E>`z@{Se_FNsgN@<N*2*Zod=Lw
z{iv=TntR+`QN=fy#>`M?3T9Sys=#xfj)MVMH>lV*$!sX(2@~P3h7Ar@j?cYYYj?h0
zEYO2~<w&LnC55^3__y)^dzr66Ro0OgTq*AaUMjaJc8<ArZ3-t`kFn!ur7Hz*Y7mZE
z*0HMa_A^~*UgUOa`+2@nEXG*vp;fkJquE(`#4YKvxL9BwDP+#7+mn2eLj~_6XSWc%
z)N9sg8)`|fpIF*QP1g4tuE->2@xe(IC@97b?5yrt-YHc&JhxiiRF-Ow8byXmOLAPO
z&LM(k!AnIla$&Q30YF4XKJyeF;iKx@PqPIkS+8QA4|qzhjlr#R%jS^ZGfr_x`k#*u
z>)iI{Y?^3c^DXwxwK<^;Z#uF&lM}fWmie+{%g*UrFb9MhSA~-Oeby=*P;a^CuQCcc
zz!nLu83?|!(*(tXbV~Hsby}d*aA;)BZ$?dZxz*_93-^V|O3XZFi|2=I;*5=JdbXM(
z?A@`ez2{g|%Jp?c(>t>28!*Z&OXP`fEMdx~q`jTpW2#0daoj*UV--q(Ykk7`R^M^7
z^9dP~1h!9iE#4G5qsLp`+1W^4iKQPHfbOE~K^A+vTpZ2&8j_Qb7<ltd*Js2|Z+p8j
zQ8oR+53s{NuX6fV+qCRXb`6&ZvzW83bYjrF?7dx?+Y_WJ);XGp+`hNFL=0*k#vEEu
z+?M+vyL8PK^hK+z4yU4BQ@p$kj<Gcgw)u4&%F)f@+`fJT*0?>vUZX@4-C9R+-Z$Md
zn7OIDebv1kx}qmOtpV&d52)o~Rwkj3q}-*t6+{_|svac@gke<p4dvMU25s^Opw4}x
zKr}fIRU?JUtvWs6)3McWFLiVp@64Wro?+SA?07qsLn=~m9|1t_39v4fvyroQtWfp~
z^PSfTGl3f!WnN<MXGP^v1pQ3&$6x^s*==H}+?Rl3d`WY*@Mn%4Fz9aq*=^{rbnb&U
zE@x2B5oVC?;RayhdTrlY>ZV@~1*Dx0jZCk2cxcSggMbz{s{$R`M)KD=4)oX7YU{(p
zJIHE#LniLtR*cD;S`PTN4=SPI;nC+Ryp?2}nVgl1>jnf<V+I}f$zLKq25G^i!BfT8
zyvp%@7!x!BD9vorN=p`v6-A;jM#WT?Dos#g4FHzJA35KN>hb2eeDTfBbHm#6=)32q
zzY0t=)LAC*Bi<wuY-fgyTgPU*$LfT^-Im2S%N=^GRwylvV6YVuB1y8E#-m1~QK+u`
zuRxZ!lMrUmd%C-6%b=F5I4pojC&c=qsx`7`#R681qi98uNdS<MVHr1&-n{O-(dBb9
zTZW1xWgF-jfQc}B4xt?D^uE;ClyZ4Y>#Q_*!n{+IheOO~w1IOD1LI01;X#SdGs9V)
zYtA2?H$Z)(reM{~AE&pcgyA_WJeUKWOi@+wz1&JZ<c50kwT=Wbu^E&pkp+~!kWIZ7
za_YM^hgN8WNTTGw3C2ad&>Rr)^dByV*N>38`JNfH2!|I`;i+Rht{%(FdvDV#FBstD
zp`p3G(d4I<Q6CQvX(McuvnX0fxqZ^B9c^`1`@negO1pXO%bm5xQ0hvJj{)qBA7u7B
zBwOYx$Gv6R=66c~csiNvm!0T1+O?tU8uwma_Mob`S<}Pb@Q7AvtKqIc1QL1VE3eE2
zHksn>_;`B;=!Zl0g3ZY#2C!GQj)1jX>rO<0+}s(1(?eb%eLBhN>Kg%M%)x_$9HaDR
zjYXc<zLm97Ywm^7!Y0wmtwX%J!V9|&^5w!!q}&!wHiuOKnw;5HLUPJQWF6#LbRabp
z<*1l>1#{3uCvyaKUKT0`J4F!kP3kk%e4)<5ngcd~crY4|P$r)o0$4pj)2b36C%15F
z_HFgsr2>6S8@jcC5^@%BtK#Av()^BI4mVX;V+V$NyJ~dMZ>&_8!tLK{&6~TZ^xY))
z4wbuoZm4M3`iU(jWmQg0jzxU+4hD<pgC0I9_2UCbDhQ-{$z`#+k;X=w08oq|I~9x8
zl)T&s<gOn+z8vqjJ%5BktNO$$zobH|;vrT1Qi)UjA{AVSReoPTxW9n@f2sV<{=cQ@
z0q`p^S?yRFOaR8y@<;6O)Hlp+I$vnEygHU9{Lv85YG<9z5bqB!V^oKnG;kFMT`}@&
zTCJ9EGh2eGjJv>rNH6-e^7(Wyaf5<Sc3szPd+WKCE$tvpebC)~A<>@&wG?MnRY2KJ
z>rP!J`=0LnS=56!!`MZijsllb2(2WLkVaS55*3!)d6n3PY`wm!1WQZj&)j%x<_Zh;
z^#`IK2HTwfZ{=KKi}qu*AowZ}@7MLrnPpW|?6_W#w?}T@*SlM<Jv3Px_1<L>@pK+M
z84$XQtOC99->`?q{z7|7=FXYKKvt~|KG^y2+h@tMX3O^*1idsizRzWRWktK9&pV$H
zji$U*YR%iRZ0FZd{ap_+e^0Z9;p%ynd%S)VRW-pq<S#4d_mR!6mU8(FHuC<Ys;*UI
zlf3?VujW0X$4+tay8f>CEHSXT1kci)g@kX_<xY)CL^8A?W0rd|p{G4!e$D-D14r+@
zwsIaEerf(;BE?zxt=pYg>6TyFO(E0`P_R^I6Xq-GNN#;Rm60o?{_89I%+`(H-!IPJ
zbc%P6zifKnLUBP%>ATd$hmGwbbUxFAWM)HEI=PRk^Rms|aamPR_uM|0knaq|+||2~
zJl#~|-O3m{Hoo6$RCQf?6v7-aUnM?VIxOF_As0jL`tE@~b!D#jo86YF*UjhK)9vV_
zgvlROeJtees$Jhshq_54AGr5-aG!DV_qtOb@6)e!VfS8%S8A5O+qc)5;P+&TmMwPQ
zp6;`!L%&D%y$^2tRZS;$=Iax8UJJL^oT1&<UsQJL=C|}4uy+!q19!#cD2Q-t)`=;i
zPnJRhAbe5cj+lFpxNvtoV9jiV+b7pKSFUr;-gY#EDN(d-ETW`@*o@Lh)UlCAd=rb(
zhh4TdjlX1B*03P*o|+-wt5NSLLyz*%%prsHpK6RL8+sMqaJp#cS9mYF_CaV{-X`r4
z+ncHooI6`DX2PX=a3vL~SW&w*nCokEp$unxkQNC9M=0b>^=?#B`5gJ}-q<7T)EzXU
zNSM3m5v1YGkxA~p-Jf@BLO$y(L0QWPRIp}>t~`Q_Jg_+n+a4Be4JOiN$}w3snrwlQ
zW^B_^q?DT9YihQ(``@AP!Q#6H+qo4LcSP0s<TQO9c+97uQt)Gh0dRwZ0H(p02X$N8
zT~PZhuL`F<)b~P*(%wt%JSBMNE<+%>6%-#X@w(+FDy|l46>n|FgV!&4JS0Ath<vL0
z9`tPa;k&xyJUh$FyP_P`L^-Ox9vC)zs=Vca9X;Mz@;ky25fX+W@WU#IjQQu6mv}>!
zL`Eq$1`2rcQ@hTsa=k;>aU3J}RVwY|(l55>le+Xg(Z>+V;a&y=g~r)$AtaJXBq9q^
zCYcT-Q5RDpV|{=DyO+UN&hD=0^<NI5s`BbPp+%V_t^&L`1H-_<v0Es|D(>pxhVDvH
z%#z3@p+u;UViepYMuf=ivZ!s50TUbHqr9r~VwML_74cN^JIQA7XhdGBs;a8OD)$N4
zPGn9ficv-(GY67OFxbj(0*ew#B$5Pz(n%EAO_EMj9Fd^|3P8?8L`RsVid9-`%dWej
z5y<6uRq1=FlciPj%bt6x@TaPkSGaq!#d0Yqw4uX#+(p-icz1H}%F3O0Yon=2X#3ZE
zc=_Xb>hs4_|2<oJvPe=;nN`XAJnru9I=OClTvqDpZo9jo?&pr~;qH0sx$cO%=6T9J
zb(lrgB#*>W8b-BXpvIxLMJ!P&tw4j3+6$Gi>%|>{vvO5ptT${HrE6vvL~taLh1Q`E
zHADnJzzWp^##Cm(140kWjdqX225-7Ngk0LAZ^Zt({{6lauL&jVR{dQf0Rjw9E+Jkf
zxN^hVOzXU@>N!Zc7u9ZU+O5NRb@eA>>=ZN_C-0T!tfjYi4N=)&e6@Fc^7`oa+4tLX
zx#@ZKFSqF<oi~?v6ZDU&zLs)#RW9$RL)|2ikF@UY>^k_FSTt2?z~sF5bfO$@AzVu%
z?yHBegi+##!C3A=?kZcvO;obMXeQWXxR52b%!m_&vI{UsHc1H*Fyc}$$x0UzuO3$V
zxq7d7lh1uT_uf@rrBzzV2_UqgKuE-my@PC`5X?)-5NaI2dJ>Ja0Vr(_)F~vS98g4r
z2?ALyrXgXdn*@TEFdLDN35>xTVOQ34K!QkMlYrbrqKG<!Gpl=}aw=;AG|){iR_`{_
zQ#WX-qfv}@QNWkENIlL4!=D>>i8}`l!mb&|n*pdARF*mpvGNJ!Z$oaj=qxcDH(Mnj
zs#OYGdfZC3&~Ys&lew6U3Y}HM5irKISZ6g*ONEkX+Oj_ByS6dVJe8P*E1GdO>t&<~
zAw@!0DV*J&pn$9XAb_jqnv<U4fzH;%2xP{_%$W&ckZ%w{0D?h21dvJa*732r{AcBp
zqA15FS#9m8DU}GqNt2wyKqQbPH(d1N4{2WsY`SO%R75A^N}R;5V5b@_s;`Pao@UXa
zv}|T9Nh9ZezFm9$z1QLxnItg{5`T92(|LM6ckz9_PYUo!>HS&e{OvmEidexwgjFh%
z%50k^+a|P?Wi6>~ze0&5op7<B$s%Z_qgiU#_bRm|Rw}2~RhcSt3VVKix~TDzUpXfl
zW)kBi9JGttGN&z8m=(=Maf;d^<b50o*=XBsaaz|Ut*>?cL{>F6RisNAYwp_HtKDzB
zxB(%NL;)C(H&t%!`7blv_wO#He|z3d|7*i~`FyE!ko$RhJ^M4FkC|&Mt*J7VD>lk)
zCfZ9?nzu;67$jX=f=n$UD@2spMH5=D>WH6;VoK&onuFqR&wm<wzP~GZ6MW*fm#`0l
z&3}A^B!MJ^BE}?)jD&+APsoCF&xtwL`|rlTyI1|VNs%z3Uu$iDHOAdHtxS6Z><@eF
zp76QOUcNeM$?_%ToQ)nerBl+?GK{7RRt*?vvTBoSYHfaKn(J3BXsSsd$c&1@5`DX`
z?LSQhip#c%Rj74&zVo+V-<q+EYi$%8MZVQrzkTxleEG`j?fVTBk}_CeF#$7C05B$s
z_igh*<1$DmllPOB91w>hY8>zPcc+35#kQ2%O=?Xkwv%a7Wi45+b&6!gh=AGEZZMIM
zkYggOf<G7ii3;=V!Kd+7LD~9}_qzFBb7s9!Ktt3&qaqSQ7K58s-#&M*pET;fM8;6B
zHCfDx=PCZ5zqfiOd+C0RMx=>;d;OacF{EXpSgkB9!HiZ$D@GQuVl{ltU94*)$O8Z*
zWMog}ut(bO@2xce@km~K<z8(smfG64yZSU%lQkl-iyXGv{{Me*KcCjWts$8*GzpT)
z67yQUYhA0azQ4D>=bOhox3j<^B|sz$Dx}=Ke`dA-7(_QFxh<(mT5U;Wt)~r31Vow=
z9(8eZnz@Zma}r4jQ2yH=fT{<8KeI68$kro9&*)aj7$%Y>22v=~HfW^8WSVQ`t+&sA
z%RZ{Ff7;gj=VT063rp6m^KO|h`k&j&O?yV+{m)Bv7i7Pym0c&C-Q=g&d7Cy;mXxVY
zm9KX#WXW1tQq3imcP?sERF$?{l%g#oy||SsYl`GrG*xj&KYwpeZM>%Mmi{f>HGh4I
zMA(@|r7}`l8MM%nMn)tOL_9@KuR219!`u83J3ws~$YT}>5t@xK*&-}#P=SjDp{90T
z!woeWFui<7>mRK@Su%Ge7yZ!cE-xd#6mGk_&R7swk(g;@WYK#$K3!9bD&fVJZ7UTv
zw6j%~Z7r6|D<-#6t#WHilB$^@5=lxTFuZG=u1MO;jl^y^K!`CveE$7c$-COky;cq`
zvRG^2Ql9@2iXkB*Ad*0fNiCyB(QS=mMzUzMn$l`55>jl17B%-s51l|k?C`6B_5h!t
zWF#abAs87kF15DvwAGfIYE;@DuH#XWHNR#4j}dl*ND}{#?E359diX3_)}{<KYQru#
zIZbPRmZwvja@46cCem#sYb|jR0-eqcToAFKBt}lBpT}m?sY7vpJpzFKL&5}7WNf7|
zNtv|N%+qPIYehy(%*`1n)Rv1fq@b~?Dm5f+Y85t37Byy8O=DkmTV40;0e^@>cX#KQ
zJmly0QQORlmN<HXpa?+gfCe3S9V8MBcn%QQfsBw!t;z_%8Yn94Q4}C%1(?W4K*cb}
ziRpRkk5K2|d$u`f1d<G^mW-qvjo~58LllU-MAu>?1+WzqM*u32<|!b+U3o1sWFT2X
z0uW2=a4E5rF?)6+-uKT$=X>68Z)h|&MikqT1|<r!g#a0LJO)C<H~=BoAi|Kq=rQIB
zqF^AKl}cT=&r<aDActe#@$<q$({AWN-0VuJ01^#B6@?shHVMp-AOi}99kSIBq?)QW
zKtUpfD2AYp3?c*qDr2={D0Lfn7>H6us)>ncNf=j2I#r}(vMZKhCu=sdqauYPB(yUz
zl7v8<y2wZZ>V%BB1_vQj;zMeSI%^h8I7SIuSgtL@jzWzt8ZmNSYig8S&)<*N;r+VU
zWYmFuspUJrb9d*AfnF(@KlH5PWYA0T_qFEG_P0|;tBaN#1awvNS=&fom|pX48$|K~
zD<B2c`OO-mnVDwj67!^8`KXzp50)>X9r0rR%ep^V8jkHByH%POOnur;$4S_kQrMiR
zC`KtP{cnN6y4G$p7DDrv+40q{v*+>LtbZw5E$7`fT==^BtU<b36YqRe_~VgRp6|`r
zyU|l3vDLi>Wl2x!>-cZm#r&PM^ttu!AZQgLt!7#5wYQWn<=uUKe`Vvpt}LP5_j1DD
zefIr-JrdW{FSqRbzG)*_J~>fUOs}|fsrGN*Y~$U;{UgrqZ|uRYN~PWOkavCe-+lJ(
z?(XQ>-PxaC0r0<jz#OV-Gewr!8AQ|C+Dn^YmTN_>aJ3ek;e#*;B>02vM$cEc`*#?X
zK;Zaw-<ob591%^49-Q4WkG#eCF~{r)s;leqM?^<=6?*2!s%=(KhTd*Hw}$(2q{)iC
zmYKTi8nt8It466FkCWW(Bw(>ahZz?Ph)1$U5rjpN2$1J%&ShUGCbi2rxJ0M#7Jxhr
zdjdkU%iKj`>Fl|XXP1P%d=5?5op-W5?&&(K1<lK5cINmvSZlvOH*8ovYAX@Bw+OCO
zq>RO^)KYS3W{Z<1jksE~no%fl%GD|Bs<4xXBlDN(URMv``ND^<l_$;x+W`aU8BsT!
zDf7bU?(ZR?PD+ZE?(S}nJx4BCcsOt_+X6d2aP%npFr!MIUU~1nX1Vj*#i7NFh=P#&
z=S|V`zIRtAs_%Ljh4B>e7mtqFL>Ce0o4n-jZFhKZh>yfs2j)S`u&QHAwdlekf`Ws$
z2<6@1AA{uDhP2Q^9Eq|dV7%IqM<humNlgnZR9`*$#PiAS1CY!2%_ySiOIj&0$`Fzy
zn1Uy(k+7l&XJi;@Q%R3qI_s|ij08s5a!Dp2Bpd{iD<%?2B+c0f+MJAEJyh^<@4ekz
zkE;R4lHQ?(GT;D7!%0M&1`;6#l5vPUJ*10h(<K>|XCOtXFyX!2s(~RP$s!v#GG}Lf
z0rSqe_|JLgcP<oORK38fs9-Y^NG=2o2L{4H7;u+%NaE+FH4Bh297z$QNF-43gOvh=
zfB<EE-Eol|3(FD$<~f_WMR_W-kU)=Bwhlx{L%Y+@Y<us#TChe+B!mehpg|<$B-ab6
z#UluOR&Qdvr^=~&si|J)z43W_&fr+j5?0A1as-e`LP;d5*=dkSB=uPr2f~jYYUu7?
z6%7vAS5rzMZ&)Le2+=5lK_KcR0zojeq&-)1yo-bAuO6-4p&n`>9KFkK^65<G@tJ3`
z*4|LR_b%(}>t6|w@CV7Jv2_~3-5tSyZn4`gXWdh^N6}5ry7dE_zb~BoOuf-KeS$iZ
z>yCE)$GeI8N1fc?*@Ik_OS|bH?)&e)`|aJ`-O<)M6Vac&Rn6Ur5J+DUs13nRC6}@t
zEaCXamJ|hOFx#aNS`j9r9CoNjYuU{}V2DYqLKAFB%u`HAnnXDcK_*8cMAU%N1z{3M
z1d26Eg|*fr1kFN16eu(jS7yw-kp>i^eHe*F%?N@cuQd_EOhFs~zHXFBp<6SchaynI
zh+x8<E|Do6CHX^khpUZ!t5+b%L|h|5AeBWioGl1^4#h_y#gM&cty7USIYiZ3MMmXx
zg4$(-g(wt@mj!_hO*HSh$`MtB!Bpa7M#CWK!ghqYPBUwwA=VmKO7$zmS&|e**b~`#
z+S_2oTXA#Ox;nTu!`GcX$qeAJaCmIW*6~|Y<)9oTs`b{2F{w4|NGTE)+L+oW8aq_0
zxsvyFw_WZ%9zw1MaJUFVp7rZkoa7xdb`i<y+H!1Nsf9$BP`Wv;yw0=FS)iLxQ*e3d
z_}~?i3H}f$1QQBW!nQ>!N+A+el&V9ZHlz`O0f0n5z&+l}d(XVAeW^#Us!<>r&?yN6
z%ssPTQ)J>AS5`E|t5v0*oE(iYGI5IcWaCicv6if|ShA!h!5It)hQ>oe0_QLBvr-_-
zEKPbxG+{;BbfSZbl?W0i#)S<cKu9LIr?@GIKTiI0c&`VCw?gV&aXDO);+(8n9q-SH
z<jW49ua63OWs>pipC7MEdZ(%Thv!Vnwp&exH6^1`S}kcU8k1`pjZ$cejcito2G*sG
zjc9EfQ#3qDJ%0ZWwt4kva#1xzGL0n?)`VsMb{s4)vT0hciu>2?r|<W<>+j>u%^H#B
ztFHhW4o*(p*>Na@Cw|`rj9M&OFvCcFIT^}F4ji0ZI9Xz0h8i*O$0e4VQf(@0Y_zp3
z%2_fYkrBw4alh3%CPs!>n)SLeVoe%#%Hoq2Q$s@{HpLj7_iek<(zX6;a;_Px_rP4U
zLhL^`%y>^2Wq4dmlHm4L(R8~$x{I-P;W;x?i-|cW2fv;v<vg#Sv68WAD6J;SY-=X5
zSldR8jZC&HM#hs`MAl6ulNx1{7K>!GnAT-X(W*6%8*Oh_oA>gs^}G8YzbE*3e8``5
zCZV&30*xw!Ix9mmNF^>OLQKmMA~-}8b5yHJNKAx{Z@ru?D%8~$H9m{1zk8oAZ(hHC
z-oGA~;P66$=^jn?^8>IrJP4^43#pSvmR5~c89ZF3V;gOyHl(d7X*NxKn{#VK8-I&6
zG}8)`qH2*4s!nsgxuRi(x^f7JM3T&tCd7)NEAMqx-L-$HI2@<9O`TQPaD4S0SC#9k
zy9`);eRWR5)$jT6o(G4#g8X2k!c)vuqOU(1>ZfeBrmKGcTNaj9EXk5&%{FF|O^p$%
zHd50zjWX11mXfil5}Bzr5?VDSjTtqWv{p1)5Mclz2?o?q|2Uj`)Gy1g^wG_>S%w=;
zQ<{>gV)WYw=J?}~*W>)Z@&`LLbClW>=%@Nb)YPv$%<ikHwmt|TZv+I%gE{{hR;gLM
z1C+udbPy1kbRr{>Kv2<4%$Mrt^3`^$S*urkwag<@c=q)8^i}IBn4|3Wbh@w^M`!1t
z>nfV6?D+WcJg}_?lyOzUIX!h9j>W_{k6k_dM~d%}_dbnnGgY=NMH_5eGh)of$+2QB
zGOUrcjg7LFi&)YD79$|6j)51SLH|?noT`i>P)jUI!o<Rj0?^d7KfDRlf6^o)bNBcA
z_8K@;NEr@JeR@R=f&hSi0&F4ze~gf_sTE6?s*qUgnahnN#-nXqZF7DQ@lOxlW7=L5
z!pLhARP8=zL%E}_Dx9ftz~XX!br(_ExGq)2ekVcJNm?QA;njB%v<@!he(Cbm%9*y(
zR*2a(7~2+^Z6#$k$zqM8Y|>^Z*)5Z4BN4SpQK>6s03-<%kyb-OAori&d;R$O^+>t>
zo9q0+_I|#yS!tO@LJ?SNHB6B3MGwy*^lk@ZU+;D9R(-P<_bk*?aNTRY^LNd2JXL%c
zsR987_#&%6(G{0ksY>u8J0q1<ge8WEnv_sLfZG05c-8h?M+PHO<y=bUH4Zpjk5^OX
z@ed*2XG67mcdDI6kPPR#7f5Rt3<Sae5Ju=yrL3!emiX4ur75Fk!daUXlv$aXGcyxf
zD<-CGMvWTOn^`PsD6m>JMk^APux_^2uJ@nToAdhz`Tm$a`UORPOAxH#s!=6Ss8z}>
zT4I7ll_qmKQd-7Znat4?s-l);ha%NWs;X6~6{*cEshAVtQ`7o?u|An{QSZ6_)XP=`
zcgssFo2ON(-sP!FO0R;x%}F5%zrk^`<U|*l%R<#uGOJNjBCv#|Qi$q(9I6P1QPq{J
zPLp*4ufCgX9vfrRvDI{a(}Buz_vq^F*Hv{ctMNK6)zgY`9IMAg+I8*u@Ry7$DR}kL
zcFJiweW%VusfOAul*ToQG;N5*A)vO6nTjgKsEw0ij8s^&DmF50;sXc2yqoaO{|q0)
z-`z0GEJGz}Yf}v}rBuJe7~ekud_(;C2c-WszxVy-&yIOK1<pspWLoc*YkYzL_%mf{
z^?kW%X4V-c6E%O1vxA~Wr6s<#vYR7xaH6($B$ZKOt(Pu5Hrxre$+kb;wF*)|Mj{$*
zU6><^+p&pdwHKWiL-WDK_2TNP><?+c<$%I@aZWQAPh@U~aSL0<w!Lp0|10F9QKnl-
zR8^Tqipg6h%%Wvu1)^rAXx21F$wjdwS(r^yUTW68{QC0ii~Vg^cD@tvYPAZLl7x!X
ztC<u=MWUKy8wxW-s<k9T-~xD)_xWSr^WIE3pX~`Oe?feRH5-XM{NOYg-(#_a{eo?e
z@GDZYIcQo}GlZ6jL@yPlCuPG13Lsy~+r=%bHC4@hu7GS^4}V~|hR^oJv@Zd%2GwsT
zw)Kxi>5Mq@9Vb)Hx~|zVaP_NoM_9^q>umOTtHTnt*71Lv<rY%Or5Y%k8In+KG?|9B
zMW&NX(@chuOp7HlnKF{l02}%vKIf<U2n0NkIaO3tAx#ueG|Z~zs->~$V;_IR{EPk3
z{?FOW&KdsZ^)xLd5!ioRvk(Iaqy#tm{}5HlRZ@vQ7Er*TxnUs)jGu&YU-3)`Shm6e
zTCh;<1GRappzV~bk;{rXf?}>*7c7;caXy_??h%r^aV|0zReE~ru9+pIJWrmf(*)FB
zk1w~x*xPBDGfcEllPwxGj1yKOW~8@uw%4n$y*KmcU3K*UMRih0xCCyf03p$4NDek0
zQh;(kBit7oz4N-9q31q4c!W!~J#idLD4J*23%vK!r)a(MyfRdZ3J0Bw8;b7qy*v$2
zNw>aw2v%kzLyEbW@KFN<#)XE2@Cd@dV6Pzn2ICMA1*|mD1PBZg*f7XzgDVEHf;>+N
zRzXVyGXhzGkg$e&oO<J@cLz}lD*1bEz;YPk4)?<2)DCz}&OGZ*IDA(XVILfOaoc#2
z=^b&#T(TUV_ZM@IeNN*Zr@r}c98tV@7DIa+Neq(rcO$q%x)x=gCqq0q+}BOV6T*_y
zGu_qI40SIS(!n?vB2gJ!@!hVTN1KD9&gvPf3CVO-I|xTF1oJt=y6L3m=DQ??2+B7q
zcFWyK&4|0Zt3;qxsA1VcuI{e(00aJi6Dog6IlgQ|MA^La14iwP!$5Ey+aw@h(YhT>
znVxHXqapryhOeB!yYTOHd91zYs^AlJg&uc83TLxg?xU^NvT3?w!c%KfXO~ZD-aGr=
zW6QUzh(s#*@e`-Zuea2T=d9(5n!k4s6$bYT!xM+6w$h>p4P};^^a24$;!xuG_F?<w
z)f?UT_DnHdmj3wd(%MYVe(Mg6y*{i$O|dEQc1n`{GrO+ewLdiXP;wZ=4F<2${I#T)
z0NC|Bpd(Azba~V3c75tNskn!%nF7kwO2+xJe|#W)e^>escTgCG#{mSgQ3l7KVx3*}
zRtBzJblmy7cP9?>>Ms{XeLm0!JT1q)>pv5z6haki@r*2$yU%8{Oh}N*%M|@vBNPaI
zJ?WtYyo9p?FYGd*z<fq-^1wzi#fo?sy7?tytwF&W1Qqr>d#3RvT0*!pa@lSaBDU)?
zeEyxX__JeJiNC2;zohLIGS=^}H#MKPPAgpGbrZU~^6k0kmy%r(iDf0~^eYuux9i@%
z^aiFH9-5}9Yx(YoLek{n`ASsr_gd=n##|@0SlORgZ<~9d%s%2R=Jw9$B#AG+`|UAW
zf~S2|QcmH!_Uyr#AKUaByMJa1O6sUO%a5}!aGYYPr6YzI<Mo>ZrZi5u5<}+3*L0Uu
zf<+~F+h?nhB{?#!*d&)yqBKF3Fh`OY#?WLSohhVG<SzNrVF;2z50tB(W9945pF5wX
z%fAEcQ!Y=UR%nXm(Wy43+R0pM9Ol-dl(H$2mSr@q5+LHhaNr;jfR0>HOHE0e5GF}2
zZr{^&18IYAY%y&ijgXJPH0dOKAn=2S14!?^nElsyN=W)UzY*;dl-DB;S1XE$X&iGX
z%ptMFOSeN`Rz4iq-S01+biV5EIog(sCq8Se=gv3}-cRG*Y%iqXz(S7#8iDvM8jyAN
zX(W?`hu+EyjDwtl<V=a_b>;QvwcNq5Kxw3-LV&-jA}wW)hl2|^P)CBD7)A}glIb0<
zxuVVi+tc4p+tb`q=LU;e9qUCiNaojvIP0U{9{@FYk3WwdC%$*;;-Q*eH5y4(!9sI1
zq_bO<IWj1jizhiX2+1mQA*?mYw4UU>E=cg;8G{%SNgE=z8`kQo95uk4AcKc6z(xwH
zD}_xILl*_hSGH>!%B<FlWF#R3VHPIM8ib&{VI*jySWLJOkO48tI6%B(BE<nl=tZ>3
zGnP{7gi5<Hl13Iv7c_uK1cVs`g8@Y%kflA^tCq58BS|<&+$50^BLg5|Ahb&kH@cyw
zOYrwevZCb(JHbh+Nb}Eq_B?Kq5>N*S6bCB>HUy^*2Pi8M1eTl7d|2;xRn|QB*0?;P
ztUWXc?{|XleDrS{yRIS9zGH1m>DzilBpDEr3B7A~m6>@YU66SuY?qYMX{vVlRc%#U
zG}hhTU2<8Xkq1(pcSh)pQ@e}=iNrGqf|8O%NXu-229iZ33u<75>LiX}PSvjl*OY-V
zV)4!cj&kH2I5R~}O{7JZrBX>HtpFoXM?AtYA|xcNkgP2k8YUqKfuhbvh!La+4iy`S
zLdi@di6%D8C`Tf0WC)~TiKU1q55KRZ6VL|71_cVi_sktwEsH-5=cAVI)m^1x=pfFs
zNLO~7cTU0#5e3JLe6Bjo?tf0%d<#0@S&!?h&iiL>Rc2y8Pz%~LTv_2PP}`gWL%w$Y
z!L2>i-@D_uIL_Wv1Kr9Lo}R(F=KZ?|cO<_1@3tFIRPU;)N!&Mn-Iy~Y`+lt-XWW(C
zec71nsX|FvhXTu`3o4T-h@hVK(uwbYBpL0am!x_;+GVcPL>n5--jlS}5PYaTy!dQ!
zGPZ}Uflo`>y4VIHM`3J~Cr-B6#wdhA9w?H{tank<fR*%pQzhJUrQO|wj4nJkx=FCT
zTUMJ}B^pF)38u;2ByDJ*Dr#CB&O6A-LutUJp^H@(gokw5M!-<!5H(6+Fgqkc2V#go
zZP9Hxq+P5MH7jdctZsKU3FJ79g#=dXlXXsR!7MB%X*=2_qfQv&Vhbaj6Gj#mIOdTN
z2NN6J*K?mV83+xO8<imX&N_Kb2zG;*WmXcg(1yTupr3HjLXf$e!EQX&wlZ}>LWDr3
zxI4BQxxP}g+42%xV1S?Q#=*azp<iXCrc{^&ohuAPK+>!hi4rQ6RFR@;S2lvxIjEMZ
z7;1`^Ath93@j;)?<$LGvcY3b!wsb>#ttD^nd+yfOyi%&vrL?}HvS5M8rp`s!H}}vY
zN|B|rEkHyhj3m<HW+jG7ez4=F!KXCk#*xOemBg5$nYLp!_{{W!$(59S{eO(Au1^y2
zlCn;sPO8Zjv_nf328^XAug9QzGFFuFA|ACO*F&QqXpUD2a=_G_e45{%1I9%(7ta)N
zlF)teS0*W>dwJ>g=#unO_od%tsd%T1qblm@zu8~SGD%}7K&Gom!fZoEY;E4Px9{`!
z`r7qe+x7mxxc`d=z<v;);J{LotkF$V3L=RG1WH}u?*JF$KZt)t3As-`{QYyTtb7N}
zUaXw<&7voyPl_p41W*_aB3QOajg+>-RHaH)mf0%}m4ylvoBTc^%0)!7tol626v9Xn
zq>z9hBat?C%d#Xe$~3v6sX|nc=7DWU2oVAAd4K?59=InAg{V9A?epk8GA4!U;assy
zM>wuBlOp?(^Y7r7idh+fXs;^ux(?)8Clk7LF3h6UR~OUmttm>%Yi5>9Lo%e$LQEB3
ze}6yU0YO)pKhy;s+=L<V7Suxsqe#*+HB3ngLbEE!t4g$u{WjSA$M~E4LzD0K&-P$>
zu@Zu)p!(^x0Hf5AktC96%}FNNB`P2=zr)WZ8OlKpiltc;htqVrL~JHvl0jNyC=;+E
zqd+`zw>(PY31m+vsnt5kEC=KCK70q3RjR(;t9t!<SF8#uIlB~FNDL4UGl2v5n-^pt
zJbiSXurgfjbe*tdd-gr^mEj&E*N4sFJhE!L>kq^2n_|YsjLnf0RMCwTi6bINNQRXF
z&pXgQ&*S6$RTb&Jk6A`XOQo1aR#{R;6Y)Zi?EgHo4H8s(z|-M9zrWq`e0;2u1i@0E
z!DQPJNfJesHHN__`S=|<$j3P}_qo>MnZ+kLT+tY)h%%cnxp28mQ~)#|qkSI$4{`+<
zsrP$go}L$zB-Fbny>u?wMx^);&&P%3VUyaQT~*k2i}TRv?Qkv&p1MxiR+FgUa%34N
zxZ*g-Wp00;#%U(VqZTk@8VZ0YlU_A#e?8m!{y)mLwO5YHIB@t_YXg)?Ck(<RO`2y6
zs5BL-+7_oy8ih#*I2t8KRM9I?wN#?A6)LKTR04>bKL2SuRsM7R_nECj{n1;!cxAG+
zQfP<q4MW)t)U31IJ`{u?ALJ1*2r8-|pSWRaVq#d#Do7+#S$#JqAVd^QVkaY*vwL&W
zso-BcT%Ug*rS$YqQuyI;x$$|P1H@w-IIcr0N1P$b7_@wZ<x>1TdspiE`1<$z^l!6~
zRsPI1EtfW}Le)QiukHjF@pvdqpHlCe(L`Vvt5+;vtMGmjd;zol-*&26r$1rb7?DIk
zav4%Y+Dj!Tirbo{mG4`WIFHwV2ZP0m$oAs6o~NSp=!q7s8VdblhUX9-Dkb;ce_wsy
z7@kDx5o%c*NY$ZM8CpUmB0xT8Ke65lkRp=w{%_&zhiB=uPyqf2o4|z@ifKl!+khQ{
z`<KSFADex*S>i&W%mSBWD^x8*M=RqTbYOEH!oh@Dl&65N<rF^Wzi^Mx2dC*(L0@Z9
zO35`yp-8U~iX|dQ+&_T(Ei!EXKSh5Z=3haAetnVp@V@@AAJIG%W@Uz2QLi<K0SJ-=
ztyY1ywaX9Ta&{VVtPTwXm1TXq967orTjD5xC?WiDU&+rt_97^sxNkt{Y%u<Xo03Kl
zJZhv+(}kJLT0s(UPEw>v+C`m|M@|vgm8)Svqb?^%x>==Vsg;str3nR6p&&kop+9|p
zYp#2RR}KJRG+{NW^Lwx>DpaJUr6nw>WD_8V;$Q{-2*S|J%+4vND#W%%SyRk(2u^_n
zQ3-~MT(G00QDF-@8A>@14M<z=Ezkv86UZ4<+G!=<6#(d~>OIpu@%6k6Ys)lngqo>R
zih`1p3@odZDU~4%A{*>6Fo)#x2XXiCM!{qK3Lj8SKW{~IJ|`3OCJhOQ8FC1}u!07t
zNtaLGF5%~sWK4*4D!3PCima78ndR6?{nHP1x*g~0q=B(C#VDtMCB+NMNdpMJC_bVO
zywxvBZ4f|VAB1xW2!Z@2YKbU7#GQ>;ub_LQ%YhfBVWsni-X2Q%=WX6}24E1DfCPgI
zkP6yamB#TQ0IY|+<KH~-TguKiWH?miL)RK|;D;eA7Gq8}p`pAPMG!U<41xlTwV6b#
zGHGF^K#|JUu+b2}j;2A<5u73fgUEq&w2%@v4q_l$p)(zF8d_ll9%I6eF;+!caN{Qf
zEysX1kR~w3JT--aDAC43RW|5j2?mKo7(oI=06?+;j9D-crI`p#MQu)8$_j`Q10<wl
z!60ZnE(IVYGz+b{Jf(_}h-~1&S)y6Boka|*BGo#^WL*&pqd8)vota4)Se;D7(Q1Su
z&6?I>7Xm1V$+S|Fl?fywL7~dpK@eQ&jLsKqNtYwEQxN2xOD#<i)3Jub`}kY!yZ$MV
z2|R%%SDZyGcm@NC+2x~r%<n<j?U`w7nC-w$5`!k?C+rRR;RmvlT*llqBnQ2yDr8dh
zLsJKIZ!S)AZvhl_6j@bKvwdQ(F0c-lg;VZ?9jZfv%hNN5X1R)~UAx>(q~Td|R@KNM
zu50Y~5?;_R-(Kx*{kQkq_WU|Oy}MHK<{ArY@4oFs<>ly3`_w)zZ{J>hzkGL(*Io7Z
z%pukZue%i-Vc#)~_O-ptbQ|!%zQtrZw8P3ax9p5O`12RnEq6!lt=&Ue6#{yZs+Y$Y
zy@(qan#;=@d#$}2yY*Fl_uqHcexo|Rs*-mH^KxcK_WWkFwyOXm-uMDN;75S)BQOz!
z3?GovD%%Z>_{k1f7Yl1ZQ3fnlXiHU00y6n{c?)ohz4AgE>9vPJ-svF8SzKWy2(GHc
zgS7TM=a-9yq-HD6cHPnj#pbvrRqn&Vk)`tWPBO%9?mo*;FGV{Yxf#khdFjRw7%X~*
zeL(nb<%Vm)fnW*Fj@OMK$OZF6J0m^q97uLeGOfjiA;dm;J>2^eY;1p2YAHCHf!8XE
zMZY7tzVtn=?5F8<-S5X$(r#vD*d`!ANDK%e5eNYRfS00JQNs9399KeW<jrMW7Qldz
zNTUN32MMBp$SsPfV1~!W)k|=i3s^uHYd3eQyu2)Q0}5cE^A<k>m;j(q0t0|2erY$H
zHaQ`V4FFNFlca)4#?nMg%pMuHbg~`ULTMPK&cam*Xu!y8GbR^#E~1_R=ZYiWUu$U;
z-vm6pyRi2W^I_Y%s5@ZxTzANlkE6{mxTX3jRd*Ts9DSZ?e8eAOTVoyQzzE<vJMWu_
z_;+<#A$=KC^XI+ik~laB9x`|!Ak!6)E~!waS`bK*K+A8T`aC@HWTVV@i?&aofcfOB
zY&IY`lXF!rZ%6!*(ytDz#rx~_jnA(|Nkfk?M&<}RvtXHzGcFD{&d7T-&cyjlgQqfY
zZcx_pH^X;+s;|EL?)uNvXIIryPT>A-OvwJ<y7^Q4;jMhgTlTJ>OD9gDBZM}IK&Fj@
zsgZcRH`8IlCaq20=Glaa8yZUqAjzZKK*9(P;sb~aV(pX$2m}xtW&VwU2m!u}zOO*?
zF-?VPF7sm4ZhhiC!&fY42?K}G;2d{UX@fm&OSY6iq(zBUryET9;ZXVKD#Sr6l>&JB
zZHhi+mBACW4K@6=Qlx_Hj)mkc-yRLI;Yo?<O6x0kZ-T9%uFL1!3HOgEP$8fxbqQGU
zl1F>C?T@3d_KOmQtpE#r7mM@eX1CADhigq`+t97p_|8Gt9`e|`VQ~yBu!Jy|#fF85
zA>Be#Y1TmvAof60VF8_HG$>e0Ha4L_gb5^uC?K$_VbBUOrUkZ|H&-{*jy=s{JE@3;
z1d0NnQIv(b<}v>S6qcf_>d-`_qC+JMn6y%fOA1JV{j!gv2!Z&Y0H{D$ztGtt42MBl
zqk8NB%9acil$4n(NvSqThFdm*$!w&osfK82DJY96U_kHV0Mx3J4QouxDskJDN@5}+
zEfi2oadSi$WL!&R7MPP-%2X&MQ&KcYeV@irS|WukT-}x*s)o{v6IDQY5xU;=;3+Za
zh<t!O`<n0fzt7Nr5q}D#qEw2CsaKCbTkEgxxN9}_KHW9;{x$8D;Y0=yV2}twlQ5K}
zB(y}NmP!HqwMvWkr=u=#g65$S8A+>WDKu876cmzIZ>{x%)9$xLg+-}JpIewl@|=lJ
z31R)F3ZK7cIu476st@v^{lC2H{Q_IDxd=*>%!Oz)B{3y7oUsy;RHB5!QA+8YMns^}
zxOF+gQKTju(5ekewNlGfElRRAQniyf7a4cfB*JrbxaYd7U!|HgY~5rka1&BUjFBX^
zh_-1dHd^1UwZuVDR1wf9i84e`!a`Zng;k_!Q0)k!E?wIwsB%(Q8zL#n#Sv0tV2~js
zCo%iz2SUQNRF6tZL5}JEwvpTy`soiqC@4#$uCZS%Xb0S5cJTfEFW2@L$VhEO3k?fO
zrJ#QY`7Gog%H}=-&JKSlS6A<wPx-QsA(-3)vHi2DX;!>9E)m&sh~g>LEymGk*xEI9
zU)_4;%Qal2q5U)0YgU@Mo5KPE+zAu)U9xUC{v1v^^$<MxGJZAvja4*}AxxPaLXDOb
zg=<YvwMwKyNx$A*@-n@>cgK4Dzcoq*px-DO6;H7opRrOELekYzsdfllVt_2M4Th|0
zlGJE~85tydj`V9Y62r34<SrOhGWP9<vxYnCV;|p7(f9NClthiH8X|}!5D`d{lp2q}
zVja=FqoenLR)f9z{&(T%8-9cMDKs>xeeO0#AS#py%NFYWmhrdk%er6Qsa)oQ#e+c$
z_Wx>)X*pI}G>|~*p;`D}tM~SQe}fW%2(XEv#W2k(s<KT`kr<g;n3W|Om2}A~Luo1q
z`^Tbw{vUsS|2_V@zPyv)&A0X0e|2F<nS^Osroh6}O20P5;{KbzP;y~tAjaZNQEUVH
ziXg%UYhsK0!Cwzq??0tRN<~IVCKAl036J02_2;r*@9x#>?|$os){iCTvm&puN%}}t
zN~t8P2_g`Q5oqZGU^>}{B4&#$_68nQ;Xqm*2vXOAk57H}?ho$r6-4P8veeb9Q#z8J
zGOWZ&0RA5QBCY2)D$O6%5##skfrLB&9})Wu!bC|dT2@!+;{pSf1_S~SoWnSMZ=9sx
z-dG#qa80fUSRdC&eq-QYqhR~p@AvK)Az_v!QAmV=Ng$F$q(H!+e&g@wP|G==o!j4C
z_WRNO^835%;ehx*x->;JqCZ&d!5}ao)l2iscgB<R7^QmMi-{NeXk%ejNF73o66vIU
zMGtg)7vC~t`a(dkR>h550796Rp(F}IxiFI1z#GgZzyuhm62l^qoMDNDia-cLOlX3T
z%LENkMS+oNX4(L>Lj=~Txti2ktdwC+49m)e)WQgX07Okp0`fv264VNKgCs}_m>~+w
zXh#AK%r>$zoP-i$7>K5vjs_s8oGk=V0@jR3K`d}E*uah?^1H(&m6p^;A{CU0F{R9z
zdW$5iCy#-iEprRi=!bjTw&!>_A?I%L-h13~`FQS5k0~BgiC+%k#E?X{m;ppHmCRAe
zkmhAhB`^X?Zz}ajHBgh3%8E9P6lfx4lCZ#n<RCy4iqaAbp#-69V#SyhQI$!hNl}<*
z3$p=RX#tC3R#a%QhvR=zZ}#S2<R}@e%>|IH?1&U0x$D@dk`IgUl0OORAa++88)R=j
zn8D8j48fp5+hj#DKqYf?!^^io5nnwNjg*SnNSS~(=J?r25V3Z0hrfXHzpK8+F#L@Q
zyXAKI3f@^h@2KTgcFnXl_W>2$xIF6<lPz;WUS#Zdne|iT$j4tx%b=3Yp+sd=DP9*N
zm6_Mb=VSR=r|LTQFBhv&oDNq}>#-*9Jy<e!mn$?e#T`ey%Bo8;t0^i;2;(#N-@U`u
z+rC}P)ot_~cE7C%_XJU*g3qhgc_LFXp6;S%Dktjt{-a2I{ezuX14#sDA6{_3rLC&r
z_sMmlz9H;2kY$n`^>tAvX1e=zeRad_?9AY@orj%`!3>~#KBBMf>%W)7b&7>-=KJh=
zfj=#)?iJ5SejdK>eTUzERX*GM8)$VkO)iC1WreM0eN-%UZHoa9oxyAFRT7Khv|n8+
z!)Y!dM_+x^%qPCDP|o@e59A$S>fU*>o?p)H8k(_RISh|6=4?AYO8d5UZs&b^>uSjF
zyEV(Yt@F&1KG#*Lcho*Rnh}v<ZnGU}HB-B#RkvIlwiTQXgyEljgm~;O)sx`*!@PMb
zp*`zRoh0v5^L=)7pR4He<-cs4`;T=>srTP~H!JJ;WR1U@e|<E(`y-BS&L4K&een8S
zwSil^zq9P2>(=L_s?ekTZIVH^-E2rc>HAiNr|E3??(gZmR@nZbTA6Y+6pqQ;x*}F{
zV#nW-u1ol%MfCj@J|i2cHM;|0Qu4DVtjQUMNh<suFaiufi3Kigek?!<02sKE^Xp{&
zx)@;aUeJi_FRA6u>wxBke0#+93b>P@a=qkuqn6!d;%2b?ap>ccuy&nev0=WAi&)pC
zXHqwVv5MK)Lw$Xts`@>!WLi);*{04Gim?U)G*FWhUUI=^=y(h8DAjP|J-Yh9z>B>m
z1YP5y2|n`_9ru_$Ls8ks+_RuuLGm6m%AKn?a>ft1>-%~1ybxlwT%pxylh}>7WK;+O
z9U(bv&Dd@kHJsjSlo!sCiZLJ&ATdaR6tbN2l`4W!BP7roGzFEeUi2lhyctQ{#1H@x
zm`>YeuGSu72o|yIv%_xz4-b6yXx=N~?k^XQ5P}KM5=8(Bpz2!7Y!Na>l0kqNks_v(
zaRX4{bz4K0(r7twk^{^ZlLCm8KvbHO5~);{V8A#SkwgW80?A=Tw!18-P)1zL2pCIX
z<~+dsTg$GxmDMx^t_E1eEr1bOA#OmCB7y>76p~3Wh&ln-(Z=wSU?CE8AlW7+%4h}-
z5LVY@nV4v@wUlppt!S|%k&%Q+BMBHl{Hj!liEM=DM9fOel%%4tlv34VEV9{Az|kZ$
zn<>W}BqUJ~K=HU*Yxy)P>nX__k_62vw_7GgkfoZ-rUIZ;86t)R!W0oyY`UQvq6Gj=
zjtxjMXGt++8=qMFS~w?nV7>}AW=2dEEvum~>RHag5NNHv!fUW)=WZuimmS|4?O3mz
zg-GijX2Y}OnZxgw&~Txlfj;H(8>4!LUGx*JW^Tp~Biq`h*!z3udgi{JQOVp(&3DZ9
z(p%C_+?5r{t^C{j>80n{9CLPcZ&%&8Z|(YWgOe}sw+K}3?v|>-g&d<|@H);~fg}+u
z6W@43ojjA!c1N@UPXaU$8GcI5=Tb?@=W3J4kw)&J;w{ayr>fXhA)WL!+1jBHYtdQW
zeY_#$PjKC%v`<Z8z_<~;0wMbf1tsHGwvO=~YXh4)CCk@U2McNAUJS}AyU75Y)1`y8
zA?GW)2Oa6$w{E40g%`V*pd5%EAoE^vGZ_@1m_)@8g2V42wv8jIK|-K|O_gaenpTod
z(I0Py_;>~62Y6LfDw@fbA`+DMd5#;taj!=UQL+OBjbRE6)d)jVEI>EchJ|`@g6s=!
zb>Qu6lpX?`jCOE>cFy6vor6-RLSZ$CQuwv5&gl<O+1dl$G@#IO?R$0<6eLYJ9a;cV
z^TMBwcWpfk*DeXMX9D<OpO`0sC(Frf(K4bikmbU-n-dNaWui2ZI%_D)OyR8z$e}Yb
z(#o|Ws;g5pK_9``5E@wmR3BrOnA{!7R{P!`ppXb82g#I?bxxJkH3+K~w6fX(-j;s|
zav<{7s+vHil7Oue?EOvMQ(tS|fE!&TV<LEpYlEo2ef|Ad)T*fpjD<;5%A!Mo$?3el
z^y#16{PH0|MgLLo2loa}l2sEHFi6BnBp32g`>dqh^p-iRji<0bf+ti@zu10fTYWF+
z{q-!=%rL~DO+_+9p-oba0v`bQ<MjPMtNHkG-v4iREb9$xIvk>crhwetZ!Ht(9R#W@
zic->?VMI~bMA^tD%Z~M7wV4xTN+869O+ea!T7CaP`M-hqC$U*XVTP8bnHrN}=iZ&b
ztyc`!-q*U{VVm&N`m^Bpf*-c@RcMi=e#|3@oPuRG%YqP4=bviyWmEi2`j$g%dP?Ed
zQ~P#Dfc!c0Kc0U&{6BpRwkk(Mrz>j6vS<==Qk4u+Ef!qmXp11Zl36LGMHXaQi6oRk
zNDoiZKakn{`xZp#eY$Gw5@)mXFFZEi&&yQ`LWsb&YMU!bRFR^kRE1a|SM&x&_P=$^
z!GAD&F!+6AV}AaR-}mS3vyobrk}6eE_&>jYe{cBa(o{bb&Q<!gAW11ANjg2?IV$1!
zSo<vWryp7{hlC#-m7#&+0Dd0+|9#(|!G8xuK#G+r(2^r%m1$*E8n!p@_8$+=pKsqE
z7w6!59tr2lKK=bc<P}<GrO``MubBeV_{aLok`_{uQc5kRnGY#FM#7^Ni4@oZczSy)
zFYn(!iBKv+L=h-}LLj6;B_c@=-SvKbf4v9Mt`H-<-%WS2_g;bLNKeqJfkjl38Ul!{
zBg<s|?La*-RNj(k=iAIA)d%Qx!0|!O4q|inxLCWDG=21{l8IDQl`09BBCDL@s!E|k
z9hy{$&IJepjm5#u&Pk0fP~=>?XhoHomX&HzW|aW(>~lL`yL$c1vz58KQ5W(jWQ37X
zQ3Mz&si|gYv=c2(7Llf=K5GKxb{AtPqJ^Z0n6pgLl*+s3SCz?&fm=#Ku7J`aSL1S$
zA8hF-%&KKZ6-7}ADpeA2xv$+h_UF*du6v7rx#$~be->$>KCvl<2PPL`LpYR-kvTQ}
z<<GN|X})v!kG0)>_U=EL8ae2wZAAeN!y2js%KGXq;Q>FM9>>1EKzkl{h`b&~$u<rw
zX#yy;41!}!0s|nom?bV(REfd{2_X(b*fAIuV#=@+kqGic0ZE(!k&ujM0kMdqkqp67
zs+9${;sYHLASHnkFe(X*BZAW?ff1D8A|NgSNs%<503mAtM&ni5TR@bec~$^25glrS
z7FJupYmfj`V4T4YLM2&(l8BMaY*uShVNyiO4yr1F%(7Z#6IP*cOo&xwl@-($rKkW1
zD1fZ46NuOyfC_|oF;W3ocRq8`htBQE>=}k<BTCW}EXfo$!J$bgDpDs&I|@o{j<Yg}
zVNsxl0n-#SmlC8_TnM$WxEiIvp(5m3+6PoLq`3s!0#Q+^b?3*5!3|a3Wz5Q>H*|$=
zv;oTc&LaT0Yq~%yTuqhTY`0@#P{e_~?~67rNDvNZNG7fxMSNFBIyvuqjvq<yRd=Kn
z;4I1R=$JOE6*S$SUch>e?y9h53b(hlr;zGIY%T5QZ13T_>dUqDqZD)&3ZtKPAoho@
zkG>r3^J2CoCt#}Vx%B$2SISgl7rrYG$2Yp0Dxc3DXEevwUZ0QD<#kJ~b2qsM^q_SM
z?yJGwmzGyy=L?iKi?3fAtE=qJ=OX0As*d$hrbpLIBp2Uz6TsKQ<hA!3>=!;l&a{*C
z(U?9nj=cKgi)xninGR%=Dm`JpoBQeA)w}oGyY}w=@jLad(|#Twd&l1Qgh+r8BB!*-
z<hdg<?zBrWuPbh-YoWIMgUixQWw!46$juv-7*nhb-aE#62;&kzuMPNY@SS=4Z=HVn
zKZ`QXi>d6z%du#+uX&0(eOJy`SUWFj7kZx&F}`(2ce4W;2X>d5%<R@Yz2&GgRz1<-
zzHER^fsjYg4f{<)B3c3V_0vusRlMY@yEoc3^@WqUxgBIja^{U%vQkv?@dIvLl<F)4
z*g~B1bUhmdU3<_7WO0*hn0Ci<!hR~9;_={8wo;CbYKp9>2u%uT4lTqc%A#NquMX9w
z)u!FKh$s;SF^C8p41&26a0C<-f`}oA26pJBl=~!R7-O6V0YK~kXF^E3M)D~+qq74S
zC`NAuUp5opuTNRH^c2!RaG@fCg5!M=3Msy*s8RMWhttz{oNq)CHzI@~>UVb+cM1|H
zc%GhlaNc?IJy)OtihM;hi-7NkC2_~jxNhJ+3Fb%P8b0^caL;Z~gccE4MV4Oqca?c~
zOeB&JB+8#X;k1Q47q>moqr`VbcAU2y^LKBhd197@`t<ScyM#^D$7)qebP+-hfI@{N
z0U(e;B<O)!1pu+o&t?tmrW`#&jp@3|zRd1&E?icc-+P}94sRYKTXKzcyR2B6%H~$}
zi;pze*?Ya3kj?FGs@ZP#<BMvR$ub<tCRBREf35xW?&{t9?cMu#e)^@$uZDde&w8Dr
z57W!RB8RqA4ahX>e~FK!5QgsqN#)=K33y1oI*kbhn`9Hf_)+T=$2xbtqnS5$FfhWP
zf;<a)#^|L%Ct`?na9)5&A0#0GaR@9yau&LUFKBQDP$U+BNd-_X0Id=YMzNYCd(d;a
z3Ov4X;l4zCNc_?Dknsp6HdtW~X^1_3_X{riQCU7x(6ZDE7LaZA1Ya<-NDG8Ry5xhL
zb%>md*enx{;;O+PNe-m3=y@PxTa=4{8V(&)!R`0G?>`p8o`fA%l%Uun-eC7}<E#+7
znAws9A-0Ajy2jdfJf9uj^_(_pwCR?SJZMb#ISx@$s;a4ilrYIdQsh)s87631Pj!BW
zn@+6N<owS3u3h;rJ@#;4SbQ`;!S8<kW2$s2i>)mV{KJ<kj33K!7uX!}#{ZOuz>HmD
z{9k~N?f*Ii-`(|;U+hFSM5=92yXgM^Z`=3d{r!Dj@5k%!>!;@5f?z*~(n!@%q2LX3
zKoXFHXe#A%Yx~M(s6Au(f$kr592@AXhTp>DxjiY7ol8}cDkP=_8qsQH6p|*ZLPJvy
z6{K}dO)V8F6%B#f*33R2{*cc*_x0C!hh#KQe(yc{w|>vrxA0HhG|No73sDe+3^@{~
zUWA<NWdk40yB>bOTp!QW<a$H#V^3HcUlmSy!1_^e^Xi166cQ<tNSZ|ceSQ7>AAaw?
z`M+uVy8Oz=f2!I0-pZ9kDyk9~fYV6_IcH*Ee^et4MEJL5Qg~ftV8nyfMEhTmKOVko
z11;B}e+TzTMN=eYN+h9d%+R93EG1NmB!Z*8l{@w+{O+yCm``uzM|yj?0zmHg58(p|
zGD3?8ppaDV*e45&1;42R{;|K*6c*7;i2?&yW(GJPb2FF>e!pK2;lF0lkLZ6tNem4|
znubJ5@FgNi?`FDbUJu|sds#%YKa5zh47~64?-b8>UkE?dHb_FMGO9@>c+nw25s4;>
zi(<E2xAsh+6VwmEMGFTZ_y|{}aX{0g_MxTbzQrJ-Y*0oDB4kFQ0E#g-zj?g*_toR)
zUA<QIe5|kU>7E_#`P?k|SP~LR2oRBEBp!8Bcb=R3&pm1S<?B@|z41t0^+oLiue_=8
z!$<0pGDb2oLI6l45=RWx@M6arbg&FE|2eY%I1mq&7g)vU9DTbVx(N^HAmG7)ipTmq
zK}ydPsCfDxt4HeB^pK25$U-DY$sr@*kU2X4b2H!V?+?8`;j>ilpLbpLcK7GMSM8y(
z6_QH7no&hjdr>Ho=%^5K<<d;k9%#+Pwc-@F(5V*^$`V3W(J!5S{#om5?~k58o-O=P
zl8FjP2Kslv%l-WES-l9slg{f<&w$W82q1uBYNq}W!VT|<sd2{T&N;#YC86r)&2K!<
zoQ+*+xweTy1ZzsC%A$juUvw9k0!Ut8o!~#Sli2SMQ1KhdcVQGm)X<4Md59Awf)gFf
zKopuP3}Yx96{kyh3Kga+7|1C)E6R{o5n?zi%(rh<+utEhafx${=&s)LYtKFM9YvyM
zwXJCgM2JAt83fj`u$m}x9$UTdd(FL3$>&jdS@+QCg9zX$2&rBODz+8^G*GBG91=?s
zAsh)X#t1-!1aiQE4ohGoF%Vr8ljYVu5Ybo<IJw8DzABQCw7JYA*+!aFqRJzc5s-4Q
z*k}|gEwqH~Dk6zQG)$Bv3#C!iFpZMTBO(F|0T4>*sw_DrG-l4Q5j4q)glZWR>^^w@
z{O<mIqJIDeupSP#Uw~nkZ#G~)ql2X??+l&@k*l*ed<J_61QL8@sMfD7fp=yM+hf=~
z0zJ25d5slT>?|$Tl-Mt^&m?l~s})E)+6G}vr1|8E&C=VJ%gHx!{?zX;nKt(2;}M+|
zKnlfMi#vAGvp|Z>qfFBHQ)r$X;llCp`!4kDcipzU$IkwQL2uW)%<7*HgR-7CcE{8|
zZs7!Y=W5dLQObbU{3j09PzsJJ&<C0gW|UGh;rZ!3$6ExQgSKdlO{zaC%5l)j6L33Q
zS9`oxt?=1Gx9!?T?~di<>4D|My<piN3|4-*mM48CyvMrRM%!#Y--?yH6Z^LEWor7b
z4RA|BB97Y6t=lC(zkK{ha@o=(FXyIOScowrQg`dKOD^bd%DMXu2`i20S=U3Unt8bM
zK8bU@_;mVs+{7U>Mdw5O<^5;BduOWd{pBd~>IqU`DvZ`XX%o5Us2`0}r2fi<_up&o
zi8ZW}L@VXvvRG1|r|Z@}O7`jvt&2BxqH=8Qh7ne^)8Ad*?VaBDL?D}U19@G>>jogN
z7hcPo$u91bH0E{oRJ*zNefLQuzWcX#e%<?vpGjM}Na4C)Zr!?D%1V=^xm>5U?6FC%
z_Ws!~Nw4WFesg1{b(XTt4ktd{{oUN#Wmw+Fe%RE~%u&oB?N{PdpLcQwCc!7%=3L-0
z4JF4h$A+77oGOj1yOn|LzzD$rf)NNTJo7xvn$=dRB-G!QX0^?w?)j&DYFUZh9<4ip
zVb!wyg<xZiiy$8)YLLyq<HZ+iRhn!pFsT?iF1EdoL)TRA+qgrgzTWCx!;V)vf;m-A
z?GQ9=)Tz%J0{|h(GPkcRDlXu{iCVufG86%iCINa9!oCHvV$R-qOti17Ios4R<%y7_
ziro{bb#-eQbcU|($h&7VUUcnDm_xa%*6_aQbR!5M1cCrWV5AlaW$>7|rQKCnH=-$!
zk`}9MvRd#45Db%yVGOiU0gMb{3o<toZMNHO1_*4KfI$F?78}rL7LB$@TS0p-Te)zi
z@)$N%5*ZQig+~GBtLKBl=yXDX=H7UuJhdf2qeFn`NSZNYWh?}e#e}#jz8LUwJ0pZl
zj@jOKmtEV26gbjIK=G1C&ty=-;Q<0Eh@_NlxFaVKB!vlJ7Nilm258?78|>!z`(WMo
zRN!TbA}ETPl(mK%RVyhn(%~9Drc1B5@|e;QxRFek5>3dIOhCiM7=s`XHVSMM%Ze6)
z2&mIgwn2p!VobP-^)8mhu~9$O#-DgGV~20X`$8J@Eh>?=_c1KXK-NPhW1l<u4Xoqe
zS5?;RvPFsuVa|^)>6NAZ_N(|bP+46{AyZ9e>V5WSvxe_`ee>YYWz~IdrK5N}5fIXQ
zAd51p(Pw1L%rmQ(6&yWNE=Z4eNsQ)o_EcADecyf3NiV+b-QTx<=Oz79zT4veA^HX4
zAEzVRF_3|1jTOWm&%b^QSsRWA)meUMGCm=(rC~#K+geStj<W9v%FPfdEF?ti)xu?^
zN5=G3H^HRP=GiL*2?Jz)lhwWRhGY84FQg_8$@d=yJcW}Oo_^jtzJtPw<#l&m1llZ3
z8?zrFl&WejTfWDKb8djr^6)Gvb+V4uTqmA54wN2<!KQfmI|F|1Z*(*k+V8fu=Fci2
z`$xeMPEvn>NyA3OY*?~cl@P+(BWWVojT-<!5N(S`J}*BnUN0T^`}eQSZIS_)lwipt
z{q^4<Z+f&W%dwi2Hw+KSL_GUU`=fbIa{m~@F^rIsNhJJkbj@-1XO%uHpB<2rNJ8u4
z0nj_kD?cJAl$!3aaH}I-LYkv_bEs&dr6v3L^#Ki#P}tuq&DY=Oubq3k@y}jAous`N
z%Hj76`HYf6NeKqMG+EDk_zyIi9uyZ7IYHy64B4!#v<=;jq{c6KBl#p52?+v7Zv6c}
z2kWfzInfUKNJvPJC%;C!R1_ajSkXa^eV7JgzP5VqonAY&*PUNiE?;@}B8Y=x+Y=(w
zEu%@aCMqqUFj^|P*XNJpU%2PD$Iq2o=h~_gn1DbLt3`Kw0Cv^q*q%6qYi02m6#$2*
z2R^mln{N-hb%fJ0NCuF6e|^t0kM8-5#vNYo>evAA{PZLO2qc0`gh7V^AI_W#Jbn8(
zYkVdq<pd8ia=bTlU0%13<JaB3Vj@W>q$45b_pN08_w94qquyrfyra-W`KciiMlwhu
zd{GK%Nd7A9+zj!cw^w0#XLjDdo_u-d@0Suy1Q{?%B$=;kyS^7E#n<g$x8FoXRX+Ma
zkbwjJm9AxKjkRdj)SFt^+LG4QqiUk8YSdP=WVRJ;0NJf7*(TLe2!Vjgh2&qz9=GAY
zRqPXl6VJXm_m{|-nv6pvN=OkTgpq_HBw9W^+}W<)vs2D~t!lg5>))E&v})8un_ESM
zj9SYvO3Z}K8&<_A%%TOfmc&*|Y?`oDlG>>(l4`P9EJdn=YSyC_uvUF*2#8=1ZGKl5
z3Na=`n_QOMCKWP*gGOc~$~f6}8G@qLQmP`<=PQcVMA-#1BvEa!xY$z|Q*5}vrooa!
zDuz=i3$bQ{F^Fi!(UGE-11VHa0I0Sw&9rT3wUXM#)=g|`%@9y)Y@mG!3G=^wr||Lv
zoc{C^#cuVvT=~B5e9yFqrUX((Pu0&o@9MMdd(U=k?9F!@Jw_2y5Lik}Nk%r(Ce<YT
zpkWIYjgmA*v9%}XJ$vdMiTCq+e5?XbZqGaAy5E#rcl*8xa_F}Reu+DZv04BS&}cgd
z6&9fl<FE?=xMmDuswftzGbT1=K{^0nR`CW%rdL9_48m*|20)lh<XDLe$%bQ=30RT@
z4q%nJTM*_IUS=Y}KoF8A3Ro>*D-ocV9Bxb?gpG00RuK&s0C>eBlp2c>0zz9B2p$B2
z!7*TPBn*hGB%CHNoK9Dkw<vQm0YW4w2mv->fB_In$CO-_0L~#+21^7M!h&FS*9sE0
z$`If#h6-500yvFIT7n{FNg(i(Xh2mM20&O0nh-D|2rgIwmBJ!aA`k@Oq!n!-v6Rr_
zkbtNOk^#aY4H)-|`oTh^N+RTlMaYVaAr3@kMJdLmWR@hRObwL<SVGevBd2B1qaiU+
zs5@F#EJhs*g$yK{1sW4pc5?)-%WM=%unyT7sYN1=zmc}<y)f^erae5*z3M#KzTI>m
zQz@?pPW%pUlw3M%k9E%u9msj++cp4Qfz!P_%kTsc*~{lpIst<|=Fe_Qh5^%iACqbr
z==TbA{TdR7wismee0|~F+MeG&C*BYX?WiVvPUUXu{nrOA`&DheLH*on4~K3tehRB?
z@)r`yOSxy=lnM+`pMCMJtUq_i+qFC24~UCWd%qc|b3J@i$9a1`7e(cDSsCc@XzoSz
zrP<D|9qRX5$*4(`zSPmZ)sve=<?Vgjv2&V%<5>*bA7VStX#HcbTLpJ3?r)yVtjW8%
zs{Z=)oloqqyX1Sj=<k<x+|0=SlcbVN`L^HB?~aT+zg0&`!l^EgMc4!q1O#G1Spw^t
z?@P-#v-Stz57E#?_tqZJiL-8z!KJ!y8pg-;>+EQS!*GC@;|==)^z*y$nTXtCmEn18
zVy&yk7?#--sjQi?vVk?C_>gNtUUk$?&BME}_bP35EI4>@%^U+WSZAU@W+l4@#6d+O
zfeTKA#3YypqtP<1kP!_q#N#`^3+3;8{PvWX^=ZA`l*^?nfiJPcO9pJ>eM$rC*L!-c
z6l+bJVUlc8%8Y4B+F7GX8&}J#-=nKtL7quN2pa=xkclL+!O5-cyu8A}MA5m7fJp$7
zGaUtjLDej-+bkF$Xkdb#Z#8#Uil|j^ySf!k5XRSdHynJ$4)f=&LXXIN9^$wF*!W}N
z;lY9P(zqc9hAv)*f)ik&jBjx7K1`5%cZYXEB7BF<>4G8i!j*kjd4Ti|^c3(B4>EWM
zlvHdVpFM`SJKt*KxnpAx3EVIREE@tK0h@;7V+{}%$O>+^nykCc0;Y&4QbABYxnp1{
zV;Ik?1`XbMHwH1!O}4@~Hat`VO5hC+!M<TrVBVPy6K$sQyST<O)h5{2qZk0^=c9H^
z2!=D@!JG(8D=`aq&Te&6$Fex9j6~o&!SL@p$+{e4!7$2}$AgX>Xyxxb?<>zd<qlm8
zD3AmQ8JE+5z4zO@ybMBYZ@)UO3<P{u6rneHyPDRuvjGr7h#?3mvtWjiHL#i)fB-O{
zP|!dg5+s*okv7;jBy+pnCT^%NA>s9De;oB2+^@;ssn{WRv4}hNylRc<`bq0x5`DpW
zqi*?h>QbEpha~QKn9f#S9i-B&>YK>-bdLFVUChjn={iXy&zo)h{`y2OzWK7d8)5u@
z$@YA^<<kx?I|Ny<J|BJGSA`#HUPKZz#@9kuY=H2*rLbmZ0F(M=W(8CLW>;dVkry*A
zbd+yXT$FQHcVG%{US<exw`D`iyUQ-hiV~?_=2e_-FNh&?=Dzj-eB-Hk4Fa;rB;jKl
zp$+uinVPz)UBp6GSQS(#NUE1BGSo&vY6?uu){#!if+?^&cA!;KBdVbXGVDaEpcw&7
zh&2!zh&*7UP*<|Eb|}iA7j;Mhb31l~fF40BRI(z-AUdsEm@W1I^Dz;CWZ0aaA29R@
zc@!NyY~aJV3D2)lN3MmS2S7k$Rc3G04&C~+#yku;Ry7X~UN^0hJTQ-VBS>oLZuW-r
zcbw239v*iK!ngndTBHOnp-3uj4x_Da$C#6w0?6jIlCkrCS|gAVkwK9J?`c%>3O5l?
z3%durE=g<<HL%?a^|Y#i3AXov#=HjazuS7SVo+rf8JURczI*RW$?qDw-FCU7eG!Bd
zBqRlqkt~EnR%leUDN!U1Sv9d5&{d)}Nmh()`nVE7Od+gRjj?QzvozF{15s346^Rg#
z5=6*8vHTmNk^!ZBC_K$wbiH-DuS)!{e+;4#HV~Rb^t{~nKV3=YviqVxr+Y8K6C{X|
z5hZ8?Y#M<e&;b-11`P&bgIf_<D<x<xtp=?nS_@Cmq%##_&{hhKBxH!u7y{VX*tBhE
z!bk}q!buR(=CD6%h@R4ZiR4T?^?3b#?1&hQ0U}HhkR%BLA8$S9pQ|e>wq@q?CUhT1
z#u3P(j$DbqPs$6X+y{2wpM8(C@HPc~S1xN{@6b%Yq2c)a6sm1X{QVL@FO!~1_i(J|
zb2BTO==@Yekfc9;yBHM%g0PlW3mYvp4L+yu*}3E-C^H&kA|W4p{m*xwUVcBFT=nU6
z?)T%zzrQz!zsMp53&qXbZ*@&3mIcK2CUS#TJvL0XyF2R(_>w^+Aqf<a^Urt5?7eW=
zgqzpiRd{{avJx^rGjaRvUF9L<6y8^X3j5zF@L_e!?na=gHi)7&NYSip38JGKLqtY`
z9%TA!ckcDm(C1E@=h>RWXP_KVehDCnK!aD8rM@?%)$^{k=Y3r3&ixN=_yP!LeeqyO
z$r%|ZuYRu!<lWs>$(`4l^SRF7v;g`+gcuM$k|dH9V;Lr{=D%0YZPn+SU$)PiKbvcp
zk3RQbcHTMT?{Xm-CSsI~goO7u``+*4m-yDp3*U1&H+Q4)1|%UQAwH+HQ~Lsn5QPXq
zzM)kYo$tF>&)ao>AxwybM}NH6j(+id_Q^JAy6*Fchp>cUB#=TUxX^s!31I@)Beh81
zAw(i=19lvQ@=zbSvxhK|3svAor06RxXd@sPEFnQX?jArR!ZdewUhMjJjy&;w?80e0
z5SHb*q_6{Jk%$u{2bRlKCNRMv2$%$dT%|ZzaTX9pGHpW}&v@Yh!gqOl=;pKU7Z9Tr
z>chs6gaBBv!CVx$4lrY7f(uBPg2o&n!)ag#AZr>4i!ve`3jl`s6kZAEM?NHq9Cy8r
zqsaE;@!f^m5J1;hB_)E8i!Qb*!&q__DFU>sF$V@RE;JY-I1IM5NpMC5wX(?$2tg)f
z!qz-^u+&^H9FG79^UgiI#o^uH`p}F-wAx&a6DdPd#F&Z-CRL+BCSshXP-!R?XDsG(
zEF>+ou7r}x!)72sR2(8;O^{I{Bm}IAK%r!GD><B-m^isjFxi^s3zrz1G{8uel19Sc
zo(TUBo%MYB+4I7nHvOc{((gy!0$(p#Qm#C%<>B4rbYTU*JH2=^b5+fzDShqWMu7l#
ze6DV8Z&yeP8&Vvc2n-<5Wjf_0QaOMQXbzr`)XX-BOE%8;+}?|{-ucN&x4E&{CJIZh
zvv3-$E}ciX$c(G#o~QS(t@$rIGQ!{XoyY6lO!NH*+<CC+GRPU@uI159M)v-xF7=D-
z4B?`06z4<fW8@>Q`Bf9yu^psEj2OzR2z_~$?e2<Om#6Kn;gxkOzWar0H@$5}P8{q{
zC!dOdq4Di5zWHqLL}wZxj6|@Hl`wsioi&uaX)Ud#X3dfH?IZWp_q#H+ch@pkmECR~
zrbs0#6_hAteewED%QW{K%f&3egFT2>SKIf<W%8Tzgix19*uK3t!2G;;D8E@C?W|Hr
z_#{X<uLYuRw!LtvRaa%wycMM@!sp7Td<fq8-yzla*IG}=3LyMzC1LNBHz{4#wK`7k
ztM8t62<p_;GauWy;rjEL3n`sj(+^v^y!mzOlWD!*zMH}Kc4m0m@;`l9h#0D}<$AMy
zu~w>H)HXkwaHKgeq6xMsi}JQn#AYf<tOPVon<~hdyX*{nR%)nR)wbdjsc|XMw?*EH
zpnfCh>885oXWiNMt?oy=yY9U?F664IzkT%X=_k&2cXxN)@p4MM%(t1JIZH|Vy4y@&
zRc2Lf?q?@QJGRv(+sSl8_3iEVPs?B0trOAIjaSySbZOn2*L$stH8(9syKdO0Giu%&
zY~q{pb#08fA|OCc5R4<kxsC>sbBKE9JLT2t_1~`enz(BvXqJjuH7%uys}^cCCpqiy
zBiCmK<E4dJ-C__cW5aFtJXNt`PwB99!)|l-gJ*GWLP-V#zTtB#y3pI8&Vz%n<%mGL
zNT(Fs%FT&|QtP`C7JE8X)kOv;EGp<*?7Y`wI~Qn59AHp>M?k<q1QXyqd=pBCPTL@}
z8oNF=R~5irg>qDDbR3ncOJn30F0Yhs8kYly*=WI}(n!~nHOOf@hCUfxbQ86?1eb74
ztD{HDbC*eVijJR0RD2j95&*Ljn4(n%D>h+`NoJ^~EZV(z>yBqlG@7I?y5`&Y6QrC9
zDbUFfM3M-H)<-0ao;NSuvyer}hg_rJ-rq^*HstZ?uzig!w>>euWn>6VQpj-^t0vd2
zvqr{Da`2B3^P-VNpE)Fs5EKUY-s{-4?YeZ5SW9naw#wfsl}+e}tLKwR>+iRBca+q+
zMFU=O-QCZj=PvO*6LP!2NH_u{<QNDpv4J!LAWHs~pcJ<Il;wR_;<XDo@=B9!yy~s6
zq2jmz?yAN$@@eHq-kO&HAD;=E9;=KVY+~*j3~Z{aj`o@$`u8s!W8ZIj?v345jphS;
z3QDTu%J<d}tKWOfd+cqo>bo03t!Op24Xr_~SuM7LW8I2Z*l2yGccZyo^7*;$j-p8_
z_vfB@-RF|{Z9<Ecs=4rLiM2~2k)mTrq7ejwNnm6^knO%6`R|^1`iGrWRa3}KN~)?$
zOXf8Sd*Kr=O4QV<s;aM*QmVESUc*K+<?(u+qu`^w@|u?_z1?-xzYK(mY;5>U*p+Fe
zUcv*ggo;=wQwD-+uz=`nWcTO4JHyM)pA#M=-B?nD9Yn%T8yab(NvS2DRe1`GvnoXD
z;Q2`02pCDiQb>w;6*bq_cf;pbT`PrC!QOpeNp;DL1gfHHNGR?SDvu<J3vxvUa<?a*
zrQWNg=498)RXJY<53ip)GMdnI5)Tk{T`j$>6g3io2a9z_A#fD|Vv<%#QbaNcn$l0F
zMh!Y{*S_ASJr6zI=hfygUnZ$*6CkBf*=nhQgj7iiT(duZc?b4H)eurzskSH#2r?XP
zBpVDc7zYB4!mF+fP(euql%h_w4OA0StvORkVnCKyK?xLvh(#@Yg!{$gVTKp3EA5}V
zgW=m3=zT08_m@vi5_O!#cC~kT-%M!>9}COTTUKc8%<IW7HPt$1{;J-TWz#pGDD&v+
zChy-(=k;$w1#XLOXLfIWhB;3!4m#z3ZqJ{@9G5FRTGu%zi%#X(_^x*5K3m*7x@~E`
zyY8b^+xOo|-6Z+W?(XjUzJXl$;QO>*27bzubc0$OmRJp_J|7GSqH+z}tt|T~UXcx5
z`me7!PQ89So>o4J4z1;5ip?Mi0Tg|4vP5stH$Q6oaXs`(vRg=p5F}A8`31YN5)r|M
z6!a7+sbeRCPEhs7duQLB>GB2j__e$lHr`bWkpR1;9TN94Z!SoHY@S0=L8X{82_y?b
z5Oa7Tv0`g7kx4m1=Xd9oShmr%qiu_7Hmq&5xL%{E^(6Ux-4>VU&p8zlA1@-MyJ0P?
zBt(%8xo8Qblp@4QB+uc}oIX7Dd?{6GRS%SH^gi@_6S`C7cb(o=P}_IXcV(%5Afh79
zaNrnX0TyUWJ5iw`WqJ$jAjh?FoVQWld)7ov!n!DsuX+-6bci<CCkX*6dGwEtl+fWU
zDMQ4yu{P!EtB^#|l!L>CHxx>}-lC1gMovK;!~*h!c`KDUc4`}~<{Tr-HpESZp}WX&
z?pLux*?W&$z;8qwZ6VUcmpr6wCy3tA&C${q*)1DZTqCM`-rgGd?)BpNeo{>v6l_{B
zQKXD*6wF}OHuKlM`kuYLZ+&yW9KE6>fY59KMA}Vc$+k;bGKjGxRFy;qp(0oAVYPz=
z6C)TvVuF@73XNeD8Y&G0-_MsdOK_y0QBeK&g{Hzkz4^~7kKECJp(K%v#1cRQG0z@+
zzJ30A^K<WCefsmyx7%vZ&;X&0Ykwu{oAu``=EnXam+c<@-<mVbt3EDCB!Ec>!bu|t
zNN@K!UT~_^t{Z(K9Rwdti4qb5I#?dSgt8isPEu*Ad`;4{j64^J^!*pT&^bHogk&Ql
z7!VLh+GBE!{ac7%<<w*l#(Mgk01pZ9Fo=t78+G%We<!(D?e_Is#~QueQbi(c%)|@^
zQpm<a5=kQ=hIy{b_Em3E^FE)yZnwD$pKEP?>sf@7kx4DB(yyNRXQp}fgXnEE(NSRp
zft~n5cfbq><-re=fe1vBF@z6zoYySPkjDM}d%VkSL92e;h?X|gYK)tK)&<$(6<|ZX
zx5ylcqJZ<*61d~Neci^9p(1H!`}6hR9=~<hd-}^J_+<8B;0k@%#zGQ8D7}ZmdzLWg
zLDThZ#5$WuNWugd1)hbQpJ&?h?DCGj2zWq*6oeKKVFzEhQZ#K5v}|K*({4#{?S}H3
z4=62f$=o#)UuU*@Ng*U8i82h#q!0{<qXbT2oUbsN`&-ej;q=P;Wx2iHbUi*OgqWd7
z6hITb_x8H47w&VveQTKt&`S6lD91fXaN>0Yo3n`TOx<53nqiR4NFu`b&py9+?|!0=
zXVvZVeBSi|_=J)H0!bu;1I<}ZT+E9wX&ZvCyu@Um#4-6>OE9S?+a5W=f$>Mj$8sq%
z<CIE#X}D1=GYidW%p@X1BO?ql@<5KA3pX9m@Q&lVo^+nccsD{oI8ZgB@+O6Jsxrw~
zu9JrX78W7MT!D%KL=3`FY_V7n#8gJSkeEGg+VWHpJF2ju&Pz6Z_so0g?p!)JJC#@?
zEj{9P^6*a4%Ez}ao_lbddF$dTyPC^~b2Gvmv{3;N0CNZkiet5<S-F-7aR8Q2JUmQ$
z;qEJ3ZyY*ZL#|*w<FSlkWO#`qBc==@0thu!<~FIK%ZvsIEQ%AeF{Z^R!+{Zt1u8Qh
zA5+c_PQt3mXF%j2sw9<DGE7uf+CqZXAh6md1WFdjDrSmBhh%A65vBnI(HIz_3=F$E
z#hMb8N{S}VB+f>}8&1wzg{ct=h^pMlT}!<4-dQA&gdrp(l1W=ZIjg!k+BR@AY@>r2
z?rXi$o^M=c&TnI+vaubAN&{T;j-MS<t$+xK>$NZ;$cXq101th3@`8kgDqGMR>x(P6
zN!MG4r+4K-#|`Z{MuGTf+9582uFn0TeN!#qL%!ZWV;>@?%G_2a?GAI_PD(v&{nJqL
zM)O5Kn;r6x@uGFFW3}6vdA;}4nZpzKi`p>!0zy!yy)x(1QV~5yy034O(_JFG4Ca0J
zUen*Kl3~feb}gMU_wTlE-SeBjFT0%Q-PQH$x=VDKcawak6PW(HYc~z*_h$UNpIDW(
z$bD|rud{W-y~De{`l?AKRZaWvr*}y{`*(MDckhwY%eq?4w}7Mo7JMj_fD{NHcwCy)
zn`3B!sWE0o7}U+EAjK3&tl3n8vovI}QEY9T^Lo7V-<!?zgN-xyZ`=`Vga{%8&d^q9
zjWkx-^C!R?4tD69a)w}AmzBJ>5=9=DFJ{L&n9AiS?0t4ysgm00>h191(J*zS_yu<*
zrY@_yZFWJUrEO!oR{IhstwBN&@XpM!T1W&KjDZMhRneYhvI6;&)4|3xc}tuS)dxIu
z2lvq}9o&_9GmT8XHy<}Z?s6uKn6kDDp^iqYIp1Ep`8_;ca^4Y2ZJ5T)jh1Ags$kiY
z*Czy<&F=9o1I&szQEl&W-QQuyKS0oU2Xa+7MjQm3Es`^VT({iZj+<dT0N^hvkdKd4
zs;k2fh7X6nd+%M|5giF*gn|haQG@CU8j(v7f&eGlQhz$<c*%EO-1rg#AiTyXf$0D)
z)WC)qb7&+g_@y+Q4J}PRM1%>}l0&l?v@<(fmf9$qNhFXo0H`eKOLf$ffZ#xe4jeGZ
zfs$5Ept5R7B6Avuq{&2_d4fP;1^{F2p_ZGL5=kVIN*SSoC=Ugmg*Wo_);*yIs^3qZ
z;#aAXRq_UbN9I1s=9OUuUdHfD58A-P0pY|S3DYyd_#cO;_!Tvgy<1A|YLmdE7#MTR
zGqkkCv4Ft<qEJAL2oOb7`7Mjb?VG#BvxH@Lf{39cljToAs?Ry2apJi7Gq;;DZ0VQ3
zpKRZ|=Qn;|cWt`g745NDfcXRl0r%94JAY9<xpB+Zw`;g;`|AZ|5rHbNx9Qt5_HH#n
zyROS|zB}AIyYH%`l2ugSzWR4`lkc~8cXxjK;Y)jd`vv`+$JMNlvW{=xdoZFRe$vqp
zr9PK}55Oc&LLYukzPg&kRA>@fSL*HEtlx`-oez$XgLCgE?(*#TQX+jmn}8nc#Cctt
zjV<vDS_@}HJ6^CzYP6G-Y1>*Lx4T88klH|Mfua=HpgXK}q!LN!(5FN*>oa=q!u+N7
zFCdrfrL6b0_O;vM>hFW}pIRWIm17{NG)gN*=^!0OO{k{OfmvAvjT%h49xb9&@@&&x
z+7pQw0npS*5=bhr^#)tiR>*y#Llq}lN+ldGt9yiyl961E$j*&>w1s_b;{1{TKrjel
zCy!qJef8_Uuf88TzE_?41PlziTbo|fs}3K$O%i@iQ@@dvbHnuB`OlIOk})9?MlwfS
zzs1+QIp>aEYa!rz6iFmWB!o9AFR^MJgN6ulIr{s4XU947Tk4A@O_0VSHa0UdS|}?K
zLWZ#xiwGEkh%szxDR=7eeDi$w`t_^7JoWdVcDAp~5R(>U$VkZo3Z5RVmUz)nbDJAe
z5!g^u#{w1>8$83PC6FX{)~s>ZpF%<;2?9WbBNM_KJI5=W*1o#dW?_6mUtq!nVk_`b
z<hbi7yr)oH=Pw-ny0zo%^L$q~tA1=@N+`m@MoI3SZ+>cf^<Q&SmG%NB(UK65RTVLc
z`rm<GXVC3dA;P|wck6BEzZbo49oH><_pA0ynn;3K8M8O5s-2&AKGx<F-Rq@s75Xwl
z5Rs6Ay-o>Xew0W`T3KBJ%DSXuM0vQeY+GNSje?Iu_Npr25in{nQke`<V%Q@Lqa+0Z
zV`SMsb@$KjpM2l9Up)Kw&aG<wZKM%Qkf4%4LR2>rq4cO2!SV-KOotP?nOm>SP>GQ?
zX7A`+{d)V)-#%Vx2jWNsVIl(t&9qc}RfF)Y@wA{IZ$yDXtTQle=MQ_lG={uWr|FVR
z!Ay!3F_SL+y?1r*zMlDW_phD#=XG0sGGP$OHHRzXbdCCrG{aed-hz<2){ynyFqjmS
zu3j1?hr|g8z>y$H4SiWY=3V>UdwTm^<!@x?0S`zjeFjJn5<ySB8#Kw{2X@SMn%!%@
zZNS+I3P&%eeRhq{$MkUL-r!-p@Qi#>eMlt)#c`2CW}J|WAW#+oCIEnfGD{fjU|5Nv
zl?hE#O#p-ep&;;)NT)HJEyxxc62VM30g=F<NU?IIq79IMOU!V@Bxb1%RCReADzgfy
zLJ>qeaMfc%;h`Wy!Vm-pW6uV0dFLD=UKcJOA~<>HI9@z*NsQZLMrF)6h)GF{Aq3(w
z(E})x1|wU5NI@VHFuasZ7>pvPCI}V7gRgk-_qb_`Y-iKX#(ZEQ;|(o}UI11>sxIpF
zWkH&_6j){60-bqqVvUHh9FYP}5^|Cj0SJ<@lJ~LB-O(gkT9{_bL?X+jky>nFjZ+F5
z%M#>C49u|Fg=!UqT~;P-VK*zBE@aCVOC_Uf8)dk_vawNAxIkGlg^~zxt`iBQhCy*>
zCK5_(L>7^AR<o)HGCBU^V;dU>{J1q+ZQbf*&?cr#F{CLZNC`}lL@_AFLrEkV4IoV^
zLnIjzva?8Ll2NHC2}Ug_vYHDOB5AWL768$r$+KG`n>5126^S%av4l$$nNc$|Ow(m1
zN;6W1EQKTqCS+#RNt+nNXvTv;Xd0PqWeAf^NeL=aNm5j@$w?_$Ga7(QOCdIBsMLZ?
zwi1lS&8V9i!(gL9N>Um{Aw)q%6qy<(4OnXuFp6x(W{F{C5K4^5%}81#QfQe>HkoZE
z1`1?A(pj=2M5&N8(@ivB(Xo=MDNKb^DrqxGNQts6*2t`z8dE5eW{WfhO;lS8XlBz*
z5LRUkr9)I$v4op6B{rC<N<vB-D3YZj%{E1wBFijIq-M&RnQ0qRC6tzs8feX?rj$@r
znG;kgX=$2L%@9ekNRuL1*+5fLqfJsQ+C-+BiDfAoQkx`^rj<1!%}QycDA6r~qG+Wn
zFky^rm@$l0RMJhdY9hsrDH_UAv8cw2B@sq~N{m`IlW8_B6)-gfWHf6gjT8yAA!B1q
zsIf(al$v6jQy8(aGNx4-62+p{BUUj<Or)b4kb){RGFnEIV`)QR$YvE5ETmY1HZde>
zgrLzHF{un<#TqD$t0ikCQbvMM%1N<Fl_5x2vQ>pMNg1L^n@b{8O2ESrB}8HqS(rp&
zB1kZk_~g64tM4yG-tzxvy~>=M*L#zORiDbSVM|HX&u=Alitg9CAzYyXxaDaRb71Tu
zvh{^GsjSXX?-zG;VcYdJBhL>XCUh0w9c2AYrC#O0U<?xv4wCTJ%A@JprAvCaXIj2p
z4MEd3w+D8|cdw#SbKc|HqtM<%RW<OH$`PWotzaQvxQ^nzy^h7<g2mn*0<1ixf;QJH
zG<t1`&mElCHvzsl(z;;XjDC2=dniGG&tWf08ig}_t#NpRu_#{n4*|ADjaj@!9X5Bw
zMkNmGj*`+5IqT`$T6Dr<?qn7x8X9$zfdko_m?yFftJ>RCX5qUKFHmB0<}|wFcf?$I
zf*$W~EA<-Icc|8#kUcCcEYwukoW^o~yWnb`p6NwZ#UYI^6^cE@k7g_ttfNIczR`-!
zWeeyd9eiPh1HlBg$FI<gI6~UTfWDwKjf1kg3{V_a`vRL37dYJ%&ZUHrbyFzN#P<2U
zoG+R-_&lMMb6;g0)nMSO$|zqdgo)`{FcO$Uo#DI(g*wv?ibeW}vX8t#!*Iqzf~@AO
zJ>A?22%~u%HNj5Z;$SPqc#sAH1D+zYGhhPWUJhznzF3&$r*bz*PX-5D0$JFyQ8g@Z
z6*yX4Izu~iAH=-{P+ZH_FgmzvAUFXsxVr@o?hqt{yW8L{Ik@ZK?(Qzb5In(MhZ)>8
zXcEpj_vhSu-+kZz)n8xLt9q|q&+P8C*IM1ZcCW79U2Avu!soJ4wZG`~A{g|~Kzp>?
z9yE0wafVR^y4%-%K_fnnjVK_$ANZ`dTV8kZRKA)0Y<v=I3%c@vQHMYEUTR)9>Jyhf
zIvLAubya5CD~=8b`vzbMd>Rn9ZvZd3HQl*uZ+oB^t)A!eG?*hiV2GTqT08BCt&nui
zW|*pC$T|UXplnw7YbVVS|HWCvj+%P5%h&Q`oo%Lj8=9zj@@cD4s8R>B{n6dxuGolB
zeAlP;0TSXH8*XTffuC+Oi@%<c*2J+DBG4Tn-{MNX5)&0L98v2B{=V#zU<y?%o=K#?
zY&{>AHwN>-Gs~t-B<-$L!=~wal08GMsjADT8_5GXw*!BIPCy<tO=p9L9epb`rbX!P
z_7)MM9{E>@vOKe3r%IN3cBk2upe9UG%8ctk-DdF|v$MMNJoIKQL0&AqH48Ui7{X*W
zd}fqC5HIr8=d#<Mog6nF32)kD&Fbn^Pl@_(wU;-KBx{m6${L)G?tCOAu8%9nWbaVf
zvr(9WQR-BDH>jTrU~^?d--)Nb(H(5jZChT3hMnm3t0xF2^71s@W>5{e`XPnVZ#=(6
zYfVSC05J_z1i37Y0W5C@hhpohtUW{FePK7f61lkT33oSor`b6zQ4Y?mhl9yE=HsiI
zoe$W_6J~YoG<l^Rq@s{a2vjjKvDFmkDfr_X`2ol#$f3S@BZ{EvI-*uIGJ3=qq1biD
zt@4-mN>E79YUt|`;FPi!SYm&O=%F3f&E5$i_ISH*ici-tI{H9au^mnPylo9R;CxNj
zg%2O27zh|p&Njdv>0ec;b#V2+zx0IS!YHd@`z$}^c?EB5qV^Z^md;6!KbGMB75h17
zyNTa86vb75=Y?Z|*UaX8xK9-;Bs3(C;Nc_Tk(~OZ?GRCHqTSDTgwc&QCF+_R09E^0
z73JQ<p(pbr1-n=caM0~R{~;hwJ~=Mg^G>;Qc~ldxBfDU_lStWDsgrv=F4hdOrAMwc
zUrb1@_^X*?W|uUV^P}lFtR0$A$nT|(6(RkYKl(XeOw}r>E~*1ZV_q;T9)8kQL>~&#
z{nK&rh6E~wywXOyW?%X9v%kc*{D_nF?6v#rYdntU0LOA_3S~oc)`bX?L_Hk>ddXmE
z8_U8yviR`=3=b1dH+@|XG0}EM@xX~9I)&p1L8~cpln>8{wLh(%=kU%0^iB|)SiuOK
z;sp_9*CYo?pADvOO|lEKQr%nvNF3dmo*ogmjB(DIQD=x4f?(~dyPx1dYudw3vOVrQ
z^hJTG?R)Fsqo<NQ`M~4bZ~#T~8oTa!o1WccO(Bo*#_BLU5Tp(nNn-bX1XF%zaT-c&
z`p6l|vwUA)(jCn3LzEBWCibJU$k_J9J3p#t_9eW|aNY*ddf~Z|<-}^A$1XOj;UcpP
zIk;K&;$AOj-*AJ<s4gdUuleW)EFyndq_ddC+O1WW0PE9~{^r6TjPtJEMW5b=1~;T^
zs9c-XnP^c(ZMN<95EvDv#OV{bQXkBKW{8CJDOh~jX0^Pmu^sdFK8Zwx;y<Q&Wj4xM
zLIGDk!B_jZSnz>hiBQ!I$)g`Ezx-RG-vyE!hl*~y<=&Q4Z}za@gjRKlaW2%FgXkBO
zEpTFc&2N>_vbm;gO^K(-Jq+uF-y20h$*tG@OzB20aeErj>(9@V%v^mzSvi@(nh9pK
zmjQ9_F?kp_jaUrlNJgQd@P<ii1a2zie3lZXMk|IkNO0@wxEiUxKC>BzX-?MPz)#|q
z)+$$Klefm{X&fQG-fnfRHkE@%KJsXt+vUlMQMEcbQW+nn*V_{*y*qji6tCFar8HU#
z%8(d$Z+@`zhA$&9Zk(@{dsMutR%!<#qY)=HzDwN5Z-i>CJ`b-xUfwi7P0mlkA$;Ch
zz(>x8?Nuwk;bVjqlKGg)E2DcLdd$7Jp&}NE2G8HYiFIq_Vt6sX*3t#jk+Ya3D08g@
zwH--+^*J)P)JeW7rV?C5OvlTk%~clUQM2FH7Oe%RBYM3mzdgIOosp-xn;8%FTW=Pv
zH7aOed%ekfRG^g|-r~Am41`b-kGM;w+AY}$<$PNcKaOA&3{H9MiH!b3Z@r~7xz=|>
ztMquQdW;P5gHqk=rv)yfsU+szi(BcRSWVXynKY|oxzYsU76ZXo$7Jbv_a7d-O$wx7
zyU$eBBlWzXg5h4y_EyWri_dMwmY~ptIO92AK6y-AUyL|{-Qyv9N1k*#6Wwoadd}+>
zZf16wQnfXQt2k}CMDQSEp$8EN#Rg9@!c>aIqt~fsT}gX5jvm>1i|X4F1ff<*cm{M2
zZ%?4M<ymcG6&Gq)<nI-%_dsH}F0c}r#&)wbANmZNqW20Ui2JoEElPKDVQmXRCT6wN
zTR=N~k;_Z+jb*d1#skV0*4t!nT7%XM6c=Ohr&DYZbK4UB#BBv{k7uV&l;)6EjY(>H
zQ14*IZ*uTxf^w&UGOktJ!=Q-*BaW2whfmDS`fSKgWgXE)%u`g7gwFl-EzX@63qRF{
zViI^`Jr8zK=SGG2L}~P~iho{f&!c8`h_cX8Vj1FWcPT3v_I)oByFYLEzUrc}h_Pc{
zuK==3?0vNNfp+4Ui+m?sn=Pnht?G07F(`c{oOX4!6Bj-2hr)bsK7)pXgkZ+w&q=^X
zn)nK3FC@h9E}#dQ^OoE598DfGCxjITlYbt^mfpl$P`fuvKOyjS6lEp-gT+-?YHi^)
zt+#D3sH3E0e}LyM6z!5)Hs0)YyIs%3gAv6iYzF5`k22Y^I7=hzn3U)S+UP{C1zuME
zcP;Pfgn)S;UU;R*+t$x&gsJL(M6em-ey3&P^sTgv=x2NOAM#Bq)&~qU?GYE|@cnfl
z{L#kkSBMq5SB<~!jrCF!ys<Yoc!4!U+%kFU3b9}&XWuv`%Ha2)MqWl(KK<1x37gk;
zTB0?`89P>CphF~<JTIGs<TjhTHa*WKkPH23H{?>C3&2QKb|+ue-_|KO*GLtmg1uB;
z+E#~C8+s$`fNa6aja9DLv#+&-T3tdBa*fXY_MXO%0`+w|lF)!Uca?T1%N0a%Y~0@N
zXr(@7bZvixGcUwrTh;U`Cu?wC3lK|q7F~Z*B{B@l6-U|~UeJo#JuGSXanse0zO(IZ
z+zGZ~Jg*A$a`HST>Zkv;es%wur*H7&RC4{Z?9cZms$K<}r6M>N+3C+cc+HiBh;J>*
z(Ri020^DVxbuv-NR1w>xvhGnloj{5|HZ*Ee>xTC&;|H(EVUqW9l=dnZ&=%9y@+l1M
zex8^}1p%N@DZeh#l&sxB7S;#qd}_bI6kXK1p};3=;$Ifs7w&h6|4H!NQpH!KC(z)p
zt6zB4DQbFTj<?px6FT=|hpAgSVc-ZI8dsUc8$YiTGGaC|fpv@|`&qF+RT*x-lbd~U
zmqNqa)d@6v(QRI8_y|!D@5j<zSg&_C_mOAW9t(D5UtbC!su}u1$J;L*Gp0`hrCpKM
zsnr?8>oqjC2pKDOyP5cNJ~+0P=UD5$U_g@BYoV8X6+U-<HP-zsP-T)upTH<pG_w;u
zON78#gq@uKDd8_7St@VdMd)7~D4IVi`i1@S`uv1`ZJ;Gh2K0{w*#__z_z>WK2<Tz|
z1M$C;RQ@~S|H-`y040y%?+o?;vMRR!l9N;gMGb}F-w5=uR}ei606<}x4O2n+RIi)G
zp|7u-`JWuGhR6Tm|KBB~%6lye0HDr)O{iW^rw$_}RRN$w{>A~&!(Jl*fUMdQ@QVK@
z{O{<$-Jpl(+5=E>0VoXrrvEGXS6%<%MGtd!eifVHU&MdLe{+yhz1H^k^?wX1=;4gH
zuS{g6000Kt|HgvC$N+d1mMZKOi^A|4y@r2P`7aoS0p*q96{h;%h5r}zzr^SeRYtoo
zmA^BisQnxN3jas&|HAtJGl&lPuMhbDxiI$ssR4z7^lt_K9|HQ{n!~jG4+TB!Kj8ms
zz^j7($4>okD#Jg!?B8lb56{yrMag~b0l5JCf64vNZt^dsqQ~T`sJuSg-);GS>zUe#
z@o(k-vw_k6p=q3Darx><{V&)*ev_m)dG&QO?-+c1({%B837Y+V;pY=$oi*3XS=bx9
ziFc}>U$j@67k5Z3YJU}P`#q}b=vJxRz4VnkWibk*;oGg4Mc5x(;VfKLD8$wqZ91Dd
z_8?4<KFCC_cPP7J`dt-HkI$|}sT{XFJUo)B+lgl8M{WyLaKgI-Ptlxh2|D|W#)xFg
zM!^{UV%Q+F)=<CDmRmOG7)_&0!m!vT-{PD)Ig3DML)-gpv1DAMZ1C6&9`&{%DNYHW
z++r%1lixF=ycy@*zHoALr>^sj@zz6|Lu@oS|HCmpmSoc=_Rjk(4UL(m!agDEDzEgh
zvsh4eOOkEIR89>FDP)b>Ouo_BsS7LYo?NZf2}LXO4yk4=Vmxl_wN+-7KDW@;b3=Gg
z;9Vf!e$rw9WJw}oAPW)up_=L3Xg5>F!f|4M;U;(-71_Py=>;f6+pP6`c0?(pND>J}
ztqo6Ye~DuOGLqp8F2+j1CYCAW(4&47&jqM*1^!IzS#qu{*7zgXQL4vuPlfg*2M`4O
z?5lB1*(@^1T5&5MA~IWOhtHTq4{;8qL&4tGah$wzN{UF1AxC@{@qmsd$21g(@0;}9
z_-zMxLnY4ZeNXG@->!E7T2j@413Weh**+NtY3^spFn^M7zbG7yPInVKZnC|nJvIjy
zNF**?4P3~qnM!mh>PkH6@u^UgzQ$Oj<x_d8e5Qya4BRXh-LKWHi5$gXEEr9-@MzIA
zsXFJiyJD1)x_Xg}wSDQ+cxZ?&`Vg4Tc;^kXK9=0$qWu}uFP64Q+=kKDaIh~DrD*GV
z2mTV=MiKM#JL7o9HE~GD$Aag$zHh$oh-63}UTS8@4o@Bu7~EsYEAz`w*K=uZX>Zf{
z;&)4?x$#o5%apO=P%_s@g~G&A#K%y5%VTFJ5#EE(HM1ubA9zE?wm!@yj7VvWmIMa4
zwsK#dS%@A89g?*;0QoXQ0_wv@ic@q+6|WzEJ}VJ`pT>7#SaCz_*ge_lmkhwx7x>Vo
zudc5zXoG3{9=Az-{c{8{<}I&?$sA=Xv{5nt^ol3<&uSZ=^dKUV@3XhhoUF6i9>+SL
z;!al6FYn`>m}rFc%mgN`ljnUmoG~$>=2IF!1kMPh*v<w^+4e_xbX%>dIkJKrRk7bD
zqi0+|k&P6)!{S&)rBSq!zS?MFe(@*M8>sbV%t~#KDf80vqSst|Yjl<dq$<mS3USuT
z621A@#Im>xw?IZ)r+tDndRLy0cy9(apWJBW<CtZ*kXI)b8B9bG_XDs)tzzj{&!vzl
zC}4~2UKEYNncyZ5;hojdBm=~jlarHO0*pwZ?WJ~EfCQ8QahdInsQtCH457C8hre46
z5!2?V;6LZcq0aF2Ts<KT)C_;UNX-Zig7L|_(*fyHnUwSgd0SDRDNOh=<Qq%>?2j-H
zPt5tef<-S(7~J3&mh$5oMi;X%@-ZEFR=$P3$FKeEF0`vjCvjg2J5&_|C|P~?A`vjN
zxUFP#iie<dJsaUmIG*=)7YyadF_wn4hBYtLG#jOSN|ku|x@lS1*y6VU7T`;nL(D!~
zg_2u;K7_%C8RbT?IOx9!YW=tdMac~s;xb)!(JBPnY<JIAebX*T7$GS~_Kzs#T1k<V
z!Wyk`N5!~Cg!)G?w+$Ukts1j~8-`f-9Ve7Y!V4*|#gseI-|RE82^!3TJWAQjr5OFG
zh!PW`832q~Y6^-|G^eoDP<rzSDSG-1`)c0$_hXih1RgJ4LH$p=iR;0i+b-b3241Q%
zK@%}IqNSnR=S9=IevDOTa;}e#duJVd4ziEW<Hgn3*IhwGwH6>WG1?X0aM8es(V}5X
znt-T4NXOTMF^6~dY&8a79Nw{P{7UU;pnt1L_a(sI5|7TD!A-^VIq)NvYVY<?3tb6)
z$A#aY<Ni3G`WrlcY7dRIaJBHw<3i}|j(#@#WI9Cu_<a~1!{RSea*I9U`a`*fYevvt
zI=C%=jd6Twlxz4=MOsrS*Dxm6puq8^Q?B9VH5rg=*k=U24*bEdJaN$mFaJtjdA1lq
z<>VHRudjr1a`RVCPuv!jXoFv49DnB=<AA*q`Egrp|C#?#uHlNf{vTq|`f;ET1&%>$
zatjjN7RP9V=O~UZe_2PgYgD&4<}+)d2L1Q~kf|*t`p2#UDkZ?;YhUI_>4!iaHC?=$
z!PUX9$aVACX$Mo70RYfGJG<c6jr!vU5wSKPf#{QM0-%fuAQx7jMM|m-zy_cIqg&Lj
zj}w{~UMDd!0G#-U@KT{}2bl`GrtXL(QKiE-Z_rIF$@EydEWa^i>9jR)RjJj1$Ow{j
zSgKp8<SL`$QjKtA>d0<<NdOoCEZo;OA%I+$j43QGT`f#Uu2P$wp-iQ=9z<4ON3O_(
z3%l~mB&|ZZ=_tGY8REZrc99wmctQ5S`DRw}L5zsGH9Ro6^K{DnC*`8~F!vt4O=+JO
z8wSCV1!sc!u9lP&$5)3QqUxBEjlHvLlzT;Mez{Q1e9I<y|F!)EwAs%M>USY6CCl)<
z;*%NA@azF~3zT1QF$fm|(BF4YUl;fyI(!#%B+VSK2ro_Dt^~O@t)O&kTT*F+gwJr;
zkOb!QyjDNGuOp!N*KDrQ(>}-Lj=!f4vu;<3Y9o!gGgAUvH?@P0F0l(CIsm|5WBg0{
zUg1-16Jp(Yp+5eWa0zj{n85+B)FMVf1g&*cmw+D|j@UopmTzF>j8o_pejw9rQ2ID1
z!Tbr;Lj*<r{9Q10PGiC4O?Q25-FoE8t0G!zB|FNV!<XXOJT`Ih%tM=G6+-igQWZS*
zcG$^P-XQmG>~ByWQ0{jPYd`!_r2vxytK2dZt|bX?=_8^3K|g6Om}U_5Dv}4o<>b6}
z?|h!^WFMSMaGn%DiJ$(h8k8I9G~D{iOj5Es9fdHmrrdPd*Yk<eYT0#5A#Zp8=J?+O
zMkFK)kWfylC$GpY+_ejE4#Ll`Vk&)QLaD}v=qdtGN&zVBM@+J~YLTb{0HFoapehBY
zGN$S<%rF2dB%Xn>zM28xNF7vCg{~47RbEBI000o}RLV8Lu|Zb2E$57&DRN*51~c1A
zx(@wqg8469j+z%{X12eGCZ;+~47)l_Xq48tOcZNN8*EIJDqN`foz<G+!5~-g+Ywij
zw~L8jGLT`nW;t8q+p;e1s4bBKwXF<0{l(7eh2*R@Jr^t1IiNQOn4r#8-BE-Fx5I?G
zo+HuKhB~5?4AV)Zs=b@zn0bb+yGqYe5Y3rJUARCqzyDC-eB*VoqGMNbB4`_4xP5%s
z%{WWw_!|?sapBUe?&jN3E7wRn%+;K**EJqXptd%|s?vngB$#E~l{?Y8DP4rUy(zP=
zB9BI)J7x*)YU1khb`ktmxI1A=u@hXoR-Q0kzWTOuYfe$pUlc@{Xx(X?kU0cyOVl-d
z^^i&42zKlq@79b(S@i~!M~hVHZn~Hh7LK`cXJIPp%Dnqd{`;ihZ_|JLKH-ov^bhus
znA6$3^7=cv?#GL~9GJB7V39o8_{^~4<m02G&<auro)_2Bou-OTs)}X(<VFpJk?C{n
z#q;dRsPK^-lFT*E3w7|}Q;q!K<t-mHy)al#Em`v3#k8clLINbQ+5+DL($c7yG~o#`
znAR4;M`0)tn7`^d8gT1J>N_fNdKGhV_r(h8nZB(lhn*qYZooa2BVuETnd-5O@f&NN
z%OPu{Qf=3#$JGLrauS3mq%WbzU7oe<gDw0$hK**AbeE<0`QKtrgFdBCc$=23v7#T&
z;AXYoe@9itR^RcGz4~s>8}e5J7W{bRId1(x2Sk)DkjES$o<GUL*DpF~AenTG_wA%L
z&9hWgQ@((3p{%$<>a>S1R*p)}K>Fw05kaIyOgi@->7)J`76L2M^}1m}^2f_4Tw<sc
zGn}>5Qj7;B<BIHkGc<QT%wboaktA)mGVDshbvdelW=>j`FFSm$`NhlYgmN1uW~R;X
z2D==Cb1<jV42|OtoPL0SEWvuOwE253e?o2?Ob54!QbsV*XZd|#7|g>dD#JsDwLqI+
zwAK}26S%pxjf1HuI(s6KPpSx!vBjUBS6H4t@hz_uw|2o~f;Q%y20H-BY6nZx<{Uau
zf0cWz7ROlhQfg%o;-c%2$%@?feQIDKkCY0*W|*4mmyDKYEJdwQlGDMpTxi}WvL_eZ
z)|iYW_OY+ql`-jq9y?ZeN=Ori+=)_cEq*<jMGmvzI<yvJ+>lRhS~E^>3td3pWO(?A
z6}nVydbgno9x|AYg2T3Om?Q;9FG(y#O0!$xmO`ThZQp_P3!zE6%5Q1}Pbb1YPse%m
zkE=*j$z$=M%U+%Y3ugrFvd)JFuJ^IUH)b*eb23#YC568Un0qTxp_+hk0+@;Pe{6V`
zNcB-CJT#lLst0Vk8+_~E(i;r3JX&zWkFfVLTP3jt27Y35$;Aj3dOQyJfh!J-jEJjo
z?HWfcZbVGg0^e&cTOmYML`F8(ghrM<AhZjb@e}<<ebX^V_F{1=y{~SFAkLLMjB>=_
zl+(D~0?H+cvuZsmX6h{yYUV1IdP&=3CjCvDs(wQr$9*Q2v+6j$12VR>xsHkm7E_=c
z!ehy9=Y2t;p4(<$vz!UFNOrulv7j}WrH%b9&slS}SV~Gin|ea_^*Jssm|7g#?39!k
zPaGNd>8Rf=t~XwgkU7(>pfN!Y7d>r1+ZvDX9LO>@T=(9U<=dk5iWo<-T!uZ9?ZoE$
zdh++#&d$cJ`7E30@8?4h=8o4syKa4`_x_@E32kqD$e5>9i{TM&z^GV%6;f<ccBblN
zo$`$}k=L<fyg{~hB`eWJX$6$9Vw`40Dgy|XEKlPHQa4YVT0)y#d!j@GM?VoS`va8G
z6uzk_$a+g0TgDUVMR@J?U3^<-l1#5wRIo!JO%~4|_r9A~>b979Q^g-TBo4=L0Sr6a
zCcB~_L@q;0#6E-plrJ#c@3zT|B!hBIJ|hVXkqL?L(p^+-m(n>Vt9l%W?(VjFxGkC-
zh|MZ#?uOrU)?`knxFq!3o8(;5eFapEWb>k7QC2~HgrHu&p#zr<w&t9ADl@9Lz}FN;
znZP;3h8ZVW^V@9Q#7YS!9+rBC#uEY-+&jeWoMrxdvA%=FGq>H%SyS_11`5G><8B?4
z<47={u3;-Jr3#vMKPrtsN+_?<9LQ^XG?ri7y=G8$ch{eoj6`^dRgkcSi=R+#KUeis
z<Ezz%hvEm_Wsecx6|zhEId7=|-`U}K1_h_E3abG*Q~{DG%Cz(WoO_gQZ8ruvoL=_$
z&Nv5JuFX!*S*c(2xdu%`-$BZ86kGruy@7k!L~Ha_OW<@tBL4NgEbW{EleoartyrEV
zt4)x5;Y{K7r#|SOk!V5nw1=-6wdCv(LhLz9*<Tl1!m2;KZ!~+4*1sG2&)@aNhx5vf
zz2zBRdd4ByuY}Dw1Kc<GE5x#2NxVtUFHQstrY!`3%sR}<qQL~+BRtkB+5bQ%Cjb46
zxc;x#sp9Kw@*e@w20vdXj!fhh*Kr`nX#H1UTdv{H*U94_(qAk}=1+cD99#_kHP<p@
z+4z^ta8Sr^Y2)IYtGUK=^~kxVhF(}jj!gh8!oU&PoGtrSRTX8KrYtnB@WL-Y*LdK>
z*9auzz==joGhKL~8foA48x~7h`s&4=kE8e9TTd=sABbu&b8rAD!IHKe1231|E>WSM
zr~QuGLC>2)@x6?G#a0m)iC8xW9izg@bbr5NdsWGPEr%{}(Fu%tI-sYe?fz)-eof;m
zz3M7^-4{NMU&#yMc+M*kKQFulp=3rqD)?9QJI$Mw_u1bE3!br;E#$?|^F>84r``$I
z`kdVrgw%SkBQRlRCvDqTb;;((n*Pe=alU2nzE8)$9@f^X#3$qI9@WUNUF@B^RQDR<
z-CaU~$8a|(VYq#tcnp|tZ`?=;bS6}uuP9Jhr?f08(q4|tV7PEHs{-Y+;hXXkEM}U6
z3rIhx754_)k(d<YZC!7`1mp0ZQt8C2N(TpagjAcz>3%MAPDH(RG!(jW``OU3Y?wDH
z6qVRd4RsQ37RvH=5#?L2hlzgd;fcPsjGgi(?Mj5)FgBS0kAspYfs@k>yw!9gKV3z^
z^c$32`Q`mFE!1WGb91nI+`Sb-b9tkz@>Kj*7w+v4N}JATUv7zg3BC6?jT;ceX$4KL
zT%|zcyj4@$D&4tbpYfbamhUQbbsf=v!)!j*wvDlT$YJYrG$LY|4~7-R5>RqW7Ic@d
z2@5NF2qsj=g1HTX`KAN$<O}m3&c&To=M|Z<#ocJHT0fGhw|nf0c%AA@KdXAPKYPRs
zzkPyXH}S57+E0yU;*5S0Y#wX$pxt5xCn56-z1a`p%bl0zo*dU9+B|=R{3`qKa}Rx7
z)Rgt2T@szK_&2b1hSj{1T@#6AB?K>PqH{>y$=J|V0wq4@yZs|}M?9&YMdn3m=Jk1}
z<#gj~1s?Eq4&%)P$}wm@8MmAGt=<liCw!Rf<3J@h)}5aFCz0<(>cH;A$w@_O6q4kS
z+*PAy;({NeF5GF!KRHnqGY(^h&iqVJKia)NQ>r39ESZt5W`>&m+y1Ar8(nE+!Km;i
zhp+!E>a7e=!Benl4ceOMt5|2e=QItKI`J=rl(R)Av7&1zL|BdKrBl#AUN;1BPc8?T
z(uuBg*A7qm>fR8LrFGkSkdSCA6EQn+#KC`md*KSa;4fdn5y$zk*p{=OhbNGI7E~Et
z9;LY@{n42L25zcM)b&Jv`b{o0ef28c@2mMLePB`7nsd6niS@4&uh-)jRKcaGm=8$^
ziI2`^ZHtI{jvD)hGTNI#(a&oX^&S$5KPLw>!13Lw89!iE$xEMP;<dX0J6-nqV?mIO
z#soKwzCdtRy!LEHj|-PSW^}WNAdA1Vm~UU3)<&xN%%ry@M>F&L(xGyKbZ^RBh_3i-
zo4@_9S`x0c!ctdBGEH<LA&2_qS-c+07RPo)w<RlvUp@MWV|%kz%c;R(+ky&ZaVdd{
z4BMjDWyzEN<Ep(=i<xfE9NjSG4}AL#>E=8YP<@5|`r({lA3p(EL7G+Ym}L8<%1FKD
zB=ptEED?=Y3%g#UhB!!e5M0@Q{qyNMTC&f6vL<g}ho=VW3t|On@}!E~aCQiCG}z;p
zj!JCTncBJgV^?1vYnpyf+U|yC+xzr#^@CwOS?Zt|TZ$aF>z}i^$=prrl6~M4&};BZ
z)ah*Tt8XZ9t8baag!_U(hMB#aJoflA8H4fcn3qoxf2|{kxrs=|=D-%sl`&6WS;Br!
z4XQ|Q<RiO4iH(|-_e4Ic!e$%EJZ}mDG-P@mT(aHk>!Sx|kWGe9$sYE)4fQ4vWsrdn
z0`x{wP<(D~H%)yBM^vzQx@)@F-*#a7t-#gb1)n&2v4_fZNC8|(;V%gd_#JLkTIyVp
zIwxDFm%A5Uilpz_Aj<-t!2}gAxSFxBBqi4=iS+4U$Aap;m}Fp1%=6Mc*O6i|NrF&7
zp}?P<3H1Gv5op_cF~hS-1{PLy-JGshZazrPHu~Ao&cW+MsKROTkE=LC6K9;RFhq<j
z+_8$(H7b3g4Kyiy4^MTCTO<n^+sRJpx4@4UG5J}z{<xr@z}TN>{6=MY&zC+bG=yzm
z`bU8kIdPN<6IS;In&UC$A616I9r;Zpxg^*+Q}g`LZx=zaL1;T5iW0)d?y1G)ZiRP<
z=BK-+alNiFr=~Be)zCH|x)M1f5gD+KM2%tDB8cX3mN^XzSZDx_Dr-U;vq*`F^HCD2
zCn4?m=)`!HpsK(mB%Kt*y>yC+&Eza3gMlek_vfGp5$+bt1&>zfk`f%;_qWCVr~)`M
z4IMzlGebrFeO-0tz<4!gqOkt&1q^F0ZC&MOxJnRQ?tQZZ!z`hSLw(ymn#q3}`b{As
z-#Kb3-2I};g`C*u#dXveb*$VoYwPa@OM+jw$lcWNT%Uo+CwaT`)ehVx3&2&2b-^O+
zG)0KT?kCMD@P~pfxVI`bU%DY19;t2$%RO{M@%s{=1AT~x+tFq+nV`$Wg<IUVu#cym
zJ(B|O+oQwr7MoXj(}7v(!TDTT-CcXnwn5v7)qeN(=5D0(hnG5<3M4Q(BCI1q_=?D#
z+G#G^@fZuoeQy7veUa&GmIf*0e3%E1qYA#h2}V8#8@dLp^pe>9>b{I(uCLH?Qnf=(
zL6Ylel8u^ItU8o*S_HWh(B1uDym<dZzHQWR8vOWEkRZEt2J$fJ>HI24au-gEx7<{t
zDYUX^8$ukQ#Q8gIUa{hcv`hJPcWS^qQQ_Se%!nUc_^Ch=mcjhMAh@&zOA+kMH}uBO
z%?`QLe(#$LF%dr=-&8@Y<uvJ3z;}q1Hl_ZruPAJcG|%RbFD_Y1FrlXg!+X>T;VM$K
zwP)L7cyNZlQ~WnF!W;woO%PA_d^NOTvZ!%%ebQg0?nc$}7_6xFLh=b(G2?c&>>nz0
zvnXlaccfPZ=Wc2UWkh`Ro0mGhF@$@L;l+-gP$PhqiOk?TE$BO!ucV9XSGe}p+b9I<
zMZwmM$6c?dh7|BT?07+aa}hg)XZ1cSmDld>)t4z8b*#d9JXK~ndc|mvJDaHkTVJ+i
zaQAiH6Jc`~=fvfV{tc*!QWKIOJ?p&D9M3w3U)i~XZWn<|aBx!)A|&_?5NQS2)OZg4
zB6&XWvFh`)|627qcW9k@x367`AD%{b<m(Z|&?ay2Gss^YF$shgc>mqZ{_PXf{gbq-
z)M_H#lO)(Am<Ysa*`dw{-!A8u9`m<<1#ThjQ%3u?)#9bkMB6V$-Q7E?m_s<5uI6&G
zAoupyFa#n+m1TB><0g6*ilDsf7;|hKFFY&y!ry<N^E%yPGJ&>hoxQ3+@^wV*S7lHS
zuGYMEk96}vAU5-ItFO=1Tp_j)W3`3)%Bt5dT4p=8uXz+IA%DO8R1Uy*l290YNduy;
zYOH1oQTjPh51vGzL+W1(tArdvG$9%gRfwvHD%rnp)Q$3Z6yJxy-BjS<K?GurT9tLV
zES|Z@Uoxu>SOA2$T~}8AUG(dQ1$Gl1V5-OU8OtP#DyQ2KVp~@{Ug-!}&GwxMQUpBx
zn<wIx(?>uRn4<P7R64MaeG`}gROLiK6oGZX42YUnc)Q8JO4|fZ0`q_wwvfYg7KpAg
z<16+Qh(M5L3Vc7Z2iYAVj*$BH_V%{vDrIhBrMk>a;E4mzZwGE{8*VC5o;}16Hh6SQ
zrfP0svPM$x9)!$VqvyRYQzeGjUYtsTmnsk}bO;f%Wgp3m>c#1nSZb0hccyx;qf+Ur
zWD2gV3|HA;tD{O+vH{D!NuaDu>mf^5$oI0<Ma|Pyq1KtiNntziVp~dJC;hffJONLa
z%Z!^CN$bXaeLQCcc_*<7MTLqKr33CUS{<<ir%AGOl}ZTqrWbZOsY<05WhI7^Erg{Y
zO_i8gj>faRJXyrVQ{=#zblQuulzkYNR4HGJnKrIh);1F8rAkfGe!v0DRju6vm%Y~+
z+4d6J<`yZ3Ff%1pA0+Q9iXFt@kR_<n+Or*|kmd6$?5n9PJF#u6vW#lUQ$s|ybtY*%
zWNDJW9ctHBK$!M9L}olux7{$PRVg=<$M)S+%A@;kTz(iw6R7=_fw*bBiQNj-3qm(+
zOl<8ts_nYI?g&L(He8z)zK)h>e=86|4?gkL5O2TWp;h*%9JeTm-$}cgkG8VA+}gnw
zJyy<QOvcs!ApLdY8CBw~Ot0}4-pD0+{M{fikzc6t083kef-g=4;VpTm1NLbGQ&_Rg
zi(=6w$<vf%z`GQ@&m8LxBEODy{JqbB8J^z*RDPCLrZ&Er`;!c;RWbOx%0=YC5lU}D
z!k<PJhEH1w#DBzw@Wi&9Ju^g<<#*SdM`B6yB;?ks-Y)L5IkHZDr)8G#`!x|-5n3~y
zf1^SrM~dfy+aPd#>mN+kXf7!gqBV1cOArok?sQ%MOai+oevVF!4JT84tE1zN*Cr09
z^N<c02w{|-#=ytEUueZdCCYp2V82dGa{TIMttU}le={Tcd=jqV!&8rjgC9Fh8NhwZ
z_|A<9i<dft5)1xGJiS_yiVhjj6Ek*7`HZoGiFTDVew-MSzZUl(II6`==A^mAAXw;)
zX)Gg2b+N0cvxsDJv?js<XcF$7$Rz<nv9U$dCr7QYR<Xu)aslq%Z&E9^u;PnhR2R0M
zgVdBMr0nJGWKr>gR>hzAQSyDL2h9UhMtQyBh|eG$-Q-1%^Ka5-G%ynuVtMYJV{CAI
z9Z#UdoI|0Pl)K*-A7+R{TlwKsCTK;-Sb_HQC%&DaZMDQrS6ziT3+^__QOPK{z_6LC
z^U#sm<#yqo#$H+Z10|>1MPQWb>o<|!QJn@!TdW-Wk7$v!Z>WIQ@3+#J80G2qh?d9B
ztR^g(uM0gSI|tWVvaB-q3@fvYSE%|%HvlX7vgCO&1djt!Ve^A~zDy-(9Ysr2q8Y@6
zE>z5OShy+m`7ttlcLu2j?URYnvZ8=<*9hv_M$<-U*jni6UpbDjvp52wV9H>G_j)V_
zD(&U9q}>CeDz<CxjfY?JbLSY;cNd+cJeH8cWYwL`leUa#lPQ3wP_CRP+N~pJn{B*m
zMPB!`vhlcKg;T!Bv67?))<AFJ^J)AnBYd3id(KAF4iCBZkFQ<d1a6>IO)7SZAt|(1
z6|<7a>BCC1WWQkndyoBFM!Fq)jhR+xaDls`W3Y{#nQx9SSx7H!hsa@b-1&G{UMJnE
z`ekU^;RW|v)Aas*^3?PcJ08c<8)kjicCd{6Iy9z_I2kz>vkN^Za<aXkjvpQ^HC>u{
z;&^7=^=n8eWQx%!5^!pgjD;qBO#P6fy@sq{JnG}R^Jj<Kq{Lr9&esN@McKYl$&cLA
z1;8GUwT;o3hJIS{0x)dSPd7;{d@lwot5~3mj#pG8N9)v05u{{1#$r>Wq2BCgpkrV!
zftPC5Xr&$7j94m!qC)Sa;){GF^n3kQ4&QYzY{lmoIK=3)0+-d8MLrRjH9!r|pH7d#
zJ=yox2H^=qJ$;Hb8#;9ej@ly9+8m7=oW8}QYQggHqG$>1X6)t)?p!wb0SjJ_O^sd8
zvV0>fd~h`rQPgCn^FiC(BO>y`xw&3{7-egV2nbs-gci?HjXmb5HfC4Sq=pv=h>ec5
z%}pgbRqzyNRdhYoO?`)gQ2GmKy|O^+Ywdm-vj_yD{`eTLXtPqo!3kp}mR++GyK;>G
z5%Q6%;R>9VC&ex-*^7+UzHIJ-8@bX<n2xWnG@euVXZ3MX)-AW<J=}M5YlB#gPh48O
z1IVmQwti`Ut-C-SHW`Ret-d*T4ShTJw5g0sUgQgJxFM#z<Kh3l0!R19-_eSd^f`|6
z<bv>J5qs%)iTe&)2yW5Y*EhlLGL?xOOUENnZo`v_>26`~H5&#MA2pGk@x}sK*bGOi
zeUZUE1_R6-oAyomoCWpHtEfuMR%=It7qse;Xayaklplpr<dO)El&?C+Ibb-KA25k6
z^sBw9&As3II5-w<2Hi+9^sSx+=6VZG;C<0<#ceLO274NIr;yV6C|<2OU7K(=Ud5lg
z>fW$0uNNW6_XJu-QEthy_><%J(QF+X-}Lx=5#sFiIu8Wu^Xc0@mL>MO&el^lpBLL(
zgN#m<27taznGz2&%S&wBUkx$N8bf`w2bes4NzMGG;9VbK<}TA)o*=8)j__RJ<eI>d
z_SUAphGcS;2s!wvgM>@P<%QyLRZkbFYo!0#nE04}Hgxxll-KG)cEPs;vK>HvV8G$r
z6bvdzB{<%i^cyCdkUlW7x1$%54DSI6l{n~;Z~2Y_c7hO`Z85B4{p%4+$@=<rH!^%Z
zq!SPB7Svxf-foxquEQ@IJCvR+DFsMWrZB$`&m?4>OqH$JF}$-KBAE{_d@F#4QAsr!
zR^r~NtkhV52{;k)X5`cVvHXqZER26;w4g|>y^rv21{`*iUf!mfI5y-d$<3cpb-t0;
zn?oi*fy%f!sIYJ>;!dfg5A3#fj~tYhL0VX2TRvbCJn2d2%iQ3=PtJL=A}8O6TTkGg
zcSwF-N9b+6eC6Zu2-;gjwVG5nGX1$kGgsrUgHSS{H8SivUZm-pJwfxJncnN^>EKL9
zEYqH=UMUt)$eSSYbblVMXa8bJwB!PPor*@a@*EWAEgt+DY=7iLkwWk`t8^AGu;7h$
zhp)yFe9FelWzx3Um%^Yq`w5Fe>ZR0d@cZ@$sS}Zmkp7UPEz{tH$xC-PEBM&YI|oDe
zc4U9$uZxt1I1<;Q#;v8Sv=@e^!8+!v*(R&|?Sq7?aE@u^I#p~B?{c#Zx1Ub4JY*ux
zJ0yMc>#=NJnPw|sk6idUg_=tzY*2n$3h9oVw+OnW7CZa;=>~<Laj1?P*@N8e8#Fgn
zA0X47Ycnz<N`IEPAN{&|@k~&NZ|nwK?kHm>cfH6kQ^WT+njCGo-ToMAt#`hcWERzR
zDYABlH=F6PD^T|AUEJ0)ffREavN9`}@kKTUU}XDMf(>{i-MQ30J)U|*_l9IA&(^wE
zP!$=NDx0m;yENkmud;F323;8S%^oM2$VLh2GE?HCcA|?icCs3P0P|99g~`+dY@>4n
z!o$5-?3B$7+}G3xE%m*yQJw6BOmWeo?P9karc(hG{Q4P;>8Id9eqOu>dirTy%sVyz
zg{BMliti?}_#wCUvdl7`^XmJoCX^2ZLlN$Z_}|S9Ip>0gZHQSl3rS&IZs6e|s>0!j
zu;=4<9ogDd^e;uKIF~Yi-bBzP#~NYf;tD++P>SQ16=~X=_eMGe%hhMw+%7w`OoZ3D
zm$)7CgbmHApVOTWE8u^BmR}y3hoL9b%41m1*?OR#&C~sClD(SekEq}_-55R~bm(d;
zQSSJb8vZhnPo1{?7^wzCH=9xLq7aOx(E8!m^&#vM^O(J$D4IV;Q0SW4WeSG{ooXSq
z)qAfJFK?rbj5{cD<~Qt@uxdb}bU6KTPfRT9Z;p#t#>!ktD-?Jf_5)!*Ll<<4`-bep
zq?A%rs5?9q#8P`Aj5)C7ix!`7St!VJ(<Dp(gidqG#(a<q88V65qdg&$w)QZeeXbSX
z?T9dXpm)@azb$_5l&HNWlDCO-b3j4e81i`79oS>b@gOn#Ovz?-idh<ngKDYu1)Uu~
zj*#{f4jE!siOdtFpuDt3ZQMcMk-=eZqyz=BZ$LScMp&xnj4p8dQWJ7Bii26Aja8SH
zM!yISk5nR7D14rbVnYQqJy}{l=Ti;(E1EcXOJPJG4a*J@$n3Ua=gCBdd%qsG8p3Rb
zKcvjutZ}yXLU`F@#K$JjUMo+>hkIh};m^zULxbXjP$7N{UGRL-Z$!lCijjo@E=q})
zr0F|C>!M%9cpjNe*J3OeQNH4eUw^iIp_zh?-Vg(J#{+Z&S0pQ&zPN7vf`r?|DG$9!
zzZZy$azTGj9I0yCO1nGf;TRcDhs}U{SkWqk6$?8Xm6X->R22y>VRiM8evU!grM0J?
zjOwk7d7kzhWxmq{PLHtCh&if{uf`SdiWn0s`}sE7sJ2H7i=vD#u>{&3#Zg6NrH#iq
zo=_JqmmjmT_=U$oj+@jX@YGZ>WoL|)P&e1n3WC#Ec^!O{Xs^+FwD=3%C1E(O$Ata$
zi`I1qtvwL4X~V9F7~_k#8Ae?ZqP`RUwku6-*D$YHXop*0NaErokBayz3G!5gmOLZ}
zB)TC8QI&S{H%~0?@)B*%2F`a5tlHnxZwWPzbsNwvnsy&INf&K{#L@SsGn%gmV8~KF
znM0nrPH}fw?BsWY6Kuw~-ed0c`4p7M@y6v6V@@%$mow=gy5N4;TOW?o%7rQcew9o|
zI;+Y$qbT$cmC>&_{75eg@pAunpZmfWE1W4v`8`GZ0MURP{AbK+tv4V!+6h4JB;onm
zL4~YBke*?fzq2+h!U-}W;oB!;TRIuCZfO_axKDuQO*okL4Ec2)+Mv<Dz102d@ub_w
zWFDJFxbR|jOnyx=GhxZSLCJNr76RV<I-^^)>PI2{x1mW(!|+Q$FwzbQL(@;|GBZX2
z*rUnO?_O_`vNVNpHmFeY(Pe|+jbOxkOniO||NNf7;Pd44doK#Vwwr)IZw93zG3_k)
z?@20{ER%)=KlU6bAhoadubU46GvfxDaFraxg1QL6a0&5IUd{3i*16Cim)RZOmR+Ad
zt9BTJpmG3;%$7t+Nqp8~5Lpogvc~Z%&r6hldmE#%WZOh$a(-X}B0Cj3D$XD<QHWp?
zk*z}2biF6CWQ&<KMmRJKfPZo}^LxUUoJ$x+4U?eB&5K{c$cS*KwdohE&<-%@j)YMl
zM=(%ssB&1$50kgY&UJj#)Mr>AW%JevBJi_O<a7A({d9=8zha%WJb*HZckB6N$L+b>
zv9|=eK9oc$_|-XfQNOH)4}U`OkUDknI3T5ysD4ScjN5qP2Ig{khi{4YVNvIo+<|s@
zB*tx|f^kt-o^Gc0&=5evWev|Gi7H%A`u)@gCX%O@(yf-*$(NqCa0I-ILw_Z7S^oiP
zm{Tbv2#{-i4#0o!NuSt`=K4<Gx_>W*KGXxOjx^7*-1uVB_*t!@_MEg_O>{~1y>Axc
zvLX#g`b4^g(@9c@e7m&u*)uNOUdO?5u<)DZnbCrh%z_abs_mg3V=jX>+E5@Kc}+AQ
zq@pQKTzdbaCpHK*1-4`ZWGZM^%f*^Dvs60tB~T0cS%KL$kQ9@S(T;=%ewV<J{d60%
zWRnmi+6!L!g-Jz_!TJf>MC}U;ON&fF%bbE|%m*H}u1ke<2Vw32MawICf}v34)0xfa
z_~Shjb%dt@KQ(k3nt!O6y{L=KWkKXpXDFdPD$C9s!c5+rf9D&<3JD{%CQo~~apwZ)
zMUqf#g)j4=60KZ3BXF*Mclb?FxO!dBbm2J+4Kh5@sZ`CemsRNDPSfdjd_4@ez0tCf
zyS-S_tDoJPDLeH-8231f>h-%oeedL3+>)2t(76yp6^P5c=c$Gh3gpA@!p7&cUDM+C
z@@eu=EWbO`U#h@VsS)iaEEnX!^wc!kNNk6F;?{@tnCJdy*ePD%V3J`$DkfuI#&x3G
zV;bX)Qui-?QrL~64E_bUYdEo@w>H(auJtIZuin+0AU)j^suuoU?ubo97GD-sj(A6X
zUC19p5it2JwS4dyUhryVN(wY`&S!oP+RTUNbLCG|Z=Ol7Z;M_WXV+fnyseF2&)e#|
zw_U}pFW0`9J~9kX68L6ZUw1#D`kNZZbBzaM7BHRP_GCdPk`KjO)YmTwg)F`4Ero7A
zv>laAO`(>UD$LRlOGfH$@!2tgDh%A?AL-|%g%U5QW*O<Ak(;V^L;Gydm|OQPeiZXp
zocL8E8wKHNO!F?}TnNX*%KVWd$J|VY*ACU(W+>GRG`8fX3cOnAd<#I^67{Rz0417s
zU-0-|5xVs9!vjoT*Cwh|Ee}f&&iK5=lS@39EO%TnV#zoD>Yd!Pq;(w~kT^Z!{DUZX
zME<#XFa&Mu`@=~^_AUUW+<#7|4up9{4GzbjDK1z<Hk)~<_hRCiEpLga8)WZZ3*o6r
zI_;AxbltcS1tU#DbMo?TP#CCSU97e=aLAwZ%EXjd11Rlc#syh}vm;nlK6%?GSSc-z
z+lidyc}-*+h>)!eXbGxciBcA0e;O==_{w|HQ&_F6A02`fhrVb_WXu-U%{9cd#GgWe
ziWh*g>m3*&eezt}H66*<B>UV@)NNwC5wlmdiYLH$W(dE(`+RizjA$>my5V(=Mv38-
z4z-iRbD{Jv)HYzBwyA@g7zaFy;ukz4S=@I*4~0Xeu5UH=rtWU$l^1@-EZm(*l#Awx
zwnzqc7Q9;CQo@HOqd*{AiZrfqCt&R+H{b`jZ?&sbdxj|(*b!l#NQ}zL>oUB-rop$L
zeBr8BLd4rYlGi7LI5tNBK9CMN1>1~I=g?d`t)=)Pq|PSlu65<P*4O(zPB$((8g$tX
z*N~pUs=$Ma1PebmZqvT*!)v#=`g-XO$D10=z?!Yi^<YQ1e2l_@o*wz?)9l--a?J%~
zedjlSzv%}55VSW)_KzN6jX?jEAb`x;PhvC*M+ra{(ZD9A(xa7UA9iI$C31I@<J6Mz
zWBf(%T)ZZ2Rg=($t>A@dV8GM;;znK0S4qy6goze+u-SbFQiXu-(7r5NP*^$p((|G$
zZ=KZyG2#eHz_5-Pe>l5=?Y!FgVV)s`qNB6#69~)D$4H<DO6HdX=x;tfzNPQWM<AVT
zQL$GtsiT&PGyNQoNEFeOHv|Pm1_n{?hG*Q%`bLc)K8ub9#208zN;3wg$NF0g7;$U7
z?1;nKf|OBF{ijH4)B~#18l^6|>xS-TfaRX(#Wn2lgf$bS-lg7$1fb7BI;x_E1=S`D
zVz|FJq`ni%59nio`x_bw`)`Tg8wK^~zqfBF(SExA!`SgOO|!$+rQoBwvqIr%SL62f
zVs<hJ_dd5@RgRm&tWJ`y%RStGEUu6d`K%d;{khRs*Q{=P8{+Tx>r^}KDR}v+jg|A4
zaPXx&z4^n8=|}R39EQas%iX2cu$YCX$gd7zbEV%&dSDpB1h=<k!8gVx*)9I7sCX$d
zyAs&=t*K^jmd_}7dP+bcq;bt5e;Rk21et7)5MH}|>hHfw8PJOQs<^6iVHW-C<pL(5
zX%Rp|_@?HlSU@>_H1<Ok0&EXVZM>+)S#dQs>L<bWMHD;~B2r4-;)kC+X2o;A!n;EY
zbe?eOsGNzU2EHa@h);Q+tUD0atnNzf6_<X@T3q!v6%rICIJ_081;fv`52@a&9{Kz0
z%i{#hzY91s&u|Uqb=<3dY|-eNZpmcc1FYQ5?)UH%Kl^8C^gzHe6@fh;(ru<V;kKg6
z<wv9syEv@HlV$Y-&G$1QE1^J$OvJsR-9kfuy_nni_)4E<@&m-hTN_b%CwKZ1YgR`u
z>U?#uFX>NOO<gL=`SVZspm^opt~Q3*sQUmD%~!8$UM?tKFaZ5%gs2k#kU_0AK(J6w
zJWS`I0wn(6REW^RD~t?Q=cc|sUBvejPmwK0m#vUB`NHcP4SIU{>I4|o?C9Tddw~wl
z%)IWH(_+j8Sk9}}wobL$1DFJAo(mGpf?F^xJ$)WpmZmBC)oR1)&7i^_3+rybuAm*7
z+Xed&Xp)vmtqWb}6!OXJNc-BUoXdxfEg<YO76*#M?CxEqgb3r~<cc$w1fP!=VX%-5
z`5c_hsN84rBPZ=F(!0%d##Rq^&ClMxIioKXAcdq3<}Q#nisSNZ^tW#}EmA?`ix>H!
zh^B4(_m{gDyf&EnH>veNqr99Ob3?52eq9c4VFY6moV60N#7})w+|f|J$JuO-xS|%!
zI-1&4ufa;Z4Ve>(NI@5@s4OarBq*cK=Ms0ifx^B779;xk6A>mbNgGScjT=IJo5MxQ
zI0+9=JwB9Gt23rKqJxajGn*XmKTxzLDvugxfNn~B;IMC&D5>l!&C6~E#UhzBvK0N1
z7k>UjL-8LpR+~Zo%d@xVWCX-7B5jtTqlrtd=0fXK13?X(gbw~(@jIoLw+A+ElN5}?
zK?U=Hj-}M{vELlxW@O9aUvz&k`k@@&G;iGsbFT;rZW7-vMtgSTVgE5)3K(YSxR<Tb
zs`D2`)85vU*VzMV<Oz;^M>u3byEWZqs30vxW?n5Zf2dNairs%M(UlB7-b*&6NOz3F
zF8d~lN=V6r{f#dvN(CCT3yk5FZNR63U4$O;@-=Sa=!nm;b@&V>pWf2rW#^R<pQli7
zGpRE6riz=TzHt`@W)-+og~JfNKcb4e^Mjs4+-H9*`)Cd`;Xj?<9f;X5tcDXJ>8{WO
z?r5a*1czTYv<TRfB-vZNDebI2B#pn3<#uW?9Fmfz;|uX^=lao*eKUGY0?f~Ln~dU;
z6&=8^lI3-GyLF%m80eOvlbCX%$O~(iFD)OnP%gpB>DskMjHNM@SqF~JK#{?)|Hac=
z2er|?f1tR#dnp8W_ZEr<x8UyX5WHA%4Q?$~+#LcGcPZ{x+!83z6lnWizQ23t{<$+d
zXV0E_cK7V_vH7WzXI)QE@wRt&Y>N_W-SR$_b$xrqM^y$!onwj9Bdxi3_129*4oM)J
zz;IIE?s8#a9+tC%6UejxVGvyjq|HQ4R2qBse79{WJ3=xDdlaiD#OYrInz}5PniK|;
zg}$*geCJpI>&QX6HD9d}6<KbcaSz%1HJAr}dqH%w*EKADY?{fc%W!+1wPZq_*elc|
z*e%p>AF@VK0fE6hiLfnPO(2wDFC^B>Z$>W_wEb-Q%J15VFsybd9;-@orq{kR5(WfF
zEYMr}@7i4z8{*T-96qFN15l;>!^F(X-FJpe!sb=yI=@3IkT4j$O-%)NkdSzrySBsW
zH8Hte=vlzp`Qt){2QtMa`;nMK&ZUPH(XqRM?lhgE;@e?T(B4j{G7c2aYQAe+{4hV7
z%QN(=&tg6z<mzrS*IvwzQAmL2If*4}4U0N@-2gr#Pw?)ge<aj1H>&mtIeKKNe;~MS
z85%(d)a}6K2q@zx>{^=NpeDy|ft})^HgI`2(zW_rmZK%UDCMt?lqKcBIvM2$%c?vC
zTQf}h52Sf$cVF|Be>L|4vxEd2S|wQV2GN7N1`t7uA#sf_3zNvopJBg#X63GzTbm#%
zwgbK+4OW?Q<0zdlI<Wp4cI)irbdMbATpiJp+-e{1QV7{AFSPqP2*o1gNFCBF%vju9
zbV5k)6toGoycgP4G_S|a7>+%^QMtPO(Ysf(<8ft|*D=2R3Rvl`UN*cizhdc@A|@S?
z(a6p{+M?U?)Tt@$^t$9u^-i;m4UdvyDFwWUfGwn<Uv(va{vqmDnMc?XA44$9!@)z=
z|D_KKTI8h$->)}$O5YCz|H6__*2Vfn*yS2!>dWt_NDf}y3NWec^rJV1b_=hb?x9E{
z#hnD4sU7!sNZ#oZewa%Ot^>s`0hPA>s_M0o<hHFVehywPUNu2csG~8Ijxt2csPpiy
z>_3RGq)WPeQCZlg6G>tnobP@-Zl#r#MS9zbYQGTM&;|6R64h9(yl(SHL86jon7cQ>
zboIUHf9Ii2c{YvZGuK}`ehgIEf!%x{M50l;ArOW4to3|dy!qx_CF$XNR8-xy*{Gcf
zecgevX^T5pA+5rbDNIqbDI!pjvaw_yLMDoZTRcs-LPMwkF2_DiU@TO3SkQcBmD@7J
z$kd~EsUh&zFUh~U$v(pxNt%UbfW?86wkz?`hIx-+7mTLem;x4S{o*KiiX;Q~p9#Rr
z&%G&i6|r9Y+yY0!aOvnUx|ZYpIvsk7b2R{lcHmwT&ja7VU`73d$S~1n{h1MEU#}Bn
zc<@t-=y^aXv=?hoh|{xa7r1M+)WN%&t$se3HL$4Ga;YJ;gv8+O;I9%Q$n{Xmr}p@1
zp8f9?y!YJ|tZhV=Sc>+j&H`WK^xW42jjhvu*M<?q<-VOo7&2j=qA2($w8g^R*xdvG
zEW+@jQG4q;YH)*~Y-=|;$=+U{{vs9ybqiR*>au1l9(g4RzLt-IIrc8W&FQ9TO63Ok
z&*flqS}3UGy12g$;xlcSL~a&EK{bRzWY1|pHu$FH40(B0TS_;i%Hu}#G}6>m&tcKj
z&9PVwtZBZB9JbfCv)1c}_CrP1>Vtd<u*Oh-W>bi}Jiw)R$kxl<Q(|6B)V*C*#ZJ9d
ze$ZN>g?~K30h5Y|AF$igH?Mx(*vp(z=x%aRCFJ4Ng^Jy6;$#bqI3OYODw%N}R`pgy
zwFlTHki5likJk~T%NVzHi>+{DAxTv^mU{))V#TTPVt-<c;BOi^_lfjmNKGb+WlZ>G
zZTX$zqkZjxdQ9N=NZaQ0G~N*1{;2)w4g!sC7cGNhFVDE=4!yRHwJS_Lgv%kK<tbFl
z9xD0{AAk^BUkc%}h*lGgQhsq=EJ~(SQEVS^Jx&pTePx1k#j*g(QX=MC#mN;#G1OR!
zX(m={MWt=$&LbCLGWQH>d0cx1W-nQ~!CO(=jBb<HUo42|wyFeeLJiX}ByxlXIGLPE
zW&k8sB$L%;)ye40jAb{8pZuX+d6dBdcuo78Aa-Ip$mrZoQDo+hF=d}Ta-UQ|D_Kd9
zpw$7aD5B`QQvvW8S0X1%xT}}&yY1q;sZ&1`ut+e+D($#WmU@Vx@=zSIq?_60qPbTb
z;g7a-7YUS<1A$1g$J%4m?iAL^*;HD1nME1eu0^0dPo7=>lp_x~pgk`k8Z{A+?hd#W
zFPSvaNKe-UEJtymiXSA)0#iQGs52JGsmMEb?m#}+y{3J<iopd{0QhllGg|S0?6avV
zOu*PF4>>@(94&q(ZSrVE{CJj86v+o&7L{9~p~#9tZz6AOS`RFy3>CFl4yM=7s;Wx5
zMi&!*<*_D8Spr(A0PBk4<hDQ+Z3abQN+u~biBYWZZS@pUi5{{9K!Mx2c}Kegkbwq}
zD^b9sxXoeo`r*Qc2f?CMOn+5V6slm+_)wzAP9~3+dw2aGkpH^sLS&KTbR4YeO3F+b
z<s|5RSkjSkOh6LrPg5j1EF|jUkPKPt`UMqN8C2?vWg#9OXvz7F`Her^Q8Ckavy(y4
zkoWZ&0fT+Rswosx@+3G_RRxa)J!Yp!d=qDLnS=iCGHQ@lDoF)I<ya61D1H^5bIv7G
zFI!8VnI3m=S#AS*wMf+6G11cC1FwyUOt26jv-fpkny+*N7(^upp<Xz}4@v6+2f*OI
zLabA*K#1z@_EzmCClGL1vk8D`EP=sx|Dz=+L9{esS0S&Ik%ry=O<o|0v%Rja<~bl6
z^oke)asiP4kz!t{Ev+gQ|KCAvMGpX2k@eb=Xo10+5n$8I(%s!`o&KKxkxm>OJf{BN
zRf0lSIRP0k`dz>)BZb9%7o<|*&7QSe2o0$M_W~ucU(aHEoj@@j1jziq`>X)+ss;c7
zQzWVgyA0s#JdYu-)XJRW|4s6hRwD>x1-_2-f0xdfw1d2kAO<#yi-RzL<hNu*n^-D3
z9AtL)E&zo+RRJ2iyIb6h^$k7Sn-KQ@jgSd#7A8t*UmmERhaE#8ETC3a-6`<*fX6$C
z%ASGw8YYQpUoTiR<pgE|yD4u2TleW$%w>as4bc8y@r;XQ1VnOZ4@7b(zz{YrpWrp~
zn1I$|+iS&!?JLmcy02O)82n0J!{xA8npaS>Co;M*2eD}YPT9Z>ZbJ_CAcJ3*hu0T{
zJ4;%<GHli)OXf))@D`3$^WEJgARA_?ni@qmi$UGM18vU<l;m|eussIUQob%{Z@Bo-
z?Wq(&6k;P~7YR-*zSDX}SS00bL-8kHtH+LLJG0x@nKAwJwF07mLUKE=RH~Lx5wcvx
zd{vOqhId?$o~537h?e4vxtRZz*@VYrHsjy$>xaja9ns)~6RCps@`m151ETq&ZTG1e
zXfNo4iB{5VK^qAScH>c?`qWiC*ST~7<+Do}KLdNf5CO1R!s@sFkhND-P0?Jfcsy18
z(!R623cFZTwb2JCFy#aMAA<?-+7PJigq^Qm&yWyo@9bU7Ksy2)sd<RoDSc|U$Tx9A
z4eV!jO#5GpaA!USI8(d=yS9}migqY7*Yf~N$IPvlXyiix*|W1D9W_p*iumX&lg8Ax
z(*7gPt=BrFV!jSP*ZJy3=~@<C4!+@*7AN#0vRb>|ByU-p8%bt>9NJ*dO(s@fxUQ7&
zj9gCYzyNT@xa!yVjjAdE+-6(Wi?IYZ@vrjgOoT}T@Q`sW%;AR8FvZ<+#h(a#G@DE3
z=MlT!pRf}m%3EUovWxI<fu+$xT$LVkxA6KQ6g0l3Fu0cc%c5?Tks=)eY-_?LP;zsm
z{5^IH)>tdD&bzs_=TmJ5{m@2142XsnW$&OVE}i=F+=(oGMFb!W>?Z&4*ndrJ=f^Q>
zp^);^tZiub%!YGjuJ7)&+|N<nv*&m~CAW8Mk#8l~B+ogqg-$f_W)X!j^BI4uS-c7|
z+J>liix$WS&pA?^d&q~dJL=-C8iAx>7LXX<V93VNNOo0i|A9=M&D{2>RC<ydVaVcY
zEIiGpSz1P?gs&0EusD@u8Ne5^H_W*<IW*mbIYCj=vRIqO9kPc-q#@#L@B<0&^TF`m
z!_{#xuZ1|jV`Ojpt`UYkbM6;D{(q<?FM#^x2t4WHh9-e%<eSjp#hoqk10>vOSQiD}
zP?hhM%z?O9>UrSX%0HwQl4v<?JX!?&p1}<7=%Upk;5h@of5KJ~ygcG>E4YkYJNt`d
z5KwnZ)1S}m8=)i_X9~aBV;2{|xnr=kcv~G!1$mNK&b^Q+uXA~D60|)&H257HRCxps
z(QTXa4;eL2v)&XGFt6pU3+P{<b&sI>x8JSdrPT%9Jm5z@0qmC_2|4ywGu&C--t3u(
z;dGvNs<p;Qz3M*uuMdA7q2Lg`1E88~L0v1h&U|)P@nDle2HKA|=BvSG`&N2Qu^{nN
zKiG6FgL2c}UDB#U%Q6Kn?1l~J_|DvE3_3Nw7<y6CIy7wv7^7<nnM~NF*DB`-Bl{$X
zZSYqEI`_9;u<xI?o2ATCSeqOwKk|Z!kRT(!1L_(UhZ)gO9;V5Qfdg_>KyB@tfDf1;
z+b;3P*+y-0(W_=8>B7pn!-nDzMMA5A`eBJ<v-~Qr&t02PG2SOS9dotYU+6z!d)qC3
z=&uyM%!AU0hqUzB?x~cAU8z=Xq`(MW#EO6JS45b!#7{OM0f(Hkbkx*_8|c-=?Jx$C
z97M`>@J&GozZy&*?Ae-a2R+{w>)h=RN-X0Yx2N`J`uDK;kP_FrBI5Brq}cTQuYoN*
z@S%S?nkcEaRd}VL3c9EDCCkh2ewg&}(Y|WRs4z$hn-pYz>d$+9qMCAV5nc$5^HKRL
z-uXl^IH+<5Ub!_`-&{HNwA5c+%Mr^%K-6M9L=jCD>(*XY-`O<i(KixAe0g!UmtK^X
zupKyS$zm0{gq=%G3+ivYdKpk)K53~EDE)gF!}{WvB$y$MpaF->pDpxKS7#%b1SsyF
z=Cj7Ro3jDz47)$tiujO?qLS^6Dy_iz+ho2?{W}SLL%RjWw1)ne{cyiM5p_yN209<n
zkj}e-Wm$shRBVwgA@WBsrhct-qVK0NO<iv_6#(z%6%J(N0p0N3kw@JdY{{!2;b}fF
zyZg!GkKKK#c^S3X``DgQ`r`{i`@O9`<6>5ai&H^!&JZ0n;9D)+J^$6pFP_>HIqZ2M
zzB=W8TxncfmAuxQL+KZ<{J`~mxJpGwAM5+<lSkO6f~rby3s)bq-V-B4A1gyUxQ-ov
zjM+eBugO~7$5D1~b_KEXJ<Q>OKdJ#}5#Kn`+k;#*q2~;v)+Z)Z!9P8PO}m^4HU*x_
zo4KqyO8c+d6a0Amxd(z(-r*bUJBgy4Ft`}Y?1yH(Ou)ZPJ*}e~f*wx2baTIJ$oPqx
z>;-*FfCutY+nRhsLV5djRolx7X+u=E^G$$Go-{Gben@*`OS3Dw0PJQzD0m<^4EE`&
zg2FYV(`2QkYKI8|7g+m#%WzF1nzUd%*`#XnOWmODHF_Hp{b;*@7@H@U+oh$@%Et2x
zhBJUho<svm5Wf`?H3{x<lB8w8(G;eNR;!crd=-^HJpB!WA<QjWa_M@%QaqU34!TkY
z^sl#p6ItA$>uvt2S795?Q8=}L!(}sg=Apjd<mQ+<V-sC(6V2^8xU;wr(Ld}j=WxEL
zMrid3X6IYGd)6ldDgrEjC3f_5#b4dW27gs#--})R3ZX#?^pg^+6P<&inTWH+gAeUJ
zMM_V+=eUhrpc3TNC6*0^yDUcNw`75Sg_JuT-m5>Y?0t8Hc&(}`$2J}7O#~GBu`Y+A
z9`>Utka}k!$Fmuq>o2bt*fb->UTq?cS3{6u^an<|7K5If7YNCaRG)&qKe<0R@%er}
zg+~2Eitga|5k1QB>(jnA7io_3zw!58>x|9-e@M{{I486^L{>MwgWmMTVLdt~LDBIg
zm#=X&vN3ifu4@DDo1*LSyhj}FSyoJ&ikbom8c9oS+GrbU4Xx?3&$7?7zrU3+-$~EH
z?Cr|@WK1EHWBwV{RJ$!F#FTzn=FqSwDCCQ1RX%Y@$RuBe8RfpL{Ij=>@DfIImyaDm
z1ZoMRyZMVN6ixOzc+9vew3F)=5vPdzHT64f4%D|z%%%R*vj4RKCbav+5@*1?UbRt3
zjQ@?~$fjhrdhHx_{;>8#VV|eQ2uN4>_Y6`zUj4ha>!-_@KPz&7+C_iW&kl{v6(0fl
zc5Y%KG#07BlJ`xOHcf;fvnI7_5jU;pzNGTb^FZj2za0x-1JuJs^P2GKDj(Uxrn-fH
zdwl6RSfCD&zn9XS8h+C<V?iD8`&l4QnR&O`#*Q%!y2&UC$2}H;<NO)ej23d|=#={E
zm3qHkmy0fmH+U&|Y>+sllyjv7)hivUnjYk9#2svvzAHH|2hS($-I`=4Z7bmx{n-?|
zQ63)_O(c&g%E3sb1OccI2qiDceT_{-BGYL}+xS{6Eg}!7Y%Q_C)t|B*zklBn7LDuF
zN2lA{wI%C9YJE10+B^7r_@)^&bKHyNAe*T`i}A8k1Ml}DBq$cP+v@KPib;^??N$#?
zT_=Nv%De)j2eq)Y=3jfsycR1$NTe1tL}_W?AH}vqO%T;*#_p$|mSyMbcep>#leKnE
z^kERAI=W6YC@P2LCE?a~+AhKwgmd%El(&=1wFlN@Y9^)qAMIh}Y+BiO^zsZsUCps=
z$}aSqt#y#YpqV{{;TOJ63$_~#+@&|Hk|C#bvnbr-FQNMz?;4K0zWK@=#(Q{w`rs#1
zKj942(wJZ<lJ<=Kf_zY)xFx2czZ2oF-DL`7$lzTpi5w|xxWosIj2cf1EPt>PY__=x
zl={All9W*^twXt2claoEFgRool2*A}pBw(mcH{H*Mhd#tx|(>(g(SZHHnl~i$!yS!
z8!^2(w;phwI&2Ss84eHj`@%hxwXegl78nAjxKNg;46{tW(eMhfK$7eo7$7KZj*lsK
z)dSaX4?ctjwIL!o|E%{n2}Xq3t4E$$sUp67*G}2Ey?wO624k2PawG*oJBhyDj8VN8
zH=Z4m;p4T3j0|ap4I|nmJ`?x_Z5#Pqk)y_SDI)w1u{tJ;%7twvPjU-&&v~%jJ_vFp
zO{_H|-8z=P3_Pb1%1`sS$&`9l`I#|W`oI+j^0N&G!4oaJrI0J*Y?I<Sq(HHn@8c}D
zlPn>lHqFPu5oLzLG9Vh4+TICiQ0w?F#|Zp~14lE3+kl;I*rsE%=9PG;G*YgJ!0jS_
zdpr?+|1!r0xX@B;25FF{BP`5tuK66b(8>c|B!xW08lXx-XBYOX(!Dy-=l5)jK-<lw
z!z^`iFjMCBMQ3(lgd$(gGEDrD`%*x;$99k4*3!GBki&$Lt;@;2#lLQxLkeuL$iQ%e
zhDzYJ*FTJn$#8Yk6@MrNHGku-T7qF?v7cFDh}il;la|xGgujOZ9w;=e1f?ONhZxnU
zjs?D_4AfX1)#_%M(5=;&PTgAE`RTs%4t4zS%KR{gd}XC=C6vbor)lqUOI%1y&Eg@7
zHDqVY*x-rrWIMvaa{~TBrqe&gY>0x-6;Z7o<RB1cp1J;I6gjQ4?&|0cNn6#yaIbKa
zv2DI$?ScD;F_l)D!3l32A14~R$!3tFXlYoG*b>-wOU3|y#@G&IJHtPXy64%$C898*
z%`h~6H2cdlS+DgPpHO_7DFbsfnzF&;#SO&3+)&yjVD?iSxx6j^FdPpIZT)-=;iA_M
z{_baV`3_TgWag}7;S(}54tnX=K{?thl75rH(Yl*?I7jvK0)~pAk!aGHS*jDaVog-e
z(8DQln3-XBTi7?Thq++lg`ZZhs^C{~@J&1@?A4B@R)wkR<-07Xf`~lm`d@(7-iXnf
zl`)>@L;L*r`)_R`br3@MA(PBWVJLCFjEFM5^Dc)8lE4Udp-HL0>=Ft_1*6fMJ%c_W
z>(&zokI>J5xA=IrwqE4v<#iEzUvjT7(k3>(naK`gyM^NusSt-Ty<Fd{!0TEzK4M6(
znw%`p|Mu>Gn5(A?*i2A&N5q7IEkSoIE`|Dcyc&D`Wp!{u)nY&AMm|V9;iwg?v`Ov)
z>tPi>$KlYlsM9a3?6CHw?o?<Blrw(jHv0F`BJ9rUTYtEg6v{~w3t=&Zxb>+R-^}&+
z%}Mj)$QOnucCPL=a2~hz!T=>=<f^Rk63U6Yn+H!-Z+vn0cM!1a|5k7kt)U5h>Khw2
zoW?o5)9ay~F+rvioD(WJw7L4`jQA#o&R}h|vB@9$kq+-qS7G?OYAkHJKCs_-l#OTQ
zuk*`|TL{hhM^6VT!Uz#LVbYl!7~QrD%x#wTA>}i?AI>g~dAji?<otGJxnSUs+Tdz%
z76dC*#T6s0|N3}G>(F-9RZt+er~-=*wG8_hAl=Cs`fnHZ>TAN<bu=0Y@;rau7YJxW
z#xzko5)V=10zj;2kF`t%s6RUH+zVm0UBR1<$jPqZT`-ZE5Q?zZy!w}}lSe(zQXmWS
z2hpv#*S^HIdncPnkLX)yev(DQ0#pR{7RbAv#laF{!Ur~SzriWq8BpDDKTcF%j(WL(
zLY)p4I#_yC3}AcLq64cb-`dW5c%LriLpoFcs_+=+)xlfZ_x`j6k^J0V)R1pVe|{{_
zkIQZj$6V!hEOsf~>$?=(p9`t!D$<~&B%~&F*N|Vlr6kff6rFV!X>WB_{VMt*b@2SW
z!wDt+v>IB{L2}fSUw@hsX#rPG9FcVS{isfsJm;>)vS_Ov(vA#U?AUstOsn5BjO!Ci
z4vzu{6V`q2*{AN2GqO7D&9lxd$*$~GT@poANE9n>Z=B>;hh}FbhxK61cqbznGhhw|
zW}ozU|C%Y1%fZJZ1KwoM;SLMlB=RlhX4fgMF}AJr!e<!oTl$)TOM#PhtPh6~i8x>b
zziE842Az_wh#hMHGozv#t-aE0i*7SZeI0C+JlKC*)y`qsIKz#l1Ay4}Z3Ov#a7cDl
zN=~FqLHGA$z-_2p%ACL@JGm;@Ie<|w;tj3tyi0ZA^*;h!_bfB}Pl(~+=f=X|^gWYg
zeoVsiUSQNzNnZl_DZTV#I*FlEvBYugz;QqgW4``IM2`q|%u4!9-T}WXHm0yPhAN&x
zS^kK+Vv9VzB$7v}Q^NOC2ip0L5wN?M+b24jMk}S$M(4tzh;dpZ<k;!%;r?u|6I!UZ
z?_BSRuRE>X?2UT<#Bj6tUBxgHhjN`mhq;&#NSxIxSls(y5wl$0@=qI1Upks_lqhAK
zMNnVh-BIjnO9y`CWoKuB!FFoRy}KryilYVJ{WS(se79kpm1f6<2#^6qZCOc-6fERm
z($f^tX{@C6W>>4+fP9TrOX*=1ddnZ{O-^Oc6w3YtUVGJ%uos27t$M7V{MGNG8w0?b
zZWd|{L8F-ypWo{b{aS$J-cJ;Urn()&Sr{f(re`;td0_PqLN0X`KgvU-IOhA~z_w$V
z15*v5FaLj?13D?CDqh>d9;CxJyjN_T_1a$cAl}tBvb@%&D4L;{gR}RMJ`o`C6PGvQ
zCx!&D@Y=z8n^l7kKen|dl7UfPt<lW)^?WYe;JztRZ5nFHJf;uNO2o3`Cdlde3OPg`
zrY;RwzUp6b<lRRTMAw<sFPmv_-jXV0RBo_=tQ8X3)V3SuJzN5sO)_!?u5@tH6{&QX
zUD3)YWHu{j7V+7mq)KSWi}9fqAEvN?ZLxD33#2XcCwM!dj`YOXQ+rVnuPV2#%FZt`
z(pJ^Elf|@~MH=fwvY>yA5p~OM>8~+m)P;D)H6-awk%|f+9r7_c#Py%EIoNOBKc{fM
zFP|SyP6MBs-qp=npfDydLIgkXw`jzrWGzukMXlp`qa6BW-Pp-&nThBig2Mu;?<!Zd
zr2o47hf!UwZX@TaFkN*<^sBFR9*8CPnp8u1%kcE_rOEvBk&VH-+DNZ66B&31_b}Ew
zN)jT7n*NE_UWE`xz0RXEaE2!WVb{n%$M)`vjLvEOXx+-g4>kuq0k(R@sRS*&_|vk+
zKRY^LjA4z6x~DL^6?9sY6r;p#L0uA{R=;V;i^ae2zI%RoVhD*KDYNvh+sjf?-)+H|
z-MFw7*RPgP=7l|9!nnTXABj}~DnRB}z@JDR^de}oNN!)T0SXaeEW?Rm!ZG}?R9{h+
z=9YW55mZk9On$+1a`Vn5{Lx^<ZoJb;1uZ59g7!JFd;qyw82sjqsW<)yg%~?P0Au0r
zy^h{`n_k~w-1q)YC;#qyWKI|ygyPZ?tMiVr0m7U|x0W7V))w~7*u53yBt?34(o3{F
zJC2{9za?ZVt(7zBP_4ae8~lCz^Y;(pDe%u<yJeghW*Rvhz^ELWP5gR)-PP08n#)xY
z!n9;8#BjdmupV7waJWPU6D@uUhbpG^u6BL>KJ<^|@4`#W{OKI(A@)&gl%@|1%n`Ga
zj5({Ye|i+<P8!51nzgG>_m7YLFHGr-34Fz!&wp-z-o3y}X1_0t`=8RuPL{;>U^7$W
zD!wCh!_w7xIhsYMl-mPkn(Ko!|0OX_LV#F;fC$~F`!U4n-;bfciDDos&Cvj6fH<F|
zPusKRQ~lYuwsgME_Z|abxL<N72nMQe@kXS@$cc2QuHQiOZy9#zk0Q4`JX&6Y3t|My
z74zNlfIKXA$tGDfC=4AP-}ut}ga3pt_^716WzvWx6{7$9(eYvZv(Ev;PndG?UVqRU
zY+u<Sw$)~}qfYQU@p=n{lykuN$pS~2#b#*gcQT8*Q@REVHMh2|QwA=IMke=MqJZhD
z!9dt%n80HP?9LN~13!hTc|4YJg9}jRgh!;OvN<4@Xx!S~|L%S9%hkmCJ;~Q2$7|O>
z34Vp%uY3PlMt-Gh^gZn{>$yrby$T&UcB2t&UK6PoT(zXwz8z%+Mn);zJCra`f22)S
zK;4K6Bv2(&m!=Y^`}w%_&G6nbYO8D$FqXBVzRfz@Vz<%hK%>*DCz4XOF+M(K)5#f$
zl#y;nqM(&+c<bOg|EPtw(nM9MG8<Ie1mY0Rd4vaF7Mxv&&(B@WA+t<8+-VEv3cy0e
zngp0@5b)4_)|M2S*6{-8Sc4Ll4Im0BQr{n{v$3veUw!(YnKCq*@0}lOT7=|nU7RZg
zoGTW|Sr?7Afi@{gEHs&JE+XYRor^81<F>9QrmQYu-(>=~24wz;ZO7858l1U*pYh+B
z=mPsqYjh#4m<hEwph(J02w&U!Sv>CL&!{OExyoy2_@;VDjCcS7Mk0y8bTC2mQlB5B
zEW?9BnCNHXBybj^6YD}JvJ6x!5vmw;)Tr(B1gt#jN%Yc4-02N;yGpDzmINXePh=qs
z738-`kx?16GiI3JzS$p=CJN$=+LDDsdhWCKUs0$cN!XZC#qSfWc$p(5;=myz@!q(}
zcCY=3GV0mXK~_#?YxO`H)YnK@MlAlKY;ly?X&PA~lLYJ-9WU)$j5!YpBw{Z2K^nPu
zF7g8#RV$<w3|^Ml?a2f7ozn<kO0lv!AeW7SL{j1!3DzMqX*QXGjvXo_zSKAd>+2_E
zp$w9q?9G6imCIgIF;P)i@0c%jPnWo0cj~&RX_uIkZz&qG<%&jRlh!6Bg4r`AyYB|y
zw_r7z``6PEEc`+I<9nRO2$=_?P&8&Sk2p*xroXYCT|yX0+*Nnh+lMD18GMm)uC)f?
zv<9~o#5{-NpE?4uhO9q);dDImXI<Lvzj;c1FL9T>H4u_@VdHXfl7UFX+Mer@BEvX+
z{1g7%>~NYK|A^{)5Z()`tkcv?R9n<6wQcz+vz?DkJGv^%dwyb279QknR^3+k#n97V
zW}e2LAxyI0WL3D;F7IX4wW!C-hg7s@*Ko{S?}eGlapqc+<_3D*pDNO|@3uA&_Vc->
zi}8QEKR_7)7|872xkc@EqQB$kci~&SR%gsfUc#x8o*vC4SE$32Np>VKlf#qAG48u}
z%Qmsz_)_8s#{ZN{Z(_Z4be@XvC&?Bk`H6TR*Vok-*U&XiNtaak#d6?2#AOe~L~L{8
zL!zU(tGI`KcNo;7)U^05*9c0T8_Ve5W-ZSCnICBb6auu9BGf9;MU`tHO?%M=`JIWd
z`<J{E&xwt)Ch@t_a(m|e0q~c&q=mT8At^T@Z%iXLuCAFd37xN(ZO*+)&Monj$w~V}
zEDFl3{de;RvQzqUM;a$WLRYU&8-n{DrW8d_ay&LGNAq2v+EPZY0sca^oGU+g!=7sf
z55$?69Cs1WPFQM!iGGN<EPS}^{3$XYuGW*saX7#?-w6cRZV_`ZVGD|G$)+0t80F}1
z&=rCfG%)DU@U;0ycYoH+n)!PN)EcjL8D0hL+{26e&OY0PjA3B8>e>a{a(^Hi7Y9kk
zY*y){Qvp$t0TBe&RH%4Z05k$<P~NfgumAZt>^yrj<lX6=jiG5d1~)~i79s!Wtr^P3
z>34@#<;UgqL{=3gvCsP=lk-c%vq1v4;g|!y`$9!sw1-G%uaKss)$Ch-Hz5?igMgV%
zwKf&^x69}`L|8t@>N(=-4(bwg7puf@3j85@c9PZRl?h@rU$I(maAI`PFW<FZ7pDZW
z>O-!}f*G*;t|GNrw#+LDyOSy2Ti>MiP%}}tyH?`HESu6~5B}~xXr8sdwzfvirLA`Q
zyc~z0osArSY#Oxn`Il$;9$4nI?@TBr@wqnJrYsvo|B7WNchdZ151C?rZrxTG@SL1t
z6vi2H!+ujIsFDuE&n8Ew8aaL6m6ehXcMSV2!BD(?|4Z+=daf^Hyz}LzV0~f05+wTi
zp{;OI$da4C_#d=S%6lOu0H>d~#lW+b60kQuo>g;h>3S5oe+hqMLrqxtt&?+7{i0Zk
z#Z&K$Az6Asb||O10Fp&zng7%@S{Ckm`Ke*EGYC<*Tz=y2ZK6CAxTBK<HZ*aZ3PV7*
zDddeoZ8@@uG6Ci?Z!Al{PuZ-at9*#(p2)63F6D;2`c94({91%g14?25yb+dKlio4a
z`NSIR6t29+A?(09n)j+ChaHe0_VRTTlVRHucg6dUrX@vcFvS|m7?tAdX>k^9NT3Zx
z8=D@jS?$ZGt26(kOR6dkY`EqCV#W$2|4nJjWEoNYQA<B{Z%u!<u(wSg<_Y#MmU6)}
z>%}nLrA0<QRlmcyVOwA9033H{KrJeu(Bki>BONfX+%;@t-f_DMZz755jU`I~KMKmx
zy|dFx{RxXBJn!<ZqxKDlG8i0O{j5L#ZD8*y6=Gqy4w82x@f3GQL0X7)JY@pv@#rOx
zOK^#(@_<y!bi}`wQ!yz-qV8}0d^v`71oi()-y!TXi%$K~D)U{^D4kIOtHm0!Rmr1<
zMfcY;RZL>0sGCQBWySoh*^v6!<I90{(d_I`N|t%jPyeND`bqJAp{<rwq@*S4;7}zl
zQRRL?IaFsj@IwFb*>D216%b}QMyu#Xv)bOqQ`SI}C~P2-0_@;Wikhl-Rjk-(<DwZ8
z(jhA(C$6*buY13+(91$pR?Eqm^<gE6@E5-|x=MyF=1u-zLhr!6mSmd?dS!lzF>XET
zp*|Y1_u-ZQW#|8R3q)efG*#1MA5nCm=>Wa|60G>MwI;3-7~wp^za#Vqi@!}!XLV8Y
z&_KU8bH}f76PN{+sR-FaolU5*;N4X=Qd5PR>7QhnkY*i<+wiC!zg(Idt1i;NH>WgG
z16l07kAI$XR&v@}!*wN_-q=#3&dF-95okC5+S;b4!7RLKSc@tVm*;qn8j|v#*?R@$
zX%-yTsJCP^aezwBPY(KKdHTz7lmhc~9Hd30xnT3%!QvePOs=@oKHUycti)y#mavA)
zHVcP0+fAp4kbed3xAN#i7ik)E`}||Eom5N0&)u8ixs;rTUf%Y3!$vdiCfpsF+|468
zv90daBJt5cB=!%P$YY`EvzCuspG25-#Ph~9Fnx;`X9h%P+NXWeM`626oF{%99J9;N
z2C#p!Q@VD3HAa>mm3=k2x%a$bRPUGu_LFvZE-N~uhj3l{BBn#WZCz&#=evZ?Xrq;h
zPDVZ{(?4-T?#SBI$HyOi)*6auOBv?q{^a+2bv3YeA9+$J95%TNgkz`ermEL6mF$7e
zLhR$4qJYKvLXLd(C8HHR5(Q>D#%f2~XNG`(@1ZN{Z-qc_S;^$6KPkDiS}PD8#yXBa
zjy(MtQ@?sioaI9@4DxwOHnI_B!$L!AHwFDAj8pbs-R;dS(5Y@uaJIEoDr?bo5vibe
zx}{`)BaAJ3czZoN$&qe}qm28cRbDH_CJ(K??zvf^XKoo2Z^Yf=v*7&6U<lm`W?qs}
zF8}>v>)dH?T&ErtpQEb_A{7<PP;4(qTx>V$Xf-7#XJ@h^5C7ZwEr{?iT47FDL_LK#
zo82z*Yc5NCeFCes{(OGq--JiYs|QGn;_QFk4!PoIh?|0U2V{v1=^g!Ml%_6TU9Ng5
z(N^D)M3AgjXprJJM2Fg``0=Qy_*+GA{>_Cx&fAuV2V{!-4aGX5QRo-NCYn)HJEBij
zl2ND|7m;#~O*fly4wb6L)RWZ-aG{gA<rk&~CbfhI73-CbdC`@}-K_LBF}(RkES;Yi
z6ciemIm4aWZw}fjR*qBL=3MF3`nJ;tJmDi?!+eu@g)!AW%~QRV!~yA4bLZ$tQEX8J
zWVpGvu#~kTGfq(<N0JeOkN(KqJrD3b(})M?i*ngWDDW^QHa9q`<4OJlKY{u@$z0$s
z@b$*HjiEC?j<EYqm%g*e0!SFJ&al><r|zStN1XKpWpN-=Ihis0A~gwy-CUb{=iM`A
z?KjS6e<^c1{U1DT2o$RrI<AO6R+KoK@@jGl)d#G4Myf8gKHi!}SuUif1F+N<g{jvp
zxJO6|P}fCN*hEi#i@M&urEErcj;20Glw{J?u13&JiH9PwrBft7&w8m2@!bFIOT^PJ
z_s8zcPb{1U#tL=%BT4Ean)zVT7IJ7MOu=mDM6$)e!OOm~!Z-)yZ30m(Et@6*gyPLU
z{rx8M2fARtX9tHJ-YTC>eEU-TD4HlUUdL^W=x7%-CUzyZFSO;(H(_;hbw~X5b-7+r
zI9cw7Cf0I6nk%@=GG5)U-$lFJqT;vYH@|HM`_FfA#3y{k5X~Wm{BBB;JAveJp$gV6
zrHLB~7&Te))@)7MK%Z85PYgJZu4<Msa=S8lmZW0rc`3<`DC$x<d<YmaZhlDf{(cO9
zBW2={GuFY~zS)4UkrJ(>Zjh;?@62u8yve#YV&4)1v|RY&xpVRq>loHF=|iHb58`Ik
zpCT!MkR-nSS@xgIVbPa`o2jg4qT~af`<MG0nEyf;OdDa>JStFrm4a;_52?xIfi!%y
zN}H7zp9L-B3hC2OOl2eM%o|GB5drL((iRp9O@Flfq4dDRjpT1yW86v;uo6vqyU}Z?
za|VS!p7&GUiPw7ZnbFm2Xd<d?xBgWB-HL3jY~M;@6>zT1s@N>3Sma1a-vZ#<VzcD8
zTN6u*6<qw)ai3vW#Hj()R*HZWIqdbg6w2zg)CU)S+<#nu+Bf~z9}Ek(^92v$g`ir_
zo?$Y=2(4SO%mCOo^Y4U1%I=czTB7;-8}M2&nvFROvc6S8dtp0?{GA_`mjvX^aOucY
z2UYww%3%2dDE7(bfqmQPOgif+RFqf_^Lc2);-wruSvcBh-X;I?QJH~O6wEH0P0a+T
zd%+AZyXR>-0ja(8RTdq;UmP5!1eaVi@^e-;1#|SXaoH2fIU<D%fvAkQ7Yl}n2L-j+
z&x?xq{3#?l#OWNILRKm4L&RTBtuQ|>RB>7E1A3>`m%@Lb?VcsCHIE`sp)+$)&T#Pv
z)Ct<hIvB~S5B^8@=PNC%HG1WI0WWUjiJw$&riyK2uk#cJe!j!DtEseF>7ORa#^nw#
z1r7!FZz2Xgq>S1QxHel$$AvYETZa;ceDjTsJCrPw-R4~G*|qmahr$0giKgtv@*@Rw
zAS%lan>>zl9adlV4@YigC*D^RcdOJPyU+;`p?eQ1AeSk8a$q9LDS+V|A)(EvTQSut
z<~3s|Iyr#U^H9}i?3_m;*t{HWR*Lv{#9ME_?`<6xt21n1I$@g5rr3D3p&%c+3nnv4
zaF#`8(C%F)<@e7rI9GZLOgItf$FPxs;8I@mjmvZ0hq2D1iBQ+5*k6;nZGFvW+>~r0
zf=KxzL3Dw6O3mU@6eI+s#p*kf2w#FqZ~h{|ZF~ZH%6>`jQ?t{{GYrjcMor>4!32}2
ztnUgEM$^u-+L8|P@jv+c#3w85tNQ@f?FOU~A_Qy+8D~8BzNs`G$1vh<?#fG!Mv5{T
zSBkflyj$+^jTHtzc-{1HMy(kcV_2kIoZnUsjz|!7qj<E#bP5Vs8a<9gPp1lq>XJG0
zd13iqUC}U3&t=V6-@8gamH8Na%t1FEH3!O)G|6Kc{lm<@Cd5c;zWt&VXnrEghIwhj
z16h`=n7;3fvLvD(LNjfkI3fqzTfBKgdZenyAvgz#rL}F4^ivRaTV%9-?-3diV<hqD
zU`SjM`O&bA+4G=x+q~aatqyYcXxxA9=TNLkZvFRrA>Qf)@yqajOfPT9-e<X{Ssvh<
zy{-ho{T{ke0g<B4Ddi7@;iHNO8AY!xob$A9LxsE-R=nTD80-7?hkg%xdy=JAwNeEn
zfGek$9cBhP$Nodlt^K6x!~tfyZ+S&^PuMc9FAooKfqXM}NADoTrj&gTX79s_@#$Ss
z7aiqS!t?G0R}I0N+u4%$U;m&QOec+gbcrm{TwWEY={KJdpN`LF75kh(Bw02><qKEg
zxUia%{)I+P+7$>JpWEH2ox`F1*>B0?r~7;wlM4<bk}~)?1op2>R83o1qX%g?O#5Qo
z3R_qh7)=CghEQ%|yohSLcdElW@MNwY9Z-Ip|BFwgDG2X1dHLeAH01bGIcqr{e){M6
z6UU#@Cvx|jFJGUaSDAhPj(%A~ciQs!l$m?)->v0}l9(g*0kt)u|6UGvw)4q7rZCy}
z0!B0O8w&F@U)^E16*3i7SLtM&+PV-oyUU$%tj*8b+mUkfOKF`RuWfxl(d|rlb?$K*
zTt^yV{kfMWQkn1cKd*j{^la0vZRZBDk8&3TFXv}ROx_VH-xO{WlwLxj39g4ID`nL=
zKYS*7%O?F65FJ7C&M2VGCC}I0HF-_7rKW&UR@Dh3FVpvvRasBJhNt+x)IdOq2Sd7F
z-w(I?o5QG4>(ifSlNNd_u7RuCQ+cseJmrc$;?!jYP*6lS&IXoqK)F1sI2Jd5H2`@V
z_d^~kRhqpCst_7mR1Az~ZoS7N&?Nq+>1K@0#)Fxp0)9DDBvW#FEMIr^Q6-)W!V>a<
zdO43w_iO-OmGj;Cz;-vda(Vl+k5mjXJ<ch$>fPxuU#C@*v}j{zY0?_@Bz3+q<keI&
zGPaBa3rK?R%fi)RuEClMlxz>U>=jO(bKzMGb1lm?lLirB=NHx<onG}uRz~@l;mdiA
zQ7SWro9qsGfdhY;`J&<}M3>xaiX}DX1vb$Rb9dGU3N}S~c;F&@APcmMozKkbn0^(~
z`ozS8dJ+v@bnVs*6ykuyU=m6So}r=9ho|qqd<*Cf>3(c+Q19S>8Vi+zf)ZbX7JTPU
zWAMHc(a13~GRC7}q9U0_8eeGm%xYfibDjp}D7EhrN#ytNGSSt(a^=w?R<r~A2$=K4
z;}5DEt^0dnv@}1G3fQ7$cZf-s-gO5RQSE;Bjpk+gQB**zNUlQ%y6aQ6HBHQD8IYPd
zcj%53AfilN_ue=Jn-!CT;_I<K7oqL$?iczT!$lkET!@x+^2##M6h_JLY!lVlYtSa^
z3dx~$^Ps__@y~Pzm)b=YXTl_}zS=gTv>8fe*~_!xZ2D~b`%n14sP6P?b*gl2J+J+<
ze*gU?uWVo*cmF$y{%S-x`CFQ6uUM^v+xJ)uz^JB!oyl4AnL}3@_d<pH)P@Tp1U|4k
zd-KG;0Sx<Jz2`2#2i&^^Ij0yynCCYj(+o0z$P*QoX$f<1RDVhZytj-x%h2P`?zafz
z$UpRT0^V7Lk*Gy!VGmqU&(GtCG?)4dACw~(g%#@<w!w<;)+g)&INY^%!zKDklh#af
z#(J*!HPcJ6(V6t242Rntrv(K!OFZ6%?UjPqGWCH&BZbnNRB{|GRm0<Aas*TmAbR{8
zg$Xhn*kdf}yo$UMN}Jk4Fm`0OhO1{@jF5!)q)zGE3b~s>7{tX$xHA&hC^Vyr*j_&p
zFNJ?tMczc5h8Tx5N!x*iUv-MSgc(m_!n?d7W@*ijlN`@%dfMIEAm@U!5QU#zFDF|e
zI~EAw)E6vR#7kUq8ZrWK;Q}O5DqAYh){~2w{qecWy5#Y>6U?pGa&VRFn96b2R>r9S
z?w-`yXx6QOA2`9{IC{1#(|)BWB-}X(3yNzRL@wSv);30~tOld;R59_ysyf+bwNy+1
zl}~~wS;)e=K`EK05c1@fBQ!QjyV!WEni^k9C7xLcEA)?YvhN5uF4jF7cXELlYH_5k
z0%J=DUSO+nY^fNDB1mlkd6`?`hJ)=t2G93RANjuR&79tPa__|iMU0=E(XStUqFPIm
z1AP}=`<gRzM_vYG0>;?XM0`ZSv{$Ij;*iasVg-%YQJ~e+WKJrG;DL0+#CTRPIQbV(
z*Y-pVj~f1gP)C1u%ihE%edHx8c{3YfPfIRKPgC$d!pX14mln0v$E(Mpn~qyxVy3pr
z!KJF2a=$&WiFq^Z{c3|NzNvb)E44$U@V2htp1boO<diJT^#9Nm@SXrN>@^DZDk}*@
z(>=PP-25N&W2qQ=27-efpI>(V!#M^g;$*56th(+R{x<f6*pW%1$;Fllu-%IVo^%Nn
z3FS{@M(7v~f54}Jl<|lCK~4u3(wb9<G8(bij4uZ@yYb#iXic=l)s68XZ;Bg|kDY<G
zyw}@OamOsUGVgv0;k&#Vg-{IP^<8fLMtrpV_RXLCpXC)l5@FD_?+YEbk_ljfmLliC
z%zUPCeprmx&vI?8>0{8s`&PKc>{{EdFH(R_T~w)*f9TbYTVF~C!h%!(E3sWp2FX+n
ztKcTkt~HxQ0jMTu-*NSF&TDpkMlI#-H-j5!O@sH!=GU)3u1~S67dJY_VehbkkhHEi
z1}ruhf{n(CdWeb_Er8wx-E>t)y_bz6XOUxm-Nch=xwbW%BT>ga%E2ZZ-)4wA@TuO_
zBOTJw{maOR0T6!>)gY&##)Ftpk?^9+{_tJ6WGY=Mny#(QX3v(hCzVf1(&T*lN4sG9
z^v_bpJLc?pcjRff*d<{qS}Md_?qf1U2TMOa3*=E6zmaUf=>#ZaisFvZPW$pPXMMiw
z(b6!niFj3}R+6iY)5ek#H%G4a-RHXMD}Z46Co{cFvhO|w*kjUR4^o;<^9d{9b>Pyk
zuzwDl4(*%m;~QHW+x8*_?kAkTL*INGCbtYPyawo!(u`pg=+{q{WP$3H1-xBsA|c~7
zk(4MVHp7LKWYo=LXmSPF_BHxBwb?o~E{5E`WMdM4kFK7perZ{jSZGl0l9}7GJ<OiA
z%wu0MGkqees5M5#m#ZOlBL6snK$`M4bIxa1Es%|IXvxklGco=e?m$wWR2s>G(qN5~
z!=yi*iS<D>k=vGrJy}Ol(N@jsO#Jsl#m|~(y|)R`Y*kptpI1V5*__u&4#5j)B)2l&
zY}B=Z;*D%oM~6BiLU@0K9^iey!yVJMl(-=+@v&vuib@8)u&%V_yKwb~iQbzl+!Tk)
z1o?}WDRr_|6CkJRl&bbY?b|QI-&#00NWF%a^Z~F_+q^@i^C|b4D)Z4|-*!V;>9s!h
z&|TM7V*^O~D?$>HznWyVhi#ettwYfOZ`S@p4h}6@K!oHWVk&U7xU#kaM{eBAgg7rd
z&mo(fy@0wp?&MF9F9JGac>~|qLP$@@7rrq^2pJ(1&#EGVWto|YAqrIdMskq)oFxsy
zqesbkSTFs$|L9TA?o$)_d|{idaUl&CJCP2^tR}`4;roI(c(XHa^A8d3^)A8Mv~IY!
zr1MaoDlLn`xVrR5!g)2~efaO}vsRjH)Q9q-NL}J=ELLI@7I^u3T=B=gXNT^xd$+%q
z;fTvGA{HkYC91|z26)jN7%Mqh5M#?Bcq7Z)X%n%BV$ntV#)kmdB@r`kfQ^~g@pkXG
z+%M@|NvCf3Iwoc5EZC)$qe<^dhOUp+-f4%S4Uk*%g|p}G2dSDqAwuq4gCD(>E=-{i
zk{$7a6tB}0UylI#U0<`sIsgo2?n=|6qtxicCN5Z??qqC`lZ0nB`0R;56vOuyECuuH
zeeO(Fi%z!@1p-kFNURxpZ$LmrMFLGcvO1CuT&7LGNdb;pJDZukOFrU{l1=_@J-}a)
zXa|XQFPCy$^ScJzARIxf3g^<<><o~T)tA1D1-Q=X@1TA0b>A17GuV+39rT_gOrbJg
zJH17f=Fc+g8pF`TBj?hEAQpoxK_uC+d^PfKecTB~GWpVDzKmgzP3^^86O}F(yHmyo
zJ394VypaTT-UD|lUy;$};2Ga|59tYQNW;bq!7iQ1nbTSp9B&?WQzTgpq&q#FHJZ_s
zmMypCwql~Iz>G;^pg?o`(T1UvB+tzCHYRTk$vT}lns^XRB4LPlBnl1XZIX%3RzBlo
zk+y;bleL0mtC>oo0R@Rjp;Lun&a{GrcHS@}8n;{wevRZ^GA4UK0%Q%H(Lf)Q%Lvq(
ztsN1msXr2vCky<<WH3bQL+ij{E`*jWl#YTSAN2!g6iq)jOPm(Xs@qv03!qxb$7oJl
zEM(FcaAh{b-+O$ftkl*k)unzqzEgCgXeex&+BjzC&#QZ;?00GyAXRKWEfDEjOkCI2
z>B?LA{h~lzNwKCuzj{bJL&r|#tME#>B>Arn4$C$Dv71^6Q>CfazyA<wV|Vn7m}ODH
zx70h}y2HglH!^YT18KGxCPaXh3W(ZJZqK?t*OV0k{*bT>W?S%kdv^*)CJZ+Xb-o9=
zhq#&`Ay(`TulIM(*haW!g#9i)@2@#)T?~Ub_xSzs-@HpiR9b}5uQCka29l%#sGi#C
zvO>DNGdTKI!l9y~Id?bj4L8>t!bI=Hz6m^T|JGi%)G~1GSH?8;ttHj@yI%NH<Quyf
zX62XGv}P}y-gc1G$^86LTfCzw?v?pBbZqy5oSLOkx8CC6+Q#nE{SQ~gmV;~USG+s3
zbTvALh6c%1E?of}K39I6FNa<IVXOBq=iBbp8$iE8=;PMYU&LJJzg^1RNx1LcKEzUr
z@?owNc1YmG?<Q3vuw%1H(>FjwRYs)!8FS<y5f1K74wC%!n#EGbaHHq4CMZ>HQ9JDI
zU{`-rv!2XQnrG|t(#}0teK?bBX_PIxTSxJ>es-qbduuYJ{xm}}4&6V_o&GIyIQE{2
zth>SZ^*3x`R?Z)nb105lR`fmdaA&wCSZuEuop)z3B=wf}$3`v1^K-qprSkYqR2>$0
zO<M%Jyt&2Z;Yz5lzdZgsVU+xh88z1XIPTz3E%B=+($18MabSTZ%V5yyjmKqekK3Bd
zL6Nx8yH}KH{zj*Hlhbc{t)MbZ#7#e@r!cv0@EDJQdL(aELXVX;Iq^r`LBd{6BW+RE
zBR5mF25o-2w|S755P?fUuUqeL!#MIpiwJ4i^f#X%vK1vZR7$q=Iaho2C|~Cf&j%Nj
z%zrF0WFIU|?aW@xoAH9{^4nxSH_>^srQogEiWsRc7=}poVt-(g?5KSLc?YQxwZ^yJ
zCzWP(+BABb_vFtT`Fcp>)6IkAvKr>xx5+_X&h;P+dNEF?2j7?TP^oixWAMn#K+ro^
z$}?;uP4GV7z)Mf(w&m-;<-_iN<NE*YwSS!tz?4Hi|M~;rp7H_v9)^%7r@X-_F}^v7
zZ%iw#*8?0qOMgT)!3*m$4@t!_@6?*PEJjQ~q0#0Bo9Lj&CAPB!5vZwki~H-F;z(rX
zXuz4txhR$W<V?guS+v@@^iiw!EL8OV{{f^xTfaMJeLQzGX+UFM<rQdwPm%<XP$P^@
z&NR2oINTFQX>!RaLqV?SaMCMqUITZHJ%(r`?$*$)rU4-9OMAI?(qlUsBVO{FEokp)
zffa3qz0tF-inT6~SzFl<M`OI(7Z%dsM0F;mIcO>trrDy1G##Zix?Ib%NrEG>$<f{J
zoB-tegYF3km8?jp%AMf!?yD*wgw!Y}u$)RXE*CX1cCC_&vZR}(R$92wJXM0n9`<Mw
zxE_L#sok4{MSEtz>~V_|yP{ASnygu=(Xl~xAjXSq1AAX+L2T0s*!y1bh@AWE@3-!G
z;l7MK&&|PAni3fhW>iLrp`fK=`Fs8M`SY&seEZ)!-+p@O?AK_%(VbIXN;@4O=01pP
z(E6m5R3Y6vqq`q9c8RfK&3`Ob{ptt8yJEi<)x>sLN;2+>jcourW@aAxFU)#y5Ofwq
zh?^y*97?EYd;9bG{M(m5bmDLE=9--QWy|5ts{6LTeEuELxi~r3&DxP{X^{i%uh?!m
z<POH9OG-xpOpVtc!h6jYu#bu-s*b+xSF~K{l6t6W3aIR5V;KmEQn0eJNaC$RnN~tI
z2?(o`2uMkY<j!GAF(Q<)CREgoRMS-~v{b6ARZ^k5zu%tyJpH`Y>%{PfWp0gU_cwfR
zSB`jMU{w7g0UHuAA$pGHj-2k!?&j!l?&USd6U~N^sHP!W)v>i1m9<;zzqNChIiF$E
zhWXIJfP@6p+i5^SAz^@)Hm$^_djK<^4}SjqKaPVkGPOY1u1!@5{cYdli2VKJ9b`Yg
zereUj&xg@41N-XLMT9MnFen01aYcb7WKt|a(3T&A2k$T^a<}^p_8fRjU`#2Hv-OHm
zl%>d7SFfA~8I4v$)C1gYYrm>+HXorqNhMJzq=cs-DWZmKkXov0LVbJw^Su5{cRuoO
zeDfW}Cvm$f7Zk)912HzD2ESR5sv=sd0*6c-#lS?&S|dh_H8vVa3r4YkBpj9=Z%Ek)
znlH;>r3+Yr;kq<z#fGq|Q}*b(fPU~qIFF;|Q})@FscagWgi>m%$A35W&)x6uGUNFX
z`{5>jI<yMqpi05v;rI`~cuiGR8VLtJHpMh+G;C{@+_pRR2NX0k0D6_E`KGWD{ki(n
z?9qaR`eBF9?DpZE50^hj^`RJ&RVHMKL{+4u#T6Ej5{79isBvg1iK?Zjk!Gb;B}r0L
zsQI2&@yuhG_Xq4BjT3$F^O^J$-_Qlm6|jbsYRRO8DQc-gRYIy6STT$OMPpx>ZpyQP
z$T`dDT(r{Gko+WEI2)m8LIgdHES*mT6Dp5~S|0X3yDC&ANg67slvz;ZvavN(*E83z
zU!HzmbC>h)&tCcUII-S)FE@kl^E$Ouj3Ta3nhOKSKX9pAu-a#1Xj-s`l+pTt=qsJ<
zQ|+Mpf~?AZEU8TrQzc5MR3eFF;>smiA|k}KRIw_lsZ|3v<$e3^dvo1;*}P_S+`Jx&
z8}y%6O(ek6RZ0*_oy!4N0Y{XZ@`9jT1MnK8&UXu1OjDQjA0!OWSKvHRe}0-b7T|$D
z9t0(YR7r-MaGYfshFNN<yXSp+{J)Re-sjM^U9M}kjNy{%u?=556!`ibs&{vHC3d?n
zTog##8k_c)oD#n*AUrF}JS=NCR@)K~Z`&>EW*+}vAL}dOrLp+*x!vxEaPJ3gIa(aC
zi#UOfDECQo9=zu{p}WL%fmKO}l<0E-IEWOQa9{!{18g>O4qBXNE>|uNBf;C9>gc_s
zft=@fP8-~HbUKtqq_0!0+m0RP>83`5i3VB7NFk|VAXrV3r7(*E%5V{cVucK)90A#3
zR!kTv%o4OzS<7%U5zWd|8M|O&V!)6ImhA%I7>-CnDF$$ywKi=k08SGcgxO#f?&+>(
z9NuV`bTHBEs-P)~*)&ZwBZ4&KDvl0IBO@YWp(TVvWjMJLlbBODxh`3fxK1R%jSd(K
ziAF^QhADv#Sg^#YWTjbH0%7&&XU}TR8aIW$Y(p#h09LX<&L$9>)SKZ;_rOeDr#;1o
z5D@Fr-l%=kjSm`;bI~M5jfBR)L68+xcb>TnWd8i+Fxlr@?FW5NmsbNm`fJx3mJzJW
zBB^g_Exf2WTMo>u#MQ;tzRMpvH=^kDV17u9)Ssp|I!CMDrf`|a{`{`{@Y|!~hLr<k
zq(x5Wj=EMJs_%R`D%~N2UaVbK=m>oN_v^Sv6cz2Rt>s@i^Vh1#u?O@0UaiJ-HfHop
zt$X;6kM;Bje%>Z8)=$gGWcTgJW~t!VujVJdZS3DPJETQj2QubUy&o*rt4?KBg)8d&
z24baxw<{QdYQ5F+ue(=M=#JC{*UNrxlz&aBwkAKg)A||QylhnR+Y*HdyexgcUJ<%v
zi&OQ7QZGIGv)>V+??$lxZ`~Rnyj>5SXA%Ohvmdbh;`(Q9t<1-4(aEj#%VPFo)7<1#
z71|-~1Jy?y?b~@`6pmPuv<>2GjhcIFQ9i$ru1#jg$O*JQ$MpNkyFXtT*SN&jZ7Iv~
zeHdeyrIJ~8b?)q-jggmbuKuducV;g6Oy%>Ze{jvDZ*wu$lfv$A+q<zR_uqZ@-&B*5
zJGb?(pWjaTwzYIEM;S_FoA&)1OOjfS?(Rt-p0@qFYv--n>P@>k+j@H2!?xRNCb1U0
z$*XinnT>AXyS;gxs7$xr*u=N;xpCWluXF8VUgO=&v10S<!P=H?cJ8vDS97|IUe<>&
z@%rV-nU(GkK<>gfM{^L8Nc@q6EL+lYK$2<1&MOnO)uD<-h(Unk7kSwOrggfNUGDeX
ztDG@Xr9p8U-IVEfrcQE&-0bXn4?HJ&?T2n%oQabv)~(*!6{3pk>c@Qb-Zm{heMD$<
z6rr)@;nRTSTFu3t8r*5^+_|s9tzr+CQ=`elPup5Mc?_%^cQ9}R%k0)bTuUjF?S15!
z`;qlPlxc#)vweCRioKqt4N2K#BgA+?C%4oiu`4(Q#`tz?+P@*9h6Acu;Zn7!JjNY7
zdhWZOa{8D_Z#N1Z5hB4LL?8e{AiKpfn?l4A;Wl8ps;Z+4gQ}T<$`<g69T-+U5%Iq1
z-tC6fSZ)F_l6Zv@D35Gprh;*z+9Xlk+1-ngTc*;~NTWqrau(^H8K-+JnJRV1Xl=f6
zcbrpCNTP7`U~U}Qpp6Xg*R)Z0(|K>ot=Fq)Sv4e)B~X&j64_vd>|j3f@ZwzCnrA@W
zUIjSEh^C{QVGj3xa^<f$9wQow*rFdZ5;X0M6BH1KLG5KQhYZWd3{e%rK;S_*C=4U`
zT}XsvFcS$uef5S}`|vNjcZyCEp$Q37@=Ndm(n*M<R{N`R)F~vMNkwT*+)WfxDRx2T
zugG(Ot8DAvM!Xq0YSyZ2wR4N>2M*$>`n}YgGc(Ty!y!F<+qs=Xj`A)+Gf<+MX{fK+
zlKO24U0#-Ir;7JnV)n7qUPRnEs*j#|zHanbdDp$O&9SrKoaY*s7d?(hrjBQuB~e=_
z%dI;69oIO@y#iYaBFIRRNr;GurYY^Ak(FvG!ZLzLkU>A0*&9&^14>4VhA7LDIEx|3
zi!wJPX-5d<BCyLXwxUz5)}pCcns7l>A>lAK-X_=*Hez_(V;qyyk|vn0^L~$!k8hWW
zQ|;@kkE1KMH}bNbacUmLny*s%vENG{ZHHt~`q6eL+}~Wp&ZE0ViY#o0u-H9rA)`L#
z{`>E}_uomoyYgRs_uqZ@)g#?Gm-WRWpDfS1NTMoClYZZ?O?^4$Ac@C+J=@+xesV_L
zvO83(&6QP_eg=@CgF^UnR0{efx>wEAWAC_5?u?-FpITe(>^EkP`3)Ot(BW;+o1j$E
zD#K`IFcBw$ZUe7fE9=T5OGu>;Y<8qOKKmYnlo88VNdpl22_Q)X+XRVVka;2WY;sxb
zk&4hQ3PzY36)K_jrDZ}LNvtXl!DXZHmq@y{1e$rtmOmAI6*2@%EfR@CPW+;&l6Ufk
z0pCLrI+6yK3zDY=`|=z<qs>LllH-J2mJ|88KK&nlAC&dpj$Ci{wo2XGXeO<Dy8m}W
z5K6X(%jfDfBsxh7XqB@Y3Iv+(tNgv6rxvHtYSly*qqPk-EX~up(Mh>#bpZ`PsZEMP
zss$4ZO4TkVok(k>8m(xdAR+>kZ&I*AY!as&w#Xnqg%Kz=lrd;exFOrzRh=1=W`;r{
z4MyUc8U=#m)ppbC-M!Foi!;^)X)o7js9WeX2uRto0w<U%j?>%)=qv<)s#e6s6_DJL
zf)!E~l@<-C`%`UIx>WfnHQrcwvvj9(9g;(H7&GLsx|UI<TH9e`PNax!7zK_e0%b_m
zH55w%M#MDTj*JNkg_~T0wImgkn)-$qv<<@XN+Xh{W_FAp$I&t%$wE0qxmZL*LNeuI
zP*Nh0=0YfxNjQovF$yTnRV`6ewJlXDv7%~;qDiWMsrq9q^g${IFBUSh3>rP-^hHr~
z>r*I;6i`b|P%}+cEFhM7iWoS5V1D=4Gk}<YvKRH(RI}B<*kz)XJyM!2N=o(tpSk<@
zKK}mVhv_7cvcUq0QFzg+s;VSs$1m{y^CijmNngCu&&z(S_Wl3^hxbKVszyN}>>{Qr
zW(ehNnzmb|hR>!szOen@Zat!W=YL;-d-^aSqzuDkHds+gRtzGu2sKSrA}P;(_2GVR
zzt3CE4*TYNJ$loEd;>7~pG7#cl8sd^=`>x<*P87aGYW`OjAQ~T#sCnLr$V2A)dcB`
z;3@=wd<JMHs3yS&=j@!x(L7Ib$rNH@Dx$_q7bhB8s$}>1*Bj<<cimQQd_euGGkwwT
zhOu?%52xNRl2uhzNl}#57+VG^J{Ym-8FU}NQ}(E7awRrGdGMvY#XVI#<oNyAbTi5@
z{5hwrM?Z*$5E^mGX2eRUv8;rt$_bLGMQ|4>8U|@)s&Z9D6qbsVk$!peO-^?h@83@k
z3Y*t2TB8SLGjJ-;L75_=e!{FvAxkwQQ!>*?v?UP2mloKhk_v=?G||RA{J#BzPwLK3
zrL;rE3gw;%r|i1@_Whq@Kx6o4B62F6%1C0OnrWOc_G{kXe|x_v&Mwb$%Y5>-SC61<
zbbV4)N~kLpkxL%14aC84!!<<pxPG{QBmLo~9|xznJ(vM|{O#zTA5}8OiKvAXN|CZl
z5fPz<rj%hMe%|lDuK#Dr=F8!$p~N@!^G><kYr$0fJ$|U7Ow&y?laerc2ryGNP*F1@
z5Q#SaeS5rKK3!zSKW-dX>B#5a4;}T|`E=xwiC`TCGePdYIA7!3hvGYB5~-;uWD%Sq
zT56XJ_w&AY*U#U)*8b<2x$De!Ro``@k1G{5S=Tk_IwHa(l0pzAlti{bvRX@6Hn-jU
z&6;U4#Zs908K@|$MU0Z`mr6GgcXmjGkeO}JNQfvF2k^E+XYb$!eE=`sVbI4u`zAsz
zf+^qud=UJhv75k{Oml~?(>^Plsma7xra?&-LTbvCl%z^>Fvf(IA<W6l8Kh80GD?~y
zrNxzKs;ZS%Mx+%GareKR_xSvK^VdFk!^8U;4o&wLxEW>EGj1OQd_EPBB$7yNm|99%
zrBoVenx%>=Xuwi25votY1uz?={g5coh<V?(W()e8gW!H2M<{BskgAq+^?Bc)vU~g9
zv&@BWSIq42+kS}sSgMsMqKc<wu!M|^Bt}4DzaLYao6Q*MAQAl#t#JYPK?Mu@?2Tg>
zD+~ya9hk%3+;EQfuOubXGkBcH;lKl&V4=k#3N+>gfzF+?r!$<+<+vE3u-HJdoQwwr
zV1fWp(!pjVzy&riScoW$6)`Nig`fpa1#S#7g;TIx0ws=^sbc|y1f+`^LS{T=rZ7Um
z7$QIgT&S^-QHd(XATCBS#y~>=30kTlA|#^PiYC{Yixp!65oC)62sH$;mxBpPwrnjy
zEl`IR0Kv?l;Bwhc1c8qcf|`{9%oighmnlqE;R+)ifCkAYB!b$Bb?}}c#_821+nKe>
zE}+UF<^f|UQ&9sISYtzhm|K+XcWb9Bw;8uBu3M^VD>&VtG(}w1cWm9#x*#r5Et8Fa
znSqW%5er|M18e(V>3>%}CBjj&C!x@&4`tB1Gyx3z2bwK9a0R+Io84?|;fI~h*Syy*
z1vV9~&Gqf>uFP`y-CW(|o(|96(q<Q;>pKn4vb5dj+9l5GS)i;68OKgmBbT7OERBOw
zcLq8*y5Gl>hZsBZM-KcD-=kGywrRS6n);s3S))dM_tAW6&&x-sRaZ<a!|%<n!6Ff7
zgMXW_H}}YOHGAZD@bj}2m^Y3d?%dk>k=Zn>m=#;McTSE|&A~-I6XWykr=M4DWcl<-
zCG-2f`|rN{>yLM9F8+!|K3lurNR-u5WZCxpBY#pZC+54&NOv|<xg#`JJnxg4N~&Fp
zV-$$RNDL4z=C6|6_V=$m#!TNc-f-bLtjEsizTvoP-6R)sl-*UltIBtEl)Axm`CUM3
zRGo5@p<1r@YE~VfuJ2c3oGyZA+b)kXk4%9?6iKFmi3>D+?=0WEen45U8SzKm^-np|
z2UZS5HthPsAUcPT_l0x__GKfpTQq9|JF=DXkC3_t!(;pB?Lyc*;KR;8nhxAx;B*%|
zx1-I5?{ZMieSI%`u-m$!tIKnQ73&BM<m!|J5P-mfFngIS8VhM$rNG<CgBA=#5;7?K
zBXW!o1|A(nGfo+fa8Wp}X_08Af#*3@+rN9xxh%jDCkZ4G;DH<f0R#vGy{}|$Xv{$c
zfO~yz$dI;>G-hBUOGy!wrBHA&!r7qWuG_Zm>cSkufgW6`Ib<R>VUBsLXMn@Z&E2as
z%stBnB4&E^>(1NGawJV0+<mm*LC66>;PJH>+>xx&pim$~5L6daO+R2YvfhFbWTX)U
zfp;W~7@X1ePR&hLuahU1?{+V`q~1v-`hR!defQseaqjJ9-_b~?%XfR}5}K+^n?B#L
zc(e4McJJ5JVzx7EXKE`!JUguQZQpKVGS6VdfO+!|MJ}(OZ_<6bKKNw4-dS4r@3sB*
z#&vvAJWszrA{h)RQ)VWnCM00ILKj3AAx(pe$lbJsbu(gsid@*Hp!7+#zs(9mF(Ium
zo)`K@wdY|7mfIlmB%Fj_J5r4?+vYa<q(cWt5YrbJkda|Zw%bU6%v3X54KfScAv~3<
zhS$uu8oQemPgqd~)Jh{tGIP>0k|4OA97z$X0!}#ChO$DTkZCets~J)-XcaiTo<y>$
zf{}$1M94IjjLIymAyKKO;~Vbg4?bS$2e&uE1p&}*mPn+FN(fZ4;$}UeUut?9baYl%
z#%_C;9apMORV#`k%58IvYVnya1@Bk9^zp>V1~^7~5~K=YNY!CPiDMyBlSDBQ=)N9q
zcyl#>9Os9)Wd=Kkx!7Z#h`t=3RWgq5;_l*Iz3!r*+9ufyxV}yP5a!Jmd+yBv1A_xV
z$M=FE=ni@7cX#mmai(Nef*EpYQ_tRR^<_V=rI)Ja^Q`{GW@n&1ASb47s!FG>>3i2w
zm3LgqXd@QIM{rm|FgjMr)Q!c`0(Z^{Q+|2m8yux!a#6~OC}d(Q6j>3eiAY*jR+gxl
zDp^ueDH3;hck}k_{*gu5?!S<y2lW18qyb-md;{O<Qk51Hl`}C@B?}c5L!JOah+&-o
zBLmZ!@7s}^Zk#TaOna@S$^`l+fcZBiRY_FUN~Gi~EhKx(%jbvh>G{rm&xa0r>+W*+
zBu@JL?)mKe4E;V1tq{!R;2Wi8#>`cR+ehyi;<p^-eD%#;`iB2-MA+-^xO^W->Z(&v
zge0P>sx($P6-1RX%T`LET<7<nzP|l0&*OsSPaLPCDyyU32pzwNfc*vQB#;rRmWrri
z7v5${;Nk*-iU|k<@6+P}V0kcETB45rvA&d#L@@sIJkRVs{*EWQl15_`aZ*}sW~KgS
z{?@Ve`CfL4-m&{d(Ls}ZvTXDOJzuwzx=G#5@u?;xX4#EmsVyawB_%@sDR}FuN9ZL$
zvf68<VF(6-I#DnjKUbCZGq2w@uifnkkwt=G351{!C?;c1pI=`;pI=wU^V0dVi@pBF
zb&YDabV2YW2%s#Ie2|2KK$$Tp0q0$-buDgN1!z-Z#*&O^#)1hFq<!f@O9ZH=;x?X~
zZ9iQz#O-|FH@jAErv3E0?);*JqXS#-zCU#3(fiJO&u_cWHJxtqI1%<q2q`3)X=)8>
z3rVz<vdUVNrLbVwG#e<TteT+JK#&Hig8l-?H;vleHHMarZbs#e7R;LlR7Du2HHwPi
zuv56_bnAhok+55GPnuVdpMd~M3FQrGMDyk2UyD3U6A+^!MgbGz{Jp$-eEq&}uUGC8
zg6He~T)Ui=Ef>-vFkp)auE`{uTSCN(e*ptBylbtwwT-tTw|7RXm4Pl}L9vPo%-Fk2
zm%pEX8^TEhi3Z#)6#~@CDTiwN>GAMh0M344;wplxpN{o6(ev9sJ~t)vmow{oiI@T=
zVS_<{5ikG-3;+Nc+d-|CL2Y2R&0(MbM9BaKfDtl?000;PX)pl$z#ew%pa_wS2>=}~
z0&TQyo4V%a#wbcP&C!I?C_3g&Fe)rXP?AegQi`gpM585DNg_BGqEiRTJ&pk*52;Fw
z+KZJ%RLu7t^f3^qw^+?X1|U`|v0x`|4h4yKEV&uSGUE<(<!DN)qAMhZ<_bkLs<0{%
zNP<Wt0NJc$Xl5)p831Awp=m0d7EEIxO-U(Ch(rpzE2Ih?VG)@fvoQmJyE8J2F<Z4<
z>)g(=k6t;Q<<45+IN87yZ!wT7KvZ0jHd+8dB!d}|W>;-YRzd`04PX(Wm8@hy<8c5O
zuDYs?q9K@!iUdG7L$QKMEmPDv!ppY-GfqaP4jCj2$irhfh%Q}ccX0x^(ka?1v7v|s
z!lEJyDiTW(BNr`85(u5wF59^qmsEAlVwJ(j>z&n&T{^~82^x~{9ff<l&LQz$^NL42
zI23QQUC34!th99Y-tTPhUSBu3^ux&VZ<>}28~_7FJUvpL(G1tAZL?*+FO1o%Hhq4O
zu9I{`5$)~OJ^c?Y{dGNU$NQk!Eo29ODrS9LmVK^$Di62W=D7XE?ESKQ`$XT9-GVuw
zYAU_Ak%Q)`))qG3<1V*d%~lXYWoijabwgZRhnURaPjAGNa}D9X69}77Nqx60aCx{^
zpKQS&gPGm(nJ!DGqwkh=QQxkfU#?e0aE<18jTI(YxoaM}7u!nSeA-z%yXbblCcfW<
z+24J;XAn0)h6@@nJNV%c8``?>uQP(u919^UAo<B-7(9O++Mczt{Hub<GwP*7Y^9fX
zFgvZ?=~bL};->wdQx<2{vc=vNZp5^FM+s-ICe~NCg^tTErf0`K>G#D81?;)AFPq(L
zJ>9o%-BWw=8f>AuK}63h2bg{1Z!teNMBL5%uKd=Px@G+8=XN~?Qg@r!j%G-w-%q~#
z?0dUaTl7*+e?7_deZPGEZ@$mDB)<858*6t)?qq7uPIhYhlkL|jy|#AG()3B&KD#7|
zzCm|eM!Rb8#<6Z?VOna{<D{2uQq9$8THUQtTM)@PyW2bW?fUC~Po%#dXkD!)`l<p6
zA298Mv*zs`+HS9E@KsH~t16~5o6IsNgAt5Wi50zPIjOMcy<wW?Xx)*rQ<I+@S1lMX
zjRgf-yB#XecJptl1#!6PXoI^+*^bw7;Ie{YyXdN%)fZvx6{PUSz|0cHLoC=KZ-)`|
zqAWwabs$z~K6HKM<98R54OHo$5XSn`f&qY21;IQ%$9L`WZddcMbvXN$ZN4^w?RBaS
z8=39cb+$U&wDa1^;=4Rv@tnaW$D=PF3xl%z$d2`VdFAcm`KhBplT<ZYjQDcCFxN#k
z6xVilbdg1~XLmh^4w@YR(d@G|W@_*~bxh9mtE($z6%n6adg<pf<9s(w+ASg9JLe@7
zA7_A!!b%7c&G;1Ha1|3p5=(PR(?t&q4rer|xUp>uZuywGmjfLbVS^gQlNfp!95T@n
z>veZc6Jdy5w_V(W6bCzoT=Xik+HJRtlZ29<BD@|q8Evv?0EEdw6q0~rWTA_cEj0-;
zI2escAnpeAbyqu7l)WoT)4ABi%;5U=M|;;EiZ$ukxQ2LOFcIKEM5@Wai(2-&Qv2s7
z@H$AQcBatC-%E!FZ!+7Uf;%v9Y?>=21B{YMK?(%AS1PPInZgJXBPe48OdfB0vTpJ*
zYLP`2X{MtZ8YEL~-ws^lNTw*z$3vF$UEMU1M{ii$xuMQeB=dJ|g%^U9JRQZz?|a?1
zeaq8JgG<#<F>{cl9fdU-TsyRjUan__-t)cl&iw$sxiFyR6NE`b4h{`_*VS^`YB_Q)
z7abQ`cXpLmUT*Iv4o3`-mQyLPqDn}VkU1QRM3fK_Bt@j5DK!GbOhAzQN*;)Bd8^3!
z^*>?RM^;+f<03u>F7}-jH;vxboc(>cr5~dE@0xbzp|eQUww+0|xn8A{J4@;%Rp&15
z#k%{xX>ZP7)m_b|+{L@KRlTjQnSCp_zHz?$KID@7<@W7%Nq6_%6?WoY-K|{}Y#yhB
z4y`BZstjKTTc3UQH_hi}XEH@r{gv1EMAacGj^L}3@&#8^LCUD#ChUvvr+dSb6}l+<
zH=HUtJGe+FJ!!zvNgxN?Gk1qZI+GY|l^uyC8Y(zR4w%Ggq(LJb4YY<L8%-9GDTyH?
z(XtFoGBA)wEuA*ftRxb{UMyK*Cx$lERAfm+BZY?}fY%M@u<KUIB5l%(3%fer&jN^k
zjxnSrhnh>e-ADp<B96^_CFLJ9`(xEeElynHBr}Z;EaNFX-4^d*BrGq1Rti`k*z8GA
zNf6msX;NgixSDp|J8rAQP2;TdhU?06B;tA|wc8rxp-{Uxidj_!joAw=q*G0V-Gz(W
z=iE1<^1LPUrpAjP>s&<Uo$D^VuIb)BXm8BOKO6-y#}NURDKrJ6S(?yR02NeK1XM>e
zIq#==?e=-EI_u}*_Pl!gc)9W3{x7=MX&5R}T4-rYNolfel$EJXR{Rk$WJVzcrbdyZ
zB+;fSMX9gJeE&Mn55E=o<?T6R_q;wYnwhX6Jw1d80t94)NWcm3C&YpnnEQ_ViR6;~
zFfDak!RS0j$!dc^gFqW4C5W^|qAh*M#F-*9Ha4Oo1|o|VG_SX+uM|HDAiBl25@v@5
z(|-GDM~h7cNmuW^_Q;SzAQmPU-=~}IH9gim3ip{esX>-&y^t5uNXW=YNI-(}leL=&
zVwa>}M^q&+w1FP#Z;!j*%dcD5NRbmLLqc$nLCEEv`9J0UNzuE5vh<(VP)85IfiP8@
zYxNXNn+h7uuZ}W7`=Whe=wvSQUs-lg6#^h~lQ_v`CPIZX@4_1sgc61>2iXZ3HpF8w
z3l@kfW;BUVRyJT_qd<WG2`3385;HOV^ncg9mM`L+K0-$QmD!hWxt}TWEt^9$vYC|G
zu!yGn*4Rj3O%Z?+7MjII&7)}4V&7X$*zLU!T6NN~gBrkD5*?tR0~F_X%dY0CD2RwC
zh<<bPKVI)D-&$U-rM^3UZ`<PimGNurX>ZO+plHna0He7B7W|Tv3h^l|af(<GxZFN1
zb-#UWde?nkq^4pCBuGgZM1ctjetYMq)$ehts?Hwgo6fL!=xx5~SxJ7~qY_DFn%ON0
z36hV9Sdcs+fDe?X8}nEr0MYmHea~NFL6Zc`5Xqaoe*G)W)bPb)8Jg95qo+L4&EyXS
z2*Mu145Eomsh<6H9v1u>-<f&5_VZpV@%5hWzHeYclR%85nh}x+04NG2L*3_7vvrLg
z<3(fKXx6WwD7GiE5(FR$7y@JbnzpwsOMENDO6@n=T8<Xfu?s4}pgiN8_+dI>kRv2X
zB$5Pv_gW|0_G5XgsC&H8;b+lQO8t8MZMNHEa-fFFKzDM^5*OfG_)il*jAvL!Mu0YH
zz)ZMCA*Koa9B*B!l#rq<1`2F|j38X4Fa-+Saz%}r@C4H!2Eh=#4N{W;Hb}M%gff{%
zQyGX72rfKSNrfjekcv36z-$Oi2GLwf;S3}}B@)yJ8Keju4wp;;g3`=^R*W(CLftvM
z#N|>jtHe^tj*HaX(n+D3905xanSc^OmdH*3LshH|!@Ns4r%l~dG>jG;;NitXc!aL-
z;m3F*Y`B}8?=X%+?XL$jCJ2>?1#t|76H+7$shHr*a#JzKZf`nSPT{UEcHQB*yjI6;
zLez`lcF9A}WzMb|R|q6-p=3%^CW;A%Ga#B#XBZ+8U{XSHrK}_fK#>y)U9wy&6zW1v
zH&P{%ID%3zrBjIDq|0LAB@860NmW%O{c3z_ZxX;?$N(px`+MPx;g?ba#4dLyveE6&
zsK@Z;=c&V4#rAe(4HcOrl0&m0jVETPUg;M*AK0h8?|_}Gahn_)dXL37-Ft869Zil`
zRe|WwciW!j)<vqaCu+mLebSF3-GVB@_oMk%+dc1hFJIpKsdx9^xj{Bd`4=x0kadNf
z^;!Ds=bgqH(!PII-gn0k%i-8a6VCJI^W1B5yH<T~GN$~JOJ987BSfBix1RdnO_g*r
zY;N?-hf~GKeOO7j>ig`&-+Vf6q`D?!wT8B4W-pp;zQwz>Rj*rJ^>nVz`bPWjw~|Zm
zm)ao1lCJJW@ZsD%&iC)0eBr@r+EhhVSTl|SL{=nGkV@}wIjwJxb7o0h?=G`tZdOby
zWW2Qk28GmBa;jOp?`_^myit;&>5lH>IblV2FRNvZtkxr)e5j0BUENfkSL^Q!_lY;a
zA&)vqWc1q^qkhYuZhKO%W>s{<J=<Di6?FEqROIs+E_+A35gt~-HF)Inyo(P>>&Z6=
za;PsXH`l#c!P5~?x`1AZ7SWjbt~PG43gKp}M{`zmZm1`Dh0h4iL=7GQ_<#XE1n6p;
zO2wJ5){PTwe7x>-aYX<}6t=6>xNobQTM{Uuoh$)FOvMab%upcX&A#!C<N?q-&hu+b
z9;@&N(yAyvbkOm|*N+WX)*5=viXjnBZtk|(nyILWh^1S$?UJO+b2ClVPEPDru!yF$
zNu10NJl_5D*FAyMlZfIvcXZuwZs-mnR_^ZO0+K{HaTPLq!9DrS8*PT_a-@gNrnh&S
z%bf5I^Rr-ix0P=-S8AndZcESvLQ7S&+w3!kdtD25t<}K*Gy*&`-m0s<ZU(t-s^l;>
zn(Ldma|1{{9alYLvdTGHZo2f(ca=HBTwGRFTh4mDb&hwP>EY)UR~o2?vk1sRkugh&
z#4)vqq7q1=1<aJV+iJxljl?q<B;h2IN=T&{ODMpACI)g?Gt{<r<ysjDn+jNC!GL+j
z=bYW;$|pue)~r<yZtE?e$v9GNCW0W4&lfueV0OF?)rV1BA04fAC2(qLR;Ebvyt&A3
zaO&_yR=Dk`O5@9R-QlK8G-o-y^A0#%=NomlF;(o=9F-B<cWo7RXhyCkw(O|;^nP!9
z><9U8F1NC?Qs(~`<d^nlWSpCC>|484TJ^QxS4!;fq;J0ac_hC1eWThv21)nHF5Q(=
zB+Mf)n~+7Ca<2BK(B3~?S<UGj&c62FaC)??N%rOaBva&`R|^!6kI)N!@YpgMDru(7
zB@a{!j1ma|rSxB5aGdWuynBG2Dn3|wcst<At8V&un&hIlH%0dAqLInc9B9v8y@z*q
z<;w)qH*p+66o^f6Xt;?BN_HfO396Jy5|W4#l8?qY?Dt=0P*Nq3m^g!B2HI$m<6(vF
zAsffl@>vcPN!^>S?vhC<BY}k^z>>t55bbHb=KyI{cHNS57hf&j)2wdXpGoK%_7>WD
z;P@z71rH=kJ5!N}kg+;bO`?q<2^XiZRZ3fpoiN3S9;x`ognER66bNM#8e?f}VHuwG
z4P39c(D}GhMO-A9P1(DkIsif$lW|%-gL{lk9!P0Sqs_xE)EX*m*F{Up0riD%9}ubg
z%K6O`@mCx{#Bh%v5=kVGNdSUBIl&C!@!ia<Ln|+ad+(k6>VhgFs-h@(a|86z&9ihw
z8v@en6>TG`kfH{0c4u9o^0Ix3J{ZXfAqgasMt$$v_k7;G<s96p!u9j(&yRMg_y8MM
z%-vG@U$=>?MxI%`v-2DWCC1D2Huj>3;H!%bA~c1DOn@lCAtZqz7C?~So%VWNeJ_~B
zeV$`?&Rm@LZTYSBBNB{6k*TUNb{~6HT5S&x2j!(uknr$4kdTQakb?+9Ng)WaZqI(2
z^UmIL!x+7Mb32>x5g%$o5RyQED;6i*4{FPiOVBG~W(IQ_NL!ig4Ui!jB!ogpLO_y2
z71Ia4_cbx~-fN#`V^@pS-!Izxt*_rSP{@I`pBG+l%U!$>zR)=!-bNG?!B2D;Pb=Q`
zNn<O?BxE5OBM3y#W#*4>etTw)=Ka>WF~0QGUH07jAqfZ?BfOO7B1(H4<e;IxTJ1CM
z$E~l)i$xho(NP;>jEShl32#3?Uj6y}{PFA0x1I61@$>QYx$*Gzt-l14Y><;5RinF|
z<l|PD`?Ek#J^iNpd$K@~Bq1bTW4oKP-!Y#?qutJVjNWujbCbXW+(`);0dhfdP6p{d
zJ_4ESU$xqvzP0P#`^af2BncqEnfrN%-+6v(dzV@+Zx?#-=Y4?~LP;4MLdngPA@Lo@
zF?vIsF1827KqLtX1MdrcnlTNY80NDt6@FZ~W^~PS<8#0S_cB2TEKafeRdK`&WT7w-
zadf-$e`QdZqCf_qB1~OXeOH-z%tl}}oGxKW0vQV(4i^GABN3wns4xf-BF-9v2O|v-
z#t4=MEqEi5qT;~i4jc@mU5o`_f)c_&5>5z<F%s@>i;J9BsB6x4-XlY|9ytniFhrG9
zsG^o4g9s|eiYy|O>I{k!Qm}4W1R@|~5-^ab1Q5HDKuHp&2&D^ANv9$TQ06i!1QcoI
zb~kvdxf?sZ%y(=-IEIfLINWVUC!0&9-W=WT=L4uN(2I^HxE38ufgy1eW+EVG6)8)r
zlQCu$&fKRtEIWx9aiZkz>A9p8Zbr2`T`5JorPa%zS1paXj)}K&>Pem2?8}9Ub2&<Z
z8fgG7&u{2n=uk&6MF$U;K_nRlMe<3MLc}2Mk~zL>0k<bD4R$JGJweb>gOVf--3DAZ
ziKAuO?Nfkk)&q2HEWv{IqVUgexC>4p>Z+Z^wcQ5J&#KE-wZvNa7)-l=q0d;|u?_h8
zeYC!O4-7l^W(W?^b!L}V{Vj#PFno2M$-LG3>-xFw;}@S~+rG4)#51>`Cq)L!a)8k1
z^9xS;dce5TO2%$vpFs}QKCgI=dwJZ2tp@qtiJFhfx^f#;^;XtS(7r`b`@4H=?`zBA
z?yzR{#XD;6$3^n*FUuB^kU6Pm73bfddW(N0>(sx}rWXG9if_Go{6B3%1LXO#d)M<X
zQ-{5IsEhr*t4KBJ{rNE9_FP1rb@kH*>b6yO+OzkF;ohP<z=0~+0DGDqp4gA*JzVTx
ztQa@HdHyxV{C@%hIj5t{#hUMPt>eG6PoHxsZTC%MNDQm>52y$4lACitMaa!ud5EG-
zeblkB2e1zq=wL(o<pej;uP(p3eqJhj(@qMh*Ny$T%qUjimFmg}{qftuRYw&gssUh6
zeC!3_kJgAcvyl}tYCFj%kl)pn^?jN342@FXj+AjFnVB1DM~jlGq`SGj`Yh8D=l4k`
z-)|(6`{(z3WaYVoGv#ve>LpEEi<@f_UoV=aXmZTP^RnC5yO^<dJ=>H!?w#Acf#SQo
z>m0FSd%2}%Vp%QNzW25;_j<!mE#9?Oe{S2~q@MCS%F6BEPMv*w^q_r}0RIoCK=Ef{
z3vc8Ec=6A#7e>UevWTMN2RWK2+`w|$NNiHkZA)pgUjDo5&$rKQC81WD$k3$KZngBu
z+HnWC`nYw`SIVnHRLi}~+S{er3B75_Q4T$-voizAS5La~>Ts2s&IwP{cEFh~5~lmr
zfLpq|$F-YJ-7jR^L$qT&*AC9fF7*Z3h0Zk$S+=>G)~0omY&T)agxm;42>~ZCcOlqj
zVNnjL`gX4IJdEjK)*m-@T$T>iSmV!N8vz_q0gjpM@G`x`c#zMKE<t|q!h!J865H_f
zbk7uMv5vVe?5^Z{lNcU`FlQA+K$0T@K#)?hlUb>$GicT8j%g@`F+~(y@@X^?EEW%}
z$vhm+X2K964rWU43wHts0&O(mnd)95;;B^5KT2RpQ<=@#zBJBsb9G$BdTDUSf+qBM
z9Rs}KjpM!6-z}M3a#t|$@Pj&vX5e`$t{RFOW(aZCqv&R4aLZRbDNyj~YQ>||6ErkA
z(L|2)>(eg}Cy#Gt_6xmk5Z!JRF$}@9ZxuWftKebH9R@{#mI_!A3hde&EEKR;g(0KC
z?r^kGM}=(1L`SA*f({^<6bOr$sEP*$_p7_4h$16g88JmOai+x-_0V?XqiviEMZi@B
z6xOL%VZ~HgXcS5qg&G<rYBMDE)hZ*K=QF+FU>xA%GL=#zi<IMwSuI57Pd6j-`MkTk
zv(8T~I8S)2$i;0ia@-2bP)7>|sAY&H31Zw*HyWxsVg=OLl@wD}MIv)5OhGVV7)I^k
z$%ggs<ylLWPr<o)J~Z0B@0Z(sgKhn{GrBFYx%SN6s<nR*`#0g&_VuU|e|)~V_u0K-
zOv(1Yv`M*mwqf19IId}zlb6vFXJ0vV+ue%yx2lqFcPA_zyBE$$KKpqjm)}2^%NwP=
zig0wuLZ0$T{qyU^o$R$92QuWf9^vn!hkh|Gw|h#zU%uJ#K*i(lQhf}b$k7bUHzkCC
zNK`KzJ#255qPV(Y!rb*jjUKilh1&7rZjK_>?OSm!Yu)Fo%_*6~#5m`IXNr=KP`by{
zGct#sPd2uTIFK%a;<aQF?4S&hU;r~BGXPUCt~`48VkwG>i92qU1dvLQ%!vY8Z9-Vm
z84J8@q?loNX%V7CF0>mVN<wEtZEnbrN;j<%At_u5A`K0OkrpO52b_ZH9c&;n%QO&;
zwZl_<k*jc%aAropClN%HlWSC9#7Q_Q>ljB;TC-S#<(ED`FNuPaOwpM@l@VxUWB@Dy
z5LeI5@9Wb1C%U{*j=kT6)zQu4!4N$F)R82Ngv3k$h^trc=IXpl?Y#TlZTVkaUT>TB
z`}gBq{rs-Y7z$tv@7c{0)11yVo2}mQ>5M%9L)#>hNJx?>hp{3AN{-++J%NfNvy^RM
zj6f!l5DmS4d-e14@$mKc`}6a9@1FJJw)6K!LIX*8eM;XmZ$7BRL%%2n;-lComwP=V
zkdPrHl0e_O#&PVv8pQJUdSSCW^EiEbB$0<{K+N&^Xnh!#&4C@29elMRBuOD;X(2R{
zMKFQ{s-mi@sDbyNkG1>5ZS`N9_25^o^PA5kd9ur?Pe4x|i6lru5=jXJ#A2eX8dGcH
zSK9IO+WLca*T5DW91xHsVF?)nTRXe#zHgJtew8=9X0eMnaPSfDq>PIoq47O|^gKuz
zFdtZ1ncGgQU>E|)W;fgBOu$JQB2pqUB$>wZepO1d>{S`rF%Kb%4Lkr}9g;E<BNA(E
z@i#T^dhLBxmh!Cl`0u^?)%90~#Fk9VMH|<9_|+54WZ-MhWUO8ef&u7kgoKMEf`Oj{
zKwH?Die)1Zz?784&Q3-6wSDXA^pK*3G$xq_i!@AtXu(D=9pmH2$9eMidiMOkU6*x<
za`!M+_Va!KK7qK&B$5zFV35QX*_C<x?;l;Z?N^H3Zx#3V^;bHtzh2Uez!H*1aL>Hn
zGbgh*%CAi031&5Z5We^#`{a=g30l7@cbl}S(_ZTI-LD&d<b59SxW0wm7hL4<+{c{5
z0M(AkD~U`k0T8sNAt12Aw<Wd_AXy3PnsEhgM%lZ!IjT9eGN7G~qqaKpa=Fe4$P<=H
zowJ)@E@o$I%puk+aH<fXOp=x$1V>6KxePhQ6?CM|J#DkG+~;?2dxsK0b2UoA%Sl6V
z<y3HXC%m}u$1=7o%8i*RZM+nO8p3OA0&q}T%#c6{X}m`b3SbNcm{vELDvuU901UeG
z6pkzr=34_)ga$~+GDfo*5FAMFQ=Bo(%y{N&YuGf+5*(SG%@#Eo!b56gS!1?g#9mrL
zI7}8dFu85jNHsA-c7=`N@dp_k%5B6U9~X0>opj-j6w9H>E3}MC-0tpCin+NuVuo%h
zyLUlMoKaoK?PhMIBD4_^iXyg9rHPY;Sd9>ZglbV4R17`xHJiPNZ=hlKC~rLt^92}G
z-Kla!SQ^hu!~n+)Vy4YY$Qv_YYz}jaTGc!Y8<ZWa_c~H$xpcY^C`37MDFw@PgUsIq
zObhw%&`8*st9QrK^DQ~QeR7TbPv{sk2h)ChS?bTLs#M#fpA%~odNVt|?eVs{&BITh
zI-OP=$8(6WTlIFEy7yQ+Rv*uK3OTtRJInfNt;6s>JaBan7he*)j$g{Ijb&A7SzYwx
zxw-dzmsN1e-N^X!O8J@b6qP5K%H*uA9hmk!`a2TUX<I|SO7D2m$=bPHC7Jf_J#|Sn
zyPtBw+q?J9Nj~}{l3zc*eUZDrXNZG4aC*08KUAuuFS~7+T4p6lRW>H1*R!7-W!|5L
zF!qELa`yR+jG;54%E#8>?oM%nw7g;)#ZNM@R_|k+uCEWcW;_<~Su>DtuAp){y!S(e
zbwSrzFq?bZ?8lm$-r3wZAxj4Jd2l{NH(iglc%csF6(w+X4DdtO>qfe6hue3z8?c7u
zZ#B3wE!v=9BL+r5-FH)Xz1MTR_nC8`^4p@#Y1-K{k>2;vtl6wYmTn;{c9^SUY&3zD
z$B>fS8R9a_di)0a-to046cU=l8a8Oq144@MyM>hqLWZG1yd9Mqg3LisYAzb$ox{|<
z4Ddka3BD>A39c39uB^r}krl?Ks!?Dm8j=(WW=U^t)^nt;dA4yyoM#1C!d~Nz@3xtj
zS22t=&ME*%3wf8Ki@XY^%tBCr%wn3W5gXi)p#{dTT9qzQjATG;AR<73fI<kR-h18d
zuJ2maoj6gcBdu9NIm2#qYh!D6wmX^96EFjN>z+2;LK1R-n~f(0grSzSQ4D5dO({Ig
z6II8~P1AKpi)n^n5P^mz>g82}C_(~)Xb5WhO0WUncaCaf7o6x7E{0G57^x^$5Cptq
z3vUd}%@YHX!I%h!T;6TF9`mFjnb~peGD_#WeV(xsW1Qy|^_~ZyFy8lzY-+h~jcVqi
zoxnOm7!xFQTkm;y3(hl;s7P@h0G!N}0VO3Nz_NI#TX1$}jvb_e2^<eJQaDZ!$T~Ad
zXdn#0=IU*r={e)=w@rQX&pcE`SJ|G993DkNGOS5QJ)P@}U>Nh?p7(9%0!7GC>g+zS
zHef)*j_T!ISv8YH6{IMkMw`)zxz7T4uNs#QGB_CH3*+PC-`}4+cYEJF;`%!ZL8k0B
zh7cfN>A0&hp5A+T-QM_hf$N)aQ!uxhHil@JR;{20Xn+A)w@w(mWU-4eR$`s=t<ICI
z8IhSIobKG}b&)eF%uo>mh5*74%tR40GrqLvuRUD5dEYvE3^3>+h=w8t4<03Hq6;Z*
zYh#FWpD#Jg=X>CIvXaIruIq8b0~wemWH+7Xrgy$79WX{ryUV)gIwwq}j4H-Zdvnh@
z>Ac=~=q{M6GAlhZj9|BV=Q=rcxK<D@c<bG_5tgBu%YTXwPvQO+sOkLepS~!EA<5fx
zmSo+>uBj%sa&p1jyFPMB_t7Mh`Tg}-rZ>3suWyjO*KU1ewsv29x$kGk?X1hMt3KD+
z>yy(vc=YI(bramOhWwsmGc!|lC7T-N3#|B}w-e6V7%rCiR|A@?!i{)q2bo1^)z~R5
zp%O$#7iEaB#V9mY0<=IzMO{p0@L*JgnxqF9!Hgm_YLHy#CQW4lq6m<J0U#;4IgRgo
zH!2;@aVl`@Q*_A~q~-twp0pAjHb`m$N%+iMV%ZH{>o<2*oFaiBBAC0e6eLs=&0T;!
z*7Ln+RF^;jF6~(XF@qSwtcX=oAtL9w*0gFtYOyhNNH;xcq|u;Y+ie7d%M3CpBLFb|
z`-iVkNZ>F&Ko6ax$#iaSNy!e^(3+J!#AaaHB?gZlP2DH*T9S#R79>(0P%Hpq?%kgt
z$Y)HE^}q#xZ|A_zyT=wq8P7Mv83877WyCcqBU|&j^L|Y8egIw2&A$a_1~4o+fL=~4
z%ttU^KcbQVLz7ktX6PE!yBewvRbv-wr!1?8t#+R48NxJGBc9n~A}$F~Q?^J2K>|h(
zEPVqw1x2TW0NCCG4i*L;6^1@UnSg0Q+A{-0lQX-#OiQYY-!oml^JdUVAp@|ekdgvc
zF@qhdBvHBwK)iToCRe(vV2IlZm~%}y+F87W1L@5=9FQ>fM1kJx1`z{Nh=LO1xZ9jt
zV42;PBdJ6IXdqD(16tk>G6UNw7nM>VxuT%}b$84KW@6NCHf7ef8^=C(wdr|IzP>W?
zenw3b5Qsp6aDqrA5(qnC9v{Sf=$zl^<BN#>CQL|VgIQlaQ#HD8&zk)E^?ddDxe^8d
zG8gBMzrT+2-<6vy>;W{kuMN(vVgLuf2NFmm_z*zz78&gYo^-J-s!D_?J@5&sw!C!r
zEfgC=2*N~BGf+_#gs>WoWQb&GBqWkaBnZW18RoanZckFpUO4;8HMilQFs2QVtLpV_
z^=rlT48|VNRuZaB(@PHdPW6uO#lf=t6VyDC42VKVNJtDZ&F9?bz23aWj%PUZGZrzB
zJz`M<&fL#4mk7~OGXlz_vW4c2@OA-JD7<&w#z`R|77|8AM1(SUdkHx^yz%mHH<N;o
zz7k0htp==oyy582jB`CPxP5lM{QDP|+0domFW#E;d?6qZfWicfk_VpZcIxxo`I~I!
z`;Rl;p0Y9ogCvJCd2P%UK}NG^`2#xypwky5a&KNd*QW`pDl%3ynAB`&u#A97BOr%(
zxz<X?4shh7Se9aET|-|2$XL=-HRsLSSAF%jHRLuP<ZoA@Z_$!T0vhwT%J-VTb!Fdg
zP|iH&x7)kdp$JN#*%J&bU|1^x!a1gG89BK=*XSMm#RVKk1q4(@7Zp?AmwWhrdE1+J
zHq7(qilc}ih@ta22R@aY$dZse+&lvi+6WFuO#|}-j(#3E;vy=DiR<k6bKUFQOKI;n
zpyZQz-RKp4VIc@eD%;##!CO6i?)BW#P0|v8veNm$o2=0>X*rMvgo;2~iVPNtRA9&$
zAhv0*GO#xjE4}7tQq|{Ugg6~HT{5lS_ied@-Ovu!8YgHr-NRfQMiMEf0*u(mA=GIU
zQGvJ%2M9T6jsOvoFi6CaIZ2h^76b*2NCsC}$Qnc<5OP|CS&FM=nT6LIK(umK19lqB
zkRz6$xzQo!b`5b^Ye`HeFe7BD+yTJQmI~6qPGAFBGpgIpJHwIP3m29JoExZjjUyZ+
z*zrszTCKJS;zWQ53St;Y!JwI1hdOt2B+lh#cNdbyOCn}iHbhccDzyuQN<^~*f?_N-
zRAk{(G~lz72_nu|LaGUtSz|Fo3T8?Rm{z%T-ENm@MQ)<eY}j`SvqS_}R|^++Dp;$Q
z4r83x?ov{Z@`zP>Ud>@l(XnFFD21VuOq!BpG}NfpO=A?BVw6=9)FEW1MJB|_F=I+d
zHejf&79?hkSc);D5waOEsIj8PHH{jE1~jDsq6z|_$YCO*5wTV=B8D(%*s%pcCW6tn
zNHl6JjMQUBSzyT0Dlw`}lTZOznWEU#Bw{KkNVXbLv`~<Y04!01NsMD-L18p763A%+
z69SbbBQhFDkbtI|OhHWs)NCfh4Q7-mqBUhoQ)msOvou>8jTSc4Nur}sO*SpGiLtV4
zWT{c5i)ED+8p&#mX+%t8O-QuT#HOW*wv^POk|kwDDXFD2r4-bxv9m1AnX;uKr4phU
zwi3k~ScIlwD2%3-nMh2;P{y_>V%a9CYG`SiSXMEOtY)f8#>t9eV?{)Tv{o}|lTc9^
zDGL;|h9!wX0*OjZHd?|XWks}&118O^n#BZaRU1TtF@#e}3{2T9vc$x_WmsEH+o+x3
z?zBaVQ=qtO(L&Hd2@a)5aQ6m!14RlH3$DeBQ(QtQS_%YrNr2)SDB99K_fC61&wk%`
zf5-P@|JrkK%&awQ<eF=)kjXknvWFhr<EqS+Byp8kHcI!fb6+WwOn1l~i67KR;1SSz
zEA>WF%b89u*PhPoZG<{kd^|EnJC&GPKq6I4S1*r~x<=QY1ENEeP5vOynY#u==GY`!
zW-;gBAqvK&87az9pB0Rn6|*B1Bc`%dfzc4N(SCX%@OlBR@CbGC=`X7o3~KgefPX36
z=HtKKmc6qeB@TQDyLfXNMY@wb*WGvhWeB~QzDt?OdXzC&Bb|Rb%aT7vD~Ix2h;Lo>
z7j`QpHQ`J!N$2ki51X~YbZY-HbJz%{!eJwmttAT<$6t7%tT~BVox4mM+tc1lLd15=
z*h@F6j!k5kg1ar`P8JeEk8^uwtKC-$USAP~<yJsv_GywUOk<m0&V~nnQV1z&f(AdP
z=^Lp`+z6H^^w?(PL5-NIX}Xk2n_3y!WS?8I4r=V0c2>`><vq}nK56XGDzale!<owQ
z>0U{0((Jf*!t7GD3D_ty^spSBG@7ZRvbI=~ots{H7)z^n4o7c+S9PD)EPO6ltZ*_x
zy_H>sM1MPskDMziC@o)lLZHyI+$dmoDd19VP`q(-Oppx4yNJa{Sy?5nwvh`zo?zat
z{R&q9j_XO@0Gd_w8}87y@-nJ95iJmS@#=JMaZ-5A(+GiQJ~LtBp2W;GE*W6K!)YLG
z;5?;{#vXVJs;YhdRc4-NR$$$YC;ZDj&0?I66BbT1lG(l9pp{T0Qo^2FOtlbgG0Bxw
zuyMb$KJ(VMA#{K!&f>;pu|D0bGb_@OC%ZAGq5cDHnCX_IWoCvKm^xG}*-5T;G5O<<
ze6}mK4a{pX1L@Hu?Gq;3_Z}oW@vKk6TAEB>3B}R94}Ja3`ID0SnEyz_<nZ9n*Ss_}
zOz!mD8*hrGaXo7v5+@jd!TJT(*_zJvWz{i+aQc<58(nUHWk-kUkWRr*F%8wu$A^5R
z9O^EDuv(uco}W9X;nQfzH)KdW6k%~Ap+)OkVXAK{&3@ygk!^<cUn#uEdgCRWPt2O1
z2hNsZC!q!MEx%g~7}GwI^Q>Q_Bfu|y5s)p)5vo$!C>kzK9$*Suk&gv?M<k8pHaXTG
zhn8`)E{#XX(}vpEb2-;p$I0~nFx=V{==rWv6fzK`cH~HBeiK$3#%aH}dXo)4_)f>x
z@ak+(le(OlC|-%#{kFQgh_rz~qsqRC)=T5EAS6gf48u>Fk$1#Tak4+`V|!N9XASJ?
zEMMN0=Vn-(SlYCHZhRt?YAtcQ_Q=r!+F4ecCH`)F+IOk$WUMY?q4S<!eXaCbn9@v_
z8`1Cv^z~Jxo>Q2~go}}}Vqmj}cGXjxb^)=#N3w6PaKhr;&KsDvLdH=%(gjJ}YYa}+
zDNH+AC1=EV@<#SGo_W_FA80PW3xQg(T%cczL@MM*w#yIuc(};V56=p?#K<_2o5nSe
z_1Moy%uU=ZR!^mD+nq9y(yOVEt_%)HX;y?4t5MX|%r0M(%ZB^l0%8Fd$ZOFc;o0<>
zw6^p^Gk}rF<9=uAj;2_2@GB9<_2wC@&_7Z@jxr1!De#H~oNiXTTIaw(!TOL4+;CXo
zx?#7a{$8Q@fxK~bE0M{CXjD)JoUulHr5<fFLRFA>X{u9r3sffvT{&Hyb$|X`{KLX&
zc?$GB!8Ma>RZ{6`N$>W7eAqDhj7d~usl{<YjCD@d&je*9b9HI%)R8K!vniF$k#lH_
zL%v->HX0F)vE9)<L4LwT^xha7pKMm?aB!+fv48d<XH6*27NhQsF;o}M^yxAGio+NE
z_2Cyv>UR-?yxUjbeAhFVzx}Xn&1fFo*$bjL{`&YNA*=1NPZ0%!+rq8hgJ?L^bhCjt
z>WP2cN=%Ju=jB0`(D%UAgDstV(`{Kkv>H)O8LqOX3s1ikn!dEa_hC23tx>5tC9)Bd
zY<oP<I?FkvH>#D+L%wDBVe-9T)I5uE>aY{uTF62h@zUbUQjCDnd3j<Yqk?=}y>qKw
z^h8I8bFHx%{}r>sJn4jD8?RAVn_#AOx;$&on9b4Pt6^*O8~g!?Xe^HH5F|@`-NnrM
zm}R~&8(wY>4@@~ih1q3z+|XvwE1IOb`H_ThahfEWA+iqMTi@34*Xf4UhGGg<W*QcR
zpt`SdC*NB;;Uhf);OAGB<4XrN)(^cb&GDU8_WZlDjakhZ8%^lD;A18FSuyw4?7WYX
zdlsSo4sNqsanCl~CtBf#v7JE$>KdkQwf#lK8urK9X6e5=6ds>0q&`peTcO$Dam_3r
zCd03krg3IFiDTF4pT1)K3%a}zjIo+Do!e0VRl@X1OR9LkL?L!Q)QjiE%XzJBLGV#U
z9z)KsT%kEfNDZ>c^GDQvmQe{ucE|mW`lO-EV?Anu`@%$lO@MPreNVfvnWcUCOul7n
z61mfMvMYb9MMQY&_~z!`cq?<ee&2}vn&x}hCdOk6Bhr0a94ai8vEDUF6=HFGn}(QN
z^zdNghPQyt$Ltu)Is$xmaJv=vDiDRa)n8t>#yU{~x8~(!jY>xd2sP<#<+FO$O-T>W
z8hjh1jH-|ttr?x6UC%%IIbT^Fyx@QB9%tq*EF`VC?g2lkkG^@zLPN%?4h#a3&OtRe
z%%|I9@_QvmM_3E?g2f>icT<zj)uK?pf}vBu#z}8A=|vUAessdg9!VQInM`dk;vk}Q
zX)z_@X_KL~69tb@!>j%kNs$GkVvicd+y}>pj{+ZO^zJ>Iw{gUNg?`P;7ra(&UySpt
z5FSby5n*ePc%3LYfQjEq?s7~bC@L4xc8ez{pg<)<4V@D@OD9ejAps{>CM-z*4oeN=
zjR*535;ZH&RJdBvk1GJ5_!XjOpRQ|`%@lpexlY?>cqX3cfj(skkhXjkP~7tarTHb!
zZjvKXNMOE`=lXQ1gPv_la*6F&iF3Y-EsL>wooR&&SaHYV)CmBQbx0e=;gh_1kJ|Xx
zC;7$QHeB%DY3Zg=gB-)+OY*}vEycrw)U!Gvx+;Q^rwZYpCD3Cv>9#$ayf38DnRv1Z
z+F2$;r4`<IJ!bw6R9CL$7Q)pK#-mmGr01g&5w$3KOVw{0g&EzSZ^#2V_*T-p#kz`c
ziu32K*F6G*&DHYsof6&PwZ6>-ARFlvE2SLS=Tl*x37!5f7lHAMJ#uEPj|9y#_sti4
z_nRj^>mSuM+8KGPboHD@>mf**cMdhe%b;5|DCMO_mD7Pj|FhOb<<93U*RDp9lp0Lh
z1Dt7Nb*L^d)x>E(v|vPHvnpe8HuW@~C8dQjy7i|wkq=>2#JXu*@yXpjVGpTRFO0rO
z+Op3yD}-A4JiS2ewPM&i3d<dyIR`YC-vdDDL3zn(p@7@65>;3O+V)54i86;s3g4j0
zBj1<V--znw>IucCO(O!z@H)DLe1ru(hk7S%n6|Ws_L+8}s*^Q}dC1SD`nUH#yk?*!
zvI@gHi8&{^nm+vEX3-t;dOuI{x#fr#<M_n+DYvI<m|8hWWGrId7|wtGrZX?Z&<&NR
zZhO)%A)3+qB;bj5`t!5qcMcc0Xit9AbQ895-_y2Wc=6}khbCKeWU@)`AH}5gz5x@d
z4cob?uGZ!8j;B2XQ3}KTl+TEvZ>!aI<?R=jcIFf)`lBi}=9djZPtL1RngmGY^BU7)
z4IS7nM`zB+EuoyyURh9A<|~#fwjTs~8kdSHhvTZDm1kZXNnsH<Y@BK6)pLKjyZgG9
zUIMj&q?+3B@I~pRlh`!7tTE)A@<ypns13AXv}b>Yj#Tp@%pQS19U@6{cI(x?NxxZQ
zWJ4H<-(0@VzgJH>;?hmYAonzv^WCoO(R(*9wX*m1(n?oVT*TvAq8rlKW9uzi><T1N
zg=!B4;YDG?@|qqpc0CQi4@7i)3%kb!Z`vCI-@!=*d#~lVY^GOEG?Uuc?~l&EvL38j
zH<KJL)?Ij{MaW7Px>>F8NG|+}HQCz9(=1njkl>rAA^Cj*@ej?;g-l;HGAhxzo<ZO$
zho@EhnbQi%S;1cXRqG|qDjyXTR$d6<#e!c@NHqvs9imb<3Q`F4)xN6J%UmU~M`|67
zA&WjApTIx5X^iB3NEziHFcYWup)|YP#dV?!^*&8FzB;}A<(7J(9DCOBA(E_8U6cE@
z3()mW;ASGpaaRCS$I(_06`%T+pP6(V_e@81CT@<9R)uvOk2>IZG5u?V7G0W(q5fq{
z!X%1P1->uru~<&_<E<a%v&K!LtAu9bCOz6JW1pqoi9tTkZ|*}j(z0teW%Y-<a$6lE
zheRZwE~r#jz0NiO|I^U`E5ZQ`5o{0$1jJ(t0Jtwf{#ybXU^6!EkHf>h<A8zK006vj
zt$$+vpZiAPE=2$!JKO&wL1_LT)%$-}EnYYQ<Yi7awtpcEIXU5Y5p00}*?%CeaKOJE
zkPR>V&n4u4CixThPjmnAAzBbT7<M(9Gf*1<V1OBgYvD!Yu=Bjk26E-ZIQ+2`tg&Ec
z(t_9kc;UaZGerFk{^SO_IAbpXT7T;J?cs%Ey?-3GBy0>_F&p+4pYOLp0)W|AkKp&!
z9|r;8h5xzu?;b-`j6(z)Fo*5GMgFPF+yN^lkc|fT`w0z*E1a%~AQwPm4zUFoVeKA!
z`}@&vA+P~nIFOwUD;VInGYbD*0FVvqVFfDs6a3>b!0^Jcs*J&w@qgv86$5}=uz%;l
zgJH`Dvi<w+zXB}~8x1HMLW5N>4GjP<f}IU7y*OJ7l>J+IG<Yy<6dP7Xh!%Fv*>bkl
zJu_@lP)-gvpSE!&;I{+TNJ6kRVH0CN9ax8lZRGFpzufPFAT)I4d^x{W3jjd=F03<I
z{cC2v8hr8n?ENSRcYRkpq4TQrCjuS+FKazN^TqQem4Kxp%3xpkW=HOfc*)afSGtKe
z<}MdZV7$bh!MC;BhRa>9CXDy}xK7AVO6wEV%-#LsAl#ADmlD_4^P{V(Ln|V2Z))Dh
zhEoT+l+Q~CYAe;06Y_l2rE)*FGzBk+f3%+ayesy7Wi41(eVRffS362_D(GZtIF0Va
z%Z}>TH-BNFewC|~i$WF)8@(Sxke_lZ?-QPI5eEb{i@bHdt`Qmu)B8ANS)JFn;RF>5
z^q=zdFpneaa^gFiKfN}Vab6FOJ@KG;7$jy%CETVype1NAxMS@$MopJj%$qtJ-sN&I
zu)r^s0x$Ci7!)$MHO`8gfvc<gLw&3GNdqB(22Z3s1;-0SaG&9YyY)gID?tOL(*2n5
zzV9|mV=S3O_X)#k{EqKy?3$>ti^4>fK6&#}do2CH5B&xIcvE?oRjyKg^M!sZ^ur<|
zjGnMm&-R5cuYKPKAbaRIUeQIiS^u&~Omt<|K|uf&*ZH3HBd&WzFP30ipXd+A;FsI)
zhr}Wu!7PYkD9q2(Sqj^94z^zyitkY54zPBcY7$Sd&#c~kbj_==o{XeJe>0=3-+}!c
z&9(l^d&06Flli09s}JVudgl(hQ8oNTLbJj=FM=Tn+uYe!BNt8=a_zb12qsth>Tdlb
z04m7Pbyqt6jofIb(q^T&8a-Vz{WX-`rQ6_xE<??|ZJf<}Hk>mVU=PiZs1jkHgpWHW
z{?(kLcNPBMe+JSK%f=8aDo^iS8rH8z6>{Ih|Gv~_2VOB1H+bYx$P_Z^F#`6a1SYL3
zS1-n9FRn39_t~0{Ckl@z?$8?Xk5^N<ylD#F@d6`?9SUV$=l}`T(=rY}8W>HwXNo)Y
zc~==cu4ms?kYjG2!Kg$Lg(fy;#K=ulYFsvERZQWRWQ5Q|SBqQUMuyr_Mq^*N7+v2R
z0c6~JYszTxjtvVNDTPDPqHX+kYB4E(2g64h6CvR)nEJFBl5WCx+f;W&3*JQDxLrIE
zz6eS_S)!?|F`NC`YGCb7uP5!|=g(Gs`utq<#z4WHL6Ms9>BBPDAsz39gev3l1hz}A
z9n<lMI-i9e{&QI!9u{g9W04eL%JvPyayBX<lL=oBSLFxla+V+Giz%x=R>r(tF)k&#
zm`B+C;s<WoTGcB(sJZ`UUVd=Mh*F0O@-TrD^f34mO_VB)J8^e<M%fsXh1exlu%Nzu
z!stTBla=4cp}mm5&FKwcuhcDI9IE>k)5iY2w@04W@9XPqikCI%xJE@2G23hh8Us-O
zwJ8$4#ni_)MN`s9uMAnbuUb#@sf@*_M`>^wj2xa6_A0!@0ozl>d-~k&aP3w?T{R!E
z#T3&4Q_NV@O)eFeY3UM~J~l5#Mp%Sxk;)O_KhC-7bL@HX;(h<25-=nm|1n8Xj%cV%
z*39k@U6<+;)0N7{4(kCUW5c+-GmQE7(ff(tZ_wwo+Jrr3a@<x_>k6d)R5J5oKOft3
zzBwdhf8HJ7Gkg*-pnPt4-tZ>wN1F)l*|`iQZ0YHH938=F2VcTLBl&~sqAx6CkOJ|I
zNX`h}2s|nVnidJUgM^obGFoqD`l%sQ`jBXnNMd(_5=!!nE`4)TW0xSMPsE$5fsN^H
zpJig}hZ5LRKib?zgVpRrPOjDtm-w=jXS8Xc@=f0jX<yXzHYP~RKF>S-1ZY3C7s0uc
zx*51faCM$nkoMSLU^z%PaWqNT|7sMw@Cb~O?zBY7?XR_qs1|Wpf{78P_5wO&@?irN
z`D|(7%;R6>HIsDZ-k>^py!?62`%Q{oZaz9-z99Om01yAgT~U0)`CG6rJNP?Q_22ob
zHGemfG+e#~|7Bcaj17X{f}NvHud(;o;N~qjRGlA@O41M<ZF+@Gj#RDr@lRX{y#+h?
z?+4MQr|jTu)f#MBzstZDr_TSWTeW6|9ehDmeXY*l!$EI@jiM%L_%X=eqFVFy&x6~y
zU??{B7ZLa`EOv3o(Q|4WD`{b}Y<~>^8Y(~hyZ0@g2;ft)A79i+XsA|lSeFkMZc*rd
zWm$=FF<xXmhz@@VFj~oX1^^WO{`LT}Oe&3ski_#xr5lwSR?w4Bm1VHIK36A-XtPUU
z#0j5b1Q3A40CwucK*r2jWjY`pHWOi@NGN~~aKGYr2}Fum?-8~nWnz55GcX5NIRI#+
zRje8@blTg1J3eiGSftb<HpoR7N&uj^O)VvyDPX8A`!S~H@4%lezG^9B+4lm7nt!f9
zI7mmCT#5nkzu9?sFRaD86}8siFVb$dS>PA_)(-V@%-Bt?kFey8eR@Oq@nI%q!G_{l
zW$f@mC79{KcrAoOw9(OSX~5Qh(UN!4D3tguy!U&LQW9mf%K60uckZi+&+Z;E3rEG8
z9&D@y!@;y0N+`Zl$|8LEb=+_n`jewmRFJ(o!ns&INlLUeKtt@J@|HY9=%(*O4<U5v
z78d4xeU$WBN+hnip4rkvq;K2POYzYyl}jkWhT?FH>7v&Mjn(pYkLs1hdd6vg=%_)2
zBN&app+p%09j)So99SG?CK-0U{8qDJ!HzLjy8WTFw@`Fv?V_6g<2hKN+)HsTt9L2=
zVn3=(^?bU3E`)AAtfkFj+T{|p#n*vVFIK@A;%D^QMsY?N9HxyW8LH9E+C}{FBy@r;
z<)n@T;l%>z->Lo&hey~duHXS)(Up2RPjfP_43K;O6@o4YgT)B4aR5_O>f;ZLOEgr9
z$N>Zq)vt+i%MEF1b#YuG?L=lrxTw;>1mO|@M!do*t?+p4PYnQoT}y?UE{*SyAZCv7
zRpE1Gj*^N&Jn-MqKzeWNKubSE9beU0S%qqYqvX-wC6(couSp($OgAFd{)<bK$wcaN
z>pj8Bmo2#^Ql-WjC4wcj?k4;t(;9|}3GU9T8g7=#0HSBr0$N2=IL}IqBp$W=MTZAQ
zKC7ll=QFWXX^T&+H8f_@U@}{^XEKnF88TZbSt*$VCng$dcrcb?53v416G6oXG<-y@
z?4oV_2-tA`uh?G_vEPsXRty^dyQpHefkSSBGW!&Jyl#HdR)a!E26V^&I-tP6*oRL}
zRdZH%R!bxFH69i4b{XRfr;tE@w^X@asjjY}&%fx|_G<3e|5A`vc2hJ^yJzz%H>F%e
zf85Gm!k^XOHU916=clec53ToxJBa}cWfoxk?h6~Yp4x?j9U|=zH*tZ-5aqW#^}D;+
zW%KI_l8e&v=qorBT}-2?c-6MdmDtV&W5xiG_Aj}x!`w(BE?dApQ$U_q92bp2N_OS&
zQ@r;eT72i@z-qz24Bcp@eqBB;x}%t6yC$)L%hp{hUF41RBx{O*pT^S}lT-_GutD7N
zZve<e^G>8eBpalm68RU|6SL^>7qv}qbm<8G<tQ9KFTSb57D?dQsK>_pPOXga{$LzA
z9drL<egB~P4;?(p2eEqNf#3b&H3+SyHxWa-XsWB1IS`=@*>Q`38Xj55w>L&J*;@4L
z@|O=)WdIE}R}1|SM(H$c#{ALukqf^Bz4t`*wBM*!sVqM#O(`dOqs4rX_ZXw{5v|y}
zO%N23rb2_yH?l8Ii=(HUFBzUz?>ws>r^Di9p|2nN^f}@?I;i=TWSqnZPmX-7BX^W3
zul45;Rvn57r2l39BJ?>CGy<2~m_)?@N8OjcBn43HVtg<4S-CMe!5eBSk)K$z`MWwi
z{?l0zN5fquQO)1|*qiHT)TWWx@UV!Z7W+qn!~gf_@7v!O;s5&A>z8-`dNO=_Jii$F
zx8POo<fSjO+^w|OoiSrBvX!$)Z;!UilP@QZ4||p~T>+W?+%eK;1Rgw0-0mI^r;^3L
zzE5npRL-ml^EV{(zYgIE#>iO)`y_@=dUf@dR(M|B?@0Gdc&E}gM>1cM=(!irDCLjR
zSH7s9y}BXz;OEC1u>B!-(sPRrvLS9C<|MagrNCYuBa(7_-X#CAWDKAE`PRO8%9>VM
z%rBvzp1%U?CIhy|*PlEgA*p2rOdUPObQ`Q`QHl=kOiGGuTMbhRH$UCc)WI$w6}|DQ
zw*2t9DOc@XjxITfUaY9oaQe<WFcA0w6TwEKb(_a@rIy58pr=Ld$-&&56PavNXir^k
zs5Ne}E-QHCfGl@d4Q;Xt|M6V<KD<#F%3xLg=q_pJJ7(qUx}m4~Pl1N?LX=LBoc;mo
z^A*J=Ff~ZBiY+B62Z<c}NMHIPfW;~$q|9u!_KVPt8>~?idu*ex;Go>3jfJ7)u2<@7
zgk&U>H$N=%6q$WxQot?=4`RX9Nrn{X<fIbF=g|e44-Co1c*A?-A3BS$kOT$Ls-K=h
zXp3@Tr4<*VZ6K-Q{vbCdDqvtcA#7{sZGMiXe=67A2s=h$Qa?i%hR=1CikE@6q-DQw
z2YK)HM1=?PB-rPGM%BY}dxS>JRmVD3TI$H#Gp(K#WNBnDi`eUe6`ox`Aj*%-Lm)ib
zYR8c*%biuI?+}lSRf=ypI7xXR{g36=t`S`#L)%eRG1yf}NWAM)pJkDPH*j$RJMGj2
z@rQ!bt=y=ECB-k_*^M_>^98&*)A^Ai-wIT?TBIpJIZ-DTbg0^zOgGv+JtB&NN;n)&
zHLd)pdIW_iT}(ykNLG~#bI%{A9=!DQcjw=hZh~OXL=EbuN2HwNd}V&yQN=IFg}&?C
zrG?|cG|_FV9;IUIb?7wYuaOuMxe(YpX_LEGD>v<SVwYoF+W{=+-a*_83a2N$O-A}v
zRkGM)u~*$L1GUvoMWR67d)}`>G|jP)B+4j)X*ln)#GT&RH={*Q;^RCE5Z6z|M2W&$
z@`OXzI8wKu953iA8tYjv0iq~D6cYJWyRx0$(@~Lkq-`*4_#N-Uq~vkWw=rvY><hje
zjV3)7R)|bWnz$g`lPgkZyIE|tVB`gK`3?2v@;Ae3Yu%C^f$ZgLl8C+lIm76#(9)+c
z4Xsj=ANQD^;~zU^bwfL4wCP^$U!%ttR3_<u6kN}Ls}k0S!W+3?QO{F4Q4|?{rZIjO
zC7l!J;J>mdR9lU#6&?{f=ek>W-Z@5sxat}{q`F+fg6~EfD9umYCOZ|*pZVvWlbnpe
zxj;5&E0n{f%B@R=8B-zC=oJ{tD->Z?P^L+|3rHd{E%O^1;Ia`Q1=*F4eZXj$s(XBb
z)Wi{o&i%Od6f4U~<>o~^%*s<;=8k>TCefWg(P5xTaT&x!VRO|+H|&2YwIcf9oq0BE
z<y}|ySSu5xz}Zt5sRNq3TqfAF?H;OCiu}=!ckBVejW!nGncly4uW$+s>8yHuowx!W
zn9;huYDdQjm5z!J#s9qG5*8O1hr^~&(m7ZcCv;lrC)&hR=_g)RIRk#Eh8nL$mc=-!
zqA!=+ca%Y=$4Km-o)L&EE9kkxDnRN&T$D4q`-A5b=QWVccIN3$N0xr)^zRu@Md_fj
zcRATG<N(zx?8aeN+^FT8oJbcroq&4~2Klby191XkvIkKaO@;-i&*kM5FQ=9Zp_7&?
zC=@F9LjEBzD2E%>JzUe@BIF_{pZwnQ^iGpE=~~KsUhKk>`f6r6q&*>N^c2bdT;lV^
zUY&vu|2%OyUzb;qpGZO7!WYkC<mb^mO9WA>APBEnRB*2-H<gP^wm<J%ARv))PODr>
z{&5u!$M&(Z#MB{odb{InfZ3u+6%DSG<*T^~CleduT#UW;T+2z@`yg=|01gyhG7m52
zfa!67QkfQ$t<(e0l6^@F8l<wfI!nzYN`k5A&Y#lk$0{nWxdeWh>ZF)3dQ3ne?n!2C
z5Coc5KP)JZUF#zE?$tky(RZG)$PztiUkw;PJq9t%lGmMXm<(9$Y<G$ZF-Fg~1u|+~
zmV~2)1Xp_|gd`^vkP9b0$a@v-bmXlyL5}O*^pCr_I#pSlUWt2Jn|}x`fFTP~o9=45
z22lo%ZK6lo?}DCpDr}tlj;TI|Hk(fvAK7?{&%n!o{6Zj_Ie*;2vj-VLrraHQ1noqk
zvgI{5+|^c%swXP@#*azfot+Ry_V(~Slt1!-_eHg>S-(LubamPAihgS)U(sjf4P@%s
z!daeukZ}-T`Wk+e`qE6OI&Y+H7XtAwUEU?)NUt3Q+eWcr$K)Xa%{kohqr?Z@@TE(F
zVvk3C6EhG*TJFq=>l`9?5ZTxk7OICr-E+%jZ5~LS*vYx?1!yr3_GqMgfC1ElGGqe-
z>ZCB@8i^=6RlL%is$S1+IdO;?ul@zy4OE#0x-2<}g41O)GMqA4=6EI9e|42YNw30N
zYGW5IJPO`@;BJG>c((?|olG~bC{Qz?$Ob!wadL<CEIqDoVAd}cl%jB6a|@*edd|Y?
z;1j3n6*rQdbyt2F0iR!(KpzEseSCUPsMf~Xa(;p<S#J^fr74l&KID4?;``dK+VMT~
zPp1<|pdF|319!q$z<wxY#MA~W6EG&6^9-0g9-atz`H__wxA;tnP;DUGUx~1H-<y&=
zd_bA{79d$f2I5M6;*2ASzG;BkD##EjKLl|W_ue$4Z(<k$$-M+mq;MpFF}=aw6tTUx
zER+<4;^Iokfen8d!kFHdMMOV!F}oEIw+lHWat;`SI=w@m{YePGwH2Add(C=-xIuiR
zE+RvpVF3HkNho?E_K%1$ulHo21Ao#0$X`$4IpdOtpKY*EMx0}yYZ$eEKM}3E$a(Ly
ze6kDqUW$-=h`ZsBl~8RXba6cl{RW$64h9l?4S2#ZaW5jr%cQ18l$#O6m2TvKJ!XRj
z#7l@3m;$)@@qsgt3k|W;oddo@B1f>*=LSV=_Pz)4&Zun!V4&ER{%MIK_Hywgn3ksu
zruIh|m@la3rW@k``1$iE!2ZG)#H06*iZQL&q`#E`oVtC;fJ9C}{;dpL^a26{?F9_j
zV#l>90036cyAUTo3E;zUvj0Pmzq8^N_bN!?k^>B|GIS@e01^RC*z8N#CT_}dr8O}V
zI3SUOHwbja6A-q3TTYdUn=q_yus=*7VLAE8--^DzR@`g?De{!zJONPl5-r$1Waz~z
zYEucO5Bj%I*q<=~fFkA<#1`ANMc8XXY;|z?i5u$!u8|)gfaIMrbrI~9-Uu$%I&k0X
z-5`8HybgJ|Gj2A&o<NaEND-M747AJ(*vCEK!uER__8;zmvhMpbnDU>jSY2EOt=u3m
zau2bok^f~}1Gd=8{?qH>EHEWn7)YM|pC)T=0B?!K+<3~~{I*MFTx`2%mB~+#Qn-UK
zP&SC`ci&;lO@^W$IAfbe@X7hN8TO%XKGBMcfs_>Adx_hebA7>@7(nzp*1-0{P`4o%
zEoLOL0EV>@KO3w(Z~wQE0`OoUuK!rr*$txbCI=CfQ;1#Mgcb02zh7gCgDn792Y4DT
zvc!Vzc+Mt$ko3*!-NAqC9NPh&H>XDkTyb&5(=?dM@9t|-X4R8|?bkh8O&v{Z57}Jl
zy&mDgq=*Je5(;wrDXXXF^{9zu(+dqZ1i?~<@0FD;i=@@!RSrp5A21vayhPcJ9!ar$
zgY6K^4=tJ2fA7}aDu_dTB=;rMvWw5^|M6BybCVu7c3r1p<4&ofdR^rvHoIiEe-2l3
zT{S{_o8%#WFPC&|;GG1+L}$!6Pm~<l?)9S&MsYaG$=Z4MBGW69*~(vVL30t<ty2UJ
zEz{jyA+0Et6owx#4P12q^xf#Mm7l%0Z1RJ)ke{@jUcDshVpiC_F;>ff;+wgR?CFHd
zF@5?)%*GSJ_eP~l25N(ECd}(Puv?+g(s}v5c;83aLqWX%uW!h6(9wr1LvZ$y?_F0l
z$C9QDZht0^$IHB-@XoZZG<acOkanB;g}m54Z!u|}V%F*TLzQno!jz^WzV_v9&RvJe
zxre`ZdYM&b_VJjP(%}w=?1p8TSjN5Mfc#>xvJg>WpmRE<Y>S=HLa!rgD$e?tp<H_Y
zpjZ<PJrvq|5ua=BB<rq(UslO>pQSuU?Bww~L5^Fl`tUL`CNBhp8M>Bvj1enRo!%Su
zSDO2F<H}wYOPO@J`MHf<sMz??k_o2n<5Jy>q!v;!AFP=ylbOs?SD)~Osa-24xn=7C
z89)kF^B|f#L@W@IO@8Wy=e#b!T;Ot|yH>k4)bdIv<E>OyQ2UbTZsn~Y%n_x5B-TwL
zCz+Cd@8~Dl_tjF`dI!?ONoi>%Gd5@zgenv|l#z>LiO@8md9)hTeM}ssjXz$u)g3rt
z*$6n1+nKaaVJVwEjS3#l78kFkC0l8p_8+cTMLiFM%#8V5rgqQ{r71sNcVL)kkSeE?
zA}>6&s##<u^PA0RXxGxJc{^Ksb;T}Re$TpOTn({MFl^08z-d%)%Hyqkk#FCqVewrd
z>~r4=l;zZLwTeogEF*qr1SQ<4)K$(SUV$l)b!+E_%+pX>^bN!_Sob+H5h_d&4bw2;
zZoZ8dAz|x%R!k;xs;M|aj{$0u?+-`6?ssF>X|Ayj5LRwj=aApbu%xd5I3I^aMgcsk
zpB<nooVDRG+i7N7!G{MR72^B`SEVk&Ymcm>ZUt|yjii7iz3h>p=ocYqOL?TAP~ZSm
zq`zorOw6K5x(UT5+dc_TESB@W?~PjMMrAD|l*$*5wD@?Oh>moA>B<N(YwPRt#lFF7
ze#J0EoMf%@0TMmcp5nVNs<{+)qG{L_GeqiDa%zppPRjSMir}hUp@apYURg@;fC8z#
zA_A!E-&CeIp{GweLA8pb<o$=FfY>k=k5%uNX&mQc?gut$59X-O`lO+m&cZR<j7v_n
zCSrcBFSLoQ9kcx)mf;RDak+|nybU2%B`m5F({I1;=O*TZ?jLWK!{%A`5$ZPIZ_>=)
zWJ|dY`a@SbWm=|~Bz3r7uy@v<7X(lQ`CMo$h2o-g<e&kBiZy*=8B1mDY?osN<~Fj-
zs7-0h+zS@fyWrKX75RirQtkRxScC$^hu7F4Q<ip`Rdb~q@vLv>^khNz!8UoC_=4?{
z?qfdJ2~*U&>`A}l_^gCh+Oo&QGfxQ=?j=iRlZETwX&k%@dbHPEwdVOYS-faE1EaEV
zZTp;yt&@#tLk;H_VUS`f)EoC?rKDp!GpOtl3%dDag1PWrn%4|;060A}na~PL7fKi%
zD>gbrTWCr@GUsSDD&eVTL8$xInXTJ8A9a<m;7-(GC<JJC9>705q)4kCXI$1_R7v4Z
zkN}V0dnD+zRN?5(`+_H?m-`ao5a}_$Jf+^Vu&L0XPgI`3!#sYIBwXlMW%aH9i~hQ2
zj?rf;^F4n_kV+BVMpRwf$m!=GTD?i0W<9#$9>v&BYje+JT*@qOH2krgn$@n~Hyym;
zlWY2<+qssSoyj4*P7{u?E?x$@D9Ee#0ZK=Ytxj0P#TUNsuOr$!0*J3^?bUry20T34
zR&37;PsdIPg{$=9^yMz|n^+E)e0K7=Bc<DNJ_gg%1UGcEJ@0m1bBe`5VVJi>Y63N?
zH@{txDV3etL6d&1?Sqx-9x_O>-ckDFt`jM3D^VVjA}tHtA4EW?aqdp;cJJ=jQ}whY
zdj#RnBQ1#<fxZ*Q?JSF)RHuEWwfh6rrzH@Qah<pA`V(ywMY!WSb#?i|LW!lzonMlU
zO<G$ZTjL?^Ipgh+>&#19mYLBnC1RUWlU4y08Ab2RXW6D3Bu+>PGYh)B;G_g!BcvD8
z>IxS_DZAWyMaI{9l1&mnyhH~ud=@A#V+qPZH9VfCWoUlM*DP|ah)-jUFuU9tOXib_
z97RLitye5(!{&d4q2L<9)D50;^=YGFFS^cRj_dr{-otyY%O{Qu4e+j$g-a3|y{Tnt
z9uh!0JN5bHCrgT<X|#ye0O#EvWMzxVJ2bA(Mp;3wG7Ew9(sIaF&5MxwF>z=gk>Z%5
z;0k4jx5!(Mjrr7*&kz#n#r)D@xBRTtY#SKb{y53)2-sKV)x1y=V?E0{V<x?(Z$sdn
z7p4}QvE|sbE;M#cHj*GM;=cj$7roYVSpk<X`Rv&)Fzx>meW5V1>|K=-XuSmvu)Fab
zAF?*W4}N}M9lLzb#QA)j0rdf2Xl_TFn9U=y5&iLTUIlT_qN%xN(@JPfrMCO#x?*ug
zEc&L&aR+_tbGMlkRJpE4B}fHGUdL0QZG1`OhMp9+Y~ARR53sFRr<7+iu+JU*)_dWt
zu6(zZw58U}BSJZN$arX9FeSuNaCi*ge4s=yx`Sv=*8kXzQJXgq;~cQe*bOIj5;+@?
zU3ZBK4w^`M&|dyXSVV#IQh}s5Ja)<ef1Lrli}&TD)`no8JuxYptKA=qF&u4ofSmwD
zHEt#Iw;R;}B-aAs+}POkljNe6yu!`+e(m^)^_ZwUy$Q7^x7gz>PyL;2hpgt<3btf6
zISZEzsv`VE>To{ost)=?V6aHsy)tD9yeWR*TxqX7#^MOwz9@?cz4;)yC%5hZ$dg_R
z4m?z3WEvC#+{^7ZWa*mZi8&_?$FHcrov-6k5Ztf|NWt-_as>C7GbH0}eGI3KX|JBR
zfXzK~QN-T(IG&fjtxdA*%z>|b!I37T3{ZTlWVgTTW1$7)ncB-=PI{X8ct9qfy<PIF
z-iRCoe9V|l-a&6&iUBKJ4$;X1BC034zbGu)++nhu+Ix;n6)t*0auy4r&TpLAcF+;x
z6n9gV$?PifDKA9(@D5V8t0_t42cJW8C^dOTGN1$%xSlpk?v;&eR};2PxJiu2uIMFk
zV;z<*c?2R3r<u`7!__Kx_|-*bWHX~Z4xePw)q?NTGhoGKE?S`@Q#5f#nHcVH4)W`M
zd8j8}k!1mLL$<M&C(3oXb<OD5IL0=>KBJme^q$q)T3U6!bHQ}gcud69a1g!^0$u`v
z_s};vJv_IOl;ew?p6!V5G2P+Mq_p!BwOB4Ft_mL%*E?CE%cE$#7X<7DdA_4sZrfV7
z{Q0i&-uuB_+DE898g+wQ;TnN~X<Fy4Ar(lFr&mhjDd|%##{ljuvLF!)k;-x%A(m$8
zr-tPkLhYRmdQ6^G<*umD7ZQRKtZE8sGcchf#MaXlg)jqszd=z{`&;0U8L|?f=;KUu
zsf^d9F-8*DczpftxPnS&%v0*ZZw26lsk+^N&upN72a-$$Z1LQES;svlM&$%NMx8&0
z_qDsSb}s4<DU3H)`2py~+OC$JPlM4fPiJ$6eb#;Pd<?I2g1k$S046^PLy<k%`-}xy
zc6#z`IGSS3?pE5JBWs6Njj1dtK+c@pPJy{AExGEO5Z7>GW;OZD7ec{@5EN>OX*dNS
zu{(7t;h`jkuOpvyY)j1CwR$RvJb$NGix4&hJl&ZGrL%+iq16!Um6XHW1;ou{2u9(i
zPtAyDTQc%NKHkHZ0#(>4w2jVsCx>v?@SP8tFF_|Jydk>P{#Em+bO3Z{lN<zdBm!#}
z9=Lwi3Q)#Nf`GTGT4csD6v-%XtHQbbq;coVxp}5^@Gnoa09)~W6KW4V0xx_$ms@kR
zYX<{>F`%R`yEJK))^Gh&==@l6nJucMdo|0#OLHv8&lMaFTJtCdaXcN{;7xe@-Du}^
zJJ*SVHH<ZMFYx<b=#ls*`EFo}OvS3~kblvgfotFD>zi!WD<ekzmi+jE+Tm4{I7yQI
z&T0xDJw|d^R5DP)oS5!NqO6(L7+PN_^}=z!3<zX@+ljt`u&sn?yr_`~&$P2TZT1tE
z<+;vCQend}vft-~ovrKYM)s1AL4)6ULf~HFsWZLgsI7ikt_znV+_<@3a{0UnT&}E^
zLk!%%2uI)i=A)C_%=enAq+cp-D8BZStF6mkz(Y}0fEb{L*_+?+E?yGA%>1sXNys`R
z$e)9ow%>`!@owIS*(F2yvvPJd#B42$X`g^wp*;q^kjwh@#t^`T){Rb6>CnKwMq8Nz
zR-Us>m4LgBl;4pCWdnHyn~n@&iOr!hY-Yd@qW$|9b#0eC{m4Pf!LgF@llEe%dk~J>
zbIXDI_#Mw!a-!<5zy~l|QHLy4m7X6_vMU1fjJrqp9`j!4UdRG`hS-VC^wFgt^$xV~
zAoQj(y`rlxz&Z~OM<D^TJy-QD5ASDQWNtDx<U%o~O$#MxdBW5lJq+SdSWR)t8&+gp
zd|DnQv)KSv9I$`4$*qyArbFa2U~^M-%EatM%uk|5<noe2#%<o_8bO$;lne3f(IHA4
z00;lLRQH%+lV4a^Q1m>Jl0qC_dD&Unyinlw>G}LV_~gvJr^gM)vf_?046KW}*D8%Y
zBQQ>SX?AlSePxVX1h;D3=MQ{U@Hxm_%&<|itA?$R1vLdI&2;IH=buaP5_sy5+R9-j
za-Qx!=@=!VGjZ?{+z9!qFZYUyG|9o+arb4<k*5IA7Y<73-nV2Qt=}1f@Unc}PMF%W
z{`R$*Hs*rZBQ~uHLKOnxC4E#aXZ40B>A9H9SIMe=4ANQ8E^y@VYfg}<yJpXP&kN44
zfb?gI4}es(H+j=H>QLxPx6GmX3xMg2rXcnsc*9^UbG?0|8+aied|*#&`Nk%r4U;WD
zXy;!y<9RhvHLeTe`1XAY+31us5QVThkHD_b;mtD=E1V2r(QetXtfj371-Z0(nDV1+
zLzQI3O!NHdt5KG<VQ04rvIn`#(A?~q^F}aOz4&vUP`_<fVtjS=^$tx(wR?A0Z#MT<
zP{Lcjqizcl^SuIwV&k<^Sj>hD)#WoVH@*zS*o1*PE+U-Ls4aywqy&L6rFTkIW9oGQ
zPQp8PdHt_1T1ri=<Gfs(M;padhg<_}$jwIpQ@#3h;LQo_N}_%((Tkd)qVmKPG^@*3
zy^F!`9P<#PU<2G<92nPvBYo7F0zg<*`P7lF-3Um9)1$aLXtGX42_RWDkj1!e4{<)t
zM7y0j17_$%3#3Op0yiya0QB(J+zWT;n<^dSJsZISPV5`O5PJi`sKj$i>kgABWnxo`
zrV#J)PDF1J4j9p4_7v6HCMk&hRPMK^90g|BD$@Z3G?q_f>iBz=)dAoQmZZcb8c!4S
z$wv8hVba0Z<Fzi>H62sqbXUKL9taXOpEL`XXm7LA@$d5;$g5O6b)U<0FLukh8Neiw
zMlnWWAm~O+h^b5Ptv_`iKieH#=gZoT0kOxf^;Kl7H}LT~joj#`7q(x40c9}lna@$@
zRtr~_+~(n5Lrk6qKY95Y+O<0G^5y9^CC`2hi-+fWPt2mpGrNGAJ&yoKLV@fBlE&JO
zbW={G8*NBO9K2?OAT@elCo);^s|D$UwM@Q%MFcp@raCO+gfo-od7ijb1JSF@r(ad6
z@>CCJ0I6{R@6(d5NaeHsg5%u>BhpnDvy-ijd7&~i0x|_WpZ6&6-YkCz0wGQ~gU@<+
z+Y`G%=@W`Mer->$Qd1u*!0xxCo_rN`LC(Qe54WMg(ajoT%|YO2w7z3?Zj93f<ta~p
z-K-lKtW#SuD}N$;pvH7`(t~aY%Z@kuX4h751%}RJf};BrBhj)*wz}%6oSmF^rB>c0
zk*3{2nRdg_H4_fB6MfaLl+6rZ)3F3&@R{eC<zilGBbuDqRA5GRFa^!dJ$jka$Q4ZU
z%rt?Te|oor-XN_-@?bIc;Y$UYl?l#{Jp-`GXih7Jd^wm=$V?aYj!q=)gE*tXtLhr6
zy-DLm+mG7AtGy)+m9C6QLQDnSM%Y6al6mYcPW+_Rijhr676nba`++g#BjOgQkrp?G
zx`OdEpE?OGq8|?<r!|+(lK?B^ZDtCHmTwnw=n+Y7jQm9;plg?em+ecbua^kmOF!T*
z;F&GX;Cu1}f{<I5;iB;oZV=>{4u4(7g_;le&_SD#{*u#IRw06ty+|SiQ-y{f^)M_J
zhI|UW=tWqB2<Ji3Un_5cer9)==-Z!*35ds}LW$7%45`>ERBKhrCUtJHOTjL{aBKqS
z?QLKn(;kAqKpB5V;0;o`;2M@?shZ7v2T!sO<X^8o#3;)=Gbk0R-s@m_WeaQ<u0c1v
zLUfL{qpOw5_8KIdiPEn;CKit|&PB|U^{@-Cuu}=jXej#Vrod)Fq0fp_mfXrXX8g;_
zu5BPx`r|gi_0nd_F&iOsWFi=9Vlhk|h-3(be8KVb0KY<*ei4Y_VhGEHVZZ+r8^Eus
zho6P4IhLJrUFxHpv15_>!>izpZYXQnRh0vM*X|K^#4*tThOjI}8CYcQ%zPqFYc0Y{
zax$$Ec^juHDNLc%Z%aNh4^FT3Kj0_rIKpmpi0c_(im(Apv()qXqJMm4MFE3+kw(@i
zEBREp9RBUW_;~=e?7YpD*}cxdApG7@Ba^W@#CibkvA(eMi8Thd-{DKdM*Hu9h?8kI
zz^hf(GuGIx*$2NWoY8Mab3!^;&OjsN#Oz+BXuDXMU%uyAfTsBriwGbuXWoR>ETsdr
z0hX`WCN%~~?FK*>O@m2}#q*nmp_!Qg59Hy4Hi|~%HT?v&kwd7+xC3@LHQoRQLl*-H
zSqG|+lBN3J0FQRD@?%VESMz7GgbnIUf^npR9uIM!ygI~iSf^QKJDv;Z{4V<y0`saq
zdbwD${a)q7(n~fR&>mL5HfNL8xqwBS8=|<=>}GN2hX5tw4KMtV(j7liQ_tzM+fXIl
zeDZvHh>4G#_G&t1_${H)8$z7~eXC#?Jh$>T6mT0!%5Xv-W-waLZ<3<L9(O1O;RFxX
z4JHq2doqW-o%a#&;o#6$Xt-yjrCnpxPDUp;%E#w>W6=1F4g=TJ-^*SrFd-!58NO$(
zV}vvuD<c}`wOHi#NC^TV4UuC}<Q)D>?Dm|m(Dt6%(S@&?Aga7Ie(dw&OupYnSG4(a
zv{<&hn7YU0{MU^HSequA0D6X!0gGz^()D#{Odt&4m9&d-eK}vlcn1PVFIfav)eqa<
zmR5!{I(mMHFRabUH=ldT^BrKr|EkIAfw9FGpyrc3n=4bqp`>NG1LWO%rSwB!0b(tj
zM(0OW@y)_v(6aCmzo0vy^gS4gZUCEhubASbhDsl=GG;abQpc>4T!WGT7lewY9>uGX
z9m}2`RFKvj&e+rm{gpJ00&#OB%)gaWpS1Fuv?TK|7ro0Cb!V2I<AsG8Q0gfY!<z5x
zmqv`DI*>CwI;yr^Orfzx2cY%UMSmiGSJV3CP;EGqUv>CaagpWoa$O`XJOu~j+l3Ht
zBYLpho;Vv2(xGNcFnbk%J!=r`Fz~#rY+i?i<sBfe0Bln`YCE^gCz(bs*cd680@#YH
zRiyE2V1S48vv2`93mvnK{Cu*qohg=DnMasqR_95*75rK4VnNv2yF89vI#?Ay<bR!e
zs<pWhfKR)_cI1`>19%MOx4OpNNK5P6p=XrII~p>DG(5AUop%+thQ&a<U<%IM+%muF
zuLWZwBSJz}o$7b#xXl#T*A5>2?XG+?8DDBzquQI9lB^DV`Lc{=rcwYO0%<=N%=XBD
z0PO~ntNI5!a$V$hRybZk`YamcK{-pNfLS-OyLP5PpVh2@fCi}<%5WN4SL@{n&(U}%
z3&%ijm(2x$aju;dhhKAq@1ry;JjX$HgXRdB7g(USrl$01eSM;=>GOWwx;|4Qp@4Vo
z;?e>sFu?*;FGEi5OCnXOsLSCg0T)NtetZ&%rs<BAs4~TN?}fE#o_-E^YaUBtgq?{e
ztQ|52msYJ16OvkkF>qmbN%Lj<7gxF!IXj)`)9Xh@3v#20kD@bCnWwoC{tK;*605C{
z;xa$~Ov{csQ^BUsEdYWSu5;xP5uaxiZeED<1_jPSfXyFGeRn#x04emRxoY8IrVJ}l
zB1OVtK~I80yx_~PZC)2*4`!bv)S=V%-euK~Q{BTJ+x?NOX7$zSlI4K45CM5hoQ3|q
z`spka7)WO4CP>v6#1*6UZ@$BN4Mm^*frG=ly}xnDKbQ-*c(WJFvX-+$DPjR<OJrE4
z6<2_PRxOK*W5LY-2mE0td|}+NR8P8FzE_U*0)5kr&5s3BTdPa|#%%z`UqwVy1Wdqx
z;?Xyq=-7Wi9KhZ%C+GP3LOgUDT|gOeCif4$bi?#uRIoJ96~vYE1OPLBYk}(OlrQ6g
z>Bj38ETj5CT>JmUHi>yI#A&eP3X6fDg#UlUF9`dvVFkxw4yN@7k^W{r=$nG$@Q3f;
zhm*bb1aXa2{zHwfu_@PotKfGNWOH(mz5l2n91~D~gTO*0?0O?*0I*j9J8_`^`I}0K
zEd5vG{(~+5(HsB^MKQrY7uq{9NxDcqFPow0-Lm&erx6{k+&o_*wd#z7e$@Y1blI5+
zXhC1*g5>nm<Y!AM^(Q`88CC9#aB<WdPr#}(z-F^(WG##yUbpJZ0-3ja{%FD4hG^Dj
z42!zd@6gx3;iNu@>o^t{JqbngB2KSFe`w)8%mXq~1i>+{SeXF;T=8S%t}T`b54SgB
z$YG!ZNj5AKehqlq47i>64Je5(VZK^_5T)h@wvhlVrt?DsFJW@OZ+>g9xf>IJhGAJ?
z3hs**AR{qv*;>kPi0qZ~spmJs)QdQfY%mDPd549=Gaz}c4HiHcS5hqC8@3a(or%*f
zVOoFC9t)Piy$`a+yz*DvLtvcL!h_uj{@`b(-!&1cp|Ob0UjcBOdX|qxk^ey5Kg1K1
zhCTQhi;d6Z0Kdz~1$cR4yAo>?{UA21H5{RD%Kl@{e_$n<6vYkVHYW!LIzPS($-Rl=
zdHNqrPN;a(t#DID0fFd`U@fk*0gFio<(P5*&7yIzT@3sW2**HAFUOC$kmrAv$N;f5
z-!x;Vt^fe!e>i3DaT*Nt8zX+|SzibJhj?O@AM`26dY>UD2jia)`@_j$SXJmEk0i5U
z)VG-Ru<K9GZ2z6t|8G6~pBVnX<73SYz(P2-c5#+Fc+TXCPyTj({_PI;qFF+21LNrz
zN2ysq21^&YL&-F@L9uz3X>pxpZQ22~m1E?UNxMOq#n^T4q)T4)hwS!n&|=B*#<)V-
zy_|{N3i^WMj()#jXvj&d5l*dqX$4$7eUwFgg4X<Sbf6d_THIkkX3!{<h>;usvrM#9
zrak46cD~C0m0EfwlPbV!^Z6#a23<Cxmk40Huh(7`{y}d=Xglf(z-3v+jq1fq->9+N
z>m^7#@=^}{0&M%y-sqne2jG+B!`oM;kww*1Yo!97?$I}$dZ_|j_CLrfEK6tWP1x@0
zqEd*NF%HSPIQn^rS9oc<Y)|)$HxR3&QH0EUz6we*b^@a9U3b(AlnR4|yZV)3%bX&B
z^wpvUzUYx~+E<M|<Bpl{JwD6_U*)?bSy~KmZ@F6zwJ@UX8SPOmzZRB5qCT!3BHi=a
z3gN|xJt5h%%lA!GCQh<iv+Wj(x{;1YCuP!pBIgTK0;0YslJWWzTd|vWgXV<cj;B^Q
zF#5vLMMQLBVS%|h9I=wd8-<|cd_2{gpaYM-{W^|D8tS10yr<fe)5Xek;9~9pe6&Me
z&rztMZaLTq_RF=P<GpUYrUAS-p*e{Esbv+sNn_Z8u1bH-S`Xzb6y#-Fz*KZ6r`GxE
zCy&rqmeWq`*6!6X&fy>j@n%oWaTC39U!e<HR^$jRsw=7KM}=55K6bT$@yZT8cCL?5
zlK05}qU=Az;rhP!0eJM@OAw-DbfUKi(HXss-g_`=nCPNK4TfO!Aj+swMs$)8ok$SI
zj7YR-lSGRspXcQJ`#<lVH_y3Tr<k?N*=Lt~-+S$~K6Yd0N3ms5=CYaCWxo9;(lFM(
zU?jHLk5Qzo=awGfbJ+70f|P)nP~)ZXY0+@MlFm?%;BCcXmR`}Kw$5SJ+SlKfi!h;m
zsNYHj9lS|o4Ig4U?2#$LxmitbPB;5YYRaTx(0e<>^4$>udmAqXga_{FVm~FmoVOgA
zP{Bqkvi>Ugbad#gz6vX3J?fTSvR}!3b5{QZgU#icr>g#m^NhGs+MN0Um<zexvJ?af
zFCjI~aW~v-YRcV@C$CLkkSz9x8#}J8eJts$ax6X$tE<GO92SD;tg8J8W#G;#Ke_~t
zfAn?Kc16LCC#OB}Pq=7yW1f5L>MTZmR!D}Bh4cJ`MyA;&nnV^H4Mw3y3w&JaJmuvZ
zG17YcuXxrYy9D9LzJT%ESvlxT$q}}Q_bqd1cH`&KtpJDNZQi@3zKyt^h$=G4G|q4Q
z8Ef<KN5(ejL-|WwtJ&k9$_Frf*vCN9b@#x?dj3qBnBo1Me#|t-C9s1`Q@Lpor;6;8
z0j#sGuJqm4^4)csa95g-*ZTI^)4xPQoI(_|wuF(9f+z&&ox6}iY<f07^nudV-fkFs
zJd>*9A|c+1A&mI}{@iY~GBvR+?zq?83zq2vtu=6q#tW_>n_o9%2G;sc)nvYCGTY|T
z#rDG;#`?tfBX7UIj7fW>%XoNdot4@2UbZ?de7SK^RHOM`pub{W;J`MRC`e;t{4xd~
zS<!SzIwgAhhZclN<}RM~m#_NKKB&*m%9|$%uky|1^ViJ9{YYy!hmS|_D5mV&TY>C>
zw<9XMUr7>8*XACnkz{k*yVQbg$q*{_ppJkHQRZ13KZt`({4RD19!6aJx#;~{_XgLc
zo_I!*_vh3E8lY6_p2C?8G0>O2;>CV(5EWC&j3MaD`{(%}AsK-nrYdBS={B8w*n?>y
z9x1Su7g$uoAi~R4gZ0<(_}$R3+FyfOIjporDKCb_L@Z-_@CvDkMYV1d4G%$I=7=))
z(qMk_1*65Lqv(;Tq~C0veYy}k(!)gBqp*!7%IP03`Njl4_S==qZ@0~=f8yULef@mE
z$B%8@VY+EAfbh(v)ON~0#OrsTPT-??3WcHty;l)W4#5aNt)1|dg%okvSAu3k_XVhx
zEAUVQb6wDpQeFg{ixvn+JcxQq>g=RoD8JM{w$ZdAsM-_3KEvBjB9|R~`f5s&rkCON
zH^pyJb{g^w4+`d=J>K{3QRpu11DRMD+`)`}5&tS{5~xfh(11h9>YyXVq7+vG4FvDR
zx2D>@&&_Z`iYS$D_X?CBVKVerh_TCIuJ)4mG=nAvKN&ZdAJhB|H2X<}M;+ha@XyNT
zQ|!~M2N@_BTe<uB4nXmuCC}e{)ME+rYoo#*l;U(YPMIN(j9Z~HZHv8&vd~8QB>9oP
zEqN<z*4D^-pG{EkPyskVbw0ThlNW%0jD1V~3WIm!GuwH-&*gwz&9UztZnOXJVZa3L
zE`tIlmgq#2xy?GO=tHmDgXdD6$wzDvGea~8ct<Ocb`%{aSA$Ptmd}o%C$jyVtH1xu
zBIY^t+)Q`W6Q@-TlHZA1><SP2x|M~x2lLWx4Q!sBZd}cG_@b6OgF20TvA>$>6H_9s
zdbVeuUXjr@JD_qKi#73WT(qag^wp`u(PurkCj1tCRl~p6&#7$Uj%Gsvwn1G~dhE;i
z-RX&=uUmxv%J2fVY<&~Bx6&fCr@zpuMZ$MFv@x(z_}8tl#S}0}BSEthSK5gMAb|Vz
zO7kA)vW3ogOE=g46CZ0A5yL#!r<d5}qa`EDd+NeRcy`vgkij@JuELpQPP}y^rpXE>
z`DD~`cEd!h%c8F3#7~T(<1qyoVuXDjIIw5-EA70sn!u2Bn_TBrKI45k%Kg5v4Ex@-
z^~gtrhIJyfcNiFb_w1DtbU~wULQDSTVG$Z?7LBJBYkqd0k|t}?rohSN?OK#zR3+TU
z6y7$#D7uV0@%R>&s&e|i^X-XIaG>eYv(C}w59RA{ktqR^$<p+x67c@fkcDyunu~M6
zjrsbMab*63iJI!s%npU{&@!l_dwvW?-BNf!!X^JAoH&A|ueJ1O$nfxIdyOfkZ=%)*
z%qBOmz#0`(o>$jP7tbA&x#(zg@x&)g%rWGTqU1VxIlR?BueJ9|^>X8v$d);zPJ8Cq
zh7CttGVn%l<#(FLd1#El;U9<~)4$~Q&Ik5ZOlVV22$UVSO)UyI3rGx`?Ue%dx0G?M
z*8SQB-fdi%=McEstT?P+nm^)8<e_qea-B7*aYSBa^7gwjS@$E%t<s&^>!>kt%x8d6
zj-eED!}B=a8J{?2nnh5v_uP)Sciy<T*R1lMw(`|Z7|%f=fkTz47AVr%dI0LwEj?NC
z4R`diw77xh(5eK>N%Y)?C&LGxkQmr4!+p=a4Z7eqj2;JlNA;wYsJ}|F_ML%q^NYHK
z8m;yu-k)9-+6M)H(rGWFe9{%n6<za6JNG_LuT}W?9cu<I51hvvif^n|sm|7G8uD`K
zFqm=jI`F6H2#<uURWdpJP|k4=RS*x;%}X<CN$k*iL?AaCOH}sVZ8vC!^(*JERmZmn
z3zWK`;vLl%6A7Eb>94CPkw5Cb9|_8Wqa_%$23D|2FG@{dlb>jFO;WJ$3TTCU%!Z>_
z0_7g#e8vzwq+_1x>Yjw~60YUkZ}9l7%*T$78%s!#9{Yxtm!SRQ`El2yUfx^e1X8Q~
zp9;KEXcCTsOTBp38A19!uQLzvf*QJA?VmqL^Xn3Aj0T3+>&Vaa4qqyrW>xLL!yPO*
zrJObo>{dW}I~E&g-;XNyD6D6EwGQM@si*sEnp~G~M}sBpx>yjS((obVMWKiO(xyO|
z+t+o`Rk(`~FBnu^`pYR}b?oH4{pGI2t%463!6h>|YgqFNJjh+PZ6|>IMG))Z_;Zhd
zP?^Wx&c289R|0mFZv<Yi_B-^Id@1a!ru}J_bF$k)KrsFY-ff)gvl(M|=WQrwiS#U0
z>d|xKUv=fKJXxPRz>DVtzw8pfNqBc-z-7Au>s+$-%Fapj7BM0?(HTBa)~q7#F5@h+
zltS*yitP`h5IW|PS`c$+cc%d&zb#b4(NDjl1KGS_gf^|H4Uj({SX}Hd#wUNMa1+0x
zCFJ>pn_9#DJ$bhIKv(?5UkE-B*vL-iVjrBj6lgi2eU>8d8|cU)2ecM@S0xX!;rv_d
zdeBjwZ2iZ6A*VINj7oEANUy{DhwM?hmdf|7M2pUaWt&=(6b6p!wC<)l_LnV|^b`tA
z>gHk~PQQJ7RBOnBpGoT~4@~J6H~SRe6`LM>X)_5K)u}YhA$}g--D;S5=YTnk$*a6^
zfOQmB?t!x7Og8?2tP5|cB1x5?qM+Tf(pmR-mS|2-8~_j03p)C^QD^(+Jb%Pc^5<+%
z5e9eeq-gVU*kz3qBcot+w(jZisB~<zRJ2KSN+&s!!`u7zszjNJjl#XB&uj@)OKL51
z&Rlb6>+X%YF6UoHE|W}TCRCEFuB@aeC<o=$o|V+~w*Nr(!xadzSjS;@K{j9Y3ZVvZ
z)+CplDD+>^o|&VQleT+Y$(+lc32ma<2pip3@!waT)qlirQVnS@C$}6a^Jf(~+c2o?
zL<n@Ulu_nmN_#K7WIATCWPQd)Z#nbQa0f4nG=2D^B%uwt<FkPOBaANrd-U_!Mj1E6
zBfxIj0}ls*gS_~Ji~dl9mU_`AQ1k=Mngqw5;T~l#oSEl@?izlGPKNrp_+Y>9;e?vD
z^Z#~C0XwDofelkP^xE1c*ZIWIQ3968s}bpA%x>%s-3&hEJrh&K)Z9+-Rx$3sEYHQm
zwFtJD6RTf(;~i0FZl_wPB&E=Ch4-G*MeNFdrXIxfZv$IROt>E?oA@e*V&3MAoR{QO
z%zb#fRve3)?pH@8N8<K4xwP#<`RkBj^+ML>T<|)N?GF}Pj%b*PhTD4jpYXN1v1*^|
z{*^HsXX@5u!|LO|-d~zIr&%8>{lp_!y7jjB-bl_ZsuIC{X#}mjJi>(+w_d3JdDw%C
zF?&FK>b&mw3IArOi+s&Etuj_|Fn0rA82vZK(Y{G@3Nbr7tGO|Fo}L_DaBt+PY{8A2
zZ${sGcdE-k_JY}Z`n42RbE;qw8uaZ!ZuO9|W^6^w?>sOP39f*|`GsR(@7$xlKo`-N
zM_}AJxIhl@@>el%fIC*f$LtNB+jMi}*&!g-R&${P>vnxpRv1_f0y1!9Wdx|$l8&9X
zW&NW{fPk-GD&g=04(OJ8M*YAj@+Ge)*SJ%_rZlo53WE-`Bv-w}53>B3o<5xJRM{WE
zUcv8dcSc!j-OjV?;Q7ooK*%JN$-u%Dwp_ZdRD3{v_SNZY#Pm+-WpiO;&&=_&@F(>t
zi>0{!s1h4*Z`zKsjhtVm`rKUJ52Ss#d`I6Ddd{h+SY~Z+r&3lH_$l_8_ejEa9q+E~
z_00roB1<(}Le{OLhT|WXG~!^VYllx*9UW(-ymd4CLdNZ1#Jv5EoD0X|N^pV7&!W_w
z8dt}64sB8<H{TM`21-cT1RaTdGT?HSwas)i(AqqmF(6vkKW|-@qBcZLr(c<|uzU$^
zHIQZX>1fGkO=fW;rVq6j6B84lW|MRoNhGCalS;Bto)BL_j)IiPEA!)pr71}LJQLD|
zs?vojN7=N~scocZg5;W!rCMrV^<EXPxB`dE{|hS_L3&w<{UT2X-Yht<kyKBo<MokJ
zPp3BZ7bg{xQg7=9*dgE-d)^3AKT>K2?Jw8@c@Ckfk%V|-k0K07t`aG;nf5=)bZRs0
zHH4R6{c)kEzpR;dA~9R#C~$h6#LG(UN&!q`{+uhnN0_8X{f0;7C&>tnB$64u4y%7l
zXCJ=**hTB#p*_reKysfpF!@EUdb(s1xtOV2A~O&TsRS6|_63Lzcv&Fd|KH?#WTgDf
zw3%%rb#8w$Ykzn9AH~WG&@tXa_jZ6v0|DoKs=FV#v|JdWY_)`CnfUiFUbzg9+_og%
zf3or)!o^bw4+zL-{5v$_`%D>ts~hPE8*ovpQijrI(%@6PGGuLEYTpsk>FSVCOXwrK
zuQ2G-)jT2PZx5cx@xLu?nCovZ?J@e=e}Z+igYOGk4=tW2{V%WWUfQqyi_qf8tg1|&
z3=bIV^hlfkZPICkA#g<^^H@jcSE^>nQMOexgnX-F#KdiFS~^P^vgEwTY8ee4rD7RT
zYT#AHbN&BU2yHGO`{eq7_vZn=XoiRV|B3}D_Kg24k_2jdAaS=ZXyCoYGdz&2qrhij
zHcPSr3h#eWj3iM1zj(%gLh@SwGh2JQtdu7m{gjZYpH+&%-~RltO*W7UdmDCRhtg10
z&Y+u$=>OA*72SK|9~eb>MPP1(4}rJ?&9mncH-neKH4fXS$u)or9PL$rZ3e!0aeEjV
z0TDRwF|WNHb9r$XdwCXoz6|e{J5RCzIshG@Rr3T!A#CPLFP)<Y|9>^(rJ21n`k3?e
zXwhFtBnIhY1N0dIw{PR#R?N)=1{mNctP5_l&v~650(}kC$-ozdqC7zVUghIMp{mjc
z>?6ccc!e;hLlg?t9r;XYG~8Ybit$A?E@H75XgJOYJ<|<^h6gP8qF%D>mNWojDAeK>
z2Hlko+|(1+fD|k5cD$}6yHz}{VGfJv>-`Mt+K0nmfezJ(>VKm|UXB2AXLi8pe@7~C
zUOj$e5NS$ddf)u@p=KAzx{JhCM!-#lz_=>My5*3>SOp>iA|`<KfRQEcEo&13-tzF(
zvalt{ZEU~_QrZ(=;1q%h@R&vp=$39F`3B0iId|j*R9puF^(h9um1ac99O1YbY#iM)
zj4GqapvF~o_6Bus)_d_Lx@VIPiTA)omm53?I<#HZP>e_RL9s_$Q7z4vEcxuFS0%x2
z(^J`BL6<viuXtFv{9?Qvlv+CX?dC<0>yE&a9mA~_haJUuL0y@s_gaz55oK%N2)TN3
zO}If|na+x_wwp0`M&lDv@<g?E7ys=?f_7%_0Afeqk6J!g7$dHq|8<o$a~i__%wOOo
zr`QLNJY)M{NvF=PS6llqc;vlz#vyQ}{vKEl5?OS3Z*ut0gZbtsH0UFC0Rxz#FQU>Y
zkQgzI-lnRSVKms(x1)OUPR3p#C{5r#rL=Vt<o1(>M{eq)_(4##>P1{Sp~y8;jNzy@
z6aob=T0o(emeChFgIqD^z+&2N#8S`l{g16-&F4@iGZt+Y>q-e{rt-m6YC?)c4amGX
zwV|F0_vS}Q!+BHs5k~s=#QJ3o7kFU=Llv(ivDOVPCJ;V15PPwF)N|Z~-|kv=rW1c0
zf2S-DYH6nJgd(o~gJ{$yPXe^)Y5X|!(Q?9FU|83+wQq80ljXcx&6LJXsgFhiqM#th
zCrVv4aEu(8CX`A@00Qx-CCih}sa&5|#FdWW&j%}1xx;YY4|d8Tz6nKav9Lh3nW1|;
zdN&Ai9?7?|BFP})fw}oYXSx|K;Y-lGR<eu~v%Wr`p<C;K?_y+Y-TM4p!v%U$LcT~$
z;QIFQ1%A0asQlsDLr#<OslGc={R*?A&cKAC;U{QVOY;adRN~xW+uw*b3X+jht$3L+
zdR<JJX5~>?mBO6rf_RjW&7d27bv)lt&#tGY2GYc~t~Ve4`gMuBIIp?BxQtfXS&zNG
zEW0J+<TnIjx-XIr)ODf3)S-H$gt_}q3!<OT7sGr9<(yZ?AT^^9+xC{O=>L2#1_KAq
zTs6$u$Vq^0kc(K3SEnc!k?R*i1OY>SK5<GNr@|MPF*l3NTf1r?ofsJG8fO>(2Xf+$
zuS%il`AJU@#r>s#H~%Fe*sTU(!zM+nTE1SY_6jjcPY+_;jcn9zxxR7!eq*jsay9-t
zPJuCz(z(1fvc8WHL@2ZG7nqF)e3oKs7xyoH^>uPPEJ^FZ3p`#{8mw$~scsbnM7tF$
z)?2X}NErz5#zYDgYk#jhyiYc7wmP=|GyW5LxIabL8fp9;Khy<_ULKDJ$?U_r&&M!p
zsNX|xI_>3cwes$2KYG!c73j?RXPyzk+?GTRbQ@JP0w0cU%$A3`@lRqoFIxT%K72WN
zh2OqBu6VE?8?pD(EmxR9GD2G&ME-0BJ=EK0<ZKZ8XaIWM3?8j@aq~xfuKJ{J#G)FG
zS^qFg0Z9RjRxzlePGzk}uWv3-f9>OjBsSLZG0`VDzl{%cWjM!Z+HSv!!Q1*)$aM7L
z@gD*ZA2-zgXsGw(%ZTSHams&gtduUPMF>X!M+U;x9!u;(<8oR}UYWiK#PZl8^!WJd
zNQ)Z}?t2RADsa)egLC*K@@<66ju_jXM+gfp5SR&2o0wh}2BCkE$&SMc%-v}no~X@g
zCi8e1zTqtK%HfR|S^EUyRU#HJnDPLP(=!Ir^zf2%@D?XgO?hdoviCE|nAPQg*OGUr
zcNA(w<eE7F7*fv2xqX3rmk=8HX&UGA#X<`~0aDzo?c9{>yqm=R3R=uxDZ^E0|5ywo
zr1vGDv}8K@Zb?n)<_;P8ZMkXrl;0)9xDL~U8P=K9p#H7tmKDi}$BhDxOCbk{$)gY@
zguoAwnnrp>y!XB-w>g)ZTH*WEO$&z)O7+|C$G2UQ``35}Lv5SrzxvT{O%=ai>?^41
zmh{p}9TW0`hjw!{H%&>W3nj~tj}hd1QJYa_rg-v=r65E4-0#}VNb2ytM~dpKiaYEo
z%g9LI2f*01W{=#(w{q^6^Cim~{@n2!ae3D3lAv>@yz?Kv#?XtF4({g!mmdzNx`tvt
z?f>{GuS(qiFiMpd8(_ig*D*4cePF)d;J(*k-7#erd<L>&x!thnt^Ii~qsY=ajC=5W
zHfXJp<LU^%c+%Q&C>bLvJ;<`6qu-OAm9;VGExuX}f0P~K)ic%Wfc}kc6{{~?ZB@Nk
z*YDI6XzTsk-Q^2d<bH@qk-u$Xb#87l1V4x?+zMrVI0*H?<+a?rncuR1BTEu>EJso8
zd)!?y>%I17r|VVgL%8%}{XFiBrEzEp1N-0IAHreW8S4-*sP6y{LXgM;94jUS(hLE2
z{au}dubwUiirf3-sT8*dM!hgufbhR~IdDL?0PJE^7?=?LV~t&oirI$^{ST`Xo&6tH
z?>+@1584AQ`RE1#O`-17P63Ee)bd;yzHiZg!ZW#^o}8BgDe;u(D<KGUH5B_(nKXLP
zc5rBLV3+1#;#YE+$Y1iV?aym$0(z@**`f+bgAU_nPw)v*d9P2YSr-^Bf6hHxJhWA3
z3y5$X=aDG%X0GE@*!UovDE+9blX5AXbJJ}HHyAb0a;Fa;&vONO(B{g?@#swSU@+BM
zIFXS~Gk)UjC5rjXqHcbBS~B=#eJ}>B+V}(gN3me1#n<joPkgo`=Epw5`c=MC)Pk6S
zJC#B&mfZW+K*Z7CndAHN5l0;=EAQFO(*(TlvP}m=?_BM+y<J*LipK%{L=u2K5n)};
zQTWiwb9j&7r=A4}Uu#xW^Ey*&`f?PoXbG-hDnu<um1_Z#6hu?7pUnlcrz#){f;Kv*
zmQxjqf9Mqfd2sX_@Y?&odlPXq@X!vx+z}o6c+!cSaB^Q1sF9TXE&abm(6wo<k6jw{
zyJkUVNgx(WU@<mN08(cE85)BfX8ae!r@F=#;HpMJXgq+%1**V9Yo21UYaq~_$m1vf
z1bB$covh0N*(^1>=SN4te~1>VQWiYM?Eoy9oV%A!U@5ne1mq^$;Rr+l#N=`WCyplo
zKjl#_0~Cb0{>62xH0WPcz#p88hxp%(wZY?m+bHpezoO3Z>w{6}EpjvesjfTMt+&SH
z`pPN{B*%i<fO9KQ6aPWYZ7<L6Wb_)s&m1Bii|)Xl4TP0US*?QSyqb_jHx<%%z<c#p
zzn`ZCJgivQ1SXvbOCS{*e29K5%Xt`X9T+e7h!G{Y;cI01L-;@h>>45vC04RXo`@g3
z+<;xfC=mMptLAlgjv#P&?9ttbp%J!^SMdc&`cC|4a)MDp5arC?{At8uBR!wDHi(?S
z+B%U|rmUC1QY420MX>sgr)gjn^smhCt&&p4gUFa=H(WrJDfOg>l@eB8O5IT)(*Am`
z5laG75S4f(h)bK+xcS>JLy#5_gpvnTuSUB_|4g3%Bm#uhucx#6SyKs(f6yrsFG`44
zh-m107o==MCh4uue80QFvzGNhL0>oFamN#q{H?tlER~Oo<ZT9V;w^-}XU$Tn;WwRp
zsk<QZkjEH!cxtb~IRCU${=UwD&a9mSgQJCrk(*w18fk8lI3yu!&n{r97vsx11*39&
zLE-1<qnR<&xnF5M3ws%g)U&_kkA5aj-FJt{_<5sJM6bE1{_Ri3y!uNiS))@!0@o7*
z;{?=+Po)T0waG<UpbYAOUXVIN6f(syXOc)FCU&>&>iFGJXcPWukmcPhe0@DIHgGRS
zl^c#9yxLJXrrG+bbiAQ&&YTQZ0#D?f)TN{N5?P>7Q!Q(my^I|Y4Y@`eu_%ukF)!sL
zJpoT#+cPXVhiMYIW<N-hkt9iB`4^?>E1n#o`gT8e7{pdQzq9tUJqMx+O(|!HF|(4d
zSrwb9s<o0wq@sC{gdUV;sczx*!WU#6aKbTS53>}hgleAp*HANNAWcgKmJ0SHV5yBs
znq38|dmM+l>AtXAr&75Ze{_8v9o~DstG$f**;<Bz$bhIQDEZWh7!$HDl;oh6+N2_Y
zMgCOOr2y?nu;xWPDPJrpC7W;^L69aj$*3VG$*`We6+;e>4H2{CEn>+V;kP^qsp&Q3
zP5c~)(RM$>iPygJ6P^AXHLK!2^=SQCKN%m4z-v46YHgcQ{&uh8EW{Y{k;th~>>q9{
zDOt@o*W48CWHvU76vFpzAIJr0`Ti9<R6SHwM!H>9ic&3=u_gol$Lqh)<A>eXhwe=a
zR?z8R4S-d|)Bhf?Pof4J&j+jpK7Tex{YN!37%-~b_vYwmL*0@^-SQG)xB|Fc|1U(^
zO9}h|6htJc%dC{3*d$B@4D-}aQ^;uvC7WKh-P9Yt!LW`k`J+d*eY*H{@;^^@&LI6~
zJhG5JpM=FBUNZudzWP=2`Awf}YujNQRn>m1>|kL#N=9DF$COWEE3jm-n+&9s#2zm0
z%zBbGA~{fXC<zIaS^Yx#$=q=(UTNn9BPe(g_ERu+uGJjp_haU4=2)TEaN=S0?kJSR
zl9|QQjKrcpPv&GIcS4%v1&;=CGPyZ3SWhj-RfBmYfm9@pengW*hJc!Q{U<qCUx!@p
zDW5r5Y}H6x#?nfZ(YB!0D$8SaG(TM)@wr&U>my7?dR0`Qw%}tke@&jhoy8+jf!Eso
zFK_+QJU*cz>pDcTvbr+68nYMByS(|o+(Mz+^s(pt{}qJ(y@@$Ly$Ggh`e?uR;#Hob
z_15WNN7zAy$4%MU2#{Hzaxtr0{^BzW=W!AIDM>tPIIKw^bv^&IM$hu8i!G5OZSrH@
zYLXyLI{L?VE6H`3_y4>SW}Ik;3HiPf7ME_m?JKS`nkSuM{sQ9ju|amGzSCz#YzktQ
z1*u=St+Oal(`42$C16+)H+Otp(WCk%;k7&cJJ!1_4m@Bs6lFb7H~A|6GepFdM_spW
z$AyIt>0CyZJ-dYbt#@8}Wv499`N<K}lXq3_|9^R9Fomjadp%506uzb=7^WU^pr2-t
zw2;&#IS8^Q;I&}{@sop6`uCbwG0T5!#Tj1T<`9z4)Am3c7Ps5wnW5wu5E))R^_@te
znhe9L$w#s<8MiDBNDb)W(`)rPo|n~Y)iToQsqgjPDvD`Mq^7=Sv1D;0U?w2+xBy38
z+<0HC^xd2TCEDVMZw<Wk_MTdfk;nJ%^!4Lqq~j2tDWvI?C`u1ak<7`a>8W|O^{>LO
z2ubpJ2?>(O|7DF8^wgDZx9ILuY61`wsD^T9JL&N-INtB?i8>PlxS5LHbnHum*bCNb
zBcWAIj*raR;73wAH6P8i-9`~3S?LIQVGZ*Gb>*8XmrI5^KECO9(i7vld@m&l82+^}
zw|eb+_<K;UYy8e(oby7R^TOOA&7!kk19Nd~oWtaq`_1q-V475`l@1t~w7kf5yrJCX
zVb{HkSJXh%x;)J!;5i0SvuWkhxbS9z+EQcj8oh3yWC~ZUWE;|3lGfxD8YD@wWpOqF
zY3U-i6k0{KW**2FRe3rey>9!+dN6tvyZZ_r&+TT<WcTEzXlWy}UgRZn#;4^n5iqy`
z={7+Lr%_YB<<^A@*F#aq7acL4=c6}MEum3Fr8^a>OdCk>e@t37|Chs8wl8dvg{cx>
zpQdvRJKXZ+kQJ@u-cL~EJtq#<V2GC`CH$InR|p2w0UD|VMS`+8y>z_=CNVMQd=7qk
zEjej^CTXkpCUbMUi5s04=}9b4bLo@3D90EjbHT*gP#}@lmIP{yF%!zy{p$<Qyh;EA
zj?PP~lYY3^inZ+L!hKHXnCnHyZILD@Q~(SGnUYvc0PT4?NP{4rS1p-tk4-q?>zlhd
ziIi+#X~E<<)oBTel1)@8ps#Nmg!=z-u*|2lS+J}#{hd%_PUcZF*9NyOz_c|lb{-43
z#%?EW?p@C8DuzZBv_S$&$YJ*yB9y8o6upJpH%r2{Hy8AP`nJaSsMEtJ;7Ct>@`sFP
zsAQXZ2H1%yqeEZ@yXN?&NNh)b+mE9I>@C@#2jTzv#Y<P-{+(1ra<OvexIhP7rdSf(
zzkTGMCG}HF*t3#YoN}0Wh;8H{9ZHAyZcV79cFPy@>0<XOdD~fU8sT>Wp;}Ii-b$XX
zNLOi_V>mw{q2A9s_V@I@h8%1zZhI24AU^XD7j9!<*A`uJ+Ho9)w9#bC+b{p7GBM<p
zcorY+QzKtGmWDoF`cde_F38_r>+UkkPV40_F!SBQwp&*Z+z`Cv|7AMf55mtw?Xi`{
zIU)njpH9mZ5c8zs_&DaEK{Lru_<^k}vEa3U-b79&@^hYa@bZtj4ekN5fv}44o_Rr2
z;Yeq(=~-WVv-hC!UiHLZnWBL?Y5K`4#tXU+9{jl<9-6#^Q{GXpIWw$2`N2V?sP)%v
zL%f#KmaXBs<BX1uXBIN3_Uw-9XTzp!%prbCFxqnGL@A;JQ^Eao>XYhX&*?`1Z)yGh
zJv4Y3WO3P6X6xeEl=q!z^<nfSV)J|R^}ru?VvD>6r@5i1pCeV?Vf}E%>%TRIhO=8T
zJ+OWo`Kj$)IpP=YJIp)b9fOpE%P&WNU;gN+2;bN`C0dACC+s!*R6ctCa<N|<=YhJl
zU;HqN`1c^O@6$sfa=|c;sd<4xt3h`!K12InvibWxBF;<3exc_*KX4)Y3JRA4>{gh+
zn1LgVCt&>xhF)L7;=?fy0jz2d>yE;rE0PdqfBLZKbKRYJF$6$^8aO{Kfc*8UL02FM
zF>&_r0nDSnfE}5k<~}U=yh98@dfq=hw^HOeeU0=$fdCToyblJfW|-grMNYjd8R-e>
z?mpN<0^o5smJy=vhbdk5?wt?tk^fWorXeRa*|Zsshw>h+dyq+a){rE|s5aJ3pCF!>
zH5B*<p_@F<wS1#W4YK{43c9l}9WzTt2`QRCaOZ`|au-)J8>&<rghx*nK6u}GdH-Uo
z*Rs#3?1B6AXIQbnIj(1Togiz8rS_B3J$LQ7$0s%&?*swDl|J@XEXwu;WuoE-QO^~4
z?qf|W>V^X@ZYm;1$~iWZyGfx3c=J>5M!^o~b^?yEaUOS0vez5&MCM1{yB7X-(#!O6
zt<&c6zmIhXtnWEq;O30yeBQribwf-M5<+aqM=}XbH+ab(O;M9e7^m`lxqY99_R)yE
znQ)!f%lO+3vc4PjFIFnw%Nit6JT3jG4lN!1sNA4r9<)uHDc6nooR0`?F^l9_9iTxc
zM#QC`UbG=hC1~#*%>LLf@R<kA5oprb0M!aGpQMUV=;%*h4KEZO3_f}Ff8TNK8VOj2
zS9onQ0Y=pQxOc{QqsRJ>rRIx8K>YJgW*{)e|Mv|8WBYIe__~!tgSfy}>4h6K{&5~|
zx?L}KVB0Hp`t9ZVz&;WN`oAgxC~pe>Q{t?NWk-4-?f=!0ikRa8y0;J^aX@%_N*oP@
zk3z2mZY`mQ2;$Vf8rS%s+0urzf7TEfSzfPer+e!dXBG$5hGy%SBLeCl1AgQEHx=zB
z-g<)5ECp<gyTflq3^;KymoadZx&=)@4A2JxyC=8%+7sSpOOXXK){cGj+EGC4(R7wJ
zg<BJ=Lx20|Gnp+sB}`xs(}W0H-NPsbN0@$kQra`sz%jhK^dLE;o6zgs?JyfktD0(P
z+gqt+)r3Bdd+o&@on|aVP|0VW46oeii$oJdCUeb`EE9cTMc{-gExDo}OxdEI;n_s?
z;g>59R}dcS*iBY3mhnU)kfmN51FI;Dr5;M%k~_rvWUqV8lOs~2bqF2kco}try}FtJ
z=3=wkfj`Bpc&f=!>LBWYTf7!OZ>d#mCwvvS8(&Wf`kF$SaQ8-*qB4$nDgJQ_DWywW
zCIO}XFt}mW<vA!2`YZ6)B*aE&%ok=rF2Yfj)96!u^>CQXtM($r6PYPV|A9e61Vu#;
z1!AXEO&|+&ianiKpWBK3@Ml?QYw*9Zq|j*mEPT#;F85$xM%pB9#?&UEJ`>6lPx?gU
zhWv*H!&6>c4TdCMHXBkMmi+s}oN6~^KDzps)js~ZzNgnYLN!8G@x@-0Hk3t<B6Q!c
zLDYYoq;ivAs3r2SjcD^Gpz1{^U$RVzO}18%>8`(tyT2UOaXHg)b&2a4?4HBFw_WRt
zHQir#*hD~n$36WDNZ0W7cp{;;d*rc%KhkU%br@bG@x;|qDrTgRyD73!q<?d%y-TTa
z3<}n?k89S`(<WlALI{hcr*q)YU2(~IGW9v*a8_z<K57;=5g@vHp-fYv_2bL9=Ktba
zu4X$M4_hzh&SRY}V$Q1u!{$y=lnE%xyUZZYU+Px`!*qL!!l}0xXrDgjC0C=bd0M>v
zUcUC{Ef6n+JBSR#%SKdl(;)?(V$=q+8rCCpK1<!6fjP%*_*pgg{=M7^*nr#Dg<(nF
zA6f9|<?@NVXG5Vz)5+C^q7R1R-UMEj-CX^?iC8{|TNfPP$Cn@P%xs;IAS-rkk?+`=
z)S*^lHkC;vNAAAWW}SW<pM6C#^ymSfajuj`sqsZ_L>h*Ah68rXmcxkqC-by9ym~}7
z1nFvsBnnY-y*ouz3G_*H^bFGzsuMfiDiq)ElGjTT-eqgxLA?hcM`dL^)7kzpz7X*H
z2VXcHo8w;bZik$gNijf!-4YU5Y|E(`4XaH3El92;nOKrM$jw1XF65-vK|jnTEA|T*
zCFt)^a>q&C|2aM_*&&_D!zaa)nb62W0yQ-?RipY-X0l#d@v-plo#6^W&z)JnP37P4
znUd=>4}@2o*WXcfXt27vI*8<4+Fsk=H{-T;9*i{!J(e_~<ujj5&dY2_ZPP$LatrNb
zeIi@V)J*i0yXc|oftm_P_t!a{s>^G23Sz#hVfQo!s9PnlszpgohU>20KR$`U`)~b@
zDen$1?e2>;1lEsM=9(;7tjGZg2IRibLb9+%e!eI~pQY0@&8*Fg?Jf@m$6X3`@==Do
zz_b|6J4_e+f;}lKw8`8g%yD<tVj7zkL-v9{@~<r`eX89AO@nfz!4N{?QD}Ms01PW%
z((@8RF1MrUu*OeLm)S3ql<}8CB||+A_NSIt5XQ&gitI^XPVv4d7>k{~MFv0W{E|k=
zx|&!#vZwa&Nx~Vb<WKIiXHSZ3Q#|N{;)VI7bl91-p_Y6=+*Kd}G9{z$3YY8nA8|c{
zX8V^rvpx6m>o7cKHw<??*Y0JAypARTWLs&J`}#_0jq$x!`eRj#tW}kW`bPdd>2cm_
z-YjH-o(R3`ODPgbzJZzRhSrkHwWi&K`#&syk<fi|I_Kz*U)~s}g0QjqN4zsYrcnlx
zS;&ZQhv0$*+}~D*Kpv<34$vW%B&VO@^G$(pm|-VMOSel9w<2mB#$ZZ4GTsb{$XlF~
z1~cutSq1hokXH79o*a)?2;ve7NpG<UrS!rCM&dTi)I>z6<Y*F+K=5O%x6-Q(Mt53U
zKVFC?U*Auf$`Jxfj;E4TIz0PKArKd1`%-B&Of&NFOovyyQU2DHLyjzVX+r6a1MLI<
zXOyJdV~jk^oYPBgwgZ?jUiSVS#gt72sy;?iPaNwCJk(gm*JDS?<GEQ*%A@_|^8URR
zI|<((>;to->AXaO0>`D>dYa(i=IMpEMmXjG*q4Ii7w@9wlYDSz0-4)qhpQqfhTF|A
z+p}uqn|$v1)ovej`h50-hpnMUz3le1tvr*#qe$7uG58~ah`-r}#THHn*JueY!8jTQ
zy1Z(qXok>@(79sVvD}cT`quiF$M+hQ@d^&DgLOEH`pE+;=}x=DjDy^1_D`!c0bn6P
z8@!ZBe!ueh6n3Bob3e`1EtEZ@+(oaFJJb5tRpIwb-FNuD-m&ugv45;rvg;Sd9lh7N
zUoG@mpLX6P4&bg_1dp$jxp(isy4*VaA^VM{JRu4vyE$d?S6^uB;svMQ@x&vlWBiw;
z<y#|xLDNUvfJ@%eicpGkuN5;q47B&qGuoE2@I7zB=@#+hn1LRFfj{H%eM$#|fBgib
zUvMYyD8U*6#nG$TZ;wmSfL2K!ICqu`2ABjCJeZ0Ywr>zR^KRJzCz?Z|@PKhcrGn;m
z)BgoR-vHiT3QrKn$z2`@NS-KQv~I@B6;S(~Mq?_;Z$+Uo<`9X0U?3i_X7{@rhQ=BQ
z#$I5-2%yX71e8)P@$s|7KO6R5ghBUvha$XvmAB0l48jMy)wq!&WoK0G4#fn^IuYuA
zLEcd~*Pz9na<j*+UT>NWOvn?;s!W1XS;?m|zDjsk>zDnGea|`lK0}jbuuedI=P>&P
zX75AFy$KXiX{VR@52f>0V~$E|aIJj!la74yMZYSC^Rzl5KKb@tOhlwJfB%5Bt5C4W
zWYnwV`ib|S_P+PnFTMD5Xs5p1=K#60K#}o)a_GtLx2_#cw+CJ&JN!u?_)}x*bf#rD
zY?whG#H5qRm*r_4GxH;YQL6x)nu_2HYi!YK>~^dqXt8<|^2TMA)<L!a3)h3GX$N4(
zdII^K_!?(>#05529T1_f*jJs1TN#h;8-EXR6#ifxyx{l_P-1vXpJZyL!}t0<agwQ9
zLb{?<Dk(7!JvnNdotZ+L&`ho5p;5rP>f`8v{hff)o2Y?;zsI;g>Hq(J!a=;0$lmO!
zDQ<4Crckf&Gv*J4>gA7P82S?w0C!#;lK2)cFMHTLG1UMD)&MR9aC+1*fY>AK0r37R
zZzvkCUP+F|_yCo~?2l7u!Rql`ATnmH&$$qWHN(hmrjnZLYueUPYf?EBu=D;Xu%xAU
zp#e=&{2=FI<Rx9(o`MO<M{;4}(;$^3JU&QaJ_1o;+5Fk(1YMK*;Qnr5Z^L2;<fGxY
zP3pxD&5ZOL#*2Jldm_>rN%sU-pKcCy{tCCJ3(36NGF+1jL+&z6VP6iKp}BUua<()=
z;1pY)7aewCJQ#15+|TV9U}ATTrP0xx$qjAUq^vixgz8(};oD`JPThJ=y;YxDbb?5!
z{xCc;{Cqb^m_%F&tY@lCw(HydWU_Q>)^Ux@-d$eCy|08uILv3*DYW!?|69(%>q5{3
zCX<&hja-b0gjCGb6~tFV1gw500knvv8ZmkFap`62JNKsFzi(tOH)F~!J=a@Rrzemy
zr_{8IrckG&Vuv#9+Sed>tOYc~4a54{Cqr9O-h70eXPDfQA!&?Kj?u`1L0f$({@RH5
za)6{VNYAJynBl<m$mo;dCcTG;7kNTX4v!u%mav%qOOe9;=lZuhE3F?c@ke12sd2{W
zhYud?*F}mR1BO29R-_H5uLWmcm_pU1*-*z%N3fUjBI4RvwsNchXPIFq&zA)*(l?-I
z7fP7WBGfT-rDv4*Zk^rhduS`MI~mMysQG4t!~;zVWtS8he@AT1GlG!PBm$_sf9y#;
zpwUrgqIxr+uyd}GS9Wv!EEiv)>^>)Re}DFB&;;Re2`=X58TmJ!)~AE&L4=nGHV+;U
zGl>X&MY@#6r0mr@aAg@^MQo4($<GJr$AWx8(vm2FVGEvrEDjKekOvfve;DWP{xBgM
zhq91!{EzsOY`LV@WaZ~&$M1o?rizt`1wgQouaZ0-G-xPgXvw;uX6|#>Et8FU($eO2
z$K?x%*E@}es=absX-s*eYF8KY+;oN0B4+IDBx;f)WGs3){|GIpC4miy&ROYt2=|{#
zpzTBch-f74q7SKppB=bd+dr6|5Im~?H+DC2VMnm@T<cLXvI5n10vzH-+FItYssJmw
z<6pVwkSd+$LPM%te+OIKkuFfArIe)=`M;V093V>&#bB&aS)1~Z=vUg`@YtI@K-D7F
z_;}`0+GB1Z>J*T%QmiMe1W}zfpyhc!no_a28xU&|2=YH<q>AgM8>deB0#;GVW4}M~
z5VCm|Ma<_SoL-|v;F_s!mMWz~3BXSv3UxDj(D@!d4<B{-j2oXDxmz+AsPHH2$ED2u
zo3sCscc$-IOf7c+#8UMh%9<{pC3ihkxLs)OV?$nS%XCae)Ir9xZU8$CjQneyx_k5{
z#M+^>Cy4-v8aPZXSqP(#FY#74H_w$%<HT~EVFhvbvN6ZVb)$zbpqG2xJw-q%eE`Tz
z617`rYUA|dX8E5_m3|IOJ(My`_?Gc4+wns2^|WbxYLX3oZW;@3dL;^gc>s2gZx6aU
zRiTX<%6|Mi?C<5n=!^D0VFMa{XC@QJ1SC)rtA7ALUSe(dsel(_oR{(1(}&bdpgp>A
z+IXU;7kg2TNuKO!@xt+6LE7)1l1l!gn}O0WwWJL=J|Bw2Ua$96;9`&K06uUiC1R%!
zAE$h>e~>2-TdooFZ{5Jdy6^ds@*Cx$u%z7j&vwGKR$y0?#k()v*?HzO&RaTuPe?SS
zNnTrxztzm&`rw|T^C^rs<zlAEGN_xkAssvGb{x6XqQyB}KRP8yE&D?f{VwNdrcc(F
zU=i@vO~<-z<QJME@K(>Uz{6w0SO1=&Lnd-Y-i%Bfz(4&B$VsOFPaaZE%rJQ3L&1KY
z(whhT()wPZnG-WiwgN{-!^K|$HaGj=&plo(?MnwNOo+*1_<%ipp-FHHMzve~TkV=~
z*VenpJ2EMH^bz4dH{KNOy%UxWQ64Kn*c;>_<LP-^T-3Ify*}|V>I6^cw6{-irHv<Y
zQ)Zc|pYX)TvM!M=zVjYi@g$yx+k;)<h0-C1#d1YR1-k|WDbduUG(k{&3!PH?JAF^-
zOfBkAyPiicdXIX{k3zbH1&DICl13A0c*NcinhQuWH@Nb)uaL(ED#pg*Xt(S0+8$hO
zTj|0RcoL3J4$k|Rfbqnk8Z|w)h#ky3eh#>c*)?Dy`{|szJ|1;0vndnO3A<xh*6$n>
zWt^=vr0Yy_4;_(UytUVDAQu2b{<?4)TrgS0j1Jx#alww=19ttAbil6rj=E27AAgrV
z-(`=Cyx?`y?5%9P#8+)v^xMK!C;C!qGn)TeDcCgbbi$=A(|<b!4)b<Z#YD9Gb%v+9
zn*D8iFgbEOa+c<-c#Dv3)!xhPZ#MR%KM>J)EXvozdBrf5b(vj=FI+ExTNJw_K6+y~
z{6p$u#$N77f<d{kU4;ERynY!TGXP&!n%#FE-C4a+AF6MX4LL4YoeG=~fXi3~&)P$p
zrl;rJ<*8r+5W$Y+Lcp4Dv)!`L9Ha>wM7mk1jBJ{93bBWEf<8{o0(u4qq@;Lp^hy&1
zJatI}5G=9B>*1HU2AX-v&)9x6Mhs!__Y!;9;E8}xMZl^<*Vd+cWFnsa5K_35!CW}Y
zZSqo|3u-03WrH-Ib6wmC_7)T+nn5XMR72>@uhX8qI&%A!>h<tJY>}Vu=4>>V6YlkF
zuTHBbBJEaljeKL_i0_l8&1l^>8-wf(GmO^3XW?b*t?CNFWS<|E(8oGDEcXbv^s}k_
zJl6Og(y<cR$3ZDLjoQ2K_sEmOe0Is(kRjmiK=pKIqy70)&~@Xsg`L#B%1uXS&XIif
z{lUd;L~cZ2kdkze#F+0H=G(yWlmm9XSVhTa)m6iQ_@|_VZ#^MBk7hzTsw$KB&HH$=
zA~qlT6w`n0*;<FQ#J3VepCANaCEnTdlzxTM!ib)+t^w+Mr|<ymN1b%Z|NG6)4#W41
z6bNG_#Fv=_(3cVDBXHh294`KL1F9xghzKq1fx|=j;t5fUR^t=nn_W4MFO$uZct(;G
zQ;djm$M^Y~#tF#1tnb>gtg;0+KcYtXFhbOF2@Ol>!KL!|JZdNqlDsI+tyhnv^@Gg~
zx2;eF)9K?a+lJC|Iri>|ri4#-ZAlgs3grTJs{sYucv4B;PR9RJMCBzmOJZ2DcNu<4
zSOtu6sCbYF3RUgr*M>E78DZ9hrWy^CwcI0GhQsw*;D8nZ<x^siP!$M-s-#aqB{HX?
z2&7Vcs|;_lgK)hU2%>LlU(?m95b8885@Vbym;!gYpK*0Naj@4a=Yy=(-UkBQRh!MP
ze{#p1JYRr#zb+v`cZ2g*_NOMmWnC?1<$1QfUuh=p!DVbq`!@kxM^If@ipE`o|Aw9o
zMXnuP?|YmeU{f%(A0tHi=AHla^m_j}cJLgf30S(W`MmlY<KGUE*vG@suL>Yw@hx=L
zTxh8D=FB!(O(ihP6s6(p-$HkM9+H@hF6qRDI{9yZQJ*zdpa=2pp_<JJre&?npimNx
zmX`Vuq0su!Stonn0PL6MdV3!-*6-cDDXj`#yP{v>2~Z#=wDGse`mpwZ9)&u%3$)Rl
zHy2IRXh}4P@>b8YVV+dWnK0@ou+OVEpiuh6=uK@{8?H5}Rrag+k)pnFTK+-VFzrQ1
zcu?Lm59-q9#gxq;!wk;MZFpZ^z@hRs9Ns<fxO&}4()ZUJkJoP*ja?!HzM@fMwzT6L
zG}R&=%n&PU0oNQ)C0;fLz4}Ctu?^@4E?8wrPtZ1ToB3))!6t92mo4XA2U2Re=KInL
zVv=A>a>n<jMI*KhQ2C}MQFL^sX?Ft?A?7)v*?3!CpOVjlr`C!3BXQEJP>=Ltb8#9h
zc8buPtHen{=`oJ_lL4xZ!1kWQp9S8@nkk<68e94}P%H=C+MXkyz}}9_^TW0Mns|Uq
zkoq^|+YDFK?yMcxGx&A|uI>G2d3EWT*dtLMe1$r%Uv9X;I(`Gdfjj*_Nr?%HoVSd_
zTGbjk+$g;dYYy>>Y|2Yr&K0fBdh5EHr6rAJ365i6-ha)F1i+ZYYLrK3LvwR$hc~Vi
z_uAKwC4LD7jKT7j&$q0HUab6+(ga3(Vm0TL6b)uV<ChQe-Vo&kk$kK!^Ymg?;Gzw>
zzpc)7-`jZhXbZ?HAg*pogfl6RIsvQ}#D#u;s5!-5-ZUHiUAcRxL*~q47ibF!l>kkb
zP)W7zLQIh)4R~+3U-;#Io)+zhrpo2_?X{|5LP82cLaB5u9_{ph*x_G@RFjX`R$T4X
z<+`K&MdapCFTMi4EYMwX9~XN8EUlSB-C3q5rzfXGrhkF>BUF+Eght-Ti|n^Xs#e6r
z32tudXl*W8X|v>#XsGcis*Mt}XhETB6kvqOP$Kt-^CuVO)FY{T**1f7Z{IpO96fl@
zflPbop~Y+lRW}Emo>rt&b45KHr<*?+F;3EL$$oo%l8um(=E(utx*j1wV+o;9C^Z&B
z6)v4Hsy~-Q14qHtD%hL-(!!R0-3qYkS-ntIBMX#=*3-&+-bYQyLr!$_jU;zC6>sDo
zqsTXR5F-^E-zXm#Y6+wWwTu@5MNFKOhuK`~o*u8S9T%2gdjI$xb-WdMJ`_7q(NFk~
z=uAN6{KH@#ydc2oFX6lT>x-vJorb=W;6$J7ok1?^bYe40y-MxpY}#(=0JK7(Y6wh;
z^6+zbY(-J|<?*|Vb(MA7omgY|%bl>np@lOcK!y^f-yz*7vzH3_#&|YI8|f3P;d`Mf
zB<NP5^^5G+k&M*DbbFIn=7a_nIpG+XhaC7cA|jNPsSSBk$D7|sZ~CuQB<kj(t8RXO
z7{H82JZN13_=La4iN6y>P^nE(eZ5DaeR+N7qCTs9c`%mOFrCz#VIMsv;tXk*M0LnZ
zy$lPemflrPF!6oW7}bkI)vXt<d`WI^2}pnmLw!21@C)LBm&M{MK-U-hJMT&!{3`vl
zuiM&gIF0PT0t6~iqo#yZe>Du>$}eTw$+_{?<nq}Pfolz=^7*CJ7JMePK)yF!-M)**
z=+zvBxuTeb;u*j5Cp4iB3wZ%M3a@IOWV95`TH)D|V%0^qZzqi9w}V>xc4Q=tirnd+
z_av<Ch^_N$ru58k>`vz-_k|p`JNX$a72Mzb;6dHoMomt@j*cb)=f7%_o*x1Y6KWHB
z;Mk@YZ-GCRh(pp-43hF9P;oIHytP}Eq`ahUZpnni0m2-Y`?vg%A$m>QM+>2bM2Klj
zfKggExktd$KK^AVft1a3`A6NwyrQq;SzTu}3!U8a3JaJV?MlCEdbH>;=jX5eVJmTt
zuKrWcL%5<R@REz|x1+pQ@OO)Rc?U#%a4tEUSLoxh8UE5nyMjK;m033FfbN{?cWMS9
zq(mMrUli-vT~p1q6}NJD{kG<+FK5m;l^;BeG_KjNn_jNhY|5P|zw|hBe^`Co;-dih
zv;p)L3g0TY4c{yevUS_;6x=B(>HOWP_sA;`vJ`SRV&5%MDa<#d?Z`SJx*MNQgLTds
z%^!+A^V+p8mH$$4wDpVlId`e6cRJydiL|xu#gJBSkr%Sz<2Qe78q3VB*O>p(dKF%<
zJm`1ib;LFxLW$t}Q}>CxLa&d=p6c--AGN)m71`N7GaKkX{yj9r^5FbV%k{IGfp8a_
z)~~XYGG{k;Tb;k;l$j`vt@j0fISEPsi7D+zFE@908c!%FeGq@$@XrX%SO5vS6k!r2
zp%eiw@0ytq2%quV`bq}wIr9osnwo&2S3xjfpn{=sfSDEuK$D=2Y7mh#y7B;j2KHV-
zdK6#+HW4O}hQ0_G+5lX5<~bL+s^pP3_)J0^jR};&4?+aILW$b-+0VSloX(f`hMWiX
z4@#aTJFi=v$DBH}r*AOnI?+8oT9+`)Eh>PHG?qhhE<aZ(_{2s<4XWNHUy_w5<bc?Q
zXL%j%lrG(A`{`{X{di;=MZ1`|`h3Sh&nTuuj^hqeajA!fO41IIe=$c#^M~wEwQ)4$
zBvinmJxZwA^c`$Bd1F}}yf5_KB}|31fO1|~XL!q@Tf7-vr#(5PG?(QJCs~2aj`$5|
z{ZvvWI#%I8obmJqCWL)5`hD8rRQ~_r?z^L!YPx<yktSV0s!{^dr6V91dPh3ad#}<0
z1P~CZf^-aBn)F_T(2?E*Dbj*SlNumEs6O}jeDAmJTKDg}zP0Y1b&@kPnK?6O_Q~vh
zX7>K=2iZ^4#z%1M9OPa?l(lcPf2WjxCvfbq4xB&SZtMA}n^s(0Fv9in-I4$f3UDQ5
zVPpmZ3HV=~?D(zhxA8LIp>>y|R{2UYF#8L+JAqr@@RG&L%>?Xs_lE+v&!2+sS!nhL
z>h7JzdJigQ7z=H^XG<ka8k~C#C<=<u;%K|n9336HPg5leaVRW&GHR>+uyu0ca{D4z
z@M`k*5<0#sq&(4KC5u^;aQ~(1_&Ph>{WCZfIW}pb`lQ;&TQ#@QxGex{gg*qHJ?VW4
zkP-m=%FI~C%%~!F-uPVDBlhzev_?2E?k$S|Rrf_1msG(y$@vcUz&<!41#lWtdbriH
z$eUuhm?^#Qw3VWD%?QZl?j2KISAezOIOzzd_GXGv)LrY=6?$hX2t7*tGUO^!wdRn)
zT6fD|U65q?eTz@ltbH4o^ub!5S4<3wQ~{zI!v9EWb<M);gGEONh(NxqF=H%ERnqv0
z5{E--5hX;qvZg2enGzjN)V#UJN!v`cI!9XRgQQL=bDkC-i`eP;<}{tGSA92oN;D2s
ze_}+G7#KXc9l@zv>H)_Bi`qrrlHRQ(5mBTH^rIsHl;XSI*ljWTE3?;wvq}nVd=U|0
z)bHM}mQa>sd(@PjO8UqLL9<67ln~m<Pqf6<Io1d<r+x7cPgzq0)|2U1+{o|86!%_!
zE03GzBCN=E;<UCOUb$RmE@shlD;#K0o-~wtCZAmb)o5UxYAlMdiN%WGRN`g9=G6xn
zn4*Cpzdh2y+<a$!ZT<zUeDzOlN=OH5L1I_-I{zaKbTd_0C^YXkpt4oQU9bOW^XN9C
zSLsJ}yix+Ij=nKCK`50rnORi`iyr#{s}(4LBUXeZQ1i_TDbK^^6F;l9Ldwpv?oNUr
z*h4stag>8W6a^c|Dg|J102?0AHtTlupZY|a;fcQ7auC0LA({QVXm|C=mQm$*;S0Y3
z11dv68RwqL(}O77CU;u{>Ly#IX=fHzc?E^YDCU?t1shg2rQ`>6Y^+aGjzT`vF;bIh
zUQGvnG){G(u^Pm}jeAe~UJu}WF=gDu1{6<fC$|XK5L3Atr|yTHnT@DC4fM#=YA_rO
zm%<!>v8lQzYeQ`C0191Ar^YL5#`{6%rbA91Ij)LLTSR1|_Ld&<)-HzCC^A%bBt%8L
z7a!gK=_%tF@%#7K1l+`S0#UdIhS&vF+WIPydFU7F<Bdn5w==ufk2TTVT7NX)LXNvK
zb5`8<;j{&1$@gx+!tV5frZk1~+{AK9&Jc*zF!-H7v8GZ?5k<j3?V+?N!q_Nd>8={J
z_B9vL4wWyEn2Z88*eZe5pL_QdVjXkxA9wy^^d|Jr$<4^-)uCH$sAso>s?f`ky{dZ#
zHesCHVA;@3a0;GAPYSMroNQ!LxR5NCE+zW|Le`PUvN%qQjf=(y=Y+%wWuL#-pOQaM
zvKb_&Wu>438+iS@ph!d%Oa8Pm=g-aE0{Ufl>ygin8O{;@KJCg>*G<&dMubo|&)i-G
z1~qr#V8~rj#{9Ru<sxAU1TG*JPd`mjudgCz!>Urus!|ps$AL#K7)h=!qA+(iH9BFD
zZBc1@b#-@l7#gakpo5LgQBhh}QC7C|q4N*s2y?Sz80a&;znuu1T9dpT;U<c$D2xBi
z>G}8*^68J4^SHZ;lGlX2l2n3sXCISOgf+0pA=r0oGJl}6I~eroix(Z+i%68uPG-#?
zDb(&UGlYd1kc@v-V(*d7K`4ePAU+0L&0TzVmnkZR6e`#RSimfXgX*@Pdh^<I?Wp!8
z@iD4a>d&9xNWdQFkAYEc#nsq?UtDXo;q~30U}{_;=OTeVqQbaBK#I)wLv>sHxp3Og
z0*u$tjp*+o0U@D|2sARdHh2H{N|9QJ3uro++}5iT7Ts__`IsUYM?~Bux(9OaY9}!3
z3K}h5eebP<kwj-?0OS1NvKU=d)1s?G3MpD$GljnVy+HH$7qN!TEsx%mUjvM>AF1pU
zwT!Zi?OOfalIEYk6{2ZT@bmStiaJcu^2v5zOa)M7RK{P`sE$TC)Q^i>Jn)hCTTR(#
z>!8Xh39(XLIM@0pqt?Dmlhs4P%))6>AlK7RlzECbcTAc}dv*K6Z+4SCGlRp&e@U2&
z<0Rc$AKo#j#rRBD0~)9~h>Ih-gX6=bT0fp$<0dS^hL}`&y`J+^%d7=$^?-%Wxz!YT
z41gKYYrG#K_|&6JPZ`x<H|V~~)3U%frnJD{zUxItwci3Y|K6Un9TbY5vX?hY#&nq<
zDNa?bjtHZ6QG*GmjG4hZ9hYQ{>u(;r_sA+&3}zrDpSv7XYqfW^cfIj*xo#U-g@7zh
zR^FdK$q`|4YvFuOa7Eg6&dBMAN!C=qIZ1^UT{b+8qr?4*9~`<j8<K&?eo-EOm?{qJ
zs=QU1&|lJt_pXP}KM=*texBl;`vo|HtMs!!RVLXqkocT)bdgZ>@WTf8Q^8Q<T~AY3
zLG(r64Al1JGSPvp7hTou%}<lJ_1peJ1d;C_g?7+Sxn0KMhVCIc9;RVk@>lXA>N7rk
z7re6!UX^Y=T^Z%sIAOIwpgx&1Am^9O5iM(x*MRvrAk}a<7_(0U#^&yqGAW+0233?1
zAlgh-&6lKT8v=Vfn2rWOh`A+AK)C{iJQv~ctU17Zwuy-W*^?r_jOpA@OQp-u8mTsD
zSq6`fy>YM%S`>C0AJjbhX6h+1X$($LJxg)*+)nXNU)ftTST&eiK%TFf!@N(kzZ<!c
z6nN~1%yO^N-@NK@uP}Bj<#@en+ZE=rkvwUhvzyJOSzTA$^#QMILc*9=sj0eJibpxi
z$VlB8pKG7~^ajR}OH=q@Y;v^kq^hlKm_*%_aG-2C&?=9}ULw(WCrf0me+X-CU}HQ!
z$z3@lfpJ^0mut1p^r(99V-i<H(dYSB2GR#%t`O$fnwBO<4YeOXIM8HuRx4{%?Ly+n
z-%M08Oqs15zAU`STlGf_$Vh1&=5Nvicob!#y6tuD0u1HLM35w|_3_UY70FvFIrr_3
zDoT7!=)@G%M3p|NiR=~O=pH1$ekGr7r>!|@=zta)m6s<LP!Jfac#HSS$%f8FZA>)E
zp$-D<t>MMQ#9)JYC*aji(Z>@mq~{`ZfuZ9Ey_UqsRjWn^<F=^8eRW5qp~TaogQ<|*
z5Y`X?C4go|6`rB$TX6sQZ^|yExFf}J-c@&mlLtVpgCUKb9;@;c!IqXi933Utu5P}s
zA-Wf*#`1%w8nzu=4Hv;F-+Vn`*s5fnNKB2chJ&#bN3-Fw8{lp84j!^^H_<3eCytPH
z?*Mkz0qM2(EM<HQoVly4glTSB@HuTpzL9`Up#0dH36(~j$0USjQhYr+=@r%`pDpDM
zne0zsM9A1G-acXBgMO|k+hj6_z8y=gEJvcn;p6h}&&<vH=TbbpMF|%qgO(Uu$BB-_
zCC3*6BApZjhzh>ViLqE5%nJTg!)+=O6-%jF5Z{aGmml;TmUBuoDOPD!utuQA65b{B
z<iP2K@Z_dGX4G4VEl(wQ-9>L@%D9Zb$F7~_OeVsT2{5U3+dE_OQ#CW(H}z%8ZsxM>
zoS7d(*hgyIYqs(DM%Z_{n%Ta6yxLH<K{+oQu#y0$Rgl$Iq9k?}c)vrsy*uBTy=2P2
zC5FyCOae1o6Nk$dSrLH9<!<k8Q6y($8zGAwmwt<rNW@iRmufx)1j42^pf;#yfjt-S
zS$~^n6_j;-*()rk5(Xk5w_xzL+;Uu*6<1(Jn<H#4uP2yl2QK-Kj(Q2mAN!adxx>sg
zOWt@+eb`J%=6FXA0bv97GPxmV6=+O9hUX@GyRp0^xKqYwvhy|&jk-DkVUaWQgj9EK
zuhC4@E-&mLHbRH3Rk2CHfL*ODVrc8=x{GNCb~lAYj7?PqA+I}McmceHm;eL;h4$jM
z7TPAk?){?0TAMvGDU9QYAednw2i-@sBf10s4CQC~TsU(7t_z)EWDRLrx&_uKKp@Ec
zt@}B;eR;t0A!?AkBuqPu0N0}A*~@-Q|Dm-ssEb)b-oB}2`Z-|Oy1Hs$K&|aAcfWd<
z7|-wb$L_4#16+}5B62KHboUd~Ta2g0ofPR+M}FW!W>D@_Ll_7bM8sWW_xr7+h*RjN
zC%8$-DFlIoJrxUxoRH}pb9J(J(|LM_>b#jdIez2gX*`l|1#n6bd3d*!OV`r*(s}nQ
zu9Wv8Kn{oi5<T@HZz|98iDl5WXKvtv#18ai>jYitdWKC!2{!yr@K{O!`}tZ-40%Xg
z!N)QpfNCHRZa5~#{BjD02o1>#2_or&MmuIb_{qwvpdiOgPA+FzK#m1jxIA>V60Km4
zA#Ji_S>z*p*_F3KH2b>%%X^krOxUsy)O*EX=N*$=FVgkcTR1tq$Rx0^Z9rhP%Qfd&
zol=62tEk8}I#J2T!_K{pZDO^3+%SF&T(dmsF_N*>i0l2peRbO`TgzBHy^U21pG&2x
zmXA+xQ%^9^L2iCzjA6pfM?j)Q%UZ?4W7wUq!Yh4KVBm~pfc{coGt5xV88l#T;@L;%
zn$*x7=wr`i|2-R&>0{)v2wLF7i->x^+~vOcj+n7A2-zaoxncg(I0K*4x$RR5Zsg7r
zUZ}fp;H0u$qI~LGFe#&Z)_2X~C_Kn8Rbyb!3}m@o3hpJ43C-5{MJ)f!I(z(+nib@|
zVG=7%gsw@AVWzixagAH1Gc_$f4>51!lQ#-OSd!uq!E59%q~u+&`9Q44{$P-Op}@rb
z%ijjd3Y=w>{;{Za7<yv9xzTvxjYRwP?4hBw-Uj9Y@nOlN@j&1!(QQY{MprJ(Bn2H@
zfF-ixVcyNKXB6?R(tC7>3C-b0EHeH`X0++xmSs)oJS}J4(yc#6ChgByIRarRYQ|s~
zdANX4NMFhws~|&;lLxG=5uX(y!#-eBzWQkUy!%mEVT@4F{{3<5g-gAoovWEu+^0_m
zuWd{C9tYpZ_)9#lJS?3l%JSW7ZI1N1{yg7)^zPfr(6QEs?;e>`zI8HJXm4Pa1mB=4
z_Yv-wFN?F0TL7lRg?+wyaRJSlH^5ib_{fR@uYMX0+NLXjX&$Cy%!zcwk_2TB@Y!yF
ztNuItmIaG<W&q3;*%%0i+c%|*JehITZ&?|i3b^}-$xwZ)%3+7xd)KlCsK%6GO#|Ap
z>~Oy7ij7mxHD~j~vkHALkLM-k%?ckPPLuZJD_RBB^Niz#pVZcPfA~H&EfVgU;04nr
z5NtFW$j7&Kv;5dM1q}*-`P!s^&XC@U=DW9S1a5z-WL*|*$E|fFrjeItTllD9E;xke
zDVSuj(d*Kc?r2E%k(7F~^W=tgb!BCIv%mN&v(v>=vlwB;VUeZzBU01gp$|hlo%OXY
z!=0yH2__GFjy8U<G0{tX@yM59L9(Z3=XsjOTqvf5MQC2CJgeg<!ZP@Ybc8gx`u?UB
zTa|RyRCN|ZNa6t&AL5dDBw?bHSs^g=BzlUywOUfOmVLA8`$+Zok`9`V?<1X>4K5@d
zQ{Y@l|CC(tE>}ytDmYx%FqWvm#sGHh1KY8<nUe8C3oq;lN57Gnzglw~&Q}%h9CHV!
z9*oIkszUgFZ>GXl(o7z!<}{kX?Fw4kvd1S-ff?VJQo0zBW9}EO&;NwpWF@*_LMCqk
z66x5bsC_y{UH~fq%RztbD>G))0j!>C-DMwP>5U6pq%k-I3{Qns&@6`n`b!1)%EH3D
z8QKTwf9trSLPu_lFwmR*PEU-WCzMr9<s`KTgbmk7%@z5q-Ulw(m1upY`HC*rCsQGO
z6i0Qs6q3w}TRBq*QRpF{#BuMLdcT~LE4}{&v@U79B>YJ@$~jrA_N9_mVzluJ_#kXv
zK_lbzShYWWxtNAaTZ*v8IBK>iYF>qvK#t3p$uDA~#D)Yc&`PN<CNSJ!OBB;U7^bF0
zlzLT6;qYpXLxn-NV#bxWbo|ZZQb`qVf&<#ccSO{@Mfsd=Tog7V=(ZGQIXipr$H@SO
zmB_6L9_wt0pl#{bSRs{>$ZxJhIE1{y*`}gMkDZ4J2w#GZg1Kd_>l-#ZE{;zHc%Yc8
ztLC+=<9-x;ZH>RnHF%y0^%Iv|fE*&nSr3W<ePt~OrG1>P{}oqu&bJ{YYw1U|%co*}
z;>U}zINDwDH!Qyxq)NfbvdmavtWw?G$S$<`pT)_~-D}@N{PtJ#@~+D-DgaoL7zR!E
z+lG~{+8ww&i>weUNFKx#a*MRIw9MR?3hkCyGpNQC<>#DYOi^`Y#dG?=uD`xEeXlpE
ziZ9Da+VXi>SqfbVfIorLc^euWy1Em3b9d8mca1qchuu7u2}B0Dx}Fh`gXm{g=G$t2
zt;rZ2_j9C*d;@|0vQL80eb~-gzNF)`yVafNlUG*@ZPl*dYyA3P<d%&FI)DVAsC}R7
z3e|qY&fgZJcNQJ#(<I$~*_|w>F$&ZV2PeHT<^1!aVB>0T_tq<rSSDKRUM5HU_gaf!
z&u;|exFoKDsId!sDyr#vdXNGHGA7H<a2fdS<FB?Gv&`K@X1$)`n{~{>QkW7m*xk7q
zF^||cfxI8Mr*Pd9hjT2MRS?0<j75(1I33e*j_S0`f05hYi1OKALu@RV!uGqRo`>Fo
zuyKKVA!@#zgO<EuW6_{g0wfebaNxbdU^4eFjPe6-(j)+pCQJbYDXk8;y}HF*Cle>6
zSpnB2TShOSPzzn&Yq{r#sG2pIOK2(8jxz=V3WI=%;tGaekZ>>+K;ToY<KLj@ti>!p
ze!32(Er~|W)$xQO4($1oaB)%iAUfsLiBa6ZIGV7DoD+3#lK*Su53uX#q#4rHta8x%
z$n7a%!#7#csR)(PpG{4?mXIg&Wm)?4RoF_j8YWK{es@`hn9G&mdTxVw=dE--`MwF!
z^JN(`F>k*@vnTaGvo9wqdqI{zQ|{R#!jz&iz?v~b&GsPW38SBa70Ip63psuL7TYQl
zyTY$@{=+Pyw_WyN3hS_`p5d)4gzYCa4)PLO6$$Qd;|01;MIY!CJGdk?xVO2F83;<~
z5~c_$fM{%@p5BweYdm1~FPeOGhaYNoyi@dvX}`OFOgLzb44SlvoU#fpf5TpMT9Et>
zEMu9EilR?{qbt*$WI*P4bf@@w6Ml(`&vKv>?5|^PkU({qO*dKd<DwThzVH3RcdADl
z*w4@2=&%b`36Y2qaSwgbZ5enKWymFl-VecsF@;QpO*M)v>UXUs6^@%YW2`%2XVdxW
zexJLV{h;TK>><Ynfhr+9CS5<&y5>e=MNaOnLce`dxau8u8c3~L8M%LXTPDFFqVn)O
zWO2nK0X^VKAfErU9rm1l;4%z~S-)Ot)CRx4dJKPP)_b{SIuH_?Irl~emA8wy2+1Q!
z;ABr8xS#qK_M@c@>fUm_fOp3C@vigj%ohOK0Ad;}!3LvQGxeNbb7&OJJ8!Y;KzRay
zV<^5RoWCXF-COb<9PE*pj1h2J(cg;zjPOPj4&QfC<xV6yF!kWDT)@C!fSTcrurR|a
zXUj6+%kR8E<*J1t`R<8cs21tG^kT5kZ*wb|_V$W8<({OZ7ae@wmum>rWcO50-436W
z5AulyY(l-4M<@3Ydb^GU_efC8+|p<NzHemR3`K_B5vRR}lTiC%SO7f5=ruF*@3Fwc
zVThh_Pnyn}b>-&<Li1Xr52}vxIi%;C0v=frtW~4YN2vyOcz8I0#*b;goK#BBd|q3i
zhk|cKkZCdrd5j4u{C+9cM`ky$>1h^dz%w*0&YFsZmqa~zfme3O_b3PVGMMZuDD;7-
zUr3k7Pe6Pn*<g5UaDUpJ0BNGBi^?Z4X*3<(H4|`S@LnJ>Z!!4d?(voIKB*7yfQ<gZ
zE4+7o+_^h7P?r_4bECX~qaPpvPmWGagj-s}OEZ^(rSLEiUN|!`ttf672rEn!2LwU~
z-AGKHY7pjDWE1o$ehS(1gl}wJziDt?LOnU@IvGF0U|#1%1C&dE1R3FB+BolfCTwdS
zsX`vLkI%#A7gNxk9he$SN6R-dwV%ifRZ+%EiM=T!jmp*!8>39BV6<Qe+Pzin*}nu$
zys<c+GBt+Vr+8=oXj#$du06WA0JMHD92~^kb=+G49p8OOiofazA%ySvCvpJ_fam0Q
zi*!Ho1Z>@BU1GQe2?jjyubbw8aT%u6W@iyEoebOYK`dze>LDgnWwpU2PD%TkYv?TX
z%v%G=$5Fgr^*BRK_c+^ppLs_>lEb?*d`%;&0iOy4CLP~W(L(Iy$7$ZZN~E^cJn#`B
z&wllhvyjhYdpCeQXJs8~=Ij4)wUt#q%g0mWhk#%#o|;CF8AUmj%CoqSt0Gj>l#=W$
zgJT}^UK-D4$rp%QWGR)JWgqZztOTap_Y%m)fzyS$@NAUk=n0Zz<QnQ2HOHKi#QAM{
zKXMQV&8AUqmar!ZFlhA1vJM`OP>|KG=*lULim+fY122!*>aaClO?044$U@Dd^T5T%
zMR>M5=0>3)85ftqzzDso;YB<okw`?T{7PJsl>lCzMg<BBOT4<dx<O+We*Fm!+ON4*
zfNiXlEI&`NyE+CD;9-HVNledM%Prj18iPdAl0QaJg^`n!UteA$Fq7vY&`D3E-`VNd
z^*L00DEBU<2gFQ^3wnzdHF8*!IltOJi{w^H15uEZUv;i^g$4)iOkAONQL9Jim)Dn=
z{nMZ1k+_WWYlCw;`Ow1vm4>e|1;7gv<PH^ehy7>yW_7;{6L`~K%Q4x3ZkuWVI3)9O
zwra~=(=yuAvYnv7i5vuh$nUHfqibPTvl0@g&QCI)nx5~-jDm2nadD{wpQan3*Ids%
z<GSADOyfnxgn=MfkGlztt}M;gR>y5g1F>5>lRyNeRnWa*q(puhE;$z7eAhq0W0VeZ
z%ve}hkN*7m16!Lzf0Mdujdkpe8wyZa<}?*?Me|YcV@~E)e}sial$X1l-*o6IVcRkj
zV6#ev28M<N-~AbqVYu*z1qPudX50Pd&<AIrFrZ5WVuR(?=U25Bp}&&)R0V)n(=Z4#
zBs_GjTL!(;={IT7hMAIDlg_N23JqOTVUc4cLWY`GpOik}fJ>vxP<B^(_S5ElK7s6M
zsT?C?{vKnjUxpHojzzv~&cz%pLJ~)Cm4?o+1j==r;tC~~4A&}R-`a2$Y_JrliQtj=
zsW1^OTes+X;&zBMTD%ey&IvHssFY{}V{fUz-@GXD8aq*#zUN?A6=guH@lMr^-j2Mx
z(ED4=gI^RGONtee))_Gq<2z!TnNe-^;_TyMuO_t&e#tAO)3Dc<J)GCJio&hBiW+t^
zq__<0R5aXf^Z(2&@x)xdG|Yz?TuLm=O(3jHvcD+3ZCsQKO9@;HULf_439rY`*TSS%
zoA63u@}3xx9C2S<cMBQb^n63rWx_)SrmxTawyV|%Wq3AhvR)Mh)FJ|2hO~;kV3IW#
zY!9DeJ{+qmU0`Z0U=R-+b&JZ#YY(}+60h@YT}viA=A`_`(fHZf#qiaqCq!h4T4<uR
z@z6~;c3i;LSFt~9{U17O=gq4;;}gVf+qNp@vR{}_V;dgM9VV6|=pyajNH{SbieFex
z?YFe~b@lBXSQ@q%t;NL-=&H4<#0GIOxi8jaV;lrU#RV5R7yy*K`J=;@<@EZ_d(&7#
zEdZ<Hq*+dI0H!?7`SAU!30Gjt&g=%c)(P$0ssN4tKwba~n2!LYO%&w_xG)>2zwFL*
z0hl;uEQ3>w#WhjZ?kV<nZ=kI$OR2)Bz^r)_T>yCuFcu9tOD@i2PaXl^9F_C`7+*I9
zd?g}k&3}L?R5uQ9z4+x9)?&%$#O+L34iBQ%O}Ol>JzD3-@mD^y+2&!e&&}x?d3N0c
zciT?6d2t1O`l$T14p8Dc<D(Vif4!e=^_F+)Vj^me?1|<*Vh;z(821jMG7vkUAQH8`
z%Ja(!8nM>*uU{SdR_=7Anl$-OKI=$a{=nwS^0b$&z+;UfXkWm-Ws$8lUx(ChP4(d;
zzX+F(FF_G>>gu8kZCYoika%@*Gu6X<*tX*P*f?>-j6b>~MFj++^pyG_ba{W69|X?E
zrJd{<m1nDO8T|370+_N@!Kc0{fh)jU8Q>TPK<`aASOEnB>p-o%j+Cn4+{X64Ej~j)
zHxE#8V<C_=@K<#=9Dygxrr0gZO*ESdS@ptGma5^bZ-s?8g~8+6cG?bh!v$k5Eh++w
z?gnq`{<;PNfn2{A;D7qaW6W30uAgpbl-J2H8YT^edJ$EGxg|1V0h=HdWk6p}I|Bmp
zN;=SpFW6d8NyXKbUBFr@lVk)OzNfudWb#9n>UCrfA*}{8D2}tJ!LSIA<SjlPfQe~B
z^)74H&j1t&z;OvgfjAXNkB)YMCjgvG4#L({Td#ctg_`$(0L8o5zqu(mAmBR*8!>E6
z__u%2i|sDAn6*$QmBY#P<G^4IG4X<SW)8zaOdC7)^6RRR&JlL{Z_<A7YR69Z`v4;A
zU*6gbp)+Mbe#O8}kQeBMtD85YYZZ3}p5_;gr!T~i4xE47ThCH=g;e2nEz8OwwL#nV
zEhFFz&F`=urgrc*maB({Eyd$ENQdT(wEq&4nl#2Ix81RT*VcbAWldH-yo~x*>KAa2
z;{#n0Foqy~X7X+}U1ob$&5aC;%<^i;J&T`VP%n^l;7&9^IfE1ulL8#DB1m7q0#Y;L
z-YCp&EX2L+ZErTb?5)-Yrydcej@#CVA49Y#8hIQ=Yd}Cfd6|9_rbA*)2Gqvp<b*R(
zWiH{Q-bn6>FbFn2RdZj5HZ}kqY2w{h0Afri<L2ObkfT>^0O(09yEhv<(`kAYgq1`I
z*7f$E#|r&;*UUyWnx3#inxhsoCsdHgT%o&2!c)mNTKv@TjPpcZl;E&M??K$@Vy_6B
zTcsvQOmhV>mrL(ki&O4f?C)MI8qlb)qV2!jXWTA8t8iVqK^&nfLdU|(BSSOe?(xku
zG1EVCHR5!6DBho|h-5x$dzmAn{!yDJUuLctIVi3_#qYu|oRE+zl?sGK5OaHd)rB6z
zXw{sfx6n1Mp*|mKVHdzC0_JhDH6|BxC!)cjw_GaV2wGrd0WJ{+oyxu2;SIIuLTc_o
z^X|+s3y8&?y#2M$egGt+j-oc*f~TK!bFC4=Xip{WBefDx4FriC55?rmRAP2Qd@Wna
z7@oZ_T-Xc4Rme;YUJG#znnU?_-YlRRa5?ZmxC&C;p$}>$Zyx9BeGYV7gnFPXa)5<r
zYzhSk%H|jBetj_bMt>T2wh#o00bcwtu-ndVNz@1P5M<Z$lbdsswG=E|g#=@#54MH!
zda|3S7$&x%EwCQ70RhkvTmo{>-1ENM@a&L%i&oDmslA(Y*uv*$W%({;6`X~f3Jb1T
z2;Eh6k9~}6DTf_}s*cWI2uRXD!8>GRq35}G3v1F-A(#~$DRi{djwGrY>Z8`J6v533
zRIV^&1#NN^{md(n3w~I6A*LiGONh;C;hA6CtyJr?Ba<TLjk6%-{<IFZ57>?OVG#h`
zY{}^IYgnVK?=VXDvrICk6H=uh#AcsczH!{R<^M-K?Adj<So%`G=B}t^rV-Rgg_U{k
z%ClzSYs;<ca_G@WxGXj$u0qIN@ZBABXDTOT&5~zHEAueVI}l?<9tPYjw%r+>s6tdR
z-}S&3UucZ0Xy@KO;Cfl4^1T|fhJL(4nwmz`M*XOUR=i3gk2*Fa)IFHpJLKFN_mG`I
zMhUKg7tHj2;J6yw-D;83>BUDoJr^w$2Tq_oTg&#Z*UOEOs&ympGW{7nS)xhA)KKi%
zOfA~j#t#Ies*~vX?ui~_h2yIB$cxN44l198D^WJFO`7;*Mz)0+8c(eE)je|eC*ENf
z&SJ?rns9~dWt+prvy7A>TPmkCZUu7b&W6dVobmJ``Yu9F#p?9D9_($h@^(vfSPoyy
z5nswis+49+du3x;MR*NjJr3Kb(za&f+AEIQS4rHCj@<hSiCp@5BR={(Bot5_xicVd
znfv2jF~1xfoCSJIS3(sFE^N?<ONo-pD8>Duq+yWCRm5d$B0{hEK#*hjqpFB;3cQ3S
zp2DVSOx14YYe_?vv9nuQd3j-0I<+XJo?EPD21kin@v>@(D64LkE9b19J)hWDO|_YD
z3a5$p@DdIa4GwCNl5%w&S1y&0B_veFC0s2Wnj&STGpf2`iuIZzGjaDddEL3H3QK7C
z=oLx?${MKoxLv7I6&BUp3tb%2N{ZD?(q__Po8uJ=HPU8Fvqlv)?YYuY8b+$QRMOxY
zUxAj3?MuYcO!!1u_0(LPGgLW+?0Gqo;4Y$BI;90mnqo60^xyO&Rkf3g**ONsX*Bw>
zOp?nLdFfwerOg(mXX%cLIqS}Fh<q32Qstt|GT}%oS1i=iWdP5XW{6UY@ah@srrC4p
zeis3|bL*zf&Q5SSH5scb%<C48iBZk#Xv|i{mMWB%7wXw_XHhfI#4CQBQKKlGoh>hk
z8KFu0WJ^`7Y0u}7raxQ4rN*T)nl<89UpUI8sir41lLpu0q35G*a1p7uW2fpHp)4+)
zcjdKnXVX+un69wb<4xyM(_d73Us4j!Rpzk7N8=pl9H&O1rZL+r=0cxV?8;-HsEa{i
zPToRqOy5+ki_}V9|MTcOj=+Ym5yL`f8=2EoqV#v$n+Y<$i>R>YF84%pK1E_X5G^3O
z@?<@%>2`%I&c2u5Es)fu$A(~31C=PH4&G{AH^TG5m+-ytaHp^Ed#v|4*H8Krtn(5c
z>JN}=+HFjKLC@Ap<u1M|QOB6gSEJ9Xc2;|NHwji2SW4~l#?4sE&`v$Awf^eFjfUu&
zqie_cZ8CS8^i9sbR)??wma5nn#+sd4wY=P2U^Tj;`o@HrA78LEj=7`}YDYVw)kCk>
z`JrY;qaFhXy*<H<Gg#MLr^*yc$}B{9`9&VQNL;@)k{E7fFJmcn>=+}lmz~SfxfdBN
ziIr09o4CAns;7QYs__{^1PL81z`_M?FTHf}VtFm&+{SNo+{0Brx};C(=gVC~FPkUL
zYA|tuEF|DX-WttTmvkR3zI<GLflma3C1hW<hZT~4i2iWp!#hzXO$^nqNu$j8HaA<<
zytq2=Zgzq`F40IR%oCnj9(+mfFo;?U36HOy5Z_x=QGa5Be5f|c<tO~by3W&FL*<DT
zckDivnun}*yzqj|c*qCw2C6)}mZvrmZjpsH%%^0?FC>0pNwN;;tfv_!<KLt!%Pu%C
za7DT;n(!{3iodKnAzhZ-Rv81cE;+1^B!6%-`F^ZE|8wfSLTyZX3>|eue0Kc@LvV|@
zgGpEJG}B(|7lqspcuK$E6}db9PUt791ofYlbXPx`@8DS*vNPP6ld3VY%e3aMs76U#
z5nb!?Dx+Y~tsmol%hVS4KD(PYn@sunaW-0YH3qMRw>X&oRB;^YO()!Moeexx9q%%g
zKm9%?+Hrgw;#-mZvfsYw2a(J}lul#=PxiJ!FPp=Q<owtEEtNE%u@i!46d&7TN_Dzu
z`R9mV<w)ly3dblb>%YWSv1BaC8*5{$S%l^V&?8{AQUTgC3Tnv+q4LTp+9ASe^gDy)
z<kkiJek!+x)Q;)A_I6G0gNa=_oCY`l`3FZXXRo#VH}VWgqK;p|c<y~=Fr8O|@CC<k
zw7+_lEf@2N);Ug~FjANBkwnZ->PHgUd@jKhG}ud(xpB@)?2LyDB|8-ZwY(!@i~fAs
ze&1s`se%7=dF5~Wtb|gouq_A0X4!<CQi&2v*A-Gaf9hqOu}#|!Wr+gESBJA<1GaIm
z*G!{JcPK~&KM?Xpy&N%q!do=iNqBzfXNR}%`QyA<i)u!_l3Peh=uDesyZ=a@=_jJ&
z+}btDoh>(&uhnhMemnj>ZBIm=!Mn1!hO)AE&xWlIxL4UiLrATk)SO>!L?d1Kr%PjO
zXQaNGFsxF${gUi^OTE;R=0#J_Y0Ya-Y!twtusa9W`TWGCN~?18_bSZXPl{Z+xb>O%
zn3_RHE#SmP>temN!RBr0l8O&+a;g3{_}AEir-vmX_4R|cy@7CZhl$fvhY5r1&zz&m
zK~t$pDHrjn!A;TD2fxuDnFA*f*7jAWb#(_v<-w<A&p$V*Jt&ytJEe525|@84%*cH>
zv!g@i5uBL#`yoQwfm>sG^)o&r-Nq5^yKC^P8jV3G75f;P;VGRj0R;#6?cqlZRhdz)
zq%kvFohuAS%QC$(E-)FBrm<*+iy?;{dX+5G`^y>I!GInLqdXB+-#EDWb${B!M1>g-
zwJL2nI!~$4yvxTC_%dxMEsMhejJ$Hy`qGlo%Gca%PD3-zY?l@_wO_`89?WWwEY#Iv
z^nVi($cY{rR#qnz3#N+cI?&uFqz<<yG9p9L7JYIGNXimt7pgFh5aGWz=sT+UQW5A9
zZ!oJeWF9|atImbj();X?s$r_MQzH3;%<?aZ;-8yP-jTGn^m{*Ayc-jzl@-tZvNNQa
z(%3fU2wKi-cpGSW#$Y^s!O84Y{EFC-KYm5Q=65SyvlDkDm{-i48`~nKe>`^Be%99|
zo3QEOm7H%Ajl|s{+&ZWGK=o`IH)e^qh@KA8g(BrkMUeO3H}{onIggGzT}|<Sp1t_#
z#+#9DcKtHv)vL2!JIS{VO6y!uLN<<TOAS1`I?Lz06Kg~c$DBy%^r*5)P915fX<tjI
zRsGRH4R!J%_g>MiNs4DD*tp!Lq_(4Nt?SBS@!$}u;qhx6G}-ga`-wmc>$Z;<yohi&
z*YDTRhx8vaE5BoNp0cG}R^}x=@znlZSkfi&1*g0(abnGP<4Z?l(OE>`jqgjIvEn?N
zDH+;O#!v;E@L)Mi#!DmBla+x?JG1(n=A&lociQId<NZ@?Ww7t`<8`@hiwzey;HSN;
z)G7~3oA~*ja#~3%N5tp;HW@Qm{5|I`|1uxumB(FJ54*p#q4bEofqrqh_`BR)pfZK#
zHpIh(u93j|hxM1`ZeoJH=?wTx1A+YK4;3O3jbCQxG-N_nMb9T~`finIgXt92euiH|
zob`E+pDcY`KMHu1Y>AAQt@TzG-6P!rT$!m1J*!Bh33BT3Eg8LWDkh(b(OGpqvI+R<
zR2-_=a_r$r|2k7#eCX#rOpS4uy1ZT~#QP4fT4Dm@MyRe!yM<mCCSaQqb7G_+tJJ3S
zntDPI8f12!%0F=Mib&2sZ!SAaoaH{gTM$)wZToe?@%mTZLW~r#_iq>L{Z-+|T(4VQ
z1+BxL$4l_P9hYl*>XJ^bDgVRCb~^Ct<WMO*f;*i61wz?h?WWhhoep4c)wHkdxhc@E
z;N&5WC$M`^y<M&&X{?zM8f{{65-nXQeaNPHDkmcGfOpDd;2xXwX1E720}|z!P*;Ee
z#}~vNJ%RcAORiZW%Bd)gS*48oDXaT+*bPsWkWSALr6JBemrvf7jC3SOcaHvKI27Cr
zhDz;2i9$UYLJkS*wzD2o;3o^w`wP}?LJcK#xUY#nBCE<>qy5?QFvwMv6Ita_(it^P
zPGXCi*%W*6(-+jX0<>Vi7al9Eh(2ts`nT+b<E{59O87hu+Xuw1k8{Og2`tHj7+U<t
zu0w+4s<_2T_~8sctL>-Rv>PU4jtfk#V_N+q#6?;HcCvd{KbD4UI{J$!hU)m^qn<Jc
zl^f-Jo1ZR?PlymK7*ql;@Ywo#1XJupFU{9E<u>tFRuw#5?J(EE8=W7XBy&oBS%`_`
zTpInslAD*W<HbOE?-4>tFuGaoZClnsVwO?Ab>Qbwf_#UIqspHNYNTBzv->PO9EIj{
zZE4x&t29ahOjTNj!uJIl<i0-obpO@+I&0X2RNK|upGUi?%@2ONMlBXKoX!{(JoDN&
zh?ZouE)dvZ2>7nPttt_qmt(i#eyH}D-YPZW84);U^8q1OQRipmvUJqBx}!_t4e`pj
zq|3;5dIf*;d5X%znpRcC)T1+SwANiRw3jMIdY@wo|9*IZ9VGcggnu1;IwyU!*wiq3
z%1$X>n}A$RWdEe_9s5D-s((LIlUd2CT2ugv8l_T%^V%9xoM@FbF>@{+O7bF*Ea*j`
zYDKCEEnWW(l~mdmdU}O#ny0eRw`ah-hSL70%kR2}I7^+XrVs0PW}f*=WM>D<(kk-a
zef~Lol8kFztb|TrNs%^)gW0+9*BEw)v330_S?+S$Z!?N&?3#DE?=5QKC2un+r$Cm$
z81BG4{0i<MDfn%f0Nla^UquGLP8dD(^z#ldKf9<B3D4Q*>HJLB-o@(eiCA?n?*ACh
z%$RlQQ=>E-ORl0wEGrk&_v7rDhfmUq(kdtWQT1F*X0Afn$LIZB7dp?4U6<jBwU*G~
z&kC3(^yeY>dGl8VSzbgUZzr`*)Ti*y^avj@<?cU6G%Y>%wK6kVf2xot@my@X@uF$?
zo;Z5q2MdI^Z^o7H(bpM{w2#g=sDfRn<o$=iA|cr*x=y!E@WMOuF7J?1Za)zcOJ`~x
zvM8vd=abX`_=iOX_g~hmC(W!pCKVplh$94_`uGF2Z}0g~Ui=>BF1G$8NL&0usl1%+
zxLgWKDU$8ph4&okssr&X359fp0$01Qlp_wOpyD}*u3Ak3*jIXDx+qj@3U~Z+SYuuv
zqrE?eo>r|${ggSpK_U4HHg7IRLGq0FnHAV1&Al#0Y}}lL2^s*$OnJQwU>IfMx*H_9
zuq*w5mxr;MT%q3Jf855LQZalph6>o0vZV4#i}HRAoAs=BlK1BM8ld=rIf#d`Dzju$
z06G1=CU!!7G~XGK`hEXIvJ6^O7Qy2^2Kz;}$RMM}Md?bu^r^%p&c0D4a7SHeFFD3P
z5=nXH(7@hh{@ZB*`ADnfs^*QW%mK;Hi>JXejLXl@#LdJ$Hy07Jupj)CwrT8bo}SQ0
zm6(`jJoM(O#Fdqp5tO#0{UG|G&OZM4q}phEXQ{uRpqA&{+tS!Cwb-xu`e+1mkA~)6
zJ@<|F-6ra5my>E%89bkb21eSgSs7|s;}lK#n4zU6wq5ta;<^tw2`c{>8vwA~|2rfB
zQEb(J(_lao?mq#DVM9QFe**%JfUq#}ct4;e382+OfQ*03VMDMXAVMGo1j7F=`d>-V
z-*vvfOMU;H{Qv#@pJDi)y-mQ;Gl&cF-)$!02>gvEVM73Vfw(k9a5PCoNPusV@4x|&
zjqoo;z$uWwrT$%q{V(Dz)-BfkoAsB9e?!uLQvb83|McsBw$cB0S_4S;f1$Gw07>}8
zK>=&+4G}i?Ke!?9?u4h>@>>pvPXB~{go+rMTi+X^ev{<)v4msd(kXBpgv#C39wBiJ
z!Ss(%oq|@p^@sf)DY=raYwVN8Z2E{7li8sqeffTSv@ae!U(1poKGMrR6TL?k#A8ta
z+hQx{Dl9MNcwk7?r3@~at(p~Cg<BNM0YD}m51GlrvEizacg4lKY3C{uj6sN6@jQaD
zAunxaISQ4RG}eCB_rsax*;po=Ka1=)ynlY!hPR-(yVH+S^cl#V+dOr_v6Yc(a+kgs
zl65sf2gO?~Z6{$I(+K4u6nrAe=D)J!=0+wijvkbJ;w;iVd(a{wUd#8~xxtwt%7V{}
zL&Vu#a;r6*@`S{Gu_024ot<U9M721$?(==lwnu6O_V82E0KM}xxtB2t!7$&iHU#AF
zPwZq!eqKSQoRS|YaIjwmScCI(=-PPn@a!UqB(T0ZOO;7&eP1)l({cUII9?TW{L{q<
zmdLRB69n=>1~!Uk$^Cq({CrRBN%Q1nU!x#;71NsgJo<<K0MeFAaHJ$WHkax3%Est6
zR=QC?yYLJod1&c3NBEJ(+p2zHc=3XHl#_0oH~y4=ai$sJyI^o}4>Kh$;0}Bsb&Wr%
z-7w*7XIaP7{S18%Jw5xIwer>W<{-GZaDIHgh|ssKHl$6X=$=))U{#2Orw5gx{?oh!
z|CoN6Y$%c;mj+_zz0M%!*39&gZjrW$ihZ28>~#1-D%H!yd|xz5QO0_Aoe!1$Y7mza
zmso|8*(vooHb~A@034o_s@kf{0oKQQYFFH|X@wMa?v%Ec;D};){g7&i7@Iup$$hTy
z65d3XTz%P*^(U!gTgZ`JucK`>e!nHEo4^WIXK}lAIvbCeyq%BMU1lg4$zGEIJKff&
z7!2rQT4%5Q8;s${OGozp$*ob<;$mj6xVngqqND|pbe;KB)ncMVdKNBhJQ!Ybj(4<&
zFM;pP{K*sTkxx=mQN9jggml(?dFQM_rJz(+`ptt+vV#HKFF!)`AAVJwD3mJbCKkDU
zWqF?`M$EzxH<zkZ#Yc=zj+})UL<*H9P~RwRdrz2ihoQhErr}-J;oGMR`GusmPgsXJ
zs+;YVFwSVjt_Z(}wU9K78hoYgY@~dM-~4Oam!(jilyJp{uCz}lm*iZ7^ye`_!q*Y1
zqUUef>goyhEy#PB!(=amRq!EP1+__baAc?XfL7Y$-rL7W+%zrT?;3LxuPWMbx>}(k
zDScoh|JKMT@s+>yz_XLr?U-ra$kvi3rJaf4+p>2wp}2*UH@w%`mHgDXgN2dP4bq8U
zPPb(yKkMbXiT&!uXs><!kb)N$I+N(@N7{zcZhEPqHS#EImNs1giW3&t2}APN2FWL2
zKIT7C{~6frm_M2ir?sUbu)j28iSV_p#sos2b_II!)#jd8y@l*ON|XFLj_UXjgr0q=
zxQ*v~Q>0Bw`Li+RO$8uT`~jqje-yE(UjuF||4JF>fD6li=CG*W904=UEpuF44i&D!
zj{?@JzY|XxAc5=wlh0^aTo+L98<6J$B>RARcYm(~OiY(Ro*FjyD3JXdhys@cyyzMI
z&AkU)bP=Lx3^a5FWR+l1hXAKfKoV$S3An^G5WSnlHAurXI02&i|DG&>)IUiIRAe_Q
zM4bQpv59EVC~Yj1=dQztr*(tE$_mK-`Kf?S3$h$)OY8HOK0j7vu7p96XXcUz&7S-!
zxlKh;z`qy>SHMU6@8|E<4+x9IVi-Uy0AYvyO@XMeTZWlgun2H|<IRI6{^k{M{>=vw
z6#!A-;0xmy!RY~6VFOBkAS}=sh%<=fzd0|6{%=8$6V66m5J+C&eqIQvXYePhhaneD
z`;zWa`vz5Q@MfnH_Yza5W02-g{N6g!pbteVEa>4LXDpfPH7G4&*&i*=))up4WW@h5
zvatrLQM0#^8HDUuJzPlG{w(>kV16eIzwZcxg+Yja*-QV%I&1K-D>)3Wg1f>p=*o38
z*Rd9wn)rGNu@E#k@3*oFb?B`32l=%9B#Xf6Jd2Bn4pPP`z_;Xcu4*prGQm_Y1g*ka
zEe>E-OpHTe*8~<}GU&Zd5#;r|K48;kEo89MzFIUD>Qi&DuU7486OlKCKYbr!1~aZX
ziys9A-FRG{BU_Liv92rgF9l2J=T|__IzVJmJt4JrTt<OPc=E`@l4a=9)}lXE4I09~
z+<~(Wf`*)Ow{|7}bb1<ck*=m2n?8?l3?oK?aMoc5*fNK%4jzHZApG_a?JNIT1FnD)
zV%xA_G3=*&HNNuYk1&fBX%+eh7#Ax%X<)DcO8h3$`vxKb(L3p;d}5~ph?PY2$%LNr
z8Sv}>8J-9De5(N61I_hdrQH=w%~n*rRIvk*h&ZQ0W>1}_)u^fI@W`zmXplTlR!}Y0
zhXD1#=W24e6*^&{k09oEU|f5uv@=aSmV)oIcbqILkaSThEI`nD^EmIcfScPljJ5VO
zjJ1Z7s4Vsrcp}vz3RoYN5wU)_EFd6?#<^7i>9VPa5HD4^%$mf-{a99Pwh^t5>1`?d
zv9xsGsoBki%|x_GX}Z43WL9ZD!Det;M<<@j)TV;X>4#XnHvK@6Q><*kC&Ng>cSQPJ
zRJzQ#a^d>)3cATAY6?qnOCtKt4yoi$)3ilc^gIl@E_}8&Nv4+|3Zn<CQOO1L5W06X
zk<K*9Sf6kU4AbhHn@sKIIp^Z0>+4(+6iwo7S^y6zU)}2q6X<z$>g(&AbnB~J=?9ni
z8jM9;_-F<wToN1r{fc@QO$9Zg5^e$!>;m0;+|5ElT<>+tMU=jpq%^TY-)MH%o-h4F
zHg&>ZC)KD8{Uoc0kl2$SYa{7P<EUjn-IH&CAblpn7_rjC_Ua4_WWI;)9!VR=TNJc?
z!|vcC`p66&GG`xHV4Houqx%n|!?}W#FES)FG(@H=wBzb#2&zKKv;tw~>13f3=}JAc
z)ASyK3ip#)T&+`-=3*+eK0W+$YQz?L-St{pi)mgK=_H`0V5~q+$H=8aRUWj&?QvRP
zy}E%4?m+tc$oW-IQ!8rEDx|oA3br4XB9y_%)GuV<y@PKKo%!u#GW-v|U)+7s*%HxH
zE+`9-+)T`Zu0v1u1Cqg)Q^ZIW^AsPi*MhY{3+<?<me4QQZ^^Y?EiJ8itF&P;?Ji+?
zt{J!nE+FTEfyeg_X;?xFAx!B2CP)4&*J0w(&@;Tmn&n2<Qy9kIyZ(8`$hudm27z9q
zu*{@if)sZkMjN}aZQqbcEsh6rsvAur74GM6^qFO)bj(y>O=;44Yvo+f7LnnT*w5Iy
zmVV9GVhhI*a;g%iYJ;{2?(v-tPj!>!`d#H70}n6(LSSghuRvRhN?YIyeqLZLba2~>
zF_KDJAs_bEq+}VVZXq5w$&0vOWxyD249^zvqrr4Q$o*nIwK{KW*OKD*BOhVHm*<q{
zQmrcb?V~@|(U>4t-Ifht(KsC|E8?I1rk?-WNrLBvMDf%J6s)H(Stm=**F{VA*lN+U
z3FBa^-zScLl0)#Vv=MhJHSEem?Y#Ff{&Puxq+nbPyJ{n$CRjk7*@ZAwbkc2ACubTF
zb=A@MNSSfR#7NiEc$4{@%6ojk*WYDx+3mC|m8^4nT{I1Dy`EfE2R42TC@W+ZrM&)~
zTCnrpRZs{wtmz!Dpk!;F5qScxdMkWSoa4(jX2N@u^nL&9cJMacFoh^lbSK=5<@kKM
z)Y9vD(VFjZ$D=ww#t3vL=5yFHoR|t5?oAFM!Ja2UkfdNCiZh`R681dfp92=90wX=R
zS2U_1FNXE!0{B~Op^7dIOa#=l^p6Dw;<C6l9Gd9EC8n)hB7+3btLQ1^Nt8nv1gB&?
zVfB!o(L{2-dXUmBa=u?`AHVA)rh=hE=wZ&bfev&{t2OuDJn7GGFPX=B@>SV3Bg1pL
ztq;UPF7<mVB1P=^{Q#`&I!?KFPI_M`OmKl68{PB*P>Ea;7gf-E7_!A(v}kb{|GPP@
zr$?UCG&z0Dd%|d9zB+B$J(6O|lt^g^z%>;BhMNR@>OgVb7+^;D2ZYUi1OiyN3O08S
zaDZ5AF%Sx)+c1!##XnE$p5DHxy|ujjr+4k@#pa05!gk26+j}&)-EmD#VgAU0Nz;3U
zDpqf32vIp1x38Q7H&!kSk9&to;1ATc3lzzBJ~jvWM)R-09#=U;B{CGc74FVumsKR7
zEG=r#)+6Fo2KWfX7utJ2XsPwmc<NY2i3qq0Du2lLe$i-xX7E<_cs(kK;A#%w%_P|j
zX%&`YZj?)RFw*Q?>d*CyJECOt6n!pLYhG1scnHsiCwsgu8k6d*)q4qhhw&Fxi`|1}
z1Y9(o9?Nhai){~xb`53h`YWfsgE}SI^_`fvAC7ezIbS#(9P&Pc=k7RuSy>rLk2P<v
zkkt6CGT1UZV8kbE`|jkmrKo9h!BQo<66x?Wj{2(`o!h(S97XGzmn{Z|dQ=yaB$cCC
zGzJ#t7dWeW&o(;K_8&`+2|;b0wE!0k>r2d4)cubwI;y2!@{hMyG&EG@RWc(FIzRhI
zL;NfdBhV}<k#T*0e?$N6IhW^#b1T%D{%Fx7qE+~eTTvu-$hX;_P9DsBTY(?c&$T_P
z-^;Z3RbmrXvMw>>DQ4;$?}j$$?jq8mX$gMf)2huj_!dM-b#rh8TtK(bv?|4oR&ei?
zFOIWAVO+7HSwN#ix!0>z2I`LB17G<?3rD7Mmzu3r>HW4<?X9803`utMaOt^ppeWLz
zE2CVwk$wIgX|D^ZSZdPoD0`b$>sp2Jv#|GOgh{p^zs6!T^rtSh=1hA@oiuJ@URB|2
zXl<+e(d+eIX#ZjTo(y$-L+d0Wrpn$e)w{4cO{_MpP07)r2DX04J2MG04fLV$u;i_x
z)~h%nUJit(Ic<=K^@!Wf8A|I`<eEOEY&9UDwPY+)PM6Qk%?)8lnYV_?zU5v<1~;5W
zNbALtm3&oAm%A8<xiP;GA=z3a{Zja}rpA!C_nT?trEDl}a;BrR0b-fwnYm1Tph9$M
zpVH*=ax#C%P=?1H;#(#Ckti(wfARL7VNGrO`Y27B6j4Enun+;2DqWfjY;*)9v=9V=
z&;tTVfQW~pfb`x$KxzU(Y9Iwcr3Vx#0a5^^LlP7r3Ty3iv-kg;bN6%Z{cu0s`5}4c
zd}hYX7<0@q#{9kS?|sdRz`kOUIOwP`_?Q&-^%nZ?QV1#}7>B?ZUPtw2KZcu(1{l}Z
z?*+kwZ94m^ZsoUzO$TWp+rp;%qohd##cy5wWTyr)4J>!2_BZpX&@y<;i@Q3A3i>{J
z+7reKW?6830VT)v+P1kaEv51vf6%r<xn44C{t;~zU|k@7u+<J*R9xBuwf-E#VKiI%
zA7J-%A;wiLH<UuAkS$PoIypSRT){>cP|g?JGIN_stS@*-^)x8z?8QDpM;AXf@a@a(
z3T)e3hYH^_EhG0+L7!5iAP;DJl}bOI9wlQCQK1CU0N60w5t_0*<qpy@0+H?&QM1YW
zR*LBTfs704ZQo0jKhl1>m+#yjhy^VcfoOo>g4l0Q@v&1RXaS&Ye>CQi0iR9<2~`pv
zfF~i!sN`iPiW~xZ=k~AV6gQQLATW-?u4;j|oTiq_6svGJ-1(*Gdqr?)Pu0{E<VznV
zmY{&7)87EBysD|&2!je*gMn%#PS4f&hI(l04&1=i6}AypHJuHLYrnbajHL`&%V??u
zmaw(QcdSw>r|~vmE%JLL(n=L#(}pHW8FxDou=`b$?OkF??ZNxEdQ2ud!{NDQrQ6HU
zXE<%G)HwCtpCBp)Iq)rzNP;i*u2`PDT&7V$x{xgi#nEST8`H>nclX%YCeQ+7iUt4`
zwM&E4nfEKIj6<rN3!KKaKuU4nY@+1A2I$1$Vj{g)rCqhB9}|9$)TaSfnSc7N3%@@f
z*1v>{WIMIHL#wB<uhyED$azPe`XT8xjjqwzHsmD$qDtE_MEmN}7Z<+<>Zhh?8Q_y)
z>SLLt1ABU9vFi;q5(+pv=7W!3(`}o=;5YOZqg1TZhc{(iXGPe;Ixv9kaAbii<cJ<r
z9t#GHNp~W!?IH~qY2?Xo#g<8VqveDQ&5kZYBSrEaq|1da?Z#l<pQupUCXUD7lf?A0
zWLnOHI-R8Odo~C=nnq96GdeD#|GPxpJ`p~J;c6Ry1*FnrsH5%hERaVp`hHoI4Wb7y
zeSC_wZiUf=c5zN~Hrj5;@D^96CZOAOTH2568kuCquG#{zEw(`a$ItDmvM<n0@MocW
zSb#n3&35mwP8U3ddlY44zoSjxfE!XskVA2&w*HQYYp>yOI1CKdCsT<8N)Y%-;g1FI
ztwXk)HXT15<x@2Pd@lR0oeEm%A8iBKgqho^8RUDnl{D4U4d*EjlMGQ39rqk1U#tlf
zPifyw;%)=<lmSz)+xLa1CU(fZ5*ho9nA56?RzpAcYtoHz>bD}E0wx%p(M|f*mj){=
z6XFLhUXS34b@-04BqLq;eO?TAU=|~6C-Ac!ouKC3y$EBrjZrozBt2!9(B^C4#iwfY
zV<}}HRB>4x*zDD7U};j$52K8uWBTH*bRy;=l0EO=?(wu=h>HDeq>40IIL3k8+t4@+
zg@T84V4DESH0pS~h0?2Psp$$}iwYXg##9SP%UR$oG2@|e3aM9GKrE=KSK}863Phux
zv^(s-bWy$3^CgV72^*h|xth6LQiZ{X(TP)p0hgdJfwFXVzFHk*1q8oL29=l@d#4K(
z+er@`KNQPOd+V2)*3!3}>4aTs0SHewriQ`hzorz8Q(EU@w7>>S{Us34$!>#(T}CTp
z?++Jj`CeqwbRkN`vuqI#oqeOzby*u*-`j~XWLcMGAN7~-_WlN#5R-4M1yt>%gUvtS
z40lE+Fv?AljUZ`n&pRgO4sB;_w5;S{-^H~K_hOX|`+>=voB%b$>})*(@Bum*)soX$
zJbo34ayiZ7D^Tgu2Iix1Q2ykGv-9`W1AL4%o!mdl?00I~-6)l~3`#VmAu0gf-&JpI
z``tnMYxm&VP)pFj?AVyq-4V|>{9Q}Vdk>|Zbx?AAMfc7H7l_d3dsj?wl<3YP$`Uj+
zN)BfTZYOHGA}6kP$>7P9zRC?b=LUEP&T_TIEJelm#hbh0?V)uIlNR9>19~&_J|pcm
z!8GD{C4})~-LRr88DV5a){SH^_KCz2_%k%4eW_HctgN?xly|ADa{B2Ce4cT9I<-Wl
zXf$Y*Zjj`R+#8-<!+n0-8vLd2q$d)2T;8_PyP^{tGPe9aaBcniEXx0@D|8-ON`5*?
z7`3_KK0uA(w|TmGp{jHfYdC92)+_DlxPyr0{Z)U*@KxT&$9mk~SG;1fe4QpxSHnVX
zskd`dqqKY)&$ii~9Lj-0FWN^`H#n&FBZtK#fuXyk*cq-6@~(kh7xH^|F@(2ma(Vyh
znjk9c9AhsdKD1|EZRzcvDnDVjE%Nj^e(+x-^nZQ$nn^f_3MYPEy(N<H-^Y0eKJ)5w
z`g0sC%8GC&Y=?>pa)J}I4miULxurQe6JkO|QaJ~sP4xNhCafCCaKBG*uMv92A$@8l
z`T0yC_XqFjTO!=GZ%wYBDd!j+JTu@R6v#Efx%SrRG9TyXe=jq0;O}Xp1H>OeZ?$U9
zUgt|0+>W@+ch@_{;jAuaPQuw|HUD1TfBk+@?jqL|hwmx}X_;drL9IqkhP!q!LRL6&
z%}nhx?`;nC9|`|frPTjbCimk&ZmBYO$OLil-~Y(}hsyn{X5emdTjJ<*5`xwx`8k|`
zJ}@q;_<y<lB_@JIg=0@Waf>WM_2K_%4-A1Bht-h?lx49^yH=%7@4M{wiky0}2wVSb
z#Z&e{CMUp_$lkbCuFJ9aBLDU}r5#mYVt3o=f8GVtJr-dN+{K3FOxej4ry!>5N(k*J
z0qjqucHQJ)n@7a4EeB|<a5Q7yy{x(k0b;^Jur*uBO~z;z;a_b}^Iy?mlu=n&W&}K(
z&E98k?>+c;MhhQk#)8j5A-GR>-6U;ze<f+s%p^r00bcO)#$9<hI{g<Pj~a?YMpUES
z8OVJwT<Cni%kJ%DSSJ|@cql7bRukU;KyCAMVZ!#y<(bo`MMDSnX}@S~DGP@(lMh4m
z$Yy)I!4mNT&{6Q!+}XZntVl^`74(g4wU+S?eC+o?SWFc+Gg>9{$0)itItCW*?<YI^
zVu}8t@{^96nh&4x%h!IwHXWZHWUS&@CHE(d1!Z0S-odxS5d?anm3AtMH<vFV@$eI;
zw}a|VMup+f7k+PzhtEuYknVm7<`&zspAq~aQcJ2cxtlMuCDOBSwK^d6!9LF9VDAkm
z!~xZXSUB=uYm2$V#mT0X@l}T>`IG&jyy?+!=~>1F6u{=<!-V%7iZNOP-r;V~QWFF>
zIQHt?4SR|}Wiw0VTiE@BOmdFg6XmzDDcRtMI@6*1yjQY&W64c=47`2jr9r{!<K3a2
z60cPPub|w-;ic8VpN;XWpI*KeoJl*K^x&}aQphLhD9DbaP#M2|vqK1*$IIQHt973-
zyc;_2CtOZ5z@Ox(PjxXqs2o~9R}CJCBiv2B4fI7Io-W_4{u+~#$gh@=FCZ*O$<bZ8
zOtp6L3s#MU!H`d6eO^c*8jABq;m@o5ygv_%Nb26aFDN1Tgx|1bgV&Ky+8^}^l!@Y(
zA-vd<V{|wNp5AJjJkOOQ(|NXbNI3os`|Z4F7A_`}b+f{<Ja!A^DypG%uz%<N9nemb
z`I?Bd4>%kv_{Jz|SqWuO5giZv?R@!?>G?*l@14v(Hy4ZRY6jU|7SRGl4}$>goS=GH
zuS6TM<>HR59$QEhIreLaYoYliFSujK=k4NJNAPKGjFGp`N#fgKPJ9MDVMgKa%q{z`
z4?{kkiyBJ8+T3jZQnZ}1Q3AI+*R~3<BD`dAyXAQ5Kk7SjM20{?M@*Pue^jHxprCth
zinZKP+~#KhTM$8>0igqO5fyhZ_Yy|B>+j7Ke#p)d+((VZMVtEw3YjOgE7O^0MT=We
z&!aMduDqM-hW+Tx9`61Z7ZB(xee5J!R2L5e8OwJA`~>%n@I`WJJkI=!=vDtsps6s}
zyiI-0$gU_L>Qe=Amlm^jIdDOY8rbnk=_(vh7c8(he-(8Ju^>o8u4;Q!mDENhRBx!l
z+BVvH(z9)vC$F@{YVU%wo@KWg)y60F(h%aV!P68Wg0f?1Pqc!4RaReveD4V%C)GxY
zsU)j1-S9Sg<c1yzsxqn~o+@eJ?kf&{(qfNo3;j7z5D-$Rc94AUyjPZxe6%pAq=e}p
zVJU6$+rBI=r<Hp5314}2dAK-Y&Tr<fPjl;Ai!|+D5gZR?cy=f&9JhX7SR7n{bI+3o
z_PQ_-Kkk_w29wk1^GbM$pgEoQ{FA<#_)5-09>lZIt&7;*U-LR=E-g&q3By|8lPYSm
zMFyQ8bOf+o-q8$-m~SUP(89T9m+#dZ{f3DH9tJuj1_z=A))&+_yg)9JiW8y$Sb^QK
zRR5iks+4G%Os9_c*0;mVTYZzf#qV2+RYkT_dM7_-ov)Xfy1g@vT9yWu*gOInzyu3)
zipH{oZud+#c;jartQTU9#PzW~m(nuOkIo!-p74#DR{(I+M<4dljLNuvYRF`5ziZ^|
zSG0Va&F4%gkBRP)-AvG<)@fL~R@k&5acM!v&)v8u$|+SkIkpsHSyzni6Zh)B<u5`l
z;Y4*HS^%zU`D9AdJ!uiMtP4fjo7mW9k~D=}{MvV7t1KODoSRzQ)skMB)py4RDtNo_
zX+U3Sa_BrLyZb%gqjK$85=3Q)81VouG)3!&3JYb<@9A$nty`lqfHlrCv`eCC_Yx&y
zn7L>1yjKz)Did}M?Ou9|Aub*z$?sLkiJkjulxE-zEb;7j8MtY!E;lX;={6qy^yM>e
z^vnn4v$FfTJ&^+$fj&p2>Pi8Xx==vlkn1;tFbzDVw%jZ2{vs|=?affeeCz8!`2V_!
z=W$pYnBhH=#(hY({{x~7!<;GjYJOYMo9Cu5&|`cVDe5s4t>11UB&B04`SXCvYHA|f
z8S_asy{jp_?K}UZ-DNZU&J<EPC+YLEGxJ$*Lw)e9%2Hz_Kq;gvPz%oBPUJSzD7I^B
zc&28-I6jgd7&e%V(AfSmP@5a$a+uofZmOaa&fkWXG#wIklRT7Ifeh?cCfDDD!!JDj
z0)50IArkhniog9W3H+GNyd@bcZk9Q$xzA8n{6Ti<cdf19*{1!#qWC?ct>i76eQZrj
ztMc^TAVYR1C%s=&Hg6#gwxK^7dMmud#D;$}Mf`57>C|)gl&Q!3fDby&-_GhZyO@V)
zJAbTU-h3vvGsJmZYN%RhxM13MDGa88K8ho7PY@_;VL>fnMq=Qx-#Bu1N)sU<FjU7u
z|AgxKVF-WmRIk$1*9ffWbEh38u>pmGn}Bm(Sxa*f`Ta8TwfDUqdmBK-+o=5h!!5M|
z!*7Pw%Vg?ezfN?eih4!TdcTK|<BS0-itjr|wO_YwRxVSoJq=SSiJ8QUFGnxNXl3(a
z9H%=&ZrtzAyLNWzL-D-N;aNm*@s*d;st8BEYgd64RH!?!Y9qp6#MqzqGl1`D1-BF!
zr}Gk^L3N!y|Ff06=btrB$OeO5j;5}`_B7RIKgJ=E`E8*$gy*xCMDW`gt>!c6X?O<0
zYqfG@FWx3Zoo8eZlSw}!nZI;J0K8cD5!g>&un%ts%I|NIjGqNY(_Ii}QEiUG%d)n^
zRw_L6k#V{#J;a<GwycR;G<y-6qvfUtd}Rf14)47k;!<0h(L$ltYBm;-m4RgO*oJOm
z?Py#MsOSOLC38LhIa{!TE8)$18%#f`^{a#2&>c9OEoC=Ob?MHP`>?N&B(=NTiV`x{
z`UT-enXY-OCQ@bP7@h`%yLse;T`4C2ogtKIv(NKuFQi8WEJfa~l=v@+{9R&3kr+IJ
zXq7eWV<#`>cO+|0r|~~ADeZ_K;DIu6XU>`qo?`dUn@{~bx*P>$;Uzh*H)OClhB#lx
zWg**8?#`O*z#-a;ckN&=|AS6!On8Dw0HNhz7;cqOFUZeXx-Bc&MPqTN-o4xVl2fe1
zizOO(Q2FwA#TUd{#p39zy{0+?8rEP<6xmw+n@GVkMPd9Rt8W-*iMkpi(*+@19I^(Q
z<2Tmn6GZL10{i*onEaUT6FX)14vcrBrOU6{vG|p=<0y~Jz1h?O87ATbjhlA-GjE-^
zhqPxf?%m?z!-rvTJr&X2SM9Jw9D!;kBKMv5oY~v=lZ4Ps>9!NYfk048ZK;vb%{}uk
zS9sIvJ{pI9HaoOlSH0!YY?<0OsGs<jiD+iq#P4sG35#6*{KB3ymU#Eh#30k2FFwNI
z7+{yXA=A0NGdrkbh^P=57kqt=o0URKVszo!*&(M8=+AB`KG;u6Gsf4rv#wuma&@OI
z!@#WFy$SZ?ir38A1vp0EM~M0e7pp6>XXnC%E+t+o%NFC;cF?ZxW#j>1+ns3i{v&G!
z4PsEHzTUXthbXb_dZ@j#Y~Y%s+YGkS(LTI<=ZtNE2`BM}!gY2kWM5ScVL<*$?x_hM
zFwI{pK4!~L)DG+gnmXcM+-twH@{GsS<N}AGZmD9Eh_o)Jh*;WSI7OB@C7rG-;&wq)
zYslx3du}x}In_;+e`#qUm3Cl1tbx8E`yzyt`2K4Qc6)|H`hrg66s_|6TaO;s@JpCZ
zuQ1bKn@QIq&AOu9XNPkU44N|wqf{07-mMX|FjswC!P|lAYxHyt(Y}=qVX7;+!VXoC
z>;-saek*a5*UNt>h`Qw+eIAj&mQq=uYDS{IsH9Hg6~aFE;}E;8IAYKy81VfS;=?lk
zp}r^~Wl#{MPjxhBw!M7f_OoLxQ8m16yg*B+v0a;CW{NlA!wbw9#O{|?ZSo$78m@}`
zx+W|N&@|pRV$N(|pw@QXDZgUpt)XIhr#eX>CA{lFVf3BKmqz5ICSay%3&Jodd~7h{
z5QDg!;Ubaup8KObKY!Bo8g}}mMU%MaR@h{8m)4jXax~wwp{#Vho9AK`b-m}_OFQzI
zf~K~m{TbJo^>2E~U2y%dz@9E}Vr1uc$}FH3V4DNClDR*Q!(==|uIEH&&qF>G#QtzQ
z)ME+XJSSQ;l(m(7XFEV{zoMXTQwmFcAhjJ;eYwf$xKLrPX`&5u{rlJnYn;B*q9<P@
zP55?&IOd`x;haaj`!Oa*jLy^Hb%0sN5JJ6pOiWU*tbR&J$`w~>I0|bPst?yR{aYPF
z>AqK-UtgzoPyRfIyx3P!Jnvl`sj{;8Uhfxpwr`m4Xki6DmfKC^ICL@x()tKXB;j-o
z9w~2rZN*1=I(cR&ZA>1k5%G4TiV{LBD`g17!8XgjYL7a29X9zcz{dlw%mQ+^V?2c@
zK>X?JqB)(u0GM+Nr3Yjg*G1|vcpWh`Ron~Se`l2p8EV09ep0Xh;YSv)aQ3p?oT>Tl
zYryeCZ&i$ysQBwt$Lv5FW?pQ0Q<eAR2sD42us0CZMh!tn;ZwP|xFi){DO}75;|SEB
zj~DKiy&<F&q2$7Eoo{}%Of!6dS;-ne1f1uyl!DyaeCKeS)nu;PuN+oXyL*w^{EZsA
ziqfyo2h9b~_LM;G^K;eLLYUh34rPr;^AOMCzQ?^>38T^}l)bC>Nw*F5jf3A(r{c-L
zXoFALRtUs`aT7{>j8!PJ?~ebWbrpfosSzK5&!!P`350m0zkt5^Lxa#?8HA-6NT=!2
z?vY3JXD^e<ifH#cfnHf)3j^JJ&BwqJYI{4Pf1QDu9Xv0xI%LVgjDLf#cRCw3Z_bQ)
z;m?oLK7W8G_A@!IsJpD8lyFVJI&U)X7kL$zL^YW}{pOqHHLq04>(id_h#F1@RBU<0
zE*Nqmg3<LDT)TGMI!Vr4uC-IqakR6VFTP!y1z|Khx)+t@z`FU*!ZBT8Sre^z1olS7
zIg`mHRj3P6yvXG{V<F2}v{+1IVTy8&AHaccu*rc5%lW8&?gdLPDT4%Cn@Ybvd2%~L
z99U7N%)J}jX_zF?1x;);KxFU?zp#C%KFJ;L-8)ZAx!_t7v#I$Ik#=-W_g5gmOjNry
zk9n4kmEef3wmswhD5Pcm1s_IgE5aKUeH^xRQ*w>Q!pD85(qUcEAL(r^RqqR@(9{0@
z3(3IewM$jmSLPDsXS7Yqyf|Cktq<iiIg{UG(dZux@FkUv^`~pn5x|VgpRBvGfTPmU
zbk)%q0eDGqyVlx)oMZ-`C}GtEJNU)Pux}Xq*iG|&5fjJ7agbz`=lM~f0UpkO4hGrV
zLs6Y~qZ(7bU=gOpKTL^*o7Urkx}D#r`4NLLKFNc4hl`_8>AuzSL;d7Rc(|5zt3erD
zH-t7x+bVDpTd-tFBT=X!@GJ^;80mv+X82>yK})jFnXV-lJB^EYC@g^g1UFmu6uGU&
z1RK>k=QZw9ah+%+n!>YXQZ;vxKwCVR6BT!$jJ*67tCzeeDW5#Ovtf2uRa_dLrQ|}-
z&#$ZKW!U!CM-a1S+^^oNF!T*scol6R@Zd>Fv3Le*M$vIo%dC(}J7>CjS;=9rcb63b
z6m)cxp1?;{mPCTR!~ilEUAzpFM;LiwU@sr+t%3=BY?*{S(x;TMLG!w2H}8xhKE=nG
z304-5Nyew1pTL6|1vs3JEYJJ~eg^kO%bA3Wk(kGqv&`r+{-I>@dF4h6Roi1?gMlVk
zPe1offu`5wAaPW~uSea*;wGT)qrxcXDqA6e$Jiq54`t&9`f-y^ISH7yUKaQ4w$3^0
zJZ?@g<=<%B8cJ^<ihO_Lt56|>7VYQT580T2;lFS6^ISmFBG&R6B1C%n-?R`x%P}9H
z9&FS#JpuV@@8B9wZmV2fcBpT0q+C3LZ1^?L<xS_qqTNFf2>q_|w({TY(M8Z$9p#3z
z(Yt<eFuSM*E2^<U6=VZ^erKOVC0E3j=zv2;t>$T_)P35bK`f<go}j&2gv&wL?@GlY
zIvB}W*WAllU_K8{#vifNz_`lf>PGXrh~&;gHyPZA=ks^XU*vGE?M+aSJJkM^Lv5DB
z!NKSFRr7{$eG75?Qs0JPN%xxygh~P{HAlR>Imb}tH|!@P_CcOk9KklsG>;`8#|W3E
zUYZpZCl`%|fN!I3wk)dq>tmt~>*{fqbA7DHklqEx<YHaE>E?AfNPTyQR5a3+T}~!Z
zpZs9#`sGr;U?BGljGq!);t3f((`D|4%xK+71g<kMujOia$FW$i>8Q$y`yFkDukQ@V
zxpZ4i2b~1)D8NxDWHQ17v`>xyW-WZ(t(wY6EHsmdF=8cN9jsb7xG<Q79?9(67;lkE
z|Kj>cY03=oft)G*B8<>Kw>!U0D8(rM$!m^ng1Z2WA+=&gQJ4GX6k4qF8@`q4T*0^Y
zm)JJ~Q25BkYrWM|C69ccIu{=&V@sUYvBZ(8Z-rMvUd2~XseV^KLZzi5{o=;}4z1dL
zPn<^;M~iwaw5^^hN68t=KVxaa^cz1%TCy&#S|lLb9frU8c3Z~8o^3IpCS>R~dF|55
z$Z5BAzqo6A9qDt(i2@dI6&l|G7n#~OS9emV<8765yPi}tJ3W18b=qbt830wd(cd|}
zSNE*~`^*3UZYaVPIGj_z$WHVO51bmUGM|i$tp6}XU6`e+oEpHs&O3Eg-ZAeQQotK3
zkstPa(?_XlZ8B1hG2xcu$eZR=YV0eox$gC1$hYS8*c67ArmWF8&n2N(!}gu_&rIFR
z`rp9kZKf=gk5)IwKJ#%Hg54hSwf;gT<!Y+`_FmMl`p(9)AhY6H{kRfrD&BNe^!_MD
zvom@b(#hB`>=ZWz6d%fCE~9$DD8>A=iP6hc;^*=_VveO;lNA66FAIG#1b6wq#y!Fn
zfCe=cXrH}#BM{`9qkx~ZHcY%<#vaSZt@Z|*+WU{%#M!nUDvU2f+Y%=E%qz&gH!n{=
z1`d^W{%BKEM{0B)Yy~A_LJ;i%_6Fza`?fAZ!r&LA)Vj6J9uw(Ns}TqzDR_2rvVztb
znKC{%4W(q^^wEJ0h;tpts?cJL97%iId7MxOKQppnzXr5M)4Z`0vF<UWFX=4NP=o;n
zN75j;lkkJU?$*oh1$<z2Ab1@b?&Ub9VO2=;)V@@f?`}uVd@+y5kLOyrKLt>dBFBox
z``<E<xX6(ACcu<KEkhlpVX#Tw2KmKh8y!uZC37&?<mv|+Qtrq>>6|I^o@SuUz`iJH
z?ZKh!FO*ad+^DPfo^VsX=W^|8iG}cPI8J#zFC^|~4uY)9J5Hfcl0Eofb_gyx8E7_<
z+K*CMFer!+MbHYcC$=QQC6ng<scoZ?u8uJ=gB!lY+(m4Lgw4g!4c$YfoM=I3E8?z`
zkQa0;&fpt94p&HJ?Awq*?xcA5C)1Cze9w1Y#E)HQ6QNrrm~wZIVHU6F{9$j#Yv?ge
z9M=R%yOxlQ*#zSTyEtQ_sa|qur19YP)y0cJ2S<PSe8CIwoEJ^I40}mms*JR$is*(k
zj{JaZ>~L^sBr#aX_eb~KI?VrgniBWL`LBe8(^;wSb$?hiva?pZ89&xIVjM#R+5W<S
zSd||ZgOAPR!mD5Nf5UE35yB0!{+pg@JZ87$c&ySp=QdQe&)9)g;3a}(-bXQjc7&R@
zTy>_-Gb8T(OEKu5APCHQak@#FhNSbKj{JS^?7?ltf?aG5h~L=HV2NBANA0s2Zfj&I
zO~2XR%`b>Nv{henvWoiX<qO{Z;nxuin#Gq$%l&x&2AXeEinfZ#K`iw=0#B-|!q&|=
zJ7z2NH!B)Sa-i(?=6_S54WNSh&v6Kk+s~U;0O7A_hRujUpsJpiGjZrTRX@oU9((TK
z-s_kI-E-&o#h4&F-$ffhMSehGq(@7R0xQ+29-~a($@8*2bhM(3wHagbL^+IA%9eDX
zUPi<yhqhXK2xE;ps+jXcj)l7ah&-ydJqa(}>@c(KFL5pXp{hQwf{PX8rX94X)4+x|
z>SuAWdPT}1j%}2RyAu7bN!2z8T#_`Nikh-sMvdlYPohSn<Rc3vC-b|tHciYGb4|?U
z<nDgt(#MF?7Qp2wcK5$ylBP1RCN%}_A%TuojA<t;pzwi>i3c2a_`l0>oHIqDz>JXD
z9969;Gf{<nc%)^pN#0n(F`dwp9=6U0?d!DY5L$8#fo(Qm3J>LW+4`6YX~t0o+AR!l
zQyHcx()5cd8<6<HlN{vYPb>mJVe41_iE_wW>PhC;m$nd7s+G|lo50)z_Gx41MHm=F
ze{4^8IdK#l&*Tu(4aVqbD^|c`bvdq|73f^YlL2|g`L}YVAOOF-MSJx6ppp-y^M_HY
z3~@Zc@2N%Pudh8po3`W_V@K`<0mFXXd#bT;p%2co0M3u@d=D@s%Ri6zo}RHTa#X><
zHP0KA<%kH8oNP;kom6#{Ih(BtF6Z^<n+)=)NdB-sny2=kyEb~m#b!L@Y&!r+9986o
z;t>74ufnL~9ww%1=OG`LDthi}bjdMKQ}KMMsRb?8->AiY#2&@SKsh<CL=I6=aMmr2
z7RKtwas0b052#?1WXg~k8=oPp-k4hI{R=|HC$GS8GSqk=`h}B4eFTgB2AJCT*ESPy
z=k;S7N}r@kJ)*$61TNE$()IVB%Ygx0OvWWu7?iZ|VMHugg|ThMXxSFbzr8E1FKckM
ztRjmr>V?H)^hB@R8TQ3a0xJM@S#I5eqa`?7heIyOv?P8@d6O%H$kgYDXu_5kt#zlD
z_3<v_)@db{5nq>9^QJ9UF09s>L9;)QJ7Co;<Ax1*zO>Ptsq8(1z-=~%_P)VI!px0}
zVVl0=HUF#$J_*<V5dJ<W+6p%cB&eWma^(x)iX5R=3=o<Dy)SW7WTE5)&K_aVY%C8<
zO}tp!`yf$`@_DMQ70X=!SNe?01e9~#jIfy~{NWksF*$mZ>kzpI*Z<MwsyE%g60s&G
zaPD5KgPFOQAJVD5v8KNJUOvY?r}D+aAX_4|^l}UthZ+o0asIw3l9ci?L#`zjb$xdx
z9}{gtiHOa>7sU!SGH;sX#>lFIx-d8qMDX@RK3`W#f&ktiHUM@FiQJ{7;s*J;AH@To
zv19CGn3&l`;w-$M1k78wJxcZ<S?js*rP}LMlSx^6u{qZW%=>5GIN25mIa$abaCo4y
z>l>*cd@}8L?)ooDekpLN_$u&rXkx_U&M^r|-<R2v@;4v4KferVphYnC)B>CR)_8rw
z)~m|nJb-}lTJg(!16Z1-aSsi;b;sSuq0gh^2U(ySf<sBjphu`rM#9RST=Ms{EAk+r
zp<*@als<D|-3*|re|h<o|D&f3cK~*dS9oW`dZog8fe>WNTYjayVyBB0*hIZdo1PoG
zvWtuz)u(7OdMah|GOAvG@-j68In}NI))hLZz)-G$G4{Yy<wNpQ8YNI)si)+(K0<Yl
zeqC_$NcwzjCdq7xcW5>+-5r8!Y{V`;2=&#bzww1lJ+e~)%Hk}iaIN6?pb{yZRgV&t
z&Fq2f=_Y#bj`W4Vk_~*K(c9?BE4{gx(5>Z@cY41)Px`S;<9O!srU#Sw-x%{hzyBR%
z{-5I^bdG-ma8m{kY9s==|KO1LZT9aV@&5vuIorEAvpC$%{x>EK-1v8p_`h)Of0Y?T
zRx=<iQK^r#nW@p%cw{$pVPOVUvzotq=!BG!xhN5iQYy6odzfS9?QspnZ`a^ZT6wzX
z_AYXM;G4Uqs=i&4E`M7a+!Zk!8{>ABOZvJwZw!#OwW+u^+L#>2wnUzXTeFH?gD?L-
zI1Yi-j8YsI0?!h$n*&E11LfofpGYNnwd7V_%6=OdL1`-r8>39`Xjr}Jdn{6X-Za|y
z0az7BS-fMp1s*T!w89Z^9c|5SyV5syu7IEb-;YtR!Z4Iz3qY#$fI14Hqx=+yo6OyW
zfQ9#Wu7%D_;&5F$+MpE)YCsn|w^Ju9DqFZq$FTC-024)}vnsl9eIRRJt;x;nhfUKb
zih_hKZ+h_V^i+$-$IFs{B3Nw)e1g6)Ug<v&4!>b{2{(5`eYCDcL3Pk8cw%=11~w=n
z!0OLldTdNls~#Yac2~3gD{xTiSwN1OCw>aeHr{2m>q8g?6o#WrbQ#GA_61pMqcY6T
zZ|eMF_to+@8$X&$aH|I{922EM!5z(8cQ<<w;ch2Ab0lD4SA)t#i84%<8of>29~DBk
zsJFIF$A4)=RBsN<(?A_ryr;`d?*6j>LoWDlasV4aXZNk=EJ8d9(cUvjV9)H#|6(h!
zXQa<ywa>;(HdsEWcbwifA8JU26L$VdfM8Efaa_nU_EySfEwE=L@&M^M6Y@#!pD6yn
zI1Q|J8tY~GKS6pHVKamdM{PlA)c=Oy*+pMsmrA3<VMrqJ$atBF=mO32naKXn1yT+*
ze#4`unFJCdVRVphzDomTKr)=fFCb`>U|&7@W9sQU$ZmTH>rd1Fh>AP)iiQ3E@hJTB
z@%ks_Lr0rIDk@9-Uqp-l)0Y232Kg`Yhd$p+jxICFUmSY>Vs1<YUV?WaR?=y|nQ{L(
z^djkQMY%rG7LlcTgr}F}8Sj=w2bI86oVu#YlnUvL?~?SamtV&FW5er;7E09BjjY>_
z7AI~us~yD8iN64QA(BYQvCkqep#5&?QfZTX#gsjY6uie)-ItesR4>uz4gKcmztI22
zKC*&1LDHComjOq^+z7}|b_VsXf}SmsadF6O5zt`PS>95+Qo03UB9kEnZ2gi5JEoVe
zh_`Fou3F%OLaf@TRPw=lGsRr1gO_68c=7;3H_QR&;l!<$@@XvVogI6PG>z^&wZ|;{
zfcsR(^{v3|4yHHWli<+opDoK>Zd?2oy|)b#Hk8VM5|To>sxU2+sb|KhuAquG4Da<5
z42&5GiGWk%i%k^GF02Z0#GL2g^?ZAr1t5%>mfbuGq2Vi!zVP-5TWH>zcY22KG8Y@C
z2rtlssAFoOMLj^=0NXN;r$BKZjIm#jITF4GH+uO>J`%D`?L^z;(2icmh{oiyqsCkt
z=E!*lk!L*bON$mIN2O}6zqqO&>V&o!(1ujNaTvrILALpW&bhH8RRj)w3h%7IGj>3$
z8_>MH3qu);EKw-GEGad%r&9Onv@yI20<(BK+C6E{3ZDizQYQE0Sm!wThR<BQ=<xB2
zghgJvu^NLFcQ}Ac8&~?8SuB|jf`*cS<(~ZtikbP=Vfcc`BU5zGD)op3&3uA-P!N*5
zPYlOkG&G)<G@)%URimcG@(nlWFODH`0@$5$Divq+DWt!ETf$5+!CW!P+|fnIr9FN0
zYDF}%VDL4^L;S-;-nbUuy_z!vTcmxX!}|c*CT+E;_ilwBz!O*j_tr`Aaj1xNGdbB?
zD!beH7$OvY10YAIDTI10I~%~leJ(9)rZ|+9Jcj~EOL(K8J6oVEQ)pEJP5UtVmozlH
zd11<EdVR}S8}5Jm!!lc+bgBj}e{|KZbnW69ApqCsCmq2GSH;qn+ne1y#HpzO#M@vZ
z<*Hp%@6RycSZ8-Kd{+d6347Hce1pNLRp|{;7)HRO94Rw?fk8YhSZGBaLoFnDt4eoa
zdP*)mkbgTIg>`(NZJzq!sSPzpSsj>JPDOC&#C(H|ko=uvPK_H8w6Tlb_uu)f(z27}
zT6fV{I<<_=O=+F{#3j6mN}EV-{W@Dy3GBf}M8a|9#VYvl5AQpCEaZGSV%zYg>GPV<
zUvXmxJe^n4iY{kbWDkEa9zVz=-N5f*BUM-i;n(M3;E3HqmB5hRASm@y-oz3R<8b|w
z3nN7CAWzYnLLAY&1mOB&VYm=RKiMcmf3?c}b=#BG<Ak(y4Tr8@QE#KtXDVJvIm*DC
zrb;fhD$3yS9ZZg&XT?2w=(;Zc^yUsH<Zgi?SDPgA2Xe<`&10zmWYl4!(&c5oAahp)
zg~IC}C^UNUbyzpFhrpvlKU(M8Z(%rBRG`W2Xt?mSq;reWh|}&eeW`9VMKmVwE9W(0
zOPa#<A0n&N{w^bC?f`KM4tyl!+ocotv93cUK4V%vAnX`&tO1B>Q@4PHO2u_QHdvwz
zXWh7fr7bYFQ9GmAVJO_R3_eP~UxEb->D!;SK7CSKe+*+nnd%}LTh!^*c_*u-wKdVi
z+vKuv35YDU)O2m{tm@L30l))`Lw26lGsC98c=9!DTGQ9kzUm|FFc_ddEpWLBhqFJd
zCv$z`>p|Y$EM2NoFWtyypy?CO<Kq|aFHC-cWbe=DB-Y?mupjeFYy<bv6&diX6}VtP
zn8a|nOxdF8+OD$t*tN%yxz<|vx_y$4wnDD2h<hBdr6A0%r4Y@MTWB3`h<j4bx<5Ie
z4YKxBTGsE<3!)Q_eimI4$GuVIz3}w0dReQNH2`oi7v}zX-bm&l4h!Khkz>nV*xvBp
z+;UZ)cDI^fY{_9t%zJxx1(!)U1Ccp02|{DI*dRdU$<nEX0>Zg)w>`bYC|Tp=sXT1U
zrN<A|Kc_(G%VrZ<cGz%u4QVtW_OaBKYnAJw0ra*Q3tT0xQsa@mU&a)TIg6D(&UxCc
z(<eq+w%^et>q-w?Ebgj(iPQUKqvCx_y~J%ab2ZA0@J5}0(C_b`QQO^%?9hme9Ej8Y
z9nqC>YthO16NvGv1YewO@?i;Z4irya4v6Gqo9ChH9)k7XV}?p~2UErrt1dZSKE)NG
zcMW4SKV;lo$E{U?$nS*;S5?BDrJj9VM)tV!I!is>z(-D$eJcpjztKE@mb$gHSC*OW
zsq<#-p>v<(;Grao5MbH^YJ!7fd>q64_L8dKA?CWgNIirL(1a+N3&TBKdg>ia1Vx7{
z5li37WAU7-^vvH^qHjQU?P>H+_g@7zHI8_or*{_lT1*Pn(<38q1FfE*QnH-|0P7VA
z+)2P!G>vB(oITEVqhSxIFxnyqpMA6KnCPRes2Np0xu0)M3<`=tTkVKIwQCN0j2<94
znoitF2*C5V%+=;iMw0#zg<WAReBdtrNv~_YT~qm<!Q_PyFA6v03EEeA8B2!EzZ2qQ
zhi%WIrlH1y*d44rTI!iSwRDogGjB_7ASX1u@|v`1`yDs&^&0j_$4-u5U^lz-T*#ob
z0atagb)e{O>ZM^-!k*mma#yUG`>f{D>cs(xk&a@WplaUE({|b$?Vnz=)E5olw_7PW
z_X4i+8@|{!sOXBKv0kjAJQf(=ABv!MR8(5rHL@7v&slGZY-MKmmJQ#-&F3OMUoV^}
zK7k-;9RnnIB_i=-2=8&YD=y;fkDIF|B6OIo+=s8cxe52;KrS?7D?*dD=Y11YiUK#l
z<CB9sHRitGWEM9ASW#Y^EkHVI$QYqXYzrMNQ;QLjEq3^Nm1Gk^{e#ovFx)`1IC8p;
zQPb;w>D#A36Cz`vwP<wWBr7G%&!wwzi?GG!@V_kt9y>@q>Gtb37X$gjIv&A(x#49k
zF?*6)u4Zw)S$DRNDEr(r(RBReL=7L;+s~fxnB`>H-I{L*`HzZEjqsTCj&I`e_9C?C
zO67$K`j_kLJ;H#!3m{qv`uI;lOIPPjE%3sRCSXBVh`?1H3#k30{-_eNPE%7_ao&hp
zyU5}5kWczQij!3K2H@|EaPS_BIKXTfIU3b5vD><}rx=r9BJlly<Ha5hI4B;Foi3ub
z2KPXwbJ5>3PH|^`uObzl3UsR+SE3(P!CzLA>w3dZ-%~#KLj0p^u)C9+fhhTfZ-Ee>
z2|c${`8njIDIOQ@CO0Mv%1TRv+b=*NiyVTWOqJ$_;G6FNt<#??!<CU)$8XvB$KRH>
zr*mPrT~|-p4-R1}>nFW`{_~x_Xb6pYBeAhK>N@6)@09bmBt5=d7A47E0)M@A_6fso
zS!!@Nmq(CyPQYcI_AZ74-lu=)QeYhBZIGL4A^xGskgb{@!6g*<W&REP{AcAgel*1h
zyQ%VaN<%>gi2!mn?)#iOuX&j|m@T6q{uI?l*;8nwl-#Ktb2=NBOf=t!DSJQxk(OZA
zH*_BmgsM={!gEbF1kUNp6baKR3jY&udM8w-Qr4`b$bjgE#p=aG(^XV;E=fw-)7)jk
z9_b!0tEuJxDT97?a(gU%+5)8IySHSwZ_yaa3ZBV$`4i{@fQvrm*(|SrX+!rdHs7@T
zYRPDm(%#e2R1QUY6wN=O6Y7T|A8TFJL`Lc<$Rri*S5>Sr`OPW79vuE9Teww(p-*+G
z4!-9FyYGoaMZKifRJYiGS2@4$mS0GMUv_pxMH$I>inClC#4>+SpXHO5CK~s+aoGLn
z99>r!>%K*}lUt`%|F~#yWwb^5=`EH=LzoB~lEYU$h|otxUs*Of`9%qJlz?{`Ed-)E
zjebNdrNv$?hK%hoBd_l>XwYs(1+m55v&j=4Pp8|ewow^t&PO+kL`-Y0QY$|Cdk<8e
z2ioVtwe7r#E;x|<l$vvO!|wOFFo?!|Kg3pv+$*GlW%BrlaCO*bFO-DX1JR<8<I5rV
z>#^;E&8ly%2^?*@=)>~+W8V<g)|e6VO53;_$xR6WH&L!=a8)<5a;cAxz`V=k;OGLx
zTxhFg1Zb!O=C+*eZEa<d(-a?4I5<ZXL4$S{_9(gJxtk~6b?J0RQkD#-&%ElBnY=Xy
z<lnPE9<<iHDeFBm&(q7e+5;^2->O^c3gs*hF1-BR#nL7tJe)IcR#WUk>qaQs>5&o1
z_(|VPhkS*$oS=8{M|nm8P(jS>QeWTtMr6a|$H5J5C0QI=JQ873gZpN$9i@_;z8+hO
zUUI>nJbqhHrw`71^3n17NZPq*=B3V){#STsyR^6T80eXHTtE;MjC$<PGI{{=x{2L0
z=-sc49)!y|(58-l%tBb*jstE5`MwQh8Zly>=U-8W;HFQB0@(y9#9iDi?l8GMm!fJ+
zf7)m5yEwrr-(YO?6dIR(4Wx4moTCOWZ2<s$>kmU3L#A@oYS&e(H^Y*%s7D6}j5+xI
zm(F|6yLR7(O(5Duk3$c*<$zK#=2c$czY5N`K=xULotWTX)9p?sqK?5;w-6FrkFR6R
zI5I@N1Y)Y1D)%a~p`)J6Y4=Y**@>Ee53;j2(>T&`3H+$P5(Lv<?{X-h*@>H@(-{YU
z{dE2rFIS***d>w*{+L&F`gOfJXmRfoEIPF&T*u8!hBfJwCa3V9rw47k9J{3wVs&bK
zhr1bC=1QGP@mPk{@YYJ$K58y_ix<!lkBNKZH`#dvpD+9VT9%1ejQ?tpc*L52ZCsb_
zG*HZA5<6DPiVtG6(Wjmy&FtN-cmBgQwR?fI(7s@*9VGWwfTxAOEm-Ec*RNNB3Rq+s
zb9UaVg4yu*Qrk+u-GZu9R4fHo&CGq+xmaqXdv)SNCq(+S7r5@N#P9{!KPHy6QQ89^
z>K>i!kj9ti)887TqzVKy7=GwgFM1t4-0R8Ag+X_mf*Ua4&rPhApcBzX(^%!~D}NEb
zpTv{OmGnMFQ*8M)c2Plu3_IudGWC!vtJ;U~aG1l4bw|eB^+d-EwSdaUml+5u|C16i
z<-Z0Pr!g)ACr2Ah$3LI(J~<yAg3_OT*RvMHoRlzsZT*_Vwl?qOW7o?+k>amPZ<AP`
z>~{WCpO)KW9K+q!hp}4u&z*(EMh6{g(w;QqYKF7tfxdvP+5OW2HtpUDE~dv;Xz~|C
z@|UyKemY+Q{uvAVzxR0T*pgcAcaTXUkdVrJ%gzabG`{vnI@-1iU{^iDW=|ySVY~AM
zqlDu>sz3F2?=#C6x&tY}!mLV6um)P%_Km?*dH)o=<&{hGofJ9wm;`|<;e+v|x5Ym_
zeImblHpr2GR!9ezNE!Z*xU-1G4-5V2py?wkS(qgoY#0tBo(o*|UjA{L=hv@%tFL+t
zmf&g-d0;X-2RQYi&RGw<c}<YM-EsXeC=;K$z+?XVWOuJ5B?~nZm?J&Em$s~wFd`P}
zubO87Icca|ZYn80k9oEAV2rro8eKm~6)U62NKK$G4Gwt-5vqoXm}iH^h;;HiGms;R
zpXYT<Oj?};e+$3GhNHQs+53xka(T9G<@pt!iq%Uy-|#Sd;^cIX$J+dSnsn><I<+Lf
zFLZ%Tje$#LE{B=v?|}9iqo5jR$9aUxbe?6N0TUHpke~Do7N0{?H7c4~uyNbTZSCqF
zlX)?EypXEiZ4)$JAi4(&8r2Q;Y2{?18U3n_JH6jYaI0-9Hkt#~uF>X~HuHvKRZz_g
z*(zktS>Ads+KjuZ=`WLCtO^d<iw^hx=oRa11p0>cmfR5V(Jbs2q2YULy+8ZaqMy6O
zmr6vsJwFB=ho;U{T8>st4vIVfKkhrT6<x;kiu=bv2z@@P8s*L#J(c$?`Lz@3^xoh<
z-gW#H{^~bxXka6=%bm62_1raf>6+>D986_F|0Ef-{mQ?nEdP7i|MZP{_cqUJ7U5Ih
z2nHVc@7?QvI+XC%BgiRZg}Op!5e4t3T6Oh2`OEVFJHY{}xcJDdtn~Ub|DRD2Y3PLn
zPWd~68;ZR*&b71^;QXuQf*Qu;+(yI|vb(FJ)Sw5ApYAo9olE<za;7!J^Ht@&gjjJm
zwCm);%^%mbgk-3MhbH<GoEry}XT3N5!>cdhP~<3E`ja%PJ9PJveIwiG?hKKy$E%bt
z^yE;+9&snYeVU9C-VAMb_UtvwUYdU#rEL42lO2jH`DDbzvtx16+}wd4D(~IIzX`sF
zCQG_ZLYv_vqmTM~apz{8(DfowAol3@i=Cq`(0%1Cz#-4UQOQBcn}fsmIlOI)wNf3&
z+CKe{%(e2*Ay#vy8=o}(nxAS4QxbRf8<aN=erHgq|F<g?PM>db`kYiC&&QL#-a7W@
zY(lZ!gZmQ2d3L<-G(YW}9*oz^^9F+1f+Bx2b#KBae@f3Tt^a4h3dL85M3Z{$ee-d^
zr`P|nynx%*eqhG+oZh?Ju_K_Jyryz%qIQ=5MyBdF4j(m3&J_w^jz3SnP4HgQJ&wz{
zkFLMuX1wK?xn5qVm6s;AbL5T`f5Bf^>-0h(Mc!NKVYBL%&GGl}$-myw9{0ZBxZ)GY
zfoy)p`A6076@4hPMAUWGi@_SC{&gDjboBW#SERPUd3MS9@zzLdqzbBgr17Qg#bdWC
zXUtRt%uQ~4*GU(0J=aVz;@eAzHCaUQ5n9X=e>&d3werdMy5D=-TzL*r*!-cF7VYBb
z%m290bs~16Cwcew>)FH3%e0t(aMMT>qz&-lYCZ?wQQCde3!<sg<8Vczyv38%$m-0r
zDPir#DJ8p3q)OQvp~1o=Tir~U{O{4}-DU+V{+s4(*ND-!wdd{3H8%&oanW}8uZQY)
ze{r*tN+Fn(?f*<At+X?#01$!8fm505cYV~%b){=#`l(Ect#8Xmqx+opg{BJ5HzfQm
zU(_cg0kxM@ra&Hqzv7?YdvinUJ^<iMzQ0EM$3HyuhazY!=;`zS_%oHV^&Z~!F2)_s
zU@iSX9^c{IWScVR0cx(Bv&`VHvLgZ^vz!~|9QJ&3@(DKrQ(m1<RB~^11b2432itY`
zT7~HN8?|9b%#HUM3gwpUE9`JTjz(O(1pIqNZi;P=z6ZL7A2!w-hz*rZL;t5BQZNYF
zrcm)q|B&CfdiA!|t!IJ(A%An-<L0?zrubgbvg@qEo$gxca+jgbxi=w7PQ}P{p1@ye
z(T6d-i1=SIj&>LH9L3p2^bb{n_HP|}z_%o}K2<Q^fB%GMeF7d)2fF%o9!HB2|C)-A
zwUXz*k)hV;gbWEj{V7(!)qDT;?aDEk^RleO!4rkMO7i#3GR?$z9yw^4rkVbXKl~Q1
za`a`WOF-+sfb>gtMKsgfd1`E~V5(B{E4RuIKMb9MwzncY4yFSJ7)0j6gTjOtkJO8c
zRQwy-9;*)|oME@`m*mx`1(^qHr2}2xADC_jFV1Uq&lNZOr{~pnya`r+(p%<!|Ei39
zx|G06g|c*~?74G?1KEE~&!eU=hwq++kjkaxp9}&3_Q^^2uHVVF+doYTF*$_zzKm*(
zWzhdVhCv?2|0Bp~0k?@Y`t#3(#PXJcyQ<G8$bWLwm=OY$%m{IQ@7)rj<L=pV^OURj
zeSGptM?gwF*e>XXpflLNz~|y4C1ko?W(W`46ybNHU%}S9_=k-Z4WUKo_xn?qe0q2M
zmYgpaFHS06BVp1DYPH<$mV$t9$+gNfwX#Ml0sW^>N!p5U%WX&O9;A56miXJ{T6Ml>
zeD&kbUS?_AbfF{4L~3!0vv42Sxyd-=mtWk<Lg4Ko`8``re$@WixT(gY>4Z>5vH#4(
z4S2LrL1aajPhwf3_JzjDk=~z6FbczuMu++Ibou1x4~O~{kvmE-nH96uH2J4~+Q-X&
z0%VN?TG>)7qgUB~x<aEsr$U&LOSMb+rmEQGYe(7ZgLTAt<^ZoaNjiHA6{q#%ZTyNf
z_Q&f2JoJ@@GVcl`t%C*6bAu=%utHo<H1*!aiEB?rb~j*f7^PlbT<2-Ake|1`q_0oe
z`{tT9j0Ek%r{huAlj{lk`WA$S--we-`z@qi-e3G@xK}OrSqU7q(alK3b6%=wYwcq@
z`Y35)uY1Y&u>tkMP|Ag>iaKd3v`INlAN|+J{O+gHA<HxL-(G*S>~Z}{3?_O0co?;#
zJ-XtBNcG=%dHdAhxg|K3@%7{ZLLBDDtoZYfq7F>YN8}%{zg@e-vAv_8;B;!#P7Ld<
z|F?=WHd4t@|G%B66q4HGNAIK7HzQ3;f}hQ1Rh&0b-axhhOQ1=A@sJILXNO^*TcB?%
zIRz$mQO0NwXU|J<dw+yM558Hb(W}P1@8m+G<NiS(UuR{Kny68g@8J8VGd+K|9W!h*
z0|5?Jx7kZCU-lx)>Sw;yRcUeO^AGFutt3AqYx3h2^DReS0(jUb<Ylp!Wd?>UL&bb8
zf3Tmgw$QsqFxd9B;7P^jOy<@KwC(Z-Yu5D%X|>|In<_);2e)}nSVrHM`2VyBxg+`^
z+Kb_J3(1F4EeU_Bf9*_*@Wf)!uN0N$^w5l=V(8O$-Q)l*wM|u7!iZ+#)emWM$9Nf+
zE3K|Ljmgl1s(FH<k@|p9RzT=8EvV;Odg8Z1+Z?Zmz8ecMfi>`cm-(0(%A0wnTJ*f}
zO99aQ0Frzrn`>1Dnl-SrOTM+)P#BjjtemEjdc{SUFr&ArIAZ9zQUHDXQ`hdM`R$tj
zi><c+YO{&n#e)ZmThU^{DaGC0tpsU{L!f9|thh@lMFJFpLn#v6CAd?xv^YTug<=WC
z{rl(pe)rD*-kF<B*vw?I@4LGXIcLwF^E_AzxV0dqbeYesR>K|KPmOJSj=yv3Y_Gp@
z!BPI)3O|^ZAcPH9CRC>2;8BAJNk<|2AF5WK8}k2D0s!s<%@`^{dHH%{9ryr4e12&R
zh0w5ok%%)@sYQesVSl+&=5Mt&IvoOxv@)oJp49?#jt>;|b${d=+2(U9lIR1HtyptJ
zU{gO5l@N)53(kR?TYh7ussd!+#1t3$j4W5Qd}_i(DT=$*9rE>I+Y_Via|uHZ&iMhz
zu|NRUKp%R}OtK?5NABkfc%frFkO@lhr;r{X%5_!gtm6APd_RGw@QHr1#=EY+-=$<w
z2d$IVx;0N6#D?7yJUcx*6-XDN@O!(Y`XbN>MC7Tt!E%jk`KAd<)2fBJvg<u+CHSis
z0RKRzlkuy69&%L<ezVofKu}0o7|M6eMwtAq#u5gTQ<d~+S?ni2^=od%1&~Rsc<gN-
zKm^0F8kV1djYyz8B3gwLIj-<ZM^3D0E^?SSzP6F18|H{{zO~xzbUpBG^^^_lU$otW
zZvF>mgxs^*pns9+d7E9eyJD{QB|?X0F^JSRWIb46f8s`ar9Efa`>-{`Vp<ctx-Gvf
z#=*SvAL<|S&TmCQiI$cyx{0V~doWlUcYk;387FdG!TZGY=Gy<iZvTJ4|1Wsc^NU;~
z!Kak!B_2Y{CA!_31#-M`3AXyxatyze-~N59jR_QSBYX~a9Q_!9>L(9RTq8RgCww}@
zidoFf59w_<zk-;b{`G$;qtTw_=lUu-$D;desdKp8-xIauWIxY3bl8fjbOn&<>Mp?~
z=J|P-)0}zmRJ{!RKfS0;Oi%wUI{(%{fswkS*h&Yk>y5*@3<Oc?j@GJ^^a&5hJ7B-X
zRsy;mm%*72PtbX;nm(xSC)e9^TjTHH=U?;5QqwE!{}Q|NPg^GzxsHyQ{^nB}_gj>N
z8NBDz*)#f}tU~049pgZwVHBB`RET{YeU?pQ>Z6g$#G?q^Y(zD}elN5X{`K*aN5AK*
zCQAI~B2wDQV|oNR*I8=*$jdL%0>4bIFC2Q+tSMo^1%_Bswp4we5d$0HP>8wpckyP_
z0ap6(Xt!HV@jA|Yt*ON8_|84PYEn74w^-`*t&>P9ih{y&>U!e`DH7`5Qd@`!_eGY|
zB?w_`JJ=EyOVB&y2vh-PT(8%1%X<B;ACL6ylq|sSzfVr_y%fi=J?<(p%A5y7KBUA_
zzzBgr4GP@DRBUpnV}4H+9@r5d`xm?(&l-hxO&CrPbD5)s)?|I<nWY}o(>LY_W_hMm
znr>^UIwS<>r!-mtyor2#pGY&Pr->)b^n4QN^5jB{u<*^MAxXF&U{R`xu#{73CRCA)
zttvyri6Olr$FVe~I88r0O}oL8_p{odiJ4A$Q)-iY*4%U2Uxcj%pFatsEbQo=67ACM
zQe%n#9TBj~QyRpjO30n9ba$`%lM?X+5Eci!W9ob%7c5+#z`t%2L#QPTiqr*CQkJj*
z#?mf#hrmp9h4px*PZD7`tPX_svoBIy!YM~-XoP7HZCHh5Bxk%OBpiK(fSH<9J?cKc
zxDN7}E<hV^<S`CjuPD~rSMN0<d?La(%sm2rcemaYLx*856(n3uFB$qAT;|2pH9iun
z#0V%G>5I1&K7^{jv8inMhnUvhe&`h?E;XHs6o5Vv@6CrOI=UL71UNiAp7qX0fR8*f
zQY)HbCV#{v)W3#&W3p?$Ch58Pi|HSiHKFKZvGj5BIvw09eib-3T4(AY2BTIFfjGoE
zIly2UZ*3XO92t~(ip4)QIcSTs&eBCuni#`05{*BBwBuW-d&883G-*ZvZ(k|6JlE+L
z!R6o}8f9Y7XTX}RBkE<l#C@Zhc82ZrIv$wDsm;h)-}0%r!PJZom=dMkWSQ#vNmT;c
zfZ4Akhy+wuqfbv2$Gq>S(oQE#$=@nRvGx-?TJZ2iVif-3BLhGMT)5NI2b>YL(gQ)`
zahGv5h#xtq+Z;5wrh_Jgiy9g_c?NbAri+ZC0c+L+>G3kyu@kZvtBN+m=|HSn1+_cT
zVr73~vFX?%BJug`=A)T;_K2~BpX2tb;t3rLN^msbBUy?_D9AI&g+Ub5b0Px9RiB5)
zj1w6dqF!>+vnLvJGIa4IhiYF|O#|);BGxDP-b@HIauDMtI-0P>^I>EN<N23h1$HU)
zN*}J*{I3_rr32<&Bu8Wx7;}&N{m2Cb`gH*bf!<vh6=Wl0ha^mb5hC}}MBjr!{L4$)
zzQQ6QRy8#XN<twObvkxJ_IN&a_Uaft*65HvRdV4z97=4{A?cZ<_?QR_@_8U#Q4+Qk
ze?d027-5mkj2K|=F$(w#|6Aunq6!6#ipeYuO_WQMnb>ETND<VfxOnXKBV*&HRLUk!
z_8&@MMgTW+VW>{(Kkp#Z$f#IiEnF3KcK8r0#)$<RlN+M6p`rKpT>pg0u6v6F#iAN-
zZ3E^<x{mI5Uks8(0<mM*qV>ieypF+d9q@s|VACMs31V23#fn9h#VifT#66pxSlKw6
zBAk*<^trku>Q{&9J(8si5ziR!`7tt<b+a0<XU%wDuj-OtG#|lC^jb)%k4`Biq?d{=
zgO%Po?D?UXFh;MAf>V^564nfJFoC#gEhc6Urx|%9=%=}~=o1-JshgDc^Ip~#?N!{9
zOX3`+2rIGVqJA&Pb{y2KvJduQlha|)9|16(z`27da$nw`DsR7CscmgXc3)m9`ZqoP
zW%2lm+uahV70M3h!cY^2hiYv&5(7$Jm+Z9hFq(>obE#;NCssWIh6p{z#^S_D#O(*z
z;ha%n3E2Xo^{8;)#sa2D0NJKLidPq(Ls)%6<&{kvbc*@J21}|Y9q`2_iyOtv^c^g!
zUVQpP&C)|I{pU_?{kP13Q2#gfM53$&4fX_f46IYYV|P%9!C%F#JCMfab?_g;2dg(D
ziPua*5xRG4_r%XdwC@TE;%?ym!fG@Ya5#Y;z;uxSZv{^XN6`cLCqi3kp@Vux#(HBW
zqL4}Uv@w#2of6B|0{<~F?x4TXW8AmaYGGc3FWplao|c-3{Y=k-ro_*r(T&c!L{`I}
zT;KPxbn|ROB#fP?hlMFYwqL?A_f$f2IF|n~aCi3)57Bg4bktp$qw|8r6)C`uE|{S8
zZefC~>b|>U{i*Me>Tw?tK{8QK3j{*91aZdD9{Kyrt{W>isi_*7u=8-iC4ly2!`NHI
zSam{=$>o@+g*25fRbo@5C1*%e@AW@n?*nlh0B@Mnx_}JS-@~N@kp+b+#{6n()D%iZ
z)XK%6bY2eXb2l$E?Dk<|BF%ZPh>g8i8Q5ovOM^{rjKQiF|J_7dw-2&l*Gu~$OlsF%
z^VG`ia!NtDX0l_;GjK{j#qbNRE~&QS^g5n7Atm1s*c7Maoukk<i{i-730mpZ(Zsm-
z{xgE{88aIRwo&mLqyUwAa(p>v>_4hnSv>Zofqx$B{FU~Q0Jv-B&eVj95nPfkvnv6$
z)pTfRb&XvG2IqS<Z;rd_$&!y0-^~AILe|(j)JV{`O(FA!WD^ftOdGYRoKmynM<>@%
zX^BY<y7*}Kqh<@IqZ~n$e$xy*P0(`{<^9-G4c67Zy5Xm#RU%4Cp9dLlW9DjJdDr&a
z7V04g^EPM~bo@-o<tV+3a1W=VVz<-Q)#uk8S4;Z9!^8af6a4^TX^lRnpabYPc+~Ev
z`LtyRprv<2Ao>~71^G5^Y4;hGdp1@sov_WHmLqUznLX9cE7^3^G1j$&$hF=T<?tE4
z(AFbN(dHGTi~^0(8GK||qT&TbmuL&eQqg?)Y5oZ@-m+<eu##R#2R#yKkQ8*lj?Soq
z*#TmjVD^oKKCDTN#g9Ig@JP>!*q>gK;*FhVZQN~1NNr$5aLp~ezcWL8dg)X+IIrFi
zXxhb02m6jNYyq>MI@8`+r}1UIM>o{AG&ZyIgt!U*T(vQ!sFeOR@4cS?QoKzI_p`0+
zY!b<qxWiDZ-&dkvZnm##g+0G<$T4=-HcA(Ta(|lP^>Q-0;_E643rTy1uBKL)w5UxF
z^!SUK_|sv%dgK3&*r*5opuRl!+0)Z87x6pf>HFVaoO3@yHNE`1^<OQul#f21?mo*O
zM^<okjOR49%p(eG_aIJvVN3!)c10SzCOf6Sh#VYtazmSvpl9m~c5!CzHeHX?yXy|@
zt6yC{UDxupvcxO?gE~yZ*~kic#f5t0udvFbFrADMN>ok1@`UN%-G1VdtzZQH*60_*
zy4jnMU6$R#BuLI7UtCN@njK}&h^)BJf*e{K{SnDAV60<Y%tj4f0a5@!4NEe>9HNI4
z6QlpV1;zDJVs>@#l9d1X2m~WFxS!GnX@hQ*F)_t|zXw&~R`^ZZjXFKlBE2k)u4hst
z11UR-{ejLgMFmt>)({)d0F{1~YxNJY*Yogj8P(7MluXGX_}W4sLiwYuGH&Nt7nNy8
z?wa0ZvkakO-P1njM#=X(nX%200?v;<v1RdDt4LDi59#GEXUg&o?Y@z^3}PAx%qXG1
ztTO~eVUZhDM_yyn2alUGQqd%&_!m_&C0@-;{x3@VW0sejPL>Nd>Jm;Ct!lZ-Fyt<+
zeTOF(ETVxi{ZV3p2VlVucBZoAjjNwEN>3;*)JJ)AOC^2hzs=va!TCg~%%M(tT~n<)
zxKHu5XAhkweLvdQEWdn1$7{S4$nQK9QHUR17vJg-*%wFjtoM^ff>0z+KfRcQU}gtb
zgHPJl$`o2|50q-&4gR33Qj>|0(PpoJmw&ABpX>J674N2{O)pmYK)oUQiq=IraMCGS
z4fA-xMIP6uLCkdG?oJQtixRT?)7PL}=Sk7h9EDG&CDGis<abmZ%?0tH^MMKdCkLD_
zULAcdqYcX6tf)d)%m#N|=58Cm1%u5&qwsdn5EurElF9o~GG85JfdoMf`CV+MWiVZc
z1xIO&3fcBWZDx@~H9)klkY8*^g`!#48wFQHJ;yMIDyIsD@&+gH8?>y9;dF(>QQAv{
z%)Xd$8&7jf3wboi@GULv5TmTXEYJDOLD1UB%l_VAkLqao`R2N~6gyzR4@URlI=k(u
z&sic6z4<SW)f(i{6qpyC1PQg0Seji(lw%sVQ7>_&`_sZluRU&fesT>=<a~ZSDgn_O
zV`5F&gJ|@n;j@6PRP6{0$W5)%zQ-woL3=6D1=i-d6BFM?TO?>dN?F#^%BVZ`f49w@
zbjqfwtJ8O_qjBJS<6FPxC9p{P_oI4|Z{()i>?8nx^(%J&m<T<cC|3(1onwRHC(S<1
zpL_FDc^-K(6+fz5@?_vb5XX!zem_0vgj?iqsHAN_t!ti)&w=~iPc(PH%hx~lR`)<B
ztu?24zb$`MTmFDg<yrnHGpK%E_CHU9JXL%RO7fH(F25Bnl2e9+NENCk)D%=(9`pJw
zTc!<^#_Nj~nDm0SLLBM-T|JO_58l}R`6|jMZLZk>6C{Be<Y8p2udi!;ulDbI9{hJ}
zr>DnlK6mq~%IykLlJ1kQF+)GsC(T({eYm7T7fh{~m#vp2HB=oX{ghbprSsR-i`<#m
z>p~77pi045paN|^xHefhC~c3E^AZ`g`J$vgoyRHQV|IX(A3<>&<d;MDO>NU;RZ#NL
z6=$Vro(7ew$8>k!SVEpW1^{PKqM{;%pey2u=-t(|cB9uBJ*^j~qHO<Xw_t77|8*G=
z+7m=5=72-&*L+=V2zp{7?CBWH%0@WE#zWTi;)v{1x2b%Z2jR&wQG^2B#nS|G;QOMG
z3l`a^#q)M9r;9=Wp3O&A_;Q2Z$x1@tl7c7d#!B4gS)*@BkiRbuM9=82(#mT%mg&_<
zW`>(i1(zYeUK-8B#O#Y-;RHi-OR&e)>w(#~W_<8!7&HVqr~W8Zf99shJ}&tsD06$S
z=@yYwCeeEIx+R*f@YPuU3dC_r?o_tx<;hH@#LTfDFB&2Cb4OqT_S*f_U#n26xU^wm
z#k1!r)DfA_XSE!;;x+ER7|<#L(YC8@r^zb&xtF$u{JA`mad2#DO6FKq1sBhUf1#p>
znRBgp3%~m1*(fTM{OQ|y8fo?Pt6qISCjcOAvQCbp)Fu{em0d-L*Cnsw@oEU->@mjJ
zJb_MQUJw=W@AhK6>^!OXiVl=kefReY5CaZc<Xbc80X!v=Rd%VGXhsKCd7428Bv8GV
zF{8+@eoS3>u~8XDL9XRw@+3W2M;#{n1G8O{ug129KcP^LP#?~2OHT|F=&7F@A^|nS
zyU`wbDk@~$m-Nf-2d$jCV=E>?b7C#kav3XkneW9sS1BEG;`c}3t0frxu4YynUi8{b
z(eUX+=<zqx_)%|6&cxA5%NIj&+1<xWYi+F_mm*qC`(47VuZc>R*z6r9t;H6r3}^R1
z%xi}u@0<}2J9^O2?JGlKQyOEi{q(08EOvG+emojX$Xv-pE#dh1A3y<K-YH(_eZdNv
z*~W0)D9rG4T<*ax<F1@fd?CS%@!4|sJOn}k{w&3e9QoJRQ>>OK{?0I{2E}9jQTHga
zr>N^*4NrnxA}WFX4_>-45slGIQK7+Ead8~hBI)-5EMnyyB3m_LexQm_+zwG2e``*8
zOkK|W3i^T5Lr-l2n(%Fr@`XJSffie9L4UZ*F+Azl#HhL&U80(87F|jz#^D32;hB;5
zhi*?yhpnI9F2fe?SDyX7{)gaq9{sKyi{SBr=Zz1?Sw_5CxaR56FoYi{D2!(WrT{<3
zXpP{j@p2Ls^Kg<$l8Y(xsE{MFSZ%qk9!1iJx3K|6A3lb25d{<;FOtq3;0fb6YZo!I
zzV@BvK8$%vu4n35e8YTssXu+84a-xoi%^VIrN*TcP}kt66MRG-Eh2?+o8j?9B~fcn
zaFkevP96?@Tkg>XSKljkV^V+|3qdEH_bd$%=WVFtKk|n(U}K?PJ>@L~q6TwjzPppo
z$>5~((UlMWnvc&;)Q*`)r6G1bd9ohIMRq=hgw<9GJB!Gn9Y-Zw6Swb`(vXlQHOBK<
zWUC|11qk8bWS*3Rz5*kQ5=<hY>5F*xvbPI=5@dTM2l%2XOf3W)Qkhg7Sg}X@Fvmz>
zGgde>ENB~j@Q~7j{(F6Ql<#=4u7F<W-kyL#!}3G<;7WsUumI*AnEOH<%<(;SY^EKG
zQhp)MSuz&M#!0AD8eeK(9Qj_6ZKh^Wir~U{T?+7q%HFm{D5W&a?*MC2aFmYfb$Beh
z`;Q`Kplutgtr}Yu)~J)uQIQo;sV<K9rolnmr3x=X+e!Vox(W4bwW}V7b0xJW>)b&c
zjOnP>cdw)u9*ef@@F$7lfLJk;T8YKM4pD+_pI$#6xrrhP%bD((`X~3Qy9a@(&Ntc0
zPxthh?%FKa=H4KJkB}#5Qh+TU9HE9w@q2)!jhUK^(=H-cN<cIrP8N@CDXVQnc!8}T
zt5O3&8@4?$uZjS+4^bAM-20j*{VZ7<6_h+g_#&(VfajQh3a|wn7j>U_9lT6%+%r|O
zuCQ6+wt@~galE^`1Dg>ktD6Fg+hK9#+SoaGqh>VWgt1ByjuB=wKn>j8PryA34ZCoK
zj$a|9$*3dX+eopEvIL9}PTJ}jO#a5*L^wWDnaRG-f`?oK*A7pE2s6-nQ*41p4|hd(
zq^bV*(Y~SPPGD3b$1U(#apfJQbNlHH2oG!*D{O=Zwm?A5SR;!Wl#58%vry!L4&7XN
zPHYiXqMbirT}i_vA+f|M7er6kv3A!U6$GVv^9&GA<W_Nr0=3kr@bLZ{89{1Kt734^
zTqhrjy%S$Y#_)u`CGp@YXeF!yl*&mS3CB)=PeQST#-L#yadD?2ZrJiLFi9@+>o?DE
zCb`C2m;uke@r0f|X$l=65~!M>V*U2HszICD9*0gyO_SBp;#ZZ?V+s&ZRpb%-e`CXf
zaBW^ZgSEE9c9t*A{HMI<hP%CkLI7kk%E51pwfexO8f@&T>R{)Ie&bRx6YY}4tO;W(
z(Y4p9vMjZ)h`4nk*56crcZIMg(hU>SMbNw>*R%Z>9F&B+PP}WPSCeb^ve!X~rRz}3
z(Cfx+-F2v5&gm7r#J+?BHxk}x7harg4{~8JS(A_Idf4-}z=!%W8rBc_GAAe$D+WI#
z%Z4^>H-6f+wL?07vz=;unxrq%yKm(&DZaD<oy-X&=Q@gk?zCEVp3ZAGrcCgzv}cO@
zSEcf1K@C2?O!3HSmq1P=I)W0p+P<eJrkORE=&xpVIp#>O%ny0_#!fvN8ZJ31b+(u!
zXstsnBa1y+x&F3tG0(%&r3b7*Sykh2p?O`h?+iTjb9dc-v<8)ea_R+FbCz{6WezK!
za~yM$tywiN`AIm=cpss@N7X@+C39(kKVC_^Txr#H982TUP=ALzK;I~HG#9CdC_xUG
z>-egxb!=t|=e=D_kNiQEMIY-FDW#TfphfNQ^7?F<<R49DXKKad<T&Yd@!h;V<}yL~
z(?O&%I)t1cKQoS0qNXe2Fe$%;h=PYKsMjc}6Gz+ENGvV^PK!CVnKJ}y23Y2`XDh5{
z-O40;L>(9$c=4CsT|`|kR5YQ6Ui#1F9tT07H4ya%`!K(`k4Sr>8JENm3A><>%h$>q
z4*uvSo#E4VNl@p)TUvjwhFkB}-<sWCwd6mY+8&PJg;m#`&4{LtH!r%!r{k7Gk)DrQ
zY`kXfUs_$Ruo%Xk-V{z0fVFB^x_#W2wsI?fZwHl4A0FI3o2OM^_9C=weepQ0c`>cq
zV?1!`1=wvj<J@LCDroJ)r)B!a!?j%5P<>9f=ZHJc(}RVzgMiP2EJScD49zRoWjhFp
zsTd;cLTO8bzRx&pN_LHb(lDh!`sjDsAPfa7RnRJwfIFy08zhvSA`D9teWn0|VUgT-
zWK8aOt%ro(+Jriftg*hw#*%h{vI!^9p&Ig%6+bU7f7ga-l^difdjfsoj=1oL!kUFA
zoafPa!W9GBp1%%~VhOC?O2V!AJ0<*v{obph@z8QyC_RdgX-`vj<{Y0(&wOmvnQ46<
z$2`+mZfF=(p5n_urs_0RlA;h_bbwFZQA-t%ZWVfaplwAetMr$UzCD)DeIdDGf!5(`
z4(Z!&`A#p1hGgLW(xD)UoVU{}nc=_HJUlD=9YeAQVx$>GMXA^VsQ9KR`sej+0JooA
z;9V>va+P7tBxZ=X7eJg7Cd8|Q`!&_>M~Y-yPMibHuiwb6IpjXqdB8~4c$wO!yg`6>
z?l6I$IFX5pd$|!UJ4iwp&X0|)7N5duUr&=NOsV1?jC}dLxSt+uL>vwTGE)QCo;)ha
zmEK1|m9CM<MbU*v@x`t@_+aw}9suOa_pg|PID+a`001`}Yv8HV8vtN#{_fWa0N~Cz
zx%M7~@yq{}{yPmg-$E>`dn3Y22mz8^h=ru1DC}|97ROZO+!*X%F<|!u0HzibKvD<*
zkc8s^T*)x@_K*S4ONXO`H4u3GhXHG&!;kGvhj(u(W+T>pJ3VlVxBd0{Y;7IU=KoF?
z6P#_rN{(K;1VQxy|G|N)2|0UY)}?C$`Q>EaBG~AvXm5#|r-_5`@6l)R8gD$bM>N)m
zLQuH#kMPUJbaQu~nWG_g(LW;+Ct$FEvx!ll*U`@!FVT^vokp0z{~KYrJK8--x4N8h
znZ;+Vs0i#A-vC;;f0a5W3SY-l-lfD&i?}|I8tIVkmK23`ySKlx7jivlNR_u1kx_MY
z(QTQ2Y=$qfNN;A}-I_VXEfp87!wOJnHC<-_VAX!*7BKxC4aZtxz^YtZ{#U*UpcxYI
zE1dNG-%uHxt%_oOBLILe-1X{`tB?gB@V?OCRk3Qv#VsP_+_k3qMN#*4$K$Vs=ZzC+
z$?;u7sZ$S<9UEyD{w=ZJ{*%atrgiR2rKM(M7wO-1+7FvDNMCDiZzSJ!|3yoylN|T+
zPE^ifcYtUII@9&2OxeHH?`4n&vUN0{QTun-niz?7F!V11<7$dJ?luQ@ZH>BmeU^9;
zfbf6L_Y=9dwdR>Q1%4y?40f^osbI`|lR6@nD7@}%VkBUT5dRTC4P(^6A8=C@zi8kc
z=Y$0;93r2X<cIpsJ=m|WvwjDHP3`&EH~PZi7$a4%Is%xXYa7+fl1eO5D-MXwk}!_)
zp*W{lNS=~jX$%#oHkPR*DpWS56$ZpA#s6nzs0$0$o3j;Tmv3)R{&;W_dXM}1{;vHA
z)gs5HU@c{b*R_i{H%vgs=<fRU134l{4Lsw!<AZVb=4DhnJ}A%$_tRzZ3~`XZjkIGI
z&}79{){rX3^jihS(<;d%iwzGB_SL(8i0LBA*kF0mWcuLpK6JZ)Fl#X4F(yPzq=pIm
zw!J1!DCJbeK?Z-XMacLRtqCgggJNS2G$QTdx5>8(x33rKP4#X2uu{#L9DqsyjIU>+
zjSD3V*meGyd`Z%*d*d8&)9NM?e$Fxn2CC4hWBROWV2f3uPZ2(r?_J{FlYJX81skCJ
zHT4&XEdzywDK?(sL{W^^(Mhoqo6`ysC#YHU{p*jx>&^JFJsv_!jP4xHlfu?Xdjf3q
zX>Npq`rF?d18^Ou!{n|{LPIXEMM58TH?)Z0ql4<~yqMS&3>G_M8~&A`({J2;;BO<@
z8cHmOa9h)sY-D8Pj_E$u&eSrC7dKv-n8}teiRj-8fg-iY%21yo%khP54oHus!Wh{{
z(7d%MwAZ}<@`E<)R`v>B-aA@ECjkD}TRr)ZZvUOv<%>%D+{ZBn%~b>L_aslGa+F^C
z34lT?-ERH~3km3H>(R<x4gdJ1=FgydG_ew^T?DSJG6p=LR8V^ObcpV8!Jn){Cw%Us
zu+WeLMw^g}#%odehja{!J}bO3RcjCc_7*wR6)I$Bpo@q?7I83H)!z-2^_mI^iI3>~
zA#wP~Sw`ISCfw^-F1lY<wx(Ycf8tFeKXEC!3LEZVxIhACTyOyY^r}t9{rwgCm?l6`
zM9du(XSg@CyK#J3RX`6_2|a;V3JYn|g;Rjd+=rLMTt;--OeMuzUoNk2&GlhvKO^PF
z=0fHMEOfb&?%-@`MSjF(i;l(tMEvX8nSh`vJBmi>iY|)ZD#Jc=|5EZdtNwu;J-@yd
z6+LB&xPgC3Nm0TB+l&zdc|K&*lzfS0OxC_vRPH6eiby6u;@acpN$yc<I~5YN986xi
zp`oYY2#+LBu-{AtCt^SYhZo}X^yC#xPs^T>?H;2Gg2}e8_vEkT?k?A-F}t$08+a9Y
zwALV&x;0AiCy^Fi3(xm265T0Lb29a8`a#vigCkP0)VV}sVQE{}mWuuYUZ^d^sxRWn
zpV#xvz2DCDJ_<Hfif}G!Yz%;$o<;}~jsEC(kyNJ__%jzpz0&9++x2rIR&Pp3!Xiud
zt+*93$MXo`^mH6CS&~g*4MIGkZ}d^YSBqWMo3vzA)pj43^i+|a9B(>u0?oMrVgZz+
zPh+Y+NK`lx*1S4uhm1Q_eSVDF{;Gd`r88B=@6^u~#|2CwRzfV-<ShyCdI6RS>KL2$
ztQ*#mf7-D<Y%MX~p??4|06Kp54!qb)V*|F9Zl~!HN|49Sx}$!{9M`x%aUa#vZRH%v
zo5~a!|A=tQWKNn#cD&5ieWy|8dRR%9Bkj8&N^I{ycbP|jfolJ-=I(oI<z*LMZY?;_
zv+GQ_({&*EWguA8=m}F2@>tpQmlBp%xDh80ABd8*tUM^|C3=IO#L34`*9hK5t@`#3
z)%vShH@*JX%Pb-DAE=G2$+RQ*1W%bJkv~8G@3T5zL}R%!K1+r-*X_|>nXmU?M$z9w
z%04aUP7#*;;P#j~1lm2|lK!Wqn92<&N9W;I<Ci6wf_J{6L3T3euU18iNp86hUY=P+
zm+Lg|YUCnK(?ml9J}Uf1zANr&2xhS_2s!7rG_)Toc-niCc7t%>bf3IHRL@$ue7}a@
z_=l!;d&{(seWs*)tTF7mw%TP;8TcpiTSv~P`k#FM<CAIa-gusO(@w{2aRc3jwJv5I
zW5ykoUDpf!$w<pq$>Q}8=89QlF-^H;n55m4*7J|$NjG|DAypLoOh@f(w<uH;aa&tY
z7t8cUP~7TcM9Q}VNngl=gM!rwi$<l#1)T1DgM<+dzz{90u5ClLF}(eflI>WQu#`rP
z9gJ1iRucH$j&bs!7+!u)uXkEZc{?Rg$g9^Tn7^W;v%9k)7pQxV8qbbO)E|;MTkiBh
zuLISsm&cQrUmUMmJtBfxm>UNe569@ViNmjC#wDgd)xQ94T*#oTNEZ)MmQLr-eeG!K
zZ;(mP#^Y5Eq~_o3wUuHIkrZi3(BQ_PIB1Objl4~2=<PIq%kS)^_g5<EJ<p858R$zk
z&8|$^tC8`mt>8b5U2=R$RVQrm^@Dl6g<IhmO-JQq(YUy1f^%}$$`1b^G4$B0EUqFl
zh6RYV^29Xq2{l<vgzKLoVu7o1U!>{HEjF8zRrQljT{VB`O-rWh!G%@R`F98+$z)qX
zfN2_Za)>Hwljd5Dq}D`~08?IvO9Kk+X|iymV_4tl2}P^KXvL6)_ll7wvVx0rsG+z@
z;lXHriSr&jTmZ8*>hp5*F2hxcNSQ+;kcRTHMoU2FI8*r>*UrzUeF2@dsxQ9=-k?w<
zO8ep_`0zu?F0=Mmb8JkiB&KmsaDLR!aBgr-EQV`M79~ateLktPJv0%L%qSA2Oz-p0
zKx%pNki-i=B99;5*JB6pLE)J6Tn}iqZY)W&Nht+To-T(|j6FxpRiHxDDfWK7@8T?s
zw8u@}hA;91@RQ>bg(`ps_>V${`;yh-w-tnZcAvb;_(w&&HTk4Lia_uk!+CI5vcuR4
za@7TCga`QFkl=ocs)cvo)>$_B8~&6ONOX}Y^ydxEfCc0o$f8|EMSan^JLPvfoEN3H
zXVZqM`RC6By#fxWJT9dJyPt^)%zo7dO+cK>Jgvqu<#$$hR#v%!d{0bkvi>iqX@k<S
zCmAzrLN1ZWIfU=!!sX&Ej{teXW5>nHN_AxCymuDl^rg@tO*;X%<m4%|+&zT!cH>=)
zaa_B&e@K?=&G*0;l>r$@KEmqP7lz`=Jf;S9y!(CYqSf;T+K1=(lRLP+Y_%eJBY^{>
zyLoQqe;PNEaX!AJRp!V2;$nPGAHf8+GWVyUC8f}){$MQ><5KSQHLm=&w}bH4vdZW8
zM$V$zQcelxdJP@{lrGajMzA@FKOp0}mK215pi5LT<Mbo0nuYgd_)bG(Tt0b0j_$jA
z!57w4YZeNn_LZG$4PbN9j!92EvjyU{6C;@h#&$Zc$*dROElCnfsdyMdzwGOh`(t7$
z_50Iu2}TjqOa^OR?=HTbxBnH<GjSB1Y>MlLS}^Xm2IiRO$dBbSG;9Zw%x#^U3{nuq
z2$(KSBB;Xvk0a7Fcwij#kyR$_%B;M==-zl+O5tdGp%miC|BP($R^s}iyk986smFug
z6R)7#wGe0!H+o`J1uzPS*V)lPg_Mjjq_-l=+fY;2l2<I7RZJ4WuR|AC4BRI1vp_c+
z&V9n8-1SsRok`QnVNwRDXaw^VD(%za9;c~r1lGSUCqPj?MKSI2*4Ab~%4TdEE%$D`
za($ijR#6cS@3kMs{RqH>S8ril^aXhrmfUH6n_eB=Y2P9itVbzw-DF&flPwxKL;;R(
zfm#@ojETbnxS^qG>*R`t=tcegBkBB<e?sL)i!-jsdMOPfh_qC+V}%sK;6XxiEU@XS
zXMzVqIs0SIzLZ#5Az!TD@j;PKri!k=Rqo91PN#e5NzhnWvd8zm>Z7H^{%=N@H;)xV
zk7R9H?+~Xsb8m2d_7Kea_Xm%|r@i*!#hWQg)L^qPQBWyF8|61K6*P3EoeI#PMByF-
z{5&sH*R$*gX%eI&K+1H*CG6o5IKW3V>VqJ{|7N?K_kFOa@B=;}CN_q9zaBbOROHcU
zlcLy%4rssG9;W2ugDVf?0*s7lUJVrTW)o@Q7V4x8?2OWeUms$X>AYqMtw~d6TfHF4
zyWair;n<=Mn>C4tNUBf(WJZqr??FEpjQ1vQ_fnBEv|TYw_V&8RvbqWfGClGV@uap_
zCbR^q6tki8s82R&R~CWjK#!Y?Gh|;^J;YjXosdOv3%rXYko84nO7UFd8LI-~IcTsf
zVudVHEkEE1lc)UKyAn;*c3h}-eh7LUUEtyP;PK%3=etzosG{s<`xW3a>hjQ<7nISf
zM?)(WUI>RHQnRRVIQb|Xv-DIcEoe|xj0@yDK4n>3JNSguecbG1&RsiUB8E$fQ2%3^
zXu2&X3tTf&ekMH&;z(A$e-|UN{pK<z^gibPdE??!H<J*S%VFi)Cd{su0=Lh|$OsI!
z^QHo&OdpEA)6)CYzhEFGJcv(5L@<H9G*$~4vZouCB4%P|qmC!Gml_tfpzAdg`LEk@
z0dTrgYo13y%l7iPaWiUcCuGYzFQ~gC*s>l7i^Yc5r)mL<f$*wZkcEQo#EHr|M;kEs
z?`qIOfMy1rZ~`v@uw1}&FyY@@gz~I!Us9YzbzKRL-rp%CDGto34y<vXgECUo@yOM|
zp;|k*LcK6-I$?ITCOQVC12P{{SH06FF|^_bY3A@UJf-K2p{mUG527y@ndaJwCb>$M
zjNg5Os_1{Kgw*M;z$(&<(jb#XY5w2_e{aX^wdk!9kjJL@)6|Ud*G2xERij7n*vl^l
z=YrfMu-vtlB5f@b@Oa>uu!zSz0`yeUmx;O236kcR0wSJ4J!2*&jJ3{#<TAE!Xo;$*
zTD#Yz&+ClAa`!4?*B07K91^X^NgAc{CdTa8wcfr*2ooPn1YX#B5kvpX+67KX_@W$3
zA!`S9Qt4*(o^P7yJ9mY!CA@;D7_dbHU{I)A-K1o!_FMxaLHv#ZRM~-PNSUr=VuIr_
z1#yy=`jpQ>#ng|w)eR|6<o9<=S0zd*tYphg*r9(ER~7>I&i>3_p|Ah8T`~J^E+4ar
z+P|IQp&#tLbq!}BlZ~vv)9`DmhJS1BN*PJ8?rw6i35&_@7%XmLySQ9B|Hk|R{g`zF
z1nT%RxO9_pHE4GCa_TxRJC5nFZ=D%_%Wbtg-<^MLUA60-&0^T_S5Eytxsi0vA0o}2
zXEi?Lhu(9DC7y0-ISQU?m^>lFx7S%HQ)u;W>~RL=FNA!6g^s6MpWjafnTyt+*&*AY
zwXJ()zsQ{0Gl(lecxf)Et=f(}&;vK>u=Mo(moS--HdndB#|wLAhh|GFt1_M?`(MFc
zrP5II@%EyCuerAe$jg<x50asXXgtXd07hWR%Nr9sOS66dJSYbP?i`%{oYhs#8w{b*
z+78Ag<LW&wy_5t+Nz1NHj<IcmO|%f5h_r*Hi+cq3icCdEO)a8!BFHb~a)6!F=r~db
zT8D*;@7h`r0Gq$Qd@4NPywcwq5MR9A>Q@^$6wTA=;Pa#Yqi1Vh+856Pn@Td}hGl^w
zhk%Rm-pPTKeI|mpMjtlhzONmoxlX~F#%0WY1?>x=4t^}W*vbCda<Snn#rjOLg`bg|
zg;Yt2nxIm-&m8YHj(oiGoD9R}!80L1Wt=q+DnWx>-&cTIQ0Z^kTf6VyEFh1b<EfiQ
zjyDony^P{;KYujwxxlF_$QN~vta0u@%k9gb^_f#z*gFz_wE=i+tV!HsHE)m!v;x*5
zUx_Zvg|-LmddV|f2-$|5B4Tf<GXZlO#GU)as$!3vQuC)Ba%5uNmqgru#YYc*d#;N0
z<rTNMZgV0~&z8h3!^IJ>A==<Kr*4V^5C;$6$y?igu=Z|aMj}VU<;TNa_oys&Y@S&i
z<bF6#zxnzt)iq^%HdC@1(p=t}emu47*A@_4xbj|-ME=s>K7$Xuuk}?eUHk72|B*h*
zD+Ch+?5F@>2$3Xve*Eu6yy?D0HypG+;<XT;I_MvYdnV(@<gF!Bn|QkiIt+8nIKj~M
zycUhh31QBKqonf=cdlVap6}4DL5RNpwYZtGnIaIYiI&SLFOUB7S_e-rk^eVJ3PO-8
z<^!!>ngf-OD8JhomF@)yx%ML-|0T|Lj=sZo0^sy*lgo1K=I7;;vl<TRk<oyz%MEeU
zHd8a_?=s8a-0zDVW1$3uz!ZE+#&H_+xJ6eS`fP}3XOWCsNQhuz72GW;)VG(@=-@RO
zH8J3VvVic%xK*a-)EBDJdbyrw-QCx}Nn=MEN|cZibF)|1HBZ=f*0~0(US*%>xUE3U
zUT@098cQ92kQ2qk0vFvEs#-^q<xUR&9_)HZ4$GAW)CP3b9C~oX?0<e|pF*;dTVH`t
zd0zJ^@w30BpLEHOwS9g6JPB!nx?cl`3O+-K8gDGs70{0S%?Ete(L_BOv;S;%d1Bsu
z==oJB_w(tsg5c@g>1wx-%iX?{dQQDwRc!bBF9H)2#vidF<JsX=tHadMeU5DOv{LO#
zVk990Np)eMaThsk=IH_v`PXvBWD@^aVcDH37S;*W4JoNd6030l)kgo#_%zW58M8+~
zPL1AG-k8VzdH9|;Wz+rSNh8(^U2sp(EdtTL0$bo{AHkSbMD2@?nPeGB9sXRNpB@r?
z5Dpcs4}=tW;394I7gPwGRRX)`C4sjg4;Gp0zTX88H<43TzMwbk?6@?T3mM_j=R0o)
z?&REmv0<E6bk6ghdRRZd%qAOTttUI9I2+|t1{<faV}{=NHWu_w&z0v3L=?2*Z&lA}
zljTDYO@LmMmQNd%Q40HV`7A=AIZ;_i*%-|Jfk|tK6<(g84f?>ze_P^fX^ngFV1qJ~
zo3EI7tUB^V(!cNe^hEE$@iGH!NjD56g6}|lC{4j8F(lbS!8mcu%72uFLN5JvJcjYf
z&m!;l<;g-1-&;B{86{HTQu0M>wG#l|XaN2-isAhEp@uAI^vY@HwEr}^k<br)i7Cgr
z(7y+R+0``E0hmM|G3=8qbeP!d$n2!!!EhNB9La5J)|IeO+rW_3kE~yS69Tz8yzxBk
zk;4G&=!AcJ1wa9&PR}MnA7nU_9v&_`ND7{1-95p<dcq2|BLqF%VrGtAt2mXM#u{^6
zT#Zl~Lo~LDJ=ds=h{h=C7RdJ(>u=xCegJLR{^;dEcQGF;sq1CX=u@fxr{RuG|KspS
z*=dhsmv`9n+v|nj*9*D6XJGS*NM643_)^!(!RnG_iRGsi5??%MzmvNp#-_1mi_(|W
zQ<(lxCZ7Ns9SZ)VXT=j3OpGI?u5iUnpoVuG`qcEfu(%RtN!2yA7uKgo0!NYE$ujeC
z`IozfRsnIaKk(Y!4AUlcu(_>%@iHHu#G-h@clf8K`NWx2I-c*gMO-wTLbJ;Fv!do-
z&u^1wW#04-^1LM{C;mi7KolMlX5I3S`B9gNmL2tI7B(ROpwgpYovawP*7@*H)b!fz
z#ctyD2xql(k3@gVq{ncGYz2kc-*R|N;-C@>Y>IZMn#SGDzC~ZjULZvkSTg9s$H%iM
zWSD)((j_bp6mz4x_(3)Aofpqs_T@;2Rf~`nKyiM3dpf;-xf`<n^qv3a(D+pA4bKx9
zcyU4kyz-lac6=hph0Uc-jC#iV@vuRX{RWgpV}@NkRt|6l4Ch8V^H%mvFuS>b@|a@W
zA8uFeK%w1j$$NoDnv%I?<^qk+YbN^-pk+E|?_5MsBUYKREuuiZj73x|WZTOx&hxYZ
zGKE|n@c#r8oA`t8h+HUYm$Vdh_SbCn(rwMHxqQ3eE!&1%k<rnMfK47W4{Mi1M2H}Q
z{1Hu)7=;n?l<1%qzrTbYEBXVFzliejsqGy1t}e@IH>m7XvcS9`Do@m{RKp0_>bI?p
zt&jRlyYNoBZN*iuZAN<4?=^A(q2oL3heBcKAU_{Ez3-Up)M@Dd`gW8GM+E(X64FNL
zsG0E6eUxVB70*#UQ@vk{;MjcWDkpc^Ag-FJTEw^&Vj+`x&7ocfDVsD@4&P~&bl`0G
zJ?43kBQ7$Qx3ns#E(Ebxvc-L;Av_kVNuE%{KlW^vUiYw!AH7a8tMzCtF(|%Au9iT6
zbd>xX<7UYh0y13g!s+)|x0MU}x_|uyXUc48H9O{v4j#Xn3m$<S878fnu??eBrPGEO
z<f{t`z;~}VbPwnGr4|+o?R8f?&VGI#Y`T2i`~LaH#DR*%YjJD4_R>6>#i<-vg;V;w
zmn@L^1;0G7e+|mV-M`Ay!{BD)$Y1rq?`v%f7*niizFKm)9CFH{{kFqj<OQ|49E<t-
z(`8vJ#D%x$zWmt9Vg2cWqQMPI43o<t{Fct+-jIV==lfhvkGmp;{qNd#$tXFk)^ke>
zWxLK6l9e*w5ItKb0bc{~y7vM8?v&KA)oTC#O#*&pAd9(nytHn|evDqXO5)F2zxiKP
zpZw%gpYF*uzSe@K|H%nIucZ0bBrJgm5-iiuq744c%Fy-)NRcMMF}Z2l|Fr;b5oQ`w
zj86r9^IwaNQw)b{lj%SMwV8uC<k5lK?GqDYkNt!ALyjo5{U<SLAD5zCzs*j!Ws80z
z4QstybB5|x@1S&!(Q(}(Y^UOZ<w=PUPMmU7&SS{x0cC$fB((Q}@==GmZ6e)wMvqDX
zN{?#hr&}^y!>t`?uCc7f-kX73UO~DF+n^4WLUU@-Hfx{N$8&zqq9u~8?E={;AUo-v
zDwT98bC2jE>Ef(BZ(`2+Z`z(_$2<LcFA~jL>m2yo&(C*cC912GbU!VVBkH3Mt-)q(
za~g;DLMymZ`quUA%Sw+Vn)p&?J!s7kN)V|QK^e^roH&KE;@jfJ)3-;jX8dU)v?FIq
zAQf)@q>gjJG*?aMrp6qSbQF1FyD&dntGc-GX94~#7zZ>%Sj>m-X&4MY1VW5N<-y*i
zl=fIXd@Ha9DqB?r*J=PsHyJ@^S2DpA3N`rR+^O}jE8$OOe&8u0>Xne|iFrkrUZ~aD
zi`y+gFbnT{@!fUVI@j|Yl-uIvHFEU{G2`-PCxDL+Z-OlvXh%qROu$`keUUjWNn#zh
zZHOPG+=Wkvec~1u74DA39oO!kk|sus#}p5wmwL2c6OqQlAl@tf#Jh*{O}FAYf6e8=
z!NTXBPIA-1A+TfeQ!Wn2=8w!JGYO}U+u`L#M;)1`eFIH1vdtxHWA+&0$f<WHy<j82
zh74Z?1|6XP+K~K^jBjr*ThG1G?+!Bmgr@mJW-0@R%sotlQlH*v*jietFh_)RJKayN
zi^I@Xi@wK+mtEY>U7JwUh1u;gDDB0?!%yhDw+{cJ3X>1{AG%nTd@xP}+rImY){~UG
zlEck4-dNPxujy~m5m+L%v<zBQQd%(i>&CB33U}V$6;843-(3B2yb095njOeA3;0`?
zDt0`3cL2p(@&3>;dF?es_^g)l1G*J8n4h-E1;x!z<rsA~!-vA$_9S7onQBVMACiYb
z)6v;pKY7m#f#GAqV0JEXr8zja{?D%l<(uPvC-X0S{*Z@c`lv5fNgC8`e$8+Ie4|~@
zQJE8sWe#3l7cy9J$lVLDlj?GpdmA3`>l)ZQQ#|fTkW+_DPqfxli|jq_ygJg|5^OXS
z9~m8azWyxs`geZC%1TZKr1PNL@4dTRO~T%$*c5k&+uHSaM#RLQsq2#Guq(Era%dD#
zyBzv78~`La+~*DxTfBYQ(@M)wCV6Za)EkbOG){O038gMSx7~-$?xB9$ynAaxD&8FJ
zaBO{>g054^e7Ee&u+W34_SpB_zu<-O32>->iFo5u?`fBdbSHyi(vLN_+OY%ENa_+E
z0O$4j?QLk_tA{%z>b_F6%V`eXb-KP(2Z)Yl0{~K1DafzG!_-zosg#S`HWSynylM~G
ziC#y8!U5UT{OwZR(%t7kQM&u#Ff0%h!=A1z4&Hg<@ew*340>8Gu_QF5a6Zasli%~~
z#Qu{#t0?QN@xK{I82_W&yL&z8K&}m4b=||b5Sn+;?Yrdv`xoIgEjwR%c>=sVf;&?E
z!cSLO`JO;%QN3<L`g-~a^-nztQOvi&mvOZ@N4xSip?{{nPOmi(5C%Fc&~sjfKe@x)
z0`44GN#QK!i=mP&(+n*gxvTG&yd<P>&GmZpSttWLUkN7k3raC?`JMP+P%e7vIX#Ex
z|244<d4+W>G3MG+2vnkBWcb=F#o126hH5Hs!`2E~P)6#5X)t+?n1@;SdLDXfb>Zbb
zDj+WRWH+#3T82!+5M$cm<sVvL(|U|Tg7wl>Z&Fr%IiPKP@`uEY^@N+$0N6d<UH8-L
zh}&-TbV1c_T=2BaW@Xbo^_-EqF<5)yecU?)N>;2smdPj5uI4=tpBdv3xH8OI2%8g>
zT8K&U`#wp_5^~d8yEJ*Yn}1aRrqMSBo72&=m>6P<^L{uR-dNh&X|8mSpSIJ3=}n0(
z)hGc7v#5M?2qhk?38p!H-qEyke~a|D)uLxGNu95DAu=wMaG99&a`>b($;tIx2<YxM
z@2UEzg(BkRcX#o3<}IF465EW9AIuXc^Hv(4=z*MRpL-tQ;D92aUS``$#DuJlX+Dc*
zD428?{S(v@D^<t#YTKx{X!_WSpvu~6UL6A!TNgy@b%T{dNm^!$G_7{kK@O4QWIG2A
zahb@Nz*t^aP5bPRFQvAQ-}InHD><U|iIUz=RjgJIF=A}c8ZCM@BF`VRskoC%_R3lg
z^pWbH_lrLvf4*zko66oZvs!e(6TuzLk{YJez-1jp1*_kkR&DsN@XyHmL@3G~oC=QQ
zN|%UvugeNJ<k6=5*5~74X5_4nN;j0Aw<@5VEwsWh+-#PbLt7qp(tXJ=K!Z_%hsEx5
z_hR4^xP`}pzw3hPqx#FC`xe*OdC%XQAAyGk$u=DP83PyhNe2s^q0A%xhm)CpXkh`X
z3-5^^U5zga%!A)E{;Vkv5%*s)zql9Ohc&=>*6{vToTJyxXQngay3EhLiwJj5)-ej=
zlUi#ppHYtdT~$=rYZF8ENXg2zoT>d0kaW=RMz*&jJu_dy_ZOduTWJeQ=eQFscx>T$
zH-@x!aq*S;qY-E8@@Y2K5BrkC5G=3~*31UH81uuR{co#8x-G?5{_l^g&;Qw~cIH6!
zU`&v7EksX97^b+&YgX$vZ34rV6LOq3;}cJ{p@7TsK4JswSmC&Sd`aYBUDAMRcSNt0
zi!kn8#;1xjzl@F5^-o+uwWE`=u1gxez8_^@!H#PR;|F|1UFM!s@4Xf`v6>?p5_<`k
ziJSrc<z@UdKZ^}Fw&HVG7?omv^Yh^KrS;D>I==n7i_E!=rzL(GgKYD7829Z*;J%F{
zKw+b>@4(T5713Ne$2sTcdKRg+WPgh7#@+0(|0+#d+GnhJ(9d$rTjnxPQoU=Un}HLW
z>EAK!CA%)aX7I>JuS7+UI;G*57Nnyep2hUr&6ti5SG(rtvgg9j<txSa2S`Enja5cM
zO`3kl_Ft02AqW>c9R3TRj}L(FNomAG$5&1dAV47Atm4E@PrW-j;Ga2@WbZaPexF~x
z5HN)TV72<ownC3>7XjkOZxj%S_58<p)Hv+;KGCi<g8a$wL^jS{**Y)FS2zKfB&1dn
z<=^T`0Qe_rW3?Q@LP$h7K(rm%`AW!RmeUkwDE*>RPtFSBh(n%a3f~k`!xl(G6M?R<
zfp_#5(w9q_Jq4I_Xb`5r_y1g31H{tK3oH8(r>nc+*s~Ak!<2il_8hJgo0ngM(zrw3
z@%3vidox$vfIUL+b8^I_CV5gZqQ?1`vAT$En(4qU5cHH`dtG)(hKa`XU$p#RE!*;#
z^{QV;=YnVJimboW(yQ6aS6gDRy|jME8$G{!L<B>BeT@M#l&?~vn_>=2C|axB_K`$G
zI5gzrS$41$yCI>DZ5_^H(PmOxS|+P2!ZVo4be@l#QrUj%uM%Hxih{s(Rdz$jLUXga
zYlfMQS~wO>Z?pnA=%hUN0?r=)q^WB&{f|>w$dri6`IyJ)yH_Btwr~~wubJ{k?W<>8
z8gG4<<Snfm4Dwy~5S@E7$&8Tsmq<@!i)R&L?Obv=58=RH>Pa<=TEY&`T)gfQ@LO=u
z?r?;}n7rm(atpkY=bF8C{z%5O&S2u6f!t?i|3vTl<!dDm(>z5?f9JRqk0JIy*cjp}
zJpiCP<PMEEx}5Y5Ip3{m3FKi{bb*&=C%_fI6~_1NX}-VwYVA`xbHx2PX;H_wkqtAE
z(Ex08*g{RWZ*@|0K<)eX^<c^MHK~>>An(X>DNi~4%Xjjx%83aKJE}is27YpOFCfoV
z26TjV?0bp+KknW-tgW@%7Y#1Otp$n)*P=yN(Bj2{ySqd11(ZUIyF+nkaF^f|cbAY*
zN^uBKtcAAgq~Evq-RIo1@A?1S@jS_xugvk<%sXes9OE~jsR08saHBb|p!wngFQ@L#
zK@5_2c--8E>9y?bY919GYvkC>Ku`i%v?8EJiI*&zS)LF(q&ilfTGwC!3)=46p;S+8
z=bBi_BSwL#lb{M5tkG+WW>zXOJFOv2XR?;K6~C0-8voV)53!NeDU#3y2LKq5{q@*@
z^6Tj%A(6O9ytiC6_ykrBX1R(6D`*pJ++e?8k-KUM`%dp7E5aVh{Z2j_fbl9K|5}Ak
z(4u3lXAYGjXBN;I5U|-fq>CN?9j#5!S5h{xCB&a&Vq{ZX-`2{G7!G>PapnV0UBsr=
zqyu0Ho?h=r|N4FL7ccz&gTVdu{CwX7nR8_P0DDNdR<Qc``!Cls0>6RpU2UsupQV<e
zf0s}P$;RZKU$?hb-K+bJy1zh?pJoVeBh2c<gIA{>ETIcnUUPD8330JETqQvfRgSDB
z1b-e;Gj{#X$UnS(OL%P%%6jkg+1v1803H89%m6pXk)<qxGa?o*2l2~_$|hAUQ3pWv
zSHyK)@1yj!Rnoqjqthf5>X;7|2HmS;e)*mOC+PCIx1ZgS%+DiI*PK)Z&|cr&hy4iu
zyLT?}^xi1%z)cGI8%j{c4Xqw#8mT13G+v^6vZ)EaMtx|HZBIktpIU#-Ut=HoUht_<
zGgVl2Xzgr|DD=6lm%(O+G1xuX)PJ%^i{r?qnzAkwj|4##h1K~|oIwkb(_ObDYL-`;
z0>Par${?~EvtuYAfH3DZWgCg#bxW|i=P|Y>O^&HanTgGD3z{vL^V?`|Z{XmXF<2z7
zL&U{W9g<kb-5o~EY?d_e$t!5nGoGwNBs|wmW{%D(IFi=2Pb^}Z#hta3BLmM17qYTK
zJVgRGzHY)`;?{OV0h^U3U6q|xvj}Mi9^An;3C3O{d;8pG@0k+^X((!cyPU3TyT|jW
zQwuTd!n)t!K|R&*306mkMIg-ays%YRQI63~uKM}aNOb8dq~|ly#tCL(YsPNC(+f;x
z@@I;xZ=`zx_rK$Ic7jp{6MyIfGpS`^YC0F4Cl=r1%<2bPX$&y~bs3UAf3L}4S>Nys
zivY*hf*!^5n!-<OKd!wmZS%{?t!<SmB4{msz>AC~ja*__T)b$^e~`j*VIuESDUGu-
z+UQt7X7Lmbbe5&x8m!-M_q1BvnuuKv@%r9fv<l)ZKJ;AmPZllh2mbKys64PPnhn1l
zsOGKo<IR0xS-)gDP;IPzdIGj$VDOW(xSp+Wpy)Vpyn8ae(om++^y}}yU-vtKVVO@^
ze`Hzk8{_uf#;Ty&w?6vQtT%=I9_UbrqUtvw?~<STOYgjT{YI}X02zL}u^H|bDB|%t
zWvFU?TKMvSj$DODN`xH@{);Li@22&G1JZitJpQkzci|U}7Y#L!a(xj>y5#jDlsF`&
z_p&BAKYHgNeW*|&LMQ+)b`<>QO6Np#e87!3PtBi=T;_k~B)*<%Y;1u#>5dNQKn;GI
z>1w<w(h`Ur|N6l3;mGP;rCV_<YzWV&J$y%M!dtszdjGn&oAWCs+G8_vg-DrD2}lhT
z3)qo^9CS0egjCLuy|}IOJfkokuc~z&RsV~BD)Q3FtF~~4HUG9$EBMD7#jLZlyk*u9
zi3((RRqK{{&T0o=G)PY6i@=yvbz5;c50k^vS%?mc#pMagKd`gb*?&{t4E6*eA~3i>
z%p|T}?2N6}*=|f;AxfSLjebEI5^brZ94c)SXxA|=vG4Zb?GL|Iat^xf+#U06NIKXz
zE3?$7&+*%JW_NC5Fk6S18>-IuUetMt{vwEp{6dXbwE4;B-86PwdJdOI>1p!CCZTR2
zAdO4)IZZMY8lXQe+{zs}NPNL7CA8tkO^F|@b^eq%gmxRXyEi%UE@4n4_?xo*^>n*u
zQ<W+$=R0d$`;)Y<IyV&0IkQ+wgR`K}?s{DpVP?k}R&16M`&mBPui|k|{lJO}q}2Yl
zQ1E)Obo>uRUgj3R&wP_5P8jI`$KZ*;4o6qv3aFOBxx&*dTjhG!8UOvyX9aWOgY<Z%
zZ;HD&#DXN=cq2(=P`)Gl{_B{=WHZI8WHvputz*;#;tW)FX)ILFg#k+PI)E6_Hq#lV
z{>hZRL$NwgxBx8;IL{#<;^3;|c)`XhucBeIR@9g)?eAif?(4sCc6Dz5s%;^VD<u@D
zfmm<ev)~4ee*4k?7;(|XQv+b6r#ASrYZjw93v%+CU(pZv+COsn&{}k)k{!9pSFiie
zMl_^5tBB_N3%=nQOKTBdFcu_&t@^?ak+=7G#gT|iU{1uLNZ-7pT0~XyX_@Rt;916q
zEi~rOUi?4v)Wg-@ZxuUJUg#jr%-Iw@XT`bC!y1B^L9%z>gBaVsU}sMDLkeVsL^vrC
z4y-N=o$_!jOugW}nezps<c@g)wJN(gmyCd$VhWdM^kEAVxfr5(2mRyo48;b_p!{|{
z0(t`jqn?>1ZFX6T2Jd=i^=>t+r65qDg<3s*JZDPf^&I>VH}d9`Q5)_JU-NU;fcrOl
zj&wS;r@`m__PZN4VqQ)>b?A4mOwJg*HoZs^8U9|d23G5Dxc92BJ%2}o<2d(be-kp=
zFS;Me5DM82Jl|mo#yJklS%-{xnk`$x)w4pTl(yVdR;HFA3bokmeB7b%R&7q{-8M-7
zOoyk&he?zkH>Cors4Y7O#h>3SF!C?jTyL3k*Z@7IHf{WGEJ_So04^Nm@ee7op<?oI
zC+iq(`|;R#&5DmZhPDn-`FT3mCAsEiu2LKH*x)5|cG?(;j>NI*;dIFrgJY-1RsN;m
zFy;)~2V<pC9|9jV&|#jz9|S$Q_;vr|*Y&T9_3`Pxkc<AGS3khuh~FS%c?>A@_h}&X
z(V*}5@73F|_*k-GigybD%!gyIoew+ftJmG@0}XC{ZpC4bt)G>xHo?lox?pMp!aDNd
zziVXiNz049+C?+l)b(`LBQY_0{)zZyfi_gJ>n*=eA#PiJKM)DRXGQ~~0#h}>Aeu9*
z<Che7HFSU-Vtkj?`u(5e6zZvH<-@OE1K}!8o}GuN+lHPC)U4@_-1jH92A`C5%pSbv
z!y_8~SMGnotmFw;^);E9*{%L=oKD$^u(JAq*77l0{Jg)r_*>R*XFq&u_7@;#l3G+W
z03$BQ6_cIR^5^E4;5{mQRkB!Y0>R>e@ZS$NzkkclUYws|w#pzMcjC&zAD|y|p-}!`
zZCe*bnw|Q6hto?xe97^npJh`;;gc~dN<A(wHw1>C?IBa(_pRSnw9q;L0M@K}cbnUV
z_>S4WOK`1K=wbap|2w5<1p)vyc#c8tanTJm;AEbG@CccgI0}7$Iz|F8?Uy-sh4b8U
ze$>S?w#?w}M0j~@`Z1iRtF;}&7(~x!CYxFd3l+$Ou|>q)eNz;B5DkgvIgH|SusJVV
zn-P_m#hUK=?bNT;#3*>P?W})-2P)fI7Tz=oB*=?(9L|8b6{UMY7<i`c*n(GPwvG!z
z^O_~Nyw{9vQ-CX&zMUiD9_oI<J<aFo%RMIB$Q1g5arZq+i(`n8qvt8Vv5BCExwyEC
zO-UQCuz?~ahq_1LmV2LcvUH%u8w%7Ey+p^6f{IyiC#|T<Hu6|&3^h#=EGuhfnI|A!
z(6!jJPuZ|8u6LqQKW&fN?h-evga|YjDF+}}RrkaYvxtt3k!<kkdUSMksL0hpE~!M_
z8RgYPms^`as(#pfKvD4LICBzD<Z>Hj*m&Mli5Rlh<j5uTbUUEr9C8A9v(b-vn094g
zT;-yPD?LB|aiHbQb!>d|e#oNJK4DJmeue&_>F0f^#pMG`iXX-}_ZKcC@PqYE4;%Nv
ze1E&Y+eJTphUCvD+dtgwaHhkinZkpr-KTPs!`|RUK<Dxx*&}qb{PVWZ-jl4`{14_-
z_mF<G&A)lKYCpV!=LK9B(l0r!PMB+PYdW~@F&0i#dhFT38W=Q`1#I*l+=^6c_xj7M
zb|n5b?M+^MCa`t7dJhroT7`rK{Yt<4c8Nj*{QbNT*1zsKl!J(MqrO_A|EmN3z!m@5
z02~ORf9~Y$nLIUrwu5XPG@c$h|4*@^Z$-KiIFrKSv3KrX>UzHadhYgoAlPpw;t~1t
zaPpSuou(2cDH#YmTJhE3_E7j$mZ3nJq1sbt$D{2HN(lJyZ%1%OVd*Iz_zT$!VPnn|
ze$TAkyquK}?v(U>M#Bpu)kwKZIp*(jQX&$99)5E^Z8V7M-ZB>JbxvXdQ(?&z5va=7
zKJi9gdU1`uFfo!Vu&npPCumP&D2{(8*H#(kA@oAXr*{Bnt3^GaU)Rn8YlSzY(F6Os
ztDmZUw3TJu;^9@q<9flVVeh(A{um(oqsjYx6Anxc4Xy+^QmkcS^8-hfcZ=tvl`|yn
z6<?i?oXcD5-<fN_C4Db<GZsIN(?~@I#lpVSNyj7+GFEhItq9^Pkn%5(G9ggMy-u}!
zf=}k8ov%>v&CKUR#!f59<XTQellqxNUa^`k;~jvJvK$A)zJP{?QgEg5`L46}NO`N-
zV&1w^ninrFd#)ahBa!S0VXT6-e8wcP(D_>uGG}Ch%AIkb{DNYCt<-Lrh(_yx5&S$H
zdWfjM5DDJCufT*x0?_Ewcqf0BXbKI1sJJyRD>_%&ef^^w!{g_DYp24Kie6bb?0(yG
ztj`d95vI0NR*zculZ0Go^v1VDYYag0kcX|nnZEY%fF%`2j_$etX6e&Ws7KVvLtRRo
zTP;McYS|SLTVKoW+|Odta*m}|cPGq3SQSJ-NMF0@XH}^Kq@+%RBv$gPgB2O_XY9D>
zBx@WUh%}>J({Riv`WHJy--b+Y&k(ImQRVGQ!vuq0%btBokx;?Dc+LHFSz<(kf`&|U
z)x@K&Lw@Y|k;1jv5X@`G(__|t{po5s2`*Udq!IF+!DMa+pC(vB%{K0R<@x3L=D0=3
zk6FKv@BW*kBH3s3zOBMwLl)&`?-b!mqgYE7YA~jbb1-EfeU2l1c=pq`%Mjkg>HrfP
zKz>_MLWLmD$+u&egm4weS%cci>RSdjCQe=n2A)^>0IBq~#fPT#^TR$SXbrFojiezn
zqisD5nBB>jOr9g<A&if9WflUE-rhW(p59;eLC|gk^QUwFghikoXs?%keHhfl#rP4j
z8u0bg?{kT!ZBj32PuRPBTPSWikRr_{b|n{$OQIul|Cf^t|F1`+)8D;&S+zTHD^^P&
zT!1i!*X#PwfIiNKPVOe3i}>eP#LnC#$p@~i@1Wdh94@HbeUbAcL%`wsdG4>mi{Jr)
z>v^V*zP|zQKpvrH_Xv1P0z>gPiE_{I=3mFhLNlW;bTwC$(QmVLRl*-hV88O_|8j#v
zE`s+jAc*tRi;KAd*WV`qTSb7|S0*80?0jpXp>fH}Vz)R4U23vKeIfvJf4`O6;l<7e
z_^;jz)4q#(w;aLl_48FFeYEpAUWMRx6G>96V<HKwMosOzkettwtV?OBc?xQg@w6ZR
zm;f+GtY2)y?jAOGOx8QiejU~}PT#fvatr^8fse`T=H+@(G~iWa*?E2ROivMn`DZ%<
zQvRsBj2jSS8jSA{#F&lteu{2wSqZF1TEhS-Kl-9VFIG{m!g==nYFkZNX_i8B2><|)
zUGtsGnf-Lw`I}VsulxbVi`~Mo3)!6x=<m-&_N*A-@NmD^@7Kp756|7Yv_4f7F?GtH
zt%5L100h5oe_cc%gKr1I!w|?1$Oqm#u+Azqm@on<$1^9(B%YD(B}L3m%keS@9Rzq2
zb#S>&Jf~Ss5HOixZIe!s?2<f%+6yf8pBka{GIdX2Xs8En$s+t<wY)v3$qa#R(HLB5
zftPyI8p8IO6*JMR6%}6_{Sa_F_rAKU=h7CLa7scWvcxa%v%8e)xC>m=>SsJB(|aXZ
zBtNf;Tfkb)1oYO6VviF0JW*R_{*k;Qyuxb4dg|<TY0c9rZ5rv6?7%Omv}yh-S7X!}
zU#p2}WfKu!Q?@W|fkQ#p)8`$%+xcq50G${1Gp@D?Sboj{aKAv!?d@5;WkM99+6O#W
z6zAf(2QhM$g69Yny!AhEYe-*>V8$nm`;LxBF#P<5vIdWti-v94)~xL;mxjLPgl1*7
zt16YkOyYz%B}-zNtGH@X{Md?!utO_<9<Y+bm})bZPMqr*l@d1<Ut2Z~P>Z`jOrD#9
zj%y=BmxH@3JKjM<Ohm&Wdn|)v6tDqoQ|8yogi{TRV*x$r*yuUdq8*eg@=W>FvmIx_
zBHS7Z?_Jtnbm%JOxobsNz84a1cH#agTFIxSz>A@Qt16DeF|48xZSSDf(vp`Z?&6R|
z9dE15tCgNsqN=*6szGUM53&aWHq_nODPJfGXDVk-<Y!iB>G6}TRA#PxbWzRFduOKF
zs{2trKC@X1za(=hOO499Y%wc|tC_oMgkw|P(Zse&UvnybS*u)AZ>5#c1*8|BKi1>{
z9EzVZfQ!~c<KfEC^!l=NE&GYmHp7`3xNw4AR?Voc^VX+{v90&4R84e|6!LP+8M|LV
zyMG7n5)=OJzRNQ)(_O!Z#(ahjZ{u|7>c931?QwEa>`Pmkvcp+i4Ew&g;2H~VfL1G+
zt*Pw<tmV)25qpu!1^ZD<ZapmKb7Yaei$kglT=Jw+%8v{tRF>ioce*u7tt{OjsojE(
z!UQHyZI`6y+e6~;T883=DkCm^LRUZ}I_#MB*qUmE70xUxO<8pLVvZ(l+<E-PeYHY}
zbZ?#8b%k0lFO}&8o=0=4&cTkc4wFwMj8}32pb8<qI)xz*UVL3DU8-~z)2W`*n`AGa
zQtYa&skO6B+AiOzH0at1DzQ(UFlUiyB(agVp}vOT>|=q&L@~>~Q5vJ!{+5W=VHN*z
zin6!b<*b5xTpYk>2RD2i;eV|ArKcdIb3<BncFR7Wy+<;rp7n(({wOY&i`OO$w5nvF
ztB|GPTa#_XHy#?qh$`MX)?15iY<>}{UTcz_g0I4B;E7e%<S&~b0X?&uHVFV_C3T#C
z46x4)57<B3cYIgVd%-(vBV?4fK#RF<RX<%n&%EL13sKsAe$kXjDzb`=O2BpWQWh@u
z%=6cYm7}3i9+ci)0Q()Z)}&>b>!A=PHUv$pqFjNAuU=W+_B;Dc&a>f(=2XelM+bRT
z$YpRFs$Kj=^q}_g(bV%ibIDm1ui54EO`sd@0a9sXOyyoZ?xia1g=Z~A>b+;`M|!q}
zNa<97eFMd-PpnZ}N4uBr&!h`xVoNd<D8d$RUXyC4IZoKKfuhxDtKDpRSQgj5HY=>r
zhwjl~HWRU_K2u{$Ee(HyUHig-jcp>NH<_bPXeXDhrq)yTzEEZ=9=Hd6PoXIYPP4bp
z<*}DeH`ZtAo!gS)i0<+o>CEX2yY*zAA~j-s?w+9W5nDN*S(nXlRqvJo^vyhk=4E0o
z2l%Ex!Sc~VyI&>@ryEvy?8F$v)uy>{tEYQnQHCj;nyc;_pHR8pN>-Aph7A&fy+|5^
z-x6S2AjIV=nEV@XUtWvk2wX7PW?J?vy%(J-QNw1P02hHZYQAPwBd8rDNcBXcz+>IX
zTe)vK6>>k09s)nQZPjKXd(DwOyNVTYFrI*b0`j+A<LXt}bV6@~m8qgc-_liZ0lCTu
zjcO^ckM~+zy!GJ<WWGJI*OG3OA`<K&7s@ZQ_Y^W3wTu^56ru=SI>}z^vrY=~=(o?)
z+*(7`I79p5N2jX<r3JptYtfq~>ZP9axW`SpDm$=x@w=t}^l4V#Ev^5g&0Z)=8dsNs
zABH8z2y~S2K$0w4(xy}RSgOgm0UykZkzr>8eDLST{btHrx{vjNYL_4kxl5>gDygoC
zS@+PjZ^!o?^P%}Hk7=oQ*Lwm~BHQ(p#v<Mn0TixH2Hj<C7Kx^QuBcnPW`ScSH|Q;A
zqmA~#j`XgX!snOHykhf%p`(5&9+_Y2<$<p7_T57@ubRi<S;Sy!AxHe_#Pb#G5y_K0
zGvT!_XUou!M@pDpId#dkIJKMRT!vGp@=O4k*KzGnD#RRo%8$S`ByB82cbpQqfLlPh
z{*wA6>RZt|sLydTV$sgNSA4zbR!i(c&Rd$~r(<ch=s_Q!#0jv&TVMe-l1pt@aRpR)
z^nDwU7_2+<g>jJaUV6*?>vkA1wV<h2g#StC^^EVbWPnSY{;up$#u=>OY3y5hVxw35
zYYT7ri$nt3;XU^O%0=e-6VlqBH@vz0A65BT31W21@Y#W2LS_JF(;TMb2h!KXoc*6(
z_pM2+`RNbFK-#;fn&{OxE=LgEXb@m6U*@{BC+(){zBPqcE+#iKr!5PxjZr3wrOPxt
z&zci4V|izlrek^<3k$uBBs*IU0o)YpDdL8(#dZ1JD(`^mb;L2e6u`Mkn!hF|-0#LS
z7*!_w<t?{rrjBHQ(q5to&v)Z0pE)|Zu|~6^^$uz9n=f3C;tCx!ohB$X#Oe>}QRDa*
zGH=V^2gfFzZvAa_YAPQYxR&sBu1(b8gF~{FL;-z9^%@JR(`JR<Y8!~l9`cGlCoybi
zJ5gz=pX{<%%d&y(A0So<+KmJQ^s|pHP`CTQqvDQFm^3_%9g%>a_lI)`y__f2!}n-!
zaDJzT&L=N`l2Ul?Pdi`B%5FqrGl%>vzbjQDTHllf9s!~lZ&=HoyOB_uMJ**%z0)f=
zmky@ffRvaEHYV>M6-A%6mutm$iCU-KlL^H*w-5j;dR1K*NNV1M!%bw><u|D3f*HT?
z*vPs@8Rs4_E0E_P#?!@FE^~T&g7m!8=Z#Oxbg@pBc*nr+Kv?r0_~bf7S78*`-~4-a
z>oKznW)9y_?w9*L&9*xis|akEC_sbPfuK#R%$XJEChslw4Rs81Y{yqZCSN~61CP=g
z%{tVn)y`zdSxP8G2{3fxYic=a6x!CjWQBDlo4WFmPd`JpA`HV{O^7-1W2=1)U=ec#
zFFSY-14D<(P3g2Dj>tSef^Z{=Cy0xbxaYqbU#y=op7N9si2pKCt#Yh=0T$_V4rang
z3kn_487)wlz$&|c6BF}m7%8pn!KwpOR)4ZZ9KSmEt1tIv%h=BroL)H!f<H59#(N|4
zipv)<g8<uQJY6HPAeNA{h@MuZY)9mQLVoti1HNB<i3AM_hX3dsIqcgDD?DxU63gH>
z`;y6kC}<i8ROP=p2NaZ4)rt*~6j_%sSZWAg<2fq5Q0OuU@y1n<HuMCa5HTFfLL_^X
z()AS85<WeR$K>CMS4o_yTj5@HKOwu4u}8H}c$*ADI}M%9j!E_C!1yZE8WZ0?Q0N)u
zXfG%gek<BIb4tG%>6hp!kQ(EWra3y5l<zb;5iD38p-wbaYEylss<K^4)9g-4q^I6M
zs%SRW%hb4lI>SFLh-=LerzBwV>5kE*J*{uj&SjR>zzBA#C$u~TmcJ{hI%{N9SMTiB
zN(hr?^sj2UbQypEt8(!NOH|pKjlb$v6_Kf$<S;P5<F*m%nY3F~c#M^tyR+}FFUS|C
z!;bOht2EUCtyqF&*3Hirh=w%FP7>Wn19|3{*HyaxN(4XHb_v`Eb8u6zcn+N{@NB%N
z3sO;nO`T0^Lyz?wbe0xswMq*NUktvT>qn|QISnQuQ4v5<9Ft3rtnSeqRRx~vQG;$V
zE<!3dL{G>S5R_WV(6=p)4sw|=^X=ZP@=W9>E?!1>)-u<vhh;${$Hg1{<IAZU%9Zej
z29NNEDQ~>RSJR!KM-QdiZ*IP}?TVY{)$^u$i>zlB4K0w4#En#lp<e*XIPI?&p@OO_
z<ZRsdI_<FxTv0CR{)tDR-T>kSh38Tv33R{ad5Z6(zRc~{Jibu6ecrQ;vrX{kjJr<4
zsXDK@=ljY2>-^Jo%4tM{dW*bx{&E8`oLcD__w#D=$B_N2Ij(m5Y?GyYJaV-4kFJu9
zQl7UyFj}pK-kcq|Pw29$PsH91>}^F|fGsgQsAK4pmz9EZK?u!b6^2Ty@HVE7oO}#i
zfx3O>aLTjbNA+~<@^!G$8=6ujp3)?ql#vA!Iue!Hos2ocM!3w1(iI3mqHl1s0b)<r
z35vrcpiv2ClYqRIIh}23Z6JKt{ZU1k#gqQt$`4l47nA3i>=lT?+zlHk+3O5>drZA9
zh~=4?l`S<<B>-EOnbpV^W%o_KdjXplr5Eew6==9zyO{kJ#yyB#bUpQp@@V)O6P^{J
zPM^XUN?ZnFeon_+C!`tmIlK<sOW77GYEo=DceunhABLRbg7I-3NG~*Tj0bK_IX_o-
zZe9&ljd8#A4k#Jggd?i^8cNDP1@50?2RQJ5dPHi(H$^i)OEA8xWD{MbFqN<1-IBtn
zVbtroaE9)V-S^Z$)KH(|`0KGvabvRB>nLT6Ka$pB;lGZH+4~Y1`VC2V6w`r!R;XOe
zseY@)@ecTEe-j7kpI*6Huf!(bNG{%12PAA)&U3a9ASom}bd;Jo_?UFx`*M}7DIZ)P
zCE;T$nNw)xcCN=Uqy(MrwEvXkp(hVavJm%Ze{+}tF(ie%2823Dm_loD<W<%p70Bd1
zN}m_Ix-&6_kI`Q^&gBSFubAFg<(};ZoTP{+m*@g1*9}yey%NOYla5YclF6-aD^0bC
z-^iwU_T-tg*Ya>}9;V?NrWvhE<3Il!00@D5{XD5P^Z17brYMB|FZ+KlVP<kGC~5&_
zQVDfLh^BN_R)CcvSdN33AOM;O(I6~n0?rW4Orj0n|4qREJos;Ty4s&iG*k}|m?8Wx
z&A`kbrI(rr5C9|^1QMXnP1hU*05CzR{~u!hRQXT((<D0CG6=u~0RgH1%0_cckjS6x
zKLkt#&H(>i004-f<*NNDAsSW``p?XN*ZV(w6QBhHXHwJE(5<Bs0EtEaRrd*BCAwX{
zrvFHwh5j!B|1{67kcp`PLLZ>Nu^a~h|1aWJ*8va^>SY3WdH+>H03i6!DMa)C8fF_h
z1jm06T9<<E2T%ln2|`a`%Oqb*=D$YupXLA8@C>d0>?(Sq2>t*hp;rc&fp%~PVWNlh
z|5y5ZAMEBaa1E{ZC=Lx{%r2XcLQP$?pK$pw<6feJY0w1_Cb1SwF<){06??~)%H=`u
zkxC*8OE3DjMsGqYTa6e%lBYLSoqWB^$+(f-B#Rglm7Ynp2wHtobUL(r=0m=H!bA;(
zw9dt@=RcW?k&0R~-;r4lPsub-3(veTJ80j*GP^J6TL&n*e7<N~X4veGXbehKD6D=>
z8ai#pwej3FSx@Q`yh~yEs_iW;RxJ%k=trjfH#We@cZd=)=?a+<hWKEshE?A&O9U+q
z)lLrSdS_E`M6KOJqj>w}3K)5JY3N8O9Q(m3rRlMuX4r+tke33EVG7bHQ(JC_xA`dQ
zUOH{K)`ql(#a{uUc^9A25TDIOP$~O;jMPH3pWb0gS28{Q_;x#czTiAis6xhaFUP*{
ze!hA!Q8%^2#a3zLD`}%F&1Wf=XKxUf<=q<!R)X%E4%pt`f7AughJ-oI8^MQSq_y|%
z`C>AEVkj}uY2KA+eK2Xb^+2Tgz4%_nu#ANPI4OHEk7G&9tovj<3e%*;c_D1}IrbY9
z0)D>^mAzygRYNjFYQms<lqSnzy$sf1t#ZAjb$tU1dsys#RGSI&<0!DwsAeG4&AV%y
z%VJ@I*ebFK$LKxzW1YcmD!KXyUNhq}$VyN$FeBiTQJcZ7553f{*DK>bz0M*%2*S0%
zn&8itKvITMaP_lYc6`ua*mJO(q7ctD-kKtI@@1Wy;rAH>$<U{i#$i)i$Njl{6id&J
zgNmA``QBPDLc)!5OP@Flf1aYY7Bl5mcUy7^i#*kgihX13-lqG!vvK(i=7K1}`!rpp
zKBeI{Rtg~U>wxtoc05_S=s+M3bBStr`x%YL6Uh_6wH<?!ii&!vgp*~2m+>7(IIDm7
zgZ;c0?T#s%=dbhEp&z43h|YikA<=Bk?Qhoj6jzdnRzEk^STAee1buMtj*pp8%;n_B
zJC?=wcHx+iaUGS-ZXEY*ohE@^X)L63nR_ifz5^x`PG4QKbqg9M-f1$dgOG?IjV+S*
zCJM2Ivdl_0z4&g7b9MAasr0JrSuyW{35xjTPFpp~r8`d;8Ig=;U%g`EhJ&z`s9b}y
zkDYH9F7Y;TK@JuH9T%%5bUV5wB#|c#dwrJg_ZI_}imwr&aq$hQg@=p*17Xtp8FP<h
zs4a#!o2-{Z!N}TMlJl>4z4i?<41t~9gJLrbPTktGaZ*F#?lb=w1L6n1gUF4312B0$
zqmOGadHyLw^Iw0Wx-MXYe}iz8wFWV$0|D6JRCIC>U2cy-{dX52z7MTX9YlvaWJYKG
z`5Xb1t-b=3EhDkPp8?9o=+pzc#t}LyEc3tOA~yVye+FQ!L!Wbx7LT@54E@9YeaZ&9
z{sQ`Q3m`W{=a&4t5Y2+nsmFI{`9DW-?DMo7k%W7Rg#02A7#O-Brhf+CVG98UQvA5z
zvIbpJgDUnaUQL1?9-PFb5=vL=1iR;8(DFzClTMVpu7Wxl`YDD>9s>lx{IkhM0#MEJ
zt3dTkYW24)3%IG#3WVtZto2Mz7DN&CbwP6!KQ#})r9?*ugINd21<=tc!2qSnb16mA
zeZLC^a53otsi4&Hn2{xDSqksDukB8CRn=J7sW6nX2=OaHP=gpub*N6MGOe?&0Vd_q
zlaxs6@hCd1i}tHlsdcl>)Ahh_X(8hfse0jt5wlM2ZN?6_45=`vAWUlQ1CvpI&lxCm
z*FFaGdp{c7K2W>96Viv&XLLX!mSq#VXPVB6E`nFCX`~MPBupAkX1Dj(EKa-bkRk39
zDsR4E(%eZmkMB4)LVCi;Q`vUJK7iedW)K#zPCx&1B&@e%Zy8|*YY=hjG<Rt<Y18Yt
zE<Qy?x=-{!?pEV9Me8(JwtovL1;fNV*4h^*7c5eIj(&i-6sV6LNAKUL<E&kN7nD5=
zL;-{zZr2%l*81oI>Z$yR1L~q1?MS0zu=?)j0*5Z%^cQ0Ao*Ka|+mGst*BGlxVH2-}
z!j;O%D#Pb>c~Tnv<!CVF+^<hz@NQ&s1IlyS6V-5VgTXleY80P%zTa7Y=LtS(WBms=
z6L3JKPXl6e>k`^1QGQJEjwU*#AAnI4Bu<4lpCs667SINBdU@KLYE-v>s}nXNeNhYo
za4iQZ0wbk<z{0oI?t0f-r$e3ed*8o)YK>kk0LJ)&4tg<_0VMzibW*Me69fft0nibp
z|2Go!)}g+kS|A2s9nS+Wxj#F81T!ZBC^?dZ<g3WkfE6`DY|L0%7~K1;@`P0-<Y`gQ
z@F_wnfeXNo4<!I+^p%mOKNw$q@|Ll>hR&tB#x_`<Pyt^D8Yv6_knZdaV!r!0fk`;9
zje%p1t)olXjBTLvmI{n5MFz%UI*N>sXDa(^OsSNMn+Dp!)xl3Qwg??-w!?uEZb13W
zoL5!gDoOP<iyqB&DoM@G(D-t9j}Ct0j`(Je^cI?>tTsb2digfvwRXDnazn1IBzKQ;
zkFt#|sCc<yg0e10eNx9DF;C`Ou1Z}BE}gbgdN-9-l?_c}w4OYgC#r%FSIq^`_$4yB
zj@{3WrmUtTDaoVUjXcR26sc%fv$km9y5P~~?g8a#u7In=i&4L;*X<ZJ6|dl{YKG<|
zn$eA-n;K0pZl`y_+!{4rD+lYbsJ4|Tv9szdm8-uu)oOE%Pcrb(wT<7{N}>nT@r=QB
zT{Wyt<>l24FtaMlvRJWARWj$lGCnrW&$>PQ{rc!{jmA02!LJ_I0c%Z%B3_#%)&UN)
z^G1IOTE%{6Cc{5@UUd%&k@bc7!274#aAI8ND9?2QWzk+63TTj?i2?q}mqCd}!FpdJ
z#w@McG(ywtX+>uPsEdT`{eh>hzIlArFLa2Fb__MIm*67yvv&!-2D2t3`vkMVF6pPG
zSnIVyK3*G_C><1y)`3%-pT-t#G0$FNec!|FGQX|nq*w9DOrGI+0HKu%16hjz)W8G0
z`wyj(^gE~Wk3U<&(;|qXsSaSCf#W?kFM^AUyUoJN0+6A-KNy}g-AfR6K4p;}S@4$J
zz7~<)bsu``@t^`KUXt}IPOhx#a~iyMD2RAwCG>7bdgdxNuK8;}@j1??BCnUP3dDjL
z%yvry+}>Xl$(<3ha=jChn7OZK$dWy{3(BK{#P4o?84sJgUF<HHSP1nBV#mjSsR~?y
za&8OuiHGdp!@A3rmgHAx1W1i6azm$Z3{;_73k}k+lqONxR}9{Jg#qKCO$9U0&lU&5
zdsw#^l`&bxJydm2zRs^cxpXE-0BYZ8a5_6H0%B~=4RBXCJ_aq}d-U%(J`Ur_K9huD
z=y-g7DvwcKlmp15HgJu^{K$B-e}aW%j7p6HVCTGh&VwHgVB40twRqr9;)$`L${QTi
zlI<Y?WF<-#fOIfJ)rviV@~;CYf)w1vzS5RI4Gi5Y+$mU}x%(PllKA1Nd9|JfZ?e{T
zcglKXx(Q}BrCA6rT`4%%A5atefI2^~?=^;_U4m`dJajmqk;$)uk<nXRhB~8t_|SPW
zf!$Q@Ag<3>GUQ@0R^s&T;%_`6;WnM!upZCzs^cD4HFq>Wa{~K}j!FqwJ3sFHaZ;jc
zSLQP@i5JW<--;}8S!6idijE7p5AE7wEgxm_mVhH>W@bi2*cK~fwP$a2rUde!@^aM9
zp;ausdbsbfc@(K#9XH-ZC#8Wt=O4s=w9Uq5aXh9|KM=>ZXHB<hwkc!FgLx>}zAVE(
zvp?YY6#eBL@X(^QW(mI+k})0(=cf>VKh5<?o;(^I6*xZ8g$>qlz7{{0#K6%7Q;~8T
zFV^1fX7}BXC$vd#g&Bz=R+mNSdyXq8$!R&7yX_1<m81$qVeirvF3a2MQ!G4tellIa
z&u=};IdR?3$o#|5`7oI-CYLg|{|&6<Vd7<ezD^md650NdLT@YOf;>|4WkTK-&ZI~t
zAzeJ7rzC!I5aXMEbCG@p;1%jxw4HExf+JXwOd$;rzgQ=$TFju!Tys7Dw7BFpx0jm{
z!)6GDig#V3oyMldw@x>uNbAs{npHEPp7{FI_++zHZNN`IokxOrs3bIbpNrTX^pvYd
zlP7=BKJ?iLaq3bHNT^B@x2nr$=tBE?WT#Ok447&fsX-5su+y7WzS;i#fEbA>6Zeg8
zE8}MN;jfo4T*r5;tN)BQ{bXlaIsA+<O?8bVu0LOHUTqv_mYGXP-aQs@I07F|Dq7N|
z((-nXRJ~DcD_`?UUat+mh}=JD?H4cY_7(P?xx-k|)#4ryn=P@|OTuA3&0mOmRibw(
zmQVavb-7kpl^+!%Z5LPkB=^P1df>WN`?81s)&d{bC^dMT++0IT6cTvXPiP)FWh>|8
zdSa+s!3))`qb^ZaLZrxa7V#LlBi#iG3pH4Solo@gc;4c-;o#TnRPwaNi*n(ykWFA$
zl$7daIxEC*16=f?T;!eo)sJ^)@l$}f@dn&DG7GzITq4E(Nji&VoMA_FAmo*(x}#0{
z(=gHJN#iem1MqqNK?0&1|0zKqbfIrFKS1(EzW`+5pCB^uZ*=A$KF=_^{5wG2=;0l@
z+-g9$ZhpUU`3H<>^W(4eZ)<-G{+b(8PUncsm#udS^0^mQT7paZSn**E1#Zp`&^3Bi
zw$owtwm&i&mpi9;w~;n-bOp-K#ss?o9juaxSWzBW%|mMeX>SU)XHQkX-3Q6rv>(0B
zr1nL)vb{xY;k$O)^Cj6jhzm_lAyC#&1T@SE?mZoDRPQq9%~`l<`Gchk3W~R8V3tVX
zxeS6OJ=`>LVTO4P6r*My%CC*mQ1>0@m&R8@Wh-g!ApuLwC@z=;ggnCKdv(bi#z5f7
zW*40Kt9^OWd$JVD=AhzJ8<J_#)>(eyCH)FU84XU-5}k`)n9cQ-G_u>bvaHAa)aCQ0
z_km{no9$l_#n<yP;+nuoaZT|kU6je}%<-xA4YTk0U(bfhRCANM1Id%4nH4CA<9X&z
z)7O)4ktMm=x-qE>N%^UTuBO&)byMljbGoC3Ca5OjS<50_`+{?uMkld{9iDj3lBpp5
zde1|M@NWo`I;Uj}no$X9VJcW(3W~cvhuH0yc70b@$LrgZ4!I8bVGfg-bNK2%re#)V
zuE?lK$I#1}i6S`r5dZyHdx`n#z?*vHS(CeGdtRu+iJG_ZmSF-^3VLQDtC>Nuts<*Z
zdp0F5(hR2kI2vHMZ*R95?&#>Qf2hxplkZD5b%HR-6Y-N;r!G`izeweq5a|poh#S47
zD*USPrQ!{bU*%iM-rDYuhry8U*PD=fXQ>45dEu5oEf#Wo<>uz`h;JnD&97o*-u;#W
zoZQb%?D*Q+g>M=VY-l^xx<S2mFJW2|<pfH0)E9C6X&TR~-I)Lk#`K>%eAv;OL<bEM
zCjAun-k;oQm525MJrZ~qUQjhtJb6`ZNj7~w+I^OHcGop>ix@!&A0b7`jaL(j7tW>C
z=w^P9w)nATeno6cxOGIld&810yrg!u#-6R?2*mIr^VKG?qPG7e^ep+ceY(aO43@e^
zsS3~{q|q`F>vD?{Q$EmGEXYQ>IH3bCzej1|5ezxFsPMMtq`9hoPxgrseOzYeaxtAr
z4!KrA^{_YOY+&^mKMl3sERb4+<Y*LKA`u-K4eO1JZQ?rtPWE-iGS8nuIS*~W&^NHG
zTR)7ussZ74$eF<~$KL)q-mVT9wUOI;uiL>l5w=V=zbyB~P|6lZ4=rbwBDje}5&c55
z6ssZXHP``hsrZHRqhIC{a<*m5)PIh4`U&&b{o0Xn&Y<}x-;|)A9VF&QUTd`C$}b}F
zvJj?-N?4Pu)G+)rSb|d8{|Yq(tEPv|dUt`r!@Hg+REt(p!esrVhJHg#xhjpL0vLe-
zR;ow4&<*wKbF(+SgjS?$<nMZ3NM(UlHsy%Alw4Hsqb=_sEjQ-1;nnnNW?rQ$6wKfA
z`TEbe+0o$GchA*<F-4pG?*)SOHi3akYhc6>P5ve#>5EGNSbBRq&{0d>(E<kRJ)C&E
z4({wON23zW%FM8dtWPM;I?-=ut6M@itwDzkL99c3G#WE-lOl~aFznNbkH1~3h-aJ9
z#AA8)TLZ9uC|wUzfPS4@@FrU;R$E>Va)NHo9hLl<v-`M6n&@!y*yF1s7`zJBqcI!_
z&hF|xKYaPtdCv1#K0%v&-mz$=yYM<IE$}_!Re+;a6VlIwfFRr0<Xn?UKH}NR)tqU=
z^>|!d{oNsy0Wn}nuO&U;L`<g;()gNtGbZ!fRI|Nd!O%EAqJ{?jT;yZ%gE}w=76;2d
zAli|gJWdhuq3nBEFVRWL+Y)ex*a-5#STE8=`$`1O6`Ib*rEZPSadzvxeB1l{#Rrb<
zJbJMOXN#?e)nacUx+G-;^5*?MWq52J2`9H^y>zznh^t9>U5+<5GQTo|=az}kaZ(*(
z2ZeqNv?sOColF#yh9!9`DBlNMYfxG2_zkBkGub9gBfB{(5nF2P)+a{i;%)>a)|<6i
z+lpIt_#Joj_gVuoGivUq%G;~dHKzq=9~f~OF$Cgi-C^#t9|hp|&G!rh;s+Xexkbxw
z{iW!%KZq4hX11V;dGd_2ht?s%Nu97BllGqMBafe{^z^Xqgv3v)c3n6{eWs{0RCz1e
z2anqV+Tf(VQ4;oVCUMH&J{C&sb_N*iSSzqC2c$5x=#2M<HraDy>yAxvXPdGYxys{l
zEUGFIj}yf-SLkJ{8?X<_dhxTl$6j&L^TDx)2?zn(RR|@Gw<bmeEK+!jsbl8io81mY
z($Oat=_FJHP2rSdrx+AeGH0*-=Q_{NpEg;g-kYRf_p~Cq)Ct~V+ECgkNmP(;m*PM<
z#>jTLv^MB<TU3F<udFC)jT~nBOCIXY8u}Zi^S2;d333hn^yU6((cEF9ftHsVx-s1i
z#Nrh84<4CWdy~`iFa+W-PJ)1E3n*~Iido*mrhtBiKx~sYXG&4p$s)zsPWzE4)Y*W=
zWZ};>)K!s}rn>mX`|ah}Z`OUUgChZj9S_nlNFc;5pcj;m_A5rEb++8RAQ~oA;|s?D
zrh9ZOv;(so4Q&l85Ykw%r1!AbI(2D?d*2n|!I$K3@!TyOPCaKPez>u$qIKNr=f~j-
zex}#1*@g!0=3}E5^aThhW8vwRk<sG534KeVN9CNggE(l+D+GUN;IJWFYKbe4mTc?3
za6O>7P5ss8UJ&tDkCC&c%XGmK7*{Hkg4P~!V~eT7u}XuKRp=Cqc{a7?Dt)>Pfst#%
z+$q1*)uIeeOyz48d~zt+YptJ^EWQ7B+ovC}-QxeEt>Gq#1iY1>O!c0VuhG&G_ifQU
z1RZ3{AvHzA^4fGf95F4t)IXzjuibzOi-q?mbmAT<Z!$&<(3>?1A}?oWzqMK<jRTWM
zKYd_F!TUK#`cLzO#6#(4yW1<G+dKEFLP&_bg7BJC3vNjMGHa=;Sd(@h<P)2a*gV`T
zTAb%CzIRFg!d-Pu011q19u4Y5jA4^Pi7qeq3$?g~Uj&kKQ;?6%$(!VqPs`)%C)91&
z6f|6HjM-{T!`~Ko;dXqI-(tlUHi3AnR;abNXb`>t8jMtWdvdzq?<X%>B5%ph6Ek}W
zoaBjJC(oX!t;xL6=-Eu53qmd6vm1IEyRKKZ+Ykja`#hYN^NFYWNI=B5XX44e=sz=)
z#(W~^<eNUC^K!jA`@#>2I$y<25#l#BWSG^v6q=oc#9q<M!aO=75P!()*=?i+JR_L+
zb!#X5_?c?MwF?{mkvzA!Re{>2NwlxSW&vJRvVzTQ8zZFQo94&j`#OjU>)my))6{fQ
zt5dcuaXEh>-C9Mu?3)T{Uf}CATZ^XU9A>gbqETLmiU)MA$G+Rg1A(Y1^T|E5YV>t%
zTC<M<#^YDS<7e@Ml%)CWJuF|E>a^)PDk!E?1S96Xa^V(;^*Ofay=p(6hh&$3zsmXF
zlpp`+jOXHTFEr3tJ|O@rvI($21P}r&JOPkkMgruSac>|HZ@@b)0In(k^FJz(oTDuj
z5NOR!2izm_KSZO0mNx+i-U9&kkrq0bn8Of=AE*N!ve$6l(gi@@Lq=@>OFI2{4+KJv
zMh&F^c)fx^{=3f6!(b(7^-lA@7$pS&FbM$2g8<$%06KUFJP6>76DjMl>=79a60w6|
zfB{$-?C`v;o*w{bTnsZ<XsI>Epbh{Z2*5zU(At^pfd4<e=Y_%O!)Fnl+c<#iN^WKV
zln)n<kcK@qg7}hP4q|~sy3_)(JemkmsJYKVfF)@dtcwu9B*EV?C=DyfEkdjfr2_!b
zk$}&90I^ON;2<#@dgjooLoziGfS61NK$Plv@20(b>Iruj#ll5&z!&}{RtSKW%?Ef%
z2*ALO1fX?B&~gaGAL!~zD1-|D;6!T1{d*Sv*P-&L@rJJ><~IIoFu4AX)|lCUR)VqP
zykkTSy_tO`{?i#zEC3NetN_+s3IZ^v0&qbX7oo_};&M0(f5)D-=$=R0imyt+`wjzT
z2}&M3U@S1zS82<kWY?3mFshP5{n?kuY9Rk8(5B5+PZF5ak*>{+uS?J=>u!UO@oeH3
z&Xj_XDN&p&P4v|>sRGzm?E5nOLB~aLB=6!^c2p9sKZFE5gEMp2u!1HGl+p^N7uz5W
zINgm%Nt6P+k%kp_OWc4*QJnS6M7hmGn`<JfiiOz3SF~W7RNJZ9gVtkRWZf5~-CT9f
zN;ck1F2-8F8rwBw61}XH8Ld@B#5_x7-Bpvmpj;!eLiTDxqV-d-V|;AyjZjqywa4eL
z$~v9M3hwo&L9T13h2)e^L4K@8aj}Hh&S!33T0A9OM7Kc;&7#3k#-YQMRo+1IFxei<
z`*(7u5eK4_e#DHI)O++cZ&pBJPk{nd*!!wIr}9f?uf>1JdeuzIet>*3ih+zcg|3yX
zKbOTA9%ALhz^98jb>)tCeV*p4)G+5cZ;kn;JG{7ksNY$;d)Ho%^{k)p?Kd=Rf2xuh
zeqRuPSyxQqoIkJUJ+0^4!8#TX!{Z{;*>uoii0}p#4vmBd!&Hfo4(irpfwb`aYzu3L
zIIje+@#RgQFM(1iIg!|B1+<Nt`qhAX{T(*7d+dg}vNIK4b{p4sc0#;Kd{lLe!p-2=
zxlZlmuC6n-Y8~CvqVhV&+7fEpx#rAQJVQ^!KmpJaK)WStjY)<D1Mv$I&9FuR3v?j&
zXBOdkS=py+qz&-|iJk|xlJXyKSvgVD`A(W+d*Piy=t#geU*c}eJYQKa$gvG3Oy<vh
zKk0okY>wO2Kg<W)9rE$`IqB!Iaxurh>oW&yUrg1-J$MKRDQ)iDpmnf$Yke8{2wzhT
za(g4S&(e>FtArXceI$>71hJ<+I)=7SyQqA!XkS$+MWi)NxNsXL`Se`sih21~TQ~*`
zOS1>=^*o0&Nt&q~yk=!id-tO|V=erv->?CZ+kL}0!Jx%4MbzEu!o8i;n9z#Nd%<v1
zX_=l*z~zO2bS~qxmqpYfL5B>lvnArqVB7F4Mt784l;3cKRF*s~m`5wV7FtbBITB#S
zX>Y~(RDLngFSFWLIKFFK^eU0F7ScXoE>TNj*(;|ScfQ~Cu)t|q>>(oE7@G&n8_J;$
zUDma)KWUn5spQk8Rr0(av%8Phz*AFjQp1*<##gvsW7sVpPo5|B3K$(PhCzfd=LyZM
z8N3<JtV3IQvkN-!KE1T?ij)3mzvJVM)Xzkf&Ghy5H4+OaAxOc1m-+OHDK*Ze%iF&O
zk6KN2a}Wn9-KZxL5F?d76U%D#mX4~|A>Rw-1U;Xy@{gwfGzz$}kSKfpQ!s5k?{Fh{
zUMy+GtkLX+Q#o5F?d++Mz4aF{#xGv8Scm=O9>=%0$=ivwEE)_|%J>_dgf*zL=c_LZ
zr*u1Ksj(3`{H|a6JQ<GrIj#54=GbdmHI-CDE*x_*dQbtp@KXy~PfecobBJbr`;rwu
z?K;bhPFzk=YTy?M+)4+o?gl*C;!jA+xJG7{(C~VC%K8+K(cmI13cl-3S-;ExE74~b
zffB938{KpEf!fy};n@QENZgC`^N}fe_p6yvCUM!x1A2Sc`<QS)+05(2z3j{8{Sj(P
z>Pai58GC5kXEzslufTm7c9i6%Z}@8HD&dPE6ExoEtx1cveEy89mJhgo=musD)IunB
z9B-cq+q6G*MpjOjTTh-$z}J2(C!Z8b?N>W(p5r~m>gxIK6CLvH@=`L+sS-J}GR7XB
zdQGtG`~^V+XVP0O&^jCKJI@kGs!n>l`20frZq0Pj$l^ljX5GZ{92Ih_<wU`dp|@(>
z8&ZnXNJ_bSa&mIuH*9^}D?R_g^KRz7d6JNLA6e`KG^!xNPR|2L_UpwOPY15Q3+HTh
zl+?nSCx%9Ph1(Dulgoi3hREDnZz&+wZ(QXm$v7MT`JC#$+NPS#)-<-nr+OR3!Am#!
z`j^4jQ$V^E+z)u6{Vli~Q7IM&&XfCN3#((J<ps?}SbYAVJ`E8CKmkoEoX}2C0||rC
z8of(ATL1;Ou@f^&uGR#tC#pUX8T$@WUx;Rtd6QD_oKh=l%JV~p1KE@aBBS`kLa`WW
z^;7`0`HttM<cns0`yj5TsRvm}XGd-%K;_$QlHx&T>BZezO~3smhKnE+-pOh6aWFU;
zH$k5)v9;28S<ia{*D>v2_NcckUSZ0`L!l^so!v`Cx;<EV)!fYVV{f~{Zg<0>O;Bx{
zxW@{^ptHrU&|j8EO=02>xrc+1L(iF6xP;&4B*zb4B!~8l?#0(6d6@FBXlf0s+#Ie)
zR*v*0AdAA>P&G%K>b|rbQj_EK`3DXj3Z64FaNQ8cSK4E879&R;7ubINH8U;C`X9BF
z_tCG%wCg34J5z5Cv2ye3hrKuh5VBl$jHe<-N+<&N*3gQb2F$hB!6}S=%|(W@rgH<K
z!=B?w{x-oz4i7)Cp1Eg|KJgvw?~5Q6Dq8NR7YfE?ImUWjH!IXT4{D&F_Y7?0Djy2s
zO9}Lmobw)8_OE6cdntk9RSvX-6n%K<*UEyVjq4nL-bgZZIbBnk)?I|VEBe3*%<ZrV
z0LR&$hnn~|s|J8AhG2OwUNc};hC-9?Q@eha@b;ApI&QbhhDrX26elz-2B$Cgb2$%Q
zvP`dAs1)GF@k0}Xtlxx0wI02SjY1426UN0=2ZyM}GRcfW<=5T*2V-v?)MgXM`v#W+
z#T|+lcP-H34#nLicyI!wP+W@_mlrPtcS)eQCP;BYpirb(pirPKZQsLt=G-&)%$%8f
z|H>qrJo!C4JG1-je!k!DAlaa%TiQN%XIM=d*u6k!`hJGEPOeU>k<SXuq<vfTy5pun
ze!piXQuxl?vd^~BkB23IUSPk6B<9rgthF<ziZOjp@9|+(!c-cibBcN1AwgqDFJm`?
z?koe^=k-sxgBT1?`1-)g*)LR!FY=h^=OJWg24I#FDY1&#8R;Jx@jtw$N9;S(RO3{%
zznMF<Jl~s8OgJAxb0>iABl~KHP6yB4(FrWV)Z79Q@m7BE$6F8M`SSQpm+qDy-IJei
zbVv{uZLVX|dKkhB`oH8Ulutx#&6STOu4w>eO7I2dxdMTja+^)<gOSo-cscwm%*H60
z>R+4gXY?IL7N<{iFUp4d@qL#m1@nboL$>k2Y|0b0Kx*i{)@=eY@we!^;S?3;X5>;#
z085V7*y9RKaPK6iVHs$a0SSPb64nGOVT!Y{-juULS{ia~<1acY@iKY9*e?{P)X>bL
z(fSg~PVLLh5N|P;C8_s~6IPs}9_1d3^ac6Y9u!9@_Z?~UoQX&R-!K`CvK~e4E?ub)
zi`Z&xZGNFMSmx0Mpn>*`XyW8y1>#C|(lai7&ZntYcVl%>w!36WdZ;9xRrRyRtUKrS
z;x$p@E03@(;zY(->Hwg5rT>PM6RwPzBUHijr{QOXgbMNK%@y3QxL7!lqwD9;25jlL
z5v6Fttf$!cafSVtogH<wu{6L~fvtZCraJNMQTGFO2cK%{9|Wv;GaMPK=$|J^Y<*{3
zG^&uwd>Jr+iw$@wn01=^m={aBrZdSJqoDaLDLdfXtt|8SZO74Pk`rd!vDLGfSSpvg
z2q^m9DNYg**e(P`v+;czhStn3I@xvdKPeSu34Pl363AHX(kxAyIIXrKk~0|Qoedi&
zSGNC&S+Ic>IGS+Nt#5iZgiTlcISrwUV*p;smdDhb?-p;9Yaj%Thz)mb6vB_f?yIAT
z%C%#>yoQ;T7MS$`RLz#`YYYi1!hL><OA8U|_r2ti143%-h$Uo_bnH!B#>9v!kbq_U
z&ldve2ZvC0cTs2L$?WM$Qh?x0LH=_Am|StFA`FFQP%@lJythWo!P^*rJ!rnZATcRJ
zO8A=?rRVS5c0;-@FsUcwyg&83i>PzAF>thQ1ya`>BXGRHBYz_N(CR$c&jLK$&;seg
zkh3hlJ5w(%+jo8>iDQoW%4B-J@wRA(jw##ZH~?D4KD#YJb$vFv`_0S<Y1HD<t$4u-
zd(GsZDIZub5<!@Y9{|2XQxd_kzD*1^Z@Pj5aGsulkmLMAAkb07$d-ZheyP^PKV}C3
z8_gPCh2bN0h>`4+)CABZ7nCP<$!GqypzV%9;Rn{(+A|41kgLXi;4-eS{ZTdzRZ)q_
zD@KLY7V0kby*`c_rs1H4EVtv3-S8gE7yR{Dr$nb0k-exDG37{^)?TFw!1qnm`UiQP
z*Xg&H4grgJ#C}YpcQ-EW{W2n84`P~bwUO+54x6A>!t)C`v27QiXUNk1u9}8hsCn>?
zV=p#1NCJ<TW>1FZgTLP3^to%lgu>17fvE-~DJ38!&d`mbDV{5bkHf1nB~~l84w^O;
z65`$L-F%ObnO>Kf_iGuzf)HWX<8}_O$qC|<VjJpE+9e7fKnL2qD3g~`v`u9Nwt9Ri
z>Lv1Z!R-ckC7DG0N6d)G?{Cjj`QovIj$j%kK!#Lnc)Dw%MIWnHtA*qCD&j6ss&S~4
z17Ok8j?g*;A<JT5hma{vMT495yy15@20eIc)=HU58tz?S|9NxPUDw+$2vpyA=%@1U
zx2N~DwU=T36?g`#Q0=9x@xa543OrA4$HQ<L?%{x$a8XNWrBzJ7+f2$qXx_ox<Fi}h
z^+tpUxT&dkc4E#3vfdj_T&2yC6jzcgUovpvSQOsdCqO7vhH$pWcp&r<Grb=G07qY-
zUrR`*(CxZiP)kyMUUaf!Vu}?<Y${<gHrsK}&&y{)0hr%cmt_xi%TH+rcS+U>T4syJ
zUg#T{+lNW?pV1qmny0dS7v!D{^v(nun6o?RoGy8w0s?l4Jf2yT)RngVE=DL`ba0=e
z2k$sNWMVq^X*{5}{GSE&Ue03-oeme*9Y2zqwA7o0|BCOUhn!ysYrB5*-7oxLQZQF3
zKLstH(wyh-=J|zwQL^6Py-2oMcw=6oQZqQ<2DrB+s&ppYIY6Io{0!Ekr0F8fPhoK*
zlr(};9zsu4`YrRJ2@U*KyjD^#e*L4ko)Y<Zbb_)PXjKFrDVV5SSVnlypUnA%(|lex
zRDyX+|N5!H7xc{wl@U&{98yyDCV$unG1g`^!>aIoWQK_wHL(>9)r2<^4&d(mQhBQK
z9Ol8)o34kW@JIb;Ds2AlvK<kz)`V05RETE|c6P=M9!$}D-VF_XsU981f-u}C{vufo
zvcDJx(DX9G=B-@x3OYlP>AI8Wz<cISkrxm6SYe?MaX*|jOj8LO?%gDO+!%dZE#|FC
zdh%V@^=g}y!-~%_>|s61zBHZWVl^XRE_x>Xos9(UxKu)4On+`D4|fw>P!<DZ?V>rI
zlG<T|^Y2sQB?VrB1HW;Rl510O5ASnRmX^whDl!DN;gBXSm;fKvsDwh;v%(Wu?_3H*
zchaxTAZh&21hW!?4Vh<yk+i1>3)nDmrE77eeVU3q=t&!*05AxHjV0!x51XMJUZMk_
z%Yc`I?F}~6cLo9MM&O9=_Hp@OhnE&%&Ew^IGX<GEd<7t`Yal}qRk$!s==*+;2&#Gv
zk^#RO+{_ySA8pdl$ABt{B!n@;shD{T@Qh)gaNDN0Q-)EdQ~%uv(4O~~5l3<DKFvRd
zIQnJ)QF1{eoHv`6zq|BJ>1x-Le0opim$h$86@wHrehQkT8^qW{)({hM>z$K)C8s}+
z8cKO2EN}&(g+~{Tk*vMok*O}wuJEw$hPUG#km>82>`c(*8>S$*l4cOuPsCV;bq){*
zq!1oie|Uf_=n?X6cPI0G=kEzCl752y<3&NzD9F1Wvpv(2$AQ=$0T|7}gGvW&U~lH&
zQ{fQ<69wRcP8<X6f=sAY*}Jadba->)e1OSZC(KM?tBBW*uU*yq#Z7D8l4SR?(hKZ3
zHV(W1HP#gtw}?`KBnngrfGiqH>y;Sr?fmR^k3=f`opUT@%e8yLksXGlxK;dCxd8@W
zJ!39~%@2J5_ek*QmE;nM*3ddn1c}gYe77o@buy4I%02)~<lDDlT+ws5X12Z?h}->%
zT;{p$SZNsQc-RVkTzBE_rx_QBsjIA+M~@XnoPTE|YeEi^1La}i&h!||_|-LXCh|t#
z{dN)%Mmh9C)A?aa-_zdg7*ipcDwPCJYRFW5>UvhPHC|BEhjl(T!5;35@zD99D}l`*
zsCQv5A0+-Qq|x~L_H2B-zket*ecSVPUjE&-ZSCDI*m+&X(|V;v3+Y^s=#?s*1%BB+
zjX&)3gGeFP0}o$3h2%nbIrV2ah<e!=E!pV;w%M||@HMs#UMb3<GB+$|&#8KYw6*1}
z&~c%2J@$v&3~8JQYK5mcgY!06G#IG)Fs&+fS>;;F#`gxBqBEHk#GUQ@N(BnFp6KN(
zzuhh*=$RPAedJP<&{>edG`S<#7Vei(-s)5ZhWV|pN()r1KLZCcteV_~kXH>srymm+
zK<8(M_WSN+%`+&k8|2S0KY-Sk_bj8GEz^aGa+xG4me3j|Si512xl*G#s*{Hg93bG+
zhtXC4-tRq5aXvY(JL*b$I4JEi=Qp|Krt2nIA`P+yJED7d#YddDY<vtWEq%n|UrT14
z%i;)RrUMkbBm4K7E~X_E>OT~|0YGVnLAF_!p<ZaDRUO)ZS+>e9Mxlip)un@u*;D9f
z=L>Kbey&vnI)1bt1PJCWaJ>BSvgs@0R|gk=v;=c0ne${PEk1v_UGhOzwo238(Gk{j
zUHPcY&`_1&(w&o{_q>KT@VOVXQbNbk?MgrdnjvhvH_Nc{D+a^qIgKH%;683b(q7h0
z1{If9bIz?f)Fk@c3e5BS7i`xHclVlYzLx(0<?(Vs=p~I_%o&VR14tmlX^j=!VLuEH
z2nGinf^fMDDu$aqc;b}t40W6ELVnO4u>_VaH`$vqh_J1F)5<kUWeBu}ZEMYVvjAug
z`XjnrBg|dUwET@p%KZ_oqA&z_*v=3NXL3TKaz#-^K4ykFzE5C#yw3}7@Q}+Qn^F7G
zM}Zp!X+5GxVsbL_@duw~<9d7Cv_ZAmrr0;joPvGJ8#M`WoVQ`UWo4m>j1>U`8KZbH
zy~A2UGc6MKwWqgVM5BMfJD0A$j}%_H!9(zv=Orb;wp>m%-lk|sKCkh*l5PPztrEqY
z{;HXI$R-T@B~?{yKNecxy9tx=obcQ~?@Tj*D9-2();wpJqRZ`Ph%{3O2<Qbpd-UuH
zbK&|nudu8=Rm%YUPADS6fxxO+Hj?8qik_T)4z-(BsBqzUBHCRj*p;i-lRNwE^PeQ5
z0-<Z>NL3H4^5qI*WQz(vj#lNyu1v<C;ZU2K4H~p<e$1UFEju@QD|zlDJOzb-Pxz1(
zf)%GJ-j_)M2h5=PFAG;rd*0Q&giWA=N+7AL2e2LxdLn{ZRIOP5-A;Jii>^Hs+QtPe
zfgj3TlqUTLZ-36*t#L6t?fhc2QwUV)NjlW3q*$x8vBTQTIOxY#@EQ-}O3R;o=OOL&
zo4;P*UJt>)Y_W6sQe%1eA~t(<zKCm0h;c5%+Pc|lmxZ$5h1K%dR$k6|$M>FX(l&aA
z`bn7vlP@+UVNI6(CS(T_uDjkZy#|KwsoywBGLquwdP*}YJ9J>2HeuG9LD#(!FA)6+
z3UB<{120{^3`k8ezFPx(-V#GKS2wo@eFU*6k^sy0vkcXNFr`My#gQl^q#!@h6%h?e
z790!Q5?{^F6~$pJyu<SbhaAAY$@WRviWBOVyyM)8xqUwz4aOM+z8rkdN%uu5;O=(I
zp6TomEFp9V$1z_7JaLWL!LD~N+BdlY;Hz=v0QNj*N(Bh1(Hr!@O9<L|8d)Tvep-S3
zK}in5OwALPVy3lLT#MDb^aQX;x@1qFp7u@Ua`V!LlYja^yxbVxPO2Q91bUn?9-W6?
zZeZi6D&sDGN?1jhE1IeNe$P-fl~~kqcZF_5(4~@5^NO+_ckNr=2oqPx#*8bei}U8x
z@>4GlhOte{hhF+RPaeX?Ct}=jXCSa1eGCZJyXOI2+M(tR&=uhgOCer2<;5bz(F$g-
zcot4b^JO!hhWqxUNl6SqS#E6*LotVIlRY_}77T_SGe}>WJ9XxH<3$#C7|a_5<C*in
z>sd9bJ}<Z3I=IjEt`%wY<PPjL2VypaU-pLkHi`pXyRk}=K&p^I;XT=ZXt*!IdPAF&
ztdNqh)rs^uM25VlJsr{sj)H)DdF%(d6oipGrE-w<_2x(_b58L_TSZ%@Zi<e(#!?+s
z9{VzBhm_2XPc!?i1Bcto^O`||bb}%#p+7(8vmTzJii)r8=W7aH?tFpYBneM5G;S_*
zig_Pgg<jfwDcvhvlnoFC%q@|g6cxeScD=*JTrM`ZKV3ABG|GTgR!edNPw%cy==vkT
z>`X037s*1acawhJk!_eD2dQ))pV6VhZPasvo`Z|ii*=Oj!+W~kyZVJfrJ&W0ny%&x
zbi&V5{Uf%VuzPbyU%l``w>z6ayG;JJW!t;Kc6F_nA@|1M0i_S(>na&VHn}iQI{BQE
zhV->>Q^H~g_PcKaq3Gt0AGwWzw}{#zxv~@x(ak`D_IWp1d2`9B&1O?XPQCVi$eVJR
zwmols>xoaxCMBJv_N;-En2^4o`?`(bAh0uhv2JU%H_C1ujjRTvWcLooluumhBt#@c
z6)dY9iJ>$SgW=oq#uwXz7j&Pme{0y9^>)5aN1fAGm8@K5AdIZqYC*x=XaR3ndr)W(
zrKj$>wu^zZ7YrsBv>wTQ`~9Mj*RgUKie?tkG`eLP3uUcR!R*wQq7N+2s&m^eH76kp
z=8R`)`n7eTceaAH&)b7e8a%flX%lSx(a_?1Ij3-OATf45zHi?Rt93!3>o6~IO$$&E
z550|`24FXV_}031KA&w4ZV8r#4>E_z8dBqlKPgC^_z-%yYKCR%QUsI><&P1u+u53%
z5n+N?-~rxSgl=b?W0~@oT=lx_NG$l0z(4vaE9Qhd=<Nm~E~3ygVUcl~2>?0Fz3ocA
zd_jqsN^)4o(M95oF!1dyc7h?bKz^uGWYkLSrS*Db7@%R8Es+CPjV;t0HV706-DgF*
zH7B*R3>9sOh7q%+La~!+h{?IsRK}kW$72x-3M#RU04RvZRoL1IdDRF7RRCgyY~%b-
z$UDru^vzfKxVt-QxuI2n*X=G4R6$?u0lE!<jDk;J`vEad1-brras@4*GvlKJ^d7dh
z$YA+$T=ge01s{Ky^z&}vy4ovk+{o{d*Xa}KG~JP^*^RlOsKU#BTZ}yaH)m^TD(Lzb
z#3t|x!0X-V1;T(_3uOGURMvF!TenO~iez|*amqm;d-z5fM!P>cPDFig_vHkvCsQ6V
zg$7GxTtO>O)&h@T4)*7YgB&YO1B!SQLNDwPGokk~0Xrup+!qHWg}m3(_x==g{-0mB
z0wJ9}O_$|mBKH4;F`yMMKwW`KW`_9#p__-TU~$lA?C60fyg=_x=6;n4;wIuxn}xvv
z6U%i6m=RMvsaziGd7_$oaS$fPR5IsGQqM-n9fG_gbSE3!SpcCgEe~jbs2T764W0*y
zmb-`eiCEXy60{ei+!pSS=`yv7PiZFu*Om(gzA1WFz4SXCJ$a?`wYB2d%^~#!HhBIK
zcu}443|9-bZ&vcMyGQY)zduL<SsItjOMEI1y6G|M?hFDY!;iu6cy1RIVuP2M96nQm
zv^$4y0Lr4R{YJ8}m41C@bHm98_*g*tu^a<4r;Ewc7;@kQdW%<XVqek}o`>A~y<hGp
zu-*TYA6ReZS>cgGP%uHKSGydV{sHWy3l0^VmAd0>0QhJekZWqhh$TEazs8e^u5|mi
zSUF$spS+OwDQ3!eP7tKg!ScLRP9;e)^w1M7of5j9No|^=F$a2AMG~llO75ef-!i1H
z&d|h7u1^)}aLP{NgSwH&<tSMv@{p@fj}wmIu#M^&Xt>1koHWnnZ=mLlEC_@p;77I_
zEvn2m#Q|t<vtzy_^YHH3zMInK`f#J^_c_|k9zEOQ+K)-)#!$BD6H^lMS><{Lu5KNz
z*z|Gi_hTtkh6zfE%>U)SOJ^Br74e%Y&(M25HyR*PH^O!%BVbXhm31;@Nac!W*93^Y
zf080aAI;$;)PtKcT6t7JQ2I$q&Tan5Z2u^-AlncI(<4Or4|BNUAEfYU8ycJ9&M+DE
zle|k!Ni2@(<H(9l<|zh@R%vT&`jP3az#hfY;qwY^eL;>z&T;Bf#A0#GVv=zIGz>!Z
zs$?8X+~omgX5vS1u+I^@d|+Pqbc(+W7g2q7of@y~O5HY}Y*v<vo@)bF{HzMTaYEgm
zq;9$xg%55Gh?Y_8eUYBDp*C+3NO~-X{=jXDNt~xN7FSE3D_5;&ORwgj??i!l#mpj~
zPS%!U3;DV325cMMP2x85W*K$oS5f{(-g@uL5U6#5xPIHNdglytINRVN&`Ho@{}DE{
z^Kx^U+XzLf4R%a2h6?j>qh#~lHSx?e!A?x?HCoO=moh|Fo4FrImL()$U^CQB5OOy&
zzh_57TU-zsHMLj%ZRvnwbY*2-@i8nf=#v*_#L1(u*Z1row`qFAh^OwNMdUc*h8lSt
zKFZ`P(2FKQyg%#_Qi0-jCJnAF`~2Tfga5D3ND;cM;Ea^0@E{;;`J`%$w6u{4r#zo}
zLb~C}yP_#bV;v1wjw3*D4l@<jS#y#L316FsmA;6T2l9jM#F|}(Fo*ARbiquRGP~`c
zq`g~3K}_LwR{$K}p*`Vq3<iT+m}6&4zBlBggp14jSWFCes}5#Q8s%Y~qtnU%>8k|k
z<U{{Cx-Nr26D*|lA45R4F)+8*C_W(EK!}eLI(PlzzO<|Uo6dI;6jxbRJ+{n(i7@|U
z59!672;bVyV*mC?S`hL+@*Ix{!vDb`04FhD0UVD=!v97Z05V|EjfBttAF|`Lp(7gW
z9t<WqI_cT?kITS{#>WY}H^A)6fWa#NVHv^yx1N1$R005S9^r>aNwKpMfPoG0ziP7y
zMfm|p0c`}$1HNtKTKGPo&-@htN3Ma(cHbJT3VJ-y1tuYy;8FGUKlug#j{hTa;u;NL
zs{qJ8Awr|IJsO_>pHxS)FX&Wx*b?AD5P+V;>e--rWLzGrEPEU}cz~xR`6x#gG!kKe
zIdlAf(Is6uj{oZ$fLOOjz@_TH{vqoWASGyq`L->RFg=#3B>UvC(qWwc$_0Gp1>imc
zD$|c)G$%qeo#mKQ`u}d67E7G@zgGZ2PYZzaNTT2Yu>Py1f%|pny-g3m|8eRjdc<V_
zco!Rh+UQ57<bVFb#$$1hFvtJH;jDo$M+uL>$zw-7UMUxY$u-8$(P>|EeKHXB)_tD6
zC@mLMB9f2fID@6z<#0!nrWwp}nxfj>V=i{WBLLqSG6zLeiWYVjV=LUssv(onCyC>e
z<lcY<x}D)tW@l2N{JqHW^A(NPLi+Zb8_)UM`UC}7J=zP)9tL!o$vHaTES`(#i3;oq
z+Jr{LAIz8qQZ3U+SiRCXp&_$)qe5nSGlT~w&<=7XMlI(Tl<X(6;-2!eZi6B&9y%tp
zL|n_!15oUiCA&Gr-c760OxqnB7!2a<Q6hbJH(cqqA6}6Ev{(JuZB1y7z{a-bV)3%>
z*UBgBEQR`%hm&8<JRBc#l4{mKRRfK6VCpTTE~%lx;imcb<BXQT`;K$!5bqLvyrLrU
zXgr^<Zb<7RrSy`1;7!Y_Kv@>kN8roVsNUlp{TtIN&abHf!R^a$Rz<2fI1ZPJe^eYd
zs$*IA2(*=k_6CJ`Q1d~eo&WIgq2+gEz=a*qXu6b1#2msBk2rCvp!OZc?xsAXIb_R3
zlE#Gky*??0k)%4FnhDKOcdOKLG5oSTq$LKz!@(1kSxK9QUQXVgsv3l6(~a+kGj<Lv
zr%qlDhJv8=;#9Oq^yUD-?9`amA9G|0rI{irVMim{05}FRgXJ<M-aCj{8mobN8~np9
zG-4LXr^mZJh(rwIq%*GdeaVpB+s`L<CL}8M!j3O<!G3w8TRFAS;F%qM7pu6hC?L;!
zzse`UDv?rxsp}si&G#i>cpOP?NaWd*evtj0N$p(3ddR&aaw$%LaeI5LGw(gjSccX$
zaXxuzoBGzIuDkv$ZK~Cd-`hF}HBg9N`CZLA9fFP(X*6qGTU0DI)pl1|Z`p=}Z-K$L
z`9J$ID<lLuRlkDFpD(-JSKu_tyngPzGv5aIsqX%=uHmjlL<lYYV4_1k?jvSC)Ys5h
zHq4KFT1~X7m~XOXI-o8PjIx@RIFSqa{$lcIAGPWdEwCo|gnghh%^ZDkvs{mv{3inl
z+w}*SWh*tYwl!^SmUOP$p&^heA|^-VLfFA+l>3W2c`6>YmTLjoYwm*h5^0PS7#v<O
zLRvq6sWLdx(PzmUyWMLI(!Uw9Ek4Uf&qap6b?q}_*7;ItWEQ_*u=6cRjsInAd}AcM
z-7m~`E{MQ&?ZK2)v2%_F)^#-{qTm;Cz3@bCSt3(USCe76SAMFoOK2<Xs<|}vqNcZz
zaXSL$SLU_WamznZ?__B08heIm0F|Es579v(3wBdJH;Ccw<DkGVC9Q5}OZH;!f%Efp
zV786I(R*|Bfzpv+!C?akrxCb;{Rb?%RTcq83qwMytd{P<a#NZw%UTW{{iqQl!lP5%
z&=YZ26L~*^e9SL<uPY2|tL|j$<Mba6>p?@4Y*2p8*HDpmSlDvG78)LqDPKTkyB<KY
zvu<N2Kx5d`Da7OTo7Kuke!S>IoUmG}Oh*&G`8SrN9mVtmnXOhSt?;80NEw$x@wP=r
z-N%1aJndaFI>cu(x^F=mo)k$$L+A0GuG_3`?p>DyU!N(AWnA)dFH7*c5)e%#DiCdn
z?f&EL^)b}k@ZvV~i3yOP0G}_*6bAO?X(0|!Lle`CDM|zh|Gb1XR|Oeu%50my8ahcl
ze<ATQnr$E<(QX=QuTdK1K}-(RgFBfC223i|k`GWxouN*KVAK53cV}27*_fRXRaJCJ
zZyPaF+)kR*btE2^5NMuC%<elws66O895Nzi<2|<3^KEF@?EsPg6~M3@SvY|Cd9$vD
zI?NTJXBlH5quF9s?5s5dzJ5v)HF)33P26}DF6-`D*;_UbO)}8*@ZH%#>|JUI9sLmg
znm|hzupe>Oa=r>c&3)9|(GmD`EpQw@Yj*~#rGHLJ1cUG=WR>es9=4mQolt&-^o;fn
z4M5FgTrZCHLMD?(-Sv>rdB0Ysi8=qKppmBTl(Z+U!V31Ug|`iUTH}Z#?oP-#nfPj^
zSaMd=m=7^-bM}l!k3h04r>6OnIe6J64fe#jZTqh;UBqX0h2Qk;R#(WuuSdh0Yu<b2
z@AMMR6k~=?iB-e4ok4O`20s}qcLswj%4m2>-kie!X%~9l@rutj`JFAKU2Ok?(%F~!
zwYEgy#!LB2#kEq;2j;mMs=Fhn4pz)uI_4e65KV8ZLHpH>4LGmARlcXk@uok#9Oa4`
zY;)d5oa>$R9Ho)1k=U8Fi_u6W*)(i=7lg>J)_zO)ZEy+lY;1hNPSu|sBvdTCAM&|7
zc#;W)-Js(+s)A$^Y?wvJih!y+s)hXCxb8Q975<h28}TKXy(}&YGP-lTHMg)%IY&^#
z>BZ<uibu+bSB-2GIz948-n`fe`7tSGhwSTnJRE*zaQla0FxWypQP8hPO>ZYPm$2C@
zXa3N?Ztr<sf4f|2z}TrJ(w68JL`6X-cKtE+Yn8V^{%7~C>JP%@-{8Jg?B_JN<{<}z
zL1scw>r^z=>*iXJ2oR(54u#<~stsM!*eeMhXjg5GhX8N=-0Q$?z;98zxTkqnVnrz=
ztN9V33B6#&B*pf3^4knI_Mi{Ji$$n6zb@C2f=&#x4gVPOxXcf!U;H>nAkc9*F8Qk&
z)y&1hzp$T$>}XM9?t7aKmZGwKk?n;KenDh|&E=zsu8U>xZ+DXNtsL_obrCBv<6p1d
z`>kjD_u!X$op=mnpnI9$3$&zj1m4lw30LIt^KETL-Q9hkarW~rnRM!Q49yNWc3!4A
z9O(6Sz~$v^*3>vgx*EjF`AT$zoLS$ydr79r1jCJ2T<aRosh!~~w)KdN3F>_bmyi)N
z98QkVm20@g>a1B^_sa0S5JNYEQM+VCVX}epp9yd1iN1|VW*n5X)Ux~trNam6?lV7~
zUv*_MG%viJSaY3HPSj27-yHL{KM&!*cpmooe9!rrcX+Z8WNd?h<-<RGWkXT2Tt!~p
z)0IwUOEY(mhYn?}VkO!QI~hohd9?RxXYdf0JUF;!GV*Na_V}5Fr}UM54}q<$cLca=
z#g0o--~;6u-&rcClgql4GJWf^3Y@&TZAEm+`%B*Y_z8?P-T($W;U3bAw`U5^2pI^k
zcB}~dZd1ywHFFR;7&(QD^!dHh4EicjoXZW|fh?5&fbZL%@_CpP7Pc9~O~3Eh<OE|w
z69T-q2{IM%_f{mxRjlvpg5)8Q!+Soy=Ume}pC`u~UD_!d&pSXA@X`<9?(MG9-cKDB
zr8XSfo83=1L~UL$h~H74xIZZ_3Y6+gG7_d+%3fNQ(I06()bHK!hkY$X%}xw}j_k<%
zxG8(2>c4(xxM;=ePOlH}nbCIoEWhL9g1Noy4Nbr@TZe6?__Z2j{g5fE)4x43Bd(A@
z!@Kk^KBps&mvJshW_E)7@(r=;e-=07a}?g=9qnWs!}iLawnj!q1Ms*cIL^#Lw+<4P
z{>~OBGL(sjN558K07IJ0@#>TXZ_%Ch$f{dK6bxFyKZv2iU!WFgJG+=i4pgSY?=a4@
zP{1>SvX<9M^k_|dYg7~+WdE`jZCGh`D&cZ8KS=p0ZGuZSc@DAs-kiGkpV@(**|kSZ
zX!j)wwG(6g)T%FZs%K(<jB85WmuUS$c81FDR*8jI=w;^OS94KtNEsro+@N!z=SIR}
z@aWt<!9(&1{QV0D=h48>Zggws*Mz5>#2b0<9Tr6|;`bC1=06yr<<7PTDtOH=Abt{K
z(m&$~yAig-JL?9CEaLACfmZ|G$q$#Mvfx@%HGB3@)xok4&%IwRNfi<u-LOx6E<?_L
z1maZr<pmpmtd?GLO*9%XlVHjB-_!-4(pU!V6vZ-afTK??avTPJJ+zr&4G(wpjIG#j
zzaaCT=>+pf-&`4PSS;t;Zk5PXnaxJrG%XKs5C_M(z#@L07EX~JCAs(xUOKd&RDQLD
z8VW>8%ZLdrhxrwN)&vomsAb<nGopOFi4mB*;e@h9^6Rb`h<v6S#*xOpX!O#(t`644
z7<Ci)(l0VH$-s>O7GwS7P2Qa-B;p0j+0OIy>UMQoi=gQZn_cdu7KR8pu)v990DR)&
z`W6H6Fe5cg&#~Xsonj6D#RrKjU*vr%rSy@8=^NeN#XRdw-WWvqtC{0`&(Roai<dYF
z@vi+uJkg-g<Rg_ls%+vPoXN?wAjQZ+{@9Opny_YKV*epmk8RsWgGru?4kxC^I3OqE
z2wwTGoVG3~7}?GIf}exV+;$XeM2$x5mThlx)aLAEXGl#aeP8<zvGwFGY1@vc<qsge
zvyTvY&#lz27KM*VdlIWQ21!a?78}Np={Ok(E!wf_MN<EFm!ZPGqQwhJ`Okxd=Pv@N
zcf$^&|G=QZXYQrycgNk=Uul-jNoGw{cOzavvE0s$?*Ph|Rw1$T%APMzSt$18QM3<>
zPkrR$h@_h4yF*$yZ!+G>jYYcOJStoN{4cTVk4L5JJ-~?O72?ruL5Y_b+Is)y)gF8I
zzrs<kZvGlb(EK|-a25OwI3-~w^tG@r2aTN<u9&4<ps#!#cbvV1O}hAk_^eI7v~pF+
z^3x@+BaN9M)xekw3J+Z(J&`DyLpUz-Z~olLJ|=JTnL}B6^zV!F@QFWf-Q9EX8u|;x
zlG`w!;r(BNH2xtSXckQE-|`iTb)?m1OQe_;?hsnt4ZSch_!;(%YTBgsC+Z&yizf?T
z->ffOKL3tX84FUfP>@6xfqk%5be`pla^8&*kEIv|6JCTzWG!!*s}wc!PP-SqeO(UG
z{j|${KXy4}^EKnOgMdw`_5N9yj4N_vO*u({Q?{Y4C47N<0kV_Xdc-V11XCkv4+;|d
zN6W6Yx77sk1<}nn+3szcJIkSXW^ETZSA2VTbiZ-aiuv)!^AGY$V_bBuFV{?Gd+c3w
z#bn#7DldJ^q@<uJoBcKdCs`CauYf2IvNU(lefvg+YU2Fm_s$~pW?I+Plc78J&9<}`
zd3%OwLMY4v9IW<3;Ivu+(h2u*FN&gPJ1fbz{z>XL6eTAtHtxVZwOz#!6CD8&*c^Wo
z_3_20ojc3+=E8!k2xC^JFOYnvsO^DFE_w!1X~c0XS+@hVv(0x1>u&Ga`BYAGsL}jd
zKTGe0g&n`^yX~!a-7s|Ih2O$dG`8zwlBzb|V^RdGA{!P4b8#h&!d8fg{EWqYkaP1r
z8h`Q<+6YV3lHRG+3Nc09p8EpBzCVmz1qJUy8+sta4xviD{tHa)EETayEbn9jR&jNF
zEN4Qa(15T}EGgaDqDr_So#z%HOR&?g>}b59LsxCF=9Ajg=5gF*$J)E6d*5O`FML?-
zr|Fe4jSUuAY7Z-Xj>ORiZzdHh&@Vm)V+kT=8d`mlObNDSB2uCaWTJ9sfeKFt3%W4@
zWTWfN-mg)aOs@yidM7*bv5DBQrO8{csMX?&xu_#|?!ZoSk#nPb`HqVtOl`oxIf8=f
zk6yj9l_;l(+dIUyfXVZn1-z2<eSf>FJKK{O$eSDHcZ_1yl&LG5&EnHrzgHVo`VJ%s
zB_%)M>NIF!;s53ht~ym_G~?o?jV8ujYwPez9i0v`)ru{S{VI9(=Haq==YHtHxVf-s
zkdl>|1bt}B@J)cM2-F=%!sy80BXMZ1Le%HKy|g5_sum+d7BuFM`M!O0;yH*ZiVkL8
za0Jqqg`4`%CN7gosvx+eM!S|Jo|B@edr0K113#25Co+7M^<YY5flxiA{mkf}WTc0f
zpaURo{hKA|%pa9oy78&*WT3~;7U;o+c2$N@9i}Rid*RIyW~*oy7ra(n{kW;MAyGu8
zRfjUEDr}p{Q(CheKQOYiB73-bbMsRn@#<em>iyW#0P3mBEbT^hZ+VNxa@as{Zx;tg
zda|ioqk4}nrDSD=CjpDPr>Ic3@1`TVi;%pIWf+7xpgh4hCR1ASN5>w-P%+VFgSkH7
zS{SEqz>q|V7*?j!t=r{G-x~t56<Y(r7E@ca#uA@-ZRD{V7}^NGnW^2uWZWR`t^io#
zSORtZ+aFMV=o6deshpc2p&_W(%i}Jm^LuQ?$K8H{OfAv}aO4m^%26}(H5|YN&(X?9
z`MCr`TQE0VOyOu-eyG-W5XSwn@f87|eSx;ns^!D;_46yX-23<D2cD#R(MGh3<871C
zlSmKezgFRIwCk3H4|0ge%%-@5e1iJ=N!_UH_{b&4e5gK|%$e{vG7H`Z^;{%z9rk&x
zkr!%gctMWkcvVfg<Xu!$lViULWF+smogqVWwJ5ztQ}w(aaQ(TOl0rL-PV%KmOSo1t
zobWs*B-8az9rta*uD$&DT-GJT$}D2P;`q@%A{_<pQtc2N2|?e2pjx&U5}k4QS{fT6
zWk6D)Jr~j`Nmz;G@V-7164Ho0-Se45NS;$xiGIa|O1^Je&MFS*wPD`$RIIz7`#2g4
z&*2oC7=Ae>Qnt6ff=8pT=DLVOp;e=g?O^}vqngAj-0!3BZZxan2S|t`jaF*4S`Hac
z7BDmQjLLPQlmF(6eLs`b+B<$SJu$&2EOW%L7-n`8{oRJ-%Ju68?Br--m12h6&LO?I
z&k9eg&G1ZV98||zGXd6XFP`0nY5!e#G_kt;81=CygxE2b)O^NDZIxSamS^UD4@%#D
zvEoMyL!3HkR}Hbf7}Zy$r>up^9??J=8Gcx{@)DmC0rqsFD0M7#JDYHZV{9=O`2kTj
zSCuQkHG#h_I+{7Uf`Y9%*Ty0jvie85l9axxs-!~ca_9F$_gH;#aVkd&G&)C%6M&<6
z^>+-KWQ}<ZjUoK|@M`Y+A6XGs=7bpRKGj5uIC8Z_id-8{sXV*KAU4C7&{HSp6rDEe
z06Zg_EOwIktfw70<Q#yY&FEzON<8c=!fZ_oYsDRg#P#eRP|!Qo!~yk?;)}mJ)Q0J%
z6Id!qjukKe3<W?gN4}+2G(d9(@Sc&#zKv#gm>+nXzR(?pI}jfE)|VI{N{VO6O;trh
z!kvt(C(2k?O1DYOHC9OJ%E6J!@^_2unY<KI<+HnJ@MOhYxl6JA!hw;hR-Cx8vLqgN
zDD+uW@S|)a>h^f`9>~ot>1@<tn!tnWs6=UVggTr2^W*F>-lIA42(oveaDDXUk{9cT
zxQd#f5{>T5lbYs7mcqBCNfKLyfu885p+_1Pdz5P=VH~f{{+)zi9?9^c<<HMv>yevn
zvR6z5I7@1e-r|*bTojVr+BnLReS|EfkqXNdFA-cG`1sh|Z@eLYOMXSY`PYFp(ZnJ2
zb>pAAHxeRuyHTr`NqeRMM;s+XHs<_KuFbVWS?_RfjNh+n5v+gPa#{3ddhzKJ{#0))
z_VZ@+u@`^Z;vdWC`kMM^XiZU!Q+>Os{QYt9_n$^aH2Ng!CT8lNUcEsd{(4n@e0D&$
z(;qbQa_OoOigV-?JZHE67@;z>%XF8SVCK(mV#f0cS+h0M;B_rd5nXO=L~ps67)vR6
zd;60$<fK}0(x6jQ);(NxJ`G3m`g%9wZ*i@5QMQ#Jg*Xp;d~#umA~hM_m)NgMrsAre
zY{MG2UcYZ|E`EdNc8_m=g5L%Zyq%7s>?0Tb6GF!IukfGKQz<nH0j-~~rp=zy(~dK3
zuG)?{UFlDG4bmM$0Tc=9BS!kviz^KaE1Rt1u2J9{O)U1#40&(^D6@%%aEVij;(e1I
z6_L1*DYA9WH*=xv&sx|sm3xenk-B7_mZ3W3dxUYk2S0JNbG`jbNm1PCk5ogB59rJF
zrlZ!qod}kp)3U!nZ!*O%t#4$8!mpME+j04b*h$DK$;pX*vJAdya24^y5<`pmx865?
zf3Y|5?G>(kmXcJ})7)$dZ);Z7Q^16jwx|lH7r!7QaS9)xvNjrS`gHLArs-u#&CT&=
z7KOhGe5r-b&K?aXCX0yxuh@ks!VFvqyYJkug+@LLtVFwpyKpKz%$80ovkT&K)hLnc
z$q&>@*6JXI-Z$k*n|RgKG>SyWk1JjXsf&?QSC(Ee|FLWH(#S$O{xRU1%{N_YN-nI?
zS$gM8DXn3~)9tz?<tjiPmYjLB8@XP$ke?>RcnCk1HEQZr*>WPEtFz-u1=Oi;KC;R{
ztUwcB3T2ZO)`|>BoL(GTUrunlEyv7p%vHmT&R>bUDz%1!j88+?AUl4U=LuVqDVn^#
zt6`DQxSpj~C@nxj&)8Ib#Hj`YmGAVz3&iYYx6OqkB<Ms%kuv(IcSmg+@bDyqiDqbe
zAu5>ONoB6a_B}H!HYPjT`puY3;^8p>JK;e1XL7)?RG;_?E=izxklh?)3<n-pM$ijE
zV_$;nsp6{3E~QkvzJQ7|eB<xmpCy!##rh}sTV|)~M^EPulZ`2(p)K$rc!X!!Ij>+y
zI$h#d{60ku3+^J%+(0cMdRU7#vYEFZjq>sOKzT6Nlxn)sLjOq^=t#IH-fu3IhnwJ{
zW2&<eU+(DW2z0+IuWe)d<0j$$agYofCP}ho<(H7M{C0kSQXT{mc5p}pM6Lm>)mn{N
zzX@m;D~^_%o_^jsh6cz>Lm1}!yWWI_WjRVIJ*D>*{hg;Zk{uVhJgT{=UXn9DgI$!l
zU)p}(nfPZhFAm0_6309=6V+E&(jdht0+!nLa|%AD-L}P@R}2wDJ+=QX0zrxK>$F0q
zjH4_zj;m}T?+<=x*v|jszx{w;7Ja*;2Pb`M)js21J!rf6^A`-M#}fD#oq7iv>BPET
zUxdlGbHd`I&gj7I;56jV%9eGf05ueX8kr65rK<8m9EZC(cuiIOw<vgYp_4gzjKxyC
zRQli3|KQih#8JqOCm2kOKg<}PXT}Ae20WEK?9~QGp22c2hn_`#1lu!z`w9A*SE7ca
zhNY3H!fj5-@5I?>Izr8d%d7tATR6$Al9gguDjX7yYJ9mSJmJuPb#pIZY923VH{)gR
zg?_q4|B24h#G&U$8gM~kXcO;2mA+~yW4GGbz(+?OqzCikE|Sl08Y&=~66_tTVc4+g
zk$ufsFX?+-B!>=Jg=S|$r^2*#)YY1(rIfDZ=kTR9o2l_KpHL)&JVS;(m=nP{xFPx=
zcL8&6TYDh9-<t-6Aa!F7zO@ZChwt1ypMR7<JCa&%QmdZL-6tj+8J*CR&N=NIr6;QP
zpMDJ6v1dY!K7;u?<3u#8?ZMQXC+O?Z!6o%QLOHcTJ;?V+Wy|S9#t!q9U#-%u_+`r=
zOrwOg&*Jh?%P}6p?5M?SaKa1#hzx?YT;Fz?c(-Qcj}!u(_k&<(Fyyh^Y~zI#|Fx$X
zwE4E#53<v9f^i<plj?mAND1kqwH9Qd)`d$*aG?g+D+oEdKsDEohY|*h<D7Y`Fr)f!
z*rXLZgXSAA_R536zB2`qEsT9Y;Ts8w*|K=~&(q_Ulc7MLCz6iGJh}mO2n*`!bsgcx
z&tWo^eSWr$jU#c6H`SR6=^>x@f>GgNb8xwN3{&DBe8&;(bK+gQmaHm>TwM-eCngjW
z9gZKx+=TAxK%v*Yp_^uQ(4Jy66j@j7S(g_GExTE_zi)-0A<&~kX{!VQe$G@VIvh4|
zi91`IH(~451Z{9IGi`!4qH<v{uESzz%j)BWdP-oP9ew<lk0-35P-v}#ebB@g5q8e#
z3T3uWgvw9E)-EE;?zoBkMm+4CQ#Q%qZ`c4tS;QX}PkE|q=lOmIq2RkY_JOE7-iMuv
zMf^W(kL%XKuUH>Jm%YO%AHw@V*8fH>QW&$Rw1H!o1Fb120$?4L_MA3+Wa#WKzpvi)
zL$4<(MA^WcFM9&xD+ra70$xc{R>FL*zCD4#U$bniQI%tiuc2l?jE*DiF1;RfXU!bI
z;fS2s83)j_C-{98LIlk#*RG!Ap={H<)ppRLhGbjP=ong0FKqF?J{lE#B@`QzY7*!S
z@7*zl>ze8FWn}lv0eR>1OlB#25C;0XhDSdPegnMB*aDT<1UOif9oIa^n;0wY##{M*
zR{u*3{swcIX&(y1Ep^SyZ5c3UE5_r^mDb&B^dqIhf9^@q;F!M2N9FrDmlj7WO_HUe
z136B*XR4JzVhQ93k}xjv5L)}@N~xvo!LLT?OiFw8E>)e7Y_a1)oK-B40$czl<z&}u
zS3B%GY2eYgVHUJ{jn_r#slq&YJyuuENzI;@k~K<peSwEH?KnrY3D?h>p>vgE3!Ef7
z+I4whWJejw8RM3*{R%IZ3F}8xv!oV_QjSr>xF>l4UXFSyZ7p=riR5wSRNno^+vrl3
zvDlz@^P;8icTyZ@z%gU@M_FUu93Uk&5q))Zf+>eOVCZ=U(8wyo4fw=(HN2R7l&=ss
zw<sCPp+=+h>G$QO;|Fp_BC?4~r56cA7OGd0>{Uds&q0fg^-kDWF`vAZ1}LPe-)Ke?
zkjviO4eKY5=D;@ITAXuZ>ElvyEO~77q)w*MzN=g6@UfxJqtV;waPg$Z>2oT2*u5V9
z`*8oEn73TADJRcBjzpJmNoA$m8d&ET?L0cR=dklG=$Dhm!>-O(f+U--)#e|Q6uTFq
z{G#G=ba8QYMma^t06hL}5)w2Ehi`G)a}pZ7{^>9FWs~KhaZIjHAsxmB{AwJ;_SC1x
zrdO%Zs*ZjhK`uE8P^tVdNPLP*uO#_OZo(oOPLJyZ_<W;6mTXD{2&Tu0#});I)GT7v
z#NfsgJUS(?(Zs0Ytzg{(Fg?8Kj1x5|+R3fdX{sl<*=p5V+{6?DIy}`r9yuE*MtyBs
zS3|X~1a8S}ZX!)`lZB6OhrXN^=lmjh^>M84Wl>zT3(%^li2H*oQP2m^RQ=Km^!5p1
zZdR^ox|xxYnDY7bI5``xlUX*=tH`6kx2UVdsIQX`>zoCjPh&f+JAe5sT%vrUzU-R$
zS9lmvD`|5T*;I}I#)n7zr#^kkj&UZB#|OIdu&KDkPyh~~7X=)s9@8yd9ga?GoAwm1
z1GA4GrPj8|{8OF)rB#HCrOedrM#O<5C52PMw*3fGQ%(YlKs7C-!dYF85!LQQ^Pn}2
zHuWndYN<*V6&&ILx{O>$Sd0cPX&+}6bht7pf}Dj=^wF#?3yT~Jz``5q=g8(mE{!!d
zlwkO|iaFU-Zjji6h2Ygrw-6WkxQQ5fu}-m%Z?PBeqkXBHfL^uhgb|a+maYcWtDKPi
z<Jrx_pSd5xoPWvY*T3nTnhI!Dxk3g0>le%5S)9K~r@`K%E_9=@`DcHl(B8oS<)y)g
zZIL11!hJHq2g)WB973&;cf`cB8<s0MGai(yI)B#*)BgLpMH9V|GNpg?A^iojJgl?t
zgWViOtR;dyo{v^X;6v-7+0__tc(m-u6HM<-EY`Tg{rIAAyksFx>VD+TNNDBvqj)>w
z&)#?A(&Iei{z?-8;fp*mOTRLwIW?A=W3~CH_!@L_#9Sw<8uHV%xjpk5^xM14fl$68
zNo9R`tY;tW!1u2VH;1=@F8Q?TF{wQ&eL2<q@4B^CjV0c4MEtP${<dTnzEEHV`}i7j
z^J=|uFZ_DB0dufDauyqNd*=xi1C-Xs;WqZ}27vA2wDdtOox!tq6d@~PTr~|=R&JpZ
zfPe|Tg>U%{hGQg>MP{64TI+@KX}RxHL5CTfDcQiuT*LvkOh!v?u2?-Rq;6SRnOxr}
zF856sucsp+-S4Y{=2TxctoL?&NWe)7%Tpm@&sa@K-3sMTaVhh6MD3wu*q`xVEb?S8
z5=e4<1uQxy;>7-KRpZj37FAM97u1o`)|k=gLgw(fn0QJVd!^G?NmbQY6Ps1?G16w&
z(w9YZyg7bMNxl!QwfG(}T5{o*=<LQ2pS6)LW%*A3zY*x(i6i>^UmE1QSI-Pfvfg;h
z{B8MC))@w%!#deSXnvGCL3>N>LZ6SRsd32)JK>58SaA!z&*K_1F*M=ksTF)rpPZ^K
zMDzMv<|M5+R0CSy2;(QNFET)f^tW($qJx71_+q(b*Njy<X<S6RbPU^gYt_x(+>D9t
z75x>xuS`4w#@wsf5q~{Bb}pfV2$fK8Dai80UUsU~#e_`8NQx9bzQGfFw)oV^n|7kk
ze6oIJMq2v)7JpIAC$DBM?fRN_7fY0Shqb<Oz7*Tz?pfl$k$()O`U!8uAGd17l6Wl}
z0^RUq5><+v<CFMl>YW@va98<MxaOG`J6YE^6qlO)B@qdG`>gyv_w1kfUw{AY)D%`;
z^Z9ce@s<25cY<9O@7vtCBFET@JW}I>Rn^#cl4oU)W;qql!BCGi4oRE*KFJPOE)7aP
z-oljXx6zu>!j5%-w{f`ss!68Bc#HTxZ+(=u2xJDMFYJ9;uuoJ8fH9JF+1nnbi^5nR
z7B}iv*T&CoiJh&ny{tI6rS%z8AN?+JK3S?EwxlIBOn@5VCB~%Gq}&o%$`jO4LGad-
zzlIM}6SI~1rgdt?Iot`JiBQ3h{J-A%-Jbk;_)xrSRWP6$g?@JN_snJ;+6<}H@%<L6
zRzhLyDWvVG&DB)v+RY_$8Qg3-3QZ4=HKH`lGSWvPIa>~4wbQX;wrDDDhC-QPRgZrv
z>lf?Zi|J8_n#keDOV*L)s4DTqNc&tm%F~gMlNic0pHn%{;<h3m8=p%C{SMQmY*hI~
zoq(k(y{3W`EY78$)Th9oTuQD&P|uMg2G5>)-u;XeS=1c=d?Oyv_=IS(n!_@sjxmo>
z7~o#=5EXQj0WSC%_R#>+dS4OB7*qAikw>4JEokumlKfQecpwzg4ECVIeV?d7t-A5|
z;9e%^1DFV{=-uwj)n3(PRN3a``aY#Hv6zD~`SR+?gu`8Clsld*`_bWIM&9SgAXN%C
z9L>7<U#xht1O~+WiBotZqGVmz9ww4+U-_HF{u=7~v%57pjAU?(=k3tSW8xE^)MI>)
zNLSm&G8hW^b^jatpSb%%qwJ!h7@%xi@+ZR-$uZ;VR|oV!hxmUR>@R=)`BOw{7Mdxv
z`KOR>PI1$ezX?YT$0{YJ=r7(Ib^ibEvxT9m!PHwFH>H>(xtf>n74bRMpQTEDfOqnI
zjD;3fY+2M<G#qgJ%12o`W|s_S<BiN>lG68>*hK!Lnun8N1J1VHLLU?7&mSdmswfx$
zQnQ_BzsSiYvpMo9ir(o}>R4c@I^SM?|CzBO^|2JWJrU-=6DRDWqK;KjBg~i>M?tKe
zq-+^8idD^+#crMlP^+1)10lELO?plfG(bA^$1-5pJdh`!W%e+DIQy(6_9=~$4JpSd
zf+N*%>`5=TVV#STp+CDR3yMbPOQR(3qh4O?1A`1NwqB<+^A0ES`Y3R}beDyF(5lli
zfefP>R1CMs@FIBB{;!S6Z7iJ(g6qAXh!w}8Yl|#mnK#bjue$B9o!=39<|x5pRCy&#
z^=<qMFASqQuz|FsCGARDUUBj2%*64=*}h+aqhCQSIh;Ie2<`lay2_Gn71?-aJeZdp
zPqF0-J;n`2YcFzh;{l%u*gI57txsJEJM_TyXxu{%RFcb1>wN0EM3!ebjAz(-_OJKe
z-^PFciTsA@YXzzNw7ZAM%7))w*p(N*dExSMi#VFh%rT0}aw|`@9);aT9xePo0QNu$
zzlW;?p2`7Ypv7|oz2L_=;J#uC0mxP_d72N0TJYJhlNfD*hW-Nn`dhakK=<B;ZV+$H
z&uoQZ-rr|tTy%-%X{6HP<R;AVn=P|UlBCEB3sU!cz4yN5hRRum9hdjd>9^<d$7K4$
zFQb<Q{c7TGXV&jsg?1SRBA3l_;x15q>rq0>kBb)!Ui5uCz8l?|uO(X2=@*wfv4NWO
ztmUU}#+}^`{A7C_+^hD;r`4XRvNi+CEl;n#y(@M)J|WcSd_daoyVj<<UfPDOM5Phg
zo!NnAsJBUXy1wt3=zgDY=eK?tc8#Dsh>XNdM+aQwgv7kWy(zR2Sl%C<=?Vjgr>TxG
zucOOsTFl?GEO))=<iDM4<-wm`9Q&qOEvA;TO&&(m0MmC-ee~@c3i3eLZ-j(K+Y9fz
z-FikK$HfnLgo;rVL;0b<Aomy34<SBzrVct9w`@5U#KL4oNG>kCH<*)UVo4@ib>)%g
zW%ED)6CeQq03P?f9`~w!?|30Lm%ZKY?|aR^06;(h9&NVU_lN)iw+*_gZGiv)`~(42
zLGL+9B)D)5w*1^TKA;AY?&r!Zw(DpI+mm-m4<UDBvWJhu;pciL;=fU_pTR{g><hhX
zo(gK3ItB`;$0h+lf>F_uX|{o;wF)%M_s^1YYvo?V5bPb7pglH$g5)J_4SCt^W5N={
zRjF;VFD0FJA4Ox?+d_Fd3|M*2RPloC5Zge-x69Kd++?3;wi!J*_H--L6?b(!nA@zZ
z26V_n+Dm3&>sJIzJs?mK5JMiG-09yn=JnIVM`h!hA;G2}a8gIzIg8-K>+%@6gEHC7
zIMuh9Pd8#c-Ed^TJc!?ocZHtv23YaCP44<Pg+hXpP4)XpvIziz;DJb^OrmnKb}|u4
z(vxikVw<w+HZ?^yxlH6z>gu%)>C)=uu9HG|%^J&AR+&jf#L7$wh9Y{^4c5a=2sa1}
z%*PpEusO?1eBP!g-jR@wGWFB1GO^^5Ok4`x-a4G;G-;e6L`P6Z2vkhvOu2%nYNCdR
z8l>dB!F0AN15Hy?TCx#WaLmI|X`6JnYKD@#ajr$Z6s{w=Dhi@Fgd}e6j-(r8Rv4yH
zR}4%cH(h#r&pQ6*Cw}u+X!BG=NK#tJDeE=Kye(?evvx(2V{9}UDb#I<+YuldXcmic
z!bx~(QL^yUiOXfPoXO$MjW>?%18K&fMI#9*mO)HBR`(t6+_wk7VO@C+$291{N{7w6
z^ET&s-cFZ(n(h1<P+YeI?=3f4egFxO43_Rab_(b)T#|&Jn_g?*L+WlXz<bBN??=5p
z_r2hR+Fti}yS?u=`~d*~0C~3CZ{8pV+DZ~CskQ_F1Mm<9RR_Jg>btvz0NZcP!*l8Y
zNp$n{cTCJo9WirIl^nQSCEOO8QKn?J!~lc}M&h9e`|J!#BFZHll#be9@JvxR4oH+b
zv59EnxP)mP6p+LfT2`6KOn~9geB|ee3XBCAw051Iy7K1k?)pzj$Ch-vquY3KnM>7M
z(@kmV&U1uS-I$H0TCl~)3^WDC>_pfh*(Tt*K^Au`n}-ugF_t3@%OKh@TyX>;rs7H5
zks)mu#G(b<xDD9>f@(|4R9;>L?KG^HBsT)ENL4H_V2rCqFzs0+Heq1PLAFR}+cqxL
zu*7kOVQ>jTR$g2L-7HKi%KPTW7C_7Ys-an){UE9PFsdTd%D6;Ri3%vB%QZw&MGa)K
z%(96%xU|I8RYbL)Fa!E`)E~V4*Y>;L?RBsZv3|nueRc0F_q9<>Apk|2Rkiup*fvvW
zD+ZHbrXf~kzo~P(uI{-*oTV5>aH)x^s%|E0iU{Fl+mUlRxfENwh^x1Bz^Di+X#65<
zNEQ)4$NdT{^8^Q}6gUCK6eS!0Q;Mvpi4q7c2m;Q5G(x}{1VBSa1`UI_1`xwS-_iqO
zCdd>ZR{%ZGu9!kpfFc1TUhqQ_1SKAD;CsPD;SvMdiU&MwLum*Ef_MB#nyMI-85A;F
zTDHq1MHEt@m6*_g@xk-IpT3vz1wiMPqo*vAuoM`X#Ab%END@hfrpBtSh8O|x5AX9o
ze!M;YdCvOX|1@r4hWYsO<Q{VmHRoOmDd@@w5WZA}APoRnHUyQHrqXPKNk9lP{}tS4
zHQmb^s+-<8rY^Wq3JB#us)QwkD2OzQq>E!hgIQ&PnTZ*XKMTlZH~AknDY#*K!2<#n
zferrgupOi#z$YdOV+xW9&a@+-4vYbCA{E4bXai88DCv2ijSHkRO9q9|ImDap-`Ytr
zh!n<+Nl8NBqJMsQp5M(T!2c>JAGFkWnPX*?<U)!x%MCc#%`r7qMrZI9e}{>F;ruT?
z7r!ri+<<Y$`{$1A;_rU;dD&k%n?)WVa%chw2!i{TWLCklNoENt6m3QQ^ScQ~M<He=
zs;K*csDg_m;^7SB%3AJbtxA%_fQVLMnVD8Nl2ZjKuoG~ktNwY$#SOr$3T(g}2vz_%
z^I{xl1URO^{%>M|u|t9!RNlqdIu2+@NcFRd>;q_Kw<F&L4k$nkuPyccq6~~=DN$zF
zv_i#7QMCo@?|yfz(Yy3iUrqCqQY^T%Q%K`fB{3{nRV2NH5X#$Qzw7>g&-&5)4tsPJ
z4SZ`am6S6600aCf?nfG;%BrQ@Hy0GeB#@}IV44jZ7_uaZnu2O-==ce>e?x)~exHDx
zV1e28KYri?z+IfZ{u}_}9C-YalVTeOH3%99OM#<6IzY|up8VuPlz$u$z<n@76y*JW
zj1tPinY3yG(WxpdrAa{&5d@SJ2E|vy`~6P8Wv%=D7yM>sW@ZF;*p&$5M2!m4nKhFW
z3bPQR#4%zr)JT#FiBh5p#H&h6RLqK`B#0gwM~_h9fAa$*{G-qL*_<`=%i8*eW_k?%
z6;x3qsb!X-Cl#cGYG*2{ox?R;L>C-IRZ>`Dn5H67?~g!U01gB>(7IRrV7L#sCIQEz
zn-DgMu@2AM6JT!v#ULf)1RPa`f!AW8q!2mo{P%wPJwx{-KB?h*Rbg3%OCqHbIFhrK
zRZrK{XVb{}@1K4BixgRt!^-_3okG8fXpo91(n%zdXlRwC4?uRO&OEj*!ROaPnpf~J
z3=^9)E`-s7U>bv8;C^78Y;(WBX*D6Jc+tH*s+|Iw{QJ&WpFaH#JuxgY!qkmZl#3!z
z<0`Y2RZ>8Q_3+OxJU)K+!{O(?``=~(`;N4&i!Ds$Ra5H>)f7d{rK%DpOq4XAnhs)O
zZ}tFM3>+UcnnPGS&<3YQVa*r>{l~=s_y`WY<oTYSD`E5VM){z_7>Fz}#%6^nS<0%T
z^Vh@setY=Q{qw`nbAx;Q-<&@)12gzvk}%BWRZ{L|qfD%7Ai;)UGBGt#RSZBH(e8Mz
zpP{}L(X9}7#?2dyW^Ad_JJ&cI!wr4nI^i4VhynExd-><zdfL9HU?6froP<$Eds+&z
zrN}{Q#W6@Im7GK?BNd`TXC+q_Oek!WprXl|N^z{o%v@HKT9j6jifJ3&`M)=yziau|
z&U`t?>^>aWVe7vS#LO{2N}*;TNg7)!5}ZhCQEFAa5?~s9`dEBFqduC!mdG$qn4Lkd
zoZ;B22hkMo=Z}Y1-uv4y%=|xdr^vAq#<CVxC{~gQNhFdZ*?)b^KeY?{Mt`D8o}354
zHg}(%9{u;9-(*RtMXIWPh6lc94?e;7K4?15bosWz;Er^-8NDAn!-NmQ5WtY)K{u=y
zh&&a3sG;C+@@E;WKN=sd6zJTzDhX{`g_3A1wiUW`OLiRPu5UH%&CbVC*yJ#9w{W!K
zpxlKBjWTY-1kffyVSz}Bk)=VyB1DwzD^1;^Em986sKSiIRS6Jg<8&%mwg4uCHk~n6
z%$8C%0E*pNs%e?5Zi%h{8wYy#u5)(D4O6w=x;9G}Eh-eOST36pvr0Qxb!AaCM38FQ
zE`p+HJB5mbGe{9C5}R_vg05>jhd8|Hz&A@Y)1{({ok<3;?m_`bQMR2Zqlr}`A{9Uw
zY0zSZg>aD+$QlGG49rIhFvul}A|kR#Lkb{F%&`WHTOG~XbhRK_%bdFGcRDK-Gp9P-
z$(7PJw(dEDK?IOWtP8L&<9Yml)C}+NMTfHQ!g_cDI@Wj_?P(7WcWKfn4ipEuBv#8>
z7{k74I_4Vj@7;1cfOHZFJ$f&l?n|XnidvLZs7AmXGR!lWd-D#3I7)y-fR{dbz1gk%
z#I@&q=Y4h4t606uqTyTW+sqf9tgGIcTke7u?Pj%c_mt3XgEu$r`R~LWd@mxu1DiRv
zHus)dx87Sl3##Qhq0g6;FF5jj9<8{9o=o;KXV|+k<5UnbyeT4E_7mCfPrAEEpxhvg
zB4=-WBDt&guA+|UzGs_*UG|x_<skYeYEs4S=zfqKW?!b%y6>kVXF9#BJwAn|(H-mZ
z*^1k`*3mT`ww3w$^Gn`5023epNB{#MJyq{}-uI!lm%ZKIOWyZ@0DvR_1?Jmr`1FHW
zvAZ&GfFuBIIBojw!`?f)yS%+10q=euck?~hzWeRI`Ilaqm<Pp>lm-GJRFABDyj&YM
zPplT~nS?bVpLcGw1HIawFf1q<M@vy}y*-1tb?&nJJqS^B@p;5r==vs@8Id*BORelK
z!Bbkk*}LjD5lLv3ETuIQk7t&xI!x`7>SLR@q;B*#&)e^J3@8Ku_qbSaHc0AG9X>K(
zR0;0B%3#{9fwR`Ih%6g{Nu)gs%F0J^4TlGV?v}yv%=M>oTzrNThC^d?vZ7+~-M*bS
zWSy1TkmpuxI(Z!(S-tVyy>D(U0}2rVB&4|&MF(naxfYmO;6D35JKvMd!$+BsBiKQj
zVO5dK71JOiP*B`7EOw}~>hL#%n4+1%MH5WG%MIGB*m1=*QqMcavos9h2nmXdmSF)S
zmJU@&O*o^OTpCbys;YAwCoq>rj1UJ^ATY~<YKowVnC|L@yQ)g=OCm8)CQ9U4E(gnh
zx%c1Ko4FjJX0Kak;W?Q0>XjLLHJRzX&fow7WCI^t%%|!tQ)`~V-Q=M3``%$+LRHuk
zrk?OJ1Jz#lz3+M(X?xw><h}2B00;s=0A6jj-;YQ&n;Wwy2m(L`(}v%!>^<YVySvNM
z00MB=sK0yO?cB*Gd)|W&%FQ(fl<fu_N!Ta~Nl|#4u%Xs(p1yMj+dd6TwX-jz_M6wJ
zF8gfSe0Osdq1SYVi0@%|Bk#+{)16TC-P>BpchLlFn%hA#$GcVA6Op-Z9piBaPYfg&
z%yLeS9RbjGORR0M#5WuzQ!eeWC5Rb8D?!?`cVg5nMigd+E0=bYtG395wpg=7;Isx}
zcAiB+MMZ$6!Dbt72IZScM&Kb_h!|zm2oh|<QngnFRm-Px=tvkP0$~Y>Vk^6|rPrq%
z=W4Ne*!FWf^S(Ypr{PSoVl!DH7EuhNEhx2BNCZ9m@8M+cWz7myBLrTbV(y?c{{jj`
zTB${<s;_|#W($C6`~mmPJ^JbW%Ra$zA*_iD4#W3{FxVf>3yU9c%+Kr$%+EaXKdk=M
zQ?)SVNhql*luERs)m3?$iKpKD{{7j9;r`Fd*L`4TP$b$_%fSfX0}!ohY0qcT5PxV@
zr538GodHQF2O(aKtIWTdh)x>N8EB097|X9TXyE`ps6BFdotJ-ejtdOJqGK?cr3q+R
zXDVdGaY;%^rEa;+GlO>qE}V83Yq`$FX+^4;rbi<rJs)2(JWqe8f4kQ|nXb9tA^Fxn
zea-iG^a&~^s;aLnVxk<BajB_7qNNt9s^Y7M@rVK~^-AY~w7@lo?H{!L<n156W{|r%
z(XGiw^ttn_Q<2UYs1JZ)<{tfeNX&!xdHmH-s{=Ahi48EQOG+(OSDw@P_xT^+-%nnj
z(|3&u_|t&?8j#3&(9(avkdj1#Qc9}5;f82`2gUsEaKPRMm)>E(4SBd50TH0N>#xqQ
z2o&HL9TKWHWBAyaopQ^#eayi8`}ue1{QmaE0}}-`kc})1!!0PaRYE?0efghHb%(b+
zx0`!AfPSVOaL=i}pgwhg=a7EG;*k+ji&a%x8JWLL;qy*siG$?7*?V*iwin1sp<f^|
zw8hFF0YbBW(eZlcd+YYc6(xkBnaL#)NogRIl1VNf;sotS-JSk@-^08wJM;tilk!DM
zEmT!saKk<DJ#hAJUVeGiTn*#R#vOBdN@eoQ`GRx2ALG^U>tUqa9ZH$#p{()r`goFN
zVI^UiSy)9X)rk~LDp6t}&Q2tdl+95KRaGpR!}HhG_5Ave?)^WTnzi0}<(_(Tv*F2q
zm4O*W3{*ryRw+>pF;n+5TmbWd{Byj|UBkHtGj{eEBLq7mywI9M=j{QZ^LkAN+)NI#
z?NB^9^7OAXy@2oT^Bl}*Rw`(irIxa3sv)MSvOo7TTq$25zu)iMUO?!hx3lUWz>Gu?
zNT`OGslDcAC<Y$R2h*FRe^P0N1?C?#A=98Upa<tZR(bBPyvK2klocs0GSfwZs-%rm
zR6wLsNfHr1a(CQ6A0wZCr_<}M>G$y@go#>GS|O&Xx)>Y$XTr~pbUyw1TRGdV_G~0O
zFwMy8wK4qq2z@&94^8>_Z_V%Y;}bJW3lmdRvlP`3(^UDJ@AJ=}-23BuJ^lRqucNE_
zq_k8+O;hO1!@Hk<I^m)7hcvsGIAQd7LmULmaqK7Njwecawchu*;WdKzfE@hb9~;b{
zD_Tu&Ta9eWkIOW7uHnKvX`#;UO`930cV73ma&sMkC!26N&hg<m4;~JPhbVRl8gekf
zfLwINo3jIg&<F~u4VDGO%J-(2ammg&ad~e!x?u90P(<UauCc33q&Idt%Di1}a}Cuc
z%WUTG7rSAq8%`^!IGl2>?{*7&5b)v%bE(bd7ToL|6-7?>cY`RJm~*bWaT6RwK`q@d
zHn0fDa6l>+t%7JaQ-&xaP0$3;qc-RrZyiaJX6#hoIlE@3nmN0WaKdaGdBZsLZo$%Q
zZtl5tfJZhI1|)KrBFh*eV>2eiAYu_1#YJYEoQ8@S5s3+EG1GL8E4JyPhjLQ7kU&rf
zRZunTPx1a2w}XfB<KgctbUnEv_30L$ca|~O^v_kEv+qz0CW17G74KzdyQZPIk;l5L
zpFs-aj)g1Upf13w3EZ?IrAz{$LedBYAOe7;i8DdA!v=z`*3o5xj1tY=5oDkCE64#1
zeb|{R>rb_BuUqwq`v!s=PRR%{H8gzZu~=oYGW_YpXMMfeS;3>(<~@#i>UHSSJuu*+
zYT_nmW)U8hehQPODy7s`Gw#{b+3VwxDq``~wN=hOs=n2J%4fp>VV>~|)9nP6^ZUB6
z%sIuX8JzN6i<Qmd`*2Knm%5c^dEc=;k5glU()TA^&wM-2aHnPydAsP$(WsvJ!8+x3
zuAH6p#(I4Ze%~h@>JjO?J2Cn$O!0E#S)KOu9{FW`_VHJ1-hvw$hy>b@<+N=OueITb
zOka5yiG}0~;Y!b+*zy-eOipFgWliC|tU%kB<InHA&JRx(e91>0kVqii<NM)LDqmu~
z%E-9#;q4X~M1ARZvSjArcNdZBPUdabr287RXU9(1f{o^JBTph8Gc!d_SHFDTo;?ST
zj-Rf{z^?8--ulMWinoFuHJiNQ7>1SAmX5{8(=}G2s|r|`m;e(X02BZM36KWcblYNH
zNhR-l-T(rsfS_q=UT?>}?|alW+1)%}uHTP)-t_=B+@*fIZ^7?2l1X}-01!xDuKn+O
z!zA<1q!ZV<GX^}I)yqQUH!9%lUc-!8`YG_iZeg%RjKQA@zyTCNq5&24<>nOwO@cdj
zKzOQoyBK`?-Ai@*psa?_rGpst%n_t|^x!J@P_zc}?-~cTQMWw%m76;cCU#-+W$@Lt
z#B+9a%idBIZ*1Xhb@0V#xg);2cKzzK6so%0Oq%U_9~_i*3~1nOVk)<T?e9ZvRYIJL
zK||TI1NJH$Fy6V(&%6+eD0sdPn9)3Egq{agSD;zLtHV4Q3kb)J7Y~MJVtT`~?3PZb
zK=e6#(3|kQ(`e?q9fUGT3<Q#{j1gg)NetvPfN(*$EENJEKq3Jcghs-_P%|q8Mj=p$
zL3ResMX@$!76=SLgAl0iD*ynrSR%v(Km<UpJl^@V-aUHqO)PoN-~rp5uI-qxDUKaB
zSl!m8RdHgKQ9Dg!=}M}qt4)(lRZtYJ7G1Te+|Gg-yD5aaW>W0qnPo16fe4OiOM-PI
zlCfRnwJ#~DRaY=oFvBz>c{K8KFcu*~Az~5CtOQPFV1y<ZB4!5jX(%*=zz&#mS42z^
z0OYZmh?r(l#%2j^R)~rbs<sC5wlN6AD(@==Y%V;TGl5H;F`=-~Va$XL%-KY9G>A70
zBSTEnM+^ZG?zNy|I0-8hz2&ysmM$(U$4b?3(MKa$t7ef$4QY^3m6f7ORoZJMWmjgZ
zu7R0`Xq&oIis7aj8f`g91UZQDRi`)?3sry#5D5^3M#xmc5nzW-RA4G$2!uj|5UF7-
z6g1OKGrusmx2v6W2IiDe5M1*DvSe9GvURs>V?`tpw?zU0kwBY?M%yj`$xT3lALs&-
z+p_M}1!Cw}xNWOeL}7+xktJ=q4cUS@Vy+_rMMQ1IWwc#}{$9Ifc4w~aO;>1d&szAM
zyEHBEZr^GazC=ypm%BQ>dud$p<)*fP046{;K+J->c5&tVwyWLbn?rElf**nOeM+WR
zsjl~*Hx0JiZkudN$tCZ28*jwO1p`Za$$9t>dY5hP%ddLhk9*$r05;sEe!FkM<h#4O
z-lo6=5*O>gd)`iaCyYbuc>H6H$SuOfLS!<`yD^AV9_x_C2`oFn)+z>O2n7N(h~{FT
zW?&<hN`)Z0%+_K9LJcZA%m58$BG6C;3hP_*16)d#R-A%t9}~`3H&stwbDU8<M(ygA
zee-mxsO{%7nWCQ4i6*#kx}*~ajUx@3O%e&yh1QaZxUH?m>Y=1Y<5_DVdCXAfF=-v<
z2%M}Bb%qO=9Pv%nzzwAZz}n1d7c&(vH@$9@EVXH*Xjjf>H<eVDZm_`?*AkZ67f}F+
z2$BgAyn!?cyg6a&y+LKpmPxfSD6HdyO_0(}H64{|0+F#1Qo)mKI51_Gmw964r4lxC
z6fo8h<PF@HcAcekZsufhIB;E{mSwxQ6o9&86qj}??)VC-6y|1Gv5;$d8UdF<yrAx7
z6KMpoS=oXdxJAct1#E<rQsPZCVQQ}<cWlWn@V5>3D?+FULN!2lCO{Heb9!CFRYAPS
z1y$fpjK>0`s8t84kSGie1F%^X1zzA=EQ+C%cW-whDJzAyL119IWCJagb8(!h>bapq
zWPU)DjRHtZOoUY=G_sO1(J4+#2~`ZDBqKwMOI0e;tyL{d)W52p9^cQ$!f}JozlPU-
z`mhg~pQ@rOjzbhwQnLiKym8&!9mU7hvXWXfYhNFJv-r;QOt%O?qw^xoz(D~D#SJv!
zsl=D;=7SDIRQ&ex{LOXWf*4<XRYaI#$W^3e7MZG)RFXguy&4ODf299k*EHBw#b56g
z$32fnPzFEMB1*L=wN_meT+C2d(Tq_gjAFz@YB7vxh_Ml)Vod}<Nd#e-tNC4Dp0AqC
z-g0`xd;0O9*FvVf?)mf2&7f=H=6y|ES(#M~l`Nvnl+%j1HB5_1DoGE2j06wA-!OpX
z->2v0OOzkmM1`RH*PeazpFQyY2ZTzslFW-$1!;hp0C~4iF^$fHCs~2_N4whZI8YDI
z&(Gh#zjycN@Wc>NRW>Npt}9fLAe53p8t-lYr|+8fFKLslZ(RsV9r^ctbI+eY5dIZi
zf~iHSiEo%;Dxe+p*Ivkf0`0f(%`irNT><lk95hGV49;oq@^kld^L|gy2l=L%BpSgS
zDUoOw5iFTzQi&wVCYY7U63a4_vaE+O93*K{2}vXpNTiKc<xU=5;Alhs{@a+wkO;Tu
zp84|g-`{8$qxwZzI4dx;;Ih>bOsI_&dcZTtH|&0S%mYUx<#cAZ=7PDOC!P+)N1uH>
z{Lc63yU$jBe)r{31i;eBtpfu}qC_Nve~SIbtS7&LyRqWGB;xSTg8n3ijKr!Wm3je8
zGZXuf_uL<w2Tscl`N7i1Dv#c};P00)%*-;vvoe@bXhe*uR7DzN&Trp6e|`6Oa_ha{
zf4E1t``@o;o_+7{<LV|xoN1**QLmt8C!WH~_&iLsAdq6z4sC(f4k4^@VV%y6E+To3
zDa0IrVc$M}9{qm@e;8SnlPSnitdXfyMv8*>{Lib`p8b~pULVJQI^6g8e-itr8p%{f
zioXm~3_OqE9+Z0b_@k$;zmOe0a5NNa2avt+!0TQLKYIE5{rd;>Kh&z!h~ZT;WsOTR
zs>(BxG6dr*kmEvDSy@&}s^qgaG{V(V<y2KxGc4ku<BEGWJA2>XUA_D_(f#{;@_oO+
zYJ!3(^ekDXqO28}#T;^`imI0?p-;@f&OmTJS(_h8y1>p66X5*w4t>L|ekt$YnT{D)
zRUpAlQY%#!RYLjm=dVWlbJv|e*dN{R8vkgy#(nlPlgSUi(1IEX5`v{vEAI?4-hW1D
zBzx215*jCZch~RNgQ)S=(~a_Xt!uzQ;86e$x;C{=6Yq&|Lk@B=+KVvf#IrL;v>dpd
z7eu3X1cAClTm_2(h{z!W8<#9V4bzM$08kRBK-(mcEmL<b)k77|LD1yZ2N39i&TTr5
z2G+UV+i;tD>73gX#%u%=daol+^31{KZ7^I74NmT5-RBf;>5$oO=XrOwbWk<f=M?3y
zUhH?SbUTJ-Bo`rY;oCDqkZ*4Fvg_ULyyME~7Ag`%V%)IRC}0q<%U~-ZQnf`<j-cM@
zj=`51>|x%>;f!+)=XXrb?{{P>t;q#cpzVqf)sX^0U8!>ESOo)8Id##t*=vsKJ9g({
zy6mGNz>6v*T!P6mW=f@SmLZC96dV@@mc%P8OBSIS3kgvbi4?5N!!cH|+xPbVp=&sH
z{;;n6ap$RvHfOFT@sDiVyWMisTo~VGSQ{o)4DJ>yXl23deXuktSn;QH{3uQU04z|-
z^$UWXD2NZm$PsB19Y=?Vo;~erPL{UV##S|F96#^A(cwp_`_EOsq>?r+?-$XxT(e7s
zxr2?_TD!Pf=T_*iC%0a%y7ckruS~A=zkMq@@jiac@NL>g8`)KTF_}GGjw?#O+NzR8
z({QwLZWVf|`de?_+}Aa{I=QSLpFH=e#MIBesKI-rUAdssdZ)>G`_nNmI_uwcPR`ey
z=fg$V^W!rHYG*KXd6Hrsxw?kH0GR*)EC%(sZLk0=0VU*@z2F;uCO``Ty-Ur%0q;^v
zv$|b-);|DJUQ1H-JHJ?a-t%4E-S0bK2LVOjuip2cqtG~0kuw<)AAJ!q5it`rL<3b?
zK0rL(yqk((T5uq+FFt)|-9i|(FzsU%!ol5H%nnw!qMB1aJmjffqNS~Trg<cD%{^Jn
zh;G|`9{VScy}sVC@0W;D{CyO}-(nh9yqhN?Yp5^)*P*dFrEb8vNnw!$d|P|%5qT0&
zx48(ydv4s}jcW1tG1uXzoI9B0w9rH*F8t48*Sq1jxi?zd0@-jq9h=VwwCTCpx0x(V
z94wtf1`UqIP&5GojTwrwUlrB&cTp~qttC2i*ikc17E`8NCD0oo0oa<^LhdNptgHtJ
zh=@_=n%<{bjkgH!#3K<0Oj8pe+`<R}5CafHbT^PYxEf+`aNvlDs*zq-UWAn<>rK-J
z-Kn}%n+-a$dfs<yx=q#Rf><+K&1I+|c5hUqY1XSmF3qORZg@r~Fu04M_lu*42!aq1
zp|?wXT_w_OzCC#77T^FE1{gFwT`sy^IMniRWM3)Ug}qw!=ZlvZF1se^Vq41DEw-$c
zUD1=y?sHORlU>I0R}PZ5oQ|#3uoMU&2}7_4b!un6&zl?z%?HTIi)V_M=;zqCQvd*&
z05^hEtuou?&43)|@iyFgK61M4`)^zG*5S6m0I&p?l3w?KZTOi0EC%&2Hv9*@NiNRm
zb?;dG0ZDl+OVsZDVec<^X)f<KYyjXWyY>6t@~@o=eSX-fy@<KLvm&N$w%?vS`KFt*
zm=h+ImEl~kJEr04Czivx0okszcJ1KX%&AA0hXZ<<QoW~+@Vzh!0f?Or9&<G{<s54D
zOE;wE@+J1<;)|Y>cJtkuIpU~<#{o3yXA(vmAO*-?g@iIYkPlV0EmoT%+;y*5$eah~
zE;N0v{KUIKMzaNa62ZIQAuLAp79)Kz!Mh`yw{shLmk2704Psjjx0i-;S~l+OXrRM7
zw-ANf<U3{<(=n$Okz-iH8pcVNn23<~Z9T`F@1?v%B*D_QuU=bYM@~7o__s84zO}ML
zKyD$CRRKbi*s@pv%TR2{5#@Z0-I|q_nY@8sU|ANGHRf|h<Jp53AzT_1TTZHg>7a1i
zJVT#(&u%V<ec}0o(iU+c$Z16xlxnOPY^teBs8+sr_m7^wKfdQJ{#`LK&lNYjWB2zE
zl1Wl2BuYaxrBpAo0Qmy`Ip2RXb4NY%?&0-64WW*^5FZcEeD^kc<+RV6<-;t(!Xjiy
zmT_omrOK#U_kPy;_jm74?E3)mBi)nt1^2B>wf7mHZ}7@Ukdj5ps}}sj439z21AZpr
z6M^9nL3Y^(<+KG;^!@Vi{Mf3VTl@$Fe*%d_EO&G+oSUa6T<F}#AeAm6NJCR2Rbtge
zRLtktd<iVCt!iHZW84;8U%_5j*>U(#{wTFeCNo7UEkY}d)s=iR2iya4_wEjjV0j;-
zud3(J=UJuiJrQ&0eD(JFKD+xY%Yw{Rf-*F!AfysOX#3Xv`s4t?m-G*13cM!1)~49!
zuRHh7el=n$qBK?OFazH-Q`&!E5J1d6=JZ&Z5EBOgFFc&^dhByE`2G$#%7zstah$1a
z#a5+Jnu?h@^nY#keE5&|Jo5fO4|l(Y4tnQLpM7)Y{~uf_YDrZYsHpjdW_o?m6OeNn
z_Y5X3pvQq!`O(M7@%zG+!NzQBDTZ;SQJRXd^TvSt_2BHdyfiQGkNIc4@AQbIsDeo#
zqO%Ol>=B3TCph$J3=LRu@bz5-@;^6%amEEbDjq!dkF)PV_3f!5V3{F=NemKTnhXsP
zNF)*+*4I8C>K?uZh<W(`j~sE<e%*ZDe=B@Zpdg75neMjt-=@Q`wm{AI2OKBZ_)hod
z8#Hy=3$XXf_q9E=9(_A1Vj`j{7%GXYUFXhB`*L-@<IXUxly+I~T=DlzRZ&qj>I2Rc
zN^^<qYI@D+aQc9#I7DO4d9myT`fKOT&*7B>#8gF5BvDjNTt311-yECyaWU_odF#)6
z=Z8tlIhxn8zPvN=bj3wcF>nOTA8&|MN8EML*gg<M1;E#jICbT=_xtba{L{6+m+TUW
zCICt*qH5=Vzi00-=C!{sod;Yu-<@ZmDnGAD023$GX4u;rOA%N#q@z^LXsr|)f?G`^
zNl2p@B(YIsq60yUCG)Rtv~Iq9yx+;p!QQ&iWJ;65p`lep?`Cwb8vF_j5SwuqZpciq
z>Jli>mO^%^M(zceLSr1%RB>GCwg&Gx!Er!gAi}A@Ikw!>8*R=G8^?FN(^@fs1>9*$
zK?E#-85MUOP)^vkV*wfgU8Vs^#X?=PR$a($AyQhmDy;_UuGJWVQHrVnT($ybNiAK4
zX_}ydZiHyN7X?Rds#*X>g(D~e1<{~QVKG#}OdJi`<YC7Po4rgMo5=3w1K4hzIhoy;
z16^}9UN}R@o`^JtPBMbyB$Sgim`*OcrDCMEi$q$BS1xtUcPck-j(2u8ET=(b)Fy!x
zsDfz(JU^Cw{b}iBK4aK5l#S;*%WvL3^uV!llzhTcq+$g^fdXs>4-f^2u>g9zUx1)I
zD_>1$1_3k`fau#yS+SAGZVB#T_-c5z&{JPO>#5omn7Op2q45lm*J^$Tdv7n4IdO>V
zF&R~l8lBU1_g!)g%Esr$t;$+$ud;VC>J8l6%)G%4Zk9#d0W@D@z;m`%+Y{4slY84W
z*UPxr!rbPy#clJv;jYhPWY3z_Q0{lB4vWoRmfb!T^{jPQ7xwH}Y)UWVtw3jW_Z7zN
zY3<6(y~YlzPfnA{{&zl0HfMGCt)9q?(55KKVVj8r=>kD&I%p#bl^<(h=c~y2O!Lhs
z`Wuru8SSX&nK#xo+nHRuu{Tov=Cj(d=5a7bw;h!&r^Yle{Vd(igGj_TR?!Vx*|RMI
zh==9t7kpjFOoGkUm@QqQ3P@$JVuJ`-cBVF*-9xu9j+gP5jxu{9rbT@UebtjI>79-$
z<J+8Y00A-p00ski+&0(^A+0;x?|5zb`OLQ4c*Wh`?)RDRQb{dJXWsX{-~h(_@wt}#
z9{0T4NhR+FcmqJHuK+c*>F1{|+iNXk$Wy`wPie5W60P>xS%{ID1i<h%=1Q-CAkh>E
zqk6rU#{7fm8XHPTz~iKm?^3^Z-Ei~-1Q76^9m`$}9?`ZNYa%%=hKj24<?jzYvhE~&
zqqeb^P?&8ccZ0WgUl(&)_P3%{$hvy>3+HL;-CLd>_4gf4td=y2AnQPFqj5U)rPhVm
z=UFgn+puVuJI!5qk0Q90(R`xwc8w+h{R0$ZnVV6wP(;GqeC8UuW$fn&-y3){&J5DA
zseVA_Zm(YUW^>Pa*7er6v&jgU2p}LOW!M|DZC3ExjNl%3cW?(?UP?CG!_MyR?(XgY
z008c)LqQp3cB*!%rloMNTV8qK^=r2b0U!@MySuP-NL7tC;AxqGy0c9*+2-5bZgYzA
znw3>m=w+FPWTDZORaL5zmBn2w)w{gqw>iaCTt(~Wyz|dIU<?nAcVNL2)62WafQax~
zzA4^0cK{WtrFl(Ch^q548YoAeZr$gefB<0LS8oDU;MaQP9LF$)5P`sIvLH->FtB3s
zb)qjUxg_1X>gwsBtGX@Mo=-0+g7SjhI?1;*^78XZaN&YaI__%WT`MBP5miSj5JU)+
zQXrzOt-S8Ly<QIo0LrRYkr$0L+f6jnM3|v+NF1QaD?EU`6mhy?NYd3XcK35l*ylNO
zi?xu5a1;|ww%L)C;9<y;rs+W9CX^1MD70Kmm||(7RB#6=s8|WAlnn_{G}%EgRrwv*
z>J5GU^YOs5KDH!xi|oB_6ER%l_re9_bDMVaBA;oIO;SUbfC6Ly+Mu|)hbNS0hl8!J
zba!CgOAiV*{ygj6Sg=jwaNA%sF2jAG4ZlA*mfLR_ySv@q^F2M?-QJ%Kv?lE#B{IF{
z{m;#`yqAE_1IFD|dAIIvw))SbGy)}%pT;@$0?l3ZRZy!tNccLhl)h3JJ?8C7yG!LS
zDbFd=wyLW=Zknzuu?o8~(^TeQc<!}P%YIy5QmUbuiN;lZX}eb$b@h3tHjzhs(|cZ`
zUm{l(yxrPGYcUe?m3AfNDy!p7dha-@)y93d6$$i-=QKU5t<D-w9=7EgBsq39sMSr|
z7nH<~Mu>5=$zVj_QIjuGxS|D;4daX#SS1M(h^XVhW?QxtWdbaPkR*;UNl60n+_@e$
z>?lS=W)&7(!imjmo7rZy(VQcE#6fx1D51_a2rh4W5C?naghA@a6+?0;y>p!bzZ?SH
z+`}5(@ZlUqLo+H(?s>PXs_|gF$#~u9x3a(hHudgZ)FVvUs!41dlWySGxR}j?%(Fc4
z)@T$z3jh#HQjsEQfKxS+BLx(R1r!lrAPrR%#jRhQdFOl8;nw<djN^QJ!XZ*cCTTJf
z1aFDIskbkt_?O##KJ#+j@5|zJTkuyAQE>zjR6<E0_wY&%81&HTKbzb*aID-`IiKH$
z3MwM1Bj=h<<->R!)P5C1L9OO}+XK9Zz8W3~Z;;`?KQ;OZ^WplUG9e}r2?7v&U$xWT
zj{V;L*9>AmYDwU~ek6cF1du@_kVzbea1n}WQW+Sc9vgrQXn#@!*lsJXBhqZw(+8yc
z*Pi$8kAFo(Q&mKj1XWQLQABT_de>Rk99?tm&m8OKbH0@Con@Qz&U_Q`=uA{aR8<N1
z{ehkzt@s?{tFE>aJq!8AuCamUb+qXV68p_b=B)Q*5h+MSQ$s+=N*2+LhHV;v0SQGv
ze{(w5S$Vve$6jxrd;tad@&yVpF_8cUwQQeXKb?M8^@sch1_7cC`G6o2?0;Bt1~6Ce
zV3c@|IqP3J`0zC{O+i&fRbM^VA;(?*_xGB!y{|{M<I~P%&wJm01Qb7Ls;Vlg5ksTl
ztp}ay4F-ev-3GZ~$uNN`sE7j48?-G3z%%#v?(gl#o*%@LL531c0RTns-^JVR`+WNP
z_0E3q>s-!S^P1~fn)E<eKFw88RZ=4J+&Yl`!_Auy)7il0hg`t1=7!hB_x%0dn(qC+
zA|eq82nP=j)qlg6$07QAL+q{lj9ESa00n;VB$H89QXo9}-ljH<*LXc2aPORXy})rA
zGw`|CZ*P2gv(wkOikhja3Swdt2!de1CQ5%<3%9;m@7{TrJ?tJgv#eiOvBv%Y3Ie?S
zStv?G3<$Q>zisj7$K}RK1q=Kx=uA|8plBffAh&L%Kq!~+-=194uvC0HkA578stTy8
zW~r*H-+JXb={Yyooa*57p1U>K;HWRTL{&{yKqA^P#3H*B-!-p^n$|dHDztz^5ckNi
z#SzMwOs3~C4aK8&Eq3g4I}vcL?+ynG9(L)u(9u?<s6hhkFeDCILh3tc0L&&ptyH2e
zMx`T0T$Wl_Y}k^61zbgd7&gK(rCW+gDYQ)iDYoJOrDD(`!Uzx{CN))QHzc7THi~s}
z(+JSHY+bu*?#O~EcIvFafut4LiYBat%BE`W;gpTG9aE!7l-Oh&P_kH&%9aum1_)9|
zYMYQi0!9%a7Okai5hxXG21O8ru_8588e~cWQ%#b{rFQIx5lVxw<3&oSZbwiN1=KMZ
zjU!Kv?j7kG_3u00Vz}vIU;<f*1w=@RL^v!NgOY|+04RewDj1B3L{%w4m0&?jgx5Kf
zF5K+nYVI=UMCNtWs3Z*vp-V^VBEWjTWsUyEk?`=~OPm*9gSeGur_s(CvZ#=(P(TeF
z*~fzjhly*Wpw1q5#LjcAZ9A_~;DDfaRRL54RY8H(Kznv`N=(`7vOBvsZ_fOgg7rM!
z&3H`y-Itm@o<{}!FSYF6VM#Fkhf|L3{k9a`Tb?4*ux)#6UMtkNg}t#eWA7Jx_4$#s
zSEJFmcQ#b(shpOubr<sJ=WWjKoi&<wifE&@t~Rb0D|6~u>i2TlT>MTvbsKbBq~&L_
z@x3T5PhPCgwtKkm9&dLsy_bF;ED1*VZWy4`wcB*3FJbl1Qk9EAfCR_@00xcQaNA%t
z$6>qR2H%f4mfLOUySu&K^E|7&yS+YRXidCANmW;$pP!Q5_jkPCv>mqUslNx8zH#qV
zdB%PB+w@HR^h`v9R2+8F8a^H%XLp0_xvRuqL`~i^%h$auF`?5oqVo`>_YJJ}EFI`B
zP{;3N)g0NLs9e;q4(E2@hXI|MK@5A|-t#8&J)Xnaux4OA$leU?(T>Kv_Xz0L&=X_u
zx@2Vz3K0nQj*qp5F_E?7SZ}?r0)a8U)qUpqYl3e{-cgRdT07AJ!_*rNX+q`{jPV<G
zJ8Pch%oaU6MxAqaIxKcEDFF!(l0+>9FdDPe^SRzz#d$%4csBCO&Bc|}8wTB~BWmfU
zy0?VJYkStUz07Hi)XgvvE+wMT8B)oTxw*AiJCZdRiVkL*v%4F*=rFEI!YZn)GH6vg
z8^Nv)<GSbr%3L<{rpR|T6K0m0kz+IkQqj;GU82;`1Pxa*z;Yd7qe6uU1d&AsF(NRB
zGYZ+aBwPZKQo$1~*4@MEtHPB`;N%^~;eeheU3qx%-MDTXH5Aow_q5LkGl-yDRI7@l
z2nf`fRVs=~;i}4+4l+q3vPc9P9lLUO+C0$B`*X8BdfUw#&N7wCt<2rlfB=~QH*1u`
zsMxvQ(sK(VsdK7J@Ih7Fz4m1L+nwzjw&AwGYmUQrzzx41b1k;p(RX)yz2<pWcXxVx
z#?YI1gp#VSKR<N8H{0&-HvOT`yOLesd*5h%J#8AVduV*nVG`Y+vL@q*q>F@t_3aax
z#7k~-IYW;ekls#hl>#R0YUOdw#5Uupvg@v@t#RI7Y`t=6g<dd+dAsFnySq|R*UERA
z4!Ult6XJOB;RfI;iKB|z0JfOK?Fe!f!VSy2$^c`?h9b?T?;przjJshgT9jxfkU??e
z){;cvT3w@nOS{d-qT#)4O(9xE<4HE%mev)3wnmwIXB5cp(Y2^HZrFGPEVj}r<7ifj
z4cnk_h8U`=$1O0?0})~r(q-FH(Whe?i8g3qptehyh>?xZ%(BG^Avr}8LXzCc5azd;
zxa!}%b<S(P2ELUsB{Kv~Bnc$ZB$7>Gg8S|Cp8dRI#@*(7;Z;BkUt%h%YN{0u&b~Th
zP#ESTRH~yt&CliqjzC?iQ3n$rZjSyZYOCteilQi{sj92z<9y=!e)E3xb?BlmxKUKq
zR0=PLxu2P{#W_s}g|d5xJ~+CS%?~<b*XACuzXOUULkwh_DPe$P5^AcVswyC={j=@e
z&amchPeKQYdx=ItOh_O_TlKB%;T&D=-irdmhyu(D+gF{QA2CO-L<q_Nksn`QSI56Q
z_2<v;eD}Yzd2f;GqxV!*5k*pup6g8y$PE34tkdY5`eIs64Lmp5q~6r%!0+dL%k%T3
z#uSP`BtpG^K6>su*}aF|b9Qr`cnSbM2?-F0!nL)n`Pd8+Bm8#NR_!#A8WBWs_n4i2
z>ro-_)&bTI3B~8{Z_kYP?cX=2<upjbApit|2{ZT0eE;91nSS|ugjOR~SHgu*s;}PU
z03t{8TG-mDNri+%cs?11|8HituD@q99XgT7{A}O9v(EVauJiV{*$7rFq<{!mN@1YT
zfQ1qB@8k2yUiIakS*xukkH%}w?<&>LPyto?aWKdr$dG`8`D1Nb8A1}M3Q|-dB^Fvl
z7=$TWBtdBf3J_XA29QCeL1{_>3IRZhlvpB>VD>#d!O3p%_CEQaxrRxjK&a!x!OuS|
z!-PZ>_2>yGCMqD3Nd%Gi)44T2vGSGby9ngW3HQ$bR!~J%6-mBgp31*H_fD_pF*oyF
z({In_tM!pXMpk8n1R6Z!=fdxL`NxKhsm{FfeD&xZ(Nz>tRYgzDL!sYTe(=EfNKkO^
z4|d_84*>T#eD8<PJ9l>Geuku`A}T701omd<^S90^YxXKL;JGPqcgiosgG5zPUPin_
z%S-VN@J$`{ra0c8&F5WjDiRX=WHm-8YN~=vM<@WLvSFtki{2gX0)X4cc$vq%vNVir
z*KpyFSyPvF>;~?;9E|1|&s{`LZzVUSyPb2K*GbZFV;46@4e1ON^~uMOapB7{<<#$c
zCgINarw0lpMcqar3^h)SVSw#jxkwPwp=m^#eXb8XrMx@3@l8}7F{9p>1>U!M8nHmI
zOkg-|i2_RGgqwv4WC?Hx;KzG}E^kA<F7_}14)tzYFFAt5R~6W8nnHw)%8r6IZJ}g@
zQJ{q25S1<h;0Or0MFJSOS8VOlrOfFqqic>kuBvO7S1#d-a_*BSQ?7*Ugdg0M{%h(!
z<%Fx@)l&W2r(dwYR&LGA^Uk|F^zruQci1Pmoj!DUh3<~PK=R~(Fl%DCRc3%dp;>49
z27QXF2_o78V8HU>H?!LuVEUHy$UUM?zokd_hjp8!zWeL@?|4X0tU%EcgF-uEF>b?A
zSwmFGKY5-V*CMelUA-&U8PCm5K;ON2IktWAN86is2rzKfEH5G&8f!f8PiEJZvOV|R
zz>jcVu72Ax$a_3xW6;3Bpx&0^rk?w`FIDAdRMzEt2dkZ{6TOPwMR|H>d+A20xe@1G
zL;|I8m(zD%+_-b;^cA^x>8CXby3XJg+mqwnm5XX4*|R%Zv6J@o{Qlm9Izx^xeAS`w
zV3FnL^ucwX7ZRqc9<=aN*mvoNPM@jz`Hw$q8%aKwgw!pIj#ULmP0G9X)hEtU-s<#=
z!b-hp6T&}5=2+q;JAjmM)U-;275uc?yiq97EFT@uz1O}z_gKpw$My8U$sw_zzP~*p
zLH8}Ryq9&31bXv%i#PL+9ewL2JsT0|^i*eryttbA`5QIbyp%nUZd~ofOq`yAo4Ty5
zBPOkOd|fH%S?pWjegGyw000gGz^b4CYmUQTv>R{UZe_OHe&N$;FE-egdwtbC!+erj
z*K(@!XS~ww_mcB|ICPV$OV8Nbc+rtfy?iafEMD+yO6DeW>bmTy$k@!Wg<k9o5Q1Lb
za2qHB?G<kBh)6<%!wy+`hRG>r0#;;(AgO~?D3S;|fdLb1;`=9PI=u6vhB_009Ijn-
zU6k`|XA3toH07@=0H`?2&nhkVv&Yk?y7c#8*Bb^m=?uB<RW}{CEUX^JGc^#$K*Who
z1^0_cjqS@*I>11Z4N)L6CdT=`IB)_gnZhTS!ptza22B@O_E|2{O5C(w_ItLQBS`F2
z1)on0Gm5^#@eSE}NV5%CjAmFJEWaE+IGyr-%->y45p`nhLAYJ7Y49g|blEJt^z`mJ
zfk%gq?wD^#CW%>=iV0apf`sJ961dSrqM?#k(zR7nTm*8&TtMBcBIn+3HQqUjrqtBE
zz(<&vsfEguGM;Z|P2zVj5=9hTG-ew#$dN@9=MCQP8+olVcMX>|oNYP7lu>tkyjPs(
zxlAQaRLSOMCw7^|aX4(nE3bw&%hcVwHte-6OSQYHySH+3n<pt<=3?p4&K=ZTN0(xE
zd83?FSE0Suo~#|ka8=uBE}7o02RTi{y0~g7b9UQ%lDw*wYO1R48!NR^u%jxftAVD@
zFDn^1sE)2XPBzQT1kNf-jt0X*VY0v@f+8kd?>4nE*{D&}X>e-BNmpvSr#9BzEY1!R
zxxAL)z|r9~CNa&mwIy*^1zg&z4311sDUjl-xGJ`Uh+u-jq)DY5bepM|&wvZ}48c`d
zMCa9I7=ntL({A&3%bd>X&F4p6YnLFqu@Ql^$Vn#Us}AD2637<S5q6wLtkV}}I|Z<r
zuo`8gB8**t<O0!UTbC#+xhh8#klhPvR81QF`Tgx<+%9_;ZvDAn`aEkU<P&JGOMSs}
zuD4egO0#zBJ0f>?7pFR9UH53%08D@wH<59cUd4g$C~daao~7peGTGk0XT9Cy)&*4n
z16)~;z&78!+{<mY{llixUTv`~_WP=PhWRA5uH{wc&tJQ{eeU;=^{V03CFkx_;eCb=
zzVu|fnfiHp^n=nD;}zZADj&LcfTz0RzPGxXty_xji3EkI5?Dy23B#FU<~G7OQz@$;
zvy5E4*FeNADoYqdl){Zew9vTUl1;K;ZIg78q@WSAD3aws$tcdb2Vp9SG6$M~ac1kN
zL00sXrK+W=V)5Oj_XdsTo9~g{R91ov(lZe2Uc9wCZRRs-F&JjDGt<)hQf%#VTX9X@
zIi=tON+Wpe5!+b=xh&opc-l<Uc=|UztXp1v>Wp&p&nc=k+7Y3E`sap^9v5U4tE{)~
z3Sjp@Z#rhi999T-a#-Ru>I-)EStXQoHa$GoC0@Z^ZLl4mV$XCA`(JKXL^K#<%y+kQ
zcJ}S(w?~fVA|e&X%J4<-@BrJ@`zFMa8Wkv_QkatzG?fzx0Rjz0y?WnwtTorV*SqVy
zwPySU4t-V$C7PIuXsRk{P~GQ)CMWK1L316&I-A|}bo|+dKaun`5LD4s5&;B~Nd%fE
z5AMF+cDP-Qf6ryj()9hKHGC94xl|QJO$vVfadf7oys$YZeDdB|4}}s@6hzd-l1U(w
zM38nr@4tUp>G|}alKb9xz5ox`R7}+sG>301kCAS`@2npCPjnsh^l0CPv}!$);o1et
z!puMy>;r!9u?h*KfI|!8-@nhlUG?>B>iORF-;tj+Q8h(P9GBTg_gJ@>7W47BHQsMo
z-n~3#Vjza9iYgG&Y-2KzAsArt>e|KTKYS<hC#=7)>-Bc}*TSlV{6GMcra}^ti&gNV
z?^)HCzPnq|sN<l+QhT2GLBeS~s;P*QLq>rF5KR+2PmuNN`yaBu5HpJGy=7EfP17hk
zgS)#05AH4r?htHn2s*es6Y>u31W0gsa2ecXfZ)O1VJ1L=1Q`gLK=QnI^1SC;=UeBT
zyY5<dt^4m5tgi0r>aIP#_wHT0cXd^U=rgGBAP7XRua`1KIvJ#_IknWTTzMP$^X4_%
ztCWxVS3k-1)Ut+4m9Z$*GHoXQUW&Y25nv|d_`!Vtuzy;e%wAB^&h}i~u;?Az)s1%3
z!O-xf%=y_YI%2yrxxOTs5n5jN<6DKu+#}jn*;Vps+*~AUmKJLUKHbo(#y*??YQ49g
z^ftP`yv6B#OFiaftOiyiTj3Oq*E0mz*FHQvy?Gk^{dVx~>etWyvtv>NuOIAxDWBv!
z!?+V+d<CEv9KwOCm&yr~8>Po43=g@HmnG-Ib)WKZK3V*d8dEbhGByHH>-)}yx_z;F
z2U)*Sp2UOvAQv@VOgaiX8NOM&Qrw?f<a|?<aPCBq@YOeQ^(#e$tj8w)8bN8IG?l?;
znVv5_x65<hK7|7Y3Ohx)Jnhw+?oAUX{g)&`=gYpbh#va2Z4F5Y@_@r=e4_epy_IMg
z8z^1YhZI;3-3Ow2!#)fZX1OXOf;tYs1RlShz?>}d0kh0Tue%4+D{4S5b#-ZW-Ucxy
zCAorg*b7d#@E47NClI5eg7;2bnIv?&<mZ7sM@$WTCS>d4A%y&f%oMX)-9?u~sMI7n
znhRJpKHa5Lx`G%R0^>c2+88-uBIimakCtvJmu^UwWOfuq#%K~>hgK4Kl3@~k?dAo%
z3wy)Hl`%9_%6^41OC(Q-Zd_bX*I6kVi%%j8P|212$hB}#QVAan%W))eU?BR|K<%{h
z27fj2sxW*xzUaO^tNe;Hp*!yp0`=(IDl+hcU~5Ww7Hm7fdgmXnNQuwt<mWRFQjUt`
z1Irea_!2G?(t<EVnDnAGH}*8%P)CNn-Z(hDX-ijRc-oPT{_1ksNfIZ^&o(v__fA0b
zVx0T6P`~xc^B}w1uwIw>yy3SBq{1vcx=WJ0g>Qpq&b*9UQX7kR2HvTOy&e#7V^X7B
zwmupzyeqQY_t(pEWV!oneb_FaPt`E_w!td5Ef7NKEvsYv(5T0|?f*8xI20~!;WLg2
z->!7pbm;XjSZYgH|KWw!O>lO+JEqa**1&H{pQE~d@1sBS_>Kf@YeR;@`!60$AEeOp
zbY(Uu{38UhGxz|RnY+$j2+v<o`1zGNSMjINFt=585)_t{SO5kZTwNhQ5+4^o1n>KA
zHJxRmE)r#;M%lmLhWX#R;=ZosmVZ@6-{ZD8*ydB56t=m%dHFKz`vb8#Qm}vUc<KvE
z@61=hOYGvZ6Yjvs{PqMhhp#0@C0#E^C=n|LCnWfr-7J>tdpU)eUa)-it_$Z4yyvhm
zFyHXzT#m)r&y2Na#ym3qs1i?}=lo~mVrPt~LT5(*W#rRGnd<0h6^%T4n6o28<sx{)
z+_NgQshBhBvt76k`kN-`4-8?2@dXyuUx0jm9~WI9L-V~>^g-sK-iSKR3UBUASxW|9
z!y2Xc;rZ#>jPC5(oO#B)RLN-)Cf=1f+T4U$=QtZs4iMkk0B+F%dZ!Uz89BA>@F_|M
zR$n6x89$cQu~|cG*M;)U);0kO+qQkieG0qaFjzUee0971{(NXPswC*M{4ojYW>6&Y
zhlEI4niF1PGXZE(y&9CfqQ7PZBfq*NJ}wCy^*(;%z>><bBzKW|r4~3KH0nWC!auA&
z+iyD_j{G_Qkn_;>P61KxZeBui85$ZI?3fM7|Ed7%4Kr@eHvZ$1v0TBM(c;bQST^WP
zk3Crd-soNW9b}h(oYJg=9*2I!ZleP^`Id78nEAsJ`LVS_XRMl<nx>Tl%N{f8!TYoH
zym#NI$m*aO3bowR>``Thq0nt@0j7^t3zHU~@)gRi;fi9;6%du4-qK5UWz_Fj(ypF%
zr({s7<jkC!H-;sCuO{#H?t<+iwh@SWzB;oe&pvjv>vF{QHpqyw+?GyF-MpqGbl~Wr
z2!(>dV3>f=&}Nn}0899BN%%38ubKQ<wjUW7jvm@hV_0qa^;TCdbvTF*21|S}I=aap
z`{I~J_%b<{u<z;i$?C8`_3^D;NZZpmioeM!9=+E9_hlbUg`X2B_1?RNSI6#}@CJF0
zwo(X(to~6}mZLsmdOwZkqxT5L9(H6sKySi#P<1HpYi&<$KG@CM2Y5GHS;;Lt<fS&v
zdVnJzN~XKj7Bce;JL!1&()UFeUlJx}Y1?e^a_?w!Mr-|ruNdminbU&kS~lC6Sk>9h
z$<oTp(ve!$Qv4L6CDLqc#x?adNy3|5`?*fJHZInbqU7OpH$iQEl}};)X>Il~f#zV}
zuVaOqar8*kg~L0kg}%X2ooExyi;ER?PA&V=DK?}tS?rR`4zbJOmQ)T`*tQOz%lp_)
ze+vD|Wxhtl8g;l`-4Dd|<}32M`2di0)8#a1vv2y+BskI-cEK@+-XkB5pVo%2FXoRu
z+@%Hg;i6#8@ZI1Ja6IVU$>~Bc$=FhUkvMK!FvK&)-HbbckI11OoO5#QC(LX(2-x3=
zA(k;_qHz!$9L0W<-JDTfIyzs%g|vE~PjR;J7M;gXaJ0$%<SrE4@istf3LAOKmn?UP
z;WleHeAe61IXl65CXC0iyKQ`1JI$A3EW@-UaIIH@%RxYycPrG5zg<tNMV$+Yc<;i5
z${4Q8&_1zVw+pRvM&S$7^ss8{5QV*bR^nUy(KoM*o4}MRBib#$9JO^hlj(7Y;;m$R
z*o5ry5d3<9Q(DazU2W<fcIfviQWfF*T|`XviWRv_92WRl9{J0J;yZeEVvI~X7VGt2
zESJci4`(;uE;l}|1--NK`gvLWS>gHxj>AuOp2TDrU(G%aBnJ6QBBEde@7(%x5ECTj
zXM?!L?=a!QxnCsl+0_|*jy%zvhN+GfG!x^zYMg7PRoKT6v_t00kE1cxmnDkFe;F8Q
zQA!LgrfMDs|CIKP=z|NVvn8~5z6~$1eIBtOzcCc@QO5Dj=|SYHf_(NYWgPoxj{YBK
zcK#u*3}|C%*-OZ=^hO!T*c3!%IN2yUrf2%1LMO3O0Xig7d()Y~gZV^8+{N`?ieS=H
zL@f&+D_Z*M@!{d}Wt*_GNBq?rmcN;mmZ+)8O^wuk9%USBN_&0Az{47rYnBkGP-T*c
z`8@Y%?RR%2@==1-Ig6W24f5me^V{El|9<?T%yM&mdszaX@wI(7kDk10%YUAW+kHV)
z*&FmORgAym2r21(Sjd$se2lp$f3L?b&P!({Fhi!sY0s|J@ayj3`_0YI2W02ZOGVUK
z1AM+2>&~1VmQ<M>U67T`u3TCvpNn&IGlTH|{9Kz(gH;VL>ulrm+rhVQBOl&A{rY(c
zS?^s(I|=2jD^E=Bbzf$Acu=mgOHh`+Wdx6wd9fM50IUwlWXyd{Xtl}u;Z3E|*f<9p
z{=nyta<izXo04BQ|01#8uvv&M8$B`A8&`{di$Pj&qn+|}DTRA-+=pCTY4Decq*|)Q
z=VjqQFc7o*2RB9h2tQo*eV4Tc!dlS-sgpl52>xt|{C)E;2@eE|EBDx&I%6)1S{-3O
zzQn|GcA5{BIt&lARoCmqoUx#wc>dkKJ}jU!78#qdbG9yfQ`w8318oFnp)6Ou4znoF
zlp?>euc0|f#aN<{k=;uY#-gpW&Jf7V0Mi$5ZdI`z&gk(DA@NWbasMqr4C-yFBJgk@
zc^^Q`YX)AUgV^o{cIk2Q3RuMtb<%Ne_WI3`v3gZ9vCj|&?Vi@KNcs{Ogw_Qn$P907
z^ow{Hypu!*_>JRA>;wX6u}2fMiX;SWgc@xPv+2Cncnq;w1)yJPXD?+!-H)VYXPJp-
zOif6xSHF=Vc4fP~aSWJT^m2@p{Y(HK9M77X&f)Fp#mPXIxeyOsc(6--4anBMVNP$e
z>GVR(CvMSQ3bkXiB&v!JiXCyK6lL?E;;9lDdxRz@Kf6N5%PGOY;U)xw6HBY77<m~|
z+r-tiKNw|X#gN&L5lu02@HFI=k8>MK<&90g*D=bkEH^dMDo8c9&ss9VvtR6};;B>P
zOm@#$;-X2zS<b^2aMb7GtV&EQ9b3}Trs37g;$s)&lNwL8&*ILeNuI01*Vf1~BL^o{
zeke<AO?JR3-^z40&d4Wf;gg~>eNWCCB>}S<aUn1jt!)9bx#Ve7aA=!QfReX$TB);=
zTsjK2B^}ir8!YpaqA|v`u{LQ8vs6Z?EGnG{h#54v)40dmsIX}yu$Dx5x%HEXwJS|n
z(|}y8tF2wm92#1wz<e!+vW8X{n(^`vYh-z?ST0f-OO6d@+|j%qx>%kxoEB-$yais3
zP9Smj0tqi;Pf0<Y9d>6)_Q_Erqq@4}d@paw0%Hd7qMiw(j?RkC#OjI}Z}~Wnhq^L_
zqj7}^Uj~JRX_bnpx|lw1&ZL<!pQUki6|Y`ug^_#1igB`u4!FQWL*v8h7H=AFl|Ha^
zPOG-Mkf*9r+r?dHY_dwStx8{_dRZVXMZJL0SrE)GQNEPyrq637n5^fljh_kQ$JfaL
zNzm)-7x1b}>VT?vb-k9W%XleGbf&?A48|_pAM^_5stN^TXe>A}^q)OEJ^V{N%zHw3
z*{6RyPu$z{_l%G7)6ji=9nZDv`d{$~M5%HY<@(MRd+{q7iwH?aRSvfH3Thk6oQq@7
z<8M@JZifxvlb_FTtXno*8N9uLM@Od5OHq$_x>~93*^6I_oJ@A7K8-82iH37_m5{&n
zYP@fV%Pmfj7QH`?>58VAOAuYh>%}2N`*kCm!nsw%!HlCzNp&G8L$)qRbC-1LggL=&
zq;23kc)^fr--H3=C3%=O2l4?O>g;g@T*@Bfv;8FAD-_ptY@^qdkV9UzJX~YSLD|Jw
z8<vi~jTpbr=XRL|jCPY8c8`K%5^X1mQbI1m<l+4nzB{m+jix>F!H+_Nrx0(l$hG}&
zGv*F478l7f#4>B1BZ|d#g*5A{2)4PfYu#;7fP2VROWKPWa&oX%+i~0P!Ty;O=OeDh
z>$qt0N_PyI)VH+lD?-6UZ{DQrb!*ZY&3CgW=-(Bs1R2fDV+Lxzjsn|LnR!2>bP?El
z-IXtYl1KAo(l<C98Q`lsa68QPm##pVh!v831VN{$5q=!+fU-O)u=PJQoxmHl(WklO
zoWS$^U>(rCG9VLj`Vh9KRQTC278sQkhVN_qePAT@v#qJVOc+<a2W7)g8%p`e9i|-P
z*bb=@XS|q5B2Tz_{osBKf!(T|qO9SPr^30#r?(CvPrXmm7K~|-e12m}J-yw;+_$qV
z4@_wpZ#c%PpCk}f<5Jgia2Kp5kw&pkKA#GygN85tMDZ^pd>XM|x`WwUK}axooBQ{r
z<U+?!nat-%5q`Qk$S3<Hj9zIvU*NqE+SlMoETnSrQ{dXjxO)_-Z&%3CU^||x@@uaA
zCga*(d|}_ykuM2b%#{8@rp1f|GRKS|E=Sh;$34{?1=zM%pT#$NSu}zQ4cs-i3TD#p
zNdv7Oe1;$Jx7%AW!2`C>*+5}ilfNQ&N6#{vCNAXe^C4wnHrhT%c4VJ$T#meh3a(k!
zF9>)iPF&2VY?hVhvr-A4<y~4&cyGYvr&pzldQmuITRRt=#dgAR@7#7@2{4KBGt!hN
z-BG3xf0pqau!HE*^kYWd5F+<edfacj+ze1jc|ClZlH+!Lb4ZgLzK+z`<xj?R-VuEC
z7lnec8S=h;hyrjUY^U>Za01(qD7n^PmUiib?1ST>7ExJ-V$-eWh^O7$g2fb#-P6dU
z+2k}{YM!K0GUCMCEfr@|N3q~GM%1jrsoUVm3|=Dd5zcTf<m!JZAHI*V8H@Eo1Q_Fu
zvTo{d`?1vmpF>Vv2CILOx$_M^FRpgKuRxod5Z~~UlIscPOWHQPu=8kP-qW749ehp*
zC@}S)(HGg`U@IwGwM<KwBI;0sF}xDjKi<j=X?pTZIx#9N+Cw|0&RdqBx4XHEj!-jQ
z+PxWj>GxG`PpVSZ@9yUTmiv}-x4k7p1LEjMBcg1r7c!0cDLGL{zgb>6(SGB(_x;-7
zY`f;<_)ZVWT9X$kcIk^bd76rbr}TmBoF0#|qF?VQ)n=rpucJiyM#!}ToY_)c9*@e3
z;#?L)k!l0d=eQx@xbXPW+^UOE_Wpgyr}4W({jD!Sn)UNNtIJ7;mPSNyRz?%#Y}_te
zRD%F4RL1WhAXP)8X)1DXZl%{E{%{KG)$4YaG(8)ZqbZ3uZ5zhjRh)V~8{w_Fg-RR(
zPvN1=(qam`tI@+d;?vW(jj4)DUW|dmaCpL-_eQK*>Vv-a4pw+$hSme<P@krk(B<ZJ
zReUFAVUqcsYiUI+34XnRMU56BF30wLNN&VcG_lL|CjJPqn;qkalC+tAOvJ8vbF<a{
zpk>AnlJO(^PK|&8=IQaVG!K=I#ZqTB)eIb!2Y`>h%7ALoK{Xjb4d`qnA<NbUt(R2R
zJF_mX?)4dXh(7C3CqfO^SoD`B&e}iGk;N(vSfW4letX9WNmWi3J-Gt2OL31b&y;dU
z%$3(L_BXtf5PQVwjHQxjQ{A&iIGJSzOwHVrXdnYmPA}hoWSgbT2oG~hOuoTg$?f{&
zC9{hTfr%3N{#?&$@<soHKxGzZA|7GaUDzc7pnk!hLCxrPZZM=Zu#~n1`MK&AF+2XP
zjE%wZ<S#eKyAkk<6u~dJ3)>Y@sr-#Etgd{@&Z%ou5iu=ZVoya*81O>W#mYGj0PFsz
zhrP9)8il5al%DD`WB7Z*2c@AqGQPT!$fmi6)`t}F@d3w~!LrpwAMWPe_vc+|O!|}d
zw=Gs4ldXp%YkTR1H|e)}cl{qjU@vAcJm2K?<4PEA<&w{qv?g1eMOIU+HM{Hfo$j2|
zzA_h(`1+YSSBSQWq|M8c4PrL#<`{9)577v>Hj=`$aeMdLrr#(>;CYhD<*p1et{!wA
zF7qOKn%yw7vQ9P^-cR1WKYxqBS6TzevZ)pTh>AxmOcs``IK8^q;AxC47x#(`Qck;d
zIS*S0pS1q+xil>JRj`{|c*f$2OjC*$fmkf5;<nFf$Ic9g+T$_LX*te22t7cab;H6B
z=ZQ&$W!rLszo@mndPb*S*L(QIl4?zLKE#jeXZXyygMt?mYl$DJl(pTNO>=gjWo4;j
zJ4rG|Pcn@X6+U%!Juz?sN`|j3Am=o5m=fF&GviUL3(Mu)WmEc@7pm}1`*2E9Uh+%K
z^c=gynq}LhLRu|>oJRgAE<CN=Q;U72**7WR{`bYYMn-&QH0|4aeRJ|P30GR)%FG3u
zuU+P!T^Ju+R0<n}0OQr_h+9B3As+UHlY!gfFZnIf*DXYME!w;S+S|03U`~}65;)g+
z@to4Wo?TqbpH9mrPA37rc354=`^P}l4#JpcVdGtjsx=K6zXM(jq--61s#9ZYSpV(*
z!P5XULAzeX$@VftT_~KKC4vZ_)N+^FVMN4T%pgAF_-OdkeCkcv!)FRTuZh8)f9Yl`
z$oEcVuQB|<;48|PF?sQLDz7DWrhN9ibzOV0shP5dT&w*Y!K&7V3feh(@)d7L5p6Vo
z-uIQy>$46K>($bIMA*$OB={|N+$EH;$mJ3ou0kWozAloi)#{l^aX;5}sx5jitI)cZ
znPfSF_tjXs82o_q<E0C{84_yOJpiRq;NOX%aV)-o<|ke2xzmeUSm#$2g#{5}T(!GO
zHnT`aLUJ8O<bAeP>Pnu+J#4HksOu&-Ei@c!IA2{?U;k1TAeWvhASTa=bB$gRb%;>E
zhxqpz9Q?hB+H;;VPv6a@?Yt$vN!>NvTQkWx5Kj5l_vq|z1MQSqPXEPqu;SEspb;36
z#QjV0Bnjtpx5(OG0=|r^)uX%jO*bJ(OB$b%!S2;$*_kCN419v`^&g3NJ7n%NJsq(Q
z3^8Lt_pJ=I9-9k+lLe(2J*-!kES?5PgjS(&pVMBAFu&PiiG>j%ZJK}QQEY;662^u7
zbK089mXgB&Oz+Bu<X6?{@^L@My2#oDg##xaZy$SpDxGiix0GVuEQr7ZP5>D5^u+?j
zdY<MEomt9d8ZvPs;WBPtYb;bJ<48^Ju_UfO2Gr!u|77NQslS8wqpZd@A<3X$eqkFC
z?-SiExz5kg1nHJSQD04+{YaN?*n`ikli4(Gj4d7Szcu?b5MxR!__enHwK&2&D=;W!
zdwcIA)D>p)UVrv&icm(|_}$mebaUPbQJm%T>uh;?q*LE*#Bw)ba)9`*gyNS1M*6K|
zZwoUE2o3jddm>rl!PzNrtEck3EplTnGZoU04)rz;o-p>M@7dR1DS624b^$IOcO(1x
zt%gp3DQ|!@^o|zS3lSC@?cHWi1&V|OvA4R|-HPkGnQ0WGcm06pI+@>@eOZ29RwgL;
zO6TAhJ3CN|2ZU^?S#oCPD_-oM+9?QxHzbUCm?pln6%$BrW{s-QxFb+ADaUOmVLOgQ
zv_|Be1qBvy_%F~My_@?xaNuSTZTWbMj#_sPWv&0!qXhu6u>$@8jy(W?74^rL8QM&f
zM+++|4*;Nt0<fUQP&DNa^$!5^&@J-N|2PF&0Pr6ID>~8o^QQ%%z$ri%fUH1P3NXb#
zWC{RQ91l7Npep^R44?pLqx(g(0{<fk&4w02f$k6+%|{=_ne{(pp(}uB=eGbXC;;$}
zAT&a=Vr60T09pS-p@#xl(Ng~akQJT$0W2s$Tjx*azX4Xf{eLU{$^JQT;}4ZkH2Tv-
z3&$DVj5AA{+kx%R0Z;&|p;%C=QVRD{uzM-szX5uXaGYbIXbLb7$cjc-Q1pTRzk@$V
zPJ#Xfe-Jv+0<!*-!Giu%L{tBvpz;3`09nxk`Un0D;s1nxPR9Q%{<oYKfWch{@IQaq
zKPTtE>i;?2|5f-e{Aa-a1Jr!jIscXa2ZOZ$I0f!iUDoyt?$uG%IXO_QC^oi#eiphO
z=Z~|`{{jcje5j=ZXO<RPAO!`GGpZW;PZ$4x^8fh=09nx@{>P=t3IOKk=c8}KKk%O`
z=T8+z^}o=M<K}yGgyP$io0stekxxS|;D)n^zqfwRhA;lhe$Il5d6fhC-FogsR<6ph
zhD@W@)+Y(mg$mj@v~K4o-2wPc^&_<1m**9mS$fJolGIl|QVD=RjoCo}V|o;pGgoFH
zdgNfs_+E-DYJM?lHguzL{v)PK-G~*4gr*UaM;JQAXJlY-4S_BOc5^1u^Pz4MxPIsP
z8h6DJ{VN;BMeAH#obIz@W`Pas{AuE*ZPmK?RuKE3q4)Zq8oRYtz$`qov&=Okub6tM
ztH#3q5}d_spwUeKXx{14tvWh~V0Dm`xN!2_*#5qE?;+sy!dij5%rU{@HWpX(A>uoU
zrq_ZW9WIYTd^&q~<7%=}g7wwB$m1Pz3C$ZpQu4RkOiCN(?UJ}^pes;(oEQ$-oUteC
zja98bbqby9D+bF3anN9kF3fXtv*o1mXZ*kycS!?ZyGxjKQyvEAd%`K^0-|D>_cKA0
z;CK(ri7EfrZYFq5ymgSCT-kyr=j(6vNn)z`4XKA(I04_n66n^#G2dEgMRA}m6-$>i
ziB2Q#QuYe4qP6J+%CIav&Rscm4qyj7DMUdVUX{V-I5}KjbV2OGGak(~f-KKtdo|^;
z)2`H&AfU}=DduMYY9dO~hVbrwO=i3&BiumS<F+}w;f+{J1??9vTm$6xKNB{WSiX@R
z^-jZKT(iTXEUmWF5TTOJz*-CkS_;qLxdNlof$WLww8fW1<PJq+YYb(Pt_m|&3j1y0
z2$^wGsRVF~;>MmRB7^m#oMTZ?Igo+z@^vrtO0-6~W;~0Bx(#H>oiux_V3M_1R%XTO
z4>Y{5){KvcrSUR65RbS<Vpwe6cd82HHcu{oaPy5GRn_9mJkT0$0XD>GJKQQ~jv|7;
z)ObS|nj;0nXV#WjW>uM?LkAMurjv^y1}>KJ>hzNYqHeg_?B5LwMW41*{Z2z1Lo`cO
zJPRGRP9q0LfRwV3roIXN(HH{9?>ECYHC2j3W%wJDXZBO`Dvv4)OmEK1P0C6UnQAcC
zIr4+=5bOdP4c%`>tng{I?kzUhwdEMwK^m69>20H=vqP;zjT#ooo*Iq1rBBwO#3!}Z
z6kJwG82#a^IeHdht4n%xByn|9rf5ad9+!&pH~^z7m4phOMikC^n}4V^#-@9fGme_<
zh9mRpX(GEA#&Z$|@bWS*4c-_PPDfHm*s$8WQ0NJ=g}y3kbAE>-3&kS8(sb6hIunf?
zQeeUjApZn(CK}3YLMfw7u6oLI<_@uLh^Y>4?tM}_=I`YO>s#Tc)Wu&8W@t7)NvRAi
zgG+>dr8!3=S;=M~2uk~*7?#V1?AC4+L^Hj|y*)DGhwsLeNqvfja|YrJ<<^5ScBm!O
z8b5oy-OViTu$ONk)6cTk2#@!2Gq1?%2*8kPeMa(0oY*P!?zZ>DUx?dnT&tjFq{sQ~
z)PA1AhLVgME(D(aSCHk_$YdH(y~^`*&ZHVnmmLXwH3t_4jrh#kd54TJJYg<Hq+HkO
z*H4fz$VS8!k*p_d=l!=p%a3m|^+QGR;y3r%9gF?{&51?*uT`|Ras-HO0<hLUq9>@I
zX#Dpi9^b!PFbF>G0?|%u0A!#|Ky(AT?)MNG=-+<mHbWQ$18BYxG>sL_`iJy~9Rb9)
zgOY*vf!G%4P9M=K5Ly+oMWa7`{8B<UR>GpT|4;jVbo*^|XkP#xA9`MFLihX|&Gc_{
z&*+~1biVl?geH94LoZeT`-q31bJ~-8ybc%IO-Oi!N01Eo_up7bY*6f9kbFJf(N9o7
zDZsA|VE2?Hx7cMnhp4FWGHB)R+6q&`T~ani&%lYsJc+RYkSP}x4}ce~TmWz@;Ub1|
z=xG`oht*wK$rS35NX=da08~Obfl34wnu`EjB??@906-9m$qp?=GZHo~0vM}FGnD|q
zgXr2n3JQ9<Ukn1=0!ZQj5v4#Y002`7Knwtu;?9eZQ0XMz!B~z5>8+i@-ryg%c<$Co
z-sClUWC`Yj+!mYe<p_-Xmij^jhC5#X5hFRcUA#!fdZ^bRY5v+wf;?hZWd71l;jGg?
zv^n@odLdk9LeMDf47pJ_ZLS<&v4MHW_I&UG&<o>}XE3f)z{7zu7rKAHk!^6ave*eZ
zix>K`QX;9oA}F7C(c2v&AEiHudIuH2p2Nr2DnDQV0G=C@GdSmTwo4vM+isd$rV*+)
zH@qk_R0AwT-UGs~GjBG5{X3C`jkalGz$$C8Z;hc&HS)nN7$a*}I78`*3JQSfJJXF~
zc=3GqR=?C*itdiIU=kzi4}3zUzD`*DO0BI<ws~hEsnsF7cUIS&r)S3Mh;%J66s`@b
zUI82c019_q>s|LK)0L)TPdA}1lcrOJOf7ZPeEhd>z~zXzN$f*welPPbLU7+Ub%+x&
zER58ia!lQaI|Qi6Q`hz00agWaqo3C|LVE*7!}nYC*e{}WVE|xo2wf(D0sxE5(&+Sm
zg~$QBVQp3b0I1#sASl5p$p&d84gtm7R<IaK$apzxYlp}yScfGjT-0I-c#WWF#^<ms
zfKEZ}*dha9M1s;ZQ9Hwf${AB*l_8?U5Y0r9oB?nHV16!8iCe>X7J((n%gc45m1$91
zTNT2`_xw;zt2t)gGRHw+(lWW7-*H{4!n;DFGp)5N%>pK2b=!5&TE5A?o#MvFm*Qp7
zNL}IOZ7h+Z?&Ym+O`W3NN$urrYE@gl4qdM>%j)nL_cG&wr8y>-uX<OgmnU~<tfiSr
zwOUDaShdkec1fja2sSb#CoY+#b@7emNUhOSSknm7Omw(yucw%;OTvab#ol`-OG!Es
zjJJAva#=L0Cqs$tVNyGcPN2jcBN$(Dg)+?=HMN+ihg8-QgRYZWVV=I@EbK-po~A{d
zubthZ#VV~+qf2UYy>>gT!@G8krWM4nU7no0Xw}-_ZPW@<PfIcKWHggXbFxZK>s;RT
zt^iTD*q2h-<4BmTTD5pocu3Nu(d<y!udj<XSe0+C$B<!4wsvAyIC-a~8M;*oMiY#A
zcL_!(w`I4QI!^4+3|sN+FeKN_`&ms$rBbN_EueVouv%D(MfrGVa++g)c~_NG`M8->
zgOOE*=gZxH!&7pf>i)8<yL|ljDT5ml^HO9IgXdpoN5ux!qV7p+1|Ka>n@Zq}$%JIZ
zW8IDog6LNh)=VA>@i7+)?R$&1+wlW}SocAjH`HTNs4&1(D&~b9%LY5W13Mm?6Wfcz
zae0mbY!q?1VQUcb5HZR37@oSOn`Q<C(wEo3k!M6?_|HGdMkJ2YzA>sGPfiok<H^X<
zV0RZg^Y5<tm))(~^DsC2sw@N}jp?3w@x6~%nG;CB7BmS<7M6#MYX`3rC_O;uyP}S~
zUm5#pVG`RfIm4M}Gunt6yPCjc9VR57GdZfUXOMVk&m}5kBv%{!7O*1zet!t7v9MO9
zU0mle(_6~9s7rqUj>_g$Q<3~=9G|&dDHb_DRj`@JldZ>AfyfU&;E1_v{xOm&*KIt~
z-+%Ez4YPUC&<pBNk5kOME*bQud!tLVh}N%}(D{8FW)N8mxnZJ;a+uj8A<3_w5jO)6
zt2677sm}g;Pvj>V@>J6was4sN&!h}PTS=?b8Sn|H@#!(Tux)|1n~J9aid<nOhoPM`
zLpl%D&xn>PKSSt-FJgw(D-;-LKx8d!qgwk8Yotb8NjaiX&$3`(Ky8LLS(3RZmleMv
zq;Zj+TXp}E)DV3ef4}$~?i_Dq)XSQUy+WRmO4df-Nj~pxYcA%qTFZ1<Z(=89rMU1a
zJj3lVW50W#88<#<7#kvCgq5Yd{`@aBZB8=nxsuPeq=Hw9*eAUy$lMdQGsaIJX}bSq
z1OEZHK~LM0UI=iZ_s=#<UW&dE$$<=(J!69h=!&gg+LER_te`MI>^Ws?gs|jRg(2Af
z4#aVwFmBd+Y94+44X6}BC?m^?UrF1t1k7j=KTyE=aYf&o*0qBUBjk?W)7Eu=tULgr
zI>b6gv41Dr{Um1J3?OkhkVeXVKN9MTA&MYV%TH-d|9O6NQV<_a<M9Ob*^vdw=FK^l
zes1z^x~;c;;#oCH6m_pE0g?h<#c&LvrQ=x52HV0BV-IKpqfld8#0CN}5f%ot(PGU)
zU#(CEWp-k2UOSnapzmuD4umzn3MU;*2D0jrk^Y@4i?f_xiwwBq>#E8{DH6$BIwZk3
zJ|{W0w3NC~GOk$SA=l)Hb%cvXg>hUsXobr2xz_sE9yp}0>F)t^vmsuxgzVDq6kIKT
zK^2dN%9U|@fA|A~FX#Ktm}IH0_ibd@4AZhTk}F4C&T<MnA(uAhU_DC)@*OS0L@$~p
zC6QN&I?=2FnF(}8$iLHle)`=;#2i=5%H55H5-K}nNzX6Hk33YjRWAd`2AtZ`w|P6|
z3Gj-mo2Ci;ij)N`bTQjFMZ{cXR1yuS*lpOb$f>B`CtzJ%R%Y>>M31J@X$AxHM7My?
zSp9x{eLu?)N_@6Fs>DzjJ9h+dc9T|}%2)YL<QKU-8F5&-88s876u_inkR(5GAAyqd
z303K|tf=-;1E=YK@R?7){bY;Wy!xuzYLOKipW?MrVTSn97&MaT3nvkkV^|VOa|r+F
zhZ$>{s70QI<peM>1A)w&vOm{{6r?rr@%a=aDn;8}ibz-C<cLw=si?>(qDuU3Ul6{u
z!}O9Y4iWO+=(Lf~*?S1PLmH<I_*s5exGan~w+>1ho^%eBA2N^9kVU49#%d8?XE^L0
z2kS$9L=v>52ah_Z!x?d~M9SyHWmLKev^;XUmfBDwk~u;Z2An(ZcdY{l5Mcon`NU`k
z$1fOB@WoJ06T_ZP`tUpt9y6m6-KL1jEcBv`)+PRGmexxWd)7O#H%eeBC2}(D^>sgs
zYYBR#W5>;2t}j0Nucbu{-I9U%bFVwaxt~7el}`_cq&l>zb7Dl>*-sU!*5kJ45BXyX
z`44YCK0e-eqHWjy01N5|%P^TA>p3J*EJ+mbGZ_HI8@j`J<Id5wlc=hoLq~aEOZGI4
z`%Nic+i-9d?_bGSFRid-Ysvnm!gIl(BUAmZlyF3*dVISe2X1~T{8IP$6LWJ(Q>5&=
zD}BKu_;K!Ligoe%5U|NGUu!ox{!3?7Xg{toquRYq-fhrv^e;(1+Hx6@D$gYhWPPg3
zweA36{yxO4h<<FjN1b?C%*7Tk#~)bbn-D?~FCX76kgdgkZxCxJ@#bA=zw7YH;fl%q
zH~5vknfuvC!W^3JS%-`M&R7au=zyZskLObe4@z!)LNUto2U3T$)H@8JAPra05&xXE
zmxFvR<@9tVF9JKHt;{!2jPa<IXMJaSX8tfuPnG{e^DAvNSvHC6wPQ~?Th08=r2)Qi
zmZ=G^$>KXC(kytcQ3%`3--M<96J%V+tq*wsft0pqo7M}jc<e=8xY*^n^$?WoZi*Um
z+OZ_h%-tacCac6(S@?UW;?si-TTn6PW)4VL13iWX#ddWx!8;hYWEU)HIJs(v9Fy`U
zD3UF`D`y65mxQ+xwbUsh6>eS*L$Q~<9_YZnaIeLlVfRa0JAZIri^4!})XdQSaDIr=
zmpi;9IWRe|-x^tN&op9q<s?y3?WRFbv`;fTZD`|L+OBimqC6IeBKzSSJLA{(4wSr_
zD3#d8=C9)=-t0{{Xl`+C#jfDBYP!=w=Q@=5h8MDcJhkzPmz)HBRPlJJ%v=_JNWMGp
z#%{urF)$mX_SIH6By;89J1*YpbON~J!}O_OL6vl<e0?XwlB=h5knxTsffW415%>v&
zyzmv;Lm_5GDCB$cOHe58aPMGkQ|PW5#B*(pzbV5`@S9o4+6)i;VtQv)BDj>kIygW6
zaJy9oE_B1<W64%5i!I(@SII`kam3#pQcDdAF1T?wdoeRHRTC!vW}&(?Ukf$fA*15J
zJ*CF<oQ+H7fo4`wZ5tX!NF(4@=0sdBZ^Dzl`vHeeIJ&{&LjHaI>ld(rd5a~*oSEwD
z9ULhSR>vfsQL(l8$tmwPYc&kF#5Z&OnLQ(PBVuyTiQcv^w}@S(KBsiI*Iq9RR<2vl
zZZ}ia;l3_Hr4LusJq63LRyKOQ>(Zj`B4N8EdVxXtVau#ZR`@+RrHk$i)vs(uEcIZl
z+BdrrUwOSvD>MW@apm~nv&Spjgt(0QgR2i~2uz6k&PEe_)SXwCNZA0c<5WDEZ8mCR
z?jIg)qSbRk3Pd6n;UXRB*`4!eD&d9j8P3otfq`PPx<vJDe~z|q9n@mAt(@Fyno(D3
zR5>}3nqx!e8EV|WHY?cPCsW~(8w+w!ekabCJB@{@T;~ksg-m`jj@uTS?}wNP>01Q$
zext4oOfYft@JXdeBY>MyNVxY-*jl#E@-P3^l}hGASp#A0*Kx|RF7LGmX^-c|x_yI+
z*r*E4S=;e~4YVV!(I4M$I6bMP{g-RPMqt_$J0wxVa+;^w2xEf!@)hPKv8sD)kM5Fr
z8v6Kp#B5`wRsHyuMuVL2a4|I^e;RdBbbh8Vrk&$6@9nD1#_!RL1Mb?MnbmI`=nS^X
z{x;W$^VoL^YljGf<8!8igSptfodkPhGa!81u!gK##r$F<j3NutR3B0!4has@_!b#b
zBi~kAXiQE^JC3}52(C;S(MPW3@J;2f)Hq*cq&K9*@cC9Z3C(uqr<mO`VmDTHhlYxE
zG@&keY;3n?MvAv)rssPO<vj;r4;YWVAkSjMb<xndbLRfE&EC#->m*yFG=81z+&3Cv
zm*HU~N)z;{-BkZrdqW*DJ0Ft7nHw5{x^un*3u<##gjA!F#cl$H>Md+(yb%)!?Y_B{
zF?nG~L~8!>gCy#(OSeG+0fOgkZ8&UK`AQ2Mz|P?CGYEaUU?buz^I~isanufnaKSWQ
zb<HO3zit<56+Fqaoe=|Nwr9}xwy79bwyp+!<}kL}cvTntBE~<II?{-rqKc4J&h*gB
zrVp#h=f`0=&vT<Icc-kXR-Cm9v4RSZbh4`MDaP#VmIs>ZAH}q`p<tD~I!oPdc32df
zkL~tcEKEM+k)!FUmy>y?q%B}A+=I*K(k^a!xqAZ@Wm~VCY?@WUeZI3bJC<Qn5%RS)
zLN%Q6op5)zr?11n?y0(ed^?=uQzX47UQO+C7T%Pak)qajzr)^S309GA4t!_wf_B#0
z$9kz~Ttn?C#=+QurFf&>yVqdHwITFN+~S|bSR63e{xyHwuUzJYn)--PimyH>)Cro7
zt}kSS_W^*OuAxCP{}9kGr~tIZbEwu~V*0MYUWV#d)>`6WOpPWLda^<u*3qQ+s1Xp^
zY}GXEB11Wdq8w{tNM7Nmt<k<;jL~1x%;eS~Rcna8sTJXr?{u(UZVkv^4Ws*tFdVsZ
zJyD<9r59tv)N;e3?PKS}Oy|%#1XsknD2}0PUIC5h?K)ol_`a?IDQEN}I&TMtPQ^4i
zGfrn_zt!HGTo|k&5IgOrwcTwf)ST9i4?g;}<T?6j&Jq9TfxZ*)C*{mieQxfY75yss
zv@cT&T?w)c4K`Lrb8<>`t#+hzwABza@f1*Lh-hnRmH2v>fo<193{$zWy2S-S1}<A~
z_h1Ve2U=%K*<<W&m-5}dak=lPP4j~tQMo=xj(v#avqd2>Kls!nvS4>ex97PVZEsF_
z@C+Dv8FE+@^*k%Hnw>W~3-%YJ{OD3%?Za`}rCx)U5|$AyXeF2{tEc?p?r_J}p_+T$
zl*$8T$SdJ-?3{VB(w!~?1z=GCLPCQ>Lva8WKzkg3A;66SfPn{?f)}zoDiHx%Fh)Z|
z+5r;yg!usZcj#puZI;6q@6^YJn#H?AbB*sTTNb}8sX$#Q3b|+TXc9>lOITl$Ybktc
zx8P?g#G(pbGuz#Tq?cMJ-+37z7FNjl<x_Rc0Sq|V#&k3pS;ji3F<qftGPW}*dT>g;
z-YFAkuN?ci|KZn|VKCBGN_B=_4n?25;MkJQ*=SrQLj&IH3E06(Fj$)#KvsENGAt8q
zz2}^N6x1`Yi{PskgGF@hn+q+HpipNLapI=D45cHGudvhFI(MNI>a$3RpEI7i!IUBg
zXK-dXJbt+_@&ixO7q9MfV~rS-xwYLYTLY`@;x%>VPz74vIBNgN_!hEq6^adL7yiZ;
zyz&YVyyhO|iVb$7_M^prWwSP?3CqUAHnL_O(-cY^7Uyd_5tJ~SE3tHTWlV<6aLv?r
zhn@F_b6ATthd06B*OTuCCN*V!Ej$-p*U)9xIXlxF-*NQZeb=YSiRy!;PlhfvT<pt7
z=f!%Js*bo2h6e}eyb-;yDa>iN1B2w)zfRVLx<EiJSh4)3Lw@rTbSG<T6I13)epDLL
zc*rgTSKay=T{l5xwwSuU*09WMO(R&nH~ixKSe<fDi;Go^MA31k4+OCq_u#9Kc*#v!
zF4D<lXkA#yYZvUvwE2n4L|=hHy=Vq-dnP+Ii#g=~LPFy#Kc~FNlwniZ#I2yQi|>BI
z3>IfcJ78V713OLp;^u8*UFXD;S~zV#cK*C-qRnTzccH7f^FlknhkR)8qCaVSTd4fL
z&Ic9Mqo(iTQXv)`Im67y<RprN&nb~1F-D<8r$0`#%ocpSWDA(lDXL+JlhfyI_|n&T
zI7Kh|(Oo3<`kjW|NlYRDpv($zqXN(Y?XjVBKqX+Q766YGfcfWwRL}x2DFHC>(My4)
zfFVMF0APq11B!{pEtmiv^py($VgUgDdjJ3)dd<oojW_}SHw>Cd0L=eYRw;T*8a9*$
zod9s6SOKh1010}c0<xenE4pVW@c+z!_nq~BlO;g__;W)I5dlg8i<|%~G5`?0j0)gb
z1OUeX0M-n^|Cs^E!uh|+!iiD>q7TXf2&DorU_k-V0D#ODdgb&<h@if*+@Hrfu9Lz;
zmMV43%14vHSen31#Z>4SCjEhjZPGHz=iIt8y!`gtCZj-nS~!mGG?g2kYUOm539Q=g
z&(@jH2Hz;I2*4XvAWlZx^U`Z|OyCQbavi-erAaUTP|!>_TwGkl8v$|!+kOT+A~)%H
z4w4~LI<WMa^3q5l6A;Zh$k^s9LS?b~0yT5IW6-9>H2@C{(8jWWRe1M_X-h78?{<5)
zUBqzs)iLO6l@ZgJBuy}i;>8Lt*1m>ji0S6k)I}6?zcI!7u;X4GE7D^vBw>U%k_@#B
z>Wo!S5|AMu-B_+=tc#<GV|LR@eStSw6f5PedHO<6rqVP|2cIcvib0ICKh}$4F_|&9
zaHBFnrsn}qV9Ts|xDB5Tnj(^+>a6jVTg}LwvDfkBiHzH>4D-8V2&W){9&Z*8eXLb|
z+Puf*2a+6q(ry!_i!{=$k#OY`6XZkmLm8e$vmdh-{*bVeG;Il`XG~3zB%#QTJ=b;)
z4JD*99Or|0KxJR~JH_&2v@1rGVHZ=sz)13jtod4)+g2(VOYBXRy0m7@5Y02}%P>Qo
z@x6vlp%Dg^FI*;r>YjtyI@@~L^Ar^9VTo+t)H|)e6hQz2NS4q#^97%fl=R<AUyx@`
zpnxS7@!gp7$q(iczxoAkELCx0Oy!F=`jx8`2BK51lz+Ho0FQul&^s9%2@$s-&Sn86
zta~V78VEPzp&y63c9VH##k}r=+cQp|jIId5;yodcxo;iw&V==v(ELkYwcxk~JX5+#
z1+KNnwI2l!`KOl37?Ec~unaX_JeGu>Gi9!z{z&eJv#-wIi2zJ=02ZQTR{s6>Dp4W{
ze)A$f#zL?y^Y}N?yX9dI6>5ZJzKPej->(kDl?8lbZ;Pk}KJ65UWMCM_h9)MHb{#gJ
zGJ_fl-<Ue+6~8&!4|-?R-x|U3ijmn-R(40F)U*$@*?%BbVd-{lK?V&Dq&YWrCGISs
zIl8qwr7YBV99jO5cZ$_y(0>bldYet*ytLk_;RXJh6<t=R*#>gNvAbB$X4}&s3OQ>E
zGfQn8ltwLBA36z$lXc+0`fWoKS^%Ti>V}?Q_*||rvfy441Y%Y3KJmv<y@Q6}K1DNO
z>zR1u3i%2@69HV`f477QphO7p!*FZ1;Fqs^4MytH5}72|lKP(-xTHAm7rl#N>~B{u
z-!Qd%o1QOe!S&5=zHjY>tB>e=g$jgXbehjM;6d8wJ&4akfKZS4(8lXU>Co=xZ+)w8
za?w;(je|b2ip+*DESLMdjbs@}?Z%2j<d66XrAZsePhu9|@Ju!c`M8~8F}-Mu{7OLg
zI)^D-n>Z?^zd<^R%{Y2F*NF~}J)GV1G!-pF7ALHf^i9!x@im4(@^;?@D85f>f2ZrR
zIeyAas9E>avxB8JEA-Hp7txUxH>V>>ISWS?5io0jkYDB$7PE-C>G=fb8Z~<~U3-iY
zQnc#xFJM9HCE07;y_)bk9F0|3USrvb^cs}JQ>|@@(7c++gjpf2-Qo(v+<Hlw2=DG5
zgRo%0b~jVrHP|!M)ysP5VrDx+VC}s?eN&+&s0q`1JkrldXTfmbgIhADy+yH65P#Dp
zt1OA&3OHnWc-16?%bd=LQ~YF0BI{-j$Fhyh)QPYwkM?wMA%uU}%>V1Y)8r4)C=xs{
z*8;mzn)|9nqk+uz%(2A>gwmGs*&P9c00#fsf@|IP;1Aqs@HI=gDU;Asvu{D8W!@9(
zX~3a(JSWNH_I^ZUPaqA#+XZo$JV1x-8}UPIdDOK;u&9Hl<Z$UDDKTp}a3heqaR_X=
ze80rmc@XLCBk+Rm@vPB<rbZ)gJUBLu&)l0+!?EoZ(P9*R|0&Y|V!@o{G^)O_c+H6f
zaTZg<voj7i9tNLqob2}TkI%t4`lDsqxgG24y&Z~~aeci#YZ*?(L!aT3U$A)rAwyAi
zEzdGaS??pR5Mw)G{JqPQ+<biqMKj7OO_DARP}H6n@yzKNjsV?hk8&<z&S#$%VfBzw
zHm|$;t(*WeE|pHi<z&oUIYQA^Da0BJsJS*&wJJc$PrWDHj0dZu?-(TeXzAi<hw;0@
zM(4w8Y!zG+>qSPs7zONtrU=xi%i=Yw(O^L%nFQC0)COBrDcgFItgfx3^I@T?b31rU
zz?iA3l(d&r8K5P39$Kib45m`%EHqbi02kbqObt<+OY5gYwtw5Ugj~2BSV{yMU2U8%
z*WPDJ_y*C~J`&RL*8|WiC@#oNRNt7?$w2M9ux$MX+bs8{WWU&AFmiJncdMV1CeUn+
zWElr@vi5{$pj5$Y6s=+@Py=<vg~MN$(Sjp{yJT%uWDvWA_w{S!l!YmZRaA$c0}=u}
z+vRSsvF8&oyK!8qC1%Oi9qad6$6oVVR84^*VYb%Q)I?j`Fy<`JvxjcszWMYH%bZf|
zw}aZeiPAK$?TGR^ZD#X242#qQjo}V-KHe@l!d*+qR;l`>LeazNb_);cO*dpd?*@CQ
z|3yk<k2hvvi2h`?i(SJoUw5@DP2GqPtaH~1hv#vpe5zI2dUWmq)Z5hy$2L4rw<2f>
z^>(H1+*B>jwMp|~bZjr5Ny}?y3W;<1oSS0Jq63#Bxk#RpyT8$JH8Nrxw2X9l|A9ww
zw^Wiql3(b71(i(FEpgAmrzW)-R!=f&%HR6B^qXdSx@klzWz1%om-qZyj)Yk~towuQ
z;y`gtzztg<R$q;c`|^P-f0(o~Vp`s$&oq0v`moY~3>Cq0#$07i(mP5SB-mQZFv}3w
z9m<r-p)#Ald15JdHR!c^aR1_zR0mfuCn(2Pn@AIj7UVY0zk}#LsHu>7dgU%t;kJ7{
zB`&-+7E~9F*y;$fM7^qUc5bPKnwd1Es+zBCIjA&#^+9_qiny0+^{G|t>=i$o-D{AF
zldC|C(K6ev<aRFR3OsmQfo%8fz8<c(w|jvchSe-dS`Rjg)G_f)yGIthyt&-Vd6xDf
zVYRF9i`f`0j*u|lx`>y8caJygX4t8=Aq3Rj8|b$yW?=z_N!(gua8oiZul3waU<XRt
z&1dt{Ba|-99E7PfCZSN}EbREvJi#+M#Pq?KojNf2oVrSZS_GCup>ZbeVRz7fHgl{`
z8E);};9HIR7IzYV{}SkiwS7D40<=0Ak~v{@z}y-w-kw=-OEltiuxD8@4vN%}YXU|2
zyTRKtA~qVX4(p<^*3c0VnET{5Vqe_<IM;TA><RI5?+*sd?ZrzNS@CuVsW5I3hSL(=
zIgtG@#2R=gaHQY+>49Z#@e!g>x-8&NfI1%dsuJX(s#Cu5mh4Hl%<(v%(M+2t>?c4;
z)N5Y5sg6TNg>;NhPxmlRCLr3-HjS~uaJ5F_=TU)|WLBpZb99_9<_@PoMTfcj?u1d3
zMcDbs76WY4Zk%VS5qoCI<wqiJd2v)NqauH*+;fBdj`L@)C>T)9c06~3uVh@YkhDd2
zq$$VY=crqf1F|cfce2Y(I`U;%%W#qM?SA<fq`&>dYiQZ=itS!?!<W4%(ym%;hZaeK
zgLj&22_ejZODo@`-?8RMmc3@uf58?J6GY#)`kQ)=<pMKNX5dWTVN?-sbS$_W19v7E
zs*I_$n~ZW}EFlX!m-Mz@bgsIkAaf^-S336Cv%_haJCpc9c9`BDKkpFYFIW2w0*??N
z&Px1DB;wcZqa&<b*ZBtY<BHZ)u5W@W6Ays>8dxN>Tw;E)wqGviXuIE5ZGS<gP75`E
z1F<~)K2R_U8U)CA$=A#e&p94|Trij<z4z$%kwg8Wev7|IEBn(~Zdwb^*a58e7MBD=
z&tzW_?4Qp&mEv;WW!-sHOXgwNqxU5$BJbAYc|z<T68=_tIe4*9Ljao>;~RJ4+S%E8
zMhd-p_z?a+VyKg6?ei8Fqrq%<Fc<|Zg58;9R}2wjg+X4x0M5k7ra|z;8&gg!yxcbT
zqxMc|d6y4p_aR}VVMD|w9@qJ$TIFtQ%6lW<e2>~rPpe?m#Pu)|hJZA~)cA2Kk6M5N
zuAF~Ce|?S+X`eF2cp+j5d@QRD!X^5U@ZscZsaQsW0v?ffa0=i@rNB4B-LS93%wNkG
zn_MlWK{_WE;$9S2VSa?RP)xEX<>3}n7ADP}`rh3*peFlJs22|Q>jsB$W7hVGp|T;$
zPafLtCWau9Egy=ptZ=?JYwItD(;p;Cnq*GNP4SmkD}1u=3{bt<Yte03s-&A$2-7yo
zcJSeDr$Kg||3}*`SU)W&)CtE4l%MUK`!?h#2+^+0Ro%HCo?o!WYqF%(1v2uebTh3m
z{l;TjqNlaM6vjzn-n=#%sa}4v7TRAb|E^+%=Ko^uEra3+ySLB5JvhOG3<P(#;4nA?
zgF|o#9&C`1;2PW|I0R;JhXH~U+?~NC*x-<aB+v5fm)-xn@78|Z`Os6<)m2^H_vyRu
zKIeC?OD(R7WQZ8{?yk|QB}7f0Cjb)<F1L9u*{ZD;2usXNW^^m*@w<ElzzMzM_^HjK
zqllfk04<iz6MLuhx<!M*f3TEQS}9i5(?ZyZTlG>wr0aA-g0g+7$BK2rNA*bKML%gU
z8Ei0t)fg`591s-kVHxIsT02q3x!_gK9Is6SgxI1u>VD{5yLrPuTXV2wc_oa07hGjz
zyags?QCi$(Kp;Pf_2hWbANje86B`3HmXP}m0;HE@czMm9P^{hV$?gW8I%csyf5m=A
z!uf`qOS=-3YgTG-PI{OMBaOCXA?`vF)?$uqs$1&R@F2ASrWf<=%fpF~7j4W&J4#=c
zw=6>yZnseR`4StH>IRh_`+d(Jh%$H>eHBJe9=}RUg5gshk9`WexEN@<_=+&sF>t#I
zR#<mKV<Gd1k7}LA3|c+a6;r?uWxD+7)USq{6u;z8-Wo8icN$%y8&xkhF-U#o$CZ0M
zL?uL6ozC^Z>cUeqmX#u8ou)jlfV~+<wWl+%#=wnTULh9N)FcBJlyP!CYt)Ez6+n&U
zCs@MQ0y8+CUB);f&Qisp5HboESXBVNH!M(+BT7UAva8*0;<hyLVzn!rmt{w$=bZB6
zh+=pC_wCGaV?*5*txSX&VM|KiA*E@S_|_F8E<<2&i#ElH5kMT&gIKFmOo73^=72D^
zFv;2P4T83bE`yMsm^*z;BcMHfToM@tOcEJ9IRF`P7)_g>c=qgTKWL_<F3~=Lr4cQx
zolXGBerXxg+SGW8iDnvK#Yr)D8GuEkddfmTq=aPvs~3iViwXEVJRFB@8_tsqN1-ma
z+#VyLvb(3qg{HtVieed>K3^#c^mRt#<>|MYc8eHRM6g^X#H1$yhrwe2F)<5AyPs+W
zS4qs!uZ5(~(D$u;nG?l)hh|+j)jGxKeV8P;=QRGVjpHl%@1$3m*?H6`QHjr~P|G9d
zuMi{I-AjVX{qhP6k3%6olqB#r&7?TaT1m%|mMoBda{19m0uPrEM5VRt8r^KRJV#z$
zQ`4EcBsN&;0++ocwvqGW#sI&Ksd>euNMai|6;}OBrrp5XC~NO7bzXbl`PNXCFz4e$
zex#flw^Qo?aW|EmzffgJjI!1FJ@li^REOz?@dAdNNYYm}KZWg)S#WUEDOKnpD;MK#
zt@hbcZw`0r6Q%hxf{fw8-b#{|ixzI_>hs5H0#vJ)!~uaD>p3b*mPle;4`Cxm!nC>(
zhd8LvK&QqfRzKGz4nTfNI=5D^?Ob`lSG((F#4;{Z5-yWkEGA|}Cg(f0R<`oAiIpNo
zzX3%Zy~nyb*#3JqReV^g3jMXMnx9s&XmOP^#9ZEitDXt0L@-`cIeaySKi$tNIQQ5Q
z{=Feau9p!PBS8?WyZJj0-JV+e%g}s7rc%68>O!g+{3RQxMpKr!(+j(NKUU|ic(pxX
znpj4mcGYzi+#@ctC*L$z{|sz&0fEE;BSDygc)(~$nT0H|F@&y!Y|~MxIK*^nDNC8+
z(p5BmA#PJ#<O^~V-mJ^ml$H+{$1vuzicnlJ>ki&<nszXsTyR*j7iBZ90VsKfGSbO@
z_l${r%<f{dIZPH%ob9oi^Yi6^L@Xb(y?>o7fb^(s9l>lk^n#yt)Ql5s<mT3$Hn3Qt
z&etnd1R*A}eaScmEAJ=O%fR5MGQ&;Sd)yxjRnI!{=KDsO4i6JeS6fJ0NU(w96ehW`
zmeRrEFob5wLy9-g_OJ`)M`}37466p$;v=i8QuDd)r12bh1Diz(!qC`AjP^Pqq@q~r
z6IhR_U0aOA&byrABZqk=+U(66NZvHG^djdHKJ>9}h6wL%ufWAx2V{+33mx1ebMbo=
zCy~@Q4&NnJLcuAFtp;TP=_R0}h~F^}KF|AvQ}6m(W;iguR-S~x%6!&Ch#zZ5=E3To
zPUrB)Rte2o*Yq~}57+D<p~KJ8$n2GfXKjWzl1ii`cY4u_5q$yZ#x)NMrNFOP>vsM(
z?~v_zQAZsi8BEnbLR71{JZI5%L<H6q`zgI3OVM9T6l=R0!fmi2hK|*uhR6uV?_KSj
z_!&D5A!l%eP)3CbpiQ1u{yM*%Rl#knpdnk*Z_1UXjdL1&AI`vp12r0z&}WDbXQFuW
zHYc!(p{&VNMLLG<?w$h6&R{F3n$3w)(8#8-N0s}@vmEhb&jA{x0jJcDt1VPwMZjrz
z&3L|09}|R)4_i4+9iY;QssBCyvkHBvwR>v2ANTv8MKp|B6E!nf@pV5S8nAwOim~^L
zWQ$D&5SLO+OadKM{50L5)huei;KPdt+unL`4cI|pV*t|7wr6j3o>u?fF~3y(et~PA
zsEzu(m@D;CK;X?QUn5TPP@DQU0Rcs5$H$5z!!~ccN;EEgS`YG&uIAfPT(5z#ENfUe
zn@40FdiEbfN0qAcss?>lGcqOOiKG$P^1s#l+`D16B$*_Gaq3fQBZ<l^WQv|C3@GE=
z6?s`LcjmzCYU&cgwoNYOG53yxxHc!x9)*i-DvBve6CC4s^q{{kuinpLCo)9W{ZiLA
zd@k2m0{{T+8^;SNFegZT0MrzxQ}B6=CpbM$Uw@24udyYGXmbu&Q+7_}<9)N7w<Z<2
zVJy0$zrlGzvtR@fH+2!8WkD10OI*GBxzWtGQE%dHAfL*S$^{E}p>8SNaXMwWh+)j@
zM>d?X-l}@7=~mMj7)U^UVV~)d3;%|8IOI*W!#FZP);Az4e*)?4o4X8jIIb$D`e_yx
zu}0-_um4<>xmA1i%H5J{kOkK@^<gpZANzd_kCOTtvR1WNk&F1eDr?#qD6}=56B3y1
zr}JgVv)<AlCC91va(vsj)CN|qda>EwS?K3xL*o|^{yyUiTSTOH=5gZ&{+3dpao)+i
zA9<Nh&Ms8!Vi%qUJAE*nY}c5w+$5dRM!O83?UNbhXHDX7Q#@ajE*?V=D~*+55KUf;
zF(yNU6J^b%_}?QFVtcz{yUVB)721*W&T?~5PzA#ne}{R2cjqRzW?fzTmwax<`|ime
ze^+yDf-a<Y2JAWdAxq+r6FM*(D=t^%vbfQ1q=5r+1D^SV0`|=JImCcbH4BK2%}xj4
zX@xI7Pf0Qds0Fxi0f%^!Z`zEzQCk?SQh$7m@+mR;z<5I~B!e9!xm&V7-KZsZ(M1V?
z*!!r0?a2w^<&zd+=&<riOk$?6;_9_R!JI=?dr&W!!#+u5JI@o)-+Do?)gk#5x{N&^
zuq!1KMrpSZeH2XOeyM9X^>JfjsxOKd?Hq39v^9XvGFW0QXmY0-l@j|{M~tJ#J5iz-
z34;Ry0w5l%6??GZ)UWG4QN7e^i2?X>j14LbC_H?YO|nZ5lO?G7>5>Kw@=VflbLsSo
zU@wN1I)Mq3i6m@X%|_DtOw`q?T=Ip=$*?q!4kZtu?b+etA{q0RWdAY{0inj|_gI|T
zc-Af-1@w;-qDS<7;3)FMP&g|kMntj`aR31rG9--`^r-tSxsqJq<glR>dUDSmZQf;Y
zy^gncp-=wh2XuFdZvV4b^oZ$ox$%Z*e!pAA_2$v70@*Xps|pDxCqIHwNMMUZ@Zc(w
zjczao9+g^cKy2t8jM3tQcf0ATUqLQ4euc^ARK4#6M%A!5MTXx42vRRJuIs+F-j;e+
z2B6Cr60BCo&*E}7sqoV|Q%l&=^yr3qeqON?@j&I%1-J@}%lKd+4`0kXc3%;D;t{+0
zYOJ(>UCQV~R<cbn(&AD?QZl2ZDdQ^ZJhavw2RCU?yCgXPWMqH@O_u9sSyBjG<X$LD
z6kG#Az+v?0*^QU(al`k~%j@GI6P3qeLUuWT^Ows@NeRL}mV&j1nkLLIqhV-><TfID
zPj+{*sqyTA7n3Eqel2>P&_KY|)x7pWV4xXjqN{sO`4#C7uH0iBQ~C}bu!#H+1`DNa
zBQQrQIa;r~N%bD*q_5<K`gyv-V`AFA^NVw&DlC~?J+=!OzdsG{GJ@FUI$+-lLy`c*
z*lo1!=|TB?WfMN)F`>8tKLc#|>x`YW%h%-(D&Sph7Kg^Rw&SL;!%pI*sPIX=>yT!c
zv+T>@v>V{BE^~x&e(DT{Fu%B^<3{esPKK`RvS8?vd(9TYaP^x~f)CW6ZW|nr`pqpt
znwy;z?Z9Q0Mc)}@shUTG-<2E4p;cA~cYRO(&cVvj%9;)u^kD7kO@tvV>`u%(#Bk(D
zM`IjlfyNCTuXGq^2v@XwKrh!6((dUK3GOcuhkEp5LLgRXmvm#6=3+J7{yxG&C-%kx
zQ%J~KwJF2?5NVg2U1wl1>IX#~RIaO0X10$>6?N%p5{$?X;zQNlMmbf+XA9~(TT(zE
zmY>nAAO}9^oS7bVSHWB8GhuSnsq<nLC8J^W#!-dj;yL3lgJdXm*5=(2NEatUixG!q
z;B^y7Ax$V?sIB@}wU3aX6Mw*fc*PjMPv>?wqwPiKiUmblLqPD5Xv2k-6)7KWhtMCK
z%&I*I)K7C#1NPFT6BRLi*=73h#SwLVy4#^sP1&eYUPiE#1r@rEI)6t>n8?$e#0u5Y
zD6i<iOHwr!ae$QgA`!-D!!sN;0T<<XaBg8?K*>sy!+wr@_r&DOGt9l(T-(DYy73_%
z|At$or0bL1ubyJgBC8D}wEa1Uda#m00I})op|`5@=Vop3TtCPIb917~datf9)9{60
zst05-ahTz__h}yh^5{6-0A&i4Ou^vr1ksIAcg>||*Vfq9(IvO(!fX-#bBlr^I%c&-
zT3RNs0-DX+m35RVpUK{I_DL>yTl(1>;Zk~`=au@94Jjiq^%9eOZ0r%L9^Sj4gg|sL
z(qj_`$^3oXO78t_%er;n-Ij0hTfgr;>Y7rWzPYQ+ZFc`yU28hLhVLTd=B!?x5e);I
zW$OfedSXjlxqz>`z9mpHiR_s$WMobi6-}3tDuBzXO}<kv)<(O!TH9zAuGPx96(Npn
z9TaNd!!l?!^0<`^CDl0D@H^!ysk}owV{8bP3lK&%?QOgGVZVfab#Xjcxw45kfqKC1
z11f|Ck3&m0o(0{Sg>atlFjweL!6wtm>@zOd#W)}tUEtN*32ZFp9JpB42L`kC2R5PW
zlQmxten&@$K03^p*y|Gp*AcpU`97SHLgEeVYT&$uXT8J`)z2t;-PH=UH_7z>$M`a&
z1DjRhX!KztXAN7FTSyz3f#LaTq~)Sd9U7Q+D<cPprX9YX?9G{1wulfGatu3Mt*9A0
z;yOh&1cXEux$Ei9GJPzuP@QzUPn>!Ah~N87?FC~g5}yWmVY=YqCE7slK+=n`g`t2+
ziH$>aruOk&c6HwJkc1+DnTXBYEp2(s2yAAqp~s9)V%^7#jj3jAwsdKn%auq|UF+&d
zVn~YU(Okx|((0aNVy=UBAC!my1+sRWqt{~FWhiiQ!75pV_`u01%yAV}oUa|(o-1}|
zG=18XtTknFM<UjZrFp__h^Pxa+Ak}{3N~iXy?mb;(kl}&)+SWvXB42-<WiSL31<ub
zQmXzP%wLSZ*!De!Vm=e-MFC`7Fcub$_+P=J)R3x<#+Q;V>Df&CGFHai1xj9rLjjwe
zLO*h4#?;kwV+UrsXB`AqUk_KMqxH#vwMO>z+7CiM1F6y91coYvtFLN-=&w@oSk%=s
zh{_9GUZatJl`i~&m^WeVIjs*$wwkv*r<`5=+&2GNY)74A!;xjdTLPTgVV{P(kfuN*
zJTJU6Bsj9kiCy46h?x|m^g2@TE2|(GGiMzB9o}z_RWt>3T;)9VXY=XE4~B#y$3<yQ
zV>q&yNg`$`<<u;%(FjGz81-|2U}a_n`4laZ?;sGKGbg@-M42EPrdyikyXbHo<xmGI
zAekU;O546V$Dd8o=umZW;9V*Ut^Fu4?3=(2SUEjR9vqs+B8LuOLI>aqfdC*p)<|V^
zZDD%NNihv|flxg*a!`4B3hs8Xz7liFFz`JaGqy;#AurG(QBY<RA4m%#DdPjAvJEVz
zcCu=4QrL8of<YMWW593_o%<l2q7VyiG->3JrhX<MX10}#6FVi9iZ)Jh|9uBN@6e9Z
zl!ygsOS)T=QdlRxTT_AaS5i4E@PFAFt!IcPWsE*ed4g9pU#}xWNOi;Ozx&sPr$E5e
z!T&Ng?w$YLl7W~%N3g_$DB?lDcWTe41*R!rXvblY$j{6F4)|HMBS6W@!H=1CV=IOy
zjF)R!VWbe!Kb~|!5Lb&_Oq*{%eE9q6mG0W11=@%;_VcpW#Jdz$%e%A?=f11wuEF2j
zM9?LMdcunkPPFPW%?XDp{?bPdHNKzsztPz@C8?!-xa4xOGVphFUsKOpq{SwO7W>7E
zdt^Fuo1$$9B1V=1gb`n1p#WKN3Oq+vY5&RcWO99R{g?W9{-;9~UTDSdpuV)vOpKz2
zECZ5sGZ7h!Bt=BOOg*_6kkm?G50P9o?das$_AX*TKL0kFf?k|eKAiEL1s&uL^*H36
zh`T(mg;B6Ot=gIi<UXPUJ#+`~aNKnM=xyG+Fa~wB1R+yfn<@1oA_m!H){P<F{>|F&
zomc_v4#C_L6G+)Z)SU%uwg*mTou;7QD4vHSgl6SE=?~;W=pFz-^4w<q3_$!(MhNiV
ztW+`?0EYws2$u)UasUL-p8*Vk{|m&xe<m&D0SW*BeZVuRA^ZIQzmOXL;{eh<`TsU5
z{f~3~@1YNXTJisr)cF4a6@uJA%5Jh9q#-V9Q83f!f!0m?fER}dI5bT&GL3K=@!$qk
zhI+#^1HMSfWU1BLQE+pMpwx)WZKA0a3Dc#MY*$Ekk;{XGCK0N^!dP||TMMP)bH8dW
zbC5c`7t@pCwi2jE@0&rWk)tC+A1w_-!uTmc=a0!RchjIvD+`^QjV3~(spiDl&B-R1
z58n>tQfnKuNtOu+1#mBjL*#yY)JUf-2p}oJ>U<sM`i(ypv!VZQBSItYW3Q$De}hb-
zCPNvXaTWARd34rLj5@e=-(YyN2!00<azYxGHd!85Fu65PMG+)tZ1tcm*!}R8*)!-2
z$ABr`r$%07LZ%>3R)Y2_2)(-`yW@(>iq~s^BqTHd50592LL5><Wnf`~qUh8)TQRM>
z^vm#K4zmo)F8AO45kYqvj!Qv#(8@18oh*d#PYT2~tqG$2>Z~)dEoWD%w?sei;!e#B
zHWG3=o>5O_W<mh=fbr-x1Z8?S?tCNCB5ds9a@?UGOpr-Jjd$Z(MJ2E~JRnaIB}-!m
zljDwMLXTW<vaV_l2j43~Das+M$^AjC!2M|buR7hNG%bw#WdZjPF8ox`TvY)e059l)
z-F>1xFQ}=qnIhh8lE#Ofx&IDEETm=>A*$1Imv{&B?QF!O3|Y&yMy+@)WrtVn4dx^f
zj{696aZ$63G%#lemfm9faWo|vyPVd}I{6)#+B8;c5Oq<B4I|e?{gEKkA5d<WU0iQj
z>=#*lwK46kE{*wf{H5JB_l}YaLarWv`+sV1Wf4uKSvHVK=cm;;r0!n63uvUDq{3<U
zOF$sgq^Qn{W47$_A)Udttr+(8e9#qBGwpS{q@S%+UOOCI8}v|je95dj1-$-EU(0@@
z&nh@sl?FQiG}};0J!47JDN7tmCKc+)(0+~aty^KJy~~XhO`7tEC1mM)T^<G?U&MN<
zy=}lxe;&ll>LOEtNatJ@5jZNKN%w>rIh?2a$?*%b?b1f$!zR=8<uFt~Pfk)lTp;nA
z^Zl5QDNLTqkDyx^gC;}doA8Z%zVg5(qc7>IPCdI0_+!c3#L<B`ua`J-4F@{tdoSxl
zwypkt=*SKUs6OGel=FPI3Nt#Wu-gLUx4BzJUMysCv@0Wt@`QTQ9KS!ZJjTStS&(HL
z?U(Fmeg$_OJQ8@>`6Vr}c~~yAp|KxZEtNLah+J}<XX?rT&@Yh4Wa0pQm=Q43H?k6<
z;G(slyVMDOjeuaAUSTGCs|gG9Z!zMp7)D@&!vF4~+8eqj5sXbTXs<^H`%qSitV!wN
z9ro4aLD@zgNnJHlfj(`I(<7Kg9z8;%!WJ(Ae_oilD2&43o`Zuki>vK^wwF^_LxxkN
z?nce6<4y0TYA1J<nM*AhXt&k^k2JR>#>iPjcvZp?L0$J}Gj%5Q!H(<wi97H{sK3t6
zu!CiowL7RZ34|t|xk}~aO0?x@c@gY8=zlxaxkpl_m{HtyLN~Dj%@=J=E?47)SP9HS
zv}Z-0y{Z^aClNglsgtQ&BmJhy8J*zh_Kb5&#AXm^s@??IK2x4kcd}FqxYa`X_mpM%
zLNSS=ms6I{m#Q7+I#5&BSNm4T<wslUu+!#@8{01yJBq(MXkfJm!s*OUS=kz~ef(2<
zqd8@xBQ&6{F>%TJNB5)m>)i%M=v2hqrSH4-%&4~=2`A_j^Oy2<sVd!_eYH7ZF+Gl<
zOac4>VnqbT^>gnhf(xds>Cql56Q@aR!kY>D2hAyIQQ1z5fGc`jWB>Edrk1UOhaQIW
zg5lmf;tZ)uf@r5C?jy?=OXZ~ZdkgttE_n)zHN>n??~>XfZ{grtPmLsbf2Y8S!pGJN
zPbrq5&#6C?ro*2X#qt0E@u0%Tm(#-uZ205BNa4k1^01VIR1MlcJV^LD13Nhu&qRYm
z7=**}t95ifLdy)EFoMb{EM;T@mgJ?|aSJUiy@iq+5~DMbD*oCEUcU@-k~e5n@IaRo
zwVI~MHiH`^YJ|QZ=*q0oh_>c{7~BC|_ba1~SeaVIxISC5<<TFGB68SL%<Y-BwInIc
zf|Vf<YmMe+zG0*PW*^UatjYpga;xLIAnxjBejmEJ%#k`h?Yhp0owMv<aw^(Z-AK#b
z47a*9$4g5_VgKSG%D@T;I1}5Ye7ud`OvM;ejIC1`C)>|{smXaZ^r7}yWtu$XIWcyB
zh&I3U0+4jx+rsYXZQv<V?-hWz4%k}Uxi}3;AtO`;aVi9Hvs(-S^%5Quwv8N(v+6w+
zH9gXjlnZE$buLhcH0Rf+`cgdR?;Z(9#M?PW0|)Lj!+n_?D@-a1ZmzTA1GW<`jg6rx
zdH~f~r-`!m?%IR|Y*jcz!gHp{#o<D$J2z(Y7K~iT5S<tgQEb&f%yT&M4Aj>h`jz`o
z5)Pe^t1W53tK>;ds^^WVhgst8w6)IRd(D{Q7h(A;&bN>+UwAw}Pv(plhD><4bvM%I
z;a{0b3qZnlcam{ODwM>g^s7h1DMuRSb4``FGDJ1oq4jOwA8M%Xdf+t+v;K&1^d^X-
z&Gfu=3x9Ecu{KjDUyR3*r6=L$#H{S@UIXD4>bwr4pQ^bUi6HX{vBOSW@JN8qZ6Lo~
z62GJp^f;RRxHTuWn7w<Z@YEHC@EP>GM8l*NyVuAA_|$@@rV)}YxFU{Tw7?}$yr8{K
z|3q15VL^~y3U?*4@buYQ=NvJB8ka6lDB)frRdYz^dh#(Efvs1Wm@-Wc0nJOJHPN3k
z&7F_50iwvKVV^IBliU7<;b~mzO=wK%g<Ap3b!P!lHiSQuHP7bSqp!Sk`SlnX3FMpo
z0tqL+9<Sp>&~IH_6JXcTW@L7BRlupxf|z>>A;#IMyyw`FhvwK9TN860HYWEkU&L|M
z<<Yg8zstW^S@QNy0|2|vU(-djH;eHGW^qPF9B<Bd4l&w*8vT*({*s@C7i-wm__7=b
zzd#!T0-QT^=vl5NPD_oBNy$l_G`s6IfIrbg_CQzchb|_L7WfXG=Fjt%ObXgdGlUBR
zioVk5iqU-n>nqYShvelv*gR{d$h5BK;)8H*ZxvtPV*`TXYtyZ;G`RJ^AFVw>T#}wP
z>f)_u@D>J%Wq=PC@9COGmS4Trs<aHFn9G&}AL<IdTP@O8TII*MBxittRGbN~6`#qI
zIC8^Ih!&m>;IVw<fmd1&(e1sAD$sFo8|&R`LvHhShn>rrDfGKR7DxmcB*QMwx+bap
z&aZ2RO-GBYoPQjxG#na9CkhST!-)%db~BPRs-Kfb?cB59r94e5s$=F#QG_cHy9V0a
z>9h$BmBrnMlH9T^yISg?b3H`unH+<-4r|VLnzi`3)AE+7i{q8mztM=gTa5?#rifdv
zh>=<cI&3Z~K|-i69U?pb6``k(jqKjoq;PZ+rmkogby^~r4hbm>+4Zt3%P!@f&R9uh
zd*z<}rQLXoF<>zxcjR>G1`eCt`9&l5<=iM>y@nrB$mV8sy3si=-c2Ay7HrI8I&F<J
zu8swM=y6YMkuc7G={Lj8bQG23CxVYUpJWle)I+l!cPw8w`+Zt3><RPA@Ph)~yTwfQ
zUaRGTOK1h=yXFE~u9XZ+S~VUtbn?ukNp!H=PQDm_;FrBb3xDFYJT^plX?=}Gtf{9o
z9MFW=S>M4hkhaaQv|qn4=xLY{7}-k1_v+**lw*7p479H745AU53(@UjsG(6kt%)cn
zwzk8>Pj>0g)pIeBRt1@YpOm|?O>!Z9>CwNdf8o2$@135~UlJBTxnPf8PU6!CV<F}M
z8iTIoq@?plJ{;kJKi!ftXYPkvgc`q$tn@q(VphEZjeR&AX4R|Sa<8GuUp@3GjlgOn
zt$ON2$NVEtjYv0+ZH7t244G<HLwpvWCO^zJEvuJg177n3k37Q!i}$6A)pell7yL{(
zC4JxNA#Hxu{u#pm0iDi|((bHLahrnQ<0tP!PhL@-WI{LK(PZTV{QXwD`u*1Gd>V1r
zWn-`h?8GxBv|w4_;qO66qvmG#4Oe>RG)l)QFkJyrO&e+m1ksS1p0{gzT$rj2q^Y?O
zLVXk=^Hz=y-se}3sc57pP3>sgG|F~T#)gAnpPs2YW0c%A>)=q>-j%S6OSN$Z%eFPN
zLMm2ft?iem$DoNwDBe|rGlG<L$W?)`q%+V)lOaOY6Y>DXRJ}Gg_KwtJ)N9-@7V+9?
zS@s@WN%9ZJ37r!`(*qw-S6fkeD;PvZfY0MVg(A)Dv!b3szi$g~VD0>`yw6bt4J@;z
zd!T;(`JN?64ydtRf!~NGJJy7rBw>lPt^nruR&-up&gzO?2!A%jRM_o@RjUHTd{TBJ
z=;kaAxYDXJd@ij!ux0Q1<>86V7d26D9V|JvAiLHST_Z>e<@eUiMCRK5kUei4gCoDY
zH1bm1-OpurD0V^Cu)^`gxp|fJozV=Nb%#8@V<E>Z*yP#*9b!J5evLQ%DrQM{y6Pi&
zsLS#T-PzbTw<q^U(hm_CH}CnLY}EtLt&4|CPe+Gcf(g$>Lem5a0nVJyCHhgOBdE5i
zrPXoi-RDdY2^H*&e^r{dh|z!&FK|iECZg2PCgZ}TRQLn2zN7@?;!6!Y1e;pbwZUXW
zTvk56?7J7(NH5^&{c52EU!Epq;<2mXE1y~zqBf$t;$g}5>RAanIJ(M8SAB&(&*h%N
zA~wdmyXC>i?eH~;yPtkjGru!$#e!fVG^cOOj&1q*on4=0Nx;a+NLzSQEJS<iQ>^AX
zFc2WEYdAUT?L@;`5zRIh{;HBb0kXyX8TEZW+$+^OA1h&cVzVqwD;mQ8uN3o*3+5Xx
zOldvl$8wIh73j3ZO5f`Hx2|VKWr7{L(|NcC3d!1w4!DwU>BB&IO^R#}-Od{mH6UW5
zU7aL9?RPAQ6%jwqqY78~AmR32v;o9g&+Vv>`E;*>DTOjy*t+gNmPFJ-BrU{sNj@QY
z6gwQOMUQ}Z9io|cE_E1z?CN?WkCg6X_)f}g(8T`5NsUv=T~+{J6?_#Z`5?D~C*Z92
zoaJ*P@gPjT{A$OAu$`$fUVX2G_T<ccrRA^LdD#sg><j72XFVGwuK?Utv|kg3tQojD
zO}Nf6$?y<c|7b#>nqw_pM#WJjY%lcCZry_A%x>Fi5*fY=07fVA5|YSCqVHKmq@5~0
zWa7&O^t2QNw^jDId}LuMp~gMltlJB6sq@q^#|m7}{~p^_XtyB)Q84cf&G*xl>KKa-
zsCulQuKQd6UT#L*b~9qO&2H89PPMWmSnl-F>Ik+GYlJ{pR7}&kjh-iL!9FLyOr0U&
zjb?Fmm`6`;c#2+9B<|)O1L=#Nd$nkzjz)eYF}b%PQPU`tEpqME8VDr|e%pBT_(k`t
z)XO^LLooYS-aG8}kt0XDk2fOUdLBmM<GL!qTDQM}xn6%lo94&cWV%&_Ay^E!x&o~P
zUY?e2_b-h6V^u}1k<1qu7m{4dmsNrjMCF1I0V%fL^9KmjDXN~$Ui7hO?$Y;d{ldlS
z>>H8Tt7U6MK6tq3OM?t1OYxVBlE6k%%R^Kke4JgXz;aAQqOPZ(d`n0ge6)^-?kG>a
z`z(ln879m`==Cg#5H6paf-UhZkf6Y%^&Q(hr1c&S60>v9qXdP<Vpqu269>^uqq;fv
zUaly@*(KT3v{Wf|DFE)cdA7+_@kBv6<)&N)=*kMknS%7{*jmTZcNWH<^0mbbD~Gb0
z()%!645ogkkTodC{d|ucVawr?%ItrAGeg-aO{$S}UAXJG#K3sByObBGlY7FRr06I)
zV_p8xi8@h!`z$G*-#~4U>H`%$G;pd$D^hbe<S0w~9A*C1HnE<sPDCl~(l`kBb{W8w
z>;X0D?J@10?e1x&+o-nc$n>2Y327qiH*D!WKegGGy5QNzGD_&|im}qK4X-drlXQhT
zY-25%zvCV1ehVQ}th|$(F%El7?pD9TBp~1!&gr)s0JB<}Y|%tF@u)!Q>EIl^=f1cN
zwn}wAn|tf69<Ayv9_R{b%5%sMLWgS(`Amp3UQF7^s3lY55Ey*3z?kd!)YZXq&=&Zi
z=jqbpv3_=)(uzA1@&T3^@><fcOw=4AgjrJqhd_ih;9rh8yYyhN$5xX)my5u*rMfQJ
ziP$#4BXor?)EUEAq#gVA{ftbP4=hENB=Z6iZoCttw5k@OiCa2GdksV`-&!Jk-y0|N
zE_HH}f=QH06f_jEqSN-7A{q3^oAtRL*lys(eB*_<`P8Z#neQ7nLXFvXh9KCX^w+Lm
zE&Y~PEChjRw17D(U_4OtwDWsaqA8H!(~d<mpYvge!&SF*ov$)u91S3*wjQvq6)kVw
zkOvYQbO)wuzd;9sM0e7IiXs&w?yv*Zw2V_C@x$@x-ea0k>N6FGMY94RYMN8UE~*pE
zX{&tIYT6@bkk1Ugf1M6%>|{%n2LlQ%4TzZRo{L&vkZXleCy!<450~&unJ)9UYKs@L
z8!g+?ft#l{WH~i8cRJ9xdrtCnU5CPN7B~fSXY^)4BeUw{LV!`Cwhd<>UM|2c`q{mS
z40AG6aL~Q&|BUn(rugrcevcOcbDl|pQId9S*~!U~CL32@$=Leh#8LTh=bz<RK<u_L
z^bPAYKNb+6$RvhuDnS26EaV`QWF0f1Vkna&j^OSD8UORculuvPH{7xCb#R5NZm&;H
zE>~qdB^^@kByi)sY*)a0{rz^!U@vP#H}_!ES>PFLX8=t8GIw6!WfU16kP!IO**#Gt
z<Re9QTSW1Pil2dNDRA{H2LS%P`72dWYjk-ZIt`_sazKEzRx;QKU}di##?DJ}vdR*h
zr3ZeEcHc3fMe+_8lnH9vHJA;jm5-fLV9BaL#?jtjZY8}x3mBVQ{y-g2svA=vDP9O|
zqK9ze;VG-;sf`igAz@7%62qh{UA6BrOXEE=eY{)EH(}pGVe$V7g>86J?ji&|<8K`e
znIl0Cz_?;u$Jf))i}hclGrdpu6PsNqZ71nLokSItVju_@$;^riVB}F{&J$Q~T0Zua
z>;3clLY%lZnJ|Oh@^7DT<})1M7n{dGEUnn~UEytmUMU&V!>8|m)xUS-={FOB;;Ufe
zX1P_1Sv?<q-HsZ+4L1IG|Jw#n{rc)TTmK)xpPAnu-=fZD8e_zNen6YHDAHT1H*8z?
z6aaWir@Ly`{sneB&^9!aoKfTr`I}T!WNJBRjT?GmiP{KR!}f49sRbxKm_#Xn%Gk{Z
zY{hl*%97vOSnTyu0n&fQaDnWTYdNbUT#oZ@Zs0s%ZHm1+e^%{>f4?4mJbMstdRFYn
zNU8f|Hq1vK?=AjyKBl)=Jzm1vcQ-y>fa+UsFS<VdQr7*thKC1`JB4S~{;g=%Zi9Qe
znzc1zn-n`lT8UijulS!8x$-tlBQ{U3Co@+b9`flZK&6ce=&H)Ba<JHMA=~nY|FQY=
z_F;;iBNS6!)*SK_czJYx;eWsKiQ!AgX5zwMImTb^QY*oamQNuoQ?L6mY;Z~S(%sWd
z9W-1(V&j<=wS8#N4Ng1l$O;vqA!{-W7WLFn$Nzl(UAvCw9|w}w=~T#8G(Oe-PXIG3
zwz8@qQ!Kt2tC^;K`*>UTe_TCH>Nk&H=O5;*JERfD2~n)3i0I)Z1gzKhbO#>4kuzIC
zojJC+KTiBBGWf*5^sV*7l5s>;%$zch5S$&N(a=;)V@hUYuI<u#<4UHSkqW>u2gCJS
zTPfSBmaAGTSy|B(RWQ>CLy2$q&&)m;d@0-R&GNIm!u@6a@?M{U_}l!mV=CzLfEIW`
zg&abtNTRApnnHz1m8oQ@bhPmzV*n`NhS9sU{pHWkzZ)|%a#FtA_b(4VQQjIXee(hk
zlj<>%P>9eA0L)wCMLopo>HlsRy!WoR)Lcn`%=Fe{_CWmIPRDjRU(XzpEzz;_=JO`D
z<%@`bG$!lJU9Gx*^?E|?$Z*qaFmt2Pti+ZcpH`0F2G19r|Hw_=&ii${Rrfm33PN=b
zj0|H!XN9{4{OfH$?11Nw%JDuR))7B1xWKL5+f$nAf*?%?5QXYw#=Jh3rhzDkMI?v4
zx)juwK^>WbPN-0XhLMla`p_TK`)k3XH#(IGvoX}F)#IP6kMZ_tTj)<xERRl4&(quA
ze|!PSaaWA2vsAbdVFUE&G-zl7>?BJ(ZKm(u)w&oheb+;G3YqXeCR;RYY-lE9Dvre^
z)Dqe{{oC_!_`UgeeB@t+g7V)U?dSx6xrLvx>J_36Tq<JPEyL856=LP)z}iIZRti-|
z=Vh_slsp%){G;{y?aFVSz4mU@6mzOHxM>C=s<B$u=(!%tmnt^snA*ovnFVh`dZ`rO
z)_BuhhI(Dd20#3J*pl;Et~WBA%yeMa)C8NYUux9KX*3F$^rfkT#A=w(u73UGZpo83
zDcaP)s4svI?7#IBd;Ci-S_5`9{oL3Hp>TFcaE{N@M`vZiOi5nSyZsaLi|?C;!J*{e
zCyNUo<MZ`z-6x+@h{f86*>f-JT|Xs;{50AsLSLS-gaoJ=2U>r*biPK<Sa!&$%@o^k
z-K=%$1E#Al>Iwe>J#CXy7nJ|ae2+Kuk6qc2$tG(;B#%R5*>MhRJCaCC4tCYoTFlIC
z?1i|W?LF>S-xjgfZcobhVJ*Ehq%<fGjg>THu_Aohx~h^qj)7)f1$w>U2~^`Q5IgPE
zTTxy_Pfy>v!+lz!kNx$X^g1<kmVX`_Q~|h3UnJy}SNw>t#!-xg#u3lik(o{)@Hx6^
zBDb`~CL30)_ubwAh#Sv-F)e$XES<+!i_a+F|2lOr33!}3Shaq0EV{cBI9<$oz)|{I
z=j!MOdI|rB9~S#FG7_y3UU;M(wUjS~skLgjtc+UCeCG~uZNzsCjbZV{?{Z(qU9;hf
z;uI4#ab(J9kw%B?!4&CjehQ*7;~jH}N4{1n*roSmyzM?_n0)`8kB>J>TzVSX5RYGa
z+p(A1m!b}LtYG56Z2>uI_?tDEQLE(nQc5|m8;!d;X+)UC$C;Q>e70XYqZVvzufJS&
zKCJr>!#|Fn>zq@JQ^9OUbl1AhhhsdY@f@Y~Y;<*J;t`}Ml@z2evX3{wa(Ca++y0=A
z1eK)Ayr^8t%o17n7$ztD@u&L3)JsDk;v2>^#>4l2`w#0E@FK4B(sqAe!&8(a@5XVf
zmiC~hEYEL!LAoBP3vI^3!s*)c_8%**NgZrTR_&-foe5My`+D7t%Pq@_Ol-ln$Hr$1
zUrQE##`%qvH*zayhhSx?jTygF<inAi+dfn-wq{`Q{x>TEYa=%Q!eDAUQ9Id3Sa7~4
zcwT3h^!T(YyUlUh-Qr!ksqE3k#b~lE_eJMUfvb}<O6Gm-=RLsla(Fx6y=|K5c}d~^
zt8K&Wf9`@H{N5=*+En}ou$2jm?FY~USgHKUGE$h-F`s=infE{XUar6%puOESlQ08O
zZ<X4zUQw)x@JkgV0(m?a#t#zyliu5qdYk+M@vnZE)1Qyu*_&r?_#i55A<z+KADgai
z88M0CGv&SY5B>A)!m5`h;~fI{j8n@vp<5-^v%{B!7%r?D3iyTGU$#6TgB&T@M86L5
z9#t&(`CpL|G9T`hg&^1S^nSJQP_5Oy#vy<;f)=>_jh3~Z`TOt_`g%4hR42+um>eAd
zq7Vd{sBpzbYIx_8qv^CYS=Xdsg$dZQQDZnCRHIDwR2CN?25iqxe}0(sS^Z2&NMv5-
zx-pc&U&K^JyD^=04GPJeFPE;^36}aJb5r<}(fOojmrC$j?><vpC*FMLoWx6;j<8;$
zhme-Y65+%<yDI8e*K_C2!2B*UEymgtNr-^s@)Kp?)zohDDf-H$E)6#L#F8fc5^bE?
zR2^^;BWb47J0Hk^o}U?OcS*B&y|*P$_Op1U(R<Wbp-QI7l}aePu(3Slyw#2<4dqiu
zfiOqs6QG$I&;EetlbNylLrQ#<ZuO9O<L&Fqvmz(Ce?3ofa)xqZ-$G0tblMSS{HPOd
zf#fezKldre5`Ro-BIb$Ml6!pWJy&#BdTRccf&bscf;2B%zCS|D!>w-k;)_$jkRZy@
zQ8ZiA_-l9X<JR2@OxEgg`F4ib);rP&2FqM9tUjp=uh5=|8mR0U42lj{zAGh`@?TcI
zLkX2E76K2YV&aHp+blvPWXVhFeDajMxL!~q?5p)s#1v8{<q70&<rqoQ58e*s%DU$%
zl(UecpU1P8IVDoUc`(tK!nqE@!8uiy?FWDO)EC%I6jDqS&zaTpGALh>ffZvZN$klD
z!(f?u3CRts-{_U$Y(M}6|ApdTypGwST+)TgV&i@N;<c`wM~I`lz5qH#)xjG2yH}=E
zHY(5ltfBr5eWp$eFY7My4PJkaKazJixMR=Goh$*e<*dZeXcB+h`4mhX*Sv?T!jhpc
z458F3g|Of~4?}%c7#S(~p9k-++n4LxD2DTHImMC~?%tn%weK$e-JjA*-;SmvP^W%o
z8c@LmVElaZ)=!y$YYAc?Hzm=`7EssIy0mXF&)xDpxw68BwgLuyMDi|}C7LR|pma1i
z-GpsHC_FW4s>=L464!Vj6=r2BKGh=MAyK^UoxEeMFc+WU8^+a1a-q*Psty!J4$h4r
zppiyw8Q5hcPK*VV$v)>PV14)LQ_=A+>3>B3E<gUrWzI5%ylaI(^v`h5nU2}tEd2d-
z`%mUSGRS|&->PrB>>p3J?(cPrf1tW=5I1BGPVzy+@y8PMaWQ;C)WnaYr{#IimtES1
zp{(DH+4^Z#E{pg1spXpIB?&_DR-zW~C8`JB^PPHBj&Fc#RbZ8m+7o_NRhAiO8YYFG
z=1G`TKI0BClR2nIk2wgMq-n*`rfZ7ia;EAFt2(ez(g9sGsaJ<gHGp%88!k(K_diwt
zYv;dNxkMlP*QsvAp-z@pl}Q$+vcPm`m}inpStAO8I75_7ni)4LIpZ~~;XFkzI^p}n
zpQebDe+GRB#ay}e{6sv+^z)eJ%KY<N@-4Eg1?SI;tC_VPo;NNDqY^5>@^XSy9|%Ob
zd52aghAfX*gf>AR9v8RqO{5dHw^++{0P0z6cVI<FJYU|S78ST@+*D0ewsvuYo7JzM
zF3jBlV#?A4vEz2tZf!UI6#QpiKb_VwPd(#17#n1oo2JUkJ~@>4&Rw;%d|oAfE`fb@
z(e@J3e*Xz>C5QAoexgsl_!s?nJvJX%lA2k`Tnc=?xp(emm)nms&0n92EH2;3PTbmT
z{)Z&^W?^OeNkkqe<`1?`#xwbohDib1i@IPxgt}x^&xDJ!waOs8bNHAe<TDgGwE=q1
z=FS-QE-rADYNJQh^UUxyw{~;5rKk8W70xF2w2^pwciUo^<4B94?U22OkXu%Q>Kt9G
zdrv^o*`?XP`djMzUvsd@YE52c4UN_`n#Jdcaecxm`z?jDv^^vDZD!{6+Or4ovMaxu
z-lvU_y32#PK6%Se&0vyhhzbM(q2THfz&U!Ogrguv$i8^%?Rerg-q7MwnQJ&ys~IM@
zQz?%Xj}|7+ti@8I=3#VR+DLU)Q)(sg>>F0AQNf{`#bTnMYzv@@`6R&{$E^)-pShW$
zQFdob6B}uCb1_X<iRa0;<;)Yw88_qAhYjo3<hP~j`h45<|9Um_{y*~CYwTDWk!d-#
zA_MA65JR0$ZT;UuKKZN=6j?d_`9$=e%z*YSMwSI9E-noUNt*z{;4J|0uirNb5Qw32
z!qMt>^hPcw#^3l>dlR@p??GD=Hn4r#LmZ7F7UONiw}Uc8sh7S)%!aszV@7PAU{_9_
zj4`3_IkjB5?xwBn$+y9&V6#N!be04v0$X0kclj!%ysGilylEqgkPVm7;|GlGbNZKe
zqrcI5>~80jvWzrr6&$H4c?r;`)l@{vC)0?y#!D0ji6D>{^J64`!d;(Ewp@?2BmUj4
zZ|GGbI^pN5ZvJB13jeTW24Dd!H4{>)AQ%iTvgOWhVEy+Buqk9m!)-pwYcW4QUR}$p
zVQT8qm<q|r9&9^pH>DOQX!A(xuMjZY0$At%TV=JzI{id9n;o?EpK)GcT3#w{Ww2?M
zh;u7&T(nH3u@xK5%Lm|jIaB|w{thGPjloa>M4u|IblvcI76`ExZ+;Gjv%kN#5rfNp
zPrsg$e*G(~w_<#(u@?XNkt@gr1}jNxVR72kdinQT4qEu75x|Vitc|VOZjdTe0E4tU
zW(BP;((G}Pk`PNc`k*R*7CT2-m{)bavvtA)+-wdHy!hu?&N9NP0<v%863eAd%vD|1
z*5r*J25AF_rmT3%{{ED^JD#$CGfQ#&U6nAuN&{8}A<Z+39WPyi=&McAd3?Bhe7cc)
zbxH7#>wfZ;tFd#c<eK~=^tb<AEJ*gEZTmRjdzI#MyqX4CZ(IHq%E8ch+n|KYOd@=3
zo0a^O#cBIeo(LTo6>8Eln}}{ilErDg9`P;*-3FZtf;(SfGjs2lN4S({Dv~Q=0^^u-
zbIVxE1Lmv&^R!qU-G&qq%j=If*N^r08-G9L2n5Se;;d1r+bct`V6fDZ-QE8Xzd0I3
z)pVe~1owT2LU9cv!n*+&KmJ_{{dt~Z-xBfxq_D&2J$)c%HBr`PF6FH>hBXTKFRl8t
za9-X1?Wfo4-#|)X&En*%uFkRmOjvEvNM?Qio<!gZkPLGu7UPmqh*$K>{u`<!R1yZ3
ziqVkuC#Iy?YQre0AOWqRCyzfI<h&0*O6+y#U%!Z(TmmoQ$D?7Aydep*qEuLt-<8+D
zlEbS<0}0`)M{gH}v%S_R7Rlo^u$E9p%)O-2mDxYg)!y~%>|8q`e$On6<^g#lFQZj`
z&`-1w7ETWaF$6E^MAl1H=0FYxncMOlBQPV=3**GRF>em1)x?#hqt1>~GAu>AH49(s
zcX{>8s>B@37o(w(Eb@rW`X)4{j1h_~(!~MCva=jANWAX}mnr(MRl&Hi>LP5CbXS>&
zn1*;b{oli2HyQGb*k3ftU2?)-F_B<KuH@mOmyx^@uofA30k$?|iKu*M9EC2U#F7BW
zpb-2<ie3#?;-UdZ0l4R1sU1}*(!VgYB}=m}G3+Msb)AjQ@7{|E?wmiZBkwM>V0`#7
z(ano5ogU~jjlvoYr{90CI1t05i*~dr+2OsHFq%SNEJ->|e*|{Y!7V<p=p4gT6!|JS
zS+HrZI^mWjkKnTaeCDc6B|t}=r@T|jk0=)>oz$mN3f&Z~VNLmJTU^xt^wfQ#a`?19
z`OrC7X&X0lo7oBL^&QpC*ZBMp(@d}m+8I%T#jYzf4+fZ6GJdHcSf$&Y3JjidfL5EV
zL$WFy7lc5LU}4Pfk@2LVVWPDsWyeW>wtl~@StR!96-sXTm2L5`JlM~OC+wTv!O^&E
z;L{uA407m!XfN7qxHlwg*jQ5GH29YN_@Fp#YS?(U_eixdS>F|L9*py)DB_2g+i*>R
zyF0}Fz{DhY?a}1POBO3cbja}6Qi*B(>6!522U*74c0rr0d`T`mEcWEpvqQ001;9=C
zkKWxCWgTIO=TCz!zuP>ctm8mOFp;maN6#@NYl$hVaXI6WON8&*urTr4S0P@MiW5!G
z1E;WU6nJ@;{CEL1{UrE+@?23+=-9k#<O+hlhO_#(E|LG(oIgM<r#%AmQI9?V*D+vv
z7d+1=@Q%k-`ehmaMRE|lY?v2CJK6PQ`TBG<hHGUUV%OAv<CYjp5^~S3_=^2ww7|7K
zv+w7b^i<pXuZz`ZaG3u{mM>+iFTOnKM`177IdI#6^Rs%%-w5~Yo1V=aYGzxW*LBpB
zvntD5S7O`wK0+HdI{@sBTMtKbw`W<bjgRh=6Yepg06Nd9&RqANiOTu;l}3%1HiA3J
z(WH;s8+L_{5Da5KOhdX9JlP%NRCTV;3Tp0THdsKsm8$NO!T8MMx-5yDr+x=|`w3E*
zdugl7rm16VCvAKRMG5e8N$O|EX&(oP!AP&k2iN?UdNx_HJq1LvV7+22&UOhvA_>=-
zJHyKY!qYq^suyu<!4}bA$KL~+r#wK0omr$z-^0=mSbw7XsYO@U3#vPE3Di2g&ji!7
z6qnWHHeQLkyxHaKRfj>B<`%)~E%$fN7o#~pN#f)#iCJ{JNd!Gsm3>&AnMyqZ)bQ8E
zaK5*2rKr_&?C2eMla#;fk0aD2b+8{_nS8;?Qcq0alC7FgBx`VmrJG1(w_Sw>eah~>
zPQB%Q@a#(K^dktg9tUtS0EAZYfw|p^1&XPby~5DLwzwZfk)3>yEp3$wzmS{5p}U~u
znA)`A(hp10FC>(JzknLdWFd;95?YKt<H^R=PN~CC$!A(UkVgqjoe|GIuBw=63V7P8
z)Oyabw#>s%-x&phH7?akwmNz~<fs}MuLO@AQ(9?rwanK?6ZHfRU#4r+o@Gl;4f_En
z%j@n>l%ET<HiN7=QHDCyy2Wy(;a18;RH>c(HH@2uKYKH;jq-4zu#0J*rk|FD_VGB2
zAYgjHgj?jMw#b6E$a8c5gu4j1`x?`L9n47)Z=7Lv^)6zk|BdROjg~Zd5-%e3Q;MoI
z5D&o1qwCj-)LD7YJ#yiTPwoCR+SIx4@H?0;B}78HN6m4k_qnGM_V+5a$0yUz^1|{A
zr$sOE?AiAo*3{IoyC8A0H5ep0Mxnr{xTwVrk|P~4e_xszKumI?GLb$|#MMr@#gM%s
zB5}Kdf3o-^C2)9C4O%FBXA!ue@n9-B=A?v9r!97%-Lm(3fRp9@0E>E69Pjf~tU2re
zu|gh84()XYie(~gzeb@;r*HX04efQQNYqnqW~c}s5$9`%8^~Gz=GgaEru9;{fU0Q;
zX&iSSOTL$?hal4~B|FE+%s7LDHniRd=@xHbo}!Vw_%uZK^!V*X2y~k<_;?#2H>)gn
zgtrbG&Wj<`gBX^T$A`!qr80)x@91_<dIQt+h9a!h2=TJy@gxpNi_?;*{~VBr9i*w^
z7Kv6tlIlAi<}(9D7O2jU%L~a+0qpKHq*q9#an#4}H;%G%hFwS7&`yt>0%()?%tqet
zzy3u=he1zG{0r-d&bI&0N4C|c)0F&dst5t|@CeCibKxd@*zFTZGrRfyW7DeBFG@8;
zG#&b}^P9?^Gi|gAD39k2g!R=J3yapQGa2t+rqb9^h#_9-x)Yb6QH@?Enuz)^I7h`&
zx**yCtie6utD%wBk_Q%0kFj@d%T3gm*kEG=fuqvt9A1Hr`k7;Z<Mknic+^=GDnN!x
z>tTHs(Gvf4k?a^+XDvKI_m(Ne=OX6DnBV_F*IR|P)x6)|0RjYfDbQlUf<uu~+=CMc
z?!{Z6g;LzzA-I*|5L^l^?!}4}0>!08io3(}=KDMTzb9O|au9ZA-`V$?H8Y<Dr{G)i
zYqbwy3WeRiVVEfyr&Ua?A%7rOjycy?jmxih5?Z8PYUIg^kFeD5GL&8j_;hpUuWgkV
zz)~?y$0K6#b|CpM+<)0BOHZ?CZWFdj&q9sR%@uWr*Xi2oA<Px`It|nLvHI~oF2$C}
zMtQ*{Ih#_s7{-a~1SGzk^EE23>xYUe3srp6;aioH4;?Gp{d46fN%WU6g-;G2T+ar@
zp6Q@o(Kcpz=EV`;$`n4R%H|0Zk)2X23LTWVGHpA<sV&t>Xm|UyI6_822>wOosfP_d
z=S5Lg8jS_^DUKlng%I|8yD?y-esKpLm5&}_RmC`dEwaHo<DG@*e3r#%D6$|r!WbKq
zz+3L5bUVN;(6kYG(*4sJb#KA0N_^_Rxv3z`{Zc+w<0~iA>^6G7qQC-)z84jf?p!Od
zD1NwqlnU_Jm-+Q`=mD^4pFYI5x>NOn1c18^x{kie$(S)&Y+N!}TN(4u1We00(jn3D
z4*{D3b^tS~gd(0aWr0#=JVa=`F4%^Afpeyr7Z-60tCG4Y?dK+lg%6Q8Xp|}lz{X2T
z+iJ$(s%~K2OtrD4N|Z#R2vwyC#T@fHrraMx09xiYU=a{kpM_F3HiC)ovkF@NS_bum
z;Bn?sM(XQ0&)F0UDmFZ0rPCFHNzAqUC;jHl@y=q<&=A(#14RR<M5qsrkF0^i^)}+4
zoj-Km?L3%0{O5Oi7-8o2gf=W0YFv{sZb&JuN+`p^dmF8W)^-}q_s}!SlmJIji0Dwo
z>|2{9dZ&ycmLB#vc21@u1sfhGRYgU1X7V4~5nS4oyj=QNYB~RX=>4ERPKeP%PX{Oz
zk&WPVjws=zA?JafWA_mM=@HeB*d@Ynn*L8-yrD9eoo57^kbtmZnne|IC4fuI*i*nM
zw!Jj||LIofAIMAt%-Q3Ui^$S#YV=XC5=FH0(T$1Io#-ax>u?g3yK_I5|M~M|=cll`
znA)g`d-IN*o%X+gJ4n^jGD3qDg1&Ynvb3uI^|MbHA0n{LGp#k==quG*6=erc$A=@R
zlLx6^f*lu_fnbG6KSR;At>Y?l=l$a&6fIjC9u!peiJB!N`qu^z&S?dp;mb?fFqOcA
z=c2?1jy1JT1}?Rx54T7W#GodGu+g5U;XUl;Y9xE9eH43e!a%w&-BcpwqfT`y+A4Vp
zDtPU1<KOlAKM#)8<Hyld$i}_bx!+Q)!!#M6>iQ7l1^k5w9L_2IE|@_xrr40dB@yy%
z>5U_AL#zQbn^sdGh7QQ0sT!?|SE8831sai6lt2A5nX`E8B)TfoBUBhH&WDFme5d=3
zRCYS*I}ylHLq6PzPL5NJF~bi)NE%9}A-2v96tL8ZAPu#=V^ke!<jSUH!=zvuvT6K)
zeQfzcxJ>y0MOpi3IP}%TOrDqp0)$Rg3=bq|K$Kp7eW{w9q5H+A0+Ox5YOmb<6TK)e
zl3}X@Bqu?3|JnLait%2?it$vr+iPKlQ&(pTjpykV{jqjiv_#6SU>t(iSO2SdGy+|8
z_}dRJ6NSE04>W7>0d&Bm^2|6DEr%wx$az;&58GnX`ghDUXIzE#F3-g-*g>>~UuJ9;
zNip&6O?uy(8+T9&kOLHbIe&rtHuuUVi=!7p>aeN6i(EO`Gn6kAO^`^bJLzu5rVIWf
z`WplPb;q9`1#IMA%O~Z1xXd!p|5ZYyFP-8jOA;-XRYW*bGNu4iGBxO<%vy1<)wQJn
z111(ZnWw1#Vxil3Ni17$8TVhkP`)0SnB%dv{_|vHyju8RMNCoIPj#VQ1KT1P+CU)~
z27+h`R=ZCX4*w&`S$dVj*1+GtNf{6wjeDN=#PiDee-8n(y){Bf7x7=5VU6svYk5Jz
z8=vTPc75k{gxwa*hb~mk?UQETu=wV9G<OTPUg$o=O3Nf22RV}^vjno*hC6!LBVw8r
zc;Qf%h}$6R!KcoLjQM*vmA}uI83T@rJPsFX0^i}r9$4!WC9Ox?(>bHR<+CK^ZOl(I
zP0Fb(&&;@rnn-Cime@^eHka4tTaRjiM&%1rEmPrN^)k}Tu?sB+OFizoKqRxI_osm4
zBXzQZh~f{nmJQGJKUHZ(R{zTRL>YxC1c~4oCnAR#A)wTi?8QI>I=p<s;I>kvGkO$M
zlYGeW<p7cq|J6Djet&a32Qp2vkKH<o&A;kI0vHicP>SJ&J`oHRCBiwNM5IfNL{^$?
z_%#btu*DiJ6b<RICos>Z#$@D7xVd=Wk3M}5@~Xs=hM7L-xQ^mO7|9gxkQfh)tCQ02
z&TodKAA1IpldESl(xjD0<*_l*K31~7Aj$btCu%L?`tM`FdAH=<%7a-|##c3jF(g&T
z^s+J%1&2%MWihD=9mHl~6P97eK_Xz>uxLIiMF(T5_UAV)X<kdsT$dOwM?=>tXN?fq
zNCek3;7R9sU}AGHjSprt3u6V67(*GjMJLTQA6u@1f{EIwf@pHjh|^UAbiq+MTI|MW
zKnS!~S&m#46oBcRTERWV6kS3IWz{c0M?kSel~)$2y`8mwL7q%F&GCza0=L&^hFnDv
z&mvlIOOnl7O*)d+pS65FDci|==G_f7zQ{if+GzMo)V`eRE8lU<OU_w$;yObUJ*CFe
zmIpI;{CLAJ>|_)dI5==Jl8zB37FHm8f8Yz?ZHZo>$gVB0Z!{t{*X?-$H-6hIbbiDO
zH`Xqn_rKM6Yeg%5y>;H4OF$M?!%gW>u4+Z!VmTK#{}?c*3CMnlX6DKnN~M&?B4x3`
zAtKyLkL~M2X5%V`ZsI*J3W*14%{((HyJGxanf91^LpHJS&=LKNOe)g(yhlu%)6a@L
zAwY+?0Rs~zmOv1;DD`(ye=T4v<X6rSP9bpx&V$cfnKP!<mbpcbr2X!!eU?XiJ{A!K
z@68q|^ckrtxnks#afa{6*~(kZJ>m3p`KWolOzpC#ql$8Vvu&+60jRxV<+v*Cfgep1
z%u3mTfd%3hx5rIvw-&T_L@%}ZHl+*R<Ro5Fq;^PhxV#OpuqVUn^e`)joaLTvy%w7m
z%Z~Hau<6P)D6B|m&1y($|9-_+9dk<MwQOc_ZJpX}{?6?^Ug@`ciPmAZ=h7ns%UfF)
z<6ioW7Rn;|*{nG$9oYr?$6lyp#i64z+!q)qJ(rgC|DlxkDqEJ`{|`y*slVj%4S+t~
zCxLY7$k}?UB_(}(qslUbM|FGFUv{7L)$%oW{)EHGh~9Gt9gLU|iz0;&vp=H=M?x4Z
z=3Y8B8NVF)>X#dC@`vL?XVGt;aY+(!4WI<=;f-B29AQC3&3?ECulUo1^7n8h?_J|4
zuD4J{QnZP7u1~9m=`&+~qiTU94~tbhR~;>~L{wiyn^vz#ihgr3=l+=Ihk$&nnWvBJ
zjC<AV)%x~zgYCvgRMfxm?VA>_&sTe$`AQR~E!T~oS|`eDpa04=l4WX0VWRc#L&o;<
znN@XScx3{1c&bK94RTg(Pr~x|)w&q6Iw9}n7^=88M$jO%VHg@V07n10yPj^b()}Wr
z#Jzsu^Y>R3dd4&rr|D!qHNu_l<-7c9f~!2j^#Hy3Ys-A}t=f_6b=tU;tI7)whCD-l
z2-Nbc$+}r0i#KJbA;cfb1k<FPY-7=7?`hxzSH4ad0NbY0Yc@k;RdZ7(SW>`gi%xwD
zTayCrTjpnPy%sjzcd*hkJzputD=FD<tN2VX>=cJ5RaCSBmM=#;;1{#79TN1LUatl%
z;4kN;d?w5`>uNgH88Uq|6?Wr>E4~lF+T1H8(sjYfvUhunYUKVgoT;Bye4a6jD7MhE
z32E4g8of(B!TOEc6j%6qYj@KlpLn$DGu#P{I9Rr0p%p6qR&w%1=_TSir38+6+e0d^
zcsuISA}Lq+>6iAZW11vgv)*+u%Y|>9K;n+ybB7O`98{B#P=>0Rygw#}`g7^aVp<+e
z{aODviTanCSIG;hO7{jM%XF!PC*q_7g(`2zRZG->WRi=D99#O{DCtOw&MmfH3Pc~9
zyX!~m*F3DNA8HxCPq2;2t5Bsol^UC!RgrfJnIlm`s;V5L>{GTvG0Zs7o7CTlYxPN&
zfyxh`wRs-kQ#aaC?#1s+sz|uZ+N$>IJgbi560;7D-iV(NBXeC^|91)%7p~c|^go0*
z7P4%~r3Zkn|CXow<1Xlr>w!L@M=ZWCzT*chp8vA*+Y9XNEoYOUCx6KMH=j3?eRl8<
zp^}F`)4WlBWlr5IkP8qx<YfJnias4ZA|T4kqzVRCNTeW=oiLTJaQcwG9Rc~r)TQ<Y
zUG9I<Do%D@&HLM0G<T?i&EA2-2*DWQf01$`c&ds~vh;TOadOJEzoflrWq8#UTjblq
zTNYlykfExX-~`TJLcGEqye(W`&;e7dM2VNweM7wo#w>l{WQ6UKt0)R;o71v8?UxYz
zq12!RNffI1a>|Z;K&u66&2FvF3Vgs#bUrjaFqLbR<0;Z$sIpTZ;5mdyw?yX74Z@oK
zI3IFkvn;x>c>=60vkiBTj19fqzf|gw7>2f#SbcTPr@w4sQWS=3sI|Luv;S4)G|Wa&
zsIhM%3t`Le>mkM*Kc;1i(^M*x6GrHYiO8HVlzuf4HviM1@v@8kApYpSmmdeqEuw?W
zg2kBMOob5A?CMl7sl}0rDZKV)Go2w$e_4-$0bxyE?~+I5?o{l-KUvf**nVm1@GU#S
zUsL8n{vwfT2)5Tqq=>765<RDiK_QLXIOz(mMksmW7yb0L4rZLa1V+&G%RO;?(u{v`
z?eei||3<|&k4o6SIq#8{XrNjHIm1Du`Zl$*;Fv(Fk38b^KyEYjlT*Vq1y1$)pZLvN
zafAku{nS<PG9<ET{nPPIkT1jhzX<0i!_7q3|LnDNyYg-?fYayaY-Axk(X;4fk!tVv
zihZGBxxu(y8xKHhz4ohm5vUGJjw8~svDfrn57(EU7%pWW0Fu!KVpmC9@W5`b&x{SX
z=e>Ve6_}|@(?Xj>2+<UkLha*8iO0Kc8G^GLR~!;VT@qt~^i!AL#bYjgcQ;#^HM-ZU
zHq2OUr0KZhL!$W>f`?V(IW}&n3u>1@1E`lzWl^~;eGM)RUe9Iv-0sD#3qR`wLS#fP
zE>Cso7<)_z8i66S!pv|OIc6VEET|&>Wq*z`yK+f(zx+gcpFj@xD~JPm2@0;$&TIUh
z^9v{EV;Cnx_e}7|VS;-lg$Oyq)@-9^Q!)`gazk@8m_KzWMD(H93h3`YRr51GQQ*a$
z+lseb$MrgO!B5>fxc_zo#y7WZ?8q;8RrpeJYPOE|3g^Z_y2S4bR1VXjFvd{wlE{om
z<4SfUGO2iaJt}jD=wElIKmYOP);j)T|5F)!^pM!KxsvIFS6<&m-~<<Mb<c}rZRD4r
zzG(0|hU$`MYhmM9UWONLcYNu3EfsM4&t9E0yhL8nzz(9TAAO3}Z%~$i+o%7$*95zd
z99>rPS$_q6-AM|5k%V=To`u%02)pksMXa~xPCqplbT_2+%Rj8)bCJfR`Ty=+tDE$_
zlL`24Lsw`B;iW=L;?Bo(FNDM16-gFL>&87gwhIalR)!iBS&Ht#%Y`w2bwqG5p%_tb
zf`9!o?*3w2WuhTMlBwoTDjoD*I^gLJ!odYk<|ROk8*|OJku?%<^9msLo>|8hDWg9K
zaeAs66ciEnpLW-O0aRfed)qCnCji=`CkDobm_}BE^u`7_+-wIcFJR`KzGG1wseVIQ
zhDKU*a-`U0_0QT8R=KmDSs5HkW^1gw-V)9gc=KRL_uf0NS<<7h>kIO)_ZMvBF>J8e
zL170$F7zFXsttVdy?N+r3!1Br|GZ#*DD|tmKMD=H-M9(DC`6B&z7T3^j*8TbR@dzB
zC?`JYmp2p&WENGqK1Fj8#dodNHP|n~l%t{Z!<5P|j<EdhFLz!&TK%~NPN+J&U~80?
zQgNnCq05yI&FJg$*mxYjzj%5*KYbk(&~1Su6EG-L!ZHYl!>W2Xo{^D~YLIm&Sua0*
zL{W>WNXfNYBKm#r9d%^GF~clKN!BJ)u5y1yU9ZhE9*2G|Dv5TAumQ9DPa9KZd7bt?
z6&m0kR|ncWw5~PR+}{V>-2~!}2Of{2?{0aS**EdS*!D-e>kLNb2aGnZK*q0;SRjyW
zv_kVIT*1;nCfbLE;fKaj+oHXSaF7ryb3AQOf<VCbW@xmhV(5S>wPAK3r6N-dnNkx5
zQKeedYC?Tx?hB>ZmyFqL;;9ZJ_<XTI@(`<`;CL02A+gu}74CaZ5+MV};z_>yN%2fO
z9U)BkEW(sLEnGLUvn2!ZII=0Ao$L$N9%YbR<_3AiKXQFaRUiQWq@sklkPIA;Q}Q14
zKucH%vI}>jq9iPa0}?~6W~``JF#WZIX;R;r%X#VLHlRLL=+V3yI^43Fu5Rv_gRk#a
z^YST<jsKG0K&MXQJe$_CeXbUki>ao?4yyh=RwP<K(kOs};&Dz9gCl@*DbG;VZH_h=
za7E591^migqa?=*1Lip!BpUp$w6l1|h)43B2q$`_GJa#vN7^ycUq_KR?)mAw8i}SD
zO6*AbMlYV;S*o&ljJz<9$*O!qi5yQcu#Lte#Z<B-1tnt`rH~42TQo+Zd`zsE^qChg
ziuHL$HZ+A`$p6fWNX-la<e0hXOa6MSy^J5E;fXd_3(FtfA)YL@;(zr%?B7|Vne-XJ
zKUX2frsIq@aGxfnBR$AV><eqe_Cr%&hUBrnVe67M!Tg@ic}Znd8-2qxZ&kKqUVwW2
zY}HEPCn<Qo)sAHuUbNq$f7+Xbh0FO`WNuWqaO}6Uo8N+ihPu?}u3ytSm%JPrtnSDO
z^J6q(^+Z})kzV9gtMAt)I6lpFs}FsHXGXOgBTHW$#fRi3@i)4C$ZNPX<G!wK(<OZ)
z;@mZHVDk!D8HSj$a$@y4LgML46*}S93D>nk>b8GrCImlU83*`?ZbIiKeu6mmOc!uG
zC2=cd)v6~V6XO*{5v`-2JlEze1G*(^d(CmfKL>7^R`Zw;Fmo({`fW!)WNhBLz>Qk%
zb-(F(>?Kwd*34*-qu$GY`@A!;ArEWs4ZSk-TtksCb|tUPQC`s!tfgg47a`3|5>eIq
zDsSnfU&Tp2CKhLCnj-a5ld=X#DfiI(+5V!lMgE^J+&Z{F9j{Oc?vEWi6no7xzc}xg
z|6XJHDtFCo!BgB5E(cC#Uxb8)P%4Rm6M8f`b8!eRF-bZk{Z*1$1AG2GcJ?gOk9$CB
zUxPfs%ZQ(!t4?a@Eqcv9S_XGySbq7o^6&XSR_~VWT?Kz*<WS$oWqx^2H8ioJnNmcs
zO<b)6(sKPxk5z#LCqy*-d2gX{>swX0!9D4UR;DN6-q><hqgq&F2Q3!rIl)=sTPMO%
zTv7sG_mB5wjt;X`#pQMUpGS8csR<qT``HOs(00HU9KN-Ut%U+cS+AmudAF<6oEeFj
zK1*4PbmF38GY+l&JUDkbl|s2GW0`5A`<D^aOo$i~O3F9;DN`5(@}#z`nKNd;e-pod
zLmDq3aMMvoVUTLdhG?0GEsnTU+S!FZ`{3;1ih9+^^3@h{5SJ*uxckl(FI=-l+}m^l
z=?Ez8LB`DLh4e`%5pt-qwyO}6GK@SIcg4lPYCPGYBIhG&WR9d4_)W;#R2WI?TltfO
zIHn=AT?{ZJ?%`1?nFCM%*3Ib<d-b+I?@zfFwl3TQuH)lgyz4gs$LsSksI37-_5Lt?
z&5$!3{khg*t<L|rYjx70<=A}pPrL{5Si)$td|J~hJ4i-MWTjpglUEcA=f*^{%zy-?
z9@jK5`9a-nf(DAh0hC~p<LP24!Ue(33HsNiP|c~z(?1FvGeZRK*Gt5baEEYIQp-vH
zid*HF6{}|n;=^-}w2A^V$!UKBU7C)Hqe%(4`dec7h4B?+QkCzPUv6GcXpGGK`{@4R
zx*UcUde-QQX1x5rU#vo#HpJf9o<&BDxS}H+s~4D86f9j~E1m6kNB8@cjAG}1wiIhd
z{_R#wf6TFo*S*7ZlsJt=miaptzKT?!P2hKZ1toI$1fT-S*T#>!K2u_-S@<2p)F_0X
z3G{&g5agUmHhFD+`clFBoTdZ9RAVNqH_MuDs=o$9$P6`MbnmA@q4?m9qMwLRWH~1E
zH%1bUpk6~l^q6C^?7-e$EMgI})NE3;Ps<c(Ophc7g=xeUdd!UXgId^f!~-_gnfV$U
zdrnTW?fSs%Bkc_^iP&=-dsqV^x@Xgn^FqPjep{@W3+}Bq8rqokeZ!@FnBB0kUcHT!
z(1<6wF+615*ojR()dJ5h!i{SLdn;W__3iUYI%@i6%Z~6grQ|;sdxg%uP^{41YEvQ^
z8V7v#A&mDNe|c6Q_D562WF4V3-Z$+Z^v=?F8jMyTOg(8oKMz*Cje`9UG5J?`{F_`z
zj!9mR8g6GURH>#@oRvx5k}Cq0fU0oG>7XrG9Z;G)2B|7zPYuxRpu7M4j(_;%C+6uv
z(ZsR;(Rtu7C&w-$9HItMOTkZrP{1Zq(7s}$854#aU9ko@Ss6H-oPr5N$h?zDu3h+M
zby!j=|8);f@P}`cp!@+RxlGlkseJhTS>Wwt$n_nfQbkah6*kL__D28hMB_(YCHBrg
zW$KH!yngWNd>Jf*4`Mt6Bap}v=+R6J(GPmLNty3){%c-2b&ZJsy4y?HbuARN^9xAw
zALc3pqju7T)Y)`?8aS(=RfXRE{^uDX_FK4T(6UTz`%?S;OaZVr7|PO<nP&2rHY-7A
z0pcWp1hrpMQT|1n>e{OyvwfYdynn9XDC%eS@=8kdYBus3(QO*Va<8~mhqY>1GP)~V
zm;aV;2|m@A5R?fpZ}dm?11#4pe7g>I@U8_0xXDMq5}*~!UDW;k{(kqX&cO5g(nCp)
z<Kw}3H<$g|s~ez=QT$gfIYbt?fz%46%$pn?n<%5=9*&+xlm`C9kLPnB191v08igZx
z=~?I^culDKDx$wXn_{u+`>MxR9r$FqG(0)E)?eQ0v(5U_pAa`l+hJ8<ZB20ggyf43
zl}9L7S+-NY5TqrRJhC}~hzsImgk&a<R*Pckqe3gXc(r($HAa$XfB&Py+sntj^YZ|&
zor$-;{eN3M)(jP89~EtIN+2cCa!x3X8NJXPB$BouS6_ZMdc!>yb6w|0SKd;0J&Cl*
zi<k$-);Hh2@pI0SK-dfF`tR>PG4lUK2TPl)jqB;B!{PA2jmL>A?VQO!zGBzHM~t55
zuL9>t7Ffvez`x>yODZu9T+nDsNN(VfCLGSidxu7c$AA$j)=JpVi)Gh!c!jo^mEiJV
z+mQ1a62%*`3Yq063mp1HS4wblvZ7WnhxX#KOiN&L>ZKk#-WY{~F0uWroCqAwBHKR5
zxN;PP{4vq+_!)k3-2r5b*^E8|p|1$ezfjY7P=t(iV8IOC@aPH>y??r3sDEM9{D{$S
zL8kTaG-dr8<UB@z6SGIBFlG8RA*lmLD(FShansJ#{V=3!#J((DhcnbL3BiRHzXX=u
zOEZs_(7nffBR6cHHN&;Bg3k|kSAjT7H&?|S5F|2+`^qd;NwbKIH%2wP>+F^~{b-BD
zj{P|`15x_D9bHUC3(UVa<PmGS9q9M?AO(s($>dAt3jY*}2!V}jRK#zM5DBr=kABaC
zm#f8<L`I<hDL5H)KM<@LkiC}>X!(ufTwLrn?tJ3Wl752GOjNL2h5g4@ut~aoI?_h|
zJqoU$0-@go6e4*MU>25P<>)~+OcrY`Jy>`9{oYVVPT|7?omMQP>CX(Dg%Ir#@DrvQ
zOM0aItV9d?C%x)1_4J>`Q;25u<gQHp@j=56>C)?^gX0cK{u@9vdH|5h)aMEzLYTp2
zs~_)VANqoLo2hXpTO#G=XacgQERZZAe=G+ur(~4>+I4A+%0>_hf)&*JBG`3`RFTBq
zu}ohew1on47=mG&&(fHo>{48_Y3Ty}5K+Rk_(T{x#y=n;DVT+N`V#h%>wX-^DDaZ<
z85!^aTMr8b-}Mj2yOR)Lp-<7qQ^S4E2n<h%qLK*IDwO_0>LTOICWpeqI0c5Pl&V-z
zJ!jPlt@H6)rKFP=r$fev+Tf{hgj>UGzG(2X?WM$8T<WI|W|NVQrcT3{BX!?-V{Q`4
zYbPZI3rQdyX4R;eFqxu4nFiDfwfqKBQ<P&2U6N-a#zczFh5iA)VZc-z^Hg0uCQkn0
z<)>&R;$iDWiGMIda)djNj<|#`&QOtA>nKt+rj)R98o2}Fn2dE(vMN4s+c?@ryWqzw
z(W>6>tf6{dnG{!R+P_)I+phEXnH~cq3#JJ#erlSK4n4sN^~NVzTFSOK+nD0R^PAmV
zR`Khk2tL>pevO>+m)fyS4aZow=J|v%A-Z(&g;p&*`_*%)lAHUri1a_O%HQp}!p1KY
z6U}kWJ{lG<`=Nurytq@dAq8K#!x6_`hV$e0VDxE44`0&Q3nE*-gT!iApMg0Q9&Qq<
z1&h^T!_=>Kw;$nVo3C|=`C(JaUS3i^-#>cIZ=YODbnV^?&&|@~BJi;Uf6uM9O2OMR
z#m4*2?ppRTHBnxb-1q}3_8(c=xZU6Gb*t3s%KmmFhfAQB;Xk5-=hC&%YI6l0jK`*j
zw$obC1U9Jtzm~mraObSU=(gP!M<1qAD3F{b_oZL*WO(*wr-5{A%OqiF@|g1b8XG>7
z*0%<`)oqwNcp6nD)-E(lYTM?$>BwU@(WY$jQSj7w|NLaTd-0Dn!O`DLOMfq)L38%I
z8ov=yW_+QED(H}$Afj}}?sJVToISSxys;1|exI=yu{6!s_V2CD)covQ_r1oxj5j|b
zZN_Sv&+5Y#JvFK8)&BWa&()c4fA!pTm$>qh<)XyHA*C%*v=L-vU<MgG8apsE$J(G$
zglBpiv1x3iSTc)L)#-Jb7_wKRS5_pMrf0@NEQm<3Qh?9Jh`)O&l&e!p@_OZ2c;tD<
zzM_2p@)u|R!t^2pJ_=gjZr55VciuzqMYa6}t&#Zs4%aTB#5{D8zt(Ik(Y2D0r>U^N
zKK7Lva>K03$J_jR_`u6;on|_vqj`M3j3$vT`K<O*`^V?|V#!hdrnleEU*bXXMVDOK
z&`>?Ka<q@>8jK~2sGLFHi~r>bB0ny@TkbNMoo_h0?Kr2An#(1S3pn{2-&*GZ=|UdY
zu8GaV(*i8nAMAw{C0L@7WojOqumqw8+I|6^(l*XfrVHg=8k}E9ufHO`@J6hRh$*%|
zO;iL$km$UugcXg^2C~wqku*?Aw(Q+hSqu=NO2(d{mk^cAUMZQ*hN1RT9P5ib^Y9>w
zh5_8*X&u{O2uWixqH=1h`bzb;$XLJc<?nBDTFGsVM~On)vX7*)1dwb<vf&mz<x0$_
zZFMHoL2nnF`l07r{S?47LF`SUsd9N;CmqfdV=|jxvRLmH*y=#MIJ}VL^E%0k&XGAw
zZ^l}0+&_EzAEV<0VS0KZFg?YCJ+!&BW~V3~7xeLgQ(xqIvjRjCbseor@mCkUY+4rK
zHj?Tx?ynIrw}u-8V!n8Y*vNVc=9pw6DOjugMfWHZ2`AT;hbxflD&nJi5H3mg+r8BX
z=-NyaG2*;naG$-d9S}kt#H*H$)&>IIvRgD^06we`_5te?za;@=z^^cWQpSSs@+H~z
zcQ4Mztz^W%Gfr1jk7`tsR`Oz(q`Qz-43<Ex(W{2!p-e_qdwp8$oMdy|#w)*%kHoZ&
zs+L?j+>4&L?O{~9?&vn>k@w<ol$S0AVO)~I6&+o{LIGA&+#dKVAfo;r`qPW_C-1W^
zrbu`H%gIn*v8K}x3L1N*?%POY@wfAZZsR9w#)F~mKq;}Rw{a&A=-dgCV=N~y!fc0Z
z-)xC4K5H=U4V~y4Wx=9QM1w||9(Fip@TB6G6EczwRb^o>yJYJ|5V5xM()ICFKw!hI
zX-p7BWa+q0ypTjWw*(D(bljvkj!(H4WY)A#3(e(+A3%c^EjV2tMZ2{FETh`@@8EK3
z&PXJcW&b-C&Nm&+!v$mH{KL*K`jVQ{{<F4gU|;uphZ-zP9fa<FD)Wp#`Mi7G*>Hr)
zveW<H0(ba>)a6cHpx80V(fRqGTmOeZ-`mOPAU996_R*eO`p_E$v^mNF(M5ZF8N~wS
z>JVo=txcx89V0^VDJdvR0QS^Yz_&lwy6ff>Cs+LZYFGUKJ+8F|N!{*ri!G4pk_xeL
zBB1w(EV*bFS*-01?#5DG1IqM;ny*F`K~jMMD^ogh!*tbijKeBhlwa+nD190O66y|X
z0`5&~3>Vv-+f4)Gvq915E`IZG&+vM3ey{1^r`sIE{el2VIH4N88q7!}>|Hv71T~5*
zdbAmnkY~5Un;KKx8iPTizY?S=QQKkT!gEhap6@Qb{_vyusRw{5x?J^{+vR-l{`R<_
zz^xaP67)-+6n*XzoLm!dd~vutnaNln)0${H`Mqks%kOf3zIN<wkPr@l?C7s!Q5iRS
zLmT%B${SVcZR>cWl~Ha4mc~q@mD1O^3HW;_lMFotrf#C+jsIHZ1+A8vByMZ}4AOF#
zt8uFb^7`eJ4DpPb$g<*Ls`~TPg-zIGB)_}iWMe+0ba$N6(Mk5@WF!NsNbA>yoD?zh
z0WH(8yRq2CshH9}D{3=}tk2WEn$I`He`dij)l|YueP;dnY>#z^xDtW+YR9{BmLoIT
zzF$Ca4+F_M`%BfE76hXNCNzgdq{_;lW(UJfjOa=mNg1+I2;@HOFs%pk0sn24kChY8
zi6<qyz2>|OCH?0W^VcWQt5sn*`h4<rBG<&ZE7dC5H*e(*zh3H=^1^{>J2BER91%!F
zg$krO^G%MseRFn=bA3*y&5B+)AG3UTY&eAyG?e{gdI&}w5s;jfG<hA~mqW%Q+eeja
zABq4^XsT&ZDK#Q+il(y$Nk}%aSdz99<3Ha$0H*cx>ZNY$RZMed=PX-~y-7G7;wWk}
zO?Ndq_B^6KcA+@E+E$VzJHZGhv179?PCEX~_VvKTGV%9Yd40ISRdTXEyVbt7KUYG}
zBL;-t@u;^U#WW`QN<ekT1;4qKSBCKvXU!~)ir0A!7tZTax=LG)TeFr#4(`0hCE0U}
zeP}&>vf(p!9woKqLRW?s<B6|FlmAtXP-(1gpc)&E=?wC0Y{gnL(3Jk;@5+B_?iY0r
zua#F0max~L6H=bShdOSYnziEz%gyg8^dX~o%h1<HYr^@~@w0i;GasC<L_{dHG@SWc
znaykC#TIbjratB<tep%mFB#r7Yhhap7nK%=!^;31>0=%g)t28(jVYQjyR$OxlD~{N
z3s@N#*^>w`Pd9p}oWb2DAvL-`;0t9B)TOKD&#;$tb7(7&fwwQ0`4CWs@U6BO>QS}!
zL6jOwimIp<TB=J*V&}(>koXM+7ON=M!PxQ(g7QfVDz27kzTAbYoFdAttLud-3BUOd
zx+ceSjptHE2EPn$2r=!I(VGBQf@y){323%SJ3s(0n;zW)KLM;LghZDtii=$BU2UX9
z$fRrai>2z_`PRR}RD}1au2DH|M|AJ#8fpJNexPr2VoL2;y|xyZo3WBLBBU*R{#NCc
zQ+980R_`3Hh`r<2yboLJ9}npN6#hE+m^j{Fi>hf{fDz-ITT-e&Z(%o$tn%O1uldOk
ze6lXpxI-0N<n_!nwmh_VvCL-wi%KMhoBPn-I9-{$jrYY{DtJWSg*|;sow!=zFwdy%
zpWJ2+^J9^(%5=WGi2-?4Eo+)<_$@<s9X<80;*rxUhCYjBKgKYDMwmnRN?5^^xJ~a_
z8DCw%>|W&dNdmO8u_+r&KzNuKRi~e;s>X|BjqT%PKSOZ+s7Q<QMbGncK-(`Q1I^a$
zir}h??*yU}OJD#1kKd{_=<S=@D-zMOvl1Ri9$_AXmE`$k-l2toehNZ%k)BLNvmOxv
zf6G^@DH3V=Z5M!nON>j5*Ro_wBySyU1;CJth&FmF25a?eOZS3sU>Z)5^_zwpU0D5g
z_X_Lfk;MdJc;=zhJFsl2Mb)saF?2^ebz#SmVVIbm;h}h)2cBYSP_K+<k-+c}XUsHG
z3}yfhsR11`KtTk|GY#yq{xS*$(u5<z#Z0Qv%rJAg*a=~U#rb3&U2ORpxPlWszxYlR
z-*w(UV4r#<r3sqyPU|ejWdBkYgxDz&P)$)4%4V)$P~%{VQ>3PAO<8M+Sbgv^-&9-L
z|Ks&>1%1T#XyvLIAv`xdN#k+oAU#=i-11uCpQm(lj-kEFx7}>jGp|6Tx|2hOVX3Q2
zYj3c|FuKZ?&<WDnDd;L|wZg#=W<|f@+Vg(}Xoc&d(G{_KtX;V?=g_GlouFe^XQ}eJ
zs-3@G_=Tto<sSY?iKQyO@XY9xb50LtMNIQ@rlN_Q-H3sC1Z6c-a-?<?Uww^w`><F9
zrWTupxN>AX{-SozGyo8ia$uw&mZr<<84*o4aV*qohz7PO(L0vHeS8q5t~8@#zX3SM
zuU<8IQNc$6nM?ox<~ej0r-=B>7w>>?@4((0ACB@c9RRQw%68118_|!n?B~o9>7F2J
zgCkdr;%8%%PtM*>h3u7X9McBB!0*Fa{U!@f#Wo(IHCSK+8&d#Ta*)bYCZcbJ%tjX?
zCVJ(|4gK<8rs0_^Vdt^LNZbC>kPrz3c;Bk&^<Wf1sH!`Hi7&&)4QegE>yWP6ATx{|
z`^XgKlMzN|2^7j-6733~@7?Hf3uwK~z#u6dZX~4bQw1`;VQ#=luuYqJNe*QlAXkZK
z3ko=Sm(TflvAjaVSC}b!EBdvor9xR&Ko(O`S^WIos-W|0M;iNoy0&i7F!iFvvG;d@
zmruoIh{p3H1Jj#iW@aWRCc0C)|4Xdz${n|VUWUEhrY~AW(|IZjs{LM@er&gMG`HNg
z`s7)gaf;k-JO1=ty-CymaDT`2c#%DfG_*HH5kRxn-ns8}dhfnpo>Vj6<#oI?ANb^^
z%`eUG_4a^F1Hf7P_;`MB^y4@t`t-*}6~kP8v~cT7<agflwzgBZ{JJ2fXjLG&Hd-4)
z**yPqewuzznaN~F3^uKg7;%a&$tVMudD5#+hwuJ9PKL#JyK4Rc9pIN^agMyqavc5X
z&}C)y;zo#&m6d527{>B#wv3Y}+F3NAq!^4A8VF!8Il;~Cgy9hbD%0oA@`uXA_P&Jk
z_nJ#-LXbRAo*bx%$Lg#r01Z{MPG^H!*5ZG~0s+D)n7KqNd4(}ZIg9Q`H6A%1dYW%A
zijCO%5VYpouEeL(2LhwE1@_MNqHZSZ-XM9>aBxaE0(!mm(n`8bM9AB)yFAFiIv|HL
z?lR;Op~(&_U&g>-$CoFSE~JsMiD?!Ha_AQniiPkh=uC%P&~qBZeu(2;<qX^c?f(HO
zrbUyJ;vBElt#x#JE*!2+T0Hn1&r9qa2XuNK-B|$!5#^sPlR{1!BiVz$+`+h<y!-@2
zh`c>XmZ7@jwDQ5c^Oll^L2KRJcJU7q{VNQ|9DA$-Xm)?HDmY+Y)^@e;fd3<I^-B2!
z2=@0yPiA`i@y9OTuKi}sR8BG|9=ow1b2g~HhuoffaBc1H?&rvE+OF7IBv;xEN&na?
z6DbH-K+XjKiPcHYTbix3eK*S;H0J9QeEqRRc@1Nk;OE7q`KK)awqCd4Z)QLQU@h?W
za;<gEux?U#V|nhc8x5wxjm`re8Zr+?NGS?v00WHz<)xIlcT1nO<?^+ka|)b%NWxqH
zH(j)OijTQ_qph5;w6iHkg{w2FD(#W`;kVzPRf6SIue=SPRk}}`-csK;W=e<7eB_@i
zEvRD`09ExLNaf%v>zzBAS-(HS@zb}Tg#<J6veD$E{$l!@26-igSx4#bG)>rcDes7_
zKFppH2nZgd#6+HkWd6aj;L(!{hicYg=|bE|qf6dSZw_lr3kx7>Yxuqv#d{ixVDOod
zay60S4zSP^v6SkNhsJ)<P{g;p4X^4+_a3z`E6T>znR_F2nyvB1q)<IPOCw=O^R3C0
z)2v9&H>YB*8j15P;+@ZA6ZvQDlCLC>DOId=4f~dQ2>)uiI5&tZMntnHXsYRqAC}T4
zH!}<BY*T$z+hJ|QXJ=_-`mWkb2THC~yeGfZ+QOZFH(Kz*OHpKk`XiBp&#ntVtVehf
z1Nm-8`+cT4RtbLeOGV;skE~qW9^%$_;+dMx=HitY1ckfi6d#Yh586Jf<x#uc^Yb5i
z2ee!K2!XhV3La;B!VRT=>`qnGLfHpK^X%1t{(F0wIMj1Ti-X50ch`G$T{+j4ZWcE=
zxnE=TSN-4vk}bNNyP{qN#no{Ok=yNF?BAgt?XXM-FVpX{qPNB?GZRmjM+d6f-+msU
zy2g(x$g|GG5(l%heq^pnpe!4Xc2HZ-<KCEb{%b>hLv@x@d1tytav#*JnmuX-42`=k
zrb8~!Z2atGbPI7=$42wm{?}c42r%vC{?}cCse$8RF3T5p69*H96Bjq$xKy!<G33l?
zuI0@>`-hGtM1SZwJ&|L_R`E!Pw<V-&Ik3Eco^;Fi+~`m2<==yFyK0K+6$Wz-{lS0U
zkmid&F-L-3W%Oq>JqC&Nm`CchDV@s_V?;ik*^8}G7V@9s0|I;QS1~_}l`p<ZFV9yz
zjx|M$bFTgw-xtgG(ciOQ`E>fV(De}J*kC%LC+Vc)q}kA_uk|(HHFfTGK3FJ*rjuL0
zzCoy|H|+&O&Bp#mPzqBcH*I_jIg^}(FPS)Qw*+iZv1)gRBa@GWZ6I|WHyB!<Yx5(7
zQZn>~j~+MJ9l7t_g{*PsN{1U}y&~xh-q^`M4?R!v6I4<mD|NP}sMES$zV|&U&tIu(
zM?d>?m~z;_P^Of>HHanK<`^i&CRCABjs<z7uQ@7D0G@44p1K2pwbaHv$<RKG#RnYd
z#mObqH5=hu@P#unLLSO7918k1oat5G;nQE)hxJ!1&q$@dkko|zoNt!{l3cj8AsCw6
zryawd@l3t>eX&SQ+1W;#1z6BF9w8eX{5+J+HWDiJ2?1hoDq8E{#t6p2v|6dEij=5R
z)+7(uFu=#GB#)*9ogA)l<XxI`=Yhyn_@SI9BL`a4k;B2RF{;J@Xrr-nniBr#e4IyR
z|4V(hXSF`4RLQoE9X!gm>pa&NB-mFSJNVXoCq6$yb#=7zpu<_bnDQ^x>}8j16!Fi%
zDXwa*Ua-IIN=YQXG16GGDXK`PGI=e26$(scb*7#L)#-O7!}xHVWl}QzEe?i4GENf6
zd-gEJ9N7lK(hv3PZE1S%lgRO?r#adGRs10~g^I#B!D_67`p5)03|W%OnX$+j4iyqj
zwQEUb5?yj?R%>rB(nmrtV^m9ET;8Pc_=d!)AXon?3I7i#xo;1Q7av#K&9h$?Yn5Fc
z9tyv9xjXo58dy5N*xnFgr7<juuJ4oopMw86AGI%bLX5koVokZbdN7uHpyC|<x?y~D
z6j|54_oICc%KU;|v<sh{R9%Ywp8-NP-MS@JT=(P!Cg($RzjI@aF&8^wGy-by<wK5U
z%QG~`tYm#5GsB)K8OjO;%6~{rXq4j&)igINv;$8J?yK#J@(h%`qi_&1iDHZkPeuoX
z7(D~ixhiWW$BAVc?BWjyggWU=GCE!=y9qdksVXA;&zKEqt7x_o?Y@vZ8&^898ibeb
zftvJPwJrXVA_OS$el_1US-T3y-0prCTpD*_(_?vd;J9dn-C{DP(~N*;Ft-`UNqvl{
zZirtR+GZ+l6Ut#<$>xP%GEyH^E>hRNT<PZe1eV42;vHgA($Q&e_l79=yji^jc1ZS>
zYgQ~fDFajLW1;9!boB;mpFf^#x?gtbG*`w?a0uEIPz;_71KF$;j<H?|C~Z5T-PjH-
zICp!4b7@=Kh<%05`yL@=<Iw=Zz(f#kCRdU?-eOY}#&z2=QvJfm5bh{B2v;K`bnieS
z2bGk57cpVT4BU`I*;UcIa)S9^bb4RT7ie2Z%y+H&d$pTCc->E$KUw-=G64o>JT6Ih
zs`&>Qt&B05e8amV_iAddudZ=hCp&cUz*bCHldJ#nO9%KJ`U^Egg>h@X>ACSwia~cr
zCWP#|iqfiG6pEVNH%#R0N9wh-$NH5r7nqHO9EKN9Y6OtwSnK_*a=&rI+#_Xt`>(87
zD##OcCWCRcS_;Cb2imqnc2<pv7n@7(a(W$!Rrb1->}QUrZqwu!y7mviOa%E40Xu>1
zKF8?hTqjLs8F*kG@awLYHS*nk561BnS}~C0Ms<H|cwCW;@84PumU}d66R6Q`ULn5h
zeT_bl$7=cl)98LkM;Ay2|38-`Wmm?idYthkMSCD|x00by)BVQ2;YvrbEE(PG_2^Zd
zbo=Rf^S2*U%=B2|3%B=jLEZL?-M;%Lbm8du7I`Q*@j@$bdd2H?vGmdVBQ0r4k!@2;
zkshEyv#HPZBtgmLTLROEsUuN*-&=YA;CGsDcY2Cs?ZDQW0x4lYAdHfp3jmXqYdfry
zevs>KXP_$$#OiOj5^raHCHuIsE{R*d9?;ARQpE=7JxwTyE>t?Fr70FNH-G(V{^#eu
ztzKYWu$Q|MhT|OoO&s)eIF@>Ndc3wsDS<M{64k!l@ykO^OS%1VaK3Ht^w;#K(k9g|
zl?U{hI#zA2UW&{ow$;U1&LbC3QJ>J>pV-e0D513mGcXhbt!lv}d+nVM(T^m^eVNP!
zK{(IrrODbSpW{}ybojMrVKG24{qZZ=UO+hx^G)0x?u7_Wcf^+mg(M0m-&LQpegTYN
z{;m%HouK);7ZP=dj?faJn!o>9s9E`4hcKZ(J@wcf%T{~X?20|=YUZ!ci~;nwz{Uz)
z_~9#pJ_^bTZB|8D#n7x+{ZO?uB0U5QLu8#3jUeCl|EuA{$cRUPfZ}lh<30;!Vi005
zM5@X9lBxnj1LR{^^vg88Q}ioyP7|nTSulSG#%n{LS=Cc1ainp|s&wSpaU5g%<DIjp
zt2K`>vkVLTd=|;mY1>v+V;{L4#gUYMV)nxA^$vIbinwBIJA|o7b-Kzkn;?$gF!Grv
z<WL>R4eQMW7gb>GRqS*UrVPs6k)uG%+5?@VBrh&<zOG4_n)XMj_j%iFzj@#BdM9KX
z>c2zQNB4<M?leSSKU)B%dfQ@5C_&K6{-7NSgL$&y#<lHyETJjS6w6K7*y^7+PozLJ
zFR?Ifgem|bgbqN7H*XQbG=g}w);6QtT1GKgjz+3Eg2oPbV764X`5BS@S#OJ;S+^b3
z8Ag+YGyHJF+%Y86yT*2Z?=ah_^P91vg;zop#{T|wgIL-()*|mMf{vHAwfCr+e_tq@
zL~afX6cjlGQwf-j-G$%xOY%T)*)X5yALK?(cQbq-F8d`PipN+Jb159(s%U&O`COkm
zi(`<kj9@X_fQKtUIdh@~;_$|4Kg|B!^4FAowVH!#9`%8@4JHR_m&-%<vna3WBSV;X
zWvUIeM`=%dVqNKx6K&QmZsSuBXDyDPH{K7*cF+=0!!Xmo4zZ)v@7T}Z_r}^%NoO`$
zbwyZQ`Lz|#FnIjl$xo)<@)I7|4Zr`c0y!HIHrE<oCd<|ufo15T=;y+IdcI>b*0|=a
zjS`eDAXBmK+8Av{xc*rYC>@#xZfIrgiu5(K{ww5`R@@p{SjZF-PH@X2+V%4Cl0H2A
zo)B}em&?tEZ1AuscRJV-*QKD*{e13yYj6MN#p~}CcO;#Aw=ZC$tR`^ry9A@*=?oWs
zm`a1NC&k2%@V2@<ebJ2yG8vIj(Gp8@nJ};O3Tb|AX**?yalFuUV|p)jEvb1GM~0QV
z7z5WeHGa=HieJfbe*e-V1YBJ9O!|Velj+gY&=(s+7~O_lS}yR>6yN`;#$8G@?R06Y
zJz-yOci0$vQe{aGe!cqn;@E=_MZZ)BL9NuUsG->>l+x1Fz#m4P^8BF|S3DoRT~|5W
zxLeyljm{3foHHtx#{w0DfU0B&!rGIgYjv|$j!zjxxId->%u+s-37rdkWMyBdmUA>(
z99=yV3U3TkAjYM!U1}5|nAlOy_)|yjdX@gdFt^?K?fYw9v2te{7Lrn>o72nz*E1)R
zUXfGs)zulT&UE-Pe~%yFgroNbe7@(Uq0R@jXHhF$VY6eE*xCL0zyDR};D#-Ewi_DS
zsvR(F8hf@9ZOy?Za*g0(x^C6^21w#Ry>?^g+(e`me1(1NJ63-BpT)E$^taE&CL+`N
z`kh=FM~6lmWq%#}-U^cr;fyILq90K`BCDgt8=@~|e~0(xs<SHPGh<Un>r!}4^XI{X
z2iV1GLYc^3@N43Q75d^8ky3gtg~0NG0=oEWoS6uC@=qC7o<2wWVIz9Acgf-5_1nZi
z*Xs|-ZGgiMwPaKBLVo`2PTsg6#gmbrQNQ-|&&i8u8hM?@->`<UFz`KF$Cdl>xm_&0
zB2i9B2ze{SK@;|xZ&Q<6_fvG^4py4J5*eeS*YMU@2nrsM9?_pNJr)K=vVg?T2P8V!
zCZD&rwTA$7Vk8jaQBfU|1UT3c9yixzlLuDwSOK@k^K~jxuiyDgFolUw5x}XS6h#>s
zc2fMPiTu~3JPH?_U-aWqFSAPlFnNbKIE+%QTvoInqhb?Cu|cVcE{Tf%^4_OcL#1qK
zu~%2!O4T=QD<1G-m+$Lt3hf9dliM|G0)ERTjfwfwU!{kr+^U9}1-<V%_oJouUak&}
z#{q$jhqk32&TF4ebSQ+d(6#6$`-R;W2VI=2A+j37MCjt|#QeXy&Ht@2H)-qX`^QW&
z?NQj%`*gk|?XTj^elucud`Q^o82^Q}I}-wz)`mCWx_uKUOw(dPQh}*%?YTf{nvS18
zmO;)kOkX=TI>SQM#NEZCyJK-s<fg_98*gjtoU4kfGW_Eri;qj`NDE?>S~sErKyg4R
zn8b)PdAAV|lX582#%vA8{^(G}@Pqrq-lOApYqhf&RxJ!jV-99X#$W-9YP~U3r~Ts~
zqYy?BO~v#@2>Mcb&oo;%_r%m-bu?VjL`+|PVlBBo786HxamMgZ!|^Lbz12k2sGKo;
zJcu%2pbaHEK`k^JA((38+j@Plg*Rh{0$V&B#3bobZ_B3KPxt&grvx^6-;sfF6K9$y
zcx|drRUjIQZb9twMwqcF;ORmD=O8wj#nEG>B{%9!y}G;Wwt)SK;9@uqN1hxU!Xgj&
z`B)yb-HqJ$G{0>%`(E2ZF5b^#xYn}TGiTUM=?@NPQkEA8L$BrJOh5hiX`;z3Xx`YC
zq|yGg62OQBOTPvXT8?_;e}8N)l@35H)f_f-UGDrayLVf@%T~1u)&Pb=!S{98?XB|<
zznKu<JN=$o=x_YGb!0Jd_G&~d(R<I1_q$c!uTWYm1*}a*69mq6nWcn>vx1rMq^1AY
zrJ)x%eVJj=w-5@!H>sBnZsu*rYg;Y%TfsoAyC#=OhQ*V*?(YFEsH=PL`GU_Uih9gt
zva)zAfJlHmKvB!_?+G$pe$elXu>PaN06-O-x-J_7DDvOxQaf*3%A|44!E_IxNt_%D
zu(TAs>|$XG{gTw-kGA&u!kzCFEifM7`B#*OL;$ZGSpoBTRM1;fk!_bdLz9JtZt2Oc
zSAMGxeyf3J*K0#}%-~2cIS{Zab=~3Jan<E{<lXLdZSnftuXQZ?CqQ*=^pBfqCO@~U
zT6az7<z!%647e{x4<KeC{WzQ&&EKnT`McN<b|27QI&LP3yUxsnL_*3Q<qr$j5?=-s
z)DZ^^{Npp2ajiqmb*u@sCYg8Pv$J9_m*C;QWCj7yb5_ugV>yGM0IwyPC=3TJ{c*kn
zqjbx6!2-b{fPRs``qNmd8*&<d&jY0W>zSUN#H{NbUa?x)a(yA#i4s3u^Em!&R47tt
zH9!HsJd`POw<K|7jQQW_$8hYN8b}aLvpian+1Trv95%!BZYAI#AzHm~u(8azxPqFl
zJwFMFVK`X7kP}NMGKV<K3ZNa2#FLfUQR?TsQKV2S;_vY#9|(!&(i6~wV@WfSbE<i&
zuYOQt(UybjpvZT9=?WQ}<;f^aUQWNs=@aw)W|!dHxcFQVn1<B5q<s?`_8Eke&O}Ot
zfnfui)llyp9m}S53{fu5_F(w_Nh4!@<<+<UkG;2Gi>p}{g$EeiHF%H#27<fh#ThKP
zySvMvd2!dlHF&TgxD628-5r9v28ix`Cwrgs-1D7t&p-HT*3-JWR;}vp>RvtFRTM!x
z!*m9)_0!;`v@0;3G?5m+C{7$dHSaif<P5`+H_0FhAw{8;wDl8p2@zQjC}Ups9NfdP
zk!h@MR@D%1XX{y)zfi%WqpeJVPm$?tO9IamN-1d)oPpRKXTeoyyH|Dw?N-{X)S@ZM
z8OG}q(9x15Ky5}7SPu63o31!iR=kl-5_oMN85wceKk}Ew$R=yb0?V?KU5`1HiwKIe
zK0-F8V(NIaF(c6K6b(|1%|GTD{Zi)q`&*Gk-#6Q)^O8VDm<9FT<gM7<2<W1q$W~at
z9RNUs%0hbw9iJfcfN+0H)VioytiNz!mX2}q7&w0q&dXV~YCN9*?IpmDO^-LXK-LiY
zFsRE;rR{N@*Y)E|PI;@=-?lw_O}n$-s4;qt^)-F_TK>i_NwJtSND5V=yD`2!EpUGn
zzxcI1iktW`e^M}eX7)IAMQpUDQk%Txbd7nv&oB2Bu>}oo5TMrDq}!RTzj(ZTCGeiP
z&bdxZNjJ;ry1mI~r7N#+WBya^C)QrUl~dgx{LK%?Y1Lm%k6nLo&!&tCpldF*hy<to
z(WZ`+;Qz7&@JFWq%SgZ<QT{Kj>LMb<mh`5GkS(ejEtRD42^IObY!h{UNpx-`m3Grq
z1*8;;ZUuAMH=KDhGMU~{or!Mw_0I%DoIzyYUB)6tzsH8K>W%72(l}W2UuiD$;-yUF
zn2OY2UB`2di@;GI9scq%@NRHtk{J9d9Rk>0-(gdtx4V7CJ!<8kDm1cRO7GB}?8gc7
zwh?fNl;G52vEH8VauyP(S)Cp>iR&mDI3*i5rO>_}<lOITQ@EDO6nxH?;u#9X(4HCv
z2aw*9gb*epmG23-j7%Pwwjnuv+@0BWT6*Fg&b`un-9ffh^eZi8_$^5@9m;SSZ_LwH
z<*cQ-`VNd1l>=eB?@53eEEHi-fIX|{?$!iMV8E$u=kMy6-SKJ2KIbxqX~U%}mEH8V
zR6U(Iv?G;eN;dqs9uWFlI~T{QBS(SVieFv`!!p`U>E%unr#aH<uD)8H>h%;Xd`&PU
z9{qmW@R%d+hKYqD%HV0IP8?zjw|a2TBgV`q+$d`Bva5N+;s>f|v{9+O;#jP09=K-p
zD828w`D?G}b#wmH;?&$;+HVmFm%0|_w7I4TcAJ9tpWQuLxXZb3c6JSaX8ci&|EDrb
z(pYU#kp90dJ|O*nsmP}hR~A3=Eh);txfPq*O23=&ct71;+i=@`ksWF(!yq^<D^UCr
zKz#X^bZ@|r5~Umy+cIt#3GvX86O+vv{^@5?r!4+&895PjN4@lHQpF8YUAMEyNzJaT
z75Se3SYaV0xm4lmQN13Gb6mx&_W@r7+Lz$Ycb1s`MEh6~A$VX+N_hs~?h?AXfNdoe
zNOvkt+RA`D>$LVD1^2ppenpu%JvNxU#3>6z#-MAL$heZ3yb~rPtm=y$!G}lYzUb=~
zRnMqrm#YE}%T@dWyV+7qk66dqD(N|1i!8PbR|Csw_a~RI<KnG|Gv(V#SY<c`<Z~~*
zt#A~Elq+InX?OS%b^bc;IeLh$mtH-xiE;b986pk(9s@#S45Rz;_5OUe*dnC&aju{U
z@pL#hNBeSlY}T<!OoRg_O0#`i_R`*kYKMX6UM=pjA5>@dFfGfJiy{$nzjx5!@~P)(
zZ%pFbWABg44zs`?FDJF%wc#v%FhG*@KT%O3|7d(m?El&hL*^b0RU{@S`SGQ=&cE&6
z`VHj_NwQ;%R>cx;ZmXu_`a(6DvwU0NEwm@}v)}G*NZ<Dxm*bk9%lx&_>8U+cve!`<
z#0qbl@lbhDS=|hq+FkZOWe~x(lPp7lUm%7drInF7D0E0IDeqh^UEsxJB<;UJNsv)l
zVuldpe-v`R4Zht+o|V3`IeKK18fv^lv2X&A?0rly<GP)@7GGJlhoe(BYiXT(`f<X8
zIzCr5;u0od!5AE2tYl#pAuo?>=3+lXF2|&Nh8q4E{QcWy)7F@Ka7g_RwIu-PFFd?>
zMlLqDzYOYmjNejOnDe%VIf6H8ussM9?V+FPfl*i_5Z)wgAc-<4Mu7AeZc`f^uN5>P
zpcFx?10eZXd3wstZS1x=vpgHT<6bE?Gwt(y`*LdTV$iK$p{!Mvsc9>lsN$HAL1G)m
zX(aTx=Dt?<@>zB7{rl5T^u0nCPrt|sh=_Dw!_fd%Als;<bO4UWiqou~Tb+;jkA>H}
zxvwbj5&<CDfZtY@uRp(Y34iF_fB@rpQ7=1o*Cq}>yP4O|xjegvoK~e=m`_ekflvG8
zJ;UNWI#{JKjDP9Xl<SSIcHq0}D;6j-34kZul`2Ep=Q7(c-oG_A>AA~g;qKeqbo{;g
z`>+Esv-Et8Dh~#Y15XN;SMKIQranky80`ZjWr!g%QEhFN9((Rs0NAmf7u;3eh6!BQ
zQf*MrapugTCD^KC_tNpE>f~ex@oQ@ZS`lHb7N*Sn^YR}(pKi*22{d?IPG>FFyz~Kr
z_p$DT7bmk}6>aRUuo@Qa%&hii6K5E#hC@Xq%gGJ40jg0|eQ&Uj+SMtjPR*cIZn+>#
zT*I`v(7wr37FU_9m|r$8ll~KKp;Lu&H-`0EWp|&_BwkN8wDIH&ZzcO5-K=R#-BHn@
zoLpry8?|M1LRDDb3%_ICb%-WrHb~tDLsKy$hl_~5hTO`f7PCoS`s7J6;EqcMF_oxg
z?&Zc+NV8UBqI^Y-uR<%EWbO}K`Uq5=A=%^=ct?a!evlSkdL}n()ixH(2JJmR4fke=
z+SQuT;HK@lg(_U4B`~LozMGhPgXju8u)#qv*;;{EY~hrV_5G+f7gN15XMXZ|xY^*I
zEA*Y=>y*e9KYSPUvw9y+{<EptBpx7lg^?@?b%u1xEY=_?lUxn~7Y2?ioUC>PGE<-s
zkMGI^RL#ni$BS<*Z!rRpz7Y_zH?A)R$CLj&Bf2otcO9~CQlwl5*Tf9ZxW+qE=EB)o
z%W3Q_>-Ce{h1JROIdxG~+4IpswS0=@)a8^Dtxm#xj`JI=tqRno%K5|kf@J)v#Mmeb
z>Ur^G&b;|Jj;i>PtisFKu5Q&Uf{WCs8S+kCsK_0mtP5(R!U<qTE<qb>R`tw0RmJR9
z9sXqM7+~6DqHSf;ge)I8GY?NdMVK;enN>YJk5gUEK3iDT+NdgRN!#9@MIiwuyFtQ5
zPQfeFYR$z}yNJ#@0IR?ejs$68sATJJYB8#}t4BrEa8+z#B&SF6&u3>wDCdt(Itxyd
zV{?|<4=!d$HKjMP<8UNWv-43?X$jD%$bsIFm9Z|dQ1LI9X>Sl^s8v^T)=x)`t_sf^
zt19bek;BF*GKELgW000ctUz`u>9y#YvJl56?R20vo?2E_0m<kP7l)%|qZ7D>X)(XR
z*4ci9AKc7Wp*E>D3f3Ivl&`>WtC7JLw5rfu9(G;MrvYy;>X2IZv%+mxt2c$gBYCz{
z)C$^eg89Vglx3T+%vSCE4O}Cbjyj)e$oF2aU%ehXe$bx?{2lq7)5{9bWY3o@Pr80R
zoAmsy?n(B~`ja$kWan;o!*`=RK7+-4Dy<7N?8+f2xI$S>;hIy$J;S}-*d;<eT`ZwD
zi{$|$T`Xhj*S51YQ<~aFmCURiJE5ZeA1&oPq8zHsq*E$j<4QUl3GxYVrPCBK*k~6F
z!dYFK|Dtq|sWOuvF_DT`vuwg&7RESlGIQbP*vWmFT#`zGYA%>|P*~gM7`&&auj_L)
z`h-sztVOEsYZOi<TpJg3OYqdOqB!3kGc_3S#SW#jD0ZydYymMd-QCw#z^>C+r@$nk
z<T5lyqK+r1K6a_nhFR&~yzrC=D78L7TnMdu=5=~D!p0Dzc`@c(Q`WH*BBZFBMCSxF
zoH#WGW$yaUON9;M{9l$nYWTq+Zzt4aoDF4{8yagbyQBM_Ylgpnp_*L0XJ@6H8Hzb~
z2zRqIG({b<Nk<0-jF#)s+$)o0_%Fm8sWYjwkRp{CoOBHo1gi4k&;Jx)Nx@TU6SDJm
zkM}TlL+9<%(7QKa4qmUa=CMWRs0k@vvP@IP1iD7{69f~pqU_@ghr1*K2S0?%n<Wvp
zB?b$6(EwP0Id87IuS$zhf=vh{1{QA>xKm>FiUgf-MBWc+T4by2SJM!Ptp>G%C~YX<
zx}WIWR(tB(1-q7Y4O9H&iMAS=qP*^S@$s3$87|QLXs=1Ju<!d-7>mjSAV=v;&AFQ$
z(UqQtWdRAZhIBhds5oqCO*W1)+uXAsyd={E`3kx##4dq{jpb5p(4u!ge$=*?kVA`f
zFW$D*I7dr`lgI#JGU>6IS~~Gs9JQ&1r>}+%e4pl99<$yKX+;`}RvDm~@Zq%A`_c0#
zt{fGURi?k;%^!Z)G)ljmS&GJC3r@CCUTSjKO4Hgr3?mO2YD%olJ2@+fvPyf$kSX0L
zSZLntW9}7o?YZxfsz-O%cN!SvxGz=vd@!JwEL7AU81aR`E>fPkTm5+Dtc~&`J8aOb
zxjG}ap+a&$|L&L^!bB{6%^1AVUiq^XJ~=BwvkWL6DBkjQgVJmaai~+?^$3NLDj1N9
z9#KFZAcZn7Vydo4o7q^`M4dfjIHCUD^@$amS{&*7%VhhVN3`fGu9xC(Jm6A@(jKhR
zHm~9tDyNSd6VE>udGNg~1=f^gX-Do2>r>`W#<rI0(?Zzqg5zW<Z8^4TCd(6Kt|upj
zt~Go-N&RGl3F5DqgQA}-8P1g72qSfnEWKY$AMEXSu;U4ueoKF+10rW?E=F;26%V1*
zbxzqb{<1%QTrBK7`E*LBY4p`C86n2`8K}cVOyY%s%OL*&T|6_kJ{GaVJwm*V8FRDx
zt!hkZN@TEI%%!?*hG4*$`yxeCp4!QrV{AXyn$Yy7S0dIa017B1d*bTf6FjDo;4;~U
z-#B<xjiHOL{tyj-GdfEz$e(J62=cI#y9O4VCUG){gf<y@btA_*-Pz}B%#KF5aQ%GU
zE5bSq=ho-n)~Y)W>@T>hho_7dwV~QSQ$ufGtsu7~D}a9yEejHlq&Z=$ye94GHOH7_
z3V=81I$qYnZ5>pX-5*hw2SaCP!raG*6){$@Q?Rn|=YWLNO>M{PG~pekWxwQchhGyp
zmiDgm-^@yr)IXss8*eD}vODsroR$Rfq4+^#etO~$S6^M@{Q6b*&hX$ze+G{Qy`S;2
zyszGSO5e2eb<p=7)W-cm3=Koo+Wl|_c}rZF)^zs8l^ZbgT3wZbJcVj&Nq!zoWq4If
zhgP<)5z#VLKZ<}&rsKUy`zku|<Ta%Vh$^ynBlZz8tTjp>RD}RmT4w;<Un$XvGqyq+
zwQ-|Yuz0lw4ls-p0kT(`f$>gt_s@_wDPO3_2MjrbN;JY_r7%+6+%=#+s2{xL`3$n@
zJQ9||F;+&tL^jO=3?rUf!d*JZUjxChC@q8766xrZK5Dk}oF&1d!t<c;xDpu2`4Z$?
z5xek=r_69TWvWVCV7_>r^9j<1pn7<txZu}G_o~hJ(r-8G`kF^id6TUfS|c_!Z{A`k
z0=;(EUoPfcpBG<Ma~mEO8`8_iV}&#DbB&g*=p#bkEdJi1+w+Akg&T{=B-Npdy}!k{
z8vwKQ$TJC|2**=0VueqBwPC3ckIQPau99`&ouXCjUE@eEg@2pBsB<<w%yvKiz6O7i
z2sBy<X8qw!Z^h+9sdith8<YTSPA!Y>g^OZ_8J@GXTj#xw3yic?Y}$5+KXB(&otoWI
zh15HkMF>B+&*bz*?NI7P5g&!ELjzxQYvrH~H+5u^0*Nw&Z%tUj#+MG&AIf&;w9W_i
zs=qmXy_IEodSnVZFTi|-=KuVc_&`2nj_SO3Uq9T)(6}SN-7O$)09a<eKACQ54!V)e
z+hy{+zq8D*5peZr=uFzttg<ErXybNHcWQP!pdU0$J$`Z1V|!0eWUlCmixmN8k2BNp
zSPz9x?cR;~*w^l^Kx7h=?N5qRbzY^6h8NXCtvY*1K}Fc`{r;9)t2?Y-8RD@x`xI1F
z3?aLy`azVef;Ib#-mrVI#Z&_#GY>;i=TD4;0ndsGt1p&x%}rQ3jozmIG8EV6;=DL_
z<~bohOuJ35CAKSyBkpG2kT`G{RV1^Tr*Z1qmh8ck9TONT(=qTGs_;|o_q*}#21V1b
z^=35>G5>Pz5~UMf@tw+o3cH9aQVZe;5Z&7Gz9W-|_-q{(eaXAUuM0v)v~N40I`|jq
ziU>_VS`%?5^1kFhWyi+R50dM=)YddZ?X$f~CyS`f-hC3$J_%H`uKXxKyA)7-d=|zl
zzrE_|mv2y=FoE$jqqR7_CFLL<_1@ibEKpgTVZH^hU?d0Oa)3>4^zk<+67Us12Je<1
zcwG&cXpD348K6W5d~@OpCdo~wk4Z@n3y+!WjUAeupW#)Z(WPE-F!tmNrJC_o3$Q<p
z*^QBgRX(;2SdFa{khY(5?x5A4eJ$$bBP-$2Gut^n8*p@})9%1w^JBtdcAcG|42Y(r
zQ#A`A7{hguY`>oG#(BXsX<5lD@g^OV^a`BiQO|!;Pjj(>aeBx|Dyutip3R~!BR)+Y
zbc{Uh1?wMa&{P{tm0(>`oWeOjN7S{LER!c3;9GQ-@d3*VNLd8W0TqE(L9}hfiob7B
ze|fE-5pwitKeT?WW6(1S^V4owQ6K0?xU;~#TI5d#2A~8^qg<hu2ZmdqpM=_S(xffE
zt>kfO9H8_`o~Yg|H(wMy<5?jar!OJCpC}7vSF8atZM-hMXMP0}82La#tZWsW{f5xZ
z&w^q8lJ)8}N>=&1-p2HV!e!-ziZfW%X3GkDW?pOxW!H&?ROu4>i&44KoD04iwqrHj
zm2T87-gY4`zEKK^|JJ-07sfa4>y18^%HlLKsOuYAI&+m6Lpx)VA7NW(9s0&YvE!$T
zBLoA&>4OL&L$ckE%)w&#m?}9Te9q=%IiQk-{s6Vc+DTvvv&@zVaI~HbM|Nq14@*^k
zl^0v;Rm!yuxG=u%M#_w;x!AZJ&SYelt*Nr;koDGgNg1@|#L^JOx9tkcCLXDdR_OJ9
zVW1fU`qbL*%B+M-ZkiKjCQ&c7l)N~O)nDKG1@2q}4_lQt8r-n#QeOdGZ<4!>%<oK)
zJKwSitDm0kCUF(cz*AYln?Wjv(dh5ep@Sa5Zxo*+UFa9!2)6u+5H^?Ro-;X2mfkk~
zU@DqqSqf*(e3%<%gz4Metg>Q~G&%~ufjGTY#}_prr?2BYc^F*?N79g-Xi1rQiTYF<
zAFV4kCziz<`Y``XvyW+$cW=k2AE7#d_Q!57s%7-C>(IEPPhCTmt!j)!q3l?}M8na?
zTNN`^E-3vUm7^pnM{ThEkKwpj%yCL1ZY$a(KVhPHjPeS^HGxIKcAD4Ssrnyu^wejF
zTz0$3`=;hojpCIG6$l1o*5OT3q&_({4U(^!H!nzP%HmOM2o~?~IT(WmOP3?2<yS71
z;db9^pUcpN1cJPNyzd%YVjQhd;h}*gE_{1zFaDIG5XYB(AuCV4iGQ{tVIcij^R8xj
zIn8W$F)`At*}*Ajlz<nvKehhS928qg+6L9xLG%<!v8r@8$j+4@tr?!Tw{LF!ox=cu
z0001BR2b6z1IQRK4C!N7qNtFdu-g9t+o&)S66LDAa0X-sFwAuw>7jtakS_8*D~3Pb
ze+M88B^QN(<WKS+$Ns<P|BpBo3_=17L!!$?W&xwZ04NMpVdNah2oli2z_34*Auklh
zJO*S6GXCFz+DW@oC5uD18UPIY|Kw>S%c3y+2N6gV0F*oiU>E=xo~MGs0Qe8k4*NGF
zGD}tdq@XbTA)EyAhY!doRhaT0y8d4PL16*^K@WladC`Bp@xP0s*hPgQQ~nD8!~Qcu
zg$$v9U=R#@+b{qM0}2D+|A+sD14#D%FFF5f@}D|}{EsGw^6wf%vRzr_5A&5lVgD}-
zD6F=~EEog@6wUykcC`Of_4Y_)z%amn!k<b;VL&>60P?3U{|#g%{~7wfK6$01zCN-A
z{tN!2bs*_O$)yUf3a|RF>3^vHU*Ugb0%MjOwezCE_9WUc3d8?P!+*hm?yO((U!wmG
zB9{;UydD6B!Ks8~RDi#^$@aG+(T_OB>&5=R373B2CK~>ohmH3>52U`CE$$&r(|z@K
zIFPxU7yGoFc=y^}+=BD<{3<%%y5hcU_O2Xln3iv&Bbz9LjDh#UKm4WM_EkUZa!>UA
zWo|_Oir6OtE!!gO&RGB9@Fbx`nl_Ct<)AwZQlk5nSTrac^vX+ai96kVc;{jGc)As;
zJ*D3}nJt|sq069eE9o|mv5(e?#^YxRyvF(VIT!_33Zc1;D$n1`b;_(QD+@uxG<>Gx
z>J^%GA*Rn%k?)KI#9$r{1Ve05q|+d53G{Tf1B<geV`SV8E`?`Lowjua{nhc%I<fAr
zXuah<PpY!AvJS4x;b@+uO&A8=F73p)<8d3n#6+SHZkO|dT?fFhYDpPw&+l6deOeb!
zxii3LO<rp6VjIa{B?0H5yZidzFw(J22%S$=V9JcBd6v3HTOp>lYyLql`YqwTuij-e
z@@MM$>n1q8D&Yz4t-y?Bl?3`Crsn)`N_X4mhfd99No^YOdMVC5_ho2fw27RaE9SdP
zE*?_5ds(yL9Q0p&g>PAQ^naqjjg3pttadR+yU#xnn3thpkrAf)zSl=zN2igB=TqXS
zOWw31n;nU{H*MT~eoUsdsimHAKhr<=!ka%PmseYh(sNl-3L6%?b06{#Q2>fHxU|%h
zD3l({8WfndRvQii&FRU_?eRN?@=L{%mSkiQ_~Do!PD0#w4ESD+QkXu0G7c^UZ4vkQ
z5bgSQXZ*x|FqXX5qa*mS+H>g^7Z-#0(*BD^#3w(qb&S_I)V;CV&lm!pimVTK*8`AJ
zi7e_6nb>}T!Wi3qg(n?Bg=~cW>df>pe{}rLMu{y!<2RWr%wg0FzvU2O6s=+sif|oF
zclVUTEXD8Bjf?AYG^aDQIf2$UAF92!o|u=PH5^ONf}%iZ=?FT<Pk^~_2Dw{8$;Ez(
zvb9@l)Ag3^t_F~cMwUn3Q&<)=aOmvQWaccdk<l@R;m`@)W_Rxc-fJt|lpAV(`&}H=
zPX<5?+HQTf8_(ctllT3H!9AgV5FP>_7VmxF!G|6R)-<lAXWsT@o2XiOOmkiyPyD!{
z!_BXHa_PkNW~GWAahzu|Xc6NihH9!dQT2rN7VsNfdT68khaSdI#r{%=9}mX-_FWg$
zlEx>a{D66k?_;#nNH8>XXUP1{(64;sli)W)@ycLFQ9*wGpw$4)x7hI}K}uO$@s2HM
zv!pxzzm@tEC_TiJ@%ni)mV1YdrJ+@y8OKI&80cr0#U*LAr$Up_#OVe2YTBg|-}})U
zxOb}LgE^|gs=tvKQuahjSHa$%HGN{7@;8=H6MoQhs1w6~2q4DXWNMgmKJZaU!j*JD
z`{E<4b3x(L$uA8s>^T9@6uXRm2=m2`IR`?;c;d5fzAGw0_55cZwj__x$pUFbn4_f7
zUTgY%fty3qFV7xEt%8J;Vr|MKHn5C(chvX)xr|f&>AQ67VmQ7g<4HK-wRG(761nFR
zxm$>4S2fW=i5!^dr*6&nFVY{Jfq#)<K}+NsBj_`+LeGf)sr$$MS|V2q<PRr2myR7l
zrTv40K%VHwJYy!-doa;OIKdIoMTy*EI02aGyDrxIOe{N8WN9Q8WKuQJFI}v^AIZpJ
zc0!rc=5!32iTK}u=n8<p|B1>#)Q|cPsp%@RqQiawfFlh2IJ9(Y{|o@GceppNbl`9`
z;a)joNPfp6iu>AM1IGfRlFJZtgrVpXf#l1iWxxQMfO8o#J{5E=X+5pH3LPT|I|tr!
zwcaZ>cDl>(8TEA5O)wd#1nqRK@M)(SHL<<Q5~CF(+;ySden^IctgKW^7l%b+n~Xga
zY3CgPM#^HGC{zV7xt{sklfro1dK&9iKJ91*vQmh4Ex0UB3q*67DIS-gB2*)>+xKSZ
zi|w1+P<E>VPDsO{SxQXu^x5@nZ)7PcW+@|b2PX%QU(*?U)WD^OEecTF_Zt7Q=kCOG
zoBR23XtqK0)Kqlr9jyR{$?k4|qF?7#=R>sI_S=WrGBV#arM_0W)h!p(04_~HN*`hJ
zD%1#S=-xfcdhCF^`vq#`8r;z3YF}IZq!B#%4OL5|3qao%APfM|2O>(}&8BQsr4Tp3
z9sGZMna6C&S+0QL8fHkchxYFHNc+(PgK9Jk0ry6(Tf%)Op%MjaH10oxpvhY~yQe|u
z7;_+WGIw9puy;g)0E573MBey~wf|*m?{3e@^-#=YW@e?Sm$X~RJWLNKF;&{RlNWFr
zZL+gtTN_WTCxWfX9DthJA@$f*KJXkE_I5y*y~<#xTP`pS?c|yrRLkb3eS=~(0FYeD
z^vhq)V!5oNDA)9VbMq|}Ck_$27TNz=s$ExGmJ2l~6LDksXJ91kg=9iXaMD%MnN+}f
zucq<QRdm7Cx*S=0Dq6(I7J~%Iuzz{~b_nSJ6=bNX(n1Of`vB)+Ja*mXGz^&%07?~+
zvTU`EdMQQ{0EJas1*DFX25<xblrJg;Q8+$cl&e!JCSh5l!s3Z!ogw3B%YuSIK{6yn
zvML<;0BQi>x0HOv$8KVSM_G<z8Sn>iC1hNs_BCp4{NFHk?Y|OVGF&WYjH*ToC=#ug
zb)AL3u6VjR!rQspD9Uw->)jO7tIAf$M@EvhYLm&S7noJrlW1(5lWUn)g%cG@+LN`~
z6liP|OcV!96j$Tm$<<Bm!sUuW)$47^5q$Ew%QiIf3UGy1EmtjlL27k!8hznS72!sO
zwq(lnHX6mGDTV5`rdB=TR&wR`Rbe5r`~^2+O<h+vg=A;0I?B}y<Ah<YR>wMw5sKtQ
zqglPq`k6Y#%{M0UPMjv>3O2^cZVBZs)(cJ5s}u6BE{btw!fMK_+A!f|{fTl}C!x6Z
zL~3S7Bq{C5#zG3l%tSUe<jKm-wuxHC2_yAdTKr|gZ+>mUO&n+p%aRjKP%4=fv=iji
zT+6IEgvx3e+J%y}>dD;_9otDvm}qo2T!piR6w0dGWZL=I70KJ&-0;KJvnO2ntm9e@
z+Y}Vn0ld!1Z8Q|Z3CT^>@UjG<gcWqh_Vq1eVc~^VH{v!u^n|8r;WrXKUiI=?C@j=z
zZR9H3KHT1IUKyGci_}TF)(bWYWo_1V7^Ce>!<5x<%4K3*g<38f1;w)Vgk&2XP2p<c
zMCbJl{YBwgem(N)RyS)TyArh;0RYzdKW&Iw&;?@R%=6nto`LNjzU;S3u{KzTKBsS!
z0zz_6O@n*Wzr1)bP9#au45sui{$1$$cL6n2_MZYRX##&w`}IE#DT@;7F@ed|?{WwY
z!uBU<vHr~Ku8w=KEC;|o+1-wWB0(Ld`Jec1a!M(c3yIvLPmCN#{5rjHL3E`2nn4#g
z#e1EecZ+&_fo#63{v2!<{jX4@-w@XiWP<B)7W<y|NYZY$Rws-_o3C{f6tvmNWj8;f
zrvEz#snBD*r#A}I13wP>G<O*_<$M_iY@XSsg=0xiDF~9VQ2P`It*kW!KN_T(%a!~>
zGcjr<Ke+V|7EvYDZS#oxdRi}YEJMw7DaA=li5<l`9%GVwC8VT0l%($7BQe$c!Xq#!
zIQwqp8-qVCDud14-OsNc!hdNTd>KEIhEZ6th671tl&RSRafSSx_(#+3b&8?R4a*4?
zl}yzpx(EMBBq$4yL_9_}r4+x`vxZ!>LXRn3x7h!_pKiSLs>}KJM@$T1@v~oBUK>$p
zcBnG+6p`7XTN3_ZD#2D0rN)@BIqYLI`$j@`R6a`wspDH+o_3PrW%IXAyJVLg5XPy|
z`({EKbYcXvWD@+cb}c>m?Y$em`#FgsW39?nZ!M)zQmiP|5MG~*V45;WMH$plZ+uCA
zH1bpM#EoMosMm7i0xLMcC}Y&kqb<F4EdxFAy<p&N=Pe-7`u8PaVsrDVhdQ1?vL;Pj
zlmD><8P9GlP=)Bm^15U7L7js)*^naEe*^`uSp}a95~(=FscPK6a?4S>-LqK@Rf86P
zT~)u6(@&#hpgGNm+CHF7QJN0!KHMhWb%hqisRi<(wg2*Uu)zVR?C~e1NS86D)5H<D
z1h1T__qh}Y4!sHNX}WdznEUE_lqm`nI$X&KvQ?&s6LUQ^hdtDL^=*KCu|1DIw9|n|
zf`<mFHa6bBGu|`mh>fw-YUasp1LU&sst3yDCsXG^P<j>yZk}R(!VCJ#BL$>h5C8Qk
z0{rU$y5#!$Gc4il_R-a0px^8}o0&7b#sw02Y(`4RY}X2l1t;swZ8z<x$|VO(F)9Mg
z={eq1cBmdZZ5O4@nl_|kye1s@S!lNeWgqnlm5Br|DO?aK0^i+A1)s2`Yz1A;FUud#
zl7MiG(lVRfU);OaQhJ``P#y+p#gT_gV5B|c-c-gn9yVqQsPX1n?!GI9t@9-qX^?8^
zbUjTkkTPu~lPyX$cT(vqro^ecm2xe<n6T}(P(6*^oJfb>lFT|!B4uD&p{JzYT3uZU
zT8DE^Z*X(n?n0LKlRG`R_WF4@I0+=^lFP^U^GqY=7sJ(os0{E;v!r~r#J5<lok1MZ
z4hH2CR~Z&uDt?0LbiDRP90-#*E*N^75;KO~CB7!@4|sigr;*-?CN{p+l5Oab(a?{o
z#z^X2!u?86E=Le}4EQ^orodv2Ui_~HEXD;QJW|@T6@Ode%dqn(%4`~mOfSi}OD|gD
z?%FVjE@$%03j~;ew(pO=BQ)A`+&TntOTZl}e)6wt1|TTO@b!t!OMazzbngF>Dpzm3
zSdeE^r)T-n6UF060NVtQ@@ABJ_=ptpc~hY&bg!W=#GlmXV`(az@&u-VSP`29QM-Bw
z%HEGHpNg8}BnTu1A8omsoUqxjB3&SYj6^A93F8Yl+gGW$DOWF8xKT2{g3IA!x>{Ii
z0Te$!2YvhQ{(R{E^y?;|fYd#Ix2rZW-M}l{*NFcWmNHdzMN{{hf$xtm%-v<1wJ)8g
z!n91*gJ=W{be5b$_w${_*MpL;$cMVN(N;QL2jdHNaF`5VXf0yh0i8d0cTNTNJ_1m^
zV*>GqKMTo@H&e>_N!Ss=WKef{u0qeGq*D~@!Ep#C_iwc{Sk#eq&aV_yo7*(U%$=09
z6z5334{qPBgIP<W;v2qaNciT}j_bJu;185BEXzu#<J`EIhzQA&(DKLWx1ha?iNHv-
zi|VrRbP}8|7R6y)%0HhkT38B`iMXqn(9cqmB(=g~6Wb6&%w|}w@gTQsrTv9eulXRa
z_uEmyVm+?zpMp%EeiM@iRV!HBmy%mE!F8EF-O6(OGg>p@bM%jY5<W<$o>_g^XX&>6
z^f2^~h`+xb|9ys_mZZPf=AffykR1*|pw8#C#6LO6zYIy6!Bic$W<1BD#(DS4;#IZJ
zx1jE$_6AEW9hhou&B*f`SdZOMeLFfOdXcG*ZjC(9sQ~(T%#IF(<Us(xaD=)Av1HpP
zhc*)mG@~n1R%z)ZubBh&^zh5Cq!RoS{`qp$?bS7nq#|q|-bAJi+)(Vy1=`B3wKPx=
zl8;u}f}98|2g}$h&B_kS)px(HuQsiD(8L-j=Vs~KTf^SL-t9)Ux6R(<6|kIVRzTh4
zzf*N5MKm~jO)%#ajEFJ2wXY|)!V*Y=sA$|PGUA&}K(OsU>lI3=HM=Cr%1X-MEpKH6
zqS@YFaWjWsnJiU+b>d$O8p6944CjXl=Pd49>a#cJ8);=GhvtLa$ZufAe2m%&&a&5U
zDIA>xlMud)(G_cO9mF9@xX57)nWv={H5REXsv{^rip<-!zWrgsRet4@g*TlObIlq3
zHf(_Pn<~)B$d1xSKn$V`8ezSepyKHqG>)#&@QKRKk*i(Q+#ZeJS=ok#?(Bf_@{-$+
z(r&(p!H^VYBzAalYm2~?CE7LoO=Dx<J<IMD0IcK+r``|vGL~MMLD&p5=50@h<tUCm
z<1UOhG&Q{DXr?L+%cp;q00L|S)ar%n*PnXk5eVSaOUmu*F``c8VQxv}@2%HZy7sYd
z;=)kWkrf&7=%mst|I%zvF*8-sG2`iJhbupOgn}VR%Q0Kjuqn`b43)r6$;<BHo#GMf
z9VjE$7`}TZF5lf@;Vk?}Bi{;BlAwvr_d;?~LH4G$Jz86%h2@@L(oRZSu{nn__T897
z-uA?6S$mqBlZn>*3R%$(Kd|<+GIx3f%<W(7cWYk+!PJl&Cj+)TDqxD~=T*}yw3s}I
zS9X)F4L{DvlX`Mw&+@6%!b5Y;_zE?hzQn%coSYR5XrpoK1hsVNxnC-L_;l3=ZDCqz
z2&_nF69b$Qx}~pfUTx1w*Sx!S*(Leyvk)uv0rNUaLNt~u#yZMu=o>xl59~=MCMKj^
z9q4DNUtXI%>FJZlv{2qR9!j><GQ$bD)b;PKW{;2*T5GFFg56j2HOq~Ea<9^aA-<Yr
zOOf`r;IBW6#TkmaV?Ej*r_zhq|Kb@i0gY#hT$0MtM68M$2DTJVOI2dJ&tEl81`udd
zhf1Y#S|6P37jr&_3f@Lq`JCB?@StqtjFJb7O@Hl|tA0PzQ&X+pAB+aAO`;}-c8y56
z2sAdt(W!hi7r!ny6zFJA=%_NSyQz5-EVRqKWg=IDPhu^(9ba0uH`C{aRLoOJqOGc`
zts(|WM(RpYrg3X6cLT#zgpXj5MX5QnRVBYIf`^VH{^50ClretxuLL&=SC(zz{pXXQ
zQ5p{31C562%^nAWo9?4WR8`xI?r-_^VkXWXxl76hw&<Kf_$U?Hir_Rx%1+%U8vgDl
zrR8tv4(t{hMo1JP-zN9J9cL3fN=<??LM0I8w%I=$ZW#rdKPuo_q3h;A&2p4GoFp^+
z+F>vm?CJEzyNnDPhgx_(8zDh3d<4;%N?)z2T2_+tmi3`&>U2{tFC9@dVPHhP;wV@p
zu|aX-<JrbC!6y7iAy@p;=vHud_D!A$T0$x{-P+=IqQ<)bhfmzwbhR()ozKS`DnV*O
zeEw6<=P$-QqVOp9gEh&H94?pw!B?#tdL8H>kS}Pi^RV#g=eX@eg)s5`&?|C#Y>dt1
z=O28=ieEw(&C=>H6(0(87h#@7V?jmCYpo8@QCLTjo`l3lA9r%2{MILj5B4|1X{|V1
zk!Cd3Oj~M*kW0fNt*6OAU2f)3$Zz^#yC&{~<y+?z)O!IMMXZx_`{zqnqc$hrbedqF
zPp-Y80ioH%m*-_3G<k}KDfEWZVv)_}Ul&jL3Z_&U1-bKG(-ze-3n-}4VAS!_(K}`=
zHXcAM{|N_d<-*qMj#@%%D`Q43arG_k0Rb2t6eT{X{$eu6b{fOR?afk_1WrBk`%ZLi
z{3p5cY*`!o8usAc#h)^@{VPrs7bjEAB-fJ#^D7OxIFn1;-|aZ+ba0F89I(wjFk)Gf
zMI#!2MJKgpe@|7o_1;%=7NESRwwqo^4Q@O*0;kD<U>Y1GK`)%v7^TBF*g~QWc0sG3
z?O#6l^+nEpYEKKyVj7{X92CfMmGdoa|I}%hF_+`IYs4u~1F>gp2_V4Pyy9WD>+<}W
zRo}~TY+>&fJrz^xSj*UYBK@m)r}!s#oeSEvmlEja=6La@p)Vlb{vUcHM_*7R>mwKw
z)^bxO+Bd7n5>RWF%8Wo|YAn^8@-L#wPAnv>tJWzH<VNcwm@*Y8gRD@5kN!Gs*7m}l
zlnDegDL_D7g{N<9v%gOWD<ehzIcNfuifFA0{)nAh&aJq3sK`Q-po(0GO=dDmBuOPn
zRMSEfiMY!#BL|PxV2O$Z`a_cR?4(E%Rm9mgvTJ$$>0OMlMJW;Rm;ACEr0p_~?3<BU
zF_ss9$OH@oOHoFSD$Mxpn+)@1%Faq0%Aj;*Z)Fg_T5<=x1C(Ln?(2SH4Ld^K37fcr
ziNGh|e{jN7z>A=Jd{*R;rMDBP4awwgVLn3^I|pshjBbS-<>md0MpxLkJt%9zaMp09
zT^I5>EXaq6f?$d}Zw)${1=kOY5mX+tv?``)dCW-h8s0_>-!}AlV=yggU3lc0I24@x
zXA*n<SMY9;yWza?Fp(|in$&P_UXBa322-A2wu=Crz)tT(k6vB`LxO2J@=X)Hm1+Ns
zqW}HksI5qDH$k$Tid7j@#F8;(K=oQ|T94qPQJeJUM$TgA<-FhBLPyaOrdOxWYsZ~g
zsZG)CwvB>X(Jc?DYr77iIJ|yk4^Y$ujXRPzd}NG_q|s8n0vIQz2*gaU`FRsAhM-&B
zHl-AKmfg)E)z$X&NrLb*L@oVKEvIf=9c+dYFyRzm<&BxcWdlLV!l3ZIj}~S-Cok^u
z4b$f71jKyYjMu9IMIU?%Uejez(C-jmAQXEYh1_j3L|<^ohcn0~p-Ku;2xz{)ozJYA
z6+gcVf&$!$FhhKVceVdGe%rV8xigE$T={yA4rgJ3CaOPi$yzpEG=q)P*scI)DXi5*
z8v;u10KpieOvAx;f>&nu?doPfd4t^Uuh`N<8Q<7`Jq%`4%pCDRy==XCDb!4;?g*y8
ziuv9U-M)pC$;y=Fr0%!e&1#6<-IMPdJ<Zl`q{I^4?M%vwK2|JEZS-1fLSyr3Fz-i1
zl_|Z^8qD-^=JCLYH5i@g&j&lR*V8>skC*%)eOb`m)AO$6_(wZ=?E;Dq(VLyGeTI6s
zcUXycO8G#af)&L&tP-CFjThXK+^C2_!vl)&2@(ydlvTXJ1_~yGo@=yco>cRom~FXg
zRBRg*SCXz0(>!hlhQCf3j4PiVf2Gl_OpKErm$9?;sdz&|%%t0QYc}uoJL_ti1~U_z
zJR9XK`JK(ctLx$dA1p*JsAWA}sv0sO=YQhR_Q6(J1mh?0;n|_x?#>quhhhJ#T|$`o
z+4{GJcda;CO<}UOf4FE#@8@4{T}8e3+Wx0*<`3U~L}<V&4e1B%vl9*TTM7j0eK72&
z)**98FlanIzR&RHC_ihb9ob#xZJKN;dC>gV@A1S1y?y=bV`Vy<s@<$G?4CPlYmoC2
zmI=_#&IWRG0!$9s^)o6mY+<g*>7*J=84uYFAr;7blz_+vp7rj=_J6c<B&YxPi?i*h
zsOn3)998^qev<5R5??zv7DTEY{cM_xNey2x%3(U_{&45BIo*!tl1CHV>cl~umc4$A
zUqA7u7pC_VHDAB`^ASUlSk;ifRe0Ply}=9)zwdjL8WyZpn>_{e({TJg7z8OCj$qP9
z?m+V%OS_+*X4^6s2V<O1*C)Yf=e<R@UiX*qC8dSPl1IkUg}l)zgLS5MVu~YvB@hf7
zN%^01YbjLNDO5;CFr{PSEpA+?ap7@Mc~fY<HNWXyssMB}K(=dd_SpPIi=199jPuC{
z`-E(D>YU8c2#=In>9Y4j6st#_hGDwvNm1mYd3fVXs+_sE#8be{gbSggJ?q@Uue<&y
zWQj9}wzA<|8n1X1E#Pmua^*B*oL-ydlrKEp#~^hX!|jUJ>2sZ8(Aa%h#TiIcRWNQ_
z<Y(34CsU(L*vz!yof&S?cq9;+8cMfCzMD&$%PnpwdIxUBS4p!Svz@iV@2`U_An~`U
zy-(ol9Vahd_*KJSUY}~+adKQCoR+03ubXM*%t$@om}9U$G1;2nCaq|#&WhP~QkSRO
zYQ{X)!#Uii)K6>>4a2)##`diSEbe$^LrP9^a>2{0h~r2!9BE#z%RIoLGvg4jWi*~O
zM!fcEgKVQ)dVZ;<tf!5xMB13C<_IGb3so+pXWt{2g4F??w^%3#S2w@Hpi7;a=t<sr
zgxn{08ye9W84)Hd-_v0V&&OY-?bCD1yy|ZyP_UJ2CZ^tym=j2-)|OS|Bw_fXLdM-w
ziC5#<8)i{#NWIVHidym&FvML^J7S5{6EIv?0*J#%peR8n+RtaP7iIaxn5Q5Wc%oJr
zUlN^Aivx(nn62cIJ_7TZEUdX^8M0cRYlbNiMc>x(e&g=WTiLy{ZM5(;6hS>V(3L9Z
z#RB>1Qe{)@l%bH9eGm4dyfp@yRXeFml*KR$GM8IYDbv$Qr=a3(39;wb_P%mif3Yj>
zh}rEMAtar3<(1iH!!sOAoVh2R{%q4KvH2=cO;YE$)WR)yfVpjQj7K0%tml>YU?`68
zs@tR5Io6)_lJk%Ij~GIsa!>@+H_b?FzVnS&Wv++k1rI!$?E93s3%Lqn%&}MlCHT3T
zSMuGhM<u3<x`fD}2J-A+kzQl#Uy(RlUyR;K@IP=3`19XQJ`?P|Ww#K^*<~}9Mcs30
z_EZyyCq0nH1N2h@_A$bU(87QyL<IwNqW6f?wJ84vy1EuMJ&rulm>&Yp#scI6q2^Mk
zF}`qN;uWY>8*s?$W{E1l)zIHLR#?kuE}^eRCumK7PzCxhmu28sl)j_d7nxE_hX@$n
zNQ>V-ozhV1wA{<FiK!wi$$dj$dFqEyRov{WoArNKk3{5gT^Z@+6O+1o&$V8w)7_!&
zLZP-~;BLvtrb^8FW@0pS&ku%^J?r0JECavR_L(Th2vpc)eH}`5@TQQ2cWU)4<cK%K
z@wgvPEp`>|EW5Sj+w3*+bVPRaFq@58l?s@9ZG9Xf!n!9^Ub5Tso_n{J9K=WAJaY*C
z79@4ss;IcXrsEjzVaz~4ZT`ypHm)ylCEXs+iY?0|BS`y_EqfCm(?l60be6Yc_7eKH
z$DUc-vZn-(xUO#fNAVJkx=%B~Zp~^7Q<Oa>#f`(EMf`7q)^K-Mpq}xY4sXqJ7Pu(=
zuKoP-K3*IW6ukoHwXIU;l@z9^!is2wMjmuunm-v>=jk^;8H_=xVGR}aMU5&0LYh*c
zsny-JyM3^R)l4;aH>x!RG_%p!C8#ddmZsEHJ-t>pPpO`qYjTxas;2&t9A`u|D4%3x
z&%L3>sxq%ALI#oMFi(ZL#o>;-!#kGqEaDevlC@{w!C`WdeLzb=lh9m@Csml2E&HNA
zBMhxAX)-Dm*J+W3f#Fj4&vusr>3$M7YwS{jt&fAQ=EEPFZ<#OO=kjeSj?cD%=p(xb
zl8koh4vx2~UaM?5a{>!6&i6yc{7o+#FolD~*qU8-?_K7~w^%9@>C!2%bAQs2JbLh)
z9h<#9Ej2cAI%ZBR(DSQSMl5J2Aexm-M^XI`u3f-T?B$ZdmROZd8dOmdNh)fLIIv?A
zkPM7ycr2z{_(DiPPj4V#KP1~ov>{*G86#66$&m*f^Y;c*k=@L!Wc3=#xzJMDlrTVj
zDb`^4xEkX5x)gQQ`%CBymnHod#h$<dnnI*vX!<$d>31n+*@Yg$?gc6ZU9v^dGC+~{
zErC5)ZM*!%GFz7mRX_%&A*|j$B_2<rkSLke6tOS+%<!fC&eheY*;ho{Gup{!wz|_u
zT?6ea?G!3De!G6+iAhE!C&n#E%imu!gJk>~T`n3f#VP5$N4ZSr7rhnr_4iML)#IJ=
zMi*Av-o0Yym*|r8<dFl95PCkd^mDGRUIm}Jn)TNAwV-s@9yo719s|LT+bS=4@$74V
z>mSQYIFI5AkV^_JDrmC;2mmO6d0N!8O=`JnLpn6T&5pU1+46(l>CP6Ir|~!YV-)73
zqr~S>Y41RANzp2yMd7{O?r|}ZpDWLX^L@S1T3hP!bcVEF)`ecb^a7&2H#0QEjt6r|
z9N3^e9prPIB1-43D`rCjFneL1T(gZI=W)V{ZL;vxY40!UV{`4ZHX1wJ^`@mAq}aba
z5#_C`ejUuR{x&occJzF$TO?qiZW!M?hM`A4ZSAndrtg5)+bNT!Q0S$(z3JX+%nCn@
zxge#(!$n(SG^8C{@+jKzU!5c@cDdxYu+UBw)zgb>2WpxbRT<FUB&3*2niM?I3T<qI
z3T87F<S%mGIar3O3Uw6>u+Mkz`|^4u4q8}P#D+Ov);mu<J<+#G8Nhy%tbhM9(8XOb
z6(Z<HGKNDzh))yvbzr1jp&>2gdx3~>R851Fs>b-;v`h5j$nbr^cvC64gWC-arJ9(t
zzXgBF;3IBRIRxsmVi&l7k+4#DX|jeWv`M0A-21EOw_ZzKvO@cF+tPQ;n4kRNvgPbb
z+4onp@H8*P%yP`n;h^PMm(iap#nN@@8b!Up6qCov?5C7zh1<p1XWYO*zpTaC7aK85
zTE2TO^Uwivy9uaJc>({-EdJSEB^^z#-du(+@1odTN=1S&_OyZFQXYCDX|c}dv<cBB
zGgE(Sg6L!vd?L^My7Ld3<3bK@vxi;O(dJ(-KjyER7~kCn=J)KJOv;QiYe}b3F`Y0#
z&=_DWO*@&YMl5oZ_^*m2q!SaE;^@z~qgz~7iPmG*3xSQ5nl8F0o{ooddeYo7@&PZV
zb-A{nTJARVQUGusZ9ht%9vCe(vD%3XurQpCBMioj1MJlZBmsxF$*4eN*h_HN6{4D1
z>*$ZT<&A6#C4!!%n`!iLTOB@9rc9+YeBc>%V-c>RU!47+AA;h!qW@-E)c}hI+PnKq
z7lN-<v!m;J?iN2(u7&!*J99BhroyXfefE%E<$)(`Zoo0sqK)q1ZD4*!u;PvNj8L$2
zzmPn4+xPxK>I>jBpso-npocd>S5~FgL36A@7!tfmCA}veisHD?Ml?-2Uoif<CT;a3
zI~fIzN=zn$f>IXgG|-Y9rAmi!a2ls1Hc^6pf{<Q<HO0&soeXlpvcW7*(EmVTelyWw
zj2j!oexk(s@?MX!po?pHeLpb#V`p~*_W~IT9J*eS4xoB}B=$3wSfbs&p>SE(rT_I_
zQ^%>R({iB1^hX+sS44yEM8A00Is!>kDIO|5%ZvUa)cXfOjMvT(1T#l10@i}?_b*9C
zBH{op(wYELX@GX+D`=WYPQevni|9?`cm3?e)Oe4?kghf-w<I>9H~rZUgJru1${Js`
zrc4&=aCTKTy2>S-rqjAQM0mC-)=jr~eh-F~%2s1{_EEk)zAeg_LP%t@Mm`PclBu22
zy4m0RKi(3S%?YUq9It0cOpCrn`|>ihAM~m#*IQ5H6|^@{M1ms2c|c>Cqv6UAzUQ2m
zKDE(d85aCrh@lzfo5^dDGotKVFsP5HUD0A*8kfZqBSKHa!6TiAZ`X@10&uoa6)$v*
zeS{OJ&3dV1s)5~$Pm)*X8&svV+QYTdU~``FnOjou<>Y(0Oef4=6q>nYX#;43?l?#a
zZCw?1u?vou8F2`9>o0JfNp55Ne9He=@Ti+L+O#6R)GpA~Qkj+0^HaEOKp^0FwJDbm
z(KeJB0Pu&u32C3l3G>Zyk=?CcZ43C>c5X5vNu^{Ygz0Ts^Y(n!l@4#SRnOi#bgt6&
zLL>69TkK+s^We(i1IG-Peao_S-0?A}>-l3*6npHa%Id7?<mt(*EIl1zO0eBq>&Pv7
zVGWemorcc2GbR$&Pum(oN6m^-tH~=gC(~oY0Na>&aJ4k+mbD0fTc%#VFc~}VObN3*
zrgJ`%oh2EVOR#oS^{$37xJwVsm!$rBMF4+B9xy*UJA}?e1yMz;Xb-Q6^<9n==;Wth
zbDo>tKh1)+i5QDg-w$zI<k?FK-s13?rJ5JK;9ZU6YzUb>uH-m)a<8r0b-^*`0`b`Q
zTK%4VPyMnE-2A7teLcwC7AH0Jj%ftolL_Zcm#-<7&&s@;bvD;hE1JtT5}V0sXBuwY
z<d3CgjAQhjcKOq~XPGaG<N*_b<nwHDSlnk{WbxR;)HbhWHKfqL?Xjf%a=-sM>>b?q
z5tU(S&yXV2U#|jF@a8Jz#v#caN9Kyev8o;=<R1kFUB1G7-RWO6g+<-`9?U8ajr-7l
z%Qo1_goqs7hdoaEp%cg)>5M0@un^1ImW7o@=>@7hxi8URY!$6{(``2)paBdESw$OL
z5U9~CmwJ<NHrufEsmZnufC`}zS|<}n@dCd9Uc)hy&ADegug{0C5!2WeH&^cb#<KP@
z)^}B<L6-iu2<=_7pRHloJLu15OuzE*HG;;7hk^8#dW!>O&hXyhqIXA~br#S!vxokI
za?xtr*fX%>fz9RVfh>lv_tYVdUn+v8#(6!Hn5$WdAm)p&u0(DvS^~U!x3_jL7TV*M
z^wuikWzkrUzlfFy*~@!I2IlzxAHKdas;!{yHfZqzMT!=8C=P`}@e-_9uojo%4#A6C
z(ctbD+zY{q6!)Sb0ZMT%g+M9v=KbF9{<wc`a#n1ulbJK~oHKJ~?`Q9aQfe^F*WD2o
zeg;>^_s=}Bv^PEbIn8g9<4_mI^LFh_j+l%0-F(vE%#<bnaqwpkFy0Smhn$2D1G$t2
z!}Z8S!(c=WB`BvxJp1#B>e!U^;?TQZT%f>7>b87NFqNL{^{dlgQWxrAWDac7u)qsR
zsZo1l&;Gj?4qsMW1xi@+jAS|x>?*>67JJA<x)syhuM|Kg12Uy;>T~~LwBbr<G4Ta$
zaA7}Kx-I_QTY|(?qqDX`NiWeLSu6*x6opNn9S7Md>(Cbfyatg_^5~Treb6{_P1pGw
zu+3#XUjl3FhGI~>@xc(J8e<0#5)<~-3bDJVXvfZHd>|oFMd*5V<<k<6@9QNe6_gQ`
z=Q?7gTC(IViZ*ZSD97RlFkUR%Y{O)#`-KXS=~~KFcqD=I9$4cm0w08rzE5T{4@p{J
z|E#CIq*(#O0s{nNx)ef7ha;PVrLn0wPPe8^GNy1`vmG<n`(6w0Zp^GHd@E#?YJfBm
zXy%FO<EiH&PDfqo3Qt<8Do0jRa)P^s*Ut8cXHs~5n{7S{?B=x&`KwAemONP&Oc?v+
z?IhwfM*M^+ctLtDWA$>VBGAXV@N3ka(1MI5K3gQIO8l-Z{nVns)E5ysC{|hc??s5Z
zV<$sS^x0dx?Kx2%z%DY633e76oyh?AsW{TaGsa6~BEbe>;uE765Hrg)G9XYOuq2Ho
z&z`4zyglIZxTxg&-1UxyEPY&t?_jkJDFkSX%K=emFNc)iK~#8{@rl6!U(WrBdg>;5
z97l+wdp0G1-MUHSAuMNv1(`4~$$=Qy;r8M3j4YAo!bsiqmL*jYHkfy!0#B%05@I7R
zFUtp{?}3Ybu^7A?_FKuOv2U9(OR?)~Acnd9uy~T20XJ0iT-q8*7qM|XMiJ{SYD%h$
z7qN|2ONHB{cYLh}w&dxMx2V>##W#~d+&ZGGoLUpE%oLf1Y#aE@I)h^Tv@sJ}%hTt=
zqd-sJzmAT}(y~_u8>VD{Tji4R5m(VI0B;$-YvZkExz)Jm`iMyydy(9<T-STiWNa4x
zmQIOU6QZ%_uj#^nTk@lc6;K9FdSqo8tY?lVl;+p~FjqtHOHN$eHFVs<5+F!I1s)@c
zCB4Z^)eeoVW4^%0QW^yhn+JFvk4tyl*23wuF{}qZ8`ULthO%7n#xE#k3QGc`knyAv
z&s^jcpfFcGhplFioP@1uS+ukSYcK5+9&eoA2uAV0W{4`%A7GKj&YbU(eFpBSS*A7L
zhA(jRa_XjfTH1+YtG&8?e6)Kg<)$0JoqIM!o`%%4i+1cnmhG1FOZc2o8nRn?mIHu2
z?mtJDuCFnB$9!HGf1Sl8J;ouE4|Qh3w<uWP;?-fo4Sm`xGh0=71#a+cqg;hV8Jk9t
zLld)$-7}pE!6Xfc-i2SL+z2@Ax_7{!w0aO#|CZwNRhBhY*Yat>DxZUqE?=_+0R`jP
z6_~bmnYun6e|O(s*}#mBW0)*@Ad-u2C7g`$Gh{k?Y%U&0Q4S(x3OV5*C^#MJU<LXy
zy7`%QpLt32`A84x*5-f7oKCa+QvU=)j@W<tYR0#rV|=Mbsk(Um%*bPFg3bUEygIUF
zbnk7b?Wb~+F1|J`pH$9^@hYyIrg-{FQV_rcY0<+H9_|>13?|L7%TQq&BsLgVI>BIX
z30IoJx>7iHwE?&}_#L5`p~|=rhfsj@vBOS@WTnoJyVDsKjkqV2Ztr{P-7LSP0LfpZ
z0xQDWXs)$Ku|XMK>e2UDesY+<ef3Z|xR-Oyq>QkqVM_%ceUHIn^R0aR`=N3bNOiH$
zq%|yO8*;n2R=46w+_>H>d$9N3U90f8VaqpC0rhSgzdf7h4zIJ~wxXt7YU8(FDOkXU
z+lkgvU68!J)*3iCnN3WDO|cpTErMod(p^6F=L(pvcE2`y#w@rfv8UDRT_+g#$e5Wc
z-ODVZLG;ZEWz`o?mYu&VsN2;`3NJ{H@@qHk{_M^2YmN&_+|u!NbE?JkTET{3vlF1#
zliKJsh2$7LT5>}{+Kj$=Q#K+IxKmNe?sl^l@NrBSzm1n<?5V6#+iPR~VnJ<y_BS=m
zYV0^7Du6%o#(tJPY8tVOnHj%{t7TY(wQ^i9b5b#+zTM%K-P|U^`N854n|5%4r?<Yj
z{cL;(UNXHV;tSHWXQ{hT8x=E*bot|!)!FP;&gr(c*kxvWha0AFqXt;6I3Bm%lfvQI
z4bP{R39Wr~OjKb_xyM2h_EQZ&&}P476^bFOs_2ta6hr*gBQN=#AVVlb1>-mz(*h8%
z3H#jDvKdd^VD>{>1|At;oF=nO{d&>HA(<wg{Jy2|^Z2kAgO!zwG$kEPh~4|F@KAw5
z9N^brUt`+~w9U8S#P*4QK)qdF&%!q>Rqkvj-n@D<yEZx;EU*vAf*3IowS{#aEfcYC
z|HI@)$GRG(-~RD+(lAu2#VYa@9u(_4fD|_-yzYWy*>;s6dL@>YOPDupsJM85Bqnsx
zzXPR@2%PaKk=WPtsLc`3$fab^pNb;iox-g4y<W}EWjr_+M)V?{g;L-U`xDf;%F|L>
zg+ei9Mq)FbrCM_0fC!#)ymnMQAt=Tec;)-iYdhh95kDX!RQ`#-@4@{`&X1b_Z#-OH
z?Yh+I3Xba4yiJO+jx*C*cK=$9B(Ogs{f^Pk8(=XPCKqbd`Of%C2c8pJs>HaZV7RLh
zX8ismPsLn)h1aA!WeQ<v&-jxb@KV;Z5vvxfGjN4ddY)Zv5eXQ@*>4Z6qjfh^vQ;{k
zyE8E!6}UzDK%_fktx}FMm6Mf<Hw?$Re^$I5WtPho<w}(!LR({%Ee{;ae&adc0F!wj
znnW}Vt=l7nCWpY=Oc;J3OajI5-vB27E`u<jI~z-`$kdJ6${ib?Gb<t@gs*4`4&=k;
zZj)D;7R3e36cOIM71nxZUzc>j=@8y>Uu|)WV_ebEwobR|a%O3^AF~4ejacOh^BTuf
zbg0H6gBz4-a)py|Cl2PjaWOk7w#W9Wza$iVjlPp3w)0wG>-7DyC(gkOOEpn39`&O{
zQs+4S`X=V5z2uA(sysJ1YE?J%Sqv_)hTz$8TrrU3M5su5%tMcn*3Xde9eCb1SjXKV
z-;wE9g~bztQwD*rZHbf?ZXenBZKa6`UxIzt{D&e&z2gsTq`}e8{6s_|rD38|5&^#B
z&FvMG(1z}bjY(y`-GWz&d>tHw%QiHb(}>8*9zBs^`;j0jzkKS{m@NlPJf?T@Fa0z|
zUJ~Vn(M@MIa{OGFptf{rYQT4}PZJgwac=fc*c<H)C3+g5I4r2V>784v3&_|w{lyh7
zHd#JH(EEe$?C68IP5uhA37OG_<j<e1`wV%3jo3?IFw9TDV7oN}CsIw`_H6H&5lW-?
zDWmE0_xQC-c}Z<$95#UB7ho1@*-0bXb^|qVIaCsvFayA{7V*Y3a~W$SF<R_O_6*&{
zg|AX(fL#ZmKr`-@P<y!jGjNs*bE*W)!tyPw?2yerrKbb;hf!tXcF<1ediPbMnFWTP
z=KN2;{HeA;f5&3FdYVuVURAjo(32+EY@kE4gIP^TyZ_cGf9x9*XkvZsAJdd8s)_a@
zi)N$FyxtE1OvN>F#Cs0>Os<;<<8S0nYKd0LosIjxAdcv{`JB~^bhiV+eD<2&-Z+WI
zFMlyI9Ze2~d%46b_stiw!M}q$E2Fzo@=*z}L6oR(2K%J=sTncR)Y<9Fw{Oc2gBG{!
z+moC5dSog*r|ai%N!?yqpDkEkHxwLOB>Ov*23Pc4SvPOUF0u3&$Bmt*4Y$?0>{XTX
zvjGFM-*rguL%iK!(oIQ7fWyYe&Vr^!`T|lG$Gbe&g{_s349?xEy={57dCtE13<Z&`
ze%)8%BPS5csRDs}zr$%E!HmAiFQ(@bVI-$+@~zpTOcxkS>4*x1u%V+WvcNHruZT{}
z{ce#FtyvXk)UuP~>uTh<cC0sPV}LaBD@V+XEWFS5a#+RkKC7c{@m>*WAf56%hA|xG
zx*0lu7IrP`rhtzb33D>M#eI)~fM<bMEU;p4BAQcv|M+I7ETqFqC|dY4Gg`^@iZY5}
z+c3#?eFH97zm}8NRcDl&NlO{zx14u2v+rl{k*yPQn=VJsAJv^%5!mR1oid1T)IkR0
zAbP)GW^62O_N=o*{Cb?PHp#2gKNi**8tNvn@0te-tQ8e|Y1*61=zm=iu3-qb-}C8o
z)vH-`G55@C6?;7u^u?iq&c~@NQ!0va?VG^*8PF3kSeKr|Yxb;u336CyYK1)gd4ik|
z-paTW!LDM!(o5NoeBE=}Ff=&U6pj1b>W7=PzNEV%E+Kvp*C3ayv;D`843pD#KA*VG
zPa-bRq2ralm%i}8V$l@U^7IrXrFT1xU!Ca@HODX*th*Yj*$M2h4;7ZvNFg;9B2Pcc
zCK6Gi*dXp=ii&&2kGEy3ufWY9!30rYm-|lEq*OzXN5)3{<+*DG)sj4Su>!ufqxev?
zz9-%x7n@+ZlJkT-nJykAT)d1#&r+WwEuBJ#R#zY}ujl<nK*N4gXGSu;2ZFK8Wx=KM
zxdnulIF5{1X^p>}!d_)S7pSbCibY9D5iJ+SQK9^dn<Y<;gC>${OOun%Ih7JS&sE_W
zvm}|lxJ~s>V09X~Y7G~iO~<N--+m9~lh6z5&<j#V49Vl3ae9dAf56IcG-N4h!y#z{
z0aC=PmMe?l0dY+rdEr1>U`Mz%O7@xx1w!(m(vg7;hBJ70PoG4Tm6bLB^k+nW`Z~@{
zr-M)D9;?KZNoG;OswRX_u5KD|Nsj_KB?pdn0%FpO0w=1>jIJ7Ot5KpTLNFuA+1WAT
zD35HI*6w+v3)?nMcbxcoRNExm)!BJ~(j{WM^5?btS;OV}McmG6uPj&ZsVNu~SUU?g
zbYq~#$0Sd{g?o~JP!(K=qGV+c&nE{Gxo~W`xBOrpAjcUVW5Ht(HVzq&h3K$DzPqpl
z=Cie>5s$OwOGo46Aj(t<g}KqpKREiRZ6F%D?i*ul|M85H_%CLQjs7{I@J!GQqEgM$
z?86T-D~Pjk8D9Xl0L6ivKs0k<51(xy1yT-Ck_OwvQl)JB@<2z%rFc|oOl_uL<Av9L
zRNXZcuUPGHxA;nK5HNEh(GK(!Hik!o!OrnO5draaHeb#Swp5$x8iZwMIyt3rH<Kg<
zVjl4=udV>x!ng6c$nMZY4<Yu!DXxM}g9!%9S1THu@<Wbt=^-GhyXcPM765XbosE@u
zaoE}XmrTKy$A*Tey&*ObRU0&Dt^B_n543^cpv<D#1RNp2vCTHWt5xyy3k0zelZXtq
z3BM<Hnn=;K=eQ4t8W${JB~5R7Z@|QSmVB4=I9<f0A->~lOHSly)`0U4FyOxTc)*F5
zmv^bX%?9!!;N*%s37=u<2LiG83Q++f>Z@)Q@^WDNFQEp_&6}L)YN>HgV?F%sQa$7i
z_f#!MGf!wZ#D_f5t;n>-lvWI}=qZcP&%%U<tp;7gxK(b^JR5#C?;P?3K{R@>W<MrO
zObTTEgzlBMJgRV8*njvl=-?bg@Bcr9oGG8G`XMVCR&=upq@JYixb&e(A&H%6MvpGK
zg#^(xK{H)gjh~L5+&=Ux!b;z6@b7VOF-0Jz5_`Yrp*tC(xu~ldIsV^X|9@ZADCy3Q
zY9>2jkf|;<wfvs&|Car~F~CmeYR;BmI@v9oS9x~sMA7CU>^-ei_*2Vwb1i#W2WeW~
z_9M`Tvi8`x(M+RiZPXdEG3q9EY*X|97J{z9|7TMw{|xdS)2R@8KhS+D-Mdf00_8`J
z!kGJ<O8!Gy5{0O64Z~rRb!h^q&aOURSDEE)^#9ouMwOayf(?d&Tr<vWove;taLwLn
z#D1<Wlp351aeHT<Y0iLL8PV`rTK0^eyJCqN)rY@_^}yP8HKm;@Pt#$U<&CgrS7+N!
zA}?QWIOj(;AT%oJsm~mgl12Cb#vWTVFty_vT?;3d8HmQzaA3=;EERUPB-Knd_c3JW
z|FES}#x*<Oy5evbq5m9ahA9HR#0F6~WCG@wjs6dx!i~=53e8$Yhca7K3($kJ1t``T
z#~a5r>4|O?bdD>VJGwiY;4XuKFf?mubCKlqd)kK)b2+^A9KKa8+xkMT&u1N#AXIbA
zp~XQ2$%&C<M6#ARKH5sqNs&72qYRR?pfkd#q+jJ=9vRZ)Ta{?ibB3c5e0H>wPvA6&
zQ)pl#hbu77^V9QGGdmXA6%wI4&F+cN-QY7)yFHU__3QHOZZ|BX4J8o#_0lIlV#G7-
z_(l?&C0?$5-z`vS*;=&O%%^OYmyn^m@wpU(DGkN+t#7!qj3ST33IZ|cB7E3R4*cR(
zzdaJHwQ8dIOK10@lJ78l*Q-T>)6JBV)blenkKIPN`b!%IEJcvnFE`$oYSp(LqOac9
z_l-9ye_JNmP!jmF7T{OF{_|M(!?dp3$WqTJS|F4lb8Gru2bS;ACpFEx`bTr5U<n#y
zqBY^yoFLM{oN3kJ2JKtjlyWmPpM4?tdvB>w&yzQE@lYnK-md+)>viy=LPgfMyN!Ai
zUz1*ZF0vbBUe8Wpa;Faby<gWIcl~FCb1DVMyIRpH&_S1-6Kd?)+OTT_;cKke9XP8M
zDTf_w>FujHN1rF8o@@BexO~sw1j1bDgte-N=`J{2u_Ba7NR66~zvKE8$)E~ncJ#x}
z+22J6s#F4^rLTC8di+@3Ku%%-$g`|e)@zRmwWi!|ZP>EI1a%&jOY_Bes)Hry*s$@P
zG<xRVdlTvUo1+_#aKlh?E2}zhALguGV_|Bry}!h91h#j?C!&Q&kNG%m<g=XNYcy=-
zxx%srbmy(P?E1glROImQ-1TfJ)3f5k-+Ox}ve404_q~zk_s9iwR~mvX%i5ysPAKdy
zkGLG@TYxD`<0i9YA5KSQNkmZA)J}v&1nwBv<W$_BJMPH!As)4((!~ujazR)l7c}b;
zH>dlSrt6NOSX2N$<qyOkf{y`KCsq+8QY}kCfPye?v8mg2$~^qjReR{vCe?kr%bE69
z$)%YnR}Uz(xJlzYAoPpDWPg*m^0~4i#^fD?!nJ?_hsZVOSFL$D9of``P18la2(OOB
z)uwRKx3z5Ui0&irAsDwheC^|Df5gND{*1Szl?7p@%n7jqSohl8_Hew>UYpV4Nzd1q
z(;pn8+1{yZ@Sed>FZw9X&s?I6myvn$6u8BFAUudh9f-`Z(G2!F;L6w6r`=44b_5cZ
zE@&-JlxHHY11dA@?ewAG=<uID&-c&13?)qo%@w_}k`;MT0l0rQMp{gdV`bJ1xoS9l
z4@VXLIs3Vl+}%Pbj(?O6U;_~IeAWTlLwVvW>W{oeKbg0L#u&b&mXRZvd*VE-u1KN{
zEtxRc*-7WAiRl_~{XDPG$c1J3ek8npCE)q<TQh>inrj=sB0^W#al5oI(XcjC5T5pd
zK^AX*%qBn-EFe+PtW{Q((Ro4e<<F5<Gs_$)mZadFtK}CQkdKnso^dx6!wj=A$>6Jl
z-2|(6t29DRZ0|2j^YF=nYLMwtH78{)7f74#Gy?|&p!WDM1q{NCK@S~=rkxQ@%t0KX
zjMkGHUlNJQgRRf|#sQNyFWQ2hsGW*P-SZBUODDfa>yggB&<awDb-n>%C@cW-jKR1>
z6gc<;B`f@NCjjl*wx~$VRCLz7qq24F2-t-X`%I%FW32M*XBePlYZGj{cWzH!!5ixu
zL+$%E76W8xEiK3>#Rv8{q62@k5*}I_TPrp;toKYj7K^Vp9=EHouaMi*VzkVwPYFqA
z9SG$kvpTncnvke`!(rSzHT_W~AW~3sBgko_**bQ>ea~@DdNWh^w2^66y)GB(8trCh
zOp}uEmG8aQueq<{yH@RO95*6s63(KN#f^0VW<OfRy#WNzRj9MGp#Zl$*ftR=6_&RX
z&eC>sH_L-#_6$%AK&XDkH3sQ0v)ABonHik0PJxMf^V~GA+Pe^jPQ{p(#ICC^Fc=b$
z3ctm^Q~k|E34Q+@K>OOm={G9Cxci&9XV6FIFjA++s-D!tA74NiV8R=oilbz&L8opC
zDI1;I!oC9$)iWOHtnH!IP|DF5r2~M-4F0JKy_L5ro7phypJTo7@LGkbxn!T6iR8Us
z^ivcXlT@~{$}{iL%fJuq?^&*%2e0*`X(!L7=ck=#yzImFNi>j2j<%u4(a5@2JW<5z
zqmJg@jFgKADAha!gb@bcPD3JBZ{#E1Qc4{VG}1kzdZo{0{3B5Kp;4N~R3A`6PA)20
z*My@@{cK;xA!%h$Y?UVp*V`jmS`raojH}T6w?L*^IEFOzS?0cduW7-n5e}MI*>69X
zNs$(ufdXKnCXa=g1=ZJoYC*8N*=iaod;1ptEqW50<}qfm4)Tm?ql4$kpsj5t`C<pP
z**A)1t!w0yr!cvsKNf^tdjehg=313<m4myr%4Y0eP)<R6J;BHD&OR^AikB4W`ura~
z8J{eg-b?uggbkc68zq^Mh?GX3ht(MbDSsI6TIQ1w-Hz{QgLoV7|JEeHMIBU9iEZSU
z%y+K_x*QzzhMY{r=o8ah$v3_6^1^;Sc$4Jr`5GXx-N9L!QqhOEcovNPWL&?=^!_7e
z#mj(>k$!P`2!rd^FYxzr!}@OB3#k##nBMibZEtgvuKyAbo;DZHnFfszGT|N*bB!Rs
zyKeFvz*!rGwVK<PgNV$6PrnDc)ns41;G@d{@G^t*I+gl<B_4O#lM8BHwd?aFdu*E$
zm|z+#usX&$IT2C`k7W1hr>adX=D_&$UtMQ}Yu3I5PW4tn3%^tII+JCLOeuSAwibHl
zydwa$F<#3J!_=)mp6)lc;RtvKh%?SuIF?ux0$8H1I3<W9OvJ^cqpz_%X3Ho}B44_R
z@M*LZ2-rEts?a;r7NqHm`3c`BBi?rhRz_&hFJsJ46Ky+5b;f9Na`dVDJrhjM`z(*W
zck_L*Z2#)6C`NNOZiB}eRV`EMLlaCF3CPTlatWm_bG8Uznr{a#^l@8=eIx7*c1;Q%
z_`O!<vlsJOO^D=p7?xDu+(vUe6zIjY&NKVYJKGcGR5m^tK7kRz_m!p313)yv3Y_dA
zu|CrO$o$@<j;B^Qnxtk_eJQBs!dR<*pYlrgPkri#N+p-NU0<J47RO^ABtpE+h@F1y
zjPG_yHp_pVm7ak^I3Df$<+dd>mwjZ1^X~ZId{5jYN^S`@S^6;>g9tv$Fpit5=kmId
zF;+=^Wo6+J3q9SJb9I<`Vf%Nv;6A#(dx=C+b`Vdb^7q@FoH!-f=3;EF$+IziHo7AX
zkLHPK&$>k>i9%R=e6#B=mUHw&6*CoJ-Eb({sldh1OE>_U3u6e|m{rT;VOfd<<V?Hn
z)$FdChD*5co$@$4{#6z#<atkf>&jEla-|*YmNM7CKJa-2jsFTh#QaBL4P*gJ=k!8;
zT>9KX2QxdVAZ_^8JZZh6Y?$O?6E)vT=vLbix?4NDM8lGD&H!MM+Z8$&a5jqZB*q<}
zpD_(C(ot!H7}CCi4>})$ha}1qNv>h>S5a7%x~D4;<8JPv_T!-{D$RSX_x8kVh^Ynz
z?ykJ2Z?yK@8rc^%^<40`s%)dWIeGy?K}$Y#6>*U^$0eP{gBDh~`l_$q3V!j@e&<or
zO<PTE@;#3L59xcP4BG3h?AnytkMw9dO2jE)xqiRSD#DlGrnA>*vlbMMv+-x+Nn{{Y
zcKwI=w2Dh8KR1l9u1a!q;F|v_4t=d<Jl$f+4EwwIk@opYF%)O8o<JAL@^i<wRG1Hl
ze0#-Ik&TU!K{oCu6(V>kMxW|f`QdvM?D{9`3Oq2{QM6N}Sq-JG%`WLPd`&!n0S@?c
zEVc2OP9!B@2IY~1+4;(-nL|LM_owC$!k6|g2gTK}-iFuN>qmQqB$&!^cGqzm(qBq^
zGH}f;gZK~EdR{jRh`Ap#!aJTut9Pw6my`3DTORE%Fc%rse%_*oW%*fKP0aU*_7XBA
zEwD^k%nd6ZN+BKL^dr_AO|=J1rc2H{(<HyTn7Zemn!GmrC?2S}<Wy;#-y<|S-B<8M
z+PRHiSIjf|fW@_Q9M9bP*k6uL?YY+0%Hop37|MIvY*=ve9YvqWGn^kKbzFj{f4m0)
zBh%M+b8?jp{6pKr49^;7<Q}AQ+sl1X#3WZqM@xYjz;T`%#)_u`=@f98iNu?v<{v$w
z)L|u6%Gn)j5x#qL*-X(N>&z{trIc%ey_Ba^2br*VhvXKww^DaM=6$sniHchIW4bCG
zvO$_Z^-^R~r=X*6f)CfNi}1^hFTcEN4pWw!nb9W+#JsH4l^|f3@QwS~_u9U<0S&ny
zpAhRVo%`4(7~1WA*;<rR4m=5M3^?(?9K(ueJzyW|lrhq@a|SbF?0Q<Px?b_^%GOf}
zPBiE_@7hJBSJ5V++;-Wrf>n?8McN_>xO9ACj<>^t19&6Sg&X9BQDoM!D+?$e=+wCX
zY~JnXuQMWW0*QidL=eBP&y3!#>2!)OXj7v8`3-B4Ct&_dbZ-4*7uf%%mqjb14o=6G
zTyJOVWoGzNWT;@~(*UWw`J+5G<-cN5g+?W1^Kmt`Pr57(+EJfE9(e*kZSLRvHb>oh
zNPu_Aapfv{&I7%)!$##Ui{qG57_YD~`3(iGF=lSzW~>tSM%xyf4S?tGEv9L>WK5;x
zHwNf;=>ty3i)%!JkfV=hGFXXx<8Jv}Iouz#pw-&*7ccOn{=ucCxSVIsvN>g+t73=x
zC688dkVX3nS`(#=DMjA;%54AYZ|y5sl!cv~bj+f&uT-t%RI9tLGTAm-Q5}!xR#J-^
z?yLmKg#aeZqu3AihV&cQ;3&V3aW6-aYQGkC`#Sfjd#UdEF@q031)n-ibz|0vKIg%f
z6_<c{&hQxsZ`Ac0p#xqwpvLgq09<>L8*#0!Si+WnvyXd4Tt|8Sjwdm0?jwwSr~Gfl
z8$&Q-i*Yfmalm(_QLL|b3gx1I+TRy;_HkqTb<JQETxP4|$FIPEq0c|5Gwya7%5@33
znq%g1=WGx1YTZcuc+*HDUo<MOwkp(Z!xV@4m!CS%g4fGYH9Y}1^Y9ywX{O_L@JhxK
zn$nusuU5n6G~EMJpZ=4d1wLdW(N9~;Dg2!vj+8jeI&MDl_s_8kpE~qOlT11r+xeZg
z_|zJAGdPv5otzVI^DQxZ9C}vIUgT2i93v7%LcN`uANsMtY<2760d(poomisOxgK=B
z)`#`OsNdEA-=77ay`vj_g?i?1OO{`>a@l+F+oxq^VRT-|56L%7o?-i<N-TOYiqD(O
z$Ov(Ezlqk|L+3yZshs3XrS#QN1{cmZMA^3s<j|zlJ6_<&3MAkL*LJpS2&#4k7b~bb
z1fCtn)-gRJoven07*dbYN^Y7k#IoRu)@rXx%|9Vtn~a)sMQ3{!qm_f2sIbVHa<4)H
z4<UEwf%~ruu4Xn1{l79e#w3k~%gF5R&jBEA%dGAKu|7xZ_1!;XG*8Cn`}`f|4$CTV
zn-9C)1^GURzaDjK;~W@Ie51TH^R1xsr3qzOUN_5jnqZorgtv9Rs8K}7-I7r`X%T4H
z4VOD7yJ1gh2SAFw_=$+Yul#he^0!5)-ZIN+U7y>RGPk_*01Jg@EFPDID9s-KpDGES
zLpPn-W3b6kGP!u;j51Awdr0_~&*!^|9S{JZyL~;U-Dh0@+P$I%NXJ4Jx)F3wOb$jk
zke0Hu5+hB!U->eCW&jkSaShgu&;)uLiBwHI=V;9{v(1tw49}Nzfoi$m6n{uR;ccn0
zxnpE?R}7V36_=b-eIT&{v9QPdlSTCxK3)gk`vf5CJG!2ez76^NR%eP6>|XlYTWkn1
z`@IKxQc7#!xb3S{$sU27x=wA8VL5>5YWl?jvcoq}zgWzK31DDyeG3$XSJ;-jGELQ{
z)OOe+nuaY+8F2T%7Gmq65M<L+sqlFZX_Mj6&ETTo1A&LaUmM2e(i<a)T9s-LGX*4Y
z(s!2iFn<JS?CPhM!(r61nP0^=HHGTkyFVr=-0gGeI%Y(F0sCH3XSFNc&-Vj`rRU$%
zoeIJ8)(Wku^AvTjWl^mn)aBcVjTJC*k`;L&vZ+k^EuzB_*YUgMLcD)zddRzB=@-IU
z5;vdBcK#&);NHI+E$aQdGtsZ~cY=36{lRzRj0G>u46OoIP7)JMrf2X)a!^&tNzvpo
zDvyr{msoYFjS)^XsjW^`PV~wLr#!`y%-19wZ%#ZdE(e?Gm9IsTWHn~NI^TQYH3A8X
zV%<t5g)>>QkV$ijhnsEGXwIxlV_~{-c)h6+mx5}Cz$=ZE(`R-jb6f<NwI~Ii+oHF#
zPlRTNs(cwl*R95BS@3ghvO|YLa;~R?Pp6S}yARTa0w>=o%*N4KF$(fIXFsi`c$Kq7
zjcV{ym5O`%{#L;o^SgpFj|M;3a%|b2Z@l*kT&&2iDq?;Y^S4yjQ7uhhlXkqNgk5DG
z$m(-`J!}5Pw*e)}UTQuT@+PUj&8s~h5Iy;;3dM`Wlx8W--OgRRqaSxpUYgt-I-i^t
z^`duatlQB(jr6Fc;nCC3m?!!s#=XPkrD(79kgwz0mZw(lsQ>#RXtm9SqnyJD*b=3>
zx)xTZKxG|N|NakrAF->DM+zZ@DB>toKQ<h1cACvE>8~7TpTi0d6<6|HT$*#146|%s
zWY$gS+hs1PiB(VWYKhFoYu(op$M0}WqCiG3l351H*qGw@fvFiR&vW?26A~0GF-2H|
z;4by|=gIw>vcAXtvd0yB2)7BPR!nt7M`uXyzYp9`y*8F-5dg7$-w*qNpS&@&VutYs
z1Muh{U1W<nqj0d*(J8*w@3t?>74(2@DGAdYwjw|ljg<5#H61kyD>b1Cjx-I8sYn~W
z(x)=vk*J+TY^S+9W^y2&DhH5~MV=NvoXftVXmGCUfg>XG?w?@t`KBi0?RCh<%~bQ=
z<MUI+D1DpZ+-6lvE6BJ7hfX?V9zryMAI+2q`n}r$x0}X*j9dFI<vFhFFSi-x;n)FL
z9Vwlm!V#Ni_kX^P{W{=cc0`yQ&#p2$ChN;VAOEE1B=S|z+S2GWKeHL{Fsi9(Hn!V<
zJDH;m=NnB#<(zfsdfhsyQK%T{x7bB1f!3|hLXzDiLD*a=c%=YQVjg4e8r=!ocph%u
zNp2n!b@rC}fZ{a?M3-`6dE#ewiV+%C<^(0nbg~dcN5wH3ZlU-?0-h|pE$$z$#RmjF
z4b`SzxtG^bi00FE<h7;Jhpe%<q+57_I#8&WpI%7y>nTS&TXG@AVORaKrjL!s^N$-!
zZmSQWd*7sn(Rj{U*%6c?jA;oclgG%;B>Vfcu;U~!&9ahqNKe?Y_OsnQ^>OaE*w9sR
zS`K}s@=9S54vf_D$1<ls3gL2P*Rrh#e`?x2XL76JU%LGeO6O2B_%^O<BbUCErY9yQ
z!lPLkJKJ5~bNhRr4sqHZ+{q!NsvpZnuF8bgr+Oo?lLB3S6D;w^<?iCv^*rkAuULpD
zDsMlW4wHzlq}WJKp4d78`oXBgXq<dad6bY}aLRtWxz6$Va%E<{XR4gd=j-$te%1Ag
zx5BBOdv!Z@Ibx8S6jB_F57-j-64&q1hAyMQ(}j1JKc>O`jY<=_kTvC|MCZ%|l|%>f
zb+&bJ?l>+^m<ggWs{ypXbYB!0yy8PC*pi~hHOVC|)Qls@oE-okbwj!Z2V8F>AFpN#
zgOEM7E7E7M#d-OsWbSBHT1;V5c5YR-^;T!-<I3^@Tz$XLrD0;DUiu%A_;@>q-8c@=
zCY9A@K0c9eU5srEu2VW4)d;G;S{dF9{<Tqi>!_fB!OD!!L`Na}xc}zGXx{0`ep6rW
zegtg#K24SBfIEUIL@wm<!>>?Oa8pU*wA*#f!%ti#%jd&*iHVRj`|o-z-<>p8r}<OX
zg^k9QuiiV|uNC&bS%gpGGu=NtMgDSY?JAU4xk6mgxkEyuj^rJ7Qe?~;y9dBX$(@OS
zv**lkF0)HyP*xyf_gye5nG3PghZ?mVRi_t<k{k)@MKrPQ`FftB8s1SPo1MPwb2_4R
zKtvzXHq#Ta1F$jEnAL>|1?Q3_$u_~bf&sn7e+1Z}!N+~pV~iiqsqt%%&;2)bJ{qI?
zwr(l!ATpO*uf2HuFPB5oQ@Qkve%Aj$l?Sc_TVW8-q&?YGjkl}Mb0}4o5@k)C$0;Su
za)>i@gtKg6?tF1vXv&a;b5W~B<zeITG0z~bP(k@y_m&RS*tq2%SPdMRXUcsfSxkJV
z)-;UOIG}PMrMCo1Qv&>UJfc!DN{N7Up^Q@So=_72^vUp2<ko^#F}F8nsY;#WB>Yo6
zSLy%Vc5Cx%wzbSb1X+>KoTvWhu_Pjb9{6;WdHbf%&U}lcas@(xfhm`mjToiO(8H7z
zt>2U$S5uo7+uw1II5{!&4-8sV0<;Y?^kd5bC5ppO1BY5$*E!M9_Hy1k+*;T*GN3$J
z>dgyprJ8fGeNbl0f{HM-Je4g8B%;yKd-YQLmsPkrQdc6lL#REcqr(iQ`QeR;2%p1Z
z3@q*{=$GBeCfF}Q-4p3u9o--B(xY$iOn+|~Y^dd5Ks$+)#xf{0blTXim3~Jbg*b8k
zlAxaz8@WE*6K7EWG7x!Dh#r#B-ap6-NFe&%kBLODLkIy6`uj7frSkKv!Jn>xo5P~l
z17>t7zw^rNEXO@zja+RFmM!nwgTV(Xxa%P|<nC!~Y11A#yIln<WR~R%qCC)PkTz`?
zb~wI17p)RGL5Upy#f2GF@NTUdzfgyuPOr3SX;jVNDNA957&-5R#BnhthLv1EP@^ES
z_{3L^oPtY_TFTd9vU%xggGSehM&LW(@~yp@vfA}}TW<yH(L_R3Moxq5E*o^EXCX(@
zQ8kFmaOpZ&VE}rId6-L1DIfpJRJL8onrFqgq!<q%6!G$;;ge%>h(Hp#z*bUal#|rk
z&aF<U)CHm|CV!jliq(e9=i80_*K>#M*7TnXs%)aX`b7BnxamAxR4EC7%ntF;GG_s5
zYrWz*jJ~rw<D87h+W4=Lo~oy7Kqky;TwvrpTP{<IW4(ZaFHCZ0N@XwO{zcW{InRUW
zqUhp(+*<2J8^2y~{k%o><y2OHK6P_|Kp;OTu;M<1w>7b72!R&g-OTsO2QXYCGdi!4
zfB$xx{r*I9dmnq|VB=5&GGVJkKdW_=Db42|sPF!o_rKwBsMe{eEYR(rpcR0I`q%p#
zi16=^?~F$8OJdDR?n_tcX`+iZToFO=-v6P|A5uo7$1Ah<U9an^$L3-~fMSZZp@NK2
z+ki+sg=cB`B-3_gwz!TO><mYwhtrNAVbvDZZqXFx(rE>`?+u2I=N$6lJ*<*Oy-dEq
zdQwg5^X-t{4<RX}wJC2j|AgcdK%u2Vg9NZASCbo(o-&gg+$G@()Sf2PY^6Wbahi--
zm9)+SSDwPo`?f_Ja7;6NZO%}EE4_Y_&vTx!un2tFol#E}jps+HwB}~z=K3=MF;Y^P
zF=o7sp?y9pKHoK29G<D>kdfkJhbpQ8>0_DAv7~F8&RzWjJA;vDE;n}KQ%TC!ux>L;
z`<e4~!ASnDoo)y`!_#t-i&xFuPX0;HOBwVjYds~tzA@UDNEvYT-Y%dQ9rRPs`Sz7X
z;MwJG2vF43rjN5?x<wc*GTC=Y7>wTG{=Dxt5P8>$+6?CVA&sn!W1#?RhB8A<w+|iR
zfN=bgsBk*{gYc*1e%n2>WDhT^jsl>($6X+km=z!0DwKH}^j`0p=O4G>cWCKb)Yazv
z<x|l8M*oIce0*E{<0n%jlymO@`X)VD_c7#?nanlso#GM*bcHZV1G3%(ThTJb4`d||
zMB78a)nF{&SK?$tCUcsE;tuQYpVzXqedmK`F_#0`o>k#-l5;E+$vRl^ztOkM4(_yG
zIfyALis1!23UioLFiUz-a7B79Az&;N=-h@M99YX=R=Gr_zR{Du$B#^zdMaw<jFkIE
z*ogtx4(Bdzc};cdaS}ryTffI*tzn0i83nf-$zinCFndi(Zy77c5u=4NyVE|y4-ZOA
z#nL4BWt675Dh7^Q*7K)u!|=Bi!}M&y&m6G)g0SxoKz(U>8W&e&OytmC^rC-u|BvBV
zy=_LEeHK$gILNsD)py;6a2s)wzRj%bhfn>Ro6GN<5c{us?`Of62fP|er1!rgwa68K
zx;(pd6txebZpRq=Zi$@(GMDrk{DyabLtb;Hj~k6a5_$hxsmb^l+HcF4XT|sEG1pa>
z|MtvQd&k%aJa}hfkhb&zG!}T%caESlSg^%UYy&>8iC#$2RTdV_Oo%n1OgCbsNfU*D
zs4Df-E79Iy924SV;P%?<fc}}6uz#GJBeQ=k9CK_-$n>4~mf;eAeg6%kZ^$IPxhDtk
zSMn=9LGGEp@+t$S@wQAmRv-Sw-7Bl5I+)*DAcbIt!RB**FR_v+Jj)6%zZZ}vx_{y=
z!BWj7p<;G~4@Wm)kI<EvD3wOplP7}(^(bfGEV1NTO)YYBwLmm7*(Qv0bT#=gbzN}v
zG-~*!9KY#Wi#lnP&siZ%>L0FV-%MU_gzU3=cub`0f<B~-wQ?<2lZKUg#<y0EtHv*b
zRP0)n)tGhCbrpokqcCn+&i)x{KKr|mcx%4%IOA{FH}wlOi^Thm6R9kJt@!XjsXK8<
zS*ltZ+g2y!xVPz96(#v{wJ)HyE#O!G+xVWhZV3(0BgtnokV9j>=!Ov&tRu2wBFTso
zMI5q`XCb>T(}sb&k1pvgs_Ch5;^Sdz<3=5#sxHEiHCD<rYYRAq6{O9j9Ifl4!JQzy
zw7~U5;*lw&>i&8o?YI%uPYz^dUlId>F!b>fpw-Qyk>lB$RiECWZc#s^o~(LmvDm%;
zyVDU41=#yM;-zD9=nxb`A;32S@_+Faet3>JlWzviQuOfNgqZ5J`MNg%M`yZ|Mnj&B
zn2}z-ebSKDa^eop_<(#J2wR6OpP&7s!QdEt4^)Y;flMvfi|aXLr#Ux`Xz0>7k885U
zl`lA?)>Eh)EpPU0KOW!ruRU&U9=<v3he+R<%-f~wGFNcv=%Y>BR8pS@;XXwj4h{ZW
z{|7eLenATReb_p+_OMr{Ou64g@vmJ?o@-D^w{Z*bqG;`rjt=9~5}XdB-Qi}~g?^w(
z9XFT7eHu8lIU9NL`b%xf&n-_$$&B%g*lpQA=<D0cxs#|}O-=MfM`CtcB9yNUPCH(@
z$fGeaUe6KPl9R(vm1buRq!HG&&*4b3*KiQ%5Qm@7!vDOf34Gjo^E&BoRJ>KCS}CO!
z14!f%K<E16_S2jF{{7S5f59P-pMqLHQ9h7KmvU70PV}Ye8Rsrvm!>{Jd}{itNTgr;
zU~Taauq-za>h{ME!P{<&8@c7qNyuE<bzFR^RrDg|BAIPqK0^=mGUOP_kUDm~Wct?i
znxu&zYqMsF!8mSo=*Ct!P2~Cag!u}tIF=DQDjsfe$VhtWXC0^}opx@)dz1UKUYCd6
z$9tE58aRJmP9#b?q?a40O{Ox3WzyKW!}!b8@FKenbVl^Kc{SPf(0W;*7pcVmyk=2E
z`A}3Lsf0*it6`CCs?KYsqEih#fqkN8-7ekXArfWf+!Fm8NsrKfDyth2;Z1y0ddjJv
zZ?B4d2Wu%AwqMz**;7-WL%S!085%=+s1r({g&_gzm5RE){hT^WVARvfH9DoW`j$*}
zD%&_Uj?D5UJQFe6+;la^*m<3F+s`WFkTii>m%dM>A=i&C^~k@WY!5Re>YtNT!*DB1
zcz7>XpWgj@Q#AkYWq-?k6WPOyhVz6^js4P(cW-3>4p`p{jXr>CARv<lFPFmkHAv8-
z;^4z2y)fHYm85z?R1N*MhcS;MHDTCPhQm`WYAW`y-LG28AwBCy(gK(CMw-0bm0b2(
zii_J95AB&w4)qpm!U-LEz>ay2>`AIcz6nt!=Un16<MzyUXWHi8dGk*Jx7+v1H^1*x
zJ}R(36V-W^?g@qR#j%x=$+N|4gD?#59;w;Px0v|?o?adwj+riSeEHY&t26(i?(Fa8
zPX4c39(yJXarl#m8>Lj|U6VYJnxC|-!8dZ21qDZ=SYn&XL>3zYW%K%u(+VZoov4YX
zTBh9_AJZJ2j5i^Fsz5Us!};EqKYEhD!_gOJg4KiXlGT3AlD~z#wJE>4`eB$R+!#`K
z;60IH+Vj%z)=`tmk(f#}PJu>^oNK;C-)g#iLKLmfTVAHpDr~8J@9gsT?#=$yWA>`n
zZ8gX)I;EoRXAU$v=iQY{^6x)Io2bY8H}I7&jl$Ee{}BH58;`$HOZt+ec-X*Dtc!nj
zVrmKeB5nh(3~fPmCSoNK__SlrI>u#gjpP182COTmb4O$LU8sgwsp8v{pdQYQl-%@_
z>jhtnOl9BSm$$zQv+aM^o`$dEUS0@#5OS%}Duh;)!u}OmX;kVduqe_vbZ}<~;|V)k
z+vMsCC9oD_$X@BcQ2yN|{I6IA>KLc*@U$fuh3JA8{ED}{KD#4fC=Onc4YVYCy{c`P
zbykQx?rVM_v*|g5BQ(wsaCX1b*eF10o(wt9#U976jBIw6!=M@@;2~&07`K%vY<J*O
zTOqXD9jA!ImA_<XQN|h4bjhIl)RRAZZc<C*q5Aro8F|kG)qLsg)$vnwI#pFRT25K%
zRCYzvxYl8g11*kZw8cc36yyzO&$vE2K6f59Pz+PCZDOaet>(h~kV%?hk;e}eA0mpS
zRMf?6fLEugQ4l|4eWKxyxbixcIXCpjS`D7{WKnb{p(LuTQ*YK9CYfZ$US*0+Z43M4
zcWM?Gx$)(5kn0iyVx)<%S(-kE>f`J8U*f(uY)hUp_!PGYmFgKAryNR3b?lw(#6Ud?
z4;eZowYQU4!LD*!8hiVGKgAk$XY!AIPKs@1Vs5rSCG6|niaiGIbrs0h#bWG>@A-bY
zi|8=jjJ`wD8yIdjB~)g`hBd+mNn?W6*6LjsQ&w}OEX$YM0Et}cEVhT!vHlbQAO+)<
z54eo@YASE=8jZha070&>-tMV&6zB-&&&{jWLSe(6<zqez3`SSHWd*>`HK7*EBL3EV
z6x%>3E#w?HKrCh$Pd)tuhpBsj)Z%0EXN$6vCo*oF2Az9lno?&oPVj!)1rwJ$vv=~6
z+_~TA>0W;~2srhd+;9<ofAsX^Rg*~11?|o(QoXt_7iSK>Uau5<=@j1CK4KixcYm&o
zdXWgb(aJr0niDU5=DnXHV=d%L$6%<#90B8{v_K%w#%PVQEt@8ln(S2=O0BjF$fWJ>
zmyccjnlmoTGJie1dq>ys&XDxf#j$L<R4rs`oU@#`D+kTbR5R^(U@A<5cbx~$vC|{Q
z*%(ZHx^i-af9vcHlMR1xe*^3-M19O+`6wXL#O%?Lt|LxjIyON>J9W>&_uS}>1Jc}g
zuSn0m<FQ*}4-M-2{e39(^Yea<kG*s&GYMwa#g8m;H~o2I+pzgD74?Dcq+f)NOeNk2
zuXeT-w_xMs@c4~R_^6MQXW%ddh$>GrEi^S`w)occbEr8cjz}+gZQuF)TY$#5Qa=+K
z_HlfO2&M-MbGs|$!L#()5!CXq#!pf0Ne|7>^Q3pIyGjI&RrMV|OmHTQYhF!7k4L8v
z)M!KLx^jQ{6<BQV_8L4Wy0v$@hFXO=@2CH8S1Vk4x4w+YZdRny@PeetB{@k)-rd}}
zO8nC7iq)i#$Z18#P4;F#cjueO{)Xk!ENff?&2Ci!o{yq*E2%LKUL`(L?nP9lTW?sJ
z<bKj0w=Oc`U3f9^rD|V!Bx_LPS^`C~qk&?cl&@P-0BKZx?ZF8z3I@9Rw)I{j7-Rh0
z?)?BWY)MXAPMb|<0D$(l6RGf>qG5{=YKmu(URtn&ea0XMx&g<B!0>$@HqH{VH&16)
ze7;WX|0>S~vH&?Q<~crB1B-!7_@7f=b2gl9qT>YCcME#h9Qly%$-{ePKqgvq&PLAx
zE`^9TUYg$AOXK1p^^y7+pb2(jq&(eb@U7Q5xYx7&+-D=M`0daOmyW;mSy{s`XbrK0
zg0lp0lyyumPtQwhnc%vDbB=OMs-|fYfdchWDaaqTKf2GR!Q}4Feo0<Qs6>^;z*Jud
zn;09>99gayMEcjQ1h_Lr*}XsJ$pK5?WZIL!5u4Z~g6>InQ$q)D36pUrQ!M9{$%KxH
zac&rwexwTR-dz?bM{QSEwZHa51N)TZ{g*qQ{ZZb}<t;!~Fasc>9|Z3tKY4XxNj)_M
zZIFM;cwn<3Wdo?!$p-D(V73_sZNDYj7sF1V!PW;~W*bwLQt|+mNqZZJV>B!1Yk=Pl
zhSO99)6m*qXv_o6SC1TjrmeK&ED4aqkz@M6LYm+lif;>vjT23G<XZY{D9VUx@}7Vz
znVFU;w7VXxzr=ToIYZE~U8eZExFn>wx4Ah<Ni+W`%X~P03lj%+yqwED^L{zRDaGiJ
z?0Po-T4tNAa6aceaM51PcT-~jKMN_pC--%G(^wL@*&uAyzgHTHw5GaL^7<WvkDiQ-
zZ-@s@U{?hIWzGX+^uc2<Al2Hx?6y@?qTpa6>FWt@<){Z`w2xNT9oyyIXb4+-k6J}Z
zMLv_zlQ1J0o3!PK?{(0ESMp1@hnu5+KGDs;zQ21z1v(#`C(Q$UkfHVLj(KU=-rFBk
zD%p0s=*n%srOD#N{>@LVfTfY=tjVQGH9SDAMx2}I&^xgK8~rGcmgt6S{W|dk*)^~T
zy&m|k_*{N{ZptP7owHxqzA`_kF7tW0W-gnRezFNI3E=Y3!HBz*BgTcWTPJs%o>~j$
zCL$CWu7=w-6bkQ=@Z%TZ`<{mFGGb`Y<bOzPB)3g~M<V<~c*^&k4~`xs9}NWo)pPe(
zmE&w2shFZC?MahXf6Q!KyDK0=qY0MEbfY;U(E})TGKF#*8C5FRI`$@R$Ms4oahwgy
z`F1R(MV|KvJ$z<Tl7l4;b+ez2&>W0h#m)z~^@|s?ze>pBm3>Mr4cP3U^`zSA6VNn;
z;e~M%E0c0tTgS?Kx+j~PH)lU)mIKd`C>>9Oz1<Jnf&WASW!I6Mztc4Y^h;<Az7Odx
zsoR?4``i&$>bI1kLR!7OznRbZi<Z0vt$D^K9f9184I7mYee<7C{QUBv1-d|EVynm_
zd4JU1Z1S#1N@pSeRMSW5%VUwTlkn=dsb#AcC!6v~!uQ%vN((IWDc?kWpeviF^=H=;
z@Xkk2dt>+UaN@```%s*Rg>z{fwRZf!Rtt%h$LHpM1zt{HJo)>k|F875=k?6(ZD;}>
z*H=|m9F}<e#6<Yxh_+gy_K@(Wp(a~`#Lw8+R-ZARbHys*NAX1wJ}(S;1O>d6d}ZD~
z&_yj3(!-f@iEG3jVcJAUO(Eh3*ulg@)+LSBb^_N2a=2%pG}l|*221?yKIXfpdbC4C
zENmPt9MSO_HtH00>u`-Jq-sAwP{^xE?vNu2_rPf_m6BGQQs8iPLuF~1zS4#KyTwm?
zsK=E%^Yb_GhE&Bo4kzi&+5P?g#+{JU#BWbG|F9&gRyR$uozMHE*{`>9w}q%4y$<=4
zRL8Usa~w9r3)*}Gx*NKhb-Wo-fdrx!lA4}znaZ}-R+2$qX^{v}k7_kXXa1P=7Puj7
zQ~%!FUM}-y?s?=iusVv5S6M-`3RM31SOnWut}T~&RG)KM`4i6e^qh??Lv)-{k$`{)
zPghq6`0#1;zVIIHM%}-@e9&-w)F2$CJ@fzp>Qn=DzRo=P!*iNwX#*1eR>u>sS!b~t
zFHW%O0yFuCKQfst8$>uBFI@YpuiMww{-!E%?qpoFL4fmFVeq32&+q3B;Uhs8o@1iP
zP5GT{jpn=Njw*|eT$L=Es_bNrmV!Dp<lUrCQJ;1LXRmR{o+{?2tFi0XfM^KRA~S~*
z`9Z|a5T!L71>FzbnG;$nj;*;gP?IRN4DQs(w2zy+zEuikG522KctvxRZ_)}tWRBU-
z<2dT-OP^gE+H}<Y9{`^~V83dLrYT6ID3Sve6k?4SqA!1HuMqw?PFS#d`06^JRWBV^
zY*lFvIIEP(lT=;y>YZT?DDlML!DU|Fx;nCxRXHDyh1y+yI$g>%UH$E~cB<Q(?|*Nd
z?}O+NMsdy&qCqB&5ReHP{M|p=3(NGyPBZ!*9PmBf`K@z6A^4V5B#?xVg%r{GLcz4#
zYPOp)FOSJyEK<ZUY^2m*kKf<YePf>0d$NScr?tUy!A3%J>(3PMVv|s^wPJ>pc0F>R
z7tYJ|T^hv8N&tHr0J=R9da54p$@hkWOSuGYbBLU7C<Z3ulN5iZWsl4LRm=MWzOUJS
zuI83c59;_52}uG4&Rm1`+Pr)1pUwGOw)0=R*WR^GI;2iuQGB|$-op~kFldIbbprz-
zs%I@PWIPprkr(^k`d{wRG;A^u#vyndf&?yd<mWeC{&@WUyw-lNo}pmpVP`=77ziMO
z0VJSMB%KLl5h&Gxv>{XtC4paqW?^v3N(ff1Epn1Ti11dIIDj946Q8#heMQeieAczC
zWJ5s^++<-ALkm^~HAc>4oGc{Hl`|YDt|M+Zq9alkDB{HJP(y-DEVL08L>8=QBuGUN
zO#q3PYx#d(FXA><spe&vIj!)3WBeK_MgbC}7)nx=lBASEN%8~6llP?se;=$cf_9Hm
z$9ks+R8at~r~~{U{`;Sg4`slHZBbNL`B_@EYc6stQ08g}em!~mzlM7-VBwLexrGnX
zNns*LBqUTJB>Vz<WV1a05A6FvouD>9-?dn}v7{o!s$G;8b~sY0F4Dm&gN6D6{{Rc?
z=i7(qgq}BcNhFSCC$>E;=zF&34FHTSl;(M?5{VLZ?|X+{e!c9z_-<#PzPHF@ViXn1
zW)fYu5<pp%71RpFp%_3ku8)B+?|etS@@_>w`?wp|8z<jfyK=y=B@#<8u`cfIl%tM=
zaDhsN_k8=jaUu8Kc-zO-vF9Ean3F$pW~|U~IVdO<k!Yq-s!Gkp6;-=U2~XX%yz5_g
zbe@3i+)eHGm&cZ?qTRYu8;yVv7Vd;sE*o~hp#x6Q=RbMA&x{M_ozK2Hdo14+s;a$x
zaoVfh*;~eV=hd%=yFB~eIUc_D`@ZAdxDd*Sjz`Es788zICo!2VrED%@n{k7MYyyk6
zCm3y#EH1*}u{7qcYFVq0=MdRumbJ|+!fj2ATNyDRX@oL~g%)iRs%to%rvO+*9bzQ}
zY}UB7mo?t;Z`bq@<>SX=`}$E!JlD0*EdyFmFFo$)^PKV<H{pEmf<r=v8mhqR`*4A}
zIdQR2A3Fd%D=)EXwSx$*JJvW540;CXG+?QH9vc9IUQiC5!*YNi9T6}Nlydst4tQ(;
z8K5Wu?ivq7+J(yBEBNmT_t*Da&$m6N8TX7fmhJqCuOyV+-F}gIudsWtD;*G7cC%Nz
z)83vg2GZhN#`{^yR(07v;KwQAGu&Kc&Eb{`9&yX+zb1#S-<@_k_ms%-T-i~()!%(+
z2it<h-1S}$XJ@vr?Qkz1subJ$d){uU(($A0q){z+m3EgyTjZ1SbY3@}ev#B~b2HJP
zNnXrv(zf?iX2BjJ%Z#mt=HcO8zQd4<#u}TzqZ`Z$Gv?CC19_)_-3uD3vs7N+Sl}DV
ztg@}{ReQyI-ti=oeeX#Q9fIGv+3!qbYils2V#UJff(1~nhlY2id1%+5$)lc&*u{{L
z0RSZ19M<TQRk_4fCLVULf%_;}$&j}X7Igged}6VTUiO@pw(&%w*N*W7CH8t>cG|F(
zW<(iy&T+pP>(gUF!T<ow7{p#SG?RX0<IY;P+Md4{O1JA7y@}xfbtzZu%xb{zv}E9|
zj1j`Y8Eb-Wh77lybFV7aO-8P}WlQQWyQ`qx`u95_D0GP%QgeOf?_7N0uuBpkQu!o&
zkzol52P>0-J&^C}e<<#^2#-SYyYV;#aHWE%H)$d<rkibAN;XnPnFyxADk6|%j%TXQ
zT+43jF-L&)Dny6%YW%5(s%ajDBvZm1h>t>_X6ugWIDUppE9xuYcPg)`tJKu0y;Ulz
z^9}9qm*syre*9Hc5fKqyx~GTm{4QUsy6*ek<F4Tk&a%<)g04Jx<AUM*H;C|pM`Ib4
zJ>}vkOW~mVe0byQ?r!7>ACIBlJ(W00`*S?SrTF;m-WZotk{#{ubx()mkzT4*RRvx}
zm+WKX?|EX1ewv0<`1nB|Lu=)Y1F_e=)y368BK)rMq3+7Uf{&Hur6h@UE=J%D(au2a
z)!ljSy!w}qJ}Kp8RdlMpyQ#L)NhKRiw310i({&?hu)$Ci=c~Cpa;mDiRbKR0a<a0g
z5K1JHK?Vd;NQ4j(jRxJ~+nMhL?2Ww3f462f+@a&%y33N<*_kU=I;HNJJ@0P7aBsT!
zco%Et`x~TKRO(1;+q0T<OV^m>^nKVRX~xp;F(<w6c)h-kZ9X>q)N)CXoE%A!rQOm8
z%X-<muSVRa-Fd$4-EY!5ZSS)rlX`@<Dph-Ich^}x<`bjeX)ljB`Tjq-NAe*YTMV*E
zCXvXnjJVJ(+{?FZMXsZT8^w`<W5Dihj9`*nNRrA)o;?;Cvl50KsS9Kyr0Q0Y)}AG|
zvSLXkK_-zT<ZXz~U64s6l3RI-@;8b%k%aKn7V*<+hC3`K_YsyxDH0PNT5(_qvx{6e
z2!{+a0eb=r?KTQFQFxY^9+p|mdv=LLl3~K_1(@1OHnoRWsjyb$Z4_3Z*~MB}(%eC8
z*ST2M;v^#h4hZjMkQqc+R~V5}A;cvS7L-9UiJ)NJ2spKbEH+L?jbv$EpmAXd!WcFZ
zm~N&q4UD^%WO<nEUf2OyAcbl%jqX~P5rJd6LgpAkXyq#dLr&g3hUMLz3|MX3n6b7T
zfs<m(W#+lDx0(!)t0aW(Sy`Ep)4-I=YFI9kI8aY8OG0dnT#{M66yZ0MF=4v1cz_oi
z#<08GXJuSq1qgd~cEdAPj4MleU0?xiwx%U^q(DqGq{czC48=n7X5{w|z)1v=)QY5n
zqL4_Wkpz+nB_e4g5cKfLlka=)d&8FRyjZUtw_^72d){|nlr(~p1td`_kSFv|G@r(x
zXEIxbzc<ON!mnYo8=@=a*j*tJ0w%bIK`gFxME+49Ii7z203UyIvH$@B08cvdQeRtx
zjOQW&&QWlZAn4_!AL-7Q;#qLie=#;(6ZBX=AdN~cnHB#7WAuZ4?EUZ0k8~FOZK13b
zzTF?%f*;l!3z1wUTX*Ove*us6{{AcZIR3rg9E+-wbf8d<Rh694QJ`WSL_n*m7+_j$
zDymSEO;b}!f>5Ni%_=CwqRmZYS3l+-zqnu7-|DOW_jr9pW*>8hE8lL{;D~|zNH|vr
z<^5KvU>z{hjT9`Zj+Ux?ZV_Ufh=Z`8nNlgJi8U63oBP|(-n#4GuG_Z4E4chvQ0SYr
zpcbN(?v_fNw$kqC)p&9S-R#nLz!$^!r!UOm_QFU=2!#-eAc6@5q7h1ePu}^P*(pK&
z?$~|G>u%4rcRjyQA^jyvl1U1MOcKH*Vhe9SgY|`-&5A_kipk+uXR$8FitwPy<q6N!
za^-C`S$0!ulHBzZet$pBG5*i(U+*iOR%vOABq}IGkP$&5iLb-^EPg&;!}6!(3p=@$
z8lRG1pl2?7&vVWfg>gjuY=mU0Dw?8IL2>riX^o<#jEZJWwMZ=ROdc9&aKB4Au9g<*
zp>m2FH_J+4y9!MHobXiqU%|t}`;d^0RYD|CAtFhlN<jjVCVwkqLqDC8W1qJFyRGu-
z&Y7t;9QXQF6(o{Ms7jOa2t___1Y;JH-Sl*UQs5{!K9o^r!G5&OEHoCLQ&Ks*ptfJt
zEkB0i_S+xV>-;~yyZw^C+RCipNmywq(?vD3ib|;}qeQOLEHt&1Wu;o7%D=__@6-Li
zeY@X(o%!#-L-+hV6v<Su3MrPtG|q`6kf>L{LMkx)Ke=Fii-oN<{McKlf-R@yFl^{R
zp&%zEyvxo*P%PP_OdZ!yL!TaGEBDE-(2@j_LQzB-Ad(UYq^tG8q|^NV7e5A#*cX>}
zaFw2%?)7Jgjvu69B$BFC6Y!QK%4Cp@qKi^qJ8z!;_SWmp<V>T-=ump7eM{x=AdR~1
zYC821^!xJr+xLt+^M+%GIbZ;eCppAL{5%)$bMM>(4)-t9liSi&00R9qNFgUU8<U6X
z?6M1F$(uBgKw3YXKCs*fRV_fkp!DtykhTp01f@-HIG~+W`!uA5kOCw>yKF}m+w~3p
z_(_$SYRagpln6-I@8w!!m6<+$9_RrNT%S)@hu}piQb{VRNsDk0{<OIE2cN)?+r+Rw
zu05Aj<0;1u4||z?U~#HEQF9N>`_nDSB&w^Q0WLLJcdE*m-Y0gupkCtOU%ti4_l{qc
z@zLD)_k8Q<$OxZ7!?~QA?_N9T=jX@W-+lG>SB`fd0o;lmeFu3I@s<OK<Im3ft@iBO
z;Ss&=K7Pa17sZ1_(MI5c$}uH&ff6ubkV4zA3BEn@9xHrHW^j7r4>G!m==!<!7rs5?
z$VpHq-Cuc57h!#Kn(KYv9v-;xoIR0VqMQl`dApE>_1*Wkj-gi`bDr%go0&V@a=8=l
zJ;3*S-V<bRuKKchJ?TyFn~q`hPpiqf_k-QM?~kvQ0q4&VH9$@`-(2I~`;PY~H*z9l
zrU*++N|F?;*~6leRFtzQ%c;WJvMLPfm?t>ojuc$cOOr7wzg``4uf2ZZTAqPFRqO;+
z0pePdXku=sc7O!I*WE1ABbR0zpt`rzt69>XM9uKOaOfy^<%7+Y+tr=scmg4jMUX{B
zkR%XBML=X#K{KZGPWVpYy4LepijwdXH~L?u6O{saXRY1+??0sb?#}npCso9Kn6obQ
z0h?Z~%i(SFGVH|}b4mw=?gu~@iB*6c$i3L>Xbc{?>Gu6T)s~lt^q!uJ*X<*xz)Km8
za*K%GI(ELlA6LoxrKjuQsQYV0g?rmqQ)!6z<ci%%_H652Y?Q8E{kv&up7Q}w#u^>G
zy>feRHiM^LbG#m0mF}V7S2Uj#GkVjl&ptgKWsI)#hQhP4dP~B^Op9)p4(i;ZX=}+@
z5Q6qeXYYN`d35X7_QigY;m~Jx2v09dPdj-^`W->MNfk|*iS@e_`-G6`^2q%sy-oV<
zo;zOg_nTh1nLY1&(NU6Ql5Oo>-7LQKx);592fMX0*PA(h^Rsv9e<j~+Fmg#GXMOU4
zV#Jn}dX<!lN_&29hB6NMnEZb2+3+cDL3e4bt=lSQWU}$M=&>b#RRz-I?i6CJ?(Itn
zqhEIBvt_HB9nLqSsp&Ru`d3!(UFD11+VQo~>bG}wcpiH=rC#c<PWQd<B1tFS^pmza
z_Fml}+s*_U>tvR>UDeiI_^#i2Rs-#u?a{8gvpmnMSHMsQ+)rflA!tRMFFaVk9T)Lr
z_{}}SQ%J^~o!66_HM)=_JkM{=)J5Dxksw41-Wlt^y$H0P_A}pHh!cYndsYC)+00xW
zbA`u2XrpAS8KPdcPYP3UN~Y?^Qr;#{s)ak(w$&!$71>dSwj;q)p`pP6=<Uq8*$&cc
zA1VxO1zDPN6+yPXrR-Q2tG4t9-hhFnVs~~MIP3!*(yiG`PK(>b?+^gc2mq6+Akyvf
zMz`C~d#tGRidGofLSoo^Z=C8==7j}AG_07djM;gH`fAxGcSD1sHE*q9RgXGDx_jPW
zG$J7cioh6y7$P^aQi=o)4{LH%Es{wjA-4@6u0H*m{QK8;JImEltyNW3RZ{+ae_pQd
z(-;qM^Z90_d#bXpDsR7-KKj!<hCT19{d_(M55g(R77#w*{yu%?e1!4f{KtN;dw^&K
zAR4mmZc;TQ4Jo3R0L?JFY?dUH9PipBA;9N&4*mB@;qplDa}o+DD8H}j@%G=X-NAGY
z{NYp(mWJ-@3=Fzt$qovt=7~a%F)t(I-y2S6j|j}3nG>-0Fitr71HB4QJLB*Z$o>Q6
zz`JEI832YG0AWUv0f-e;jzZKmAW^2sb2F7ycp@Ngk~9OenyyCS&fDL%=dxE=>nJ>6
zjO&W9f;-7DOx2RCY~iz4qN>0p5`+vs7{RgmEPeMyTo8u92%BRMcf;N7w!yE41Kz^H
zfCl|ro2|h{<7X5rJ)BhIN)RGH3~TNgI~gCtx97g&uH>E@j_w;FR1J9j4&kuxd)K^s
z*4*x*XH-aB+W3z8l5DE40Qastqhr7zd%AmbhePnfBfwK)a#;Cz2tZ|gsrS3pcHlkt
zUAg2t^-=@E1-}(sz+K;Wk39JfJ<H?sx}{&XszO4QRWH4E+;RdiFYWkvUJ!V0Rab}r
zf<+QaD1@xpMYUCl8vL`+*6+}6@g*)Hy0n0H0DuW3k_l$+SSY}Zq{E;c0Kg61*t@XX
zYCEtaP!{Zj3Q<KIcAF6dpV|c1+iHFAVWGTpec|cj8CchcuhK~(S?%9<ylP6iM0i1(
zx7+N&eu(>oeYITS#qW8(_qS`_8ajpfdj8Rhx7NF<C@#gpn1t|-OAY(IyYC-ASJPLe
z$;>d*_0J`e5#{eH>*SP@NE$hvabnJnPR86?tKHAuySxp#d+pzQz3({$w)SL_F0H##
zW_#g71y=o=)BwI105mM5$Wq_}*%sMXZKhq@Bh_nJ#H}J?4V#dO8+&cUwYROkxiIr>
z6PwMoc8OGBt)Mm_1;=o(fDkS`%I7o(3k^NQGTA_7nu#i%OF|k`9RM2y*Ckw)Kn6Eg
zjngz*rKu-?1~CnlC84u0&Z?_*N)-fidqXh*%Ce{m5`d80075_s-QZBWBmm>!H(Sl2
zy<V#T%9)!c_VRZ5fQgJy2feLjcQ29UcDt@BJ?%HDHQG=Pzz_|gRSn79s|~B`x@&JE
z02ZhLK}0D6xmqt=h8F<<s8m!*y=DLjaRj(`T(HfwC`f|T5Gz-5=pDwZZoA1*=BRha
zDCc=md}1Ra0=ED{^HU&lW~yks)~4j$Y@&!#(zQzrV1sJaiA@9+Mlv@blF1gx0$D&?
zU=ecjAaSc`wU<Nyk!8Zrq!})uTQKF?&dA!yjM$jeStM9YQIkMJc~2E?R)Q!=P>Qyx
z=mRZcT9T~PsM(-9F6%<PU?UCf<>E@lfC&I6q)^)2JD7t4BCt`=20L1o!JT%*7;)XV
zVKJZ!yBTod<&f4qVqO{<pb5Jj#x>5dWMsT1tZl=kfICR!QReFQ@Bs&5jJ{)mVe}nk
zAou~91im+X&n&lYZN@UV0VLj$R5>IY%5LvH8^+8i5esK7OEicEa~==@;wwl3$5Z~5
ziAi)IFieR$N+KDWC8UKEV#zA1Q&7%JIa$cWs?|u0tW>EwNSC~`IrqK|{bL9N47CoO
z$8|&SkWCZ8N?0b58z?quX%uB9mi#Ete*+VgR5Y{^gXC-|t84?$v9vxZN;-mR$<HSw
z_tOX8=~7CNs*$F%4uwTqQ!uGiUjBZ5|DEO1{LZg*hykvD6ZopDNAU<Ek_i$C5UQyq
zSjh;&AjqS$SZn&9j#H4bw{81&rqITNq7UTPXz$cWSl{%JnQ17Js-mS=N+c+(QU1N3
z#TC#HKWxvPzi8jS0(?IbL?lW{5=@jzg!CbF5(>0Zqd!N5{<Fx(C_fAR<)m~a9EObX
zQRe@2JhJ~4c<VnO>0jv?g(;y%DN)L-vNBRge{Z*QJ0IZ4F7&f~^=H2`PF(;$05wA!
z{2%aXYE?$mt^0w(=t9UW(X}-cY*@6UQZa;Nk`PuimY<*+hw)U6XKX2kXDr+kfF~~}
zr!GhyN|aQhKx#E43AJQtA|y#nsHmf&3W|jpS`bpHGbvFLN>f+*{O+Ur%wL4j;l1V$
z4aI}d0RD?-?S50%8}v*D6*m7G)hwVfD&+}rO)W5%oA_*tobnI}wpFoUu%NLKOvF)b
zBv=v*g9s3s$0Gl3n=t8^1+Y2iw!WSE-;`bXz1OE|i}2Fi@)|HT{V9}PW|=7^gjH1{
z5~hHM_wG$#1G>a3E%(y-iJf(N_i^x{Ko8UWs47*V)UEyi?1-jRa4i&5QcNaNq-78$
zV_ti=R{XcgZ*;k}{MP0--)YO_jq=-9&z<YN{W!RU=Ql2Mn+TFgNF-Gfk_+_kKHt#u
z`(O687Z6F8-(P)qe*JL%cg79=eomE2B~+4I{Gk#ki$YOg#$^;Fk`g_)Zoj#Sjv1Lq
z5C~qavrN9u9%2u<^OMJY>BD))C}Tex-K}1~uU|iJf8U&NIm+eE7chvpNdi(xe(&by
zn|J+X0zVslqHjOJ;y)T9wXZk!xy}QJE-ro9w4{+~K}lvphM<j->vp$ZH#e(zwv={t
z3qrnV59A}m(Gd9M?s?{qy6}mALHMpe-d3hmrUfHSv@q2xB&ssOG*If9S)p>GiZm=F
z2@=SS0?u=s9MhbzhE2~u*B9%@N1l22)7XD{w(eiM%g|@%)j&_$01`<AqKQc)hzAy#
zXl)8I+7Ovm;5bPTj8rFZ)u2+p)xyKrCYz+)loMZAOFvn8>2Ih3pK6aolxMxK!O!Ah
zTB1fJ%*v`U43R4){rvg<q4x0cGg%I05667Ph1s7Dm(>T~0Y3brlW=i3a5?s+qZ(U9
zYrnefYTFn;&Wi=Gtx8^H+eKx8z*FTA054@qsZZ!g+#BbXRB{4pUHR+`2ioCw<da`}
z<Jdm(aoD$d0gz}5aZ{^k33S~WQaB5dtFjEZ3Gwc5cKhA1a$xSdjELT@0_HbAdcp5N
zB9cb#x!7HO*K>!unETs!9IoqB1Zq`~ht4=~eMV>lw6`jIyYC(!mp^&<yKfY6@_ONS
z$#HoPv+tu4W6#f(+sW>HbUE|)eeYavw=<L190&}d1TyZfs>ET?B$7xZnhw*3FcY-T
zuet7d>TxgL=L&tFA<oFp*Pjo^S7Yy9etaP}zWMPNr?Lo%01C+L5IYK{#N$aiBH6TM
z*qn$gPKeSOa+1~%$XU~{2uX&i+0C*_O6Dp85kU&5LO?1?Rt9(7(fHfDGJt=$OT&@^
z=vJDx*LWvD>%MD;nC3KE5VFo65=jJ`O2(7}C^zA7JR<d$GqVf=U=szEJ_9TO{s3dz
z>a!nlBX>cw)l{nb*X^wOx0LhuyjOJG-qu;V36yVd%N~85cX(1vj8kRzedxGz4QHkH
z%KFeUdj1FRBk=fz0uV2Es(qa!wU--FB%i(HH`liGE#^DZyH8!Ia`^VQE#4bKx2_<(
zyBy$fJ;(0%sp9MGy83%L9mm|QcJ+2o6q~!hPd3|lvmQp;O>R7LM%}E(jkOh)@6t=%
zwY6JfOeI4O)~ly8Mzbqjk&_`>bUig!r77vUw+h2o;b~cwZTAiIy;-8)Csm3x=aM9o
z?|MmpcOLqC!e_hP-7{~ncTc|feZUF>-~gflp+Igs`C9oI<&k<^7NO<7xVHU&0LBY0
z<^8P?S{r!5&C}8#-q7!?M|ZzvHg?mKWC3I{-I<>Sn#D-E>jeyS@YmNClCMrWqYGG$
zH8RtX<?Q1)XL!ujqYr_=K%mcAC(fr~F2`bv7p!GRSh8(cvfltQvzrTw;;j7#3*asQ
zBo}TIEo~`dp5xN@IO4aLR9*_1l1&)5<=+R3rVy&b)7RLdRV=A?`)&ksWgZ&l^^lbF
z#{o!1gaCjMNuVgl^OuN4Kb_Yc?h#ynRn6TTifM=KseT*ZU37A;mB*Gh3O@?FWhGWg
zrk%#5P!@p%mF8k>I045NC3p0GOj5s|`?~H7fgQ(pad*ceb@x5T58ZtCcf79M)j~vj
zl{<w8mX%dj!FO|XcWUwHdG~s_t;qRUO!C4(URvc*OE;<%=T`@OuXwK=+|)hFpIzSR
z_jf*}7a}~}-F6xtPNJ!#ha}C%d){uP<YEd4qr!8PT=}0p*L)uk50*tZ;YVGGZG`Lu
zL8>T_K@LddaX?rQLJTK#lTq&R-u3SkzZ9^T?q2Ysd%0u}0cVzBk5gN@V5Jd+h|k^6
zCwF#Nsi;w|>${_xrka&b?&9v_p7)+S`aR03qCWR`cW{cYRYx;Ys;G}N`)==dddHpa
z@QSFNbKTbERaIH0RaIZlPWOA>sd#<hrM#$gT*r3-)KmoYcSk(+Q?=aFY%rPyIz-X3
zWQeGVB$H7|Ba$LXB$8LQwoD5Rv>xVm_jbi6>#_HsA)fDz!B^PNtXW*VgWAfiZ`h>r
z+?m(uV!czV>}Ky>>gMt2-S(k98*%PTeu_|)E<Z@qru_+xpEX&}VC;S^d(uYpAvR=$
zx7*s>x{Ng4?oIa3d(pd7CQp0Q50~Erh(8M|1lfus5wOq|3zh`(iDX`g5<xE$1koUv
z)QFOS0wxTV3vt4WCxcf5A+@n^I!)m>2O0`Q#x$B(mXVp314t6Xl2b_9M7vEZ0U;$l
z$s$702^O%y36Uc1<vh4t+;<hp1cwsScLN}jV}?KrXe5f0Ztm&v_|GICP@;YA{rPT7
zmNq5J(+Fs&>>#8!thEqM+&I%Vji<QVwF42jK{!GWLP}|pJ3wUHb1!9qAv=hMm6>kr
zU}dq6UEE;IyQx`rZ!wD!33jcRjm3~D9!ClUJ&oPS@wAe%Tgwx5=3VWpvUTO<kQ&2r
zu=Iw>X>LFSlX65Xmd0y&cIAbREUTAcwuUznlmp2yS;;RhOgD!(K%f}WR*H$C5XhyX
z;3{roij#IAQy^iiPTXS3jjOy&LW;m`G)qGg%b4Yy6DA@U!;!KcVWNfG?R$?jJu2<D
z8e--$<?PH#4JhRcyOw6~ng}KzKqC}*?)S>zf6}yBCK#0%k|dH%6jBKwN+l#nJ-V~z
zFUR3={k0!|XMEGiIt6>@ndW)!osfeBWFZJiASrD~ngG@Y8)OnCGA1|ck~ugD!eo!l
zsd7%ls;ZSFi-pUyf+`cKDZ=EaYcR%BNF<_L_0(#R=PLh?tSM7xiWcew*ioJeJ@?`y
zK;==z4g5$?;#4X^DN@rE$f&BMB2^S8-{<@9QT+yhjP}oc=cm>fwRdQ0zBzlHRaL~L
zRVXuH006NVHiKZX6*Z*7{G6N|rDZ8r|1j;OaVA`11Qk}L1)0;N6c-2(E>l&80rnmm
z63Y)cS;}^5R2QbrOxRT-S5!lT<UpMufI+I0!=1}1GcwWG!IOTXe~L83i?wZP$iUXA
zS}1Co%8?MNrB#|y5fMbC7C~x=iJDkkNF<O*BWK&Wb{_O8?f$K}KVZdR4--@E^7q%f
zxS>diBWxO|Eou$5gKQg8%UCOHC@8K4f6A(gfUFTqP)<s85~@t9{u{KSvn#Tbww*fx
zB#w4OGnG_Ei4+meZeme$bC8Lc2IAsEA(CVaWTeh=ocq>~bo^Vm26=v%1*g#QL@S5h
zHxI{>RMVQp3|W$fkyR2M2sI>CR-`_EsD1}w#Xi3e+_--r0(VsRL%Mqbuzo+_!%*p&
zX-QSTy_^#(MX_2VXcA*AAOwaqCL}-&iV_MU2|+{GS6;TaKXuJ@{k(Q@9(Qzj^Ok0e
zu$@bnD8UXOKKr$2zq@sZm-pYZM4!^CqY9>qgG!T1uBugXja4;GQj}7n2;Nq{K9}wi
z{@p8s`5!=N1Xg0t;(uPTv5tS+qFltll#0r%0_W>xw3?Ctq^41u7|BF6EX9nfH8KK1
zN8}uTpML#@0RjL(A@~o_w$xxjBO26UZJ`1R9Tolg4tYa_9s1+H*Z8>~_BEjdD6*8x
zVo4;BLPa8qMG}Y~zu5=$bX|2nzN0TVU2}kUbKIntDA@=^go6meBm|;ml2n$1Nm5yY
z(Hcl4sYyzLMU!kHh^Uz*u^Oo`WR)o?HZSKnk;>pMIfZZYP~=>qDvG+K6v{Lc2@8eG
zGT=sthe{0@Wkr!mL<)&Ai?Y_#z@$xu7-?n|<NfdSutEJM-+*=?B3`K;eSvOnjw9($
zT@4LB3i;mGt-W0Je?$ygV;VvM8eqr@C=Dn81xXk{Vffx^%aWwe-hSTGRYtd}C*XG^
z8j4a$G$}wHZMD~V?9es$wos!4KYB#*3rbgX;i?*f9ss`iGx~}Rvi#4J7JnHC5Rimq
zzyStG-g|#v-g|ca@4vpjc=vtp%dYvm_s@CyNgzoAB$7`-Us1Bm<qPr%L~8vd-}0aZ
zHTweFGLm?qd-wO}?_In1<^8}JCX^9j7(fAxNeSD%{r2<y-S4vP&l|TX9rUb@Oyy`!
z$run2ga9E0gY=XcLXZeP>gKqT++eBBa6yroLpI}aGX!dbJZwX}prup#@0m_oS!s-Z
zhTk?<Uh1p%_h#Cw-`|o<k`)NWfC2=w1@HCiuH4`cyUlC%r!St)bmS%9wYjOU+42$n
zAtWG73PuCo<qKPix!-){b9tlK6%?`uuszO~zEE(1v!IW_C<RuKe?}k^OrU%qG0GsU
zc5Ky<)K1MBwFt9DgHG+(G+-#P1+fCUw^Y)y!iq#~!o@Q#)k#9^Na0bmg%ZMi_c0{q
zjqhJpK6lre=|p4PatrUTz3!A$MO61(qCP(H?&$EYyvFxOkZKnrvaS~@(ZK<LLbqm6
zmcyb!l<dk<Nm8H}977ZDN1}&$gQSuY-r4VWx_;m|`+Y25aoF#Zy!$=pfcJ|6NK2wS
zi+t@SQ_OQ^>f)b!&y(8n!`{B{A0y0(^KFIO7`0$_OfC&L%Q&K3tX5ZHD2bY_1Vfuj
zK|qkoDlnBgC3b?*2}4V;(#ts#SVam{iLc(X)UIolud7_chR)Q?0>^EQ=rO`6iQe{L
zR&PoGEAS?R@fxo-`7UQL!#t^Mtw6I6FU4X(1FVy0X(X9wKJDGUqMnPvR)ghGW^#B(
z3sw2tV&6mM3C%2$PTjZn)lag%28A9PcN%t>bMI%jwn-;kiILK&U3H6f0RSKeVZP28
zw=k0Ha6->fyww{{ZfW>t(DPA|;i0>;x!PFi+fdHlsVc$ZAEEI;*Sl}x!?mxrc#M_g
z${`FRl^wZ83mz2WBW#;>MWq>-HDZkBGstwYeZZI)_M*`7+<g%ijds&IwCC4rWTj{!
zl6(rXmu7MBYl--u2p?I70=193N4>Ph^v7U|v5Q6;^<`}$*l)=tcWcYZC3k8hk~e87
z=8}84jv|T0yS{$$b%L=Afi}Ll6@vO^Zu@t`-XOBOaTuH^A@d6UZq!E+2V%A8kIOpM
zX6)S`c5$AstX5E&yJx4YO7^dJlJ18n`7El-mLFK}WSd7#u{^O^av3Lh``M^)We!&w
zs_V?ZuFiG`yVYA`epHrK7`-RFk|dvd-uA`q7ag@4N+x9UF5(uf{XFkJUrCWZP)RV{
zf+S&p(WKD1rh4^_8}VkyD5JN9OKS9pY?EwmD<l)gIM56OR1FbC0w{ZCUaMmU^1?~R
zb2nOm4B}48<X&T!JGIvC2a-#hoipm;QZ1MBZupy*#wIzScKbb@-cwl0DHZK;UJG?V
zg0>i|IhM50ho;)thMT~}pf0XJq9XP3-R8t%;HL7bnxT&S>ybf7q#xI#CuX^KPE4q9
zbGEu+&^SC6o!HBsPKvdgjeElHnfCMVAu(Q7g1~eQ07E#!1{@B_x9}hzmD}^xTT1fu
zdu-#%_(fg4>7m#%^;{hKt8j;wBY$su`McM9!W&~aRX}VKT{v@^;MgY8;w2VTDk?Lu
z_tSXx-d9S7gdy7zdTWOR>XIBH2;g$28Eg^7f)sgT$g;+>O)4V2G^@O?mD`nSsaC2u
zL~*;OvZ}m7GN$$Kc=x->?YpMZBTXvGgo~9`d!|d2Ma@$VaVsmZtDCvIw-QIb;P2t>
z2y+cf(L+ZnC@LW;R7grvG`H$@{?6;(<KCYwts?h%hq^ivNhD!ZgaA}dC?t%wByFP!
zfH)5ULVKITO^)d9ZQeTZ@9^)xqr9+mm>l0>_KW!=JC!FOl1#j;ev{H=g+a4j*X8Yl
zC2dsY<tLu)y!C7wbK*U<b~@E17FMLjf;+p4k~ZG%?zbcFrCgI_i6!IRdX6t=LP_+J
zU^TfVR5CL}ouXQ=Hm;9RzkA#6-SqdDr1!nMyT5(+(&bLl4-i2n{Q*hB#|<?L#ElaO
z2%<<25N$yagcyLBJs=qyC8Pl~<8|b?5X&_V6j{<rWmTTFa^Z>e&;}|;FBrl*2E5*j
ztRiV7btS<#gsr=XHBKaKj!l550=82yfFmZ(h=tp+Hr3@z3gR*|F7Yd6vp^l&GV2>h
z32a|Ra_y8OCUd2tDFlfurrqEGqoD<nlYqRi)~gL*$&p&i#6*dSqFFjjdZU2$47rH$
zMV7R3wPPGC;c+YpBrZ`RU4;==fkN!JYK@z5OW37`))%R4Hzd50=17I7X#)tra#DvQ
zgAJlqw_{zqaM;*I#Ekp!c!NU?p=M?%Du~lfqFJ^uU@Khr-mcucefjF~cInRj-PL<k
zUpZN>cpfLjMT7!Cgpx3l5(JQ7L%`t~Z#@p%kOIg#{NLCztLX0w6X*ecU7=ZVO0}Y?
z^!Z>yNRmO43<!7QeCU2OSATntZo73?t$O#htLzwslUls;^ObVk=DGSnyAN2FKz-FO
zv2~K|D`7tH7Wuo_+PwSyMHVE5l_Z804730u_kT<Ax4XZ#$9V$ZUva;H@5&&EiY`=F
zAJFfdeMbK~tnLUslfuJS`B*;lOhmVBv@9Y3Y9xVPe^&APmF~XneISz~VWltKFW0Vo
z2kQIoTgd%o0E{Bc9Q=nLcYFuv)DeanuiNyil&`sOoOa!{d5iI3M&MFFCcs7bw&EC2
zZzVn7xpoKMQdcVj;b9UX6_P?kgo`mMFv?_Y5sVrt7)D4S#)Kr>8pBQ>SMJ{Y&b+;N
zcR5q;>bEdOUxgVU<$;)qGJ!R=&F?n6eC9t3cuNDql7ju9(d|Al;6d#Wh1Jx&{r9Wp
z{jw+pBS^0OyYYCde;d_#tx?$d`h%67<N#FokdhFA2?(gCLs3g?Gl~}1AJkZ7Of9hT
zl%m7kP@~FqXd&eRmOjs7U!PvRb+_m=F)|5Y8eqEX$Dfyn&wp=TJfA)Lt*@~Rgbg-~
zqaa=s6p-`E4<V|pZ3<a;c^Qz!*6^<L8hfz6Zi7MdB!rQXgpwoz5+7dYNb>!j`E%UN
z_GY=AdxmPX0v{<NDVtQWs`<8>y(^n$-#q-gYsYUd9=-eVeY8zN1d<SdERcf`LI8|m
zBt6#q^>-(AzbNUOvcykBl1L;ZEQFNRELVh;>if&jb#moZ6|3!HT8wA6s__60z`sIL
z01~Xe*uu*S1K)3+-ahx|UOnFU<=@YLYPyE|(^<ad=bCfr7)b~b_6h0VR9koX0NuK7
z9&3|Kg-2vHz25u6yQ2^clKx4S?kGTa6NCt*G(il+!!Q#1)4k9a-W##r@o+BM^XB)I
zSnkhgQBS@1pPS=l7bqg2o$qnuCi(I7{Tt7`MriYok$t!h_m2AScrUMG$g>UfY;x~n
zJU9!_kSgLfLNF^}C}RLCk_w6!PRnG4WGc2ohNxXD4g}bO-Pm>zHWLoOXinJ=hZa*?
zt++)&?_T!w{4VZUY0zTg7L);n00c{Bz!z4_U?IWqn)&cwUi+B&J=>ng+};AO9rt?z
zrY5fWeY6Bew}tNBnmYU3`^Vnl<I_(L^UtqvZJ-?nU8Nl<O@hMhN?3tvrP^{XH9#sM
zAf|=REs;=?!m2K`(FryPtQsc5h*Ag=0Hjb}74ti0J1rTyuV3TfKLVf=q29fKbnwA%
zy8R~E(RhW*C=0Y+I6DJk_Lc`!IrNMS7NyEfdV|T}D#b96?eg(79(E{rsKLDO;gxq;
zmqv=l_<moE7UPG{b#D?+9X`X;V&=WMj(L(ym-FSK)keMMo@N@_YClMuZAB}Ft<1BI
ztYku9l7&01wbR8QeYMKC8Sfyi&mHqeQmN%LLY3pPr?ibFt=dE05b<nH>ojK=lzoQG
zfXInBw|Cz1M60zMY~8o#=^Jk{<dR0?%*nDzCs1wcW+mfprK%LA@<t_6*xI@b<?QYg
zdz!SLu;%(w9VffQgEY(VRH}+G&v_(?KKG<SX5e{Tgx_f$O195;17Z(_0I&!|2t@*n
z?bd6YFE`=4J-YH7Gp1Z3v$9<mryR;9&>9`-F>{tOtXlgDI2hjPc5?3&gNDVl5ZRk8
z^-MoJr9)=)P?|RQG9P!H&g|45UliG1_4&REZ6^Id4#%Ey!Lg5I(hFXlurBwh8;UGX
z6fS_hDCXE5?wvA20`XjZ+2k2a%Z_597CBV8Xi&?s8@EG6A=`2c>8%;NpzXWt=D184
zF$k~;5RV7~Sl`hIAc%5y4CD24yt&j<Dtig-hn2vpaQNTN?{{>2*AGTrT~gXhNhK{M
zvPl^uFot;I9A;xOs$&_5vsP!Ga~$U^MRk!V^n$8U6hRn4LGotzQm+iTD-Gb^2f0&-
zNJP#!OP5OKhQ}O7eD`;ETySt6Aft{q>y<~xj`wNV)~v|Qm@`u}cb<LMT<-?%SS)E^
zDPXX8al)&WOmJ+=1uPV>6tG?5OUEjK;R8aejEH1W4|w*f#t*C!S~PBadrzRJZMNIr
zcXv<Mf@9RZ>i4|qN9%C<scmgnpOll+w0kj%e|UIt&QkZdhW9f)JkxFJ?(UHL(1Aip
zv9ywrZ+YG?c^3U7$3o^?UDaOR<{mTeQ*OO-dtYw*-tzRGnVIeMlbCbr6Ya6Ei?Mbh
zX{RpSj!1UED3NWGBA|i8!gYRDTzy6TXYH?hE>#cLYu{Zw*j<rO!G2tZ1J!_47j3aD
zlt=*b=(tE|IZC6MNFtu<ky7GO1qZO{5L7Y(Jv3)#<zy0IcJZ`GJZ!j*TACG>COw02
zO-MI+7Ta@VtY-tP5M&Y}BE4e>3>sE-EWoS-Xg#MTS!Rj{Gew1nD<<NwuGVB=*vm4;
zGVn-*h-KCbw{78MhTCGx1Q3E*Fub&#tAq@xk(?DxAnpm0>O?Sx(1MPPyElP0W2A|N
zZEDAv6E@`pvWbAuPUXvr%7~`ytObVzS9y#%ih{^d0Ki>@aEKlZ2w696ULk<XNhIL0
zx*m*rw^fVqHU=61h4asi_fP^eV<DHW-rhZX?c=Y1JolGUbm`MLlJ;)vUr4eN5FvV?
z&Cvb`L(H`;JfpB39QRjMLI#hC1`-kyMUo7V%|B@KD1(#t>w((Q=Aap@$<1qxb1$9P
zA}6GbgpxpnK@+sE&Cnc<1V`V^x(~uhBtkHf5E4L4*da2&kqHS22uJq4>-BDDX#F!O
zlb&A6&>;GWs7BH-Lk!hsr#Y_V$OIuw3es!}>a8n5_?Va?LcV;AVF<AyCbDk;-uio0
zxue;>Z1~EDd&?11<dOuCh^Z2$;z&Cp{zDTz){Bm!aN`(82hinL;gT{$(rf@he7k<j
z@0+f#)!(;YdDmgHzE<kQSJ@;<2oaHpt`x}q4Pijn>QVEuj@DIo+qmE#k08QHB9PG}
z5@>_${5&~FgY@}B8vM`(@gGf|2d3)x-kDuA2>l>P5)pv}U>bpuI;cTU7GAYRz_V0d
z={+<*2?#AFh=_(1EHIQoiZPiOh>9&d`|MTg&35!*={I<J#_R8Ewa)HbuJl9UB!q&n
zgh*n$ch=W6-CZv0vp3FM*C0H^9J$%9xhKEHc-YN}phzHs2_%|0w>#}W7d)rumu`EG
zox$IodiCFr7u-Mrblw_PdX>`K_XGreiU=0p+0Q=r3@^~uk2Is{`6(onvl2_5yLsca
z=dR9q^z5I!_U`t(_r7x0zW@+rYuCHAr+!c2g9v##gbL`==|xM5g2?$)fPvzE0x~2>
zNRWizH?IO_`M<ZLH}^jVwR4*C<`;fgs2?OGkYNP^sIsLA_)}3q(gly-P+1JGWVh&!
z^@HVrj7h+tA`lS~gXS4*+l0^`A8)=M-yaK$pDaE*mU{W#Jd=6vhuz0fi{D&>ol75S
z`;7Q~!|#i24AG+iGYYG%MW|&Ix2-k_A`<G2Q<<8=h7nz8ptxqWqO6EkoX$A+5%AP_
z`rlW_qwYTY*WY05iip2`?)T0y?~b7NNqc$3ZyY3Jk1hsr<SxBWymvM_FM98y6w7n&
z?d?BuT!7~fSfZ*jsSs%2ca8y%d#$}u@2BqvY~=S`o6pyFF7Lj+!h`eV<yqRk?a!hm
z6hLfYb468@QfE^%5<n@WtxOGsvnq)!VPHlOg>vPz*`yI<TT)O)8m62XLbNPPwo2HU
z!ZCaF4`Bt_C2w|3vcRAvAtmNv%e%Ayz6p0l7?vyLLnqzZ*n?dWZe9Eb%V0bVHCNv1
z!^leWHdLsiEb?w_@_@kwT0L?N&^U$*k<iT<s0D!jk(Ll8Ul4D6E6K>;E$=d7LoS`$
z0DAtx>&(jL08Ij8HGRKk&lB07T!eU%Q0>=p_?1*irp0;uvP)TX1F*#BefQWgdt<q;
z4rXR9<;6ks;0L^`GfIt5NncF%4Xs<64GQjBHr>2A6RDe55*IV?OO~H|<sGjB5SWAq
zeo&Xr(!2KiyGi$&eQh1?yh;h3RcohDb2Mi}F}a<&EDb$f*SX`KG5g+RIu<&_&dSr8
z7@^gkxU^Pu8Vg=0ZNRV#e>8H{U<btTcyMQZ*FKL`>9bU(1DTTv`g?}=kkj{*xS~*l
zLT0(|M3PyVp7B0QEql$Do88=P5>njEQ{GLtySuN_LhJ7?+q-$f?fU!UK_j1LgN6N_
z-QByNJ`Wpb*BbUjsae$bj$w&jb#JoeC6@cIQRx?3zC+ydU!1A96{_^6;VpxN8T84y
z7Tx*z+dp~Fcz`~Y6R!qOtQhgs60dL6GkUONxt`sgL{)pFs^P(I<=y?%H^gSyJ9mrB
zt2hB7{A7}Nw{5h&=_P~LkKMhS)mwXNwk*R|D_7ct<jEde$t8mZ^m5)FG07n^?n<-(
zbj97=N9Mt40DO_ijl@_7P{Ruo^Q8Ii=aN-#*ZbRe5HjtIhzhFqD81q|^LatOG;?nI
z!roVMG^)na<m<vB3fqWCRar$1yt8lIvkrQ^F2cRq*PV3UBx{z@4^x-&%A<y@>xICv
ztP^;8a>8@mB$*|{Zgid-S3-j1kwUWB63RWPBh{HKYSNX}))asbOVAjsc%&FMm^Fuz
z957`IB;gs2r&DoVZ@Mm2Y$0i7t4-8ix9>kIIm^v<i@uZG-nHiS%9W{CwNa!X1Vxcx
z^r&J=ksJtaHwc_3202}a`QO*|&wI)Flkl`kx&526c2p7cv*n`-A}Fii_~7794mjme
z4ghbzI%lBvHofAbc<Fq2-Qi8=E(G@7a?p|3>0ia|ZpxUqjw3^jhvkG21a<Ft?(91F
zW)w){Pq?l}ehDr-`K0^^KoP*5!{+6?uzWd1A}Mggfd~+lAqW$4S9uE?HQMJZV1dpF
z5;UkF5=0cJejb6r44fO6X5o$jVA(+3hZ}I4j=&9o5V>wi372fd1+qn%1rqK+1E3HA
zOA;w6I1vaL0FAU=r)h>866*dKFiz+8O)og#-#$S+!33=A-H*ve+U?!h>ZBL8!Ku<d
z-IS**w?Q5yPkVMri+8~Hw!PQ6_m6HAHm)}NdbeMiNxePV*%|kx;7V(LZMNr@#Ixym
zD<6q((oNahYq;!&9<06gZ-nxZ60gnf?(2?8B%8atJ@0tIE}h@LDZmVt7?3qn;DaG0
zNRU&sDt3LiMhJ>WlxPrH=7Ga)1VS`H0Fm0k4zb4zB-vO{fF#W@^{8M4pa~?hnmVa8
zLdMOYg+j8!k11u#M)K3Z;b|oCBJUfGFyuEKq=CD((h;>_#B8NP>doc6f`$yj>}kVs
zwnA-EM@AJ6hDAn$G#bJ~gB}ZV6KKi-G7XHqu)}SJ5Kv}XK&CNZyUdZRlE6WwFof-g
zk~t7;5g-EN7bZbsTqhP7>oGXlY$O{6ifW)?Ftgq}?E&uXdA`#&%}A!fDT5ePjF3zK
zf*}|SLVfEn-_cS+b~+kI!L6abZ{R;e@2Y?l8jTbvCL){n-E#YF+k1BSw@s_JFP)^X
zHRZl5_Q=Svq}F6C4^O{Pez`FA^*LDTsNQo6#1-^pfd~raC%`a2AVA*fLy<4uzaAR=
zViQnAi`C=ze${yU+t-|R$(5J;Te?l}RX4ia?|b#{y;TpH2tqI-q3EeX^TDctB70i5
z-#J%(PdmH3&>p96-tM$teXt47f-(dol0=CJBoYpfyTNCmA)EXiY-YLXG9Rx*`~;DN
zNg<G4L^)Lc=_s-e;!&wbA<gsO$G@KT{ThWz5MoO<7$PW$fP@IIK0Wi*2;%+xrurqX
zeycU{1KgP#cAaKl8UyeE3qcSvDH3hGciy{p+tpS0QA9^!%Plq=3M*7Bu5C2@8iXPh
z5GG%Hd~@%veRlWvw_ZFwJomcuE^_s{GvTsALP%lSQ_s5YVCTP-0=Izq1CUKV(GD0Q
z1<qc`_F#Spfu;}`KYIN0&pvM*{`<PWcju3HJbQ0myzOnP?qY;W+gF}kOVq7F2(mQ|
zLU@H0zG|u=?Q;FqDR-jVwe}2w6qsK+`_F#v-mhLeUA_5v`>CCo%-p)~h^QYBl1U*U
z1wf0fP(#tB3=~l(v8&K~4dL*zF$pBa6v-Hh83-hTAQ1sE@9)muJobF|_pcs)b<Z;@
zuPE0wHcPODP;(!WL?nbHibiEYGO8kD#{FzbyN~a;(S-n{JOUa#L#sS*$w_w*u=r$z
zl1N1oK?D<jVdfv-lC$5RVsJb;8u0?%ljknX5cneqz<@-XL8K0E+Z>1`^A6AuY+{L^
zXb-2w8%vU)3FBs*Q;|MM554fdeS5mPr{{cvmiN!czAaa~9`By`H`Rg3hjm{2$Fbz&
z?az;T%&5v_^2b}d+V7*@`@5s16HU}LEHz^6pp#Gln+kyuxS_H@pvr4AS!0C(sdHG}
zqf=U~0j(|)+oMs+a;VUD9o>O#Km~*XtGf_jVV5jy)~zn|=z?nv45~45QcX*NtTGcu
z2C=dwYO51hnKe$C3@VZoRMC_!HF(|*tg;Cu-Rjp`GDx$%?~l99Z?PgQ32ny%>mK`W
zxG247(S{=;URkX=Lh|)kWC<ims?8Sig9}NVC%b+3-hRVeIQM()cb(z`>Gylm_t#*4
zJ}y!85s@j>GDDYZI8v>d)}g3rB-BF15)np91rlvwKvE)<LQE!G8ZAH{-Y|K}B-+qp
zMx$b>2@14QGDs3F-elj1d%W|T)Z{k6;!(MZYNw6&Ext`40R$mVsqPJF>61~0wOk37
z%bB`0B$5Y}+Cg1LL?lK^1S3!;qiCZEqf!XTq(9+zzfJOF4Lab6b^v=64W6p|kZf<5
z@74pkW^7whC}DAw4U|z$jrsVP*lPRoJKMLTC|#?ir-$XH>&|;UCv1)MA{rL+)_r!0
zQXV}J!qzVGBy4ZQy;tbcO@Q5dEj>V%MRL5{+rE&dz3uyR)e72IwW%xZ&i9<!&DnXg
zR%sj)cfDMfb=SLM-@D%~o{g?G<;k1n^lEDLpM4*CPnD*3J-qTx=yGNg=$lt}5?*aO
zaz@+q+{|tHq@L%blgK)cJ+WW9`x0JBFFW4Py>dcA$(7O`e5b3_lD#G2WU*$l#XZ2e
zJj^fFNz1+?g{BKhsqb@d8*AR4_uqZ;;vZga>zuA4Fhm?m3JQ%1GyoI_!i50&!(!og
z?3io0{Ta~a>{IA6K_`s&41PBsEe$3owJ=l)A$_{FE9M$R0IcQ~X1+Zk?-L;Q>%QMX
zciYVNdG+0eo)AT}+Gji1hREfxi5}6H;LyY{e17}w6ed`l8`6$hdw+K#l^1GFTksk1
z8bJXI7<P4xrLfguAU>3vl>>LZdo$`sa2-9_vy<LRG=3DXPA!`+jCh>)E1oQ!?H+#g
z)8%!H_)s7a0ToPWR;*gRxS6)m$v8M{q9`N<v~Bqx&*SUYkFZC8w0ABJHsiTa;6In9
zhi@t#+m1LmHx~{N;N2g3D{leuE>Iv7XRN&iR9sopD0(2cLvTw24Z&T44sHn=8i(NS
z1RCg&!QI`1OXDsL3GVLJxDy%z0V0!cUT5aN_uczsy}RDJwR+XwyJ}n4mUGUQD!YkN
zLb_;ow^)J~EW`fY4QsCKm`=_b>w17dl-78qGHGoOLLpV+Zmm(mQdsZ{S~Wcib@I3D
zWyH?dWN$^M!Vlry-bIbF!-(&rMI*&>yF`~dG5IN4$njrn9$H9b(c_0;FZ0cGyP`A=
znH~%M;q2@W<>@XOXcaI#+k<a>-Hkt1+wD_jbVB`g)VF-0!Pl^D`o@Y_)D`OBvni<U
zuQd61&X_~8@|fW~s)!)Gd*>=ltWXArwzg_ntx7}rjZ$*@{z3dFcy;Q8)~^&Mbw4Yn
zV%xbL$Ecj(cbjAluF;cY?u<eC*0-p=UlRz~@=x}LF>(#jO}RcHTfs`vQ%uoaFciNb
zt`M}PtrfsR*jx5Z<%+v;PvWcCEZb?2Cpt^Ua>9pG4<UB;^8TwX+Fzqv>LmFFq8I{N
zGU#lXO#&=7oyWe|Zg<N61<-@%vF5??+i#>Y91GU+d3O5F3m#_-?>~+h9i^lxDiVx+
z$MaNrH3bkdyswMRz0Se@YiZyAqVbs|WUNuG3jRwK+~R<#RSJBXK7n<*KKv{;{z9J_
z=3XRe0Q{8_VM~V>N=Tx2+pXmb<3ZvaY##==X7f+YWt#<$j?eJXYcb&4gEsI4twnQE
z(=@16ip=k_uih}u*gZ70UhVcY6~)#DFKa3)L_Kv`T$}Zg;!2^Fr^sK_|7l=4kot~o
zwF5^#v`!|}1TGmJ@T8c>aX2Cz6TMhWloF2*7U;=V^SbT`EI1v#6qs{A-pwxR<@dk*
zxZ-*q%KA!6(dR?NGTEHFpkzyyycM&)J{E0XF<1OxSBQ!FMqS^mvm6~J1!Z+eg@h+_
zp+#RK(^^#n^5?sI-z3z1;Qixn(e{_wta{Hj3X@cBRq31JdcNn`m0Kti7O6%1>{8nF
z88K4<2lMs6uu{TlHKO0`zVU0=E@c1Un&nxz<3}1JpQeb5QP~jE!oEVxd6CSLOTPHa
zm*`z(BE#u(2m9TRu6}p*fgeX>N=J*AGX}-TaYhrd6>zREhiVId1zuh5x)!2-{R;ki
zf7yw26Bed$1~IT5yVMV1=A<UKTdoD^-o(y?W<2>6f}_qF3w|c_SUmHZI5z5Y+2ir2
zNDY>sn=gOq*eJEcs4WUnhA)c$rMt@b6FMh-^4Rz5yG%lYT`a4bK=x_i(z{P$n@2O+
zUfH!pJIsF&rQu!^yyf5g!KE^I)mSn^dGOMB8%6w0|AHght5PaV`vLYH#)6NhkYay5
zH}dsIXJbqI)UG6Cf}r=|64LPI{gaX>dQR^Qei7r<_G7<1qI$kJYOJKd33AfHF}T&o
zTAQrz=F2b9+U~ld*bqGrGt;i&VHG-W_=$Qwd~5pc=XK9@_jfr)CJdj&EILd~>^7$r
zY3GgNVJJ(iX%if|MY<U5{y3~Nws8F}xzXbMOJ}dtca|Mn=AQ?Tat8uEpC!M`DVEn!
z)YrJl53(<$sHwmy2;WY2U7ZUT<h=>F8Z&&p8*H)5wD>r6r$&Es_cizd#dkQfOTFRy
zkzmLyG!-C;VZm7!#cNubtng|Y@UJ7R80womRx#mYXKGofG_0&8pOrKmqg)m7^@)Nv
z=Z%u9c4%O}!h7M$MnG`lmRYA=p&@)0{YtXyFfZTM;FMAFKX?`De^ZFL_g)%hC4{9h
zm@3h;WQpq4Wzt*6w3mVhRBWh3H~2&&xhUzh=rx?lEA53HG{PBPVm5P3aV}9br-MiJ
z!d24ojfb6TRSfJ5+0?D=Mny|%soUsjiEM;zS=cy6C-UM{Dia0_(AK+c>4i9KvK&fV
z(p2KY)jLKvN6Jijcpb<V?IP1gc@@|w7U1sn=vA9dJC!!43PMd0MXuLECaUWT;I{FF
z+$<YY`3ZI$I<3ld3ei^aiFidpE-i{z4xBY2;^JCbF%F41FY#zqsO?2lJKS_tipy*?
zDrb~8+L~1{6YEr)RmfP4_4yJ@=OMI&hTP(%@v6=6NrEu<lmuH)tC*;&rg$Evdu}P0
z7@bzWh(SJ`Jp^xF-$5NK&N-dZFeO%*n+-2q->!5NzXTtjBV;&7ag?)MeE>(F+Knq5
zqE|YR5nBn4GOo<CiAl8zGZuTv5hIKh32bozDtY>JSPAOWh7{@aoCFC5Zi^rVcFc_R
zyi&LF{MXj*&Gu}1We{p^9t}uo$0(;>W*O%M7hh>{-GpG{C+OkI<Ix|1CEL4K&P6WM
zR03FeKLcv(i}f3Qa7M7KsXk6EyY&7#f4^4M8nOMn$ozxD@_6lKn55xoPr@3MakfvA
zhI2cNA$LCD`z|cXs95^#GZov>q{nQ-Bkju=-}Q{UQ-{0P?~*eki)fS0>u)wbhEsY!
zs*zfzD*kY)#u@e%xMVPpYZb&dk)J-g0@$I(2)`-V`%{HH-P8>3umxA_Di5!ZXRV)?
zABEo5m<A+#dqVN8bE$JdqTcHHQ{GL+K~@Tth=3$%nPYM2+Gqd^7hHM70kL&$+<P|z
z1ep%i>x5iYhY3YR^`Z7LUqttNF9Gd2LPz04*=7|Yut8GC6h~qw)>LYxxbYFSE(&u1
zMjH_uLqQYs+06YY?EAUC4>QwN(dVzA4?4;mw33!Tz<K8mI6q2{=5ups|D?~nzua%*
zaYDj>Y^B>@tqg4&3F7h*J+gSlPcz7;WA=;<5!8=0RX>&5Q6Cr<m`eqy-O}6e9l3`8
zatH#=nszR^eJpzT!_89aWWKZYoiPS!z*|7wBjGD)^X=JNn2P|@iBLfusC)EI{ro0h
z$4e4@Ev;TkWwEL-B*Aiu_l8j()MQy{I;<}jU2uQ7#btkOnKTh7PA{;da%$oBDQK-?
z=g1|mx8~aLcG}j9b-YgE$gZ2X3JP~X$OjR!SM#2LMa{ON<hn>Ya2R63BM9d^R%@^<
zutmU^^7(kR;u(nt*5Mu@&!>1YZd>Q#7d{8_og6*5xK6RSj*jlpklarU&U_18%h3S0
zvkod_6?o4M&~u-2WP{32_I1A{aY%RO(q>*AueMIlES<t$?5}NIdHfZ$0$=V}a-ZG4
z^ohojF3E-ERj=AmI=W9$e$nrXd80V&(iWN(fg3}sDk_k8dEYS0+}+N#s+Zk&A3yk%
z@f6#Dpj@*;r>3e4t0wX65B5LJ{abw3JsY6>V`RKf5!Km6Z!6y<H^=LVtKpTbM<@C9
zs138m+~@qYMgcX$adBi#vr<ZwHg?^4D32ng8z93X><&DX;g^)bnWvX9r|~*m@Z1wV
zBDZ3+AcFWFLaU{xDg@5v&jbA1X74ee{{ADFc*T}q{MRLE+3Ordgsn~7$McO%#W%cT
z{h9W?8+0VLBE9B$f59lraH{76o-0#Tm`hiq?*w$NYAnc-^!2yg4w)#VkQ?RZC`t-^
zj&T`^4V6j&WEp9D0RA7h<&XmY+%Utqo@g&KU$X^fS*lfb`X@pE5yd)6<e9P}wOmn2
z@;M~!HvGOhMKcYHY>#e0xT$by@#jAh*~T<md-@;bDNgrCQC)m_u7H)(TC{-M`P{L5
zSeouj*7ec)clUJ}0nM<@edjgpF}c%5IZU|k7Ud?jw)Y30k#y-}d3(GD__N&4q3ia3
z7y{#2N}O|Q0BvtH$yfR!t+A_s&6W9rw@*fel3&tv__|`sE}7ol+$ttf9Vi$12@#5Z
zk1j97^~)dg_#^Puz(BL77D<$!k)~bxE~7szlvs}Y;l#GpB+P=Rp{<U~9m~#EXCp96
znO-b)<MK?x4du;5nQiP5VYVur^zxKQc~7vEH$}VL(XI&_enjQXa3px#aEraZNe>E+
zOP1})UnVc?RdizUiFE1s5Lqo-TX}Hb>_s9`OiG5!LtRCgK|6$Ffy|IH{>tw|-5Z4@
z%)A^Fysl$6It&TiQSOE1oB*-UFsk&NP@?x`9S`;|TodRRYD+BCLzs;*gU2DCE74~w
zO!1Es7{$~Vm_LUZ0|SED+8yTIQ3EZ4Z#mw)lyoa<3maG`PLeY#*$zzxgx+9mY+CzQ
zOCv&uW%Tr|-;b*nNf}jtupJ3m@L-N0kT3JU4_dWsZmsEGTgguI`Ke+|x9X%%v+*L{
zO><tKS@Y)@VW?P@I}tH7gk~OQeqtCgPuF5_(!qf0t{k+mEe0nR|5V|lrAl;CN5)i^
zxTR>w&`#SwcS+r$2`+Rl@s9y5maZVfP*FeFFPr!3ln5GmHMet)Gg0J%(@-qdVg8%+
zGVX`3VOkA%a-!~O-yt5FFD1opNM4QBKRizita%#SQZ0xwrt87E&-PZncJ>N!HJ~Ez
zk`CVhp?Fd*h1K&;41e-6vrPrT@|ho0q^^YdS`cd4ly$u?ys;~L@d%BF{Zfi%T01Xp
zWZI&i?r)B}+NU6-)^v$+=lO5CH*(kCu`FRCN6H0PE|<UAwXNFqZO`^~YOBh8uwfPu
zpUnA^_&l;e*p`k0Z#DXoGmw%DoTYE5q|qMBvlcY~zV8#HnL><U2*3edmU1@}s1fHQ
zl(6`mzjyRU__`^pX`QwsK3+x*_ZN)tliZwI&+uuv0rPis_vz2<Peu!(=x72h85RZV
zGzuj+?n>&N+F(4f457rdK^z!R<-CCtfox2TYs18oobidNi@m@&W<aprZlUvi(}G@N
z26h;pq#dO9ZevV(Th69t*WZ<8gQSPQq)B7+0(aMAmesm`d_!9f2W<C>GSD&c%=ANj
z-9s2Edy;VF197<ipI%S=>Qf$dQd_0aDuymDk1H?2+{-E(x?3B=YrR+gx(qoVJ2X_T
z7+O8FT>M$VvmoSI=@K-qVuq#6AFe%W5&WW_@z?_NpOOAOjKxf~HvqpqlK5Ma)6S|c
z-7GuzVvU5P{TnM*h%+Ygy9Dj<EjWc^%i#m{Xx5s~zEVq}@&+;Voe?j?#zSn}f1V_}
z0a;SbQ?)elArydXHWqoT>H7#TyqKiT(}s2V_DkKJDw@1?3z8iEwRZVEImh~?M;E2-
z=;!k?Mn@Yn_;m&{_|~lS;M9DI(Oz9!X8p^pwX)oyI12oS`itz*2+5nDE^5=4rUK44
z8wwZtB}{XT(nG#f+`gVZc00>IJy(57A(qBsZmqB~--`IEAn+toHkPoj-^)G{rF@GX
z_G^{_KgI$b#X$ZJZV%_y1fqPcw$;ehYYC`bfuLXK*Qd(g52EUHYqLePj#ARA%Y#o3
z4(VJYU#WcicDy%7zQN0L0hvYHcx=IfjR~o?Bs52a$DY5VD+_4-EKdL;c67g|y78%v
zKf{{dx6ncr8b=<htpi&zM)Md{kGP;s(QbO#4f=tUIfNjFW=5Y+xsteX=j!{Z%k1H!
zrR;o+!W|kRrID1-!DRYNtF%T}sRyM>T8YN=hKgd5QkST2_u&&O4!So1LOo~AC1dEz
z3hMMOU-(2Z!Sver_|N0nbZlm!*KS)Xy!U!$#mTTRB?w5D)Lr8<+YZiJaVu}1BW?jJ
zeKb7>*qR+PfPDlKo|nIoVbV*!(caLYt4LI=F6%ukN|r&nyVlAK^&n4wZJ$HfaDh=a
ztl}xaiQDjo=Y^h_X2?*01mD&PQnt2XM6%Z_S{1X~?vq!5>)JcQ&;5w)2rODQ$2g||
zY7*WDqEE~x^=9z2$%yhgZ{_K6Rc|T0&4{rSHXG=;k$P-sf|%;aUp2>G(??98`hYu{
z2oqxdzM)WLsZk&5D`HugeHEVbaZ4iAx<ZU_u~wgM7HBf!r@mt=AUm|9k2`T2O~#@+
zMkTd6ed|uuO#H%vlKJQ;sS{Co@Ka@yc%<!Pvoj@0Mr%<i%W+n7u?VSR;hZ0nKa2eR
z9OA8P=-UY<+4GW5i6-sjbGa+|CLoDADb=3dE^@r)4AR^p<990ei|h4HU%OJ}Ydr$v
z<9TIT<GO7gWk-#Y>Z3pK`rxwj=_=n_#=Q&e``KMlb(~@SZet%eIdmaSDX8#i#=Coy
zChS4b-8F~RNnOx4+k9E0gJnw7CTwI-E~I@f+M+9}a6<XP`?AFGRE}Y*!iZk*WPji(
zlH*Nbk8F~!B>DhfQ*o^jk^Ik!yf*#z>;M8)lE=3e{y^@2f%(IMoJ6xs>p67T>Io@s
zSBg(G6RVBtG>w}@c>%A_r6H75F7KpwXZr_w|9m;TkS7v%jPK3ba>W@UJ#exameaKy
zCa-#FYcAIN#!KzgPHx6e5an}~*54cB2H7v3z)YZ&3@pWGe%V&Z_as#Gal6cOtTcA&
zg#;cO%-<6n-LrrzG7|unJ<4lnA8qFET_Uy@EnDsF3w!bn8>80!Z$9@<>UQ_~PfP2-
z{|xf~bMSv5gaHo0u?7JcAmG0MD+F*rTgw5bY5YT?_)W$DITxc50N~`I!xX<c4geY)
zFhDp~>c4$x>c0+MsD6cJCbvP2e#yU{YKs4g@DCp=<lkuj-}t|$!T@1KSpgWJf0Lle
zSm+v}ac&5jVq%3x|KFei`oG6PSD3!dI%?fIiorUH_McxOy{OYd*uNFWvHG0^D+D74
zD-@&wqM$4f<*){!i^pKe!N>uyIe)W%M{wKF1ORnF0~~_JXc1Wf4io@7#=r18o8JK(
zyWD>vBII9L{geN{viV1rXaO2j>!YXj{{~ng>J(V$$iF4)0H|Z2OZgwcpj!QRkpR8Z
z|49Ac;{T@(6#AjR{{vkJfP*%K>fm7Yk1#<07Jxq3jIJpLh~jtUaPs~o0$3sc<@vuj
z=sf;c;kT&%ZQ1|T6#pCI(M5!ybHPHR-wg<0fY1oQ0R0>K?MK7!0Rc|?-If^kX%6TX
zR{tmNzs&y~7@Zvk=yyiyXqjXDQ`&zGLacvF1~C5|ZFkxFbF$vFV;6nKb@or+Z@}NA
zcYmJT;BQSO9KYPeU<HH5asHn4b@*~ECR4mT&SLDJ?}&f=mH1JRiHuk?B2mE~OEc7)
z*0Er8zqXWO%UKVUhL4pWUoBQcM9@s4T}{JGk`!f9u*XCnvBm=}7Na1x?uxWIPFbVD
z?1kTq%Y>iQrf}M6U@DdL1>ijRtc3(tRMW#_3eqTq$*-j+>a2GK<a0t}73j}d2=yH~
zG=fJ8N+eBq@_H32&z4how`w(Ccj;?(jH>YKRd8u(oZNGFPD(0m{QkFLffEM{^%%{o
zRWF|w5_G@Id}{v0Pr}4EbpqNP_;g$x4D!)+<;9V)GFY?quRa^f;e2T$oq;3nb=wTd
zaOmVl9|>RXVju}o%g|U-u6Rq$lv#i0tfHzlooR+Y)6S|KvHUvg-TYhGkR`U^^m2^M
zvh~SKEhb}R6XS`@U`Tq|Fwwh<ov()yA)iE>Vs+!ajl!NnU6*oflPR1q75Ec3RVi<9
zRObRd5x?B}XwpCE^7KkG6)<62jbQyNmJy@4Qvg(8c|7GyeM&-cZbbGKt9w*e&a+@u
zwSBqvd_U3^55rrgm)QbV1($@h;t&hMTAxgZSJ-<qa)#!qJny-7`efe3EkJp_Iu_GN
zPaRs<#hn<*_E0RNAlm;Kb8k4*7H98n=Y6+GzX_lfR%r;El-aKjfGQ}Hzlwdo=JFX3
zXdc(`hFS(6?Cj+ZcFo%g^f!-Wk$S^U6pQHq<TGQ1{?Ou%Qk)<kCHz77TVTNQJ#H~T
zAqjV4_AM(Wk8+F}utJHh_A*Ayw?q<EyxdNelL-`NEP83DAsDNcGCcFOtminz`4f9m
z_^^{nr0FImxjZYU$*LHsbfpkJLk6v#%O*xXSAU8EPu+zLn>)Uz7TtR}lG6}oQQB;*
z8BAf`L;3w;^3t<+H@CDTo@<I{3@=0fz?1U3QI-2)7}Gg`EUTpN>au2ZuB76c6Byte
zQvUJlESE9hyuDn!wiGjfTREUQ4BR?HaLvvuI#$St`EcqAs<Rjv0OLuaULAx)$GIp6
ze7j>jx@C=AQEMM+=$XwWBf9!tsJTT{a&=LS8-^E9_O5H?fXl|%9po#YJnijd1vr6#
z_!iG?b>aLgYLsmgFU4%8Wdh~-mzMd?CLg)BUkA~I`-&5EQ3rbsabS?6783$#Fl$hy
zV95w%ZHtTPx{wq1^P6NbdSej3sdt|*L4Ww_kbT`~8gY;bt@gonOmFViV-`vFD7a?d
z{<x_thT~(^0A?<q5wy`WV%OOyu|OCnr`UxXD_dI%5as+*2};HJJY9LlL-Z|tP~UJZ
z(Vo6l9wx)aGbk^6>il5T@ZhsY_jE``O5fURjiH8xT3wYoY9=u0p!j~yv1|Uy+-k_6
zS-0GY0$}fNYSxu}YBoKM6|PHkvg4_*S$K};oFbEbqOFty6=oJD3gz6_5`Uq%yo}Rc
zAl*w)xGs!SOheH0taWIokrr=`RreMMidx_WsKSqWqkmkG8~xCY`?ReL8DwodSLFV?
z53ly`udI!Kqlsx58DCksZ<Ha`DsR?fYJZ|h-Q-3S<VMZpMg!zVx5|*e(TPqXAZQ;d
z0umGV=}Z~&gO&R>0`eC*RS-GVpSk3Qtla-OQn4J5`xq0~7ZdkUJ+7CP`xiQD&2QFs
zR&I2BG=5Nq{90yhd=OGF;dpIAVZ^_LmErj&MBYFb_wO543?e|_aC_2P{XajRVX<TE
zom#zhnEk06<gc;i>_6t(wb%blF}(Py+$#bbL{5xDoFS%DQcb2Cf^~NGf?J-g`0E?f
z6|Ghv2mqeQf9^-m#W-`m-3?b`@=_S{*k7%*TS5SUgxR()9M&~XA`bx0^Gr<yIMwKx
zdmjBD26h%x<fHpB6hJ^RJ329!JSk!g=c*Xv%xS(Dzy=7=GyuTe*_FRH5<zCJs)m$}
zJ}^~Y%8;S0AZlQRB{xm3Um?xREbL!*DC&gE)8xrv5HS8Q`gkQxxQpM_MC=~$4*B`Z
z$rl>i>h5bMwd}t3IhW?1`{RQzD-~0<E!{p1(mq#R2bMRS4M`WIX_V!UYh5_kMGgH-
zS8{j*0NcfvH~dB-4OtSrh_z(qgNC~M0_4>TWP+uoMO!N}N&bj<V>UTNUgGt#L+%a@
zLKNWH<mg;|i|kqK>Om$Iu3qju20g<1u3)nO5LkAs3kMNj2TM0E?wsG4B1Ewoef`q1
zw;Dd5ul69<{E*qrjh6C&NL4=>PH<5Dhj-7QA7`=ZA1(_E#TqoTI(sHDw50%@HxSK8
z{*Wu9UH{ae4>&=Lq@vfI4eiMGD$~_A1fo?3FoX4fBkc&6?2<)^Ts`beUdm%Ox>@%5
zWJ3c0M$)vD@-tG;;LW#N9oKKa37ux|1_&+pn6$UmcRWWd1HKJEB6+M<Vei(qHc?M@
zu|sv4U~kMC5DxWGnOlZ8Ow2dv7J-JK5ylyS{bW%A8Cr}Epy40lzuy0j54YS4dW!*^
z4D9RYh4Lyo7;SL4s49S;u9^c{z6sT&A_!N-va<u&WlHtPDY%J3(7hskMLk3_^ACMG
z!9-dzyFtnrJU#A&#3wGIqV77JR1|pn&fqeI6r2!QwO-EB(t_eJp8t%4;tse0R#|0r
zFgHFP%RV@bmGnQDtRW>ozjH_Gi&p5DXqIVl>t?`3MMb$Nh50ZOSw;0R47fBao^3p3
z&E(R=;8JnIsGzLyEocxm9Id5-sMc4vQ^ENR+~dSbxy8!ZDcz0X;^`1$c<E|&N8Cbt
zX_=W`dvobTjhLRRi$jxpt}3rPURzijd|ni;r;ZJ@5wmE5bR#*xh2ho3*>TD1hfvn4
z>w}k`a*Ni3C_%c_k(41>O=Lo)@ziB5>+Pj+D+*{+TyE}$BW7-fAzGX(d^t5~6`1;M
z`0|V79r134rS;Ttbr6-(RkU4h)lu=dIy2SLE%(GYEfu|Z2sNJzcbThuyt`htxR{=q
zO(L9!0n2Gib)gwPx}sO_`nN6^A5((`oQB0hdLMAzcn>+b)?o^~`SYgtZ`;Nvmw!7}
z!W1c49=$EY?$od3KY*wcxxec?8N72N!=GIXY{S`6%rXAyVDX59DYvjKnCvEl8}fwg
z)%1Ro6|;6d$>wA9A6Q};_4D+X84eG9YCAV`0RaT~osJ=o<=$ttuVxsilie*%uy@gq
zfrlV?>Eh3<&7N6A!>xz3!h)`B4Nl#o_=@SIgMr7mOKP^*Xnd{MT)x(K*3kL+w2;TT
z%Y4G#k5?2w=nc3F^-BycG6^a>l2fttBeY(;7%Kg>0l3NoI)SUVzNB)~goQa|Ai9C8
zy5o=NDM^c}WC83-$nZH+qNJ|x7AG-RfmM$aOu<e!Y0!M0hrzZiPZv&&eW~B!+RwM8
zWXTyQxi<sVu5Y(f%brGWihetW-!Ms9bwoz*Hp+?L@!gHhqH;k*0PysDhq<KS$L&QJ
z4xZNvtFC%vvUXCT-z&S#I;l?!eu1~&e;G@&Z*i^Ko0_<uLs!IGzQ7X+lMEi)ew+jl
zc!2jnkBSn9GsRN3XhmE6tq4WVM~t;#dL{>%&jHF--PlHb%oaj*C#!+^OEk<LGIHEs
z(cSXkV1&M_+lTES7Mnsr?6MwC>*oF<+l<Cmaty{x<8HAam8O9eIW^hrE<Cwb{}X+i
z<U4HE?;3&n!a=cYn)M{x;#wr2sji7HmHgGJ+BUt2$n`1enWxT0-{^Pp{p+An+pV<R
zWhQ#rolj&wIrc~6f;EPc;q0k+TVFj9J#|bBLzO+eCORKVic){jg5O7}|01IJLkTN+
zeiH7x41q{q@OX-PcJU0(_dV7TvWC1TWc>OWklWaMYDL{5B@z$LJ+*O6GAaNrfD9SU
zN@`?z;r@FtUFXVNLI0hWTIc!JDrNs|JFJ2wDCpE|H*(t{LZek8+Wd?v;A|a5-5Izp
z$IPez{<%22i_QJmgWW!rRd@K#ttZH-c71wsLwHntCXAQ&0cH_a#(Wd1U!&Y`_d#av
zt*aL0>Z@GIdS@+cgV|Q%&Qxn-yG@p~qqF(@*REYlvBQ&Ym&^&>u1q<OdGb=hM#6e*
z<x{p0K?4Y{td4a>Nl)Pg2esx){BTz7!E3>aX_A>&YSGC?Y}tUt_cd9J9Shl0Tn30C
zwR#8uvc{aTP|e;6`GYY`tJGeuIX=$E2B(YZ&a2y_d>(h&tZ#2~{B~@LeudHis-j2F
zs8Kk1*Lyvb^g?V3cgJFUnY4~jF+Nqkq>|(!xBfnUz~6g}b^A*Rh4oHrz9R*#26Af$
z-d3_}zV~XBRx(S3#M;45Q4ejeh;UbjK2X;2^jYlp_XcByqhM&b8@~Nna~V+g>a}e@
zX+UB<@k*4Nx20(aYs{%2F;Qt9X^ULp$kq2=X<Uz=31UxPi(pSollY20COjMt9uu?E
zc3Z{RG@DRX@+wjAu6wLI(A_b7Jl(-LhlZ_O^S!jXPKfF~KP}ub%0HGwDOk{33~alf
zKmzLe1(*C9)Q6R{-JGjLENc4fMxqRV!Ga%KOQea2zEIU5#<7}HV(^UoP8C<|XkyTJ
zfZj1k$yNR#_wHwrOmLeU|CXLPRJoO&kp?%3Rc9#jmebW1`_iC#NquQ1aBf%*us(f4
z_#~<Oe2*JipcRHCd$;p_e^C11v=0Hk4$rMYR&o;fxxHXB$34O#fAfHWW%P?of$DEv
zGL=8SDPS4>Cj=CC6B5SrH<(PticH1sH-8?@PXoeuZod8bVSVyHY`^|Yb!xo-+ne?8
z>-Wl#a=gNTK+R0d^5uPs*;?%ym&0*zCf%&2$r#n$^Tt}@AB$aDN1MmgZy<WyG&Ur&
z4H=VH2?hfYn=Dg4+#~JkxB57@tG7EWgmo)XM6ALb;Vv_qs?PA)GnvH>gl3v?NtSE2
z??xtMU}<)klbzaYvpYLk9AZh|Ol*yi4kmD#V(9CpwXoYP9jKR)Hc`@?d^C}J<hj|V
z<!5TTOqa%a`84fg5`4BG!k`C{PJx&V(liv~t3@rm?v&O?&-mF;D5AmI{Oec48}r&L
zktw!JyG2Ql;etnh3vE<pGV@oT^$jfHi@Rus!{Dt~$VradR-b#C8YUB4Pi9B%k=CAl
zvlYksY5eQ5@&-qy%Z_B1!Q-IxV;fzLimU3LC{G54nf~~zt~vO<;jq7f0Dm7hKMDk|
zmjtINYVf13p$;CWN^XXC$b~XSghhnDn~m|8^|Gp^*5wB={bH~)yr;df{S7o$*8k4g
zu}3waNvpy)&_=^GMWkJ=Qs9lhN){6G!k0vWEs=5Py|O)hi?<#pzL}!Ku}8o-KEcD%
zjHddUdwJSQd{&)l%JS3(TC?Z#i_iCdg%*10z3;XqZ&)Zb;BG_SF$OMl9gPdfaR!Se
zLn11tnb~X!U+FxJV+#}UN4sD_NAH}D!W__4uWS|fw|k4d^5&DB_4}hBl@l>MeT#b@
zc?kiY3W+rV0hf#A;u$qzi~H_A$O>|;#)o04r~8ukY-qni7f4YSq8fYByyv$H-3^B3
z2{X6Zz0f^77Q&nuDhe>4r4b3b_z6QB?(TgbWbqZYVtLeDn<$f}0M_RsN^Cpw(bz)t
zA$vNiAV}o46JvZxSM~k`H^1ao!{ap~{QjF`Dt_NbWUbpbyu1kQh_5S<HR7Cjtg3<z
zJ!D!t4|`(St4RDZiiC)AM$T%JMKV9N2IG<BJnVvYNPA7!Em*X^ClH|{+>&=;me+Cd
z+*7)z%WRu2C);l^CI+G5g??qT*=pr)>Z{nSb;{j>h!t1`i9bjP^!z0t--~eJAuh(0
z?nF1|rMEv5-b-HxZPXq*iI^JHzi<_?hPtqs<@{yXuw4|%VrZk)q*~!EexU(IFS@?=
z%?EcUTW}}2PWnVOb#(l=lRzL4DblK9xw-xVz7l>6RF#5;QJr~m)6<fJU%I!}sI|*h
zOeto?*gN*8r#A{_cmCVk<nws|6TpPCwmt`lmzHFa{b?G!QwUWDCT9cG=GEsZ)pI2B
z^U&KR1R@oI=t1{<sE-EJ|6s(G8j0MA1tYplJ<gm<5Iq*iU38Yr|1I19!6ic6=0aqT
zgALrTj(oaXWR0OUnl3B;Mi58Qj3d>sD+dSv3AT#tLW_`p5~WQKLFLiDC-0zMX_vnj
zozU3|*!*&SQ|mbI_OYsPkP92-Pa72$&~psIJ{E~5ux0UfH8DVi+L!)-v&=y1-A+L6
zlx8h!@B+}6Xav?LC~IxfLQ`}35GUI!>VXW~OS6C?6nV_n3z*bM>!CDh`{~Q6)&MR0
z83qF$a6O$+-^CQ7*+0MEQZFmlqw?hb=xWEgB3o?pEsraAORZ2Ma(f10A-tRc>nQV6
zfJh~*CQb1#AsQ~~FU@Az0`*R2%gs!nICmzjm+P661a<2PVM-$W!d?V<hg;dIIQAQm
z!b)BVD74b<Y8jq5gG2(KXL5y!r(YtvNDxm%dO8GGkPwT=of8Mt=jkgXa#Qn%lxEfI
z$z1UV{MYsOMn-1snF2j1)WdakoGm|<s77HXTIbm&iL9B}iSk*aeknbpop@-ypOU+?
z0Zq2e)q)=clA1v&gu;4KfPc7+%J<7quulKD1PyHKDGR9T3}`qsvZRyn(}hPjNl#jX
z>Bb1`$H1xIGp0_Jx{0VGITq!6mvp~VS8G}|DcTz(1~TO#-D4xHw4(YUtVA6Y!bFt{
zlcE%wldEU<W|z~=roumzy8R<X;oM5Wme(3abNr1Snhg=IiaVEYUu!#hLZSb(^Z!qT
z{W<9Hcqu%-p-SeL(l}1{&pRl7(R=r3xsXt`&6I{p_1lVTYwBPwBGzfapVZ56g^b{G
zPxqo?A(rLS@X5Pvf?rs2gp8}&-dg8gztE~uwu*d|EPcU+oy7+)Rs{kND4n9zDnJ<P
z{W5x3`sDHL7jk%&(b3(!Sgg~aJRuMp1nPpDF;p)Bg%xfTj$d%umuB2l4}}zK^EOC0
z^tH6sZjE&|{M8O9ARuO2&<o+J#x8jPAB+$Yp{{_oo+aewPTt#pws*1&U1V~0Snr9l
zb2c!&G<0B~iuaU-RYDk(_6RD{bF82}qPg+8!p`!F5k#+$64_JC`B|>+^HC77S9jrU
z<(`H+hHgTfdhAS>HVwP6cXIAHYT1%*wg9%er)w_L<7Ff9ns#~G3%fK8%Gi!0VKs1q
z_)(hro-o?16!n&edbxWyI8KGlJ(msrdW#-oi3%o3O?4VHnJv!<Kt-JU6!yEuh9PCq
zgJjwbTdbNlLy48b#}<2p{p?8OrAclqdYu}E{o2%z(K+G%#WhukI!DsWYQY~eNz~hR
z-P{ebmLGyVdJbe6HVRnC0E__;;6w?~Vpw5^&|=7A6srS_WB`ziUWH%=16c9^E>;Le
zu`YmSQv+5wq4F4L*BB#&5}-#j1^@u>_xCX_l=Dkh<JOsY&^0AY%)tZICcK>Ftev3F
z&esH1T9fYVZ1cF7VsMk$@H2tAtnbJAb)4FtXu}IP*Tk}4jUH;ePPpHYn4HCek3LBT
z?aiLnthOH;UuMWIzOit7k6A4MVL9^$X~TPJT)>!eFbSz750pK`|J37#!B5@^1cXq0
zvb64@5)q-SJzLLB?AUT|OLy;>K;N+jGp%tE_;06Chv4Oe6x6j~=eH%uRcuD-(hi;b
zl&3KzyYEvI*E(qiu5JB(8X*w%n-+m+ElqCkFCphEOgRiI{R^Yav)Q@PItyEH^n|E<
ztyVpph6w;KzyR^{a^ZeLKoB$JiF^w10t8^7Ct0yTO${*XzkD<U;02nV0HW-i94DxL
zE^rpO93YWN(||H-fI~E8@xf{20KiBA{J%)n`#>I01^_RO0~G3aNl)a90kq2t^b-KY
znDW402!Is;0Qe6<?@=G`e?bh&c5)NX(%C4GPta;y5dG+eqfFCWRQTOqFf^eHgn1{j
zkuwKXdFJPVx`Oa_^Yjwq>vd+5LJG#tsV1{Ifl$2f?fU95LAsQzTJR$Jp&uz#FyG~-
z|5UlPqg9Oi{}rB+M_C{B%b^5n@FdeCUNNK;KY}^ZegdpUS6kjPzc`~?y=PTM=<||B
zY`~jQflNckzvC+ZsY4E*<qLXM;FaMaEx=QFm)7Y1WpV92<84WXNrhUytCx+18>0%D
zZ9EOP4GFEPVDM};TYr3SX+r&^xYka2mWRdW36|fS5?a?{v)0|tXQ@s^;u`ZzjUo<-
z=(h=@;57&YVoOZrD0~s%78qDdQW~u4NO@!yizO5<&P6fFYf2O^W1~eD@!xy2!zc>1
z{!d5dv_Mv=qUz1I!2n}G3P9E>I8%t0Znz`V|IrpIh+Q}W`mbi>1Vr&EG+fZ@Ef!md
z9?#h7Pik4(kcw9BMGbpSHWL-~9Yh*+<bLsZ=4IOfJdJR@uJ(#T9z8$+Zg>Og++wMl
z<4C?>a#5T|yhpuEizQ<uQopeT7bMo&>MIab+i+RKHvuzg)`ZovYhdzyT(2L0xPll2
zlc|-yM3Kb+z+MU<N&pZ6O_=>eKrt{621xJ#KrIA#l8k=(GvNUw_`rX4k#a;MB2oSS
zvA3{FL!ob}Q7BZ%@0$Iefcek%)jwg(W7xaWdkb9*N4F>ORrcd*+FLaOfve+HP~KY2
zwcKsbmV1NTC86TJSo?7^PNpHK<Lc|S;a3%upOq6qI${EywFAu3>hhtx48cg`JXF;+
z??`I@86nC2v69Ae`Y7(_sB8x_<a(`T_DgQ^oYlaoGO&*Z2tC=Q;e$I(4DbAvvR-*j
zfYUh4!Ze6dC%|E7jyie|h%HLdHVW<608^;jp)U<mp#4Z>G?YW8w{Hh^x$dDxl%~O&
z>Iu`wegzs__nrNI4OMsFE?Bj#)e@~~u-p>YVhvS&CXq4MvB5pqCDuj3vr3S*!Fusb
z_$i*~L6(XGV=BvgFa;rKU6{@u$*p;19+%EOJlf{(g;qXDCWML1>z*>7=)OrfOfU*q
zYwb*^KhVCD9A7=DkmzY<moSx49_tnNrGF-=g)3s>J=73iMtrjq-w4}Lju@1}U@Q7$
z<=VgI;OBu6dM$k`Vs>+FTa}$CyhmWcj6b2K>~rG{At-F!mDcu+`f47<(eP_~Uk&Wn
z?(^#Sco#%tI`SgI(q6G#$t5W6Rg;*V?5Ymz8Y=N2m_<`&+OSu$QEDczo;1vlxGb>A
z(kcyV%p5!;j^JK@Z9H`-oOX};=*i`LT-25;p2jd;eYCZlxQ`f_!U=MW!T|_}p7$N^
zTN(0EhR)ekXA>Kfbgq77D!g0H>a2L>?<`%E^rV%3;cJ?<ugDVBBS+o4%jX^ojck^`
z(3@Fmys=s44tFxMJTFcjw+f5e?j}G@!<1y9ag>~(Q6eJaa24D+tI%D@j^0?APN{6>
zPK8-@wtL4TbNl;nCcgfN88)xPy@I~X_!gpDubDxHDVjc&Qp!F&^{>|o#P_=a$E9<A
zhD8NSMAkjXRF7SScw)mHtNucq>V!!$T;a!t;@QcN>KTL9A<>ua4Jc%9<qkv8sqnl`
zV=dNU-&C!~y@mbL5}D~~JgA@DQ&(ThRLgfilk#n}%?uI98r%u$nG%@#o1jtr(~L30
zZvsNr;UAGw-yfx~#LGMym)$1QcxN6Oiqj>nFHHv7lI>3n!1ph^xx)!=?k|jR(1$so
zSbdUah+rsj!AC|=v6n=8?i2&<cA3W#lhh&n<4Uf&yIWKKxn}0uX2x^jGk$vM{uB3^
zfxw8%r6xqZKkYVYJZ}Do53?xfEyo3Q4eRSm<*A;{i`u@{w?mwjS3XUThCdpPz1qsB
zFAHchUp9Ms53T<gJf62O6ltr}?ABX6A3#{wHLoz*)(dqi^%zRV{j@I{cK16AR0zw&
z8u0|*u@9^4ujr(9-B_3vP{%zMpl`nJ_g=!64sNX1^GgeO8#v6T^F!97AYQ!w$K^@d
zruUFeiTov`0e5FYAi>D2BK0)w2zKZ|SR@{(fYxR-k@1DszVjs9GuSWFSIk91myT60
z9Bw!!?P>q$sOYV<8stT=f{E9R9T#ylNa|<a;y#~07izNRf8%jkKM)kup{H20%Q(%(
zGBY4eaw<$5Quz5o3WiW2YIU_mJPq8L7rv~Qfl5Oy2;V&lI30iKIHc|1GvP}+I3hj{
zSFBNZJEIH}e!a;koz%Mh)xNZQ^(J51X4E69*OpRd##gL;1-p=Ieg1JP$LA-dG=~MM
zXAvwmsauWLp)DjNonM}1K8;mjqYFCZNi#b7`9gC?htCr--{4WdYKGcAXeHTgtWPgC
zmQN6yW-T0B3og34yul0jEKNMrRDHnj`f=<2wCKm|C3NQUV)UXd%0$G~<lN#TR9Tp3
z<zo&Nq6lP-qMK3qY$`(f#zK>6)vtqgdack`LIhgJJ&-N*N$U*OSv|<E9hW-8mMQnT
z1@f{GBGr-Q=XaR2v!5H7Pu2pG<~R@K?~@AlnjLuMkEK%IEp(!sQ=EHodGs)5SeWZm
zn5bq9F@Pwn6t4>u7d}KyI<SVU>|)|F6%^>7yp`&mc2PLQfqi&A)jb)s9Efth74hBK
zmGQlXnZ`ImPv&pOuktQuI#xWP=`&R%SRhWXX2mcpy_W0ZzThqMUl~fr2G0~+IgB3?
z$d&5N))X_7)xtNfx(iyG(-NO<Cpn$=bwM(RE$m5#p9_k<>BNmaQfu9Q@uko;bG3c~
zV!cCBF*(7L0bOkLQiJFvJl5`9!vqY(!umuSo29}2utZkuIN}Rw+*fs%J5jB^Tg^UX
z_WZ3o`n8r{ZMjjasVt>$cy%Y79JVSG@U`PxX<y}=k0dyW&n^t9*z9GoFLqP0I_B54
zD{0HDVuvH`mIP7finR(oT!i)AiHQ--BAiuDTei*8CAFQ+F3*{lNMQ)R{N^69SeG2x
zZkX-1a5v)1;tMl7P18Qx;ec->NtHo3q6tZ4!dtJ1N$zRN9pI}y=Al#<3YuzOd|6b6
z9=C&TM^D{s7!Vhs1T^oh1td;ng7j`kx3Fi;ru{dT`4@M3MJmkCp7qvAQ+dp1t{|dY
zh!BIhW;1(xqh}2>R|8uHb@uMBy;1XHT<ulv@V9<98=2O*i5e0Xw&IJ2b-tHnRQ~g(
z8PZv+*F0oiCFZt1^?bl0J$1MG;<@;3rNyypW?uU}z5dJrOlu{mj3Q^evDHwwf`7S(
z)4r$#!sX_6eyK}eJDqd>Riec(gLrn^#LZ@<eS*K2ZnB<LOlop$w6$%}UhU}`uf-Y6
zES=KH!LPNiw#}tk!fNyK%H|cJa2TP&Lf`w`UKouW!!v7_<5PzEl!*+oF`LZ-QSP4G
z6d`kgw~ikWODn4+we!t?c=gr>n;lyE@a;=_LsR?OULz_3Lj!dTdy2>G@>#ts-eihR
z7TFgCDts|#t}<EYuA6MTY;9~*X<)sJ>lK_5=?Gt6dS|mPKvs!b$lv7K=~J{Ym7o~0
zaP|6P-0{?A&43a$yDHVzfowpL$JK3FRB=|fXwnAZzaFtj>gj~N-r09)2|D*BtT>WJ
zO_~Swex?6hmU$wP)rdBnu~b~%u~OeHc=+5W!s)~#?#fJscVRRGL9GgVLA0OiF0Q&~
z&~dab671v<zcEC-mX#-4R__xx%(K1s%_WH#TJIfr;#odp<0zBFmLHzgP!wOWC~Mv+
zcc<I_ycUNL;&ME7+`}?{hc6S*9l3RQ(uzzRKC<{A;~QfA{lf<u`0OrTg?=fgcNcjG
zW<JG@<we^&+!PQoIUgZ^VJu&WJ$#PPE+A+wx-a#6npNL(Lrk1xX8%KPdf2teNZ&)?
zT(A%4FEJD1N7$S9kG<GG6rppTV0E9PEl^_MdeNgmjwJfhjk)C^_g#5TM=~zwajaE{
z(>GS!c8n&hJ;jEq=7_cK&#)uSpVwJBmaP}x`+83~4!u_^>mOec2Rl4@la{V<m5n_&
z#Vgd8e`r1U*7&714bQBAl=QBJ=d^Yl&^!LUN;K#51l@<gn|)0rOiU)Vb}%`IVOpD+
zHWEV@gDNE8gD*{H6pDxmVv})A3dmlQ!hm+E6GJX-)I>kpn%GVh1j)#~m8m^z%@N8*
z8ujB3++tE^!4IX-C7b2zf)7b2%+Wi~{DIv9Xl4-m-at%{`>LnbjLHyP0n!tRlI}-q
z#q;H_TfmFtBKSmrm8LrCa_#CV*5B!7y#<)j_?gJpB1$}>6JbtLEtllwD^*-^?XPmG
zXUJd^D>MBba8v|nb*XQ9Enr(35$<Gs2d~M|ha-xaCxiGe-$uecqD@KKKmMKbq#t9y
zOhd%-74~EUuK?^rav$E0zhZQ_34c}-UQSDdl(R#Y9|G1fPTORdTdhECf(f^BQ^dXl
zA73c9@n#NqH$(G;8c-EtYftlT?l3HnhEoh_6(_jS`_^Pch~5l%F}(TMh`Ki0SomTw
z{PPQ_%k9v3b0LD1X|MA$^N)EhTmer^KgbQO?APADAIr71{Y(%@EO)J1wbx~!Uz>J&
zy5P#X&eN7IKyeCDY7Tk1im?F=v{{53x$Xg`c-B-0If@oL1gQ|?ehn~bC>h=56V+0T
z9{~Z8mX0pfkidgs48WS|0bZYCw3f15m&s{A>J@Kj%`-H#^ChhR?wN<&&!;gBmS1Sq
zSuZe<FV-4iz5Iw?nW5){q~s<U(8k2o+8zc!s8PK^pQXDM*|&^4?m9aDYYb}Kp;f8-
z6Gv+!Xs&#?a&frdb1O|aD!Mw&579TtCh9zm9LN*uVg8nu-IwPoXaNax`!Uyqef^S)
zq!+#^0fC0aav{xwg@$w?E5q;9`**{NXc`B&;X)Ttm62WEOG;yjeovV#t_ixmYs|@{
zeK_0eD+=vw@?i*5FEt-$T&WSZ!j~O)A`J>6?oI?~b+YZjjXcsdKaw+TYAume`7v?0
zQ#b1LnrZTIe04qD(&fw=z8apFT;Li$eR$^c@=_JwTOGuw>D6D~8>LTmcu(_|$Ka)K
z?iyu?0=6E6O3wgpSs&=T|M>o|Z#JLlY5TjBuu$jUNik8;z2nw$u?zF&aIZIcelIH>
z)IihY?*Ujp7KpX1?rlpPqQeunS4LLR-QjYFL$=+O%f7xh@7B)PGdcv<(q$o~7TzjH
zb(bIeYt6;McI4*fNk44=PuMQ05fUj^OX!_=|G}dZ;~9V(-781`tdB?T<j3xo`MsPE
z{_9Sc_RLz5&yVl^!aAkF)X7Lwff!&_9wvXh-gUU^Iki|T2N#{Yek#2E#Ry%?-!+;2
zcKxxNu<IS3m9BNDahfK(vH|DGca-nP<7??1=^}6hjaPu5<&W_B_q}uEe+p12f8wnz
zgQsU2;WeYj?_&>rc2HhD@nME=-F}t*J77e!I?SNd``E(Lb?UI-<a<y+V*qU27|TPZ
zXr|?2g<;?XWA9?chW`&O=J48M{)^pJm%y6h+$}$-p7Ek|?hIus>q8Q$w*x_@!a}bG
zzG0{Mj73}@GPaV3b+qNHy+x_;-IGlJYx+Pj_bLR!*#kTl9o+@G7RsM;hOE~%0RRE*
z5-Mp#k6OW3ArS~}M@GN343PmIiLlZSmprYIi^mqnL_`6S2AkX4WZz}C8<_~jf}%qP
zlJ58p7kwH=Ey-lM7}?>ygmh)yn*ME<qMw)jdivUNek#CTixn*UG~9mKCTQ58$xm(X
z?h)=-uGQ`ch58JCA_$<!bVfL|#Pw}g!rKm4#E<G<_LI{0+KLF~As!se!y)@7`2ks|
zKGjEygi4EMXiywN|E9pxSD`ps&-;5bORx+Np+CvP_tb+)lE1Wq#=_zvGFN1F))(^a
zkezxth8|mH@Y(rrVpAn2LB)FegFqMuVUN*_()fI~+6S|-;Ls8?WH@HH!fJ&doZ&hE
zLo;9dgG`}KgAz0ZwsRf`r3mcSwBLD|tQOt=3gN3<<>zk2jEVJdvj=BbaIVTl2rt!{
z6?;Bi$wZRk>oar~G2f?Sn<27uAjbsLpI~cvmf+G%b3`<LCN}c47Hwsm)+3T|){Mg?
z7gB{j+`kvWl-p{5Cgx>-oDAg50RVYoox(u*BHKHVguX|_F=W1&R{QnTG&kgUx(Tp?
ztXS-c`Jno)gZkwrsRD#X@|+*08$EWgHFx&*uL11zYD%gX97<tqx(2^{nJz`>zTUc#
zkZA^gorTQJ&BK!%<vIjn%=~(+)-vil*En^9JXRe8cIx;kPr)`Vw`RJB<d_7&c>1C?
z1ieOaDmh}8s;sZUPAv!-Fv6~`6Xxa-a;`Asrl2>*G!ilx=FS%~62ZbFzsAJ70Y5$5
z(}~pVYH2sme%B}r12>xp;03ahq)ymb-P74O&GKeCYudoaLY`nS!vgL^H#6VzJN8{+
z)foA5KAK-k_uk4HXIeuHDdFYod#AabF@+ylsxdF;1lO3p&-e*2G7yXG%FEw!B(B$g
z&7KRecFOAxjBrR(4$g;lNx8V>_pasEGro@Q<waX;?l*ZpoPHfZv{vTN0q2egFy7$=
z3kcdfY(c!~+Ya;nA=^~%cwuSEY^RPa*72yNfx7ACdOk6~W(#SwdMYYuCf2Q|jdK#a
zve&tDGS}};f|NH5YYgD<*Sr%N>8z}qx!}oV`3&7yWfja}?_=-Lo;8avuJ1JCFuG0S
zpc{Es-J5S^yQy6}{Oixs>?e3P{Gbk2%<1wp{eFUEjm9{0?IFC$R`g^cArjrBB73rL
zJwol$5rNXZv)=>m4jbj*)#7a!A%Zx>R;;VUa6-4dj{dZFvU`Fq@ZQPkUbmN1<HeOo
zgC23znfba9MW~Rwy<Y&fYW}ubqk%8$qr(`Hm&aC=Ok5l4scOp|cf%5xhkCnGf`;;<
zBkz^L68Yy28C*&VS6=~a^sXQP(25#Q<mP$P_tuS`gk4$e#ML6YaC?Ed0QZdn9gg!A
z5f}T_V$m>%2w~enOWtV`2qca{6LmWSLH@v{%y=&GG3fr`V}PoGoG+H6D3ZSR%V&G)
z<Qho<nAvX5H$_Xc+DGIm@~#ZrTa{bF=GXPpe)>Y9J!K0ylOU75sq+kQY55s`4dGEz
zZFh)r)>-x4?8}In3=c;YHN8%-I)x}cEWv9NICF}(BAa0EaJDk7r`M_Jkt=p8b*zgt
z;-to;)bhOQXAAVlYU+gk@H4#@L0xez=~_7|2YAp-YLE=39A?ML0rjk5v;o)7x7^M&
z8@j9<JH0Ti&=D=7x&a)bttt5S)|fsAwSC-DpFC`b`dNJ3JjREhCX@Sq?7|p1<YRQP
zgUm!mD%9w$R!V>%ytaaPG|3*rBu575`yyF^oB~f$y&|I7BQeMMKNx!tpr)cP+&6SY
zKzeV|q)SJt^d=ob2L&N?kQ%BY(xvw<T?oCG0D^P~O*$a~MT!JM69OW5^S|xgd*7Qo
z?@Th2Ig>M!vy+{@*ZO|zTWIeFYd@8S&`O8mB?*7L32AR+dZ6zfDDJZ~y2A$4XqSYE
zq0omz^3*>IsD(3=CboRfgm!@)>6>lUKplBUGppNr%RhZNeFSkxWpcBlf%0{|c*D5x
z!jRW*$}DoTOBpTPQ4gdD5c4zyZkJ>qkRq6;L{Ss$U4!z?aec!05-Sgx)bj{8A$f2w
zXS?06^vRLnmysQYg!YscVNI{Bx7z5_<kEUNp9x{j6Z2i@5ay1Z4ZGj#Lt;1uVu|-e
z`c~Fw=;QR=NwG^*{~^~%sxDZd4M(*}LR1-zJM-F-_93q=YyaBFPKfr7)tp3K)$rgi
zlg>pPb@WM9SBTX|jhI-BzrT#tM2h(yGBwx|{}JE;{(CBHGBMo|@CsK4pF%|mi}7>d
z<hF@-d40^!FHp>`^A7~c!{uMW<X_tz7r|w4)R6SsDwi}P>QU<a6qkW9pc~Y{pKa{(
z4G1!`$#&XAS+|a2%za|lQl;<pyOi(xp%QK7M&F^1H_MShw=JYI1`3hN^ksG2Wa#Yj
zm&Qq>hKhqcf?Gk(AKb5A_X%{sWwg9wSUbf)oqD4^7FN2Az!hR=kOBg3&?SSvB;dWf
z!}vnj*<Pj3BwJp6s9@n}DF|ZT-jGb+Q{hQ>wNsyM^G1Wv43>+N(d<Zbx?O9P?R1DL
z+ET=9NrbKTgRvClw{)`@6N}Cpv(sncQoCz@s(Ri}?Cm`wj`kMPrTH;hVQbzE&gLj<
z1+Z;A%Z!Y&Kml0gsi*6C*GB<FA#GrMoJ?DAY5Z^)l((TqgdEvB#Q$c7AifAT_`59V
zyiL-QElX_A*>kXs&qyl2G#DqCr1Sj5K0D~VE2va#c~{S_=POFqayn2aNE94$wDAz^
zuf3Uos1ZNc?c{MFnCk7d#;Jq!Nkg`C-;mPw2u#hi6;%b-(#_{J*?<3jf|EK}@E*O}
zFm`~n=ePesF%oQQ*JLT5`jE&c@2vk|Pm0?ISV3_89b+U{oF0IYvL#u9K-E^LW78({
z8xZk+Cv2&Nu{I4e8~NEip_tV?Drj$&uJ<9Vx1#gH2M*Oo3Nx24s0=YphQgsaBJffL
zNrDcsO*mpipwn%-KXBkQo?-+(6Ho+g3^R8wbID*(4sKGmSsaF>KU+Iqe_g-o>Ddz!
zEG^g0hv$_ehDm*`P*l@lk#}KPA`}`{E!F?Z7ayPkc)#|@%jZRw=koGHViJ?J6@~Ng
znUagzx}N$!N@a6zjt?gz6FGuGawfJL--Z0pD7d_l`AY(+qrT>Iub0OC9$I+-I>5r<
zX%o+p;mGaurm|AY5wYbWo7@;q(5Ol8Zwi36P(TY|YMA0%rT~Xix8M)tIfBG&YPt(f
zmeEOgWW?pl<~YN-E{-;DlMCuZDU#_GL=iwCCCyDnf{iKVnC&5a3e}K|8ftqsX&<}W
zwDNG`R>){`Ux?_~o~%cP1~t&aUTuAV4PdF-&hF<w`bR6eVSw3gvv_B%ddudj(7!q`
zR^B}^`$ew!Vpc|OM)Ec!%5EtfU8ASNRFk|8Hfhu>)}ew9f+uO5th^gfq?gEEXD1(R
zCf6p}rM(bc4#EEkq0|(prwur4Onw0s<=fkBcLp)q2>OV(`MbX8NZ+WiJl$*wsjias
zaofwnIJOuvx4aoQqrUn?D}rrDlnt-Q&jOU~9X1}mrsOylZ26!S7ZnyDk~A}A#?RtU
z*(vPO_e>dM|DC_vos`WRXk6iy7;v!Bid}RHBbk)VNKObHYJ6I+g2Y;Xf9qs*{sx<~
z@2zi;=Z0Ipn4s*iu;^~sg-$!R+PP6xE%aUDp-il1c&iXe#B$j=?o}VZ02GLGc>1Sh
z!=w?mHFU@3MD^a1esx0Hhh6X0^v#{be^>vc6%-_nyfGy|5zjX3?fW9Ovp1ivljDIe
zC6Y95^6=qG>ma7|VhklL2k92N>8%ZPmaFw&QHA&&_15~$1_y`6+D#VcT4wMz+B-4O
zL+n)Auz3yPsgmgsz<fSUPU#HU3%Ov-^ju>YDmRs?u|JYwd81GM{h0URnECr%u$6y6
znfHZ6#0lWNOp{xcO=ufr&U?t%t-?QDPO*ty?Kq-XY7gy=EQ2Z!M?+~t_3&b*rMVa|
z34WHC{(X_n={g{&#)>p_sdiPuyl=7xT0Zl-cZOlvs(wm=%;>X!sMk4{m)wjz)GD1~
zkV))tW3aNqZ1WIxWCri+$zhhV@qYjbbiXqzK9w?w>(1wK5P#_h%+FZ_8}cE|oqs|Y
z@Tx+hw9K$OGUTAsXOkNqzUj_#u*TQJW<5wxPob|68QQImzWef*Y<6R-NtR_)UJNj}
z<zXH}%;om9-|j<Ba%SVH{vlKDHD}`R6kYo4U=n!Fn``M0y^jPXJndJcO1-?1E87WP
zq@`CfxZq5GU%6fw+gBS1e8!R*yF->46zpjijRA_B#6_~vjv%);8jIJ05Z(=l?$Xo9
zB>dngzy)K*39%c{l&N@nI;HW57eyOYS^EZ8kVmcu+Fkv=p`ip`)_s{4lpIB4ea^^n
zp^q|E(H6*Zl?giR;@N)63j`T0Yy(EKZK`V#h)4Pj`5`uOnsoUyWj)<pD@3IT3r!sv
z0SIagI}I|ziy+;$j*X|GE7o=0CxqKt9zc?(qKua4I^8%{G^bvmq>gTa4T?Ltp|`)>
zSquCjgI_jJqN|ApMjOYqNZy6?nYFvH+2h3zTMc&+G#a;N;Aj~pOlA^&_5A}5+3K6J
z*D=1|SFUvJ5GMNTwpp~_oQkBRayxpBa;K2!<IuFh9493G?%ShZZN7}iO>AbM1NFPt
z<X7Fpey64EugzYvdFFltNfw$pmiS0EfCz1Y7-aB`q_~euozIG>WsB<3bB7~2I?v_S
z!p84?BKAAYZJj-qy`x_bHs^;C0~_$eZj#16>Y$jD_P|jmO2-&dCW-K89Ch`#wFZp#
zK{C=Oa{lnM(fvRhN$Y*LU4+-lm~;Xg<^u=d0h^#t5Tpz8A5D-)J-)j;ii8Au5imo|
zl8D%p0ed;Kvx`o=RpI>)3*g2J*O7+5ReK@dafp^Fk*`5RyNnWw^|8}lv}VyC+JFw-
zx06KA2F-Q_AlI@upTRPuf2K*>L`i-wN>kz1G{`q^3!Ptu>MwbBz1QLF>h1cN>9w4k
z+olmx-4(o8GA<wYu!KsJC2g?4nESO#<%l=qe@8gdbZA5;{{IS^$+16qhPnTve)7{K
zWPE)4Rz&l4i9=0!n)s9#yb*bfsM$N#>PoMc4{Qv0hHzK~HzIz`$~QJNg0qpr`=p!X
zgV@Irx#$iV^7yzb`9oK+7pktVE6xqcRZ=X|c)W{XdlHt?A`^sOW^-|bc9o!ymk~$q
zhojwy;1KF|G&&h6_fgin`#7|7rNW!eqEb_h(s<0&ozo)oKLRXvx1?R@t;X%AJ?xDo
zR`9UG?02uupNZU+85*4Fov{C|)@s7f4WtP*Rx>*OKpT6K1{7Dnd7ImF&J4sL7Hgmq
zN~8Jtc}`RDbk1u6qhRUu_0JE%5@G=6Y-J|KSTv(}@1=_hVp>9cN3IJT@X~v{0vxdY
z9}q$tz(fEb#1bg42mwX_Y#9>~J^;Wq2*4Rn0O0(eILrU!R<M`6=K#D>28h^Wu?w=z
zX|8$Juc{mXyeMVBJRcU|_<vCx<O<pV;>iC+Psbt`Wd9TA_zwqwy%-x2Zvy~d!bSkf
z6o4V5$iWeErA{%xwqEtNPQGPNtGtdb^8c>dQvq=Qk5BRcNqFF4(T&(YcO{!D=a(cV
zf%OuPVfj|rV&Q`Dh!40-4Ea%CiC=w)O=gl2ASpQaLi6{}UYb?BE>+Yq&dk<I4LVZx
zKKOrbW+oYdz#=KwdoY4R4U!SoUESJ%XJ;IM#~_D7Iqdin&SDJ#$I!1H$|oxSFGJ0p
zvHTS~&Fm1H+>uy#U|uJLhd-=G7<OzUuN5Ed1J)ZaH_`b&Z|8qQW5^Y;q-Oxfe?@2h
z>saDupa;-Wod1K8`QL{1ay~S-I#F~7QZs;t4WhU4ylcqt840xo1sjJPEtU}x)w9TY
zM<L>U|E`{h7Zc`NU5MlJ`s8SP(S9*n1at_Q{}Av$=o>6Eft#UYt^FTT#}G?OfbjwL
zpg;ujfCC^8g+QQCNF+B|KVm88{|ZImiQG1|$wvbI+ku1q$HBf*pM<_+hAL+hZaLcm
zVJY38Z9XUe%ulpSh9a#r3Hu`ztl)m2;T=4S6{z-7*C!8|RbChF3>@xsFsrF)e+1fI
z_jAHbD)FayiQ>)o{rSUm=&PAtOgh_8kseatv?d@3lC41L@~x5N@)L0xZ7s!avVdcp
zK#eXdV_dvruXA9<Xbq~M;kBMcg#r;7eUZkf%j4OZFZ6{KNKd0fc^7M!{7PqcQxUdF
zFPuOlH(H*0MuOgkoo$8GWSf=*45zk15vDJ=LeoPo&&;FxiPg{6>>lH!*$oG<MWE8$
ze*!H!(5tMfKh>_|Jw7rvL5si1?Rwi|;wiM~oV`IiG~0|BRW^?vwNeW8s(E;$jJd<e
z5XcpA!=9%U#8X5OvX~dg>)!pT0?u_mMSgkb!v$Qt{pcP;nWS~pfj~s^5Z!B7UrKD?
zpU#}U^xTqmq3JSFOUp*#Rd7#v&lj!ieB0iUEt!1q#*c-3L5a><jmY0&fgMBYteeoL
z7Yye@uy6pf<b8Y>*slo(7vj)fd};opo3FNHj-9thc*X*B5lB1_%g+urY9&8Jz^AmW
z2@twV4>%Iov}~XqHYGJ7NuD^_nWE2W(C{j#px42)`{?G+Gee{KF){`r*G*QHh2ITv
zf<En`<5j`@XyhumctLhD<-2lW-|W@i%Ca7+fAuXkCfV5w*v8XG@3=ma%FiVdtmyD5
z@wQ(P3Q~bW>bxEY6dv_9^bX$Hgl@v7>a9nYe{W=G_rX~62Ol73(ZO#5i}MGLdU)sY
zWO_V&;wrhoyv|)u2|f_%Lo0fRG5xy)8(H4SQey<7f%Yw?|0E2OO4F62G*HLzbjaw)
zkw4Aen;6$B-!e+g8*RmSNFqbFyJ)(__9Nx!SBm|JSuCf-EA;Vq>t`Ki@Q*=usF=zU
z?616DYj_yGo}1UighK=tL8W?*A8Nbzb@ZML((99Lya){eh8>Kg*gU@atNM{@sZQ8@
z6{K1vu!3Uz43-W>qMRl2v%%g~CoKuDd4*&wpdWdTg;)Ad2-_rh>?IBDFGY&wLym7(
zPSJ7@ct52}tEH$*`wpc(7O<<!&cSH@2!*Y`a22jwIa>K;u@2uwp5m5u)$SsNPBGbK
zxl$|Mb=E{hR{1~=I&9V5sLpCps={o0jfK~-IeKH^<b@@jZvEI_fz!C}`mnx^)RiL~
zoUU~Vdl<YSv}Go&D=hi?A+*J;#hC0PwgfPe$u)H7D%l(4f$8_OY1a1v;q^hymm4vW
zxQ$h&G4eT$zpz`{L+2g`bJDyvS=fPAP0y@BM^WIa&Jvi8iV<iuFCxrO!pFyFrn?*k
zsUi0pDaX?kE83T~-Sx}KOT<x8;Uyr|fzcB@O7U_gKRo;mvoKFKcj%<xeqq)q27U`5
zRRWe3AnG=(PRzV7ZTkAE@{hSjuBo)~skAZ;!G0%x5VxQ|F(pT{ReeO=w@BR71WY6f
zz3ZR*eqt+cmL}zR@3U$qybBH*@6`n_!;Y+;9YEWbO6*Pi=TgFZF{rIn`@8FXsLf_N
zz8)uW6-iBW6`x6s^+}WLg*|wmad05^6G#a5;}a;58^v#1_7s%LuO)sOdU3K0#P;t|
zVJ2vCm+3Q%>)$r)-{vW-&6Yl2)LekpRk?qDGeNF<W&QBOm4|=6-BD~GA&D$C)t{}%
z{!JTbevh$(tb}+Zz^SUq?RW)QIn3;DZtui)inA*;-GoyZ*wK37hvy;=vXT#B3d#45
z5oqWqYd|0v?RfWz)+O2C^ftDBZG#LR<JDtNA~(0gf|>&nh_KK&p^!XwmJYCEZ)0Lt
zxBTFnV?=*D{v{Kn^kENJ#J*YNlnRg!G|?L&yvCDY6)z5B-I=t<9rIG$=o9K5svkK3
zHrNQXF;lH5<Xc$tPFkb~;{Yr0Dst1j9!4a2{=6NODLk~uN9ZySOEmfEeGv%=Y6?OI
zyDR)IZkP#oMxq#3DNhW;(4wPRP(gm6C&tG<?8KLbQJKzd7fbR3Q4d>}2Hn@7HhGm&
zz2i|cR$UVIyZ)BITRX^P=Y?Qqy;Pu!xB2d`BrGQ1^fF_q&Lb$)E_nOsSNWJ1Eh5;!
zizGicrL1ion42;i&5K5^xHn*8qZ9y=kpzH9rkdqdMGO?mBp6|gChaXWm+%i<x&7K_
zn80xzOnrhIfs@6HChME2I>EO$k`0kj%(`H6J~n%3aM;k*>waNSNGe}H2@O-UO4vPO
zN*>0O*ZG5zuf7GhA$4`LH~Pw0r2@NsztflJAU^km`m;2wcweD{j&@w7u=|VLfzxKK
z_gsV2M`eWrvT;0rka)cjnck@x(gZvEmYmC30gyWQPd&;#cWV)pzrH=m(%$m-sIjzg
z04uDdaR8}kM@zi{eR1?6Lk{(=KNiPQKr!Ex9wBZHDx^upP75^i>o9fb*IOT`bl-R+
zLiQ-k7riTQ{#1J5>eAe1wb3W=B*uQSwFDg{V~@71^!EUnFVDPMn@U)o8aqKU2}(L|
z_UDJ$;{y-+)=m9RoJ1P~MtuxALR-Hd(n33+kx?pDW8@RxTE(9F``78`3LFON_fSlI
zH*Vk~WA6H?!2ivv&T}6x+b+<t&Llfj`c{-!=vu7x5OO$<dtj&Jn=B7T*%MCYB%+pj
zYBRsiB~yg08GY;GnK`VoY$Joyy@5AVaW8DJ{8{ch8lYc)<JjoFCEeTDO3t@Nd`V!G
zbf~{FFH<%Hw)Dsjx`Lg&0?!V?N4qaf%AVQT+VH#7FEyjY?VNkF1&3kL^G=xVVcVug
zis7eS9)80Rs(meB;|dX(B@+*UNDXBV5NK@;o$A$voLBkUWsB1oAPgGSKJ3jXAjV}F
zyCMP<7_}j*76Uuq7XWk|K~V1_^V)!_tOxq0sG_HhdZXE2&jx?Ljxf7k%ofo{gc^9Q
zMjp*THncMo{7_L7B^E))-wVr!K)3xRDaSibG|p_3b`gl(l@eOrHn*RfAs(#af<lEY
z+j&x^pIpa_Iy*DzGpildl~5f(>#rV}l%^3bt;=RJ`>z+*<c8`UUevK!6ls_bRsYu8
zU;g0F=M(pS8an*cR4vX+k&dT7WqUdz#lh-(`$cD(HQl_(rGt+%s-D3-7)3po;`zv&
zq>Wecqi(X>nMoxyT2_#RV1dG+ergMlq111JVPR;ZU1}d&ii(TI)UoTh23t6<DlRTt
zIiJdEu7H36Ncs#WL3axy5K#81b_uR!PekvT*YVkWb&4SMgbCP&_s=cRJV~u~wSD77
z$c(5`u)AiUY-cInU<FQEFO6ticA<lc-F`z5DQl<)5t+2N7e^CwK|o{8aqD@lrnmPo
z<<&8NG!a9}hw(ar-Z}E+7(2Tq+GiSefxJ63l!0{$1S$Ok?#U{)U1BepPZ@ZE1_?i@
za?(MzeSL8J7oW|%XkCjf#Uuouk}0u7pigitRVJAuf{nt@N#&$Z7{M-maf;Q+Cl5$y
z+brxJGp<94m^Y=CKN>O8PNSwbmjX-=X%28Yw~U7SD~8u~l27;jrvhh#F+wJgT5yD4
zc_Vyg^EFPzF*k+wDK|SiUI3Yg@8f+}1^y)(K|eZ?vExO?kK{l_a@NxdV6Eju51A7F
z`y+RRQ8q`M=yd(z_ril7+(+gCsF*o#eL7E|y;l(0CoYC)>e81)#!d)Q^12G~6Yh*n
zuJ*56EgSY0pIvPh+eI}2SFE5@2Y(fJy>tnGv&c1+2B2p;1(%*Y)XNZ*k~Jxinnih^
zLlOPoHjm^pTbQAnj;Vq4T5W=UEzFEjp<<TN8?)}M@jSw{HrX42=FS724+jRM(-kCp
z<DPjf!ih?c7K`&P8(Kunc~K0ndVV%8P16>e#X2FT6A#1Iso(+i`xH#Z>a2FN!^Qf2
zmC_w0!{G>7bANhSQJ+Vot|XL!h=Zqof5E<%eU;o)`t;hp6|ff&6Ud9M6EfBTYy)<i
zz7oKruqRI-T|j<`JWcN|jiQ1LnZjWn1PiPz*VgR4Pya{NhN<BXD-oyw*NW)6>0`|o
zV@(~-&XzNI2r@9k&}Vm>_=zn^sEp{Iw@vua47j572$iry)d@)zsR-=Mp4u05J9G3;
zUvVED71Nl4c%Om^N4KI^<kfO&$H5vukIp4)U+6qm{sFTB^406LUuORDkdA!~hb_EO
zYvZ#c?bNHy48jC@ZT1a!LuSbe#YWdyz3j1C4LpK8Nw#vqUQj|00m+9)O#LPk4EVMV
z6%xr$FlYJA+o`?_odYPyb>q`V9+8<_*N&Zt_e=@4qP<U|_^#6wOPv`620zR?WutA@
zZBR;>Uhqq1Y5N-$tDjoEZlfKEJywuOc%V$yLIX18HJ{VZ!^ON?Un4~|a<8HzT82^4
z1KVO(dGA*psq#JsNSqIXac@$yU&>}dxTDsER>nsxCxZ`)h6p^lB<PdPK5*A3s!K>n
zC<DY|S@gJ6Oy~saaKX|*^j68GxwG4f!9IxY!y6Ie6}l^1FtP!<dCb-=ZVC0TbMLaB
zB0ycjEqLjV{Z>>|jo_4OKDKB94`!39hs-idaaJ-r8?G|rEvLN$%;50ff`=ui>#Y+m
z9KCgO=49~gJ;lpp$R-rNS({^{XCKdYwLT2;^nc1o#d?lq^PCd<yX+2_!G{u!b%UyW
z{>`YmFgDoX>!zq#-X?}e4pIAdjf%#W3*|1(7O9b^dkuCz23U>6hs|^g{7*Sr=lLIs
zgeP}Vl-$2nIsY}22=M=>!gf2Jb08p_{q5U-sV5=ZY*&IQUj|1g7Vjl|8Z43YW`8Am
zB!1r9hGv-ofp%DL4D{!x@K3P}WJ;L+pCUv=e{(I`ni#%3fmzr)W}RtfQ)6?`;oB0a
zmT%3UWoTw-J*2tkAS5|E=Ud}AUo4qkkG*{4r!rb~o8>X^(6A3*W?Sl-Fr!?0Ar<vU
zN2wlf&}9&xAWbqk0q5PbL=43V`?%Mgg$*YBd~14Oax45GRkEfP8uS_wH4&QLxnzWG
zc|UUw{`>?g0nJ@Q^bN9|c;3_oT%9fC&)y31)Xp^gNsIi%lS;1ldK%sEC##j^=hdb2
zz|l0V22XT|z3J_Pi8EHVyl1LKkx}2;!j3GxUU`1Ayx?|E%Y1#gwYDF6l4ToF7|Jb;
z4VCdQ$h=$RU_TY1vdO$Jk*L!dD<Z8#r$!<Dhiz{*`ICuB^Y=?3zC$0Dg9qF8heB`g
zdo3sflx?Ge=<<)0nnOt)%LfD>wO=~`9;xkWg03RAT>Q{7TM?Kuf685YSlm)r(+pNa
zwtNdN*jhlX!4RI|RQRySCzxuwxdiW}h)dzy-TcKThE3mp(f3JSKb(Dgo^7_7z5M|9
z8+mU3qe%7efNPtN96LY;CLKIs958bq*}wx_6Mc#|(p&hIdXWl$2!G)9tb&8C`7vXU
zf@_;`!*w}G2>vz|8DOJ0x#$HR|G9$FmFsU90hTFcV@i01=l((+*vmUQ*+KGyoH0O*
z-R_6=Ba^Jje4OK7x~~;ckh+dz7{(waBjgbg+iy)<%Us@T?g#k*7z`#4g>KLFF&1R~
zX^aMsIdd@QD+oTy{?WEAZ-j{rp0*Z2`s-;PZYruaLSDQX;sF9pV-J82@sLhdxD(}u
zQ5+H{swwGm&cr%SPDYAykNivIko^Z3C7@rA@Mqf|Zx*h0N|}PTLNYbFwVKYgMZ~yY
z%yE8HX=p8o_;iJ|G%&5yD#f;VGN@j1b{N=G;~jXZewcP>mlN>P04^yFlpBbXx5PT#
zkeZYy%^yiDzr_T@s^t_v*VG=cA)$*>g=Cv{_D~1Ai`FQFlNYe9PTZX2eSyd>@as6G
ztlej|h&pNos|qquGWRbiE7_ZtZAK2K><AhHjUO#6=zfLALZ7Tme=a2jM^WPrVlsnG
zwzc5x)UL1mlnYa+>Sf$`@tjuiu!XXU($(0;Da4|5I>Z#}H0a4X-@(HgpL+U(y}l)<
znKy0)2cLgIZ{X0{@dsn)n@^MOWFCdqiRX(*h+;(iq%Fd4R(;%h!n2xhQryaIwLp$q
z-p!H@kpg4m8p~SYCrN?zWPXNDfxZ+ajW*Mc%dZ<cI^fx}@Y!c$dn9{@Ly+sUapG``
zUEmZHnD~VhM+rnkp?CxJzCPm7`|wrP{o>N<>?;GV_Rv`Tt1#ju$v@tLy`p)(8_jAT
zcHAAVBOeTE8koRqs#GEwru3c)KOn*H9>)vo?BACvn6V(D;j-)t9*ZpfKx~8}X&0SO
zOQK^`ucs5sh{b<8FQ`&I!r16)qRAJ`GLpq{pgLL<e3RHZo<h8n-fBC)_5JkS$LHf)
zWT?Amdl#*uM>iFXJ?S(7#$*!qX!LHCm-(<qjpgcML&{$iJhvh#qbSNW!!-7R00dGL
zr5m8;N2t$jRNaTiMvl9A<Hc3#^DU>cNz?Ke-gAEP0?sk|l^s7?RYz%OQ8xSVS5A>#
zaO+e1$}Rl&5*#$+WL-1ZX#-NGlYIkUfp4erI^iK_u0m>4*6X})4nbA?nc{$WaWSMu
z=bF-g-uH}~q@fKV(*WFrp<I*>QqX&80bW<fCSkFWE=ur2yY4k5?jE4g;)kwe-!o-s
zu*V>cLzvnVVRo;;J7ADLd}0{*C8F_q%R^c&Pr2YaqD}MF>yteHJzVYPzC4@vJ>*Y-
zDHmH(QhQIsZ3OO4@Jd@lES`z*#`$H{x*2e6;2|+dLFqRSajVKUqQjSOObi9Id9_X1
z9!u?kv{j^qNq9JY25~12isV&PB@>CeESiCo+c;Y671&T|yCbSViQT_O7RU|=g4GEi
z#Rdon#;T9KchPY>&yqLGh~6&;>sA!3+JSH-d@@I&-y?7KxdN`7J@%1#l21l(zK5cO
z{5rkcka5V0f*eaaxy$;i>Q-mRcPuw05tn~oM&umcx3&;aZ}6Xp{(7td9igl*SyV90
z`4jl1+S&h0^l56y$~4~hA$nNaE)>3FzB5$RiV+O`+kVcX`R12k;c8+vaq?Lyg+}l_
zN0i{i(_B}dB6kRxCKoq|(1eOH5x1Z^3i2TdvtRAfcjb!wi%hwGSpv04eS5tR+!^r6
zHzI5Wkd(`-M<5q74RbEG!+#FvE|MZe{xpMAnaErW5OvQv#4__lpUmCnRX-sd6DMnT
zUuIgSHKt0(c8%IETvePNKi)0Jb#fCkrG1O{vgh}6_q)%AaV%^naywlO!9Gc=b7UT+
zfUhbqV|fUG#uDqgKl5?l>Vu!@;_E(tMazGMzl`5B$?}-ORrh6cH9ud%Tz5R-3`?P1
z<j0Zn$e=GVA3Y>I>1qYag)^!vKfdg&3q854tRzimAcoBIAveQQBaRl%pUr(qEedB2
zKSPI{V)hloz8~QI;%v+mfRyJYKTfNgTzPNymm-6z{QbE)9xh#shMg#JURt8MKu>-`
z?0_ekf{VcwOW)ezGt{My1}%_4j3!N$fyy~KQ-e62fPXvwDWa=mtF!eMV-_c2Osg*i
zw9x+a_7l4z@(Nsxde^sQuXL&qey+GWTm^VU4Frm@)2LlEl1kq&fVP?t)xZ2H3nOlO
z77LRj?gTzcaK~3w(dk#X>V6b&iI?<>ZqH`YT|I=H+4tSvh9hN^<K4B@E7M|=@W~#i
zPyop$9?yOW)|z4SIQEG6g{mmRyiHj6HP5_^cKHI``ogtkOkYmz0C*pr5LMks2B_x%
z&<y;V_-gxs+a&5K8~yATHVUsJ)4k7I-J5q9ljqW;R*I9D`XbOj6AE@j$2||TgyvYL
zM!RD|I$bNbt|@+UH5Z<3=f*$wzJFm~{Ov3#KHw22T)rpx_b!};eL9JB`OEux1;R%g
zj4uq>zevsgRh8cDgqts_8_uD8NsguV<o7?cdGD<v0RG{Z$|@1hX}K$@#e}&`@zq_`
zXa*-}@GH{^o(c5b-_C}F(pdbS!XqXl=AvHixG3ym@4Fnm+&PgmgrEvG{`siB<>!3G
z05mo>@#3ePtDTq#!9jOawA}su=KtGXpLtK_;+C#KnAY4;dNgBV-h?M<vL=g9NuYKO
z=jN^7`_g$Z=8Dm8|0!CN@^KO#31|PY-7VX{u#4NBtNS1W8gf?)g{DldiysV3y@4OM
z6arUKChk%lUBdQl_^Ol>q}irsO)pcTKyKl2xD<*}{>7yItn88TwXS8QS&>WMvhtHT
zGYW+rYFbpxf*}f@2F`CW_zEVRQGAr5Ep(iclp0h<^FW|E&U|@*e_h1!Rs{Un)^Xr!
z;h!MSyP?z(jqvQec48;Mh>&HrtBP)<5Fd97PehNGg|Kx`Jz#1Okfr*lwOL!B9mL1L
zr5epmc>Oozf<Df&EVE`QIH{i<5?#O0UTu=jUB%a`uGf+!rD|+8W=4zg>e#=4pZ{YQ
z>Fs^u{Ee48N>Y<}^zP8vqi*;!>Qne!c*uTXGAQDtVj$$8<I?~uAXv3M@d=j2lQL6G
zd|qtWe3XKTD`G70H!AuB(bZi9rBN(9jd(I~ENj+h8PSBT!2iBWzCF8-FBJ9P{FvkY
zs|S3(Jj-IsdW9AdoczIVQ&e{n6tYDP4r_z=p6OWGFE6j0qN+JdBGBl|z910rcw(Jf
zYs8*8whv5x*;fdo9yplC1S16>f&2P*VK7o#QkbH50Y8-xjE*x+3SUK6Zk6tGtaD&k
z7KQ^SO%p-6;5{MT7fl;Nk@<_-Q3_rBoUu@(h9f4HZY~Bs_wPg<<_0Y#3!5U*3bhUB
z3vB0m!Oj)xUMUMc4r4FGFk8Z5c?fr>787X37xomKIi7)Wo8U)!Q|GcOI=VeoI41SJ
zMxwt#Q--9+@n`^A611b^q>u66P*w2`=D~{egseH~G)2uKGZ`5sA5csg?^4jxr{US$
zh3`RkN@PWwI>wp2b|MX5+&4X(C%Kio3R@z;0rX$uEe^xAnjUIe9kZAyaqnKHd92qa
z6--JSV<kT9@o7c@??mZO$#coSf0YoYr!*1YPiW^jbu6Xt`y`H!9Uq4&Bjo;+6sYb<
zE`P0WHQVIzV{|s1mP*J!FMG-GAvBojgJ7@VG_8G2%ir<oCu}W-S?KMYz%Y={!a<#v
zKVlV%weL@m@5+<D%O7ya`(@17lDHSwPcPdi#8??hy=oD}gRnn3*6xr=qkEa*1}eyW
zh271+Ou`Dsl*d}HQ|&h76c*;s)bi{eO@pl&;<0Nw4Nt2^z!kU+{t%SZo%nsf&FGt~
z+Ji{KEiC#MADxg!$er;5EFmFwwEAp#qj(Ej%RT4NCh^&O^Aa4oJ-iC-gYQ1z&({%x
zVauk`hu1o1@CG$a9*4)<98B73NH!HJ`pDDA9147tI5!KZ&l>`dswL3omPeCaxteL`
z73Jr950M+g^I)p0AX;6on-s*TxM}Z_X0CTf&|og56t22h;LL0hfe|rH=ta%?3;i_>
zhPtCG2pqv69K`%t9WaR>j8id~CL;*t*wLDP32b@WIodd$KTH+u%S`7PSf?bOo7z<~
zlI<erTOA+d-j#u*yNojz+is={QtcNXZg1|Y0}3ryI<3h5SO>=SMQGx#N%Ikk{+uUt
zgpIyx)aEyOec)!az{5ZkQv?FBWB`5FEw@KIxE;<h5)#zAKn0f3hLHSJEeah8fye@O
zVuRatkJ+9dD>pxPic46VqhAFW99owx_7%J|w&k}l6ozF@wf{`?B0*Q3m;OvC(G}^S
zIZ~LRd%djEtZq2LF!v#U%RGjXy<T)WT&^qdM~7?^K-6aDnaCvqIGlKn>7DWLG!k<B
zg$+-StJz<YPUU}>*xtK*Ic(T-`C&VCVW5k_%_?U_pqg1{#8A5Z$9Onwaz}&GwDHH{
z3vwGQS+OF?`6fW!_M~9;*n>!DmG|ot_0Lba_e3a*I5`;}6aHO5h}!D&^+C(!yM<%p
z%RZw{9OV0t#7@6=K@2(b{2O$8607~Eog-PE2i-!w<8hA-K;d?|q`+-eAlE{3?njcz
z!PAsf^5-5{J>$7l=E-dG%iWALY=`9s2K(h#16v9G67sK?G<+Tu_rWOvdJ}j)Go5fp
z4s0X^x-Boh>0kM;XL0k;_MgDj(#$8I{^L2v_58&QomuSi+&Od}odv7R^-rmidb*h6
z!|U96gHZ>AB_s3G9!^)JV4jUQ(-}lf+Ou6OVrp(KTlgPhEqTQfT*HYOGL&|{581my
zahYA+h!bQ3a^hk8-kX`)9)bxweSW*mC)Tq5F>gof;}Cc27Q6aCe@eR*-#B{qG~ONW
z0;t|a2ozpj4GkAyF5o5Me-Y?RbDoJC-NSIjH}S9bsnfvTA7|U%Q->dhuXy-cr%hE6
zkD=>0&AmSC<5ehLZY>)u7SvjX;DUaA+{kGhj{z{2B&CZKTy%LeXXE<GOKA3;HK=Y(
z2|7Y5qlCv*H)?ezju!=}CLYh1q3HEOC(N=fe6#d4FKb(3xYeVmeZ*!Y7dti0_{<<t
z0^;R5Dvv`szaHhykB0ya1nSb{REw{PoC*>Z(wyob1_G6yLPHWO0y|RytbOSr@UuM0
z#d^>s(D)l#TjjK0@&4HY@ZA(c3#5vt#Wpsv99yaXD1$F6jW0M1_2iI?^fhJx+7G}x
zu?Mf%p~9Ufl<4yqhSb!>xF~pe9sd5OIQaQwfk17(8|W)+?#C`QB>{nEr8rJ?+|qsE
z<8J~wx|Yx1FvMlvzXM~vrM(T_iF@)cWpmFoUCa_aZebs2{H8y65$2g(xpPYx?{17M
zz<$c1xdT;m^%%bUGR<S-NXRg6!=0g5zCe>eOT`^+UAhrpQ`$&jxPP|)Dd3aX*3G@2
z7Dy@vWG<+qpG`C4C<QcY{x<`A_ik(JN5=5z?|;BggYTLK{+<#c0Z%{sq-^y5nPkuD
z5l_&LdX>k`qj4&8#|eW?3yDs&aXpQE+-z5I|IX~TMZd1%m`Y#Q$c@5LQ`d?mtff_k
zd(PvRG_!#5`c845%9ItU14A7b`&fpQ>V(_9Z+oV@srB!heV^YiryPMiJerjp^*S1f
z8Di?`bsU_yyaN23jv?xgO5Yjwzk7%C@A*FanVH@@+XwC~`8lrDHR%wLMnQrAPgZ&i
z1n8=+!w~J4=<E*3&}#9+=hk>-iAyARv;SqWEoAPwJW=ka{H@|}B)A`C51#o!G?GP(
zwPUbUrIKdgD~0p8-eWD^oh{cGqQ5Q!^*)+CX`W#bC6^E@&!PSs%k9jgb6;InDXFJ(
z@2X{_dtMGz#yAqL@sNsA3`S>5gMH6XX$C+{Kk<QmdyOk4tFl0?Kx$+u#Z)N`K~9wv
zZ~2m!MzxA2XSvmT{m=3=GPtE_ya&9|4NMKjn#q)4pN@M_(ns#BS3}&CEuIDCV$7OT
zCdQsjV&XIn{5mQxl;6Y`KRQ*o54-=>1znG2`}YZR@dx))`PW$!Y^m%w9-!oc(X}Y{
z?Csf?x9Gp&IoPjGy><7VwD0e-;z_vt;PZ2m{~%;E#*bOPkXGnMZ)lb$5TxHH5Z(IU
zy)h6_*EP^i7(cr2=892qN>RBFX_roA&vE0@P<h}KgiD^OTAgP`^Io!sf2Tt&g@T-x
z^D(T3hv0>YcIO0OY=-1DF3FUuik)B?o*w51T-Q7!5N*{fCmmubj3cvykq#N;L08s4
zyrV^_g!E3`4dKcSJZ-b=3MNV8nr|RCzUX+jUBLajr%JEygZwd~<@H}B#QkC|KQn6P
zXF;keJq^2E{@#B1F##F6e_J<{L1t6lUwEHZ_vveQ|A(XR-*>ik(<;BFk#an0QEfK@
zIVSRTLl_vs=Wb{GJRy)8PuO^=C~i!ts+BcOsjIK;YYV#WPU#<<-8Cc$T*@Y{nY`jU
zkA<zRt#u<B@qCTBb=i;1zHx}*-E)=d<8w9_@M)~1xfgt$=2Dy4>1NIrO4eZ@7_n8$
zRAsVIEoJ+=R=u=#qMoT?v^aNke#X74uB$TeQaZgCu{^MK@PgmiP10H_Y09KlK#=Yu
z$USMQf>)O>F*(_BB(K#Ne_jK>O0tD_fyVIHojl7I@J-G;B;#k;ck@<|c}{jgYtl4!
zj=?I#g;EdWe}}Bz-0j@Xy%P>>LW5tOzT#4MD7-PMn0D!->-jK`b00p0Uy+~hoS*Dq
z6|Ti#`cB1wK~?2`jN8$~Qe3UmaI1aWK({h~{Ne(0eQL;YQCq36(mz94Sv;6WY?iIh
zAC*V?kOTBb`eBF9)*kGeXTG#PQ%u1N0>^w$V;&n_w@kkFnetMx@@gBQ7T4Z2wfXCN
zyv8F+_N}?Yn$Png3Iebv4=SVF;_%CL#z0xx*7*XAS-vC?$|nN(x`e#38a!qNkj$Y^
zpZ~rLyST^pvfM8^V=ovE-GkOYucPAH7w&jIlI=mYENS52C?rK?3Iskh*B{m!Nx!=z
z{%IC95htow+WY_)hDZDhsN_nm4p1%FiYU_dGa2!vz9Rawq4|p^dNYYyK!{N^7MM2S
zK+Tzv@&xB%AGb&}`oZws%QlLU*0om0vBVa~Nk=MBa^+}FcBU(r1Wja|JD=~bg^-)O
z{&&WB*Z%Y%XOKg_i3Vu{kCdst1ocgR?8}oAIIL%@=$$;9-pQjA_WlEWMf!3E$o(G3
znH#oDeMI>t!)W;VphPqd*Bz@HnR+b`wQc&{I+wHd0|J?zt<QiyZjxp`uQ$qr?-|tx
zcly?Nzfx*s(;f_Ik(e0hsZTwAmGzO9Cn`~g7@y=V-lqe$tQH<gQ+}0fVN$+i9^R_V
z*BtAb1;!d#X5zJ3Wt_O2s?RiDjyt2-zXm>kaUV&V`f0;GFBVue_1MiM7UT|bc8_j^
z;Yr+ok-vTy{4dph@3P@+6{Dcd_8Gl&7`iWQNx~NYPLawLQl6g=p}!z|1GB)l{fjv$
zgW*O)3RWVe9&p{=mfCS*@Ms<Se?2JI7ZrQb>&MAG;LH7^{IRxX*~S7>6)!hyo2nG|
zYvQjNvEZ#sI@(udGzmJoZuy|ZWU3*_B$XFm<1fy%?@Ob9v1cSwiR&gUHE>JOk{K8+
z>q{BmGvNGt^yltx@w>Up+kekdTU!ygTWs%tttt+TN8IfB4AC0C7p+WtlHJ4SSnH%X
z{bp1LNL7>f21cqS#xf}S=3j$lHWMVjs7(Uz$B*ht&Z>zShZou_Rf1LB4dtUW9(0L~
zViOvKB;0GsA5}im#Ya{WBcW&JD6e~uhU3sPuIRbhk>^F6EUHpZ(DC2i8#DPeMlWUR
zsZnJ-<c`%oLQWK>OZ703={Ao?P3}m??)KeWphhjCm$$$^7jIQf`LHcCt!OhmV>1d&
z2}d)gfB_k77b^<3_Z~E>Xt%1dY(v$2mxZyPF(wXCZaIwPpZe0X%~*Jk3(Qatx-=f3
zHgbxOUb0aki+sSjLq8?YYQn;EQ^e;}6oYB~bi~ZZCE8ad`^OH$!YzD2RGNppC0H&h
zG~lW+FYjSqHE~n_e)qoE8zd%cM-tIR!c4v;KjrPyzn&Vj9cI6ik^++&x4UqLgRTW!
z+f@jksN9ZB0rvz7v$&F{sI-0DjtowekP4g!=XE^;>`%JSZ~IY570p%sP+?hmHG3$$
zXL<*^ay4MgDn+dSNx`OIXD%S{ppTSEJf2*J%+%S0<hd@0NNYx#gja#JT6)?$Ky;H9
ztNmEuXb>;}DEP!t)jv0?Bm!9A>cW!q4TI|LtE#r@?^%W>O@oYs%!>;tJ1sRvdC8t|
z7X{gkEJ)zbv}yEa`)R2^x%sp<`!0gRKX2~h!sPMRn4<kd1vcYqqBV(dXvEQQ0+8mY
z2iX*|gO>6BIVH1S-)k9&yumP9hhvH=G5s>(E6*(A;^O+Ep)AjW_#~EfJMX=z&NiE}
zrmv@z@a@ClZC86ApT(Y7esTOggc;rsU2#Fym%Q}2kT|~Ojc#j<3(0UIHxuQeF&lXE
zGa0z%3?K%4&6=27_HFpmutNA?^K5@|A-0?E!~-1mh;-DGaM#>+Z}uqg%zvT4<YUsn
z>YRiq0*&73*4YESdIYyejIIy7Z6?akwd+!9YOMN5;Gg+j#j{V)^(fck?2{68%kzQ4
zMXVp=(?D$AEkFx)EP6EZBAR!o&1yO#H+$8XwdxpSCIozgY6>j<Pe>Z(_*g}xYyAk=
z_O@o+`*Q@_97ta&@Yl`40T{aF8R~easP0x$Ofl5?7oML3|Kp%l(Pw@o)A4J+4~vC+
z!KS^MgvnFYgUxvYAx{er8;AMNEw*{NIR60Aqc5HJ0u8j<I{X>fyhfzgf&n<4f61LY
z@AUwr`2r$uGa@=Lz$Nw2y)uE1P7s6g4@bqz!T8cuy+c+3vOsiU!A#Pv%d$DH<GC+@
z2$4;G#Upg-w_e+mm#S6z>19wQsRAW{5R2tC<3>0d1X^~-kZSJ_K$cbNCo__P54ba^
zu})V4F+fWtTm+NewCgvJ6iz^-q13)b>{2DSdh$6-Ee~meUb0DI_Y4KZQhTyG%k2g4
zLgzl0)n}<PGi>Qjm5s~JID2wfql?5#Lu*XmZ*zU39&>xL-tMsE`GSbm!{KaiyOo(@
z4g2$zImL3#htFE~&2q@j>LpCCS_+=BW05be#>|;RIKtiD_m>YJ>nsUWLN`Rk&Kx7$
z-R26`&b7vLt#5~i<KR<o<0xU`;yDLZGxm!<K0CiYs}^=>mD}sG60tLv6uU_eZg?Rc
zP;24-=9z!aOqjVU$u-=sWOVIQvW1t?9{T8c;HtOV2K^H0N6{x-6n57>%@oRKN=lft
z@3tMnCZ9#QVmzk{_VP*97^sK{NguovEh~@hhRDiO++sFtdL0v8+QyhGnB9yM`QCDk
z4}>8)5T9WqbA_}F<@rZe=2d-NVu~PPPrS}53O!JHUU`1EM_yR3i6%Q`27j{kPu%Kc
z$3@y~--NMarEk|iEk9CkJqhodvio!JW5foE=62`gPvi^MVQ)T5AN$IAJ|7>S^leng
zlsqog7nx{TmFS@4orBKce3lSj0=p_)FygDy2xn!DvCzJ9nZ?lk>g~9$(XM{_V@q!l
z{faGyTtmY6FX?SX8RY33G-G;~Yjrt$$+yy<uBJ5VrZh&mG*Sp*gcQxww1q_ef@BgG
z?-Nv)Ul0qFM7u1MNlZgbt4uE=Hc^I#kwy+CAsW~p9OS>nKKmDg7@vRrCH9u}Lu?$(
zE6rz1?Tw);CXSt*MT;KC5Td&bBy)TeE$Q)2SBH`%efU2%YP{Oq$+6!vWcG%YV?UB>
ze)DYt^x+BR<tM-Jig=|5G@<(ORAL=94Zj%Ax`QJ6$h!76VV#KepSCb3pxz(U662us
zR-wN*++iC)2*2<K+4xAjmQ?TwI{j~_!_NB}?d|oEI)`ZGwZ0-{z}ND_J7rvkU`_zh
zMm4Mh)fKt~yYOft2f1J!<Cfs)9iDU-Nx3u43b)Y0SW}v+2WHIt-Of@PvN{E-6P-0*
zaoiG>z2TQMo;Nf(X_O4XYwO3o7>ZVf`zKE_O;1s9mwkKxy`eolTg9wE)$qXQCaQzM
zaMPXXr91z9EAA4V{mbjr{mq*#JAMC2X#(7WLyt?@J*#6Lt*#(Q?nk@*pxV%zRZd8G
z($qxP&#<PZ+@_M=kKqpV^!ep-0%vV|!SUhAJGSVuNOmrP>6mo;r^|*d&L+V-+<a$5
z2FcVYhbXQ0mv}-{S;-$e^*{K^lRbW%j;PU?*X*kwVj#^Ul})T=9vqr-`Z`R}%|hP}
z8>y$=$#Mg7SGxXui#t!TqzBO@Y4)1`tYef0X>bv6Bsm^QkEP)^<JZI8kxVdxxFQ$n
z-8YR`2x1H>%lVv0=cR2tZ9iAXa2awjH23z3QaCtfQ}T<i*NJD+KMr7SaZ}!cv~l$j
zvGC&@tjPakfIi&{#(y`#K=l33^CMHTB(qmAehD>oO36BtCEcv4Q7-Leqg}H#eq*%<
zK;S1l3DN79`%*g>cFs?pcPXqqf1YZ6`8r5D&0*Q_dhCU{h9*t@x5OEsehSDY306{I
znXhtkhL@pzpLv)5+!Gsh`#luGt(@YZi6Un6#Pig4qcz)v)X*gIa|X9e4=Oyayep&E
z!LM7Z9x)7xU8q+dHOmvtd|=e7Rgm&tO<gyZK`<)6>GaaIoRg+<K{dUVS|_{1D!(Af
z#F#3RUrdK{k$a?BO+`Y=mM>xd;{2VdsM7x5A$9*fE-RD8BnfR;y9Q8$%Sh|DDBkyf
z@7^gruL^&@#eQLjvbHFa{U=p&3VBae!~Xz6{OL~tB!el3rtqdPo-yUg7u21E#JAE~
z9_<#fu?*gLj{z?(hcE5vH8o|8v-;`nh2BGzX-f(CI|lEiaFz2KfAd%RtH$@zEZ_(Z
zn7*?6^bO=(!2AA%^W!SQDuHATnd0_O&r2NtI>~+dvZQX`1#`}!rlHL-Q~#EuYP7Bg
zo1`_X1Oam>RIc&$LyBGCw$>LnMd3SjU(m##nQnLY*$_95@dp6FJz|d*OGm#3ny8sf
z_1s2oJMK9~MT&?qzjoaiYH_VF@gk_;Ps@~SiF~DwBcZ{aWsGB-Y)sA1u3|?i@D)Gd
z%fa1RSqC=WEhB6pe4Keq;i_3d{MFCh0?xgzETAo|URbEgq()@Vr`BTXKq6FHjKT!L
zd%T3byEeW|a|2v6)w2>r3CpS|bRx?tT$|Wm+&l|w+EV(oq(V;q&q?e<Mp6<vDeRkQ
z+L|z#xHfl`cA93=zvsJuADw=Z0N(UU@?R}!1+_^&KWLeRRJ)f~(_e@#3`;yO^?bf$
zxWD&J+VG-8JHv~zhs*x{NILmbFSUt2n;Vyje)s~H32!x(lUB0k-pE>5FO&LGWxA8s
zKKh?HMH^kBzT?=0dIlq3tCiSC8WVL`rnsAgxQRYBufXG)M7M^hCxsVHUzREGWfxeT
zB{Fu>ru0pcW=xXeM-!|x@}lx!ZRF2tdL%QbEKLneg}Ns?fPD8ZckkxFtf<=o3B|38
zfiO0ii!TQ^Xz;J|nrH6{;+q*+AhnO{jbk`l-LZZ@u!*VbgbK^{_sXnq1bzWfIDTq(
z`cJ;k&88iunLODlpf={Kq!jS&Cvkh3_c;C}nZ#913qd8NZOppqnyE53_mk6G-9YJW
z*zbSOW%~BKiEdH1>|Z#`-%wdq#k9V61l5`eaDz+@FaB&T-QM11i#}TKxxTG)-Ws7!
zdyA#XL)qVP8*3;F1I>)SY?6M145o>{$z)bvDj)g-*DgqC2z!@)$#lpCsb&4Eb6vTi
z)0*z^ybULtiu-|J1DmUa@#)xI^QLIQ%}~pF&p=c^gh@W)YW2xUVN>Hp=$6gVtP5v)
zje8y_Es?t%q*-pn&mErlVv^G^?2E_mGtPf)b4nFqGU{DB80&#)?i@XuY#SAK<fBWM
z2X5{V2*g(HHjgvIkT5ed*_N5Ng^ARdN>4za(()CJuW$3BKD7!y>w*0GZ9jXQ<3ngP
zEDaeuqciqJ;xibpTQq)$JP^k8x}AEN=3;k?=nGl+fdBQ*gn-;vZ1De;L0323jnR!R
zw$|e>26OlJ7kd|hy5#*^*6G<JgS%@Y<UM;$WyZM<cbmYlkW#rx74Bqe?Jaw$Cm98u
zO8nk4>u+3qs!yPSRDth*1VNODMV86JPnMqc%qbZ&GE9hzIA*^8i0x7#Zpz6Ibc*K}
zb~btVF*`kPA)CNb@5lEHGQRGI`N@tQG}?O(*_mYK*d&=gzE+dHe~BOX_dYUc#wXwe
z!}X=)0_kyaejltXT?u)f*AWk)5J-gN)C-i;^5_k<aa5YWD#LZBVk9<e{bp@tDV<@(
zm&ik!Ew01EqmwnIyvY<BNpy4^LoEcWE{9dy2oz+vw?eFIbIh(7nIPRQwuQyA<qc*=
z<5*!=)w$S_5inAwZQe4%VQuQlkmzJYyjZk5>)WWKDXobrjM}g+pE4aQ`D!S;@<p@k
z&UeGnU+$PjYee~;UFr7j?n~9>Tv8?@j-b)E{{kOD;J#B+HI5BLB{ZrjMJhE>C-{GR
z>G~f9`9RN^m-l6G0ED#ASS$hWfd@`hnzhNbwNg|X<t1c^smuaD!4_()3d&lkmRlS7
zkfs{#2JMC#>Sh26WZ<)<gu{xdMwaOU0Jw^R2~||f*3<VviH09F20yp+gHz<BPIJ+u
z<WJb|L51I_r^G?y&xS|2?(=6R|2Kj6wD(54X}6oPg_pzbJKM{qI(5%>mkG}u?-Kjc
zNxExu+~$t*J+_{0N1V`>?nk?yX#0-sch2tGLvh(|_irmN9dnvpnrXT&ZhF)=y7tFl
zHQug+d5$;5<9zwmcJsP$w)eN6N4)#9lSD=qQB5GhNXJc2QgtcQq!W>`3IUfvp&SB8
zP-qg94pW}=s(xlt41!9MMO=z!b3Mtjym;;9VGh-`iQjG0#>m<$yVPrp7an=Ld0TOG
z(Y3QsTsLU~-Q2f*ue=@IxJka_e3v?D<Br&Kla4Oc;n7a-ZRQU<F*~XoaP08%S9f#F
z@NT*<x^{R=3b0Hu#|+FQ3{WXkGBFmA43RLbFe*a`!Od~Gjs_!D!L}|-MLBU?$ueQZ
ztR@9T7J@Nz2Qvngu|Y=!a0H+-RKo?KRt5e$c0DtVfb}+IpkyMzf7u;RcmM$Yv13Z2
zNOmWX*fqPkObP2kZ@k#>0^sgEIoCY-op1}Ci>NK_Tmy}vS|attC=5!t`cSjs;5-2!
zqNklmtQjEq_-WIuE!RZr61LSel|9SMtTaUwn~7xHh9Z0)q=K42lxTeS&P{#Ub1K^0
z-rTHDJ6Ac$6Xg9x+-}bk>^BOgj?Ck^B%RyLZM)xW<YNWa^CR7j#YTFniGI!ZP_svf
z?ZM3M?JbF<p0(Eb(cXPEjq_{(000Q|bnfk3$5$DOJhNjbJ!<1KI6#j8>Z!KI?7hsj
zD`oSw85P~5T)e^5w%cwK00em^>YHx_l1k=lxZYWgZgRa7dlh-W#CQi)O}xyGji^Lq
zZtkS{c_iwn0`BhHV0~1gpAx&YyBqHg@dw`V2gkvNKIx8?WW~7dSaAh43eLI-?prwq
zYgd(XL*g=>x6?PY_BN&v>N_t9tIZtoHZ*c<uG*&etWId&lSvzysJtf@_SJPvOy_{l
z0j9T*vA*wRZ5q~#B-Nc&b|qab>OM>n1f;M(JvJ_^z`XS*vdv$vW_C-!X!}RIHm;rC
z)`f1O4Q^gG^6D^ag%P!F+vtfSUR7tfEPf=8t<IM#A9p7ljdpLn^&WMOCrm^nlI-x)
zhg{YZOmwkJ7u#mkA;A#%C&xsI9x%+8YX%$4sR}81PYazJ<Bt=2wDSEGeui8os)*Fd
z2&$^9iml*xReL;Wn{h}iQh1y|ow?3%L_A#F07O+09cE^xma1vDFtEKW$p8@~k_4S;
zT#{sw0_x?!9d~sl&_t3*03cme&y>0eyPEM+MK21Wa6+0OIW4xT(7}aNx<iKvl-)w;
zA?7$Ngu>C8j$s3V<y3Tu5fjr(3?sU>Xok^Z+(lrq3P!@!V0IfeNh!LJ;^@qE6d|ff
z!Zbn2t;wx<MZ+ph+^)r>$g_3M996+vs#|w2Q6%1PQadiSe_e_`tGOEu(NviSQIeNZ
z`yY0+ZB|3Og_)xScn4KYw%dRJ1b7EkO}3_U8`urd1b7EkO}CY^v8}k=-QW@69aT2a
zRMkRBB>8zH>Zk)e#HPy^JJr=Z*9&)bw1CR012K1fTh?O2FqkdL5G|%qVPQx)N5`iw
zefhhuRX6iv?U^XQ9G0?Fdc)%l9^2=e#}@P7m$AnVzIEHMJo4e-B@(rz!Z<YThDkP-
zpouzGC8#EsC21TfC9S+|lwTnUB%VPMNii)_DAlxnMe}c+epls@+4pr<@|94GSxOU&
z*Q<eLod?8<NP3T<0eI<YX+_k^sy@O!Q36%30jBUENZPkYPp*<MA6b)ft1O{u5)Icm
z5<2qhSSpYT`Eesj3K_x|d&eMvUb9waQD&SvV7ti>gt)MkkrI1Qs5~{0a6uCxn8b%m
zG&YNkc~U^LZz_e&G8}h#s_w$YVXLD}2jS#(USMom!zj}jZo&?(jX_o=UD)A*>1b9N
zwO-UMyOiG4p^d94RH4~pD-XSyQsi|U4qaO|G1GN(Euw4KnLVSeOB|jpWeA#6z&kx-
z*c)^mj50+kC@N1?-79TfIYNVMA6%xL9%8Qpd5MsqFB6YS{2rnS@FI{URIMczG}&a-
zMMNr7Pm(Ldq=+c^Ahg#Eecv>Uue0<@>@Tl#&G%rx2o;ZkfMEhe3M51Iby0<8s;sK1
zC9EUbpr*!2N|~$;X0#@=1#n_gh!KG-#|nq7ej$>3$50k`w|m4eb^Af@>@$oEy+?fL
z@KyMt`M!R9?>*-C@9I@mRbPkC$M}$xP>oe3l+}$ZD-tZolEX5*e@^~>cjx!({P*sx
zdd&hM>{NUT{eBD-n?Q{N@DKnZW?_OM{Z#)-YN`sNnkB>0i&>I1WaUXPs7g5@kyv5R
zhE4x6XMZ}|AGm*aG0x1`vv|OaFA*2eRN(l1?L~il&Pq9gn;2E7YL-@3W|g8^njCS-
zsb!i~iiIl1v1UnRQAq?+B&3q}yY%L#eEs`+?uTOjwWN3F@88eQy>}knFc0+oa{(5b
zsw##SSZb<@v1+O+NA%2*1;j|AieXosn}hQ@^Yrh_?<XAZh|=SYa=$x${msdH85xr&
z+SGpR_WuZn>H3KOwN#43lq%6uA~ej0zlcA}-m_PqpVja0h*I?U8;o;9)oq90ANHz>
zs+nxy%nt1TbLEB+@Eou!xLnCI^9>8FeYNwGjlR_NsAN~n13#b#=k`CR=>N1cEHu<b
zIW#j>Eh$JelT-fxx8J|#cj<AvzW;spaGp8q-upY6kV0SEjK*Bd%*<wDsw!;)M+{s9
zaX>IcGZz(*hKLeGm>@x9sDr}|bdvF}$Jc3|y=ibYfkS>yb5BoU#<=_QL-7PN!>?by
z>wapWDR0(gnMIYA6)iZ$6u7mKQ6o|ceEbXj8=U_zeYd`sgO+eJhZ%RD&L4Z;1Ku1L
z{HnmK7K(~0Ti9q~ie_doDzP&p1WJU70lf$0_;A|(d8VJeXJi+=o7CHH+cewvn!Cek
zJp5({>Gyv>KV1J$h>Jw2ND|aVB~&96N>dY6i-|Q=R!XBQlZ+_{l*3SsRZszlf=9du
zzjC+tWgMsCD!-^tzpLVYv-2ffU^5I4_asXU3~H*drCCa5s=%eOYNcgI^AiQkGXzrv
zRSHxjL%se^XACegjdi6oBv|?kk}yWF!I;B)nv+j5UA$3wGU<opYrXFA=!lE<W@V0K
z8JU(c<Wkd165}N+Rrf#L|9_wF*8Z{eetvcboIWZn%?s#K%Bt=aJ_Epe-oQur(N#)9
z)e|e9zzYCVFaZN>$|9(0w8xL$emUyD#J@?bg|FK>@?vrwVe?WCcUN=F#`)^#Fdgye
zsr58`_;&Qavof-?EU2-CnMJCGnk-=(BB87Letu4i_J=C0pS5m%oY(S$=zKlz0p>tI
z$sm<fEm1O~_&B(^m}V{jpbKd;O=!g0W|AzMU2fazsRrN<LUk$o(;jU5fx=FJ?N!Iz
zz5aZhe(*9I{r%te+RV(xV=hd%wo>GiP^?o@)fe#F`}h0%-{0TQd%q6vH-Mivhx4(F
zbkbe-fcJ)iJOKcJWwO~VX)2YpvbLm@tT6u}s;Z)@saaF`kY*EsS0iq7MCUEU+K6O}
zad82HlPci^RAw0&P+*C#*}sW5zs66WnKuzuJfd}@2B|Up$n8j&?#)fnIBA5B=CwAP
zk@$l?{K9Aa75&X0!&j?#(|RK|(bS>t>$h%ui(hTy4zott?%PR2UEGeTC$#RK5}L((
zPkHwB<uwUfI^HMU?``dtw)Ynnd#%Tvr)zs&1GXCI!S}s8>%iUa_q=8uS|A;)TkSO-
zZfNUHaEBOUecs<_o`~M{*~5w6cXh%Ox3?}*+g#dG9~^tfc&hC*)n8nko3*!MtK55z
z<>%dob635-IQGtS&h#%FG2Jf?rj*rb+;$xc)=9Mcii=g}-5%@0HSb8Boi%mpd){t$
z8gE=Yp7o`^@#O10TJyY&y{7H8m@XP`UEABd5xr{g_ULNK?vBo7$$O4H?rrwjj(0on
zd!_8rTe;o!&yI<^%e*}oZ(iR3`V{v&xTWp$+V?jKYEBU@VMtL3DJEe9ltwt_Sb&LO
zfQdpRf|*Fbptx0vSxi)t^S?VDug}5zHh5#nAtaN000M@vUJc<_lVrqKKLYEb7(L;{
zAy&P^Y=L_#zy)C-wn-#`occSw=6SyBd;asg^Y66$t;_o<SK3KH@X?qR)6=?<*NX7f
z5bmU}k8ZMl$})lZef9m=OUza))br5Q1+>L1CynJ<cxQkj1M^$V?yc^p^sWQ!*eO;^
zb>T!$wri8N`AwOv<i~q@&QvF}$j6xx6VtYf^;Rb8s5dh+H?`4b0PnKv4z+83aeaSm
z`l!`lu4i$eb)w3I9~9Ni?&G;ZE;o)hced-dC${bUPVV$<0+-3zM``?mkDMYvl@}Wj
zzHaU3cDmnD<Qs;KumAu655BtE`mP*(>aLln_WEjP&gI*W3o4}9w(HrAVddw{^mMu1
zLuUyNskZAQ%hIA{+*+xLc+2ctD-%rMfTvX3VX@Nb++09zxb#O}ESDrv;Y+}fINLvb
z?4w>C68kRA{h6ZV;3>;(w#i@t!b7TUxR3xkN*w<7+tQ>0?la=Vu74Xgi6+~H{3+CB
zMiuqud(qXCi(5%YbvmS(m>%>OakjQ*dFJ+p5b@bNA)w9(3Uy7l*_oKzK~E*d&tj|t
z)qOK3s`l%4?)_>rGNh6TMyjewwL+}jp9mcQ{MVCh>hSO&5#kSkBh~laqh>#?rMa+C
z(y-Y?^A~vVjLVR<uP?UK$n&aKG@_y{m9{ETW3gv8udHi;*;9zaK?*hqVPU~k@b^R6
z9|M?B;wkm=RwdrNGP`^Q4-54S&aJp%9lf2QjrU(7nzehAM|%bk86H0IyMxTJV8Tf#
z`L|g(VVaiKSi1^^4?h5mD?$h?K=C{^o~;{643TzjLCvhvbzBOOouSU9YZQ5S*PPqv
zGTFPDziGdXeBvrmNGVE1N}_Hk!V`Lovjx%;juXiaMHWjL`hL6LKKHBMz3|M_?m3=R
z%!D>u(k*qHz{%X#Bp5EMcgY?1ZM)t*naY^}dfJo793l=I;*&VU!_KW95feKTAidu`
z#aiBuDv}B|RAQ>BQ+3{4Yg;sM0<d=#$u7$(FcNaMx-@)M#c+g5>*le$n5uXjm&MAM
zXsW8K-!&ILZuZvvG(!;+1RVtwbP$nE5=ICO5d>$0mDSX)R{~VLBVI*a%0x^=2E}kU
z@T53GMa>-;V;&eY6A=*uzc0Tw?&~G-i7J9D9Hg~Y+~5ERm`Tk;gai_GQZc(M!*NG=
zJ^F+ZAgjB!Xjbb`{;n84eHzLH>sx#Qnjot9hLNgR`L%B9xw>xK`5>HXs-%($Myjew
zB%@U!Q^f?$G)+-0xErD$fFa6I(noTVoqES*89cMtuVqzFX~~=<I;Pvcm8YYs<8Jov
z&#L6k;5Z;D)i&RoZa@IwfTvX3cjnuZ01gNWbxpT_I6lF8{4TZWVw_E+ly_6ANsm`M
zcR7Fu1O+;#+hCSekG_k(>e{CH_GVjr&`ih{t|tl1RiAaodzWG|W|C<tbXZDHd&!wW
z`a9Y&&SyWUL-=i(@yR}Xl>1!Ht@;dWw(s5|5kz4Gk3;J|^;!s}ADtLn4?XjJ?|Jx|
z@-G4Nw><uO#8EH2Y1}!^b92T}cQ|jezPNayK#jq5iY+W?h=fY-ShL|sH>VQxh#}xv
zZCNCd8r8LQ0Z0U4WMT9qok*`-lFBX#h}f<zL^<{4*uGbGq}s62cIuHkYR<$RB5p{f
zx<X2Zss%=jjy6ZAs{}AZCW>q#Q1E$@N^cZ2VRnQfT55x9*wFWy%R!dQumpmUFVuwy
zJOQTU4U}Cx62)AL#2fNvs9%hVn{+Mul0;m$UMIi-?-v4v({fv2!YL%^!4;}y6>kk6
zWDEysd8En_LYzUAkq+2yHq4<J7=y(c@T9)KO~OC6B#kqSOJoX^%u?cngu+atBT}@>
zlZ%jwNg|2~B$7!HzrUcC)n>}M`7As9@g<63nTCBcKg_DCs>E!ns;FC><;#u-y(ww2
zZB$y=r6gz~k^+JzG#`My%n6u(IHuR9jyHVAf!^JqY`}|)0y<Uqw?EN8pXVR$|Corh
zDn(Gy7BEc35>P<|QAr>~`*J_bWBZm3s9)2+x9#is@8+f%nalpgRZ}pvGcv!}2!N^(
zDG5=d;%qptm~zgwfzc0J98TC@-YT7TG#_y4I@P;b+4*YA2OMm%m{ux;m{=&8s*0$f
zg=VHq{-1)M;q>3%zn=Ns#`?3ab3b*`A>}nt9hhRtP#8e}h(#GyR8@;ovbp(yn`EUH
zC<<gMPHyhFxGrE>65tdSsmKC==-c<Foh7#qI>6Mta5%`8X|8H+#<#Yn_V6dktI552
z{QmW)D*seyN}!}@qGl;zSf(VReM4*c5ATllSo*M6@8b7o-#=%*(}WUfAJZ_5LkIN#
z3aY3os}Psy8-z767Bh(vD6>81R_E}3z}{xt<k8H-WOF0=Oy`78*{|$kMla{8kM+n#
zlv^tjYGR61riR6t9B5f;DpXd>Co2*p3h_k(l1U^iexJokel1_cf^uGU{!=68bMLM5
z>^trL7<PXY!T&0%%9fF(s;aDJW~r6^Gc`d2CjfEzzci<z$ISV#<PY7Ne@W;dY3=0W
zt^4!JiTz<Jf@*6jidBV1psy5j^ZMJEgZ>@NejtV}u9+24&xe=oAZn@xYL$`THN;E|
z`v>3C`=DoXQ}LS5=DA_J4E|x*K>9&9`R|wc^Za{k&-3L7mQzhhL@cz*!bl>BNhGLz
z|1fV=eeACRmGeW&Ph13pFI^uqGcyd#GP44+D(zI`)Lni3_4Z?zk=Wz+vCk}AWBIMg
zCfj@Frie$NOfy(?u$o28aq2u2cj@!)zWw7URT0epMOG#$QnJFVmRO)rB`*|^{{01C
z=Me0DY##wqeTG;oX8rl<52%iRnAKGh)Xgb==4+T|<o@mbr}De|^zf$JS@WLOpU2rP
zL7wC2BlGW}-&yC)A3sF|v2a9YVUd{>uq-r<jgpQy&63ktLQ=q>$w^I764gl$@4kP(
zm+ya@*UIyby5D~&?)h#!=fi+VfQVumn_$_7gGmCAWhxg0Oi%Gl5*n#!Tv%diqNSv1
ztbZ`H!9k&C6bgYEClz8@Y+-<MV;2Twa5H;%E8omD-t->Z=Kwd@tMTzX^5Yon;1v=7
zCMcwu$|jj%Vpu4mktGS%=3)EyPu@sQ;LVlq4E;cT2tSCw<xy2i%`;E*!v+uO#!v9b
z{;%XeiI%ke_UTpVv)Db?en@p80mtX(>+^}rw)MValG%5y^4xQl+V8u8HaJlc&wIG{
zh(SdUZ*OW!IEvkK&JH{87Mu!OMv$)h_W1U4IJ@Yr(L{SUUEg~5VkXAk_Z}A`tr7Mv
zvf-(Ycf5Jy%5M0#mG3d#x<U$TZyT!ScW$Y#yL+$~P3KoR+uqW(cwAgO>3X-HGCaIm
znBrpQ4sLG|Z#X;8X6d{R$7}C$=Hec*GtPF&-tG?3p5A*z-yP&v)?vHnj*EMHLArNo
z6;e7cSZ`Iv<F2{}zQp9tH(YlPr9I<2bDrXn>kS;_IRkUsqt<pMm?pd2DWSS-R_^z@
zp6$1LF17QRZr#}i``gYudrfwS2M-_s5d&l*MhO*|GG&e-P`OB$=0Pin;4NkW6^i5v
zVI-M|I5>pLgJvs?Oe|0&pa*~+C-QYH%A=0*zW0UgqAS@veAx85g7jdO`(6NF302?$
zLhgoUfO6-LA<$|?*N2<yec|MW*AsXVB^up%tmdfp>gk@<;pr0wEXB1h%M(=|2Pqp|
z@rvsem}=n~f@IQ04y=XXpq;$jaLPXf``-~CeB<9qnqG9B&vEa0^3K6$$=2+B7^}j&
zrtvQBecUH^b_3a*hRM2j*{6CY^U-0m*<H2MVl*?&)V+yj*R0w(>xs;B=f7VF>oqpO
z0002@raey6>W<tpUJ80LJ#5QWoRDY|RXT06wb5REI;XR0C+>WhZ)}^q)}~2LTWzp(
z02{(7({1;Z6Cec4teNim;%Agg$yv9RRg`NIN@hfuZdN4`?8w79`P$m5%31-SNmS{!
z`!h2c!nZe(Br|X>NlyXm0FMFSM$zn2Rh-#d8wyjTFwu4<`azF2c7@bLnbNy!wcw{$
zb|&lN#2ny5owVk68Pcu|8(VrY?G74;vbQ&eNR=)mXSg};A@x4Y*7IoPx;K)t?)2RY
z%$n~3PQ=|=ONGHecm_NOK}&+kUJ4Ev4&q?WPHt~tjjOYGxpj-KtVyT3uFm7WN~^Ym
zhjw2lsOhP9*TRK`oGTz>W+zCl%1>i8&V_0P3a+bH44FfCjj$p2nFMGq#AkN)5$0s;
zvPf#NOu~jSG-j$8<;*a%FzzYv2bAMfu|$}TgAEasrE`%HLCadpt;*$e!VUxuq|_9T
zgv1ds8zX5B)i^|R15GSd%^V+Y*6EolXB+^k;vB^Zx`5b$m{Y|<8DiiH3JMiTpCPc|
za5Y@zS)tKnQiU`oiwM^y4v0faT~}REYzKEZ7&m&QbS|be<8)v&3sx{?<AY4o>5fVx
ziYOup_NqYzP)5r3=Gs|pIEbSWQ;qM<`|Zx3U%uv^@9(RA`u^#Q&6-@fF0*jj%>d9O
zs{ARo({kMa27x70rrTckm%ZX#%{l-L0!pV%x8G&N_tWg0^KY`aNhGFaq`|m4soSgo
zGzlu5Hrh^Sreg2rMm_4RruoNaW;Xe$nMqwm`)uz#j`v(1nZ*%t;Dmxe%xm8EQh;~E
z4nJd93M_=u0N|;+Yw$B;<24$k79vsV_`bE{TE*WkrFT1<d3tzP73@TKJ)B|J8O~sv
z)?{jU&1ree3<Xv>j{C6Qyqe_vaLEBep!4^v*FILKgvG;L$;0yP;qr0^pN}13<R|57
zK#>T_P>2p;4nzjlF;u3J;Dv2n*RsQ6utzEa-q@&Z8yI~Die9yN<&4Vrm%K9^%6Qj+
z$#rWW$(Z11APkITf?!x<5;ZR_>|RAi%ahlQrEy@yQm8WFl$G77R9Gc$=6K+;w=_c+
zhlOQ2v<k6TW<m^44nmBy+zI0r1|UUG9|rf{`~45c72^d&nxtupQK}I^r6sINMVlI?
z&wk&(-_PHXbw0n*`1&!^zO1%7@8Dp75I`V;2m|yh7IGG<DypVgU%1OIG`VCZMKm-H
zg9DQne&N2;T0NKgw0@An*{|LYui`|Y_x6}(|D2!i`7FY*GfqrJ1xrO$iYTuXmyr}O
z|9#y~iGynYU*plfpON@GX#3yOFbxb$AMg1>)htz2Q8MR%1cekOBUm|+GNmIJf#1%p
zj{Y4QbuZ29MyENG4Uihw?*SL|f#S%AH=KGN|8=Uis?XJ2nTaV=RFWkXD-(<nQw+>X
zwM$eL4n#AP2$fWkBL{yUrhe6~PJ1iw<LWrZs{GS3{?Y0b9C2Uvsd8v6TN;)Yt18J>
zsi^(|A(&2P8zSeQ=pp>C>38z&?Kiv6J%IjZvwG6_6-jNfRiuB#X_ab*#ab$%CSj>+
z{J%8?Mg^N4<$e$xKuv4#!2s}tpAs+jsHSSFrT${zq9y|70*FMkjV7I;CZPQ<5@P80
zMvrjE*Q-u|Jy0x>A8{~GK~G1X`TeK;{{<XADPs!LE>yupgf&$XsZ|n0!wo^F)BJwh
zf4`@F`{(c6_IuzQPmp#e;va0n%(F8rEXHaos+fKlYG5di0)T%z5A+-)I>!_}-n4mq
z!%3|;xSxH|rC1w>T6FQFMv(A9^O`mA@9!GXp*`R4#S!wNvXxN;rzxzO8ln=Kk*@vZ
z)F0isU$>O$q3N~pdFY4mFr<=8#En%>KQO}`&-6napo7kC;2);2cRAJvAP?h{?cLwm
z!_@o)QAE&aQxgE0Br!0Ul6*-g`m>#C>G=xj^=G@63ayw$UatP3zbLAbNo{{zmOz-m
zilS<&JVP*YRt%hl$#O8FhA7@Aw`a|10{Mde4%EYZVjJ$ZyT1G8{@H%7iG-j@Aux)$
z`M<xn_|Mun^L$=)-!}6`AC4M|YN~q_Fb*N^e_(*P`>wPYLH1l!RQ55xW1V5(0l(J&
zA4({ypo$`*Y9NTJufKlxpELGh&bYYuUf$Z?_~XrLIpbP)Y~=mk!-tG?eTph6s;Tu<
z_fDlb6Wk&jSek(D2b2fmAityqdE@D?J@aE6{3G!-MKx4ZMMRSnc75Q_og6Q^IL~f4
z-t(RL-@m^5-TOZ4Tjsxm0t@#L&`TvP2}n|Pfx+-P(Bd7SfMdDWm>OeKkaP&`5J7j|
zNx{$UZ!K9TjyHMJy9;~Uz-u6eZQI&TZD93c9)=H5lfFBx?75d6OAf8}?>U?A8MtSS
zH+ci6blq$<-cSsREH@ZpMoc0W*Qbe!RSFgFHzTEVJ)@zi+r4^xMwVc6h6i_#9ffP&
z-(=vNdF|{J9gh<hz}?<dT<kpD_1;cB39L>|mh9-{Bff1HE^N_oT%%1pP42C`rS<20
zKIqZu?^<y@d$98R#dmM6^!vuzvB~c1PI19Nw_PDca6?$bRK2zXZ+9z;=L>t=*oa=W
z?<a0|jkQ!clvTt<*oh%*f|`ZJL{TB81susG#hjWPXEPzfRcb`St1>{$KfenfSQGbh
z^1Xiiv;e-=ijUU%_9y_m<i<|LZ@_T_*@Co(-CLJ3F+<)SBdppxZ$5%O^giC<J@a?2
z{WUT1rti0&XHnqmdcjh~zkA*u@Zg6&Tr6Jx=dw`-(D~1=)LE3!jKeCo(R|dneuKpN
zBO&b8N7R_U7$RxI2*xom{XQfssz(hvzmVv+(tY%I-u8R%O-{t-o!Iv>-<5ktiF}@J
zH@)_7$ya;Y>}ikXoGT={J1oCBxlPuXyStk19aR7ux=r-cGPd3-w0)O%Q_$vpE9%VB
zQ;q%h-dp>b1;DR5AF(Q@^!l>C-jJIH{+svNF_e-y4Yl0p-chj?6PXipQ`4?<Q~MWo
z0&Rc*00m@cxFQH)5Q}Q3h&1uqS!xjPx>%z7xmRv_AoVNC4(skFWihwyyGrJ0BJ3V!
zF0f3%CS+~4<9wo}_cJ+lRYWWLH!>#jCDmV}*U-LjWul(*SeYYi4g%6)oDw$MA}Uo9
z0JAEU!kYD0O~;!_1iXt6$v7M->}G)auHWB%GMYE6&Bk6UZGqqz26L#I&t2b?xxBYi
zxmm|oWOtP1C20YGOvu}BySH~+VR!H`RwdNLJ|v%R)=b6Pppr=xiU}l=?!P>H-p~U)
z@9otR#5>SnW5y4>M~NOj;6%=s8)3R3(6v%;wBku7?Ow{3bjrITg~tQIydQ5tmy=hv
z)}F%OxFkDj;E!^Kt6jx*<qlySUEO58^bVHwS9lGq-KBn`eQsi!Zm$)E&{w=8?R5&<
zZl9=C1k{UNp0OFTl$cs{(_#47MxcjcJ|4NTC;+a>dzkmQxM)6tZoI=4W;^V?HP*Fd
zbnFH$y2QGa(c@ofb-m{9z2`T#F5?PHRS7IvPp8#(Fx(9^%)@gDXbu?qXH&e>c5PfH
zoJ|s%U0Y95%`Ozo(%=<LTuvM?(czc#w_A5i%@o^AG*qbws*_VSZD~fKrd_#3#otj~
z&V|}7jAARPc4q1bz`_+q%E3g91{&2exT6s(in+ROtYt1L<Wj=m<hVCmU0jw|Lk8<x
ztE-`m(7`lJO%gLw69~YF*<&{Zgw6JoIg%-gE^4DoB&il6=y4Vz#99m(FklQA@awKz
z>z6|*AVGr%NzNFF%bapt8K|ZbR~S)6F@KXm?}zZeoxfYOisa+L`b43$gLgka5kXc`
z!QcnJ09B=wRaPTJMlZ*xajPos<F|XcNT8BQ6p9HXfHxu`#EJ}`0EdG<f;Jq9F+}23
z+}R&{Yd)(NdW@0X_Fr)`C>wdw-NZ)h`kX1-l=k%?z$RpEfB|VRz$RpEx8C=otDAkf
zV1odek+$D^yVK`>hVOR31Hdo==55<;+D(`Q%#F6&6*`D@^(yw{+|IY&?&k@2V_*>g
z5p@T*qsm`Xj@qYP_l*ubzVqJgEsOZLBPtRaeLCwpNEF8<eq+zw*G~3XwpcistNd=3
zoQx*oP)ogOZQScFGpkoT<n>|C#MI{Wc)<@oPmS_C&(_~M=4Ke}m|(PgqiScvl5JT+
zg;PG;Qd~(FH}7%Qb}}$lwrI`^wViyoT+)7CP4$-9^S!wBo_;5tp<Pt;hN==St%DFm
zLQrf<rYOs+o`hA?qRAoyR4iN-Rdq^&2BU_LuAsSPkzqj0MA(Yro*~Nf$8RxV%MRkC
z!ggc^{p*R>z3Ne$WD^xxwys^%XwwZ)rXV2{60#joyRQP<46|$2Bygr<pwkk{4WNu7
za=222<%$NEO24}QG)amhOvc0{Q9>F>wn`HLynL6xE_HR&=j*SB?L_$Z@7sSbzf%MC
z5Jdr15k!<lN+ML1C9_#7{H+0mAxI)EGRmroNvJ3(VW;9Q4_*hl*W)2$OkZ%``JMUg
zbnH&^QZn4V&&<d3`={dTS2y?Kh!9FfFhEHJlK(Vo*>j-%HPV#Av)%x4@FV~~B><!(
zR*JoHyn6m}>uasw647Z;`aE!Hg5Dx*L1TVk;!gZ{>vPT5jemb!xP1FENEoDH03?t|
zAdpC)L6`aY_$57Gw$k<9xah%riKMpvXh4ush&DC)k&F3<)W4g)!@QrwPBk&9tt(V%
z;0!xePkG_kabUu4zW(#9@8c5{43H3FM*Vp2$L_hS_da~_=JC#ZPkhIm$oFpPL*k;9
zQcEAowxk&nSkgAZU#p$<b>{Qcd$7XMjv>!_c}>1(G3DWU*z1=Zp0}^=eCxJ#w#(=n
z6jTUlgg_CtHVv>F8i@fQf=MUd6Yt0?pYP*;Z-Cb#TTtpkpdD*(+?8kvK>#EY+4><E
z{ct`e&02ll`wi#3X1RJ4;<O!j<>z|Z_03nGRjb^X0$@ZE4~QU=JL&oISk71Epv^Py
zjban^QKCEFEqU+dud+&{zo7sm%_;(Qf^Z0Fh&6rdAD6TBZ72)JeO~?ZPv5<2>9zOk
z`;T`1Aj|>?B!US9k@`B9<!9QX`2DVGv6+1IhHCx%wf0}307)8K)hzML>uzkd#oqaN
zyme~wm_&jIA_)Ya!QXt2Lz`xv-^WJ#@uesaeh^6{+htX+D>;ISYQJTh<#Uhc4{C8d
z<<r-Pe-~Kw^ni&-s$!z1fP|Pt1Rw)*nRxa6I<}91w*NaP<Exuv;0NLW5&<NVNF<o5
zD2Rxqjbrb5PPeT*nmEyHG01!4>gYCuCns0Q^c7y=73MYUM3O{65=Y;^oqYH2=dX^t
z=;w{~t^L4HgjGdFDV}IKIdF4~52{BA-h1)Hvj=>iJKSv7x3?><GPFir-*nBLd&jjc
z%qY?KT;qf<S?iwdL2#l?mk3XHZ$ens=(3ydI&!|Jb3JZ3nDI_3Vy~yJ?7AewlO%J;
zU`B%QzGIN@8%B!sZM&{&dzd$hI?CJJ_2Za5;r6|{8|mw|8_tO6kr2m_boW>u>pbS~
zyeAn?7SEkKEVbKl6FiT%Pg7gkTi7ey`;_l1o$KA+?B6!$qe$;--oqTdZzQ7NV5S+1
zfl4yjf~}SqVP-VsMU6#5&{jC(61j6Ya!EwWp^8Qv9CHZ*BPDPJz|23r{EhBTYu@u0
zi65Jg?F}C}r_8r~=Q8;DTi<tp^^Q6P+{;Y?d723%f(Zs)RV@l*=CuocoF!&Sp3(sX
zZIIU$ctS7B!@v&k%qL71E($61$$O_d*^oRtY*~X|Z*-TARN9Sc<ep`wNu{rG_Uk=D
zv!=j>Q_<OY)24rBb#8Ls5PrP7`%E2q_uZ%<k{M0RrPmUFW@~O{@7|$}nO9C8Wm9i;
z8!lU`h?TXyc}pI>yHN*JzUq4Mn@G#S_p8%0J$<&hw!i=Y0$j~h6nl4}m#aOMy_Dvo
z4|G)Q@~XYu<Q4?XgKg=~dGz~p9d}fDWY%=1+DYy2HE1LoZM55X0elh-wg3TC_ia^d
z%Jf{*>2bA_)z_Ge1xv{!+hs0=5aN!^=Uv^13j$_Aw)?xe=bwG|&pYd$IPZOLk2R@u
zj7+FQF3ygVYU^*7y1XG)xLMkR4mwn8-NpADZn_BfXN=C!%Ti9Idju-Neq5`^iKL)a
zmBw6MmR)5|gKntM+r}wwa8Z|$W4+qX0i(huj_KWxdvhy9(dhPyqu%r+bdr<HEIEe>
z+Iy-~5Qszv*nK_ha6ZiJ(K`EBE>#WZZ62<AlI>jWo7@JxbP?3JYvv%8y`hXY%q)R^
zA*z>F&_WR;5=kr&#Id1S3<0pv2bUaXYg$?<cuovd)Kcq%W(20jDx^s=M8+jk5$eVz
zDZVa~OCG&=(FaO`b=1#osDS{2JV(3-ffN|9^994r+!xZHZ51+<5$*Oz-hwXun67bg
z329#j_4i-}fiofan|#}*-T+t=G7Yw$Ou26!09X?;4YxgU$F7&MUq-uJ@uf@2BsSa0
zmfLvSED4zg+fBCTDbD@5movKGcQ{FQHUSU;7hRZk?5ydi$1d)^Gxu;l6M5&Z(ksS`
zE@poK*YmxgM;He@??7*!u;YNrQCe!c^D;ZmbfWiI+W9W=h!u&?EDacGWvY~bU~7Ir
zLg;`Ll&QBy3aR4g)E*9jR25W!x*l~ZdX*B|g^FPc5tb=cM4Bu!??Sxc*kbRO+wMzV
zj_0rp6Nx8%Zu>8F)!w@>b_>J4Enh0Q@%=%WBqSJMA1_|LH$B|@@4kn*ZuREpT*6iN
zfFFbcNhFd9AcNqtEB1F$g0=3nlQS3X>Th^C?DnVP`_1)N%jfqfOh|+zc>QzFm#uU5
z{<bRZD!4u%cP?Juo&(<iKp%(1l42s1h$p#^SLTrVNO8uv`M@U&Ed9T~ynXSRq)7pZ
z6v8AzV3Z&LKexNP$30Ja?9McN<DxFFyz|g<Z-Zzcd?~7_q7Weo8&!PotJ_}t`E|FL
zzT}wvz+OH5%yQw6P)V&n1<8MWY-C6<MiLHq=d0)6?z!^i^xrwBu1)*iVZOUJ=dM(>
zOH_qY!(a`AVALB0NrPb28wS7|1(L*QHVRFHVAwSPY#RlVO+m118iL7yHVG<CL8vwh
z5E}-;s5T8juxuL!!JybS4F-bE{D=rhQAUa=D5FIh3N%qcMHs~x#S~~LqJoMj(LhlY
zQKE_pDA7iWD58u}Mln<E>&JJd@#5rU`zA+z;&ac}L9Z}P^y|->K0`$jU@{O$1V^tM
zobR8n?t1*~zc-y|PQIJhcb#Za`2|E(QBfkH&VFX+hg1WrKg0q<$;laf{{LqA_jO(G
zb^HLp0zrQ1%jaIb_GcXHXB=7PufFlct~@UJ@f8>4RaFwGzT%pa%ujm2&k*BCo}LFr
zf;DspXGgvwJV>v+A0mmUDu|e|B@-e5F+~Ig^Iw~g{IBb2EQ8}jX&&$~V$qUQexN@N
z&;WoFF}?D=+F~}or;9vDk~+g0kbd9Fe*ZlBPZ)l!6rvD94I=&1*Nfjy`Q7;gj{Me#
zt?!<>*CE{qhsv6&ilQhGkk7HWH1!9zq_e*_Dzbg&Tg&DA2`~ZzVLklu&)>hjuDbhm
zqp73c9BkuGbFdGrRZ%h;FzAi@j!Jz=I-Cx9boTn5={eUNb*G-sj@x+VzW%?4gpgom
zB3^F%MNaytAKRD10~Z1Mu|s0L-~jzTB$7$0vY@TWQ&sQi{3Ud3`*@yZ!<h9s!&3B{
zIQh|?8{L{BAj{K6PP5zX_j|lp_qj8Dt?r*hPbX$|sHbs-$<FUPsMd}baAx`K=yvNQ
z<oCJlD|(5x;_9_=z((T@GeyedvFtQzD`wC)SUT-hvtMb3;BnKuImbhR(VK_1Yd1Rq
zJ!okAySNm3PCeP2IE!8G(+_7sqPpg~b>!Sh=QcupZ@s?FG4FO_>&I^EmMA>JNni<r
z<Kx<C<e81JU`*+VQ!U>oYJ0Q2({7gD_qs1;gI;ww#0>}_hYAE%6v%KC$}GWi0$Ci9
zl4?pp#YU{ja~BGcB$03xqCztaWh(`Q!9ZLD#*C$`7{X*EDQook`e)twnZJLfxjFJ7
z;p3?X>f4vji2SU)UGFwH%<wtCH%y6WHv9wj=S~4pHgCjO?_~km<wsBek9zIqS^xp<
zcY+ET`?~s&(k4}tbP_ZGyS-LryB@Te#8cYqzU+RQhf_qdQsF)iuii()#N)$~{#MpT
zbbR{27H5DY`224(>UldygYIAnI53D`JDFt*&c=4HB#hv*Ix6Oc>RSol+g+Cw^LCuI
zd%Jvfc(jtu^f~WDvui2F$88>uC{t{dt4{_O9*#}EsNc(iwn@D0-<2YM`s%anjvCat
zR~0^D5M@rN504ZtBn2z$te-9PL|?k=(Q_BOF`rG&^zJ<qU;qbqcPK%>oP>~wE|j`n
zb8?3-zR}&<N)R88TkN63?K<ey+TxFZM|@u_t<Jvts0o<?w+o}&A3}LP%$G`TW9r+i
zww{cjCS(TOt&c^ua!~SeWp&>D9*;TbL`&KC-szuAZ=)`J@?{e_owRP}3Xn(*w$p9B
z0=Ogw+Vi(fvqo~dl@ki8LP@04u0pI3hU8$M0M?`Q5Q?~Kr+PDPBE8;~BvnpkJQAhk
zlVRCj(&807%=Bqh)9G_db!rL%W<YJEl3mS*FOc|_83FBt@Q)U+?5T4mN;P+NRV0MT
zB$7cTRE-E{eBLZ5DIgb_bJd$mBr6dJ5&*&s2$2qq29|fi;}&uco!?d&Bb|O#UF!@!
z<#kkLQu2eY&E27b=xbIN4b$6~cQEdR5H5@C+7xWw&Z$Leo186dS9>~nPF?`GP2D}c
znJ+plW=~DC;n8?;M0*~^05tN)G|rzIt+Cicqu8YE1D@HVwc@iA@GCs9I5J=c-SKNX
zdsbjLO+LA~R+@^&!LgRO;GVJt<d?I(nlSOvzP~xV$KB4G%=5bU-?-N@zKJ6R5*AA+
z5;9CjU;qb(ok}sPwbfy%cXX`=7|};Wk%$o`VFprlUE1Y!F2*NgmLej_rqdd$rV6E2
zRmKgf9(^3=+mzeZni+wfFpI+hB8DOghziuE7^$kcrd7s^B$6t?(xO#k7?D(}6=4yC
zinLG)*jNz|gg}g{FsP8KOe!RyVoY3J;x$s#%Lvsijiw~V(vmcVM+hjOYP}K00GWaF
z-@7HdqT!z&LpdY@iV_HgG?9pEqA|#WU0roz-EB^A;!H)CS1bh3OfeE7!y+>iKr&V-
zQXLDZP|!e`6AC?G?#aj_YOGORXrl-!q~VInv>ic>75i%Xte^&nTX3P-?`AJ}cmhWv
zsFr4_Pt<-qhYfI_UEg<aJylgzB!tN%l1VC!SA$8EY9vf-h$y;sRp2M6Q%)7Ap%T2l
zSxthW7}wo#1@hf`1q46?ZzoFP7u$Ciud&|h)D#5FfZOKXHr|0iOvnwj<GWMMcii=|
zfSHgRdFkNunWv_5RJ@XGB(h)wUbavZG6QY4$aL5&?wOU%G?YS2OaPgX39HEad(l-H
zSAM$o40+Q40sJep-P=oJOLX0ZE80l$5^$S9qJiW)VnK7Q(n&Qr4RhzTKQMkNm>B6;
zP7kRmRbHb+>9V7yI5uxY02BaF21wRsA#sL4YcLTqRcS|xgIdK}Ekw*3vL-BuWo1q6
zi6t7$?UFTlNxrppvZQ1@Vmhs4feX|o&ogtuWT!G^%$OCH?&ZQJ=PydQ=tUOr!G>WK
zLDW>lm0oq|RRa9WB-DY_Xir@Dw(gDg7-;)Wc)_mqrKYbuZQ=3V-QC7z?w5S`W*OS}
z(*~2c;Na&o56C-x@_U;vklo%q``GC_>#;k#b~!iOo$I3K4_)J@Obbetk0yu#Bi*^3
z)~miP*G;0<H+|iA=JU?Hcyj$Ij1od5kP$>_3ow9$FSpCrpM8Aw=f8h^ckjF1-;3{u
zyIWV{q#%e&swj#@2oGoL&$<osgSppv;6?NG>-X<}Im`OFG7O0c2j5<P*W<o33%@tV
zd-sgI>t_M!416%EsG<sO!SxTAIO<G3Dw6T;6p`}`FLiZy@4i>SVIT<rK_MWLhvNMG
z!~4hb#gy#Wr#|TqyICPx^NRadSLOf_5?6MbE#a>ddtaMfdHL?(L<$g)J$3i>jYsPn
zR-b^w@<VDD__izfd%yvpf$x4Qil~^B0)^rqUa?K@4ad*}@7=pY<Axn~npb=$(DR}8
zDPp215ebNi5GaU%8~v`*EA>*nnctiS9}Yf55m|k!a;rW74f5ZF1VjJ{HruN41{#I4
z%^bn(1NZ6%?mRmtA}XMeK_rktJ@t3z?b%wQy7zA3@%`1X5=igN<2vuZz7<haM3-2f
zRYBtw+#YLYXvy4jh={#tGtKv}ertZm0R18;_>w^cpArcq71LV3%)02+*|oyU@B)Xk
z6;w)yW+!os=t=YL0jtvIdhXWu=Dz=VujHUcNI)DD^Y^IrO25#Pf3Xk9Njm-?06_!v
zl1VWW5c@eq9nU(%naI|F0~wEd`}+OXzUO?mU%hY5AR&;DAq0XH696^))BF4Hzkd3@
zciqNwzC3l^d+xtLCNRK+#2;j{7dT8@^Ryj2Zw5U_;2Ua)iYkJsuX*#F&7AA!zUA{;
zLwt9y8hho=eea(0-?P$x3bxx;qQmb;y3qUGNuPOQ8JYFA(Kl29s1g+9g})R$bIa77
zZ+CaMJP7Q$hpX88++OY@4JqbJrxcQTB`Taif`AUHsnTo_CoL{+;BMlco1OOWvj?1f
zFKg?S6>k}vyyoU&+oBo<?)%zru*EstLmbM?2zksqH@D7acMu+DYXjT6m|ph!<75wR
zc9<6Q9d;P+W+|Fr<rsUtZW+O`gYE9j2F%-V9rNR}3odjsZt=Jq#y4hKW}GfSYld&O
zcQYz783+!HNY^Yg-G*mr+kti3dF<>m&v(7-_IWP$^5WW#=*PQrobiH~t2vb*OM(+P
zCS+3BsHP>3P$4UnSS4c#4h4f?m{t&i84FHX3zlU}0V3e%dpq7-d)6m#>qWc1Zb1dh
zFu?_Hd+9H=$G!Q_j=WAz_s!PsJo`r6-@5a9&dBRTl1<+<EkSLn0;-lubaCH7Xs+~X
zx)ENw$pv^n1z0iY!S@^p-jUmW1Hepg4T8Im<JYPBeUY^2ZWnsDyw+s-sUpRB(ED7;
z6ftP|JbOE}q_*}OR01I(cE`hBKdtwiZ#$1Le7^XOsS#J!>pEcPFqQU;y`8qVb2c{g
z;HXJ<cJ4Z^u_bx3GcDHc#Ac7(I^S(BSP-vcTpc}*WY+bq=^H1jdVPDDkJXE}cav-Y
z000QcdQV&{J#?VO*KItVj;)edt#WVK+1$H{nE-Aonbln9cdyWWH0YX3YG!*8ySM^e
zp(QDBmZXq#CxSp5L;$##?7*#O%B`m=^Dnh->PvSF`*O$=1!AvvH6)$f-!eiV0Bt0a
zT-XsX=2@=Jb1h++oeA1S0LT)g$ZXW_2TR;2N|@)?cWj}Rc_Oi0RV?2+#m;vM%u4AD
zt+AZP1-GZ(!>aF*XuoK&#i4RvJ(*$09|?mmD{k4n3dRaAW%b~03gdnQJ4&w6$zVB|
zw9Ro1bI=163>BVKiX~Yl%%@A<GRt9JDSLKvkiip3pw5Gd+wu3=9^!t{af;F7%KO`w
zyOt3;mDU{NXwKX2&ujAu^0`@ktC?cBHQvt-xE|34SyTcTW%CN(HGtK44vZ6ou!QEU
zAYqLNbIy(^*Eu*uL=i<k0G?M*%sy$!4V9(`>r6YTWJqn3zKa1-6QB@@0Am{GbCkB&
zo+;GZs$S7<OI_{fo+lM|ThAk60LIT|XM2Ap-?p_8#9{GV#a#FwNgWtD*~xXoctUp*
zUN*|*A}HdOS#8m#^ukJe+-ptwt@9n;Jf?YE&w=od&$8Z^X{^bTuf}dvaMr9dk_U>H
zh1t(Lv}U<5hACAL6}#PQGg4)@is<ikZdXWnsjhcg*2sBWH_q!dlOSl?oa%G|AP(i+
zr;bi-T$=NB*9OxuheWBZ0NYqv?Do|Oh??-oqw-g(wG>h7N<|%9ad%eN1yUWB#HwW4
z8XoTL+j`YaMK*?s980%m+YG~Y*InCntnVa#Qf}JunVA_Lmq1L>5RKKq(K2GZu8F}E
zI3n=bDzw@nA1GwVK@;A$=GSus5JiAN01pfnH@5tLLLU*kw)5Rt+cKt~PmY}Tqtyia
zdvAHp>va<IuQWN51k8Xo+ikY^Bng=SZF}D4>Dz7aNE0#u-&67B=f(RjdG@_(Qd2UQ
z3Y3u`9nYB|5CAuT7mo5XGB-0OX2iR?Be|x)37G)7`XW=mFM_Ksb9M-9G!tB~RMQW}
zVirV$)W9U4VMQEL#QR=lQB%O1u;0TyzrTJQpD%B9`S?bvxG%O40g#8tP9HkMOiwr~
zZKi$SZodbd{X^rHQS@YA&vwr~_(z1-AxuNay|$^CpFeZ+c=`FcG8+E%$kE9<pM$Y-
z5*&xU#`$qY%m4+=eYkU1y&fFo?`shF%4{7V25llqB$#|C@t&}om?dMYrCZylUp$_9
zPhb$R_U^j-p^~JR77ABMT0r3py2oqEd8!nRz^v7Ikdha51VGE4a#hf)tIM%>PtAl>
zVO$~kh=Q~|;K*+<DFm{sPn)j~dbI~cG@*gxU|Is*Gw2*OQtc2t?XOFvBLx*h$-xv>
zY8pYi2o)P)BvA|(R3UzDI*p1^hK80Jyop4dAd-AbTT5v*sj?9_1CJnN0pU_ty<G5a
zy!XrVA^-q{LIl;%R`(#mznHrEwA6DTyx;%>^9dvpOx05`q2GolR<(}$(rNE*9j=2t
zsK2ipt7iGB^il+nVI^17)8Bq`o!@V}*Ltq_!tj3d)kRS;K0d?p&ELj)(UZFB?Ki^=
zfnSPFM>Y4qZJ#{zq+gI#6%f@l#D!#xB^IF~#e-<EB$MC>J_76Yrc&G1yeL1H>jxru
za(sOKtlL}q2yGz%Ok2wFJi?Jp_{95c-zGj-)P6(VKZ<w0HC0~v_in29%dT&%1^@_O
zJ<oN?b6xY_&h@Ui%-5%t$^d+VqN1Q#>@0I!O&O5FSz@)X#zS*^y?A`SclYJFU!;^0
z1Tc;F*S|j3zb?LW=f8K8_nu#vh6Ju;${>aeuqVDvF1*vHN_ocf-F3&d9}*Y=05J={
z8_!qoJiT|*zJ2_?aqoNF9CMi)?nMLRHB(edfd>|{ywt;tCed2r%}p5m`f2v^*r|E@
z=X38~`uo!B^lY@iWFXQBNl6I-qZlxg7=gF%zJFZayYJ`kkDT-8*XzQx0xbj+0(n`k
zIcCPTS1Pe!kDTcZ#lAJI0nFR;3*UF}>ZT-wAc7&&yYIgH_4oHa{psV?<>SMA@qVNN
z0Iw8NQ!?XjIE3s?9j=AVjA5F?Pf5+!w?~H|pE~_r3P_BAK|tMo^Vh$94l3evoul8J
z>$XsW{vV#x;z=ZuNhBCNc6`&J_uT`doN;za;pztQ)?(wlT-@HedA@hoJL}J{mj=NI
z0Rke|zdjv%uTJ&PE$(-%X0_qT2q(iJr~n$Z;>?S9*DCj&v}yK0kHkJ$ss<GA!pXKN
zigiX7#Y&VFA>F+joI$&jmX{s5t_mm{dCvBmy2rD+-lKcFIObPet<!N_#rM5;7pG<7
zu{*lsuFH3Q+<-1%?&fZ*m{DLl$d%oj#~bf%^dz@&b|<uZ-V4V1XddTCtT`Ujj(uzB
z?_Rg4_lL9A^E<3y9Cew85M<hSS$1=WYlGdq2t9YaJ=y2p7eh1{X7p$@(U68%Bw{R(
zw1y3sjDU>+I5`4>gqaf9wPb{<tCNH&V^%>jxFpyLE;vN72qckYFwK!a?1+#^f51W{
zojQ_~s;Ux6Qqqkqw4A*KSX<k+KN?($7bspR!KFAwcW{DJ2o4(!8lYH^(t}HpLeM~=
zXmNJ}6xTp;3!zZl0)+yVEiZfj&$<6|@AvL|-@OB}=3HZqX=9Ex*P3g}PZnq;OT;3$
zyePsbRfa~OvkYvV;~zLDRb%KIbf=y#N!iGhEswQ(ds%l*scSE4F%<f+^1|x9Erb^b
z-4LBM&P!gci%TvpP$4a5M6%aw8xbvUbEb?jKC9F=;aSE~(~{*v-D%;pOh)vyZl{O=
z4DsF+mY^X7bxzU;Y2~u4v(!(u>e=Wmlswn+(IQPMTi+C`@n%cWl5~FJ+G*`Y<;Wl=
z%kJWB`_MqM%xAe$$eSm#MYB4WA&pTFijIRh4_Ar^)|9nC*ISb-%%@YdlfgOFo{~|z
z(2COJ3Vm;=)l`8fG@(`ZeS$ZB;b0xJ6i~{?Eq_*XHkR3kRg@konx>AVTJ|!`=aV*d
zY+<7V(aRca3QO{o>sjbCI`gto>uWrB)_@v5nQunFc3ocpu7i-ZH8p!%-+#)!i`<#D
zRK6X0dDf_~SO4u{SD@hc38Z3r9d6<<pSt&b8R`94Rj@a8FJ}-7namMyQNU&MRaI&c
zwt?7}?VKkw^=C}1)#(R1QH!sye5<!!K2o~d=k(ph7H&?4)&<gq#`pDCRmE_yPWQHK
z2wJe68qLn{m3?z)l$MkFLKarwBP?1f(_k**+a+|h9R77Rla;acek2WjZ%Ja?wH#e4
zPS%9%6CcK!=<ld0#g07Ej%*UHR#z)~!lIa%ex&j&X8mMgdI5uxs};eh(^5gsjPa=R
z9GtRFSN(Ij`dg0s(6r4>D|N%hE<E@)X#y3CGn#|zK*Er(-St@Zq%IZT=SMP^=Z%_C
zQwn5IjHOzA2^eWovo@sA;V#|DK(*AbbWBxm!q01!d~v&?sJC@WIYFCku|^`HKWgL6
zRAL?mQ|k^#sB^`J5qgw_%dHQ;4Wv!<5Y#_10n32W=`K6BY7PSg7`%1MrPy2_x@*jt
zLcuRi_}b|N?F<$dn6hH4c|v;`KH5K@)fg^{&B|J?lQ(NY!pX$w*|pq3m;S1l$d48Y
zG)#GC3`MI-qkJJ1o&9Kf(f5tPEtHe`fgIL(@S=#cjdJLv?#4hegSTzBMhL?|SO;&$
zk#DLg6N+H$ISGfeA!9;vok;v4L-2|uT|#3p(#RBg*T0~|-jU<`J@l<&u(eHy`O|k%
z10YP!jG=6UpS3ymHWN-%@X@1wM<z`@=)CKU_HmQ;resC>KC1DIxu%xG{dw*33?-^#
zrGJ*^B1~a)W`x<kuz9ND0Jq;@p~vLU*Ez<h_Drjy!|sK%1+b;6i7WpH>X|L}e2O+`
z{XV_EIyhu^dhkVB;hNF5t&3<y7-nhBFM7vsT+Jti<xJuSYb-0%!xZn<`|SZ*OI8ss
z;5+;E@nZ90kJDm!^=0)}E0^^hQ~MfbnI%`c89UZ%;(RNiG$HS$gxV{v#KzuSrOx^u
zp~N?~#x@+Z4VAjV;~erqFtFN8g|E}29lypz+1x78zAeu1IV1Atq_aGm^1@#XyG7bW
zV7B>{{7@_VftKb_7-Z)>9RAYJ$2ItkerbEcHxklMQOf>9rV2jtnX6Xk5$#)olh+FD
zlA(11B3Iy$v#+Smfu)5IjcnRb3GUvWncPcpT1n56$cro0w&&9<@7=j9yqL?+a$LZ@
z6%!g<4|K)5o{9?;TpDtlefh%a&nxKIEk)ds8j#SVJVw@mtLDd@!8>$quJ)kr@dZjQ
zB*%`PT(Oo#!MC)sR`U&|yU0DPacdVePm3)@`zQp>q4h4*|8<ik$Lc2Mh!9usX!=Z{
zEO!_cGyRipQPRiu>P6$8flQ%z7-6C+cd-@yFcOA}>?_h+?Jv(EN5T$-@mp@a0+f24
z4m#}d4+KOV*D_yd+W9-Gm#0@K>OE?zwcF}%kQ`b+vVivq*ZFG{W%^Wh4!5hM_&Vf4
zY&7)p<JzCJSZ5zxJQ_MT&4Sa)`uS#ZuD2Emq<8tLth{kU6gfBfm8#LID*1cfF{%lE
zxf-4$It`uTAb-Oyy6Mn%{CuZ1=}Uj?ws{wDn!T%CkJsg>3X)dga6_%#Pun8CqDgpf
zzME}Ly!`r)3GBO^L(9h<ciwj$mlKIMsc}mxtxa7<^khb`fNbgQo7wI1_wS5YFGW8P
z#9O+Y9>si_D|nzBI@IF4$jm(}q^_s?O&`=S79a<FHEdH%Xv>1>howXY^zuHtW{<*{
zqq;OxshD22{Telb-@ZW`XH!N2EGYNnx#XO#_RJ0Vv1JvGD|SoUb#4h!ez?u*pa@>F
z_`dJn+*==CH+>V<{VS?E(pB~6CzYWKfwHf<nHnSSl`iI*+$E-6q<*ABT6PrU8yd~i
zx$t|N{{m2<O^iOPxg^zz6-`Aa_exvo1U_N=Nzb*eVuf^+s>;S@vbP%U9m%2t&M-$?
zhi66T9I2Iv;V#yQ6jZpzX~~gCf^REt2Wc?_U8q`%H%T36w<~=;lkJKjV{G@-N8`AO
zq4E`)U>HbgFIcHiLI=LD&eGmoN*tc7tV}6P9(jure?C!7Fhg>yjM=uZDdi4KpONN|
zNqIj;cZx;(D)ZX!u4KmVj+=Rt78q5XhN<?}9}Z~jy*>2O9Wee?^-<Gwjl1kH*m_6U
z!}5aiM?A58y1ZY-lK%L(nKN#}LL>L?(I{$*bguxr-B(E=F~tIFr}EH6(hDS~n3;=K
z$5?Wg8D<ZIp9Gt7yrgKmP^cS;=6FextHu6|wnFnYI@O=q^uFO1yF$sCm|^SyHnUK3
ziEEkY+%{PVEh!<jL{9n*NVlf%T+0i*b@mNVh?-K^W2hhER27nXT6o2#^^Q0)#{X)#
z%@1PF8RwU-)y6wo1-rT;^9#XMwf?MlHOzBIPoB8^GCebn(Bp)Yj&8(_hLV%$Wn;R>
zD{H^!Rc>%<ip4Lw8kdBrCuXz02(7xAl}H<E$F2e_a@ZBsU^XK8Kn2Xw9n4iLr_2Sl
zX2m3ONe3S}+`8NFH@z2We`l`iXc_u#tJlLrL1$s&#6!Oh_?&JBJ^+XtbGK*8ipa3-
zC~ISyRpsifi(C=>@__uDGLf~+aa!~HaH*aA+RSQ7ACgp1)*_TfsxqBT_{Z0fmLz*z
zom|920<Eo#i$FRYB}6JU-xODOC^EV&zp_KLc=cs&sJ~&z?&3uD(Cz2CMQ|Kf+3Shg
zudL<64HhCYC~X+8w+Y06`b~R@ngF>~Q@k+ZOwyDrT_Ca)SDX<q-fIk;Xb!hin|s@q
zZy+3#=AwPNgJWGHvM*I)t%ij0i~#aYbO#|L?qQ(GrL8nyQ;(Z<UZRyJOznxRIXfJE
zb0-PiU!86Zd)Bg%b{p9!&voFZ&YI)}cz+gk2!{cym7uX-kzdAFH{n{nGl!+_$390G
zZOU5Y_O;OZ=2lzmxWkG`_alquQfl_X^4bRB)%9je%EQoyX9I0H$hA_(o#Wnco7nzG
zTmTr&ZdCha?`{}`#9D<uPRB#ZE#k@5-4l}~O(}_=>Tftj`lwsNwO{BGL|`WJBGA^2
zW3S1yc?LMoh%Hnfj%GeFuB(aR;YR?sa^SCk89J`OmhsoNM)Xb$<N{$H2ioc1R(HkQ
zB!zc-2^a<X&s2twEBr%MTs(<sDf3p0Mcpo_S@WX0QL-W-a-OVk5T?ief~!hbM3aL`
zdLhJNB<wxiB-NLDNM;)_0+XdFY)iFaC%g5~JI!5JNrDKQ@O1~(DlddlQIQ4E@>K42
z)*~IMP}vQADY_J2!e$y=nhR;|zXc9=gTfnA&!%5;iSZhP3k!bFD<?d%F7TT-_Hqe7
z6|YC5H4D)>N(u57v31>D0-oLRg&(OW^RJ(ZJC%1#7(c*17}@q8+gSG*OCDf2sTI`9
zmrI{btP+uFHP4~VY6@WY?%YvNN?g#M2Y0E{X+5<74T{bSuB)n#6|7%!eIx&TwUSh~
zX<(o)6H+wyR+<{;a*A3YREVXGXK;q@#CNjM#~J!BNLXB>dK?@Yk5XYV>{dW|Z@>2i
z7^h;0bH-HwPx4rgcxZTjEutlW?XiV=9n32z*-ayDSGSeN;&@SRT{IJh>)R0QWDDvz
zviF1fga|{Psg;U}53u$da&#E1i*_7-v@Q}&KISMY3PWmsFj!R1-)xK|bSI*6eDVXg
zV|d@&c;l}v&qOR~@6I)S@N~2~#(Q~dL?7Pj>%6dDW_~#bb7t~5*l1Md9g98}njTa?
z==%W>s9iZL<s)jYB*lS4`KWj7>z<PNTHJ@2FBv;oaFR3e(Nm`{Uyd%;RXOEZH{0&*
zsIODo7M)+L^`14J3Yp-+i*d9bpxmv}cHw0G=G3KBUv83oQBGd3zKl-k-div9BdZtN
z7H<s#LD7ZyZFaJ{dMtYGexGgI-fAm!>u&r9@e}Z$&v+P&f5ZLV2gG*+|I2>{;9o=m
zq#6X^|NkPwnZF%8oTni`v`q^1*BQk>S^s~|KjnY`Gy)_u|KCaz>WlvC8X@RkJ~YB$
z5I|{y&m)n<zj*&^7x=#p`JVz38WvLj{rCT>0Q5h(|5V(63i&@eA;fRG3CJJ>0Wttt
zQZu4$W+wj@97yq3%}D<Thfp2#m;e8y4W#(1QvW{ST>v2n4a~sDMKy?S9i+^mAOzth
z|Dykrf5I7xzhlk#YhDlNZ;Aiy0UyJE3JT2lPpAL$6CmKP2>&X@e?t@ieCF|X3IY(S
zgR<}|gC+3dcn1E5=l%CYHTZv(_}@$Y53Xbof~XDuo%Hbp`nO#Cl`A}<@%kq;7zW|5
z;O{M}K`Qhhz5s-Hb0@^}@I*EEUu)sN)Ysoq|6d2Zw(vnR5bB`6rTz|105Si^JTd*R
zf0)o|z4{UI$B#d0YadtIWiU=!esh1u`6o?xHVv3dIhC=LpQLZh;3%scI9UZ}akJm}
zw!n52#AWciIvsYP+pBTyoXN-mGT?5K{_M7UK_6Z|Lcel=LO$CQG5Rh`pvGx*Vfk!d
zf$W*ruEM5Z)w4P=h_r^I@q~UAhn<}-dFhg6$av-F@7nhh&@iF7+X91ywI{(NH7|F+
zPy>;E+8RI}O`qy#M>@)`Od(;1Y^d@$C|Bgv;g11@>hEZ`*rajyXUD61d3ky+<LqH0
z%&M(oSzFs-%MzE+?Bl%$a315#Jo>EhZo~bsBg#VwK@rC=Xig=0KcyAL!j8oLT*IT~
zKIO@;0O=jU$;7$@Qi_G7tZ^<md4D$^SssL{x4c#8L3vtOIa&ghqAT3;0pOmP(qDR^
zEBYnD{e9{nmj};L>({twWvzG2ro~sf>94Lj>A#2+xyrv{dPJkI-OdU)tvuwFz<g9G
zIE`2xwxwBcBN=P48Dh>%TBPc>3ZJ1J)$>s&MHV?HDJrI6*1E8mr&|r#DoU^fV@CQU
zP5*n>Ff!EGLH00v^b$>*sP(h;kH*|aQR=c63WTLa0uO~zAE_?NbmAY&%q7KK)txt>
z*!>301Ra~y3Vt6o4)rLLX>c=+NMW?wBzQ-~6q!rb9DT++>~8=);c_ivSeH$bd>gf>
ztcj@#%Lh%bz=el5w^aM(=>%6iT{K4r&m2_m_y`we3QImAt+xDVFm@H54CGIKSKoA^
z;Z0lR|72KWA$~lmH4zE2g9N!1=cvz7Sslq8euMFB_vKMfbv$nB`T4Zpys&QH$5AEL
zH^}n1K4Wpko0U2Ypjn!GOf<K{_9IpgM4(<aLXLJx2>W*2+gobG#AhN9QuBp%H>EAA
z<zhGf=lolOQ2KSrSPhL3mHwCU)i&|_9l25itA-Ix?Sb2VeJABkWoI=p8f5*I`O|dY
z$0r<D-h5ONR?{dT(t*&8o*!~DiamG~Bs$E4a+UqnPvrb*K;XIZuRePlS+q<J@Dckw
z{8rx~QXU<SV{0G1s6)2b7s9cFlX5Ylm!MM=SMMbegpa+scGo5{It#KR8KBGSW>uvf
z*uZL3XRCU*NaO@|p^7GC{Eg&E^01}@$3_imQ{JmxI@FM@4G+|u7Zi1)aLIeg2dKGZ
zvY*V_owRCW(8@->H{z}zreK|3GET~&XSW=9&CW&hXy;TSeEk(w*-PCK7Od2^#cv03
z56v(unbU8&r1Oz?!&)T2*~2}`z7^bCBNcx99@wHRI0nDm*;Z?I=o#kKuvZqStE<E0
zHQIl_99Yk)WT6vP?a3?o?z>_RxnA>BGXS$D>zv7gza_MpbcYSU*kH1#A&MAk`;(DQ
z>mR?V5nKLoMW^MDZx~L=pM3a<hmHNy6@TIPxF_I0K5J(3Mw26aco?Mc*G>t^n|_qU
zi2Sj`{rZlF!3Zz0gGWf;QU|{KNv@go`z|>m9M2x62bR$T|Ln%I7swI5c>MHlc<x_s
zAJuVSL41He@GQ+I;Hx;WBHo9WUB@%$@#5dfH4#agS@=*d@$V^kkp=S1KVRT;_9xoJ
z0-U{SG91ed%Ehhi&@nL*{P`Pslm_6zw|l94)2DBKHKcEIIx+bnHT{5e9Xt2so|3z|
zHj*%wky}_203fI#C{zOgC;>zuDzVpBWni9paxH*~pk#ho6fubEx#sJlw)nc1jGA*c
z002m!Q$hmppo$_bC^0PokPT5o$d=|aNOtoX)yxG|cG!rb{%TaI31a{?0R*M$HRhyg
zrXWG0uqdLkC`wY$iU}czFm~Ug$-2(bP=<4RqpA2Cvzq;d$J(UN*fSj)qs@z)a+}3Y
z_b5V|wMD@QK+$P~h;Sb{SCZws$MTK1eERggUdN*C?wj?)mcf+py`+d@Ojl~p)>0fi
z!h2-=wEKt*#OxCGHCtEg?wIP*=jS$2C4jJ>On=9{DAtD3{4or(dlWP$Qj98I3%}{N
zTa&w;!-gK7^%VJ{qo`<(Uz&iF>MrD?FQXV63l<t=OU2UaI~qLO0AypR=}b_RJFT~D
zL7p;gH~?@K0f!DKacx{2`H7wBo%hOOeX&T8g70HWI?^u|JAD9gm|GKPa&S5hr{B3+
z^Q?rWD_j`(2&8(`RPWUGi6n~PC=XUI4C`E6vM(W`x-=ms=+{lB8IC){boP3?wHS8=
zV4zn7iDZk659S|kdr8cFByx;GIn>s{D(~Tjz=l2mhtb(7VEsY#F@pnHH@WFHqsJ^O
zti2IH_XA%ED!a#k#~=bV{9w5UU>{$3e-QzQdgpJ?e>#v-MXBfl*oc?_gf9V<#iU-4
z=j4L~QXWghY{iCbLh7$esG<M>&;8dx2CwQtUT&6$#KkpWnS8zXx`P010Hq!up^TT=
zG8?IObXCm>u@E_rU?nd;g<s?=VjyQ3daV?exERRP^ICzvGDZ)G8rNht;*al|g1;?9
zx*3*Q#Yv{|Icw#wv=_=DHe=nGhgzxQee@XT%a+vR{u~#<wU`U(5pQNU<QTs8sq>=F
zPJ3<m+OQTXr|;ES(@|Z9VT8H1G4Ptg%$&3_?0V7+K9#MtKA=t0jt5`WglF>Q_@~*y
z?YWC}E*_AM&h^#s+rw?$6-Fz`&ZG{~vKE^(kCqM>*y}XyF;D7h#7ae3OT{8kO?_TQ
z@O5^j@cfidtZQeXIrF3~b;+zPbq$PN(?=``#+|GyoYr9382;z|+V>A1|8W2Q+dtB8
zFdLsf20CnMeb0;!rZLZ^$RP6)Y}~0Zr7b$^C6<~EJN$7}xH`wSrYzky%jq3~y(v&8
zLeO%P0W{ENe0KCy5GIA0hJ#O$gw%L6M(xI~fq<Lrx_FMQ2@(gAn%7hB%{e3U+>KyI
z)EWghg-5S`&K7a@9d;MJurb}Q>n5C@0Gi1MudEh%T)hAcof!!#-b`*c*QUO6gFNiz
z&mVIjBp*=OQ6adxB8soQUGtBiCM$!!6Kxx@J)=GvxGXv0gB(OD)7?jj+kKS(%t7=x
zLHXIUcxwl@@4Yudp#n$vfl<5uG-8soC(1GzmDJqIfJXD0?7(=c6EonMZO9f;|C%O)
z8h%bCnJ{6^R^xNGp5l;-MqPzZEOb(WlfPJKW)SM>7F+W1Qjkd?z#m}HV;eqyrB`>>
zjT8i7RzIpV_|tco9dBZ4w=ZA?mK{AkZ|aS7*4k-fX40>Ga)Q!hc!-zDD(Ny<NF}#(
z)3v;NxB^D}>Ryn@3vz48m<fsrE<V?!tnoQy28RE}dPRw(scC=keuy$&W|K;yH^r%M
zW<F&9b_SJsfdC?$aftJVy{K)Pb@7XqKz=B6I5Rg?WlKr6PI^SR^GgOI+C*+v>SIa}
zJzW^~;3-F)WYU|2@2Vj#a-q&(hDLp6#>84ZZiJ|%F=&!C{m?ZdVaS$(kXxPD6~aqC
zt;6rzk}TRyC&BH=;3#g(k?S`xPV;^L3YjHM9inP7<DZqg@JVd@lYD!^cljA{1dC6U
z=N{!jc&zSIiXGlzspDUx7%MbAaU&Q;(#Mi%L&*HYXIW6m{Osr1hPm{lJ)a8v;2%OG
zLTFnBBLr22J_N}C>;?zp_9<$>iBE&PXD_RFS8sHzw$tz9TiXVH-i%%;jSDBClsalc
z2!N0BS&0A?aq)3n@5B&r1+Wm?;HwY_p&GX<IjFe|`H`?QR>6rN&w!xpSb`%;Sw5!n
zD7M%~NuZ3HCx+8QDRvS-Z3DdGyp*3KGhr1%yw^3M&xemHxmG229x0Z;JS$h@;gKEy
z2^eJzvkJV^zfkkJn>GK#!DyT5Fc{l=f;37l5_bsiSZIFKG<RyLw)UuQ#;X2P==UgT
z@n~Lch!nZ1B|CXklZ5r7oyXB%h#p8oXjC~*t3Es<qwrMxLz95%&o3Z)zx^1<PZPZl
zSmL_x^LqV2hNhhuNHw2LhTex-3d^eshNir;>)#c=e_XzN^{(pd<m7Dc#z)k!pVnGL
zG`Z?L=I%FbL=#nyX~x^>B&>hPcIvE+akpaw1mS0(AV#Sh^q%2)@e<eis(3WPp5;Ur
zs_StK>T9Coi%$<!bFrI&v<0Esb|0i$?000^prWV|p7q?~lR4H6&Pkuk@H88?+0>)r
zr^~<HUz$4TM~Xc7QfcZbi-hk1{JJl_-YOqlh}c%b;<S4NBNS3uPq}(u8v8X8VV=Gy
zki}@#$*WPX7av>6TUVZkX<jgRB_b<^WipxPZ=M~TZ=Y<C;vcX+{qOJn7COunY&K$p
z7IogLouf%}amVBAUER2QQbJu@RMX~QM3?NN17R!<7|quuj2HyqDGC2$vxKsj;N$4p
zN3g?ihfXEy)D>NB&kb$l4XIzfka&_K)M$gcdrWy^xkEn_v<I7#+n9y07#L%Sm_pIL
z*W)eS4SBvE=-C$$=~bQ>EE^>0dE-$|PEAh^gz?!=X6(}RjI6Yk54Jk!Eu@sALGZd9
zHHUkFk?8#XHD@(PCD(1Hf8vD_qYl_QP=N+5=PSKXoGjKlq1ZS$+u+pGM%4zHP2k52
z1?AXN(%4hhu|ljoAI2T<_4b}F=N<WU0<nkheOJxDBa6j+MR_f2xk7Fl`7iA$1uCgK
zP?Nw2wrNI4S9nHIkeYcy`N7Jn6fezgPhAy7POH6%e%o^_Hr^6?p_k`Gz4|G}XRSjz
z#4^)!;qa!V6X~`i6X}~H<cn<68534KZoR-X+vc;hbJ_3pmDOZqY4XY@*iYsDsED+m
z(aN@XxRI0Z2B9yoa<eC>FG-pRzm&=$7VaEwR?`}mBc9r<WHn0hbbvj00%XoMqORp1
zUvX{*dyVbVmLdH)dD|!$EpwOS24t8*rt8GEHo6Tfx7G<lu8rTR%$%%kh$_Lmwiq-T
z-6@`YKJJy3mKinHLdAL%hH;+n=V?G}R&kdWOe8jX>H)Z)?|s-RZz`*V)5Kjh@+&?1
zz{=PQ4)MS~VyLrCFilH{IF0Y@tcqNoixX3d$O;XO-f7em>oL2oqTm_<ziL#k>&Hy4
zq&^Z`Jo=MulZLP)l<6F<x|+70Htx}G158LjEZ|)+<`k{6fA`q78zr+p+iQe%VqmS9
z_ZV2$WKr8x(DSB9TS-ua*n3`QPmBIEDh64p&)0!+UdJ~xg{|*h!;txcSf5oKZXiN3
zD}UVsZ;q6%q7kjX`?^ToNb|qwoF|zE17l|^l-OTa6h^p8YMMjlM2iILo!Y$$Q2G8+
z!i!&IgQTBAZHO2ILsvA6$@^uK>-#1T0xx2lguTdGgd_4o8ZRl8PwOOyr#@4jDWggZ
z6c!Egf_@fMVB`B)mf-TtR_zef*-DP*Bg^1g)f24sJSTUD)DMK-)X56O{N~9_oVXkW
zlDYau$}6qN19E~rL+3@jQPRDbeR)@9a%i*%UJ_HSi482pB-4NXU1TKbRhV^_ABV4@
zKF5!8ewhbkk2(v(ZTQF5ta^hj58vq89@F7CF1>tvua<QQ{MQoSxGa>K-|hX{%HuPF
z<(bO&ZKqCKs?Ce{fQ+%gAS3|Nvq~li%9NI}mMUOXS}Lpi`rDgE)%+gxTVqnjf`_||
z$-By5rYa~tAH`ug3S2t(-6+0p|L~IzzCsk*xF)~#l*$C_%OEy<2R7ar&P*PCF#Pf3
zmS0a~HB8hN-U6?i$i<aLJ8}aEIV3)@gxjK@oRgzxTo5_anhy!8@$c?Y003BYFbT~4
zmxHDnL}nxK)%0&fit%N4<e{3KQO1K!ec_S4ValIEuQYeC2Q9@VIRZX1(8^E(H2mO?
z>qev4d%9D$qTW4oU5$@o!79P}$1$+x=n-~UgD>|LWo<4FO617cm#ptIn<>W{Gc<Q$
zc9XmQz;L;Rxk9!NJxcf6@dE(0<zv$?AYNk<0wn;jO_D_=g5_c_d^m=i0GNB|!QQJp
zj`5)YG!G9B-bTrJp{N8At!c3nab3$%#%}#VCsDsGf}aCq0MuBtOg_8Yk8_=5X*G;*
z+L~`6U4`IO_bY_E1AksLzy#nC$_-$S4hg+xb-1qpP{Wp$kgs6)CKHXmbLCS0s-e5q
z5tEGo{ZkcTor}7#B?+rs9Jan0FvuEb9tE&p-;jDL3?eO7DbF)(CP9M0C4ikPfWybK
zKfY=|A}A5?#4g>eo56!aspN)`{NDgAPV#peam)CQj8Od-OC`xY8Lb@QpcJpys(rPN
zabWJxqwAiO7G2VEkiFYJ>7asAh`oHqY)9F;!1-k7_Icz9k|;g#qu=<ENNq<?CBpPt
zfXP%*rz0l%OI-Nz)$(%xw4dD=#p>n-X6E$bED$N*72;I^BS$)gX~7N@ZnOEim^$w+
z1iZ<s*_LO+_{Sl33Ar^tC}-b(JvcyrT2L+M`BvqO??T{#CZhgXZhSA|nJ@Yd3IOoI
zoqF+1%qvfx&e<)r3_C%4?nNyarF}N<ttW~GFko`P&VPk^LZF$$HTm_2ilp$Xo4k@j
zyS<|qN5$W74?j_i5$zKO@kz-h4pl#Wi<>EzY$#;WAPnE={(5lR8E<kNzl>F~NFK9j
zjE{xRLxRND`ipDO$T$7;XSKWm_<59uQTX^dvDlRn=Tndb63AqQIODS=tzY71pmgO4
zc7vp@+RZ!(-dxrKGTYRTJa7|OSjSTEjbG$9<6y#`2kZw_nVw92-IB5teAiQw8mK}7
zrs<y3HvBAx&HY-%0!XmAjrwaD-KR+dZE&Pz&go2&A6IQ!)r&T1uG^YAT}OQK|2?_4
zNlUO@gGDBXz(~Vp2}1nd;S&EQeFXqa0sv~<01rk03xOj^6bk_1U|WWc=;i)DQmlBr
z1OK`wi2$O2W+H$feg`q4kga;W`gfh_VnBd-K|+MyqM0-jna=`<Q7_OK-)iZ+?S^%3
zzKZBDQX%NYC-5``4hPK(0wf6UH8c2ZaMz1;_i(uONBoCXWnBPO6s)UZ=3i;F2!qAc
z)R@db%m7DxQxwe&;Kd-3iP2F2`eOjV6#(GQ0O0R#04XL2<5Z&CB}GI{{M+A|Bn1Ho
zDcE6qzJKMF;)5MF0bqqM1S7!3*A^B-4gk1E0RTZ&kuT(5^~9j5I}bW{b0MZ$X1*gG
zMulgcx|Ts{b}L&e=uc&}d)~gM{8D9bKSNm5KRd4Ym@uBO3kA~`uaXO&3ZJ?^@p|8<
z$yY<=3Xr?)fkpj?0tr9_CAt7|ZU8|seq3e{K!o=Z<5T{pehErU@CA$dkJ52R0r2lr
z1n1*hV{Ty(Lj(I?8(sF~pR*vq+<!gUfEn}n_Uf;h;OqpQm{<Kd(mAF^Du4v9gh70)
zn9)j}E__^81W}9tHhd~E008R_0Ct9N!-!zO+;l5|R~$m0^rREpOogv1d=30%0QlMj
zWdP_v03u}ofUIG5dCo1o!Dz+47qxPs^Adh|Hvk_A4(;f?!*+;YaIW_jqJTZf7bw<~
zyBR2y3IJdL`^LhkJ2Ch|{gd#j_XhxCK=@PP+O+>`E%I=83DSEER~mMqB?AEH3X~)+
zd=q35L2QO!Vg~}?zxz;K0jSRcFpdCVE+5{wC{^)xHb_la=m|umqDN%o|2BcYl!Qmf
z@s)=M=>Y%_6EJ@GB5mMJ4$mJ1;LT`|gI#Ts2_AA8H+&Ccv#}<Pz3(|x;-%<sA0~cB
ztqXY0tW8H!sEq4VuyE=;!RvLwK%y2~h&u9}z1SYWViEcj2hVYx7ZA$#2Rixo7R+XD
z%qInmxc4Dc03y%Ti;K%#TtoMgH1}jBGOt5UWjQ#j{#9CI%Srt$bLR?{HX@ue$kWyk
zzjLj9NJP%;GgBr!mJ&p-5ct_~yCc+SD$iVR$XIw9RnAW}mX9U1rQly-o|Fl!rzIN?
zZ_Q;RT3+}nrFvVjw|m=Y3_6_2kox{5PdC3sBLc*0ke$HxVD^${oX7*DRyrCc<~xn_
zkEHnJBumFSZ?a;i?$~Gbj-a52okdyBDWT<Lo73NrGk9=vy8p9th`rkU1VnS+)o0zG
zPNwkd#>@4T4Z!}>W}bbnh&fAY_+0ww@v=^Qjl(dBd0ggBVwy4kS|*T^deB+TssmY)
z?k}|vmpKQ}L{>OT7X)RJqP4op)tJ(+{F`^u^+_YP?_Pfw3?rQHKlg<fheVC+uwJo%
z4hGc<V;arm-bFQ%O;Vvl+9Y{tT}`d<NyIE(EydN>ftWsva*6gcY?M8OXk-(!Rj<ZV
zb!FHDk-E{bP)HLu4R~yw$6gXDza%Do-V`y!aByQFnOLlQ=FZ&zS$DdT8Os9GS?Sq-
z`7sJe8!T_pew)~M8{I>crNf)K>>DJNp6(^4__oN~rgY9Zn^fI5X`j?zl1aw#Yk*>t
zK2cpSf0G^S)~)ZhQ5SJ&N9{qd6y4X#oPbu(*s5GVHaTN^L0OkGs1MNBcA0+$l~-#~
zrDPf6C_rdQQ}!jOA+FE6wlgqH>QjI~9sNl_XRMQ0+3&P+>)HoRn)O5D=Y43iU%AkA
zGo4?si%61<j*S%3pZzqa`<<<G(DWq~)kXNM%vlZR!P#cVLH?z~!AwEEx^zosl?bBy
zlcQsLUFZ&$U5^Tit94s(X&xs5AMVNSQBRp=)QWN}(sGT}#Ozs1Y$`U1hzYkdKd;kl
zDH7gscQbvH04=e2?wn33q8}<R_^ZhUjrY?H_TEk&bP*zlv)1wgg<aVU43@j=*xr))
zM3TU{ogsc@)Ook!E?`zLH=lkC`)#W01SMQ08m@B9S8@8gs&a#AozwYD7`x)8OX!j4
zR_|mH_AUC>P(61l%%@f^ugmjbjK&Ew5ptZ^+ZE{SW$&tx)5Tl9cevr8qFMJ;;7Lo5
z%nYWdwlLx9NdGjIv)RL>cU;n7EG1AuIt<gZ8n?pf%22+o@ytSb*(Aj0X4dC$%&wZ<
zR$*mPsp(M{8{zm{Xs7rVnS4h>(Ygnf9ym>0*&v>+QRQK)>BTKy5cN<5+<LCb-x-a0
z&{liBi>oy=q%b#E9a@PbDzrK!79t77iC}AFSC@l?m8Pxco|Ue(CtH)boHXkU*VS99
zZWfjc*5SMrpQ|?szjwv*IF4DPb8LJ&53~|meSHj6EerA>j?>K%BGs*T&8mu?$JTA6
z)3qg{T^;(KV_p4{cD?=RKJwN3;O<)+!Gbku|JWyqlBXGm&dQ!aMOzLI56EL0()OL?
zM(f+M1v@?pnpLMZpxWNFy&Y_AWpwBx{fXa1>^}FX81>Gyi>m5Le$|;+_gzDoN<rvT
z5xqp|XK>LsA`z>RnZbuPE>>3<AB3!vasqigA!&sQ^%GP3^=I$JkyRz@ZN)ZgzRzCp
zjnFhb=AVi>bDXs=bn=j0f_=H@>XBO-42H1ze3hMTdwpDP>CLvG_fa1H{+l1r7>U}R
z(=ZV0t?gBJljEs}_jv9g;qAL5AD;$$@2wkI)$|eZD0b((zIpKw3Ep{|GH2R_5{~4%
z_yCxQaw&rP-1`~g$QxCxWZXW5+=)VJy-MD6zhD(~bV?BPAa}fN)Rt+THdlJGB-gnf
z`qs-;DTRl3Hu<7&6H(?o+#uxcPPq}*)Ku?c>(GKQc-SRQY$E%X^0dj&w=?`}_($`~
zWBv#J8!Vh8SXASW!}gy?Vq6nd845JIc6Lcb^)sPDtTDcaTXOhy(?Ru;R1Su;e2RQ`
z5@*yygRh4(O^>Is%J%hgRr*%Hc-*B}{Z<z#8GKH{kLj0$>C0P2dt*m&PnQ~l#>Dsz
zWA;$2^5TwFNpnRT-Pc$P1!N*Au;^UY7Cv8Gm@tcM{~5F9J>APX>Hp*hmN1Xq6GeGA
zbJn<)lHgdV?%+Ul0cBsW?fsJUN^E7Z&8s!7EHOy&71jJyP{rG(_s!w(Jl?9e^YM_|
zDg(MY+ZT|K#-P^^2^5FQNzI2MHB-md=S0V>N)j08H!(b@vnStG;e~p^_fojxA2NZ0
z6-}lQ_(#Rjf{+Olmw3$&B$4QfGNzC1o9}Uld6xo<H(Q5g$5JJ0xiQRc+t`nbZAKx}
z1erHuJ5YNP+T1t(e*fIQ4lY~<i8?iPKA+ojvZR``S_-H$Lr;ozDs<S}mR-v_*WBV7
zk0a|dXFOVTc{cptMo_1=nP3eM7Cko8VVS7%z?`YNME~0$2kva;NPqoXGQ(e}*?V1h
z)x*5(X5rRrVLg&+sP4I2Y(0uP7BhKTSX9j%y1xFCtqpcNLnnhs3#qkzWGY?%c`LvE
zSI^UWd%~PlyT-AZPPF*->j*i~!KotKK0g0BlZN?Z42f)$*iWU|(=RP6@_vC4U1{8q
zP;fRpNx}Ip;47pEH5v`bZLcj<>gXxjLJd`5d<fciE8;TWTjy_rd3fREQLWf6R2gh*
zg~tm^hbd4&wgs0Y(v4%l)ZbfM|LF6&3tTu(JW(beWVBcitnw6x$nZH`DBpJn^=zNU
zdNW@XW0M->yJkX$zbew4b5x#fN+`Znu$r$+%CfDc8___KoWf;L&IyxjemOktUzqYn
zVf+60k3(KL76<LnhF6P{X@j|LwkwAuxOP6yQIt2q2T<#;RH;D^4Mpd07mX3s;prl(
z&>0>yH&69d#AO&^$-YSAnFyy?PcOCQgXY%${=AD@2QHdHXO!mh$7bu2Yl4MaSRLId
zML*leI+?QPpJ}P#zWFCczvE={G_r;{b0FxTE)54_o%VN+*&VJ%UXgs(oMr{!4D~K&
z*c9Vx*#eeRwk&!_m2N0;Dv6cpjXKDU!?fdDTFA8)Zf}LlLjw*s2}|r!Sp$c<TvcMq
z$Cu`4pX@#;zl>OR0$2*G5s5aR5!Ea_OV*|9;omEhnj+Xjw)+Gqu=4NACwSfsmw~~m
zM1ZST6fG_}zi?4+ToHZ|KS~*rZj0D9iCA-Z-$FzCf-0#rk<|6Rx&}1w%IGS?IgVUb
z?&aPJHhdjVXL2o(wLYD0yBDKiVmkp08gFT#!FuZxn|6z;ti7l<y5W}9n{<T&kW?AN
z8lm({^@bTLD!wGaGo)~x;#-o2QBOsb+k-a}G3jr-hg^@Ko)2s!1nP~T?x8G78V@1N
zq_#?np9z!`MYl<U+e}W8F-nJlfKoI6%|Tl!*<hJ;Youe-WUM3IxQ%^e%}zV%NuBe&
zAi>T{!XgAt!z5cE;6=7EZ$|V+;PgE$K;<$tVuhftsHvWz5!X1Cq7-7#*Ehv|8EW$g
z#~mJXO_ix0UA9?y8A@FM=8MX6EwV#{`DGEn2@l<%jShQV`h3cw(qK`)L^0;K*P*k0
zhPeT`P{+5_&WxSDh6^UXv&e2nAqNL=-1HP;w4k;VHoF;z!!sFPe8o(@lWzlAf6$(E
zqt(4TO8WZni_hrvKjezf+^cU}HhQN&+VK~FFMfF_BhAj5MT{6L6;H6tugSLYtZY;^
zJs}>Q(215-zgFS;8m^oj!R{&t8dP3aEmIrkqp!GxFoTJz4-d^6Ztqj=cQYW2Ca3s8
zYw<v;h07wpe%0PQ6mSX%g7aO{K7LF{LAK4sKYt~}$`V8B6c<P(ShXlg*x15x*kU9d
zC<Oe-+iE92sXaMc>{LmGfqYL<<q87q2nk1SG-yfl8w?St6#50iy~e>^DEv6kE`hs#
zaByLmpKr#-Z174~Ij!$kB{+OE32;TUZdB8S5;2#L3|@<Le-%p30pyN%jE^BC*TrwR
z%*`Daqo$L2WZQSs;FS$^$*;f<H=aHVZ-8EGAE*bqZiocY(uRgNx4;;nD^PRcg32%$
z8bS_=7&L3x2$+LxLw2P{M&>!YPHE)>odkz^vVa0Xw4tzuM7g`yQ%LdFhX6wTGZgmc
zymf+o`But)4<%WIT+q+9d~x~r3(T**uDEN=di&5Nmy#<gYe@dfxwPW2Pj7FUln+^V
zxH*g=%nI$Jvo54g-AAG9#dOu#<x!uRZ%c+0)`;F8!2<_+_Bx7%P)cJ*?gZKDH??#O
zdc?XBqQ8>&)<%iz*X6fbt&4`z60|5{!wR1Gf1dJ}P}z~DFzU>Opra0wT3jb32zDAg
zdkfpN8@kI13uJX(`?b5Q+DmaBp!0P<5uC0B!sQJbrsNLu1=D)kf}j^~vx2PdqX?D-
z>B*D4$_v&a?cwh3k++`|apxK{%7ptuOEWnYOI0#1wfd+;v6Kh*_0!F1y!kDJ<ERUC
z!*g&&V5v8SAcF4h9ieGQw7q?Do9^tWb`472gMGA+(l20_exW4vohNB;Y<u{|T?sYG
z4gv6+3`iA7vV(g3f?D*x`Nn%fT4EJ?8H5z}#i3i}1bPU>-Z}RnI9NqbtDXjUVisi$
zH!6K$4|LD;M7H|*hw0a98yyI_(W$l5c|86}tp@RGmrg4!>D$|nx)WA?Vk2}C`yI)X
zHcL_6Q!Gu=++4Bi)^&E<&?(SW$0l}tw7!+MP$>fOko7_IMJYz6g**i~>G1$-bBr6@
zjnhJan$?o^-ur5y{L{?fL6=P`+0`a~f=U`I6;Ush>ywRjg$$Z(85~9|m@V|!lP(-A
zTw}n%>_+i^)KW`e!0Nv03aW6RGT;D`^OU!BJ_oV?fnvm~G}b`Yld5hi^B)J75rYwf
zw2sJjxDGrgh2FJChTxLm9p&jan9Wc9@qzCFNb|m{9}u`b#2qfBIKXw^r?OjqbQ_?+
zESY~JO67jM8<zKgn61UyG7H2-H1ZPnQRVABv}2^myKy9ro*ppDLsvaQEJ*|aWwf-l
z4Rn19TL~VZm6njxHph=a)RhE<()uym%;qJG)uU_41j%l#cuDATKE1tvn0WT$DH+bE
zYPT+95Wr+U(Z9QMJr)r&5f&>6Ri0tVWe;mrW@!Y+jN6;`sK?i#>J+>QQMHyS52r|-
z)I>(vLty)?T()N@1N530Jx7*Qy3O!)9fPZz%M5^=Jl*9;c06t-4~S`?NjuGPmU(h*
zO`PjNHK<?9ifo<wYPFvyU)w!00q<&h)8h+=Q?nVBNm6d0P!#kASS%?|a<dGf)qI{q
zaM8_6!|2QE2%L)kn#A>GJ&)Qh;iDr0)$IP=&z)|BblNUX_N1t)guN;FWLQc|hgpvh
zFHXVWS6FHKv&M=oA3?>PMn9jsB$cNmBx7Nj&N1vwP_|o$F2=_+T{roD;OE@uGP*)+
zG`|Ay?sP=nVrNUOq_rX|i1r1LPDcxaUFEk!;6ZsURzGh^hdf}3CWHE}9?Qu)PlbsZ
z^Z*NJvR?Z(tT?-Y`Hg8KHoWl<+9X?E$r%JKK!$0y?_fdfVknkQRY^%8cz`Z6V)#D6
z5WDqP33~>J)M{Cted&MQ9}l2SBE7NW=WVEUF-CGRM(TLna9vU6!nRMRBo7V0lF{Jq
z?mlWs!{L#ap#&&HWre4tc*ywuDFJVB_Shivhb|8VA+zXJ(TKrNiqp;N2xuB}60!#+
zM~yU32Xkg-ae(<cOsVBIO^<Cb;R8?4n0!v!n9uJQ7e}L^iGFUYcb}YYn)nX(`?s$o
zDUirlVaQx%WzrN)`X0vDzd1nNsICgl<$TXKP6|=o04{>m8*V%}iTdf?V5?4)YO}WU
z+>j<Sh<oQsv5z0q*cwbW=A@j&8{(_}dBrNwt%iK_3L_)=^M$*&Q)UlhpTWa{=pz&7
z#mRaSx*sX8)4zKe-tI<SSO6u;;|K4^JSMobUd<6JY&Q5ZgU~C!k2>m_k-B(@S#x&e
zs64#z>%lJ@E%`25+7@V-oX2m-Mh=MnOfE^M!Dt|*N(Wi>mY)0V=A+^Raj*z{+lG>2
z1#eR%N9lG5p5nxb)rg8<q()bl_6{c|tG5>w1&9~{3oW@o&)H+4zPO>?-Q8mu`%jh%
zmnLLs1=mWT7n-cL<qw(Hnkfgud3qN}94IIPlvj}W8`G0Grpd<HsPI)jPA{idnH+Fj
zA!oQz{A?dV<_{N9-$S9NIde*DjpI(7)!L)uf<vIU&o}suF4R<Myk`-E4r2{nrIL@T
z>c~n(W?nQHeq%DA$v1PzN$aZW`<>po9AaQm*duv?FsP0B$~l}KY-qCcY`<qNQ)dAP
zwJ<9ED;<IzvV4g$#xaBi1C4^XF<V&jfNM@C$;?OkE!~c&pQBw>$|o0zDd~qidEo$}
zk@A$zA@Otj4T<m;2Bl7IH`XUPVy@JdnZ&z=rn{jDhp!zHg6Fp!c*#$*+7y2-m6S*C
zn>p5#aUk5=ade$N{&*c`kwp<vsB#e!0sshIi`V96ReI2!yz?pG04bj>{K3}N*{fk4
zp$OE#fkI|>Cv+&EU;<dc(^2k<osHJVV)27L=@k}}mV8rXVx@Voz{dLVX#nm%m?^9Z
z>tr`5cBh+XfWCAzh?uA8(aP_1`@V%xi+`Ui=KX5-^wjk3vF?c6k>bIpSIFpjJZ>f_
z8S&GR2HT6-jWRLphQH6))^5MJ-Us#`Age2_n)(WBt{^Gy+<}qFx_4LMo8{??%K{5P
zB=NWD8wQ7uxjqPTxA_@|Anf{8%XICTGj{VU8sS4SBtsKVlU(>UQgXi|E`{}0VN&RG
znu&|6-c-N?Kqvvl^Oh0dII%S_mWRjQyplWf7cgR<QFc%%r?41xY9*KPA@ngF7j4+R
z{S&F7((GeCK;ETElj~OyE&HRTPJ>F~DRGdmB@|WZZgf`9t(66bqi4&drG2yzy5c;{
zto(L5DvUkc4c7H(5h#tojW&3Y<4{Cf;ri7Z@8nykZ}D6HMlh|sxcm62Z)rt=>PjaC
z6LF!O;}`-w;)BECcF<G6F5+~sm82`e4y*o|Dc093^dv%rALsgslVR)(DdDz{aOf_c
zVX^`gGvpKXMf*vAR63=0CjEW3_-0{UhDozZ;=cIluMrIqBgPetEpH(rw}@ZuTe767
za)>AQpT;3Yr_yl=iU?kB66~&v@QpNCdx2VEr3+tqPiTiVgT?k<;qhBlptfv_oX-}!
z89aoF-;Dy8cial*zH)U%SkYWcOOMAq$`IoBZKBScDUkN+Kr^BEQjom)t;fpKw<~?)
z5)RX4jLncGSH(_kE2SM0Zd$U-P_z3~8RnI61EQ`Z;&0?ZQ-(~Ug7C%DSZZ~Nlt*2W
zvIR2XHN|a-fi9AU%S!8p7Y*{94C(C0L3&hoB&+e%6B@AXpjunhGr0e--&3K4)7cel
zo%pHQoj`7L0$HbMPN***Q);lJ0i!x+PNtr<DJ6Nz%#8JU0Ko%jD~r`kJvxYd)-*vF
zZ24+>0x4=R1_q0)gdtPHp#8=Oi+GCoO~v@7-XYHBqKk#CPs(2neswB^hkSM7pX9$m
zc|%V*n(f~OPL}HoVa97iYWUkaY*F%Z4@s>B`F!IgGW={?-Jm?_<5bg(<UMG~r(Aa4
z+i)+}=%4pDb%Si1)G>%@2sZ?(9aAYm!tI!hSmigQU?3f8rU3dNLF*EZ>!Q(7M8wTv
zzXjYMz57M=rLo$|7K?=EP}(w5eI?6Jl9qt{$*J;m8l7txf{OlxWdV7pslF%UWir_(
zzumVz(y%qKnYvb+go??{^ovkTtp=v;^WWn~oa@N}#?cHvE|$&9M?Oa;IkM)*nN7+n
zb!n-%?1riO^{sXLRX4^^t-@iqtm>|Bc;raGV-Kni*Hui44X`o=0iWc;ybc?i&zguL
z<BJCH%Psq-ba-lW$?y}KRW!f5E(N`Afu8tf+ZS^6&vjG~S@t`BSK#d?dZ9xOVgOxV
z&1^PL30v)J1>U<p>h+_aMo;$v?Ev>tb+hre$5(ZPF>jnYN*-Jlserx&FTP*v*x9w-
z{Hj+wGmT~z<fs#0P{*BYsD^4E+U;w-Bh=+uj^a*x7(Gu!{MZfa3PG|+=iII633V70
z7q9J&Pu+eruJ(A?>*$)D!S4r`_5xVHtn^tjSt(%Pa`zxTd)Q!EP29lL*d+sgD)Tuw
zR>a-G&|E&mXR3<Cud|8W;`6Vw6&+#YKWEl>&eqgJ_4~i4Zf*1Vsmk$>-<sm*8yEsP
znUW8;pVb;5!zhe}Tv}2%yIi<vRSajw16r?}C}M*idJ9<w4dfJg8(_Ei_vdw@xXO>^
zp4!+VzFX0nZnQ%U1-uoEWWsRQ82_c~_RrY%*^Rv91*QB)eluoCg3)xgu1g6^*Q1}U
zAIUA-b)+->qT*mpn!34gNpL1FadB`8;Rgpiik|5T<Qy|qKo|^b0w@)K_^POI_4lA8
zKvH>i>Mzm#c@<(?`odc^q7G>^&DC?uEX^E!Owr#0G41wP6koW*!E;Pjj+zwyBmD_A
z>}_Ed42o$ez<FK~X!+Y<k>MTn8)YuD{M_2_*kwhSm*SnRLxpw+1shr`4FXAYq?{D|
z2URXD7B=Li?WmWhECZvMJ`U1vD6+2=VIxUxK184*j2e2jVt5BZPg{GoVPFK#fH7?*
zC!+Q}!%BC~hp<tdn0i>Miww!pE&rFbkZHBWMO!g332U$(xE0KY(AQ<tGs^7+FE+9V
zWw$=JB#t5&?p<@t`G@lNA1A%(`UqFxH>yn~UfbU91SLPi{fyqKJyM%~BS|$gfmHCl
z-adDq2ypF@YyPG5{U)2|nV<JD|LgTiPq&%WR=BZXS;{Anf$I<bHWOt;;fiSvcr9-g
z+Q1j_e603Ss}NtlY`V0|ENXm9ZeH#;BfzK>&(H0opMX>p`$w*#@@bWfAxC;H?TCr(
zpO;BVlhcj@Qon6_cCmH%`jyMe2Rc74$-PkaQ`XA7k|enK!Ja9nQw4_};=aF$*qmhv
zGwCG?a3~rSd%0xwY4eZ!zU%#ID2iv)*0Ub=dn=~BW32P!3^p1zQQ#@?U>l|a`yhB9
zkMK+F2{D`esxDsKbu0CI3xT4G^|cM+^{5ai0CwsAezxZYEUnz)VE+Q@I+GPy0-z|*
zZv24)UaXq8$-y?Q&A_B_9F1D!$rB&hy1yIF&a|t0?&k%k$V(^H%zNrsofWjQW=UE0
zF%!tnOqRqMAQ7Y_#xR{s_txu6DLTy!Ki3G%t0a7J$lmBm?maFvX7@i;kxZLG7nT-n
z^dNhE0RR_>&s48GbQ^c?^mWuVRO&gC$^K6sDw9QO#LNE60c`Jsx9V9^25%KPx6mj&
z(s=W?PoBLPyO=B~Fo`jhy)=n>DpE?9`-+)1RVjk`E^W3);^MOZkaevUhsCBa!gTUG
z!w=O0h&T|}LdYyBy|GcQ^mi=RXNqp$ti`9kNXiD3$#|OikjPoK>gVH!GQzqg^$~)?
zZu;HF3o~f+voM1^>MUd!vJH=UQOkeDdG(P&s`d^#0ZBI~L}4-MiN)V=Cg_0~s~WQ4
z?BSL*{i>=6fxdv0SbAp&nch1XIsK4*zPv0OQSbO(P_<Ysp;^?xMT)w8pQ!L$|D1Ir
z{G=!;yqZ7zb$*QA6VV-yhU#3I=1zc?iLccrmv2|_jISD*cxsP49E!vEPBXOsKa9P1
zRFlouE*z?WfOG@|DWUg{H0ctWfCK~tkrHVEl@hv$NUx!WCS3@<MiQzNK>|oGA)ugi
z5)=Ue<vDqN?|Z)Uoj=~SPF9kYdva$obMKkVWM9|5HrQ$2G{}T7El%(8#tsI>DB%$p
z7AQ3FdNb}hOy;mdd0r^_jg{~;CPz}`u+zR(B6mfjc{K&p@CF6Z#knjy8e-gD9Fk-c
zR|pk;<JNDyOl$2cDV$R5J21*Hb7&og=epAj9*n7Kz%Q_Z%7v|<v(QSDf6?da`3KMk
z&{<u)2o7r1;xto8A>BzJd?H{1d4r5qa2>c{oD?3%>368IkVZJntuw4%X!8Sg2{F*3
zo@M0PL-zdUos=5KJ>bYg6@21zbG^*eIFec*M9#_8ch*OFTDUVd*s&04`}MV%RHb4-
zFpqg*FuK#XhSjN1ss%5Nv$L~@IR&%Z=NHs8R8Y#1kY0eIh_`!&D0>ODQcN`IkOUU9
z#vNd>0G}~nlMt1Nhe|&Q;U<-m-uv&{|A)c<ALyMN6zZ2OPuPk6uT$LrH>-di&`jP>
z4=5!iSCiR`1~8F0=~Mt~kb?;%Kv9u`bo{_L1edF_h9ZIA_osquKbETMZ~@p6ck=&J
zH}x)>r$f;`^)=~Q^N^r*njicC1+vaHl+?eJg?}p_ss(mXQG(6?4`QG02Z8XB7y$Q5
z0c0eEJmz0U1pvT9GC|xc!PQZECDx<=wC+Dd3@9oU{ck-Ye*=O^bPZDLEy+^5pq>BC
zHUN+l2*)y8{BK}gc`$!#Xy<=*kMyjvf)SWgi_c4a%}+)mTliAwlmh<iI?<7c7ylcG
z2k?>T1OMStkUsKXZ~x!S4-%6B@GpNvT4+)>cn1O7chAas%(Fl12u{KKf`Az+B#AM&
zu_v^137`T8F+}5_GswV_`q6}yf-wZsXHPf?0tb_Ns;uuq>M8V+B|DBJ(oW_={V(^4
z1wj5Ek_H*7Y0}Y!p&jmU$Ayd}?<2)ijSKFV`yZOjY3EI-2+++^>_XITx%rZ)W5Q^L
zb`>1y)qmf}Nbz?4Bx=aNhe+gq8{%Ip<MBoPJot1Y!p_nt0N~h_A7lOzEvXeF-nsUQ
zAHe?~&H*)v+tCbQF=fdn4TakP5^aO}m3ccHWCVFq@FDvDN2BnYKr!H^Nv5;lfp(Kx
z41qvgNp}4AORoc-LCLfevEwjkJ6n)N>jp)!({nYVDhyKzJ%c>^mkGOtbD_Xv2X&iy
zKz?{h5C*badL|&STZqm8+;A`L|F@O|S_Bl2$p7~x$w~-B9wN9if)geb`rZ;7nn#KS
zsY4~!*HRmJjsO5)Fa$#O)rdgV$9hPIueaO4Z?W1))Kw<quVYYZW|pU0{e~|Z!|Fdd
z{Oav+D_n{`;KI8^|EK2v@u@T_p6KuaZvkGIYMAb_viHP*Rz65DOc+TOg@RvfV3(uP
z?><Q2MpkYIh*y)}7bM^o#D3{&d#}sP;=Am_f(Nry+GN0rNvD2c*cqFRz()hYFRHTw
z*0kB|*{Qzswko_|t_sig`ADYI`TFypDnELgQ0T*f!i@4nWO0Y^QI)a*RI9XLSHrKn
zO!<M6JMH{1Cv#Ov-#rrsd~swuQ8_5^bH%&Kb!g|wYAk&u`%b08K466lue;EqGGO~!
zGs`EHGq9biE6W09XimuC$?5#{o4fbZt%=FN#T+oBLr|*pY}8@>4M~+VEkX}R<N4N4
zVGrNDHabdGJI6&t6guUY<z2e9-~LRo%`9{;imnSVEwk`lIx2*)cCe$Gt0dk?C@x;%
zi@Be&+Rs;Z{s;}-_y6?KD>4KqrIWgD{|Zf?4p3R_&3CTL&S@}RlxKkti@YTxURN)~
z;|r?h&FT>-%y@(*;3sY&bUP}j_`Hdd5yV8P&txFaY`{!!BGj{erzCV+b6?{S;N(D5
ze)?kD1Yg~Kty}Y0%&39iU(&lIqiL|;GQ#V7kh`eM(TN2o?0X(2{n;MR*RKUFKFItR
z)&LesL+~2GcL5-3@9t|=VMKfs&dkRLD8h~p<W+|E2RKFuzQaHB$k0?$zLiJ)_&N2f
zcvZfhL8TjRoahq*@4~5*)7sX~`V9crSv2MEkPw=mv+2U!vszy_{5qxp=TELR+ODCX
z%ny<e4>*Gq?x9_x7nYi6!21MV9F?RxUK5JsOeV|d^e%6m4^t3!WsR$lzvC&Y*LwQP
zV@6a&(=L?HUGaLPE^p7;8tV<_FH|Qr6uVQ^59Px0asnFZzV1#0W=&L}^clChng?P@
z{Ceh(A$-tVl^$Ipi1>(wt^goigH@zskBaYy?|n{r&J(nHb^+Ql5fBcZT3;I<WN7MR
z=*=LC(FS}v>ao%A9A+SmUBODJFpFD&?oQsanAAYFL@may@<zB?S*D#(qsF2_O!G`9
z{&TM>3pQLvp=J(`4;4G=R22wmB#0W$YuG3(po00e;8m`UmN8<0DfT<J!{@6^M@rCd
z{iHKq-|<(ZDjsdN^xKE2&{KI%<U~B$CF>K@Vi;r2b72U(LCYF99%bQpLin|Y-ff!S
zXKObI{0==)wa3gitEq+e&kN@6<Cl1yda5uFL<Y$C$~>M45Vop&&w85o8qN>!s<j53
z`zI=E`xfLbjD*}sVwef(r)hwX{MYv+`#Y1A@9?W?Z-|j+l~MJf)qWIVhqFc^R$t`i
zPMNMnKlLpYJHI0f9Jbl6egNh(8wO9UQS>vbKSX0z3#(+_y+*Nn_vFj$$vbs9Vz}^Y
zPeOvej0Vy*C?DdtgSDD5t|l*jrH4@1MZ6)*Z+*e8MUiA~m3|!Y0p@x34g*v(cHI&y
zr=C6z%#Qr3S~rJ5!@Pyo_|7r}c=5|wqH!5oyAaDBUq9c(@P1pK{xjL68{w$R7-r&Q
zr~+f?l;&~wF@IcKxp(!gUu!*>eTHzNMyH;Zha?hC0I~f1v03!iVzM!I7jPrw)_9l&
zp5R#!p{c2PiFvf@h}ky{j|;?~<&%`-VeT3>$e%N{GqwHGQ3;T>tiyDuigGPFX74rN
z$#V@m7jE(Sol1nli?1nCuvr(9s4guE?b{F;3E$dT8JCGH^JGa#k0gfgQiX81m?V%b
z<|j^Fw_bnLJ*wCiA&gY*8CXoj6R;yy=7o7nXKJ8WQ?o1!Q0NeVoIgb93mHc(*e0}%
zHtW4^psd_@<Jti{OuHe-4`&`~)*ZKXdbl4}+{wv}@?FcU=gQSA`FY^q@cDt@!E1qL
zs?|}&+v;!{v6BPr>qgX_;+wwcuJ`v1AP{@XhXLNiC8M6TF&fP}eGN>Pz%}|TKIZS(
zuTo>-D$fP|MQ16a5XCqF>iWuTlKYM+NGF7>9C*>R+SZ14wVy#*BV5m(NIj?(F-v-a
zvGdAQ(8A*rwG0WXF>(f(V^WFIqQYY|8Wl!q`zx*1m=g8Qx|=U9ek=r+p&ScQ^4II4
z@(O0X%YZFX_mZ28%viap>#eM7L2xU$Q_+NDXB*$)=+A-HNvAcJehpCu_I!GsB3KXH
zuT-vK5ra}{RVEOi1Dhr`S&9qFveKmvA5@hIE?DeGxPc<3WOO?yzEDq1m=i)=B}#H_
zND=(D_^OaW(mWCVE`H5EpB@@55T%FN(r%%1#azcb@)Jxx*0Dn*uxSDwsZ&q}1!!G8
zmO0f=%drdQvhW}@Ul793fq4y~kT;J+uF{|d3{k$${vH^|&Y#&I5k+ZrN(VdH5<9BJ
z_;+%)J22#=e*@o0&!nF^v6pd=t+YBnI*~qq1_bB#p&+*^r8g@VOfmzS=x!|VLY#b%
z*8~){>;VCME2j+;6Qd%2PPZZq*iMT*@ZZ@h6bF0{_nJG19nf1H8P;90nT|07D36a4
zLD2QU3VgPbs-mFNlOjd=6_N9&-nW+5G${7;6M=K(sQBQgx%mA#3-_C|n!wcz)*+91
z7PEa&uOke8c3Wx$jPlHG|DJ3_tkZaNBsm@zxNRe&0&()VUS*lDVdUM2b_zUP;IATN
z7c9{qYV_F1FjoZsEZ#~Uh0OA_KTSByK9|Og`s8=}RjCJVZTYjOoJI%qH&S^N5FmrH
zO}Y)MNcN{_@QLY|nwOkkRryxhaDj^THQB{^tVVk$B=8$4Wu{L;;JVv5rsbiO`{`yi
zQPg8Y2skP2g0}G_xaNKF9_whwV>i2p<reypzwE%YS<gOh@E@O|SsUqp9Vnf|oj`OC
zpwkm0KEZ23vms-%3eXe$c4MrxMwipWE+-*&qAA{y<m6W4c7EZqjfN$ju)m%)v=RUf
z>+3Iku|u48v#F!L9|{(q=f6{xIT;cg;rP_xSRvzeP|w{GLi3yWnEF<y`n+q57h2v7
zk8MG92RAlKyUf+!Vf2tgLl1xP%Fw=BqZl)<n-M;Gwr$=~?p4>oe4yE|IdJb|YFW0V
z`@Pn0v4!{nnHJoEruA9-cbU#{RVPv?@n>r^u4W-<{3~PG>Qppo_3_ijo?f=dq#WVM
zYo$f9*t4BXCl+5DmL*-(skaZjXYitdj2ZnpOmdYmvY}?2=%GU`=2i6YOfNK+u<U$K
zL<xLt;9cADuigw{>wZEf*88o+K?S_65$A;l2$j!6e<ZzMq4rw3GkWKny7?EWxvtQd
zdBe!W!<A)`gcD)9Dha?Fj{MrZbWu}>)Oq4Pvyrs}U6NAmk3&X&fgUaH+2=lVB#aP`
ze<0&Q<oHc1vui&XOP2cKKqz=YK)Ra;o&>Y~L&-J&g@!Om=t9pg6kW4@u4}c*X`OS&
z)qPtA)|S$M(`-aaz~|>RY?~{>8y`P5G&(Ti;BBsh#k;LPwsW@Y+4H7kKb<@zI8(N!
zXK0IiE?3dH>O~KfCTzVYG}^H;qjkE1-$w_@PktL$IG8N!a*fl<;0oLNV3hNP7sPkw
zPldV@f4%6%WVUR{hBcvafmX(G!te2mqDI><`s2@Mkvwtpn}taC#b*1ZuPM_ku;8Vc
z2wu;|FL|np;pPN!yEov+6>X7&nJsw<v{c^^PeuLCyuZ&l`<YBGFR)~PMwAh-VYpq8
z!*y51>(pgoM%%Lxy}n$ZnpG9UurXfVli>F|pGx5e1CiLd-Bw6&iGfq0@obY5VLn{b
z(+u*&2ivh#o;$UG)%iLqw00VVvcf-%w`S6|{92_N@P3aYF1`c2snqeLh2^mRRP(v%
ziyt+wzrn*+)^twezHcN2vUxf?J1zX$9XIX^Uybvz`($5fWQr{dBGa7f>invuBZ^V%
z<UP8UutIcP)#8=NE`@!u<5PDw8ykTOn2h^0#~UTKZ(pAt*Hx5MRJaH(dOpPP71po7
zNh3>T(G@rGx!B2mO3tANwu~v|-Y0zcvVGsH%xYS#=^8g4v$m6Gn$Q4?zka_HU(~Tu
zEz{LQB`Wql9C^YXllb{`cigGFcu0^_wq}k{OwKFYu@mbO^aScnHoMby{i)l;`>pO8
z4N)i)U_$Frc$0ubpg9MR-TlsLijUQQ74lU&MzU;wW)P64A}^G1K2h(!w>m#^*Klm{
zbG8_Zdt&COJ`>eo;YAXtRZ|l7E=Nw{*S2-tRy!-kYwg=fd4UM)?&DmcOM4~jE(Zb8
zg|}mrOjQOF#MF|hf}Z9Hsvkp$zHL5h#o@vG;Mqn%&*8{2KSRxB^~Ah-=h_YE9X-an
zH3Mn%r@(^+Cd_;D!VUoWw+7B$!Q^*x^~`a2k1@0?6uMuju&^<)N98@aH-OS}*m)D4
zN^-6pxvimBzgYCdeI7>`^jH#x^}7fbA`TUPkHwj4^p(42JRWNt_Dqh^3d0#thYc8~
zkAf9zy#pPw9W~lPdU!L!j}r1Gk%g3s0rk_hb$+xETI$q!ot7xPVkeNS8bm0cN%o<7
zlO4m03ce0b_W?E58%lGw%Q_{0;0rP30d)v$e}AJkaES|7m*{qQ=3j|_&(yD!;#B1I
zV!AOYGTEZYngncFEYfS)(iP(K#qFfD{1k6H$@IS}rk>LZ9_bD*l$1ct>-&e*T}%G%
z5Wu6Z0!}`Ae`^PiAII{3lBX=at?o2NbU0#92PE?no~WNMDtDu-M}AgKgZucd&ffB^
zH&E7HkOEiVP}a4xG_46%-OZt_%Vuf%IC*)c{f|si|FvIsS1&V23r&Vy9>Q01awPDH
z^U+yPCX*>a?BzPVk#@*g#MUKOq~cku6zdnYpL^sgL=EAm9uU7sQCu5hvoe}`e-;6r
zIkU@t`qX=&3b8Az@uCcSazFF>p{2)-G%pHiAz}M^%qQ?mb;cVBWj!y|Shnnn^!Jf%
z%X!Da^K+h=-yjrs96RD77wq-hZ6a-M5$n4v$15IC7r}WLed*CnoM22R60ozDMi@d$
zX!RMywS^LS98X)8z30<!)V{ymwa1}pE@;}+iI26=$Ew7V<tp{~8b;l*F>}2wnj0+4
z?qow@PNUX$Rz)MH&mv9Uu17@uUd0e5cQ@A}wUk%G6$+n(XEf||sQhX?-22o>40Jp=
zIK9`sWKu-d{q<BAfg9LgFZTcD9xAleGr{ktxIMvr-GCWZs9E6SS)0yxg4%AVgqua+
z9_7HYr+U`NzP*_LwqL*Js+><Hi+H7LC>KH7R11FVR9Ab$>5ue5&(hvj&>^g;!rne7
z>Q|&y!H-e`MJM4B6F)-%4F$&iitWL?dk%oXUeJ=e+*Y7gId+46cyw{*s&MeBVSjZu
zH`$k$Z{NNU)3ZuC1EQlgFmYMa^0Oy%08+g2RR#g=-E@0{%7Yn#{p@h_MP0{H5!V!W
zpuPU_l+n+(be^t9ZfHN>P4D@2n;!j`JAD^uHT&%sVd{N2`nvm2om$ZRcQ51}yFP~l
zB}(l#%=gyfueAV-Pa#41C*q&+09QDO9Q!Vc+NY5;M}l+sQ@?ShQR(k?rCP1mwT+U5
zm|Yr;P(6t3V;?>I?EB!NjBm05H7y;czESvhw7z~-x$|NI4KkK^o2=cjd5ANXn>$NZ
z|3GiF6a76Idr&EVKjb0cEiCtS=SaZ>zMrVTKuy_!PFD-&b=j8oVOBB?&oZZ9LuGlY
zwdGY^=Cka|!|N+n{f;&zcC0u2Q!^YkH2PC8O^}&fcoCKenrMVYL^t0cL5fTf_Y%j<
zPxWda)!NmncQHeonT{0M4DfFy9X@*=r4qpfN`ALeojUVMFz;Z_ad1lWu-q-DC1{?_
z(9(91-*cxla=C{o0-4gD*yVPXd5%s<$1BK-wnr&Qc^eBBuEu0J-V9N&zee$@n)f~~
z&6(jtkD;U$`Mhj=9BlIKqbPsne_rBGs@Sz>Sy=A(fK2Her8-9!2h*J1V8F#K8meIo
zix!iG6C%YjhbYfOyi>YEFtP#J1VGMqNnON|rj4Yfkc8d54Y7TyFiI<=lQ3vBM%LL4
z*Pnuf9rmgNz9@G=vCqyk<WYq@y)4_Iw<Kco7#~0W&nSZEu%85k9EoxjI!zaK!F*!T
z9-R|ks&QZYw8_*!z_@_{{#&6LJiHhTeh^B_8H|#dCpg_Vd;qg*f^YX<U$F@jl}En6
zoRnk~_FAe43VQVF$eB{mY|u_$a(hbecN_7(#`tC;ON6*;g{+($O&Fy~#7XhiJ*5o`
zR{p2mW8xnNmpoXGcg5AKs|mXP9N?lbPls*W=?3~4u>c&0Ho{^Cn~fZ%A9QKexAEfX
zFBUA$PO46(`&9n3gwCS1jbWZ*IncwbZWsm&HFrV9G`w-9dEn0-@$<g)iovX?jjdxh
zr)Pw;wcRxKlip8FOiHDNLFT4zZ+e`+%`x)Te#Gj8Cf>g!U^D!aJ}($atF(i&SyDC{
zc1Op#K<kx+7rg;V|HJ^2{u~ozhc1`6Eay~2xWp8^_+t#pC@%q1lLEJyRXsGPun*g0
z8_Rc2(&@DgD#`d!!yP&2eG<QMA%_QlUvFy{IDJjx{W}=n^yd|D&T^;)_!?y5nI-NZ
zUM-ODr22_?{K)ym<)2=|H}s{}OtI;NwU?3Wx8JU7M_xs!l&)TFeY9IUIT_vlZmIoe
zlrcTL9}xIER)OZEb8+e{)Q5lxQWUQAt#K1lx*xG=6<6LmR&R<m*(%pK{VssFZ*UC1
zs!1?5=&w#Ol4qGSNoKQlEq8Fc2~;wAz1Pt3<1votJPnk}fa}CwYe1bX64wb0%5`VT
zk#~D1ZfX4n96tNom*01n?_BHR>gf1Dp>^2SEWdeN#9Z>G9JY1vrdMvwxNvq(JA9?5
zRRF*_SqAd8@_jg6>YB<1GJ4=LC}xYhG)e8azG(2MT~U~V%ldwlV{P4Vq~zvHb6SHD
zrNq)DD?JfK5z}+q&Wp>Qe<ZiDUpy)Z=Tif}zs-T=hMB=uU_&tTz4Dtuljy<U6PJCe
zC+qhrDu{0*F3+ZV??#<Z)rj$h4YS)ATG<2({v%Klp;RP%{p;($cwuHkn=zITvrH*5
zrZ<N(3m#82G_5xfw=cS5nBng3`Lw#xEKJc-;R|m#`tIKC?eBwmEu|clslBA~+1HEg
zW%oJ%mC2HzOaI}_(f{B)>g~{_tjF@uM^HWM5P(VZ%6iUQa8}-pN2GsFnJu`psi`kK
zBHCJnMNhE2Tw*Ey^eS?nNC-d9okYEi{4qaCipTkRc0+x+_vGsext8d2D=T&z&S!n>
zyYG6h#n;n0$8YjDj8t}33R+oP+tTHjaML=J$$|I#)*^-O`p+N}6Cf;>dMvk9nvySx
z>u>vT=a(CQf-I^{3h+l~TYqOIdZ*V5H~8=&cS%&fTi>Qh)hkwVo?pm`jQz#3{`|dn
z_SeK@2mvygsp|Bcv62us&dwGaa}|kAiWaLbKeD>f7x6d#t<xudR(cm2J^eM*fe=UA
z(c`(=IlkuGT7q>oq5nMXhy$G?4?DciyJ(DE?mHm=;&3k&epmTj5+#Wp5m&^oRJ3{-
zX7-iFxzd%>$eX3Ix(`~yzgW?-%+0k3vx_U=qyv7Ab#{F0-1qYCOU&ipu8UjV5t>qV
z8jZx-C})4v(~uh>Iy6U}Ij96Oa$}R<W8ha*xBFdav8&>1u^-=#f$5o)rah5@qp2V%
z`pRl^<FRO3vt)Pj0y=U*p$@>|@#WonQ;43I&z3y%qv33^0{p#D)OL?P=PB&C@osR?
z+EvotpX0ADi-!IjlDL)tK{gvJW-Imqo#XTSZa;V<hqNR5|DtZg`$q42=7<=*s>v1M
zM*usx;qvv4A_!|PI?udAALv={SyysEU*S)`UAMl%!uG?=rDym2@OKu`m@sG2z@6BG
zo>YGe4c;Ds2j;Dx(}Rzf9txRrhAgTw-1&&{Wpbp#uIzSinXmQGB3@PQ;70n_LMK*|
zxn}RBshe*d54nz+EyJAf<^dM2%&4$c<?P~WrV88OQ&3kIB1;HQcOuYU{o}I@<JT+?
z=VWWedf$x?)i-ZZ76fOcGxt34!iib9IfYHC2a7OGZ{DKud{tUL-&!vt@WxjdKjSM|
zHAfLl=pS$l<$BK=C`0%(rr|_G{fZx7s5I{yJYET;RT+m+TT?#Ccq8jJKMAC5Xf-CI
zAa`VGyH^rMbPmH6a!4usm{BjFYn<g8OiNpB=drVRWJGR`AJB2iDsIF-DthG82y?Rb
zDZ<a~+F3Xxpd_qR^s<VV-fu`^VuW3eDAvy6d;Y$iS)ePstCw4mGN=3aCw9Il)FtUC
z@hvGQMEd(K#MgW-ex~1+Q%+&~Ye#3TM(nqrGUz9_%5p3G1hF6NYk{4j+p(zRz!w{X
z#ggLq<6Zm(1NZCc(}sv&f9)2o96p&!H0TOWmDPO|eQ=oEg?MI>@(7K{3TV+Y^wR!v
z^*-ENe&34c(En}Di1d<ENgeF7=VWaiVTZ8s%2M&O@|}gjYh4J$yEMicG=Z@HO*OT1
z{hCwvq0-NF7WOW)lqB!AC(rOLu$Pg*EcL+7)4AU2_KK4@ZMEU|xB3;eNa&0L03-{{
zc-p3Q?;2b`Vm9vU(Qi%pV}~-?fG^!xthxsNBMe3#E#eNqV<*?np21)@R#rRL0s?Wq
zk=LT{^a*2D^R#1hG-lU*)&mNU>-P(%l%K}4?VfW8a=}yi*#JjmLK`|~dC|O>7t7~b
zz-QT~E#D8F5gl3g6uIJ7Kn%kllJFn>3%61B;Hr=Lp%2RJ^=p$?#_aFkU<llRS+~qt
z5}lpVe(}ofQd~6I$NIH5J3ObmIxL;9m5_%p*7{K>aX*sU0W#4NL&$^T<#w`esh3-|
z$SV9@T&aS*2tw2)s2%zhVO>?V3S^Z`GW~<(pIbf(XxHB*pEH+C5ZAFE?5}83Ox<lu
z_32(B-g64*Qzv!{t@ZS<P$@9CP&Sj(4OkYrKDPo6dl`C*?#PWPhyiHGk<rlrWa$l=
zp{k(o4wz_?<Mx>Z5*ZC3v*#aIfIzIkBvfi}kFbw1uUiQEb3c7MbYrO>js#91M2$aD
zNAJ~;141-!sW!<4y(W32ogEBkyv?v;nRrl}r+Idc2}w&jL<KLt>8keG2gdk5MESLI
zh}S#rZl3s}4}1Dx@w7q-fgs!BpnB}1T63yZADLRS%|`kCNy2_8^g*2Q5dAY9WTP2*
zp9Zw^C-Of48AVMy8CZwih7{qA!Ju3KBpM#692~%ICzR*l1_fqP=wJ`vI-Df!H30XK
z|22x6Ok+$;3en)l-_OIBKaOck<*h9qa00vGruqNRL#BACrl|W3*T^{0VHPoXijqbZ
z;Z<<Ab-ytBkNKSmPnBjcYBG}%uvh}&Aw(6CWV=PY2c6$WW2CT?j1*CLe9DqSu!OSs
zn;=P2gn+4}D{dtZwoP-54M{`Z;lgyHZ<mWKWr`^UTxYe{(sJ&#`P6Brsq8&})LnB{
zV$<AT%^%i9sAXjg@Ep3KjMtx4q6JlldC19~Wa%#|Wsh&NSSeMOTzYNxhX5--D@~At
zf|n~n(E%U1LyBy@@hcb`i3Y23FVwcWs%nta8u|55?~Klcr;fg-=VSb5v3O>je}lb6
z_VR8I23P&;=kMQ^=#XC<-8XX2d1cyr#kYL)CpJ=+mT?*#osKfYj?Id&+iAs%e6hnK
ztnc)8^-`L15*n7rY2_($V2GG42vaI@oS|MGqa)dtV{64Xj;x1;V5`61+?)7T@9S9K
zJ#Il~$WQRI914_XlgKJ>lB^GJjdJ<G^lX?N%+IWAN0yKX>`vg*K4Kr-c28a3p8w4e
zON=^;Va(rN?^9HC>bVTsDR>CEFiGO<D{aPp!eS*A#uep0wkTLuT4Y6c+e(7YBAgy{
zL_C+d_QyF$)OCLyiD4{~Oo~ved$ry&gJJ9mlZk(+9C-p&adVh%FdKI_NwLpOhy^a0
z3dbbDm)dhgMrQ1FEU9QLF;o<@>u=lrJt9*^2BMSM*-6_Y8+KA!QTv$NTjP^yFW-Lu
z`!uoVpQ0X31&!?~O3PPbLxa?;(u(#K+_@ZZ_$T*qQ(@sug+#e5MOuNZyZzeP|9(2<
z)s_=?s-bhxii@9}QXH_wERi<zrl8?mU2bRn+VxJasK^VMZx4*o8+meXUOiG{d|1<3
z`|PrhPk2+JD#<P@sY^lpiRAYIHTP8ZHSw`TFTTHiWy^36-qRqNW-s-gf0TTstJ<;9
z2VVJ|*$<Z`xl@yB>Ok$#nw9JpYhUQiHu1RfF*ny42XT3$EbkL&o9MySAH;<@v!yF@
zB7cmIVL}?6;B|JFdLtQrawM{bJRv2aj?9LB44Ach_44inN%l_lf^)O+WgkVl)>PD=
zDc)msi_<b7v()&*`GYjBaZY(3@#+UwX4R6ebMErWiIqbm70S5}Y#(?i)mOJB!e>BU
z(7NrrgT<t%qi4V*BoZkY)1qeq|CS-*PS>PRR|smHn5bM`c@JghNCsx4K1>+ZQ*o4T
zvnA~(O1PL`MVdTIPIw=IuIpsAJPeEMHvQE7NI&1f_JO2uibMlb$o}F`w}Mo~R2y-l
ziWDlM<h-_iZ#ma{*&Ydrb6-{z=7!HWn5b0PIEp7JgDOX=A)Yg4?Rv~ogNB-96vXwH
z*njlTgzD?%IB4jGZz4-|NH)`Dri6pS*SC9!WNvI%|A4yR<o%|=E!@6*{U=X0RPh@k
zV+?L=mZd0qO6m<w3W0z@dHwL|#2Hd6`Er!bOT{R8P`eIu2v7*xz+2AGFCD`>BJtqh
z+5OpC^=ebr*+jK5dk%1l!+oFWxyCK<AOW5CWXYwG+_i6oeU^#3>ni;N1mZbrWwSKe
zYO4Ytt1!b>aF~=!BT_4@+KoDdv#j0AlMQP`g542Pf3)u(xL3{%Jv6Y<wH&qrTL~uA
zxc!O$arMv3zQ^mtlEpz{<dr9^DPmzNbn8+ctj&~^Ny{|M;y!k_c>rvXBv`6;nI#N2
ztIP^`*qQ2CIX|I+G7S(Egxj#?inXv=@{@7Nv0pm$_&8m$hx&v*C@TG$WNiO;^wTF}
z=g<=2?{B!B*+S=K5H{749VX9;;!6T~TVn^l)8ddpIp8%BU!3cTO0AD_>!3&j4yo3f
zo7Dna{19q!ah2t%B3(UP-<jg(2C4=tx(+9$vQ-&onN<kKJ<I|Dy;w!EtbGeX4Ou=n
z$FD2Mip6geFJw_~d7f<r1f-6V#G=?-V~r&wkfkxh!h&|&J$u;4lOHb@FG@83ASF33
zJ}-70Tw4LcN8MwwV_BO2++qjoQYFz{yQZz0D>lcGTGPN|<7@aZS%UgHH`5rKJCl_Z
zRr3IlhwE*Srrp*pQHng~7kPXonh(Z82VM*$4iCI&(z>W<b#IYVHmkEbZ-VduJrr8K
zRZPX}J?jgmTWZ=rja4ZXm`h=6Gh1rKO-w*0Bg%;SD)!W*f;a^u@nl1p9LnR_Kf3x~
zThHX0M-)C`DfQ%SnXuGSWJZEgj}j7S_-iDP8KmK7Lk4Ea)cZ*M{m-|m@{hy|(Yqlx
zrspiuf8Bd>>%$HAdo+5SyJCGC7wkEiq%?+zTQ-JNItJ`ufM$NQJKYQ8HWT;Cp*K7t
z(uR>|WlU=Pd@j`hy*3KLpc9=xe8OK}Rl$<f%u*U}^O|-^0{4>|!B3Q*m{a7X)vjpY
zw#1qja^+XfN_kcoP1okSe^LZiyP4H{ry#g06d;bah*Tb^BV+W*??1=83irE)X;?_v
zuh?|KPdE&9N%O|$@fJvt(ASLmGbK88-1O^rMDdSxhe6ku_PZrl%9D+uYXCK1zhy~|
zu(5)*dCXW1kXFtcP$eyLUARgCpvUxfqeh}8iLM^Rn3>Try0s%P^PLSuHTo64XUh3}
zEE!Xp@Xhae$7Fy{VgB|fXN9sv?IP36fY<=Bl=6VtDY~EOoK!>Z?b?4Vzs3norDe4N
zz26m?W*jHJ7~lpion3KUDT-&N<XG!M6zEcntP6o-Zfs^r9z4LR#C)?jP&U$A<V(%v
z_TXQu-$mWta!G@V3fB|FV(OTUfc&L3N#)sa%F5;&H^N@t?YMsej1r&yN7l4=llU+y
zi137{23zcG{lUbT_=NSm{3l6;ogJJchAh2?9bx*wN&|4Qv}RN4_+`1G1DAb&Jw@EM
zRKY&O!^~FxCf_p)sodAc`{+F1njy@Pnn&Vk_m0LrDjBvdDup*+hu*uxNA2Ds2n*%0
zToNh<6~F?|T+mGqgv!{%OgbSm>x5(>rIaBAFq2l{kWB0NQt|Q+Aj;dV=0oc<mkLT<
zuz?;O9kPzhb})%Q>>u<LQMvE<ZP(W};$>jOPF~wKB=yf%9z{j%%2<RP+*kDXurAoO
zo(kJ4^eR#8vr={xlgbCZxBJ77>XH+0T`%IKn1<B`JvyAjxPft>e;=jOZc`0C5B(hE
z%3<i*uCe~E%~z3JT9|vJQo>EFl7v??#F|ayGOLa>Jl-ZwpB>Kn-5)p2H|?}ggte=*
zxw+>)XnY_na*}R7$<Ka>qqsxsfvt*7<m|*hdqo!eih<fgIM#j<xbjW(&agtTmJHkn
zr_%ULU+h6)_5|H?sR@=RwL-TlCmNqTDu$f*7@Ie^)hMU63wJy6aAsL-Ew{A;H_U-6
z&khKmto4DwgH7Ko5WGfbl!@2ArJ%))+^sbgUay2B6;8}c6`02%;Og@;JF{lV%rs*(
zr8hrN`Yd=olUERaD)Z{SDaS|tQc4k~q7B=TT!p7E3cIrBx)t3)D{}U^+wAB^^O<Yi
zW*g511}0_<R2%o1)hAY$jWzV<h4)<`bx3P^Iz<Z&6=q&;xBAL{_y{wnsgn<Vdt)1$
zaR>jL4}1SB`stL#!YPdgW-BW@A=hp@lP)`X(2EN1A1%(BzK$6UT?&X7886(DZ)Q_w
z$5zpO5bj5q*}5Bi5{FhLWM4NmgyRfT@(q#`GvMQZx`$%`G=SAf`tL%v-WAcP<L}G2
zjA%+;?#I!V&=zFRepgAA-*x)ufE(ch5)BG|py+VXH<)M0zUxB~TEeW%JdzSQ&ifP7
zK)C)&v}0kxy}EhlhSM;4PmeVfY^uy!=L0ZPBTeL!`z`Zz3ry;p$h%<c-YE0qi^c*6
ze^&J>buHNY20ECru%Yj;_hFxCXDCJ9p#|;>7c>0l!k3?^_W|tOyTh~wM&+=g5iFLN
z?d1IZGuSuRKez68%jA=TH8<{_vhg|d-^2Di`zL<kVGL$_1-*o{ZD~|3vXSf>B=~8a
z?YzALW=ydBT|J>BvG>q?)(iUjAo%G_aPKc8qMzaF-CNQ<B}9u0kz=vqE|>#D#v3WN
zvlj#+0f%15M{f;tLGf>Vtwr{8Fmn=$PMy;ICty&Ik}8X18>eIAi5!LEG9nrfLQ8US
zG`uz)Gw_*$xIO6)5o9EMIbx83p7%Y+Pl>3AHkMZn`rk1Ke+wX;ivWac{+)KYvG@+{
z)VU6WVbG9pOu;WGNpfliT^9iDm^lA^+rOy^11G}n-G@b1z&2Ok8+$sG***NeE)UM}
z<H3SWYVGqB>9+Hne(v`?qCC6jFsNwVO%<kh`>6ycEmp`2YP<67fo2BZ(GTsjylX}*
zjZd6>`5rKuZJ=yE)mU%B7+ATe>wY>WJhlyMGtKB3buK;Ml#MVM2RTXiC?KmE`-?2h
zFn6+{3v%}08GE_iw4<FTtRJZ47m`Jgf*&@M?F#@aWy=qnN_6-5&o9@GL<jpxdeOk}
zHDRk(Jq=4E!sYuOXR8@|SOKpl0kNu&yU)1NQkYOuz41<e4pzK%WP9Xf_z`$GQ79Sx
zl*&#R=Aj}JR&1x^Jt$k!ma8LnR!*V9s9i=Bq~)0ARvFH{UZk>NJIz(wLB9#_s`C&j
z5WUrw6Vuwx<icCb?c5k(+fh&2WEH&W5w0eysbK3D61i!5(-^}0RBcuG&g5}GImfB*
zdx_M&W&o!`GxNP-pYnxH{%eowsnq%Dnbl)iwzvvZCsD)*?Dn0{ubr<fFllv8gKL~w
z%jgxH-)4ODPb}sW2M)7E&&SdN6aYrk3nPP|Z1xUIb5^?us4W(eJMTNL8kEa{^MN88
zC%iQ%Xz8WMS5%V3$^i?fhxnU;uW5AQ5T6KA8Uk8XIdU#UmT1ZK=^c6fd)*6!w1In`
zYjAUKu|poC=}r{Nk7$9nt2XA!z#<}R+MKZ2Z=l{<l2)z8auATDRjia;Gy8&%)aO_A
zi^>pWW<P(v&N9lXO%a$=Q=UqCBq5hcO(L~u4DJYSCEY=Ao*dY`uljx?W)0PIbggg=
z;%Q^2(5#bFvy2c%)%szvmJs&|JPx`nveE!29CjXziMU%r%n)*8;v)2TQcVu2d46q)
zD8Ejocth$San9ju?xbP_a2(~it{_k>cLr|LOgrCt9r&a?-3$TTDo>K>T!;pP_X7)X
z7?KcUtU?ZlBzv-ZbM8DC9OmAMoJ6%t<Gkx_WliS71%Lu3OGY1PD%d#dtK=(abV%%J
z0uITt<^GBiz=*)%7olqiPx(Y@<BcahxOxl*$qwFy+NEG)=|vuEF2i6Qo2Z~!t2ktH
zd}hb5stP(}dGdB4rgJYgS1(k8>9x8Fl-emv5m>Y&nCw2fq}axHC%~S@n#oi^HEf}y
zUdgfcYdnKm@mzbh90fzl&ND?|{wEy-mthK5%67=MT4Nhm5~`O#jeVj3ahFo?FIjSg
z&Dmu>&7#5Q$Y8O<<m}WV_bkmB(wv48rlgypp=?$<yTFq5h>j+XbA4E_Uo>CFLni)a
zOTdgod?qw^#=K;N6}Xtwl0Em#Z87yVbQ;*42~6WwH_K9T9C`6Ex-Z;VkadP$7w~*=
zXHPzM)^EZ9kFhf5gv8<W4s+6!77APNCL=V0uaTt%@2;dQmM)^#YJK+e3?u0bpRn3R
ze%J13t1mySI>aw5U5n1eMTIRR4n~t#Pa$LzeX7iO{J<CPN4VptO-z%}0e0|XGyrf!
z%0RtMz1tJIdO52?5>X@&5G90z5xmN}>h_n&-rin<X%C)P3qQ4WL9sXui=0xF&4q+3
z#{Q){Ym)>CPd$DC;5Lm2iK;o#`XPUCsLAJ4y_Q7uo5))@{}NIb+!-oKS68L1$ZVgb
z;6oZVlTnqe5Ld_#Fds)plGw@mop!)v^Me{j|2Xt|_kM4Neh&mf4)INOls9~Y)nCCx
z;xL6@_HtIB!X~L~;3Q<(7b>u=s@pq1JWuFKo9#l*<D8$x_>VU-brFc;3H*cg;Jse$
z;CW~d9Evf8qEN8NW0b|Ys+ecGqc6M>#A98jDBt-l^Ds!cb4<a=L!xt~CfU@_6iS*g
zzMab=pyQE<v-QYb1-zG)6NI0u!Asw9?X>Zj4c0*POKNWmCVb0M03)(QR916wy}_YR
z^ZIE&WFVDVOd0Vcc@kUP3Fh-(duanNtt?<J;Sw4EEo~~mgO9wcznUO1a8%bU6jk5|
zg^fa$**QNjRMJr4@#Lwe>j6`m;i%Si>6XlA1Wh#H1hsx!E%!9KsXp?2QHSbrBuwW>
z2L{<CP4#pu-_fR4qGnKy!+kn*D2VN$sXQwCPlij1F-aJW*DP(;3)2(;H(R76EKTOB
zhQ_()yDKud>hmpm6QG@7_}1aEQ~|ve1DgJK_}ptuFfq-_{-E;69)ZY=UQ_nKd$4YQ
z9GvaxMStC|+9e@t*ZIzhL%B=s%b#yO^i*$6vn6xM3;BSNT&Rs(20<QpqB#cp0Y0jd
zR+c*femJ9y@{`ZaR@4P$LC=@#k$T0R9kIrR-j<Mt`P*dPGoQ>eawLZg@`CeXtXYXh
zgc`82+;8UPtINT)vppq{_LFh+E<T`Taz8IH4Jg=b(4R!wnliZ}jl|#vl}4|KVNX!B
zm&7`<)%nBeY`{NS>+dy=)qEOEY8Z!@t~@G8ov`(ILh>Or8w$Q}*-dlLP;jTsC|DSW
z%(rTrbeElIDV85TE)O0m-E%@PXBY85=zW*e9Un=kIdEze9)iVu(<B<MX!8BFB-ny>
zMBhR*8+xElR~iR!MMdSCqm|r1FcfI{fyMokxs?)oGZiUU^%XnkwxIOZ6AqSP!-qAm
zm`VT7z_wB^1^E|c-(5D{-MqTHu^%b0a_z_VjbPaJy`Ceg+m$goIs){9^-2G9Y>`3~
zp27l(@ry5Z*Y*w#+(~M$l$DfV$_JaL4PgtBYVU;Mp1prKDTw`B=CW!sLTSK_M`w7+
zIvRHiwLG@XrM<?A7DA*)YWvbsCWDaJP-1j`X0;nMfA&-I^x4^kp+&cJh8cOJD=jsX
zAx#Z3kv~(Av|J*QrS*3M6x^{p=Es+pf8);)N!M@pDiTk*hyYDRx!}=ey9l+A5C8>m
z>~HKJn*<3YvRoo2GYgAn%Xg7-Gj#o2Xt&2_b8)h({y2^OQ}_EkuAHgIACvfOLc;N)
zrl{(`;&?R+tFi%onpfH`akPCeXGn$=2PI17!$ES?T*^=bzTU8?e{9&cxi7Qrt+-;1
zXkzH-m@L^ze-a;7hWxpjxf1>R`=7qG-;nf0Ld6Y+3;$K=rOUtKr1V`9NRm!gbPqxp
zh<Mv-whX-5x*wK?ZGmmqs^|Hu*EJKVMsCW>2P|%X(Bz!>@LXPjF`Om9Rl{!m6e(D4
zl7tix7nedPbDMY>iYH143eqI&NnVA|Um^L$w*nL%K{DFZ_S?_|^Z}Z13q)m0O2x>}
ze6x`bncz~Ba5K7+-SVF3ud9Fjr+yO8w$COar<V5HH2zKjUJmZG8Ccop$|G_OvyG88
zQea&jcNxedT7i5n5pB!hdui8LaWUVWo~4P8C*6_HzErc2l=yTU`^7ayG7aFO33#S^
z#29|0y6e2j@0wpjy5N9;f5(!wapL9W`a5(E+u_yK-8lL$O+U2mhVc@3X2LJak;r;5
z*wSSZ0esu0aOZ}0<R8&jKO??RtB)C$HaTB}+~=y@AL@DyIvMJEIRCt&zEyn?G`|)<
zaIHn>{OqjH?(A_gDT%XKJvF_Rr3)oB$yowtF({`A`8d^;GI@0oBhnO>PNj2snZLWe
z{_z_rci3H9Lz1856+0!l7SY+Ed}P|ks)gAhS<H}GDnG+01&}{t&cbFz?v=>|zS;ND
zB+gx)LpL=pmAY#Y6ZSo7#>MK3(4X?&tE*pE84TW?x0<HmVob@Dq;3LSkw`iu2zYNh
zhKnZs?DBW;TGz>ylf&=GpnKQ82n{Jf?r(oVBI!xp1xFwxT<na+GOf6kgj+f>{uuM!
z`@3bGrPS0+r&GpFo-r?@&WTfU__;Sc;}k+dqT;Oz^_dBbl5%A1VEaU%;20T@%+e;4
z%@8aH)-wd#n*B1n9R*Z=sn*w+mfq30=NQkJug$u4MDzNtK_WZ5rOnMcb{io0u}i@M
z-QDK<2g4V))jxBc505cUv!8+MF3%dUpJWj-<6WeXGyGhBOex7vQ=f2u`}q9EdS6(<
zpPwU<uqnQXzn$lr#jx4lZ$F=YJ*|<TV+LafxfKRo+Lc~y$(|9s_D$0ZCn(GMOILk#
z<GtS{mF;eyK5c|}<bA*;lKZcWEcr-Ree^rXfKC7_Tf6u{piE);wYk+zAZ=au=uIwl
z_;>-62Glj9M?=-$ru)tSX%Ub^<E6)XZdIZyiyw_Ee+=Gcm(JHLUI+vg<oJ=T8WA;}
z@&ZUnE6fWMbV4?q_G~iv8YdD38Bb)!oV(3t4uh7sx-D|`?I&6(H|{YMLJ8L}Wk|}(
z;ZB2B894uk_NM;6@s1jm(qSTnJ#Ezv&IMNQ^rckJpj-N{i{r-Z#2BERpdQ-HIP(X}
zhlOdkjL;_&b!f~xk9QXBn1*`rCyz!Spr32w3;ct|4j6bIB{SPrk1;eMpd^(|g7BiG
z;ExRgv@R_ehnPhlmSKEr@pjLPI2sc@CIcF)VCoj0liN<K)_xewbFT27za``F(GLf2
zzP?@m5Fe*w>~iD!%K@{dYhUwA1i~lw*WH{(M$c;6spoZm@gMP?uFLjD_>4w=wT)3?
zS_yysd_D%!M~`Vo7o8{fVBg~qY)ehrg6PMVDkd;pcV52^Kd_&~SiX$Lc}-^I*}DAE
z%t3n1R{Vk>CKQc%E1_&`vZy?V?V0#q9rx2s>y01#H0nifp|U}rvi~G;VqftcVzN39
zcF&9fwFbywic!C4;&6Iwwtx042pmA@J={^S21#)R9!#(-lq|UQrJFl)&g=etEO+YX
z)Yte8gAV*rLHW2tI63rEkwN1<g`$umNsN~kBz!Y7l(fC0&K5>XI~(sI34pknt=Z#9
zMLd2n)BVtI`yNSO7(gl~+-cAC*VFgq`l61+V44Jwm2d)M+E-afFid#u>3uucGyQxh
z5ptZ@E4v;^jHT#5i-Z*%{f%oR=P;z`*0=hk*m`R=K%y8z;n>aK5_D&|Qs${CPyhE3
z4`<)eVEh@wpj(bDJ*rsJKZ}XgPct+;k5IaUXAJ~N6;lPLg?#1qZ{3&jv59A#9gyyQ
zJtXV?-F=xZ*i{j}Xq()f7jVNN3&vWQ-jqsyX_a}n$Qt#o*_n=g@gvtNEQEF3v+cgb
zb7+-!F}n3enLg_{b}z6b759nTd%P_cV0=VL(dh()o8VjbK%$@PZHsIu1XG#rghE_=
z$r&<hym8o$(RRa?lj-~Fc)aV7Z)$S4G>4xVmZ>~;N&GtNM9Zhe;N7naA&s|urqP4-
zEc?<yKc-z}Rc7k4f`Y%Odk~IO74_9$w7Ho~NKRf50^(C33IlQW2&=Lj8gDVN$`@q`
zijvoRLjDOqUi*8kH#KQAtCPDDSOI&i&GkhXnC)t~-6kl-ZJE2%5h{cvCFtQXExbSR
zYYGN)Hq7e46!QWA^c2WC%zJ#@cIx(vy|~|u|D%<jZ`>O6+kYn~PgKg)B(ZplX?ajK
zC)?$J_t6J#E;nA}SWfQua2C$%YCQ5>3jDLIQ~ifs!h1l22@oqcT1&C{RcV4%Cp#<l
zt<m}6V2PqxmRY$w9#>p{dN}q4@h(0-=45gkSPj}07OnQz&cC>vtrBevmkcc_ZhW4h
zXv}!&PJe{pny4=b6xDgGIOgw%PwT;j#BQ{;qdC{1Yg$XbXJNs47?^`K+rC=0BhCxo
zh3n|S;SoHIb(qDFLIuBxIpgG655`e~vztG?nj$GW&3B8P8#z%Nd~E7hz0YzPP@_2c
z(|P6BHu~1E+7qgG?|3#RszUtpx~a|kK~2`iXiPPsivC@Srr@%wv4`y~u0l0JvexO^
z&u{4^r{52b@i#^(HJOa{=*cA{hAkhtmXg9v=|Do?xZX1N-CKQ*zrsi=wB}qY|29S5
zZW^$p0$bA|nIF>c0<(ya`yj>lLs!c6=0bmY$ImGH*Q3e)0LRYmYW}?d+!gtDa5P0r
z<|;?pqr|uZ=wf1!(Z0mH`o|~d2gJLtZhuksZ@fF+`+KHaA-cYpzEtr@e*2FV5P6*p
ztVhSXXX2jy3fMoEnLc$tY~|!{G3(ejs4;(D^R)pTV&ANG#Lg|?!#MtyhqW{mWFG*M
zv9VSUn{Vn43A)qsw=j{`M}2l0x)>%VL(|KPwv)GnhBvSoi^iU-olb!tOppHZ{kS$1
zB{*z(Q}<yK63Hl0!+#Syk)##@EW3(vnF<f|>Ge@6bvf1tE^oQR{bRG%zl_KUu}2RW
z+Df#z@FS7PVKDf{%X`GJ?{oqK`$G#J5q&RP8QaPEJ#TlD@}$B|NmAN^^-^PS`?u9*
zN-u7jUECa0j~5uEX9V<wUuwd!dQu;-u`Xn62{p)=n*TJ|6`4%)lJ)$OaKB53IJx`n
z;_usu^N-(-r%ImoJ@}~yalhf7tPr&zNc!?2b}JpQU90QTERcp$gqo5@c)`cWhpLSw
zF7wRuAJe}FFR4?6ta<r0R!-yFt#(rp*_-zEuTuCWN+poU7Ry8x#UFpJ!VG`iUH_DJ
ze<EUa!$*hW*B+_aBpOJfLM>LPY#J~lOhw^v<I69nzocx-jKQv6QGaF)o6r$J<#lyj
z+n0*%CZXZ0)DaGQ_gQxr3$`bjbac!&HzZ;eNS4lcI80^$X8{305?2@ZKdo?`F9gqU
zaI8@M6BxgGF?RQ9%}vrEvb15hrn9%n$pg%Zm{i}`{Q9@_JfG*r(#9)Xh!2Gv{XXHf
z1D5~WcFj9t_)gS6=?8ZO$Z0;vF@araGMK0gDl<TA*1-51dzM$<)1-eO?bC0)T+jEP
zD*kg<*AhHzU`az0uBfQBtiAc|WQ~tmcfWB$^QQ3+_TR9|zmY&=A)0<&OL|Ix0lRCt
zHGj^I|Nb`DAAfn|b&0k(kE?r^k5!(w?SH%cgCKZa2=dnnBFmUcu+9B3@)Z~RplCb%
z&I=x+HYGlmk0ywNx9;0qROHt_GfJh<43In;R!K~xdcit0AJ5KDj@NImt<V0QQd0YX
z+%Nq{#QW^yuks{eU?ND++=$)&7OQ1#+1UC|wN|a0`9Ph|z4w*WXeo<?$~f26Zv-gX
zNdMkL$I|S(FvmL8(!GUZNLr4B4}NXvcQDD0YMJk$a63Opp>KPJsCS^p+;&=6Y@(Do
zrql1Zy`b7y@60cbtL@#RS^CB^`x!3fj)y;PLO!OhzPjc+((MaecrF`k>{$K$`f9<k
z26+xfncsBGeKY=1GlgPe!(^rVhJ|`5WzHhXg(dhHQi#@)`4KzwRG*{=5zl3oVm#!5
zQ_$QkjO%F%OcW#<A8_m|Lf0nq%`vbruc~18c|`GYL$!sdo~voWBPmefik^K?HP`BD
z3=vwHk)r=Bjip&i3fnmGZ5QWvT&!xby78Pv4wRWh`Jz#IevYtTo@V<UC(Mqi+ydkA
z6O)B9G9&Uqa|D=GSIeV!L724QL;P$*qXRSha7<=wO4pya#di}~(f<F7vbPLsqkY4^
zgS)#H2^4pyr9g2jP=XeU26sa6;#O#JhvLv+#Ua6pyAvb?C|WGEr9dfd|4;6DKfE8G
zd3Gi<$xJqLZFXn(yw2-5j^FhyXGlc1O7Pu5(TH|r#GP*~;;LC4P#LU~ax%5cq8|C}
z!|MbGT{>lngPoHr`)4LxqDS&pLdR|GHpneq;LR~O%$*Iy=yGM$ZX-qTwAN_WdHREw
zb@WdL!d1Z@MIVzJE04;RJf_SSo|t}zNRN8G2cfLjg0EVcDDF&lU&4C7o>wbGU95wh
zj`7DiVKVOD;aS0ln98t`8W%Qg$n>jl!Zp~?&y1sBD^pDBRm}$KE5?5pUir+kym^x6
z%;c;+2T!RMfvD=$&)afefA-Y3`MsTwOYii`1pXYS@l8LV+`ExZTmtoEnd8AnB|*sQ
zgKV*wbh~I<??bm3=7*09W=bygfg{vaN%1?o{){uyw62(eTCAqVv8buSKt0#D2Oupb
zHpEIyicO)(K=P4>2JW$^ccBv2)>Mh0qUi1Aun^2e)S78q9!4ljc6xmwvZMLqx{*&b
zS9CMBE|T?EB@F)Ai}3!$4L>U<x|sUuWw7=V(UJKXgP}DkEu9MDo$DGmm|S%=8W$=;
z4Za#HEX)==8%gqZXYi=$2-@h%>W1DD;&7Bb-eD3yJ2$ktVreu!cu&9eR9~sym%Xmp
zq`~)bO{&qmUrZ%ww(Z8%&7HpFGxF==6hC=xH`i=9p|lL?HI}pUdcn4rNOx9u>C~}w
zVYaZ>Rz!&^5oI^)fhRI%1tPRx&pe*&`@rYM)~xz<5sf;nW{k2Ea@FqJhvLDngU$-O
z*GiRpJk5s{!$GB0G&^NWG<?o(F0&m>{o$x)SH<FYZxbC_74$NmjuA~~Kd0P}UUV}c
zZ-}la1nI|cP6?hAqYBtisPLHgWQW6C0PMy<ul&{{8bAc50mzB#lrsui5<A(C(_q`X
zv#mLRjhfId1W68sCV)`fd3E?^=U>Cbd%J!MJwu!4`!z!Zq{JH9V%O5SVk0pFv>q@R
zt^H@`{Gxm-q6O?S`Sp5pb6Mgz?#Hj@m8k+%7`maS#|uv|TTn(e8BOO#B@D_NfJ+@d
zt3LO()WY7O!KxsQAH)@7Zpvj(7<zEj)$V2wz#&=I(GcF;Ch%+KeDQK3ETr#y2t%<y
z)^4nyY1ej4f<G0P$c+D-Hj^ga+2@M$$I!}WLA&!O#hIbPpO;PVHOyp8;>opo2Yk)D
z`*DV!3(*nthBe`o<Kl9K_IsLl#w{hyoebpfq8{$cUPnb*KWM#ZMj%oa&k;4BhX*Pn
ztSbrRek!#k8=(m~<j^3SE*kP~ko~fHKg3LIEs?{t=_((2{CeZ6!Lxlyab0<!hDvJx
zD&+sWOf#)Avp3P(l-RM_pPe-WFh>YP(Tf)x=nx~!71-!b7Y>NUg*PDJe*4A9y9yqR
z56X+!2VRdS39rslc#0m@lWy-7ix2JEm?~slww1e~5T(_Zrr$<gpQ(QIIu&Gx;^Z53
zdxD>`be1hU$gYrl226pAwT^FUa2)3CMknjU^Y(6y(hIiDq=o$87ZmnoP<9wqFeVxx
zhp9`&C%voQ@)#~|vK4Agv6z6Au@lxS3m%7KZV836rEmb|28CQyLhgNtO=@BsTvhJ)
z$HgZ``yrpg);wTv-#oj+Q|K$Xei+X2;XtrU2VW#^R<TupbLQ=`TgH>S`Nb>I9PSvI
zWOF=AnvWt~LIylIj6j2EeC{jxswNbw^&HhuXWKivs|;RXyxryo6nj2tEdm!q)(O2H
z>maWT4^e&XS)&-Sxl%7m%P_ACD=Yc=N_6<d{4SBNyfl4oj90c7?DlS8R~i3XM4GV6
z?U9`eqNnAhQ@3_k+j@7YLl|Xi3>30Hx9sr*TCB0HPzo%%F;{Xl&3J77m{EKnJmlgI
zb%eFS4@QOF6FT-X15=q}xeiie`H8uzanj<Ao$+JKam!<3%Xu7A2xwE(LXaArk>yj+
zGnp^5e{cKCC%+#4dNH+ZubS~YnYbcWQ_a|5R$6Mdvaz8?b>**wj#degQ`5<ynAxue
z-`AOR;fgCkCHR17RaFK;VH)EUm6Pi$-^kO4-+!Ioyz!<O(5~H8uUX&QJ^e1oW30=2
z0Cr(;$pa5r2H!YdOFnYgYuFu(A2~mMu_0;iNKV5Oi%XVFf{n}(YG6=PlQcC*la@aH
z3wn5+x$&3O`r(_|&L5`_K-IEQ<srb+J^rX)q+GB@b4fKWVxC(q=Z#DokXli(37ekj
zhG54Q5XG-qDC}t?K_N@-^|^}QYnO7V&k+n?<PhvXt@us*20!rg^Tn&%XLu@u84QjZ
z_5x!Bsp^C@I`z1)R?GT|N4qEaZQUb>{|rC8QQ3Wye;(zU{q{iRurMp4AS(I45o(f^
z&IjLbT}Z|7$Qig$;7<=#$CWFu7g3%}$5k--ZeA;t{VT7+3BZrl0^;%#^HdRIm1lky
z%&Gutbxn0(rY4Y97dKhw_+Ql4vq31`%`|n?-Y*sS$!q1i?ei0<U)!5y(T_*I?x||v
z<2b~p70k{yf(>TD<`Rh_V{iGvApalRg$xW_l?~)(JT%6ssUj27%BJ)J$aID(+}Hq3
z5poI-cf$F=+)=L+^N&t}kRlHHIeLDf<W)UDvDNWtKReY`Gi$I@4<+&A{znnnhrbtk
z@wrIr$>?Kii2)jdT-cs9$)CS1N9V=Eh&S+WMHy)|)*ku&*9-IKM}K8_NaH~S;}YS(
z!rQ5<f;SwYjmP|Tcm;!8;swv5xROS$7S1LJsU2GZ(WG2L!@O^)>A7&I&4p6%<5VIJ
ze6KP8cDJu*?xZn)uiJOZ=0ELKe2Y=%Ax@?y#TM5edLL3#X$Xu{Q{LgKt9T!;&GmNV
z^=81Dr?RrRdHhPutx4Q01+GTrY$V=9>nt2FSr#a8?(J7RjaG^HM<qVlVuNVL-G>I|
z3kDG3SI6qo>+C?Z&hLKy&n_b75gJJx)kJsw1=fAosoOcI{pIt2jj!#aiNL`kGf&of
zm@K1ZyFrE%)4Rqtd3i#w^z|iuOZh>rMGv)q*>{dH3s;;AIS~P+Z0{C1(8Phwy@C+*
zJU6xEXNJ^hY6k%56%7M7mLH4vtS!p-+e*v*^&fyw;Pr#ZUQ|O}abfl|a0Gc8m%V_{
zkd7dsxGj1<=~aGs!<5<Tiq{$&=a<!I&J?j9<X1*&{#I^}YMFz1_QuSaMU1)jVU?kG
zW%moar#}Z({$g0}M$+xKYhvE>J|txlgaWfPsS{ih{Q(lPk<s6CCZ%T;$~n0JG3(@$
zg05tPaC8S=7|(sR<g^VhlZ}{$K}PxhyJ^YGii|aWoNhP&#f`%brHsk%O%q<dxu3jG
zA;U6y=jQCCQ*-RgN3&#vn9YwsPYdo(zL3o0r(x?sg=GD`xu{Q5>&2V#JLi0*=r;FH
zM}_KH=ym0oY2~@ZS`mCl$RrZt(Cn^D%R71L_g<S+$>6|3mygqZ>)51kDXr+R)JMnQ
z)0QHavle<gF>M-^-GTg`r>`_6t&bW%ES-IalJe?B^kx?*Cb0!bb_3t5uC{51r^ggr
z+Cin18KP-ouX_%F6x;OqP)M(GFK?+bWai_9ZTh;c5>&BLBGZz_aZEGW8HYZTPD(YW
znt|CNw$cR*_O%DvGZQ~}R^{LRv%^(Q4#6pBmh^LyZX&}?s*2@C4tm6PyU?z!8Ow%*
zuc`vogMF4GZ~Nx9JJQ=kfv=a_8jq9<eYP9x-ghoZoB1|syF}&#zZypLl2lwga5i_B
z&**_xNzcWE18o!filUMWye41$B{}5zy}l4W=hok%Xz2Xv1o9(tMHW2~<cCM%f@6Qs
z_7!8356$5`4hHRtonv%J3Ag6<f6ZZQ%InNEaP<+|94yC<)rgC=f3W=AOnj4yApBh#
z92|T{=(4?mw+Ji;xRsa87G7X5Y^7)v`Y{ZSz;4CfUAqR8s2V~rOFO_Ei}uR3wM9?h
zd3XH!55Ojb{Z1Ntb-w%(5j4=-$TdLkk%ci)<lU6`z~$PqSAJy@&N(N3$gjxGG@j02
z4nGB|RTVa4&OS4wAS|`T>QlE(C2s>%xfu00n2GUmWT4;`#O_!lM`$S)flE!ElXzWY
z{=2;KbFMtO=AGBYbZKYrNQXfm-=~)DzO_p^vg+6NK)>$hubN-b{d=-CuY5(=GWzH7
zeT7$G2<8`M2&1i!4Tezj<q>$PeP>52ZIW2N+Y#Bk@LH+c{tBU#@AT5#3i^E+pNW5G
zO9<;Wd<N#*M#^!>{~$qrW=<6Qll&z)9yf2U80@90#JQECJ!(cj)~h%Ydq>C>t;vNT
z&vg&KGxChunKu6j@RfCO|LCKc-0c$7MJmA^AmA5&T>DvOp3Ya8YqCs#LAex|qY=M+
zZR=OS8!w0(Q2o+;hMU4{O@)&<HdBQhgkt!uGJ}f~vhew^FyH;}_l1!EmoqXZ`i{R$
zekvDRiN^3*SU~;ba<Yzpb72!sKF(rvpP!upl(90K#OmKRk%j8rP{gZCcI7_fsmrik
z^!CnlW6zk6-6w}M*2GJ;)}UtCXEC=YH34>I#f>EfMZI)sX+TmPn}86oKYwvAlDFTH
zh*p>jsz8lE3CfRaWSJoSE1kE#^T!xIPITe%2i|)384R>E&I!=#;B(`o8kuje1PBjY
zfj60kSs=W1N_Tn_9dP7);>#3xvCnnMC69!hW_}|3_s)(`2f}LyS%gUI&gB`oVpb-k
zJ(?`y`UU-DG367R*{wZaZ4%s6#FT(F+$!|M)zc<OIcRI#V=iFcsd2PO<H#t@Xjkrf
zM}-b<=<8ct@r>Xz4v3JOK}V3dl1nXmEOo#4;qK;5^gl7#`>VN!WEg2>4Bo``Q>o>v
zWj(G6OR!=A*ug5tm4<}^5c+l~?zcRWr1Hf!6IGh$XZ#J{xgzB!|6r}r6##pQ)M}lc
zQB7P)4Pd55)YR|5pKsWaD%|UPqr$0#1q5p!!ZEs!Ho~+7%Ih=ed6RlsxC;wjj0{3n
zS;Y62;ub5m{$agt9W)hYcV9ZLPr)p?EY8weMotdQRzMzwF=7}Q559f1{bzbp4WJ1Q
zt})%W9o6B>KRrek+-05;RvB0+$GFamVS#3a&l-;8)OOH-ukY?^%-pz8^!fr@!X{q2
zDTyMVGj;iOGI_>@c#>1g6K#xi|B|$CN9jiFyf2!#|4I9zrEIRu_hL?h+AoG@gup(P
z8=%Te4$}E3etfr%X&L<&89LFj{VbyQ=J`TxsIsui-{0u*sFN*nLSg#U%*GL^3xiAw
zJyulBKSy9RumH@JxJ4Yk{w$5Rr;(ROqH%&}m~>c}D+@qQ0Ez{grB{7>v+(c`d$k8|
zc}D}*93tf%jeUBRRO|F7Lx`N3nMX(h!2GOjN=(0w8_e&JtXsrt{7v#-d`#>EGN}R;
zL!OaKaN{STj8FN#Jb_2NFq&w6uzO+9UqrBk8|wIqF5qyRWB$uJR5^3{uQlw&#UJ)T
zrUd*Sg39lWniDL4;SzsXm`ROI#Y;_1)3CZ29VKBO(ld^KR?1wf-(yf3{VekO&b76E
zS&}DSM>2&ZT8n4uqm1VL`Sm(h96qu>akmqwJ$&6#3qN@ib1P8IRRF7p@sveBr|eE3
z$#|ni{YLFG^~sw@uT>)7K<*q>fg<>^q2G5q-yoZv{{3qif1~lnuMURytS<(bMGVY{
z@W&bXBII@d-uGK_EVGF%K>7UYA(EN6Km$JqKL!~4KZVVQ`?mkR8TbH^N6CHQBp96N
zVx<2Y(tSmO!^PaU);wTyrGHOfNOt{1MsShrYA5n+FtV04^(_v79zXi`{litHN+dKq
zDsW_=J!#=t<k$P7`RkL2+1~=(?bi%u8aN-qjGeqRTi<%}JFpa#I|&L2#DcN1se-5v
zlBdx>@Gg|#)a0rJoN-lDdEgLJxA-&_&#(!<<0mUpSw91`OEPyZNvdNwWp|cJGr37p
zP+NWw3G`)QO~>VIzqmAbgg;Fn5Rczdc5y_OkkC2YlQQpA5u`RBSp0=T#B4cW8dflZ
zP;KLP%fOR5m+}=2iQ)HNZ0K?&L{1xgI!8h2i1D+ZQ!q?kbUCAWGfL&Vz{6haQl|FB
z_BY7@qjPDauall2>0&I|VWnnMQ4Z5i!9L6qLng32oH<AP++J>9hna;$z84xmL?V$3
zZqpfYwPstIK6TFw8w>O7mB@$21xWQOUDsY7Ja=BS<OseXj}x28wio9=U0Ny3xv+*8
z)761y5OoG$71pN4x+Q%u-TtVc@f_)VYf0NBf39JnDnf&y&%|vCghH)pI-w=UzaJiE
z!XFaa-9*C=5>VC1a@G0vIJZzOZ0g@gg9zjoRS2%4;hJ&@Oy>&b)8gchtSNi(<U_Y!
zah$|V!3;phrbKwiOj-2kK?a3^bl3hsFKsifxfmyUn0-QmOsbG`2(=sdfPS}AUqDv8
zmHkh2ApT;(1SR{zR^scGChJ$}8>Jwdl>I%Do`#>VRuLsZs^I}IXzsdAy7&D!o5@aH
zZO&H*%;46C%plN`cthr!u;t4^bD@p3>Z34<#u~-brgJ(aa1Z9)*8`iJ<?5%`?+`6v
z!vTUP?oY|jX8M#LBSPHwb>&7OyRV<u?656BK9~7)w~Pe$Tq>$7IwNhnt(1cwq@_mG
zvuCQP^?Ft^_jK9FSGPOZWoC_v$E?G|nQXFYf)2H!nINio_E<eqQyyj3OW|S+8>F-o
zu|kF|Gu{bSH;E-jK!cfNF#8@=Yc!qR8x`I+!C#|?_?<DBgUcN<z^Z-_%3^MIW>4Wh
zAIf~}SSc~_G0<5x7^4jhJ_%C9YUVH)-AFXT_2BIR(ydwasL!EGxuxw?K>kto0afH(
zQJD7dVPd3;6^${M3()yjh#MENruVwpP~6zN9?XyCh;zmCL!Sp}p9G^NS0eAFYAGKM
zHZRkiJzpS{sTmyP(5-c2_tFSyevEfg<dfQn4Cj(%4Y&j1^EnZN;RGx4ZSTBII&(#q
z!YjNKYw^TBbJ}q-e`FYuylB+qZQi=vjPbtpb&_#cK}{s2Lq`Xw+7t9_cV=6Yiz?<>
zhbXeQvPUtfYVu%6u6S~=7ou?#VeURm*MAnK2uN(VYq4ynXkcva6)^(23XN|C3#hvX
zlBwYVb?kezK=JM|L%g{POb|BJlKRjcs}f#fONmm6!oHtP{9INf#aa58OAb#%w@TG*
zezUW>!h`}Zdnx`TM6>3Rn8wX6S?P)QN`$U9{tjar4{`j_(Cnf%b&Mh%zZJig4l@o%
z7c!gw(2~|mT8TxFqOczZYk4jmT}(#$9D)!-KL*p5GE#r-Yr;}cH#jR#GUBJQmh<eE
zJh#MEm3uIIc$q%T5&-)<{ZWf)(ewEe@#lm!U7%Bj<)2TX>_5Xgm-D_eRUCQsrAo{S
ztQnf#AB>bj^KGce*9-T9qd}=v1eTM7uWh_LP(f09xm%}Q3g_|=^{i2{t_y$kR-<`r
zY53=i<sena!))Yai5i@A;9>tC5u=N<<_Xvq#k@g_@;-OTEX-C!Z3ELTn|2Cpv9mOP
zLq7MQ=LZNF3^BwGu&0y4CQ*Ra3`K4GW{L#}yn72Hh=_`H#e6IAx&xFE-O3f%g-Qq%
zYOuhH46gwNLw(({!mGbv9v>A-?-YikuqtL>mqAEVGR7SRGW%*nUQH3(s6+;r&B`)D
zDrV88RQGZh!cwF?MUt2oUXjS3UKf&9mqAP0%%yeKzv^G345dOz_ym<v;1JvQ!)4co
zl24yD=B$KLQa^snOYwcfkRN}(H6=#5`C<;H2hJW2o^KiO-pEdY9JoS#f;%B$$6%L=
zQ@YvIgUIF^NEe}uE8EiuCF-JIO*UO+zlXl|zR&3PeIX4ed><clblQN5XhX+rnWq=m
ztY}>>{t)@{3H%m~=ymQyH-Ew+ljVmuzJK{Z`XZuC{}7zlkEu~OkgI5gV^|7UY!D83
z6Tza9f)Qb35l!uyMPWa`-|c$PDTPO@*C`Q5qmDRzv!$ozo<v-`7#!Q}e6#<lk2f)Q
zzDij%W7I<SG!1p1MJhx_Zx2rM@}|!u7oZ?vrPgVAKbRKq^-3nR|9rQ2{tn5vM;r+w
z<f-+5nfxYvqQXpcd%d9;-e{z<w@rD6?7y-&u<m=fzRSk72Y$xSGK~C{bhV=V<rdRF
zLG)V0^*gRE)|gh`E56TsU!ZoY-3GyF3uXKLz;qq8D8&~Kl%l0mvHDxtaPe%=U;i#|
zZv-S9VqvFzSy~>!lr%^V1oC9NMEK5JP51ph>wBF`!7sWT&0MfG1f3^pIy5!bB`_G%
zFw?dx4OHYj-bH=k2z^+1ay1WWD0-$P@TgXZr&0)T_w*0*e58uk*6(P?sXI(u*XzFZ
zxtOY!#03<+2P>n@rw!l=evXNuMh*kh%Ik=E$d#>U;kEVMY|9C{Q9Ug>KH&s(y8L@k
zx~X6G$Dl?2;r*a*qhL%%A+4^8;$UvU<I^7QcZoa$Gu!y$+v9kDfCaGfa;_32C-rsX
zUnIxY`H3zP-m*nMZro0+WANwq-}}GUkWt0@ny7@r)Limkq&8o!!hdF|0jYIq&4f8;
zLsOa{)w>}}zh(Pgoj3l95N~;Vla=VqlB%xiJGlF{4BEa>yo-4kI_L21<(}SOA%0jY
zSB-%E(_fLxy_6Lz>$Wr+W;u&#Qwh}5s`T+dT7a@#3Wn&~eQ@eEn;!hV*e`$twWg>;
zfwZNlSNDmjfo?P{E?50aD~V6SR6`$JUlb7S-QlUnKTHA0t`L4NB_yJO1P?p^3r9a(
zdp=z3+`WB(Md95G0Pwj0_MD2+KXgY*-30IPzTIOYADV`3WXrrlm5|py2Z$1{Y}Loc
zM(k5P-g_tQ(O#IEO}Ax#K{=NGF8?^6e5Yu-WIDmHpM4v*dP-A>urm}FyY-@#6zx`g
z+Y|rh$sK|7LW7~gm=w{ub}x-Ig~G1sVM_^(@GfsD*$ESut}LzMka=A8)|9S!d81-9
z*(`jj-)a1C>4=V^Z`j)zm4JK|ec5{K!jEt+a>=OT&IJJsMvCyI*#eN#bvD9uw1pI4
zbe&h$T)!L}C)j!zjIRJkgHs9sceeRH7JfDvJI$W5ia!Kt4muTA)AdV1%gvZ|$g25y
zX*wG#8V0ppm+K8Iz<TwcGeK<};qlhTG8TTF%X93ufj;S)o0{*86l30j6&x7yNZEJY
z%1K6MXpC)2i?52lWZ@vRSNbUbIkc+IT_!I^Q4STTF)G0JDBU=5W0d8be}i55gU{qO
zL=mC+?vlj1?#!{@K`z?(vt37-quSYU_m4_U4<B5G-kwVmb%Ku{7y6<0@8k}apky|3
z8sN~n(<X$Hc%_Fd<&~cTWX~T)D%b7na`Sb*a6q}Le;Xh{Mn<#=T}Vfv^XKOW$}Zqd
zxEs4p-V~kdVEYi=zy+U!w307!UTccivy*WKh$aeOX_9VAF_(ImkG)MuV%%d@d>lbw
zE7t<pdG;9Uw<X=x9p->tIq?7NE~H<{hQZ7t2JWDK_5?A~+}M@HZbbhamPU?0n*@bs
z=uiyca#8AvG+#DxlVcvP5LvIGQ1(e_zTku_oS~TgClNT`RBnIiZB5<SMf%+i2-P|?
zwwibQq@#_9Ip+^CrC>!`|DD?JHXk9qy&hYk=ATZ;&5=kiQ9`kI=OJ#p6^sEl3Ckw4
z_Uq-`Gr>Q+Va4Ga0uC%<_i@4zgu+2%&5G*6EKb_*`=mQ#-7fXR810p@L06?4O+*Op
z+&tMbn+6Y70T&a_^{roqvz@4IBEqz7w9*(vNtc2Q=?Md4Ysdx<#Z&7!IT^&QHRqmo
z%r|^M<P|+PaC5WV|07p=W|yHC*1+twJp+IHDI-retu>uucD9&BHJH-HAzs4^n(Nb)
z$L!_g%<S54U!NIlFty^UCCwM#c03{{ku6z-BhM?6HGeED!b`HrU2d8l!|ae~-OJMC
zZ-&aH++PIRe;d)S6Oz-)SFqWzbkH1mmz`TaEW@l%U9DF$ouuJxAq*hSBN5@70yHw~
zOwP-WwPo<=;sIk4S;S!88U>df-nm`oi!5LlGi%1dm+!M%%F@IB>^|u<tN`fgis)c1
zMAC{MlKyWeH5?Og1+B`4*J5+p>7+Q&J8E2Vzlft1fo+Jcj(7>>9)8zo&Y$oaL~Su*
z2D0jN&O71apJ}s{jaon;;I_xsa<NNs)!!PHRa-ScOF@5N6P|MYxKMS8Urw!rO<iW$
zZ0kE1M=02O;Nut+lqPexz*iS0csN`3dsp_ZfG+)si>I{6OYiJm#qUK*XPw1d2r~G0
z+!v8y3&9x9G~$q2b2%Ynn8GXLPrBukc9Q&N-}TV2t#<FznbMZ0;ja!t+nto*Hc!K3
z59Y4O_7<K5<#h&6jFoOGdoRD6i9mRuWKf)&hC4L@-mPADkps6$Sq~M8UEyI?V<g8d
z2!83v%XlC^U3bcKo#SFhX0G5q`Lf&E3`??oquLDEz(>D&+ekd@LNkRa*8xPumkY|O
zxz_SHzT5e+V{!|u2NtFB5LfDAZ}`9m+0s*Owa4e$?T3)qp-&d;3-ee$CV(Fx)uj8d
z^H99=(<^^6yzHkE71jI}4+#$}7C%~@8X!G$hsH*m3_fY<p3U5Cx_%R77ygE6;kxtA
zdr*ni9$?rV{fy<o;JI~Nl%q=2lP?-3CdPU|duf^+T`rk{XYyAI<76wl9lKt=UdV5T
z?;$7Q(ciw^4P|V_&>4F%=r%;L>I#x@;d^@WFXk8%@J85Ax<SQdkqPfc;^zD?_0un@
z@wlXL{``x2^GqeG;r)+)CVEc=s@`@75`6)Fz#dkX4%e>~yuI+4Uio9mXDxD(EgPCN
zYFNU7p~e^};_n06^RDzm_}bOglk3^p0k2O<<T))=)=#^i{|LcO%CY*MIHB*>QMWB!
zy`Cp`JC+U-+$J<28jwch`NEsm5sD9Q-gRD;UPpx%pU?MVTubIWv1!nY(4VkWSiMlC
zemfEJ5hP~kHujj)jan8%wLsOXnzLD<u}ZB4W>KvdsH}B&Q-L6>29soW(GR;+W%td2
zg{SRJH&=c07uOl$$il2xo=Vt6ds55BVIXDU?%Sj~E=6d9(E5sv2Wox2Gzven0GN{k
zd}My+sQH@U{u$FuLgtXu<j_~5KB7HM69yU{Y9$go^{eAYcnr@!8dF5g-+x&@g9#P_
zVLbn}9jJ955B&LCtpDakWP1w5V9@hs(+~Z?VRd}-!M9P%a|0^pGbh_bGRf(?wGGec
zG!14M=&1iI5Qv8LZSOGu8WrFT=PmL!8t?mb74XQ(nY}&v>=z&Js~cww#nMV!ySs5+
zB@(qo?NTp?bAFzb7Y`R(q}sTg+np2c*vDy3vMJ(VsXcD%)93$j>#wYOYQ4iIrBh<+
zZr6;No9j?4-E!`PP@cQ+$pv|L8FdE}`lArN%hw2Q<rb*q{H6}IIU0)RP||ganQl+C
z4L#@H`re){Mf2GJqplk6b&T29bl#33>AR)1%V{%ev<+D#@hsUnsMJMxnKX#2eGW!c
ziOh^h3j!tOac4yA)w4YbM#5fgXW5?1D|w>VZ9A*IJK|7s7b|irH7W6OI}B}G7=9^Y
zm{TDa&F8nVjYezGSH0V#qeZglF)^Du{f^$5!a&xew_=!@&nCTWw(C}CzIBdZsD*8S
z<0+IVNKEW<-L|2qch2XPcK`YL$*-2z7g~ZNJ7@8^R_KwoIdI%1)edKqsi9{=$!K%E
zS<WHN(DLIjrGq_LC?N_xfrhqSwZC!yP}{vLtdrq&ihMNp`cdy67x=6DV0*pkxzFtQ
zd#PEm`9s~jxwaI4!cE)rUO&rX`0<zr-6^EB^P3S2pZ12YVvzUKR*}}Z&3l9ewW-JL
zkApe-RIyX*5Lva`2yZl9PNGwRxYwT_e=3N<fAx-QZa4bttuz7oZTwFya)KH=k=57z
zEGzO8P(w5nkf_7RNQKUi7|9x~UXSFqh5Di>Ix<k+2j0bnk^QeK_%LZdS4Z9pY+A@m
zW&;08LvHxYeu)J(1kP-lmmQIFpzP+F{9k0_ljgb}-IPzAfb>;Dt6e}B7q-gCw%A*Z
z?wDu;EdAoY_CTVnpijxxbH@|I-oyuNa{!MmXt#$F6LHP3+kE|4dYy{1ZzqLpU>>ux
zA6=NCj7Z8c#(CTGNrn^~IEgt9%0#G~DC5H?wmtwfaHd4&2aa?SHvqrEAztaXnu<+O
zD5ZbDeps{EK5dEn+~K*hsGmNc(9&pzvU=5-4DoJ=wQ3AGnIQMI)~l0z+3V);;_JDa
z6X}``e`y%w!lH7+otJ}qq+Z+FmnP*rQ9>hcDEUFjd%dZ%8e$GySF#P8Gj-wV{(}X>
z`|thcoX~(NH#g-y0k`fp(y4-QSBgOu$_AMtVc~koELGq1p^1ct)eN=gc9>#_>AD!f
z&&zBAbD>$EC#%9O5>LWM0y_M?_V2m_?qVAgAMyhoz(q&uCW^1F(T&1OejjU1j!Uo2
zLQjfncWr-%mX*crTH0&|wMkIpiExYH;VS>=f9qI4Ih2McRfzKL#VT3|W{XAw<*{%O
z0DvgG51Vbj@GL(C(_(=|e_Ubb>cAiQWtudO;u3B{tHw*uD=1jcLkoK86<>DUK)wP%
zr&`@jVep@FH|Tk_TxG+eHQ5(J0X18wX3c(6XX9h1JS`+zt-hRsx4@WfLDo~2f`AS1
zC1&o}ih`a^+f^RF4gA%XVhT<^MyTseI3-F1^e3WcDei^Ocw=>gSmOmYXDJ#xG9l7f
z7_6zQYY_mTa*P8Odo&9*s>alBG>IN{g@iT~)1LSH@AyXp7~p46j+3O^2&&}xr-oLr
z>Lt6Ky&s*rSa!v}Uk<6RGt;xjp<&h?P5Ca(b4#23PVSI%_uz(MBB;+?-s1j-VjBWU
z`<>wk8d!Vg6JtA*Pvrfy@YGfXV`+>2q>A5#3fpjP7n}dW-5OZCJrapVPvE4(eYc6A
zT3`^i+GHibk>-Lz6%tYUy}4#s?hc(45tQBlfHU;}Uv<Qkg~e?16QKV71*ywmc**of
zo|4bZt!q~0fLuC}&M*&?ZMLA1*wZx-YmEc$4Dr(v_b<|4o<y{NNy>w97CU`c1u%4l
z!y`=Y-Gn$FiBHGO2*;eJ2wpX3;qODRf5zVTPYY$wsA59^&dV<-9@C|K?(Eh1K-oxg
zGLbG7bi13x>Q0qvnmufq!Ox$?xQQDA9ru+UN%-JY1@fM0^SBc`Dr!<wa$$k8l_5f#
zM%&rK*btosJ8h^9P4huI^=6Qr)&_|g@*L9Ua|VlB;dE-P^7-lMm232^Zxm3~1WWHt
zScHxLe1;=}Oo<yZsL7-+0GQkEEC9;KdW(eQo3+b#@~v_;wqc4cwxH)?4DVoP<3l%Y
z-3<ZFo@2dmH+NN*=R@OOi-K$2aRk41u4zM&mr)U@x|V3?BA?6MA?|ptEwzdYJXQ@-
zT>R{PHT*1%hgYlrw#*b>eZcbzE^48AolrrZqs~Pl8gYkwtV@I$K~qlp`b~<p_PrQY
z1FmxE($Yo^{EhhitPHWxA~vY9yYQyv$<M37h+6`N2MrT^6SMlpf2UcSC!Slrue%DR
zW^?FFKpJK*-V6j@?S?)K&Rxs)pI9UR2sb&{m3dlhfA)-`#&rO?k+OPxe6;&g=f_iA
z1MYjAkh}rt4;>Z(ZeR-W{llM*Z)bl}&?rLgo4%1Rdn!O`9qd}Z%wm#ag>=(=hQjy>
zdaqb{eXvhuG?PV(4p$wBlZk!S;<L*SK8od;+dZ+EZ}^fp!6<1=CDby9gR8ECO>}5U
zM~$V1Ur+xw{}*BNZ8<9*h>v|dZ>mEr{M-I5%)B^<Sit2Qqzi~cJ_Mt{-UUmF6SKOR
z$%o~wLi^5J6Mm6#XcfOVAOhSebsZgA;K<F%)zS6MpNGG^jIC`CTDr#S>7~CyjCn_?
z0V;Q2xMCzSSS3vcx-7s0Hg@tKn9!YJEuxp?)fJLl$@R&1QIRsPXy!ltqssFA53t>x
zD)i$+5)$$cAmlx!;j()x{m-4ZXXw$~&L89-UgqS&8WOXY3?OW%ZLVGT-AUx2BJ$5w
zWHGiHI*AB-h(3t|d>|&|CUmbzq#)?ZHe>zd0W*wptK!Dv=9jH(Z4hB4rLPubRV6ty
z&tFp4zZz=+MF3_ifEhqO@u5N74&nz4_#fhrwdD6!nfuh5FIQAlQ4A&w44S08DjA$Q
zVWER%=U8$FHj%i$!2^71pe1&hPjPl>h-m8@<&Ia%=M6Fc!rk1s??qBNhcpR?JD-y9
z=(4sE*>3sp%Fe3uTZ>)!j4qoRBJaF*j%n4?PGhNK^1G$MjqxK5VyY>=v^MkTeEvc~
zsgswrhwr>Zv!+meKU)a##k9bmN;b)70=?$ur=W)C1xA;+!TtPSZ`w=a<wK;@r<Uh@
zyjD0{r<j6q+Kj{sXeMiy0)-4Q?e7{5f-w#~QwG&jj*3#YVlE?vEcQ|ml9DbhEq!PA
zL`CLdG@^4VAJ0FHc=kMix>R276t~s~lfe}*tR<wyd>RlBDJJo?Xn7la4u|LSt@9jB
zGT9pX_+SvtX!InV4Wdg=B%pK)&e-FjXgd*@X9&U47ULz88zp%OGGhp|fR=5NmgBtm
z4z!w4|GFonbZEgwZIa2&XUorAT;DBF;T%&%<B~DlIFR-)1DG<~=PRD9Ybim%c48dp
z0>JO|+(YG#q4R6#UVmwLAbGBzcUgbS^KUgOu#ayuS3!J`Dl`&_F+XAQ6;Bpx^*|Jw
zyxz5cuXWs^fqI3U5<bcM0WpQztXW;m&aC>om=EW^wf4Ye@)nn8MlXQ0wtI4mTQ_R1
z?M9|6Jyes%W0vG6f}rpoXB=X30U`!dzC_H~H~|C_O=hY~#fGVTQ2O%Y^!DXFq=VF)
z!QU4PsWO-y^%1_9d}l-(TgxkBmCObZgGCeKh<5FCv0Ti2!W{p4Brn>VxPixZV3YTE
zhy#T{lwu?FsCBSLah5`C=mjwln`D9cz6W?j6fF-8#M2gu#*2BL*~wB0^^~?gn(V4C
zaWGX&j_bcWiFbS9LjLR26*J!}4wtMHq3=qw5o@m6a`?t(Albk1*MK1;tgDR416Kd*
z38gIW<*412A*@zfrVnF}CK0;gALyDB=wat+79)~^*k5v}cfe6+_^~o>{p-#aEjzm4
zOGOIh!p*nuUEHgRq3=Hy8?D|cr(9f2&xM9&&{>!peLE}b>u2KZmJ+Eb1DR5G>%zVr
zi!4nll?nOOIjo0obC8e_PftnMo%hYAH+x#SNT$Y)lGEUTXD1B{NyJ787h&}T>3LmU
z5*b|TY!Y3RQ`tB}_V~Ebt?^DuC{L?pbuI_{VP1x;LrcBS&HzR-;+Q}weO?D<+S%L$
zddpb`TF3gVVLbqVP(96xB_G&51OHkc_zqJJxYiFnv7H@?;TwaE;=H9E!m%HfA|sS&
z=SxonI9BcxVqf^&#8!Ntst6^poV2$D1&!ubS-O_A(T(Ps<n7Xo#>V6sCRVXrjXhf_
zT&jis_J_=h8C{|_jE7!)j+<oU0KQ?{^}rgwu_YR%SK%Ce`I<C7nj^HB()D+U?m^r6
zVRvG69x`fT4K+U#KNEj0EXI$~{*#LfL*r=dFin7xGc_<v?E6XS3A8jw<Mj>-F=J(Z
zNtE`7@^o_Rem@i%rs9Qb<K6Eiy_xTTp8KZaV-ra6iBNvLTl67Xxf=>qMsEYSun}$m
z;gRZA-io$<Tl97h_A?#=8#)ld2|%M~DcIWplmwJo%erhER)r~iF9k)79`!oti_Otu
zFUhQiw@S*r^WFKlqXemJ>ba-}2WgGk)Z1Cv?h&O^do^~Qs;^D9!L~6mIBf331lJ!R
zcP%j$Npd$o=EO2dRnD>==3=F1LN>KTq6^+bvZ9|aeaU>eRAz3=E0c_Ks`TBNLT1H@
z5T7Q7=Efu5Jgf~A1E8lSreV?bq%C8sdaGOoG5Dq%xW@NL&&~xnfP!1!z2|^fL0DX+
z4rkhYp46I<(b^H)(OwgDjl|+Xg;~Vf%6*m^-etjNE4L@Ny3gYE+x)Xg67;wq2T}B?
z&WuQ{=BI;&6D0GsYF@!RxL^pvT&#Ts-ZiefiEz!x`_<Dp5ElIX$$qfmcEhIuZ(}`d
zLZsd74G>4DL3E822GyyO)PE@nn&}F7ISwNLX_S-7WYG$T{K%#(l#iWl4>>An$RTf}
z+cl4J17wkW|4t;RI)%s0)&J({@85T!15tnfMr@zF+F??0>s^TW`nqEY#Gpw-Uuqwf
zu>^n!_sEtO{&w@=ul3+@geBLPhP@V#I%>X;d`574UGkLr*CP+CdAjh?$`56s;AhY(
zi>QBL4>vbI%rsMS9H&$r^HQr}0*<7x0nhOB!Kj;(-B<GK(uGZ)H@lTLw=}6)|Lt9$
zd0y}&|FO;1`Nu~_85d^)Ss#J8x<FbTVA&4x{XRnT&&Pi{1J6Ki^ZgGX6HOWk-*r5{
z7nTYoY<R~JOFa=fa^KFLMqa2SFvw`EX=q}zgBknJ2WziSYQjB3@6ct|%Dw0J=U*^?
zaPi|)ul0P+^M2PrP8t@Tz!6iSuM6>WXt=P=fY>M}p-#@L*$;(3DL3~?_$Z$P&ZAT_
z;*17-PCG;UZ%%TzZo3P$$|8UN3ym^1sh^~lD$wN5B-eG2!T-JcUKUd23WlG52*fmA
z+d;nLRtjL-AeD}=*V-5{lLDpaZA9|@Zp3c>EK8QD!H|yr{J*GhY*ECL`mxjY*60gF
zzCozz-REDrz(=%dMB~xFwk80IiTKakCA-GC%V)`2p8UXy7(h|F(!dJpAsw!RT3HnW
zi{nUwb+_Hw)3-a0wj203d-8|4>g3jqJCQGK#os?^n4QUgwIiQi5xTbXzp|@I{zQ9h
zPYB!CAqL*x9p9+kS{etxm|G0|P&RRWzWW7NJ=Wp}W?j#>xT9Fv$4E;1YQP_t<YS;<
zHuKgL$?NtM`HpO_xi1;~s+svUJC=^8Sr_f07yAtPrP6NGPRJ=}vsZj`*B&z&=klu=
z9xu4QzW<E4EqNmAQ3CQON@n!X(x~Ia0Sg9p5|-s$h0o}YRy4?2Ap&0l(;7=IC$Si|
zPBg(+W#Q_gixzK5G~c^JANaa6$(#q3PNN8lJyYtShCHvfL|=i#*KoU3+yYVC-|pU8
z-10miyDQl4ymvi7G|4XC{`TkPDT?;V4J4N@>~v$k$TZ7@H;ay0GWnf|{h=jZrj$Z~
zyyMZ-YUy@693ji+V^&PLmE(eX)sQC{Z06l;^tG^|=y<Hk#IvSVtJkxa1uC!HQyN$Y
z`KPqiDe!NL#G<>|Fuf@+w^P`WQ3hz@_Q^vlr$(5*zD6W(EY0wxkZ7uv2C=Z9H-liB
zdCp=ne~oBsqer@)r+ZDSy2iASMiak5E!|54!TPR5l-6p|;xsnuugb)&160VGtu-aB
zwUq5R1|CQ0rB?vQ^|dOO+&Zj98Q*GR-!w746=ieslrb-;A<_5<w$U@mFkT(4ZYN<=
zbKF>K^vVNfYmwRLZT|Ob*nQG<-8MSRJVdru-Lzu2tm7o68bmuSmqCrIx{cPU<CQvw
zRhC=hYw70R43<@vjgFgArXvC?BIEV-8x4Yj%mOGj4KFu$XF<2tECbP0IRkfnu-m3Y
z0{LvVi>#>`>>~k%E`2WJcsjkilf8)(UxKDgXRb6B;Krh}41Q_qWUwN!X_`>G+2)>#
z!(y7Pp%HJe3Zgav_D4MoT<;Fbu9rpa=3AW<T7T7z^Q?DEPk!)RWZ&_2@nYL<2HB4k
z=e4(|bQ-4Q>wK$;7gBFpPMr+5o}m?6?j%*Q2)mZ%?w{?4x&)1Y8i-twXT{xJzRqUC
zS`_X~azZe^o3E$?1BF2o5g46WnRw<0Qnvyea-Dc}hFsNRgJrYS+qdL2Ld2_~ks~5S
zqbZkx3A)C?&5e=z&AGjk7en<Q=bPWRgPl5HD_^XIML1F%Y_p*{`7gst+t(c1<|NHp
zRxx|<&y|wuWX$eGOuQV=wf$0&9u+ODv~5E@S~7Yc8(+?aGtg$Q1-jh-RGl^tYz*FK
zd-vJ^rbd%CXI12>IsLrB-LV~{Ce_5-T<>1qNr=2?u4QS``m+hQ?BoM+GuFRm3<u?f
zJn3gx10T$a3*ovYG1%FfLu6@@4ec6oyz}#{$7gOFH4(9Gu@FlwmgdF;Y7G{PmxTzj
zr&RpgQxP&epN3MkXC0X2Q&ZiOoJJ*$>q9EVGAeQ19_#h#%lM@h8$tt=x#Scq#PXnO
zvyFV9hPpLd5ndMX4*SV_|0}!S^u>saYJ)L+no|-@q>G&ZjI(zg7N%b_Q1OoP90AK;
zp1T5H5kYGh3eJ*WN$a0IZ@&E0;9HPAIr)-Z9)1|z=yweW#aI(%(KN<;<I*)+)$;80
zwN4QJeA%K|nKtWZI}|(Tb=cQx5_Y6~@m9*Vh1>C!vZsAj>K`GNtm0W&RO^jv@UEd)
zB1g*Ei5t)RCb}?(@#iuU){8X+lS0T6<@FK|65}A)`izVHQCswWjdMpE>{f}vv}sLH
z4c2K$ftB~bZBspZoU=FMx4cciw+cK7wDT21Va)3#vxQ5iX;yc}5sB8bYW*K|7M1*u
z$ZQ#;72XaYFasgqB}3nev#IIO@z;XB9C!T|Wm#xcRJ}feYC(_zp*h#>zC4?87Tu7v
ztwgp8t#-K-mLzFq;m7{9<7)nj5-m*SJ~Rm9ZI5hec}D`E`QAu>6z+FR*I{$?dW#tO
z$f!ws+gDR_$1b4?QH4CxldM-c(n+-yRMC1K$D0hV432lC#a6L8Fhkl~y3VguadLXO
zqb4h@M0}*4z2w#3t@zOEtUBBlJKm=yt+Kf0tmmJ!+l`Q~?R&J1DvZKRzj=vxO6`El
zQhX#yT<(8`g`ats<D21`;}g5~JxuC;z1hUnIELU&gz9V0!q7}o1sTs<-_G=D+g12o
zpr=`n`YSwbjauyTK^qKTAFr7|G)BKrI*8tqNpL52sF^Pf*6lG&-L`hpawVIw4H169
zaWLOvbgAnoLW?nfTZ5vqG=OtMR4C*v&6Vhf>$9!hg$J5sbiW0q?3*KP#z|jtgW@DE
zn?MyF?@Afz2YT&37vLi<j|ISj(C1n?Sx;=m6+oty0taM<=M$suXshLZ^Jbu)dNS?L
zN-&hczs!kciuy#s1nL@hAx!$IU6x{LkuGvoO4TPIHc9sL-YK%Ru39XcFqH+~bY5W<
zzm_9i@D6VOaZW;Nd4LTSrskWgew2D(ozKCM{(BjJQrl?87Z^$i;kGc7Y~mq2gWNQD
zLMpmfG$DFB2z)cELO0`E7guA<`lUr~+TI9ejdivHStj{@BLi*)Z=7j2?UqyY>1L{F
zI22BQ#Rdu=se89!-M9%f%e3yf>OUd@7Dm{TCiXkORDW!pSn8s-ZP}T)^BUMRGdly{
zx`@~9ts4?;H@L+3oBiUnK|N2&I_!`qzMk2HSJN+>elJ6ZwR^XZJTd8N%k4XUx?Enc
z=)}3AEbQ|;tN%o`kwHO2Z0={!4j9NTIsU~WwGo}_F$PovT7`zz37GGi`hJLOtOi}L
zuSXBJ_O6I`N%zm2qn%}h9AzUKozLs)Qki1trJY+X#~h{3eR?lm_zSyy3k)g0g@5~T
z*IggH$%KG%3)R2wb=l<wd6ILC*^JZ?>&{PQnX-F**UC^eR;H;MU@^^r+fdrv%qcqh
zQ>Jf5evz?(+1Oa|(!963vx;sgK$FWkl9F3@6~e2D+vZK1&lqNeNpn`Y4LN#(Q(UuO
zy7@9%)gz4DwsvkH=}iTIE66UiPr8ZCbhqrT?&)qM?=annbg!}wgva>lv7n|X_w4Ao
zWl>(XG$*`M$q6|5i;4%ZkDK~FS}Bp_eWzEPQYadRn6NE{ta=Z~TN5;hJa5-EQB|0Y
zEE|4%IzIQH0}8_7ZCQ~j*zELqiWtsh_e(%O?s#2|vEhy^bgxM2gb^BG8p30~zx%bS
z&^j{f^yR$)hm!xWRwk>fAG+&E1R)w%6B>Az>kM;VwXQ>03U-R1y@dx1{1=xu)ykk~
zb19+kynHt?)h2UCrtOStOBN0rdzuZN34X}rOLjR}m)&SwkAlOgcwnC2em>cVsV#Tw
zx`pYJ`a}RpfAcKjN^=!Qp&LEimVUvL%M=>^Nu@c%r0aMmcvrDTgi~KBJ?MJ)aL3gc
zIptI}LfQ23eVrn12Mal7`tcKq9Q#Uiqi9Hqx~;c);dZHM(N`RSt%_RMA;kQrM!W2y
zn`E%o(~qs?ewXOJqc9x|5UiEGje-)gUhK?LB^e(}M{o2JdQOw`(DMxBqd^ki*ncOe
z)hSx>>A_A<rd>9ynsQoO@Qv_aZJ*6^giCi4k-g+hY!RC}vrP&xE%$r!qNNFha^b9V
zmX7x^hYPK+yGeSib%R^ivXf(;!>110!#;RVOq4y@iGylXl~}}%(4eIdeG7D`cy{nd
z8^Yo~NAl+BfGHZgJE6W>3Z>gceeZs_Y0MRfA+B?HJ-V;P*4f@ko{A-X?P*1d6H0<@
zIn%ZdGL~eg9h>6LzWSNXdCB^R97MZ&Z}@yAGQ7~t(aYtsHGf-34)&$Nn+KEcxUEL-
z%M3Kl?SakRNL>fkwYM}Se9^@17CrvlNpQB(q}~Y>f36Nm4ZX5ED&AhFV*U6+xIMth
zhw*IA!HIjOJh9hzY;ijr3W?LG4YuW`R0$t%JeDQI+Y~ozhYRitbs^OHFGn`ryX1y!
z^c_z{F2aL6a#^Q*n)XLh<?aHm#YjJfTfJIO0^cdxBCkDxD^P857MD)QW~p|ik7%};
zt+sXZ+JY={tC>~xV4<$Oy4A?Z#)@oD-*!(BDWVtC)?a;P+^p3g7b7LwynqvPYTvIC
z83bxV*;#ast75(ZrJh^LEBz)aN{n;ZvvRg@FT1O{JmpHVQD}z;Z_6=X-y&0w>PVF$
ziW$b3iHC8;u&hk0%ER@Xk9PX+<{yCQ7KPc56MP17ykmi$lSHp74(wFub?4QJc_~YH
zsVbY>K_IOvhQsbu%*I<n{h_wsV(V%1Gy3hmumqZJpW8pzStn-H&81T%weQ6c6RAm>
zrIz2_KMi}j<iw!8ryRhxd(-HzPy$n-I-c9q#)D|Xf%h`6NG{}itR6F(b4umnhLWOQ
z3ec4Y(57SV`s*ZLm*X11Y<r665HC2^(k=H~SlM*SPWPN=_X0U&wOHbCm3-@bLL5hx
z5MFQJcTngB7mMS-K)89C2cN9`DLK}A@N&{KwX4Nh*CS!3FPoFxtmi+?u`4H&b+BkB
z16^cdd21}7ERwE1J~`vgosC!2$Snn1M~CJ0zO^k;A!QtlnJz(1@rpEij<QsL^u~)J
z<0|#WP3q%svUMX`$z)KELM3kzVrL?$6SK-BUzShcT(hx;)VsvYx7G-CR)W_##oZHe
zu0cP#u8Vq~2WqF$-zUM|HtfFaPWB)56f5B6H1El^YdiC4PH^DpS9NHbzD+`M@3&q`
zv|{?GXzK83mwHB-n3QDho0)}twg>bo15EIO8;`S-<i<Fv!_vuP(mOKZ+)bDx<TEUU
z6#*#X5(4%upP!Zr<1z=R^C{B?D@Z*@Qf5!Zac$Y6&5fI`$iM*+ZZhbzWyD-&mjE9h
zm4*Ff1j)GGPZr9kn>l&Oql=)^JSlR^hH+g@nd?~H^zPW-LKwEK1=5g`{;VDPDbSj+
z!7vEj=aQHUUiY7!`#}*RHW~^IB9B{7fvHn7>0!2t-TMiG%j}x)T6uI;K0a!M!`Yvw
zJkoSlSu-Oa6cTT-TqD#PiDz-sqq4Q#BtJbPaCIl>b26W?(2v0{B{AI)u*LY;0%t8^
zXY#(iq>0mp<sq*TkHcg7SiH^W%xhdtDB%qY9w`Tqz|c6$wlQ1@nAH^R2C5>E!nOm`
z)KT_4!<X{XQ*`qS$4F^!kjTqBA^t?Dw;{nytTcpjk@yvkXE39uEu@+8;d&s_7~kT5
zGXICYw~C4+3D-pncXxLhcelZ{afgP+-K~Iv9^Bo%aVgxL#@*ctcPXrqhMw7{X7)Z0
z`<`|0eL62^omjatL;i@2h>XfVD)Nu-lg9h{i?2pt5fH)%p8@;a_J7^~mL6D9;{ad|
zVsHRb0JDs+JFu$!Z@JC?F@<8z4g%n%|LG|}3IfkR7tBG}i633-AOHWKW7A9d{}N$L
zK|@1O2c%`dp2olKf00J}Z`sq;83Bxdf8+ia$^V%jR#m}&-G9sZ{~F+jHRs>f{Wl5t
z8NffWDe%&Oe~ge|N6X+pBL$6}{lCe<0x%K4KaJq$hXwxa8`$-KmRRwRpYgw{3;@9W
zha|YY<3B3f4LbINP=38f-@U%2ll@NnbN>+3Z{vGahy^m3hLE8OW=Baax~lE9=c;9a
zllcc_66^|1TN_>8;N6|4j=@Hn8XQS;5?B*1^J}-#Rk%`_wXI$<Q;XEu8@CM?%$OLC
z$=dhla}RUb{DYqfaI$sS`XrEyiv~1&D}p#3D1`GKzwD&sNp>$aAg6^qiV>{@?4`UU
z>~(V`0ZaCbr0p#TH<D#9;qw|%W%{EB2N?BU!-b?D7^UtJcqGH*<(`_@(|`DUgMX}D
z*ChpPHi${Mu9iw33%uhF(O%-lPON5r3{nhTQ3Gz|AF#uTc57X<iAOhkxT;)pUZvrf
zeEDi@6M%+U*MsjLl4o@A8UUB(QHnLVB0$o`Upqs>>*gL!bmVZf5Pg5o*FJvLGUBz;
zK9h^_uiRR5+=WInPZ~*d<EG{QM;NsW#D3^InXDn7+<WFd0sH#6Xz=NT)fB6vj11SB
zq(99z4$u3I0<Qfa3#H6eGnP!&_|ipZ6Sn$<8v4Zf8X4u=bNyD6Oys)Xq=K$DoaDY@
zDnIxCoVGh(3GQrvKQp&^(_M+{vGS`A!rf1UwyHD5zJ>YJtcEZV$%G}@MlJjFbf1>R
zFx%R?TCvxpuU4N%YJ#V_OyQO#^<<o?8Z1_zfc{6HL?`A*rrW*ZJmy;uy3~%Q$gB|B
zFkx&9Vl>+H*2!+uDV^Yvz@0`a-7o#K3-oH;5n05M$Id->ZoSz}E#2OziPNPrV)h{v
znKl;6QhE?=R(d$8kY6Sk(TNZI!S-+i$jrW<XPx@jWr?xOBD*I>7Pd^h!o{$Q)(n8_
zInNchqTY7a^p96x?YxL(Y+QFW@RHlpSZysRgQJnKuNvflwI-*9=LQ|625_|WJOSok
zQZOir5u~-U#vB~jeh^cPic_!Lc?|LT47x#9$28%oc3D7nY1vUxT6CVT*|iNk{G)Ge
z6%gGzt8_voaE(~Um_8e{q}6G?vk{~v_(```-@fa^z2!XDFF+LaN)Sc+Xi=t&HFY9c
zn{4B@R&|B1RE6uxVO}3HvbR$lPfSapu|VXNN=SbyyYcz68y~}*pPALVa7tMgsn}98
zuDB5|kHUqafLQJ|#U6!X)`fAe#ylSr=1>$j+l+S4!P>|H_n>3Rbw<=5mc>bPW%Cn8
zP{_CYs~Lm+aOs$+JFQ(UghW2Jl&N;O2W2^VAiLC^NWjhw*Ht8*(_a>OtA*#CYq4iE
zsyc}Fb+J--<)W`JXy$Z7zuUyuou`85oncc#x)!`JE9EGh31<o8!{wG>8~!c8i83;-
zy^5GjTD@w?D80)Pk?L~qwA_irr_wgfplxW!<6s0I+&A4Tt8Ys+@FcQ)43(KHrN(Bp
z8{N7jFqWXvmoN}6A;^}X+|G>8OCR@En_T4?Uu8LzRLgmXhMY6vS#Rb%1~I53(s45C
z%-krLeHgE}EsP~<?QuwLXNI}IRB}L!g!tuQ%Ncch`_}3yp#0kLV`LMB9kLs+wd<A{
z-O`=}qFUB(<gfNQ`yQLJ?`JR|xg*DHH7n+d5+_B;TG)TtxSY-(6(3i8Z8v@zXM=rs
zy#aM<U9a0$&?rT`o<}>&{1Qe4nt$M9c?1V!2!wfr`N!AQFD85Cb=&3vjj$l>7MC@x
zF3oqwaOBL~R_1lG9eR=)Eu3R^QAT~`x64G$N}Mvx7;_`i(;9E4oq-B?x@gS{{Kz<<
zy=NMLWGzT8WGOD50ZefWWXnmHKRr~qNLP>SZ;1Wcm{9)GiJ3g#@ynC(*KEd?)^g5B
zUm4f%+c;qgY+FDI57}5#c-A>=Eq>qiVL<qeHuKLTG{b8dwo}B~OT^l@;><s<&<uad
zu>Ez!rn@A=_8`MH$@H}yvGzrV?Qa;xbs(A{I86T*mVUwX^%-_qRPDcDGOuPb3Df`E
z2fuL)v33-{aSpK-mKPST|Ib_|Xoj$aH5s<o;>-XUwtpD2VLaJd|7872_-~;w9__!C
znZEvQ71r{(vSsPv_zJ5j@&_QKx)|p_4&>oU0beJ&Gln-L{9#H0!1W$Do+q$%8_}CZ
zrA5THFIV5X(k-MWH1`6aE}R%31R&`lrYNA&vH+;_YGhax=u;Ra^UD1MSkU1^mR36I
zwliy_iwQIJO&#E?(enn;QNcn^JNlJ&>!j@6Nn5SxLRM^qI=S`@zcfYsex9lzF>0NG
z+6rBhpfF?sCS?jI!4B{kWAJR(l#4siw;wW>KEL;J?OH>~5+dviA1aN+q=62rr5>wn
zsh*Y$8_Q*@tC|WSi>oUWZEB^RqXPADH+`H|T=+SVjlzkSt_|0DS5WdU5+E*pFQ<a^
zQ!2);)rKvTPF?V3IonP<U*UC4&ggO>1pB2Nm<D%U74_-_Xx$ECh>wpj@;M<vJ@WQA
zCQn$ih$O+@$(8ReI4s=oZkoR)-xYdI?bsxM4kXf6mrJ(v7d}tPJZA<w1$WiaQoaBX
zCZsS^58SSM6Ue%g&<eY1sXDRWXKJXZyf>;4lM{C6$;JRx`oYIC(jRxx$+$?p(jal?
z2!tDfKncgNOx3ajTL&e=lL$l_3pYvG#A1(Vg)Qrj4`E|HM6-li+nrdq<46am4<Obv
zyG4)>oV?U)ZSZ~IoA4TrZ2~CQP*BNpCTZtp5v6Gu#7i>Ze9=ZMr7Rt*OmqkASl<#f
zqQ(WdXA~v`=O7k^U`j8PE}p#sN-nL(v<sL+d;@>l2o|e`D*4ys5KIusE?Uem*_-mz
zi^Ed@s`8TL1Vc*n#McKqe9rp;j+w9fYKJ!yK%Zh7tO5r(@GE+{+@h!!6%J1+PTxO+
z3GOZ=7*4vFg~$X8UIq$<O_(YGsv*V7#W??@{y&`PswWaITRCSN8%wpoJ%GGOrm}_w
z{Era1MJ$sxnIJg~yKe<CSA`{GxaJZUE(QSi39OU%8NDhK01yDcXH?SDRhRPRA+HLM
z2Y#<W%!|NHQ!NLO0|0MnZ!=w)ssSvSf1<}4YAZ9o6vy!>&`}r1sl8XzCvTC|rSod%
zIwaQ0yDBC&x9JnJCE_W@EhSow)w!4?I#icdH<=z9a)uiVl8#Ts39Sp2=@+*vmX5g+
zS68ohuwk{6<*|*gv#gPq86=h&b!>)>ZzpQE8LjhL)e^-tw;4>DFc>7txEO4LIb5w(
zYRSi!I!bF5O2I<a9f>W_+I$z{Hitw)Q|1n=HhSW1W*7Z3gYoU+HEUPJ?cKGqFHQOi
z&Ut4$3f1lZR79bcc+4p-Zk*F$sm`FfPS5G?uA8`#w3ay0t9`N~-r8t;bDNDbUAubK
z6)fPIZjsnA&Y57v?o@c5>0jDR^w*Bl`qrGb(K=^oeY{m^TJ;WbofBtsb3JpLcCFD4
zbBAD97$=2dyhBI3;*wKXv(=JS`8sErcIggsb;mZ_I5@G*NH9*Y%w&9A&_w|xYP6K7
zKweyLU~BEbW5BKm7HoDVB44{%?>2}jt)tKsYj7nNYE!AMPtaDZZ;k^CI@Iv-8wi$G
z`PKq`I|a$B>zrks1Y8MK!d+a;Of3eD+M5l^1+rF65{YBh5*3V=jM);kowXG@#!H9d
z9TFY3o2+KnSM@6$HiU$Bf#kc}iMl=88|+SrCPJnBWWEjQihq>Y|LXkP{rc?Jx#so8
z56lCJ=MBAHh^WKjLSpG%{UJ|q2xhq*yfo=zy?b~rN}kI#ySlGPT+CS=cwqRMKBaR(
zalg+IW!U*C`Xu5zNyb@`=!D8H=K@1iw*m6>8z#b<^M2)bJr2A6Z`U%o%7~@1UpPSp
z$Hb?6?-nKBXdL8jMkg}h57xgS8hn%E>BBhtTj<20CtG%m(5N)=7oXFwU93;}p-K{{
zs!liKtd*|fEs0JuBn^~4xn<^Jdqmy^=f2>c36REUWmKjjTWN<tsDnhiF?*qnxRT<*
zl$MX&;^%w#9YgPt5vxpb1vL$~`Vd{g!V8gW8qA)HH)$=cG<3wcJR<G>&a%qi(S&55
zX=q<hZ13l1he9#d0(TkV+LFNIi{s?+!hQox!jYa>$-*YM@<`)40W<wo36lkncO12W
zlAn#y>x)f~jr@g~M;|bqE?u{4-CCVO2g(JJ#JTR1+`<<4Z9t#Jowv%F;KO@P3sQqr
zIqx;Zig*c<o@z~??GpXobHCzX2<_n7V&Ye&>>`o%Mos=7w$Us4fE3Ma8oNI#JR<D}
zEhs%S5KsZ(0WF(z^G5)Z!9Z_f4k9(~#`Vr#SMyeu?4u&QMwaEYJB|23To-}y(Oerj
zeC5y(N)e^7Rw?RvKqz-#+}le3WhePN1RMFlqDIxQE`<`Tu2!B2G|DnE{#Lp;%i~q&
zZF4o`yCZm~A=fII#ih?ay)%dc_V*7lvl&9^zl1}~FWtAPfcL-S-g_DgU?G)-Ozqt}
z4C%oq$Mhdo_pT^ukSrLE+zbF&5%>%s3n}YyWx(W_?=Egl8#!i^`0{@4xq3-GY9HWK
zj3<l{eLr1%j}{F0>wc>zw-D@OT*r;vz=Hl;PksFrRTyeLaa=u60HI6dzutd}M7sbl
zFc{pn3>H*v-}KzT{9JqgGz&9xn$2R>7F{!Bk2mv9y?+hCN#Q-hHCWO|ve|j;-@OT+
zE=<P3Q7g2TsSMj4`66P{rcE1$L#~T#fq_#cCWi=)CA{K%S)UUe39CUghr>3S^BCLi
zsd&=@<yWrWere2(w)iB8^y)@Ge_wQKl^~bX3jFL#Lv0}ce3?kM`CiS9)~(_3c-KqS
zUR7GFQWkvq!|uI-Qt?i2oj+epd-qbnSS?QAX4+(eS|jJFrz^|V&=3^EZ5}gzWC^1F
z?m-OEDy!pkIt2w@`aw7jb`ShE`MLT;K6eK7ZgkF2YB6GT=9g~7UGZ0$JH2um{pPoC
z!n`s0TF6yz5=?@inwr~n7O-{&?H1Nx0~pM1lMJM}>CN&IZ9<_>b>v76OY!h#mio2?
z64ZOQbOD%_-5ZiOZcGxfzZMc#PD?%D-0T;xDvS_uAH>S>-88tPL8IZ#)ksS{CQUrI
z52SMSVsGXyoymva4L2-Zzq<Dc;fSBz@BQ2#F#o}`L>^rL+334`?Ronn#{!aTIJeWx
zGc#|HJ3F{%rMAS4>7p(Sl1rGrxe^TR1S`r}MPi9*{eWkAci9D^-TR{V-v^O%C+#=s
zK<dY^ZaV0_NxSb%1WV3b#2XGrSz+vbom#4nvb{EcP+tL2m4LE92|p3@!?W{fq0oc@
z3O>mCYr`scT7)I*Vj)|!r4r?)vC?ND68N};4vUm#%*b07Cp%;mlhM)2MkO&f8*ECE
z2#hf8WDY3dOR<AONSOHgXfJnuRrs#hqtq1zqEdpiE#&2$+_Pmq8IziVzq?dN-N`93
zj-^?Fyz3M<{2oQ=yhL*zDtv@oz4sQmFB%FbXB<ztJm(eO>f7JFlwR|B5rF6!#<L>k
zokcB{loK#PeCVY}?K|8`%XHzi(x%7B#5%gqEqsoCK>OtO_P2r1IG8O>sKppxMqX$&
z<V&j+lWdh~Cx4GX(#3M6-PLoMA)u0_8AcF_Ye6ecdxBpcWX{zq^+!_A$J00H%d_L=
zEHXXXV0u-IiV7}v-C(W%M4>}?_$V_w`Z!#y{t@2n<`$xrXhvO}{?wloK&9T!M%UMg
zt|!`92-12_8nkG+G>mR;)Nt49IZM=dKs>Zw`WDUrE>s$NIOh~~!N}OmRK)Rl_Y9sv
z!?_G?JOc&!rvf6{s3*QRAEkES97Z6^)gGy`u{4sb8<N5owuE9H!N6{}P94)SkWj`A
zlss&lKGgz#P@durR5e=tTgt-wfzb`*tGAhpfOA+1Z}zG^s+KB>^qXT@B#mX3mmwz~
z^^~;5-oH~kF!a%M_5P!`rvU2{P*#Oswbs)=XLys2tE3@)@iRpZ4#!FJ8GkD8396XD
zXTRERX`H3x$-jPo-%g}RJqbB?u4iuDw@UmE@g59!8!dBoKWUGM`U*3Evhd!yI9N!!
zeTq95LBOHy4m-h!mzWgA>`pD`38O<1!5LZbsk|@%qad0RsS7fe`UT8V!HYu=q^uGR
z$tcX66vb8GNW%qsa0?JCQBhXu+Ng>g9PWhD(MBvECqa?JyE?_uFttS}xo)6xKWIgs
zo#^B>9aW+U80;2%!Ys9P<cdCnvDJqpvU;OEBJ?NxAoUT~EibC=*~GR~MP!9lJwk2C
zl(siV3+L_Kl3Y#qN+OfYSEj|Oy(Aa~2O0z&f!7VU-3OptC&H93sx~pu)8bpRB^Zxs
zQ>sAA<<Y%45Z7#!GFxcz`!|&HfT4R@xolhbg<}K=Vi+5XhnN>b^&0$?PK9CxiNgs+
z-&w+Xd)jBKUthyu|9OT>_5aGmZ-iE7{t3}$`wv(UcKjU|Yrw{2#K!dX5Ed6woe9$X
z{=ND4{u9xk+-D(w7v4H~#~c~_shTu;nMk?s!}W?ny#?CXu{jBPs^A;kV71yq+Nv>l
zX+8k3!Cvc?^7g^;^^_rrEnn%sN=e#dR7M6abR}+IK`vJIZo5<aG-?I*g&@zi5d4#q
zn@3-RWV=?=u-kwQOTq|Ag3c8gkjg^xj${NE*6*>xtj>Kym1I%ckC9Ix5;wbE853i@
z_2aX@6qLTy_nDHB8Ji&1(@V+6VhCp+8jDc5UDzQk?21~5V#NvCTdTNk0zDFk*a>>Y
z8j9=#ZqZ4Qi$n|VnYKi>^m{Lv0KSXS-MTk!zB`he!rqkrH5%SB#4r?$V{dT2JMRGW
zHnn44m}%<Yb;k01FS=048etI#N32t&tI9eE1&FS<p|+CY)NQ;(-8b)4tKpg&yxp*F
zXWn~u_2T!~YTnz^dvv@rbMda+hsz4>-?<-KJ6yA_oWp~lPud=Vb!|7nIj{Z{U`aR6
zykR->J@Hy%pPrtQ@ZPC-j$K##_O(4ox<bR%?R3dln9Q7+m^#>LF*J#)7bNP@CwMjA
zPY@xvP0mV=zowj_ui0sS59x5Uw<7NFjjjjxu~j2r;nw85lt{Wqi%l(srMNC%3jKD<
z#4By}|6MfPewmPSgfJ?nBK1TcTiKqWLqWV&2d-5XaZ7cZugxo}=$Xwg;gntH%8}9u
z>JF2~Y<&nKzl9W*1wgLZ(J72Q<AqEVAoRXUu5-fL5Y|QJRoi+p03Nc*ukI%wP=}I+
z%qz^8FY)tO;H1=-gFl3?9Kz${m~;~V(mU74Fl6d;k<d9I-TLMu8=4@vOlVi4^7i|0
z3hFEcKKtsA@kK|IDY%=^5pt0@k?n5{Xe!8}455*0D7PCy(a5+*%?$0Ds>gjykxPP~
zr0DM27^=Uf8r-riPzB{d_I`H7T}cGkEC8eQq1Q3YiUmDV3@wiuI}A3pI)!>51tJ5?
zUXel@lcfi??YiF9FzG=rdF*$T0BUnTYypCMWzFQ$Yk9V&NjzE;#Fg*Fph?|!Th|jz
zefFDZ`hG>sXL1Ni+cdC~7%8)|>HKqUa&O2@?Yx-Krx;8ZaoKy@xqJv?ng$F;ZXOE#
zcX=AJ;N^DXU7ilZ?CCB4&jsuMJX3_y_p*{d^cKpD|J=>;AIPTiNmKa*RPF#BzjnFy
zGG|{Ne)59`-GmmZs!(E9>V>bgnXRb&yfjWwr=jL$fWZ%!4);OvZQUm}&Y3VBl|QP+
zl`T5PFbOZSQ3Jiz1{m!+Rko00L}x&hZ8?VYD|a<NKlG&DIA1cGR332$0f}upew_J!
z=>#mPWeTjW?+$U3&@xLeh3BA_=GSZm_UE7WvL&9AzkW4ZxIS!rg=r7$5sl_$##~uE
zn_pZ80eXGm1fFM6`0a+-5o-fx&Tyh|1Kmv*VhSrYobhujn>cQ}dz)E>-c07yWf_@$
zAhCZJ>tSv0w5nm{T)#~-pV<L*Z8uDByVa{|XR~BG>a;jYs}d8RQm!_C()Ww8BGe}9
zIuZ@`rME=%c-u_pthkH6fVwBPLlcTtdVOSLzn!gk-)`xr3lN^fwvJ={2=-$bR3Se!
z{`xiH7iTSS)fj~%!JA4*m|c=q;NwnW=3t5LyJkPnr);Tkd9m$*UuL>H8|d{N8ozB5
zY=3p$^_Ewt2)cq<Y#*+_X<rA6Y)Bao2#>v_3V?Rfi!R;MmZ)Ao_2WwEl=~-YF{V?h
znH`xG)=bwfts+joQV2>f4Lo0&7i3-bMmjNlkBO)-PQEHZgl`xqC2>j&+rgU80-a6h
zi{aar4}a{iK~zL65(ALjK7g^+spSFzH6-&$&5zQa@cd%l_Om{9*^|7ylUfO)aj1tZ
zxHFz7@9fvhNj1@do_!e%SNPC8T+OmIUUUY%NYzhSO@74@c0BVl@Y?ti=8fXdw?ets
z=wK~9Z&jW&W%E^2mhS;gPFt9$9V(H37$U`Y1A9k?2$M_}^mbg^-FI%6)Nz1oH0GzT
z{U<S%f8Cq>W%9$-6W#mHEX2vN1r-ghI7HW_*cz3aL*Dp2w4#n~t~q+Q2zBWM4Q6XC
zU+N|$vOVgIO1#K{rKVx=nu3)9ROLvmNSRjS)lWIsN}j@HQFB_)HyK6=NF)eYs96%C
z2%+Nq?IiIO`)aoSx6%*E%-Qb=P`WhAiLpereR*XE&E!~)xKt6k6#BA3Q~z4msNd4+
z(n~VE2uQzO*2lw#9eM?8o9p!pDaN5=kXq)xC&7qk$yCzMj@Su#mQQaTafL$vjI_a#
zYpH4dJ#!^%apMAQ6duE_vfJVY*gjYL^{pSK=DFAbvHskwJSz>7DP4Il)0(bz%onSd
z&Gp=g;lS((<!Sbyz-_{m44&9TRUyi4s!6=U_4!vzhF*^w^wcMdd)g#SZAAPaY-r2g
zFD=lh?w88GUVVc|WZI=+jk6sqY)Ww-hcHxrv?0V48B$2IuYoy#^QxIcT|c<hDcz(S
zF`GHhu`<t@n8T>q>XcAh0d^2TP1>#22-F1$O(sxz*}HoDG&YRX^c(Jnx=m2?WpCnJ
zU|YWzlg}*@WHm%;>+Ca5>QQKVeha1bed~pC3dOKIOkv0bZcbMnajoy*prb;}Lc#=!
zd@eh8*!eoyDo$CVwYh3&NtAaf9cO9d*;|(}XeyOR3(bfs$$w1~$uoUb(_w(R?I#pD
zzRQxmEh1))QVCYmX+->fb>F#j)h$oOk`y4w(>`LqdJkqwHj3l<!W&M(pu2f$bZ(Lc
zGR<|W(7*J~GAq0ia<mE-d1`lSqCbljZ|x=L0%w{*w(*-Ja|;EtKB9dh&h)UM4ZXxb
zAIO#?gFIjG%sIJ;3C88zsC=Z=d$xv|5#9pG2!ktxT+TU$7^K6nCg}J>JxP-K>7n(o
zzl<(5*%I@z=X3uhkLL@0Z^N7IcE=ue<H}L26i@P}j_p=3W*VpF<aa`ELkM(5ViukH
zrJFcI+j&yRJH1J71dDc*P6f?zlGYXV;X2Us&G+p36R$3)fUl&(zrZZlz>(RR*!$W|
z7ouLem)|L`!uYobJ{lIIH=8e-m5T&zysOObT7Gi&mA!#m9j0|nfjlxB>n1}}?<zUQ
zG<7HpEDIQ5oU?b^v2JHzubQSJq+DrhN151JC(M{r6F&=;Lx~~bs#e^)ncvGaZuQ%7
z=4a>oM+^(H;n>OGrA5i=6*H#1SwyCQ){Vruw|DkY4uL>t2B3xbRDp&Vz;@w+|I#9g
zy|(cfxRtUmHT6IGmsK`WSdG>``IiWI%F9x3b5umnld3)}Q}1)Da&@S%M0Y~GcUl`c
zW{=!EeCV-16E4o?Qlyus0sS6a#~*=)Kovd}E*02ZXNn#Qh3;LzQaoL|j-k*?#?&G4
z20bVg)YSs9h9NeuWK{IQbepn05a@lltilK#t=UVaKGYXkp&W8!<DxZ{H8+7={oK3b
zZTkhk?J9@yiR5eb!K;=fA_Co16RXjvqe3SGN7*--)Mp(|WCT6!3iVH!{GDE+|4y@D
zKV6B@Z!oG+6SPAt=EXudWkC~P3EBu(Jr`B|8E}JC%A8TyiL#h%H0sT@yOy1dBo$^8
zL8>SQMvh_8-MYWV>wvqTOVP_;Ws|NcWB6>MKPwUd4;@az=}6VD`7o9I2?!KA2Lk_9
zM$q$aVL#Dj6<Dhvu$KH+zrsAK6X&|#EIKUgSws-VEGEB8gSU@<$u(%#^U-V4F79XO
z*@PhzFE~aoDg_%cE!Opik`mH2q$>6k@`q@sZA~_#;;yB8&aHAX)99ejTQYZK{y~=R
zg<NSn??dSg)YJ3GhHlN%x3QJGGw`%$%TFB}Yk5{+h(xT`ap&jNJmg2f_uyqsCrMh7
z#(1jJmQRTw3z_^@$9Ha};K}bWBwW$A=v#>Up}=LdiD$of&k#?XmGt}Th}-hj%2*iN
zh(YyqVmEC<@n7q~F5f{Hf4>LyXawZ@WZMjAVgqbfddhVxdVAOOo!(ax*Y{)hbZ5T(
zqS1S%kodcP+IJi8<AS&>^S$O=L{XRq5so%>l2Dx?Lr_bBrLnAZolLov{}O>MW2&{#
zm7lv?+EBZRZ>Wj6go;9H4OK}^K5kJ;0fV0Hm42d)GZ}K7_SeR#F$09Wg4j86G*k&?
z?-xz{KBzkYyp3FGxj84JMjl&5Y0H4=$-HaJnCn{0d~UDS@A`<wR_nB<G5=DP25l1E
z4zqNEU+?=mxEt82y&#-Qe&Lc$szE%RNQe5f_&3llEWv|9;%Cx8`55!7;a=}8^UwFk
z)0fR}zAcjp<z9PMY@>;tB_kJkC3<C8w7D!K5hGCyXr80;yy*mN4D_~LU$fX`r&Zp4
zUkW$bS3-|Btb_z)-N%(rU}#_O8&1z{RLz}k{Sc5(|EDjPKR>>`{BX(6#J&P2E<(C>
z-QAr|)$_%jqy8B|yZ9=MsUvi}BQR){a-Dz=#r_pWFBRH<Mim+?>M$ke5a!omWwc@<
z4--gN=V#<oVdSh{O0C{e;RTRu#pzfJDQ7UzLiu)BX$k3-@i424J&)LgWcWy8GLm_=
zP=C>CNUHymqGPvY$crVN8TLR{rYmAFl9wlKj_@pvW?cNT6X9rYGGQR4xyK!hPxFb=
zM|(o*wMSArii}i~($j?AG9wI5Fr^hfF-6Wk93LSnQilmK^W@&Ef2z;12M^z=Bb%d~
zfP$$q1j`xVNG4t1qOaO<W2`zt#wRx7$)&CM)tJw@a75&cgODf7E!KRI8COpI2n~yn
zAp*c!E)Y4fuZ1utqke{q4tHD%mgPKev-@F>8zhhV$v7Xf?N6ok<=`nw2|>UA&FpS)
z6)TAsp&v0H@B~UExEazGc`d&ADK<|{7UE#BK1y|t&7i>>HOr?}pnl<;Z*gBAL6Bw)
z#-fEgK4Ok6Ql!I`%tKaM4i)Eaa$d9c*fL>z3yja)5h_JQ;5DOt9Yh-J>CL?6nh*VU
ziYTW@V<CwupEGndkeOTmIdoCr$ZoM%Vst4qUz5B4$)m-^@`$!1qo~d{CZ$I6AbJqQ
zBctR|mvB9`y&;$~U_`N*98iiEW2+&%t&NQ9PUFU#Y4Jeyg&U<c>c+@o9(Wczb5SP)
zf#aZ#`O0yFKmy@~!!aKUDPZB`ko#s<uIwM;;qKjc9<4DDo(w<jp(@p_UEvQp#2>s*
z!D39N%hj6)(TmwLnXpC)`&*b_S!?gBHKA<5lbw3kzKz5r$(*sGVDG~C+w&c4(QJyv
z+gh)FhV_kM8W}}z9Xen_zrZ)^(Pm1&e0Ug5vKYsN7>1}LDe%jb5@Q)x`=msc#q1)!
zCH!1!Bb~FfP<}0*R*^@s$RJzw3itM~iwszEDK}lf4PO@T1TBQ`5`IsYES<{Ds%O0+
zV{#Pj>=e*WC()X1;F`u{C+P8gGVrB1bK3gW6qP{4zse6v)UuCkm<^U};v`}|i<NV6
zJ7yc_0#*rEQxNi*wwXU-Uki;V4H*@^N&w<s-neS=m^O4*$|h#=i&ux<`Zr9N?wY}p
z7c_%OE&h|#@j=T~$}kmk)sMp-*R^4=4zxJmK_3}%ySflgXK-0Z3H0XiYpBxg0ehYA
z=t<L^+OED75w~{i)%WMtgUvQ#(kz_D$%Z>#I@1=nyt_}$a`XJ#x6K?$^n}_&lcF(@
z9-&?e5M$?7cJlt27UsUP-~m$9k_-*GF7FIya<isYF&M_eqJm20t*yTJu8`Os^=!Pz
zCU|T)uerN|p@38G#ECpFpA3_pEN@xJg*EW5;d@-4M2}a+){`gRF!J}{ARz;OZZC&^
zi0Ss){0ncyf;#>>m_iuyIxS@_Zn!$o+%VgU%On%Lw+7X}L!X{TejjK&($ahLTaXjp
zL;E0tiy=KcPz+HFJD;rZcgT=8q8t*Z>H5(@CtGLt-qt)r>}H2ub12Ota^5|=7aVmB
z+OR7(ACvmw#3Y_w;yXmb_N~fC^1PRKdW2HAfGVy+#^cMY8;GByuO{fW_SLvgvi94P
z)EB6!q)evL*WmN*-~BCS#mx!f@mfMP4KvQ$Q|=mAiyQ~=&3QCQLxzKbU?<T2=bhFH
zD9%KuHeKKuJE2LRXlJ9KI(lOx9K_QxE!h*i8YF~AGwAMQ!cP2X_7hiHft;mGDICA<
z{=%=Puz;N7E_=l`!#Fa`r_3s3$P$^yVQC}^naAT`l#;{2S{7I97H5?Ow@fJ-T?7YH
zP6m?~Wsr9hYd-|jT<WahMkXx}GBU+VTBzS0kh4#R;sOHS6bw{5)jw}A>@tP-RZy2l
zOUz%bWh%CWowC}~>DJaC_d+D7!;M2Z+dK~Ao=6;i_BRwTxlHAn($H3{g29{bP^g`6
zg)?O#{^c}F_rTeXd%^7LUySGJ8i{Eg9nU!r21ETazO)W;xU|Auyj6*MM%}l$YQk}#
z1f6|6y!E9kXx;7s-<zN1=f&oBJ}%<zA_yAmDyubL#gO|D8V%ZpiyK=pjTcAWQ;Ouh
z_i1<Yi?!-+Pmf>N$F@U#Fe4ieQEnV-(-oGl7#?T)&D%3tSes8F(9k>Lug(fT@USWK
z%NrZ}b|b5f_XfqYl?yr}WMfF8KCt0j*=qUv1*eH6qwXSICWIsQ4Nm4aRKKDx#X4R+
zsbUOxtV!kfqKOA0E%r5cYQ?t4K>E+8I3b3)4LjR9cDcjIlXVrbn}r~Sc*Ambc4U3>
zgoMoMyyn1RKDmDMq2%2iX09-6>sGla{TXA$M0{?s@SC0k1#3FVz+~rLeQuyI)v{g(
z<K@K^*kXZeN<6TQ{-c$|0fk0xgDf{RsH@G&_PaW^(TD_~-J(=z_~)wlh%(hl7oG@K
zu%teMmxXNT<4%xLI|q6rkB1c?FaSpscZkP&AN&i<N<BL+SM5hVbv=usAIRS3gCIfJ
zIxcMHTj;~Hp+GW&5;2%sgEdznefJ02-KUE1u|K@;2_Fi4eZU6PkYt^M(EKnH`^5!|
z-u#=KqDEiz5zP9lt3_(F6py_I*ybZ9l7^@UV>f>6bt&JF-G&Frv^JER#0s^f#7ZL&
z{^@N0PX8C6u(#E6s~v@lrt1MTC3T|KHfan+qi`MbIKU{~!IFWWJvDw~Yo+fOL-wV=
za0~=2NzgY{<r!%P{<4kaD_&MSdi2?;)ve9SN0?a&$8#=OXxFsjjM1ST_4N8Yu*0)|
zhvYLUW|Zy3n3$M2HrAYhufth7H;^6Mf5T7bM7Y;kqbrkttIRdg4eNe3UC+G-qMx0<
z(CDzSuZpwtD304pd!iiEcCD!?4V?DPu-p?Ugq9%;TN0>Xpm_IPIB&EjfpVAh*qw<^
zU2es8QMLPXCJZsn3x*<nE1<`6O|8Sc`tlp(YoEo}pB3vbi!~73EhTOa`&!#1i>f3-
zu81ARTgIQT^YZk+R$B`8-Ih<zsqJDXo86}>hK|I;GkmZ7eetT%xb}N|`D@|Fi2+$2
zXE9Bue_SF#Q51p=bun-2GJMRNOxON^%*yjxX&ojrGTP9&GqJzw&T3~lDUNP2FM*%W
zR|=9nNkp)yQEG?WhR89U%vHl@YT|ICyk)Fq3bBvfg6@HM39>#!MpO__jZjnY*FKp8
z^T<O_45NL~ewyzEugQ5orJMPxVyXZ1od1FSCgUSC6+ILuEdK2{eG(hfzC=k+N<3E=
zD~$S-dLhJft9zEEEQ;A1G(Zro7S)QY101lkJXx}OkA!$Y5K{3#xkb!N(bfFgAgeY-
zM%7n%5{z2}_CZ$$jnE|lpnaF07eGisM0ka0_7PzV5xI~#Rq9Yu5iyB|UmevpU;2QY
z^iUVh7x!`4Cjg-iKr`d&U-~}r%n;P(w(nv>`aB0g*otCoYR&Dv$=@#&3Z0SdJ(StG
zbiGQqN`|25?;*E@PNr{2BS#k%?x8XUmtFiU$bnxn6j7=d-TDboZ4SCn@)}b`m?3|~
z^VXBdu&}dDL+6C6c3i^LKaqh)K#*mXmS&=ZrzRRYOBC&4*946=#hGnfbz20`;1PKB
zNuEwHXViUu0;F3wtfGUlGXe%abI<Lfpzu9sFZjy_z&qfOlLtxL7_{KHcJsa~hf9&-
z(K~o0z0<WSSd63{5o37<^Trm21xXN<oeXI-zu0_H*7@{+*<6B%9Wom<P0O8iW?#Q5
zGdI&^u5GF`dMNC(RnOPmS1!)ou{Q;|;5>4o6cMeNM&J+fE1}~lQ_6G<>l5ljVnxOn
z>Wf;ypy=;u$swlY!#u(Xzz+O67o^lW{A<_kpz?a|k#rt&(mTA0e<Wmb_@Nh`v~!KN
z?54e#G^n2gz6|3jSU|)e6sRQzu;VS1(`H%^d&{0D7jcee7fF=WMS`=i)~P<Xkku<;
zJd+#oF!V}-kae}V=a`%>t?OAV;qcT%3e6c=uOv-O&v~gR-+%tgA*v*=_{lzdSPjuv
z=0WFEvN{UpR|D6z!*3xOc6^eDhe9PN7DKr?$d-tDZV@tW@Ej%t`Q@?~GSI|7&<aH1
zbg1X7z*-~f_t-SC1s2=bv~AnO0ClA6Dvbmg-r@)?axF1n<@0c4Y%M4L)td_Pa7E-q
z{K$OSws5c{(&Lx@1|q7vKu0maB)YW`quNI1AEwK3Si4q|cm8V-3yGT;c{t%Bu4E7I
zm3Z6E{2hjJac}nUY)HS#d~H4X`%CkShD~aKd^xrn6b08SrVfH#=?WnWlh>gYIYAwv
z2gu~05|-+ahHu%cRu0@QX{$#4^olkTpM(=rgUHd70ly4V!k68D1}JtLHx=<j+Y`8K
zKB?>JFPlyCvd9L891kU86DSA96mXDAOx9h&vH73`gy%IQqQhI!ILHFf%F#E?(O@%W
zdoH|a4#RMOZjHzLg>Wd2$bp4EW|^(~7h~aL$f2un?ub@Bx*>cFLu9`Z@GGO%Ci+Cs
zYS|^S>6a#Bb`I}LzVTnsaFB3=m1!2t2B5~+VQmNg@Du+&!IIyOa+YxzQz#<~ZD=$$
zyh2MBdGI45kPFKfFpv8H6cE^yla{svC~{da7NUK^v~3C>5f=EPe!hf5PO#EE)X4pg
zdjNx^O`&V{wW<kO+IR)`lzU3m#tmO#1j@1tJyEhdx1pGBsVS5I*7$0=Mz5&h@r`J5
z=7VttXhczsGbmBQY)4Ib@Bj?bjs9BrW&V+2wAlj~EkRNMJBw+!@U%`2QuCCg*K@2+
zF_i{OdohoeHsDMV|F>ItO@s>$d^AJ_o8tTEFYjX>%)&lGFYmQZ23%CFSuFy3H37p}
zg_e#Q3}TA30525AqNW;d0v{*oGE}-IQyJbSg2ojH*?}Q3MbJLb9pFP7BOMopM@VoW
zeeoG0iQpizNf><Br?4o*jAfsYtKMMOYnF8dEJOd;P@RLUX=i`ATpUC0<Arc``}#e2
zEbTOJ#FnMmY2XxWFnP@l$?*%>`=4`E%|F;yFtnu!E-&l}_M9lTgbwoaZ}gp4x;n%|
zdM-K3x~>&uEIq{V5i#NLDQ4;IgZDmkG;kU<dDNL}9V|Rx1hR@amfK+_IjmhNaw7n%
z1rFsVEd0R08u>rW?6jWgQ2j<@OWK?8<o3{bkuk^d!W;MsB+z*nv4c`|eDa|?uaF#J
zn^nFKG4*_iPj&=Fs$YX)E?c_48u47w8i(voB>)kzLf28~`-mcp3yXjUbEOP^7_f-~
znOa-zIM-62&>hl~cO2r;jHlpBe8Icfy^lgx9gU<&u;uY8TP=g8__=HE@qg~=A1Dw@
zpY-?Rq6>SJhkw}Ca>?$=NCgOmleIH9m)Hb0s+~%G2Tc?~-#+e~A|_*IXqWO!|MKdg
zqKa=mWF+v2s6f{vDEOO1S6QSDBMP2Xy^=N_VzQ!k`yO|N<8+L5Jd5)a0WcJKA@y-I
zmzJ<Tj0m{v=$3p;3XSc}6~0T~Lhs&~C${I-pYjFLY43*wU`UXi`J|-eBoG|^ddTmJ
z$FSW|9uSrEQ!T9fMwUa2P|Lgo?x%hY$+u}7cwL>Gdbq7nQ|>GyrYS4hXv8bCE}JWT
z0s77OH@pR*gd9HaT-Mv=vsE<)ox3`Ne){PXcm2%fTeHI)DaP>+e4|nOxE?Sne<!!b
zI0FX!5S;(DAThsYSXBy7PcMUyngG^O-BPWwsdr>-%WBa{GgjfOQBh%&M^sKZy*Buo
z?VD>|95t*Q5}TIMR>Q=UHp9xq*rKYcI;GQ+*6wIR8zO^F)RP>pGG>zpn4Lw$3VIPZ
zCClNLIHPWSrmX)HXJQ>^?XSN36B|EJb|P;%JcqwE6%3_z?2LF2S!FMyrM!!#M{ORT
zb4c97-my81b6lVJx*#AW!CC0NZhos@MyO$%G5RD`*$ram_cBbRf3g{K+OpE;$G2j8
zdJA;~GH<Y5-gi#-JQd!dfEpeS-sOfE!{}&5K##8jhg^(|Kz|DWCPnHKrJOTmDbfnP
z9&f}rGj9}c#4u6}V(}W(v+H7ZAuP)58uQmyFvd#3r=;+?fLBk^H#e19G<8b=E*Ilg
zZy8WFb5%GgDpOzfv4fSo;FH*<b}ytf;i>an^kqa>JmAZi-6h1co;xyx2i4$_bI#%H
zt^Ws2zMgSOa*@BZ($dU5HMJk2i4uW;*SCQ6;LbVnl8Qp*sPJM6TSf*(N@M_$FY)!q
z@JHDDD@Bv{?HWV$_mQv<ZOzfx&b%aAK@J7OklF24oqSTG$V0YYKC=w)3>ls49UYy8
znA^mUUkXhvOcXe?E({KeJyGX?3PjfpqTG%1EW?;caIgCaQK?W20S_b~#LH{&z2Oxj
z1yx!au&0h59CQ(pD)!SQMK1%>B193Mk<Xl9#C7MCky35%c;xeGj|}_awfK-Q?O|?)
zg}P}(Cx3JiBvCY9_v1u}>MmEd;nq*}en4*=#@Jr;`HS1s_9y26r8)xq?;2+~2tq#;
za}um%gybAsWfL_soYYi)v2Oo`{PgN|>s`;>TmMUHk1o4?dTq0LZNd?s1TE9I;98Q+
zf{4!n6PPhjJ^|0aN9Zz)y#@*A1B}0v>tGE??B_e?P<4fn<Bsy9Bc>^%TFk!b3DPZ`
z?N~~;(wVC~Gbr9>4gbuOeLVN6xFYHG{foQlJ^M}u+~cCN+TB|+u#r#JD9F_jd)Xb8
z#;!&Z@N?fi@b^x3(8{~eG4a#8BU-mbC~{-FE!`9s8l29pAMvdg%D@@qP;Z~UJQB;D
zLPT+ZgocaqVZ&v0E#ok8k#k5dL{BK)Zof=bK^lSf9zlKz(+W24X}YE2oy(v=p*&m(
z%rVF+$+b%;GjJF3IO&nVZW3BKWQ5ngk!*AFyR(Hue_)IX>;sW*^bg`Vkk>}5h#RVy
zUh2yxWKRTki^9G3A%`CTT&WvwEg(^ivU}=2;4Tf!2_}&Kidxh6Pd`9?eRo6BA2}bV
z0#rA>Y$auJOm5qCerSk%!?NL{T>i)uS#ZxNInMgn@Q2iK1vt?Iv?2zyNvVFD9gqcw
zJykx+5?zMDrF0@f9gH!rD}6O}{h!UTC#QR_Qgs4V=vGGa4wh~WOH|Tv!Ho)d#z#k+
zyADs9{QQ%+LfkM2HZWmI#EM%R(A;6ix(V+Dd8clVm7=-GIgACJuc(;?_Jxt0=Oaj+
zdS7^(T$ps3r=YM;#dZk*4YlqmVGBcKvE@}(rlNN`GdDMQ<;QeziaM5LIh<l28QDA1
z?328u&0YqB`y>GPS;lO2rNPKk!JM}ceY@*R2Xm}uL$F#>${}}WPloj#f(*Jbn~tu@
zV$l25Iol4X@A-AXsntfj8ZHDU_S4nj_%Uw6AYf}~_jJU;xmED<RWaq>&#HXk1*YfR
zdXkC64;5MjD*}nmdArRp{5AX<Y@@bd4277BgJyyl>&w2s@3>7X{h%L;Stdnlz!Au`
z_2CFVfIJvq9agFx2&c&ZMaX8_pzZTys~&}c0xrZ%(1Y=6GzHt>b?R`>3}|>(r=MiN
z7YjpcqH%qvF4M<kxxz{iutEI&e)orCl(+Zg-u1wejDoRl8>1E%A|C)*?01|c!YPfq
zp{J&X2*;zZd4Z+m(J0GZ!Kmb&e7*%7bf3h(^OjgC7T}Ewl36>~t5Lfq*zSx>q8d7Q
zI#FQ=#bC=A)AS5AX|mvy*P(*ZGicHI-wk}LDvWosS6gk$lCal+#P<eW*PYw4#o{X@
zERU<OuK5J>nJ>Vr$TJo<wZy?}3f^4Q7Vq+|@HHOO+kQCb-+@MT;Mw8C;sy!VYuU(#
zE(dwOc0>f92WZwTpl4;leG{YhFqc|p_Gw<9FePmq{4Pb}LzQqU5-Z@s-a`N)>0p~M
z;#?yi5Sd`rW06WV>=+hNx$MEfhIX>BM~g+3jOb)Y*O(C**_Hck&_C}^DeHF$B^bwq
z2IQ--Nlbp)D4u2vnMf%|C#<l%WVao@^xTR3IlmwtFltPTT<@&NAdT;x53LY7&dW_F
z<+0OXhC!SJk^ZuHHLLb%*vGi>cwx#NJEQ$dPE@5>PU`4g{6>gMP0jV4dCU4{0U(Wq
zv~V*1E0rM-bQ_jm=|*Nh=!yBJtyx@iORSjGK3=*vV7)w@AdTB|5|ommW{AIvFYID5
ztdV%nSGVdcFY$A{CGWb5KSm-c;@qs&))|T2F20YG>u#`so&hgHK4f~WoUM+YM$<>3
z?*~5Rlt@PxoXp-sz-!at+f3)3z)O&--G{OcGo~(bXo)PNJiYVGdEWe5p;$_5v`>-A
zuZ<xjPgkS9{B3v{H3|ci5K?LC!%4Ur#FcZl4*~(>IZBhwEe`n@+9FW9341-@hB)NW
z$_8U8S6^UrGKEx~r^un&$_fUAJss`iy1`QVn=0U}QY}e>glI0-bGjGYuJU3Bfl7Eh
zh-Tk~lBoa+2ufP_*wjbid8n|M6zD)ir3JGzY{KdELElzIT<wH8zX#0k-Zl2&AGc*4
z%$98(AX~dSEH*BfTMlDk6%j@POC^XdKu3Ub$!5S`sHU2*eP@6jD0LAoCe_azRqyDr
zH5n`<_1+MGG(@2@g<Z+7@+ezLT8m^h#3OXrV&`Qn!54)lq?CxFL-G#0ZQbta{*acW
z)Rf|&8fdfE0)CQ>qM^%kiTvV-bKs-iu0<<dj~sT7kRyeYpf>!yZ`!uyZ+j`XkFtF%
z&QDiPKBO~-iFWSTHl4kfD=yZCl_|ix0ykO_fD*&;UBAJNYcornYl^&_Yh$pW>Rv<q
zUaMejA9!8G8c9o@HV#)?CWLkvyACW|%bwS7E1b6;<sI8klq3#))g2LD_~f<5K_z)P
z7{&uPNnwYmM;4P-3rSwua7Dhb2tidYLsSk!(yw>#ByQRaU3B!F<vL%#7On+1_i%%R
zRJ6u9ZP|}y?V#Y^0^;^;(IK{$I~B8HOBH`D>2vjlPVU-Xm(^H5QSAA=D3@M}J{T;Y
zPhro<`_CQd5C3H!9@<$nM!lw0G8;i8&W!vj$T?Iyv;ud`g|{a<5_-J;W&yL6!E)H6
zJ^(PLUVQZ%SnmwvN^SHqa!Kl%cI^~rJRagi8HIhJ3PHtc4B{@5H16rR8I+XOvc{g;
zW=>ILHg^}!&mtfa!lW-Pk&{jdQkh1go!{ErWaNa{UcA8F`S}!cxINr@V^SG+g4API
z<wZo!QMwxyv~gxy{Kz}qKB`!mNE@{d4{)gw;rX40^^pPL`H#o)b$qVIIRZrln)|Mg
zC9VV4zkbI97apNbdsuZ87Ilh?`T#{~qI;h<`+R6Xk+<;lzQh9I2_(Id{(5F`R|W^i
z9}y1mKux@L^p_alA&O9N*QD(tJnalMf8r48C-M3n?plzYYkb2N1KrhbmwrfV!`H8>
zoMz4-G2Bu{JjR$<+*CwGg8hEjst9RJi2UAwC;vFhtP>Beq6HOAnk(AgtM|_7?V!3S
z@T>kv0FKr@Z8D9&mgt6TrB7=7b>H<%IhT3iwY%sKe$%JyA~r1<`O0M-{WMwVoYxrN
zH5Pz~=oYqd$)*%FCQU;E@qjkEpDQuQ(1{&Nur~oUIRXFSWn`zXwGtfnMU#7z#W6z&
zEEY9gUSU1G)m}J$oAJGmH7wRfuCLAQc2i6-3o(TmU%F%bwqJ%`&EaKA%{L!{cP(Zn
zF7OCiLv=Y5M`7y6aBP)$>>Q?N8#P6SXE#=LlCLp}*Cw7ap%06bQDBT?ffKgQ4n8F^
z_Qr>C*w4MeEA`JcR;LRR3hOJF>DeG!SrU4|+sF@pI{C4%-}j`eWd2%-8!B&CJLA^a
z^Ke!AC~BIS1TP%OV6@3xwuIvD^fl<HwKDShVcCKZHx>_3UWGREbig^k`LkDh)N{uT
zuFzdk*ikmJ#TJlE!wxRH*L~pW?bn^Xxy9wSdIC@V71=_?+F7PqY_?f;Y<Z{%sylIX
z&#eyBIy+SmRduY~v?ni&*v65EF9AgkHG;`u*0v?MN=4v!515_8XWKe6blA7~Q7hTL
zO8pC!X-N0mvsA46zD|`w@n4-|h=qM;F3rh6975AQ4h&#Y@sjpt?J|jHHIIBJd!->S
z_&KuHk)Ay~gc8XPL4Qa<m0@G)YoO?zui+|b<c?7DDhSw*gy_Gg-tzu7Qra<;siw_}
z5ZrTt)Xq6en<7n{sGOnX_Y+Vh>_Ze2XuVVA-b*Zz9sVWQa=!UnknOUBw;$$+#NQ9>
zBmDfyLHU7PZ9j44H1HXb>_vIn&WeGC(@dqCV<p+oDxyOUVx)8}mH}++7p$jiBEUQB
z822h&?D6-H=n|IrQRzil6?*0Bnl@zX(BC`&pS;$cA_cQZ`LWG3AZdxW=;h{he;4$_
z7eaE5jq49vl}9|0&6a#DD*Zm7i=6#BVf?dpW1-C&zWwsE*M5jqh;%~XR<KAXN23g0
zMv@*$%=!vzL}M*AC3qI02^$`0wxi=lEb0si7k~mzA>G>*tFOKXyDS{uK!v^Q!tL;Q
z&jS$=Ur$fd025Xy=FLvS6=eLJ;u$l4-VJ(_rqUv`b9U1GuN{R}n#+7$-?IaWp>X>4
zxL5rX)1%Xs->V9b%q|uCj7Z^g6YrXa>(2=#R$HBW^V7@&d6h)}XYXJqhkb{vK<KT!
z)8;+)cRlP^H*9$DL^EP<ieYRu5w_?p{s?{I&t(=_BF8fYdnCju9EN4JE`GtY_PNXf
zwI6U>e9|d}T3R}odfuO|cO`sU*p)M|FX&>9(6Q2%J{QK8h9{FI7VrVoa7Z0BUO{`u
zy)zpPrw(eeMHG=l#vVD0yzQ8dgtSOVs9L<#A~RM*3~3@Ok%DQcQwb*=C}=XQY4XFd
zisUi^q}rnNsVa;qlgnu$*24^pk?6eeo0iA+6gtXbk!5&sEStRP=!3hdOfm8iPIR>L
zF*XwkD0ns<=-L8d*b=(D<44L}@qEPJMPChY%%Lwq)Q;$gT+a|7PA`F%GM($VjMM)B
ztw2)0DUTXv6w7Tk&}fw4iIU4fAi$X<f+$jihKx*zijoFdVYmw<5@2A$q=m4^V7CmB
z$t03VB$7bdjiy^BHr$dH++`;efk@<%K_noU*=aP1MMB^pL_-ax<6;twMmS`WNhE?3
z8G*oLD6Zx8>b;^O^qyfEz24~bda0lbCB++QBG^qP<X{+6#N!RgBxxull1U_jNhFdu
zWF|Odl1UVbFx!Sm<dQ)ol1U^INhFcOAu+=wl1QXdNd$&KAaTPQjx^**vf_~@(h-3q
zhDjrEB9ehH(qcrx1<4v|DI|;-RLKKzl>{#YhC%~j2#YC@@<${R65&BKAaIo-$ij)Z
ziIPbHESA{-i2#Wp+%hnNjkL%yG8k}>ktnGMF()xdgc&4mB^xEN18kQBi74B^<7}40
zWQQRQm_l*^5>dkoawtM^#+1ZEif5Uv>(So#nJ;+;weKf&-aMxq7-Rzkf@F|M1ds^X
zEy*J$5gQQ*AZ|7xf;iY|#U>O9Y{-}mw4a|hz1fcw(8)9I=TXUbUc231_pf`!dZ}J&
zxxLlh?D{G8qU)kes8lgHAYq6gf?^@ZBT)q83GkJld3%oac&}c2-a$n27riVoBXKrb
zaA74G8zC6dV8jb4#__yKLjwk5nIjNL;e{4aEq&;jJ-3}RrLDf%(n%zeNhFd<BvwM*
z7Vb4I_1|vd%k6=??z+t`RD)Dyi=sweYQ2@UPnjsjkfFyI&A3ggz3$3=o7zr0nA1~q
z)eD-tGhSs^cW(D=lQVqHR%3EAJ8QZNj-9blyg}opsM1Q8UD~GH`1{^gL%xM7r0=5c
zUg2Es3z>8+ZnIwQ&WhHiEq3sELh`H?(>iqS?(XjAB9b?4x^77_NiInx$t1}OZMUvP
zB%8UJo!#Bt-6WDYCw0ctd1mseq|9x(B#_ST?&rg#l1V1@MZ0@cO;uG^WO7JMgvfYR
zZp++tM#JFVVG|_0=C+?L>Ydv8%rdt-Yc=XGY`iJT#y4(GXlGWQmTIY_!eyGOG%~tu
z7h|5~_)-(dR`u^l(SgeuR{dwax3`<4Z=`NU+uqy0$+5{Kl1U_-^D`vbF55|2n@-Iw
zs=d0b?(M3n>w~+yqjsw(<avo{+^5?c=_Ha#B$7!a<K5ij+mqLQQH&dMR@L2Fs>-Tl
z>sQNULj_SZD`2ryDZJf{?8@8=&Sqi^(cId7*0GjqRF*9OfdGyeEMS3&2M7p~K_G%L
z1X2hfg2js%C}6>XhBRof!weyV1_~H3K?MjPf(Rhd1c*r_f(9Ufh#+Bx7|_6Bh#-Ok
zAd}loYk1s}Hr$QXW=Pv|NhF=!+}oYq-6WDpB$K<I<lWfkNhf!AcXvr7l1U_zNhFd<
zB$7!R%*?@qMh;r9mG+ZZb2B%iozIVVCDp^Y_h!mC)@4yGxF-(UXN8*d7#R{1xq4@1
z-%D+UvhMC<-Ef@T%cAFQ=|`hoRUD6ZcU}t?77$uoq9nSu_oq_sCATvnJG-(~(zM)q
zg(=o7!H7KfkEVyU*}J0|y+OF^27o5r^%xHd3rB%BVyvx3_-J`Wc+nC9qK$DJ%z@Ym
zUCei{OyT!Q2PLr5sX#|0%hi@Hrw-s&>CjJe)tYaIgBp-w8(5m$tErpgc@8^J`*qFm
zzzq7}qGNE%-vZaO2gfomd3t%${)qGQYHa4p-gWpXBKyLv&1VQDcDf$#qQ5Bpgn^!&
z>vWGkbiOH&15L6j@^)YW_n3zSD*5ah@;Hslv}R~~7Y^(zyM=cSXq+SxM>PAm9Km0>
zxoHoagAQOIkUM!*+8a{$YMCKjJ9miVDi5@Tz*o6rD_2C=V7wLJc~r^54XhLe^||r{
zedhY>**X1tea`si4C;m(UGQLmKJOCyPd?d<<TR0o;(#h!_Sx;$t+sIp>ktu`0SPUP
zdNzsLWY39ySato=>+Qys-PwJT2p)S2%p@d8D0~=RCYLY{Ue;yU>a@Ml+sRNS0Fut-
zZswb{9SS(xec`Grm09OFAARU8K-&oQIo)EcUn6CUmNbf+t#NK^>v;SX1u^XGS(mU1
zj|Q#oV=EKoD7?6Os#vP%3B);?7%q%^V+AA!z2mMb>>WY^8S%hyEwkGfb&DMK0J0xc
z>p^TapOkCh=vu|$!-l}+dgctqAeOG!`&N=cijmXXmvXOpb9q^?b?;`(rHYjfSDAq6
z0DZemX}@>2P+-HnDX>L{JQ3$x4+E``BeQOli;Tg36wVAuHLEcIZEB&Hm9^<FcXGSB
znZ3_BX;`-@>Au%bvGML!vEfNw;LD+erDCxf>*?nqVsS0yo}XX0I&(ap>e;&e?G#Rf
zn%>i%?h4N3)==xc(=}=8r8hX$@&hwmTJCM`k~TB6D$q<-UuL4F;KIgLvxQV0$@J`)
zWP9%q0l>{Hr?@--8E1tG%&7tkv>IEri0aVBp>M9d0hnp3c~Rdd>5n^Uoa#WYB&wMj
z`U9_bw>b6;TPG>4-@9>&KH&$`+v>GTD)q)}u4WSU-PLn5<#(^SgFU$UcqJ{Er_;|_
zAbb!~Gswair<iHGP!pHFOXv2M$nQU%%WJve@4nsnYwQ>X?Y55D4f(M}pL?0!KDYo4
z<^c+XEVS>{zJGi^k!#cSsVlzR&c&o_+S(XY*41mk+?)xEwb-;X1jxl2B#NxxF5JDG
z`xde`#SEE)#DjqQ;wO#X_;1qaVHvNO^RiX!%x2)Q8_Rv}X|~3yJDIiFgR?hY$-d>U
zrAb|*J!4eUy&mdVn<ci-)$EUSOOLMfy0?5br+hwE*FyMsD@UZzh#IkGBn~VYjD5cJ
zu;QyHyP6w#sty-{PUt?lGS1}LJ5ZHRJ3DyyZt~}}DI-^7XlOJ)hX>ts+;`gQ1(VyZ
zs>hE68=k$qoCt2Bt>PuNQL2i!RM|Pn_18ccvX6R2o;~kcaS$_x)$M+7eeauaa`s>}
zz)~-XDJfWWEtJ41B;+=0Xlr}v*Vmbu(#!Mh6e=2r=!3LheP|K-K8#T4o9^=m?}mM|
z3;2$bONmS>%CG`Ji^b0RVKREfWnO`A*6!(X*^h<uE?9&L99yBPkc6)gz8vnL8}QAR
zs&NPfAr$D#VIX&Mt2O24mDAnZJ@eC;Ga12|$7)0)e6Rom`(DpJCGw+*7J0$SK>Re&
zOS!|6VAJmb#D*v$jD$MVreh%{^0nUIIZu=j49P}1^FHtZ9qOy8%a(1TP#XN-Itgb@
z^L*xaKtRN9?0^_M8{KRb63UQ;2!aBVhN^?Nb`o_`0hwGVW}&rsL6-90yN@{??o~;1
zxL#u2MBiqx-g+RQMSwAHO^p_OCFsN5m_2xQ1;Vp3fCXTiepgZB=Z^^l9nF(A7#~tI
z4O@sl^QGs?iC1-Mwy_(&*L7XSIQ%@oF+AQEZ;I4N9`e{o7X9tiC%ALPyr-iVbO<U-
z-+cq!pGvg*9a^^M0eJ7ERVuH#d#9#VBT+uDJy-4W@udxKW%l8Df=G1Vhky!6*{m;n
z!`y1x6R-hr95?S?$2)OYxII@}IAvd}x~rcM)D&RGCy<Z9%c7m%xys&#hLVQwyW4f(
zq?YDTN6FV4-P^#j4^I+7BgFUzcs89b8g@<OZw7W5=Rt-MJ|uXXs=KO4h((U%<&B#5
zmo8qSd_e}KDaR2NF7G^NKFw{5Pd6;wv5_R;g1Z|#V10)PKFBR#M&B5I1_F0`cVgL@
zTsOwu8STKl1!@AA9I-y$*V$Zay<?Vu1slLNI=04^guSGqAr7Jn$f4VnvSYp7G+4>8
z?N@VWL%F$<?xvNHtL4a~>nj9#o_Slkv0QrTKQ|7PD*&YA9d!8a@|zx-)#90NiFtBK
z3J?TTnV5M(K!jlWK;*cIG@{3a=9f7nM|UlXDFsL@Kt@Ajbz0R-GU~DWcxREdSz50v
ztjH?D;X|xLb9vxVG47d8_r9~}_4Ph5G!eiD!3Qj!Yr*Qt&=G+jctc<%A}4cDzj)oj
z)+)n$Lgn;4gwI?XUa{5<r1jC4AzOq3Kt3l3AbO-d=~WRA6->cS0b0fL?EATV%|Bco
zjE%{9N{TtY3zgf>kGtP@r(0;<#$I*TYijg7R>{(N+G}?U&g0d4na}83`zK7-@FOw&
zsGAYv)q<VGbbUGc^25}xv*<Ju=eK4}M?=#5rSb=QsXfXXRt0-~%A&_&tA?A+R`ANX
z=RLp!zS^MyycRNpnkHE50W>ip9-&(vMKWftJzEg&dP(u{JHlA5CUWc;2<3rbcrxPQ
zb?4jR*p86FTvm}{X9^hC9}JV()dX1VkwZ0m#NZ>uA0mP9BNS>=RK4JIX=?ynPk8OW
zX!l;2aA$H;E%`Y^M||%6Wea)j@1V>&KH(WEw|je~fqA~@w{H(~m?s&lz-aIx*S%59
z2d|$uo5O8uy}tnTQRP}h6?Lnl^r3oy_Pn)wQsNXxMT8^HvfcHJHN;HuDq<4SMFC_`
ziveH@!=7oo=68lg0s(D^>Abq6<P{jSHoQIHI2>^93s+%2rJawI*+V_v-Kk@1Yk22e
zQgtjJ4~NR_BETH?u6fixLsfX{b+#A0VH4;r@j01%#6gjn@{I;wfxf-3;5<I{Vt2LQ
zHBNc1bA0K<@$VQ<BL$Kx5=2y-A*6=!^S*h{95cCH@;$qk3#tVigWc*KYkh*PURAak
z6+kl{x<%9MFh_S9m?i)$_zN}Yz1{@-z-Zd%Qkoq*<a9>f1Uzg+_Ju_~GoJ6;?!)fK
zfS(cTeYd;2oby!gTQCsKj|4jC%)wlxZ&b*5`jV(a7Fq)h4|q!*?LHPjuDl%9JD_;0
zU2E2OG3o#i#Cv@Z*nU1kZoskFy+*uz2_S`O(81L>a>KNpPKuE=Ih$igrPC8UAlaBQ
z>@b79^|c=NW5;{meJHWIJHUauc?VZH_;S;s?Y5@&+a~e>?S9d{8_ytTnoMqcT|keG
zp3V$7C~aB<g)lO9VAw*lRj&nPPb=Ctru)gS9;A+qK2V8WUenupliWVtV+UA$-F`85
zFHWv{eFm)s<r2Xj(hFFqgKH$xQpKX8(ve7@3jmzetKU0wby)eT+HmHNF!1JX?=t6{
zsi=~9JX6iH%FFKAwlGyiL|84+-M7y!sIM(`8}m~9?)q_Z0lgQHY!G*tPlnz@=B${=
z&5+VL3)T%s$~BpLnFb7UhB2Gzcp)dmf=TzhDa#1njtrkOl<RW{?Me6}54;o7`Hu|)
zaPGi8ecwGF8#USE%-LVQj|L69p?KZFo_oQGgC}TSTq*)uIsh>r4`*Tx*=AbPqeb3W
zd^!_b?Wf!>-s|q7bCh9aXMpvB2GGq&L{4LyD$l8{t}sQ52ZyW$dwadP)ZwiOhDPY9
zV$F$q1E^-;iqUh>%D~Tx2S6Mv;c=ELr9(yLFEFEbw|ZpB*O#&RC81pIxUR9@E4~w7
zaH_SHQ_WMB)Z-63yFG!^t^wv_-FU_&kTOh)It^0cbzOsZ3LQisiN4|rp7+|Bl~~7Q
zr7`F4h}mp1z1vl_+II~OgbzGtz$XCftMHY}u5DJQnD+Z>c4No8X82t80q)0w#<)2k
zMw}XNz4GP|B0RywF0bT0*`sy5*DxqN32@!cy?Mhyhlge-gV+csXz>p%@ONUfs!Fbd
zs#6ardcs{NXw^k#+{$YYXr15&TUs$n<%}g=buqo>CO$H|7ndpMeeZgrD-nZD2LgDy
zidr4|;|6bggk1zsc<UhADPZWIXtTGj)&}mPI8V9m@{mXBd9_0KpwRCK8ANgN?!GzZ
zL6fx_7NZdKr+wVokE^TaZhdF7h2=fW>c+S=1MuspHRU|p+Iqt1pzZNzl4I|R*!#(u
z>W_P-$0QyU`qtP-klN?q1E{95I-jL_oa`K9yAt;1+ze#!@t|j56`E(a7G@m`MeXk^
zNYu<*%X;wTJ_as_XRTs_vM#e@4N3;HFSsiNcH13z7EH~(qj8CTBzabhbF&NOg%L3!
z<tpi5yrpnH4Rl&)=~Xujq}z;de!Tu_iC6ooC12H1D%zq|{8Uvb{go1~l@hOiI{EZ^
ze}fFl|9@xtO?hxR<!=t2T;~VNh1*ofK@$5xSSK8NmjMAGZ=o094hHx`(e<IDw^a^&
zR_FUihlil97Z0SbyeE|b+%>1=)kDZJLsx<MK3qEYT+dKyd#lzT2X&(j_YT}&0z166
zh2(x6gEKMf4N=#D2Y>Ia0RhgPBf2;m1D?{|Q_n1+W;e#Z<d-?VQ!kjB=V1E<_zjhK
z`)JV2Xr!7V>-t&j=1_&4F<`~p%pH}_PW|rld=uGSWsq#PS)1zNsBc?1=`N+HC8>c2
z=`9n7ot}CR-duC-Lu$)@Y}WVShGFNqwCf;K97=AuH0kv<X78VUI-`fT)Iqpz%%WgE
z(|o)&qD3E!ap91g?fP`zFaW5p+ZY}s#D-4}a2f}}*V}e&2VSTv>l$NNMjxh9-Os)f
zc5lc4en8Sz<y>TMhzZNC;N71k22S39LIG<jM0$;RYJ>;&-9Ep!-+VFdiEew^!XrTg
zjUXApSMGatR*XbZyVIib+|b%ntz}~htn&kCOkfK=WR#O=#M(|}deQ*0b43%zZS^(E
zl3E2kk2_P9Ky?db#9cDbwP&2)T06c)Fe;vae$)q!Q{%IZ{OAbj5a-7gA~D*D18<~2
z%lTOa1ZaE^@ZtDpGN+usb#}wlnoahk-FsF=wtKn)jrQckmdQ!pv<BUK<=Poiyl(rk
zz4cnzPBPi5@wv7vn@KGP+6gg-Q;%6KkoU?Zr;RYurTJKatyDeVHJoOXfaYaYFAXEo
z)-L$i%{=+fy9hiMJ8isi@H_Zxp6^M6IDtGqcx!=M57wW#pWfd4zLUGVyS|ooy^Rt`
z7D!9vy@v}v9^x?gnKj%XUG-T6`SMszQHuzpW{OjC{?C}h?*QF>-%q~ofPE0V`>cF@
z=0~vBWV;|{eO0A+kcxdC{W{Kf8>~Ws=%wdMPey&UiO}D$4*7YSAT2^2Im^(F`l|&m
z^{bZtAHN^B^_yXVrcnVF4#!%MSbtHwrM3&rA*bTQmO=X2EPy|4h7<U{KQ#P@zMkLO
z5nzm)91Fid0y}I_6NB-=SdX6C;et=wySuI!B(~dJFiB-JTSYmNAsbbOsHo+LU{PR6
zU6e0SDUnV0b{5UBIdoe#x~#f}kR4SZG(-f8JCz{<K@}{iV<P~K74KW?En{hAX=Np>
z%DgBJ?##>W&%V@q<g8KL6K%8?Wowz^DHp+6_RTxX2B1xJqm~KIhkAsfFhQ6nskd{O
zjtfr@qw&GdB^#rigzsDE^K;BV#RM!1_lbGE)XcE6E2;<L8zyV4`*s?9H+T{SJARBj
z0S?pQyYQo;^aM(DYu;nt13LFL(-5FXP>P7DQmBz{jENTS(!MAxBYp<LuSXDrzCuJb
z5d53&dOTL=J`X)TSssp$0zGhm12HBhP|C%Y6_2SZiuyb<5@Q#@!6-c?nJxsP?)a5=
zVOBMU=dOg?9479kihA$pdwvj&;%AQT`s=qV81dY`65GcY3Vsx+@fOFvxa8>W7x60n
z5e}rQKqu*UHSpauCPG(!h;V`ijJ2SbK&2QW6dNI(B!EleKcxtMo9Skm577<;J0Rpy
z;=XXQ;6W62L*Rqp>T^VVcXDE@3B$CgK%4?`y?-86>$?4k3Xj8n9CWOYok<F!c!EU;
zOB?c*i*4Y-LT$G;tK%GZW#hqeE>BX{hr$w}!?c-1MVg7q{w)s`mI7c|@yBFSs!=H5
z0OMUwp(>hJf|f4h*IlQI6DlfdhKLn^Mpr7F%FX--@aRNO8HkWTLSnE9v&k>hqjlTt
z^?g$}%M!!?g?4YlSyMnjlVYNSzpAQ>l-p$z3Q3R?AqW|B^_9_16>5@^TY^g{5mrh>
zlr6y8$VxIhAgq>QXqsg)%HfhVAZ@}Sf|Omdnk}IUlai-XG)Zl?xL}gV+Q>r_5|%ko
z6f|0K5dv=m4cP=WIRt^lT^30tw#FkOiCbw4TLmd)mgc{>huYwJa5q^uDmBnhcaHlK
z%|cMIUtoF&A9;1NpFfe*!fvwX!ipwaf|Km6eB^!EnOvc!&&hl{F#YxSPMYlK<$Z70
znX2V&{PKdeC|J?(BEuLb!V8BpGrPO$8Oq}A!@o!@TJkbb#pH=4FtVUS1$YXW{f+2K
zapSz3QL@6QD@W5zx=RWti9KEhY{9)~y|APu@_tj%fOMq0(T*e#N;~M_=Gh44Xd)~~
zVT5b#L^uv|&Nn9p${IriG7b>yv11(Ah;cY>jBMpq(JhpW<yF=L$C@ar{TGbRjTK75
zNQ5JZ6~q;Y^x+~|Y-fP-;OovhMHie0fxw95l3WQW)={*fF<h5NF|@pxZtXIFqkx8!
zZkvdpyQ+rTO(i><WRz*jsh3!h1;tKnZjkB-)Pjn~vg&%GYz>JR4@EH`2}BYQU;ry*
zE7EIN&N6{SgIau{h8-LuL^g%G(GZSXvcz<24S|X^3D+Wxs*8-BDA05@go;BUJ#@(<
z9OVS$WdTyBJTov18I%4bfe9vZX!Wpp_0{Lr<e49mdJ3^KP@4%wGB9DABoq`C6;*;O
z8|8W0%CE1kuXG;!Q-)_3zG*3?ArJ*oVk(HmV4#YKy9I(lkc-Rje9xu_wJ7xk=CbA|
z$z@eRG-1p#VGtinlC3ekRih=zzdqXE7_NQK@?@C6u#r)N86E%|%0Cb3afdx?@lEr8
zri2tyApZb8{;v7D_g&%c^PJc3kocOz&#L>NAq+ebML7Z#Pvksd-w!OgFwCELI+=R!
zs9I$tes=05s|0z?>LYnkj40RJnyQ<!tc-<N#7DMwRuXB1V*q)8bjpeNXW8+LSu-Oc
z7KD=}Q*YaAU!S|_yZQO~`}x0qKRkS5B_PQWgcsFS>+1D4?RtK)@USh{Ar0mE%hUjt
zG6=%9Uo_E>gE#YSb5U9<oiMJLeZIFye3>IDkgMLkT8f)8R%D`E{B>1Un37p~o*Av|
z@7yn?2RtYYl6mAV!w5^bT=%}eX`slAQLN0EELk9kktvCpQGQm|_WNHSRX%&F{rg7l
zwu&qfR23Ep*#lqO&i>c8>t~6}{6ADa1Hjg^njrv>sxeWEZ~)iz*^@-Fv$qPco_$Bt
zQ0?}r;j)8Oj`b#%LPFwHn>K2@Q;w$(?e&bBDH%mcA}nMAA@D#CCqDMPf22psFY1n@
zA^8<ZiJ?epQc4mih^mZ1RY4F{Q1U`g?@jlezdP==uYQ&#F8+o6=6mP0UGu_16J&vC
ztU${KL8r~PHB!HK-?zbeuDJc=!t#4$*^YaVvp0JX*^*8E{h9$G>*u_qKQ`M{YxjQO
zB*xkqNhs1xu^2_$ZC`ugug`zaKK(|&fZP;CQX;4-_5?Tk+;`r2dHt>4^l0Jp=F3Ca
zO>=&G-u=)CCj;eG5JTAjte?l-*j)WFwo!9=At%7+?M7_n%Mwc`J(5BMJ^m3vVn!w@
zB$XL9%OpvnC{Yn50VL=5$G7fRpTDm6{XYyr7^<rgPh^toRqvir>$=~*9~EbmUyrb}
zVct23v{+(Tv4#?v9+op9*-|8mq=~QNr1D?leCV6*$#XL~?t+V)?j0>B>z%FH<sF;z
zMd_Y4dnfV&Au$1rXaia^ernX|@%!I>`|TCI{}e*vs;Wd#UmyqFycAC*ZR*5-q*m}7
zV2{K1<TQi@kdFIS=GT<9l*v??Ev%U<YfZJ{C41|rB$mYn%rG_2=zc$Mo8H6oGt#<z
z4Qob<xdQOsy?VW7U(WdT^?t;%2q?&ul#)p>+A&bG6%5w>2_)gqJ?S6ox##us1}Y+;
zD5|Vj(={OxMP_ISNj5P;Q6-=yzAfu4q9hZ0{om@p4|l)UzrCLFZf@mWWC+Gc#ttm8
zVzJc6Qdq!X$U>V`wXeH1u!t}sASDQTx}c&#B*HYXP(@=E6=TofI}p}aA@$rn-@hgh
zny)v3;XEpD!av_eDHUS`Sdx;(nG}^8X+@&ZkVOzt1pNX@`-1Dwa3!Kdgnx>o<yBNc
z5-dR;Ne(cc9p}0-`}^AP%(F*7rEl3rpL<okNP0++B;XifF=8^NBMF4cD;0>uWW;1J
znI;nx35yLj+Mi^~A@63|Hql!~fsz{8{83b6rtdCUgD&jjD8DG!OS-%E-wlgssKKJ6
z6^x{95n3#kqK#=yrc`YkSftcxCTTU2zIM<&?@-%f{QG$`S%u!6Ta!f<qV6{#_DK+V
z%kcNYTQ&F4dhy2Rx-kTyfEtz7oMOprz{-(_766)rW$onb9-DpD^^Uz;fR)8^R|G;?
zl8_mKS4;)O03fD|SORp5Gdqtxxd=}B1owIkjlAPv7aMP#j<=NI1Y!|GfLhQ{B!ZZw
zP>BRUQVop|&I^be1Assxz(~Y}c^*<&c*_Nh1x!dMnM?}}7TOMFA`q3f;1K3lDUjwg
zfFy`3gb1i*)tQE}iE7B(b(lk0j<Pz{7BQs|wyLZEOKiZw2rBKOOfozqTryPiJYR3G
z8`)nt)K1i-6htLalvIgfD5zL6J3>jM(V7Tm5sa&q1}!@)nh8J^4()bJCu@aTbc4H!
ztBF-gbpsN{p`o(K<|IoYHi1Mz1b;D&whh0}d;nwibGx5|!+hrVa?Q;RHdgb7&6mEb
za0@}_H!|n-c<aM;&o2UbDe&;oAS11IF-;RjvN(=jzXdDRc{YvWiF#A=(g@unZ5(cN
z56=^Cx1ty~6WgNarIF4d?iQ|{RZ?;TSUAxYPZYO;r+5z!3qJRN9>lvB*uGDX*l+9H
zp9VWo&#8KAtp~3g&Ux94n5_3UA%cC{aZ0*H5EkBDZwf^uD|WR9efDBP@p^YZv%Z~q
z^%U*9aCWS$>{>5@SJ#TOEf>8H(5-=c;t>_~9>ek6f>8KM3nu&+;qcMVh9$N~#g}P1
z(e~F@7Ahcz*?Yr2`{?fe%)0nBnVL3E`*UQG-D=9Y_bXRAyCeIiRN`rMR93I-`0D%M
zd$t|dxmESLdwlAw!U6MZUZq&9(`}lYCANI+j<x~r-Z{y$e;YTg_#iLE*Cy3BzK$y`
zM5~sPWAy-yDpfYP%xAi}7nH6Eg9UVpe8>w$*mSn9tWGE0Q(nA}!=TI>#fT_yfTA_-
zi{5olI$hgTAg7MnyRHOJG1Z+GZRE`zeYs{|F~=Lz9kEd9!ya~E!-Sa(p(V}@1pUPQ
z?w;P-r?po)dwJ>KzIDlXw6(&yLp6%}=KSI{j!5YFV73K;``bK0_c8AV{2x8^)XdwS
zXv56C*JzA3NhnBFBx*<nQ-Ym=Lm@e~#tTmJ_Qw4f;IGoL;XO+y(qMc6xFYvVg<UOK
zh7e<GAQDWf6s0P;&TCEPvo%$~04t1DW2j;(D##ZsVCN#7Cyxk|%R;NlkmriBG35a~
zCxuskQo-%@(O1Uq6w$DS*X3M%4==)eaw+XO$O56p+m@p6ac?M)`j(~<5j-czp%^!|
z-V=y8y9>l09hBq3c@$NPc38pVMmh6QWS`rv<apz~fn1LG?|hR+pEU=>h>v=ju(~vl
z#6lu_!<Ti*?Riq`rrDd=Zl)thHSc@5?(Tjg!0!wO{;!sc$|~)Cx?*z_CK7Zd0Z=f=
zG)9_Dz+fS-2lR>?V;(;h^Y^Z~DrphYr!h{hxh}}}4IGMV-YDVJ5-cmAN+?hSQdQ-z
z27gcK-9D>>?yB+v>J?L~>+9yN{1n8(6FV-fJku$CU3~k#k=<Q7v+fu64;#MMefD)5
zt=h{6U~Oky3@|Rn2Lu-n+qop}<C#Z$Tg4uc!}rr|KX@gHD89ll0;AH{znsr%8kX8I
z%dH~i<=v=K>c#f>-nIY<#LRTyi`~uZo$JZMsoLMZysQ0R2P<*18F&E)tEnh~Y=(i%
z%EEAb!+gamudl@Cuxs6CyIhxX&U>K+fO$e7OBc;6Bohf~V{CwVfT~zP(kz%%fT&5K
zMv>juO+FM>8mEGk3^_p305=Q#R`qc-92#O}gY|yBHn3d0wBNegm3&gBu(EPTR)LIp
z=zQasyM^OqnudyVGX@RHa``J0tGY)hwWDGpnImyANE-1rosFb{T2(=<4rtRGF-TH+
z#9(41ok0Vx9fEeE!MN>+%r|U%K@BjDvkvmum1kgTf|yZL1N-hG37Q4_0q2_r_!s+S
zt!*t(f{apG6j7q38C3cd5gDsH{lB|@bIyEteZG1yZ{mBt9^@hHP6<>L2^fILk})C!
zOC?CPnv|t9mRr&*LO96nkv7>jHHZ8}sS;W@UEF;6Xxb``DRWn3$uy+INhC-lB?ejO
zdt~h=b%Mx0+0b=P{_QEOOby=jtq*Hkb<QeWv4XgCr%Klv4I>oFI`28_^R+uzh863-
z$;`Nw$y@c4MACITzW-A*B$Q~Pjf+L7vT7=$Qd25Qq_v90irP&{QCcXfN|{ltl*|KC
zLI(5ve||FaF8@!ZZ~qSWja3wsP*F`Pl`5t%WD)Ou|F?(u-`cM~<8^)QJ^X7}^Io4$
zhK}bv%=s;cpA|Zu5{4oZ?xdxrzD~C5QE8Sbr9fr2&<=<oA~67nCLECfP{tu56KsFf
zP>B;i*5DGPP+SDzqH#M)F<6vGNf}KH!Hi#5m#Vj|Cb#aM`Lf)=#dO_i6GIfTL#q4x
z?9AagU}8C58EG1)L*5N5MiU{`_hj2;HkPhqNLq!|)>=(hOXKt35y^Monfd!xGesII
zQqe`FG;0=+s!b-1q|}=hX0cJDR9j@SYZ^5(Ce&$V8IhQ=itR=EdVIXk&)4fS=Kp7B
zvypfEmRzX|sG4ep85kC%RYpe4z_JJ^wGBYCN|G*0Y>dK8;hPjvxmv2I%4OT+!?*eW
zFXzqQ-Tzm*{}1!{bF?f@cvYV0_xIVF*~twsBFZ%i5ghC|helz?J=I1m5d?{lh{o8-
zLYc%Us*!{c#CC%1)!jB}OHe6c*LMo(Y}=-kw&>R*Eh#H-5n}|Y|3jCs6-d+)HByUJ
zS_x`dbl7TGr5eZE9ovT!%#T6OA<r)t2@0KrsFI7EaU-(8$8zlmn3Q*PD4dk+<!2da
zfmB?lVR-W(fo4c3^RB(CTJtb57wsJfQPI2SNwsWrHmet#4X4eQHVu>KO6fiF=EG|Y
zO|<#6Y{Mz`Mej7CXj8uLTUERjWg~A!XW#CaV8cbRlE{piXwoT6v7*UFqSQ)Jv9Y$v
zw3TB;h@%!YdfQd;@n0X$_I+3W)|4!t<6rdi!P8AdsFX^fsv0PviB%~Uky<GKKqr0g
zwVrn#wN&T3{W$-|Y7!aaqpZI(-!p&#I5H6QqM?=dF0%0(B{AjJx@)4#Z6YQBwbI>6
z&YX!|AM_2WT}>kq{RX*}<m4BbW1hz+E>0Y#1SKmeOCzv|rKL+6h^Qqkwp#@@cc%#s
z%qA(`xotK-Z^suigt;q;^6wih)+J>PzO&X-VX@U+Cq^-D)0j3RYC2sLs=&l;s(G;6
z85*~P&h&9EON}th{<Xf?OG&7zD1@T3HG+yNB&gFiW@g20CfQA>rfgJH*{YLzu_62Y
z=igWF@v}2p|AN1G#*sprN~KnmRAnnnQi`UYK!mFM+q(aFZ1LgBkk$O@`<>wlJO1@j
ziWa3*p{fo-L;jzIHB0w*SUv2m(W`vfHo=O?h=`7021r;@2owY|&c>V|+`2DI<7(Z8
z4a3fS;BYweIc!a=B3UQ&M7hV#BZd(MM-c|c@=ul~WXzSBW-M7{MUA$xw#`{e)|HJJ
zHZ>KEEYVsuNw$Sq1tdg*l4u}6Kfk;Fr}yTs`v22j{de>G+voa;p4VK(G7N4<eCmP!
zhxdPT#MAX_?C<XnJ#t7M=bl~;*T)Q!Yo%=3zq1?bxhHn`-Y}yoVP2j76NV~ce=48J
zc=`J6UD&9~?xV5ZKK*u4+XynFv>d+K>(%D`SCa~<mEx*%%FkoRYVN|Quy(30*8ez;
zV5O15mzSya#ZF8>vZpf)%*>gT6(MYuOj^(yqC+9IA{0@T?Y7?+wX4ZiwVPM9wo!>R
zp%~1BFo>~BBUPcOp4$7pt*x+CGMg%!@t<5*1}aupD_eVicKv2)D5F_1Nr<pnn8g`N
zjS^~QGN{pLwvyP^ENzX86&Nhavm*?ZV+Sao8?o>A`0EpA-}UeN8*Cf>{yXMmvjn?k
zk{OhWLQ!UlgwYmdYGPGJiKtO>=^~NSrgG&<l^BYhDPlqtW~!$jhT9+ZXK%~z)$f1s
zx;OuFxO&5gX5^gAe9a}M{pkteixq<sAGXfAre<Z9K}RhpuvJt`6s;>QIc}WmyO#$p
z_}v<!WnhzPDT^{ml!OLMQ`7K^Y!Jv_xtUWjM}BQhtQAI6Wl_*NnMkDTtXQVoZ5r0v
zqS2uXTi5q(tK{OB1;5snG*>3SPpdeNSTdhZ>Y5g+=&tk{t6xmHwGFHhi5mTHp`TY1
zi+ADtlFTg2GZmEBqSR!@jYf*aY?>-dMU<%2V@A<dU`@(Tx9jJ|bp8EjI_n?GhmP51
zV;{{@h_xDvDWOW0MSq9^qjk>f%C^7R&2uYS|G$qGLT`Jfu0STlAkTyoZ8egh*@oCG
zMW15_TN7JBYD@aT#$4|1yI;cREQ+8;P*O-qG=hWO7X{1?kX1y=<Px+fg5<_^on+W<
z#2FJ`wDae_$7163o%QqYv^!J2d+D*Ywvkq4`HS-|D~Z>w=F4f{K{^wjF?;!`#mU~i
zZB3ZM!ol3;dHcUiW=zUi0xc!1N@7VQLa|1pX{jk_q>_>uq!<wp78?l(@7_o<N7WzR
zf3H?+{tOTE{8XIbs-;pbLRAu3*g_tC)c<@pS@$!Wm^Z@e|LmQ8<RE5O?%Ma?G?)uZ
zD8=^Zbtg=fj7g!XT9T7!B_yl*-n)sMI(6ITnmk%I-E*#Hl_ngZ=3yqoLRxT6EaeYh
zUw#zrF1-7_aa>}oQ{SGpEwPgG_U6-b7`NlYWSgpY^F3$h6~h)Lo?>&L>7A`Jisf<Z
zG_6ak=WA&;E^&E=TUN%mhd+O;Sj@1^B@#)cA~I;jWXcI?D6<MR6lp0YBt(eCfG)`-
zJ@=FQ)BRu7{mk3{5CiwW;EfSfijxqoluB5YDvFg6qogGKchbM@8$2r??~-^<`K+0l
z=~k=b>Mq)nw_9CIfTqxFieR-OYLG1|#6(bP#G#e1d-|Qx9afnogY<hlPFPfO6CjO6
zptP0OShpj0b#oZpbyCv=5rj|${{6ssNNyAU#uK;$aO+g(t_rvY=CQx7BZ0H?7JclS
z!wY8{>%Tu9BgPp`IB1rN==Ytrt&Kg*reVyzaV|^E)6ItPEC!Q!U$@N0W@8p)z|jCo
zECwVJ252M$zaQTna#KI6HF}x@9S){Bjoq^bSr#xZDIm)$ghC6i8W21T<}jZEmG#|#
z`55{=_t@t7ecOC25OP(wIpS-3<K4c#@$J6x=XTz$n-d|XK_VG#HM%lX$QGeP0U|+#
zIKwPAU7^Gq5j@CnM8QQcjv5v+2?jf8#>_7OsEX5JhTNE>8Dw!0lQM%4#uaT_5t8x8
zFt#h2@IC|IUoqx4dOSEG3ceg)Q-Mg45(L9#c(NdXi4X}D3PZ<f2Ey%gS$Z{BCPo11
zy%=gYsu6;i3L*9P-c(OeqL}&DbKS}`=bo29L!HCbLkcaptvKgMy$R4wOO#!@fy>04
za#h_b-D``k6SsGF4my<No@ZQina4XT$`5EB*IYR}jjpb8amc1YQKdKt!)`es<*w!k
zSz;wdAz@Y~$siL(wK4yHs&<Tq|K4Tb8oiEccm2Q(^0!TSMwQvAAqIkl@+8pDWad12
zylZc5%$ap}Gc}>h=78dU@alIkW=p7?8Gr-7GeU!TyRS>5dn$X2-O8J`$?!;X_jus6
zgz!Gt{B(Nre*EKrcF7{lpsdKJj|;q4o<_#;`kgmP0&gl<_;msDoKESO7kp0j!=~zJ
zW*@75y6gL^uD)BBZ|gD9FG}O=#o2rJ)9T-aD!aZ1<fHoN<}a*Ov=9-7nP>#tO{N=Y
zhYhvIusAl0G=|v1U){Jb>X&Z9ufF@91IeDV<K&JZukM{E()ZYRKFcM=-&?xDM{`gr
z{&|D$4foL;`Ul@@<A$=?3%AxA31}%c?V8`_fj0M}5pUmm(6;us7WsYeQNFA?d{=(c
zv~qxkrGB<jt{@lWPi^$pbCRHwD@_t3EWf4wS(~T#gCBLgs`#wq!OH<2G_h;+T2VAr
z#%h%U$0I{JeUx?OE4;kAt|Q^92Vq!)hX^<=P;w!|9aA9HtrRu>bM@T`oA|O8lD}0(
z!mZufu?0}Sx~I~CE@8j09~}B;&9bc^7t|id(Qggg+uV+eeNW`w&{bPiefQb$tRFk)
zKA(4YHs^3V9BxwFbz;gSBne70_e&EsIjPT;dHbG^pWLqzt7q2Vbe<<@@}Z<JjZwi=
zXW49KMR<`{QM<hd=cm_u=ukgZR(8wNorsW0tNQxvS!I~MG>UoY;y4zFlbv4r_Jym`
zCRBO9zfHdb-ik_XY(JY|&5}d;TSd0pVKPA^l0syGsELud5I+}gG7+gZOa&0pO|sL7
zkmQZhhXJS(KL9uN+BVq<5MbLD*n!cA&cKiW8+p_z19&@al{Z<H=9|T5o59+;sMmYi
z=W3(ccVE6$`+P%ty;y{?*##PK5%(G;ueZf`RyIdi`j2`!M+iO^Fc6<jRBO2M$(d6X
zz0~aP1a_?yE2_2dLsW{BEhIxuo8W}_d&gHEw>{r4qjI@=GK%cJYz#s!f<p`QJS!%i
z&~OOHQd-onU5R*2D(O-Y3D;T}Cc2j~*z8&wL0XS`RNIAE!U+T)0toy76fii2fY^&8
zlNL6?W1}srt*e_?T*NO@@*?=WFc%6WUDD1xqm9C&<Mic!fLNL`FhkZXFoA__idkgY
zWU$QUwDz<YZDzD4&e$vx${bt*tW;y};AG)PvGhl;4G@5c_ud<{kB5igArl*8arN^u
zhXV}(AP$u*(2SzCsjC{@*4^di7{SP=l~qj9ROM)CJbZk)@0B+D-8TY!AfSx9daAM_
zp!_!NgTTkqkgEKB_rE?S>)tUUn~e*(7nv(Ri_+mg2i*RA`@QSq7(13WF}!{Qqt}|?
z!HRRFqgvxS(J8hNXvS}Dy3(LsmIG}|7{De?fIggIba0W{(If)|kOIUY0a|-S4S7mS
zx~fi$>WUmWimScsq^yeFsrjf=!ipOF`l#)&0qgYdG2Zvz4&Y2UUJb)_yD2TSHcT`i
zN`;{uVJ>#gkB-}%nNN6O0o(9ES!@#uE@BK|tQ1{oHUt6f0T7rw&xUkb`OSmJ3AYb>
zRgWX#5ULyym=WJIQ%K&fY12iT5mpbCFDek^PvWJ#xAW<(IYdtkp~8fr0>f4_rG=Ub
zHc@XVyM>HyqF!)zP*Fl7J(u3{uV3#y&ph)r-K~o5U!C@?FTZ$wbTwdW-NJ44SHsWV
zfQX_ZcvPxbkeZYJH}QSPkz}_TjmSv_7{h48jp7i3LW#yuP@>pEIV6P0%fw<Jw#zaJ
zA&{8iG6v#JBFd6TOpr+=keMKju;;4xyOHh}u%7i$UVY>rUDpZfVM19fFu^G@L_$0w
zM9w!O5d`HG+-p+j#BN9kHD`OL)H-+8<&vuN%IWWy($)PksfDBNgCYurZB0YB?%%%q
z?(XK@@19+E)8fc;?GrwmbLXYUyQA$3Mr#YrjUNw(d>${B?)|@a(NN?ox`yPwWM{?Q
zJqOLPQgND_fhis#9WH`X$BEe-ikm`knSL+=LnrHS0R;<prR9je(IGt%pful*69C(0
zkgGyW^Hg8a0i*4YQzAG-F>+pUj<Tu<tjTL=fvP^&5>0iFM(I@vcvi&~EWv;V3fsYr
zX1Qi;0qPHmBUNFBu}H)n#Hex*0Mv$@j?p=UKq@Q+r3xUeT^3%cl4=_Jlo(DDQQQR*
z>EkNK`OX)d&_LsNQV^8oUBDqrR1yaq-mD1+DAGU++p_m}WPl@7P)h5rq%y)CW#?Te
zahu8wU<7Dj09yVmc=aK0-4E9JlWwV{xIrYac>wD1*dxpU2yg%amv*pslHI|tQv;@u
zG5Xh{jle|6s?g8}R#gMHSpeOnY+mMM43;S7Es5R>a3QyA(5@~*ny*$k45=y12^3F-
z4#*t$sSFjImg0<TtoW(wn3&s)jt7~5<{+YR^Q>vzS$eS|d$u;IHr_RZh>bXf(__f%
z8f*(SLu5~M5h*mPK_WO2D&m#cN&p%H6sDgHh*~MjcXo%aRFWpS5>$~b&C*%hx=@Lv
z4YHD=gyJGv5z%z*Hf&VHM(d{OTdGA%H8)PPWwdXYL<2Xu%1K<&4^SxJ(#{naHDCip
zfto3EebQt_u}2(%BRw7uUPZv-2p-ZDTgSvM73cxd>oa#f-w)cP3p{Z(@gK+x%+H5p
zQ9r;+XB0xoOl3)hikB%u%(O7s9Tc;cn98F{kmn>Z3_zmcLaM1sqN{`;8t-xTuUDV%
zj5bs%#nMqAGhDyOe)E=7JV-(xA1bR*BX+e5t*+yFItEJuM_s{;XfPrMFbg13iXgO^
zA*qZ8#x!BBmB&t)0T4BS>vtkagCsCE002o<RaL^V{;z8QrBp19REZU8sS;R7Xrg5%
z{=qo&xfeUm;e*cO6i5*%GKkR)GHBCs=XrVJa8<QtT&kj|(cRsJDgmGr4!gFdFvMY@
zMN+xAD#B8=R;g5I-ZsHwWB$L#2mO(WUr)}*YiY@Z%#sYUl{1}14y+`zD61w^R(<{U
zr*!YNQFg#7Wj?;$RNv$D*Wa>xEgktztiv)?*qawsybrCTbk*-AS`8;xjJ@@>ZC-Kf
z7q4BYyTKVG-!lBcu-%GFDBHcgR`2e=!kSnphOM=jGGHjgRbq+;$pU-n@1%kMe*eG2
zsrK*F{=ge!{(s&7bV-u5O%x+DBrQ`*$Pz<OeEz4<%DVfXir<HO%V8&m-Fbjbn5p#X
zbyX`av6*3!1tv>rG@C)GFm0rWhE4xp(xCH26G?v#B+WtuGf=aEXDONntffMuk;;w{
z&1uyGkX?axv*5&G6AGWZ-=BOOuu*|Hd8JJ;6u_-P`Iozg70HMgBX8F>TaUHg@2>N+
zy7Ar=^?AWum{ek=>yGnk-HKKq=;Y5`zPl%E5XDBhN15g8&k^GlRIRJu-{oI_(@Z2Z
zlL?w=%_P!EGke;$^?rV9Z?=Dj=a~5%@A|-Pw*5a3Sc=feMMbAHl(LGdU+E;0Yxi#a
z^C(T7-`Me+Vb0awY$P*Z^?%*pYdAoX9>^atWF%EJq|}mYMT`3UmEG8N$8p}a-D5kg
z#xqeN8(g;{ktQsrDc!k<wbyRiD=e{=W-}dUQO*Hu7wz5_lU5LAL+fVQj~|}z3&s&J
zQ-h@F#0*gDwoFx}OG#Wi<;-}?eV1#t&Gv9{U|B17Gec8-?Rqk^g1IY8Q#)s$J5J?O
zTibtC_pvhx1~U?(HZo%cGbFdR)wk{W_kRBV{rbP!=M8HujQ^nkhkx%%RjL$eRjNS{
zN)ncu*8S&7<!e72HTT&AtSQR>tH9{M2k-qZiDF2Ze*>KDkrCOZ&}%XYQ5qp5Vwr|y
z`uhA!is$XNE}uPiySX14O46-fR{nhKc6SeWx3RgV@k(hmT_ek$^Ei{0FtVJxvlVGP
z*;7}|Zmrh-ec#mplR!;|EU|+OW>YfSC%*aAv-L`SYsX#R)vIl__58G7&XDL(GF%Ef
zQ(A?~64IhG6Jl(lIxPy&xQz@%ETZXYs1;Wv%C#dzisv;|RICM6iXXZEai{&spZDop
z{pP&8-dFkz2xf*cpB+1}Mcv)qqjuqBRC3IuG>t4E-Y{+te_)%5u9K+K>)U0!6_WK)
z-TTe0&aceSnqq?mIOw`DQpr}n^cu>rKVLoO*6da$-+pt7PB4}b<@J|4xSXxMyM6`A
zRo|ZjKYii$wrl&J+TnMeD;~k5X(^<k7m);iDd*_3?900pKDF#V{ggL{+V_8biy!q<
zw6s+vXaGF?K+z}b{k;LGRP&}3wpVwE(rCsler@Z8%qqe;zn*J}#m%|--x}Z7datK-
z^77i&K048;n<_GqKZq0PKso3$_iy_Dyjuf&5AV{`62Q66poNu`{p<X{+T)9#V4r$>
z%loIC_0K*4L^cEvKwwbg{W<2LW+)=Bw$Kev7$l|!M=rtCC^z%{7f$U){|tY`F#bEP
zA@-qA!*njNpqG5sp{+y*g_c{^P%yNcg+hY)Wy!`J)g7s+a+AQ5(nu2h^pozD`S!nA
z$}X($MH%{{2}lGI@+hO9-c;3B(?4Zpcr!uyBhPTxd?pA2ApZz(s+CQ23sIER6+|hN
ztde_E`gJ|!t`frxPtp=Fq%HK(F3qIYQBf=z7nvv^YG@Hh&9?lji=J|8n$^v9&!E2|
zugVk7Prg3@e|gNkOE<sl-hWnl@~Nt+RJBD5mC_TGlT<9oDCaH-hDxQNq7aEngjC8!
z1w?8oIzhKiT#K4QcRE=nL5V0`m6>W3M5?5cMIsR%MIUC*Sq{G0``Silz%q@H$^D`D
z<NGjwU*P_2wwlN>RaL5%5hig|vL&HQE0qzyamcJ-qy>T`hdi?h?iLkr!sTE0@%vEC
z8D&*XkTpEs1+s)s>O1KqB%eq^cU$m~^Y)9MI9&bBW`AfadFJYhN?45w(iD`_3TcT{
zh<W|bJnz2Kz`HYlRbSQ5Z``@?pn@Tkuu1?#f+8XyiGwuO*#C8ChEo#%%`aqG?&P=y
z!o5hLASepO1~*r9qCjI9f`Xc(f4f}%pIwERe-|&)^gA#!enP{HlbLoE+M9z08I(tQ
z{@#z$5`P2;Z{Ml|^F{fF4G5ytYBWP2esX|VfL4OS0yToHSkQAZ%oQPr8nzdL#4v*d
zP_lw}+;B#f6A1{MjoVyA;5i$?4X{`t7k$^h?vNLR-bRggz3-vm;^6VVcYza+zTx_t
z*LP*^RiN&L_prPS(B<MT48rMgqf{odCMzm3h;FdWND$$1(@KF5nvl$3f>CTuMCo1S
zO&6oEpuUS2-R}V_^>ZtI-*_R%zLV~|1@<g^<Iyn^0jY6JP6Xx16Re~QAS+c0I#vqE
zGALQ0)nr8in?!){kgCd-GmuaTV;d1xMFG;-GE6{7Bbbs%tX7#ubSR|`har~=HjKqG
zYS~c=%T9GEh#0jjiY{S@!37qC2t~rlP^+BVE=DO<auzAb$m$U#MJd!ICc+w@p}isf
z*actWUQqZ}viOyf5Qcavxs#Z;bNU-RuKB(_-QnOQTVbWMhUJ1HXqwJm@UFXw5!>5?
zczD&hwWAfg@TH&Qb3j~}KVQ^926&w3#`O2ugvDTA)UCpPb=2tTAkRV_WReDkK#)*?
zK0>QJ%;(+nRcB92<#^V?YQ@O5w}slZV^42Yy~}p8>$zV~VXRwAwoh2Z(L$)vHAGd^
z)88D_(2x=I!CAU~mYp1%xsSWI@40E!YktX&eZLrKww2pipBlO}{v0tI)K5*LV~<~T
zZ;#4n#mj<ntC}ORn8Or48=PU3nn>8CzdlQTVSRk3#8xa4{!sE04LsH^?&edw`Zsd+
z)id*tr0v|y6za|W^Sh|?t9O3;kX!Y{uWal)@y=K`bnRHo7qqnWqSMffjEo3r@YcDl
z_;u#Eb=LhicSXKMdO8U_QpKg*8`!e&RUTJH^w&}BtyqI~#6UZ5rKwrQbo9Lqt(1jc
zC@fx%3=qW(sw;jzVk72v?)Yo@9O+v1rhAjMys(M{-)*69GOV6#X~q(M-U$Zhhs5{+
z*fRst_L@6=()l@!Ivb*^+TQi=x!-D}GgR3xsw5D@*<FN;&JEEV?CK2pdoYL9<)1se
zW+6peQ74zm*Eg<t*PPuiMKKvAm6a?E7yy<)X}@v4{T}^SV-@{X5+@E><$JjNJZ?ol
zHp%ugp0!3_yPogMhC}QRd{)fm1r>@_6-U7L=c~kt7#5SDAju?x4&6z(vIB_ej5hk)
z@DfG*97y?<D95(R?5aD@nVqFcA7E}~XDY55O0p=Ys2V+i1Cc=<QI=11w0i*Xyh~6I
zuH&1qD(?WB-4CsIcX0%Z{1i<i_BKA@6(QHtStz+!jUtF+aAXSuNUUQ5MMLyG4~@Ob
zi<gc9JEf!5$9FjaL%<jO8yo0g55dLDt$>8x-S<7)!GukVxMm&tZLyB;<zI)~DGO$y
z_YyO2;GNBIej9`WJG|6<I#d<ptc1fb{t6(7jL_Clc`oOUrNpWyncXDHWZ7Kfx+1-$
z?<5hMRaBbFEvl<Xg}STPyd2y9s;t$)ZRhRX*{629ay6o=lOMj$6Cn{?-4|?4m8lEi
z+4Whz&iYRIz1_@!;S7E8rIWAj`uLpf-F@@w_)C-9%>u~a#s(k3y{Mb}K7G!|#47Kb
zB7Ix0<zwvPegSo5tRPQF!?wd60F~0koLMEH!A(+lVhn)^NHWb)>qCl*3Br;jk<<p@
zLr71Hbho4u^+u9faTaujODF@fhqL#m==uG8JIza!?%m5ae>&NGp6k;?%&}vb;>vol
z`S;#DbA4&~%RdU;`R~t$hvgNIHvK(vNehBNvl|r*Ulc0$dGP|Rpt-5+cAb!HwTV)B
znS%vnJ9A`|6vInQ(Mhg|8%f)yAW*6t(%K%dmtbo4QUHjsRjJKQW;Xb@#n40{Yg7O!
ztT3A(r7Bc5NHADz6)R;>u_Xqg$fXd2%Ob7P@v6hPYgGeFI16=@kctA#qK%sMycb&p
z5Db_NkeK5q0CF9OumMd*h9eCmGKnTN(57-8Wdjt5t=X+mYD}X=UUHoX?ti>_%1+EE
zja4p`VkU}SB%|a?B_NQipPa4z57m!=g66;Iv+T}q)#q&D2Z`bF5Cla1N%<p5RZ2@E
zD$y(W_Dv#5jXO#IKYM?OU-$N8?bOv_GY-{5SttmCQ0tj41w=Dg7gTDAM`0xLKmyM^
z?SEYUnnw!wn*Ee_iiyfvMyP6%ilqMMo_^1Ld%gWpS@w5~;GSo51|i0yA5Yt2pN5Kd
z1+awnj6J``2cti~WryQGs4Slu?)S1yms4lBP4EvT=J4rTh3F7Ik`weG9OUv9;q&2^
z{N{4yB`Z`^Wm7`Q3EkY?E}C;LIGrL?)2XT@tg1Q8NW(f9p>(kmT4gOEB}z?NnyDg5
z0TJRyvo~ok-H)dKVC^FN-`DRs+gH2a?yuj!z1rN2KwysUyAE}hsFiA{oY^T!moSwl
zy{hC!){AOatM)gm%(s3|5%J)s_8QbD@nt}V3JqBu&<}9*%+sUIlUfpLwS{fb0*SXK
z@Q<XB_7W4rZ}<0?dCk?xe*Mn9ZnR;~;$o*tSyfe4R8dVeKdZp__R#n2!s;G#ETuK;
zWXZ3aTsFa~4Pey<s5L>XNNs~bsEa|84Pq({pxI4?jj&Wjtp?ZwST#Yn?&0^@-Q0Uw
zuN4}NjYgv8+}J8HqQo4xG+3mh+nl-wI}FVsM%=EI!sAfN?%_!sxIX)Qe9zxBW4!P%
z>ql25FU{|DOP@`@Jnh<Ib>63UIid$_u8fmME4fGUvgO1)=1kvZTq<~dB$Mv<?Z0NI
z{{ElC1C*sosZ^BGEfrLZswwxre{|@_?=>}ahCe;OwZA#&LQmhAKT^i2i%lN@#TG@C
zfrP-)gFz{=HudK}ev-qLvHeEO;Wj(Tsb+swmxFu4VSf$7CYcC9Kck$$J<p^G@x1;z
zS#|Z{mHj;Ol&WbdX+WW>TBIGn-`nNszj`fwnf2t}U$nEgzb;o}`cK3XQt=?7R|rDc
zAyD7EG@exskLYN<Ye#l&sFRcdfy~ZpJ@)uy>)GZL%gLy8@`=}pv!%nAC*Jv@WrGi(
zL(d%H?Jd5y=2d=Z`~5{kMIWjW8kv+zg@~&t!wp2ru|hc+$|I<Vm|0?|WLbfQQf%U?
zqzVBD#bEfK?XDc_;srE38$>=oY3%qIKR?kF$MsohVp^eArHZFDOQeLQOC*25;S>Z^
zT&k%Uuuu-y^fmkJ1NDZk3@Q;Q844<bO)$G4UDVAMeSt>SgJqHa*0i2LfpmX=d{%o;
z_pDFl6{KjYM52<4T4`BN_v)*?yE}UAb61}lw!1IxU)Ozew0a@%h>Efxex*${NTmr6
z^kE*V7=?m1-^&NL@c(>!emM3*LdI11P3B>f0L;3d+xrN9Jj`-LE6}px@IrU^)PdzB
zsS4NG4Qu&yj3kwcDO5y8q$2NspSRvlf1k@gzRJGb$DRJv@$MIX>9qKSp(Is7GyWZ!
zsMN`Sz_`TjNJK;xstAxML16!Ru4F%pGb<tpICyD3)WIN9Mml1JS78aS59Us5_q)1B
zSr5HAA5$;*WcX=`NSLZtrKg(y{dF4p(EGtAX7lSW?+<|xL><4tU+}1>NAv~55-iTZ
z(uP=8zSk=~=hj|P`~;&eSs-;j!vgroX$dIqO9FK!M29j|w2*AF$Xg6evT!t6YDw&X
z9#6+lSZ>?3yBve~7$wGNSsEagl(hn}(jp5PE~YZWSu}$nwuDK-Yof;%O0ZZAMSvA@
zp-v=DMGP=fjIEg%C@c_xjY5OMaAX9;!=adK##oly6_LV$CR-(_GC>W%gNC{$0}w3+
za5f{#X|6n?A!-cfSu2n$ASVoLq$`)ljzTzb-Oa)9@y<~D<qK|h?zak`Ty~wjh>-i`
zXYM+2@R?2EZMz+U${4gl9%Dv^Ff_%EA&a*@?|cu(*gk&Vfa?0B&oEbc@eI4G#BIwB
zFj1GH!yI&l5s^Uv_-vpun4(e@Z8;#65NBp#A_>efD9b`LGHI~Qq}qZRq)?#~Q6`DQ
zF+na=prVOkb17LAN~u)_RZqcRwMW(}$vgc-pUHkuZ_1My0ODITfuo(>*?}iJP#`HF
zx@4x1JwoNULc5&3Liw!llYR4<(7f@*#yhL=e(?8&Io2KVj7${fSq`XTvmJV~hr4PG
z3Q!>3^V-F`xH~oJqOPE%Sh*F@shvZ7W9<}E>fYaYd*1hhBi<wyLP8=)5*^FC?rXaD
zU>E1UUh@1qnDRZZ&1c>Bz7fGT8Us?z4y$K<8}@PvC-v4D-&+~uJ@deK<=!fleO>G|
zF|VT8zG84y-xxaV_c5`elV5(Z8`-Ej*!*uOY506*iKu(RH+>#cV_#9{u;?#)H|+bq
z?lXQSx~a`6EghD!#}wXcbuWk_-O{V>%K2Z0Y1=lXKb3OZ==(7WGx7JJ=UmO6*uN!g
z)HZibr*w9)^kS#qZ5~2yOZo;pd%DxFT2&=d&)4JWyh;Wx1f~^0$SQ<SC1vw}ZYGYu
zc4JNN-8CbWp2eD5QKk6Icuu=9O>s}ck}MNQo%^{~AFv@=gX|bA9oT{hSb_*$lV4qy
zj`eO?CWg0QgptLMWo*^BpFK8&EbYBq?9}9N?i||S#HDlvT8^|);_qu;4z-JRj@j&+
z(LLS2oWc%0!>eV{ufF=)K)<_Gsg)LeKAqk7cX!frgBliU<xrrob@ym3S=USLlkCUL
z^5*+K**gN$0X<;XAF3Rb>}jktC&|gz0>|PnQq12gU`yiCRKJw))$en(AqsI2X4q6%
z+<78Wh5EKkRTP=9O-oSUk8Qr^5AUC<?eR$hP^82YZb-wXOWSR*O*Y#kkV<W=(Ot2{
z11Uh=iV~3`iv2Rps;6F^plqy25p0L9wTFFa<!D(<sg$fNmG64*rnoTn0Y~gWp9k5Z
z?~Qz27lN+^Gmu7jUGc>xX{>R}#SNPx6O5P$>vRQqJ-m%o6W5V-_E6tJz-VCz3j!;v
zj*{$b6pNj87K6$S?=I{0_h_+bAeK#bWyYFaxj^M|7V?LC)$awPLniR`<;OWSm34$~
zno5G_b;aLK8l`27_jZ};7Ic7Tv*aWA_ey6bVe!UM2p?5QfThQ#^3OZK=8a<ZwSE>}
zv_o<OATWYNK>>yZmUDxkxmnKvO1%NX?P!MLP8Q{rd#bXtGR=mGC{>b(m!a$r!|;4#
z!JYSsqGj=7Uk4h?M&*Po(W3(iFvN1S(3MzNqxLdx6Bx%(SHr{e(|xy$W8p1<JFL3!
z@Q*591A^iAaNEJ7yr<MPB8ogh{Ze-oN_~PL>dhV;p4jn|2m&Vv77zp?NC*gI)0sk+
z+a?Hw>oS*~_Qu_Np6&~|t}qV*kYr3E0wJ^AYU6AoZJt46U^|8kex5;$8+dQI?%`Mp
zRaX0^+X*m`K!OVhBV`G>^xq#Xpl_s0`%j(kPkZO4UZ5WLMBPo(Rzuh-3ZhEFiXj5L
ziEX|Ou@u6Bgt!<=MI(69jl6}CF_#<-Lkx)|qy1ch!pRERX*Nb3kg*{&#ES|_Bf!IM
z7FaH}ZE`6j5}R$3NF_Gf1-7Y?NgHnoi9Aj!sfO6pHHamH91YV24zOERAs$j#LLjPm
z>LmDn{XZYKx4N@h%RD{})J?t5hn;=5!#j_BcIjiUw~qanAH`Q1UrWpCrLFwu)x2O)
zAF%v1jY;O*8{3&aHuLYJSTX`ML4!nt;csi}ZRg$heehTD1|8u3A6Pbr2{?*WNnyZo
zhQ<%hVRn{3SGN7W&bAQ9&hw$`(#DJgkd8HQ+Aod`p<;-Utvoe1%wSi#W<cJV2LO<3
z3BiK`DBVwDd4O@^IPuEXw$c%X!jz{EAb|w6eBDd*PbZi6+4+F|OXiUA(T0``1n7sV
z!(eFRRj3FJ#43Cx6O#ZeI5P4W$h}xeu&N9;o{@qA0c0#13LsjU5}?iuh!w6DFkJ{>
zht7~a>(15r!ST(pdcZ$+1F?M@$|1hWklz}T8qiiS3}ntV-P?4NM;qA07?5!TrlOjy
zmQ0ETAEHTy3Ol+JEYV_kWU{azXc6x8)8(We6~r^4$W%$&*;!vnhzkWul|ofgOwClt
ztfEM^N@65wYE?3o1!B#rT@^~yh>FArkd=s9CP{RWQ8Gy+NhKsw3)Ta@IP;g^U(SC8
z^@cv?b<3RY_<5>^#vc%$epnzPELbSV{IdxJH5Eftt*VxxAf4Tgl%A@RMU}A|X5YGx
zMgg8&$uB3m)>EQtWc`{LI+`Z_u(>DWa#YNq>S(gBw<z8dz>q($&+pH=`p56|{Z~8o
zh;)e&Ws*fmS1Au6{d03N`s~l^X!HIAME7Rym%Z@*h)93AWYb9$d|(tY{%s%d`~3fW
z7XL`JxrNo5J>Xn4W~IZN{<)b!t@HJJ0#AA8$1<{Dd!K9i9*L{_Kd*FEBS@=NLrG{s
zR&vNLl0>6lpVz+qZ`1kB-`@E^c<ryX<yMJd@REcX{8dp>sHz1T#6P=eM~Dt}oM1Tu
z5+3|$Kew_#R^fh8FElk`&vb8df5zdQH6__*)1TUo<=C0}z6eA5efiPud-yBOr}I@v
zh_tj&uql+Xnvd_be|uka`=-6C@7`|e^T&YsKvVG{hwrGNVN}pi_7R9IfQT_sWQNKE
zra#$|r}6w34c-;~g#3OgZ^@w7bq;FpUT#m3$bUbH0IN5ywT4x{e0jUAZ~O97Oc_*z
zE>uD-R!N|1BMPj_<%EH0MwF;^Xj;-V%%s%OGEG%f)GKIWefQzdbM&6;xu0@<JD48~
z(e2QC+VQKahr<<ZsYI<vOtgt;G!_r@{B>=t!%e7GYKhHSsdTc9QAI73|AEAdiQ7WE
z6N@@g%RtzQvX~U9S1Ka0l|OQ&c*dvqrA=Hr(^@|S;uWY>65i+Et09#^>GU8S{;*^n
zwA0+bbv}Qu@BKl4xn?MZQ6y@uFo=k+D$hKZo_D<c-h1cUVaHAw5>JGHkpMr(eX1=*
zhGXNhxxyw~yBg-Xmd5FhFre8IK~-RWH-#U^kGk#Q?<C~bQM2))UF@>vu8R$&YeofY
z-G&G10=Ru4B@>g#_4|H%eSKfHD))`tmrI03NQwvo0!W}hui8HDHZE9GLjv%8D2KZ*
z-d>7z%AO3CdT>DyRfH8_D!B}ZPF?-&&KIVN)WkFYG0n+VToA13Owc1B<XoT?0^oOF
z(Z~7y+w1;+vK_W}zP%ROf3Tqa`ooz6j?Q;C9b!TbL*^L6L0W;YV^|S{CcU!AZ%I}0
zAv~|V``=&Zf9LjoN9F$Y1kO>_WRQ?#mn99X`zZ?=Xi$Rwxxc+aOr@W*sBHJ)<_H#6
zU%xLGJFdwkch=px(<TxK1t6;cRTQUF%Ma;&ug5e8aup48(sn`+Pu)LXBzNbxTGyAq
zGHCLl=)gV74g5$?Jo1{S@2$@Nbl<<HeEz{oqL``7Y076P%p#&SE3Gm!Es4zoHVM+T
z62eYYP*fsmT(Id>ikZmi30kVCWKwez{r-3N?!TYI`S<LFo_*)IdEw|C5dtJZED9=0
z6iNUgFav@Zh{z;h$e46EjcX-aWR~jh&m~C;3j-)cGej*=<ZSBHtEwcKY^wjma7r2E
zhr1oeJkJ1JSOLdP$q#XX10`YI*KBFQmQ9T&X8}5STswb9^=S33<(XAKvX9%1dvng=
zRm!Ph`l}@NLK?~5AJhJSzt!}o-+!m``7+FfF)pD+XuWZ--`+dTOqpL-Dr{&vHj}Sw
zlFU31tYTvk7BP%WScI{KQU1C8X`<DC2a{#Ofuz7L+Z66J%B!ZtTGDM|irWaP)l`H;
zP!Nm>AJ`ZkX)eqDSpR+#VZV=`Jc~C~E#E`UN&76bNAY<d&>(I}AOtV&9g@nw*)$ky
zEz7KRn1N-Y+jA@^nRl$y16M%}HpQ{W-P|b-9z1s4)%SMmw4ZyN9p@_$#|<r<%)yYF
z8yM07w&);bkT4I{HslY7W5^gT(L3KCc;@djWWhoapm7>W%yK*tfU-M`7K=j_WEL#M
z1Wp2k%#p~8Bp4P(%!Lz|Zts!y<of$%!^063_qzwj$9>>P1Q5$G<cvT|t)!@wR2T~w
zjA4RZ;Mp)p!l<Ox<ii0SX|oKYJ@?dCzC}R$xjym8iI*Pw=Y2qYr+Dp`Z-XB$61A8Y
zOt4tfM2e);W)f=?nkz2F5vqbA3DQ(0lnZH4&T=Ja5{ojn$(3!JDKaW08OX$eQkxqY
z7<5U-{_l_MI6f9f@Kxt84>&N@kgXw)fMkHNz-pK}3kt>^9v&MELGkm0cDAT{-cmvD
zA3lRZ(L2m$`u3k#fvxh%Mm)EAeWE?#+u}P3nmc!M-gPOHljVH9qjrK&v8rnYM7`;G
zyysoWxBGYWtWIaZnT^r;rXC1>&idRR4u3oNm@gDtlUD;>SucsThNk>$KG$4N&@0_F
zfo8G0^Lx{~ceB1do!2!xL#wOo&91@s&y9T!Bip|OjeHf~-SfGyM&Z{LOcH8Y>TDkC
zRy*N>!T4JmI6?5heia=D*LC*%{;#)_Y0S~pN*q&=`JVfy*jsw!$K74bZfnlmzHK_0
zs<-Q}obLLm_U2>h&SM)>b7R-tD(o;i3{08bkGHw0nPek*)+kjM-C17G5C@KC0y8k?
zVZa0r?|t2}uUVFjew}CDo`|V0Ic?`;>(}kbBHALx16|%jId4|grHijUd!0C}sk_&~
z)#${=vaKrIh^W;-MQ3%oq!bT_pk5vaXt9*6(u=Kh3)hbCxP5uj)!#i@4Zh90bxE?(
z125%1F3@sa58}nalQRG_<V2@;S7^56EN^@_YL*QU=a#^SpK<WoNbwQ(r3iC)xT!|$
zNHYwdeApjA&uKpmZ-&?5!GkL)l*ME+VdaeI>3d7@XeJX048?{6=JT~xdC4{q_hUzF
zZsFcV4%iSAc<vQgjtGgO%Pz*?cZ0%QlLKR%s;q><XiXcio=4(50h8hY_&j^%W$mJS
ztn1TEai=P2w!+aiV7q16tTH0>`SZ^6#?be-zZa2!D}e+NUho2tOFk=qx%>CSDRoW#
zhhFX5m0O#2_3D3Z^KksMOS?Z(&nQ0Ud-vHTI-~X4mnt{iDxb0fWS=%M_0xVvW_`KU
zg89|YzUY#g2*5>+7$AZVgKOm5e|OzOz9OH@Q~HQqgQb$^#ZYiv+z4Vyu-T9^ONLKw
zh~CV&t{UgQYkMK>QdQJFKKUYY(K3n&FFGG>+H!jXyo%t@X`n4w@C-2k9F?M3Uy4$<
z7{Q(Sst9WaCZCw^a%E=_fm*;q@gmfyk8#l^l19|nOlD0^kkHqMNr2EHVN;BQVF6~z
zA`4&-PC;&Ob>s?<TttEx<sjiMf{v=)(6R~{qELqd!xF@ocd?hGfk~XLz|B?J>Ex4(
zG*X<`@9E_~v%JL<4HcNG7>P)PXjw^AtaO>rpLu?MZ!F^uS($bAJm2^6wm;9~L{gSm
zYfD#+XCgUNk&;dOt!roZ-~;i_@Zp^OlPbQvh8YU;+n!A6VMjkD%b8NAJ0S~&{*p<_
z`@e!&bqeGA_u7?tpSyAX-BhY5jV)AZMu94~-#%Zfr#{~|&wGAi!OB=1o`7K_vRf@n
zB_*_~l9YtWkrNvq;9t`<6HWSTKt)M16Ro7QP`eB}YKTaM=$hRmnFI)!MHGrGMFkNN
z_a%k_*+;YZ&F7~-yM_|(`+!~lLi%B5Os6dJ<kga=vOqKOXc8VC`|WE)kPQ0&t9hJ$
zKV$p}>rt6Y7IIBM#7vV?P)iLcM8jc9Qd(e&7b$6xY?97uL`BskmTIc0X(e&V@}OK7
z;i%v6QTH0OFo46$tzEZT=J&OIQdUZ`l9gpiD@kcew3L-CQp&PP2LD(4NWzs!k|_;T
zwBdqPDynFjR+3al?X`i5jmpTHy3{U($hRcPT2x#~X&|wrR8kzI2!Oe2=DAyzBT5x!
zU(Xlk*Ou8XXM=b6(fFf!o*Vsie$|@I!@^BI(Dp)00N*)Uy1Dcr51<#{e3vdao%Z*3
zefRk!lFd_+5mz*mC;9jD@96#f_vO%>_dX9fMx5#0?$>QF)zq^`q@ojSf0^cnW<;Oh
zEya}Gw#E=-7)UHc_^+@zv?%`5o5L^)g9cR$L-mtq_MhL{4|;pd3q3&X)I8@iB>0dF
z59#0^bK4VGKWq3F8>FPF7>GV85K;*sKd<?BE<<y;Z{Gfz>df<N(1SYeSGTV9eMw5n
zTPjthmfF(F)%SHSofXuQxOA4bq^oVDsc+EZrtV#Lcij(ECS9uymjP#NVabD|uHs=`
zQ?bL0jxdM;AP}1v$wtYmV{H{~>s?B^X?yy6v-tfGC=j2!a>${Va?c`Y<``fFNW!1(
z)c)q>&2y=SNLj|h!hIwI;%DAKllwnDeV>hg1E!IxDJq(1X-N2!<WUG%<Nf&6P(F$;
z$uEAdT8kWmD%#&y?bo+<>~|u4Q&uc$*+61JfF(6;|40mg!b<ZzauY|#HSfm>@s+kG
z#`<|)TKw~q#)#g%`S+^b@vqjeb?5JrNH9!kQ!r5*Ae96r2%sVgr}yg3*KoJ@-dWrJ
zKE=Me^RB&Xh)=Pa8p$xpFp(s%VAPb7K$Alx!z7YS5>isZAYfn#B$7~MlB&sTL7>|r
zWYwh7Qduh{NkO;bM$-Tc8b|_HnYS6RkmpEZG(ZfU-QB?M;Snh!K>*I~I=e-!3%hFM
zyRnrs5U}hMB$lk9WUDNSQpffA!|RVrz{)@{XW!U<@<}up0j~i5!#wiIy;WSJ&WLFE
zB$RigDCf2wWZ|RR-_^in{yt!_0g9qcXARMN(chiagPil){^<{uk^qSj1Vn2EX)ME1
zRt>g;YgPc({nHsY%*N)`7=v?jXu(B|xN5tuvmqI3(U~Mp<FaHk?`FK;i}fGSfl{iZ
zxOf#WTbqGyJ5r@^ARPVASH6DyeJdU7@}Q!MsG_kI5ABNqW|cHv{VVUo(2uBL4e6$Q
zAm2a$ue&Ow)wN%^StIXdRNNiSw>7%Tts*mRLQF~V`too0>jUB+#UC>GXuA?<D!bdV
zLv9mZ$P>_k@4DrffozU_p<=8=V;5QV`(LqV@N~VK*PhNg7hSD?G!jGLN>Z$nQq+=G
z$thH+R<G2^{%LDPbV*nyptcgZT}t998%k>hf`H-7hlR3%IUFo5y!_S&@5HF>zk0rJ
z%`biX`LlldIr&J{QYU=AlOQIkUJEEK%SFgp0K%9cJT!qIa@@q55+a&F+ejpasdy1q
zilBsOb#!WLTFSKsp`lG`rK1E<mYRnwPB6fbtYD<D8tu5j6cE%hVh7>d?mhLrm(H(y
z+cbK%@@>iPyR0gfnP8PMfwc|*5-0{liGa|;umVEBNER$p8yM(R;S?+g9F9qu9hoo(
zWU`E4hzQ9<NH#_gK}o<39ljGqY@d4fwuJNK+#sUwNqoY@F|@NqW~xjO)>H(h^g7fH
z7Jb_V=G*V1K8!wfPSWXBff2}J70AmGGB`?AwC5>8?FodXHC7RFE2N4M5G7R-f~<^%
z4q;>)Hr7RArV?Du4J?0U-u|RJzWx5c!!MzN5SguCJ3-Ti@5wK|Sz<4R4n~$RM1U78
z?w%BcOMUGN*cS)e>R$jeU9!)d3RDl!X8Y%WGd_Um*N@?TY$Vy;A8P`T6nA8yr@b={
z>dAy6u!B+#r2yXxK=xeG?|Z;{_q+P+4NvD>#}BEsLy%iS+HD=`5LC6ZrshpmaAiE+
z;%6VRJM8l3eT2IyfPQLkzi?_G@sCBTMx=s8U=viw8%(#h({a`masC^5tkJn&W*(DN
z+Mr0Imt1WGhXZtu9$nGSk#3X@-1^&J6O2q()%AV5%`M9sj6)5LA6Lr7qkGq8>HUmB
zna?X}f~M92ZEY$jlrZ{d)QNlbb`QHjdz!J%Ii$&~>4wGgr#UNjE<X2O9FD}XAC-YG
zU!XvOyYAt+2^!y6ID4c!T@_o!$ufNFipXc?rS|!^E-m$fl64^>CeuX~$T%Sf4~N6>
z@F4B{I$Eg;fWIHagY*=9r{uL?)%tG!)Xs~rKgUdGcVbABd|Z!Qe~We<)6atae|vS7
z&coFhjzwr$4;?r6-STa>n*R8|zOLRqcZTale1{<#ue0g*-QC}JcM0cpOwj^?Kxx+V
zSVNvw92eV|a*l<S@y?Yd2_`o?=nT6)(dnQ%6(|Bn-nnkI+%4kCyWHkZUUj3xeCGZ`
zY9x?NXrz5O+hZT1k3PgjPPc@X2q@H3w_)Q&Z3?L<oV912A8zfjNT8BQ6p9HXk)sPW
z`Yl&uEF-d{skAb6hhr$4nc0BmV8fmxz#k70?=AbU7jE<I<D)xO1Ji6Kf}N$b*t!n7
zNF%zb%B!>1<i%z?)N3$>y;3dU&Lt~19iaFv&Bxc87jz15r3KnD0Huo^K#uoS)?DFC
z*<DYPyntdjiSU6d&l0-)d;~jc#$K1Ya3NgyM!SpfzkAUGS*y1^+q5kcH+Vp?-!U!6
z?QeW4pGA@V7#}<{NL$ibEC`LkV5fE2>@BtfNM*H_<=e%egBbOmz&yr7D#XNM$W}}`
z8e!JDOzk3;G5T@1f0y0YZQqq!er@^V<^oa;p_v<s2;;~KB#=P_uHBv8vzNzw=IAm;
zrBz6)DOf7h0_^psykh*l-En@+Vf4#XEBUv)58?6BXG)SyfTBslkw|C)E9B~qMGDr+
zy1N*R6?Y(*Cp%jUZM+jinl{P8YAZ5e5Ft0m)3-Fu(R4CJ0HLbjyR*Q@=pWCA-drj0
zGXv<6mQXimIinLZD};%pwyLF(v{Q{{jWDZiV1`NDzz>ONl0iizvEc2KSS?8TKpRYu
z!39QJdAW=P1OPB4i4Ee^f?-kx91_ckt#e#4ysVRg0R(obd#>%wypXD`nVFIkFl!NV
zB0hb+Q_prjMaSH!k#9Y8HKCx!lQ~9Z=2(YHrP*Z?2H3b#<N5jP^Ud#G`Sj8*L^)GW
zO|;r5T~=i?D(uG8nic7Pz4z_=?)fXVs4IQp*ExBpeRTPIpU>>Y3Pc1}5|$JS2<n(&
zQaEHzFj7sn+CjqFWtW&5LO7ID3xPNjK@t>+INE`<iBbk3h_=8inUXTvf=1eLK_rqk
zBoQ=G4IpEPM$}=195JE_M6}Upuv!qPafHHn!D1NFaxcF4l)MFdJ{C01kF=OLd}n+P
z<$ZrO9oFv<y09CJEV1<3tG!%iAC`UbSxkKXzbjbl@3~5=<K4LO9Q%{(#eBL}k=c35
z-RD(~g9VR<h9HBV$GNw^chkP_j-9MK&*8hI6fi9fubTw?8%}`EGY&EvjsB_NKb8fK
zpqhG-WRb`nz1O1Qi6TM7V?^OUAl?F31*9U$K{hL<Nb4vPf$@43RJioKI6*kit}7BZ
zn-(DmhiQ({%!CkVHiKOgAeadR5b%ls)H`<@O!$OY@HA|v4<M>UwAtO8F<6lWhL|KE
zH8`;iOdA?>sAmE@tKJ>V26He6QIJzD2s=ZuHYjE9qB3jD#FlAKoFd~$kf5Y(OoXXK
zapF!8;6d}o2qr<Ggi~yXU47al?u2iw%RCr^x^3NMi{i5Y*?=KZ*LpVDsLRq&RRp%#
z2arv|AVtU$95O*wse%O%1R-F6TTB-Vh$`3(TV|4K^`3jKd%jHegTyj?iYky;qy!;I
zG(rL;6v7J$N)(!tK!|4kdco$irTFj8d%t(DI)|c2AdwIfASqVTUvSleV4^~rBMKyK
zCMlGawEMkE;Pc1L<@aIsN&N;+_NAY>E*r<Wfq0c1EBA&25$>(8ZetYvY(!OHsIZa=
z1b|Pg`S$yB@Pa?&8MrCc-NZK&#lKgnWhrZHrB=yglB}eZmA169RM*}{G9bw{wo0}z
zRzfYcrYUZ`HN3zN(^N`?35I$YVXW0wNAGSLaMe_ki%_k7df#^0UxS3{Q#()6AB9C2
z#Y90+R6{;<-rk*eM}HS)aL)YckFNUGBz-W$5k@eQs}z%J)hxEMR!J<Dx8kNrkk+D2
zTTyFUY@tE`#zH9-VuX9o#dlrY-{+SYb2B+uQwi?3A%>0KKp0MD8YII^;|0AH%e~A4
zq>wdT!c^}lHIS*tkl*j$yXSfNfTBe~Q4v*F>+^lQyyt&oZTlq6)_8hB2%{j#qQ+0i
z#2BKmWJrRHL-)_jY?Vp+Tq<!j>4kzaetB@%VrvhyZ(e2vohm(QRoN<z{Qm9hdQ|-g
zY9fLnf{HAP5sGA5G;B#m7+5HzB7mfzUN1fWJ^noN;a|D4T>0W^yx#pGucRP~h$;+K
zV;C%AF@{wDlzC@CtoZ#I8G&1c7l0rDUJPR6wT{o)10Tk`J))@-@VQ=O$s~S@GY>9Q
zy;W~M#t13`EMmb_Rwj)1-z)cQzTU%}<<AwE?b|6}eH2(MQ6@<fVOKa{NPhPR$F@!E
zzdY37f-&eopss_2h+Mcpqn>%7$jyHFl|@2q1|H-*Lc|RH>Y@S)#8{|^DSZ9*@4Bkp
zmAyLql)U*ARa9a#w05V~U|HvxF#S{A)S`>RPuiN<?V4s~My^g94*k5=d|Aj><4OvO
zqA^w>v)y&w`TJh<=|@Yg@~b(n?^i0f@MKj+ZlT01#*6KVW1^ukne{?+5UkgX^WG)g
zJ-wcL@kS)HqY)^em{MR#OhN{tz?aY0uIu9de=jw9`n>skeM<Ri)%LUq7$ZrQMMYSP
z2n@kFCU;tnZnkf=G-XdaEbVK%h8meQfn^N`?i}~M-(exWmoU}p^&8IlKD*J%&nMzs
zRxAWWUU&C6Q|E?zt`pmJ-#rNcpF)HY6p#p->0#$<R|4$m`a*)Z==$0+8QCbS(0o=9
z(oT0}ocr86mjKFaxf=B}>qV<X#zrXKQ-aFCVwH@um=Lsta9M(3%qAFdwm?G55CV}C
zreG>V5gzk!sU_cbTh{kQN_Wr4YuNjP;-Nz&5r_y2EUHt2gDS|-z(6>TWjU8B7-3}w
z2@OjIIvWkv3Jxo43j)Pb4=KbVa;7B$hGM`ZY-Lg6JxR~QgdVqh+uuNY=f3E?xZYgU
zyb~D=Gg{FC^#Y<S2Foh0Nvp2Yw}jokY<c&5@#jaQcHdPpBI{HkOdu}RI7ozLMTCmV
z5Tz}ZSqoFDnk<Y;P^^ljH6Y}$V=**tcJ0l`mZH@ajdHnIv>J<D+B#giMctChL@Nz`
zcd2#sGc;8i#Nn~Jsz6qG4syR{wFKqi=*ECWOZBsUbGt^LH=RHXBi<DEYf8)W)C(RI
zo)NUlQz09H%L6*F+p31fSB8RB8qOJ;nVQPT$0I;Yl4q<~u05^t6fF%S%frBNPeotz
z?8<{oDpB}LHdVtO(^?=|_s?^_dTX^GxUfFCoDJ};K;7TfK5ruE7%s(WdiA2>bzMID
zyR>}nq@Al1(c80@E~5LS>g(Qdaw_-hzWYo2c(<GK4Cu~zwf5-xzNGos+xo}V256xJ
zgXTGnE9u7$xp`f^^>&++to>`ZE1%Qu`-gXTbH6+5pFP`pu3X#Rsa06kX1>9lk9&K0
z{lQAB@~>paRhH>)>hs0E7oKmYj%&*2nW+tgNJN52G6&vzP#P&!4AU+O){OP@HC2_?
zg9M)35Orp2=W8i!?_qVWRi9Dh9@(Z94)xrv^cEYK?yD}H%&4zlYH@WQayuFbun^I-
zFcD#6J&px^x{J=`){Dy5!n3~D(O8em>pq?fJyBxr9ku{K)aQE9)K3e$>Ka0n#_Jpe
z_lK7G*<yv*?QBxPD^?ELCiJ_0x;Vi~>9N!lB02`S*Sd$k3mC?G$6@l^*txeKkINLy
z%>YIMMi5AmSTaTgoEz=kU8kW!XqpdpX)2L0A{iiUrkPZ7?J263qvrcs>3OXi+F98w
zl1}oPtBR>gs@kQY%lPGiAL2gSuKX_U68fsbud?VYDu|yL_+xS?AB@Q+;PBk2ACnR$
zK@mqKfva2Ur(Kx$S!LDTYe~9PPDykxpW@Oe;REug1@I4-z0E9E%}GY~G#Xb$UvO@%
zM4Jh+rnI#W0bZE>;j*q3eUA(t^wu|T*Wr^Je)}v2#6Vj^uzkzomOZ<gpV^=h>aT=8
z6mf$d%Am%wXwnTHJ5&ZmlZK9D%yLAeh)_r(rdw<fNiS=qnB&nAEGEiWibWKPR0z=T
zEKlEs>ec$*<ypAYTYR7EIv#N!Y`mGzKDzmLJ5#E0tm^wg)w{PPN~`1DxP_(n)_WZ5
zy}gf5XI^mH>#6k%9}E~ULGbuN!9S08Jo~=qWADBN+ICo8@522@o??6egW~2lNRh|(
zo8zjIf%z4jPH2HMqpG^ugL*DVW@kw6f*N7eRQZ7)$@=T=`_ig?3_~ZrsY0QemSe4e
zw`9YF5J4w=#0$e*8iLTpA^9M1fl_HSwfL|hy!ot=!Pb&QB%;U&y-cHo^g)<LPPawk
zy1UCr8kl>#2N5a4fVmxOPOfZBE0aq^m6*f`>Ci-s7n}}eU<x3JI@qFdWuXrt7Ra}E
z(PPvXxesg9GevQ|a%sDUg1n@`j|NHIrs!#kC1U%?Ur_Uc@GeNSu{Tbjq870ujVu_O
zb(^Boda$`FZ<^+6dFe)cL&0MeKoSTbl5h}kj<8<qY5K-AAim|^xc$BFW{b_&PGR9E
z1cVp@AR{6$B-?%L8z6?pw5Xzr6b?$8{V|1uAbVXp;R&3*M|<-Q-*(2e?a~kz>dvub
z0>gFeL49F<>(MEc?>-6@g2;%i@!aR_b6V^B(<*sbZ%;bP)ktX%Nk0;i5oFxeN!*9o
zf%~){i?}AuYKo%SNI$3pddnR-&Cl5(x3}_Z?$-?ofe6tXC5$1knlwbqKu~-6>&Ne`
z;co9mwRgSvbc7F~G$O@S6;x6xD;6wSAaM_RRH>ggEbU3?Nerm@c1;XRsqU=vRjC8y
zydqslLLR<C1N$gF_sX~T%BsOYRU$*Id$N2L{d>z*d71=rf&SCrNFabWEVipFEHim~
zqRnCZN0$!uq8$qZ<dU}UU2mnM@<U9dgCX_n&V1MF=|%R6{Q0Z-Zl)&KdO{sOixfpk
z4oEV-_so_Ekt9uW%T@t;tDdz#XXCj8lYfriuK6!@+pX&b`#`G@SfYKu#`DYc_Vbyo
z8$BRzb?-Z_>pcLNd@3TqoP7W*mK24II~YEJL2SLH9<x4Zsv#!&9nNS8@!n{^tD(Mo
z^P)vEn?$jpfX11KNhAgcQ6gY~6;N2IUS_k~)^pt#&3c=wqC{teHu>Leu$e#!lNkvk
zD4+(}j6F<$Mi->Pgkhrom#AK$Mb%Hge&B|)r!}B0xF+}epGmQc0YqWh-`{!O@6LPJ
zUr%h=d@8F{rN^#2)gFW=!H9_f_9pea0;#DwFyC6gYJQ#Bb3PB=YQ6CF{6dt7#bAhv
zsw`;cSMJ~3(bB0d{40ods5rxqf!S*Nu9FD}h^_hR@6XHgd9PUjUrXNdN_Q@#^YlL0
zZ<X6Ot#9e_DHyC#6%hya96921J~Pd1&iCIvGvXpKhCh!yyX`~hT!3;Jn&VI$sOqME
zf5D8t;Xx$o*N8uihD7i)a<vo$Q;%`r6-+2DC*K+!dydn2=Toga#}nH7p8L`-&befv
zOT*tno*r$k@4e(c@i_<Qh~eVi-*?0|!GYnC3Yr#Fu%s+jAq7E#L2d6I@KW1*IX-^A
zkhh83-*v&lA_+NIv`nOfLw2?lSOvla$_Sy#vjUb(gp%?~-~kvcEQCRFIfzuzro}DQ
zl(5Zc(RrbkUQtDhf(U|Pd81P^R~4G7XkcS5MU2(ex;xi={DOETT`0I&2%920m>Vca
z5v-#^LhLpZPD%zwMa>qg5F}GTG|d?i9Ho`P4wR@THWZS{NoPq2=QL6z4XhxjNhOt0
zT3s2XM<rsS{0xQ(de@X{ziV5cxpGaUq11<+Y@QXTC1i%&@E!!NJKubpKry4q65L0A
zX>V@)t~c4Wn_at+IH;ckW0l{hhWkvNGr@18p@Sy7w$}&+2Ip2|lDhJ{BcwyE(FYJb
z2HNez##ndU4>?t1sH|P98@JVt7w68;bLZv2z4y|MqwiVf^KY4Lgf!pdQfPeFrwFT}
z#T1zRCBALs<OBSjNAtZxG~h9F`pe@#R!1M+T9LlM_wUXe_anskNmw1M%gqq!7QW8k
zr_ven$?5c?Tc|iD_OK~2X&w4(6IPJi_p35i#`U$js%A>8Cw5pfrG)!zZXn7tb(zmU
zNc7QveRC|uKTYe=ci(iszbNIOm#^-6sr)n#rDUS3OY#dp6h7AE*ObXgu2(%paHD*Y
z=09%wzka@J0y8|nO*<0igV+1YRg9yWNlj|7nD<;?wnO)Ds@>Zxhjwh~^msKTLwkdD
zzYO{O2t)3C7o$b;Qsb1Z?pf!$)4WR2Qm&;UHuFwm*rCbMcgH?=_h~Aov4D+OvYwdi
z6V@)Rn%f-mi6r5nq#;uB;*0E(b=QL3&i4l>ZRSPaC9M%iFRatd?a6;Xx4!1v`TTw=
zyWDGzSmJn^+&B&zs|AZ#pVvYcTUT3ie)>t@ePEJNED9ZyX!Bop=EYOq@uT&=Tf@iU
zYmr7amdg`T=|5|0j3Oemb|Akc@x(%uwA__>p(L2}EcmUR8)u?uBTFx1&_^E~=~z*N
znxOBf{QUKnUiSK{+K&GBy}jLSgw4OVcWjWEwi<=DsUj#Sn<Qxt1);K%>SgI1b#2u}
zo=LJW7=V!wf~vAevLq21CD#k(7r%WrZ0=YqduY_Z4TIJ@qriOVo72g9i>z@?dsHs(
zCC!(J&psw4i;mJmL;yOruCr8vv=IjaA<Gq*4A9-cvCxpL-njA3)lP~Q!+yKT9JF^)
zo8>p_;w66d>7g>CeAwle0K!1d*zR=PUV3(bcmxn7-%VH^UjxWrXCt*0$X6$n4Ibq1
zHMWJre%Z-;nAc|&Jdg-5A^0(GXKu9*Il%8US93#=4Zt`AKw`mU1&IWJkywZ@5Dp`v
z?z-LGhvBe>-aI5a*gi!kzI(bj4}%m@872w?3o_P#5?kGBt1mFJLOe7_Qd|as1R$~6
zOjAm1iU@HOzc(Cs_k7ZFFAv$ldeUp(ZtGpi#si3XW8-+(4ijkfIPi;l;M<tpjda*d
zD71BB(@;2cq;kh*jg$@G){T|5O^<ffVTQtNq-BJgH_kOlFiuG<WnU~YtE^1pWmBO`
zG)a^?B%^_&W<c0Pgp#hb(^ptT0JrDq+;a|oX}Yctk?BzIp^Y+=5K~|T5X@UR0W@q9
z?ADt@27(6?aSQ_x1ZHKjw3-+o&?OrZNe2dqNjH5uhf-E%Q$t!fP@F3l3L%56s;mP@
zj`z51zVi;Fha14A5Z1`SdZp4}0p*DxK|vIW0T6*(kN8A3)|6t@scE<aU?2=Rm8MLL
z3eplJm`s^dYQaqiGU{?jOr-~m8x)a;7&0ea5G7k_$t98#Ew<StCR;@oM@+(Gvb9@y
z?3IH>CfFH>%xSjbSRpYiXjKJ5Qc^?`AqXg5JKGospY9v)wt{=}9!KpN_61d4_iIPX
zyE?An;)eIg=igT>p_iOBkoMbGdtZH9eEX*6WZgVFE1zD~d~$u~HP5y_)w`^(ui^CD
zI2e#<(T+v*lb_N~gS7qGimvab&voy#5j{a#%mXs7-FKODatS4uTB)Y+VW}2XM(*<L
z2RFBN!S_cz5({XyiBl~f8D$LCv^ww!t*t<+Z~)CxsK^)tIgAJABJ!-RB^v#{@m6(O
z#jk1x$LT02k(np8@yb~50OVevnnSsj4?=a(lgwTVcM29DP^aFxd`6NUFHW-QMA+*u
zF-`QeM?rxRq^dc9*shXz)4&0M?OO$pGcQC%OHgD1ouO09MPO;Yb>KrUm>TG@sIUz6
zZ$ZJ5B5CE&;5e(Zb)88KcY$Ogj#Px+^<)Bux_0%d1GeDA3xNf=GAh90_~>XOg;vrf
zkTzG+1bBpS>R&!s0|h+@alT9LOCW~DB#BXDVv;CG49gG^5d=h61E&ppUGlHo?)x}S
zce>Wkp%qq0NKj^E&`B>letli>V0udS&2p!SIdy>ZbQF4Od+#KLTkoFx%KL)F5fKzG
zRPWx_rXA6DqW^1teS5D@WRvj06_Q+(euScl-#*b<@*HQ~`n~#)1VlbQ12GE?j^YGD
z3$w+CYir*3;0PoTK|cO&krHX%epv=*z(H$vP{<z$h^G(9K1?x&l&Y>2RTOD7Ym+cM
zXFh`c%G|x5el`e-F+9`GyUzE6?#@k5rf<6IR#!albbPACssN@*&e?dwu`xPjLqNkB
z?(}b^wU?6p)!*032}Mkls5T_hQIyF^NwX|yfdm(?HyW+>T+@5-{Y&Z?)Z&OB5vouK
z`iOPd`}x|5A`lQ|m<b>r0v^blv#rf$rO6wi$`5e%;g6f32S&PazjfUDTNF_Qixvos
zPqp^=eO_#6*!%7KepL!_7MW=%p8}|&iXzSwQIHFk8_&{0A6-H~G69}?-J!715_ZZ*
zAXefXunw0f_c&>zwanITd%YUMFX#$_u|z~fR&VX=%bc#>yv<`;hKt~x2znlhz(ud(
zzE_RBM&^E9Z^pjs*IL}EJU0$+$Y0Y|NgZ<Js`A6{ej>yeh@z;+^>?3n)6E;xj*Y(h
za_0{@m0J81ii#thvK#ibbu?~{GhFt<9{H9j(|%dlc}4rG)jOzicSqPU5-2K-2r+~x
z5{Z^Efr^SEDyqrvy5;NR4K<wXz34nd`s&_#`nKEe!Bor`P{<650DHN1ouFCP6orSr
z{9!5tF`c<+Kbj-^+BfMcx%jWx$b%Lm1rdx({hFhlXD=>(4VZNHaRnHtq%%}Y7o`1V
zr1R2g^8-gJP93Q}OZ~f^cF&XjA<S(sgCLtIjpUhPv0OlanQxTvPhMAdyS&KyC3|#l
zYooqMA`}>?C{*Y`S7Z!~XB{{jhXa--venDGL{YsE(RkLKU1$wlRw}WNnD2YW4*Tnj
zdLIvM4mWQXs~fQ+N23MKU<yUPLw)zx!O84<=#Fe_-s~Rmr*JHAsFAdMefNM*kC8#(
z8peyb1CC$`G01KXPdppq^RE^6!M*QaZQI*Cz;xITTb%K?$*s}yW5jU#(2csXOf`nB
zz?VcFXv`)uh!j&Csf+=UAQoIP&;Ybs1_sCwEKZB>zR|*2_Y!o!CPoH`78zm7nnFPq
zOt_|%qM2N<P0;2xM3ToU?bX*eaGET#DAu#G>dUiJg*2s6RN@rGlBN{WNTTa0Q$m$e
zlBGz!&1>-;d(eS)bj}ssCiP$#!&Fx;b|*7u9zrdBT)yUZhJ*diHa<#@Ab$8Qo}2fn
z_fhWw;<nM3v^aQxXt?jlq}%+{^)rZ>A*&RNJVYN5=vu0u4|}^V#&H+zn>2k*_WS~_
z`qJ^QhK~RS6a7>4*SjcuK0ke;;-U5H+HY$GF=mv!H<wl4PoEbU`l3gj-Mib%y{q~J
zMN)TUjDJn~ky#C6%XO7qx16?pv$*ERY6q;Xqxafs#n5aV)aWzc5KKLToX;%DnzUy@
zyLsdbO0$LQF6mufK;{pE!Sgqp+ncZJ-0ak*YM*?;UU2I8@7=uRoVi>uJg&|9+kbBE
z?)>1`F}2<GPqJrj{r7PwX9OrK9nS2e`nT$*y<DZNsy-xNJg)0ZLUsZ`NfJbnl6PKt
z$IR2+T`+;p7^@5=oT;^0qHPf*nZB-8GW2xIP@UHtmYlXYL87zM42!PuAy2vF<_E*X
zwnAWW0t1X__FtEt(r?DTrEZ<y4Ht)a0}l-4mtK##!)Remt27^;j8iWKb`189C!=3C
z9V1TKN1mCzb>9jj1nz7LbXGXv(aytjz7SZ7S+x&ZI4rCzmMp=PWf?H0P4Qlo^KE+G
zQ&w3*hSLkK$l#2E7^U0WZMcKB2nYnznbz0Dq}7veETxv~tgWeCFPqi3mEJ|_@{(B*
zQ*b!=kK#TfJTO8Kf=A)^-=|SqYUUMD4H>X#A$-`<CdCm{6AI?3sZ_QBcBfS(oeZ(r
zS3_7b#WOcmS&GC#R!C^TqK7oJPAjpoR7XKXg&IVyRhq2KFEncv1lb6t9!nZ-2nYbs
zKys`tGe8&}jBJiR7)n_3r!V0cJRTDsJK?;jXcMRN#;cw}6+}cuSX~Z)A-v4C?_|qc
zs=b$)m{6*&lA38-C`LftEZ+N3O0XvUU4-T0Q&b4`ZjuVv?NbFC#;MTOo>5(13X;5<
z%S(Avda_XEmVnVRG*QN&O^^Z(0D5d?@^kM!-CR)!enVYafZu?2{(cn0i^5SxiqNG5
zCge0>MA*U_vg(-l$ACfG<McTD<&U=F6N348<AIg~6fyhXf|rjN4|o{pei|I(2S!t2
zRAHgPP3737UD&e3T+9{t4+8*b6E`wn8xiBcfuRF1Fv5xqFuT>NI5ss3LHXPj8;^G3
z61V}L3g3(3^5Muofc?Q-7_Gu3alz?eggr}o9wR0J6X;+M9z3+VR83kGOM`&~6J$Gx
zQlLD3K>R?034sJV+$nLk--iSsA_yReC*%x3p9pv&OR=~7>GK)ePh`8j60YujpMA(@
z3?}#3{t?Pt@YNc$MQEz~rMzDrw5ck%=Wg!q{P;Y`U>ptGpe|3Vwdwb7PQKUjcR6C@
z7KH`Dqv4)?7t(h9-Os+?y0ZptRI?eK@S``CHCd0PrHF)M7?B;6Ya(KTL=a6yvE)$S
zh+V$o$aRxo{D;5iMGzi;LymrY=b=I%rZ{$#U{>fu1>r`5P8m2tlK?gGd?WV=>5wkn
zkP->jBM!HoFJmN{3KI-AOB$iJWsVXBLfejkfD)Q+=x(&ryfKDWt4R@~cuW;lRX`Xu
zxw#QrVkD7DAizeUy~r>#e$j|N!{o*p7reCXZ%JSw4sNLsq#Oqr1U;%7NpS}w4hVg;
zHlj!or8I#W0?s?i_9wJ8m@?O*R>>g;f)NVftx?p&f(Il}W;hI4fI`?uo{4}CA+g*o
zy%LvmRTc}aiOq<XKtV`wXe`VLpuq!NhUN&YjJ*X|TuHDfj0bnO3@{KF+?~Z8g1fuB
zOBQ#_z~B&E26q`CcyRY&kOYFeB_Y}S$nM_z-}~PGzVFrabk(V@u0CCL`pop#=X9ar
zYCB+qvW)hlJ6edz6cZw>#^tOr=prj)FN~e6@S~(lfc1dn_ZWldCEmOnVlBPH8~_FC
zP5<L$d?c)cHnB#g-E7|A_m|N-BAU;A#UvKdg2R)etQZ@V2|6N+$fV+8SR;Cbv<vU$
zo<F&F(Z9QSRnl`wFUloefa@KOtZdwEjV7k$88z5;r6bg$arm;M6hK~<6^N$!EU~$>
z&N_Yj<lJwt%k>vIYZ7MSoYtS1o(e=c`vLEMjOa?BPUeUk>yPGQLHvT-rFf3!+mFWR
zeujY9No~=z(PYqUT5Lbk7xgrSuT4YGu3+=UN2^Z*EyUC+^oWPUrGbjsFyXI({Iec*
zlRMj-RAE1weUI{e*?YewP_A(RWfZ~eY@H6$snpoKEz%gH&mJDO1ETdGKLkrA0+`5>
zO2&*p&=v~+H}Ttt=P&ct$N?FNTH%r~%DMS@sk{!LFzV1*sjP_IYpXy}<44cW?`>Wd
zl<M`3;&qnS)Bd{jd|P#z_N&4sp(G)k02E@kkS#C%ri*oX*Q*7Mh?3E5pH7d<%D1}X
zWMs27_9MStYxKE{g1mN=6p&B_km1W;_a~}kuT^RJt8-VHlhE?~wk4Hjxl=_(D6bwe
zrNyzB#>(n1d*WxGkqD2g{m2eETnIL(%|Dmaq7?paW=OQgTl_Lc-YP0#)PVm_`?Ii*
zEZ;xHkM?#Rq4A2m#%$3~8u!R2{QA*TraT%aI0hm;^-A2U6*HcFF*f;4KK7Faz1`$|
z)ei+?8#c^ZDt>vRnPGXmR2GyamMKQeBq+)!?ne0j`i+U8MWD&$QCG;1ttJjdc`9<1
zoO#bYDNu?msT6~ud?`eiM9kw!D0qgSX2Es9_~L5U|06-9K9Rm6hr-CG*{7@?=y4aK
zI6Jhh8oRE%)3M^iTX|ce%yIfHuEy$*E|d;6H8~82v98Q&e0@ITjvgc&u-31KagED+
z`5SgQa~G=5mvw}SfT)B)8Nut>Z*Gs0q9)Kj_H!HTdbz6wns~gCE{@hJ!{}n0#l@N6
zf^-3YVy!=^ULHOYcy+dz$1WCRd9X9`F*#u<h15{#kMR0kyx=3(T{^Gw0phpvk+&`K
zRye4iqwl*diy^g^?XDMYob?5{WL9~B96h~HxH+4Sd?^pHd&X{}IX))YKDislPu)8M
zUFeh8zUg!h&uO=+p)1j0p`XIO!CreWA#OvX1TFm2<D>0#tTF~8IVhuvSQM&66&kQL
zVsOx~gqg^r2z6FD<v>ZFvmy?iO=AmF^2wM$><lwRj56R&X_j@iq-JRV;UEJKD5zBW
zB{bt=T5{Js0xbB{J$6Nx-upl!$y$7g1Rb2z@UKUH6Q@2=ueYs)?AB*zFH)@RfGLlq
zx0GOKhl7V!3gC%BZ%ARTxzJkU9Pu!ApN@(le`7RnyP3O5Bt4Q<NYYU?o+;*5r^8?b
zF_)DcM#IA*0@Q*F>(N+K4jgT~SOJk7nCFu^b8RjR@;W0ZS!hm)+QZ4oq6sG-W@SkK
zRFJRh37S!#%w<z2W+K*7EoF4bbZ}ZF1?Mkp+A$H;w$HwAshZHhQy<qG2am4+u;r^p
zla^VlNaR#nI&EfKBXt~@h$s_TUDVV!*4UMos8SY7w1K*8RIOV{I%VovvXz;94pR<z
zV0GLUTUBC)_Uy{C#q1VA&WaVI`jwUjwoa97A<lAAa8^~Nn!uE;O;&2AiIYOYT1B27
zc{zjK=tQ$Ka1&b{Jnp2PWfR3WV*`q_b2dq3%&X#OjmqX@NyryasN@&W(cxw5Wam_0
zDOZ)ZuPIxkv76NHV4ULBWt`GuVllE?1mn7}lToq|YvZc0$+!(BQnxN8C9zCql^N@D
zD3egKC1nz4+mjj#DUPdP0aJ!mGc~FbO01S@5|s7b`EB(o7F_JvRG~UTaB}s{c4}g{
zF}tdY+mrx{UMe&7nEbNrM9pFe313#S3Q@8e$9oOHhR&o-OREhhPi@skv_dj-Dv=T9
zSf0_6b}Ddqql(ly+rB16aZxo3x7LmvMOTfJav^TXMS!6eII4mBzD2R3T%DM)GWI<y
zu~U^$ruwo_lyfW_kB)OLgaN{<QRSiz)^;+IR(MaSAaD8fXW-4@)t^WBw5`+P&;CwJ
z*;+jGBzTsbbdAPd`=DR>v*aoqdK~^<%oKfb<T!LOQWL{8{^6}27pse3jC!kCD>;qo
zP+fy((MW4#s+|vTiWAM3E~-WsH6CSl24?hC!TF67oVr4=5BlTi@N<G?Q(DAYKI<yJ
z8Ls^t<}HPoNo()i*Opmc@At#))&Yk}mt*|V;qiF_zqs)S=?2#e=~~R`X>|}c7m^)>
z#5Z_kd`OSu*QamwQ+Ge?yh04LS@187C<U>gJ#Hu=Y)3Ut`{D6z^>59Hd`#}F+}CUy
zsc9Rmi+j65T}8CS2qi9oLMYHiEcNTjvvU2wUX~pVb|nUkOGnb;hK_7@A)o!X9=39d
zx%bY9)#g$5(C|d5>Sp0J#mIN4UG>l;nzk$vy;8$a6Fkl^E24A<1bgkm-oQPIwO{MQ
zt6_suc%LUv5USs)Z?4Pjm|cJKJU*@Tto-s9A2ZmXZsJAiW?XRw?`p$-1qEW@gZZA1
z;1%1pe<_PXQ^Ja{S))l&yuQWCCv0|miB&}hPn%sF$??dHoy{|@2?*$G-==SKc6=9F
z<qBmHqYy88S2=DSPfOlvNgQFTFmGh-%#~@nJl`a)H_QD@oZsVDz|~vBDz(MgfQrV}
z?B&gPO!?(0^Juw>xC^67g!4SFW-R(9c(;K=k_w-`Nt?bv?(w4tp~3O>Vwd%wni+JF
z-a97&XK%3EeY-EzZ{$?UNT?s|a(LeQJq{FJHQY2zHLujwq9c&2C0$0+;`-`X5C#uN
z4qTI+u71>ux{a3_lYaOq0^#~=s#9YflX>QuUHF1S4^JrMxKdh=mA#=p$8KJsAQ*@`
zU6ESKHaf%=`?B3J=)qr&T>-;EA-1JTCt}S6d3%~2+OA7}iGFrEm4#lY^<`3Cx?!X1
z*p-;TPVkp6Ulh{K4C*V0C#%0H_3@ta_l9lv)fJ&%3ufXYIbCL-&#>2hvNn2JM(l{9
zA+dyc3Zm-ZfD33lwDbw5;R<I=T;VZN?^B>pBc&Asb`T-tvfH<4hIkdgzkykW+Pv4(
z>=0masP7BG4@fdxO_Jf5jV82{F+FJ^%zxEF$k)X+h?n8S6~aXb<7z4_;(y04KPg!b
zrWj!M@EUvg!>*nav8E{jEA#YaY`Ag^C~?;!pK35O>v8iad>iEA^Fvzf3QIh+4L=5j
zDYXu%TE$k}$KtLB($j6S=QQE)ETSjrS-3;Vt$8NH#ti(DBCyP|v{R~H;1EZv@`dqU
zLh-dVeVsH8&Zd$_NALKdN5A)D0ip+z6zVg(E^?IBW$SAK-`DM-CNL9{sr1%=4hk}V
za-*gU?db~q<S8tyB+_^|!6PW?604TqdpY%~XVQarb>uxfmd#$3R>r8Ut~J);9$!m8
z$GqM7n<dp5@QhC-@Nly%kX|w(=={eo^(IgYT5m3{YN+5H?nQjg>4l`AL%GgUt-dje
zzX}Rlz}S}}VZVNAOfP%Y=^WTLbFf6YMvhlITTEzI(97Eme=tyr;vYH%6qs9Ow?N0>
zIT=Czrbd)jWi}Q=GbTl$ak0m_<8584{+}tQXAgW~5_aT5TCQ)MKU$jSzHT^7N7gYo
zblbmJ<77)FsJae46;{4T3UAtOcjXpxdp@Od$Y~F$tKq$FUwXJ|L%u34_%dd7RCG9%
z9LD;1fD0G(<n<W?rESQb<)HSr=^)X@s0&(a&CP<NK1z;G<?Nr%5~j%-B>D?{6$b|z
zooHOxgcRZC%4`#9prk~5m`CwPvEk5>!mgiqo1OY0^;RwH%f2K}wOs)ECqkrqDf*E;
z|6TpyjH_K0Pd0wg9cZR(%>b-2T9n8z3Rb@@(bx&zH(M;{aPiCxYevdYTYYUjuMG;t
zWF{W<MA}F7avCU9c}G>?Oz{>7<1|;lx%wj%k*&B1gXoISx8_j9qoGO5vecwe==&3+
zLBEE!U(lcAm;nkp(t}$EZ%>qhJyIWCB^7t>i~`zvpM{HJ__lDWfb(o&og$xVVMGXX
z{Q91%)hmv53|vEYOnKisAO5^sx&ev?m&A85fE!GyieHsDIuB25qn_39ufAsAQT#_2
zy3cr@r9KAm+TB4gQpZsd!qE%2(_uV1{<gX0S9sV4hPo2P!jZ|#K5voWw)tP5km~eB
z*C~}N)s)3JE<KucQPZ2qbOdrZ>RYu4KwfMzGVGT-`Q*6QVoklTrp~si@ccaSrSe=`
zF~<h#%oO!crngzS{B7NL<)Xc2<~@DnU#m35_e%%BEqY{!M3>e(%MIU|_EZi~R<mM8
zbCb}LmmXc=Qf6G2@o4sJ6W(l#ZjBH<;EONI43p9n1vUwXWXfTlt0|P9jt9}+QBDoD
zN)AzG-y^x7pqj|QpZas;dRIdOp=JA83&vHBhVCD&OCpPUJ;rzXwrb~Mnnz;3mvFZ_
z_Fr^C-DVL5a5I&*80}7;rFL;)IfR7hj#wt<DnDpufP>PbaC+04Ak<gCKQQ18=*kUB
z<H=gwV&r5r%#Sc}0^%-)MNtS*>YI>@L~beJ!ywaxq|YC6I&>-fr0EbwonBM|yC0U_
zT7#ck-r7)mVmvKN&C1JqZu<u_ctARP=tqX*)eFnV{En?~GFqfVWU(UsLxv!|#eHYf
zhk+(~o8=;p7m@Z?bTl>CB@D0)ledUVG3SN80o#t5z@=`ELjE*MhEn#61<72D&#rW~
zdKd+LYs;PuU!A%YEhJWn+6L&>7dExLsa|!jJDOswdkksPHqJhl=<ltDro*!|$ZhPg
z8|NkTUZSAyTsl8FIQXS?#T`_?(r(7XV~Y?yGNGhYw}lL6WmCMT*i><gXoNCulK;xz
zrVS8010BxGt0QW2uh>y3!j2*^+|7&jtY(ydTo8|daCfK^;)Qyzvtt8_`|WYb^7@1l
zVNV9;^Bjm-#^NXXV)_C4BMmc2j6Zz)U1=!C0at-|4|JD{JoGKU%BYO~4C9W$BpRBS
z`$8Ri^d(R+N@3tyKj?TUXSIiW&^GAhFPc?pmZg}r%qBAVkG!(?fs@O(^z^Mw4M6{%
z<C^7bApJ$<Ug{U}Bgn1m$b$P+aBv7ARH<WKYHq*hv`4auvO$h~hDqfXBi6cweRSb-
zPQX{}{tI3MkNkjdp=+RH0o=>@HySrKSUqi3$K00j0%B#Kgyq7EqP;Y!qMe`AnkBCH
zIFh~X#7<}&*X}K}zFH8f*LbZEkS`3s`Cv2snYcXI0Dpv+0(Q<mf{Y>bRXUin5+#?*
zB^V|cJRcl1@6PVApdk=qW%cXC<~aKSx7c{$_?o0KVaUfEgS+0}`*c`_HLxODps%5R
zSDNL3B)q@$+nSV2id@qarJu|BWN@bFxeXr5XnIa)tPRE<V^fv0p613i9bTW9aCu{B
zPJEZI+sVGX&rMGwa;SJUX%(t4%iQj(kwImqIXXyPXh^P9^0NDdkz)OU=Hq!#?_y6N
zVo1>3;{%TH4puJjwPp*nZhEk-l#T?6V8)V;;$7ful<xE8KrbH45Oa8+4Eb__x+{jc
z$V8jtpf9WMv2e^5DJ@z;4#=*LYG6OTaPL~Tk)F=n&o%XiaT@Lz5VaK?n!o+9uG8YU
zoq0*w#NX%zFBDBgZuqs!>&;z(n2+flAPAAEB|{FXxgyaHBwi;e3r?FBT$uwj-vp)J
zypL#1L%MZ>8wW;e<HT+DHIkrX4#Pl`O#YbUB6~wdEpnlLahsH11A7yK2g&j^^{}-2
z-4lW(hmsZqA}`fMKNxSGnl1;74n|yBjBv{oAkUI`(bKZlA%@-=h@8k2-kfsWy9O3r
zz_LZC(>C^_`xpp(Zu{LlraqrL;M?KtVD2_y6hqS5V%!h4rb>(V&EeA`X9RDn>pnzo
z1az1YSxS!NrrM>vc8?3VTFNHAg1MW(|4dt3ZRq+Qg!BSB5x?_)K^YnFLQzG$Wd9dH
z21fiYQ6^Ra##uT1rjU?`|FZ`1Z$Lr@ys-Zp5dT9X=l;ezkqm&}EjT!rApHhpz)SX`
z<39lz@SoKGhX2*_Ke@jv62E-@1+<74g0$qnsr$F!{|RB(fmHziPm;+0h@nOPgOUCP
z<o|j2H}}8J?O&Pyj;O#dmWTnX0RK)em0y~Fk;ibb`tMTz(9}*k;1^e6SRn%={^9(S
z|E(VxfP@zD+Y<j9{NqTfh!@i%1JELn{(%?bCH)I%k%0fB+V3KC)tAQd|5iX+$@;gj
z!+$mKUj{}7ym-()0!jHd@j|jVSYcSbc;NTJe+dzz{o6(5m!2Xs0As+&|Md9(KaT|b
z@5KOWCyZJslClF5GT=q={{tWckaWO*%b`X5jsEZ1-;KpYr~rOn%>Tkar;cG4nfp&y
z{$^v?Mf_8YT=h3WjL!PoVMs4lL4HB#*}t6`^I|nSFp>%b;2$0T*!IP1s{d)ce}=*D
zO0_jeXb~@!B2|%I{QCFzx02sHBxU8_oZkZl>GwcEi}<HHhBbf~8G!UZfcW=GC?mgQ
zFVbicFX#o30l(7=DF0T0_HqR%|1I;6*53uci<Fg-{#6HXc<Bu?gMCZ{5)#1=Q<pXP
z&w$Pb_x`{BkoxOSQOo_m1T_9^czX@W1#c=?PX+2a@H8y7b_9l|I%mh$(K&5>D?i9D
zr=D(-2nm?k7<9zB0(V<4gd3429`IQM5{NOC6B6+po@NQPcyV{*XsY_^PUiv+t>#n2
z3eZ>s=}f=Gg$d_lYl!h^$kO5l?2-M^mf!y7>H{x)RDZvkyVmq+2_^i5&nP!L`8L0Y
zaA1bDp4KxJ?FUCuj#`_GHZY38*yQy6nev@MvwL)nBN{Sf&5ac1NoNOy?ExXSu9}D|
zeZq+cJm9f6orEGfJVOJD<t<~oh?c^FS4jEok-{;@&OD;oPmi)jC_(jgzZ^o~?y1B!
z#3^%3T6Q)mTzu-;`N8%xCfj=wYnRuAGW#=<7|ask8qT1-vbps|YKf?k#^Uy`0V~xX
zlGL-GhJWoOF|Zze0rl-PfZg1yi8-#j>5lhEE(GIWb(WfTc%&NlD*ApT{L4!L%i6Ng
z0E0V*vnKD>UDIdbvz~CYl~#tlcs#CpD>Yf_ccj{y*0)jd3&FQ?l3vc7&)BGr%<|DW
zo!*VcHG$PeWvmNdXDFiSv{YWn>fo&dBKsLq^($yH>7XJFbQ0!ISh?sW^B!1$n+Z8r
z`qM2f3z^{6xzn6CijOcK2kHS?+jFwPmVksKNEVC^#e?aT6!NSrrrp6|)Dak#Zpsg#
zEx$MovwnA7(wers_g!irec_?-tga0(xZd?v(+(wm;2k+d?L6bNQ!9}|oJ>gqE^T%b
zzak#l8;8u;4t(%!y=HY{LzDU2FiAPfVB?;FGR_Q-;Ip~JyTvhp%`-acCD!gM0gETn
zc{EbcP*h`Mk#X?`!@xeCN|;}37;&_A$!gjU1ZK^lu$JeH2?1S4*lTZ0nggVwUg|w1
zidO$G{b6`w^#e7dB~F_yDWw9}3vYEqG3W#%3B$1B9jTW^y|FXM2W99ab#v<JWoQAn
zk6s2*pI^zde$ztJ`%>Mt^kDsF^-LVG1S(D4Da~;l%VYC;m5dt18)3pda2wAX)m;<{
z_z<?AMT^;t>Cq=%?|&E+CsVAXnU}JwN`LveYQ)niP?jv?mr<a(Y!KQ#vl@RJm_d8+
zC%1HfQP=TSMNq%;&6)%U%M-d?(vC;ns&)$ch4gWV^H-s{hZx8=XFqhooq-adu<EZm
zn0nW{O9btlRi8cacYN4MP^ZdPjH6>ayf$FIe))-{v&apSLKme_Ou54V*`VgY5#oiR
zjLdiNUP#$WD3p|LCDJRuM0iRZuo)<=uqI0|rXVb4`V`1u?-}=*G$SJZmaMcwN15nN
zk)QiU44RCz^)1cQd}F$Rgc96{o=Fq0Z-i-?o_AR0#MWjZD)v<=GKhArm<oR77@toX
z7D?mIPJWe7F&WgVS$NaNM_nL?jaGo8d=L>T%i;aBOy9+w6@v5ebwDa^6u4Mux5Lb$
ze8qE<i0)<{BXQ@g;D)4L{HK#IE=$Q9rbz<v8E(#a6=B4{t5_`{a8?_a2&c08txr4g
zYD#jO_csFMS%rw*GL-Z7@tWsq+h?!ctO5FzmQ5!^uhT`tZWgt@6MRA4CZx-kfS23g
zOCqDzTJgIpjv{3c3QE`~ncyD#r#GF_F9DW6VbD+-T^tMOp+ZtH=mmwXpn7cR2Us|D
z-sk1QVj~TgMefgvtKEVs{WJQAklr&^A#o)Ktd4cP=DpKtT1N`g{X%McZQb$W(cPjO
zAdn>(CYm?5%|v)9!Vl+i=R&m0nhO$51TnrcH!VMjeqXBSJ4bPhMPDRgSZOpXKnH6G
zI1|14MMm887l_&Npa$Ys19`Vf-1MNQ`te5%<j>wR{h#ts-9-61d-=K-smm9hzkJ<K
z5VHk@xN$1cFe%aS`h|C*4f^Y)ST)hmCDGtT(_NP8fGV@8o@(2D4aDn3ptVf@Mf97V
zDlAL2AIfa;x3IxWOIt5Bml6$Be=BTqNi?jKuj_befEe^gu^#rHKgZDR@-!Tr{Wzt`
z1E=31BWp{){*S=~G#;dn>Aq~SkwMqLe<q&$SxY!h7S4}7GJBSMERo2cMAydskhk3i
zXukt6f$}npHJC4pMFCD^jAa#|tQu(5h61n_OIlu+FwSIQrcxgXTN&HdE~%uUSqoVg
zB`JTr-ed|zHP;Q@^ou{&Oq?4dO9i<NR0k7Kvay7@)oSZ?)o{hOYBB}pq*PYG%RQeF
zN@(~J6G4iuJ&06-gd|A~QD*D=B&&yn9pyI#S$D0R($a~jh|t#4M@nqaAFB;(!Pd7B
zY$l?LxVV3eGnvXFz>-EqJa9IT3r)7T{W$$#Y_RhM(8-qp(aa0`(NT+6?6feORr~~@
zQkf?w6zXY;319cEXX?(3=Q`_FylT9TPy3Sg86GirGBkeHgE>07{Xi=HY?hl;tE_oR
z+oiiTBAaDJgIXPjQ&wa;bcN(Q_8Q~I$=JFkJ`CoyCe=T@dPIBn5-HN6u=6$Bs5Gp$
zS=U7WDP2n`J~{)n^_lwQ3GX6)VYL(SiQVCuKy&9RXXGO8-XokPss?SgfdZ7SR1?Hd
zg6Zkl)D&3cT-v4u=Wg69CwEQ^xi-w+Dd^L}Lk-k#b*K^X5<rFZ&pHTi%uP7f_q!;0
znn92-!gT`ZPcABTusP#QYe-LN>GDxOA$`x)dD#zK`U=WXB)k(rV^gq$BqDl>$|I?(
zfvku0lvLrrb7u_(G4o@52p%#l3H2Ik?nFI8ezCb`>voXg;`^uMllXGQE@-?G4w47~
zyF&!YdiSWG;2r^c>F;X>Npb-hP(q5#n1qe~gjgs6Wl=AXl9EYdm;62F_*>+^GJ?=z
zyG3mU)=X&(h_-12(#kEhpo)Sj&x-&ak36`-McNt(504T!rJ}3?dAkzv!UsO6Mxp3E
zXdq22CZI~|WQ|6mGsa18rE3Xzs$vOZGBA_Y3?d=Dy7={HNDwpITV`#;TYWM=W$2sM
z4DFa&v=BxW?r)?~>HFL#Sq`AQY&#|wp+&`(j#M3eYK_#gQSHtOC<weMH0dHVL0Q&8
zotmuJ(jenbjy*=>RPRn*18N~lSTPWEN*Z6KehCL&PF=Glv;pN+tUGb{aHr-}Y%j2B
zaeH}H&#8gN0F>I%;-;OH)S^JW2o2QtHO)VCC+AGnu6HlD)pJ^OYN<DAbyX-6Dt|fF
z2TzhGJHe@iq9Kj$+MS(AWm|$Y27>J_f~{`kpmLjpIzyqJ4h4N0g|b!hnhqK_lX8>P
zhGds<4wDsAqZ*+GvYJ)JnsQef?S>=)n>M_bmOAosZSpPEWIa<$xT(9Ty$7Uh$V5=F
zW;NekfyR^?t~jc%;7+~8MBbS&R%cw_(2_Lj>Qru%YST_8lhK)Kl~9xFPMxZ_Vroib
zl1kJ<M(A$SZX$^0l2DUuvtp94)o!X#15H*iiMGMBYDn4wf%=5DTRKzQUEN9DX$(>;
zREyRQ>)ma&4TLIulNIX?k~UUJ700x7$hUw(?U$YFoZ3csq;C2OGARZ{YcE|>s3Wsk
zai?5uch|1rwBhU&)F*FuX>saosWVz7i@?z~;nP=KjACW2h)_lS%X0Vj&)L9_x79yC
z1wy9>oDsWJAug7cHflw&?o}Y~5wPZi4mb3!^&<7X(gDlRt8v%)X1|ko)Z@QU-_d_L
z?+j$Of1Fbf2u-_1(rS2AaSWfpziD^i>$vQ-DK@xn@=U{y-s~URb)<0_*7_VJdcNE8
z!*gia2AOI=$~)AMhz+w3{ro7JpIzKj?$w-w8sjgaK7V&hjGb>!ag4V{je@Y)c4An&
z_RT&sCeVu$2NQ%kxY68e=q&oV*_=J0>#Y^u#=<A(&^5njIIl?+rRS(Gg)K>M`0cfD
zBy$oetnk?8l>B9{XsmL+^&m$BZ1babECII+7yTV{IwJ!OD)7A)8diEwkP!mQL2bJc
z+0s2=6Z>!t-z@69l)JM((%`|_B>CK|hE_8Ih_+-TVq0MS?7Yi4WLSZzjusKpwe;M+
zy32LuvP{2uFo(EGz+nK!3S3m^#cp0>tnN*Sf{-=<nf=+Gb~|#uBOWlzrkUa%ykfbz
zQKe}~gh-Su+lP9<FJvGk^Hn-z>$Wd$IYCENnpFRdD(mX?%$<=%Po|a;wMuVY4F|b`
zb9pEt^00~TxZMzXSWv$xs7pgd3K1^IaLDdN+!Y;3>@s`~cpms_FpkBZfh55l^*xd|
z(UGH_Oc^?gI;c&rWf;11pVqv1DMQ$J-n%KGQ(cp5A+~Z?Ff2EP4Uw4hco?TKkc$o8
z7Ba+MEtu{KU;gSE@bb`QU4_Wa7fg#|AicF`!fhKw3Fk<_F&;9Ga)OfUf5r<o*Spem
zxHq=xoBg(11RZ#q#_byD-)GfR>Lr9%^S5{PEjLL&MFX<A#j|07`<G0}^mN;ocOD$k
z#I4^po&=+X;#f=S{^LKE&g_H+a7JGf5Mxy`lB+rw&|r1!ygOPizFYGcdgpo?YJ`O{
z)}8&UWq18R;b#~U+BYO}nzO3`g{|cZv^Pz0M;t~D-n38Rd^e8%bHyb7s~3*3tG=Mq
zub1biVYE=>^}d%^_&of52YFAfg2azSYB<v{3KdU7!+cLZ-&4=!HowpP7P!Md{66w$
zT~~PTx->K6L|Nu&R?Nw}z<HM+jzxMTZx-l^{cb4s3AoDRvwlWkMrljLyZuRp<Ev9k
zYw&$`?WQAI6QE|C$Su5Y9#%KAIYma~RF@Tr)O*2WR0HK83v4Skc-ncIE4Bk>Ij{3L
zEEx02B#n=AOZpr1-dspMNmBH>x(+gIEp0P4_njw)WGx@Eou@EE)MjS(5*voOhBtJL
zLyNYAK4E3hG8g};n_uvU_Nm*z{uC~Da&OTCf!Jx?46Lo-eIofaOx*}Drc|gn$&c81
zLg8N7deSOjj~=eKdb>b_!yYq4g|TnY0q@TL#`uo8R6<<deON_Ag*WyKhL#fHb*8GT
z`75ev=61zQGF}jKxuQjV1D0W3Y0M4Xk^RaSNA`I^@5Up+cwy9;b)HdnC?k{+rf$;1
zVy=HGd`TJ+67OfvL@wVPSWZ#}eYC_K_vN+hFbsd<XaqV`4HU|%pXKoV0$t^g9*A{6
zg(;%trB&1_SKpPK;^9+xeBNJ8SV(e~pK>}bfW@#{%XWEp=l7UB6e!e360yJXPm7x%
z$EK&JpG0wz%Wc5lt`1~dXmL=(CyKckLdm_<oVWAS#?3^L1-$=6iwe5g*ymu}7w@4P
z<xo9N0Gts`$Y8mQ<%lSuotIQjW$V&j%$+xeL>AI*v=yV5YN`insxzqBaiXY+I?{mW
zK8bLAp4~RHmZdd*d$#lGWEU{nUIEQw#?0jF^YiR?Et3QWnDF>o6V;&hT}z9P4g&O8
z*6in`(f68Ydb7aOz{Y}hFyI0a{Wy^xGa4yk`w1nCsU!N`%?aVV`l**_JGQD3;eEEB
zIO6kxR|Pvq`FC@vMmv~D_-@;L(#s5D##6o_h_5p&U=4r~aEV!VFlb67M%L=7;{c@)
zE#=af8#dFhC`4As!bfH-ikEK89?`&@jmgk^giO#_-hN0>8%!I8#W#r#)KUhMN96<j
zNv#mQ(trwcUq(I^;>c!VT%IUfr(WLo79!*1zR36CXSrz^O3i@&k;dnKs5kZUU^WUC
znV3GR9y*o6W{q*<n)zX%e5N;vKO1*m@SKtFr*U-goih&-x8@dnp2f!DH-Q=g+Z!vF
zoj<<yyAuXBi%^Y>*zpUbrL5H>9cm#XWX(<ES~lByWWoro7<rT{j0ufO7hPtb^m-VK
z<f@Eiz_@mG2313ls-)N;adAPw%MStKX*4cAEiDs&Slup(jfj^)f+|lNq^*zFyfCC$
zRiexXsEJD_>B3*7&PYOPmWhaFV8r#zLB7x<2ZLeogUm22#;8dkhNrNZeV6(6ZOx7r
zjsin3$T&;A+uDzDCTy+g;r<;aBV&5$WbDQ_x@sabHc|`@X;x|iW$P3+#W)j=A*awt
ztGwBij5OP%eSLJLNCTifV&xW(5U9stdMa%FWDBt&mA62S7L1ud8a{Sfv1L8+OW;D5
znO$@35uz4x;{4taw;oU56&55+fG?GHRqT{`Mjfy^j2VwVzfMc>@ek4KLuO_<jm?FN
zz)<0014e34eugSF4S%({*o^=B1{Cy{YFX2{KG~n&prHTg(bNAmRn~}I)^rC-YKDRa
zUwG)+hTmhg4V(5qP(6S6SaAARs?T3}MQ1-Aeua7tbnOrS6g;4ZIoR3`M0jdzo>HY<
z(AJe03yf8KCW>*t46@rd8j!wblDV|=Ee^J>>%IiBoZ)wJTD_^m90myTd~><Q^`T3h
zJUb=XG&Jv72@8yEl&I^O#=V;Q7|1FBxvEhT!_^E+=8cNMdNK|nP}3cGe808xksdPN
zM7RGDs2{wZCb^l8igu1W08taY4Ai79)@{s@z2kCzsyFI4Wu{*^s*8i9NYtkao4v0U
zR`kB-dls1+6{mp;Urt5Z5w9gb`gM3*&VH^tc5~o0#lWFhEfR0Aq;?QHe+4&c5b1X}
zuun#JI;xR>)#@oX63*4gQ<WFXT-^k{)D?cKQcI6Gf0GKIp<dW$1s$}0w}oqb?cXz7
zZg*Q?a$ob?qD?Lo4X%BQff97LHGMJr$$%e5U|`vN!H%_Jv?z4e!2YIob`_pmqFM=R
zg)c9{wFt|jt>rwWSfnC+&Hi#<qk>R|!|zfR#s!DpgYTpJ<s*04GFdR?h$@EpkEi2i
zJ$}U4EU93YU8DhV32<1O^M<EhyS=xU`AUmkF`Cgiyb1!HJv5Dsh3o?TO9m{?E;9qW
z^xlxS-?epFdKj6Ubvc~p!P<B1zjpPPTyA%774)`onD+U2OfoHOf^QvujK7gJS?%?x
z;D2igI~s=mc;aWn{xK)<_!`iQf9VvXw>H6lY48QFT2qlJRycaH4=**e7S8~tF5~04
z9c{l>niXs-v4HEMR%M9WP``HBZa?u2aq+}ZJTO+Um3^Nc*PFwi@M*5$F@)O0$I$#B
zvQX*{EfU&$ILi`?Lrzl_GV~EtUbq^QHu!VRq~P{WtthdrCPPRP4yBa;A>`_Q%*?WA
z4g?O*hTDA*mg4;Replt9bgVK#)gDFQ1C&G0796wgta+FQIJU5OO4NLuoq=j-8MQCw
z8MUsoiqbSr3r=wj8|v3%C1qTG-7zce?UJP+3@>Ul-RUug!JB;fxeLK64BVddU;Sg~
zEd3G7UE#r#r@aT<u)rSgujUSpI%p2AfuS-`z=PI_v^hXdUgkZ17K4x$TvcYa@cJ=U
zk})uec^)u_h=^huT|{;|CKAjT3psUgq{!rgnqm!RUYM)fCtTL63g>n8p5(6^v{jm|
zxpKc&UresFIN>T)mE@*gen<U2++{{j!Ntj#FxEJS8)REdcB`>Cs%E75>-O1TCoGJ6
ziJ0i?Fi^E;)l}u;b91eIoa~joMkeWPg}D+Z8yM%}U?876`OA8uP4oBe@OSD?my6xK
z_weca%YNauF4rn9#ClQDd?2SsfVT4@na8&;vpbU8Vs6vSGP9_znl_E*b$n9h*o`IG
z#?Z|$s7RKmuCK?Lc$cYYJB9i7bYC)Vj#}*)H<eHaZS0!H4D@ixAEOjTZFjA?07raQ
zfi=$+Q1@pSqA%-m;G!vX1U<EJ43!;>fBzDk<!QbYQqxTm8A!^m-{>;=+29KZ($T7~
z9#i*iF8giDAKXlJ9!hNushy#rSFtBIu8SXy4!|n7CUH-J!IJ7fu$vY?VG}kRCf~#s
zJtM3o26VTs82ftCT77ijc?}Po2ylRdAEax=waI(ivl=9t3^_Mebjz$3HVqKgF@Y3b
zb~oh*{0KjNn1iIdU-vgz4qPP>x~KMjnL}WFTh2}yJcAAorOqBZ!QbINQGMwXnhbRH
z37HRHw$wQqy9@s)ZTtP6Nq^C}?j(Kc+eJ#dbZ}tY1zSYN#2%|uvmYXQ)ag%*iRE?{
z2B%eKg$^sWwcPll_MdOtdHaR1dmt8<3vG$d4eUKZRlxT`+&n2g5G6C$58e-M9l`FV
z%`wU9IoOIb`Z$kUzhpu$P+D#Y2G0b?ZFzc9YPPYZZ%x^oUjk{P7_=4JLT}z|C7_pL
zosi<ifR>akm1`tld3u&R1|7qP4Rl`d;C-RI-PL^62WvBfnMt4i;Tz6%(s|WkcG2!z
ze$v16?-CcI>c7Ox%8ytxBB$((qFhhT;G9-(QWfMLSxs!HK2U8EC^~*qczY#JupFlN
z{COjr^1WPw|9Z;7vT^5B01K6ozl}X>1P^i5w79#p`cTO}%rvc^d<mkn>T)bU4jxG`
zzwCPmp(PU}$(OFGl5W!H473Pj#{N9M?8<*3?XBcoumdmBI?-^2w2boU(z1S~vle-_
zvSEH~!KUbtmvDVeNCap-4u_Rf3%h@@p~dG33z7en$OwF=W0^v;I-Vw=E^F{yuzWzV
z8Y)#r!qP?m<#NZDn+ZibdsE}5VU9`r2O6et@R4;tlfHCzq0Ny=RQfZohDLZg0R$mZ
z687MMtqE>~tI;1(Y*SK$oEAFV$K*uLAwyp!FnwkNi^V%X(2|Sc_&_Y)N9WK;xLl4s
zV?Md@NZbuf-x+FSKlNzR6nvgIr01iwmioRNKW$=)!=Oa0qI|%oy!Ad2L!=q7Wi12-
zqad@!%olMKv$H2$N$rN7F({3qKt3?RqSOZ3tIgQ_Wn#2ch}_L)>!iWTn|I4v`SsBF
zFH*(#_}{;1B*rs~DL~xxm!3W})h@}2-F}}V{{I~JKUVF!O<9Mj;z4<k_%_q<gh%AT
zRYn=o8D-V)aA@bj`w@ZKSM%hQaZHbA+CITSuxfLE12%+uQjC!(;YkhXlB+^qPXg@9
zGqJ&tm0?D!6@oMHS?Z~_sTc0*Y5(k;e<bqooCDvvhig%UaLgFI1R1GMt9i25g;gh8
zYF;4b+`BG)RDk<0k#rILeIch^fehYV1$m+UdC8d>enr4ZU=Opt-tWanDj--h>IJKA
z7%Uw6lxGq+?erTKKfKHj>nn3htn~@ixwQ(}CX1GK?w@y{^yuc6O>6R%GTUj6>@xUw
zlA-23u-vhQz&v!Zzb1~zYWtTQt3QPN5yY9`>9s}BKi_5P2M!d17qpTv)3@P*1NLTS
zCV`o-R~?ly59;z9`lgu;sp-Of9Jh>%EuvLqg%b9xJX$t#Q4IACBUftT0Yw%eQ?UYu
zBnADYELUA2D!`aY=KYzOOd$B+vhfnWi7-b9`=!1yQ2-Q^61^5Xf40c3YbqS#*`lFY
zO~SNe*DMm#pWu`cB!~r1kp?A+gsE)Y_q=V$_ye{+(tgW1@~*Q&IDkz@!VJ#8Du*)#
ze&_5u#`PXp8*Z@k@YDmGEugPiU`EXnO0o|)Cq;<!h)nnNx2kQ4Lg0A|3>HG^Z@M>!
z)uzZ?oiQ}2r|(HKYc-4#o+t;_T^o*bi#rdy6PIZM9$bCfTGh@jzdkoZ{h9SDY2Out
z$6R48T~!O-KmC4ui9Uip+ZMrGI&e%ov<xl9P-?g|q3;jVfjL+FbCoXk1o;l(qKV)E
zHabgk9Py)l#9D1rc5!QI6Gz%7vKp|t*Xf>hm2qNAJbf^}j`0_-t9W<s7}qf9{#5PC
zMgyeLQB&-oQPkKm-QR5{<!u@C`CYvERg*ED4_EPbY9b?_fPUH2(j@(g(FL8T<gNmE
z+>fh(VHsso=rLA3e*>1}*%uA>iUOujA|E(6RKytMZylITE<5F?jvc4>yT(c-DjhA7
z>-zP4g_^ipx{pFM8gh8tTU$@iv&!Jzutph&9+1@{=v=2wJ$0KHQn)4QccP6knpOlL
z)F_>525PSIhFSL8q4QZ?iCli~c9)2l#UKoQS33g9LoBOP`0|5(53tR=yqAr8;rzW|
zGj6J`ym@}(lf16C7CR5)Zx}Sp(e*x+zrm<hj8p7B_wDzL2Ww0|q=Y5D^AK5fhrF4i
z64oi+^{gj;8-Do`tqB2x!4QZguI7mh_ar8dI$`4+7UN)Zp&Pw9fpc^HDU(GzaewBP
zYTtHLXLJqa`q&>;Hp<a=p}n7c(bw(?al3piJ$~!)5A=IK2~0@gOfxMr|LQM&9%X5C
zG}lV;p$2hRt0La-Mk@zW`GSl#6zmj72*!%H$vCOHSy))ZXJ>ZVDoS(p^%I+!;FhJ7
zsa%VYU+mR~ti#3rFZYt)1NHw%@0kU#^x++wJ%>`o?L4cs?&}tTpL&(3QpbQ`*1S|E
zri>mYhrkhMqFt^N@txP<Pkxz4z5$94hudkc(AvdGpr~j$p;0rNi5zWAGaj(~waR!E
zi8O4n&aHHo6MlPCZG}!KCAYI)$<TBL#@rCB*lUrxk2%;;FC%B1c~=JAIbL#M%usi)
zwZr_%M$0fMbyz0XEK@`GG2}U3|MRoO``7S?YJYBEAiPTX04(#;1BNIiAXvoirnO+c
z%i=ugZS}fEDwv81tb+E^y9^ni*Mz#)Br{?Q7I3r1waD$ivs1aQZ@6Utr0dIX8@!q*
zeJi-0E5x~9zJ&>Vje?1WBB7LkX|=>&yAz5*!`(aDe*!WgQy@)r_mw8R=~E=4&0qlo
zf!@48G(66!B`Y56N|Z0|dPL)LgfWahfJ7a^B#!S}*t%nRQGOBr(lN<FBzoRt0rj8H
z^Mq7@w&-OBT%yiISv6%;-Xz4FeSClsS!FejR`7&b@KPI!Ri<vd5dLFp&>0$i3^N5U
zB}3I^Lzl+q+Gr1IA|m3d-VPpZ>AZ%xzFHq+iV{a}KId3m49ekb_iC{MdiDC|!-9pl
z(cA2RsTlij43q$uczhXitIv_zhp|i%v_kvAb(<;L&7o24LE5>p*tX30@Jdb<v<{(L
zm$hFBLHl&c8+2E=b32!29^5o5JM`C&qQR%Uk|53n(gWnPe6C_JEl5HY)Fx|aK4(be
z$nBqC=ujG^zyv99ny`>AB%aeZXb?GRag&%U6!K|Br0)A!sW6_lMER|!OPmOuQwcnU
zbBmYfX8^CGQTqq(S2aA^<{%IZtH+@4ub@b<mzz~$2@*P*P<-UhgWKBR-i@?t0?H8m
zVs8X;WCWf=VgK}q{H^tfjC0#?HN+wEuKy#ej+^Ktyi;PjLW0z)oC{}Ue}R5Ri9blh
z;UN}7wrw(BV=$m8(tVm(W(_8AupoxSS}=9$+m{XyNP<J51aJ$(%lmj%yOleKCiFq!
zDO{0nK;a$3*bRNKzTWk$nyt9M_Y|WL&X$Cg)0uS*9j!o394*KzfbK9YiNlMlbo#L1
zjKmD3h3}x)+KuD%iBD7VBLRc9fCpN59z*0$mg=p+yC2;B<FB2fh|{BC`?%vBkyn!M
zgL91o&x*fpudiRRA%=}g{bfJjk+yA`7NuuDS(u(egneFJ%EABu$Y#_fZ)dl$TvMcJ
zQ3z*Tp1VGVkkpc(WrCCz+y3V_kpu61gtu;=L$}dMLG=_l;|^GcE~F$_n;p3e{sp!^
zgNp0Tv_t3-f>?0^l5dNDP&PEO&3YXT7v05i7GLiWhMqpd2CfILdyF2J$QsO(GNe@`
zOJ<V+UBTSa<L~r{juzAH*xUByFI%<3T#pu~Gi|Rsdp!&!%VC`i)Nt7gq;;{tEK4Gq
zo&g!3+kxv2PpVnrk%do7yY7;Sp+<$G4=1Wr9$#l#-i4-?>G0L%DaO%Fh8M9`oon0`
z#P}P!BOI`GTE_yxOqHl5Jz*=IhsFTMmuF7nVXnQIM3O`-@vn?Jx(0_|zw(KuWaZ%y
zdwlMX=5UyP*Lhf2Ai?}&yrs8kB#_fVTQgg8SrAS@zu3<(HqViw|A|YOU*1-{cg$kD
zQtaoIw|ju^8B|opl<Vu`el4$XK>&9MXu=<#?LtC4r+rJd&=w2*e3QKIOE7LmVZ_(I
zxr>i}G`<$%a|2_t=KfDah|wE=vx-W%(G7pG2}6Ow-7@H0cgUpPRbm{`PnMzScZ#<&
zFg&Y6r^X+-XsEvtQoHL)rcoy>XQ^&HF(*u9wq8_#rmEG4_k8I}qguM(i+5{V+-5bE
z{RnIm`ew74m(CS4KH2rIZG_BTnsC2Fsj9c3@JqywHm)rR+$i>D<HxTBE)whgCwiG(
z&9knKGKtqc%UH=}F~_@^fbT7qqZ)tkI5M@XE%8)GpbAYEZE<M~%ZHlC)hSpN876r~
zmdhBVYBw>>H_J>BjRbsq;|6M3?{-KF!Mh5?bj8n5IO_Rm8%>?mw6vVqmzUlrvSMUQ
zVHn<)x*+G<qdGGz3GWr<yC>`OsXwyXaPW6<Ir^$=wt84d)kS4?xuv&b&`*<12=ZrH
zyfCk6XIW#8ehCzY82=jNlp`4xDrib$sOOk)b|6#0z*IX=z)j~1e;cYRRhRs*qjr3m
zb^3-ptIlr`i^BRuLG!XrjiN2sccLfx&L*KxUQ20oh+VnG+E;Z*E9IdZwWCXKVmML#
zhI=YaF0@bRkW7SS7bD20zF0+B2(sBLGBT@&2l;yIHq#niR8Q%05!k@yX7wqHB`M>|
zH*}oQH-nkB<kz)@u#_<-1gYkuRdpY?jZ~@HOnKQhw&c!3osypyWm?s-p~IPC)m2bo
zqI6vyx;M5b#8iW<Dgu)z{A}kNzaRsx{87HxJy^gy=1PC<xl`2Lmr8T$L+0y%gWUl#
z>|YiA93kO|5wuC0zSBTE{{ApbmSl7IW;Trx^kV7eqKTF`bSu2X6FS<B43`66VvHBW
zdrcW?EZ9`hpnRbWoB(KiKbsq3ovYI!D+#McS3Xf<?d8-xew4z++iWAT4Tx5^kn~4l
z96SmDX_o3rx7LX#L}~PO#&A9X2Q1b~zu%F1zIsv)mu;V2F1{7`lKRcp;;vyE6q=$(
zfs-?BO~BC76B;=8tU*@fp8ysn#ql~n=<sQ$Ht)fMO)8~prQVUbcC4Fxh0GMJ7I3s}
zI&I8s9eJ3SkBg73_D=Aa%eb6w$(tXsH)?+6jbZ8(M{6kB2Kgp&Tu9$9+IfQ&_UjrK
zg=N35kDi}g^PRj|HRIv2Y&`4>T^){HYmmA1!fjT-j4fi%4BnBm>)B@S?=My(zMfb)
zYvl_t-xGiJmPbmqo<7-^-08Jegq=*e^a2h>W#7zT|8ZY&#J9E3ctg7u?j9VHin~V%
zm~f2t_SP6Xhdr&0QE>3=GDgSkQ>q8(eAwH7s@H6`yXfA(BgY=|%9lbj-20K{N+u=s
zyfqBKrPtHPvDfl0Mm4WOcArkv-F>qaEu&v1@c<Tki+XZ|^ez5!C&2V68%J~@<Womz
z5p=H$G=6dh-6g{;Z$0M3b^&*@OTw~TZ6;HrPESQIgY)?iBmoyvz^KE-i))|Gm1Wtg
z^2voO>O<8>SetODNuAVwV^i{6Usl(gh5n<}5&CpX--38!>Yhl*b7;2Tn+|&GANP#U
z`1T^pQwsC65IORldy*<g;%1eGR6^@jp22whcCjDhVqCgWc=V+)ACx)ZuZqP4U_o9w
zX}70`JH3n9OB}{6HtnvL_gUnnTTIoaI=RMGOGBaMp&M!f{2ZT6Z2}5awCo;z7mZgr
zv=__Rf<(M*6_P3O(7(8=N2QAKqn&UXviPR7CLBg}+!Yls3-3r2M}NM@{3iQ@>*j2b
zhXAKNvNlL|h)Tqo+#|1<QQF8{HgOJk^a>pfLwFgpU@w$ycEr;8@c~DingL0wOiYU8
z=&OJX((#*A*$B6ZFon+|;{Ew(v#q0q2U8pYwB^!oQbdLEsmrYH8w7z-ZX<?s`T&+Z
z`?dEh9qbCYdwH!c0q1$M8kq%m;xpuQj_6Ts(CS#-)YMM}+fy2kJp)1=!_&#!?wzzy
zo-BG#*cP?X04=}w3Vl#;S6hk@aKhU)K>sKx-!)^KlL(KB3!5A@FLw?l3Ud|zbe0u?
zvqFsFRx4oK0%|mv-R7!b&*O`V=M%ZAltUW^YqY92>Kiw_(TL}rH3pCL2)mQtLU&H)
zXhW&#KGjMfb2;X83+&Y~|4@$!3E)Cv*i<4Qb~vOe=M_6S%J!+~soS&rdT?MBtm9!^
z!Gj%<cSqUQ`bxoYCH!zW0&{;)Nk#_EF~e{`^G<0c32<Xujhq&OgAV?@goOeL-9VL&
zHR10_{fN|#%8VW!!Rw&#j!861T#IQ~olr1172eGg2B+7+@L;lc(FpYAE3NgC&lX3r
zPV0H&qEefw%q!YyVusKn({l!#n+gifx?$Y$1MX`j3Ja{f*+&d03&Y4KtXxGTtPFV}
zm`EHH2XZ>?T9kO0hQ>p4uIAW~GAlwbTCPkzf7oW|TJ|yTm6Zp6V`+@>NVa#7_aN1M
zs1;R>)n^+O-##=nVtls)@)}G0S8>PQICVrNHTc196U4ZC_a?sK2!<t1iug~I%68KG
zm@(D6UIUWhCnw9Uu8T0}v+Pr!3fgOAmFc52L|4>w3;vV8_LX?}m2NLf3<{%4muP<e
z>W(WwHV(zuv5CNt)u$8lL(P|g^t715Pr{h<;oIMS64ZVh8mp?9WYls5D#RGNO|nH;
z&2)k*1lHDP`dgQ2v-sAKb4}E2+Hz&S)G<iva;{4*g3ZmbJsVM#^x_G!GI)8MPzUDB
zCgh!fy4NpzkadsrS*|dO9~su{aner~6L}c|mxr9>RJgk=WZm3GOdrX-zDdhS0XX)w
zRwLMy9I@l4vr$m22R;x=if@iI;=bE2kEB|m$s18#EV{QHK0^^1H=~n2U}4UBtv-~Y
zbf(o`drEd;dQBDK#hubr*v!jZVnr1XR*N6Aq<}qqUt6Kxd5AY{ElIKKE?M`+_bnWP
z8?P^?4Qy}Vd*bvC(DYucGagHfYms9jIb%Hco*b_EWIWJq-Q&)L$4uK^fJHeg&mRy&
zh+Q@RpDy153dS@u@GdrS=h9(V^$lDBUFn{#Yz@(-;_yD{*^5(j@tHvP%MQ2|Zj>=j
z&mNKIkUF&)-Fe?xl>l<ikk^9F5IL&nHaiSGG;SH*WF@=@KxcUpEnNa8_vUGA3GNEM
z3;40nClmt?_KQH5bL(SviptbUrlUekLT`;3`ZojRYrHs|uvQMx-Vox+xy|Lt?{9S*
z5v#n+neRej?TZuY{g{u<yCMgIx`S|3WH!uP83IlM<S7smYRv0i)J*fufTFN(t`MWx
z894b*-OIi-O~{<b6gevD3i?>^k{tjR+&_c8c4xMvFYIaGhz&J(>@dv9myke{o?6~|
zCY$suY3XbHk+wFt%S#s|G06b^l#0ZSP`Na)KRkpsc#;_iquZ-FdX6-RCFaPbGEK#1
zj~j3CPe_!=YmT%#Iy&r3Z;9pdBx@$^2htNyXF^d}=>j?8yM<G(%lDK0VuS8Ja&}s;
z;CTlAFUH;~D9)w}*T#dpTadxs-F0vq+}+(RxVyVc@Zd7IySoe!0tA~u0wf{HyZP$>
z&-Tf#>f^3nPj^+XXRW*M%QOWO>6=KgU$l2b*`eHrHj;eu{Rm#x0!fzb5w9^C@;_P+
zQkH?(149<GXj-TX1`#y~$t@f&^`+3qe$$p4tifZ%TJ&~2Py!}z9%c<WkcABa1fbB-
z%fUj5;3re&ClyoyvJ*rg0O@0?J_>#lMZ^=jb=8Kp?Q1F&gc=|khWH<5g}Cjp1g)}7
z(!^JY&G(0!pP8}+dZ7}c0RUO#%(NsY6gJKsXuL48+xTFjezEq^pJJCyJxCW@^VbD-
z$z_PrXzez#vaO#{#s<k-e;1_WcZ7i}Piai-j+QKN;^CDI&|Mmw{p=`->NT^zZ>=RU
zrHTuIfsY2?_~&oP2RpVYyAZf&MU2*UPVu1zLI{NH93>pbXx8mx6A(BI$}4~3wN^u}
zxFNh_pN9U%>(c^$Gv${b7xH@*qmCvJ<N)o#di%Ty6pO~Qcz@L^1q6CR>~q$v4{7G{
ziY-Xquy#;qEF&|vGSZizNSwr{+s$AZeRYU91$@gO*F-Zzg7%<lGfCfJ@Wt0F1;<rg
zqRxSwgpv+r%OC_em}A1jnz7*aplT4-*3a8~1BE=tSQ-<waEH*{pV~$rrVSWfTDn23
zEFDfhX2K>8NSkDZg)u5g6bK4ytPGCSWUnnx`0U>4aPNt}0d{*)$kvwpIXdL(9KW=2
zS><rrhZi^vxi{ozsjePOs9{8i`oQi-(*Q5ccyhR%CP>vqyn)^rHL=G=IWG_<l+#y5
z)~mx-_1oQ)sZ3-VK?JsU!ykFT-w@sU{cisQ^<`I&X@}Mt=TpxV0|^O@<Of=~5+)?F
z=&?VBCuL}qzpPYo6eIafA*}Ik$tdwZaCYv7;UkCFw9M`OtcYjt1adb-{rgj^jWrv(
z6uFN?!O;2Kt^tuFefET|r^<@hjsVjEd|DUf>lTb|DnXSlpQNUK=t1Bs*aGa4DMm`?
zJOJ$J+boBV;K}~{n&mZxt#LL46aVq!5o+!-@o%pHDU0gDYJ*~tO9lbk{_}|XWz@N(
znW}NgmUF$@4Vd(PtU%a_0lqMrJM8DjQdm%$P%#`oYLq+xDTW3h4@96tYo1xgHY!HN
z#StI&z2uw7+d<E%m^c`k{a&)7+JV?<dA~>&;o-Z2h?$f^3P;gTQl3bfKHPNhgT~MB
zR%{?L{%NZCgRkS@B{CB-r!T*iTU}YA_9rIH%*yfzQf|yPw~wiU3)M*GjcpdH!=E@X
zOJ!l*D=J(elB6h>V;CZ>x`xWGwg7B$tZgtCvlHRMB9S9Vqg&Z}ew_5CaXNq~6yf*R
zl2R57nyY<~sN#^U+Zc%nfx41`5=yiObB=j>abgW6DI9YjM&R&=G)u0#`;;&Z`;eN4
zpDnm`HkyN)kcwcwaX_$E1r;CXTTE5j@?6P>UP*g-wK&aum;F1u;+>2Yl-MLR^Ih(#
z+&)p6fPQ1b3}2*Ub=QP*vO))y8m;AV&?lWF%h7bt&}=`GsdodiY9kvoeP~uox3>cQ
z?4g%1Bz5lrBDMkfrIEK<9zY$Z-;-S7df(FFz6Qp_khG#z;{~fcFz_>kSRPQh8bs6c
z4n?3%^aie1acorJFNFX6DA6H!3jgRIG{C22d$~Os6}s@f*Pi&euHK%O!GCcpK*Y?=
z6_LEN^>#<>Y|>bs!7LvK<RT_>zt{;PgfnGSG0hxAxUl~DcJn2WpuxkJYQ7tKanSLl
z8;LOX?*R;lidBA}Evo+<MuX~k`Wm9wPZ*$RkC_tuW_Qo3(C$P@s?}<NvTvo>1t%<h
zfBMMz7*m4XeimVvNfU)`A&(x>MG?>KO~^L&hPm1qAN@p1a2g(7jN>H(_d2LF2uH0|
z&d2kCq%pT-3KjxEm7!i#_idF$+Y_^Ud49R!^YM&`Bj=6hxF4$eYNk+!g=ci2>FW2z
zFS<+J>0B{V`J)k1Z34NxK@u)6=Iozp2*bs9$hFN!URx$*6Nx%ATHQ9wML29yTM)qr
zve--zR&Ofp^O5U<YiV2nOBh1d+pTD){?jRBTJ^)Wh&xiLl|G8)Z#1r+kkIS!D44dy
zX(!&Z6zio3L^{|9g-p+R81OZ$eO*|x%d@PH#sPw!P^nr#*SH!^p<m%L9xZba!QXu=
z#krz(Zv_{(f*{nuQWVUyk0m|W8((%>JUWJ~kJZ7P_v5!l!>fOj6+sJQx_TXv3}>&q
zx-oX?*PJ6Q=RmYE!C74f<&qQlj{!9U`v?Kc7$c}wvIqN3zt9X;Cc~%-$R3TyEn~JL
zq-QWF+~E-;mh3GYouMhpNbA#xyKqVh*myHl>1k(CGT3@V^*uOTf$0EFdvT%#2+dFI
zZ^*A&NyKahEW8OSFrlTap&>>K^B2|j=2y3eX2>1CvgIG{Zx7-a>;yl4BI3rVf~u=D
zzyswLo~K6(`~C{aL2KQG*HJp9$PWaOV>*TAd^~9e+}}FmsBo$b)qr?%(uk=R?)|uR
z`h48>NHS;C8Asgnxh(pC9!ZJ)9k!-{AGkYixn>#Bk30meP2FB<S3w)7yC)H|RWst;
z)QfI8$gB59D!Pf(RmS&G8<_4fSZ{vGwLmm71t}kDRDJlP*1j4-dn8F}AK$St^W^pc
zn6Eu}%DvtFJgXQvzMqt>U*GjAZq1FsQNQ_dltzrDrq+czfs|l4rAJPEn^;_Cci`vw
zdGlx%2vU$6M<!d`ueYO&pNs@`aB;s`fR1exA8deC1)LZIn__w*PvUWn@zysSk<QQ%
zZc3h(pcGF-R)}sDL5&hO4c~ui0mg8K(qiny#Xs(ZZEW;60={Lmo9!JbwRx8qENaOE
zi-ZJ4RX^&B9a6f-4$WVerWltEEXC2e8=8>ebs|S=E@XjTh7%RAEf?`!GkU76`tJe8
z9P|_ClGdu`<xX!af?Y>t>%ZTaRi_$e-X$%{PKGpzc)0kqxFBU(Tm?d90)0-<Qy8=@
zVA&%V0l5)ZRE+X6&Wt1o4Q{_3JJ#=*v-#FO_;H7{T(=2pVmqt8FjqV@@cA^r?`UX&
z!J2iffo6M;g8``H#I2=Fp_u9@`5}I%4g0}!E2vQLv;Ei?=d3Qm+N-DQ*U+GySro?6
z#As<0{PKOnS<(~Ql2>DRX6nAb@z?*zGI-JpT6*9$6e9y;uT7501XogdnlwqOO{$9!
zx$W&Bb<q68Zu3kRgB%u_o>slwf$=}@4#t3tc*?p;06McsGq<4JAph!>_iL;c=2VSk
zP;%?q;8%E3)X%Ki^H<AzC=Cb?6&=%&exq_XCGM4u6`pjCFxkPTj-Td~BAt4R@!5S?
z%M_(x*;KQ|5oO{2s`$R2y3|@@f;soEcz$7)<rvE4A$`NsLXr1th&SP1hI}pffb|@A
zrNUl=&S}XN)MuKUOJ59P)21-4PNJb;%$VJ9N({y%a!-r$&Uyls?POpL(%MY>8*01?
zO{hXk6HPf@0(IDloHAUmN8sM2GcC!NfU%>@DdseVh`LtV*T5+Fw|xn?yzc3M<!f0#
zLJ~|7b#Uiof86TkZZK7c65%}@-sAV^-8pV?96c;;0Sx(vzUCQkyO$#~%=*$vSJAs!
z%HCZUG~{yn@cp>PZ=^Uu!B=VrDpeO;GK~fsqts^-!P;7_<d)s^{?QEF`NozPw6>Z0
zL?#ABU|i8l2HN6V1`7-{<dLvTSotpG?-4sdA26(IQx{Ft6Cbm?pialf$2Uhi3<=}%
zudU$diDk|H5)kxecH>RRffy(}^u66J=?J0B%8*IJOt-O$HtG5z=S+m*7CRO|oahk;
ztr5Ikci%1F1*9W!3rhxzb#s|Ze#9oOYKaQ$GSIzyr&##SgfzRGjJJG3JDf_&b$|Ze
zB-1BN<N0epba@$Lek}CYYLRBfVFho_;+3}EAt|cc%b(uKiNxAafT#{Llj;Z`Mf1W6
z3m#BMHjms6FTg*t59VPTCAXNS2Uz3lD=n6eK!wZDU{cIzA<<{Ay_T$0p!ty4@|<mY
z1q|$3_#x~@KWJI;9SfR{)BLtETJd4%Y?TNz0tFFUP}S{J=p0||q1?mQ!E~<DqEpF3
zAtbg)D9~#tLj)^vbXNU7qK0Ic$ra;h@$;?1&IC6cvX&Q67@08ewFcIHI)T(#RBU4T
zlxezOY4{qTVB!+u9A{zMUY4$0Bvdsk?EU>A`I;cr?)SFn%@-waRq{NWe$~cjn~=P+
zq<Q_vC_e{l?Rb*O>9^=o7@edR7s_-^aK8K+<hgg%VbPuf)&U{TCHLj?6hHP+zY4?R
zonxae6HXH8g_KR1<e?=ZC(k$SHD4Fz^HC2xPd*{&G>aXa?HW>XQ-zqiokpS-4-@4U
z!pS3M*<;y69}RM;EP`haSNz>!o@=l`k2EcPK8xyp0q3UW-!DDAH&0{*wBf%BN{k7A
z1gqs*m*MIVx=}0Ba|e~U^lVGc&=;{GM1g%IobdFoy88Ug<_GpW7)7`e-|Ll&*e@)8
z_KvM=!oGc5=Bdp=4j%mT+=9N}iPG$53S=D_ihU9Xx?%A082}t2K4bURh-|kFxo}a;
z1>VsZ=E0>5{_^eb>@h}u2nr404ww7>!U#f|LE@JER~fMi_?V-psk#;(bs=K0`f%#|
zFrjy=5y<6Ch*HFlZ%IGGpV3C+h;7L>nGxr^E5i6^Oi{@1xro+8%O<Cm4i}5zr%&C8
zEQ8^s;UZA=n$@y;^l||mkaHSDT*N3Oqw24KpZrcO=JsM|rrt5rSBN1Ogofvo^o+H{
z*#rq6Vje$o`fq9P3ya#!b%V2-FJA4HG<{1EP_IQZqqYU9odEEs(P)ygX~Et6zIG<B
zJDn>nZFD(fS#u1mZYr$oSw`$RwK*L|><U1~&&4{qS@R|+3moj-EXL{`MOUFg&p|)g
zj6c{EH53P+?dK4vxXK~_gg$+BTZBj6oXQ)R*1D-Id3d}?bKox<_@cGAh?^1ek(#(4
zB)v$=CpoU<Qyu1(?JJFfi3_?q4dxAS%efniz?Qt1lM9?wk77ivfkWs{?<#y9@+uzV
zYWvdL73eKGn%!(a|Gn-ABNMNU+i2ph*x%{<`2hXnA*GX_T656pzK}$Ba3E64b_@8b
z2|d?pvq~t4E4co{Y1OaFsfmLp1P8f@=XYFWR2hOO=Hg>~@iV70q~IKxDUwq31=}Z{
zeegTRB?X$*epp~Ydff{iqdolNwsW`nlqYkY0*RD~SeOr+Uw#bq3QE@HD|i=RumkRY
zfszKDUN<#yKe~&gLCxpCX@<-U!OU(Blkk-yBNp&R$MDerar}g+bpSPlVrNQuGPFdR
ziAglz1R%AS9P^7w6kMUFA_RXC7pa;V?%f^RP`l5>U6vvut^}ZrgqBN=CeB0os-O07
zsuBp~EQ9VSnYU3L!9tEMH+Os%5+1%jDj66Al%qfMGNNEc#sW}fHH66JXLqflzS)Un
zD0^{h3rC_c0d#->$7y<P#tqJQsedggqYN$JB%%<IQAm@>p85_jT(g=iQL*7xOwOQ-
zuu7zGr%7P7bsevn&197Uq?}^YY);{O3sPjMrG8nLrAKfoiK5A2lrNH*1$dBRT4qR3
z*v*bcDZfWVr}7T$90YPNW=Ky;^Oq#dP9`$v@x!Up#E`0G*#gOUZPbXrrS@RDD<JXE
zSn^D(C47m-ilUKe?(L=2c?)0&IeZ-)r0kv<k{I-jMWDl#9(R7fRicp8nP}{K5p;m4
zii|ldG-s?r7;cHUGQ#*NvzU%K-;^2UQ%{jcH>bbxzIWTv-rMdp@7?t@G9=HQ!%W!&
zd}Z4-AOQbeO(27mIYG<wPEl5_bYsSJtHVT#0VL#-(^Q-~F`lLnTLL=)iKvMx`1|r1
zG2Vcjl%U5=4!nt*HnX!GZ~+)1+Io|V!2_W6`V8<?NXU=@DpzO8?jZ&ANtAye@qP?`
zZOocCr%w}G10(<y7Za)`tO_FK69MjmXKs@~PnrT0)RHVFd`7sMcL|c~`|3u&Vk4d6
zp=i)VVbChn%zMoycKf+5+(icjzS^VD`3L8^uE>lbg9k1Hhy=i+hoydi+<{7W>?03X
zBk=8hr7owPE`t7X>eK*wexIL**ex)IG&o<STCb^fj>KDVbSURZoe_EnnakI>NbNuJ
zS|3uG{GLUjCtRWMP(zdGUaRZUYN$KsR?F8}J4c5mgmSgxEogdll-?iUZIl~!L|+UB
ze^GcBOT_^J*|xd?{;&QuB8B-`fEsU=EFdqCQ{x(XH&nWHv~K?bg)XTMoV<VaLf;lQ
z@u9<pyn6SSx%Zv;e;)Ss?sIw&yT!v^6VoSe-&SbAq<c%?`c|m9JqweW_d@CB8~T7(
ziLR`5<IAld`(%SZ49JDb?|E!?3TC@IP72lBX)tYiuXar+J9Ly5?Ra1R`f8Nzk}DzP
zO@+)7#+rKUe9Kbo(m(Y7uStFPW0yM=h;#;Q0;`x$nWztQI<J8|Y6E;EmR^0vL<ipb
z2kN&}`GnpTSpRnzNl;WkVSkn%tjz9Ccj$Ym37ffHS%^>2D{y#;9b%3V(sFM1?yc<Z
zekphmhtXe{`@cEB;9)2fx>q8aWfr(JxOi6BmRVTr`+Vnrf#42RZ5TLq?>PuN=nSy8
zw-4}NhC+7=vqfH@uRum{e+U@RJjWFh;P(u2#~|A4&kZR|^KEQgEZp$Dxia<cSfRe&
zD<tiAA@<2LvtK*}H#c?j7Ydd8{(o{f@aU_%U}@RTfgh-Ur9|`~s94BC@Zc_lv9~Zy
zBg-^PZND>sz7UWPXk={sU$mH6K&JnxR~Y+QO|!Gw{ob?RJzkUGL4kg_yJPtQ@V*V%
zHhsOI=Vj|<hk1bG?yEiYoftfiO&@^mZiRBgWW&+hSsoAo3<&TB5@rD@-(z3iGdtSq
z1a}TVq3@Zyw|W+EH6XzMJ>LK6L32`Bvy}NA*T#qBz{}!`g=yr_%u-VJrNi!2m_PLP
zUC{@DLNoCvNIVzs>XR}c6PyzSwf1+xAK?>&v<mD?&VqFdL-v-zB65UrS@zS#D{vf)
zy{S0t#Zhqpo|TY8r{yfF`2u9R<|F|#8(k+*$$Zqo3*mJpCc@)pp-gJ^C<J@zonWFg
zabWD-1Ile2?>3#$(3jcv^?HORY-r9ozdxqqq9S9*<%*xH;fU8$irC|0!X}+jryPjo
zkO(-r;28YLzWn@Brb{j?bXpBdiULbYcr<k%j(eVbKe~D)dJdZ?`!o2MfkF`dJ>KNX
z4F_HcD2eV`^XA__l#<-{)!Qhj?xn{9c=vA8EIW>7=r7Y|y{U+~v|+t~wGp6C#Dx>w
z?%uR))8`te9re}UafhY$Nl5Eg>aGoCZ}8)30b)7-8@R6L3w(hV{EJN38jiX-L3%(s
z&XC<ltT3XNmW5)+N4L8BC~2I{a*n}+fG)=nNDsLOYr~qiJ&tMYLP5(mdpudM2Par|
z&s7(?b1<YD5Fq%ddj}Ir{9NmfsTX_PF~2WS{iU^k%g;myi<)1oR{4A$^S)Q9b3jw)
z==LzX?&kiU3>)k{JQNtPvUY6IKSa@Sv?_KoRyKHBR-7fdB(710f0xF$FqV4Q?fJ!`
z>>{Nwa#%pL+&4Fvt&dcVwbe`0qq}HmXf3?GQy`@IbhXu^q~s|Or{vO00Z#$1AY+Ue
zJz-NDH8K%X0oO+BCG=QIQX*i4*?Il;`vH~?lH^T`jjh7%9ahv(zN)bEG{n{T#j7H5
z6~q)xgVEWgfSZsuAhGU~>q=r0zKx-@ig~w|h$&H3Umn2Os2N{`4GdB7xz(o`XIB}n
zJ`N>}@NJq2r-rjHuJ599psWMyr@lse`1f)fR`%}AI(BZ|O<z3A=ly<5C#WbM8*)};
z!zLO&>KEs?&n@ZEUkVxunAkH@d~0Xh8q)I6u%@JzM`!GLEQ&OBeKj5BX$}7#_y^@L
zGxeK9xSQ|n)>&HtA9y@*0FiuV?%`M)ivCgh*JkQ4cu;_et5z9HEr=23b1;AG7<5N&
zehN$ucTqn!1YC=a4MnTG_})JV9^7ZI9J_CpLArIff9?!KUUipDdtmKLgRU0`WW=LK
z$xm~kx(rVKwDri67paY{P3M_bhgD<kJuPeP9r{o+T)0=X38etPWmSCAlOs|e4<KvP
z!MH(bf4u7r#b@@)w3#?Ws=iXCLor_m<U#)4p`vZ0FZW2?u+}B>N`uA&y~RgJTySS?
zV-|5`f?I&qKtO;?#eVA6PdN9n0j9{7YzvN%%ONO<s3!Zn%qMdBdBpz?bOPsI%A~a;
zT4HeRQ95TdC;Fk6_1>HUT$;PIr5Ja8v}bjg?vLHyubIY|Pw7=^9AMw(f0i>(koMK%
zGv{l$2RbEZegF!VvT$qr<~I%3OLR&POz&s2mJzojl~!{q!;gbY`W&@%5ku<d2JnH*
zNhthJARUOZQoWZ`Ny{6AI=*oZs+;F$F!-Zey$sH6%)^z^hYyK5dm=2{>UYsVAvLNv
z63CcZhPI_f<aaEVnTe^}G(2+5fyDFowj-hWFTsEBcuY*b^>V{;Ir!c|qwlEv@3M1F
z5vA0#p{FMfdDGQTVe=?_2yc97O&;qWLJzc-Yo9r<IUsmWu$0s7<KPew_kqo^U$}Y6
z6I8-)B+WH9AY~BxW9aNatSFA~FO%`aRxowm{<`}g4y%Rk3TpZf$pm6H4N+<#%x2B}
zp3khlY>@+vRdDyXO=f=6C>ijU?2H|y2N03w<IoYI_4~VXlkAlHupM>Y&Mr@q^nByn
z`7b|g7RX6)=hpVk`=P}XqF(XA=b-9LJvjF-mrECxi#V(@M%SrquyS=5aG21Y36qub
zZy(9h?v~)&h8==4=&#*Qlyu*)z?+=+wkX78`zARtIdVgl0oE6T#g)!lUo7%f|Mu!K
zFq`b#(A35UmI!-Vxt8hAx5^T^M$3PlSyAH~C~J5hYgo+r`o+M!6^q5zl-oq9{TZh7
z3bc^ZQ&WPF+0Zzc=j*acX%inWTPGi5<0R+yh1oZ6d!bA;LywQ{svC)38|@+HMx?s@
z40+1V$J9eVgF}DyAM~D{pi#r6p%qM2h{G-9-hJrwgE<I#!s4g`j>U#W19I~x>zL7H
zEE^m7ty2_b*FFb5pOrx-F%=@{&@teZ*_D?3_aD3Lv*!>aFsaUy*cairGKnOeB3sP8
zrTF9=T$T<{fkG_{U%eviHZyn>WQk*`9fvV#u~&GPe(5OVcvphrn5vo#%HwVXeJd93
zGbmOHP9DQxslVNZKbzEN<ePd=iG+IKW5t5{jVd;t`<^f8GUBKQ2jUiY%!$9tgzUh_
z=Xa(^T*OvhjZ)#dM@QeyogaJtZtkH-o=y{MM)&DLuPsamJL<Mvi|u`T?ebH~vmg!N
z+h;IQz-rO+v%7B+A4mxO9nTGUIu@1u6#9>f95w8~RJdYJ&eOb?%iGZ(#D5Y$zB1IC
zW0K{vp%|N6-4WRtu#9LzfNajW-eomN7pRsM7hQ!*^)-6c2+^!L-p^{9+JruY=Ye=e
zvXlpdE@h~p5}hVkp@wg{s!+?hW!|eUo}47nii3UFY<!zj?IFL}!OI2sdn93YR;?ny
zT_s#bps+9@glP3RJ*gTedd`5ypvTSncCx|mJ;iZTJtT<xVJHS}YWY1$3D{;6g_!#X
zUMILA2-SV8PffU?5N($$=kVlv=cfkXYOVFT(}%7ai;3|I)wefsapA-a%njWg%@qbJ
zDs8wTq`rO@QbN%nsV2TT@MvN~Oh$}aZQTg`NmCv3W&v^)JAk=UFRf7xI$_!vy_8Mt
zZ$n&`sp9z${6&r&OX+AIs6f#yI&%nEJ|SV5ez<_)%KVe`!G_W2XDb2{KWrse&`fYT
z@!=us)JmWm^!uWwoRN(4x-K9NVYzqom;V5`PuAYlA#UvuK$Q9zy2xHQ`m@ZCMYvi6
zq@1y3;z`0tW$rgL1XiQY?kL=+!4-ZBhFUbtqQQc6>nsdDgg<$V{~lP>)Yc;W6WIF@
zC8OC!%AcNYk<>eQP4e~muL{xN*!gF&YCKYjYCVRKj=1ZGZ@OpSJUURG7((nYDDLWq
z!dyf>bVL1o)MMuEC*F-@Wqm9CxP-(Ggoxhee7O)x*zrhuk_r{g%s2%?xLW)hZ8(+W
z#x6=m-43^}FUx%67uC^D3VsK;+j%nR+RK#QEjEw&_qoMpgZvW(Z*?QqFRnp{?8N8>
z_CqK9;Q2<b9X;CD82Z)@qvlXv&r%sFI5<)-=vRrZ(8Z;rs{4B}%r8%Fj?i(B#%O{b
zR#r_qoIEIGQ+#OoR{pQVBF-Qx@$Myw>CM3On~w@f%Hpx>K}bb4mx$F=_;5nAIgQ&A
zgiyALFaWq1DwI4eW^P>!vi;`A&zT$X1NCD2=per&rNpC+QEk*;STgQwo5wNsJ8Jo%
zSh6#|yge;T{PrZ~J3<ccOX>@s)oUjzV(hoZ{`{+%nz4!7jm;skfiwRY%I4rp-tM;M
zC%OljvKE^<75D?QJ(aax$X3Noa4JTqZCLZ$p~eA~c?+0mvD_7E?=ROql%DIL944_5
zaF{%t8$L8T3+Hm*2wC{?gpcC_Oa6ZFQ9$BsLt3?WC8X0s?Nlfm?e|w|g=vZzkJ2rN
z_$)c2DS|=M+B+DS50S4hxBZy^&j*U|D2tj;KEIg+t1n@Ju05#5y6K>;pZQTs=jSgM
zx+wMF8TrQ8-R8ps`+Gdz^h)^&oALCBHLKy)jomw|($l3&%r!H|Cz3<14-OxK*%YBJ
zubqvj8h3{h+O4fmj3;xhz(TJx>tvg*+*1E(xlQ8jCy~NXQt2N?8l?&+>~9dnGWW7x
z$3d#<u$_Ic3JK_LfSLcL@2$LRWkH$P94OcPo|@1g!u+0TBleqnUu=O@i;X=NQ3>2^
z9nMh0k9BT1>yi%%i-!lI(_v~acG-7QoG(KqRmFwaauJl&P^~a7g~Di9H62g*JBwc1
z<^H61$RY+$d2sXK^rdNVCq6QmUF!gwnsUX@?i34V4}GRRg))_B=>>TsJCASwyy&)u
zV`}$QA13o23^9IE-7xnt6KcsGgGWY6YE+J-!4D0c1>n$7lNoZFna7u={q$&ma;eA(
zm3X8NQ>qOyQqb4XdUGO7OU29>q7;tjZC^F^bU(M5t;hNtIc2sM1ygHNp|5+1N(V2E
zhk6Vbg^9^OomkTq-4>bC>N)aFit%fWP(geUF9$nsR!~qvaiU31y7ay%#2=xgIZHN$
z)87n*nTM=S%W^C7;PWK$00^y<*p=5%QnZs$qu7xZ6gF;RZd_AbAa{}jN<F0ncV|xJ
z+J)+2yHL+v2c+|Ey_3bhX!2Jl&-#G=8PVwrd&|mSKS_0N?mmXiwP|RDo@hO;;Dq?5
zH5=CC5#0Z%64t(hI{gd`G*6rTo<zUx8TV#8JPgV`SQfo57`RWHe~rME`l2kB3DtR9
z8G1$y{8PO^#P>HSnwRxIV?EG61#SJLs<v-AwNmYRpfx=ZY(sM3)#2=uMbSa?CeAMo
zm%|SU^uO-!HzpmwGUc6jdSFqGDeSYOqLyHFM;KKmLvEe}f6vfTTbLpzQsbgs%J6z)
z;U*P4xmJluz~uIh=ur(#2ZI8AVSK((27RLVsr$%TaWOOtA;IA1cK8Um2)Y`I@~1MB
zI+g{?6sI*bs-@HqV)C2uZq-0Bu}x3hnPb(ESJN@UV7~G+uO%9KG`29-Dq8i{bmO+e
zDQ*Jla&z*bz<Nn7sj#aMIm8Yk!)Ab;?T9TTJYI81e7v0`Ga~YFrC$vx9}wunOEah-
z6=dPz(dC;e=^7zRD;VMN_!ewrWnzs${Rq;n@pGwZ@*cy<H@mb?PYZj-wptx{`l({@
zsHgh<$(Zc2+MaMmg9n?In?iNRfr>_8FaH&2!B=%Tj*A6)b=dt3o8mFCXlo=mpZYlS
z@TZzTrkhk!lk$F>*-oBhd@J5;{fN#*^0)IRylY2zoIyf!#Lj$lToIV~TuGx`v16SA
z>os$=pBw|Ajai(tW_Tx&Se<v>DH)rOOJZ&t1$DTtXZ5k?VjqJn$Ou9{8PK~>5Os!S
zH|oGF>jJlGMXmy>%t%aIB{mo~5`4`CSMM~JQqg$#7*Z|2-DI)Dy3vK5>=0a*;Odc|
zE>VeI!u;jcS0?pC)?pfy(o#{VqEa4iFN4#bLFu(43K5zHWq;dVhi$S(VY~M_*YIdR
zW#ExAk-`ts@0lJod34QLJ}R7tzm2OCo^MsOY@-8mF$Vk!FCytDv8W@zO0r9F<BhL&
zuBtwqVJaz8L2c40O;#euG~m=|n7;@~VC?lEAnS#QjtTr}PeglqIEK7D?1t)S*s8-L
z#iNkx*j#F6NMq9E#{Cnz?f-1pdB>huz+5bNhE5W8bl6R6{}Ekuc)2{_7|6ODcAW=(
zgk8&o{w>Td-=3j`<a!=C(&9O~0BOUs?43wy;oO?NN<D-v|GGo(T4k8Z^Yf+PS{#3H
zwh|%WtsroE+{G88RL&??1=5(*ZyhKJpUWkb86K$l?qF>{95q<GotJEY6f1E6GRUL|
zsImd!9!GC2aRP0@KEsY@!<`PuD73@hdSz+8jwuOgtXa0tYb(y^Efm%t6|M;3mN>iL
zbJb~E*)9n+*xh`YJ2!soGI0GMdy!A{HL_)+YW+|~J8Q^ngKGi~DLq)<fwPTC9>W)Z
zKf0(8Liv-BuP-xdbRz4mt(WtQ-}m#KX%Q2mkMeDE1YgCQSji#!KT}$60O(;`Gp0WL
z%DmpVeySliFEWlYihonivDaYk@BDC99wS|rT%)Xo-9#GT#*QDTfe9X-AumaVfG7tw
z+)|T1Eax!r&j_JPbmRzmB9Vz8TJu!PRZNzuSYu<w*T#GBi-S0yK?_rCTy(UmG(Mq+
z^MqU+038j^D!1mukZBmrlVU=JmLe809L$w=Gmu>nq+RrrJD&2d0V=r)pgD1}7+62-
zG~+@MQ^?+P;6{!OUC*Ysj7CMv9`_Xaj1UPu$-<EyCDup7WZ3LlYoMDmlEZXveQI1N
zf+Od*Akk*Y!^G8sTP0nDWBBd~fdx|xjvChO*rCy&^bYpG;4#;~adXL4&C<lBs;-}c
zYFo(hr5)F7cM__8;PEEQ&~D;?mL)uShTaVG48L_8qRq_j<zY-%A)#tV#>Pk!(^Qt-
zAB+#><@6w-Bjcx`0<x5%(o!xSn=tpP?p!+qJufNvFxLcKzjn!CDB*R;@R_>S#UR;c
z#N_d3DSK%MAKph*X>%^zrP`$t8%Y~xD=x5aVOA*%6Y_C0s-kjdZy!u2cgUOmbhNgY
zcjD+nM8~gkdY=I63Jmn$Xa287il|U2Rj#g0(eCe%2V_?E!+3jAH3ClL)MOOdbTk%V
zP|om02NM)y0%DaTHZ*ZTRpefl#|6mBFw7%V%(=wr(5nN!;nEp$%;pq4e!!2&*ajHQ
zYO^w-jnm;RsAGL@=KQ=Yp87R)2NU1KtyPAWR`#y7TE<ECdXg?yG4@Znn%KcF&$R{7
z*t;-Tq+%H`4}bOFav#LHot*+;@rA<rp9{3v30y8Nem%3T{dU2op|ij=TyAggunYvu
zlR%nWf9ce;H#VLcgoM?Y92;)di+-_#Uf8E+f_rWKZ6sb-O5e}BC+(k=80e3Y@@p|x
zITLCczB9Tyu3h}GRvve_MEy7#5vo6yn5?TbUu;0|Kw1Zn_rhL8A`#7pL1L??5kMA7
zCr9hrQK`16Ou-&AT`nm`d$epYm6t<RS(TRr*bb_HUG?S3DqIF#WBB4C1<_Jvc-NG_
z&F@uv5Y96}G{F&p!DN#kSL0eF0>1H90V5c>Y7hy}#7lw*7T{q1z0`L@RrbVNEE>y-
z``48^O(y%}PBW>w@!vu5UM0l%S-Daf6z~PMy*(G%3G}ChjC1<Ts_sOF2alFwM&HCY
zf_+2jU?i+NYD3bq!h?Dfv%P5fZ+aBO_Vifv30swV8_uW;Px)y(m|P+LHEr$(Q;|dP
zL5ro}+FLUbvBF5fCvIXYu%aJZ$p%3OR=F=VloX`_^{X235UT8hB6}9!c6Y0XhR2G#
zSC3J>xiE+*oJhfBHEad-$meFD+;nFX9rb_CaawapDr5`@Hq!RW$;dh+%@_X$FU7^o
zQ^fD9NvU8?BNEPile#<=vZ|O>p^gQ$8GFq5J3DRsO?T%XHuzRNw=sm7R^vzw&zDJk
zFd3jF8@-~U`^D+PW`-gUA9VFKKfV9cEa4|2nJ{V>D6<pcDG7{(-!I(V3H)w=q$IRk
zztc-USNw;|^`_As_XPfict<4=cKqt=vf?U10~e@?N0hRwtoM&h*iXc^kPN}F?b!KS
zww4v*g={taczv?bW|H%izOAl?-#a2vv+#_Ce=5ti@_>QLFyS$1(QqbMuh%lZ%;(0=
z)OO0n;OG+;GrAK2Zz8!Nk`4t~!Q4pE{)ohXM6g%=!B1kpAcMcxXtMFSRRG!`n>n<Q
zz1KLVn@>Z%D?^cG!<0|5ZJ3#H`rMP_Q?{dH=~;I`kWOy4TdwcyI4Q+cf2(r44TZ=m
zx~)A+p;7Fy#M{(<!)umpAuEUd-)EpuCe31EA+z`Q<xbdsp3nXhT90#^u==&%Ok8S?
zbm!im$wGBHBgR?*K89qLI%|492FAMZ8<0i0#meH&#>LjlaoM2!IL)+t77um|+mIjh
z+Pm%9r9<+UiB$Qp4-EV*OB0DF#|DM>B?UVzas5l7-<IEiiEVe*wt8n=4G6Di)kziO
z#&M1G`#x?4dK80ku38^qz4Yg?qj?q7gwe&ere9~yx9dJ&gqOKb9mrd9ky%M`4Fk-U
zfBav=UmuTs`15!ezo@VlYA2Hs>dRZEuObA&gg=FY%U82k(s7QDXc_0UvUw9K)J7Ad
zCIKjXGBH_5_xC85te>zgHvGgs;S9kvPV~x~wadwS4$drsbP+6(V;rLrca<IP?X^Q$
zvraAaGV-YY>O9-cN2yYi+?7uKK$Qi;?kngr2yGLxYNplZ9h2<vqQ>cDY*1=q#CJ;n
zzI}w;RzEcVb6IEPc1lbj_~?HuWezidO?XYd9*UM@<#1E{-Mvb$k01JqGjt*js3bzh
zRn0I$_~g#_fG=AAs){Y{7b<%F>++)etU=_a`joCM|B$zX41`u`XDukWE+ebr2DFWt
z27^2#|NA5o_%GmT$|4;6Wfx$BM3W#hD+~QE_HX_%4B`R>i`<qi+`$*OmHWwtoJWte
z2HnO~Z_3MSE7maAXjLt+m?q;A->|B-9{4$#46t6W=MC6y=jnHV{8+C{G<X-R@!1RI
z9p(=4$S=;3P0y>%I8W2En<x_Jna5O1)AD;ps>M=pI>>Sy!2`@yNiVz;z2LOKT2V8<
zV`D?mC3J!;jz_JXjHf47rI4{9g(X2*U;fy?=lCPv*7H{=^d>A3HA8-mutrhgy5-l+
z%q#5Er!WiuVJPHf_~pmTZzH|1m#}4$Ibped36H{bzuNSfNi<JVX=YnoTcoHhjy#oh
zR%5*_o!%&!BzAp?tO|KN8jQ<_cR-$$dhCtARD?4r?E)V!sl`oX3YKya&ZkaPW2+os
zCvTBkmU0IhueBA|fpHtfsl`h93VGWx_3-iV5p10~HIAOoa_tLHO_nE`bTKOGb2^hP
zJPM}Ba(D=j$i-7(I4F?(ZOMW+dE`v-1bGsbW>z*pI}5!TFM$_9;i0EZiu%9&z`uW=
zdaIvIimE;YoHc)`s&z+dld6%Yf8T0j^%O^*hRW1BdtRO>R@5oUn8+V*Z@(uNCZ^2{
zR-Ur05cLN8X><ROCb2S45fQEgIz&Fq{FP$*v=TaO5nkR?^4qHRIpFr2r7|8F4S_>7
z9!Lz~<Ho0mzYf`fVcEmE+n$XgWYZ>6>3Vnync7hTL<xJD)iUjj0-biLm}^O@wpFP$
ztBX;*VKnf^QkoXB2Te_k3dBhbIdmiOY;<z)23Tnb4Cn$mV@|fo%z}rDl`8bHGRB!P
zRgozi!ng^FrPrK&y&pb+2cOO*ejt-19}a!D6=thJqgBOsj@A&x!jwbh1X_z64LSYN
z4tHl-3=Nie2rUn#urxxI)<Ig}Ao9^OY}VT-nkzIU5xagHf=uc~-;TBowX%J?dqyi6
z)j`frD@@vD0VrTB+M<FSf8M{r2E(i+foL~pZFsb=wKKAWB2j0k@EXbotjZU3xwD%H
zcoBW%pD}C3qdyZWw<;GQ5x0{PIJ1z19EUx<Ji6m)cna6kMa{C5TqEg^Uvd)xPEkLj
zL@jU#yJeG`AvBrL*BUyt;G-#57s#mX`L!s3(8(3`M`JPoudmK^U3c*(Pw`Cr$v>7v
z;<P9JgCh~X<Vw#U$!)9On-GLobf6r|rjddFtv2y1bkyL=KODJCt(2{ZYD0qBPuFKP
z!gnYtm0q4Sw-k{;701eG)S6_tU6{|lZV<~-o$~<^5i`W}qLv;Gu&yk315<lC3}7>W
z@rF1EKomAfw&V9+`{~CY(i@I7!wR=7+nNyGzBXv*?%cbaV|MQ8-u#C44mYEQ4)nTX
zjWq3wwLT}6>n*hmcdn%Ii~jSSa5;P4xcM$;<}vt3N{Of)x>}38Ci&~now(^Sc(~~e
zIya$D-7PAzElF<F5X9!-e~{|-8wRt#{niXh+g0`J^enmV!ZH5%@w3g~?@F)S{uegl
zyv;mj)@y5OF0mmG$;L*di?)y&=<-Or2Q}z5OzbWT$VL$$Vq(H}%*K0VUz1JBP8*A?
z07zoiYmC9guf&a1Mt)s5fc}9%%*`AmE{=s}R*|#|>8NJPkB-rSWf6iE2l?;?Ng<rM
zZZ)#t96_4Cd2>2E_O%_u00A9YtU1aX{%svHbE1ItY4GAshXs#0d5S^qTOM9KD$NO|
zJ*%X8tz<A2Pn1((+4B^MCwIaIxYqi+*3y@h1Hq>{XS4jApU=eSlqj=cOk~$D1g}kk
z(vwrI315uwHN)Hv`i~~nxiyR4LYcS*N5A*Q13C{jEqHFvUK}PXlu6MyUGwbx4>DP5
z^{RRXCgSN5t>iEa@%-A`O+Vp!<CZda>mmY4c~g-xaY7XIZ?%N5X6N+|QE}Oj;bnjW
zM_WfP@%IKIhfGoe9<FSq16qIdAWgx%oy-+1TKcZZ@T80`T>5q)2lE3^_pjV{kLP>d
zSl=w9ymmru)mGOYZ4;C};_JApmpJb8L2kei=bEUuuU|m$V;$?@#X&TA;|F-ZO%?gv
z@!AGj-}*wv>$7Us{zICQQ~xiXzVutPg@Ka|nRPcUOW8_T6KZprb=%fF1E8}(vB6lx
zb#$^KCkOo6<<IQTd2;;g;W777w0{s!I5!%m>}Mk~;Ta-v6|Jdh);~&ZnZx$luFWDo
z2}|Kni3(4NLBg8EUeSKv`<nf&{?Sm3R<7L1+j$AdvU|ZkXfJfCu+n4>^L{A>f#muN
zKkoGm<XsVc5(kqkLoq+nizKy>fDcUV{*DNZDCFL+g)p9he=&rHKpy^1{-ta!;yxWV
zIv*k%d#PCB&l0Djse-l5fG1b{_=Y`(B_GjSRc8hRTDi>T%Ldb1UrM%~wL=AQP19aI
z{YW^Hv*vN+)AXt+a}>fMR4ZOgJb3-W-i;@Ljxl|RdV(29!kCy^oGn_=gMxJjH>4z1
zlvD>TTaGknj^bzHBKKa_{ZckLd;&xOAxE=JjW#hZHzjI+W;)RqpJ{+8VH5e7=4c@I
z_mCwcCR|j3*d#i16gR9WIcB=?KyLh(p2DdPw<9Z5Ikbe5oXV6b<pS2oE^V+?-HbQc
zy-Y@0Io3kiAK=DCQJ2W<1*nLKO|)>!H53)?<P+IH!nPC7QnOQm*dMtTrTNtm%S}+y
zoMz*dI!8{OVPv*WE(4=pPu@Jx1NI7#?N6YsOTUmNVzrH7sU}sUTmyrP=tFNFf^X~n
z5m_aDTdQ|k7@BEwHG2mAy4+&yIETI~HVTOS>K4-f30sj%^sdA2pf7g9GGt>A8h9g~
zb8j-EZ}bCS{VZ5gWV2Qg9J8^}<v_-(X(6iFr`w}jvoRrE>(FOmHxhhqGI{#-gv0&@
zdqm>*Ffjg)EC2Pa@uPl>Q%x<4eB6>P*_tuC=56Fc^xyKOH`tR8tp80+%=}k=_unST
z?D)l^1$IdvKdd0LfJ@ir&+|6Ot8>weD27<7cB*zAn|Z~mx*U1)#VS*u8=6>5)Qx|P
zw2mj*8an6vbAYQu7920|VXna=W6$C+cQI#hwY2E9!4YFzl<mlM_HFb9Z7HRchxsIm
zFfrwYgm|`+f?@^DTQC$pKUW&()+e)Fma)va2dx>m$JRW<j)V3Bs2;L^A2$lxtLgLW
z1KK;B?H6}D6z2*+6w11MtSUU+cr}|Y6qvP<RY)b5BWHhK+BAPX|2J|4)#@74PpZ+2
zM+fo&l9hMO)N$8kSpluI`i-AKhTi9ZoaU-_0lg~<ITe|^(w+=k6il%Y>5*x%EAx<7
z@)d!>r`7bJeBHmW(AT>D!Qnt<SIcU6)Ef8%1x!?%Nw*Z6d#Pg+B-RZ91vxr(l}`J-
zL>1P?{M+t`FyY3d$f)q6v&%G$0_$F-hNqD@u#)rbpnYO(BAMP3y|$CCwoAqJSnQ6>
znjbh^xK*|I_qkl65}@R+RzSZk;JN!vfHx(RoUz!jQLxZWajl&^6<IM^5!1?Ek;jJc
zr0L}8X6AB1bLqx2D$C<f7To>$e?EU;e1GGTel<2aRyF3@tzTK^qATjxSdMJZ+&qV0
z_P*%*@JaQ1GXIhaz{|+^iFW#LOF&!H*YD^sq{Vkl0lBLfxlpsJh(~(1`gvj``1&T{
zTtqxX_|-pmkJ=(U<kWjAb0ToHTS@PVO0_<ZgU%_LL9}?iD23P9#QJ_uNWaOAr8e+>
zq;Ujbt&Xp!XAD^D6l7C;cX?!0E2vf=ql<}}%qw&S@#DrnyxCFz{!{??cl?G3fX*lC
zC2i<ek)g9LE>=6mwb`J|9JlI~AAhnho0BRvujb>??7$9f8iw8e9$Z|kke1)$>3x%s
z{j#Qt$glZi+n}Y0kE9LXLTtlJmi8~!eF_EPZ(r!OcnK4R?sm>LOHzRAB2T%X{=`!I
zB`j70xo<nSnpnRvHRvqjRJg5$sIi;65auMLt9>&ysOsc)_Q@oC7PZ5gPcWIcS|O*}
zI@?uG+qx^4&t8$khFsOUDxpr>iG^LkL(D~gxV7wKc;hsg_dls!VEIW!H2fV1O-+Ry
zuTB7u70VKzeE7rbr<s?qz)M>+U+1H9xhe&zBLidM2;6&|9LxUyyqsB_Ln*6M>W)Wl
zaWd5ZEtT`DTN5)ln)5gj=#(nSexFutQrdeBy)E53PG!tKe5h#w1sy0m8`jAUM>l$y
zT>X}`vsOv4)~>4QVPi<;;MeD1Upycp<EVCQRJBefbX;R-^E2iex%{=_^Ho|(^U0~@
zzY3%>>O?!j^-a<$?R6|s1!iL_#)frO<0vK>ecv^@oB<Zx+`2jCWUYiudR{&Oy?JA2
z&KlabcQ~$b_<tT;uL9+Rkm08}j+~{QU&WzK&Lb@rNQ{L)`-C)nr^u`g8?}r+=a3e4
znAx-umIKw<>2ZB-l-I#m21eR?^CL$Jx-<7U%XB5JbRO}-4T~yv8Y*63m%yAllbpJ(
zrC2PtT<b-9-YGJGU15$<%J!LEHEJA36}i~kDW_pAX+Dcm*q5=Dc;`E7ncTzZ{D&~x
z#m@`8MgoiiS<JiZ<bq?LF)O=l2o-=eDacv$@Cq?nijFbypN>b4pD1pmhW|jT|Gxbr
z9ea4w{e^*8GN}QIlVR4RrST}gbNyrRHY8v=zwmPWa~#F(bYTZ+7mnh;bb1BCTq4D?
zIkdQc2;Nh8pQsqMN#bvKy4?$SdmPu*4U>SaHM2EEy=73E^GtouW?oSL%?hZHlW5lM
z^tHoHLR9&?dj0#8ht_|kC7gzFdY9=8eAP|^>%}u^<(gj$tJT_da<qXqj_pbG#F=dT
zn??M3hTDQ1_)e^;S!=Z{R>*OufTEudum8xUR*vn}wd`^x|BJ}Dd#s3mRCZD^BvnNQ
zh{kMY5%~NQuYaAvdlT7)2MbCGofAGr*Bf1m_XH(fB_<Okv+}yd8m`>(LNDF3E=vb(
zdxb%ysa5vM_A#@(_CTXJu~3EC{+r|Q5CgAYr#@EQN$nh^Bnmw+Nr@NLftEm6OKMs#
zxYvxxL4yRPBu}$geM9|}V5rfxMdHes^5{lvE}Urtk#`Zly}c%t!M4LlP@q$tHj4v~
zaIqLfy2Qeh&7#d9pZm~aFw)j`JOOJR+2?vQS$Qh_ml3&=VPHpCOIQ`FvkoExu>k<D
z*Z=-p-#-3@R5tpJ94+6}2hsw{@K6CVsK9@9`znn!b!kDp$qHRIa<sHIKr(KY7+!;O
zgHn$hkL|#ohqTv0hh<c6Ih(Ocr)Z+;9_s!nO5z*MV*N9R!1cPMi#GA)G?ob>c9|vC
zr*0vG5CONqTAi)!2Puo~KgC3GHkhfTmD!etHR{pqgfhr`s2_&k)<~X@7Qx*~or_Ib
zcd-78dx1eIxL;yJ5THQ-cv<1;GQv0|F_v@S>m4irA|&zShLdt~Ts<yHA<`6KmlQS5
zvjind0OmFS7ZNht6gI;t`862iH2aX5YLHNX-ZD#8h-*8*(VvEym&E<Gxng%ZLb|U^
zG|HJshhe;(J5^wp26H|`7}0i;3NR6eB!l;SL~^u}F7i5dH}#RvtZx7q$xW}Dbr7}w
zx!V{+IHje~OAg<*Mg!558$miAL)!3um!;4oDnqMF8$PSgH6mUXX@1N)m#F6JI2z&G
z(AVv=zGG5JL@?5NWs!B}H?)J8Duy5t?GwGIE}hI3&xy5uT8!GM*+$CJ1x+qajdn_4
zn!lbo0J{3kph~{KSG|?3Q`XNPL1Xy>NKgy9NbXz4xZgz#Hh+El>z97X1(o7#B|Awb
z|8L@8)gz}ptSMqF!V#D7-%jC#{nChZ3?lmnIGQfm^B*UC`=Ju0VMYAEwz2t|Z8}ay
z+0>Pc754!pLxfvi)wncNK$@Tmi2biif7yqH6)x_fQi!bDyx3|C4Ku#<ggNY(7^lzh
zwUheq#NFY}j2>wzG)%}+4&^h+OgGw(&Iz0y$q*Z{i35-GKIKjJpJ!1we-9}CRsoiC
zFoB$E?fx^U;=$mTo%)sM92G|C^i*C&-1LQ1atLio42FS~rt1Fp)Q+f^Q9lI>f%CKB
z*UP|P%vMob7XZ6_7W*D~8_8gp<f;9X=z@^JJ;$OM&{PbCsMkNPJ>M#s>~Q)lf1vA+
z-MJU!cl7Uk_pqpci*G%uK?@<cBMJ95Pru3w7)QEBq3xk(vHTnM(Y{#et>2AQ4it_L
zh9wKUqXWg5HY$woYz&3dI~Z7b0gKc*GA=?G-2a+Dn-5k<W-krGUP51Ul(uG|T2}`j
z%~EgvqBITlPhpji<S@MqO6+~CzuC50RtO2h+@SyKF>Y~OyYp!EYv}ClRqOKmxQTYB
ze`u=1T1%-c!^ZiK{#PHn#}-=71rQT@3Pam;fbzSIK!DD5q^lVJ+V#xQhM5!*mhxys
zH8G3U@8flu{co7pM$S-uvz%EQqWPHe{13qjt9mx=w!^eTom@9(J;Vm)1CkP=7XF)g
zPU`#XS8HNAcgHGR>~WqDP?r|qL`d(cLu4J8oAVuL`1`K2#;-z|KZ=sP%5}pGD1WpW
ztr6an?TW9w$5A=_<^YHiHMXVX_!a*xMLiiVr!NzYK}P<Wm+5v4{NwZVKHRht0-Rzj
zGm9#mBI1h4alFW|cB|_~uEQXy*om04<J_!pHKnQcGcWJJ)H7?FkQu^FZD&*T4~bc$
zQ?BOP)f|xx8@|9iZ*&5NnLMH7n>iW7tIu=({|9bBk-tWWQexFT8v{^gU5s1U4RUFe
zI9VWqPmhm;7%)SJOwjkwiI=ytqNE%@F5dbGOnU{cvg_3Dfw-U|A8=RUTjk$bH7zLl
zI`#t!9ER>x-7Mqm%Cni${3Ti)+rKimyv`V3d*^)Te5!=DMG|-fDS*1N2$49!X$IRS
zKvOCNDzc)$7zHp8P-L^xrvlDp6-Nk$0TXOcDH#yP&-LlJ#@+8t#~*LR&d8}32Ehri
zY@UUB9>)$9>sI!SU3vA>yjHeltpx~Rl}e0D_gG~$c+ku?fLlrt>hVa3l%v;nbEFaM
zcwX|J77#`5?)%N&q(DdP2g|Ys+io~LOD2^BcZ_c%o<6>~?ym2<z21ot=9qM@Q5&A_
z?K$_#k8<Qu+4}mfgY>TUC@5vBtTj}$lNGTt76=#1lfNIm-tzaa54^2frCE}tRZ&LY
z0-$z2^xgT*c~+`wYFetQtKXL;cYCUT9H>OERjR6%DpfDL?;Y=Z$LM|PxG7)=7k5=w
z5=pyRHd(DMDikZbwL7WGxmPXscZZ(!FN5*N9EgkV`_=C9D8HfZWvK;K6@E6_ZbZx3
zRlzeiW!>v3bV5R@V--pWh}ha8*v5o}HV8o3$}C@e^ztAW$c8rKeq`KmA_g#yHUr@m
z>#E(QOrq_TcF2}VW<o6yWg=-(sVoQ)ESW5t2#t|7B}rIhN=1^TEhex4WPk%Ou@*{J
zD5lC(n`Mky7Q|FW!!{eGZL6tWEw!ZEsa8@7hE;;Bm897<yxvmFNn;X(FwSn8yki)^
zOezv=u6S0cD66fpPtq!?<;03^^w6N7J?>uU)46De61Y<;eikpFYX^{3Q1CqEG&kPo
zyRp7`B+`5*-4z^QGA1@e3}Kcw!3YLrgJKZINggFraDoVi!X^x4LGFc<jkXasHbe|y
zLGbVa=tKN3z3(r<eE&WAX@8wj57jp&*TsKaeq(;o$SzS4e?%n?t5rlz3)k$gC$Dsn
z`SZx4$v1h-h`}2L$dZx)B4xP)YCu~>g3`#`X@dlTsDc3~8p9HZN0KnnMF{al984tG
zO)y!F<1H+3G7FMOOpr+<WVYHl0mlIZwo^=^Z1o;!#b<?~%>4#s0S$0Nu7iQr^-<g?
zSKi75M}u;nFO|7<wOkzf?#9A;NzJzY-I7U`@(n!iadYaXPFzCu?6c3hW<1)x_dMhF
z=2`iD9Q$+`lj$zZA70((M5OKeX60wi*TGlazkT;^g_urg%xbjNm@35=E=5F+G$U8<
zg88o)NWcLj0OqhfP28k}oUT|&+pFE%5<tqS0!I^dX+$H(ELu_s5wf)dpS|_m@}!<Z
zjhMk`q<HH@m{TyO5v5bsI+a+71Vot{Sp<^f($i?oDWpk66Y{bi2}+Pr+cm7bX8D)a
zp1bB+&D98=V7Vhl#WWEGBvM`|=L`c|JE`hyCAGSh#F6fBn3s!bB8o{O1g=5%cX8bT
zg1e2j^X?xjPu+7OidQ5g5=@d!O#FUzoHTB@2^YMU%1ib(E2v-39oELoxW?|eHVF+F
z<(j%cgi;bHp$I7;7v`*U&yMlRDk=;xEK&)E#UU{mh@{a)fJ!MeSO@}2D3+9zRM=E#
zq|)WKu9r5}jmnB5gJ`U1v5$G&Oga>Hh8XIohVL*@&Td#>*+$;M2c!~1B4uhCbY^P_
zh}vkG3qdSI^1?>tF@tu(an~a5eRY-=uzA^Do^bAS;9@$Sm8DAoP3(%c&B8jUh^^h3
zYm^w3pl+$G!)l{;gddac!OvJAjwFYyICIGjA)U3Mb;scRLm~n-tqnGUn!VNUy%7r=
z1u}|fGM+rvg8&0Kq6TNZ<l)Q%1h#9v5WoiUJFZ}-GY4%8XKDimp{yf-Wrc@O@!sbb
zc$tZv1vpb1=n>eA2;ji!R)Gnos){+<vPeDGa}p9(auV?fLtWls0Bd!cI@a0CJ<b(#
z)^I%M`VayABmKov2*j~OL{luS6oit&O;k3LTF}ZnIiiwj!$>faOBGBpHGUgNec+rt
z&-3rpardw8*{`dWo)R5rsc)M+?~G35+hE>5W=)*$@*@nDG|<fzLzN|RQ43LK7@y#E
zYb^#>4ha6ufbbiCus`4%C>ZmxZmrO5GKyvjs|=)$WU6(NO7Vo3p265?Am%7TGJ<4&
zY^~U!$W0FMnW0*h()y`oo;k$0#uqi`?}>6@Oe0P-mX&K(W_Z|!0St!sUbDLixi9bd
zRxubTF+pNcwYJzY3RuL5$p#`gNC!91@AiL4ziw&&Z~i2Nf#nLSf3;yGR;rUMu_S+6
z7{~Sfc>1gT^Iv`Yo^!&9D|$HHf{)f6+#~`^C;ELwQAH&b)ThZ5B#Xbn41u4lA*nxn
zbEnq`<&2Y_`F88yWbT}e=6P(JRuz~r8y>!FR_eC<_q1+XUeheScfxYTLm@Z3<pXct
z@Q{JY2pAee{SWAXs}T{35F}_>ge*~zks>0hu|!iuke+%ku==1;-)~2P8~!f;VXzy1
z_rg2$#I0eGsYX#nDMd5=gn(@L_5WuoYX8&TeTSQY4RUV$zasCcs7MF<mK8{=MN?GK
zPK8fC{sqPimCx0hEk>TP^I@{l@cQjX6~V#Zt)XtiD86!`-bQ7QE(4Y-Qz{m@$<|(u
zCCGKX$}?(iTbtfIyhmYnR_=TCz~wl-G4uA!#fDa5%!bP}H3BnbHZ+;*Yg_M!-|g4l
z{<`btF8;Zv<~%beo%L1U?LhQ@O67ezw8X9vwJfAeet$o&*B#fV?rr#MUF6)$qs>;T
zPecMD0xF;slF#gKPIo2UbaZ;QZW<K?RKk;{wM9ilB{1a7L%t=T{8jHoX<G4_;zrRo
ziz033_hGWy*vX`7Ixl?Mwqh&>+}-EDy*1!Z3UkJhs(3rh(9(KdqS0t^@SnMvm}UY}
zB*fWKCNzv=V>2u_LcMs;F8@Ah^!v^{clx0#?e7=M49*&*7@}M@k&&#V)1V})DwQLW
zBTS1#$qgeU>a!%)T~RZksX-KyOUWch)7$)0Pub!4KiN9wUaCT<fe-S*kzDM;tqj^4
zsdR}g4HZ<h)lyTq64FRK^XVZC!V^8R(+aSUTc~ZHIFpfcW1pToM{(Cavo@1)c(wCr
z-H1#|a{AJmGE&GMj)~EV3@G#Gy`*l%O2ADmdDv}&7$gkvgZK$B06aeYeeb&MR&Knn
ztj+=WaDPmdh=)<3ZDN#3ufJ#eOg;Q-&iSrxyRP@%*LC9nCdCF25t0VWu>X=WEoFbB
zW42wkU5?QjxvjZsOGXSOqQYYZ2#gX;n4?1Z`TP8}cw!SNPOkJ?VM7W&{QQn$KD$!x
zFiNl?zUPgTY!YIrv%kK2^PUw`z%PDuT9}kF1UYhwo($~#I_Al!8lt4u>OH{7SmZxI
zlfWQ-uNhnP{%`iI{#1HZB?VCm5g^etx|U%DcklQ2`TYKezt`)mUU%8|JiFy_KcJ~e
zO;XcUMNqoWNHwp!>GXHaCk~u_I#BCV8^o9)FDUVu=Fi6@qHB?ob~K$aG*~?SX~yoD
zwqvE2jr8wz(@%w8bT41u`2GC;e}7Nr{coBnVG#wUvob7*>-hffzs`5+=DyL);SD^K
zSKby^f&9g~DXLh?c>sqle|n&K&k)g?kb;G;_nI<FprcYUa>}1w#LNasFPA1;d|Fwq
zYR_c8=wE+-UcCCZpM3k*hQ9WvUo`W3zROQHHv^;z>eWgTil8Y_7E)0R(+;JjVHIJ*
zl0u9H(RXglTZMDD>!pnZQ6o)E>Q+%4OtmaZB2ol^066|!Dx1Kz)v5dGRg1&lh!(Q%
z@9Z0X)*@OPDMF-_l(kgLQxY^nwrTxr8};$}KKMTm;p-3W{w(NjR7M-EpAeY?KT)Y@
zK6p4B&^#*Qd`Sog^a36J{a*ig-`afqJ_if<P_pWRScYP$QmSqH1UuAnz3*V(cG8yd
zKDAxH-+=yU{E-D9l_6C@N9iDpB>iV_JpN%Ko?msX9@(gBg=Ta!3wxO`Ct4uF|Ej_8
zBPvu5AB&RU9v)S}w`otn0r&zReeb@=<pm{oDYC>@R?D_v(=_PBz}3dp6vz+_+aW-R
z2&5B%)rP@TVG7}Ki0jJ^1B8kYPP_sfK?d_27;0s<FxFHuvdLFKy2VyF>B*)lH8j{D
zf&hmQ1uKO|Fv=>o1z^z&fgF;$M4@3I5J(ENa%2b?MJC6PQ4TymcQ}*Jqvqni?aTMQ
z#C7bu&jXIH9XqW9?zl&i=iYkvzHdSEbX3e&yhH2S)AP^JFc8=+5s;1=TLiO9ATpF{
z%y=0ET7(fHV5o>DP(qFoYQtj{K*1!FB6wO3+`)1JDhL;h<_aXrD2h)vzANu;PqQrp
zCM-hW872`}3Ud-|nJf-K1Wl=oNs6WzCr%h)BM9ucR?Rh(lBrZxGXs*TAYw&?Z4QNC
zO0bqBl^IJ50~r_q8itibG8TUPG2j`x!2YoQ34cZGU)Qtr9>`GTdmY(~B?YxnU2gVx
zJ*WiU0j=E=FUr918vqb!uEEpM-2rkyIeq6ZbA0Zs-*Ml95=;g!cmNSPo$%ZW_1vrk
zk7*m+z|G0v)sr%S>sRLC;m-J1oJ{j@g(NrF4@Y%qj;-gH!Vn7*5Ez6b=JspKmEgFP
z0x1dgW9lW0Ee{#PwbDN8*nQ``>L-Ym&IGdu2Ae2ionK7s+VD**#m#rwO<3;7-FDi|
z&6iK>VO|dUuY5{hBA_nN_#PTW?vr?QgMO+Tn`eIchgZB8(es4lv5)TTYdvqQ4Y0m$
zn5+uCN7<NeU02^>4Pyi(@3&lEZ!WRlV;>ZNLSjm4_sdW3J#IrRf$U@6>tn&~p1#vN
z>NoWXEd-S&g-Vy7eamZK#zaz?LvG%8P3a_#p4Q5DKIvUm!`=lDk_eID9&nK&L@u{`
z8}nM`+}itts=d29Sr2@sTN*2^>go_Y6pD3RxjYrPK?qlP=F0@_x66FI4f(;f2kw%Q
z=DqIr^y{4Co2a%omtwBetI1Q+HO;B+pv7EQUiEkm8Bh)va^%5+u9_%2_1J|3b>Zeh
zpFmVBectOPpPHB3y!}0NUf#&?asbxo#dQ*ujz1z%+7^9vntNWVkZ)aHBaYc$mh0~A
z<PdgO@ZbnIFp-&%O|f21v1TTdWOe6xXH&NqP7$An!J!R;m*A)F{SUjuLBEHE9bpv5
za^pzwZ^MJ^st9HCP#)R(8}FCC6#H+tyjpjaRXyZ#!A$@ZOVa9LLK&;V>g>Q7YVTD>
z$Lv1*?+wZ9ZI8So?~3T$^;C+Ak23Pg%DljWh$4z2JE3hvS!jr)=Im;)awUmn78Ey%
zfokAUZPivlEU_??p|eDq840$5q=db#U@!{G)nKJrnJ~<<#Jg;A>}v3*6}G^!l&qTy
z-rslCSG~${E5pweW2?JYarlUeczKD0MOBnhQ)=?w^wp0luc4t&SF+t5w=Y7HKJgS%
z3)h!O5SLAr+Tv!)qeGY;@|urPDs;Jev}R{zWiC0ctUUguJFe{oD?WdH^piRB7g{u(
zt2V_@a&gSr*u$gMcX~591QCn3c4_*)%lXy{sPh=lyQ}Y}=o`21(SG7y_V>GtpT8{)
z`<h+l`Lv!E>P*^`Vl+~?YzDe_2aab!rVzMbSP2Sn_M4w_4U9U5U=7M2O=>QK?M8;O
z1Q8VR9k7hCc!ppG5DDhk&30??cJo8t%d2$~PTKO100SGSEijQb%P>-??p@1#F1g1f
zkls42CeqtPY^=;FR96~Q-cpvRb9dcR;#E4a+Oy&XTFd6ET3ES|dwK7XNY5&p6)8>%
ztdrdZ>Y6X6u%KClf+rBxixdvbi4+uR8ABUlbcn`<PR$w!*=+}2gC!SSl(%7i8zpIY
z8Kd4gHm)pDrBZ~_3@25Bq)m{Qf|1&$RY6*04U65`CbUM5C<mo-xX(4wb+D2HDntg&
zED#7gbT=_NpsR4%td*uRHh|JZiflz<kZ&=!nn3Yn@m*ldkwpL;kUbY@L3T?Glt}_>
zSdoS_<RFycd({W3qogbojCfwaRcpyVWBqz61;VnU6qa2O=2J|lr6EYwQn2#^-T9pT
zdF7qgFX!U*=H(Sj@2f+1WnmxzY(EOoR28Zy2~@v$><VC2FuNF0%@r|XOr=v66ALpU
zsxd@b&*`B*d}u7elR;<cDqimnm_#{qc%Xf}mkOgL$S6rTW0La=hje8?oV|Y7dPoQK
zAWYZx|10ml=kPn|{5|CT{(n7HRMJ?g5lPZosam3%S}35ue}cY!(_Pn>r|sv*iE?-n
zt&u_+)IktD>Tr-Rzkfs!2_TUKXr@z5dPxKASZB6eiW>@|&da&|X7p=8fo<8l3;lCR
zt?-2XWc|D#Yb9PEBtGc8{j<T_2h66r*IHI@?=<b{NJlEALuir~EYlK7D-@)HHE9Ya
zA=I!c=A%vpos<!VvaF<2VyraiN-BcWp-Psaax0>$sX`*Emp3@x|6%+4SLJZy-T!@C
z>YA**r+nM_-MeZfkcK)gySpwLsI;UlRYe4oNJ$kEl(bN63P=Kh77}XbEAImj?xx+E
zH?s*Lq{(op4X5P&MnJMo)a}n}%OU$k25N%B&DcM=qYWYP%$m)4MCte;4ShTj&yU%4
za-Y{{<v)QgmZc3MQUrifNFY)KlntBcI#zyvRY)iBiH!FSndbY$zCK+OAL&C>wJ54;
zim)w_5R!e}9sa*sJ9?5_(1sy#3UzZ<eX@hc9ND?BFtDwKXM4RcHk&=|+u;5R_IEso
zSau$Hz`()neF+2i$0+f%{s;H>^ZOM439~e!EH#y)7#gLaRi!I>;QPK`hoIhRJ@;m0
zpv`6b=lh16O*5sma0Wj8J9{6bKR{^%L3SPn=gbQAq5MG5KiDt}lYO)X0BcxgK)E<^
zGJ5NoK9G}K{a=0$+3vUY_h<C0{uO2wnU^9-ma12OpXsCDnB=J4!*_T!8T9ae>>lv*
z_w^JKDHI*2)w~*#G^Gl(n$M3r`LzzmXMUy+^+R(;xrCBr%X64Vr)K`WNrp}H0_5>L
zvkm$71#Y^{fkQqZ9(y;!i)z12qYLNjp9-qS`KGF=1u1F~Q79@!RjJSvv!T+eqa+BS
zQUZz=nHGd}t4UOgRaHeUYjx-DRhqBl`@Hq4WauW(`9&j{f?8UtMFxthZg+PuJ9oVs
zWVWy0<s0kPzbnSLNmIJO%J!ikUuYFnr~+7QtAln_M@9x~SD>m5QKPU4=ijyCkL>%v
z!}~99>-YN{xnJ_7nWoGng$SZVln@uD`#bn(JF`c%NBmPe_~uS#kO_Y+6+%?1X({v}
zXadMjFZi4HnPF5{4ctD>AI7yu->m19cv>8(VDf^pd2&?u;E?az_jG$L&#D%Fs8;n~
zo3vl$riEEWN=ju2sHHVsGy2W%&3NWt$2G4P`#oCcjx#Rf6=+%h_>xLNc?1*yfvx~#
z{_RhK0|g!%try|pHg80BbNSH@>Wy6mrP={NSFj|>^XBzyVf}xtzn<POUEKdy`T7#c
z5>pZt5i7(Ld_gJIpt&5bpKbq8@6ngKV$X-Y?{8nemvHHDb>42VMvBzL1X3!+ixvox
zME!pje`d>=CJ}n~w${O{mh!%zHJ3cDS%|%A)~P(|wW{-pdFKrmY?ZBD6!ubYG=Bn(
zmi?80)BSkrvsjB&b#$uU8r*F#s7W`1lPjt*Af<*t3ox*Qc-w%H1ei!{Fp!WitHo#t
zmJmlA4CPfpVk;t0;kHPU7$9;I5daWIMN7EQWH=ov3=~jYFhC|qU^ho`?|0WcdHb0`
z<4)2Fd|kfK-HHsuHD;o@dQDzK6&e!sR+Qi@l7%&_MVzo(E+il#C>~M~t*1*OmQ1LJ
zaDqh!Fo0#&#3B;bBZ9D_F)=M=sNQ8l65@9X$P=~PvfL1|%1)5wQ9uHe!!l%8hyok)
z_aA$oy}e%!*yo1{u$IAz#tv(VbaQuc!DSMQl~61&fTSp`3!xGu%FtBl1R1iEtRmQ1
zGN>p;BM750P>A7iL=2ht_5JrA?EW#h!vu64Ja6=h(MNd~yQX|o*2mRzv}r?%QLH&f
zhQq#i8WRm{%`}izE`k!;D`DNlE_Aw2At!ox6{~dkue$HFRsz_dr907UNUG5sp4Enh
z+lXHpZ193j<ze49j<Af9Ng!GPu#z#7NDN^K6p$qD<!hOwJm&e=xII+F8v93LX0HTv
z$9V4_E|qwNV6DFz6z*9-(pV<7HBne!^?lm(i<eh)?GYEz{<GWfr{4~5GDY=CqseD>
z(NM0s-&H|eG&9^ju5HM)jtf&7S@k|pPAhM4(Wt93MW}o;cY8owxJ|EosP4;WuDe-Z
zHH@X4tJ#N;_>;dAYfiPjh+!<N+~x4itKOGeHmQy8v)4$?Dd*H*KbO)4CFSsA>vg-d
zCE@zSBL(fNN|tr6y0*=A=`->yYT*6htffUwEv(u<U3caB(CGVCpDsXrbOJ1*B__b5
zQlEW}^PYYj-IMo~r;F7@C?b}vSflv`JE1GfyWbF=A@=XOtmv8b%lmS*jR;bryD4Z|
zN!{w}Hl2#Zc=X=sy?-2F{504sjCHm3VnChVzl7nBShw=m^?OC1fvW0e?R7tn<==PR
z)M<l9;wd+CK2Cim@cZw+?B<mcrqnkQ_B1ZW)twY`TE29Nw{nhkXsnrMFqNT0q;^e*
z?YjH!&0lW)^c0AY;L9CXoMo-HIp@@-@XLn&c7E0k5SLdZcq~}gZRc;*_uqZ=l2mMG
zW}mNeWqo%$xbiQ#(RLKn4dL=qy9bzdH)IpW+hmdnO`&{D>)*Bb&nOIEn~M>TT#gr8
z)$1*qt=Vb4Ro9S^$V3Ssz+`~Q7!n*EJx<@XTkf`ZndQ!vu3tCdjM&zC>KcG|OQY2D
z+^B8Z&|xZwS(c2CKIjR%>+myd>i*5X_%b>fboRjgGT#-zRjP|~Jo|?XS%OOird{|W
zv_jsJ<cTDk2RF{>%bezUX0E&wgI+fu9RsKg^a^IvS8nq`71W*Ltl0az9c6*NOQqn~
z;hpbnU~?oHla2ybAQ1r7^#xhVy7v~{D(VZ*wptlY+Y($-Mm*sJBxDjG2t*<jaa)Xs
zZK}C<@J<u$k4H>ECSSPbd*Kseg)%1JV^aOL`tIw#4?`CBhTCmjH$~a1i#G{`F4hR(
zHF0JFc-{!~zBc2?Cn|mdAnU4#+$Ipb8D$zYQG#j$U|B+~z!EqS1l^7x`Ks`Tu$+$K
zG<J;uoho)W9F9kD;EutNBOzjiFpv;r5y<SqmI4x*UIPOf-Wc^OnAApAAeDeaO28sv
zC+f0egy4+_f$+nj!R1zJ4++~n0+W$NCR#TFPgLl5VO=l~+7y#s;9_j|)9%9x``Mky
zf#C}uz&^@3&izY;QL3!1`g^$!xo=b?<TDvaHY5r#<i!L{nB2mDt|aQFV@;V8K|>&b
zC|GgBBLGHbAt8}A;E`czf@zf6B1o%PMKvsfQ)F()B{Yf}fY)UpAZo6pr{AO2FKz4}
z3G=?cfkUr>`twHX%--L-?@-tkP^%dJ$z8lCFR|T=(R;O8c9z>;E|c%8Tc+RNeI%E9
zWyaX<2XJ-F*W~SeZ?itnu;lEh*B`Dl@9O&ZpWCAJV>z{&Zq-)5s=oW_^sze5eb%&>
z_Wi$3=NN?o>$e@2i73t)g1RbTOqses9!lySFqW_o1z|W&U}yqBCsMUgmbGdgI8RSB
zFOD#lZtR*iFDo(vPiRIcQVH*&!;%O@FhGrpGzdjf^&}ufco0@Xew)YL`|%?A=biXL
zd96bW8s}J94XkD!iyo}eTd0CjJ7t<d2-kF`SVY1|W)wBnE~akK8!&{9!2Mqi&J$DO
z;9?@%6>JbmvBX@qhuR+km<~DsU9tqj5He=~pqGOq7>4k`_HS!YtQgN7dan0`ut0+Z
zF!#~Q22v%(P4$yxq7Yg=C81~q7;2fTbfK>Kz<CE&io46eKnI%6_bs&soIxQT!LPx-
z=i#q*?dH$8bVyqtq?eYfX*@SQusTBV5JhUfUHirmfdKT0-+=$EQ6#9UsV%J(R;XFX
zHH4O8bjGM)Y9U}n%8DfGDlJsXwGxscMJ*9(kw&VSriQ9y5Q;?u?*4Q<i|g;J@tj`v
zJ&V?TzmfTSzHZ@}<&>T#0RXrkk|-!BiBv9;VPcX?Le)y7z~)AXVyY-rSU;{Egfite
z7ZDVQjFvRZQzx%~9;^AQ&cR=F@$?>jdmI4-1^&C-2aNP#Q>mKF$lj}3IgL!7C0q4)
zy?<v_$M`w%5fU?}G*N1y`}zHTx{rJKuK%*XzN84%NM0^)>zW6>>i(j<l1Brty6ugM
zm5r=sWR3Smm}E8W6Y4o;6(j>LLdrF|tPkWrFwba}=tvnu@%!SqeN-OO={3gcq?`UA
z)1g?k6isDSr6{L4RHegTv(6s-uD{<|jrwOO@Q~D#^&wO}-08|4zN+znVvVTLww6it
zOM|^tfrw}JdA}JG&EF1m`pUl^V0j@gMzFdIOOKc3VR{O$Js~G<dD(x?@5lT5+<#x$
zU!ea#Y|W)tN*0=efhAB<QZt!<-ur%SeLlPH8NFH5o<2V~o_Kr4Kd7Rbkrt=YNea2<
zN#iH;`goTp)XittKKq%(vsd1gVdp)$pbV4s{)Cgi8eVjL^1k3KfjygE*G;0Re+_lT
z!Y<MT+_|{A?aoNFNeWY{qRi!-=^IrdEX0XGl`>Se5=_-l=OMoD63)ys-`n#uCC`!X
zoH6ZHona5u)=5&PfzVY|2&~AGjVxNKsz<^AcI2_1GQXx59iBBTnh)(}1g*-3jZdu4
z2>`#}ze*22KUtqO_};+&7H*VbOG{8_s-ZKbZ=czIZo7@|9pAd{_P3a_Nhn}IVz86>
zYO1JRbN2BTHY&U>YK^lR#wlV|RRKgr&UQbq9{t<*TA*hvx#XJtT-Q0SO|SHivgeQx
z$WhxUfF6Voe@^9j_Mqla_ucb)=hs!U`v6)+U{Y3^XjKu0g)F2+5<rtz3@B;gL8<WH
zzpg?N<f%a6%D)Hj{&?FP_PGAWWRa+9WMotO-J@e{XwYWCjE1qA3L8EC1CwR)7?bu%
za1W}CUCAzQ2(P8f2v5-MmKsD(%P8wnB#4HmunG6x<^4Q$=4sxt#v}aGRZ7rNDMhNK
zl|@xWTB<0#{CE2{*0ntMhNSEKYarEcQpOOTg8+xBv0v(?6sm&0yliV5b=!<u0ZjyC
zg2f^*QDP`Oo*{?y+7;60?!KCt*;V|By`25HP%t;KC<43>?~I!b{*pt5U%RYgw?CLH
zRUIu-)l*ea$f77Y!jvpRqLi}ewWf#_Wn`@=pw>znC6riLa)~)*(v?)z6I4}7^!wcX
z*Ie#i_)-0x`#d+w*87(LJyaw?rAkSpq}JIrR{fczA%KZrj%CZYUAvvm>=|hpBFzlw
zZB4(T0F!BqrcoB@wvOuQWr--04J9eGWus$$UsvwEZ*_h2KeazuGj%BC2k$?il*>K$
z=m39nhZ48@&%yTUkKHHmc8Z~@D5#ZGF!x>azWw#zwVlRH`lqZr<wMSDNKPsuNFpk*
zViO`J*1w(3xp#8<rJ{|bj{|6si5GOK5sDxz1qdLjG4r~I_phH}U#LCL=UBtxyYTRL
z=cs#MbHG0H7n`2ggQ56%6Tl$}C!bfF3&pD=(u_@I=4!K8T|gC;$Y78`g(k)zLwK>A
zxgm@hibz2)FxCM`1g0%+3?ww1k_PTzHMawGfQweBGLjO(NiQPIv1L#}0Cqy=0|Oz7
za#3MIW;29>DM{Cm8kQ1WYTF4UT&<iS;$j<V!YvBiqLDPZ!tfMQ7pu2bZLmaQWJOpY
z!d3?zXp}`Rv2xtBCO}B64~y3d2j6|;%arwed%Ng`6z)X(yzN|l?Ya5A-tTQVYNreL
zyM#du(i1S)1k7?!X{cbhZI)IL6t>g`8m!dGa>T4<R*bw0!yL#uNnsd~f|!#=Y%UQp
zwWB36>L)JUTb(V<a*JfrtQ4XqlB^JwmdiyX<5fCTQZ!D}HBh3<5vK@&B$2A6q^d_y
z^0(d_{k?N#6P(tK<h+DHc4&KE`NhiRTY2wM?<B|@LzFx>eeR|Fy&g)8)F>|Q7P(#+
zYeIl~!z|6BW8H~wuoK|i(KmEo3(GRttwUJ8N1815Z2~d&F^E=TjC<aDG+6_D3y03_
zSR+8_k_%G0#;GNe9Gk73B|EN@`^&zso@W{N#BawwBR;(q)d}19b>7Eg6Bs0O?C+&4
z8*oLm=DDcu6=*BYyP4vj-FCMen;*^0?D@BOebDN)^S7FNv}5`1Oy_cEFH1pj;q>cT
zJ|+Fs{s4}okJBb2FJ#OUyX{LLr}x|U$C3MNUC0UL*XsjEdHAs`{c`)eI_cMU)+61o
znfqWLXLj~rpxc5C>lnA=_1u+JS@Yhwk4pNN-G4CiZ@%r4Nm+JX_f~cB8@el~M|~>0
zBsUlU!H^O#m!rdc<hwd&OQben(YlJvz(wR4FS@sSs~D5n<|wepQkJgdO$vRbQ|-1e
z!+?ak>vuD*=s}frSC}Yd!y&vX9j5)*FH)Ruh5NvJ7;5h6M5VWztqjd0Ln6V#*}kY9
zDO@j9*my4M?96>CT-MAD(V#342?S8>weN3M#+~N-r(km}*DO-(dR{)64f=Zf-E^tH
zJM;I>XuMd-4Tj=nVi|x0!Uk|4m~n(L`|zh@c;~84(v~vYrkl2@G#F?ghlW!H9ggAQ
zaP(z}ci2yW_&+&zid2daG;FwYT<%>}xW+Dvk~XH-3cGur{Rkv^7&jjqeXmX9U=AVO
zx_~V_fv`y2z#9h(5aKIC5Fr#wwrJTVse`K2rll*ggaDO;W~2))Sm2bYd)>8o8<cgl
zT1rM(6mV!}^5_#N<1phS&;c3FHk&CFh)D#vW)L4l@wOWp8j&W-MJCg2KD)Z^mGMi=
zSC{l2bJ5Emf=chh@)(Xr7)}YxIut#R7CBJfwhc71KpGGUAnA<>jnT$ccKvK09_51x
zEA=(T=~ZHu3JfM<qsj)Mh}{ZA$wv*ASb&UP9u6;uu!E^>`}>NFqWM!u<yKUfs6`Q)
z?z(R6rFT^w#di%0`&W2*5fxTHTvt(}AEUj|Fdu@9uMLrSadlULGCO#8pK;yKO)$m$
z{dxU<Fuoa??<e5JR}P!b>BecY!n)}z4$^ZH{&&(dX|J1qee{yPc+OIKGG{&eI<j8%
z(k0{j;m&qp$n$Rq`r+%pzRk~&Utay0k2-}S?w5B>txs^7FqfZi)9<AF;l6Y(ws6_*
zK1wgmun*YT45pbVU=Wk)n<lWxOoo^pGgzh>2*n8@L0B5tXpktfV7v7~AV${&oI#Kv
zJVdmom;f5wTg;acNS;hQkBsMR?b;EbiVmUx7^6J+%9(3k#8A|*q{}*UHSLU=1$fTu
zWfW2x(k<}oZAmuUZP%%L^^4=#dp~_onx4e3;U0G<t_?zfDF9|*s3h^OA{K@S!$~}i
zlF~rwu<6CeBSDaey!r@Eha?(lv5E*7u%d5}hAlm+8%jX9fJOq05;DzTnhgRrP)#Q+
zNHQ=u#ZB(lakQ0Tl?zGT8tP!VwwN73gQnrqu&DE7OjckgYStr~;ARIBP4pc2j?`Mf
zyInbGDAH4_OB$h8DUgGzR^Vhc2%C5r%SbUXu&_CV-fv!F-CJQQt=^uNc1M-r8_<*B
zs+B^C@d%PqKFP)|)%??$`|IK*J>S|@czg-AGO4x{KeDD~i2fK(K-NmeFz)0kO2UCO
zktmIq2!Bv=rvFGo-5OpQGbR^M*nYWr%-&7icM18HP5MF}e0%%#U>^J1hL7zUD5=a+
zij|>C89$$Yf3NTQ-`DHEqhEQlb(*Sy&i#IQR!ssR2#`QXHj!kc+bU{Jr4m|MQH`dU
z%9SdTx9aWA?o}gSz%9c-Nl`MQwF)^^O*Gg_32Mm2F3>VrYNARjD=sui3OY!jkKeom
zsA#d)cw~B2y8f4C%#{lSKTD~TjC|I;l;6jXeDTtI)|<_+LvpTx`R{w%{D0G=kX52&
zL@BWh;b@kq83br0hNU4yRdh-U3aT?iMOhm;LZ+&rs*69rd;E0tz8{3$9p?VYz3Tq*
zyF}ZFQaWfWx#eIl9l}ZSvPl6|Q43I2Y>BKzwTd>j`Cr7gkfM=7S2Z$<u~k+`T@<j?
z=3@JH!sXdax@57Ujb){SV_7vA#^7xgxojgNM9N5{lHBPhcWb)s3@L>$2)V7yi3TLG
zmsR*)em*}p+nKpir}qPU-p6vNKYL(u=rtiLmzW9c0)KFsIrRl){~Ct@Sg5F}{FIb|
zND`6+j32an@*+hAX&87fd_S36$ktzSPg=a}gd!jS#8>k|p<I&Ujbzt{BBZn?ffsew
zl9@(IHjKt&WC*}U3{foDcBC}7{UwM7!iq7EpIaJthk80!SnlI(U0CX64rNAIU7e7V
z*}nbz+pyQ5jL+4*aMia0n!KVBznROrhjq@$$U5Ws=MG=8k9{4#z1@B1H9+ugjAi*p
zp8*JCMt>)9+U_p<@w8F4jcJm`AjK40CekWV5Pm&jsD1oUF%XjT_Cq0M>ca*@_UtS?
zWkEE7`@5=i88z{&!g~S-=y%eoqQ5U}_urlDwO{I1m5oqP%4(<*L~(KdJMZcb?);dN
zone+T_Q4E~z=7i{DO!?AOI0M6$!~4`GZUs?-VWyqYLp~hiBxG=(Hazzkxo0Qq$#8p
zDM9=nIoyOSC6r2%2a;4Pg-CxxUtea*l~o~7YjTO;5dPPq(4W=szn)w7#qI6xzl_Bc
zAqoZ)C`^fxNurT~ki}J1MBh*B{pXkOuGgQ(Jo(*np8f@l0Ki5-ViXej(h{=6zWvh+
z&m@p#fj_ePVUQ5RH~R_D9qNibAO)DI`}G|CcK-K|@E^*=P+0{<V4$Jdsr-9>{XDM>
zKCSmTpsMe2=Kk>A_IMu<{y!rYD4_lzh=UdcH4R@sRQ^Wu_qsI0NjLoiMTW8<Kq%GE
z*;slK72oe(czzG%MNm~yMMX`1{p&+#9eJ+bJpO0es7+l;J5>+LD8b<*J)rM9VNm||
z7Y}tu=sVuZvp-RHQV%6Vc|8IT;qrd%ek7kVPk%}P+&__Gj6<F9-?jafT6?3-^V2ov
zt3iJu{D{qvhWCepMsEVi=|_YB)&S;r28*o27&l{ZyvUYEupoR8fh6NNDZ4JkE8MGZ
zxqyY;kA28x2OnPGM7wtveZlA6C4D#5!hOu}#F_WLy6_XS;YG^#ERG=6hRgy6u@Ee8
z0S*fUBC1-XZ@jO#-h7*{eI86E-*g)23HPHIETTjTA~c8(GSy=t;mjZca9QuF_TK>I
zJ@eS-Du;9(9_$|Cz@ez_y(y2r@4owG+*UpHjy*Yo#0bJhIwio=0@6rUwn+v^q^lMa
zg{f<o5fGN%0&)Y0ikW7J-a;<Zt<<|$T_D#>k-88fC1Ex!qR|RT36)`)hO(AXhh|$u
zrKt%hnvEq;=Q*{3QgpSOT1>!{lEUXWRU&IToK|%?{ZIPbKevB)T)%IC?{@|_6fIq7
z8`>(>P=*QtGClXVy7W!_{O)^(CBxb&)|U1SH~<2bN7B9Tdp*RC@*CBZGZ=>I_oZwv
z+&J17d#z~j6W#;Eo>yi(ouTdDXah^m5zKq#VIJTCCrsY8=QfS`=BT||z@8p#D(Q!e
z*c@KfwQnD7umt%ck?V?8W$85(k0NS~_TKK(>B@0uWedy5y$sJr1w<-jvH{E8AKv&&
zfiG<OBpVJj42;{R`94d$U~TlB{XF`<L%{vv_m|h<Q%0S^DF}F$#t7=E>&m;z#)I+o
z?{^3J1%DqMwlBmPEN+ho3Ozf$!O?r-ySdH!K}@MO*%rkXE~_%Q0ui@idWYNj=N&;Q
z!G7|iLXTMYNRAa2@%X=4KY4nD_<{^!x8!%_yF%Hj5id_xP}*i_%)L(*O0zDjN_u|!
zxVPPYL|Nf`Uq7-pT!1PkY~C+!g?BkyyreDBHDhMZ*F;QG3bt0&VXeJ2nxeDa%^FxA
z8u;KBq-4*g1uFhEESp!Uy(3p~=NV%+s8Oobwl0wF-NKUgA)0e{i08f1mO8SXPpxJh
zlcS%sMqqj$k}vYVlY35-akrG1BdQY``&lnh^&hQEyAv*t5_XZ)q7Pl{-svS&=IFML
z6?NT*dN;}WZAuH>Xi`x-?5n-1a<XE@xU5NSwOIsqKR<dwm^*znB3`lPynCSGi+O=&
z-D`Kga`(_G2Y@n0L<En#FotiIrV&HU1=Fg<w1ebVU}aq_&3aUm1xl3q<G$HyP|<6{
zuH6mTin*04!%Rs|rS@j_g;{XN0rzU9&Si|-A`(Vanb@nQTqy7=Eza%J?=k8KnY-)p
z9nPVu+Z!_H84w;SFR~|4`=yiN_2oVF@bt~WMBz&WEPITX<HDPC+%|giD{fu%*VuQ5
zYn{5|vFqFyNhwsAs@)Z?ZWBa=V91COVG?x0;WkkEn3c-8REnl0cH98Uim2rcCL=pb
zF<CH^P?utcgpOBU_^5C{ys{zl>5d(w`e5>=FP7)&wN-uc<HQ^~=DWglwgZJeu3Mr$
zd`zd!R&e-jw~;}8%iQLaOMT^xc=6#qz8`}<@8sRb$H#tU<BU(Hya|;{38TVx-46iA
z=1Or6@w2=q;LE`*WQ5%<xu~^icDgSZ(J)B>_(XSmj<|!t?pWC3GC{BhxM1Q7ha5y+
zTa^$_At2iU0E7+<t-bkApf^}ta7w*J5O!uP57+QXAayBUNL2SJ$j9@cedQ!fVL}K>
zgpwmdF$+;ikuYR<!7MouMFOLODBO*(!Vu;*(gl)Bm<WY75}4p*u+wh{D5BC%C?t|a
zBoVnH3POxf5<-kNqF||h_<VR#g&ebT=MCM)FZi+>HBcdQa^59VG&xqQ*P_y`Ep+KE
zwVyZl-$_)<RgA;9FJ$^&#qqAny1dzgHfDSbZ&Eq9K6!)hx9_)icL(1?k|^Q2PVk-H
z=IzA=P>h#%Hg3Klj(=BD(S#2N&{#Eol(N<v`*g1gMHFdjkX)+Xth&<nj796KSjAXD
z78(Kj7HFE`0qPzA(vL+o1e4Mt!jp&ZNhmzSekgejVP!}|k<}j{g*Di#265b0Bdp1y
z_-8t>L@3W@73+@}?M;DnNJt>kh`%8FOefI`quQFZdU<`JwBL#+r^gjo0c%VVSdlxg
z+aC>vbOt(uk`E6>m^+;#K@7H2f-yPQW60!MFaQN0OLxbZt-B7Us=)MiBNFC_!KV)h
zl?Mbpw?_E%o7BY_qn49h5dzqoupya)VB1AH>#5PK;Gx$pv2$kX6nC^EWTWawiu(BS
zeAnV6q%8soDVYT<6wnY<G6=>=NPr?pOuc;g-oE-gefd1T({1kz*(9F`sHzHrELB+)
zL{Sk4eaUk<#^=VX%iYy9Vp>n&Ggjxecm|C3-WjiZf$uP&G+_-5)GI{%h=L+2iCI|P
z)|YqYxBEQzT-F|UmR$H?i&Jz>eou9hK{GruHnKn-z041)a^Cx>XpneF1#Jedd?LA?
z{bl*1ChBdqA@cw~L-N6jkx@}pRYVm<cj>CxXYbcndgiu!s+!l3tCW^8L5x&b#VZ)1
zV*)XXlNhQog(fj-uh}M0NV8Vitz&AVZCKja+O$=u+gdi-i$V%O52!y$3GZx_BMvY$
zR5G{aeaLHvbp~2{vCZfvz7lxDnk%3rGD$gG_HO!wFZL423Du9&&er=?+K~JP)<!X7
zcdy&Ne#bXdPjZjWGG3aM=t(cRZKSooX%w4n8)(*T`$6RcMe4jxpK>3u?L)f1#<m-s
zgD4Q1Z^IZ6Dyy5LX0Ji{n&I!g?H=cnPcL(__4!4TizdYqMGTTkX2gN9L5d9+0t``5
zSOfLC*R{_-QLZ^$x|i<n%1v#4>ZLU?0GLV!7?9tWAAPwvPL<*MYjxsoY|PO~Vb5yw
zJ_NiwEP<~wQLM1Do@HdLS8g8rFSir4SpJ5XssM<+KK-Uwm)>q>cFm`r_T;tJ`a(iO
z;Z#`|NJx1Cjo;=4#N_3~yVgS(&QMr0B#`YAxLIcTvnwxf^WQs7)@LOB1r=3bBBCQC
zo^!mqKJIqR*X=bmzj>VRd>}v%q(zJv00T0sp`(Rp$Y^0@wMXfhg>O}IP~QBo+pTOc
zv*Ud8-Irzl4v46%5mrBq4%&Qe(Vq3az7^)_z<~hzAfgEZ0d#rJ?o2ZZfxgfMmz%;_
z;7JPClu$Fub!Rj0eLc6%zXeAKlxCn9fWZt=Ral6OMO9Sh%wC&y&y3?-)!vNp*}CnY
zS9)t?C!z!hf)Izp1<eo$0su0a#cIfqg0cDO<#SNO-sTdv6~N^p7e;U02K5RJ*lm!;
z1MIc!eE<V_m!s6f=mj9Cq9_U?h@Wtw^61~5Uue&(-#M(amFIP+5ChOpghnX9NhDbb
z76PJ=-!@MUP@V*lmErmY1$1!TPkg`7;k*h1zp_H)vzlzlmJg<V`}grfi4Ce(7Ai7S
zL<l2<mR1MePT|kqyB9V+^YPg1B;m)iw2USi@h23^W2OQ!5gbnigh?sF2=~`yc{3+=
z(sFs^;U)QeaCyY#Ib~u%&Hzo2;!gm8mqJ7~iH%_-x*}i~7;#LLyaI(_$sC4Og`l}^
zVhmE-NYWz-+(Z-zfE;-pJAL%12#6Oab_aSIMNY2w-pq6%b4r<I+?0z=Fi}lwQ&ObX
zk$|eOy=GnHxmwn<NC`ER-9T`@kBiTztBo_aKL|Uc&Q2y51B)r7%npY^M8pzK(}m?%
zAk&mvhRog4oF&0fhf=ggnt^kM9SWncj!GvASV|IHh{%qVYLvlgWk#fTzC8D6?>Bt<
z6{wY4=5efu<M68RcaJ=I@ZUjp+0oT_H@Wr^<fWak^6?RZ`+K44vjNN=9N)A*C`ZJ`
zwOr#w^E>Zg-#9aBTQ`%#z(QFpbe#{N(g*W_G+Cb)2xB;B*eHCoP44>ciZg!P&#K<(
zyPs;JS*Mo46LZ$LRllOGHCgn*+d>dp3%=5H#4yqwPbqxg%S8H?ktXL~*W1!^%lmk>
z)fUUYh|^b>_K&7HsaA<IX;=!!ue+=kRc>a+`mMApGpm*EP0Xqgci4p5NmFu8J@+l4
zd3do$&lVwuKdU0@Uww11>ULS$Gv+(M@qHGDYEsMV-5J&vv-N!tvSa!j*cTtJlBH5P
z(f3IdZ!aEY?AtBvQx)3tw*KxLgzyGIBP59gkoSdor`eqLleAcm!oO)g`ESioxFndi
z{M`0}?W&X|-ls@8e#2sIU2EhfWh>uZa~)7V+!l{)7@uI{x=ht<lb0&HUEXhPng>9+
zZCxL6!0sz(a_<~(yM0yC(C`OjNPq}0vyk!l9s|m9;srE^BUy>y_5foZeOlQw9;Pb+
zB4yWymu@xA$jf2eGy(F_<8^vaj$BF|uED$6tX4fH;yvbuyRGhdvs2GG<>jZCa<7yc
zxv~hzK>{@?X|H!%eOJY^eNLvYEJW%wiXR*7Vgr#?PY8zD4dZd`g23(!ck)>=;|cJI
zz)I-jZX+9|ggYA?2LvZ__QUS$yRIJw4m>-wDY&JM!S62Icp&!Nd-i?zS07>=82F`u
z5D-IQ(CrBj5Md2{;%AQ>E)|b(@Ngm~J1-2RClHyIFbS^@2W)Nd_uW0vLLJbgP*h{|
zChihfD5^83HG)M@RCf68>Y{|IxOsVo+(HO|VKQV)7!fYys6JHipLal&7-ui}_52^e
zyshc?IeAsEaM&Q@GqQ{vm08aF?z=@bK5y^7lBi>L!Z_urYTqgs_PS}?Qap3!#-|D7
zPZ!7PZ|T2%oA-7K%wGw2cU4=sWSrkE@SfDIxHOd9`h6t&3|+LB-wfY-+d*Hv2UTGN
zBnqab>%+1<XhP9SN<iHeElDCuLrf_)c~<vy*<u%K2~|l!M>$uEn!)uL2Ho)BfT=Ec
z5#V4rgLGAN6V6qqDyd+JAk$4z4xKrj*LiVoD#i)d#CGT>QP4t>-~+ns1_wng0}x3j
zv|fy8jCglwTJmpb?GX;sCg@Nbc+p^FQ3T;ZH(H^QCw9eN<m5|Bh)Z*1i*n6dMBNoa
zcHQHgL<wX;4jV|3MU{4W4fgwkP+;!?i36p@j@|3h2ZO!ld=%dvQy62KFkdZ{jRfXk
z6{|G@DPv9%6W6fj3;^0QHhbEJf^_wAJ4&5fzXMV~Zd<lM>>s>*NF;&@AQC_%l1H}V
zyZTgF5=1M<U0i<Lgdk6aMNy1_0#OpCx%jXgV0m!XID3Y&n$2N_@1E)hI{o%S&RvI|
z>EXF@sGf7TlU1ic&nkYBbVLzRQARb74)1R(_EhrwWZ|r^K9Lq8F%4582ES#8HPhVO
z;ZWUBRpDV>sW~h>vP&5FHu=*k-0=7!il~C3Xv`3>Sc)`)P()TLAd0Bwyerv!<^7k#
zP5$=e39W1L)B?mPM2R7)LJ+;*>XUW`gpR1Ypx4`Z&kdhMI)-1hVG1raCzxt)ZN2ST
zemnduQ5Z=ek~}@{uV3rv|Cl~PUTmx`W%AM4Xn2x-Ng^V#gptoKjMZy5M)DlFTII?-
zGcYNfbkErP=0hj5hkkrgkkWGky-avj`TMR>8bVmfAjuIc_iKgkxuM_Fn&z}Rby?;C
z-)o;i6j2ofMr9-_PF}2;EvN^ZGgtz6lt9t1E^(9eETHba`0`f$hq>!|*Dm+V{o@4^
zDheQosLP!F<$0_xzTEV#Jfn17-?%3aNg?;E5m81$XiO9CRKE!_%J4icT$`fOS@lDK
z^>-j~JU1klK?r(lmQS!zii#kJgjfs#VoMTAYBZEZ6;%3le(zrE?=L1ZoA&R|Ng?$H
zgxLxdBx6?j_UiZdS6)QrN(bAP7L#<9EPw*TkXTu?q^;S}RYoyUA2s%~)9q$=&eit!
zS;P(fvh}(-#Q7CjuGBSEEB9-|G&8ZA*GrP$JOCj^wdiHsJUsC2hJt?Dpo%J@DzD>a
z_f}OcdClZB`B#~toc&zAbguM(e1jBL0eap~*9wR0j{d@6UakbP!b2=M&vb@+X(%)^
zywv-jQ~=8_nY5Bgb@<>b76?1vjeeu<b8mg;zIlnGKH#dYVXHR~pOGPmUdapcYHc#;
zn=I=r<61>0ny6~3y6WJcN8a~*o4Was6w0Q)IqZC#;W!0V;R_K(v6iW8%ObXt0%V3E
zc7jAGK-EeH2@wnoSYnu%P~kZRY=eO*0|r2CVxchug4J*mB~YOI9%FOs=e)XoSe_j9
zh4JDyw!?%W9s=z!WNE;#kr1sC6pmpH4~yfy&`LbpK0dc7iiz|?ax|$3N(Y!DD<Kjr
zCRGjvRyT$`c@2{Tf+|D=h+r<zn3lE(pnw64eECnl_Xj25hKELrI|?c`a#m+R4r3ys
z(hN+j!w{}WQJ5DwSSDs;Lee=BZN$5&scBbZ88mZb5+sPru_I70>=8JKaIq9bVN4&b
zx%b`YO9y8!4gK9_Wj(>V1QSLL89P0wL1MJxK00PCIpDdnBB-A~KLD@X(E*pZ7~ISU
zJTMLyZ;2>z?~k2J2)5d&Yi~<({N#MT`4Eh{>2w_A;kLYV68vrQwqEX1LPR7#n|>$g
zdbZUr&FP6?_*CtqRZ@$E&$A&_!|fgLeLar$Btk3Y74_YqWBWeOr@g-`31pb8>1cV2
zy7@Z$E9oWtv0uk>x95QlJ5+1#7vV-#JH=Y^iz{VR>yHk7RQ79szR-K~ZCaLWHHX0j
z$*#q--h+?3&6)ei-4(O0kwp#n>EpL3_JtMb{{=4id{y>YitTn?sq?d_l)VL9TTQb#
z9NgWtI6;d$Efm*c!Civ81Z{CB?heHZ!QCm80>#})a3~h6KwH}Pe(CeP&;8$fzyEiC
zzi*Q4&d$uvnVsEi&e@!^BNSigUve}9pV@c}d(M27Z90V?ijnx^Lr?5XZcyUdm*O<n
zSit94%mH2uktp)ek5+EHDNZ4`I8S}-KV->f*L7FPRa=SYUzzxQe)#>^*1h_=?2Y8t
z(#^$RpLO5Wu8s~=Rf)x}G2iw3MQF%)`=h^^T74uDh{O&ydl9JCV0UEy;i_g+Cffb^
z$kk5&-1y<3ntaDV65kfqSL5cd=u*kTcc<ASud7$Ba#&j@sNuz55J}^;g_&yMhbQfC
zo*+D5g<o`?@18THU1s1)hqi2@zyAV>)Wx>(mm>cejN{VGJ{7+M8|c-LN;-M_1};-|
zs<HQE{kA8j^P|SW_utcta8b+U<~??8i1QKRcUxr|%*W{QxmK)TW5>hSG%@k!@~Im$
zh<&7)drPZDss)jYd;JTbDTX!Itok(%y=c(DYI$Ph>ZMb4#MG@Ch8jAHYH0=<CKs_v
zb@C5*!NbhaT5XfklNJt*C2L3#>A{XVLqczkpWuDn=adiHz@nm73j&{bdSOiF)v<yB
zGAW&o6W;zclZ3tALiMhIH7s6a2nFRC{wc1dwE|^K?)L_M^>_e6;$c1$Y`(q)0@=V^
z{?h7vP)@6a5|r{>!e@W)sy)Sb{#k>C6xyP|=Xo_I;f!c5T4*yG&GUdpNNXM;=ex>g
z#-UzInpv=|xuL@=m^v*t^3)vEk1s_LJA^Ri<=}0$&*!xr`gHC4xZ)j^JkF9;d!f7?
z_}X7Y*~JOo_s}YB9V5K^Jzje4*+*|}kt!VdQh``ZrTKg?sjXHg&1W1cY(2Ji48a+1
zF?KX=j#v?5O#BT)ay6g;kQpx~szXd)YB!zKJ^`%)80g?G8of7<M*1ofp9P0ZfEfcF
zdzKsnU8vA~J_<{x6O+w1@X3^FMB%$POM&zt*X=J4nNSp7F5Tqz3}Rxgne2S(Xuu>F
z`LpRy(0lQ{D8Iq+?qkREeeJ{M@*xgOJBTy5+TG749LxvMiDa7kPXCON7yCWKj^Fm4
z8NaU5r*fY*0$d<;Ms&rTWDO#_z#x;A(PPl-ncOYE7TMjx9b`$w_|;R~!(+EORfU~l
zL_vZ3noNRQ;%h>}Lg1-&_Z5Tz#`8Iwmn{pJ0Bup&i48J-Z<ZRxaQ*#t^wjszL2}s>
z8#EIoKzoN4Ge}EC&dL{csjS<^;|q_8TN^v`f;SYEP0gT%Ez>zZ9tfhA0L61tfDfsJ
z7Iaiic_UUYC>PjKMBcIGx;n`XyHXmGrFWCOE7#HGV$0ZaPtLeV8q)?@l;@cC_q7lD
zbUsf!yQ=djO5Oh#tUo^=YcdgBCl$BS*?NTwtDp0SQgQkf!(clQ<V}GPWwnjfK4tzE
zW!{Y!9<NIvuRmz`o)nB&d<=v2Qow9K_B9?JwhcaIukJkz6MY(-*l5{Vx%d5kT|U_D
zQKMTL)8hy+Z^dt2)iqM0yk!?72y}=!VR(}k#j;oTbs|nk^+nb@IxK9@H?lo_?Y5vB
zG)yx+wZw^L#iKIpgNH+~(YFcG)Oq!UUPYp)eU{{~#N(Ly)N=IK1uv;F)Gi61XZfL?
zsR_y26}%=b0vXoLNu#=|o=pv|*7RpkuB@BL-D?Qo_MZjTvlg)i_V8DHx^NVFA`RtD
z&Zfn8<h3VFbZ{SkH|f*Lq9UQn8X$1b)37O43W&cqQ(xQKs#muy?H<*aOKKc%Ax7L=
zDxwTZuQb#H{XNs)%~J(gEX(|o;kZK=`=!sp84jr{3l6X*4Y(jxv?bWZE>9werVf?a
zB-dpfyzL-*K^91cPMX7Z#m{?3x7~XAR1>8VDgof&DS8=Eq$X5IOFU$UI<2NDm;_9(
z&A@E>2q_G{%WnKpCEHaz=xe1)nJ~tyWROIHDJb$j`3HN<p-da5JEw^_k0HeoqsP+Z
zLjMyGxz>dHS=;+@clKX1JE6`y>X#w2LA~F?wdb-)R7vN5VZgQ+A|?QBu#B=!j`wb&
zFMV@6Chy3VlrULXa^Jf=J#Czbhh>4k&Qi~9m%??YZoe6JwdpUalUuW)%M-hL&L)zI
zlD8{%{#x=4LU6P7-OiaDhcfO$_N$CUL5I@sZR+{MIH9c6-1QD&ZGrtqc0tGI&v<yW
zIsPSm%A|0*D`*?d97mhB5NVLn;==gmrIt;9jO#sy_I#C-MlNcUGq`W`N9gyT16x<y
znfihP<mCBm<Q!R99I7<0o2&+34tx|hS_;S*VAt}s{3=qf%Ymr>#%%ePR+XzZ85phQ
z{{HPtMkk{BtU%_eJ*|lL7lN{Gghjy07izeoCFpS_=Mv|;C8Y`J?<hSHGKg8f75by2
zD%a$!56ixvRKqwH4Dp!Bso$Ui7O=1G<Kja_`O609UC&O`IBVIuf5gzty?oYCbfk-V
z_U=1j5_Mz+%W$FQIM_(|BY|#~7S%lSMTsH_MzrK?%(R{Or%K*{<sq<<+j9q}lUyQ&
zc9))>&OSX_>kxJxl7yNBp!C3#LR67QT<(#}UEwKe5Iza9F<?hBVmOLloxp|B(7pnM
z8IEm{CHaOowBi8bSV~15ZLgj{8n3COS<5nvJwr)`0>GU@?lI^sLmCKqM1M}zPW(2&
z1G{bS%GIi1?TdquA{wn?CXn=*aQzE~<shBk_X;5?^<pORufNa;w=;T%Q(7HNJiR%a
zvZ37D4`d}sxT$++@>O8Pqz?W4oAp?yl-u55M>6D^8ikD%2Tkt=hy7~UB<<ugcJ5A&
zt|2OBknQDo?wh^{ws(@p1_JaF(dwE(;m6qClm*Cuc0TcwZhPoOpR2-Y&&BrG#Zpi|
z+sFqFo~Lp`=DNBFInR8qvT^7WEhlDm&k;{iYxKV#lT*<Gq5@=6OSX$WLa0kEA3O0*
z#%Fgzsr^&Dw>-jb+y{9^n!`>ghxUU`0i@Up)3Hpf9hs>Ds9AEApY6~SC%ViAA2y$^
zQoMsTwTe5=;bzt|o*{g_tse8vby`%~LU5%#BkEi0W*<ls<}>WanoxJ1tKvsDG3nRt
zkGY%!3>O5Cuut&ebHw`1jkSGP$e8TFz7l6M(~ouDNH*iCL{@52MR|OeZ3-zIK%I-6
zZTXOvCxfOju}HIVa`W{{G^#HBQWi6J83!f(=(~a%N@A9bdi4}De8seQMLe+3CNdUB
z(UD@h3J_$#<-%=HN||c0nmB#X^O0n)B2-HT&7)}p63_hJVDny~%e0*kEBY(naghDm
z!fq6ozkeVAU<X%$qnucI1ftI4KCJcY+l`D#T{B-FX}5L-!T2F69Sv(T7D0q?EBhP1
zm==vj6Lt&KPRPklunQbG2BJ;2oq%ds_b(G(N{;koAN@E9nsp57jscF6BoXT>LvtZ)
ztG8Hw)j!W(Vfpvfom#Hh%_XS-uU-bxH{Om{<XHc@ew21O*(!J#Gn_7z##-#$z^r56
zMqjqFERTUKtjw;pNs?1Qrns+_aIW$PXlgt+I@JGll9@W!r0g||pjjBGkFo1%b_BFE
z)dXjLM4#SSq3iqj(d@g{!yVU604|*~r=9p4#9UTqTfduEr!OKi4*oqA8uL&Vr^bFD
zy=7sMbwpQh1wME>JJ?b<6h8UZ|I`)imZ4!KvqhLbY2`^KfG)cyN3t7sNG*`08VvjS
z13?hfKPMo0QtVe4QoQ}>Rqau|!~DV5Lps#t@)5k{)7Uf~V~Lh&H`o=pOxnIayP%-7
zaGD#{2tey?5!QWiU`CPQ$UEFu?9lIXj`tD2w`;8URnJOLJx-Y1d&XzPpT9kJYh}8(
zK9#D!<J|BsYu4G?weSB#1Ih*!nKg-?WFJ}fgd;k{CxZD6$y<3*GVqzx$5g1j3PTxq
zo7|XFK!iDm$?tewa6j;0)b(dZXHdChJ%fy@(4Z4PUHMHMd{u#m^bHB@mF8*LLfh1#
zdFY-X%sT!}_pd2^J&3@Xfus_drxL_Xr#5*gMzE)6(CndeD1E5))@Ae)yzUGt6JmJ}
zVIH@Cvo06E?e&xE1<8xt=b+DFEe9#2FV4>-zfv<t;=d!#i`=uH+`?{UAQZ~LdPf!4
z+;emO9{;iZC7lY~c6an~U|e>wR{a%AWD0HF%>aX<AM1B3e^WzpkWVA%of3<hocAn|
z*Om<I`Y6fl?0qNEAl|#Sg4$p8o;#kr)3wO6{6&p+H=D_Z%eh|MnYG*cQww)PM-R`<
zHx^@eO(#)TgM}~l2ZaiIAwhXokR{crA1Apl2Wh^YK6<|N<cs{Z^gZ-H6cr#nH$R_~
z=yU0de^Ss%T@n@mTAsn^>SdTBx%_c-I8@Qx4}*yn^;B^`eNGbF8lx9dzE{)@ry#>p
z)$`;m#YgV5Z>Gn^DA1ag5PW~G)i^#)osVcGmpo4^x7QZ3lsIrd#N|SDa`9P1iG>EE
zf3`12lPRz(NLa;G6k_qCEitYUXjNr8P<;ioF^;r1O-@U+c1OmH@6=QUHM_#d3@Ec!
z`1D|Sb-^xD0(d~@B?~WWTxIfR3=Ujf(RMev79qI`M+_1*loYYn?$=l4jJ|}1(59L9
z{z``U2FP^;{`&?--%sB{GOi{NK~po=P4YikNemP|bH83B4Yqu<lA<d_DxS@AhL?X`
z_{H{R0*_Vms@0oHncK3PnuO8>L3Gmw&nD@#{>$x`hU4&!HJR56R=`o)QRGHsJz#^H
zu#Np)*SA!74=EnW-{;*<)@V-Dxy0NrgfGZRKxwvI<m6x6ltt08<)b*9%S%NHCTd8_
zS!Bi$RN`;og{RI1Lcd;w#C#8pj;vSJ#U{Y!vXs4tSiKN`|Dxl4d?dKOHZ<-8n8ZBA
zieer2d~RouAVl_CErGEbzZ@Py6peHIGc|W)xgaIJ?p2sfSe>lvs*y)s_Hil>0qKNW
z<{M*7J7>Wb&(y*)PkGF=bM`M&AZZ9{O|~#FBxE_irZ3Z@Fl`*>`r`aq$Hc(IHGUEZ
zT^X1V8IRp;#5?=@^5F7HIjBkY4p%hfivHMTfQb~JC_<53$+q>C!m;7V7=(w6OgULY
z*tF<p^@Ec&Ifb%MPnVD9j24J&|EJrm*J+@T9@DoN&!E7O;MvEM?H8P+Ory3f*5%TV
zvTLq8RB#=`GZX0J>@Rw9+xll}a*;Ft@|>oD#thNM>uf@VObFC#n4(CXA0}htEN;WD
zOE`X?h+6f90o1iJR2TI{*f<3A3UGK)?3p+}2lPDcdyyPhKEw5DRd&ScOWc*cBHA)L
zW@ANDM=$GKOMUa}$7g$Qn8Wycjzh!(<mC#C>N@;V>*tS|0v?|v>`XAivS+?f_Hm4*
zG=YVc0tCW*z8!jc>>?X5xmLya0QKBq?mq%K_!@mAQdTnLhC*uq*e!GzQ4S7zrUjd<
z?!4&~Z>Z(t^}+$93Bbyl@Sz0NQF76Hb6$x#JGZ8$Hw)!Q^l9A<sA`Hl;hq6%4P0}P
z_6SXX%Yqf!3W#~x#qF<SkD#fOiEo50k&&uws3>gTS+~BGg<Gd@Ol^lehRKN|Z_f(V
zhSpN(L_Y&Q&I4P*EnjAQUe@IpnBr_Vuz}*!MX_Q&gZeG|IE=Y&%?7x_p)5dXxsnnI
zh2mVo4!h%pCrtX`N_>Nz2b-sLf<2?|u9hjrwhhG)$k^lL{sbr`bt=6*tbJ?V>}ZVF
z9A&8%Nq$Gkq`{zC!GMJf_IS<wa(5#qQBjEmqm3)84J<IBB}S0<$)7`=vPP8{I3lE2
zPcF(5$5KYgC}^GrdRG`(<0c@bKCGshwMB?&9FA=eILw^G>_MZiBUZ18E%b^ktN9B{
zMo|yH9(kF*yI-Pr^rkDGcMSzlz}4hkd{P>{BKC+Twy%JsJ~1x4!7CsIkWg+C-H3^J
zoi|2ivYs3jL*7OiyRwG!-J?&J{ezVB23Fa9N`Rurg^%JZ&g}rI*1Dj}k-(=ei*d<#
z1?yp4wF=dAL9;K_>KK4BSDq^?2I7#u7K`<Ry-h6R)`V)OwB}7eXY<~3|Dhy2D0!@N
z%=}m8ner)C92UI<jA&I<jB+C~e)E)RR8@9L=2m^0B`z@OEE`n5wR-28APJ@U?IfMM
znP;L=5B`#1t5be$wSbUAtF1m)wTqg4JdR0Ltw>Ip7>|$;1{dWBi@km86q{34t1}yz
z<FgH`{e)(=x^)b8j=fXtMp}Ej4R5+G9mjemL6%#31eb1&RzjYbT5Zm7y>oufs8W<3
zX@(tGlXB5Hl6;2CIZb(e+G%=}7Mpy-tu$XuO+nL57~gFyql!|ue91wLE#0AYI>VV#
zaaFfPEYpDiERvUFJzCmX?=pj`1*X&0oFNeb3+mz67YexoTWPd-mu$gfi};z=3!<fb
z%34CkHJ!SV0>;yuqi&yO)M=Qija`YI?Q7OMcv#IuwW`wDMo0^FYdYU?gWDIUos_4*
zy3k~Uf+^7$#q=uGO)*sR7BKH{<%XSVjGC}!PDZRPnWEE@7D!A;lU9wD8c(D`PzbpA
zj)GdTMHx^j0$g9V5dy`pGEM4eiFPpYIzyQ%OeqU-F|%zuk`42fXDISH;uF<PZRlu?
zSDh9|Sf(q5bVk6Y?~-XzGlr=XIFzf{xW&lyaYz(I*$b$}H0AM0$Y<DW#TL>@v`E~H
zvlaA&Nouy#^4z|dunM5*IwzGYp$lZk@_vbLb)|j&^2M+3zlOqg+OWPktc!n7&Zd&A
zK<^FkH7{?1_1J~o-mtdqhh94$AtUyBeNzo21aUR<Rr9JNCOKVoa?S7idnd}Dlt<Rp
z8hox{{+OY<4}t~lk&$s@!Yvl~eve9t5;R)c&!y5csmpqAf582Nw~sc}9YY!d${iBK
zMj_bVpdX&*P87MHq`&5MAlH40EH@fgo{OwL&?qqTLKqKDR(~33I<2~L@)He6Toju|
z9e*R2r0a#0^(}a%;y3$0vKY&ZTmY<hp{q2*?XwSN)6pi@Ph&AmPB1MzPiYC1X4q;5
zlnq#_qNB6$X{Jj<{d{`9O4{g)j*9(WWPJ&?BZ(a^W;BJ0phxmvPzy;G(AZcx5oTT?
z0$y{NtZ0GzHv7KM=2cpYoq1@lL#~<@pFToHW^XVopY%u-9DeX!9z3tQdT+$oIQj^|
z+4$OG&`2iiyvZMx=*V2&m2Sv=-(sdB+-(8VO||@Bafz70tM#~8Lo|iJ(p#u6CY<nR
z35=*h;0Jpkx}$l=ZiY?DW#yiw9BAUCaOk6>`Q4S_2iOQt2JZa!U?YvAu*phP{)%e4
za2Tv1;r>Gecft~Tm9Iq2@565pLYv2^-CwF%YFNCBWV?N}xXV3db6&Go9$5?-=L{t6
zZlKEtwt6F4WfFeg%}_oH$mO^GwXTUB3U%YxK2Jt^gi@BqH9sP?NbCg=Ru&yab@384
zC6kXj{iphPBhn#QV&>Eo{Zzu;4VEK|{ZH7?th+2useMWU7#X488-LAKm(u{s9a?FP
z&TE%4hX9$)$@wn&yYsUyv!!VF<K!?gP+Hoq^QnJFDkRmStGIA)aAC8R|DeP6jH=j_
zzZ=58fsHp6=0vU=_C_yU%w)I)G8o*|B~QJ&-fPiW8iU4s(MmDow9=RYBIUy(P8~4U
zx4c)1)=q8n$C;Ync<>%PK*mp&7Xua475&!lT3BU>a#k`IZ=6So<4Oz$PARYkKioR8
zB~A@-*wdOc$lN|HiBqw+1<h=3ejQz|Li8>#l9&Oh_k(gbFn>G~6f0mui@_gch_I4w
z2<$x$>U)@Hs`5ten-P9zEMLD!BZ)D85q4B_lCsa>j(-!x_x1W>!}cfdz+x-(=x1ku
z=8&6a$w=grotBlf>Sf+Q#K79a&t8s|3-X=1%x&DqK`K0THQtpStTRU<F1Ln8ouKUp
z1}nn*qwoRCfjrOLIxms{n|9gOcZG8Xqnp1wr6IzUUqU)OU)*>Z`^J*=*uWB(T6)xz
zbwXov?ojdx>KDX4zKQYid!p}~b59bj3xu9{-E<+BBH&aSO8QGzuh^s2`^KJ`vnQHx
ztvU;p_6`I<eHotVan(-suLZXiQ2F7z^t-JYn;N`U9T%XbTFDG#l8sZvouN~CUSBTc
zZhgAobbE>VuyDg9LM%N&Dd}*h@9CR858p?Kfn3YM(lniSf*^>0(#7G!{4BQDNWWB9
zMRS9}nd9r&yUoqX4sL<`2hcFgf0aUlII#K2#r66+!9!+op!27~8AHe$(aD-cSITTd
zLh@shNCTL4d=A@eN0(RsP}oEtg+4p|tL%-IU10@C*OBLPp9m!K0a#1?7!0upo%{4<
zT7hlR(d47KXs5ubqv}$f1xRmQtUh87J}sxWx-xlzIO7Q!p<j58-B@k-)3kNJcfr5m
z#SIP0;1-z`Hq-Oxs?H&$*4Uf_7l?v7+fWL1iY*TlJd3I@XK0pNV$hq%w%EE6Hadyw
zXW9$1QCF(C)xMuW7AxG7>OUUM<7A?-ubRX*riZxS`)jk_`!$;24M(O4avli-zLU^T
zQjdB9&q*E47A0ph^O_{o)G#u5aX9m*(ju0_z2iJ8`PZi|I&5BJjhPzSGNP6RMa;rV
zYvy<G2sbRY&PmXFn<rp3POV{B8{2Pqp9C?97w<h#%PzNv3xEJouVr?R%iiK{ZsKL=
zXaBe=8H*{0C8<b6g~59X?vkr!nU(ygNLaw<k0FaL8rAjdoC7^$rYUjETLPE_=<LyV
zami*?mS)O4<itK{W^AU{#wvMozq0Dd4;A^pRW}tqyqf_xh;9YSV6yNxOl|b{2HQ&e
zTcDkaW0}|55sEqc7g9JVg(G*Ik?fLBnhZ9P9ZkUG1C!~q|JdSR>j!>Eebs!@|5Ssa
z_oC~QqfpZa&KU{S@nqgb27-hBQC!A*xigvZ*nMN}fy1B#<nC{49nDpTY=iu~Oxc7=
z_M|_HumXa29OKAG$QOwq*;m~SvL5p)Z8m0zr3bL`)@>-$_pm|S)Bxe=($kWRtQmq3
zWjwRl+j^}sdBW;Il8H&<F|Jd}xmMOYdgNap%J_8OT$Y4=4^?k2N&3yYqv$*yq$QUs
zL-Q&0fjS$ua)6>>Fu~>}l!#Yz8?}0O4`b@`uu#PcWoz%f+3tt+$;H775xJFV)JWV1
z!EIWFtQYlYlajf)?S^zxVJ7CQ&*UDrAz-aj_PfB2A1JxG<_vy??vR1Hi6j8-ro}3E
zsd%G%qIDylKp{z@A^8CAb$DV|J!w`bl}t3~J=N;uB34t7Z)9-=k*9Hm`1ZH=%q(!Z
z^lEqEuc5D%^}M&*+sA1bMDZEq36B^wHO@X^JqwQS2L^iWwMXSo8r9U7Ws3yj9FoMP
zVE)TFSMqhhfn`&YfZKJz>X+j71_fVNMT*|t=Ij&uQW+*qe=X^QwXv>&1I=<}zI%`j
z&6EVbZ?Cm$^26<$K@FYq^XE#4nkVrpdJCJ&cpJuh=so@dC{D`Cu6}00xBJp^Aw7z_
z!}PAT2|CSod=ckgTYp`BQ;))L@(KUL>xEpeRLtONJLc~SUJ&h(Zh5*X*~Vr?DXhF0
zO{w4K6lxIJEt4b%-p%l6w@W~-Xi@)Cf8NFe-c{mlhxavnPkVtr21?oMfxIK(Sbh|G
z^Ife#!hqz+(f*M5ei&_;72h-C7%!|jRmg=K_jA>2i%V0OQgz_bI_j^nK~oDO!!ltH
zN>xTXl%Zed^;v}X`)jc|s)UH4D@UyS1ND)0i!M0I6Q?Vk3;3f9R-el|ieeH(fU4(?
zIs9p`e<dchZzA|SQNYyWCDuOM2bV9Zh2k#fSpLT?#Rn4uM8r{&wuQpt(lHNk<LwRe
zo=5HdFi)!RNH$<nv3yehnEj-3j}B+alB!UIOsGZxqlJyC^A$r~D?vDGZNP<0q?bKV
zAQh!%`EyJXH+@)Y+Od|USR7GPXj&|{<lUPVT-Cd0n7%OCIY0#p)mWWP4MA~)Y)cNg
zluLXi^I(2sxkZZSv;#qiXV{luL8;mAQ(0FivLayy2!o`-F~Lv5N>gk8mhce6m}l5^
zfgAMOEU}3Oynz<|f%mpBB54Jf?$!nY_^MrVnaCYc0(2$3G|W9P@|RuW2|YSDbd}ML
zho?y-8C-iy7@F@DR~meBxqgP{+az0SxQ8$an(L=H-1HY2v7<EecL#f-dNSHYQ5mSF
z<8v`>>uV<}Q2BMKSkIPH;w^GL(iwYtBrktOyr{ypNEH!~G3(@6p6SqsMMSio)YQub
z)cT~_Q@Y%Dg#=O@!{1qJYv9c9LNxfzr1h(r-A@&H_^*1iS5n|h_@l5bE6($<5i2;w
z$C~Vt{RYWsV!Jm_3Zk;0I*eLRZfz>g)S!EPC*n|^Sf3a6-v`hx>X_d?>w_|G-m-PP
zmh)vhnVXI*1Vls96w_S3Du69$HXH|DX_32mz0NRlIdSCQZ$7}byP%fN@xa?Y2mqDz
zD-GVzT~Z4=f8wT!<Qsh*nd0u!(!T1h=uSHpC~YH^z*Z0m#v^`jx(2V`Yw;S@<Qs+P
zeo~~A(9%w@C4Q)3xiLX$p&%<<dBuHJt*}Bw45_(VnhX8;tD&=@>&HsxO6R}e0Dvk0
z38bU|^gk#mKraUPhX4T3g#VQRFs(_^kr&m-0!rRL35I$E6A}j?naBi%=@0iWKvwz-
z2P2iKA~ma`F#XLiu_gul!7;5-*#441j}8a?0i?Jp0IZimCk8;zstgBU0ROfK$wFa5
zzVeU~q-spa;-AWx*688L3KZN(Aror=@-P4ZdVU1cA7Q|Mfj>r|XO&{wFf;wJ0{J1Y
z%s^p6Qjz-qSdA1w&p>{nGmyN$06jYVul!GfH0Cd$b^0rFTmQTGzonQqOz7eNo526V
z`^SWTi;({9Mf6zfzX+sidH;6FpH}^mB~@d~P-8=~$t$y}ZI}S0U{!z`Gh0>}Gjo1E
zvc)J&09q%S{0MdDQt~q9>Tpu$Y6qYy(pgAHVixE{{OL!`0)SeZHL}0Mk%fQ5A3yyA
zC`>fb;r|r=9QgkR$YJwua9c+j{r>`5XC@@=k5=^XKl%UB{|7@+2meL?Yp9WzF#+_V
z!~av^AAWT>GW|b*!t@XR7l!`dg#Tgvl_RyFux0$$=KMGI|0tk`qj1<%$8L1~5Bgu@
z{eRH@??pAX=x`J!020u{|FldMJvtnj{RN~*Pm`+BMC765p)jF`{}K7)sz1vAG#1JI
z2hhX+vp$maUp?`U#6LL-)87~=K<#e~r8*ipB9QNJuv$LzpZ*2^sjrHj@wecAOaEB-
z2mX8&{tehjgYuE^ejCdDA45>?r;nUlQ&%Cdt0UKIdO3}^^|NpDrFk?c^$YtoT^Mdb
zQcD<>Gr0Hinuh??npWV#5f_PH_9ai7p^iwzmAt`EB1+m2*Uq8qFMWcMYEN|}JK=O;
zY9oFd8eGrGy(>wSzg<6bq608^q4OF-F`wbQOPbb@rdBLPoAv|ydf^Qy+w`?^$ZxqI
zQ2ZQ=bGvNNds&Mom(g<N-?;4*q}hnjopXFtDQL7YP3`#x3JS2bA$`Ih@C$M1i3$xo
z_2+MeQ3LPhjqGzT(~U*6d(NY!2G09Q>%@}BO1C096u+hK-5+x~`^f*$(85!R2fjwz
z3VpbKI+ML`j;DS#t95KWzxKs|ifRC}wGcmlTF}cdAECM@Mf{9<wi@r?MW)V}(5z;(
z<?N-jWvgmPDN5|pC8ZKk4?k}YP2_S9y$qabJdC>LRxSPZAdgf6(TA%zd%ZW1wvK(u
zBWuKsE?cPHhXEQAUaKpK8vU_)u-D0aA}0i>&k~kDTaNSE;)n8Ne)=lC$&8*-A_IPw
zQA=>UpM*s;mDHB?HaOlz`S*pRxa;bX!q6e~b_HP*Y?~jFojIHgO{f$Jq&!;gK@0s*
z<438-T|;^9ljrX>4;6o|6}J{3rqPybWPf|0Sfs?O2MIk4u2j(Zfrx!1M9mQE+l5r;
zR6j1R;3r2dcIBad7ZDVxbt#tn6u4)(Rc6vpzFUf|1wtvyN&gf<cO2@Zd!Y(R^;jA9
zI&C(0OT1Rls?f1RnBW{bVA(%ul@Q=@qP{xM)H!htS_|;V2s8U2%+%YWZhWrPMwQm2
zz@>Qx7F-UF@0DUFsKF@g+eS&wxh8#pZBKry5l^=K>5cuf$<y_q(It56=lb-O;tam8
z;!nK2At13S;4Wk_>BFusW;|ywREpvfH8_HYjW+}P;ONU|@wwzdmOB}O9p+%(BL9^-
zjQ5o8CA7TA%OtZ!+pm#1#me_&nV?wTH$url%E>)D0%V3itoOwOEuG&C%JK%JP!_2}
zX#2=&9^&k%QvC;S4Tfsv;c}5!H5SK$%;SV`Sn0*Uz(tSjAe|)#z{j|RbaaiMm`!|)
z8EE!`QrZEpl40x$UhPt!L<i({EFZQ+nGZSGxDp;lsgT-~@8}^VpZp}wV|`!}cBW5k
z{eVsnb=){0>g{MT)-$ao_hYne*jDsSElHrN(HkP5Plzn(N<+ww+ny)9-U!N||JL6E
z?x1H&@NG{Nu@yDS>&Jx!`(#lEe_nQ$!E(Acix3Qh&)mDQRe-3HO-TDw(|T<k)f_9u
zc<merd}>TuS!T<kxU=y1coTz7QUvy6ad1V*%A_i>j*0`a5L7|r6+PMh<?m}4`I~2J
z2w-@jzOa_A7P8)RBkA*g6{o<c&&GXa9!~GQ?pW<pa<HZZLP?$(FpS@PG9~wLu&eL$
zZ;u=`d!y+7DT3NT9h5!GS=*dC0z2y#9@26uk2Kk*9s4XJr-S9ypG|{riq2`*ImUd(
zIs%_L-lJK48r1K9Dm5BB)A_&{nZ$6@?oD{bq^5RS^7YN0OtO?2&Nu0+!tQar4_y_`
z3F&V`39di7J4C6>747pMgRN;)hx0@fT2d%q_4kdPuVdcYL%LAre|^2g9Tc@Q*_Hn(
z+%1La5B!(=YbwZ#(w9=QAIUNyq0l|0=0Tc;@gb@5*q~V+>5sSE2_L_MDBhYHfEElu
zKatonaw0r60R5{<*XUMVuZSi4ZBjXf7l^_JNgLHQdZJJ=t5UL5FK;|E0PRA#|K+S}
z^e^@Drb8(Aoq9qacS19=e!c<dQ9Yp(85~Eiyb-s&3GsJz-15fB@+Ku+BY*Bc!hiS)
z<xLlVF_HDZfhdBw|ETzgoQVJ9M*{AIP{9{vN4I%?7w%uEsO8}=|09AJ+ZyF9<FP)@
zmz%v?GXn010@Lwn;nv#f0$4O>T=+lJ`ky@XPl6JRX2MvCoaK=}IO~5>06K^m2atvt
z4j>HoBbP$a0+a%P4rQgZr2xFk(mw)J1lUnS0Dv`j1OPz%hwwL`oPPZqd0q`b*=<E7
zg5KYr3{udhT`2)G&yB#YT%@iQ@APyR%C7-qUPMv7yEKR`H>lIisSTjSXs)oy^!8?B
zs|El5>ba34LvN#nxrcY(T3nF77vdlef`O91i*jvwOfK69G(&-_MMS1sVGZ_n&lp1>
z{k|)E-F7W7!#VQ@pVRtqtP+XqXV_>vGMzsi%!94ioo6rslRqB(51TxF;lY<;9<Ag7
zW9u8?X!PFzMA3k-P{$qdpc@S!*Ft?qgG2pOfb)zkth-p>-3TH90PhkJgqMKm{f2Cf
z;IO+M<a{~X(Rd~$Y*yz^=Hi8N9WER$3upI8Rw`j5ui7wkZv?Qz<O1awADbD2WUm~v
z%+d{N-Ftr?t>%VjGJFBNAV%~35)UXo%)>-k**~{%DRb|L0|?BbeVV62n*@-)W-Ovr
zM_X&H#Ar|=?*?dGAf1X8j_jy;0BSgQ_G>NFEI=s`06@Mu|MvHPOX&tM0gMS1@`V7h
za1_u>XW^H6P^dk%GOHY|bE&8dlU|IHG71e~C{N^8i9|Eq03{6oz>(EU2UO`Vf3~5H
zjg`XyX1EA_I1|ZQNMo#!lYPAyNghp{rKj7@N)nFp{pnHH;KS!~(2p$j&NB282Ls@w
z8uK$zX0^9|(3oeh-Uyi_3YtXZ)f@6qICa)^&{j}ZfGChl{Ir?6P##l0MKh;PQ9BR?
zWqAi>x!9I6U!rnN<=B?IDh808fQ1|=!mSs+$j8StAA^lLk1bN#C~8`xpi8-I3LT~B
zd|kUhB6X;EX)3D5jvAR=Wji7;_k)tTG(xmOcQW?q`EofZ(S*_-tec0t_tDIDQ*5;A
z<h7+25pacaY>baa!-UsV#BdZU)^3IjRtTc4a8EYmb#v8)it4(w=)?f4SXFbt;Eo2c
z{YHL#BT^?F1#L2I3zS>5#Z0+_y=wbz7H!s53AwwlykTrKW;RfrSk<`QG?}@f!RjL8
z6{#)=<oIiz!i4-)GI-Xr=|}k6nU}Na-QRJdmK5k#%(eJABGA+1*+}Kn(xP!t)mRVa
zESp}0g*oNT>RkBC5nC&4hE&PP+N0t#*;`(to8Ziac=&BmhFb(Q*1i1}1$(&i^L#Dq
ze8bpn%joUf*ao^AA^3j%SU>Z9aJZ`7nsIh6c;V~w&&RV0frNq~5>_!Eo`<nA8s|7l
z`9!tA%HRDt3Cxh@30oG?62YKCMorvC(IUcs4EG$Iu1ynZs!BN1qA}3=@#E%vkPmPD
zen;(UI`mD*m0Zx?8oyJR&PeGdYI4%`c5p!Ysp%va@hLe^9(b8&_}B?0ko-G>XZtj+
z?6K;VTTmi&Ud8>HokZgUF_<rMhxyGE`L$lbcx+Teh?JRE=S#;A`Ay!kzDYJ`P~?Mv
z-1Q)1d5|r1E;REbvodqIB&e9MGI1hU`b5P8K_At?Dcav7BU(Ozoq&5w`1@S0_!TGP
zm*bzuo<-;8F^CbCR92P(U<DjymhR5N^}|$u&CH>zOI-1fEA06Ax_tjl9b&oN&%t~<
zQPb96%O#s7+<C6g@V_e^D^XG2zcRSOmgBXB&j{RJw*t<_fOM8Si~xph)mLG^em$M7
zoJ^i~rUt`PdTi#T=7V+$cPP+9nL%jL0*VUrPV=6nN=C?kgsGVfkPq(^@|98RbE(Fy
zKU&N_cnY%-pgW2<M;ha{9>E%03nmj<7c;8I_`|L$%#WKzanj^8)s$8_qefz*(D1QU
zl?68XD$1=wRB8}c0@5vvyzg~x+1V)HJAG&l#B1qr^c)sIrLPn=Rl5{CI}3@tNP?__
zT|)%nyl$+F9fO|8C6V~>yALCTZZs)hrhi<CdvuW};|7WA=^^GmC?89GCcK+6gTt7=
zRP6;Qmxq@#6{IMk?8w|X8R?1O%h^}TaelI4#bdmAK>#oxBeZmy*}<hiDF8a5b{&6%
z3=#UuTn(;B#Z=BRSkiJC@ZD_QA73g#{MDVH0$<O}bJ?UMIh=EOI*M&=kl}CEnB8|@
z3z~5Tv*=^{?V7gEf17O+nIr9>Ct&c76_C0a4U)vm$jXWfgA{C6JB#Ql<uV-<yJ~FB
z-xc&}-$#El{PcCJO}F@T-7Q<ll!aPws;yNGhB&O8*q>OCx!;gp5h9lH7{?AGVC%@^
zM^}56e;e}fZ9;SG#nm7pOg2Vvj^z-&NYn_MImLeCPWH!RD$B&RE9X>78dJ-O1fNt=
z{QfQ`F|J~yPL&?F2=ff1&0L@)H<2DH3F@)tBuzGtU>+!}{GHKZIp|59-Ks~i?so#a
z6>?tL)#d(I#ydlD^=4r9Thez%-*DM2tx`YkytHZ>f15Pxc<#M%y+iHuae><!eYJF3
z(kDykhAxSJ3)K$p=|#q6S+p&_X38f;yfoh*`rwhnU%hesa}<wbj({jSpSu00BS}de
z0<DSbcqn*g?1rGH6NnwfJlQgPQ+L*A^h#$QMEj-JVRO;C-va~UZ(u0nua!79Dw@&a
zfaBisu5c~>>lU9G1o;K;F5zAYGAe{^1+Mx~68lQo&Ms_)*2TsYu3@;eFGEz^R>gGL
z_QVJ>0(x;&%WY)ErJkNUg4`|EG>BJ*Lmckx#I(i`b)Ft@2~qS&k${KqMp8AlrjoFD
z1Mek#S-)FDyR*~KA%-Q7+xi8IO~9PP^g6Wpurm^)uD&P$l#}4!r*0B6d?67QMB}H~
z%Z9HDdmog6_pVcY{TZ9H|AeN{uNL%lCl*n44d!0uv95_s$_?)q7Ldj-Yytf3b8h<W
zL(w04M)(%`VG16})nzXDT~d$LKKo)-Ah5#<`~(8=p?!xw8=PWTFcdIKy6dOOv=!6K
z?N1+2Uget2XCTaD)@(N9T_xOXoiL2ST0<t6Ci(!Xe{KbmiY-5nL=@_-Z}tsG31d1q
zz#cGDRe52ZYQuD+E84UqK}MYR-uzR#H;=Eh>W-CY)PKGr8ysGNF*`_7u5c6yeCL?A
z&OlDy6%3R9^*Ci5`bEWefDCidjD1o6IA9@#dhuY#d1ncA!I5_JI&Z=l-DZwZ7Y*Ss
zqzz+c{%k(>#>oF+q7V|450msrEUatlU~BhX?7e-c?I0JZbZ%U%^Ea2A)KKIxV<%B>
z9i607wDr#loCpaH33zyb@JAW9m~{KB8zQ8tT%gqpuV7xAl4e_eSI<RxK?8iY-o9oy
zUydcUaJ3s_BBi=1K(4`PjYXH+R3<@e`FSi`OXi8vYg-wUTX;US58Pp|DB7O4LHc^|
zD2pF)I=U>@2#t8z=4~arxzAhS-0Q5tY_&5G74!RL^IFS9ySfnN+oOR>g#rRk_XqHc
zVx{$ocf0jMnxg56xf~FnwBC9B;N>z^wK}wa5L$OZQy6Rr2D7yVK;OH3_`G#Mtl}*@
ztI=2$g5kbn4QmT2x7cdf;*vx$Bt4}i5`XW#70{u1SV!5{)1&XP*JoQ(EE#2uNcY!0
z1L=L6;8^;a!O>WkhEQ`*G3rj%rCYq2P0`g%kHFv)TG$W~do5$MCBNd{FpKq$*6ea6
z%yeQZ*DP{-BA*-2Vm-rPV@CaPz@jpf7J3BIG3X}pc<>dsOsLhe?O|V&7J@>dwza*2
z%l?o)$wMCz{=<~pZHnk&pzT4iMlr>Jg}|}vRQ<r^<oK39Xe~HbQ<D91hxZh=EvdiR
zxV4$niFkyBNVi<VFADoOe7}r!Ss1}UAkf;H?zhp92_ulJG^FaR-lJC&dhhCz;^gni
zo$YYUH1*EILCfn{?y|qPuK#e>&Q}QAg%{R4lPdWDackH<${T^}$5{4H<*pv|5A)xJ
z_)6Y|^z{_>_2fgs@*(!Ht;W%fkP7~zHSJ{WprD{4-(-W+QJd|F_O`~1uixCJ;hPoW
z92%#r6Fh`!`4oPfzC0f1wR;=NGXu5a!D_;c6RwJg+%ER5;3Tsx6BF*%E4n~B3q3=`
zn#H3wY=bQ;M=5)&FN`(J-#@SQz3Bjb$HR+Ui@pIEtPcW#cw7<h?}f!)LCG&2EiOSI
zBM{iiZ}7q#+DBi&))&U%aG6s5)Z68ob1#+A*OzfIv;6^NR(TBWTI#Kbt%3}7>WHcs
z!rrODiuJxvuWdc|m-arv-3oyrwfAPKeM|Si?>=FKIP<}wwLKsUsFL<##ufjQu(0p*
zE{MTQM|OVh^hYxf2Qk=+saZbAq_0;LQQ3Ry4tsDh*${vJ++lSLQFv+G<#y~PZc*b}
ztHoW=C+2VHDY@kp^c~Bx`|C|`EN<`2w7?Su*UHRbjpe1oiHs2F(b7DVzp?pDU2_!S
zStxdgNoG-f*X5VZbSd;5Hnks?8>^6~t*vI=yRz6uzD9*&3IzGqy8184{I0{?Kiw!Z
zv?yMpZ|j1MRMCcQiT89KG+spSYha2~YFH;%(>OajEz4bM3O(#_*OS(D+xU}{HKE#&
z0BI{4@p_Y6!M#+Z9bWUj5d|EV4rS5e=j6f+FzJXwKQ1*$ps>C82VJxed>7a!7H*QE
zqie!Be0OzKxhq?+?X6Jz&DpchaUk-A%KBBF!Ll&9&fwd$PW5+%OyjwMl;*6P#vi18
zK529Xj2(l?geLnwbQuNZo$IGB==4wZ4x>-vP3cVF0(&tyJ?kPW+b9eR!mXJnHdgXw
z@+6Q^ex@&aW{zb!P(BN_a3%&_G>q#VCv%%f&D@J`^7qR#Wq3s!X411vvuoGY1~k5c
zZ9$X!Y#q!q%%BO%2X`b2YOo{wj*EV$S2-$*KzWaJ7g)a{xDb8@y+j}~98EcVPH_gN
z%GJnwRmgzhiD9o@Q@o)X?80Ah9y+uoryP7ZVoyFqtEWS{%oOlA9pIpJc|2HxHZ+&h
zKfns)?=@AcOsmo=GZgUSC;;)^8$AODJyMOZb<7A<ly!3@-$xN|9o7;2oYmF)K9Rl!
z7aA0nTz<|ZmcKC*C$L=!j8RVD!l49-8f;~{TnP&cArN@b!u%x;#IZ#uBU+)-wwd7q
zSmI}0Rj`Jb+1VGafV=oaaa<`S7U!kpsk-w%Y+5-%gYAYH7z`eK|4@@jph`H|vyvYh
z<)4y3VxXltc`nsL38|pT%^hjsLL0O48c~pNnjGlx7wNAjFr6}enEu)=Tn$3#n`!k(
zH6lkiKVtuwXUR(Xb05Q!2wSQd(+0bG&9ON|PYJWpqfcZlUh3hY#dxZDL_6=IJWPk}
zxF@ioM7w-{>dKcAz6BfZ(!^}_^;b#G-N!-CRAkAQ*(GUrNtns^6LyoXO7DgC&CVha
z>idVauKL9a$)ejL0>PwLy$Iyo(%0SFX5$-~w;@(V3oqR88Z2~(wWnvAKFOf4xe32S
z-UtyS<>4w-ixZo8y3L=yC<M}uVx;h`y0U<G<p$*^xkDgfeWi@_Xl2(guoS`rb@0Sc
zk^z*9;da)PIz)sh^WUGLmF*2lJww~|lfa4rv{_Tn13b+DV?(_EKWm{RQ(c9?Zz6Bx
zWF)W@c0&o{0C(cZrRf|uG+F>(6<}=kvG~&O|KpGt@cX{LzBW2QYj~g+VcgJn211lQ
zIo@?l5rCOGN^-c#e=3awd<`XvnBQe2N1X|`lf%4EcEh*x^eigd`@0p85ab0nO8&*F
z#g_0||HF?-Mn?L+J}@|xXW&YD=@a4-5`^@G>7(SZCF)G%@8G_^X1aA`0A+a2Kkk4+
zrvYtYS0OutPv_1WeIH$F#%r*UhYgtvfj1+-z5p6ztMah8yHRIib{Y{Ecx&A|gKOeN
z2f;f#LC1p4c)&l>e~dg37VgP6#wY}g#f4b8p5c#)(O<a^d<~rZFxhx50|tWwF8;WG
zNCt>Eg={@7fZ*JkdL5$?f%r8906Y#LLWD~m>o%e`3j01jU#qr&!H!*dkj;~XK<;7h
z|L!;3tB~1m|9C_8^7rG&Doy^y<n++>UjBPWNx0*V<Bp+4TpV6g2>fa6-(x@;{x|>-
zufF~Lv2gY7;v>@a=ebt;YajDH9_pl>8GHEsIak=W8-m7IyKRJMSiDlU>L9OH-5A6J
zU@*vVFIUiF_qVc)tnQ$T%~}rd!-K<->Ycb#W8ahm?C!uXLc&;P%8otoyGU*s`ep_V
zn|rr)1ghIomIHs^R^K>;QwHL5e}9SC+7eK`zufZl_3VA1i~ZSJ{P5@xfoLO6yxdn-
zIL9u<H<By|w!jF|!`co8V-Gd_3^kT?{jI)U=m*nBKG+1;<>kYtwd^IK4vj9+OK2%V
zjV<rz!<`7S{}GO|gJB=r@^{>kJ?lQuL!NL}EUYM2^g^fRHy%NZA5&G=(HM%+G%@}s
zqm7Fn^hOiI*S88pswxKU#aB&Q*D~e;m9&8Z8<#JXNT%$}7hKw_t>t>B_2HAZ+?&M4
z%`rc@$P<)U(p4)pLjV_8OrN~4E{Ix)0%c1j=dB%E0tG^uMjf8vs^}Aht@Z`bd<-gQ
zc~x?QA6#-hy%Waa(Zqut75b&iHYDyH4d(#m6&-H3!9B}6bFV|%9yf!F_(RuXaE7l1
z1B0n>e$m!|XK-BJ2kh65IFEs7hfY^c)vepcZWU7J7O1GVAh{b7I5)$W=U&))i3<o7
za|(ngS3UAs`HewHG~L<<>3fp#ims^{6g97B(o%$wo!82rwdv_)9>J~hBZP4wca1-H
zXoOzl!LNxzhlcryOTJiG8{2YbmK<FXxD{QG7+KH?Cd)n8l*!$Fe1?av@X=ZnmJeDq
zfk;XRpNN%Rd?P5cb{l_YEPvmwAb}Fz`+&7foslqd#Sbd~t*FOHPEE^%ybQ+|w2N`S
z7G?W9PM9GkKcWGR<^O0%`8&wWqzQ|&%e<DsToUHO0iG1|cnHY`izzj90KsW4^oLS$
zv}+c8QpP0rjj4qdMcrI$jy%pgoQ~e=1@XO&*wKqgOM@0B1=0=)uJImg^er2eQ=;`N
z53TpwX7VdC+x@wzfuKg(MDB8ujpwWKOa;@E<;@V+uOrm5b}<+^feL;M2Kg?{Nud%B
z9xCzcov+P}>qexGDL^A5Bro<AdV&;PbtYd~X!Xhl_SIE=(~dF8%-qehlYepBRnery
zX_^z&9zPLl+>`xPyx4<Yz-ccs0v#>i@^aX>kz`dm(j*8nPBzY94iA9P<(4j((;OQ$
zp3esubw&znHk4zMz(Q2&;Q_ZZpBn5@IWIop3`mwWr+S|z6J9XDBDY-|4`%O=9Q6*e
zQs~6njO7)jSG_>~W?u!N^{xeGuS&o=AHnHZJOUF<uHLr_ug%U*0*NvP0yy5=Q30*w
zje(!#taXNbvSBLY1LoP()OK<&nygB@mFyAhR}7`Lts&UG5aceVYrWa#s)+NMVC-ui
z7h223QRf!p+SRY0P|T|KIW>=jE~ejTmuHuQ!8Z$KNvMRBIWM*`M;37VZ?kz;gq5&4
zEU<sxjK;+Umd6p8pq9HddI~dI9J|X*g%WguriE3yA{(w(KKbii*?jcfj%+3s78gph
z9c^waZc}lI)(|~D*vxV5lsOBsE}A?EQnxI=yfnd|#SkY8;50ZTE7#6%rJlL37nAn3
z?j3|qjTSQ^VhY153#Mj_q%tnylOm)IpcFoV%k6rjq)Ba|1{2bxwS=h3H7dmh+q(@F
zhGG>R<%TUOsRn``w<FDMn6>_zlKsF)*`{zzi23borYO&3*;*dsmZuAjsy77F-3Zjs
z&|qvO$j-gpk7%PTJTen+m3R$8O(`}ANCl_y4hM@zo@IC(BNpLwY)K;~o>J9i#vUGM
zpnAsuSIkw2eaPgR;ffJY6iKb~`r$KKX&a`VI|gHTZ6p1};y17b#PFcu6{N#yCR=oY
zN;4~~&$tFyJS+Ha+gAmr*tB!>?37n2zgn0F+UC-`aR==$s@Y%8RSledq4YrM7L8UQ
zaBMj^{rN$IvBU2A`uay)@X>|V0o#wIjEyE?f;rg|JZWu`BMbBj1XjcDWZ7`3L?>1v
z73RyA)-7<xkKC2415Ki6kMTE@0#28Z5IwtD>`T~0Uf?S~U-m?e&i4eHc$(RcoaTns
zlT*Wa4V|4K#3>TB+AGR!jCUQLP0{^kD|!3dacwafo^=?TJ=+xV7fh>Q@ICWLA(^Ms
zijO4S^6|L8SQopc3~LfOKB!#G371tG(tKImxEQ>gy{5>%&V97pf9cMZccgm~PnIg~
z)S-Fu+`@w<RYW5fWU>r22Ud9xs~G9Ifa&TElQ$7Y@(Gf{4*Fra$qu-6ZOOe<V&^%q
zOvOwtgcR*}S|II*vFWK}?yjDDJJAS@PkGXMvKzrU3AERG#v{9eA6UMPL|7CKa#u^Q
zPxnNLXWN^DNz4u4g(gvy{%l2Rds6}4k5mB?mfR|NZ1XE(vbIjIqsaYD^Lk!k>F`t^
zCtKiyuift&FW_zLt6)bKvVP4Kty9)vR~IFVX~v~#=Ax$NbMpX%p*ya)S&<DVdKL5z
zrAJZ%uP+A@$IwXVcWKcV_Rh~(IAkph5)Loq$tUl)JW*K51dU7m&N!g<9`Wp8fL3{H
zT?%sLTS&LSh({vsxVvvnR<&G4RePsDu$p1su4Fa{9Wh?i$pqlKVhOgg#rVMy9kJkx
zVXC&-_b)!k#1arYHA{F!DbVvW@#+k}Lcy4kBX)&PEAYB=Sll(3Y=tAfqYCU+e}yzA
z*pQuz0C_LdQj9R&9MS`&=d!gEM%}*Du8BxE=!wt6F1h)=HXH66#he}x?su1Ji+7d9
zyW8Qt63)+1$8n$~jcRa_bzI@HRNP7`Syms9Gx1AWGy)%E?#8w#DjA~GK9vu-ZA)LQ
znpQ3z2!_)iE;T+8>V$eiQ_{QBK18_-a$o<vO0hOx>st8n)IacsS1b+}6fz(zt6x`w
zU&y^;L-J6_^8YaQ-ce0;(Y`26niNrb6A<Yl9Rcy92+~3iRXT*8&;tY%6;P@gYUm<0
zp-7h$M5L2|NRyHvU0Q-5L`D5>&UyEod)^!Gjq#E{GS(W|BiYH^Yp*$fW$t)+@jRx^
z-X0Te@^2cN%RwVw4I-&;7;b;%WU~D-A}lcT=tH6wLv*Ve5;w_|&wueCV*`U~><%8o
z+64L#YunPQQ%n7TUI7bT$`~=+r}M`}1vMzZQ)p)pPhvvki;(pg@f>IW%_IB65bGwP
zWxlT(WP_NoW=~zLXjWfDGg5Fb@{HP&<!FH$5c5ofy_&YUHEB#bdfKFa_n(9SM!K^$
z%b|}fv-di4nPOWx@2)Ta4bGSP@6E_5N*Ea|nIt4Uze<0#$VMqeKE*b+$MaIk{@gm9
zFMZF#;rl!tLxGg`-AgvE*f)IdBC4s)EuwPgq+JTVAMC2aEPGlGOD}yY=utYKJ`JN|
z33#+G<fo!Cg4@$qC~ak+)zQcT`=V)E@h*%88}>W8S+iaaXQUG9+m=>0@$cKXS{|&>
z)6mcNQY2p{(g6<+ml0~Peoj`~M?X9mE?m;@bv<Aiv=yrm6ccd$^l_$Tl$w697;S$#
zpS`V&WrQSU-CypilA~zx24g?KdG&;$&melsrHrf`xRd6nuSGrMtUWcds)<imBPDbP
z)tJsde5!_3&^ci=pXg(t>nY9*M}kSeF{%1lAk5@%J06prdjcLO$$_3fS9QNF9cjA&
zwwpc)NMN8vabI<yPh&_6HabJl#d_y>Z`+-=4)+{TF2s7w;H0_ybg@1)M$S$8y^Y#h
zEu)jqR+Vm%SVW`;yKcKla1~#T4FuLNm%?i*cB)h7=`_8(q8V+r@YXt@wy}I-wgbFJ
zm`2@VmVc_wIU55Y4wGw9xklh4VZsw-s^$(Dcz=IbtK)g>2IRdme6J(M9OE1xt(gFx
zK)RQN^ng#;@UyHJLP$kPnC^2-bPV~JiP3zA|7#O*A=%YqrV&ljkAK_1v0lE7ohWdE
zD7AfI<!R7}K0-33JiYJor9$HQ)jMH^0RgK@SlWg@K056Qqu>aZk!6MCr=MR&F-WJ8
zl#9QlJrg_s99YgcWZ^JBAhGGDZf_HMnE#aZ$?*5xCIYOe7y4A2=X&`Bexf5bAtC5H
zR{+G@GO(#xXU^lPqkfTngH9dwl^*fg;Vc}^R8zHE42=Qr1B=zeq}#ycaPSDCOFJU0
z*1LnZW!xz1g@+q(l;W{P{tk`r(2aUEhqZ~=Dj@<v1Y&_4cyFN-<q0OQpajrxMq4mN
z#V{9{wk;Ak-j2fdA1!<8O3?Xviz0gqyO^(NHn6Jwe#+dY+qh6LzJK#FK@Sav?mU3l
z3d*q`uY@x7?-$(yya7x~m*^2BzX%Vp=zR{pSaj|F>4)Xvnk(-=(a#dJ^%P;j7Q~e>
z8toMt54lI^o7}RPo<O%l)Uy(tGt1A#h_2c$g_1H#c<p+Ni6&W%bvoow_2D)?7Q@=*
z1OV*;^q!%G3WL?wG@TO9bAaR>Z3pIMjI4SBxYxNPoFLSxu2M#D2^N_vB4c}od&I6_
z?h33&R9UQCDAOM;*$5ScCO7{;t=kTs<POb<3T{)ZmC%-N4{ggc#hzt3a_KaaV)c&M
zP;JT$ij#NSPY2}>qh76aW@F>6a0^ove-7Z0`I9o9aPbm*aJpsXjq7n!@xb)_?_Cv!
z>W2C&TQ@n7)zPe^XfBZW2GJc+gD2bMpb1NQupUI}1ksG8TQp4-^BUYq_8SP;{nV;v
zBI9FKJXQpCOP0c7BiGsUWjbW;-Xad4#0Ae3K-fy(-n3@n_taaQ>&-Zsu65PyMPV3}
zspw`UwS1WqX5mQB07SZdD#;sts+a2tG7a+`h*t4t1!oQaW;_xcJrW(^xR|Q&)GuCr
zm_thnGr6IAL=mMK&SM&N<2tlXo-`3<qiy&sUg8Oyb61?!Ov`~M3VY+#5O!Y&j56>F
zw9488Iwf$c*)szV5q~|TkKRI*&RU<H#ySccFv}NOlP-=ZjNt_`#+i@PHj4bWVFvR3
z;9Yq(BtJuU8PbB>K8TW4SMBMAI~}^|@TSiDnfWt(`R4f{X^8G>P4b-o#pOV=BXOjd
zD|@%QOv4LBIe*v8d96r?>QMC$D-FWW)j&=j7@7UsdWqt_+V(AFa>s-_wp*e^S%{8U
zZoK_WZZ-_Qi*N)i)xs^Dnv11V=RWru&2-WGYFX8f0g3aR6GI3@@8q2Y6@dy2W?~3-
z&<DEe<kg26=y>R{z3qp_HbLWX1{YaW6j)*Jc}DsTG^FS=iwYP_?xIUOxB{qmn&z5=
zeDaOOOehcz(v{aAjU6<JT=Ad3q7QEz>>rrXV;M}hi=4y$;VWBA$x}yzsIfj6^Z?Bn
z#Aq|~+yg`dMifV{*x!_uc4mkL;(UiTWYs1OJ6j5IYcI!T)iy%hdcY=ZnBW;?@CV?c
z?Yz>Y-mSci5w+mH+4#{Ql5W}<8&U!$CC;BzG5^Oth0Hi<Sb^@}*Ws=sp&ixS*bm6D
zp2Enscw@X3$$O&7sKr&MaLiT#^EPSADCAqc5DGTY6$ve6JD3?Nsftz)8*{Sue0cgF
zBH#FUKtTi;H!g*IrH!bf)2Gm>PB^RGM)ElV=8jrl|7vr#TrU3*@2tGJ`H1jNj3^7!
zsyAa*Xnu~}cU`U6!BX%E3&{&*$KQd@lQ>lmCDQ#+4bh^Uyx#g0adB$*eQk7iJMy3m
zt4GVgso3HxPs<R_U-Ue?Xx$|qe~)iFV0s=)lWO_(H;XV0#hui0uAtr{8h!)-H%NyE
z8;LzRJ5f|D3r-T$DjixMb0TB@#3AX#mt0O_!sFF!(r69ZDHp99h}m@9+!2ytC;~+9
zrAR`t^)^JiprF)lIo$|6VU5&UmTAy~MvWbemanu&5x*?0tdQMcH`Z1N`(mN6r|$3^
z65qP{9%EWA9~<2pL43LKoEg0?eLO4j^)^RWL2Q(nLi0tP+#~Op5Ic;ZSlkMsr_s}~
zFk0gxBIe|7`Gj1VM}n<7&*WiDH*!C=TSY!6F3#)TJyhZJYk^FM&XAchh))#6Ti7^A
zr};c#x$b-R;g^gcur)t!o>rXXY=!kFFeEt^nC%|*0@*NqJk|+W34GFg3Hue+9&<I%
zZgeR8<~Ytl_OM#(CD}5ZENO1EV5qM@G+g@tgT4H&x%WJ1m<7?wO{Z_a*|NNYdx6^m
z`fnd^k;ROVpa8Gfx%n$2>PqE=ZCw7X#}v-_p{EviaMp);MG1W~3fniVq{j*#oO}aJ
zV>|(E3O~57(o0UbBDRz5t1we6>vMA$SoKA;|F#m5DM)Q}5$*RqtOP~Ht*yI_9?!c!
z){Aune8w{l8ivS1Gsc~aFE}&+KEGp8YhhWqXEqYzN1P!RGVz)^yC0~x20GGl-%lj%
z=c?b|{}{k@rd_R?xF2`R_|0?EvL_RY^m;w(;_M;lAV7P-<=c<Kk<EL|7U>lI?Kors
zNHu&EKnfC<pub@1alHUB`wWA6DhK+?#LXS%SiW7Za*I5)gZsi)%jF?9Sk7+0wUcrx
zp!{_yU>x{>aa3Fb?b)oGwDj8jiRM%F=pl*q7RFI+aC2MIlN;t2Kn^Az7o%jEnixNV
zs2QI=ce6bC(v-1A`tB(}(H+Sxqb<~C09OeQ!#s5psKZP^VVJh0W-@W@V9pudRXApa
zaJH3I_Q>Z6ZVzxPg2o{m)xZ>@erP35G3soXxn!?krj`Vn--$w$5ftKooKH384k|vU
zI|r!25@Vn#ymZt@OA~mUP)Jt3zYKXYh>pI%*FK@;yF1Dg*=1XT(Rtmk^rmSWagVj$
z^p&>J5p2N-c(9zHwZR8ci|Wztj}LHZf&_cIy;UHnfk50$&!5Ymlt;JpYlv*eKxca1
z>932HI8r$_-hU|fOdM%%t?t1<f&RoFtRt7c5$AoEobE0I*(Mgyw8g+P_Trr-4+!Ye
z7Vj9=wF<Vdko<UbWoyp#^ju{_7K0%%_Iue0q=#l_=Gtl9*59$Z;6YO>YYb(;hxwKn
zRu&7!yeX3_MBP*}e)U}<OZquPWTxWdF$iS2m0tpJA0%p}!AJ}>`L3W_{xaCxEbW&8
zXIBF+x_a(d95Z&^{>Y*Zt?$v@2~E6L6&F}K6=i{!jRSAz_4Ky=a7H(fKE`Q%+bhkB
zCy!$-I|^^SVPD>uw>sSLux6m6wsN=f5n>if!VngJDDhWKUp0og+N*^e#M4c~%LhyS
z$KU8v{)v}U-U^|n=1-MxTj5LNpe0%*-|>0ZV#qh@zQfJ@^0TbQ>F9>Ul+pw0j*lNp
zJ(JqtSNp~dqggj*5me=1Bu0bmprA-b5_8v7;0t5z6>hE;psd@GaN-C&(wTk7J_FTx
zx2-Ea;BwH&1(%bS%&m5yq$uA5DvqL?7ye;kb1<v~GsR7JEt4WF-))6r{IIan(t2N)
z9dCrpz`n1FHz-DS!DqAQJh|x)#o2$jNO0Z`p+AhCl|@}X61=^t-v#fTtqwWlX2_>1
z3*h?JPin->FO}!KA5~&p9Ejb)9ll!2Te=qjajONH0e}nU@3GtZhLY^|ABFRi*fPqa
z1E1b22hmS<2Qj~3xWiOQf9O-7pJ-u0g%+}PM~V4^$X5_3i~izC(N=jL%C+r#Dg4P_
zl+Hg4Fs@N<()(5ic_Dd}F`AIzB}^)rd@Oz{C=k_HqQWopoI8@5%6p+SC7wyFrw|$)
z%1p$|sykJ&q_}Eemlm=>A^7&V({OgJuNGWs@g@fGu@`!Gz8ESlUlFLrzKzS;i(M$6
z(&d_q^(R5>R^uyKOJ5o5TyaFv_Z<pOZ-zMybf4FH^~TPH^BoXBS?mdun)YOolXkm;
z(l2dgl)+(GY(m0giaKdi5J`kBmm=cTqdQadDaHf~+}zwE!3r<*7L)Wox||J|Fi}q2
z{(eZ3efw=_+zEv1&1`YiE`1(9=F|bJb?R6s@Za9sEYii#clYpZt!Y1v9*lqV+~uhn
zRjbfjyZ)v%_;q7Ej5u3hp;JmYT_SOUw(~G$^W9@8A|#HyH-_(O^;4SP?&|49#9IgC
z2&Xm^5>J%3@({2ppQqK#wpelt&?jfv^Th4;ls=ByK@9a|GI6+@dW8qr5GHiN*bt6K
z)IRBl-!(#>?k@`~w~XNlcNj_6fb$!3J03q*J*b`uJJDY*@vyP6nJ^izvx-aPx)Mv(
z6U2#ct-(;~+bn*zGmdNal;^Q?2Q~pQ8dB*PSO&SHYfb@W4ffNCjRBCZUT6e*hV^f}
zhGvP7`}By}<R)x;ROfnKv`PTTWBW?62Kj`bPc&U+{Y8x^Cz7A%d?M%@>wpf)i+bH%
zz;*nPO4eI|ryMl#<fb+XTI-QlKJL$w8rOaXL8b3)f}oLVKcM&g5Ltm<TtrQTU$nij
zI~Ff+poUDF7qjkA=aN@Qn^z|6P0TIMFp`{ItSQRTi2bHXkMTH@vYWB4%cQS_7K;rM
z`9rtD;r5=CmyUAVnn1pSCkU2>#ZMFfp$YB|%PvQfs;4gOqsB6w>b>FIkht$}4wo+{
zGO6t^+?@ZoRPWIJ9DI6jB;h=Y(z|o3>?61493R%*L9IU54v~Md(h30Yujs~sONn2!
zd<(@74~Bz@C0L_!ko!pZm&suo1d#{LY`w4d9JodCIFv_3ln~5Et`#K%=B^ZEU1E=W
z|0vvZI7%jDQSB&{?;gLWSNpz736^2k-&s+dosiurmNg-(&D<H!V4!b*1id|`kkK@F
zyxjJZ#D82)+nalAZRU^yKo{Zx+e#k5-nNJ{u7!=|-WqBoB|1#r^u&+gyGOoqQ_aFP
zw<8Vcs*^BaR}Kk{yC<Zb@YH}=?#H&9`!cR%3b+%gS07!<QR*4%`!=Md%-R`jQaaG(
z8K`5^t$3v+-ENOm9U!ttMh=yin|F>O-}pa|YCl5)ued%jI3o5IY0h*=%e1m!+j52q
zkl<`gLi1J^8XBo&V|5b>0hBa47Z(o6dXjB?M1XPXnnC@wycGGs0HUjoONUW*UysMk
z-L92b)}B!FrCFG}H#awT9F1y_yx9AkjX+3Zd7AQV`%PdB*|i5&_nj={xZh2^9^p|`
z4A_a-y+p_5Vk3UIwb+YpDj~SV$J6QWehQ2t&n0loVbE49^9$VZun$wA5ZAmI<ReE}
zwG#u{Dtc!Z>i)zjZk*JX;7^IVoi}n9HQ`tVr!Bkp(3zq^a}|p=bC6pWl7W__rCsH3
zBZ>{peNy)V6Eg_pKvw~UcFdFDg4Xul_2o~>$T9rP-pa}dz;oz@WTr=1hblELFm!97
zM|m=mJTd>0?kUHSRlAD8rGAt&!^P#c<k=@}xg4zL*B-pqYKTToie;(v^|A6R?62P5
zjwbf5R{Wgx+`oPDxRvf%N$?vQUw1%&Uw!>jlkZ}9TSQuSXV<lS*XwsYJ~l6S)aGcp
zhNqRd`hQX>bTJC^L%r2=3WEm3m6oDg_6(ci_Vxy^_XPBW46a-nyA}?|+iBBhq_3o#
zi-1knm!)sC)Gl|$ej;>sqj$qfI{-_e;ph=sV;cwcD0eOJn|YT#j7Vobc&v6=bGj#D
z0N-nl{s20R$qfb{0+z!ILQ05ohcqsSa~zvUrn;n>`9-j*h%#%Y@-2V3IWPS32H5Ng
zv(`qi!6w`c{&HXqaCZ}Ke)*DtgoU}VxkM>lFMYOrMjUbx9bPKmMqKV9O25*O`AFm!
z7TzPoFdRO!aFZbxUMf}kY!p6Si-Ag;2TPSO83?%h6f%>$?}7B91BxsPyHs9c(BLoN
zxk5#sP{UziqX{idt;)*eDTw<{pS$1^nS2iYZ>X2<sEYr;z~lb`M}J6(xx>=`HG-R+
z9@MW|MMvuXzX8Pm|Bhl5zDdJCH!iIIAG~=RqOPv~-;i@TMQ`crf8pl;kB_{F+o#cO
zKw9(xbVpyrxE~$qiZTwQxW3^CqU+9Q{2w6pf1%wpg!eyC;1ouf9_fsN!zhy}&NT3a
zShk&fLOUBiAg*)~N}HfSX>1!36-u*BA^n`d^nJ%*XmBqUPevli;OjCp#5gd@88C!_
z)Rea|-HK@QO=A~U3VQ$KLY6r5Ib$)z$!8KjG>&YI?3#21)oD8pjCPm%;6I?@odsY>
z#FypbZnueX%mImv$H)w8kvMBHkLLVmK@jI>YrdSkw*c;W>Ji!qM}<;u?r?$VP=E$n
ze~Cz#KT!j$#Vn)KbxA9xRgKCu*rq+?kh4m!k3ysCiT*y8<pKG8lBx-O=s`t+Ky>4+
z9z<s-m`pw+lgVRxah7{6om~VZuVUarDfaM>E1DF7EZe~CPl7<vdWaMjni;?Giu%mr
ziauJu>-B=)qO?a8RZkuK>(gUq!NMD&p}p9~C9#z%7~246_{!_$vNp{*5Ht{Ib@+^G
z_Dd-TiyoQlqenL3TUK`6bo`L&&W_X9Q9a5s)6lYx>np@O8H2j;;`6(Y#Go#}7?T9K
zg9mv7sIu*g0<3DaU<yRs914y6e`60IX%vY6!yOpGQ3A13v_Bj9ipEU1xq!l8=y8u|
zQMCKtVSsGvzo<={Ij8h>=VLHu$n3=bj4vz|x6id5sPdm$y_6_aiqb_I=Ke-I5h9O+
zlyUq|F2*n@Fk0=+f3P&JCY^iPf>ht^z&t3%!@xU0=p!1TK)omMf3qVzX?%d<|4r8T
zPe7lJ5l2aYdQd_R^br`$@t?#1S}=i}Xb}`ertD*A*#CdTF&~LqzWZMRNlEC(aNy4Z
zK;H2Y_^FOEiaMo(f>QqQA#DLiN#6Ls$O#w9X(@b)XmiC}o~{=J{Njo5#g_YuW%<6b
zP3OZzdE0po%|!UAxoJ0NtU4B=2_SwPR}po0(sC!h`4!W(BD~)k(30>e3^_U#JCP@h
z5MAQ5EK*|qbqBmc1SUKZCqkWoZ3P~Vn$yq9x|o_TZ*{W|aiSAm=Wfh7`DncjH1B!w
zKA-V<_ikKY`l!hw#qGT!+JlbkA~FGcvqQ0SsD)?x{WDHiTuxJ4)ZBgNC(4w|c$B77
z!Lkn29tMCa<B5AnifTb4k&LZ%1MOj&7aUOrxaGcy-FXyl&V?C7i97MoZG~RJqE-re
zHLb?Sdb#2b!MUH~6hFKO@EO(gI90-2j_oma0!1Hgj3hoc)CLDnN5{QJ)?zfm$<xtS
zzMK&q6jt`iVZ>&rXLdPz!U`Ha4{;!_5S&gs)zw<sHcMuj&B5eQNX)*C)B*w<Wxe0L
zLcrPUpV>{ky;+mcv)oUfdr5S}%of}y66@QQW{RL9(3|e4Lz~3Ov92jQ|M1z#6%4d`
zD2JDour^PDntE%_tA6gowaG-h_l}G5-sqS4XrouS1BrDYN!^9LCO??r2OkoH#`u98
z_%U}}-2U6xRj+XS(j8Y<s3jyON8ZU}YisV-a)PVTd(6;RPf$c#ZwaoO7lxXfhKLb&
z_4T5V9ak#?Oh4dJ#UJqXmc7)t0LSlSj7TY_OoW^tT)atKAr1fB6Do=?@Dm7W4s%fP
z(FA6AELf35u{K_@q#W*O*|<2zBA_!A2oDHfxevp<4TTACOyn0}*f`9;;0M5DF?{js
z1Ox&ate{Xl1ih=)s^0IY4Jjyk&cmF3>R^e%K&*W+2W_UKdI-115e%#pQ73b%k17l{
zZSj$6p*WGh!Fn(*P*>WeFae7%m4%9Lt<8TDuzzc(dgtJ9ny~HU6?K6_*_M^oHs=jJ
zPO0p@Zv!O`bm}*P$TtDnVF;0++rE2qCxyywo$ZwNy4&U9WKki<2qacN5QBLR@pdqZ
zlLNQScm?0OX}j`1*bj+pmUSP88hx7+bn>eWo`V-GI#NO52O9vWr*KnKo<x4My4;NG
z3p+d>)u?u7X>)ry7cmRd`tD!eCr)GZgraw#V#r<E8bN`v1MO))llxcuUD6RvkF<wb
zUeton=1I*f`1b_de4v3PE(xPMaUjk}sxl3*G@5%(e~?6tj!|;br(6Q>?VBCNchC-P
zGVq*P^H{#T-!cTv!7h(F$8X!|r0Y5!lMs0~VG#>4gL)YRB5n=?RZf#`Z~xYWZp;%b
z?%*H7)H$prUXF6By5}aE0CU@$Sb6<c`&RH0Zg2lZPm#i*hpwrk+~(RIKY3fmftqp}
zF;2g&cU=k7T>vcChj;LO_)6Y&Y`dYu-CXpAP6X<_lDJnH(Ovw0nYa*6es7sL#6z6Y
z44>IMz~NtF$JuH4_lrevPW<))WAB&PO}!0FYgn|9UTsO}+a2Banwu(`MaCrY_YLQZ
zn6AwH#06m4coCz&aRD?jLBBwAHR3VVQw%ywclH=SlbqeFIE?4!7@sh=1>m+0CPwe+
z?|pvEn|>Ikp&v>9OjjzCyFb~fQhu{PA;%aR8Y;H`q~AK%iR6%s@H_&26CD%5R~(U*
zZh?SV#CRAG(+lEu!&dmoZCPnWhzNj*&+qFL6pY<qx~m&k)qUm%hq!QLVqT6ZQ`)z^
z)%3!*c7pH(%ea^$Vg98C0jT0$%h@ig^=ZuJlKv74R*ihTv1S=+KqnU(1$x=$q11dN
zmh~9Ft|oZ8gDX=g%ToKEQ{(_8(X*tHb*r^N9@=XKz+jKG&<{=?!DmA>7YwXEtQi~-
z#jzy=P0~mA-cX0erza}X#dG09m3K?wzx5BhGEoyy5I1Yo@e3)2cx3+XOm$32;Wz&?
zJ@`n<>1;)Jiy{?Uc^i!lE;%|nJHwV@YPPmTu4P@UYr<p4R~?5I7S^MixM`OUCdEXY
zEPjMGdIXh_A@|d-3n2{3Cd8>N`@YoFV#2~xEFY@Zo5)SSrf3unENz96Znf+YK2qCE
zS?`T)xFQ5~D$ZIhG2RnYEF%(S?vYEop<7<OsaC903}z`>qa^Oaa_|Fg9z7H~1@e1s
z=ofu6NifAq^cr!M-hbD`V|pa-Hp?5_SPpourY9-JYEA2k@_4EB@<Ni1a1zL4<CUkV
z(wA0FMCdJWV0bpIr&zW&)H#Omej@6)LD}1V*W~*O1QQw*9<<JJA}ko_*-V<8X;)t5
zrib;Gmd08`IO6Q~J(iZ41sd`KMbmEqns*Cg-Ekw`nZ%iBwV+qMnmn_7BQsz&evX!6
zh~Zu~i`#KU?CBTcYj+)J926Mq8ejO{HhiZb`_u8y5be*}k?te7C+bXKuD#lP$}Jt8
z*+IVfFx(hX7OTG}W}T+MYU07kHyW6OFd|Ywfx;d#(mRG1JCLpRmw(0)qlv&?;^22g
z{R_jQQm3dWt5AN*%mog~R*&0jQP9YCmD|fH^3~HjXw9?8X&Q9^)0!K;v^NU-^ffL3
z(g6b-8KT@5;?<Fb^Bj@p3b~ZtPdCM*ScfHM4tuf6?UfMRW@7Cb6ddjxOU%q1sE_E)
z?1d}DvEOpph^Yr}18=mfX!?@7Ux43A&PScQPxkGN=>?N2Xz6f&E{jPJ>Yxvwr<FSK
zTs!8D$9%Y}q?783WVgtn2SU4+i`OLX{8W<N;A2&=A>!GU$F+7ZJ?))bR-o^_K#(}w
zHra64hvDW+6829P11DelD{bGbI~B`A578N#OKaGFT!b#T?<>2`qjjmoK+N|O5)nO4
zMv^de)^q7xhjSxcf&OnyID{Yf@paX09a>;R$gLPmPtD$I&pHL|*H^9lB6c`i&|_*9
z9Kmi%%@_H{(T3PU&9V;&*ZYZpVkoH$u$bm-olAfKx%l1JVo=)tOFSIi%V?UsdSd3~
zzWwJFJQ+uv%<HZwREiCn5HSz<*waRBr#kTX!k>pFOs_B9i*3|@6n@(A8T9j++dI4W
z%Q9M+ZiKMh*%^sRqw1@tlO(3uzIl(dSG!W+EwSBKyNFm(`)Qk{CEwd44%M6NnMn9{
zu)n<0@+!edzBD(@T@T}PRI9+j5Z@yzd0KLdY`u$Iy%S-Jix;ao?79a_UF*okjiCe-
z7l0w@fUPc!h5GWR^N`wkp!Gp0vI!#JwK&zI8(SvnM{<g5I&e2rly=s|c)a#qB4N$X
zddxRySY=v(HP0^YxvY7CbCdY%S6$OSD|>A-MLMWY&Q53G4Q)|#I;Xw$rl5ns7Jrj=
z#iZjCMsS^Ht5P>LR6*5Mad{$Jz!^92wh;C<U?>>0^?6A}pwPw_C!**v|7Hu>h#AR3
z39H|{i|I(OK9qR8Z4Gr!^mz_@Bm!wX?!lP*wMFqf57{^@ue(<Yd;W5{TVCP<T7P5j
zU?UUb#RZ!iug(hu$BCkey+R}b*M0V)`&d#$-*VGHr%V42<Ekb62`{9*`|fv+3Cx^v
znl3Tf{t8;{$4@X28maO4U<nf5XBz8d7Y-r|`}*z`Yk-=?e1z(0#x`%bR&*=TS}GnC
zj+~uf)ObU{x`wl}=UHY;3t@Qv@J>u{_)~}btpWi-0|BVzdPJue>q(Ce>Y0YS!vyoX
zCy?=W#w6SvIv74tP%0#PeKp|o@=KhkB9dy_L!7G))6F|2748>qL&d(5ob~!Pj}OCY
zZYi`$O4S7;k_xD-x}U2e&Y2BYkPfiS1utHRMy?+6*QhXBV#d*>N$9r5A)P5Tmg}%|
znd{K@&0HTIe`f$$ZupTJw+Y`0xDk_Ov*7Lh^g>jdzTvt>r)^-4kLF}P>P{TzNkt8+
z%TmC;RU1A@5Er}TE)w*_C6}dp*co)As11$hy09IsbRL-Sqz4h(D6$ig<H^lGS7H-K
zjkn)>M8&05SQVyL%k?-{^x3}!-^S*4N=|P(NDb^YpW3O&zX`yv)Kz@A;w~Q>b|pEK
z`_`wxHczTqT}F3IOG|?qB!RQ1)o)+KFDs@POXwp3Eui#kYnyVT39mjehNE@fQkZW{
z5?)dxj*i6T_gg^)MS<CRp-@*i$ONa{!ztb(wy=zoE+<kF6Ia9MKJ8RR*oAxfjMpb5
z^JHOC=wNebs_9cMlX+^x+Y0cgHm0XE8Q0GppWw8{&IzsaCP(-ph%_-_@@pDccyN2N
zmc={2chjxT1&>QyI%wD2Zhz}}IyVzFwil^XZecR3H9uE27y)1qplO%+hn~~lI*|Sz
z@rm#B)C>K2J^b_5f%}SH*BmqkKi>GZ<ZEn`PDDu2XRS>_Q6~0_#RiM+d_)Pw^K(a^
zj^h3C15NdX8w;H7MsrdA%@|^H(}5?2c;465+!squAQ7lg{0{En7%z|4pO=Qhe*-SJ
znp|!rnAlgg-7TUw<fHr+!T-VC{PtJs-`EfDwkW?R(aD<Y`f0CMnYMA5DLv~ioUyW=
ztQX5G+H>)b9}cdzgRb3+4zTRbi%L85ELK~vy$^{<3h*inOz!FNTp<o$H-=W~=+ivg
za3X-~+sVeB;fzm^Y&U!3_NHA{Uvk{`**?R>VLEPv44tY>%SqifW6hPYJJD^p-Vr1P
z5olN&S^DU7_Pfh@9Pa-+z8w4by=kr!(f!=N7~%+tqa@rpycBZ&RSy$Qrsd20_s8>M
zx2_aX8NNAjwm?slQForYr%@M9ezx1&v{G6)-R_*<iQZ>EL91e_c0PzVIROr*lyLj%
zWNdiy(XQL`<YU|Sch(Q_0=OQr)7g$x8O1FyUif|O;)}U=*@MuR)HnAJ7Ak%!YJd0U
zTmF>F81Y9^T>3H(F<8BL$rD}I^c~&K*3tMQ-SFtuX`3letMXSJ$YsNg4ZBMX*F7Fu
zL36JfuibA-*~?lPx>!&LS^@~yBX0Hv*yC%V`+XA{Tn?wKxTmCQwwpd&TgJuRb7lVs
zhBpl*nm`gaNeMTl+tYwdfH7&fs}b@EtuFIFNB^1jLgFtoCljeSWXrZzUX(f9QjYZg
zN|gDv#R6yn;<A}_blHn}?Y!NxOqlX8_`Hw0GJ6>6<^J_{#nZzTRIh16NfUlti;rY3
z6IYI>+~1C%wqV4D>k8qLHKS`Y(ytvHFAZ4PvGgTSCX*IV8h?b6&i7ZGrIFf2Y98*_
zGPM-N-{+oaJ9URP#BsXEeD-`FESVt0Kc$T0Hz`|m7F9IaT*7iZzOj1`WZhFfo{>&5
z7b$VKra7C;)%Sqr2Y*8IW7VI(6#phJEi3ZIp}K9MNn~>Jpm(B`0T3H0P}GxLmP2tm
zBBG|-OVSn(H8|&PFIwCx&G_0%ADDycVi4c^cESSqHORNAHm?Y@b|DU7irmihSS_9j
zg7~H6jM&(`e^g6lQGjnaXEdrlO7Ujm8B)#Cg^_|YRrYCYX}(OpbU&bzp>71<ITjtl
zycAazy=nR*DH-2PQWc#JKhq^4v7du$+8%_l&Fq(=912z0_=c20W3}E6w|xP7rq~sO
z1L;EK_WjfWh>ae0rkp%=L63>0*<P4F^-&<sNxtT?V4Zd;rsHLHgL-%HH6e*Fk_3k;
z--NOWZM#c%v7+M|`K1d`D4moBeUc9GQ!#UW8BO-bp`AB|h3Z5?G(+8{DgPe+lW_Fo
zY#X<q@L3^#$kyEGl1iMkeL;7QN&Dh;<Z^g-|8Ub=Ax|{%C$YPylSm?$ui%K+wL~6u
zNrb8J{UackY9bZt-0u0;_V8~Yjtn-VE^TzK_T4uRU`Mi+(q#Lzuwtgw0{_p53IBVl
z%cHLDkN(4uF1Ob5{hr?Ie-lVO_|SJ&XPCq7pQIHVsKZX(Ci0hJqcr0KV#iq=ga|{?
zx*L&bCEEOuMj%w(B}^JVuKnij=Lu>(E>;anT*fXZFB?6={4g7fELU^*H7X&RQokqn
zV<01g!4Qy*muhk;>{q&7#1p_EPnTo+f<8uBdru22`I0GOHA94SPJ-txJqqZxI)mJQ
zM6Y6d)^Wc}&9CP8%7t}s&ONm^K37!JICu)cXC-FJYr>5!ddWpo;vJ6@nz}t;ip)Qi
zC;RxJH^mJI3utWE>+PSP+_e}CMh$zsd(E`QwJzv3%=JQVWP;`O9r;E~@tX3l!db34
z-*COokj1a07+YYlr8|f_xXv1M>80a!qhnQn%gz=N?_cZT7KPyUTi1SY$8&STR=@D_
z-2VaFu9zI*4^qgK0;LwK&@o6QC;$F+LhIgia=t~`s88OG-RX!fS(_d@!BS=dN_Fm9
zY64Aofxs~OuRqc;0^F(ZE-a>7o^kvr)i9`F`Th8Eid@JG284)`1wga!pXNV-xIYXG
za&iqcf$3kyd!%=mg~mUvFp3xPp(tjel2MPcvoh5udgtnGoJq0-eP!2WZx-BZ-!4tB
zjj#f@zh=2=Qk~B_*$30)GSoh>4`%mE{xTUb%D*qh<C20-m!>PGtGWA2_8+*y=vZf`
zk{wgwjmCWcqWNX#RqDu=YMzX3iWE}7+Y9w>;j8AK-$4&!n|3K=%=RDH`NHI{)!{qL
z&~=4>tkaPVRhg(DW`%Q?)S@!SX8+8#l+iRJ{mS&T;l?`~&j+mjehYd0I?TK&->&AB
zME#ckC5^<&e{er!`X{e7Y996L79&&HRTwUuga%ghof49?{#E$<Gg$_^7Dgq`ynDKN
z=i`G9G%^PTX0UFqVQT_>f9WqH&U@Cz;YHvE<LlP1)!t6NX0>VT2E~r`b6q{e?%(d@
zK8;byOJ)r!5_Cd1_mF>;6HX5QCPYlVIOP`kt(T;~+RnZH;GZYQ8xNo0Nm*a$1PC{p
zlZme+3`Xg{H5hQOZrD!U|Hz|jKlIUi!~m%{{aa0w5pa#iD9={jK&iU`J%|1I^WQsN
zpIMCz`GB-e0@{~;zN=s<_s0C)*}vaI#zpVE)7Paoo#?K9m>3rQOPNYZl{7NT0+@Hz
zGy*JuN}oy^6&%8r7Ct{prTeiEZsvEl+DQ6U@hDLGvYq3<%=xg%DoqyY?`%`m8|Lrm
zE;;`=Gh+8H3}P+~R=jbeD@Q65h(@-yJ}+G_xpXNbKZWj+`O$Y;EtjK3ghJU=KmFrM
zt(@vxs+GTqeX`&8cOQZd1yY^qgf20D@nfal^r~;sIs3dUTmSC1y6oLMkdt5s3&~D=
zb;*oYO@8sq0BNfXB&g@Gxo@xU@Alt+^}`=H|4hxVVd63Qk8|aV)2Ey#|C{WI`?FYm
zGF5R(2!u`HVgg%>rZkgnA27-F1(-Nq9s)X>Uw%b7#=%+E6BB+vGSq<cXgaVfS}KCf
zoj@+*nH@KBOglB+*r(3E`jWL!iT?R*m5}ZLybk1TSIMuHva6zZ1OV@O3$@~6Pi{=^
zd=FiX#yyN}eJ1{UA=xt!f&IQB!gZSbo%g$>Pjz}N?`)}Kp{3F?sOv!f1)F)wkCrB@
zPg*r|_Vq`V+UG_|``X-#Kg=_6Ngp2yd_nooBSP3O8o>w6nzI~7JApx;iw>JT|33If
z^AG94gZ7uw<|%Z=Fgkwj6rEq%<uwWqHW;YqIlr$*{9wBC&jT~0#kgG<F&0dWb#p9G
zXm4!CH{S?rPNGA+;f@_}tTk^M?o74gHFNmQm29Jt{zCfmLr!~BH!c6sF~?FBp=L={
zHQ{^>g0Q8C)hGYgZo?V!YPK0UDsim((H}-Gl24ro`{yb*m`0Qh>$Zqmw@<a9@#TR|
zY)Tz>(_P@T9};7Ff<&M_&n$xWYZU1pDG~EOE(_Jh<{tW|)vSLfO}yFvn3w1p7_93G
zr`Yd(k1Y=?Of3Om^qTXu=63w-*1<7)*J}lOR3Aw{%40CQA}iM8|5SR~E;9a*2q=!z
zEr}sXlgdGW(oRws`H(n3h7;1dH%lxm(PWtoji}9qP&k&N&$YmCC_mFvZxm?cY9gW2
z?J8cbiz)5lDzko(J)yHdfB9b3fnT8~QBmDzB_c*_tTZrcx9nb=N9sOQuUt7irhh_#
zJ|9t}qDHR?OSO?-nP?%#g$*k&#CBFkLX{%*lon$r>x0nSGia#KGR6ZCLxlQ6*<wsS
zJ<Gg#=}zfl<wy75!v9p3#6&--;Ub(*ctre+BodCRQI_1gnk3<Vf#zpA(R5Pu67f_U
z8YjkAO#OPVvs1&>rVdLz3n3Xv-L&HN%#oYw+N476*|RAHfn$7SQsgQ7FHfiLc1_3A
zZHv4ump)w`?uO*k*e|}lTm{b5g%TIQ`u(o0Rq^!EP|XP)ujImpH_LMxvrFW5?Op0T
z?}~5I9js~JQ-#6Kmx1#@-O)Qt{u<#~Bp)^FP*JpWWuI>)kh`OE$3YoghFf_UDE@gk
z#`zvRRs!e{W1)Jb@(y}_>%6EHQi*uyROxB;GA9$sCQ}197yOK@N@4q-BY228vnNCy
zhR4%j7950h3XB(~FDk{8j@e|=K^`>s8p+Ihj?tN$6RUHi2hoR)IM5&Ul6fj>pvk8(
z>jtyT-C4L)2yeQHmLPpLgMGFZsJ*tXpgIcC+qqQYYao4@<(Xsj&gGvU&kvMobOXOj
zJ%PUBSHbppUh>AeymcLs$guq8G+cL8B~dZXF*BNE>EGs=ve9ra>g{l;$Xg6Xg&1Cn
zPgG0)I-zpie*?EXk@3QCO2S+sk8(9W{>sMN^LF4+2qjj6yl3Ctp|1P0@Vj6DHSEbf
z(FsCzM+S;NZohpvho6O`(b->o^s`Mt#{(&cJFa0b+@jJv3le63?SL)uZW%R6Y)8_J
zU##Bpq|6wkD+d6I2Z|ZIUnuxwvgjYb$;vE+OA0={Ic>^(myg%ZgxAh>^DCf@G9TV%
z2Y|xO4~YxXxy&ZQU(8GKc*e(8R!FPsbj<u|#{IV?H8VGjXF%l>ts)DNCw*FN=FLe7
z`VsV1dEp1aW^Vw|YNJ7~!3!mF+Ppe%#B)0Br1NUVG!Qh&)>u2(NP|u7ehniVrp;By
zPWoV7%;&BB1&y#p0FIZ7Z~!={(!q~OF&l7}3l&;km+*;^d}Ce+kbjX?BF8CT4G3xj
z*z;$rW;f6E1f(`eGJ}mQ*%G#Te2tWxq$OFUs+2gMU19WwzgV~kw@KcCCQRRrB=SaA
zs?mIH-MW`}A3s8N7!lq`%kiXS#-c)1d0bwkN@S*-GF3G+Fqv6A!7YcHYm}bu{iH-!
z{LwyZIsRm-rO+T<Lfahr`63_F$^6d|=t1C8OPBWUGIFIk8W8FM-&&Zs@%^XUekbHk
z-Kkt*FC{rb5@*ywYZd{bP+F~9uiex};I=_D*)geyl8D4|(oGPyAqh-*#_GyjB*#lb
z%E`+|XqE_rP2IHXd|Ip(a_sF7%*u{yfj}2}loN1kX5dlm-3@^2mr`-q*!uw%<qOA)
zb-|&})dvz>*UaVv^sj1VRpeRK{n$x`(_Tw#tQW3cWn1}H;_Vx7D{lad31a;id{HjN
zBw+Lf*G&di_@)bAnvkj-uX7a9Q#W!PgLZ`vJ9NGt<4Fj4<ua%CF=EAr)~Wl=>pGJj
zi)Xhuv4v5<U&r_2l{e#d+tc;<P4prgW{c%rn|S6;Q6kSjALlsoRMoUgYnyL%4_f6%
zbYBk$7}t#YCX<DYS!l|}jy89j3_~RHRfXWUYf2Ja3RE69fzy8JVZQO!3LgPJ2MZZ|
zgo@Pdic?pU&Y+kZtL8m9h@VPNE(}PRTvko>;T2@1H6B7DC0WMunZ1jj2LAKB$bE1X
z(NRXAn075M;UGJ1gpz&Sl$++_C-ZBUF7>};WHu90_mcscOIALNp!tSG`qt1E1vQEU
z%hw2|FC1+0>=w{xv;W3rpg0^tC>c?r1+}3Z9EyV8un>S^rOuF!``^Q4l<;F!5z~h0
zFuN|Mpy>v<rf^P9h<!?3n*6H_V++Z@SCcvK_@r|9@e8&^UZTYbiqCPpO-!*y+TP^4
zAe-@T&3C;!tg^p_|G56sQu*V2hQv6NiXV5py2HXVDSDfooh>z=P3p3>pgglew&V-M
zKkqUd6lyMeBZq+c2!4iqxgZNUt!teR@w|gRrjFr?_DfyJ?i^>Z{CICrN!_kib5Lhz
zrNa7sXPbWp1*O?9)zrO|uc@)0e{I**?%M<eg_<tU0dWhzykLVS$rG42dYHU?-K_-+
z<Ju2g2cRe#1tJRBcmb&5g1ne=`3gAzeucMy-UV3j<lEY+>&sBC9^dH79m*B&Kx&+L
z!aHguH!N|UIz??xdLU<RMeiRVbi1&y*=@dVw#i}E=DU<MpCc_`i=}<nX)+`tw%h4h
zUXYn8-(GW+O=D1(n{Z(|dLk_<XIi8De7#Hwn4jeM&L){}TK85%M9q30pMNF&&R4uE
zLIG4)0xt~Ja)DcvnAa?-%a^)J%PV9W^E3<>kArGzrp@i_c|;gF>xxiLQzs|qe>Za>
z-!5OHe|#6{BKdgKlolz^*g1S3M$6b7C)%`!N&iLte)^Zw>nD5BAruF6HuG92`P+5|
z#Ya%+m|4xNQq|QS*3SW5QnOf}rBr>>=rp_wkQl51uuS!1431}eI8Zoa|6hsgWlyhJ
zd=5V8kID_n$xHIfh;sY5&Ybj7`H{xI^<zShQ{-ffUi0PoHeYYZykYl3o*`2~Qr;-P
zW=Za0Lww+@Xt~&O!=%o*HF*pQU~iCOc&t*{tM)MP=ig)^h5F}Yr>s||{9(OE>>`0$
zafiB{sPL=tZv;LJk8g@lXT`Up)H-TE4cT3i|L$y5DnJ~JDuuzmdMGxV7Uf17XKEsY
zL(2qsreq?mec-d7x<%aTQ1#rscU%yu!yH4M`Q|S3IsQv8KFQgtvwqZQWMbpH5Xl7n
z{Sf{D(7?vekjuj_!2`54Z5kgRIhNa}5<~y|{7^}x{5grZO3@`Hz$PA8alpYK%fHBm
zTLT<)wh!>_f^#=)^MSI{9x7_GzaFLB64!|+k`MdTS@O>MVkQ+Cg1vJ~S&<DsJE!TH
z{@UR$>LBZKhS3E{GhRt)`fzw7pwq5;I_TN*-85B+yAF=K^#5FaPX2iG?}gUff}a|?
zUpyoU#EG)#GWiRS=u$J;+l}dfwzfbfDOEn8?9aS^W=`%T`%$-lAA@*H-)$W(Zc&-r
zt@6&-^5`o0GG4wk0X8+s<F6^<o4)d__R}w2tlUohI2fSnYUAegdgH6!A91$zmJ+~?
z^2qx|H;hBVSJPvxtAG6qXm^1R-JQ0yniEpHZmNVI99OcmfB8f@O+7f@>a`Ujm7eLn
zR=&aCzyHz${()>Tj3~(snkuRAIntiq{!@#2w<{0*ytd!DzDs%i=aooo0jfXb-HBXW
z0(U)DfB#<vB&$RR-LnRoe`?@Co|gGPiyM#Ed)-h$3%T<6MhmO@<63#$*r(>P-U?#D
z-j138)LKyUAhKO9E{C}d=w!ipek9st=VU9$XoPHk#>~F|_o}H=kUSg6*Xr}UeHwF6
z3IeVvGp25mW!^1*D&O~%;zju_RelwfP|R2CDkNy~2&8)HG7l|V0bVexM@ZxUm3>F4
zpE^_0%;@V-ffCcvn<);%j1rAEi)!%YcOLyQp}o=WS%czN&w{W4MLDrxtpO#4fq*m@
z8MbUkR}0LnM#Y1c`n!8Bf}*=wkGI_M+>c|N4M!=D1{UtzIa8MjfDeAusHv6C3`VHS
zGYuN5UN_;z@^Z%9oLZv(ped>oDqT!e{RHJ7@%mk$eJNWf#=L)`{QqV9@vvxWYv9js
zYM;Zysdn>=C*w8$!WS0nE2k>%Bh>Ey`v8foO1<7hq!BcT-v!#kv+Id*We(XsQC_0g
zBTxmJ?tl=jlAuoCEQMwb;hYkHYCdU2Ko!1Lz4%N>Zbxj@j`wBT4OPKUCOnyD)e6;_
zF4fmE8&}D#l^viD98W59r&kUR^_t}|i-SHn(>ob67?{2FVVeXfd|55DliXWq-M$&b
zF~O!)aJ@u}EAAu;T#h{~&)F)<#)zbwg|!n1>H^m~!1hDg(r*aYiA!;%#5#)kyxzxU
z-6dg=C2V^JE}HPn|EV^}QKMJcd{R_ttf$sovs2pqDVX@7@EU^6SQH*Qe1M?Gz*N#!
z+V4TYW~$?*py9~(y)PEkqysIB7jKmr<ScS6OV6L-KhI=fnL&r`ac3B~$AmA&x)J`^
zvV`m(@4s6g2XALWs~jr3&e&7J(8l?nrBdNpYTa}h*-}dzE-hxGBhnK7B85%~_<C2z
zx>mjDaWZy)BqRSWW@v2z!ne6{@C_TkxcuVle7&hPi$ThMjUCr>95wX!@wBYhTE^cP
z2ub#m-pQ1nes5pLOv#x)50u^Ph@VRDy-_OX0O#}cNyZr(`LxYWkx)&jl1jp@C2#Xq
z&OCo%IW<GGbuk5Gp{`imC(|EoB(TZlhUcaFETZW@U#V>k^|U2pqk*`BGwcBOe9zF*
zZmRb|lZQ*}cfpvT`r<x!>fqAk4@WT~RB+Gv?2iFK?|FA|E$5$8V06Lpg{|N9Q<XDc
zyIr1KLR2PGeV#wS%Ze5sK1Z$9{T1my4Y@mfMp4+k9Ids0R1fn~eGxIy)wDtD>To#~
z9(7W1WJ8YQc|2C~#NP3x$mgTtuP-8bcUg260iUWz27a$QCUxnm=5+c5l+<0-g&a&S
z3(pN{pe=Vi%psp^nqPZG|5|G|x-+k!l`XQM(0jI*j9W<h^q0~hHV^A5x@_Kf9cV6D
z#U?!qN7lUf$V5w8fc9oV4Cb2B$VO=mA%wanq5z1<rU~<JE>UqnPl5ZS<kk)~HtA_x
zI;bvS1yhs&WGlfJ7?$AiTeu@!z-peE%$Ttwav!PN@>SD9YnA=7#d+V)FA3YC{U6g_
z6egsCiadP#71a|Ln}ZS=U-0G+-c=G(^|NP9p%nmi7?~CG?izM{Ad9p%Sa&YE#y-(H
zzP1u68MIba@K{i4jtd<x_ZDICu{ENITU0LVr4D02=Bs7Xe0f)+0k$dCI^z;0p;o}t
z3tsLcMbL#JQ@gq95%td$KaMr4L%q^fnuX2j`2J*fH133O;l2ZdX)(M9))=t)I@^0P
z(>s$hdp-&`(YR5^hEQv`pA$_G^JxFDo-uhVtt~afgHcc;oT6-~HME*0s3>uN{yaJ0
zXgXin6L(uRe>J3O9+F#Z?Lx&0G3CADX8aPMb)fiK2h~{{WYpF>!Sp`$k?OTaTqjCT
zl{?hc8d%DSgQuG%=77!iN`2y(7?2KlnMsl}pX2;h1m~!s0Ug87Ah$`x8@h6BZ@PvS
zZzcl1qa_o61f-keqob<;C52cz?f0J&$<T5(?T8lf@8vI!e>{tCeQAKFHy#DqDyh&d
z$rnT#&}mB_3;I_;6+hAg!DiRsv`rpI`TJ`h*O`ugpp*>o2D=-21qSM}nb{KNHHB1N
zE5LotB<{;LVv`HQXD=Ur$#r&bX+@+6+4Zxedg}wLUGkQ=>|skZ*E1iLd}bq&LuZ3A
zgE2Z4M#drY++%$$FnzJY+r9OVDvWB~Io(&}1nFr9%kg7Eqn}-gz59%g0R@+k@b~Bn
z>pxClnHaGmr1;RKrufS~Q>c2v$E@%yHNdN}P^5M_q6<VU#dH(98}yznHhlGDmyJ&6
zZt=T@V{M*GvUvCHyQqMzS0Fy)|08heY1tCc5$+`m^_wbOSfpoh{ME-VQ_2n1PE4(|
zB4Nf(QQa<b`73Ap2j}SInD8C_)sDW^Hy{ud3hGc-eXxMrLw;LAh3X+#HEG$BKORA`
zNlXlIlnGS>G6&+kO6L;0deN;@g$GL$eu0iYo3ZeJwbC2dFDDeFCA+<0oJOV3H#;Qt
zStpUJoDk+KlbGeg3kGwyvr+^g1zdi!({a?S4Jej;RFRXEo@k#BSQ02T+@2PgB#m*h
z4bA{$dloku^=0w^A7r^R{ZG3Xz{};6_VE&Y2B{vcI)Nn9KA__W+$txLWawb37(USQ
z^>Ki~*KvmY>ZLl%9>-T)2DKMofh@t6y_}6v9=aLEDj%)^D@+4Cn7=p!rD*G9RjFZ5
z$jZ0C`9o7%Q$xp)p>ZCWEVOF%^+EDFFF>tX9Rj^UmhvFp>PwjEj!q2QF8Thowc^$X
z)^t}eK}*T9u<7#Qurd3K-hyy@9WXLSW-7}_BYW%y19&ZD$ro><y8sJ;R=8k3Tn+d)
z%3NKk;=vlTw38yEP_~JqZ`&0fm-if|taoX*S=vKN;R#LKwe&At^vHS9!<z(V_6i2)
zW9oQy-!bBg{uebLwTH5&w%2&F(xs5dSAwr-WLGrtn@*mpsgJtQf%V1Rsey9&d7&Hj
z)(Adz_AI3uWuEa;I%}wsr#a2aYI9bj^sr#R2JK=$&ZQ}nRkkiFvwGWNgHNR>_pP%r
z>;K~GJ)oM1zIV}31*A7A(gP@hQWT_jB+`*kq<562w9tE3ia|<1s)!Kj2neC~5`uzs
zLIi<GOOO`&@5SH$-M7|T_pUpOwT6LY=FFLWW`F1Gy}u7gx|yl`pV+$<sUo@!BK$v1
zp<jepv+oL)B@5DU3PqP*dtF^${wKlsLbUw)*V>Sz5EHpt9}OH{OU$3<OemyzGnt*+
z{r5T?|0!~3#nVpt@DnggIpdTlP3y=CHh<veGC3;4H3XimT<jUMOyqbY7;*K=M)ECq
z_EXE<Y{@()n5fyoFZpLQV{PG-syxC!84v;YN*Oe-qGO@4{3Wq>#By{K1-_R=MPwY2
zlRd#VJbSAn#eOF_6JSZ4TfkTI+}NW?h36wAMtrWWt|KN@F)NVnkd;&N#N#!}ON<KY
z@sf<RMpQBXzXl-+{&n4!=3K*Lhu*;B4|=J;wJQf4eWkll(d`uNaPMb1rPVsZb1aW7
zXw5<Wd4#FjoI3;Z7&bpANBQuma!wtC=%>;yDN=A6=v~?9F4gXOh9eWBj=ZaEazPFa
zDL_gpu}$!@cVFz$_`~tJ+@OW)|8NbTUF@g^63&Q})F4JCZsOx>L#&l<g@MLttaQ)e
zKV=6R%$eR&4SXJY<HeSJyV;<DQw09<QQ|WU9qG1k-~{QGBWt`pEyajA+u)&wf`fXt
z9p82+BbbTmdHKv6uE7d7R#zE;%9P}|mqM7ci>WK=>;IT(vmRfi9HD-DJr}Z7z}~iP
z51{%*%No0>3)OA-XLQ5~vX~fLpMc-wyi^_Oep`K6{<~-4`r=&n3YI0h4unP}lh#V6
z#Iu3T-U<-$ppo=?9|@2;GftS_1f;9YmrbTmI##VGe)ql7wzY$_Ig7YhuhQ`clX2#}
z8y__-wFWBgiHJ4m+~Y6@b*vd$R^KC|HFJITO`^Q(iCHl<gWFq4Fk||iceh;}qyKdo
zyz2IKM6vrQ-#FoLa^-RXdA8p_iMn=yYF&ZBT2$}Yz+k1(`^<06K!T&3cfMLn?HOA3
z5z3aBtCI(<9Ee3RX3N^~PSsKz;?G0``&9TUj*miB1POTdIp14k0Y85Qe$@O6KE1<7
zid{&3+1D>ANKO9M`7MBq<X>M{$OsPOZ2S~2`sr1NbEE3;3^wifAN25y8L-)q=0Aw8
zC>%|E%hPz=@tFGfF`2th^~p&ZnL^JoZVN@2^l59YdA0X$j!TJq8-BqGjdJhCV8#os
zGS*Livr!FDnDF;8#txYM&uBN}fDm@~qtlcxE&hz^G##$CDjM>A%<0VMk~ZT#;Ujj$
zTLD%l;%?KDkrtZ$f|jBC)xt2@8705W?FE8i^bXnjiL=AG<DvRrE!AkPi;>W)_Yx+Z
zLdrplhT2Y#kUQyqL*gV(@vp36e>v%=2)d*&>sG79WU-~f;osm5#-zq7`*)d{H3v@l
z7I_XCc4w|s$fLlKF0cI0&A}Dz=Q1u~J&>emzE41qHql<e;B-J4O@kRdvI$5A97$Qd
z%2=R^EG|%keCEwXb150~{klDRp?r<(i=1#KhIZenYm?HF>+`Gs>sPQbYh;w-+-_9#
zk2Asm{zR>|s~&7i-F7>c7<;6OG6ezQ)siv9?j>uwD?&cPNc!OR7UOW#5U()PM;QR>
z_|UNjSQb=!!^l0k>N2_*qxTg#cJlPx!_Sk>9GO!fJHdT3>rpHB)^LykX}_<HZkB!+
zB)CK!n_dW|kh<S*ek_-{j6%D*N>B+cPvE>nAESK?WuS}BXb%fTiCOOZd!$Qw({{7%
zJQZ}5+^9lo-rsF|wGM_m-z$*pZb9|4%!@%M3tns93O*gXxi`_=1EU=Ve@4+PjItUA
zzgDJd5uYK-iyJ(+f_v$6z(0F`9IH_~OQiSGwias*v5tAZ+#fcNa@+qVHU*7mD*F25
zG41YDxS?LR`=dYmOe`qGv9$Ww1sxaEIZv(YDz}ELCHa#IDTo**9+xlbe=r=KmZTjk
z3rt1AeKaju{NO%f+|kIiF>{wV+W9z-C4bLqZ+FGJY!C(STB(Y{pqa5b@xbw0FTCX;
zKE`X=@)JB^r!}^rSB=*SSzRK>d0%}mwz@_PTS<!*nG}9;|2SOnXiE~Iz2)X5@%zRH
zeYKs5oyb4*L0<R|9%eM9q`K31#BBH>I{cxVs#3>@0@s3fgo>UTOCT2UD$sRm2(Q<|
zw_wZ0ADk%Lq~7DX_Da0HrNv`Q!iKxs!(3+7Qx4alLEWBOlcHCJ+H;He(Pc68lQGbJ
zZr@T)C8<!OVydtZZF|HOiFqE}c(E4A++3->@^I4L=6r6vi&{f?#(sRK*l;?qFg)@R
z`=8z7(0iZd1=3&`#v3nqPUK&vi{U<Y-xs{T|Mzl+$CN-=8tv|!*;q}ZM)`q&#M+>E
ztUM5E5bdnt{{adT>5(dxM}dIqu-v+^DL8Iu0Y)T_-1&e_bL>DS+P%bq-CRV7v<jc!
zp+NkBemLARItTZ$W~K08ij+L~Vue>|;52N!Yogf2{On70|2#zN<L;9Vl->7Q^DOV*
z)m2Ypte>V1L-bmOR~y&c;>4Z3lQwMMF)4dwnl#NU?4Gzoxz-TxEjxG`A!eLEA$1IX
z<mM+kzv6{EhYXfo*0O782=%F*t8#akUfyRl$9lU`1lK;IGoU4gM27F&-@f<F+o0d|
zWIfSt_9RLF=O>wEN!6FVm8Hw<e^^(P8osWQX2IL5Gz3?~bq<=S*#hHyI-_H6B<kq*
zGi@xT<NUobacP^dj)wyRB8#a>An`Vu)H_{K4^|ZG0t=eKw2hfACmQ|p9svhGtcrAn
z8Elje!+#@kcCnA@73dr_rI^6Mzq3m)+0nj%w}sRhr6|wFWwe~s-dm;>+0HIyjb;fb
z1g(5R@WVSqy%lz3Ohp=uAsy(Y!Tvauf9-hKQXhY^ap3z^MlE3rRLdDcNdY9DEey<=
zcaq4VSZQy1)L<$=zQy~NhjD;}QHZgWkycG{%(kk@ox`%>cdLwlu$VLXtZ4H7k0GE;
z^@NFKpM;ZU`40Sh;GA`HjhC?#n{GVCL$#{umP!RDxM#LACvqZx@bN4l-hoz!H>9im
zUq#Uj82oAiOae9*N8uKi8r_0s%pR#5Q!e=+krRtGP`5kMAi;#QB}8i=S-Cr#F$FkU
zf5rkxS^~Z+=sVXMfZI*nP>lQwjEUBwzP0}G(36>*+?+`GV?LgXu98@gHsWJ49&JwT
z6Q@;6p-DvU5?UwnZIV@4ey=?w%WYNlSCxaPs;b~tc+iKw_^$uWEVGCtu^+I&tjD*G
z$50o!-E~W+dHi1t{roe+yV@#QxZy|3Y={{`^h2h}SIvu<ImF3L#F;n}_j?HuB=)5M
zg07Z>WsXnSj#VS$C&N~b4&+CHa_?=?ONh9Q>IaXHP0DHS3Pj07h6){JG8R?0#Ie~c
z5zer=eTz&DMT4Kk>$NF6Cbk#=@csHsa&A4-+u1jF9l+8Yz|dF?vszY>MRuC@ZFuR+
zFK`x&eC<i<m)gJT7V}t1^@#Vk69D5izKc5<g#=6_+T<x6;!ZgLH>lP>q!nA?rcd_#
z3;~>sw1&Ez9Djxs66G^@o~xgXYP=uk5AQjg$WJ_wSw5N)47p!o0K!N<5~Mt2x?%hw
zF6h&<*Saya{!iqw){Nmqu?p}gi9z4zNGCwZ?P&T>Tr9@vXPc*<69xXAJ4J=;giW=C
zg_-*!oYFgOL2&92tZb!Pxxmq0nX5zAy$N(V&xtzzY0$UCq4lg$;GRA&q0)mmc}S|l
z=E3a<ovy7j&IqX)kixg8&EK4D5ms*H*@2eZ{QCnB6x_c2G~d;gkPozq{T=GkxW8Hr
zjbWFV^x5-Sj$?wC-VU@IhnSU4ee>(;%_0rNjaO+`{QN+7Gb3nmz)6!K=x}uFE}kR=
zPi89fmCdxBy{=!>0c3tdCj56L6{@Y^o7hKKZnMGE^1)02uk}U@JqqtQ{24ud5^+!{
zW2yr>6XU4W<}VjYrBaK{D;a!6^pjw)TEe>N1%l8|h<Z?R`TI3aR2;j})5Q}_f{)Dl
zLxfQc?*xgCz9dq=Ew6%^iiM;1U8;zXNE|iG<^g8one5&SCeqJeyw*ExBTv&n+BdZZ
za&ylL8eXhgq*n`kH6r+%+yrd-Cbox&K!{uPfPDdW8e^4plAGD0Dr<Lf(eh0-DA)s-
zwff6wjfiKT4huT<68(4MQ;l9&CLnr1clxTCL0C1`kD=Zz0aDt7=Z)w4#XD&<+hqn3
zVY70Mcf4;2*Vf^$BDWCiy~W?gNTSUGB(7|N!44d$gU+{YucCsr4(JbIs7d@RWRiBF
zGZ>IG^)}DMDKlLR{)Lu9ilb!cMrVhtlnK|+pfg>)<HKw{vv=gY5%YX8#7W-iWE3sx
zgXCxqQ|=pElz~siee;TSmkXk%pYkD&@26HGEu-a4b{cI<Dkm{GJhn#wUmSJ2h!+-B
zz$--3r`lbR|1IsZmV0c9#cH4TKy~y!4)>=o=yyABbMQ!kh)b!IfGo8{+0NyP5BeMv
z8P4@8L9SDQDb}ywvp830bk|sEiEwe*?HXw#yognBhuks@fbtIz@6M@&G9-eC6(@Hw
zQF5c$V**1M3NdGkE#ZYCG8H`S!uI<(96j6s`tg1GqpGG6V6eHk4F^-N8iNb94k^6%
zH4B?A;E93|HB{VZrxBRymM2IfNQ-J;^s`^c_@TRso1pw0lCpO9mdt<|>H^;#UWHDi
zeD>}g{}&GUV_-6I;`oIPAiydfIf+?5<<@_5YJ4Gqr?2)E-SZZ6-VYzWQ2F<XS5AH8
zW`L^^<`@lno(L&=e^Arvu>0Tc?|b6?ybYJ0`BeJPezKg({~*lQwODevX>*V}(>ha?
z43h9Wm9kRO5KX3%QT?rb6eKe8=<4v|!QsK)>LsDO$OzIYho2O>ES`_(1+%e%!O4<C
zl3=r&zzY3$Sr;-<erxX86UdR3q+1HpCHCLGvGA_BTpybqUu;^b#LJvlzoB|u0wiH_
zBoaIjHvrir79VzaLGUU)hY&jEFx8#4lSW-(*nqR}ivpYrvN&lQ{)N$zoE`#s6*{v~
z?lvo2_Qtf>!hOnGDxv^6q9{6|aCmEwrQagTiW(+fTwiQKRV&WqM8!mPN1UA4S;Qek
zu7!;%8r^EK?|K<o6mk4+6nOoTIKC)p7;g}H#Ch#>ScG)SKC;K5RhM@ILPYa3ZmC6f
zL5rDK>I%aMfU9buII40A77AT0Q!3&JAvT&{6?IM6B2-_79$~QkX9cJ;94-vIcO9N3
z5=jDt4gYKMJ6&x%9K&{p1h;!(bC9?WneJ1m?EveH^+aigd|IQ(d;@X)p4(ZZ^uc0G
zhp3G9ezRVW)(sSlr3T@!k=<{DTKELBTo(-*ovu&{^f{3#c-V*f8s@j`jja}tko6CH
zJ29Fi&kl9G*?*VHZY9y{HyITr&Q@fEb56l){(GBw3uxXgW-b__prH+GaxT$V*esA{
zU*TtY(W01DLKXPFWPtxg!E}jw<16yL2hKmH-Ck!Qe0&Vs&;>mnPt?3@g`3s*&4<SG
zT?FFIb$6F!^;b57j_$;pWfB=cewWWxob23c5`AX4^g|Z=2)F=gFBC>_XO&VNp%)56
z{dU(ZYwCAC2W^wX#C&NNU~-0k0{phJg7%hk+P}ujD2gNGfE5n8X(P(5mhDG$T^DFb
z>yyCwXLtVG`+zWQ-_iR9U-yAN@o}4xZQlv98BE_=g!mw;-)gjaw`QswT=HJ?C6Qda
zPIq;0ognrJt(F}Ar1HWw$i5hz$&|p@dGd?7CdLCoaUxCAFR)!Bm@}DDic&un{v9ut
z#|eJ?$S6N;j2}ME`6_AOMcAXeEG;YO@}V8hURA&PHLtuKi7?WBeC0{|Vk2B4L$()D
z8mJwZ^xaa3GD4QWd8JuBhXYPs_&74g+L>p~zb%5~R~Dy4`soCpbpsf<md$e~P<+gf
zm=rxu(fA`TbhNvDZWeo!W@hy<ym7iFT$nUcXsyYg?o!k*XtAK}*kbf>dL#*6JjVH$
zo^_{uxuJsp*g1Ql&-pwD9{f0Dy{<tu*Y3}JklqBoNl|+CwmAB;;DfAW>B{fY?T;$m
zf4F&Ws#EAkg{z#`=(B7X(#x}+U(?grJ~J5cfro8!ZdItc%7VzDx<V?;ANflrcofsG
zLq=R*beHVlUU!g3yDofzF3FO;&LXXU^CWl9=ejpB%~rnoFm~_9t;5fXDj0-fhX03k
zC`cI4<Sr@?jBS#U5$He}zG8k#;)XKx0|@{gLByJ5B;Nzjvsak*I@9?{x6XIHz;`fw
zn5_*~hUi-0P>|?D*DJjHGF~xf+wt+)l^y51ft8I2C&ETsF4ZTn!PjlW0*(Dmrkhm4
z7Dp_DjM0M6%FBxO<4-e~R(~;6KMfSC@sPw|#M(cR+XSF*ON92jH8}hk4BT|D{BSdE
zB`L25C_Ca{S|n!l0^L8aHvyGn75BDwR9S3zF6&@bjtlUOt%86<(9PNR?DY{sOTVNo
z)EqTpzx1UHoLu-&eB-qm@sutUFh=f<Kb>wu9zJ+KARh>>Ec(GI6W1KLk=OXc8a6-Q
zzpc^}u9O@ImB^T_Hz?^LzbRx7Rn+S}E%-#v`}Tq0i=gS$qPM#=ynE808{u<F8Oh|q
z!572*0!FsxNznx|WM(Ff7Ebcn^-50?<8;EsZ4701ZP>p*RJzsCtI?m8#_H8O>NX_J
zEPoJ4cfu<O6NODTTC#jpCQ}ITJ1CE%`!+q|_pstjDQi?tG_#F5bDSeYG23T^0z8mJ
z)zdSvU;ofrUov@+j4FL1z-Flm`F&d=osnjfos!Z-T4Dxckp#(x<LPD^pXW;E4gOY=
zTwDIS;(I@d%Rqe7ttk)r>$fGCJuku1sa#ibA;HqE2h-c{K1oZ!{>4Kcl)NAlNaTD%
z34n{eH71E;f4oNSyn+4G`x*p%*Yr{YY?k~K8h;>CW}HY{Vl7y8;TlX~I|;|_(3cQ4
zx@J2u-m@H5O<BY_9FRy}v5p0166JPW<Y1#HQjnVX!YGQUjYlM)*~8n+9*6s)A>B3;
zevn5i=c`d(ISDL2<*3r`d-x)^+l!~G6zUp{kx!<vO#)xqz%W>R2_>!-cZ~l(+nvhz
zZ+tlFs{knFsC*`P%oPkIRS^dGiATc*-b0~%yVpiaTe6&?EV_^OH^dB{ZTUV~*jrd$
z|Ji1e?==fr&m7aY47l3)#?hc|Y8+z%7^&a(xjit+n$^C!;PZ?1=__W7B)xvbv^73V
zsnD{k$g@Zb3Cq85uA0cm^ZJ@RTx(C48>p!9#Yi9uiiBEYZ@Ia5N<djX<>W=5OyMcY
z(ZX$x_dONHIf8n&N94j{|2{D16AjknkRE(m3My~v;k#FFsm*vNLC^_j(AZh<nae8)
zG&5@{a*vPOzqX?PL4msg_k_~U?NMphm9{J(YH8Y^=eUOdX3fEbSG38d??ZT7eyGCk
z4;<Iw<D09?23ZH3tAe_m0L#=NMhA5!u(qYtz(^KF4C#NpF&KPXO+D49dlEA(;yMHR
zisn=OI<qF3VLz#i52lP_)Ejx94Yq7Z7K6i!kvWw5@wCxXpYEzTU+M#ynk6N>!iW8K
z@tbiv^?ok9+A3ZV3=<)a?;K%yP9=}2+5UM>unhzLaQPbW%<n%I_B))1%oczcG_FT^
zm0_C*L2sr|5uu9`(j_KZ!+|r8Q!=*a1VR$Osyg-8<e}f$*2g2%pe0kExS2UXjg^YH
z_DNiJf`Uj&c|?`fVlK`*F|8N&#S+bbC;W%^WPCP3s*a~(@M;(0t(p6AXp(CR-_`y8
zF#PQ6A7<6A-v{=e)sq-i{Ga%D(TA2PU#eDSyojS(gA=pR|GRyIZ2r1Z;cU&7aNmql
z?x@2jtJsH!E8|VBK)~$eR5-k;Q4$yr1dM3%gSgle-(!XrU7`eLsUoOkhSADbtP^KR
z@QnT?LjSo4{2{q4lY_MFu+B~vOcBxk>&-_8Cz>9Ce=C-jHyH=jv`O|BdvDUIj!m==
zFw7N?5&XHsRbOL&^~{SWS7<-iTAVVLXkZ_((vfruyppZuSQUWM5CIG+d2Bs<SQZ6D
z|C!>q=UX3b6-Hd&df5_%71n|8O>uK1=rj{o2U$yDO2@b7_MgvoLY-)fVp&Q_&Q4C<
zJHv1G(|(a2>Km4{k&OS>6l03$f|GD17yLxnT!9?7(Guow6GP<X(eAlA9V;E{w)XSh
z>hf%hqibS<69i(T*baFGvD<4yOEuWIrO(!yjkWpwXiME}v*pMGrNHAb6$6_NL{vo5
z$M=hK|90`{W&9s<=iB7*PTI+ggT#;)i212HbD)wv_fb@{`rNN;Iiqo3LKI?kvyP~-
zpgcFN#rTxMI9`gXPiG{@)Qh!v?il@Vn*$QBYoCQk|IlFUHw_7DeeM6%iw8a4xSTc-
zpxDZ3L~wH#*CV54fIB!nM`k&#tx9*OGZ-l-HOWwoR5wZ24~&kp5pNe@#oRsjc_wR^
zKumUeaV3O@*b%FdsL!>e7`3#t7*5_+BL~4Lu_ZTETyu<bsLEqU-n}0e7Zl9D{ZKV3
zjpQ;o6%^BT#AW!2dY59&|5sRy6#36#Y20)v+P@sav@lBRL`3Pt3sI<Z^axgJ45N>*
z)48h6`3G~a>+p{{&K<g)Og+R7rKs)@?QKMxjT~|}J|4=PK(D&oi_NQ`eMwK1gbLh0
zB-G?-h&}Fg7EFyLV%bWe;x`d4ky!I))w_HMLg1VL_}G)s`AbE$3JAru1<omc!$w#n
zmfiVk)l%k0^BncX?Z!xCP<X%xsxXRqvDCBGL-3T>%5|P+TyMYzQ;ns?z0scn&V}WT
zPk^rx*1-9;=@-m4ITMRskH?wEB^qiLys-WdK?@(d&XC<<+PLMyDMKAkN_S?%#`_B~
zGH+MiUdyz<ZW|@)y~T*yrBAFl-7Z*gK^4$<R;<6z967;l25i3$0xg!KhGEbcDEZ!p
z`LT(t7DAA2Qx48020GqRC{rH8ud87&3gfN2o0B<#7&4q|S+20`&8cXk{<e{O)1`fk
z9QC%E4k2*=NN54lsAp;AhMXoY_@{5~#Zyzk3b+@&8(KCEK5QC(FmB7-S{e%&L^a8J
zy6Zq!w!Vx1(BBg4YeUZr&h)j%)ie)Vf75dp4rt%b!|lAu4(NO7DcvMq-w*gK4!)cC
zR|p@a@&_M^-2aW$>oG)X-lJm6d2t~|lKm&}PfhgG(c)5DiUxDzSDUU(?Q*_yku5|i
zu%(dW7g-PDC>ADa4JpsPgJi4Z3%U(rJQYTaAR|t}4{=Gn5^P>q5Q6=z3ZHRzV!XqT
z#9FSZqlGUNSayb6RoKy8L}kzv3q&U2%4?bX^G3eGC$E+I>vi~Km|STRYp4XSoxW`o
z?P@m;{Cr@PPH_L(UkrNg_kBg4?BYHB*TL{fMz7B&G}FuaAqE%gDs)%=(wK4a)xump
zH+&$$4?8+ad`<Q!-9;IK`2A&M_^Yv^B)|`3eIM4>q3QrP+$T5NMtNAKT#J1NqRX0d
zd9F#6914QLV7X0MM1P$PCVu^q0RBr<Q23lY>T*)1=2Z_Jtst@__@b#WWY#yo^u*`c
z@*B;W!#p|DF+0KS@8323YE1?$EQ@YG3~x8?aS-QcNLC?Z`kg8yzQD1yL*x?|&$jM}
zGlq!O42)HM6t9|XBebJ8>2z>)Y!-SOy%);c%uRNAMYiw23+YA5>j@i<4X|b{1UuPJ
zanqa`Z)@lwJdJW;1YT|ap_B2hgO{XTo#AH}`a~&6+^n)YM03{yfmllBNADIDiiH5x
zX;XeUE_yUCbnGO$yeW?rYZ60+^%uTw$J+8Zs8fMPZfE7S$baKzl*|>G4w_w*^mM6y
z@&0C>rpqX8vUr@JrmfDfgHEgvQ}V*c=d(4Ii#_oVUwwi>`}7xocxT;?hdOBF{GmrA
zX3^XZtTFfCPY^4+RrW-JS--Jf;QrT^hPTeicbMKMq_u_@bawiI+2c4BSX`RKj#_sA
zIB*yX$D;~^?oyH$MNZ10a{>q$C2S{ZJt;x{|MuLBg>AzMVfN5H`7Y<V&#n=RDM<e%
ztUbuw^sevlH`FTn*j;_r(|zU$X^P+LT#<p8Hr-#ijU3@#daz=Pk$8*qT*!(A0g*`L
z_`<*I{1>BFZ}^B(LlV5F)jPRmx#<y5&mw1Dh_KRwWPe#g;kt`~H2BeI<u1G3EQ{MX
zZBFw;!}$?v4mH%$=BNqH%D~FF*J{(~=4c^uQmF;BDhbpY6{4GixO3lcg4Bh06zR2C
zerq9-Jw4f(jg#HT%x91wYd>;Zs2ap=J+ZTMX&pLiMYM+Hzr^|YKD2pHt?{;sBvy!S
z0iMm%>r=ax7|+=HwD!*(9Dn$@w`mMb@^b`xhwBV_&?!6HZCj8_XAP)3m}iiWC=oI{
z7E<s6ZRpwURS*n2m6o?u7FGe5mP1S$jOl>hccx5g(Zrmf6cBSN!Ilsit#@&--*wYy
z{qpqE^Ls{^6{!ou3>(;-jA}@*B;y@Qj>DNXc<XU>)~>Ygpv0qD2)-+poTNB1J%)f+
zHo|{1G=YKL#H7fzECIwt6EUiB0)BRr_M=$q1&*(nF5}l-zW5!o6#|S19H16FemjNB
z{@tDv4dpa6`lfIAN2MsAl8^8=kQo<?yDS1iQw0e9DrZZ^k*QxYN!~KDnTqQ$QB(B+
zsf6AV1K-50A(IV|O}pRC=X(G0s_*-#k9dTPTA4TiP~w<*`PRmT=-SL|EGWPl&)Y%S
z@g6@?Ntu}pZfeG5{bGiQl7?p<7!(XILqXkHlSK|J2akoQ>U;a{G_Va={Yw=DYp6~X
zcgw8!UBAEBI@=1tsDw^Mo?B)u5dKz=O2sqGfGre13=`e|>(IRdr$IL>n6BH00CnHI
z|B$o@XXHH&ACwfVU?FCiOd>I=LRn|3?Qjw{b87aR03iXY|Dp`A@sRx4*>BZ*9m&^&
z{^zWC=F67$^MIF~Mf-fq%phSit<-vA<9&2EX=7+%QmPdWK)rK)Bw#Yn@hj8pWamkg
z^i5Kl$EiA`BWuKvHrVW`)|rrss@*%c?s!6DLUX@t(SIJ`yDl~(psuQLc(wW<RplK6
zs3a-*yRr$7p)}Fljh(1ex67+<beUIc4uL_H`<KU}MFrd!qaN@P)`}iVDyYE~_H6I)
z`sJxhU|rHN#J3JMrZjt@c*)IA1cznt3}fDvE-!@-LZ?XN@S~JI!-QZS4JD(z2fr7^
zQj$~3#8UX7;ZN{{CB=t#x`PO3*9;kBc%0nKIS4pt0OlrnrO(H~=W;%|Pa`&ZPTvy>
zIGcO%y<0Wo?F`t2?a?DJn-&C<42g1A^|+q<JiUjZ_qD+DQ;|gMSp5wLw_}<-z8-!J
z+^&hZ1Roz`rZj1F0n|Xg>YmQC^NuI-o=4Yd_8AAmppT&wEtC6H>XADyg1Z6(mx{#@
zFTP50Q}9Id*LKQJA^fdzSjNn-)}qDDqYV1(tee3LGC?@h*Ct_#ena}(Z=YqesdrL}
zq;riI&@R2O=AW_73PA?U+5~oX5I|pX^PzaV&fxgyhn!M31V=n*tc1+<)Rk5yc4QA}
z*STZnT1$Ca3~FaV9_t^h8`t9oGyH_~%0}W-+^RMS3WlEaI;%aK%eLwU{y|@7?$+Sd
zztMQezFKGvU}bG)q+qp>Yf^6zmmU4dS%cdWYMT>gUZr~`>25W$w<AoExxE~dWaanb
zaZg_m1K07N8t!ph1Q;P~tN*19_`Y9Urxz(T&Mm3&Zd5AY%|zOJ;yoI2%hoS&W*MPB
zP1suKw}17wUzSsJsbrSNv2>*`{VfAoM*f0|z~=rTl2y4i=w)SJ|8wzJ54Naw{?olW
z7D%yuL~8u@_tvmw5Le2l>Jmf0VlK`F3x}21p{LUJPh;O$73%C7cc-Cg?lTjUW<FUQ
zO`NV<O|)qyyiWLiiW$c}THHKYY>VOzFn`s-C9|9H%+hbr@Qfw&+HQ9qcYQ8abz(Pt
z{uRG)Z|BLqSNFs(3nPLQAMja-SuG@mNGuE?@{l-Fut4;wi6H$lL&~CmUUxP|XtqfO
znZ19`C%iA22%CPwDmNnyb3HD%-E>|1(*5y;cVTAi>j;69cs2uh(CR0jcTGaxU3f$!
z4)KFTMNUd@r;2BEfych<#lvF^7bx^tVJ6cG3{h0MsQjOa)xLrl5mSPIr=;*qW{}Da
z?SDAnpT|Is!J%sM5E(^S=Xz|*jcLw&<Y=z+jRjb-EB+oe(34mY@+hx6OjHh>n_l?r
z0{-;z;Uepcr>6HxTNetu#^E8tI)&Dy5XdhB-ehJ@dI#RP;T3XHk^{ydZdW(l=B_}2
z@JCwnyHJ|tb8l5Xhs^1?Qjv|(mBp^3-+4MX3XL$tqWY5QkB$kmz1u4{In2*t9YQ{7
zb1I&GTbphtD;vVEkL-$gV;{M;zQ0xT;#SKE#5T<Y{j?+dF$%rzQa}_B+Z5x}O1mv4
zwkR#y;7SQ5ycUFLmpRYlIc6$PLUF!LadY)FlIHslW;SBmqKyOCTMON42!+RU@;_>A
zH1&~vw1FE6nF^w>OX32#fwC2iE#>#Y9?0`U1Y)9u&ThCs&rVB^a_>F|fXu>lwOnm+
z!-toyqjB*8rPd<d%(4UBJ7DiuuDBo@GPO^&KU?yjw+o8ul?hU6p+Od}TkrFH*2V^+
zTUNmVi>oCgqW;YzrFjpz?aAzJR&?a_0Fui?P?%eTe~%$UgpFEtQzo#Mxp-=Y(D4pk
zK*jqdADvaHW?+mQOAJ*xe}YoN^$hy;{pb0Y*y-*9yE=>QwkR3;R5;NW{eO?N7yvdU
z1&Q|jftN!K4`pPwRIvV?SV-Z7zx9VVqGN?;J7JxL*>e7mvZeK%-gtN*F1mI?{w@#t
zzkJZug=vyuwno5~+7A_jT0si{K1~@bnDnOFg^bK@=Z2%uBO;C@L}0?TXv^G(f37n!
z>2sWnB&{?;jk!kk%Rn8nlbkO5`Ic;>tD56)eUm^t-?(twnoHrq+ZpMgfsP4aDOKj(
zyQF~EeU>+8kmLjU8kLSkJhZ>=f-*(p_b2%^n5#*d3LwKBrjoio4=gn{;z(ZGIDVm!
z{*z>Am57sjS#uvF^64>uwy;;nEauh({?Q~LT=t`dAf1WM-mRDGlm)co&_5%N&3A-e
zK6AS1Asemz%<;QNo8cN<zm<<Er}AgTo~ydkm)np4&V*Lo=jL8{P;Reqmx@CDF5ATU
zh&<%zK;BN4X#Q0JHz%bje?o&9r<4OT3x^=42;Z%^({XW0_?Y9@k>+1?hDmaV)rj%w
zLWxO1aI%ZwhY2`Jb;*lK6oyfH#rHvvmWeh6*fjj&9Iv=Pn;!o55VI1J8=CQ5+_&xX
zam$youIC3YH=4R4RpkCUF!uv!j<2r%V!I2DJKczt?7W9jykkUskXsBXJ;`0R?e~yG
z?Mv&Dui~GO8Fr|AG9y+vo89VGyt*jBtA>RW@;eBH?(W-gH_iUTIfUk;iV3c)hkvF*
zJ5FExTzV@_20Lu%M;dsZtdok}&GQfwlWj-_Xv{;0ilZRtI&{bh>JWZuyO7YWc@Xn0
zIYkVfc&Cy9{qm-fB0YUvlFSy#=wqLymScP?rcSlv;G&<Ls*0aY`^mH%rn~i`#$)bT
zQP+{@2ACGi#=Fo%|MW$l^>P%btDf$7%|khh$Te`%MLwkE6-|08jNos|CjU*92lIO`
zPa@L3Co+;51Y}tQ@#jHq;CL0DrL2f_<pqV+&?jTVP^S;<Dw31o<;0Hoh{qK96GKVi
z*gu>33p|$_4|ju9`-pZ91?>xbA-};mN+$GHq5m7*Eo&rpQU=?t0~do!0V|mqsXVgg
z22LBo&dS(AhW>0SHswefpE8E4^T&e7r`f>90m@5%=KX6u=*$j(^hBP|v@9)7{I&0h
zhiaAa6Wa!T!Z3^uu|7-vkAm&jgMQ^!XF3T!o8xm5M#`?m^Diqi9n;`Vkk>n8xclD7
z;Nbv_ky=zoUR9!?0zqBC@rKn;nuN-_1$1egBIW$P0z&T;L_YICMyS;dNsdY!%q;Y3
z;x`bVnW&jqZVxPc^lsKLah$VrDaf*^$k)?Kgi$S1+JW(-_s;TtgAW^q_vM1aoHBGi
zy_#?tHJE$tEbh$N0{doZJ1E@;GuT|GLunwKn_OlM(POVTG)diqjusTQ?pCM6d#J2t
zwUV9}B1unr(TK%`Hep~QMUFL0_-?+Z-^xy%o~VznV%xh>PRSuh0pg0x3-5{Aw9zFS
z+_#Dph)o61<)deIet`wVv(ioK)jQ|6Jp+Ry&^thXc4_q-Lv}#s4d&uIK>fipVW9fV
z={46SfNsf-P6Qy=&wD->t8zG=p~XdTu%m5X8Edc;r0I$+YV(hMGLaB*0YexVx?pVt
z2X3i1ULzaaUo?!Tj?G9sKJ$Ir=xjB<b#Rm7!)|TpA%>3Q&~3%?<5JC!w`TJ)ii*F2
ze3Zv8RPyzdDL~+p!$t21aFpOEg3ry?b6cNn;ib82%&@&MF)iA5y%c;RpR%`mE?z1+
zYP0ClFntsM)vu~5qlpV?w&(ggSp9s3^8STJ%dX3UV@HYT7~1)C71w#t)@gW%z(+u4
z`Doz(d}Sd+0+?C%hQBlood5ql0#Vvt5DTco?jQ1RpfPh{=pNDlE^1gNPu!-rR;H{X
z0^hoa?1jJ<(=CXsP6~^k^;SqunSL2X|I&W1{iB?a5Fr*zoA|Af_f<#L=m+Fq|9bxo
zv%=l6$ZX>$LvVwErUW*pp`_AyOZiw|I_Vds@9&N-#C;P`aP4@t->>I{o=-;UJzL(B
zxm&bRYu8&urtMp$AWV8@VljIh(8XLZfxGuGH$8Dh8~m&pBW0esU7o%BIR07A&*h;4
zjqxh?`^A+G^<nqFPw^)<obwKF=<aSln&TylW4OOB==K`dj*8qTyAiEYz~c6~eXs8E
z$)kRUxq^F)GP2C;m2O1BT{py`YT8a9uAp-{c}mR{gmTS8==znvY)C6RlC5oAlrvEO
z^66D5*3V_}P{K}&Zrp~<Ve1uOQhvDyKsIjr3jjFBz5?7RaGkWlan(I+aWOD^pK4b0
z`b!uNx92Sg2-Wr>`N|zETg$Z%B-xqxJ*g6LLC9()J_o)s;=nXa>Vu~M$=YBPV8;J-
zgqM-NzWB5AvhY#aSINfD;dbERScDtS)_n$*AaV**33yUWKj|7lm<2xAIeZ)%xQAW@
zZ!GuxpPn9h_lvSf^X3UisC+%!8R?7F&8ie(;Qr_Ml=sO@{Ye!_#WnL9_fYBOW=%B$
za{Z6x$;n3N1MlEfEdn+;Y3%grI&}dP6rf9$SP2He0crrHXKVQ-B=RYblhU1@h8q6-
zwk~HnqV}{-qgF3E+ikG<e(5_7SnRf%#$7GJlo?rJ^wX~?t~X;p1nj*IP|{`)RpG`K
z)XT-M$bCcMZ~?fjH@7r2+_TA;+Q=#4xXQ(^%urGnx>lidTooC~EpyQ-^rryb_WCMx
zi`a;6iM7{PW^>&f+}4mpF$fIA%OSio0uO_5Cl&4pY2Qr}Dn=>|CS862_is$yBm@%?
zc^!%`ws?a)!**^Gk{01`4>5QeG(a+P!GUQjIwE(S2gC#UI9$LmXsoRX>;c@IteYfK
z84|iW2~m(@RY=y(1a@cc4|OI@LxjPX>N<;pnTyU;4Xpu9=DRd-ct!Gi4B8#T*ZN@+
zvA5DZQFK;w8uE8%ZU=R7wR9i=5K)t>*a~<O_IHZgY^O%xP*bd^7rVz-H0DaG10X4m
z>b$~l;4yei9k$zc(yk+WG6UW+JKG%%0u)$31(Gc8FwQneGknQ=l56R&ev+yy;vxe8
zOe!4{uJHJ?i>t7ji@A#9*-P0QH91^rY-GE{siz6pOpPW+=;y(c^$!bmR5EK<6{Ic$
z(EuY=W&7NT9|qSUk8ziJXZX6f%cb9kTc-d3V>Fw}cnQ$3X);4|m(P*taNG)j2C&pS
z01?_uX4M;>f`#~MF}RFwaUvT1yW<BwtiM0by!n*12cVX-_@kLmQG9fp&4P1twFh6P
z(xPoqbJWWiNA(@RLVFrK6oC)NMn&ulhhUb{dHDf+FX3=OvE*!U^v=f{wuDdHWT=_p
zzlR&g*`FsiyW>+b#Q>!0<b_uiU8?OqweK#oRU_DD#}M5<N%*kXnwsuBKt0IW+B!1a
z&H~^5kS`%#=`m%f(afH`($N_aORxd}0y`Hw7ptdTD#{U87$Z!SDsOn$UxM%s9tVeC
z0o15l796HmgwE#cl!Lm3mv2+gB=f0+73*Tlk<u^j*T^FIiPb?md^|OY6P=wmr^W>p
z${#z=RWy+4aQZ40^dx(jLtndf9IY8hyIE>CRVp?G#YDSXn7d5VN=g)TfO^R1;tZgS
zQ%W*vt{#8U1EX>;?&~U<PLw1pi5eETTlsCe=yLSob_*2?(pvU6^7qnKnhZYk&~S6!
zArdZ^(v4_=WlVqOubgE(UVJTwv^@;_K7{l2Sug+ek=}!IHXCK7_@N27rPbu46)$b2
zSUnmj;uJql4O@I%O-h?6MJHcb>+SUM!)#nYtGB30*?7AgQ~ORkZf|VQrj32PeFvCr
zOJ`-f)GAV{^}f>%z^fW-F$Um>g>RWWrU+hVGr6Bdp%^NMaR-}$?L=eiLOusR(gtHp
zrUZKaTrd;{=02soJgoV%rM!yiCJlbTn43b8ej{@GXFB&|HRQ1?+U}3sGq=aJEZqXH
zDms4z2R$fb8&a(MX7tebbPc=186rl$#w<>(%{gG@=S{JD9&A@`=k=)|{hD4qN^kto
zdg%%HME0KLwx;Xo0lvmIcYHO<W${TY?g2uj3S>uBSY20<Q5%0c*|?G86~4MMb7Bp9
zu<MJ>X_b+|+1SP3cK#AtpH|hjBq!C`B5Z&T!1x9+9kWq>NBt(4VR-2%%^sQ>-a4cR
z^vl*1s3OG*9&%^jKp&52XX-l6Oumgp2-EP>emogF4TsUd8b1$`>r@CCYaW-W|4OiJ
z$o1WQ7x8t6X|;gvOWS5<|9crxtMT?uy|$EYIb9xf@k4P&3O)<DA#dkh4!;NCGgauq
zSHIw;|9tNL|Ll2?C^uKIi!RA-It`pz|K|b>@=rs6xH5%A?R4&eje^}>*0ZL2OJI5A
z`x~*EQYim8(Lh&emriEKRBBn$fYTR9^{*!ptwFDCPu%Qf4{)GdS@?BVFRbt@$>1-V
z-i==joogh#Dncu~>{JC~UpC>2&D%0ths#S=6qaM7)n7I<f1U<Bu)p1@qO4b$ehcRG
zhFmU?%GS>23nedPG}i&*y7Qc~DeQw{ov)M5fnQ#+Ej_)SRn|R3`a)GC!1(W+z(+Tf
zo5TX$kNGKDz2`*DE%?)rCq}gDbm<}mx7g>Xz%@41GWs(sXaNSA#}RuTrgpZl_qQya
zUx$sn`Fr%2Q=K&Y-uTEX;6R6Hk~imFbM*48W8r2XM)JD{RKt-UCKCuQmAOZrqfe_;
zqYz^8x~ovJW~8+St!x+#05FH1<K+sMIzxRL7m>Zu<N^-$jyIjHp3l#k&x^C)q-3Xy
z?fnb_V*SgHwuqFWz#@gv!s!l(0*Ew35hdvwx+S>U0g_+dk|gTZ2S6F)1*pK}j@lgR
zqa2yq92)<QHM5B^xHjp>39OJ7{KPDtRsaAX1H>!kl~U=_0jQM%uts;MKtPbK?G%XA
zNC_{$qCoWEA@2Xq3N#^l@6Sd&^2857)hx2ofAK8;q6Y4{8={~=h!lm-h8>6f2p=Ng
z0FZ*n3gy55vka)w{iT%YT+R-{4hoX~?+?TuT>vo@vV|Ui>VBsNW)1t7L)8wy;eL%q
z`FYA?{H0yzB`K)};!_hPq{!r*TPCibFS+g*Ld@$dJDbZysh}k<zTaj)Y(+vMiahVG
z4XKolOoVoF96T1Q{C9e#|JgtBmw~~+R?L7fp;&l)*8R*Gn`hlsSBv-&fd)u~@3vS=
z{PysEjm#$MO)K*}x+l!{!Ok*bGA+F96UO|+m8g5+F9m}Y&V?<)i%whz$^QRFyEqB<
zjLM(5eqAiPa1wq>0=R4RD1QJT%t^)%0Fb~LAdt|rX%B$ZVnO4QYqhy@5P}u&eUrCp
zEgJALX5G%1Y|gWs0Wb_J0YB87_B8{L9+$L~k{AO3GiDFN#+MF#3wr=J$|?ajRF&M|
zBx}(xPwR`qyKwwmr8^r>OL(o-=!|Ir%EmMF#tdeFo_!KEDCmww1z4|&T11%qvGg{2
z$bf~7pV{vKKGg;kNw9}kEd>cdz#=+(;t3t28-YgRGv+`;%MN&@pMINA#d-=T*XN$5
z7<-N7%NZJZBZ+(Q^XXt0<XAOATG0oZs{t<=8iiQ7?cL;;GXf5A$B2S=;RA3abnDxn
z-|Q1B!p_pQIOjl^;K9>4GY!K5zdG(0%!cOrAGtvaZQL-kLuH|~**jiNgqn9}pNH>(
zbR4KT=4TxMq65*o{1qFRAqBdkz4Lc3O9xwSL@yo5mH|@$8iLPrZu7kk5va6Pb0Or!
z)rLZvl5~24uHebAe0U|iseph@nzr>UEWmfQbsbi3IFww$t5Pe~FFA@6wzn@Vvcgll
z^6e2DFjDep04+e^%=hn6ad%cYX6EGDNEoqu<aEBWjS0SMPA75iK#lQb$x9axsG`)>
z&8-W*#rnuM7T6uU^}$_OT6r|1;sus4*MAqq+$9edi|pH+<(l9nMDvj<|DxjeJ_pEV
z%Fb|`RAUSx)~<m(mj_XLb>u0Pg85}0Dao1uYF*HA$Hf)l^l(xMcYZYs@jSeZQ9RGo
zGJ6L$HZk$MHB~#&irb4!ftmti%zoPW2VWsBj*!@>J1hGa-OXmqX1s4z6SROzK!vzn
zrTq}z>xkH@SQ;8)C*($T5D1-TE4J4w9h*nKCKHEpKljf!!0K!!zX;J=nSaw8F%aCP
z#6{SM45eE%H4sXAlijM};PhJHR8h`|oTz)g3WQFufhhn#03jXZKlZbpxOX$Kg<oTy
zI>xFEI8%}80yC+B%sLIHk$#Z@wIcT4^|_>_z*y|uMzd!mepEVIikxdom7Qgs%Z<kY
z#-|M4$5vI@O!98#RoqP_Hj$wlg0emgKf|>VEOH}`n~GxjuV%moCT28rWXq}=kNBu=
zpNG0PQ>q5MT=5J=e~j>@av4p)xs;sj7JOjDwjnt56>CQ;Uo88$c^4#fw!Gp58giqX
zK#JCo){uL`K&s=|;g1RhU#33}^DMW%E|fLHk%bh1KKm-<<g7sI^NGZ|ZJo_QUaPIT
ze-&FlrT6D2`5M1nDG&}Cr;~AAkda73x5e<g(6(3rnKzxk;e_LVmpAVGXbBACAK7?c
zDE@+fTM<yeQLu=9wHwx2zBj)-A>!a-H?M@s0@f^1iw3z$I}M0HymsoxgXi4raE0|J
zGwaA;90C!57GY&?n>ICnWHadZqusk!y1{2h(HT7cVasr@EoZuL=`}=usiJ*%r@hwy
z)3hzMO7qj&y0RNKD6b6+ny?<&Bmb*)WG?b^9?WaAGd}rYlE97|VmH0DQh9gw?9aDo
zLI)Go4O=>6dW#KXp(Z7p&I0?0$;?5^^Ikr04S#I&#82(5Z9)Kh7qZ#jwJrbp%=-&c
zbbGgpvM7CmJ47~+d-o#yHG5ZkyViq-r(FuQ5k{*KiPLpmL0w;1<rzZ{gSV}go8%zo
zdpZQMQ1SDr%u7vhl+be#%!0-1bqACPW-7!n@_hC~skrJVxdX9`nX>S?{zR(Cn``dq
z#swr-SmR09-ofWC?B}}scfiK~-p=BsVD*1K;2--fz{VI}0;NR~6&-Q7L!zM2Ke-rq
z7&7`6tQv_NWd;Frz%jJL^6C#%qKt~iahev6MzTdmjKqIr5>H~3N1dFb@gT_-?Sbto
z<h>-y+Jq_0xek^4zM$b5ojoRS#8(H%>6Ot5P{5*{KKv}Dq!jLIMg;d-!94Q?ZMG$F
zSTY{{r+8}f44YdsZfQ=7$T5N~kIhWBZzz7?G**d(pNe_3(*ZHln^0iu<vn93XZS^~
zt#ENdW@#bOHOtCY#;;+kUn9Ut&P`U-o^pDEdGL92Ta0WD=SvT~y_T)akD}Ylx`@PC
z)bAF=a|ZOqN?M9Et$=B!3^}8JUz(ll;V3YMpFH(oL8&aw)|TkjiQ`jk8&$Z$padZP
zmWAKh=^)_oztJmUgug39&#VTZ1_H8LP*7dwP>4IRKW`Km#sG^H3sG3Z4^XRj4ka2+
zmf{=$=9>3uWp5|}RAn`v>JwPi*v!brzbUl@yd>&3<rdgU0z27K6g1>Z!L|i*5T6QM
zs_b(q!M9<S8a%RcUw<N~tZEvYS%b{yWohnwtoNow+#kw`nU?%DpE>o#wc1jHF<R2o
z^^-|`bK`e9=pCz;#pi%Qr|6&{xBkx%TWDYcj@4SCCa1x&+Wa2dn}xWW_i?)|xPBi5
zcZ>IuP9H5h9fzzZ#MNillOliVo<r|4M^J!wId@ColFnX1(AZCt<t$e}9R;<lPYHWI
znFy+YI4U(VB5(nlBp|Dq;$To(fg6+n+PE7-&Gjk&j7bZs=D-Y)1Q0_3<xmhngE2O-
zCsA{B10#Z0Mkl*;-GNv0!|UV4In-GlsWfOgl^_a6%7h|c#ZllpEhvZy0017Mj(1SU
z*eYN?dK-6v3G3`|`$yA!PCVa#ZI!r#j<K0BlDyV{$LbS2t?Yc-wpMgrM}3%XzFReE
zCj+jsI#KM%!)0-_Q|lrdHkG^8x^kCy349TG<Nxe?{(oWMkWA9Uf9vyt|IS!1kcYh^
z+9Zx&bmxj+c%+E!0|4k3N$TQbGzV!qN{Mg*00{01FA6)H<dXm}SiA=Si2Mz7TOK!3
z0erV+h`r*s^PnNCG(@d_5e~kGKvar})hQawZ%i7{+p~XrSNg7Q2v`!U3)O!-|B`ut
zUd!iZd(~7kICLdH0R7jnwm-1(GW)c&A;emu%k2L6%lXpvtO!(Lh^b>sUqycvfAX4>
ztu7EsxgZXlF)IZ_DKpc`(?iszZkZ&bTTT*A>4`!II3MC1TMS;~Ym|d-UAJArfSL8!
z-WQr37zp~v`D|ASXG7g=n5QhQ^#`*p$nst<ru~G&Eh6C+IkMacnkU?T-&=F<>y4NB
z$XO7@v%w&kpEl`J8m+J9-pdW%xv$GKe$c#kRs_Cd&JL3<3z4poJ<w$O`o_=^Eaqam
z_bWS&C5U^V(sdN#m*et8Vm)UF^um}?^83*CCReq0PY!Sp3}z|9DXd)lnQg7Tkb@kH
z<tJCBy1`RafbV|)y?BDTA-BGKj`!)G?+N*s)QO+ykrts^ioExAZu~gAN~GztW@1?D
zF5<70m{YP-J{+D}j>QxctE6n^BDhz=@p$^*Smnvs*po-zzAGfLE?l!iOIGCN(Ni3&
zNBs-+7yY;_UH0q3BGaLvA09H2M9xF)H^!v2_3Q?m7evb1u+W{!M+AIG?P-A9*&ou3
zVn=4DSTSP28*poHhq5_I4Riw89|pj96GFF4#{9oe-I#m=kG+%s5?*;H?V<?nIawGs
zhbeTsCjCMn1~^Je0fK>ev_K}4r6=-4B`BD6%H$FF5g4pTT%@o@O{#2O>~x%=uI8Ti
ztag8TL=1iFsaMeYQ(jou*0zUrb%uvv2P1n}1<8rV2?EB3`yU`8A!m6x5sh6fU&1=~
zoH4^+JngeyUICy~1<%E9)GrM@BB^oM`Vse};Gxs2V6_F8AIVTMW6STRVDK|t6K#P|
z-${kD2@|Zne^L><|6bSem#Hx2xfwo(d}3xrd1~b+g_OLw^|taq3@K|j3S&wy!Zn<@
zGyu^>9i8E!SBK+~+!$2g$E}b<H?Ga%W+JcwYXyyk?Z1+y>v1`r_pK>Bj54Jv6HC5R
z84E8fgCEu@Pqy!3G5(WXI}F89yjPd@U#Wocl;>ygz4r*k-pN<8pn=8C8_NA#CSWEh
ztr;^g+ry=c!%p8Q-$MT+>&^N$d?yw@V;@Vc>j<xyd|r!TzQoJ;=Z(G<b)T$zg`M+H
zlPv6nJ#lrn^;$fxRqi`!eMR@1ch0{^ApfwxUx7sw_-8?Q_7l%s&>oDlBiFg}`;xev
zhs)lUA1LJh339DvD;2kwKT3@#{mSh&0<m+<5~AN*2p;cXKc2FpXgPM-nyYH(4tN%T
zD1iF^KkU7CSQFd&FCIEbQv{SMNbl0So8Ccc=tvEn0D%Muc<3Na=^beT0-^U1Hi-0q
z^qv6Hq$EKRu<dhx@$B=xXP<MQ``_=sd*3I|%xd$lch;KBteMYSmRuCyXnAhtr(P56
zHwv`-Cz;ljCD=e6mVknH<0XeL=Qnq?PHAKc&74bPOJO}`dZzs7IKc_fIlrEfMn}gM
zGJ;C*B0WnBx+R!ID`kgG3EIMRye!QMwX;BSB|T(dDsW-H%|G1RvKHP8$_bGq#^qVl
z81RzY;>h1v>Q*>fSw<p~(36#K4fO8PWO#axg;?>X|HjnF{I`eCZ9RHe#id1;r8TAb
zZrzr*ThWuSKv+1W<up#`ZCd6_h<Ne&y?Hpk<t1R6q4y|I4&<vVV<GcKL_kC|#|R`*
zRGfRi{SM`n2a|xb`0|$Ubg{e1WO0TUn_g<Jr-FQKKrTC<)kAm9J0-dn4?Sf9io|3+
z*VAO>)=Tp0>}wP<i#!n`b+e|Lw`%3n6__&w;ylO1P5GBK?($fA@Xs&GEo8WMP0IL+
zvk~nG+{dTdy@Y+@wHlH#a>Nb1awzmROdD3SGvsNSfj%4Jj`D&E$*i=xI_@3jhVh~b
z;)27A$!rwt0+dtYqdw!N2;r@VvR(orG)V$?EcqSy+l>tE7Q}?<fjS-eEJpc8mR91m
ze)IW8ehYp9uO&nR)AX#F9gM`QOLdF=n8w`;rUMErm+M~h=XA1{dP$_&E!lgz&lvPr
zIU4y{n094~JBk?7JhUFOHx7J2N_9inTYnMr{oJ#0y8HLi<&FN1Ca~_u4OIazt_i2u
z`Wk_mC$4AgBZx<{wY&$H{;7ElO%UG?1*Vmmw>NnfbOu<zu#y$YX1v*)8FB2BG-<Pv
zW66%{ax3jI-!LOoxa)Tb`C4uWc_@VUV4V3SP3-gs?_VGX<l>fF038z!dt$;KXU&N1
zv)7Ymif)*bTrA9v*Jj$YduBrq>3-|H^vTO5uabw81+g8xdCL0}h0<4A+AW5^3E96d
zEpOk=$}RKq!0C^_w`BJ^X2{eDxjhgcmHRu$Th<oinv^DuzMYQc`5F;r$1qE)=BX9e
zPj!p53waqRFoqHki7AV+ISy#fv5P7a{(7oi>jrYm-}R^Du&lJNu`%bZOt_Gmask8P
zY9zSV=ZxTr)o|r-Yh8b8Ws2a3>`1;A^X1hYw~<i>v2g({Hc1gu^XA$~rL*K5Rq`O*
zUK2EHWYTR8%Qc}(u+SB^?G3v#{3e6$L^%;MFy2_}y42tyDE9>;$O7R?3u!#h4_ho|
z9?U^M^280K)gtoWeZpxLD(E-~z-YYg-p29Kdo(e$Z#G@cDxVI@8GZuZqcOr`T;IHe
zkrkJG?+O$6P9o_I4$&=HzNm>r28hi>JmBirzdeQ<iTZqUqcgHi{Ugg(wI{R?EYzRC
z;KwFy-ld$uc0W&BJO|8G$jYi&+wQ*&_A_XxHqe{Yn*>KriYVbL7^L2&>pG%pb-g8f
zB%gP~<J;02R-0^KNm)jz9V<(ZI@0J(XKjNI<TzEgN+8uI+@|3oI(NF!lBy0tFa6`+
zhF`j0CWMve8moO;T@Lp2D43sa4T7N8h_S1S6x&>ipE%k_EhkUDDaxzsdr(o6^;?k5
z7#V5!4<A5u&)aCGhmQrXc-|&T053}wzTfiD9*4DxX3I}rV+IiWFk%evj(~y4(OdYW
zgV&|pnavEJ9GY}Qch~1N<;6_>?36c7V@6GP4OkSA5|uEhNWFs3O1FokNjAo>I8J)B
zQ+a=N>DsmOt7QM$;>rzOy~0=L`L^@a8@9+Lu#Li}i~*}Lo6pe30iy(8ev6OPYxn&2
zhI%)Mo@SIj9Jk8%cgl)N1M88GK$oTxH|d`BmP}8ALm%kz_W84{49GZ!0@AGg0?kHE
zlr}Oy5Ig9$lX2-=&Nvez6H@Kz?2n40H=h2;ntsyqqno5>JyOLwCtoIC_+r^2YLo6#
z%2vm8c~cn_05Pyn`WgYh%}1YHo<^&IYH61Fp(+*#%CalB^TT`#32iD97JknEHQpVa
z+CkZ(Zg|_+J&&b4;hu#$5+;!gWMQz`M#>Mo5B5;CQp?fLdB@fv8vmJZxFDKLO_PR#
zqECUqHaT8lO!?(pgGtJNfdaSX>U*U_lHXHX6}?{=w{^SirFB{??QN>}83=aCt)~f3
zUp;m|6s0IN?{2=v`;k#ztIt#+O(zBl5tUagszsMW$jCZT_t`tv+3e9$HEAP-j``Zz
zr?9cBDtpY^3KwLDnK~9$7^Kv}s{6HNZPq_$kz<5Pi=sRQ6dS0m_drWLt4m?&@mhqm
zZrmn%_gbCd3i=w^9fl0*4X~*=XHg9nc}tpN&2;k7s!7+eKGw@STs^4k!k2#8^z@=y
z^UFi`(n0HuM28cb(gewn%^Pq=(ov1k%hurW47<>HNRN}PSLltBMHlVw(Pj!;V>{1a
zM90Cy;F7Z^ff#dtkw**ndMag_4>y>Qx7I{#K)oAfh?r-QpGvV6Uvp8SPc!3n4Vm?B
zKlh@e2}%#vBUl;U)fG)^gy&6PBdzX_)>|Xx7IL|R<=gJClfTp@kF9pd_VllzF%waB
zv^RZx=AwA`EJl5ZT-`obHdAEo=jr&P1aK%vk&!dm%?|Ro)95ufp;R&HnO4Q1{U`vq
z=I&a9l9ASZ;Huo+!e+pQbG<s^weNo~$#)3N>Qy#By>o2A8RH5P2_E7F%ed6@nOhqK
zW4Rn}$hTeWs3L1iaf!m+t}S6AUgFH6O)vOz`Y8&%LbTYd(^q*F?uaDshgzG&ufEXZ
zJo=4Uy~2Ud{G%nIC9(Ux+kw=J>7JhRirUW|IkF<RhL$|~QEda`!GnWoECv#Cr)QQ5
zru3v>`#t!rW{%)T5Tm(!yOJ$|&Vv}zGcM{%<3x17woCw0Jv>V<$#l;Wm2-ScBcO?T
z?`<7trSHRmwdRs4Wbh^*IAF)}%uRRrhUG~prdAvTH9a&`;VmVHW}%d-b~So(Gz^#k
zX2P!wqsvozuJOLPho62N1vLKtDCwZ&`;S+?jY2%VDn2Q1@)SOXJZWmF$Wc~TU6$H7
zulyN(F?f30Jvr?UsgiZWr{WlhP93-2a2&Ok0mVzj1pq(H-xlO@I6FI+%y0}TouqM2
zt$Urdy;?vj{d|ZdPQ53IlN&HvOCnEdL9VgIf8SayI{g!iV)K`~u0!}0%HaI?E}OZ4
zY2_krjJMxFzb1VoS0RPE*j=r$2TY*Q1&<)Q$$J4@UD03bR$VJ`Yh<Ar%I%v7Rs<Z3
z(yCFbZqc)Wk>#Hr;(B3b?YqY6Ue{w|o_ZyE{i^}p{dR5s0{+_rhY9^=UH6Kr9Qrzs
zq<Os#FtslO@u2T!h^?*bL)W+)Q!Ku|RmN&J{PwQiHA0r%tNRt}^L@3J2dpHCs{6mY
zl*zmA<J@wzJkZ+N>{r!aa(vbYpNPqT>3fI931PvyeBd&8yAGqr3I)1VkES|9g|NuV
zG@Gn_JFYj#Nijc+)x7(B?tYz`-i7lG-FZ`^{DVQ?tOQ!=2K)RV`r~-=(MUE$N`og4
zw66U^bJVV7zKuJ6eC^jKnkbpr2r2O4d?>cEiRIQJ?>Q!h$?9F#X_-HU=mNz;ejqk#
z*IJo=ey(3K4t$z9K;K<(cJHP9o4e|W`8Q(KKrUQ+ISMZ3#{99aqe;bF>nJMUfL>xQ
zk6Y`TuTtx((d+rmfHP_?MO_V7-yCE5L1A34Pkbu*QRV6Y<q2uDF@4nK)2>tvTzjvq
z1ZwL99&YUNh<z_$#U{OG@Dugqn1f7E2hk@?u?DW{y|Z5<wW>$Bd0W?@Z4->NaR!6G
zGXFxfzfld5K8+BwjO-)1Kd76#S?;oe=~|_ZXM09)BY2TD@43DNN5w~LvS<1wH;R*C
z$&>6~KR>I8y%7N=f8ogV`wUgdjNA)!%wR?7C0$xU=}H)r=((1&N>GB+b8AUP0lP<E
zlcJy(qMy~461X3EAO%5q$+3b-w%#>SrC?Fj0Urm!S6sP4Wt4ehHo^-Tj+^z;4U)MQ
zs-=?W<{j?BP|)*7UKobH#^$rjmC||6a;t%gZ<grlGvHITf@_az=Y*I16M#Pb>G&v9
z|EjR*1Ib$V54}--uZL#mSh0;$EhC5NB8lAVpgDdah39-*#>tZG2QG>%hney2VX1+W
z@=iDtvlY{j4?cbbsNyP2>=E>+-pyR^UT^sD)S&jhP1U6Y^04|hkk=->ba_o(!oe=Y
zUJ*CDCUOWbz8KONAEtTrMBeP`qO)QRIG%1QXqbdo$eWME?BtHR+nvU^u6Vn#t><H{
z_v;%ZqO>1Jw_1tE8&aq7DD_Zu{UlTy`+iE@5qQ4TJY-zX(CJOVrM$8c7(CWPoz^1Y
z+!t`DEMjAV&S`f^E%nj(l=!G4v-Z}(^jSuY{KM*^B+CmSnttb57yZZ;txw)=)Fbgn
zHXr7uSoBIHSF(%qqs}Y%Ub=kXo|s%R)%zgbztC6QKn!u0W2bk7ahtO5YAk<bM#{49
z>0WOrJBMXIck5mr+io1zqudR4_O!($l^(m(dE{Tk%A6dPG@;c*)bRe=%g@>U)?4-O
z71ZTz%JbSA&Qu9h@!mN#^0aKdix_@yc{s6MSe+W`@=ls(rX>bd6}Ff*!y(*c|FWcb
zSvr{Kq_<1F>L@JR`E3)W3(Mpu&ksu)4b)I`Z^Z!Dgy)Un0qE^!PLZ^!j?;Yl<7IP`
zm%OCA>PNoD!e+YA+}Kgp$5k;Tke<PnLfe<$GvvN~%Wl8-BFz5O1**!?RNLAL-qhv1
z<%%9P4W#Xk5OP#?27-miTefH+5aA1?L0Ght%Rw8HKG*FqX1C8vTHesgH=Oa|GR+7(
zjGv;`xa;}d4$k);!92S6&WxhJ@eNe#I=wt&@A~$s>tJX`t10RPK=$l+`PrYjG7ejR
zTLP{idcU{)`grxP9}n?^(*L9X|3-kM=%2hu{?`EiXTm^(#K<6E{jdEQ{4+z`vWNow
z`~W1pe{%Sf4G(!NF+svZ-2B;&nD|9R#FU4G2k=k&b0&#uT>ugu0Mnmk|FLC@{jZ~m
zwQO-k|77x4t|Uf(Ihs5cV8{coZul!FCgw^50I`Bd|2~e15(IK3`mQWa2D$MT7lA<J
zIlmeZB_RrCKy3G`DS0e0|IZS(;^IH+iKTxb_LA6N=Sc~2{ly66#zSOaz+4IV3z7fx
znk82JBDPo(9sqIqLBh)e_(kNghCIX_yN>~REOAdH60f}11<bX?gJOSW|D<2Cknm6l
z|10}{-;V4bew*Dr|ENPWIf4iN_y@(%-_x-kd%M5=t@7pHEC4`*-^PE}oG?6~WRwO!
zBK)pj_WWFKT>HShm>v+A+k~=DLe~VR*i$|FI{Zp0;XHZoo(se%1=dD8cNI>c!d%)-
zzhL-rQ>NY2e>XItyogz@!XQEePRdoB$~|exdtB5~vlDT0XH^L@s7Q?GRT5k7$|38Z
zyb+(o`v#uFfLb$$sZZmze}6>A9~p`AS)l$ggWWPD3kb1yB?*4&49Bv;=*ZqOO!;!T
zk|XZ;F6C>>DL?GH&u7>^dFl0zGLAqs{QS;cReH0q{;Jg5)kie?3XK69aW1tG$;%M`
z=@^3T1GjBfK(Yuq|9!1T-{qdf4Q>^WPMIQ{noWBq;wo6xqCc!eddkkiB9p)=6dt~1
z7W~u)ADLV|71jkR7x(;iZPTyc>?)SsleEnEnD6p(l9k7lEZ&3kr$uKyeWvoe+=C=$
zUZ<G4Y?9x_2l_4w2KchIVwP(^y@{VvOiZt4fYS;r@^5P9Z7n4(yt`kclrh{a1$whU
zsherAu9J#wnAT8LB_+3I^n*Pct>j^Xt5bh_b}9S^H0Ft#K&)T{_nnGR)NQeqAoJQ-
z9oaB}DA$g%V0G*JdNm%;ar3)~3K#t~h1Xtf+5^`54V5u$3Xsi}m(5;PiFdLpwJKyP
zeIwb5G|z-Uog%p-bf}!svtG;JloP=4Rkb-w{Vg|5^V>dja~Y{x1_}K+0Y4@zZ%>Dz
zj@~10zbsAck!6B+s`fpF*$J-tj)nuQ475^pZktx=Pv%a<QE8WVZv}^*z_}ts4If6d
zk{U#f^1Z``HoRzl$wueSaHde?F6CUN51(E>lrAbaJ_i2WYf26NII<0^Q6svH;o=%#
zkGR;_(Z6%3HTeA&J4qYr8JJZ+r`??V+XMC{Q;pC^B)l)hBs&Lna@A1DmBpcYF+dX5
zkA*H0^1J9Om0V2<x*%6f2NQJ;&0}w2-r?o9V^Q>a=FhObDM<j?X879(8^#B8vz*xP
zf0US%XwzJej}z_7t#2RRK=vx2EXB_<W1`jP9`VjeD?R7dz@i8HcfbYB0uL`4>6D8!
zXCtfK&p&b)x36)_QaFeIKx^QoIF<HwddtMWkY`g@34EtshR(m|U>#90pLGz}bt`3}
ze~71-HP>(>adnXQCs}{=2$6*@_I?Kg-Ia&7sK1N2b-gzto@L0ZziP-6J5Wc^FU<Fe
zkWI2Y5^6Z4)K8A07MHAF!p38~+wEr`Z#t#VaA^2xeez}R`?#z!$=W?y*C%_<yME<e
zu17yf%}K%*BUhY%XilHlY@p?pfO9t*jDIRbVA4_z4<90(U6I*o$U1>LTC+$dKec|7
z*7bv$g{af`CcBAtdh({S>VpDf<X7IwZy4!g2ZgxXRoi<X1y-|yKf+kMw{p?%l<qLs
zKk`YHZJ^6eHL9wu=6j={TLFHi4*8a6^gG@{^zTzTO-2GwEuY(dn-+Nb-9q#q#DdF*
zZ=TTTG*#&|2{5&8SKIs`R=sPqx|*)i&v|b9&O-E?aQ-u5wA!!4osocx7gNi$fF1Er
zHk~GdaDKROehjgcf~ob?LiFu(+Y1X(Vn?5eTjBiZX#r<uqu+_luk(yL{>dnkSej>q
z6wdz}vGgBkbD&|~Dp>OY-*9Ea&F*a$W|DvWq>j}F(0;v<DKhqc6)j9VBksv)2wV8D
z#opCB5zAQl{Tos5sUeBkKp4PIPufBE=Yt{Z?&b~;G0A-ESDvhS2#s=Oj-k{504PW_
z0+Wbk?7zxe8UO$lVj^baGFIZ0m>|*}4Q8go%3CCjl>mS+pb|hrRI-c(2$LP7RY)m+
z#9k}w+FWHuGq#aGh^cx~<Jj4f85SOJR^4Du6-$YN9~v+geOK=r^<XRC1p_`Z+AdAV
zWXQrXgs{<yeuCoNn!>0FRxxzQ=0FInRry$c{TM*+yc?a$;HLBa%VZ(;>;3zpNcqcG
z&SzX8)Lh?r=$<Nv-PRqk9)3Uyim`#3jL>wXIue!hP#rGYa&DvIhqTWg!e8OvX0`$D
zHhk5ht$yK#i(z=9qmlsMjX1q$PcJr`kG$*Q93#KK)uIYx*yo_zaCGgF3u4TnYU7S#
zBF$zbYa=x`x@ry2WW~hD6BxQ*!-uKr6Ao@`IuT-V5sv`Jb=_xY&djeV0{1KJw_ow!
z=6Y{Hpctm|b;+w=jYkG@1AvUFnr#egRj{~SlEd>TtGbp=Tax*nZ8Z{-ZTR55xR6SJ
zOh$^4698|a0RT_|!h}h$iON-#B%<8wKJ>zXTls)SW>F2sU*rE@guA9g;W5l@o1LO$
z+yJ_Y`K4#CZ7ivWNo0JM$k{70*+hi%td<|~knvDf7*z8LHv%S!Yl@0S9a5uen%E3L
z5&6nPYF=RgJ%Bw*qv2)zLlHjVVZOU}^}gOLHatAfOWDp#PPH+NY!DR_5fQabwPAkp
zg~@>bx0h;dNwpHsee~8>+}E3o{2Ep`bnLd+t5<Y&t5;asS=+4x+ie1LyEz=hee+p6
zr5hHy{q?$m)el)KS+kiom^S`sml<}n(OU*C`>pQ#hcwE2Sab(|?m-0R_iX`1(;dkC
zS=iTC)BVyAEHyqWEF3-nG7E%WGpjs%je|scv!hRU!zzNs!`dMs4AD2<43vnkUIq#`
ztY$X*z0<8_Vof*j;`bW($CJ<hu>B5^`-kjV<HbfrC*j9WiEkPA)z2Q@Gd39xU^JWO
z4H2+D^&Q~PXdf=pHD~i=gq6?l4Qye{F@mXA9&>QV%efGnKt~&3Esr6!;ml425_7Zj
zzKlnMhE!vv2`t(AKz?r@eSmnPb~SkV?pjAj`M6wz|7dRsb81sMFf(F^zAPRb=5mhE
zA56c1(u@e3aU7|s=M#*qu-6|Q_QpvEF2;6c4Q?Xr09Mdqo_N|3^^f|@hQ&zbId*D(
z8X}Q083JA==4crLNVN>fnQW+K+tLB)T)QI2roU4@vd3c~LW#?40;65@9Rds%yz`+z
zxvVM;Uw&9$qP{AXla8$krpfrp?K(;p#(=&0mkOWCis-g*{yMasX3!w3NyX*Vs@V+I
zrAY?RMF!`y1a$(VwfMPxI!5>|=U$%ki^s>+7aqpSYJDz)YpTe2JRUzxOLR>RkpCMv
zGJR;XR3PdP3ivvA5#+w3O-;VdquJExC(pS;$L{v$fuO@UZ|-E64OV;?>`>nKo9#x^
z;aOqp(2rOCPi>-*b4L+W%5%YhA7#f%fR#(xwWr-k*%)jmf#{C?wC@H{xM=CQLez%X
ze>*l=$H6fSYT3Td#^vKGe&m+EZI}r-j4FY&d^I~0_I#w2$OER13iRwo&n0eqkHbra
zdZ%+%F>WuUS3Ad)Mv|nH?>7q~%0JX6iHPWWYT#>gn<R2H{fI`zz6hA!36A}#L<nNf
zMpMhs+}vS|MK>VOLEbNIv&JUVVL7nrP8TsMm;16`_tYw=JnBYyPF5P>QHHA}FW*oN
zHP}hm4f0-vpO-$SxigOt=QpYCU~5?e+Gc(0IGORhasGMwS=>(nmMflN4|;Fq0_KJ1
zgp65;5Tk2~5<&Jx%VGt@2eruw2b1)B7Hg#&-s~PT;j1^(gU(o5w!72@yBX3)e|Wz#
zS@#}#k_&l!-~Ubl|2Bayyuf}6TeV>8{}N*;dlV3s;rV%{kZF&zDW2K?A<>h}pXBzm
zWPZw|SfN8B`w{<eQSo!OmH<q1LUW1f>`EVB?D`RZhWMR7iHj?I5!8(U_8!|dFR2`x
zJBv1M#eK~te|%8;8>!`k=OT<}y1aipHwYEr{b6X}CPJrE``bgy2klHRFR#8`Uj7jy
z_V@P`e_tQ_Tj%fBVKRby9`<sd%=)PY&sPK@#qqgrnJSV=nYT;1s&VX`k8I||gJ4`E
z?@G2+RP09$2u%ZAax~<x7`EQYa-^72ABVH8dewNqDANdG#x+Nmg5A(-D4w9OqqhYH
z3CQw?Dyf78Saw9=(J@nW36)!~wHdwYF|ttF^KG!VVzGQvZ)Yzovgf<P7F=4Sm@gYE
z#dxppvfhJ3$h1l%xWmwm(xNTsluEuBQkJg-^RzE<u0a6{S~i=_tT8J{jLL$1X`vY0
zzEn(A%3tx0TR65#N-phS^FweM?s(q$sKj3tD%cuymgm2D)Y(0IX^-<O#bS1(x@Ti>
z1X~xpD@zngzX-837b8&CV@hx1bq7D&mP!@EcS~0p+^etFUh>4Q?rWI63JeDQ_+<&m
z#|G>LzqvgI3_8&|<DBko;-$`};V`PV<;=hY4bWU!waO-*cWBjxNpY45^MKq8_9|B*
z-0Nj!xu`YCBZwA<57fQz-+$K4c0I;sUd}3XG<G^`9UZ81EbWrDm5r>(TQON6#wRgj
zaK~u7)Et8aer7{KqT}m3)l3Puecr_zJpQD-c?taS%A>x#dM}r217UFmxuE{`g5*e@
zz>sf=tik%6R>Lc`dtO*Q0ro<AgD06_D@FrvU)Kt)j4a<ZMl-dX*3^f!86%{qp57V5
z`B@e;A@ZH+{EG{?7M(iIx>-dDPld}RdZ0Td&a2KVVv#8_jagn$kJla!CT5mRa6O!j
zugX}47}VyaMNAn#jBDB$+y^BVzF~1_pY&!psNnAL89*ZKGT68e`<<N-)`yOoD~HZF
ztC*o7R&WzXadA7Ipj>L!$`KxpiGVjaudx1*pkhGOf_oA*$$J_=k2f2O91elWK&Xvq
zN$-FOx-Z^P3_s9vc#pbv4!yMIIR@%g#;@3PJJxdp=OK`&W13D6>{dDqab=^>*c9w?
zfz+B7k=M0gm!*QKbM%JKPPOk!d$~8BQdWF#gWPw?TqswCL1aB-64ga|Dji#s-iXQ6
z;?y_{ef#{Ojokw68JJZw{04?SAHUgMh)iova#Hr%u#I$+co%N7f?4Wo*6tFbnvz&~
z>%i7=*X#&r9Mo18oeo1<+8QLBvS|zHPcJsrJOQiqR4%>kj8e<DaVDE=(L{g@?28*U
zw$yc|(pwf8yG{;Xfj~l|{ZJqGr2zEMy}`xP7TPATtU#%H%(qAfTd*Pq@_SHkMLjHX
z51SGNQ-!7$v(_M|ddp{fel(VDZJXudkAB30zBNwB^v><j?ev%9PY2QOgPMrpSqT+a
z3z0Z{Yw<Z6jqGiiCBV`6GwJR3AdnBR^m_x$>;{Rx!gfEK3vKL24?FL`K;A+4lgLCx
zOn>R}OJkU<tc2Q02!90>B!(PAr9r(aR$Jqw#g{gNJ_g-@MNc@kk+U&=*SmNtn~NL<
zOU&tzVR*q-U+bNj4pAf2IzhJI&=H!yWgA{`BZVQrw~(XQn?aJNTstTi)g4ILT=3OO
zS7(!>I>^+qljujJH_Y!)tnR9(y?)E_!Beg8paBYn#qKAfg+d$dH3EVss3NEsC}hic
zK(m7h$1rMBK2UJoikfpK;BWBwZ^-Ky>l^iR^gZIgl&rt!#$8%u8-%ZG#;HYIO5^c5
zxi*H*ZTsnd<%j0gpPe@?lkum=jgpg){Gln-)@;{SQ09l8Q7L3|DHS9HG_s9emz7l~
zK(;WhM91F{FzmP=bwltyTvH6kMkB8OSexi<t}jK;5Qe<l2yhf3Ea;Q16Xto-W^ka<
zNq&RGy%q1e#NME-z|Oi3{0}ORy=Aj_(;W%hw#C6p6AXIh;JagFadCffaciY#_yYg@
zi5a*qS28I~G7jDIil@u1usl)>(KLrI&lto}CF8zNm<f8N`>oG4PKaa90~OxhKyOg^
z7<g+p?(>xk9BDC#CYpyMq+|+-wk>b$kOPgVt>q1>S|ZLQZ<dQuYM1x5=uP9tcO{6J
z0lBF^_0RTg1>p%Ykia95Li4mtc<&+}*E1DZn-e&QM!Z87AG0*eLd49%nzhA~B?o>;
zU&ZU0-j`~d{&2gd^f@eSQ7T+t%w1)ckzAi84r`PU<l?cZ>TlZ?A1&)=V^j-^5mP$i
zt_m_V+7#}#^*X&`Rw$G>mps(C)SNr*7^k24oo|G@U)E+oIjAY(YtT?hRzNfSeoA<T
z%*qbv{Di*@+%Vd>D1Z~lSL~_=4sIf**AjHuBm+Ns^(cFYyi%=l+r@!98BBV80>!LI
z#E-_=wH8X+?Yc+>Je^6FL+(kkztv|6hZ^bO8<Pz#%~pNC6gJoz$ge`Hyn_Z_xu8t#
zG0lZBFQ5fDAj8+s`y}y?{O`mAXvlMD_+LJGzHganYca<t3zMt7k%ff_K*VJ44nyQm
zk11Rh(XFnnq+_=_3nz`1A+kmX7_a^!D1HSJO@gC9qlb#4;Pcfb2fP=Dm{RN<Gr@IM
zlgp@EPmU}riB9RXBkkJP#%X!|`jiQ*THlEw1bzITj==i=&0D>72m-y;)I#`MC-Q3r
z`?Xk1vGN?=!PMx+TYd3#%QiB93T73E!KislJ7b*#Pj$fzBMjdCH(Y_ZuayR`4aiDn
zaWbG$59Kdvt2>#Sh~}6my%N-M|J-Hg+Jp*D99sVnsc<q5VZj`(VjCcaJxPmAa+@rk
zU$<=PUqN>s%NJ`Ir(JEW?Wa#)-$V<Ga&E?~Q_b2A5#YZ^uK=6W-ouH@zi+tfo}uzR
zj;8h-ZEk|(+;(;^FPUrr-v>jXci9Pc8MgtNBy6h$qRWr}p^1r!cVzn?)E4t<&oNV&
zSy%I+53sC?h|{yostlW8sSt-q@6mOJ1>kZJ(T&g{`!rJUvcTOq&FEuCGDhx)stS!t
zGEm&d#;<dR)qSXico(DcB3PB+__OZiH=L;F>G^g>&x{JkUU$VWX6eZhEmG{(xfsY|
zKL*e;la0qpUyvM6lVk!SDp?h%v}1Qw{<Y&E9Rqx-q>Bcy|IoNUPnAaE;TopIKvvZz
zZqCRKm>8ydB~1AjX8*+#;Ew}%XmATtWX8?!DlsGvw`-{RkUao!M_2xp*?;jQY3=%_
zB#^RWMrP9S;g7+bRNAg~mE3Y9FJc*gY2Fsmp^3`4kg_A<OC!lAVuXW_0QS|Pc>u|W
zPFc2XG(q;!?jZ(@zs{iLAgdY<=Aw^tkA<O53Sp74Yny=aST*y%R7A{EJ_e|L(~zzV
z#kb(cl5bFH$lu{ZpZ-fK%E$9N^2A=9S6#&e7%~qrPi@gRMYPNykk@6|O~@>q0BZ>k
zIF6j-zEOTQw<C+4AR}5Ip@{(r;Mh3;1<?g#ESWtF7BdIIxD2ht{*MqN&IA~i7~6X8
zxNCZAvlY2Gay$(Jd3V|;6Q#j@7@viq2&gmU?_tDFQ%Hux6e!Y2_BHN*b;j(Rwf!1I
zVq=Kxe@+V7E~Ok%tRtZ04Gi8E29}joE>6(^d<?}A;MkAEtZH%IKj-`&thE~k{p(b;
zQGh%OqmXSLyJYY4i6ec!3izb)ude?`0we~r68B363hdAd29x1KHU?;KQ{ki{nO|oW
zBZf7;lq10B{+L((8>9?A@H-rPh;hbz?dX)1tyqI&kEN)z#z%-J3<CZ0iqQH7YeG^!
zCO(UzR$_^Lp|=KigJ6)rFbn4o)o+|pV>10G;b2ALpBXAJ@R}~<w;&{9><J=%rDPH^
zW=(V}1GiRr8h@|4SI9|MmixxKn}Vy^)O>_rkO|s2(=V6M=Pc86eqXS=Zvhh+sJE#F
zWSF2O3opUZ^st^tjuhHC7`F-P8JG-#t3-Cx@?M!}&=gba&qxYx=}%7$d?N!HX3gtp
zwfw|6JT|tvi6zq|HPv8XjQT^$?W%(9)Om=dpM**-m~0Y$ztTv2V=#=u?*41}oN@=1
zG25)4Wxa#I$1j@M_~Q~^iT6s!dVLeSL@KS(Pq~DKrz!PTtDI>Ufo+^%E;q3OK=9Mo
z*|ok4Lrsg6cg~b><w6_u;akrB&1*U*9!=ew#{3r*>dPf@qVRwN?`$Ai?<fR6+q^B*
zyMBhoN=O3}ANJElDtW~wd99>0gx8(1oRXf?o^uKex__UZ!@k};!h5cbn6_-Vxw^$B
zF!Q(r-cg(L#bZg6DaGxy#>sh}heZb5MS2}&aGGGXGJVe+tN$pKH1J@XL1lWbBwxN;
zF(j!pTWVBxz^|Shou-R?*feflbD!B>NP!jtxk6jxU)x~b0e4TUj0M#kq@3RrN}z}6
zapyhdAhMM-*SUeF>oZ%Mh|jDIEn8{%SlQJW!El_Tm2WqT+4#qVO#g#xWJ_-<iZ-k|
zs|>Nvg*TnM8lG!G%`8_jB;QlhbHH^|g6X-;S`!Y<>cpv3-(Z%Dm${EPlqxvPI{n>n
z=tO)ta7X4*L49vrZ{#ArBG97*lL=J0nzqt&4xmbZhsjEsQ#Ga;b2xileUW75)B}{W
zEVk|zYV524elEFt*6k1^pf`TBD`{S^idC;kEwix`e`2)NbR*PQau!bv=C`G%7`lms
zHa%}}c$k@SFW$`Er?@(3dp!bIwNZE4knDs%HPmrQv5y&G2v+S4b7#K0VX7mHm&CC3
z+vb8sx)^9Z!k3(SSX#<AY)bZ=>BdxpC&ozf%Rbq*tJ~&JhZOnXkNo=sWL4^&!Z*ai
zJrqqpA*@ZR75ls6)duzY21Zxvvb^s(G`82buO6xI0astT%sci3oRMom>0esC-o~F+
zJ>0D+Myx=pwp{z|tyW~}?BjF63Tf!!+?E2cECuLrqO7Sh{(}2WWXbhc{NCEzKYHK(
zfedC@DV!2y8yeggSaB;JJdJAU8Zo<8gOoy>lx1J`(NB-J_8Olk*6eTJD62&de7mu-
zYOM<>4mFm~J4hfoy(h6oufu%JY3w^#M2B+!DU{T_c|+f)Z%JDI)K>JoINqOR@5TLT
zMf17HmCU2NFrv}+Jh`iuS~mzQM2MojFYe>c=oo<O4OCj_4#U-PguLKJMc^uR*oAqt
zS%rgnsUK;ikTXkd8FUxTUY2t_WBp{|)O=_30mxXP`%d(vgKR4|(T9a+YE~1c65E+B
zY0~pX0$E|2YPaA?6HGUtv`<mzdWMr4KX(&*^_E6GLN#yenFnPSI=!n?8++kcQ---4
z<FEqQW$_l>yttB1{0)FYmN4mKyM8z<1uU6{AIxJ4aQ&;L7wGiq54v=X)J!qYu5BBv
zlvJYRR!`2%xHbpet<=K}a7opyO;2cnneM8Ea@4oT#a*guDC2MMo}Pn~=<eUH)P&xe
zdn|MD?v~Q$a{1FF({*!GnYPkuFLQ8Z+}!qY@lw9*9cJjqzz?XUXW?^8X*XFm?4yy}
zP2Rz9voq*hB$~@-#x4T}edsLu!Ff#=$Uxy<#9*=^Pb2J?El_&cnopg7+UJ7W=Dm!?
zG`?jr3G_SXgMRWT3|x?O$<w|M>u^lb!8;Wj^$57DM>QY<-M72Gij)<Cf}|MwpOw9M
zWXuz%|L*Q7^=_kJzpdp+4KhXEaePr@B2uf(v$lOzZ=XGr%czOv&TI$0#ON#zrqYij
ze{bUg9Yg7@D@f)0Rl(`>fP|>2MzxZ|URQ8%@l;AZsR{G|kC^^&2Zx^DTnm@9mp5wX
z@pV>WSqvyFQ&JfW6XENQ`r2E~drLi^;zO5@&C<4@SyLkpZ`?T3<$q73kf*AO#&BD<
z^M%o^vlz>s6zjbN=B0a0!10akhumoD4J<s`DLc5J6Rx+r^-+Xm{d`obBC8HE;Xd^i
zPmq1C--iuq=WL$p(mQ0BX{=0sYUI51u&cK@rEHGj*4H$AiAoI%+KJz1uQlP;@|jgX
zu2@pBXsZ!-JnO8O%ZZOEt;~O0?|e3Nylx<HNh^J5+PFJ_?B!nG3N9B6JKzQ17qpkj
zbHgUWN!ZLejC~Ik1bpP7IYL2B`l)&qz8urJ>M0!yp65x>Bej!riKar?0N^6={x?p0
z#)5oXVLTLy`B=DSdZ>=m7SPSt7Y6v#o|9j*$ejkGsfY^rJu0hKb9-e0D$Cz5B*&d*
z24(Ez%1uV-+4E!f$+XCMZLOmvQyLl>2&`8WQFJctE_;g@ANGVHUS6BrWqj8U5h*)n
zTY84noL<#r%NF?$lxxP57kFdX97njodpBp7P<R(@O4OLG)1&4qFRtDX3Uv!G?lcU@
zqC&^Eu#1w16%ce~)xZ0hI>6hExKy0oyIr>F;}umgq`q?6RPnhga*s6>H8BdfF?ed!
zYIbV^wHVtOqp1Ox*VNk6eOi3Y)pkE_5zV(m5$Eca;L;I;fu&@Ux>~(`PZAsT6Sy(r
zp*b{1ey2aEkNhh|`D0lXGr>Slo>bdkx{`?`e0mFo_fm(&G0%-IWGIj6HEC*6*>Nph
zH@0f~f?1m-1Q{eW90H*{HOZGZ=`b$JzP}l?oqSlD^Il3Ua=jfV91+*OhAft*eR=5a
z*ptf5AO9pC1XI8nIydzXh92%n2AI6;5l6q^>4=P)^F@cR9^hf)O2sOMJ6bpR(tR7e
zTi2PY+`E!`8@e{r2k;Hsh@M^L1T1j@fW0Km!woL)ZwFzSwkg+aAZ6cX<Sw1wLd^&f
z043>|!KT5|^yls<RnJVdzO-(4R>xKMC5jnoJGFpW3y`yykTOSu<3rJ8>mD6#QTxb}
ziO8k0;@mL=1<JGc;ULxBkWtN#M3ue?Nlscx(=_w;Vu)d=(|unjNcfmv*6N^;XZJ}y
zNQhOLzxfja^zya0%mOmqa82~5RhEB=+))o-K`bDiTs}m%B{9BBu{go0dpBS<1l^sT
znGH~9@B*@B1vFC7H9PPZy4Dy~^fTtasWyadO$IL!BA_3AA~qHEIyI%wA;2)CX>C`(
zawrcY!(#%A2ewlE5WuW{S~7*CJ}5Ah0)AOuyU*Vpf`OE>?aFZu0B-4H`RxZ(P{5*%
z?(!BEl1iY2paGL8?kwllSh`^rEwvN*vABZo>^YY{QdLXvj}~vH9a&?Un(WciW5|wo
z`_R>SK<{JR52?MvXreQy;%I_uf83O~GrT(pYq-e>U2K(DOT0X$pg@LwR{G*TYiAPb
zEsmLk6g0Q5oz2b)!qm1A)6G*4jq>rioL-mQpBCFJxtXJHH?^rj$LFt3Y>gbauaW{s
z;EQ1}QM__UhhzCL9DBii=JA&B?v_T>i$YYwA{c0xjB%f~kuQ|y&#|GKyA&!-TrOdo
z31aw^W7zDzA-?9I`^pWF#xB}y0f+(!qYy%!PeX?qbkEEy%09W+tIDH|KKV+&jqP||
z%27_k>auTM5u?FxVdXT=+^!D+?rliWtVPIln7NzMhIc@%D4Iu0uCkiN6b&~d;C)`r
zuayZ9%^xoN0yjLeBKiu3ch~%BLU{mOX&aM$9IEEnH=Q{GcKP;luBD46KnX9PxxRp=
z;l=<y>kkF|mOMx8*XvDtE=<pNce%@cM4hcLAv8CoXK@mb>)m!OV=<9YN6&D;pyp)5
z9J9WA5{t^lkB(4x*A*wl0AC}t)S@Zkk}Rc~H8flXV0v`^G9cf3F&&R51STwfrRPS<
z6qC+y!&^Ko2JzI5V=3}IkL;0bh^l&{K~)4mM1rb0poA}!W7xdTrL)Cvrmi^DnNzu~
zm#99Eo@#6G7sMW@9DSb@yBl>~Jo>zBHC8txv{Ue-C10p+Mglk23ww4d)Lw!=_eZ#9
zUWjbT{KW-rOnlPW`1Q}v-LjdjB!{(@PdMHP1A!(&p4wPaU#^k43vQjiz5DTOBs%OS
z@L~r9Ui?Y1y?qbf`S3)>GY^}~c_4_Ry~5x4D}1DFH{4UgQ0x(WM(i_t&lH=>0^!5(
z%}17|XFT>O&wc;V=`GY&PmEn)6`~bRJrAtUTyJ9Z53z5Yu5Bv=2Lk}yDBol(2%C#&
z1pscc7iKuedAd$J1za(x+4~;=@X-+_10F_zh(pv85JA71G6?w0lT9GmWm7CH%{+>a
zpBXLLyts+Ic`3RTq>XGZ&l%>vAV{1c33Gm0p|$B11bOi}47lJEe-79sWX?avxxc4a
zVs2Qej3paV_8J(l)FDR+h#|Po27X=Xx~c@Yz5vi1y5a9-Lcf3xdY7*~1<i^`&<P@l
z2CP05CKf2$V!};X0P=@82#BJWT1=?IK%N`oc8Y@K*^Gh;@f+DQ%=V+%ln11pl;WYr
zg0qw85CA`YX4KU*v!AJ?VFjQJHPtVW1eYs^L<0y<Gqr_yn(TAlG(A*7SxaKWPO8K*
z%m&~DH6LI=Xh$q(%*l+=DF_BCkHLHdki?}>-_W(ID#FtHI-|RAFTui=YqFmHZ<(Ss
zzmOAO*zZZ;XVb`%>$DCuh){g5>9N@{=Djn4Z9A3-5xe5?U}SA>Rqjh-=DxCY%=RX(
za|4#;mfK4eOI8vvQAAuvY?~dZZ>QXs3R{Ev(qP4x9bwan**Dhp(RtZw>KM0}l&v2!
zxQN*s(?3vKD&v3udHie;P6e*GY$8<P_^=<Er?Fv|O%FqBBlSZdjDwowEAs$=?k@5?
z_(s~Ze9e#P;GF!N8MnBnT<eLPiSleGzBQK{hu=I6wMWvGrNoj|zPmyCxArpFf&?N_
zsv4S~Pu6FK+8HEPkL*fX@^an*5)@%2XG1?H{$bFVuW7>{r<JJw;jz$A_I1paroho$
zxeGS{^tG(Uum7lb>y0Dg$uhU94ZP*IXutxCTe`DF7i-WWY8#Wdj)u34pW655R|U0E
zZB_lTOQE@5R1m)MV`e<|K24&ehm7gc#^@WzutKKea2Vw>689pDrLOxZAT_F%c^U0(
z8s7_hMo-D`Arib&f2VmH(@fb4lS@~GmkzJ^2X5AA)V7_)GDZNX;+T8Pj^BZTJhFl>
z0M=AOk}*q^1=os_2+&j;rg?+2^9>07yw;T6rkE}_nPj76`?yf&``PWl<_9(}qIjB9
z{m$9>BM@zB(%{C~SZ}g{Ytx}dG@{6CYPFa1JTLB6FBy1`;69dak&{h{$5A1o#fw-<
zcW&iLiAe{n9^C7<L(4VUyw+RI?}P{!^A`@^T8K^ioe_=&P*OI0Q!697hv0}Mmy$;Z
zTXdHuaKy5m4TrxG|G=zeUn74&%2D@6cgUm>%mD_LJ9}yJIm81oV3!<7|M+!jNle`;
zZ^`y7&!KX=b+&{rm2f0A;3k24VUJ+Psu_9p0v10`m4bRHjpT5=T@A#Z2{~;8;L9v@
zHLad746M{t>nRKfPYnox%{(;~2BDS0Cp-Z6p>f+GIb8mT<>Ud9m)$)a_9dfUUukK2
z`&!0V4udk46rA0Ibo5HdkNh#A!!=T*EBvJivUYHBYKqeK$QI)ipiA4ehA7ZwKTG~x
z)Y`D&9auQXz-DZq%Kaxb)IZQ-wXL@*A=Vifh>95JE6wP2I<VtWq6dL>)RewP*~YbU
zq7*DyJ~hEdqmiKQy`3Sf-;Y*Uv3KX$cO=Hie1cZYw_!U2cmmN0C3&K-G}Vz2p30TQ
z6*^2!>(?3@kV`kKa(#aflogbbvq}0UeYCXstW9`z(cUsZ+_f>>-tLArgi%J^0iBIC
z2VEQ?)_P)R@(@#{sUI+|?#8TTjf1l!&Wp3vL9-wq$`qeVzz>@Ul4Zhloym0N>yPoB
zid8L*d@^_~s97^<P`Q{)I9((1?bSzz0L<XlXLM6rryYfTV7IMN%iCGBE8Q#yVuf8B
z77`n}$!e%jq4)$lZ6f9HI&4;`;VkeYD>YZv^lb8*qk`!!V2>{Fs9^JgrRdXES0~%r
zGm^zXmxFCZYqK+zt!ML6E*_@h+Ol?RAFP>G%l3xP$TV(}dXM*tQxt1zO0$9or^lz(
zR4%BbSFYa_=No{6C@JY|iZEhL?frej`=#EX=>mV#rghIvY7#Mj1?56m-&VqK)aOh7
zM4CMUZ4;a`7UYm)j0DTSC&>?-&|V2|l~1>UBi5Dtrq?o0W|nVk*qe-jX8@Lx&G5R_
zK*aAtdo6>sbKzP$fi!!2`0dA<?Yrcb-yBaKc+%Bj5CT(Z7}creSNxgtMvCT0jQe@E
zk)#Zyj3NFMdJO$)XaA<)oGPr-Wsq#MF_kox8tC^H6U&BPzD{xp!U5zL$6Bj<=&G#2
z6HdfytfRx=u)5PJq>{WD6)FEt0@Sy!LD~tN&1uH=^0$%N+jba2EBXa0S)C6;o%lDi
z0#a|e#qDlzUsd7QKFC&xI=4XG(c40vM{05mYXTr}7_~!YdA74dj$x!titM9_+jqRW
z6)M-n#rRxCvsBT`U+N7w9bCG|>=AxYR^I+*GIvmaPMdxlJ-nWCkPk~?POJALV&jy!
zR(Bb6PPIyq8BhQZ+ypHW*T^2DZx147CKO96e!8vWj}Uv2*razd_OayJqJ4Nf0_O!8
z+_8FL7E+7BL>XVckMIVYOu<h&1nsGYB1SO#JrVuV7Ui9<9^E)BI+dGHzxjdM+kKHT
z$i-&5oU_3@ZRo`G4Lwr`D_d3KbuL<dQPD3~bR2B0wsC_(8Q6-osgUU0;{So=;e32;
zazIJt%&0z>HOYUcxRoZz=Yspw>jcl}9U#7MDhI;NeQ`|+NPBpDgkYNzTTYPJf_{G0
zL1%uX$Qz@nZMq#{oSVxHAc+pR6RrVEUD${TpF0RU!VD~QJ#2pXAZXL`ykx|@WcztQ
zR*-*`{46*3t(sz_!kvLjz5byKV(dM#CQMFXZzOpx-0^NJTt6JzFQrt0-`r*Z_3;Zi
z4kq@>S+Bl(-RY$K8o6!)F-KM9^3&(0OR-7JUo#l6<Uy5Nn{=2H);bM?AQu<WBSX<b
z)<H!0m1cvcJ?vVaa*_D>n7FTLouMcTy}rx8H8{RMg{;K|;_vd$Lu4iT1vPxq97~H#
za$PUDQJc-#2={W5J>2Z9kjo<Cbp<le<;ceUtz#Vd)kF^Y)wpqiaB4+A2IZw5J#{=6
zSJ+>Qn2@*F#w>c4r$>dAJtyAl`O79!2I+%9Q`<-R{m9xW)ozw0Rn=vxJHTd~-&?5Z
zh$^Bq4CypSo0$R?bMaLbqN5}U3lzeXiSIZ?1nd)svr4vQ_)Wd7M+;}0C`-YY^4!YP
z@mS?vwmirXwl(}2?#wpXUlcXxk38{)M^6uhmG~QmLMU5c{t2nGvuO5XGN)q$eJ=a{
z1gAY<J;Zrqpnyt<*8TzPaYb{~QD$x%J6Du{z3Jsbf2&~-4?V*><++K1&ai?HfWzi7
zPP=55!XmT2TdW;QMZoqGiFeGqy4^io2e?~s7hMw2)}U+Ol0e^dV!XE75lF9kxZ^07
z(@1G+)$L0N=q~?U^FrPYvR|N(O)?D4-?YY`ow3?hC@_l{@9>1coKXT(DxdBo4?K=(
znNtUoL)rj}<wq;mgz!z<0keLF50;uQJ7CZonze^r-S~EKmUNoX04h>sj+UKjDYEvg
z8Ws#{FOIA|Yj=$;=vklDYf{Kv3}5Hwh9yts^2KZC!K@d<(e}^#@5f(CXmfVw+tp@2
zXTW3KvYuu@cyf9bj><zA8QQ&*gZ8HuaBdW!GwHd#gj@Y{PhF8!c|}=H(>0+cS<XSY
z2IJ75QewBV6h+&;Cgo>b1Y4A=Qb9)_i0<2a4SiJh*hR1>s)Ayfb$o@Us;f}r(MZnh
zWg!TdZ9{5xzvP-L>Zm-F=XHMv=X^B8`p&!fknscdD?IhF<(LZ000IeRJ?0hC7xIAa
zhCXa4I6_UH85`5ANwt|BKX^RUzrC8PT1n#B-x|uL3YK4q+f@@kgO_HVnbi-R!-pft
zJTW~#9g(7MJc61dh>J+G?<*OlaxjpPd1!m~pb#=3_zQGojLVl_0A7nPX$$vVIzys`
zpkqN20d`|A$lk-93O4{PlhacWS?j{H^NJ^e;~_7?_lqXDk-qh2SX9`_QhiHV)c%Mz
zCADIr`%MD-?S=Rcbed#zyp;6p!sb;YnYXRaj(!qmz1y7a6~W;*cUENO>IgQr1;5NW
z@;ZoHqUAzfjt(z1(NQ12Bw28wnBPk1o|jihw}*^lPPAlko4lhOMv=qA(6VQCWd*UF
zg{LHb`0NOBUgywQ65m3WoHuop*5+G5oo!@h+Y&Jx{>Y$~bBuY$e22nGG7hu4VRhH*
z`TgnHc~3shWPArlkH8w~atA&S&{Aht+7aMYs$g15%N4d3R0s>Z>r*4pvej|UCzgX~
zv{P`pO<a2aBIO;K{<;1gNn(=pTtI^c_{lrS;9^KQzBDQ517fde2kIUA_aW7#$H)Db
z%J{z@b??A8iYQ@`g~%H?d*BUG`9OX9{Jq9_sxbNO1XA`+S#MMZ(Vzt6tvm<$#s4dD
zwfqG@@Bh>X0Qh8IoPh_yii?6n@x9oExPL=xoX4{2*c&X_Qy((+e<Mu)18xB>4*}x|
zF*q2CR_0B+EsO|}{SWx`FZc_vh9W>vSGI8H$IVCrxF7E7k8|inbjlWn?-HB-1)lS6
z>|BQjUIaDZY^AV6aI6w18jbhD?7%Ak3^yo(24Iy4rNNN<1AhTH#ZdSkOOeIJ+t<a8
zF|GZ>jE}8|Dh?%RB6k>=Rly%ch#@#*epLPYe13tU6L9R!4G~6UWG13pN1*@2Evbg-
ze27tl(9HyY6n^+476gLGGQ^V1BY*K3B#H$36Hs;jg{iIo2WZMtoaKCqA0c9&kBQMA
zy*usxjko;^cH1PtU_h!&fXA*XCZ^>EMfZP#<iN-c{OKPAFskKd=#v+b+2dnn^pWdF
zyLIK_Vq#d9UkIKso)}lQ(qkV*fMb5~>68t+j2q;>>23)n$imk)3AP^prz!h4u=?Nl
zDt%1le+ni1PjSiK=lym5|9g_<uVa4==l_NQKQ{j>v;T!X{>c;YFNl|TJ*NC`cs1#b
z(TWe=8GMX~sQv<7Bj;SY7huu*ioME&2nPA<OPS59kk!>Kp&A&?d62COZ$0rzt5U3|
z(+#YL_CT-9*JYzR64d9`8@1>c<iN0!rQ#DYnb&dMiNUkYwzmCHx#y_CuMTIc{bvN^
z;92zb567owmrtEP?XWdpZDqA~C|n6Y>a}?v4H&d%UUnAz5|E>}6&aQkPD?JaXuwJt
z*OxPx_?!IZjd>jTE98J7X6qRNzTs7S&$|fq|MB(S;cUOr|1gT8lxnF`YQ)}&Sv8A_
zQKN#`HDc4+#AsEm(vsAOS({k3YlKoOW~;SH+FG>|q@;>^^7(y#&-IM!dL9@5B=LTq
z`@YZp&g<OgoYyOJMqI!<Vb3Ydd3=2q8+u1>?X@J|=*}@S+f0-1GJ_1n@%Pb8Ju5rT
zvdtEwCX#r&l?c~nmE>74Z4ihvA9VG8pHUMk)PWi000DPil`Ro|`MLj`iY$Lo)u~kP
z1PiXwe|68_rf;sT6}kdN-Mi_*G|u>4XHcN#LjdH+VoYLJQiWA=?Bj2=ZsHw{y&cDK
z_yRddvGm!of59Aw{gUiLit);Frd^<_bh&&=zdIJt4ryluZh)ni*}gam(1|<{Vxs=+
zp1MBOu}o#oGk-}#bkLa)ao2#UlM|4Er8*R36afP|vc2OF%G{#~dP^%q=FA?@dtCs;
zNIX^q3j_sjhDJ`VTP;lxHhqq}P#AZoAdqeGemH)2su|RQIwp4Yh7lz<)gXD3f5`Sr
zwqHC@56^pZKRZ?$q1g~_dCboUBPPofW^T57>d=p{hRB-P#Hh%o*4pv$V-E~rqkXoc
z&Pi%0hCFjH@r2dgXZvUmG6}H?0?EFHM$Xy%4eD?U&FzPGd4yC60HqK*(M1252mUKc
zTZH`ZX-x1}zYhmXCJK8??F@b?pFPa1Ypy!b-ca$Xo4rf@ouMm;1<W&Qv!Lozn(x84
z-)9xj=~MjBEX(Z;>`NQ{yRurvj1I)I1o-_Y+JrQ)64!&<L1}?|KUK9%Qh&eX&Z8I)
z@8i-I0l&U2#Yz=&85LJQ;Tk#lUR~~UlUweOucF<TLgELyDxby`OZ+mM)UDs0w;{JI
zxGniLab3c}o|o7KKwb7!3vU31MZR>$JP^Bg1&oQP`$Cb}itF5WYfo#Vx`b=(Zr0Pz
zn1~L;t9xefKrf+EHVeZxqtgrK`2$J4bgeh+B$aWL0C{KD^J_R>lQmq&tzc!D_w$eE
z*4%_)AvQLdeXeJtNVi$42OpWL`{S^Sg)>sSTY;D3R!2t;CerP@%U2`NZ*#t59~)(d
zAY2o2ZUERHH2d7<FdVl~v6*ROLvr|!KTW$Duh?p6oK9CW{yH0&wmpGNqT=rQ!NE!|
zXQp)3KKkhckyA?1$C_KI2$(vC@(_>EV_K^vYY>o>SBX5Ksv()n!@V)*r(~kFvTfKp
zNqZgspSD%k0|lpKYhVH1c`Zm;<cl~qA@uhiqA;k>rJmTJ{_1bX{YdFI(d0d!#W~Cd
zjQey2AEOpALK^1bBX{pon@a-2!ZcYU2j`x%*KDfrl6Gci7yky=h5p%TH+@1<C4E*e
z(0bitH`dh>PR$z7j!bi0MZ2nrtWLx~@@r~p=a87mlTKLld#+SW*%T^;1vV^9OxeK;
z=BK8x5;axh#he!|xYfZN?Y<AqAcrG0thdQRlv_qvnDYvQK{Fu8a-PNF72t)T1tUm^
zO=p`40e<iWv9u}5H4Nr^4KL`gv>@=VbdA4YtE*v?6O+q+nbOtQl4{~>ixcBywoo-Q
z1`0reC14|e8(!q~H*}01$Xdir?zUS6+GmzbrY%qOaaITE>+!;7QJ$h{vn-i=6fuy3
zCLPhlZe!7|uFf!5*^iE_R~zgL7A2cSKK?R=r?1C#bu~X~ta`Z58!mY#3=VrKXZXd!
zvksduJEQ*S=_s~Kr|eclljY;<Qg?Oi{TWe__t;vSSfB{%D+VvL8hDer+M(U0B`XVF
zJ8ETw$=87sKP)@=peuv^YDq>TKg?LhkXOa)c`r$)btDZU?t82Fse1t9XG0SncvxW>
zV!XR~XIDS9VR7hdZNE3K*E%TIW~208)vXBsa{eMsK`MSs4!gvly%7VvKY@UpSJ0-j
zf6`YA6nhjowzF7_9AKmKZPI_GEu`oc{o(^(=~!3wj`V6IpIN0|1ulgr<T;$~Ro^7(
zR$N!&RRZD7c-AuFsqbs94^q2{HfE*<`9NyB-at~+*s){u%2`iTvnnjw@ceY2Yi`pc
zc$Z0PB9Li4<qnk!88%7diIou-;JgMfsW!wl-lO_TNjyB|cb`T$&kc-FdJd{@hF|+G
zVSf|p`Fr@=lSbqAx><UlCG%$Om)v8kBwhK{kQa2H6V3{3qnjX+*4ohyD*}6LFC+|p
zWcDO7R9nDCf&<H<)ra1MX(SZ2S#~In#<;bex~=|bRtc?9E@-k`1gnICg-WDP@)U4B
zRbn69UK^HhJ#Nq4di8w3TYudx$Um;MY1`r>wr-L@5W;a<pqJkxi6O5&I3}x`!F~p(
zwZbLsR(`*#?_$)a8TH$|(iluI*p(%%ZU4#K9(>oz5k`Hydj{8nlL~DHnK-Q+k(Z87
zOi&h+zeGJAMnA?sBey}-$BG_m@a_NRS65r$1iCNYV2&#jZB<96(uPxAWhU%d7MgUz
z{d0RCaqRWnldr@5WK3QOl~!n#?wAfuE!&`QYMRyW`rip>{!)B6=el?~FmPY*Q=0P%
zhg@KBq>S=ZS`jO2<i6v^=ZLv7TcD1+UC+AI>%FH3vh(7ftV0h6Yx)^JLrRk!Wt0pz
z?>?#Ng*j$A%t0LakO+&gX7J89;(EJ?7obM9jq_500biDJ&#+2%biP=q`S;MAw>6h<
zr^(6@CE|a|kVCF#H+%?aL25&&Bc~UJUOW1|M!7n^`sjovJ3XWg54>j@=Jq7l%x;*=
z{zNv&{9V5AVqnPSmp?8)Utd5eSUj6)@|*N$nM^L8>o@Mm3GnZLd9STj##gK5i<GNF
zwPs3o0ta13&F<f}OdfmV>b?1Hn`vlwsWwW2Z#g>3<RL=wJI$39tIzlPhZFB^UM-|j
z7kz57X|)f5Ow!MajO@w;q`{!Qe%CR}>t5YAAJFtIIEIB}kNyHbz)>@ANLD_(0)~S;
z4C~c+Ki|KyJHCLE&61A*qK&bl-t5x01FCAFUF&`%zBUS}A--p;?lxB^p~m(&I_jqR
z&&cdcc?B_V)Kx7E_<q`21oPV`#KFg&+@skEhpgXv;S=9Zw;pOUjvm7G>})Wsr!=>&
z?hxuTC5qhOK{sfNTd+}Ogmo~rOe1LyS|MHKB@qHy!C;ofuGaPp&ayZ+%0HNuCyD9b
z$jhD!?rM7oaSr{Gtp%s=8Y3q%vU*rvfBcIHjum*JD9t;ne77d0PQ!*YO`MDWe3x?T
zfR4#*9a^~U&vM6#x=;eUC(O0r?xST%$r6M^=4B>X9K=%6(my01wA^|T{UlnD!(<(f
zZgp^|<?vR$8>C>|0m%9ufv7W-Z8U<%rHRnsp-r9z-O+d5;^cTQh2P4X59;Pxc$tX-
zCz#70`@~t42wSMBq<KHS<$P3Z6@d(EoTNpTT5`DT3^9<{^OZ)j_a+YXEe6@9y<k2&
zqL~^yILdI!x>x4=1Dg#nqI~|pn<KA!yI|gJ9FH5d!-2!{Oxco*a5X1+hZa%un~a$9
zz^!{FP7g#G=QDpgb9@`bTmH}nsNL1VMt3w9*(23nvMI-1w)UX^qi>I@&2<pU(sR)0
zqCdFZB_{o8fz{&m!x!Duvy{&Kqs7fGd`I1>vV-{>Z{p5SYxhR@NycZLEcE!2Pt(;5
z_{U$yN)KDVri4VE#CZi-jkm~poqmL{!$?R4(0BC8I7LF&e0d<J&BPbZBbjHszV5u!
zfsEFA-UNPLZ2UYA?g>NAb^ck`q~6_Sgy2FzNW-{vKmf$``yVw$K2^Hn&r;Qp2LSGU
z3AHG1{KE~1ie$sP89VB?O3$x8t|1^mV$-W)PWSlB({{1h4@E3DF&~fK4Q`r8DiP&p
zHxrWXSk$*Jo;JL>O0amKzfEGd%T{^Z0LO9A9>zq%9Fa>Mn9qGvCVI6FME@UGnt^$@
zJ2pKjHMq)_4PbpG4mV!E{fUr=m`o0vFX5XH5hil1o|lY|y4R-NXRbS>-R_xtY*hND
zIg)8jeWm9|&iN<$UVrRfi^02as)hOdf=WmDT<g_LD4RninpEZU2?TfZZ^>ICD~vQ+
zN;-vDUAO9dxWpYv%t|k>Ru<V$jT3&gnQ^4+cgNZh8$wfmIb5nEI{%IJRnv&!j0f$l
zg;SFx<*<;#pL<8MWN6oz^B))t{xI#5@?6OiOnYKveZn%JJ?(dxT33tT<rU?YkSz3e
z0<?3i(Wf%ZhUrkbQb-K^VSTLfy@ZdFUoX`??x!Tv8pc_<&%1Lof~u{n?H$e1f2hB!
z(F66?=O+g1JIQp`o%hw?o_3VT9GwN1IPCW|zZ$L*CbQfm6*}3Y@d7O0F_%z-#y$vx
z=c~S8Ibz>9UI3&_93qDPx|ZKE`@;y_d6FF<Or~Y)h-53|33>n#eeEVv<P#SEbS#og
zm)e$n3jg#m9FDta=)MQgd@RnYTc)x7?$y4qK$!(EeDv?w#?j~sY2T;r@WeXo*0esQ
z^#WPj{*UM5m0pv>Ft1`(jSdtdI)40^_ln}E>~ug#P5ksuEAp;GWZbgQxmVPZkClA;
z@z-4Oxo7XAonQAd-9jnLcOhE7cI`*&``J(#@ZSEu!}*4~<Nhby4JKS~xcR=^H}%xV
zadt7wnUd?z+I)7vvemwX1aAHMly@&0$<fw`)5_*s5m6f_xVh~5Nw40<-?+%I*gD5L
zLhtQbs1nw&ESi$(a*z!Pg8h2sqO`sIH&w$^vq99~`0esvr<uu77r%u+on6ZI&>K~8
z!RxN{_|M`+9Q$pFb7EHZMIMU+r}4CB<=Kh#;nr<C;vu*2-Yr7?mlr*u<Zks|DIEUY
z5Jqq9eheO{?&^c*k*n6S;TK;D`&y{=sJv2G=!b%XPx0F)!`ZJf&I!H?YljU%IKJPC
z`7t?{Yh~L<H-dt!t-JA)-Xy1Jg3k&eQZ$9b@|q&$4C*I^k=ulF3>8jc=)V4F3xJ?R
zz;7Z0atroM2=}>ZOm9e3$-ldaay*8>OkvHyO_}XIh;dRb<<#mx2i**G)dmz&IKFki
zA#_NRAc-0QdXEU()vo12Y*E75$j8KqYT5Rc`JL_qM(6(PVMBJ7jn`2At5ad4#2)zR
z+}vwIz=FSc5QoXcUV+x}NbX12af*0O<nGC)bV)lX1q2s`)$gpyO?KUwn6&t;6Y>-!
zi-G8_f6JGS;}S|_=83?Ka@T4@Xg8=FY2UE<fPxe~i(A+|75)$s3lf^?zu7zf#OP9o
zI!@;crj$M~@xEr+=P+z%FPZgw_jjL%u%2`u+FG~c5-Lb+o?BMO)ju=*iN=)Z4*yc{
z>(>h2c=ObzzASfC>U)f~<vnXVNN`zJLP=}wMB8{>tC6(z<TKVV6~3DMzPPphZaZt>
z61e7(#JsVdn=i<tYRHHxPFFWx?{*&07zIk^zt7TjQ|{7;5#;F~)9NmA*l?mlP%qDl
z`?o6w{mZldhHnk-%O(Mqg{lC@N*2rl3|c^1ejbEd>KR(sBm02kh1?}M8dpXJp_^=%
zhn75ts667esKg~q6GD_9MUplf)XDhhqfhc_5Cg6GcYMYRKp4<WG(DXze3O1(h5eu|
zFHC6}oz)q#K2t$uD1i(D37{UMQpa;lRTpiYsZ@uR={l6@RfC?fcS*d1WC+%#8&)ab
zaz}~tu9&OjjW4~>u5NYp{serUL4D&f9YiY?sKv<Op;TAVFOYsogvwWhALdJCM;V|T
zR|j$}J*VJ?l9<@Ln43_*<oy0pR?t6lK#HNAL*1*K$D72RS^s6b^4BZhQrkw<NF%`~
zyeLIwr)WrY=j4h{W%Tjs?^DN(P2c~A6W&9#b^r=`j<@R%Nl=u(!^|QY^?y1r%xx$R
ze2>B^pIi-idFqIX#DMt6>yN!p)VKb>{hXWJknnbkwZhxqJxcMMbG_QhZ^f#R!?0i7
zVsCG+(Bm^}%^~x#6r)yFPX^xSt;>hntRC)13x~dEn`Qj$TwWT8oEKcl!{K8M_m}dt
z6l0L<T2mwcBK~li>f)g%^%|gEr<*mMNZ<FDsIJ-=T%(@D2NXshTHG3}-b{;bdCtz4
zcFD*!1HhbX0IW;q7)e&Cct}+Cq>|iWFQPT7e=D<idCCddEnXFs7{R-<K)OpzySHIG
z*`nsYiQB=9>5@?2`R+G?%dmH3W<HNiQE}LWb&{U2|K??}TQM9N>+bRi7QEEebX@IV
z12J%LYL*3<a^mvk8J|^<WvbNtSPY!|OlS-K=9C?uKmI;l$I_|9xLEl_VsV0d#t`17
ze>0d$2jwp1<AiScj9#{kp{W(-z#%3c1b_;|H@gE0gVa{<A<}oYQ|_1VOw78anlLiz
zQ_((SH()3ltJ&3zakX=1S%81$+27YfXsa+V@3_@9bf3d}RsALlJ7>m@2{SvfV<r{8
zp4Dic8&)YO*rIE!Q$wNTp@DYJ<7@m3&w6Jg$fqHzJ!%)>#KK)}O{Gm1ayy*Zc9Q$x
z`zel!g_ef3`<~CPGe3xTPoz~k))4)>wcg0wswJbY3JVc|IwKaViej9nN6K}Dyl=bI
zR4hHU?K*J!R-&j~k~P7##L&c!O+y;3wANoVgcTK(l>uSS49^fjxSkjL|9<yrqHN8%
zxPI*3JlMZ{dK4w89!cTBo|8t~CowRE)XNwkf*4{_bkn7(AW3vt#vj$a$$OPy@;*}-
z2b<NP)sW$uO>VJS_POIF@1?n^*!qCOi+dLAf(E)Usw4o(`+eZQ3xC$On$zBtZl{<c
zA6~o_%>^7QH8r*#8%_#<``8{imN3&vQiQ>lW>MX5np&qOwuCGypu90-(ixu8GJ|^h
zgXXQTY{BJd3D^QVW_xM2f!G@m8x<0*|2V#{6kH<CPs6~-iraAT`qx-E!FOk37rz&C
zbNK$*zdQNdaQ}{&IzP<ZmpFbZBoF%LgkzBW(;X|DprJVk)pn1?P;#}Q35TBBEYfo#
z_nXDgx?k7%Pt4M1tay$V4b?rn=u>>Vqb6?opkc$lXC>$e5aoqy?4J4B5qe6*vqft(
zLByKCer4137F1NCWmayDe$skXkeKl}wSgF`I{P!9e0%>dVPK)IwNFfAKzH4$ii)qk
zw)&9VSDCH&UMGC#4x#7Mbs&>F6-D7j3che%Gy6C*Sm5~q>nKY3G8s;K7O=SJSfWKm
z9paZV_c#AdkHdZI?RN8OGH=X$qh6K;q%Eba=^Ns@Lgw44F1yHc?{i|VwBOuR>l{&K
znns65i-9__6B9{%9YO5r?ZtO%&Jj9Q$@M3b-IF~Lk<A_M_HF0M12z^THLWK0O;l9Y
zkU$d!FU~O|m$}%=Rr$C04gJ<!2g_Wnva;rkb$$&u65QAXmAJ8h)<NZpm)VZp!0pu?
zx9$;6Fbtp@K+jiP>9o(74xA_|wMWFWi=cXq6VmF`r@|oBEn)%o4yTT2pt~)^&aYMb
zvX#=zza8>v10g`o#3_?>nz?Efa7S~=+{>iRrec~sA)^(+B43wAVSISb(qdKA+TcVq
zB`(!F*+m(O>1xqv$=ZeIIiBIpdzbygFzSEj$d317yO&9I(Z0D8u*D_xwif@D2|vx*
z?pCa><#}wtJtAN1lAxVu8iy}Rl6y#A-%#5828{YmWL@{4h`&X$Yn|D(Nt^}ZqeN&M
zFFfe+V<{NdkmD~L(14LyjW@5^K7u|>yNM^rWL}g$l&t<f5n3bAxc<CSaVz*{?a$zy
z06P%hT!1>yoXGB~!&t5EWJ}lWET}W=@lv9H{I^5}kaBqSR}e@Z<KH<Um^zAUT~G|N
z-?@AHc<AYrzU@fAEJvf{li`HMIYxiB$+f%edv9+8wk!^UiV?m`Zh0(#M37HeuB8?(
zwHlNXSk^@MECay!9HDxh|HyM-#Oh|#2nv~OjAG$7&UU1Z#}4X0X5f~8%%2gT!T8c1
z471p9H_{HeB@g3x>pYMF7Bpt0PB*q;PL6+mFRm);bY<nBdc!&f>gN}M<vGFU71?}z
z^=|)^<ljx*d&^YHKOo}xe#M(`)}DM;3uSEw^hrVM@#RO^QRv^z9YIb3>m(KT&<Y~K
z!Dj()Nu<cj2h7c%B09(+(Z4$&oy3mUXPZPdvbrz<IOkYrtyo7ap5CxJ+IIACdN6m1
zd2=R=aJs>G8azLYbMGl=sPOja$#4qGD=2cQDZtr9jvQ^z-+)K{_C}ko#$GEQ7-Vsx
zgT46s{C$KKIQRa|e*6+9*fe*|fpD((bh3C%EwU#!_f5swas#fR)s|TQFnVGR-iuiY
z3UKgtQbR7}=jN?w5EXx~oa0v3GSZmPjH1(EK&mH2!9{}t_gpCo7~tQ3!GJv6G5l-(
zfA|m#D54-o`Tw+C{!&u4tq!{g)3Suf^M*)>mD?Sv|9Jxp`0rZdBT?+Ki$^;%MB^8W
z_>jE(-rg8OZ_FIthm38~y9t@_4$8Gt;y}Y@7yT7K<jxy0`b2ey6Nl$S?{Z1;o~kM@
z7fJFUTAihG_Y@OoS@QIYg2NVxEde60Y6TC%oTHU0PTK~!h|;K0{!n{CDUg^$$Y9Fa
z_q68SA6?zEo5oLPfhL%ULQ|!=_NUtr%eJ?y@u|GQV-r10Z?%?Jnk%2YBemeWbL{N7
zTlXaP9ZGb;)e?h{dCZSQIY+nJ?LBc=1xG=kzjQ&zrS)abLKi98hlNwt4(;v96~Sey
zc)m;wYC&$uHS<PE6UWQ)Mv08n5nGXQR7br?%Y;Hx!WGt#+4e_fAfGwCZ75*o=Ye^h
zYLMS5Pf&-We&4gO@MmsgY9JA}q+73_1HJ>9f0x*v3K#Dl8-L8Xq{Q9l{N6_D4&4n%
zh8`>W`|0IMp&M1FNYGdMQ10*fuO7SJa_*-jdz|lsI=@fPsC@V^B>&WV!sIKrV`F}J
z?zS*?1a&>kC*Y<`iJPAEX13~BA$_+|RZ>z?_M<=%9B?^eQ*~qAfhFRtUQ_lY@5<Aw
zg<QaARFv{ngLi{hAzD<II^ND$3Q{qlVSzG3>_O~t@2FrS#&V2Oxx;tIW_)a$%f+GI
z^-c3@jja+x4{L`2BWSL&nk-kKbbsCWwy@8)<y@Ai%qL>6uDJ->VpwVdE#D#xQUGt9
z|Gi?Xydzfk{R_$ZH?qg5S#qbhjN(8DFxO}FJ2LVSA@KI{o;4hR+!844^}%IAQ2*sa
z|1WoJ2Hv54b&QETf`8>d?ocB~h?f1oycGc!;^weqH?5>N^0>zmKD@_AI%KLV`jikY
zqfx)Tw&uM9M-%6cJnm)Asm;h@JWaX@xYbV;tXJB$1`N^}v~n`0{3m{9UExUau032j
zwmc$={NY|^Z?m-;(`U<H2Y&jo9+JWwRC>$M#&Fn&<iZwTo4Q{(KXEj?lGVtsEyS2B
z>%`dq6xnZTFv|xg;4Pm~(WUIYqY`9d!uE{fgv=N#ruc*tpqp7<@jE(RTZM&e>f#$m
z$30H6nfZ<_J)yaKvlBH-oxWaDiIc}p_ngA`9GP#r29or+dBe97JnfEd@0&QTK$f%X
zkYkg(Svz4BEx5(WK<r8<*{Jc_o^k<ca=*Kl6hhLO5{|kX=3mp*6TF%@b?pse!Dyu!
z>wtL#pAueT8ISb$yms#jM%pUO7lU0Vb>c{2SpnHoyqi&%C-+J75vBsj->eLM89GcV
zdghP0q-;`#C~_t5D5w4CGY}v>$D`?tqK~q5_08@H;MiyHbk4~-kA&CwJO0Q0Wr|d$
z#UR4jI2{SVBFVBOS`G*VVpBuu$i<?<Gn8JiRSOFuY|xq*oXMBYIz@1a4@42lNpGOf
z?qb+vm|<xI@Q~E{?4lSfQkFYCM=EdXM{{O|x^tyMP#iq8xv9<9flvvcO;xpm{<zZH
zcWv&Tvx=Mt-uRdcxM=U26nTCrL9~v<fSgNB0u4oCMS=;9u6)dxV4T8fMBg3bbJBp1
zB<1hny%Tx@;OCFiqb%laGTa)4uh3a){~RBmBCl0dNuX;uAXf58ML{BHg9VXyXI#md
z7G_!30rEop1ATIGcXO{pT)YlT!7LmGB~THr7i>d<F1Na!wwrPlY}!m*u;!LIRV|jD
zvl1!ORz~K{5@j>OzJ50>^^>sP3lfH}Tu{)wE;~_T5fOVbA~-P6Pg6>*EBJ}QmCcO(
zN-`a%AZ4DJ>L~>iFqnN*vb;eRf<3*=hVMfC>_Ri78hM5snEJ+wqY|+G7E@{*Bl;?4
z-@6IeG{ijUChyJ_2QL!|(p=>)796BYp<GC?ffD1tzUNy?pE4vUb%}GnwE`@iHQoeC
zOB#6dQ{=jNjYXYtt)!9Jw|YqPlW%Aa_C7NxYx3Wy1(9vA%fpajfS0ZmP4az#r9Tky
z3M(a~tDaj+va7HDkiwXVJ2&D>i*TCjBMHM~fn0@AcGNXapu)=b;tA;ty?Lg3!HPcx
z>=q{e;1Yb-#~+sh5Ta)qp!maoPGNe2y3iz?l8(+}Pyys4cr-=1`D_7gtp-nW{rKd9
zQNUc$@IU*}Xr$XX@~_*-8ut9eToF)~B6_SI<l_65lLZ^+hLp=l0a!90{z6(LSyt4T
zeH&>qu}!EEY=X4n&wOEEm#RK}#84I1rqt5XOVJ!{h`eQ)@!|f?@Dv`uo4Z}-1j!o9
zn&D68(q>?TQ9YyFkU`=d+T#pWR0I$`yXf-hCAXY?p9_pRBmIrq?=elsf;2aZ=HJDk
znMx$krLR?%lkc7h^drn-9drtPO-9)*Sh&D%ixU><OB9n#pawP;-npg5&*iV7XS@VT
z-XSb5ab=_=A<US=-g!%C3#TIj!r*|#WDa(JKc{(94yF=_o{cTmudy|)I!_;ldiSLi
ztZ$s>!c<kmEd_Z(d#3WwX_wV)eFh411;XrdUh4n>$#fLOWH!pIa{miwjih#(B9e)P
z+ZU$46%EqfByyV)zE{at4qyxJ-v1ZJ^xu|1*Dx0Wfg_siCWBW1L9_#9hUx#(V*CU;
zgkoCm8(JuQbbAn6C+NlE!mNXUh(#6rGbzi<R5V;bpI-2aU|m{rrOaKhmbODp2y<5p
z%d7!ZMVhNFR6*EF&tl0U%Qj7bbyJpzT$0dykCGx?q7v5DbC!=oU%CAxQ1X(TOTWR0
z3tRGS4u}O4nhE{tM&cPFdg7u;Eq3QZ9mn%$!>Gb1594zZ6nRGM^<~$nnFSO%jhNfU
z(b}X_L2M`kI1#?~Q6PO>KFg-ImOP%>IYQ4N2^fFo&f(+-E>CAJxg%#RK@s%g->c*Q
z_RdD65%6(|5qO_(3-Ari9q@Zz3G%{MchI23qi7ytYZUBfT#=9la{E%n;>z&~@G_0l
zq{-~<wXU|hsHJ~uwm1SJ;PWPZpmzE-8eJO+bQKj1x<<1Mtfncefvbm=#=dGGI>f?H
zYjcmmD*qz<+EUQ9l;vP}PyzGUMHn%HKoSPATp~IpMhwG325B4?wkDP{R<p&`88m%=
ztz3beSblR|z-)%1I2}TN{<^T9?m~$ABKHGgLejJ$ogx0v7U!h7)@Z0_lZFr!6G=yb
z!Br{A;&S4E@pNFB;enlLePnMn>Fm-2qazfG^1yJnvuUSiV_+K+r-N8h_=m07ep6}o
z`A_-VHyr)Dyh)7g^Ep}(Y+C=t$3?|B4PHCd{QQxFGOyYY$W0X)%qJg7j;F+_Yfpjw
ze-FZ*KA_C0;a90FirNlM2e*_37;sN%QGbS}^oe4z!i|($Q+a?DLu6)OvAigG%W68w
z7zq+!NRGG3f@)=%H;IH;HIPpOb}wEOk%4X(ru?*;KP9NHSzP11W@aVD@jv$6*+p2B
zb}x#Q5ArVVL~XQP@R0&|0zC%u*GQW~i<@t3?t7fY|9wU!L6LVuzpGyp0AQyE?4?pG
zHxxx`q~6%3cqP5_%n>Zpy0})XC~o1ACEBIC$jw7mdhzrYS9+g3?pS|&WXW=UQU8+=
zqg=H!miVVs-`wCipru@!{&9L--%5?o+?fXaY$kdqe5az5SwPLb>@HB``yg03VfR*k
z7M6Yt(0#owej@cU$h{qyCo?Mbt63J>g}UpA4Gd;zcwnL074QG;a&VdPGfwC`hu3b#
z@~N%WK)bugWUr97z~*}4pB8I7mE5SgPCc0kz)Qc~CU8it8`cj~yDEYdQ-Wq#y+v$r
zJ{@x0@d*72GT@yw&W`9vXB@|JB<ky;g6w}fyZen}d{Ik_1e8fd7C7jAo?54On_uS|
z-%hvdB(S(FYqtaFyt2G91_S4n#&?B<I?R6sJ%oM$U$(KIs343?)*%fI7_WmAay?1n
z^wKjqO%BGnURPw;=f~n}a-_2CQzTNeX<S@6vzC0arTFbXdb=5YVfP?8)hEV)>}M06
z-adZ>{u&b%g0~Ia3wc_<x6C*hzSBKE5uGzix6E>lpi#L^8$$i#yIOeLOXoIec(l(G
z{|zf-rXl)p)=TJC<MZgQM5V=pZxZNe8!&Fv$xOYq|Fa4`<a<Mb)tAkgP@&Bf?)4D?
z&%M>T`neI`;e&}iWz>FWL%Xsp9hb&Uede%3!h&g`;cOa7OzMi`26@5xT&5?-#IQ%u
zVOg4I{ly)aQ)o7NE@Yete6X@{($Ep6q>{I}IJb~LVK*l!<4)+RKQF``k(KxUmdE`5
za9qP4)N!19$1a%3A(nnG6m;aNsQzP0_SNu@in6*}-b(0CoekOC1=U~b$~MOeZ%T^)
zu!LE>XW_nY!05hYWy^eNPY5{r>z4)Yba}?-br|mNp$3}V^XDN^vU7Pc2G=#(M!t*x
zGT|N&xfybNf>LJ(|3;w8(*Mv<!Yha+;tmy9blMP&xWD!d0j5;gO@dLFv&Bty92RK$
zjDmrMAz*=hb#)?q2C|iU3Ig35pK1o88wK{M{y@zB_dnmFkX`8;Pc;CWg;*)aRlGAn
zAyY=Dki2E}*1(Oh+}YNenp86aAESFqv7=iK;+k9&_+<?}RC*Ng=i2w^A1qm*xos}4
z#(iZ{;o=@A$+doOUA^Fwl{q)T-QW?g(rxtj1TtM)%hAKR2>)NR_a>6pxx<?qY1f0^
z{<vG{6K}rIbI-fdF|F>qJ~OR0^$iA9A1jO(3gghZ$y;gQZ3nR1`0M>)3$@|HL6EnG
zb6STzu2Ye`Q47I*7q)e^+TG@W1{GOVC(pW6PCif6Nm}{csW)fXB=r8byw}HN@dl18
zo&mwdy3ewF`1;1O0`SYWa$6+umU~Xk3vsLU0fSObso(oEh#EtA_jo&Zug;E<x-l1v
zg{-$apIgw$&q>1$vNdydbE>oLVLhEcheL&D>)ca_AW18(B`WU#U`~_N_2d+$I``_V
zZ{Et%4vHcYOJ2rM`LYVT%VViSSIQpl)R!SL=^X4UHsuTvSOxLiX_+8oWZ<R@hp<9z
zyVbOdMeUbVzo%}B0ILje8Z@U<*T<+FW%DHsTA?tgV^{_FB=Pgo-C6swS2MPOK~`;n
zf(9MJKKTk@o@$E_AFq!0eevu%wGd%5i~c{M@b-MKor=w{4wS-^lnvGIIyN5fr>_Y^
zA6IPMpzb=dxZrA3@7$QBsb$v&4o2Cu7sax6VTd?#GyJ4wg@gc$eq;w9NR%OSXWTM>
zBfri?6IvItk2W#C{>O1Z8WcL55e*K@%aqSiJTbvz0hNIS?TpuE6T@27j$jT0lwd3q
z0!aLy_y2F6DpH03%N*VAE!=3&t|rIyoY()Yu$(>1DxA9Giyxg_a0yZU;o-Qk!irq`
zeN|LOzY*|zLR~Zw=r)u+tkUm$?CViL9*P9tI~cX_>i4QJ^ip6hbOwv|<?X_D<V5X<
zG^9l8wJKaG0+m_<`I0JQi3{l;jrrYSk)~w=3N)N8%t`6??-4&};1hFF&ppOImMEOe
zz{10o$TksHl-9TVQh!*(i>TDs?P92?EbQxia+dk1jUTftUiyTKs00qJT+Vak%Q>8N
zbX^iO=cDuO%x>CW|7Lo<HNG|5tEo|1DakISw%G2T`VZTs8&=O6W=RiAQ+5J4A?WuF
z@q2|22?u^zH>ZT!+ux|Qy1s8Lo!MP9qUrkP7oOUQxsfni%Z2DtXi5EiGS&n2@0-8x
z@s`L<&b(U9f>Wi`>n|DBjMP}8l6h^dPB{sWA+J9AJHm*0J2^W)-4h=~V$UwF37i6s
zw!8wVt?A4kUuNWrXJ^x;hNPg;R1_$RmMn5ZU5K7(Y7})f4g3py7QS8dNqm3j>v@q#
z1CEMHeecp4xx19w@|is4`&*Zy#;6H1?h&>%l4SbZt5EmJJu{^xZb|&cW{SOt)uRyc
zo902Q@%ch_xqxp8?~yl(bHGXPcpzA9AR{UNN14gxdly&y+UO*FIj{M(jl9&i$STjY
z1B(_dob8AnPVJ}f9OB2ISsP+jIw}mW==C5FEe<+}ch$u+N*^9?v&Y}q2GY#sZp|FW
z-uW-m=MmAP-6)iZ$5ih=7bSG0z|N995z#jTJn2<gU~SK`h&n*-3ljBnJQ>Wwc$y@C
zb$Mf28PKO0xyU23$}mtaVj9~5$?_IXii^W)d9Li(ksU^g+IRoCxHW9C{n|Sbaj&f%
z9HOU5dQU6D^zna;flys^pg;$rOBXS4e8aCW_)c{1(Z3?(-d2|5-9N;suu0V)5vwzs
zer=9%CKp^P6uT(DReA~I@f0{6Yw*Kr&vN={wL;VTXbeI6tDvFKN=wGO@#~Bkvj~Oq
z<mz&yfr7|mE(;_t_Pk`t;w#$?J$b!b^4!A0Hg+6(mW$Ws4v6FDMcpXb-w5MF)7a;i
z1=C+~GBv4uKuDm=D6<7|R@;w>T_FD}%DeE{3aC8Y>?9C-dy5JadwyT^LjL<e3c46L
zH1G%MTYD$Krm{!;NnU;C2Zi$cIT;y7>{vnQb=bAIx2Sr*>z-nnl!@vy5{%yVGb!`e
zBL0P1eer8GtV>Ii&%6OmSMa{^NIZ8O$>|v<S=Y8S`A?TbI*`}6c+4P*pFVxkwp^2C
z7s!^9kt8UenlAq|2NlmjSy6~K<Z%W-QzL@3$#*~YF5l#t==nu=#3mL8#D}eGkavSB
zz!%J^H#kyiAvToh^Ub*~FJioaa8FOrEwRl1`{la1kw8PPkYyRsR-jri+0ZiAMZ^Lt
z_O?bS&2mQCo5E=ltX~px6CI0}N1h*=Y68sCQw0a(#Iyz>mX;98?O(@CZSD2WsvX9h
z_4X1?JO2@jt{i+N?v8BY_tEG$N^EY)t1mGM*y=aY)_rdVWzKyC&T!96o~)W~DE$46
z>|p0@Q!Nf%5cmSvSt}|M*&=~}?vLXwucb0bK7U3LccmznOT0fU>e2W&wUh0kaffgU
z+Koqvip0k2K`c4`XHf15#%|0bHbb&Sszkr2nb0=7Ea>*!%Vvk=%vs~?0r0Nwo2kVR
z(&mII61D*Hrd7Xm<2sx6AVg4v;^!rl_`UXo81nBhAU66UCUOcN7K2B6z|}N0<rqN>
zv6&nYGl&Zs9p5CA<=#}@!U<*344a$%(a~nisR0@*Rm7NJF`gunBF{(%#`uWwl<NHS
zK!vc_INAn4`MaY)z)aLrjzI%3f*xRu<u~Sl3{t{BNSusrP6W=hm(Y0OBy$=~I`3T~
zVhR7&$+)}u>HB{zSgHk_at5<f{^x+h<^=)xNznL`l?xcfmV=-X`$Bl-Zjt4*tRMZU
zo>5={fQ%}djD5_=3Lt)HbmbIhi+=**fIPLNgziO~ld*WsMTbOuOwpYre39@G24_k-
zj9EKFot*u5;xY)a0&zbZiD)NosQnp62RC#eqAIPzS5om<{&PVMc+8((P>*lzrjqUW
z%1jfA`X$hvMT%ts<hBMVU`}M7Fllm>MjSP{-whq>;=OG-k_V-MhWW3>->TgdxG~;I
zSngQ%D}Fx=oL<N!!H%+3n`V`cu&sIaNMo#tNHD=D{pW-B^8D+iL-(Pm?r~0&6=4O~
zb*L<G*DaeTbm&o6dxu|Yr=x9JeHtI&k<sUo5qce+JQ>j-4|%H8yGx2q>n3jRmBNAv
z@g=kZ02-dzdENNtwv^rE^7@AgE0`ve<+fb6Wx!W1fL>KnoA%omf>=OmiM#Hg>rIfL
zzWZoaQ<-~$d8#}rOGX6D+-L)A3|x1qH_8G@V+**W&PCU}`=NN~b!)r4<?vXo+TOFC
z7xd02v6(xYXAdJ}6Sx~-F-j~}#Cnz8)w<4uo|}Af=y987xkP^of80#}<-`Z1-Idqc
z!z%!U2IT4}<h3onWpN+ZkgO@&N!;`D8GB|Ko<uC9WnGyq_?YQNu+{HxUQ=GD(+x`e
zh{rQ6?rm6`w1-IAGHlRBPyef*sfdDe{4NS)x8)_eufwbxfatIoTr*_bw6)Ir0bE@b
z=iRX|syp+uy+6OPVFN^)hZhW}Jx>^N2xCon5Tx4x-^(v@58ByWnKTXPu0)E2^}G(-
z^Cn=HrV2J|V#-zmGM5Veo?!5zFjJ4O9X(c?82j1wx)p@{ejaWO0j6*VijX@12ny{V
zBZiV@$fZDHQPs&n;|bz6vWt?8ps?@#Mh1efq4IZ{&_wk;56or*9*zru4{%dZO={GH
z82t<2IT^EsA;2gLek<m5PEt9e9Tm*e&{O*!zP>+2MGat~c{&tn_TsX+$RXiSyTndx
ziGCk%GP)tE?cmrA^{bQd5PJ=qg*dUnX^huOt!+YHea-QAFzm#re$Wn3b&i-g6x*}y
zE?@Eq`(U=61t`XmYXvCHk9U>LNi~E|QkUpX=hba<nU0T4wx&Q8!Ns40!ON2&Gd{t)
z6`99j{Q8S@JL>u~1w9@wucGM2A)}|sTzTo~K20mUF&z(DZ{PgL`>8A9KEsI5Tt+<S
zb7$}VjAIH+H+|D|`fJ6j-lQG6y!gwPS2561hurYfv7ORn6;)`ez{n_-1%$e%{bcd)
z>~LVY?CLN(LrFe0)yh-lDL-y<>)@KIKnH`UfK*S}pUl>^%_}POd*#U>16?Cqg&o*%
zdtbN_t}J^#ezgb*n{uU=f+rNB1BZuKgrSPs&*Ypx@=#Gx)`yD6Q|>d{i}(wTJFM}%
z^yWKUz09{+R)&_lI7Gt$|E*y3mdF~i5d5f8O)b+pg6N}8RF65uk>EJ~Ss2XCb;C<b
z;Z`;gLo^`<0lCLV#>lu1Xm=sGYh`k_S?1^ek0St99R9+;hA1^_Tn&Laxm*{j=>%Nu
zOF9m+&c0Sz=b=_QRB<3Pc=pFcUAzFuhX{XsP;$LN$i2wXLLkFR#re6?#%4LQ%0WTo
zSX<PU)h(5&kix?7pB6#fBETio50&Ydu(4m~kA8H1jDFP^GyIi?S!nc=fQRiDcjl)$
zil3RQWv;V?XF-p-rSVBC{!oSYHP&Dum$v%MuI@5PRl;E~G3uaghE(3OaToG+7;i`E
zY%AP8iB353;*nhHXsA_#+bzJSuD<SCjb7LYpEwxL3-ygEqzr*5i*`O4SoykA%k_l^
z)oS~NQ-;Vj{u$dOx88|XgTDykLN~U1k919VLKK=MifWW`{(JtBHFg@{`GK*%gu|Km
zX#p#%yd~vGL^F0~ksOAJ!rxOVAOF|!$D<j)Ys`gqbLEmt6=Jh_K%)yz=112{#G%pe
zO)iQ`W7Vg6Uz`&$(S==KBN{ZL=Xy@uqT^4btKv`JETD{=<^Oxc$4S)OKGZjUKY*Zx
z$)|#@l}YQ*unCTF*0ogbj1Fcm0fVgd6AAb{T>A+I+a9%$H(SvaKew?I5{+Q3deC`}
zItBf`&;%Sh5y=Z{V#NYn5~a7Ea{@R7|F<EmQ*X#q_^G0;v*Mnc7*l>N$0n7{&HDt$
z)zzP|6t#zczgep&U!(8!ATG3rZt>3%X@Z>Nde>NB-%`8X+6gYxi;s|?W8KEJ@qoMO
z5x3M4v7rW=vs~=-30$chPxwFGpnU?+8W9m^r};i0_`lBNAm)I0BC%%uoZOvvH|Atv
zM{}X5mADd4(6}vmEGcaTPWdq2ipoL9p=(pEuu>v0cO>~tbyhWT?J<(XtTAp{Cm6Nu
z?^U-^WXf{)bb#cMNPxMWom^Vb9IbL0Om#tP#e?Y}&H|LlOFU3N*Nk52-9tQVn6@3s
zD(<BE{!!>7&1KSoAO+P^G~6Lp0!l7!jmZhu85y`>wBza6^B>5A4#W=u``ASOC1KR_
zQb2{OAgJM94W&M-8Hhs6v`fQ`nHiqBji;b%s2R}cTDN~&y+uW_nri2p2~bt*Ud-ui
z1fio)r71cdOx}+k|7e!--@O_IQWt{cL|pY7%i5+BbQKnjB-&~v!e(5FK$C#0NTB{k
z+n2v#iaw|3)tY#`<S8M)Qb6XZs>*WG|Gp3T@Xpfkl+*V^=;mgTdih0&Y&Nkn`rtGQ
zHGD#`gYq-ll_mlBmf!qF(Ji?yBB2#oYnQy2+IWfr3N3o8Cuzc8-)U)cx3^iPdM(dv
z<1+Y^f0zT}%um4~O%9((?M}a9ez!%;O<uTPz)vu1NT4s!^v8Ig?tge0Vs+~i&Q>rb
z3#BM6Vu-SG2Y&tWa{}ae+(z<x7nE6?qL-y>jLoba>iC>Ee^R}g`11^HC7vM8$u=k`
z!c19tTJ92Wiiyt~zT;=k{;il`_L>jR=Q^BjJqdg@C1RZZk3WtQ0-({W)Oi_n*Eq+(
zV&GaU69-4B87ZPdql5EgsYr-`@+mxqoKq#lNu$HeE|5f1O%1W4p(IHgw_;6q&YMl(
zr|qZBL?`tN_|nxf_#W~3Gq9!rplF*-i<&Y7NRl|JAinkz(?~iNrRneSm)-BLA<A`X
z@%$T7uyjPUG7wT3YL>X>G9dpdjxD9pib(}sLq|mo2|K^zQPk6Z9`HA~0|7g^rAIzL
zCxQ_%<Dlh#g3qYXjg%}^M65T5kzT#QQd+w#$+5LkDNE{YQ~BGfWw-v}4KUH{)zqiM
z5mWqLL36oXe7qg)k37Yl=G0uB?S;~BFR^(o7)hBg@X+jF>RPE;8>^#;muk<tF<kz@
zeR6<>r!j6xK_KI9aNy4CrkX$iwxIp>xbt_mj2TetYFB&bW1%)4BL$JXCCn_f;52WL
z`_}Z2Mv9OuZY6CmTTaH#9>nF~<>9~nefBv+ElnuB;!4JIg>hyE$R!$jj)8O_;8Ta}
zEl_Hj3_)w0A(g?u<r$megoN31|8}{wRDTy(h)6%Q>?11DVW;xxbDE8bVkKy$n$q4x
z7i?A0Ro3k-!b8Xk&<}11YTSZ%Zan6b40Loco)j_3>skRJx*qP{6u`iO2?Zi~smWBs
z@|*^1AfS}Nz>vy!U0ngD@oa&(`8J*TlriJcA)xCO_rd<!@un**-nToHNfChat*LaJ
z6^0YDP3Lj^v^x%(FRHz<GgOzW?1>5W2D9td0H}TAAG9xrOze8m*SnkUCXYeeAAj}V
z{?<pB8||CPP~Nsa7`pZ@Mkt)QRW=+WI{oW~;Z$NbLtguSdrh$VO}8-h5RBo!_2^he
zs7|46Kz>hj!EBgCPqo9^#(DlpeF|nnC-Nx2Zu<!1w&}4*mi$F15Bj=@@K9aeAUSTV
z^$^u3LpwSa$Iz!CP_^yU)1pAdZhTlr$CUq3^!jO_uul<un{c#MWSqaWN9dS{nv1Dw
zC=!W&5gr<0c(ocyba)XlOn}z+53oeD4eoawk%nLYTad~GpN&R?7HWjoR<tD&_3LNS
zES4|JvrOEP)T+8k7qRn7Tjf@1FSpQkUI^znA0KB_eNAN8oVBEve<a7^X-^Gir*&m}
zW*nQbs=q;|fCCDj^YVW%kJ5U}ledfjD^>##4}<d8QgIvY_IVU|_x93M^L04FK#NlB
zm`ee4gD{WE=sgExoGy&gVEk1GnwK{ZcuV07Rz!7R$`IiDWed#NNBAh*I`g~5BS<kY
zbNN#L%$|<t4hHBC-rzF0zx2>;J0?gYc&q!&F866dkDE+ngcqu#-R`qhPl(N(P-u;8
zi{q6o3t!AvyN%n6A0uY-2-j)-t=tQ%CBFqb)o7JU$=pzKzmgH3ss^)0ilWpDsh0+e
zu9OA(Bt-RCk3cIM8B5+DFD|$suD7)mPbmj9+zNu$_C0rQ4C%UiZk-9e>STzq;zhS+
z(nIPdun($d0Fod6KL7NCWh1dw_lnq^M@F9*=n-$1PcG$IPlgaH?;^nJ4u6SolNC`g
z(#%Z&FzKz@j77Df(LE1aM=G4D2B#NoiwWS2`{UR(WIJTvyos>arEFWxX-Rdft;R*L
z2`qIIbF!q$vodX*Q3Q<4HZ(UZ2TAuEppzii<<?t69D*-H+EoH)D1Yt32lgSILofy1
zjMkd8nU4ysZgicaRqpNv-s8=7KWEz{lpMU5*;V3vtaiuSSyEbqs|IWMC;cfp(Eejj
zQ-&Z*EMjQoto>e97yDnEjhG*Gu<9)7`AddWlv69}+EO5xL63?)@|$n}bs+p6=B9_z
zPq45hvnz+WL^|cdb%5R1+f_V_>4<lqY7Z=SQCFXBgM1oAU<(B@uNq%+x_@xVGy=h3
zDQn7Ezv|u(iW{M*Gg|tZz|Ede2Cz_%7fK8j{6){)GAOrQ7i}_<0e;D&f7IsYi>YTS
z`SAoTky27^IcxVa%&-5g^`m+p&XITHcAVIpcd1m@Ufuwwlrrd03SI`OsNz*(%v;P~
z&|VrTW?&N-t;@0<bna)<yI~H<VgNGVqGx-dp&k}8S(bh`=rs+Yx*tr<02Bkd^(B}A
z$KyTxEb}CIMJ5Nas-KX^SLm6twxy2RBm}q(tdMJAVdP^L2(hMb)o!a|?`z?4{_OW|
z_J!?xZ`u}awBuc3{&(7Z(&k*)#QIR7A3gy0_ZU17j+W}IfkvZJJAb)wfVqovq#(~<
z9I=#^S0BNFJw15%XFmd|J@+)XdgfHQ?Z3T4(+m>WTu8=XMK!uluf9Ir`AZ<c7oaHB
zu=;Pu=YapUeSk23Gl1p)wR^Nt5xL{bxUaaLP1VeTkvH7R%9Pm4koy0%Tk9ybUf@M?
z8&NpG4!uM4&}itI{7LvXF$BVD#87~MYQQVPWJ``#uB?*d(N(7!G%xw^6juP`NEVS+
zxZ~Fo>W`or#5aB3y8HQ8SEG&XwI%NlDrAjdVqH3BxmSkMwhqRw2z3Q8V=Lx>dh{^A
zcEGrmi|Np#a@`E#tsZ;&Oh85oyI~nvKB8`0TV&3*pOOvF`C@G)Z-#4ctvFmto2~Zh
zCPfS<Z7j{xz2n3J5KCGxw<|bUE2{p;7Yr)svL7F3M&*NjZy?2xfTGZSewjT;D1cfp
zamiP*;E2F_iCkaH8o9K&F*Yri-uj;ZezC9Er?8C){#lTS%0!TB<Y4t7hKJnq0c~p=
zAUEAq0Ty3(LmB~wM>mdlcw9!<C26#>uJIe5HHu1!u5uYf6;3t{X2}+1;meC_dZK&C
z5!Z)5SDb8u{JQJy!mxA737*+lf6@ad#Z#<pNI=#(lr$FYy5{&NtRc`eTBv;A;U^gI
z(stl1O{%oBh04D=x48B)>d{@hVe881GYsyW+ptc!H>fVJjuoMO5D|Go4)01+&)eE1
z>>?G~;LFy-(!EzED3ryWA-_>Jo?|1MnM$4<GHnz_u|mI<v>#t5{ZD335yo%2=EBFv
z{}@v#F&iYzHt-(JdDo<&B`wTdO43R_>s&I($yC$|5Awgrv3$#n&)R=*MD19tlXNY`
z`GcI?pm|EX{ZqMkT^c5IpB@F<SPrlfr<6DG_-2jHo2TKLm?I{gKJh3HwP3wMzVDaQ
z1#gKSevH4#^&jwkM?sWRol2HED~cc520MF~PV*2w2gxOF8e4TMUiogT3lo9<2_T1u
z)5fQ-FP;^p3$gXdr`*3uea#GF#Uw$wLhwIg6n<;@^nAAKPV+fl<BYr+g+lIs9LFM$
zqs%Ghm{C@JaPY~PIa=NdF)iJy6HytWT<hgF-PDXaagC;3+QB!q9N&7i_bDhFgxFM7
z{P1(x%=3Sb#T47CaI#rRZa>?56QQX-hnFPcP7rIS>G2|WD8a~o_S0|3<va(8L=^tc
z2Y)@8`U;HgeZRWy_9jL*aWafVOfYm>ZWn>MwaW-`rP9!|X+vzp1gj)WV;LTg-V66|
z`VCWzK%O)!lik;6<)XCt)I=AUHJ@{6n^7XJk5ZJVL$oyIKt8JB;V~wpBI{A>%|ZB4
z&DYb|+9H(bpTYQeX9i|Eh7$Bg2E9~QcHJkGG9@O7Dn-gFh%q3^_?|1VY5J_+9Mlf^
z_Q~CB8k!jy$thxJO0f!M;!|b9?Ay}xXQerKycOwQ0MhBj-?j|g5>udZi|YtLSu0%x
zq22_Z)czmry?0bo&D%B_s(`3iKmkF(07~yjQ@VsEA_={BLO^QhB2^F&La#~{6MBmf
zf}#}Zy@U{uE(8cg2!i;W_`K^q=ltHa&bQY2=R5zL0oLp?_w3D-J@?#m&2{UO1>LXq
zatq;IS7Z8M-MO$YLTR^hauIeEos`vt1(J9ojyffu8j9o3xv(9dHt<LIv&IaFGJxS0
zRj#x&@0B$z3cg1ZY<gXY<U180+x^<DMbvDpDoY~nbB4P}KJP1<8!vAlbX^KPZCg8z
zeDkIytCHJ$TLS5S`|lzn9PgW7eZ`mNlR78?q>Vz>J=M@0lLbG%uqU29{m5zQ_n#|8
zVZVo?F9Pf279F6F2HUyv-rGxG;}wP<P?k~s(!M1uilU!c`ZR0TS8FvreK+dJFD1v~
zoFtd_YFt~FnG5<Gao%GKuYAjC@WV2}Yfnn?RfO#7@||Vj8}wHJ4iZ+BWfZ%TC<Y;N
z-{FfFX!}3EHafVU5Fdq3H4+XeMo~Kr3a*Xeg_agA1#%NS?CUp=r<ZM&`-tp8Y39s!
zMRK^r0CTU!4QV10H0w2=phHg|2P~YA?yTQYNE_fbk#!uqn@2k6P-j9gC27${KCt`P
zWuJ(wGrGYF20LNT9;y5T`=lHZG4xis<=bZUKjB4TB+o&FO9Y~`TQZmD9S@~0k;tA1
z5F?L^YG109GskQbRLcw`Cvz*ckta$7^oq`zw%OTYXxb!#cwq<TMBG*4Qz^jz8sVXO
zG^%w~Ck70;n`FjAY4NI*Mi+tq^XJ#^7ajZZ$6Qy!i8~Z<9Oql5KH{LKXQh_y!0W6U
zJ0Z&Rs%(-NBnR!Osd5F}GrAFGIIZNwBf`wq>eu;*==G+f1;YmU4;(9BKo5YFSB<E8
z;U!UY?Fr#WzMSeH|LYt%6}Rp5HYtm}ZP8qQY-cMlIE9!k?RdZ4+f*;q&t-K&>L(tt
z48x&=+5!We=6c_KJC>ba2@Ne3zlo;MuC#bv^MB(5uQ<%osK80*m*H}pg$=q<kgN}W
zAyI>^n7bA$p)c`y3le#ZO97J`Rzzzd>U;Y0=JJL2D-0JZT|gl*-}?Y|*Ueiv%hNGc
zy)8D}<K|^s<!=J}=9%*b#<%0OVeCLcO+J8_nH#vsX)sleGF52BPE}U84>64uR;&)^
zSFdXYTBQ;iCCUj4zADo-0o1&lc$uATuEvbP`3FFH{pctMg`5O-guWUh8$Io<!D0Oh
zS>INxu4{PM#}41Q4Q%}4*L!z@V8X6)yjeOzBr?=f!ON_5RcC*H>mTmw5wJV@JD{&z
z?D}^wT`FF-wU&E~K<I0>u6cA&WLnO^dX_yW%c(=_^}Rz}tmX>Uw#76~j4un_O3dj9
ze&!X&T%aAR9@a5RDjulc%irhFs{ME?Eo^>hLl%#m+?XOi44>ORK4ah2wjQx|CUQ<0
zH0lj>m~6}-s%v$BPS*#Atu8KDM!b4#tJK`O&eEZdtl98iAx~wRXKQRd==ya|bwU?y
zReyK@6Zxnx(R(CR+mg0CWDTj<AS{L~c$<^c3nNC*Eo31?#5s8pQ+Ou4jU1w|R-6Zk
zJPZA+<mXd&%ePV#4N%>GT@Yxd91nZ@f)s|mQ28-5!MPV*>M02Zdt6*qLfWPXBcam4
zZ~PXfW-1O;y``nZCFVZ>Q}d-MBrfLIp)v%BLIg#&_*Gj(UR0RcEjT_~Xqx;Wl0|oK
zE&ttX`pb_uGV&{4-v)-a1-qh^_av#!Z>r6iRDSr-DPqnKahCshd^T0{qYzIB(6x7&
z;!gvw8&!<9m%Gvj@jT7aVqh36rHd>#(;T0nPbgj3Yv39M?b@{mc51J*KuywbD+mq9
zr_UCQ)?8?LhF15ObQm;PI8MU!o0V8*R!tEgqD1^w$})Q+#2exJg~OA~^5bd$!CevZ
z+9y9=DfLs9-_Z==w<OgP8Rny=JCEg`gD)95L{F?ORCf&2B&ZmI09S5409@}1y+K*x
zy(MAS86^RTD9%bMFV!`Z_ys(w+(IVaD`lV{q7o&d?v<o`Q=-e8v}aHYFK?n|(Yk|R
zzSXyS@7hGyrm{jWFg?Ym4@j#`^|!bw?sDMrl)OQ_A_CrBmY1k$6}9N7&2Mcn%1~U#
z1A=c*v)~e?8LHSAN&u=+$e-0(QJswnbukPqQ>IS0G-7=&@_b<#>$1Nb4UhoD$mvL2
zO60ncc{!g^j`A8wBDXY5UVUMqpvmb6jR0UH<{oAdhpy;}BC+fTYhJ>Bxuz+a1uubV
z45~;ur=HGkdM(P2&YY#HoEf3hOO7SxUs^QY#sURb>)QZEK|h3{Aqe=Acc6eK`vKsx
z&#<8(HRS}5wo)+cyKGp=Lm4(@jd`f*Re3rAKi*OGGaH!zSn1UJVD$Hd08A9*I_C`l
zHAE=t^UKThNIV7Get0naR`5yVf%L{(2)2LtoO$>>Ac7pPFf`@&qDNIeH?;-InU64x
zn08UhEjZdDn!;7Kht^d_LQQS*`>5InzqNn$Ekme#Qn<UEUC45jW<ASxA3M~GU08s(
z4w3o(S8bg<f&I2k4jR_2ML)fP)D5B{4;#FDuydMlLAyd)sN12RzK2wFVR`DeX*CKr
zO<Kd=kRR|k-z8iTeMfZ^mdF(U8g-<x)`Bd~XLP5f8F1ryS1EjC2R3zXQV6p?9=&)R
zjIk{%k1uNDuB0wL(qV~YiljT}r#jLN6Aam0G>ac`-rUIYuB`w^UYNS19|Jy^qoq2Y
zt7>&)Il(k6nocXJG^rd9kk{VP(%^0=M2H>^?+PKo>pWCjkyQPlC&IJ6Q)Ipks|NPn
z{*dC2?*O$6=-p6nk)L7VwIiaqoo2Da@m;RA(G)vHd9O+@5+d1USrOjLE(~Th=_X7O
zzMJ}ab;<=^NLauAoo<K~$t+S^1n0ts6Ar6M%Eu}=B=-SGMrPgk65r)CwC*k*^Z8e>
z4PlnTYseq-biM+)Pn#q&#O}s#;W5m$r+b2VXFw-6?CJ-y=GR0tG8tLcrQn;u1KLV$
zG6CyZ_<ECAQ=u!qeNM9OniALDu-NMQVB%=Cz)vqchFef3T(9CYb;K75mKeJzhIb!<
zI-mdQQ4}*^Z{Kz>@$4iF9)Ummcs=h^drE!0trY`6<mzwazKjR5G7}6DLe_bv#>CyS
z2llzRetl@pHo}r<5cU<J^X)Ev_IF5kA`cVw5-mit(}xvocHaa<(ayjof@{`q%S}GN
zuyE<nqS^j%_l^<?{(do6a6B|O{o$RG$bSb}86N^#(#g3IBANp3f4ah3&=b~qkP?&p
z^Os1P;_&%KZPRMb`|Aa1tybUtGJFQacweWcvVxQTwUP>i71>AJ5&wD^1}BUCd3^dr
z|IeQy$E(pv42gd=2Fijg%OwiDy~gPr$ULO$xBhtGE*C<MjFWmK`dS%cDNJ+Ko>`lb
zfu5I|2T9puO$l8?e?|gcydN=$Cv7i|<h?aH+mrGi8CN}W_^<pfQb~mhWJI$!^`cMA
zn&sQa&Lm%<KY+u|R(2QLew{iznqC?}T(<H{U7_lEkn=ZJioRibedI0E`S?HiWP+76
z6{{#RfBGf`OK}q#%|kC}|7eho0zjakU#i$#2kSaLI!rk%%+2GZMS3~h(?zV*pEMSe
zdVi4{H%<XMEDrR5L}XGF4<Ee<9oT`1@={eXZ(@sNPXhM_Y<nqcIq&c9INOVl!fw{w
z*(~Rw+^+|NU(%&r1m^zoJ94mI;a5a-1!%l`s8qO!72Ijjp;vdl24GQT9pPFG!yKOf
zIkEBPJ`X)7p6`;v7pHFlRP|6$zi=#Mt!L~7TFgfrEgaPBMVwjO#de&X)gCZMGQR{y
zfp`!gUgerUFCK>;os*s0#=c(u^UGv^V#G88OE^QFsPf#c_Jx_=e`G=mhOI9F5gcan
zzuvbz9AWSxA7N$x7#WH1u<$S_9KSGK>^vtgQAi+K6Y0(lS`|#)n_0-VvA-o4E)lFU
ztB01n<%VpscYigL^@gh9<WGTr20=VIEEEsb2%VAdXAfm<d(AKGy--S4S@<+gl;0&5
z5l`$`Zi1_3lHIX~3FsXUmwmTs;V5fk9bz|121|DD(HG!k+R3dO%sdX5AK-4Kar7+Y
z1$rHC&>w|*QAtQsLyl(irATrxycBE)+N+1DS#4}v=Lksmn*WA|Hh5YKa5^fX8w>>1
z{nKQ3e)vQx9=0ZN^eH}bzu<(y%>@oK1~foh3$xuIQcxxHiBO<tFwUhN=kl>uL&lFw
zV88vEBH3G@FYD(-+tH-J0RbZ~-v}=fAo+!)xA?E_BCbcfTjyM-5uGIf8KZ{FHImjB
zcxTZ3Z_E{Kl3F=$Bf8tRa~1sx8x$WWzxQeCU)aPZjP`@3VU-48ot6erj<dasvwpdg
zvFbP4!LHmiDa}FJZ;4evt<+TgbSe|$s~ZOqVu})<lM5fYeh;2bpU=Nid>bTU9v}qc
z0u~i7p=|&`HwpPxT!mkS_7crQ5x<Xha|Jl4r!W3-xyR)(uqD4^{6{s9og9EX!muAb
zY&$&dSi0H|&BO-IT#23H9{f_vlv@}YB5R3Fm)5GDJ+%Qd*9_kfmw^XdDxTW?RdHPF
z8gA=7B`o{FW@ebE^zr?K_{0pZ)_N#(;VdtEYwi#EW5<)QLlUH+H7_Hps)Y~cb6^&l
zKMJZE)_Ah05LLd7A3puTz1Y+^t5l15F6mg49Zt8#626)KlxHmv+OnDM7{?uIO?L91
znVrN2lkDH`i_LaGOucdRgnU%-J@i|BanA(34<JEK87;NoeFzvbd4=kR-f7?awD$F`
za!eRGUJFc7B!C4M{v($CYto%kYaJqHZt`4q(Wn|nfat6V2Nd#%!EcvUC{&msA?hGO
zs`+kU>YxHif87NP`D<T#a5)hP0;+5+;--lvq}}37>wq#aimi@H_3Fx!(d;jWrO;{4
zj?&NQtL5#R3SS!%t<x;O9JzQ22xG({&FBVNwDn3o7T@L^m^Uh>e_K35taBJM!DZDN
z7&TYdb(~R$IeH|z{DmAVr(ox4W2M!;WuT%|k*kmyI_kHx5<2bs$r%+o;5d&*H*aB5
z*8ePqe}X3t1j~sCig+EhRm^7UHIupSs{2v}tPCX2ZpdQVKb9vpupqUho2O8M+0Uf!
zEw>7J;RP~0prXqaqX>TqYA+^bUGr;?uRdl0&_v3cKNsi&fkwBo=>h4`H`lhHUYecg
zXI^@iAAtEfsle6s8G}|4wl%p{*<J^N0SH(q>uaH_YY;%u)QEh1x@bPwedy;I4O8{n
zYfTvil=&?bV448T_qsF#>=l2A^{b0vR-+4v<$Z4Y>V^(|qChtdvg);2zn+}+P`3P~
z7YP#^kzwvzzm?WL(~XaW;*P_b^$D~0Bzn0w`41XCoc~OxINVEh$$0tm1Vws)tO@PN
z%}sw3O2JkXr6NF|;gTSr^ySbAh1^UqLg#`s#cv<7J{O^~UAVn=0ODdbp|k|V^Z$&e
zDXO`&&3MP~VX)x#l6f}a5N7n`ZJfw2GH`Pvwr2fTh(K|H8E6lI045Z%G3GPA<K_FT
z33wBo+%R#CPrcp<Q1VP>HpnNVUq6P&JtITJ7x7Gx3ow<g6A55sPtCcO@SrRoup2bs
zNF&p!zSBy>qdF!bA2MLGVQ52WEY8l`)K~Q4f)+qj(7{@9y=YjBod0_ZQ;fI2U;T>f
zrHt$vzp^^v7}xBt!>*R_u*#um{E*ma`nv)x*T=<yLp4KLg&%}@tE(?#TGOr<b17yP
z3SSQSsKrfK4s7?Isj|j{=EXXj3#SKKQk_HE40pZYBV3AYhlgZsxdZ^hg(sQqB^9q+
z%|>lIdBk}o%r*4aVd!BY>8(rxUl<BfjQ|~&SgNa2XW`9~TlQ;gz~Mt)BDRla;AZ>h
zD{mKCcTencTqFT3004u*@3TYPQfP#w>&T1hKee^<gLv2pK!*{D-1o(w*>>DpA8Ao=
zYTUA4|C#r}VA+02=?(Xb+H@A?K4~5nz^koKy}vBTCXYJLf>2Qxhv`6r2&loEP(19E
zg^Gu_1@HYrblPJ?F|R6z6z=oj!9<VT*E?(#C<-PiYeU{tae=)5ii$-w5(JF8v`AY0
z6ApXvC|&8T`2AJ5`OS(g5^kpj{|j)98rHG^8+u_gw?98Wt@EuLTsV=6SX8J$dYa?c
z8;c^2e!FFif>^X;?q6bI0o=l4igtgWlMZ_$NZd+)NJHRoSq)VHHNV!IKG)Sj{f2g@
zfxGvoC9$Vxi*3DYgQ@oXIt+j-i&!{$B;_AJ!ujHqcffA|!2U45(4%pPJ5$tI8}z)$
zDaHIlMcEmoTHv(^GZk0J!&CAv@?z~<%;rijx6+dLXBJv-*m_mgp8;4~!q8wGlYQpf
zTc?f2<{cDe1zi-p*u#@L1bPXenh94qeY?;e;8$DJ4qrJO`NVnx0PyC2RX&>X%IrBD
z_W09^UZORScv(VAOGoV8B}8mI3M18iQhDS<DhdleTA3;QrO5!0B4xjAA9it%zP?a4
zY1oQ@kM@0vVN?QtJI~=~iDUuXd}DKEX1I3GHVU=TP{EsYawY8V*N`%9-^hdx+(~fV
z7}^RqTgxYJB!uMQ7j8{>>vb_ki_Go15aPZ4n5j9xhO`#mTTAk3nkM82+}`}SuPB!h
zBF}hV-Xt+@hR;1!0HI;u;%y#~BmC*g?JZKv8o;dH`Y``GKewN})r3EyIW^P}hvT<!
z)l;&p8uv<*(_h#^NVQ_y;XpJeCN^@vjx!GwY*T1}z}aK?r9R_Eps;U&xc32tH5^VG
z6iACGyke%tE8nx=$Q5o*VKszhyO-zbwK|V(h+mf+OiXpU+9SXcoq9LTA`eZ)fqNz#
zFJ`EPzNTlaZDrOfAo{T?$3-fup))NrTTB>mtg@L&E`ra<#WNtNR_NUx3jBx!u)b{<
z%7j$G(<JUFFPe<Q0LLG;ki*Bjm}M$*2VpQ*y2syBxrh{a=-&pLL3k7{h?8rpAITGb
z7anZTs94-&%nrWnWjrjQ|H6cGypewE9@ylV{^r!Aq-SGXO%Ghn_I~*Bd?S~4>x_K(
z4phau?Kox2FPP-o7!DQoYbAIqT^u+=T4K?h`~1Yh^zl&a?xB3q!WJp4T9K7^A8Q%z
zxgb5!Qu}<aXSDFG*Wkh(vBxPq%~(hIBBz-QoAX<GlVA(eFk|S9)p=F>y32;r2+GxO
zfNcCgsPb=3`~OG$uQ6nS^xVrYz-qyXvIIJ~9W7JB;Np8W1%@l7OG^-?gO6RDC~}7J
z(l<cNo%7$mBTIB>DE1U&+2+HuqP<h^N|p;);vG>6?Vk+CmO%hV<GzFF8})?;qQ^Gu
zjF|ayX<R!p%S1-b$n$QXnE7^nRUA>M`yxA7NIm1RVm+?UeU)?})6r>=)=O1`D~V6e
zEoZ2hE@8J-_=$}~(~&D0eu1ODA&-6b`wv?$a2>3ey6cF@F5+x~8*pV>u2|rVfmqld
zG%axVc;U>h>YQMP6}D%jz70sR=^3&MIJe+=6BxO{s^6$`oD$j8b?E^vw#xjk?n9mC
zC#8&}rTXKX`ssD(+iE`g%UTO<73y=&iCwWz*I)wB8w%JC)xmOA`?$2mY11excVHut
z7!Qgu9zZc?JfQJHTP4oihw(SzJo^wEeCx&_=sQ3{wB0DbCn?!4-}(}?z^|ZnX-P9x
zS#AI4&s!`Hg#NsFA;-$h`m+@(j{jTYj+Bv2`qLNY@mKQ9!=YHPskQ##*Q%in$`%Pq
zw^Y16_!KC8!S8MqGJ)svx(h{jag=&o<A<=?PU{3~Qff23_&;LV4?x6|BGYE*M{yGO
zX861~@m*t&^H>CZ!T{ecawp7dA;j9-jxGu$>z8>=HBG{N;4XpDl|@oYv#+bbX@cJ<
zPr$*!UU9{x>g0*Aiu9MthG0hB2odIN^RkoB3#n_D&6lT4Glb$e`nA~wa=R+vZ?2{5
zrwTk5SylWMq&%8dSn4ml=5>T?F<a9JoO%Pxa!cS!v1Yf~;qATZ+1?fN{Xzb0!Q<o^
zec@4ip?;6&xMEj5?wY0IkR?xGyi5uTZL)5$?!TSr>fuG$P{hjSwW(kT!DaD}p%q`7
zzfUg(EHg1`XNxRg;47K|0ayx8dhMWt+x<#vMoMW34lsn8ePzG(du{u-fWA2iAiPIK
z727g&zLGh#yM8o<+4{ATces2sHB(EVY|fE~@1^TM1yJTqe`WVNp(ktqT-ki=-uA~y
zuAsx}*G#R=LkMaQKxN=rL!j_?{RSV{SO1<gK;MxSH@Gsu21YTDl~OZPJK1*BetJ~f
z{wL&sRBOt0((w;Pw(V1+{Yx5tn}@EoIllbqv6h}`2g+;qq-Q%Q5p8NC9zI)C?IT;R
z^R=_|A@ay4!&0<0p>?DBgikeH<)rQMTGEGKNdpdwer4g7&aYW1R>ACU%GO%j#hTWA
z;$V9Sx%Y^G#zCq<PAzjSe;88vOERi@9PV{3auS9G_G)l8A6FJ1)tti)XmzvfBs3{p
z!-iqx1!bZhDJ3lAX#9?76H+%3#r7o~R4xSd?z~2KQQy48EGeUk5Vrmky|`d)Ik#W|
z?Jy-oV9v=T>j-RL-E|&gIZ-Kk272PxqKBbpr@{NnVH7$r{>6w|tHYY=2*`EzNa~he
za}{zmeSY6a9ivbkkrsF|H{Bd|uzq-SCZ(fGp(H|RoZN|ruh~;?xctVnh><aSl)@Ll
z>)Efmbxl6Y@~f0`wq=<K-ypexcz9IrQu&c;Oa4*p(Ej8lYae?sARgR7qSB;_IHxRE
zGCd4i3$i3y7Q!$@|JqN=#KpHS>huwjuV_%DMbp|D^vGg_b<iP^Fmgw!J!I+>KqG@b
z@`DhoH-iYDm?<z{Kc2_tQmMly^1K%bf$7hx8Zp&vPR!{o`Enqq9JtrMnCI>I2Tmzv
z_tUMbzQYT%UKz^Kvrt89Kf5c;Eg1t`1`6a-lpqFTp0m7ZJO{~UHc3W9ns>U#a94In
z@S3}fY};{b*A(-`EE$ID_QEsV`QsQd4Y~YQxqCYfgtbjVIStwmI8gSDoxUzx%H6T&
zt4xT>`+&e^FY8{1Y02{UvfjdkF=EVT#rvsuZ%2JwP4zK@w2H}1ZrrP;^DB5h)nAY%
z%>b16!k)mMgVeaWv9VNtPVQ3{{?c1_3Cly}2EZ8BTF*P2#y;hG<AyLGW4fLTN+2wU
zcT^(*wcqbZiZb23FyqLIn<Ma{1IHd2b@yCC&Y-4_7oJ*cd$8i(%**eVi7brLM9@XQ
zb!}JX?5}^1EL!Sal<`byHwcvD7(vX>zZ(rA`%g`W?%IkGiD%Kt2kjeP2asj-@y`%H
zrEmffi>cmfR<K++ODh^!7@X2?J@PA@kTr)(4<A}Bknu%FM}@oVfi6T#QvP=NDavw9
zv8HMI?aLC*PFt%X%qlebN&ffw^v2Chx?rgvcf&6q2O5o^Vvz|6VMcpod6@MQXLG<*
z#L2sedj%*fB-g1KPW9|z|J*$Gt*94K@qB4HC`#_$l^H#@-HTna5dML<Zt&kv1%GlP
z@*1Vz>v6K001@GoD@uf27n5p3iu-X&;E(?tb0J(M<j5+0u&)*FXHyHJrSL;}f{jwC
z59EX@b*O?#AxJDq<w_v>!+V!M1Eh{W5%4zG$OgWPP8B-#Z>@ikL0$%%4u6L0;|6@z
zhf8S3YrXRPuk}EpjWK+q_~^RtIFVj9m^;U|i>X8VSH1i5T`g5J_r2m4D6W69N}Zf1
z<^4Sqw~Ogs8bZZZz=ctf?|AoA&pItkE%nj!Cpl9`A6lBZAQe|Fh3;ln{GPUn!|HTd
zsaT4=7RvAzmqVE{;hAz4-s8ik;(!6@QJKq$ZSY%w-SNA=kpU2$yPb(N#wz|I7lZ8~
zYRv)YZaE5mZi*x?i-n6o38Pz(He$T-GIdSN&=)Tqkl={D(h&Tq+-`8LQQs>$zqsk>
z4yz3@4?w!LFi1!WFOl|4rhl;e)~LXBQ6GQV(MtiM&jknulW2)qpcTO%)~e@{4lPh9
zn|vLeIefc$nB!f82Q$Yd`gcqktIMOXXtOgmXpiFl<P;BT!9}#$v<1oy_5Hzt`3hcB
zi<2>nO1>oH+qw`$WgFOgaSGazK{z(4c9qZl8xUW=tM8h+ZCDpzY6e54IkVxiTR&4N
z7289pXMp%!2V_j-%_1@qwQx8}hRgPe>7~_!)&G9*9Vxf|YD0e${>v@|l768u<YIV$
zBnJ<+9r?BPlSqrG^t?}vA%tfKP;czDWZ<%^x`Q446UK}YhJr6X6VAY*pgsy!IwNpJ
zTD|=ll~FFWGynYr&LsV*IGt;tngn^XEyT;Nv@c)i^1dbUQESaUrQjHgF^?T>hT1+%
zv&H4s#cU{1{8R~=6E5S7`y~m<b-c+gQ`a*J(ZzY5{5FLGepL%=7d}|6q@Y~YkGunv
zU<;ThS<f=BJ4_6@=B@N>1Qh1!R4o&^wI&2EfaqKNbhP5O>thHz@+C?BbK~i#h|m#=
zfzXLTM~9a8WlRhOcSM;~WRDCS9)|D52bmvWez}mG&M)!+%H;+99<^GdOt1^sf8e$~
zIhwkvYEk>=Gb9rF_?(mAUHFOcFzB~8j{R*hWf}n#n*3ewp6ETFmKFH>Y~t|6BhEJ{
zhnTKd7M`d(GqnrYGkB=gMj>(J#oO@EquqUC1(x)gg(ZEeF@O2Bx0M$-yqdf*QW(*p
zAEQHAg#@NjY?ooB?8kr3^D%urteDV;V#Hecbrx0kVHj4_rdn>|ZM%~Iqm&K{z@Vj%
zL^x5x5Uz{MSh9am#Qgr5`&}6T2nxHWMwN$$HHWR)Hjw3OeD~)!7elR&hRlP`2sWXg
zXkT%#02owx0G_)O8yla(LK{bhFlXyiPh^q5RjDY{2xR9lk4;O`3#G+ZeY85CfjnX)
zf;V_$)+?&Da_a4D&y@(^-%p0l&7PT-lc^!hqA?#0j}A46fAoxu|7A{!l{}F|i;D-y
zlDeWOLmKR@kgHj)b#O}6O7P|1DVPJ$+OJ>mlb)wQ0D_7d!1bf}r{%yUzdMMSNkaKY
zRtL5)LF~y%B;cyF>A^y_W$=3I^!$v+ip`O?P4nS~4QWv33*EnJ&eq03<tJy`n~`hJ
z-(JKApzbV#0F0u+6VO^K)N&hfL^jxhhzQS?vVI}E-QX42%RD$V88U8WX(<lB+lbuC
zjeXB481O-cV!UIYfo0%yZi|W}1O^t0wd?7{F-~*UtrUxUIet{Q%Vizt9E{Ewz|>)K
zzAU9;zqTf&vw={#0t*{HZ=MAXW`pozYpE57Img@c*;a_FE}Hq7%;t_xRWvnDJFDBc
zSG!D`3B|enj$uB`Xdn5?yp|~g{n&EmRtlorMqX+)2ROk$m>|K9!1e|@Vzv6>-auo=
z;cU4$g%q7Myhvk8Yub9DxY;2$!m^Z8ntNfgFOPPYz=ar&6+?%54af9}i5Vk78P2&N
zNv(R(gbcoqEh~n84lAa&=CkI#eAj$(C3CJufzob$jA4FB7i)Opx`6$~i1#x13~Waa
zI|cVljV)BUM?&JL|L`>KoOXNx)nFErN3m_d3}j*t{n^*A(5-A^Cf4HHa{~i}0py^0
zuB-NDewOp6^`EBEC_ZGnLN%6DwhD3c_LG6wTW8bZZmy*{ok20PP#2#xj(L%H(){6I
z+1EuKhKF;li{VnzrY8Cr64dx^ST%|NFxc{Jg0h8wXtfQ|yznr;+6(=#;1n8Ob!O>3
zf9f2L8iE>FZTQV?goeE}fe9)pVKP&^WsmhJ*twchq5@>vaHDtplg(ksTiYp>BNYX!
zkygQ(fqe4(!dXY-UpCUejrA|9F6CqQFLf?u*FR;xfL&jAHXz{(HvS#x?tcBwN7I-c
zFdHh(jyRNZS7ZE78PyBevfW+sxUBcq-h~C8C@S(xrpmDJFR@9W6l<ukN6Ksu>h3SH
z$d>tQXsxetEVLD^U9BJ<mZE2#QY!;_SS*~;2DfUUOS(0F*De0Bv*PwPSnE=git1Im
zB--a=W)GBP-WBa}$BPC@l3ZMGe0;^JPcn@5S(JNzY-w;+yPC|TGTAIAXtXd6ai-7B
zvQ@x?lsBU)(9>I{DI3xuZl|Y)N53|!ipettCv)lJUtINZFNLZQ$i6rSM?puU@pR(}
z(3<6tjbv^$)GEyc#rLsmI9sj6@tTvi`*U#PP5$nFWP@qHl>xA#TyCH>B=0*j@C`tX
zTfKXBDXNQ_nZvv>-px_@P^>ZZ_^^O70dsM&U)sCVwX=JhNGUel8wwSUjf=rOUP>YV
zB{-%Ob$T}wlH$g*)&hgkAMx|ELaY}3KUN00Z2G+aQ`^HwBAgT4mmI9`Ae*j2wvusd
z*vD8GWQqIxC+Ury@lQ}0L;S#HqaBhFq9|zYOVzr5?y(HnwZo=uLCjsyYd7XZy6KyW
zFK+p<d&MSUU~HphcxV%Ias8*b<F$kAo?QYC+6HZqHYyDD&$^3k#59YMyuH?ZF>FVJ
z>1gY~pA#)d@|c>P_E)>9EVDpaMmi%kXIB4%svrGq+e((jwvj^VnI~O?pWmrcjbwlF
zJzGCHBWw{j-gfMsAFV9DVYQ6}2-LK`aJJ3EHb+e7uWTsQ?(EA*s(%KkG5`Q<UvZ6#
zi#WYU>5Gl+?IXM7WdMytP;2v!t)*A3H94F#1U*z0U>QW-qx}qkndZ)9KeSc(b56#L
z49(aC6T4f`IG8R71%sX4=jo)jn4L?Vn`$7RW!tu(H_NAM9?9+c)Yu%YK=#ipj!sF#
z9d&7Wv<NlIki!2n6!Pfd25;jlPS>A77rufke)GJ%W@#aGRvx@Qoy#8gG-fNX@mbjE
z;i6!(NeeQ^iNTHvz(Dolh49dCz2hex@K5NLlcSZ|ER^Z%Ls}Nm>L+409e&p4H93Ac
zX!(&l!4bcDYyS9B=cHBeIZ>9*irSSsg0bO4!PU~J8S@#H;pQJSZ(fTcTc%p3vT%Si
z5GnV%Pu@7(6>jb5(|z`7W+X>SqECuN3s^x7(9pW0d~`_KCD)w4f1}hZ_(E9)9<sj(
zukCY^dB;F&=u29Z+ex=>*<EiB-T&#rNKI*TYQQKR>86MaM}D%crgIGw^+{I}S(x<}
zWjAWTb8Q2P8`97`SFwoJit~-^H(jYZeW@%6MxL^cj<qXG)25r!D31?Z<-e$PfS-A0
z;6;|08t@v1__ClCE3WwKkW@qJzb++UM$5weC+Ig>SS(6|w(rzsew+#rMp@_sQA#+s
zikZgjwDDNs7HBl?oVdG<QO0%W!JtV9M~QN*SEHw#f%RMyVW_ZH*K4P2kl|`}3a$VO
zFRyiRR;2LWhnD)Ap#7fr%o0M~EY^3keU(bK$A{SwT!XDr1}%6@exMD-C_XGlJC#L2
z1R>;JyVMxS<ZO?&=HvZ`F)lsV5Z-!ohQ%$~oOr_QbwFVX?O?&A=Qo3$6u99kur+8R
zuCc1j9wkI*Ke~YYDQ}G~+z4FD$IG<;Z0K>~x#i-tt~)qboXMY&RhFv_Hf~t$S~c|b
zHP1vLk~OE7Kl*8J+)ifu3PQw4dI>pa)#pl8p`?-^FH#X|ynlRUp)leQB2G{5y1rIS
zDZiam)R4$E?MCe~oT!d|ZZkiB*-Mj>a;8L)GRuohG5yKOtokTN&+^xr74>PdX|fqD
zE|Yo5vI*t}<)XTlS|wu!k}~$Zo^Jg@9<plEuykEZJ^|zL%+edi9u$VAX6-&kwgz(t
zH3#z#2JF|(9UP`OqMt^+*6y;9%dK~7(l1HNyzej|`>M$WrgzcPI9*7{{e!^`t#^|#
zsY4>4Gb&2tnv4Y+GG9MqE=y+W20eXR0V<J8zHjc7H}?9fyG({jLn-ur!!w9;wRVfF
zg(!cEu%{*4wA>V16-0MhnDc3MBHpaKUhA3j)0b71{ONLt&WdD7hh%31_Y!LM2Dicb
zr);`%a+8^52;Ff|HAoZYGCFZD_oalf+oZXih4Ezm)2fQsQYB+%I-loUN|GDO`ixyX
zL<~@j8lKE3?Vdzksbo31L{FKPaYh5WYQgwMWM>1X+U+LsqvPtuDT^=fe!^bx&9sfc
zKpw^Yg%(l`MW_S5B4FK;OX0)n97zN99TC&$z;)ppV8}%jU%C0bd`9;#FDvV4`3ru;
z&B0ywyL!6o0j%TY)tL6S!FmUzP{UR_+b-F{WDZl}+sMY+R1?Rcu;Q6*^Q9#?wXR0>
z$Q#p?<h*Ud!v}+2$hIGYz`kV?7k1e#^SouSUR>%;klQ%5qzm&NYnh2SgQTb5IgUv-
ztyP=Li=4wq&Y-Y5FNqb!LzSPP<+C~Y$J^8Sgz&+^!_3p$=-G)G@LG3rqqocgalCW%
zR7Bw5@TSSa&FF<ag^848qxmt-ZHU~s*-N^c4n22?oUM~#v5tE~L&f@53_gPdB<pms
z_K-!*fCk)tV5ZY~z3h55UlZ@EKm$_^4Ehov|9B&nw*gm{?fPaYVdHhxQ7}B!u4=1C
z=$oG18sWJJ<D?tB(t3(kL?bF%#UX39`U*AcrCAAP9`GpR#X(mk?^GlXlvFG*d=p7h
zSpTk`mEZ0pnirCIQE14$Ej;5*Bxm{qzA$Q$v7^M`_&^Lst?EPL1k`FN_#<DmirE`(
zgS;^?QKGHt*6<u4l>7GOSD85T^qMs$NT07Wc*%Hpzz;acVJ#W-)n$Jxyzuh%EVKR_
zI@=|Nq}+~ZS5ciGPic`UMbS?TEDNL+JQuA)f+jh4fj9<v3yl%myt@Y@B4O^T@0-_(
z-tyaHA<ZMm)AEU&9`fLkEA)k@2U_oZeo-1DW`HnqM1?+>Gqp>W(M5xUCI&oZ^G!1w
zTh(0}lBb=U_WC|gEVE9-Zw@*esY8aq*RQ6BnatzY?iJ7aSId=F7w1!E#nOmY(fb2T
z*}hS2jXk4nYhVmAEvM#HX}pM$Jm!9-{+MFW24j-lc3JH1UI)|k1O8#q1O8p3S{`5P
zhlTA*?nkyXP8=o4^bqc?16s`ETb5<SfkanRGw;W2+tY&J%&qPWFYC5?dKG2GI8L@E
ziIf6t9V1ssRa#IZ-Drd!Ypk_&xV{E1*kws(@Eu&LP!5TdC<`~1EQt>VKbKuA)I2PR
zu`A%@vZ%oci=i)1-ga6Ry;P^Jn6Z-qk)Ihe!KJ)Yd&cJsyBb!5%)HJ@5XuuyS*leq
zyLs^wV^N=YodlUJ7BPS*>U=CK)xBYJwW$tQjs4NnHKcgc^>$60XyV7?-=@N*POSb(
z>dD3MsXE9VX;oCBw^XHAc%BR5NrZwxI{)Fc#ZU6?$xhOmQ`(w9yh*#eT|P#HS-QMI
ztdc8$pEqK_VEsJsx^2s&JMqQ)v@gRWzWBI|V)`-Y3bZ&FEjG8n^D)#Lc>yP97CfUa
zqI}pj5n|h{yyedtasCUg<vhJ$tJc~f+Z21t8e+X84WxxJmfz3$kwEo9=x}me)$Sr*
zleO>K3f~T=rLe|_jph5EbgCtt3kMg4i*}7Z%S(%>Y;HW~QjTS2#o1`8_QaTdgG03m
zNg4X=6_vN$m+8IbE#o{Ejh*SL@a1*n$jo)S-CMGW9h)9Y_2Ow%sZVN5kw5q(kB^N7
z&@~vjMJpqM32L~+rr;P-W8aT1zPtSNfJZ}<CR1mo>W0r~w+0o%=}S#o=NN{e;u7s2
zLeol*E1kyIdQ-s{ixPug^JKPM_5o}5$u$a3$1PerYdM_kX&CH8BWruE5<#wTDS2<M
z{`T7nZPl5TZn-W~m(6W17bia{EV5h}UVFIRWKjorDDA8^O=O`1PfMJZ6I|k_q~C-V
zF6O=s@y3tXSk^e~#b2`P=Mz4b9cFE}Uf@Jos5}f4Y#W+k6K3D;@cSNi5Pa#1X5!KX
zp@goi6Q$2uw{7O>@u+GqINNHD=w$msqD=s?^!p%$7saajG}I)Pq2*9*0<Jw|ZNB2t
ztvw)Q15l~6VQswot}uR@spk8I$Bk(>tmy!FHT_#EOS!(cD@o?plo~W(@DF#9vUbga
z?5X>?X;rz+%!%uktE~tUV!#l*$YIkYLUCgLSid`ub$h)lqbKw;#8GYV2kR}jiH~BL
zU@)~8YKYhAdvVZ98RA#5I`Fj-EZWmc_**+<_q#eZr;1H<j`A=2<*O#65N{ic397HI
z3~}B4_2D)0u?^D(q@kkyMeEMw&_X}?tLS`phe5gTn{xZ_=Nrg@yrF@t{8HPuO+7hi
zZOx!+v~H|0Z}8||doZpyX7AqpDUQnTTMBu;<$EFp?L%Wvcv1W)a&0nrD%)=KqL#f>
z>`Y`n;lb%-qvmanHxIJkYf6oEQujIRoy}ctOaHjP)hfx-9%_LM-C=(`HF@8t<8dbo
zU?rr2x#iM!xO~%zQHiu|!2aAP0X^hL=f`td;r#2cN~X_wi*nY}1edA@UYlF^(p=R<
zlsvl4uW2tKtF0>F*kuI3Wjx+&_I@rT^l8Uuag>`gj*ZJG?o0aptV=e|Rg4ef+T2FO
z8<7X_b_v+m3-TFSj7^eu;Z&n*x9ub=ScNjns-AWV%cVF!<ph7TP)J4*S_8Fk8Xq{h
z^xydqXn9AqJ2u2Zif*$O794F`)!h!H@ihQ0eZ7NfHv94fY+lL~U~bbONl2J{NrNQw
zSCy{2^c)0!SlY&Zu+Fs}+95#YZ@$evrtZAu#;Q)r6uB#EHBUiIdKrvPgUMH1MXGPh
zGFo-d)OsfLzGrINLA^t`?*<GCJ_sm(^4POfiWHvP-yUxUS`l48lv)$wiXsjcT}Xeq
z_w%cNynrYsol4MYZgA`9z1V<Ay41I29=&YC{>@40dtB`*p^D3pkarIvy8{)nQJE{H
zN%#l;d<@O=<>;IzSDjcubMN$v4J!-X7o1hR8cd&|v;qTzLV9W)Ik<C!+!k13JEqY6
zZMcl80PCvN1mvKVf{hVUYQ;?L5<cL>U*J4q25lTa?2UQ&;E>$j(0IYwDAN&%6szLs
z@!7ifv}Qt2e{K=R9Y12&*a7KX`vtdNFPfemr)B*4%ZT=lhY3EQ{MXuvTX?v*)EG(S
zNBH4pA$<3-`W$9>37b#i-0h!R%7<j){4brm(-?R|u@SmkyKHqfD&lWIsTH@}Rxos%
zNn*722ySdl{WrIcV%oNdE&X-IAZ5ep<qBg+mHC8rvNLR}DWPhfJz6RgfqjlU0IS-y
zcH8*c+wHD>WL*3D)d`s^WJ#<V>a>V=zPN>|Br#x6HUsmid9H%i(OAayV7L4(-@Wzl
zbt@=*dYP!ChHuU1Z;Xw1*RPh1*yFCL`%;A<f7CCNcy>#hJEiZ&lx5hfFQ1Q>!pp7v
zJ>A<#T%usgRtugn#+dz6z1lJHo`T>*{3i8<sFSt3WL!w8?@arJW|$YuXz(XK8$9_l
ze|YI@iwfHv7njGI0U6C<MTA9V|J_f}a9Xz<udfn?Ir}j(uUcvb2GH=~#mj{pIa(`U
zM<H%P&6`!<8Zt#=T=Mal{h=ZKqB8#m=<xKiF*p`MfGEy<{H?XR=TCs88<Pp<s;+wN
zgL8;w@5_WWhkYR9*2Fay**sl7A@=J_%JLy!dlHNFqqJE>V&qx*q?Et#bCVk@*$td>
z;RQWK#o<sV`6kPHyf4}BnX}PcRf|LQPvOsb$4v6NHL;URi5GR=dPBuS{2|bw=NCgw
zdZV#R-OFuFfw>yOn2k@I$6Fm@S-;u>335|)yqi-`>SVLL5*nS1=1ERb47(ijT1I0Z
zy5GSkUSEB)m`y70YKnkQsD~e>dJpH1SekcFh@(lKVIS7<@;#*LANjDI{Ktt<?X{l+
z>>d2;KR;Y6jLShqInIiqHPojJ?nTd!f?LD`$Ki3iyEWJtNU@9YSG3x^-1_eHtDS|w
z*I6f={063KfnDBlZKx9RGeTj~o@$#=%@1&6puVM_+hZ|gqwrwdhd|8t+I*Frjr>{p
zI%sx~)VM!4R<JD=RugI5(plDRp6~3fYvEORnj*%yzKN8^h!!AkTwdDk9pBvx3<Q}M
zl+hF(G}`5TaN;br<G{AMWF?{yHVPK%xC?ITg(idV)g7=oCpxuFZ*4i)JdU5*SanOc
zK$THZ=3lu^+RmF%mfpXQr>kL~)|WFV%j`4~07gpmH!vBc{?`EjKn<cC0slQs1*HCW
z0syrtfHE2VAHS5_<^OT*|IFpTbNk;G|9|)7|84)`|No%>S0%tGGhx7#37}T}D+Q$d
zQQG_e2<88A&PXxK{%!o18a@9<JO5vus#2>`WB@b<0KlNk=zn*ee;@ewI)Fw>|I6Q8
zDV-^m`7`Amn2Z>u|8}d?Q~)EB(cdKh5u|~Xr0Ei=f8Usr=n_h<>i@bAWCQ{!eeS+4
zMGgq0R%HZ80}$$}e-lvBOVdtISgQU#qH+16Aw|L6>Gpr7Jca6?tiQef5O2`{TADnI
z=#1zHU)<3l)^PffhY|20ck$@of=u_KXAk{z`%Ys`bIGxa<oI?W4r*m)vD0M8UXr~j
z1adZsQar3QG;=prp!iaB5^M$%Wp}wBSUVv+I;WKDWj-wRC+SrMyK)gbP70@wUKLS1
zV;~GG2}NQRP(tY1=7zpSi%vg?3)+$UQ9G2dJos_eV<0oOj*JyA44yHC05?Gd?bdal
znOiaYhLxV&1t#~N2b9r<-Md1w5ox5}qk$`B<P4|<MD<2?Q?phn^Az!DY};Pj>S-f^
zm5s}ZzFt%7%@n7U3M-hf<85N^tuSNSgN8K3A!+bUyu#1?+T4korYTlMz@)HUVriLC
zD~*Y8LpG#=dd^afKoys$zuZ&rVwxnfL$;QwP3ixxxBhb_#C(;pF+z@Ad3{C$Db@XP
z4I=K@3WIsq$m(2=d2d=Y+U~{$5@c7g`h2zq{J|b~eL_4rpZejq5P=G9?T3IHo5Fhc
zsR3>VaS-#B;)ibqOIubq8m_<g&{-GsYDA%Ovv%_!g`wEMPn4~mhxj|u-(MbRx#+rH
z(^a1~zd+N;apL*OG$40?mv}wgCA`sd`0#ZIu6jkt+4pOIa0rp@*9YV?qdW8mOELD`
z*yfS&_joX(U8FJIBkqpxJDR&)FB#_cj*Lnpr=o)93UmFrYXqlNgs{}q$@%ixOYrrq
z;uyO2Zo3NM+ArN{?;6yQ)Zd2eT~3l_a#$m;w%0VO0vLZRwy=~j8V2gUWgI&wBymko
z?iLKc)&un?|Ckz>_TuavDe9+Fc;Z;0v~KG(>u+E8Nk0$t9ujP{+g(u$MiHE!cn3aF
zC}_1d4JmdK3Bb+7#nVl@CG*_~g3~|y$-{iJqM%299$>>`zUOn>22=95R(evMXF>^!
zd-CRE57mu*kyli_J(6bb>7HH7kC}@e-+BAc{R80C&=0zL+VGo>Lf;V&xzu%-oPS*y
zC;ZZcdtUw3X??^k?p1pl_W96=P%qVq`>Xw}?^x|P1idfAA3^tQ20ngp2KXD5P;+X0
zx!Q}v-@a6*)Gn79r565p3cT`Qva}dB`%ZQFUf>Ch{ljXGTkTsk_aqMKpv(#O>x!?n
z#v3#2X%P=<RIhMS)V}wsiVu@hs@qtDQx~mYE0~)`jZ?g7j~b_fg;~5}Jf2Gxe+mDg
zB~-fIT)fJFUwGM2xLKOm@E$wrtb5~J#N-B4;GBZ8UNktX^>O?pq(bDA^+rP$72&&~
zy@G|UaJtfLC}b)NFI3!{`5H2tY^>Z~FMmCxG<W049}w*$-2E$~x*8O3n_Xp(a_?U`
z)8hSyQ73##?WW}Y%Y4SSbT#(*c~20jzY}zV_<1LFH5!cX_!{3?&4^z})abl_xw1?m
zBc9@=^FUW4%J`0EnL>ij3*WzD2mHKa_pboU6#o_Mynm%hSA&u+rcC)-DkU*RG(jig
z>HRBz9HJWZD;j#P?Y7XX3Vs4aR=&IP&v#AgTL9bM){HN%zk>kx0JoPxR6@qudB(_>
zYIG_GM>SBHxOzeyVVHOEO0w~*jMANViTCJCVs#k#kW5tIdnPvvQyBUA68SkSKHEJd
zV~{4bP#HOom+Ht^AQ()aF9I;$mY1{`voJD`l(vIJzU$%uFwp@36%9sA983TJ6=M4u
ztKOs+fbIr>Nw<tA)PK#S&6y8eQO2hxq-OGJF0S07kF8$XT`z3oh8ka{pr^d8Ps_a~
z@>RftlUE(dmRDXa-4J4OhJhPl-qwY@4{uP-Ugo~vsO9lK<_B@KC*>?TzyoBTCAPa;
z(8gumHa2aosNkbBaQ*#*Nw_?CMr(m9YVnyTvfMbIu4UB}S^7-2UTN}qfGX9+<%eyT
z?3o+k7lZ&~$g6jW{8}H}hAxa>N&m>W@U7;c9MF5QtIIuQ*XJ^9EJ3Ff|I~zA!dlhX
z_*sSI1a#UO?eg<gIlV8pH7*UUxV^finTj;P4G09{=?_zd5-SOu^F*s)Absh;0Op<?
z!O6*KEN500SlD;Pt!<27{l<Ij&P(KayT<z`F0*NxMbRkO5ZZ79QHrAy^sL^fa2yev
z6<0!z%Xw7e3ls5<pOyDbA}==5uiY=#$Yz-szCrYtO5kdOD%P6Z4Kd~e&rL2@=M|_b
zz5)HbkG)bO8cXJqgN<Ej|2rDdkU)Gw{6gxiq=zJaO|TaDnX0qs-rqa__dvZBz&6W*
zxB>ePkX5<FZj3PE0MMwVUXqB?Wu=U806@ABkjKQt?rJJCW7HEcFJno@6g#~tRVuXy
zLMAUE=6>nqrAoljBVC5n7)E|$H;P1fIBIU>+SQxS?}e!rBTJZUJXp2tjfFB-(|~WA
z)hlZY;pr4^)$5XymK?IBW{HVor6wN9p5}*HE5;s35panJjMHJT6qYE<T4ipWT+Jct
zX(6iBau>`l*VD526J_N=ar&X<Y3b<DQ|%!F=IC^&W-T@GglU>h-{o{juI7B|hPui&
zmi)9TQ@drh1<^A*#U?lT6v}D$s<{$x0)w(9;-5B|SX5TmThu#39o^<;QBby0$gAdh
zx8}s@dNA9RD&*bllwK0DIewgud0J=?oKv3rtj6altYi$v`Lqg*@qr|};n|WQB~#ih
za#NgFo1m;!mN#IYuqsRFjR6x_y_S}Tuy*2{sKaEItRqL2!z7e#I@t}G%+`ay0Ztr)
zC2M!rKZQkGBs<_8VNrOyi*A+Ecn(?Qy=mFzr%;Dt(brH1l$s})L&Q?cVbVf$0tS5z
zW)qEOyKAXcZ`NdKV(I8s<q6Z`=&lE|f^VTXnmHlDj!!wCTDrAdG)ujgYH*E8Rz1e?
z_r&kT#SM!J$A2D@q;We#$3NW+Jg=+N&N!;(^tLOqeF-@fP{xwo2ss-!$EVYrd_J*U
z%6rd8S3}trpFOIa;sCHiw9{Svu8Sf_VtEMG9oyelwW(Y`uTH3est<w#YD4K4K8Uvo
z57g=71f9<~FF*D2eG+sA;Jz@~67R=Da0o8F!Jg&^^!9d$%aCN02~C{-LX-U960R9W
ztn`{_!zLHjB<T|8h}Y)5RT}2Q@1b`Ooy@{+$hKx|`<kxRsU+DgH2OR|<flbwzDv6Y
z)Md0V03yhZFTKt*StWv}?<hn3dK_=ls^^FyV@>r`ItG&>MRe<FL-}1_SM5Stirf`?
zf+11E1_I6^JK-C_7ra}P<)USajZ0&AlC_y8A7lp?a(RDzS*l#HQwlDSoJkJQpO4G(
zFx%sami^v&uT+87H;a%jz%gEUbVXuDjH9xkIX@_y=A$Z;ytwn-?&cP4*wt=uf&6&z
z&Y1EQb?LzEh3`>@n9-1)<lyE`Nh5k`t)AUiwH5%~T5$UVRj&EVN<-6&6?trx4_-lw
z0ny^meaNr+)^?0oE+Iho=bO;6?^kB;G`+HDc9v}SIGbia(A<y_@84oeP(L#(9J*>J
z?A5a;hkd^G@a7w8eCPIS-#U?WVE+2@Z93*T+zJmP;PcUptA%zvyvgL&21=C#?T4aE
z3L#H!7*LTUHK(}l(odzp>EYBiF_()L_F@YdaoZg-DZB5#6hfn#Nr7!TXRd6t)x1+~
zIxo?=*%H<rtqc_ZjgdDVfR=LJo}i~F9O&UiH(t@hgR5FP)%TWzx3@W&f=9Q$q}=OO
zHW;uCy0lgj_y_>F2-y49j)5@A8R&MmR@11=SS+-l<JnZIA-w1WfapH;H^;C{qe|KG
zins7m4n2t2>NOzwIcEt2KQ9k$0I{aM#+PdW+JTwrwN<px4%`o(xsbb>dLcn7_%>#a
zI9$QdB2Wu&7u7;U_D+#>)aiR4Lj12nbgIWZUxl4cvpN<+qQe+m4inY*EyAp?ewV%o
z<oX^c4JFKRbKVZ(t>bYY8u&j5d&{6kw{}f91b267+}*V|?$EeH<4$mb_QBm90yNq{
zaF>wYxVu||H7-FKXxr}$@0mF>=f`~YJ+<nod#$P`buXzbxvzCy-GkqGo71cf1&40M
zw9Dh4?}9xcfCcLdBL>WT6?D9sbR}*B`icUdw2bSNf72?!V6e`&4LIoT?&fVf0(r~6
z6>=^ju^Ws!Y2Qpf!50yK65jy7y=5hifT5yxkK(tBst$yCIbZc`wIgyqYwLrBpS7vl
z`^lmG@S{(h?^$y4u_5DulA~K=l*?|&E<+vS#NUD5YUf6yGMcm{QLAQ!gj$fJ&hovC
z-aVh*ffM#7MnCnwh+$={Ya6816MQ~Fe;>cI%Y=R)O>{D3d&WHAr`ELG_-o><nd5<0
ziq_&APUDTn*7?m}1Ol=1=A?)b7tqvod(0Cvzzs*eTlB)8#4lkRdcO;ffXl5^^~)v&
zV`yK=gFEgdZWVTk5Gifq%*}k$nAuuR5IR-;?_AIVcIYaFIx1k2O5ZrwZr*hf8BiFl
zR;6!W<r_QU8vbJcLJHsD7Eo1`RhYj<?rcxy4Qk+DOAQ1^`PW44Z1@_#F%IPFy}9$|
z)PFf=p4ws2z_Ce-vOBWDrV$c87)&6U4exV5KnwI)xO{W_|Jn8&+_u~m*IX^9t|8bV
z`BDwVPg;hrL%w6l_~0bNtNR0LZD~yvg>Ou;xXiIQ%y~x{;*h}*mz_CF6!uVL`=~Fq
zhwCcds+_*tkP^mcc3kc@b{yv1lLLO4EuGb(R4p<k{#23+;)#sY8e!7o8;A3S^nG49
z3Jv~Fm?s^rM)<&w`j{3-rc@B9uWayEC)#hG&?$AF9T#?`@4{?xzEgWbeq<|F$-oJq
znpr936!%cbCPTOz@JLDDP)t;mAi+#3)YihrQjdid!>@UsUrX>3=gIWTb6t)`wQ=d4
zm$GbpYQ>{I7d8~r%f4Ye`Sb}fu={Ab3F2J|-Mvz>n!Ie?J;`8?%Qu-4i!MM5TnxHC
zGRvT<Q(|`@Q&x4h)#=P_eUMuQ7s@Lm!_QOJ_u5j_V0)QNJ^PAe<OV<<$u*OBayAkc
z0aE~_9lpOE4c(j!a|)rCu6R%HtE;_bwml1pj)ZQL6a?YRt>V{7m!LNc+V9XykM^gK
zSHR9ij}#V_|Kr)4;h@^Vb{)Q#G8lA@OVGbSpPw91i=pgH9T*)5@eq+|=JFZ;Xj<IJ
z!c5L*A%%}WJ5VGBL=j|C>Z3|0!;xGx{#$~W!tE;Vs*0G??V)`psJN*mfkpXHhF721
zM|<DWuAtPx4cbB7BRrkVWJ}zZqeR!}4&K>WP~vn^SPKAcwhpgU0>+<N0>8lZ^u%ZD
z%3yI;K2kMO+adBhEk%Bj3G}F30r2xw-Q+4p_w{2LHnF6pR3*IW<bfdU&8&>GoS>91
z1IZ?#v@SUwDJ$r)P}uIv$SDyy7pxw#B$xip0DJ3eIK^|gpZ@SeE6AK+zdtacd$IGe
ztN)ncZQ}aj4~RfZ*-?EP(EpjxFi4c%Qk8~PnkWirSyB`#z*}i7XfRq5oJVqrFD)9{
zOY|54?v)CFIUu4-etrg=w#giAI%S~&P8YF>jJe_bWPt&8a+!3u!9@Fq{sjKgiHEwW
z+|_RylW$My&YDV)9?*Rp!~cpfI+dhPFCLw$M8r9P+EL3NKOnz<U(7^6iJc*?c}6Z}
zi$TTsOlL6(0~ImMa*AZ!M`tAu`i6_VKdyfJ!FbiTM{mmZdCNaw03>@|Z*`mq;u1Nx
z_Wxfs`Co66)G#D{QBp+57T_D((3t^uuMIc-kcmFS$R*)nqTRra{;-yu)4?=R&Gyi1
zzn>b)-mVhdaVs(~I>P+^PuNsCS1obomepxW92sseJpy<&Et#vnYz;c)A=TD~%zdV8
z@%Q)GfLvRTZ2*&oDc;|6e*#qfV{h=UVS`;v;%+<|Oaf+uKf_fo%m%OUirrt==SzS8
zz1DIqv2c>%^5^t_s6QNO=XM}?{Hbk@=B@2H`sudz+D4z~G1G~-#3aq>0yjkcXs)qd
zgMk@!So%?c>YnM4JDP*{+AbERFd;X#PItv!h~7=d@pH-bf%11|Lwy;Pp;MxaXk8Db
z+<IiI62>*#U|E>09nNpMC2rpV%(=XkP1;ZF)ql2<-PQAbIphbqTa12WwyMguzOW7G
z5nV#d@5lD^OMHVj^rka@nCb~Qs-o`@cKdCaXAj8~h2|FF_l357WNY=g>l))YY+p1*
z5=f>EjPd`5-k=XK)-TNb_vZh<_TAlW?`=Oc=s!nUt`?Q#tf6B$dz2f@H^LcGQSScj
z_(=09J)Z(!N)vA(#5F#XCFUnF2uZNmHS%(IW@gBJGg2njt-LZ|$Yj3a%=C>@9wGqw
z7O`czBucm?<3t&UMV%+%gJKAJS#PBl3oKi6U#$&o92c=6lk)T}q?7gRlDG++5a-H%
zK2L>NN{be}48B+j#->Sp9H`%t7)84q%hz|;s9;(t6|>t1^U3IIaHp)ZLP7t;rqzwQ
z1~q%9EJB;<0~2*$wYCVu*xf4R<c5AWla5s|7W%MAyC{@H`o@AZ=j3=B)1W(>feavH
zpY5(K@Q#!Ijw@xs7Ce2on&djqOtZ&{F|sX$@ldn1>r>5nPz1q@RvDgP>sj+U%IaEu
zfNVD!t(nC88z3-S5e-q{+}=d<JxkfL>`a|VJwhxrWe$YGGGrjcqo`BgPMTZw$lyQ(
zE0=~9M)*ZoTQd8wjR}ifl<!#ItPF~Tp?WY{#Zw-(SE8Fj(paqtx%{aoep!B+DPMA$
z{KyD@g^5vHR^>PdJ~@p@Ef^Zc;AT*Jq?FuE<%EDqGg_`WkY8;f{XEAbB^OdM>Eq90
zRs8Qc=JLF4U!A_*Dt~lO*|PKDpZulHu-E$_B?Wz(=Kl9|ovZaWLn7WZswAPHD{XRy
zTrk)sKexM)Pa8$;FgW<lSSch9yq)SWtamyh-+Aky!r#Sqy`5b~mmn))g;N!=QxHOC
zX_0B^xv3SE<h{{X`UD>E|DYD(IMi|_o#>R77L>38-39MondKzX9g|w(M|I}}{A}sr
zjEQ}feu~4!pGa&!v%v+q`OMGbk?#2vKR?F>8>QTh;k2P48Pru@Ro6SAg2BU{4R}xE
zKHq1>VZ*>kqPxzXL4ORVp84NetV?jCKGy`({?{y)%|KT-f%B^Zivs-x`ZsRG^1gu7
zNFy^&<X`@s0TmA}HSM62`o&kU;hx+kE%m;uzA$#CTA$+YYT9m($9+pPIp18#F58R!
zjxFU@EoGP0!Aegz+RVD&vHeT$bfyNX?c}~fGC{KqkCW*`zWrXs-v0YmaUxcnc6HbD
zsEDi@y{S+YS#b7+*LYk@NzwfG-9eD}l8+nQ$2h7*IDVgzJ<jJY?TOqgYPHwrcpv4}
zfA!G9@GCK=4k%frK*wO@#7{3}X_m9Mt)B*n<=@3-%Ud%os!*zNV_4GGsy~Xf^Q7OQ
zuD5??`E(q&ft6htw4G&%Mkf~K>R{`<em(3QF}Qg4P<>oA<QG8Di!ZQ;X)JnnKO)N?
z+<3N{VR)*z@uNZ<JLeup5<w>6g0qfBdgL-6tXTq^>h2ejpP&-mp^IQ{a_wSmG=X>$
zI~*Y)97QoGMS@$=gJl1DRUOxiA30&ykrX|7jjWvdCN7E}?FLP5A(J<rDSx>djm#;?
zv&Ypki=r|AXqB*;c^0#fB`=r%XH2P!PU%NWgO3FV>*>p9=_VJQzE3T4*5+6*<gsnl
zx(jJLE^@<ltC4(xV*=UFK1_6p5p18F?VQwW*o+acKz(<cUjqu^{x9i0bRk*F;5wsq
zSYZbBu)|crT&uT~VcJbO^sX{aAU^mVI~8b)fJSSmTrB_Ji#}l@Ygd5*&?4e9X2d`e
zgG_Ir9|O`Y<=f-1S?7WG_}p&uY@E%SVBPnp;rW!0oi7V{WMX}^QItn9^*7}rt-WC!
zSlP8^SL9n4Kk?@WTp0%{6xt+q#JlfA`2f8f@^|`iBeg?V%NG?yfZK=u&lWhW3JuPR
zp0-xR3Hyt$3GqCirOmuJ=Zd<JPmwI&T}P~^6^7R8>9``2zML#6E-;MhOv09^8bTh`
zf9e{$p2<K}|2(AopYdD#ROl7_#kX@9G*<WgZQR#ZKKA{P_t3FH?$a`Psi=*Rx{gM7
z3$1k|C(g$1K4UPgon`qzPovWglS#==7)Qw6fze&c*Hfw1HHA`rb!m?H5cEu~>k;V(
z{f`l(=nEY4_xW9J41@G=od~(ib36L$4D2ed4S1*KNQb7GtyQzJbFSJ>32Qlf4!uk1
z6_5`UPum;n)Fs5ReTeXp=o1@gwW$+`&@{ef@o#j7mbMLq%tPvBUt%Ns+6J%Hk0Rbs
zAqhN%(UgS6+f%c@Y|m--*vED@qqe02VNgJJn)Y^=b%5@A?y<mq&;aj#UwYH&X1mS)
z9b&hmyKOwhvPZpZTpmssA>uN=8VPHJCA&YU{Vc!s2-!T_IDI6S?UDZW@7@&?V=n^x
zzwK9eN(A*U6*vX2zTRED^0f{Sy~fm8i!N~!7r|Fw_OSKcyhb|MONd~7T8R6I;Jccs
z4x<H&jc>@vZ#i#rZ4-fZ3;R(4FJq3d^=9@2<E!S(f2*bkJ^83{1V?;ex{@&!5;SPt
z4Sy|CHC*wfkf_UFyMZA~?Tz#FY-=07NVoRbK)Xb54((qOy=|S<#OC?UZ_SkYAx&0@
zOmo(em7@>kG%ZVR_C3~H?Q2st#(X*}@dk;T7bHEz>=E(`bAs$jC)ppV8WD<<0t>JZ
zF5NOIuq9Gy;e$5hbnNYBg*Dx8klqm78*$VpdEQ|hlnov}YK0AyWN>g0!WU6emvr}^
zZs%@i7<(ub=%oKC`-8$DG#BEw2~T~liV=&`)iK=Ymptm()aN%xNItoa3^qfPYQsu>
z#oj=0=wGMOd@cfAn#YdWEh(Q5dN|tpf`h40A?JYuvP5tC&z9DS_G?7(oo|wBE!T7S
z?TF{^-O=uUJHb2h{2ke54{QLNPodAUPM8i9H>)(?Mv^kGTs&6v4CZ#~z-Dy=g$1SE
zJ$?UoVey{}ivP+=?)m(CyZgUW&Rb8;u(zk&wU(sxNHMvj?(Qwz8d>j@ly;@nxWZtN
zzTQIQWdy_gfQP;Lr$sxe9)ZN)`<WDs*k8LbThP1|t(K|&UxxUy4Zct1MT}23)o|}F
z!Pfxsb94xdiz8%)Ybl=#krIXiHx+r8zNVBzBtu9WKsdoVPb09n?EQE-a<Pi@n9UxZ
zd0MP2#_9a_ISm3Y8S$q!Amp6WF0f;VuQNGA7P{<Ovgl%}f9q&w_++^yy)Joo;K4Zl
zVk*ul124@S4nQS>0te4m<~!N6_cmwVW*U}olw|KU1Oe;FlDx8Nr8hcTJj$aQFzQrN
zLfUr!oWidSC)mH5>!`IA+0bDZ?-L6oyhPykg#_&?Z<mEnY6=xxuNgoF`@9bZ<5!7Q
zL~SoYmzCWgIY%B%eNKZ3jIEEFnjM>W>p{L;GCVsUd;^;DZO&v_Or3MTZ+tH?s^zC^
z^rDI1S=sI9P<~P_4()+JPO%8bRdy~W7IkY@4jAS(Rv*clNVRv1z#f<~e8`QZU?S;=
z$TrQ8iob*z=QXHMT)BDdR`WYcqGch%PbIEe1NaR>Q3H<4#$rYrSyBY?ddN$}0#juL
zi?5F(Z56$p*8kTS_^;moKf~bPhMMrkdXDA^ezNL;#1{M5<jH;oqV!Mg*P+p%fbpsK
zGRbs~S@O2*7jNSy^P6C&74xr%eL;76<t@&SHif6Rbj8K-2GDT*U0)3a<&eW_$9Yn-
zx;?V;kSTp8lg^2Ky(Z+2dkyRHR44KyyGxPd+J)LBml;;3srq+H^?rT?7DZQfUbvdN
zWn)%NIlWKs55xVak*;F$-oj0v3|T%=C`ZR^t7IXauD}sUy_Uz|{qR5WM>3x%uA|9^
zuaxh-F6a*%N!I#TS<q+8Oz!4+JnKVO?!!=w!>HvZTX(?)0Y+oclj>OZ(9QssH>Hy0
z-`=$vf-tsHZ24yKNauB9I%^&e*)m+YfYuuY(49u#AX)1C9%ch${5oh<6^pY<qq9I(
zWfXtpR=t01>nd*YLM*s!^DbI0^K>X>rL(6jBmNX0lJB~e@8kjs0fU`9<7IJx<W`fy
zY`wBb)5g>xpy=yRGsAc0P}A)W5{3Y=&BkoOhRa5+TZbJ3X&+~>l4^*zEIAHBvH<AU
z@&rJp+T%6Ii=6q5G>4;CW3-Y6dC5%It12=D=?O?%uOOfI7dL;0-{FU*>bB9Su8eRg
z{$^zx%zt=gi6O%#5m{*$%wY!-M-Ogg?=NH%`|wI<!at#mUja&#7@ADXdPXnzNjEre
z8XU$+1!!eqR}E%+MS4TeLsvNZj1C0%_JuTfr5Bhn#XPzGMiVQ97zWNd%}^k;6UUR7
zu;XGN<v3C*>0@YOh9cT3WwN`wPnRN%C-x+{`ouk)H_-<xMre0juCLzg++5y-7GKQG
z?m=$yV*hWOF!OHxT_I77WQ$mJ54RGf6UE;o<%^X@ql(Eg8Ou(TOM$~KuK}&54vV#z
z_t$X$;D<X|xy{)7VumX+-3jo1EM|g+O#i4G#>hyrT!X_LhUQ1@E+xi=-e$g0TxBs=
zFB1%0{&|yzupf7|u|=N>=Mh_ZA)x@R<2N#^(mZt$TzdEV4PFBJ?tN0K&XGFz3}NjE
zFdU|WOA)27U5(Dx020dz`IZ`OKtRi}+))b703C$PCsht+IQmN9UcrUvd!{tUBmzrM
zQyn~N8@d41x1ue;T-?tUZ&Vt8w|bH2JK07{#6D5fV0R02wmRz{W-$kUftwdB_<%!F
z7v6t641_3Uwu8Ot&wlW}Y^z`;)7-P5jbX(|uhEGkS>mQ2iiF<ztxNNrqkX8L6d&Xi
zGINJF4>x2y{_X14DZJPG$Z-$LqLG5ZlEC`E5)M>L6FnXca;2AKDi*q@DFCVZ$mhi@
zqnRe1*&J8}+wv_8J(jjMLSB2&jy=n}6ccZDrH0mN#25mD#32q7h`w!8e~pHo%XMlo
z%nfbH@hQl)E}joz*F?`$hN6v#nV+13{>TL)q+*0E&SeXK1eVB7ag>KVQbPiRhAbj-
z=axs2`&0$*w{VGiWzStiTux^0_T*)KuD_;TTsLX2Aj_4NoFy>(nVmr#4o%-pG!tKb
z*;=8kHr9XWpg%{Uk80?^?<@jcm+MZ`gAc-{oxNk=qtggKNO*s?yxhz(<lNb>GYaJ%
zjc-R3H=vpN9(liq(GHekz17RmAsJ~HV(dOJlPh<^vS1EIPbs5W8EW<0j=nv+InnUy
zzm&hrrrk`lg2uw@<=6Al=@$O7M`7S#q4k2OcxL4soR*7BF?^l|hpw(Ei`iEQtn0ax
zBP@8EICl@i{4T?cWqUC2*LV(WX(rEt>Ss?uq@g9>7WGt|HiI`c_ZY%`Zm0Bj`+W6b
z2UZdGU-1sweB9xzgyPtC7gnm<3k{;Co3d+Ep&r#!4E0e1%;4)RL>&G8yo#Gn_%j<7
zT{{1O-sN!XP=ObCii-EZTozy85=Dp!a_L9kQmN<fD<OIryNpYGE>ZYug3}kL;p&!q
zYhsti$~ZGZzt<6=<-n~x)I9!c1yZ9zrEmhnmbqO8jo|aXW1=h;Fs34I;A#lAanj&e
z36ND}y#rNChvT96;B@umQf3nhvh6<SYLXq;g+Bwks;d^!4N?4(%2d-PL?rW}yXX<q
zA^7lR`EHs9ZTj&v+YnArko?CYg&kr@U-@c6Z*ktXSkOM@=woB^W4o+GFETYtq%5Md
zNy3Z^VoXN`mtzvUi)r6$r)J4}(@-w@2r7`{f8L)VWxopZc9KV)cg_6XOzfrBy9#OQ
zT0Ga&g$aP1qDb#mdI@{l)eB5A(%`%kTR3P~#g{vd0Yi}*xlM;Lb9>|pfd+E!p+=b*
zm#0XpEX??dmVxZsOq`h8sB0><>{V(5je(eW^_UbtaNLYkh1r9^fhrN#aC|&7J+<wo
zw7|7BV!JYWug|i@kxKHmUDBQP-V`g2Nj_u7zb~E84kaYwo2#?krHF)BYoVxDeVat>
zRR+IV3u*zGgV_{6id4FSjJLMCyo6&bGKH%9-eJm^kQCY5qs0(aChREYK11S|hRU{a
z2qWM%iC8WpaA3Qr*UWhEaHCP<(B$`NLVz!2gk75Nd~3&Ut{Nm-3Kl#blVo^k_*Hk3
z+7$;oJNQ%h&ou@;!Jeoa>#yHwlJc7;EYG{dJ*4^H*_-NU>jgHVLK$uT^v~MeW`NdA
zSg6p{kUn6eYsyQ+C0D&~L|CKfk<{Jo-yuZpf6%X}<I{j|kc`atj3-o#Qln|6F$5Uy
z%2+s#09MDjt)(CbOeS(b{%6qkJQI$6>>p{1ZhRbjD&bYpIC@*m1c{X1;4uPV@mS>9
zZ#8pF4~L+(&Lq39w8_qLQA-GtW|9rF*`#;ILgOS->Bm3RO0fq%`wyY;<TV5X&RX*-
zGP5KsD902|EWEGJij{mcQ5puo<_$dIHo|*Z>Pp%;5?cAwuPoZ{@6ofgnO-oM8$_e8
zrlqi&B^0Rq?2UEhX=89b3(?|Y1|xagSl0hUMdL;wdYH$Sn6eo&-<O@?tD1hst)5Ao
z4qZk^3XB9tmn(`Ublgtr4qu#FXr}Je<t_oW4#XAtmB2x?iWF+tRbm!z$F=H7-d-UA
zjp2=-1yc;e65}vULkMB;EzDw}#0?iB=1#?i=6wSjM?93=160+p(nlp?-JW{Cg?^0b
z)f!UOG3;^Y_od<HvNvFv&BsrtDw@HkceuOTe&YCdzf?V^w><-WWckFHd-8<g)s8S@
zWi9LuVD=hnC*%)S#J7&cM}}hJu*>NR;gDXng~0U~?a8BNGNhDd7TB*=rjfhnp?=c=
z79r5&G}&wQ1VNqxZ6f;-?BWMNs5s*7$~)3-@~7W{4_Lgzk(mUjArK4|t`F!J=jcgi
z2bJT@>-3HLY{c~I<*Dwhihi_9$z#JYC0dmdolsQlEuqeHB6X<xvS5p5Sv`l9>W-#7
z?+$(cHI|}dzPJHz=zdihE7t=Z)1dkJX9S{zRN=~xG<F`pP=06=5nMc@G8#?00btH0
z?egXphoNCO=7<Xc`(krk?%xO~d<nixD|W9L7-Rt>gJabuFykB0lCm{+5QZyQ&4SeC
z^0>><4`OO?0UZB!Yo6gu`HqO$IAC2L9t~-z5;HnUwY-E5l|0Up_n~7xU7;MG%g<#y
z^h67?@=Y4F`;&^j_DTvK9?;sTSb(<40@eismr!CRLxZV&QVIJ9_x@z6@#)7&UMR3_
z6^_(TGU$jbM{*rL*wHdi^Z(Ky$^JIWC73{np`xM+0Ok);c`o1shJHx?>X<q7SKyjv
zvdr`g{6?H4qvArgFG1k~O-P@{JbN#EL=DdU$e@)`wMh+IP^*_TzB97lcJsywaCcJb
z0RT%PQ?$=Tth~k_nb3#J8RCgt2nzu8e0(^OIk!{swgE2zq5cc_8_B<%b7WOtLY<_k
zDvB}}X+AO#pdX=#C6X-rY9+S8$fFNB8j%ug%i1*88hpC&mMrI6H9%M|V}?oP&X@1r
z9ccF4G*?yE{eCn7YLlh}*GOQ7uN8TD&1IBSsFb5a`W?YVux~Icae|BkC%@G3j-M$(
zP^XXWjz5bRyk;%SZ*9X3Cm8-r_`HrLexX!ajVX?^A&`pZz+|?j*K%tW6sF+7lfJzs
zU>z~<S5h&o7*q_S+(1;Z_LNL{xOL{T5e0VT9(RTK?0W~@R8%?hv8vkdFBGR7m>R9V
zX2v&^MkDCgtWmkAX7z#kq%~1a8+N9ZkJMVnTWUZf;TjGZ=N}<umTQ4#w<(eW@VH=?
z^O7fTdNIn&eIT@%iRy@g$)yg1xuozy`i?;bhy^u@Hv4@emLvuDEA%FjiJX~R298uI
z+L7pnr591?rcu%CfTrg|&nSCP0L*$@w2pC-&o;Z}kxVaMI7#sWTI}kn06y~#^UWQA
zol;Ta-O=2nAkvOS(YzZ((Sc2t%HarYWS8CmWhe&h?NOEiLJVWSTcWYHCLg{df&;o8
z<1LB@4nT)sN<Pc*73xAHGKuh{9pm9Et~HT3bL#v$SOm#GmNaIvFa?s6%;x`bmJQpz
zNPjI3O^Cg{u_>bcR$m$#tH*NWs>wd0d{H^)EI9$7<p^se^-Ey}Lc4rAm7^yLyQnY{
zt4s^2ax6%gh+TV%^b0wxVd*5y4nREk>qZ%pVICD|ETc7?TD`N@S2@~cHCJ3Fu?*X(
zmH>9fD`GJQs6PKRV<%0tYWKGNf`W++@Ddk8w#3||F%5`b1NQ_(OQcG|-v}5z=gqH`
zGL9Q^m|=loZh-`*c-SK79(ti-<?`yTJW^7M&=(IHt3^jqd@w22%n-nUK<A=R_e+f8
zn9m*sW?xqER*%sGBA%1pes0))l+ec%Ei@cMGoF+ph8z=Z`*GrhU>L`s5S?%!O~69;
zDCUjm`t4AIE~NuxA)|<g?ILUDm2A(7wLSQNWW(q&*D)}Y7Eb!uaZ>sdjA@$8uqCHv
z`%AByonArM(nVD1KnYzNnc}shnvNb<$VP`y3^_2{d^k0uCYs&9!VWgh7S~x>VR39B
zDXHJAtHcXwMN?$STlLrL2r2Xqx9nuxr8G_+L$}A@XR)Cn5F&Az33b_-fHW~4Sot%Q
zWbV4;Z%dCj{9ri;D+Tx(*Li+%)F7jmP0b_%HpxSmZNkl>g>Cdf;ZWh1algNK?r47Y
z>cSzR!T3?9LlEs*vKzc2$5FFfk>MLtlX=8`W2oR+pEg>#%SGuR2ELa>boB|=4K1_e
z8#EY~xk|aottb8Ou<X)l%@`+X?a~`^!%g)=21cXx91J?p9g7K3zpy{m-7R8#+UFYi
zG>u*2<j;o#@Gi3;oEXRFf5O2ga=jPvcrJ<vVLaRR@k>8;;wez=HdP*X6{*YK4PhC;
zOQlJ`dY5GxKtV4$jP=Mc&T&wwMp-C^wG5E0<XLgl0#xY>+c;$S_3s!d0)+bqdDy79
zP49OKpW5`(wCMfpylXM>ijN3-RiR8T)Dcz6>Nk*DAH4UgdP}rUCiCqRuC~7`uaC5{
za93;hqFFmvX|lt#NTeg+3C7+^ig?x-uNiZqmY4jU-6e+2kdrW9v7EmH1MM6x)Q0NI
zYQFC;ENtnb_^=VO2k<Pd|50FyX2NYs;k$iBrUN3iHxv58>#>vw;7BW7$$Z1#kSYS%
z(c*#VI2geP!N|w!*6%1&$iN`NEBk^h-oB<ecbIJ2w&e6DmvsxWOW!wAQ4bA+nScer
zf?@9kY1S$n2LKgc59HAjOoW%51Y3)L(G6Dsr_tMNS8pH}ij;~3`0C=FJjw4c9LEA4
zAJ5Qe0FKlH=|`N)7S#g7-h0I!1oY^{qxa;60ahb9EJgXe(Kk<5e{(vhAJ6yQZH5jd
z3ErH^XE+YWBEuG>yTtoivWEczQ+#4IP}-8|4QDse{INb;_qr4GrBL~jB*XSs4a@tf
zJVh4$nIIpYG&0M0787nB&n5VxEN6?P0R9}cxG8{nXXn(sgXlx{7RYgYsGueM12?F<
zg>A^y0mVmYBH-DbS3nmtTw96Vx1=(2dM0dW_iEm4!*F~aY6e+-hIAGe&K6Z(q($0Z
zA;=Q>y$q)cCnqW|puj$UOU!<50{~}HHMqISNr+G?eR09WUX=q90BXX=SR0h{6&)Yi
zpRF>#rAm@*UKlXZ9O#36VHPX@J`%H9;j7p~QzEDVJxysm38e#s5__Td5FAkDg)EOH
zSpgMiu|GiPG7uy5iJzlWTLp*j$bF;*btx@dGJvy;y2+M1uI0Z0Dj!2-);<)NE;geK
z1K1z~ZxSlBJy|B<9xCN7^mjU$eGq;%@(=2`em$I_59>8^3t)6g#o9&Bv&%G5%V|I*
zco)pL&$Jer<O091XgC_UEMfe{^q6`WXIHbI^}#0gcYFGKEJVLv6Ad@sK)^W2;!T%A
z<+dyK<z$3@NEXvzQt3qoX5If9bh&5MY>HL>LqdhN|JI@zSWq)mLO#Lf8_l4%$h84R
z)Q_y?ju#AA`CVEeD^A=NH|ETC>?p8wCQ%8OokHxn_ZL9ujceJ_(T%f*kKr1udY^&Y
zTrD=7RA8>pp*?z_Vfpxp&QZ}cG2L8w`c2WPk}!XU!^x$VLR1^-y~NjEcoSRk1!pY%
zED;w#Y=@hPZ+DsdB3uYMq~V{Mk=H(^7StgzP}>IMs7dCJ<a4V90rz%~Y7i5%I4a2+
zyAmtA1ZbHqXA#W%1&40tAF<Tw-81vt&wX_J&wBSj_dyqbIE&L|jt1wKA9Ywrvo!Qh
z>XYPYlwunU1g@7DGNs!XD9|gYPIHrc^Eh{TZ*v64%q80``}2tkl|l34m<BZT+|XFy
zPvuofnlArQ-qSQlN8<K$7o!1M=To>3AuT#qHBD;=D80kzsBg(VF(1soO@m1aQjks>
zWIP!#+@7~^ll<)`8|7Luk)ncIO)vz&GlZd>YXxrvjEem%31nFl14`wMk-F4dH?#AD
z)t(9jS9`fFK0`)N#>VYv%GL{NYHq;&Vuz6~PWN44<LPbRcK7#}%XXGWUutJ2n^CD#
zOO^d}7Ls@i6$q-uEh^Z0QRmx%3{e4abnw@HM;QqLq7mfkN@o>IshrinU}Zg9vny$I
z+)-)!TREegU$7SGBN)hu4wl~dsIwELeYw4mk%vYdH}$1?*p$)Jg9*b3z=r!?iSX(G
z@9iiviX2xgtcd7|Wkh-U0y}=cz#<Ht@Y+Ir?w({J&N_csIw~yMFAmF(`(mu0!;fZr
zQ3YW-azKXGLT;<*ZgF(g)ijIpEzH;-)?BTNeGOs^!~BR{O!SV!OI68FgE1I>?gac!
z^So`*X}P)RMO&IJo9GTCb0<;s`^(QN(~C(0vT6qVz=$zIr#Ri2MUc*o_0f`R58!WO
zU^{roH~VaL_=jQ6^~RB`oo_~&wS$_5WV~6ndlHrtKn8>uG66HjR1Mn%u@r}*$%gr1
zV7*gOsmP+i_Sn?#Wg30+l%L>j0d$dKncWEabx9#|d$R+I!HfhQcQn5h<peW6)!>`>
zBu~W_>+~-ybfW?ot2FE4EG|n}&=H6Xm*ci~Aa1r+I%!DfJ!H<E+>R3u`kZ!JKx()q
zDBKt`3XR5AsH(3XrY3aF7`3x-ai`SEnT2K~v-i<R{&BZfo~Xp@i*_zA>mhJIhE45(
z4xx!L0ZPh>7RzKfM2wrl32_Eyq{6X+mW1iR28=de(jG!Y(^wpZTx=h+i;jU(o%{e%
zRU8L&be6w8TS>8PpJt+n+?B5bXBZPGmaFMoNV?O=d)n){pc32KWPs=~Is>xHaYpp4
z@24(WJC21KjFk{}xui+654tE&8VUOw=}AjkEof=+4p)8X2Guj9N6;PN`ey4}cOG($
za#lFn;A<TXq+k;4(RpHn1%B^l-#`^HNL*I6YZa{$DpejkZuk01ij$89?-`947z$k_
ztf+3ng(93fb*59xi~BO;yFhz~hRJOhDxtgy2E88w{dt&y4gIdqW$g(gMI~hPB@{-t
zBhdhiXxRmebmykbTe<-!OalrDU=`Mr2Ms6Hy~{KJimp{W&$>o*+?xbI%l5+aB3K{5
z=$wo(#pAFaZsS513rqB!{VRg}yx@H6U21%LJ*Gftjo`*Sr3pd5L%e!51@O8r-AG%@
zF}f~cqfV`#w`;f)j{pyfox%d-%IjVgNnj&n5UU{c<ZucENrjPFg0mIEh0&}ePS3q=
z1YDqElSk(ezj^CEKM^Vk&hKUolt(6j>ms+dRqUb?aXe_HM9A04&kivoSn_ZGxm7jt
z{+(m7(4<b@vnS2&@nFx#1XG=mLSRh5G9VTQgEU}SMDu>Of2FW>8%iZe7E3^C?mlu-
z9d>42D6luitb)@~X^Pj5nYQj81~hOc{@@OdW@*thg@vxP7v-{wk2ov&yW2f@)PPNR
zTtgNfEim^R!SM<Jydl>$T}Ada)iI?nZ|m#2{f+C#%s0kZbR=cc&LABjVkdn3Qc#}9
zy@T?0J)=j1w+|cIrpWaD02Awys+sbzVb`E?r+t5DrB_BHgwy9n(|w;mH`0*5`mjpz
zKhB7iUW~ckqev#{lfg*KC75foC-sppm8lyfMMw}|&ZH_{_ijFm<QIKk8#waWE;Dlb
zg01)G7H~cj_mDa9qB~c!2q&o0dt5bWPn!k<hbDt;+=Mn^&~MbhWfDP-rb}XDV#}_a
z$T_Ukd(i<%m)yY;&yE2OD@n7x#o@e3)s&cplXG*m_0({Az8tBcvxt%cg0dZq2xvUo
zBa&tGP5JP*zdfb+4N}V>wdWtQrE9I@7Ab)*Od%0O=LAnN)5&@=>Z$P(1f0C2m8x2t
zDx|aNz>^x5m?Au%!WD4?=0t=HLjaC5<`;SjV+>_2iftUxVGd?XZ!sDy5@#0~HqT0N
z3Ihpp4%X}j^Wc4(qYu(L{;J<zlR|q>s9H=|^RwB3d0NxMYEulJwaF{B`xeKK5%Q@=
z+jmEcF2`n9jef`eECznP8`>G7=?TKi(d{`NliRTx1O(l>db7Fg`02$uxFou+H9Svo
z``?l?%VmS8%VesK5r;+QaPXqdb@`ob@PXXj+f4(226cY>6t&sSl=_uF;*>!~`>hQ9
zYo8zj)CE7VZZ!@JgtfmFaUc$&p1#6B!69!M%&o|BoBj+6GHtqCB_Mk)nY+WGwa+2X
zvYaL-Ct**wR69?SP5jl$$(D-f{(I!$_>&=52mNe3|B)tLc~Kx2NBo(0=D)*Zxvb_c
zB#A51LPRrx3iES|D;n+y<J@6OdBF#7D?H0spRZbjUivn98%DNgT@AX};=Tp46cg0y
z_g?aGp)FIE2$Ud$NxY9MkM+q~YqMUXb)at`BGc3duWkW1_eT(Iv&9RT@cU~7Tplj}
zkAnPpR(-u0Lt+?rXZe?S8>w(d8{DbFgU^OEKWBBqW;5=<ojJI->ECTXJ&Wwz&{969
zW?8W4N8Z}yg)?qm+<et>wj#F378}eN_)7Fr@PNEo%t=vF9*heKvNbaThdj@gBi;qs
zG;&Do9<F}ZcOJA^J(huo?cKe_{Zh;xmcT(}ftXM9194V^IWER{p`|w60kRhXM0+7U
zM9(4TT{SpL!^7BMh3%NQ=75cb6W<6I^I#Yi<@{Chf`uUTs`2{n?(UKWs@ZWDaCOz8
z%($_i@-fg-WOZm%rd`9#*CoO}{JF1suym&^@?8Sz!$++|zONS<Ck1PtVf5ci%A@jX
z9UP~`g0*~IU481b1afBnZ-n~4$0*-$(xCqqyY%VZ3(&$e$yg4)8!_YUlX69wQWPBj
z_YeO6ZQa$2F1=m^ylbZ*tn+;_(qy>~qfd4rtu+f4TT)^c(XrBZ7;kHKRQrWWTs}@#
z&_+-^+Zc<m(U#wRS!Y=NWq-Ee92Pjn=kdnXvb49MYzd3l&C7V>CR?k0lV_oeM4Jla
z=^KN_KRWydRMjA;3-1Qa<>EWQFp)FdHqbu|yXECYx#pnTGDODLQ`s7jdx!VKf2+J6
z)sJ)wIdpabKu*qd?#&&#?OIE1{)qj@&ZRgO1kywj)T1s=ZgtHRl&LIR*Qj@QSd0Y>
zJLexro!~p#+Pt?-5q2)sW4lI+jvmI~V1J|O?(NE++0EqTMB0b(1x8BSw@=K>j4FKE
z-vzkXGV;w}JFR2ckBA;-zM(=SU(_&gJa`<=<$A8~;Ba`Yu*EIPYg<qOVr8Tw`rTur
z1RDz5x_Wi%3;s>#?Gapix2k_f4r(oQJobDC;PW_Rtq5FWMqUTN!-qEe-rD2;RP24B
zr18iVFeu4JWlX)IyYXkRf4(yfRdA@QQuP=P%SbYFT;lJ+lv;6K2LCo6e|ijOEpK5Z
z20@^-@plrXQS|CM^u4Z00$>;cHQ2ZI5-}r>dCM}YeS@$zPc@?Wt!d-2!;3OOLdaZD
zT|H(_x4T|Gn=e%bw>zbOz@`&Zvk!>VFXNNKqh44R&{f{P>CZmXm`2Q&HXW(#cvVN<
z?jRxhr-%CE6G8<XAs#sZ^oy+7558CHn|5cOk@yX~*6eah6`V>Q2OXLHr{}%-9ob)s
zs^m#c4a-#uM}6H3RrT2=_-P<$;uG=4Mq3x!+8_uAB>6EM9~FVk<sy}FoTVZ2S<mHz
zk4r>d${_~IHM)m@olNOHhL(fw0y~-7CTjk5tL^>!h}y!oh><{|KOc+Ymc%Ul`~mK&
zZmRv+@ZkuU@!!IK5_K}@z(<#{DD<df^>Zf-0}9Qk5zl!_$3KK7rq>5%zl{KV)Mh`j
zrCM1w@V|iFc}q;wfj}CXAyZwIqQk;3zrb&>o!sr;4Q>T50QrQUUA@yw+QIMKw~nxW
z5S!B7G7d<|xYHZ>gTn0$`X~8c6JiTeF3;_oi6uig0n`wuy5(tZ;8hwx-~3E)APW;F
zdu?qQCk0qxv@wgW9lb~Q<x9&BSh$N6Xq`IhmgmA9cWZXjMeZheRRH9IbhD=RM)jc3
zd7*Nk6<CTEfFmMD7Z84XaTXnnA%P)bvtKfoXWoEx9jFDuX3hweLD6*bs_X9h7Z-qL
zJIGF(-3JgXLQD-0XZY4SLJ-<iRMaUFaXsHe&EG~O_mzN=PInvk8_UMbuWk?uOkm++
z-j8*+v!$4J;p@~qyFh~FPvHZ6Q#i!=nTC~M>f?SEu!}IdNTcBI!f!4gQ+Z&H228?n
z0{6<ih@PiLiI}rOi8e3SkA~5#&jNTzoJ~|>n3xFkBNw+we*FLqLQ4*bN!Jq56dCs2
zguhWy0`4XWD!W=cWqK5O1lj4%H~?vvGl~JvF`}IXrY2;r?$QACzIk>r4KyRHme=aQ
z_)1ioxnNz|gXr20091ZR1~<GpDQ$^CIlSs?R!1EQc8|g&H0wD`eq9G(fp8-fDFnO4
zT6}|#b)<Y;T{IINcZBdV^w#~eBHX2H5|a8|BM_bzP&6LO+B;}Vk?ceSb;`V8^kS(=
zKMQodbTc8C&{JEjre*7cEpe!?n@Yi!BH>nrrbWiQcN&zwPsDx}-~?;mUkYQKcXGIs
zG_zIVxy7m;rE*DI`vx|-f=(P&KIg0I3c5sNy&NCURbuI?r2-coz>4Ia$6fZOcim23
znb0$_%2C9`GTRJC!x0Fb4>W*6Vrd)NL+mb!f*FUZ_#gqlS^{e>{3h%rC1U6DJEP|#
z=Ci=M)b|yZC8__I09NLjH<4#$UDXY-%8GalAK_tCn9&BqCf%I?F>$qNMbudPsXba(
z@*I;dUS_cspep+3(MI7Drv(&!M>Ajv1Zt*{<RuUG^;6jYMk);0$jOWocdAp|(`J<3
zqx2{xUqk2Z#$P!)`t%wt&av8nw%dvdMcbvJZT8-Z`?8VFTjx3iQBESw4ba9}2K+qj
zk+hoUXOdRE+6Frypuj98m|y|`iyMv={=!eZE!HC+bu~%0cq^oz6&AOKezq!lH6;5_
z9Kg~EWU*2+i}l^fCk7`n!V4aM%FJwRmRE`u%|^3$kp-@i{|!xtx5^&8zthvX);@b=
z!ZF3`=@+?gmzU9o^tybJoOWu`AD-}-FCT?L2vlTIk=Pk97zF_BauuwCP*~><?U15Z
zdV@m6N`+MqaoT?g`^Zx2_-%ye6|Sh3`WW!<rSYa4%ww7CFJgz$#t%L$@=0bllRDsN
zJeuX<bcbDv>23xfeMc^d|2D8GP+&Js@JqFyIPW}e&Sm@i<&O?Ir}u!Z!AJhOf^i#A
z=aZ++Lh0#!kB4jB?v^+NN+FY3a^BaM8ojJiy%js(AnC-#WIxvzh-tty(`l>jYNQmM
zaW}V-53r2+%h?Hikhm8?t!F)}P+;B!3v!+QohbjrBzp0%*3J(wL?rn8pZ0T7BW@8;
z^e}yJ6B~j`WU$K0J4h;S7Co0MpN)w<S0e>uIgs4V{wpx9s-}=e=KD^G2_JDaZFvpc
z`V1yIC3qUlIg^MmcfeO8;V#p$xq?f@wW@ENw^Ej*B?ri>j4I{JA&FyYBtE-O?&W_Q
z33$~F(-4DekE4giqat*|Y%7HT4PjwF0Q8sweA1BbOhzO6kLlOkYQcR2pv~!@nJtxy
zC_f9L*Fs?i%=aogLW1@pbGu6sV=ESBY7ZuI!-BNe&+}GeRi?M~w@YeH>#jR7{2I^%
zx<CagOUcnMa+^m`AdKx%g&K>D#Q;FUst^!&MRPUQR~HuS!Z%!I8<OxF6V?BwTz<5f
zdE_f(K6|4mD@VT^Ttw<;@(8C~u)BXP(w(P`U0bK~IIr^d#jDdj6_Of_?bY<vWJi^l
zT6UgZ0I4M{`hvw)$~xVxd;dVL8A}ET>njaL&ctNHummDvcgguf6vy_|hTaY>qFI;#
z0)9s&3W^KM`o6@W1keR#Gr11~dyyGfWq-?N#aiaYP-#M)ZSy>2_wE0-B(S`-+%M$1
z+#0CKjcdRzGOvWvA03grbooYe<wyW&S-W<82?;KjKVuB>HVG*nfoGBiHm3`e<4@PQ
zJ)rcAqPP^?79fk^S}N=W#PbAMuP-_QpugfCIDJpYz06o9G|ykq*JYePjTnT|Xb~@%
z;*sJS6QWXzRi)vZVsfH$SW`4Z7nzK8b~i}Mnr;k3d^)QWnby<Pc*MXo_Z95g`?`Fv
zz>9ZgiW?Mj2qZ+boN@A<*`h@8Ry96)+<eM!j!<7^z<K#8UQ+j=6XSK<07^FEIFV9J
z!@uH9A8i`SMw|_&YN9~yrd5Q<GlV_QZ8R4G(EAxk><*&IMs5~*u^76JKcG`Ep^r5V
zhgjH3b(%2jpUU6sD4GIZW8ORBa)0Uhwki$?-L&atm56OX`gXg&p<vN_==r_eM58M+
zh-{g3*2R<=-hHupS|7cwQe8%~H_z_^Bkw<v!D+u=;aTmR^w@})MpNq$jq5^gE_(=v
zr6^DVuZXkOa=@aD#N}AMw<BXM|7%~CKaDG1YO{G|!li<81N~FGFdiU)D)R2>9Wi@b
zuaOogksq%z0~9s^tGCt|J*!0n{Zn>Wde9S+P$2dtH2jtIZ5RF%NA@D<Kz+k8Kk=jY
zJ-`T#`<jqR>MSAingl--&5VJ@qr_hg>EYw|uSp3HY;4$BZ03c;lyVdz*f=~zGsruI
z`yp}gf!ei85Z{(^k}1NofG`m5ZZL=H3WgGD>Qvd|5gc@+(NIiS#0*wlbl@!fL|hEV
zf9LbJz4+T-a`~3YS=;@0XvEk!?vc)Rc$G>*u(Oig^cRfs=^=Q~mr7CWZ!x{qP+%>7
z5=?CaKLZCoVJ4*EEc`O4o7xx6w1QzVB-X5%dBj#lL4_ltU1d76W&iX7L#&|`s+8Pn
zpMcToXTf&zvr@|mhpmPx^1r8Di$X9>z?LL5{JR|k8|Du2S<2<wZ?&V2^?@3OR6Mb=
z%$=6OFJVG*O?jAvVAZmNKc;3$vzWyDm_*T44=kin!&MCw3Q<w=DBVSw&hO6;i~qp(
zRTW{DCVU<*BiO&7s2XwMrTgC~_l|ol2;=gfHfHWvzM#2h+N))CQ|y}k_tSoS@~Gy_
zh;k&=s|{?BcvPwQY|6FOyP4I2J#RMx3yswjf=SJwng?mwq8u^p%6Tn3yJ64!T3H^S
z!=CH%Yw|hm8+tW)C4ll@|3X<E)Y}$>iQaqtfWA5go0xAk-O9pzudt=*ZJ$>d%L6}U
z^nG^|3cP_`>wh&lw)x#X%Ni^b7EpMgeIib)ZUiOxUUaN6+Y^cZ8$}OWH07mz-`3%Q
zzj?&O#2dww<!Y%PX8#l_A^+1AVobrAB4QO*b@JKQbtww@i)A_Ty`e*Lq=l-F4ktb%
z_Rv>cwD~{Mu6|IO?`#fUPbu<J?zdlj(&zT0r=bt0m6$^c>}xM7Ey33YI}m=ULKZSt
zKNv|Rj7nRkRIG0X^P!0{|IE9IISM+~n<%bV7Jc*sQdPdyz}z6g<Frq6r6b*P-}zoS
zvM}n!{<Ua7wDRkJD0DsXe+>LF;tsA?vw{t%9e0gi<{BkGAfKLknJ4y*U!>tLwtAb?
zMB0C4FGjeb;$H*8x^7~hzW#!Ndq?0MIXV;VC_TZb*S%NI<&sgB<9~(2Tz9trwK!2&
zve9``B62+|>}%&sNVQfrV-bIn75uKOi#q>5BETp(DssFxJnErDAhcTwxEGtXRptuK
z(XILqI(Fxd4R5{Qs?VA8Ja-2OKgpI=E;>5s<@3w&&DR_C;uf1n+qF@0!tnsUJ;37x
zd@+h4*L=f-?040WNo&ckTZgY9bsauQ_{(vpPv8W~aH+WfA$jK<2Z_p=nDQaaL+zTb
zlEFFUiP~dLGPGp1IObfI{U^9KDlo4r;><VVt4c*+Ubu?{R~UTqKq(F9dX}O;xRut<
zk$`5lz2=lk;BRw&L$l^Qnqf>GJAqi0_nK4$wGi>f^x`X1da?>S?;vWU*6h{ObV_bV
z5L>CXU-?KSRChKu37at<DDOnpP~%~^*TEX5f3Zc1ZIqTUAG6ULbgE3T1KVry?XtO$
zjHk)u=UXrZ{ywI#?ic*y>T>FmU7(vbK2g=Lsf=UU$SzFjjed)%z#H~`qp#}EeIwMR
z^;7t{+~PV>GAlOP@-Td8u66^_K_X!<Y$%PUkCQ7X3*yZ7{$k}VspUbD8uMjLe9os!
z*NDnGPNDco*d@s<MJ3+5mqeCj-I*YMhhV*U87ttmwTJI(=%wi=(x{mBcf{o%JCuG!
z5#lc!`37(>{|7~>250zMNgM%I<H_irI|=Szq7I1(lznA;-c$tc`KoA@7WU-Wnvm2j
zQ3#u2JFnpvy-v;cjq?hjIuQP4B>9)a$am7KLY^wyb3VNbai+-y<~C@xe245D%ZiLz
zBn?VVI_dRQgW_6P*(xlotj2(he(iXYm<By6EefsJ^Yj4*5`$$6hl`7v8E_Df%38?i
zks0I0Q30>!h9UFZOIPWE%_6gfsBHY<I*r+Qmu_QT+1Z)G)6+C;`o#Z6)vp{0j#--<
zEBIFaXnLA&`c5YLkq<{e5QtxJ^XG?atA5}0JHK5<$lje{yE588U6PAmim%vi0N;L9
zGrx1Iav~m&egAgfBUw$3(6_}F&UUr?>ja}tQ=1LL&x?9T=)~)sb8x)Eny~`>MXb=b
zF|tLW^}x0=(z>Ow{QGAuu_ILnng57-J@`;t`U%gRS3l8~=vVpq;_&JIzYbtWg6BwC
z3XAy-Kl9<`g?r%A#(>5(U!MbF=;ndkdw!&+4@W844%{`5@kiiR+$}NN=uL{EbwknJ
z$OS;1O)HA>?}}>9r%HG(ALVRswe7$;2`je9Q6wN!r`PK))#CvAL^m;q-85qyS5!zj
zXE8{KXAUu=-|TJAe;a~PuB^qV4GajaoLGyTnALidpH)*wRk3@=S1LFOBHxa1n$lo2
zv>he;pNV!_%q%Td1e8hVj!Few6+IeA#+JsNEf^~bf3(vOB(1RD59iQ_R=S!32xFm`
zs=Y9xxp~eyQuMxsqUi1g{Ppg$v~kAt&ejbg|5N+>y+p5&z?`y07ixBaEn1oQ3f>03
ze^DBk7ov=v##X~U<C0*TGhaQ*MlyF;$k>_r+1c3X4e~WDRogy&wfXaU-U5s8ME><Y
z(8hD)YQ0cBKf$7UGy!=;*9dY>pOOjG4ln6i+uzF7MRCSS6c)M6RaW8oRLcQ}@sUG2
z+!BQ0&x}U}c1eFUmB~nfWSX4>acnf5VG*ypZGmt)#C6b6V8!1MVdtDGoj<)l-_+1Q
z`4)YJ{}a~pH+yHDfODsZfb;H->8WsTQCLTglNf2rYyZEV-ldzfI1@nC4=aC?sy58e
zvaL-CvIOSn^Q@^cIIv9rV$>!P6#+!EIG-A@Vh*!ogyd1MR{1H-2Ri~jCS6R6lJPsU
zu(4*pHwpg-6*c*3^tmKJYMVb>Qge+*)i?Na5yBv;Myk6x+V1{;0((G&zeS=VLJ0^e
zCQB-9rnpI#Orq;^MP#h8s+XfGWhPWE@J(b8NA>ht2pA9rYy->Yfb`vARmqrVCX3OU
zOovb8B0>@?Acue=Yv_m2dOq!`e~a?}evy!bNXRgZkzhl`D}Lk`qRq$K@aYThnw?Ik
zTou6s=z%S%$_WA{$mDR2NVdohAVVM%vgkG<1Qo)jaw*(35|V`jgv8>6Sky@XXpq$0
z0=w0CespDBf$!CFeXe(wYc+Ld!nK)TPZ#tgRzQRa83;%+Fp^0GkH8Lb=fcW;tNZuw
z-ET+8q=<_#69~yLB@Hl9jGuMCJ@4!4{JZ(_U!QB|o%65Cwf4<zRF+b-n^IDylT|gn
zvKSLnM9cGB$Px^aL?Hy<?%WHsolV2fwS0Y-b+DCC-Y2*jpxN3Us;Z~&h)D<$V-iJT
zz>y+QqW!)7eRY!ay>EBt>34H!@11$;Pd!)0GbU*agoE0>a{ByupL@QG*L`mjLV{b2
z2?!8vL)~oWzl`I3Cgou$B=|abLTI!Lv{vEbs)8OUev2U?B0>^0s2zFNclaQEN&DJ#
zeY_9TIom`d5-`Y&$%K;_MBi$=*UtIt_IFu#Hh`7@QIrgTbVc>OA{~U*q?ENwODdU5
zDOycwZC%C|Xi#a^<ZDG3ib!as&%foBef(WtZ`;n_etNpa*7K$BuCD#P$oTDBu78^Q
zf(fxKtqF@zWQ`jWe%gcHj{8IF{ZtfKOfxm+p}m2WMiLQ3&=gUKUh97Q^*_Dy*FPVB
z&(B{z`jpY>a>kNVM9C)SIUs#{G4LLS6A1~dMnuRFqBJIq>_$up5M;;@IT8WelG!Rv
zrsPXPkx8iXErrRPtgu*h5iKIpD#15rQ}AC|W%eYZ6Ga@)v}jMcYA>HT%jWOr@0ZH|
zD*alPQlk>EP>f(mNC(Ox=6yN$e_qXd_H$Yd%Hr+{Op#$Jl2L**LqXWH)4kV)*J=*O
zt9r2xpoS4_((9K}uC=61l*y@b<dl;E2!pnE#0!*m5$zd3nJB4E10qPLou5hHg&>A;
zPt|17&nmwALBl;X`OTX5@-jjZgn&pzgcNFK+Zthmf0nK4_{Z(eO&`46;ub8P{-cO~
zO@vfYT#E?Agpx8cLtGT!bM0S!Zs?BAs}X$;`2=i^4bcQ}Achgf(HUk^GBPgtT;n3#
zR_1YG2LFFU;QCkK>c$DJ`LvKDQrvYnMd1DVShhlnD2!~Djbf0HkVyfOdJ5;g8y-Ns
zDf071w35)4Trh(prXohjR3WCC6u^d&5VbBNR4xd_vZ~D+LO_9NG@PUYN)xe3-fiSq
z+?~!`z!)(mF|zh_lVG?MS1edXGK~weEjCD^V?sb}v1AHy33W=yC4?ywn{=CXEiwvw
zTzVwd1D%NToJ3C_JFaf-rEp$z4iI(Y%|1N?kSrkRbyXvoDvZNMQp%=tW|S42jb?O2
zP7_F;w%ZuS-`)Q6&wNFqWzWa`m3y}HFK5vrFNNj}t_7MuUUNj1eK9w$H*SF0Tex_f
z)wjBa4zNuSeBO^0M7g`ppw~k&MwUPrL|uZ%BNb9(iuCc#$8-R~J>WP|B$9)nB=Z(@
zqu>=D|9=mkuT#DxnGqj$X7i>Y@s*Re2_|C9B$8FiB}s-S>;i2ixQ}IC)e00e4ehQT
zTJQ@_(6NMKCoam(^iM3xnEFj}ySENrarN#U{I3i75t=nkA4fvEZs_BW>@xeG8Woj0
zb-I=HiYmTUEPd@LOT>3jNWN(Y?SDRaJ_Ej(m2Tw)_I+DCJTNPvTUr&*scA3audhVS
z<?=nh98J2IUQX7G_kyM}kiFlY?(Raf>K}0|_tWcp0DbgT2`0nOk^9~oxc7z&FxvZX
zL;Is2eE!bLkLGU?zQ+1WE_Jkq*7BVn5Lty@^J{CnT3cX?`0~xCiNo4q`;DO#%))A>
zr5ln#ig(#tLzf?@O?5n-W>loOkzfaiK&XsDl9A2wxISw>xpwq>zMw{eY;t#w+|9gW
zGA#%aJiURS0?P*WEqs&l_ln3fW^p#AbJ4()C{dwA8|?DZDcJ-dks%}&90Y?@34;|e
zY6PFEI3QHG6+$wo*buP64B1%3AndUl40I9t=dC*+)o3(eiPLgjxK$G}CLpQ^(Lf?i
zG?5yUAxhOKL(Z=ii&R%&!72bj2&5x$^Us|1w)3$313FD?Nr)ju(V&}cI}r~0(n3!F
z9}{74ZgfuUbH(8a?UJn?8b^YnFPmV%Y7rkv_n)he6yhHbW`m05n^H@uOg9C=<n8yD
z99I$7;nn6u8{#Y9-j~MbeY<ZdDSP3`H_TMrl1U{6u2j8tX!q~I=RS+brRc!nRC0)l
zc%|y*@>c){obu;g7bgvPgY&u1CAyd7y4ta|XM=tVlTjoZV2@z($svqI1DY^4!lno~
z5;e}%dlNriFV{w<t?*A^kcjTR_upPuJn`(;xkt~7&jcTXZmJN1Cvx6BPWy9>;NLz@
zStmn<?^9il;GIZTta$tqeWH(K%+IGI)L9Q^7u=^WR}M!x>muQD^0iBqa^tRj-qfOf
zp(5<7;PaQRIn>Q8sgY~c<hd>kzywRhOPLTQY;T^Q7QE8$Gxaq;cI847jtd5WM4Fh>
zO;<;maZ9}z6D*RixspXxd3yKDz3LClv4V^xVv|M7ms3gP34oASMw_G@X<F|&^StLf
zy9ztGaSAuaLAo_Hipn6-7i$@BGJz$g3uIgbgAyqi@~(~Fvo6@;p@{Geee97rbimBU
zr)Ki*DJ|;I6-?a`pvPUS=Lzf`Rd*zu-&7VRNhe7pB^<Y_6w3ZUW$UlAy-(+j*!$s*
ze17_63qNN3b#xj&ywW6MY2Lo6*^$xoW&@nYg^C8c&a>YG-aX@<@byNl2Gvyy1sh7%
zwN2$YL=sLD>Of|c2%|`XNkq^}90%@>!36OGeNE}IC$4e<F>$+d&tE(IdgH#XWI#p{
z2vH(!i;%Ps^Na+1SfB<Vr~rIvSn%`~qrC_qY=}vky^Fyr<A9(>-MqNhM8P^kA(BM4
z*%0QS6&6|C;#lkLJ#-j73F3Nr*PJ|59z=-*kBEl})QF>N+NKmpT1FNRgSS$S?yr}Z
zCniM)$*drOPdCpdh>~g?s<gUY%+xtHiF=(_cESc@+t$I+JS4C-umC7=H95T*abX2&
z^G5b5c2Q~gEJa|wd5k5CQp&cKDg@+sZB^8#p{x*T)(OxB1gcUP?%Nb%k9M`Udx}?y
zK1UOM`n`NTd+_#;;^<<tPLWh*(xkOj4n;<*5i<~!%?+q^0zx)P5l6%XywBYC-FfeQ
z_uq%R_E?6<KqCa3AVPtLNJtcPBcch|l_Nq7xUwmcF%hvCCH;hubC@BQP>@w+sb<VC
zvJ?&pobk-Y#Fd=5&4sJ(`9FO3TGza(l^IErZ@-sYqjp7#dg?7eMj{k$z*50WNA~ao
z5XC=nz+43m)%wIP3XlM|U><YMg18CDBmmkze!)zD5knpKN&JuVEh&pLZ5E4Rm8CI_
zf!Hbi*WXU8@Ag)vw0-)%GWpJ3W8vJXBvxQW6h&zop=co%A{3HTsKX-2g?IP#@0V9L
z97oY|2S<H#b=ck@dC1uHx`4Rw@U|h&YPdOE*8l~sP5=ltxrZ7Zq9DWwVZs<pI8`=v
z%a*QXX=Q0m$t03VB$7$aTtrDEl1U_p(IO*)F%H;6K$#H|5gq;<tGKp=hE;Q&dJ5zc
zI&-U-3jr45+)-6=uBPd2fB*zQ01(4v!iF*tS*uiS%GG^%8yz5wP&48q1Dcu;G!PJC
zfMO>lh$WB$AT$jNOaduD9UN)r+Z5QiI*99|kk}5v()E}EU@j}~*eQzQcO**yZBniY
z+0bg+#a3;%dtdGSEf~~ACS{ppV%eH9QL&`dn#CZ11}cZ$bHsnWKeZ}-z5jFib6n`~
zkryWr2rD9txkia8q(yU_wG>FXMM*NOWl&j!rJN&EmolU+Hubm;90t&l`>1=m@?W$J
z-5d%v*OOjwqk`~^3oMm`3m7a+ip4i%s#Z-|Eh1J;vSzmbV%zUIxXA?&O=TSsB>9k>
zEZPPGAyP_+7%12;@Dw!AWCx#*+ox7VinlFN(RFcG5aS_%LE%Le%oGC>07Mf;zSi~u
zu{Ll&LBT=6K*od$2mugi=|7KTMns~7(rC37u~@b>jL{=(TP2OF%GJNl{Oq5;rXSaz
zpf&tZ^y)5A)pgx|sX-+IsL>Nt%7sKsj8Lesm9+sm=CH2*fz=7gx#a2e>o{>7oA0i<
zoZ5)G1Nh}6sR<)dl}s6>ERceS4Tqw;Ks5g!iGnylRw$X40Nel~f!5D{_O=2h*a*cJ
zwzVdMMdh4CxFxE!NouONZVV2;d$0pw=r<BXg@9N<1`2STIE##fB(-p?z`d&V%CT&1
zW^Ib1+Y(V@Mx;?A2S5S+`}&{mu>LKX{YJO_)P=}ZRIy1FXE4agOe`Z+30Npm*Ns{l
zzD}XmX;FZ{7)3~1_`U8l<T1>yUR>0nElsx$!5mTec1RI_V1@%|d9K0GCZQC)42c#V
z_1?wW8bfn<BH|%nYpH^mCLyk120#KJ;D@AamljkqD$={N%J02(QtKsPZ0-tc$<2W7
z3WQK}AbviCAt5GZv21Lqwj!j_iX&JvN|dS%Gi2Lc>sr=)-(7ZOKfcQ=EdJm84*N+u
zB~ubc1xSLhi(qnyq`He${x%J~{q}snJofva>{aO87a({+8ikN+0YLvcISL6w0x_bd
zBKCS9TLl6NKjODvE@X0!S2(VHt932qC4ldH84hSb&_Nh0U})w582~~kH>SjH2ti8<
z1WExefM|da66gV_3c*H=<_abVpXBZqEgB|?MoSV}O_DZ?7B(@oY}r`Fi7G@%5Vb)5
z_pbj}m>zzo`cPJ=dV&3`|6u$NONZ$d2BN4)XsryRs3ffxb%dz}OfW2oAd1Tqr4lJt
zqL`s`VDn%nd;M4So@@yhB44y8OB;;p6sYK!1pgSxk;CGGK)|GgYNTkerI1q3L_;6v
z&%oOrWDStWSLyZ&<OCqB0EkwB7@WaeR<kSZ06G!92P?xsnn3enmL;ttYDev89S%E!
zch-On3$Bf_9lAF0TQ#n?`quu8)=Dv{BSuXXgEJISjg4bPsKzi7L0k}j-Tt2W<;wKl
z_kV!?i(P-Qi|ldrN;;?{kz!Glw2Da(lPOtg`HWybeS7=&`-9m2dffE<1N`&%@7Kf6
zQW)Rl`(LQ6R;odB8e+bDA&dqK{$9R2-o!Sm1z---wVs$MfZODBK-Zw`6%B+1BBv{^
zv{SsQ+-}Ml6MR{|Y0ME~fm-A+LB&&Nd%;W~Bt)l&d*|!mhXi-9oI22&9cjZ<Rj2tM
z@={T>TB917s5KRenOYg5D6K5E_qDhCe?O)BapqAM^^i^VSslv4SNYpx@cF-SC`k#D
zVu(vlmeka;>1#uT6-ctBNWl<#06xBsR=up!_NinC$#MTf5RULc=bz054y0|Abv8t#
zf(y9YpI={q2c!-AI@b0M)V<6(p>+g;XZ9P=hM>W14~qr101;P5HG+$ZI5r`<f*8SI
zfx*{C0AvAxorXKcUYn}6%1k4T?B40NRAj4<Jl8MwtND{^D;6wNOwmTEl$JJ=Y*AFo
z^;>Vt-on3rGqXPj?XUXTpr@#s&+?=FxWn2C+A9ddg+-~vDoT`Q8kj*eqwnLNcA7=X
zhgO0R5a<XXm_;4_MTT}FK!dx03UU%Mp+zxd2?DzSTmgU1rr<pOy_I!V>z=J0ZbiHl
zNX1Xmkr8*HH$S`m&?itBCquD6-@MqnfK9zuUazk!c&)6rgw-^xQovrOr+WZ4z(If;
z5+f9G$n5?m!(jjt2$ih_7^3s5?}9vtig!T75(Gj6BmzWd5jTR_3Y%`Wz2tw<{+3G;
zK}LweBBG8F4+CKTK0kF|g{}TO_IO7{i5j&HIdQbjU86+89DouX0vQE|ZWS4q6+snR
zY#4)N14@dP6KKFBxhk2e2_P&O)c`H4v;k~5?lmfs1UBL%Fhgi7RcSL2D%47xvt^|U
z8F^%l+CuJ4MKFxbTbHV6y4FLUA%N$EaOOGUM-}1Pup1Yfv%|nm*#n4jUKDW-G0iGO
zskyXrIi5*z3slCMw-bvO968L*!-yhqE<B!Qj$}?&IPfiOO@tW<c;%#O;lv(un$G3K
zlvTrEC?BZ5-EW&euRp*`>gf&ht#5iCSs3!j=9LOrdzl{8JKOAoYVup4JKp6nM*X2>
z=dug%&YMnv&0akvO}+qlRgJ>{ps<7CMRgj#Mh)IpRZml>p4b*E2_%&bT3o4Y-sw{I
z+B`FGCP_6~iVR5wi+p+tFp^5<?rxGvG5K0qSPwVEcXU)tJMOsRYpJc5)_~Hehn!z$
z9lpkxV{>#&*pfI|9+jJU+h2NLuEmLAbztRpU0*+++T@bB1U9CmgFC1i%+z|aJviJo
zgW2_XD}OziCXT|XMK2d?mwgl+&)t7o5AT&9msO?XBqv3`n8CL<evI8JGUld7QW@Pf
zJdrt7@y*AFrV{klK#k`<ySH~T@#0<f*8Hdr+Dg%jK3-b7Po@fgZVY7c73&Z0tpiF<
z;at7XH&+}!FMbd1=(Fj0LRDATLuh3C-2J{S6MBNLg1y8$wx|Wp^ymhct^<ssQQNT#
zEt9Q=y}56Ls)swZuUYPlpSfl~rM#QAGbxv|Eq5tvZG4%h;vOc@_H6|+Wi@xi11<M^
zL+lfTx_wtvh(~8Xr=zeg$2Ki^kCUvwD{mt=$e07?Hw5jsSGkwpQ#HcC*}p5Q&HH4M
zO`}?}@|N<&q;1HM({o@?=C^2lt4G&;4-u?i%gg4#n(fD}^j9(57;kJHPoTDpC$HC?
zUq11-&FVQ)zH`2ENIG&|^=HTH`)`E!YWi!s&z)V>S@k*gLX!I;-?%lJ&Q~ihmn*9@
z0~e&B8VEoIpoF0sssxIpia^j539nGy$LrGGKTl-i&$kXzzi+dkgupzsI68L7ZcH*h
z5I<lXbb0ts0+ANy29dI5+O>9-+EKI-VlqfF<&@cK(iRc6P`6>g%7<?BXd`!l7cOP5
zYb$Yz^#^JbGT|F=`2hpH8{PHSM$GQ-W{5{(lt3}ugym@1%@!6iD3k9ne3g+)kZzzn
z2psQ%vk=i?XP&FNOtZn|j3iP>8g>_=z20GD=X^WSS|JVZm^{O1K*V5DQy>eq36;cP
zP{Jc+f(5{eBZ0&U1A%>W=PQ!D*!V_3Z0bouhgBsAiIz$L=E%q#DN@YjWdiJigG3Or
z2syY$5F&4qq^hMu1$1no7tL>7UFK#<B^6X&0DC?zOySIDy&e#T+7kf)fzd(?xhR7K
z0*D}NAOi1dnM&p4O-n6$maEk&+j{k)Rf2Vdpg`fN7$gw@7*UzZoa(l>zR}BTNm{aM
z+k(`vRd#{4K#3hl%P%>=h20ht1$SdwyQQ+Yi<P&P)N+!ooCFC00)+&^93ZBXM1s+Q
zP$dd6k|>lwQM9y_2shTKWUCZXhyvniNh2Z?h2)SFH%p-$0q?VRUIy4Yifxa8fP41_
zQLMd7yTAoWa%`gE6lj8)O@~dv6Ja3;*b^axVG{uyQ-=cv=h)i@JwBFz7;S+Zd=-<w
zce?gFwzcH7bKu_2t7`EU_2J7@^e$SG)xFnmE~?j*0c?OF-C-&g2=|x0<yGd4v}A-O
zm*?Tl(XL*la<|Rmk6T*1mfIK*KmZe>MaZbw*pN2q1qIP?lmdm>C>DYMG(ZI*prI5K
zWC9Qn4z5ZJAcDP+1+oH#AK7O5;mlBskc=Qpl}wI`S^{Ks_oLSB&B$K8H*9jx4i7mT
z?W{xv&TAYw$CYQBlPx#DmG(~AeJK}e*RwNac#R(_if_SQj}SRw`&ymyA6_M)UJ>k+
z+a~t!vnV`Z3^&w3^6a+fvTD^NOR}IRYuUJzZ`nSE^9VS;w^XE#NhMWDB$7#?pR0ZL
z;I6i*{W7uLDby~DleTtZ*>VU-W-i`eD<a2n7!r8CN!qG|f>vb?s=V>BdrSun(1pwD
zkrL{F)U#ABK?bCNaNTQkgLHAVb99TY`sV7Ws?Z%rGnY_S;sx3TAk`pU#vl}dbb+ft
zl!D<Cl+t8C(E(fPZp7WtfysBv6l;Yjk|R+Ns0&a>J8imodFy-i&;m>l?CF3SHI;~*
zkpk#a?E;ZnqzdFxkREl>g}_3%#DR_K`1($mGT=!8c!ElTh1JWD0=ZdqDj5KFKrU7D
zFa=FkHZ8>{B#L!SC`Je=A_RgBcSt2>tPMu)fRO48m~K*uaSA%sTA{0_tx^OxNM+Iv
zpe7I(s0c#)u^Z=l-m<&ho5?%YXeMDMYOA1?oI;{4DDvz;GcM6yb5<&rXlVqvU27_x
zxvj8JsyA9@ZGfAq71U8TqEgmM0lVG0t!`G}ZuPq5D5ndRP#0ReP+3I+g;mQIRo5Xe
z0Ci@oFbfV+4nQ>#OWhM@ZnSAsLo;&4cXaCN;+9!<sNQC;B-~Q>LN~Z<wFIiJ;4Wru
z6s~542=klfiQXy6aPT$VHq4>d|4aaHoA38Rt4fhfN-(gvkaE>3#7P>eXqhNyTB1c4
zFW?yVzu}hqKYpK{0k@9E4eZ<aUC~m8Cc=uXJ2NE?AxuZn|9Svu1c0Fh8V&AIYv)$H
z?xO0P(&n(EC4^HlQ9am+tg1^gM9ygDtAP$NBu=mfwc}lNQ>!Yhqg({h0|g8ap)<@C
z#0|T#6|`4ISb=JU6bJ~`byxry1V||MbP@nqjlc+r%P0I0_ArEmNn2G|L<XeHV@gv(
zCj9%)$M%Gs|HCvIAV{|V!9-5a;(wu3;&O|jYf64?jra9^pPn4sKZozX6lqihf5*_|
zl_()97>e^#;S&fbFa$iy638L}1VF#{1AQA5+BM%ddIi!4GQeztF$UGv74Crz3t(h9
zqd)<s1W+}t%7<{81=6+wgs?)yI?PjWLZ#Ij6JBdxcimon*ZMOHG|8k&Fp-Q2z!uNP
z+-Ux~_G|E0_bS;J`emQ(wlI41zj_fB#5Pr7X<8~2szJ!8jPIB*A3t|c`0cxsk+zKB
z*zntcf?!4eIGM?qfo8W(VMl~GAjF$v>*2QW1N;u;u`CUiV@Fy5bOVFg>G%4swj;I*
z5CH1<2E6aH&cy?<Lx^<1mIGt}U?Eo`X0!l-pb#v<kxLY|2#^4~4&oZnuAn4A+Fg~q
z{PMQ(Sz7M#f3NK&5=`1e$(mSsRlEKFT>Q_u)2dwQD*PVh;rmTpG6qrpPyjIOgg=@p
zsHlpXNQ+BE(yTCuG<o_2cj39S$UhV30LS=!5|oJPvRLOkqZG8zWh$dDUoEdCt0{XI
zzoXl5t%}_9^YPxggQ#_0Tz&3rQ*eOne9S>yL2(V(4UiZiY1zrZJXc^Q$N>d=PPsbJ
zj)*~S;8=~pASRDBsw4{B3hRO#M}Onu5<!q7Bp^U=6g~6L_3_WHkMBaGCgSt_qJSoL
zB%h?HL8&02Gde1uk%F+5D$O8DB}p(kYSUV3%2rk-k`a=lB@%$1b?o++aliFyea(u%
zPvc=p9SYMD$dXb_R!cp~w6aMfBxFFG+1P>_Q4iE1K?ER&`04ZBR>gLKVreJt``Cf9
z0)$j|)Hg6d#R}kmV2(fnBKR6Jd>w$BNHG%le!)W&Iq+DaWFV%f6ev*dx%gDTSKp7j
z<o4yq>J8hT%n8kXi@)4)@Q{*7NDz`jNJx-{8CkD+eqWxN_pNG>AJ8KLLP%N&Qb>%9
zkc3}-zkowPhuS2}5HNy_1us2*&;zInKnM3ay*C!@ipY206fOemtH*V^sh|eOTm3rG
znj}Kr<dR}{i8Wj01F``fgrGMMR8G_bv-Tc%aDnWLec76U?qynVy8R!}I|SE!NfXej
zY6xm7X;miDN+ThRl$E#7bp6NfudqOw%6IIhcL^YX1O`O>6*~i=nQgdW$zUf7fCUjF
zC@CQ*;n{|Z{WZ($MQcGOfwopvrNYRzkzuKJ8Vjj3$4RD(NIEpS&|W%|_J>&N8+nOl
zMUGi*#&)89L=FAUnupWRzjHk3Rd23rnhW&q)8Op;-`|prID}}ljY&lWGmx(?n*93w
z`Fs8O9rN?R>5O^&(lokOolgz2Wi~|(kL}EQ{_*_i7t&!Yi}vldsf9v98YY?$aj-KU
z@u06tH>16tA|I7QpMKo0)m{6&)=BKCoaZ;B{(|pu&2w8{Ip1Tm^<hM!NeNk2M24zs
zELM<`aL}lN<`R{}tg3?5Av(yC2!IFKl|Ej-z1Kplw1Bd{LXa8)2#3sL*ckj>mB2#{
zqAHY?mQ*;{L<toLpJO_*yrt%62{u*h@}1swTbI8z4KAxzXdq)(R$BN72yfsGAKpJb
z=lD*7hbv@p;rs5GCk)kOrGhhtD$s%xg`tSbqDV2QDa^k+qHnw26yV4(8RICqt29-U
zD1zWv4kt7#87d0K1e4Q{oBMDa@1eh{^$|0j7p<0`i`l1kfMa31G_7^k^`X#2Hp(HX
zCC9}NkzTfM!l70BFADZ#)nrF;4<4w8K@*lb(X64*4qk9P@s=AjX&~COY%p1ghji*B
z5GA4=m&7Q~K=YjFUP(dcEF4W%6rP|6oPZ*ubioA%oi>1s6bY)kWr8BBu%Zdtk(*#j
zvsP#;Di&;j<%IRmICb6YWxE*a5#!!raPC0&r%J}mXf6{BHF)6(AQAu)D<BSB)f6&i
zC{0?C1ttk68cZ##PFD!TG6c;PiJeJWY0}mZaV$~_kwGN^C}0!zZT^kID0Y4e0)zhU
zna%p_9h{FzeEVmR^DI&VK`*kP$&PKrg3;sP8NJ@Q-KIe~#p@{{vmuV!+<K#$f8?Hb
z+yuv?*^}-EwvrH1q4lVVYchcr{kIdXraVaV4qa`Hzj?X`H65}21qN%zw2JZ{55A$Z
zD_i=FeIU=phP|9L5%svf^I3=QRU`+bZMFxOXFe9@Rr8#Oh3oR6mNoDc002DnNT}RN
zAKA3Zzb(;g+wY{3LKkt7ZsEJJe;>X@T`CUuhYy`)RX>lussII401GmGxV(P!4`KLb
zeRe(ZPq*EE`6qHLP==ouw8CRfvU2^I-+MkmRrKJg*!orH9Oa*V-*gv(3M?Wj5i%YX
z($<Q=_v_C1OW;$d(5(CB2+Fw+ZKbsDdfwZs<w?rly%5WJ_9@SAB~Wdrfp#N1CX>tR
zs*NE)_}J>Koi9C(rsvPG^C<RYo%E6j+e+@92m=6sKp+qZl%*+3Qk11BN>Y@iDN0h5
zrG9t$`R4lf^YicDuW<Kg-*yZ3Wn*?SGSYjaQQgw}?(Ow;r@bVSX~4c$3JZhuu=^B4
zZ;Sf)<z8=qg@i#OL`XnhonJ)G9PqvM%eY|(B3pYkK0SFu8)9M%ByNyYqGgf5lA}%|
zN=Zy~WreAs!$3VZw{vKE3*ty#9>~|dyR4rnhQc%fp;IKlGtl$0fQcLFDiVN5#@QI=
zrB(%onmY$i3OQKCD}W%EleH)#F|`n>uzGt78Lxei)*lVL2OIPDng|>r63PQY1%#33
zEb*oZ4EF0H>c|G)m{TYpXo9D6T+8pR9f4>FLL&wuMhO(`6vEQ1n>rc|$im5pRrghQ
zv~{vV77ce_AZ_ttysf+8-Fa>Yu|7kiC(+V0V}^k`D*bSL4?zSpm_@UMDK~O&MCdez
zz}F;zY`9D~Y%I~KBT-~@aKPi5jH@&dI<A5oA3#V7b9lLVRYPSM`9&eYye=H!wczuD
zkjbGZB6;fCb<ac1y>VkhpMKG<6tN0ID0z`d&{?vIF4;I3H<D0VUNsyN2pp=#Bp!%3
zZxKZK%Q0fFE7+-Ik?sG3M!pYs7?eZ8yYhA<e><LCA<BJSD;I7t_e;~WkjFRf>eHJV
zbzAp$IV6{Na!DkUbl2S&r}lPzgjSEeG7a~)V@iM$KFqHw7wh%q$}2<)j(o!Sgki?_
z*PAQt#oz?=8@f183ekgT^j9<Ka^IRQZn%s#6}Ov8fC2+fKb~G7kTpj%jwIQ#%vWZ?
z9eB2u{m!?BQ47MT78QcUPS`8JaOkOfiWc$f(Wou0F31?nzB0v-5w4JJwQRXTa3p8}
z7iX15l0+v>D{v!eltm^ZWLD&wGz^IrK;g@BJq-hPJ{+%>#Px?s17R@AQlS9UfI+Sb
z$}2&_F=I^wKxP0=iw4qF0IC`-oXSI9YfRxRh*&w1Ah0`8gJ#Xx2F2YHAt?t=HYKH3
zj~QyJs3$6g5-4OPW;<#GEt0@*E&?F%c!><)_7D&R0nq?ezz^aGN;J-vt3*LaqAW{P
zh>TQ8`Qy)D;QROMh#xSL2OM9Gjl&1EQ}%O3OBIr;j1cbGgd-720pGoS&*zLl_9ku`
zuys3OvM6emo7tHO1ebQ0LCyMC(*v6$H)<F_d46kF5U)TF$|v4)oB5_^>|I~MbzVFA
zf_|H~Rp)+Qm!kctD5ye;ilb7iDH1AGO)E7K&%b|v-1+aWb^Z40XhvoT1}1=RIb@fd
z<f#iOF_)a{Z^2O{R#cRjER>}sWWop{Kg}w#)iA2%x*QHTRm8xes6`Ec8WuuCB#khH
z8X-k%C_Fko%iZQ<zQ|NB@nz6aN4nv+z4AxwvhpuQU0F~h^+5b8>)+D3&voXE1Mk%D
zuB~;j?c|kGiAJa-R?;Nr1foig2uld&tq2PtFr%1OL~3P9krFA&ef@j-Iq3|2r}Ok7
z4lkfSt19)iCQ3+|Kg!Zj+}y%sXmKutm7BvNoH7;+a8n{prx2AHpj+qmKHn4PvOiSR
z4Mcw<stcN*t~<N<*|!CTtAU4B$&d<W{MDn}9UGu}s4BW6ZlFr7Sw)k#db0=@uT%;e
z@_y^-cKS_g%QEgubLf(;#vvm}Kgf_M0EqyS2p|^;$s|R!L{2VOyY1rL@b$yr&Ts?U
zzo-N4jlK@p6jA<VVzL6@9v0OoD49_VxJ4u&gCy5qy7EGa`W1Jj)g7R_-wy1uiT5{S
zt=1-ub7q%iQJswrWz`%e7?83pMN5G-t0X(TFSfTiu8KXgGIQ4f&kxV9*Yl$vs;T{3
zE~_I`42(K*Lrf+_93$tyihlA1&wyjr+1OD`Z`Af+nVA-)MOI=%#4&9)7f7hM+afER
z6N0~pAHUUG5~G`p+|RUF(DMq{j%H-gECo+90}$F(s=&nowsK5Yf1<Z<cRLT?sXOz=
zS>Iirs2=8bzbo0)yMJq8;B)mtkwM6y$u1VEk^B7D^nQ1nf!p72ce~4y<;!MGB&4Dw
zgfb!|CRN%nn?gp2clDuGB2e|ta%ef6ks_jzLX6@@+;<Zrv5F*li*9n{j~DU%(04b_
zdAiao`WtZQ-fLPghd9Q)mnTC|s%Vs@#WvvPjZv$ty%LA6zPE7eZQr6g+2QY5pS4=o
zcUe#kc6peA@JL7aVMJ+anP#fXs8OM{tt?XwX;MoqQc4P^;qT|CM}GQqm&)Yf&;$q!
zAVGv;AEQzjhc*Eya#_;D0Y1)HwsbhM>|&!0nA7?9)B79w*yq<ca=Ry5!7S-8qRfJ;
zQ4k~v&V9E^y-HDlax<%JMP7-@*yda}D6GrENy{8}*dxyH`_He#&%D<;onB;}5ud4*
zRNFHGxdBmXD<fq*>GyZ38@}ITvz~Kd_jMsvQdA@=Moy3lf-b)99rB(8o$pwFy7!G{
zsO4OUdVALchgy*4X9!tATPY0dH6xZnN#^zl??IW!Aclc5vpfj=@BmDW{(bla!~yN=
zJ_7#p=ZB>ce}M&32rRQwH7!vg=I?SDM_#={m?nuNfUsZ_^eKrQ3Yn7yUC4;12TsmH
z(xen*32FKIF#Eb}{Xw(Cm*Q?zpf5!x2d_*Cp#x@Yt<hxRtJL(ev`i|?J_7y~vf<7i
z<Aumi4(r>-<0OXq(~J6xB?(C>3R5)=Gejj6P2XpobmYE^JMS7NoBgB!+3`@K71f;A
zt+-)85H>|}A>MD#qeN~{6Wc!taWw!W5Di63fIGSYG6KvgJM*tkyf{1uu~G#@Oy2<5
zV48{cwT79c8X$QAxJWkD1cy)q;9VRJv~^`%OtbA#jcQAyEXPh%nG;22tYKQCO;y=V
z)*3M|)}`GA7=Sn+mr?{>p=u{_3N#3&p>*vDVXz&`xnf$ojRFOk3Kl?#3y2eDgNleX
z97^uOD7M%s)2m2BNQenI9=+q%SFbra^S2RBO$T>@fQ}=T-1EKT-IP_s+T+)PIOi?I
z$0f7g@D3&v>%2|D+?YcS&}I^hK@pHk5a>~y3jpMzSQ%)7gq9cxk%bya0#F~rKY{q(
zcRqJ^G!{05!Thr}Wq#T)_<1AV1P&czrhCn8uIy}~yh2X#KA4bCGmyRD+}}yiK3(R6
zU81YeR|@AW43sqtm?6717OeqyQt~pguu$rB_I789?aFLv0g>Uny0H1jm<HE&YsC7w
zRX6VscmO;VxH*fom94qUJ>a*y<a_Uy4XYH*<}QC{5y)Mu9W!;$r1<oMu$WK9n?kfa
zS>)4MzAvh;51SUU-uFegdZmr{eO?<I>c6|IH@?<JxAwiUk|8kNqxE;&&KZ{$<!Uyu
zvB?afyGAWl#I2e4A@GxPg;}i|av)IDI~~|(nhax^nY>z>zR1Tvmin~rq0hdpThCJ+
z518AqMhp8!<RT8>gnd3Ld!yl#?9TWx3Ei+cWEgKDn;JQYT3#A@<$3)3>AJ%L&uES4
zw5E5~;dnkh+Yp0Mx$|@06F@pju={;^bj-0FJ-5>8o;bE0WY$TdW)bbhZ_GynywH*<
z=gN5<EdjG<&d<uCjs0(4PqW_z4+3c{eaqw9%jfGBcT<+V*$3P$(jywxUfl|gajr<-
ze7<r?0?OIRZ+IcmF5dYJ>^fEGwnJ?SfnRDq_OB%owOMvI?c>_GF#$m|(7gLAI`;V+
z?7d@!SJ*N|AKymgkX<?zH{rJPNR#YJHuEe-GOQDNurwK>5*BjrsBc@mo6I*`tiz=!
zip7Bf0lzyp)zSLLdtRsAT-hHrx0SUatrl@QrCol4G1|F%GuzF=w~c6lkw@4)ecUDA
zssK4*K#WIeC?XrqUAA2lNjeIXA%aH`k4v3tkc#VOE--C|1)4<-O&}R%B4>cU?B}V>
z*VUU)pG!AHQKL`Mn28<TQ4=A0;8eaG%$T=3-Ck6ZDAOSWa?<GNqM3B^`n}&cW3!h*
zwIUEmfffuHc9$e9Q$#x=?h|Hj(9z}%4}4U3`Zp_y$8*`}24ADhIn<EpQ+p&^k{iy7
zt*pwGbWRnsMNtzZu%O2axhRiPbUIO2G|0ll2x0|;WYu=y(9<SqNdg$qh%5#@3DdqA
z@b8bgj$nAH=Y!~JSw!-Nr(uTE49rEQRsujkf&nC<PNXiqdb!1NL9CE!ytjTu<(~Zc
z7T_2tH=rc|(N>iNuplo9A=x%1rK51cdfi34k4I0RCWKa-&wjYKI39;=^lW@SB7`1%
zeNjh!DtU{9y~I*Tl!0Lc#lU4o5JcLNl#UT@5QO2w!CW+Js=lR6nV4n~qA65VKzd#b
z?hL+tuc&$FjYa2Rt9jySSuAQ65)JID3CIIPr9!DCMMfu=o*cWYwHm?GH{P**oqY4>
ze&vJEh$4MXM+ihBl1{0;@DqjYHl`$b!=J{BuZKI!%bW|$oq$R}P)gI1&_-AsDn(jw
z)zlhCfSN?UzdI29IA@KI0ESLI?(|ddar?juHcHbxuc(-?hZ6V9d+izDV3pAX`-hX;
zUC6X+AvXKK)ACY%_I>56hrK?`%TpHjM<kJEW=SKGNw@WN?O3eeqTR{yZ{)W3-v#uI
z3PFchQxnS8-)#*&;1V`6K-=mM*WONY`ni3~FM;?FJ?~wD$HXo_93xM+G)02SLq&T4
zFS-W}1=qPu+#y&)j4%;pSVOv{K%98o+0%3@(q5x%E2+0*k{5Yp1_(SXKGq%pfH>=K
zB2G{OfdGO4-6#&M*ibpb_$nJ<A#y;h#ZNT=6<zJI;zC=iF*^zGfIa~Vnmi!Du1@yH
z2}38WjGo|fF6z$8<29b|5kf~M7hijGZ_f68f_;JXA6Tnfp;n(0wL*fAvS2n2p;Rdj
z(U(4?Gu^W#`TzqPQGA4~;T2w2d?$J+(^I|E7X9{ufZQCtK!>OvK!{KfhH5$`3?nkO
zaIrU?730uD4HC|SO^YYnXd9tdc(9{*1+&+?+?XGlQl&{FN{JyNQX=UTiH8nWDQ22r
zogxS*E=GlFWU(S6x%1!7eZRhWblY^)R{QSP#8HezOr(ISRH<1ltfHFVlF$&y?E--~
z->Z~b%tMPvqD7@tDrQkN=r)29MI>@zAs|fFz@VWuE>oPckjjN?AY+7u`S^7H!Rvl?
z;)-2SA%hUIWGEwACwS;#qa#tz$@a`RM@g7BvIjGxPI7KLj-f_V*269J^?*NqJa4x9
zKe_q8e~f$<3Tas_M50PT5RxPif#L5AUYEF}9Ij`aejZBHmZ?aMhHFTc{@!#+q?*=l
z<ZDjaNx~`!;uQ#}+XZY<K(6=wj~;#r`@Qh`fJuiom4W;R3*#pa!(d#wR?qE+Vu)dg
z#phj3z_%`K{ZuG>@0A~a1p*!Y;tSmd@bxPHWs<V98k&@BlP;QtVk+JGJ*Xj%*B<+L
zdX6|>X5gC}AF_FfR%BI18YiMJT;`&-r5dz=ZF$$PYk!yd*Ur=j_IMGKG5-;7_V5p7
zg#*GDbx1GawNY%%VsB$f$x^mA)ghV*zf?>8CU{rA{qdmeAaCEg)tv8JH+A~ARa8Pk
zph;1rRiu^@WpE>SeEs`<a>w77(doyRPjCXdzp!zMJ(R}6k3mfW!DS%H29naPdViCU
zE-n!YdW&0Zu3e)Of*LHjaV0K_5prdRS&9P=Q|CSXe)E3y?*9K!s{s!V4!v+cdDw;=
z8`hm}*0#PBEAG`_xl`p0=~Lpf=1y__@H`0!(xg&UqGYnUOEs+^j3Eluq(woBrfR7f
zsZ)FN`=5V*o?)*uba>!g1A3+Je6c-<XI_SpEc&1!K%=FKnMox};jjw3A9XA=_E3G^
zgMEFl-%c6>3_k|?hV&dSfh^%gCd}(u;EB(G_wgq@yF2fi)~b8wJI^Qy{>_qAQbei?
zQo_Y4Pw#&_>iWC&$Lqp<0lo+(cKs5xOj4Fe;SO?w<S2E66SiOp*V;5!<Ff|6^C+tQ
zItSvg^dnW#cdH(}OzL5WFP6JE^UppIKJ4$$Z!jwS)bs7w;C}o3*S|NL+W%8I5*?{F
zNlDHYfvsj&I7HN>etmP_=h4r6HKuk=Z3e9KFj>0b0c#=g7|Nm*B#BH4a9}b7Y6z?#
zpJTW2(U{xAQCiGtZe15?tE~}o0+G6Xm_XdQmq6S@ce@@4J^AMP%RDPh_|Kx^SfLpa
znITk0DYcY8yNB+1o__C<73vZSNg|z)LWnSD>UEh^LWoa!+iBQY#}KgTBXkr1)6tpv
z&$GCG{9V6id+ZB0VY1)bFJwhBxMon9=%<0d4AsKFbTxi?&s}HBuRb5r(u(D@B+iyv
zR-|UK2`gA)7?sL8Az2WLNP@@do_l|TJiJ-y;4lyYq6j3`F{((JT}s@R-`ibDbvPDS
zb3#O_lQS+ydBQ=NK}{gk!f`a50M2rH_<dSA<WW|}eVJxUvWqLa2BLnBa|$oHL!(+d
zMeDD)yO(v*nR)v3X4W6FVeBX7NXU~li$$bYTGFH~IQ#Z_^k3s!wxuh!-15CuEtMpa
z+F2@AlF3Pdhxa+h0m4;=;lqGCRz_6`GnBOuB#xb=LmN=o#=QJI;kSfaZ|_@SUw+C9
zPK!51W{S%lS6xBSYdBSQs%ceKD))CQ+nbaVHFQZe3R$bAkx{ouT4@?JC4xnXR#6t1
zU{Q$>axI0_7QE-2JG`$7=a5}3*9q7%5(K))lG7|D8Vs1--RTWowRvCyEx|;{BmqW&
zbpUjjwB@82K*j;y*y<(Xb8DPAxyZO#(H&Q)yPkKOsCC-%!Q0MbqVR?woit`egp#t#
zDhAt90<i%I7FQ{WBo`2vkw9Ezbi&&%#E~tmRBW0XF>H?2R4M>5l2q1xl_6U5XFaW&
zlalm@&BM-xAysWIt9Yk~SgdS%$`HM{&labuJcJh7$$M1?5xJE%YrI|P2rqMJ(0kFG
zGsC!A-C<sLx?@Xvz%@*O`jDNzEgbe?hJsA<dLRXM=6UXjJR57qF+fB-<^e-^u32_>
z+8*{^sXX7Shi@GVZ?knRC~Z;!?Te@TZ$A0s&yK2H_P?W(RbEuWHe)y6U7M8)KEvUf
z&&#&QfbkX%I@J!-M?Q;oHDr7$-#?@KF*{8s^#j9dj_|O}9i8;<(FtRoFH@ms?eRj#
zMO;|KzUN@~XH_c&@Kn;jp8EpYh>$+5)wnEfWBWeyg1GLM<oDO(gd4~6y_)p(*4b_S
z+BI3;qhn6??P!Uc?wR+~PUY=Z!-Z_j)AR>KC$Zz-N5j3B588!p_H3^%z->$Fn|GGJ
z@1M>&B)yx@-UG(!HbEA8)@70Jj(wMw=g6GVvnWU!Lsh&={>wB&C-0E#RhfTx-$(S2
z)_s6gE@SSW9k6&6+s1TST1?;+B?2e{05k`I1P=j$dZGpFj{akfP~j?A=XKg@Lil!_
zL|D=+OuE@aPEPH<6C<uoU!lF5%C{3^JOBt8a;yP8RD<v$=o8`{1<|sVBq9Tf4mOKi
zy)BYSM$-&py)M$$IgC9K3HO4GP4c@8I}nhfVI%;!**-$xg*of40?_eWT%p~}@g467
zQg?Zp-S!m?0KkB(NCOd$6QStlK7A{Pp1AXzzO>eXk6|50Yps&a!f@gzGEN~kCk%w@
zu$4x@!laPw!$p8upx0UofmlKoY|zntjKZj#$8w=tUb%#-HX0yck$RA_NhcuTfH2qq
zz9&dUCAv+G6o62k!sM=7#XTpg^Rvs|Gj8{OqI9CDdJ0rkMPDKCB6(M%-&K`2m^Yrs
z->-g#<?Thvd3LByadJ!ENq1xhB)cWuoLVCYD+rZDK^`6@a~?ezgNU~Zk7o`G;a=GF
zeCl<rczG>&nFa1acho}YomZo}A)!~k4*==x;l(&AC@Qi@4VfU;Cc=mB%gtY2ha=+6
zqZa)5Oda!nUw6!V!ZSv$`$t<Xq19zfkB(cEl?hk$VB&t(Lg#+5O`W#;?{~c<p1Zq}
zNhFg<zrMP6FDrTA`e!^)pNI$Db8GE%&Lkf4TUp;+8=AgbuWolO-vATA)V}D!55f<G
zN5{VVySrWM_VZ6*0)S&ng74-+IWBOzAx17_7J|60;ug!wC+t=(RKPVXrHe>ckK46Y
zkP~zSuhc=XO9i4zlJM|@Hth9M);5Q3<^_8olr9w@%D}3`2$~oYF}4UcbvL;PL`|19
z*uV~hk|fzUq|k*B(Qf9f(==P40BmYl2tyNk6BWT|cv=C5%}}AI8L|;@MPXsQlGCX5
z=0rINyy+UIag8W;rN|u6$!SDMUL>lRR$v#&ZR5-3a_tIc1-^h>I()`ynMoE7I~71a
z0}o^OlVXnB2JyLqv}JxDlG3WoB^Ft+TB#jc(*)8f5>O=+P4^Gl`0}@ay!6WZ7@=Mi
z2#JId1QRC6J8#&MNV5VeDAW+?cuTQhslqJ9W)aFW36M{(zu!lP<sWy%?Q337YxB)R
zTQcW$k?hcRCpi7yvDU-rI)SH0$iHiTcelT}hH=uVS9v!52^sj36r+U{Y8Hi-q)}96
zUGLlZ*VEsda#f4-yWU$CT3KYWflK77=43Dj?KcT}+ib&y!=baP&ULONDyZh?=ej_D
zd-z@60~H}^Q~kJvw_txaKTxW-pj~)?W_#S%y!RQvuvYkJ{a*LpGWhU66YEK0(+w>X
zktan)QD&7I5n7p*sbxj7wAFd|Z^$mmxzzKLtrO05bQk9FPUj%@Cxi$m*qIQ>h?tzQ
z21?6`Wn_RrL5E^iAYsH1gdsTnP*P|l2xbLUN-R;};h}itGQ5FzIGdOP=Qkc4xy}Lz
z^O3p7k2$U{9B585ruBVp^OdiiSLF<UOJBfR3P!JltSV62iUvFY2EF^<@6RP3^UfOR
z@(`-Jr0YS1f$>F25uCV^OuA8_WmhNXjtie3e*H^tQrqf#<&|Eosce69k%6iugUo{D
zd9;dQ(4rd)hUn_5zPA4%y#1pMMF|E+eX|S5Zwzg6noEOrQah?1fkyLN{Z&u{y?dv}
z(c}D3mY9~NS_M}Yu`I;rOvJMyHA@n;mFMT{df#lA*S|Tidk!OyW^f9kBqj>dr7Wi0
zicNA!B$7!al1U^PVq8hL_U9#_h*_+v%Bn?&Sp(B69DtXYi6O~DvYV1d3AYthR;5*0
zgibL255LoXZ!B-;1(uYXY@5tq+q*;T4rT$ZQXIM8Rn8}TMDAd952IrGf&1T@>bJ{&
z4eLCwIyukZe$DyL{PXMjq#>pe!3^sn>Dx+;N{TSRx^XDtaI!_pHN3p*^Y8WbSIc=y
z_=?vgMX(|`R|>WKSd$fDaHUf!6<~%GdUJ42J9CsFJ82v!E)=E}p%SNl2JZZLU^%h<
z?6SnHIC-Q8DnYIq`pZpLm|n~D?_L1EciE}>KFKm)Uh6I!h7l@i8lHZBB+MiYOqByE
zD1`<lWMb3LFF!25KEHRR?zhU8N|J+b>tRNMl95Dm%A^jfOy$rU*AK6nFR(fJV^ILi
zx==p4{QN*O2HhLkpR)Ic8jiGZd{Nqa?=1K9<nq4zoaJ+%bGP#e86;$qLIg<z-IdGl
zvz_5V0=6OX5R8R|1d<U+8V+n|_u$XjhwAbl7-_t?#Q-@AvKdu7RZVgp_4B=Wfs_01
zpXX3wh^dt&6(tdMoZsx%W&`Y51UVHt9S~9h2q=<CWRgo|KamE>qR%sNwB#;xn_LD1
zfl^SSYIEa0_+r&}%d)vaqZ~Z1bwH+2Q&b)bp||ct2y4ki>)$!syZ9s|BbgFJ%K7)p
z=I8Y5=QkVYx~l%djDxD>Xe^9lCw+eN^6KYbldOMhF7E8Ag%I6^rPUQ&6+8e0L$LCL
z3o5jhxa6V{a_J?RW=e_OmrTfm0hVl&NPw=$U{a=mpp$Kn1l>c)<-;7y%}<!}4adPQ
zcY_^{66?Ih&Rp?scHCa;%N`z5c@mHUDjG$E5V&qICEH*Y5UDMNDY^|^F+i9MVNgby
z7S%OOvSpwJ%VoIXuJ?w!&IIGV<nX|q4LPl4NYNTemKiM~u)@(bTFf~aM<p82p&7y|
zQb|c#Qd3Z~Iw;iV_5AmGeGi_0b8yhD_F%X9N(;tzc}?wMaLc`Wa`!M}Vr5+K2nh8n
z>FXA25HlszMATuPq`;bIhoz|!Z_wx+)sK5PZPv=`_WGB-DT*2a#C_pAeLcOgZR0tl
zl1h}l=s?U=3CP&jUMT6%2G}<MfM7ilB;%Gz&^o1566nwu%u93KWRs&STm+Iy#mM1w
zYwd`22&MOXyi_M(8pJcL&pYN&O#~&oA)mXpcxHpo`)+ymx7V#x=DFu@)9ECSyS-IY
zaCTC>1%%n{(0fPL*I3gNoa_!@+doI5fUl&T_qy#|!M=NJv80kku`^a~=Dp0ncT3t>
zvOBd#@=KQ3j2ELWuC(n|DkKlPoL_cy^!wpH`{<+k_{%om7V~WO>Kr6{s{RUq!f;bz
zlOi7UUwcAF>-gxhWpVL8K@|-csE*4|JA99qa;dfMKp8KxS9cMq3qe{`HI}l(*zeCU
zDY}m(s`3=?mi@k&r|++z`QR@lSg~?N?LQZ6b!VFE0}lP_v8M84iVbVF_PfdDZ0ycB
z7uewLtt?_+AE?1~zfA1KjJ<VKTuBo*Jiy@Y?t^P^Up%-E?(V?{-@)BogS%Vs;4XpS
zGDw018zevoo851+`@H9U|NMSuPT!X5s_wdd=JxH|U8S+Rxb}gI+(Fk$h@^h*sEOoo
z;p$}?^yV3*Xc~sHAGQ?ruwmO!*<|<fx$>!5P@CoG(W!GFXL?h|?Nv%()hvK~XY%uG
zuo`vY8Ly{GPuc5`YXA%MTST$^R%f&o7oVZ@jYbhlY_Gf`%k_t#0jAx};0pIcPEoQ<
z2g5|Bx)l;!-6~Sd59K?K7}rl3_dddHqOir#*eO=H^;;q5H`2K%tZ)mtqkWGUSv4)r
zrA13R083F3R}0Q;9#tzqiXSZ&yh>Pu!k&BcP0Mhqq#}ui%d^@L+nL%cg8{KBfkpLw
zpU|t3pFyP!qe5YVfVRwHfxw@wc6&{A?ML~f9n#ci<#-QwEOtV)B8w$gj8ZDLm^&Gw
zi;{2efVI^Kn}!p#z!K@cW2t?fJ`?-3ZVrRzck|7~q~o>nTh(7>LP>HIj%>YZ^V8%;
zZ7QfmT>G&a=rD-6vxijaJ`6Nm*2MNfU2`-oHP@(zgQnR7TZ{L;2owYx&Qvt+DRLG?
zHbzDCHWkQt+tP9M-@91!;z;hEmx+lRJju|VtoDJ$^)VhkU>93zFvTUwQ%Cg+aS+_@
zi%-rC&>ATm77|AWaWfHoJsDGXNZ_t0iUl6`^_g!BE?zu0k4i8Up)n%G5Olcbdt}Vi
zKn!JqPp@_h#MfsU`w1i3#+A`b2<P_HV2`qHeL9Ssg)FqVELz&FWbEy`-bVRyH<zeo
zs;U^I3^<u6%t#&a>8qMG$U0~mjpC!22l!uAI)k8hc~?N|Vwo~Jhx6tl*_Aa}xC)tq
zX^VnIk&~EV^@rBYzCzJcN+<_P&FUlMy*AztE8GZ2(D59-cC2?;&$~8iZ3t75WK|Yl
zCuo)?6V=N22}TIdLP~$@p#Itbh@m$=JVAV8d6l8Ne(!85FtvdH?RIbwe6>S99~Xn9
ziz3z)oSU9V-fNRT;|l%JZrIb{d1feFL*^ELl)nvP(llVeVbbl*z$G#)97vsPu#Tj{
zSOY~QufA<(Z`e^zAQq3nU`r#MP$W?)ZWy(=JtO_TJ0Vf(YQ?VKYF;ZXn?#ZEIRm>(
zlPH2UlEF5u_4;U#Ht_-o-ty-zAlYkZqHvbWppk>>HNH(Qf?e7e1z=E>z^T@~PozZY
zkh53#$ClV4BxlhoeO!7B`v*LkB82WUjIyKi?myeQTVDopNtLR%j>{5Z0*GxVRTkV;
z98ERbE4A?~XE$9;f<yejv>QCBQi38t7)c%@F+W)c>TiW{EGE9et`Ogda@uL^+yUNt
zr9TzXr>{(~TH65vw@0KuG?Fj{G&xXT4hEJ&hJzuOn<3Ws0)*DJ*&fz)!LBz+3Z5u*
z&&@USPfo!G?;=;$c`Nog<S;;7`IgwtI2$7etp2feEoIVSD-KNF?0g?5K=Z~;@v+0N
zKc0QgT0?&w5V&Fz=k9w4ty}Iwe4iWN!Md?M+;NY8ksAqb@K!ulB8&?8l_-f|&<Leb
zK+5)l$YV<}1Q7?2BKA~I(Y>^?!oBqCYHRsI$3-M~F4qo*e!hIHBqDNDvG^zWbse!u
z=VQ0!h9chjkLXOoXa?F?0`*rfg(1CfDBucKxiv0%5>%`vWFxITk~PAM{YW&0I98Sz
zCxiUSxii>l=lVS2NHr|@@!{cTYofEevq3#!MwSXr3V+p`a$Wl2hat!USNO{o(|ZP5
zMP>|npmkfilGIbkpbWj{&|`i3_kqK`uS}!II+kK_A|ICGF~XzREs>6gtmPtma`GCN
z)FmFAwjoE5v7y-K1<0+A%GjF(gaw;@8rW6MYj1QKcoScUO-B+bOdJ%Q$sdhc+M2l-
z>TEU0iq5m!D$M%a@obi|@8MCA;q@~sh=1dJvvyxQn6LY0ZR5UC<MLQGBU3K(O<qYM
z9sW|t#V~B^;TBnmK#uk71gHOMB;Ph2`y>Y2OA+LQA)d`(Po~kQiH6rHWuenfh}iN#
zh&%Fj+U?M1rl$3)fGHUx^X?B75HbeaM5YSJ6STjuRm@O%sG}^G@s{~*-Uj8$0t^~=
zgz(dJSBFDxjg4j8&QZp*TpIaS`nkUq2LD6yY*od*POpF{87g|PyxCfeFwV0)op<88
zS@^52rYaLqn?7v<$@`?5*6)n))udY1OogZAI?Sfj{bG{}G^k_ng|&v`wU1f;+G!ZP
zEFK<s-+hY;{e)T0M&1$o!P$SyD{cs2ofZg{0|KPvXHA(6v4u!Fz~Q^`YM_+#Mv5*s
zlCqh&#h_*8iaz$|VD9Zn_VpWhG=GH!evKAP7Jtk+4+Ysa1zW^j>>_5*Z-n=HyH1CJ
z5sRD}ZJry|8d%a!u^;;NM_SO<?Zwm4>U64<eEx3P2fI?if$cy#<GXe5V*=kasjEmR
z5fOhGg||e{&5b0tdT%)|0a&ezTOO536Pe0kyKKU<B*)16GcxkB@Dh#q*eP+=5-vxo
zjn4VVLysD0wvs_ZM}(VySMMZ-x!hhtl$6dcr|J_3+RFrpDDI1{^P9P1c2@;qRDs#A
z6fqrS^(f;1&>q$fIm;j7!w(NS+vJ@(2ymiR7&p6WS1=@fU)5qtJ;pRKB;T9-5ZC@C
zPY;J$s5t}-1`7&cAXVD(q4@BQw@@EpiDZbWf@Z^}Q;ldEzb)`b3GWhuPV^0HP;NGG
z_Bp<+s)7|WwOrEQ={zA_;DJ46ya5c~ANa;YrO0Wfjq-A*?g~B(p^F>sg3@Qrj(%Po
z3Rv39U+-+@H-8)^C|S9)dFD#i+C8XdziX`(v*ZZsyf$$4kiu$7^lMo*v%5iI%_xzS
z{<`i<>0?PpEwI>V#~N1YK$#G5Kd|cj2N#OfT4SKiL7PwArG44!jARHt=Z|lY??r<*
zi&i6wx_@X4K=Ddvi$1=YLLw<T5e)J1>2~&Wyb8Og1cwgkJxj)N9Sm=L&A8SNPneeP
zNWu!zBtH4_$kcf~W1;y6<J_0m+Er|NYqH|CkCJDh!cLa7zT)F^*`}WeZ3v>3z+hsN
z-NgN0Rn`u**30pe6@!8s6pweC`WQ&%PLLVGtVxeVuHKY_`KIzr#wiE-Kzzxw{VuV@
z-gH3aSNsIf&MX+0X8&8Dl3UA!C~xwpeU>6>oi=Z`s4yPwF?B2ZcdWT=K;@Tn+uQkZ
zMaycI4HG^Kc{qkLA(x>^^M0YRVxngIz9%<0iR_z`_#N%eLm{!8QNZBQ+^Ty2-arma
z3;*3%KLqnym(1KtD?Z*Y!(^ZY{K&W#%M0)BKgjEE4H<`6Y5f$z-s_|DUXn=Ymul+u
z=LGX6)B0#p;R1!S<&H>W=dmhdbd^Q!RdQIeb^7Ml8v7X|@3y9;D2w?+1G}N%(IHOi
z+79M|6Z7d<)j+H_@LJ5c!xFIcedDK4cvZa^lS~ZbHpve;x)H)mrF5OK(zyFq?&!=R
zePhp7nEq(^`$nIoX^LA(D$i%?a3*bcx*xybU7>$*No;O?4*i;+>Z51xsmdI{1cj!}
zx@|EWP_>7!3u}cU84NPd0vms-J+D8~YiH5p{*Yt{3~l-g)AHIw5!FZxfFv5wM?2yw
zjGlfYtxO=4g?RTHx6q?&slH*ME1z#FAqh1(C+~BJI{AnxMIg*5*+2zyvEsHxPN^>Y
zYl2z2bAwwb$Jx-oEw`{^?(t#LC6y{_Ts5deb#)n8ooQJ}W}t{nJ-6=gPTNeve{8?V
z6TU(E*8>CONsF%22IEE2MX5Z)rY1OwggvaH4twV5@EvWE`*lHJo8NQB4(&A+I`q8N
zv8`Wb0ppKw0ZepFB1P3q>=wims&8Gia(a0nZ&ppOswaF+5HmU*Wci-`<4}Y>N^k3D
z<$B2AK*vqKj(mIdk2YzmR__&ZX`7t<`=)X$0=Y69jN_1-f$_LdK%Hyd@HbqAbB18q
z3|S&7Q^`*cvpQ()teO1bFmylz+DOsjYvpeH%_H03feeU<ND-3~6NBehnEu&v(%t3(
zxFP8I{=-e#b|#3ra@&Uad3e_{=nMxh@%*W&UJcF9rKAKIVlj{6Z4v0aMdw;QDug4r
zoA+UJdO7d;t8%xhx&TYFhUEw8n_qr^oje@-^t_m6W@l%*JuSp`dE{0olAkPwKVE*t
zYhp;>d_Fn)MS6ww-Ok>&=?^)1i*0&37d{l<bgSxgw6`UC{b{QN(a|=P7_;v^L)Lmm
z`ZkBmhMe0b&oSi9)Xd&()T_P8)~wo<$ew_uHYwiM!+nttOq~^D4VMi6Zh5i%N9yr)
zfA=-da__I_Z~nhtBY*}hYz0e~ix17}<mJg36a*CfDvU@h?{;iz7K%tTKI>8NLto=J
zh95p61Hh4-V&{e1Kxm5=9>dNmZsYUU1gAr`!_)dc7)s2+ASK;n`2L#nCwX`0GNMh%
z&2ayQlAJ9zirSJ-v2s%6dj!dt1dM1%SE9#|iaH#@QG_?Kxszh{DWnblx;JA;sB!)X
zyA!on@Xl0hUGvNPpNR$06}&;aMTXCp*R3foJbgDWhSlsT!0h$!uD0DE>$$&9Jgi_n
z-9LAJ%taXOY7?Q{FG9zdMqseNz(Z7GK>CV@*MMjE4_)Z2mDI!1u#vj{!*B}+ub22Y
z0&CAexu@s%o=?=x`@dvUBx3Vhw@~p151-HCpxGY;5$DzEPf|bSAr2@<fGUCq;3x2}
zk1wz0pj02&?bJc@xq71l?vcZeNeK|X<zC`>L?^G~7h_gWr0|jRxOk*`gNPtSE&(k;
zA7jPT^YFs;F=d0rvA(T?A`8-Fa-PS$<R98noRk;DN5|L~R~zWEU`%qDSbY|<RQ!-8
zRXJhiq);@7F^%Vzs!i}P1DC&#YI&FsI!W2z2zp0~&qrs5<`k96@X~iyN_9o+y`QNo
zR2t-222nJf=}I+3dSmR6Ld@B&;8ERe%H&(`2UNM5iq;iYTw?FZ1nUI!B>V~*|HRp*
z``YDdHV--c_IUeOsY)fwVP437PjJmVzsgZj<~k97`WtJ0Ptx7f@8Y&Y`-(V})6r6*
z&B+~87noAJ*XSTsG|r}#1#;^{WTGcYra+qg@<8`Y)i3Y*1A+T^WMbRVS%GbKUWUtp
zJ0UuxZkf67T|hV3(FhB()&mZSEt8}!qDe+5U;{Dd_@!T#uBs6yN7LySuV;5ZhxA7`
z>?)53DCb{fGOLpCJ4?TWNB*+VZ5a`-RLOtV-rA`bDfOXl8;t2%m!SPztS&o$jBk<(
z_WmNY8TJkGF~qJQga!NOD?<q6k~w$MeDQ0irY-t0W79R<>(79;8h?A&C0OVt2E|We
ztB{*Vw^ld)n2$!=cf$DFYPyV0)G`p3gH1_3bjNe>0uOrJreQI&Kjz)uywch$<)gn}
znf#o@b10Ye29o6CAN8uCf1_VzG|?8>#2Z$zTjl(`mappWjyrF4gU5Y#M=dZOrhGQN
zTinUunuD3CjMqGJE|hY<62187S4#jLD2LW^t-OBJyqwx!UGB@7tYbdn)d%%<eQmM&
zqbd`uln+N~hGp{X2kN$ipRH#%6*XN03d|~7Ha9HZ@C1G%&AQpsUxw%HAoo{qQ1=Eg
z`2Y3y>o>MRX{J7|tIzlJR%y{cZL@8{Kj!{g2;p$OKfj>^6H%IW>S+eh@kap|$+$zz
zn%o#YE7!a~Qly+-4qpx#f9Rwwo=s@SL_XtBh(61Q2jW{kH{fRS+D*eQeDX3hRvvt~
zqLGmKneqjz%9v{X_nUTYK5x`m?7N-mpw|IR8r9?#AMR$UxbFiVy6ip?ouXNc&U!cc
zvb%LL=x?xcXmujTFfl4c1KD*_jU=?7{T)n~Q>1`*yA>lqW19rAw%8Eb)2{OBBtWDR
zn|v*{#Uq=X0hn7U>eJ*0NF_4sQy^Wmlvgjo&rV0@Zwq}#_f~<@iT2mS(kJH5v1=4c
zXcOg3xzrO`g_%J9TPDTh>Xa{njGy@%t|K3?QTNx#i2E!&#yhI&*B{qo#uD3d-9H&0
z$pKgu(^nMQM|!RMWi0umy{Zl!$rV1APtZ%eA$J@UODmUx#f=9frlC)Mkcw5YwE;0u
zG=pSkuwAbxSt3*j4e)UJDuG^sVl!WAS7;2se{_9Tpo;_?{^43eAR0Vo{PaYnMj}Ok
zg#x8U<u?`%z*_uemX`)<Xm|#$={xG?yZ?nSVz?~fe+!q=Z^f&2oDoup%xo*kaGc>u
zo1O&@LI$?9Xk=c>-sU?}x4DPT6Z!v=MJ6aCn5P@stsx#uz$bpM-li4Sqm<|uPVtuC
zH>oCAb7;y#^2H)~^WkjLHVWRl$^j31$W$ZMLo9pyz_f3Eo|9UsFL&g==@$z;KWIr=
z9vDI63QzlzqQk%&%IVa4{=PwRaxH`9+)xMkHcb1_i;q6_@CP5H{8h}*wIg9tt;MTe
z19yH1C1egHOor|tuAgPsbaJBJOcG(rffA4%QE31ZY&OVTTu;4-B;duJtn@H;G&N@h
zDrT1g;NCQ<aW&%%P$J}wH6&I$cGGWYRnDeDO_$0$Jpoe|ObgwfDaGywZ+fHm5>1F=
zeUC%f(F)XFqeJ46(K~koa^qCm8!XaC4fBBj<OaX3pHsR~S)189WWX+!CBU1c=`^ZN
zasn>7mDnF(q`f%v`Eps2o4s7?Z{4Cu_2nlq&Td6dR+}EmUVjTXe`46qwx7_basD)s
z1kC*y^8Dgs8SZ_tZV`SlAxvS9V|Q1Pnr|Yv_p@&3!DYWFr(rCuU+5wDRj|QQ{l|0t
zSYIXIK@@|EDh1*Y9>E!7-m-VwWh5s(YP3BFEPr(CPYk=`+rcy95lj2iGPMu(@(#@D
zXBBR-^k?YVpW>JPm#y#HVhH6rSWBu0hp73AV8)CiVu;g%1oDB=b`&#A1o4oA3a4_*
zE7AUzS4_Uj3rtTcv~Jp-IE4FD^a+NDUo87KG7&k=beYNo%%Eh`SJ?gF<?t)XmYgcv
zRXek8iek{|xA12V^Frh_rm_x9WE13HKSmCeM`*sS(EdsLSIOTp{vRE)5#}J}6;R#>
z!NWs?Hs1v%r?Z_2`zjlBeO6*LR8Z5(x!=oVF(K-z>d`m)%;cg{K|qO^C2=!uuQ$*J
zNqkUPfmPdLj!203uV#F5b+})_#x-wcvwVc11zy6XrEY$Cn1CGEJ(}WL{*ik2^KU$T
z!c)uxV*+MMFoMsSF-aJ5gBq7zhXp=qY+Nk1b^dA9@qn~WDNlWX?~}wicHrlFR~O`<
z8(z!^iq0R&ubRP!TZX{b&)~vK1EqO=pz2J+S8pDT#X@UlP*B~gWu#5z3{{V3%TUVj
z=HST5gW0mYuf>sM#qe2g5q&u(ngDuf$apC{oHhnAyNxER3+^FqWIq8*KjzWyHG!^B
z9PlWm1*X`x3ke;Q=^NSvmB8Ud?D`Zn&;&gIh)9(!6h_t!JW9Vbri&&yvcr&FHC!Q8
z=ipFh$pKZ>>^?iIm?l?8kF7M5aWHAvu&NFHeg6#kKtDfuEyM5p15Kv<5+(Yq%;$dI
zGW5;sKwo(1%M!%=SFLeL@JAI9p-i12I833XPk3PI7jOT5{BV;U2=$`y0HR{0Bb6U!
zV}vPfGEyupwDjy^WW>vVYD}h*Ylc=bjV*r&ma8DZVle3VCfDD<Gbfy5zo@LX#?!vO
zjp-$zj7bnB7im#|q=KpjEt5?((=+AJS6W}8HRkd)HunGu8Wu$2ewp?f!MmTrVBeLS
zc*wLS&aFVIx$TFt=%^HSAy?Fs4w<x<DcJ07Y_aBS0FJ)8)7;?936~*XVYiV*VxXRT
z)Z3P0$G{r0y*5mnFETKch)&4m(Fh27#>ib+E_4!-U9re82n}+4$SN*csW+SfYt4og
z96^O#rhwbqFJIr5+&v85e8E@JOSDDPv)S>WqUB)EqUuy@TOw)3eN(gTUk)<pU{s=F
z|D#|;W_c+~%t!KZ6L9!|8sYR8-RJ0mAD?BpGMl{VrJt7^;>iJ(KtrQOXb-x&poOID
z-R1sQ-0p3~85RJ593q@sBltB^Q3ofOn4~0FRs`{<IIwvt{Hmo!3|qQ@PFE0VF;=o9
zq(huiZj+u4`LMo^sY=QN3P722T(AxgS=k%zUvixKTy-q2-;uzPVhjpzgcB9<u2IcJ
zdyf;|j6YqwdWJn~7biYJ`fYnQ48t7izaQks`V;dOzZ|T;9b5H#qb^+VK5R+4p=I>D
z4ZE<h+qG=cF6VAG-;F|z^bg5V$6@$jzylkuU?R4zyJb>UMhN4T#UoDS-=1-M;m@;}
z&DMm+D+Mw3v-$6nACt;_=c#aRUob;od-z(O=^SBl_p_#kNyGFGt))$BO6|K1^=N`i
zMLSi06GzX|(VTR+L7c+(DTtSgUVgC{gm2KtCrReN4BY=*68fAp(6;@ZLgr(}wJTct
z*ya>{{0n@)eU@Qwko-?et6^!OL@S8WF7wY!A)wH^e0yLP1Lp;xkql&9$i7q+bh3W`
z*jdnQ#aGY&pf72o8dbZk*)obGOqOsqAu~Pt)8f=RV_xZI>lw6$CwC(v8)x23`#jv4
z*Mz^-ncleq+q4;<Kw|<Vk4AB$nLcEJ=HNk@7Mf=AN=!3JL`Vb^D<Gx_9cx2??P=Gp
zf)G>_stS@TZyzBEu9Iyd)o};SA5zwQCZ9N;k`B?Mt4{T4jLNwc)k1HVa%kt6aO+*U
zRoK08dE{>`cpQBn>WX~)^35}?Y%dqCBsJ6(H$3jw{#I4^Lkueshb%X+D@VujidU@7
zQ}Vz=Dsi*?kyGF&9y(+RKQ1nNu549PF7kVBu5YF?GRa6kQwvcHqw}K;=gnITmkP1(
z7PGWOtrcJ@qFkvV(s6_njI1MX?~(5zlKYdDvnND!OF(hjp=_CD$6KZO50&eyoC(zm
zhF&~RQ7Tl&Dl}wWU}i$?*sr1=OH96t-5bbwdvgs+CyX!Ee{wFF*qux3Q702r`Cuw|
z@Oi8K*lZ3ap-)U930wFWx4hX^w%itWKiO9y={6Vo_g-siV=I#J)h~p@w8L6AMw{N^
z5>SELg{UgRULs<1kk-5GA7HL_{R7DbI)M+T*rTmZ6F_v$h0a6%C@eRb*LVwfs}zGS
zJ#v%uG30bWX7qwirRn?ny1j6z#2Cah61A+ChsXyuu0}U6O2f3ODVAYx)0OUE*dkn<
z%H+*bMh-!7GT+mB)2z{5voP56rMhOxl13hm7lS!sh=y;mCDN)=6f(QWu&Riwdxz1i
zu{~rulRy|s!-)d%n^%x9@X~46Czs!kmLHLfZ@Xgf*3-&T*SWNQV@4~0k~lySh(VDQ
z&)e&KhHj`s8`fbDUd!2_EP_T1RO@w5Y2Ns9+L#>;DzvIBPE4W6mcQ-9=09-hY+0I_
zxVMAsLl`AWf|cK70+Wb*i!W%`;{uFI0~lmx-heWYo~gq9O=?(Z8envn?eFqyT5Tp$
z6j-*+ANF)0T(Flji<hUfR;l~J14!S)&r9U!6kNK$?yrKD9-A-sjciNPqOB*TQ%GCh
zX*HR$birx|npkh<Z9v=&gO7MB(N|9_R>OV1!@dItVUHi(+S**1gmhf6?YU<r5ms)7
zAqO8ze;$-xy*NH&l^Uuv6@W|}*sB^g)IHQpckR3FyA3nDU3j`Pd)9KyOnBT(^|sYk
zP1QD5-OM~x4I3Jt46A@Ps>(af`H52?lgz}0dO=i&_^tI6aK(D1hwZMe;f8Rti-@{%
zl9}?xuC6H*N22qiaNuJ<jl{a(=j@<}PZXFDn>s4Ze`#M(Z8jdZCp;pKja(i;Gv(-H
zI6x`ByTh-SVb7bz*YqkGk@Bxth=c7uo-PT|22#uu@%D6yRmO5^!BF>Z9Hw`wb1ZX%
z3oRNeuwW`1Or~^ZOsZum@q*aVEds?*PLK*mx_9z$THBlZP2&3J`*SH(R2Y~lQoH+X
zK;$0bBl)0q_~rB&nbc`2J~m5%5e^@KfBYEGO5W2t_4op@uc`)R_oy3WspRI=zuQeH
zRE<y9Owsw20Azk13KmC#H;{6l(18oFrmxHi;Z^9x91^UiE8&)D+IX+xug}CcEq!Ot
zvjr7p#6*m0t^)EVDosO=&r2cihyI3y93QZB>MX<;X3ndrsd_kcJ~i298;nzPFfjT?
z>slnoUIo1@_jbLj{|*Y)j$uc^C1A4Smk3F3`&+!@)u&8;$T5lu7{Q!vKjl`ivAAKW
z31xEuL1l^eZpVt@gPY1{;!QL)O?CQy(he!(*h)O8Wm(08Le9YlF58U_v0gXfmy_@k
zqbrxpOp<a22iynF4_w22d3<{Y`kyiw<O!3Z^%4PuIes`rBNGZ=$7cPqb%!GUa6nsc
z!x&0er+C+XNdFPdgc3f&`;Q!m0)tim`Q%Hjkz`knnku1vRaNsx@i*z*a+sh9Mn;AY
zV-0IDF4%7GJ)h%psOZ#In}OUvFLXNX1^&P$M2R-|g(Kipse9)AndTB%GLA54nYa~C
z1|LNgo6LD@Aab|bx{QdWE2pZW(T5Tf6RTZz-hhx4Gj>KKV?fW0m5sR;g%CTkWImdN
zh!IUT-8`G6F+Q4{7_vkMdS0aQ^@V<q$yS!~>O7`1e;CG)jc*`x_DgD)u(rraSg97)
z<G;EvuS?b}FH$Or;ixLYY7$H_bZqL*`L5Hz^&L4DCa|Ey+F|GF!L94^rc;<OUzfk2
z#*_z3pDEv7SB;~ZB%wgLjS8bjui{fKD=KP%ooZs$lqRcv0kd*u)mBIDXrm$;55+vF
zY#rffgFw%Nh10&Chd+jxGGDVMd&>Z=J)gieg@r^Zzks1`msOpg$VO1!dIB3%9$6mW
zpsbu_Utp^yq_fKjQru=r5mYQ<uSo%w*XvZ1WL9KW3JGji=dPrvWG{3IEflG?r{qL(
zs@ntg5dLl0*KAWz(e#8?QIxBJJ-f&z)!fm<R9UPsn#8QlR69v35y^E9S&Hq^$P)!!
zYU~Ad+@oEZT=sMBEF$iLWO@!6E*iTm0;<`noyJL;8U;cWs;t5`Zd5|<#v2o6gmnc%
zI|4Y_3mx4GhKY%j#v7DnJ)F@g6_ct79f_Kb>fCyunzbrqy+j<5lyYJF4yqzU)2Uez
zR~;2c<U|EMJBn=%E?xVk*=mqthbv|lsaoM$AxF0(MmJiQ^R{Wtj6qHcX`wB*x{&E-
zZqxXwLa_2&;bez<6%y;jmP&%gg7atD<P@NiieWAn_lQ1gK87;ef#t{GGq}utD_{8V
zKgA(uIlCcWPq9iW02~@2W$D^Um@Lz>$E=t~&>2w$HW4lqZb-(62}-J`idoTQl3=5U
z@BFuM*FHHs=tv9GeNtRs{C=XAKfc)M(IWE#ksPYNt*4?<+aSlQdGI{#Ss=^EFVVcX
zKcuH<`TL#3#I1P)8O!K~g|kGteN5vmn0<k}^Q&!EA0Uwht^>0_=qyAHGj=PmP&0-O
zX(r$K{mfl@?$oN;)hiRt9obsXNuCp+_XOU`UM{c1^c06bbKgF2?WfTpm$vvpQ{r}B
z3vbX^Jn~ki0-{Z|o$26YLTR9xq6A;3S>E|OurzN{?GgK6RA)IjJX71RWwFSv<x+y~
zoGc}+4o|<$_#R`pq}BOniW#UFAA8OZZ^KhBP#7>SGk$W7<R0B#eq4(+mK*1RgSuY2
zQ^uY?I<;0V-Mq-YcSx29X?au9-No+IB<Wg-aJja9h2<7{_pT{K{nG<zy^GIxb9gS*
zW1fj2=*v46#h*N<?kb^%#5o->D{Ov3r`enI8S<R%uZsbUY5F~`(t&JMd;XsS*N9E<
zH^IAni>sAgLH8M(Pz9mtJQ&$qbW7Wt^`=FYTjo-gvQGhJwX{5qhs{Hl-YBhHqMt@B
z-wJz59auinz?mc56_d70%!Ix#Et{o(Z}_lXvM1za;0~CG>@V`EQ_oVrbK10NB^@@A
z9Aq(S!&C?!NV<Jm4X?U`nfPBT`fjnw8wY)x4Oo_Kaiyi*zy>$iOyhzfB=7+g$`$c}
zcM&azf^UXTl=d&%(0y2S#Ikl72P|*9m)D>qJk*bDdO(r8&PMbhdTpVs=K0yMA`Z(E
zLR5|Wo5Sxrp5MWbaklT`21!Loqgo{BX1<Y+?hUQvT~gy!0hDhS%r8GVo>L+n?_lAZ
zA<@WD4vopI^4DnDTo?Hoz7_$$!b)jRawf1ERJjRZkYKmYpj7HH-YsJ<3%ECqqUoVr
z*HRP~v#*J~4heeDS3mbQKI!%CH!UlhkrIMLmW?MmE#5OCSjaU=<X7Tf0^~pw2dRl_
ziT6bUC;K0Gn>9nB&vpK@Xi5DjBRoe@t*b&e7dF8X6^dRnjrhG$!zJ7MVdAjUPh}+b
zmM!<eur%|t7V|ltWV>~=-FOOC(w6TWO*xRnR!Y6zi5mM{>z4b54TgmVBT5#NlX|2B
z19k|3Z1KgY)*<TSM#;kZyZ%q>Ru<QrU96k!JsDJZB~hCNJug@QXYAa>H6fqeu??w4
z0TWI2ye&Dmwo%Q&TYv<u^^H07?iT#kZ>HQi@;S1+EQBd8qlr&1t7D<aHDp$GIF#&M
ztd-;zIi~&^;YMZMEUVR_U5Gm^MU??t+;18-ekD)6M*F%KDtB8Ug)+T_v0S24(id_q
z3|5#$(n;B+QKv1xKe^uK7ytU@+XnY|<n*9)jbxV8ey99cD4<u8Tu$N=NqhF|v#bPs
zN8I;gNL*a3<W`p)XlGz$t(ijivXH~_bx(8%j+D;bcCN)ODaMzh+twT5gpEpvzKDUJ
zd6wm^qyh!p`@T~#3TGnXgsxp{u{%C)jc>*B1OeVo!SdA=M!jp4Z05fLkoAyT`WBny
zrscm`3$$PM*EQx47JriT^I*TIGkmX^^1vH_M|W7<m7l4QC+|h~>_T`)T2qAZ=-I8^
zGgW+;GzHF8w!7tc-EG+Ezq>YjgVli2r0$2Xx!DMzY2bVcj%iyu{62^Fn$BqCljZ&p
zCjP^reB42aW>mj+P+B91bhu^87dKmRVb)0CkTiSm0oPklbU*brQ(RT-wOC;q>;MH!
zPWJ-WE)1TPbkK+d`#uYih?x?3I;g>Ri7rtirBoI!gVyCEANJg0oux;exU65532^{1
zJq~FCo8pp#4}$jfcJ(obfEL-27hkCB;%x&m9>NLpcAT`ncQd)=4s{cajfVf!oyrIu
z(z}rHv4P!|z$!@$6iXlb<h#W}5d(}!SH(r!kGKI#r(Z<abyi%Xu@%Fj!Lc~=um+W8
z!`1SLJ(HtDo(yudN7Q%wO6+uw$@AFbUX91N7fZe^_w3v^O@!?tmJ+;=hONAp2}e<x
zvmP_VkH#Mj)dWf{VH~2;H|EALVkPkFI4taqVgD*~f@Jr2$*Q)ZpC_K*MGuDLwuuqh
zGgp3dgL#%+2<*Av#Bdw0V#T&Z!F>^Hk$^#A*%_JVX%LQTm>8d6R4K^1P9S~6t}eT`
z0z0atm63?B(BBvET6Q@V!Uu37b|#0IDYf!3>E5D5y1Er~n8!=7Czs25HxRq+7th?W
zr&}S80(?6#l)Ur9`{YKbujJY8DErBPI25;4h?d@%jHSpLM#P_0B)RpdXBf*_K)V;T
zw_Uw$$4Iy3f()$cY^JI$T0_lM%16c8+tsw@p&UxpeJVwc(Kbxl3~C1cLbKMv0ziTt
zl0TWr1|Ur}2sC68H}t}uwo&Klz6?F23(PePd45~!TnD56`5o1O^q({$01|_v3IGTN
z{0p=~DrZF85s@IGjCElDok<D(9sUn!_R#;ukn;a4K(nTDVa)%Xsq$~hzo7~+8cKvn
z0-=Zi;J&5uJA#C;y!3y8!~h^Nu?C<y{vX&B6yyVt@)5214@mWOKqwIUJAtT)5QZpl
zR8gVK1OTCc{{fLj2?a(VSpClU-E05=&Dy0508nKB0Q91vz)S?mf1oUg{>=jz!SEj;
z(eDx@21M|`ia;m;m`Q{Pe}kk7L5yY%0FW62Bl3X}jA{U2G!*ckAOu%369z;A2t{<^
z{{ayCUjj83K&1Cy90`PA3k4vcs)oeypDa`kL<HbcQ~00Gkkm-Z{>K@S{V$LZ^8Wt-
zh)}Z%5K794AV$j9gCa2?BL6>t#DLJ#|D{v?_XYxhP?sv`zqyV`toHxyZT}r2w1Lng
z5DGA{{;g;vMn(`6K%|1i06+k#ARiF{MielZnj(__j*8!^{Xal01pM1QAVU9$=ITL-
zkQ|^0D#YDFut0PZi2?BcK$XF;-n0yfK?Sv|2a33Zh;lW=AVG{2Ya|9l;`bN<W&#jE
zC>XI2iOP=1`VAly2t^PfZV2K^@~<JOG9pz5fXeSCJO0i@<v>uX01&)?X90*DJxscP
za|TcqLecD@i2nRHf)G*=eFpqX^!tL~LJ37;_@5j!M{CMhM5TX$!~j6*{4Eiwpr^<g
zL4jyxx8ph#0F2HqLr@R_fD!q>E0Q)C))65D5d9VgKnx&+_}>DkoB?QsNTC1e+Mtf;
zw_1ph81sQpL{o_n$|q7~WJHuRAb2?vA@Hwm(X0`5|4$2lNB_gWg$VT`^?3ZRi3oO%
z45;k?_66l1i=LgHgID<mtbf9mKMu+^ZBFk9`MkTE6Ksk3yR(0s^#_&$wb8gN|5wsM
zJB82$TF$)Q5TIK{2~f7KRuW<@*~fZCSGP|Q=sJoUm@JuciQ{lO5tJwZ9GJrbfrC;7
zQ7?$ye+Is+Xh|Fdf(rqkPp1XaMR7d<G_=-2)tpbbWKt7~LwBRuF@^okaWEUz$nyi+
z+2&XA$RR!e#ndk4&?e0hhP<9=!U^1XXlE+IL^2={XT7h96)!#P>@bYFG5zrLyMMpY
z1xt<2&ax@3GQ4AQ;Hw{hM=<3FuUl5<MrK?mYXT-q7rzyQo}9SQAz8vLu@Tuz3ttkd
z1|83H0=6*p&|ny(nP#dZH&Ei4sAoUmrDqd4*Y~aU_ee-cRR@)@Dxp({%;r=OAakZx
z@SDVEm#Ld|f(&Lcy|~0m#UGVjan5Z=<Z}hBEPeFYA*hqn&5FuB^kmI+DoI58ZEiVS
zO!sJS86XQQ34$=W3}KQuN^dmfW(IGZB<a#{G}mlZbR)}jbHkVQ!3bk(d_f?!$0?*i
zj*v_dU01&PHPBNfl)FQ;qk3ED=5tw1LR!|t17-CQ?}I=TJCbH&aaybhE3VzX>8FLO
z7J<kT@4M0``FP7N*0s7zf7})WSU;Shsyr^#C;x31l;EtOpW_ql3^#3H;CNKRMj`Bq
zLPLRxGWNz*22Edb)t;T&72jEVy@3XZBU)M~&<mBEZli*FRX14#VFnG@1ULJ%gs)1x
z<3AfxZ}pZ&tPOCXekPXo&^2DxmZlPm+Aj!$;w>nq9MZ=|8BETAU(2-%YveEPoSYvF
z5?KFQb&3Z@2_^2aI|ijnbwWmI1w>DO$qfu87?G_ksb<n=3tF|7MG(|rZG|E>n|I42
zb)JhZPZUyly{G1!lCTsO^Z`WP3PmyLW}_7xCu38yVUdSY9C&R*5)xpSw#F9Ce$o3&
z82C!q;z%rLZ8f=4gpmgB@5N6gO&TfG-Ge>~E&71J?1FDrW^9}^$7_QW2?3P6l>Kl<
zWEw19OLWt^HzD1-w7l(*?sF2wwiu*Pxs^_qJ@Oq?{Ac92H7qLRxIrxXCM^0VRQwm@
zxJjT=KPsLzyFC^?ls%k5=dTEbHg<m`g%J`NK>6RY<#)(&);brcILL8#5egd!N}VU<
z*hBU|z1Xcu{$N0q;4}OtZ)5jC#Scd862YSUUE%(BaE?V^h>HKWZDfZ=O~=mhYz2-+
z`$qt@t_=U5Lq%i?fYo$g_E_p)fdEth;I)o2xY{5aLOWJsu~&wQ)mytlQn>o_ORhYM
zm50(7ctbshK}9^6QIEZvJskuv(5s5k12xoP#V9Fe>yWE93gGHU;G$w&0i2O5lrY>V
zn^Me(<@HG0<9qlkI^Vp@(~mc^CuJ)s-cE^)OhA?;N^{q%mdrCR5vpt3@e{7d1lH_^
zN*JV<RiloeWdo3u*h{V_2*BGA$z~!sk3?W~jzct~zRS*4oT;lmrLx=U5@$Am(~U<G
zfIr|KNZW<~ZirmdSabN&+t*-o&-R<gu5>%6j(X}Y?z0l$W<DUK4PE$f!1(%lSiFA|
zXVctXuwl$%3eVM8b2^~yYI`6S0v=u5FY|>xt>K5FWT=(Bm)SQdwniSlb}A(NBnAsb
zZSEoa)@#;+x7R$LK#MCuLzGy#mC^P?m9LYxq$|YkGPJp>Z1~BgRy)rPZ8bUUU2E9$
zvYh1<CX#lIm8Rve)R0gaz>E@l3Beil;|SSx^t*(uU+PI0e%`a)4R}{eV{gb(Li%_?
zcOcEK>dyTdYJtAD`toIfY!VtGz0Fd~+;w1~;MiQap-RvBY<6@}2O#D6oFXJ$R8Boo
zFALZ0iQfwIhIA_JzUg|8i!D_~rBJJ;<1yamQu{&cIsjLuaIjtB#*ybKqJnCKbzv=x
z<mp3zOd3<;Vkq|epvLQn^NUx>o>&IW+%?fc|A!A1KlRGd_0#dS1_HkjN)A5;3#=x2
zxD2=*o!GMRHQT}deJVgkA61bfSaiUaA{ECysGRjIM5^i||9fKm-wVn<YzH|KnrP5H
z0&oq&rK%>XzwiLsJEJJbx<rC9Gt<$K5l<WkP@P;uZPoAUsuwxP7*&;k<YZ+4mR^3m
z94GVJI$T_|(%Nhy7lwE>&SWS6fIs)wv@2LGFoE;$naq}Kf~*}~65I50x*T2AKl|Ae
z|47<UTi~8s$hDs2XK%b5AX_05j&iqiBXCnPZuE64Qq}D+-btJQQ@eW@w}Yv;sG6xJ
zOhvjpx~ZMFvB@}7bn7;z8mXpwR=Sl^2tAa$+`-Cg;1mNpcMqj@JL4`xk#<-1Zjzgg
z(?+x=eJsui)2+lEW{-*<kuf)F=L#d)y&~gXvi6iNkGh`3mAYmoux@;phr4bCr*N0+
zE~$a(hGUbPuAP}OLV)o`k4QJwF4_*~uJSI~&WamZgSvs~RC{7wrMn^LRDHGmT-q_H
z5otsJjU#2IBU%HGp-75uH<_k#2Vrv(wWAv;6_<glNRM#EN)xzltw?zz#m;!0#db%8
zhpfw^-F2#N*SI0FhrMUTPRY)ri)!1%A+V+Aw3)<krCWJjSwy6wM_9MHJ%wxv&|I={
zWV<nyxRd0((xai=BT{LK;9=&fVJIT9qTG{Y+(cTjl4QHX)8wY4<I%&@E!k&axRqjN
z+pS#bM%ZQC-d)$wuBdhGsoR{TIM;5dX<(<+ZRerX=4Rm0O#*f|$X%y)Zq}Dy`6v31
zFPLvI{#<~*dw+NK*ROv{mZDZ}x`RtjILqZ5rBra8i2c(kdMN43Cs@y*)No&E``e0&
zhCX<$7U*H=_@tU}&Qvrint`U-Q|@iR3u@TN(|Xl+ONeGuzNsX=?{xJv!P<LV26txf
zq0S1t8~;w1El}O#yk&z-KU2{>d!`&~BI~LFDlIF~z+l&%aWRh*L{;OF8BqS&-OsXg
zkTSvl)92cf#_uvlMZ0-$yrmPAp7;inz-S!rk<YS1C{N~YEw)49e;v?=%Ypz8mP1y5
zLPS4WBgQU(_%s9_4j+DagoOR7-{J><E5Q9|ha7|au7+ri)ey~}vuTop==A`Cw_c!l
z%iQW#F!+{4W>7+YA1)a&)+vd`XD<6);3a@ED2w$SZ{Z_8<44v8$tJXxkYk576=rw`
z4)Y3*))c}IDCy_L_Q|H^{2-Hw`_f*&A)iKag4x>)0v#yND($L^j^Fq5Qq|yu`LFwo
zobq@mhit>AY|EF9y~N?cc4uQ2W>DdxedTNdBIV-gFYQjL+YEn&WfME|d%;q!&zc;^
zr(_O@*naVd34dy!e&YdB7Zg5$e*OdfD?`JB=*AGna(jyOG+z;kcUCA-M<ec-@`v%1
z`HQvl*?7;%hqmYQ-clrldd``Ch`(Z9b3XU(2ROiocKgaMSDrOB93U|#kCWhSo-s~X
z)&ltZpl8zL$vVBoOh=&i!pwrgG2ttJ>{_DMlPr(L^YTz1H2E2Ne&x*p%w#0Ukh5(J
zWO~Y??rmTWB@bfmdBRm5Yi6tVqLgj4c0x{lZl3qIE0%eVB|J=nstguoc(Pf8y5F&W
zNDGw;U4#!^9w;KV&Lbd;99oQ+2qUKKKq%tAAtuKF;)Bh~Fo?*@!}R-)MxO8*YwcR<
z>&$WE2QGM&SX)>s^euj4)Te|Ue%|Ptxuw|IleoIgxM(_T0u;xa8%8)8t0mIO{3Q4I
z8raQ8e2f#BmQI;I5FHKo$wb=B!PAgdJT;k?HZN?v7vYqMO56<wx2!c8bmQ=ffW%U-
zEU-Iihe{W`O|lEFZng?>UcnSXcuCwfhxoixv1vT<-}Y+;sZA!v)n;55qIR);U<t%J
z_uRLZ!a~g9Sp#+VnjK;p;<?YnwrDl%xm6Yq4>TVFsHm_$vlICF+qR@$`BxvQJ`-(0
z2emc!z6^g~(h%_<@hy&k2lX~^gNOItpy3dPX;D0fy$pwi{e;OV$Q(l=0(5kbxhtG0
zWozM5f+@|sQH}9eZLWQh&Of=Y8+Ku|`EjU7c03mDb{N@`A#_=6<bBel7VBjy(+Zm*
zr#G|HYYd$eVQewGb(yMcBsPEWy(fr77Zg-_txs8?W<kbe=-@s2a6>a~N}k3~C}qcT
zSf*wXMz56tfk4zoBU3SQk3Wnw>g&{ct7BR<Vz5r$mh^`$O0`3ZD0ai%`l7HlQ=&pc
z3P5<8-qQ<sD{W_V8-5vdn_d@BbOE?$sTZ&_-kQtq0ZT3i*KvhzlWI;w%%ti5s+8aq
zdTiQ&nq0v>S&-*W+_Y;X;`pYapUX$*Z@Hmlhz%D9c1;hdGdJ1Bf~&$umQVV`8=-gx
zwcj8Gz9|8&-3uNJsn%q<>f8E&H7noRX>_blmWg|=v0k?fWAKm&E!?M@o9wR~Ggw~f
z{O|2ZX3aU--!{aYfB`?OtyN>wJ5MiJlY+N5$lOBXEHxUQjpER4+or)K5qH#{g(4Fk
zE@GMYsw^}_MGbeIqudv@7GtkclZvE`)pCb+Hgh8}X9J2<Z;Gj(VxF70{6yJbH277u
zqNKn?FF-0^rTOUhR5TC=lCh`(QAW4j&k!M#&vA|fLP1t)OH1#i4G#(~nz8p!m26^v
zWe^9M!`o0J4*WOw!p8BPRdr(1@qD}BkSW?8Rcq)KmElsMn1pCixfhZO9tnS0;W%+q
zq1ON<a!mBNqVY`OQ$LzvtV%tFC5gN{7vtdKxzOA<idN6X!ifx(goH578jM28d=9N`
ze))DIRN1qjd+<k&!Rym{QArnbdn@{o@9sAyc%WAAZk85b7O$07Av9!6iMu5lsm^d}
zOfh7B9YPXXQ%f{*=Wbip^g>6UBH6`ky^cQ1nrl#=+~)AcZOCEDGCpXGe`gGMyo5Z%
z67M*lpKYnRw5-XtJ~(=g$1@QjnZ5wK?iZOAO4-heq_*jz-7;R_|I)6=+3-#1xO(BW
zeRgT)1pP1pRpg6-hH3`t%BikBzj|Y8@mBW2N~dDB0rlc(ww|W7hyri`)}>Hb<C%{$
zGp@NlhU{!7WBF-7JNn!ws7sXtgv&?^H79Jh2NJ~T#6pTD!Kbr53Z@i3eX^@%l->;5
zA4ZDcVAFxE{iX9V=M{n0yy%UN9UKEvUPm(XTF(+Qhnm+W!fl)W<Ao-s9KIv-NTP=L
z1}3s!kW{fRj%2uPT`Ql-NNezNlE~yR6o^`CA4haXpEQEVtwCtAYqR2P94LbPbF`TI
z`_Pp3zUEm+oUz@}wwC?i!axCM`N@3Bky!#q4jqE=0z7M=!~=_7gL@jP7@#|cwaa85
zpI<0`<TF!*F*YYlPzO9@og}lLg2y_AXw$-@-Wl=5T@tMbP>k4by|GyCSeFgGnE`oI
z_jM!*XloC_3O+^0oUfKRr1EMHK`OJbY>b#NFjY|NQ7H3C1rn*Kj^a=m^cY7AG8yxY
zueF_VFMyQJ(UYb3mvH5`APyYHGvwq|tZa%R#u(J43L6x|3yhrZC=7t%mZkuT8=-^5
zL>4`y>ImP^JZO3_@MPx}cPlx2GGhf72^|xAwt}K=ro!uyw)8GyGcDk%PqD)1tnQe=
zt2oZ9V!bWPiEWbx@%B7?Hy9TeROQ2m$%Y|*euGN$X3u-^XJpv%G-GjOs<q|pBy+Yn
zd)tOB%T0e;v&KsP@q=rL_~QMEGOj6wDRTsuvAm*X>Ue}GpHKSz*{x*r7fWLp)^pg8
z`$=Sycm{*QuBfRW5p~QPhW^`)Z`CO<C$u_9<Xm+pV_9dC;nQj;g*~dVna25RVi1&M
z@JbJc#Xtb<cq2z~6L(e><3y(CfY01C;YjTpJZJc_Z?ygl!Vi4rvt3+gJHOb?2h&O*
z8SYttCu>g1Zh?8P$SL}*Y-a0K0_Q(Msz#5BIe+dGf&YnDHNwbjJx}1AQ8i>z>!0MT
z{-Yn%_!Hyy_IU{X;pd+YMtAg=zl<5^pZ;+$-u=5xRA6f68fP5t3WK#Sa2GALpLahE
zcP@qgo$X(7-nHGu`LY<$-wh|e1oz+hP<iG=*(IaMUa1Xro{3rs7+^@NOo!VD5m624
zw48Ubt!^sKB^+VxeP|+M-=G^5|I@wVmrzOfP+S09($2B6$s+rGUt6z}QU4UMjzu+_
zUh=A_MV-t_Xq81$^f>-OA^NaK4yZat6s}?3F7bA@)3A56xBzwcjFEkg3dH$!e_N$`
z{pVt(Ty0n<q$=}mg`=i$ZF0873#l<jH@_!i9BG@`H-kEVZyN%|KG)HoVgWC#<;UX;
zpb$xuXu&hqVHvpPx*}fxmVaLMO=B8y04_)<=0hIM@0Bscg9hUFza=t6QWcc_SjrJB
zMv1NcX`4fs<?wIqP;;|&wGSLwb!wf8j}0)D2xmW0iIzsueh4J+qH}rpNB>gnp0bu-
zdSa1dz6pK6PT+GP)sT}JUyDRL%3*zxzpZ{Hx!!e+eM9G|37PU>|6r5nhViU^Nb$Fg
zu$vznui`&(lwYErVT2`+&*fOmZeD+7d=*Oftc|r39rrKU>8AZjBfMk+T;?_EHlr!o
z_6{)c6T0<p6^(T_zn7VMZgJN1!1nRby6GalZ9rAI-u8@)q>}#`M8)kOJ6Py6B$kG7
zS35c=J@eXZ(P_J4ba7Ku;x~F7*89GsC^pqWDV$Eoh)Afy-tqQ>G3h$O3d>Dhz>i(r
zdK1KJ>QWJz!eOb2;<$Cvr;>!h>Zvf%@CxUn3Fm7*yB{&C<fNzH;?}rfUshxM6WZo&
z;&qvkJ~nY0T<0fXWt^dqav80cv{~@&uRdiGIEf@Gay;*@^U^X12^+jz3S@7wLH%D6
zyKBlV5_Bm)1g8%>3uy-!tk3Hk<@hA!(MfbGk?8*Zk>{9qyWW3kG^}a2opfEf7Hglc
zo;NJl6jsk*SqFoaNZzjfd$Hnds8jorP*;)25|lJ_@7hvIPh%M?B(3%MTp{Yq>tx-Y
zU1tK@WZj_Li(OypD$?))jrTm_5oxfAcJ&5tI5+G!kX-W4HC(dh+|hbFljL;paA+fp
z9YsbH&I@tonmAeS-dyDvOqs3S0eKSgmL;B=GJm;=9%wg}I;AHS2Vp1@SGdA<>R#ad
zleQxd^rQwZtQ8@jvn|Ax=Gfn>yImm_@7oQ@Brw*Ft=WNwf0`;I*%vW-=P!7s2MnBr
zE0{7)a3r8zmS`AlhbVaU*2t}gxn6Lr8oq0R4>UF<A2zgfwi8?xIXdjF@Ci83YIyb1
zisr!F<%3{lt`Gf2Hk)UWT(=cJ5}1Qj`jPJG#;K%TVm$VN{g^zzCRLvY3on^P!NLaG
zgo6#{;<ld2-})3Fyq9!ai)9;m=pHQ=W??aRJ07R0jX2R$-&vp8h&8@?Y8rsONqe=8
z^aGz-`Ak~05@rrsLmbBaJnfUh-m=|%xp`~&@-vv-{$iF-iM0C5u~H$G!e+&Nz_;Pz
zvmqTa*UQzF46h+w6>bx>QwJQdYE$<elD=@W!9D7Su)!BYsc7`PMqH!ie%+Z6jc>6X
z@eZr_uI)>bUC_@d^%r0sDsUGwhJJCZcctOlxtIktwZvH{wo%s>Z8GI^dc}K6!&wIg
z=DNrgiQ>gizMbf3u5ebFDbrQj?ljVEwsLhgAzfx{V^4C0rtJTZthbD6b9uwPgS)#n
zxE6QY1S=FTTHM`TyK%SD;!>RAt|1hM7I#e`xF%2}NW1@s_q-p^TJ!N)&ssBck6-uo
zyO7#Ak=vMKP_k(}7q2VSv9_P1;gt`XY>c8UitBzi7F=rlh=^k>mRc45{YE*GTM}6;
za$8CoqKrS5nDlrlBHVU$uIo03^~dXyY$=fjk3QPyOY`}xtYLj8nVXAL$4Jd_hfxqy
zj#O;J+XZ?_Yh7YvK~6ONlr%b5uT4)=qk$Q7qhgKQ#jpG)GXB(SkA9*Wy(Nqlo06M?
zOsbX>cbnt=k}k2!TtSIKa8AQj2ya$Hh%~<Z*4xwZ*cR6QPz+D(h485W7Wpza`0{TF
zp#|vByWv}|lcA?3gPgjuIR_Gl($}>tKBBI3a1XVu^TvQ2e)YQRUlHxEYdp&=K~QwF
z?OZ0rvw<TOcaz9@=?%=%`X|@Cb!e-77aFFFunZfmtMy7cum}UYP0-`S^h@B0qoROW
z%P--^d%vM^6m}}D){I1R%A%qIzY(kYxK=AY_APj8hn8_CghwWu@3cfY>c_V0u^S>y
zOlb1>Lh=Y0pKi=nAN1oTKXh;MX%xGEb~WJm+E?`lbWn+Q#pzht6#vz8>7B^+d-LFq
zn#<RNj*+2-EVyrDvZBchsd<u{yD6U?zgTxs*#U7L!<!$_S*<NGmR#$={O}_4I%#XL
z)4033QLgcGNwS@Vn^$0krj|kzg5K^#MgFjQN)Zg2SLT1aZ8SH#@KL;~T4r#1uBfsY
z=X+2MXj{-F{%ZoS1}U-W`Lk2JBzylLrRLG_EhF979p!%|Oif$?Mz`~B?rush$NcBP
z=VowMlCxoUJBz^;J0e~}qX4N<^5B};FmiBfAd8rgHQq(v<?2Vf7oF-(@>X|!4dmNh
zd3lRe=ug~z!KCYdyscoC-C?jFepj2X>x%*eeD)LCBR#n7fNEhqo;Q~dEq)2F%67=M
zcAp0C%*=rMT)Ka<XNzo2%;LV!lH}K`Q(ogf=FMf{F)MB?c5A4~*t!X}e5cNEk%Fy;
z8CG0@6~@q=K$S9#b_nx(UBO};$7em(RDP)Vs->u5+=?QKX2Y#^!xWa}?nrXDlqVz5
z@-H-5*I2Y+Gh_PMi0M=Z+lz+rlDxLb&4P+u{O~W}@@b=w?12KP8pK5g;#mvwOKUkY
zlCSx(CdOD~NHhV%5!KqsFX%U^%EyTCIModf4mvCX_sC+l#her&LGf2czaq!llR-cj
z)m{kI@YCNb6tA^0KUR=dy`_N{;`XaeI#g|OSzW)O$BQ#j$ne}Mc4*+3&}1ty4nebQ
zz;L%o%s*q*sFOV+T6%F+d>0hx|I_KvzsNu6wRVP{Xxa<e3*f$LZ%Q+#(@NhyHZRHP
zmgPv<>|OPiU%}+Jpl71NAEqZ{C(`xAmkbNyM?HN#zuUy|+>z3?Ia|7;tJ;Hi+42uP
zZ0JGc^otRH?fd;MbbPx4SCq!pCcPRK7$@B~HQ&h4`V}4)DAn+}Bpo@C{_c*sSm%rP
zC(YE}V009eO3~=uYM|I(jrT6W)4t9M2*)L2`gE}j^}Ik>f?qqCtHb<?p&#bB>v?Fg
zdEwk5`pr8aTPs@wvCV$r*{<6}{Td0(lNamAKxAffq=r&)6YI`(NwJPl<it;DbGL=%
zyq<!EKTUZTtQ+*<@*6F|41=Gxij?8j^qwh6PF43Y@o!9wwI(RlXX&-a!wb^FU7c>#
zwA%51_FKLC^pE8-af@IovJGW~?uJ#B<=Nc^BQsNNV8~zZETNe9`%s-BuwJNg&gCgP
z*cZ&(h-I$y6qbo~=$&XlT;lPi-LCozFSzS2TRrUo3gx)?B7i`)9`SSWTAclV+oS)d
z6ui<_pwK!0pPM1aC0_)tF2(zPIxE<{Ht14EsjoZ%xTHM*WT{8bX{bWq&-_~f(|6jV
zkUIkkEDQacRsQgIY3#3pfmOi$ivO}%kP=hDPV2`GUE<HVbBXMdQp_(VUp`4C`J~WV
ze3Z+boD3%E9QuR72Bo5ZqBgr>gqm}3(M;)eyW=<tNH9G|_G1;z52SkwdFRP<1B17r
z#3h8$M-dq~6o|uvawvIgQYk%S!k$qGIYa+-O)}R~f4^i%vkTGJ-khPBj?CGe<yLp)
zd3SH;S)UW@<z?gN2ZP)u{kojIcc9Je-iQ6XPU<eAEs1WqvY!g`wks{;nEW>;$oGu;
z=OwdqTVu$!{ockrOZx`<kvTusRji44tK#)QqfE0b0iV<x#B&JjF+8>~=qe#ylfR$C
z5^69QTqnbRTeal>x|MvL&syKr#>Q8f^s?M%Zn50EqBFj__YIszhp#WYEDF8IXzi4Y
z9PS54C@YjKxNi$LE1wwkO=%nc;x_b1#EtN2+tsd>^-Cr7I&!9u%r?3gzZ{@c<Jgu7
z=;fE`o6-A{asO(#I3Yon-)%J}i@x$-sto8suPC?_CG0hPq!wir>az&A)Q#aY(TYv_
z<VCD26<WAE@dKE%3*MFmgR5S-VP49kZ^as!O~&07X3JyWD=3k%ejfX!+qby`dsWy!
za^m&ZkI<8HZt4R!T)zYTL>b6%r$tY+DhUV|>Aaaav;Pf_3-H;~coakY9lDl2hSwjG
zwV+3?@tlRW^x&}t2Di)~Nwwlt0)-}a1Ta7Mwlql-s))8lRKIh>k`%grh!AXTorJ(Y
zGN+>(+KvpS1KX0e2;-ET#wz&erAaEn{6_2aO}4h;;s*IO+TD^l#Q;is#+I@vg>3gI
zTlhCd;Afg7Alb!|%^2&=5U&mAVyT#Os<l0Ol*_Pu>~NeYxm4+bls=KO1e9DKt60(u
z-nCdea5^Lwu0kzpLtfC(8UcVU+UmvjKIHo;js&cV(Ginm%NEbk%=wo_ubeU&@`yXr
zUNftMNa4OLnAa*%a@Y!q12+9!6;#Pq_y72#&}@9^MHch<vLvE0GC~yBXkWlb@PXm$
z0vUf%Mi!MB!dV;BuyEzUlK0jeB~45d;XOl9Q_PF0qfvXK&(UhK+oin8oB(o4J9!Z?
z0@5(}T1#O7HuKY2AaVF`W~5a(8@FX*mk1U!QG$*TC7`HW37e)GR2Cexg(Z4%)86P)
z24X%t6s;P^<<}qLjvC-^Ud%Epb6SKd&_&FMM=%bctdg`p?(AZC7lX-CQX2KK`Kfth
zZuX_9Z1(-0oWjwrOX+5Ufp25A3y60zSxR9aEf#kmy&OTMS{jBN{U%}jToe7-Vj0rs
zpMr2PK$nAVCRodcX5AN(e3Q~n;XTF+_*pl5&iEaY=!0uR!xf2Wc0`P1_5R#sLwbwo
z^g=$i_@t)gBSiGvF2b;<7fDu>+IXj-^z#bnh4qE^n(4a>?0yF2-RWZoHL~oM1#O1P
z#$$rIH(KR}*tofojhxb%dUE4WFYnPqTIIQ*CbR*HCvl!em-!->H|X&%!o0=I%!iza
zj8UO9zAe`pmc?y7J>xk?`AN?Gt0tzIEnYWg`V`B;4yYQ6PwAt}G%;kzhaM+WuLVud
zIfQ={+I!_3+-P5VmQdJUhtO({&^srLA8YUsTExL7MoSQ58FEp=rY*-#r<Nk1B#jwI
zXIP#nb~!uP_7Zzo&eRd!PLr1rN{CV=q{iJFN9Q(;L8paBfeIr9JP~g6f>TfNUha{~
zf}mZa!C$Mye*TNQvZ4cH3FD}uMez9$`GeC%dvNJ-z*sHhGPsI<z*!<r{6n?D(!Dw}
zp-Oa{#krZ~T7TdEooRV_T7kV-8qO-qNBT0MctRE*tmS5(Jp~dpg$emDs`l_v6*SCM
zGx+)i6g@A-`CH0lPFZjsb6Ymrj+C{7f91s>71ny&`7|=%hkwE%Jg6Ek;CrfQU^-4`
zT4O^i6B#BW(+_Qi4BGRHAY9z9PQ?#-T3}`jLy^=lPR)nwh1ScgbOo0K#J0an`DPFu
zfy8xO1moR4@pujKZse>fP5%pUry@K)SxH0&sR9|7u_4jeY^7Ie_2BLF2;pPIU3kIW
zYbMwPk-eYAssw3b(zq}1`fp#vVPNTS&G?jx7_a=$xr~)~lGW3&$KK-dJaKnx^<SOv
zg+i`VJmxDiCmn-(MUSGC^M`3<Kdtaaxibs>VdEB8$BT*p`TPm(ydmjIoH7<I{^y;X
zsBVZ8Us*^N?(ZlI%8qL!;f)-aSR>3ppvD$mxoGc|OKyxuMmA_UL;Nsw5(k4;*UM~^
zuu7@1e5W5)0^A1;7rv<MtL`adrO*PM+oOi~WLI9F))=nlz{D9d7Mk-qCVE%>qaUCR
zxZHn6G5wnk=-I63UUh)3O|<M7bOQ$tTlP&)<9X$=L8i5tC8_ZZi~>(}E0woMxkTLc
z#wZU*FkNhH^#x|LDxjxV(5V^I6P;foZ1WeD(%Qq6XmY59>}Z<qCgOLC>n=7Kw_EDW
zaR`@Xf@1N>TB7tm4xuTZV(TB(wSCm<fD)@jJH2DNu(x_-jNPCcJ=xR5PPfJ<Zx8n-
zdbf&x18I`(1kAa05zmdEz6K#2K4>o>o56B_`#}AuO^MlidfnBklSw(T(T5!~9u~jh
zm$k<XYcT2|ey<XyvE!fXZU%|+L|Rm(3hASC+Wa<c1`DYhh@o@kD}HmUewb4H#9Q~<
z-KlmD4XP<gDZkP(8D)fgK4r;B@G^@p$KN|WXHUzNEyl?;-B*d}F;LJYT>7hfauee?
zp5(=rMGhRC$b$?S`E&!X;kl;Vr+FmF?(${7s0(iH#p2EL3IyGLQp+0qx`K~7EG%<&
zVE4@hTyj*ustHZDCmtq9Y5VNHW~~v+LJ{S6F<QD8Uqh2CJd&9syPIs6Yx8j5f=S;F
zhJYF<19t~#SR<yfuzD7|-Gcp=6vp@EvwTKFDVmfv=-*6Q<4X&HWtV1letQnGJQ_bt
zRyfYh(uvs3PJVU#Svs2K+<ppqIQm%r*V_8+ZN%h?AOqX?<XEY|kbzP7d{?Luw5P7`
z*CQj5mop!5%stOLVVTGkb0=2Sk~Er7MShEVJ{q<qjf?zpSLubV&Wh4NBqyr0Dr2jP
z)cvN8Z~Nf0B7UJB5jgswF*<ibp6H%KRlc@JL;?XEjY8D5viW}EQ><?+KxgjfeNL<I
z149Tgglsiw*n!FEm{JXW%H%|oeZ!hV{nQaB)8=>ciD;V_mmdp+<QiP8ZcgLb=cQxA
zBTjkZvT=9_V>jWH4<qvu3S#<6be})#d?S~7Byl=I*za?buhU1<|1z;7>z{XlEXqdN
zP?QuF@6-fR^?mdqR(>Vg_g%G6tQJXrz<q;Huu7+9;V+PvO$Q9_AaW8DwXNSl^``OF
zPuVYTxG?iAt)>MR&nr<J&hiA>SZ9G8mP?)J=1Nb}9`Iy-a-;3PBAcV-K!ma}px7`)
zbP&(E*YW8!A)cZsn*z{fvh!PQ+s+zym{Np)$DnlD`L24Kz}R2WQNc-H8I*sJJBs++
zPdE|hOB^7>MJ`I&ZBB}1MmsDM^6mX7qpm|z2A=F?d8H~ir5F_+J(@k<_JIH`GFhuA
z6e-(6Og<+qo2XNGZf#KI#Jp90WX3*Ig@4V9_N5Ps7V1rHDD@uu3UhWPx>8L;tPk?E
z7ZO|;ZBy;|E};gW)j6M>6oa9a03K^QlX_b7b{_jXGi{Sr=u<Gv!pC*E%JF7LGB#Y$
zR<>~&k;2$p3cCgQ5<eSQsgxQc)sqJ{8`eGKoavIdJmi*Jr>wF=MQ7ilIn3}csUjA<
zss!2(`P*1;n6cj2Adp0)CVIojfS!!M_31^;j1MQeip06}<ciUF;wOcD1+4<^t}~R6
zK|uoB0&~`$LHFUl6mvrqs}B4N<LFoz;u~XlxFZ-T%v^fXLq2`k#hnv0_6fzss(7+<
zmoiT+#Bl^oi4Y0<1!d0P&UJ9O`C)Hy1`OMPM25U@kF$wdIg0jNAd?5)xEK;sX@%Gz
z(q$*a6vYO7x`&CSdS1f|wgY~UU=;?v1G9%k)5W4G4gGQ%Yj#5T(pUtL4Gk;(UFd86
zCDxdGZe;LQ2^nV{@<;y448Lv4A{ul?tb|ESRuF~H7Y!V#ZnxoXBaE)mw<EAA4-fF8
zOtBRV+a`yd>O_US8%d$i9@&Z|85>_t8_#u~OOPaFMZ3^vKIg&v9{-)n#ugi@*#`oK
z1?_e|ztJzw1$`ZlHi6-i4O-C22&Mp?<3Ng8vGDCo-6H=0AjUA*7(&S6u8r%3NM~q_
zvZAy5AZZeTL9!6!@xxEW#=b@o*?fNhws?{0gq)kViQ>=gq_T$JW3#g{TeH?>PrCF#
z7c60->C2(<D^%D%wHf_V@kt=mhc_LGkg`YffzVWE;^V(O53g|LB$Z&Gx(X#Ok6on&
z?30p%V!07HL0Q}6DObgw_awZcWe!8dB<Oqx)?&Vz{17J^Bv<5`T3?eAIrF|J?5$!O
z+BEINqejf$L$SMHkHNIgN9fJ~5jCxpi>X)WF*!LVVRXgBalE~}Ex^KrsPv}mQ!3V_
zEdSsRWpl^K0BUq6&!>-1l9saur)*=Q^z4i5R*%1ZVhB^eaWFs13Bd<vwr3j#sz*l{
zaJ2nQk}_fy8`UCF^59^VqvqSz5m(pW;HZ|_vC|p>>`l74N@A1U(Z5~vT<JQa{$O>3
zJ^j|;H(@>E+V5JQZ*+F3{VqYb?*_87LnH5{=$9X9g%Nh@Okn7_-ryEhJn)v0VZt*|
zwZ;97Oh4s0+6m$$G{?$ab6BNySy|2bm(nMO8wpTQUE?)fLYV{)R}>@Z>btoTli9h_
zpuwQm!*}~jYxx@BqE3rutu(sG^&H%YJ_L}j86zoyOfY+~3`85X2Da%PsZNC3>Row;
ze?ODfR*kS=iAg{j7W(^dgL|dW5Yw(!|H{;NF9h4eXoX)OO2TzMXgTlb#9o1Tcfp6P
zx7{!EMJEqQZ{8F#<pZu<4BMncMG%>K_i>eO1g!#%UzHQ*8;O1;U-wM{?v>j1+HrZB
zNLo!oH%GUzomO}CgZ<GZ3rtLQhUd<4svwDh9w%X`kn+6QQd%Jrf9`l><i0&UP^2EA
z!?uTqTVV_kp@|rDA2p*2*@$Zj%>KDtMk~6AtwGc{GplJ=3^g6Qc>&--Hpm+%<l%74
z+LN!gtoPq-N6iXVWs`tHb`!)Q@71;V8%<)oNXk!=+#x4}59S`XCR?OgEQ6U|9iwth
zvq-hOs|7Sw!#Gk987|712|N9rOAFf7P$toZc%C;VYy$`H@~4ozsF)>Vj@NWQ8Liki
z8I@<`+7JfyZok~}XRrr+RLHOmH_H**FBJtvN|*>^6~Be?3%$SkMKXonHxjYoQS)U)
z(>3~FOVF`@;ye}-l^M-;pl1CYlRHT)fV$uR0@qIXxj{>|iY(U!mMI9{jo$Sc{BSeW
zXb>mWm?GSX-`*zv-dw}gDgRgYm;-CIn}!?Fhb&4xVWPecT%>O7GTrOc2|1>bTyoK5
z_O99zD_GzQdpr{(oVnd~_nijdq!z#oBq8Sg9)NX8cWZ6T#L~8<&j<Muk#E^r@Jfsw
za3oV{1^(g`e;^??qZf=xctWcsBj;9~86uRN$T8(^*6iEXUgyUobzN>|32alLlmm$3
zV#c|{m>Iq-q+_235o9TH6;NaMV<e*umqxzHefA<`F>5S3A38}M;u|8wz5A^(Mb04h
zjaFlVK9nR8?BN^iU>OdU#*JmmDoZ~NBrCeP=7zjl*a2GgW@y_&GwH;07hd#s8;Ztn
zwK$YlM{`f*K_3fZccoE<xI=TAs=rK`uT_ol1{|vWF%gIa$gAXh88=>u+*wYlTF2js
ziGAIFy`7||coCu}#_cu50B~c%{*AGi{@Y91n*0O|M(BjFjaFNUx?QaXWDHB;K!m3-
zn^i2IJME#39^peuY|*8)-<gPSDkS9qaK3MN8fy5(orL4}pcrT2hs#?^fr|GOfrW<_
zwui|;!WC5Z%!rB?$X`hC+ft!eN)wdc2Y_~#KKl>0c=~i-tmx4K+4W7jzh~+4iu7zy
z^l)T}zc9fs##pg~{@;h|MZGv9rxn245mA(|SwM_n(t1ZEpaMI!vJiysiH@9Cgd?~)
zvC)cOc6}0-a2+P;KJumE15kymR`kEYGnv8d8~g6xF_X?lMWhQX`G`6>pu{-q>j=G+
zjG)kNZGF-MIvbH0es&8F=zCJuOm+_EkY4=_4<`(&Zg=eL&p`BOGnBC&G3(X;riCaC
znl7J8945^+EljITg*0jN$N2eql&Q&EhtcSOxN&i!1<j!+6$PKLk+be1N&<Vxa*V59
z+#yjR=EQVZxRGo?s+?R5$Dde7_01FvRX`dWF8a5|Qpo5yeybbgz`vA7u)n|46w{S>
z5%cX}o`L1H8_44u05FI@)U#PJvR#ASNUv7lby7SZS*tlJ27@7+14b}+u}l{Vek<Hd
zW||B!#xg4U;~LeSA9lSjw;?nXnbH;lSPq&uax&%l3!&c|(%rMV4KY(~sXEi^$NZsB
z(it8AHjo*Vx0J5cMot~=zH<*39`NSAB5HB9QgyW9OU1PQ9w5UFSjgLJZUqUM&WmV=
z_sT2@fZ;y~&!*poVdrFl0O-Voz`U?OOeW(^JrWR8^zzC1Xx8EO*;rxf^UpXe^FFE?
zc8%mUNw`Cp?z@pE4soO^vRK>Z3KVq*8KPbnpC9*!!$4>(1nl&ke-giz9G(7+d{vq#
zH)yi_s%;k7A$B5!9rdVKn!@4xh`+K(8siKz%SycqCYsZdX4;jE#SnyvGeijQ2vz>M
zcTINlAz&3X8l{UJq4;P|l31EqUPPL*<*(*s^A9d~;>J?`u;xQjX72f?4cXN%c~|!1
z1}Wm&jk$Of@zK+U>^X+9CjP=Td!51|8AIkvFrBbgs+5BI6Ub^^DQx}IsK;X<#}$;C
z%1xiV%#BOx=2oSLt_Ql@(xOY=XQ{)(-!DS|IhRv^`Q#>%X6+?BJ;av}h%hMY?$X6i
zh>bz3$q}SeI@K57p<;Knp$9O_XT1-zGfXgUg6<@bb8j{Lss|7ipH3eq-(09M$V1T>
zrx1ysPa+`DuQoGSkVmrn%IRRgeJ~_e6fjuyp!XqnVQ@2<t5V#QYb(rHx`L_IwD0tC
zCJ41lj6K^CVuManJ7Djom-Fz2PK*0=a1cN^JPW^NM#CHYhwqBo9tAKXk7dT~v(6{)
z&pJN9Le3vFN)gfrl^z(DD_90AUeoY+ei+6+d+@mIDuPs}VR62_XWP;Z6pnPUyJ#M~
zz>Qb&y(6K#H2NxZY1T$acbafjWZ8Va%v<fj$;Zk&GU8|C*oz7>>gQ4-V%*YN#5$4$
zr(I#%9F($inZ}pnC80&JO1cyL%yl(>RKzw-hHPn%e_TTaE4oMCe)Hby`{5zEB<%op
zy}1$u!>-v+hx4TbIa&AyZ2TmNc(2B$;!Z{Zzi`IFcR0)8=Yk|jalCThURk;Cyll=6
z6<8$n;TzvlCqVHNt<NJ#8F~QUo^5h+GybofSr|g#A#ySzmPy!^8qvybVl)XShB9qk
zo+Z(0S{Lae-aaL!r`29@&M?y+CjpgrlSXeu$dw_rtg~QvUIto0RAlH%&xRYt;eSnO
zw}5Xr9_X#*W!J48Q2_;@+16XxcCl2h9uXP-nLgqBOtdQ^edetx;vw<jM0FJkfYNX=
zj;TWVpwcJ<r%mT6A1${jTg$73=GPp<4L1!%DPnSef2&NOJp0>}rN~|^mW9oicd-Bn
zA=)rEu4U4ayQF(-NileR?>4q+g8yvP=cOd}sA&1kYZl1<2afcxiSq$0OJK97y&{A~
z(=clrmfJK?QsC!yJE+<XV2Xwy>^tCnh_bJvcI<Le#ARjFz{MTnU;+~Q8+8I^+z_+^
zBt~?)eT)3%8CCcq3p{mWDXcHJaDis%jk9opgtq?AcggO`>@^WWEU|#71e%@|hj{=S
zecx7R;Nj6#TY|98?}3gtwOrJxGqMidO|dvpuUE8@;^AzpGxR`uCb~RZ2b(M#P=4#_
z3rsosVw9X_Xopek)d##w5-ioFG|N|VP)Pgu;w>mqL@OlrpWQw$8SUk8EYn`x1il&_
zo()<iwWoIH>ungmC_xjHp=ji|ece3hgBxoMkQFyejfmGw)03y2qvapXxd((L{Jj2J
z?cU_Qrdd*Z(q~o5!1T(pUa4Mo;7f~OvE<xyah6>wcH>C^ZxuEs&VYEAi+4g{gA`JN
ziJNp~$nFEFSMiasKy6_^eO>iZqXJ#}%K&iASLkEgY8fHzlmue*60c5w7StNpJfAp%
zYiFiVN3GUX5;6D`dDigr2g|AAwFWum&-0}MB76Y5N<M_*U9n>m;bMb$aERX5q^j)P
z?)Ly|c^&taP)}I5<<)|ZN{o;Z85tTWz@{-O313(qez6-o_xsYbmN0f#yp4b>w<Zq+
z<ybL<=`7z27L=@9p<sx0xqEM1MpYmvsp_*`g4JtU*iV2)Rg)wVEGZ6=ruLL^vi~P6
zEQ1~yY{M?3vnm;#>w8JBg5mHb1FKUVZAO|PeX|Mm^)9&S8vZ`Bpm0;mhR%_zkWhv@
zPA{1Q=#On<WlugdfmQ;1Ox_+WrcOM(TwYGzi7_meY+*JGbyom3(dF7R#%S~co%~;q
zxI)@a9mVC@+Jtecq)AEdvp31VQ>zzF@BU!CISF|edfP8TrlF#hN+weHQ9~`Be3OdL
zl_NQaqXXSBd;JIVe*?ku5}BFSzKhWCUu`GH!qMntnh~;Nx&vEt7bS9oPo>^gD1Rb!
zb`@4uTo45Sh%{&($H-A?1?2Y2VVUIIlX%#jL9=zr)98}E>Ea%W62DzTAFMyNn7R{{
zY1J!(s07{)hu98$qWc1=cE5bl%LyRe_0H?$NQKCYy#KNiP?{F-`11k-w%t5-n>hF;
zh&Aa}WBS2$Ty+_hZx>k)>W4yygow8RiFoPB*rcJ#qv|2OA9<)GziTs!5v_iD<<@w9
zUwD3yuY{doX}1?yEYJDizO$m7hIyfD_aqR|;#OY&j6y?&1zkNR(Jt59$_u|A+}F=;
zY}n^EOgJUQiKVef)#erz6^cAiFo5GQ$sYH~mygc7S>!HYqr-81K(=nXTme?a?QxQz
z!3y7FL7bscc_=c(<!fldf8^=|7`ZLc)LvPf@h`9suYTmsXpv!3(OXsanAg|i+6>L9
z1)vGuH=O6nt)T~RLR{>qCnL<b^~TVX-U7c7Vo0ud(^a0_nwy<`NV4ju75a4zC=iV2
z@!Mse>rkTfb(qvm-nzzU=(1pS)$$oqA}Kx}wQR(w9E$znpH{&i{Cz<Qa&nKuQc6yL
zS2S8Fg91B-)#-*<U8)@8f)p_U`Y!Mabo0+(0ARJLlm6rl_UNJkV^VBT*cfGMulvP(
z(66~GCYOGv*93qsrXj%V>iAcGcm3a<Z3S=7rN|J>`<}O28K?m%Cud!$c4=yxYs=ET
z-)cglYob11Q@k~+vMVD?Vw&Pe)xU;lH`~OVei#iXp)jRaNheN-T%^`aiSestdzMAH
z{)lk@t+0_qhRnm1(fcZbA(Q(kELfKC2hVv+WQD3LpW+bVfgf)*u$lwblKyoC1Nu#R
zOU}p?A5_&P*rH2yW;>$hiI@Zj*r74n;~fcT-?-4;>A9(?P&zpk%CG$NsBa53<TVO5
zuO8s3+o*PKU03jQ4`M`le2F7VWiMIw_(E>Lk1auRbFdVUq=L)3gbKTXp}@nJNB0=}
zY|~eW3)ppDaPV96)DjH+is;A-$Q6<q0ara3dxEJ-f60GW{XLUQE_H^JAnW{Gl|4>5
zd7me@o$b}N(TO4pJv-e*C`3wjXFTM=0D4it02>JQhey22qzpZ1M#Mz^oQ1;=GJWo<
zegZ#8#Q9cZh7@XbXZt7?Caa!|aM5VP!Y2o+Ev=wivVE_xEpm&`Nguq#zUn89rk5S!
zjgnCisAB_Dl<0}#hBXw6RFny{J6KXTFEiwOSqHR&>?b0_-;q1RZmt~r5uH3p^WaiS
zvPm{56MM$HETOh8wERLlwPDgMkSjNfRyBYJxWi&2B4ql7UGEDTX&)Wd#L@_B3>&7G
zE#_FhZ)-8R%2zxJpoij80iByrmOlH~2dNLXQeKGt8z_>A=6yJ<5{7j8T2Xo`_B9KS
zGKHOOBrZ#Zv4G8%72k!kVvJb>({?CEQEim4drzx-=)L{tgpC3`5IJQQC>xlSK2`<F
z9g$}H%xd@<SVd03six_rf#Ih?`Bp?LB-VF^Y=%^wl>Z&MYM&?tWQ<jOJx6mZ2~}CW
zo*57zruANhG&+G+iwu(#^nZ(Dteu#>&w-Pc8mD3w`?N~-hI&_T5+7uH(pTYT>hS!V
zAq-J<%`ZaDk)cE%!Ztw}BeCF9Rq<*pm4-<godk@*1-@boNI@8cLSv+gqlCi$|BuOS
zzF(8uWwn~xsZtQqlChL!+4d$U(NOpf3ugo0wgHtS;A(1Hn3cjnB~nF`fDojDUTG!l
zem%_Z)k0wO7Z2z6qJFg$9wUPCz(a351GbX?_eq{TTL%noM3`Gq!NG(Kk>6L1wToWA
z;;paxpw3>znU4ED{g4Avz9sOuwkW$`d$ev(cbMVj>+e6~dHY!#VJgd2)*Ab%F{9Yy
zolOdt)Ms#b<7&fB#_wigsuuP#b=ji4&7N57cIHumaSxxessi>eg1z$CNFFD>iX)^Y
z(q>_th#DBHL@VY3v%}J-J|U`hJz+kTUEy2yqyd{}2GpFUPUG~1cy)b+6nydBhwk{t
z5V5qVb&PsGm*J%{{bY{pnK!^Bi<zazo*-j{+X<v54nlF?Qn<+N_Uipc;T0OOuAL3^
z?B%}g;Y*jS2bs3Gk376p+Yp@8S6O`^B5-C_cgoxH4Lg_->K|Y<7o-_Y>`Ib7bx_wS
zLWX4PqbyDeOz*EDjC`R%Y8^fVv0Z-VzMfatF8*hS)=qK!8d7-vEyY#%X$g#+cN#S{
zDjna1cI7VYW!Hp#a~ToS;69mvE2zJy`1MDyY(Ha{QTDqJ$S^NNF9KOLy;Exl^(YCF
zZ1Jcsis$!Dll)lRDN|of<7}QMn+uboo@aoZy~;I+Xff%<Tx=6)%VHSCToxw&Z@9ch
z%#aWWyC>+-vLA@}8CoDK6XZ~H_}arh2ppPV%-F!ikkUHO*;gTkk<q)V7+tFVsya^X
z66k~%0wyhe4_!0iSa=_pKdZ14Hz$Ayx}OUe344=~W2G7DVioD$sUk&>mTvwDcvvpl
z-yitF=ofTnv+oNg{i{1hMOb`DLocUf@LL{qbzxRSZJ|q<sy9K8OpheQ*M4*5Gb~!l
zM@)|`?lkPian~KZc7AUOy_<m{5VH?YVd0QL$is6u<P$O&yu7@|Ra;x@AIhT`f7Y<6
zG1V(taAg`vS`e$>KIQLWbta?1zxSs$&iWs&OXiz%Ek<Bu`QGfzRPzPLpkYYAMzqRI
zk7tp2S-U!W6S&7H|6zLVPxdd5U#V<xXs~R*N>&z6F27zM>ELn=EWXZ_xd*3hFN8dH
z^d0d$wq$U@v*s)_d^@rs&$(q&bbd3x3O{O^vn0^{IN;%`BFnxRUWXAVSXAwL5Fkpm
z9Uk1*EH(*<gjXpk0`w-D`h+a#V#vO|mx}oNCK1xf%u}g$B1S+0yP@T3H~+mDk<j{^
zzyQ)Y#eB^Y9MGa3wKysPF+Rz<M25rmT5>UQAi7!XUWW62v7x_gNQ3r}|A-^$;4v!-
ze6jA_%07Q7`eFglyFrwbcZmND0SxFv7qe)4YHzfNg6ws6m@J1&xz%b>%!Z3C9u&`N
z050S0NqK}TgDr7NEc@P)+Hc^RsuHS4FYG(EkyBno$+PKyqbF&ZkrPZZ+&mVe6no=h
z)R55ku^D!>P!YHkzCdvFiHncsz30($96UNU6WeN2c4rc^)Eg`SCTZDm4^1dm4iHwi
zc5c<ar#^~RPOAU@Z)D`U+`)Bho|&A6qN|V}I^UkCOWJNcaF+;S^gy=0#r7fME^@SG
zMGBvB%nmANvl_u{hQk=<^ULpt++%q~nA0LI7k4Scc5Hw@J^#@bciSCd+E3_j!*Cn{
z=2sjo?T92-g2Bg5%vhOmZ^g(<j~eMD)M)<Dh5vfj8i2fscyO^>28EVa(eNRP5s^hp
zjq>jw=I~)Isn|Fg0T0MM&dvbB1-ZXJBwu<x4D+iyhoFfRG@u}PUvs^Mx{YDfK8kUZ
z;Jiqp)l<0iU<2r=rPm3~<|T^jtl`)B8!ceCC{BkSY}SRh<1<&8Aliw#zan6se{UN@
z{M{#%3tddm-%o@tF7D}0gy19<_HEB7dU6n%v32ONx0PN=5KVD}=k6Cli@pKr(B8;^
zJ&d^qVJ;rzfY6i3pP(3Q=WOE>cN1=2YLC9oLU6x|=P9+s%MQx2)XLrJZZE^%c8rWQ
zNlguXOIyS#1w+%o%{VoJ0;D2G9&*{MFyZs(t#00&&CEA{6nI+^5DH17I|MLSB0cG1
z&~Ao2V#14`S3`^?I|iO-hnZg1zsT>A#GDVrbqfB}xq#*c0`C2DZGm|+(F72G%Pc|?
zT`~_7?CW5Oq`eORSVGORctQwe<qU1GkHS$+#FH@IH@#ZB?Y?~4=jWki=Ibf(4~(<P
zJ<AYec%l(W_@ruis6K=_K>MWZ0H`~<IEa>L)-yVq$b2{D<Z_*onmddag)PWRjA$OX
zpbDS)V&hPXze8#BtoD}f6bK+d6i4=o%JByy!-8Ep^}K-d*3rFEdbIG+Gz{YVm;r9P
z#xghxa`@D5n}GF?mCfaeGkdS+y~OkL@-Csv?|N{5V9P4Tb&F(~sUY^BNK~r$&F{fU
ztO=RsK2T~|(vvc_4eaT8crgP#{E#dNBN6wF4K1r+vyy`Bu65ELDI<~&iOCJXW|OkH
zn#O^O1<&tb$=+pY%`k!pNN4!2;-gOr#E3fo(Z-;taR7J*k9h73$;r`5N8!WxU4DcR
zHP!9&d#yw>jZav2R_?_}Ifahq6`md;bshu6KGU&(q#1++&g-UrV|=_5_Qv=m9lsL9
z=@6t7CWO&gUYVTPXfPpa4A$N&IkAdtX}^%G(|own+vD_Ls5M8DSmq5cE#?g{%sWUX
zHB-eB)FH!1OY~w~Vu9lc%q?!k8(|HU^oc!2qm0-@jO5k35t%iHNkuy;LG=gHnb}My
zji*}1LA93*&c3{%P)Jl-1CL6VLgJSwlK0~7=&<C@FwX^ycNiRD<~4YBUu)4q;YiH%
zfZV=Q)Bu{^WKX|<F~RSxiiDWCGifl=z^^Da0x;C|u)H#UWICqYlZY<!g1wM1;fyI;
z_X2~)QCZsO4!|gTJ0nVI`e`soBBWl7W_|^sH>V#6tun3cL?LZs7(-HEu;uZzf9MNO
zfHP>$SP|4a+bB}`o~~Y^`(0svqksS}*Tp7|h+*h(zQQGh!3sV<x--0Id<uHrR>Vo6
zk#ti@!nQN$pht#x$SH24=GTJ+OZsT4@%tistlk?*@+`Y`zS>ts#auxpf{)ha7;j<p
z)I%k!7u!gkJiC;nGIT;JG9&W=<Y1_r1eY??u4Z1`bophH&J_(buqgTGFH@>xZrEd>
z6;YY&SqF~!+uJFZEx#cN|4#<BrQ{)5`kXJ}L*-)h%-5Lv*xffYh(&WVeo({^qER4R
z<tAp4jAT3$TfX>H$u9ki*{jfJga4W}f%Q;~cwfNUX1KJN7C^*uN=hmF(Z`7JJ{lfb
zx8ag_6}wHFmQ*VRtCfSuT0Pcs)+F!_gFvxZ=xmgx!LwFM%HZ9A;?hv|#ZjjY$J>&-
z6Y*6!{1j4Z+=_~Pzb9Q>?3!As3>|9HOL)$yW%w+eP!Ou-0~0AKW=%Utn+?2!lYk`>
z@IA-v;blOMuhFM99Hu}8w#hM2A+}lat8dn`vWI4VSM22M`zk0qLqbB)O^Hz-zP?Wu
z_(~pvlig2h%1bun8y0OLok*poMr|7pe#oy%pIwE@%jseB9~<;Qq|Z8bb;S_@k)^)+
zlt#4bZ8Rh#%EmIcqou(m{lA?usqwk%@d3iXvL;mBNo`Pw;ys^Cocwx3u+Unvtf+|T
zM`a^nHN9p3ggcr`faocR7KbYVjF@AZSGut3X`jMKdXb-cudG@&t^**59?J4Uc_6=&
zu*7zsiCfYB8Ni7xiaNwi?P<Yj)TG7ot_^NROAs88-$DktSux09%gYd{SH=p3J4%Z7
zA06Ti->^t(qpH4SR@gbsIVEIVKKD9f++&9ow~j`b&OQrIC)iM!k_J9oTELxEh7?R`
zLpf0pg_%{`#vdit|N6lg9NJzvuF4eNCVkB>D@AaxnQ1u7M-0({l38sve%f}esik<a
z1|b!Fa$NSuZ^V>PjEY3-1}lHY9_e>Qk(asQu%O^Ul;s)%B0p2PPR&E95;LS(IX%dn
zR~%s#g8hX(x^GXW3|r$E5#1R>8~keKBaf7E{HBTLsFPbsx?~K7eTw%f>mmbiwGyG4
zsT_d7V~=Mo7RDw-YZFF!Dbtp&sifD%mSEO)5pHdBZiC{&S+ps<uq8Y*G3u%i*hI4<
z2u5_!*jzIUp{0jBeeQ5sKi?>nuj3>(PQBaHU@+v;lt3p>@UeuB01~SQEtJTgeV_x9
zC$_r*41@*{@a5&_&*k_W3sLI;oB}`r)Wm56+HcPnEedRvlj!O8_Ieo|$vPInv4^1&
zd=xlI`c9xTF0qN5bC)#vGo-qhibHZ8sZp6BJh)1;q=}l|zD0M;S2y@Cp&DP0L6g58
zTJ-a}0|&f!<Ve3h;xfMoa>r0iJs-anoxYrjvtv6y+Wi_A5{xgO36@3!LS}+9$GjUR
z(${S5Yqm=<#;?~0eNj0ydk7n*0o}E;7=9F{g7N|XM|VQ+6mw5pvR>}r)GT{{5+S<l
z;ulPd`Mlv{ura{zp~SRkxc#zu=#MbVqFNFnR7otM{7<~f8v2j8j)Pu4fMJYK+Yt9n
zAH0R)QOvt}c_@mMK~7awV)}r}*W7_cv(f0`8}r@%H~~Gax}7h=d_dy5hbN;;IlMvW
z<NgI2@nrNa^)Kg$TaV;L=~Cuf;zu-CxsNBK+;YEt1hORM`Z~0Dq<my;y<y4I5yY=e
zKJj2lv<<=R&}%qT`iqG(mv05`A0q+9nf_Yi*lS*s#FYZtF3gnrhj4v?TLExJ9KU;2
z!<UUwvjKB`!xMWI?;@{X&J-Lz`%v^VsAn)MgUS$?5ERqA&@Pd#oRq~bKvGV0h*$)K
ztLrcbiL#fL-xI={0u2q_FMPUI+v@ru7dF@bD)pT#o(=qQ6PNREBYVT&>+BXX4(rYL
zb-K54IRT1s>?JP||D*c!_rH1MZC?aR$68c27<%$o?_|z>clui3libsPt)Bozc*Cd~
zp^&+y{1>`wUUOowoZ9gkzg(-e8UtYiDdHhLW!JrFaqlnu;<!h*Pm7u{e1&vU?k?@r
zn0l)+X<;-(G&VIVu#_=+nIBW#G<`$tPM0KnNPi)Z_w3)3-%o2r?qM&+=kcam-}hLO
z!YE0O6m~QFh}q)Q0_Gq;14iN<o>#%;YCQKCYYHs;!A<FMBQ0|OJ)9g=w6@FbZZ*CM
z70eb2^Y5C`1ylt$`qno{$8gx}EylvHA5Gf;_6h0qVv;35zaXEy-(*(N6_>)i1ap?V
z`gg72+~(?lNX!ghOIcomy)Sz-CcH0K)fKVGoQ$oxk6^5CA9n{|nvk#ue4PxIe;rS~
znr=$nly^;8Y^v?2_=QeS{|m4f0W~y%w%#~MhB^ux#b&?2bz>~^9cwFP>o0ImuD22g
z#s2dR#(e{080u0Ysq9WZR_GSah{nJ8k^SvWgUsE}=rFU!xiN2C93h?Uz8zoTv?-Uw
zt{-my8XXcXybQh|2Oljt5w}8rB}z;J3x2ptF2T26`b~UUtyT^Mv5ThMXj}{p+*+t&
zVlR&T2U}VR{Vx)Q9QhWNCdZaugd5A%-EGZZxSV`8QM-|M{r`}CE)Ao~LJF<4v~Y8N
zD9YzHwv_>I{2`fn)6!D*O?K{Iw}=+w{cE%e1;gqe4U#P<^4G}zL8+NPWq%)o&-1!z
zCm|Tv_zL1G)R#E<Mku}E6GKT|W;N>2xn|mc8Ot4E(iX&CuRPoc<M8Q|r<Yics0V)H
zjmcgj56zgmjj~R@adj@1oEY}`*$%7r!Dw*US(D4^xqFTLio9YH9vUqkKsqXoZPdm+
zXsBiwKC*Xtlys`>fy)mmraSIP><Hb&^?8FfLWn8VN$$4)9*)04FOZXgkXBCEfRFN9
z5Jn-0O(RFq?r8(hAEFdyn0_L0xo!KmlNR>+tXvl57ngbcwmw*G&zh-N7%1jN`%Nsp
zY%6e?;y5eja>f0VPjsXeKcpMKcn3$@!-`^oW6?u?@(fJ#MSsEOH*N3W_<W=CelwpB
zun8YAP^(ho2Qwu=-;T1Y5+%%5q~)kFEYx<nRxt2f*D4cqElGbezFxa}3tl?MZw0N8
za6bizKMn}+h6JgIlNoL5&_|#8JZ!CCk_Qmsyr+OLB`*#y{#^K8D}Uh09nvPz+$}aN
z8_^?Nd6*pm$flQZZ}h8AmEj~)qc=IWweTxp+wZ4PvTJ?h%o%<+d`Kt2;aS|Ej9ID=
z#v{fe7V89?DG!rv;N*#0%p6erXmr{7cvE*ZN;!?wl_#dZ8Y31Z#R;#Oh_Z8470MA3
z2fA|UyIqzn4dX<P2V-RYRVG_m4;Baefpa~#yH>vtfw`5^R<vn{<oxjfBKWeb2~qF8
zy!(Foi)y?+Is6X~jZ*tx4&fw_2~W(Qzb%AEk>N0D=!habhmQ;!tm2i$t|fF71P4Uh
zYDuw^<KQN70F{hBvsie}OyF`%9T3)$rr48J+q2s0N#t6PezW=W1GIhkAJ+XPp-s8n
ze@}VJ>W!%485!RA-#^IKui>$KWAsu!_Iv%NbtGFtd<!cdeh&zI^N0V2Ha(uK@AJ;(
zs|)o1M;HlJjQsaaB0gZ;Dxb3%@kX#9jB8koT7TxnH&~SCH645L_5_!`ryz9K>cQW`
zhMEAq?{5nt^El5rGjmIr<r})f1>GoE4f#WXW^Q2gSHyhC^{B)Lmh}?;EDB8hE4!5}
zP~4<Ja&m}-ZG9J`wOzA76S_Vo8Prf=x_o3Ha{cRGF*>FzGe!krG~~`I<xJXmO^Px7
z!%vu}rf>{aD>l|~?9DF=&}a4d&*P-gDywNHykp#*t-kEFYllE3I_JHn{H1vbKXL9w
z%uASLZvq+2H@7cd1hZnG(V!BKEFaBwf{NYvjkcvKhS5bQ%ZC+bVyeEH(pcH#;a*XW
z#IW^<<AJMUaKGrZCF-~(DZ6E#y+!BGpQOzB>48aNvq!;cyGLT6Nl!Fp45-FcE2qXO
zf5IV|RTa~&4$D;7GCu;s4{v&AA?`YB>i@`V*d$REYgD!E$dSES;qbMNoQ;UDrZ45g
zQlA&&#&>i>H2%i=alw3?(X(5crO{KH^pXIoU32Kt*#L5X?I{)QtN(|OKnKO!X&}Q!
zOgPCSzHkz|-3ae+WC8H+$>xiAVI+&z{QUL~SElsA{Jhm53sD(q%)$?F*dN#hijc_d
zV*A>=`Wo+aiWG#0Nuv5wWO<z2FrF$hWcx+j`rj6afrp_tbb-3P{*7dbs+j{0Oug`+
znrKg#|DBpK`A_3Efi~>+nWd5gv(Ez!oRprW0m0Q0KM8~>wtvsq(_+)13Db+Xy!loC
z{PHQ%diTx7{chyH|CSD<xz-ifXy6X3J}94Y&hL+Y+6W#3o1D#aj=n3NOaJ~bV$Vq%
zB-9_!w$yqVW0SOrI~Av5vv8?K!Dq>v^Y*<2p4!)&K#*RFz?{*xQT0fE0HL(Vc!4GF
zKOA;6X&(aPjF{&GwXy+jKys?}l9lzjlXrbD31`oJvK{V3vk`Isfz*>4*#D@boqP%x
zLPYMOBt>7OF`jWyVFA++y=#3n-pc&>tZ&BcPrGX!x<$d7;)4w3+h`J+A4MEFB&xQw
z+jBS@#DCB3qg5r-_n<-sB2pYe&M?HkbAJ&5{Bix(X<aD27P(%u-clR6_1_WyYFz>A
zM^YzNya#pcKYy=eTae&S+AEuXo}>eKf4kV&ZPtmiI;CgDs(&s-cSY}kc0JA4=2gP{
z!IcGzTx$G|d}LL&39S6%Jaz2@?&S$QcC-H@lz}<BR)xi90{=cOZu+}#tG+o`mp|$?
zNQA5ht~_f1*kAs9$LGgl6%hk67bT*mcmDo;*1Mnu^0sAWD<7j!G8Q7q&3=ylN9Vy=
zS#U}^IVK*5uialX-}3Ody;jhj*Id(RW$n9q^--bDOeG$5RZk#8{kRqx>IAiWR@mC7
zHHpgOlFZl54=+kABzE_BhW)`mH>jRDS;SRnnc)A`hQ=Dx7PAR_Qwx2S5}#fDC+2+{
zwkyzeOxG0fPtHejKGq~w!6_Wrk@P{8GncLV8_NJ=yO{>VT90ax>TYe<k5#MuTeXJc
zR8(V8QPu}#{@acbY)O`MQDdT~B4Ql2(d6S%?8I4&yAoD(4d*}FM2vCUIscK^{`7b7
zZwvAyT@(bqe`)sE5>ih}iFqVl7kaRNB7%z%s=d;lv65mTbd>o5Y99YJ?+s3{`^41v
zeo-MR%%1Ad<m0K%d2gglJe-ljpMsvuvb%5=KIbU6IVJoIWkCu34iwRlwE5S42d3to
zc=z1SP79*KGK#AFM+0x}Y5tf7g%W?UKp|0+Yp~#7AGwny^wJp=UCA-o==elwD>+Cb
zqoc9^3D>=p9s8jG;~LD)c{r5&qP9}q<$iu+<`n&wJq<*rswRua#}%&d&#?b7W}(89
z)=rvqF|20b1#fqk<d{8+3Pi>_RfQ++N!_i~#nMKt`Uf)+f~j!JbN^34FZml$ggS#$
z^vlo9lwn%#s)rC^Y!!v)j6Vu*aA0=6lk@C?sG-^w1unoIyBc7EkX-$BOt%G)ev(C&
z#l6Y*ei7pTQ_{N(nb-ac)0HC;|F?FPHcf@BTUr0T&BR9f2M@KaaUO?_O^Fz7a`z{I
zPO&`6ApDb!twc|7I4seGlZc-iZQ4t2#xRbK2CMp5$Tr@LmarXDW069mY?P&bC{PKD
z$YwlR>HtU{Z7Twkh{~Z;tOqQTn<$&U7yCuKAq?$b^jsYrh=egCpqKAhD<x}E-g)9T
z1+hy=Hvz7Oox~WD2}Afpc;d(bRRAVRIZr3iNxVbYoq*pzWU>fZ*c%YcpjXxhw04l`
z`^&WMvuTzdmg!Wg)>gTaFsraYYx`#@m3Y%+>?LIlhq-a}?-J!|RP<bU=$Pz3b{mQQ
zWy}?Pnw-TzbsQmyu1Vhzs5n|qZez}g8z#EaL>_wT?swf?-z3I(vZ^A*n>_?2F4(5s
zYxU{+W)`6JT-`$w&$-RYL)QU3^@)moHn<Uq;cDats~=p8<9*vY52oj;uaKeQ19z-w
zszj<tXLq{yso%)Xw$D3Ob<wstUxhPa594titn~k*QYc3`!rSzn-QAD-?stcd(kU1G
zH?%*nDeXL?gwm-hy&{cin0}N^+FzC=3)J7j9-ZLd2v{@p{RgG)yjO4P4QhVs>CFi=
z_t35j27I@CORZ6qE0TWI$&z|?^!05DqMk*^+HK(F!XF-c^=R&cd`pNDnEOWoQgF=d
zlCnCW_WQ&qe5cMQ(44-hU{X*LJFEp89C38l?Jv=h=%w|PDk3H1yduCBDuar7T5!7H
z5=n?zu8l&LFa@_|0#b8=bcv%$4G3eYasjh>R;P214ibf-O$v6QXYCW>xy0Vd@)Hi|
zHI9euirhYJTQ#nJ_2;d#7y01$7q89?4VeKksyLu(;+8iymCZ1=kiNL|ber6!&a%*~
z8S)c}Yq+uM2s?gW8JFT%K2Lz6bmF)TYfcprk?r02UI0*oNUJx2f{k0k)>i=PQt07x
zE8QfgP0U4`-u!<6WI&t0?zOiD4tQW!%bDMIkmYZR8Ftl>+c_s#+jZ2<STkb4U!bjo
z6%!6uBluYNQ6S8fdMNmKj`<NDj5d*s6k!Ph3nB`-s>9sYx68LqxxRc3n?u>&jhr)=
zT60>{ClP?C$IR`uJy)I#l$|<FV4{j}XBTGJk=S6I7k1P)Hd1qIu;IQT5YSEn6ve(S
z%rqP~qljD4s_AL4&}6}e&2WMmF%(K-qXrbiM-9!#;oTH#zAlyD7h$~#RWQ*F=p4n4
z14;Ad@ym>wWMmPXC`sRZEt@bsJo5rW#~wDbJtPfD0Om;yYz87s!cg}lk^urakV-t$
zPH)2|hD3paAsYVo<K6D{j|sm^NVreHgfE6Ds6gu<a1ek)ab<I$9+TT-+k7GK^?x2!
zd_M2K`i<h=5AVBWOsdc*5lVa#fQn1+tc%skzQYrke&E$I!3+_PG!xvqt8(ux^$H&a
zg=K4p$I_>*&<gBNL37h05)H}T#>4bakn8unu;0D!R}88mR|2dUU3kfDk|K3&{2hDd
zXys+y`&|!>4QuBxL{QVEh|&eD3OHEE4tw>oywu{jII~n#ZoN0=8`$O-C31>qW_$B1
z?btC}@k^}~JOEVmV28j@DxlA}`5o_O&X>in4@X*)zL}+x0}dQBJ3YP*V{$;jf@6n1
z6TWh8gcg&Xur7QV<-wv7YypfvjPGtlNd;hzHuNx}K+c2HUT}N&!8Shg_iM};jM@AQ
zD4<prqNL8WtkE`xL=swDG+NbIyh22m4(v7kJxAdW0Q;kU-=_7qmPIUTWXff4GTN)|
z9gGl&n}25rxe*Q)%2jGgm9FF#m}8K(!6I+u-~`f0LkPR~rCL{Bvqfo&OiKSw^jccG
z$)zThI;OkY6Lm(;-u9NlyXSi?t+u{-J@!+)V7WWfYsTBJ3H~?hQf;KOB8oMmXxTAr
zWQsP?Ced0E1&GPA5_|qKdH#QX{r*q$%g^l2)63qU9*U|YiY+xl%!;iLKz)!w0T0ey
zc|%;MufI<ZdI8}BLnLoKzgNTEUh<78D@mm_Z_5;c22b#3MOxKuuEq>l0`tt^J7I|Z
zUSapNY_z9-X2~{-az5vL;^gA+vh$vH4&lUkgzw?P<}z>A4(@S7l^b&}UtCUB>zLBD
zE|sN#<7IBGN9}#fAyKI#T8SX78yi@x5wUF+lWi5e>f8Kp&)>H)`~H82@j7A8?l?U3
zq_WXcvf9#DNi&qC%cO-6>2<rh<*h`kAqhGJM28~QiY65IYU!<InzfrMziRt)Un|wN
zt5b=}b>7*Tj_xa!izG5+rVJ9o%9!!dT}VmO3>a1z!z9Kd21XciOZTwCs;fkbD7wg^
z4Wgq`u^)mRP6$(HAf|#Xr!&9K)S9Yvo#E~8*J|u>IiB&b+H|L!^}=#na^}i!7A5PY
zb&C_18dFfw%_B<GZG*Vls&5s5v^qnmb+@<VGc02Yl1&*+AYf&-8XIKMjbg=_sU)Kr
zHbp~nNKc=W=f8gZhwXoE$^J~)Z+zFnpeak2NarRyw`p*?Gc`Uyl717Av!(lo#&hk*
z>G1RnI-ZDREw|-W_x>LpnJKPkUF$KU4H=lq&u6~Ls%u(JSMR%%VQw#6KEEfcw7bD&
zPDI|3YAs84m0GITY@73nPD*V*G_7G+O&#Q8CzjOQw1)lQ^DY+$FA^*A{}?GPL6Xvu
zQE13XMxvmLNkx(j$joLHz&?CC>pedIc)72)?>4g6pW+knpT?qQ2Q@6JsU$HiH44i?
zN-V1_jY9M!KA6Lw@44xgf2BE@ls`N0mW=T-NeSuxo~PPU)s{sYP)in;mb-+gL!9%V
z2I3<Le?3zXlLnJhpzlg*TiRuVG4q+g;e|0)$1^zc;Z7J9RXANMtW}b9IL3vkbgqM@
zDKd+rOAmjqeTm)@!kjzE(9zYUhGY1zteKKZlUXRWlCn}&v14g8Z4p$NH6^T>>f2io
z*U!HG*YES3*Y*A`8rJXmC%zbG`h5?5w%VwYG;U7pmn(#2-P^72ZKr=figRzHfu}hq
z51T+SCiOtxQZq!7cu2tk2$BKdf&Til8p~sA-O`?`wHr*^1x-;$j<{Kues-Ij{twTt
zD&<>G*TtT7#I7pqi)J2iPB1KkT*I8=oWfx@>H5c<M+Z|~>`jZuBGPF(u8X0Ci&~#k
z_*lakQ!JWFHlm7>(Wx?7nj>mTHa66nf~(cFzi+?a@%7@-=E7*!gZgIA@HT(49-4MW
z#@lV7O02@n!=WmdFoN1fM5MEl$pW~9RH}v<LbR0@szi*Gw9yl&gc{JN$mYJQ-g;-|
zc6`dOF=>@%En=soWu;}6tylML_>9qs`7>g0ptwkcLLmafTKpVr3Q<-zF)|{=(%Qut
zVYNnBm696%UjL34ELCKW9BE5byVXyvrtqdx*6hx4_u7|cCJVk|clF%$;dnTA8I<PJ
zb5iJCSVk)7pL!I~TJ@DMlM)a@PUeyy?4OWWj8Y>O8JdzPsHDi4trm@>v|^&h6tv2T
zOl6BQW=`Qhm)3s%zW;iDeLLgz{HlC)jLp?!5Nj5thomR(JM^dds($lX-`q1KpA6@^
zkcYzoC=?2+LI{Eh8dghR<;>p9?sQPq?WChfjz-RMB|?jl-ZqW?2KoGW%W9fi&eywv
za9rfHnw@JZpIKElH---0^lJ%WTJH<LGp7W(O6QSz>BSBMU7Pui6~+}}r=0QD)Hg%I
z*4J5?*YKZMDQZ(hYD*Q0#bnX7MT<==GMTlL8j6WIB#`ocPO-n=e;X|<ZT|mttrS6b
zyud~O01f<qgZq?iNEAsWD2s_uwA>(l)&2WrHBXz8ea+Z|A%g?1-0m;Q#?TA4Q*KQ-
z!r~2s{qwA`jBTY<wzEMGr@}~WAs9jLp84lwJ42N3Z|6sO`|HwPm>DOp8K1jTb`_C(
zj$e6gBWgYQXRiKz_^Zq&6T$1#uB7$BPE|JG!}Ds5k*M!1j~;q<hio#ZaQOAltab-z
z@4TPM`pV2%jKCz2$W&};LW)R4)lAfcn5HERMS-#qKZ(D$!~9GS>;0AHo&T~xJPl0^
zvqomHpy){_LgYe^v5(}s{Qh<E&SAXVg}%DRD0W$6BNT`Dc{^;SXja0dP0WN+F_1wc
z7-KBUz9l+^`#F-{)v>1Xc71+!BeYzV-anp>4p*)wVd1p48s0Cij%$M9bb8MpyepAz
z^1=Dv5z5^>WY2#1PBMiQ%72t7r)R%7jxth%D~ii0Rv1e%W<te^P|FgtC1YZ>7S_Ca
zxA*^u$)uGl8)lK2YDzSSn@ioTUUmORf*-%bKgTjq5MWdVVlgCnB0!RYSko5!?{@M|
zkFH;?_VT@!wCWZqnx><q6q?3Rl-Zdv7c(?#9kN#Pf(Be5D1bx*AgIJf7Z7+AWpUjc
zhWe#L#jZX_j_A8{u>2kf<1jK1LA20v1`TbThb{zF6|tW<KE1mKIPKm&$Fb33cDlpI
zcFV&m2e2oXpMlfd5S_z|5SMpx#BpGEDm}S^;7SzkyCugC;<@bdbSt}4rU;UFI*!|@
zcFz=|-EQqpI6z!n;OBF)o!54Boji4k$2sGRw4K;g{dN5B)NZ|Qa^Lg5?e5Q9UH9EO
zyX(XHZFV3&8_eX&z93Z$#CJ$|Ph1uss*aJ|Joc_=B<v8?4%e@6Dp{}(4maU-SVw0X
zh^u}UUg6kP4-Y(9Tx7a*`asxTC)gPDIfA1d%K%oDT?icBh*k>Yno_JMU8}l=XKjyj
zMlWBh!5Ld|k4~_S)RQPzuqxJGyMFKhd%<@I5)}e28S%dw-?x67L=8M`QlmvHR4a`P
zBB-h>Z+>EJ=J6u0jc`)DI=h)e2)ybRB_1nUd9!-9lEyZl4d^c9)k{f_hs>KjCmy`O
z?GX-toMC>8WnnrzDB+?D_rQ_dAmQ8}2QJ{t-aB7(uF1V)1x457^38F9{4%I1^gKRO
zH@f+u#M8^bZ4AGB-erBsl!D_!d0ls97IQD<xc*LV>inhNY4j`h!SB5#IW~oin9+p$
zhv7c*&HFn$zOFT1&onI(>XoSv$GAG1Ea$RrV8nOZIhIS~x!*o-k+)fI6O}@uRcMg)
zeL?aX-I9W}63&-v!&+o8J@;-g#IE61STlQqy~<y8*x!#y_uqW!ESTK+(fjv@2yIR*
zo=~y*1+%Zw*uQK?9ck3Uz-m;zHMq8=bbEVu)p^Idtl`wRMdPK088>R)nM+RdyA$KR
z_uqZ?W-7C%?_>Bgn=aX#t(rK3@r%2a0(JC}>*l8Wt~zqM`|413AkIo3c&@$peGbss
zISan5>^bz@Lqa-hu8YZTRUc-J?cqyC!{CjNpW6i>{ylm3$ca}{)ckqV`HvGl=*NwO
zC(EDbYQ$XAwG>FqB!Pr%-*Rr(C>v{YsaB;WVx=-^qSQ6Ix;4`xDOC^_2q2`1+uMnn
z@!qp~((f)nRdO_}bXaC0A|G)11_tOm%TL){*VCf~=5c(Rt>sr%ar;^IXd!|iuz~U%
znP<)`MZ=bo-ia{m^2}PYkDwCr-fuN8y|^akW^p1Mg808Dh+(t{&D_b!!(HSz9x)j-
zu@G1wkwPsE?CDPUl<!PeD2S7#jn}%s%BD{OpNhSATGIYen|pvHhc~VYQe1)`HNLt<
zG~iuvhxgm2ljXxQv4{hifTK;s-Ar0ivPq_v21?TB5v4UrWJ@);s!Z(AT9%Tgqei+=
z@WUWNcQUsyQSA}&jiC)A!($RGkj@NIrUFSc9W*CHPSCcY3#z>0u)%n{HxV8ddOSFS
zn=uA3gn<O&!Bz-SCrxV7wq1%{u4z-zGmv8tP(q2o*{OpTASl82MvG@hTwRfjV>n_8
z$411^f+1jy4QN@THanxsyt$dqZH=c)9WmC_WEM@F=(sw(vfL<5mZ~O!RR&>(3CtLE
z1u8n)G|dYYU@NU2??t`mmezPDih`;@o0y^|;`cSYw=l?HJ`9%UXt`WVW?EKj*@JrN
zHRgu2QxQzdZA9MH3@*hJf^Ruk@y8qlD5P>J_&iBV<?wN|n_+?oA%j3PF-Rmp+68;p
zN%WqPj7Y&bYFfgUmKRoFUgCt11dC}%u@X#;qSJF5Wk|yi#@D#El!uP@c|Ahz_jh-p
z?GL@wue^=izVh`Qd)@Bh&~?G-yR5V>sb6<ecbiTM94K#YY(RuXz{hyqMmPE&UQHbh
zsiQ;~82D)F)qtS-?AkmM?<(*wy!}0Wqwl0_cXj<ES1hOBzftL*tS+Bb=iTr*@cW<(
zP3HSgeXFY$h46yuRa3gCCbqjqh!|sMZX5dQht)tIzB32gP(a6P=b&GU#evt~LaLo^
zz=7W}XDR!;VVl>WG6x6(^<PXjs*MqZk)(KDEH^2L>@#q4Gqi+aD$(ai3{VIlonatg
z=Hd8(fNca2m)C$PbhIKAN+j?g!YL7h10|EYa%$#v>#w<}sg#?gEw3>;l@`T1nsE1i
zYmXkL+GIRpgVt6@u)%>5kW(92xVlPD24E~CLU7SeV#nw$I3O}n2DCK|V?!0erNEpc
zXk|z+(!<h*ql>$R!N6!aH&1UGH+0iYScnPTI{L+fQ0KxnH-nHK3z<O&gBvA{sHk-+
zD>jJ4(u3k7moNbkOAuE45%>%0K7k&OC+pk%Slb8oe<$PwaZ^aKVjyJ{X-6XFY&8z5
za}c7UrA0=lL{e6CqC&ZfDQiB+0sMT=&)=tqKE6nGB&-MRE4KbETK%T7+Wz^qHvQze
zZjnUic6VLcnIwC>V@Q(~GV5rXiGXE8`D$Z7I_nqsC5hnZ4}8bZNP44^mxd)$!z7OJ
z6zISi=S3seWgVo{q~(yQSUlyAovXYnB;xdB{rh(F#V;5v6S;QLX^P2u=^bGiOXKTE
z)J##7xAWJU;;F)3J$_^B3SF_<?CtLV1NRv)5(Sm5t4SFVK^TZAj^u!A<L9~e^M7;w
zKg}8YIXV9%4YhvXr^0t<S2{ZENjTzr$bNlqJp0z$XPA9_`}U6gefhN`>6F2c0uV_8
zf1gjbtXeHC7kCN;DjLj;k!vv~C)e}*wzu=>U9n|ed(gFt$~Enw8Y8ctooubk^Xo*>
zdGC8eVexy%c$4ztE=ttrI-gD}j7uogoMh2j4ryP1e|?Lx?(@oiSMiv}F^d_o0)!0}
zCMUgXUq7EdcYb~Qy~Q`0&*9`Xcm98w>#jW3x8bk$KnV^U`ce@pBCe1{sfwk6h*6u8
z0DlwlO`hxO1G_fF0MD8A1vCKz!buPJ-+@Y6ppCYbW3b5#n-s}WNm6Z6^KGTA=lNO7
zrhIzrotE70{nrxYxje~!+ZN@`$Jc&#so7lbC!0poTd`g38&>U^mh!s#^|#L`@jUU2
z$mb`_?2hQ)IZW-R=Ut<;@4L2H*H5*72878#OJh*?w%YZ5e~$e8?T7gbZT&b05A*i(
zmh$<tzv&?$8IQ$kqlk)X#MY}pB*ZxW@vrE#S=M{2^R)Z(gPdl)0G$5?6L!$6XvM_Q
znPw{)hGerU^}Y*o{U0%2znJsifbct8(Jfe%%7&}V`sWm<BAxKFzL%d~yhoJaK4>&F
z^^3TE`kwRN9)ar>g7rN)u-+k&YV&@4$7S0YUC)+iHIrALukx?#(KRq6s$Q+Nx7Vki
z$J4__{|x^AG;94Nfh3+E4$+8}ZMG&=8A-~sl@Ya8X)3g&RiukkP~`}r6|*xdQK?ef
z^V|F1f8LPTAqIIr#UjYUg_6>&N+_C}AruP(H{{j2Nb$wX17|CI^;=hz+gG{LE~5TC
z&%fULRoHcT=Eb~Zy#4b0xRZt^QuOIgtWe2LyYus07bXiL>wdGE;J93BW@oQ`?b$BO
zN@YW~v{tc-_3J4!=|<5c;m^MhzuW%(^Hka4<|pyyUvSO(d_EKsrL}4$Y-vTKTz>c6
z6Ei9AZ1wuglf*xYQL3!TB*@4{efji+<c0J4&(0Oed+(W>39_A6e7td7uKW7O-`V9G
z@mH03@7GPLTftG3OIr`8)6VWirvIDSy^m^vS{r3hto-94j-Q;eV<P`TL+K=+HRr$1
z4mxyye!M>OmqFhJpUR4bvXr8V+fZWFXcU-6CB&#W{qVQ+AJ5~D5%=Bu_IW-KC-FT)
z<0DZ@H7rUM(Ile8LM&8KR9R*pKJWX)<9V1a!30H>%k<`rj}Y8Ri31Ry#!X?U+eqaO
zNz1tJZ4bMen$&>15qidb{MA1_@$1(uG4_-46L39!dh6!;XWcn;Np}BkeB9peH+(yc
zR+OSLh*VZu+R9SH-^}(eXUsfj^XNbi@1GUZhU>0ZomJqdsI8G$K}eu70Q~Zw$JFP@
ztIcS{KKnz14W;a+U{JA&8k*soVM}fe4Y86QXfQK;fwpz;N1Qvmtqc4PzCfQs5W4x_
z<M?))LwgNLlSV#s`+Ijkx_S)xL?OebaIPH0XxTwY(^Qa*kS<k3O0!a=OrayBkww6h
zI1!p*37nxiS0W}T1=A&!1WM5*ifcJpS;le*C{!rAa>H8GvLXnqRax}+@2T|EzkQN*
zn8`h1d1`u1h$IpufPVlA6N;+EQ&xalrlrE!Mv);YUCRt3C{&P%m>(<VO+oiT{1cK7
z48OOU-I)Gx?t?k^@jh_e;GCT_eBRLe2_Xo6Bm?pMc~9dg@`rwBI(?~X#JZ6bR1t_~
zBB2RPetkIipN;G0eE#t%X3f6|@B|VQ`{O1QsUi@`CF0KnTEOH{HplROUB7vFe+1G|
z1Nbu><n5>FxKn%ccZQ~Z><OLq%;BElfiLSQkoixKob!bk_*wLleuN?S=cse#hs|#8
z8k)lmW~JO+j)RE`B*-clP6`smV+@8w!E46cd~oBP?G`>mgq(TzxbfiknBw~Pf)i)f
z3nkK=k#WIf6vgJ}c_h8vpRPdiq2xK7rst6Gfj}Yv%3`2lp;p7W9sz0qps|y2WGXC@
zIGRNkO$;i9X|T%022i;yc`bnrfl<YxMcYCm7(fxgh@eV18r5aRvPxN0jX04sBPFI0
zH3OOuiCQITYEaw`5`Fl7m$!K*k;3bANqOlWBDUHC{YU|r2YdAMgGapT0d%4h@MqI<
zEr@${i9jR4PY+xdR35=D+nIyXe6~&Z*j|D6VCKEPdZZFpua66WZUvXU5f=c1bFhEZ
z!)t#%^k6~u2tNDNJHldJVPkf189jZtXkfd38Doxe(QPgsK4g*z<$)T#UKe-nl7jQ8
zO#?i&_gMFbya1DdL_f#fc}IA=`|cHWwYRRhuKQ{48Y|wXa>q=p?wBs4H}$T{RoY|w
z=065BKhLG8F}h>INF?8$!9wCUqumSU$FdGW#SbDsPu`DSlvr$`0ox6U-)?rC`dV-}
zLEyy;SV=s&rfGNIXVQ<woMQWeJ*%HH-dV3O3E7`sO_P=;1bUWiV7KMB$#wSd`ft>X
z=NIl5m*T%Qw0rjcmw$chz1&%g<3~a`CylU!kXEWTp|5V%nyc@#DT+1n1EG#yVy?+U
ze%&>%DE6`@Bw-nmb?n!g>qJ3eKxWz~Cjw)jLM{A0c|aYavjZN0px?cqSJvr|@!40~
zcnq7llhG!s?a>B?EMT7DVlFqsAxn2+K=9o>$5HTGJo}VfG$qvUqT3wCgiFo#tVnkU
z)8-yv$N+o1j1yw5qeKtTArPKWv0;s%o>H68cP?FAWfM8SHNoS?L=y&hC!#MgqJt|9
zfQFRG&G(;Biwj4`EU7SoW9pnhg^R<0hp61O&7I=ZnM|V=Q!6CO-mJ|Nsdz_%3Mg#U
zC6XLgadb*(0f3VP^xBMZl3^!ufCCh82vKk#5je_IMTQ+26+s!bRl~JWIBIG2En%?i
zG{-_56JfKHs_ScQ@V0~~o*<-?u$hr#q0t9xDOksRWF-9<Xpo^%T)J1sF;SrONpS2z
z1BjLehBJ>8u6w}Sw_1-@<+jSN7p2{{?CGghf~X*Qi<`@Bh>D`C1WG!PLYwAyoP0}n
zu5)20UahhaqCoS!ZQwxKHpG>3imTd+y;+%=c`2Gg9W|}iu!l6-oJGu~wnS?d1~Nz*
z3${ZXgQ;`pzU|PxRPgvti~XMU0Pg<XsA|L-VB8zU!Jlm-oARK~WzzVt#AHzEU9W5I
zqwWkbVf!-a7u_bzG)Znp2p<N&MGrNHAKwGfA>uZ>ozs)n!XJCD?!l_X-RplG!4OG!
zfR_|SiuE)KA1ovuV%ACVnn}x)?rWG_9*M!)4!l6>(D;*pmUx{!5|cRoN{>|4uN`#n
zkB<1ekg3!Kh0MrjX*Zg=gT{CnL`oKwHtf|g^Eu^O;me!L-gCEGK^j*I`02txUX2o2
zM3@#Ru&v*0-*f~-7a-VCg1o)ByA~0gXBm>ZnL6>EW^pMqmT`{hHQwaoH={`mQZtgy
ziBZ4+AUSGq1f83B=+&&98basPt-|OUgo8+6;54KtXD*=Kh8%_ir82N>*y0?<%%@Jd
zM9j>?gD^%x#>gZJZeDt1dM0vLtliyVXkb!n6Y=n<_yq^j_G}0H$smeI5ki%SsEr#H
zrIaaJBs}M-!_UXBj+fS3!&Y3cF<Zu;H=_5q#Yf$KeC+1s)a$tpHRf8%EvXfVpMS_2
zi~>%eXmyg6_WxaK{W&wS1Mdwvq$uCP-*p86cb@y^z~U?{@2+<5uU&ZOIj1GA{I_rA
zBkrNgiu>Qs#?xEgCi8z9Q~PFlDk6BIEh|K{s*15~T3XcfKK7o+<M33Wxx8VsHpVN$
zyT86XJ!xD<#APZoLnthz@ScDodj3YW6dNdRK*-XqAqFL9ynR<sKI?kfNH~6yN5AVP
z45VfL(F33X?SX}WfruIU5c)zx)8Fr=e@pxNrvJOWAJBK<OG&#s_eY-d<UHUusMIaC
zB7%sPl%*{aEV?GJp(_g-npu)pR5oQI9aPkjAtKV?SfTb$sqFfnO!?F99|mK_djka&
zL;?nqNfcR2C6t6iWA}qDQO5p~jaHmfMJ;yiy7S_?02m!EWX4Xx2C`LRAc~PB?tgt?
zd78+5-<z75<><-x#GlFC9&k(MsAx%#i4)%s=dyFo{POz1^#iAD3<R8nA*(Z%727oi
z>d1Vw+0Nn1zp#OjKe7EkeD+-jpNX?9W{KVr{uSM2qEt#+BU&X^io*_vOu47|0RBhy
z`5MT$@YTJwd#l})Nib<kFv$)egb@frGl)P%9f1%>7M8@RjR^yl%&{3Z9m9tmawv$9
zCS=Y1yhzm%2&llvu!m<VE~3babV#I-tcMi16kXE`jn6zHRm39b$l|frJ=ZTH5=6DC
zBSzbPzWJl{J^f;~bh?BG`(g1WdJ>Yb>^Z$@NvIl^*|{v8r6Qf@?e&M9=vJjW^TV@q
zlXB|<77!l}57nO}B0%ByAFk)D2VHrd9R#y~o*slhzWLZ^nydHCd#}mNZqxR${;$d{
zmRd`Ri%_jIBO{kfQBU>0{y(67e4e|v?_Kx8Ue99;V;IITViN*<h`+H^ha`og+IpxJ
zhjQxff}q;27)=xAzdWuGaGeb-&-51BMuu}fX(q2<)^D)fCYSSY_yL3#`p3Wl?_`(z
zweVkyRpslr4fF6DkFhE?w5uwXsc5x+dZ&ZK%cC7%PwgHPz@C&u3Nk{Ch@t?3WBV?k
zWOJoFkVtna$&3oj%BhGjAdDJY75DaQc>(@&;NP*pD-j4PkezQGa$oN}*7=ix3T6HM
z*{*Da$n@+Fb$ttUyDJ5)B%w-HT3@h`_nyE#zOzmK`eE}P{`<~tcMbA;hh3rM!}=T5
zrKO;it*J>0MTVxyDiqpV6pF;utt}BPY*70?yy1OLzMA2)UZ<oB?nzQxeG!#(sV!ud
zMjR@D*j$)|$L=xCVZ=of5ZF|8B0BYemCLteIp)R(PBOXJiCi-x@NwDCT9HIYzbX7r
z89p$P9)eY$x4mz4fb-Z~+DJmMl30^&eY!x>BhT*%A)8|PZ*@W#u?ghWfuAUADKu>N
zd;1{_^Xs~A@7ieR?u%MmX=!TFEu$$=wO7fPhtBWU(lh&@dQU_|K@tNbAP5kE|4G`B
zn>61W83!G?R9*v+yRj%Es}AZC5g2pn=+MzA$ItBszqj7vZT;JwH{T52SQ-w1l)v3I
zso>z=pJt7pWG4T&e@pm&r{A-=_sl=0mu)F33@Ee~uwRGv6xj20?C1b+NJ;&(7NsRp
zl-Ym=Fbg3VEEtLBn16qNe_wyP^wx>FtT0!<#mT|t2pDX23HHP^WW(kcK57~;@%to=
zpWE|3Yg^aRu;!dxpT3dV-?QN&SYd$|BMc1C)%bkNuAYgHeqrxv=?Hl~=%Zs+Rh2a(
z2qciiEdCCD`^|@VM~3<CYj5s`RNf~0+e_;scxFpE*I6smA+z(D3BR1qp+0-ekac7}
z$tU*Bon|ZGp@&Q{GYO+JaJfq(q&8%fDPrdIJE8Ev?|Hj1&=JRy`^U$`Ul55?2qZ_3
zM;;v!I50$wklGgwCiGE=?jlsVqK>JiX7pD~iV#7<a5IIVMPx_`%PeL@5@OW`X7)gE
z(CQ&}Y`}FzgRD1{HKLe>V7t097kak^G?Cu+Xp0RelE<72-LGFeytX?eosTi@oMkkU
zo85*Rrd&6pc_|FgRYu4Y5jaZ;K%pY$g3eeABaBH(>Tc{s-PY*sB@$vRg+#<c(Ke9~
zO(GHb`{wuezzw|o8F1}1Ux=;q?S23Ung#&P9ILI&=7RNl{3;up9t2T#e5Xy+-)P!}
zbRL;lJ6FB$0U)zE(a0F@O)=i`3>VKl3%#UI48SjDZa+{~2)kZ=-+j1Vr;%bGKLN~?
z@kHShAka`?h7<RJkRju{LIemPimmF=bog98R4=<~?)}et5P{WTNdiqhrqRsFu=h?G
z)b1{?;(hi&dWQ?O*rE&ElL#bNsv6bo72QIr_K+jlbOSaN=`LRUYW37nj!f+I2lKj+
z-fbol2WL-<Ux#_F@6*G<hTw+t7mb*zu4<yLsZ$1{R6a0Q1=S56#NSv<XTpaI3^~FG
zAh`$Kx@7nq<)vVqF^T)PI`-_+e>X`U%pM)j^N-^<s8igQyKi3cUtXhN{aSECF!9V?
z7GR^9>#u|B&LAz%q9ZerSG+F%edYDWm(cnBEoOkefZY$IUoOkEH^RPMrPGBO!|1#c
zLWs|4HunC3X~H`G$t|pwHv1dSuNKvI?h9-z6;zC^`O9Nxmy)%AeLE$}K49J5rE9+X
z8NwYVe$Q$8URbK-+xEWcnfKp)@%iPupI)NjWSD)Jr`K0qGU~N4g8s){_1{__L*Fr%
zo^)yb^XD^cz7;4}FzxaX<K1rN_Pu;*SJ$+0XIc6EjJZ&Yc)m6-=%1~9GWGPIefQsV
zg*qQTnM%-ARK6e~TS;dXGcxlEh@-Wq@3XU|OzoS;u9@E2Bm^;iR%;UWL-pt1I!oQ&
z7CC+P=;)+5YU|vuGcO4vb1@uBl3!SEAg%4^%FUC>+Z+M0@s>UpDCU_MU}1xQF+Pp2
zHS`SnCX}eR0pi*!x|9v#>bF(A=K2wX1Oy`il5zF%_j$_!tJPFqF}_}QThasKE&#g+
zA)A6;*2iFA<cPq94G1<DQtr|3XC4c$h4?QG;D{ZxP3?2ahp}5Sh$h#dz9i#&<(e|j
zWvF~D1U2A!*Owq7VUQDyyd#W@B1LeXf-^zJ3RuuVKJcToLE6OO+}dVcS!KheN_ODo
zrAx6diHzbXZ+KydK64GbrLZbh4s|8eLrLOdYt3(xgkus20~khG-)nS0n>2Q>CRNY^
zYZVhx4)WW)qKK-hh8^agFwD~A)&bBrf|x_%vIuC-sESx@q|uNyrI;Hgrpg9{$dZl?
zG-wmg2Ut2JO>J!9U&~NgIUm&ws_($#*&uICPY!T!)SEL)PK-Kmw4~uTb;C0(5hyV;
ztGZlr=74ZxRM(2ALW*U;0|a<hJ&MAmLhJ+y1&@V@Gz+3&xPrZXv~b3y?&IuxIC$Vb
z4h!@OK=jlfBE!hA@xJZn-=i4vk0x6mg#4to?&Kb*P9CFoL%Yv<=&#!^*oWag;P4*e
z#Q7^n!~`Nhg4z_*K&T{Q2o{oXNPv;D8*vCjnE-9HGKpCPT2g4Y40HH$Tt#5eh6wlH
zagK%tiQ*@X!1A-$AmL*J5G-(7_Jl8o3;USgf$;=rp{A$~LP9=!i&nj1d~5Hejis#C
z)&>Z^(8K$_3}ed0FEfSj!mhsf?R;!P?|$s6`Td&s5tJq8RyyHNrFX%0@3(b}S1MZc
zKx*YieEc8ob3OY`3+cjjq7GPbehN;o5*60BtkceGIZSZ1GUD#l5u#CNp!&=P1T*o#
z(AY?4Iyl1UHW8!>MxTMkV$r?n3)ROOULZlJoYDm-B;updIpHJm&u$B1ht*0wCiae}
zvGE<iMmOGujr({ZUk-K<@n|X9<K4SJ`P@$3p7NN`A$PINY^VY9oaS>`CbuYpSq_kH
zW&>@6Ojxre1|Z|`ay?oBjDV)=0V)#-R<?v0WKm|MG;(pvFEi2%*P6W7hd1_k)M;&z
zX>4LS(@AzZ=;oq@+#L!Tl1ajZRRoi1!k#}z^Z4)N{WhBC&wSMR(3)VRJ`#}-K@dn8
zDN>Sc@r(J}1%mLpTvc2`G~!Xz42SS;cEFvKa+CofIFissNzY&h^nX_U>FNhoL%-N-
zwAgQ%HXypvLqU*~)vA6^?%r;z7I02Dgx~iwK*_>88H&~z5oUOR=0^XsGc)(^-|1fa
z@c%tGI*~KS%!lLq<S3M4Ev>3njbv)m>^%ARroM^wohO7yDxyRH_Wv{)MrNk-i(RIj
z#nWv?yI4PiUyt5NsWqwJ)cM{*Z(Y5I_NTLkvU~l%S-{=)jRvf1UaKRe`?D9jSKt5-
zzGx%&m(M(Zc~^8ql&wOvjixD!LX|5~Euf8Ts#Bz~>SBB6@8eMOp*%Q0LBAib-J;rJ
zM5GwAA*l=)#XupR{u!_BC(qBC9qi$wu%v5izv``--@~?lqEESGI4_heK=BMXS)QLj
z53`&5?|br0*`LQZhhg1{XYs{O(WgU5vN|amgtRO}rPF=~zS12){&(6Y@2_trnJ4qK
zIKm<P34slP1lauuMi1XL3^u71%nta3+Z@;}h)fH#INX?HA}~Z)2!tY?^wj(D{%*7f
zaNDh94Ez22XMX4R*6tg<`+>rJ68lc)G-2~ahv*ZZygr|P(=X%a?Vr2O8)xIc4|mJ3
z{t0HjES#cuBd(%x-JNie1!|h2Nh!?&ElLdnBOz+l4J6`l(8WL5$=mv;oGFjjUvJwt
z@bsX1hS*M_^^o(A0E9R6ArTo7F@!+^5-^re?b<~~j%{~b<c31*RaKd&T<gP@aSt=y
zWlkNG6bUK7xG<^F!Xl@2Tu;IK>K}!#z3jhL{{RO|=j_lg_WbPH;a$*nZa}+-$pRjq
z(Rc2A`R28|gZ<v~exKi)V_FopHCi&&jj*-*KK$la-sH)Y^GNI7l=Yo&t2i<OD3T<k
zL=yr?q6r3wEJ}ufByuAO{j!NwR(0Tb<aoB$J1F3Ic}KfA?mGtLPPC()#9TI&nU)Ye
znl=50rT%tr1Xu27;_rWaI3FHAev8A*TdHH!Pkr*w3HUrc-=ELXs(qiNZ4mqNe$VEs
zK@M0Z%_6v5vrTJgRBWqP;m!Or<&sezO1`x-%HKm<d6lJ<r6iR~m2xN*{b8#>=%j*y
z_U)wGlMX~qrhv3HvW7C@M{-Wz598<9I@X|Y1V4FUk%!UNyE&*Vdk$#xDr+reH;dN#
zr+zfmFSo9%K2-kaW%_@9F8!Z)>7D1H{o@vuZK8`&6spk#R?$=&Kd0ER>}I}teb%;h
z_VImGm5?o^HprxdER>=uQX>qhWhALtWUP`&C1kdJ-_^nvAze#*ptTtg$bgWIK}1?a
zTp}u{IVwTKC`gk62)L@23>0S8T&S1q;DTmPbI;$!*C+Q$@ZFS~*|CUoozx+to5&Ns
zn*Qh6B>C^s96!D5d47w&>YE?sPr%GUIFb<@)QGfBhAL{MXray*O5&-JWRaMXX^9mb
zB{pRQY1*dLi&3@o`1!k}>rb9$aPTFEZL}*COqvF&&`5zQ5aAqx;5SR9x@e4GB%(2d
zMI|`dN(`lxgLT&mMv@DwhF1jL*LPpbY@%iwRTzb;WzDJ`NVyB+vhL3z1EQhOPLV`Y
zbDM@R7{eEi@xpb{&XE-|=2(IyFfgzIT&>G<ne*=$jrUy*6Zm%kxi`&*%Id($V+^7F
zr+-vt=Kclm+wZrT>o;GYdzp9mJu<}pjh4w`(u$<0_;<tkzBBFaLIpt{gqS2D{7^k*
zmRl5&Nx_UpNFXWi-N)xH6Lj5|=Apf6SqOfPe{aq|I_0;%onE-xd$Sw)CB;EpYO-}K
zn{38dHp#7fpwL>j8MP=2GS(PUiI52;gw<M+5b#D6Ek-IEjSPWu$-Qr8lVy^cN=(c!
zHvtb<5D8=F*06it^Xzu_ZooWi1x#efZi8V(i4a_IH>tg9I@HQQ$fb@>^m``rw(onS
z?^|9ikgW;u?|~XThu=i`0z6xLN$(xrz(-GSym|N0!%;P?3#Skz7&Hhfi!xM1IUG)4
zOK!^)PMUPo>}FST=OT<nC2XaTp$P&MZ<_i2+~#NY^SSSihFCnauT=#B9LH|;%$UY*
zBKLLLZS-9qIPmslu;{-o<FFf@lpP^;5zl!1uAURYW()<kuAIR;XP23KH@tp(H!x1G
zO*_~k+;2eYF|sQCqNY%&cJoK8rdeH1vj7$jTEMTwfkA-tBqMkuJV?H~hu<x-4q$v4
z;#fpT*#w8+yk);1=60hb`|VmZjl7%I&i%KEABVo$8TBC#)x;C>chyo*__2b7myE&}
zd#L;Yq9{=01A8ni>Ka9m&MPmTU)S*KxW0bhwEVuKnd_v4=|f@+5ppg29e6ELht!W0
z|3A;AtpGvn0>4d5_sNhitEcq+xV`7IHxPUs&bF_?{xY;ad^wMWeg{3uf+4g%^sk@N
zzMoRBVCog4<8_jmBDgxcUZ84gc@@z*0fU!1eOKJxZ)rQLRtNP}`1z=wteUYk&JMHJ
zLfk{YPEdSv?pm`?OYc0+nzd2ol)M8cNXSGZBp3+r*tiY2l_ri8Fktvrj0kYc?FNE_
z$ZeP!W(=iOU820ezRd^_gb;9{qo4*5g?M)8Y;d7thJd#1)r}@*A4DZt!F)HMmZ~>w
zDvQ<c9K~=dRfCmRki6NLd1fMdZsl`kOidI|DTtnq>0d-Vx?TcA7%w1SczbdjI0(F)
z7a&4o!w$6+ECUjN_zx&3@Y$K3-?%}{Yu}m79C$i1vM^*YFsxfT7#s}(1xsmZD5{97
zaLF+7N~d~W?;h|pD58oeo`_40?i5bjN0KHD-@(F33C24c-Z||7I9(2QF1Nxkeof=B
zbkLxDFqF^;Xflq(cz1MeYmWp}QTc<QATDN%LThEV#LfYTG5|+`u$~U|w*iIVrxQrs
z?08eCp+gT0CqkMHX?P7DiMlq9jgt9*+9U}M?Tx2e*}a3@^lEoY&^QJLp{Tl%dU)bo
ztbz#>x-@gW?^lO6z2|#@zNoDs(*nd97_4HfMhqA*V@3=-cZGQF@#4z27Q47bWmFd;
zU1d>jAn+mKBzB=e5Im2FJP!F&JG?nJj&FB!W}%T-nA>a^tYWZBuIswWr-ofZ%2DU@
z5S4Si$9&1}ccWQdoT>=rcuOnhi)~OdQpT2wTM98XuXJnOZ+hnfUwvm6?j|A@Gx6Lg
z`ojs!6in2Q$I$WdI0=Dxb3qaIWnS$2Z25}S?qfhAm%>%bIe!{-epFEy+uxnn9@HD`
z@Q+T#acAMt4mAb&dj9;myQR}i4{&}@eqXZ7lJ>GL5xU?Ro}voM0MrOr5J2L3BhS5f
z@_K<rNP0cHw+9G+0dT-Xq?#<u&DuVid$Hc5y+l4b0wzVH)53+jeE1PCvsmEXGJHDc
zw_s`pM$4#lVM6_*RM6&VLqbQllsB0uFDc<j@S@;v_m%AhloJP+XO1u)_Vc|u6hsND
z4$-2|Z4^;VYA7l1!Q3TxuO}2;t;*%`TwvhlV1%$PC@-j@!ytqg0}+_hLd<dj2+^Sm
zEY<6qyNGsWZe<7%NH?St2qGYn%OHe8D?x}DVUq)Xs1aXBAB2y3#|M5Bjy!ln!Q;gR
zcV`NQ^=U?%EifQ#)~lU4k2yVgIC^vEr=7!G^W8(8>GT#vVPX^&8EHiZ+7$(qwMkJ?
z57VQw+n(R7_?%4+xO9;H4@M#%Eww0CA#VmEM2iQ0?ZdqH`$2Hr48r~?t?7sFIm~mk
z+Y>z3n~INT;U<g?KVSpQ_;+4!QPS`4y$w&Vhu{~jMypXvMz)X6C!9(zj)TaR4AvL|
zfxzg8)VAtZOGzxGPM1`!mP8Ow=q^Nw&%gvp&d`&Ea&)(Gbc<Me(2YbzvG?owkH?4S
z&-Tgm{OtAjhwXfPC}{fV3*Va-{PNJV_7Io{s5{rP=+O{{pN_q<6K@LFMECFah(8fH
zRT`yX%(fB9HIQkR31XcJIU3TavL&^wV_I5!15W<a!{rV9KO4|IvXzvK4W!JY#+vva
z0znW+L`e}97yCb>4#Kp<6%D3lEl86fg`dF*##1{0n32Y-SXmYkErC&`54q>u%s%oR
z(W&$?*v5M>`HDine>Xpquk4gEdZ9rO=~uqr3b3DHBlP|beTbiLzI^WYo9FPpwvD9~
zg{7@%iEJ$^PlWT|fj)HKh;e>DrEd%4ntRo6$MM|LuqTTs)M!?*qY+~7KhLY}yxxDc
zzBSQqS|BMk?=S$;9nX24+yn1>txm>6BRl5u9;d<(*UvtFu>DNe?fwx_5fM=l5m6EE
zVbk{VZ}>#$g_L84n#n^_j5JDp`2K&3`QyfW81&nve5>LsYtDjOPJ=g4A~MB(`0T>1
zEX^r=91mM!?NzYyosB#pv?1LKp6kC~*7IMa59hnGK;QAhIG>ZbqX3%93lHx1&Cjg#
zVs8t~m&Jtos`>f%^VgZp{j=#le)BYQ3`HV~KavGx7E;)Z7R@rQ$T`i;xsA2e`@W{%
zwf8U2rn5VK8H5OV0T>7o1W`Z;#)?@@Aljs>No|OdBEH%y`sUl6G;4A<Ece!mtHx6-
z$#bicQDUOgx``z%(kpVhRF-wpy2Gmu^Sxh{K78T2TSwNk(!R3(&+h&%5DhThDSbT8
zjJ=fo2@F4LZ^PX9hDN_xr{QcTn&&ms`Cy7G7Dgr%jG-w-NEtN3ihMSCb@0Rcrsq7N
znd$e3egynU^hPnn7Ge-J_o69FUc7$Ze*b>8^Wf74kFUPYd*w&3%eOVix}JB(pIHwz
zzfR$^J=RX|!voBJLQgRF?LK~z9`e6=&OGPzKamD27$>h&hY#s}x_$fU1N-R8FBU?O
zsHmsLzWe)6;u<3Xm|yPDVfSa`*4SASfy+MVr+qr*e5&Lg?_YDKerI0s%A->I)$i<I
zHBaFFL_vt4qKrf7^n0s`_4=l)QMUJL)$0D>3l{S=Vv?*%M5tn9qdxyS{r<ml!1*V_
zIX9PFDGp$TZHE{TywUu`)z`3-_r6c#=XV`<`cLK}#A2}->3P%3`}3!(YTNetg$JD3
zsaD2~LS~916BQtqf=>|S>@fG6$pn4h^MSU#v-W5^G+-*JL&jXEJs=$j1OVS;8hiK3
zY@1D?qgF!@)EPFI>_bKpg3J&IXxQDNu<gu7wFnTfMj;@_feL^Xp_Pb?Fk+}c1PDO!
zVoVkQxoDv%kWg-Io8HI?xRp{Si#G}&Bo-r(&_hm(LWvlKVcd)pilCSbGbXYmVGK9C
z9h%(U<i}~I<fbn+_1O6X$00>FkQ5P-j@>#MNerD`oy(hum{o;QvZ@HnAmK|zq-`a&
zt%aaeL8<)>|8&e)2ej{(W-a%K1>iZ<b1l-^8-SCqhkh|TC5w6i>I{b%wnD#J$ARB(
zJT$_;ao5~IQd{MZ)hzjd`v(lX_l0PpDeb8M^Y>swJ=`Cq<&Rh<hnFuu1GLhUeZ*-N
zA#Z@9Sb|J%WDWRKyce_6t2<a0pST6|<D<x343-!v0hu%eG#V5RSm{Iy%FG_#IF-+l
z5}jY@9JkN#iV_Pf>6r>)R;!fn5UlN+#|DDM36!35m6x-gj5GJ=;yxg-(0lhle^BXs
zt>D<?7%zEIJF`qm^k$Jj*#Xjb)N11Ih`L~W?;;fL6))kz4jeE+gF^&p;lqax7YMO7
zN2&7cyUPdIffh{=SDr9|2F2D(k->RZA9VT9-1g61QUfKz2xKaa9k68%15mx%rLMGG
zFS2U+VPonaUcT=WMw?IWHYbF|3h~;ZUwrP----)05aHv@?MmT5>hjGsT1UpG+@^3A
zio3s-<crfq@)k|LKS7j|RaIO8$;aq4d=;zFdC*lDwblJob6G!0B%Q4VNKqc)y0Krk
zHg0dyk8Gevz{<DoLW?9&m8!i{K+1dBd8<C5GjeMO(xKEm?R_r!)}6Z(eyNz*KYb*V
z0V4yTdZ;|Hj%M$suVJDq&#7Vt^P7EX$(QTGiaP=_`|82BT{rF1<T;MOhX+IJL%4-O
z&u7am?^`!s?JPD8Gqy<0h3dO@NL(7`{rg0w_SRwT3#f6Q53oYEa6sS7)O{ULMui}j
zwUw@@jYS+3wnskcr>uNgs|Uak4q!Mz81Qqpgh#vC2eQ5m4HYo}@F%;&gPPwRcX|-P
zKwz-P3M7&l_6>5-9|o}7a2Sq#&%kbQ`5QWHUStH;eBMiZ)L1(*toKpB8n~_?oN2ZJ
zAtsg=S{Gb#Jz#D{6y)a!G;|Z~qJst<(754HlIY(@E@)|zOClTr4MN2}LFCYoOae3H
zj$~0W$0I^z+EFDBW@ob5!@g%UY2J+qDHIS8gChn>3@HxXxGp)AGVdmfOx32SrNOEq
zpllLKGkUV-J>sK3c#i8!_^-=eHz(Z}cVkXpLs1E3xFeG@K4@+aAROJ(ZeDwBdOl7K
z@EPQ%n5U$9?uMdzbl98LY|7RS0H{e90Y+BA3BUte5l=&eklxmnM<lIF)Y)vEfw0l3
zM@EQXbECI>%PUyrH{dr*PY(jw%Vnnay~Uh3ZXQMFFwSc=t!E+9s;j7Y$8A{Gy%fs3
z>XIFJG>sZkqj>n|ceAbm7nyweoq7Z7k3o6}K=4LQ1y&n;2-FPq1fqux6oY6uCIAS;
zLAh-laYrTr9sJ630FR@&iJ&+nD131W)<e~27lN0$ZXN^O>(KWd;oqk{{4WZ;s`X4Y
z9++&ykIfVub0I|@lr5ocF&mg7wv;n=R-w#hvX#dZde;+S4K<J*YT@E3t+c3Az0Aij
zp~ftnRw&ge*G`=n-B?gi?bjeo(8@|^8v`@DrTuczlIHUHE)}nJ>)9!N$8=A1Z$3Li
z<IW`yZ$~=sZqd~O`i_qY-t@Obm`(uMW(I-{mKu^YOOPa5^Zz%?fgg<&55a~Yx4kay
zJi0$pr^VJ(uY?d_!NZ5cgCi+;^T+hXKpCBayYBUU_TSze-8!x7WEa_)k)?lBV>RGr
zS=<_`gtfHT!*aVex?s;6W&?JmZ42M4Z*#AB2nPwZmCm;7dC#8B&wZmaXds`ToO-i|
z(LaXrZ=egVtX<XDhrF1<Qv6QXL|wNCL^RkyjD<85__E|-ljvw<VIxjZKmw8X+3JS(
z?X6LsqDkM8^43peyJFDS5{29v+&reFA>^I}ro0R`i$itf6*GJld@2$|e@-a5o(D4k
zt8U>XSR6t_7^NPjf=M8WVW5d7*7Bqi>Y`A<YFCX=cwO!tv|&59b7t4`4fb@)$bK-h
znehX;A2fn*EkT-Wnet41%@w+4Sgq8^y4wk0YhRA;qQL?FL4)orFvCoFp;qPrl^7m`
zH@S(!nAPAOx9BhjrsEv&aAW7Z3W9_r5O2<i4I08B4WWW_)F6(ulVNAbsHW!i)Q@~G
zy54&_8~Z&*B8r0)vT7)#fMf<S5rW9Y5+W!%_;Y(Y_hxI~T~CL=52{khQd(5hiAu>*
z$x_w(+RRa#H7KOmg-FRpl+sHS#Wg&6{`VZ2@WuWx&+_d4V#GxN=7y)GzR(87z=y%6
z+~8@*{+WIp-!grIu@s7;sa<^Y;`370%Qw&z1vRrVJ{#Y31Rq>}e%Upyz}?_8W~gk`
zr_ya0K-Z^m-i*tMJkj?ipFPZpeGXx-gv{?vai6!~kDmL#FSp2Vc76P?RS|_GlvHR&
zX7}s&_v_~H_3rs;DoV*&DTbDmqA%e@S(7qi#TG0{nlZnc@X{19|6S1liiMgo5F!6F
zC)Sa-2LunBJ$E(4CaFzmE;4&07<YTgF%7b7TEztoGog23&D`)luCAPu_KANTh$<qe
zmy?<F$>xX{gftQ#L=}l4_})wSQZw-;ihj@EbIxf4&Um|lnMQ8qpIi6CzpV7;+TONg
zt6Ju*YM(Hf3<Mi9x7}>tv+lRC`eu3>mHib_SdkNArqaYkuxQw*(Y6d~W+G(_#u`*@
zE9>2Te&4Sh>eub9hRH-l6c!+;!(<x|p1(D#bZs@@%^&0=irgIteW>8xzu@;~T=%t7
zz_bUJJ~8-T8?p6n3k*_Vetrr0C6EK<?+=fnYo2lGG51GczVBb5#TGCXRi8aCebniG
z2Pc|0^Ek*u$L%6b`g@@6ibG;s2Z>fARPkornZMvSG1I9Luc#L@P&htkb*|uPZ_hp(
z)H~0mNX1kIR84wpzVltzv^yjN;p!|zSs-pcV)(MX?qQ@6hdFeJ86PIFhJA+fKYC~$
zq!FXTAfxz&KXVww132{zjJ;)8TTK@z8X&m4(**b84#f!+iWHX;+@-~}!M(-Z-KDq|
zm*Nz6XtCl@2-dzQyx({1-uvUOCmCHfYi9E7%$}K*cZKKh>*@NwOTxHS&1nCxg`z?v
z0R=nBZC0nmjP&*&B2HaC6nInJE#V%Dk&y-l@&_=Q%64BWsR42{o-~`~c+&NlFdY8v
zBi)M2u*2P-lfMjDRvE0ekm3Y-NI!F*f6r$R_}1J08=bQ(qu;U#5I#r}ld|5%`9bGW
zMv+4p=UAbs7rM1<a=AgF?dE{TC24hDD;+Zat$1C(-`!s%uMnK|pFwn)+j;oq<@vFi
z7NoNgQ|T^Q*O@3qpcnduoH9^azq^;G-Bb1&FZ1@d%l!tBN9&O#<^N$=X29W;3#9c8
z1wD?xSO*5Lm=OYTN?Qi-vLjGL(8Uir2K{CBBwh3vW{=xFudlp5dx{Y3E=G9f?})B5
zjcknVb8lXry%c?q*%9+OA|#Z0^Zt&-Z~g9OD7{tWZ3H?-Sx2ID<Leq?XGP9=0)hU9
z$#v!+=2qpZp6(cN?+3VF*hO}HFc)$|<(OLNH%;O~8OrKHE&;ac{39zY2I)$A(g=p8
zS=Jh^bmL%1C?jjLuGX@FnMyCpg^5!S?X1V6-%*t~pvLR=vGe3iG@H3J_Lr=Wh{p?2
zIIqnkdfv-V)=y64zo$#5P?Ai!@;cjNLQpJtHb<}atSnbpa_lKaoOEJOIw`fM+4JRD
zmW(NgMFfn`ola;ruqaXY;Xxhqe<ipJX)wV9OXH_)fJ=a<HB`>mH$%~yz#}B_pBRn0
z=68q3BVIS~Rhw_EUU9n}51)$OY(&qHWMVb5XR?{t9URLO^f#opwGC~r(hT11I#|Xp
ztu)`z>mkARcSjX2t0OqC=S%)f_pEqI@$JEC8dCf&{8|Z(>dL3S%{*PGZqz^c;1{wH
ziT&m&{@QVAzX865e)wb+t_$rrdpt>O<2q?E`NDJ%B)y+>{kU-b%75Sa#&n$U>dTh`
z^cPId@9+JPn9lU=?gISAHFya`2on-uMPD4gCmx#$sjE@ld1{!Pb)hJsz4zkk>HZ}k
zf=sYe7>+}Cy25I9CH1X=>y+m`c0q{8XC%X)SDkXAT&)6KZW}}N3Ah3+R>>=T;XH%M
zI?)(I=Gk%*rRgJlDJzw9mpx+NNYr|E*oKYSS}@WbsEwCOB3!zz%?fdlVELiOLlX>~
zukuK8dvn)(|9VZAZC;2++);h6V(3-Nz=<5*+e_mI464>tD8Asvv;NEOurL7gRgccd
zEoo1;_hs8Tw^IpLo}^9mDSaR=(6m!7f(by_MHX8Y*U7hH<`))YrofHdU{#5*VcFse
zV!=9oz8@DC$))FH$<W-<r1u)GeVDHR6hhu)`@Z&Uur?7}6)96TYim^@+f82C2wW-|
z><uxZW95sqq1VyQ)Tz}@@-wQt`t)K3s6EJYr`Bu&7$OAqWXj(t<9}_5|48G5?slSx
zbzx84TD;|4?KbE=q&np~cS&3yYh(#Q(Y<sNaugt?i}G6~?F_nryv`Fx-{Lo<va3z<
zXPg=J8d6g(ujZ;bC@L`*i#b#^e=r_i@4K_lrkXR*m5^XPeHr<AL9p*$Y34_eygcbB
z5f&3LNPbQwbivq`lp&e(;bzN9_xwo7VSCW9@TB(4Byj}QMDF5A!FE<mIFRIXKe&tO
zk8mJQ^`?H6SlWcNz^hX6^;`Clw&tg@T<GI@v)7#7C^XOe@mJBs1LyIBrvxc3xOiiU
zw=^Dr4ToKV<6dWK2ABn9L=??5y;WPZ6s?Nm7e*mcLaca5`=cNB6!dLBCXe^O`7H)b
zNriARe);>gRLv-;4jD;W#0aVHd^CQl*g2ko=rhT5?`xsgd!~wXkHiAM+8AdD-eNHf
z*qj)DbS&%{7{E~+eNmij^wSqM$@BL594Kp2U=R}~S$;Tv|A*mm)s+f9GS64#nn+*!
z72E-uO_rL0=kfwyQogW<&dG}q5EJqCE1=^~5e)wzi6~SLw*?m!VA0t%8};39P+#t`
z{_LUK$(}DjNsj*}aV-*8V_ZXU0kf7}4n?7G%*rGVE{XvlOWM!WB1fV9&AEo}zalMA
zetJcNj?HI5B)R!=dSw6Z^3A;i{D?W;KzL#EYk`Ef6~8X<F+c?Mr<X*RH9SLJH)!cs
zU7-G8#Q8VSM-OMlk9;}F6HtebaRk~5F=Xrw7TuA#v}5_<@zK5)i2<A;Ah#aT@&KIP
zKY})6QZg>A?xuU`U#od=D7!PpVf2qr!)a$<ai3bV?(F5~lc32n+WOdp`iM1!9MP+N
zC-JjSs@V&^%BC&d%VzYlQL-Ega5foVRP$vK5bj^>KTvqNX&3TE-{Z{2qdy!Zr+QRz
z^5@d;?yK}{s~B_R8T708*TFmXK^?-SZlU{)tm`#@Oh&2c;8-nX{4SiM`@0WgjT^-B
zi*12J^J0M$S&MJEl2{wg8sBcd24RFhT^nM^(5VGXwLj!a{z3l2sTmth_-E{Tv&Ze#
z3nslE&X28?hIJe66<BPnG!(!7N-UkK@B}?fd*m-g<jh}r28qGP-l0ZJukM{UT9>(b
zXO>NG!SaJ5IuE{o->S=X%UJ0*)rlSK7A}&Mn4OICwXNRcl#C!@mR`zaD;k62$yk;;
z_Pdx$VTMmpwpw*<vCNwH$?K1ff=2a=H4}*96AL4U)!Y1qY%JR|&$<&Sg61IJ;w~G^
zg95S)yv)^q{v7YVXb)#bZF#jbz>SniQvDCoV`uyf>=E$ydZOo%E}x8WyBMbX^C^Jj
zFC8%64J#Ulpf1qm6_<LC?pK}f4%?6bG%T#*h)uJtc5ZZ*HZMbQZ=Xi+vG}8bm+Zj+
z&wY^=zKGQ0)yV^=29zBmKURlC9DaLq<#JF2j>0!N?_M+YVB=EJ`AARCgm5;mkCAlL
zh`;iP`*=DKl~sVl-6I;|;}g60O6$*$$Cp!-dgnF)kGn6zVl_3r&gufy$Tvrof6GKM
zx^?~m*JrIuyi`xB{P{4AmkS&<du)8S=Ep>D)V-ARX?pKmaYP#wpf}y7cgRqUm5(Y?
zA7lj8p8{NwT2L_AvZ&fZ871gx;sAUt{NSM1Bq(gf7+=0wB}So=R203h-)uG6wXJCN
zU7R$T;T5zM)^TMGzcDNG2_4gN={)Wh-|rANdt47VWi=Q_a!?54oJw<CE@dpBaEj9U
z#yvM!i)Jp!%1kT5slZfHXhbj5f^9COdDrey*D?7@bdv|Vf&I1h1c23Y$uP4qRP0g4
z41A&AWI0}^DvQ!p`E&!kxuCDmT~W-CG4<yiFc@|i@nH-K?~gB5_t~QEmAHgL@dQ8h
z%5Q`W;5VgBoXoi6N@vv0{f3N}Ins8F_3KujQo#1wo5EY;B0g8HE8>DPgk>2(zU<8n
z*5BwXK>+yqOjm|pdLyCWHMcIhr5547ZMBH~_riYj#HPC4I!x?UgRsY=ceIF8-S6R3
z^Ix+BO?_}$aIxLE$vx!AxGQ}I-yht<Nv6skOU3V3=BI6YsOm;gn$w6Wlg~W-Y#GX3
za-FI$^guAN0`(u(rBCDrSNj4oJq>wy1g<;TqTVliUWgjYRTrAqMHyTxoycu3!W2ZI
zb1ey=PaU*7tx+4dn|USi&4-}P*Bd=gF|v2R_mEN;?jTPesqBmVampj*S2jM%n;U<5
zK$ob-CaLxs-`MO8Y>K;j@!5|+@x_ctS)?WOz4zz!ip&>h<}RHB>-U`G7k&aPB&|F9
ze&tR}w)F$<SIMmwZcF+zZ?l>kgO*<7%{-}BZ-H_f$X|Y!E!gP(+9>FyEcJLy!ydkE
zf%c0c;KmC39u@hvzJ^J}L9`8C7WzH$tOPh2|M%fAT(;U!ZrZF+wean1b6K7pS<Dvr
zHkWdPsKNwbw36AbQS#Pg^6Wvq=N`O8IHELs{mUx!T~+&4n|?ldeUiaP>U-UZM~bx5
zj{&X;wK>O|TRLO&=VE1Dn2r5)^Z2MI#o`1!Roh|N4A_GeuhPGVe6SZ{lY9HCJv7ud
z4!9sU^>-b4^L<kQyl_jBkmhn`4#{Dx)$>nFJ`2mi)Cwaect@5t5PT|^JWEjUChnIL
zl7+xdZTG2*OPXlIHcbdXI+B+@>ptAXeWI@1GXWi!%3V4`zN%_+omOu+Cc|(W8i&K%
zpWZD}?!I{?bcvPVMtUZd{4$0f3zWv1KD`htn!&*sF1cc4$xIJX=HVlJ9}+h@tjZV>
zh6fywvx@4XG0AT9RwLUzxheZpN;V_AxXGnITmhGilh}N8ptn$x!>sD8s%RVM)3{-4
zG0CXLWlq$^!g9gFacEJQec_l`L_vvgT=B-eaLXh73)2b(R$&w+C=|j-Nt63zO~@Oq
zp8Ig^w|LX3uBt6GP%nmxXUBcD6ZLDy-8yzc<EJPdAsTV#p7-L~r-))ZCSqQS@<I(3
z>4-95FUnh-mNsdY4nyhFFpG};j97C;9&R`OIMkxiIL3^E;zY`fmh~A~SL+mvNJ4rD
zn$8<HYP&`pB`8pUWDl=RXzeQsTJJ?MbW16Kc4H)rb|Eq=Ytv&fvC(i`Y&bdfz%NzR
zk{Bujkio6<Qg^4ONgrZkOqNd4v4sY;Ip!;OewVQ(C&A-cM#DgZ7WLsE56G}F3ZUhP
zX**O?CKcF453}<(kS@E<s5#nVBz}kkk*VyqVyGc2gELJu3-Se!#6Xn$cdY^tW&YQY
zNLjaUF{@vcd$d;MnX0Rkn-F&*sI<Oc*dU6J?=Mmt>m77O@vtS*#Bdq?wYUaTMhOqs
z0)*z$*@%e=)=;sc^(VtLi#Rin3%Fsk5)uNlMSb;wUG)HZ=*QO-gS6wrIG*?Bz-69D
z$LoMvzj&|^N^chpV<ZfvgtP!-cP1Xox;1QK2B`ob#E8k7cF?lUm?VpotQDVt>sDMn
z;V37Ip(%D(P4RFZe(>ofHQGAJqTM2hv8-vqt~+b?6E`^Duq8gc5!V(@dye!Ov*jXv
zh|^)c=VOrMx#SN^WIDKMT3S{j(HV{tSnIVHF6b){og9uJ1_!~K2|WfIa_EP_8qG+y
zK1j0_(-<ZSH`R9_O6Z_Hj%wSL(vUdf4$)U$#K&WFo4Z}YU|=>q0fs)Ox$a8;VM1ya
z)BF?P9q-Lw<nnx39Baw-cAe=hUhoDPs9*psuEHC$@1qRcuSfJTxOCX%T87c*$}Y<8
zAUnAxb@LpDV}mF(k_IL?=eNg}BHa2<`&@p7;day|mp%5w9Z8t^!6<@i*}qmNqr25l
z?)<Micy;3HdFUQ1AFarG?sGbRQ3fs_>YHtb6@NzBhEN9AbsdcG1E_WFL|>e^Hn0Sd
zK!d3J{W@1HjhZZEZ8rb|JfpyAM-)4TN=^_fu|YMmdy8`BM563|YlqRd3C=I!c3E!K
z%Ws<8YS?><pu6=ho{yVrP<7uEr`aX6;VLS`i4ejy;r9)fi)*Y-OBAejm=c0BlWww1
zs*DoQw*n#n52ujg8D~$EdVi%6>J8-6n|k1nOvHkivp_G42DeW)M46^DwRQgXcje95
zo?t3-a*c|dz*`Hmo4XDX>>0<>my37Xb7(xcHg+3!DA-UeQ@>hjTzKC>nrq0>I?O>=
znG`BnAC|@k6ms~)fb7eN2a@w;V@WdzH`rd3mVDU`-lZ600$ud?=2~r5fM{nimnO5A
zi0D+ms0+S~#T3}e{h4T&aJooF<O%=2<?e@@`dO26@Ao+$L4U@#&32eI9~!cRFzcFw
zI<MijoDQ8%NIQTdITINtiOxjgTv*K&oV~Bi?EpsCQ?i%blHfWR$h_*!b^M}EL5z3I
zm_5yrHT~Jszv}x(H4ao*u}<)qU}?B*0^t`e3lc)YXg=gZ86D}4&8Lb<s({)3#iyEL
z10qst251W$e(tK}{z~hL!smeH<j>8!P2$J%#`6*^lg$g`C)XH4R1I?ml9<g`pIm3N
zz#@!!6j;$Q7{xyq(SstIgq<TBV4th|&@b#1{`~#OjN<bb3;t;2_p1IJ@9}u)%36(e
zG;%bA`ZVBg;5(B%wzJ|JMk&6*S}9n7JP_5K2(S}zh2y4K{im<1(EaD(S%0q&`eqq}
z^j^VUz|ldyjok`9Yk6f3pLf7dc>_{iPT{=QVH0=uME;Z{BuQU!Lh%<#65njp(zH!i
z@5E-Ed+-_D+;E~4T&+BgnEKWA1WG7qnzJj)@`irr3qm5AV1^l;!zah*vqnDG^^V15
z3ApqesowV#t{PO`2CESRWuhwxb!D=ZS;85MH|x8Xy4EWa32xIA(%$ev{Jh_GUhi9!
zNe+}1t4H^eVaekwAK+SFN21Tq#DCXVrX^yulp01J=Eu+O$dsZAw>kQ)iYbMHSwmBB
zc_}3IcED&IJdt#b8j$G~UjK(F57z}LYq~7s=To&dMG%R#5d7*Me!k(?l$<(WtUbNL
zPew#pC{)}Vw?5c^a0u9MczNw{fLJSO*rkp)W&b$kK$zG5TNjH{5u<P5<o@BW#H^dr
zrqDDX>6%nC@s0mujbrKn%S3vx2B+y4vcQbXUa3Nw06p%^^F#h6<h;ng6r7}qw#61a
zO%%cT!|XAb@PVCyot^#mx={Ssh(4y<uDiO`0W3K}Wqt@GYNGd>mP?vE{HIrqns23u
zD!u5K>N2_8p3uYE`2c57PIysSX`IZ~$|5GC76z|*pPWJWoxdPQZRlY<B%Z=wLsvc;
zNA^{~fbTU5u@cZbcz1aC6|U?e;}8MwP`NSM0<3TJX_W1%tm?-`-;C|v&Qke9YmMcE
z;HAI!&&O3lz8m4TC1(w0aznmf($vg1?nKlJm;#edoQ`STCjf749N|t2+HPu~&sD`a
z1$Or`&(IJQJzZ$ao3~5Zim|wYvl6kjbT|JrYK0ghokTE%-jOcg6it7KpJ?)T1n#*{
zR{3Jq0(XlNRrz=0@97majlRiKVo^06p<HszNJ8@<>ymipYhHq&k`*XE9cU!r9Q(9I
zWf{Bbkmntj8D>WCx|UUw9GThZDo8VI8x*g?#kX78NL-$hNC-*r9FrY=W2cGc?!+$-
zOSYdcAP|SJez%>aA03Sxgr$>PJOPS?g2eUcRnN}%QAz0j3R25!e?KKlJ~<H~JFQ^y
zYr-PoPr_{o^#2_B6`7w0L$tZBHm-yK`2{^onbzT+RC?ExORu*kOv$t{-XtB}IlykU
z`9PYZhw_~A-A2l43Ge~a#jYDm=<E#tRr?k}I(62>=YahoG!$=6TI6Km_H@86vOnXv
z?uJOjU%v)+WEGd42d+iCaDTgB*5z1WyXh*Uo$nA-<kj&}?mWAz@1J=SS1yG?NJO*j
zrXlD%NqbZ`XjIP8Q6<#(-lX_=ON9<jyu#+kzx7JhQ>Bi<x{(*hUogg<y$~ZW$ZNA4
zY_b@hDRgm<efF)HFtFxshH_}r%N9E@$g*1ObWJ!*`|Mci^{$lY)kB>2qkSj;q~=MQ
zYWa&dH}JDBF_G1|)ZPi_0WRm7yUl;f1D|$3=GC-6jNEMd@dE2(^)Uc2X$GGCggHW=
z-|z(;DgSI7LBRm{hDb(H`)uEqzXS$}HwH#X-71s0hW3rsVR~I{r3Ccdo^{S?7H&;|
z_*v#ApL`4&L43fOUw9H7K4l+1!6FcSgl+08=ZyS$S*#`M<an3pdZz4joVAbRg6KC2
zX~YHAXwouKV(6+tvQ#}DycO}IKWkp|6SNFAvF?3@MZOZJqk&s}E0Q0x)Fcq6&1UYF
zPkI4s4fHn|NrU<eIND66W-q30`$|T<*(qI<jhgq8kU*A`AzUbF)sQYuL}^Y|v1F#Y
zvE1t<=ew@tcoWY9my^wsnE8D~i-#@?lGSpM3m<m(IfA$imF02?>TxY)RAnB%A;5g&
z-_7;SwLK<43_T2AOk9jfz?8g9jPv`N{gC_XEF-)Gk?2EPs8rF;vbs&1FdmRz27^%Y
z#*xP|N6btyH<wD;f>gi1<fNaa0P)lp&p+urF);%{!(_Cb+BbSnNEwoW9X7UYTL5P6
z{I$-KY&-F_Ql&niJguugRS$!a1_b~kc)eAdBU+72{MLLFG*e6jw7+0ufWLHOl4gmE
zm*IvVU~ixf#!~{K5E~&&r~Y)`xS(ul_@td_2e<^mf0*KsYKGmYbfKzLcYHMaxv`ka
zh1GSl$zmkRewMXCU(i2-J>9b|<GkfIaouhHxZcDx;G?%NEqeDDVL$J4y0i+<EvR|=
zJ)6g$$I0WiB)IJlF)I<hq_l@>f^t{O+4l_+NRr1JMnoL;o1PXXkJUemsuo_JBg-Zj
ze;EUb-L)0{c?Ix|*y$^|N8OM-3*$}a1ud0Gz50ZE7j`bBDaqA~rlhy?I&fDUdP?*=
zXNYha5@%y2ldR9M2~R9S3n+&YxA~pj=H9!;3;NT9vOv)El|8C5Eg7f7Fx1_m)&(Fo
zKC1Bv;xF4RqsB3RFedp;{*p!$lcuJFzY||&2$9o<5A?F2;S9Q=ng2QBkGYzd?W%YI
z4%j)}F=NC*jwYFD34}t2c0#>^#gx!qu=pe{GxSJoZ_r7)1xjufB>(vtR*7&-Jb1D8
zduY%EWt}J4gVBYqbL-O;{89cb8M7UQY=(@v<i+omo#Le_bWKPkG9!UOqoRu8pAOZ6
zil|aeb6CA1Z<N#%9vW3{JRF=|V2>0K8t9!4JY?k$K0SAK+Dt#dnr=n7oQm+sf`3(s
zWR2$4emnW3dIfKD{v9eRH3(H|Sz%kv9<@UUlw9TccnF?bK7v?;x&NLU?1<O8ds|#a
zm$OAN3B6T}mDOZqWo9dYE?ftinwpY#ZnQil>L@7a@+Jh2)pbpx)|Uz2%ALVq0kCnP
z=!V|-cNU9!*TgoBWC`aBfe&vlzk(jmE`(2>ie*qqXRoK_lp3vCH|hM6B4!mnzsAx^
zJG<W!dE<kkT5f?J2@_rTQB0t?!i!^xwoTU=@@p%Pamu=NrQnWgKR`d9mz04-hEPLZ
zQ+ugPJoj;3&An`t9-E9^UQ#fMre3k}d?Q^w)7x?*)gjf_(%dQ?=sJg5xVNm5_Cv`U
z2OT~wfpSj1bns0kl`WXCJ8k^z{_(~L;!i<G_d-EhdB6J4?*^f77&`R;tcgEYcxG~U
zf<9jt_=Ep}eZcl?-0`^YNn3Tf4IIWMi2;2<4jzqEw4E)U*K!~Wk+BCu>UAjG$7_%H
z=~nuI53*`F`c?Goks*Zo#D{rm`&4kA&G3U;8iUW&eb^tX9=7cjU1_$Jet&%x@aJk_
zK>qwK>GTB*lM$d1j0XN1t~yBvZ_86i^cvXhF-Y}w$r9kY-<WhP=#t*1H^a-F;lYdz
zH0!kP@I(L2O2o2`zlMGG2`;GK6F^83tD`^|Ltwto?{mCpy!r5cPRD{I)=Ecz2=TC4
zILxHqpUSIXfu%J-YC$SLOh1gN%frSSO^omsJd6W1OI;kRY<?_YqE~ELUY#dfvv8`R
zHqsSr;i`7hNiX5FGDwl1h~Y`G#%glXjS|q*a&pvhSaLY?&2yGTX?Swn`YPt;_?9QF
zZa~aN%tZCzr1x4uxWn};w@+2;xsEw&Wnnq50@3;9R*RIw{$F2ZNnoN35NsRWocLN<
z_ltH)O>>FR0#i#<*)N%b7PXcn`&q-j!sci$ry3?{12E7Fj$a~W{Hc1Wd}jZ*?eCTR
zJ0X|D9LfY-me)3!-1{~2w|UxXkxhN1yDhLjdU>G81`Y>>2O9RsyVt5gH2nl`T0l(M
zF0|>RP)=-`MG6N+HG56VEVQ?(Z4;B{285^rhqv@^zqrf6N7lL#%LHb^Cb7&^NE(|i
z%)ebI7CR><N@P0?h`K0v34W?$OOu83@fe1Ru;KPXtr0sua1&muFq2Kj@@yu7OGVau
zlSPxm26-_{Na9NC*=O<Qa8QFZ;}f$Z3k*q12SUk7Mx(QA3DWef%_pWWqv=0ig{F9V
zk0~@$k(96pM>~;bmd-n6V&MweuBZu^zh(?qM2oez4dbUO)#0_%XwodM4mAKynhOlE
zk16mOXa~jNHWdj~w@}7lsU{h66+x{nCrY^}<}D2ElJqB&Erb*s<f!b}NviqHS1mIm
z3+KittEo|wjMy|vRQd-UClv+a7(fu)Mpi*mq9|&Crc5d)B00f?ayAA`NaCDsDR1Zu
zZYEGMU3;-`6*8&98{$NyY|lX1l9I|#rG{qRp!J%$P>4Q`OFL1gDbuW2H8G2x#5(CU
zPDz#;#V9Aq0+6kgQd@OVjc+B|wjti^%N#}dtX*b8d@(82Fe$JgeMl&CSg>?LjWawl
zsyT)vwKOqHO~pddx*|Qkw}~>--nx?OOKO3onXN#wc5()|bS^Tg@Y}3CxIrr}wuH5k
znlXf+kBN;6lK+J%A+CHPk(!b<%32wlii=>Jgr_hwJ&{Kvg|9S~FIj=P!LE^7*@{&l
zbf!XOG?Nrftwe^9jNLj_Q^nCSiexOKX-!d^Z%|R0BoSvOJXXswlbv5#K$ponDgmr&
zWu78P4Nl}Uw@wV@RaQ^|6Eg|O@ge-Bk7n9cstP1B0EQ5*tEVOI>k3J_xHnD(xqbaB
zGTA(f9{d(xdRMi=7)*paH!5<_u3xs<&hp6Q_(gu_#$NX<?rD%~*CHRSaUc`%?xo$A
z+8`?!ZE1W@$RkGJSJ#HSA$k}>Z7*dxjS+@xr|K5cGh=JlBJL*Q@miJ4eAEA8LCY;J
z1+73ftOvgd_o#52;*&L0YD*!|&U>@#-30f9GZtv#8x2x7C$u|L$tAopH^0Qz3-$@g
zCFC$n4v)XU_HHjoT0rvxo#Z#wAT?mfyiPzzust9f4THkDi%-<K5ku60H$%4bLyGl!
z<qT)!9Rt5F@LZ(*t4wdGghJQ(pz-J4P&T^JTf7%CClhI$9Fo6yMU(up;Ip4DZ;H^(
zW-oj?hI!4aRmPzoC>9#lA34|GTzWz!1>CTQ*-(ml^;glRf^6(RP_9#GaqXSk%GKNT
z4WwIyk{2`lWKB7FS2e1!V{0H-urjsa^-07{MYdugYLPF)6<yWicrzr#pD3hq5BsS6
z9d)a?+gtM?b8k`L<ip^2Z|Y}j&l7YxCX7M_h)_iTIqC&_3XuquPTn6sgNC8O@tVJS
zLcwY82cK>ndK5QCgNI2lWbnLA`Ws6Ca&1#ObxeaFa^js#<0@Yh_O^ztM<i{i5ZY&_
z7dogC($gwatzuZ<P039hhe3;IO%h_t)jyeJuKB_kx3Sw(LF=^M$`;-HAMz_w$~mhI
z>|)wq_G_OOH2IZ%8Moju``zh6pA}0DZE#*EX&l}@r_4I@RXxuniV371pYP%kL%Db%
zEj+M$f)ZW)((oS51)72cL!7xVMe@U>`V(ZWJ!X7e;QkWzmU}4{>x3kridz*I-|RTU
zuTk75gjR^WJZ>}ZZH@=$#iK%s?_{SWM%IZ;yc1Et^%SyqXvmLsNsN<QKMEQ-H?EGs
z&736%H<lTrdJvkJ8pE~{TRrAmso74whVbtG(2%P7xqkM?IS1MdaR*lLNVm-<{pZ>y
z!tQf`_^PnL?@UqSPOEt7t2&DT^_q)%psOMV$4F}$!^!O;24qnTSL06Fci={&XZ)xz
z=cnxbd$hBPxw%#&evt!9lueQ$!{eC`i3!rwTUH!h67nl6k^2tgMIBQ<QnVOLA$$Qg
zogaqk<CFqSraNo$(Uns<<{H0n)dFzGi5{R6iy!U^;O3nQJEkuh(8SiH#3YYy0VW5i
zUY2jR-Vp$>85dn~Ao0%g)G&bOMfbb<w3fYd#KQZ`5D>>NxPP)|@aAYK%WhHhz!2Vn
zp30sP>^@jzz~1e5ST)r(SK?MDC_RB<pyh_KD09r1xwD{Wpy`V})t6Hw;P?)u-*sUc
z`*+Q|U*-)=5-~GjB9ejmpBsFT#gBBY0i!E5o>+r3(3acpkwOC4AY0+!zE#Sz%CA05
zrvWz!p9tLO=7m`&7Ix^MNS|#_KX`-6<U3PW^UM9|;c5055d8P&FQF7vpep!#;@zp6
zg_;JN_x2*KW0G(Bh4aTgT@`Zpw?=ptxorYrkPFb`OfdN;_siR3L-_p3xeKzgmr)fC
zyYwKwL@{oTKU^teU<KuS7hsyzoIvAJcuydHDPUCH`CLAi2W3%C(jPv!el>0G1@*=}
zCa`@UDZL9Elo)6=bF?2RZAH96j%B4%5YCAIMWx0fEI*lN)1AwZF1!hEgHmU}j{C(e
z*0EvqnkSlo>UmYaN^p^bXZo1SK(9<^NVso*F4-^>nIO`)wej(7pAB~R4g=gbYd0Gw
z@7WP=!O8r=7wv77z}|>1@d)2{MJpu|V3gj^6w5I@ogo9m9zyGBD+|p#@wTVbn@S5D
zv8$)~?9I4z0JX$kSym-?zC1bt5F1@4wFRz6_c24jIZ~PAwdFoe!3`2!gI||kr?*CW
zJWeq-L$Bi(0Rd{#@M4sSSAM-OL9SEBm6R>+cQ@!3!o5bTl}GGpYPAbA)io;K7e8W7
ze!sivOP3r7GxaScsWzr?SLC++R?`(Mk}dmW<MU>(*zRDrm-Ho*3>{A2cj0!_+h2pz
zc;iwW17Y1T=$*`b?Y{2dktUIJQA%A6BlnnvFdfRN(pEs>DLIUSWhy+RU^{gn5R12P
zkq6(szIX6Xk+I0Mb)R%_S(oIZASRl+j<?1fI?Msh*inqHCA3`x#XP+dMeh0qpTIs+
zLKrG>(a$@B0ej=263%>gYTI`x!TFl?Qs^C?E)u)?6v$|kSvzO=@wE-3`Vd{ADT8*W
zW@N!Bzh2zPp7v!4F6{3H;mebx_*HHT95zk_0dOod?49jY<9l`N09SuS^hD*amPNF{
ztHW^&qqZ%xIi?%TUp8T8ogEuG#;oePQP%s}c>HT4oA6fFj2^PEu)uW`wAo0-Ip{Js
z@40vjmi4X9J9c~CgTv$<iSp@`v<eUu??*up`>9AoA&QKQEBIiZ^{zKz`|Tq^3m`C|
z;Wia7{{k&s3Jdp!P<#^}nbS;%S1h=97A!zW9!$ElYgu51k=`(0+%Q&lR+sN2xW_O1
zQ^i4cqHp@w0(BPV<LhnCZ-x5)E?Zt3#5gL;{@bBUy8|;3ti=w<v4HNSloMJ5PgE4a
z83Vne9C?ylb?rq33<ajoVz;e+_I1PggB<DenC~XZ75aFiNJDl9_ts<{Uu;R1c=<By
zvg`cH#yCQAwKVD=J%zgmkC72J7m$)Py?hJW8(#l4C}g+Y*~=)2fkOZ>lc0~lA@_+m
zy?6taAe$C!f8xPuZuuw0ez9e1e;e@s0wMr_2tZ|5nrRCFSOb8eK_Gw@>_1pU03^ml
zWyVAzfHa~&nGps6KoE)l021iG2><{o9iR-dR%Q%`0)Q|8M7siP1^c%W!5cvVK>|JJ
z5Q*pLUw{CRKmY)mS^9I12>2`n@qr*P|0D4~`TvAO5FiWyKxIW}M+5*S68%puNX(fC
zjzE|-06-a({)_`bDn*0{Z2**^p)klZArcsz0YU;lw*f+#s1=%O00KZDz(fFQDiJ^#
z3_>UcOnjyQP{IHZB4ChKJ|c|<1rQNIsB96eN%ARSB*meLWcmOA5*P%8p{61dj4%ii
z2%!!HiHYr*7{Lxn<v9jGv_fGBA|&v?#Q-1-003wOfk6NOLMXzBAd-9pR|pa#3<(54
zz%x5wXlO<v66o1l|6f3vT*79ckDzHZ13x#A2qBk9Sp|S*3HyJL0AUbo>wgV^Xv%+$
z`hS}8|8E+EPy-1JMpy?S4e>=NjL;JHZ}zzl{w?}%KnX(v{Wpn-jJRO`JM)}EnDV)^
ziIBh`01=`Skuv_}il_lRGer8g;{nQuN+b|kX)z4ZG{AEU5%8ZnL>0gqi7|*d6V3A3
zPCyu<71oI6KWp<mD1kvBU?Lh6mDMgEfCNHx<1<iZJVUtk{{l0Flh5ZqCIZ4p3P8^&
zM9;bb5ToI_6cHgLKUd}>#@W9BMCkHwLhD)Lvw-Iu5Qc<M83X_zfu4CGFp%sGVMKsu
zK(Kh${$D_h7a;5z{aNUL0Rn`fLH{H48Tns^h&h%{^j!8F{5vfW!%i!?0ED3XcLYDv
zBBTJ6LBI@zA~1wN#vl*?!8(zo7zRMHv&(34%CtpHzeGgMvnEI&!1K6$CPJ9*SpdQw
zK_CDUQ!2tPK^f`5P#B_P%)pEpp)ev!7%({>@IT>MeabLaL<mg$w+smTH$r~43SxQz
zGi?zl|2FB_T8KKNmv@CKUuUA&FRtNI>Mk39{sx}Ir@9~EId=9pbd5*ycHg;S6mt90
zGI&Diz^-5T{e3VOZ~O>%tU4{~Z;Il2z7Ga_7mMx~l*b<&B#3^cjSu@B0dfn#bxd>s
zt}Wax=y&T0Vs;$ARNL5qrEQ_?vTe>s_tQ-RzplSR7ul_}`iztk6=S2SZI0gfY_`E~
zs>tJc%B-!%XTs-Q&{Q1K8@yRB`mxq8vlc=&O&0Y8h^seg%3<KpNLb^Ev<)=1ar(m{
z!JoAC83SO=^^FhLX9-l#WfK44tc$i6-6uy0=dLxUn-TKMN;a9t_$c`$ov1eYEjD~K
z<qTrnXMSydOAwwhA->*k9y_*r>;;xZ?|91<a<!kh7G~ZhZqV;#i}%RihFc~m#$YR3
z5uq^bM?_{OFlG=`O0yCHsfToBsjNzjnVpIq%zDdRBgw#4vsh;y*K{{f!19<^7r-lf
zoYrKUjiZR!S`(#myKAn{`-1(%!0(VRe3gFG5J-;SbrJNPgFL>MGBaClsjpi<JKwwo
zM}~c-9dq1~7=w{G2U%&F9V<-EDC8`c{J`6XFdu`LJZGS`?bCr74^6ed2$u{_O`nrr
z<)Pa}GEHE;lSoHO&2{-!X+dCX+Zytp?ww=VW~8z)s>(ut#GkIvnzPPPh#LU%y<FDH
z=XFWi0Otq7{LtQk7N$FnV!#2$0=H4mo6lYVm)gl?u=QXZEiy+-a3%(AGFkAHsp=Nq
zSGVqlqip(V?1^_TKO9nuFufeQfGcE8M|1AYkNO2(U-a&bwa(+mPo%{3ka#evS&UE4
ze~SEcS|k@p@9+Xmo<_bOoMh_E#oAB4NzcR5yL5_=O#+(~DJv$kzaGHveo+#e>PNcN
z<fOl#?bQ1_7Cp=>dhBL#pvT3jkZ}C$Zu<-Ah!i<tcds-qiE}j#Th4Z9)7?RY%%Rt=
z&F4PgRVLt@KGg=fb}wtt%T1Z2oz1<Z2tV9q`8e`Gqqo^pGT|dRRha0K!O^i_G0(xe
zN*2%ruK|~o+SNdF!}s2hDPOFj!>3wPw?-&{@f~$$y#E^<qKh{Z6~^_>dP9t6Y^EL;
za=aGs0e77Vr1JDfF1z+U$@8QaKKuCiVg&KvlV5)LUYM?yqRHEL{(MA#pt;*h(d&7H
zf<)Ad9ZpMG*IO;Ee-J*)pX5_Mej(DCW30N1V*jU-vFe}l#JU?qp%r_Hh<u7;6#JmE
z-g91CSq~nX;v1UcC9Bef$lEIG{nbSHJSWomMWnOJScTwqC7%*VVmJn@LCj<`CPR9a
zuX98?2p73$QS7HgI*88(Ci@L0`#M4vf<fjp&AS4ocRSCa34*4bNavqx64FE~!8|uC
z(Rj72n>!$?0^s96$RL7V<iC;=rKCYWdJ#Vs0H_oU@LQuoOExG;MYuO#0{~zzZ*|2F
z->!tQ5h(c1GFC>bB$H~F5XF<IFcE0S2j^=iNw*Z)8u2W!YG7evbF!BZg(e`&wtQKv
zE?+aKi^^VH9zM;f@|`NtuBhir0M*118QC%kTeQ16d#EI{vqCBvQMvdu71K)^-#J&j
zZ}(aZnNRjYmIk0|v}^-3umDlrLhbgM#bL-5Z^|_+k(*GYHHfl^4Xin5D69Q<mh_`#
z3svh~Ox^7rpc3UMx!>8l%X_G^9lW}ymSc;lTd?wP&ABqzi_hwuWX?Znqdm5L`sreC
zx#ndzO@Op|JlR8I&SMlon{Lt3is8KcL%iC4r&_dkop1jD$9bi9>X=3_>!1LAHMoLQ
zll`2`(`x7ltfR9^hjEBby|&HEd_Znuj5A?@1$|7<L47ws64sChbm?HkrLc0hZ2neN
zq@8|ryCuXWWP%2}LQet2OTxkEaqpIOl-VQKsH7f$^tE<+uH%Ot`mLczt-f%oZrV88
zdDEX+_8nr9Vd%med_PxCZRy--J&`dA*kHmaS(D0W)Z3T@ARV6<7W9=9DX<=e?;Wd&
z7xi@p?KJV58|bAhmv|r_o~x95Dj=shh13+F+aZ5K`UL~Rkj^S2V1tZc7QdX$R#n&6
zjyQPOop^XR1Y&ktL>S5nr3`-BYT-+nEojRx18T0LmLF>^%0^mkT>M5L-Iqg-I7(jV
ztsNmoC+ba7=-$tx1weO)K37?er2}BE8a*xyQejic2L|VC|6BKe1+7|I1scF8tqOer
zt~xkDMOj@#0D&OTN2HQjZVMQk%}2rHOVlDzfB+EXj5jK!AVzrv0+PyGLJTI>?`kOa
zR4D4KjPsz-WF3Gd0PtdZ4Nk|N!gfTj^CywXL`6Djmz~6lJyNM1Iq@G7ZPv>_JPiuz
z2JsUu>@$Xfiv60Eai~<w(U6s7#Ufh{!XgKR>pX0G-XbHiI7d67<(5H1uDEIg)+BA6
zLP7KL@+O7y<><oYYHF(J;aNv}0sYnKPc?36%gfb9RI6NMyoST8f(rJy)KnolR6~l3
zk+UsvO}4AiYsPC%-&WWQTX+?85CZ0P6s?8I7oy`xx!XsCQuK#8NR?|oEGcU14v}$@
zB9_T@;);j#7YGcOzi3tnMK+gL7PfG;2sOuOwhY+|IuSZ0R_jo;#3>jEI*`?n6_FZ|
z71?u;#ZbjH8O}CS&6>|PSuPGyQ`>UY?KtSRjO$F=)--54m^ZWxRXbTIHx~*v>91*$
z>JPIcPH-=mx3CvRV#PQp#OVs^BN#Lp78xm!mT<LjRSDeIwwxAe)<l*USy<Q$HFA*{
z(pNh*P%FgQMsq2ya>-PvG&C1BA=wVkDpU$_P&GLy7;@UjF*g^-X*TF6wnWZ5na3*5
zD$W~5vv{<$>&Dn8Q5y=z=vR{#u94WTHngZwEkrLjXqz`j3ken3&pHK14=>WQ&p1)A
z7dcT=lTvXg#5gcFkqsA?57m%bIFT0eR^l2KHW>0K4v{w0#K}9VeQ8x`Z!S`(DG_|q
zduoS$#Qr!f6FiH(WZIv1c3z4X<t6RVg^PyA^XU<>wTg21ei5b=eI^bd^PtREEYX;f
zrDA;D5l-3t6TXVLD{~N2C$%$uD1n62n8e)<%ii!ciEkZG9vum#O@NPpDZX(XE^X(z
zQx4p9lYWvo{6q3<49(86RdLxffS;<RoL`sUia$oz9@bC5snMJ6PCMYswIwQ4!Hrf`
z&f0qKsGY%{Sw)BR!fH{kpBJS`(*p2HCHj<ZbGVq}SIX0agx4Q-=U%g<c{x*yx-~JW
z7lWi4*3@84Dql6QtzM#92oNZ%<Jyi(f^vEeF**cn!Ijy@SBGB$d<&(nF3t{`sk-}A
z%*^1rr#3ihP%1(9Gx91Aq_@z-^nzkzQVz_Y^viN*ET9<~y8f%1`Lh9!?KiRzQ87>3
zGbBQx(jhl50ptCFGtB+X{k=&f&*Tw8`E79s;>AiPDoJ|f2~B#sUfVH-sdp-bK2*o7
zW<u-db|X@oGyaD)ZLV*d=PG*N#11}xkd6shKta)q&~a?ueNv}ri=D&wa+<btn6+Sz
zNtsz8v5V2Zs#79#qoL)dO+SPuE-Z@BF*Nqmc{Pc+h$@`iu4@VKx6<k9;2M!eH!Tqt
zb&T_UY4~}HZjrkMy#e{7z2e_76d&;C4o4h=nA;q0_TROpcf&jUWdf$pTg&C~mLt4K
z5<E|tu2q}uA#e<J(G*4F<2#|9k}F@>FE9ATG<zgh2Z0{eG$vQUveHGM)vna<xQnoo
z*Lr-C(UMO0tf%$bpqmqN?FU#X$!f8t<QG8!+!<V@+xPv3D7E-v(t*5Q;MkplP^Niy
zw-&b=@^3#aUW(Jwxw%D2`bc&_r&b#<iz>k_Bku1KPK~Q?63$j4ZJMpbt(Uke{0Z_Y
zuh4t*aFY8*4qJX+qbT7Gh;BKT4SQ#u8U*&$r2*(n1CC8crJvZg(VhYuDH|(Ez`{Ep
z<nR;f`>O|zj^|3V$O4Rgh84+I?>ObA4vDJo{fBxUguPJXrIU;cobPIQuvumzwlJ+V
z#peJN#Il5284q7u`Yd%H3Lur)7h4w8(fUj6Mf1v4oky{`1WgeE+`+}cx3lmb#Y0^c
z^O<+EnH{?l#08w**;BQJ?2X;%)KCt%L$-2{zc|@f(a=NWPhMgAJMy>})9=7xxqVW-
zUIT+E)~g56M5qpYv+H>N&1-ez0kjXB_kLs1{CvK3I&TEqJ*U3<hlSKNoVU8USEmhX
z+$`v6WIl0-sN*F*8l#}=9=*2`!2H&3@~)(bl#0<78q#4%g)w_>itS@)t1+a>=6yQt
zjPToGJ+WZ&NsnP0aCtE$rx{@3)&UirIjmIUGwHi=+pUU}x_?i58t=n!VJhQrzuVBV
zWVIo)X>}Cfhk?GTQvao!z4>md)V=b}o|lDD7x)t7oriBreGY&%xCyHZ&f=QHe1I0G
zGr-FIpFTA7<wjy~a8w@WY~Jcm5w}U|)S~M1gK`UJJIsXYUYb~v>$m8*O>lZ@pu4qX
zPZ@6Dv@7VSY@vpiw+~PzuQV&34acKX?RM1X3iTiOi(K7&!-|)ftGpsrsr(mO?a%d$
z&Q<a59J|HO>Z^89^HjWc4$kf1Fe~bl_6a)Dc~zg!&N`v-f29f$dm!ej^>M5RE;uOI
zOW%c*3raQ-N01BVW%TqBJx16TKX_uc{W-|Z>J&?JG|8DisHX_vNhzGsSi~9Y@flno
z)-h}7eB05dxMYlNpXg!l0P;%<XkR7e{D9|a0M`FeS)PO~JohxdKRDci4-o!tXleK%
zJh#!WO_$M*L*Q^7H~iDh?Ez}tT3-UXjR=Py^fOX`<B4b02AkiCRd?t9C&aC|VhXy9
zm7Wir5s*RbM6lJ0qUV6jr^mHxv+y<YY5lFd>cG~*QD=0wFF%6vJI)A$s^hFD&Au4%
zR%f`$7>IkGO?&Yx$(lUz?~EisuHbG86Y2ZH`mIJ{0wR$XvWJPE+7wXJIzvC~uF-n#
zuy9PH+nzP?ut;Q!^NEt7`Y0M32KSlMYlbhOAn_&(O$EzT8;}rA_#nNGM9D7RIC_Mi
z4{5%7MdPLKx;{^{6Z2laG1Iq?Qc2c9Vnm)^E_evTz}BWJXWghuZ#q{UV}nMIYH{y?
zBtwQXY&>!Ndw*s7SlRV;&+h<ZjxrXp6V!|X&l2v74Ylt&B-rLNvF5X9l1pv0_T<=R
znB$So4ZYdH_B01#dN~7wBto)&wVvdbGDoyU7vgJp2xp1$w`?|P)$>lHg}b{yht^%o
z_eb2_Vl)WiP;d*qoxjka_H(`;SjQ8mm*B`!_ZR=%)_tDl5W6l}9W!Ds{l5E5<G8am
z$sj>yZNwOhEywarr^%!2y9N%QjlQke`}rR?;fD;m4?zc69Xr!9H2o6vJUK?RaWigh
zniFs%S0#@&C4NRi``V;7#Lsfx2dHJ2K%b5lxj2n0HnVTvD80$Ln=^RJ==VA36$xwl
zJ@#Hz_qmtd8LdKtkEo2_V$MKg?Hj_k+=zRF8)y54-Ih<&T#G}p-?epbVx@Lvg)BS*
zrM$-+ex7}zL;0N!y2uqV^9e&ec|YRiHaR8QPMD$X8EjE9cTg^uNW-f8rjy{(sN4iy
zJg1<Q!Z^@7Zt8`}jMJLD@p84>h+NIa7;cA5LL|I)%0HC2Mk}8StVR;MvMTmd$k}Kt
z2qMSftz<IgJ1>Vk3R)BrC0WHXB=^)+obQv76}8L2>eV81>0I}JI$qDd6zmY$mE9Hp
z0Al*VH?gN{Wnc!W;@eRM?>gl&j~pBadLFz7%j1sENEm;(B@gv$lm8jjWOyw5enxq%
z^q_@<$wm`%^(5F#-I6ncA5^&j`Jq#pI9Di}ZeDMYfmr`5*opk%CW#?+jY^=31Vm#v
zR8=-pm8F&rj)q{1JP>E3$)NN<#3C;=#XP-IqWMVsx&Gn{6PEC0*t!yJJGHIkx$}#4
zB=lyC%Fj7?A3eczfe*KO-|yCvSj!=W?6NPJzB`DJN?LfH9c}v?wZED71QHh=pzaS}
zx3Y+T$aRq(oVPfidWBzyc$q(YH(kM`#2cXz8Fj{Pti<Dfb(^5>w-I&*Tf4r$@BP41
zR0S1SFcI5tG!2c?yTvGa_*TxB!CI1{tbPMY`M5%_^N)9w9wt%U6(q%6zKR|32tCJS
z`jb(mM{29OXKQ-H;o;+JKh_xv(Kr8;{gG+D+V{xykMw-1Tb&sTNw~a?j$7j{OV_PN
zDTtZoH9~tknZ-yYxnS`!rN(2xk-(LY?s%#{R%b5EV@IsSO--lS#>qX)m~JFT`sOCH
zU>0}Hlf%#I<|@mtl2=E&<0z$MeqaxpyV~gSy6Q{eh?N;Pxb0WHjpNx0x2M}Tu9mSk
zVHcOb(A}J5G?I==?KW@&0;|OR8ijql5a8k^wa}3qAe^*H<J&4AD>xV;eVO}7ZFYpR
zHLwGPcIs?eRLMVavjNiCGorS!4%+5NWpo;ct;?q_b&rX8IkdEBmOzMjBY!4E>b^%(
zv+*JgOLXKc+7kDiJS_2Y?zjYE#Kc8zc@gQ@yloswugXI8U$HMS9fBlqg+6I53LN_i
zm7ssm(~?(>&)@}_^Tr3Ut7k^IySj>fc;P(gQ0IX)8gV$zf3Tok&JaNP(8Hgv$k!Zo
zRe!`NM)$PAEJuHT;>?FcZSlU%`0b*{!%a#LZ^5#id9KUGxLxYCV%2JBl<;q{90vWD
z-S3jhbFiqst<nY!OtvSI2lQ5kX{YgAcK^JwkvYKpeJ5G`)2+|BCfBZYel9V_3WQ#F
z_*q3~4{Y~ob8ew%OPE*fI@#%9s<yRqW83#ouhZ3ps>Gm%$s{WKz!Pg=-9D_)HKEUB
z&)Q6I(8bX=MGR;>>)IFoQ>r?AtaJYCHZ?{~w5%^g?fNm*mIXh8K&n!0l_vkHkokg%
zk_o@aLxAl&d((Y@%X;Nyz)j&yAYMS=@1GpnzDE=>jG8X0)w*4+hdo3|Rr{;=PZ!y-
zck!lmuR2E}2F3ED@C&%^<R{hbW=EDxo9{m@55Wa7T8*O0rdFG7II?fLvh;ad)&^)}
zI%sX2BabVGbZ93h!b>d4?iV|20$d$4n+g{;(Z%1at*zG{B`mo1)5V(9>Qe7;&RUNF
z|Kv*&<|%#y<|k&3r4Lx-QTgjp1c)7NP7IPpUltncD{^*{cCLFOQ-0@uxG!v^=}JvV
z-R<u!GH0|?-tnn6QqM7ER>Uo^<%WC}l;czx)1_}o^Ep}aGpcy``NMntHK*zPqBy5N
zJo~z}p7t(Y><+rxSwkn2y`PIJ#yK#8!+tR7A61KXbT_(Gc2ZlHaAstmS?a)U*;0(d
z8fslkq6u@?bEtw1o98AMn1{(S|9FUC10S`;zZyxwrJ>S`<m2X{8xVfpSGqpV!E*f0
zj@PS?vE?#F7An6aGiPvhD+!{i{6hRP<z)_!DVi$<JyC>AJ-0)rsz|O~kc&rW0s_bq
z42(pgW8W|bF3zq7yFoZ3B^&DolwNU_7;%yj2YxZcbJNmPAmK8^DDcRNJT@S0e$V1W
z$81BGfsSsmxKI3Ii@2w3GN9+~8~k%6uIfxGn`2pTve>Mc)!Uh{OkD-CU(*?wSVh{_
z`H`@Mx1MZOsSk4jRn0DJ(`#lZ6)Pe`pH60zyl@W(_w7hCQl!&)z+^u<YH+V`&h7Vy
z$K_DthJ;@d7W$6QoWB=OE~~kyKEC05S#AdRfDSMw@qWd%bP@I(PD3+rG$3Ig*|NWE
z^_SWi!Sq=3GCqxDpz;UW&up~X#tkx%P>*AN!wW}wQ?s$zv(#tv?#g4p1(&te2BSpA
z|9k16mFVzYTH{c_<|=uY>TD;NgxSOAyd|>Icg~%x!}l_P8edIZ-$i<rB?9#YPC&iM
zhxOv-O{EA2{31SlgHtN`__x>$d60zJdVYzP@9!!_=*7R(WT(pG+!o?@CWRk2deKtW
zHZ_Fsea@&Aj2|b93N=z!9pqD2`X2y^Kz6@4EsjZ&K92d^^+J2t_uy0!bokw{#ILSW
zLsdrRlC8bq=d6I1=S(jT8aHrJHc6zrwqztBAiB9y-tq|eVFqzPGbU9GsQb@d>Ij;u
zM(7ZB_ZHSYCw4yYx(5O*^(~@BVOoq;dMbL-6S^`%bjY)}$-XJhz-WhWK~kOJ7kNdr
zMK7Z5lS$oVlS*Ey#W%3AppDcI6}gC-rK+AhT(SF*%X>s)lImU8ATJ`3;yilTcvhj+
zbKZ3Cwl%M1&h3_Tl6QKWnTHFtLvGcf7&_;Hm$BX%-m`WQi5Vaj%S#^82IAv5dGVSh
zLwx0<vE5#R(gavpK#f%v1YcMX;^#LqgG#6!s^xeOggB>L+iwH`(x-7xp4~od_<~Y$
zYk^rzCZv#Emx6YJCz&c*6AlZ8>y#64k)_-wx5BF?8syIJ1zE`6ggND1E_W>q@>%L-
z6b%#PQ9+84fXy*6v=+yP^ZCEMPr%#==E-d1Vy^ho*&~z$cJoQzJEUi-l-e1|W2O*S
zeM^oKTD=-GxDqB9#XN+RGN_hX=J?3)^$py1nzvOls<`B<yr7_o610|FkjgKp>^sMI
zR}GuHB#}R)J;wGKtx3sF6SUjx+Q&zt6)akPlF*<yh-<sG<0}`cyMaBNLoGMs+ehy1
zfp)|djMI$RSVq9migd<J^U}zBe%c6|OkI@=1~+W?kduArJZ7o4MwO9*i6um_gMfyX
zRdY!_d)hSL2K9>vx|@BP0HAnZj~%>JGdm;cBJ%SAR-{f?dY?_Bt=(evXG2<6NDeU7
z?PSkKv6<MtyL7EWqDIXVwC+~lJ%pc1+6fNoW}Nliaa>+kETV6&?_RFm95T3F)!fRi
zoshcT=HE7+Wp#IKmvu8<Rd(Z--P?C#tGlK2<yqN{vALO)arITUIp>P`O|7JBgsZbO
zko$s*O!>|<r7Epb7U`1uc8>0@8$4E8seuc@ic&F-sZbv$>hjWLkVirbRd#|Zoh*%P
zb!7^tP+~ZV)7RVG+c#lN4zN10syaHqrsrRLTSs=zBKHF|njf3nOf36sl38x37dPp*
z?!LBnQ-1dEzSa-|FlNLZ^|5)&XpJ>DEv#}<Pe=?9LBAzdC4~Xv*1(v&IsNIo<*cAc
zRX;2-0=&hSrqHOWC)6x6<#rWIVn|wyl24}Ul>-Qe2oY@!voU({Vv6o1c1t9ptFx#u
zTL&mslCG+`?>CdCX1o@#Tb11yhFkH=aj{^GtT|S4GjhtU3a+_6Baf*I+S`z#*%Rd9
zM4}PNYlxTwJ9R|2Z`XpMOfo2MA%x!*vo@`{-MhWrz?JGE*fCWGy?Sj%PmN+H4h@1_
z5hL4}QMHx|x!W?|bllqIp89?BA4fh?lw55CfZqww9ij2O%6P|E2xWIhIXL^}(N|w_
zN+*&@83n^3<pWavR42Qk5HCIP$`B!$$_r0Fq;-<fUr5js;t-I;i|D9S<3QBPA5jAY
z6G`1sWKCjNPz8Oryr~~4!pWyW5t|)fo2uLF-5HsgRb7{Nu6Fj$?tQ6>6~+V%a$G)M
z;~Qg31iS5<*7n?|)Y^(IM*3ByTd308+Q3GkY#T%~S&-CKm?k#$_Q`p>kpwCjYOWhp
z2I^)|hu*SQdf8N5FzR9tn26Ehz1{*D$!lU_@f4S7#auRCNel3>`&OzI-D8vkb@F3(
zaEehY3@Xb@uIr;oEf1d%(S)B+S=q#v@pct{%=TiTw;!W?QwKeq&DgP;g%C<gTFW6S
zvBLWs^5s>QVeUEZc72an)nr;L4<(+=+k1Lw@%NmhX+!LE!?zue%h%}#8|_UqyE}?B
z^NJ6hhuaJWcs0sXFE^|1Z;N<#eb?f9&9sM;NZP)tA>hFp<3RHgl|^PteC2*hOzmtY
z!;bV?w7Ri4U!XFk5caP_xe0_N%B2WK0HR0K>Vdw?<qjuOZ8M~VPRy*@M`XCgx8dM{
zB%<UMEPYiLrj%)z$YuP*n<K4}AjOq-BB5ql+*_O1dX@#*N}Jm{L8`}s^=*Zq=eFpB
zy32g-qqZ{XR@*m}pG<WwrnHAu92J_gym7=C_hL34p50?}Vl}sUy1QAOIH%W2^mgS=
z?b(@|-Cc@p?(I{gxxAe^T~%fFUfjGq-ff1~cXr6SW^nAz>C#CdkyY+@F?s=4Bd|Y)
zw5wA}P<*eP*hz9qOqyGw4Hg|%4A)N?0=DsiHP<!^Zf{KAYgX6Y?tb;LC`t3)UDZiE
zW1Lpj8x<3NKQRcId4sHx&_wO8)_v#itI|6(kgHkAnbehBsB|TbQdX7gH&2G$uzg-t
z9L{<-w|94Wyv*)zV~;g1lH`s_WfJoSzO*o7jR4_AG2=EML8cs0;z<-*>m*et=FBl9
zkp$Rbatv`Q(^;cbCv<FX4GFWi!?597=x8{cKB&-vV6bRhueYBuP~?MQtejzE=YH+n
zJ5wiJc_M9MiYUlII7<)~(D)&UAgrUXd=u>@!wi}tEJFxF6I6ybRB!4!==pdqeaVyH
zNL-r=6jBVBfFOpDD9H(mb(1J51@y-ZWD&9Q3N>u{dV2eM+ii9hBy0pg(r7^pyUozH
z94~bWoCWOHcTm@3z$*Re&#)QYr%+%~UN}5P`_6h@COrxHd1(4Df?%?VpnHB43xl!f
zm|w6ZE7tv<pdI@7?cU0rXvN_C{L&g_H`E8lHK;s%!FtHl9$v$sBpJd6a|@1Of-K*i
z0vZJ@d_Y=2AuP8rJd}ljP(Bh4?E7*>nrVJxgTgQjItU3`mj?*lNl<`qyS-Uay#^Vq
zD+CWa2mmWHs1Tm&9<fw*xxz4Rj`o8s`BPWz*l4p%4Vu3&#t6WGWYtqHGQ8b+&njm8
z1fiAB4Q0VH^I6s?#A`)~vw)Q>+1+HExwB!psm+_v1!zhKvsdFHWk*#ex_3`@L^E}x
zM}`hV%i3&$dV>hBA*sM~bP3>t%GX!E=i<A>Apk<?9~N(pZmNfb+b~()3ke9|_^j_Y
zLQ->5^iA&?usU~APa$&+j4Lq?o^IzK5bjGX(S>P;Zcrf3_MD;SUrK?D0)QjYYb19k
zW5?D9RSq;jJ-jyvJJ$$eq6a(!0$K{vJATULn@>4qy=1zVt;2Llj#ixN3`6b**%&Yl
z1;EF-X3?dz4u^iMLf9g);HMsSO{lOwKPP~@H<`Pk>rGv|=I2mdZb*I&t<P?!p(^F8
zYgdq0GCUGA1t3Mt%%Sn2CpHLAd)+8w55oQ6qrWlffHA^eV6INg_TtqBim6go;74~t
zny;`qSVb&$2qN~b?ItL3dIT9DfH`<7E^hPXJ3J1W2q-JbTR08(eL6Tj1)f=yBUeg7
z7RT97aa&V{t50ms#@+#2ar%o&)XojjM*QoB^f2J5ndk(eR2d@1PZBig+A%^1Z!4t$
zEsdxwCQS#D++>Rd*J``AIK8{gFcZOf@fbTh)Dff%*eLMx3qC>%v+Q2roB4vkQk{$D
z1!M?WzQ0yAfF@`S^gEB;bZ~bpT)JRahFEspJKJz6DNOZkK9qPp(OcaI7>7ER7#k*m
z*|*u6f~&Hc_hsUmTI~pB#R%Lq_8|zexSLk58|(Jljy*KSysF9_i#L;Z9h#c+so#d0
zz2Rru7}sHXiHKnA?$?O5-De&UyQ-j<c()<VqTuXoJj@rUJ-1dK9-dX5S3-M(mC#`6
zTqVCsz9Rz5U4B#8S+l3Bk9LFuG!pRobTUYuoA)~?+Il$t^dsg7jm987&Ya8DqNrdF
z2kiFd-+OUxP0Zf)S)Gpa!CbPtH+0RidX-%lyVOMKlPh{~R}A*qQ=k`PJ)<g|2D^JE
z49m;otaqpb+o4{7vo_RfJE3RAI}#4{*B3-WDJQsd0ov{r(Ls3a@kb?!Bxx77n#XXU
zeORS|0NZGw_CxP_Za6d(xIO|&lnoue#w7V2)IPdoG<{B=r)@?s-D#CX^n;g8=h7Qn
zXN`%iBD=P#4%`G-LJQ3AAwWIN>LOKIPinHKbhA^EOm||d?Kr1gMv<MFm{oOp2Xk|X
z<O{nGv#@W43-x7RufVcM?Y{-U1~@%lju7wyJVZBO8YX*u*r~L85H+ukec(4`P;d#N
zage<-x0hq!tljb(^N^E%RG~TKx+uAQ1Rhfz$Xx{s+tvq9I`9gQfQX7{0iXkF`=I$`
zXyYtQ=x}d`P^aYv3d~*N_%+pa-P70H36)^1)<HtJSn9=+upAG<pSV^ILq~Q{A(P>h
zABB{Sjk&WrR-`XWLh!x17YMRCv$6U6P(h6pL3Sz-yqAGRQh;Y5`!0wefIk7@cxdco
zqY5a4(0Zy@kJMlm2!lKbgKY~L-53K&1#KTz8E(BLgMRL?pmcaYhr#A>P($%2$D5f;
z3CYlrdO6=%>S=h4M9|a^oc9_5_15rnxNrdAkm(c&oF9Z>U$%4%Mb8T01u2?z@U-`o
z$X9^StV|zB_;!uW4Xi|J^5i`0Yo<msi=e!RdcqypB$lt&lfp*E*nTeaqo>~BuB9O}
zB4l}R-j02v?++@pA?3FWz5*W&-6BVDFjKO<k3u3G`#|j{*>iDe2VImf!`jF<#%Qs9
zXD5XrE%?%xdfwMC7aFPq4C3@?LvI5@^LS2-U8CF|4HDQED_>?%Mdx3Apz7(1q&Z>s
zkDkJ#c(RXsw{Fc&Q*|Z}cU_9{M*~(>O)LkV$`#_ra2Vv}2^iL&Ve+=C+GzOZtFhVC
z;;?Xysmpok!jEvFU5jtjaOM@LJ_rgOfM&~rc;{E3C?#Ol+f*`5^H<wOYf^cqzif-3
z*RClb@OkGE0O;~~53kd7-)P?}7@qgvKqma>zVcBR&p5+&>~n=*9$B{3?csrkgepA&
zm^V<b6CHV4v&9+@4%)Cgrdu#(0Bv`lUK}#RhVPz=+2SaSdgj<ey}9-v6#MAjuR-ya
zpOC&E13TD_M#|5xG9V~lp`qU6*+eKU`M^E3tb^o&xd*D*L-)zYU`sR*k5<xkv8aq3
zb)k9et?9B8qp(%p^6kn&!*}J(UCqnAN@R6lbMdua?Sv6*A(Se?_4~9s>dWE|aK2h-
zvvuaiaJXsZc~*7QnAP^zJ{gyk^PnIOpogq6!UQ}+0f6-4c@MI=`y~b@)eMKWhT!P9
zf)aG8`$l&T12L~<@b-2KtAf3~Wq|w#T)8t;n9zp%z-jL;Fl-1QGeZ}P3?Td3(4sqs
zgcRZ2_7sF6`^(|NuJAF+v%OCEOxYhk0~YhF8GwW=fq7GfTM%bN;L$5y=>S}sjJ1K?
zj}Ag>#aGf&>A_^R+I3G3OEa-hI~%xoEYX`mQO8_F3TD+hJza#m$qoa4l=u)Pf}RjG
z<?_M`2Kig`-%zww-jIpmX(bGlHicz--etyv#5rW@55eC7<amx%G$${%ZmLR76clT+
zYeO`{LDLRUcvbAs8zGg%P(BYJhkb#&Hj8*s<*gm7)?#<Nv#h6MZl+S4f^p(I@X6GO
zKCe(6Ama()pgz|F%k%a3IS9es7n$?IMv0Y#dbw=QyB3_V#{pp>R`bjXJPw8QoXazJ
zS6WkPWud|3YR1U$d<chzaU=nx1d0!PFJ9dA6PxU=#!-8y!3N;rl`p3+!<1HUh65tN
z1`SVx2UzcL8R6YGuXqqNA4BB!Xz=q3O^r9j-VTB0=!b%A8gxU&grI%zBdC>Il_LVI
ztZRjElgMC=0icpSIvHYMRUlQN=sv*5j0t#w#lMfHVGR;Iee~ieypABbV1n!v4X6(-
z0VFSoGVXZ*%BwtgQM~|o>h?9`SL2G$x(U<{IQ)b9vKhWxLnJ_J!ayJhTQ<SEAPVf~
z?^p+hrEAb?DFfzd)5ZYJ<~Ry^eS>@}crNk@fV4&IK!>Ntt}{=Sh2%`tYzUF@pz46j
zp75d4*Tc^qQ>~s990NgQkc0^yD5`d!ppbUAwn*ZyU<7;tMrOK6&3t1g!~$B{WJMKw
z2Udif2zx~G9!tn_z8a{uh3FrU19JzPBz6RV^V6^a@EMW`;emF<^1$<b4Pa|rESwl6
znxu1uolHRqd*$4C_#REx@@cFf8GRXhj&;@WHqSSe*tTY3J$ySl3)NROn=RIFRPUjK
z7^xLxK@ubp1T4~tvL+g7B$H&>Wg<#xHcCoONo1^=O@kyTK&(axkP(6jA_^#(TJE`J
z<zBUb8xlYjRZ$=a$Qs_awq|QIltOnibG7P{*DdGCA06(L7p}Mq>)Ok#%UVnoXLX3T
zH+f>~y{|s2$olQgJ}ST*2pA#sO*kWi<)ff>2=0NIbQA!>4grCmmGkIlGxo$FKvm83
zsNLgHkpqwpf)NSJ4i$bGd1hsynlM13`~}!Oz4hubsXhV&bL=M-;R8c{kKzyjS%i6I
z1-wTk&g$yWn1I4LI`lr`L*DDmG+J8psb%sei1KPBfnbu*Ld-qjJ@wEi+$9c?i2;fL
zoCDXeSOfAIzdgqVTowVNAi$&?E=8N+taw+G?PDfU@Bn8&DYNQSw#pRIf&fMY=oLW%
z6ELUSXJ<?qT~`#&ZeDL5uB|eT&QkWa;5@TSyBL>uIu<gm%(GW^mC~KLDT!9(rH)#+
z$h7cQW>cyV2s{XYoYTzHWnO5|2#AD4MnzSmwI<kLR!K`#yTin<ZjRk8+R2b~yY(6!
z3Cgg^z0T<ap>DaY`ORi#{3k&YL`e|=5D_9GA|fD(7)XSO$a&7|G0HPC0A|TA3qeY$
zEuTNV-EbDOw(nenMrIFKc51992e2L!ken@0(PTbiU$-8Q4{!|b2s4<ZF^d5M)G)|5
zUiIbe?|PWMC`;&G2upU9Hg?`{Nt(f&lmU}L;AdnwI<TqAI(8Zpb8+AudkQmEHIEwY
zo$S)@-MUg5XPn87bE|ze9LutAv`OUM6S8-wG-%M85@{y9-#s8%He>)*?eBWBv&?0V
z?y(;44B0mL!+Prd$4%Axp?$8{c7em0w6L)f#mDMO_uhQBii9GPpk@Yq838s@46;>K
z74HunYcqE3NgSEr2#)#Lp>STyWcO^6wpAN@z2&@Y^zl3fA;rw4sK9X1nVht2DYXOj
z-RmruSj@qOA1^n#Q0%TOa}7bY4f$Ov$`_W+p}BbzgVHw_+qP+b^92-$V5XTb@22XJ
z$SVMg5?J%P3<jow09U|idACxTLxHIN0zq)#hKaB-lU|G7^DuPX?+nbrQ+j6er1Htf
zEE>wf5u_@Guxkb0y=qeFzM}O}@zsI_Bhq(tA`=7Nxm5LCM-38R3rB(9yt%J$9rv)2
zsy!+o;u5uH(r_oC=VwsW(BDNKkdEE4&iV5rUtYg2BB~#6sN#y4=bkbf@WA#~NNtHX
zcSqZvn;@iJefGFcXtOfF%L6=g=rPjxdBU_|Z=E5V)ZnH)>ConP0AgJZ?m0=Ld^&XM
zgRfU(y2lpVsQ4j(j}Ln*kVUi#Z>EhyBRFu7kkwl9@aqDzR)<g#drAV5Qmto4V4imE
zkTHmX<-<oBtF?H+d6%R!>&wi1LhE_kaPlSjjZ(+B7(r6rR80CRW?So?hcsKgKFva1
zM$CPp0vxYd^(wL1Yj+zWxa$UeQBDovuj}u#7-D(*%9IO_rydJWj(U_uY?VH!QVGD^
z&yUANA|MhY)J?bN>>T}Lp%-|h(7dmsuMIIHzVINN!I&@s2iNb8s9-@vqHb6a@XX9z
zwYm4aB$n?zR$JygH9F?TZbPgItYEF*4con=B_6)ZS~z7;ynT|_J3G;3^)W|jC={Yd
zGjJ+2P@#Ni!1-AwioC=q!%Wh<1FdIboqR8s8}sE}+u7c;;o;}K5C$wxDi2$%@_c;~
zE-7kyT%)j)_oFdI4EV8rhtR(lq6g>QCvJ8xW%!^ESOF%5fX4%X^rP$-(7+zoZym0(
z0O9JF$adYd25q52mRGM1XSc%rq0klSqWZgUP)rs89t}hl?7~G?V-@TSZQ0vwS8q>Z
zM7kp8izPZ0o3*hmrBQXx51vp!dXgfnP_&-f+E;Crp;@#W$vD_fK`(6L(Hr-h8h-a>
zKFof1)wkB};fsBwBC3D@H&XccRcl(%0iiIe@<TJ1OhF~(OwrN8KzbX}(M-e^3;<`)
z_?u_mKNUpxpR?Zf^#}p-#&=ILLA>8$`gw`*`bMo}6moCJQb<9706GrXgN{s;;(vGy
zkRmaI&v-v>c3w{e0?2E}aA-w{I=b&8kP<!s0p;HLNhBVZvwi_;Kpb-2Vvjv>-w991
z&NlAiMc2=VZ!R^?_#guGB|soTX`X%BNNw$n?vcPLG!)<i)3;bzMW!VphaYEa9@vVu
z@2=Y-C7jJTA`<Tw;OrG~DxFsr-daReQ#F%$x)h4(8y?aZtC0w<gl7U-Y`iD#XyJa7
z!&1IVPYo9#%S#@iLjCZ|08;X0b?8Y^E==Qn5y1~|X3h)=*()`gFP=T~oFOD$BGN#O
zX2nXYsvI)_3=xZH`^+$MNkACg`^)9Occb$JeXQ7>cP%Vel{t(R(KX3h?voe`kxSYz
z00;yk5J(_E%!Ye@n$y+0tYp^BMYv!C0Pm`fua1ko=tYhBLD#Q0c$MC_;$X}G16gqT
zOItKn5X`}oGpPA7-sgQ%%nyPjKqilQS%iu<@3TT2CeMN)s6r`>7$^guyTuqn2{kAK
zz%B;j;)uJofB-Ju>t$Q%h48sqS)F#>9pGdU7rTv4wIJs^Hu6oTIdUIqG826{%I#w?
z43#2?7zPDp`uDzQz_jH&5Y552j^^Ud<)lr#wl_cn!YI|gda|+@Ere{Qm{!DsG%vt6
zOr>}ccJylMK=C)t7gv}6kVr`)2?-Hn0Y)+kFK51aYW0oe`Huj;;4d%24XIyGE<kHR
z;M$B*@jwrFd)sHUQm;PAy}*i8mA7(v7`rlx+RW$SLh0GxW{*l&(E$w{?$$SIBiV`V
z8WkYquHtJ_-l&?)A;%EUzz{GIm_`s180$h0C@$q*WF(iz%GOy;m{u<Y1c*eDIjwn@
z?=tIJ*7d>xh3dTZh9mc1)SJ^J6?V%4HX}Q>4t6pMQ(E)TF4$3H5e#G&F)IcF#Kl%I
zRf_^*z+r_jtQ4_`V;IFTim8hfV!&9i!wRv5SYa5zV+b*bn8KqLD6C=x1V}<pcek|B
zc4(`fzIha=xtDs*iz_c8&%1IlHQ#aGriSLwq`}?Yz+EYP>YYZd8_lzKxtTaj4b$y$
zDeKvl=V)o)tPAc(3QeF=w7Vh)Gc@(~do)*9ya$NQBXimq%>sdb2pgMgl%bxHV;j}P
zRD_G}E83$_QM$r>?e?FMQLJ)sFLiXJH`_Oi>~)cCN}-u?YI=Gu9CG!Qy}<YY7Kz2u
zrBz{z6#V!kVHKFIcUUuEp47pTz1DkvgS)DVr<yYD(YadqQX+R<cLaK4q}ull;jGEU
zC*cu8;hE(tJfT81$c-ilpa`koG3yh_N3#(2FJL)EVYJ}Y(P2i9QSA4ySez~U3ip=a
z(C@FayK}AJZmrFplKJ{4r(#!cdt~;Qq4HvPmFviRR0JZ1hS)pf)8s&e7=sZx0Iss+
zJe5u5Vo=s#9`sFaPX+6K`?UR^ct`H%>{G+%XM1Ub-pMPAX8Ub%dZzfldXF1n>N=*7
z@k3*^;9!MBAUrA2mvv}e*fWhWs9|*31?)aIb<xv<k9*nk_ty4Fa{GuELXTC3_+K8=
z+h#2_bO{I7Xp~SO06Epv(}Z?=Uf@FcTA{t(g3?nxG+#~!$qK`%TH$9U+H~F)b3Nb&
zmePq69DrcK@Y@EjwOjPxk)F~FbbZrOJIU}8z`}OPR{2YhZ<J|W4NYW*r0v#C2B?xl
zB&)N@1)wkh@YyNp@JB*Ml>!?~`hsW`LpfZRX;HHJEB1DsRi!v47J*r*-qyO7Jy*>K
zp1KPSm0x&BI6+>=7OguCRgIm|<7{5}xHxzY#v8eTjqO;g7?dADwD|mdbDP`&0D|=c
zVEfdbo>KY_n`vqnt)|1dZ&^Mn8tK{AGVH!V-uJL^rcMJOskB6?y8~FNVQyfpy{A{%
z%C_%aSc3C(d)%g!rR7oy_yL$EY>=oNNB{=}!6^c$0pRozLp0;c3TD>!b{<@qUf#L&
zyTTTi-gW#E(1vCK?ultcrv?B6u}=mr;`IbGGPYUW!2kdp2&57uuK)&c!+jNFONEt#
zx|Q+1Ynr1Og7_T1qOW_c@ueiFb4EFKeJ<!x7Jwe9>LgNf(k4V+-5MSNf`^{>z+eIJ
zkm&k!(FSozmN59pVgtj&U06NAj90$Vd`O&hc-`5l>&;0~9`NB!0z&K#ZF3m*i|VTr
z4ZQKadR~#XGj0`B$A_0?^=t!AjpV#===XrrhzB$-#nf`wwQX%El^2lH$|_7RM%>>I
z00Fw-VD{Gz69~*$6U|tB50@G?S<iG_R|#ed?d_O6(iM%#C4e|=3C21|m5si!um?sC
zp#T;*ECW5jMLUu4CmHZsx7C7#@FV81lF9+_06$gcpTT#j>z0M8`)93K^Gy)z+ygiS
zy_R_D;&-qvlG)qDZxvwDp2coU>*<9Ve7(J6DGR%?-~j{+uirp<vKcJ)9q)>MpmV-J
zcp_`EIvbS1O&sl~DsyEnxEpNW46du4Y!qL!02t6i+JnwML%@NyqAFYW36NahJ;(=_
z+B?I+fIxmn9N>_L!!dJ;s=N}LZEF)1%&a#g1Jovf77?P3jX-hA1R&N8#0B1$?vOnk
zGn?`b>bPIUNgdIHARq<x7;tx{L$q*q7>-0Ph{mkZz#VM{=iBEQz8Xwf8~NIohXXxW
zAU<K(&kB4{i`F)s>j!<=gMb433IKQz0$_*<5XsNy?u%pNPR>9u{eW-KyaG6lMR+~(
z_R$m;(8%uT?OB}<bifwxM?m<LgC%pQIUIUV2O+DsAli)~Xi_xOD%(<5j@=p>$z$FM
zKC($YC&}g((i(|EAAQ=+-SFENr@W}nSRcOKn{1UYEa0Gd)88QHF%RB$2fue1oTz3D
zf;OMU!U*sfybSxkl1j{^(2zucfmfMTcOfPimAc<5x8%H|`R?m=Q>Ux2$=w`&zM6FO
zJad4+C!f#45fq4qx9_)$uJ>|p*hmSm@C9=^TYM&RuwCx*>8E#1^&L}eRUkxfdCQ=$
zb)0=~nyp0Uvc^;971Stg8>-pDW<GtFTgJF%5=0QeGKE!8p=m8d{B24{Y-kJvR+<BB
zY4^)Be4dKHC6P|*o1%t0(>*xBkGl6eBC70F>J;+!g0eV@nl*1#a`NgUFHzmgc=72e
ztx{|6L1GTQoy-pm23-WOSZg2O2Tfz6O_^e|VIkE~4Bquk-a-Z1fZ7v%STQaV3>n2N
z6SgsX+tr=r=xRhb_5*vq%~f~ZCeo}EQ0Y~LzN*92d)ejjyYd9PKAEH#q@jVtnyUr7
zgCe^Is=yQts~qbpf^$O}b|W>d+m9UAh27@!l-W|LO+jS_N+wGxZ6c;4L|J=Y-Qv<C
ziZPj=06+qKiC00^!$t6qp+%d(lVlPC2@N@Y%6q=|%1-&5>)fqu_k`~><zF3Ze9ydn
z@aJ?$+i9?HV?}FWnVD52m<UQ;yb|uPmI#6&2+Rl*R$)jGKmZhaLe_Hfm&M*~@IBF`
z*JVYqga9+`is5S(I0g&^80c!H*wF`04>sFlmziXm1d=54Ioj>h*LCU~*|I4MAeWW9
zQ&MpYD~VJ90B|GOcPm~7M~`iF>x$<E$J2ecFaq+3qWpSyUnRosa>0Ovg^ze}@c>v`
zt$Z7VKvDb9Cn8wK(jTBo*M0y&W<@C^vSiZAR+$n+S!E=YsVOB~@$28uj-lR*#-sNU
zO{FvC=oW{(`+e3JL=+qlh|BTqbkld5%hq8f43L+7@iQv@@CU*gp830|19%X^jzI@y
zSs<!JL`aDQWGk+^(ag<d8Xu1Y?+_oHn6R<t%Z}=+)-$aLeJZ!E8F|a&(x}$5iUWWk
zi6D#$^Hpb$iC3Ae7>2||5(tVh0ahT8L>P<_h{Kw)s(=8!cDJf?Gb~IU3`9v7DuEFZ
z5fU;Zde17Z@Cl?+03t#vh4#GV=I&)<B0{u_a$GK`I}=W;V!-hCowSvPgpxIaB~nf|
z-pV)JTrz7}o3ZCh#MZVBF}wzwT9=6eZ&Q64(;ppAvm4ZNuE@d?zRMUpl(`VRooj*=
z$|0`+g^3XX1SFXE5vbH`(R*<&vAZ(nWXjwmkk#c}P;TrXT6t7P2|5F*GPpkwLh>L*
z+V1753Hqy{4eqCF&H2(3qB6~*GAt~jg6_n-Y`1ktiDj2-Mj0`*qZ+)Km1|(#)?O-6
zWz54Ay0XkvOlpd>#JO2YFBiRY;d+(5?+-%Psq*2(<8devK*qzx5yrAO!C_=XB7!YP
z8%{FBVHDcOBx%CfkO+#AhB1Oza5WMpNFz)b+(k&7N@0&1WeEX+W5lGyAxWmwEzC+p
zh)tw{ayXJ;v<zf`V}QVjB|wylBA95y32ru+MHP^=laK})ksy<3KB&AZ#KK+OUC}=4
z+jza*R~)6dZcj7s67NhNA93!b*7obvCAJF<IU9i>Lk)=1VJ9+48xbi9PYVR36B0Ju
zBuFHfAt0nlSd1!0+YQVGyh#X?Y_bw^HXDtS*jN*7$lQ_?P?AXwG)NIhkt!siGDZwj
zAtg5x5+uS+VTn8}Nd%3O!UzD81&Ej?ERYhRZAKzd<4q(}g+U2zfI%$ACPqq;B2p2Y
zh>#gbAlq_C+j0{diJ+VkK!zZsOtvJ#+l`qT2t=BK0^2hbSb|}KiiQZ1NeCQjCL4&A
zGD#!|A`=O?B*7B}BpZauApyCI9u`S)6aq}87AFH~<9PsbNF<U%;4z5YSfB_ZBP~pU
zxgs(~<042*NgzQ%$tE(e#!g2OF~-!5#HL2bjI`5i67o2Za2Sw65=)Xm&@EvFw%IKp
zkV+#9Dnb;A$s)w05yFgW2;374f&^HOG@=p-6A`GSiM%MmBX~rRrlbXg$_$wU!omq4
zgeFAfEEW_+1W=KvBq6lIh$2ZMLB&4x?&V1C<n!k&3F~%Y^ru0RL{R`s4W#5?0*NuC
z6M?YQStmXRp6<J^b4RY@y&i-(?k5irBpDzWB9IXvO$JDfhXTaXL;#6mJVD|NMv*2b
z6D771f+izmH;@ouk~HBeAd4mdkz}^y4rDR7RFMfF1p;Dh#({D++Db_ziX<6yK92WQ
zcs<CRbl#tIcJoEzEX%yCXhBRttjt+O)yFNhRitdfmP{~)ghVi26bOW%{?T$J#P8GH
z+}2fQCsg-dW=f@ccv!CJmuz?)89gXgzU}UBbtST4t)ZDmrE<z9`tJGaP=YgV?_Are
zs50djomsi5R*_@97ZZZW7ObRQ-H}WXnz2o_37b~(&Z(T^8#(t&egZ~|?%fXtcR{VU
zuQNL;plS0}b#U@Llg-4y)o)e27nN0XJJGPwi0Z*J)y#G8vkqqV>z7{4TD82Gr>tkC
zy0c8@7m|9`rr771j}xksySp<pyGHHVGYO?9o@Zea#oL;=^*)<6gnit3`$b=Js4#Z$
z8(i}8sU=56b9KkAyn>8e9iuxoU#_c05ee(C-D$&tns+kRa`s)oyLAOF(jsZqn)iB3
zG46I{*GH8+)`Qnfc36GAvtM@;7PDhsdX2kP-I*-~)z3+`<t5GmmCtVm)s3h#UnL|6
zF^|C4_t7T8`^-EGhtBd}Qdn*8cW51HYFoR5ZF0QONWDAlVit33m)oGW`+8>UrJ0qu
zxq8v1UA@k#yJT;B4pIt@R`Sm4d6T$yiPH1ks)?OvJ*aI}Zg+Id&F-$nHurX^(p=t7
zoi3JjR^+@q-ff1~cXr6SW^nAz>C#Cg&DlLcDkTclmA7`wgDacHL^-7b-c$2C+jo84
z8_b%9X1t}3F}J;z=S|J7QmM@q?eldf8x}8j4`Sh6dnE~C#_g$En<@wD(^&J<vR`{p
zT>I{%+it7pc|MyqNqTPf$t7(X9e5DTo}!T4O&89sD{`{lPR`7@GT_cku3a<&2WjrM
zIF7p94`tFq`?R_RJ2Fn1>svkua-pj(>o*>b-m(!3MkC}Cx3|)OPm368q@!Yn1U8wj
z$tfzd&jhfONn{gyJJ-gsqgg<~uC-9=ES*psv&iea@_m*~j$<;bBgXrCySux)ySuk{
zcV9^x?99y0-P$`i;&J9Krh7LwRY@`zTin~`)6A}}?UL@MYs#+Na{Ie(>~(i^zMQK&
zF}61|GL7Gxk0_q)_4!6X%5wmV<>RPFc6s2z+T9;!W_4tJx%1|Bz6}MxMFPo$aPOX+
zs+|%FgB2z|gD`6)n~|LqpF!a3qXA7`@b+^am;m=n1dI;3+N^-^H;RR371x#k9-F=9
zcDpvWIdvYEXp6~Le6IPt-%L>j1X#gD7{n16#2BUmMG+b?VknBlMIwqIu^A9eZ+zct
zz0wCzfT+L}40VO?H&hdh?zLLOoO4TdJ*vHW@oT&@Yk`A7t@l|2i15tnW8soen+YbQ
z%^1w}eEZOJY<OiLJV+iA1~TUL^Sw<F>bF3aumSKR9(?lN78k66*VF5R27Er%aru11
zayz&fAbcTPBWHB3`raMm-$or!RX%gmX>rmYE~7gzoX4qi;QMci+&Vn!DD?B|&F94h
zgBwPorf(8K9s(?$V4Pej@_kuZX{op_^7#3KV`7Rh1ZLT6Yuo3~pAdjNr!1;$Y6a$G
z;C=58c1{(LZrvKKg7<V5J9?*wy?Qv$Y4z}}F1StaX5Qytl0J@nd{!J_cxDf?T-rvt
zhA|dkq<2AcHXs$ri1mycsTQb1CT7_l*<*6po0*l0r>I`;cJUd5A^1VR0tJC>3oPYZ
zTYH(zUkGS*J5q&oFk5JDR_t@P-uH&NGltRLOLH4xtGmk>YIINqVrQ?s#$*IH>1em?
zDfeFK@b7$e+Mye^2$L%C?>c8Y1^d1Q=<CG-4z={n4og+%U8r|=dw0BMaNH8FIdqF>
z4HDmny)R@Hc?B`P!`L8K?KTTp+$o+mA7JfX+1-ffJy}F$Wo|q~f!4<9m6fa7Fmc`w
zJwmGxl&rq%y0rtua`>gH>iTcJzh`aV2s!;0YB{<9e<4e>aP~~ySJ|1IRqnZWQHHA+
z8-}O3P@Jl5EF&>a;59dSty#6Wanf~)*CjUtS+*~Fn6uoT?+osy*x*{(I)-FCEIwSF
zE2~CW+Cvi<7@=cR>>a(<E|hhk4-Vm@25QP9+g!y;m*nZ@=PlcG>qZMJ2&BCp;h~pF
zTX$6h!3qvNj)!fI)4pBrc<Zic04X{UXTVE7diO8|WR$jmz%d?M^EMLU8Jfpg0N4Q+
z>fUw-9C^#Y02KCzEFS;`m1$LQ?99nM&{f)^7pTzp3Ca*2lQ<4}5EZv#-N&HQFf4(z
z632cX&u$G>v0rMdW3WfzeA*e%lUjLCLN2|7XUo2ida-%z>}~wLYku~XFHYB<d)a~W
zuMd0CFMGohu7N8z?*I`3#rRG2X}~?%)tS0F^h?Ei*IV4hC3UC9fDaJH!6bW}&Am+B
zYW0|*0`7BX1_z?21;NGFe((Shd$rcu2G70W?#=C7AjyHQo>zIGfve`J@bb0+=S34M
zE2<a6y(pG59_r*bD=HXsxIVTAhph1)1H)Lz^Vhw@ba!^S+I{Z<mx2Y|wXaY(`*&FO
zCY9LoPVJH5yy#p&a?BRy_0{Kh1U=v#<)Q2D_N&@{dOg>vZRPngpw*HIPO_V<M3P+|
zO<~~3Yr3xFeO=a+;cCx~thwR1G0#cwd){*qT$^$65WiQ4yp`me?Bh}65Foo_y7Tv6
zL&LfDt_VyAUtL-EELeM0^sT+ZBfWb0H{DU|l<#4i%eO`N=<Ue6m;hMqZns<rDg?W3
zs@hMa%f~9_V+R&a!!R-J`adD$Pi&w*ilLr!v%M<^KshAS?@U4m?%wkUtJB8!jG^<F
z%S_P0Y_=zQ(i#Kvyf&Ye+VCB(h~c@TT(i3AcUP|gwZKqUeJYdY#7vG1A>mgvF_vYT
z7I<ZxZrR5I(Tg`22yEURx5s<B;~lEbBmf(C)mjVZJl$f8JOCtSb=dImUE9P=5rNm7
ze75=qcA+PpgPPJIsazE9P5?YRs%IJ7UIpddo9?~zUJtP@p}BS0ZNfA*{O?_PTNAyn
z1+c-rGK?LLw?`0$U07pJtA}pidbsQw39hf4-5Ztrm(pk5@YICA0hlRHp|KDE+>l~8
z2ZstS<@t?xnH|^4-3g1{@EhyfSmq!Db*tYFZ!^m8KslosWiSR#LLI(yE=Nzg-$9d`
zb;Mx3d)hXu-UN_x5sEs%JPr8HW>8yJ;2tW`oc4EXEWX(B=K+i#4tsrm9=0<8os+b9
z2()q(Ylgvj+kjduC#jL(0CY4eIXDJ2c3>1r>={SeplCYu0CaxJ17vH`Mb&iXpt_ur
zx=DM-HF+}jYVZLO*;9JgH%q8d2A=o<>n?)94e<AXvC^^EkU0qB)tKrO$E&bJ>olIJ
ze#w*u^jq&;z%+m&xxwd}(dxHgm=NIu7SKbxmxsNgZl;a;A<TJ3A0S{R*p!E`i$nki
zc~+WiRoKqda9EsIwCn|@uGT#pD)B+XXJ2H_5db{=F!I<lovoEsczeKhK4S9Lfp~Jj
z0AZ=w&yJ#ncK8bA!nT)5H*j~YND-ZGF2KcJ4Cyf&#q6QSV;gZWw+BBtxm;`A3d{E&
zX$RX<diY+q22D}}y6b)6v@>*e8I*NPm4f_Oksk`k_V7oAD4@Pv30`M~amE-kxOjSq
z?$CP8YgUwlR}KZf#^T&c2hz6Hj}K9MzOAm@#17V1SnJMs@GTy>u+(E|p8|XV0<lfZ
zU1r_^c!n;E*5`8Y_nnp24{};IZdmNgu;@Omyp^Wz_U(3P_nDj?6Nd%dxUBbN74K%d
z6{9um-Jz#o%s617C?GSyd8+ULb{nXB0V3T?Bc`ii_KP9cv}J&{dS`LH%bwlgJrCbP
z81TRbz)?;ROZkR1Du)dEwkQ|x3pCa+51H%ghmg3IkTV5{eKh%S#JHn^mb(CDjU4YL
zXyDm*<F<xa*F)c$S9omo?#Y+VImP{E<K$`j=Y4(AeS&*11d#jhTomBU)!YxpKP8Yw
zRNRo@m_A;-Ip&E+JLixNl_)sXSYbugUp*D!4|@XXecXC>i*K?|OimGF1I-N{zdO}}
zFk{X~a*D1VBEl;7$4?GpudA<gdS&uDD&olmg6R9eL@%%m%;0F`tM0k2Uc9V&a`%Xg
zK>-*nMHE$H2^cE{7oFdp9P?Ak+~r?2$DUA@W>PSa?|QqtNZP9RlpHI|I<Z*aeDS{L
zTqNWe2;VW#nY1gCK%njtbl~_d<~3ko>-7t|wO;madn^LIL5381$GK($fOu6@xEg2P
z@dv@N*c_+bqq$y5LW)ETIoSZZsR_IAcw<BYe<3*Pn()5{MVaBxOc1s^L>Ys=_yzRz
z@TtuCS(7ke?aRMx`-UD_)OUmoFaY(btpLNZZAz<Fz3d0x@spwC7{I(8D)kQZ-KSf$
zfv6S->;t)g0OAIVs$%M;;y(7S<JssFd2)wWyf4SXcC4<@M|Tx93B;ndY+CFE&Tc+T
z>6pAUJ$0Pn&ox`t!6K-NqKg=b1yvMc2#6@GuJ}kY5Zle}uR`~=v=$ejYp)sVLFYz8
zBgK2e);7Dm2fXuaCveu?W2%!G3B2+$Y)K|1^zLA};k(X&q^mWi?i<+E=28UM$RZ*N
z5n`-ZEITu&4q1MA<?q1POU>t)VVvyOlb4Y4Aic}8fy!$rFhz)fp<2^g<I2@`_W85C
zVdA3&RRs}(h@!0Xo4)3X)e=bMYTjYDO0putDzRb<t$E(+{Ikq3!<_PKvv%8qJ~#jb
z;KD~`uy2O<qwtauyu04FPfoZ7X8g^dkvr?%>##Y!GciAjy7eKe1;!Hx*H0z1G%S7T
zoG*JfB-$O+vj!2&vBHikI9(Ug(W~Dlj|TmHR`kstYCGo8hZvxYB&(=-9_pdq4)3?3
zyu7EN2RnMTN4$@o5=d{!)6YDR4s$&26ln8jGeyWAUelc@s;%ezq#!~`|H?$G{pk{~
zq={GdRVq{Zq)NI-m3imCe?Na;zBQbmzWSEC-=*yE+VvXo-pQ|Hc~Fuzwga!!BK54P
zdWOEo)`gAC4`df%imn^(@JfZ(Z+LfGq6T1V!;Otz?0vw)?&Hry$Om=!X|lD58ZU5P
zQ>kXw6mD=km7|x2WK26zYqyS#(6kFZQv2eA4yWsbf>I8?c}c-kf(OwK_YU4P8H7+7
zr!>kt>_gSkMgSW*p_9bApsOhVyxH%%&0ltJ!`;c!x988~Fpi;>gbVR>YKSOD=>`E~
zbi5*y<oSDa&JP+Cc?QDb{i)P~q-?YsE~!TI`ONpe`E{WLJ+9s$*!SRrEYXDmsB#gF
z`StvFuh-iz6Cb?;CbOaLzRC83wmW4C9~#4^isZifC2!UUASOPlo+F}D2(`N#i|?(1
zZ+ZcM;18=Q2|WdH+@ELL(nf;8-+k#&MRr|oeJ3t-Rl_fc_R^l&=~h3(^!<@v7jJ#1
z+~(F@?5tF1{UWP9!BC_@3$=;4p!?XC@wyyKDqmKLu8?X&VY+6~-zYwHTBulu-0{Qo
z=B@>J2?mIZ2oVz%{1mspbz~!;?$2zStvx!MQda|ZM(NhWBvR}Vx!`oLRG^4-fWIJ!
z_cn971cO`^AGM;vGP+iNeJ^>xq@6wbVte<#7%LCdD*?-ova0XqES90V(YB8to&mG=
zem_EiB!2R4*8eT>4QEKay67EoOFq$73-Vn-=^E^odMP8FR5FsZFKLtTWy6>?AZ%Pj
zA0?P%i4{7ZRHMk*;pj&0VWbsO&%3_+GF5!2o2IbLIK4;b^04QdRyxP(1O)fizOeh4
z{HRctNMgn=v=>_K5?<OjQkbQpz*MJp?&eynl<+*4btCNKs>|Hi#N_K8t~Yd5BW8-e
z=e8X5`p}?s)R6|PiEgtycZM`mb)+>BU?2%25K<@!1d9|A0kguZrBUf!;oT>l<`w6K
zbM-S}_MxLeHGZdybymM0Ax^Yq<>YO!HB>@i{kgp>&y4G&=)JS!8XXiw62tf^vA8rl
z*H@ZfJz;s~aX3y6UK@kkUVy561s`TP_D8^=L<i4070xfZ0!JSQ;QWYpRwPhjxggRT
z2uE0CFhSVyuWf3Smcy~1Po3=NhV)cO=0`?RcM|TeNMT|WCRvz}p%7Ra#M>y-Q({z;
zeOqb}B*MsC&qu;^-R7lT7U;|xp}1}tb`d&X1V3HZa(sB<AkcXDFiPQVpsBz}4>Ljx
zHquBy!2!To`H|K^-vnA#9C?<~i^ci6`t98K@gmC%)K1&rg5kjVc+tm&R~|b+r<FvB
z7%}<-LQT@)hSg1#F9w4c*@esz84*W=al*NY7=tK?sxiTDDy{_)3k)vlY6XFES%P3;
zgoPXup(hDAQK18IU?ieO$+~F95X^eZiYDNo&<#c=g9Wl^92jMV;4~Y-$4yp@&|(c}
zqK!q3X<k#QW*-VCZ@tspn%(2@@O+>AHq8781OiA5egP!@O$X;orq+YSDuQG-M6ubE
zGS*uxSQE&Zk%cURCKQGk4rEyY2DHM<W2HF)WtL?khip)Vg-BW?M%WS~Ai~5Ew-SO#
zP^rps23kN;;f(~6fx;Pqv;wd)(khD}CMg(zK#ByFByKp^O~TPILtzFB4LS7qeOijK
zMHCX`T`Z#B{$A<<@7H4}CrDn`D`V$H-I6u>`&(XFdj^k%A)jZ=eLk$AazkE{^vpkO
zm5<(j7DU2(gN@23m&fqszq`C&=_c4%m(J@US`Pi0*X-rmUE@M4`$Mg(TbZ7cS-pP^
z_#X1A1rwmj*Ri=Sb_~sP0*Qk`P9TtMLZl9%1pynYaybkPxzKP>;RlfBu$=^*Dw<v-
zkW>;=CcI7q8YDnM2@326s}wm1V1P-O*Cf#?29N|e6(s4(C2WS;%HS;u6~qJ5fO6s|
zIRtq=S%ftO#TG3JIM%$xcSkg)jzDyjDC&a%1!@3}R?LWKY`*4!M>%!r4-P@j92s(l
zq2hUiBpkBk>CpBm7>3=~rw`$R1SFr~2oRET{_&kWyY%?hvuT-{xZQ7i_gXkwYp-pB
zq-2ayQC0}RX3-@Wh@z%IR49@O1mGlOyms&2qA(*sP5bVu{7}b=Od0Lg<;%pi@U2%h
zq$DgT1dA&sc-K~DL?9}I1W_M4dqsk8mja1oNle1+JoU|I4aqP7WD5uE`7TKfBq+A^
zuT$gNs@;DdvdUT_qR~(m0;v(NW^4D~HAZE$HTSl0-PG&PYQ0<wB*w~3oAq0-uXj7M
zoW1J3qF1>IJco*qph-eNsTvebph7K(Fqt-R;DH1jS+`AYrL@wrZFJkFu9gDZArKL;
zri%!Hp}-<zHr3i<pwz=)*=R*fOh}q4Hj`1UCL<eL%H>5EwsW{>(W|cRQb<V&GcI+C
zs1W|UWBd_KU3%-)?T&!v7G)#eJz_%BB}bdy9cq+jJN)TY+bNk+Z=FEaBE4q1>laz;
zN}FXeOi4Aby;N<HW<__L^*NQKS1>V(wdNMvQTo2|6-L5fwfR~H@9i>&sM39P_w{}N
z{?5*dBN7TIqO-{)J?rC+(%%`ZDA$!=s6KOE6W+^++kOUi$%GIb3H=(yIo1fnfiVbC
z7D!7ZT7(34v9_gwl?z}@Cc&Z%hHFVuRLMkv?YhOT$;iTrD5B*Cq=yNsLzvAGA}v(|
z5~!qn>h<ZcAb&|B1is@TI><^jzKR;krPFQbMd}cl*u((L0)*|085ck*DFqn?@%ohr
zq+-J}F}}9ex6hxO>#x7RSK#9AvcpmVSBPyEG9s#=hh&llcuU=BoU*UV;5EuWnN^S{
zMzMpkvXtp%D;+wk8CdFACQLll$6I#Yj_OL?DAo~+KTmRSb$MZb+J|?op|?Yh<D%+}
zy%g&v8Lc;&CzM|-movY}#YhVw07N3e1QkzV0)3u%_b)5V%Au<8@p-SRfUr@Nz-clP
zWDyC5#w3#kF*IgMVt|Uh^=|R*`23ga-?q%xeoJ1NGnuGcB^|6NbTWlxu|o?ISuhM(
zgEFnAR;4XjrA<pRrP5BAm@+Uj#Tb}{m0)Fxq0<2{!VJvHqQQ+?)TOFTTG?v|fkc3j
zGd5C_%GTA(S~a$cwO1{%ZfdpCrj@9zv9{ML>1s@ETb#L7MXQ>lYOY$*Rnpa5*4i`>
zSt5!QFbO|N?4a|xE@#DDsjupEYTsvQ{!wv{VH8E|0DnU6N~^GVZ2o)A@9Ftkt*!ZA
zsf`9=DW_{-{m|dDnS=PdqwlKpRaG2CRYVc!2fF=6U2OB(tDc6dS);Cha_l~JBqX1E
z6-M9(@OkYXOP>W@)AnWJ+s%8kJcnyC^jn?MY^l7cLFd~rFAs?TARiO?2(e(I2n+@x
zL;`!G^&U=FxAp7Kj`jNX@#FA>Ohl4kMoM@{d42nM(V0JtyxAu@^$9VASV1#YbheVM
zNQ*7DSC$lrtZfC1A|bsV|9dz(EMi>}lH=vn_P;l+<>pW>uFY^ffFH~iRfz?JSS$Jv
zh5PsS;=4Zmvs~ZtuiS9%ppjG;*#kdo!h^n1<x0*^Ks@raTq%PDMT~x`4;r+f!1kr9
z5ORv{q5H<%4g~}IAjxeJWXOYoGi2K)Ql%4FB-J8h){|<MuQ=W=tZ1T%fGP|9;qRu5
z3@JXjQmRf}Kfg;ip9dyLPF<4wsd<;bf1;wQtcwL=0*XWhf_@<bcprIoU+(?*{^3V8
zmTb3l_v_VOx4fZc3KYSpiX^mJB-qdxNRl){z^k{;S+vsAR`d1da=e#Qb3d%#AS433
z?HA!%2v{&tWL%E^06{>$zZQZb*dq?e4l-dfI})0dq_mbwviY?lSb{Sd2xexO-YcS`
zY`_pb)cy)D+blP)TK$^j-2p0VL;E+}y=41a)XryoFH&pzL*-ClKowFW5*d)uWU(2P
zBTHf=7|4u;`KsIJ*X3LDKHsnV`!o8#I~QA``{CNpHRkKf-J25<Ned=1rKE_H0?(@R
zD5mz_PWlh*Nq$uOq1*KBQ(CRW9qfYyVKp_Bwpo^wZB4I<R+C@^C#nop7-*Em1!6<L
zT&{Q<Fz6oH{mEO+esVzE-96c!3Ged|SsbX^N>dvYWK(8Tn@u*gER1T6w*0GCuYb>`
z`F&z8B9KwKBo4}jqyt1N4q|~Y!o<N`b<KR<_Agt>J|a1C-+k@qVLSvHkqS0W5D9Z5
z$ZK^*K&({#>l6e`iT6ig)rH9U-cEJnqng&)y>FY>6<lOW%q14}9dDtE5(`+}h!Fuz
zB4ikFiV7JaVW*>A%G`&efcxtxyKi{8?ml-OlwpV>05y<WQ=+DV#Q;g+0sz3T-5wo=
z4|l!M$2go{dygY6%cv>)$9GBZ4m_A#JXmB1T@I<hO|vxw;w6xzt%E?88)z)Z(JE^(
z6SFZUbfP;9Es0tkP?pgoBqYUJi%2YXNeDob+Rw(H*;IIcU7p(*ReR&n8(afW9L>~V
z$|t9R<<=nc9lAQ7xh=_(y6hmSi>ku$c{DJCdV5v!V{&Wr)nOezExSaCm;hdGtA))8
z>pecWi|?Di76y+o@_DBVd45ql-*^lZ<}AqY_0#EZCV_`eU=^#=#QBe(*T^YAKtN_s
zS8?=PS<g2OZg>HHq%<!K7(8%b7%=<__;<RpD>Hmj5?*|&yJKpXxGmYaeM<Zr)AfAM
z*@vkM4`pTiH|;d9?juRRyX=%G%(}|gFDF&G;|)-I!E8&Yh~nKCDE1A;K&v=4aQm*H
zYwIHEcp0$)UEB;F?K}~CQz$TewDS3`M)vwvGJ9RU%C}QS$sniSeO<ft?zJGQfpwdo
zWgNY-_4y7akm++b&g*PbnOmXNRd89yROivo=3*NgseSUe`Bz$i>Wj=V?4B`VqXs}@
z0x^sj!I=x=p|00UHfwcuj%A|&gSSrp^VlC(b9<xrh%e?|;}_&e9$GC4fZE8l=-Xrr
zUfc7641`2PD&V#<-5`Zzs53nEgWUrLM0((1Q-0HCvmb^48vz01${iLsBibW9dX0ev
z2yqMK^L#oO4J+y2I3-KLHc}&*A&CL|SPc8i2QUyE4G{u@FjVP`Ec2oA^j^NgknAhH
zC&lKH2^6{_8emKfHUYHN*A}YuZ^n&X+P#s0#(-MgO5JkOQ+CA@CpI{mijxS@E!S1d
zLl{vLcDxR6F0iY-aus)FwRJoN4TVKc3nL;d4cf<a?^nk)nR%qa=)-!|>nk%Z0xTFN
zhk*h>5d?R=nvT6{M`dEN7I++1(wl%byx^`&FOEJ}?}Y@^sUvw)uQaP3#LMw+TWL)w
z^g^B6R^M*S8@kbgLS@LQoJLsg816TZj|U1P!cdZjX+Xx98(^u08JTx=c|sv})iV`^
z=C4(mn1V8(#ilF`gl#Du6d{Bh(S#C6t=*DKNEH%*nS>k$)k|rhgD8TQ4h1=2O~?WW
zaagJa=CfKaGc!(&;>)q3Fblo%s;;G~Vmq^rRa#ybF;alyQnQ}-p6>U2Ha}e2P6}xb
zGrrp?n{*fE6J<gL7lI)oIRltgNfB8An=sg5gQXZ2Gz^LhD5+3c9MVaY&3s+EVpTVf
zQ+G)RZZeuwB~?$wV?7dEjwM5RRZ%LHJC&@B<>d!TFtt^1Z%-rFJSh2!X{NHy5noJ+
z>&S9ck2t;Z#3A8wG@y!$f&pf<%!~+Nf;3$TwJ3l)JEvr^(k%pVBC=A)-kH6=4eI|l
z(hpOgeJopiK6xu!%^k8kq{cT_mqqj1Eod(F(cf|)=)-xPy5{pEu1|$-%oc~$hS%RF
z849KdK2#2h+Ozh39{r}Tb2BQhKCbHD#QpZV4LO57;>Ad}9yZ>Rmy9=4msI$(mR^8q
zq2aa)bdBBE2;khLCQ1mlN=68NBD_b(kKRJxH}if-95FD!mqa<VV9^vZEJ-ttD^MhP
zA&3s{gLS+|i*{`dRv?Meym2*;>uuAXI7kJnYkzbO182xGCb0Q>v_d3LDJ$hLFp>`l
zyr|v}4`^Jbyn^obyV?b^5>ofV0S5cTQev?e;s64P83({3;t25+&_^0)8VM<}0}(-D
zS%4ryxO%I(Ly{few?M0Cf*y!am`o%Ii7Hbea6u7KQDz~qb5DbHGZr@DrwO7+>oZOb
z)e{4qG-H8XYc0t3WAQG8V-?-acJZGby2=N<7k~scV^U@J%w2N(-UZ5ld~F)4DXCRT
zQY^BSBS4VLXEDEl+hxd*L-@t*2T(IBe`h32?|FEK$>8U`uR2+*(Pc9>nN?jj4OFvj
zB%5nX0@`cy>CT+zIh0bUXW;FXcI84#AdD!B76`>D8C3;PV0-WHi@t=Ms`ambUb_^X
zl%F4W&8v1P7>WLr`p$K<Zv~QWx>0qCvV*%<t&N*+e>~r5b_OFT`g9|rH1h3zaThE_
zgt^MhW?bu?Pc^H}D>Ys(JNB>9BC%#{TNX;ji8VCF#<FV_Vv`z6MoUp@^KG^7`TIXE
zzJAn1LcH0s6WyABzuY_(Jt#$Bw3I6<nmv+S1Rybhkq_82%0J8MeG&h8&=8qx3P^o)
zD_^yu2!k4$m1UaCEjG<9t@AaoYT6@POYc8^xzI0u+j}UqU4e-NO-(o6^IGjKrK|S5
z!S}JV7FMahyJDME+VzXxN8!aeO-^Nu(6q!cS5<rT*>4D#DZ7?D#ogzx6g*^!l`Eb8
zZB@Fh&skbVld9Hs*;~a+AZ@h%FS8>unT42HC1})J8)`A6v}%J%iwFxN5(-5P5QN`%
z`~3BZWtaQ>$H%_+`}@D2#Z~!1%+8e*OIfKQ8rd00LP=(+%A`qAFws(^DOOxcPAE!*
zWn^SZ!Y!H$5Q+$b{A_8J7FkM}GNbA9F7TP>SIqV0c`4rKyn4yPawaU5mQcZkj8+R3
zl(4&XEE!c1hFX%THA_n*zfY}cr#b|oCqzt$!j@(da+MQH3qw?o%hCu*iCT=dAz5WQ
z#xd7f*VhV-)gP5T{p_}zC-1Jdt>TzYhs`Oh8CS;Hm7-c<WE$|%G{sp{S4Gh2dv~>M
zg)EhBH)s~5wdMD<UN*hHFTdK^ESZ)j6{BR?Nt%jfq|-E3vQknMZIYy*izcYjR!odp
zsRAG8J)YO{f1juM`0jT$f0ueY<?PGnm;2wpckB0mNA&*2ih*cUmBlMUtg5PNisT7D
z1n~Btc*|#7bOD72h<3mq!4bwxY=6(<e^qKoYJ^+Px@oi&Nf}1cjRcIcWsJO^A9(Ri
z%h#X0;y9i?nfIGiY)<@pxsSJ9tGRbmT2-iMJH?pKpN=booWY=)iPKpvDXQyPSG|_i
zqP*iCa9o!;m+AVLOB%(5q)MdKh_qO#BN{0-Qqi%f(j_rU#-iSK+g`qYzSYmCwL0<p
z-mCTYogCA;Vs6ZI;YhibrHZuWT@@<Qsw9+EVI-damsW<q+B7D+yJS7(-cdx5v6|l<
zI@xV>6c$NHfsmUb3I8&S`f(sJ2~>#7t1A%~+FN26L?%%c5wMClM4U+0@EAK7KjGv@
zZ}-8r>e62HjVnpazHJ*V4dd6oDx3>p@ug{L-dC-obke!bn@!hAvb2?|t?gxH&#!%>
zx;YQK_NcWQjYTM9XxTLzZ5b?@(W;7*S~k(FjzU5ZIS=+89{*-i{re66pXt^AL;d@0
z4JeFBDrw6SFfCFlzpx2<=RNzM*`rrJuin5kPPD+-Bn`F_Ywr7!uGHxwU9796B$mVi
zC>D~^S`3DZWT{OBHb&Gk8MgXAadB2ksiMDIxnw0AD79ck&NOJ(IAdayr#fB2XmXBF
zhGE+8kp2GKU!ce9WB%jQ9Q@+0Rk6%2{`{S!b|(v2eR*&=H&32DODy3zPhMH?YTapi
zJKBwtw<oWBQ-!-${k-e2c28cp`F!iJ?ml;aKQUt^mKByN##W%wXwjNg8pK5#GG&%B
zjI2{Kxl(-foWBhG{d;q*dxOvT|DT&5^uhRlLzDCtT$N;Krlp}xm_-&OkzA~#j8&mU
zsVQuYrqc{eS!*l~%_<PJovTd{#!_mnQc_aHRM{jy8SVX(qFWg!hze3BHMh|;$OVy-
z0Qe}N%8()#BT3rLx>++|l%=o$Bp5W3X(Xi9N~JPV(KN(1O4sVQ)RYvB-83d9T<g1<
z<ssbcOmuf$+^&hE8ZeBKr@wJ`T!<jY5jQo+u-PINnQ0n|3WQZ~o_+R-!k@lgwwBXn
z@X=Zga%N|HR>r6E>tvgx+IaUZsctRP(;oJzyA)y?SJqe0I2^(jB)2@u&@C|o1zkp&
zx5w7=Rp)OSuisVp!Ld~qHH`_iqeii8m6lYNG)%B&D$5M9jDvMY@9XpL@9Te^_4}HC
z!~8kt2p{Md4G5nNN@}W6O6o`+ocGMq{|l$&{F~efU$`8+^0v?|$pg&RO)t59*GfuD
z15%bM0GTuhkNpxEzZKKm@-Y*Y1<JNWacgP9J@>)B*!%wDee;EKs~Js~cYi(WwNC6A
z2WGL`Cd+H9Sss|{A+)xxxt}&$Fj$TA^XJaNcBSg?#&PRE9e7VE*Bzf+Cn=`=F7@jk
zyiXT5=a0MjGYK}L(v=cymMx96n;R*rDlxQTq}FMYW;9z8W@w_fy;{EgeDM|V|9|t+
zasI{sBLAVc@A>}fNk(NHITlhh)gq!{0#DM}&-Sqp1e4|;Mx{-uF;Pa><hwM)#3&1t
z1a?q5g$KoFXPE45zhK}8Z~E`z<VK=n+7luePq)!7F-plNHTllE^_thO6uhP9FXxxm
zyC-Z^WG<TC!)pbE``?-I!5qLcL)7OzdhH#stf|iP4)X08W4_7SYkl`!C${@nY!Q^3
zmoj0cO))`~rl)-O!f?e)Aac3g*YSPjiz^wKSZ0iplPw!al}Sm8LnTR5HVYP0M6#lY
ziUKkypswK{eLv0b!2d5%KYwRFKjruMUw_aI{qJx3%uF+-Fs(Kss+Ll2NPm7mL8yM@
zt4$J3)Y)MOSxYRoUh>H$DQX3xNvSJIEhM$Sb$h|fx@UU!*!E%FbhNN2v@~|>MU2{7
ztPzz@+nBxnJM24PFkJ5*`P7|gaRtbh;jE{A7ZOfMJLX|y9NAl|O773r#J3B3r>tge
zCh%ch8*i>~afC=;Anai_iXQBS#DJ1skk;yNW!_Z<7{9`$Rx(m7z@%-pt9Y+axA3>-
zBq@_7%z}e7nn__K)I$Z?2pK$kU#zO2Kc!r+uom2bda%{w!5RpFC0HSVfZD-WW@G~j
za8_smAb_ysVmlzhD{O)eW;Cr#5&<1QUA%;cljGXk&Wz7cQQRME$>f!XN&%Nxf&oxL
zoKn2N%czo;LIEQg$s?&jj}wwO11iWGm8BL!=uL(m7!oEl@)3a?XALbT0G5e}%nrms
zd66~%F<^z9k(+_cZx&Gz4{hDE+Fi_9-9gR9BeBudHtpJLuIb@%3|(>1H+OdK&kMsb
zWG>QLikqFz+?qMJ4`+@up@L1##91-N5cJ!)w{6_GTp`HtJB1NQ<+mO90QZNz`T-gr
zzwx~0t-s&i%6BUV-lZ}8Vo(lrGPSzB<yhXC)3$gpeF(<-dl$NI938E2npJw!VFowB
zf!6wq%}bu=oo?gW?|d4UP+<3;(7^{%F#AD&EFWK}pzq9A>9d3gS%7_6085IzYwt)l
zOI|(sVmLBCP9I0R)P26Q=eNGX<%hE~GXMd@mq!RgfxuAa;oV!)&i&WD<~y$UedI5}
z2G<yNVx=_67tNeeiXzs<*rk`(dV)3=IXkC!puWq}a?PCG$vb^3K%UuUC+TpHj2bsT
z5w&=m@vrgmc_Ti;itSaqxAUc3XdXLOk7ZB`79f-4AxiI2@7r{fer5eoQcz7i=bd}I
zRMo`rT8h;Nt=Pz@#!_$T(-58=^&U5AmXg=Bs^KwvYi4B!k?3GugJ}&REk<Q9u%<yj
zMle})g>{4l(LIRQ6|X2{cnnie>>~o+H;=?pL+Uk->MA-Y=LvhSaE&WAt=VBYZ`w4Q
z56$pUEwGIu3QXcl$gLu}-SMnJZ{2Yqn$XfY_tC#LpJ*_nLm{%kk#U%n*nYBJWd{Px
zz!%q8Rn7TO=T8)zuUUU&+76K0GCzvPRS`)={rkE)^?rM$FPnW{K2;u)9FO0v!!|f4
zv(MdWKaogtV(woV7r7GZZ5n~to5MJk=InEHu_A6!6g8Uc4vQd>%I-Vihmd4;qB>B;
zx+vpN&=%>hy4|JiB9CrRCeI^TL9~#Qkjr;n2<rS&+iV@{e2&?}*-Gs>^R1VHXvj9^
z9=qd&fgBT^jh%UX9*xo!o-K93VK5h6BABZLv9TRB&Q^?S_+}VuW|Pc=0Yy=W#Rir0
zY}=_unPyUJR4}#GM{Z%Zs%eQ$CbmjZvk<!NEtS+F%}Q!xA`B3Uf^U+%yV74BUfphr
z)@{ook%v}8p@mBh1Y%B$A^YY!-37et4kUyPg>7Q#!#&2KLG~_APCj$sZ{4Kji7f5q
zOepS$4YDYiO<EW`5r%DVcdrfa&UEKxh#<olD8?*`L_rv=21g4ut-^;^QRB#haI&m&
zn_AaLuLKC%s?0<(Jo%HJdFFz<(EP`)@FJdKE2WPNqbPvjp@h6SiIf_=<#ww%sUoaF
zI1B_u79vD8Q%ubxaF=yJl_<$JY8{s?5(yPFH8zTynr9)SQLxHgX%mGKXijD7)Vj8;
zK^UrJV;G<~+r`I`v3~}8cc#12eV1$^=5Ct6nyqc5ySyA0#;8k{pfaIi8zOguMsAd<
zDHL&1jf_B}@>(Lmyq~j2=y|((w|MaAaR@}`Ana^lFNE$H9EkG7GU^3}8GIUoA~6_|
zHZp{@*=(9N27?WhQ?;rrNx5jMY_jpHVMdx7;GPz83TuOxtzh0}9Vj@C&4P%W9qS_9
z-Ky-%y0WZnx^9$?gy|ZO5<U6*YwTlL%fCgx7x5n4QW`-_(3%|szAbU8Qm9U7XnnYE
z($n8_aF9VcKs*)XYK3!4hAT5;MXJDoO>AY85y(8ZJ9sT0&*$S_@VQ?2V}-;K`9o5~
z7#<?RJfv!@66|jH^lJ?7jlub!y13;yl|=m!%bp{|ayvMzmuwVKN-BY{zMIwPm;x{(
zfg}(_ihgM*5RIsk5w(&?n`m5G<D_4ExK8R?J<uaOoWrP;ZMd04H5hHUiiwuwjiSRY
z2!ujK3W7+HFbO1SB1#Mxif9rR861$Np%F&NWyIPb6wzlR2$UnoA!<yKHxm%38^A+B
z#0Ulu8DW*{HDD1%@25`gu*QbFb(|38kKd<#PWtCp)3(Piwe@Y|U8<{mBo5uR@!c_B
z+&X%9ch&5GNnAC1>*h%Y>B)Erv@3Jlh|)ZRyU1{z?4_$+J`u{SP<CQ_G@g=nXTbaj
z&C%PxX&-cXHd2D5oTVp>kPBMKy}PX6u;C!YZL*Slo<!#sn-<ZqFvC79@#E&Ys#qpA
zI1o|^E-eZeJR=MoM?uqaiozx&Lfm~Z6%{zw8gbU7lV;Nm-EQc%ZtByGt>gDunD!0b
z9$C|LW&pOLWC^_qwi6+g5>$G3Hw{b1WuI!g7Wach%OmePXj)BS5Wdj#={?S8fT^7*
zyo99O!q1PbaZ%LF<{|phbk*1fLL+McMYz*=gd;_(BW#hUF-=8@;nNk~OmN^n>N0X{
zA9<l{JTKX9!3PCQwBgaNT_JQktmuf<k?8G0qC7$(ovJnls`%3lHbJv1-9P{}>CxcG
z#qU2)-~5h$tdakQ06(AVWAv^U6j-WZRB+a4XdrbG$mS4Tl~K|QgrcnG6>6XrQB}<q
zC_z-vKs)FA<M}^!zH@yEX#`Gt^vb-vdv#jhHmdl-i~*Q(D!=hpQ0f@97KDBX!hx1C
zn9TQY=_SgHA%ef73o9%#{i~!i!PQC3sWd*`W#XP#m6aSx#wi(M3S%gf7=>m<S%9qm
zbt*dN=V&`FVU{ec$we-D&um`3z4{MKLkFmK9r@Gm=Zdcx6)I&{fo3SPA{mggC1HVN
z%CWZ0t4yj(X>6^mYJ+IoZ8K_RR%Djgw#jNLi&Yx5TWV(2v8z$3UU+yi&fhbAcwSd0
zeA=5=9Oowsls4vwwI#<cO8m(e1;cgf_3E|xU&1vdj8sBWZEb3iwAmXZH@>Y`>&1Sj
zUcY4n_y14ve_em!gKf9-^rPt}qDm=YqN(Hp9|w6sU-AZXCgzF_KB8y)$ZY4%bF)-z
zBnbmY`kkt(7`23i|6x1+Uj1!fihD0t-if5!&s$Y*0g9UWbEeh0+0w3&u94DsH_D#g
zb|bnRxlev^Iapau)vh}4h&2Gw+|=6$IZbSVvKU;zXovgqhA9%v!!m4XBBkqE*1i7s
zx0w1Bf9CAAt3S)gCoTVEl0XN?%3{*XVk9LLY8Y%QP$>)k5)yZxk47G<dhC$@d3AOB
z%IND-NN?}uL^1zxq(gzEkx_m#!V!}s%vAdORN`FzHph6+uFJUHHId(5_*WInyq_KB
zTuY2bDYWyxnU9aJ&lImLCJ^O5jGkpZYu{?_IXKGSI&oYbQOud&S6?|76LsD$@pX$o
zJv%Dxj6;Vb8Ih6kwB3NoH&5gBjLb1(62Xe9qKsxqA@@Ij7w$jdZIx2K3NHUY+U4eo
z@A?2ja6O5nQL0LTOHf*cN?hh|?B9<5z5h-R@OJO(^`JpEL;kulO(=vl;|t3blvX;x
zZ|~Q{ys->b{Jms*=McFIch(f`&z+RJQsHvPb)EipUEoZV*>bTot3lS7noUlfgoaJ}
zn+Ybs4F5Bob`aP~>&g<a0LTS-A!II0&&2;lP!vH$6c`}GL;`(3&4$mjKT4vZd7*#H
z(#Gijp@7)me$VnUBBO>xY$TM<MRu}Gg4L&0s!~BlvXc}N<V2YjEl!bh6y+vNu_U0$
zX;~V`pU>C)Kg0h0{P%*gqUNi=W?{57gb<7*{{>KFrEyXtoauxam8|U&Rj6cGw*ioH
zkce2e`@f@L-(wr&q%NU#_v`aMovXV6l{t1h^x<)WVqEjLG1pEixWz_LZ|8ef%vEBI
z>dP$98V6mxy?NTZuo+X&JM)5^n5GKZ%rn;2Zv@CSzvtBl2_HWk{P_C%``<kJ<6oLA
zAhdSeeZK>N5`tbSFC>CNcp?!+6wtL)_u}8Rz7>*IwY)JmC%$w%5R>^mS{9=zMdS%(
z)G7i9Cc6GH;O@mRKKnkIwA%J-n@O~_8ud0du`Gt}h1L;@x_UXZt(ZZTQ}Qn_yy-lj
zi#LnszP#+@XMzFlYeq;?0p0<ivlEFn+YitQ@g$o5d;M2A`uu-?Y%cS9b9J*u`A3C1
z5@$82m|;m=)mg9S^ZLRkpVW4J4c%&?z5(Aqsgi^ds)$pmAW}sZMJMAS{R(uE@chr(
z!%$MSpzaXTu(bV!Nr4$Iw>dOXqi&F5C?A6C(S;1sC5_z1b5#kHQ4ci>E*_8%i6lP#
z@${d68vXdt{xs{lQ!$^<$Mvd}X&ppN>Plx!<}>|wwHoecnyh`_nS7&Cf=+@&Nd!bh
zO|z9Sf1lFR0>e<~@Bo`r8$eaamYH$ekVw><E`B+=K8uDBmKY^R?&|{>P%zdvc^myq
zz8Qi)$DFV@z|um>s2u2jRZUbkv&^F!f_(xXh)Lbf{JY8L@mY8Mo8K2R?A_}{YH;6L
z=Vy^Nu|=v%sEWm*DM==ju{w~IXdFZ!=Myq6DUl@-Mqy%N1zlLFnFuBXRw-jB)Ebnf
zRU*<+T=r>u@0&CSUHWvA(=YJG{1b1?ZT+ulilmWhb4IpYvk1|upq*tQnJj(S&9wvw
zpK`G9OqE75X4=!L{26R#oWHrNqMR(ES$UG=yt3znB#;kefh$|DxCei~v>(m7?e_CY
znRnTn)H7Zw!Aek}q@k$L)l$R5N1)wre(M6?Qn!8i2kbGv026FK-{dhejRm)znwn<b
z+nUa7Osz49N+5&pKK_G*qbS*L@khF%w9QP|Wu9t(XD*2Xx0&W@9zxhzS~3|Rb564k
z#GZr?fRO&@rEcePu_2#T3^LtVQw<5e`>vJWUr(QD?ahq*!1%W<ZR6%SGu_t=HTSMX
zCOt^r?nJ8?HCCXqK;x3qsR>3TZwaXZP6R?ZPE>|q%2aGPhEg(AE)X415rKsTc8nn4
z6d2YR0%Q=CapJNw3BgPbFhW2njK<q;Wg=m~5IGB}u!T6;SjY~l4I&(E1(gI%NL7_M
z*a6L`Oo%Bu)Wc#-fa%0TWhx+ynJYAog3?JvI>{7^rwSrka*jY+jD;majYDLgVf*t9
ze?9J|u_m7~UpavX=i#s48l{k7z9jff*MT7qv3ig(_c%<srsU6%I}g2QhWH3PG<^os
z<xV5ut_BnvP$2Tf@2qBoiQdUf8v?!AZ?qyAwKEv11V1{z3IWvX4{OT?W9Tp1A6lxe
z+sz=Hl(ldfuPIf#tj5Tf2LPdC+K?TLYok*b0DQw-6!r?<00s<!z&-6OX%9y24$hva
zSMNo4x<nZ3kX0IoHSb+;TYI+HTgcta=nQLnlP3%4S-Z<x%))goKD@R*D7#-*Z)etB
z4dXsF_jJ-ev-imGMP>H;2ghAZ%ds|%;m3f}*f4KgnCPO{*1k;+y3B3UPJOw1nk8Nq
zPO8Zw4^D07kG4zO8>cDT&iYwA>*rbXPO^+PXu^+Es~ul;TF<L#^P6>9o%4PSO1$hL
zatR_50Kh<eJ+vBVaJzoAfiG-guK|o~g2iAjr)*cYPEpX8Dg&Cqb=DUe+QW@?4$+)N
z)Z5$^ICbSk0|J49_D~K>fLO>F59r^D0oUR30ssTgAB!(Y5r~3*2saZs0c?G=GUy;R
zn*+{FF)OwK+eg$O$B;pyH1eqllu#XcetzGVJ|dnY!qauqI|jV&*)fCx!?CbSn7|($
z&DP!MuJWO{L5z_B0T7IrYpsr?JjH?IO;dcTpgK`zv^5deix_LCi%nq9y-G-D1{b>#
zDI*86gb*2*!ilv|EGn-qs>@bL`QqKp!&_pWH=oI<e-7xVKL8&9pm{L-CWOK>6^iNw
zNNrh}u)CnSsVuIJq9~IIP_1g4y90)aI$rrrXxN#}tx$3V(R+gIt*vcuN}G_Y8!6TM
zJ{3|eoJj(f5l65OFlQ^)VOH82CW4VDgg9^+qR_dt(*sGuFt^e?#PZjG9uy}}4c7cB
z?*o!^iv*x7K;`MWw5VkbaI&O47!P<2Se66Cp9<WQ4nzZ(J`LzFve|izmemI0{8?#)
zP!t6E``)|W@o|4UgiZkk6p}#T=^_GgBnn&uuoT4)N%0W^=)^1ti9*r}^iZvDhXaM}
zW#M_d`$9euWWlUmhl|x$y!elyV&J}|farB!mz5DIPq`nb#uI&975Yc>cc0bTL*g*p
zsc7#!y?m>7_M5XaU0zb>+snIst{U@MSXu~3Cy;CekYJ5n^BR1QP#ys9R2vwKrNP$r
z?YgWW)lwQ4VzT_-!!hsNPmEU$IX8Mj2M|eVvu3heg=VaAFj-hQ<h!*oc~KK>G#RAw
zWRr~n15GoFy!J~{#iL7CDy`c`Vr!)P+xA=OjfG<R%J(CnluR0Cn$MWhVin$$Z16pN
zmDrBvjbiIOV>BJLc9)r=Pb?5oRt{t;=b~3KM?*1*TQrbC6#7fPM}rSKs^T5!H`8Ze
zy6{)t5K9+fVRh9XfC9&Dycimi`$Ln>z19F`dHcX~FR(Gegx8jkMzx;HfiMV*wu+J3
zmXOQ0!K{FdR6Bd7ZQWMYEgl{Vma#M57C`oT5@z1Y#&fS|`C-GkgaS9S%bw_g_-C02
zMryFLSDqK=DIEBhxUiz55f+7&DygbzDyXK4qLzdenm-$7yz}h&JjYO^+7^`Jn)2<D
z&`Ib-pNB(3R5cMJ2?|P2j?PWRWXiCW833V^^!v=8(3^=gjnvUDjQc^eF_6=?zqPq$
z;iyl!mJ}fl_maTG<rZq|2gaRuwX8hqccy%$K9n`|_WbSmgZ#hL{=WU6uhm*+i6JJU
z%`lX;Kc8n=!94Ib2#Tiag;?TH<c)WBZgW|N__cgnMi$bEwxkR1(}zxX3!SUAD>*mf
zkmCgA8zMPD1&TkuIOp)TAI5#DSkP!L6(N~FtisKqCbs6KQH90d44FAUtlh$3GKwxs
z3FIJs0Gao{m8B2wOeU!JN1v<6ZmB9tXk}_L;!-J+Y>iZ{3o!QS-QC8L3L_aYIY&ta
z1(aH-WhWq&Bdti~20|?poeqVWnS~S?-_#AK4f|nf>8iSFX_`I#;7>wN&?nGZECq4`
zWE|;TmoDAP?z(}EFME4jnLBMtkw|_FZl~8IJr6>JM*o@L+9D#za5)>&n`YfUoq4&|
zP2sQ0v);~gs;9f@>64KK*ckeG44M)n3(xBFoY}@F)d}Sw@rI2WCD-T>**!Zxx;>w&
zw2wb$hd6g#FM138{SMl~s+200kr4Y^tQp2@T<$xkbv{PuH&rIE)yeWsggpTQ2!s$n
zj+Yjeg962|B}Z3Xn6a>nn~V~*fk&a%zkuosqBG?5$M9Ag05xfBkq|vQseRO;&@krL
zqshJbK{eWjQAh7&y9JcZcO<agRGMTV>FMXDX9}&#yRHLFH{P4u4MTN6HY2_7VcqWj
zk_X>;Uw?b{^k2LQmN_}+_siBIh$zHhtx-aXF_l!R#7_Kq<$9Z8ms^a1@(}bu4dR0l
z8TqPYsc?`V=e|e>fslp?Kn!o+usG+W1ZI0PKP-@~x?hk~Xjij*JOTCHfh`)_9r=<V
zz-2gm5?M3Qe81z%yya~4{j1j5HT|jeG@`Ppss&m;KKg>6cKCbU?H`HmbX5Hkof1iB
z_VjDF_6A?@VsO+rZ#50-41Za`%}#fEGY*9Settq8j5Q~o_oaATyfg@iFwU=r<^(#7
z*+3rzn&xW%d-0Bji)-ktR3GL_P^G0Q7)e8F8Kngz7DSeb2}!10Dpav+H4BDF$|N-v
zQSwdhx}VK^Myc1Cs@0zONO>a0BzO4|B0|WsPNADhQ{!WD8vf7X2gy8P#zhU>(X9O9
z4)hGTE2@U|I9Oo9TQ&M!gtjaV{>^>h6J#;y`_D54o$=sb82Wh&JFYq0E)9GD9W(E5
z-`aG3*LRd%?S9t1sr<@RVzQEyQHc*j>8IAmnyfu4Y2b|1V59lC5H@=zyY%Gu`6s=@
z-1;gNt#8xTZhJT6?i$wWk2YSAS;Lg{F&i^ip+gHU!QCF2lU{K$Veuem+cJN0-*x6!
zuFm=6_xksK|IhdD<6v49bv7hfa8j<4W^sQ%KWF!k*RRg~W4I;%8o;!$su~(9;UUBN
z7?1JP<og<wP{93C!IJ&5!=Fm$&ZGkPZc#vQEBfyNh996w@4EK=p=$8mrL}KaQ|z}}
z%oeZqTtBu@l$0?_Xi7?CN-Os@@#F1pJk-Cneu>J`#gFQ$r7$5k>-#sr=2vcUKK_y&
zxeAkvB(_OO#!u7D*lTqHnMaRYZ*{y{u{nXfUT>;>DD>g^a0KEwe}W>>pQ9y2ErLvC
zMTp{odEL-7WbyKDM~B{P%LI|*qqiS-1k^}9y~n=z?bL<<QnQ1NRs%TBEM~Eg;R(rA
zmms*5D$KC9DFZG<nSwwgz_47Xq!I`PQ6ikCAb@tZ)FGU7P$U?UY(#*7;=s_P1&*u?
zP)fFDBaqh3p->sZN+{mA=6vruQ|R1$k*=}oN6F`C_?j4%sU(6zU8NB-S!TAY3o#p7
z5|<)r!<<TDjJjq*%T8rR%2bFeX{!yfT5$wnGQ*sc3HO2W_ligKRx$Y`67L7=^n`i+
zzaiFfj#z4|vlVe0f>kI!JTGP<ENr~6e*5caLe9Kjb|0N&!z?5n`sg<MhVU1-db);k
zlZeug9(jYMnlc{y>@R)K*I5uK9uJ3%wdS@&VBHV_2q)Soh!Vsus2O1WbeY$$cnpUy
z4WNQ1A@kdv?6!j9`foYDbZ>`wq6Cr$h)D$`B!ge&cfNUe>fSv2Pe*KX&E8U1*MA{L
zC)^Xbn;8B^&&F?Wql*mSa1a^AB5;sOh{p;?8Ij1qX*5)U&(T8?`q2*l=svb6N2;ax
zhR;+PF$*T2*TFs@#Th(@d|4h!{?rmfmx2|~(<BhKO`dl5$URS${CvIbeRe4&RAGI2
z_uckk+%A0s4x#G5KZ4|=I^Tq~Fd%fIHZ{L}I-)#w)azKcnL8uLQ)O+@^q~bTz;7?k
zeUu=-ybOMh&w;Q#6e0B2JI?#_e-hst&yQ0ssX;T>>q`OZy)RX~`LDZv`E2{@hU(fC
z$%r%t#pJ~OiB)!Y9pvX_6~}j)XBH*fiLO1p<R=dEW%6#59G|b_$8+|nC-2g3t=am~
zOpK*D-=v=XptL>WC>y*pHnOwjK<c&I%>YJ;^@5|fXJCygb++&+sNY%zRah!@W3uAT
z%1D(Ur9&0(x!~ey&%Aa<hQAIlag%F%e`Muu=T>YnjLy)hSy@8FZpY8*%uMSZb9C%v
zmMbev{HQlW7w=KAWM8-{Uu;tX)3ivizJ7h|q-5P!F-tb1Sw6jgP3;sp>O*$wly6v}
zSX;$`TFFc6ytdA&q=o#e<E9&QO_NHfP~5+~^Wr$v`|nS!5sUkOO8judIuxevn9&CB
z&BHp8+V|=q&?534l2>wlyEIlpXiY(lwrQnBg`Gu&%P_`+Rm@FtjF<oy0gw<#As7Q?
zcW(GjndWPT!(Fd1NK|!z*sJR{xB#y9?Fdkgu<Wc5_94NqJokW7Iy|@Uo|3{2NWS=%
z8Px>uU$h(q1AXa!^ie6_PK0`wG2q3R5T?aP4o_D+PZ0R%AP~W6>V!On1w~x*3LMWe
zfNm8Eixt5(UhbiK3(?hYmCYyNSeivSFeC=nev5?hoN1^63_O&`a&Nldd)jr52q(S{
zy4A<6f@p0#rI3P*uv?^Kk^5PHcW~jE;aRDrrAp08dkb#0iqxz_c+4oX8H%Ta0Mx_*
z_v%_cIM@*b2j|jEnGAvmCNbY%7jv1J?ZX=ze-EWY@0YMA--8@uWFzO6{5asiM_jfn
zviGW_sc?iTS!M+i2F6(vWWx=ZNedXF?3PqCGLdN5ml1Z%)m>3*1BUQy#B4ZKi!W%#
zIfGVGIf)bzz^on#vT77V0ov@^Iv^%Gs;V<Zm^Rs>7$E`Tr9ho9>6IsJaO<XFT4I(k
z!8XX4*&JZwI5_Agt?org3;`A9!VNZ&zyQO5<L$muO99;@TWgjI3BskS5)#BAV8Q}L
z909<ii~;y4h93-U2M^@Zg}#~5wnb|!#a5XTb(x7ll(j<$1keaT|2)H5*}iTN>_tUS
z$YB(_y6*P(s;k`keFvMW$^#lrFiDNL*m6i30R+PlpmC;fl0jld@T3@!pp%Iq8i7F}
z20$8665}j12rZ<UA;{bkAr2fs#L+RB8)P`xBup$aq>K{V3{OCVFtAE4nG#{5n+Y3o
zLL9EJ&^9DaAp`}1Rk5!Q_mH0p?@^X>%=rF8<!8?-$%neBZUcbCGs43qW4ygj=vXCF
zIu_@$O7#-qy9+Xz1uAfcwyYB)ls0M=rwt`(?%-Z)Gp{dm3?n+bm&0#gkR(B4mfugl
zz(-|_17fa&&AbbCl|4({-hXbFA`p?~%;uOg0v0o7+yG-;D7x#arwpo{`rkX{8`o7@
zZ>dnqb%fwgFbp7%av|0$9Pnl?5IvnHW@1s0<Lb#{1_WFPU>sc`Ya!K4qcB5<amk5q
zkYkV=zFi<-uN3n{F*N{1KwmAxfsS2ta)(l(s+9vs4&9}M1C>RkB<qm^7HSqU&6iv_
z&%^gAjrsM@nE*!{RBWOmU3ehSv6LdBu+bO><zQw89Sc4an!+*wz?)zk3a&%E?oGYU
zT_tBZtJh^fH<`vrO9Y2Ae8FH8(12RXDo9j9Ldfkm8Hra?0mQ=UNzGAJz2N}O>df6p
zOa>?b<w6kNvdBq^18G%QWd<Mw)a4L2<`u)t-&kI5Xy&23hOO_(;}u3MDWoZs#8iq3
zmkt!0EeHu}fm)V{24F;T43=`R2^FE|CwDG#G6}BkNG0(7Z=K@1(<YqyO`$-5R1eG)
z1yD^Ci$soe$}VDsS56@XNrfv3AZKs<B+^gW{b%zEcV_Mf#cs-Asqs*$prvncxs1ir
zQjfJXYfzmUVffKOVri3{d1TPFN1fMZ%}0NvA?f$xQJxq3GlpNLI{p**Wl)qODJfzl
z1ed%>DSNDa?)d>&I|YjRM8<s=zzvV{_$ugXgps<yrWJ9AV<G^jo*u(}N0rqNG-SRO
zcxcVSy46e3Kz`hY58Dgy@-Q9GD3qQ+IU1ln`R@?i=z2KH^YMQb`oB|`-PgGE!@2$L
zl}crSC6*+cT9E$#v_EP7{^R=l_1_^lQ}jK+2M78K6PmF54sxJ^#xX(yfS{pTzqMzd
zzm9O+wp{{z61!j?-+euBpEA~GZ16C4dVs++?_MWwlzSl$z5C<q?oxW_{{0RYPfzbW
z6{dzLpo>LN&ui{;4sM6a`Sst_zR({#kbhAi4|oiCf7;B*J`IJ?i7ZexV%ClI;`_cc
z)pzRvcrBEOQbaH05ykuIN3Q$%a%_2V|3G5q7he)X??l($dTTmR*6pgL+_BF~zwnCu
z{QpnRa=^8eiV-DcR1zy7A!cf%WF(}iO089qh@zrIR))p0tkp3=VUb2HEeuTBN+!R<
ze`e$QpzB<(QdE%j@4XK}5d=U;k^*H^G5&jOI#D4KS|Dn2+GKFbB~?&02(9|j3XxUa
zCsoLXVpFcIrQH(&h$?jJhKpYUlgib3dvKzOzq7xr+5NEg=;Wiea$Oa|Sz(7h0F!>s
zRcmxx_rKpXe$Ow>R`K26_VB8rr3DJgs-Y@S(tQtE*BR;4-b|0a*;Yv>^07NYZt?Az
zNkmy{%NePbsp8?EjN<W6?<<?)e$1;c?=)f2dpGX1XYTszM}741(ZJcfGJ__Inm++2
zy!ua1-+sjY{>OhG*XZ&2+wpV$kjqvk&X{OQXi6nC(<n~s(Dk(7K{rJGEUrKgAK_@C
zb0oS+yb?H6!XQCnC@}Bb*Z1`HwI)hD79>fGpz#T|%~dchH}_!!b0j*MtSs6>J_C6k
za^D7JeQ#!!*LrF>lzYpY={$(1(gFN?`<~Rlb(eDU<MP&nb$R{#sg#J4s;HuZs(UA+
zkDs-9+8y2d@%8IK2m1cqS|*@9g#jImD2KnA@PA3%f%i|j!+85sm9b~q{&!Y#=agtW
z?H^%@37*(r;DP6%pS~;XDDGY|pi9&Czti6<0uVtoRS4B>66uCbXqAgPq-CZeb48Ga
za;-x-+M?1@LzGcPA%eA3m6W2HMYQ6=wQ14icDje`I$D|h{cdW<pdug%2#m6C%XVf+
z5Xj5xxjA*)N>(aqT_~zDN-B`LSRsf;P@iZQBH6-WttgFAKuw-s1WKU&e)qa4pWm>}
z^xtZvx2E=YiLl-4@(aH{gahyIv)=0O-+8~;!-exN&)z-Xe!KhsQT?pbHWnPBDu`BT
zYKjVKsL|Kz!!x(9y`#^Mz2F%^q1$gCRrf1b;qBKWbq-wV7Oz;6KMnA&uYP^ae+Gh~
zsuoV@<(s6rU()r|)4T3);d1G?QS6dvAQBVK^s6d<z5R9&sW*`M4xf$-le-dhq2D=%
z1_R7Zw9rK;Ljom&6!B&{*m)4BRt%!R)fP0;DS*xpmS9jPPzhrrjYx=IYEaN?8=$$W
zgD+Q=m8>N>lBpq<SU@uf7E?ipYV5eoyOR=(*0L6j)*w@82%=qT!i3*(b!VgRhljCt
z7w52eCm(T_d~{?k;P(;p)s=@@%1B@xry^A3NI^x1Ng(Wm3OS;|5hR3?S<V??pp@02
zz?4L;9ciSLl+Kc(sRdxwNJu~xF9K*Q^XvR(`Frm@2x!OTH<ei6I=y1R;5pb21iiW$
zch#QS?!6W#r=4ko&noyBHmLVYNYz2u5tRA%mM)~*p5Kl>VP~G`6X`mPpACcMv2coo
z_;poTSL1?(^s09C)7w7W1@zx$#<==sm{%jT;oy7%e5g90v4B$bzV!3#!9E{ezYm0>
zdG$n(Ob;z26@_$@cA6?)F4I}6^V{9eNfU23RqtO{Qa<sQiS799ofk~_<Qk=p(QNVv
zmV3)hFWW4AeN3%9`lMSH<2bC{-QcM~QoO%KUca{3BHH!QUENNC-51sE%QbUXVjb>O
zz%0}eZKJ_xrR~Yua5zFfw2-7PorIO<Z3{*%cTu-NDx{dUsBxFuE(=Zku>2?1N88y~
zKE-XXk8sCi&~@U$xyGvlz>7fTq0vpfy#$y+Rkn-IMYe||It+;fAc+q6RcDpG>&oAo
zJXI}&+}mR8zO|S4y#Z9!2QHqgrykc*#kbp_@sdnjs9jLWk}isvUdqbHo`a@50(e-y
zZr-ccb43jkb=`S;z-g&RI80x9hw#ufk4RLo1u>9g0hySR9qEGVIC7oDQwd|O;A8E!
znX3pVeEtf1f%b+tETZ>Zzd?j}WDt801-$T+&Scje^1Sgp%d%vH0U-oHU;`jK4mamC
z{Jkn5duIXp^4GrR<A!Pz&aOgW>WZXX-PKwL47NOzW`jWBjRLY}W=(ap*&7Hc7mI;H
zFi2I#+oC{p3*bnDfT#ll8t|4OaIX9U{<6Q1hNtkLTs<uQE`I<SOnflbLkw_l5Y2*a
zOQnmg?wrgld^Ql?*yz;_9v3<e962oSDAmZJun7c$39=Yk4n{G=8(5k`iXNBnjQvY8
zuznl!Zu0(pEgyy4%*crSzAq2vICwpul~nq}OZ8uc<9Jm!sSgce@J}dpg9vJti6~%<
zqrgyLVYb$g8nUWygL3mTDyrXb7l*y!olQ42`xg={pMZRKl|O^N>7YMd4REJgD?*A@
z6aoZr1Tb)bj-<3C54I}@aW-gp{rW?j7eLsEsWMxSex2vL2i{hq?rY_f8?aAtNDwR<
zC=h+xtI}rRcCcnHce>kcWO+l3q&KY+v`t-z5G4I?I5ENRwt6L~we{1haNWQ%+ciNE
zAd#mBYm#b1_sBX!R|g2ig@D`&8Bk&d^~%LfOCtDLpw`f`XjV_bZ3t8m4J^MPh(8Nv
z0|tu-F4&i?>K*#A=y~i}>;;fXVYovC1mbSi0WT1V)}URmTWk<%v@(PQM6ltTAd}~h
zQuAMYbMxvm0E)y|lO764WQ4(4njdLHMhqfsO2v2MSjocG(T*oVb!yoUY?7t-poN%+
z44`#9pg**8@F&T{JZTez82Wtp7D_|32qTFD42<z@Uq&_%zHT9a4glJg1@Kq82t`og
zS<rX(2}@B7*rFFC(kcF5e-C-ne|<$R=<j#FZJORkjPIs|L=a#qfS5xfAL0F-Evh0U
zbM|>r5L_jjMK*?u_xt|+{*YMxWBvZW%$!YVp6(_|nN)PY4R3StU3y{JzTwW3)*OZN
z=>Y!wo)Ws*eqY`{47{qn>v9A7`2T-m{-#E8I!S3l86@AY?EarVYNnpRbyLBRy~;X5
zPwn)LElE{d2`T~tkYrehswktg8F~GDxh(g|p!<e)a?SovJ7YPiyEQ6OXvud9^0pQp
z$pf3$oBmVJ?O*3dYa#j>uJnJm8BC&5+O*EFtdx+lt5TH1LM)Y%k|~;pO2Z{gK{V=#
zXIfTsRz#JnRYh0MS4Mi3B9F}Ebp4ez1)m}9{NAk#fk;p6HvSkt#oy$}=q40tQ4n&A
zmm)cWXsQeGQ6LK=0f8A?>wSFm`W)~JDm=dM*qe4V3J5Pol0!f}?+;u2&!?2i9s0k1
zRet|?{|tUfEK*jcC@n1s-{0{+NqdDuswlB%ZtMY~6Y<!MN?Jr)mWU!EEMmzdzu#!{
z3J>Wg*G)2A{cWb~jrcaTN4u-4eR-YlbzQT|Asf1E4@eW=?v#1XJ#Xvf?B(cgL-We#
za7Q_=XY>4&QAtv%Mj=HiHBB)QMpyU!e`)-=$M^lu>+c`WqiV7GcMcDO2l^wQ<UuUM
z62|<+jLDSDqcX?8d44JQ@ak7R^;WWix{Ura2p^IL(jIx?vm`q~QW`twG-`SfpLlD}
zuwTnO{gU~7DEo9?AGyoRDE<m3`hd7nW_6LRi$t*$izKRkw_UEMHRqUV!x&E$AdHB?
zMK;*}KkW#qf^sXO`?7@Nxz)^S=BSe;FxV1bUx}snly}@)pL^D$@8@i756+HydgUH|
zmpeovR#1Hi8#n#o@pV*DK5>U*r&o4<JfMZJw7=yfML|X?u^1?_Ya3>4Wi)9qL{U~i
zMP&DvM0@FdO`k|jjFE^b76^+FK??~;7;fjjc$3`y0Jgl>C0u}i9M(bp)X}1Wj87Vm
z#FNi2lu-`)*RS<aD0!Z#_`I>-@T#IJs462Eq9@v|+U&k_ySmxq_wJ&`3W;zdWt|UH
zP1!Vlqb`a(h5t*1We4XW^AP~s04AQ%s9rVk0N;@N_uWo!+}ze@E0kUz%8XP-EP|;R
zj7QC;a)W96lo}rxafdyvp2|+@@5F^L=b;0ikp*C@1WgnXV8|>D`OH1|!sfqO4Ij?-
zXP?~O!&{6^Q>-f?$5?c*kiW-#*j(mNR>L8(9}o=Z^D|lGEA`j6fL*+SE)8a$a2*sF
ze_{%e7>Fy~uZQaHXTOfw?Dma(XSwcI?!;h}5+8Q;)>LHcFOCjBXe&T{1u=v1*`OKx
zu&tDI=X?PaBr15x9o>9M3jzTE+0i#cK~<}5>2!gY4VB;w;7MR{Wu&2kM#DH0fa3$+
z-NpA86o+=lebL27oEOA;h9q4x08~_25(I-76~#+15rpPAu@_LHtfD&rrw}wM*~eoi
z1tA)O0-VHfDjOu&o-%9^teEM<1Tf}z6sfp<?tSClwmT?&0+noYkE1LGv1F>MV}K~J
zqJ=O3A;7a3!!D>oFuO)UDkvdcX%(1JW*uQD6qON)X9Y%-aypfvbTeTiLZszLs&rB)
zMOK#<fGYm``tQ$h58sF2jXL(<<4i8Z1gHjW4t&*)!FCpA_MDtI-pUQx<$x@qjN_&|
z&scN7cT9&zIZLf|WYrGU=4r1`tr>uv%Uy~>J)6F~jw}uJaI6$)Zf1~$-QOx~smM=W
zgka6f7olG65Ih|KoAL#3gLx=#Jg%lb<<bU6fCml|Fbm_&6rFJ&Q|a>yRu1jA2NpSG
zu;MFCIG|xtvO(K5;;ffLa#7SR)A3|>>Lo}FgUh1F5P=IoMbEVd^3eOpdDJchCYI$*
zK>w9<MjQgt)YhF!`u#WWSbJ*>`2(f6BAQtD?$SRU8Jdo9AiAS(#j;8D3F~7_sa^44
z+FWy^)Hjz!*g~%IC3aCz_KueaTN>@t(E`&V{6uJpr2RqG@b7Wj<Js>9{`yR2b$rRv
z9h?R%74ZY7!LP41OU%Cz@qLB6^@tiId~WV5<LzGE=(0Gh_nP1)kWiYNkC~vXby!dC
z_V2$gfe8L!h1lIjP+0j^FGR`PSlDR|v}#UzHql_Jst_ysR&dEIWns>$vw{4oBCqW-
z`KhZ|+vz;so$(up(ONd`VHvT%o>8(nc6RqXqm}Pypi!`~rSzYmUt$musuuLJq0SGQ
zKbj1U<$YT7<)cFE3r=OxTd5B%UZFt!_VwSNKcC9i3oewsWmsEF)G!(#xCbdtfIx9~
zEAA92!QCBNB=`yL#l5%`cemoD#fwXjQnba21ZmIt(sRE1zR&$}f86yXd(W&{vutKd
zGJCIezH;`PobN#QVr0~DaFn;(04uOe*5~>y@u$Rh=L}qT)jG+4b##gCm_lG|;a3SQ
zzb6yonQ4u<bsr^S{p&dKgMM6DiCk?ZVsVpEVy{uWb)Y#FY_7X2v0BSI8lG3;4pmEa
z$N6pW(}-f(Vh3ybsIVMTqyn)fU}3u8!<$8#Gl`RdLn}4rq<kZ<rk@(GTtc+CVr&#y
z3^<q&QYP#6J;pM=ZNyOnS)mdAyUmZ6<$`EYM}&V7${aBO(}sJ#ga)r;za(_?d^4tg
zpST7hd14?AGR}XV&WpLQhlcb3p82?Op^1Z7t(eM}PDh?nI{oPu25rV7$ZNs&fpikY
ziFb{Z1^HqK!?;f*R72KaL1yAK!wF2Xu&CDa^$Fo>{HNR~DfdQQVFJ6zE|t6piV!Mw
z<3{u(eco_Ed3;bs{XR6u(sk}t(3dM=4D&`Bi@GrrQS!1i=TQ|}&abEFCNahd$5(^m
z_m4go8l^LfTR8%%^3Tmpl&4B*K(&Rrn(Xbqu*6pFBqCh4sF>+#&Q?q+{tjzh3|1vu
z4X!VKQp*w@XR?l$N%c+KuJKM1xyy)5HqKZ)JSd2R_PyyRexfAPQ$LQ@>YhCI+Wu*M
zt<>r-Ou!YAcY5Q@<K*G&G%kFUNIV&G3d_FU7$M8i3srCR$y6tDTaY|ln2uDOiL^5*
zLT(?f1XQPcMH2(rjE~BV&mkZJm!-86#M0ts(#XYV;6y}3DFQ<%-O<qvezPQ0qdAT4
zhjrYo5yV+8zv!)6-7)G*`M7rpw(2_kcF_Z+@8v2-)W2<D9#*Vpe@Ve><gnJk<2mzj
zHMm=Hwn)9+=WWX(!R#^Hp-gX%Wy9Sz<=>GihrjPu4MXU;TC$%20Bc!(7hOW)XK5^X
z@^Aj3EuRc)>wCD`iI#T>k=aO;zN&$l^n14B(bhS{ia4sZ)=b53DO$jOP^Xi8wO&t9
z3NzO7=)|KHh<W}AG;$^DHg`(8_`GKWgJs7rNl84JsaQ$;nhd<b=e8wo$kFz0hN+-r
z<alXTBhQ}RJo}cG$EJQ7u-8RN8iS)5qEc91&n73o+HWvpAm~dkrV^LLpKz%Le?Do!
zts%qjwt!m6MIf))IMgy@?B_qF(-=qbE2Lt%q_Yy}L(~P7YWA+K2Agt{J?`B37wmN1
zopZYKUa00vJy7>$1yX6!Ef@ZxIm$XePy`mZV~1OR{Sw9rkgM0e{#)XTOd@jgH)s1h
z*&K7~!l~b`VCHm)aRj@po7dpLg&-aO^&rVp8Y#J+G7EmlodNrxGx)c3E%A8pz^;R~
z!xRMgDbE9Dte$(?Xmujkvlq2NaU?BXP+;*p4ITc8DUOh%IkkzgC^X1xYI|d+7?eO|
zEd=Vkih6U$UsZi6kNmmf6Sq+IPW`;<`iE0n)D~gxIXzvs;U#w#7Ui@PV%aTrHI{;N
z{<nVkD&jA2LIjRwR>+q497!=GZ#I>9DXwHlIItY~t)i(Yj!Ebz8NskVHh<!fF8A{Y
z4Epf#f?rEwXu>s^AC>do(o=poOu)Y2hi@aDWDpmYI<9LOSnAXbAsQrhIB{jk5Cvrt
zLv2Sp;dWPGnkaJudxU^3UfH{c)$a!nu>HX(NpKigIX9Il)tN2T(Sy9T<2>vo@p}nT
zZToAYJ8j9O7hXluWuM-}7N0=ZXpI#AQX`&whpew5-TH2XJh05+9I$3ofXAO%t?sEy
zyT9PI#JJS#-C`_}t0kq+e*ZFSF`lUh@IX!;K70xK^+NnbfWw3_?mH^<zG1#gQ;GB&
zXCa-Rn1yi11-S2%2SYVzHTs$y?SXILaaX1mxmEr%37$l5Tv6PW^TCH{Z`+G6=0^AB
zI3><l)URRN@l<7U^*eG3Tcgb*SV`aLU6ldt!V?UO$&|Qg9LRNX(4IEriSdh(R7x>?
z;IXGqh)eznsEkQ!>`242H@n>?r!Edj1E~d+Ge@P_Cqg8Wu_blKDhp)5_a*#Pm=39)
zr=NM_*$5>n>81spL$WeWtB~cEip|Oi<;l@3%9P1*3)I>66cj*PL2miD+IN8_1EVi|
zAMZmDEYze1RO2SJm@Obo`C8_<@REG(GKDlQbc3~Ixh(D$**+J5n!TN}R+|uenUdNP
z<!4Sv*+SBn1ZI4SBwHox7PHZ98{uF}H^&|WFB_E}u-Yh{(8%?R7g#d1*gh1Q*eT)2
z?lsoIto`?Hgl^lHym=R4#6Yz)eZFE^8N{7i6z<JwLJO1V-`!SiVjD%Ye|Zau)mSjM
zw=JHV-Yngj22dOoSx!m!&U4+1jMfgl;1_h`#>IGb&k<8rARd;|`y>^zFH<VpDSmWB
z-!)Led%VDJ%g=d93dw5zL{35_PLRY8CDDST381&(PS+Z{qpirxV<dcZk||a;i+c1}
z-p;x|CwM>Lw&S_3mN1U>Dq0i}9T|^xW`KGa(xZ2DmV>-ae}J^B{CxZ^lKPEzD!wt7
zS_egLmHrUHZi}O2nuK0cN~2MTam3`>wAv{%3wK4E!G>}xudxSydY*?nG`&oope#|`
zI$cFKE^bym8P7HTi#T+QrvzR0MbR&N;~G_k!-m@x*<r!6?Nq_c#4~n9HlMieYj*f0
z#V_5!l=s@>7-zvlI{Y10#l4$2q2BH?-&Y3$N~rK&vq<x$)}8q!oD2YfJYMvk$MUbs
zlo8vnOH@G=&pYW&mP9WJrMjQdDPZgZZm4*q8wNiF5bbTx&iu{w^uy%yvEyNgBwpLQ
zD4p%H!Yt~-c)oX;)^ynYLv-v?;{nl%jq*{8IiVEh6bi{R7U>?A2{3;H*3;i{3vFGk
zO*tTjyt^BGZ73>A-*6M<L5U9H&RG(9FbA2gy_xEYAZmoA8##tr`LFQR)T=C|oT&>)
z#w6cssY}plXnNj?Q`2L01gS7wJg-s>MBE8pe9sqV@UWVut)MTLH%@3^b$MOhb||)e
zW^tFFb>)sUgTKR48=4EJ^1%V5pvxQ;<}^-(hgqzTX2+Jo%vktJ-aU6U=STWBU{jXm
zSQ&Hco<^KT7i5{-NcL@<cT23vzD_BsNLd+fM8po{;~_kzHfMxt7E=N<Ak-|7ZIjJ|
zuYnaZa#wgH(WP>_x1@5jKjmfz2lBKQ{=)i|;gXU7JPLFi>isn%pDL^yDV1eVX;L=Y
zTg~YV%JtTe*LIRfZ4%1WK&|Zpfgl{P#~#$WKEh35w6?Imf1*j)HM?RjToFS|)2x7k
zd_JeX*K_{U_`dcVT9K*1ShoDU_eN~dWSAbcH37@uFQuh8FC<`Z4<T1)aY*vZC_j<$
zG-j>RK60&WwuxtnHLUN9n8h>XD_*`E(w!keC%0BpU}9xK{~B-;P;v>0y!3`K$L6Xt
zkv`{OBVbn9^h87FuvH@2R!bOhj?O-wVC|3haC9DpyVyfoKxzEWJ*n7eC3<Rtac=Bj
zOHulX1@8<64)PN2&!+N26|CxLCf<Nc3A6LBWXV5;ZWg{g71!#?2GQ=Gadq~c3Homz
zy;Wf;??n4xe%@!T6ZwIN6O~-^5qMN}&wlo5sLSZh>*XB{SpUe6rpS~pd;_miqJGi6
zNgOBMTiucI*E>pxV6`8||83pa|CGdX?sB<|ggHLhQ8)@CLrouvEgDrl`z};pM~^kR
zUxF>~9@Nq69>kOmoE564ZD!{jjG>6+tq6;$^!YGkziL09L!cFJ#=tm@V8a)f_TFf#
zn(^MojrqBWe94F{QOQ&Q4g$|EwS@*pcybhMi{%?}a4In!sP>iN4GG(!921^uCY>)u
z)CfpE-|O>fCjZFltbg68{=4V4hUWlnas3dip#yq_94_v7+?Xndnr?enbck-*whE_H
zWV!E&iYX=|zUAGU9!E3ph9)9fL=o4Jn&{7ocxzF-ZXqs;HnJ_HI2OXr&e-(LfezYW
zE?{owun&Nk-;VX}7Pc2k91BzYW?Rq9fVt*?5EiE3{a)ipkd9>QsS)4$Dfe-@=HRBc
zU!?!b%-!GY21<HLCfixt!9VJe1$@%|pDyDPeg&RUZ!U>V|9y+@A{_Pd-pdlXc9UO7
zIGyWeqK8VpB0DE&({P=~#re6IdR}(LP5ORzLG|mBEuONTHD@-%eUQ&q-pMD(syd{6
z51K})PFwpT#64=7;ODdBFbBuRFzM|XuhO6cv<6rYgy1=5>~3I~5Ah4y_1Vyqws#-K
zBncv_@gP*pW5#7JSW4>5=*h`H5Kl+$dtOl|krYZKkLqgWqy`YBR`(1wkfq^)R{6#g
zdjDT0=gsTxpMv^_ggiuw^7y*-RF7~8m#HY4cHS!dExk@Bq|>+SvokWDrlj;iY=^t{
zMkbdYqYMYmNM6m1$ByMXl^i<#z(4!@0`}zC^jw(nZ3lmCW-)EIpZGpUb!`35&(F^E
zuJ1|YQ*H6MU#VVfsAi23l~^f|U4TmxSV)<KPVipPo6H<KzC*am(Ks?X?L!Bm)l{o)
zLz+toHO~L>F%>)d>RpGt8*B((ar6GgnSdTiJ7aSc=Dw4E5~0A1Lw2Cg%^XkYIVe^B
zB{<MHXvHv@m;@C>FWJU{sLK(1@K6i>miA+(>4U{N!y)v5xcSKSZ}p0_e28#-yRIvQ
z49prg?-K7kwmw?))Cij=wkRF=%yJA=)5%mOrDA4JNGM}g0nQZrByAx)&(ABdSBxEm
zgN&*ysHwGAE_YrlO#C|eE4cpH_E<(F=-NC9y@?l~C37Zuz}R#NPK%3ZQKHaEy4hKl
zUhQpP#69(k84ll7U`&b_)3aw9G>kFktIWCDSmokw{h4F%6v%eiltGXIdk=e<E>H1p
zusYpr+UYIhEUP6jkhjHhYuEaHa?vSwn^DBrD?n--cfB~bCA_m!lr6J9dvOO)TBpgf
z>WjSy&V6>vF#FqQN1|9_vrpnK@vfJy@TBl)Pu`Y!SS9Qx7_o5_5;$X}Ms`wa%!2;H
zZLSdNbn?Q>6q%!Mkku3*b?t-4(}Q1AN^SvpWN?^ho%)nzJ2dARGa=O}FZOZlSpzEh
z+`y;flRnw`HWFcu)aj4V+Ol|pB=YuA09KTf#f9Vj{@gaaOS6k2XS7mDPFXGk-x!EP
zO_(*DDA*2A>PX57ySq;4eA^XzKK`A!;rV1pgp?Dr3i+EBfOkfGy)6>~^g#SrPS`8g
zNS$~~HRS$mjyi5kTvJ%zIT14c?hAgkas;L`t6ymj|Gaud0XMTNL<z4fK?JjQ1~U|K
z{9-8VMe&NU>UC-m+SKJP$sv*R-pj0p+*fB6ZCS}n&|bls0^jF0rM~q?24cB4@kc39
z>@&|gYrF_3gfA0tH-!2Unip<s5xW&jREmC-!7-cdLc-GZeY4af(6D9S9@h^<;eH=V
zDy{H}?joeIF2^K=9qSjr%IW{?oAkKy2&_!<%0{~g8&zUr*<R=U?iq3Z?dKc6!b>}v
zwvBibMI0CA<cqqhj6E{{HgspvQ-anWD~mP83n>nz_t!S*Dao4O3KAIMv_0Uaaz1to
z(aDM!aiKwrvFk6Tlk1$t&N&F!y4hT$`RQQ})fE1x%rg@7rBV(<JRsfay`^Em?+&d5
zorA25K7kLFJiH9M$AnX7cq3!Y2acqc2k&UPF4_o_7~d32eq{%Dmv4pYd^}||{Y#Pe
zb;C97ouBE{CEdf5!^YnNxFE~#4?iVpf|#7-(g6auY9dbVIGwgQ`Dqu#O=tFrkGJ>p
z8M4?^e_6zkJU>M}21%x}SnmrPGZYosln=Fd6AtEHP}dlS%AS1i`Y4qT^h{}V+Zxbh
zRO&2+U2sSB-5bmbIxPgNKMs~h2!7fLukymy|A80lnb<F)fXVG!sYX}9T1|~p?Y`?M
zfbqM$=t9%feEM}puWTr;;w0W^$QYquPdgbm!|S?6XNj+gQq2Nr#O{%%tv_^FE4vDJ
zDDIWMw*K9krNJ0!6{z;MY2(>6M`*kAIeFx3d~Je2qgw)zaeK|B77we>v$CfZo)K)(
zp#$|cZf;yXM~)WfT8S2@HE5@E3EvlSrmNMfz2IV!<11Q0cPP$?>J>U!Et<X)QGG0D
zJ-T*Rz`Dosv%ZFc<%(GeId={gAUTgg#fEOCfqs3yu{4bA-e|K^LVpd%HrC3OfaNP}
zdv?l2k5UhN!~L`+n{+$~W~W0Gv3-_+-HUOZ<NB9E_D)vtTb{qLWmabcT&}rFT<K63
z<)E$d8M;G~r6h<g-iX8?!|&2xI{PD*+&&R}o3*<PnJ=*2lp_PZyGPd8#XL;N2?t&_
zZ+(ev;kL_$5YB3L6q8FvV9d2h^G)Jb6Y#g4f+hWmzy(*G;P1<H)Jh<1MoR6+;qZt_
zoTX>AR)Gl$;6m5vcpT{yN(xO;j!CxP0R*(Ua$q{3Z3MVEDXx@iNc#eTuy{-m=P`5l
ztUTZywU;MZ??)^zufJJ_8glkgH}~_N^bSngsv*;qEROA8$V|y^-dtzvOw&>R%@vYm
z%D`(iW_O*l`)e+XM6rV>4e;%wXI$AA9Io!|K~yTJw|laW)f5g6eiY;bfs`p8U!?<o
zZs)ws&A3S!ywyD$RJnIP^z%j&%>H@R+Y@4zzA6}#U=Ty)E@%f-J2BEY^K=>0Z}(KR
zuTRjZ>#C_Hxf<x>>el%(z)%QYM*pT(PhyV4Ed0_s^_!Ywy2f*xU~IQ3&c;q(CHG)x
z^70JV$Y*D-51P9dd~d_QqU}-aV|#zAe7)8A@rT^sA!L$QyH7|c&bNCfBR`lwRA%ZU
zHPHo^&ug+}K8xY$8%vts!tZ|HN^o@zpa0}m`1!eVYINlORdE2q7naRuKCng3k)3Ua
zjQQu~@IwaD39(JfJ(*g@MTyG4C!7~uF=9Xo4BwYG{T2~7UX$&ejqp^WZC9uD0_W~x
z;atU}VUAJTx48KaLox)(qrBr;0H4yLNaJJ3ql9<UvGRP)BAC%X%PC~w0pHUkyeEf5
zrHyDnC#SRQc|mVhW|g5X@Hb4{&46Un17`;V=5+dpgN2pd>0c|I%^!cd+k_)ptfVpa
zYzHBcNHMJ6UxT9w_BUQH?2Y&f<?IS~DD{+U6TllrWm~NY4zR8$k3!jTP~iv&e=I$6
zt6CE}t^Q>(ekl9>ed3|)VE^Oarm|-TTXmTxw}Ia8VSoA6T+1lmF-9^s?Kn}EJ5j$A
zo>HlU>RI&pI==7Tnr`9V)*W#EyssmBfBk^`KL5zXqnwN(fQM9#k*rWq1I6<UO)JR#
zPNxddMc`OcQaZtvFrj6udo>#-iZUS(7M$k$-&lpquj}RB@kb|tecRUgGDBM`IfuHB
zm-DBIrSyDuFx3a$Uq|kpe${Qo1aeL|6liw$B{X3DE%2e6QS+JRMNar%dWsDi!~R`9
z9($^mOJ9$Q1SuTxsCQ+wNW2s++$cFQQkc}{zs3{B9&%fxFQ3(^3Y9G5*i2)x-!{$#
zk17-_?;SN&d`f8u*i2%S#5rV$j5$mwwz(jc=s(#%lnpTzfJZV%MAS~GWDaAdCy-}o
zSXYp!;O!SSY!Yt8ET=2mt1-I>x{&f%GvTDmH4U_*Grf{e#HC4g5O$8!v<C1c+y`SL
zzlW7e=SI_v!40mZpf=G)7o7H&1^8n6Z^J_9>ZFD4lAbuG5e7exMe-RPXp1YAbV(_m
zkjqD5vNW*2f~btdc7eaRDbk5|Ya3XgJ3TS}#bW7HK>;S{C;1Itt)mF@#|s&mbwkE*
z<8pG_42*)odv6m+7bhAql*FFtm~H^qk-YPvW%gl3LNyOhCWI{;{gcXv;J+do&t&Gb
z<}9?XM2gkZC@}4SWJZlJ#jqG_ucL}^8%%OFP$+vMTSa?iMICDm&vzfh(HPk^6LHrb
z&+ops`?VMQx>rXz@9};&Z9CscUj!948lNJIlfkt~iB#-y{I(IFAXKcWE-`}a5Pgmi
zn(IEU=#RAtacMEqk<6KT0p<ximUULbwRxghtT&q+lvt52Rq|@gfEucDCh5zY7lybF
zAyDVh_Po^R#9c7iY`@w3K;v)eRnPXWJ`i@Q?)c_eq_%y)69B3(CsM@Cxb-70XZ-FL
zG74K2SFkIxmE;rz<I*!|xHPOnzCbFq^oQd_GS-Veh{YzG-sf~7G>Nc0k)Ma=&*5z*
zIJ$Ga2Y)www-EWTP0_~iW9Rstunxk&Hh~*TL9)>BU@n84?;24@mT}@tsNcFx=LoQ2
zeynd3so|r2_~f%<KR3|pHPx+8v!46_vi((z&OvTqe)!Z>9I|xSFc1O_ULe(U<`Rjq
zcT*!LrL@<|g*30=IHp%<w4G&s&YdZD{3IHQ2^o21s}=#qMSgGuo%*C+wV9SxHMh<}
z84dE=&4hwhJJ`jLZrck+a|GK}!IuHm{PKBr6cnt?&frM(ICKY6R$At}r`wRr53rO9
zj`r}R3{xCms1gWW-o7;*%G#c;p)IctX&Ag^8*33s2d3qgI+MK;NUh$mCZ}ZoB!Ty|
zKisC;W-66a6{^bYI6V|`6ZDUCpfsQJeNxj!m4e*SgxMk1s&oHN9fiCxXB{PT42^~?
za(p&7UleB9-v9`x#R0>I4dT^ZI3ikW)Ri>U?K3-A!(E?p(}Z{gHI&&G2(y?W{Hc^&
z=m+#|M;EBr>#imhYviJe@Ae2t$-i&CS#mvYU2Cs^6IgsFpQaZ!<>27RZ!I~rFt1T_
z6KG|&CSxX{{5CDb&dWg>o;^;?FRoj*L%yF9H&&2#%lZb!Nb5!|ho#X!YGUdOi2y52
zRHUD14s<@POx)GGe*U#ZRS~w2_7Uf^F<=q2H6k~vyhdhXP=n*jzyt3u_9u9HE4m~3
z@sk}{OQF$BWaxgMNBzE+6m8^=Mf2;X!Sf&Ygh;!_HT(f||FySdD*>X+-{`tYcm?I$
zHR&k?<=7`}yC5|3CAg-`m|{%)rWq!l>TFH)sQ&?|t5Zpa2!W;+9&ww*bYSqpE~)TS
z-}v*DSbSzK1;Cl4_ghnria6gxZnaNbIh3hXdLumSt-C8ZF3oR2pCrdSC`9n1@+(TI
z<&`zklxd<_1sa2AP6xda-z_b#_hmnxHx<LFF9t(?vD11yq?iNu8=ig){w0a*>$Y&0
zp1o8INa+amOFnFJcBJY+Wv1I(PZv@*gby-R-0{^NXQ$_$@2w{)d@#El(1pS!J6~IF
zAG0<n_7gOJ)csn%BR3Yg7kpymH*`s0*X^2%j~udUt)FRIozN;9;<Tu`#}O)TGcy0>
z&9w$1@+9%tQGMrM+%3Nxu)w}MpFDw#N+(AXhVqxP($vf?i&;9o^+fc9Ir;D%=}ABO
z9>Wx5%qu2>2YTCzl4?CqaMKQdEK82&{g}MKJuUQQH(OPR+m!E_<Q(-NS}K2gp6y~K
zfNedOyc6)I@h{HlT{3#rb8<}QCW(RJ<k-Epw=3Sym%3P0Bn_S&Z<%#oX~dp1dd!|b
zF;4w(b9rgSwzK}V>6{=rtPUD8j0=Nagy7fg5Dy>@Zd^L%m+iycFnd0@HCf(Wpx#n0
zWgCuAN`T1My7!3escuP^ZVzS02Vt)HIqS{>`B&t=;2a!ps$*!!FG>v`FcQ{aCGqNc
z;wjUi5<BeBj&df7^*Qs{<s!tZ-t<iW?BGiM4#bj{R-<e|mP86s0I0X|`}#_bcp9@G
zc44(*ao~KlP0K0{;9UEL_aQket>4z5#Tx+<dvZNyG(8b6EfZ~rQf7|~{!bs{sKynk
zxF0s1EJUh4@i&)Y1Gm}?*eevVtbgd1QSvKFO&?e8XdUzB*7z^RLMgxKr-`M=APzhG
zzpQAa+u@FRBwcZ-M#)b6dI<PCPN#C$CMnF4^99D`)!D<%0`&{*uuK(iLK<O>h2GlW
zMiDa(Yz(+(lu@A}>d##h5ZVHS$lV!C7Q9lyQ?(uiVE-mn-9~t|ZeRkocoUOx+X53w
zp``^EP;uA+!alrk@b-Av`(+d*H%wRWj&>u^$wz>9-GFd1p3h!Wx~iWp<izjpz~M|4
z#i3!nc@?e3oU4EnmG*UkNx^~;6=<y6I?D-n)G-cD%MH3|aIYPeCmb;uaCf<s1YWUQ
z6V0@MmR`#_Q?c8*aAZlp;0A<s!IlGtVBA#WuyI5`fJ#Q4na?x#TcotWV(fajv)Js!
ztL<^&VTRr|Ndr5;1jZ=Zpy09bu(XBbt0ZXP_nF(qj^-i8n9Kd9MT?e^uvSTNvBaQ?
zLURLu5<jKM*uMA-<mm_1?^L&=-dMy_wOh26Nwy^8pX23iK~#2;hFU-+Tx=fKNt_ro
zQj#_7K7_?S6_Of08b&ePl6cM)r}cfWd$^7Gd)Vx>nc#&K%Y)$CADt9gXSa#DuFWdV
z`bWkR=TiK!;u8D}QrV<6>Aj1FjmCjH^_(HJW|b*}Yi+JgQfGx6mcQFBYTikkZg5S=
zh<#CYphum<Cy(MDU55a`Lu)*mowi40a&_{PlNH%r%YZ!mbUB@j6P^fRbvOi3@h9Np
zu+~pg87q)BS<PmSIzQ_a<A||Q<^}NEq)NEv+_>VITC7D)PpAL_9RV8*fZ$*lfVOQ2
z!0U$?wg{ubK^6)0%n7?0xGE^wgT>^q8KwIm{p+rzix#?G7MQTre%Hi+_<fUQ#YQO`
z?=YOdq;B%0s9t&8y7TD*Fsw>~ElB_hv7iqYR6K|i)edXg(l4lVuPJUZ4=Mm$w;>E?
z>!G>`0DlloHN%cWxwcy|SP1(RJ|u#f2QNW~d&>!#xid#mDnj+u5s$-gzz6EN7p`~3
zjBP?<kv1$ubwKvV>u<fiE|H%tZZFSCNGox_uD^Q+2<y8j3ctXcIUiAU$8A!G3=V1a
zm9QarL!wXaTuumh>4i&VvVGSfw*6+>1cy%ohNgyf>(Bzh5DA%7sMX~+_(uzaul-r1
z5cjfIb`}HU8#{i7X*o_M&cpPFS{C-ujUu;8|D2#B)G8)cUObMw20!xlrb&ku)|3*|
zmB_*2#^KPqlm*hp+A!KmYN45qug`1Ki)c|7XHuz_3J_i17u3oY`*JCAi(M{ZE-f|J
z)!G;uNVk(^%!tE6q4cuv9`P`}?QNU{RZ2%kS0Yz3@hJ9gj_3T67eSCgoq3ly&F~bR
zFU(}&?XaM)1wwLFZK+wCj{gn&N(l#BO76^oQDI6l-AOCPAfzq8$&z6<@|u{5iK~zS
z*zEPU8c<cWsM5MdhCvo<dc{({x_fr|7j+KToi|i2AUQH7^#lzAeSN*^a*~o36H0tc
zROrft43);7=MMQZ3qB*wt??s~u)ZuCWross>{7Zl95GK9d5v$}7o4~sueRSWwooV&
z1_U2{460k2hqAIpszXrx-CTq#Gu+rpp2k{e;>s{olH1jj?a)KVV_rsV;|N4NC+hKj
z)tdN*;5sOst;7urEhaPzuo5n*auC@k%W~b!H1Jedexgu~-opHDAbi&UDDWt%d|5e?
z#PRQ4qMt*D7O^=OOU_Gdf$~ROMk@6+^agUaG!1#L*y?#H^GuKx220mYW%g4?T&fcU
z#+=FtEl?nd1M+M=L~#TU<erX=y&|BMU`Hg23vK}yXEGMCJh*$Up5M!nP@KtgMi77>
zQxzA!qk()a4`5xhlxu2&8TR&{Z2755$^=<R6u4unnj~H2T2fmmTeF)QYQGAB<g_?j
zBIMPSAxh8N_ulAv&VFm7a_smtfJ(fse10$**ctUW;0vXUhQiD~-?i7nk7QE6CdAc0
zyC5QW_;vlc;qceYy+7G8>OOp1dL`pC0b!rUf`fTX70i)J*pP-6PPm&jKj5q|-SW`8
zPI1{XR{!3Pz)avkwDlihI8FjPx304DQ%6H!QTE+o*E(d4Z5i0i<-pT`G|#g$FtjmA
z60CRN3+PLE*>H!f5c7I-@T`-PHQv`ghC0&b&7OCOO|ju&>z*aCkdX4qsFZxzfO~EK
zMd`dDcaq7C_*G~B-IK{i>F8)U6Ql@@e{5VM$(CKGzD;l#>L4UUP*Fb;ou^N>8iZ_<
zk#QD(0fa?0EB!1rBLKr&s)=uZ%Q5f}7qEub^^NkH*JV;|7+N-gQH#MMfMgaj(FxNE
zJQ{g%CU82l+%AN9(w^DYg&7SbWY4agsm#j9Rg-><t8U{fY*sD(9Kfy)CdHHE>8?Nr
z=V3~V;KCE)K-d5*Y8L$Mv*|oM-Jv(00bvNq^EncWaxZzhIyo34qpHorlW0Up0pjx7
ziXOY<wE+_ogqw(IEH}Izk6-KLbBhoW36uTOI;);mrhc=McJ6d;CbM$<q%zT$-qC+j
zH(f~nsnXN<FwP7;iZLFg&H!PxPI2dvS0-(!KoqqyIBGn&oy$4YTk^=)A@13DLW1^R
z5<$@_<t~{M8k8=YqC!F@S~JY9S*(yYZ6S1R9?CCzDy`HIgDGYuO)cdX5KU6LaMhTt
zNg|nEiL$6bGnu@CR%I?NhC%umt9%s~<V!t8yrxQedWKeVp0;|pI;e^jBpfZIhsVCI
zGQCvMzCe{*lU9k6>aOuhkgc_*O<QF;-9c-GOgq6NkAswl`-_c3x=T`(WBWpO8TWj2
zwsSKrfk2BEm_xW+Wo$w&(}a+{loJdwUeHo6Yt<HT)K^=wA9b9_FtA@zX|WUFULdR@
z&t*?qFZ)#H2+1I)AkQ6V5giqsBGY%S{?wkXtIKWgp3lLK3J>>19*?y(J0>exj{=f!
zuiaiCY|ld#p&&fYLaL(1-^LVInlAiVU6YK)L9X5;sWL6OOgOEBB9bzfDbmr7kla3@
zOk2r)L^n^ZYR0}QvjK$f2w4Q-s8Hv}r!T6cRbsJ`s;R5nV#PCcs<>3x>1XR#2-qY?
z@=%Udc8-dgI%{#esaLDm>s6M&Qb{u7P-oTFu3l(&FW1eiBrqLU&TEfSenm~=$gGl;
zrrZh@<sq%^WRE9TYA=bg9m`5Hm~r3aHc3j#Z1-T^FsNVoR6RgHZ?%X_IlO;PJ?L}4
z-NYx6W8_z^_~e0KXV1U@YM$n*;dk;Dmm2p}=9Eyds~2rC-)<o9(f>i+ePa;9@#Y3>
ztYNLo|I*`l>(Hboq35|`s;2+$ev!F?U(gSK7CwAO0sU81Zp5BB4bKm_z%f`ND?d9=
z2*2{-&@K;tA(e85_RZhy2J+d`4D=DFR>mQO%2?_F$y-|1_1MzV0NRhn<RP$Jd<!>(
z<Fkf)y;=MbD@H$u*pWLLne%jHGWDQnqLy3RBGlh9;P1;pUV_U#t746(9oIRJuevSH
z<^Ipp6`<$5q(~S9rW~vyeb?V0+(36J;+!tOBaj*E!<i*S#pZU%7zvV{>kXR3(3&%%
zLI&!N+Nlm+3}&3;hd(>}xKib8Gq4-%i^nIiQ~kp$nzU|5$FcsYk1B{$kUB;ul;^7U
zSyB*esf5SRNsPC(L>94dNLDUCP2jNN`@D9_8HCEXy%e?}hUgP&oN%<8{R>+0n7pA?
zcph%x<-0M5#SjF4<>$yX_iAvG;XX89_E|NK2Z1E^!pDyr5RVsxu~WesQby-*5W7Db
zJ^=i7tYvg?wP;FOn*ip=7z;-F^hR0DuLXa^xb-YV8T%OvsaQqQmJX>2D~?c!nfEu$
z=*RLZnu+?<zY0DM)`7PSm8GB6rO>}jlO@Fw`|S9gUQ$P8gk-}q=liWdq_gvRV{3z4
z1PnTI;YLLas%vGB5$fyBMwrbq;Vvf0IVNt?=9X+G!=1dmr-p7*17xH-eP2a-pG5k2
zExo0C_<;X*Qn<Id^6O^u@R-p6{{ZFOyR3xA-W_hi3m8slE~d=8=cGYmnaGlX-L~~Z
zDg5=YpN*es$`8(wA4TOA=es>0zB#Sju3E?@d7Jl31nH;f)^2VEhH}EGLZkt3xBwjh
zOTxVDCjl~%j&`cqId_nv0G=kVApS|P+=~)l#+Y|_(S6ZQdg>%|!nZwHZK}r*qS*U(
zn#I&|GvTPW#4c8=L-)1vxkHAF5qLh(tf`E*JHO(m;VfcDVK}SA;m{&TYGk5Tq(%Qo
zvMu8b@&!Lu7dfzM)J(L)L^1Q@)fa!F!0qe3eoB*EDO(tj`c)IosbzlUgeXAlb>Ug<
z)vO|sw=e)BCQT|@sY*xxhd<Tl0#P!ZCRX=c47#9;x59S?UU;phMH{Cs2|D2XnaPQw
z+EVK~5~UT$%sIXN4kIy9CxdvMh^A3)Pr+8@x8f|;Q&OCefDBR9bh@XouI@6dZLL%M
zevPtvw6pr9$P*|0&?I_3;kw~pR6gH{6abiZ7UzPxLjbS!o~gOkXhl7OBi?=@V*jHT
z;&?Kxzfftxb6jRj@?w=Rx`0L<{5^*R+sN^|AfCcEee12+&l5w0JPtAQtJrTeOT3C6
zV>-?)uPtD~-Pkf0dd~zDjd@z03udioAi{$uvFnv!sm5{uyzyQ1u%oWJK$&R+xo3x}
zTDGHd0iM!GSWh07W9<MQX~%M8dSMi<CM~B0(Lw0o7!Jj%xirAYOiB1<@Y@xcRr9{R
zBNA~Y|9QNZ6{|5OdGb6m@>bTwjw^3v0Yt9fA?N4S=$k*plT$JSKbWlCz+3`IC^ztD
z7sbwy(Sm$Y3H{RORJU~JvzR&Zgv^SFo@Hm!*JL7A;*v)%sP$v=W~BSSrIa$DQ~6%a
zkR(_h);k&~ppGS9<I79+TQ16HW@=js>DrIG2&K&T+mEkQ`>ZhpmazPjLu}{WgPC7W
zlw!lNh<X|P_#I+I=&-p$HG`PCf|r`!e2y!rNn^QWm}QvLFFkfDJS+^&SNsH*>6I&T
z5_1U8@3qnzB;H0gd0s~HzaTv?DJI;WX|2KbzWUndzvFkXhW*mDT;-Nets2&pk53ud
zQQ{B~Ktt9isc>D~FB5EE>Q|<_&}xNobo01ByDxNRa>sFjPOluq6#0DIyOFxD%yqb1
zj6^lmT&Vf(qzsGyF=ybkGEm+DpY8^LHDQMa<LokCt4A`@dEqFo`O~5PNePohd=HHj
zI>Vl_&5xXBIHLs7^NADwyc<~i?ML~o=Ey+Wqz*|_xkOt_YJ-GNlH7!f5=e~~A>UeQ
zmR9LjC!>9=dY1LY<7R1T3ZDLD5pQ;C(y`<QEiHmZteBuQ=VMPW;-qZg+pV=yQPBkt
z`m3+vn)RHI7Mg3<x)C%OL!itfJ~vL9K6Z@)z)ap=Lr1rmOcnPufv<@YY+v>ZE5ZBz
z7UE_#aFde@h5oNTypYsq&lpXA^vfRUuoDNUtgMM*J3kLd2s}^-CvUAM20XKTJwPu9
zQ&jYx{Mb?Wg-J11O$cyJym!$EBgfLsmj-kRJ`Sw3jgN<euUD8Rnz|ox+dM<SP2ZCO
zbV=x%LT>yBIP&0(>W;-`t)U9mekruAv!985HiL4fdkYHQ(tTB>Rx)K^Ak*pCNwR>M
z8CsYzxRje8S>i1O5fSC?1Sk%Bqy(7sp6CW^5A&HyM_?g2&z2?1SF4JPv)_n}5mEGw
z5+D?VhUC!pV~Q(f>vgbp46Een-qD-o^T?R#2NY(1=fa&{*iv!mYRB3sIy7Ej^w;QI
zK*lDo;l3WUp%UXO)|%u!Db{A!wjc~H{lH+JlOk^(biq2Yo99XZOH#fFMm<2eu=m<9
z;oDK%(BtJBx_rnHtWl$uUegWTn#oVaD7vRa0w`*9w!#3wrvEuL^Hkh0X7qMvkj`oc
zXiQ|uu>%D-t}0(!h2H#}x+4kOs=&dS1K<;Gyw~o_8EN-4-pUFQh80`*u8H$V(4^FB
zZGDw$UY9`yytuTy`u;tknRcsoxL}gLK_B5yYa!o1XjA@<g^1Kx6<-#<lFns%E@5*X
z%wu8Ggq=;W&bRHQiZ*hg3Z0C6FJe~Md1vWF!ZGyDeRxyy*Yj?MS0U)P)dP&&k%CoS
zpRAnQeSDh-NK<=lDlB&C!vQH-Kx#^2jNPtCuvIP7Ds!xr3r*-z@KO24zK>r}S*3A7
zO_$%Prl+R?)ahusXt^K&0LvQiFQ9=@mHz-31y`dE2UABy#n>=usDVtZQAEIW06-0d
zl@Cx;bNnAlfZBgO)BtK|Rq%hyfB2z6;DA4X1_n5){ppC7i>d+B)iuaV000mGn3o4f
zAyB=6@ITby5V$%Rg{R;IfKa^A*c`I|Y^?#PZA}dm7_~<U0IP%5+id==0Dy2H{0}D-
zfd171RYl9yM~Om7z_Q6j1EX605CPLc6r6wXz;HJEs3=qcg{F>iv_=(B;0Qp|K=n7V
z{<nr=@gK8rCI|Q*3?@5@1dYu;-4Rs*{c8pq_>bNI$3J%dTl%y657f}~Oa73dKBx@}
z)YQRfV3cGqFtY^oM^9i(J`fK0uN#&l%DDhXM@KX;mNgnA{f{@&Q8bwBE+zjtj2f<n
zQV<0o0G0#$9~=;lavlo%M*|d~fdL>O9Pobu4H6DU718ogSOAti{7*lWcmCx70K!ot
z{YNX1<9~w@{%1)3ApWp&1W?0KI}!l!&km($6dcR?-;U}UYWi@Llsq^Z7#I!)pn<8=
z0sjL)II6#TE}Di*i5i;5zi1RoApFlT|1Y3{)qwE-t)e9U=R5!~9E{Qz_5BwC0>V)>
zNQ^xk0EGY13^f-}I{eWO^~G|uMiu_Q05x5Ka5V707X7OM5dI(Mf0@#_fd4fb@NfH{
z1{_rJKS22hB}5;N#`OPKh6es)0ssYSC_h>Q;eVzWYDhsK>OX3sfdT)4+8@nOe*4cD
zV73VpYqmNh-NZh#k{#9Z@8m|Y{$mLM4UF2LP-sl3F-OzThySt2KAaWx8y4jalxe^y
zI7(``2FiYGEE_Od6>2Jg^fOBUXiSi-tUndhC;`L&9I>bue^H(Rp}3)rMO3FhO8pO@
z1`CBFFF^wX;b=@?0E!$nDN$uG2u19O$&QISwEq792;@?cmvY@v@$cEgDmUbV-^IzI
z*8uYAVaFn@XR5v-c)P@l?Rb_3-s0vZwi!oc<|Jnf*xHeE`aFP)G@#7g8-=e*ut)+(
z+~)eF0dx%h?!&QI`yW?)y~RDJhHK%Om#-?|>gXOM3@P)23Qs9RyBp6+j6A<}|9Zgh
z<%_=8$-PDA`pig&k$Q(k!T{g}Y+C^=QtVDkb_ofJV4aV=YPenRv^EQhC^k(L8)Jmb
z`KS(EkGTv+>rTVJSK6$KJTal+$dxPaxl8zy*|+ywfx3opOExh_LX^<kdB%bYEv#39
z#l2;VV2Ih4M|P(7N-QxmhW!C}cVwm?lotn3w>?6uyW&Bcvv`;|KX(fon2~~$r4n+W
zCM`YpS!x@b)9-1^Ee!;GB+@>^P?og=YB8BXrs1R8wjcL<n+Kz#nm3;+P8hjYpoY<-
zb3BGR7#EJAve3(W3Z-v(@U2UrQwRFje9Haakl*`R^bxm4^~B%(JkHvWhlIM&gL($3
zg#aaN@oN6oB`rP+&QQa+*nGPANU;-!IissSq>|Le&t#Wt+W<bV%=NA<p5R~w91v(v
zUZem@gonwf@V-^PLy}bG7vBb!i<tw>@k7u}wx3_l%k`Vmu$I?YZ}qm<UG--A={OT{
zmF;qMJ?EfJ)&sr5Vwl$BB#XYxp#u$f##4hpkuG<cl;kA*rS2-;Zr^i2;P&H==OZDp
zs-cO&nO6WA7M;cE`G8;C{SkNNkQU<m(ROqqr4Tz)fK)5S$m;8<=`yt#b~NJ8*KTM(
zEWiHp1pz+jr;7iO?=hBZ-IY(o-x6Go%GEx;nit!Tj9U!k@ou2n*$K@#@psUTjp8a0
z74F-dr3IeJZ164ERl#!Q`?O6#;X!rm(cz~QYu~3NH)?Xdhe<sct|c<&#vYdX+vfL*
z!e3sHy<*oC_dN-TpQ8z)cnApmcp6T4C*wcX;wtq?sx}eldHsu$xX`fcTh5oy-1KaP
z05I&&df)D4;=Rz>cAsKX78eMxu`@o{8IQe=%KyTPM0{>^kbiDpcMFZ}J<m?Zh0fj)
zRi*MQW+wbbjILfJl1&OlCHu51NXzj6ItVIH%3<#I+Xx6DeK-=^38C_&)cG=@n(29K
zOQJ7+vs{MEsN`^Il=Vr7kms@4;pEmym8BZ*kX6*00I@yMFVQ#H@(oOg(yGe|p_Kl<
z7^^{tLs&b54CR|u(U4e$>XMe-;-ZkB%T|5cHAVaEZz3#gu_qsAV^B{aoC&LK%PkYh
zwyG@in9S2YD|4;_d2JRbOg_5rU9pS<(J30b-*NdmQ|IynI(1_t(P_7bR1^r`iV85f
zaFmZQ63P)G3lR(h-*-a&J_g?*Q|=)eAMVmP{{hAuse_unD%Cw!Xnc4?AyCC9jVz84
zr8-}wI@CL5rzo63yb)3@D@ZNNUo9&jjq~qMpr+rb{;f)NsGE@XctceATN>vtwJZ;2
zD2m4(GxVRRcta(P550eyjZh!^c%zDV!!N8>D8493EzHmpX6V_!+YOY!bXKc>1msQF
zUYTh0EMlNpc3Q#Z40N&oxnxEo0PyW^eYP<PlLnv<pvm>kKdpH#nGNg`2Y35)Zi=vM
zX7}C=>CGEP1E5l}jKU>o2AG(7P<aigQYD(ayh0{=Eu4Zm3k<@OKgp|9NSY@EU;=n3
zY3uP$O4utk9CH`lJ2R9aqBC3j-!b=vxC>07Ii|kOvmNG}i@v2XV|m92v%p3#ZCG3N
zdQPAJW;2YmQZFGs1FsU8C}b+gYJ}KuRzs5?0_dVn!UdumiOeRNqEiH-NSm1sn}noA
zO{M~mmRhA+RynNUB>0zyEnif88dgD%g6*QGGdUgjqR3sSn|A6(=b~qqqG0Z(yB(nt
zlqaQ+E50mHLt3Wqs~rCK-uWH?rc|jj#^F<_v8IIIaN$%z^V^f*sX`dAi<|CTI|tKq
z9V2flvT)hkM+Wa_(_2)ai%PM)*{M`Q^4i;e9FY<_ze}{+-eJUS$@zC|%<j4vL>JDy
z?wN~#@3yPJ*=3WQvzg6lc(1m0q+c-2W~l8U^`<Y)X3(l-Zy(Jx(t&N-fg|E!*;yCO
zqh#puW}q6wba4Gr>rOaFY0GjN%E~a(Y7yOK+Q%>}$x4BoDBHcqf~UTFya7B0@AjYl
zpcx4K{E(X&<7g1tVb(T}mGo*fbY2(O(8f*=2qnDm!weTL6jUg7voYmqZD=ubT<>&E
z@77VnHk~;;U&2xh=$r@-B#&xnCsE>z3AVQzo`(Q)@&<_b8B`ev^B2zKTx!eG$wdr;
zf7sCLglnE7T#qp#(~XIe3DHCIZ-9JNquc*pA?Yv6A}Y|MWn<*!y*zc9Ar!2<&8X|^
ze~tgIYbe7}yiun*z<nm!Lmw6F3+sLAWTm_=fCd1dv5seDE<q8au^Ghk$5ms1QFjDE
zl}f@ckSKsH0KlPP%Y<8-uSg;+JnwP<%vWOuB~-z&;D8rl|KuF$sOx9m)h2wXt>rvT
zhmxIW;0YS&st#3Z{M88N{0A?SJmCG!m`Q<0*S^P$ZKr^#XtSXxcYbmM#hc|B<96GH
z&O}o@k#fU{2DarycjpyhH|K_AQsZUJgiQ+b4kONT=jw?~l};7|sGaL4;}veGvhyY_
zR4`eugCgNzrg|aKgJxs=z5fd558aiDBsW)qzv-7uH)%b});h<{>};3xOcSab5+SBM
zDh+b36Dy+A)um-_w3f6Uw9wDX6dou&8dN$(I+8mV8Y&jby3FI3Y?mpL4U>~I)U*8%
zK1Mu1j}|kj2HztXUG>D;Ml#!4he_rmRN2HYu72f~&_QdY1(l>I*}#LciJ+%<D+dbI
zLgz~A<K^#uhBXD}Nf51GNf1e><(xnTYb>i?8KX5VTM@0-hte8vl$)7R*w@jNbS{*;
zCL4;jG^mK^c_@>rh*rP%-+aSDxu9;^QoGimYzU}sZ?j*@URywsaa&tt3g)hR<3*Dn
zj`Q0l>(v`BnK_rs>p>}OH+Yn*Yq==w49oQzY`JJDR62#tRCtu_ToYP!ch8TYEe39;
z<FvLgH%|(R7T1ZjI$O>bT0Q4wm3r(AysD3MAS&o4JNAv$;{0DmrswPR|7df?`dMn9
zJumh&*$RF2)`BS@x!7`DS9F&kX+$*+K<qk4_i<bH9=sHK6jc5krv+l*qlU32;SRj|
z3A6zxb$w2pmj{B>zhkr}2AYmLn=^Pt&=t3yTk;^j9`3g5(8Z}>8qxYrLKqaND8)?d
zpbc_jZ6-63+K|M4;sDS4VE)5mc5kGr)YeZ2uYTwsF!(d473X4C-#zrNP&O&<UiegU
ztVE*khv6h&g{l%%kLxwC`iK#xt3$doPc0C^qWAd7ey%JG+rI3G3G7`=y*namLse2y
zS?YFr)AteFwTr+Mz!xm;(sTcD^E0fxMGF7N<9HSvzjU`n-rJCC$*X}tzexA@Ej%v8
zILD7k!?d`GhSgz-15F2Ew9j~^u^EjlZk38il>Knw_zLg!yOj?GyDPUnI?Y_fa4Icu
zBQM1?m}E;QQ{f)(%#2N<drSMXL8_X4nU9rp4fv7y{3|2uKFTyroQ7Q0zLo?eIGRHo
znNPfDFJ5ZgtHn><8ChPBy++(+xD>iY55EKeUaM!z*X<7>^CPD&c<O|<R)TYciZAE<
zzTG|)ydo?Em(?b?Nb1OVUm^rZS&wGA0NATxQnl6Bq@SxpbR<5viI}}RLRW`q-~tOX
zo|(3)L-L1|$8q0`b-tE1vm(Xfvr0+ncHAkq;S^M(+}1}Fj0W8$>z-Y+RGDAytzUz>
z$T0+aYB$Tm%KmOx;wqne!|Zay@w4x?39}2~Q`46I!@DIr{P|eAPKU&1OSm2u+<ITk
z5&{6Xton<24XD@!F9oB1%3h+o6y(9$L}|&;41R%G=PO*ZdA|D%;bF%?8YT9eTaTY>
zs^SGTlUT(Xt5lx`cG&9j6$UbV2(Shcm9I|$4D3eSCO91<C5}t-2HN!P5jhr8$Nsvd
z0#c0+h*8v{4D+X=>z4<LjlFJ^6b;ArKS?-|7FB(G*rfCb%#5b63!iTUry|{4BVylu
z!+|97K$1ZG79kNVoDs2us{Cg<T(3{RN?GL}2NL70Tk`=$4&GP0!sENJqqluG=f#%G
zOUPed!oLL`nGElsC55|rzHGq(lIWCP`sib2j;O4kL}EFS%ltq`riZB+d?r7~UDH{_
zJc7GuMX1k~YbL`*nf61b=La44+^`-kaT~66M#Z0=ho_|3Agh0VsA=l^j`&RZq_FT_
z+p!{DompS~M^V#hJ)^Fuo9RM`I=D4uy_+BOk=y;kuUzDup=Qmwr4I_V%&x8D>V3Cp
z&Pq#$`{UJ1pl@(IbtyN1z&~cl;M@@hhu&yYmN5WbuCShZ<zl$}0?XSo<D%vGp+%=_
z@URoIC8&b$(36+fs6%SqRz&AdCep4eP&?Vo0Px{DQhu3x(KQ;XNkSBY#wR3GY%OuJ
zxm6|WDeES^L+BW|YFX5rfLEQ6@V-4ug+$s(HN^KeHsWQ2#FO%i7$D2<i>{q^z^R3V
zfVU$2@dZIfdl>mH>nrp@h2J(Imci-(tE3OY)GHe6k!x52(gC9@SA~9%Tmm>Y9e^z<
zjhuGxvMW088E-y6XLYUoEk|47nTWbDtfxpuDjPX7jZXt)ok`<)3yXSxCd<v|<ksPy
zZ>D8mzlq4m|M8i(^LG*Wo?`bcQwA}*&Z}~aw-W9%tbhri?hLuGnG|)&wtuwel^^OI
zzk^28bi3z1<gju^Neh;?-osA~>k*_N-H50*>S+R11waNCVWNXQCe`qJnm&=3!`kXs
zq8GX=6U+LowXHqEvsLbWGC<td$C49%Gea*629#;UgaLpG1s;43v|Mk+bg_&?A%|0(
zYsz=duLK{Yr1)Rb@t+*R!e5$5#7fUc#FtF#*{`*%CCF_uAQ4{C#>xpQ_dWadNTLnh
zW#Yi|euK4{-HQRSp?xM!?s_}CL`d9F=lIDyk^P{owq&72^@8<}xMs<H3nH5M3hu97
zKEcAD49wk3zl;c(dgtpZEf1fo896XzP<9j0MJLu)0M*fL08YKVDvr*iBp|g`Qu}wG
z^*J;%r>C)Qvz;fsR66?kZ3P4<oD&F2(xC<_%*-hqZ1*iw9yx3kO0iP48p-gEBTKL7
zEw1rH6-?k>o4|p?BBlV1dk?vV)1aedI1K-2@DUl~pLFb@D;(L7XFhFgkMV!VdJC91
z!mfXmMHhF6#ogU0ZiSZOy0~kBWq}1=+^x75cXuyZZ1LhOQrs4YwzThe`TjS#_a^r|
zc`{Ej$s{v#GIGvOC^7SbY$}zV+do{BHS$Gt)XYqPRp>uYIlAG~im;l*%N~nuf0Kaf
z_?n%f`A`j0YNP(BrlPPrA1F%>tnJS0j-u<9NIEn8bkgY~9*BoV;&R9RnZWW=j8Z`=
zwMFD6X$G+8!kcat<$Kyv@kK@EMQE8IVvo}qQ%YSGV?D6YaTO4-BN4-HMJhg})0ytv
zv5TbLaT~l^b9^FIMJM7B+?{jYs^hHKb=`8o%HLVL((}TR_H=AVPb3Qnh|T5T)jD}n
z4X;obx{RXaA;2zkf)_?IRf$zPSbs{;&}<GAEckGilj5oG#AzMfalwnX$F4%tGH)%q
zn_^RwLtCf|fs-24oYOXtYit9PFwn#iThfKvhD_nTH<0{ZSRxf&eRw-wL|BXX6f&>;
zec#1(9f59D3W&<W!{02ipQ{#OnqxcPEI7vHNWtxvi$|oAn~tetS+(Iv!|rI5hajyj
z-DlsE>lt$}<oYJiwewa(g~P)@g1N)8ZXzbXW3w0t!U4?sQ@W7AJNS1a5*bI4WJ=ul
z4Z^{-z2GA?64i|UxeI14z?WQCiiQPIv?z2zW)z)GOG;CBTzx2DxKEWHv=3EAB+XAB
zs(&v^(+2q}v?*1dP~o`cd@fQhQq#T0#{VL|KOMn?nxYdYRag@AnUP2x(`>`B#^m!1
zk5t$Xe5%}1&3Mc(r{lvGS3=2_yE~gfnKj5<-(^w%saTh`$S*@xtCRoxYw~{_3=ID#
z+Q9I?Sq6rqb=?2MW?=ZX`eI1_pSK<VRjT9uZ{lnF!^_LNYUJ<g$3xHm{D+46-1b{`
zVpl7nsR_m%;8%T-FBvJ{e7fanLW=e=q~S^`CEY+0)3IS-#Ijjs5iAoT^}-*hj{m38
zBV`J>uXEu5Ifm#PCGKbA25$C&63YncO;%ruk-Nk}FE;*OkY=Y+oQX(%U+tOi{cUu+
z`tQ$QMnX`;lBE_iUecdhl#6i-LJaF^0)teuIvOmG&3VtvoIG}Ks<<OTGHx!oPzYDg
zpU*>`B%8+l2|Yps(({^XXZ{;yYNow1Mk*v%O%-<?bEX0Hb1r^sy<Kdx^(s<s)aTJh
zwl~&0%fH;O8wz?M^pZ#qM-M9Grfuz5(5qkV`uvU0Zv%ffBYQdXz+CEl5bjd&93r6I
zP#Emih`i3I)9txJg3YzAq#PXdH@y+k77d23%y0Q~S(mZH)2B1mm-1pq90lB;bD3%A
z+rFIN-7UbCsh$}*r!~0_0Dp1wM2@t2|MrKc#1wDM%m;E`8k;dqj&aBY-SqThLA&eQ
zp_nDGpkI(8XVQ2HFC$Vf<Ax|AEa8O&X)93lO$Vb>FQ(!|bTt-rhzT!!N!iEfpc*~#
zCl16HY?aSuiKd1e7JYCiQWR6Ac*sUar;=edLQy^RQhfCRX9L=D4Y}}Z^_8ro5`6V!
zipH8g(NUd)hc(TXDOH*y3Pn0TH!N;9UR>_Xc`AP4jm;*wuGDP8<lfGTDo>VcG|vzk
zH<;KKZ8b6nyL{Q{diG4HYx3xpybbv%QQH3@Yb?F#*vv=s%dr6apJu54)A6Z%5VC>K
zW#*{v62hIuf!`1m#qHKB&6n+S-q1$Yfno2LwYk`q$eLi(iT9;uTkwc6D|7{RmT||<
z-`8g!I~C{T@99v&yI5YNojiPYXoyvc<1yvC!rd}=q4g=0X$V=mEHn7cmWf*`*P#t(
z+KF~nmZzX{E3N*}38S21_Spiml2~8Zq2F2LJP?0AtKfWAp0M--D#O$Esl8-X4&Hyd
zQM#gG(G?)ngxDMCKK9256{jM8S^no5E4n|*1TXrj@VwU8*gM;W7r1lv8IVdh9GwVY
z<0a3?0H~y4JKqy27{16cd-ZxMR33p>40E*Hx&vN<+OkBYNj==m-4p7_G?&KwPbi_%
zTkRiW&7M3bZ3?qiyL8Aid2olOQ_(gBWS|<|3{K`dfv!z%)w87Q{nB2`|LhERL9315
z%>BgSzgfy*IrcfO4qgH2JSghfoBCrKw3Hq5v;)xHkF${zrndK!xEhzGX-Y;e#*j%I
zN&nZT_K*)hPs1}`dE?v<*mw3Cp-C(L@-cfEkGn%phLJ<Mhd~7_;%s>=1>61o?L|+y
zU5P|Tn;GvpkqO-%i_(I;*hQv#9_O^St3IhUpp>FPIhhU>BL`!!e(y>&(sOznw*5Vk
z{a3PUKiUf)QtS(pPd_w9)7#3^Cq25e#&O@&5E0sJrR;<e#~-J7Ph1i=#ICV0EKJ-8
z{Sk6TZK=T8W`Fn~Oz2JHsd&NSp+&D#tv33sztRA(2j(J5rF+Kc5&D$6`&iPr%w+2E
zIQo@-5lajz%Zj?6h3eTa{gcHhx{Ckk$*~^!R*Y;`*sS7|6LB`pN(+W-$}l0Z^q%%)
zkakI@-Licx$MOg8dy0D0wNzF=nsAO?K~j!5aD>$HX^@bVZt%>{yrxtvBbC1IBvX!A
z_xq!Zic+Z#N3#T}<{DaT0VL!H82pVBz(3YRR<2o$+mTVG_N%;~e5y1V&8fRk=b5PG
z&7i@T>eEC6;btL1iGEc~0zD=tgDl3b3(d|#XkTR+G*><kvxhsSI3Ie#{~*(~Kv*4T
z0;{5&9OAqpXkw;0u_l(~Dl?1vCcG_zh~)v_TquRb@KXv+1$4w^++(cqpy#vJP6Z`X
zjT`;r^MX{#?=SS)?RerK{?YZ`R&|qdlc1(`x~81T8llS*3NqnGuQL1hR37*{2w}C)
z3}`OkPKR0n>@9VOTKW`E^_i6687105d6lW$0X}H<8~d8HL`F|so5kg!Sf=WSQv)fa
zgL*0-PaI<ug{bq=SS$gZr1!!9cLO;#tKSenvA8EushEQrCJXuiLESTtYwNlkL9{BH
ziQF|o9=u1_B|#8P^>!0=4Y7@LJaSWmnk_iOQ9mJtyS?cjAIQyjDo$w-!|?`O_d-2f
zEc`SD;@jy^t$5b!W4#=I0I-!;&KW4=*1O_tScl#su30F>mb*ub0@}hRTCHg6OBK`7
zO_d{jS_`LMV6guGC;FmlN{|C%(RLNrLj|lMaq?S@9o(yq&sw#RRdd9$dfwdQTmSL+
zD*<YNMQ)sR^4Jf-B^rf`tblumr$`4&<xY>xubMLddqBvZ<&9ioAHMQ6-_(Z1e?y8d
z;-1dw1yesTn6>pd={#{Ph+Ab0JuzB`Y8aW)Mspi(f|h-9_?<WlIj<-!vz(t8-FTX!
zS3PX&@MPffj3!~;WMJV|8TuHbNB-ZQl88?Q{<TLAyA9hBYo9NQ>I)$?sM7qFu%<t2
z30fs4ZT4?gO~<+to<__2Vn9I2Ay`G3NwD)qT0WCsj_u=mPV4j40AkamWwAt0tdJ9a
zIWk`ljy_LtGq)2uc|>!{VnW0s+>IEN_?TjM6&Ua)SBh_-|8JlUyC0uQM3!HD#%YAl
zCtUpY=<|8r)^89L$$fC1Vk+x=&qGX_1LW`aw+jAa`MNDo0iQeWByIR~YEc36zuHi_
z+_@i@eg(126s>KP=7$%p8y5)p?8%9p7^iv#IiQUxEK+}S783*_Y$}4kT6g(cnO!zQ
zYkcq=UK;8hXe>?iJs^k&lWK!aYQ%N}Ps^I>j9vW|WFu=xF0W!|o&1Jn6T`!>sHxrM
zS;R9DxhrQ067Bm+Cf?0bcR4$l9#@|E(ZQgw#Il=e#Nuq#Y%`VXS!-flfu`S=BuCbJ
zoYdDy8B$(rJ*PsyZ<{+C7;*b*?<9U!)bSyWF;k=N!Q7O$njd~KKjNRhk~Z0q{Os_w
z>sv(eVw}u()N*1~@0w9}NPr|>I9-PLTd<@ln$<nQsH|AU|3P8JU7U{)KWT150d(_%
zygZm0kT+gwi7idV=Cvqt!B|9#Xq{mqzxPV#{bX;Gmp}4nhm;d-^_mMG_q5bZBSg)H
zC+YPF{JY~Ca7Pvl9xtfR-wVONZXEEc$bk9Fd$8{52&=dywJ#gqpX^D@U8M#|Y{K%I
z9bY_i4AuP|<QnSc&HLFuAS=!L^Hw{%(i`i@?ytAu$n8t@UJt}}U0v-g*tg$APR)av
z$F1E*r>ONBUpvi+yu2lUkb*mgI8wJX*hm`Olq>w*5N%K(Z~Llzd&QGieuPww7>Bhj
z4^Xepq-TiSJSI8Y8g%XT+4SX!WaT9y)y>m8RWyNWwOyaeztv#&{!c1#Yu$Hhw?W>$
z8H$*9DizQ6B0x@-&nqTx+Ei29krlI8o-&yeIJluN2xQ8`lT8Tf`40u{&9>Mo1>V5|
z38(`C>g0W0>FZPfcDK*QJ*Jh_oVyXnL$4jqo!HdqRLcKB!;i{WB>8BRQy+9?3J8*X
zY9xx_ygq%|uFz{3`pna_#@$L`TMjw@s9li`D60?L9sF?YN#(`9l6{Azk9y{-Cf!Sm
z&r^rUD+rmpE;yH{+FZqasQ!XXwDB3Yboe(^{5<oEqAWXRf@N{A`{M#+Vz57eN3g}D
zJ_u7z(VqppxfO$V^q^dvBjMXvssxT`vRmM*lYogNZ_|=S-#IzoGEu!i?rw_?$)Pg`
zP6bB5OyyL)M2eX<=c{9Wxzot^9uEZr?H$Mb@;YArHwrW~sC;W_g#$Lubz`hxiOGQ_
z5l?T~(BHTL^q#Bsr(~MqrX@vwLf7X>MJE63281xt250WLe%4&NdGI4ya|%13^e_7<
zF8XnxFb>>Eo6O=9DwrBFKb}wJ&}YyuFdxe&R!}u%)`<VB$7eXNI_xmXPlr7nqKLqQ
zJNS6><dI-?dx1qLIdV1&Jsqq(yIY5n2fq{r<_x@6BzGZiJ|jVX;Ah{!f;P>@6GwHB
z6x{LIn70Os$D!npd_#=QoVGjopFkWoFEnIVa}fHj3wi!sUJa<t!Kdqax5k%v>Eb(|
zG6x5CPQR%qVRF)-Ne{rvnck%iy=i20h)>p01qZ!G_t~Xo|J92qvK5MKJ>zFVW^^K?
z)ayC54j=|w`W11e>n_B`&a0Xm@E><BZZQdM&=_4m{NrUL#Bh9{6z!rJ-_r8Cw3F-V
zO0{bh6R&_(n!KC9{J+jdn$8BTPilW|lEMfXJ8czWHXPCw?1c;QWSz;$^zeI6(&0)S
zT-<0VAM4wui5M7-(K#1$5X!tRWNZ<(*O%1jF<DWRxi7NnRGgXlu6gXNb5`C1giefQ
z9~!N*j!uoM3@5O?GvBj||KQDvmAd=-uDkYE&P1l2)UAzogTY4B^mhrCwC<xVteD$_
zz7_FCh2Krm!X527C}VRru^6^!I2epsr4b^G)}lDx7nE-;{>cdc8?T`}IZ-g()OW4Z
z{8dh8>|-?FwzlB3D3p~PdWCT!)7#t_+6{hB(oo8C0R2Juyr49N9_pwhwt~-JYT^LZ
zRWL<}$)Gl8fFKK3K_EbZPnNWg1&D&u%j96}eGz6#D;I+=rl<nkn&G4P4c(KH)Lil1
zMiW`_UJ%W+`6w}sYUwg<Vj+iHkxn3w2fvz^*n_NZ?r#nY;)>x*75PW6U-pmIjMHDs
z@940!578e+XmBL~P27ubMO3@cu|n$4McAG5!(dColOp{gU2DBs7?czHRF~_iRPTb@
zA-2DaiBYc6%=d<zILd$8owrlbPtn0Qd40dU^nDp63``0$+`q*(Qb)O>l8v!9C?v)k
zxnc4mp9E0=ZogM}5&go<vGY%5S=hWa)($6zxIG+X;$e96*O%av(PND@38IlO2oeFu
zN<xwVm;jvJVn#)8q~-#)EBF+pI;nrJ81o6Bl83FDJ)E!1z$mcU*Y;QN)4HH9Fcn55
zRqNQec>z_b&~{r9W^7&**^IH?e_)RupL6z&9Z>ccC2U{r9$P7sdte>w^xjSM!VL6{
zDIbw)@s=_X(|A&*^zv%q+2*js-!j%Yk$}Xxn$b4kp$jsO2x|GxRK8SK&C|(+Ff#`^
z-^=5-rk%wiv|X~X0yMeX9fB@>_3D4N7A*~SXX&+fIrW8EC=AVQU%I*bun2j&9Lu2A
z8V?!<R@do-*v#yGs7YTlo#&Swyl4-|F<SASSjYd-M{DAi?f9dlWZLuCXtk`yIxfHX
z;yeYl+Pp-nOEsP^I&lneJ0R;vP#2oh;yzOOY~;G)=nqaN^&ed2Fe!zJ)<Z^~n_SC%
zD*3MJKSairE6Y^-p*4_Q7mI~_IwvnpXu%G%2n=wzoxUB5lnNo-{`udf5FuxDIw}B*
zTcCAmajV?`JMsmW{6M+|xiOD%jckn#v-YkI<~ODg31<n=Mcp_8p{LAUvirOBQHu^i
zCTuCzJj@#mxA2b#(kAr@X}34^e&=i2H_e=wmu3W2fuR0(JfIuwpU7M9@FMACry3}L
z#|H0x)c1TuNDy-3y3JC$Eyf8_XhO9A;8O_{!lpl(F}msIdT5wnr!gYhep-iYXT-IR
zMWa$taMV$$D!ecC{C+D0zBBHReur@oTD$z@vZVflIA^Sic9DN+^+)T)6rV)D|LV#_
zjAIIgVpj^3cmFzTS!XAwZF;2MxnQ%JeF7-!=ef3<)bJs@VQZF}TC)+^T{1YyEUIIY
zQLA*Sdv8*R{zveSPVzPjQM147Irg6?$*c*t2#?c4sit360y#<N0XtMJQsrD#eY;I_
z{<O-rwK|^=6p8l+(#5kKmjq4<PBk^c$!R{y+T+p(1)U2mP~W51t|wYqA@_^`$a+Iu
zdzUj;&UNwl?xIpxJqXObpEt$F&oepU2vICMhR?S&F46+y!b$4_G-oZ&Z`EMMC)htG
ze7ys}Zi9oXegg3%&A8U~A7c{k594fRCX5%N#c?VlaBw48Iz%@9vD?A}&j}5_-~W);
zYVw<QjcKBD{wUeNPdy;sg7Ba(`9U*b1kppx)M@Ah>WhRg)n~wcs_{BKt&{jmz@AmA
z1>IFj&+mygPq#nD7xcrRU)R0)Le6EE1;uJ>#R(j*=`bSBMJ(IFzhnUjtTBzT7W|X{
z5)Zu#c^ud;^r;wyV*^{9Qmm~N!l(SS(*kkGC)06g`2Gl@=cO>RtQTD0?ku$IFfiSs
zOf+Pa1eW{V*yil+a5T9Wre6-(r-=bxazPDL{4lqoNb#viXDHgVXYci{0ltp5ZiV49
z-Zr+PgBMMr^j1WQ<;;5+mc#NE@vc#tdQ*enlR5HPRr;vuiV0mb%oG-wezPS#Hb@=p
zO9A7tpg2JF(nigGxJe_1hyTTjc_EBrU?C7}VIq)Rp$Bc-C06SU_PJE2dU*^E%2DAd
z_hsSAzZM<XsFHFJEXW*SS?=gM38B83E1(k*H*x5mj75y+6jj%aD9?KdqwhmLW1&6=
zK)4$Nxv9%sSsZ!%c@GN>UCe`N&(Ha@yQ^kKmZP0mnN+^OnZ)h6y&)4W6;~JmVW^|%
zULEc~n5pO)-B5|loIRF?15h`1Mq;U^*;Z}cOv)CBv6TE67xjg&sNzXIjX3N<ND3?F
z3|U3_#ev|q*j@4uJ?=6xe93$0E>6u&x<IDu?u+N&Z;q?8!j^Nhj_3~8ML5=fes2%T
zgXO`nrNyx+e|UY<x_+ghvm)+b$zUJ%=njqWfJ*DO-$K8u3cW=n`Y>btb!P!r7VYbd
zYq5Muh)ngM>Ta-v0pF967>Ky_#Fz<sHUPYq3VO6A{sa5|xY9VT3ieiXiXSQn5=m`9
zMF)EN?@!e=wstno<fmHB;ImoJeG`KDnH=Ot@I@uxkW0Z&&EG3gF;kmv5Y^6Dr^zm1
zK7)&yQ>?71s35>GtrzowokQgo=ID5lG09&d7{8t*DJ^`SF0g&5Yc-GiIQ&2dR}c4n
z@X6JopXxo<rOHJlMY;;sw=|+Qc`0F0vnreSb&TD}@PZrXjGqsct0Ulh3Fywoh=<f7
zKzW$aaETPa?K<$`E;-^)v>!EJno~zy6Jm;r>8mst3~jHsD&1qU*u`tQ9xEX)Xp9mU
zQ~3|o#IJDbHZzddWV-KV*jwV$Z;FUT{SFVGnTsrWalUz{kyO4`CKA34bc~W@gj3b8
z@#?a4DBx!3REju%HGarQ`}#hV=}+sk#qVTX$E<eG_w)n<yA;CVw=KW+Z!C%dh8Nn_
zjktsLgqz;FSi4V;<-m*Kr~hbi-DB=Y&b|>v=z7cB7=dZS5Z+OA9!77RsUZXQk^QOl
z{VC+qBB15xSoUBA7Puuu!NzU$yZ)CuGHYRG>UY))F@T#O*rp20EXw<zwHX({tC6mq
zVJ$1HuOZjp>6gAqg$>*xq@#rWWsk5(@+}r!c97>MpR^OF#4_T|R1P#-ZiY68+UL32
zY3NHVw7pEuQ0UdSWp$}a8x;WyQueWJGJC~0>-AC%im~lWvVyxTQimeowS27tR?;X^
zC$xgT;TIpOC}2-qxe<oYuF|{$ILz8^3v+m2XlTUyuk0pm+7Wv#h0w=s#hchj)Gx(E
z(P1YO@zEM;QsnCFFIbup*b%<7(sDHI=jC4EWY$N7rdV>r?v&-jTcAUEUGF;_Xv7co
zut*GwxCyKg6kmV_Q%5G-PpmP_CBFtny=uI)F02{%%RtA?$rhNLls-KimmMPMTYBP6
zt*wh7{A_qY+bptiXgACRnF+JUrTLDNorVu&!vuWzJfF8F5&Dbx&i=I|a%&Qfj)?~!
z7GeJuwHGoAI=c`6+2k0nr|;~{rW-Wop9xuRUv26B!o8&s5Zo;KoOaaxLxq7JV?*y&
zG&Tkc^~&uhLko2-r@JEU6<W$3qog10hPH;YW7^U=fv<Wq6%Hr;(6|`1=eU6Ca~hJC
zX+oSs>iqH)t72UT4FBYy3@eXHCHCqC+WACDPy7A-yJLDex$yOig*ImH53T-wA(`ja
znm^wR3nqaCcR$?0VhES6-}0bLz1{bl5N~W1GW6s$h)dN$+057q(TTPr<M3mK?pN52
zSWrp?_(gqpg9pXhjKxl$FPG-0g2YWrSRov1{!j3@^>09hVf1Kj3|(<(JZ>o)0_}%r
zteuTZu0$j)WTYO_-zS<NpM+9d>Fq-RXAl=v%*DApf6*@>#@!4HSyYV_gryPNeIr<u
z_^5!11I<_a<&_7*+EgBpAzJ(x&ndG5NV3xpG4#~;=uA25nyqW7%UB9gr0vW022)mR
zW?r#PmP1-D@!DBhi*CG}8ecxq40-dtBk4!>;3{T_?UO`zk^m%uGLCcTy3S@S(c|Op
z6L&f4+YiX9r`;YwK$JJGk#I&X36Pao)+Otv%2{1A2e#I&kx$c3*<ffH9)|kWIgLjb
zf0o2RKp?u`Nv!%B7Y!?V@X6epH$XCeVN*2n81?x(y*v9c@m5aQ%h$1SyP{0(usbz1
z(}R^Un-)dc(t%Sy%B`U3Q!2oR7@~>dK3ZtUf}G2@5Ot@f-zO*WM~v>qbwuH)j)}K`
zpIH#~jx?|2Jszqy%fN!(+$WvEUU5`^WY#CLzR!2QD*Y8W0LJ4=FW295b#q*%wSZiq
zJCzremCfswz8_tyjyX({YQ$k-3Zn$pIRALVaS$3>f+)0z3_sOx@7_r)P{Nnl_yj%d
z*EE?4w6e5-g`D|BaI$5wAhw<n<-@J|R4~Mzkzi2`qnr}jREbELH?(lPf;w?Or~yYG
z5by2SZ*oka`hpJY5YY$JYg3>R53f*~72D7t5@pg(QV@BjSDHd72xJV1kOP3g*VmC=
zq;Q8SRoBQip<?&mvpr|yF7jk~BdjR9-Kmn%wlI940_N(S{zjq8xcI-2&By@)2OQy;
z-@8{bwM;)NR3cbOSXJVfnb1$n#ybRw(jNORphdmqP&#N%h@>J>T->9LQk-7AdOUg<
z!KBS{-sEsh^nt<_flMN|;wk>R<B1zVR-CKG@JkP>EQ+1z$^n>}k%i18j0kTD9<LW^
zgh~M7XEZ={w=NQO1qRECgws^MxZ%02^OvfyPg0PSrDwiS!vp85D1DHX>mWHaTN<Kt
z{V@xv_nDBy{2t6BnNTVZN=Mr(fwBEF5DwnMP4%bqhG=ggkJin~^%z~yElVOBk$|Hy
zEL?GKP<gBfd_On64ilPt?`}D}O4Jwe%a<aWdmF~{oRS5tjw`_g!sjO}SoI^vj<i`i
zO&1u13ThDd+Z%ux$7^aYV*e%n{^@)a$&SX$Pw*}*rbcM)K`^IC#Phj_S<%eD)nPls
zc4?1Xo@sP1C}OsEN9J-taOiO9ELV|;SwSPp2Hl1ZwOCGIH$6>{G;r5)IXu&mm?Vx_
z#fHE#0G30W-@mq&OY<<d1HYA2WQ@>IQ6S9-I?;I{xH}c4^$@fWQju_z8R$s)G|Ca9
zE90y&eZd7N0&x^R>!-=+(DfC^EQI`cm@cs12S!wep@^W`1<6YpbnQ>J_xap24wU9D
zqD&!wOs_#qVO-Pwy|%-*VW|Oe@irSf^f}Ai+6|$h>y0g)cF$Eyr$cvRyQeioBIr6>
zn}+c`C{osI>FAxTaha7t4Zg+EJNhBpFbgV7;Wy7HZ`Y=>(l(S^#xS(y$UckiAm7cR
z&L1`BA9i13tN#2e7y26gRUc@$%?OB$V1KT?(`(GJ$Kz;wN!@aafAm3K#_xgd-#YY`
zrR`!rZ`izh)k$3zMB2`sYIhh+SE3h{yHQYd?0$AFs}X&+Q42O63l*sx(YtW-@*F`)
z&eqdn^KtM~5Tjlq_569rZIke~ebqU*`+e+bGEn7UW|71p{T6EtbRWfWJ(3UcOp<th
z9qb<ekPnOsnIKw|2B5GnN79euDs<U~LyQJ1HO)~Jcm!v~fOMZ{%fTH5WQE7v1k0DI
zI6FY=QO&S;bR}kHC6$mDVa<FvV5J;ojdYYz>ZI$Y_NQ;~nE8p^86bkSZ7R7h5wkPN
zO)txpdTAXxG&^`O(7#_m@+OY-g;+35kvfXVTX7kCYdt7+h{H^FVNuG_5_~CfGekf$
z|60~gRf(<=2Smjl)fkDg7R{L}Dqg>dF^KunHg`_g=S={NM^}g~-=}#hK>kJkgTwQS
zzXdGYoJpyd(b_e~M%gXVwrp4X`$|xy7$#+TYuZ1M8(?l}0$fZrQUL(!1bh_^!bCwX
zH{ApR&gYAb#BsO2K6um9+@&KX35^l3OhuEi&cp%Fo@&&@`a26$@+GCu7o$-potAh6
z{^3TVT+mZ`R**d|veQt538#^@ggr24p1QMd)FUMc&D-%WTqIdnB47TSCZa#1BGPDk
zMAqfRgdJB0n}SQxC4b_hE=zP$QRrI2m%l;`9wl4DLfdb@l6a0NsCKjMT<B3Maq1vx
zOeY2JfYh$U+bdxB_||cu+b%g6+y8T++?qZpENuAnc1ix5XWx8<^_NZ2@9Mj{9~%*>
z$to8bEr&9l6Q!sCD#agtL#1XbINbMmbAs3Y=G577jK^T6I}=kMKv)1^cUN(t{+l0O
zxa;@c6>-5pj}i?mthtx%;iB7;8xz_!uL43sY{obMX((*Rddtzd7z_0adM5Ja&E;Mk
z7#7DEJ9yIRdcNjXS~K#AnN<Z{L&d?E0h;URjD1r(ywil7UA|1ZAr0Vf^&{1*zheI0
zN|M4rOe(%c#rN;_aoroMN)aL`Lf!Y@GurI!GQ3eLT#<>_^}`o9VRvI$NE3;(Wk*o;
zk=~U_X^8hjcG5R2UfN!?1(UuXT3_<wtA3xj)R14D9Kq*<Bix@-5UIEqjiuq0fhikZ
z7s+GHEnh9RXWW$XCu1C)^9LX!RTRt4xs6n!sDjQl+_KWwRoN~G2}^1bOf(g|&EO)g
zJa{jB_2k(`k}-mrRf$#6qpR?su1H4PEuXfD4n2Y~Zj;oZ%_y@w9>SfTeklQx6Z7n>
zbNfI?!VHX%HB)OuN7sl8e_z0}60)Zw_`xPtV(!8xWqjg80g!cPd-vFrQc>KR7)T}m
z{Ee<cPqycy!_qUJU;;m2mr$dipnIRoq!<-&6A)mzHg`?YPMfAMkNI(lAobc~af?l@
z+j9a8zq62W!Et?_sK{eGVeJ?nctq~S=nk#tst$PEp0_ZK0-1$TD-WIT4svMDyF~!0
z=S!R1`+`tX^!#YVEG9yFZSVKbu)BoHE~09Uhe^4>oBxOndP(eA{xJx$C8rvBPZcA?
zN(@vW25JQ9R<x@Hp3jkgzcIhoTOrc6VHeKCrLuVVcuJo?zCChqg^nVtcu%*HEy*{h
z?EcQuYZgy9a;wpkO~s0!)O?|F6(2l|Wp9X14BQ{`@bxBmbQfisr<=*%GX#6?Af@@!
zHM!mk*Dx}x=?02Fz*e9l4iPRxui|PK^ip^NvTd3jOa<%w|M0sxt<~WpHXzEXem-A1
zjQWW<n2Joaf^tImWE0({3=pRzE}dB;O6xSI*wJ=R`V^EMen>AAog_H2IH}yjAEK3|
zuaOn4+F9~fl3*}ElZ8y~Vg5#>%FBGoU$;<_P3;qx7FhxpGm{DqvzJ6*@#SPz<)q2&
z<|tMPO5}lBHZuZwC0<z9_5o>^(#1PArUH<~FaF%QG?;{gPE>QX(o(y}i9w!%*fqsp
z1z<&1iL<MD;5ydJDtg$qo&j*tM`%HP*4uzIs*lN$s)V?Hy0Q|{W)B<m9A(ptn`ee6
zHos_;{6*0Fw$S$f{*!Y+cuFi%5wBIt>@2kp7pM}GuqvXjod#b|H@evnKt7QG*+{gY
zsgyolC&uC^s0240@=W;y^?W}TWn~446klqE7%~qmIago!p$Q8({^$OSdegh6&@7P;
z0r_i}$nARgxNgPIX8r~dAx<v7EMZgkhFWe@1t8t__b*8LL#q6%28O^tbs`M$iz8&T
z4`Uzh^F52K!^4siw>8YL@cp%d9D$fmS8$U>FjfE*3J`uCP;aJ;dvT$@3eX@7w*ZF=
zXM1N_yB>Vy@_-b~(GbF#B+ZSf+{J+gwylK^7Qk=s)RjBsA~1w!STIg3T2qxB@n*h#
zG+b*o<m=L6pXSYc{S6IBS4wFa3!e5~bF*Ozd5G?1iV_u!8&T7Q&m&T+EFf=!xdW^O
z*u;QfkK-V)<IakXn`Rk0d6J4o+9yq7U=%*W9d!F(+IaF3aAVHskHf1#%(|vu&^P0<
zOlmz%@F?Y{bz;5fD+#ia4Ji)BW(c`jNHam-0g;am)`!%-)-KOo51j{m)b3C1$Fwl-
zgArK^IzM~DFfuBRt*Tr`qQBXA%wsaVbDOol_PCTe!YQldIo=4WNrqQPlzZ^<#GoNP
zpQp^$JqI~3_j=a*>#h;Wc<}r`E0#G5r!lOs5g*++L_#TM7~^-olai@5OlE5$K^v54
z>Zdn22z1bS_g6Rpk%9^nevXJxZ=2HMUe|AT$O`$(irEV+s(hxlNl8qyf7~0+5GYSq
z(Uua{!IK0S3cXSm!H=F(cqnv}3YL+@TB8&F!i3ntf9)XbPhH}mMp-lj1u(i)5{@ab
zD3QoK;NEC|9zgzvHLf=+QAJX*yglDXP*_l@_{t%2(CO9=MjO34aaU=|*cj0XboTFm
z{>d}eI^3e|D^L)t5O(F5RqgeXBgQ^rE*6oxJ1_O)xn6GhodW0ImxiYpOgg<scQURI
zTF@tQ@49c7YTC5-;5D>a!`winYvylpbHZCNN>PyMyS*K`DhPea4p19kJk@gInCofm
zP@%$_Eg=a;<0Z0Z2*il~XZqp2wWlKc@g`~<+D2Mldc)_6d7n#Ev(tfQ%kCAcm@&=U
z8CS*AoUbLOvYU7)ohOB(P6{%gza&w0$AF$uj$g~AJ}!n=IEm%rzYY-)2C3T>^s3>I
zv8Yogv7aA*YCODgXl2M+E;GD+3C~n-%^DjU!$JX_J^6byRR((ejyxrM$@VhI!U|P*
z5$J&&^Dy10_lD<p5}4n3thq){$n;SqvlUw`Xcy11i6#i@2J|G|PjqnqQ7rer?~k=J
z;Isw<^{8?NCuM2wd7<w|_vq4Z7BH92jG?u64=%|c@_$j{WEE);i0<oY#N#7#cOZoM
zOhlR*Bn^K=@Vc**&u%H;<dOnbAxBTmP^%!XzLffHys<Jx>M8y%#(csbHn(U(wxJ(M
zBLy9|$7yddjEEZSP*ejzGGrc=c^}iakhH;{^Q93#CDM7cD86DQB)`ujUf*`Ed~Z4o
z8yntOd!uLcxL-j=lSRWSvD|0kz2;HPE%@uNPKK=*9|PF8xXvt(<Smw5B!&N8|1o4U
zxEb3mBerN;Ymecr;~qdk=?gBp3()&e(3#3Nf1r0w_EWP(1m!V8+nJ4wPYq>~azTS#
zatg)%Vs*c$R9M$z)HeI@rxC!<d~F79@W#?={707N+$U9kACtW*=2AR@M&XPq!Ig-<
zY+|CX(;`CXyQCyV>nekaf>pct#m#Dpu;#(<^XX=o?qFlTSV+oYkbP50w8lLKz5yHy
zEs#4}3Rkwuc2~*yg56oU;K!TN#I|}v{e??w{bP>ZhL{lKrU4{)UC>QP(&nujXP%&<
z9x?<fw<R#v40@R6F{xnP!AuW*=LHw$N%?`_gnL)t8sPrEOQUPCFq$r*$&J*JDljUE
zkKf@e4ZFi5aL+n$mv&ZK@^SEdO(%-L=LB5RZFG?_^hv2A3}c=Bjcyl@z9Hr}_%p)I
zWQ$Ffg>L+1hKLxy@_4%QM%JDMw=Rc>wv6a@St->>!qVK{ImbZCaChy*F4r=)8cXhX
zFmI_^<@3n(A?DJ3_YbO$t>PNm<6h``&pI4`iq_wOl1tlwNlH5<H~}zzJz9*n(6HHj
znqFHEQ4++%;vWiZU}iSza1FzwCz(o6BnoG$S{$an2-Obu!DTa0zEKX+Wzuu&8wNRX
zD%E8>s2sX5t{|xABMQYY9iCk|$dl0HdiS&aQb|(k>!l?N`?}U5P#9e6ZxooC`m#;F
z?m>FA%uY(Hl{D0{LOAV9!dY48vfB=~Lo@Ne%>8)%8dO1qDb8D^;;xdO?;Z^rF^;Gv
ziEZ(uv1tB^e;I41*ZeWy8Z4A-EjAg1(Z2oN<JdCr8Rt={XcDnS%yDoQX-lD(E)H(a
zksPI1L(!4_t!aFTT6tCug-MX_(<wMa(IB>(`ih3WGWb#+<amp0sXUexzVIN~T^w5=
zCqvm6S2Aw}w=?e;|K1CQwFTJ7>+Y?6#3?5M<yt#rp3S>7#bWqAha}#`(Dk@CA-5}E
z43h7wkK2%@PDCu3U{3`M%eMDKeJi1pp?g|L4)pR6Py3{P$|*w6QSvEiMNdzq#+Lo0
zk{=MMCHp;>Rc*?|RzWl~NmMaKnKii^+vbf{l_g@*HWk;0&nBqNm6tgknNp;#aui?|
z#+5<LTTP;+?afTA*v&+2!&eeXq*96<5yp(ZqN!E^h^0%Vpi||X7Qq%O&qEU`D^(EI
zb7f;q5?&r7#-2j|OhxL<fvQHCX6Z~fV|%_@VOMFEoR>LsPHFVh#-eLytqfsljJJxu
zrr<&6!*~=Z%t7YE`W~Z3Sq*bGi7`V-0q#N_pS_5M^I1d1U5QSpr4W6Tj#Cjx%&d}^
zhQ;i~49w1mZb=_Cvj0M-QAzcs>yS;AS;t<L)AS1~srPtG3;`vhL(Oeh`X^LV5)HBd
zt+;XuGN4TjGpCv|@e~V{4N3<fg4x1H6A!NyRh?L~idG|=BuSJ8NU<nIY7+@?pTyQt
zP-0}9<x27vwzg+xjbcXE)zJGOUWQ}Knr=WuGAdc_BCM3cKFzPnET(Q|*eiT)l)GZ;
zcL)*ggKG?@xnd^`B%%!$ghw-KVNQpWv{2!ZXzO7bsFNzjr(iI7s+ouY-rgNk#oBQy
zhr&vuyktH=M!xKF2eKci?6@wSBz!IUV|b%x-c;6%J>$_4huYbi$>DzfUqa+AJ(2$q
z?9W$M93ohf=9ZfoJxtrI=bMFlP|xZ4SCOwDPQwao-Hn#YH8>(!&m$}KFD@u^2K9Zj
zJ-oorXV(SL?B=|Bxps2Mu|FGZvR$+w|L5QsrCmQYNwA=ItDQPNk!5L?a#(9gG953`
zy7lG#<LW2xdSxkCNJofj4<{b&{;9mjix(+ER}r0pG2;J+Z~I@g8y-cyR)1BIU79g2
zBL9Z2)D#+IJvVc7bk@>HZfH(Y#5&uMd1}1~dRCBG9ep79;GUBgFSR}RHu`hBJx?|L
zzw+!hz<Z&a18V~o!ZfJ$Rf#9w9}N!Z-H&_Xeu|oNZJFH!OX{Lq#az-N`*yEMe$$b_
z3=L=_W5K@(XxDq^r0W`InvfwOEU>&(Um;gQo*ay*gt!;;m=y1kUgNse>c#>;3&i2-
zQrn-eWMY4wyC2(Nz1eOY7aMP4%QCZhe+q40347BCPLfzZKd+PEJwCzl0+nKm37xE|
z2jt{->sHLz!2BtrZ6_z7wl-5xg^yu=o9H!1Ovy-jAgrYjJ_)J%VDe~)2Q3t}Y7n1C
z6eDWJHW41*pDRkWBJ-N<MtZxGacc95W^UR&R&u(winJTnBnRP(Fo(Wr%c4Mo3lHxJ
z+p`5N-+)*^Gp}X}wU_@otw4@#=|E+rUYi}3W#d!I2e5ZVS94~OvTOFW8q~wEX+8w;
zztJaAD_xJw;xB*?pBeg>s749uniefz(E1@AA?y-RXl`|}{K&XmYPF-4em+sAnw3L&
zVjF=-EzaDgA;uzmnC2tmT!K0=WA+WyAl%$-zOkpaJ2gKryBo5swhe{$ybwwYz@!G|
zHd)smL|9VkPDEfl*>2w-xU_NjhM1op=jQT@VZuni{&<?zknMp#=2F_v1{Zq<n6JJe
z1%z=wl^=3qoq2`o29RG?z5Jo%$J^8+ZZx0P<j%lXCjG5m5>8$1Jhl4MGH>k6x6{G$
zxfYgdYTUF(K8_RW4}8<Lc0``YpBt`ku3$TKy>{F656-<o4%;+2JYS&VyLpoH{W(Ic
z-C(=HlV__Y<l{yR!4`*7{&$CX1w&{IK%i15%-GY($g;R1a&8t`+uf^LKa{bqcWEiY
z-BuBw-_abl0j<+m4r~^&@4sR<+1U<u+;tB~S*vA*{hzCQ({xFhj{y^m(4t%SDCwBm
zo=097NI(U>n-10+3~`H~cAUn3$+tTPolrLK1M3w^Udt1FFKHy)7?CIa+Iy*2GrtIJ
zy@VgJU)wjx_{PF=2)(DbH}g8fVlcgT3TT|&@lF7($EkwM=*$eLp^wATjvxK%r%{Kk
zgc2_zWria6BzoV}v|sfCywR45^~YpijJ%JFmD7t0OXV1i_C$L6(m>=TlJwD@F`I^i
z5+GouXZMd*UR67p3_o4WDtyekX(5ivq9^+9n*VqQr-qy+W3xW`z3XPdw2X~)n+rG{
zlIRunn{k7g%!N%QnUWg?qyg{P7&mS3Mo066XAGP`^Eg}1;CGUkxQ#`siuc-FYMZnA
zn-=|G!>p9mTg*yTa1Ep9qE2f`@1RV8e92$_0rfR(ls$5%l_u{cF>@j->cErc!2vZC
zp^xS{y;U*RjQgy=45)w8TA6$fx?ft_&{)KNwbV&A8VN)9o^MLqt)jrN{u8u)6>?qQ
zM_(v5s(jZ3o;RL*J@EC8dc6O`F0s9<K1a4&^d0!cT3W2>QmpX|1@7saH<shfJVHT8
zdPAbgVpb6+MGqTOv8HZDyUxRiYtEnDqTw{#tg2@OQhls;NXn%RN;@!`QX<&xP>Gc*
z`SLS(A)Dl|unZ5H|F9>rJO5!N=yd3oBk7ZMT}dlBnof?6Fl)?UaIts4fXom~VqQ_B
zzJf7MqnY%E^gM63Y3KQ!H|&D8>H)eEEFzDNB6qAcas%TB@&`BX(Ou>Fd<Mm>TvY?)
zHy|!OBHF{mSpKZ?sEDag><XMoEN}X6o+OkwTc|-83|Q-;)>jH5OF(J-$+8>RayWsb
z@+{oszoD|;bSwSEPbHrQ7NzoBb;we>u$CX+z2kN&F)w29p+Kic6wmm`!94;<uu{Wp
zYvmAQ14nYFDJj<+_Qu4vX+Jt&_Vng%oFW2ub_0Cyh|?0#nv`MO=3-K+Af;E%fq|I2
zPJ$mI&{do3o<Xvf!qo8UGD3X$yW4~_n`7gPr;Wq&c_-gcsF8D8vsAI09ezm#nHp*x
zGlx`v!)cIQT7jyp9KYARE73AmKhToC)e}i@D2L?Fn=3D-Qe89<=-YI!;Q8ejiM+|l
zXgIOnE0M8Ei<5ZB!8|9IlS63qp2#}u3J`J*QiQL7Wnad<>WQBT8M?j>VxYunN-#ci
zxaajTQu27qt*Z#Sf-L;mLGh?kc|i1iJ?^MDrykHnAQ574M<DQ{OaaPrk}dC9Nhxz0
zG4?_9smy%gT4I$jj*v-$DrxZWe8od|Wf5}FpKs*`x(6$k<RMZpu%U8Bb~gTQeDxU4
zP7}@8*8t&4^s8joO%wrao9;WTS904$B3?{Q$*Cfi^aT8uCAi>2rb1l_I-lzJ?8}XV
zehtVDkEPQ=eU<Bvd%w|5xw4F~FnQVx+aytj@B<{$spp<Y9z#P>8g&1)(f{#}ad5IH
z1)Vp7r{y1qEQ|NUTJTWBu6`Ype9A+F-kU#3^MY94Rq$Z1F}9yEF&-2i{n`U~<7-3e
zO;Q$rR<3@J4Qo6QA}%>EWW$}>8i*Xr9`Ow+hpKzN?xKfbm0jst^%4-uj^mCq@IOh#
zOkfbxQ|ixwpi1@{t%}y8u#?}vAJI53$m<W2bY^>H|1IL}Fj=`%Y@n2cu>>b!jVWwK
zd?(>bKDMZFN%|$M6iYb0G#`bzSLnjP9twUA2|XMg_LQr>fhmXi`hKh%5GD2tE2D=D
z%+rW?6Ov#Bx$*2d`SVv3$Bid_5GEUv-UI7g+(crK$3>{7sTsxLaLwJ{40fCO^<9#E
zf;n`QwCW;$y7dY*%s=GVY(1U=MRGqyf3jq>VFBzZOLT|G(?0At@LAH)s-de<tBHBI
z2mL#){S{nYNfXk6M+rbL1iW<+jL;eDyI$9;okysOaSahhhiFo=FAJi-UJvAS%yZNw
zEC^M?e-QY4_D70_3FfnH)fMcjgvd#y+6T|dt$b5fDC3fbLczar*;9V`f&uQ8b#-wQ
zwzwoYlZeajU~4w9pkj}~bJRDPXO)880JewTp&7thML?P&07aMLFR6{qaMwKoNad)>
z4<vo5jOlHgR%NA(M<Iy=674r6Ee;)&16g4<Md}^lEcb-L7Ut@2f>!Oh=H2^Yx6HjU
z53=3p0OYYr!9i!}1UH(m93V2;ZqNJFrZXri4~tTDtU%&GGT}Qj#}^LR?q!h?&NdrT
zGjT@O8UW?{uwXd3x+5#g#Ia_hbXm1~f(+MVYN2EC73j-v9seB$=r`4fCSgpZCSfcY
z|CB0Lunv)tI|ltek!HJair=$^`~aYzfE4XbA6~H8{|?z~_Q=X%1eP(05~&-a=zfj3
z-IKlL%3+$Ezk!EEXj1TyCqlmA!`@&;#(^hL{B%mGo8GCQ6Xk|PB8k(EJvlenCcrjw
zJIJzdO^`9J!McQt1oIK<@7;HrL@*Lo0deA6Vc8%Y;QtdfH<AExE1La&c5MS}q8#2L
zKbpdV1<Ecp>vp)mH{Zn_SI3)5|KM01N--3eCsWiX|K*SU?gMIM3D*E(thY9bWkH0r
zRcgNQWE79cgvhc^<1kmsc79BHTb#2snC~=flr$Jwms%zKm%w*%!MW1P+phicbmUV6
zDvm0q_2}5nUh>i7%L4dd=QJe7*I{GBt<`kjk3hbsZMOe?IMHm$9QEbWnC$V;lGb<N
zJSN5)2Wn2STp<2p(?U9(GO`j=EJ6@7m3U0uUc^+YIPu5#Z+5h;DlC-#?U#q)k653v
z`Zo`9*a>l2@IRnALzB=C&&}UF;QCDk-#Fv4pJ%$;P6Fsakfiei>E>{T0Jat@eB5%n
z5F{Ss7~oncQjW*EJWgB5%8;P<p!k-`KVMlEH6brV>()h=^LALrze$4XUZLXe!f?9_
z`8wU7Mmh!&d0KY7pM2PA)EEf?#b!JgN3>Ww>95Bx0!i4<ujhH0Nkr{6sX_`*ogc0I
zfdBeie_Z0x&j9F(t6T5sZwPe@{aSh;KS<Z^|6=u*u=>+IF%q$;brzVtgw)9GPvD(K
zY)jOX5rPUaj+GSZs8;1L=7S23!daNh2uwDZ2pb4J5z(Q;d$`Z*w_zbqG>q*iENoa2
zr{CzVs02S@C=RA(RWxkR+{W(W>|s@NCFQE_+g`3t-0&TgM~-Z>M3NeqTu~UV{XU<7
zNIzH)<|5o6Ie12rKJ*D-8{U{a6cj~toL}pE)|=a`LDM@I&mXI9PuM<NF#t$u1V%YU
zP!5n90n`HwBmV&9oy=HW7f_yV2iuEnrD0I^6bk8qHIqD@h^)%R-@gskrDMiv>v+Gc
zX}n45lU2ld#6P1Pr|&QRd7zA%as5t^WO0jn9UBzW*O<wpK?Q<gIo^0$$<2>KqF&Sz
zKBXK`Kf=5jnBKfW!@*R+a#+4~W|3qZMp3#iDXY4hM9}PEuDr-drC}_!wHDe|Sv`&V
zsxzi$UktzdP>Sf?KOenUcceS(tC?k#jKF97X|e4(n)|{Nz+5y(Y@1mBqNMK<j{d@8
zVBZJve@@ZHu|i?xHa%)4kB2>fv1x&}xH;q4l?YoM*hm!bS24WHk8ggP?>l-(ctU1Z
zKgw{fcgRzLYy^z)!B9(fqxH5N!9K4tlejr(;2F22&z^UqWI&kOfEdDeeazHXRW|KL
zTco~t`1ZhtcHhXF?&)7B?+}MK-qTFde~6zXY#)Yxx-U&~!BGGMB9MQP04%nLVNsA9
z40H^2{D|ARG;(rrg#G9FRq2_+1r-JjtNi!*exw}euclI?ev=#Wu=qje^YudD^`Ib%
zF=MFRf@Fpg^Xu?ZwNUL98;%oj?!hgV%dLq_V?B`EXH2m}{XLm@mKlm~431>GE1;-{
zQ%J?y5`6m{meTDnvx!<mU`P==Sg$;d>3otZkbc?>IqlM*(qWY*9?FTihmDNIItA{m
z4Hqj>f71`6?#{oI3**Q^ksYojB3B>w!dl-2l@D!s`bX>YiTAG;4kGmt<FD*m)CH-s
zveg1KNaoiT{BJTZE@b_DuhIt3qmrJ>RF>~7rO9Lh1{$r;+K+r|{8-<I5C8JC4}H2A
z6=SOJ@sOVY`!<vsXVPB#^RoTSQItr3Bqelk1_#>aH2oz*5Uw4+L{fx>ZhjD~X%SA7
zfy*jHrOG{%2rHYZ;gqQf?c&3q_e%xc?};&WXkq~BWdmuEH&)q!=5<A+fTX9O#=ZBV
zeGvyad@l5(a~>@)nWzoFelfIJW1+QYH>}-u*<h5T(8Zy|abUn{kE4E=PJ~qO-8lF2
z?}Ag%zgM>f&_m(+V_jME-P^o<o1F%R|MV)k{tGcMTs1_`cq#t--?dKP-v+8GDk?e_
z``=D*{1^WzIxC2V{^=ps8|Vob$t24J>~p_2rZhud-vl*hQ1a4|uHtmo6gT7E5bvt5
zz}E99!{$5^<c442UQYep1OWjqkJd?j0IKN7n}Oe7gZ~%!Q-9oQ7%7PIF5;uPUxonv
z8_Pm>$-ye5u>GPH!tpNk`=@e$R_I5q%)1b$3q)yR>tVC9L&nYEQZVF8kSqrg?@zXD
zj){K}e{gPQvd>>F1%;cpvPh)sZ}P>}j&)myzN+4%@U*E4@Q=MX9KLp6{sKQW#Lzxf
z-o5v&@(e3UGWe#k-t%D|ftC9^!Tgj0WGnNVyDi#uiI11s=HH{gfUieL=Uq+vwXXKo
zc4@|Oi;MO$)=g9YuqXwNN=Vik=9JMBFUw3$ePC~{$W0d5fp(VFO;;dTxM$KWCPL=?
z4%_1+g^P&+n?T&r5Zuv5ka#V6#6a$jaCo7+IciWioB{8Zkbq$*HSFV1`^z_?pd|vY
zQ#r_ytRsa<raaCNGV;1P9I+8ho`C*O7JrpG+>{kPbfNM%p`T1Gkj->G!T|O4{{n45
zlE3cz?}x;1&2&r^E7169__N{YMR(QNyN>touKQNYq25vNJ-yPw)B+i$yTly5#X{9p
zOZu>SYtPaNLPeG<wS=yr-#hJ@uf(s?ds5P8Y6s&gGiT#fUA#@rA!eiY#j9>h>-)H6
z-`0ND_ieq-IrcpJJF>o6&{5mVx!C3MbtMrZ;fdGR*PYty>l7EW=a1|eDKk)?pYL{n
zZ$H8@VDHL7`)0iM+54!A?ehd8G}3=S{6YzL&t0teDPZ7y-FNap`zrVEuJv=x*7G=h
z*H!U;(TrwQ4VCntN*v$2=0AFPS_oJNE?-)RXDNV`@x4i)lEzVMgM?#}mjnhT@K%~(
z%u4Z@6J(n~V2L6E2#Ny0MPi~zs}>6NuD8d&>z_H<-<N%F=v4cy`Hh+62R0|cSl>Cv
zZ?=J-2y%wO`@Zj;O)ywc=qtc6tixh2<<PxxuPkib44f5V@~-ify`$BckvuE2cV2tu
zI9oZl&F(-{MMw(h+WC%yDNuMvG6L!id&}v&+9D;!LT!{lX8=rw^b}JN%i0&-dA{H&
z@#k28tr)=SCq$~)M+kyG2Gg1ZW3)}z<v@6ino)$dreP+tLkUX^tjjTpd?is`w%xIr
znS&c^5>ZocNhFdYD|oLK+=?`)io9v{I+1S*Xe<P=5fL_)*i}zC=asp=3T|$TwLukq
z(_X|*!*p>`7{Un#4}t)FJ)yTfvrc4AF~WiZ!I}^wXMmK$Q>BK5G-$&p(von6HO}zm
z@^)Jv!{M3OGcaHz!SK)sV+M(yk>$)R2}w^$vwhKS&c%;ODaBCOXep@=4P(CN8tYoR
z3Kbd57+4C#recsfB!WT=Cbx4k(-MM1LNHcv(W*4VLI(^wY(5$4buGL$7<KdJtC_A5
z|HI#&{qucDK=Lt0EMlU>W9Q5(Ou3lcOG;)H%NniBE(wC$M;wgC*jV<#)itZ5)X?Uu
zU>K{$#H$?vx@}EZEUh}qm|(6j5C$YBAVNqeqzncUfI3iZ->%w|@vUb8W%+%U{eFtE
zU=%uq*GHJTyXu1d7TNm#*Blx;rlz>nU7XLa1K+)umBer(R&b#M`#QeWa-GjSZ*!`q
z1}t2mmIpw-t#q-w(tY0C8Y$;P_0L`QbJ(k?WOJW7eV<32cE*OW-qwS-65qc1@8!=s
zgxs6GEvL&g)gwXOh~-pUom#`g+tYL11HpZx?}k>9yFMd0q6z_%?*Jl7juvUdcH@~<
zS1DMpd(VmHvpf+3IHB-fL~2|^2{Z8NQp@XgDU>P&m%yvNB7vrjBr#>ykEZ8#n$ZE;
z2yP(GAG6!;yX+)XL<lW1sY4&0F~3#<AtqtS{W56EC#2zN(gleEEI1J1jsY6xY+;(f
zyYTJKfwAti8X{VO4FFKiX33*r!Git0mNYs<$8lSr&Gpx>nrY89)3sDp=kZk)eD%*W
z!#ee!VYuvmn!1|%(6TEPj2I+Ag2oDo5E#ZHB70o$*S*()!t0qH^7(C(YwBeaCPfH5
z7ST!b+?wX6n@8*qmwohiHo7KZOpxA8w)$(Wb28PY7AW<JS4<{ZDq*emMU>P4+aw{!
z=llUx7=ofi*b_yp(v3-CF^LK&iOo;j{qsH6VZYI%H?!`JhA6ROA}FY$!}>$%(kPlt
zAa~c!XP=%s@mIDM5sM2EV<m<$l$O#~l&vLYUt%Bv^0kUE(G+7<^XtX6{B2e5H}lM^
zP;(MvAwA)o>XkK=PW<W`WmWZ%on*#EHy>RnwUtLa_o+?Mh&Ah)O5KReinrm)^|+@p
zrEl%jr0?_YW@8Y=f)G?m{1OK}@4@@{^@02Ak@LEj&66oJ5*ekLEq&J2@%f)A#HY$?
z-XX8-``~wu{NK;M?{42Dgp=9tF(#G~er>k<`SGi3`8Lw1RJ_QCSxU<lMQwcFT0m$S
z0wPFB-`x6ly@Ae+Gn&aWIo)@G*Ux;uExh;MujMgDBVvmwAo@r`d+_tmzJ0>UH~IX)
z*v%q{qN*s0h|gpKeK`B&<3FCv`;+2(ARTqieBYg=Hpr}H34y~H%(08-Vm38KrbHI}
z{(HVYJ#+H9&<GkgNrVB9LYm+rLr$1LB1)Jl`26nvTkfbL)}Ya>MP!)xRQ&sM*XLV4
z>2rHp!HlttGcqco42sDX2qVHt)8h{I&#$S!IzI89tEbN0Jbca~c*|6!ip3T~5=IsR
zWrz%;5*ZGiCDm9fEJ~P|qYNd36quN#GGeP17D&aqS)_uJQcD(j*LAI0xyrXTqibl@
zRU0vkiq^>#9UngjbJu<T&PdGx!=G;E_S$1JZ9IPZ^eNpl^@oHvHSf&$AD{%1Pv7QY
zEJA3L8j0I&Z`<$p^S=*<q0IaIYE&2?#6@BtqaR5=&Zl)v<@m$fXY;Qone~TS_sPNp
z5rz?!VwA=uSg;hqfks9umP|=yVyW$ltE90h(-fT+A(kqWCMA{=OI4M1AX9nEYPPvs
zSfCInEP|{#-kljab^U?U&|Kl0<8`+F@tSq#Z$7wI-gB!w-l@N-Qdic$iwTJ%B!m_!
zFyaI?-u+MBeB?K~ufZ%>F;N8(MNmZ~hk#F)@qHQUf(Q4{esAUBKC{#5vIP@~>P@j=
z3Ioe$2v48`ECVbmt187}VKPhsj4ByeL5xtcVwIA_i!3BDVltRivaF?*ie)m*Qqq+c
zwyRz=!Ys#ys?4>ml(sdtv8t_#s*PnUV%AL}Yg#K?8ra&X*0#xMD?<%`HX8V3%b&k)
za_zY}s3ik=4FPq=LEYa!R<GiV44I=w%+az+eUK#YWd1+DzrDAdpV|Gxf49w`gB282
zh$4I>3*V(rzItSlX9{ih(NGbQ*KSO|OE;^j$pIr6!C-)4CtB-EX?1qmQ%Ws0Dw#^j
zUw2i~n_5kiZA)+@Li1*$Y8>k_SffYB^Gy}6yZU|DP!QOBHG~d7UT;JW>(lsXh|+0H
z5^07K_gW{<Pd@$rK5?h*e{x`O1H-l=BE(3dSs|2JG(;IJn4%dJ_`dB;Q%zecTWi<l
zh<W^d*{LfJ1eeF=Pe9;8`j#a<m!CVGm6k=7m6bBASx;-(jT*O#@p!2=StgTY+Dm2E
zRV8%YX14B4GSW$vO(tUzj0i8D-4kvh*LP^N17c*IzFXLy55vIp0Y_=E!*&(ZH?m#)
zA!k3K;*3}j5m<u|7EEe3F{!r864eTg5hmF!ecILcwyV=bKbr^woVk<b&#eprWz;3V
zRGiT=^ZfDfrX`A@fLPI!Qo_*nWW|FFy?h?=IQ!_<HQeqr{K?jDEt)c5VPdkeSv2aF
z2SL$v=*4AWl`(@1LT!}Rl-nt(C7WqmdSbFMDd(-E#YD-CnUWy?2kmq-1ITE(DLnas
z=C}J)@}7Bn*X?!u+k1*?NU4M>WTM4Jv9?WWG-``Rs*R&)jZ$yjYOj8i>b_TU=VbTh
zYgwAr(u@@afV&M8nWQ%6CQaQj$xSL^qYQDb1u9y~nXO=k1%ZOZ2MU1`1zA9li-@=m
zOk_rmW33!H3ML^d!zBzt1P!PynBbZ<O<*{-XpT7&=0VmQH3}fa+M~wm7=u{qhX8<J
z129NXN;m_y!Ge@4U;-3~;gt(Wn8IlZFd#q<?|PbD6h+fgwM@mBVTo86<hU3Fgm5qv
zEEt9e8-gKY0%6PvIWiGzuH1wo*^)veStKl+R2akr5+p!a@Vf;P0$IR`IZ_x<4A}`I
z7Ut2ZVvA>KTGOBu5EmtaXv0H5pokV}%w;ykYcQ);mk}132O+IWvbB;K%cPmJrwdI8
zNaT*X%)2E~Sw6CsVwsR<IrZlL|2|v?rT2l^KmcE0k&!!9&h<@nt$Xknd^hg4cvQZB
z>8)q8j+IqJRaHlgRFNc;!_{M}!3t@ieenccA#Z`$Bp6PK<+fQApL(UaImezscr4P7
zfS%Wcf|ccXEAaE9-tO@4cvRWTbb5l+DM@E~176{$Z)v^vT_K17q)>_i$gxx*d)?^o
zb#HV_2_ZJ_`5t@69ke%TzhKZm6uSsY@+<p(*7{e_8n^Q25kD$0YOSZ6-MozA4g7Py
zvof!!momN-j`A&0nVcrwgihl)B59Ykb$eXBO#Ku4xeL1OOXh8&#%;U?{`a3|eRNOX
zW9Wxv9xpFM;3m($7(TCsIbiis;ROu`x8tzUhvha7-hTo1w)pSD=xEQj*Us;ExevB=
zb~l|?>Ad!Luj<ux*PD52Z5Xp{{e8S!F(D;prJa9#9usr#t9a@pchw->KN>6JAo{Pj
zzRACEyI*xZtFz{mPJxT*^;lZ$z^XRicIdyhOfLmy%rg$o>iMO8%ia9xG>z68O=XH4
z6iCQ214?s7HA!aZvg}$bNlNAg767bZsu5={&xN`)CjJ{U;LtqdBFY;)BFBM@yUkyU
zgAbo+Oa!ReIy#LB2ML(i>BnJjx46P;uBK(B%iawT{zyU%$>oslvXBywFfGrz?c~=k
zdtIlqY*__%q=KxFMkJ8n2Qd)CouW|2$kZX@L=8{}g+e~Y7@>+Z?s^Uk(6}AN1nR=A
zfI+BO<_OAO-?VOm;+eZ(+(Sd@Y+#SIflh|D-*yQ0&Cc=~2pdoZK#_oboSpZ3=y>Fe
zWLOA9P_`_B319_H$xCV5tdz+uh8&YzWVF}C@p$l+B*asCq#JwVnUr`b*~p4LH&BAC
zoH}zeQyk13SeAiADilhtjKLA+kYa2sWB>?^3B8Lps=e5z27LEed0REAXwV@91oWXQ
z5lK=qB^ankdS(v9^GBEtW(sUH#h7&E>u|$T5Kv}>-P+v2m@OXgY149cH{R;Gk4^4T
zxrK3Q;LNL|4iMmJ?*}ud0OIgE34xeC8qL|PrfRH*njFmAb2*_kMzm6xcw7+_H2H02
zl{DzxX^t3S7DN=LWunyGTb?%SL&MEHEjV=QtZw+*O7U+|A1%0duvi+!nj(zDQKqfX
z+@fI3s$sHCg)l@c$iYz-35}L*9<AH7^>>-#$(bbc&hIlaqR1n`Fq`mG4H`P^YG@3M
z6wsp)oCtELceQKPcr;WGs8R;O29J(imiOVBd8@>_U+n3Nw$yrp90-9(BCU%>6nEY4
z-+3Cy_$@_hMg%^e537^=a!k#9q@xq{SO|MyFR=I9ORw(gt=IK+v-3|r`7IUP2&whL
z8_&LP@3%$pn*PkHGqGu^>Z+lich_eJ3<6(p7tk{PLTAV&m828^Ule@&wtxdMeeMhr
zCuur1+NOe#Ac9kk#2RF#DUB_>Y3|J2_uTf9p(uN9pLIu`@(O2HVUY=<gj(vY?Q_|z
z>1lZarlR+DQNBKCfWmt)be29PB1f7g5$c3Ay@)XCViZDta!sBat`r(wugOwF#6lcZ
zj2GlK1PKlrHKUp2?7#;RkC&}!5<prIxCSO4yr8+Fk&pr;D|R>*qFqNdL>*zg%)%fL
ztQ#PgMctC@qUst6g9f!k4HBM`fP!_Il7ej2XGxGv3kDd%V5gz%(&|KxOJk^qI5JZ>
z(10DIWUwOyac+T&$6@Ee_0N7e=huZkHBm`a!&MOzq*a(@iPoly6(LT-0Tu|u{F{EW
z;B)VqC)XHl;(H)^N_O4h_4QoWbGpMOSYc&YmIuUi8pfqSaT+wP2Vg|NgRq%PN?RqQ
zwPdB0tgvt&Xr0v}v#Lp2YPELY<56O+X+;rpU75Xp{x82(v%+`tL8$rj&6Tx&H}U7>
zdhnhr!q$|viz>C|F=$%D3r~166W=Gk)b1me`>&S?$m5wj{J`NH#Tik$`r6qxo0swY
zW?0Oa)MT_~ZH<a3)TX7HqSQrEwWT$R(rp;VRk>5u{HZg5`0Edyeg1X)>Gr>w0oSYn
zq)pN9Jz8REC{~e@(=t%aW|ijJaG3-$WA*rWcbDdiP(0Ntr$eM6hK(@r;bi(G*R(He
zv*+JE=aA@phCmPmNJJ!J1BV;YtXd7Au>l(h?XZljvZR|zOD&dLY})?5uAvZGW@1+N
zxNHgz7h!f?jJxZE;=eA}lc!f-e>3mJc%Cj{MsI0N)i>rN>uTLKZpJ0Oq}(=oX-!qB
z(K=*>ikC~E=)f>eYRs{W&nD8@ivvjGL8*m`=Ef+`ui(tHF@#ezXtb6JqgE`MsM?`5
z7K~MinvGY*wXc49eV@mz`~H7r&E~dF<fe~um8=w4)Qqq)G(u`fRUus^oX|>(B$7!`
zu|T##SZ1aLW63ZOgh3z?0VKa+)DJzi=UU4=JPkLA@vW?^u(D+gtW1nCVzM(JrRy^o
z$sDTu7lvpp1xZ3wE}atiKvyxQQjz0}k&81J*?fFdx}o@^q1AQFcbDJt>+10yVP#sp
zWuAUGmn=zQ4o5<DVwOVd>qOHPSSH;nT?*%|6ILmbcHS(~RMQe-D_UMpzAE_D=U2wH
z`~6ig(=nNurfoB9l97{QlT9&EM%2x<Bxup1jcBygq5z~+5GKeHcjNkf{rh3^>xT{r
zqn#gR*X6#wInAOdRxL8ZLvsQ49;@E_!>2#ah8^$SdS&r29_mo~njt3VpW_zLO4{mT
zNe7@$u<-mqoQW17`|m-lC5U&ng{(-(ujjn=eYhtWu$wuNW@F6z;J9EJRO0U@iqi%o
zs?$g`!ICuQD|=ITrHV9K_Sze;qY}3q%ggUHPdd(*YIkC?)$_lqzmlU#p(wQ*X`oq}
zrdpY#*x4-!l+la~%EKjWDfs;P`SbICZPueY`_cOS@7R1(wiz9WWpPeeC8-7}EX_-u
zMFl{6z+>?C{XUSy=-1uT=Sf8Hy#3E%pyYuL00*!8L6Xd9m72>%T^opkJ7orwWQ$Qo
zzWd#_yxLmQwz&N~n?r0^O=~0G(Kka${QTKA!HVZR$5~rK+Z7n3>Q`@jLv|3#EylD>
zF<^CSsp>wsIWa|*E!C&K`nqu^BH`~Hwk?*wPrRXwS(IZ8$}FW~*xJdGtXj!xG|jYa
z88uQ{C8;g1HES0u*W2^nGp+r7zdZcwo$LA9Zl||?e%GP%=%rC6sYX{dSg2xbkfK>{
z(m<cZPA8iAhp^qm<MR&o5Z1OJ8cdo9Peh)Oq9BqY93S?|Rf?EusafxhwN$zsVa^HY
zu9f=^F`#J08AGCRlg^(wgOd_uR~_QBFRN(Y6*8r&@4bp_rjLE>wqjOL!B|)4E1zx?
zn5>55&zn<t!rt@^Ohu7DPqt$a%%(E45-e!aQB<2-G^E&#Xvu<#Dk?OVG;EqCNJtv@
z_xtnw{O11j(i8oF8Ski6Q7Vxrv;{#6MN%ycVN{1IxdEb`POTDUa!l!uB!TnzL%}rO
zTa@?wytZ@i?_|;pK-w=di}<AgJs3{_KuQP}5s)s_X{gO*YbH&!6|Mbktb#N!IHD|0
zgtDS5sE42~X(0*AfpKKBiw-g-n=Z?_aw#LTiUu)kvdh1*R~T4>eD>O{)y|dH76<Qq
z^}=#qbfc>PWfQLZdD1)WQ@ln|qPilwsa-B<Ein@my3yV<HU`*9h@E}n?_zGm7>iW>
zr_3`3F)U?`v{@~&wu?n=8qu^<5M`ESOkmk3(){)J_tyS<*{#01{Qx7@AHb%pHi2|R
zEk!~h;R!!;Rz6=7;r{X4JHN^P=ecALOLOnKn+t5F4Z2lf(qk4eF)+gbm_asE_9&}4
zs)3w24vGcBPKN;+awvfaPRJ%^W9#gzkbe`-_Lj=unYLd$?4);6H#zy&TT^UH1+6kO
z3owlptR%>;kn;8M-h1&+F&Iy+eAyPvStZKnyy^3W#w?FdiuLo?U8?TI22nkwdiAhx
z3d&yN+j#Ev`%k=vVP-(a49JbCnKfcHh_aa(MynNLYQ0-p`}6rHNrL6elzGRmzuC6m
z1FtGkG_aPDY9~4oh;=bxDU#HR&RCOq!6D)Oeuw$H)}l1f2RZ)Tia`;Gr%Pa<3KDfE
zQ|FREnjxYm`$}0vOGu$g+E$j-J@69@OOC%jgysfSYwI&KEiqV+-xI#<;yE#ezIU4@
z@Qh1a`Q~v;j0_`x&n~u8W+E|3*PF~IKQcQ<W-7{Clj}igO<p|cuGbaJ5s<Yvy{mQ$
z5w3CjKJzrGG})4%(piZ_nq?A@l%bND2AN_(7)3ZpPlxUg-}CYPFZ%)z;raHp8KxR`
zhb3z?MCz4oTgEn@PJfr@EIkK*b+bhJ_zt%0!nkOFPeC!!353b|jEYr4BU5hS+^nFB
zSrmSfO+=7LOa24eb7Y3b6_I_m+a2{|tb6Q5-UBIC`?=dxXI&gimLnAE=M;ItIWbm2
z%e(JoH!MY!O`F8#)oz$oVxv{#E1clDFor5^=Q_S{E=(&bHRn1O(%S<ytF?buyoEGs
zM9~_Flw`%GY>AOZq@kW<ggNu2C$f5)aAtp|M8iw14ntMk(W2Z8F|gi(<VF`-z}~lk
zw%Q?!DdHxfNCH}x0wREd5im+z0L*G5Ofi92IfiJ`>fFZe!&<XhW+XJ}Gc;t@lFj8o
za+_sG62(L@lIYeFXs)IMY~HqHWI)yiWZE&BN-}RQJ9A~F)<}%GESGx;k#-wcVy1#E
zD>1+V!sE*<1_4b1iV+&nW=&)bR+6EcMuOr7oRmRsD2S+W;5cRl60Fi>r+{22xp37L
zI;fzz37LU-g3FY#Su2@wal#hnEN#rpg~JFtl2%f7me96A&f&)3^C8VCaLU61q+SG&
zh5P(}p5K4Xn%&grJ@;DozyPKBvs(VIPeogGTsvrIpef?3#OhR+Z3_U`AlGH7N$rxa
zIBYEsLA^^vJK6$#fToU(6`u9nlrPT+@X_uR*vm|Z+ynX1xjQAx0yqMBM4pA#Uo(Ih
zGcaZjrw7&WlR{!36+z0uuB<23dYs$QSgek2?n}EmzD>m9sz$9~hKj$NwUwrD`+J2-
z;4ne(>(UVAWKb4VBB2&O`zU2t(3}YUyJcGC^s%-mP@`^DWk|=XnY16l+=K79XLkK+
zvehj|ew%>-+uvXq7(?LDKWD~P=Vod-SxvfV73u(Gi2*C0NsXOsKomO%?eBh{3%+EL
zv*vjlA`qNAr7$P};w&Vu-<F?0lFFq{gr)ZPcEGfKVSBXhW^SSDuRHtgWmfl&!HyCL
zoP^To>-q{jBkrlgT%;5rbWr2t=C=Cna8yKSP~xzHQ9_{D;nMuCiTJ+m>D4yf_l&+f
zDr|(79I<tjjvVq^b=T@7{Cm26SU%+YUEP89-`{+4$8FwlmlYs>Iq*JsMPc<6w*F~x
zl75Ql{8cb~qmpf7XFrI30=Bo@G$%KRu^M>JI_l@5zV%^0niK7g9=CTWW&AJe;b=m}
z{n?rE@4C8e*n9Nts!Uzj8PBNv(a(7Y+*wth$TX|l=_og>hpHo9&Xhr^Xl5^_By{yl
zY7P^s#^F3)sqNV6M>P2b+ViwY7J{GGV=jve;@L)KuX|tY%jl}S-%xrz@Y5vDG}y{v
zmDmjF`1n)=<%gMKbx;}0dUd?+U<Vlpj07|YQ9uD=g4SDTw{2D1s?^q{BNE2Vu%?rD
zRIcinwGpE*5OWHsQbFp&JN9q9I5C%g_(r9-3izS1mySW+Ci^F}i5nWvsvrsnk9aQF
zQo+k!;-Huun1V`11zd8N!E~x^_f*-ZUjhR*m5l4BZTja>#%<u6TN%;wf}(AS2#E$O
zBN8FL&C@uGa*_v!F#bI2_>Si2<F7Np!Ztz}^oeBB$DZ)_fmQ+GsB42j0IQW9gTtqW
z&X`?yHJQd~MnplNDkM=<mAki563QepxRtwQsZ?fImkEbr(P^O>RR$*yXrW4Ivpd{#
zGrYFdXENxwHLPvv!31HLxJjy^kFhOI;LJ8oK@BQ_wktUM$`<C0oKR2>Rltc(nwTRQ
zHAhO5y=}^;23*SB>5ITdMnDM-;=rniqDrn9Km{|)xH(~&=bFam<m#%IRkj`um2&A9
zF{|O&wN$`SrK;6xw(Q3;rYeSmP@K~kYSki1B%E-9LJX6n`FqBXNNL(NIv(>&5If>S
zz|NGpx?3|VXi*0>ZekW}Asv~q1W}0QqDo-IXK`;SaL-H*iP;RyZB@QzW@b!QD&!g7
z0<U+uLn@Yh3lx)t0t`?#*d8EG`g3cwYo6t~I0J)ZO078&#Y)UYqbP&b(cmMdG|`@p
z&24r#T#qFQP^(2Gs%@bG6hOR70UDgQd?|~LwWk7tCl#<(F;v}9q|jnkl6W;?Af%AU
zbUKkzFl`pOGq@k;nZ9K=oa}_bL1L>B5KK8TkC2SCJ4IrZ9H@yx#Vdu<Yg(>XDqDuN
zk!8|DE=<xyBtnvnlyQJUZDYicXvK^yWj7633jO0ku7y~T9@dAz@x87ae-Ve$OW$q#
zhSF>wyI*Dk{;5@?H`s{VC*&;=r?!BK9_%~2-Bm-ZSk{nY3BPTg(16yf>rW-Y?q09C
zo$rMBPBMLa=k1>C81;$uch`gKs}p|mg=nc;=IN{UU99`05=EQ#)>Y?>CP7+n*GPSx
zS>JC|pJoYlv@7Us_FQ<sd4Bf(;rLI%ckhr#0BxdhCKD(un*;_~`4$uJpS-w`xUGpL
z8Xm$XR9<^X>WCUiAYa~+uN(=MUkJ0gSdi2zkU|o`i6o6I-w++|M*!53Y7yfLh&l>H
zE185QlWaHZDyXnX_L-#}V^vMHbIv{-=Nj{rO*pM}Oaq+-s(lf9&c~ar;RytFB3Lwg
zimoF`D4N@=(?k=dhHmNGeXv(FH3e<8Q)vAp8$Dql!pZ~}!YIK6E9PJ;?FjOqr8Zyy
zy7et^THey6!xJaD0Sy{k<kc<AoS~6-D|G3E!XER-rQWKEQZ5*$Nw*;yVN7!YO+uYQ
zk9cW|MQ4wD6V!`9b6bfrr0Ff)+O!?f>0;2(A%Y4j_i3VT<BVwlshV~mFQpP_dQl^t
z(j}g|HELuu6v%-lV(PIDJs~`X;{*&G(fAs-S?=@TyYI*E8vuGf)qJi*Rj8S&VX{q3
zQ!2Kll_7|<5lD!+kqH!`7Gh2HgJS&Wn%c6Cwb_|zwE1L#ej4UtItd{;2@Zz*WN4Zf
zHmwn5%_74}W3DtzhGb?wyZEWy7-V0kcz?Q(vD@pkF5z%fjHwwJDon_e7Ep}D5#Gqz
zH58S<essoN{ng^Uu$c|ri!AS>x?C%nAyta;KxS1e#3_-!#xB`i_Kp~-A(7oiWGXWX
zS&+<<W+XEbnSHmJbNK8>GC)^uvZh7@G6|TIGN=|}-#i~(hho5(7dPg7<cAn03g^oT
zO(4;VrV#0`?jM-U##v=1r7=;pR?<XFi7PP7!x=b~etv&<$L^cI8|H8OrAzhndMSh^
z3LzaeO>7>pU_Il@>Uf{w_x-f?Yl-LUWF*ehuD#jwGp)OT8{jzGu>de=wlVt$1MV8C
z@S1C`x|dlnv5A;R>(^?ziA)1mp`vMurbT(``1jSsIfe_%yD!eM>FVt}v5VJy?}%}V
ztg3TNXsc4ZyTv!LHo-Efy`Hw4#H>R~bSG0267ya4)x6r*n%8U0v3_g&Or@lvP>3v6
zBx0%?Bq8Vd^Y7dKIk4aPex0-X#>T~Z7cyFND-zmCiiR2*r!|y1FaUnO^L5SVg#3rq
zdd<;uI?vZT-`^CkOVMKqhBNlW3fjm{t5nB$B}KC7)3ejAsb55H!kH8IkFvU(LwHjN
z-ka|_J-zskF$|TrJ?%}*1(dDcowiB47D{bf@2L9Va4;(sTiqw7!Ms)ry`E#Y4p=dB
zZ+Q-IoWf+9p1+%Gd9CKxzwMfh6qHIufu;i#(I8Kre?K2^{gr=cH?QpfH?GtDfJ0|}
zdx<1cStM&p(=$pGQCa(pm+jUWkh%B4%+&(LSOO$VCeavdphSd}l4&3bH2?qwlV(J+
zNhOniQ@f{b!skr!S8fXCxro@Cosr$d7z0Ol0g823bGVx4bEjE4#f)|J-g_r@Fu#z|
z`(<q#j0}d~Sf}R7HpMF{r>(R#F;gjZOO{>i4TGCBjZ8&|bk{n@)ZPlgHS77Zi*hbq
zyzhjZDfGQ%pwkp(FRg!SlAAVZ6ey-ylAFLlpU|G3{hx<N`Vb_5e4JjDt5Ku{Br^!g
zl_d%UDMFH~r!*@;DOp-ol9tMh(Gbp9M5${Ye-okJuRp)nXMqo|-3y|d;1{w1v4QDC
zpizv3{}C0i(>k*(lV%2j8kejCA|NcwRx)D@WpG4szsABsZA_(e;quxxTi?%oOOq90
zT%G7NHC^LMv|_PMG_!JSTg0r9iDin0NjcGU##Z~#tzs~a+x3cV8^a^5{?pgU4;vT{
zTs#-QZ@-*<sCnwFts;?YK}%^Zwe;!@=We~$i<5vDk_OQcDq75nrM{(F>!n+Z-Bn15
zcZ?!92~h`0h)oL;)XPCYL=49f7_m=|$qgle=GsF{l3`ZuH=k|^%vdgO=hk`GW!U=u
zW|gJ}QHZgOOV{F_HE8#=%1uuFZ<wExO8V~Fd5!nf^~+psPqJSqJmh@#`e{$RHLvb`
z*L6ANt3{~WR#=QIVu-esQHe^3i$>PI&*kr#jPljY$?{L*zkBEgDyon|Pmw`cAb$gv
z$}H+&ol-=XKoA^6%s7|~g+U;y3m}Mm`7?eTpWGAk_x8-t#Efkr`elHt=4%7M)f5fy
zc?@Bsd!pnwFw6ty`?%@_26aBk3HT(2|GtQG`(ETepTD{4#TQnMWfrz7qL!6DI;UTZ
z<D!}Ko(J{VhoT6OfQTdcP@^)r&!ER5ISsgjXoX~k;p->y_}!mLGsuL%B!-3u_MKo!
z?Am=pnwsKDzs8H5rnGArJ@X0i`95>HK2xmu^nnl1BtMV8OAWq1$G^$V_woEJ_=K!W
zQHxs<MFp+SVAnaI=PvHXHs>^i;zhzz;!LGLG@z!IZ5X83F^d+98{g9O=RN*f{MM<%
z*lbDllg1wtVJHa_d?Hh65Y?&sT%5bII_1WJ5i^79pxsQl<2-K&iD_1$ZG@g@Z|R&r
zd!l|#e_J>6G)(?C0{eIj=Cjyn=D6IH=h-BLhvG>l`}fXjpPu}BK{sK#Ip-ae6tg3$
zl9-~3qKYl(_4VlCy$_yS?;hT{)*o%`-pnUReAZc-B#y^eY#8s~VdaJ7(X0DbN2YK4
zw}hKH&Hrv_;2t>$cMe9HdB^9zdgXH`=JlpF>R%|<*RAGQ{gMahLLU3&<r(<1HS*+c
zU>KNXF{YYKj;+khm2Hmb(;DHHZwd$xP_XPNXpzC)xy&q`@V62k@-_@W5+e@G#As^+
zi8X|T2&OO)Y#>#RHk^gvwh3t<lMoP-fPo-no3>k41weNwNv)=A+r62YRoP0&FvWpN
z#xq1H1yF@6G5|6$P_o^c6-Bho>IKlt1kAh8V`O)9>r+HSOvOm(H*l8SqT#zWktw{I
z)}-1NXw?jkDjGq>U{cz&S%AT2X2RrhyD>EuBP!`xCBh;_g_<B#s8krRNh?IDW(fh8
zU|80JP0N-Y7VNchqAjzm-CP)3BPAiZ!Vurwj?4Q0b>{r<zGwF9=5odMcb8=>TEmo^
z!C(Pw?`z!~$!6olrD5IcQ1+fT?m6#z*vh-o{1_L$1Wg_0Jj<ckTie4rs0P9{Xr8+~
z1y*<h7SXI6uFS3oPNg_|L*56*ueUP<@D&&wl6Y+AXMj!j!=-IEuN|6zLQZz&6;}>B
zac4B3e>Km6;iACfbKe}?e{I{Zs8`9w9vAnOTa`m?`0MyagKCea`i{0EPuMfFFh#ay
zYJF*4={;k5c9y#*iM!5tDSOj-+d}Q$(+^w{?}qK(F~WuJ&|<EUtAaimTO|sX%Uj&>
zS4VnsmtJlTtsQ3SUUpzbZX1I76f3X0IQzU_=WwOBI&6%$!uI63bFyi<KKbw2zdxa$
z19qvpJM`^f%A315mD=AvFP{gBcK2h;rnT;5vict2;;Bk#y@j?<dprURAqET>dCxWG
zT-TlNob>7Gv%td733|QRlh`U}3)tRWS%OgMWERudw)(>y`i0EvdWHfn`saxi<%6}>
z=dLc2WKoLCc;VgC$8)W%n!vL5!o?h!oj6!;McF%@uxt~>Iz5Np0ALxGQxtS)qYWUN
z(B#1|rYw1By|=p3W};bu`|2Shj^i|C%Z^>p>;Y4<4fx#CgM+@blBd>-GhicP@yXkq
z#d(ZZ-F<hvzFW)#U@&9`3_*etQjkf2D5K)&nv*oBK9yTeRi@<S9uv*QlR}ShO0@N|
zwobrFip9cOZz1XhxrSQSqKG>t7t5-p!<OqDZbVZ{EG|<b9pkX!xE-qv0j(0;Fu*Pk
zrw!{Y!nAUUxKQ+Vb&eNe<yX^Ihh%cDN25bU1B0bRLTDmPQBV~1Eu=LOnuRp1%%!xQ
z^4oNE9gsuOHem^Q;?td@8jP5`A)~^>dt*owS%Y!_TC^fC50lMY%)rbz9G=?VLXAdu
zMkTZ=sERMC(%L2*Jy${@o6~Pjb1K$w&6KoGn>T}Ck1%erg;^LcXlAhP-`FT>BOqf(
z>TLY`^YoG1^$y?MJdZQaNRU6-Gw-1yy3qGlSgPZg;<G!f)tS+n3>#gr8_dngm%MvB
z(#`2w^qjS-Mbo9LpdQBNd9}XXT*uaSiSVBIS6F^uBG@3qaYV8Vz(PJs6vbKai2b}L
z8^;0<p^NwC9F?2Nncp2ue73TPw=6hoT&9C9twfN4DP$KOZKF;-xb!Ce;Q%2_bMw~u
zzBn#kIII*`RN{5g<h*E$45cT_K}?BLc-VUSfNR&@9>Sg$?{#oK(d(|#mEhiL$_eAk
z#4_<?c=G-5KfS)&>>h!jRX{qdpooQYF2e-{H)GREH(G}qmrW5`T*?T{ttQP>TIi;R
zyI~)<0Mnx46~zGH#jJ+^M<^Q@K?M{OLp$0S(==>C<3tQ%=4VjhIuiz0L;8+;hQLO_
zMLbY80lsT`*PG^VeV|VnG@n~kh{dC5pj8auQgX#8MGm5&Y0FwzYxPZLVLRX7bQ}9;
z$ux!8Q1`!dXSaGWvBB6-e)8EJR$-cDSIKy^GRCoEWg4@(>44u{oj4!Z!Z9D1U<PX(
zC()NB3`y<+QyXsFLz^>u*nZhbgCuC&vjb!n&qxIRk^zCZ&#%8qOPa!niLtPdtt|{y
zK=|LDddEI_tG*p`&#r@A3p`={on;jE&lzqQ9p+cjnqOVdy7{lms=Ag*EXcZBaNhWu
zVvDnbYlsl#T=NE|<Xb2zh=%{QCh~Vs)Sq^1Cg4mauC!0?P5yI@H{SegxaoI}uG{ju
zWPRtP($@6@&>($~Cp+u+Keg!m{lO-t6A~%r5nNFyDrTghNV1AmIuxRCyGczj<Pu7y
zaEYW+97zz$q9WzfHB^mih@<aa>v^o^AHFo(I_usiKs*r|vJGI=!BUuHw6aoU*=9to
zB$TG7?X_?&aw!DPqeBXsX~``GJ~9U>pvvh9#Y}`zKn&uvz$vCfR<NYuS4kGKgOF7b
z)Wozjr+++&_qKcU^S@^#y!R%Al459llU7ffa%3w6ka^!T&7}aIcEH;_P2GkXLU^8Z
zu;VhVdwS)3Ma#?M^RE6e)^C43G+t<4-=4amR}~nXu!;nblfL|XKRoc~W9QxEKKV&r
z`%NXXfHs0a@DPa2La*d3cP|kw;&EmdHN{b6Q4mrBn$h}Ae^B+v%>gomnQ1~M&(mi0
z^@kLhK5Wo@22XhY^KT2zBqa%Km(Mjfvc^C>Ks?ljXGTuX5U_d4xEk9H>kQS_wVL`8
z2kv+1?9=<a=6=lI+YWx$eeQ!u|0vXItt~Aq!o*T7SxSB%LGR~2JUP!j9#4h%bf=7*
zWSmJjH3QHn0*pjtl`WE#q_r)d%;f90bxN+1mzoZ3Br2&TvXn7UD##Ut6c#Z&olS<r
zw9s5V<@DSTYZx-~;6JXxcQTQTRpa_SKzxFmhdd7;I{uyK*g!sco_%%uGgX`W4-eq6
z21U@TgbB4x4D5P(`@D6#<ZnFmO?Tz&4haz;f<hv}hu~-%i^i`N;k&y@c8#=Il46Wm
zl*8VA-ca+#86C;pcYig}{1ZYsQ+XY|?v65DZtKI>t~q6q%Cq7G*7W();eLj%_P=l^
z;Qp$mWoR(0CrG5R5(0~r$qedYsZ*!lo@$V|Pkgg}T{4&;h$15i1O<OAB4r^G%p%cO
z1Cm!kuGW<@X)sRC#a~`;<ptdiYG!Ci$g;4&$YA|t^2tYglrN>wu811D<<P(|?zCo)
ze5OWx?DMjFHx1<0r@tg1e)qcfi97YC@HE6%^`eBCSczp}Sru(j>(|xmo^xJ*XEjRy
zKW8pKABBq%RDvJ^Afj0*GFpojq}hdJ%ov8YS!AOaP5Yaxs!F&R<f3MPBy*Hea3W$w
zYa@vyMaWn{RM9km1B4=x#5dRlzn2H}{b2t1nHcg@Kafeo-%fyHx|%bA>#38%@8pC&
z{)g`m+B3(!gWI>ay#3uANL63P#hlVivsB`Uol_c}S)=RMJNOr`T=&`Y&v4GmyP6Mz
zstE-ckcff^gb@QG0wC<4bf%bd2?-@4B|bxhtiYmyIFTwap&Ld>BWYz3d7#(#n14Ek
z6E=IX840uK-1~S3HkfBMIC>DDH@%xR*5BGwD;u$agXN`-p)-SjC?G)pWnxIAl2Rir
z6hSmn&Gpx}>+7BGH^0N<&z)BA0stU_DnD}qLu5-Jz{O&!p(Pnas9=A3&1c~GbV6x>
zYt3OGBOxz7>p&lN8HS(Mgx9;C>kvHAP9YDHNLlPUMLzi`nLw<Jgd`a}+h}A72UAD_
z#bX)3nOKqml5QNqU|0k=V-F*(B9g3J2tjCOV|5cU6H_w>cH}^TptUSVNFq#&9L0({
z$RLS=0!VPGmRBUSN0t()YZgo*97h;95F!aA%!)dImKsZ7IfdPu-7=ewDlu`8T+{`I
z8NmQD&>jZnK`h6WU@hfYiX<>MTp|?^6i~1mEXKh>6^x3OFde4S?vBoG=*L_OB>_Pa
z0)pYG3Sm(+PKd&a?5+d{5jk2|6|ylFt3wb#PHb#jQD#MfXGnvhaE>s{66-3Gtl@J&
z?ItFN_BZ+c_^$q_<e)3#YckXQ`VZJL(@hTZl`~<(tIShT%wwW?3a%i}XuBJgRH?^@
zs(Iwl+?#n%-`&-BQt#3R$Iqz>6TrA?{PP={H3aBA9NtJxZ^O$xBm}!&W@theaacn#
zb$}-Aib_vB-vB&32NFm^0)Zf~kO=b(=yR?2#WT*T_B}$#&8-J;l;~gM>oR=nO1&L3
zy5qo(IR9D@F|RbjBr$IIT_JYn&NJeH@g$HjE<VYh8+t|_#TdSK7sc=+kFNKx3?w__
z=tgdUGqh>ntaV^t6h$TL_;p<XUxYrl^>-vMYc!#poUYL}V_$s;>pr2?xb^o$jIUqH
z^XwC+-18KaK?jRSYnW<uI-&b|NR968>#7F|_<P;YNn=ifs~<|<RrCgh<<4`~M6Aqv
z)bBTk-#3%U>o-=03>2^J!BF<`sIuMX&I4ALZ7lTBV<|J|UpJ5It=+Ghqnr2D^v{9O
zm2`Aa_|H-?+!>{+3EKy39svQ_wX}p0y0@QqIR$-wrKMx7IN`~bQ%ZcERs|Nd%~F(E
zvbgQ{$WMC=Ibz4%^1JC&v{!V0HNDr|^w-Ifon{4`0_xctFSnn~PmN*uTix`rt7%e1
z*j}r$3A@)``uZTZZrr`B*t1VIvlZq1LHK9iPlzM$z8jx)OF*?$Io?~LGvKf6zSk{h
z-1}-p&#;-)^du-+vsah7#y=G>m3`H=5Y1Z9I$0dDq0>mE22jQ=#N=;G)ps?l%_fFP
z&_Ed@2n>S>?q6-uuIL+q1_2A#s&IF7Wp*fQV)b>|8&ddk==-$d@&gThtT@Uj@?9JT
zB-e+r2P=URr5rlu+0vWo+N+LD=XEM>LsqkP?;2~<b-aCjqb<yQ*3257&6eu(-ro!(
zdFoLTgVjX{2tvgK5Ud8YXs=cHgahOb+3S7Xx--NQ9M~=bD2Ufu1X1JxD}~VZ>#(jH
zI!3s399gI#^oe45vSIH^JptcM(GAMyz2I-ob!VQ=Xgtb$WH`bMB1kd`1O$P77+@Y<
z4d9p2c*{{;8=2jDW@mu|Csj8eHr!RpaB?cIVE~vQIk0X7mlvewWomeAnQ^w5LKsqz
ziCo_E+V5K0fyhW}gGmfJtpvwenbN}*T`-uzR-U$IlpNTq(B5{`xDb>{Ac#R2!#W#<
zJ+p8&ImL~Dgf`4D8&n!eL?cy-*#oaU*j;N4K0N21d6=5nz4JJtEnNxW5dZ?3(BVb_
z;sxzhV&mFX*K>4m;Q^j@RHnocZY&^z4a~_%BtTZSi*Nx@G?Al5>29BSuI*agZ+i}q
z5MUkTgtoDh04KHmtxHAF!2}E(0T?h}hJXy{$`rzo4VbMQ8c0q{oVCXtu8b*g6;zta
zH)aSBzOEQRIYv_i3=Aj<;Xv;=R=gE-6IAZ|b**abM1+WfBoo;Yq%}n`90AVTaFD?>
zW8s98LPtYMB#4kDxoycHcLgbW_;V+H)@k0fZ#9k_A|#P4?WJYI1O!5K*SC3X$3S3)
z!3W%}!#wERn-D}S>l+D!B+GT4czb}9ym*?9-fmU3NJlGEFpr3<oEVWuR+;f$4rSM?
z>6k24R8e?Y%*@M_#)?RSNGTh4)={?VfWSTk3`88z?Dsb7S<P0`o>lIb-KH_R^g^q(
z*|2-rxs#Z)5yvY-{0ivS9q$SI_lK}x;tdl<$r?+@olBk0xVwa6#?sYI{7pDrG`XvF
zrsJbpF>A+*5Mi_W%rt`)$q`{jDhd#kfmWjkM&+$2n<w|7&wbvXOYLa>+jG93ecU?M
z&YL}o`oYm>PCLuZ=kj9ihkLo#JEb^bsvI)B4-OVIbx*#f_jcmnvi?%}v!7x5hij@t
z9{UHPv<o8Z=Pp!W<O!dvK1o`zV|1I3dadZ25f@%c6N=4|RggPf)0%5)Nbr})s-4p6
zeV;(uHVX0P83{pV9Ly+7Sgqatk}0Kr)KZ;2J*b}C)&{VN@W2K#2edge8lzhyY_!aT
z8(|%MjXmcRgqzDD=86PF0V-IGl2!$3NKEraNF3ir<IH)ns@n=-*H=7rbB4uR0H)fY
zGYTs(k%<VFKX0av^pt~q=sKwOA^-q0wH-M^Rv_hYqy`rfog*lc*wq6X0;m9zN&Q3K
z6%e}sC@jS9T}MvlZ=2KX<}93#Mgc-3_Sqsqa-h<{1cA}FS{Z}P^b@)5X@Wpnr@4`U
zeOtf<UJ23!4FG<Fe$ez~bMEbNVIqqULWzxVJl3*7cboH4O|y2%Bv=zOG6Cf;zM39~
zJUJFf@z8W60!CN$ZU&HaA@y#2-K)rtT<x?nY;RofLpq~7z5{C#ZC+*(R$98pIoOav
zYS#iO4-W^lcv90FvsTL)w_PP}$S4<&5rAJM+;sS05ktZt#SWt{ug|Dn_Sj8>0*~r8
zdmE%paTJgtcuYmPH#9-FS)~df0hO#g1qOqix^!o<Zel9Hp-AtQMkXru?$C%d34(0a
zQ&YV2sl4{{$uy${`mt?UZG{z)N}PcrPKz#)g%&}zAd?L$%m^$k1no0Kpfe*dmSk;Z
z6%qVAKK_q*IC*mY*VE;Pe8VZIX(tfebe}ioPYJ;IO_fPfl}lI6u9mm#qHGGztSLGj
zRfI@NZ0M#vm<Jn^w1Os*(Bxd4gb+3+^dH~{-`xATy`jz?Z&2-_S<dQV4pPZ8GiJXL
zhwfpJIpB8!9e=xF>pqa5+=o8If!#ko>V40gyzXr7|BUsu8yQ5XxK^esPL!z$U2Yyd
zdB?u`_0P@U9{tU0oBDh{5738#AcUXRCW<PyX<4?sxLmSPKmsCxgu(&%Jk5OpzTa@y
z-*q+3^Z0D^a`y;uHhXE_VZ9XTig%`iza%HVzrY7w_xUI0@!I|O<pbyEysEkFXpy9|
zGVC!KX-E<vqQr%nT~Iflh?n2CfZ>9CN%u`S0i7QN7^GBitc*rPL~^>SzR^oVp+t$X
zM6EQGU7K>}4ibWkT<1BGaV9lJol&tP&U(G=s0N3KGx@kE{__Uk@5o;dN08`J0sYx>
zWX*hpf%{qa&*ys2ygq+zSIbo`Dp_i!RaS!9*=kqPYr5{fKIhK--n3JFx=%XHNM`6x
z{^|5cpQ%b(Syi?+qu5BKn8;QlNLE5?G=0x-!~5;uhEVQj$Oo85zl5+S!CfPKAet!t
zr~>TX$WL{$GIsKPkPY+UtB1YKCeOi7Vb}T4Ay5;FArORN(#nK@xhZ68E-1BFkWgI+
z!AWhA+Mf5B95(27CbRnve9q*YRP~&8eDpd&5QIQvAcOX_6|@>lVIh^7ycprkGy)*G
zOeQwmw9Rv4WP?;$D*kxA^XwtnlX~2mKeyqHX8`815Z8VDpSW+H`8_wiYXeUA^a%&q
zJ=Z<g&VHvq5U40VA5Isr+<e*H*WPGZ5ud|VwWV1a%L`#`6sV4e-=Ai0x9+|(zj>A6
z)l$-;id!pEs!I>u+PJDMOTi)1kVNem6cSVs1^_51D%(LBA@jSR-S}bi`<>U^hG(<*
zUdIJ^!olvgfcU%`FX5O6-_T|B=$|IU`*-tv_wXwJ6)afN+6ill(<Ma+(-ZIL_t$-V
z_1B)Ud+hV?%O_nr=}wS`1Rya|04)7zTM;H#RKw#&P+gQcTPm3xw^wrEO{FY~h^ET>
z{jcZO=kF(``Gk_xurB19hM_IYkgl?V{WMA%VwufA!$~!gQ)#AaTo1b13mm7sIAjm9
zN%QZ|V0;71_w3});8K>`Q3Uvu3LubzQunyC`St#|PmqtRCeZj%7W$QR(rZ{|)U1@H
zYE-4ArBYOul5K)bABQLvhLfXEEuF+Ti?Npirco0p2!qIp))^NKPHItdfvFc0Q*Rz)
z@a;P0>EC<V{Ae&^K3UxRnev%GsRQSiQ?h*^OHU))#`AMI@^oVP_t^MkqM{aJl8LBg
znp9DnQ3WitLx^^fsHxK;MHQJ=gq+QzWr<~KL@8*1bM8Lx`{rNW!|%sK&UrcF&qxpA
zLV^m^s+O%=5~y-f5lJkHEHlh-1YBU}kl*CQ;68M)&v|)!z9#;95GCOx;CA<!=QRN2
z4e}?zGoN=n><>RyvXrT78YNVvXwgPbhsEpjJZ5upX@TwC{odX3z8*v20$c2;Sko(c
z+my;=30NG~kLY~Fb)ggS?qTP9txvg6KAXn7r?l$p?^^nb;uTlR825$GJ|<KwG+Yoi
zB*?L3V7SB>3=&8tC}Eiej28h6gG(W~MFpY`1CbF!gg`A=1t=MXoN-{M8I1ud$_U1x
zm{M+<Fh_bUOt4B|VK8@&flnkBh#*md<|_ceiHe*+L@B`T>2;%M1p*pLq|>XiO2$Eq
zH?wSVO|x{c#uIsExvQx#$w*_YXjTSpYi5=jyV;^>VT=Pz16yf~l#sl{8Wtd<ECE~$
zU}OPa0aAETLYj9uLrD%20nRIE!J<UTh!QfH42aZ56p0$eSduC%E>lAmv1ZPKU}PCk
zD#|%sWf2EfY=owXRIO1Gf}+Uh02>y$&APQ%P&xPG)84=fe~TmZ6^<E_Rz~b|t?KL$
ztnb^f4_mK^#ki=uKzMRTIMg}d){m<=06ohFaGpRbERmiasrY8j?z3f$&j>kr@4d8U
zit-`)=CDZf0CW~Bt6=bX-eg~Z^fjz106lVrScJagTO_%4NnXL4{LhOXm}|dddr<lP
zORCi$g_+v~IeNE7RqxkB4zR1cyL+vXnXfi+aKK(%9X4Eb_uDo5-k|TZW$VFe8+9NL
zYuq%SN_aSs`<YYA^KpHgJ}(wvL7&C+cDvdvRq_|d0Q*Kko|cL#>NmM7sw8Sbg2TCO
z)H?NKtLZZ*hT(y9y#-htOVcR4>|%>UfZ#zE4eklHxVu|$*C4?OE{nUngy0@LxMgt<
zo&?umizMg#n{(dxzu))V=hn_lS66jccUAY!&h*Sym3y3sjGB{r4+ZE30;?StHhST`
z0^92N9lvv{Q8srO8d{j!>JQZ2>T=St-*wf<1JjP51$0-QOixmJg|7}U1)SHqZ2gpG
zRO@V-e`Kq$Jo`;sp$$Eqs8Q>GVN@a6EF!B|6jXl}s2}As6xFp}a%|p!4tVO{C%_yC
z*%9W$AR7{2D4A&fi_%Q}Q$$?${hLCB*U>(!{lmGbCG`uz{WYTaB9OjOIXi3WuzG*N
zQEC3D7~?Fpg2#!5qHz{#?`HjO{^gNvx>pfrlj#q!o$xJju{Dc!Fh3e98GZWvPGU2s
z)aX>5G;K{kKx!&Ez%ju$p_j~RlQJG38bL*5pxmm#kvS8MLAG7Slyiy@I@)9z_(pd&
zy%S`w4<NAU=MIfVl?=y>j;@sQSvo4+8TPO4rRzVRoGQ)YqyWiO4$w`Ll9bZC5YaD+
za9N&rOi!J5Hq|8wt;1IV6JipIva*E4Ks`7WR%Hmuyto^@-B&lM?;k(%qY=4PY9TMc
zQvm!Lsq{qD%dXiQm4ct3iW&A$VOz)bVvum_a+`4o;Xny67I@|$RMJckt)#(EhkPcf
zNJP8k)4Is1G70yNvTeEwgJIKFyC>5VrU<*95_9lN$ta=_By$AKW#RCnM1>hbvhqCn
zBvVo9+RMScxZK=~w6v+ht*OMLEJ-nyL}awYAz?BKQKqExS{8U9@IV9|&d4-gj6G3|
zx<b13R07It>$k~`mY$VfuWhW@cI(o)rRTU68D&8WJ<)v*lT392()KgBOJQ1vcK%-%
z94|S{+$lpxX(8#X&ZNsk%5!HC(e(Wh&x3o!!W^3M5^}H2?LEb!tgKK57*h)2ulXg*
zoNjLB78`W!!cZ8q*gz9zf%w_*MWMlKosQ$neVc{%o)`7*+2UERYnWHsvIEZA`MT~*
zo=j)j?oa!S4>`Nn3Op-pLVI&OTgpGq^gZtVmMidf<I0|d&v<@u_(cvsU(M`5$K}12
zOr$O5Vv%GdUme5S2^<TyUWwp{l=ZgkXYpQH!A&11;-Rg?vu`IhViV~=U4AGIXw>TA
zlT%QLN-j?=53>S#6Ke1gN%ILR0zg`h+~}lH=+@5rw@yJCwlAl=_JLc<oaZ?a=O2{R
z$%?nE=<u40CsulK6|khqQ4~Qq2)U5f^ibE9sd=<^)U7Y+nZSv3cq%dLdh!?R(G((f
zxnu6ZKDSE6#bnwKd`64>0>okoDw_a86rbE>X|=O8y6#sWe-M1*c5U2Yu#7fQ3r!LP
zH|?NId{Hwp&wzXLni7{%V2d8K)K|WFS-0DyMCZhS0;C)p*JC={NoKaD%JYK86Y6IZ
z<fxLIu%sBFj&lISnDMfTdQYy`Z2!i%uownoW3m!yy~LwWd-;s54%hI#i1OaSqW_CB
z-}N)a7^?mGF7SSeYz9vE;ctwd9T2{9{a-?@Uc&)Pb8~a`C&Iya5%+FCBG|9Z#GXE1
zG?QoCKYaX%_ddvlFolS1d>$TC+N@^ST%lB>H?h0W`xvyH{pcGZoD<GmrYq}Ip|8{}
zsdellQ#U_<d{V)vT=y!6)l^&k8(Aw>gm!KgbGSu#dJj}PhDu5s@*M5$BzR}MN49qK
zrAocY5SE1=D_hI<`Uc_);4kL<s18+>(wTGO@2`gJ&ZI*II;R2w_@NhjKRM017QHuT
z<<4i$+!Q6EyleF$F`Z%Ud9u)$A1U;*4we~VvUT)($%bqxt$|x#m;y`6KXnlQg}*p_
zNz}NTr(Uv-dCJl;vwEVNN~x)#TuJ1l#s2NmJQqR*1gEYlrC3`ktjll+mDTP>A<A@G
z9xsRFS`uM+pXd@*6g^qz2?E4@_TF0)yy)J(>#|wKto<w8Xx*sFNI*xY384`5fOvP9
z_l}BRLv&I-?;)t>s$7vMLpGD#fssR5QKvlBS(50(S<pM9n93p`G>o1e_{!iVF6<>5
z9b{L74xK_)&{#=XNvWmt`Yx<6A@{FbGEdoAroZf$`}RQWEu)gV1&enCg@3ICPx;-A
zY5nrMIz0(0yXEd|ESIWPW^2+aGrS7qdnyV<&_65d+3#l7xQ{N+L!G|skm*kekzD<i
z57)w0A{zgVf}Mz0mQzbImBKw;@WI8}Bw#z}qJNLleegx%>Nm3O{RHN<6}PFn-Raj2
zA_!Z@YnitVUMNr7K|CMi5AOPISGLEl%PIJE+cQE+k72AZwlu}0LK=V3i#L5eUWhGH
z52yXk)4Z@j8G0GaWP+B5;kGbM{yjNSydA-&GNV}qTvDt!VClCDiSSctEt2GZCPQuu
zMDni-7rv7ZbV)je4%<r?L4v=peTG~XHXkdPoJVC@;Ie4CDKehZeP#uh+d{KN0BZyK
zsu7Jv!mu(3aZXY2LG(EB+K=FS4G&s$mA%3bPp1=!@iPQuyJ`LI2;~XEw+~?aXo=ok
zOs9jbpkGdj-n-k!?3xP2ElhsfM~L$_gz44wv?{?3`intqJV{g+RLOR1W+?-_oA>G`
zwGQ{veqQ8Njwf0~l3_|3ZRl#_DA&`!5r*|r<wa(d5t4fJ^wspGGZKYGBT(t2V9zJB
zH$m6m!R0GB{O{=p2w`hz5w4kmcG6ry?yJVRI1e_s3eOe%AVr|mpb&rGUl-p}G((C@
zlM#J>4R#0DpHqMBHeWf2iXn!E3jY%GYjfMEs`-|oVx`DPoTwr$WJi<BZ;BF9BuM_u
ziwGI$0;IFhZ~=+ffJ8v<hrW$DSnWG)lIK=V(K-(#;B<CYS$hrf8pd;uVA4$z#e`Ei
zniG@eF@uRCwS*NW!ggrsa9+jil{V4{goYI=+VsQPN>Lcu!L!$BrRd}UoN@+wAaknm
zTc%GfY_`^O#q%3k4C#!#lZ#sn@g=16RiU|TX{^bSAk2Im0%Cp4aqfNWD6Jm@mL0m%
z5U@V#z>4hf%Bv4iuV2U2)?h}Y)<<PqPCE&gekmj7$V^XpE~WNXM}wH{RmE^fL<YG>
zEvtgECZrhUwF67lx~4L;HnFWc7vVRIyZ^#>KQ+m2*S|_5K>B)+1yLQ1kCELK5stoN
zfELah?~8}~Jnbgk+tyL+!_W|8g#cf44^2eS;&;F-jwt{%we8k<^XdXm?j@Fw`}!pX
zlgFi0<MI?LzMh?ccOd{>Y?&{*!u^_lfEZKqYmZmeGg~vteNr-k`Vk|NpS?qm4SK!}
zR_EtD9Ky~kv8kCYT#RW}d#9g1M4A=~NKJnHDtUa`h2Jn}qV)@BFi<s$`Svgg!fV5Y
zfdRxZ66UM!%Bnh4ay4aJ2|hg;i&s`A-Iol?;(Q)z#(1;;^I*Vd&CG%RYuh_%ds2^;
z74?9|ZX*sYaiYVt4|sE?eB47;;74OR_Qk%bAHLO=cxWEh-+d}<QeO9(IKN>hF+VLb
zzHMS(KCr{;#6gv1grWV`fXl1BXz?EwOqCL;*LvXfzedd?PLK48wSAK&?Pctm;wVyr
zzizn1xp{%#ejSXZx7k**C4nYW;5KZQ3$HxRE{jaew6hf;b?jZL!4xY6DLTDF-E`Vc
zC_pS+BMy_eh1nT;@?RtW@qwr+ar`FSIihi*t6<h}RGZ+oUEc0``K_5*`{ki{A79_&
z+Ej1t)_kiEXXQIjY1c#g(EfwsLobxXB9>Ie<a7qT5c@Dm+I|IYsO(nOmcJGGYIEa#
zXt!<YVw($lVCM;TzosB)pNip`nPjA!T+*nHzWJWi50~zbTA&;V_3Y~`jwe8ps93$^
zb>4=pL9uAScNVO%oUMB`RbvCv)yv^?Sa$aJ^b+O6gWCCS+KPRI+U|_~!zSw2M*hC1
zZR4My{nQ2?&{)+#cV%|?REPb(_WB?#Ee|;vcYMLOxe+WLbeV145lisW97}i!e+M-I
zU9PdPb5z7~X7<bK1wabCZeXO@Git7jDTI(dLWUkjF#T4@xl;ufrH=y)-uGBn0m}e*
z3?YSPl<vthf;POn=}csdAWMP)R~y}s2pP(7cZ>F@c-GJlFO^cv-Da?TRh=C~YL_`Y
zWvHz<1}RVlR9|Z2a33wmdkHFd#*1_zoit(DbCIxs`8Bf8BYZYNIi={s$?Vtd#t~_j
zXg3bKA1a(eF);$VwHD}JHIQClK;Ja^3qz#Ph@^<0S!#j>>2SIeI-tT@$;om=&Iq5)
z%>8zsvLOKDQLICW>NDgT@u_pF8W<D3y&d^%eO^l1WbYF|Cb>}mHIAi4<oYMc(lK(?
z`{@MVcck+hOkUxNm|+B<%2@~6cu*KcwxGgmGU4`9UDt9sX)9(q1x*Oc9Nq!8om%=D
z9n&y`ZVK-*aXB4|f(pTBH$s&GiQU&ky<(TQCJ3WzVFyV5T;3to_A2B%0SvJCb~g~!
zQZx{?wgX+G(ua+?Z0Wb+0d~_Hj2-CcEn1&IMvKOw01RG^f#Mu1$9lM}A~b|e8GUn>
z4o`_2%^u86M-?Zf0>^d_#h{<1^JH`-;G>^kZ3X9~xHx>Gnxuf7f2#U~!OdyozF-`Q
zx`&?r%wWBACrNLIjBe9s-V~9aQw9kKY+Jav*oPUR5jR@6U@YWh$!fYfso6r~Tz+7Z
ztt#Y$M~7%@V`;;~(0>P4>*!h@buPWH5}Nh=Dfi<XusC5C)UX)5vDLqPuGV;dr}muM
zzYz<Yc0}L1#?{twqi&P<ZdILYmc$|vGpO1QJC>+V_lk~%l&e#Ja=WaD4E<D_2UTxi
z-J<KgUZDQ=bHuhfERI7zvE}Z#>SX?^`3-LqXT65XWBwDh^~)sPH)l^8J&0aO4b5U^
zw>=7=fh6j2wgUIySPU7%*O-(j`Vd>DuL{nym*x~yQa`4cHQ>zA-Vs|GAOaMTeFeX!
zZiVksl7t~I2^m9TX=BzEFw>}<oiUKn*{WRG<p&p~vS}GGW!rm?#EfSjzE4qenP50r
zd!(5xCqUO}{W>>N-xltj7iJTHK8pCHKGdJ*;cZp2qI3_rGObm;V{R32oi-QM6MRnj
znXBvkVauFwElaMF?gyR2roppXT8ce@NDUoby=cE7=3S@(`{q7T^8T&)P0Jom&VCfm
ze2z2#1W&L+;oq}C$?S=34O4`Q=&7?OMTTIPL<=3@Q8W}_IRMqkdAB;J$h|CZAarIT
zww?t`P&~KF1R{`FiBKd^>!DjtE{h;EhMtd}FoX&<2!2SpdW$yN^AUrFp3IDUtZV@o
zKzjrL;hBrsC!6D8GM2}oS^)rtsD-4n_Jd(T%W*^6&q>$2^I8G%VLagk3bwZ7snBDK
zOoH`Zib3KJ;3#q_YY0*1kiE%xbeToBY$+xsj`fb4YnXJrbiJbBXF0TN<5|ScF+7|9
z-lD6wJx!5JA&z47V|r<d9s{8vsg&mr(_Np7$-q^j08)hzGUM-CW?!yPdV~C~1>V6z
zlWEjK!#EHav}Bl<+lTl+@bb62zt`E?Bi~r@c){7Y{24=&*cz&dN=QgbPkfy(9iDqF
ze)6HK-EF2aLx%)5ZRWN?OWjhLWr$N)Hc7Fx8NXN<+$<f6>nF{Z)jya0miS2-PjOrR
z(<*zY?XL-|qVJqGUnKCWfPWi^Dqvuf$mnXmx>;!a-O$;~96(>n4TXI{Na5JVrnGEd
zz#iY!=M*(V!nC!!I<)k+bE10?VzhbUPoVwEHRi(3hJy9$h1(|xeEX~l28%)ZY95xA
z@hq9iQm2a*gbW881P19!=<p=B-TiLP|BCR@{H!XyE|G$Q_qTDVC;=7l^9p;v!Nd0R
z&hFnW($P_u>pi%SPcv%UU#@~AWM#s}4dOFmnj|4c2{H4=gd`L(15%WfvZB|$4^yt&
zJX=L#D{$)#0DcL?07jRoFo7wc)AsPx6Y%CDA?QaY#&lR(4jW~`#Z2Exw9+f?K1G2t
ziJ(rG-?Ai15zh+Mzlsku@ZFCPyq6)8T7+q{@{qjv+@~IQGUb1vcSSY*^o^1g9{QbU
zO^isr$+A%wrY=zQ*(X%|!mNIO>I(nB4m5-7S2rLb65^RSP3iG?VT_A9dmw<)^?N@E
z^5ja_cXjW-T|>uX-OnF+vE1;cchhzPQ@zm=8RrUUpOrX;?)Kxe$G+{%5rA-F{Uj>}
z>!J>iw&iSxpHQN~_x8<11kNZ-CdEyE<a3a(<KA^}nr1H;9~CoDGG3OHJ{5~V+Osbp
z#9nB3XLs4_L_u5rb6fae+Pk<f1{5s*rOu?^bH1U6FyrF~=Re#(1UxNf!$Rq8akOZg
zS($SX69+v)=V?LbA}dpBgQ$-qGQ^T$VYLwQBN%_5BO-v+og9o(WiIn#FGZ3LjvE__
zLU0MXkWgM3-F|(iq$1gZlj;C5e@eoY@JF0)AZo7M-X!H<Vyu>->X1d?2F?s`jrrsA
zyAQgVJ_)^Z3wc2OE9lobm0!Fa{u$lp?cnZAe3ZOeQ7jqT5EHA!Mm{PkrZ;%c^rd@d
z$;&I0X^39pSba%};=pGY1g8NFV@Zd6a-qZV?MklcTa~S7f*OKyR-U@7A4}x=g+l9W
zVfG{hU6q`=4ruH|EX|D?&hypds4~edJR{*e1fX|K0K&$84|H04T6Y*r3(xoo_wptM
z)@%89me2tJf11i>-r{gSF^@Smfp@7Sa=FDIE@g~{`~2L~l^BB?v{@k!O82U@oO)$n
zo4oHrGzpyFU(|MnHt)*<F~Jj23^M#F&M}(K`~8NxdQ*^Z3TOjQY36ukiWE!5p05g;
zV8$_o;b@u-d)Q>32VE};9~}YojlP#*pM3$LCU<%OiU=dF!S3GOegeiFn6fxpJdp#O
zJZB%c9*jBjc1N<IN95oX{yiKW8LsZ8mt{c@04!_^bS+L@XJ0T7>k#=YfG{H-KVaT=
zTfKhGDWP)|ns1wsxE=SncUwbZW`l<<m$(v6v-GQpE9Sib(v4`jp;2@Dk1zLUpPP(V
zDMhRQT3<XY`%=-XIb!&;#5QT6m;D<VyI4p1IepZ*?U~^2D;>J`MxD2AAK$(Spx$|J
zX%hTG;B(MT#^vK*dc1Vqt>RQ(jt!~a0^Ji@W+c5=XU`(vnLjSYzia$Wg_Zhv@k(vQ
zS}+nSuji`z=)ATaWZG?_E%?gxrv$+cn7|q}0-EP(d*?YtV@EUdDqyR6@>2-=aMww6
z5;l&lO|y{obfov=76Lz+Xr}riIy4}BWp3_7Cu=WW8~!ar+Uoc;wYwn=FXPONq0MKg
z#skJwrH9x(w=1MdF)v5Bniu+=z+5<9`&v{jmaG)OUr*=r3yaU#MT}2Tdl-9F{B-Be
z3<|DJRwS=^RsS0A*EY2$`=^$bdSuWwM+ci6IhFa*1?pwJTMB6n7(Va5O*TDSUv&*Q
z5mm9B;GKJ9&#ewMC4La2CU~KoI8n;Yj`#J_m5f-OzVcTLIm>ST%<9p6qH}^JnpAk(
zCs~9z?ebYpt|A5y3`9?bR@9?qmR7*Ia$Iq7{jzZ6rE&;ws^?>3k6(-AwqK$15jE$L
zC5B4-@P5hZeL4G4s|?md=%{1ux3lRf?H>Nh*lMbIaR_`=h$(u_j4!y+v4G(}HC*C&
z^pmt?m+BctfRQ3>kvg59sdTO?gasWOHDx(TT90Wz%gFl{VdOq$)Q8gXGHoEpN3T<N
zfM@zaceQLA%(7$Ee0Wyis3SR9-Nx(XJT$zZRXU&|&o-91-a%73am;?0N)c&oPfhd&
zNI^R!A7~geVyH?U>dDRb42N4JPL%tLONW=p&hBd%<rVhCdJhjg)I2OVZOTcSI8Gk;
zl6i_argJ2jXi`+)P=h&I@{|6025yD1#ybKH4;50{_c8M?j65s2I-BYqqc<f3TeZ)^
zhO47%zCJBwc&i`18#0J`r?UBEr&<(v|E-y=?npO|_^ahi@A|!_apCW0eXc>TFywb{
z7DU=Z3-U0v>G#w43QqDKT$chk+FUVmOLmmI+G%aiC9Llrw-j32pFtdpan)(nde2X1
z`C~MrweS)x(~itAM=ndW`p|$lC4oWaxc$ulCzYX7&7l&2{M?wq3-S?=FSCAP65Y;s
ziVVyCZ9h2HirN}aPM7^+Y5ylz<OPC&HJF+J&rIoUgin}#DKZ44uDP=@7$;LBmIy~7
zB2zlD)(%#K`D8Y?7W;M=wFHewmMBBqeJL~s;;guT+4$kpn*<13F?%WhUX>ziv(=?j
z1DE^Hv%ql>6H2L<EFIyH7RwVS6f;SAh?O+MkF8zOVo!9FNnqdI0TX%=+BSLTLD)0y
zc2|<JcMT7{@Kp<VU}Z6{n#hG(7P`F`zx%bB^tqt=w}H8JE>lg{?~jwei!Fi%m3JHD
zWmnGBhFW3%X56`jPCpJ<KL-at9n7O8X*3qNW8AUOv%yA4kc$Gfy33shg%1PUBI0~z
zLT)c5*y^6X(_s<{7=LR%mQpa>H(Z;EQeW4KJnyXi@SRDu`{_YYara0%4TtNb@b}Xt
z0)Ylgfq~JPWC<aaRuDm_<DbV5k4b&E2ghy4nYF_LS}siqAFcC@nbzW$GtHu!2g-Aq
z7#uik9TS>b2fwn%Ta#U$E5Af+x;lvNJNy#uN7T+@oX$<rST9>7Gk)6azsNsWMf;WY
z*%TrE@X*=tzHxSfm?vaAsc5EX`u1e&GmYoQ4WgWRN0v|yy2sVnGAyAWp&7dq3ZQ-%
z&|AeGSQmzM3k5^1O*U#4f)dP9``!oOu*5PUmogCN2fKX|0)2j<orCh(>SW#2iB^hP
z^9UD6c}$96b7l&yOeKZ39#$!7Cf2f{(eK0I$|0tBE4eu$e%jPE{t(5~CQbfPDV`A5
zWk5joUUL3o*PLrF(T@7pmQk9Jn}?g5dx!S{77w~;gyvOEaxb53JFh!)gI@FnUiobK
zyN6x|*IL4AXs;)OM2^l5eBbUwJ*;g$`#$&WN?BlrEb!Ivr;8zVp+gK6$RjUH)vApw
zOo~>8j?#ih(K0Pal*{c+kfVU_a)Whoc``A_xyyN0oaw`os9~(YMnCsv&P=lp<3TSn
zFdkK|bz?;C87AlsOirxmdFZn@QJ8njeH*DBCaK^pmUbLgI<R)$GE~%quv2MSK*dkf
z$vp^0E8<1HmfiXx`1U}0+wjwN(X(x{5_)nv{xlTY5$W^9r$@K%J{QbYl!`$EQj%oP
z%vu$3d2$70Yq<QL5Qr6+^aZBEHJ;niwS4qfzo=VUKcMG2!pj4ZbH@Xfk+EbOu;kvx
zp4mXmcyCQG573X|q+ObA6hsjcz@Nq`VvRi1i_O@#>8^tVX7u+@1Af2@1g_9ygNxv4
zz`sa0)MWa{Nh+S%VzFbgY%(yE#>ea!(&6O;0F9}JNmRAyxXRsv*qT%GDAcN*)F$i6
z>|*nHYf3Hxq2)qR=9VrvnlG!SoI8ME96Zut7Nu;+4qg-^$ucDwc^j6chk44nWoljm
z)*)j|O`}G7DP8ma6#C|=F_v><ZC?GkLNmBpswB@lS3zXz!b8dNrPS+2)>^h5Qv;jD
zsZKA~i?=QnwIsx0Se+jfYAkIcVyD|#9IIJ!jWi*#L%e_?9@`edSuz=G4(K>1PAmu#
z_`2n|<bGbh`fq&2z(TD6wBz8*;E1_X9tu>gPhq>Wm`!my)nbCj6IyysUlGyuZJmKa
zoCq+L<4uj2sJw4D%C64~TtsMF-${5gMb;pU0>hoc&=-KJu1s_LxW`jY1V&9fM|_Mg
zW*_{v&k=#)kM9nLThvLgLL3iXW2+8wKBzt&^bZ+&Kc|@zdC<>uf3wx}^WmM<Bfe*W
z6^y>LM(>RT>cZp?qLRD#W>~Z?+JeAF<d-wG_SA+K5%{MMbC&CYhV{08)t3`uFZRuz
ztOU(Jgs`un6(`Wi?oK^nh?eWNy{8(n-u9&O`&}KxoX^|ShauDwBPt`Iv8r;?I}=)F
zrt6nra%q><eb6qx_HE{~9L3jddqGD@O4jh|1q08}->S7Ao{IPCMSQ3~_qp}9-F-wX
zu&ZB<vv}8N{1&HRfBoFZSI5k&&LQw<%j#Izu`%U!UypuDEF{m3(-VzdAoJ4smA*17
zp}}e*PPB1$IuA~FZ8(8gsowAFizd8hedV?oS$e^>CtF=vt_P{?5$Jk?=MEPMyC2PT
z;!bMnK67F!i4b381eH$nt5Qp_;IfK81sNQ!ojeP;=sr))n`UkdlDdC-g(cx?T2JQ5
z^PBq9&kuEX7hhzU&w|eGaw%Zw+GcD!h(ofpiHRSIF=i|)eb){8J*)>Z*LQ*KKVG!@
zf3#-_<6$^>yXApqLNy$Aor$n@n8^dNwYt81$SR1D@G!zs0x5N+^gTw8w4O6OV(i73
zM{s@SS=kxoFo0?HE(+rNSruk&elv=RSaY#q%rr{P`AA=zAzKYG=vkPo+e|#<Js&EZ
zX3^4hyimy-?ik0b^1HLAA9-SdeWlcGM~$)_wG(MhZY-nQnmbdAX$ufhpXv!$NWR5N
zYPbA26zEeH?d9eJXZ@Bq%U0ZP9WTliZsY$~+=VGYTxcLBVs7tMM(<UphDkaX<|5X6
z_t%G)+b^2Fk7a2x9A=+!k#&7F@!V(p0=-<l-%p-gx<JcjN*1D|m5XJ>p%3@jJ%Xja
zY6zIcOnzZQ(-57v;Ma4!uQX9Lr8WA|In8#CzoK@*LB{EP(=Bd{e@^w;she=rN<szJ
z?GU$m;L`W*I!DJjNl=NoyJgC1uCPY4v-2B<L3Ggy*LWs5_PNN_%9wg|MSkwwG^TTo
z3F}4k;l=Y?D_>{U!B9RG;vcaV+dk9BzHgWHQMRsW42Ug1P%!odvPLN$sTIiE;>)vK
zVPH>lMBR&GT6E^TTeo%Iq>jd^sY}8Ie{8}@)C+y<oX9KU`_nvU1GL&NmMW0p@tqp{
z0qJs6D#iRzJ^1Z<rBaJ+isUn2KDkzrVV%hENxk{}8R2Wg4NO@yYNZMmW4ZbHD%!<g
z1%U$I8O6s!Shh`Ydo71SOtu(V?;nC;v$Cny8bsz%1`~L#KlN}RjiDh~X1%|%qmQ1<
ze_y{>zIW~4y8DaCuDM8JREO~)D8J#|L2e-hWB(E!ViGrBuWiuZ<<?cbyW8e@mYDvJ
zPyB>vsH(PXQ)w^Pf8G;bFLRmA9)DdJS*<VW_xc<uIrwowFu1Ses?_tWJ}UW%XNrRT
zu(M@1V>7OWkJ9<r%*^EYaamTYu&kHu6a-a~bkH2<qjq>G2|r}aSlwh4aC&tuhZVI)
zv)`xl)n#Xr4|Y1rZrH-#??D*z!||7?HX+Jl%-}7r$w<V(l2ZWSe*e(G{b2B8c+}kw
zT7tlpzWSDlG{M3&S9$Zy%Rmlp8rzkg?KjqWh7KP2Dl{mEg`EYM6p>VN_DAEkWIEdU
zuQKT0MSH7x9DT%FK)&zEhem(+H9~EYYTKOl0$d{;+cv3k8U@-+_P`-)r3Ro;7@&(k
zr|!ZmM~HkceZjCtIVBp@LGZKeUU3qYm4}FqVw8tbS2BjBRx^yd`=B8>=Q?r5wP8Cl
zXi{rDE@0`MYGwJjELmyHh_uRY3FP+|!JKvXHn15Pk!9R&+i&K*I-c#LjH@R8@S>(d
zNX&TYWYF)6XutE1JAhbZyj4Q{3Nju|dO(vEp(^Az-@Y|-;O{i`-q7z2>xHoe(wo}(
zZ=SM6j4yde(CI;Bv@KJPEq4Kk>7NP|3TxY#nzVr|ab)ym^!>l5wLuHpona}n?@ckT
z`8d#ACYu9h=q#|t|588sa!U0SaQUlIp{iUDdH&v3f8iH&;&*N(-rKeFYz{S*hk;Cz
z9ObbI-MUt_*>cY5%%$i4=xL?(QbIdf;hH8(!emj5Kt@uIft-?&wY=P-sv+(gaXogi
z-S_KpC4aef?8D#?zyM}7JP_R<g;m!)QuxTh&zovco&k}GdHMno+T7shMK@+u7e6K#
z%b;+*#xYkf`mkNZ68HdRo__I3wDQM&unrk!vrH^uSd$D60>QoFr0yrM*N|(L(A(#Y
zpvV<mx5@l$#iJ>Sh8hbXi|&E<WC!EYLHTp;jPg2?U-W(dj3VK5eQ{psW+8z|4;h!?
zMLc}po;esxyBO1b^Ht6ow?&n2Uw-Oh>SldrZ1-YXfOe_{eleA{UL+VqU#mmLgU%DY
z+Z60;KNdPnY>5RX!eU8&Fkl;{$10`gh3w6NwliIw&Wc);)9y?w%wH=gzgYkMm4?i2
zCRo9<^6}O!KqgePw77JHENr4L=->jN@e^bH6!S$ntSOujjRd)5GTV3m!;tIzgkJ>v
z{G&kKL})|KmI94S+8cuF-8eXYHGMpcM`bJF&h|p(+V5!Z(fN8Y;t|IRJVgSP2v8;|
zmZ+KXrv00N3YbkhDmr9cc)2X^xUAJ53hmlLr&tmwX8Q;nHw=M>Sfdh}N8~mSzbsLh
z1X-DEnRm5P84Gp2#KoL+vc{Rn=AmQYv^D2qAk1O1)fp8fdx_1*xRq_6>Kc=sh(Z}Q
zMyqVFucsg!Kh+f~^lk@~ZS}!X7(mya%xPiMk5gP1!NWe{92$?I;_NLMdBlxt^_+U!
zWZm_=AIr!ycbjdr!`4Afs6cl)cU!@Bw->#jvpBrn4H6ZX24RgtN8x;#JdQS?&x>M_
zDAR$G;1Lt~5;A*O7S+P9n9CkTo?=;6XOYulGG?czy3{G}N^@O0k%~?<8ODYtNym~d
z!%}LmW1Y#O<!P@=Oln=ZW``D~7e#_TDO^>Rftm_uR3ya-?+n^60hl#a&UA_5-X|jb
z5K*hIApF*#74fs1(8BQQ?q0*PkQK|Peb0jm>)uLk*qT2oo@ei}$qgJd<a@Ww_&k%A
z9t8SvAhyK%y|=F`+MJ4&j13}^3-#uDra67**{xAbmmJ^I7r&!S`Wc7R*OGz`@Y7d~
zh1<-D^zi2)z)M1L@4UaSpBwq#qpmNnUOuyWksC7F+I<|9Z1Bo!t=?9<mVxKX2Jepz
z5>zsk^YIbVi}uUaNgaK(J=i?~pq2!l@Tqm*%imd!Ef(M7?#=YoSRcdsZno+%$@`+3
zi$0gH&^^^g+2`N7RBE^TKyJ0r5eC0)n^<MTjnC;_qXoZnkNTbpQw<tIpL>^?MH7sw
zH((sFtl?l1->RqN$h1E>+L;Y^p4?x-bq)ReyFOm5_ojDqysph=Dk`6M!G>vk@OKJc
zFOy`^OrWKW!Is=wprDTne4OS=vrfXeCwRK^-?)DZOzO`~!@U>vp2e6RVYM|>N>zqf
z6DrWNfrdWg?!WEdx|;g+!S71)WWv9O1K}DR!c7p)*+*SPr}1+_6wd{R)y>VWR>Qnx
z*)LqGKy0pq9b?Ms5i;%8n-+!$SPE})dQ!Ve68nVK@wy5;W{ME?5U0X=D|&!Wbb2mL
zcH9OJ;FOVOl6vvA%QgqUG8xBs>v~{pI-o4C`+6v~VBor7Ll~PjmW&%FLP8R=7)zR`
z6u<BWbzl%j3&)%XT@qZD7dIFcqdFjmkL5|K@smP&A-k)fdnk8|uFjU=#-~L2_z(-K
zuJUSWU<Er+1a*oqYi>V->v<q4`bxflgFmG(=oxN|b?VLnmd4R}w{dB}(qIv=tcn7M
zduaDaQH=E{Lig3k@`Va~FfY|h>D7LmD?1(=4M&elc`msyueX<*)4ctvwr#`!Gpd}o
zrf+*5Zo0f>W+IS6<T|0R5NjSf?`2*RE?bHsj8=0#RzR)ZBBWy_WE)hGN0d|qn8D;X
zxLY4!y9T_?pP5OxeUf)PpV4pG#y7wFa;M(N`g-um=cR~P#ICkD6~)$+3cLB-@e7Qc
z7FQCb+Qp>M)cS+=DzPJ9TdQuI!1JY<n2Sm?{I@~PW9Z^2!HqFva2*2TP3*m*%v<!a
z-1o%HQ&8}u+v^Kof$04k{b1541kPo*pi+g8r=$Pdic7hUNL_@QX-F2{cS;r5WA)f%
z5p8KQ`l*A@1)!{y?3(teqU!C74}ge-SL8e%k}nb})9PNYy<tm}gU4xcV!E17KJM9C
z*y5wuwS1@1cP!9+S65TuyVCI>)_DTKr7n!|!Oz-!hT;1dgr*Qqh-yBdD^ob5?)r3*
z<+oPAp8QyiiCG;-H*VF7vG5a5J#WMB*xxBSl4~?6|8j-;8d0b&y88R<^;5^2)1p%P
za8zPVO;`=`&(XaP`%}aBG(IwEhsCgJSTf;V^n9ntjtG;wOSo7p_Lu&Fn|t@O?Iml2
za#98q%aKZh8VXes+Nec3Yx5>DSwl39u>LH8V{Iexi@n{cLaS(uMzA<rOiVm%6nQs`
ziT0E{%{%6G6z1MPPU}{|jc6Ie^@U+vvasf@J9SEgJZ8?I)au<Ay!bFq4~v(yq{oqC
z%{%B^zZQJHop~+OdwG9s1brf~EQJ{0gir1Mh(Ht&+~nblz@zP0Eg@G!Iqhzvj+?oB
zYh|x4X5!!n<)J@Y@!gAb!xjk1qZsKJ-}E8I8q9*bkG|VY6{_bSZ7pouqudgbgp<f(
zdJOH*5SL_Xi<6mqhYs}2rKt;5k@s^vxCv*IiyW;?+hQ~$f0#eH7a25>lMpLZm%=EY
zkoWsSeSyRG`4-=#EncL9#Z%BC@Ct8Uh8No?TBG+2S>$%6@v-AanTU&oKa1dQ7~c4a
zI2rBrz0eI99p!g?rfEM%2n+ctD9DES^}6WI&x@0T+Ld0WQ|WaQ^=cJs8_Q<kpyY#>
zx%Csm*T+Vb1D9aR36GRQJbGEx(QT~%1TnYN{{Xp(>g;>+3Q~!QO^2XgG`y+r`%CQc
zA}NV`;6V}a$fFxm9_lQbsLwc2jOr}8PeWuY!><Csy!yO<WQX?Up{?wo(6*uHy61y>
zbrp-Oj4Tm*ym^z(?u;3~5Bn{q7dplOEeuAF4UxoKI1`SmM7XCAj{EhZpDn`SJS-M;
zp3j~^@ElFHLmq!U(zvbN@xW>g2EYd;s=uc^eD=FgFU{3!V_@a5XQe@%yI(K>!8xo&
z+??KDLaT+pJ^fe_7~?Sg;BGxEXtxBc(_q9+G4O+=m&o8^&?peXH8CQ!t=~qK>li68
z(~VJv<B+5{bwv1%gMr`FEDab+O2L3t8rhUx2z{(x7cU5cvRWI>KEek4At=W(zdCB=
zlH5I4W~}<LJ8H^FR#sa`@4)0R)pfdC%bacXoL!Aw-w^7pSZ1D~`pG|XfIzi-V@le8
z*(HLJ1Gq^>!erv^mCnr)rn-Zt=@idKz^%6-2y`k*Q5X(4uE&eThG@{?a_Up4lI9T;
zBsb=`mmB4wB|{^kAnYl|YD_#vs={CtZ%Aq7;IhNlXkNV9-JE!<XOB9?WxsEAbZ5vj
z^^{3jQU#@LkUklpB$T*hA2Vl}5>l;HbQ<kzt#}=?tz;_<GhYfiW-8l6q$^stI=dv0
zu&;fzM@wH#t!$IC&68PeR&2pyv#qKm9!*^{m>*$`O*P0<X_RrcPo+=QBuoA1T!oXJ
zXFji`(&EUgSy{%Pn(N4<%&Ll;Svi&CT=`Le*ij(|voubn(#kTWNz=Y+lqJ=`)`t9<
z3;lfjoMrqdpEj#rLL9|Ni@{e5>%}}qKIaAJY?zWmF8x$OE;a-+W>kxm1oBbAxl)zM
z!BShXq7nzjJ*?^wOV5<vt_qvWWkLP`!dRP~(>3k+9a<|Lw5-c9D;c@R`HTs$8Hv|w
zV;0#{Eal+#L@HV`VL6cktXeLTyx2flC6!8@%H~M^uPPbkrK8%m<>e7_4%xC=_JSOS
zELC&i01_!B%QUoBWm^ilT<07dxtu1=ND|EKI8B~rReNK(30ht({u-c8LZ&r~6wgOh
z(#k1b3z(xeVS*C!T_-C+T|O1(RYQuA)CtAvP*qLaIno3s4m3(7iiwPHLXAa(JXUu0
z!E~)+4&M0MSWA@}ifs1u3I?gBun}GesfsKUOj8mvsg=je+G-O?YF(A7(!xjHoD-$V
z&02TkGj)40`xlU$yvCgZAn|1Y^9dO<{7ZIo=f>W`TIJ0(-Zh@7`8knCixpvFw-?UV
z-Qtyv(7X1{CG<Oi>Ij5OzTtjUhRR!FCcf#%XMHCdiS1e_Zao6wt1PdY64A<~!n6Ck
zCd*W9FupI3`hF4Zbj1=<`LN67wzPGqr{z||utK%6@WcO?a54YpfMh#-tIXppVzj&<
zUr1jdyfp@Dmi;bhe05QfQtRg=Am1DxWj)1y8nofygt>FuTT>wS=-4Q?lOfq-G41{_
zZQCGvHD{Yv%(LFOI00xi+jrgUcaO@~G0F7;Z)<=>#^@{iNK0Ty<0%YLSz#yG;QNHV
zu~~LdHBF=3w)!$<vAc6h7I1#tR`CtZ^};eelu*YiDsA+l^G?(8r)#+VIXrk})B;tz
z6wP5vd{;q86ICJ4{H>VO+K5UwK`IUMiqGaV!@&s+J`VvU-}#r@wlnQ*5kH4}hMI-;
z)@rYXBn$XwS8a!>9`bcob7Ar*E|U*FGg+C=^1)9HpIZ1J1_10)qjBl(!yiwl4Gz_<
z1jVb9=Q@J|r2)Hq8sb0fZ&%CCrz%41Ow&J54e*}zB$LU>C4L#6`dMcj9y;UYovFYe
zOgHeIK^=ryEwIyjOxhGJ?O?9;pp>6*A)#Bhag*o9#Ub3jq7vp(Wujm**lV4zIZ2f7
zv#vg#R(x%L)0fd^tf*0<;k{z}rkt#Aq;6|rlYur}_>*=wYe|3E#*D)kg|xBi<55Ci
zk5L*r`99<+klNyjB(d^Vudw`CIXw{IEv*X-6#Q$+^W-2{mS3#!K1C&a==rJY55fnI
zfqZ&l#m*ctRY&xf+C(Os8<SI1u0K0{$pHLZ9|=u+4ILZ3RonSt92;4s<5ZTMDzBr+
zmu6pqK<fn?e47icKCqf)f73a0qjo_%H2ULVdmIzPR*h!GVJt8<^le$;PU7vs0wE6W
zP>~07Ka){4hU0!s&^wmmQ{A^rwFt`e*QSQ^Vw4T`p44?DQ!jWlSKnO?=b)%yvd}b!
zwyPOYyxZ6Aqeu|F^SI%6y=qRq;s5q2Ln&jIT47|!`gwF)xMz#^GQyAG?funm1o+rb
z@#L<j#E-e_Ml+mdBaG9kcaaMvBgzz>L?GizY7hdI@8z=W9nb~Q#&>z=c?r-Bj?p9=
zh#O1)M8uJeP8t6UBp5R#;0T^Q?x2!BMfz3+hVPP_`pcdqd=OH{eG=NWf08-3%4Xau
z4T|~#H|kvaDZB7#(@i8Oc+J1oE#%g)Y$RL?U9QplT>(R7r9p*NxLqWMUBP6_oc%ti
z7XVKE{+i|V%GYJ<S~qVdIsh6j8Ng*9{~>+FxpoPIG5_wco!RxGcTYACX()Tlu^Q5C
zeev*xdFho7t`~l9JIRt8ih=}jWi<9?$Sq8+sk!8>Km({lCwXi6uAKvgTbFo|^wzVX
z(Jj>xD_KsBuDX&r@V*u(iqvY~&?XaB?c83mM~NhA=oJ9<imnX<g*yqH)l^$mi*IMf
zeT_v1li}IH3;86FPg~JhI);zp80ODqH?xY7<J2Ee%O0Ca{Zw$6c2!t*5kW<@;^{yB
zEJ?<9rJ)2A*o-oqDtC$R_r?a4BiEz|FL^x<#BbZTWZ+2&KQ8On`!%Ng8NJv|l-ob`
zd`H#{S2|B@M&=6{R!^;$Q&0P+fT$Iu_u!1&-=*qMi~@TW<DF<9@D@Was=YcRef4kg
zZ<b9KgW^sKH)b^XG{>m5O73McN7w8=ZNAz>9)2o#*X$;}4Jc=ywbf0rP2KE#f%2^(
zfx2C&Yu~7xx%>zlg}MC{*teF?Pew{x<HplM05O!gxW)rYzs{JW%W4VA;}vdMI}>ql
zrU(`@kPleOHJS@?!o1C@?_W*Vd#8N!-^MNDv3+-T!x_ii54Pu_I4xx-`1~Pk+XYgE
zO9R5+#uC57!~G01@gel(8$7x^6Az>wHvA!kCd@EbW8<s>ABKVgpZCbegrhYj6-5C`
zts3MWv@m+0KbADuKlu!H9ry$+Lw~L;8S`kjebV8p9t&8><xAuTQ1>m(48QOj`e3f0
zCLXd(S+z<Kzu^ZP#iq<vU+{b(;YTyUi9^W#1~Fyga30-_kshf`_XG>7jgZgoy_B5&
z6h+dH-N+KYrCh4L*l8N$xDFcn<k9%{R0n<f_NfQGpl_2D^-{b9H>?|cTIqT-iIq}J
z!cQ5P)VpiXmq9w>cL9(}6JA5*V9G!hEA3Ey6}JWC5f#er@^gwvu3H*i&(rt;Bn&AD
zvZ)?0e<)~i#-kDibk88)MSg<=PMM1h#*EyE_+}mM!fdTghv?m_p@%+g-7cMb_{12J
zH*4?qGDjT>yj~kX-5HIX670dR#2UlK=ou6qZ}xzHX$zR+q+ARqvcT^{v>EXoOCiA1
z#tNF})tgQpYahnmYUz5p(7r+|hHRZG4^&ocfsW-_H#xmn0tPyESe!2!^;Wklw{9O!
z>C8zI&0H$?El^^Q&%{!5Plt3Re^A8Q%|{+Km45erW%r@000%Q5sYgt5L5I>dGI1fi
zU#z#UmCoY+ZLW1hA>$n1MKQep<K|O)KHrM*`OVhK%BuDjMTDrKWtlDI5;uroRy6tK
z0s|H(_KICZaAP*uq=J4u&r*yX->0{I9N|T8gTi>AqsHKZO=;M*C}7ev)D~^h!Hse@
zyQVwDKM)EIb<wcWL6st~m(bnYrKoliKZje%+N_p9wuk{_F5~y_CW$YpKP`BK4`<w&
z87++w;WKp!bphnvxrll+frQY5F)>Rt)S?Z!loYe@M^S*l$>p@#{?sXL$q+JDEQfn-
z$KgX*l~w+$MJk1+Y<BO{?SO!H$#eZ46IL{XKJs>Nmh=P(7>+O9A9exY6}hv0{*=)p
zr;QT>t4fY@&yzs@>FJ&Z>{b3}ohR@7qkOwYA#f@4P5^|JnG@T~Ji{ET#e};kV0QB+
zd*h%W&heK{uM{JOcvRPk6X+{eHCdDwfu$U;b{FRLwp*>YQS}XJ7$^uZmy@6P@nr`B
z%>?;Q`aA3B>Prt+WmJAX$+p7PfjJgr+{XSAb<kat?!dkuE+)+=?P@o!jf><?9d=V7
zIOT~$Dv_{JwZl6%2Mvp)N?U)EoJ!u@+XeT_);EM;tB-H0u+0n3J7`1vmA^23)P4Oa
zxi5=mH8@Jzj)<hQT%M&sy3zOLCbb2Q6!5hUUNqHSxwKd81ly4fBAw1XPmC{gsGqoH
zrdtx=TFrP_;oCwKx|Qqg7o@vVzS&%wRI8XIqXv}Qo9$WHKtQ^isY|>#ZA^uKZ}qpy
z<1Rcu-hIb9d(e)0hi$5{og~2{b8Qj3`)PI4f1C8ti5j|jekip0LbZLV{qG8w_PS5^
z9?)dK9{@tZ|D^Pa|0I77NCps!Od&|lKL`^4-vB{ooBM%KWCB2XJV1uX`Lh9l(0?&N
z#h;W9$-|jI9+Hs)|1hyMK)hc7a1b|=224+`V1*`E{3$cU4M4WU_a7<$zqtP*NC8MT
z5|WX{fGY5QFaX5I{ioSv9Aw~te^|%^7yto6|IHwEVugaZk-bFr2utH%;{SC71K>y+
zvPAM9b&!CR1^_}+p#Z>t>j0&>L8_2yUC077RRzg~B(o|4{&WPX9I`bCQnCLD$S(Zb
z2_O^>07^msC+}YzX_I8+=MV7DBCP|42q1xv51akZ2Wzq)$zWAvZ^VJahq(FpARs<o
zY2?P8`h^dfO9m=wDFUI$GDsQl<Yf4N+F$rX`eWrk00yukOF{mzJP`U11qe+}RmwnS
z{-fw0;y>_TJ^#%itqc7Z1N<2~Fc8W=4+S7?z>ZvP$C=^>r2fMOL;lzYsr~<u2F4jo
z2LO>H@}F+}4;HdR{{m7F68X<4|LH8U(0`gl<{+%9{BR`YzcyusB1-`OIUr4rlmP}~
zY5aGjkgWeFur~ss$YJ=mRX7|D_+uTQN<VUR|7i7p;7=C-0BrVVIK2NK6pqcFifro-
z{4+=YAV9@G!-15kh*bMunLy|t#{UMOGW#DwDim20XEFmhW&St+pBz#<C<HlQ|LjQk
zBMsS20i^ThKjunC&M7#ulgRBK_{YY7GC=4*1^ykY{}5Oe|J43h10?c)#u2G#G7h{S
zX#gY{3CJm#3`qw6u``l_oCwH#Diqo5KXrjnz#l-$0t2B)1P=c*bN@GBY5pzZ(xm@L
zqNzXgCdkVu;6douy2y#&sM*YP_vYs{8bfGE6v|LPUBe3(qd5PG%19Jdr8fnpMAFT+
zwRk{2(tKhUajfb{lkC5=`@}ac=oE@^K$);5b$3FG@eH(Zv7^tv*GWz|JWhn^?{Msp
zcM3=M-)K~Ug!tnQWc$B#=u<kN8+c<<Wv$w@ok{h};X4J3p!zCqxe!UE8(MoR9d2&f
zu%ytJLuk_d>LMpcor6{Aey~73ZpH9zOaBDy3(eL*M&CYaL^wxx*-{qT1X>&(XQNR6
z3#{pkg$}|lG<@zyD?2<wjiMkax*4p#W0cnl^d+x=xz}n^W!6V8MAll60UIm%Dpbo0
z=cq3!c+5$3Y5;?xRp*#dS6imoB&$CpUO+>C8u3d+^uMH<k(Vb9w)Flih5eb`v+9<4
zKjh)A?wvI3_+*3(&xfK}@GTIxXT6!ii&-wHG`(qSkUVW`LC3SeKLGCnCjeBo@hco7
z(v?<{{y9Ql;G`hb_?xKbqM|)Ps1)VZWAs@F3%{?FSLm~+gQ-vPE>8nvA?kJmZ!2=C
zNu6x=!h}@K@&|e+pymR^oyS8e7!i(nAB47AcEo^lc-6&O&yR<sYkg5)KLCc|<jqqY
z%Cg>gNG~E+0|P7a<IN}r?PnytgZ(L2#0eVnvd^fsb%eM1`4M3^{v-jz{L)CzyPv`Z
z(E5lv)DGZ#oHq^hz~;S&M|}d%u{R}LLh1m|6=lWOj6;k)+sdd@qM~$PI;PIzP{PG_
zs?g=EQKNSPk32-S@MAohd&k|kL6SzI1f|pE9B9r4-5A651={{?ef%UE3(<jGd=|VG
z>L7i8F;SBKU^)ox9nezh*Iv#~yn}b+J!EMF`5)?`f@|B(pb^4!3+YUtyGpjZTlUbJ
zB}U;JmYBIWgEMJaUG{ddUooYaRhl*d1I`J%u|P*hgwY*VRGal&*0CMU)9G5^vuttm
z2avo58d&W1qVhb*`#x0Res5JQ+)1z4p9ACT@4%$|Zoh^w_;O-+9GD0LVO4Q9$+L)I
zN_|P^@-tE(XPbpDQNsJC+vI8+_0qjgT}YiIEJ+0AKJ+U=XDdy~c^$D3KU+yupq&_n
z2^l3^n;U&Jx%)hvn!+_7frn6=^T-xC|G0Gl9!>->EasVSTYfmXvh!ExJkX*N-+NP?
z$5|s3<ZaL7#vSPUp&kO*-`FZLUD%2|c0NcMW<}IA_oCZav$wb;8B(8pWmxXS)A>~y
z+lz?q7IW)NHP7FR!gN4;iFXMH4bGRBs-xoWDy262Y^u>A9oe8+$ycx{C1y<)vw<sF
zJS5)D_Wc|^0jh`w%G0IGwN9C%e$lt-?YeG@apmed$)!XMItV{o2Po0upr$;}MJJX7
zFy7^SKQIkbqOr7`D+k8l1X^ItNGYNaLBS2&GpZIcH?M8Fu5ck{#h>Zgqk72HRK#WC
z%*~uYt!`P~Cv^^c1vy(3O-C1BeBOVnhJC(6?tRs;E?rr(>Z+Q*ko(_%c34%-<9r3{
zU^UxDHLOXO<b88B+ut@iy1$XkC0!C9w$cXVdFi&gwBZ(66G;hrLgFNvdPv3tTWK9~
zL+1B%N!*e0=c{4O$OI|kOqV1;SJrg$A0e(tno?EGucd!#>FVg7SHpUBHT4~<YMzk7
z|AuSmDW)&GHs*>9*e(d|V3H7{{QV0vL>hp7kKoPLok;?qKmqFA&7-`xH!HcfogwJC
zv$z*dt5{A_tyBO&LsF0|nu1sqOL0saY(Xjpi<K=FqCi4Nj8&xxB_;}Yan99SZUnG}
z5LXu`=Y$la$13EaRj#>kPK{=u*t^(h5|_C^k&!u+80(bSIC7|w9*<aM4IOkow!;*S
zMq8VSY?Q%Tmh<gj!M$IL0RW91017Qz2w2zHf-U)@Mh2P|q(aw;fCab7nL@C|F`ms<
zfbPJK7$ybQ4hmfxZ2ho+5!#0QuH3;X1xZPV+XV!i6WfAzPFxwM_uK6R`IG!x%*8e@
zi60#1cTWM2PdiGK<&S{^^{uZq*1IbrT;2DNJ375~$MEun&)q${)}uVp8Z=;6{~uLv
z85Bnswe1e>?(XjH1b2tQA-E6jk{5R;1Shz=!vMkEeHaFJ7$6WJgyeY--&b``)!AL$
z{iApFkM6GCd#`n``>Oe4z@P`b@HAiYD?&|ZY@tQ3Mw0yX8_l9gs(*t9=8WatLeaKc
zvtz}RBq~EJt{aK61AG;^;tUpdp&CeTHEr#O8FyPlp#*w)O<h~xHFEZ4sWTMf^pZhh
z`xnd&Nt`virRWtvtnb#4r!FApaC`8sMzw3R0IXl}@EcC6u-=L&hkQJy+4fdzlctmL
zdcYVbGz%w^PRW|!sf@=_uff>9rdk;nodft3iKr)+&7nlem=|}5Af;_RoY9O!gYdd8
z3}79vP=E0<X9*Jyy_!(d#cQlAMcO3R!?}~ZmO!nSdxeZ2)^kx?oDf$46`L_ks&z&_
z^foJ0@NJ8}5X0L8yl(mMXrl<h8+9%@ebwo~|2wWq9bm4w8enE>80jm!6;aUxS?H0o
zt2y0K6aMez|K9=O?r9QJQ6P&&EytWk9Dt+Ckfo7k^nbbtj}mIsmjPlhYCbl>D!DX6
zAS$v0z_pC|StAPBC@b=#kHOaorBy=aUvfBg4$snMIqJv?8oA^E6#&{zE(hm5hq|#r
zcI&-{#(=tB&Za`LV04{oa)ZI=wQ^;;hT3}$C+;zBVhjBq2z#SSC6$MTU5baj%C3k@
z7m#v8Wvilxo64Mhr@1bz3*<1><xuI?_2E3A(gm_NPfqMI-oj*@Y9_Bp?hzq}I&6{{
zf$U9_7<)uh?2Vg@(|}ZNJe43)=>MMYb%7dHdXk~`psEIqt*O=K<Q|@O^L*0D<kjXh
zb8dIaRS!4LiY9lGE(15wG(!Pkip^$nrE&6x8;?uRhJ_z!Zl}4+Wv@F0I5V}&rCxW|
zJj$R@BgDR-pZa-{gL6`H*4RcR&7D$&q}@2h6gt-5GsTmptXu)LSJrQD__zmW7pTc?
zr^}c<#dL?W$=xGWbZ2*}$=$A*f(MvN-jKNAwrV`#;ckFh14`>wsp~oGo)bw^+1i=f
z*-9~Ot^`q0ne*sZf=Kk++;}P~b~Zp2Tay+9rcLG_Ce#h=n;(ujTTL!iJ6))0jl@6_
z*j5s8-A;1~#s_uPl?SBU<tDmX3<sr{uhunGQZ{fYgH%?V7k!~BtEQwv0(uKEX5ZI8
z)ru_qFYo^z<=w1XUX(p=H~)EZ`!C<O;zFXY`>T_?yP>J^3hq@fViYMpspj-RMX7z$
z{_BsxoKfibW*HwsBr%9$%EN(G#(5+YRdZo;PP6!TPk+3Aa9H>-{6u05vqAufZ(3Kf
zkx;!w`S{ikcvAD0R@^ZBLVce?Kw?JXlxl}RNgDMU{PSt~M+$g&K-AJJ;%K7Um`f%y
z8aJwJ09cQxYf$;Y>N1CekJ#5bCM-z{tGgK5bntw*CJAQvh(ZBBUlSUmzGYKEby=Vr
z;{N(Zk2DL$0i?I9^G-oa{%x=8$l<3FE6hvf<w$!6!+%1TQj?W4FR4EMrlfVp{Cs*j
z1?S+sc_&tC`p;jahJv;;A_2&MhP#9M{AK_Ew5`t(5n&O(f8HEyA1ng^KqKW|%cX3I
zMSyFhA6nb1E>9?>JS(z1@OwZe9bZP$BXO4xpwqzYhi*iItu-x8{IpF#{3cLet>Unu
zp<!%hQY!R$>!PxB$nNLKK}?D3Vrfla@UqZ0pDyQN&}NGx8R<RdB7L`yz><E~Y;R~?
z8}M;Jb#DStM=Dd}8vR>q^h*f>LWcj_eK~WCV{h>jpM<Wz1q6;kYj=W`t?m9Lo~K|t
zvO3d~z*(6W8Ct`DkVBN$yIK3)g*f7fdG9`K;WzL{P@i09*hv0bXzLa*W_pio|E+h%
zhGTHdQ2yKRIL0>|s6fl~SfgL)nTdJx$9ifai8)jLV|Je@4ZJ4HQw_Yk`$ZP_onbl@
zy#GKNE=3-l5u|7RWYp5}4z@@~^p>Dt5zUghI}n;__ZxAJmpoB;giALxWfuxhJ|_$z
z>6#&S=$c|7ZA6`LElah*_H@kVJFQCQ8Tkon$KEyxT=57$EEuaYkQ23`7m{60H?3h^
z80na_BWyZg4$pK6J}>Gp#YE!ez@eratX7obh@Cg?Caih37N3+voo!>7d2N%G22ngj
z^ipW#6k^Y!M>4jk*dN*}aD==kO1rTTR`{|hvxXleAndnqL{vSR8+Pwf$scGZ$yJew
zi!Fzw>h{Z!fus%-Ugr|MNf$yH%8}04*t8vrxe<rZTU%|m6oK?bBwv2jeqdTvQkC0+
znNyJKB#N=)&uqFgg7C?STFMGXCvW#$Wt|{{@Zh_jAC1=Nr0kT-HpyWzq#Lq}O8eq1
zU6lsInFFuD;$c|o+;$aY*?+M%#Yjs^A^9fXZP~eh|23xc&!E~yd6ujkuI%#*4jYJj
z!ABfWz`c{F3+;)4l|rF}>2T=|EhH!3J*$rDw$H-*&s0QZ9;VX5PiyW6uItb+E0_Ks
zxN^EAKqGBhMWZ@I8UmhRowLZDy%oOPKw^m$X%XLiZw)p2=LhJcUkhR~*K$m$flNhn
zA8)!3?vP9Ev53}<qFofBx|8p&JPI6sQRJsis)8KJ%p6Vg<=LmO#$r=O;))5<E)@Q!
zE?uJKz0u=&ceLLccb&M#gjaiUT3?cS@4DYgs!=Uu7l>inQHD7!T{P5t3V;qv$#j;6
z*(pVPWEv8_m+fp3ak2}dOuG*$pmCvY7Y<yx%O?eEQ+7+KcHln4KO_A$`lx3c<ZX}W
zET0m)F1i5XzigqzM;mF?TIb@v)*tmS4U28`^WVExtiZH<R_INTPpbC36&y#U?3|G-
zd=L!=<)A7CB~VY}L9WlAB@-zc*<$ceDe?Hpa+LaKBVF+%9G+N?;fo&n1(ohXwA9<&
zOsEMl3dHe~_y+j=dSf`>2(Sf89b)vjBe`+Pz|Q#M7;)^xYK)BN(d^lb-gob?7j!<4
zq%BlWCNS%Iy{Lc*uGzQQER?adTy}r%TqN}qX>Eooi~@Oihg>m*g|1~rn6W9Plcf4;
zew9;=wYkskwHNx^LNa1x)v-}ibkx$0E^81&R{{kJnh>^yE<YCkq*|ZUUNe%AF|K_V
z{*7%6B0X+r2F@mMCp(qVAeX$s+OZ4UXv*j58~ya;1HRkkI5v@r{FYO<%yWotNwuhh
z``EVj4MR`?9`?RM+d!wfWUe?rN-XO=^BQ~AaXyV*7aG2>CjErGIK4z{-Oq;d(MEC<
z2TqsW`UWi=Ru88d@{ndY@0<fq@`JA+CCO$3wYqOEb3Lic<!wNGRY4<?o-X}OQ0i=R
zp;$kEo1g3Y$Z1wIGPE-C2^&$x3!7<IMrnh9vRS<c3hI*^k5XuZ+DMzIyiS<9Z6;=F
z31-7US1FV!A+;^fH%s03frO9yJH{?BmVJjl10=U}*3?4E{GnPiG?o#i9>0<i@ewho
zS-Q|fd?tNaa#McnMX9*oGQaq^#ey`sPcDMp46VfmCwT$2jiGK7gh;!s_<Bgto`|LW
zYlSjOB9nBwpO!fqut=p?VvZ@-VAZZGxxZ6QB#(E!<7&KQS|_B7P{_bp=U8#k2bYb7
zdZ3%$TgSeTgD2m7gGZ8(#-StIF9A{9=P)`e)~JpIdG08W!N4z;y5q<@UB!%scR_%V
z(LkN>v}vpFA@E$SX-i-6+mSRh7T-t_!+^WF(KwBo^YoFFdN-?m$y+H1mD}``H?E#Q
z@1%*TdILWte&xah`MjH&fc-+ejNK*pLBF_b(XQv%a+SXEn*{X{eIlW9_B1VPDZ<Ch
zH(%Kaqf<OVjy1|E^Xn+FyAuzo+k}E<)z>w|`FsLW8>OYdGYS;%$8_)hQYAKwT?ivX
zpaQwJ?KCaDZ`^9Jjp+ii;5;_fw<C9@blX@##uk#c=C46K)HHT~JUr|{|M^!nzOQAs
z!ZkF0Jbmn2UvqsvPHSIt9XUA1zUKZ<vH|eFI1bML{%8K;=U?}?|CJ3Yx&OYnE_pIp
z*ej-(rhD;Uq!o_m=tEMGl2XkBu*?-e(6T0DwsLy~?881`1Fs7A?fECr9Ux0o-zfg6
zAfEJZMjD^bd1yjT2&rCcxS57O$|{0xhNt9PuD30^&1D>tmELiV?vPz%%zQDn-ksgt
zjaTMwjtuhSVoG|`oS@%cNzSD120FR8Is+mqzkJyVoxA>Syd_>zTS(kJ_oJ6bnwUgH
zU`^bYcMR9w6xeX6x38ttYj-`_9<V@F|H1&_O}9FO&-XW^$~aKPzf!vyY_5xNo79|#
zzO1cV+=TvAzS`W?i<T@hB0)@=I6xH_r8x!$`Z~JbL_k)g`<o{F3~zQ^48Rr&^Z8JX
z-*J{wS_bdUrNhGEs<ftAv^vn5HoDH10_c3b$}7ukLAJ5hMThYy>#GHw!C(K+9#>V_
zb?Sfby<~@M9mRUrZoJBBk5GP6FWq=4TPeGPxQM>19vh6smPiJw2EeKssrMHr^NRfQ
zJgaG&n>l_mFM_;4gicuCLCCjrioO<@1n;5cftasb%Vcghl@&^Ehrj4KO8k|mhvOzM
zxY6jX2536WN?;!s&lI_PT^q!61dM}nI<3LW?w(5$%^D>HPjNebB6b$kSASd4J1fzC
zsGO5n)P6H3#BHaS`qeknFflvBy0gtt1!?`RsFNjfQt@6rm_j|~p;F8x>u-=ug7XDl
zRRo=upEUi%8{MGD+?UVP5KlFmsIo|Ds~A*ooDEzTI*T1muH&9n-~iWR7dn0AvX>^^
zm!9>2JEJQxd?vp42n+<92EHU|R7g(s7BFu^fq5|!^GscBR-sb!Lj~NeB06o!p=)0@
zx%4V23UfO^=%bSB!1n^a?){!umWJ6i+%(zxAu-I;<i@?Ak#!ww&Z^|I1R<Z<xt|?C
zv7*l2z#|@7DkIKNTZjOUgVnQpZ9sC*jk~}Nj6AS46#4|>3TSD$UePYxuK6>2Eqkx0
zU)aMIC`R0vX5z^UzjWi8#Sxiy9(-&zOCa?BTZCpn-5Tv6Uv13P>PMjW;U?r2V$yv3
z{95g<#^;LiS=~|g_Np_;b+|Vh$EuQq3liAmF;R0U+=<59kp0*?U|(I!m#sv{wc9XP
zJtt<x7jV$0fBcZw`;q43Hgtb_@Aapp#CD3{79tDm4lNZAQJSt<{aHlU7a)j=!A$XU
z4!e2n*tK2i;#|J;84ACN7?3?;2?`SG?R64^^ylWViFH~y^k{~1Hr5(_i$_*C#vg{5
zi||RJaj$c3O6DuuZ<{8`n;NYsJTb`)50HjAq?7u<9$%0>PAb!b59iD6i(j&+^IGoW
zv1<V}?n)JUtC3$vMmY*=yBg^UqP=sz(%!VWZqLQjn~b4i^Jm2Aa)5S~ixxLkdO6PK
zeRw<bLVuelN`C}rwg#-6eWi|?&--^QuVKwiR)W^%0lfke?wr^62)-sxN%A(Z@Zdt7
z`Ih%u*lBz-3!M8;SCvpRRfs0LPILF>CbqpRDsP%`TK`<V8yX=cmIW8@z*0yUZpbp|
z<xfx}_6vJ(ZAHA2p57`lX-DP2UdX1*2V%un<GR^SM0p0dbzSM0J<FWNg~{6RJCV`o
z-!gfjuwwe6ThBrM-F^2hC`XgcMxRK`!~d?`|MJSwHuJzB_;P$V^g$=jSV6;hbG%l-
zacfetv}i+(EmLVqL)p=AU6DApBNttaR;1epr!1)bv@8=%u3F)~V~LpJhOF9~BS6U3
z&_tufCTz?*zJy(1A#pos?q@Z^+7FEqrVpqqs6=tkVUOQFor`EgH<QSYa0)^lJz3Wi
zdRmNnD^nZh*#?Kti#CordGT*qW99pWk*04KTh)T}3EOVlTX$>#Eqs^T<v9ztLU)<(
zGq)b~)%@CU0|M=`u*zbxa4NP##+_fJc6gXc$cVZ#J6iJ!j7S~3Fu}fs0CL;Z>;Qej
z*V%``dLLr8W%Y`ginUun$F6CN<1ZcJ3}-64w`=Z9xF@Mm+;SSW@>8+q`#QM5F*D6)
z&R)WfHJO4WxHFA%Q?G6AX8?*NWI);sy8cCi5Vx-FGIOAQmji7xT*Ou(j)HJb-b;?5
z1`$Y>#QBEd-ws9M4t}|QvUx84l5pn1XTl_#v6@=4isQo;vRpU;f7_xx%py!{Cna0W
z#^<Q?l3AaZpfG<!ryt9p?86O2SZWW_xai(cuuqhGQ~X&8uR$!LVr;#+)Hdz^dk|!O
zWaHS%R?0hRn#^oiM1Tc{%ia|DIQ!=ao-WLmKnfb&b40oX&+b%dFi&3x9ILMfMD-2~
z21trK+oZ^5abZ0I-BiCm$sf?$Vp!>i_^JQh{|8o0)d$|z2I&_Q<23Hqe51LmoDJNh
zIy0i}z}P1`8XQ{sglvHlxM2@#wv;j;0u_nfwEKs4R@*M#WrRECCcs==?FxMZ17)U%
zYhYcwA`!w0thjmY&m?y0A%Qx_+s$1BtW#^^cuo2|I-165=DaUaSjun9pN3xktz6#x
zGKfFcJul!iij7BS)I@p?nh)$GQJ*m>+SGJUWC=Kz2A!6O1qCsH2OB6#M1R}Pfo}#V
zHr#soI_l`uJr|yA<YOGA3ilUa>)KTNnh`D=`1%%9KdfH{ie$)^_i<8wu20aA1~U<&
zZ{L>%DM-%f-JoYemM*3R@aqD#YQwyXa#QN|67PX959zn+WzUD<?1Di>ZhhR#mwUUZ
zr`CdPr=7c{vx}HG$L!<^R-WmtT+O?I7-p`z&N<)>y!4g*1$BIfQEvRTurny-yTpsG
zuIyt)grkTkIJfc)x8RBmEXt7PxNyu~8t%bs#^N)Wg)1R16r=)CJHzy{b_7~%7IpXc
zhQa!ac#9$+wK(Jfv=`9zj(e|w#r?WF;UyaM;<}Y)h0?5|?f8<W!5d$sejf^vRZ$*G
z!;Ku_p2v<!hk-E#7b81$5>md;_*$JoN`x0^B1-kpMG0FqS3ufkwz78f=6oJ%uFi4w
zhv6&7FUMWT+u9$<FT>ELordA7-~&!8t1WqhZ<~}RiU{b!Sc;p1vDm~OEm-98o!oXE
zUz$Ie`AZ>8PB<X+c=yLvQ8^i#(}?t}c4UtO145cj9e|%5LaRp-0<t7a4(eeFO(lWy
z5vDX{Zf97048hN`&U!+$T=oOcV~^rtf=`8$#g9|2;?ZEwqG@*=VDEOXm#=wfvvH8{
zEB)k+LTF-F*)m<>V;VK2G6Jf7ljfp$ldVvq=zD}o=z!!Vpf^@jC>fCeyYIMzt!+;b
z4*JkYb%9c?O4h~vRWqNyxS3k+OMqejZ`+KoFo6h){$aB)+4`%nsHqSECYEyxS(Qa6
z^e`-1wnB3gA;enimr*JR48Xk~F#r9g$sMEKq=>G@X6VtgX3IWY^^a}S@eYkNv)Bfo
z+8HZfL%!}*ON8lu@V}$wg-=QvUdPoa>o}iun||f&{`Wtcoi~ney$3;_>EZwQ1q9-L
z=uKkKxVgxtKhA%AsnJy?+|m`ocf*6_89IeL;ZPaTyMIS`Up*LRD<y<<XaBHEadJ|8
zn;TFjXl(L%`nlBx@42xs4NRI7KoWvV@?IpqEc2d*;-vjukll$e@L3U4`DfByl6X?F
zxfW0U-t&%V715L6)i6oBKxPRJ;*iudyYyja$DPU&_3rxob$;-nbkjyoIlGOJajV8L
zJ}3dx?S?57oqvtOxFk2^8^3MyQn<C4f@g)H`~3EWDTt_g;O_C>cWXwCwErD(KwQ2m
zq1immNw&HGI+s355F#a@fk-2$0~X(O7N|D&uN;hT0%=!Uv)D~=c8&JsMK{c9-}tgb
zYZwGL>Qij|{xc61PCU=mPh{K#DXa{eJ5OKy4C<c#Ow7M9m%wIjW6F6eDxRFh*)TjP
z=$P{n>d5dnPs&ma6K$A@Sh9!ayX;tKS<do(B`D5qG;Fjo0dqRbYP45a8B6O}77;Zq
z>2!*gi20?@S3Q731eJE0>VuuhfV$K*v}TLVr0%*ViduqPB@$paD=oB6s{^wRw!92^
zx0StIXAkbfpSRJAUsWh4Ln6Rn#_2(hZE#U%;M<d@Bh1)LtOT5E6|wB(<QLJQ&b)v3
zf7(Zm91hFY$qu{;#<c=^(j**zUz>M##p@BNwNtRSxKR6Z1=&C6(_>!7G>RsX?CX%@
zu1atOZaRRCJPbs@5*&o<b5ph=P^vkyps&GA_2S+qLq<DZ15JUq4R--R+O1BOgj^sn
z`My?L)4j^!7aRt4?>T!O0NtJ5JnyFD1xXE+0D&JP|LoepN2us9Fpy^2n6Ty=GMr?+
z1KS_EVcT}KenhfnQm?8xHVx^c*D_+^%&-cg;LXfbB5s-8YgN1dhNLjD3v#j`-;~0j
zzQ8^dFZXBGA{lWfh?P3r4)nKLd^;f5l-wU@wmOp^vA+mGPgMI!Pu!OgEMYKi>pk&e
z{gtM^wK2!gUVryb$dg>rm;cdCQ4flWR=&!BYZXg3Bij-bAjtO(sqKX`D;=Vo^L0{=
zs38>%?gQ?EU&X1mm`}(=I7(M!a<)ouUx)U5o8k_qq#8uj;mJ?;QXcl>x6(4>=Zqtj
zzvOtAiylY-XoF;9PA-JhpF{h#QqfZZ*1_cti1BcoRvCL-UTjb*a?QtzNsK+@rX@%U
z1#Mh9*w=O|;XBl+Ge#zn8RHYfa3zng?1=B-EiSn!YVp1Fy7IJ2?)eNwJ`S@HB?Y2K
zJ{!9CYV;;i_^)55tySFI!@A<J*&GMqA8?=h5nTx@5<iG-`A?cj%H_`)b*4jFk4Sxi
z8Mr9T2f}DW@#@=Fd@T&jh3vF`>#=O1#CV3o3kxq_am$Q}vXu-6I^50qpYW7+UIgyC
z{@mg$0W#E7c0e`JwF(pgH>b$!`!m|X??UF8aR?AibV@!3*sISBDK=&#%{2A+K?Lc;
zAEnmt-@#E)cAe>HZJ1O6%hJ(ETY;hK@tVS%6AQFQ+1kH@Qy&rwt@+%<Nx_hqi(6Cx
zS-~9}?h*)tA?cn2g0seY?D68UUKsL>Hm+ier1+AGw`UwxIvh-JIf7+$7!jv@KHhss
zSZTw}S{S8ab9lm3N}UHFNv5)@Y^EcYfysOgqdh-9nL@obKkxY6RInXNvoqfnYu`fE
zq(*bwmDw!V>`qloCe-!b(Mf6&7|<=*tgRU-7ThgARR^3H>fW}wu)Ro!Z*8TgXxoi1
z!m#yE`}jEpqh$!|#O)@8f;Z!0>RbhGY4%3!C@zr+Qq-M<cIByA9-w{LdqsY|a;xCw
z0nLEEUY<W0u9w;%kWS!ZT=UQ^lyTCbpWPK`<|Wjdt{pRA5u)j*{dg7Y@wE@cwR^OI
zdT9ZaF3Q2hy&g2?0t~f)&YhJy^FUB?J|t3p0eOsGl5~>6bBDm#LeVl}Zkwoae!;gJ
zYkAzeB^t}gDdf?*;c;jmYcwJ?U7weWRfQU|dTRaJfs@0m4*U=O)TFc6=|5o(>Cp5Q
z>G4%K2tDFUO4_g9!R36$BY&m6Ad5xpLY<-v-Cii`B1w=>J!S3{2f@3QuOFSj(Y8v0
z=QFO}W{9AapO~?oM}?BLk#NW8P-W_t>D@4}5uaxJ1K)FVF@UaHB1v7q08gf2byWX?
z5_{&Ln!KCg*QB!#>}&wTLQ$eT+fL{EaPq)@4SG}xk6<w#*gPzx1tkG`D9L#r5E}ZY
zp~je?I|Z>g9`u6w0+W&PUvJn_QRybWl-G>&(^Re>Jq`#w0c8bEwMvV2;qJXk6#CDI
zam8U03l8=7mhgOdDL;{Y_RmE~1pA@43@n})!K4{}Zj_Bi|K$U3TK-OvHs40MG~T}+
zra1(YI`T^RUllg!Xu2^F>7af=+X{;`A3i%07o2(C34s)6b>xH|)!4keVk_8<p=9UW
ztjtO&(uAoZq3kR$I@9ixin(De%!nkz&n45yxbFqv_b9xb*K~?hCrdvDt1XnDpN;V7
z7lV}DFY*!+7l}nN{6R>&Vfm{M{6Pe_T~aYu-WQvsJ7j|ke?EoaS`1pf3L_Rqt_DkQ
zLBtU;|Ai=`F4_<vp3B;;nts8|>(MRPUo?+^B5ln&@5RS$3mUig{WG(Dv0Hp7=EuGM
zHKbb-usJTN5IH2Ov^avF;;q><6L@A)@?GEtw=~^up&h|6XhM#G&{z`&Lm<(XqVdJ&
zhR__Uz=P-T2={OAsu$0@%GQ1|%o~;yD&QsvQj^|V4mIF?^Fk5WKHVutWT(#<2)9p3
ze=k}_-sAa;wK#+~e!5PLly^Va@|?+!POOKI`{AAT7HB3DoOMIqxD~mQ#uK;+-R%z%
zVw0~s=mHFR(LgDMy$q-(=a-foULBZgYZ}gf^;=!CyMocc+qZy}=f+dsW-erQA#qUZ
z!zI!~sl|MF7|hDYlg^n+wZ(cRjdmFEO=)n-36~Hou&ynSiBBS~_by9>NJNh`h8+{n
z9i1)vyL6oYVL0<uuw>2jeQ@Vq8RzosZr7!T9RJ?HU%hL-!>h!e&+MMgI(GCSLqEtl
zjB7u}BBWuA(s#K{eu>9WB22hK)QuW@b4<R)x@X{31h;Gq-=!@Y-@9zQS5F|sOi0A@
z84lY#cUT>eL?i;Q=EtcAzsEud%d_L7RP0Ao!rY;`MTNW_qePuH6>+K%Fm2k9uJmAo
zkn6l0qQc^8rI1umZ)g8Gm-x^gH^HV%gbl$Ze%n+W3@qhbrnrHQr;vTAh(n7?Anqb<
zaUp#)l)Lp0d{~3l84ufbM2w!RX$^nywDk8rmyt&1+;2qvt3b|Apb*FZ%M(o-VZ94$
ze^T#U8*79Nc5-otBo|;65VDy&Jy=Gp6#AVNA7j5v%7J@jqBHKd7bs<~4FI>M2VsOI
zw&h9NCv*we=pBxun_`=;(3g!NW8qsudR$_9*k$P@{8~dCx$5WRXbJjrFCtUe$a{l$
zdl{ZJ%N^+~yVqG?o?nJf<SC^pJ6bq51pk%!reWQxrLQKA2I7|(+_+5H;|7`T!lP2e
zPDM-_`Y{XL=x7^Ie4xX<o_A?m4sL0DUq!RHXz}2o)6w|ha`$*bMr6jI)YmT8-7!+@
z7j^@!Kz}l}!IO~v(s2{N4fois9xUo<-tMn_OG7;*7ltAlf0ZP8TrKIpRgm3S?-P?A
z)TNe;tvJySud#ylqb>(Vpg-8@kU6=ff70N3V(lUCq_SitBPREd?6TGNOX(2o<{xtb
zGvyx{Ucf^|j#Vny6g%eu%GAiGC^TH)4XQ!$96`}s<ltZdmRpg#@~5}u2vN%?S+`p|
zTR6iN{+TWijl3cpgdsjXqHLDq0ra8_=yz-d(l*@F$tsKyqqvY>mr3Vb={9P!1wM(z
zF&c^=J*}E4$R+~gPLXdT6X;}Jy!xY_eih3gJdDR&aTAo%*o;#2@kQ_#?H@+Ipr0UR
zQ<~(B_8y9#<x9Hj6{Tk=N=fRN2gy)xcOD>HmXej1r54FvUZQ;w$cR6Dr_V=p0<4Ie
zJ~ud7jl$77WxWGKwQz=CN6TnYw{^RJi%+773?UIL{CXPyhGQQ&TL>Mk2tt)jkrPOb
zn0Z2#x+;)rZwI^_mKIH{#w;MxTar^C+@pj)NefSjoqUTR{2hKToewDe!i0v8Wb?^C
z)<yy@m;1Wn4wa;RJHH=dkSgJ?caGM?3A{`hqYXV78|;8(Y4di=WgYG$CNm;b&XDaY
z%yvH)1;+m?#wl!1_}X5e<?{@t@ZDV)mB{3W3yUSxN{mReg&o?{jn7Z5AucfE;ROf2
zVHDI+B>o)9FRGO0YLnFzpj?N3F<alDphy(Bh91dZx@1Xd6o!{pQcqbra^-s!#F7u^
zPRy6on2RsD!|o}vbpbHx7ed<m3{`vutKGc>%&&)q%2ZV{Qw-jlKOJcwC34B0K2u}=
zQnb;$BujfyK&w%NYdm8$G3;8Z@|5H_RUR##CbT9fPO<7u$Bm%>cKL}<U4_A9s$xG`
z1R}a}MJD>XvMuOXB*Z|mJoq<(V1;E|GV7`o+@D?njBl;*v^fVGJ?#@84E?+>k#Q#o
zxHib{UDmpxox&;Vv_EoRS9zMioUY_2>)iNBEqP+m<SO$pSK|QBmf!p<bcyhjCap>U
zU$4g-yR4SVDJ?Mm*|w0K!Hu<hm_}44IwYl3JpKfat)j%5kX<mQ&1(wb%PT@jVZ%ik
zy3o}<GG>jXSP%Ey-PLqvH*68dWGMEufgQ+6iWE}D%}%MH!EZAPmFA;!J19@T`_-h4
zGy)*oHbZ@3=F$m6<)tQRV)r8zIJRZXrr-Cukc@?~#U_!=h=1@Io2jbf95a!fN<+OW
zVa--LAL>-Y5g>Vc6MLsM=g7-&Q7&8OH)_l)<rc#onL}>dB?yDlhrHN^T;>Ir(ViSL
zIq~05tR3>|d#@2tX9D|jd`e#ss_Ab_0QZS7u3RvmQf7396RwM1tg30FR8lgY>_VBI
zJs_CtbQr?8M4pEiO{ZVUZ#mIGQ94>Vj}}|G4XfKbv=H|Kpz=A3v`HTrpt<RZz&q%#
zcjMu#=RwnQU2@0DtUmK%u%@S6SE{hRK0I5B0o6_cw<_(E**G*>;e%=%k%WMtPDe(P
zV1S~;m_?MO6wgARR^EC#`QEq^MNG~Nn0t?Lp2wcG2FW*;M#gEBG>aY9oa0HbK^DrQ
z$gZJ7z|nsr5%Sgd8)^cbdI4Z{i(keLA(qCrQWd(7IMOC3d=0xdG6WSR>{H3nAtN*P
zcmX_vJ6|JSTkTzR{LMpV#GiSv&>|sM4o`e>&V9~RgR|gugHpEI!dx9>RvSyUD%g|R
z-FE-$LgussZ<>VKdz+v%PYS?$IXG?Qv!R(^YpZ4aDfXy+_Kic7LJw#E+DndL0P=-H
z*{t|(`lw-VPmh>vd$h&dR2d`?ao%<%rl=(cU0-gsF7C!(+-cwXG>p&I2<%EpgBd%D
z?%frG4?x)QFdC=)8Yi3X*)na}5^R$0_!_r#SL?jryH9c-I?@hkCQqERv)<pIN%5Ax
zHuZRo-<Yntj<iJ+f!ZQ?=#-!-x|q&0!ku>7rs(Rnf-Wyuk<~E&YwS+cDYW?^I^T1t
zydz>vARyqu?MBC>xD)$=GCpj+r2P{&cuOq`yI=)b+S?@hI%N$&d4#@zSZDHe9-*YZ
zhkdn{9gSGZgyvIVsgS>yxbUZ(D?8l<3x_s&<GLf};Ha8jt$1p|P(YGDE5<BAU@fyv
zFiMfFWRpdp3pmBZeYH$3rpRnsBseGN<|U;%6q8>JgS(9`PJg68UW}zI_P;=DNnEJs
ztsI?Om-u0sEn*cGZK9ZRwN1qB^FBGV#IUuqOALSLTa!qU(l22Y$<pWbWrNcxOMb;T
zfNCO*NzDu#O5_(DW5VYVt;I*GQ`-I>(SpO+n%{YHC~nS8{K1H&iIi4HMexDq%%ua0
z;hJ6qB%LKxwoCDRVzFG<>a!cKyvOS`e!+7M``jazjqXCdocwF*KT3$(vam<(VSqP7
z66FFCDyuDe{E85Uw!T|=E{@Aq_V4K~&U$)?O<;U%X}8NC=Y;<8c7<i|vf-M>3$!|$
zAeGDdu+Qaz#LM7~XrnCO8au;m^xW#K+R{NM=vw3n3DpTX>UBa814Aqc;oj;Xj?KaQ
zn#>Lfnbm=55C3Zup<z`C0Gsv)!|>e?r?e@)LRBU<R|~=3R`2P&oUm#wk5__2)KJ4i
zizzBRDh~O`w&&~@-1e2|IkQxRp-!w^C8#cq41SF16!+@7hq%MjV&|M2<g>DF;z8i5
zT<k=u+gBT5IsiZB?PUQ2quE!RKX7qq4B#r#wV=E7m+GJzlUxzI)WDe;zaB>b*D}7C
z|LLXF3LW5_%tWETgrxV<_aw1J9tgLX+ZQUwKmo2fC62ax-&XYvFCr1ZH8G<ndn>FK
zH0*QhiTL3QI5jtxO!~wH112c@H2o$z`!06Yu@E{z53Ok?qEZNt;KPV$xc#bzx`j3Y
z?kNFH#^7?9I@PQdJY0K{IIe9@a~#zMZ6dh)Fx23Xvv6X_ciAhYqz%4~XL5*Gx-7HS
zY%GDKbGd-j+x@eT-<3?m!qz5^X&w3Y;V2gvQQ9LGhnDN~m}h*O;EUke-bCLQHdfJo
zw5LL9h^sL<S{u1)Ndc+T^ON=>js!*Gn3*<VM83y()iHe(k^RPu^u&E3D8pCWgB=h7
z?^!pwsN39vn;RP2uUC-ll`}^v)yL5na92PA-5L=M^#ikQi~iaeLsZBv-)s@1T-pkQ
z<KeL>daL<DBHwg^pjRrjq@K-OxoJVQrfZ25$1JNYtEF|EBJ&l#nk`AE)#~#GQ;%CA
z2T6C6jYUkVk<=p1FhTn~6`No8(GOesob#1JXt`9$HSWUp9crWw6Zc(*4CTwr&cdP8
zA#d2&K{z=~Xs+`QSJn~3Mdb;qW{rDe<OQQCG;!yD&OReoexOrxGFLDX1{@>G)4P~=
z_yMsIucmI_cKmHPvi%3J=5jBF?%f-9Nz{*81os18HA90$U>AX#<K(dF=*DitS-%qG
zLKIy+<zii`ETlV=I!HH&Qjs$JA9B*n)Fu(}nJ)X=%Q_ni{rOsZBcJbd0wUT_x&O`#
z)X3pD0V(bxa-%^ne~_~`{?82JOv3n5U!b4`5*^KJ=G{ha^eK0!c$FI?PbDfM0uo-(
z^72KBkFE>2#7szM@_5XO&H65sw>fe0BEZ<hD!~3Vc_y4dBVgFl{wLN1(J;HUhXHex
zCd+NjKMc`~%H<B#^l$)4)joX@vL<})!uM|PQi2Ay;uQeEp7xJ5q$p4VY45&lgsj}5
zfeU!H3Y!Wl#APG{LOzlQ@PhmYpEL#r=-vCVuS_t}STRz~;2hyQymBKLeNw1$VD*0h
z0CHJ98YNN%n^f}A;fL3ObXt<X3|leoRV)*=WDv<1QuIx;(pqy#zd75xBv<S);KsuC
zbXNgF_f)H-lax3v!qMCoo~u#^(6`#3PJAtijokh$TvKbb2oJok;#J0M5#sskIyRle
zc(|~TGRxXmPy_P|Y;;=v&r}G&?f-kmPKS~okxL7C3g2|paJ$tiXj{m-_j}x*gY-6~
z&#g&(jSnLAd+z(Czf$4WUAI?52#1585b{y6DgFl?2b4`0ZM}3LEzqG*$oe0VkY`^M
zLlw8M(n71lM?SF+In%O~=JKCA5R2z?Br!hv_lO^=wn>wQWi|laT5<@cTqM<(r%v6~
zt0U@qKdPbnhchZugU2hxWD4)O;kxLP0F-Y#8fxE%--kp$m>%xa##vBiay6}@1uLuG
zaX#8-Txjt1J)f}CyM`7(V)o^2@<Tu+O<pMbjF^02dI(<Gp@r<=m*W0|95?@Y-#p@j
z$;p4I#kU?_=0iL(#uC@#q|=oU4OadhfzaXRP;J~?YwNhbRt?sYM*~PNzUJFv5qA@#
ziVVD6p8B~FD%?Ok9{}z`lU1`ZLMTG6&Z(;4;on2wgSozb!fbbN6bnnxT<OA5gEaKj
zl3D%&A~TjeR(jR$&rW;PkpIW~!9B+t2M~KBN5=!CQx1mUt5z`kc!ZF64Xt<?%M%N5
zt3R?lV<#hMb90cms=bkGh3W_}Li$fe_#1qH-zhweJyzzsv!s;Q+@SMb5Sp5J64L5m
z!l!_Dy(AP(U3`~V@&zi@iSOO6_*<uBa)r<F&`9hV6&{I@4LGXk(&n?dXj7>$jWLIU
z7)<u<J<<A07arw(8{^t6Nv7D*U_hCd5II1$Di@)zvnKXFFcCK2&CuuW(<&Dk7H@7H
zb{B(2?QM;7wBhM;p*pAklw%;L2N9dd0W8WzJZ!a8EfcFsP4w9yJEvRNo`mZuSr9+S
z+JQT~Nl8D<Xbd^Lgcu-GjET##Up_^sBY}@GuH^nqf+5?zk$Z$1nNqs8jd!5W94K}t
zwX~I$;BC!~#z+L9^&EMOFPEW?&4V}rMkzTl{AN9G!CJ}+hFBHiS-e+nKZ4Wa9#Cq{
zC3*!7q2UgB4;PZm2$MBBQ2}d}g&oihJ*jK@D+b~YVIdvM(Deo-4U}0aRdhMN$VJTQ
zEa0mbi~e#ikq2(E?pzn5;sxWm9Mr~9jQdNwt|HOO97;;xk|QDzg&lio<AMBE!;_3;
zu8X~Qrs*3ozJV|#<)dNOcl}1fo-ddHJTvMn5oEEM#>>RAb*`R7y*mc%<>cfLN!SnU
z*=WvDdS(LV$VPPM@a@87ffIMmmP?yJnR`^)12M@y>&dWIAE%w8qsUZ1G>?T!N(ssv
zL7B~Jp=!dAz*XQ+o9H46));Se9Qr{r?1Zog2g<x+pK7Ch`$bwCp+USR-$mG{xW%Cy
z(t=H&{FK1coG6+0V2r6;sM%&o)V<g>-UPko%vG&iQrf4mqn9Rf>{szbME)(5DC`xf
z_Sk8?*_+jZfLk!NZkXMYzo;Vc+=D>5+HJJTabso~K`t2ReWK)3hG!ESj19BMk3M8e
z>7tgW-o}mvwuS))@ohNqdP{#u9q65A24njvY)4cA5aGmZ*0qPq+u-KsKMOFjKJr&S
zc{o#RSFo3HGEhEJbJ{);7?2+gaG_7_jx|!qS{7vZ6_e57(|K|4=5&bccT|iQ%Z|`*
z`sBnlM;0GNAMM@65iX7Yly8C1wXizohif&iYEWOwwL#w+lJw<lYwIeyEKYAx>2dv9
z^~7ZD406DA`z%Y1iXEBu1%}7$eV%&I8??6x2}nl<$dfb6FtPLlkQjF~`G)zK*1q*x
zmjsOadn2$pV^HCR)e9?Jfa_YEM&hT~>+!5YgZldxyIcUWC@KMXHT2arQMTAl{Brae
z_^OHfB}Fa<H{~kl)VuqP1BBhbgtG3g2k&PW1z4S-^Q$p(v=sU1<Z?GvqS5Z7DN_+5
z86rA0qIV<g^w<Zv35-ZWTr}b`XQrHD83D9=l27gRJYfs3rl>RYL}nY%m~Z*l+Q~{u
zcfa=TQM?zuO#If%k@_njv62k*Q2^_0WU*2+2uyWFkD5cfQjtjK(WQv0xMk{uszWy*
z38mczA#Eo^i1Xo7FvePAS_6p(4X=Kcwq6@KZNva%Q+?10FQj1_3Le*=TcedOe(lhc
zeH}#2Tk?unwA@CdW@N8IP}MG68cu(_^Sq45Ai!7SD}--#8pRWWp5_li$}N;($*`ae
zp@teWEFpmlHB;k?Vqs?oX0m&X+~&p}XlvLeg>M<W*9>HRmyVD9-B#t-D>EZ;Rf&rX
z;|)drVA6dZN107muuW`Eq+80}o6pe2keT*uuQv^SoXc*Nive?Ru(qNgzn!P!><~x(
zmA5>j1N*<C*DmB|J5G)5gHIj(rqtyty%78n;CA0j29Q|8S&WIKNN?(fTCw^R`U8>N
zB5bLV(^9OxiBjzDlFBb0AqqNR;fpDR`tkPg<&YDj8Jb>o{dCo9-0oRK+J(InC-pLw
z5{vG7rhaZNa&OIe%Ml<ukP4uXCniQ?EWSDi-JPutiXFZ+<E48!{r2}NyrVt<;8tWR
zW#R_j_{`^{V(e0BJ&YodW1xLmZ?1hx#=sWF2Dl*GEH>PrvfDm?lyl;80vJCYEndX@
zw9Jwh?~tVN`*;V9xpRMBKiqvlf9O08e1ZxPoR{b&y&72Wz%N=&w1{Hn^(qoatDri=
z^~zB2P)9Ek_HriGUI>WWte`STM$ln3Z6S<Y%}4ch(KaLgYD13bKmDb?>e>f}gldP3
z{lhbwP+JZy{$uKN)QYE_T&&`;X{F6|?6NSHIn{K$7!uO!9+qK*7FKqMMT<0s_t|ly
z*N>-+oJiSd@5o}l7dM$E+s0nRX=QqO_h9<o$6gMJ-waWiaLUPsE=Y6fX1?d~DdH^b
zh*_KgSuKe^<h;-SaW9i2$QPj?(tQg&_~vCod<2u2_RyOL?`FA2Mq*Q#)DL+$Sy4nf
zz4w~!Ej^rT?@>eMeDC9{#0Bva$57*M!TmbBo@K)Ls80BD-#xCbrDuk@-RgM)XiXTG
z;CDAmG+bf=vnF-k547x6$Z|<Z!!-+TAFy%Z{=u;3v1?+8Z~2v&@$X?s%PT4?0L@fv
zVPO#6HbW(vGVEFtwaH~?G)RBY^)3}18}F<AAqTn=O;76Rq-j^=t7Y2J)?IxJ0F)!2
zjXFXRwtuDZo{ILR=qRjCAfrZ>a_i=GKrYx1FE<|4v0M$mSig|j3ZGFF0vPKE9hC;0
zl{>+X3Y<R=Da9#NhoU;64AGfy82tN1FEOI(D{SnHFibvxO1WU~vHM~g%ZbDZ-WLNZ
z^r;EI)Sg78Z2~MH_Cs2*A5z&U1f-awx@OwvcAQQqZ9Qj8ewl1YU*&q)x!HuM8$Erg
z%Ht2YN#*hQ^H1dj@sYJsJEO7t$aid5lWi-N`4u33#tWL2=KWMQtV(|La<TfH%7~7!
zk)~9WQCkiReNM##<UB^>$g45JeJ)D;`50=mj5eLrnQGDUsD+3sw({Q~C^PZG`10&>
zQKE^70>rLj$gb3Y83Y_Le17tCrFnLCET7&)C2|jy#A#AFtW^GuO!OLi`ld`<?o3Mb
zG99(dXkr5$rG+%KB=ONKL|YJYag>9W+`3N>k#^PW#0*9?A@isp{cIZh*EFptM)f2V
zEKW6ZEjcC()FW&PN(b?R*kcXEUB_x-(<MZ52}C?9?~1DNRMBDsE%tJZ9BR-40}>N*
zhhZu*u`P3QwA^tbIwp@QGQK!wyvp7TKwB8!RqZHAI#CV+62wj<o@1Dq@z!FQaKJ%@
zVv|ruDMd&1C=pC`uuw5*=_MwmO_Vc}AdWGNEo7lk<Ev2NsOjrb%a7v|urZ=D$7&KG
z04g<!;_{C?*&*!mgxHm-S~k&CJ_!^cM$9DC8U;$V99I4+SGKqUY<EH|dM7O(g`%|M
zbWtkDek@<5$k?$&?HoiL2Flpe#5%dG6Oeiq;ktT!nKv^bCO-iM)6}v4IHhA1v*$;#
zK2a72Ba0k8rd(OJ!Y+125`ogO6R{e7kCVHO`9?#okoGFFU_K*#p%A)DjZ!|k)+|CY
zKC^oMye|<wJ-*MFp6P>lAwx$Zs_1wY69z{=13|?|6f=gWXijRP#>5%}x<hQ+La-gd
z$&@7mzuDB!iLq&BCeOgS(0gtz8pi8O22nO;#qTW8T%-BUg0K&XKwjA1GlvxuTdgPD
z3nX=OySVe`*PWkk);HR3rJgUFFm37gYM=}lFUi~`(5JRoh~u;G@NU8XQ5>az>v=B{
zcNwqmECGJgep#Gr8NTQgk{B-ef7LUvJt$}x24Oy8hHnScpsHOP1i9N)<tA(htL9mX
z>6l*Oo?H8wc9wqbGGWnJA1=xf^Zab0+6}X_iuYWq95g<A^@FXL!-(mn^MIgY1M7X*
z{y^?_`n%v$LxX?X-rYL$6?oGqsL%VH)iz9S=6Y*$>Ru(9B-=xBaB>Y}uQW+BP^;qA
zh7nsXtB2qF$foTe^JZQqpyj?L$hgnZVqtcbo6sP~owK(i-FP*OX4AevvX5=75qkGZ
zEzweAwL4jC{-RSKHW1>G-4g)RPlgZgp9EQr+z#&r6y<XDVsp9s747O4K~qSFvj+15
zIcSZ91#-<_zX#q2{eKOp&gzf{X_JpeWp`R!f)?%^Dx<Qy*rUEkn_p7Sd=FfL!OWpO
z2Z7HjkIGn*1QO;`b|KsMEDJ?>^N#aF3ov*!@44|7d_BOrW#RWO?B{MmZ{5Rh7e$vJ
zo<me<;SsA%dwqUR`~9#KF~!!L5|ta_aDoV{i;6YV`#u(!_+aCbM3_p)69{vzxdmG9
z>VFBhD*TD=-M;Lm_P)ET8&m?+y3&$d*e&+nhZ!giTm@jJ1i9fPA$2QgR4RkTmVF4O
zT<4}-lU=Og^TQ{NV&qFvNM-kq+Ure*RIqvQx09=ilu4g+mR??(r9r`~f$BoO&>*`s
z^Rup8joRijP$MMQh%dx`kH#u*93>su8l~{RVi~cc6IrN6?njtP3iMekDkYR6WZ5D-
zNM{yOx~piqCKURx-kn$CX@s@pE3?045G`AbTQ|s<YO%Uz@dq#7ghRKo98wueD%!s=
z>J=_{w)vco4RLy7hEAt6TFFa48eA`2qqZ>HcX1J01vk3=Ay9~+8j$ilJ(JE26A%E3
z1?cNar~*xl&M90s>mV)V$T%Xf+JS$fLp8s>yqmvuF|<25El7q8FYM{|3d^l6bnt^3
zSVE5}AU--*bS_8Z3Ap5*u)({99NsvG23S=3%WF_jATXG%#%5$1hu)i-o)kGd5Y_}K
zApX{rWBKM46xb_T?-3Ip9f-ZKv=W#MZ7A6cI&IyD0h~CWqqNJb0x%;nar!Ztrdt8G
zz%s^XG>zv|aE8P&&OutA$avzXus&asKYY?7FNq7k6b_rLWQpCE-i7u{FZP+{R%=l)
z4&R=hzXwYRJZT{!JvLkZx!*y5O^VfPT-=9F`o(Jyhg>z`=$9WDdfSYg7#_Zl-yQ(a
z80<u!hc`peHU0r%%!rfp@#VNF)PE&20okT>QX`w6XPj)Rr#Nj9P(3gcenIauAjSU<
zMSowJ&e#CNtXB{~*7!|=W{4-2FQ{x$NQ+v89Q*zE+Bh#0yl-#m5947Moh#@rCs2|4
zP%#SqhwzOJer}9*7k*<oH3F1fa>gMkPwcWkrO5G6<@a6?sY?X0LRy%6K3~gytXGQ%
z(m@1wYwg&|8CU;RU}fc9luf+BsH^G00g7bC@Sh|tLiEEFA)J=|#W-F%tSBYIBJDrX
z0Oy(ZymQ$l=l~bl*zcs=@=;6S-|C7zJ@J>9eSxKW$@(f6n9Y5?2(l-trNa|kbr$(m
zwu&h8R`Pr`s~V07W1<KGzmr&wBKg9yE=-GyM?gbJZA1l!PyD1;Qp+^pQPQ+hSz>nd
zKOl;S8nKjfT!ICn(*DC6+(0MV%3jTeF2k~)wj+y3TCADC+F3kmowLL31{0gIv;oA)
zFevH}&RsEG#Or~~2DwHmxzPEctwXd@GkuCO)P+9ruZ$dcw^)zk?5Evdt_!#ekN9-R
z<M3~VFhG^kjnSydyb$2Z>J!RqT#-0?!eZD^>%H%=_1yyY07#9EpB%3e+bk8cy?KYP
z`vJ7{lo%f|wbwL>%jKXdH^O01H&o$?GFC3zhwv81Lj5gP(FODf>)x1MN17xqCFNXG
zjAyMR3kbinK2zBdzcTL~$i%AVY+pLC`ecJaX0~$~ay*rG&R5Q#g-omP8!s4BAggP2
zObj7WC4KgKg&F^x)aT9yU8eNvMuzrN0&M56;I|ijJu%3=6Y86f>?_hu%>LNi%8=f#
zMB?JF{xjHAUj=k*b~J<qwcwMLp032^_?^guz5Gs=6*=?Ep%F!GB6RfPJP)U6jS&`M
z#{?DEBS^}u2LWkc9`0hm9c87j31JPkoS(u*@Jn3ttyI9o%@SI5v1nc%&PIst#D9Ci
zNb_f^mJ7#HN}4M&@P!4642dpBs`5a6i}--Uo+Mty?C<h)%rZC5`@hekoCe1qDZXnz
z`CEq*bfRJ)QXt^mLt3vQFR?Ad?)z*j?>@}NP*7~YoAfxm9G1)`ysq=%Q2zq_hk8o1
z8v2T{8{toX=Y;K4w(le_OZVC0)%Bnb9+<gy^=o{3*)Ud`B8o&EJ#3HL{s`P(z{|8}
z;*5<pLb)#Za$epPERy!`yKao%aQM#XT3Iblp+3%|p^4P`Fs#%i<%d5xmx#730D+5O
zpdq@IBvOCF{6naK_=?x`i07PFx$#@^F81D7wyI!XVAEz0k&&qNKz{5~<_G{xSVr$7
zvEfR)!{K3EZDWdaZUaHFIAv%@p-+-FX#{<C)BvwEg0s&pTS6xqS`h*yjV6Up?{wlq
zK686@G<l5CUu2v{$Rc5V6&2r7Q4#{ex-Zrp50NNMe=UrXe~R!&B!8mCRPM~jr@cnK
zogcOD<?C}Yu{JD+9HP7{JRl`*7Sd^zBFX6VL6<DOO7+s*8`eX+9%+#xq~h=X9{^ZD
zr@su(TwwwpU}v*h3*Fi&*>pfNHnO^9V6LQBKw5h;!+znSKRm0?19jH#t$;f{%p$MG
zOwC<YqUy%@cmY&7Egt~0$A`zv4>Qta>)zL#Bz<l!f;~m#0|o(nswQ0Q;hEGb0p8tE
zb>vF4V0imL4udmyNQ1!PIkT{6iLK~w-q}31cmZ8#V}|^5oYFmp1PRVJgiV||x#8Lb
z8}QFrexAP%Kz(0q;VNQLy3BJulLb@8UZd|M1z?v^Ww;0diZ9G?o3Qa><+6Bd&3m()
zl2u~?g2@47>g3rrTLa!b*(BP&>^<O5fG2$yV)s*bxu^C($KCb_FyDbD^{9KRIw#Y|
zlb%F+ePm!X4^NG6;RXm0=)9N$ZTKIThM8op=6d}xk*fwksS>pKArG2;)&wWd1QSK=
z-w7#=z9^E3lT8UJTQ$Dh#o8F}4m(fTPYq{1qW2FRNRJOQC7$79Z#*qg*sxej80sD6
zxI7{{tZ52|RlL?TfJhK3H*P1w^On8ZuL14t0LJPAYKEt2UCYY`rh!3-_Xe;fj@lAP
zJ1f?(fj11$0LC{@cQhjkwgkYzaN!xN#cl8>F{CQ`!ODBU4XEv4%Jp*Fg6jk2e&y29
zYu>U6@jf}jWmRhxI{Ryoq1$JgkFL=H``!e2`(~R!9sr`>XOP`c4Zk~xX!o`+T`y?^
z2$<>(!A7^HUy1jFdL?31?GaiaP;T$LM}ekm+1Epj)UR?34zzE!t0tqPs;~#(KpyVK
zAm!m7ce`o9wQPcI`$_TfjF3=<H!F9K8{4=%0gMrfk8G?Wz{&#m!zT>Zp`?&TA>t0G
zUnp}cTMtltKoH=#0qg7cUW35`d?b_8Ha~spJxScr=jeE^aM3Ewj94IYtjq0w0}YJu
z%>iqz)j@AEvMggpRt)gAsBc)&h=dkrZo%uB<%1a*%1gVqwq)wieeVHTos@l~p6h#D
zy|iH5B;Wxycp5<Iw~fcmXJ@;}D55ZYJBK-*cY4^V<n<Zqz3Z<F3%5fa76wzH;E@<O
zKYBh4f*v}lW0J{nCEHeFo)^1V^Z+V=jRb-o-I<aAA{l~q49wZsg$XoL-R<3DPA(ce
zyUdUefW`rlkp=5{;=S)^>`Sr%*ECkaZLD<%uff*Ab+_&9x~qAeJToWW9~kFuQS$o0
znP&zB_l5#}BgX)h0q(8`X*=2@pLGx~h8IQFYP^xzqe}OcO%=QnwgoE)EUoevRs#eM
z(4npA;y`>QAcROhzim*h9FXV$@W3H-3FYUn1I={0*PD=)5kZPCcuer$f#SpWhrSo%
z_Oc4naGcBp;oB<3(wy0D<h|D6)CCqqVk)9<uP-mWFH&)i3<`S!kq&of2Lf+iH0QnT
zBgFf_Ajb{tPcUe#+!vBn_iupkZ0$(0?mMv*I#W7FZ`dIiZ^C>U*%cT7&_Kt_&#~d;
z^wxKrbDVd*41wbSRTc+4ysHOnG*L4L+U_|Aa_^)0{V=gZe_g-?PCGf<zbPLLO|TP>
zd9zv41hSfG>0S2cc=)^-f?VM)VE3>Mcn7D{$?@@hqwlz7IfFUv(tUei)HBFP?SK>{
z5((@8WcZjpXcy{X>Hxqf(s1({nD0O=aiZJOdqYfkd)9rHOF|&g_qDss!Hib&usk?`
z2abclo$=DOSb!}ND#w>5-t+3N+}%iOtFClkfbh>?D#Zkfym^M_MBfg+yq%BU@bG{>
zQi5m1^6juZz6P<GfIj=}5Z-h-PWQO_d)b%~7zyz{0B)^l>&-rg1H3^{Evc{G1HsxJ
z=o!qO=DvXux!(skTk(p0#azHLj|{@@$G7YQ!jE*yJ_r+#W*0ZUx-bmn0oYhY^gF|5
zj;+1Zo%5;9a_f*55Q+iR%;z3znENL8-rp}gm(I~bNTW@91*o8I%i7mu&K17f96FXw
zP*-5^^`8Jp9?j77=&s7{+#v@N1nX*@RUrIyYv))+Rl1!+Ea0oWJ=OpmH;}+iN9_%R
zP)RuC@%Wqfa-xvW%|7L3;k<$I;?wE2+0epE0p2E+=<s>#LWq_MhE8g)0rju$B9ES6
zPVQ{?-pvRDWZh{sMEJ`+@d1y%*ysRngfkE*)<l<gg$xD`>I2r0&sqb+Gu9i?(23`;
zBti8Kao?46LifGXFmTHEyai+df=*+=4!pQHF+J(R2B{2|tb5&Ez`5<&-X8FrvJ3~p
z_Mf;M%8u?;U9Rq|%drF_rf+)j<JVc|jejaqRsQs(tNiInR_RGs_aqfR?@CI#r6o__
zPw!{??A#ys@hkq;YkLznNk7{2uFiRU)t>GG1%4e7_K<uxs}S4*r&ep%!MCJ&SY}pj
z&^}i?uKX$cG@Xn%x14?NAs%3ZQXTN~UWsFxQ<(dH`@X>X+yGz|0R9};z6dzbbqgkz
z7{W>Z_{W0zN8_QNKfT{gZTdMrGEbt2-M*3P^5JHc#rM*#>Q2;05<Yd@=P}Xizp|O)
z3#Ly~{C&e{a((ZfWI0YyI|V)U7w>Ds=8K+Cox@S9;botM>o;#pENi*n-iA(psLIRx
zp|rEF-*3{rh%Ea4!SK~W!29U!^_~R2`oc38cKwF<eDG4e*-iIO>Ty)GM^Ovx+`UGK
z3{d${4CsS4#oFAaaKVmQK0W(>GxvM)W{VJRJe-4}LiIn<{$D_TyM%qv6}k7=7%Ios
z)4L|l>=~FXuX_Hhzjb^U-0QbNrP)*{fy?YfdlDox{6Mqa`iOn@rmB~N2%xW&M~Fp&
zLDf3D^Y`R8Yx~}A?QnYSXY<nUePO=8Icg|Byjl&VT_J{z9ait|<~aDY8z$Q4guMLQ
z$GhV7UE$^)Gqb@*a)Et*BQ4I`ITcE2$3dy#l(^k=tmhZmVa?-{FTQT}?$zXZ^AWN0
zuet8u#9KYjEpVrGe-5R4eet$Q=We?Z98P(0)!eWHSOLyoXA!q5bju*`-G4pO+s;k4
zv3<ApRSlq3avGKu(2?I(Kb2bIjPn^u6@MxE@#2STWAPWoT`V6ET7ujMIz_J2<gG<s
z>mUmevRa<iqvMv*&&R}p7k&3WJdlX3ARoTn0P^2RM+URZB!2pfLwWvz1MvsT_CMdh
z3F!S&+S_Y{J*F|XF0>zKeU(0&z0+4!%e@d2hs^q#`>EdTZXbk_Mq2LQy3QkMc+?z%
zAs>&0g?86lqpZslH7f6vFxS8sq(n(F(Iu2+k`|WPvPF-(>bsio?F{%34j+9$l}WBu
z<i>$w*7ml*yG5JaL?0bv0I8jO1lrMeX0a{a=FF#J!rgD30nO+ZMn2mHGu6h1h8)Zu
zc=idd7zi5(<5sSQf^Xgg5(y*%2=Nznx-tREyn{hqigOoAf~25@*2)#+2U*B-I0?r_
ziy9W>>h6h<8YvF~U*CC%PtZNMf>aUE6pF_Ec8aIHd(tHfN}#1n5esB(5>st{Yiny;
zecj<BCJbl7fSm%8dL)`)pv8-U<F*adDxok<2!N!SMMh6V=SjnXtI^ZDu}$kHgvg!H
z;7sT^U?#-x6*Np31{6ywu~ahQz`2)TyrTxL7AIQqc(vgb3Sy}XgM~(jVMLnW3~8<4
zrrSj*5>AhZFhM>505Cri7>}fpM<!-wXqb*-rWta!lOSxg)upFi`f4@I(ZNm3Urv(|
z-o}WWMKyWrNJvuXN$Mp5NyCTgl4GzTB?(X{W`xk;CEZ$*h!cb<WJI2oUL6jXdzRQ$
za5^p)wNyg}dQi^q9J$U25!XYWb5%>A(22q!JEgD;5#D5O8Vs!pO##zI3GoIVYe&uB
zUeEu;AbAv35M*b9TMQ~F7D5LYAos{Lgu_|{vKviTE3V*lDi$Q|$#JTcfT0to2#Q1^
zQwS2K1Zjd=kpjXpEDaU`WyBpsi4q982^7O&Qy_s@u!I7I5XwoQvXYQ)#!|}J4phQ9
z3t-sV#4JdHXzPeUPvt&?1oYFtdJuA*;Gv?iHSy5?p1!y4#m;V?9PaIA++*uhu6?~W
zvvp3bzb;QEZzWfjD`w=rcMH?=-<xE7MhqVts=mF9pSQO}*<*Qm5l}|^9cN9*uQE*R
zRjZ~xl2wqZP_LbD&WL^XU8_gzXYaLrD`|X3BbYk=&xb`X3jtat>kFBc=eT%^bUQDo
zcIeYLuu!z5*k2AA-2#3u+u<LW!#WM{q8LDdFC-LtXy!JWPFi&hCapGwNbd&Wf<dok
zXF;;j-tbCs<d%-MJ6mI;ko)RZ4B;ySqm+2d%A}bE@}pML4TL*eO3wjwh-s1SK4^S0
zC!@fN-eCB4PXr+KQKO-@l0B)0s1R;3qr!VMW<3lb)I+#0ZP1p4!>c0QFjv*VH?&Ql
z4%ivaFKvh$%iIuh!ZSUU3`f>z^8}^R<{P+}W5cvAO*>CyBq1dKNJv6ShsWhlq&@GB
za)^3Oip5wUq>Mrl5<vwCvkL@L312(K-&dEfUFE#rRM&>Jd6=^zN|B2QGzu^h2M(N+
z&<%&o`80YY%%rWfG+k;-HC$nkFa!WI31CQMYM9EQqvNFp-iZEKF=kAt(=szA%%vey
zA|M7Jq!Ea8+3l67dHXB-_w43u5f&mWSSvrI_r3F!=ELrEhG)0CKMqemdZezN^DMD$
zhtD-B`G9=+(o<NXZ(P)>H)SQve8{a?QEsx4(<?HmeNQ_1Osbb`)roM*#K;{o%=4$F
zl#Q~bZKrs>W31UK<^s5L?Vy`wW>(vIzqP+$v8gFCT1d41;sM{#`|soXVXR^7k=grN
z*7o1+y${4<f{21DF-1NA9M*pEIp@qJ`+mCPso&7)eP(o)lPJRm43;J(O|q3Nw53Zn
zOsQ?OsHC*ArmJP8s#RCnlHO~zMX1^+(8Y*G5X1ziCWbDyxAnG0C|Q!KxcaN127Bvk
zroOFtY(8^O2-0Xfw3(CUw9Osgu%F1P3}T7`h^VL10Rs&~zk*Qve&x6Grxqy4DuWoL
zI{=XH?|+{A=3vk5l;SVc`v>3xdNAgXfrUfP0R!oZSjfgp3>GmliY7zj321rUDp_Qx
z(V$I_@7mERU%JtSy7l--Z_}{Oo7@MPXG1Pb(Y!X9u_kWv?=>YEGiC7pkYI|zK|laf
z3Pp#=Ne`ZX91n@F>+8F{uM7Ej@cH}h$|ETtk&PI|N@*iem~2Q{Fo&=w%+>ksV6x5z
z@Xnvv@iEUyD0nYcO;t{bkg%9ojF84vrL$!!l(Ln!Ygg9UM9i{eF{CrbYBn{Pn?xgI
zf?~;u^8Nnbd-LD#o!5^CBRkwRsj~+4_-bn*&pXl&4ilex8kfh)_2Pc&+S;$$uk6a0
z#fugaLubQ><J0f=%~N~lA&FK3h^$zm!^tP_@1gRP@M!7NSbB#fN$^jVnkpYprIuEx
z_4!|I>a~qy-sjb8dnwZXIjk~6b6N6WU$6^9M{p(1nehT&2j*FZF@{qxVTVaq*YEY6
z_50tJzeyuB(vS*YAP)K8DPAX;WZEn*h5Y1eJb}M+`H<P|{$g3IvM9YF5+q2-AS8*E
zD>kId-P+w{Z7Hc`Zr0SdO0=eGuD~c|;%i*1y4syXLIy~YK7VVl4~axym6sp!Q$L4E
z1i}E_&w!vu24+v^+2;HF)qhk}TN_YfN{E7_Kw<a^4upZ%`}z&HzuB9*58!DkVn&l>
zYv!$gZTD}l=SDBW{P|5Gq$O*&r)IKEIqknA@+fkspPck?9A{?^*)k63#3F++WW>y6
zVkvb?snYF)riH5Mm`6(hz``pN6ss&HSy)Lj)1p|#9V)?5iwRDciggSs7+|W!I&>4H
zz*a0VSf*AMB}}r?*45Igs~DOk4fQEqVyKykW<(i>SdtOOHYZ~kos>3Q252@Q9NSYG
zHp!%osH;+Kv=L;2fI$BD`d!c8Zg1WNH~TrMI!~sKlavq4MCMPK{7=zhkp>J_F%?8$
z#bQK%q>!HgJNNI0_x4wpjJKYBYsKq-JLP+7CI&WXQ5J$UAxRcQ(QEsy_f*vqGC>$g
z=hN0cOE{N7X3*QFbu{?8h54@V^_O1m>Dd`fm4-tpl45Xp(&)vFMmmgEV@*SVa7=LK
zI7W>Cm`7kpwnD7CZI@fMEt<<UODa=cE!NGYDO;s&sV%mwm6i&YFi0_oNX82$Ou~_Y
zGkdbRSQ)OJmO}(q*-QlEW!qF6F2S);y27QHNHZZLI=g;M`P0{@lA3r}rr&&J%-QtK
z<F(Ga_kLyo#FA3e1!j?$&21=bREb$7`)bwq?^V9_m3HM=0mexK48H!}PmDo~K^0@7
z2Skww!Gj^5AH1?rG4Tq;o&9GYnR`8|>UV=pESSR!D;85F<#yY$mfddFR%td$l+>E@
zb-PHG$yAoLEnFFi=eCJAcT#5AF%hK3h?+l5Wt|YS-#yHxvRpq0v0}s#F*7L|DJ0o3
z5>qNNWVJIDjSSLQ$yFjE#Zh1?{DA=d?`OuI4j)Y$OgCy%Q8$aH9Z{iWQ5y^!j`gQB
zDXr+(#aCv;TZoqhGcq{lXyhQlF|(A+qA*D=pw=*hjUu8M6G_aZxNaiHdO2{%K(8|0
zN*-4k0Ro5-TuI=NR>3D7qG2K%kPwN`k=6`tCcrK*4UWn&f>UXRuCTE~KqYe9M7UME
z%$ccMn=?j)rD3fy>q4<aG?|8&3<;tLRiH?Ctq!%6;I(7JjN>3kT_-tmEl>nShp5L{
z4xNlALLkVQvd}J77l(7h5*=}agS3UqyIY#<?CT?ghycu{s7p--LQ<kY$bjieBH2>Y
zhP1dg6+xphtTg2X7Q&;V(IW|B6KEn-p%Vo#uFAkFOFKw8inokuNnf2Bes}ov^(*fT
z$g>Q|KDxm@-=u@*I!ieZ0CDV=w6LCTbKf&k?0uP!D1)mL)IX<vw*~a@!I$X8AY^XM
z;>?I#HhMu#t_L$SbqQ8<t_AMbT0NTQPQn36<~s4qE4<@xn!k7f;p;(yj(9GoGPQ@&
zaJ}85Y&)mEYOzyZt=HGx6Axjk%2KyR3fg-tam;GIuKKt~T~M9#PSwF~!CxugY3xaL
z&I%XBZdjmb={|dOr5(qFbmJBgqolGgA)e>X+^yVK)v-d>4z6}=ERTvAiDh?e?5w`-
zonGHxhk=~+eF0ythJK^0Zb-B9&p6fNtn2tzC&gujE)`ldbohOmB(@M*ekj;;rV=X3
zR_WgF-I%7D_AAQ1@uFS5Z%8H?HI)h@8{Dj%R8qE6NoK~F+l#i+9v}idKsw8_r*O3o
zWv@)E2F{n)Aqc`vVNaj7A+&|P^+KB*_j>Ra^&Tk~9%v_OZIN3l*r^;Hg0e|2*$WV`
zUk(*Ay|>6lu;*>xDzGA~JM77NkAaL=f}<4$7^5O;=J)BXywdZ{ZzJ;*e89ngWYxad
z6BCo#n-vZk4GYxvwJj(*byGc5M2U^+5O19mK=)zQnYwD4(Rs>h2BNYcrpT)q6@s^H
zuEi+U!f7!qr*7FO%}s7>rV=GOGh9tTix8Pbvkoe5qf=%vQR~coi-)@Rz0A*dEKJa~
z(8-J(Z&q27RKe#rlPwO08RPCtjmggz0~BOD4V?}hHU|j@d)aTZ&03aC!;&}Rr$j_D
zXkxb(+wyf&GgMJTMDtjx+{igatc|N*F||Ghq2nJ9IzAY5<lu~(CU`R@qKW1o7h{-L
z-xr;Xz8eyrVA>TC6fx#odBr_7rBzEs10>fBuGOldJENNU(%jg@OdfVJhWIE-CZV##
zXT2OeC~h7CP6o`#B8)gCfJP?^4I15BhQv}**a9LVl52bTM-r1ZYlE<asHp394URZ{
z5JDY?N$g1zb=8}hTTG>-QQ4irx(*36GLHrn(NJT6oFtG6BCGmu+Vk^!`|oXg=<6};
z?(UX!iBzjuX+G|KVL#8O3-aBU@tv7O{2eIXG!ztSqsacnNZ(rB-r6jUmK@8n>Ke1@
zZ!ZBGgB2M;-`tN_kdc{KGoAO}cqxa+z3K$^jUg~SF$!zJFnAxinpO>9yt=F4h(7p?
z1P_-qh1ndEN`V_l8eR!4NMMsCW%;1^ReClWg<>S(i<=~N6v)yE^i8BOD1S@et0Y1k
z%v=-)KWp<4KdP!cTrb1OQL)xC7s@5ORbqR@Fi5C`g<u*<5*zbR$Oklr(38kBED;oz
z_&0@({d4P<fH)_Sbnv6>@D||lJUU>enn9s2kcIk$m%53A!h}HYyok{SS;w}l7-%ka
zS1504-)P?{67qI97N|mc-E2Voo)Tz1y2}LTJokS?5lynSwiL9JNe)D*AWADTOoW~7
zxMo0Lg9#Zt{)fk!v#H;-HlCnwES`|;ESQ{Q8T0QU!Y~nt3?cxAaCia`$ZHx4Ia64J
zdpWj&1RM@WVGI!jf@pRiO_Nnhq^&Hie<|a-yO1i9p;}OU<lI0+4kS5D;(?*zQXs}q
zkxEFB5K!j?*uHdK51lE~1eq#-Q|dg<a1H~C_RjXG-6q@2#`c!wx^%0mu&I)*wYJdS
z7E!Z)bBei&FpZ<7bYK}$@#9zcSL8_&qgst<v}{IMRb`QuSY=AaOvTC*)doFy`R@H4
z{dqh*DIr{~V#rBM=49(Thf@P3l9({PyvXk->Ek!LdDv<|-jDZXtyE^f+#?1+n3e_^
zQI<<4SeRKT_Oc8JpHDgA3#&$ab8A>r1cpDZA*@(W)a{FVD`BKsG?iMatzEF@7SnOn
zYZ-nv8^x5^edsk}WVJdYqII`>Q)S;XEX4P+wvAiMGH5iNEhxgj!*9u>YeiV7q^gri
zV`QnVOqyn-#TwB>C@O%mK}Z{b0se=4hiCisO@DV=#Y~E;H8ez&!?7^oid2SKlvZsl
z(L}?SB~_r&b=`B9PL>ojyxQ?(K!AYBJrCh021SPL^(s&ICi+m_=3Dma^DovO4-+h`
znHCl!Fzt_kK?b4O#1Lx+10rn7kup@8OKB@M+exb*)4eQBQDu~<Vkk;lNfxsct9Bg6
z5S^T@K#HTV<QR)4fQZon9Nf&tGd5Jy8C3mIbe%4TF!W!aJ1ezvzIXGA<h|Y2m1-S6
z<MZ*r;O^(ml-ip$?_spxttwWjEib-3aGa+n=^v{pmL^$@$&}1iQyVl&W~OY}rfM}U
zGNzVoCfM5>MXOO!B@}FGlW40IZRY@QyY%<>e*SCv{dK*5c@~mLh-Wa38%@BIpKf>I
znjRa&{mWRS(<y8=Nvl3R0iOgE^N=Jy7tiK3QnWWCtf_olRibgxI#->{(3(@!=}xKo
zle|0GH%&(FeR}OX!ZN3D??7u4Bxycr4F-$MIkh&!D%D!UFv~@z78a8K3vK$7QEeF1
zX_d6fjkIlwHASKgShSH*fnhZWN&fNrc;)@C={No-<G=8D8$By)TC9+Ys!J79sg{Gz
z#twJD`|~fqEZfcK&I8dlll?VMk6Fnrg-<E`>g#Qd_+!8zh@Ss~BWkG@8XF4~!6;Of
zA^80#0s*LufPUS~EfuCQT@&-x!)3W$6R35}uWM>n@e;sIZyeb-O-}SpOH{X|HBC8|
zW*&LPPE^?qqVxFJLt!*cv*-LmD6vQgsYS6^)@-8{jZ;X*(Y7esEf(1|Gg~FERZ%C;
z7*F@$&+pP7>%aDA?^vB#WeaIkwM11|w0Snz@%iG`Cr$FX9lQERkP2~U%4~6BB-$H*
zLqNhK0PrY(z9C|^g_d+OBq4$occW!Ez{)>S(j8)>6uM1m2Bs;Jnl**v=Mv@_Es4xG
zu{S5@(@AK(`Ripj7VY=>!Y)GHy%S7K4LR#+yAg`t=zY@CXtgC`%{0=jjjU}ZHccig
z8)-C^MY2k56_T|j6h^dIsyGqbb%SH>`{(-Q%vSyW7!Mzx1|~&y2#E;`BM|2^GC;Y?
z)1pC|5wMV=iz2YX&V*{Hh_;xK@?&%1=iayLhrZMM?$pwCo+?kTbjkkjmp98|v0(uE
zf42FAQ5WDOE?o%AH7zm>2?$jkieT*Q18!q&Z+tf4kK()gyW+Ws$YL>!P4Rqlid?W!
zl@{xncYU4U?Jm{IIxDLNBesI$=M`M4+<CpKo5e9JYvz0AIHQ&@n^WiRF_RgK8jVIZ
zf>N}aHHwoPV`SPiQL(jTwkc+k#?v)2iyDk=yxUuR1N?`j|9=_&|7rYp{s{#4wuqLn
zSfr)Yt6A*W!SDEdApOTbJ2|}g(0>k$5O(qOo}Ku305?a$KZn9htx;YUWm?9z4KZaM
ze#P_kt|`VTigI42h|)DKl<N$atCr>9$<`+o4pceblGR_Ie;nWrD!o^JS+s7&Fq_>p
zjWJUJzd~DW8?jN9PCs?`jKvv&7A;Y<l?-gQWg5(;R>i7K7G*}In7q|f=cj3ZP_Sg5
zSy)U>eKoZ8KX3jBNFmYhD#{@kXq`1mBB1B6gp=<-#Xg?X<2mIHCbUQepINl)xpkK{
zjkOjHu}K?V)n2Bzvl|D%_&D8t5L8`QnrpqyIE9$T)if@*j~@McJSU0c&HLgxiHiMn
z7eeQL+aa_y&NAV_ayZ>w7}&R0MBbIC)v3OlQrfPDzHPP@m2UcFey_aAnVDl0#L8sE
zjGAPXB+`gYh}2QCk!3w?wY=(c_lNJUW(W9$Cvkrw+f+diV-l6T0EheEEB3HWRXeI5
z?MbYiOino3s;^ByS($e_$4up{2Gr{kU^V)=gSQT0VASW=LifZc3=Bfkh8{DVR})K;
zKK6##sbGz~!^6HOF;)|Lrd-2mHp41&Q$?ZCtXfv9eBYd0ViE`h(XG;jeLv7xiZTlU
z0g!CUDJ*0}5=blsNU-FD5BB}<(L`x=bmoY^&8%@iBREWiP}7JoK@it~EOQ=LNVhkL
zGjuN1DwBAn#t!yVA*$Wo?qCK|BnpdLP#YdnGFrog1%Tpiy7JJlAnR_JpaNDU7Rr+V
z5i)@U3J`%zurfHsAX6lG7$gG)ZIa1mL68w#5<`jCjj+YCzy=BeP^1K4;8lxS%exHK
zvp0Zdvez}4p*OI*%nTS&24=9CjSX&&SQ^Q^O;8Lik)?rLBn%SG;f73f?|EG|hm3}s
z4;UEBOtgbxwTzIPLj*#OSgBfOW@M@%m`dauB2c(<2$OQa>p@(KvCDy@oQ5sVa=2WG
z5Q`iY&T+$nP~2u@!sI46hGd}Qm>Gpp3vC+1nsiafE>UYF9smOmj|Rp(U^%E-7e95p
zGy8hx^`jv}`@Urr9$znzBxDdD_}2Y&&0G%7dpwZxWF6~TJ>lOuiL0g}KEs)h>lQ>k
zpJk~0{KV%zLG+qsb!I8dYvFu7Yul6_PXTuHUMub2KU(+Sb>m99cODiD`|ppbJ=udW
zW(Qxr1ZqY}e>!!U-yh#!#CN#()uUUbt00M89MqX?Usc}xqp<dG2ZIUN7hQ|2eT<CV
zAo!;9nAKU8hO#7jswS_+5i+!pYT+eBj4!J5m-X0CF)<)NkJaR^5N5=;GjNU5mC(@0
zB>OK3jZ<my#a@-b(42%7w8o?WCgKO``mBAi^84sDYZ_p8G!QP^5<tCzhJ+$R$m|=U
zD!o}zG6yPg71jr*w0t&IUCFj@-%q#q*Z1F!iYc)&pXWrkBOjcS!lCn0P|F(NExRZV
zlu_Tgo}=Qs$4FRo=Imshbq%P{bzR%FJ0t|wh34{<Lh>bEP(cw;_9)-hwJqaoNrtaQ
zt8^;$O62+P-(69Ae3TEz#8Z4(3?a$19o6>CnJN`yoVF&xUuIR8m)VZTQu|o+?9gy5
zB8ov*Jno&lRtrQSMpVXe^~$kb%WZcmMQ-I<bcLh=BON;p^@0`A+7!*#+!bLPyYyZ3
zSKaT8bg!eW%AsJ<><VW?4_%v+ls7So<Sd%EZmN>HpI)sgy6&QS+1zT`7s}tEU#30g
zJX`dq-J%>i^0%*ZzTTfz4c+;?%&t<@o(BJPfPQY35Fro>%BghFK}itR0~yVeZ6%Cl
zdX$dsQkhF?$*#7SD{YmdO*3sItboGUpu{Xy1qK5Lo6)nr`E<S;^C*2Qa2N>m5|<}8
zD|zC$Ajc7%gMeY(jeObhw_44u&O@|AwJY3Dj$QjL@DVIZ%~e+&Dz)<OUr^_TYc^{t
z4j#1I+?pq~1a?+4Zusk4oo3maxXz3<p6=?NojPGeI@!)oGt*nelcgLOLBK%-9Ga(H
zd=1y@$zB_jD+Pj71UswBK`^}DdUWO`8OdgaSb|A1EDmi~Qx2}gL7Uy{8=2Dy-UUNz
z&&0}acV(HZrJJj_B(zg5-K5piO-5N%$h)?Ny6B7$1cexIK$TTv?QPy>e9c{J4-A+<
zSi&q>nj1HeStg-^B5frBErB;MKtd#vNMEnXwuQ@t5(&&D<}{K+f)++VZ8sBTuz_Nr
zW#BD-ThFtt*NXE5iEm9x#E`P8X7RTGqD^2LG0{(Q*9QdCMxmLRLoLFDb|9+?O!#Lr
z3!Dw3P+`Oq!kBk!Ns??u6K9*}T)2m*A`2&1m1)p%U7O!gY^60Ya@}iJS+4}@5<!L=
z&KA%ygy2cEQ^5(45>6gpd=D_3jm{CImr>)fyP2llD-6L(V8I<|bzHKP^kxVIn?)ft
zRI|4#mm?9us}d^FC@Vax=CsD40`e^l8oC;6WmU`@AzfQyZP}SAn5wF)-Bj!<o~4e@
zQk;rTcyB@13K^|cd*)X8mn(B!8K~^FRf?`+^N4eT_0Al*N_4$dNvUB)*+2~rmrp-;
zzg~R&t9i*wB;F>9Cc|MU1@L+3xN)wzYoS!+5HO1@93`xgvS9@Xq6{XMCj&+x<3b==
zWym80K-(y?3neBLCBXs{8%_{lfk;9~G)V-90}dG4P9&6#EOG{G>+$>fI6e4}zX&L>
zMcZia)$)H#%a858>+XMZ+krr1y6b!N`*#m;<cYd`uvzS)8)vcKv}JD^cUrF1%IUp2
zjF)?Pxi5VK2h+>f>lZ4{?>+}j?$;@osdY`QTD463;V#OL>+yX9fX}E6?y4BJzWWw~
zodoQOO>OEY?lpp|7FskCNIiaEtyQu^s2rschRznfni*t~@6>jUbZ9am;a=N}RSQK8
zKOFoh?SO(vr<xwGW)cG+@aQCXt63H|5*~-b3(R8*O(9mS*g7j=5>Vm^5a*6^I`C%b
zD|A5Xrq7MEfXD{K<|Iy0-WxR+^t39>D-4AM*g=nqo_VAV1w%m|s>Gj=cVf80FL1#d
zM@`U+r?fy7<m!ET=puD3sP-nYP*7+hllOslMNEdYxDw|512mA3+St~NDXY*xVfx7=
z3wu|@czakH+W_&O6bozGxpZB^L=)S2LSk4!eB4Opu-=EdP2wJahfF;N-VH!V31mo-
zVq~2tunbCVlO&C-(#X-7xYmyE0<#alZ@zo}U@(0BSMe0A*{eEQfhJ*{kW{EqCJ1ts
zhDd7(-6kZExO2O^N!McJ=A<d5L=mddRJV*{e_y|`e&17QRPb_0y7}3ut7$%zu#les
zJctRg^hi|^hAoz6DT%5q#ZE;>EI4|HAc8w_BQc*6HmoK>{f;sBm-#5G>+8aKP00(4
zf|-h?o%Ds#f()3FO_Ox<P^R#bGXx&{)6IBZR^!Y*yx~q(C0Rt>%#HSW+IKkSiL9zJ
zo|I_OH5dqnoeZjlW(3SZW)(H@xhB}5CA+GOp(W~5nb}Fjaf}^*7uz!`RECmmG=$q*
zX(FObV=BRnW@Ow8?D9wP_51zj=Q)1A*{~Sj)$mrENVO!&C{U?GY`^~ikni8`1|Fi#
zv+a^oUiq6(sAn;;w)kQUgZy7DEtHK!Cu5xHl<9{|Q{M@*2r#2_pT9oN)b5*k<k?Nd
zzd5ySH96(?#W=0F-#DC{cxEjrX;)Kn(zT2lM{logCCPct!#mb+IGm5({ji%FQo>Or
zNh)R-iZB&K(Eyz9^C9>9{y){v(|G1@z5Z-$Y<S+&tqx>~sB@@BD5<4&nGq;zYAF5~
zz<!6cJuBlcnDxy)R?h|BOXZHS``U|x=x~1@lv<$?%Mw~C*NwP26vmk@nN_q+ME&h(
znqgpSa%Fva`t4VBft5Ks%en2_vhNi#R~_bxtuYKl>ULtz_ETzlxK}-K9I+UUqoV0=
zL77~eO5PEbO%3H}Mu_Qt@5>q_NvR^iWkGq{X}_L)%srML@6!J!zrb~K{vZSk^LE0t
zs}V|!R+Xx%x90FaiF_mDzmG$Da(MhdUv{2hrw<FH={^Xn5rUXB6h&pc-{MaR-0mYg
z&h6k%;^boIH)CUHxmdG4P77FKziUbQ+HHce4gHz<?Z7z05Zw2jvFnO*T1NDSp`z(^
zSY+#&yX(%-?*uYQzkeGWJUP9iV;GyR-m+~sV=d$SU&W#=ioyXFj7DV^Dhz_K(If-=
z{qy9w24D7mGx^O=<~A?^`So9kD~6SJbrPaO21;ttQxXcQs34BQ7Ghdf8763lWOWj#
zp{Eio;i9!9q9P;w`g;6=_3yiW+xyCR&Sjm~%nyXXfPbSERa9g_>48^PW|W1{m1r$5
zSkjtxiJ4|HSAF)R;V+KaqO`3(JI}5Yl<nsmCd^E$&zAamsjM}@93#g_b%m8Wx))et
zwfN9zY0p;FHzQ|rMAW~3Z@5iK2v45s1Mlx>YxLf}xvD+aiG>(g+E}ubrg|Gg!T$a%
z`rX3JzfZdB(boQ(@C=z0Q+@~3w3PTZ*5GF&b%B`~k+QVJ#B=XIJK{N6CQ<k4rA;we
zRo(C9=M}~(j8b*dld4X4=G9xO^rI{q_ul;CUi8+s%DT=^yy3~U@&~k+ljdQNH{cWa
zzqR~jb9?-h;SkU5`gn>elqxMy(NfV#O-tnW^T)q_KK47L!H0Boo2Ak7;XV=~cp*wl
z1W*uuiz}6|ls9<Rv0)IdC8iN(GAxZKq9l}g^Uu#u=v(Fx85n<SK{uoO3UxZ6e9W9I
z{`=h8XxB@btv9L1=Tp`%x*vsCuYZ&C-KOyS(R=0O568_(5iMyNB0{28wX@mx+vh*C
z-?xV-Q@iGO(EciXD%)inVQ-KOL1Y7cA+Gs9kH~#vH2Ppd8V&sL-sW2-)(kv=wz-*z
zb47q^QPx%KCPT^cNhi<(XWf2z4}qg!&mi&6ePg%7_usLh!i4E2R|*mZxhCmR&W5?R
zHo4S7xE5wyiBpzpU7^~nNl}!_prKYKbSf#4(H19hov>WRJE}F%9o2LIQYdZN!{bvk
z25rW7%Rapyg0t<#)sI29;38znx4*oNusM{4bPUA;q9ux!lu|`OqNs}S2%)$|HfEPO
z5ClVn-<x|LNVf_6M<8p{Kea=YH<$Q1OvBCS;Wqxm?2v&!07>uizCX>q2Ia?Y_YqYv
zjZ2nkNhnvY{QJD~#ctETmOPt!42H*(;?qT`YA&6;TdQ?5HJDN~q9~s}R{l1ehr=+}
zxK5cw-6YEVxj7+clnau>VjhwQ$Pyd*CeRxn9HwWVwHI46TXIZeEe)dOH-Ry86MNp(
z+bKy@h(L(q6*kT?+><b<4nSZLwV94I6s}>bnlhD8(nW5wOf)3kYg;x&+YRR7h9ZQj
zDj23V7gP*X3#w@}tSdB_nMPA=Ht0=)pe(c~10u>L%Yx9Dag4D62mm><$Y$)7At9>o
z2okB58@6s-&F@;xD`@W~0_#N$F0&-T(*V&@noF=VdLfAmx<c)s<9Dk!w?Y|$>wCHa
zY-ZT9Y-H9^M(XZrSs<jFZjx&ZP>Z2;me39yxK)-dg$c+ijS&h=BC;uDB&2h)nujj4
z1d!>7mr*9Ms2Eflh$|})(O|TJQYl$PI79aLuJ-5W`=_@&dX$jt9^m&|R!HVL^To&e
zzHv8cp@);ua3_ZEWUK15DLR0A!>g9XVzN&g1CifOy+=E1Y~-x!BE4WU7^=Oxp7oa4
znlu1<)`6K~D{S_(#n|mp3$b206Yv0d4(GXKSqkYIx1NCaS6uC?*Il?DaB9Ku*-{go
zSNCTaI<#NGvskX`tRcTdY8rSKCLX007jejJZPS>ekMFa-Ykmx6-!rw!bHta|^ngiK
zoay-JgQD81H=6r<ya?*N%EiK38F6UM=<`yVDJ-FTbSCs?jBYBsd5zwTOkonI+usw*
zOrc^fm4(!<-07z_s<Y{P_5APKH)U4{@{hZtrJgRmx!u*>TfLV<eh@AedhAZWpv(I1
zIwlIQmTc`AnZ2xCC4Jj}O5@F3%=x1g%bx@a0sz7U7(oOld!Y04U9SG%d`ijLM&Fu<
zgQXG((0Ix%R7Hm4^})*SoQIFO*N6*fY^Dv@JodM&3%fQNc?dnBXC*;`?{76_3pZGe
zZ-p-E1nG}=33+$2*SCVm0Grq-aOX}8x*Re0i0YL4Ok3K>AURx>vH%oj6WrM!4hy<1
zCbdS78{y&MD8c|#4IavmGT*2U;2_@s2%RVmSQ6HbT)<zzQLw(Y_<ia)F}~pgRYX$`
z2GPe(y6w$&?P`-Mv1Lp!ymr+d_33VeyT!B$D-;nCG6u<*91x-dwwB&j-%f<=hPEcv
zA)L;HtuQRQGz}bUSP2QSFhCR-N+_Z$Gu>&oLMDQ0^0w1iOt~tk#Ab%-3AwR74X3F~
zM=(AW?0P;cv{8h|m91BR=!TVslhL%az$Gd$sJfY33?WQBFxG3d%(+j7`rI6caZjXr
z#y2|mW`xk^wiTXnr;bOqo1;`@JJ`ny9gU%DYQ<9|*o2176q^v4>8Z`ztk#7!yBbvM
zf|khkMYxJ-l1YVDjL^eMluUG6ni+IF1VJ|8YdsiUh>bPNZNR}1J8jj>#{kSSyvF^V
zpPOgvzQIOdnVY|2XX~w@U3=GqYiwszjAicxFdJWeM)!S0{hwv$-+i`0)6%erC4ja{
z60;qfq7QKS+)rhU#qeh{krpSi`le>;xqvF8^$T4$YJo3%0Z>*{eh^--nB&Fk_s3FH
zhhAd3LaP3rdcujI9*ht$2q64`=77?(dA@C!0zf0X!EE0Hh`%r-K#7=_qi~-VhlG(5
zNIZbA!dv2nK#8gTBT3j!q97VYBg0T94l=h2NqrZMu>P2Xjn7|oG!(+hT+Er~^EOLS
zaa*}cB46SkYyfuD(C!p|6Bk$FID|u9DnKEHlc;;REbYx2$ef^P1r$2m2WXEg;waQd
zVBpip^99s8EjW)Fbig<Sh$(YC_=;{YZUmYJ2qE6ALs(_D5>thSa1b}z(5Ux7@CDcb
zLxRh&0t*$xF5O&&y}|Q#Xki(NQl2(5LsrZoz>rmA*UUlHXjmkX`V5~H<ckbWsF|}m
zmWM2ssUb`I&%K$*!mB=KKK$R)w5GLlmKEXff*>G%ozlv=WR(fK#~4iJVJbjX78BmC
ze;Y|p)ME!^W*H<t>n2Sm(i~*3&2i+>1JRskZl*xQfi|3=Z*)C?2gpboG5ql-(fygu
zlz%lggi>XxQ5hAu9rM@H{{GiK``r}P-`loweeU(I0;^{!MD!1&O|y|eKYb+<(77pr
zJhsvU0IY*-gAifqf!G;gZ`NiXcec65D=)*Zy-zmDb<*??p<IXG!|YG*-;~Wj`>FdZ
z&u0YXZCPm8#=_FrVuV35DvXH?Ld6U#LsV92S<xj7nL)}XMV8hYEG$grQ=b77(~p3!
zhHUNinq>a-dDIqodIX&h=s{6b5zot0DQT%vgcT)=OcmXCdfpLA!)c(%klNu_Ps>cM
z<b2zE(W|7_zOSd|4m7!k&b!{zX1l#OJv%SH*{vC)GU%V1bCPKFpD5v@H2j(LBp;p<
zAAZ%5!<qVid-cvd`!3Q`GMQUc)e1|UHmUGBA*S}m)8+F$XEYc24WZ#T{QL=!ZB3(e
z5bcG=AED#f-w{AU=!Jn;8FJ=EQ~US#HhQQ$MwxnVR!bVQ%ySVu9odC;(DjRZhH0JL
zhK$Vzd4Z!nAt&GG?G#hT?-{`T8EH|8&@k0SrO{q|A@{!D!FFuE(1zd1B=hZ(X(x#Q
z`h5UH59{SYl8P9L=)+<~Nyx?uz=|J(>F`*4u;ldf52VrFbAkm`We<A)9FqOu1Qsa{
zuM4@Mh6(5=x7PR@9}i!B`|=+{J$L&3SK?JpXk4vZ@IC3Svro&d`{t*?KdN1Q^!f;g
zMl&p=mQqzKrF2ZDyZh8im3RSOClwrzD<YC61QM~t#lq6nPwzSa{`t`F_RmgI`MIN2
z*3*YH3>F97=+GJ*WRhX;;?DwdpVy2vzr5F3B;rrf5dH6VLWoKG>-*W~zb*Up@}!EA
zF%qh_OFD}~4n|EmNSiFqQp(W{YDB6VMCT%WKK%Ll()QmV{O6OK=Py~$FN7q}hs9`;
zL13sPq)922euS+$W~@U|VF_9xYL@6S5@nP@%*YueD-oG8ixFg45d2}U;0%l``)4*-
zY9Jore@Mc0i-TDWj0=RMll%IBYx+BaVGgEeS@uXshw^r&pWi<``MPM`KaQfSx@Txb
zl5&NWS+W=3p2R->M-P{OE!*ind;_09XGBg?LPxO5h_E6B^XJ`tp5!p5*uTcL0Kn;&
z@2%T@cItD*%T}H0Xy|-BbDt?rX#V}vGuja@j~j=*e~7VsR>sEERT`0I352z;zY9NK
zeZINZsO|ad&f(}1dp+zMq0pKA+#wK>W+j_+4iXd=K?X+~jfj`|KcC)a%}Mv1`rB_l
zYTtfawm5G3uS=_J#(loD_WK|Z@4c}TK&LhI)}g=4lG>IfQmtBrtsZ-Po%w%0PoFoh
z4No)RP(mPiAHsB_NVix-;TeoB1VfDdhjp_F-`O(yWavQcF30i(NPe6=^Q+5)&neQD
zV&3klh7(xtZR)qWavR=B4}^q0^Pu_hCxuB$F=n?nb{dPaA)`)cbfBfi=E`bnz;sel
zVVPK%WhgV42qg%_IU~x1fXA(1=tnVHV6jnRXxe6Mu(x<-S}@idcQ>_{S%S-I#UY@Q
zN?MXf3Lp?{E#M#)z;y>81Sk^@CIy<^SYkta(U4h*q`GKPHFE<<k%^X)1tdf+2+%BG
zLELN*nMB5@k~xk=W?_+%BSj)WDI&!LoLJmV?#VD*q%;=F?|B)UrIT8zlHKm;O#!zA
zG9?5N16Z+TN)n~Faz-UuD|beuE2`YXl3WrX%NDgNFrbwtM<&8VN+U?2tU5y0(Auil
zrnN%lRT3_)56$ynI_2Y%I?DXg1fhfT!`{IJ?{gmQdH^}Az&hV4-t(uvZnr0C_1Cp7
z6_yhZOjL6*;I&t{geTr=yq~<Xmgt*%WY!Js69}H}6*sX*o3&3;B4Er28_Ff<*_=A!
z?+WYALz~L+#MiVhZ0`BreSFwdk`O#V0FYTEk{)+@6NkRp1X;ac^3Eh$A-G*_cjgCI
zDgBy$v*up=KCP_JzU*Hub(Nq{`-0Q=SKkJ2@3e)&N$}Uk>+bC~56o7-s`tFfu@p3+
zj?E#4s_Rl|di3U}eZN}PN`HQX=eq=TLZl<&r+2&7{*ydOo5|L^v^fInyzEHco1=d!
zyj9^-wzIBw=z3X=_4XSL4#YiRgW!NZgey5((UR78ZuY_T>#>4`oAL+k6sYM4<;MP=
z;6@wV1`FKGU4yE7K3zzx6-<^14fOg{g8ic7g%y;PBMdNEA0Q+I37rKLZ(@Yp3x(W%
zUY&~m8Swj~z<~P(RV1m~!XW#0#l5qKX)!*%zCRS&sC(*L$&pE86d6`qq-xb1K<N8r
zo9@xakiK|~@xo8av+nw^O0DzBC0ELTm15VLG?IOI{yy@4$5NE`9Dj-qs9a0pt=(Os
zHBmR@NclBB#uy+q+q4u+&PbMgfO7sirQcWYdaK#m`k2PG;sY$6@+Zgc6=(0S>+~qQ
zpJrA(NdmsZX~vIEg808ZzOlWgD;DcWwcS?lHQ}Va4|3UjvrCnr=KPwqXEfH+vtLr%
zhe@xvGS{(-s}`j@yx!yW_sile?_C97RT6gr9(1_tYko^@1~b5gkff7uK1`5YrjaV9
zAi;(bjUh5sR79yD%os)-8H4~1U^qr#+*x{Z$p@b93gT6EN+HVz=pvOLkhwt;7#v0I
zlbhAa?i*MO&^p`&XNJ6Z@hqHk$JQ4vu;&2logD7rEeCf)!t&T&Z=GhNyT5pK_lK_<
zdexdW=y$&B-#2~TJtW+n1oSb2E76=RXOQ7p54nTYW7<VzBfVma8>|{~ZX03hPNAfl
zCl7tP4ZfZ4O&OCp>+ZQ9O9M%~DWvr@?A7KOkiDUbp8UQuR9<rj0Fe$@jHfh!@a=EQ
z5GOqxCMlI*%CN&CygDb>Ut9IY>!{a7==7YPaO$$uFpC{ETLjVA0ledBN4JyQ4Plw2
zGg+W^ihMk(aNJu|#kC~9<EJw-(9G7iuMx=UtU^d2)`CfbKN3O!YW>kj@es@?hLI@~
z0$|vw5aDt#H-W(hg)}&4$^)3ZSHer7_!oRQmow95ymdIyxpkpWgRw>O+vzR?@?UYc
zC%jw&93=#l`H16-8j<2sNXbxe0m>;!KSaH8BIF{D3<9(yQYmE$s*udRk{Eg>=#M#a
z=8Xw}+G@1JE|80SDX#+RvN$OgsvsOQ2#3JxZ5+j3D{@x2u1jpbnzXh(^O$AK@I-|5
z2>^b|b}4P3JC`zq4iHe`qcWcz9BXmR<hJ4}{6#cskAZ~abe?q9Z*<?k7vzD?3LT0p
zJXeBjgEiZ{X@|kJUxUA!oh50O+A!EB&0*==0+GYI@C~4lhk_alD5Aa<l5m1U0VRnf
zAOIed(6<O!{?;Nv#3A~RPbLaee=j^WnW|`;J4XVDBp+6QUWZ1rAqp^$#d+Q1a78+4
zNeD!WNIsP|;b^2z8i6UIn{6iW)izpSh#HlRxv1sKIJSy->*q7=VgO>SEOxzNjqyFr
zw%W)@mqJW%c48^ZklxComno#$qABj^-pN4L*kn!!OoW_C6h!LvB<5(OoEG3EYeguW
z$s2(J{6m=<5eVgEnwcxv@5mj#caX=-rW`mQQ8WtBL`qpr<8v)8V0_RfiLDsOmIBEM
zBypi4Kq(__pkp9}PACgZ%rTB>HIpVvIaJ3#jT_kM!KQ0Q0~w-5t87^^2*YzEf;=Tu
znUV*KBoG={iV)hWS#Rt0avu6kgnj537b#r(<@eS)shMuEWcX8k9sSond%F^od+l41
zO1A!wTXL6h>={U4G%=o8oO;OXlPStkN1a<#7(*rM=(=~9Bn6pWW2tn@_F1jTqvdle
z>)zgi7=8}=KEr*FgzLH8!%VUmhM9JJ*s5P9JMN@(EdxD6gepE$=~*Mb{ZN|NWU^3<
zX}#yowS%+tk%TWVfgbSC+Y9kugshSJT1g<3+atwb{1I3;g9VUU7EJK>viqj2BjPHv
zk@z+qSJ`$mRaqZmCsG9cv{uk52pm_@u;g(#BZFH!CvQ+!4>ro4&hK9sj`NHq3k-;#
zm??RUpn+co-j*6nmE#!XCtZd9hk_S}!-yltE`bS@F?^u5Gf>Zvvcs=^Ufi7D*#4>*
zND%Bo?P>W%Q{})hWoQ@()E;KqwhHli2g=Y;FhU#LC5PyM`_<b1USO=pUnJ#FC)|{P
zE%+u9PbzAj^-yyZgP`L-2Ke8;`)h56N6k1ow*_8J6kzV_7!Nh%eZ-2KcpQK|9e76)
zeGh=5&EBE_2P&?pqySkbv*T~O?OmSrcC()it~I{<V>Y^=B#Iu+!J_&t@(A2Q3tP`m
zMA-z2UGW7o-+l8?eemMXx7@x`pp$+=#i0!wg-+BCHJ#ui2rtV#T?;!s_2-T6@bL85
zl#<jnX2Y~hM9#A^;u3TV4roV2K!x1l6S;8d-4V;U!E-ubXo9H`BBUx-S&3?`mc^%^
zj-1S!aPy(PbA|BEX5k+Rt?pHSKCLq(VkQv0Y;{gxl4y~#)k#9NHc0?)K#;$ds*2rX
zm|d4_(I!I&58pn+v+l>3W-F#sm3OUGzG`Uv%Dee?^yf`Gowb49pL?x`d#yDbDDO8n
zv>flWcQzTXkOKb!?f#eYbKimd*p(4kDp5(93Yr>szts8n*MqN#+dc1d;^^Ooz7l#f
z`dMYAO0Bdr1%+uO^eSsm^b?dkE{wm7A+mpS%|lXjq~k55IrrS3BqaUm`Sa=I58uBY
zUUhpOJobG&WR_SIh^k>#7?qkb+O_#SXTc381k!xfJr9;^v^`9BM~m2Pet4G3twpSg
zH(C@$V1mg71qGA9xNGO_RMbC+e`LUyTju7u@Xr&;^}yDlg!n=Sn)CSkA9iatpP|t2
zMA0l-29X*Ps#r@=ZLfs>TYSsM*JIaNO&N4Y#nh?04@OLZ@H}!t6=@`?C$nfwQj}5!
z20-WBC)|{ux{_;p43Pa;KR*NVwD8ZZ3_xUp?0U!IL-pW17|)=bhVR{b{ARcIc<(M-
zc}aVG=JFggQ9p#PB#~U2VU$@*1dSq9DB-M1iwRPKqnNVc60K$sB$8!T)jC2zTzBiR
z=cmy6@870OjTuSvs){iX_#{HenO#{1n(4Obs_CgG3$2kf<94Ca>u#1|l1j2jiLJuv
z0#Oodj={fpF%r<VQbe;cLt+{hY;aXfaa@K%n1vK(B&mr7qT*<GCc`nu9IYy~X#{eU
zVv?MShDVg~m}O;aD^(R7^WUIyX(zuQzr636heP`_K3M0xHcVly=4aRt4d^Go-(rTf
z=UzVkpGUQ!B81bDbWTNNS%z|rCVcp3&2zj{N%PyoW&Q&XP8!bu_)H*=>y<w(p|V6u
z?#MW4&P0+?tS6<>!^8Hr%%|KwC+|Cg{EzT*8$NXULJz>!?*2@E^IHDj)A>DXOI0aB
zO<5?kRVyV?C{w<9_2-4$rjz+TJe8gy;6jN6NdF?fF*s*KBe%PgSB~t#w>I2QmTG>I
zl#}@;u(+qh)PQKRBRBm4Oqc}Yzvn<=0s|d)!Vu@*U+=nc=l7gc`pV{5oVkisRiyj(
z^T*-NuM_2#yuVMmV>}Ip&E@nyi6ozI@RfPTcQy5Rye-X)W*CG~sEk;L@$ro&&y6E6
z{A>D#z&~>^mtL3`b{Yhe`_scd1P%N?eEID8{3rJV&d2KNpsh@zs_0z{AUX?1CrdQB
zA*s_YmPoQpRLz8_5vodKP}1gM8B&o25|RXq+$bn#!h!qXh{!Syg5x#({i^<d8sAZ(
zEdUDcyNFC>O0x?q3sAeTI4Xz$r)=i^&%bY((+q+A`v82J$ZE<LWiR#D*bqG7<aJIn
zz}7o-2lw3Xe)IL__2a*BH<Ry!Qp7AM!m`5XL}FDw>&_lS+0Qj~)2AcM-`$gs)lY;E
z+#eAXDOjUr@W_g&z*ZUkqp{RJpVyo+OrJEFfr0cXvL1hI=5aV{B{&{@k_MniNC!E6
zN=cYB%3+Vhu@VG7%m^R_U`o`~4+L2;;>Ad8#U&xofdm{_0z^cU0aI&&Wp5lIrW%A*
zFgb+*iBw8)ARL00CIM>+xQ0T($P-`|kR&)P%r*cX3lu?Ohy<g`q!%d0a55YrK<J`n
zb+HtM(I84op}IqHhO+L^%Snk5-idc?2N7nn%~%<=)YgK^?X<H4QH*%V#Z1cpAb}7;
zL@^doz^%10-0I;F^KN$=r*8YUxvQu+Js~JED4`n$QUOU6HAFa?Ng{<BsB}8XX`qOL
zVM(ym%Zl3qLT5Dy<^^eia|lqxu{uNqmWmrNgpi{(`bj7DuAw>TcKNebPZ@ttaP!^F
z80qfMz3%n_a18myUPtudKpqtdkZ*d}cAm=ncO>`QBt18qXEx6QS?1&t`+BhTUGu9L
zMPi^2J;m9MhVQG!mZFzLqq0Xaw63UnxDjAc9k1Qx)uy*-2S{5O1LHT~BxXtv-mV7Z
zv~u_p55;o9H^%cQU_scWaCWL$t?_wVR#JfeZVRf`Pr>ZUu+piQ@ERB2XE&XVS}7@4
z_Pi(RR(9-+A8hk~QC1ef0~NK?)7hL`qk2B}nZLhz+wa!SPQa<&LUfWo;|`IPowaU#
zl<=9WP!_|t?d7DAcjLWXPhzFj_NR^0y!$X_?|c<$@3r6GP_wdh$^ouCmAVJohuyqW
zInjOfH=i5&@|SPlZGBbSvSHCH5?A-r>$06>;d-Ogqx&Wqr9B!6Nj^a!FkmoY36;I(
zub)du%_Hphcpg52r4WW7>w2>BjtfQbcNLQ~9$ItV>ck7fx^j8zr-7ZZicT<hR-KqG
zuA3}i>gEXU+R}@n!o9eBE{R$c-Q~GiSLbH4Mzg_n^GqgLumSJ_N}__n0C*oUqbycU
zp;=^box}j9t{G#290ipE*z*ENbFM{bBw7fK%(&Sc58VPoy?l5<!yTUV;e&GkAmjlC
zBnZhFG*TWf2<JV>rOyF4b%ds^=NxsHSRS1Yl2fn`Jo4LR_BPQu0}K*?Y99Nv6wI_W
z4f*YEi?f4IQ78=^fM{32q>CPCtqg8p2Z3SWJm)KLn$5Q1$WIRQYkDTaaPF$xHaeO(
zbBc*f4MHY`8Uw&E4%U+2T_FNPDVIUP*_}reQkqI<hat(sjcqh?j)rhrIyh+K6)?#m
zv65iOB0;L7!){w}*qrb)TDJo=Hm(V*&0M&Mh>1lJ6rOELH{9)3+{`>3i{%^Vj2WFp
z;=4yks}o}$1EDleK6}%;b%wSZ;?esAt*m{c>rzOyK9}8{xyv2EXil{9P90U$#%$4i
zBqp-IKD)V9+w{r}3zbXmuDg@f=J;*o(R>}VcVBJMn4PB#+!gX6-7li3rDoj&pDH!V
zi&{54QukNIL?EC=*7jO(=i!aup)l}Zf2+;?Zg5&jv{X1~GItaE7+{&6@DYjL-(Ks*
zj-Cl$R|f-}B(QiJx}Q1S%Xq;`(`g_#jua??cKaq><4E42?6-Ue5H)Z!md1}aW@<fM
zn|~}A(xvPgDC>A}00J1%Y&bCap?;vRcDx1f&An?x>RWR_(S6?MR{BAaRmBp#!_EvD
z#0kt%V+K@(ewTfo^eD|9c<{1)DxW5FEwpad2KZPS<zyT#!S?;|&#nOd2Y4cN?{{Op
zJ*QPy?Gd3>TTrn<Qna>>Qq@~m_n)pOT{FUKrm@%Ehk@Y-LO_^E6ZC=OOj=4Qq9)v1
z95JH@3>Xr<`-c2|KXaT9#XD)Qk5`&^4^C;PuQjc%!*5=)>+F-JYvBlMvLAj!&+P0b
zi}N5$c?o}WRQMfzg~W?WE~QwcrrBAdrM8B%e|$}$e$xE+f#$w?8an9P4L07-ilP}o
zLy-uC2rA%<6k8E&lE0l@*KjyE$8H`#NI+7ZsW@^Pghb~KJj5s}R)B(yYEvQbd$ZkZ
z9cHl9G*dCwX1O6D=^+dFph?WkVf#?$vwPR%oqMm>&%%3XHLY1?L`A5ju_92_sFH|q
zu4bX36qySwER`(+$g0A{Qa<mN7WkfJ4!%#9yHCfuvsXsOz9Ga-{4%=TU9v2cm590p
zu3>O!{o%4f10`iui%i2dOD@$5c-J^3q68FEDG8*QFcT6$Y4CMFem`nvzjp21?CEB6
zm|+b|-Lsfyk`jL4pMG~d_h+9OtzbVyMP(e)L{6G1l`_*e&E?$k<2`41W+}i~CIkbb
zL=;t745cClq=so}C19c3RDuXJwhV}Vaj2;pVI1{u2Bd<<+ruEkxadwM;Bj>`y4>KJ
zCDM@0!v&*Q<Cu&=Sj7;uwBCHnf__=^O<W@#Otxcs=^WOyKD1_wXJjPrcOief_D|nF
z>YIF;{4y~rYAB>c6oIB9oiQzEB*c+UMW?Xzd-?47FV~^x$3jl{8`ylnNGfe0rqB`!
zeYXNuC8-gaEaXyr0*)RWG>eR6#s(NLGKK~c7uJ6wL(iw(O@6n|O=vW7N?H3@EHg>_
znwU~-K;!P@-1#I4@87Z$qXM4~aQ>!e7JqPQMl7)<64bOxtdf+lqVHZmTAn67arDt$
z1^0*a@5A5#fWznNwpMAgt4E`p4G1_TK@&_q-Z8Zrm)=|7&0DOd_WRal)?YpBo3~sw
z=^-rS4cJQtNE)>A{{GC-Jx|qK5UC_n1g0@&L`4`hL`w+__wU!;=jY3m=b`w=UXc3&
zc@+^5MPQ1>VyCi#3j_Mje|`O<?0>yAtr8sUKXVHqvvXy>pl%-^Lwfzs@7~~T`G0wr
zd3OUZe!sb*O&T;wNPc+r)#-Sjlgi(ZOV8iS>PaO^nzsHTia_<84b!RCOj9=4)smvY
zW|+w|F*k2N-oL&+x9^sQ?rHa<t=hF*rtO*$ed*O2c5hjxf=^)y=bxs(vs2%<591Hv
zMG;tt#Y9NOMLF;9o6q9=?yue9^)U%IyXMKB>ml&;MhE6FRx1>B0=C&i7C}kn`SW9$
zgK6KJFpbR43#^%0VPZj`eGh?kyX=5>@I%c*A0fkkpq$(D^Z|kbf+8{=?eFh7^JMc^
z-JQ?Qr^8|(Aq0x3evqmvMbI@t0<0S=N~Aw|!_#d)AFiYI+%r@OzM9+3_rB%aDbAUI
zh91HP;s6kz9ry-j83C~@nciilP3jtRZn9*d*_4185n=#Zv6`T^yoh3p1fs#El0!yd
z&1y-M)~uMD*|O$9b!0S}WisiI#Hptot&@9gWY+c=X_;+U??sbrZt_TDhN&$mO{Ct2
zqmVcafj1n$6$Xl&0U?Qk7-(S1KycPF(jx#W>6w_|c<?fiSQD=Zv4jXf;w(u369f<-
zA;<w3%?iyC9LpiGg2uTrOxdS;fNdDWvq-8eB-wP-naO1%8AJwxg~ZUNwVDdDNkE8`
z61Y_&2u0GU$XSXK$_~|HX;MhCOAL}A;z0}W-v51>dwksJN#_r;3!OXSBi}odO1|Gb
zkjTP!P@e0)0n+6v3Sz?U8hSlVcs2y$Lub6YAvYlBHhbfmm!@N^_Jyx8-@9+S0Gqc%
zbx@tAo!QLxJJ21>Cq3x~X{x#;f(beu_zphna+Kv?C6@EFU;=m!%%n2OEh1ecN#|i5
zN^@N6K|j4@{aIff`f=WNY~njlkA3p&rg~uB#<RGqOXl1sjhp$*>L)jr#uZ1oI{vX_
z61)*4nYChp6i02*!ySeorg7PzMVud7WT(jP*;(xR{`zD!l)9?-zWQGF_0}z-i4}oW
z;=ZlpU2n5@p44ivQnq^}bb|o`3b$@Ue`LiEawTs^Z?6RfuY5ip=a#YNVywl4({>B#
zcG(4$=j^_sX%3FG-J~W;#)YhPWDGdoT2~ETz2R4<IGHs|?0z(L?I|~X7~jo)SKL7?
zH1YoO#>$W%l|$M#iFS>Zt1K5qNJ*HkdpiJc2HjjYhhKenW0-lG^E<r>Ed(8cc;0fx
zC)jf;@_ykT0YWJJ-@b>8TV8_;a8n#XX_8RGb+vtz%DQb^I`_5?UWUW50qN3U{nK;r
zi`ac#CREc%B?Jog`;Q5R9=^@T%9$iGDz=!d!L%1u(Z|GDF}G#Zf#A8zI_R73>oZw}
zoz3cV<+YRG)sqTC;K2{8?E3TVP6CH?%-N@_>D)eD-Ip=XtKxplrM&9#(m1(61EkW%
z%y{mx;QfH$APhN&4gmZ`q}#nLUS8w}l&F$rV4_B2sev8_=*k>fpw{Nl?y;mO;`XPA
zc8Z_AVV*^5xDU)$JopwtJceb3(n@lsz$k5u+8gQ?$X7>sNIS3!-*DMtJn-%WZQlTP
z?v{k8uK<1Gc}*3F2uJU|=m(B{v%@^gGuG@#5XGI2!VtAoB_WFg(KZGxd#&Paq!+fP
z98-Qh%@wtx7*HriMl2!>1dN`P?}NxVTij#3T^LSD9E;0J3QGlKkPZxkH8BO#TC#@-
zAVX43vXCN`eTm5&C_)Xu7D9Z9$-I(6h=I+(*(U7Vsi`ue(m;esL{f_zmk&N-XNWw7
zIY6OxvEOMV!ckNW2ApK1kVx`L2um4)B9gkPoK{OO4FwYoNq%6-B_kmS$b=rjp)=1c
zjnSY7wY25t$1#|?0Pc}({5ZDTMA4uCxR(YTe5Nv)$VmP53yyRq4()D(n#`@mS{Oqz
zW0vEQ1u}8pb1}^l%v9J8Oje=pE#vYl!>@t2Lj|-z9AHa<7#sBoIzjZ{!<Q1JaFXEC
z6JsO~6(-1sAuBTgno1Uf_!J2Onv$Up3nb*5l#_@ELEto#2LQ)+Dc?$@ppC_$EF_#`
zM2g9VNWg%SP~e;;ArUkJ^0l{u=3PuwJ0~-bq&pP(N>-ra2q2fwfe@f#Ofeve5(5t)
zNwAX!IAekU(Sb7HP7tu-WXTc%hB82!kpvNKvfC0z5RH=IDhCV6Bndn&B%%!zk^qL<
zY_wdB5KD6*0?=c>Z%=T63!7b)gXSsyop>|``*A@p0bbs$e|@|4NmajQNG?#N-*Z`W
zHuQ}9V9ne5`z~03_aVU5J)v7;tLxm};;Vk%BTr%KUGUo-B@WJa@Z}G~E|!hhA)Be1
z-@cGpue%e=-@2pD-b3qvP2Zm&&5^5c0#$E49{vrbMUo*xKtyob=^{`KO|QY`>=BTN
z@##&7rA5Vh+AFC9QmifH83>GP)Lq5gG)}1$iS$oHucMr__T`PM@uXvvd7pbgo0p3}
zU7q64<|o2%`_U`U(;%`BK}x_b(R@cs3RNV%Rq8={p6x@PD27!4PU7y@L{|Z;P7Bsm
zd^KcwjVu|b01ra;zi+497lI&p1&*K7T+6DkDgwN6czq4daARRs3c3{V4hJPbCj*!|
zBA$af`;U<xj8oYOG_#<om^{~0vq+=8<X%-5StaZfb@*+|BFGv?hS~$o?GI`8;RIWJ
zJ0;gW0$j)IqFe93hzx)egpx8Mf+9^2Qff9R(P9jh1cs8)Li_vp_urkj!{>r<&xU7*
z(t1D@Rf@$y76_=K#Acvy^z+VtLc+6jg<=PZK{nYrI9xu$GV`aNH`9$iYd&c2)6M=7
z5fKqlQCrRN-0z&<NJD=jDxxrgN#~@=4-$R}p*1p-<(kh4GC;}7eK%&#h%!&H0fqNR
zA19u?`#U^+_Rp~u0T4ziia(D{968~9?32L{qJj)mMnyAtclYnQ-c6ZfFUxV7%+L{%
z@Z0+fsjG(#V#$VrRd?a^;obWtz31om;80YG#Z^RSz8kRl-pnH>P*I<jAc&~^)*U}e
zdr!7ZGP|K!@-=R(oXpYrJ>IzLg7)(O`<ua?%&^>md+(NCn~%zVh=`(sOG%BRL~1q}
zWYHxQn5ft)H55oiQAI@%Ram30bHBTvr)M@AKJVw(k6$mrtd^1lv^3PEktE7nC6-zZ
zWtA;0B$X>Hq?HHrTEt}{7-T6*P-NJ$MUt6-O^nMHWi-%I$i$Doq@Q&{K+il+J>iZT
zci>^+<U7-r`Q3C6mB8n8h<1U)au&+^d$S;{%kS+dYs|p5ht)<T6&NuTQF+e%&KdVy
z{ilK85*qszkybE}>GywAXvps)Opfz3P}M@g&%q6IVe)J{B*L?InbMt*@9(~056fHh
zJ|e{#8M6~IO%pOaPd%?U^Ss|Y`@9XJEwV{%e(qy3M4D8J0ILX}V3Sfq-Fu)TbcV<5
z+>=h7w`Q%0q~^<>et$E~b69*Z7^tL{K!gd`pFdtYSMtvl?|X@68zn1jsYKadog^V4
z88T5VvYAWTy7wN;F+O>L=x_GGydkSY4NJc)FAaj;tLpRLyxqNe-ygrX%0om25G+Wd
zlG0FQnF$sZMk@grsKG(r{)Y3O3FE)DzWVF#yh}-_#L!DgC1kaOe)g%1Lng{FNQBhJ
ziZUjG#<6{Ty6)F*`GuOXyZv-(=rTVWGg<TWoZ;&|B!=5Cnlf{yeI$&D33W_0d@cP$
z^A%PsB8n^(L*u#Z@Zq!XFrHrt0T7UWu^1@?Af$%b`wz%qCx-K3pg(;+L!3MgfuCIy
z!grY&?eu4vO-H<N0{M>-h(;&WrI1327(<~t4l9^TkjDr$m?D@P%u{BJ$eL<Uw;)is
zl*pNmW0cXN<E<qzH;#&CQ&><+I5<t&j;37`8Fn(_OL1UGRx&X|#V#>|z(bEAE}58E
zh%p4G0D({*VhkV~iR3{A5Okm*mfM0Pjs=kAY~wNtQvwhSI8exQ35+iFqfut&^Bq`b
z6gPs|Bc>YKKnRNfOv?kM2taiSi9>;v5N{Sr*hB#eObHyS2*_Z7U15+2!a+<8WrA*j
znW=`@VYWhwMo|@st!dVhGqO;YO0A#_%w>UTGf_bn%p(kdx+O-_Hl(8t$O<Sru~;R}
zP+^D`+AK;79dI@d$KPLu#_Q#i@+qw4BksET2B{=B<@H|+eeD7e9WPKG3YsO9TSRvO
zTm`TdG23rL_pckkp&Sz4<dB&}V_df<OhTC5<2GzqGzb*Hft9;yb@6I@(C*XSDK(du
z6UXG}=`!$W_k-oYL&ox`ULoEivl7x_&f3hYPYc`y<|?hotZ`drQ(8B+N!gB#9g4*a
zy&L=aDzVh_ZoVmeH|O;qH=8dbyZXDS<uDZGn|Oo4SI%}4CfLkl(0M6i<G&jtg58x}
zy1M&#BtClRP!`P*c@^#5goEA)oZhj9_1V}uw3KUdu=jbPYG*TRuGLj@(l54s9!(nb
zC_ARscPuv#9`Stdx3_Xd#$S>d^Z8`@(+2*_T{CK3RZ(hlkMEJMtB&>ZVcc`$drRYS
zzH^^7qrLB4Uq-h09sn>wARq)n2rLDFD5duAGM?z)JiT`iCDD*U2R&}&3=^DD0in0=
z2i@+d4c}CGvlOSdynO-D-Wup<aAHwnpt4Z;`@_AkBs*hdW`djej~g&6luj0hqhHtR
zJywWgA&@!HJd1-nhTb|R5)op0Zs9`I-Lu>?K~7oMp7Wdw?}v7W03cZ!`A?dS4~x@`
zqCVBY;6z2kdhQ!87AGiGHk*-*6l9484ykOC!%&k-@hy7k-U%ZDC`sUwK$`Oc+EW0*
zAqeB0KyJ*bhI({4yv~T7usUf#p66}3I-?PW^HH}8M4B35Bt)~$Yd9f|%dFWp9*;QN
zO#}<Iq&*Q3140J%vfKg4sYnorQC2Q54jA?!2x1Tnb-|2cBpW0NmwFqRd<QLMO^_&r
zkUSMlu}(5Ei^dKZrZB4CRz_JNA*E+=X##5v=*yTh4kGVkP=HY+CI--G0wN@k4AxfQ
z5T4-D6QXZxLLSwiV3J7@JOr8Ct;3n2xELV-HXv&k-eTQA#n8dGVq*t=ENo&ElEwpY
zND#}K$1_1hkl>IAG{)Lyvo2ynWm-TqB%2azacK%*l!Xw13M7!t4IxGm863b;<b*J7
zd6uVxt*z43<Eq&z$>wB}MxEwia?pltXa=@4A)zMqp|c62MG3J95g~RdlyD}-Ni?Yo
zRoLMOZml(#w}_=QK;VEFB!P2tOu30PIiS)hnT4yM%cO0>1U0Sft~ojJcus9$$+6IM
zLid_7<{BnzEx2%{05DC6LWv-VKtu@VGlg!om;{jE_g^(be>iJd^PAhTs{1eZpKb8%
z&zgBzW}?@1+{b-l#gA7q4Gr=?mA|1(uAg{vN&bP3W6XDcJytu?;vH$5c)r1B?CRMG
z;>B`O45urvw7NqqYOJi;dT>EOPBp(rsC)uh7ozJKIj|Cj4sqTt@cFnrqz!elK$^+z
zz^oxM*#dD5YJfu%jOfBszJbV@dE%aC9ZraVnhE_QS}+Hy9;ybA*0+a=qeX!TlxwW_
zMMzdi9=W>+S!{q~B<{7l@(ykSl0f*$3}iN}@ePcF?Ie?COCce*%&;XXu4TQZ@rS7;
zWGBO6+yPcd2QKmfIhGU5F84@hb(<Zq0AB<<cbm+?NCC7Q$A2~xHAyzY1>J;#xnz*W
z6XFtYH@z6hUeZ7{qc?Lzme>ZFHqD#F$W#PL0IY=8sZo)pWx^ID_0k&<U0M=%49FH*
z5_@wokfYQChmGPx&PgU?Ws!vEG9EDD=XI$G-OvnS-#p>xIh(c&@;tU4CYdHRhjV@x
zz~CF<%(8gEI&c-drVJHp;qP1X6M(&dAaHTa6puxK2Yr&>d5FBh*ayyg-U2e<zL|GM
z;2s<-UIDw)%7gQ;_{s$F61N2CDtN7Dxj;0X^SDFY-bg3{iV-qEZu#M@NdrhiBjz3G
zO(rV7?^OB-2$72fRbv$rBh34}_*c;P=X|@)!^1V@9dz%og2f~eAR+)K*ddWkk!aR6
z6<?pX@~<n(>5%(|Z$XBPb4nZg^QTS7P_)g5*Y76$KV&{QXz)Gngz<dk$Df{FYlgR(
z_(5Wbsv?T0f(M>{J;2XQ{jK_*7w6rzcw<zo&;^vLpUfEqX4G0)1tnM6er;M<W9KxT
z&CQ=_D9^%ozH|2BICPn?$H!3UY%^XO&pve(1sJhNstAaf3MOJAjU>{`&##{>_xQfQ
zd*`3KRljz>5k^dCn2RBE)pOmut$XdRIQ6S5rv7E?hV5RihWw|~bIRl<YU|zJ{r7$S
zW6O1Zx$r+As(^x`Aj8c=S$pl!<|n@(8lC|=D#=>U+5|zBip8z(^@{=EK6e9Yz!&h(
z&}fS*{Mdp}AG010o}1ft)#;7tU&j2fpn{@GgRLKZLpk>DvT*1KAi;{OByB1|vuuD0
zT1!c6iIS5TmZg^8b<rh=q?r{op-o858a6>i1cMno<4=L}Fv1$5T$mF5mtbyzrbC}S
z!+R3*rzF6q-?vfao_m;b{oZg$Drm%{O9Z`d82RCx*zd{EfO;EHQ5A|Z0fxT#N4J=<
z7pv__*q{!6*v>HxZ@uBw`W`qJ&#yP`L5h;0QnH2xA~2bfCWN+9F&KizDx#Y^=y%-%
z-*C}+MV$%YkW$i8CfZV9vb0Gu%G>oVB?L2MBO+MRXvwsKmWem)_pF{aeR;h;b<E#v
za_d%=ePmoU(wEga)lo{?cdy?*KYu;?{oiUDQbK`(e^2yxeE{yuld$gm9DP7~d*BEl
zgW=+ITU14|L`hVZl%KR@!$>q$qhbn;B^dlVS^FrZoA;Un2zs>kKzq>chgtAG_r0Hw
zHMj$9vVHwNs){0tF^GyPiQW6=s9T;o1Yy9M5J-U5SxA(bf{3h^Qc~96w@O5W*qKW*
zNRb;E6I*^X*}s1J^7_)RJ}T6@@_F|~JT~F>Q=HVGdpdo<&SUPJE1yZEMG*yxF^Kv2
z^UuB~uR9L}iArk(l-fxoq|!??rIN#IDNt5u%~E8o`O--QWhTKi1Ywe5mdT@KH4(S#
ze=?IQ94FhY{BwvOPqRZ9Q|+03z_fB<46A43RJscYUASrz8K`f0nC*48Rxr>cLfUY!
zEi4u=1|V4C0$2bMIfX}rrliQmLerMxIh5mu!3?e(O1e?Z5aq@w3{oM$S`y=72}V4!
z0v-w+cmp^|$gniz%m{$%C@|=SNF6F+;FfOf&D*;!95);&76w8zWW|9yk0Am?sa6Q`
zgd4#{g~Z|>`YgN_@4K$zk|GNdQX-AZmp58Qj$IdYMCO4IRihA+;|+-zr9??Z#Y(^;
z<YHQ2VS=K8q#Hy9G{rd-&RY(nB^WdV_WXSgc?;Qo=Svqgr<|qXzYlgCJ2fdOkf6Xl
z1kHKforj#~NFnP$A>w;L*}<?Dht?&&kC*`DUatr1Lu^WU-K90aTJ-_GbwV-_)JW^~
zLkz3IUeK3@pdyl-^}J#j63XEQ3nN+R_O|=PczeT%@|r5{o|?~KS3?6JOiG7VrKURx
zP>!!2Uj#07{_g?#V^_Co#++4mWj&R9_Z$js@7=ijx2N2PRG&O^mA|NU^$#MCuTW_2
zc$aGcx(#`PPE!eRIh%OAM$(e+(s(7>njan#5Ka5*y+2jM^*)Nn+3$&UKxv*FIf;uq
zFK=j!?{B3|{wjW8edX+^#v>oUZe~3Bwg?O%<?nn72C`WCw;ENt4q<zztA>Y*<b~Ni
z3H$5#!_~%--9*^sgHa(Hvje%0@3U)jNrz#nT*JRJTTDT2sI$dW4q$P@U<>A)B>3-;
zgjKKbo3V;?wBLp_*woYd^EOd`Q#cc6GYd|Yq)9(c+|%o%SJgA9BS@%48cx3DRn%CU
z)J8^!ud?q>2Wu`Zp$Vx&%{h9pwyLY>JYmcG>G)r5BWAzN6RY!;+x4ZylX~MjxH7{q
z-HTK-t^1d51`)%Tv=J7O1goo8bZlX)nCp7FeUqe<h{F~W6^cPFucitPJhosXVye+I
zIGd)5RyrZg29X~ssX~|Adp`QY;F>hW?geNfD{PZ|rF&is`Y?1lq@?+xmF4^H*M}@v
zs=9s@Wh;97JP^rKQNO6F9o1IeOs8XK(uT{64PE_j9c{`Txy#ox$P7auqUSlB+-~A^
z()5cTDk6(WR;(84>kSM9tCXeRFyRyBP-3VF6p}2A2_+`WS!p67$*iT7Rvf}WIr?gX
z%lEo7=ElZ-;D3AU;ZJVL9wAMFiS-^0Vn<kSl=_kJB!%~MTLchmo!Au+ja1YhygWy@
zNcYYQLtZgutm@afxlZV31z>Zt!lYYMMHaj)5fU0<&6Bo;0vtJqilv5Bz4PqO8JHAd
zAd(5~&uLyB+IVA=UTDzK@0=kE%Qk@XsF%Qto{vgt9ig<_!J|;#=J1bfDmu4(!oefu
zh?r&SPY~aQJ@U!KA22ZXA?gupF_VXs^4KUH<t0O^$)^}&?e=3J#DJ=evcxutv_>s8
zvq3brGNjfk7ENgg)YMEw@bov%>gHx6xef{-ERi5Y(Wh0kMH~@<n72^{ixovB)~jcq
zHS^0u-AOm|P{7|B8rjSNJ&_RW=ed_Ex(^Uoux6Ft#o;C1wwZH1G+hlFM$PQ7=<Ukh
z`Jt)l&5l&kN<j7j2Z#j<!Oz+abH%p84)h9U8qREc4MTz&6t#DP^>!LCHxaC`Q4Agi
z13=2ZMR*S)Tu@RboX}39_&V)v*sAVFOY6N?GVD_6UJh0FyRG0%7Z%fD&F!~_93XEL
z<ppa8p2jB|COB>s4`2v(l5>fGLuVVAfrPvs72vhmtquZ;P~4D7#7!?1)Q}HG5cnW&
z&kJS*P23x@gaYBQE&-Kk0wQjWB$<OigdS${=4gOBT0&ke2>`+%a7j6KHwYp~#*IQE
zu8db%z;%vS3r&&`3yUcr0pNfWd)1nrZG&TX!jp5QgKdn08(`(Wv#lyF-5BX8>)ShN
zRdB^q#C~XY8xa%0(ek#wuRDD-Z@$ftChApaHIzytbl-mNZ$#cyG-0gOj}VRt5h!D_
z$1B1uV2ahQP;0`(1QIF^+Ec|DFCnx?P$i@bA|-5&ih^*++eMQ|v_~y~HChh}uAwlP
z%mE_lcqA_+0gO~t8ErR2zb*Uh@)|fHqJt68p$fGyXvyumcXTr{XFKW}v=Mucs&`)J
zMcK;=j@D1N>X@$wKeu)K>OOybvk6YqN#^n(=Ow{>m7&@`Io-qV!}1q{UF4d1&squ%
zysqq`^oI5r8`|ktX#GOw*WVK<)Dt<zGN6N%M5ZQW_I8FE70BBOu}}kacR!(7;4xA}
zm@ca6RUL1D`@Z1*BzMS4%m5s}ukHeiwwVz~!Z?Qe^FMC03~q5BYBTb)+JuRB4xy0A
zD{SLPpr{di>Ei?F1KsNCBF_--sx%FwZw?Bw#XF39Qlv0sxh-cYP{Y^;K<Khw3pt*{
z@DhQ#*lNW9OD<spLmM;iEFXec8StV$`k34vQph*CHF<;YcqD)h1q9j!wgl&8*K244
zx)3^$JQ*aq*8JE9nV3w@U>eUdNE^!uJZlW^NMxR7{M0$#WS(fudt~k<wBxS<@Y%p2
z<U%~fS4`gB3G1Ci^Vd+kYp<*euJU_lt-{_>O!K0T7^>?eJ^9h+ohY91OU}J%wkkT0
zJl^QM^%8_5g$V<LtC=K|X6%w1e7<vgD8aENXp}zTWL1J3tv(FQtp)yvh#-(+MG`iG
z0+S;&(5Nv}49W}d)#iSD`=3t_7q`pmR@T33T#ztBFbf!|AqV&D3J2RIg#GShC$?tx
zhGJ;$VZ%AQsCN4%%bU3VJZNuU10o`*qN`7zx_8raMf`iMVROPBs|bQbTW!C1ff_bU
zZMOL5^H0xzpTB+JcUI5Z$)9PjKXd2ZX3xC&_}az@q6`#dQCrRB{rAs@x6g)Z9|%uG
z0w|`$g$1|n<jDvvim?Kypm9E@!4G10oIKDQ0pB5VhSNKDe%sTiNPXUC+x8ztRfsG>
zQAH64pI>hNd}Q-_%fE*{9|A~x1ds)ktd?4@-O@~nMYfY@WU-pBxwLI}&w9R|f0OF6
zYvnj2oPNRm`{&;JXwdTv{H#S06=Y2k2vHUolpr9e#z9pWto9vGugt@lLHE)=?-!X3
zem*?SecM+2*8SLQBS{ouqZN=Rhz7Ztt4~YvWYo4p=h_-Rd56@V2yf>w1IZ+wc`OK9
zH#p($89f8#&#@LND+Q5^RyudZKKX}34}IauJqQ!w>Y^$!AWwDk0Q;&N>W@}^?w58C
zI^6fH=;*$A#@e4*%nJlep9!x1Jm1G&!gqU_`1M3%5=IFINkO2#eD!<Z&(E5r=ep^?
z0!SZv3aZ8{1yBfjhTH=z=8auVLSTFuJu)W!?pQWYnjSMfFkrDp3<Ox7ciq2lz247X
zeCIRL03R`oK@mv+QhM|4J@%Z(%@(gW@8<P;bLHOe#$?7sgv3xK3?mH)*nlL;r#>m)
zd_ENPWa$WaBt%4!1eJbm(oCS3N=T$6k%Sg1$c&I&O}oG@xh3?8g!!rmei@i7ZUNOv
z?*02Sh!{==zJtkkm0s&zFT4poJ^@fk8S~QQ`_f=wfr0ZfBR(ZH-*q%|RZI1_+}(53
zG7?Cd*+sJuD+w;jK%^0I5^F()V3G<nRwJpF8`V|0n;i?Zw@a8PC7_LFTC(6uC65UT
zHrSTHXiR22WQ$<TR}?Zal#r%iicASC69xt+FlSZLT5naRu;`k(j%}NkX`sM}X$;U%
z4H8;R*q1FeChi+`rb9Qoy{6!Ab_2ajkS0b32p3ibgo7Z%CA*{%FviWKjm_u{YH2Qw
z>>chVv_myWP|87Mm4!Ch1Y|Dt8-z0iL0cuJvP?5(?k0+1ltpQv(FT;sOvxHxI}=u$
zO6do4Y*v$WfN`57I1Mo&O(7ygC80$H6jMbLvMp5FXps_Va8V*Q3S|>2)T2a*>CC_`
zqd_wy>jkQom8fA<jV&aKfW)$bkd)N*=h+=#H$CI<4Nh(nplmmoZ+4g8bz!MPvPgM5
z9Do#~>>?WOyh$dWhk4|ayzg#y-Doj0ED29jIpib`MFmbiT|+(d&QsHQtwoo{cdH$R
zm{}6*I19>pp`bEJz6uN@eT>jxfJeJBvr;^CItQez0L#;?d#|d9T*Kjm20C-02qlO=
zYa}3P-rCCjLvDrTQ{|s^cgwG+H-8_XgQ9qMzEfW2@6YP*KbG1%pKd>d`zzv=DBj*j
zn`3_6@2l^<OM<CoqVo%v^`L3VRswU4s@(3yybf1=zZVC6$E!X+cRXsY6}`~yd38{G
zv|STzGp#H$rib!-6L0IV?DbeLtDa3iSU+p|uI~HfPjb97E`6AMZ$9D-J%R(<7grar
z?%#wbTvfHTF%>EIX7Zmrl=tV)hIh|<y^3-kivdAK0KqnB%B7lZrIuqVMdS0{z-riO
zJM0!aD~%f5jRsf<f|^xAE0x*Dh-<uylYO2NzLI@onLZ%=0O8`FWG&E{zHw`@To`X<
z7H*I`rPhpxeX+`!bno6~{N~R&-h&b>0c1w^FOn3B7_XK4VU@#&rMJC{J<!Mxs=H-7
ztv;|H9Iara_G)*yKfSL+f&g&f1%}HNDHSO!(Wa)-!4xJINKs%g5q)1YxmFliCJuo}
zy7YDlsA@5T7EKsl`nH`W&o%CIX7{~pqUEh5OBkXyjHv0kb1{L6u&hokJ@mB|&{B=^
zw~dkH)Toa03~&z1uIZE+s!}`d8>5}H-7dv?IdFVaJHYp$wdUN)W*92+7Ui@=aI`a2
ztxmWl6hk*Axx%sBvc4aAuN>onap1LgO^B4?qdB@;c1dXHrU7W^)(#uXhGuLg7-BO<
z8i6i^7|L~B+-8h%wBstqL(XZPZO0FN_$FZ<DnT9yhoRk%Dod6<IIlHU=O&StCPf)l
zUPD8Q!sWKiG;H3LIwlS(TWeKQ2n320Fbmyo)791~txPY{`NbQznUVeRs~NNHL*pyz
zl6<h6hN^`oKKifj(Z?f=J=?j4Ed*4P=qhj9^M<zh+7kKQiUgQK)0?&7M@J-wVBPsK
zX?uHzUCut;-(J$NiK*CL>eO=0v!F=tyf-NQ=VvywQBum?=2lsV^W5}Jb9Xh|$=akz
z)ZJ)YAfjbfg$YaA!#Y&aWCdGPd34QSwyA~0-KMyD8KXFDG$zfo63t3P!d9P{qQcG+
zGkbMFc5u!h7Q-If;diqKGK|lY6K5gLl-8Z)1DU9yeFb7^TV3;T5+-;U-oP}iGHbCi
zNNqewq%$f7Xo#D@1Q7#}LKDkPsuCsav;)U%HAaC}Vld+ishh`^b4MpCY_!L=r1giN
zRx1>Vn2<?9etCHO`S}yZ+V;&-l_aT3{gXl>O=JZGP)9!CVxM#CsithUA1#N`%%0?>
z+%gzy&3#~<-`{f&uvjQQ{B&mzHQd0@K5`z6p9P8{hqBYOtZybv`Rjzwtp<Jj?9|Xs
zmKFxApM8g+@$|z~&V0&zy4HGqWELwCMFB;N8D?WxijpfB(Xwa_i%d2m3Y4P77Vke>
z``6s*tvmPT&U1dRz?%?4Ai#n3M2Vn@3MHB;Wc|Bc_7?r{`J-T3O@>gvGY(I-Z$4h{
zWX`5#*Gca1)~=JW`fuvMRzz4Lv*$i<1<n1Q_;h%3Y4@UfNPRIB5L72p?j2SSI+nC}
zb9TJbQ<uYf<&E`s;HfpJK*bK|-!<;Oc29`07?5C!#8E_2A@;iTzU%I@-=6uF)?Wu&
z&n<7bno_cgZAhBZmX$SMsKSDnkk(9=N+JlzBLrZH<2<HEn!0Cg#C0pfm~jLfj0D(V
zF!DTkz<$@2;29@(IXBO_GvP09!0=R9tYRU*IC?*Q_s-t$zdGK2@vv%I%Kf>C0>H?L
z8R1eg2v50YSXwW$0v7@Yd!seUE<`c<?f8YI*v-ETDc@^5ocrEBen!$oGe*HSV<y6A
zAjC<cOEP3_`RC`&-cH}T-_789Ndx47SfarNKwzw7fS~udTTQrV`Irpew~$u&Li67J
z`R2U(o6PsVpo)Sq6mOfo=;b#LDYt}|*b0I{;qv$9%-C%6b_z^jSB7REez|1;gW{IU
znU<j2&G#1OkDeUc_513GD5$D1Rlex%efQg^Vee;zBt1TYDn>Anbwla#))}iMJnl|u
zKK;}+q{)Gs*V9z;`oYL%x$bADoNjBn`6?(ZL>~O(+G|gnH}v^7LPP9WqDc>zvB9uO
zt2OVU>@~HVN(Go@G4M4evm6Z9ymNDh+N&1cWE-tp9W6J3z3x*Ag-kU~BBEO)1t``M
z1O!k)qT{3j2`Pa{d2rTjiD()S$3pD6G%{32X<aqm!s3geri7KtL31qAyC_sPkuWV{
z$gwnNEZxl*X|!gNre<iE0wV~BV1<GKlr<V**3+Sq2%!>|k_4#fY@?$?OxBAtTiK^n
zSsQakW~N;^r!le1h>9w0$qYc+LS}B@YYfqw%p4U)t64@cOL7gM32~*!ldM#djfKNf
zLW_t9VNu9Xz%G_5)VUoMOh}1_*2!WKiMl%LIwx5N@lc|V@}(tR_cBl^7{w_xl*T06
zY-rXkN>&o0)gg_sY;2WUWKuNA5va16g(+!?tRhKc7Slw?ri@99XiXA|Dr8xVnUs@i
zZ7gYvN>Q{{qiqtTHdaWasBDWQG?|4o!pdq36{8lKElMb`R#`-hXtLRxMvYo3Etttd
zF^o)z*=(7jwL~jPsYtDqC8eyPs!Kp9#e~&>%3-1kl1Rm7h{H=QB*RM4wvjez5t6Y?
z)fkwjv}{sJmPt!xu!}OIV^W$Z+chbXSt?DjjiAaiDrRG3)J2O$vZiT~YHJdv!i_{)
zD$)stXrgE%DWhbwB+!LQ6HypeA}G{}AW0}?re#Jp3sO={5)jcPVq|Fqm>HsxW@b?p
z8Y?A+5?L{YmWni^G-;%h4S?8!Y%^j-OCm{0rj)ZWX)@C!WTYa>WZ9t#l+2(siz$Mn
znkGv{jS+%SnI;s3W}1;kS!FU|W?06BHb7>`nPm||kW6MaNSFgjMJ7n1WD{c%N(6yv
zl0;Hy2#E_OjI5%{WUyiqWZ5$j6q9U-h8Y`3%t|Q6HIyn@sHkF_6v{Mh5v0;&mZX^*
zBE)Q!1e%F7RF+LjSwzOjr80#|79nXBHe|}ilueSPl(Ll=nW(WuRv@5)iX#>#w@zle
z`_n$@c<1mQ6o=3#e*00;cs6>(*(rU7cnJ;AMKX+vF_<z<tU)Gp<7x=9G_J7?zGz=#
ztA`)6gn7M}Y+tTW8OYOII=40SPusrZ2W=ubgiJ8_k=^SwK{Y!xT}c>TcR+E+m&|uz
zfmV83?z2aR@2z`5=au@<3t7j0Mx=O%eszuV3(zsDfUYxGIM~!Igh4fs3oETy-Z!-S
zr>cf~o^hEy6TQpFrnq74*HbtWNlZ(|hYSNBD@h*d>knp5=!zq&s!XOf_K~Y59m^T)
zmMYNWSojVic4-x>9~E778o>6ZVAqUOi*mM^D-z1h#czbA$D{F3&sGbzXlxspo&XOE
ztb;Dz*5r^!JS~l@N~}L^)D6H;<h$FB>)UMMV;8-$6`RFhSVip<=(ERs#S^F4!hH16
z<bAl1ibWAaYgbx+D-B0vYs?loz3x1>aD$sT<`-RcG-{6gJ>j>k`?3mP`2bnzL~DG<
zb4|cpO5cX?r;H0*-%vOQP{weyv%PnHrFA>q<nih3Hy#T(eA~dQCFujl6R(`z_;j%#
zM=zP^<Oh-m;P-}{4w6F|;64!*hK+IkUOpmH)p?>Ex=h;cYV`~`b4F1Ff^z#xK}wgt
ztXrn*hCYLqZoIBgX60wIbY}H~*(QwkBr1hPFhQL{-OC31WKTwDAX(paU2zLh?U;9W
zb<$3S49|B{Ln#Dv2A%{2CG`Xwxyi%bmcbQ(_;?H;i1+DF!%0(i2k%C}o@%oP8Z;2O
z_bqEOou(1sxR<4nw^w?-eMDH7%;$+a<k&<I(A+So1cShm9GJdeQZN&k{p_fd_Vgzi
z4omd<Z@eA%Pf_!|gl;m@TL!akO1-50?aHq2Uylj`weE_YQ@u(19K9T-E^yLx8Rt52
z%a9xPl%N@|ZdNkJR``-R28K<uS`k}ljhOLrlAHIfQ3BOpUXD{`db(LPiqx%Zg1+>j
zw_J&VSODS>02$2Iy#{uH6>xI&Rciye=E`AxmxPy=d>w3y;ldDy2l0pB1Pse*3*}Mz
zA0i~bK*3~<24h3CT?kfO(VbJ3Mc{jSw9q_qD0+*Yqh)L6P@cvs`(JCA7u$`}#cbxC
zz;e3x4(0b-gGaY@C|Dln*-axM0|qmgDINhI00eC+!3ki#4QGQHa78$ZFj8Y*ry7Lt
zb;Xe{QeS$g0tSs*K@MZOg%NlSy<%EJQ(>OqC2lJiMhdzMPy(-%3tAGi`<U-h_9(8G
zxw@n_*RWP-AqwZCNRqnj?!D)}*Sip~+R?axbdP%kzP+&S(x~|{Q)WYqACTklG|?2C
zT1|L)z8#Yvt?)y#d2O+CDS*M|#wbFV2KL$#4adECqzQsg5IDY7Hilyy9&bwoK3P1n
z=7F{C#;YiB_pfRnbmQ=#=zjwRg>kdjRiAr(xoelWyKJdP1~~B!?_2kKH#j~QYzqpc
z^6bI}2(xT<;2`xSdLZr=@~a)hE4QWhye97Ny`#H3O$r@|C!;Z4dhAf>h_z5BCj5v|
zHu#^sF5ibO^NG#$dvVCM_&DmnU!;ezoYjCAHrA3nJrnf|5f5n#mlIm12xf+9_n!MD
zInGTMdRFG?>AFp=81oEx%?Fm;>Q$S*58m6_6v0A*-O=pBSPm4#nTbcVDkXU@H!ofJ
z@0uls$5F`gYrt>2Hfiu2)C3yTC?8pwc)G>=z$UtNjoS}&01c=sc$%voo9>yE#KZM@
zw$U%lN;rf&)9s%j8o`HmeC_uSbB4V&Av?X{Br5;~g!UvLdAdWRBo7h>Zoq~z0j*g&
z`|oF2*UxxUH*ndM@d>6JIwcMbm%c>K*BBP-8}ST{1hUHmR3#Dt9aKDs7oi9U+#@km
zAS1iyhduLr=J0H42iAobdOyCL`=tmbspIOn=-qG9I5<b<D<>Lljz0BcfJa@-I0T>?
zsifw1U>&;hJ-9h<DUI}ZmZ4b4J~>R*`3uONO4~l;wa^DW;eE7*+zd4g7m?jytbNuC
z_huU2;cFNbz3c?Hww-hKP+UY^Mx?zi@pvKv;P~b$=#C4>Igc9f5KtE`9nBW2Wi*Sk
zAnc<uR0Bt4;6_joJf1ISqTN`-0Ae5v@fm|XWx@-h4?F7TfB`s9F74r$g38LLmxPMy
z<iQdLJS5$^p8Lt}yf9ISR3|1i_4@!;dOr6%7}k<80hd7drn1bsC~jEYP1tvUZq61<
z)mQHE&jC4$0n{Gw6l(P*8oxiRK9^qz8F~t2DFmGr-n1$=M6ob^yIon=*1Dnv<uR$h
z6x$CCUmWfN=y2Issv(&yXaRwIDD6_A)!;WTIF^sT>=}W5f$G54`k__q2?3_1;vL_;
z17`Q94^}AqFnXXC{3)n5CVhb%1Kt#U!bs)qnq$Eq4|>U+UC^+N9{{)+T5LYbzcZ1G
zlYB&c4|&b?tRkuC&<2nPgpEZjJ2yQr+8jCE(0=!*c)oquk9Ul)!9#2;)YieBfc8PE
z;_j=w>=-R?fHY*s0>iTX*!$ehIu%uJ$aEwc>bI~Q!;43S4Kij!yUVW}q1X!WHI~no
z^8s(ITkw5PM{Rb!<gP>oq75tM7Z+Jlx2j#{mKhOhR;5wr5v~R0d%fh}SoW8#Okl3p
zm%3*>Uhtf<aa6rfd${L->=k1~#eh`4d3$y@GU{wLrUg4aqWFAqFGwD(=8M=k->oCd
z=q4e7iErFMq8B70TKVUOU>VkY2^&N#O72C>^0VxG{5{hF!+>Cddc%3(@IY{9obEyB
ztcu3y%vVPk8RfwT;iEx8TGNX2PcU8EMw}lu$G$_!V%6_Gmj}HBC&bNB&!#Vo3Rx@z
z6TU`HFVwAD_tyGnv4S(U1aEhhtMku$jN^ybO2N6JH^pEYHm-+!WDt+DNUR#}plg45
z21&YgScM)@9qZ1kp%y&XG)SFel2^Qt+NuKe0YHXCp+Jt!%NP!3?(OZ_;Ct6QE2sc|
z->IH{qk4Q`D<csAAKNM;DQwkx#Gx|>d)POJs;WV9K&o~nRjV_)^<MSSxm?J{cQ*}b
z3i27IOLx>IX&5kQKP6>}^!Se0JXl^9=?lTTx3IyWMeJ3*hedj{_0b}h__0c;3Y)ic
zS52@;i1Cl=*x~iv@3a*9o_Jc?EOyj4JS#vQrh%|ggW~kGcsB(tbFE|No2DzY&r{s@
z+2Na4d@kNa1qz%)gt8<Z>$KhYGw|oCW*-Xu#Do~W1BkIIuDip$g?E_2!1qfQEa}sP
zEN-a+<&R89K=C8M>6V?`-kr8Hh0RVuprd+xZiQU#JTt0;)Fj?qgsf32s_Qg{uVJLy
z95Zt4@V#PIk(XQLRn3FvbUkEM-0qe;lo%)q2S=zJJoEv8fbYC81^{U+9+aM-`AM8N
zf#PnQ?{7LiZH+yAkvsylUS|&DfeM>ys6D*Pox}hr5HyYKfQ^V?<zBu9g~2+6s4)$@
zW@Xeh18sD@1za4@(kQyP1a}Ya?jGDBxI-2Vwz%6LcXto&E{iM>EI7e}F1tVo5@aF4
z5=hQ@o1E`{_q*@iSHGF=>aL!u>gw9*VVLgn$T>Wyq;5#NyU%ygm7KUXVL>|_Y|8+g
z52_i?FA2i1vOV8GtSq7bEQ3Jqpnv}!Tg(Cg76E^NOW|+!|CgZV{r^$^Z}lPo0Fp6a
z5mkZpzsRVXe~`Z=98`rr_#a@!`A-hO0c8C-SXr}jG+9xVH2*gIqul=if2mmjR%AUZ
z4yq<=j*<eB0c(!J|7wN$7elh((nM8Y&C$g9E0ODOv;WoRzjI`lkYYrT@VAP$6L0Rn
zY5xO3RX}R@KLBsyuXg{r2mtushC$8io<qt+Hbn~N?bgcY(&j~8T8G1>$y&$Tt@;18
zFe_?a-5<{X2Y)1EG+_lK57sPJ04pm14XL0YVDZ1S1k@odi}S}kNF)5e05>0B6d=N-
zu!!sws+K;ocQ{Df{59o&wOr&<Kvh8E$OMNqR~LyPfwd06imQ)A{&!dYREw@48K5>9
z|G{zoqdU^{$bR4&A}z0FsEO<rGE?|N{}0q5FZnM(RrrsBSvag&Sy{-^UzPt7kxl_X
z{m%gZE&tz=ED@whvXB&Hh8%6t6;x%xKV$W`M%?2M<*(mn0Z<jX$B>F6iAXnIL~8t}
zyMNEW#zPiR6_Cjv6_6>?qR7$tD}Ryozg0pL6k){|{X+tv2_h3z1!VFc*8%KwqAG}>
z2_l93l>orO!9i6(3P2M?`f3&qQa|MJmxN@C1f(Ie>X0Ht{wjeKiDZjBP?Z#r#J|9b
zR3i&%gg@<(_#emr(=Rl^tUsKQ{E$BM$HV`?UysBa`-37)wg~uximr$t2lnrP{ZaS7
zy*!Ic%TUV@`7`~W!-!;#<T8e2$EAR5{1^L=eE_HmNYdXC<n7M;+izq!3+Y_Q3<qyQ
z0huBDh4hWT$RAOFEEW-w->#Zw_f48+%N@y&KO-|!F36?qeg&3KPp1E?7ePf$bXXlS
z^zVMSqCv+_?8S$nVHx39F+T}LDuC>A4B3&B>xbzO;bouep4~*ze}!`?$#aZ3I|tLF
zDUve2_aD#0PV}<*5jNR%$(b(oWiw9VlW=8eF_?(4k`kXjhA1S1)0v)g&Zc<Ofu2y9
z`bq(JI;(Qq9;J>Li(MU7xq8D>*d%Zw0{Fl{(wx}t{@ts2fGIDgUD4FUG<R$sEZ}l~
zL?e?#Ui60bHLs-W8)<3r^GheEl`E_Pt(X`&9l>Sv5mW^fxoZMw&CnWRkfV-^?XI^C
z_xN00GT4BArq89~G3tubTlt6}1q(Y;3Tx-sgpgPL3g6B(Sb0tXJ*Fn7MQ{#27m25~
zKM(?McflCS+UL_~yyz4OSCk~akSpdV)MXtEswI^S8UEIroYuMd%Xp1Z<{M=kwiF{`
zz9<@1>`9_F1IPQ}hDyAWYbopO?R60c+H%r9j;0BBo=t3o&FD)dY(j!kGhHWIDL(lj
z^yM1LgEkVEn-V|jO6vzdIF-vx=-e(f!pFb8Kies)1WrYT9xDeZskn}G?;pQ5o`g<L
z)dq`AeQR68$73mo<2plg7d%V2G-o(Eppi6TtE2xg<E7T0KlY>is<)mWD+zWp7B-N8
z^LasTluDsrnczp9`jDb}K_+pnp`4IiB6``d>g%pa%b)E3^5PIm3daH`k07`1W+?m3
zB;5iyIuBX0OjSC6TE=hdn@&Lann+LJKvb)-w=MVaH1_=5(f7tC<Xn>}Ev+hGlB>A9
zGLF|TWCl3YFr?ZCQQ#WLqe2~pM|;6iJAaT(XXK{{#MQ-d#zh>+^YF>a4R<6HvRwDR
zp~rC}<h>_CMkB?wRmkZyIY;q8oNlPo!A)a6<_9?Qocn%sF|E_*DNGG9*__5`*`4;?
z+Ln5%>xc7&%bayg55@w9B9iv|Irk~N(dALd`pg78Z`#%x59KlH;E+ZW^GI=hfUuBg
zHrg4F`}+C#ep1)7TqJV_WkG$#rQpF2=~$L8QEx!Sv2n^u-?cb{sPF?yK7^Ex?orp6
zg+6=ZeoCIGHdfO|({Dno+7Uayp&Yd3b1CpvP7@I4&{w0kw>_r}MEj<eT6dUOpV4P~
zp*l?Ig(*6Y!T1ShN_}C9OIFT1LJ9R<G|NGO#y}Kk??|zdky$-99qVxexF76%j|@>-
z=sUYr2f-@?n&t*f2*H5X^T%G$RK079779BujzYl?xryyh1z}VPB9qIqhx2rUFh?{3
zWt(BH%NRzU$x7>Datw1u=xD%(f;pq!TU-U2Y)L(VfEOI&dAchyG2H~9L&B><TA^2t
zgI7G!(ZtorO^V-Y8Gz;wsxB9Rds5NY@kRm}!+Vkz)ZllmOoP$6{v&$XD5mKnybst~
z=k6w{C|T^6WL}{ygSu;~G07(Dqtlz^vMNlpP^rcc>Nmjwh{r71)ompWV8||4ts+`A
z%Ifmr=O{-%yiDU?wmIyslL!=aDT!eBgyCs@399{~5C|vrXF<{o2Vux{!!XTE2wW8L
z7_$2QwvO%1m6q1~axU)ky!^<onr46QSN}$y&ucjyh$L?BChmWG)UjC`=CmT4?&jtH
z<7Q~`FD^~9Aw!eTdHJEpN;t9-fjmPEO^`f-w6waBg_S1m--bDDNG32YZe+uMEDcTa
zYFmC8=Cse}boke{^l>5M{b=<gW!u-b{2N2ll$_1B=`Y*=FnOPYyy({l498;Kx7#{$
zQM7h5ktiqz3NQaXmV_<{c%SLV74I5+7Zat=Nocjt^{`F-GUBLlgcoe#wnY3jeI$B4
z*1{xh-3=KuVjrMig<6M7+H8kwT!-4MV#35(jhkn}#RgzTCllXp;RBnK0X)X^$uM<I
z*g(y!EFSDVOnpY|v`58grPQfT(0o83mAeunXEnG@tI8eaR1x?E%B57rY}(70&^u??
z0VZPNj1K?y0AH56?uYMv<>UmQ`6*x^r<U#2@W+wM%>wRRAg5_kZ5Dv65=D!ZET6Nv
zQYb`N`E+oFtC<`p4AKhOyVrV{zjugf){xqe>xo$82Z1PtF53Eo*uYm%gGp%##Z)JA
zK$mO>s4*zKVoWko8zJ=VVeR1*)OB+JfK)_G;|G~L5_ARZ*`)@q_`-I)3lQGAA4(t%
z{8w2%(+C9BjCWAPVdwbeXL)18#^R;9wV#yGmHH-V`N5L#3Z+2*HZIQK!0tuAU67U3
zmQ8!l(3SI+xM|uBdrJfI9m!MFi!Sp$2j_nD>L||!m_yFCS6BOD6*p(KM@XRkc>m@S
zS(Pdu(7B^O6$*O@#zui_Jnefl<Em<b*W#JME)P2`N~;kHE1Q5Lv?$M<k#4?JynL<t
z`dy8Ptwd|WfkdTh(GMAU?_LKpjM+v+jG;7CzHq~$*YIkNGBY?GAq~8IE!J<c!SMV+
zlufw@fd60@8-8Wq9IrKcDMNqvA!4%vjtD0V>%!=0dTCi@jGC|Nu&&v)6+vjFP;oWg
z9(KBJI_U+ZJ)Fss!g;C61|>IE%E~5^xk`>6Kl?Ld%m3uk$iuB9BLtJ7##`9cSh|RA
z=o>JyDZGgK&xHOzQbJF%X3o6(SbV1vck<o?fS7DTiD8w#BY=iVv2q<<liO%Mu_+t*
z5P>6{r%_UBSo`PN+zoD`bptIm6ly8}il&ANyDC>z7L734r|&VkN*Fk*`j`p;l%K!u
z*^C<oG|e7V@_kJdIp(v;ka2!~q@-y7K36gL#r0c!9!!hT-DAGnxC)*FQTDauE9HUs
z66Ob+{K$4aT3p3xwMq@eL0YF$+HPQFaWN|j&Rwy_E^@VA%No;^IZzk5fjg}QGAdq;
zszIw;n%XBf#8s|4tr}EqgS^I_Cf&nQ3@nZebjR;!-dMlXB(Aih*$u|%vEOU^po;HK
zB}7i1(nm~d$-J3rUkm0;Z=*<8`_P)uJlE{h*yqwlYefZ4brT13HtW*53TY%I8<+bs
z2k4htih(Fr-KNvYOjH|Jn@ZhW2f+(Ny(a0ZK8d*LE>K#vO;G)K@oy$J%d+t<=hYh1
zR5Eu8s6Ah*3dL$0xd{bSfWR8d4`k44CO+U!-s;HW0^a4Z<c{G1rF8WbSGT&2n{Ut>
zn&NI&_gbl1rh<?R)2pX3XLl)Ft=Q+q>nA|Q^Wuvw<X~RY54|9Y=^76=u|c;1sZVd2
zgMvIk?qtRumPxxQ$m(e^F4b!8Zdyw*MGu$h^y*#QHd<H1R**{<Iq*Xpc{8Qd7=24g
z7r4gCK`p&=VBX<HjIxG<SQD?Kv5|*KGxnw^1$U}_dX4ib?uph?cP!A#<Q@E<F(v{d
zwuu$W-)zHgRsQA7w(x!=_Wb?$4-Wd!dCx}9s{;U?WLd;z$zIO%^f|5U8*Ah<L2qN4
ziu-aAj<Fru!EGJ~4<z<V?$FHmdF${7jm8{TD#QD@sOjs0bjiqfEO(N91+k0zIhcku
za^ZxZA$^DTV~TD`>;TQC6PoPn7ov*tnrLk^)A%16CNnc*8Lcl5yq$q?+r>rn(@(Vl
zud>jp8GMDr+c;XwiMZ$M)lx_ub}RP<HeEi^Y^m9-?Yd)2cJ%jmwCYt}I(0QH={r5R
zW3r6Ix1JwPQfsSqS$Vh<{6LuE6o7|-W*JP%y4d|i8Qe{WfwhNaJXCXmH$}fB2u^vV
zNhfXKn}i~-D?{%(-EMifCrI9Po$BZ!P{H^QUuIvI)%KJ>h~ByAc<!6>nM}&DZV9~j
zYT=nN>*2NL-XrvDx?VQ=;wUdg>}SR5KD%juh;9}?`mM-u=ndK~-Wf4U`-D1ShSKD4
zg+rk+Btbh$0F{&40c#+^fOaaj+13DcTxMoZ@Ui7xRJ+EN?s&r9V;eq}E<ocwOE!oU
zwy9jVa!xZ1r^rFx(qfvJG@Jh=x1nvK3WGr*bw9l##{d8U%cmpI2NNWiF;Fg*Lq-UL
zT@+Qx4AcrnMkyB(T5QiK=2lJvoXoU^?X8Q(6pguN26guh&r(l_CNDU);<IDBwLb!V
z9*0Vhe+lAP745sL1FL2Yz^^57Ic2}>EDhfi`c>?E?pweE`4jBD2+?o5f*%{7JqQYU
z=-<?dEn~94+QKF##{7w717jpKXq61VijNT0f?Kkx{Q;j3aj+Ed&)KDWG>N;*0zyvr
z`n$ct*2E0SgB+PI5)g#Nq2N3CcmS|)r}ApD+WYjK+eWyw9BgIiG(t3nvE~c8L$d+R
zU6F*UViptFN}A>_b#mm|D`fFx5YZdY0&mG>6Nf4hHso#900b@_W&pu*#$epLFTOnl
zeq<wOI9p23+;{xosL|Ayz4qFJ1BDP}#N)_sYm7~h{$oK~)Uliw>T|e)eTL_0Bopy`
z2roL_5`F0!k?-TRG<#j4FQ9Bfw<>e6cwax`yl3RFI?bN+olC42^!m*(7I#n2b!*BQ
z1&vHVIV3LaSeh^_>G5Ug@CW_-)TpFPItj%j8U%?B7xmVbu)Df0ZN<j$m%Zz7ukl&2
zH##J>If^_h!BKhuQ(;+<{d<h#;>_d1N==uDE$zo9$r~d#D4AqDZIJbq*ScWoWx1%c
zr*cE0rp$#&DuhN-)u9(Ibxs$+TO~THT8%?8F0)}`K)xZhw-Km>fm~|0{0cSV^Ku83
zN)90|te$7H!DLzAq0r|z{+T1Bsyb{jH#P&HG5V0)2?DC~T*}6qqpzT1q5iNdd{_Pn
zWBmaSC*#Lhkdx_5-^EH#=-_1P{HiD&^BqF71QS2vK#8xqGyt%eg!T<g>Hq?7=V+vh
zkCkUn?Ae!UWejNMNIIsoAL6RyCTJXbB7-RVJ?;dBO@)lT_nL|@#0oQ8#|o&9G7f4k
zfehN2)N_KfzUJ9z)?eW&^}P;1WXD#}XK&<6V`j!3r(zKZ<FVe45e4yim&jZal=m;o
z4q)d_E=zUQ#T0D1ePd@;L|3J0@1__NA6qJ|K6K8oE_LRnN~eMJh?xU$7!P*44?pO;
z+kVia-!{ii@(1S;>Pi(SY26U{cN3gcRlCo2%7V1o&X-zm9~CtjvlLU8rPUR6QG!2j
z&0PmY$hc11M1MramP`OYDU<;jNHq5z1}IIg$&*Sxb#98atF+{86@2Y?u<fi9D*w3W
zOR!64fv#Ojph%Z#>Z_rgWHUv-=cjgM@frIN6OaM1nQ^0SltC+#+ELBX&p0YysU!6F
z^f!(<pOMR`Y4UzxVZoL~9G98!loB(~=CgoYHNJ$Na>ujVt)%E5;<N!cqcpIE=$P=f
zikR%1&%NcXEa1#}|Hx?evyX-o=7o)PKFvQ5to9ry1&*^r_T8o&Rmw-M9qJR^-O24e
znzT#WC`#~+b1Z8q?gFOfHQ~kt4|U)BKkkS|_pZ@sjTBH#ZHYUytvi7#&8KOc>I#dN
z+?I~`iJbKCc-OvXC(@A94{vhWOK6((#zOg9_!>-Y6ESdfbJ@Rr>c>gOK*JOwsP`e7
z;MCyTD4H{It~)UQAmfjbCNew%+{nf~8rip{EB_MggR*D!qPs42gCS`YV?<BkK*!-U
z=UL(XOX(l|Dqu2`ZPyf65zc<e;~b+Flq-iJ6Hk+axSznMH}c*Q?`_q}^;J=nWE;72
z$PA1>3Q<`VD^6k)6OM|R*d`-b?*Wmc!`Eox3W-Ds1jIO|01c{kHvPn;1}Z2-AQLUd
zQ2|vl<`lJ4I}am?zt4aHU$Ll<PSc)zZori$M;l#RFt!44P%6}e+(_pLhcA&-lP??j
z2}fA5)sh|N=6p}+(y5^vYmCK0gNecvFezeY5bBr8{_Libf$%))@B4>e$JlU9vju!i
zFjAn+W2TnX)J9bREb(^=sAWe)!JD;L!C$j8^<z*Eo)r?ufvk2{4tv=KwFe?9tKdwQ
zVD=<luSRep=mdTC_h>->zNSQMXabogJFzb7g%tWrg`{~uJVVm#iO-7FzENK&g&%>`
z<1Lnew5TsX61%~BR0%0jsmqa<m-h6{9Qp@Lc=(gfOBVr3r9@Es<SJI*DieZ*c$#Wu
z%Vx8_oHwAFLbXoVqGQp#I^GGuzHv&y#>9AfU+}90Gr<lDxq;Nr(+uQfpvekUOrrN;
zhl0S%ZT2fM)aE(6lAolid(&J^*jr2uU#_8Qy+2Rp{?|%Q#{~}ezlT{{kPl0?Ol)ty
zBy+Fiv?^)6A7X9!m85C5we{m4!Y8Fyx9_ih_h;m1z5?q`9#B@m_Al8;SC%52uLBZ2
zQS6gqq8_5*_b4^V=e0qBcl3Er)_e2{OAqp}$R4dvQ?KQk+Lzk{Ypgn6msd8~i>w6P
zQ`}0LUI{RzDs5fWcsB0qPGBJBVWAP~bujION*8B4idGAkXn*Q(=8qOA@YxgBDdWaZ
zO+u|F%pd1litsm2RD~fuW_sJUmtAb>{R91MmP$|FizBx4&E&Xb6*6<v{X;&=2^?#7
zg(Pc6(<1TykjdJQ?Y!lyLkE3|2%7U2a^Z&-4BG;DSK~KuQl=x{vkvRPzq(UwM}B0e
zfBDzR9NhYWH06aw_)G6ZragnBGu3<8MxNA1W_Nysa|#_6KBYAr+$_IZW3<rBYqZ%t
z5SY5eCDqVoyabuADy6t5;Br6zJm@=Wr363GYTEq?zJqM+?Uf8U2fn3idTdxPZ>K-3
zUbuR?Eo(DT21s*jpg>la>hGPJ=5<oK;Ba3!;&SmaRv@%os(hjOjfv@oW~x97htmgW
zze!Gaz|JDVues8S!{0aPzabFc)isl%u*}9U7A;5wcO5K2QJu1BD4da#>{x9tU*0=4
zNI4l!cXVgs_ujKZYVqV3*^}Xck6U8oCda1gm~!c5qCB%JYOsQ|z}o_eRC%d-dawT7
zO6M_6$GPvP9`L*kY$t&{M`G+B8BAs5QPB!Q8N_x4Dr+~qBd?^d9nZ}3;&Z{2b9eJ^
zeb-JBpe2##o*fbDy+61Jcl}%4a(7G^l$nHUas#`+x0F9TAdpYyc75xPdgtv$Awx26
zYu|;((7svP7V{+KcG~oB;@SuTqEShwOz6eB4OqjV&FxDUmZ~6=RC2tpFN25>AE~Ko
zurQCGMxGGQWt`8aImEcfOf^IHuiUV5R;Rh|eRT5UAVIM7(y+J+3Ey>@i1Mr<ox=%#
z=VfYx%2~RvmO-W?R^(2`27#~*oym<pm!;O$0Ek3GP*9+$Qo8@5Z@)ywnT`XMjm(lg
zV%ioqIpmejknvD_ZaKkwF>dx%yM+|ime|o~=_p?(o+whwYgj7YgrTXkICQRR^E5Q8
z7fvkY+E-Ou_(iO~Bh2vhBRa!Rj&6<hgRElgH#!B$B(WMBH``NWQsIPeq@AQyq~cuG
zsbhyEm=I5%zwi7$@6Q(O3PjpM>%G&w1V+2Qvu&-<_=!~X7w{OHb<~J{#?18YiI#A1
zQhQ!5s!9;CNbPasP||b0Zh1E>FajwTe1LBmN4Gv^Vz`VQu51?Q2#V^P#)Qk|c6?IH
zQI9*G$?T+IOf&|bA7@_&w9|%#?79zq*4v$r>D-Q1jdjEA{!B9|dbVbAT0I}AyTvWi
z8i>ac0@p11nAU7$vM@*-Tb5ldA`-a%agd{-=DOTA>(NUn^5@;bd^p$kIL_Pg{cKx_
zqq~T=O0unS>s#^I%xRIEW&d~(**%b8gyU<l>1)0#ioNPN|GiMT8#XLWvJV+@v;N%-
zx3t6`i-a3F2{>`P-8dV*4Wh>l%R9M4Ag<2ouJ<}qt>L&)_XJnN^BAUHo<?PT7V&)>
z0q48Bdix#`PD`!SKGI*eW(-5XvkQvE#{P$*uSvGYI;$nR54&<>I#sWjtn8*2Vrq*Y
zU<G`AuW9uk7htXDzTrPT{WTL94<~y>NX#(=@Him;L2m;+K>?<6uB#Tgfndv^@+~tz
zDVEae<{{V{;_iX7`gdM2kdi>K^7rZdS1!?~kZ>SJR90wfx>rP5GpH(Q)(5Y9Brtk$
zgLX?>)3x<=U}2-N_bZ^`%cPCV4}5eN=0>bnna4ebKil3b(&*<T&hN`+?ADlxsaPm(
zUO*Ng+27mVhO&^s2jAv)lox)5eTg3qN^BtBquA2v$T&CXeHj$tv6=2ujziXAnE7r!
z_MeDHA=io*TC(^L1U)9*@oqAu7)Ab`L@89iBJt+OSaVw1YhP^H%Qi*c<^dB5m}Z8!
zYCm<XmUSv8$ubkgGUjmQ5SBKP;$%B&FPayS^l{iRk!f({)W-KkfA)B(s3Y1v&h;MW
ztC;RG`R4$ewkZS4z{az6Zv||UDvpm%MT(L~&-yIwOt3U=3nI*SaOPlsocPao3V2f=
zcQ*n|24AO)!PXZH7BrnltM_q~j-W{bFO^ImOJ#p|XK%g_I7#N=Zg;kxaSq!qPyA2_
z@jp+pKo0@A#iz`uyxIG0aG=Np8GjzRHrr5E_l?0AiE#V$^+n;u)H;djmn(Sb;KcKg
zE&TbVKdoNx%#M^^&TE;B=H^!D;({Y`BFqur%fVp<4IF|7SrRl^vo%UiA(12ChIvia
zd$TJ90xBH}^|<fj=HeUqe&`O7vZ9bU>vwe|KMXccb3DJB-Sb*HgkP2NUpF_{FMRcc
z@H73_J(#-uV}s2{sX>sm-{A1&YRqFx;Dfw7=8Qis9duYs&1jA_pP%BlM38Z0Z?9n$
z`Os&wUYj^D-R6fhb?#P65hoD5b!IKYbQTOB4%C;rM@U`4iLWiGQ`c~^U-gqErAX#&
z=DV%%7xgOj4{o#cTPhxxx8ID~OuFaormvCln(BbR&JWY?a(NOP?({86O$YU>E(KI}
ziLpItQn)%sK#Q>z0aZKIbEr?6ke8Lv#{n@|cXCMXS7r@1Pd>oi{o_zj1Ix*Nk$)50
zX(!^|v_w)D))E=<$u*i|-#r)B)n_hWaVdf+Be$4NxkD)>UCLiGA8knKv)8`6&5i=>
zbvv=O_3nq1T}Ycei1bZ@@Cl`UcMRd@U<I3tLTPFHhwj@I_q8e70{5-uFZ9`1pcA>Z
zQ&(YwTPny=$t7J^?~*8x2A@~BElCvUKwZ4Kht_R2Ms!#`=jePJJS&>RqzCSr(A`h+
zUpK?N^!>ij2!(fSA@?U)hj>|?@;Ek8__rB>*fOPfyX)Rs`$>pMts(|H981Uz2KD-Q
zTMDfmr1JY6giWDKu$s6Prov42N90`T(>g?3f13xlcVlHiTtM%^@FvAKF+2C4Uy7lr
zL`cFE5qBW!;U6wHUf1zG#V^^7CgZ+iqcWSDE6P@|^uBM9GmfLMgOc+ki_8xHBV+UU
zibhrxXKBD3m}Rx!(J!N-RW+^tO$5I0+V(uZPxCKA@7Os<M;Y!mZC@`v#DBwS5vD;d
zsY(e|BUm9Gb&l!h3%MZ#O&kq4PU4)lOLtDX`5E#D1Yo`JksS%&Tg4R5i_*btv8;*(
z$)%NU+NrGGDmNQMGFe)}44W79KK)T5^6B?=i7ov-a?c_Y^LXo?;0rM+t89<5z$)rC
z5wqH6zJ-Ro1YYbd#~ctJH2B6@y0q8Tq1FCa4`ey9`Nn6_Xd8tXT3g4cG1M8wk~1-Z
zb12s~+EBw_n=`sxsiPE+?&o;%;7x`PughQR@7Jn0u?FvCIzQaq=Y$u&0vUk&DzzM0
zEtTG($~8J*uoVJz@3E7EUAy>C%1ipCUDkf%w@;bcH(y4yZd+NDW_({=@C~@OaHdmK
z%Y^nWaL9PUUfaS(_9O1W8!e;hn1y^FFX))lj^@P@I{CU?SeLuIx?CHATRxdNS#WfK
zg(Mb9V~(9{*PwYv6hy`hyl*hNFo*mZdXi)_9GK8i*Sk|$aXDEx<u2|F0yBqMQGA_#
zjo(Fe#SuB2kj|@+EHR7@PnmQk+Vp>EswYP&>wZ!W%MXHWGVH&2H0%f=ia}AnTXl@p
zpj;V!tbNA-8vXh0k!f!x-2wTUajCuYLdH*BzQj8<z@lCH<Rn$j%I@L<#cIgV6q|iB
zxlnD)ew84bpqzIc^-RQ9V`p(zvys$^0MG5i*|JMb_fY36Nw@5;5wR{0+$-bNxxDt{
z{=ltN31^mwJzJx4Fo(@npr@1n!cpFFHtSJhi^m%cNz*-&AX_L|VW&e7!Fn^liQTe(
z@<CJBisMM<mBk}Z%jx<Xn;A@f`!|N4G@_y^<IWyP+?fCwt7F?7d_-iF9$q<*cn@gG
zX>}ely(TStrixd2Kj)>Cx_6q;SM8dDd~a=f!~MLqs2x~%JJ<5wo83Jlp5Y8%w=Q6h
zqsc`PvjdaI--aKrj%LE*vhUGnHOSwU+RMrA4NamOgv5XDRr;YA_>-e25NEc|1|}}P
zR}M=_qb&o;)=AWDdYHh6v}?1RO0E!F>ySY(G-3%1Mg9`(kt@RWrYpD>8b_{RRy~j)
zu+7!nMptuq2JlP2XMCX5cDobI1h=5W=~3>;y3biX@C)ePBbS_>s*ArNC?a58T-}fr
zLM7(o?y;K4TjQ2o+sNtW%&o|^h38U?Q*@NdoO+$xZ>DI&X_3~6jYFDVP#}HH8o;c2
z$a1R5h5sa|itVCUuvz_$GZrJ*;aLZ}VJ6cw6lB!b4fRq2nWl&<O(fEqC;KFbty!C>
z9DbpXla5hI#I06K8w?AJtNNgVxAOhzmWOE-SRRAP&Sc>79*ZVkrB_#9w^>=9SJ@Ig
zts-^ffjWif^1wxwqoI;LTWeV9&s6+!mvXeNnpz`h*%AZDm%y`)LT)FBkBle((pOS*
zTE1Kxf0iVUY|UEqilai#EmY-OXzY7G>E}L3yi2p<cY3IT4k^Ezje}q+AT+&ZpooI;
zV3?yG^SXas{v4i(JGOEwXsa*Srvg9L^$V6@{V3=V*Lk~@5F`LpSg>msPAY7(gAn>2
zV#hz{Ir}EUYZ-MPVq)sn&xPMa?0%+sE7f|L<Q|TVSJN~}pnZv`@_y-aD}taVcyY*i
z!q~>el$=#QE*pmv%I!NDx{>Exavk|dun~o+jK@??CW1O9YX%thw!z;X<}Pfd93q=f
z+yF*htbD^cp*`j$M60#UJ)klYU5}MJQ;%wSU3mq&7mIwXY;v~8ImrBks~4^ow!0i1
z3w&dDk$2DNac00h8RB%I&J^&u2&9XZx~VpZ+?w2IN_^w#ca$R|%f)SAF*ypVQdDJ7
z{4Az)-8?`Yb9^imMfQ#ikwK&dISFa|)Rg`}B;0yMrnf<h0`$}r+z#HwIKvy6Kax~9
zX%Kf0W2Y8GQ8D+02ct`gT4ZOdYu^8;CwfoCZ-<ZEg{1djRa7<QD~aZapWw0ODTb~O
z-N<cTvQfo$%LaGOu;{aX@Y%hoO1Ni}_m1_DcGhKX!tH0{c0RVU&k}fRfs#Ty+XA}B
z25s`vp%iFcz!;9A@mUgGU1*CEPG^wH63xe@I&w3MLzuheaDRe{Mh|!Q2k-pRvzxkD
z!5LT>?CPLHpxPQ39_&sGeu9adM~>R;LNdNlWn*?R^TKQc+`=Jp)eF~b5VMgQF`!L=
zA5ZV(s%EycO%hLwL)mMpURfB6W+9JT!4hotheXishU%IfY{FVk;x%(Yxu=`)I-=XX
zc7ft2!dYg>pT<h3{X^Gy!P+Lw9g25gI$c*IAr5d4o9VnMRC?IF+HT#fJ^A%5(4l#S
zt(AhgIp6s^WW(f>jMMhTnZGpk;zDTOK2Z=_<5+>Nd`d^svS%Q64fVB8&S@I1Bi%<^
zf)iZIcxmg4OsU*H)dfiph`oNhnaSiEZ>0~)0SyT{_&3Vx;xa?cws(5?^dWd=dc(`^
zSRETDxEsM@?TL_&atlrHZEL4#U*VIkaXx*PjuE<t1d!zIo|qgu8}fzH-TsJ~fu{Tc
z^D964R029lg3rM@xfijg;Xhu8W}iuvjI&{+Kzu~`(DGX9PVLpjZ)1!=3-hl(sSWQ8
zPH-T=_<F0DWrWqk5jCj<@wRv`b}Tk654Ac3txe{?J4txyTDg0aS+XzAj|9u8D|WtR
z?E}i6IzKE@merZM70j4b4<u&YJCArHOl1*Wy&_VU{P96zBM?(?X?(-vh-B`D34wZ$
zb?b)dUZx&?v$KRCqe{Ek(!(g2@I|ehO&I?0>|-k({_T&$&)0i3jO$(*KY{I+Hka*-
zM?Egnw$COyIp!y{)9x)IoI_Ok58AmRL$>KI!1mD^=-|+$W?g-j8CN;^2reuDnyN6j
zSaNC6FCJi9PQ2xk*Yufw<*IDzShf56Tx+ZpJHI?*Y)IdV<q%LY>a+S#`k}kT*7<$t
zbNBvBopNE@g|6t!2GFN4+y#!%iv<IUglR9vj|cq)H%wyMe7H*A7K!kl+fQrdKbUwG
z?aEKF7Jhx4X~IRLny22F_I%?Pe~CpPeWto`4Kd$i#Qg2;j}L3#B|n1femsh;+$OoV
z?mKX4GbaRlC3q*IdeW2oNC!CYrkHx~QBDef#$SY2EMqf8LZ>}WJa6|*nGXY>$*+?L
zCopBz-^JZXgyQY3g@t&uGmTX-mFAn8OGb2{LrP7%c_>=K6+66BHRuC0bg50MXQL9~
zBoN=nz{9yy+&;8C&*m0`0}Hl}at(_xxeN<Z8wlwTy~c&{6Vkg$Xb6Iv;HZ=Og5N3@
z(1mOdnhW@)3TJ6GLtPl0e%@d+MofBacd8xSG*D@sy;0PPs%r3YBEXb%175pCo)C6W
z07cnnV1yq7)=}tJ5;OWQ;F6Dnu=0V!u3hYPrC1l9EEc&4a&)H`EK<8N<B2{5XnXSL
zrb}Kg39h1S@evZ*`FWXq-PbJ<2*9y}+}A`2$%7xVqfj}qw;5MnjMrA5V^mfcIQUPy
zA-rxQ;ibt=k0xn4_T&rj_qJ8xOE?>0as%;rL%8@!r5Py~u_0%?r(s05vWJNkvv?rn
zzPR0R99beWtnT!%<{ytz-ztbd-2QNR#XyR|_+<~|WAPU4G^|FjDrb|=%=6TL)*F<$
zXg(AXi%>eyzHSe6`A|U>QJ$(snc?^en3I8(PBO*0MGuEmem$uC_O_t=wcyfm#khSK
zRfDv%Y<-+efV)uOP2y)KKg8|57MHf|hxcqElLQfd;m3B*m_YhM#xH~{0f7zZZ+jZC
z*1E57X(hU~H^E++fdm^B%XLu&DA!qJL`*0J7X2wU4Db>jF6a7tUZa5ARw6}W{;o)~
z-q%4GdEYBip$9MH(E3om+<4RaAJkwxtkZSM+ma11!8TXm6DVxx?BN6$=~Gma=alF_
zIudiqZy?9(XC2f7oU0_=Vx}mnllbe$*CX$+F0K<48l6?)VGRsaM5~Jrb*12Q8Ejxz
zO;n`{4b@7#N%KjVxBs14oSc_$LphTyk2n5pCk<8L&-)wN>V(z;LNjA0k4|`nkzH7O
z(KjN%wb6JYhV1Q)(X{pCfn;4Cs!ixGB~`DFiVwL<tk>&jXrSm@TX<RXQ-lcP7iw=`
z@cW9%$FM%Odo<oF%EQTaCIntEHWARfMiTff8Xr|ZSV2bh#9E?x_-5qLHQ1P5zc*_Q
zlf-59rZ~mv1qwHMcGEQ^E2Kn$cD@x|iv~Te5n6LP_KAQFxjD!)j+-<OJu$V$SR|%M
z$BZ`T8I~ZS7Cr+dLQoicBrV=7Ia<CZ9E<QB5c8Mt2`;k`{3qW(_}*zhe_-Og3gp+`
z<16yOlPj7T+Buji9lH>Vd9oRr|Nf8|aM=2`H*C4VdvLs^<cxREFCPy|A`#2<HDW7(
zhtsp{-V2nD6=SQJe?V1a?2tjA9nC1By4z}bnUgB#97SYI)N1r%i4yh2q-^jnS;RA1
z$z32_)$h`+c#JBANmbet%uLU>9y%(za){l4wbB+qUzrbAJdB*T95zBg(z--NmaUNF
z#&E1TWg66p8}4p>^9tp25_OS`)#HbVbMzGPXr<f5MTaY=S9x!-1=(XM0FmTB<Pkpr
z1NXO!tA=T$F*G=!)EhcMc_N}h2BAtJiJE}ZP4CIel{{dj21R^{XzMr9a|$_SG+r|a
zYe@p?MwIa<E&2;t#a(B&sZrR^Z5n*pg5aH?_$@3u-`9pwt$1i{l>^j09UF>-1PWyC
zi8gIy>6M(6eWN8z&VIfxOeM@dN*Nx`Zw=j4Mc9rpFZ)Ks1XK8JG&-Qhh^r8;62s}d
zHf8P$9ooJlKI;W8v{IvxN6`SaSWwagOWJoDm~ocTM<W8?jsZjj@s_IObTma@MWF46
z#P({p5Y+}%P6axb(Gb`Xv*IKls|`C4?U-B0C?;gcjqP_Ypvwlko6?DKyrbpR>ner}
zDUcOIg*!QUYz5fr(pN3V>%+uL5%Z3iX8}xbl2&sSAlj_n9#O%=vNkQZRiYmw?l_Rp
zvZc0p5*_8R)!M51lLaVI)gcxhTbA)#t^H!>@PL{%IBeF6#;-PTi(#n%6j)sT`SEBO
z6Mt>1mP8rzEt|l+d%qJ6g_rH<$BXF}U-9u)T4yoLPY#B4oxnNcd`*vhO=q%{+S;4~
zw^rud%pMW`uR{>e4jM%wVsu4S;*X)oVlCQaEaFo0<oYcxE`olQH02#nuJUqs#6wE#
z7}a<+E_#v1F=w%*)rZDf3>5XaC|gE6htKj}6VnvuE?bE(Qm4nNEylYb;4N-~lJ=Za
zm}3;(2&Du>JFELEW(i3Ke!{)#BrCIlBGVTFqRz`)D&4*&JZY~q#{$7tXz}@XTUvr(
z)YJY1^0>Wo$}cMwZO6_|w!%>=)Br_A93lhN)R3Y2##S^`MpCE@psJVtE4K8Blodk~
zXI<ij^io+>u`x}vitJQ#;|ztPrK;#ds{2Zg0@{I+V=!|vkz$-PTC!L9mMOG3NiYdr
z6Rohe*0lxsk5rlSP1y11M>ZR_lfmjAw_GiN?KqT4<5ksY=3_5YaZ~4*BurG))*M_e
z6q&NE1R~zF#qq<4oyEk(VAQ3Qxb^n-$ix)|=@vNkq`I(Ihv)Zl8`X@Gp-)e_-4Wk7
zLbau?Wk#)o&~4|*7(OxLsJVW_Hi$|$VvMpe*SCKyrnN{Vg2PCvJ+{qb4M+1&3Ws~3
zxc|_?!A>rW$uA04;SCnD777IEd~Y1rhfsTZ?DH^ugL|n3CJdphC}Kx3Vha+`i?J5T
zB*M#8-x>76R@*&Y_Na^GIoK98TBiYkkbv9AlqU>~rk>#;e!4@WN(LNi5+Sxn8IW!2
z@WkL{%ho&FmnIP#Y?`cjbKNYK^-9rBos3ek6i{ohOHA01{W1z0^^6Ao(gq5dbTI?G
z=F_GJjAE$m=5p1FsgU;GIFqqc$z*OyD#U=ipzJ~|v}-cESN7_3CgAz{T~p5Zo($s2
zB6yR>udSfev#9$u@}u$ck_IprEp=LOs3mJ0|0e45_*)|NqUNfJc2VLe!sy~Glqkgq
z2rf6~u4dfJj~urZwlJTC_VoB)@>JyPwK=RcNm-Rqz+Rh-r^k4!Yul13HUh+_cTHr#
zMXuC+dHbOw+F?OPZ}0tl+U2bwf(;l$8XCG@TRe_%6h%Z~V%YK&YdNBDS7w0!b1>u3
zbtR!8axD=>G{QZOuM=mQ7M&{(n7S}(Nm5^|NjGEeX`!8_mRFE9El`wd_%1ktf+&Rc
z#1c($LJ>wzFARIzu7T3#(h<D3v)~pRnG=ATjxHm8<<kNguEZMIyuu+{$NsPeE~Oa{
z^OtF!T|sX&tt4r#aTvp&dmU8lW3UDtuXE1|MoEg>Zme_SWfDoxB$$tY=?!h}POgvL
zwqnpz)%Sq%14bD=p6j)5%O}I1brgA7BpL6%TU3CeQnI7!qbr>$8wPt`<fP#$7~<hA
zh*b!T`n;<Q^^gv}{X&?0vxvfTL6<9OJ9kC@5vAh`D{0V~dg8JIH?ZpWmrJQLIx8p>
zj?{p{*rPlAFvOx{gbFQkR`$yjX_i=x8cINjN1PBVb*xBtr|M}}0EUjUC_KpIjW3j}
zyOD%54Db@ak!<XS1>NmcrGN>)kx_^@#;1BK983|wjjXKaV*`&a_ctra#D-ouf*-*^
zDhUpoe?;^0jO3|kkM0p~+ph2{2k+M4mmH;@zet==<uNE?kZa#2IQVc2**5x=3G3#D
zMC9lw#7EA{ufx`{60ww`iLpK3qDC|13fTz3u%*#A#*{UTdFk3l32Vt)lGH3&I8gHU
zMDg(9Kg$RP&g5n|1f#$37MeeU8YFC@M1L*h?e14xg%kPTk9y*d#$)(1pkaC$=2GEg
zTIngqeAO+OqhgUm)FJxYW^6V(odmQ%3238bS~<9wzrJdA0mz7pFN2P|_B$Y0ADd;^
z$jQqBM<X8-QEq+^adDjIs*Yh|0xEn46M0QAQ8+HuMf&4k27#F)zdv7Sl*0wz5}Ij6
zqDkIqrsB4LNMm5Y=s(YLlRR5Q+tRBVf-)QV<Dp@>&+YqvgC<-el>1N)FvBLka8>S6
zVW0z_&vY-U*!o;H$84AhH;Sp6SED1`2}v2htw{2=e(iHNZn<ZH^@<NY^z76J?9)A+
zX%YgwF`w2uOkk@Di&NOtMT!+kll2y=RY};488x3oCy9`YXV6c8s7WAzSRKVCs;G^>
zNASo9cK6sFR$li@nZ<)FS$pDqG#Y?lXEsSgwV^CN)F^@7GY`8G$cQ5^_`AoVB%nDE
zMU<J5)XDmyWq5pEFn7}PdcJwYVR8}QpE&#~-Y4iq@m#@E(2Q82zc*2IV6TRG^w%vS
zx3OZCssqfM9rrg)?XZ4x`o8LMQut$PK-YjHHgIK)elZ#nraI04gi@w3e{(_b0hnaX
zu$AcVC*QiAS}%9)1aLu_Nz~*>*5X`pkPWDXF3yF$8Ij+DR|aBaFk|7=D}}xD`z-Mm
zoNFYr?->-@g@PVnava(t0<PUlw-KveXB?z13nlm=bpP1$(k1~4B|fLh>MQ8=a_dow
zb9(KOAJC(dFWV%Mv8oeF4#cgy7Vfmac6Hvy&u=o0Mc<UGcq#K<_X@$&Dn~WO?hJhC
zpLo96T1Q`6FCL2x+<bl!ypD6|hBuxPa$(jdcr1enL^HpXEmf?{Lc2UHj<M_<W_Wlq
zAnm=SqQ*F&zBai;0PDF{j)>mBkY}hpT2n%=lv$ivmj=z?2l;!IeWdH<JboV><g*wG
zWY8PG3%sSe_e@j{3fiIUSm)@U#9WYWI$Uptm-w%labVf(NK*F(6QUI3b^5gn*(hT&
z65x%ybJU?(hO$O2u>{7Gp~}y$>LvoHP>2;qzW?KSNs$eqBl^sljwW0R<z}*Q*5Vu+
zh3x&rDsqB~mQ(M<K)!FoQVybQE9T|p55FjPjJZX?d>IQyFg}7-o~s-x&fo+gVRatw
zegXu66WCOOXu`xr366$~7D8#Q)AoxNc!u>(EP`1vUdKT_p^>)zt?&mY?>GW%4Pqiw
zJ7r{JV-a#5A<jjVV(xnTY2JB@eCh;8oe$1h(}q3VYW4|E)Hyw*LU>~qS!wf`4YvP^
z<bQsu3McJD_`T;ZSB#!RWv!Sq90-J1x^8`Nu~r~Xv-@cO>`#O$DkT1-&&fN%*BMHE
zML(Hh1)3ZQ#yb%H_A<hwp4tr^xQJZ6dGS~lUmVsytn|FC#VJ;NgNDJ9xD2gPOazs3
zt`_x54DHp!S5R1ZUOA^%Yryz--)7qSyy@SMfa8!h`|C&rY<)_*;eb~iUcayqa{WFf
zVBTz^EVS;xvr{v<6VA}|ni0PF&B57>FetIZYyt|{u@UPJa00q4m!Nmy{SycnTVnL?
zH55=ceKXKawfrhfelXT-x7i%qW8|Zq(*}yixmKDpB|nqd2;vwUOQ~6D)~Z{3&LS|(
z+o@UlvHf205w#I~?VZKT8nb6#csK@p-QHdZ=e2U$efj|qu6U=a8n9(?7;*1uC^mbs
zaoSf#Fso{eYy6rI=1vjO*KeZP9V++?b`gcDyI;F(%Z{I^*vdHHK#%&-H8|r~y=W%z
zf1n@)+^$+Fph1TUj97KU+>PIiddeZLy_tsi;*uWHi~?V<ghrNoc^?XKD8duXJ_?GM
zldGuba9Yhsz8x=yV8NH{O+3%Wgx`<ui&*6plAT%Sj%sDpzV;t#Yo;P@{(3gIZ)V}u
z{ir|F3-zq4Bh;txQzzHz=sVjr>I-n*TOv93%vw`FiBzc$NAsE5&6c}e!M4$_%3fsL
zzPSrhN$&t~F`0XKbtk&tof#w!-MA2hl3IU)G2;%8+=tY@ZV|FB)=?9)%}ug_t!zk5
zgWdu!pxcjBPCdZ+p%A7hxNVV}R)b&p3)Uw~bHg^khMu1nA@}`rA^*<82bZs2Qgk(2
zZq)ZLxL*jD>PKh#X+!2NZ{i6VeDa61ZMM3x1rt-!X?8HS0*9t3#BE?N&@e19Owu+*
zsz78vAbV|FIpq@IKoiQmyOZ(0rue3f*y4(5H29n*hO8`BPHr;VVJ%t!j39dadHyZe
zn2LAeKK(`-Q7X{6cGSq~ITAEEyo9h6|4v!J#*U%x)8KnPqCC{Tw|(d-6Ze*2UVfo>
zk|}8trVM(d4GH2q!<J#skv*Dm4YgSc>dU+EOY5NRD*CqGU75$_#qL~9WJE^&sFaqf
zI5FA?7<~TlB1&z+8JA_8?I3QvO8h|<fXY=>W@S63R+~GWm~{0lX87`Tl_(TggZ7Ud
zW2beO0aov(48LOd>!{I{NS?7SjUQ}P!RL+<ln_DX9`goq0tCH;9y4)3_T`w_%$Hr-
za<Qu_VX93+Z)Dgx4>2Na&w<UZdHW>+F*#{&Cq8ZV^GmufU=Kmrw`?*Ji4k9F%IX5C
z5dMh-Xo7O1Zags(Zk4rBRMgv^@6{XhmdKb|uESUx!z9&6%7kr5!xG9cvNui!Zh9($
znxEV<&qtrk={lWV`qj7N5*cJ&@?I{sXET`y<|?dI7E#3Y`k7d`U0u!2_`upi`UejO
z6KoA{N!{#iJag4MvMYk*-8%Z<3R#lQQ3~@^vAa7(bwy`U;x;Bu{jN@uO7@#QVWu;W
zrJpYwY*hU2?{;R!*sB)QqZryg9B0hvhRYq4M1hauh*@-RWiW%=T%-yN*nI=SD11a`
zg5=zGaXP0Lc2|oSmV6rC2EOQS&dN`l<;((GAC94jnrk`Z0rYg=!fPyi%US#msL&4W
zTB=<KI2TC_f~;TaA_gfwJ>f4M9TG;H%JMd_jq|a-w(d_$;Zz@_8k2JV<@)p+8Wr<!
zAvdy3Cjy{~`Ptc=n2^$pDN5VHcc8dh$cC0*2g&zRbW!io)8;Z>t>)u^AN77e37Zwg
z5XFF@1*qq8W%3a3qCUego<BbqT>DdD71(p(GThvYY3{UT@V0;L512A)%enmdE)D=(
zI=+q-*_e0fG$_Ihux8beEcl*5Isuqj4x74y(Ip?CZ4EqZ!$!RCte@&TJm0=Cu#eik
zZEtKp$5oz9bi1QDnbGBSt3(l#mpMz@P(vgEP?l_$-Z?!p?UcG1+w^&l-x?AoT+i?q
zK|sf$M#49HXs9@Bkjf#K_C#eW6tQ2U_*S4gXPn|BSygoOJrZ4c0<VNO+?2UOam}~H
zQu@)DHJ(Pyn_E5Ynf7u55HL(K$i&PTPXym*ujsKmjsk~Qka4R>FD26Lcl@P^xITEM
zFI%k+_1UUl?W53Om5t$Rb+6L5yrlg@Q<b4oMT$eMOEdtwqneRG0UiP?+zxbP)Y6O4
zZ&rPU#yZ7D{xT@&*{po~oY*&Ihcw3|mp?tm<qOl9yq^-)mWU<@y>C(RpJ$ity2-BQ
z4*=?ss#`p0KGi|#&R>@EX{CL@+Tg(F@Lw=KwtQ~J#;>cpJ}Qj7E&eFiZ-l1Hmq@JG
zH=MtAA7gYAx=!dzlkM}}(7Bsw#yXHEiPH_IZmacC_kAH*8cqFVM3kn)qihDhSJuMB
zj`B!f@Zz_1MVky>qXVtT1s#Sb)>11^C@ZTzguz$YgWNmWi9+$aq`Ot^LLO;wC!yaK
zzd~f(<NLw<KMiE^Cw%F!hOw(Y;FAlQGfDX|dV0|CIOsUGsGW_;_kKNmY$YiVGG8Z3
z@=QOxKY>+@uu{U2&-J%?!Ft`2B|XNErR(`E6vd4$h{7OlPa7)1;7oM^>{yFQAaj^E
zh@mrd-LT+3#q6`3O5%aAD=z^YoXSISwm62`a&?m?D4(utXH5xYjv{Cen5dhU5G!9s
zNncqlM#e=T{)|`0$HlG9+O4hF>Da5Snb*BmtMc@8|M6+4heyz}kBPmyl2I_3OhH8v
z1)T(&NQsL=uRQEx0dShhfbX;^vrW(;25sL$b8*@5m-W!dX4i41nk%+QE9&8)YBuaj
zug@x3rRV}BV=yO8*)dMpyN0YUzm`2JY>0gUQFF$NfX>-G-2e25x`_~A_`U~-)CJ{Q
zkvi+-rN?u5b$q;90K-w4le#y@Ti5_%=RwJBh*Mam0?>U&VJ}+D1X7qx954Q^?D&GB
zK6MZ?cz%M@T;-l7<=&iuHOLBlHk4ACgN#wejLI|w0m&>bPPg~M%f?h<h>2CTMW~B<
zsHV+tD}wfAL4_tq*A(9wN8lM4>fG!qg2~y;jLg{V+7Th=k8<JrvC#`RL8VZ%@j%}A
z)B#>fOfV-0pB-=Hdeq4;NgJW!?pCj6E7UsDR_#3e=uU((Ymo<bAU7VdfjKT(bLFf_
zp@U5j@38;Q1*CL{np2~lq5acavQA$@qYVDtqxOzd)n#3kHS_~V%vqeOR4T;;#u!H;
zh23P?5&8-ObC!?8;kO_4#1zpcuut1VZwH}q=dU?t(rr#NNxmo{W3*dg0;)n@fK+gz
zBx4LEP<1I*qH~$><A4c3rZ{3EY$`sAAi1MiTi@W2<G~l?3%f%MOXK~~Sd7_?meDmt
z$-U-GqI;w)cHqy30DCSfJD-@bXiV&2@4B>J64j;*ax(M;9D9Xa0()%Kb^NKt9MLh2
zT$JQ4W+93kJ@i~`og_|H&S|t{ydsArDodus3`Ob*@^v`bjQI_ta)$s9WSOC5;_#wg
z(pQz%HGx6+lduwA+^mi!X)dP5EO9NARh%_h*f6@<7BkwhA3aBKB0U)=O%qixrUp+U
zyH2pv$bwW;1JzKOQ3rEMgN`Z9fYVB)w$zn_L{qTVao`}vF?bSNl9?Z{lB1%jNKBQ@
zk|yqeUj0HaU#I{m%(yMgmLR%^U)f2QE?$zRQJTt{tU>GDPm0cN%t&>_L1foE=ZyWr
zoCt*#g&kW*bD(pE7Bm6%MSgIl$pV^V%u$0Pzr4zxWX;j2HK-#^(PT;1I08+>HJOC!
zNVA#eq8roLdPs8AR6LbPKsa=Ib~@9j6Z!<0#KF7x*j-a8{1mhQ4*+sNjlakg5vh>@
z0R^&?aH9z+h=K(saj^+3GXq4$491)W6C^nXMG?Tlg}g+j*$pWeFu>R*V`YGdF_6oI
z#3RT|MG=95UIe2BmxRXPLNq33Iag^-2}HCoz@oshyr(kp;ehMua<kXWbhu_-x!$ca
zd$$s94yx_F-tNoYZmDFN+ndvOE{&_)j4@+|Sc8SL$K3h1C%$G+yVP`_T7F)(G|jg<
z>Y`WO-8xTZW*~E`mgu0HRnMyK`s%1;>hA9D?(XjEl1!?peZdULHD5UUCeH5e?(XjH
z?(XjH=b4!%_L@sHw}p{OC2BY=?PV>l&DVE*Q>|Wfw_T8q*L7PfCtZ;%HeJ0r*=;&~
z+}?I*%`YoAxw*o%6;1a(ZM~h{ii{hAx#cOnE{<%w<(?Miah2z3``CMXZ8_K`+pOuf
z?`R2+s>IjaIA!-;*1O()(5|bUeDg4zz=}QFy-9K1uGd2_W4_Mo)uE25cVX1jomizK
znRj6DohI#Dsk5vqtCnHRZ;2!W=Rj3c-X7t@+&Fu<d%L~ScU5&9sP*$dVaJ`97ED>>
zkXl`A@hGpo_o*H2_1x+mZVJumFw?N)mA%xRVKQXA=F(EIuIX!RUfTBg`(4#eb2qi+
znyy2v=)f*enbZx|Rb2)$_WL`pwwrOXV{P>881#)<L4qW?*PYjUJEu0=dch!Mf?2J?
zHs)&QCsSqAc~B}s?mLy+TLciI`0TOW)H>&B7zqg3yOt?cWxJcXbOZ*In^bk@QNsIi
zi|M`1_jh(?W@mP0W@mSIc5bcR-I&wGIdvDkyQWo*CtQbe%NjUv?gH<(Gp6kB?(Xcw
zs$N!W8Lvkk-PZPvrF#30ZdK?Vn{MS`)fVq|N4WYE8%^b4?yRx9T9kXb;8bLJy}RnI
zOl`LFb2_DLl_JiXX1u=S-$w5B<!xl`*{)^w!$+Lm>doBB>6gbT-?%ij9LZOi+?H8V
zv#wTEK1lWYRk~pWuX^r>2pED6957(Pg9TXylzX`(`x~jAUaxPrOKjEeJnR#}ya>+D
z*S#i<HFuuX2UiO@dB?kIuNLn=B_Q4w4WW(gSAdh+>6%swS6A1mPM2gsVo8oVsavyq
zGll6b^;c!dEh|H1-plE|&aSyfcak>xwr$ENX700@;##W|@}=?Sw$epO!&_UN>ocO~
zwbQny8{X#Il@!r<D#4=e=QEj_Nv;XAB|&+ws;F+XYm4X5wNKwi)5lwH$Pb5jF`;M|
z*0IlLQ)U?p*~4(@u<1cUL@+Bgzb)KzcWNsN9<pwzb+(Y@;Z0*;Ai&YO2$(GC(bX@r
zJTNO0H0^IkQO)UkzzvWI&O}m_@n+lg;Kad$bnHW^cm`ra4je(gK<0D+2Yk!VE`8_A
zI*sc%0K{IbDo!{tN4G6&0_&!)RRcPhy_Tm6+d0vA4{fZJvbN`UZ?!;u;fD7z`1p8s
zFx<Yo>+gG*c_w?nG6%d`(X<-c-t?pEe!9jDSqu7tvmUSzCi7PAi$Pwz^Y5zO6&o6s
zHZ}y&j8s%?Y)}e_BsSQo-Ct4n-Q;+Jf|Nr1JNd!6etnsQnYX;W6i`SAh=_zs<rlAP
zDgwYh1Rr<_JEObP;em;n+ve+PmN9$RJXSw=A}GP~6U8})FnO2j=iR`(C=rk=tGc;~
z0ItVJi=)MFS2%N(KxqIiu3=XpG108j?@$XEEC{E8kJWdl!P0?)+Zova3or`a?=-e<
zUh93=Cppal)lp)gF<{9nd#cs;wXcuR@4)EHz<q#x+NnIu$X{~n?^~-`7nknC!4ycW
zA9uREGVi+Me&BQk1yvOUQWZwSnX`2?$a_^dbKIWJ@z_2Abkny--vihRKVXi5Q<3l?
z=^SP*vas5K<#qA|SRC`Q<F-T<*BAf?R;{w1ftU!v9^kU<Qk}qBL9z=dg?2m+BJXl-
zNt0N}i}#1L5qrDS1RH~oX`^SzHz=MypbQ=w+1JNK!NKa-v#zZQA)#p0g20{Llpx2V
z{1Ceo!0lgG+3<gGa&<|MoNef!H7?x;24pVC=hei>4z3&p?;(ZO00!t=Y%I8?kt6T}
zTGYXaZm<RM=n+}iC^<Y{k}jBE+q7;S!PCroh=z?Bl`+q_ZVoP(Sj>ZX`^a*4Qteyz
zi~-fly3xjZ>40hH6Bk-t?gm&_wR{|qp4lw9dK*jILZlLQT(CR^*~$?3b!29d$S_cs
z;6>Oq?|T^v5IN{$D`1mjgB53h@L+as=@hrTI?HsXEWV*Mk*Zmg5Ij}yyikVF*PH`4
zB-9(=?(S9SbUZ59z_zxExV&au%WuGmUb@+G9W-Mj2ZxfB1Pu#sFT-<cCE!VzU~nY-
zsV0OP_NnP&)f38K4ExL*LJZOF91uOQj->Bv8o-4@yPVV^+KuhrXo2Y?d!6R)G2lEq
zU9R5^87r%R_Y0oZGr%+9NKofPT+GSkdwv%x!!?6K$^>SIqq_atS96w+2ZMHi()YTi
z4|~Lqd(|o#j6iDa>fds=p{HOEdk7u^9j=N{TEX7FgfDnOFPCF_ovr&|O{xU5x;d)F
zsXRJ_H<{t?5NBCa7@9YXxzz9x;2q{(V5a0hFf&c7FakdN=pgThny=ZJ3=+`8;L{c1
zIuX_!%JNE&ud==C6+9!{$$~#g&@wtqAVfFE6WZ{m1XACFj<aQ|RB>&?&fIV=bKW_D
zXE}cBzfWM-pp3WYY5K^*8_N#&yfbs<XC|{S511kS7uB(o=Y+y4H|%N*8BbvHo{5R>
z3}6GWx9rp)8w5c5e7KEWaC27pt?(7sRK2~=PYnaX2af`LcdWQ9(#UHM1~V?~q|umx
z8H3^Ml2P3p=~Eo%l32Fp01fuY5}ygSy}(>T49{9+b;;?0-jMZG)7|jgV#pMl&93(M
zkdRG*PU|y(+y!YU79)-Ciyi<QD=ACQE_vaZ(Sfh)OpZ(K8S^k?A4I5g<gjK_-+24p
z*<ZY$-I>{dAywApL^sf9IO|>6&)%tdO2>IaV|dWX=e-?!#`#Sf;qMF@%X&ri#bYOj
zoz;sX_i%T+FQ(68$>CX6^896xE*+#Y4P57DFznU!!6kP<4LVc6K36X!&AOEU9`5RN
zcYN_ebYAGnVg_sthuwajyScXM1}NpL@Yv{7)}?O@%!2^Kna+{u@DM$Docxz1lPj+V
zfG>+Ppf9DKZ@_zBHpWI(KALg_>8xc(gLQEmIo-+C>*hio!EWA%i%z*OI(0{4rKyab
z1gg<n#=8J>kyOC3k_$@BQ?iAl(u0M1rE)hXPI~KgaC5XU?q?A<kl?Fc?rUA1^%19X
z#>Dhi?w?+VYAVB<n?s&4pu>(V=0@PrZ*q@n?wY#dp@Aw`-tLiD%VP}+G(4lNB-4>f
z+LI0;t%M(D`dSsC8+qN?*|(H<Q+wDVcbOs>7Qb#-mrd9WZR>V$_5nrTf;T?*6T^IA
z9?ovZQn(U)v&$UZ>?98+;i{-8q)zyaZcFkKRvaRQ@X@jy-s}|zpCRZ1t46%S2O{5A
zv*_?(w0ypYiSJdK-9Gut7lQ0>;=be8?<>=Lqt5vnJ>h`VRJ*tYS7a|<rNXK}j=tHB
zg=iNkf)0Bjs~YG6yw7e$nrU!e!DJET%_;(nJhhIsohj#dD!^~c7yuEJSB6xO36>#-
z7dQ>}&`@cmejeXeUX8A;Y+%dkZGf|?R!%h`=%tDPXzVcd?5+Z;mAw^c<hTKSKn&R^
zb_d{1ULM{nFThK#u+rjd+zS+p@vjbrE)2nY)+~1OpeS8ki?KaA2U8txirF(7Ps#?~
zfHQ&_#PRj!)Tk|$?Fz0B0bBzL5w3;h-qw~XKE?%ZXzN@A?<{T5_N^D&hFCY=@RX)*
zyeL$`!zJP)J4ij5eQ<eraN6H(N(#f_jV4}~@UO1>p&j%SGq4Fn?fOT<??B-5Vs@U*
zbhR2J0qk7IR{MpnfuheMLb^T@5u?aYb#zzmq365ACNCw9LO1MiXoAA{)U(!$Xc9CV
z_z<V3tsa~A3*)mjWs1AAD(N~aZ_o=3PGWZP9v;wb_3&9)J<Fhe1Jw9z;P2j0RqoJ3
zv}D&P7hO8JUf3QU%ClX}b>3GA8GhOx1J}ZR^!Ljt&yZAlhyurAkY)kAXiz8GaZL&l
z${CqZ_uZ!jUwMi)H!R`qn~V%HiQ1jqcwoh(kq8IW0h!Cq1&H+CUX_<FS^%BKyPNA+
z_XVU(ci{W81qb29d&1989IE2_l>i1Awm8k)8X%%I2cmfn@&kM!?46Y|t>knEg@Kt@
z&?{Mdy8{zyVZgCa9lhJ($ng{t<N!^M58;yb@!*yX%#3WI28^QkeVS&pQWfm6s9;xu
z=xkLvZH{@=GXo*io)WDDE|zz2Vo_1;(8$3qs=c8FZwErhE51B-ieX*cNI4dbCq<w{
z6N10Hx%yW^b2|NA=boyzP4ED*sa-3_<vrEcAEyCRHwUcy9MMP_$U718S1?tADcIj3
zy@Y9CGmdGmr?$-9?tt|<!4^kw8IPZ#$*<Y$xQOjGFEyE!lwJT2W{qgp>U{VQZkhsU
zAeTF{SQSQq!ju)hhE7AoEa6ux*c4vE>pBDD?aaaU3`9V>ufuz;yG2>ueU<BGC(?C~
zS@87-Q9dXWvvbNls~uSnB+>BEMRYg<svTg3Tm`YX6?kA(z!4`AMWLaH;IqVV6p_f1
zd({RZ@H_3I2E>b~sd@wvp`IDxf;#qE1b4Wa8$2eay7Q-Qd)wZ~7YW$sw%k}d=F|Jt
z!g_t8jKS&gQH&P7+jJ?MuDRB#A-C+(QQ&X9tr&2LSJx1ts*D^Y8XD-@JUZq;tw@do
zr<pnv(Pj<l>c}uo#^`2%W&7P*!W)HZon1-}sf)um-U#?{6#OvFS?jZULL)%ZJHs8b
z!>&?uK+f72xTiy!Lt=#PV^>~ps{Chk<G0{N#fxV6crn|KT`z85Nrz@;iGp(3;f2tB
z6t=GOC%eN?;NPzgfM>$cL)%$E^7n(7tEk2p58m(tv<iJ*@jNdsw(Rz%HfF&wxu<*w
zPitJiY|+&isE8sUu~@7W6j&+>BN#DP-On<pZ=KQ2gxRQjF}v@o+To%}p#)+ef(nQr
zgWy2$I+9z_SO`<@iZ2d$Dgg@Ud%gPn>&L%L*_x9|O&ctz(vsMzENv-httBN=Ch~(b
zE4POP?q{aduAPKRW8NMoE5kf8XI5B?8VPfId8j#~Gmrrh?|6^^Ac~@(h@Q|@S9m-<
z%uepNee~S{rC6ZCMTAfW^IX@5P&dO4x4FZhG!I57JoVPoAa7Yigs58F28|Kd1!r1q
z>lA(7_dyC$#d^oG@>$$ksUI>Zii3Pj%>+G$!&Tg7=Wds&$o0B6s?BIvBvD}%6(Wd?
z^_=Buq&e;QzF#JXlb-iwX;W8Kh%81a1&b6EM_J~)cXn%C_Vb7Qun0m)|I8$-{9z?u
zaFVa>MO3Hx!b-UbD*b%EY4dl!-2F$MchTNBSP^T_>5u4-e_6^~hj-q564{*{8b#<l
zx5pV64p{B41%lRc%$zw=O@?@`>1{7aUCnMsjL&HkM6y^G-vmR0Memk+?imiCqQK4u
zp&&<k=Qk?*n&#?|!1pxZx3<Unq9WA|b`8IZRVWo_?y2y>w3ba{V@pLm*0FfzVIA0Y
zY6lEI03J`M+xfb8ylf_N`GhQZrRG4=Jw+nQpny1cdRWVSLS~w(z3Y{^%bEJVsD%tU
zM=f994Gc)>qUL4csZz5J>+$S3o&gT$+tafRUFhCk0MWmyR*rdn=oQ_B_;5H};>c^;
zbz06xb!1hRA<MUSdWXS|$P?$@yLE=?*!v;e`Oxa=cbBgm`zUr0=H9X*t&UJRX4hva
zv=tDBAa^W;nT04=^8NeaZ!I^sby)`w+RYqw@Ti3+>=t!$t6Pk>Lc>}u5)hW^UY(tB
z3Z)M{`@Z$xieQ$KNPheCCFsAcM%;f*Z=~<1cX2)4-Q6eIj(b(#-*MJ3Yps7L7fPe{
z{EtQV51Its&<3kB@273gtINm3IO6!~7zy_dSVKy9iq+|cpT~)?+WB64&UIkA&RV+3
zG%pJJZ_Q+*By5qr^ewRdNho=4G6f_k(UwA5{ZPygo_fVv`)Co2pJ&yT&7kd_MLi*q
znKH{t6oAP?gFv+orR#!}EAtY3-xkQ6RHN@N(thtTzTce|6UZz$a7Fo#+ro*omk(Ms
z8D1<nArUtEaQqeHzh9f*%Iv=7^uuuWvQ0j4;vtlfh@tn7FID>0B0&0BmURKA&Gk{+
z$0)`(c3;`QIk#(jujjc7-=I`Z{XlIZm#@UC{ADF}5%kVHX$-}@cv0N;kg1h24qh$M
zsgrEOQjtnwl*ptQ3lUL8vbwyKrZvxYzH51)(e_&TWfK>ZAa!UF=-R%mde)PbQ+F_L
z*oS?b`$N96T@GqQ5oGt-&q8Cy?&V}Vn~*amZX?l=N~_mi&0E&nnpxc3y*!&vY&DwI
z!+PHKE#AmlD-nV)4Nev&cMm=Yy?BS7I>%S*%*iOv4k7iNwzy(G4#660-P(9i3o!xW
zD<Id6Bn>D_ERBe0O^sV47tkszqpq1{vfEopoEtXPRZ9h4t8mxBq(lM?j0Pl0X0$Ym
zNV3Zl7=XqRI2e*el4vCiBxP0v+8f^w%e@m4+D4~Gvcj|?HPzAMCE-I&PMhU5PQ`#m
zPSu4<N{<mpED$IP`hvDVRmQhWb_bBF%CeI(j89gUu3Luecp<USuq-I6Sv+pmS&a=@
zmc5%@jYO?og70kCEYq3*ABJGSGg&OmDQ3c_6<4$_EtEjI9I=IXZUl6oB6xk1MT2y&
zSTrD@2wVyVQA^;$8ZsXd8*GAoF&5voC5V0`)Cm)5O2V;XYZg+tK(Uj9Ac%A%C@6u)
z%~pgkvb#lA8lg(XRplbfHbEeYIB2*i(2&pwK^2KCh<u;CrMXq4EKD$>U5_rRsPZp*
zWi(+zGtM$*j1A^}UON&p-hEwe@dd#x1-fX!ZL-444tJ(>z4L$g09)`%U`&Z;ug<%}
zgj2^eVFG|CkkAA)6K5L-Tv%Q!WNwKV4kcuQNhA{x1s2SJCM^~~+ib?AsU|8>Rvlsr
zVoDMiwxD5U5P>+n6<VsirGZ$mD#-j-Zr*nN-%jr0dO-#0Zxp;o2Ps|OW#3dgYJtIH
zLi+H$l{%4?p9A0>uzfS&#%zil(bqog!}n1!QK%#PI!QSFGo_=Iqwjs8?X=FJqr@uW
z92H#t?aaYp*)zVo>(|n$G@j?cf{Ec&F4x=<=$z3;jpSz8bdh&g%H92TJ}2y@K~t)$
z%B9^Vxu88prPVtmAzZP9J?W)G2Vg3%U*3~dSk!R&i>xRjuCUwb!t_L8T8UEn#e>*)
zS!ZBD2hx)eaG0a{J)y9)eI$T_JL_+Dp?NZ%e5XVSF2{FCx{uz$yWW~e_ANDljA<BM
zIssdwhpz1yYu&@P42yx~wO?YNWc6a9)m@|N5MkVONmfERet))z8d$MnA#&dZ6YSnL
z8KQ8vk3BhCP3}#dNMV6+x=8(c+&)@gy>J$I1F6kW8tNg0PA7jacLkjc+)-_ZcS!_a
zC)<pEEadM{_WVOYAeRBQ^O~lLrURD-4F@nIm=fQ&wvOoCF))r-S1oyX5W1C@Wqg1_
z5>N602uU-%_!sxp?{07Dt@N#eT!N^mh_GTMG|0vV5tz=s{!{aQU1z;>R(qrcHqPAM
z1|ASW0w~BLnt~buGG;<A72P6I0<fwmp%AJmknGnFzh-9(3o4~h!mzu#!hL2Ez{P?>
zYjpw^n8_Yn=bqWlby9Z1JO5|Rve~R+lEE`ZlWI#r^8RE(eCa?}$|ZcQeUdbLpO2(e
zR74bif**QrfW((OjcOV2d~T11Xp(r0%`*9NIMQaBrN+48<s1+eOeQH&2qHC&5n&u^
zT1=W+u4Ih$cHGYHO{B&q<|b)TCYVo4TK=LwZ+}0gb_>f2uRgwd6gz2{qoYC1Hi~v)
zPHJo^&c4OfLB@&ORIiMZU0iQ*&{MlpY6o7vUq3v&ReEZb_4!bmG%>R_h^VSIP=7)Y
z{^{=j8Tg{TC)mJZ$f^p#5LhQ<li~e`d51Yhqc;=J$Cv%w`3+Ii&Uvf1iC-;3!$A3C
zFymWloTO2RW6p~yy6(20uRc7gKPFJQsZ)(gtK(5c2uLi1g=K|uNwaB_e@w8w>g?Hj
zTECLX=Xuw=`q60GG{aFT1y~Q#1SfVuICNiU+tKI+{r!3d2naDyL%<S$euot}!)+nd
z?QkWQZ<cUgZW2zGP)Z_7r9z}tF1pLKy2ux4T*A9$w6iVB+H$hWV=IY<SgB^owPe+m
ztD_8gvzxAy3QSg&!bpgU#)lD!1~gcPNuU6<ShoB9=O@Ba9reSx6YWDq{?K@Pu3R}@
zz}Kzf?SFnISjt&ws@a7}CT2rxHv5r$)9$}s|369d`Lf#xgw#S~NJ$Aw-<lJfei>AL
zXI?YnO`-F*e?3y4fOmb##JRp((vj(kylUa3%>#<&H*BWWonnyMWg<wlj_gS=t+a)U
z6^yt(|GRL1nVq@s=XWczOE*vFL3C)jzOWCspw#RmtK7${^aT&ky3IDWrp2`_hBdWo
zfjqxHzPY&ewm8Smr_JkB#wdykix64B4ST7_S47TKhJG>6+BET%?@4|xbJ;(l2u96-
zPi<CdSEZEP+mnqf)MiqRD1(>G5a=k<WdU##wqN6rm_ok7StxJd=g58DzX1B=D}?Vj
zyzlA}FURT|TT^MXR%w>zt6$I0f1iITuaE>rz>rZyj|dgb_=SF{Xj?p+4q{mKF6t#q
ze7+~@4_`*Wd>y}n0kS4GZOQ`zJUgl)HZ{MOrlk*vQQ7p`WW)RPE>EljBA*??j)b0X
z?)hSpLt;xwi!x+TK^TfM3kD<jl0*CE{(Ss=pNuArAITv>u@Oa9Bt$$&e?aZ;@m}TA
zA@c6PzmW0ox(2B2G*x_lr!!YoJ$rRBV=bwezMQO_lZOWua>d3?Sg~Z*O)+C8GM1JG
ztf<vwW-PHWhGwkH#xTHnn##~*dYf!&jjA=OO+_%F5HY1Bq7o$o6plpu93P;6Ke6+$
zM}-4KFM{#){g}#87R;8~B@~cIR0Nh1{I$0A=jHYDzIp!lTYnpG<eCaJ6%iW|Ce51B
zY|T18OEpHNmLFZeHSKz}<UTW(+n>quPX?}JVe(*Bq>_fLHik_as%UgdT&@=i2L~4@
zN27Gbrc7mOt~eZ6xG;;6f~+%EE;u;08kt#e;J7ljWtnD+GR!ieTw<xLsG~`QqKZ#B
zTG3jlwY6@V+|!+H(ze!3i-nV2EnKD~$dYx}6qcJ*t*WTbTva|VP4DKfkI#NR{r<PJ
zVYYzpw3ba1wML(JCu*d_<o;9>YQ`a$$p$o5WhI$0WT|Q_Xp2Yk*466z_a7l7K7Fl!
zT*rIWskX>|LI#k8)@vc<qD6^FNTN03*XCA8K?VnT@DbI2OSX9w>zPOF`C;-;gmLrw
z<LU6^`rbV~;f+le8Z>D7afz8`LOB+3WXl%Kl#V%97Q(BODJ@v4vS22rQktxiK8zvA
zV2xOy#!9A4m0DRth6gb$nV7J~vSTtbOff2_4VyBf8f-MklQdHD(iO&{Ie^#^u~o)N
z&9b&Dam$%T#I~)4R?1r|X*Pp0t&y2cqPC!B0J0PyL;4-~B>V5WFyyH!pNW}9blyHq
zukBwENtrCEiCImg#VH|_+hP)n5tBxu4YsjGl-Vp(GYJs|k}MEs;F3drNOPULWXej*
zN`<e|vYHFaWyy5J&=(-UOpZY1xDb>Fm=YpPgCImFSYQefB%usBAS9U7j~z9nhDLER
z4aWtcMJlpYf-rTIxvfJGG#Q|_s*;==U`LRJ6hyIGl&1^CLpWwq#ukB8kE6LxH-+zM
zD|3yFz4iBTd3FpzDKX2V0A>}LMi8ScDVXV!RB4!#uuL%k=(c8HfQmo}f(bU8z`in`
zM3;NP;uAa5(~b@7%vqSISlwVe1Y-nXVcT5^<9SYGY#uOr!0WrQ>*^PI=a}U<gfbIh
zs)Tl`Ga+e^NHFOg2qRNdlyZ=m0!7$G5TXj9C0SZVN>a4J3@M0f9WK<CyS2<oE1M9>
zM!*RmN%whL`!DxRU>1b!a}0#XUSNUePLqGEn;+g9L~(kMvio%_?&IB~ADy;5D?A5@
zU=A<Ah1r0=8@>Z}Qvs;ZceXu-Lwr#l2K!xQ(ZilO)jdJo86&jiUU)15w<f(Oy6!hw
z483pATf;6Jm;zVth71{<_N@1xl*=Qmj$7HnI|tj8=JClWmkOm;Y77T0t&bMXmG{oD
z{XXxVd^>Zbp^HY1J}Tw*9(I~;yLjBp7xvri>_IL2qt%;|>Gkeo(R<n+S`zFr()JQ1
z_qD9<751xx>iP=egbtPWeFfik({F2dM^OT<IF?JntX5xVCG$$_t7u|-Q)wq(4y3E$
zDxu0ukZ+0AjFA>$Dvk@4w_NXSo^NZQtyNWhg6>D-UnKq=@4E21Uv!io*L7(-Ur(Lf
zd++k=_G3|FLuoTnR;1FsYZJ6hS!87irnzb|Sl3pF(o|&0z4hbI@2{_JTbkHkJn3@J
z4fd{1T){X}HGZ&{sOC<oLyt5&RSxCpU6a}7JyPSlMb7Gvg@l;E$_Pzn(K48n`o!$T
z*P;l+wC{5xc?hwmGoL9jVMS?UZ9Au_@h8ABkfJaJ6=9{ncMB}6@h_9t(C0V~DWtV|
zF=MUa>s~&uK?ks4hfpL7G=sM;kn=LLR~BffBZD89!Gle|5z>3T#HO?k%v=FTpuk8~
zBE)#PmQ8J3E>_K#GO4WwjKt{<=E_?pwl>R@hnvN#n<P_I(wT&%-&fLiTh-F_QklJV
zSSG4Ag4jkG!MYkKHft4&wb)uBD5Q{)Vk#=i*xn7c)oevvR`a0WiS6O7>Q#=LmTPSc
z5D_Ga>#Cso6!B^(yvT-7K)@oGo{~@}hVOjk+=p6r6glR%xbq0hynHKts;bv>-O9C7
z^5eU{e9MfHe&UfG4|NV1CPb2Cl1U_#+fBUTYDFF!#h#n0l~hn|TI5R0moC+Ms#WuE
zp&a}?^5?l%uQ~4Os`OElS66M`02)!cT(~c}zHVJ_VwpEa@RY2=f<clZ$fO=tU0wS$
z)$8d{f`bsNuLU6oyjnTIGdpJwZu(`*TQSn<nqjKrx+$zxR7cimT=mB<B^)`Sz_UUR
zFoS@N76U>83~Q24GeH^Su{Qc$=@Xg|(hi_VA|g^G4Z+kB7?C9&t`3C~JF;iNz)oV&
zdw)CHyvvsBLvSpOD?<Sl5n%Iut#b6O7vL!1Kp>417&yX31dr2F$b*!3tWO@4L?Q^3
zsRz%VmEeif7ZsItR3nzRYi4(_M_uH@9abhLqO9puw_0kb!5Ueb9d%_Z5jLn;`Cb-^
zu8K98N>)6MtGm}u-!)9kd(Br_Jd`u_*_-#@N_q9m9}6#A+?T2Ym0hB>-SzqVLxWX5
zNmTlj)xFAS+Umcz-ng#$ebOAjvXujz7?7T}H`{P!F3xV}-+c#NQKj<E$Cp>ehTC>(
zK=3R;v3Ps-2*{csBHI$K#!(P3J_GIW-yST$c?J>4&@`AEHG~5=#W1l78hlKRl9J}w
zhwc<@*ojP&QfWgCBY>b?4-15pku)n~@=+C_ffl-qxIQ`8sp17Z<exCCC>0omkfHdx
zYc#GgmIxq+h(3gpV41>tapv4Q6p@0;T|B7kyvH%I1Laxu3(-<R2?AvjKV!G<mQ7I_
zNfs^l!=U5w30{IOo}BA*P5?rBIC@7N6Fix8wh;w}iG)C|sg$lVNC2XCk9vsJ@jUx&
z+!H&WG&qjAN``8lQtvmTLp&Bz(+)RUj@N<rdJ07vkrT@UjCH;tEg|5V+*E+VDClkZ
zyt;+@%_QF-ykO`9+k60LP*%M=G$2MpbOl#<ekaXTD$GP85TwLPv^c6`5S$2542ZyB
zB>vxid>oN{t|9Ms=NNc}$x>UqA%MY&7zhGl!J|=`HD0#L$kB|nZLy4|S)%l0%Z^!w
z>1|ypN@ysF1vF_7?{x|~lFc<4DNlyr;f1FISdmO!2t1|O?CwQ0IwIMUsg#RSet&)c
z51`w7fD;N+Qug4vi&4tI)${A?=h-XRuSvl;#K7X6zdk%yhE`V-&8yF=#Cc4~-RH;4
z#dyMtQ7;FW_`S>5qCGO2SC!v;v39|U-2Kt_mekVAHCqhEWYadXn-el>$+Zb!HdUG#
ztixKC)V2m_F_;7<xAgC`3xAL7s9!cm^%YARTC-ClVX|5if-vmi#smODe24J=f_Xl*
z-<~<6Jt5$Mw8P{O=ACZ*=&_4NNNXlLat>1i)0ZjH*IH<t+f@!0<4nqCjM0ooCf3e5
zRb`ttl*}$LaMn#rGGieiz=VIjx?JHQp>LhY?kJ)n2Evd^Eb-eSx#u9Dqi%C<wB^`!
zkhE9s9%*{)J7O6pNq%%H>Q&OH^B#5`<yxmzJ3iC2cVJp8x|}XzjY-K<>!dm|CRKG@
zE@dqTFD)Nksoqkuhh3Ue*U#smdY7qse!p?Dwp%rpO&e*Hn@NpqhAI*U!!t3hZCQ<}
zvhfSQUmw5g*&LtW^4UOs3-nB7%bG-r6iTQvD}}_#Qxuv>6=x*{kknG3peij1lvNuq
zL!%<JY6hB@ua`I8_|Ct}xy{g82Mx)qf#k>;0V5d_3>vX&e4Mz3v&SnesacYe)4-F2
zQq;SrS7iVs7$tvMB8o^9V$BkRMi7O4#5<7(4_(91J&6wP;c!l<nj%bdg&zYOkTH`J
z@NrxmonzwcRoYia1;om%qq#%px%KhsN34S>dbl{b`sp2ICX(pAe0*nx<zlfrI(qfs
zrR9Lgj=j1orFMGO*Y{iXsIj7xQ#4a4Oi{G5lVqb~6v~53HAX5Z)KXg5HKt{T(`9XD
z8x5%PqJIBA-(6dM|DT|T@7JHIi~Nl(s!*paDL{!sMM^gSKJ5!X%9HEf(f71h+9kn0
zzIk11+mTOWvokS~nYMoSHCs^Xk8n$qiY9d7WmgJjjMZ%B-mkJeM^nXgF07`h^ViYX
zowAmyeS7F#GPNJNzdB2$f@v<R+UPnk#npC>g>{CJ(Kv@JG@LFIjMC!muKoUw&q;c)
z(Daw;ukjfySS>SAv}|fMVzgE@Vx-zlCZlUJW;UkFu&eg?{gL<hclA%-zHV{Ob7fdz
zwAOW)R+%6V=wlv!9<a~yQQw-aWdAOMzX~ctUun*0-*veleHd9b`nu9o&{~wX%D|Jd
zC@7g7gYW%{R;??uEW<x}SF9*9P6VyBh*7L5JFBVE<;p-F{aV+ROIyuP+uS=2*czvE
zvG>}p?1qD=`RH9_(CB;d+9!5cPUF6i>0oMDSzS}#L#q{$(0kqXM|g~*r24uphhAa+
zHE-2PY?h5iEKJ))Y8k9iv9x1UTNa~KOK94a<f%SiE%*4(&$;_*KZnG4|4L^yFs$i>
zT6LF8cx{XOx5FRv{l29~fPRx<W1Fib^6hNg3tsE;iKGcsmaYCx`<>QKIo;RRU70T2
z!IDhna4Ry*V_BVxtW2l!ol2iwtGSf29i!3ju)B<dC3gp17g#d7lj{9li?IE1PGwmx
z_=}4oWE|l*WYv3*%IPOjb;NTk2kZD5rJG_kqgpl+q@=}SjWbbVHnpZ3MWb3Gq^2-f
zuv;M{;r;yozWHJDuIB&Hfz89JB*fLFidcok4GE;uOA4h`K@L$xS0aLt%`;OtoWP4x
zDZkLi`M&&v@yEVcFC`j;GyVTQ{wB5ilQCflKKWEcM1FT2bdgIao2I%_X4`PKy5XSK
zvi}=yA`b=0-BM`=bjhMHr0TDmrBz;$GdZ~)Cv9_H7bdb)L@GS>WoJSn0wCmYfnElq
zl}FpxO6t9?7c82e$;9SFhi+y8F$9v#e(FO&8UtF0kxw4ih2e}lqtCC;6Uz%j!}QOe
zp9y%wO76ct9hG*gxPKSngKU<hs*S8^Dl%D-qQ;U+lGw?%sT88K8pB}PZB^YV==yKJ
z&N-a^ZG-&}^cU$8vYG^jrP!4OD<la#f1R)K*ZcD4`ad~Ub<aW-ZvipYU7kr_4OJgY
znAu!crPHA28YZaO1qW@P_$xD~RI|M?#leuE7&*G&?1-Xj(gK3q^T6{FsedW&<Fa>F
zB4Vd&*>tO`3sUOhxXQAe_+>VG#@&m$cJ!~F(cVn1_#=}nCl9{+7i^VikB<*IyC-b2
zy_H-JER{5i&pdx6`nJ_+mei3_%^OK-qhn(wSg0`?#ZjqSO<9<XrHI(HM9QzNTHm*{
z{j%1>tfT#eAM^<(2hP<+l*XtPi&RlX1t2nP0z>@s_xyf+|7_pyS=*z-*W>c{SD=U=
z64Gd3q!bYld}M6qRkeAqdV9{IpDCiuNC$!#-{66d_nOKRO^H$z_YH)zy4LaH<fA4?
z$tT~s*(BUZL?ok6&9z}r^`AIMawLMvua9JWdhs4IrUyTr{(a9y>m{i7J^Xo|{Ur3s
zH7AdYck$ul3oGI4+uS+z=%=bWUp*aUGM#$V`RpC#TC3sO@3nTtrPq!8U)or+XtZTB
zG@2zS*<&DLsVGF+H5Q`TOw9;o2sf(RZ_WMwzI^^(zFQ4!_#rWwH9y%23C|AI6sjsD
zNTMjzNl3(EDTI=D?_2(V&)9GMKV0%~lZ8i@AQR}352nb42~+)L4$h{LU#xJw93sPx
zK-YneGSdCk*F&Y1snC4%Np)p{x|R0nPNNp5UKdJrjIMik_u(%YQI%aUGM+nC-dRq2
z?b=<~mXXQUe!Ek#h-prqYQ8%T%c<#YujPGOwq{ty%!+KyA+s!)w23BE8K^=B-tXX1
zU{v|^%S6o4qOi)hS4yIxN-WF?z~O{~XrZ!E5VHsjPJM#m<wcy_r=I)hzQgUuR!-<4
z4m-~`h<Ffr+;%;@xCo7o<was3<KJ%ak9)A*c?xe0S{$Ac#R7M{NL|?S^J0!YJU4M~
zP@ou>n#cv0Mg?AACKiP`nO9|1mgQoC4kjsVfn=ftE08*12B-;y5miBAiv(Z<SU?~M
z1i4+xz$`)`4Ynnt9BQJ&!EJaEF=Lg12qaf)fJP7u92A^LGMOhDWR{s_iOO+o9kv+i
zc}Eu<J;oG}oDw2k+&tt*h~bh%=YrQ*o=&$rj8b&H+1zv{xh}cqhm{?ymswuO+ZR$D
zcX0z4gplQTQJ#2s>e@KwI}ZgM*4Ir<r%axdi`6{)^;KVQLH{!@vzR2GVJ|DA0MDiA
z-`6#}vFRKXgWa}!J{9J%gnjmj)%J|u<~@%D?9AUAs`mqozYHeBBnWtwdiLh|wAB~7
z+}Iwlv!^-0l)21+68IgR_4jNBa!hkz5=rte!0=CYtTLj8u3gHin$+<9WoPmC+!^=k
zTe3TSTp=Idt=s#bq2l?e7jgQ|pGbF@(2uSL|2)Tl`&LyVrjS4`6u=~j-=uM^p{+~w
z^j-OPk3D{fZ!6Qd$-Kq2ywJs)gQYb7_TLNJtonB72d{o6(dtWT{*E)B7;gqkUIYLx
zw)~%-{&VSS{Jv}ON9GhRUf~66-r%pp=F830t6j@wYBs44tVVQD)?ZF|XyRc|bLH`{
z>hRA_O;~Q^JAS>dzjtV#pC4tb2`Lw<(P|=?;+2N25dp?Q2e}89JfrF04A6-Ee{~~I
zWMOq8PqwYS!L$(=8QR5x4u<SUChYF+9o$dfe*8RpSeD-2k?ZKb5AUGknn5BdAQb&#
zutP+b_Jg?yIucOU8od2`+sUFJBe_w}y1vR{@n3w$+kK;|uD-X=sOsyjB1F&9H2QFE
z!Xl|VSp|{z)LHh9yzKpTyl~g38@yC}*)vwN&nxM%WVNVtcHQ@07fu$MzEs}d8)jE5
ze|S;)0=wn)fqJ_^RyN4%1mLm}e=PStUAy?xwoe`0WFjq&5lKLxi`A1yo8J)_%i2Zs
zmEJxjW2ATyo+BvUb5tF22==#hQ=|5gXgl1Sm!UeFHumf7&UvS*Rcq(W-3#sD-Tc+i
zHJfVD5m>i{Y;SdjjonbnS1R|d0q6)SL_$3z7H!D5%F|YfYbPznQD(%`O(uqEY0F%t
zv6x^y4~cHsI49Ezn>Bib%goVvV~y8zRd?COs(w;2JBoMV^%l#S^9=ec_Z6CQxu=#~
z`<|}N$Wl-5ZsGa-BOPo$A3&^57H!aKx1=$$C8f$Mjk1i*x*Uf&>JzMy;Z_mhDGWI2
z*4iu(`@Ax%!u5Q#9)K!>ivdC-Tf5I2*mO3`t*k?VATW6_UwQhyeqQQj)Ixe#8?{S;
z)p;$3Q6`1N5wq3LFa?^icd}0R-GSdN72WXd7#;{=yU-d~vDhprMPe1%aieH%CN9tx
zEXx||-DQd=Sg{0@!GOVC6(O1y6sX^@Zs^s*1x<I9tzF+OX!tU9M0wOnt6Ll$m_)NL
zHO-p4)}fgK19q@cK^jQ{h`U}qcs1flNm+QZ8yj~nDPTb~bCt-Ozn)d|^S$0xUTDC;
z?`XVLS~T9q?u`b(QL;$ThYN7PIO5gX?ZH8fK?Q@voK~v_niP5_FUr!_x(PaMT;Eox
zQDtLP#a@YOn>i#Rg-NweJgTd$#;b*@qAR{E3oLS$w2d9pt?rAgtHg$llxW2j4GtRX
z7;9q<5ECWw+UOA?laNRbFj)lhB!r*T%)Fyv0%Hi$hO+86MbKH07C|0pY8N;qOW7NN
z?$cH(oCYC<BSX02F*8>C@vc4_f=BYg<Vi)5!Lk<J>Wiu|!-C*5Qkb9~3FmiJ(D0lc
z&`kD2K6eE{-zdOoBrSv%8M&tIp_hP(qQbRHDG9UybXMzMD&^G;;iOR=|AF=&PtRKP
zwZ9uQq>~bsmSVE!C)ByAsYC?`r&S3{Sn;#^64nV2giLHHk+vBuCW#@(8jY}|M1<N5
z28&7Lag!8bvQ#PCPG(%YYZmdWq!FO7psoGc%<p;g-H=EmlIS&o*B<J%>KUiFddd58
z`pNqKS-&7`?PyP7RePpw7EKR;`m(pC=i881UVT|rn^b+9e;SvjCcfQw!_@=jd|jg8
zZCLh9`|DMD_1fU~m(Lp4D;{MZm(o+~8QrZs<R9N?`c`d-4Dx-a>2zjG>wgqX`MLOh
z@3_nz&7tnA-i=t}zyWsDnJE2`kE4a@TcPt>zYshOT<e&aUiNPTV5e^EyQ0+)Q7tJ@
zv{f|aA`#h%RDmdkgYp;K`)HLf4^W`YMiQd#h-kJQMRNGA;1~<sK46gEEimDaY|tJX
zh=N3=kpyL{BLUOx<?5O%A|#SY29;L|k^9*Cmt>|d*|zS?$P~j{C^R`ASt&*tjY1Ga
zK393}TjcjQ(0E?>Uo>6UEa4tN<ya`8p$f`I_SQ3jcd#}(N5<@TmWQev9vA@xy^V!v
zV181&J8;rW&9j`DpgToQU`@uER<UJN0*QqkPHvF(4U{knmI6Tuh}&-3KzB$iNC|QQ
z7VQ)UwlSgs+9AQq6(Cqh8k9^@gk<(6ZK;m3@ZCZ2KpX@|E7-uGDh@!5Ad1#H1S|Bs
z27tJ6Jl>ltTJYDl*1Oz(XHWJL1o=DoT3RZaQl&Lkn;IuAw24rwp%&SeB@)QU!<cf)
zI!y@FRSgugK?(kK=gYI^{@gptc5a)-c0wn2aO;itx~e`}rD(pk#d~5n#yH36)Qduu
zpeS`tVPUnaxb?e1SB1+P9vg8cB3oN)b<SzdaGUeL6+DXr6#hKN`(lmfDx<`wlAm27
zyvi!HG>G20LZ>E@o+0GM4oDNI{D<d?@X8q{e%||0*^1ITI=*@4Up-!l=*gw)faXmO
z|9*Ck;~711QNsYKl6?|eBpX6DL~7c_nn|%1EY&TowA781pC2Akd(>Wv^<tu<dTMGL
zA#7E#Luf|DLuE?YDA)$ls%*0@scliQv`v+?tkkWlM#>vew5^k5HWb<|M%uou^Z%wK
zjT21>X4_ja35?4$rH@wIYxnc~e;?!gp7H+s2mD4cxA6WBf8Z^x2|A=HVF4%_jZpM~
zA?_ciwO{fx;%dA14!(h)qfE*#m}q!*<Rp@8Axr+yq^6-=*InMO2ozBo+vT-*R&Adh
zx<^(@$~k%Y&dPSmGEVL#%NC=b(sT}q=LN}huKFd`N@$LpBbG}Q%DAhHWDB_LXpsK)
z$Oh6O3_H3#{)!+hWXViy$uMGs(8ek<ZW0jh_xI_4$EW%MB%e;*EMrwg5-USGN~oO#
zp$#r|6<^W>hrY`HZ&(<V!h%62f3olDMEX;zQ|I2*W;WYE+hS<9^PDAZ12E|opD^$Y
z1SLBXXp0rgU8|aq84-+U=jYmwOvLs4{coQN@W|CVo$iw9g3>zo(K=4&*WYRm#CE-2
zyH40>?xz&v6@~H8^z3$Z9`AjJYVWUHTRSepl>UCEHL_w1qQNNEWkwN5tXK?JAV_fi
z)93W6{Xl;fRR10SvH$`8pNhRqO)j)%78a&K7?egIetqSSzEk%in?s~I%Q-<?d9trz
zWWgm#RMtym*`-lG-@zDV)fJ|_*??Cnl?$}zYY4kkE*CBw;Hxe+w;UYj4|jpk{m-AL
zlDtnBlJ-#PM@n?`#=0FDr%SH;RoYCOu$E5mS|rg4pbbyFz%ZG<%prpsy!XGF?7Lq_
z@?%++W@gQ5ipgZmw3Jnn#zc)<E2@>}%TMF-_;d65AP%07dx+9SrCKB<Xr>(~;8Q#~
zENhFdoyo^sXq~`oCS4S>m39#XMI<IECQubc6;wqJ-x-uo#&W$qpXSF~%n$cf_pk?>
zY=5Ars3x;gl|nXQ(!03k>89o5YGxZlX)6JsQptv2eZE%O^|sfm&hV?IVCnhq_2PM%
zU~JIw>s=xiNPNJsmIv<G65xVKueJrreJvME$#rm?#!u(i9aK-Rb$^G{edhYVpRdmP
z`xO0^s#y}Em+$)fUq1Z0IEG%en)l7&&*Q&O2X`z!kVH?9_GyZ5FeQd329xvq@W%8<
zZG3uHOvASna?K~M{;SUs<(PH)=}xT5^sXt!V*D3e=P$kq@Q80x=7v>ab4F!>@<JSh
zkooiH@87JSP(B|=<x4ihB8;k(w6MD)RZ(gyLXGRwpS#Q|=+6II{12q99obS+TBT(y
zmTh7EF5>4`b4IS`ok}Z_%7oE7CLI<m&8;Hj93!#z|Cq4<FY}Z5ouFk*hs!epagOd>
zH>|+G)EF$;b6do+po0wzmYqqF(s&?$5*YXTA3^!Y9DNnfdi0@9Wf_r57O79}eNXS|
zr*%axRY&{Sam{=~!bmDt@ANryl6tPYtF#(w<P{2FA3*a6W{>P4`a-4{WT;tB0SQ1C
zQWSt6hDlqQH!~;fJEIHqgb$JuWcxm~_w<F~@XIYFIeQW@Ag{|{kz|prIZA?d(kYiI
zHo}QBCKh#5iNLr~8Z0E7$3jkAcU;(`ODQQ>EQ=8#J^k+{J~=gG-fuTwdGop%xB9hu
z(ZB%wfDurdRcK;0!Ph$F)Iz)JxFpaCl@dhKVSuRo^XJ|5yT-r0#7TA^jFpv>TeJ7$
z4Ro_a<^tK`0R#F#2V{`?!2RQ&b3-6$14)qVuKD^QnJiHi1mT&si7WT>3;DkKy(()-
zt~};rW@^ov1Ee3c%4kuOQ9^hqy8`SZ?0*FJzo&)Yzk9;#r=jyj%rpl&{e{SDkP0gb
z4^AOdOXyn{dODtT*Kg4uVLpDo6X!&#vEl}Pbu%jqYRK5$jAfKlD7(>&A{AK+y0Nz<
zNK=K_nsAOKNigI9qmZm@*aeKqhZ3~X844hS$So~7s@7-=n!8*;$4DVo19mkV7-G1b
zfLKtNMInYGj}QWy+*r*=En*@Y2Lh!`Dv%HcSAY<4&?Q=hYgS+@YSR@JDbaHCEKwVH
z1B{iK2qrQ_k=p>O9JnAjtwDe@B`Bp6#K0J^<!~D<Kq8hb6dOv030NkPDgYI10zj%#
z8WIXX%;-2cB?atVuH51rKKE_szIN)zo7@U0V9}B(iY$mYQC7;6hD20J%ZEf1jOHxo
zLY0vugusb2t*mV297t>xETn}N+b(FFxhRa@!a~0f7$4isoq?k;qx$tK+2e7{u7{3l
z(PBGKYz7&zwC_JQJ-7x9@ZISg0^x=#s;aKJOgW;W8}D=3zIf)J8v|}|8NzCyIcv<v
zg@vUMZx9CfMaNi&K<vfdAb0=(sCzE*^m54+4GB!vWYY=J*}YGf-*O^_d^f&dV->o(
z!ggj>Crj!V)$gnAnM>;77iQScgnS;>Rr}vu&$*)>(`U$ab3KRa-&*?#?E!j^-&wr{
zeM)(9p<o7WpRs+TN3+J3<<q7b?%ey`S7Uv-_IAg=LyTs9_6})Fp|0ik(F*&8qCVfF
z(Y1AZ2UQ5NswdY_)SFd$!;3xR_17j|pOQ+V^82<|eCE~EuaxSCbLY3%GFrKn!CF*b
z(hYA-*L<;i;C+7jTs1dp#xCmIt<CvlcIdL;+XWCk_kr+WLNX#lGhNxd_WAR#9OjQi
z*~&V1o(oX>D-M<MBWn%0BlBL*6-q0R@kP2v3712L8>+}dF)5ltq(adu^KYV0)DF<w
zB9+U&*sq$X5K4|+`qxe1Mj8!v-~x{m;kC-p@~yT9tb2GcvE4A(KEhBeP`=0zoUhjy
zMG3t0rSZ&23IkFq&vONcB<psn5Ri6<8@8*cp$BWB%~`z7!@D`W<{Sm-P#7c-U?h<U
zAqyKDfYRv6LaW1+x(PwJNY-Y8(=#%b+A5!dU^Y-;HPrAFG=iuY7(>LI>)*d;(V*k{
z(WY!M@Q;^+;-F8}U4CDT_fz6hPo39w!XwN#tv4vBCvi-3^f!;4&D?j-JFA{v@nVz&
z6nDX<oe?Iwxx5S2YgL+~6I0<vTC*733=<2*xC7-y6e~+b6J<_WFW1U2y-{vuX|*~?
z;DyPZTD4~=jZl*Z?j{U^4oiw}@CZSfv>ibE115bdc^>O==<?UCSQX3DcjVWK{j2t`
z1`mT%c2~K5F6p(m;d{ems6(OvV3JtKd9Rnmth~%!m4b->7W(h5uJ4L+!Z(s5CjoTQ
zIgA`qH2wQcQ*|B42pK~R0DDPPPZDgFQA)sLXdVbbsM$$*0C`t?;Ir?7>$?gs((L;?
zj(we;blzm8N+ABlmqKmcIn{}K-y}P8<yI2;S2aNP`(L+Sp7ziVXWx8U623iqI*fan
z7U&D=<~~sUdGVy5%-!z}6cPAwzR8&?QQwyKiyv3cEtWqV`}gJaAA!*k0ux1qtZbDe
z6b0ITT?7W>+zg9yBI9j&2z_2}-k9dy0Bp#(i}YX_@aTxLwO3tyu+cnf?2>6EuE<PK
zmVRzdP`Hw5BglPXE(Cc5&|o$1UVuX={MAt?eNdF3e-MIM3)RGj=kjRahuOl$;M{Y{
z*`2KA0awWjR!vi%15Xhh>gi<wb2(6^h@`0e*Tj9MCL4S6{T7dmeA!>1y_(>NttvHi
z=~X^doIJZ+T7YqAD7`?M35W$R#myVj8Q=@0u!KQEKm`>buX3U;*q}=Wq+B&%69I9!
z0tv?o1Z-@RO9eDEF+W|0xs4*Wum(7ilAy6pfTNl{&sA;fSl=glB(2>_;+Po(X`>Ha
zqd*~n$R|GahkT*j<unw94qXRz><p1sKdBS<iUn);@Yn<-NI{C5D+sKzq)_D%h>H36
zo>}oKuBiDIz6zg0c!!tt8Yx(H42sF&l>|2Y`uq8h+;0C8yI-J_&5W#=VS$4upvep;
z)?B7TL4gf@vf&P$mU!DxPo#i<K!Kb7)%|js=C$(~^hZe?yPeCTV3G(?!x_yh`FUo3
zb?$v{)DTD_09in$zbzjO%WL*;ZVANaeRIanqET%lB>68lDu`9z>ng;c=+F#+{w*J#
z!}~{u8TuWYatF{LABiO7l1bp_e?M%y)Fa@VKL0@Ry{#iuEfmRBQY8`+I$3fol}1pN
zQH6+zRjO82p-52`LP;fLYK5j!RW(RI4>*&#MOVA?Up`bPa-UWr8M`9y;o=ZPC*Y9W
zi&aBR%PeT6Vo_NqLnon$39T#!GO3ns?YCyLFYoW2zp@|D_!lL{C)Q*5+adk1$Y!gU
zRi_P@Yc#?_&$kX>8p{NCy3~?lD`gakyCs`L<N!0_>C^A`%FO<_s<ROoqf|wuTt0Za
z=NHfR&2M+UpVkvY->><x@o;)3{b3r!&&&mf4G46(iL#wf#q#3kw)Ni+%}2X^{;BZX
zG6t&3ERN1tOBfoOyMPoh!M2c-7$4t*b9$OUVqBm~wfSV`7{fL8NKJot?_QrbTgQ7p
zwlz%@($JJLnWToLrCC*lhN_c!`~H3XejEAuJ|Az)C9r^-3X&Abrb*N#l6@AJ%Il_0
zESAcMwMobHNOhu!m`X_S2V<=o<GCJH%4w%LR0^=7D2@=Q`_Rc)75nvlejAcZ3!bij
zOqJeQDGl@SX7QFWB)CpPr_cy*<^3T*pWgl*l)9#sX2Uc@)eesSzu(|^GD-XTcrQ8v
zAS6gX)8f=dg`}mdEH0`PQo>TPNf*4<tURv4%~@K@f2}KKebz`zD!KPC;jA+MnFAm&
z50Xjp1?Rqc9|W6%emE3ypOZ?}RaI3|Woi;~qP0tfrbe9!HdUaSDUzC?nW#ShnfCGd
z<wyF>XPSK9GWzf+10(vC3R;y#P}z$KoYrQC9%Oc1g~s21M~C##z!{&|W;5=LYy$;K
z1G6j+5aT2)IgsK|(Qqmi2FsLuL+dxk*|M}L-|Q&w(h_`~efzWZRVUH>|9wqVD2$V*
zE(sBubV(Bz;e7n~e?Oluv+pwXz|I{#&7TQ?CQ<omDg{(phM_{xRHTG?=kKsH=~JI*
ztp2{3cI!@rmRI+ZODDdRL+m8Y02va4-+X=@v09rtA*v}BnGrs}o)O{~>>B?5pB?6W
ztT{&mVEz<QWfYQ>8?ls<2jdUpC(DQ1^v}969e-ZR4UnIZ;u?XPuGYPmel0pzui+p>
z)};OW@_76A=sz~zeS5g{`QHM``c&46X+_ati56iJMWlppp7-D3`R@Gv`RG#hub(fg
z&Gc3Lz8seXQsiAMh#*S-4H%K@&(>@W{4g#Y$Vo>bQVc>({>w5(N!{UcS{;SZX;3tW
zA(DW|B$K$cC80b?3L(em((Dg`9SVe~ZcKrskO8rTB;v>jIS>Gh1mb8(L~v7%;t>lL
z22?mBPO#GrR$SHAkfepe1Z>8Dv4v&W9zMgzo_dbExN_l263~I<u+Aq8u8d@*at861
zB!XeW1Ci!B(*c~KHiM@anQ@nh5JJgQhX^SHj;`WZrnOcg=_tZftu#4$x^PIWLrCc=
z#i&t2>KCFc35GCI@*2#`$Ye0afr}O(jp?zgmKmc|T%d}I5YXmC%chJZmXKs1$WaJ$
zdj}q@5vKFUju+F;+%K!CQnVARRIm(IohHf*i0wtNAlh;^h-WmUAtrL@z~V<qs7#48
z?G!-Hg^hq3TRNCnWYL`tA<6=fs%nZQD2B6B_pnHChJLMS(th3a@LK(Pvx2UH-l?{;
zM0xg#H*$xiPeF4t+UU~**8qYNK}bILn$DM?4WpDbXw1Y$H+JB`>9>csNI=OzIl0H$
zK5px0RaH?DQ=If500tfm=FMd`GL`!6)#82S`uegt_sZsM)`BEUs`_XZd+<tM&U{<F
z*Fy>4mi<<{@4kFRY4H0uMDF$VA4Gge&mYMEk||j%0kk8QvXaasqs1KUuv(ayBP9rs
zvpG}C%ogQligt?|6E|6V)s~{F5dif(otUy!R&QbX>(ij`V0;4<?C{$ZJ@lcQ&9A?0
z8hJ2>+^CRg^`B?z;GPa$K}x@8AHG{@Uhh^HLer)f(-D?J@&=7to1O4j*k^r<lkTq~
z%o$x`q)Ah%qmJlYNZexzJjb|32q5R~zB|&jkp1s5_`FN;ovy)^*PB`P_ji5wNeq?s
zS9fsk*W;7AzOBBM&W$b3+w#DoL_Mm-in!U+@uLzSBpO%rf=M&c<=5XTEN)89t~Q2_
zS6xbuj_<y#1Bm$erS;!D`*rGH5PD0`n|SRE&2FF&HEgjd8b1^dZ_g$l6ZEh4ebw3C
z`AX;wU7jBrw1&Y?(B@f3FXn?EXtNG+(kq1zm)}<F-JuRku`#5tH!KmYH7>gIcjw;<
zz23^rUplVKfOp&3pBHFAqrKudN_Y|SyD_EuK~L)NvN8^LZm+(lHaxxF?q?gW<afKX
zw)PR)O7T5N(Exzy=1V1$q5GxYwbwwATBtJVB8gu#PVSks-+VrTch9{Fr#i|h4kqhW
zBrXU@kYofRNapwR=DEAhz23INSafyZy}jSO;w3I`bk8$R&2+HLJH%V<+P<KL@(~Cs
zK6S?<x<DC<!!AJu0|jLfYeQ#8rFMyYn+w!ovZ>dFUheeW+No(pV%ea&`1T22+S(Ul
zh{pnSpuY=nkOuq1yDIotC%`CrvXFeQS@Yw90s#aP0oO0UWnSZCA0Yhd8OQ<b@oT8T
z)BxI0o`&zkfky!m)d73=Yd5LB83<>)ri(Nctm6%YNf-z~Ktd!CVGm?kx*ZywHcfR<
z%*>FG1nP?T0x_a_s~m1H#{jVsM(UQCwaE?_rDV-pb#_sx5VJB0g#lp_eiPF0azr}^
zfIxxnuIMhxhaPikJ3Nj%W@apQ>YOm0-R54z*0rlJfl^RV!NsK+M4)AzG%1{8;E}jZ
zY;QaP_(!LEOpyuh+m8q6eK_-McMa^empdKINMv|GAqYUZZt!Cw0prJrZe0}HG8wum
zku`hT)zAe5(P)u}#(=z4HcayqBfZz4Od2l%AdpT(M~z4*sv+-jUFV5v)Tj~(1hA42
z5rBZ(DPRb5`Ng#hEzXK8uP)(P-gD5B*s8@85s+j_K$)XGoh!7t&W+b@--#51O}5@L
z*+4PzaELKLk!2|$pUZ6}5_BO$b1FjG)v#EAs!ItD$|{votjjoPBb80^&VP5?(8coZ
z?&_+l<{bFNU|wh2vp&OIMe-xI1y$9(<>`WsY$8~(z(6Q(XJ+Ec`Gg5yR^JTAh$W|%
z#jmPwKcB_Pm!{zBo9_9qpbUE!{Xrxge|=eY$2LuTj`oL-uRhD{li+$hn%B0gv7Gpq
zNiT*Ex7Mueyz7_E;urSazMlgU!L^g=SL+xzyTgTngDniCM}`bIT{WUKw7q>qyTBmb
zZps-ftkUFx5>Ty%N!EagM$>q8$Pd?_Y#dkBPiaOGr!wIXYC|dpWwwW1ZrO45z#%mx
z3IK%z7<jB_Bm;RmDN`Cwa<7|6=^%l@#sV;ziN?WDL@Nr6s1@3tJcu%uabgfIk<T`0
z;oEj-CcaomKqL+2Akr9et-4?tF7Bbqnv$Rg$I{<j9-eaU=n8<7Nv@C=YAry3&=$wC
z6iRmPCiE2C!Xd3hsU@1}*tVl0)flCclBwT=(mIpq=X1Kv^7C8gCe8=l2;d7*WhE^X
zktVfNM3q=uBNm+GXjzn{CP68Q&L$F?DiUTW)Tv4%QlgaARK5P_(oeqo^LqQoD^oT0
zik{(3Yue9MbLywipeRV6n}A3npo-N)LrA)`;i<Dk%GFY$`+?@;r#R-w6Sg<e-@6B!
zXwi<huHf>}ACY6&JncKX4X1rW&T_9amaEjK)cJm%k@o}kcHUAc`I%K>Boz@tiYlm5
zk*crV-ikMwQo^=<zvTGs5^|5vV!tKTm8B_E?SC%r&B75p*C#QZ&P5ktEvx{#A;KTq
z^z9gE<$p*VuhBl<$zQPJ4oTmIoB9A)Y~>TbGo=s89aw69VyU`~6;&#e6;x^=auqZv
ze?ObV``l4?&i>xF@&0)IzE!D;^1kRZq&|WeQAPz_e`SVI5oD2^d50Y=A!%s>)mX4%
z3k52wckzMx0F|cm)@Yia(35h(VO2L|yeb+9)V@MUSHth_RsVhY{ro<PEdfmnNkY*@
z6;x46OsY|3A}dLG?*D!7HS;UKJ!R$UA=bm;;6P6lN(7(OiEt@`u#B6{j)zM-o>an{
zgoN2=>L>Sqrsf$9e->OLnO_qzGL!TCJ=kl1O?pW-YqC$8@7Vy?$@hKv@_!fiI&7|Y
zM|}G}kJpuH22mzeaV=sNZDgFpgOp|lWmpxKfn<_(G^8XWgh8P)<q^sA$IpyERUY<e
z!#&w@_esR3Z%v*e2qBNPAL|1+p#`9jrOvdm6vKga8dwD~H}ZhboC`6Bj~e@vfvmsj
z4CeDunZDfp!d8!@2pz6h&HV@4KfA{g>0yYN1e#<KazqfItyNN^qjOK*`i{}Rzba?;
zgXMwr5ism;?#tASgJ!c2nBj`Vsjh7mk}MWN(owDNz<(doA2R^{vn(w9Z&?Rz8e)dH
z5+B>|zjxL<{6C<d)>f*TvO1VkOwv-cw1||d)j*)%KJS_7<hJ#+KZ&LtP5zdBA@qcx
zNe|N4sdY_LPFe;fqteKTb_HDV7T9nw?N99=E8r6X?-<5Q5VVul6cVa}AF5WFkPYBm
z96vm>0@4!;!p{K@ntiT%kLh~+w24%TRH;pLy#BJY(&vAuyuXRfb6dWac!)$r6o=_+
zO4NCU30%4aO2oAYrbqAh_w@ZaI3E)>WS214)Aec^IGi+n(UZ?6vKPSlV0;c9F6Y=l
z?43!&e}3ZsIEh{T41WCnFsTzQAll6;!!V5NDG4PI)R9Y8mRl;2lr%Cf5U5oYNh*?=
zM1Eg0=1-pf^WAAQC*EHS*3O>@kPpO`3MmYrrA4bi#6;9pLcP(^>gC=yTt<wA4Oi!j
z<JYMD>W5JN?HbC7KEjV%P_L2%EYoxF9wYNp!E{NxEPjlWg$n*Esi{bfV1#L#5aH1m
zp89_`%YL2w{{8)T&j(QZg~ncji=Cr?4u*cJX+)xyg-YzENocZz_Ge-C^n8OO=|z}-
zLQlsHYHCB)7cb-pbO0m+eEGSI%%BYHC|Yvjrl*z0F|+~1P{oK70b>iu7+BQ#al_}H
zaGmU&WqsaV>=S^LYQfCKFHkHDFfi3bqNyQOjn)$xktA`-9tz+XK*n<bZQwzIjCKO9
zV*t?JCJ@NV7{W_2l8OqN_m7WYg9f1Txeo`#1q-?D<4~p=F4IFxA!KD)7!HM)fxtpQ
zOk<wxK6!G6QaJSB>g*=)x$TD(qDNNfb4&)b8BuVPSC$u4LfUX=j}G1lA=9KtkVS#U
z46Q_?CY<5PCY=yaIS_D!#EXz{(P<Dt(JeM@TCzIM6qH1Q6$*<f5e$SRX`(>a>+MXr
zCD7mW%g)}N94m~#GyAV^F+=d6`M~&yWCi!#o4;oO@EBH>waFyTHx5^K<J2A<T!kLz
zv$7TvOTi9Y#tTwb8DZWx!ihNzcPZXV;k@pUstwT!$6Eo-;RDZ2OV$JjgC1ZUK>mL0
zhw8_GCjQZ2RIV(YoKx<wW~&e9LjIClzWeW8U*Ab9X&Nhg=6JFAc0Quvw8I~M_fAX5
zc`HKSC`;(Ibry1BqYs^0qe~RUY{kD+6<P0d6(;@n-wN_tPItnLA6fXUE@tnRkGt<)
z@g#SB6MOc$IA*`DRpX><b~iPBVXLv*H-KdUREzql{k>yujq%$_A*n<1(^e=eQ)kKK
zscRR<jeQ+`<sXLi3LjWNqUUQLHwO3A+E<T$a&N=$uj)P62B&+M%P;Ks=6!Fw?DKZ=
zd?JNa3QfX%i4bI9A>jy@?VilXndueNBzEPV-l$<F=oH4>*;T+HIdC?WJRB?#yn;Z2
z-FDXA)x|={@gq*e;PR@`M7*f;ft;v?x!Z(ByoHWny18~q7@1vqFTh{|x%%M<3z)L#
zUU?%}Mv#FOK%l;C0_q2f!h`|$Bn4rxgG_L+J<MJzl3n8qeSP#h+3V(s>BrMqcU-DX
zg?dW~8373xk&sA(I8HHoiW37Qqvyq=D5AGYbW~`=B%7MFQ{w2Qb>C;iGOIHCx@vUf
zCj${xPKb0A6v+xV)l54=m}(IYl_5cAk6PrB6-bHUqD>SzOG%+70kcJBwJwILuFEhq
zY8X;FwZkS2$jL)4D@Brx46abL${A8b>9d9g5b*exsZ0>TES6YQB+$qm(#r(VqalC7
zkU}y?LGe0?Avy1pNQjEm)|FZs+(W5h9Sb>;M<k-8Q<)l7P(?n{=;cfifPQ<tE_v>X
ztNSzS@2+QXgX&zHtrb*re5(<@pITY=Io5`p;T`m$?rX={7|rt>=J%k=)4Q!D!vXZJ
zJHbDw?{}+R48-HO$YD|!Pd4j595cT5d~*1G+2ES4`Rw_^R1c4J<gL9O2=({9ln6nx
z8TB6vA^o%{ya*~piAdj5onIuks3J&QhYrApc(davhk=LV_MlE5l_14VYmki;L0A%8
z2262ME>pxXUaC&O>wa?)2mohqL7#n?hZs|JuZKp0Kuqu_sG({MqR5@OdxN48raaDh
zCRPsJQrEheG_8z5w^Yl3+R?jmO-Ure6{bN2Nf<^j3)e`s0Z=P6Y<hDjByN#pN)%SP
zLb;@5Kx_m8V4;K>X$=Dik!?Y>8bsZJySN@;-3ohm-TZkEpWwVGsM8@<Y6=;p8mdKF
z5vo>{{m1L|r@ZCUr1Km;#1I7>WDV$={;ujsVn$~~!i#&lh_vEUL@J^VP(^O40>@!=
ze+OpfjGrn>50^IxeL&!Akp7}(@Bo{c&ybMke}8cO@CmPu|Db)R=f`h;zg7EIrJ_}H
zrIxSf`Sqmc{k$A?e{Q}N&di<wz(5%VVpo}4tg2Zq{!anU&E9N^2th#wT|Aq!&d#!F
z#Na=Erb1Eg=W|cpp9?v_slDyYlOvpgMzVuCNKVLS=?}ySS5{xWS-`E_fe-DK05$zS
zeuA?NifV|28e&=@Z0cN*EY#U4B3&Ztk{X9rwNl~!p8tpE7st<=d*6AF&*yq;nSgEQ
z8S);kXvQbPSf2z$6;KF?B_xXxOp8e^ARvi=K@5LOZkAdc+K4H1l?f3gGgOLR=T8n-
zb2(9JXGo4FYy>WWDYB#?q>3<IHy9W(6bqqchu_fnKXpF4grC*3T7`wf!3mH)r=0mE
z|6Tum<U{)rrmCezsx&PED;Z5v*R{5%^D~|<_ft8aFEtCCztA$L*8UvUXV9Mk4}t+g
zLPP{rnLnpFre+I!vThT)Gn0^$VMGlQRM=2aaryoI4|X2+b~{XJ6*m8WXe>blj5wS%
zlH@xfCujEe>ig`4pTcuV&&75%6s2magerw7i58Se3PfO}p`ky2HtYG)@v6Gp{r821
zy#gE%f&J#{l7@k(%?i_5vU!eOvgb4tg-nRVKw<(f<o=(1cLF2$(Q?*mrD1mqA@vaH
zB^`v5zkhw@NhkFcUr)cPY(GRCe`z3=h>A%TCQ_$T(24gF_4DY{_g4L)rw6CaTs!ya
z^oR%_LTw0$e(p-03sg%Z^Q?jvg^LwQbySi+(7-3lE(iDBKiV||=I#?d)b8q;Js<^g
zP5ghD6Z<q6davq&l!8ea34kIoj6qals){Se5ANm%Xwj9ID_iLnvRmDy3}HwmOU>FW
zQD|CsTXQ0WpwT7o*7>ka+5I4p$@v@n=FTG@E~SXFQT$x8Pe6dcm(=gDC<a^iyZifk
z_595+k}?tl^WINiU)<F>@_KkJA^Hf67CtCgkQfz{^n+5N4f4y35)OEvt62&^Ppx8J
z^{V~y{P_O){%;EY$jAXQjR0uT5<@S)udm-1KRoumHbYG?tvT}lnLd2wKL~yJsw`DS
zL1H48K*9=kkKOzhW6{FjP|H8PM9oUm3G@JW@FX>_7+d?A)C0RC_z#LPRS}C3L}IJY
zr^tHi`tI!K-+g-a`cI<Sr2DRGTV_6vPIE3-5m3s1e}@D4_ihmUkKWjiL9l+uT<fa`
z4~Z{OiFfbkn0_~HUhUpQWK;!2%nhJ1LMyJZn5zr{XjYQ2V3p8j0R&Zw(nAG!CA2aL
zz*!+Y5eP&`0V9xx77Gh`lQAKJ#ZD?6f|x1-#4WHnnV8xcg_Hq6fOTZh$s{#HL<_m1
z+SQZ}l8qX*mVzqcX;z4?*@WVPAt=k3O0D8J*SC103M4RkJI2XOq3-te$=-LMct(dF
z9T0@=&Fcc_v>=i~lE~UeGdQZrYSWd_tddboOpBJWBtYg66((c?z%Db0wiaMzovB<Q
zG{t8q<q`mNXY<c@@9*9XU;!`Rj{q3-7<@@P6f;5+_O=GO5YGDb?Kb4zlpWF7M2Jss
z$?A~4IpQI%!nxqU^fLRP<=>VX4V(5>?+pldA4jq?z<Rb$TuTTZ4v)CXEiJ19UXRms
zVuNnBuoQ*-bM4#RV<Mk?+=!TZ0w-2oRMc<hhq8&yT&*f)VhX*NFPab}TFTRzNpn}g
z4tF9A4xPOG`|Y~D)3wBDpM3l2riB`7=h)R)&!<eFVgNA#^-u-@3lTW}_3%M(x`Sd4
z6kl+lu{x7wyFm-JrDaEXYwvTw_On;tP?KZMzFI)Dp>nC2(bFF*IaLD*ihcHdLeVCQ
zEP_kA#)WE2@4GFJU<8Y)$ajdjyzvKIb1dPr!m|5wyMFHO;(NaC=Mf)l7PIiDp50Br
z{)bC;B9k{`-tDtvXkCE{Jg%}>vVnw_=^^s%DTDw!cYb0$r@a@;<%u87@KCK%Z3vLT
zkqd?+LjC*qsprVZlRC$TmJ!_=?Vmrau#jKDl0FB`=&|+i-Q8v1%tL7N7ig_LZ0KDC
z!(^<g+spDhuL<ZF`|e=;a4m)&Q}3U`<vXJtWp)8g(m-JZ4EPp{OV{=pa<8u)ZOTn{
z+;uzdqBG+G`nr21UyC^Mt1`Ow^7ULVuWo{T1Q`YZe0{qS)5EQaTJrCEvPXJUcc%iQ
z(KafNd!7!zcUy4am!hoM>Vs_8s;FOZ)z?HC;DDFuHIAF<9*HNt9O2XNdV|~YjdBBU
z4z)SL!7&0ox}w1_U?~RK47~E-J9jZpy!KK93<W?W5WLub1L0%a;5P}0bM&EmI*Gm6
z(*^IBwt^UYm2;O{d~m?f2Te_YBoG-GNf{zRHdL5sPH=Q?P07RFoNB1yvJo}{Vbi&e
zxou_;sVmERRJJG>i?J3B+`O;EQ-vMJm`>cPxK)LLTn7ZX3OHFskv3i}t42v>mRyCD
zbW$lOz8H^+CPh_Md<~OI_;I_k@k_WmK1?0_A4HaDq8=b5g@XeQ>25<MA2P10^ckhx
zDHlYtp=y~*%mqAED{6#7X#Dy4K8rVY{5~HLUCUW_!dFPqRJqG!6fyAQ&%yNmVE8(f
zdPG5zUN!5@^{sm!PD<=TGUjJUwU2MJh-Y_~nY`(_&AdDx4&DSc!Fl1s;oc>lh_3>~
zkU^6JK;cNJ;VFiSZ@2AsU%mI;-Ng6iNz^Fk*{DSR`)Fnj#`aoQ(YZ`$y@3G!#kjC^
z+Z+vig+{Oo0ciW-$L{;<?!M!WU9okV@8eZ}S<kDj@Wt<T4_eu`uDp#*tINU0St?J3
z%{LppQH-d@8L*@3@n0~zs2{z3H|eVz@D!?-%Pjpz55^jz-0y&a_)hTZHY)DTdj6wX
z_I=m)oUT_rTHT#zs<f2DYA~U^t9arzB@=uQWROsau=++R+e=4ZoGB1|3B>*Jrx`ya
zPM{Xh$qv6M4~-&mt*N*LpaCZ~F^1RcK$vp~8iHkG=K*Bo(sC4FaRMx)TSEw#ghF7T
zESdBc8(P&!ZZnjyKz2JmABSm5I!=Z_w}8q9Y05OV3TY5=AtDfg5yTk}2*_|rM;8X(
z{I9SL9CIfi!a)R#FEbrjR%&Zkk{)<YoyQ5}p1QQpu)lIqMu9DZDY9)C)D<$4#2PaS
zGsW-kzdwEXdGYn%%jazv%PcU)Ok*=CnAgf$(F~a}0E!NB2qT0=K}A1odU_Fj?hozx
z-Tu~@s7j~xYh~H{Td2zmvj|fmM2=Uhw}N~$`r-QjKve}42J|@A`dweE^!Ew#QtbE#
zz&^o25+U=2hYrG__Ue9>5rq{lrtEXsA$-F3vV%dd#aQC%rL^bi@SN8OpJ9v`f{L+G
z5t3KF@IL%Mbh%$!@eol&6Z8~f3MmFEKfZo_FICoz58rJ0dPy~beJ-dhvf+QE@EZ9H
zG?Qj?E{l@O#;BNNYprWph1LO|58BE2@Q8~Q1mE56U*FY*OXW$M&hO^<cu0x)VkoN@
zyDUE+M9V9$-?=`S5#!mAqZ%-(m$T_*82}UIn!Vm=?3kIohR)oDeD{BI?@jg)w6B@B
z-+>hXRe&h47g3`Y(Xwr^ps|fnN<?8LS@G%f!u-|aLEZf6+z+5YSh0*nVj!Z3oIEG#
z1KZTuy~4nQ_hx531m>HgT_ZJ3qMiH)w<cz8tem#2y7ghID~>o$Y&Wl%6S;W`$@WD?
zDG>#NeBOQG&%aHGZ)IqgT6%bA(Tov-ycGN{u6)f*KS1@v?rH}Mz|HQVX0FTDCH4h|
zod}yZ0Mqc>-`~6jC*fj<iYTJ0&GYQf#>}zS9?wrC-noDtCcz;7iXyRKj5;-y@agZy
zz|_lu`I!Tsquv4;=u0);n#|AK{Yk!G(yCniMj$L=^w(&u;YD-nMnK?zd<7Imf`MVs
z_*PF`ATNjr7xpZ9j3I+pFsjaHcP<VW_WJGH&v@~-oqJ{k#%!2jl!Qb?V#N^^R4e9Q
zq4(~byEOH$zrU+*gt199NRdkV?fBjFN;jxxYG}g)GbQWkXX+qPq6WTlz|rjWN#jPZ
zQ)pMi>1Ri*fm8I1K}A(ho%eUmeBSnF2ovgxh#*EG5m{e0CLf2tnmJ!LCs{OBcUVup
z4Tk$Zv)4h0SFbB6l4vh41!ThoQq0K=w;L=;ca=^RgELfI4NWP4+?SoindBhDEwr-U
zN3G|A?v<>GJSQF7!?Dk}&!TlxYWI#$Pa=068uGJ+cU|R<eCU(h^&B`(A}T{FY%G%_
zkl<;sfFjr=C7}wwcZVAfhmW3Zw4}<>9@|~#prVSz$B44TB@AMi;mmOc))SPAT95+J
z%7kMcP~)JbapaB?La1dg9T~apk9~}EbH^cb88WubNb5Qx(1j%{frc7lvRY-QWoH37
zGooEM1*ZzhD={OIEiEd{v^EJy%Sg(i2(YH7!*j6u?U4-EAp}>_?nCAve}RG_bcT?H
zkc!?JN}UCkz2U(3J*t=mYn$bhi9=@O6t2Tv^t<$S06+;V!^PwSgn)r+^qUU%J>a|8
zm&ZbHz3;R%7dT#opwnry&wOU!%lEtiTm=Mz6oH^;=DY8stggR=S809q0ns`0?7F{}
z{XT8CHz071+J~aMmlqdb91G(_&u@-VioNo^Pt2pL?$|YRbWWr`+M#x)-7XZK3&0f3
zYwq3qw|W>SZyL{y{nOp^Z7U{b{llM4weIZ7C+TAyrHe0eV>CYGftUB))-7)JcC8cT
zM|Y{W^DqVzfg-&weefvyDS=j3#7~p1avsm9Ks9bfW~w2*%^0d*HKTf~;D}6k1V#~p
z5E&v#1sT@3xmWBTk1)}UP(NI`KHlRtX4h;G5nPD8S}I-YV1eO7kLk0rDV>u%{vdi=
z!&(QrvEgQ<x)XPm$5%FNRL<`1Gdx!!9|z=79bq_!S*Py^@G4DUk_H5@CVsO%9G8$s
zeXQr%03rd}_|e$`KQFe2_80a%e0k^24<qex!(R`NeSp-g+ZV<Uf)fTaR)U*NXpNg9
z(`cJY-miT;aGJzxLanGY`>$KJP>y9D53yH+M)ev)B9>I8MuiZ#HFwm;W@V;8r9x%R
z@17jjckm!#@))tc6&1OB7-Q`Oc~ZB|%UP`<QT&C<xR0U|C4D2*7j5C~O@ve8-)`<@
zjB@hShGNkI&>vA0v4q5U1Z!DM*-K@J0*ZCxd0ADNP!XDgSvBFJu8>wDChnv{O8^An
zIen1fOap3quFaNf8wQNQC`c5GCgOvQRS=`5tWY$Ilf_`}hK@xtiX0&V9v=urND>!%
z0<<wgj3vRG1mK>q7T5$>!ANHYfg%k+f(azwbRa!x#TX1|IZ4h55@Obyz#BxM+iAQ&
zXesY?(dgAjo!#Bs({oHCG%S?7_j~7E;&Q5@Fp1}NM{!R}CAnZ){HpqoW+yzQ5b1X9
z6J4-9yk8Ek>cREay!kixeetz@eqT^)U_JHlaVu2jg+BUr{UB}M+}G%tf3`j)dy|4M
z57`DvLq1T|<g<&2)-aE(a5cza1XXeX8gGZ3eRuK4r=OU=9p<f8_pQ_{+PKB=fHRt8
zTK%yK1r5ZH1cM~O;u1m2stVVrTOJiFZk@Yi*;PjsdEArOKnf~zArdYChhk2}f)I{s
zZ$8%IK}fJFs96<ORZunAm^!-Cz3*gFjt>A?!EohBA0ej^tLDY<FL_c9rpyBotKv^2
zBq3;6f}}fZdn<b=N>J|BG|IKvDIKs9=fQin%&B+OJ@OvyNR4W;-9|WVYzm2_7Zt#*
z)o27_)q}8OM`%KZzH&u)IN@NPF~-~38kR|kM2jtStRi;cZ-i{#dqAQ%l2ZUbHG1rL
z2icUnnnr0AEWjZC0cj$jpo>6KZ@;bj_51Z`{aLGKWwSFQp01C&zJ`tvo0|`oK!uRz
zc<Bxq`h!8uzqzUAZ*Hpgdq+FJdR2w{f$=7puijY1R74R`L=^>IZ?#A3*~dOFeY!e_
zIo|#IdOoa`eQl|hG}~0oUwc|uf+$HA2#i)iW(UBzf29WcRfcNHiEUZfLgbl$O$26r
z`>&m>zkNL!WQq)FF=#YVw3K8Of}=IfOZEQk?46l&feryaNfi|sAhAJKM3cMulkdJ<
zDDqVO82DvM!nRiIljcA<pudI0c6@X6JjE3TEKyWgkKLA6?sJv<+1mG_u_ROgrjn%8
zlF5G|g+n0FBvGM-XYWg(e@JHA1h5Lri>68U^!>hbbpW0_&x_}O9xL^Ge5{ljQzRfN
z$RMG;YA(MP75BP-Ja9Zuu=tUK7^t#-`c(Zd?+9y9{rZ636aiTnP5!Bt24uY(OZ<L5
zfMaC+N&=`Tr`-GZm-psZ&itCG53Chr-Fi-TY{O0=IY4E+rGNnW0k@6)-$U-V2|#RB
ze;%1+i3w9+j9_4qlPpbPNsPo>_4oPDUi@|AMU{bk!b$QfqM(SdL{L;d%KF9&A||Z8
z-4w$0##Aho*)n(Uo7QBwXy{4}0reGBL=aXf$DX;#wtP41%Bj!2eg)A-t=~cbeH2lI
zlXOps`n4=|P|Ko^e9$R`*SZ{#_}qllsU_>@*}CP>eAdjre4<J}2*g;y1w|AQ5k0qu
zwC^>~-q3R^lZ?PWL`DcKP-b)Q$3gj=22>BaEYt*;eeg*on@$_4_qTdUdF`J$!2qnH
z9f#$Jg270rf`WegjeM)jzh-qGQMx`-U>FieePTplqX{AQzj}6DC8vbeTqVocUX5x6
zPIH`*7<{qgEn<xW3}7$fCK`^c!Gb_a2t<w;CxU6_ee=2R4g-=xJS=qrUDbez6uPp)
z^@T$+67=D8TbGDj$^!2wtEfmZV59{dR1Apa=1dBT?O7se+hNNXU<Zw0wy*+)W>b;X
zAfl|WN0PQ|$uh{wVc}4s@f<b*j-`M`D{!y~R%TOxShEHPO@IL%qCf<3;ZcQR3=@iC
z%x59QtkEm$z3DuS?;f{Ez2oe5-0UgfuY2cb-s98(bCss87I5TM5Y&{kQDN2yiHi`l
z0s^ds3OLA_$fQ~=AV@4MMh7_*b`rxGrxdMGRa7)9KvWx%Gwti{=hN<qaW#{5zEsB@
zS==HVdA#1;+ZTl<N2@oiCT941(LtlZ?!NG>^(#rLuVnNBMv)ad#RB(;53&pZk7C`i
zh`{XdutD=)&xO;QgzqHRx+k@8g$K0=VJ9^9fRb*rIrAB!AR)^4bUg$Y%lncZIrxj^
zdsi4A-s&22i=Z7ETXg<?nm#J$-Hv_Fn|ogk+jZ&^Vc)L3>QvCMG>Rjd2fLLQvyE0N
z2?tUfJ{I2_8R8_Ssq>qU?)&U^x6-+xO6~c{`==LONQ3Tk@2Atdk1yY5ExgvpJE#YR
ziyvP75TFmf5=YPLCXAFHPM@6_v2>zuOUIuth#oE>NM;JN;JvVJ@rBpdW8@dX^>2de
zma9I<*iV;F1>c*&lQg{ij6q;PGd{uibdLD%hW%=tW$rrj<$f%`mEKo{5k7K_y2|@|
zx%5&*l#{r3aD^+bo=vCSdt}}H^07Ml?utf>NLEmyQsR@L68W!cMEXR$4`ub?0iT!C
zXxGcMYUMjS>hM2qWPf42AyfO;YS?_q`1D`7u;0w0uEt1lX~ZMbv@%+Hhr}z5{cWEi
zc4&6h7bs>l?^&=$XUWZ*V7kIN@7)CJ9OaHq{Jlc`*3Tt3SFG8W2B9bK*TZVqQ*ea4
z1P-^ZrRvn>yTYSY9@V_)?=-RnC73M=7={}@`|ckfU)m?*e24GfM`dl=&G9d9q}|<j
zt$R1V+_F!;TUb*`p_sf#K#zX@J$dBg*4k~Qvn6Pmnlg(c7{UO=2+y9@s<o|Vvw2!t
z?z+}+nL}*ru%gKHlEzXrlGSt_!EAw~UyqNX@|U!FJv~^Wo0T};<@i&bZf;ddR53k9
z!RoWH<~Jys7<;A3wJSS)0Gpo7zI-~mtImy#eU`7Zb!S!)ML;GC_FN<oKqOFad5N>r
z2Xe-EBpE~M#C5S0UDu&UvTJ&{?j=$zIm%NVr+3Y7Ldn4F>7xwFoVk}s#OfH%?(Fu0
zic?`;b|fjSbDY!zohZ=lG|BBQIq!>~H$E!0v9z|0O<I`EC>EBa*=<{{;j?M78$9OR
zB4w8vRbIN=h|QTZYBTGN#G|$)eKA8Yt7fF2MNts~0w73Bed;qh*0O6_vL}Lqghoyj
zaoseSLV*s6LLxyKB-IUS>7@8r71g3l3p^)Gc4rl)Y+0%nFjg@nkpzRT@0iu*29ZWh
zYSyYy%L-ULmyX3X3NRmFet04Z9H}Zto3%c<-s{a>HIel@B_u)Uo8Je^k2>yyaOC(w
z;G23<$cgY_Xr!8~yQ;PXrpAy9znp8m@@lG)M2Fs49)y(?VbrpD)2olENkn?|r<Hy2
zdz;2nagv}X0|2xPAh)i^BqEA{BqVOdEU^%?Mk9t0kT6TJpaPs_OY4omCtWuLXO2*P
zeEa(NdUf?<VDGZ3go=pCefRhL@b6zK2sA3}O}ZvWYoTBuB3wemK*JQk$wZP^v<WiN
zg)-w(7?7oklzB_XDvcq2AmYL@tSU~r`+k2#Ad-AKr0V;n52o0aA1<q`7|Izw&J}f{
z{-18hQr+V(Rs+Z5VRg)_J5Oh|b6sj9dslC&SvU9Ht1|Ib>-ekn8tb*?;<M}@PUN^|
zD_GXzdyWOMeU!ChL3W?ESo>;~@w>Yfw(Qq2pI}5+&U0>7FOaKfkAToPPJ1theXH9=
zmvwxo0ZalVv=+%EmES9$T$Fc`z3C02y>Bra6@x*{#pKWJK;N1r=wu#fl%)z_BgrDc
zby_a1uZUNuHGbV0qNPa23nY-$6a<LLBu8~dyQ~*3vBAQsiq+h@N1<O4W-rR5^IM{m
z;p)r<dsVfFg3yA*#A^Z|`37>Oh@<0-{wPgwf@F*jFA6)AC!=f>m<s@9^$amAj<nN3
zh%3@aj#Xe%$L6PQv22T|q7rNtMrag07j%Lkq1fhyHVC(1-%yEYQ%*U@fZa1LjSEv_
zHXa>@Zab}#_|d3a0tGtV5<-#?FLecU%3hswuUrFR9reWA;C5y1hz4qoWk3&`d8#d~
z{Lgs$7AVC~EXu~gsS_4uMv_n#L}zQ7`J1D)-R5}1r5Q(r5=2!cC6ZS8t${R{L70&?
zDkBSe?fkvUx7F8;b@z7`YQIlpG|9$kHUX6<%$8MGY&(QL)~xIKlk*i6iXg#MVr9F^
z`c>WD{~@mkZO}<NBo$<ckUoebkWt%Z!hoQBxAf?_P!D^DU_fW&57oIZv|WQlluX`l
z^M5n}_&t02z5xb_0V5Dy_wnZY@4L?y*W%=;o`9O^1K<deke^lvl1OS%mfwB#_t?L8
zuJ*UZdJYX_t$N{e3fBei-=f+b>Ed+Hp<;{{EMf{GZ!z~Xe|~Gm!?p6Jp}r8GV2U7!
z!gBkQyxc66fx^sV_@hU_s5_z^x(?sXy?sT4_DoM`!hRTp3?i6}NihO2h>JJ-Zmgs2
zjv%S?pB&9ggoo5q7)F6GHLuSeHu>`HuhqO?eHd_{66l#5^)*4!khpwEPW(HSy<rJH
zUKUGXgh#YMs;L0_5|S!_ziV~(zbmGMI*nJRy8?XyV5mx>_g{d7jGaTn%#ucr&3!6Y
zs^MV`fO>D^>fXTo3W}&AEEQE}-^Ly1FTZ)9qW69Rcu$})6;O`I)c8<Q>iP87a4a`P
z8ft1XA4X;U-+c~!Abgm2hJBr4tc`1%_r0xb&QzB~J0Qk6S!JbVpRpNbGgCCvGrvQ)
zA3a$F(tRwIKGoj4L6m?b8iCK9*6Z(1-u@6Ox@i06DvBZ~ssd4qWFj>w5K|#r_j_H=
z^PhM!6e;kS0q}xJ^dhiwSrZ~@Q%b&d%8Om=t!Fw}HS@PO$w$HkQ3WO4O85X-T!44o
zusezJY*?raRxA}A>i1{KgO%*<*VycMbdnuKBvFwF2#|-((FC@}r7cFS?Q6bU()Uc9
zetf$z1XG19(UVyz53Tx%R%-QDo#uOw29Cka?;8f~>Mtxpy%3_Lip0F~9{8|%UJDja
zde0HXJ`O#gPfqJ4TgCR_Ub;kz(sitO(zt}KMNUvzL`DrQJXXzbP~<#!u;ZJscdp(G
zo&%eN?>sZ!JZ$CSHN)>>$Z<NsceR5kz=o?q4H|VNgQ^0Mw3IV0jC<w_&jcODbUtyr
zo;c?liq&JgcfH^oY7aPfm%ZS2ElHLMz{QSf$X)8d))QL5mTHM?g~15IiiJ$Nmk`h>
z(9AV5@Efv}bXH8ngBYa_($g7HfIKCJRs}4WfWbI8^UKlk46>NDl0p<mIVWMXX~b5N
zOi3)05(t_bQLLCmoWd}LDvT;IYXm~>=Hp5$yQ5_s?CEH1$vH(@HIyeKlpVId#|`ge
zUvl$7A@Tq+6*3BLp(HhxxDy8fM_8$72d8OmAaMf?FGyt%d*Q8?cf7prq(KFOcIfa{
z>PgHUdb)31sRNW#eR0#cU7F-3i$l;13`xvAUgoQsy#cweFv$RYVsAFvAvjC!ffZF%
z5m6E0j5ch6-EUI~-mh>nV9sE5V%(WXAmF{ATxfz)SW2RnsH9X;RQDJeAt5uo^xQV%
zD2h3j4O&W%ML0{}#`*ox{k71_rS<2*zm{{RZ{E~waltZTABXPk3#FUae?H^CT;e9y
zaKp83pw+SEZ+xaI-N0wpwdev22EqF2&dS3;ntOM)tuLYMy8G{MXDr4B{X85BsLfLb
zWbcNfR0nJ0?_S>hxjyB^yNVkde<K6#Z{^ipB+>M<d#5+#)!p}0wY##8Rd1);R8&Yv
zCfq+M*m{6T{2KTxa7k*8^IN}Jwzj2SeOI0L)9XJ%?`S>C@DklKJ4VD`-%<~*^XrJC
zyT!L)`u+n?)ceQd`S#n=PHo6MK_lUZ5^0n|jI=D+QjKN>6j>t>Ydw|SYsF=E)mx35
z<#T6TRrwD57eAHzNal^txkO$iw4{{m;h@NOxFN8!GkwF_9N#>u@@Op8w-i-()bZQP
z3vg|ldIe`<sK<Fn5qY-vy6ut+8iravvWY!X;;tRRh7!+S*SvrrA`oK*iVVYs`_2h>
zQ>1USsHPw+O&fj;9h>Aj1`vYqZU|>WEQm92xabSV*m}c&CBZ~uECxY}C2Xr2SxuuL
zf-<rtu|-8~_bo(Lyh~*aV+~b<Ul!QK_P*ng94Ml*DYcsS+i<6TjhritD>JrlHsIsO
z6TchIjcuc3bjWu}LjV|1C}w3TyY}wOw_f1P8L*T9jxtk>9P@5ObjdnoGbb2_7?xr)
zDQ+7$Nx=aVU_`-$aBIoSFk{YG)pp70lcro{Ub=2br!#osdLV6)+X#;=7=$=L!FLtI
z5F;}z1z;G_C}IR=G`8(tdu*##xV<rV({VE@J$1JL%LMV0ZL<$K)12t9Y@z3koG9^%
z%ub&DZyTFCQ1OU(&ltR9t}vZ<w-wQeS(&KkHsfF+KE6djL$SC_8>K`<MI?kU8rw;s
z@}#O5^r<IFG!j}!q1j>*%_^BUV^(C7LI8mh1=Q9IdLSZg-Bq^1-=24M$Q(X$*_JS5
zOk?MRY#gWt;V}6VJSOR2gc)Elrl|uO6JX3K02_g<wjnq`8Dki^U@>yW1Wlng*?q4D
zJoDVLal!z!+W>k)_^+$swcdAkcEPxI2~!Y;!|`4e;}{_T2d?h!O|iFc;K7XbiNz6v
z>`j3KnS)Xn4d9^@bKdk@JKu++n<@w9trva9siQ*w4cEu7)y{=>{k%BIyYI8G4EMsR
z>aFWKcRYA@oL^JltDi=Ad=pBb8TVTG{h8E$;QpU|a_!Zhs4tz7!Pq(J72n3ERZ+w~
z#hhJ{-(}{%Fc@Gv`O6$JQFX1bBEY(-4l*Mofr)LTj;cbrP?fqQFH)dsg`pzpcR^dA
z-lz&-8I=H)RSCrJD>zZkR0wg9yP$^Bopr(2oCe)#I?&j26V_K+O_8-Ou5u5J9LCji
z9MB-LUkXwix{^#`wie1{mD&jiR;n68NV-aLsD;%Sgbb^=vQA#E2eoz{E~M8gy{z%Q
z#U*Z_vOulS0mj6DQX62Z4V$t|WCHa>fmuX~LiA@0kPR@CP9(&VQV`6kEJ#SJ8>s+y
zM)^V7s7)j$6e<WjlXlrI(V`tyCX>;Qk|H|b+|_{;27P`O)5HuO(Nh32Em^v}a~=;n
z0JM{DepD-a=KHd$fat(IbtK@)+^H;PFeRB#+E!G+;hC1&H&7;SpiNy&)dVLBsRA}o
z1mHBCt?(Q+faL&Ls)qGJ4c6>}lVfSe<DT^Q8ZaL3v+BqK#>2r@00#Sh)?%a|HJPPE
zGY21zD6kKBj$jU|UU)DNrMI(}2o%B=A#U=30NYmbz&RNT<3}9~4An>$$X#o4eKvrx
zV2KziiZD_}Bfk4zGWAzYX!Gx!5Z8li@NKablGd-B5Y{ZFkXQndVFR5C0?VV94c!Kg
z>dz3(OJEPnC6f=eYpox3*je%)2ELqCVv$h+*>z9F?R`osDouniK#3wWl$NcNTju6X
z7K+HlQD8{2efwd*wf2K|_JZiSIrl^@f_$UyxszG#9jzPGsa05e=?Tz_BvWY6Y{gQh
zWYUJvnxcbLrfEn-ZKO;D6hRg&h`|ODefFrkJ55{-^SyJg*R#e<Wkmf>RGV#Wn^3Z5
zLm4ro+iPF0?|t3x@6_Z?v8{UzvT8$;sFx~G9}l}bnPK<PxthJ`F3)A3O`<C!BM}4y
zSvkY!D8Hq2=KfThzaZdefe~21AdN{`d@@ChCan}%<F80m1dRJG!|Rc5gI5m))|zE^
zgN9E&*WGWwmydt9q?Cd|MhsI1DkGWkH$=XCzrQy40G<$%B7LPPgxC_R7TC9q9$l}W
zeRJw>G8P)Dh?5P~B(P+avc7WuckZ1-)gi>q<Oj3jC<w+fBN35g3(ntMqI;igF8o)@
z_hk626;)uYP!uC=WRk3sTT?|DO@>GS6%oD*VG9^Ag*CB8qhnd2GDsR1tLe8(!?f*o
z)9=SDhD)>W(86Fs>KR`>nIe6{ec@6bCBAphK%-=Uwk?WC$Wcb3p)71hB9i<3-fv%d
zzn8ukAR?-I5)~2%ih?QvC@Q~sJ&>tYTxv1X0lipzXK#6slKJ$XB*UM1W9ctZu2N8Z
zqgOr?=z=1Gu>pGPrEh}!=d|Sk<P;*RlBBgIFi>eJB(IGKY-mLqh*1!|)jvCv1DA3`
zUmEYuHcSko_3J!3gO?%fC6>_7#Z4Ewe-{s%>Gb`@Vv3>&h$|I>F;zLu*lezR-+9TD
z_;0hr^85F%LbR4kLKeW3lF2J1l#<d`nKY7?{kkexsI+5AsUd}xMPQ^AiijIJd}%w7
znLk)uGHr!Qtgo5FfC;c>f{K()+ycJuF#WJ5Lkir`qLm_%V0?v&2^3Hf1VLgjQ0MKK
zYVno$J~F7*?>Cyx0U_fNKwydxo)hlAO8KH`pSEU9xl!bX?=N2~1m2->w`bcCL+(ke
z+CiZpf`r(}5E5(5SxzEm6arxrA?0n?U9WT-+ujdK0X+4)VS2fU-32w7tR>wVjkJo|
z)F~h^gvo9M62TF)$Cy}I8H)<ZW)p!tXA)rra6AT}t#$+mDZ2s$1S~ERM64?Vn95+1
zNM#U3X@bgxqVCZJO2yV1ty+=<OsWvaHCVSnTFU~}EKEs;i`Efp^;c+93}$HYdju=I
zk8YsH9O2t=oUY!b=XW^)lxfNVl*HyBbTK({Hbkvd;jA(#nHbCp6Eh=e!6w>vFs3JE
z!3mkf<|&e$3dAV^P6iETf=txa0-3ab#B5-}uz$;d*0$eT`jMJ6&5|->64=;cQASG@
zl1y7;MT;ek8&HOlQ(6quYE2U)+DaKgwuG@{#9-DMRLe4<vqsozWf}}wF^#3QfU#)C
zqikZ^V^sxHG*uZjlr~gbCaGz%iG&HHYDyDCnx>VJGE!iQBSw~3X%<6DN^A*DBN2>E
znn>8$nK2O}hMA2`G)PP~mP{0rLP3!LrG&E+U@8Q%G7@Q$S|+H<8wSCVga*qfifE+S
zK(S_KWj2kA7D^UXLYr8X8n9I}MI@z?YbMH+%Pi4~N`f;eB$^4D(vxB(OA|{lP?BMW
zfHDZiN(CVTB$_cuEJIWq7Fk0isVrrtflVfq#?qECC1YUJl#nEw39$w+ln~P<DV0q^
zh`}3aO)091&4SI0)X7TGK(!+Z%`D9+QfW+PNf`*4Q%2hvmW4)UO`45Nq7YUrme@8i
zmcm*_Ns}VhBW4AViJ%B-WeigVAc|@<wUkDhNwZ+ElT?*WWwd2UWEzDKQxaw@*rsGQ
z5|dGrQ#B=oAvCo%F-5eN3d~zcs|swzqe*Cx*^&g(HVu^0P>G_^5|%WvDVES`jgw*w
zrA%Nctu>8il+x2m+J;n0lVq$|Q77})-}8Swdh?%})$hW^QtRGxck$P8n}|~dlY+Z3
z*HXs*9km-nhwr-A57JTRs$JXz?Lg^@HQp2^d6SK1=N_urC?NN}_s7g8lq<T5FV@85
zFd*nyzU@l;ZeaJcbq{XXOS=!C&A1UXZDnJ3!ZIqxUt!h>5F+jIe<YIcx+C6su)na0
zQ>Oec&;dal!m`C?6eoKI$_@B-o;j8+^y<)wVXcD7hp}w4U`-v*+FE|<aRxU0u<XmX
zfIwF)I{rU6c{z5g&tqB=1EBhN3<Jjdvo`}6>)vqy03!A^F#2xeknN5w@Yhy_%bkx7
z?LtpdIBfeEY3DC6s<#KrGf6lDI5Uo8551V13Q70VZsIF=2vnEm;AiJa2-!m`mG6mt
zyhd_ENX#ChR0@@iBa#C?BdMb3`vV$Byod+KHnX=@dG_Y@wMf2%YxV$k>u5!`oOOPi
z(`;Ffs4T=_Aqyy5L$dWXg~vm>)%XWE`S`MX3B_Ra`X34FXim~dLHXL#-p$r43bdLp
z6*v=%A9|){@=4GjU{bn<#duidN_4TaW7Ua!D<`Pj-8M&hX0aRu?$Xy-_5*cYcTUC|
z%oCKobzED`_AeaVDNx*syA_8(i)*1lf;&ZuYl8M*h2ri~++9lo6xTp;3qjiA5UfC3
z+UMN#dCs}-@4ok+_x*l$X6?OZX3g4bW>2=R<xzrw8cA(d`}Nz*ozFy6;(uO{n0TxI
zvfZf|_;SLf8{H?c7CZ7uJIJ?^6`lhzE6Xz90uhA*j+~9eSx{vgOQ{k`iG;du1PSq1
zB2F3;PZd7~;fhWzA4k^T8>Bl|2*&!q(CZB}r&+xth8lIE<sHAXR@7c}46w2|Y$J$<
z>9C7vG_Hh_abdgYRp11fcXNSrbe69RFH#5;!&OOpO2G{>4>c35Me)kT+JNGeXHHH}
zdUNw^os&(jHj>sD>SAIiP*tZW*h$Dk{d@K`lgro5PoL%2kC{njPCAaJ>UaMjZkm1B
zo|B!M{C0}f^duHN+JAG{ood70u>PTY90w&`?_cWkxls}?<g4S$PNuP5n5?#pxy%<z
zIrDWB-m_<y;~X_7ZH{twZyefcX&5*R9IR|dpC?6Kr5=oI7fu`8K6zR5T=YE@%l@A9
zq$1I3`fS5e7PPQD3NxdNhnnl7C&=l!&dj-``UG3mWbGX>roCG&ZW<`FKND&JoUMOF
zlSG8J#qWM<^sGO0C5C>8gCk{2;Z=#8wYs0@w;(#v&ZafyJ;!MV%OQHL_}1Rwdms`I
z3ZDoSHSY(+<Zv!O(IV)Rz}IDsDdx4lU@7T`6)9b73#Y{~2uHSfo%D1~N)q<YKZ-5F
z3VI*l;ce-~C4jsi1#?eu3_)F>SeTIQ{rhp7fkKTdKn9XfnY`fO!lse({y_n2m1y5&
z5@~cwl54FtgMJj<yiXaTn(dO*IL+>Bi;4B#oSeB|$^%v^eesNh87rNY-B~^Psa=RK
zTRDwt0;&IfI#>V4r!A+=tK%YHK5!Y+l;MNi@)}u8a1Ku$6+gAld9Jv&sjzlYsGo25
zxIB^Yo=qebb#8UtQ1;gSO6XIt9bBY1PhV0<MJm{*Ld9#Eo86Je#PUPp{F!-hrLDhb
z$aErVZKwkkxSzxA#Hw2Cth=Y;gT8x?1qa=Q)Q_^6Vc#^=oheq5?68M;BZtU=`nK6z
zB`dmz-B{Yix}hpY9`2Wq`@LsS?h{cr`zHkQr*jWexUYX&q1$rJ;7D`f&~$~dZ&wRl
zVL!*jbd}5$x=df|)+_pbTeHJH(Pt7NsCCB&Z<P|uWeU_!mOfI4gHem=JHlHjoHcF@
zsIV}BUt_KPDM!+=-+MNZZ5ClNYpbja^$|^M)cWEA5UU*>W_(OE`_tp0SobI42)u~!
zkd}d@dTJRaWRJ%WKHgf^22cdv9%F-xjVUwyo3HE#t9b%{8d*cz7h|(8m9{QA3=Vhc
zhY2Pf2H6qa^s(#AuZSAUUXj`{+mqJEV(tj5r+JlO*|F5WJz$zJ-(FJy9#vZ@yzz_l
z{^S#OZ=04EH8ax14OI7Rdh5O%M;*D|lSZOV1vx?kU}uCRyWUlvfkx$diePX<8yQQN
zsN8L+$ZyT$r!DDYMO?fp!%wxh$8=Uf9S)eOij}q>ooh_oG)I{`jYP|eVI8EgMLtfC
zDblWt)K<tQznPHhg9kPpi%M+@55O&h6ey$x6tIo}Uec0}h(Sw0t>DJm`EC$hx9kQx
z(L56lpLUV7Pdh;lnQE&6qY2rb!eD@9Q!@+kmOL!=NfCC@&u}&h7{I&%MSwpUB-*tb
z!`2;FN@vVxQMS(8{J!^bPH_IqUh*5R2_&p>IsoZuqbE)qBOFPhl;<Az;VoUNx()VV
zLHo~!)cWl`@MI7e9Kp_t^NzSXcHHK;7u<#=+1dk9whX)?4!oQt_Pw4`2wy+&H{9u+
zfqg=%T*EuELM97PZ^a{baMrqy%oa;o_hy>p&F;ta`zT}sjb+W*oBKw^Zv9OuV~L9z
zZ;)Fa5GHDAq0K1$nd80B^<4+@3UT~g+_A*j0et$s<#)}t9q$O<YN#^fr)*y%np9Ja
zn(FiT=7Ad*_B<I{mAhFby+zY$is$Wfur-Zd$2|q!_U~H(Bf;BEIbwR<A?t7G@}q7d
zNed$VEJzv!@h82yGcQ{c?mb#a-kACD=ZS?M0JyMr@ONed9(j-x=RKHy>RFo?eCvrH
zO9E2_J(LD{5BDF0f7v}#ydWd~Sg!Z0uj(U-VL-BiJUFNS=b(F!d`kmu=Ek1QTA2!3
zFr$JYck$*a=hm+`7JY9NACGnwXLX$w4)%TI#xW>>YWKB|pd|)P_1nG*ab?SeXTD~n
zRpPm6j5ZxW)q0WVnUM9DowgXa3&IOwO1@zMjxSeeC18-@#)$@~Y$N_BXrI)^zyO0=
zHV>+?Q7Pz==31XFHu%LgHCBgVVsQ<y)igE>&t@g^oU?#f^o14~-X4Jd&DkK#L=^sE
zO>swlB0+|7uT>&4J$Px-y#E_x_sHc!0@gXL*iXGuZcv$uj9sL@1*cpJOVDVEMNjj*
z^|{@?d+G>R&mK7Nl#v8#uvc_U9wB!PZ0#9;Px+=Gm#z(pxakOwi@`wzx4zswvZXP4
zU@}Q@4EDGP8MU{j=dJzH@o9Xn$R5g`VQ6ZiPnIwo6bcq%vDl5~)oti?VgWVb!|9%b
zM?iwLAu-KX;xmof&hk)`z=wt!tS-0M>-rWEo#9LIx|md+R$H&B@wQG-?n>#;-}dRW
zDSZNLJLEovL&vlUh&kFo;t6OM&%6k%^s}!0{FzArt<ZY2Rd+ILRS1)Xp@bbMbi=yj
zGfSdrY<yN==nj#i$uDVZr%#VNT(%xf7MZN6xTeVR2D7GrirI1S`>y}}QA+;cLf6>c
z;NACgXvVYaek95~PO#G4CAn=(UbAO>6Q6qPBXrFf{~>I1b@U7QZy|D`3lF})uTgaX
z2yw*`EN7YWcAmy^TU^V>4(%m&4`(>1Zcl+z6`OZy%nI$F9-5^U7B|suov?~vyU!M7
z{Cetpm>*iK0#u~K6$>gSAY&MJZCitLP($4bvBynLvv`bK0iKTtV2-##r}XM+LP=Q!
z%>YY`Q~B_L>wuR!TdmS{DHD;3%SCNE#mC3tRz}lE^NE(>cW{eEp++)dcATxZtjL`}
z1(u+F$IX@?6$O1bQYyhYt^)Jwl$pSWVz`cd+f<K<5N823UreWAlVOLb+qSPXohY}-
zJ^SKA=qIm-(*!#yf%}Wz?QpDEXVEVJdNF73@0(5Tp8wtfZ~<_{xYE)xlmP#~K=e=P
zGynjxq=X65#PvtOf0%z~VPm%c0T-qXY$YNt%oY*05&*y@fm!<xNQ5$!B#4N(B)F>n
z%le!C(F(Idgq`)L8V1-(nB@N}(y+5Idf_+^XCZ`I0htnFOG^JJ@kapSAJG7Spdf%4
zgaD)gxUiM}WMH(%l;gte5&&E2&w}CntuO$iGqw`8HUJ?(gyH|A5i#gbF$6IPTM2+8
zt^{Zw1pJ@)pT_uaP8!kQ;sKaOF~C;BB!8m{z(pnr0FWYvXCyEn9VA5zA`qmA5ee}Z
zg8)SP6u&mV_TMJL&dSKD;=(kBBZl**C<bExl>*>GAOMKJ)%$-pj@kZW(7&sQt7MUm
zhyf%3*e{0lB>9y9q=SE}^B*x724=^({-+qOKjN^JmXt8|(EexlF(v_20Wcl^r#Rs6
z1VjHH{4rF9(*NEj!d3#12(?fBJxu;L_y1b?qeqqGJVtDqpdhvirWgN<KN|e`0Wf`r
zt@MXtHc1En5H5^f7~tsrN&jP74E<+7{a4$+voMv7{!{Az;Qvt;WBozEAEf==&VTbU
zZlM3OaA8{hlZ(muqsSl2|5JxZa{lj%0E|`t6v34FGs^yue+2)@<yu~rz%c^-sr@&E
z+I6!344eN8WQG4>{k^w!pnndQzjgaFsxiPA2$QA(B>p3dO!Cj*{tq(s{<|O8N`LeK
zVCxuWab;v-20NzAl8UMxhM^~!k(HrisFTgrB#0q~I#r-QcKxr6Ka}ZTm0S(KK^ZMO
z=a@j5-pJtlotpOp<OhUG1_|C8&oh5}BiF)7Z&!bxaWrC;-pJ0d?f4>8mWS1=+dv^(
z*C#f)wd`Y+l|T{XuuzbTsglZ2H?(3<aj$$|H?-T{$F9jg;*zx@s5j&in!rL&ElPlg
zibzSQ{y{P^Xg5Qx9_s;$Fn#-M5hun-6kp|LeJuc_eHob=iF=|JU}M8(5I5Z(^Hl+t
z%{QS)Yo4z13Nt%*b@G7nG^(o)GQ9zptd6{#n}T#8_pzz(ESc-Jxi+VL{o4<^IHWmV
zV$*!7_7(e&ESe83Muv3y^u#E<14!#5I1rXov_Uzns+lIPj-Rh{G&^<gHp-f>xU1&}
zw=Eu*Jb`wW;PhMh{ra|kSvLc#&D<ink5FtqgD{*itQ6x68hi}uDLYfQ6S4z2GjbNz
z&G4J`kP$TZ+xLz7<FWn>_hc(^h^6}w`r&nx!04b%T1D?X`y=tjXyGn=O6S-u{4rwM
z2O!*hs*iPM>q<7fYRIC6|Dy)80i6)BX`vh1rzVCCL6_Ujg4RXp{}R?_-{Pd}zmE3t
zW7b%IK_kGUQX5ZxWh=LK&TP+8YI7jy6c>>iiEx{rB4iL0;yz6#Sz{bbJDV5&Z1o6Q
z`yy6nAV1>O?GFI<l|ouY(Aj!V>?i(mNmIi6uSdKGN@^Yy)1!y@D`i3Vg5K6v5`ILn
z-iq2bI*@||p%5D42K;oNN~tkh#9ry^MZSq!)iZCG_1j|K{htxias}|3y30u<G=)p;
z;I&z4{7Qa|Z`yh`xF6VI>bLE0Y0@9nXNxPz<{r&@gAREgIVt|`or}P;s=6crd%9WX
zHxhgwm8RXpPuWa+O-RdTSGxmj+EB~CUo5*@sq-&5)KsX63UpR&41d1{hNJK|>fyxN
zqmS4YbfrsP^}rfDiJj$jUkG#%8^$J9P*o(?+VV+adLA6Vh5+XKeAZ7mV)n07;hXI`
zsAen5UJ8cU?>cu<?-|AaaA|G-<l^@P2P&%PLvU6@x2f2-(`)>=mO#>n=QLdHrB7Od
z7JbQWXpYUQWsLBEn-kiC0{;_X1130#VC%+#46-13_C!;pD<%GCYKa{d-taHK8s%b{
zk1Pw;6)pn!?PYcNv{R!lA>Daq9~$LIw|-KDVP0>4L3vqD`HWc;i+3o0cL*^G^l=XP
zC5_^kvvqy%_576(`M9(hG7b+_++~5qggKoh&m9dc*}tzD&ohOrCgLXzG5{*Y#PPA;
zg^?!5XSAq*2oF+A|3%8mRHg{^f47}!f8d7mIF)CbPydRn51j&X2?_`;Y1dOOAP;vi
zw7jKex>}<l7@1N1rV`hoWWlrL{U|3={@QQT%;+izD~0mt5s$v<TenMUAgF7m@okYH
z&YcDBxuObifAL<?0B`aV)llc?yN?z7OY1%R)pB)3ge^pch|>_CS5BHB(W%Q-Dp&Dq
zzvf0C&HDK!4ocoed!Rw3%0L%=OUWAg?y!4hM=*L)3m@~YXyALOXebZBhRi;-H$RCG
zIQ3ewql8V+a{2ag4@rCXEiw6M?F@rrAMgy_WkH+`=JY~@lLoylH7oP7);n1s@Hn}!
zn($-_Lkl^hUjHSQ(ek@o=i@LHcv9Q+iVFO1HEq*>+jHCgQp^6An?RL<iVj>wr=6?e
z=djMldaj0tVVwbXZkx1>7N3lkb0UF%k79T#fAh+?Eil#jv`xQqHFRp5qN%{2slb1w
zWi$~9{B@bp0?KH~(>BFSmKg39SHt(1?0*$;HT+%GRxG3CowjMMw&}f2ed@hy#>;=_
zl{RMbH)gu#7DYM~iw?30@ZtRXJ0&0%KzD_96084+31dZbo1u~X-uiH@AL;?-JnwAs
z_O@w(9IPoU-nlrSy{y}ILNTii**l<8fEob6hsRe1Hh#;8D*)1or`AydP-B;M=XH>^
zSC^Ios`vnWZqnEZ+?Mv@8LQIi9%tlV?0|9z6*vPo8#W<%!aQ-*i=pBh)V`D|k8^ba
zlLY!S=fSs`sy-5wt;LZhvR14F0tEi^$DqBcA^^&$pLdP2m<Kn}U>OsaDN#~W<KYV|
zMym7qZ(VraXI~7Ui$cN(2C%}7&KPGa>)O``PTx8<dA&NfLVu}lBBOzid(<-7x`Lp^
zD`%mHn^oI^e(wnquu5(YnV~XP=-s(3bGXk)57c}{#<~>+^%(d2(l)h_K33R>IG)LM
z7x;|sX6{owb;l{(jo0RWCIL1HyA4m-4Bgd;IKP|Cwk5;dvOHf*IbR`LD)u<d&;Ky}
zxo)E_e5?0LU?6(O#*RQk<mb`N&@x`#<ik?~3#Yqtl%*8+=~6Caf2sHWSsN(4MWa?A
zYJK_&`9$hwmze}|Z!2Rhpy>?-qd$cjd0u$wDZr3lx*HcRpo>57JY!J<=+0VrkSxHZ
zCYyHi+2(P11;)RuW1)2LHY4*6A2n5i&2{Kjb8+h`a$vhZ<m8n6J1dI-$H|h-*+qY-
zfM?UIE;H`N3$o6~qHoF0AgFH-X!t<f;3dw5tu$HpY~yNG29h%(j0rXXDC0(W!4KyS
z+}_fJD+3;dv@~`ltQL%KHX_3m3rj7_zvEmucHb96cSPOYer`U24p%9fR$P>STlLKG
z>~{dZ_6&lymzDhKOsq@R@IvQ|QUe`qj;NSuCXmp00vIIeq=W}3x%{WM|7Ut1ll4tt
zwZ6`{K248IS_$A5OqyVz^B6!>I;g>D7td`-6oG|<B}wJPmuAGzCyrIYMux>(Z>-1Y
zCJ=#<gR7-XQJxT4I{Jz+<b4$`KOwt-Tj^j@1exUX*VJI@&03C+$HtTv2Gm%O%S+kH
z@bJ`dWr^9!pP$oU;XV5HevcbWMx+#}+?3ocrO}<xW>Vg!v0#b6D(MNbc-p1WRL5V*
zXp*jx{*qnEC!JBy0P_TerqgV5(H*Qp#@5-OtE{Wk`Hs3f(L$hn%+a;MVKdpof?uF^
zQ+gd~(B-IZL6+zNW=z0%QA=)0bZ9iG?JST+G8wq5GgeBMuWu%~jdjKoX<-{mmVQm>
z#Rer4YPT75T1;lV7J*l8CVh}jvu@*=sodZ+P}?O3nMwkCJ^c+l9oo8V_W)`pfJx<2
zehn^0N>@fOKOa_=4vmgUWSN+|n-r~(hg%RZa4y-v(P4e1TTo*q*-hA<HUS*3UWT1j
zRn3i`u2xk>Oi?N{WEF!Q^Vm%f<KV#}k+!z0ThO3<Q&+vayv?nA17($Iv2V3d-sETm
zJFZ|78K<6gYvX*Hg(qI<gw$wK2bs)Dfh<Z_D?AfTq8;?y1YMEpE-X;;<YXojVYfBm
zrT`ths!HQZKqW38h#x#Y6Yb0a{p~FCfcgtvUtiyiaaNx6Zx}6PLLK;2e}bcM`LE`$
z8KmWl+5{2K>B51btB+0&fIS1aD1uLY*N=ASf{%V^2_$B#|9to+f7>sUeSaHrf7rtE
z8K4uPMMaU}-K7`sL}o?K%XMTjLpv^beJ$keQ`V7TKSs%FrByi58-wN9!xC48+1~l@
zA)op$3=Y0M#d~`Zs_<hT2p+o=R6yJ2{dke%62Bcy?sX1|?_t<rKiqyH5tE=H#Fh4r
z`L74>1nynq!u!Huf;X(s8So}zg3e|4H4jlc;p!eriD`g=7czw0R!=D0E_4<a)`p{t
zlwxP2mF+4u`?T4p<S9EOLL}KZDh!3v3NZ1I2ZK>=-|K`}MoNrkPOwN{vj>kWw*QXP
z9eh9>_HioVViP_+Sp&mK3Kz}q8xRlgxSwDv$$F7pvb0PL`HFGIVO(ppk5gdF6%Ra)
zy19K0q6S>=UMa6k+qkqEx@=)_P7Lw^O-T+{H8bs)!oLnsvu<*-bw+c23={b-t|b|P
zQh5fe`WjyJYqC2LM?uZR3^%F&9x6mnCjjWpzwcPBRMzIwAqq;%AQGUh3Ur+RVRuer
zjJaOX0xpGx)<+2KZ7&<%eZQh7yu^K2?3C`;0T4|eGxSwn(o2&MVs$2MX}fU0Df+;e
zF?1i7z2e_L!#A{XH^KXO%{{qNgP<*d<~fUM7wHoVNNAyFr@4Utpv*-}<HHBhu+^nu
z{XM>_iZ;HpHRaQ1cWUQ79SvCQe$@I1W(6_45w)#<an~HvrS2$_^~|fDK_w*kzz-`D
z?`b#sZ~IP>fyNex%4j(-bter4(XbLP!K2>g(ZX-azq|)RUU)vNi)qUMh`DNGVj$=6
zu<${zo$Bxi=c1t;3YQ8L&7qBoLhy@IvG%sZg6-=niy&pL2Y<1r!4IJ4{QfCq&sKQK
z|HA(Cs{e!NXpkir>$O^WJgx_Qh>drv{j2$Ot|(>9O}~~ej5*&KU_GvoX8&T3iy#I<
z>iA6s_APd$1$`s>XB(gqb+EB#{LcGlLE#}kk4z;+m9>?yh`uwge0{tNZo$uNb-cP<
z`Bt=(<nNmwQ79hKpjpCDe;8ylT=-c-v;&ZcX!@~xg-;1U-rmyVcZ82)uLXHf%XD-|
zPsG);*1H!wvp^LWJfGm=ht7yu0B%7WGA)BGL1NCU>m*GknkGLV<jh76w9aYkf&yKr
zl-c$JQhuLe4o3{O7<VL!PMcg+rz^poue@*tsvtk|7Ix%z<Y@xZ`oB}=NH-MY?zWYw
z5a))B-_2AS=q4NBaTscIsl|_`gy{|Be|gW0V6;1`V{`&pyAc_^8w3pK2m5{B22fsY
z{^Si}y9yruwaz8r!cx(nuYiK(OT2x(*eSNb0^Md<B<BvMkki0o-NtSh?DdLCOK%EB
zplx)|soX_&6fTWJjqzBW@h4ek>WEz*FA@~ZD9mP?ELjc8RS4=gGRBY8OW(H1DWoV^
zGuhiyu4gOU@%k6V^<#pgsAF?nq+@^m$*1=%t!~P<w(9!ihuTb?8fjE7zM61ieZ;qG
z`<l#@hQ22(Rvav%*%7wleja>$%wMK?jKlhTL{^<n)vIV?L~*RL1?o2`hq>6<KODr+
zP*HMlG4m3|2rDUjy`v)9(<lFKIYhE8E5}|`9%rJU%BOue*CP~S0R|7Ve+h5*R+Cxf
zsC>7@>`TVn%-rGWDmGG3PNpq_rX??98{OXXe}$S|)wb;5u%}!Y9BUu(8)Xs})h;wk
zH2-jbSRqFS$x+@9hH|DVe!maYiypoGAqvImyX?VzKn@K@HD8D-baN>PrOsV_Qs0{x
zAn3}qyJTrI)XE1&%Bs*<@*k2h5%S2eR54Q|t(h$*$^!6jjffBwd?9Y;8isG3Hu17m
zL0*#G)K&$}nz_pT7ygv#efHvLWSiIQ3@2XR$)H?cAQ0#)b{gV^kFSc0HX^Jrq+1T{
zYir5!+O!!ty?RSC{Y>|$aOkEbwe(A!zySR76Fg(+a8XJlZYgguP^R5_%1>asC%<rl
zZ}=S-1xNrV#atz!ou1=`hX|Xi|Bc1U;n)sNG^={VE&13k_uzOEsjF(nP1tEzj1I@+
zSL9BWOA92mm5Cp|&bx(h=1|=e!3XSWGV5dlv|qX43*)`*VSc-S^)*9PEuM>cU>~)k
z$IR}+YX;f8X}B?>VKT5RG=*{-8Usc(D17OAUx4xo`p+1-M|CtQTA~KGzb@pV4Hk3#
zdEU9gxXBDej>#Qg9JGLlV1^lJu=r*~SJUuTs&SY;bd_S_Q;XL!1r!T45My8<H;cE1
zu$8g38A6`1Tx9IqHa6p3yI`|*>R<&C>E$u8M#y86NA{Cl(H(<052uao&Xaz9LqE!k
zPP6*eu<=FfBfWutE{F9^XGES-91dfCu30HF>A}@}sgP<!EK-k7BU2sf8KA>Nbf{rT
zRFhGG9K6t5cjFL?ze4vv{#?`YNr)-QC7YOqqA2dep{D%$ft^v;$m}?+oqljp!;WQh
zD(g+3;@wLRMdhK5$X?$D-n84ib17!2$4vDvKGkDRjjqACroRCkf`1JXCj9#n@UG=I
zjWW$VhW^6PY|LUzY5Q*s{kLCzl;E$w{{4R9=9ldcsr;CK&D5k6doJnU*k{8(-OLaD
zy8qzXb*HsfP~3EN;d&9qKNc+A3A-dyVA+TZt@RQy@#;*;fpzpWz2&(iD=_FC=&-G#
z3y(}8=y5#p3Ket<`CVU~G1uSdXO&SdF(Qp}a<AAXq+8>z?=|GAFARKC{p>>5>qs>O
z0(H3i#)cfKAL-a~_KKNR&t^acrDq#{tuFVgf3I1RR_mQ>GY9u#93#G#3Hg@ekE|QW
zhAz(R0}sysrD^{>{L78>alvjb%`;k$-Pz5u_|DTFT=dCQw}cquZVyh+22V}zQnzJ(
zc)&xqM>|So%LoRAp!Wlzs^j&p^;^J=l`XWbU;0o~lKM~}CSGZ1ap<DLQ&z4Gp<CJ)
zJm6ka6>fKv%IpP8=&aXtXY0)NcF*tw1PoqQ`*Lf5+!V=&&_V;yh^;Yy?l`aN9mDZs
zC%HhcnCwmK+X1<{0?4X80Ryx_#;CB~)N3xdr4n_pH4y%~CQwslam{JPb!{zK1a`$#
z1hIN5L>+>%emyq5WFSRt))uf;ycy_qFGPLewPuqs9XOGcQrPn*UfF3PWz1mGDcPdR
zl-Fx9&Aw@NhMrF7e1`hcxc;>*jdZoGUNc<pPCqywC?O85V+l0k1~<zJ18AhX{8suY
z`(^Ul+zOU0n$C}#)m&&hoQbYx6`Iii^#+0x?0%nHtlGWdwj$D;)KZ__#yxX~(VP&v
zZ#NHNtk6cMys)*p7tL}v*E%oh({QW1y79V<oBepnR&Alg8w1!84B#&>*>hRXmrtiq
zfdvguS^Ct?T5$*Vnjeds!o4iF`VFsd{Cb<V%$CT^UOOQtcNDBAcdYGm1HlH)PV$D;
zchl#eiDsqSRbh}<b>*J18V+u!(3avV=iGXQ;Ku~|2X{9pw|6q5+a?a3Gt{9b>|p{w
z6YZo<I6+6ZKPPP-izbcrmLK<YSiF)DkXqBsge@};%w98!Cx*E4=dc>-8IG<rrF;|4
z4wLU`THW#AKF-cBvIZAzvs8$GliA2$Y@lHx%k<b_%StA%L##U6m8IY;qvwF~I)Mp5
z)70(*$Q}9~a+X=-ZZLV?c>{5)&o$~*+=_nhHyJUytpjH}K+Y`^89k~WGVg<J)opgX
zXBWRHe!6_-wBFpTa_W~w%lE9**6`X!qZ??NMXo7Z{xk_9q&JZPq^DKVBc1LWFqi3N
zG_Bf)GCKdf@bF=Ix`aA3_ZPW$Yp^<b912X^=C~*Z8;(28&9B-d%%VK29@9PkYNNyP
z+%q}1DK0Rm=_|C?W(nu@$lHgOdS80(&rQs?j5X9}<w=P&bqDaU{H^-RUo?wsiBi=C
z+*2pA2d*@f{lR$x_O39OaMA&0hlVX_6=|P&twSMFALyo34Yqn<z1r%H`C@&VZi?X<
zc*EwYxcqZswu6hO;o{>BP5G+Qo?a=aI{A9OtvE#~-^!d7bxYWXSB+7}Zm_VQg@{;Z
zlnL7vO4^d!G9yLWi48coV<z1=Hg#UTFn#RXVnCAYR_#y6!ZTHF&rPlWm`IIQA?Lav
zpH#K4t&*Sm!!nI&A=xUh1{yqk=0+JczWais;l0<nS64&S^e0LfvwZW(by8H1lgxBJ
zu);fh@I!lc0?@F5A)r#imZ2}?2TkSXruv*%mfQ)lV9m>k<VD+Rm$N**Kcu+}awISO
zk-HmxC=jk~a4xg^R|m{Wgojauz~h*oh4<A0{R`At;fK*7hpe7_bbhdDT{A+)n)Jf1
zE`Kd;)nV?)G}RQi7~;jL|FgLvy$KjnR=Z{|OEVp=W+i;)eKelCwrBLF-I_Q2Rzh>L
zv_15qY!xcfwQvrbs=q$uRWmHpL@4#u+6JClXD4XRa8AC1g;peWzhW?qacl6=d7E0z
zsl<z$EQ2L{dC~u+T9N7UAtdF{j?A}VI?TPg6q-vV8jLkYLe1BlqK6xKAzwXii3*zH
z-TmtW|M^GZ4u4=}hH@n~sWmI<T4Kmv#iu|)#T?{A|5rNc4T0I#dh<@%*%hnRZ(VTd
z=2;YZ7<ZD}s;%x0^XZI*o|%Os*W?B-(q0jM-&@!5PWtoV8#0}QMZA^sXNvx$cs8pi
zPWS>~B+T)#wRLBB#4sq`t^rhqv+_gLP8H!#hMreKDIJBiuL#z7<3rzdTW^2#8kv=3
z>OjB|qzhLwRkE`ru?&*>P1Y9b!fx{~O-?H;<?C(WX9r)7d7YinPNso#!A;Q?%9olw
z%8N+2w4S{Xv)SubH5n6AE1oNE$X4vDN|jPI7BlUdEO8yNa<J!*ffKXHLaBwDQ1UB9
z_&20=H@3fo+gQJKgYfdqz-f)qii>yA)@apqV|h;&5{4@7ZK*6q=I0mv)aLQ`roRtw
zX5h+D=g81zPp^KLp*!8wm{5Na0tHW0uISVwbBe2$1n9*MZBD1*=C6}#czsMnjB~+p
zoZI0jXoqgSr6A=@lk1(+3fR-hzaM5s-jokV!ZCoIwyII8iyHM6f>*}TrtZ1C7Lb;n
z_YidVPi>jNL(;JtfB)b))Hx~xN`^wA(0>E9jy#r^$tqS%h4*N(PM=n3JT2cQi(<Cc
z&xoapuj+zS?I?!!qw@1vL;~~Q?T%lcH;;K0&OxCvJQSW8x?Ilur^x$I%y)R*JN@Y6
z+krxy<2g`{INLjAE3ucs%Y~+0ogd6Nm3b0>_)`=zc^`l2Ny51J9k4dmJa~8XD=S*7
zpn-4s<f`gD^r`2+Le*_B6CPsb?R733j!_ZbuDP&xGYmWTpO!k^>gpxv<132hopy&p
zp>Ew(_nJ3Q!BAjv-@x?Y6OlR3f_n5uvBiYp32TRY<oKHYaNxOCd$D)P#Ve$PjfJG2
z_#BJ#)KcUV2W5H&zJgBraatCSLH$)zFK0#gaeDt<L6gRNLA-@g={aOtV$)#rN`j?^
zob{ZGQ1(l^Kw#~wX>vtcq3sJ1=!%OO*foIzr<rFoywJr(GZilA1i8%T&!D-kFn{?J
zwY@bf>E|afa#CX#ALzE`d9Qzrc}iD+^oDL<J*Qj@4`1Zdm?B*j?E&Y8{Q7O_*^T^r
znS3}^ygPdz3Jt$#f`xqGLU;79o|-B+%$9j=Mz!C{^CZlk=Gn}Oy=LidybOjAqN{K5
z9LRo~_Po$>N`&2uI#~yp)mTy=SPPsXQJJ9{I|dbA3r4KdC)ugp7u5^mZA_mb))%a3
z-e7WhsHe!BKgNuqCFW(;*(XDZ3F>OgnFaS-WEv)^l(TJj*wke_&*~PnEYRmMiVraE
zy0qlXimC}{t#sN6*!0CQG9PN<Edhl0yh7Axz_>?6<&d1gZ{e?RPYT9XF=rgXD+2}X
z7yjNQpr9W5&$?E`E1m6zzU^9wQmt8pHui5jUlx9<X9mUPc=S7Y4!iSak~AiQoHtzN
zo70&RQs>*Kah7ynQ`Urs-b^N_??!OC;^(uQ5Rvq(Yp3m_v%^LI5x+C*Ym!mZ0+J`h
zOA*nd*nLShC$@SV_a(3c80k+QDb&i@9{=UP02MA9*AH(_O!`>apEd9|4&9kRXalKO
zO~B@ciF4t=o@Vp~yfRH;bqj$gbkMv{H+ZhLXRF{)8(@9!Rh2YCN23l~22!oT_xj!>
zf6`K*8Z}~N!sSKbQB6PHZE{O7VZ0WPz4^vN6PDgNzS0>zX59s)@E4@jB>R9)0)tyB
zQ{R>Iov_M0ao$HDiZMf4yPFl~YX_|4^Y*?~QXmQn_0za{{VgPD(L52^`O~ufg|+oM
z#=#B3JiNu(9-*bTRh6ViEjg+Xn;V#-(`*4$l~(^My+nQGFdHmfqCj&@C4c@Ykd-C7
zDFJ<s0MZ(2^n6$|`c^G+<8|uxG*rZydj-`Y(QI6_{jG4tpd0ChMnfEq*9>3vtz>v^
z9|l&zjSD+pqZFqP*&*-riz>pgO*?odFFHEjLr(Jx1e;$Je}Wa5hUR0Yn0{a`X2?84
zA9G9Z-$Mg$9nk2^R~go*tqi@hIXK))dMh0YnaMEDgnZ2gLcP0<3m&RW_R;9u`+)jp
zl#ATZ*i*MNyl~>JJV<SmV%nOu->KYI@Kir`rBGsd?z4gYm+@=4@HtG3*d{%4RWWKR
z?QOr|wyw`j{USBi9dIsW_6(HD_hZ&XC;NLLZfrRg)&MGN`BytHNIqAc5tF^vlHj}Q
zF@1Xy=hr6KwC6xf5|uSVOmt2watXTS4G*`tFZAp|A=`D3aMU(t^7EFEfN554o*~Y@
zBzBsJ)n2dWI&3vXHujUqKnfG;XT{)9zK5y-e`z##zIEzLuk&rFjDfZUq42jYc)wh{
zmD_jY{M6NWMT-ZBHrH%bGkUstC~w<l6rzVplK!d8IZ+sM6zV?s<7aLo7rDu;F<cG^
zZ%+9#olS{qzWh2B!kBg}dXk;(%5&`I8MVpd{xYL{h1b;#cFLd(gMkh0GCFE`d}ifP
za|R>r&vC2~+N?}jzXKGBoD`4v;guc*%2x+*7Ls1Cd5RgAk|}ySR1_>xmV!|nz<|`o
zk`aQ=KE74O3(7~Bn5Lnlc_nVNbAt}rxcnYeNlmTdDeevCq{0LS$=*!8jlr`Trb3^!
z@S{!*e<`B2S0|j@=~QCN1%zfWUpzL(t#A2bF9k2bwM8XW^P|vNvNBPreL_cA?_DLy
zyF*jBMdl3e%FAgDu9*f@-?1)OhY4x8<R)B~r?uedo6QYQ5%QC}=pI2k$`s(U0okPG
z^f3u>dA0<63Ys&EI4vT-CJRvq#VdzY^o-kwvQ!YSAHzQl!n@CEA`z6<erK(r>vET?
zZx0Hd;YLufz6rhn;4*AbEtp^Dg&s$Qf`a&Ro|n=OaGG;a`G=2ZqP!@X28AQ+uzd-`
zo~ag(%<R5@{D!v}RB()(o!Vf#KHsR@l+p?&OUp6Hj$zKT!~5}+(QP<Y^a+RFkHi9{
zCi$@gLXY;w#|pzOBvLI3y_vGK-7aD0KYV9sR-@yEFXi8={HpBnb7oH{Ep74m<fD?t
zd>wy5e&0bP;nhxv#UH(F8-XviwebvRb5ufg;s%f&lb(1mY;)^RsLJ<*&HJ4rxaexl
zyXd3n8^wa-8F^lj!mpw+Ha2OS%peqa`bHW%;5{rI0K|9pI$QQ9$%B!zu?NPc$xVE?
zkcP9+#EAihT~sR<9M>mz2e(+kDLdgK!|Xh(q7D>a8GQFrPd)zy5i&o!el|BS&btiF
z_KtIDe^}$~x+;K^BES`LA>9U!s@oy$`X@E|EO!9gnv9>}QumRky;kEAXVHooY|0j~
zoL27ffu-9?a4X47)khNEZnq=zb~S6sO4&ciWqNzS1+%w<@XQ%zDKZX|dBpkb#!^-P
z@P%z)(arP>6#RnA1Clb-Yq@!}*VtD#(y&p!fb2W15qxQkQZvJStu_f7)IHyX_f;})
z*ZZM!c1%2qo*nd*Bo7Tg;Ae`FhlMlNn}=&u+a_<IY-W9&a-EA=iO(z_IiQdQDo2M#
z#MKIhu?71FKWmsoi1o{8Afc4gK$xFtt8(U&HXS_e@`S0q8tp=!bJHi|nPyJdTJPAk
z`O>a$0pM789wi`^_(@bNFuGQR6}j1WK`7CK_s*vrTEg8a6Heyi2uZ5HEDzfDI>zsp
zlMBwOn0XbK{mMHy9hwLXU&dyr!1tF3CME3IYIXKsvD9r4bn=Ye9e%Uhk9uWty*(%X
z`-yepG;b?fe3sS1A6mYGIDVF&$;dD_HmWsGDVoU42Xa(jUb2~vxDm?V2X9^rDrUYl
zZvsl7)-bVLCWN6{of3&BGiRJ&Lx2Ad=ZAplK@Y>}V>x~MebCmk#=tN8QO^n_;!#ag
z_8C#`)N?h8C8=L?(*#A4=j&sMi?1I?mMqnH@)W>5bFTBorV~F5-^LIfxuLeFVGGWB
zkDF0*jZD^NaV&W^0q4FtRgdJq8}$!H+`Rc#gSGKyVlT~!!tqXt_iZ-L3e@exP92-b
zy(hmFJbJ%;M2#qz7FqhBp*4{$e{Q`n9-92x{&=SDkWl?tI!FWb`GU`Gt=(OB@J9Ba
zp+N>BLBOBN%RsZw0I#Tbl{=BQEp7k)oJw9<wZrA@tL@lfYQ{bsvmIiSU=x(i=?=>?
z>>ym(qNUt7^~T}>6Pw$V(KcU%l1_AG1a4=0^8y0*JIwf=`=n~k|BNnsx4)?RqHkr+
zWdHM7VJ=Q-ppN)=$H&4qvLV|}KZmSc%$7y{x9}bmH<?h$iB}?>PwmU?kg#iWV59D^
zj%mIuxATm*y8Bq{O=RB+@U@8_Oz1$AY^b5elpsh*Sf$4>Br`iGq<U`n^{o6`pu?ek
zah1=sspKr-xNE^Tr+cg^<B+-_QFevZx+jW~7h?(orCtUieb(zvc>QLgT#dnpk6edv
z86}_MQYhnWfX@f0PGTL_K@k4=L|qxEa;i-K(%yO~&NMmZ5S3_W3f-^l*kLJ~ZL*dR
znC?Fj6(Ab*m2pC>m<Hx*WZ%8JyF2$=TQ(?l3OIwHLv9yw-{LMk)#K^c4JH9bcly`#
zu7!6NDf$v0Id0I*mqcdxEru5rFam7|8-J$1NH{ykiTR=lOrlbo0-5v(bU{a)zPPY{
z&XCDdA)vnqyb!v4LmL#m&8Qin^oYSPI97>xSH{&zQKL^LJYPZEYovsg`ko{B6KM)u
zRU%g<xL2*iDJ8MU`HVM*`t8Zlz@`824oe|^yv5V$1l7o7gmLiiJOA_B%H+YD7Y~I_
z4_&a@LTxm(XBjUfa$&DQtZpNTFp3!qmtq+6Q=*K1OMX^B5RB7!54nI87!h^gIP`ap
zN5(RDAWm!o>Q-@M%Oag@9n&8h`z$q0U#=lr1Yny(aa9TC6|u)*vK-rYeslwD>ThDd
z;Uw!gOG|Xfw?ZO^j6`!g9=(_d(yvZgW3~(~H_pS46t}Mk<{oS_NF^QrDNyETS-csy
zT?6Agt3$^T${a~TpQ45*_P=daJZV4;JcC4xlj0wOd@2fPzmOlnqU&+;wX@v<A0Ucu
zcg44_qQzq$kh$o_Bf5^+G#2l`r}~YAyUO>#kHU1Ey#Wern{o%A8c*l7gUGQLQz}PF
z?x#ZZ=e5EqJ}9t;xSraL)!H!%@d+FzyI(pIJhGaqz8CEvZyxmT6YNLk2aUVVySrW4
zx|Q=EZ+_4@AFF8F4GQ+W6YSp!U>(5zB^Jh#+Dg_J|LXI5iajad=&zc_8|ft>zZCB;
z_kP`qZ@!6rZ$+v;+v$+RDbjTQu9v@DV}@cTU;=&?Bq&abZVgOdAj?gjWtOD;_Qckp
z{ORaVtPa$4r`=-MgVOS0^h`!X|NMbLRy<oewk>eZbpxhPFP10=l)$dwP{H~9{`uSI
zfFHO5gNU14gda;JmIqFtfD}6N<vZ7>6*Z|1>y0)}1N)IFXBbDm#SOEkSn4?D7D7h@
zr*Yw#x<1<tDjy`4{4GzVw;{1gc%}6%04A&=l<PB4(=l!nPyb#e_Sl-;Qec>W^u{Mw
z>v<U<)%S%1VH}O1ryCa@Q7;hoc()JTrMUn;$2OiKG|1UCE>_nWYmXIcd1K3$zX?39
zUf9Ak>%h}hJ|Sq_2S13`q^oX%nw@<jj+(G9k-X6QhFW2JnhQGMP)O&wQzEEk4c~)m
z(^C#E%V*Z;p#4&TyUvUiM%n|qoJ~O$rfD4PU(xowzU__{Y{sM|{EX;6lb(^`fx>T>
zdjkvN#C&aOL?6hHo;a~?C^{Bvg|LzhMbJs$afPeAa(oi-1-{bG=2gYZqc;&p?-bdB
z@xES@i~p{faxVTWOXTS#Ar-G8LzZM3A-ghh^EB+-F-U&8l~G_evRHxGqmf@$IP~O6
z+(?8bVEFNmbe|LhQHO^Z`l-Pe2y}e((6*{gWwe@DNBH(o91JS*h<@<hXLkB|$K)En
z)+_G2u-FO9-qz!*lJegTYfF=;pl5{UC$LKjd}8HhbCWnPo~h95?xPI{Q$qVmx7xrG
zLMxIqhyvUr$Pz2jF7ye15%H2ujmFJr$sPy3cb{S)x^PSp8l%glL&xPJZ=ATko0(Z-
z{e4?i#v8OmFJ`x$f?Io1hmr}NUEWMSTLx_5D}B{_tz<w81+4{tEo`=0@h@OU9O$%x
z<HcaQt?DqR#+sR-66}#@b|JrT@VQe<1&679=kvyi^E;GK2rNVO^7X=G%KFO^Dm_+6
zQ(*Wxh3^Y`Hjq=IuBm|ZBlrA%vK*}<(XbuKfPv(Vj>p3%0cv_!I?tq;M=W-O6vskv
z&E9U~5R58g^L78_9g?x1)h6OAt0F{;LvyMwDgNv2_ruTw8lzmOCoU;kbxkd{(6u)Y
z4|o)gbGM6mOyac^Eg}A+niZ>wwE$|oh2_b9V#rJnaGEW?K@&ia(!VW1yMHc9NU$>t
z66}lDvYJw14?d;lr^Xs3=Ik=TbJh9qqi0=<5#RU<r>K<vQ-}=aDm8YuPvk*v(mFq%
zFNO{t_AX$K)zSDy!KX1y3M@&0Gk4;n%InE^Y<bR0Mxx|~@c{&yb%$TuOQqT$7Vp!)
z>mg|3-1q>XO^}pcO~0XMogDOUWtlIdazAdL#b4Pz+hV=%o3jC<tRny>aik8{opT*l
z4w-B6_p5W@Xaf@wv7Nv=SaWB)uL#HZt$l??>3v*>c+@@$KIB*f6v;!)v4t+|cB99g
zNXG%J-d+t}NhkB1&eP;z>@Q013Z{9LaJ)%)9A_Bx;JA;l4k7o3V(5KR0(XdUNL(e{
zbFmv~ml_24Aei8Dxk`}Ey7)DaUR{0J-OP)uu)AzRtr+t<-HyfxZ+rGd4&ENgV?GV2
z_SF?9+E2c2S}nS0KTuzn>saq@(gxyVivwWX%m2hz>p#iF6JH?b5U@_*Z{9P!LebEa
zi#y|LqhyZT48pVKR4z>-)Vckk9o<f-+$uUk8@m0t=&;(5el$@OOWa!Y5qVsfyI(ba
zG-OLb46C>jS<~_Lp+$K4g_>ncF0mLv@N%^8ZiqE^0D1vNT*l@B4<pFDY!fdsKbdZC
zMMkxXVQHpz{tl<krj!YMkF__|H(NEH@;>AVf2k`j*(g=DAWaS>f$NKW>$zV%hI?~&
zxNkpN4g@C(*Uxsac{41qTHtWc(+<<XV!yA0E|Paz?YM(-!Y%pVfeW~Y)7fuN`v)w$
zLu^c80M=g<^m1(Gv<)D{AiX!+Wh0|(`~D-=;Q;c|>X=VGb?dL5sdlomvR?NIRo6IG
z)X9*95*FMPU7&)*xCCu+PgM8>+nB<)M9PF6P>vGhTaVCRNV^vbVE_b8>B`dQzPrNB
zCvK8Zr8lX8)aMRKLq|Ek*l&C9SMn-U4uGi|fXC-c(Y8#mU=cahL4XcYK6wt<0fi8V
z-}rk3cP`;4ThIz&9iI;j(5`#<u^?StNfF#sQXEK9fZ+2mr694;vck{)_+PnYTI$?}
z+@6G{Ri33-@dIS=PJrfXqfK`T$V0qU>vcC}EY>@k2KQi+y_C1BK=_a`359Rn1rzT;
zxryUBL9(Rw%5kq%nvt+@k2=1QrYf8;I*-OomMlm$5+YpSJY;Nt#nsbbmIRxw@tk6F
zO;Y*+uOX%|MLOK;-gD(dM!84%OFf}C(=zf*LGd}0+Ujtw3_K&9X5MxWUR4+;9aR7H
z{0Y3r4P^plq-V&hUH9I^YL#+dz;UM5cCBM$F%6qYjd}tFuzirloU%=NsUAuHd~XBy
zd5P=eZcYqq&72I!_~D`jAh0z0R*w~}%Pb(I^n?<XMe9>c<Ah{oLWB6>hfC*V{UEO|
z3=s}iM6NCP(;n^G{==AflSHdanQS-^0{sk2>7!EIYR;G#B`q;AQvSjg=$Cq<o>c$u
z40((m)q}*YZ!SnKNPy7r)2^gJo>iOfJwvRae*DqtYo%ZpHNt0$GR=Kt!9?deZWPbK
z)AW&_Bc!@zGZUPD60JZ3q<T}lwi{Qo6DcU{Bmwso&005cHBszAET984en}iyCG84r
zBf2q~mAphky8q@>eq(WYx=N$$odSZzx>V^ZPKMvaIZHXh1wzi$Nm{>~Wf0ATH$|jR
zD2DCGJj~w<7>dcsylf;C>@;viFIwoxc;HbtlPCIYItlC}+DQkyo5{M#6U2mBBWuKb
zeC1a#L2h}LJsrjDHF5~79av->Yb@yT!|y)kKFJfro8oy{bRvNiz`6uL5z(J<`vEQk
zOkJ{<_V-(Z_P<{V7_rs4(i4QQeb9?z?>BT0wA>NI!fr222Cwr`#S`7A^KjFPJvI(X
z_i)Blx++o5QcY7Bl#+Ahw=|>2T4r|WyjX_Z@3{Bccn(d%R=X}mzw|*mhAQD!wxZTM
zlBV83&mj9x@>CxLUNl}Oz^2k4$7L%QDBAhK12dZp0Vl3@Su?@;7}u8Tvi$jj(jaDy
zme6ekgVCJ-wVLSDhKn@Te}$J5^=9&Pgwn-0r+dD$YI}Og5LH?#xb`HvyU<WQ`2!9D
zK-Kw}`6{N>k`@z^nc>QzG}AskLfC}--ax8%4L$-`$djasl5eRhDv@Fm5@N^JfVY3e
z0pRv$lnUuk<F-57(HDG=F>sN<C;j0~$Ds591Q0JM9{M$5{^~Wi^DVu^quk^hX(KHJ
zJ^h<7xy;M0Z>lTYF|MM(7R(1Tt|JGDLZRz2N+GN*gzV-PMM1^8-M;{LqkNL3+8hh6
zW07O;^~Pn~V{odh9qH>Y<n~S7ag<6$*9nBAo0OhFk_+R%G5EH6Mgq)Mnh1ItdY5>*
z&-@!-cSQ@!Z1iSZ_V>8ii4UQ)$!LXq;I5#B@EQ?ovc(6PR-X!RD4$+HqFbzbzTHQ0
zL*j__7l9@hl;_ZXRbeBKRnpxC#u#M)4#ux+i8@ZxaTSU^X=v4Ei_Yg=jFz>2<Olk}
zN7<5{1k0~W$HXjUEpBj-S+dCv%215^dSje%Bjh)FdSj+f;Lbr-9EXg{G5UPx#3^Q+
z$#3(vGFt~eVS7m>>H_%QkscY^(plbtB(gUaH<}@CBC2WX*cTl&&UZlz{t%Y!b!<_{
zmBH337rZR(Gefk{-TCzo{73qsOEq>=l)^&7)mk`}sn(Owh1!zSFWzn}%b8^|=|iy?
zAFim*7(HJm$U+AXd@9Y!a9-kR#(?Z5Y0S8@OaCE5Rw!|OKd0SRi_#!YxO|n~%BiU)
zJUuwxtP#jClq!BNJOztx%SZX)RY?XE-^cZzPxS^fjb4JC13QZL*QC!tPk!S9IN0df
zBc*k^GwP=;R&_e7nliH54b6ocb1EwvUIVmLC=4*K=~!F`D18fG{2J^c61Ry5vws2z
z3dY)&hkP?_fR&t^<-0W=cE4n%Yl&Mn+wDg$eSR7t_Ka>1u~he%+Z1xFDuLrRm=UW4
zAk$_PsaWp{K~5W5i7Q2X4|>Z!s<qX0;$-6mx%cG4d@D%GMgmm+eDpd|#k)`@Y--J`
zEpJh!j`&A#`_$&%Qu}((86`-ge?+0aqspDk-n=?06m?xSxcy{Qf3XO;R;ngEhB%|F
zp)UNsa6jB)Ho<OLPE|wV-lqyxt1s7Y5OJ<N%HuZg7_=&&@9NO8D%2HR6RDPb)N=s2
zFk*K0FRb%NFY6EMTiz`(iCdCUB%@Ag1)Q3q1rkY<nY5o6&(?UY1jeb~?sugN-}h_I
zK719W2<;xlf6V}!6ooGWtI57Kz>+4pxg)+OjL<pXm1Lw6W<nsr9QPVK@k+@wg6fU@
zs$8zUH$R)Sx#~>8jCDdWVgSHu$Jcc|E(*1v;bZ06y*fu_>Gi9|%d5c|g4eLf>=>Ux
zK^u|1IwYS$c@YO4`B*vxF1xj~MW91Nr11a^iEJhjb{;m1<CodWk$2X14V|+rnlH06
z=~9tgRuyr88q+XJ$|48qDO{eEoTKLCCSr^VhtAy6gbds4;_#tPTDNRKx-L(zb3MXG
zk3!I3Kimzt0hhl7b%Rv|j0}Pq^wDBXT%I(;BsuK>95(0HTUFvn&G;&8^{Ohu6mQ}S
zy#X2`Iq}yjMKOh83fnZis}w+UIs$UVnh9J4Zb2Kx!!BKk&*AxkBK2)iUK$G%r~E@`
zMTnNxI0XPpxn%Z~z%vl1EhCkwbwo!)2T?Bk%r#2ZdRs3XvXhFFAK{}*uN_PKl3f6g
ze(x12;(JCf$0CtT{y2S5MuHo~<QE#d#jW&_JgZE?<jD>}L-hE%9ts(7O8Dw)KiYuc
z&?!_>&pptDlsZtMk;6R2#z}VkESj2sSTnBw)McVELB{!P$k1n(nVIi6HnFWK=I5_E
z16I_;@y2c+LG8o;0){|&zt$!C2hCSPNIX$dx=<v#$O8xstw|ALfuRAxnCkH<BGLmh
z7t`%m$6M7Y(lZ9j<HdJZ-dquZt?RDtI77*&U@RcOh)Eb5cn;|7JafV3b9b_zGjK5R
zUtru6q5=9OIY7(Yj)FVvu9ePA)o*or-A)1=cJ5+!hkU*wY)O4IEkfu;{PZsDaAya+
z=h)sN4s-j$fw@ZC@khv5Z56Fh0e+?rhPCj?fdEImlwCy`0t5~BMR3++t{E$P^SEG8
zb>DL8QzckVTQ<a7FhK1ls{H-n2__?W9mb-9huaTr95N)__Cc}|=r9f!LDE$6S+loH
zUmrB+u9X`he|ArO!duss<yr#g(*^-+!PpLYk}l&{LzE2>wHAyVDVs<m02X$~<rsF^
z<J+<=ZEb<IMay;ULk3J98@N6OYrfFiR1oC*CnGfF<!JERaN*J0+4Q4S@?)WiE!xMW
zc5Bjx3>U2{0hQW7MX*3VW!VCN6hiR7F^82}lh@EYtQdCP``g`lhbtJ%UfyDb({Y2&
zl@7>2p+gy&;a$Uz9PGo}#E=4YuFTD>rq*M*?oT_$2WY!l>%naRCpY9N1Yf+j-J#T8
z$*StXn0sYAYr3wy!I|~DJA%&XZubUrh!{Q)g|Si#mQ!FzqwjmtvLb7{V#g4$+-Aom
zydIOIYj@iZ1;a-_d>{h=`KE*|2AMJ-#$bU7A8^UHZONlIY#;|^4#d)|swVM<P(9mp
znoct0uCb$VID;MUeco<e6~W=)6<)oL0%cv~xnYUxBf~RBqcA@&w|HM!ec9qO2fY~M
z)P=QVS@or&B4?JHbj^q|u_P?#9N@srA2n-|L;wl*)&Sc3)YZGY9hff9InI03KQ-;6
zy}q~8!*wC9Zp&epY#D>aIk4+{ZraG!vjCT-p%ZqTEuUOMDQUo9sT7+dGdy~D?D5=e
zcila{C#xHF!hGTmw)cl6sS7t(qri9_tk62k(qp`0JBkHJz%wpx#>;8|GcLvL-#Ddu
zX*<K-idSmu6}Jv%JECdEw2G>)QyP)uBih=m_Loi@cPniz$=gD=c5+J}sn>4x054UI
z(R^CHYdNqeYz5%zuwHmNz9Y5OLPfZ51J$hVo|)spE8?aF0oYRr8v^Z4Na7d)HSHDz
zQgYf>WRy{GaT*RnB2dA)o@qk>>v&#1A%|`@AosG7!Fwf99jH?h;gfT8hp&emE!*HA
z!T<xBxSM1QJwEW*Y9Du^b4Y7Fm>$;d(D3jFt8MQKiL0xQQ$ybH5#2l8>+fFbt@P*W
zGYMM9hsVINCEH2>W(axj(>UWIows1j?!Pr|66LU%M~8<H?=f2Jd6m0VCTzh-t=*fQ
z4__Q0pH<c36_uxs-E*P4wWl{`$S-S8bF*sdfwC}db-sFUw6T@M8A?@<YVTCr&|MfX
zzMRI70q+|xxSvYSx5H@L>Kc%$Kuzqcv8u0T0@fFiUg)9N6nG5}x1NFuO>=f59iq^H
z3}AFSx^3J6)vjy7nUaJ<<VbMFfEj+G0sxc4e6-CB=5<|oneH9{m_n92alILr-htg#
z%&aY<?a+V^1A$tE$12V&GAAeiP4<i)@<-ajGs3V@Q49>*<$dpIqlwW%jFloK0y_<a
zoMAHD00u=K$%}(>(8yaS43dV~Dukf@BKBNO)!>Q|b&yuaRZ^FA-Yk})yOiQvwL6p1
zSa9$$*J{8-S0kBVc<T0sG^mkl4kmG+J*`byYnB|lEV2OBgCl`VN7>ruo~pC$>&bg?
zyj%!%hHRaVy1YYgk9BP;;Hc>vxU-PL*9@m>n&)+PRRtb1-53$cFbw#I+V!VZG>pIm
zEjCeCXbpt3d`|;hHMz46Y3gsG<gMp#AF}h>a1ba6_zr`FF78%=j;_FhfUZ}3b<SwZ
zy?4wmdAtO$gd-9$BM4zuVE1#ov17Z3C1lHDoQx{jtT-&1;m6VEhj~u(&D|FBlWPHZ
zkjV;QCc_a(!GOStX|NH_C?4amk`d>ecC&MfxIE*}EU1CN*@gomaU>Qr6G%3(j4J{V
z10+!bkPx(DA;204A{Idr#Th`f+>IjeA|w!`lz{{!Ew?0zg9$=JND~aeP=XR9f?~uV
zZ8!rF84*%KF)$_~mOM!oh>5mYguH0R!9_G2A~_O(I1y+f;9<tw1~v%C3&$aH9C%y6
zK@gBZAvO*%7=@7~&zaLP*Mf299(5jfoI%AP_}$VV&P1F*u;Iqsh?av=DH;gC(h!!E
zOc+)c*n!Acj5UZA9LWQ1#R_gnm@So#1VU>NFvBEhNJ~+Z18|mtD+mn10ZKOv2>?SF
z8-?Ko6pC$!0a8X0Q8LtOB4RM%0kWeqC?o_%gph!MLNrSTM<GeZ)R346fr%jwV?d~z
zMo1Hp1PL*+n~k=ZLNr(jrzChG#L+~>BM_#`5Fr#H76eR2)FsR^79?p!88S$TO$Z7_
z!xCmPfGoyRFox1ikp>3hf)Ye&I1>%TW+<c}NJ?Tv%0!hTNdi<sf~0WCB$6o<l1U7W
z0HY14i6ye6i7?|nTOwY5@4GXuRGi-TZuhIz>h$w%w%y(O{XO2yT{|P}>(cpN?@8<T
z(Jy)9#k(GEJ@?bAvb@@R%@1Bi$GX(1b=e;+&TX2i<KQm&5Y^zhjuc0?%QJ^}Tf4a*
zP+^Q1AmJpEVBo_HFvg7<G-!L)yPR`s`JSmOYc6JSR5W#GJ;`~TPhWdRq=t^plp76)
zmoc2o(k`X~uGI=#Mmb%M^;%u5VW=nr4QFodE!^U>aSHCsDerf8cXw*MwcDz-80&iO
z?n#qYbKQ}?aklyE=^a-$RQ4`O4ISN)&2P4p$(waS=We~nuGYymy0dm?T6);psW?#w
z&q--j?mcul?cIecxl1kbI^c)4n|(I=Hu!gMbd9|3lec%fuI}%<q>`J&pI2iF=+=(O
zgBul<T{pPV%?$!A>y0k!8cyt;-Q6KE-)3Zu^BH$$yRptSHzZwEB+Kl~-tOJmB%6nb
ztiih%8g-`adj#NlAbSQ~Z)Wa^B!i}sW6altOv>859lc?ty5DwZWib-WTa~&R%g~6T
zo5_!)l1U>>kQ=5+ARjzzd!Co<?z<geggZs-d(*mR^OKKsZ!dN3Yw0I;>utW5QnHjr
zIyoAEbtT=;w|94UyJW|7tFv!*MM%nTDywyE)NnjiaqY(Pvo&z;S5KVn-55AChm9+@
z-9TUz{a%ARiN}4G@l@>Ioy6d~v3cFx-B#{nZtk^fyVrBN_a4e`Cf=5#RhGlhGA&lS
zPHm+6y0ypCce}GQGDiEeHnY>*U1kb;=4L*sw6{6;btT=KqD_4BGE2Uh8@gFLre<W@
zsY66KCM3m3_jh+&eI(g3^l)!=yWV{!$t06|ySux)ySux)x=OC>&DO(jr0(s|(%rq?
z-tO+{Gc&rkw`sc3H=b2gN)dZ9^Q}C}dfU64+uiKUv1*DtOm<MKnM#bemE6@>pr-Z{
zd^kL`w(kVW>hK4uhdtXN?INwdm9;Azs@Eu&)}C=WF87aj6Qa4A?GfF*>CNQa?C0IO
z;LOooa%ADmcT-Bm?q_c9?)2_m-QC>#yQGxcm)+gh)r-5jO_E7>cXCNLvpW4^?YP@=
zMcvyjdQVrUq}{nCPTkw>l_tLFRk?e+y?xCt?aj%FWrvZ~W^C@w-Hu-OW{a)4R@{#>
z2Ijr(VmwmwyC-yYn(MZzx~jVN)3ml?!JQsd3g+v%T(@y2D!4Jc)$~s@o;`F+wTRie
zmz_s#<=wR<RqB?HHZtB-w$$U>gu9}81T<*j!-E_k!GP<1uOzC$Iy*gEh+L(uT+S;k
zS=CC|b{XqES2+!%G~KoAp6@K4zfW(wm$vCQd0Z*=Uq{zO(I!(Xt8DFqqj_#@n%ix@
z?%k4B-QMo^cXwu8-*-vO)itV1&Pn!ZF7LN$wCa`FmY~;_>b=oa-&J<*^=dsOZ3=mH
zSUWSMk+Z<^n3BN5aE#3G8(cGAhG{Hw>)F`Q2CEn(7j-SWkXYa|b==r-*J+nlZ88Rs
z=!HRr-DLE35N5G0H9tWDL(%y>?+!EL2&YVb*L;_`!K%g(+?Q=?52ozTz41Nquzb5d
z#^=d|=#(A$PUIT~`mXrp<GQtaVDJL7Mc*Y`S9`aMHp4V%&}Gxh503O?G*m;;8of#0
zW+-hk21%`&<da$6m;f7{K+zZ(4=~5z0A#_}V@bm18PEU)9-PN8>wrllJbP1v>CAnv
z#%5*{y5ztCCVjoGVes@&b0cc#{=xLS=|uOYV9C_;gY{nTXNR{^?bz<0z2Ln2Z-v+-
zXSt9$i(9?|si&4Tj{)V5t?0?CN`OZs5rN<|hn<;t4`mx5K^4RAd){nX4)$$VmCyrN
zUe0)9sjBzh1aL;7uC6W2UI#$UJYj@S3bJoS=={BTExfHpz0{z<2i4O%&CQGq98bGF
z#|PLxt?&ccyD)fEas!lIm!}RI90Gg1Vf)%%XnH4LJfagzzeW<!ybG0tTtE*3uE9%l
zxC~q?n>L}DL4|u>-Fbrt32&|T<g7<wSG@$sGQHu=UH7i^R6Tv1`vBCs=HGD1W55bK
zmz5#O&o|FVM=tDm6xb)i!u-4^t_;eM)uEGsE%`09pK{N3R$<F1gE~NQ?U>?ySE8>X
z-)O7T*ekns#LKFgLc(J`2(H0{IgNnTw)m@Yx>qi)CzFl%4Ou{h{YD$W+a4aG-lJK|
z4#BnI?+QzJXI@Eytb5+W$pT)nzB>Wgp&c6XPj<b!GY5^zf}WiNxr00s`-0!E&|nz)
zyYl+q2bBu*kim`+t{^wMOdX@Tz}&1H51>AR4*~6g`PXY&u}Px>4KsGUCoJtcuZHhf
z0283#wcwC3d&5)nV|z!M3V;Cj14FcZ@ZSqoDVqsS;iNBbgNMcpy=N$N_H_)RhBM-K
zSh`kV`+d-Z$9PAW8&*aJVl{nsF?+B<t=m*;w;zido4<G};5M<I>>o9{o4Mv@5+xlw
zPK+5a;Ehf_(Zn9>hiZ9Uw_+O1-Ubr;yWeS7&ma^t-meA#AAH+Aqizfy_OU5hfu)z^
zO^X1sSRb{F0%heJ)fn)}r1!(`pTpU)!P+z`He2+;gX2NKVi%CX$vNJQC#y~l&FpJp
zXy#^Q=dABQ?a`Pu3zNe8fQ=Nqzys=mA6p^W7#K3OwGuEvHbLxU$+zzeo*WW));x(C
zvRXdy0}+f>Y|H}_Txo|eV9g(EB}4$Hg$-`dXWcV1JAKoL8H4BDFV*H?)S*6m8F6vJ
zB^bp&YWKPM;9KyZjOYVqZUw%2cn9H?M0ca+GM9njH=l+)Vyih;?b88BKx0^5=a+}0
zGc4uhU?Y$Lt782(vol2M9`bG5!qs>P24UlKrD0)<q3)XZ7o@Lx>c%{wdoRPlYuc9L
z+XTL=hTP2XfsD5u33N|@8QtYV!s<h^taoe~j=KQ|Gv}l{yU&8*GC`$cn7MB4G;AG7
zwC=%~n|N>4Zc@MiQMaO^2CR4ieAvmDYeYgv9P-^+wscO-(j6kV+9AW7zG__Mq6w?l
zHxBQfYSbp`wCh|YGl28=yf!*g31E8&P6a}4tDYKwWN^LAPRG8Pli}dUyq<b{gc9t#
ze(_h+1rpXA+OT=v&viIu`Czfl%Lz_PblD0BIAf;EOg%j8Qm<<n4d`1!qpsZ>B(>YP
z#==CtMh0`M8KUZ&4dPeJ+o9sCMq!~^GX1v47n$7HPY_*r=wEv_+}+@W^}fI<>#$2X
zVy)%f=OIbFk-z`~@IjJw$tw3mLFU>+m)kcDxjp4>q-<<=ex=syD5~o7#ktwFfIU$A
z3ppyFk8gc`^6VZX24~htAw*+WMt3i!Ry!#cYYfab(gVDyFvxD)Qw|Iny@=}8DW7;j
zu&2`i0QLJlJ=_C5xTx4W(Un>`OCXRuGKUpH(!$iTmPd{Z%~m){KOE3-Mb-wn)nvi8
zmThE*5Z_swcdJ~pj{OSMGrl_sBL-|i+WICE7zm$qK+=j-4Ar88DB8Ltj3eGh4+1<q
zy7#aO9O-q)!{hG>9{Q}#N0F-lL%r^mkciR2GB5}Z5PS$DrcMK^D2frhl#fuG?j8ch
zn~=G=qK;L}Gp`1_+N*N5^UQj28@+Z5J;KB>aqZn_GD<VkbBgR4j|f_68bS9~`;m3S
zC~%&uyWce{vRELojd0G|sA}y%>dK@59Ye3Zp4XRJWmxFCPNA>E!iip0Cif>>tYh>H
z3l-G{=+l5uTGtMi@}S8xRQ8I_ylPnqZouBotk7Q1Z?Dx%0M$b7rcQci-y`b4WrkpD
z$L|hQGz+uY1WH4<lrD+UH446thjhH6268KD!p!kP=bqkv&@(&U+AdTMY5Hi&^W*A0
z&n}-(@Zxvf%6Gg*A=Hq;PI^^g4P_qyI17{o4>CEpl|Igw);U3L@yg+BT+Qt80Adi%
zdOUJyTJOZ*<e4kp54u-~n@XzfQ470VrtpN`HMPgQJDs6k&h-U6kEfdfA(<W95vz_t
zMXi<6Z)OPx7z`zi+RSfhDWY9~f?g&coBEFX;4lj!#_0%rho4v)FpcTcJPb1WthB*&
zXqgvvyxi&UZC7nuG&AAAeG&nA_<A<i7RJ~)F&r2L_o_Y!^CK^FJUXUW15CN1#v0Ha
z4pv}qUhpnNX=XlJ8j`jGbqTmRyaJy_Mpt(>JQOv<o?GEpSk{(u&uxyWL&I-<!>ox=
z#Isemb=}x+guDWFI-(bc7kemAw$}x}WyusAdCIz?^DzB@5jdrTchgh7pba~{T=$N=
z!I|9f@Ijtk({HRBH|@|o0~y!4J1x&(Bh1|iFIQX`J>loFAb6UYcYx)OT<y-o#{50(
zY;}-3nBhY>`B2QQ9TXl0J6x^yPOVQj0csw%WMIqL2O;V{=;aR?L(6t_)#z_Fb^C^;
zO;|NrD09bo+1uOL_-z{H<gY9OfY3G%SjpjOX0&Wej^-GlbCyA(PjSBO&~H2e6P0et
zq(vH5LQXP8<K^51vsvq^k&xi-#y}^`cvd_)qUes<-JfPj?Q%WCFy?)wW@h{+sjji7
zU%Y&X=W?K*xk`t?{X2AAAYt(_7!l%=zQP8ye1><!Tf7?IUqc-LU@quBL(F`W^!G5A
zZt#!Z@E1;wAzeiH(BtMy#W+je&;y~4vGlfmZHxgmbD%)qygV;Ox^P>n$g6vC;S$IT
zmh7SBnPmyYdO>Ot#4*-519*K!0|WQH^nfw!w&%XwJnG|nt5P^Ms%zct>g`Xl%(b;d
zTMpIg_iLnS2%+5LI`=xPKMW%m4+44Kmx~7{X$V%juWx%gpui0d+et3E;yY~bb#9?z
z$A`VWo$THYcyOF9%7$g-I~aQr9YoD{Nj|z9mL1;Op~ENzFNWQX??dV)0c^9@0hsiB
zDaoGbNceny=r=BU1I^g5Jtvh-zYrtN6DB&kg%sQ!wUyv2!9Q`}Dm`F|zX3=~J6Z1Y
ze(XcWonDirJ43V#5sY^;JJa3)?zDlaeQMtVIB#Zik(%(R#nWDwRe58=gpezv#)j(L
z748Q>zThLBr&XJ1N+L`klYUq|q~7$|dM=K5um$y023mICXKLG2FM+pjL6Pz83d-rn
zddDwV$WX}j24<(i_mK1D^oOU|SPu5sa1-Hf`kN5uJ)PY(Y&yXrC+fl7DS|zlsPXa4
z-i&XkVFs;sx&a?E<DAoA2XHOGw`)PESZ#q-sg0vm6XG|xo>*?VU<6*bS}ffza->hY
z4F^V#Lrh%u8GT;xT4+4ksfpVF(l2|}Ql77P0CxLm<?-{VPYj?RE!FvlCpdY2dHz*F
z75}oRBER^mf-8!kivOfhR8#(Hpo-7}BEI}O6j$%Re`EaBYxw}(Z@iVdzSn!A#c&te
z>cHO!edq{Y?Z+(8m@fgO$kCl9uV9dx^FfwRI0mL2b|JOw+r7bRVBSy$M{dw8Dk0Fm
zcxQ}RJ>l;U1K#=3fyNlY5cu!;X!_C%^^^Ce{`!3&rZ2N4TD#drQUpF(PV;kPO(q7#
zhSz2fzQs({Q7h$7R=>7q$42Pa<HUOncmq}<Fn&LrA5MTmz@?uB4TsVEp2m|Dg=Guc
zA1<D?LEYt6CE@n-_&D>n9%85mdiuHg_f84*Tc%1G_4O>h<<cLlbcvncs}d!Hc(3YD
zFoHfg*>7JYR?hinV1oI09^WhaP4WAc6xNJ#_3%0frHzlO`|rMw?ypwZ`F&Oy?e4Pk
zEZtlAbYCfvZvEZ@gc*#FU&yZm-%Z$Utw%ETeA2OZ#A#dS+!o+UkcrbU{$es6Lh^H`
z=Q2QdF?KLPYV$Jwv@+2wplcoGb8<l-yhH0lSt%>~lBZ3<y_@s;POdiI4u|UI_D&jo
z@4I(*&qji6-P#*U<6&Q|ZQGgY`=)uU0ZPMD=-FBE%4ffFe)Wd+w~JmuLcFhTSKnXX
zV6}}0N9tQNs>FvH9W~OQUaxP;jp7da8wl$Akk*G3E(!DUS3}?3DfMGmPNh9FU`Odm
z-`X|W8EfZWT)HRm%G1TKpS{$anX1blL-O~n6M1SXy;r|g?>>@BUs*f6?Z)4B?(90W
z=ibr~S5^>>wM?F9JV48&2m>t$Gi*A4V9I|C`gcqF=f(?tgDp|7zSZ}~_w(}gKR*d~
zSJG2>LupDI!8^;zxH>zo>*rw&lrpMp<pdGQ4NE9cF-son&pdM5(bQix&F5HMeugMJ
zVLY^Hi!1h9gRkLc4=<I!d+t>c9uJ=69)WvHV49D4YewcX@qLoa!F_p`M{4(1Zq%Nl
zUl4<`MKGGg`-SUdJm#&&U2U!IgfM_G2t*h_?p=li6!hUveathRS_?irl)87`mfl^K
z^JsV-F0N$-gHU3H;5yVUl<<HP7K&M^O-ZyhlPP9FP}C>I0YqO72B9cQLSRU!DG~Hz
zvq)mGBS_Fzuhuo=+>*MBHoWYLGN)1|3O7}hn}b)pH>|Tao7?FE>}(neC=B;|m3KxM
zLK_+!A;~46eiilI-E)J0`S+nGjr4Re9&A3%0C^A(#|EeoVMt_zF(bK(B#;<C2%ue&
zRBsCi^uv_`Ia05W2+$fJNKQ<i24-P_m{|gs3Me7o7r?-K;dFIU7gcsNJv!lXCyi0C
z*uu?GBQ(e?GM<PZN6!b%h(o=8R}6F<B6>hTjy(kr(l|ip?WFf3!DUg$h@!XER?@ie
zjR(dnZ$7+R;C_5A`M>kl)$mXPnntE6HvQ|)?L8^Q()UZbp6yyr?bvwHGD79!r+hzp
z8TZR@mmbmKQ2WQ86fmz6y?An!x<0wXAwv|F`(8=4*YyrgUQR+p6_!2<^<<iIU(=lJ
z!@|~EC0p-Kl2=sq%pxIQSs76$yE5iu>Dzw?x)`C94C*ar&IHiC6@sqT?+>gp4G!6I
z@c^yn$+x3kDcG`}pI$1$a<HrJwsPIWd^5h*>vENiD%?`%-Iq1Dy}P^Ub!hvvYVFP4
z`ArFW<svS%CSfx<ZS0-t4{Bx6OuX5tnmK%duE`2W#u2iS2;hHw7l*e96yq%7anTVd
zY7Epu<MFGwKnGuAht)7yS=z{Af-D)K2n7JGV3LvYgl3S<i!p928gS{J5<o(U0(ap$
zZw(yreOQptwFLn}2164+d!7(-gO2()7>KtG=GuUQ2{PM4#YPAUk|<n?6M;M_T5(xZ
zs34wz^g3Ra5)B~;r^{~(ks%(inJ9LZTEg6SP&*qW6@bdLp-jd#E2%c@nQ_d`Zns%Q
zUsXXB{s1B?My>~63+J3V=Qup)KDL1<h$3PNB#a0^&N}Owt=|Is-ST6UZO92kflwP@
zh@xPTp`%ATy>;>rb<FkDWv9&rnA4QBlw}TMfZS3c5%_eVQsS!S^wDU8fe==={!g04
zQ%WrrY=RYaZyxWO)_yVk{NaYf*qTbIs4wMv^!_8Rv-;;<ooivpb-oC_5(1FpQB>C2
zL8=CVRRgH`)^?+YD5vxS$qIqLooE0PY=sJ`Fe(|d5l2L%N{Rb(7yz1NX%R2#&@F^e
zU0^-2QD~9sduXpjhz8!=5KRywJ>LWR3PORBM$$=RY9b%YR=)mydbYox-`nN%Nux-_
zAt|QclAgPbkWI&NJdpcZgQ>(0Qt}VDs)O%w3`{{5&>Pp^?I@4(NDAh8VdMlyL_tu{
zMNldVEwtUxbRWF?24UT6xL<k_!dBk9k%}~-$D{k`43P|lBQZfk`2<e``|5NbwhjqD
z599gD{daVAQBe_+Mn)2NAfCChjzix1R=;a=ht1yM@*j!w7VABqBZ2~*eIg=jK!NAt
z-S;rsXTYJ>O`u`C3Pu%lY4Hb**%M}py?aORLM((p83jH94!%8qFVp+=ukZ7GnIk~V
z%1}%qq9~xBR7>JF9=y9ae`XJ?x`V4eo`LgVYIto#AB2Q5fDnCULl7Wq&bLyFZ1ers
zoPZTgigizv0iSR-Z6oa#o1nze-)e7)>mN`>Q1|(TDM*zH1c@9GU7r`@=93J>%<%bB
zHANIn6;;r$Ve&k<Nz@d*upfQRoe*d__m)p6<e``Cbd}Xm=@FtKkaiFd1Rb;{0+s;8
z8m*$!X&5gU?U{E@?M%@~!43$Q>VKLKy&qxsXdO8J4F4b>P#jMD>*mjIs)C92AL@dr
zC`cm|Q{nHY!|}bp8G=e_rXrGVfIglH_RE-K{dxSE_n7>?{m)?f_nQeKi20m5+oz#e
zQbG;Ih((7kjEE4MLy|OP$O0jOE)c9T#Gwoz;WLGc88Rl4wIrGfOh$uAQcZZe+lhj1
zVb^q{F5D!?4K#xhxa*6YsK`m*!DIvAeX7Qc^XqAUXy|rIr0&_-d#hj7MNHIX5TjB0
zh=*N&eE!-A`}f75DT0U~qLNxbiY1?#-`d|T;`{16IHusf??T^aZK4p@?=Luk0wjut
z$blRf^Ou4++-C#`Y=lrmQleW#5u(UC1WgVSH)^`-?XHz2wxzf-V9I1tl1V9Op_WA@
z<ydtEM5@tL<f#@|bCx2ZnTmBHQW6B|qJOyiB<+CakDpscbBWKm`TW5_Le)`HM9NZA
zS*DnxhQDly$M3j5e-8Epe#2x@G(@ZsS(I3`7A#~!VUoOKWFRp}q#gASXrqw*0j#^f
zDf@n3zrF{+OgyT7M_&7H0oWv1j79?!2w*=5(TK!B1%n6)ghBKiFi4fe$SM~FU^1D)
zTcWO%(z*@RCeoVP>aMFstRz5Wl#pI`Sh{PwZW>lig+pDsYmzJih%^j=3HkEt*yuTk
zBWPZ|&zEa`YvjFq{^YGwGcXB32%`wCDYHhB#WASJL|4=S@L!)j$oo0846JQdk=v_X
zUzOr$8JNU|X&VA2HU~o^DG3P*2j=wq1{9*afsuTlqIn*@M6c7>{JQM<-<Qbv9w15t
ztOOuZg`)-&6fiJ3Qo0DzK$w95P^2U?2uvif1PmG=GDiu;VP+ISfFV^FAp~S0KwyZ;
zsZCV1T{U79l#KHj21u?!kd%mqN+L87Ohiyo5@r~ZO&m2x^2zt-(`&PX9_ZBm0=Q>9
z>rT%@`e-Sbs*)+BvRaK}WULyaBSR1|3auc_w2(>_^i&_-lbt+}&(vfjqV!a(WlO+@
z6dL#5JoFXw*N$ACc%#mvu-mcRgQyUUw=PgcDA3>qV}#UhK~@21A+uSo6M&h4REhx5
ztEJ(XY{H=gupAg9xE-dTXl&zH%NPhP3LZiYnXDu<G9wI<LX_3WLomA0d3ZEgGHXUA
zW{a0Z$TJ5P3S~nmxZE+_!L|+(DZ+``F*r{nd*FJ&G)IW2!jl1VS};QECQ4Zt<xe4v
z#2kktK#Ld$DvU82EJAU}@<=5|&bv+t<F1z2U5@j>?;LroV-2Z-Lrpi1u_C~X1OW38
zIIxhncP?KF(jL}u=aGsKW(#5k$^x_om`Fw%ts=5)<dQ2BfgwUd7flf~BM8tc460<y
zn5{U1(K$gta~74EN^4sp<bY6Ukp+e=^I$eHv$p>Dd;F<INJ%~(1GP#vOWyVSa0K($
zrE9igr*h_9-&wdlsF8%+@B=*cb7$ASgbtuh6)4b`y<_Hsec{!2rEQ%E^+u>`4pPSe
z7ruH2k=>o)?%Usg@ytY}!zf?NpTA~)E=K&vzQijaU>Vur&B%@!5io&tO8llxR7W^G
z)Ysow-71ICT?((B{MXf))tg6sj!W3|(`u-()^7YCgw<4CKfc)aXytB)9ZbidFS*Ax
zUiQ~-z&1Bdwvwf|zV>;)z1v1vUwxeRg`JsEYBWvGsL}PQ4*l-B>%{gy7K3_;CwQzI
z%yzw9y#^+Q3ALYPcKA`-`{XkEvli#og)FR;l>5Gy<+j%DwV8<gA7aT~HGAQ6vWm-`
zt65h8eZ5~*Aoylwy3|B6bnClMK5=}zla+MwDX)TW=r5}q`=?1EJ->Y$`Q27gshbCg
z@!^^3OMbzbpJY;5hx6sv=iTAW)#dtaxpIhzsNl+qGNVxg1MLHjL{Q3%Ol3iosZ9hV
zOa!uL9dz~0+Y<WE$tmEZSWNNvsB`oY4NpDN3D<CMOH&tb8CTtUo%gTVd1|)^J?dBE
zEEt#6FD-q|IpCiiyJ8GhJ{IEK1G-In?djmyd7A))n!3HwTh27AG1m?(A%I&%d&=Io
zb6#lJ)IoGc1cLL;7o)t!K6atuH3Jm}8Z5>>_s`peX88b*%7J2x(PJg_l8v56DM+0@
z`veqF@4oZq68SkzMMi6_5p9i2A?5HLH&0>b=<iNP9wOjy3K?)lghmQUHIPj@=C*CS
zELNBrMq6D-<uXPo(`mi<Hn;1RX#+%*QV<objkBnt&3oN--Zb{6-(NBb;q?F_U_cz<
z;BKVU)YaLVB1@c`8C41dM1Fi#RpO94&x5@v9^4-Ua|>`@xYbnEr)d!s6`dD#Cy{yI
zb&<VALEeHkY}vDD#W7u+k9t2ocNcdDitn<PH==8B@1#^bC}Vx-3VIO+@Wlx*9RMN;
z0|HNY+_`fyf<UN8ZsP(Zk3#{@K;cuEQCX7-kiLctICeT1YjBfgnuw9_soiD|XI+JM
zUSUJw6;%Ws4U=1`R%tZ?01?ee%HdTALx#<j6Yo1YYSyA03^;YN>r)cg8#6$zL{Cmv
zgL4TE9QOmq2yMg`JUAde3A8|<`XHGEaJ9Ll%4#ZRo~(_wTGN5Fq}`Vpa^Re%VUI5J
z3U{7%`a2MrR6$k!Uto9F*B;%+5bh8@$?%oq>&+CaLLKV^OS_lr`^+!oZ{mdX5ANYz
z7uWYasrGel()ssuo7MM8bO@8O?QX-HQ|!I$wn+Ed^HblK9lgJ?-(I`T+`O4qXVS0X
zcYC*c+mqPD`8xI)Jod4^`gD>L+tjdq_iNgJTIHNt%=t=F2i07*D!%=7NIw|7d`c)0
z2sr%78Y4J@cgxJj8$^6pIOAxtQ1V&45GS@5NfjWBqJX5+j*SJNw2nFM?+<$DK^u-j
zr?!p;%RXhKRZvEWt=pS6ZJb$PD@5i>hDeDBo!6MaM@8JDz?-BO$F!wy&Wdz#-Wn=<
z5^GvNZ+%@H6Cnp&#@uCUeu?8koq^fZfkc9^-avx}WMX1mMv>IkbAdqdLz;7O<0FbZ
zbAh~sgSG{zMHbCm@X;^^2njdcf=XwniyFPt(VeF?uw{Vi(ko2w>o8vVLR>?fQTL=l
zBIvZXG1`Sxim~A=QC!rByDoqqMz01>+szsS<OUC?)BO7osg!AosG3JsY8lk!g2Jm1
z)O}-QGlX_b?0*FEch5Rwnx)m%_wKPZ;D>;=9EsZ8v~f6)OC+Q)u);`5;5eA31JIfT
zB2kD)oB{-lCgPJ;lBNlhY?ef}+or2PvTFpi8>@tu@T6FniisMfnXTwSxZIp}B;i#-
z6;XMI5WO-bYa**fp+zP*e|OJ@-iC<UG3^RcAAmXmVA|S+3ef?Alqk@J5Kw@)mzWEP
zz*UMNVq`1<wg?14Y1iN|K*%b=2V;N+5D*6)3I3PTV2VbYH6>AOnWjkF3AT!{QE0Yh
z7A$R1qS3G+BM6!m9((*=9$+uu<>nKQB}$N#=Br5rrN+SRguvrF36LA`sCGSzGQUJT
z{1SuD6z~Q9Z&x1=bQ*W(H4+r|oE8WM0Fen2LI=YU#E}df3<D0$BEbUbsV&($YLjg&
zw$fy_1R)fE)@I)0u<%GU7SI_Gz+8f?0DppazE*_P03s%kUZG&2YK8Uyyz@e7fQ(ha
zGe=zrx<$|h2vG${08l3<>;Q0J1OP1)ECp;8y^$LQxDW!BUF!f-0ZnN_C^7f=j3ZHs
zvRXBwqSYELV`(cEq^d0@#U+&5wiK|D2@r%zL^K=#L$3M*-@tt$nEkr`Ygc)>o#+vA
zGOCJ=Nh-30j3iS`(<so+h;)*&lqgL?;Z<f?l$_coAx0#GLePB&1F^Od*v3SHoAnCc
zJA{jHaD`6Cn1w&1z1Biy!88F9#H<pK5JHk5K`bbbQc{alqQejN9~5Z@p&5Zngr-6Z
zEv+ZHS6z09#;#n{M%Q)3k!mET88Ql>b}NJdDt{;;^2Kd}kVe3FKBfv75CSOLWs6|~
zAxNf20ODvs(gtR*Tw9?EU?4>k9MD4masZG3)|(YZ*aQS!9|W*Lv<Eq`ukBvxsVgd5
zDr-t9rI}4Klu0cmGG!&PsWLFA%*CQjGd5zeqZO>pXrQud6>9ZujDJt{{%^kGzfbV^
zh=`&OlbNYSSjuHADil>w2p>^j=b_G1_Gh~{j_t8;nhp`%^&AntN6Le`%-AU5Hp|u9
zb#)~rW(!o?`_6@uN-81OfGTo92}2Q?uI|Wa$SH_JPWJg~`qKiyI|Bu9g%U)6jt{3t
z1$aau*G7fY3PKoyI3Qv`NR$Qnf|x-7fTkv_5VZ?LGt2<O0z?c@-HO`;Sc+R_7y+^X
zfHr~r56MbFX(AD+HmJ1`MyVQD)-4rArfM`&lStH-(TKnW`gzmwKZq^=Qg0}!RUs0k
zB}!s-ELpKsO*TnobCyr@86OFaSM&N`u>O&zT;KG(G02}{bx1X0pnM@<_yZM5!~E7Z
zF_g|0Vj5~)?olETTsTuss{|lmfj|}y^pSQSbR(b)Q|7Qh#7rm_phajd#8TKH09!_c
z3Sc7?N)P3T7X(rww!G7VI6zh?mxxXKp-l^+p$bS6n6JO!QnM5RLWE5K5hBXklG<j9
z(TYu^+9Du{q=-PGB|~C>9`|;Cd>H>n^M6mD)A2*1EZC()p@f8)MO8+00X{Ekiq%~H
zbGprI+de?VcGqw*^I{?C1L)!KTnGqEFff6HLNJa2|5Oz;;wpZ3Np{ejj<MWMIpwm3
zIl{VOH`(*xA+i85Q2qcqQ2byf3<MaW;)h7`uvZue!BY?t$op6+ieRBa6u=@i%LKK6
zg8^NbBZCA1z)TkyVLz3@93TQk*IjHAa6sq!1MDRPOE40wrrTuFY;Bp1MvWUrO4L$f
zHrTczilabKOq7KsP@4fyo*zHHo^S8v*}uDguy5a`K2lXWQB|U(n1?b{w7RHjbkdAW
zl%)(Z(+pCg)e0(#ugqia-^1(fgXI3`q;4CJ7N|9C{oZeLohQBmBnlKLpae()1ViA$
zpcp|ADoX(nAUWVsf{73!#2_&Wt`LAJ5QxD5h^4faq^(J9q^%{ZX)RJ!td^v<lC?=~
zStSvO0wES45F!9ki4ahTA`}ELfly)<6o1x3iX)ODnPXH?(O8Cb(~C31Km{U$N;t@<
z8JcvWP>V<nD!B>)sYM)z2~@DaL}^Mwgeg*lq!gqAwT(v6YK^NKTE#}TD^yjrjjL)W
zb+)mCY=Bw-W)XD=WDN;IRVpDcWDAmuNF>Ur(yK^490db`0|JB~K?+J7zzPT<6f%XV
z2*d)f`+}G)I&4D7K{Hxc0StnX281zAe1O2vx)>x=L#>oxDqy2Qm=tLFuwH@?WkY8U
zlMnHJLX-g#!&)^ZGicVys%2EBqA^Krii=uHCW}R|5P-;wwL#Xr`Qh>h-P!u6KY*uz
zegY}sOemnGDnl}jp@x!(%JESSKhLLmNhi9M2)D6H6WTV{<tr@Gz2Z7uCemt@lC&8l
zkr-?m$@Ra$?y1czG!w6!2L(x#1Y21gptMy=rAcLG70X-G(`Lvj!BhC92vCqj2r3)4
zLoh=aB1Bxv2FNK8C<ky01knge7@xu$`*2<mfdIguN+C@OP(VnDKzm@f0D>C;PFS`C
z6<8=6Hc#Ll!bC_wbXJ+DjAYv;sJ6*PV?=8yq^!x62~mk-1`#0<(5U+UlSgjJ{j$&C
z8Bl-QZL#J*e&$PAMYRzHW|oZDW{DOnHl)nSI*~ob+wc9qpHG?F>l^3x>J8A3Ek46?
zqWu{82I7WG@(|RwYN_;;gzg`tDG){epj}g$S}elNIf@tHaO7pEOr>%%q1d5}07?hn
z4w-<sK|z24u@;015YO)WdK5H3NF%?yeKZKV01a=jBY-$TL4jVmu;ix!<S2|FxSWmM
z8UWM)fEsWH!EAsmQ8l@Wv?q_93J*#S&ad!L`w)aw!&7CAps}V&5{*O_Dlu6yCX$kr
z!(_>%%|=8;BS2f~w%3o!9|7u5Gh2Osz(IRBP4+V^jI%6drD2&E8gC33`}_UmCjNf;
z{rCNMf3Y!ZpcEaH2oJzdf`kYJ6+hV&U!q28XuVeg+X8|UmS~!Sl1c+&Iv{{Q(kc6!
z1TaGt-Y8ZAtAKz}`YM(nSOo~#1aU#Z9AKmoyV2bWIuz1Sfk6R^lnvOei*9VA01SX3
z6dFXJ8V0sOaqsj<3QA@+l&DNuF($B4BPM2mS!DHVTl4epL`a{1jy42=eT9{4tgOl}
zA!b%(Ra0yb$bhA@F@c6)2n4Kw9H%HEK-f+;>i`L2R>(yZ!U|A;5tY0YphK<TmWIg1
zBqlr{8x)A(kXR)l;3EodTVW$Ixj<@W2GJt|6d)Pc?zbzCL&(JW;{o8D<-|K2d7I{~
zF3Ptv9NCGhRlGuzdc$*1b-CU+M8tt1<GI_<OVsfP-)gqz3dBqkV3uGo<#>t#49dW3
z9e~^s8s&&>3E3{}kmIYI-fuD^LfbHk0FW#IAaNImA%-~=$7>XZledz<?_1dDxJS2E
zPE;g0$n7c%joc7(jub##R8~i>ZWD?-ndi0y9(kd1sXMt#qla}m!1F?<UCd{?*5MHX
z$4nfq+{?~h;kkCm^QNpWIC}2fPXniCoGf>3+k7yfW_)))j%>mGrR+}*O`%ErSSg2q
z#5L1kR7Ym@-mBd&H>%QcxNBwfvw&!%7gaanKDNU?G?Gak&$4)C4<YHjKpAfE_zfex
z02|O2-&pRMFT>sg+n_t}+Qf3K0x*O`s#7!Sq<QDuC85i6TyLurx1x|WV5;S|w_}$c
ze0I>b7?)(y`gM2Cwb>->`Hz~j?{W8;9<q=!hgRUsegiyJ?^ncpl<Ij}=U?Ae0E<eD
z{q?Lc>qvw@5kF2XXlFkt+c7X1TkSJoq)66~*@YI``N%#$m`8H_##5gOUZ0{rj${ND
zw6{|Zc%ixw-sgjUJ$~AYt7`Wcv9A8ydiJ=h@-_*gk@#i1+VYxpr1Qy(9oMqn;3MP^
zy!s61mGHB>ARv*)@eGnql$$}|Me1)qcrm(=yu7uY$yx@=Ix_yF(aa%9B&@rb-6V$*
zsmT8NBkM1EOz))KVu(14w~mriyLVs^NS+`<QR8o%XAda_Is`GZ`tR253L=yU6wl6m
z)Hr;ReZ%ygZciJ!dDegtQHR=<pLV15nqX4X?LPXK0LnTNyWIOa0P2NuO64L62i%Y%
z)4RnHawp+54Q|j;I61thXi7p@r5YiAPsG^Zp1lwU<(vC_{vMuutWAW=mQdvW#r4%Z
z+ZnIBzG1y4W-i6Z+3vpj{v-9dau62}&EEaCocz4;&&+)_h;e+gfw?t(`sF0#1TCyH
z16as05i<cG6k2Q5oKlLcjA>hJvu?4R)~T7QAj?^r3w98@mRlmxvJzij=JmW?`mkT#
zKXmC3-U}~8BUKEguJ3&_2&(5Hh7jF#K&!V1tOlFWj8*S$o<nDMshnkV9njU=-bVOt
zxuS;i5O%od1VQXWxzl)^ypUv_S$EhvGZUj|u3YPdy`&PlaS6X=$Q{{OdiGWKR&!3m
z5Clb?jQYCQK6VY=XI9}!^$30M5Ww&t90Y<vA+p><vfk78#cy!>TWsg>c`}|`3}9y~
zFRWI{;4MzOi!r^Zi71k^b6D@84SKZxx;zH9D&V}mq5ud1awR63h1@mO$hM;?F5Pry
z$)jbFZtTvchzSN#(vwW6LB#Z(m>M@F62MYSh#hxaI!)Jx2SVtia!Vmen&%6<VZby&
z5`y6{qNI?j*5t6&Ox+otbXs*>PL@<c%@NrIynzkqlyKR3vQ`^cXLj(}4D-!+JK`cK
z@e84nG1>2fZ=^q6StxKQhq8BC!VQKGbti=rvL;=VqIyWUaL`0C>7xfkoYwH<W@eLM
ztH>~rabTfoCRMstZ%po)6jYVES3!ay;TkMU2wwafVIA%7-FfGp8^VeXpLMPCKiAY>
zXsKo*AfggSI8X)qB5MkwC5mEFL?|HyN|tp+sfIj8+?RXd4m^N_7$hdr!pLYOgfO=f
zNq)bov-3PEww%fG(J+1W)cS=*gnh%q=XBtT`R{A*IotPrdzV%nuWIGoH7d_9d_D_)
z?fXTRhYi&;>Pu{g@qF`+bLz~PhuKlLlXTmLWGP~5^eGs41_8C*IsuNVX8rcgoHXWR
z>Ck3i%vMS%E6W+Le(#umdS|xxdoMZ;J>Mp*Q0jVpL~5q{s`?Z|9_%DSJfn)Kj-(0C
z#vxbVUNGMvvPQuw6gPU6J);94!zv6Ufgr@JUWzo~q(kB*qrK`b&p-k9F>}G@kf)7H
zj_c_+<Ad`d^qt{j=|1eoG5C$jKJwg&!5)^Dp%siO&``S@Ak&;?pmdP+2dadQ7Yxf*
zA|VL0fOaa$v@*^Tiv$u}*Q0cibR1C#iy^4eYDAK<GAy<wLTEVXmcUW4#$#z&TSZE%
zz^+uIh)Yso0vSdIkV+;3B=n|)5;#b@B5kbDl_tRI6CTA81!B6l?|X>y3w$$!K}&$1
zUG!<z|HTwf!RhG+V?^0uhE-!^VoZ`OG%X0FVyR@2#X$TuwDB%#e0?+IbyRc^&E1z+
z>oj?zUvNQBgsS<J!2}R6L?#gQKY*%;)iToNX>655{Kp+p5eccx!5}G-!kYD<Qw9SS
zf4fNk-ijlD832INs2Vqlpdo=Oh!lVg3J6|sSArR^R89mSfZTO|4nTe(zzzYYVi2)H
z)G2HjC4gyxSWxQ#Fd<d}G#D$8AVpKoSSVZ(SSUK!i0u_H0NDr%Bp|*Z0Z=h8i$Szi
zWY)1-O>9Ys#@00vTSaI#vu(V8i+s#MGbUM-YZ@t5)RHL3vcf2$XsLths;|Ab&qY3a
zU$bB0f>1x-=o#Pepgt$3vZYEQD$LVpgmtN;X{8mBhg6}BNuU6C^?By6KgDwjnMOg^
z&Vpy&9CMrRoU8-x#1r8J0uWG48f2M7kz}N@mT!OI?lYq9<u+tt&&`P#nkhw4QFXDA
zON6Bx1;!O6L+%5N0|;Ut-_^|snu0-3@Zy#TToH(tFt<K?upJ0itX9?OxJZff1Pq9Z
zf-n=RDhT4AdT0kg<Ig{i0-Op|`t|k`VC)<Z@B0X<39ux{vWR684K^qtii7j2@gw~C
z{t-dLcM_ojN@}QG3mO_>%LQdol`1L<rBteDqJ98h+wmmAKjZm9QP;PuYb)dp#GO^`
z?sxoGklLcqdJ!L=*;K+2R%S|ADpIl+po}=spr|+~SPp-G3U@-9K<0y3BZ^t@uv=Ea
z&CC%45kvI?P?|=CX@UR{0SZ$AOAxdzcG!lI*J1bjg7FRs^7?<1LlI0wz!oAVjUkd0
z5=jyo6;t`o!ThU=lytN2+Wv|F_fslDg|#Fs!<^-)nbAW~$K%-d@$LU)y<WBw`JTY+
zJ{<~fdJlvl&-I+s5<1L_4}rK`uQCB93=k|s_@~pz$T$uzA0xz50Sr*Ip;`c>Z!kc@
z0xS^@=tQwn)hfv&V75UP0+ycGCBOlKE$!aE>=R;a*cJhBL}G2fb^Z#B)TF~K(t@T#
zAw)F|F{D-f*Y%cvpXx7D=KsN6t*gi9-5P_0Q@NK2;w9bKX1Svd>P^F>QWPYBh*1Vd
zYAUFhDI}0$gli}Yva-1S&)<D_+3EM?_~ZLFe<?YC%;$Am_y8PGf075nQ6p58Rgsb@
zkZP$YRh!HbIT&I!3mS+q<ISyIEvTaPI9P?Fz<sd`f-F=ZgkVK3g(zKU3jwfi+W@hF
z1iBHz30ynSiKsz^NJNN26#n=k76`A;Jo|U*dzL?T2EJ!Tv{6H$(+J8Xk;|5f5vrMg
zKbhYBejI;&{O^trz&H2v_6cTMWNH?RVqsA&5+UCJbPz0y>wp1(1S2FVBL96qY)5Md
zLZ4^?k`WDZz_thkL_LSP0Q2rG;UJkpTMt4j3$U<HiVsl}?*4xMc0afCe-FRnxzsUC
zFw&7^Q5lpP1{teFe}BWr<N2Sz*!=SQ_WJE}IlXhv`Vse`qRLXKDw?ILrHU%SvREiC
zrDU>DWKy(>TO^gKMJWIzQmd^h?3R<b-2SsvjIhB9Q%kGn0mg%+=M$7&X0pbU5>=*j
z=ZMc2ZbZ$dY!<qRTdsFFtPK>9Kz0(yhfWsV#or&5r|0N;17X|^+bJYkmlj37W!k%I
zMBbcK#~;Qus$AX!VRa)=JViZK98fz5`QJP~;Aq;>XU>J>q>>dW5=6vQ!80RBNhK*o
z{`CE>d6l;7cbkr*?R==&y-__pJ)%&wx!WJ!%qY1jRkVeA8?LR$Q7MBJiBt}O{qMdj
zw8NBF>n*c)b!tx~hOoX`U`z{Y%+hMgt2_~X6dwP5J9=N_x%YQ;#Q|n0<P?ONWE4{p
zWi*o3)hH+^xe=|20EaGUlVu^C6PU6K2vkJ*=7TBjsIS%8hF$()2z<}-`}zzU`$a`T
z3ec^l(N3pPwh}=}8a{Yx&ivKQ6?9Xe{jhBLQK%3&&~!u}$bx<JK7Jlu{HhWF5*Yc8
zR70&(BSa9<X^A8vQb{6+7(C#I!#{M;qkoP4h>aj@{_E<feEgId7DQ1P5!y&nETqqb
ze?Zed5!IY7_IBMKn^{TdTuKLoE-#2_DuV^4wW?oKAIgJ!Qoji~E<bFwfPRx!tL8kp
z%;YX8FRoK!N4z__kV)@6$0Fy?4xP%J+tZwOI1$s_W!?+j<(JOomPbpD2r&>LH8_BP
zuwEw0Ad>0G8OR6(nv|>oP5{mU8UY%`7Z6U{O2rN$YQV4uiC2w+a#YJf7iXN_7Ewh!
z&x6gphaSg|Pg{iWw;W16ZRbdxyzc78^lv-2K6Tv)*=osScrya5+-7DK1QM`@3W*``
zal}WK-1x41_m2-3(d0l=95{_=WO%WJ(6WZHO8_|l0993(&U@kB_lF>K`{~{XnFG^?
zXx6|Jf^v6gw77}eaM8wH-Kr!6(4$1@Mv6wIRI5!ANK&MXQ0$tlqQfC73L+YDB@sZ{
z!psiR5&{{}B)bKY%ZXrPW(AF~lGP=fB#EO50^{F?0)yx3#EGlE>+u$$(i6^xfXryw
z%g#^O;2=s3nZ0ws2aF61gO-!5KzJ4b(1eY4VA%NiOy1%l3nysE?*gY18GvCwJDG!k
zBS6kM%pU7#vUh7nCPy!|d3dnOA45fR+Kd^10gpYNT-a!us-i;2^fy`B+4}Q@-?|?+
zdZOD|_Z~HxsamwK9^<2gZOIeMvE8!iBuXZMS|;vZ>@jNX8&U|cnhx(C(fdX*uXED?
zTR^10U6ptC43F3ItWT%K=QJ|?m{nJ5h-f2@Zhg~6s>^E*(!^^rkJZJ~6Q^#9&prD$
zer+$cC-%wrZVOx8CvR=uhn(fzr6y4XeK+gj_kBa`%(t^`)6I^g&zT8yVqE4<TLsjE
zE57=t-G2K%s?}VtYEd&ZYU_VIhenuH-`^@3Lo+LrHC@;@J}#HvJFv#DRsyB&O5miJ
z8;d*c%;PAse2wHs6e-bUReJ&RI}QvE0FMv=(u?sB*2q1~W^AjpD1*;zSWKLDa;@PD
zZxVFkNs1kfi#<7=;e-p+rXAx*-Snzt-R^B8s@~rCENtGpr>n_W{_l*zzMnd$N4CKi
z*7VAiMsQmj4siIdXz92``+Q{U9KIYHOhN#I22W{OWD|zJySI(>Opbge@~n=am6tbb
zWQeqmP+sbN*;)bcwZ*5tlLH9q8sXNw&fKayqCR(e-d6S+SdmeL5rG5=*@7M=T1i|k
z$-&Z`IaVQs5Ie_QflXb*h;XYS!WJx|4_)fgcBDxRXu!e%ATW*}B5)8!QvnPt;5Mx*
z$C|q?>cHJmP^dZ*1#*d0LJv$`g^iXWnkH{m%}!*^O=#F~K+<rHj>uvUhYglA9R|U|
z01%iDz>mu`{2;e1A7>Dsh^L18EswDg;9=T+RrCmP+i8bN4}TQ9Um@^r_&(>|gXc1W
zoqfC6IQ;&r5=gCPUtUutZfUI;qJ14gJnL{(ROcSk5WI=q&z|11?tR_&-kO{GPWx`|
z&R;&*VGAr^dn=SRTi83<@pMEolX42rzUF={sx%MJE8k0}oa9}I>uLvApUxK|X@}OU
zS+X}plZaXYAb1voRAu^^c*S63`=_xwLLD`zrJiQ@I{nEbJpNH+^jY!52xM3n!x9p#
z`Ya2}iE9VP7N4F@@L`s2%!k3ze02GO*B@NcxN*>%L~zK|>e7r-FTi}n<yJeRn|2)x
z4SJyGcSeKPBXUXisdbhIG9I#2Sx0DwT@f5)hwP{VVWeSsn9(V6+9PbT?h1s&45HYs
z23sjD7V6u$6CfdMk|k&)oQe?$CWa9kDch6}W;k0GJ>YPU!PG$uz@U;4sYIgdQ<kJz
znvhmj5+x)^{TbY{^%d9m!Qk-PC@LNfyYW&!ALaxQ%Ax`xzlX{xm0GgI=!(#ZA0ZtM
z6hU!d6$*bLivxu0P^L2<t*)k@x-2v8E6!=KPQ4|Kfxp*k9P-T!JRo|ipXM-b$MpUm
z-Z?k(FQsA{Sf+<8)Y)nyDJP#kBz*k+^Be2=Z>Q@I*oB|NfCRvau;Ux&?nPz8O&)8V
zRn>Exwbtu1HX#8ZY&Z!b<#}FxtNTZr3VbmvZTwp>Z(L{V3oVJX3!pwKKU81a2j4!)
z=8rG}K8i76aUm4BMKK`+kz`VvC2Y~C6^$b1)R}afQDtS3hF5R%eFypV-Rr*orSsaj
z$ZjVfce1hx-%1{OSp(>y_lI#zRW(wqR7mPw=o5;n5F{QR7e1e%iu(c4VI5~aDr2r)
zmbVX<Qg>E+SY!a3&{%l_FY7Gu(QTUOci^GAPtv|nS_CKBqn`GDp(LmvkWyVzD4<0Q
ztGamd|5#_ex$o}GkejSK?T0dwR)sw@ehuPhQMXRsv_U3BwSo(b{r5{uBcuq_KIX2S
z5ThI{{AS>;w52AXz9UVx<rSjK;G#gIo!f2v4~O&BKeq?-^F>I^!;q+RP8!t<Awr5)
zmYJG~qNysr_wMtu{H;Hs$Q$h$6$upNP(7m%PW-|9*dItZK^PWO5P;9@D^-%xl;u<s
z6W$J^k+`@uyedH?l1U^nB1H@p4I%LP9QUOCpx&%?==r0gf;G520u}h9HUf8+^uBLr
zfUh6hocw=>=kMeqKg6VB5|LK34CbYURD|{N9;VY?;UIQ?_f`ka1!W%uG;Dz58O!{|
zs$xV_(!p&&f@0K=1rhz;`ftjVA=}=~29q-?$lF)0+I=u6oh92&zPG3la3a2nw2ric
zvOeQs=ARV5Q$I?Cs8tI(C`$^fEu@CiPF09Tx!!n5<jJU(ee?EnXRsLp0SG>Y8W2o@
zp)-g2sZ|oP=ptxS(#K(U5xL}bv}8q0s`Eo9r|enC6p%i0P*OvV=>ejEw=oTFB{)J)
zS@gYF94|$b?L)*+`~LC!{69SY|3lG!IhN66qDiG|G6^KSmWBDhyMy>ks9~Xp2Yrt=
z{{w@s^WTH8m=Q2Ou7e>Kkzs}eWS3cWNm*)A$0NU&HRCMMv|ICTlQ<O9xa&iwQ$xn3
z?Dqu_h(svoDnl+*yY@eMMt=QwcbMXRrl_Y@nk*^dyKaD;w!BaesAITC@4qx5SZkkQ
zAw;I7m0F6FizO=MNnx5{M1qk?6JKx;@;A0BxMQ!!*nudPK>Au%TFGptzCJs<sJX$r
zx>#kYeK4HjjM!5tL1$ztfsrZ_8*le%L!vw|@qVglHTb0Uyj6bZJ^-6N`QLsVmJt1*
zI9ot+&i?7l%OyfhRW?RN38hgR_&;;+&xrWoi`vl7Yppng2gDu$0D>VBl>`V(L}L=T
z4SxX=LKKOeKI5fsUM}ud<zVFG&mJqn(Pmydq9}?gFYd9*oVL7AMQzZh&y9_WTZ3h$
z(jY~qh5B~O6{;yRCoY?d=%c#;`}mk(d-yWkErA=bKn$-K1=bA;7Os;*ULJ4((RhL{
zYeM^X9vp8x?(#Ue4?Bst4)seZ@0@lQSU|0qoZ*GeY}gFi%5|G6HXF@w_r3SeIPV>0
z%KPf^!p*XerHE$%63k>QHKGWhl^8^1DZ?ZJ+VH>;s~Z6XNNIqm5m}VuVPiCy?96OJ
z@Tpn=m@zon1m(!ELKsLPNW-`+JCJ<$a^tDbj*&yW@bkqx%2SB|g(YBQ3P1u7EL7x#
z7#V8{^yx%dnam(gM?--JIGC3xXizeVK**&O>{wcoXIctDptC@bv}qNHt(`iYm8St_
z(}IAKn%11vC4_;INwFX2m(JKf!2bOC{K0&3FIF#j0zvO=2p<hGPB!!e@L#5{hXRVA
z;?yyHs5}4*@0!Etz>txm)4V`l0t&s=)a%Swfzj55aNK?1pC0YlBfh)lvrw+-HyThB
z&_qyGkoUX*ssg8oCy_`JX%a%eT*7B}Y+MSPhW39Sef3qR4|ULPZI84zN8DK-B-Y`l
zWcNWWSeV8Irz*2y;8tqeJSbqi+qAGmW8w%Sw367YfDvunt<Tc;uAG}Q7u{bRUEFLd
za`zA$e|IOwqSDMV;<?=if%f8a^e~~+SH1Z$-teY)0w6{j6i}^7&}zY(%z6g5;hvjK
zi+=in56ZRoWNFW;#+Ubsc$P1^r7O+d6fI@g``=?6{<JpJ(Ua{q2XJ&+MQTJ*1R@Z+
zX4*o9eZO9Ne%pQUsHL^FoYo`}^D(S>*L0;+`x3)i_v;a59Nzj)k5E3PQ;qhm-&B7i
zsy`$)M<I+6sc&t8-ESwzeThu^!XX_XzHOA(H+FK9qJ(eq+iG0K#WN7Dcdn7Ta?340
zPqusG9wu4k)kh7Ry6>;4dA*@gZ!5BotK!Y!qUcHW;1%?{o)LBlc}DO{XFgRrRFqNf
z=-m0MGiY`FwtiMjs#Fhra~1vY%*^a-O+_w7&UY`aeH*&u{=n!GfGv#(UtaxvzY0Tl
zVH+qJFs?&JH%9yqi&*__J9}4}9-W;EK#}PEJ-cRnGcbLaLa<UQL12@4&T}6sncTOB
zV|{o&4KB)l^uch7)b5c5)3Shxt#ZtL>j_xfpb(b==ebUWiM?<h$K~FDXfE|xw|Uo?
z1Hpd341uxDK*yx4%8wf%NPvS`WOXOJ70utiLJ|<Dwp|2>!{cca56O|WmMT#VDg5+|
z4=_ag0OAG;2v`IWhy`lzuwRE6eLylbfMBlFHLlgb7As(7A%mC;)&S+sRe~M_h;~A9
z4oQ-^3DK<IW_u>9IxdwuSs4f=0!Bzjho+JCF3pe_a2=_Kg%oZmi_+qu(bK@gg_;{Y
zC{2b15RWw_0fik45D;k4#tjYu^^az|W}9^8(n#Qiz&Ji0IjYT?sx{=&9-JWag%Rzo
z>sr?VdCK92g^l%vo8@dnf`lOqNHGjae9h*ytPPOtgzS%zRW<k}D2401UDu1~1cB3_
zXV-Uk2^Wja_&)DHKrl`RA4Xbj65l{uU>m-K$ruwT&^(xV@#kCe8fFraAk8ET=9H}s
zP7p|>oigaC7f7$jg$LH~xd!sjAKvcr<Bx88w}pJCvd_!zznmF$?Yx(0@5+Mt^Qy<)
zo8n(3E9b8G-`@KDpk`;f?~XwRGb?vRADWi#u8Z%tYj(8_>|Hwk?U_|e9v)%m+qaW;
z{*qM>To0Cs?%im(v5OT>z9P(Z+f?g!=R5D4+)59b*RA8$d<F8!#Vo*Ul)cvcbADTY
zbjg)lFJNueWx)RGdC`@3oA=e3Q&Rd|_#c=Rp&)?-ki2MBS5QHHm_9a!5ms~^Ru8&M
z5wo?n@&ld=*8Fll0{3211K}>}JhXnj(O4QH2lBNsJ)nj6Sz<y|;s8!qNCFZM0}BQc
z0R>Odo`_S<9B_t4oJ@5%9z=1Fh)wXf#D2Td6nOTm(}tjfgk+Tj0Ism!`H~5umg^Et
zN%Fg2x32DkYCuuMl%{<*V=OUJk+$sYeC!Y_^vkg;tyP}KExW0L)mwBr*qexMu1E79
z;C;~PL`G^97MN>9i?w!c&Jh<PIn2ALxC979B2g&>mxx4{@6*BlSgQPQ=<o1oIiGJY
zfQMBp1W=HSLWkgw#3+h0PHHL6`!pf}&MfGL$x4RIP{>Ln+0*=w0r&Hv*rYzDw#Lc=
zpS5ne0SFgqXi!mfX|?baK7qUl0rq^ke^%iOs+3eSO)5+&5HndDT8X3Na%c8_I|Pr~
zD}5@lp!5>F7Y}%T`-z2lK#;LaMIMJa*;Gsi-H+%V4H!MTe!klSgmX8quv7frsGH~H
z`#T?B;Z}b`FNcf#77#|xrb?vNw8To5RdkF(-+#p4VjrK8=CIUz_~wI~&t#_exJA#Q
zW*B6aHJB)(kn?E5J0{sgaH?u%rYC{4_yL9->o*^ixdwduq|gt1`Lu>#MMtj3exHEz
z>6T+ySz3}RG*FbwWmY8y^XvTnN7Ma7_P&1p{&~9k@5(tWzVPJzKfvyq2uLL=S`Tr$
zEEBm5AJ5^j+w=Q<RTo;b+3<#OPn^NfIR&Ka`v5FBp9K%Sbbnt0^H<;FvLm#~DYF8y
z9CVI$1}9wZ(>E?gj&fS62?U5$GS--|yM2@M-TlAP_eZd=-1um(H`ywUNN_>F(5eX}
zV-ymy!ZZ?iV0LkZGV$;Td#ZGW`8Anz2hf4$Hhjm#0Xzez?qAQ(^UuHC^#2B%5W=Mt
z=A~vrLI{+IL?Ti|&H?U?{Pup%ACEJ`7B!zM#6*^ZVAU;>-z%ltVi8m_j=z?)xQP`;
zvFJprh)K(Vl>`~q<EymcbP24%%ratxvc&hYH11+QeBq<g<qzZ&&$r(}A2sLc^M3q4
z0sADKsvs3)WoJ#IL_!&AXv+mvO&+?RT=`)WPDy2+{BS%qyY!s|EQjcnDH{R^Z{yU0
z3tAb}RZ_d+Y=RSYcN`psQNW=k3S@*)SbC42#>eLk0WrM9KSBD+-oB>wpbdSnv2{fc
zs-~Zw{tn@v*eeQ@q*)}bBqLKbISMG1<d8`qN&TMvpOuQv-?Fp!Y&3Xap(@=f!KIX)
z{LG!*J2Qx)tdH4TCnh-zy0r#fwEX<n^$)o3Jr9AzLN?vtdHQ|cc>-?zmIpOs@CEp2
z$@nY0_I(HE;4qHqqKcG8S1RDCQnH0+*=r<G0)&dDX{wSKK|uchpA+}bo%{Lu$DbE|
zKK}QzM3$AMk_5DollT%CQTk*`+7WXI%CTeJ+^D+9+b(enL82l-5v;(*qO5+g+#E>A
zbLzW3AGmmeAAX$cyglR2Y}f7R{QjZ~^hQ|bS%i}{1j4JVniZnk_Xp02ue81%muBaa
z+WTXB+fd9rDz4+cK8y$$LMDL(PvCS&Qnpp0Ya(V>K@z$!!N`Zg597BN>{e+`tolc&
z!W~3@po*bWKJ3FJB&xOI%*LY+KPH<A0wl=}G{eAzF@ysl3@Z^03{d1UCQA%sd4Se2
z*@(+<DItRjEW}8dBx1KPrh^H$g%KZbA1z*Vfl;12-vi3Ij4y|wpEZdf)LB%ns0~_|
zat>JCW?&XpFc`{HAR!9C&MFNoU@{t&lqQ7`QnVtm0-J-YyCu>zWhSgEBN}4IfdI&j
z92Em&%X1|$fs~;_0!z;i3|<0}?zf(41oIYkt;4O(Q@eA!4)O>(*gW?0l05N+-lMBE
zV|u46MWb1XVo^+zijk!if+Qx&z>}rcfI^AQS`kEbrvy%%$r#OoRiiBANfc2+)0PFT
zWzk5BJDhatS8KYdY9m>?Q5hkGRu)Q#Rv8#a&c82tFY(`Z6-vANDZZ}(>K6go<EN)<
zPn@##-Rq~Fc+YO=&kqM%;bmkABm>@SJUCmId0F6_fO%#4MtC*UuP${{FbuOi>3}ym
zBso-Hln)G&kvjsTeM+4x!+oeNy*pqFL*ARaRg{%gvE2-%v=i7L@xQH-bwiBxqLJ#4
z=hcH(6gX<?zj=C_b##aDLEl4@zkAK=`QV>;g@sO!^Zom2&W`qm0xX|~KIa#Fcho&W
zcW$(5yEBfO`R};>yYu5<*V|k7J%&Sk^F`63>i+fS?;8*Up4#~5x{}*r_uci|zEo>(
z+qGSr7ulaYbgHj~*U0i&C&zwL@`p$C`l{wJ_A2;j(TOcx={LJ5a<uIHt9~M53$GWx
zUHf`i_z348q<^QIar<ffWNXh%t-4!d9`#d;F<#>3_1f&Q#$gA-v_EFf`+Mej!`|m-
zd#(1YbIH@gU_f9&V1xz?UGBrzK|TPs`V04^?IV&xx<tT$8^<*2%H5WH(ZVbt!S{tG
zY8gGybB8;uQXtC}T7=Bb5qqZD&ZI0|<`D$l2zv_+Swu==ns(EdH$h7EU$pqvJMuym
zP532FR_J&-_|Dce=%Hj^Lc2uH7X%%Pg$E*bZegPN-#ARJo#gW;IrhymSr(8O#ygFW
zZO)EfK5g*5&)(_r^WAk?_erJ!Bw2<~g^=J-z7C`Vu?nbElTSlSnX0OzdcBgZA6F2Y
z%zOa2Pms}mMKGP=UtaL}jcuYNLXUtJ0>-jfqY5NYP(VC3Y`UuE6_7@bBfb`cj|hq)
z4lqUnNuVfAxE~u(GDVcpLDW*OYDZ()ZxztT-ydmS9DG&)`4T`WgtQm*fu#%~qIt5E
z%*GtaJeWnz6lfs{nUU})!dO9JB!fu}aPH|8_+dOAaQX>y`GeD+Yf10CN+g&m5nhnU
zV*|nF0ETxH0A!X*s{2he-hsY*@vG~;7kANmu^Z-l!bW^In;r-vaN?0@c0Bs{*O^q_
ziH}j6=Igp7UE;YELnyOMA;^6J%peiKfP@Nyn<X))kwy|bCFXF;qc13o5P<|CM1(S4
z4tk7m%O{7|D4zP$#_wxMEAMQ~tgZD`EcMF2-uHYp4IQ5h`+L#}s{ZXS?aH-E*WV?K
z{c_3|!@EsO%flGmKYEcDE}VI`{KISR&D>OS_jhl!b8Ys0cUKxz+r|>c&&odgs=JnA
zzQwDseVU=`shvH0-&_<G=}DJLo8P%+L02bV&SUUK2C<JPp2jd3QTZpWDM`4F9tkP3
z1^FXX@29?jQxT3~BtMGu$Ed^tZYW5AkYT_}PX}2ym!duught3qB}1-k4dJ?rZZn8K
zk<|it{@r8^Nbd&gPYDKwwxJH~B0x(s!-m2xg#F;Its-*Idcg=_l6-<)4fe^c-$#PN
z@fRZuwxWUK^MNCs>+aGp)`JBM_X6~f5kWb)s3@XH(3r3*n__?{^yBSPCSW1zgltG?
z#K9v8%f3)mbDlTYpNb?IdN>Kf+YtG>BiB5Ny4K7AQWgO{84<N}Sixishi01=w!|PH
zOaoBdWG!oEGCS-8Q1&7xs5-a2cq#raA+kwPG^`}-urj17E^M@|5X3X@@bj;z`Stf4
z4QriR=rltS5YZ$+Lju%0_*0l@QnO~NDzg)xl#rIOsIpMGv^xv^JS~m<ejH!lX1L7_
z>-N;Xd9wy4-2|g_j@~gTLk|&Ox1b#(F8*MjLrT<d#DkCLZ}yg&mMJJ$VQoPh`@emD
zetWF!AAN@Oeb+LI2wch<3E7(84S~bq@)!_^*&#OCFpwfZBtmQ<k_Y*oNU)NF;1_if
zM&{>jtT3=QauVTGDIAC?QEZe3zSclu{UBB!Lc-xb?!$tC`TO5p_#1hzfkhufGcn4H
zim{AoRm`eYBCRbn#Ge0~`TBU1_f@}dFAsA5VchNLo_R@6PTqEm4@(F`=s^fV6GbW_
zLTn&J83*`;EF?6^XoO&z8+ru8GsqDaI$m@f@zRmW84(gmbj20n;TknF#=lqJp21B)
zQ$72mbkgWp62X-|S=AGNPY(m~`u{$8-SGWBpFhvGm4!yg%P`baB_Mg(+2qe<X1%=o
zMSS_(ouipqHyZdqO^9I+>SHW1tSaIYts1CcONbpg4F@!ziDMCHl~n+?(wq9)S(beX
zn2>?WdMJ0vpAX-)`|(hwN?Am-Nh~6x6Egkp6Z`zUKdfqR=B+IGyVUgGGHOH9p$HUx
zswgE?D5*_DsdDU)q+NZ(@|vnZhws!Elx6-duBjpAWwdxIJo~_Y@=xAwKfVN#nGkA8
zrdcH8@cRS3{J#sm``+7r-S+V0XDcMt6E$A2HXhWB3L!-VAb^O`0wP2}f@nek5y;^a
zBv>We8VMT<`~-<$`Vr#g;pd^DOStY9ni0}<0~y_}@tQK0EJ05j#}^N#2{M`h_?7HW
zv4v39&>x>{4R3c{=U?AHA|q)DhDehXgp7#^6Q3dM?}wFpH{ZF8uXb}Qdk>8gWHOYm
zG?i}p{B?FJVxw3IN%gazz5%BRocfo;#RI<tI~D!&-R%MA(f(+vD2b{t^JH%fe_YSq
zI)3j@n&+GiPeif`FoOtB!6sDjEKb;vtTbe%x6mJ3kC}fV1oJV*LnwqLA_7#2^48mj
z6$AUfRrd`Zu>2E^F-;^>6j4(YQAA91e^2X?UyLqi?=C#%e?ENS)_epzVn~!Cf*=AR
zU+r>DjIw6@YZHz}x>pg|GeihSE|HB8?%!x6PqT+<)rai7Oe7-wjVaI*=bT&axPB48
zKN*@TD42pGuO9F3IyL=2pEsjf@Ykcl7=%moO)ykb7Vr|7gh7>_*Ux?LH@^7`Aa*4<
z2HI%-%L`$lAw%Ga^-xhggW^`rSbAz%GE;(8-PB7i%WNP8A`yX-&>2Y~!5cY-A(TMg
zV6atS!YsxxI5Ntp8Bit(Fi@Ji9TCDgB`)lfn~Rzfhc#xT(}%ndanGJj*!A<<9#iZI
z0$WVuvyVK05|?A&Ez9WioE=-l@nYT4yr3i^?mXRN(KWAb^zScM!)WW&_Iso~cJ(m(
zW5df~4?N(_BpBj(Qp1A7Sce273B*yr%&`*3o<=*py*)WxXWc+L$Y>d5U>VXboKApq
zOQc0vr9w<Ih!Rq?$jucFA=8wEg+WVOEktJ26y!w)brn@bqmW1K!_Hz-U2gfzcg>%)
z2Je7zH}^>caD+RXQ&O)Hnb&8X^QoRngH95TWeg4XO$bLhYmYPO(?lSeGtfuKLOm7H
zp7CG=2fvKm`n+5F6*9$MU5mK{8E(3}Mqbw!t2t_FDEZfA&3Ek8e`=S<n3kyL=eOh+
zwYa$<^b?1Jyn~fPwF<Q<H5<Te;v4hsLpSIuW;^?Y@Xw`PPlR~;b32v%uSKMuRSMyQ
zr8}dKX6P4w-hO@4(E0Z5_NuK2+q^D?Wnz35B!Xj|50_X;8=-`K+j_ps?c5`=e0~NJ
z57$2LtBmUV;iX`(scvVuEYGh>5?=Q4hifGPO?WN0ez8oTA0a(#ab_u`nNQ8N7X8XO
zj9<xIfiw8`IorYN*0h}%_n>QA%;(>Iy|xx%6n5~Q+?vH_B(hy*W4s}u+3$<H`d@Ey
z$-081ksWpRVEQo!#`8eGw#7{Dk7%CDbdx%4UaPxZ-JD;#>WQMPtcz--Uh08f-SEV5
zbo=1OV#R#^uT3bOf`zLfoEvxbWiODsJqC_8e!TwaucCLO+Dku1?T~xZ#UG^lcP@#;
z`u@rEdRQnpJTjlRr-Vsc_s-P&w>MI=M+a_!LG3aLu%c8j;kyYIahF|i)U*OH5Dox9
z2jT+yeBabOvi$=g+3$@XQM4df_1W6s`^#s8D%8;WzjQeSLg^@oG+AK*cW#_V%d}3%
zd4OWVYL$r9h6fkm3S><-QFqDDa$D$0i4s8umKU^%VOh%XQwRaPek%60!ani@U%WlY
zBZ8nnIG31yZdKPWF6#CXZ(R-3v~PBx9YDP{ELfZ_JolY%o$q-JjDaE&NCfA#notj6
zL4KCt>0rz;uvbmNw%r|5!GP<g<87XDgaw1}fHQT1t`GrvHUOcb1Q>=PK++L)$m=XM
zZA1-luoDOdAPV<Hs|kdnhzJ#gpcB0{7B{1h&^&{jEa=pNCqUL6K_S}#07b~C<7^&*
z<<%zIKS<cey)~gW9~J_ZFb6BQ2pQ#rZQL*g01%KUW^BGiGlRg04FKz9#T;rd$8yHT
zp-9HXEE{i!2=efDu8Rar)nEezC_QMf5yArdST;9u#t{SPO@a{lk-2Wcx1JRcWZ45E
zVEGM<ZwC(y0CKUyRJnqT3?NX0fdLKMFtUvT1TvzUAR8LUlrWJ6`|jP{ZLsl3VOV7W
zhBn)JA+WPifSRNXW#WSn?T4=I-Oex^AY)NZ*v5pwf*Wa5V;lgSARC%lL#@h^S(~$a
z$#<3Etx2#9XpIU+h|q=i$+$Ejkpl$}-XY+8`v&7<eBod{^L3g7Hq#h3s@Z52h*g9H
z43tWOE6TE}#6dQ;PziW3wm3it<zq0$2#DLuaL56G!6ASG7?~#lB~Nj;#1zKcr$f*p
z!S`&vTX^HZ>$nb;+fC<pcYp!p=Zh+;<yAyltgx_lp|eB-vyp7!5h<`jU6AlVz3^-g
zvfL1TiQ~gQn9g)iiJKw0EDdT-mN$}6Ef7V90<0KkDI06ihlT?J39$rVOO5i$6qI1V
z6p1D<C4`}v9;piT-RE#@aDXSoV`05pj0lK?Lblq$1cCul-9{P+3(Wn!X7kSk!3mfc
z07Ni;2y2G~LLpG$3xp_{o_6Xrtk|%^CSkg&jzTzIx=OJH+2!xZ84JA4yf>AAL<;$$
zz#R~y*#WIoNWc^+36Rkv24zSK@ACQXr@PKq(z>n#TnualECIeh&#&LFetrkn&ivaR
zf+~4gQYwokR%KO0R*4Zeot`-Em;B?r?(Y{vf;iJSS}C{#fj=D~9Q(tr)%WH;cb}C{
zDhKJ6_5Gg$UMhW~4(1uzd|9;mPrl2r)UEAz^$>U+UsT+XW5vHqN|nN_E6)1_zFBmy
zno(ffTQ~2nXMLTPx9kCL*zASQ=nUZ3O{%NN>wR0_ZN@nF!GqcI-L1c%;c_W{RcGwG
zlVB$ytj1~ec?+L!Re{%kBya6~-(-#FU%jWp2&7X5H(&-$Z*EG$s)nkRF7Cx%8JJ*!
zcXq3*vctN}F;<`k=%i4{AjrrFXI$PYy449#833fuY|N^H1!W>|F((Xs?>Uj&4r*Ph
z8Fi6gDh-F)c04F5FdXR()NQ)3dvv+p?#{xrT&?9x5>+VGN<}45u57%Ra;Q>W0K|$8
z?u29x)e0|KP4wU=7tY|@=6&J;5Xj*6%TbkDg;fA@@tJ}$TXK|0>g9+XklP&WS(6H2
z`;O_@Bo<6fK$VPQeQ*;v#_o(x#N5UMnb<VQY-IzOakn_wpbbi@BUe|v;B%O4^LaQ1
zHA+)dhcfJBdm4a-Rm(bFtwVaDZn<HJWj9$YRz+S_C>p9oYVOels0nqpIW~^5RtC0D
zod*)Sxgwv1@b>TrRw4;mg&s*0TL`xR02$;eimKIJ$ZqdGcRlz~>47@&!8BAgzoHW0
z%Zm!Zf)}i8$`29>@2%dAZ+cchT{9afPTO{_5(QMcKn9#(<_jwTCjLxbS_T2U6q;TO
zTrdo^h$dzNKm@e)Hk=q6Or;pX9pRZgt+#~y)xm<@V}vn_%>iJghV2MJpT5`lO7IVP
zh74E$o^edaAo3mS6b*&cYE&rDUCs;|lulMt<}EQ2^Rpr4S55Q0v=^LCneCMU^FU@C
zA+!d4;aI_vuZRjl0!Y{ZY^fVCp^dV}Hp>Cx$Tj|xQG~yqdFKYE*a@f&-%qa&_q%_B
zqUG9(O&Fr0jfhNGsv1I+rl=`LQ|FoApDgw5;H&ydX{f*@zHa%e*I$ghclWOssS^t`
z&EcrtlFRV0;p?;IP!DSLDG$G-iexDoim37PhGx3+Ihme*HQAgr0pS7irm7$*hfo*4
zw+>t5r1_z(eP{~%RY9#~E~#y(3#s?A{XR5Iw8S+<QdLHK-@SLg-?R5U*M|0U%iZ}x
zpJZ7E5P-+;GT!c(FwEg$u{ZDw(SZ-1rP%~)-+^bula<Qx<8`m!nErjpsgXhvpzrDP
z_cL10&)a7KAE;FoG@~C=$jNtS3~gsI`ek5lz9O2VPK3K_3<?bt=+1MUcb@iNxt}$y
zf%#8hB4{bGM3oVugKU<@Ed~&=@2;-A&b8-)A5dL|6HOHr5b_6~6kibeYS(mEF!o{5
z={0`Ysc#LKT_bzf-87Mo{PeB9f_?MgbL+B56;e!96EUuJ*{yYT_sZ5A@0WMV(dqTd
z38<>K^bLEgw&BzVYMyOrsb{-8vp(wfcbSRuY!790?$d}*6y|>4HTOy;fs)EXWHFQ^
zAjm`7`@PohS@+WSqW#~#9?2k(NM&CzW-}3zM5dNeW3c-3-58d9@~YuLZq(Jo(zWh4
z_kU-|56=zgIiIy9F+|Z2O&s@qog4k;YUf>=zTuCl5=28EQzmGJDZGOMqWg*TB|44k
zQ3e_i;_9{YZfJDu^v=&7f`S?dYLclcVk#;knvH9t@4jc=Ih?}qKt2I7M3OQ974ukU
z3YFe)(9L0O_jNvK)67a?uy9>hyDCyT%kvLL`3%`XbRR|%sG_K<p!wI|I_&qiTG8{Z
z=QZiY8nViRES5@=TjmOuWo8N{ib}Z#KMy)boBiTwHSn6y&{hO`k=&!&e!%qH^V;J1
zl{3p)yvxP68I)KSWSJ(i;D(~snAmq0b7+&!3xxITCkx<qJCzJ?EDtft0}cX-L<LQG
zfgF+KwGbV6z{d+OGAO`AG;-NsKt*txMS_7-w%`O34qApN*bG&LVPZ_lUOWiq5(GE`
zvCx)VGO2{P><EZO!V7jZWY$s_6|9t1$*Th(hGJBlIxcumeGbQWryS(;^x)?l;J2|D
zEf~d+SW*`nQblAqGPDJiSQ;Ca<F~HyG6T{mLmE>-6v!e44$g_GFhJzRv!fIYL|Bw^
zK+1+yL<TThE^N{|EDDMxXJ;*ev<fW<uEc4~+Y(GV0e1cv1|~BA`Oic`UHCO~-OOcu
z*K+_}=>X1pEXFC<>3++DI|iXN4g&z~-<TgkF0@rURR_p!v<I6vx#ye<2PVUIb7wW&
zx!|E9o!1TS2MzgPreD?@YI)Bp?mGd1inkYi^dF(n-yPo#GY%KW@j`FW9{LJWsZc%i
z8av!_m2FGJ0ODxJb+g(lF;;y{K4e~U>mZMfGX58eY*1~E&2My}+j|$<#@@lZe^0jp
zvKI1Aq)2r;l#-0|cXUr&B?AK(OAf0l#*Mr6OEpigJL|=7?`3r*?@95R)%oAl+1Hz`
zkM7Oiw;u-TTUDO!SDgC~EHiUiChL#R>)vkdU58YqQ0a0oZjSwUd!J;!`Fw0A*CMj6
zkm|!8RnRxv73^BFZd-Z1E^_J>sjC|&TzQ$8k1hKwv6(}M4)gb!-S2X1-OhQ_b$#b1
zRaC(POBG;2Mp77&DLb8cuJ^!?Jk_l9oU(hufjV*IygQq_#>pL+Z3khaUOnvSa;avz
z?3Z}isa7{fFH{8HgQ9>_b&yfp!L`I|C!Zxzfor<_=V>fv?PMU0;`7pzfob+VrRQVH
zKAn>m_Qsb8NY+c;_m*{RVj_qcE<8Hea?xeyrt?nX3wr%ogEmv6kEpI31wP?DMssE%
zGb(qxuQlCr%dTn7UR@`E#AJaO3>akEYgdk)#wsdlqP+U*<xuHFFhtQdlBG4P3A02_
zhLUsHmvZu>QjP)B9qE-$Fo5*Ck?8_R{oegucHlmdOhLD#P!d!n_fkNNOaxM0L0}63
z1P+c`0AwpH$rcU6)#|*d;?3RB$<Z||BoIL$j6@QFgXlnWSJ&<xS5m@~)=gzi*CcjF
zW5Y!gy(B3t2rL7!2uzR9KGWrH@6*L!si|2Q52J@sMv(H|XM5FVwpw^vB1Ec95w#6~
z)|LSs`Pp^LE1;nWk&0R*bgi<r4U!Woin@y0`hIygcKiIt=###U`g$LI6(XE4nO<0*
zXXi!H#Ca<!kI+H_u#Dw1m0heO8@|W~;2&4teAljpb=Pe075NA}KH8*_Zvh0aujyIz
z!BtqksnJi45sI#>v+t!3tUkS0RF17z9&|#C-;(O9dEXqTlJ6kavpyLmeYv=_Os&fl
z>N)pzUQ_mO4egg649vuK;m*Sa#+tQERxEX%KJJ$^?@-!aL3Corh5^JK#c?RiI0Lmr
zY0wpfEEm`d{oOYWjOUafcunT{4IvSl1VF6w42F(2EkHp`n=JwWO(R}hKAJ<wP(*?O
zB$QFsK}*v8gPMD*OYU4e!y`C|m>{);@2*|_322mf;vv6mX~vSiY>DCoaRl5VG|*7T
zpD_VsluW{y?U2bNhY=+qNMR9F4iHoZDFVbu3=s^CvP!~!P7so~G@sVz6o8n&F}x9p
z4OPLWj7u&?Ry4N31Qc>+=+m_;48jp2mJg1zQY0+<?^);ZgUTO5JVcKdn!J5>>+Slz
zK7Fwm6lD`c#Wci~G~M^n^wx8{-nYvHPJ*davcF7B$&3ibw16NHhV?8yeM(>wz1rY|
zSQUm#3qW*NvredN4SEN9A7C}t(lKNiB9e%rzW)8!hkMuT@7>{qKGhOP+8Rwo8HNOd
zL4yDQ1t2gA3kC{F12B_q1RB4SF<^$45mO+Di~>Z$D2yZ~vRB_H+vV5VK9<mZfxseJ
z@S+^;L+sP(2+&nUOA!@Knmys~f3Ml^TIOhuuByGrnYZkru{A`S$5rxneLjUd^0`~H
zXUa((@aU7jJ~k+G9eKQuqIpt8#85<3M!w!~_pc1+PdEGDobS!`@4(qau>(~Qgd_x3
ztLEJxh{;8g(@a{wB}fVNXgS&gxCNG8>D#}qzUVr;qN`WR@o&lb>)l=B_9B$XBATjd
zGmq!D@y;K%K7Ki)qhxw)Sb_udjF41BOGGkH?+?zOPuRb76yz=`ep6RmGhrvn<Y#;k
z`*k7iz4#l7ih^c|sjd0vetLP&I=2UckxME`g^^16u#z(sO+-;t6CHdsdL6}!zus#j
zleC&rUp}wj&t1>A+u!M-6*ft+VzFq{n9RmV#)>r&5S!m#8S~dOnR?%R6h6SEF%&{X
zj3h{*badT(Ay7T@+rzYQqOgtA+wTRHLIckjnk_*d8z|w>K9t0fRK-&hPtUqH=Wm*<
zeVxPZ{%eOpg_mb}h(A)Oh=_#wy(Xg^0-vXp9M`#yb$z&`cq;Mi@q5nuyl)@RSOA$Q
z6q!vZslGk@{k-hm+3neM2hobED5#PkZ#@Q+njL*zuiPR&>@2vX3)-kyUY_2&+adB$
zVHgKHuZnNc&!mJUR8U1U<NKSwSpK{`<Yu0~V7|pFkKm$ekflfS+-W?Y%JBX7Z)5n#
z6}U%tFu>PnclG^k2+T991Yq)zpg|KbDTTohEx^Fc28bguq#LOe#sGqjNWx11B^Kaq
z%uO|gg+ak(Moi3#u*d`{CIKTEjgT1z+g(Q?0Asb*p}|f7Y=+Pbl9-4N6cq?sp_tro
zhgMmLGT^C<rb8qv072T6wM%jp7|JF#F<QWN0AO|qYeoShrkVw=sxT%>n4Mr`hE*9b
zScFD1h}AIR1dIfhCIgmW6z@yZ&O06JyD8T^_m3T8%#)*|iY3YG=R=3a)D#k}nzb~I
zr!2;FES5xY=VW4b*$tY9C5E*MGQkSa=5Y)nC7H=E(&8)(LgFp3$}DUovJD~oqmS2_
zz^#{0K0Y1xJ>zDpO4Yp1PD66TZmxqas>S)OQO77_cxSj=qvO~LJ_F5;j?VZXj%I;J
z3cIqx>$qLf=8kJBr!*%M!(jQGRYyQK2McQx5~Q_c5>#MH4c^^ebZ*wm{TcReyJdyj
z8>?BDA35zkMQNq=6)^V;5@Eq=tZ?1Me^M#R6>DIh16FI`1ppcF7(g6xTD$60PUU2E
zy!c&L*E?07%>us53wgM%(c8Vx2s7CF>}~7|<o6wm9P?_Bvw0k^v$Sn&G^;+*SGw~B
z%=y@YFmLCpU#YtpOs}e>UH00yC)Kx^#{EOq*BttXZ5`T~DtsEN`|T&1(A7_Ts?Dmt
zpICZk{h4>t{%5|c7K{jvBFHE1Kv2#dbWXBprS(|Ml*LoU?CXAb{_XBQ@5(S?kM&YZ
zW>;cP`}OVJ?xI`z@LS5ZZszaP)mvW?-Lh}o$;}#OIeO9hw_d){#EV`B>!b8<2-Lc-
zx%<ApnU|Z~!Q9LAtFGlYa9-0IFSG8)v7&RYpS-%|TCZ@mVGgU`uTkx3aO*!;b<v{}
zt;&(#!*9LY%X!OjY6^s$vmX6755YceaS!zPl`azp%kwKFM`N-#-+q_(=Ydr7HqX(8
ztyjH<>C-$zyT18XJl(a|)9#I4-sf)a$WCS>@?SUci=NjPoj`rrnVS&bmVJAV<Z3XG
zen;o@@Q?>kjbp=vg}gUwZZPcAP*D?2Ap<m_M3k&VOtoHiW@wL?9M{fo)62h#6?v(3
zf!jKGns!r^aO@P{n7a~m?8n${_E3YYOG%8(_TAcg7VsL)lf6_8l`62{vJJ4>mECII
zUWzt4WwUO~JKjNap0RhEH9oKFpKS~-(t$IQhh6zsbCrX!WP~7)2ohfJwOnVLs?}UW
z<)_h>j(zu0J}eth$;b%xkF{^IydrrSK1Rsu9`<9(mz|e4wB);omi=}2mErd7W?3ph
zscD-?jH((!mbY&oobMN#M#X4tvW|Tp!{ft4sA%|%Uk31fGvdd=7cN72docbjzH-;U
zChwlFsWjU_j?#6I0R)pY6woj?0ZoH$XL)N!&5^*m2fkL5gcwH%i$)wp=PQP)syUo8
z%S)9cCx$M_hloRb_`gTYdWAOh$HYSSED(^CvG0RM9iiK)uE7@gINSpW4Pbs|*pB+n
zS0qB7?aLBKl1U}%ZFjzRT=hv_uN!X<ta-}&<ku-A#0f-}OeCc~xeGAJnkzUxXrl+Y
zR+^L*L|-i-ct=WhT}!zifQaJW(<d9yO#nCE_pW*H^VNeM35V5!mck*w2Lti}_3i@i
zd{tjP6<*#fM+(2Uop*CY!HAMcIB=3-C^KTWjh3z7$)cO_I$4vhJ~Yw_d#^pZ=;OdV
zI;P~Bid!$jkFoRVQt?paQ-_wc)Fpd0;=o?}Hyrfecj(ky&fNPz^o?8W0|44^kV*v<
zu_RC;=7dRB6rzOweV!aQBJy+};2s()Qj{SJD8PtKny|%7e~%B$FJ@NUIJ=HM4yCjk
z+RDwnsh#!-JJ=SVXJ5^Fo9oq!ctzR!c4xK>enYq_7w12HTa>c0Ui_*NWsLRRXDO0H
z#2dcdrX!mn>{qt_ZdFTIH+6lVTOFHsuCA=*N?hB&vPV=t?st%JIY+PQQ!QTK+1uN)
z6KOx1nepqdp!sulWi^6_&Sv&7!vm`_H?icazp<C!b?Iaj6tWkB^hfK*@&_>zj<vCb
z_G@6%oZihQLDj=F!y$d52fkXbH;}@~E;A;QU`m|xLY91TlS#edIAy{{g0wJ-Ew>^8
z9U;iVWkLZsjxTrM_Xl)wB1vgA9wd8d8#XO0nh-_9Z`vK!l51QolB-xrBCCug@Q5=D
z;LuI-T{44=3HCV<)HY_5;t|xYCdDn>G;ry7A<qVZ&L<8elz{BajN(vb2~X2%i;Uop
zOwocvq#|kvj<OOhy|fy?N5u#jMRR8ps8?Hs;&5rr&D5or4)3&ElS&B(Blx*|S>8Eu
zEqgEq85W>OOEohi50Gth4exz<jqzH)b_{ri$p3&Jh&ZIOQHV-5h%!+^Q9#KB6v0Wq
zcb;p_@cHw*zGnl(THiIWgvup@7~6f@ufZ7@$FYb9jvda8U||=iC-2YSoj;fB$Bp{*
zzk*5<W`xBcgecyV??asXp6hhc!neC9P<#R(SRp|ss~}J2HKw~(-u?Xg;Vk^Y40gLE
z_vUBY)8t4~MHNv|63|oY&!!z`chk-Lcj)>GL{dx|{i+mMZ4?de>v@7HdJ3)T&gNUz
zJV_y(koSBx69p`u>(I%ONhCr+YW<x|{Ii{Fnz@?!%->?20!PHksv2sUNK0PeYE$4|
z!So>ZI-Xn)pHw1U^6)(kn0359R8ma=FhG?i6_}$$8^@~iU(56NU&iNIvsiX0A7mnm
zD1fL*1lA;~G?4jq5+;IEd3@Kx?kj7^DsFYpdp!s^cbwKLL5D!WB`_Ev_P<gYA+r$*
z5O;oFefs>j;h%YVXEb@%;}AWl0wN&*`o&aGNYE8X2Q$rJehGD~VEAKIPuN%;<F8Xm
z@JCyBz;O;ndXA)pQ4teV#2<a{uKLaEpxTX4kf|vvP;C*gTS;q4S&?lmG(FpfG89c>
z#SyADD6DHmlCwzy413c113bGASQ+Fz_f@#%;4-}#O+y4xM9CLjYu``Y=Z5~_?H6A?
zw*9Gm(F}-GqkYuA*85&tc&E}wUG?zqPG~K79YRqNRFs*agC(YhiYGq4eE0Qy`n`4U
zx1Dc(att+{_5%E*XeMZ>n24*mN@^^Llpj2CY)8~MRh7VKZ@ae8<v`z_oL8dhk$mx0
z-h+>h-(Gt85r~wCh?9Ex>h<fx$L9}+JONLmL_|aiN%r6n>)bVVVG7!uysrurIjZ@p
zBQ)uvWh+@xzz>Vm<Z;bV>^Uzz;PLkEoEE(~DLhX*&nfUll}1-{x$j?J6VB*)yV48O
zlY_-N#G<*n=c&B+(|hgHdhN#NXz|{+YiCRct>u^jApn*D*io<{a8?7k8Z{M8I6_tC
z6#}7<aA4&&Oe-53jaFU}z_O{yh}<f%i9$yW8fybrNdvuoyfde+?qpvQ1HHGH@NsPv
zX35fRHsx0LNr}sP8v`6MxpQVLqn|xMl&%B3+<14dU`q4d-qGdmJ@WBSHOEJfrlWcf
zj4LBbM#?P`MK)_`7Z_X&<e^2aCXzNq4Iv<+B3UBE8O}up97MtnCkwF((lcchW=y1z
zkf9D-=*}gO;!IRG!{lniqpv{U6gh`XuWt5WvpKO1ap=8Ag>1iN<gfY84s-C-rHY8t
z{h2UQ6#^tM4}SbzK0LdyaD#gjZomV(?u<3RIfM)})pwebOGR>;@TySdY%792*PYIR
zuQ#JpCKJ30)TV$pKzY#%^9}jgT+YcPL%Q$~W>u1Bn&qr19z3OCr%=;RL!=<Sa+J_g
z+po|;;GX^5m@K35vGrz;ue7``EOJXm3t>Uq-w(cmciKL1Cflp-`*h=oa@(qd=W!K}
zs>!X&pFQySSBG8pZ_2Y5bxQS&V$lxUl$*p=eXEF__X`(Yzh((|8ZW2VM{&}X&Z$NH
z^LN-u>*?Qp+a2RNG8)Xsn%~>onz!9~YgbE;v1Z(vhPt>Xg*Q&NgRbl8PhREOGSawV
zx(#sA?#d-0S0UXsue0J$3{Q72Pf_i<&7W+N54zLD^1!@(%LaV=<k+vg_dSo)eEHsg
zFICDhn#oYIHkmP12okcBLrN5&Qr_TnK45+WH+=F>m3m{UBYLv#==J7;*?1w_d82PY
z#&{vrm#uk`W1$bt0(Yp2Wzknf=6fS`?$0~Xs4_XJb7?7~dS&EN$os&sz)$8qfQ0J|
zB=f^%gMHe@ijkT$?Sd*oVV2g8T^b{Xhmq#<)p<`)&c{Oz@_@YR+V&dlu<Gk&9-Gg+
z=S@p{n%tQUG{edbq+pRCfdSH*CdnpJRB0<_*r61wVwI1-ea_xB)HAQHi0Z9G$`Q1}
z0w9Ctz1J^pYn$g6!g+T&f`ar>v^Zia_DQhYKF^-JSC;|^$gmaf0rBLK0<9WEbR#TM
z#Vqo-5-^ELM3cHKgXXZ9EVLcaNKCMBGLcz>#1x6B6PSqu+kT#{$yd7W-_*GU-WSDp
zq6qqZUQBK&a;`s1_s;zD%JJRNbh>vp&Tg_Ys-&8g^tYnNYxDZa+;-VHtsMsZO9LBz
zO}u20g?y}y<5Qx;Z8TMT>E^d@W*XigaO&`__s<k~ap1lbs<*uNbf#LQiHQ`7O*Ze=
zUU5l8gr!wYFrO87h5!!oYjx+dcX?Ep6kMvPIaRI*<8@_~F&uaq5RwtWgEA)NU8>$m
zK&WNZs**)f<oC&SZw+p}<l<&gm;qImnz9s`7&8iNq{tC<-t*k}dCMlMWEyK{*<{$w
zQd9-r9uTWc_jf9;0_zD#uSltQv4XtkyR@inzA9)@K7<dk-(p}rYP|RMq~4p-5vsgb
za;mvkKey@K+r@cYtEoZusDw%8w7KPXz29Yb3AXe=cpL978<bdxiR-TIb-5OZh;VPx
zsHC8XAd&0?ub}n0``=oA&TWrn+tH{z+_k-YG_%XM^sKsJ3U8}2RLsO@%$|84eFoV3
zcJuFMI?1!UzWYA-e7?1JZRTehB37kzb2oNPTQ0?m(FDhRmDO37yIkh%k_mTanisun
zL1SOnzFx&$rcY_lGQ62D^V-S!Wi09lGw*$11k|*mNg$sDe*0M8rTc-JIPn!|k{2aO
zB$X&MN=TEQ5O=K`S~$`il~~AscRTl^7rVa_LLkv34IoZ_XY?F)Rr`V@_>xB}p=kY7
zv5t`Sc`dU?*_v;mh!$62Af5Z~S~Wg_H`QBPC*-{wg|taJl4pBb4`#O8Z>9hM4WVnP
zOhDw2yw){Zw;^{(tyNrCGKE5ANGQ(z^BtY<dgcJyt;jPmw(^QBi6B01+NuiO0@YBL
z%G5pH?OD1N><4<wK&`My8HbhSYUO>oNj$dw${|uhrlXUnJWriGFs)1P@15X9RD07U
z5YpJ$2(+3+gn`%LC)6Z`I1@pDa56%gU6vG20g;_yk_=eLrzs4rL6BnHj1urelL!iw
z7K9NyWZmfIx1DJ2^3*}+XV!{fil~aBL@9|Y-{s}^-(P+^&FbxbkZ4d;R8jH6590j^
z8Zjb4`}olMTbp}1_j_|jy#kV<prDzUsv=^7AFtoo_u<%P_4vcx^I_tAYL$jT4rkAI
zJIC$f>iv~^+k4K@Lh8J29dJ)B?;m}_{&Zx7NJL3ANr=%=wka)&h&GE!8nH%XVv^CQ
zgeXc9mXexiX=yXRpKgrK_`i3*uTRZuZ<<J9WTHTye(bY?$)d}P3G+$2&poiUVnAU4
zGp3VmUgeUo6VbR(l;(GL;gw$#$W%>D6v0GMCy!ryuD#yPC%*g-A6~uJ>T4{%K}dvQ
zM9*~L+Q`LEk{Fr-oPbqUNMUWTp3{OhZ8KKjhrrNid>lYKVZV92C%<flGJ;A3nIdn$
zyM24#m}kFz=SIBivKP__VhH<COi@!6MJ*FW)*mE-F8X`6Z0j8BE;mt6O<_jFy>(n1
zOS3S%xVr=o9^Bmy?(Ux8x;QMF2X}Yf;Ig>ua&ULI-2?~_bkUH6Bi|<HdG3Ah{r-R7
z`t8<CRaaGaSJ&>$)Xa2;I6r@>4jlWCM2FIAyW6|mkG*F2u6hAK|Hnt`({9B2TW{}T
znMEwg;>T~q#F`QA$)#6`%nXe$C<oHIbbOyyNE#ypfFj0148Sjsav$DDwYKgxRH-IX
zr(v!tq>;Psw3n|LXy8MBJUt9<Bf7ssBi@^BejMfw?{<u2v}eZ5ai*_(f4(hH{`s?%
zTtm7mYgNP_8-Wk!2gU*#6ciLhp{>;qHkZ(l=avY>r@GM}o7yVq)nB+-BJ!yp&Zf}{
zP6`Hb<(w7Qk`)uxu;XB1zsvp^(wZTQ__!Pdz-Gb3AT?MXeu8_PLYG4xL<^9IK06W;
zY*WLoEyLX04#yh%BEynn#X<m05id_FnF{f$g1}3HZ)-z(HzrllL-~lXvp3AS4|DO;
z(0a(^n-Baaf5<X&WG6G@JcSR3g+CupZ-0P4JRARUPaGSI3iwKU_3=Fu&$i5?>tVz?
zW)B&4qJ7!|86~+GgA(yyr~-J96eS2H8xMM_`b34YNT%Cl9Oj;Kew-dPZrcoNw7eo?
zxe%KGa%xh`3Px<w?g7RC0r_}}*ec^b>waYtQmcjdf_VGO_-k4g7xB2N@z&7Ydr9$E
zO#8N850j7@c&H2}8WlDm#yB3`IyXfJ$Bc|vnG&CgqR>!X1%F=NE`hP*FwnAvZln%;
zH{FT39|rQ%mFh?iyKX-oWS+~cC^tmOde^dv?M+FRdCI7e&X^$$m3j;dCM5t;qWUIj
zDB>5dQW+5t?~<|9C$F&EP|l&CHV||d%^A3|M*DWU>9FgYYjBQq=?YTGcU3D;+o$%t
z`m?f}vEr{ueU;D)MYf70{Uq!f*11~qS_gxCBj=_PyN0d`_T>5+b}gqoyDCp(XQ4?A
zx2z8PMf?1GBcWK=v}7@ng_T)%rYuzjF*_60d?oS`&rS#P9zo@`)h_#X$|-w|_Ie#Q
zLG?985@$ytE9F$3rm@WOMHY<)a&^N6C)N@I0U9cxu(F5~lc8lEw-JS-gQJdxU^%5@
z_NrifW`h!&p@wG>j-9)pCDlSx?PPU@Q2mNq?!v;V`Hryant64x2cs2h9HnP@S`nov
z$6}QsijX3&{YG}VdAqu)6Z%?_BCW_G`%a|mlsid|U4HCnSM6>?7oM|`vFRLsvPJ_?
zRELYWFuSm}NHxcbqG`>kDTRcXgp!raIE!61)j*?zv&$s2n9@>%Np)jGOkJl)NsK^f
zLZlHhM|q8%!qJGPey@<d$=tQXu`(M^kP?{9SR<&ZpPk0S8{5`QU0V*x7EA3kUnf=E
zwc>fVTdpdGY2i$|n5Jp2QKgDatIB3k*@NfWV4kRxx=@R&B}&QT2FWcqOiOitC(`bi
z?OrU9D<YWUpyKY_wJQ=&t!+M~sFNnBQM(Y|L8_jD!b)-^FZbu4f6~uay>7#`x~_Ax
zZwQS0%ghB&Kk(G~kl08+4blXA(~A}(A!E#kh9I)emDb{>r@=ip{-}N0_ZGLbqq6W7
z*LbP^%v-aHWm5xEc~lmZM|7W<1>gQ53C+#QI5HEN9mWtDc0#({z_9MlB}kh@;`q5<
zQ7u=Bcvn9oGACs>#bv5XBb{ghp_h%73Ya@CGSNU6--x?Ru2Ly_R!VD@@gGPVi4wKC
zt)|7XSR;7O0}Uc1iMAKKR0$Zu<-A{o_?&r9`rZ6k;P33^9uzNpbtYX^O7U4OvLa-C
za1V#kVsHJdPW^KenR+2ZCBG?7Ok;TLKv5x&pjkfSO-$`==nkltF0`PxYUpwOPI1}G
zWi;=0gLBG93GYDKViiB7&+m-eT#{C%W)OOENCJeOxZeh~=jBU$*=fm)iTg@0?Mec6
z=@|_$A&W32Tn?i(aKAeEIw3s9X0~VW?aO@t+1_S@g|cx#2lpN_kB@j8rUE9Z=vOlu
zzT%*dI1;zC?vS<14lyX;h%xg@Jr%6At&mTZX^DlFq6L?~C|jTDx(0_iPmj9s#dB+E
zo}*44-KZG~gJcQ6C+gP=1@T9Iq}w{NKe;1ymJRs8=P8YQLdb4=e?pJjd3?NnoO0qC
zNqa7J`|d5z><2EvPOv`|eyecdQ<?U$qr@~^HerNVW8LN;jBnzw)c?RGOv}t>>Sm;|
zYO`|Ua8QjB|KM6>ug#<Al^WT6k;0GWxJ{)DLx<=Buxa`A;9h`iK*Lw(d*68FxgK$P
zCBB%(kKE~m6&1h}1JMH<iPmi7qxqMZTA#_5F8EH&#2xibtp_D7xq<Fh2iq=P!P1Y~
z!;_rgk71YF%fu0KqO{#NDWn9mV=i4(GB#3R4o0t5o|Pwp;Y*&<+$usjJfIgz=~u-|
zui~Qz10ppAWcF1TnUiO&@uY5NJ)!<g9{r-DpiC33fhrex;q~MDYBj~_sI2XzNQLoK
zrHqTx`-&*vb`#094$-0vPcT1!>y~aBDgD~kky1o~T@W^9zLVQx$LqmODE%s*O7}y+
zN5@!!_j7UxR2+q3*=2$sMLDjXDh#jaxm%(ht=4kqGQ!foviW;JZb%%ag=g%{rE*FY
zuS*kI%Jmm*S``-s@tVRrh3BbnpT3KA9Sudnz0wc+2OVs-NgBCo?aD#I^<?vEaRz(X
z-VV#|@Ag;2sBqF2U=~rSW3d;-f9Q0uf;k8mr~Uh7D2gFqx2K=4VGngQZOIW^wN2d@
zOp4=jb+l?@!>Y!vjo4FEpOp>~zX^#=O{zMwP>;r(?u@2Jm3G*4bIX16lGaLmK_qeS
z7XAJk`17@d_P<=&x@Ap<U248XC`&P$((IZ@7uwolH9N+-nv7!9k&Eh^pL=Z<V-mDg
z1-oI1=Lz%>j!X<SxMWFU2<~oi+zbX2$oCPi4BuW}z?y@`yB|%;32PepC!KX|5k2_F
zY0&7$$Ed7WY<Wk1R1(zhC@p{1rcOsWZGF8R{W9BQ-AK{JzkNjn3H16-GU1CBKlg@6
zqT^M4GYXNjbgIes6K^2z8T-4_aGOnjf^FqQ!Y_Sob69Lesg5&V39cFP52WBw2=heM
z=xlvSdq$m?wz3)11-Of(d}8W2H{fITYn1J)LT-JA?-Ik4`^dSJOf1?AlB+|2=Cl4E
z8bf9;vk~&J=RDVAt*KGCc1oQh!j0B^6i%Y`q(a~Y>=0PtvXninURaZ@3Yrf2*nKka
zpx0D#y;n}jduCs9NEx)^u&S>Ul0-|Z&HlsUenSk0;#p6cXdq)~85XUB@(l!8IL8$K
z7$!^q&F=_3;L5t-O$ox(EcNTY7={kvM-YMk8}Sm!6hN#xV_5oY?gz<;-i4EoL1B@M
z-UIyRb;{>Udqz-elxB7POqT)^K8mB-48pS#txn&;h8Ulth$_fSyqjmBVD7mMIB?2N
z3RG94%aWQrvWA(pGl1IhBTg(Wq!kS;!(Sh=Yi7N5la_Ybg9)FiLY35%frOe;5-6}6
z(!@KV$yDR)xh8`Z9Q~Q1SX>Bt;~!?1z8{8nE<CubkNpU(-;v>*A0Tagt7=3zK}K#X
zc~}CO@W=8>Uo91h8Ttss+RSmBp9|WU&Ski5ygaYAy#G?8^Odb+|1ilq+H_!_c&jxi
zprjv+Mtdr*ToGfPgsOm7HUKY<O!_2g{A6NRR0kcyC+BK9v^oKgP@lHB>ZxAa46fog
zd&|1Ffg;zq-=v3h=!TfS<ZT_!xZ4k36`<0#)!z@edMcTw+gR0ozD~pHO+H=N8g#X?
zbL;9s|5P@z*&{Xp{`~bV@N*y(W0De$jF!qT8HDIO1V!-u!NP#BU@vL_NXndeE(i}D
z539#zeo+bBQ)X2-AeMnz6=^UTeoh-#TD&^m-ye?E1j|O2xgg&i&?dw5Hw2^|W1qBL
zJb3mggcp`22wiy9n2ut-f%;F~g18!){h?-;P!=i^{fqp)bpw3qUW<8bz4$+5&M)xy
zg?DkVQu=WCS8A#dHsYFOxD`f_FIsJZzv)X4mbI>pePy_{D%%EU^myYgY8soP<C?z%
z;nwqfW7#!GC+`J~@6zr$*ReCklGd1Bwt0HKdieC^(guEZGSp0&b&F^+XBoMmqJP0W
zh`?6Nyj*pe>(`GB5)Fb81ugB*?~1VFuC}=f^w?O3L;ylcanjRmOMYnW_egGterD4$
z(~IF)j(9Ft+O0eez@whP6Q7c`BYukH_7<^D-?=?9&r$E!l#F4*pTE{SE0McKh~kEa
z#XhID9hr0`)HUJw<yp)%X5M*S=g(fwc7q?}Fh-_1Pe~R3h&72G%GirwRP7$}B;eS#
zyeVw@WZ}r(_JXbE^%CN-sZ|tsvpU{}GJu6Q5WwISlFe@m2NevcIS`ca(VCLvPL&Qe
zx3qjcq`Z&zg#ZQE=@G^yOPkG?LX!kDfEAeK7{}&SI6?QC7TI{sBEmA1gQucPOpu>L
zH_?H%T*EMh@K4A4_Bb4<V!iF#zWB5^8Ekt?j_2>STC9I(j~X~GC9w%uX!8-6YJp||
z5vW&quS8e;pnXFE<|HVd*E#l2AW$5dxxUIf2mkb^fW1wc&t>VvJNEmIp60iN1NekW
zQbR**;eQ(1VGz?sMxcU+u+}dlx}}~QoeY#ebGzDCxI{eXGW>3>gaEfxmOi!89Nxet
z4`qeSEu$AMI>ZYk58t5mpwq?i4xYEy;14g-$c%M<Vt71${3>L4wf`x>2Q=$iFwnBH
zZ#zWJ%;Ijd54&P#ROlki9BspCyBx9X?d^%7VL2PFEEwX0%6t#f#jfWM{te)wp3qkj
z*r#qzk;y%{a~Crrc>QeMpURZb!96gf02spLE{w<ijuR95BWXU@W_6#=?)N|iN|dNW
z(VKfPi=<IiQe9tkPErSmd$8j3kbjl}J8m>O6}G49%^UFQSo=3ZQ?Kq~5vdqBH;&FF
z$!!=I1=Kh5StMZDZ!6GVvBo_4K0WxO>04~B_)ILnA?b0{hw)L?fTz^EPpbAhqlOno
za}6a+6UKC6LMOVBGLD<s713Wd7q#OQ-}?;^pDPPSz<wvWa0?|D>+<<%GHCq(E1A&>
z8G3HtE{~qsQyhgaK{sw~S}yz|<L=5RwdW5nvg4%N>$;tjE82oT5TSE-nQlWBJ9)q4
zrIlQS!%tydKF3bG{JxgfW~r53q6MRny2cPj7%Kfmn-8MBy>e^I=we&Ob~k5-LN|o#
zCA^Mzw)o-;9n{I@Ge$ASkG_?03k#E^7|SHhFCprwTfIYAz6Uz1>jazzG-!PF?lR#E
zZD+j;9uJ$<EJ2dUNACC`8`fu6-+UfW<wWPyl0=WEr#4R~gs;inzYQg*XlK+P>=eI!
z=j1K-<#-$PR-T07?_Cpgv%jt&5J)}XCoKE~0019}N6-X>fAP?S1pvbT?EWkm`6=)d
zSP69G0bIt&9i+mDFi)q@{4Xg~`AnRj(_du*e&S!Be-x1TrvR!vQsF1y{Ifw-R8-U+
z0RTAV|Dk_jd?e!+umV{BEr%rk-HLw~{j3-X>q<JTobsqO^1mqLsxki?eu@2TG^+f6
zn_|VEWz9q~k*)nDPayJZ^AGyP%0$i0M3qNY@{fSX3NoQ3g6z~!b4WfCa99DTxeM#a
z{eMJ$@_uy-e*{$?uz)}NlSCFFYyD5fIJo)%R1LravK$Gh^8Yb~B>n+m9G*^Lp<JZH
ze|7dB_n`^=Ec`E@{M!%0fPas~zg3a8=8;ZBmH$a2y)4Z7OCS^QOC1MIU;%$&<R3Gr
zxj$w8t5v@UR7D*TG#yk$rC*gHE#%hx;{Q*?%F6mP7;p{eQMJbf0GS<Q^Q;|Xit<0b
zfE+7aLydpre|dy8N9Sit{#_dYfXDMs;s1#VL{R1boBpNtAM&T)klzIWs{F4mplYz9
z=CUGNh5YdHq9R?4X7m&E|D*6fw!elQX%A@vDf<6|g<n<Sj|(Hi`@aFHgo7NipS}47
zHGrQ1f`Sa@f7<d77XU!h!9kV(5AjbR{-cxmA2u@baRAwhN;>!>_#?<s|4;BEbp>hw
z$Y{#sl>cQGS%Ru4&kFd@kA)S0^FM;|KLh{M6+e59s==x8Qvl~@ED7V!3Zn@l`@pF^
z@?UO74jobyz>4%2jxaI`{x|$I^lv~$#IJb%semf~6aD-t{-1!1ad`kh<8OI%m496z
zS7U!cJTzSYO?LOzMa;PGU#TJQOkcjUtx(1fgdrs5vo#!XUAEREyM8pmwZ%kX=V*m{
ztEJzF{5TcrKIBy(03<j)iuc{<bgIIK*937UBeJnZo+0}H;I?Z>K9v1wI%0?g+x7#t
z8i5gfEeNlyD&%zYVRnAljHORFur~*E+HovXUKbM0?Nyqz|GUI@ddd*h>&^y?8@RNo
z#$fJDObkV!Nq?9P)$ygQ6TZWi&`L&3V#;VfQDCq)Ud<p;9HQj7g`y>&4eZ?mtOo0<
zk}Nd!q+}@ajZuWngx(U*w}q)W(n5evV}SCALv&^cma)hit&XC#kNztfrGpG;mn<{;
z4;o$aY@&rb{Megc{<0BvO;1+VBILg8Qo_8>Amu+0T^yc~HC<e>j-9X25Z)m+9k}Qn
zh}WPI;fT5HIVJFKl%=1G9>?3l05m;>9uP;lPb}Gqu*^oVSg1CZLa766i&gWrChq4G
z)NL$`-vBp;0?1diDZ{@jiiNV~Tz48i0wrl4)yQg`7lT4>GM@-kA<@!bMc!`WE-9A2
zc4rXIb$l(z0=pHC2j8~JNZCpS28^A^4*1D#uv-@79<ZXSZMdI#N3x+uk!L>2Y24=|
zV2G3*U&w8M2;{~huklK}MPpIgnHJdBo?a^LF&D8068%!?EAK{&s5UU3+jPvbXOhr9
z-F>eH$hr{g@r{fT1!7!L_49Lf-l&);y_jQ0JoYz^E_Nx$kr+~bIdE?^u#F0f_(bm&
zVqg4LD#bkszc%pueWlyih~p~H?*O4caq?gW?6!gGQt`B%hQ)S1k76{I*wnqBA4wHB
zJ|vTW@19>O5euSsr?2KPl!%g2qJ4O$m7=zTF7Jz-b{hH4ZaHkpmgkIFSe0ZRMXbp*
z7ZkB(L#T`12RoPBW16cHQJL`$pCR{o&!I|<5-(q^KSwP<xPm_qU!;?yE)jxebDM_A
z?udU{Tmd-PHBS&=p-u&)F}6lUzvg*v314L-xwf^s?EWUnsQHD-skh_P0h$Rl(^m{L
z4~%n3MUsq$(=;v$jKGD<$Q>XkJz|yQZAKjPcW<>*7HrZtuk=Z<2SOiv<dt=lHn3lz
z-Zs(24)rpceVRy)XwpMh5Kcm6XmXN~3f5JPCziD@AYguNUNN^{-Zi|SIJGi-x})G3
z|ATBdfMRq`PZHjeAwA_vUfr60gK`{6eE8d2Ocu1@<R51kdOlNX!((z<h?Yww=l&y%
zb12mtX@9izo>mz>PT>Rp5QE#B?VHZQh**PQ6IC675qgH4&vNJ&-!nQ7y=1%TU4;yx
z#Ck*d{l7<urBBBSt2&OvzeHS+P*fYhxC^K+rNZQicsm4=)nJX{){tE1A7~dS_qTB^
z;>ArU(<&fa!7HiIm-vzPT^Eolf@b|J^C4w-5xd~vG=~u@HqWvVRF_beEy_^cmHN3h
zPxJ+jym`IwYWVmQ7~vEWmJZz8yH7EhEhS)p!a@)>zE$ewgWfK06X==7n)RWLH_cV%
zd{ok&PGRE<h6i$yuayg#@52N#=TUrP^8*;Sf+G_pibSm3`zJ7c!iX8cTO96`$xOu}
zo-I+Strl?iDP?AC7%UR!b{z3;Ktz1d1Y9wh`dR%nQ$PJ`(deV(S%Ky6LO~#@uifEg
zD^<*ZMII??0Q1PZoMg<%)96K(=~Y7~S~u%($#*_U2FQC^V$LxlaK-12s(rAXv+hN(
zD3f8+nBRfJ5==N&?;COf^uLelnSX!gisqKbPW~IY&f(wLNcyixWPy{u%D-0XA)FP)
zB-Y4+<nrXd+fbQ*zk*=5z99cuH}zG5ked<YAMF}a<xixozamK}F6x;F0m`O7Ekls(
zJOv75uKQm|<u3qbv%eta$v?>h6cQVx?k7~{L8N7*N*~hb<Ij^j_g?~`ND`^?WK3d%
zY{_3goA`HOc~cH&6Wp2kG|Gmtb%dFV1MTl`uOs6zUf<oE2(<8{9BGo$Mm@<*hV`x>
zj|j9&Usrbs2`zVlK@3Qe$j=FAX~GBqlml=9v{XnAo2Jgr^<ZAr@I4@tFcLt(48Xw7
zlLr7e05oXa2Ot*%64}9GV@4p5_u|qYDs?XHJt&poDTbVnvUe~KIykru`|!#;2nu{&
zH-iqt8AeBtHceK3VgLXW<hv5lCLN;saxif}gB{%(xaCoLvS+rv%n=q|2lDH-3cQXu
z7zR9wbt15AU&2F$PZ5#a>kQBIVM`a#{maumg!c#On=*vl3j#PGx?b~9g8t?@;^r*p
zB%lWKdpWIl*)42;C1M9_dPHV@w{92>dT&LzJh*ahMkU14tK>WU5b<y_-b?4+)X_if
z>mltQU$&SYrM27|RuUq;o4y<V60@FmD?6|y|2#tE4Src5-?<)W-Z?7s9vl!G-j90d
zS~~p^x-%H`>~8}HxF5JgAR=Fuu~uFOGd%Q`Gl2FbJ@#Eg!WIor4#v9k-rDt;0SLT=
zhhz~66)OZI2<{IN0O-T|w&z&0*v*-m4O@?CPYWz)KQfdqZ18vp0l+%I8~Td2#89NU
z3+WLtP*MDZN%_qtJc0)E(_5uZ1%#L6$Y5Chv}dxkbbBO~Ufkg5BgUxgiuLUkFvi5j
zp_7vmASj0y9R5PPWAHo@@x1Tp`5h(rZqrH{<OcHfaUWRkZ9?stCi41bGgBM?A)H}(
z_y_9CQ4n?0)`HNBAg=`Op&TLn6LP4q!jb4Z06<gmG+P;o6;T#|QjWqe4*<|3%j}^y
zAHzlfM#Ccj0LsDe=`pGmym@4pL%#y)4HNJ+980>k7h`gB<jltMk*geO>3_jb>uBT7
zk;srJ*jxPwni$$|MgUJw)(hwld{YPg!MOm;T0m5dqCF=o89D%sK#xp8Qxj-3i+nmt
z9$6=6Y+|{3-fxpK4L?ulXU6o5tBVyy)SpBiktPAe)y#~lRqV`}jto^gXgc+*8wxn(
znNB3enDPK2?+?9?uU|jOQlMb`YlsW-`j`V7=Z2B7^_iI14BZ3+{Rc;4eQYu+B<eO2
z68+l@M{;6B0)hjBL%)FnkcOSh%Oz4D2WS?F)Mp{Z)-PYH!O>yN<!De}sTYYf<W|g$
z)=%!e`?kVfS=_mF(#+;T*%b#Q0a9R2yxU1jt1@VB2U1k2ZrFFzO!lnS@4Iu7W>OWK
zXd2_{S5wAW>f@?L(pb8wRC5?N0acnz(%i+kdaBH~+95dxz{>6visx=iid^eliVD=c
z@@hbZ8s!Es4JF2)$~_Gt3dEoc*?trH;4#`W*>0lJ=m~Uf#7s`3futoiSyrZ~b{pIG
z?BrqQlIFQlM%AEJDsU*cL6Y>ViOXqBT#a$Xl6N2}<~?E%-gc8N4=Tu1T9*Pa&7C*R
z*mS~uYM;Wuowt#u%Fw;a(}Y5$%fo?+8DOXO`wVr;A6_4r?zmF52>vG7-2!V=zWw$R
za!G5sTQNV1J?vbT7m0$fy1k7%>BB6)C82BnQFDE2=2|Wz`^n_!s^psC7JSRlJ~JBC
z=-LsnozwBw9R`Eb3%&)}&Mj1#=`Blu%%p6(zB_+(A2yXvz@v;~1l$~tf=r033SZn2
z`HdWOb)ddS1IrjDCJK;ER-aIwbtV4?f(p!>P|w{kCVE|mEYYQkq<oagcWXl;N0<C0
zhbVW<iC=~=Z@Rxkl#09&pPzk#DTvr9Q)j0RsjH=1J8fZwRB5h{4%>L5b_?=#`4$JA
zFj^V<>cUFqD{5mkux<S--)Ju^1i}z4&DW(CH`Q3UCp-0T3ojq@quI?5g1VSOMk;qV
zPXP#A@>`S%6lj%S$=%bkhP?RY2zOWSiMOX&p)dhPb$NZ0{${%oi5z;0e}WoG!2+0v
z6c5D=5wa`;w&9V2V~bTj0zWf&(&zF-Vn5RybI9C&5^R*C2!H#V-iJi_Y(?VCC^i)p
zV-*uW@oa&L<M>w0z_hiO(I>!>27^YBtfe27AEsI+z>eWTeHcgKGh~8Wo$v<&tm{#6
zw+h-<e77Wn@ULh|J{T+*Z0v36f!vr1YY|v_Hb-}}jpBXbZ<7mQPgybU^}w$&E$tpu
zG;-v|EZxzKOMZ4VzrYA#pgj(;+5wWdcyK)%idH#u6`YJ=68V?~`~Vhjj`Q^rddv^c
zhwO+wdm3XE7U;va9P<}t32dY`z1YSI`j!2f!S89iLbqfV!r)&?2UAE*Iu$oA3gh4U
zusWAsOCQ|#vp9ZfPfnz4s2Fa0e8-VgL0AyvZ{HFaDM;9Ek`~mh5Vmf$r|mund1X%H
z<E9j7SOC2_ci6R^m>4M4O*^v$YcBYhS`38srU!YANspcC3`i_`U3-o#EiLUg1o?|^
z2E-EuGo(8)yk8t<ux|uIMB=~nZ5=FKV5#hy`sHr!{FxxieNaQUmei3sf%z=BBk1g&
zb)pW_!Uq19@|$aT<J;d*5M`*9t&JAnJwlbR)-@|GZvg;tmRvD|`EU%cRG>EVrs_@W
zdSVbYw|{u;9%!IZ-z;KN<$R&B&1;EgtNvuj{gii7cfb*Ti|_o<U1TiHXJ>MA(i8|+
z0v)N*P+P^vkl|N2&IKl(hb_yJSb7o2JWUpGJkUCN6MPIXeTNxU7Mt#duIDZ3YEieU
znE6=?q)AF>V*m$X^C!gBqSWI{2V-0#B45d1nz~*D``c0!T_~H&fA%pKwSTSdFZeaT
z%@}ukXqDB-jwvAwK728wIMEY7Jm(^kH|9*R>M_uYuVX{lSQPvqb-!dd%ZIv!%heSC
z6KM@T+8++N#@YIMF}X$f7PzryLZas{K6SNO+Qn6JLDpNbpBQwaXDQmw?0Qs7JX%3T
zR9F=*J<1d~wME+NDG&M}m{MKf*RHD)c#5|kQKuiHOleiMx7)-<hzMqu)r7-W#@)qY
zj=J>WT|#LX7j)X&m=>P6^1Be!`5K&jO?@XOb5*LxO!Yz*Qh}Y_OVS15Vo@yuw)gi4
zblJ}y!X&hCuL5nw1@stYgFM1CI|XPLJUGyYl+iI7M@1-2*e%y0w}1P0slM98q{4?Z
zK`t}Wxgf_99Ma&`Dxo*cuIc^h>8@L8I2*@>Ej#N17Ol=A>k5YD)BJb|xZ<iJVv9i(
z@3KgNQ-Us(j+4Qo&3<<o9@G7v2dWgjggRPzBi3Yh^r|EjULuWF<<0Kh`l(}Q!PU_z
z7!q!ZgxcuVj_Tu_$uZdZER)f=fsvnB=LoNG;xCsNjCpM=uo;9IC~4Zy1kL=AlW$>4
zaU{N(IAomgQewQtCZ=f+EsAonQSF*vo6nO~p(?ia!_SaxTWc*Vj8sk*<hsq%q`@5W
zctzMQrWr_`ZD8){(atSGyP8&b63ITsD&0@1Kc<+E16ZlR4S~_PX*%AG&(6dwrJ~r@
zo-nK14))gR$iRb!&<9#0j-DoWmP!k3N{;)F3}fYsI$5#^N$^;v^F(4h`9vOgf=9(j
z(jAD=zG~%V$r@q@OH4629UYuzPi4a>tsy5`wpB9B@_xJMnX9v$frL5cXbIElFv(hy
z)B3v>&)MUpQ)`ixoh<w*`9geJ^GE;#VPm>)mN>4TnjeX4<SboeWTbE*&bX6vIpBbr
z-MJVSy|PJgU`*grq9FxsOGb}&t7L*TI>%$<&YN~JD2<s@b@uToDVBcgI$Z%Dn;eG}
z%*<%BUt^z?<htGqwC=dJ?KIb6{siaOh@NF@qg2q@8(Xtma|?(<$&`*-)4IXN=Kgci
zMDGQ;Ma4$@s}dFW@50FF-{Vj)!UKMmA-^2h+>A)p^4Gug(JB5!?hb#{t6RT(dEfey
z_gC|TuXHWm&aLN8p$2;6pN30y9Ault{&@T}YR#g0IF(^;$Kkyy?OK5h+m=o6_;Eoe
zZ!f?72X+V6ECNf|HfYV;e!s-Z0p{Z8W|5vO&!EJ?Z3{_g=p5yMX<n8c{Ag(`;5ykI
z+zB}?QL|6}F}J<P;Y*vqd8O^PfPOc85$%k(#Lqj#Uy=tZFtLHbx~rV97WZ0~0`AVz
zY2BP})h61~jOI)BB<{PEa@_q_?ll%%OiW3JI*Di(+kF%pw%Npd6ZEU1Pt+3QHxo_^
zy-J2g)r=2-60WPPKv^@suZ^~Y2~=;GVS7~t=HuH^U_bLfu}+nT{(!~=MV-Q{VWPm8
zlRSRgn}t1j6I1xs^!ug7*hMF9_Uiqy#&q&H+TND5%&(pzY-7AzkVO;TRxM8lQx86B
zZ;(-6&gn&l7-Xo89<m_@G7=&53RG?2Ic_OiX?3m}<_Xg1UPKraA5g=rK$?H>THr!x
zWmF&_;BKC^yXT^~OCw%MzZC4PNeC@3lj#=7eKMpe?Ts<>{f)^w7ISWA0kNO-wE1Zk
z_5h8Aq(VWgyAEnn_3lKC)AiS95C~+EK>Lm&MVNmO2^ls6+eU*n{Vvsk>nkl0C4*2H
zOc=x6^Dxa%W@GED(eT7?cjeKr#?tu;ws`Xo99AYc;`cZi1QJ(X5)Y8}K`cxcwW#~U
z^pE_2!|<ESK?w4gPO|xm^bQ6Yrx1=qJGdT$omt{cx<4UvJuICdZ#Kf_-QM0o*e?JM
z-wfZ}9C~}fV1ok{22XGsxb)e61gOyV%m@aBU+zIJ79cIKkc^-cTN4JWf=H9L16M&j
zUgcR@<+hzQ(t&4N8u&Y+oJG#QY~nE%6UbJKYT=<+k@``sVSHvL1jLj5%0yC;0RAY|
z+%r$YMz`WV>jwyHVLH5cow(|B!LbN5#Hxy*e#he?J%zD&yA&27zTtN8x`e~u4|x+x
z+QtCSKh9g3>wZXvPKrKJl%PXC5ki0x7OMKrmU9E!CD8UJtRD~<Vs{frGRYX0_WekD
zRfbol4tM=Fg+Mp2M#G+*^j!wA0+*8$uI+qv`qSN@cv-Q;!BW3twoyXqe1Y!bnt>f&
zppqItdayI~pvH;qw}7K8JnE?CsAZp(aShC87FDdA><aBBtwteM5h8A>*i_jw*@%at
z5~ZxD!noY$2zKMonVBW#5!ZvYNhdPPjgwijRPnbvRn`0`r83G^yTt)d7gz@)A&m2w
z9Wq&1O}C{7gbzD@@8qW1S-^s)jx()qnIA`-zb10GCES<<72jU1On6K$#PX{q-o^DU
z3mq+iU8)U-t|NxQ-;H0__r-Z(k0gv|6g|^Qsd!O1U@`(-+a9E>Q)CaC(tNr^4{y9n
zX*#YNwGHLIemRkL^)xIU&52oZMqQ8iN^aeLE_86sO=FxGS<zEZJm<l&qQD}E9ks=|
z5@Sb_=y21j0kGS%%W7KLg;`Je>(6@-Lx*)gTLl{M!fW<X88hdE1Zf8r;mt5zL>$@;
z!CM=RJ)RXXM2vess7ZHTGKNx)h-~g2tDVXAGtUpG!}{2$0zwlnE{*+~Zibt^XoKC1
z5k9Zl6_nCBo03hx!2Eea?7OoHq}A{Ee7*3?*_&FyXmi{-uAYZ=6*E6N{w;dq>oB*V
z(3nw(r_w9U1tuW!rB~ailrYRo2y7A~%E9n*54u}FjGXCho2g51_u^q=Mv;rIc4&V8
zW|8)auGecmFxRap8{rqp2Mp^=^aC0>QY<j!5GBr+hJI1nclNuggAVS%?2;~GxWPx#
zdGUEPpglYz36F#Fo|ViPXjvhT$)Go3m|H?F#SepE(t<15`mZ%x2FaDQOcg>d8G${%
z(<aLvX}h~!HE-f;d>b#WN3FuWz<K$3_tA!I*V3z9E#Aye)rw|9Hycc^fn-qrSlMoQ
zxI10P1$~Rje4YB+*!jcZThg9n%2UTReC^fMWP2=CH&ArPYi#$e<VMUjf6`Mve4}Rk
z1qUu&8^2P@K3Dlva&#1Ya;ilMpU2hsToukk6yozQX|nJ6fLrsBA!vKVGW0mmsu#$8
z{ao>>G4zG;!dkW4Qrh3=osw&G^x}0BeNpBqjdcJS$m>)EMMetO8nlLcA=mc6ZxX`Y
z#J*4dE(Df#H@(~Ddf7Fb<F9Ty2snhAxxq9-wC$@lnt;76Etd4Us#4Pqm4S0%ZgR=v
z;GjzZUfNdA{Gcl-3;c%QtINH%{#p@@skH+)-8_c?ZTR?3DSIF564d_uoAn_q+skm|
zR@#)C1qyCoHkKYtrK76dqx^hXWnKi8c+hAuWw|*V_G}L4SJ}j7H=|*xf#i-Hpx!q&
zvRNM=&kw}m2Vox<(TSQE>QHoC^lKE@L&k_2+ncKP7y6Ao;%zJg1#0?Lzr;>lcZM&D
z4jGV#8Xa(^HZ}$Ncau*l#cNG;w)PvCZgYif_%S&x?Nqs1CHM~t*YCgDdhNpLWI7JH
zWV;J0^zmy6EGVG2($-P3*_@8U8mu(9=^lN__4k0)`_6FtZLzg2lJzyKf4b1UQq~7E
z{UGgJIu!dpTAQ`w!p=luMKdm=$V)g%z5uuA=#v+PeOuDQ45Gg{qZ%;5UHd*$2qINs
z+GRis*R5a;A@~{yx0bF*a+T?dHh7c}^=Z61B)=GE&+OnS<J)r9G7sv=TD5oHY;0_T
zE=9#6L|9HlfL?I2M6EHRn2+w>G0y>d3#QB7CN?_((jD)nVo%|F<zY*YCaHzI(rJA$
z<v=u1tFK`lk-<-x==YzuNCewkx?j3S$d9(vVs@+bFN4FC*zYZL5%~pR*D@MPG|%+A
z0GW;UaSx8$gnm-)H3d`C8;i%nM(rltPR%=VQ32rtGnDs4t?<#J9)?;i9FSE0WHibI
zXPSg?rVq>puT@AaB~<w=g&mTU(s7W=N~}*Foh5I`iYm{Fx*#BgYS`!9%Kj3<Tjf7P
zS63+{9Na*)6!S{j+a!1POKY*{oF17fZMXuuQ33dVUI?eFE@H?(81_ha;bnt+2d33O
zAE498ia{;w0<mA40fCOnkC!)a!mX6`{Q$)ZozLQ~KJ9%i^jHfa6Vg0Rq_Q9kwU9U%
zB!IX|6W92WOTJ&~lbL_~;(KUQs;tEXQ*GC_Syt1wbK+)3L!i0KW>^l!m8w7ujJC4n
znm#6I_e+>qkU#EyPm=RAeQ+>W51)4UTb&$sd@)bp7VJ$NJeglr>%gPenNUK!qX+(Q
z``j#dziZa-nU_aVCd&hRHuoxTdu`VsYO`>>Lt*h1cx$(}0O`&Ry3(YPf0eCYP=Ato
z{%+v1{0sOx+cZ&1ZjTC9EVT>WU-TI4^EKj1cU~2(?bU*QG3s?hXy}PFE8I?dJvSrQ
zt8E#38d4Cmi9a~rTZIgZmZ2DBF6a$b!KZYngFAH!?7yF$lx-tZDC{2y>d2R!U#vku
zi<06PJfSfReak<A$^Gq#!0#rYm=W<ZTo&s0<6{)p+0TFtTY>mcCBxQ^Zz~p@sq}o%
zL4I#Ogo~yO*-mqjfBn;Mrj!!kIq~qL;tMkGSn+BX{N3&)!7v}*4DWdi+M1<H9R!X2
zb1%XD9&Fyzg=M}h$;aU~Tr=<>UsChOyzH3FH8+2Y-A>0$iH)OKy<wSmPwCS17ku_(
zU*}DqAbZ)cgD&_90$c3<>(r{nX#c_06>f8C2zRKh&u7M6o}HW1PG8e|C0%D+)=%q;
zdkggXyJ2=(4c&bgpD8imQm;;KuKM}IREzE6YxnlwHyo%U>hMM+jOi%7OmrJbY%yky
z+}ouVWT>v6g5A#>Ix$=WV=e4$^!Ekuo9Hhp<}+E}qN`h9bh4`V#543fcaddwg-uKr
zMqaSSPHF}$>q!)#!A`S{HpHp0S!fu-GO|DraZw7HwfmNh-g<w^$7)fMy1{vj)Qg;O
zvDr^|C(8<zzO~%w4hIz%=drdNe;xwmvyL{5gTJ*MD(5I|kB|!lBnUlh>&1Q)5cP_b
za(_l4c`_4FPgr_3Z%&BFe@8`-tNYQriZy*sz1#V_P=H0{5l#_RX52^O69>{RY1D^y
z#U3~GcCRm~O7k;N`?}PyNWhN28!b&NI%VfP%KHtKCneGpG8%qKU;A;XKF7rMTGn@2
zV)?hblQxbk$w{|qPJQmle&2elJ@N?nbi!}CD_>2ur;C00c?I1t*J)xZ#MmaPO29kv
zu<8K!k#HxN-zdE-i+5BV-<Ei%t<JUdX*-Ce$Seg@te>&dJecB>e+E2tj^8ZbXdS1A
znyE^964#!Tj(%b&%#^;C0NbK*cI;i?N`>MIW+D1f-~7JLYj$OxQk~%#?)_sTlp1_f
z#A~*$(v!*<vlNBXQW7xOPd1#$i+%^ko5Y+|J4U3oyak|R(GG|6V|wtE2yN7AD*B9A
z@I;}|N3K#@BW%#Hk!vW&{)W<U^W&4@4Cko$Ap7BM2h%P6=y&Z$2RIpau_84g>2>K@
zx`e+!`bTp8M8Mu#Y<w>X75zS1EzVoHCTwTcWlBbtmff4(iv`Ay(Eh_&k;zdfhRzxN
zprxAkX=sTALGxM@WGPz)a{H0k;e7k@ZJ8taF4CO93rw&n32a}ROcgN-2!)1$hpEE<
z9GBS&<&cg+IY5W`SlRs`W4urhXY|wm96XqJ`B!j4qA0sLuKC~de=Cik;GqFhLNFnY
zcZFM*|N4&jTNm^<E%IXF_xFFk$Y>swW10s;%o&LB>?mm+d1WN+u1icUsYr{~(dH!<
zDVH@65f<x-9yMc`sCXPMUd6lMn_LE-tJwA^E@ibyr}R5BYc<mN$riBa->R&U`&py-
zXxq{J4$2}hQ#kjMh>Hyt6rz`4B{|EG1FMl4s28TZ<Jn4HUpF3<X^7@UI1*!R8nK*8
z{{ALWQo$!OSMG6S)-G}3n_^OrL-Bi_e8JeNN(>s09AztJF46O%ZLM$_E&s5(SvOA9
zqA$Hww7i*fC$C&`*RX8E!skBFT2@f6Q&D$<Yy0+e^6kv+zfN|eBhMck5!HKYyj!!W
zPgMlgBC|f-aGiwi3lgAim8K_u-O$B1=swxe!i?#U8mw)oEqV1GozRY38Ncik{E-vv
z5qrBmI3?j2Z>TGCGx)I;xfCRh_0|BytC66CzMA#;A^;dudcIGXnQ72s%)$xuMCjg;
z*?6)SF=>}>jNMb(eg(nUdge?AtT)<fB=;A9j;A3#+79Toj)?^K;T_Gcy&y@vYC?r%
zNO=wQ)fIKNFQ<2%v=5%M=-Rbgo2X{t6@!47nwVo5n*{aZQ`1?qTKCARb7+VT)TMa%
zt>iiy6d?&Em$#9UqN(&S^Y-m8LWD&m<<-b}I7NXvSOgq}iq_Z<#`5QDLmSsdy;UbG
zX_$EenhE^uJ?c5B@z`TovceZ84N^0=^<?ZYYG=2}+{1{b)&I1o``6oj>uRaOIh^v}
zji;4E?4Bs`2NcTmpQ@Rsad3B*!}6vUMz-~E_Vefk!pdE@*G#MQV?$i!l?9dY{L2W$
zT6~!CtZXuAd4xDC_pX)m&-Lw|TscbbBYl_%x_CYMPmOK%#+lFJgZdLvKfF`Aj`fJZ
zZ&<{p6Poo>eHXv9h5J3E<g-Ts*{dw2E{R*<@XD;SU!bK9_37&81v4V#8Jgi$@wKFO
zdzsUd?|?<iUealf)WxlO?E6b{8_|VQYmZ{veNCr95|QwTi-$7T9COLN7V_v*(!NqT
zlDnBmW<W|T|C>-{&m!u~-8i;ukI*W|NGEYvtDcr#a~mh2zKK}FfG;Y(HbX{o-2mS-
z>Q@xvNx|Zh{6yC(<5-yCJYbfyB)|`ugR0Xm6ygbJV~NKz$)*Qp%Ji3O!S_pE1)MBi
zg7oSVdL}x7lU^dp7b<jtwX<)i0ZRc)*737=`t}5&Rk3kn)LX#=!thhb3tEK9G9Ryf
ztAQb;k*@S>*4{QP7gOq0N_0re*lfCIY9fJc5OnrtX-?fWv3~UK`y9sxIvY<;!CTpG
z|4oDu{L1E1wV!tuIpbjYZ62PsW2`)-^h(2ytO^Lq-9*mMO(SgBQ6l5|EF2P=A7i<v
z8rbc)hPSn%`c-SqiN}G$Wo=shi9<LyrlEdhSG8Y!$t4Wm<8mUQ$D`#6(BmQVY0It}
z*AWaJGI#^-_bg5dWJ{@`J<l29C>G3~)<SFXG+)wFna{@?vDr=PIOYp<l^#Fstr?@l
zkEG)vBp$!IQ)iHP4rkrN5Ga8ZZE9bg_b(6R%pZ08F<9_Z5R}`MoK{p{gL9R{OGIYe
zSWaVl^l+v?e*UK&@jb@1^!?(hZy96`?moQ?!}yNo>t1C_1m@9_CdIOIurcDdIgy6t
zQ0mhdscit13~`-l^P?51d)Lz+e3_^8=(*@!pze6iBpLZ(Mnuy`*X3uaXcaqrUgBeR
zO%sj$T2}1%mgkXi@z<5s0o(zjIc5?#h2GX%{j!L_@auo_8vobv9*7k?CjYy@`oSs%
zDw8Aj0tYK2+Cug1D5a?2=DCHqE?B4n+d-u)E1Aavtt`i9H<!4Di<p)Nb=_H~-e-c}
zh%JOgRmM{T2sp%`zgV>POJk?QAky;G?kzA~Of-MPlwJe{Yj$Ew=Tv&EY4;MP5p2#}
zewx8HqFpAYH}x6<*@kWpjz!@HeADAw=X<hrevAKf6t8*W?XP=thG(HX*RaW`wzcJ9
z3GWVRMp$lj!#7RLsEv0=8|2&@BRX$Fz?;8^Es1@|%7PiIJa<YTEOS8uYNt|n12;|Y
zp=Y$E@UC5uvC`JDbkb>wP94bE*-MS%vGlY<0sEZ?PPOuC5u49ueMe~z#!ER7{yZ-y
zo|494WLu%5q*5S4{J2#P{Ab8hI(XiZl0MLOH=iMM8-fFuxl4Oq9PbI!lj90_9COPb
zxqFko3+ryqTt5}wgSo%VcMWH1$_0G2VQ2E1%9j6X_v!XCRaJ(2?Rj3l+cM5Yd&!<V
z3e<!xtm!nyEkW1fFlYY)%=0uLZQIynkWa<PU5wv1k-6&t$XZ8J77Lujn7cR&XpG^i
zeMSf%*QkssJ3AXHd{U@ZruYuRAPT9E#WXT3*E!$c&0?gs!1K`dS!K+O$tEUMa_cro
z&j*|fgY8K|x~8O$ckSk_WHU$42CJ`}NFX5T1z*!n>>u)HE(eJEN|C8Xo4SGs;|s{(
zxbRkYvr|cPvxiJXZK~f1ZILykgxyBZ+liNM|E3|o6wWx6#dzvtmIEESWmhOXGr&%=
zSy(XbE#!SG^=D6_1dHW7q{IsTfz@--uW`!jA>z`u;>P&~(N93P7d3_!Ca7F3Vu*tS
z0~MC}hGf2KDWu_1R+^M?o#sx$sGQbR|4lF7*I+b1YfgAzzE|V0@2WGf%sNe5wUQ<D
z5dZVSb5qZS-N$xq7bC8wg@vKKSdD`u|NVK+OerNb>r?S1_*3Z@{@`>gVf3kbXK`1`
z#@b43LGZUPuf(!#W<N=iNWSX`-o>{N7MTh;I4k>^)BJw|Jy24L-7jqtx&t*zGMG$w
zKCl*qO~22=_Dbm&8s63D)%;ZI;S#=Ehx}m0J{kNxVnf@K0*(=yMtS`H98B_5$Mz+v
z+L$sO|8VFftHqLgWA|=JQ4#F^sl~Rt;k`7UuM=P3IE4$D`aG@e5W@!Lk3x)1)pf>M
zluAFbi^f-);GLTfH7Pt!WQMR7MwD&c3O&~gA{4LacZooJr!2IyM4w<PLJJ<dz>Y;*
z$DppMKabDj={m;`0dLKe$0g31KM7rLUC5YuduvFZCfZ$6jeI0hNsbM6Tk{3K2q_Rq
z_H0ER<`LTtR@Txo#rA76v1ibJ6ua0Fs+<z6ti*1$;FAN4EEbN?@iMccDnxYvc!l1*
z(yN{?v>_v-{!EE7wfeT6BW5fh7tgDPgc?!DHn3z8xB+!9kRgqlr(t#~yxcn%4{`sj
z{0gUcVswAaDblW@%U(!mUWH>kQ>aW4-`60upk+pwBefZCjS^2YkR30cG<8?Mep;(F
zqQ{R?;n6d<n4K?w;IYck-ooGkXN>R+Z%mE0I_P-6pIFdo(Yexba|Ng)<@X%w0=-tu
zCoVSO{nr0JSM5#KJaUe|IFr4J>tfnBnXFN@>NP^wqX5{plqpy_E&5F4F;IHjLDGMM
zueN_<naaPeTsO#ND|Vm6IqwQNzX!w-j3@G>Epki7VuqZ&UqPz`H~|Vt2ifES8rA`t
z41y|=%s`6uj^e}#k_Ik-=wRUJM>6ck7^*3&oE+hn`zk>;R(8GZ?H@|(l0U$IUChLO
zfFB>pR_jfW5S)et5*3#g-AV5cvg|bxXHU44?Z101lvv_~M=z!75ugAO)L54j3)IXR
zJ9JP<=A#S<UbM~LQ=hkf1c^e*Com_eglNm5W;{g7i#H690hyg>3hq=<?&~Ns9#Cy`
zPCMuzfI&ka-=`ss#zwom^o_pJG*JdasUCiDu(Zk^ubQfx`ayNf<LE0;gEawDG^2pz
zxVX$HX|3Y~^TK5VP4#EW=AQZol}f77SJ?K_p<CYle3$fCo<tmUfj6_$Y2w#laCX2C
z=P7O{1X=Ywz*k?W<Zki1ql^$b;q{{Lq_Y75YaPb~F^!U!=M4>Bj~|AR;v$()F7+&-
zIWc}Ca{0{R45>>=0*g^^N-<l-TN%;au<=}Wel?d+|ImK9Iwp2m70UwEKZahdqSziB
z)}t%`03n}P#ldC+f1~7TkL$mrhqq&BN&`lT?_VL%l}OtLzK1gACh`To{L!5FFYk4H
z$qjdbKJGco`nyl76$f)(wI6aUDpkY#Qa7ACv*iIzuhdhioAuPvgSv;+qIIxkgK4%M
zGG!?|oK9GWoch1%WZ;DX-^fS4?zmbpd|f6VY~s-M{V8sRoYLZgfmRWZ*055W4E+A<
z({pLaGP9yosz)O87{sTx^J7rq<ldb%t1HR3Y^LC(OS6AT9&_0cPsqI`ucRzoGX(-O
zyp@3w;!v7bt-*oEqo;yr_STz--!Tj{jf7(#_3yv;4tP~3q+M_MuqVo4<gU_reBwGQ
zX))WA4Mb`3?7PMqpYAYG7`x6?%f2RpzK#zb;W*g6qy@Ra@nmph2vTMg&QhrI6}cx;
z&9sIbM?QS$&D0=le6?w#9PE65b6A%#gHn`e0b&k`ID?7{r=ZJ8#*R;?<+c0U#%Ux5
z^E(mh+viYD>#rvNhJHKx_}<4m9%~#(MG&BbBNxXEoyo<X&|6#0`{-$6gWn%EaP>xj
zfwA}tag(I-c5GWOEP3=zLFc3bp=O;A&XF3nVx&}R9zlp20>6#as>-{RVh18XYKwVE
zoSvsr=GPEr>%VG}Rc+`a($p|>Vfu}B{3PHTG05rJCXll^=99&={Ybvd6ibZTiZ!QG
zI}AgX-B5v5XiX<R8T&kOG#Wa;$;8^SZ0S~)#`YyfVaH<aVn?9F*LFmPqi&a&e_9pQ
zgNtkatVh~9KtfevJU$T+26u5K{>G*x*(|rwNjlLX9t|8OsLoGakA3DC5GR$O4y}K+
zpFILoEEJ8=xxqp>ue2ICQv@pY)=7_7Dr}g}F$}kbGpLZa{+_n)nUFDb+pIM4_1gGw
zaHxfSb&V`=Oh{qsPe0`<7B4v#-}cS~j;tETqjV?Bcmx-%Pp10j;&P-bk;9X6&r2G3
z<<BGR4c7rPYe!2CeJYuZgw_VaOHpMfqfA^Sl0#eQge5WjOXoe87rMcrf*gjvezwMU
z)-2Yp7YH!4x(bAfWvI-{cw)g6J|iJNo`mi8w*S-RoV0z1|06=cfRfN{3?pGo{@oJ2
z(MVO1$`GeB7w=GTcEukeq^l%MWyq^{^*Lo)_j>I+B`cm5%GsiubJqCW)0fL^q0-Hi
zF?{)Mb~(%>N%UxDh4n%&um=tNhtz2Eol#WDZiWCQPAij^8Ksy3YtAU6{;h*JR5mDN
z^>jG-A;DT0mx&%NFKt2U+qxsMJivF1T(*rwDPk;MYeX!8#H{~7=oS&iHIfO(d)9YP
z+;O)_&{xneyN>=BRwQND!5upjDqdhuJUOOgrLJ}^CA)G|zE47Mec)-^*t#O~IaM2e
zj3Se6Cq7`E0b_vj8HUUe%r%|Yk8!+BK4e-yk$q!haLzxFz^NhAcK7+wWlyqxFWGt^
zQK{U}TpLUkomP}bFX-E0L_8gm!awqU_YZZkfYd*hDhM<qg^=$SD!x0Z6<nxPqEZB@
zSu5fL@F^g3W}GwX5DBPzJM?bq(UUb>-5rC61Xue11A{<(zvj1hb2yUCdCjds*3oWg
zixYY>uc?jsp|1nXtHX>IA7tNdNY1X;*?ip&%0&o#dZ_|IRg4tF+G)5Hg(OKNlZh<K
zt!0`0kx)|z6Ism6#S=2HAbka|FN{!f55xk8-)Bqqs+{RGjP^jRRUB2=vd<&n5@l#0
zExvO^B#uENfvj(3w{&v32nLA5Dv*&90h$y&@E`yapJ##D-5%-#D&=h<WT-V{Nb(aA
z;20ZHW?>+ig7RvTQ!vTcQe)m8we_-VZ<4wW@KC=~o$CWA`_kay>KlsqQ^mMe<Q+&2
z7SpNTW5pmnULy5%Hfmfm0Hvv93?!UtN@f|D#vz7aga9U!0CsdFlrV&hZU~uWnTV#7
zT^)xBbVL@mLhruqd4UKxfZ?K!PAgt<m&ik7L4wCDh54!V*R;CN4m@?M!qkeE&4!tn
zap4*SK#^{?y7W4yGpiAX^9wW~nk*2^n*>}47RlB~Hpd_YixUGeaMqE&DNEa!W^hOs
zg5-@Cx;=Ln1jIto=L&<X-xj<z#!bDJ3c+J05Q@tN0pUP`0RVUsXvYIFw3&^h%mFwj
z06os2og(6(<KcEIfvPv2yx|YGEV2hh=LI3eT+FXxUKPC!%F)pH@F5QH@bDfU1HCly
z_WAT)jFa6QfKj7|Moh9;1DCdC?+kYFisFs(xVg^C%J3zU2_aGAk>tqsZk^Sdy#rn4
zrOzx94v*YPl}!Nx8u1`9@54N(-h0n;g>ofs69v#PU?2hrjJp)4y94ysJa+ht?nY2v
z9ioO_ih8xf*}}lXL;x=LWsA^8ga}UZ{KYUcJ=^Ug)-YwMbVg<Z4$xVr#I#{Ux0<Y0
z%}l0>J0vh@jFLL0tg_o1fN-NB_=JJ)%=nC|*VMPwi4z6nqavb_kU}CgBgP*k$bB^K
z=t%*bo0FAAXFNJN2v7_GSP3NvPI%9QyTM)zluE#<y*Yy@X6SU!)ch{g3|;2(7g{-A
zm(m)0RPiOE)dbK#Fml~k(m|^RvlYdf{0%v&#HMF5@f>;Ry}QRsje@(B*v9e@q5ujZ
z+S_KBQHU7f8wBC!bo-nL4u&JDq7^hG8Gwo)rOGVGL5xNr20#WOfDrr?D^HMI9$f05
zelb^W&Sri2@k_XpAn~iqyh0<uR)k1U1_a;|MC-lg)S844Vs9Pik3Oo^2(#wA_EDic
z9;Xf)5ElojKn&sescxmf(8NeC2!@ahr5Fy_aZ4p;l+fZ!gBT3V0M2u@otpp#A|Sdf
z?4!MskeiES2u*gTNe`Y>osloE2Gb#Y3^M9W0D%B7F{L$3=xC?8)_B#GSItaiGoz{m
z1~ED(W=SN6k)enuc)-$F6=P+WYYizVDnQ8NZ4eX}*{%)1q9KSH7#-zk*rT$E957WJ
z0oj?#ACz&8l^8LwW2!VXQzD@OJJ5Ap-lj6+&GNX-^TzmidF!B(bP&?D;d&^%4I=`9
zR6Izb`UAp!-<PKjx;r*p)tgDJ#0qS{(#S9oo$xh<=R4@TyyatJ>{6wAy!0-TUB_Ci
zmGnjJ^yJeulB+v7d``iGDajcF5JZkBb4AGO!3Z^Z-nG4Jk_HZdpos<ms|YHDx>R8x
zo2_`fUE<f3qN!+sRIxNCMG|Gvj?|HZ0*~^h@gE{$(FjKbL##^@Tpo&MB+%O(KBwZo
zd`@p9yTj*viX|hE<!Q9OCHzfY*>y0)OT6!$b>AMV7PMCx*Bob;lr~Ax2!cRl=yz9=
zODQEKyH}j<*1VNe4AKM;glCS8z@iKgs#q--*V(lpjzc^lc3OX+t)k!Y`~7cU?^KUX
z#Md4;=N%9XhQR`kNknOV78pFt>2Iw0#k<Zo#m};y91nd-95kkEN@_@>K(N%_YE@^o
z(JO&U6j6rlX)4B2HiTFpj}VH6YN#H}%+QFntm}Fc9q&pVosT)^p18r_*l;1hosXeH
z%ms!#4Fy`F5rGJBh8fH7_g$_~`e`(Dey_mapJ#2(XtWgB5G+bPJuY%ufWsLW#yS|m
zNCq*HLYgxRduu=h5U;FT69f}OYw`(Id1-3k0Kf{WRjO60hyd7{Fjv7K8>SViRqNt8
zWM=OeWM$dCVP*!;8P?}=`N@e@m3ldvT?)X(kr2b6C;<V30JTwp405a(CDCAE2ZP&n
z!g)wC6evJJL=7>6AZiJbkr6RCmc1>x_V+4q^Qz-p-w!&XUu$8=kf94ZwX-VFf)ElA
zA(Ui3kG96*7sj}om&0!Tb5YIbH<N;N$uw(O)oCO+*uw+}2yg+QK!89q;(uhFO2co@
zC+~irzt2akRSR%U-Kqi@2;k6=Fh((h8WRl>50aC~VFtz+f+5^WBtQsdN+J$TM5?hO
zA`u|0LMl}Y5Q`F^f$mZ5)o4&$AX~b?Lk^4t!Vr3j1WX|VViHkE;>Ca%R%^#T3}>Cp
zah#MZIHe7&V{sl#DhNeVfQU9CFmbX}>a9m!D;r3XM2OOLjB6l}Hsi8NDMd1hsbgt2
z<5stdQ6(xRaVE!9q?HlKl^Cl+mPsw7Zr1FuRmlljrKH7C1s$@rREb+?rilfjfo#!D
zx8+WnqAl)5i^2PyyO`N7S4k@_-qmg?uP$FXs!MI<^pZ)#6;i57qOR?QE8X4P?(XjH
z?(XjH?(VFz@TBWAGrPOHrt+1H<z&3>?(Xipx~}46s-dHF4II0!@4LIZySuxI?(XjH
z?rpMrq?5b5x=haI^D{e%?vcLfGbHZJQk7qB38FA4Q=P=;cXh^RY}qD^-tO+e_q&)p
zs_(dR*O$)4=5fBn?|ZU#jhBx3(;AaOQ10BUv`W_G+O6Kq%_b3d&V^Y*Y0+LmR)ECe
zPR&ga%RO^NVbeo<!mutCzP=TSb<h-nzG#Iz))nX$@LwAT#{t|2wn1FAZyKm{ZfK}o
zRB&x#?x}DPt1Fv0I(2XZiBMfoyWmdr#Ya5c%slU#%*?#wG**Hrr|&&Yf)$CoUQlMN
zsac)@9j#b2^23Y~V;UlBQ+Ol1s{obd0qsu+d)28f;A`6+WP&QK@W2TKX8S8KiAXUo
zuOqkBm6Z>rI4`3%!)%K8ZNj@?%o1i3;#MbI*<NwUiPk5&<3|!3TS`;FZ<CxmSh0|2
zEa6dY^cOJg2?$RWtYW$44Sl-~E^C*pI5|}jy@!rknPg;F$t@gekUP{}I}?UcoLfse
zH=5V22x$3{k6s^3(n_V+6*vMBfpa7;mctD@wQb=BCUOSJ(^R)Xa-&Ygv5MWB+LWTg
zF4YZ#C}~FSvaKHu%B#0_lSNK)L%b&pvv`zz%><5LIi1Sp@B?4Ci-BR7^ru&R7hT-<
zH(@I0?kf;6%C`3V2q4_L?3^%YnZvctx5C(<VHVzM$`1mo9<_U{3qBgtQigVSx3{+X
zpQ*d6DV0yaJEwtqu+f|ixa&Ic=biGD3_FrC4Yn&Am15*ts+{DX2p2C81FbNX<vjIs
z%3u`b9?~GpsA~Y6n{xqN2t)#vY}Pw#p3WWsU>k4L9aVe5<w-E>obH%q<m&3)xibvb
zt8U!D7j2Zn&pX<R=bsz#$BwX4h2-aWhIg&)d~40Q!QNajUAE?7?|k&WoUh*Uw~EeL
z#kVsKS$UUp4}Iq@YH>3TF4~mL;v{$)IHnn!-)>VeaO0eD5Dt4Pp_$jtD?Q_e3$j6G
z0@)_l49D){wB%bQcmm69fGb5_p_a>Gb*i`Stkt`ZbXL$(WXh7qP~5wfaMxws8pbvb
zUB+;(=JjL4lZb5av%R&z4v1Y$oMGWtM{1DEW@}eeDGv4RZ+Smz!gkKHt#@_pa-1+}
z_GuUb?T9+1OwJJ+&Zk>~=S?QwVS36H-J0QA5zFo};U&q+)rl8fGIUzn++({JyHLBD
zLr6o6ZVkKEvg6*EdQQQKjMM5M3%Fa{&Bu>-QVeHK(X=bbu4Ij%PW2jVts(2p8!gh;
z#|J*%xuYLmDRcygJL*AjP*r2BfeZJu1Q&>0w~wbns&K5QN@8NCZf+JbO%>0**WEiu
zld$f>(L*mal%>U^t%<JcIb`&NbQZeL71`qqII(RPt=5PaOEfnv<OCJDEYsfC%CKh3
zy5VxYDTodymg}?C>fXV-)H4TO0zJY_VQpV*2QBT4d76!q%*@-ZozAOx_j<axF)L^x
z$y%G!vj;YTH_f9(9i4ABvc_FHBNcN_;+4;Q?W~T$GP@{3+B$Ou>{FDRP9!#p#b+ze
zsfgpf;eODqiqo3J?dN2+C@*@AL^j9*^xJs-S2MBZBW`8~oxP%RycIjb^=}D?W39IO
zP8>%zhA3d`eyj8DVe6U9G;x~hajA2cQPnd>WdoNDIvrZ51CKE5YXViTc3jO@boXmp
ztG!xkuBv941t%_*ZPK0`US0#6d)TFCfKLY5$5%siSO}UoqfxxB?9Q>FIE_l2-dBXd
z7AzZ4bK^)!ZQ@wo=V-$R26Am2g7t1PD@P6v{RbI}xxK^eGFzbe_HN*|p?R8Kq?lDm
z%)_9z3<}~&XHNlL22~4F4?RP7PV$eijozEDffDT}?bIb{uv+K2mXNwDFzFX_Zq%KS
zDGBWDp=$d(4rWc!E2ZkKcZWL_FMG6MS~m*xmd|XyciuYeE7D^VIXe{81O;+7>Z`jc
z^WmJPW7FVHW*S!j4)x^*XjMF(xv@M_u?ozf@YRf@Q3pq6W%cbClHw-z=W9EgJ(Z8w
zkUD0n)!%dl3d{F^BH5h*V_baJ415jUAA1n3c}nW|KDKu9Rb%JM^D-f4UVCh$(Ms`m
zg+2q02V%k#SGLS_W@1>mW}Re}+g%g$L}949tJzU&-s0W9>(_qn*vlKW=|Z!IJ{}au
zUxtHrM0hnR(#0^t8R{TiE8MAxumj2|Rh~UpmH=?%?HRS+@SB#ER+_su&z1Suc(m1I
zxg(_Jz-eXN7h={?m(^H%TAOO>w$g3SO}|y>m&W9bVz6cOTBY%KyIopWP8F%U1Z5Mp
zH1)O^g82?>EZYkwNH==Zyh8G5$Cqf@NF`;u61W_iGP!L~SxNSUEK(TG(7waDIP}A{
zo(a{{GadP02b(y6vPfZF@B!x@u1YZAa>K}ZcPE*E#cks4YkBGH>|1h8p-QRjjr2o>
zG8%$n_n#_PIKgFCa5i;e0kCTz-U()B4zk|Sp1K)9Wf4@nCD_XAF05zrpdhdQ)C3j(
zdVqqy$^uGC2xOomf~o-j_ykcD{>lOpOOOZ>O`Z6svmM>{Jo;QUWx2}L*0spl70&aA
zYRu-Hfv07s<}h39_sl7$me7C&0;sS%GOTrq#kH@k_&+-q&==~d?=LXNh{Lr@bCNrT
zZuJsIy);D48N|5si`K@jpeKM0yc@o@x1<PC-dR3+?(@BCQD<HF1x}C?L>Ll?GLr%F
zo!o!#gkG0eR3x@^)~{u{Ui+}{YSXqDdynT=2-*vNUvR7#H_LZ#Y}vN{m1JR5Y}Za(
zFx{WJgTU`0$>!YVE>D4xYWlA$bJPenx(Sqa;V;xSXd72&Gd7-web1wlI{I0=CUv8s
z14S~}L|v<WW=mB{nhdE)W@^yELlq2A6G;rAZ_{35&v%@2?fb8BWKPJCQz6VaX_Tt1
zQI{MnI*U5Rj`644fnd`h#?y{I*?Mz(bq7PQa^kDL7D~86CYe*Ly2Ws8r=tXA+^r_@
zV3oUju^c2_a<^Gl9xGeSd5?R<A1Xe}q^pl^_ah+}TX(g5NbEtllhuk%u2+4LOYqU&
z?+{O+!=CIkt%Fxpd$PX{dvxRO!S}KYLm;sMi!ouClG6(<2+|V*5_%@%B=efmmDLbF
zwLz4SSPDQ;KDhnyfHOa>0H9qPvQHa5dDXwc&`9sSZ@u~0PCRo#ae%pw1QC7gV&(Ps
zH0{Y<+JM)1$%XYrL<&ikTC-zpwDUnp>bR=4nX7ulr)?1FsDLa^(!Mg7_v;wL@7=af
zH@fS2$<0yMiYg+s*=B3YaO$Lm4gv920on7Xh%g90)F<q$*@phl?|q&|03vrieV068
z<GH{k%NnTwU=0-!?vsVG8tSrjas?AeJ`z<QoizWm6L~Ry-`z1u3X94f-*~SyP<ZC-
zm`cri>jz1SDARJ9S(-6(De=SchN|!9k2o>3`F}4A^W8h*!pZ?j7$O{GVz$PM03ibD
z=@EIz-fJ~1x>Ev3!*-QHjhM0lMCT>pS<y-~rsUKvkiZ}+DCcVLs6nFinunAc*@<)6
zF-dR6S-^4|Ea;<m#{oHWbXF^?D{qUbBt0^j0@>3f>xVnR<H^P6I;%0w-4(R4B7zJ=
zpA`B*sbW|prDN%iFp=wyc*h^6VJ_n&+&S@p<SamEogTW)j5J<SqN<#<$k)94&O{M;
z&av~Y1+eh=?R-l`fKKh%?Pq-Fz3aO?N%Sv9d@vx3zGMUlC|g0|^De^Zl#K8+m<I%S
z?u|U?WO3It<$0}}^+yib@vT>fn)2LOK<`&^RkmM#x?Xw3dDoqEb&h~?<jH~~3BpuS
zixp&91iB$WzBlUx_>jtvzE6u}JZI+cY)n#b&O9VBnx;jYeqXCE)(W}TuNlG*BR%-W
zTu*+k(NZTAX}5%xK2T7~Nkbnr6dK=mH+7Wgzcv?%LX+EGy-{<NJhJmeDyqgl`?Hq}
zwugIaTN503^}Tv@9a4c=(Frw%GGVw>E6=qM#9oF&l*$~O7B<E(91;*^L>5DY>(Vr?
zto0{HndB-#B~w<WtG&N^+LgV5?GQW{i)0Nny=4RmjL04+qvaJ4?KQ8N<jF?+se66f
zRD!-5)l&pg{rtQ{--CE5F*Xed0<+CY@wG=a0HhjyzaM#;Z1DI?@!i}6RG8}LS*){<
zG<w_WtnqbMvh|yQSk77?3E~0f!uC@2qv7D!pEcu&PAU~Vp;4!Vzd*2I$@k(k^Rj4$
z$%+W%%aI&lFn39gmH;04M=zARpf2}e@z$pnd1jd_9=%}UyTqLD-sdx#CMp21L^gQA
zj_YbMjCYPKgRnBAA~Ha{Y)ge>_jIWFzZRyN{WI!3N8ihf1ya#!`1sk8s;2rzDGae*
zAU6=e{g=u3QeYt;EMhtGdhSz|kQO1zzj`#{PcB%8rl1VKlXTfS=QjX>wa-5_^_~m!
z^G~|uvVnkZ2Z}b<V_ApB_Zc}H1B<~ap|6b1=4)6X2P#rM&Iz<O61g}iY{N+!9856w
zA+Rz~WCUh?sHtlV35a_rFlaPrIv4{+j1N$OBSK&f#udC{3TCtA2vA4IZLmG;Nk1II
zgFTso93XpoKod;Cn+duzEs}!MInwQ)39<(Z%&#2qME?>A2J9PPBUZNOsfjkxsR<+8
z&r;xu4C$w!f`vXp8N<Us)1)-g7>eWyq4B`Xl5})REXuqhl&Y&#QdLs%!CVfE(v~u0
zypBr*kVgd$fQn&8GcgB&n2a=*HsG@ZP*QBbG-wQZc@?7wICvlz1Q`TSgrNZTZpY88
zjZqAnC^`^M6X{T^=t2qZc3`SLI{KDqR6LNu2(PcLb=7b<`W6ucECeZ&6f{wdFBV!=
zAyQ7(Ccz;zFfW;A!$fpq1W0UQ3?P27NQS3dt$8c*mBk5Oua}+9d32J72w;L3L)6o&
z`w8q*U6^KkYgyuo@g<dpGb*Y|HB^}}%BKI1&)<H1^4lHvVOyA_4=9YOq6R+OD2;i>
zje3M52fV2oZtj*;4lI}oMPwtzBDSsCK{D-INjhqr7Ktd++8eyvO~NE8R&2v$B0&it
zO~rJRKwU|014I&&DjdaSnKeP`lTF>)gLTcO#|o9k_0(-iN>n9-B(5Z`wn6T=_M3NR
zY7L?qE-^QCJec=)aiuVtZF#SAN@YdHkhPTBsk=4g*haHzsyeJ0tn&gwLqEa+0!hxg
z=E=#A3yjxR7x)!`Pl@m#lcPh;zs%LafJ>JAB3Pn~!kHwOm1G`C==xX?j#|hFPT)1k
zrn8kZRq<i>;GY}MB8K#8QW*9}4(d3oU5+lar&ygVKgBHgmGPtd-|a#?s%)IAqHPm!
z;<9liA~Odysxx<537m@9J#@i`EDk#2RP<9yWh4<KKR24=Jt*WJ2TqzKupc6K-HfGi
zMA6clY&$;PuY(dbKUllTe?KDlobQ~k=jQPQmXJ9~mPra^1IBUVyqQdIUK1U&-<qTQ
zOYo;3hsU$@AK*TR2(6|t=|+9^*M6FAkz4G|^Eu8;&pFOwA|fIk-C$&}1iB^=%wt7>
zgb;{?6f-4UEbZ`$T0pNnTtQ^Hovya<*BF9i5-5u)$7c&7niy)*b@2Nye}5#gndFaq
zg@`xRS;rw1z*Gu^(3&F2fSD$2ZyB)5Fz+{Vk~*$@`LomKiWZ*_wDg__4%=Qua_>3L
zOwT#aVj?0U9o=rXkpxAImIrE#A>Qj*^JkxQahirp>#M;5W_Z7NA(jUSQ3EG)raIY;
zmK&}aKoX~?+P54CC{r3g;O`g_^6Krnr~F{T$o<-?Uuyg!qQl_<w~mi+AP6`%Sz$aE
zYa|65C_@LO2ry$1hycbg!5DyqAq+$iOA-zqD;x97-u&-|^Ss^g@qBDxRSql=dk_by
z0`x<|A|R8JPy;B$BOr(&fP`iM#8L$i#zTPUg#f@|RCYiC8zKn0>!~ZHN~<bLl&LBR
zhk}aWU=&2jk}9g%W=aYSjAnxvB8YiKq!@t+MHW=4j4*{A7Gx2EAs~=K8c;_B2oNF#
z2{GY`@<}fp@OqP=<JPgs?zh{cUi)NbVpG~1%tqN9KKA<0f_EpL_nPNWWV1c!eH2P=
zOHZ*o<aL^fHl@YZ`57X?_e)uLqu^?6>N~#2HQZ$pb{UvwuthLX!gR$?sx#Lrcf>b^
zE*W;UU6ALg27Kj5GC19R6az=sHQDO9LT7u8BUdMIeO(#vkF6CjJjH7yrdc(f_iC=r
z$dgj^qfjG^P`Wj(XeUOuy)S7tQ9;(Zw<>I^a%7y<>x+`w_8)pNS<;PnDvy$)(W7in
zc);`7T$%EFt{_C`V9O`AmW}IfnVFZ-@N~^tlX!^MwazT;%cy;%>UTWmr=ZVV!byWO
z3J7BlvEXokI_Qo;yp{9*fAZ`6pYlFFf71U<`ultP{2mGKbKZ$&X6~_!jbIWtGWy`u
z8L?spMyIZO<Ykpu`?uSoRwp^scM(Tj=H2y)*48<$%B**~S!F2N8)vd|n&^;Z+kC_B
zc|B&`QeaF%j?i4?MDMhdsfE<O;u>};mb&=fx!kP5nXGDhsYb<k^DP5E-rvbz&)--3
z`TN6*&1YVK>_iem5W*@iu?Py_7zlVxL>i(}3}GZBwgDudubcJbcjNcC1~~H%f6u=!
z$qjrVqLR6}NW}*%0~$)Np<lxg+YL&xUHUU5W@k(;7>&LbA60>MP|@*~G<Ro&7#(9~
znVu5lS@uaBS8L4pf&d~4BtJ5$<y-wd+NHn53b30e+9yr-;6eq5&iSp$Pkaf^b9sP#
z^8uOQAjiIWJZf5Llg+{#yu6&w26bi}UEXAs+RVg~vReP@Kd~SZNK1c@k^?dCEDRmw
zkbM7K=N~C1MwWolhR9|dSO!qzWlsbsu;RzOw*^W()nYPnWg>`9*|rGV3B4D3GUh6_
zI>#c$vjB^aRXHG#OIA|zM+sN0nxxh&pm1=-P&w5RnUQjpSw$rj3+UU2$Ep<1ZZlma
zgC+*g&-MB<&z_C5v-iKwoLFZs3F-BI)#Oo%yVh?vRoa`rHVrD3S59QAnpIo^C52T~
zM9(%C7;Ipf!2$>^7962D-p4cs_67*B7D1ZlEEqH<M3W5(5*#ql(8$Qx=;-L^qKY~?
zIyyFN*|TQNn>1+Af~#7LU;q!1(X)_1rR0b<_guV|k4Q+G(S>tY%WN483}AH}ad}H*
zT4OpRe(7_X6`DLI3zwX=XLUNenK^B?@=C^Fh(U!V!C(X+ieU=?ks~K1AHood*hQVc
zkI!GJ$!WjBb#V#URHrmfSAS&L?=>kQHSd?G+UM!Ja<-b;34f>gJP`3zJ)`M&ixgk(
zJOCfu54!j91@K4S*eOF*aAtwxAAVkZv%mr2+(+xd|A;O>zBdt!@BEn=^yXE;l>d<2
z1;8XY%xtV{eb*iyx#yO=cjKNsXR1RZJcKMlL}3pkk75k4BRFv6T2(Yc#E!xPTP=ub
z2m@pY!X}Q)0Z<Gf1q~3KAu!IWiap3oHU<%f5lvt_6ATjqAo_}*U#fxnnqQw?)Mk@E
zedo8cif|6<0q3n^yCp$?eQ!dDaFB=u!VuUQU=E;SL^ME}y^Jef4Tu~G6gAmm2UD#W
zE4DzS0L>N%b^9&7-gu&QA|{CuyzfY$?m>1+fyV0i<mE8wsRA295I4%v0%otC8@?)s
zP$)fnBhL;$6Mm1sNaF*vgvicwLKP<Tcr$l!DMW;x4ZLjBm}p0S{1o9Q2?25e%!15;
z$T5UOFy0_3tzzMsnTwf*U}XUeu+s|NtKo<Gf4}Z`v)$hQs|aSCYrT_P-;>6F+r!2-
z6tpQs<`qz(Pou!2KcEn3W<HA~)4}_uv);6!;nyUeP}y{Mt2`heFU<qwKKJK73|M!M
z&i(`Qz=n8Z-PB+V0?AP~+5brYPQRyzyZ<bZcQLJ0EN5EQUjxW|9_S8&9UL%lmL-Nk
z2$Cd#VTng(8Vn)~1w_MUj5uM0N9e<Vs(}4|KwDhj#=sCiO#m1m5I#SxUE66P3OpVz
z@kVbq2qDyqNUHep*IBJ=XegWUbDZ<ifIS2Om<Kt|du_LIZtmV2H+-sFdV2ZGzwGo2
zso8NVlVAZ_yR)7WZ5G;Pznt-SitC|Ng!hVc%6a#Ml6`<i!bnXSdCexFdPUC_Z~NH9
zQDo@xQrM~~>R!CUikY@Z)y*5;ZGwT-kpmUODlOFlh*^S2Ll58k{$ul#=X6?B`~H43
zdwA<Izgg}opgnH6l*E0M1=d<G*GKOa=G=Jet#f9X$(NoT(DeX^U!q&lVapDbxzj5l
zhM0=R3}Yf_N@?+dfsiv8C_nP(q6tI%WljBG_Ork6$PEi}wX~B(7mmK}ai?8xjADnu
z2?mCs0Yd;PhKNwv&=EAEZ^rJOI&QmkN{SI8G^y8qKqN}<?0qfPJYxO#tZWTwbUQU(
z&Sj}<X?)YRw$|q?v81$ejn@?C#|nEK!+P;=%<!H}E_~)^^e>4biDcVYyz|c_j_#G`
zmw6cz67Jz@tVZs_;HoifxQOMdroXQJEBr{?jWsr3lsdM2zpvtcd-KMUZ7fKuR5U5_
z5G7h!$)+#IyL?_SW2PbqB=GPbv0~Q|@~w|}52anVd_BT`D_?!8(TBxj0Ad}+oc=yd
zn2F2<Cg5^Y`fM8%5)(~TWaC=aH>ZU>c&4;acz}@s1`#%3iG~IPgM@I51T+9)2t+tQ
zVF4Hr#?1~I1~g!pCK+8xOG!y2y6beZNiLNxx>S}*Tc*}tzSO?@t#j)bO8%Lin;(qc
z6@i+=F%pI$fQWd)h?X?KG5n8wTZB2_bx$X64hSzX08ieYU~%|r#Eu<Cd?FyB@Ao8<
zy?wr&M#<nI6|j(yjEIcDZZszv5Hn>U4P#XyEJd)DHYAkDR}>l$tQ49F>Da{QH!h<W
z?eE*`>-X*{s;fNI_oUwct@D{_BiMO_Ae`e~pkdMMkH*kNIL0y2l47Aw!4W7hpr}tr
zl*q&kvE&o-iE%{$^w^*=fOHZ8{Ruy%P)Nob`Tk6sxBeZ#2)wE|mZZ!3Q#?N0nt=QO
z0pagbMR0_LeLQ>!C*An-QRsE9lnv!+ts~)~wF2m%-rU%gs!nMQ;%K^5q)PY)#%wTW
zZ0G}Ur+O&mz-DTW{C0-T_h%D5Q9x7F`@v0lCn_lsi3k%z0Bztl@#jCU=6+ukZ~AU2
z@nKf@+5UcWj!0}iB8R8}8Az933VYM|Ro1saXdWN8NDltKe*y)G+|_XRyUc;@;-?vs
z5x}3>{XVdmKR(>x&Ncaf#x+|PTFqO%R<Vt^__;ZOCq;#p1qcukBoQEl^jSg(Aw8bL
z0q^p6;cTCG=OJ_B=$J#(BidvEhVqgA<jiLi&fs)rs}jPiI2Rb`{EUi44$`2cMMKZy
zTi(k;Wtd`PR9HUPXo-rJB4VX1R8+-@pU=-`e2bpo({+m0zdOM{KtgU>FXvQ4J_rZQ
z8Bf>Cq{cCL*9YkzygW1S=U&jO{73FzS2Xt2?3G^u25{DZT+wmJ6p)A{op7h~AIA-S
z{nh*5<;%vkTieGMhYtzK3K&TtM2BAwP>|2$_sFJt96#-Uvw9G78z#Ji{&YF~&=v&?
zy#?g+r20!PdQnnfGeA?@kfO60=&~qZck6x374>pvFcC>eNQQt@B^Ng_nRdSy$@=~9
z%whce&*z-O;rby6JpC{aYvbFDAB>qYBvn-fib^*m1Y{D;d*}6B<f`QBjPE<(&U42y
zB{Mwh#^O4?$S_DK5hDRIYZ9yaCI2(F{`>0ppU2h?KQTKn?~QLbO?SpTU1z@e?-@=&
zPb3H&6i`Ve2?;?)3N$465`p(2C$0>B66k+*N9!>9^|B#gkI#b)ZV&6X(!s>Di~^z_
z5P-1-$65|ayxE%d{1E`O#qWj?O;F{OY&Yucn9QBm87Q+}byXOnSDM{d6067O=ge)=
zeB}o5igEe#=CcsM{nY`(57_;H7sG?S<ZSpKr;OBdF&2q<(T;0Tf{DcDLLe|Ahdw@O
zz4%HhVGW$1(w$)vG%z0mg6W2}IVu<w3mCuz9{^91B!7BrvHl3Zy2tw;@~x#N!_hT)
zx;*nPpnVaDVn7`di=qPu1_VTcbKFPCB%1q%G2Sp-xGe@Plw1Z%3hT}wQH-#s7=@PV
z<;2eC*s-!3HH#ZWzfQYMz|voWxv@r#Orue?QKY=?#6~QFFh*6V&%e9n?=^IZnx@|T
ze|+T94Ibo@5AGU0F@monbTtc7+WsI!h$RUUkrkFSHB=<}tz=F`b#7~x3XKBT>f5--
z7xK5)F>`gf8|76fmXjD?7tXYomO#`J>9o61EQ{EE`W(V%Iwsi&krq7Y%H$$>1ZK6n
zTyqfC@E$Cw%iD+Xp%-kfxt?K_l=Z{Kr2Tw%n69Oo%PiE=j}-YO7FEuBL|o5($8*)m
zj7Kpt`LwGrtzw+z&VuJiC{PMj%dK0@Smt1MEFIet15ujsiu08$=80q2YnLdJ&4fuz
zZHt^inR1tyE-P^r9JVaSY>lv}bY=;=3zk<icpVI*)CcFTcB#;4k<mz)UK&JeHLFW;
z0&K-iPj<sZs@X@kn&JkyEO3ZCK~f5VzVB}8F+ab?XG+HVFb*utQDaUP1z6p7l_Hi!
zk@h>4z-b^$5ZG?8DMgNIwt&Ril^e2d1``qtmshTPumT@C&B+O-6Bke~Q>wTfiHtD=
zLjg!&00CLx3=wH2YOc2X*F@rMS1*GzV7bO_b~T`!;%51)?Oa55wD*y;GX{i-xd`l%
zM%<D{+kq2VpMR%^-_gELcYa@e>_zgrDypixm>IF$cTKHTUQxy|i~*i&S$D$_wLD`O
zB646@ykG-7wX(@GHb)x+7{E;|&R1REGfwc8PKbt<s@c>*JE8<w)wE`!m{aJNInC0i
zDN&V?6PDb$K@pzon(gy@&vR8(3~F86^Dry6g}|HXUZD2UxWbv47_u@L2t~5Da9g!H
zs3Im#<x_8#42*)*$bcZE!jh7$!y}+$fuaFe*;>>C5OAEQS#vWuNu2LF=C8MW?d6}f
zJ8Nr7#t!s=fe`=@un2&X7y$_4PZ*%bV^%7w5r~K=!10c3*Yebf&+dO~?^^!aSaY`5
zV>@hn&a*J!Q;ET<=~SWdWkL)Ed50t@N0MeY0~jQeHU5>?zQMg-Vk@J&k@r~O2aQ1r
z=bZ&ry1KQ20z4QG^zy&oe?BzF#t|g#nZ0=|cu<>i^}FZE&N{7QF15Y9V;9g$G)|8C
zjW9-C&Ydzv*HLSmw{XtwI_ahb-45HFmBMCSF>Y6PH+4AEw{qm}H#@qO*tx@(7fzjb
zJCRY`B|m4nzdzIT_4<|j@GTUXSJVfs+n3_XNeeUi`#dz^9{NKNrGld`ip@p@kiksi
zM6AF)&+|&M)r^*6I?z)!=QzE*ajk2Q9L&$Kgph=kb^Sekf%3QXJ>b8vKfUJGCjg<w
z!L+x9%GvDj0E5G`vz`X^VAqFXo$hm(Eiex`aLrO*1U*s`8xpH)%C59(#;IOrIP9#s
zV^*{ow6+|_ZuuLuz$}iC1_2q>M~t=x_zU-^UgToN&C;);1X6k#<*n~C*}ed90R$jE
z>l_XJPwliT*Q&M3sX*ncO6BEeo=a7iM3}CaT5B^{s?BuXk#|CM2-1h9Sb-)G(yX|E
zM6|_>SOo;83J^p(&pNDV)o%I5oXVL64H}5OmshMncrHG%lCRxQaWUAUeb61Y@s9Gd
zl;?GjMT!J(o}YO>woF<@G~(`}rZ&i}Yuk2URVCExr@-o6l@@8%OXF0RLLY+5$brkY
zuCrOIImpUEYk=b=rwp6y@Riq;C<0G_;5-rV2I)Exj>XhA!_f8HJVY2RRVI>7j`h;*
z3Up(ruVCL3p1yR}-9$CeFNbJ-gL>kC(X>u;G&mz!Oi;KFh#<r1Y@0-FuGYJ%#aY^n
zmelJOvW+WFG?6UTp(5IL$yS-RO0?-sk4qU`Ie!b~f1i2l^D6_qeU}VUO*&C<A_z6_
z-px2ppPAPetr^*cGX_T}Xf>B4^KAzhmIRULm7z9UqmqR03n*%R)0E+T)UKnxr1wb;
z(%y`u$g&@*dAnN|L*3i2ySe6TJimJVEqvdwoeQVGK-^ufV><DwDbFc1%!nYBR|-MM
zlQUzH8_3BjDlKJtlJCkvshp`1VD6CE0GlzQ?NS!>?Y>WYzk9ZQ8s1XD6_Mn<Hx5l}
zz44FKoXu*}y3?$-QnPa!?$3JiZ+oRcx{q*|akKJ4XPVvgy!&h&5FJWGXNafVwnaA4
zbUM_e#)QctR90Y0FuB#4y|iscOqyPKO?Q!{)w<weyLn~~hz*7^L4jaIgy94b93&G}
zIw3iQfNX>fjMLPib6TdTys9dIh&Q1`3$!H`?y_Wp*@mJikddL98w+S8x1Nr+tJJE>
z6;R+pDgmR^zz;$yp=y)jRniT4E(+;eqAMy}W+6)|%Tko2r73IThHv|)Tu*+p@m6EY
zy1FANRF#2+iJP`~bWYKxq+s&qHnBN8k>tBgO<O5gwQ2%fD$JFHQ!9x=nA#;Eg$0;Z
zNfW!STCxd8yB6JhAQ44zu{R@4Y_P5FZAO%;Dz_x55yhj|jp-d&?4~s6&22#%%~5Sy
z<RIS3NaS)5HN_ba<=hL3x@gOqQb`IMZZ{C#?8_>F;P2}2%KhhWoA12qA6ml-Fz8tz
zA%+59*PC};@4a(b$1eDWX7#>z)pc900#sx~kr)`>`rZ|ruS$=S$uQ9)5~<+yY4Z}Q
zZmYDtXXQ*f<!3Ljx<WUT+@NBO!)2(d5)*C2gx6Dw6R%QZt?jQRbYc}Oq7;yahYMIb
z?Q;T4D5(TJ34jp6^m243(IG0b91|w!$}t10FAV63UdtaPC4eA=yvtNZ0Tu+1nVFs^
zoWSvVN2>@P=n;RW1`$OTVUVI^^Tp23>HZ&Q;gT%jKh}9ezyb$<&%bcb_{BL8*~BFj
zj}%fkOu6IN1lhuBhwSTlHO&ofOE!%TESM9dWlAuO(MaYtJHeQPk^%K*XtIwQ>v9Js
zxp=^7ljeK}19?Vf=o(;yMhTw?*2^7Zpp5h0!02-hx}W66R$z!?UvI8bY8HXL{q$;L
zA_9^v>l8ei#gfxJS4$DBnl`T(p#_T+g2X^r3I!iC<lkQpuY2jfNW#Hy`llcA9T?|)
zbNSwwra=QV2qn*j$&BW5dHMtPFeEt&-<EWI#wV_QXI?I7oD3b`SJ_P^E=EBR5b?t^
z*N$^o>zW)J@NYZGS?71uFCHV7j(Vef*8FkFE((JnfHE-rXW3aX|0?tTKk?Jya{K>=
zc%2*0_~!>a(_B3^=CjZVpq2$s(d=&d5D%vVfy_QQNV4vX7evfO5B7#o)u5(z^NGpt
zlb{ny(sXj|lxEBl83bfA2uNy9e%v_i0rkIrZ8&WQuS8UOKmg>yI8+o)_82-7Go%Z_
zgILQX@JxpjPWgy=Q-=qeITh*p3Q7tJXepFplqk_g#j6@NM5Nf%RLc}>N^F{qMWn?R
zELzD%lV7jv`TpO7SUIn$fAjue%6sbU_8$aB0VNc_^RL?{@0-Q&HLTl?1YgxrOoGse
z)95XdNWp;tks;C1{Gv+gudMFJjF)#+Tk)zmw8tTs9bYo~>lJ)#q9hO!G6F_KhxWhc
z=Wb~KN}j*pZyGOqFP-m)nw#W>K?ztPP#y{T4|6_%kI&QNvFsrdWAuU7gB8I|8#*ng
zA}3ycMLv5D)3aic7hKj%hXDA5Bry*hLnj+1!~Pg5Y&Aady_yhp!g({<qeHc=PC(u_
z+2^i9kmt`sM;uQOO@JGaG-qGTlOf<{jQO|xsqRBVGcr&UEJI4rDX7&HZH$&JlVprp
zHiV$8me|J1RTUz{BTM|BlllE~^ZflZeRg~GzfeAkqA-1aFq`L|e|v@g?`S-7Zib5B
z3DKt5jJ`O!{mRC2<^+L>Dm*n9S~X?Bz#rn>e({(7VKM&%EAMx$HtkE;Lt*%Gcie$8
zd+ej5aq`6}4IiBH1?fJxu-P~SX5auEA}2g=Z_Ww88{_N09yS|>iLh7et>ZzWXor$W
zndc#yF_Dra&s?25Hcf`mmRu+;jot!#a5x%7=G`uo*WeF=5+Mm#v8byvCe~9@lxrod
z(^WL8O|)AYqSj4C8cHoiu~@1o+eW}B3Qy0-|9kJ|{@bd~tIQz}o;W%E9UkocOga3h
zg04W4NgO-?`%6iXRqg^Oe_v>hk||-vF**>hFN|XtPvZZ<#^e3x@!fIygFPk_8JK*&
zbgo)~qNW-c$L!#&05QC6eM1j|02T=RH{ueTD7z(=T@+J8Nf4kA<oNR`p_#YibkNR;
zBb%fSXYO8@8X4)qj%*E%!<saj6u`zO#+3TWvt~Y?rp<=KsP+6SOF}^f6s<G>YD-FN
znkz*`7_A#<qKie1Y*md$jA?}|O*1VN(GnDg=kfXc2ERQX{@=DgN6$OUpJ50>jN^?$
zNKc3Oy<7kR>p8weM+A}QcUs;no5A}1?}M)wh5@`>IzwC6OaMB6o$vdP^9T86Zr$s9
z#>gL@7vusa3rPMD#P{#ldkw?k#D`kRnVg~<z+z(xUlhs{_U`GSp*+mym}#0=WX#aj
z${S)jeRODl3#f=G0+1k)piN1r$r}vOWZ5bxqe-l78zmUYOw6LmsMMC3V%V`-O2){u
z@9*!ypI^%RdXOah`Jb=X>#x^|`k>_2e^rG4y~|W^RUovjW=I}GzI<Pdap1l<3f^^%
zc-3*nVF-Qa@3Zd}<6rI1@V(v~JZ`Nwd~gt)!bBAOt;oGpzyul<P?dWGHX|S<e%)A1
zLTZd8E=_y+^^zGO&X9NeoD-2I%sh1QjPGO95Ns37ck{tBCUXu->mX#8klQu-&>E8k
z9ao4N921GL9^mk{en-TVGZQflC{aeTZ6+wT6riZmY$hm5G*KEfSlUV{Vo-@%1|^|C
zKga9!`a1ou;(GPZaF7oB`t}@E)$-!2>+47Q4?ZfZU;ubE`*d;DS=L&r&EN5^^?7*a
z5&~+~>l$E5_r-s|tKt1>-fvsxZ(UsJP&-8Y`SwFo0Vzb2Kwv~Ji~U;otHCoOGZ-dj
zcc9eX@Mqbfxo(+*0Q*>Jnj1Mnna(fU;d{WtnTDQPT=y{C>d!O{!0aGQIYs@O@X9iq
zDU%tpmRT}vYBr+Aq}q!`CeUnYDBDq_vNJ|ylF4Ez8Wxp^VipKP@%TR<kAA)S&EF@n
z0Gs>u&tz${?Fwv^Q{bTeS#9I;NzdqBN~%hgsRA9$3_ASB^PF!x>&B;HT^&dXAaa7j
za+FSvFByOVvpe<PQG5Kh_j9~C*1PvMi4r7B3Lbv>8J?w4QZQhPL`Z^a-;dVc5JplR
zF+mY?0|=p*lb)Sfurx$x_hp+s(K8a!){Nl9$2-9d$opCfHN01NA(#nz<mQ0j=!S{0
z5jD4K4m_V`oCHpB5SIy_lqL~~zdlghd85-db@y6ng=HXtDN2YSSt*s17^y8KiJE1i
zizZVEqSRQ~H73eM09g<~6ag6nj=g@f=RMf|>yY*`NeU$-oP7CMA>)dAdZX1aGm7_j
zkKBPV+o~vQGDr`6Z@bSW<HI(dIxdd*B%O3;G<A89f%^ON`2R-nSjixEFp@L-!(9PF
zv?sS_*mV8O7{}@3$9=t>o!pvy`ufo%*#k6f8lWgRz*%VVMIxD$@n&F{#PBHd#z53C
z93_(EO4=K;&=)c?JF5>(IfY?P3qNJKl*e&uKYa7{;>^%w#-n2<Ojya1!c7WI1(}&9
zV2Y@R=jY}AJjfC<9zMPI?GHGpW*7`%vsz7JCaX$>wYIVe%{Eb|6RQ-JB85sV+CtfX
zS0<;;a^mGKKvZKR6B#1MiEg_`n%PB7Q*IDgXpA|c*3pzE)+4+*sx@$x;1E1otk`J~
zH0iktvTb@$)Ja4l6$z^|5;3$gD-&o~l1n1pu^U)qNP@<hAu|)TYG#btwQB=)=9{l&
z)MBwfNx6guvB=`ao<uPvn1Qj@V@k0z40}ihOe?@<=`ak)T-=H#1~joiY)=r-oVKJa
zdf+q4Ih)?eG}Ro|S_c>fO~_*=W*RFVU}gwXFqrA9Tr@NjTCOWwEX}0?%7t?&k~XF+
zN+v8ssOGqF&2L$y9qBL=`H=8X&=Ce^0tP}pIOYm|p)!d7>d?$?XSMHVbzRPL%Btr(
zy#F(tcM~w{tq%|bWP98$bDK3qIJr!*84;1^dj)87G9)2m4OIa|FXBwLKF{A#C7wKr
z5E>o=LYbI4N1D#Jz5CwxyWIQAX{oPmG@k77*SoutfI%ct5r{?tA}ENk{<;3&?fhcz
z`@h25CpGQwVN4Addwi#aj#$_O`Xu|rll^?JS03&QEy0_wVjlJYZ~OKG`MT6nj%IuV
z9s`A5XI)v5UCY7Z0@k9{l4ruhj+(j(LR>7CD`8B!ERmBFQA~`PF-HZ92-_qO))N{;
z*lJBqLykJYoVAmzG!$VanrAH)Xo=QPW;kmcDV-UkNunXBLn2Z|j}%E@KuI?N3K2k#
zG04HPH6$3KGGk3e97v6rePDkd(f<G6`@#D&Gb`FaCDOBf7z0+n<}5jTqKB4pb1ZEW
zroe$f<)%(y@rYI}j0^#X*Vo=l^O_%T3^NbYX@54CjA=g~x1CkQ%?u{Y^D+*xp3E~d
zJrf-1kPmth^Aormp3nu}u2wW4M)SqN)Cj#2Y4-J~>RoW!(CJ-p;yvM5jhODMhO{r;
zoq9|~bVjNSu9_^=IbfD%J2}-`sdJzXWcBx5o$K??YR7#lBp@9Up%Bm{KxQ+owDZKB
z`1q-MkhnYK5{jZnJ2WC1n__~McTiTUbMfxzv#J7hYcX2tf>lXiltyL|l-MMokxo|7
zS1@43xOOi!DQ`HW&QA8*d(E|Y_UXVH!xF^UwLaC_=Ay=_wX(#ymDSePRB1NGlT%We
zV$BMyS|Y)M3IZSwH>~cnX0H@oP?EAc9S2F>azRT5tt`Zl#BFf3D<Q8@WMX37!4X@y
zRDCeAZS_usaPD>xKwx&tzFy&%?zv(s?8cSkuL>M)Jaq&haWUFixbmhw?KgR)jj$+9
zW7ZJ8seNL%9#X?6R13C<u45~Ggn3@x*dtj0!vcU%1qVEA*39h8ys|oF)?vtw&4Rsd
zpz4c33XN<?QLR1%*#--yWu`{6!4B%TSSaX{F1yKqd?S4|a@eGb#<ka3E1{cFsx~&A
zkg_{l2!*3YklCi$DmLxRr0hWx6)HwCOD=1z2jA_TeZ7vhd)KL%5ETPPD_Nh;YiG#s
z{Y(S}`kucbB{L^-ozrh7ndaNo#aZH<xH8%&5sPs;=MyE?GScNa<?G%-=-FAbI_~3r
z*6#i4&GT1!Aa_tjFyd)Y*)8eN#3dTDcHc{|@<|1Izd~@~aHWH!k|Gp+Lz&xM&Ffw7
zykniY>8rABc81(!Oxs1x8eXG4mGO#XV#zkjyV$RIvhk;;bX;+o(~d9<F)X5sRg(Bz
z5WEU10Y!->)%4cRC0HA(sdc4{HBy-AszBR1-T>b*Jh!2>)#O0(ywepY4GE5+Fu;Qo
zH>!4MHr@}X14e@YfwfShP+1gFXrU~Hrjn-Cs}BjSSeTk!;e<p)1a8O|RJz+`j=EIk
zbhkQM-J~(P>xybBy6WXis4#HZh&W(F*|PwMFfhPyLkt`OJ%u6#I?BLEgxMHst!$C1
zRZ!6jCaH99WzEv|aNuEqget2Lkpy}X7+`24q7f8`R2Cor0Ej?A!W9f4L|%4xom5Q6
zjLaOX4})>7Y-}2%`S~+GZH<s5<jbuTt1W4)ZuhdsaG1P$`$b^aic%^<+-z3uQPk90
zv8*)_YEh(W8LqhiiKHQ_gp_WluLp!%Smm0Q*_cIz1+C!_JGTi$H<-{RsL=ruTe@A`
zVuN~Xvf5g!xL1ZmOlk=znMTc{HMLz5juKHz5=|18MG;eT9jV!n)r!K%$F|}Im5td*
zwhkk8*y^dRT1kT?jvC}q4##s-dW55OLq^hVNl5iO8=8bwjWHHx;;q*8Gf`73H4YDT
zUCEhMLwUWkyzZ|_?)2k1t}5Ht{gMRGc8)5Qs%n{3D%L<A0Dfqj-w*J0Xp{Av#64B3
zZ@>X($Z{AEzyknxlUtmO0SM%OCGg&4`DBM=9NyJhAQLLF;HG7C^`pQ8Eky~YHqveo
z2F4f=zy=6I2tx@569~f$A{90sh9B2=M|X4b*%*vtV@x4N(t;#Y8~4d3!g#5%$Fs+4
zqZ#@@`1x_2?~XOgr<aT4jx)+m5P{Gj2k`U(K_aSW{6$qvGgxDoQHh!pqzDH@DX@jj
zi_z`YpJVtxN96q+PnqNgu+N{{;C=)L;ZRsnLXlP&Q9_YHE#L|UN+=(Lo8a331?(Y2
z>$4P9Qvu&+4ukkFuU~uS@Mc%@ez^mQ$cBS@2~r_9=VqqIJ#|p73Y>LEfbGR_#W4e2
zYzJuUdVv>_vDkj(>0ekrf5A_yQ4uZn!!r{zFpE2?+hn`0lO~keB1s}D!4wq%5ufk-
z=O^F4VGa1#SU*|eI{x54STUM2p3QQ75)jp2^S`~ke=0rHoL<NNKrEg;QB}kt13ivf
z#dpS<@v_{S&Y>fXIxVu61~H6dE?~>-qy7FF|ADa3&eH0T^4J3y7{3a({m+NzsBJ7X
zQ7Db9PkrzPqFQjus<7P}{~;|sw?DjAiLf_1`jDFqfr@Srqv^2P=oABgA<@ESa5JqJ
ztH@-P=Z&!Eh;hL<7)b&_pU9{w(aC<_Q=_DTE`;Ktq0=ac6Ty8jQ+W)CA#!<#`XVBz
zf}u#GVKs(S*{L>f;vW6pEyvgOo14JE7;)sfq4o3hVL_WHIQbGWfVR1}1LG(8Bq6|d
zyDF)3AO!9>sn2v7uDPw_t*CZO)-qQW0!RtjQbI}Ln}4_ed}8Y#mjBw!&a;i;^{ktx
z*g*UrM`Wmo(n%l{R7?Z$*QbGdAP|s9IDQ`R(S2|ZEGWvn(V^5JK$=Z;u-O2Teqawn
z$HTx!aDYg!d70pzK6m2x#GH|w@Mi&tk_;v<1g=bmSV?wlqP%|G1CS#M_H&@f_09ps
zg&9|zcYFS1q>3hFiHf30n=)lAXxWCwG;K^oO+<bFugR~czBBEw@b7-=qxJXqGwZ9v
z&A*xAzQ14OAb9JPro9_H0B1m$zj(S%sBX2PuG0K4`S928r}B^Y|DR-^<d|D-&-aKA
zz%%S1%o0jpyS#nsC1Md;Dk?|R`0_mjA`qb){G@#}8(|1d{cQ3Okhk8502+V+My7ve
zOvG?u-&r`Yi3)8V^Z;lBLEz9DU<e!!8UfOqJxvRsgh>~^gLcPf@?a^5KcCa;K{Qnq
z%zs7^j!;CO%H=_ha3swZBpixGN-zH7)F1ng``O}16XklZ*YEfK*MGh2&2K;Sm94zB
z^;Py$Io!B5izRnm#UzOSF2?=&29$v{|0|fO577N3_tIOt#6EccU-bX9dVkD+-;N1d
z#K#<OjB%sbfPp7J_QtNSEVaLnUUx?yjaP_Th_VceLKlG@j4D8c0iYm=pok&}hHwlN
zl=X1dZ2FrH5XsPUpEm&H2@CYWFol8nJ-i+`2O$X_`aEoQLM#Ai+xv3ha3EL%eD9n9
z;{ZS%Yrq~jJRlZT=a1=8&tMPY8mgcYf3Mf)`QJT<+vEA+-m~EtzybBfA@NFoI0Fhp
z{q*23(N1s(v)CZC6IAJvq#0?{I2mHfN#r4!6XZkxL4QmA`$>P__kw|)?>XOGbJ3qf
z|4M!m7BB?~?~)i0BNjCMK6E=_LKOKN6Brgy@vj>V!2~$flEEMdLsUu-21E4d-}-X{
z_mIXWjbnowL)sLE+1vttf4}M2an8Q~-|GLqFfoh=;`CO22|jk=js8Yhuwaa`BRI-^
z89hikZ0jeP83?4*iTsdXdLNxH@AROH2x!R$=NT5hWWROZ`@Z^uk%<+JUv7DL5mA4@
zRY#I80>Z)|0{*cO0dN$|6vR*^K*L>i(euY~@vvjXjFvJgP(U#NAjD(m=>A&_GFmxD
zkobHfY%V!j|3{e|!u%cW!_XAgA325}&-j0z<S)i4f2Q9f7#JDqkDrqHMl7?Mf7G9W
znHVr{0%CrQAcM&dsDw8xm~)Xrsqs!(&*@`dpRQlvz#_JCZnwZ18RPM5_yRCkq>BP~
zX90hP00sc@gM$aQkexaz7=R)Qh7Lt~7Xb&RXNR7y8R|W=fN;&oZh4`mX_r1bp{1gW
z-Z=3M1sF4DCZvS@{r&y)8UAa=_1uyY`SV@a6#M?yc%IpvUh&@*_Cg0;LxC2MYNahy
zMihz_RC?6$Tyx{~de?h3yzh6eJG^@*&!yq+uWo$*N!5y5y5Jrdj4>Dk7%E^u#3Kv}
z_Al+M%q-0JOlknr2vDqu$S585c{<Q?Pu}QJK@cnuEatPq-5!h>*=e1IhP5k&3n4LG
zM+kO#_U(7iZfrZ}l<^F~B>^DFLg_ZuEhO7AwJg@8rl3f~NhgEN?qRQ&Ab9{LJa^mU
z8t5^M`0&686c8e#1_+N75VhRaXOpN!*)*#ZB*anEu1Lg&hs&;rXZU~h|0C!qVr5r|
zNdRLF@<wj_>#?C?w2B~uB(=dDC)NPE)2|qcl)TtXnqCwf5HWyEMjSl9&A{8#ooK<)
z0nH```@{|~da9qVw?~|P-~G=&2?&2mGV$79v8%=AVY0>+TU3sf<3RM?jM=%0xV1H^
zrfhRr3w5%frQN2i4SF_0I;I=A_2aK-d}*Q%Dm8y=nWzh?w_%q%)-7pMEM%yVV&#f8
zgI5%FCk8bLWG#C@Pia_!>?CXpW<ypaEN(oR79lqAVh|?ND;z=^#$DAnK&lI9V+4V!
z<TqN65VhknHfv%QEYgFnIuTUI5Nss24Bc^)CKa@<r>HeFlA3C)9_`7ZV%|V}=L!`T
zi7sh#E>do+G}K*{jAB<FqF1+5&Rn&yn~{l=O!Jyu9L^fLHL2#X)p=x^-lCBhvSZXm
zf>Gm<#g|w#(r;VPQDI}lGjec_kjOoNB`HWn03l5$j2-8E`uYBM<BmBuzt+4@oN=CW
zobNZi?;}0X(9V0ItoQr9?>UuUb3~y?jK~x!4oac2apB2~<zdv7@DNN{nOot>s^vkk
z!K|cfTF&>o_r31-)fbt*SS?qI*umfcFbsePB#7QtS}#czN<<cwRcJ*<fd?g3^!#T#
z{kOlloVBB_b-o6L3_r`y_i}c2Rc7xOLO%D$y^_vy^9%!j@DC<g6e{ZCw|*Ov`g<A_
zq*r%B$Gj~YA&=KLy<RUk%qZf1`Kn_|P@st+j>mP^O~-UK%;a}s<m?^Wqb){_ahF^!
z?$M2=?vQ9B4&Aq1HMy#{EgHtP&8w10sv_AdcFSv(S2dzLq+Q)PG~IQ$>g>69S2J=s
z+^02*aw`WCa_;K8w>8qK%I59VxnTML`^V9@cF4{_!22J@m^X;P0b$ZsAwqnJw^7bm
z4>#G8@p?=SZg7vkuKk4m5&VBc{8=a0>yiF4sR|VMGWp_J=QghnBl+#(<H6P)N6<_)
zy{gt{KAFRxQ0t?8tFr7z#+y}aRC6<6JCD75_2BkMH7N%#T-Faxq1T(GU=zId0Ix+X
z%mLKuvS#vQJ3P0kf0|}k`$xP5d&AsqGUD}KpoRUkD=4$C^4-wOX>Vq8&l?YRu3hXJ
z#^PJWc;2(mo@aJ1fr%BAg@c%7X7p-2nB@knX#B4>ds!o1x8-|O4MXE^jcd#sR`)P<
z)@ExMc0L&|s_`S%-XyKHl@CCI?dyE6ac$iWYQU-2g97WBT<X%pdpVicd+K+Vb1Q0L
zF6><G=fzxnGdYI3v~OXgs|MxX?q6L9CZ8=7F&v!z>I27ndU~b8jUrB7<TwtBUD=(E
ziD-<uvo^xK6??bJ=dQvW!DNcXwl5)k(Rt3e=K1GUxsBb?#NtE-KwvNsh{GRGC;<Fi
zri=YYfjQC*7U-~g``nIx2i0vgsZH|G6RBw}mdOy)je7k%wbpXW*`82n!_T&Fcjgq<
zeAjZvgqG*A=GUrn8(Yu0sqORE?`t!wT<{BqMzC;3WD438kGiBc&SEpfltCwx<TN&?
z*blwwh9rhD9@3XtH63ZqUbpM-y02jg6KO*uNxjkBy{R?6Zu{ljXFTUZrnsE;a`DZm
zt&;nH0x<CK5P^{3jDY~8CJb0nn6V+D(SWuS7?3iifX&|aW)((_fJBU7U^qgUaKu=G
zgbu`zvdSPPN~J)e>}>QT*??h08K1C>cjL#){%^mxQvKhaJ>C^garn65c{o_uY-BEj
zAq%Mqew9)~L{YCG2U;7_J1&!U-Ir=2NfGX_+^!`@wv%<IW}#HERT_6Bt;~f=Y}Zp-
zm1-?>HWDDNq({2#S~lI#smk+a&C-KnL)2CTR&5klO^qhuR2?q6CaCo>>ygUM*chwS
zY%b9)l_IMk(pzZisDg8K<^?6RX^|@xcB~$1xsEji-G-sHcTGgml`XoJv5E;LZt`}F
zNZHf!oXnkT!5{t$Y(bbKGkSvi%x#>*5Zx&`6z^tjDpGg?38fyjRy39I^oZ5-Ge21>
zR5qbV#>oo#s%D$tUS9msH^y2@@)!bGz=!F}Um;M6Bu1tnl!>ItiudOF+oc@u5k3%?
zKO3A8DKpHpJ_HdIl+4VEag1PpJi-(xrAnfzg(?(Fdg-I1`hB12{uvkB-~>J$!0^d~
zA5==8%>lDHHL4V<p&`D)OZ`$IAV(MsE_W&Ur+CKLykwoUwTp~>Ik}xi0t3(Ea695$
z7`&lGzB3$?CQ+%gN6TTSrelbe!NmpXfLve!kXRTUA&dq4ukiSM!8g3#Gx&g|v7bQr
z<JtQY>PZ3Z`Pt7d3-Hy4&vt(Qz%z%zND_))>GxCo-=^2#{CfKiO#Y8xQ)<1t&c_k1
z(W4LR{#W(Lq5`}-LCsNs2jNH~KLCV45R6htU_0+eKx8}jgN|ST4>vQD@(h1IBZl_u
z^<P&>53GhfA6XxmKc5L;7zmlV>PSw%Kc9Ybdp|w<*1J9d0rYkdkk-$aWd7+(D>|cE
z;_DaVUtuJN0n{5>P@#iVEexu!A<H}?*ClSo-oIM#w}%?z81MFT!S+`l(y(50k*xXx
zNk6a@dPMUj1*2K1WKBh2#tAV@kr|X|kPJye6cA5b<{rZyf4NjITC;{;P7Ke5W*B{$
z$GhLwnY~<DX_jUleM(dI?e>pxfvX|ouu#Q;w8OHP-UbFfe!qiy2<*QB=wn>zx`itm
zMGUM#ehh#kGhTR{rE0haejF>Va)&|-2F#i|`>y}b>@2!7bZ0uh=QmXHK!)f(x>=9l
zaswYI=^(N2Soyp30NH@*2g3*;4U^=r4jWUBMCZn#kfhQi6FSJyT`gBWGYjgW<-}-%
z3Vq`k0BigG`vXC?h&Bo~3?}>0B!)z5YlnVQ;EO=mq}5<`>2NS0f|f7<QZqek#x>14
z9={iL_xI8L`<WXxyUy=>&qN{0^hre_5lUqy)LM_P=lmP^YtkYjd#<`#YtOyCe0%qM
zL`9|^y5blxiaOPniYTOJc;6gL{c&9VXBR04y#HIF1TU-(^5mvwGZ&mR+`l1!`X7IP
zzrGwx5WfPt6JNY5Wj#4zn?E1W1!GwRW*v({sevwrev~n>0}RCEqhc8UKL1q0svuJR
zJrYkJkDx3OSg=4M^Mm1d{M8>T%d<3l4>RhreQILP4V~QU6J2f+IhT$@EQO{ebE_vZ
z7G}t1OcR33k{$p*5)<?9@6+w?(vY41eqYMQHeHmN`S$`6L+C$CmXaeg&cfx2RI_`4
z6y|lbs#8W&EPj6z^R@U1Sv9KH5D!0euem^r0Tm<`NOfLcy-l1zAly5<_Vev+*%1)t
zI<xlngg65vs6eKmkUIISVsp-Mv%#S8;<xl{$Voqce`!CK{j3ZG`|(1u?bF~V!~Q7w
zA%Y>vU^5cBl`}Or(3D*jG9@h^_wj#z+wd8hlDpW$g2o2RfTA)2$PB;lMlyQ$l6D_|
zF^Fh$*C#x?fiw_Fd&)H!HX}SH2uRwb)`m5Wz8%P53_vIE`ThSfuLisR_&#{S>+6r2
z=s7X=PNeA+RmR3chtWDFh|aRQXorLp6EI3h0u)d4=kWnAInH(>LI?0bLxJrD>LwLP
zMJz@DhzvmN{s;C4z<D#fY^$NNiboVu3G>ggcg~F>oXX~>jLW)`j=fI%$ul%&vc56}
z<1Tfaj{X!&l~Rt0A>0G{hbim%pXR50aXo|JyT5s>a*9u0D`)fTU_>Rik`*Q7g*!0O
z8)i5`6z5bWX!G=+T3_t_?|kchch37&KHkHO6v|0O4HT6HBFKA|c^TjLySzEGFtz|=
z)*)omAq^&fL6F|EP=FR)0SjbUW9J$$1ImOByTA^&*GO%7btsgJ-;O82i8R0=ra~X*
zi6I}ndi9h0_x;abUqQfys*5r#*ddTugdr5ym~OJvu9q?rOvN^B8dwe~w+4bVo?xVU
zG-Q}Eka_YbRdLOnrfA2UgIcV2gCY&u_1swY3I^{MnX4pvuu5q&Fv+AEV$u<2BqR|9
zoCn1#E5@S0)u};ql*1w|Yh2^vzz44`Hudw2%;u+;lBs!Y%oyOIk0#rMLo3FHU3+jP
zdXh0GRVhO0k|h>8M;gp%7NO!<V8ZEg+^A`&gHf6wvE5}A5w9f1guhbq@}S`ig|{Ja
zTL%Oo4K%V-Tnft!TBC&#u1OvV4B4<94M^Ha9s^j)$cIu5m5MHDs@BQe)Mq1_z_pfb
zG92FaTu7}+hFPuVml6xEA}p3e4cAdfU}dDT7SG1g*`EJjs{fpCU3k{K`s2CB9(fzj
zVDd7%s;+V)+TayKPlmCAEDT9RY#fo90_#GNf+F`?Oaox#<+@Y%ISo^+DLEoFYjeBz
zx9;D&?)$@L`k!rm15<zm{r`vYf4`^w1Zu%X^OOUDlO4KMYlYB1q6Fs}=k%kti%sc(
z3`StKO~$Rb0JSURk;zQQ>EnHOo8I-ih~awq`NJayV>2S9EM_%yTdu3R?b&s8T(UYk
z?&CYLvC-YS>2$igjOo`o(_HJi<}w#uT<1>bZm#ZKr#U6fblm0L(bHYfyNvJLKR|zf
zwfp{T)-IumSjMmGI)Doyc(X^X<1PRMj_Re1VWq*Uj3|4SM%b<BPv_=AehWq_Y=4cR
zm*U3HU5?80SaTP=Z##U2=HH9oBniJ&mbtCxRJdPZmmt@?a$8%OS+;hl;Tb8Niz{}q
zo=0nkrR5YLsT&oKT?2gUV$SX7SZ<1!>KTr0LzE_88_uTKR(Xp%?{}XfB0g3LB}h>j
z9?^)jkq9qc&%FXZ7Dp#)xTD;gMEriQFBNya@^~>aCUwy~aJ2+tvOg2Yd*sN@&r~u5
z2<0xdT#9v3BnW7Vr3j~=JE+>T@q}^Ouc?+oJYND8m8)k?dfyxy-&I^~!<(ya=+rh0
z83stk1?#?ovdgMtIeg7L&T6Y#VC+axZ04?^*KjpsyEOJwgy!C3%gK#FOb{{V?rtvE
z%cWfggV#fr<<k|2@}mgc&|kXhs}+oE0y>7&t>w=n$y-!tO4_J$yH*NMEGr9l)wSwd
zRd_vP-s@p|*m|ki0=W(nQx$uSavNKEbFdp;S0BCaaY*A6$#Kj(ow=#o7ol@-8WrtG
zBuYdMk2erLpvXR$XI6>rxJ`Fd#>QysB3nY&xNsi8Bqmr%NI-?pIiu%3_M`6~Xa6){
zQE|^`TPjj7$8|jK-JWh&PWHoyXkgacyVF-_)3e^2G<oBc_d~f?c;~d+EIhej=UR0!
z)J*z$ezwr8=#xv9e&#Qkz4N~Awa(y|!^WOQNHQRdWLz}#M>u`i&ZO;khdoDi)h@DN
zV>L*LU3cHPp7Q<g9Ri!W%iCkU%yZJI56bhDZXmT{CEI(l;<PV_<KD?;vm|7_@J+Om
zLhWpFg?mixtGWZ=z|2B~g-Jm{k*RyPTc=Oi6t%p%uD5R|kN^MxF!NnnY?Q3EmRWEF
z(hW-*RDe-{N+k&ruSaW~o@z?9dKGy|D}2ug9R!9{Bb)0i(4ovM2M9DnysQz?0PH3A
z4)hyZNGds1WW+QyG|h9?4JPmSuE8ecoblc-hsAm?^sQFim9;xAhOuGS)=iFfFOVZn
zz0uLBl`I7Ds^YIw+;?+QO(dNxLx_5#)=ROBdfG`Om2D)EjR^+g#DOSnj@x!k9w56m
z6eDv*t?g><*)q$tnq3(bdi7S>t?h73y6dpI^{sS;YjxCY(dyN7kf|u-g>egQ*^EWB
z9M>dhcn<7jaMY1Bb;DwWSnJ&!F0IRVW7d<X)<C&JY_B%OHN=p__FURAQa874QP57R
zqf%tVXhT6T?uKyd@B;7?%QOB!2p?SzDL`s~s;IOynCr#W{_gy9(9<$zb|{I-O#>1T
zGIdOrPt9Ld=<n8kVjdZY`34-ySSiBfourMIS<{}{Gc_9D0CplUFdr0OvwZ*}0s@ek
zfuvka`RnVygUj{xc4lhB3^|`?;5M_br2}R1My;@?!;)g%nZxgWQBWJ3GS=&n(iyTc
zA&dY&<}ve(V8P=b!_0!n#$eby0gQML@L>fQF^m9<@jmGH{Qdubzvbf|=y^PFNRWVk
z$=>$E9{>Uezl8DrNO7;GtMw*J;~5Gp4axrS8PfiaOFTmXu{JiwTLK+EyN~am5Bc}}
z<>xs$&U}%74W@jO-5?0G0Yn*@iWv8injm7CsrkltW_R$95sm~PIDsv-tzM*HP6zY2
znJI%rM1jAaY`P3@d$govIF?~thRvdiQC=~ZeDD@?&!+0@gQ%W-V=n~oZ(#JvLwk^h
z3~$HRocizg{QgVp#f~%lnKhi>&nrbz(1?u`EmcyjR*Cz;;Ps4Ry%nEd@cssS`a-qO
zc|{0lgCV12_z)b?mkv?;orLH3)P4y-;X}T)y3YiM*oUzeASgjd9?54uM?r?H40Mb$
z9wGz;?^=$B;Vgr44%dco?g*Sujbu=?CQl?NFRX$+G{O7g)6<vWGXv}Hf(aYjuk)D3
zD6%#6MTW<4`^F46i*Q^rAIxFL!2<3w8%O~ls*NVkPa>KPizWX)|C?4sW{gkc(GgID
z^VS2iqrQvXWGvm+n=nf;e@Z1w`mWGJ4=Fd~IgsK*(VwZ26!`!bzdfF)smVjvw?~U;
zukHHv@%HCPdVFWt1A(%(E#+018~-o{69dJ9*TWc(f_V%Qw<Lwz!$F34vvtqkj(_L#
z?+z-9&T;6F{->fv6k`-nSs<Va9zL)cJMUV|FZ6v6uXYIV=Og_#ZW)XB%rnyGFA1Hr
z-%SsbBr)PhSR|5vf6w#pjMKp1iT(3Ed8+!yziEy*8pbi7vH>M+9|c09DNHIYYM;~A
z`>c52-mkjw@y9lEyd0rc@2Y>FcXf5yCjdXSYCV=BBtn29eEl|D=;TpF6ey!XMRN<E
z$q8P)^~rr~z2o1E%QMe279*r5SQx+q<`3kTLUX))PdmzFX_E+@2U2<Y#wr?%6?@~8
zjn=yF#`&%?ZPn-N>->KIlsLva2xt?~k%Wr{0ZBc7IX=B-2kRL5is#T?0wJ~xg{q7>
z1=qqvI;})Hfh(L041NE96Y#xRv6MWi<L>-WpO^vg#e&X$GL$Hc@|t$QsDYy6owD<d
zbaLtrb$H{C*Yo-QeoQ#VEbc;1)6g-hT3Vt~f{>vK`~M$LLwyg_QF07;s7#4EpahP_
z7K;WP!-57zOwRbiqNbel@9T3jlnoF#pII}K8hLOSshgdFFDOGP*iC9&!UhOW+a#ao
z=jIG|>IaX7?~jB~uV5GEFaTTlGb1x7lS;uJO%1ZSR@8jgJa?mYtG^#){{Kd;Ef>iS
z#z0T)c^D?60#Krsni>y5)EiE~`<x8{TBG0|c=so_FuW8|Sn1wmGcqkolxDo62BH;4
z1qD1X8NdJ!pTFS2r`F0x3m;Z}bH_T%>>whWepslFe8!@qEO+P6qIn`PmGSXTt+qsQ
zs1iTBuetjOsE+3F03SdW0eOsm5++C%fpPK~6cOVL`&e7XJ~5#-J^0*ozdQ9ph+g-!
zvl!5rV9+4PG8i=Z@B`Wz0N^;<g8&Q&ujlvqWc+|h1PLL|`2F}p$HGaEkR6#V)f}j%
zWJG5gca)Pn5MkCs$gI>QDKwbF%b3=+_50?tPpS*^;==90m?CK^nJ5@wpe&2eI5;&s
zb*{W|!NIO5u6Q}o=H+ZLfdUW=3}sYHb;hGpA_x<+W!yS4iq5FEAGdMjyoh|tH>b|H
zDkP|yL_tI2=QHuBqe%fhKDT!=Q*Mu9Fw#N=tQ8ZfD6PcI%9x_a?o7y=gS4vdt&>Og
z&xCgnvhgF47ajs)RmwRSj2cct$pEXm(N$Wq;Nygpg)%j6QzewRC6-)@j0D9LVj30_
zmfC|jjF_}_upHh~7_$*}0PRx^O34-zWW?LtgMl+p@PJg&#?nA2^BdQ^dJbA_&@pBi
zl34bdXo#UQNfSrP7=!R|Ngxn4;Jl$K#?j3U=O$>CV?(?VZVFW#X##Fsc}DdaQ58;E
zR%MS4((#sKI;J8#yo3QhjF~pUqjc0lt#Ps@S%IQpiz6VJZd@n<+Vcdkd)dFfKyUZg
z_x5K~UteDthu?Vb&PW@r%*^&?Z+q7_y@AW#@#BI-Fcf16<4*M%I%Gi@;LQ8fW)i(z
zEj}RDuew<<;Sy6*THg75_q~4Y)#h_TYo=oyq%1?T`TD=}>?-c?%P4RC|23h`uT`yM
zF#nX8D7Fyyy)A#6Sz!}a?(h4I7HZ;ds{*^NNeX(A^zpDmXm14CV-TAfYqqv^bzRZY
z>g6zY)VSR1y6)}F+UD-34xH<i7k6ARb=$j_c68@=bmukOuDc}ZD5@x`sZ;?ZV^kqY
z=jXqp4ix(SYeP9W023ea4#?%ETAa<@nSvrG*YLOe{psLfVE;qy!IE?!XHz10{Y+qD
zROA&YRw8PU0P2h0cKQK@L79R;86KY3&3>1gbn#Dpy+K+|f!f6^-OIoFUfv6RruUZD
z&!nWR?|}CnuK)l7`b+9r35QGTs+)A{2Zna;=+GwI_g%-4j2nPuyiJStd&B|{iKFf{
zW38U(4~lp(tXb0I@dJt82Bfp7B<Aq4lNu%HQ**B9a~>7p;sNmS_m6?_6lpO^vK?KO
z9szVOGgF4Iubs5}7I@7$j%oKRYT6@9hIAax4h(4MiOi&~#fbBG=Dx(;8sU8Iu+tae
zBk06_xnADa*m`A)zV6<}i@v0~;?CJc@XlFxE$=L4OoGV5Kq2jO9`67xF{Qnz<=u3x
z!_@0K^66e*E}@|S^g5N&^1H6`K?GIRA)T4FJ2)I5_^%X;Bo(-1J-`=*@xxt=9_aS3
zxb1sGenI2+hIx>ZNm4=;l=0SmueaR%>3aA49{cq7HbFXDP0dDmo%KWUb_}_&b2~x$
zK$YM6!qOfSXTs#!Yez)`dDMjMyo2YLo)22t6Z54}vta8HS=4Wu*E`=ey)Sy%O}g5d
zIh!|7mFQS46<$ov7n|Ahf{J%TzQ+Q176uxO=C9i4uYTqF_&e=mE#S^&S9-GH(k_C}
zXQ3NoZRGW9y11@;oZA@*mP&1-C|rra&@4L<F@i7#fdCLY91H;Ap!W?5f_4~UJ0&;}
z47?Um2u55OKzI~^q9Kl?z`-5XM(%>76IxWV9R>@VV~GnH0TKv=MA(!jbhIUuQRjQA
zsgodk0tEs`tWMYY-zYxJuvS)XT@AluMSc&y`n)1up&cAe`Po~S19uY>xiw|FT^zSZ
zu>oFc8*dPy9gVFN&AT3&I$1ISEqSs#cEffT8+z%jH5nV0?v^HMYXu|KN+i}hE4ywv
z6fMY=L1A2y#YQcNjV6;4T1|2)C$T9eM5c_?+tIl6({aspOodX)>?)d*-FF8gw)1yc
zoZejLs98XGQw>;yM!<@2V}t{dmJXLP-zBW%-2>4@5M*p>we8a>-o2|YbAKF=ajsS>
zva?fL3(YQ%yzyRf*Ir0u1f^u4Jc1TcVM0Vn3!n3vJ^-qUD3DMVK=JD*Q!ht6t?TNh
zbDJi0oab5ql5#*0f<wg;q9~{QmD)lFI;q!3_<x1~Kc4sCI-T8fvwugi4tH@59nVS7
zJ@wyX*}m@Au~p*9DjsAx-|u&_Nx3Bu4a1YGxs#l0sV6!vL%^(vv5@5jl6PLcZS#$5
z{Qo<~z3av-f4Bc7#&b%b!3<;k6IcLcE5iT}ry_ovSWwWRzKj_enRrLWrSUj4&PYXI
z<y9~bNMR2@vOn1S{6Etr;~33q{ecfZjddWR0~r+o2w-EL+x!4K;(#Dij5zo7Ve3&8
ztALmvDr@j~sMHMM1_6N$5s5>_hPMlxD8R-)pU>~_?2a4X&Ik}I<oWgVeA%7WF^|#u
zPHKe}s;`o0Oiuzi=8>7{08`W`#GZ>u`T6*tfS8pPk3$0r8U7;o%)SAVNC-uvA0v+R
z{|0>f;Q7h#)fxKwurqvKF}n)X#lX3~?j4!#$jK+^Sfq#d`~Bw)XTCiLy<(y2y!vSV
zxg}6$*cp)-k*H$WJZCGPCJ!NFF_($P5VUx&x7mLGKc(Tj&T3h(@A%a|pb=oOJ($Nv
zF>~j8?c0yM5G-Q_jUT`@P!wSmp@tYTN`=ChJYgBe>UaP@Odx)Lf2WK!p9TGV>)D?E
zI-bv>g9b)KYcgLMrOiDtnuk>4(2~+%F=Bq}e`ELXZ+kRzm<NDdCHOw}W$=WhM8rb_
z*OmD*;Lbm$yy{shiZ?1zl=sz`FnuIGtSAmI>jnVogR;rqF)kJoe&ZGg;s7=G_v1H?
zj`PtZ`Rm>@jO#1)roEJ+G}gA7g82AtQEH@|i4096F+~^iUtfLuQ#EGL0DZ}ro<$hN
z6eLRy4)PrV{U*aWA#nPtljURSXd;~Jo0$5$0>nBx;=;-<1fRd}_VNAWujV1<M7GME
z`NnWkL*-JId14@l5fsL1gtUFQFDw+Q5ws>VDrzX}Uti9D2k+r{#kj2Z{Z)K`9;^;R
z&W{);ucy~O>6tp=pf5#y#Jl^NyN5abT<aLH-tltI$Uy!6etv#t^P|5o4-h>0_w?pU
zez*0lac2kVRUJ^~zH1b@aYc~0C&yDP)M8in@j3Vmf-3#F5YWajapFq`domspS?|vA
zDEFI(!*mpJTKGbPIci3}Vqn4@$t3#z|96a0%fb}(?vA|O<@0mkD*NzsBgNHx)?~)@
z)NbB%RRz}D>t~Hq{$;;)&$UB^XovYC6^slHCj#RVFfaoQ03wPghjs;)iYVZ@=6R`k
zGL3%S<ozJVW6s#aD;y%=f|v!SOkoQOWs!^wZvQ`Zr~3E|ywJhYUYhX6L*rx!i_+|H
zMu@?T!O3u(;px=(`SttHuxMyX)IXgpjAH}%p#-=rU<_z{K)}b#sGo!g=)YvC@ZbY>
zA3;C{hOVycIx+#Czggns@{&XO_v`Z?nf6Hlko`%+-M=v@`H0)I4Ysz4a|gQ8v>CTx
z=#tjtnIzJTMkEB=W&DT669d*8&XYriyXIY2Gq<w}-))(_l_t7rc(#-|OF24A!QeP2
zZaiVf)P)w@T~Vyai!3!N@J7Af@|c@-#hJV|VAc{&To(pKn`~<cElZorm?S1d=NQ7k
zSt@i^y>|`8h_48@T-xA0VOo+$nxH|X2wA0gTw-wpk27nl2d@c&yHbV;L}105jO5-s
zt%2Uy6%R&{l&+JLFx7z8tTFC0CB|)fSS36(5F(Kvv0gFzf7is;xz1*z(=#)%Ti*5S
z-o~}9Yr7YX@3Pjt4p_z{yVEK&t?>z5c)_W=@f2F+dB+<n%Z_X(o*hv)+UL9PZ@%}v
zQyi&(PEcY28DshMf4|}%-}17CV|QQxfAd5tA}Wq-w65520L=em&fayz>!>&jRnkG*
zfGdB!>sI4A&Vp~uc_PH5rD>?qMRyl-u8K{~F6wTb&bu9VO}m|L;=7sGWxDR&on4a+
zPUm#ao12<0ySHTPuDD6vJA=EjTr;km?wxbHblo;uss^fsq)#Au@_z3(`uh6DF^qso
zylX|YxJQ>qAix=_nkd1vKcDaOf25ybTrWQh^gEvdBqc$wXCMoSIWlK}3%%4h(V`qX
z<#=~^5x23rp_^Q+qj-h|$#JEW7p>ram22C|oj@{e=Nx^0O1DKnZq;&Ii`;$Vs-ZH*
z^zO~BS4rbmH@WYtFGf~-uKLeDG{7P;0HneSP^13PbZ)f&UqE2gL%bhVk#pglHdUO_
zZG?S}voJQXK#Ba-Zm5a_R-2j=uuUJ61@Bd1i+VxX5y|n*o2_e=Tb%C=-(n=#_7X&b
zL4d%{l--XRa^S{_<3_389(Y%$*;GWZk=;9VI_p(7gVdw2`Extl;NVp4k)a3}Acum>
z6rT0y&e1}#Y)VSOe$ksfY)<MOoV@OYw^y#pJi6%iaXF91`pOzLa--pn5$|XQ>MG6}
zF!x*D8>Qd3$cS&G&39vEKPwxKu$utUV1|Y2n((?t?{2YeisZUQV%Qx)S@(=Ul!OQg
z766h%U3d5U@chS~d!UXOtYq*%u|%J_!ceY63Qp-AvW2aqn71%r)S4XREDh4Zu0acA
z=Fg*tyS;a=Jhz$3Ek@&3(@>=~t=Foxt@`gd=Fi>eYwaYroRpI(l9nDh-mWKEUR2IY
zP);PUUO|J=nZDzE&hyWD{mSdvDTE=W)3+0xf)y(~B!%toQ%!F*$MEL&mtCK0P$r@;
zL}pt?O>;Gzbj&wFgMbBs3N}DaBZdQrxORIRVjKt!W{k~X;Ft)ANC-?b_WJS17+nyB
zjQ@Zts%UUX@<)S*l~aNcC}@NL*#aY>ghg~frU9VA6m~!%rC>xPdPG4GgdLDE1Z=>F
zFoy_v@V{Q^%%-r-eRaL%RSFdDALsavryJZWUc<TE@mKtYeGT^#ynDmAv)8kA?%Rzl
zba6{lHD<!y+^uViT_81y1(*^7n^c%)WLN+?&<unX&R`+D#1kP+5Cgdv5;FrL18j+C
z^kh`28m?}=VHq8^EQ;$(HN-lxmB~peOHs32&`KoZLbVmAtdR{mOl?PtHjaU;bw>pm
zG09Y@j;7n&th&;AYMNAS64f;}*tJyQ+~a+0%kd9;Pec76Q5XtE1yW<J@bnqY?-<5R
z<E~bz+bL8*aM<hQ)8eD$o~mTooZb!^k*UUjYz$c;Bp;sOl+E+hpYPva#pf>DZu5o!
zV-O;#3O}V7P?RuLM^<)zkJ0%z#9qL_^?NrGArNB-fD88F$fDL66j+D=y#4ykP$~UL
z<c5!}C`bkbkd(kNfvWHN8nAOSMUC`qjqpsu%#Y~)TJh`OoKb)C_-7yU=YXEc4%fn<
z@U!NP0VIJ6Ycudz1Xv=$9i>4iK}x3#p~yK=gNI~xDvaj8e-rgk)ko+b%@JT|@U#lX
z$S2BjC)5D*`2bLY3-19mO^t=awxe}85r`wk2C&DB!aOoC0)X0sra+KB$KTfn-`=&1
z3G4;$LL#S73&8LoMS{Bcq({zO!Br!n=9r8umVTq@KYu?1DU++a5C||oHVCmqei`#2
zE;+IMM{xaX^y_4J%D5Unudl8+3*p?>^9vz#4D!5X-NF|QL(|sq>fyOj+d@PNLmywC
zpTD}W>K6mFKYo4_;LvBz<q>i6K#K%G6or-jbcgS{1NAcME9&ZbuIz6fA^W?t@AW^=
zwx`|Gb#5_>DErW}eSu~}pSkWOC-B~bMsgX<pFV6hak1j3woY^vz=>N6C8N|N^b617
z(htnFAP^4g2VnQX|2B;d^U3~w5dLccKKK%K&v5?F;W&#83Z!j=Y6w6P07}J?RYev`
z)AgpC<9GGTu4_5tt#MVX>iIhUb^QK+YYs0rnfMeRa!n%^CQ0-o_5~D*DD~b5caK~f
zFIbq*%jD;s2@U6Z3wfJzhVSdo+~#o1Jz3{zJR+Iy9LIt!{=Y}z{`Eg(#P9bcR$&U+
zSbqF1W8@JQ3F01VTnW6jdd+9*XR3+@b$xzu{XeJSZQWLLj;Hiz9)x{E1Z2Pmk^z0t
z;=#vzzk9z!&l8SJvf*J+C+Cw9flVqf;{gLg;Ic}AM0|b^zvcb1a&Q3E-<2>}U<;;z
z#s*NW!znzDxl7VWs6?5iudlD*{rm6ZnJOE*xs+gQ?-l}aD1Cl(4=@yMTrm3P7`w?T
zbW5}J%bS|6@)eojIOD*KzAF+80)OZ4=>5pZ{p|jhIoDqNI<bgUVSwHFWTi(mg?Fq>
zAII5$KM;`#@IRR3@i00Y1ier`+6e{>;V|%cOc3c~7-ul)_4V{Vr{`Ju`cP+jWi_nG
ze@Hie|3D9kAeztIJ9I{Crtlh9#&P}rxZZzyyk2vcRrVSrJD;&mgxNliWfGz&>WW12
zd&Z`?D>BgcVZp{|sslJDgXf8buMbD?_v1_E^NXC!XABCvL7&i!KYkg1Kb#-N-e4HV
zOQpqR21@z~i!2m_Tk!=)Y^F8Q$Larnf9LkT>hBoVu=n<iS@X}YugyS@=(A(9d6Io^
zNPSRd<f_y9xr^ShEaGvj1_KA@`Tl>O;g9?N|Gztg{T=?U&_^>g=2F&g6yj5rtY+nt
zY>uNLuxUdYM2?2d!yO*E0AnuOc4UiK<{nOSi;J5|K_Y0{s;nCx8lna)C9ym!PL&`@
z2{ecVixf5x5;w<6v9v8&)DwlBR6%3Halv3pJRV{cOnIAOQnEBdVXab+Wp<URUWhig
zX3*IQ5^?V7sNInv+UgXhHEv8Hrpb!e0U;s?GFdl9mLUz}BXzJs2BMgO4^tp4n^wD`
zdbUumI1$%Wx};`3qkxf#>e^=1^H4=CHs(aog@CLHfvGcLFbs#2xTA@0mwj@pRq;|e
z>J`!4=RMYEbyZX=yzaC#HC0d}z1m3MbeG}K0+N>cohoM_M6Yk;jK&zU`Xtdf(E`vd
zBeK$RXL;Ve-(S7&dao|T_;SbB`}Bw41`Ldm5eUeEkpE#iB-1gFPyDG!u)xapkvn6{
zyIQifyL6H6y{A3#B*9|F@CGJ<-0j^5ZtS?O?(Xj9>x-8=cSdaEE1S1Xxx>4;vgwm?
z%4b_{t=zk=;co8k>xWUf*KDJAbS7OlZs<Y=;$m2VGvB|%>-Gj!1Px<t*kEVvT}jqe
zHdRzoW>znc<$Y`9zm50!Q6Vre87wg(1!jVQz@$maLmVzID>Yn&o2tDGD3TlsY`W~X
zUhRcuzN|TYRq5j@-B$GkimbSt+C|>?q3q10`z14JX5V*#-K)QHjn)TaHsxoM!9#40
z@B<+2&?o`N!@~&jidXv7rYGC;wVFEp@jG{yr8&P-$_o&ahg8@|`&~!BQ!3}*T0`U~
zO#8n1+yHungdv4VASeLjX8Dfmc53111a|;GJ=Z8_u=*dd8H+cMN|rdxy_Y&%9433f
zall*d<pu%52o=y-o}!y#Q;FkuYUx&6rrYv9J~bxuS|HmC1H<FSmT)GO?$Xh>cU%`d
zvXu+(a{~fXXb9F`_#!~}fHu&+>RlU<V4;Tut5;n6E2t0+o7{vMFNW^zUtcf}f|eCs
z9c1-KC>|V9sf7x=yqPA4iYBP=1Bz1sN<hLyjD&=qHQ(EQzifZSvYpNlv-r!F&X$S!
z+>pTyH#w9>F`&C7KycgpD3y`f{BL+&@b8=F9-#ToaI1@XQ=aGDu3tIp_Itf^yKUK$
zha)L@1t!!<!sWlU>fF~5Xc0&WNCc8JH#Mo}ci(&6*;(&=9Pz%|x5(K!@291<s_J)`
zJ?#CbJmkH6^(N<qz`y{ZKp}$^h+I6y8choDF+&IefHY&U*@1@)RM<na0~8(*n;=L<
zX(5@WfWZvPLk`RRsmt~6x|#Mn&e!~^d-H?om}%AGs_?UObh%8BKy-ZKs<iIOT~+NY
zxu&#|RkH@R*kyxTW4o!FR20<OQ)}BY8?@cXGPyTv7`E%1HLAxoJuJFCgw+cpwMTay
z-Ktv$sq7q0yOzmRn9SG$MVY8{deN^DuTfB;H#TmjRS_frL<ub@8S@i9`S^Q`#@~q$
zyk4{2@7WdsV2F@riV}#bGU{;bl+6c(L!~As_+NX_GJg$CQm!gsKx(BEu|S4BpjaV9
zV4ft3M_%$?b9lxvt!RY(!hf_BBjSoh6my<$ll(uz_6e>@-Y@8?l44F816lRBY%n5<
zDEOk0MID>QPlk<iMI%&FIsCA*M$0W7QAphd8s{IqhJ!*VqtPg6Ux%J>JU><B4xQs4
z!x|D5`z;C~8XyQ6!{9J?4nUB>$O<37-no1Gz7t^v@%Xwu3k1ka8D|~AV3j&Rz6Ao1
zRL<bo)QXkZG0+bn!2?vUoc=CH=k<wIVc}c&2xL;OAb5g`H(~Dv5k&;vCNN<HMHEmF
zbo&M8Gfm)sJ~Vmnauu5YIZdzO7<zg@n-nnFa1%d9KaD@{=2z;;3-~MDkMTPfq=pE9
zA_Pwk-x5ZwDNsusWENs`^54|^2uez$`HXBtji_Ppm!}-YIs8GPmC=UwB|R9Vz?cl`
z3S9tl!Jo(X?kp>fuS<$3Cr}ljBr@YTm6X6xg&}5ELG<7gGCe4e%_0?CI`}`s{GuW#
z*!U$L(M1$dK{MKOlU8We`0G<ryT8^R+%_1@VVuWAU|?@+ft)Tfn8?L40Lr81TOV8;
zi^R(|o=ACX%~7hNyzzTap)`?d$zbRnOr?_)Xwij|mIY(;`To{EjST}6A8?cPg8+R`
z+vLQX?`3?!=^^#;qIZJt8>tNHfFNMcSPM&r$NT&H(f9T`F3;ISvLz((Du?(WM0IVl
z|6;>@Hp8mQ_YoGoYD0C`{(sniflz;f{DxHyPVjEn6hDMp!Ja4WK_U%r1DFP&FN_!v
zX6j>j;}vvb=zntO^!)qBkF)N+`|Q5G5bnKiTlW3U)cuSUQH+XF$=5s_W2?q>&E&zY
z=Hb@)-(Rg)_xtyy&1+e8je-4DJqJXneta3FE(CbR`+n0h(U`wyj<<(Alc|XacjNEx
z?|)&dORekq-?nrHQS>lG8wNuXvRJ?lMiPw_5M-wolCcU2-zo#C1aOA4l>UAF{ppC`
zTGyZ9@67?T=@e1NoI&?T_S4bm#4jC4KUIi`ViiSH`mz%}m(^lxD_@1*=U<<np1yu?
zCuaSIErw4LkoYALfdG7h0hHM5^j2K6ko0q$=Vk1@(QGw3{y%T#(X8EOip>xbea-{N
zqUM9=_4amVZWlzROw#e^5*Q0AU&r!@pAD`TE#(TO@Bm-u@i7;JTvh;GbtqQcf!~OT
zFkn`XG#lB$g$a;R26_7ZKjy(0MPc=(9|wIrHVYgHrNH{e8o=^`Aou_)!YrX_FqB-d
z-@>K~{{KAqf1kem5|hF1>h9`c#ww+?DarVxN)U18Y}(C>L8Of>OKS@@rJ6M+W~#Nz
zZYcI)sgb7h1-o~1M{PA_K(#beU`VPa3lfho5=$BlZ6F>g9-{`ZHMSuB`Byhgs&Ry+
za>5Y7BV$^u7&Zglm{?X!5QyfInB;I9d7N{bxrY!(N4GM&9_+(KN}LvE?Qn}43Y==Q
zA!%+AMDa$G4pEbgnnGmawdtU)?p&(O*s5(I840qWN)9ClX0<L6;-hdH$~Kl9-dbk`
zguK$EBncH}5Q1%0jI3!2A*FU^NNR>moM*?msjTZv&AmtMA|#Gg3|GZ`V|P_i5xxF<
zTGpqo*uxVHk(Vup9lGlNoNgnzK){Lcgcu?!dpXy4?ccrcdyu|n6j=KHeg6L8Q4vrs
z2*>qIl~GV5>`e|MH<D7;O8_&34O%4Dx9=}0YrC(89XgNcA&mnYOn9C&Br&B?UAfs8
zMkUqTwBqdTI_U{=xE#^jyRPZMbGx)Gw<TTNTwJ-X)@8^!yK-Fa>zl6b-F0rwtEsN;
zj$G$wcXw&Yl8DzTZo72Re0-m;*X3WdHq;M}2<8|yy2`IL)PqZ`&`<b3pFdw_oBRu1
zP{@Fg01(CzQQSZ;#1eo?8CY+uPhT$!t~Ilwvrk$xhVNi(-Xm(Liv$<gGhN|k=2ruH
zvb`6DT}lWrpnMJiw^HUI=Jst{x3#r%6E}gwe60-k4lmx_8*3eD&XcBW6))A8UxTwX
zUXxIOj6y1O!B9~`KtV%9A`L2#%P10tNYW%AvJyce@@3h)>k05~_^z;HU2#~QBp4a{
zk*n(7euUj2-+bfDYP9{@`|QEj!(Na@EWT@%SVYo94z8+)%Um=omC*^SlT}u_nKk`J
zo*T<ec4Fi5n>%Zwx#zDL-!6>JUKW}b8Cd|5Axkh=k%<936Fr>49$IklG?(Gi&OK>_
zf*T!Rin0fy)oZI7%ZXQ%te;l#&Pv{Poa5p&IvTt>HbETl^Tvsoa9s>T8H+nD9<|Z$
zc3Rul5;X4?*-PDvw(>~nUvA~}b~}ex8@6k$^Rd<+jxQnQ^L)Pb>^2vOnTRk#%;J7}
zOeQSJjreY=#3+HZfWnGbdM>*LknUY8JpF;HJ_2nnQJw2FH@I1oxw-(FY5SnQvt4(2
z9{~F{g`IeJTZ)3`!dU9Rcs~*npwl+9Wwwp1s}xF$0DMI`NT`AhNsRvwAL9Hj5RLuT
zh%oMU66C`-RYyy8eeStwrTor_S|SkhT`{5hQ=HGDjkf`)^qk4Apt1=2lj3l?Ds|+x
zNzkci3!iH`-s?NN@431(&j@XIy9ix$&$B^bGKiH`u$dvb+b2EVjF-8iEMbZDu6E;>
ztKYrm@1S`IsK=c6N^Cu?d86L(PI%=p6`G#=uP3hDWw)JgF`O}0RD0DP;dhSO&Y_h>
zY~J<>02}p5nj(NJ1q4^Kvd&JCNe?1qNK8T+1CF{{(z_Sj$es}4X;{&Kd0mz}Hf+#l
zA(e?3iGh%T;6TkO(}o%v0${;mD3}X5_?^{Kap!@+lx!zT%2*P3dm00EZC6C0fRMW(
z1_C4EZ=Y#GfCiW$0B{(H254+N9311tHNm(dl30QyAd~?@5j1GQIWkU70EmSV445zw
zutdjw4HPh#5=@<KZvu#j2mmGw1B2%aVZ)=Np`wL$2Sh@V2!<eSCJbXa1k6lSfdoqg
z^wAm^OQL>>ikZVsnYlozBrgO!MGy4<auDc~jJe|){@<<ORDS<Pa&qcb^80li#R+E$
zpCB*qSv9X@x;mJs6$lAcF^O%8Hb)*IB$n=~quHb?3Ofs;#5pG2m?ns@Dv^VGX&#ij
zxay1=+aw30mBKiots9t}-5}8syDq0%-ATyi!niGv#WLbaF-2I(uBEOG?Qd3!3aNEG
zdzkcTZYz!2_ek!$Dw!@p?oHYyxXc~0fW+y$uT>IywvCmGbV#+S6*tS}=JB1-;>v>B
z)-wN|AfFOXi6`3qTYV}ARrW#==QR(6S4EnY+oDEu?`8As_u|Cl#bsQ4Sumz{*^#5~
zJI;p|lZ3*m?fRky0HN>!mIz=NJfw4Jorw--oPkzt-eoZ)VBkEXBN>UU_nx@%X9<1r
zbFd`zQ9=Sll76J0?G%bA`=Y;aC@4h8NW0|u*S~-7_8;f@{(J1}%zG$2u*CFNxM2H(
zzntFm;}?wPn28PqGtXGs%)WW#Jl_@<rh9?ufYDH^9AQ!j`^a^^Ic*!d*g)ktl4}~(
zUIQd^raoT4ZcM;_oC9XSo$hA&<8KTP-ym)VF+@JAM+ZF>Pb7xnR^rLQpzk-eIKa<?
ztDtk7n0E&co%o*DZJL+|aBgPqZn#!}9hJc%Ko}4MGct^L?^}?%K|J-pudcqo-#GRD
zySn#-TE2bzAEHC(LI8;&$QZ>0!a^wrUtMs06_2eK1|PW$a_Y6RgQcI>tXtIukI@8x
z#ftkq7M;b$+x-J_f}CJF(XaUbNPlDZ`V=9VDzpD%956Py=^3YnG5eY4`oiyjieFFk
z^(W+#BxN(VM8?q4s4IgrS|8J0;{R7+!vQ({SZkHW3cfF`Nx$dc_xtG#TGl^o1pvG`
z*hb`hup$)#oTTQ7s2+_O)d$tq583?t;d}h%#~RLR^=3bb&g;}wJZ8?{CCrB6dY1zI
zb8~D&^~Kpk3h8>3NWnG&<Lm3_MnwGwR8zrsy5bq06^GGaivwX2HT(U(xkKoqWK~O#
zt17C;_pk1Mpo(RGNDiJr$>Lvu_K6FDziDx@4W%)^=H(wJpE<Z8x-orRsKcWxWcvL)
z{+)3<CzR(n<d(hX7oXB9f|s8=tWEIER(aMJJnMsF`WT40&W^u6hPyr@om2}a;cp%3
zd6_Qyr-7mLErubaS%AM7KN)lhFi1396Ng*?qxU}&7BXO`HpYs0z~NvNFc8NEHl;0z
zAnh17G=lW36u`rYAwS0V@5(8vsQAzX4`7E!jXE0w0{8duU<?6n1{se4@n?Xl-^OfU
zBm5KqP{>1AT@XxvHTm}6bO0LaWPH1kryB&nBt$y?1sTbqqAe5Cr|Ew+_6-db{&*O`
zIwD$>&t6-x^JR=%LmlEdpzl6$&pHledbq!z-^yRR?{w;UBwPSKK<%lOw1tqaz>Pyn
zonX`R^YVVhDv#NnYU|gVC`^~<1|eh94Fm&&Ep0~wS^neq<VMDyVwJYxOpW>?K2#6{
z5AKKWyX=E!!(YB4cN*G3o*Th<?>w(w>OaTE$I6)+s{G<bX)vIDS#N=Z1(OEm41p<v
zgcIH$UbPHWL!aM%9Bbwv7cCCv#NwPN$3c&!FRqWP<@1?5qK<}C0gOX99VCW)I|5IF
zbZT}ufQF9C^Yi$hzhq==$j(24z|bIL8siF$Yd1eXH!k+mRqMh1m-6^-VpFsTetv&H
zon!gu*I&i+C7y9}37nYDCAXJ1Yz#64Vxxv?=7VtQ<{Z&(G~p$uWu%Z1y0+nhj9gq~
zZ>ve$C-sEU@2_7xXXE93luW(vcX+yY>NPe8i#2ep%C_UUvxsO&&9Nz!30`fd5Z2RW
z?{JYET)VhX-;cI%T=4C~S8^|(Z@{o9#JzP?TuZY!I=H(-Ah-q#E+M!>u)!_3O9mMH
z;K75t2ZFn6Ah<)20freYNEl!U1PjT@o1E|a?tORN-&$|I_5OIZW_NW}S6BD0-h0oM
z?kaob;I+9Ap$cE$Czj8nolyX{ao)zn5j(2%=qT0D=Xhd(1UhabF3i%B777=>k3&9y
z&hs3v;lO+!mq4n6xiF1kQ&tX>Itd@j@5!n@ff|wG7cHVuXtML1fPKw#p8mY4U^xm5
zvkH5EQb;K^0c(V_VPj^4Btei1*Tfu4wv*(uZ-j6cQHS1Sytzy)6$Ox1S=_R+)R3(-
z*chr%Hg?<g#+ze-Gt~=A3AfdmT33m-$etAgAGe?LBeO?~D^FE~u4G=j7zk}PD?w4r
zg$Yg@*kflFuYnGDI#z|Xq}d<>JQj{ph>v&icop{b@E*xP-m8r3RoI9$EWPMC?txc5
zYF0}WU8j@jKS|1)y?vNl14%I!zunzezxmcY_gXkg2~!I%_l-~2t;B~?H>amk!#N7@
zIOj#NhU?Iq$8IF<esx|5L5_TkdIqH}?~i3NA16fM&tHGDN^C}HluC;{VmB!kIF<d4
z^KjD#otHmsB^<E-Yx5bVv)57Ph$K6*Y|1!pWdVy++xexp1@^^35j<jpG)-xFig`uH
z65<CD^M@sM9NJw3G^u!9bUXH;99n|9j^2Z;CcZ8lg8fr<cP&z&puV$Q@RR;_u%YkN
zfnk6Bo8k>>R(6AoS}N5@SL2U=*}RM!*oM%-4&QzMd)HNNuGe1b^<I87ZR7@ZXfgWJ
zSV9pjsXp*c%klNWPI#s~UGBX_ZOCT(ef<yF332DaG5Z%cf;!KSo#>Syvn5{S-T<oz
z0OQDZje<~%+e!zE5)JxX{Sv0xnuHpcMd#+w8(WX01LomhF4+F=l`f8l2lziR+H*s4
z2UnQxyg~b{Q#_}L@BHE2?z1c)3<-eyi*NU()t5n1XQi@?qr0sq!TT+#+KtPV$Qh#|
zQ9e)!N$F?W!@00xxwX5U*Poh?xCTquhDl$1A!nx+Vq+Fk$E#cELp1uT_%`lYeJOm;
zZ~N>J>|N(NnLWz}O|xmJN>c{DIovuanqP6m!q!xb%UnQcE^I9zz8m;HN$BkqRO3I;
zOnr@g;#iO9RCif#oEY`g2j{MG_m=qYd!>Rk0{t?P!E%pMgwnJ*=$NnF3oQIYy4Fl@
zFGZc^9K6;UW)~1iQcDH3&4hQ=`OGWP^%@;A+|*&kb;&)9Yc)SbNicRpvzB>D4L&Ps
zrlDr^A#blA|L$Qr{Ip0SGIY*%C9-{bI8k|hAIfj`*e@Si-sYm<V#YtG=Mu^$cB<xy
z$bwIM>xT2K+>;q=>7jxkwm0o~?ImUrcLl^-UTMQD)L!daLz4yus82dPe%iT?@!As`
zDa{Nt+*u;QNE?vdG>HYL(1HI@t`zK}OkwI>WLL0g8J(eZqeuvJ$NBv`s-2hk{3_TO
zv^Y`2Jz8kod<GrZtOHL>92kT~P@!y=?M{{>XfdTlZPQ-Izb1T5%#vU6C2D%0BWDZI
z`1uOP?=u`Hj5|ddJ(DRMk1-nbSGUZ~&Bxm6p`l}k_Hpl9fzn!<noVkz{xR;PPZ}|1
z{ua1}=E4s8iC?r>buiYO%+%@`{k&)baz4BdOe-AA;fR_rI%9w5R1gz0aWPVpVxF^V
zkX)#em!W%6-8M+U@Lp5{*ofE^?YHiVfA8x`k-o~EAn+M`ebrC<6{W#@)s7qv(F7gS
z`BZinY6JQ@gI4-8jb#zroWXYYL=V=_!X8E!nP6q%XZJ+}?#4iuzVeF0aQk0>J?(v2
zO3~0Jf>&FY5K2lricaezj|Nq~#2-#t^7=ZeE1aYp5iU=rLK#NwG_!2(C)Rk(iJCC&
zmiRE69H+!xk;p0ikg2vJf34<$BncTi&%=1O@GYOP@(@5P_Uia}@9*$?89{jls`(1u
zJQ3EbYbx~75mAL7^wBZ{xii0_L~vNumZ(L0%%7U-nT`<JRv$-dyeb`Xu`2y?RG|9+
z+p)&|68^W<_(vNn$se=hzA2oTAgR>)fshf(s5HHcyQVkR+(9%8T9f9GC*H`LyN92n
z;6wl}6MFdDQfjr0zwn>`l0zu>goSB<O0z|bOxAaGyxEU@jNpRF*p5q1@Srj0ZI;`=
z!ysFV06p3ZKE_RZ&&BbG^|RCnSicT_BdZ*0!R%jo9LhF3AD3RLeX^Itlu7opTT2)q
zn#Iw-Jf*uN+29}*pX2cj5l+Ke`4!ZgOEmtu;ra1$nZ(`Q<HL`F?UVj@JG4*P16{tN
zUrD$B6i`*7kW(t@Js>(8gA?Mv{HypE)I{OurHf326{4+9_jl$z`hg_;g)e$X+|KK$
zmZhnXyVuD$;d&)30?>Rn#RY$ZY&!+oq@TxvBC*dS`5t~<KNg4Js(mWFxk!doZ$=NW
z4AZ{q@TetH*sRb<7+p^0GmO0X_W1K})`GfJk|W8N@8-2gz8fO@%p$<LyYb~eDx1+>
zLcC+e($aC5pL6n7P+}7~fN-6^{rc-A*WI)=@j~8Tf29he0#koYd=?cYJpWtr;PLDz
z#dq2GFX!Xy#mz6S(?yWWw|cspux~)Ud*)K^`qfnL;}Rkq!YtyI$7J#^igki@;jO&1
znZ)(v87KRPev-44^*_XlYRpI)!ovS{Tc>y#L~!ItFJiw{L*Tk3hl}py%tIVcXIq@`
zb)mc>y#2OpUe1LmXNf6No?09*5Pmn1X3r-fyC3}JxDgvv5!aBT<k@IyhjbqJ@XAsx
zF1386VM*(|xTGHlE$u0V4Z#bk(uld&AzjhBa(!dCMc7z*M52yq$%?c}%gK4tkH(KX
z$mQP{JagL5@P;8vd+B+dQ8*{ErMR)VrqwvjsbE&$qu~ia&Gh$CUrvpNxK?SVzDo7q
zMDoX&_kg3{Dn;E2Ru@il)$|9d1WtxBbM4Q}qFC-FGw&XM{O-b+`k2x*O*uJrApCM_
zIPU(zt<0Z_n9L}j0{elyE*(Fj5Cd`Td+TTubK2zb?k@69jeRMMk-B74e@;>7p+WBQ
zrBl@|6}Mcd=jT9<vDm48<gukxJo)`Q@z0c(4nM$R&lwz^^}ZKi-=b>Vcaf3kc%Ay&
z=C7TL_B}{wsHmQqUq!TE2Xpg<gn>#^#bJ(?0nNg!FJi3ZS)m65euAY2N8?lxwdB4c
zOiZtqtHRgORmVQb>y#pe)hr(3MKz{+*)%`lA-2aLUMONu-d~%u*{Yw|lcKurrU9#}
za5Y{xwQ!oyEPGGHxAC1nyO2mxbvG_H(?XxDF{Uzwd&DH}y=A0DYPBYdRX>$Plz<*U
zRotqvN!8j?E5HBwxJnWWgT6M1O@~Ox&_M%zOEo@{UP!(&&Ng|@c9s_BGFxU_ZSd*I
zukY8LhJB64vQ1Y?cex^)ND$1{f)Px+iEhvTSXTud<ZrU=<ekkMhGlE;47w&%lgZDE
zU(YPuG`&GWW)B|#q&B55?SBLssBmat3gQ0cGu7bcP}!L*ZAz;Z^y__v<|a5eV=naQ
zGDEYEmXXv6M+QE`-dIx>U1XX*>`bsgEOs0`7*h}1dAoWHl3;}ON&AAeDy$^@inog)
z4iFP5tEofu6j;DPukTc!wA1N+;>8T87~iT-d!BKb6QkP8p%^y4YS?Eb;+LQj825_l
zm%VFnK?aXlv!S^T*Py%k92jsqH;j}Tw37DcQ(3s|IL3_9eNyy0f;%z(uf&L`o+w-r
z?|oNVTA>Oz9dWbltb`A(>6}^a&pxwyQopBgav2eteV$m6tYK7DQ}0-ioRy5P9j758
zl)<BJ_H2}@qMcI=Upv|0wL?dS!z^V+;j@YYO%Z%C9=sYY2X(UqT6RsNMAOf%Rp}z)
za~rhelq+`0MhfH(nRW)1pR-~s6F5Cw3+UbHtHkKoS8MfMS*JPlU3oafnRT#J3XEGh
zGYK1oRorx{3<{sc(i5oLO=E63Wo4SDvw7;bbAQ%Eee<d`Yb)TjXK8J9s?+gwfI8G-
zu;#qi(N`f8-Kb2m*DMsXR~1h&BQoZ*$M4jvOw8}363f(yv7pX0QnB~2u%k^<HP_y9
z?U?GQfl`s1rc{xMJ2i-!<+M_#<+nt80?C#03u-o2E2emAIf?QsTI=Z*SM&8vSB&Oc
z?4PG6sN#>gWokq9Jn48nOvyMkv!GNtJUq|Vl-<l7L=7@L6YVu!8_ZKsUQ{Yf6F<!n
zP>%_J5Z7xLbxO-nF|8w@9ie&nI|xYwzIFO75(JsI#s~ck`ZPPY669cN^#r2y{F`ve
z>^YuIfQj+-tTb(IPZN`vsrnaQy|?An@9>8{x6a*g1pAxFB3j$t1b;W!I<KTgqW8j6
zDc)=-j!!B($+=!ZKWrleBbNDX=(GCsl{}7aZM-l+>%VfL7AkPxdd>LHs+k?o4Q?R4
z>^adHwh2olk^n0Umy3axuf1E%X>*F|x~}6?Yce0G#~X$F%J61`#j65W%`xlZt3&G^
z*3ihnI@(^kDK-o5cvYc$*K}PA`T)yQpS!mmlt0Gl4R!>bSwxq_FEDM4M@-vmIFy(m
zKEv;Oqx>IT(tC_=;>6#)Qe+ejaGQv_quS0s0=riRgjDv55D#%{PP3bXRG2KeVdrw?
z#iP{Fdd6oexxs8Ens*`=(;`nLYsA~L@c=Rz{)@&yCClZeax>Hn$~IBF#Lm~S#%PeZ
zZXkQ1;vH{4=)+kZp<ZpyTb|;6QUoHg%imHcAc<<zTd^hmyiA5C5iVmy{`u~W>Ws{m
z*tH^^8!5JF!!)JD5wBinzC&v>&#Nb+VHQSZD<V~rs!kz>IZYF?S>~OUr)Q=@^HY4!
zJj)#8-b^^!QzA8F3K$Fd*-Fk?SGliQJIddRV~m^5)mJEu=NgPw63jKKX7d%KdQ$Si
z0!6~?&IzH2CQBbo^@@?bEHx3YsRiBb@7}yJp|4OOCmM315mv^h%dxFWlGFW6dVwk;
z^+bu;IkaZmVP4*;tleboO+lgoZOs7)Q{xFCP-DRa>f$Jye3T%hGfD7EM`QtXxgw88
zPfl36w_2><W4T$_J)NHu(uE<$jgdwf=M<Rc9BY*7x=JUsy7BP<cSnD8v(IOK0n`8q
z;~<XIL<`k*8T9Zr?5^GvWOzsl(kk9yDX{!<)^b||gGpPz@R7&<>H1BQ$VOtHq$e)B
zfGFg=@4>WD%f`8Rn|iP?Q1oe9%qC?OSEK=N*}HR^tM^(oqj)tfaEne`W|+Y0JYDgb
z-qS#$$FtE(Es|N4N5>UnUn!Hq#KLx_+{=#!0j-lSHb&yF)C8(+`4wU@v-1_3(}Fo<
zsh5W;zME@_--h9a?dUdi!l;ETs8WFawcjDEvdzIY0fyep#l+vBb$3p*-tMXc8FoTE
z-e`@C+`y96g$+6Gya)xT;g-Mw_<h=-$#ZXi|3~43h4mA-H@~fQg-AV)Z`QrFKWQuQ
zOr)GKq+JD1;hAYLzO(U3{ed~&Y7<M0nPHwXE4CP6tI0)Umfs`?FPok90`F-<@8PRA
z0t>3%6v;hr%o7+Ok+;j`;8}4{a#Q)|N7871ZEI-`p*o(Q%0$SfE_y1wFl(By+kCk)
zyiUKEeTLyy7Y`qgZwsp|OmVJNzQ!1V$o_J=rStXzk`JCb6zeAu-Bvzc*W9~h<#8D*
z8M-aLMcx@j%Rzj4yu)#yiJih$;I&N2P_L(c4eW9BYC6F)6SbO3jW;D_4lF5~#<SA!
zlO29$#9G|mnh_V2_w&Kqr~_yoaG`adB$8`H#+1wYmO@-W?jsWysQ|(|Rrqr!!8Yj~
zGwCJUNZK`%kF$8L_4b01gyPx!j97TD7WTxAHIXi4fMjqt^<A$>7|G($VzVi>vUB^X
z4L0k>*t$n1k;j7~9qH4M8&v#}b(>HTPT=aCg^k9N8~wO#!Y6HoXl~U7IkTfAG!j}Y
z&V-ba#DfFeCoO&GZwZRt;<xg)&_;P$?M)ZN*mCg7e8OT0!Z{q=C4A}b-XFRd$lLg<
zji_%V#OcO4A^|5%qd4%khOjXx^pguGb88Fl*99fzc5j(aC;E?qo;@NvAxD%uj9Xps
z(_WDfK2S5S-|ZGq&C2qSj>epKjPqo>d{i;N<R)=s-tCF1*X~!Rc-8o7D<5)!Su_9C
zUq|Hlhs9A-X|3gmFTTvLbVcURV~WTY)$5I~+!k0&zxMliOY(oM@9{Y7Y>C2zu?0-p
zv3^I*kr+o8!_EBw9rMOf>H2oDf2}oab)zRu7|U?F65W>dKB<hw$1B%&KqYl0b>8c7
z6%RAxRZ^3gIe!4b@@Rftof>W9_&L^OZm`r1(e8qOV7IU11*ZNb6*%Hs+Cg_^AN=ge
zTc5hZ$OaeV_(w^(!>!=`HwM#dElU2u*`7S7Jo|FE+!x<<^G_+a494c67bC?`y*D(r
zTItDGP<s=LHl-6coIv!mCf*O{>GjOi;tuDDhv>A^Y=BpRLb8*5mgB%3`zJD(gD^p<
z!XZpX=ukf#ccIN4>+_j|=hnqti!46e+r;z5lL-22fpHJHuKa~|)rXb&C)ScH07={O
z8F?tNfltI68g{0`3-s9FbbK1zr}V=VzDIH>Pg^;vy1tZY?7==O23h09mQ;BbG|^RZ
zQ*<kHLXX~LTMNhiMyzCy>#D$zJL15hfMnwGN}Q-U4G1&m!^+2L=W~SCw;f2zQzAHx
zlwR#S=A?FTiJ3&I<iSp8@NtuYk<<}V%*BD0kepWTCwlw09|(7XpC3P$r)sCUnw6t%
zbgt|eLAdqF&`WADZi;sTU};T9G&0?9yY?I%(c^Nr<_fT6t)j95^iB4>0@nId)>}h@
z@e4hy_nzgX-rUuCd7Y=%-J2~qF7)p5>WSr%HLYwKHhGmp%UsLV?E{zgI?^(o=({8Z
zqK#H7xV90wI-EIL-0L&;g&05#QJaBRvdgc$w<RcN-JzY0n^9nOaB%au+(F{h;7~Y~
zgo#Lo9qF;(gy_L8W4nb}AmxYRyLagQGE0Mj^zAY`x&n`Llh#kn@}mOopm_O=i`EU3
zX2CA8TK1QWA37AK#(Z;mf1v{5wDB_zUu~o*InXLR-!Uq#o^uOtr&5n0!zCIy=x9U|
zEq!;!abvhFn55$<=s90qRuf;vBNljJf#vx&+kRA{wSOl0HNs)CR||_b1Q-m03dA-O
z&=yezmKZvv5PZb#8*|HbN_|!Z;WuCe5?Oxzl(iLbS1M{xx4{er_;vUbkStR!g)?Xr
zd+`>hZ6GM}^bbsvb}RO>5zA?|P45&ODoJkyF5m)R*XURKd@d_@C@hFqN5flmvW%!&
zqu+nB>G=#9ku5naXwY-JR#0l+kWm%q^qiCY5%r?C*uTuU<MaTo26-Q3l~T|~BB)#N
z>h;;-D)^&wlynL)du!RJT{wEiv#5k5-ifwd&Q=}+*)Qj4FK&P0+TPlVxj`13;oz)a
zH9scnvNu7W)~<`zK=PQh=p^(ei`IZ-LfdjNtx?c^AwLb!3zmZn_GI^f*eU&`RBH9>
z!`m=pwC&;3cF^AOg}Fvk<3eNWU^w|0yH91GlUIrnqnFj~=h?P)RpR-lVVTJG{h`2y
zl7gr6Xy@O@e9QuP92=qV0>1i^*4-C}Pchb-1$%(bE?I+Cig${$s<48h*dms>ap1R)
zEeYS$eYmDfAh%+TZF03KI`A9{`hNfMGIS2!Javq%9e)f3J=U%rujFADLoA;s?KS>%
zVcad=+_8UoL%u&gW0F5kM%LRIy4}C<vp@F0_wSN!X2<DC4;+l1tU5Pi;f^qySU3-W
zvesQ=m$GKIhoRoDNc6k+C!oBuXN|*G9cM_6&DD3YP3Qf+S$ZylKNq7ekKG1q^wIN3
zale@!8DUekuDV<f3B08GO%nIjt%e7slBcrsc<{WdNlg-7j4TFoQM63mb5<QwrcOji
zZb!1BD{GTpw*>#H7_dj=WLM<9!tp#);zc?RKoi4fu_W{bPbQ{qgDBc~;@^#jPG4_}
zcb&mzFgAm-4>JjxePqV#pYznbw<T?M2uKMpmA;1GCw``xNVOb0eN>!R8b)$73z-#d
zkid!3+lezw5pMT>a?dY>Gukeg%%$|yyuDhYN{pkemzM^=4Bew418qtiKlXpUtDCTW
z7Mmn8DU0Ru9_Bs_ERP~g?|v(Nz}1x22KrRbWa2yvzr4ISf0S`?V=hNrZgCr`v+ltr
zOkQVIjlhi1c8Xqn^5TEvHdh?tK1?848V0@l_A>;zw#><q7Fj0<vG)=|&(I*eueO$v
z{1)zOe{Sw^v&)B<m~zfL1nZwa6v0JIB6V-~*SkXiqJj?GdLKwXfU<8$2HxQJ-(tr0
zh}n;C_@37UEP==xfTh;MMp{0J<{MUVRV?{^G;vAQu1<4%#NxpnV39417lobLW%Wg)
zO8uKtga_$;bdlVQ217vcPPf5r#u0N|HU`TZW(zZW)!q(-H~VLxZFc^|E}9AcI)}9`
z9h*R(shbx^J6O~%l(n;OG)!pe6K6<w-ysnu%2SKsq*uxAkXW>Ot=fyY{l2zdU3gyO
z(nsUfs@Z{>s7<==XyDnb<=Gb?KJ~AvstQ(Yn3%n0OIQHN-LXCFl|aK6kc6P$Q-4qA
zz)pK;b0sj%$+nNKp+!3b^&$32H0nJyy!1KkNYL}x=`!Cr2$86jp#$^&yP`k?;4pqY
zjbz9NA8$c#R)*8Pu&qz4sh#3y`@_py+h(Zs^n<5EwGobMKTfVXftm;JgGH1L48V)y
zb+Ym;2n+YT`tN<JU!iOMyA)sQ&9SRe7{~1-BFfE2^WCwJoCg5mmbBN0R8frcvvfg|
z?&u05O#z9|N2LP-7M3-1sy`D^z;Y9tb<fJ5-&?c73B3zR;7pOL3Jq~1_OTWdkeFNV
zp)-5YL5kD2GK`New#Or!+zBt+OPm?+2Ja3gl{3ddEWz3w-P`!XK-*k}iB>0iAr?O?
zL8{52d&?*F82)<9<;x-c2h(4!k94KqhhdRLp~sj>&6^1&s6}kCxw4lDSKYBghJO9s
z4G)a(Kcu`mI<yXk1h01@AZA1q?~8W_<Vb5iu?#5T!nBPHld&57(ff`%>V}st9h1>#
zh`D$!H>^G{V=}TEA0Fpp2yzR@2iuz|hikafckMS*C<YGfd~|z2f+A<dYS!Jw8fh<p
z*UZ&;=GeR(+HCfUqJ*lL@svPdB0_SZuh|m2sTUS<un>0BzFvbENs)w~5Y46P_Kzmp
z5|ZIsRuFdak#3MbNbjb#48|xsSzovjEp(+ilfgz$Wmb+n7dZ<n9sBEmeYu6FjUuMd
z4{z!TH&Z6;9%@UJUHc0|d>GFsR(RV5!8Iw{<M7h}-a4n}$l!|ykvWho%Iix0m#b^b
zfQzkIL*Tb-x+bFiA5i!$gS|F&Eez35iiDlA8P+wOIE#&xoVdSe0%~7*51yNVWRuRp
zQcZW+h9WcLFmUfY5D0YZ6p;V|8(+D%LKzW5`{EM4(61C75ZTo4#A`{%A!KCsnKM*C
zV16Fh_wAe)D_iT(+*G=RIpcbF=MES(xoQIf9=r>lXy0Dbxec*GxvOouK;|zvIagG7
z4z8*mSJ<eK(V09sTJPa)4kA7ue(X7x3S-y_8d(7Mt-ld8r(atG;)NmolV}PjnoSzr
zm0qlO!jRwvPzW4Ubac~jEW7?nYSCNJPsR|wM(iwg<kp>h?27@C2-#kE1_as{9X$?R
z5*<s`p?p3D^)sv?OxIh%`RJ@qi@sdv(bWI`Xo{~noOU_<J>pHI9ATzFD8lRkd{FuX
z5ph%Ch%^;Z-PN*8xbfwmD3>ZJ0l#WG$9V0ZvkvMGo6U*NGhnpe4Nf)OwADaUNw&3j
zOtyE7mChDJ&w8iFrB~rn>|_OlUVo+NH~1|gBYJVs1=nOKX@2`cR_#(B>tG*W)%h3?
zJE&w-Lsm@Y84LtVuZ>?-_O@avLfu>Ez_ewy4e3^A>P18ZIbM^4SuJm`W*msqmLXCp
z*F*63^uqQ2)eBb{EO^(NSiwatCa3gi&?0DNw!in&F?T*tx>Bt_u3)`;@D8}(Zob}}
z4FpaA#X$z4YsQbx+t)AZ!|#ebU$U|F)g&REz`Z3vqpvzCbZv;b#>0>W38_KXwu_p#
zjT7MBCeK?aIKas%oXowbu5J!g1izaOa60y1U<ApmcNVUzw->D$BQjs)=fkdUnyfo(
z!)5qv+Y1HgKWvhjNFgN_K*jz4f-XWmwTa#@x8f#){%<VQrIhz35QV8<O+r_WL>Or1
z=Vp8G>!Gg2%DfHj?t|;M&N$f0J*ekFx<R^9s~c3@ow+e>nAdS)2&)J-M2KfhA%gu<
zJwDk<{f%mjd^`px|IPR5L31|C+n~IyMkliGkqe9YJNnA5DaQS;1b)=60l{(3jqc{N
z5*Fs`fsZ=0hcgn-dx7HGeI@W2bE$5aA-~jsLJF(G+-@^hNYJi!wD3X&8F_zxUZb~g
z{jp8g3JxY}_NlQ}$jX<L{3fcvdARqW`x2pPoiZQm6jCex;s~bK*>rnoqbCI?ws$Zx
z9BlMrp2LV2FhqlRR8xwJ&<ZCSL)pk^w5Q_R(}z4nGEZ6A3Xi>W!T&!&$mU%g>I@w*
zDN1+dCN5r+>hL8B>LC%UM26^xSzUB&@(Y@D_SY57G+B{76)Zu7?1cR3X~5|~c7BpG
zG6deU=aCemBnEsASf#7hrx<|WGRqnRNy#{z`v&v3K)K*XcdNs=qnoO7ILx*qNFZl6
zPe~P<EZKj|QCX5T(qjITeR7ulWCOAW1PMDmPWETfkfoA;k0eg@R`g;_!_Hj6)KNkj
z^lNBW)YU{tOMPns0ayX^A8>yve`-?!Ou&{Qr3}c)umDDL9VUThsEkAccKm`u6g6(j
zyVHki65zm2{p-+c)5Alf7qG6L1NQ{nLT%e+J?T7FOa(IZ*Om^&i9(iYS?k>lYgL?j
z@!csEG}s%gc0#*Q`j4uQ$c&J0{ku<$q#4TXb*K#Ee%coqyiRm|E}@<kMW0RT6M-J1
z%tKX%R#i?<Ccl%cY);xY_Jc-`A&p13QjI+bt%s16Y*(Q1<6nRI{&ty=lelQU{r!bU
z7@3_-;WS<EWB6O_<S6?-s$N=swq-}X@}b&Gcoi^M8^q%j;HPa}=D$qO>ff{;^3f*r
z<Z}TX?5;WB^M_c>FLRD3VPhIzA|z0bX<=jg*aI8II)p?DnOjKRZP>>U*qsbg7}N63
zyh0hNT)>rIA6!4vuKnDbH=5KVbHnE4Q;q^SRBBKl(lfq2O&uFOezSE1Lz$0s5C1r0
z`L)Y3t@7(ldP#C_AAZuL3ffV$@E0ZRAK;zVnC8?^e12t`@-uqc_fnL%?ckUWkDdm)
z1GVcqm`$^o2JV`zlMf`4R|{n*L~d$KSyudd0B?0mR63}v*RnFJm@iL|GM}m#yW@B|
z`c(Kqrok^cG^R+xKW+V-g;5zJgb(9i(ASvh=zaViqwl)q@|0wO^H7L}E1_3GCPfnL
zdL^z+4sus`xd(_uxd?#Bp~00_-xP<wSa_Tz76gT-q{I}*J$aUj*z16wc0Bx)ByT5b
zzj5D6dVBL!2eGn|QYfCDa{6lsynQF*-#F>bz}KGoLq{T*Fo}LPzrZ;}_6%elx=z?p
z0PhxogW>0hq2NoKCu&WT1ipf!JuBB15M3r|wfQ{k^sm;cFLW**JOt6~E0ygra4XoX
zbdXRO#JRC}xtM(93QV7ZjGe~N#U0))V9CH%HKhgc)|JWL6n``C<GpUQtu#di22Y~J
zkVgvzAgu>~+#wgOP)<u8-6L$5Z0TJw{7)Z49|ytpi?3{$CL*ZWo`zpspz8z4$Y>=d
zdbUt&yOU^DOzW|kvF!mAT027`{Urdvn9(q;7#4Cc_!!I-42jn0kXKe7++q3!JC;S-
zP+=*go7)blu@}!;2f~65Qmpyc{cV*(Ow;sLS)<}z*jwC$@&^VlE`qGtFe_;@)Du`;
z`DXY07ja|NRn^JJRT5Z3?(g5DB0sJ*t4CyD0fG0Ttmz+RmXjLnTGQ3>xhs<k=*m1F
zz@@PWNV8T@eB5W9N_`5%w-e+G(|9~W4IVOP4R&N{Y0{$X{k=nmXiPd8xdzKnU<$QF
z<Cz&k$a*n!w$XhkG^ZC=rs1Zbu0H7dw@9^q*%jUW#gr1soI0|C3Yen5js%?dSlze8
zyT4%28#XvJ|7hDcHN6m6{7wUuJ;N2mw$`ibagArTd)2e&lpBncDny3ufX8>O7t$Xl
zuSd2P*1eAPT-0k@GoEZtD_2W(u3T@@0f?e#v9iskU0pmoK_1VhMn_pm>*B3Wymh)$
zkdmz!7;42m<xkjL=G|dY-$lDRHsM=hY$4%-5~rNKB9Wx%3TP3%i!O8XQTz$7O7p&C
z|IG>U>Sgnq=Gy#ls<&|Eb?Ifb635JRX0J=^?j^}DDYB+~2MNmsm+eL|`h5M+(9eKx
z%)47w<|GIS`C?!lII+2cO~GpVl)vk8#*vbegYtP?WL90Rye6^Oh@<r$`EoS2k3Cwl
zX@<r#{t{3%pTkk#j>Sw&j2PsVS^fYlo?U6Cf{r)djv@xgLFt7kmWJOAGDtzB=Ka?q
zL>aK52M5ri`|dh6j$;~N0AmzhM!GUlJsRV&3d7nEIWginPb3jY+^q4WJoFoR%%}*m
z81ke%Ki0>~<(Y_-sEco&o-I12@cB6rthWaee4w)U5|n$}L3Web>xszeEuq|$g1q*5
z+<Lad)w|wlaRJRO4zd`U`y^)E#I{yq1#9vjxC~qtMm|w&AA`xWJGOfye^fqEE<bh{
zT62q`;(7|2M?jH-;jR17oFGIqSoCMFSAR~Jh2&b*tz_^;ZPP3phQ0joNP2pHGA%PM
z=>)DFS`<kr*G^C<eDqOYHT_jev5l2YN)aAAhu_XSj;pnGk;3Q01aRtvbj4UB=aH;b
z4YQ9q!J|n+>k98N2uVNjmK}FJtT}bny<o&lD)`mo;E`LNKT2yy`lOF&g&;y>!FT&u
zvck`UEQ)wP@dJndveRjl%CaOmuD`dFyV(svmbN}>-bGE}L|oIH!IZlELy<>cKeM|^
zRAdYvAwHKhhj#Cvic=@c6|<s{-z#M_W!)#c`?-W1^n~A%v4FVowrEI^wxRo|>xQPV
zFTrdK@cynhR~Q`#61AW=cR`hRJu+K24cEd=Y`yMI;q$q{KL!JwgYNpFgI<Ayn+%zf
zyj_WH<{kyqda*b4@Vrl%>~}J&5HRAdN4Df!&;GI~82sw+oj+AzJwxyOEBb4h#r}~b
zYFu<yE<j{7Hm(A$Ex`-7u(0M<UtMc&_M9*k_V0@})$}U#_3GH8=_+(&WW;j8C*yWV
zDswtOd6u$rfiVTVcNwg5wveum3R`B2%UWycWVLo_i+6OLPg#nc9|zNEkDVKpEi0ib
zl?ymo%Ml4MmK%G)m^Ox~=s(e_7A|wle_=JZ8zE(2@7bLncgEl#BC0B+o2L?{L8;UP
zN=Mz2z}<BlRykvEe)|XkhG{2oNrFNoA(LaFHsSo?SVr?CQG+>pK;x|L90I}BH(u?Z
z=)1!OWsd_ydZwC5?M_|VwlfL~2Pe7Y?!tm$yEAuL0(F@$;5nOTEqYoN9i>WHI^GuW
z-bFCH<<)D;tF4Q38DGKB^<}Pl*@O$|Vs<;ptF?nPF$ORs0GB9Po!M4?BpMBiYjEPW
zd&lcpQj*G)ge7%X7BtMc@XcWX#>a3!Djjn}cH*xFG2)HHo^B(Uw0cXTydB<)sfl&n
zQudrD`s^*JxM0|0lt)DwQqBN7Qs;O*?lAxHuMPIJ)0pwhxKYgSo{9~$TST_x#b<#U
zv)qlRP2<bV&gr%Aaha!+zm?Z@W2=y(4TT_v+Jonz$C#AN%xYFf%FmPth<~Ow2a9mL
z=@rMpio?_pc6yC9pYLwgXn|)NPtL5$LboYt!DGf-*_p9!=9y88#flb>HYE0hcW%8q
zrkoU0k)5=KG=}+83~3S`x-tf7IVlfmqA~$#>)?&Msk=o2I<0;@X}l3Dm6mx{J%_ue
zh9^fShaIi;wU?<|8cPgrq-i8}wz-x;RlNm|TlQD0gR2+(g$wQ}3v;5%=wld0^`vN8
zX8aE8mFr_|j&7`5tX&yUm&7{5u#I|~l^+0fl;c<wu>TK)E)Q6d{}<<<6kP)k#hOEH
z{|oTg*{j&o*zx{X!T)0LX#8P`;Nbz#m4q_n0RTL7MO2Eyf11Y-5&`^iVv8dG=}Sh|
zKNKqYga4x*T^_)Wt|$-qH~g!@A3_AB<39@iQ~H0#=<@&Or~OfiE{{t7zXJOl09}5o
zQ18F>{M(%WVW3*7`gfj4^j~}QpCS~_&|v>R{}ko_BbBz<@+V6q`Y-%n?EjVd599xa
z|Jz9a2j-vd`~xVdw7I!I*?-ypU)&XW)S%-5=KgK}KjrMG!T3k+UlOQl=>H7Wzjygx
zlIZgP-D(<!(0@e#;6HNzUHFHCp7n?E5AWYfP^0<30bP3-RT*7T{+|N|h5zXViX#vB
zpTPdVIRCT!{{{75JBr$^fBKe&uZP0y|LQHlvp=fvQ0@KG`7{9G@E;nr{gM4g{=X24
z@&5?y8S*H_sCsxPgf5R#l=jEkgwrSsqRRvReYB$5LY;0XnsAtK_)lYm(|-n}3RUlq
zGzu_;(B%n7g-~`y9Wkg{il}q<pC10PGP*qAAIOlm$*zlJzh+ifcR)@f5yz!|;W^y}
z+Trbubj#y(M%IbTn+ODWjJX%dc$!&vXRSB$De4^q`3Z*B2o-{m@GS0r^Yau5he;fx
z9EJbU`Nhbx9)iqW-4O|zSqh#fqHt_>llsI;Onp@{Yo$>?{4^3^C@_3*6w8F|c5}sa
zj_b=0qBDtxGeP8M0&GZMMYAtgXQqH?qoP$3v3AlDMZ7oG!ELAd3~=@$wgx6HXED1R
zB3|KP5eG#ryi6hZvQQG^nw6m~YGLhNH(0{VA-U>nl{Ozs2GT~>S7)A9x<SS*1q+&$
z>g`AX;vtsUURF(@2<zfoOT06hYVXTpG}DS?vGdcqB^^KL1zTHMvxH-`6S?Nj*0Uym
z-@SLJJCN|@l^Uuq!TwBO?QGizr!nPn(k;VbV%zAo!cg*cZtiA5h+4Vz5G9T@9$Q%S
zG*D+V$1;5k#OKg#51%gis!zlg@YVt>eKXH#zEu`VOL_jrn+P7I>v>A|8eDFPzgG~e
zJ(;Cuy{5gcvk?5f)<TtDCf;{eEReIXvx~q}(CXZ-5+U}CII13hWWKK2dEU}Q)q&45
zNm&Pz^Z}n4pS62UcOdbs?&1y~^TIa7Gzu2GTww3yo)!%aQ|p`zgXag0JV~MQl#y3E
z+Ya(O?v{>h`#kmO6HPW`z@lC8E3nJ^74_}Z%v-X8J<dc-*AG<VCj`v-nm=T*x-N4{
znP*r~3%=i_-xdnx^@^;bM=w&EG)GSE+uw4OAMlFjat#jM`O$=hYN?7fXuDI`;uvE=
zA{Ace*Y=A>-vsX@)vvyy(^sLvghavHUz{iQB8S!!+gMrY7j2x(WoyLq>=UiAdB5fb
z`DF5aND=?~yboGIAoPfPla9OpjMqMXhyY75PckQV-*3;J)VRqa#_WpE_zhuX1~&HT
zH%8(V0{m3=<e7nR`F-B=r=d(J-vyOsPd?$MbUgcdV|-4Xf5k#olm11DQTc?0j3hy|
zM65>f*|*D2Xw0g8ImQ`gcY5nMaVcZCT=7R)aY^%8r{hVjb?$_k)})6%qHknP$-_UL
zA_8d67@J!ipASx(g>?XiJMrf%#D6VuK#_)Q&W<_!$0?H<o1@+Vxax94GIQ&3r$Xo1
znVrGViLiAhbb)o$6S*#C-BcSvK<YYfTw!dYN|IkdM@23^0a$WPf7(-3ja0}UHKhFn
zbq17*Gp8%u&*cYmmwa!ivG2|7sDiM$`*~BVNwti3*|JlzkI`?cHoR_4TTy=Qr2F-}
zi?z=3eP<=qx@R|yk$TciPOWpYUzP8&(`S=r@}3$Ba-2h~qvIQfQz?&wtQ>uUBs&Jd
zlV;G1TbPAH2RXccs42q!G_z-&$?R*^QZ(8T72f_JyH|`hQC8C6!iNTnp(rvf=h};i
zXZPq{jnklHg?qw1#VOqFYbn5isPmxs56e#i-hQ3ubo!cmA^BKn!Tn*cXqZl6F($P|
z+ZX3%Rstpc<@pN&f+9MX=P)rd&04)`g!T7M{bf6Aae<>*n61kP6~hw&p8_}~si(9+
zCpzI4Y&M3A5If?tjyR0`cA>7}R%gQpl0Vx>T~|Ea!Kozi?CibK`hx#K_f)`=+r`Kv
z%XDwF-<u~da_W_6wj?~<pE%mk%S@I4d1>#>u3Cx_PU}1>A++rt4*No18LBiDS-!MP
zzCO7Al9I(wC?P5w!<N>}mP+n%E~Og<we<3~PK2L|k90B};iOsJGS9m&g~e-DEqTl1
zDzsdzishEau&=PNH=On!Q@c|#M_pwB-&|cr^(Bsmc9=sM`lJqL7yPTSwd^HQ=V5S`
zTRnYJ(^loT{$aTzG|hzOU+29ix~Fmpc54^OmZCBc=KE)-Xy|A!AAX<z4gip-+9v%?
zE4nmc==$5`ck{#g;;$x&vk&18d<EoaT*t;Il*hS}APSjX5Qh;Y*KT|S!b&{x?kbv!
z@Lg(!h+aT0*jT`L2O~&`0pG<G%^@eIGJ9<;*AIFSc91Fpp7?npjVO`aCfxb;!R|%5
z$h@*@=RgRoH+?~a=w)wo$&GDRTHAy^d&JRA=iCHNRYH>QKyHe+sO1Qwb8pje|3{mF
z(VS3^hnzrMdjNYh?F4B{jBqq>Bk6IT^Vr8aaClcQUhGx)OvK>t;b9>Wk>BkA1)Fbr
zq$Ze{RJ$aWV<F)m1s4YHj{g#Yd@LmnJvLn|Jao_p8uKnP2?l}(f(e$oamPaLj!Om~
zZ@w~@QK~_Eyu0U-N1>0m*k#F)AwNP<?`WD`Xfa(egI2F+z7bH<B=J#2s!-$OKgSDR
zXPE!8SLMoqUpH=cgm#=N1(A+rz>1nyR#!NlOhqy)As@%BhvdQ_i)KI(`t;X-cb7{5
zTU+O?#YKvMCV-ja%|#mAYR6g0<FYJ<V(WY#ybdSVyyZu>R7ap?(cQsfczEc;_2S^e
z>93zPUNKZgKo#q{KmnhPh}54iNvsaxrQwGa@oYO{ixNZ>h9Y{CkgtvB&kHnp>qvjx
zO*UHtaD~Xe{|LFixx|kMeVe7nTy%VFbr=5g;Q<oeQhf+o7r}L2xS1o633<tMWA*c}
z8_d6%#NQ8-xF(TK0bJ*X!-Ja8c*7CA*B^*7sDdq&n9E4H2lMKBsuzpB=@Ja>@p)&W
zK8>B8dvS(696gL&YH%gkzQl&JOpIK2?AP*DbLxPGx)?!?!epXrxZkgK#Hn<A-V>UC
zh&lo_x>s1|_s$mv@DUEJ(a5aDrSS!ACbN7Y$=*F)|8~rHCvYvcS!#SoM)o9?MCNdt
zw=tm;kwsV=v!kEsd%}eiK3S393HW|i5FN&`gP|?w9=wh$dbmDrdht+qKQbdkY^Lrz
z{yNWrd#^0*26Q#N+XC~q1*Q(kx4diz49_hRqGM)!$^UWZlz$U6QD?WTe0PcW;$89a
z*MmtpIq!9GsaOt5oPpH^KJJm2u}Be!m8YcNv=zbn&C0c{UuMyftGK)Ym#>K%qyHcn
zPH#OEGppy4HLV)Q8b-U8|2i9}h)L+xA|!PmkVZ!aAfRgWeV?=gde=i%_Z>HW`@%V7
zkrND5?1z5~LM*5$lb75NBBPXn<_&|)vm0;ePnpg#B=Cxnp($QBD0eh4(>pa5Tr@Te
z43!8p=f&BQE+<--r`(2FtvJRG`fhXZ!VWDFc8LN1r@u%^O*%;4(bDaZG?JYQQKh4t
zCdR>^JNg^EBAjl{abk@tD$}c*xBlCNF0v-|6k7r~uDc}s&dXPHN<Z0@;zLZnT@+ll
zy6_;-^SuF8%(u947oWL3?jwnb`<?t8urI@5sLIWS6#Od463TRCekVlP71u8ncwM<!
zu1E^8fF8ZB8*D;aBEt|v-$8O$nPfR55zNB2&LWLnLPQD?4iq&Dy#>E_BccXoRQxmr
z6I7&;60^UuFsVKd5Lm36i^t>g-6>;Ijh>V-H!D763h#3{GSh!N0+~Z>n2sT(X3LAI
zoe0EWs$4(8aD880U0s&!QcLBxgXm;;B^3pXmEyC07`>@5ZSZyB%oFB>gka5I4}+d>
zOxqv<*i+g+8KTEBgo1Aa&??Y(op2OhzlFwiX1J5t#T+zwF|0r9VtNNp@@VD?y&Lf9
z1lq3w2i?WU$k3m{*V_w@zK!dF1|3>{+3_Rv*Nds~@f?WAtcl=UeQ<x2!$btrcdqC2
z%>8o^&7ilGW!%(RT!DMcdRZyNouf`&sn3@vtN7$at6XZuc)Hx?I|>aohs}nhI*4W!
z`B~(bvIvJo@%3T}<T2$dDC4{r<~`TuD^}f{CRS%sjNCc_bnteij5Kxh&mGF0iX9x>
z1|9qa@|5N51IH8dC0+jB>JBW5L;$@?#YgpETwJ~@X6EJ}C{v!G@Ez)6c!{zm40UAO
zqqaZBzCqzT)b=SN>f_~^yn-bvkGf#~ZG=g+fnt3|4G)U^jVf+Kk=ybL)~HH<l&VKW
z4N+oJZK1fz@(MPOHMo4-xO{u4EH66#!xgF-J9PZtJ}CNkURgsXPeZg{?$fBLLhoTA
zUT%!v_fI3@08hVNI107cV0>0Fcs1~^2Lb?qXCXi+k*FnQ82>+<|6tu))G}MoVgQ3D
zJw&HHE4rDaAAnW{0I1pmqyfGgw*SbTpwd4~0NOt!01*0!q4YWIHp%v%w+Ye!>R|u?
zJDSnH?8N;|OJ@zx2XX$7Bwm>icPl+J0E=0U3sTJ`U+K-XZEX+sLH&^~AY|<AKOLTo
zo;PmsCjU$CuIz0B3^oo96f`xIJtOw@-M?D0L&Gf>=#!$OjW&%WWjnK6^`a#YyS3XK
z$|EWw_%y04(IVlmePu)Y;{`ohd374aoG2#qQz{cE=$H*0QO0+|xU3EU;1&P?GZ7M7
zWmchkuw8ZiTOnNl08@oI0;`OtlDY#Gr80Vqv^bP#03T<|7DAtbFFvuHDC*+jhW6bM
zVFV^F9KeC1yJJMZp$7yA(PP;bEWRtwCI%CLBfk?0b_rs3LG@ar6-*=ij8ejukZ2cS
zqp{twxr;avsQtom88HF?R9Z|&<y)K*Pb;KM7Cs;`<dwf1^K`9mv_>p(x?x1sL%`UN
z|1tu`5DJ(5lgF6?ECK#J$8)1hPl*M%o*ca78A4kExaAzxs2kJ(0QB?#y^5N!wufRy
z%YUl;&t!n|-*gXCTm(uJ=TZ)UJ|7!U%c|36P)-L}n!>J*!H-YZkj-3u!O5l&MgO`w
zF{2z%QxK%28Uesi;HooVb+aqc5RF6C2T&MfVCIX)7b>x0tcudRej#U$#MHnmFp5aV
z9hO7(JvN2y<Q^8<w14yhUH`mU%&LgJC4GCsLX2mW@pzh{;>N9M0z<DUO)*e!cKhLG
zVYF4*l@jl%x~jVD3G~SJ)bDt2S4h=L)2LM7$>*Sx-Rjw5K`!Q*<XO{cSHtJVudgAl
zVnIE&RqG+1v+QX+ww~#xlTpawi9O#)McrWUsQ~QobQyQ46R+sZ1ja*+>}uOQbP_iS
z+{F1@Jhe<cIG2rQ8e=UqxA()*N!N7S#DSeUX<gZNP-^il-Yq_tuJ_b*4F;R4^Dc$l
zn_92+>+QBuI;)E<S3SFklnq^pGCiX<EY!OiV?Fh{3^u7}a%MKDI?Yqugp)j}jEUS*
z8ddA5?A=fo7EoPH9h5`dNIYw+wv*3civf3wKW@3jc#Y52vrU6@jN|b~SnbCvyN{d6
z(6xCTd$GTfdZ>F$ligQYt4#WP&t3H1s|mZz6%O^ynpyb;cm#21;P{305PPL@$BIZa
z3e@qrOW&1;s54wF+yd&3oCAz+h>sO7Bn+#J@;+Fan&-4DOH~|FgyLAQD$w*pGqjHX
zmbm&mw5vO>&nZ;QM)WnPTqcspdf3FHHhS34d9biB+ih=-yEW_K>ex?O5a{Ja6o#Ye
zUovlHb##AucGdX#gVJfoJ^yN(_+YaYca!;sdmSR+mTa+|`kOToPT;U+r6YvhJH<46
zO&U(j{<f>@txJtWQ;x@pkEa6@iBZGlobuV*H_Kwg?6+3qoY-+EtGQ-u%+$!hfw!%i
zOV1*mmtt^n)1+Qkrc{e$^T(ZRGH5+Ds7`wGfJMo3Tf1F#Z2d`uXJMwFoa(Iv)n*~!
zs!dhqLi1#8ExN(3sc&F4q<7c2Cb{oGusObo&cniZf+*y`QbyqO0C`TsUMbETCr4`6
zJ3$Q>x|6Qsd4{*gy4zv{iggxRfhV=bLG=^j&xm6m`_?{Jnp#S`C%=vMI-_hlZFMwr
z*B!L8;f%GZv#xv}&(ftuz*I-$R&^sKV1+aKA}ht|!Rk#NJes#;$movzL#ck#aUf|Y
z<h7aSv2p5>Dw&Cpm*b5O1_brle}E6vH#4LNLvX!N^-M~t_n7J4imzYWrCatdp7j23
zbCELDI9r}H>cM0wos!~KB|lXzOzLVAe33lw&3_?KM_k1%gXgCzVH8ZUd`_gP_Cd~V
zO!eD-pB4H0wjW5sFu~X-u6#bdn@EM_`;caq{d4X5C!8iviha(3M>-=7&)8ITkBo=U
zF^Z?~HQ?pNYt$CIxA9-qBIQEe1MZxP0=^)6*a!NSC%7MtpXZW6q#e)KlVC3QhdPKC
z!^G9A{61UIJb9*o?n2FzC$RIiNrISk<Wuw)XVrN_p%}#GA0u@_f@I`a`F#SFFewZs
zd9Ay%f}}e-XVfOFcJ#h@eV2;-J~(tf={<Ou!w&<R%ny}+lwMOE3YfJ&@|6h7$10L3
z@(kEM!}wI{%Q*{0yviEPKMA#mcp5uW_g#_%(Qoxno>MKj3@T--%<TH%VNSZrAcRw@
zHmY#lC41iD7IdmyZwRcF>>e5KFLc~sBHfao0EV@1FCK?|RptqDr22#2)>(TkeP|k`
zk`e1NhPY125`Dd#YuK8r$CpDqDJ8h`;x%W^Un&C?0}a^UFHjZyutW^PBT5=tw>Z9;
z{#eO%^?GULw(P_RHM$e?Z?rIg>oiuxZBt2kMBI3;wigB!4W7dyK$`KbqE3t?!KrhG
zF@y@Azq$+!O;em)3(BlW1iY42ILmF`1Ol^*Y9V}Q6L<WKExx`q7I~a}t}ag78|@#6
zF7i`n1R2B>FIQbRUeq%{f%QIk$?l;nSVJa2sPsi=DjKWMQNY4p7ztU*b27zl3dXRa
z7Dr99<{Y9)31N@-?*qNf&&8a@vy<BR(u+f0LovT(9ZT<F-S#S)pK;DcUH6cgB&@x)
zbbEv7W}XecZmS6xf)xa8HEm<J#T*oRE2$e^9GuTwRK4Xb&2|aK5|xnvV<xE@N_yTL
zCJ%?be{(HB-wT%H02cc9e(G&|)5A}a%hs#al+xpLc(agIIWjm4&(=T;fBhbtRBN!S
zGW)$hPc`7qps2%hp^wJYPg!_iVMtuf{xrHO&s&WC6)2RF<LzqdOpgjFR+4$FXW;I6
zZY5eS^-Zq+w28zUqQziQgX`5X1^%dSlVINEO+T!s;<+4PL0$7~hd3RCILl4oIZ;R0
zXt&kZ!(yW-+q-V}Qs9!RbF^{+dxiq((HBxYBao_XHmuWFhfWu{7ClTvL$FumtxU_L
z{lf0zmwsj7?Rg>IO?2~q`<ipOF*G7SCVniwlDr<7AHG1|Z!ICA)+2o&sfTHTV<^*{
zJWrS1-5X?BYfPqE%j|aUdn$X^mh#|1Arvq^xh{VQ)4+M}v={cqS*v}e-Tl*dJxIW>
zY?m0)jz?&=!p-J2(s<E&C|gU%W!rFqO^Wr}X?<IvE8;*g2Y-va+s~*qwMOb{tn~1^
z^yOmGP%q#i+r>)q0u5{esNqd{0!C|S>b!o}V3oWtw7f^B1gA0Tyo9=c7_d*EvUk-n
zg%&)R1Z}N|Cs`SEuB(_?`;IrHcAAK;i<{duxg61mnKb0`6DPZk9hrzuzcb5FC5o6-
z$7bPgF&N>g6t}7$cl+jc)Nlb2zHFunD!Axdqi-_rRjm@MZyU;iPHcT^w1yT=TM1k=
zt~vJBiEXB~d01s<9Xd)?%^Lq-0Czx$ztr5~b2ZzP=QYG~wNDkQ=&-Jsa~Yd1WTzFE
zjJcUi?Uv^wy;n;|71L3*R<+*L<&{e{No!uN)pnAtHL|>467gzY*V6d&x6i#_D#k38
zSBnj%-xYF}>e=UOTvVlZYh2ZHIaw{I80MwpFARCf-$i@UyLVIx?W=;z6<oF1MN_)B
zQ&}Tzc;?l7X146cs!K^}HMfm#e-~Ba*QVAjM%bzIcDz;TTa^`h%WaBgww8S6)yj(6
z^-Wh(Fl9iM8zpF=7BoD;0>mk41fWbsqg3;i;@4IuH9cM~T}GU&dRmfdrM4>3jqaM<
zwrN+zO>N05-(9QEtF`3DE%CF`uN!%MKD@Q=n76sF6?D@!lCK+;NlMz9_p+{6$5pN^
zdCKLhZuq`Y2!FVQKS+c>v_c<%gg*#`JE9Q$L?NOO${`QbLP>v!5)wj7)8h}um+RpV
z@IHO~iJ}69QBTBJ5e$f9jCeBA1c*rs{Ywg1y+Ms503a*u^WeRLn7?^EZ4MjI+M2PB
zL`q?RPmi1ODGVLyjh}h>@XD&KsoLLmPhzp8QSuZhj=@0DjF24Wcy$~w2kF3q1Vel}
zX%&o6=vN$LvR`HbcJx@J$5|GTh7gEqvuOx3uid^Y9WO22+C930@;*2ZfhhPM0cB4H
z?FAnehGzj6tZ=><PkYg#IRZd}y#$`uo`LbN160QeZ^N`xyB5>B@fQ1=uRwb@pJ>FT
z4_PHq37}1f>;?&;@X_hbU`$w`Hcd98H&KX#ZuJF>XmzMa5Ju-$I<Kf*9u!N$y>(O+
zMV@F1OU*wI4*)h;1It?PXF~ePysHi@GPAFAoj0=i&e1urxTVbmYW0ipKDIT&&CEXG
zBnBUN_+8rr!@v$YT=K(2Vs<&NL8r5%;npk$JrF7v??NnG6%7G^Y8faY*?2Hz>Cv`1
zGAFA;gV|I@k<?^#szxh_Kr(J0YJ*gKe1)$NSnR-Gb`N{Z_ET6b`oTacy($jsfm$N$
z)rw>_Qg>KY>f7$OY&fN*hr}2)BFq4#+B7i9;XPI$PmifUitxKphi&IES`-n_1$)A!
zarK-dQ>z1|(IJ!RrcnfprFBJY=m!a&0}qA{nNun5iU4~ft~*LqXS8B43jy^8dH9tH
zZ3a$yE`@gP(E>3#hAJxkc7!JgKG$o<%y=l+NNTY-+w#owVP>GcyUMANo}OFp5yL_d
z&qq5jBi0{#xUA=7h5;?YE~4<i86ZuBGlDS{p%J<{^(*y`5K}6vlB*|ko$R4=ilDqR
zAmD4Sjd9*RflpX45W5DAK)$^La<=xOtAe`*n&*8P$T<2wrQEPA3QXQDP_I}INv<1N
zx~~sxdt5TCK6Ax77-Vo|I=SbPv1K#wX6Fv|n`}YDK{1}|#j`T{W!S#U=XU~O#kX{_
zZ-}E-)9pG;-2)}l+O-3~W;zeTm>f%#^Eu8-m3Wek-3nRVUcBJ);qJ!|RX1B56?N(j
zF<07K_YT}83Jq>i<wm9qTdLa5?d{e!h+D@2?5D-zcd<TzyyMe|$_4c5cXjU0^?Dg(
zCDk`OX9d<p*wp>&%5wqstDLTg?xWyCW3a34gDT14J*4Mu=_whEOyPpHb){J9+?e{D
zol`NIS8BItH);E9)b4WH?8NY6bSo+4_Ev)gJaYLlG)&oCL$}1`dMv;aiCrm{diSP^
zySVR@_0h+AChveMcL%9osNvgrccJS_uQxh%`Q6^;yzH6fM<!ib?7=u~!$7+iUc0kh
zqCBSg=T+Bh_Uyy5tGef7+%>##oiCBT>=ZLP@1@z?oexTC`t;c57G>3~@{7GHS!;XU
zYG%c<<kD@yLv2t-*FNYKjbnqXxUbMfrs2V1VB8Z$>kM7G4fagV2DJ!arByr1cJDl9
z+0!c|U1zI>o!l9xu2X?ad&wtK-&RmSvDLQAF84CC*_J4FKyQw0cuo5)Rp67lh4ww#
zou>1n=*0$-%bE@!K!osoEN<|%wG-|{pi1y~&KIkxistUOvE53>{WiL-%D_)e#ZvhY
zc=3xBl9|ySR|xAAyuBj<;n*gc-CBBH9jgPT$-#^lJ&J|)a91-YkUQ19hT9gIHIH2G
zzLU33yW*|)apQnp@O4t_r&YMb!rl6z%(@I-D|^Bmp+YRdqZAkh_6Ez|V($6wTM?7C
zG+$;6p(M=ZN|O&&4GLBQPpRiBo<(T4C1-H<xvVO+TUWcGrP7MoY#?3G6d<{J9R*$4
zJ27yjle8*xuSO44*+UiT&vwKvvyEJIL)^L)Eb8KCF4<16be^hx)(^PhgRlzrbN8<N
zw&zYoWyY{7=mk>Z>WLa<;sZE!HiE@uJM@x-h4zX<0w^$sixx%m+@;4mD9l-%!$nYe
z#9ih=EUjTrTz#_Ir?RM3XuFytb=wDDbiuQ#RV$-@ewN91>c<8jRWpmN=>~O%NJ7R9
z(QZYJ@~zst8L}()s%2#>%$~7Ky2>4uazkdt=BP8)4f0sA8p>Ha)-z7!-EUgDq03lx
zS1*?EHCwL4=iz{OcfIYMqP1}ux>2M65(V6wmMI;k5IuG|U}FMTC{1tx*N6uFXL6ce
zvyfcJdzoa`h2qG+CwMTs>ha2^6k|c@(s^bB(wbf#dOQu|${m%$sSg|h&8!qNk5{$v
z1R4b(hl?cyJS?DcgNfih&$~d_taX6V@LS-RBisq?L4pePFh$nT3jNf45DaySYI{ww
z&(<j<7h}I0>m+g)T79e2z>g*6sQ?ueFmOe53msWjJs#IJ9-GOY$wYOUb-C8kSSe9j
zg7uG4dj<jyBnYwDZoRZB`pk;c-pyt9&4Dh#p!Jbip-goA_X5}*0BDb9h#0%du2XQW
zq9>^3Azja^a=c1w3mgh34ti*qtlJbTJx6N-_Ts4PRk@elnx9nTY6+`kidIs0twQ@B
zySlKoLaFgib%8?As;j$#KVca6l&yCWr5L6a-#YQ@)5c@1t~X_FxW)%b4r^%%o<6Y8
zORZ2}U3ackpl7OjwN)${kl4^LWT>6I++#-ihV@y~;mvrFL{^CNr@fG9;p5dQxa5ms
z6-pRc7=1ET&|??3sCN}rp3F0WO7?nM*1RCa%I+#QePa3XY-7z4pn26nPMNh}Wb74n
z$9>m{LNVsB86-{InN=&Jw+<#qF;<2*R~}v5)>p1j>;Yy4aw0oCG<aVMI>4FPoOJrf
z2skdggz}`=lBH|23h4BKm8@ZHo!Zp#sa;*Y&FY!e(naBUeupxp1!F)s*Fd~GaoLcb
z#niW_0-SUaG$MCW>YQ4%s)qIZj+T1Cij?qcq=XAA%_~i!^cEwJkC6f;;5OSNnn+(%
zm3=X)7Y{RLwAi7n4HJm2D83K~1_6z#6&$B-YbDYh4V}xuI;Ihc+^3W-j^5}p4CJpZ
z;>Bf&9D@~Ji+0yulN2K}B2v^RVxxl~l57_(-+ON91<WsFSgU$xC9JP3n>6;hhP7D6
z<F*(l%w<9Bv@;QF%)cY*J;L)e-&*wQ2(Wp1v3Gfx4G23eU$%lmz{lA&Kzy)V=b@pV
zwbjehZ4NFi99v2!;+4DQ5Vis$%`v6=@m|O4Dl0y11Vl<3Xyvwa#4x+tQ*A4QxiA-c
z?`Vk}Fq72#&>{sMp?6!u+z8Zo<%M$9+sr^dY|8dlc!z#MRPd_MM{%QyY3sVp7*b6P
zL^-0*bI7ndG{uV??1DQyNkOVC(-b_9v9DlFA1>jm)r4pr;#J?c`6itRu4Y(_d)~Kb
zY1&zDL4w$Nwc-Q}1Zt%8pLpGdixHuy2!d<Y3v?;mT(dFESv8Ikc?s<29z9}mRtV2s
zmWu?8^=PQ+m+co|((D;n(_Cr6(EHRv2i=&6B;dkj+F6%F!63@3-dAH-OT}omwp46T
zKD8L6`S5nI=BBsZ4)|rYQq<2}UY@LC2-v)LT60B60a{#$99WhC1z_sk9iXbK7Uhm2
z0XqXe83nNG5PjMh4OOLeNUrvX9S$fOHt@AxsP-K&c=X`sD4E_Ww+i)&u&q&W5U#0+
zAjWrTYS2W3nAoAgAlNK~dsTs9xJ5d_Ps4){3Z0#0z@I8uT(RZ1*MvUHqjCqBC6mRO
zQN?wu*<I)Yzhk*@GVb4t0Z1>r=o=GV`__199jK5>IQGn8LC78;Azm0qyn#3{>qZu`
zxLgv7zGRyR1ML>^8zFCOJPA^8BF2mj?_fwfJ$u8SC3KW6iA;$=qJquZg{{i8YF!bg
zuNg2K1)K3rgGNe2AomXjyLk%~3juZp#2w_?bF9E32nrVq813T=W9Q_~Qp69uy=);=
z;q|_1uh<7uqSs|w#u>y|BXiU>5r(d^thgw_)+X8@;vA49*O!QGG#8+DI5>_Fa!|R-
znZOva=kHTxULRW1;t&=vH9Itr2R#cYd7ks#lS7`AgaHVxO-W%;b5D3`aWO{0@bMyG
z&Fbood&(N}@z-K=lQTdTm<i(<VD<XD0lztHD=<+wse4Dg;vWO6w#=b$ioYYWRRKl@
zFO;AmCjD7y3p_T)j5ammd%gs+8cNs&ur8np#<zR_xBl<@|Nej1(c=&!4J3^><U?)y
z5T*%!`v4>yU}>NSh)de7^ZupZO>nVaZ=W}d<;X!Frf(OT(ALOkh=xv2aDbAM)?thx
znOVTum%;C~IDY%*o?7!Tc+v5o+X-vQgAEYRjc%iRUYDQKxmUxLi*s#WFQr$ev@X~S
zZ2^`8WQ_rBAj=OJzBGevc-POzzgL`3oIWzUVYL^GR`=lRoR2v5tF2Diwf5a(tiABr
zd}Mg^r*_scYWiDW!q>vDYWZt#^O8-88EE4G(`-iC4X{e}?0u=2mk|*S#J4i!JE#n`
zO(fbwm=}-MfHcbXt`_C3?Yy5CcKK@Ix1HyfuSUbCZ6?czNnx0%M6?bd4!wjMVz!Pj
zM@(HaZ42wRl0`L!0N6Hz&Y%*@LZ%6H$Y@<mTNN=1E(|_(2$q32+epIz%M$H^U9eEW
z8(~a3WMa9hz3g3Tt>=r@uda`5JLKk9D`Qut*7x09sw;TWw=P(gLn#yxk?q8^i(wG}
zzUlx{(Ar5?K1vSRFXIKiu0#eH23WqaW2g^%fh7`dhKoJC=Z<aSws*C^nHqry1+5KX
zcz~7&(_dNj;h-svfE@{Wu_%-YwT6pmUl<g`VSyZl>qgqdzzFwHBaA@an2)S%M;|@J
zudPD>h8kqC0f#If*9i@Rd4YL+_NBJk6PP}<ah?3+;%c6)3B659G2~qNiZc9bUo$>;
z0y$jgJHU@x4~z{|31^zs8=QBJxt!-Y$ISfJ1~!m<XhUJ+M;aUNsPTjL0K-Xk#6uC5
z2ds=hg-l5|8-$Noxx7e{<3OS1pu=r#t+a)8=BX6G3T=fo3{ud$>I7HFErQcl#2vJb
zng!E9X`$u;=KIeuBe$IAInNFCu_cBL%Rt`Z5StQmsw#@2x8LvG-L1TBSM9EC_`^-p
zRIJWr;e4nnbFs~~%(>0;o7wD)%*=@P+|1QLC8j0DVSqLzpI{I~I8wwH!rY>~YOj{@
z8(Z-CTHcYXduRuk1lW|59<W(yBFDdLd-DhmF|aM9E;Jiy62Vm0In3oG+DmWNDQIo6
z17<MhP>e8H)kuMDf(V!;iAfD>gaGSZ_Unm{9eA^>w%n0dHumJ(%x29X8!u3d%p;9;
z+%7#a+yYS2O^xcHy#0N=t6nj_mB^3NZEjZjoi!#f!de?b$54<<5llipoxoE-W3HrE
zY^|znE6!Inb4un<ug7iY$8?(ynSfYf4w{ak5Y3hMG=y7Chz8M}?=*tgTLD7>4Tw<C
z?f_2VdGECw5xuohMQ&QZOK(0sdA4h1bDRr$;e27%gTA+Y!Cmr^wkq5pS24Dc6hZ}U
z0_lkXhJ|+m4~}L4A|MxyAXdbJm>I{}D_-|i&T!H^0M`|^M5w+-v_wSprYn}U($E?<
zx2VZgRaI408Uv&?tpXsV0V?r5my?mLS!fMI474Yx1F@kXmO}^G2`(@c&wYCpVE_Po
zykxvjOvp3#dR-=}A-af+II66%Q#X@!cXd@&RhM^nS$B7LcXw4)RaG+FH@f-F=hpn{
zUT<j_Vg)S#63}lhqjV#t1>MR*nVa*?RaQ*2j6T`~sv#t0q>PM98mNlJg;iA~8Da%&
zLZ*Ns=6<!7fsGBI^`i~@3J+i+;1R8LC|?+9m}zB+Jm<PdhON^fq}q21TVrA`7Tfl(
z8(w@@MQ&BXq}cwRcbe8QinfnN%!xsLVyKzsrq-`c3@g;wMFf2!3rXjDqbw#oNbO^Y
zbc+z)ql6g4+e?N%9hME>YHy$+jJL<EWT988sL)7D^$QdwZJ@j|LtZDS3=}~`EYW@m
zAd!ir=qz$800S*;UVC=VtRjqS-n&Ofa7NxVc5hwYJ7DY^cWBe!soqH`JKwH%o}`jV
z=dW0wB0S(e-*<*tLqTy;7`){pPK*H)AuMp2c*Xiqt*9HgG;qEKvC@Dsv3eC~4kg&i
z9j6s-`f@Jt2g6#gP`b758{KJptkJMg=D2dJp7!7b4GsBUaHo7Sr?7ZouD#&=Uj~E_
zP?Z-7QV_j}g+&$N?5v?p>AxWCW{RdXQ!mrUU$mX8##6oWCwQ^Q=?XYOG9VF0!TZD>
z1OU|HQ-B8HNsnMvw?}48R5eQ&K-2;WbM{#X@fa_nFB$J?0U4TWoT?S*H^c@wa%dDV
zfm>HteRxk+i>+&A8bY%1-sK%jdr%_iVW|hSFnly>@jydPFbNl|7!W|fDf`?Pv=K5_
z3-hH31n`1&abDUOF4`T!iwOH0Z7{qv4TMk_Ko?ISsq48c7w31Nm!~E%pz#?!y&d6;
z+BY^1?=ZW^CmIAAUhJdd58GGZOxtVq`9#*(+9la7wMfIrZcLzb5GY{CE3{_jo8bJf
zC@i2XR3630+2xx!^}8(czbBndr2%}sw4lLtxlt)7d4&BEL_h<kpdmOt97QpO-HAn%
z4=LfGkqtQlK|y3aEQ~%U&_EZ6Kv>#<;wuRm>;m8lgz&o5n;;>IB(<`X1;A4fSio~n
zWV=(^l<En<OUIxPo-{q^^V}fHIDOW&-(`Y1vz*(_M@g??aB$JPke1-_$^|eBWiK$(
zDKXeW=h<Rai^CHvUu`|c_Ry|WuBP@~(%!dyo_T)J2%-fCq<1R^u-jKwdp&;IX-h4#
z@FZd>Xo!?ESjSs;3#KSBik&1HS37G)TNSz;iaM#}%z*kHJQrBJIws9xfq4TW6^>B1
zcS<ZffkvVn3ML^6N(t=Dh+hpvW*riG&Nri5qr-)V(Rc<36m}GlyHW;`XQJrq#(R!5
z;7D^tbj*XdQADcBQPiXmVHX)pgpf%OcvpzkOGXl`z)x?L;qt!V#aFZtX%20K1`&jL
z*+Gn%*z+087DbBCcQA+D>X&vd!|NJrtAlNgK)A|F#e}#Dd+p4&M3#7aT{?nRT;M^?
zv=Lf(bx}Iq<b*2*Qvs<KdGz0PVs|^MOO6l#gTuhK3T+~#yjAA*7{k5Kz59Aw$-dXs
zWMf4GREgF(TGHJXOps*+#ZXfYA9u#z8<TeI8*j<moOaQ-ExcOSt+LFLMwUq0<$D)B
zx21YdJo8n_mamTvx41mr620!^I?%eS!*}c+_l<EWtR;tV^09fZuE(0#lmb~#A(vSU
zR)y5AuXJ^Ui0f8}lLa&42xyd^d&6|*w3Uh$CU)MHw>wRSDEhEF^?MH7%--ql^k_xb
zVKc-gC@)xxAT&HW3Jh;hs`NG~YE8D!B4JIW$|mZTi$_({V{lr>Ru1^*60A}vk)qZR
zI)*2r%F|;kY}UM}o0u~)vAo_B$Eb>&fai=d+9;Dm5>Y;zV<8cX02~pJ?0a80{Uv9G
zMS;=;OpnA1BPg@e2;O_AXq{vVlhBba`uq;#1lKl-EfHYAM+#^*$l=vvec(I>QqIjq
zI=7FFyx4$j*F3(Gnynp&Dm!=>qvk^jk+Z^}Locc!x0z+RCz<gLGE;u(>$z0`J($!?
z&_qsHncmqg?^(>ryun$QHP#<H(l6T3*?OjyWitlrF%ZxRBqXF*i6M~NWE-r4TFV>i
z<TWRT5G=`Xbx2Ca?+ET0aZ^F^RsiGBn#%TZNRA2u2_>SH0YVCIXR??WufT7FibU{O
zSCn|{lq}^3BHijSzbf@0BtRS&c}!5?8Wo#!%f#>^g?54-4-{J|GMG(<M~U`~>w#Gf
z;DbTorh7Qxm(+pODz3Sqp&v(K2^#i!UdfM#s9?cU(=^aHaz@2QBpBvkeVdK8SuD27
zegzVJpnzXPZWqV6hj*Ut;DJMO5Io2}wIB=~tJZgJdD!gGQ_}=5G|}`p<*5^GGEg20
z(&piTok*@~CY&6A;oDM(212YZ({+f^V3Bc;Ws!HWPb*{FCmXojb`ImQjuv|CZr7)J
zG~2t2&gqt<y?3D`0U&VSZ?iT&7Fb@Z5*p&hqw7dL4Rwh@V-g)93c**_sxY=;@i;@H
zeJoxAhp`gVZMKRCg_PHhc1h|Ac!yBvD(C`%a9m=^^J0XekTsgqWI&sFe1>CXeYHy9
zJXKY;Hrt#5?4VxAowB-}S;4)p9`;gh4&KkaFIe^i2cHXjdIv4&ss+j@dry(@g1AN|
zh+44FAX1OC?+*#ym8cVKL7JAta3h2;3IwBWpoQvoY-19j<up?@x3Iw3y@g*T8<tgD
z2CG|*?c00L1L?m;rt_gUZ@%+nO`5yIj@#@2cKh#eFxjrNqJHuZy~gdu?SnR(9J^-`
z>i3UVpKHD91dRdS+&jHeB)#30M|oA_2Ep$GTV3Guk1b4?RDfcI&@e69irj@(s3AoZ
z+@annsobI4UeK;_+hV}fF^Zv#xchqWChu6L(^(N}!mu!_r3C1aFhIEi7_05(;d^X(
zrI!gJ>@k5$3BA1am$Be%dv@2I;$FT(d~JE&#XES|$RBT3wHnU$z3*YG2nedsJ-gX`
zhs&2}J-vIuR_-A7z2Hsj6w6fQaj;65pk3Q)RfdLeV^6BP9tU&p3hm$$nzfD>fiwg6
z-uveFzWbl7tQJg622?f?PJq*}6)UGquh`DKi$OA^9?}NbF}#bnnVTWn(4)pM)H0ic
zHB=Zkw{<%$t=;Ty#Vc%MW-Mgh-M2J}ml(nUx3^`%ovW<7II#QB&dkL?9^UKT%Wj}e
z?Z<jH^gXL$$FuKwX)tj-ruOsfy^QC>AlBXOcpOE9$a$eNS%VnYuP?oCTh2T+HV|0^
z-N>Q=?4gWDfopdQ-HHm%He5E{)4E<xFyR~|a9F0zTQaVJ+MSj$3OWfztT>p8P3^nh
zJrj1#cF3CcKEC(YzP|f7#0rNMEjblVsu}E04Ov4Suwqnx-enTrec-J?<-wfc?NYPd
z*#>E(#yOUBh_7`!Cufbfu=(M_iNS;KefN_0wf0r|X6Xf`s&K<K9NAsk%HeT1T<Y1B
zjT=ZAn5ZCHv0a-CqadQFw9Pn$5W-3%VW=6g_TkfTL%F$$nxv)Ermd@JDa}Bt;VLih
zyDO|2i{AH=_3SH!@cYf1#_rd=4~1BAn-U$82#l<`O$9@1B(5tpY*t!T!il1)hY<?y
z30<ueIvh<6l^Al<lyFU|?5WFResSx@n&qgZFnf2OBfWr1K&ZoWVT_pj8a?TtLCOk(
zjI|_=tUAJD+t-1&vtZ6UpDI!>cOcdt*`<B9@mQ_nKJioH+qr|-091A@WrJ-1Fg7Mu
zTrD+oaJ-?-13jE<0kSzoR@+nyIDNhBd(=#BfDB7{tJb`WDj_Qgtudhl0n`Iprzk~5
z9N>^~*f?yu3ZZ7U7iNKzVCtf)vg|HY9*|{T)go<`rIZfj18`}~4vwW&L>#E1h?%OU
zceiSNs&+N!lapiEj2mwlXAQe-fm&1`T$>2s!qb^H_N*JgcdBMK*fH(u!spf#cH34G
z1VM-t+OeX`s|?h@7RiH*PBvPpQBg(8i&U*{+n5>3?`6C+k|zo@gCGQt7#v>my=^b0
zml+O-5y2><h0RjVb0E~J(=`XSj6<cTwmfm?(AI3RNXG8lFcb}tA+*HhhFZykC5*k!
zATSU@uH=!46GMd@CY2WuEQkh$9H9<Z5GET9LdKa;!gDxlLCaFyn3ihNEkKSHvdf8F
z8603y6;pR%Wo?{b7FI%0QdW8@x&g!O??AlcK8dPDAZ}BU$rx^*p+q7i@PJ0VQh<sN
z*TG+Fzya@JfE0ba_!B<CofNf7po_zc08R@Wh%U|*9G!_(4&d#@oSS9CAeJbs(>QPf
zhNznXhYE0M1hGyL!c$Qoo7;QWvsH*;Vh5HBAvuC%U<tNsj@$-wF-~?&JiINACNxvq
zn#+JUwsqzfx2&oVN~i}|-uJOZwV|bv1>`EKu!Ale0BS_fQ;~53Ib#?_IkMoQY>1@-
zLDy8ttitd@C8o690F|aMB}W15Jl1M9ATkR~&g|w<J&eGsgaHD@A}X%o$Ep^aEUM`j
zyS7Ht3JWq(u<RRCVXDd(vqtN7_Mq!+>(EoYc<xtgZH>u<mF;e?cxx~&-o;^emk8mQ
zD>%k6W$|TzmnbUX%K5O&1zBSv3c}5WY(1+E&Pqj$;i;RSLqU~nYVsX|tD0^M1LQl?
zgwKL1YYMW+)EL2y?<$5jyseoP-MgSAmZ`&sD28WK)!x~C<fg`~Jne69UI$!}-ZvAq
z=d-@oZN8Ou+v@Lx%<pc&gLhaP-do<?vS9A+oIc!bnOD21z3)xr+pu>A+r8|j?UM%W
zYtJigg;RFk;|A`*gKehDdw|~A#@;-MyK&v#Xsc|uWNz-)uW7y8w(R@ZZQGhg?(MkT
ziP<yV$GtS`w?0+dZ%$XX);qK57kh1Uj`Z1Yd(VJKY+}QO7L`nCbHHWgreh>3VVt#y
z2Ph+iZWpFR)7qSgt1^x-j|1D60O5B!*)&B~-NA!y(8$)z4(;&q9(|lL!WUPSwJ)ok
zZ!0f!I3H$ZZP~|Mz^N_A-U^3Fj~(gP!+CE*tDyHsq1t&M9g26Z!W`^V=;l5sDw|_;
zR@uif-u6*+2^@QIS7z@AY+440p|ZrScsw?u(03MVa;}CG&id*aPpn30WhpJGx7iEE
z54k~A+;v@{TUWgU(`%kLeVe_Sz&3(OU5R0`(sJnQ$~JD!dUi6mF>Kj3C!Gwjv#w<!
zF2!Dq6__eJgLr6;40t-nTEQ@i?z`T%e#38@tts4b-sf%74r|NZ<<<`7zK-&`^6%dC
z2XiUQ;mZa!a<-g08KHNHuFhy}^{qP|in{PhU^=%ga6DkqS~JvY<WBS2rQ#>B(%ri~
zVeHJ^rpS0z-kibP$^!}otP6;zwmUkXY3sQ{?ly&oT~;Us#fr-E?yD1cT=w!dbX^MD
zyy@IYSyf}8U@q#jpecE+_lCt#`BJ*AwsTJ7zL{$FyJbi&`Hfokj_RfsDVJ5+=t+lP
zaH0e0qpK?)1(?qSY;5OuoH6Gq*)OE3NY`?mY+TMxfqDiC(P9hLhhQ<9uXl~x930b!
zLoN{^qAfhl<CzBHE@o*}tJwuR?@h%sac?l1%j7J}ZzZXyP_&Mtc!=Kb4(hx^f$4L2
zbXVRZfX9zrdRiSPQxqQVh-(>ARO8^5zz;Dx4fO-p>0VN+y~Db$uviwGI62pZtrCQw
zF1Oomg{W3D-AcWcThZ%6M+W96K|O$A0O+r2bSHaZLZ)_Hp#9S)62v4QS-hRCaz=T?
zI<-Bz?SnfSxk+vHglK>g_mTw@bo)cnNV)<u&(3yglPPXI9IA4w^U;+i4!10gIJ1JS
z=b@hSH3f>O4Q+1SZhNDx_28lo%Do8nbf9aqZd`46bC-Vf%f#WW&rYnhu=Z(qs~8w6
z-cT#IGZ3>@lUtjUGU@}cR(S6b+}y3|9dpYd?Mz}?PVV)BGZvOKW^Q|>V&RlIOO@>e
za?Qh2HpYsqrI_sZh+4?%gB*6p6J$NzqdLpUGitDbs8U?*XmMbnGX|2*$zr>E!ujZ+
z)l|LhbSU>s;uzC>`*_N%Mdo6<iCqezq1K;O?p{Z^1{zp!ouPyU+>T{bQ?#)<#`{~x
zc;96^&rz9yRn}BjU;$hOOf~5rOw>Ds81Qd*V#bv*L!I*$GoV3?YlOE7Sn{gGu|?wF
z5UH!myVuZ)6P+iVNZs`*M3A$$YM__ocehZ~VaP5E$2Q@tP8p(%+Y+v=WUAmdTb<sW
zRi`Q%&Z^K2KtjG*H#-dFxNYe-SLL?q1fGuGs;ze@9zf31l<HzmW(earZf1mDJv~9!
zhD0b+BJkn6qAAv0)V(}uybF5U)zxy|@ZAu$`DW$sHcjR>mkZ+%SQMABY^>IT;Yw4v
z#87!sg-gyPQ&`8ebY~o<52@hsLJ|d5wj6@0=6h*z9@m=pXN|hZI+@9aR)%Q+kl+us
zo0U~z+N_~nosVr(z$Hu6w3D}JFf<oaa`P!wD*^}IW@D>6%H>F3X$`FuhX`|)E3}ob
zRfpFGW<9sZZshLg+`Alocd_?n3=e3br;h20VOLTWThgzf-Pb8)%dNik_Z>Ht4AoUi
zwuRcm+sl*JK!}a)*cJsvVE3;yuC4XyTA<0&UOJZHt(;y1AnZ^ab$&ty@&LQDo_%|I
z-CXOQdhh1FyLNu~gg>l8AIgYB^eQM{oI)OiA@lFOgNfPe_l1^*#!S2frR^RwvUDie
zV&_o#;%^@du#d9{?758hIwEZmj;qc~#9AgNP1q$7Jr#B2S$8?TOynmmLw+2knWL;j
zQys?o#@n*93_NV=z{Y0Hty$SsSDISxHYcX=jb!gZnd+!^%kIn0HYvs;7;d@_I+fkG
zxg6k?ZsvBkW8PQLL87<9QidLUt9KrqZ?vqiYiM_}ZDsM>*J)L&RpCp{s?$SER+jgG
zzjg*KW_j;=vt*%`6Y(bM^gnl91x<?GnR!n|%~i6=+qeL&8C7$^g=^b2^#@EVFL$at
z?`3dY1#>dTZ3TN(y$K?5JA1TD&_gqj?QDv_3y%QrTd{dBae2lx$jD~#o2<+{PU8zH
zC@2KbhSDDm(J&3muDcW}(d0_p)5EOl6W+ydDjnL}$Zx`%Tzba?n@#krz%vm^baL|Q
zuR4v})7@yyL&QXa!V*mY(33#M(nAI&&<z^<{BQYG(GA1z6GbS7(Gl0u>&EMcU3u%v
z*0A*L8%c`cGA1||kj4dGTxAyk8Oc#G1WN|Q#>SohUG8;e8+jBnO|>m3?45(7qqa?(
zD2&-HV=I*zfbDPz&Je(2vu!EH;L*np7Y-aNxfH<|W28<_Gi(^zO+-}r{eN7;uIE25
zt^C8sTK5JM2SE^_U!A_)>3*Giau?Ti_FRunKr*<;@OSP;3<mwaIwb2sv;BJB-jTLV
zxzW^}m2%U;!N}M!Wde?Nm#{j_M+QSkZ|Kpz?5tWdF`Xc<V-P8T<mZ4Lg((r@S?4mA
zoTR3V#$gvJvc^oP$Qu10&)GiT1DqVrOzUT4XjvngDdz$@P&vmrKc_Yi7N~0*I<>HN
zhf>Kre?PtVhhBZWY=_1;2CQ=mNGM;szCQSI$@J}hTie5fqX4?gtQP{9#=wZNtZVqA
z9S^4xY-m$falo%o^l>T8YeORQJ!5R+GqL~&?Cj&WfwZIKM36U5XPff5?n5;J0|<y|
zj@%u;e_4}%N1*hWFl=C*p8p)3jyt!N6CNBJ4R9vbI5rK=GV*io<P!~e*DUMOZ!68t
zfDB?HX&^tN-rg5Kqu;lX<Lq`k*vr31ym+uVtl40kXyLMQr0##Iyg1M0(W49RIyjCT
ziuuWaRk}3k$VRO>jO73fTGD8zK#7qTu%IJ3RlwzSDA<~?rerm8D~!52!7eX8@*5sS
zEX9@nn1sL{G_X}zeLgp=;aL~P?D_5Dl47fl!e<ly5f2=hQO*pYoq_X0TZaVdN!RrB
zUQMHJLtusb$!{D_XEPIxHUkooIg6a2xYbS!<nQT2z3=DV{Qdje#xQ;#5uwD=0y(Pv
z<niN$*G^rW4ijX^oEby7O^loPvLD*`!v4l(e+9v}Mhqi>Gz3R~KaXAve^2IrE<rLJ
zY-1dKz_OeGa)XC4V@62MFxNz;M*v_14Df3SfC%PMO4k92b{Vi6E0<RM8avPKSlEtD
zgDM$!cf<s{`FX$xj}RC$r=Q{R7#vRbpCbmrh^78Vc;qq;aIbl*q$6~<@q5Ai<9vT>
z<LQI~W1r@+kGtP%c?9HuyYlaQe?NDC{SNc^8-6X7RR9fRl0qp7*GeSNr0@Ev4A_hG
zD5O&GB!US`*bw|Fi04_(T-9u8aH3#i-rAoL$zu%0a_FeQaAY+ib}+dkAY+R$tZ-o1
zoNBC8B+EQ$bRr_;<|`AOrEr>b)=ZO-g%nz`i!Kb1-&yY0_}lkg<xj-tF@ib#xh;|2
zVRK<YASud``LaqQm2s2Kd&jru*1%#nj<J3EUGHq8e;(dEzPU{FSmt$&e!tJX$CTe<
zUHf^*_4nR<WeSqg&Q9EQYQnucJu*M%<L&Y6oxi29WBYgH>OZ31ACK<-?s3NZ=OJcC
zL<ekS5JcMqpMIc8&&v7xndp2H(2GcwiFt_9cV2mTepvWk(Sv*MrRT)-^LU&lrP!KH
zS0D~|y!WyBTwhLTS#zuKKF^*kE%9%9rR}BBfu0b1@P7XBKSq;AmukS}b}}d-{I{Q6
z(3#XOP7ta)`u+XB4`dDT&m5UB<;%2FlVHKHxc(UNy`YKIznS(I7!NNC`n(=@wghb8
z$?^Vt{CCC$az+l(=H9}uhZ(^eEnIPk9Gq|LaCdt<25^~*@w;#E^zGs|K>jV`d3W?`
zTwo3HjNyYCczWCUdom9mwSdMbZ|>grl-biUj1DPW@r-c2`11+jM-$dK;Qqz~ZwW$R
z^3EUZj2OlO7wfwVtfBl_*y+!OTCG*xgd)&!-`k$?;Ika|H%5*3of{?%-o&>4gx)u?
ztgvea(3VXfUNpW#KuQ>TRx&cWKr}=&I`OL}R7A^=--n;PJ)q}2r(_|=N9=p{5c>Mo
zR|k%@kTHOqhw>&k5#I6Ef2Y`t@Nk*-IXf7*jR2Y;0O9cKKE)U?h@9mw)x2W{0P(U1
zuhC=3f0J-4jAVXrU#H#^Y-7hdts24nUN^mj<NJI|l?NE`e$Mse9s0eE<W=!w8Xw*3
zLMivzyzWaAH*mWkC+cH)%~1ZX_m54YaDk*lAlGXKJD{CoekUIF3C3KCr{tX|h=Kq@
z0Vm>y7)wmQ9~6Timl@sMN91kk($N4q{wD_Uj}D_wa%?$3>|p0SAyTu?932}Zqm;zx
zG0=w?$0B5HXqZDA0gW!_E=~$|l)_;OprFiyNsVVIsw^CFjPcaoH)aM(Fo;)qb>bwR
zU3KSl5qflxvIJ5f%%A}CdEOG3OhdY@)s3cMsCF_FOc)Gp%sG-sh+a9RDH`#}n9m)_
z;<@9z9s3d3F?zrXl)F;@o_pTStfPX%V_(&fkAB|n@$C1U&PmP#Gtn<5)s$SA$Q3|z
z&lSoEC<a(QX#xoe1bo*rLGPOd+C&U`>qR@01{iJmHE&rlzejI-!Z_A?GItZz5MpWI
z6HR5TtBpAb$)P$q0RX|QHpd<OeQh4WhwR2h(%Dg@*feo!=>H8J!5!(uHk>G6k=PxE
zx^T*e3te?oWy5WeiSnTM;IWO`ZHzXA>F1LtHLaOffhQqxwU>Ypz{CXL?HV*-PuBf@
zzW%?D*W||^udv%WmN`T4vUiQkm=4RSOya<8{h78vF@wCOILng!wmiZJsJu$7p?0%8
zi6DYOIFw*EjfB6qqryI64yZ9cUGEgJVA>I>C5|N=X|#z|1Q5pG91MA6W-h$z((=7^
zqA4t!Mkpn9({Z>ZZnC?*adZ+}d{@AvOoo$YLa7bllF(XgC`|-3i}HC}tKHkCl+tY`
zug%rg^N#K_jo-K5px@`dj0xT+L7M9}%;wR<jUD})+;_V^ECf`omER8XhoGDAWIqqB
z@fTb<bDU0KZ5u?@JuJ0b_s4;7a$tcS%b{+SuR~kyW$NomvQ>KNz=#?)NTC!ogffEQ
zf}&(@Vo7-Qj=zC*@2`Gw-gdR|sjpE<C5^$sd5W$0FnjO|{C#i3oT?S?CJnc%t8VGm
z>QYtOcaIM5JbVKF6&xGKI8DawjBIoDWv<}Lr*~}ZZZ<K41|e%K+?sQNHsFjcFAgHf
zlL&}{*Het`-0V8b+5<aI4%)^5*rlNOuU6~I46d@>OL~>AzB;lsuI@HA#_M^EYyr_#
zoT^Bo*-sd&Zj_ze@1M`d=D!DHeebTmSADG6H@ZCU8un6_#;PcSP)e$);VP1i$Pp5R
za)hdli5L|q_?jX4`Ig%>j41^@DN+tsr2wTTQiwu{rbw!2DioavORAAc3J9{GWI(D2
zg!EM+RDo4Ws8^z<;B_5EUEDa5WOHyiqQYWqmsJb+NeLk(Hf8+$7=GW#zEvE~x4Y7>
zs6&T|H}1h-2OeyZSAIuDPM{`LZlLsR;M(~$-h=nAajaX`R*zyTe458o-+xI87la<n
zce!bOyc6fL@gt!@@0#RL@432L;q|DQ{laj>)hzj~xK(oSQZjD^<0K*Op&4QKu@8}M
zT=CL$saLY&A{`l5YE#6Xn!j_L;qiG+SnxH!EOukO@b{<B?VB`t=9N6Bja7xc%5s;f
zm(FG8!r?29dwq^O##SWz8k$|+8rIP%3lbqADyLdRk2|c!Q<bN<_v-9HrA?zTt<-H9
zZ!_KJTQk)7YF8{(<|)c%SB6zzWh7s{-mJ17R;kUoc%9!kN`gu~lYBZ~MthZ9&kG&i
z=3=QG>&*ONzL48m%EQ-X!|azDooF%fxP%4ra+zwLnN{W8=J?HzzN(_NN~}b%;ly3q
zb?}3u_c+uo9aeX}w>bAHz+`@j=M&l9-n8}11@1>)n9sd?-uJ%bXDP&%gU&F7M5?A)
zn*yrS5g6aDlic1j`Q~4{cR-k8pvJ1Ed9Po#%hnw=s14o`JP~?Gn&F;`vkRBQx<_mf
z<aiR@EmxM3%*@@M_Oau1wdU}@cXm;cJKT0qPd6Smj}BLG5ZjGwZ*@uKRtw1NU7<eV
zN0Z*=mz*|Tp`bWj_C33lh$g6Alv(GwRy)0=aTVG{&MmNV>o1g)KK&KM=FttBJ80rc
z<9$(t-LqUBg(~8j$~Bf9HdR8eD)!s-v`d`ODjR0Q=WA`bCuf#CTfE#s^Nup5dU)rV
z=&4KJyT2meZyvEq(08P0R5=ZOx?4OYr+Oly@~YicQ@!x|l2U~7Q&1OU4$hKX@VcOD
zFNU6MF0*^xOzU_(UOXR<eSc3lpaQD5mB6pEx>)vX9vshn)riOlgfy#<Wu-oJ5c1Ry
z2OUC%J#d9~FT}Q>&J=>~t37j<%VgW~+B-XGAw74Dv{aGKt$S-5ZO(XvcKfx#Sophd
zbzh2QKIVDXd!nd{L#@5>`1@|D%bBZj5lWnQmXDW%kB4;`ZGKrOe&Op_RzeK(dqrwG
zu&+d6lN7oy+&U@T@KQe+0(09XZVywSLf*=|u$Ey6yTyhj<nwKQ;<EVV_T@?0XXCGX
z-u8>B-LtomI_k`{lDL=M$5wB>J+H63?E6jWNhGD`V1nTjbGYljC%5lPtmxOL-KS`f
zZG9(c29tgnaM07;@!*g}VB;dr{7%f0K%d(!n_4i7S6<HM;P>Jd&)b*Sx~>^_(u+oE
z59?2NmC$=^M%~WKWjA^vYr<AiuBqRR0xA?jS=;TTHpD*M)zf!<;lb52WqOc=slzL9
zg9K#Xh`Lj<x(i+7wQJi-wQ11vyz%`+fn>6lI*o4c9LZ}|tDEgrRaI40QO&#_`>>u#
z>3Y<P3^5K_#?8;00O@gKX)rAY#S@urDzkFa!)>*##nQ~|_tNgxa(MF*(5A_K<Yzl?
z4Cg7Z+%e~5z3<KGC=#mi#=c7-j$*sBYfg~8zh-q0sSwV+1+n0cRn4zU*;_urQ60wn
z>Z+e%Ln^0wo4P7E1XJivUst~F`ITAF6c!;EzMgX@quK9KjnR~EV2+94u06?<OoR$u
zG_C7|N4{{mr|2RV7*acF)lnFTh&vh~w#k8mO{f@T$<dC6j?A&=fb&xk8X#c<1Hp%9
zL5qLSo%Y#SH~7}UD({MW(|(hAZ5Gg<*AoQ{jV9llhZq<SV}UcUTrAOUTt+3l={I5u
zICe9F;o-ktVj<Yha2q%=lmrZ8I<c^uVBH6V7i@2blHCRbkjs|VWj44OAieS;GIx4;
zZX#Ei9tg3S9E%h_10b7ini(g+=#f}ZCPGj&lOP%7^~!M-TN+Y64JaB-)I>7mY-12F
z2?l*a7j;eb>^)S)$De7$*tz$5hb4U5;df`xi`S@CVdeEp$F`=sJ;J9amEq&_?>SO}
zVsse9%5vK3-;BE<xp+eB!w_NNLdAyLBJC=TnAgQyF#TrdY$UH~PP(%Skkt_p6*DvM
zG7YxNo;{fvcd_3;6PsBv-z%b8)ZF=xhjR5t<CG`gW~eUuH@S!;FAg$8r?)%e6PO1I
zd+$?&b2CbHN|SX^;Ta!@jOIMf*I-iyw1`cyh6WG}8KIpN*x=XxqyGS4fenx_L58*+
z`TyhpRsZ7O{60*`pWRf<#6(0yL(96NB~veSg|jmS){#D+@>S_oRaHerRo&F@V(**h
zG-#aS1PClxv0$MQ6TZ8KZsh8m`vqm^1}${W^-`h6F#qE75&xci<Pm?UBuGgu2tb5J
zOKJD@KX_N>>#_()G8{e(5KJ*9Tt1gySFi^w8BgN?PY}|T;Ma+2Bw8<+uLC?y0bV7t
zcK7yHW`?L7QHm;!UIk);p<uyj_x)NJ$YeRjW6DR<zk2ZO(#vev+(G@H|Crltwx8vG
zu6XKq8fqJo8&J<#f6U|b&Ec8)cC%Zl?ktkb9}LL88K!&&=DO{Tp#6omKk&nhFgFHp
z0eTO3BW^bSK60$+-$JW|?H&9MHvDRch)*4A{P~{F-kZ)sS$mfWru(z*F9w~_?W0Yx
zyM5r1{Ky_Om0h?uF~bpc1=po_=5Ty0cu<x&u3$Gn`dyEtBwY=<Pt;7qFqe9W$bo}d
zlm%5(>S7>7L_5>gOzLu~t1jq7JG;BMd&$hIs+fp}w;2#K9p40GL`G!hs;Z_T?U|a}
z9qt5N%<5{VDypX<A_hc6W}+}mMZ3Mb;C($aGgG_1MP=PxOyyNoRaD@t7k8?vrF;-K
z5fPIjGc}K5#oo2cySu!*w!5mTs;bMonYo#EX6?RYMr7qx%+6?4Rjp8}6?b=fySui#
zs?JR69pBFG_j7Y|GdU#@88bOB`8ay2n25>BsH!Q-%ew-oRaDT+xr~T*RxHeS$c&s7
zmuGjFFIRVUs;a7-nTW}ps-Z)bRaY_Sh=}Y%-Q47fndC-H&Qc7jp;#>d7j;!x>$|F|
zO3S;h)m94vs+Ov&FS9e1RZCG9GY;<WZdnfQ?(W$Ih=_@6Rd*M4RaJLl?#1e|#og6t
zRZSIDRSK%RyMX{hySux+y-rZ6nRiTge29p<rMh>=cWg#yX=z{@ao#xZQByLLgD%Eq
zYX)X!XRgJ}&Q(=cA;x6LnYOCKoT{NSGcR*hRa7ddOun#DL%u|0D`7jcH9OQm$jFWi
zqXO1o4;X{5N^*C&6q$t%by6VoZMFf(%=3FQ*lJGKInEiM8ka4@kq38ocXzp}s;a80
zs;Z<FK!y?B4U{RF^P2<<SaSv!GDA$L_(bxcnDQeXV7{~COy(zS(~m}c_OCZ?UPh;<
zNlHV6{%fhdwGWL$2Jr4i&@SYDe|1BMCCq;`<|3*+i5x<{;*ZLxqOLzD?>)xhmqq-#
z$x-b@5icM50KbZ^TI%w-R!nlvJ980SM>US7^BmEnAS10m_}ZTP9csUF6H#4FUSm1N
zNW8g`y)}!A*a8%R#Du!R{id=0aF#ikODJF8^*B2FAZ!{D#=T)*KRf|ly<392?_0NR
z$`_qYWKUiBc;_TtvQ^%&Ja+2y*-GzeTM>0+J9z8w@$JtA4%Vc-dGo6^wNrrz4YZJv
zy=M%p1ThdGKu4QyB?$zWm)*=pFpwi)&><{6dcVM8V@6A2voS2ll9ndh3JoeV`MZzq
zZ5zKRtzFFl`bbD&=Kj!AgFoF)78XkH&8Zpq00X#oZq9Gx?VjZ1@i$}XCbzyRQ~()1
z+idP9^%8Cu8gm9P=IR+(acp@Ikc}Wka`c3f{6ng>q^sApxk+~Mzh{2HuNsRjQe3p7
zx5qiob&{8B0(jfEZr4<^=d@Wx#t<$HKv>9B5}dMXBUTknlT@sh-Uo86TE*SsdS9ju
zG}y*5%370YWwc_O@BHtJ?EUv&Z?|~%rv4;^3myJv4t;x<kClGk975J~T~PHhHrqIo
zLJO~OH96>)d5EjM6$Mj+n?k;01(@Gk&SN}zf$=1k_m=w9G{RX<NvJFY0fZ#4g>&Kg
z_&xIv=iIGxKWoyo?j`KW@Xb&`WagrAH&d5K*tD=&a8(8%%~I@DknLhOgLSgZ%J_Z_
zHpUI40tPW`QAwClDXZ`2$ImBx_mAgR%5~z*9?d;>Be?wA&b01vtm{}Yut@8VH-{|h
zdUP2OO)ieNIgFcTfJ7e|h<wwBC#%=4J$LbMjVY|Dw5;1or7CJt(w3DiDV4TsN||M)
z7Fk(oQp%fUQp;LeRb^>N>ej7PEo4yElUmTz8=KyQA9?)#e*ID3`5jI7^XKdI{O!tn
zd}=kR>Tx&cY1?sW(HWZkLj1n{IKCeTMkRgykHPo%5AV)bCEwoqd943Hfn`AXz%~th
zbe;$ge+z&&1#bU6g6tEWim5Le4NyI_puY^mRaM@<f)y+HC-K`W+PS%$({5vy<+nN0
zmo%E&mNaCvZOwGn#bl<Kw3?G-wT+7<8=RswbhfTnE2XY-)0>%W+KcGb3uLR~p8VYR
z=U;1`zyP!fB=5gH?|Nl(+>r%QIpRp~cu|??-hz#oo?PncPH_auj*d(kz>pY@u@dLJ
z^5<H;T3K5vmReb6l`2`KmX$QAsas7cwv{ZYT3TvZvPzYeEiIDOOqw*cAs#6_cK7*y
z>)YGp{|4PX3+09Ta7&?cKYyEJe=CMN0oBdm&Agc&vhHgfqeVV$?Cij0^t+zAH9Od6
z(HmN~^ws(r{+pKRnOmI6Mlw@P%CW9h)09z0)=hIp=GNyoBAwW-oi?#!YZ{v^bC%_`
z*-3M9Ha3U|1~7(!ATV3ZNC-(_00yX19OrT9d?n?0TwGqUtIX4`a7ZdK-%n9bQMkS~
z`s-xNT_AgPt@W&k5XdsdoHX?=#ilgXs?yUYs}`#*X_ZrHQl++~mQ=E`rc}05RJ5|o
zEh<#mWRnoUNC9X_SK>YazkvBeH;EB6K={B+{{GXLPw2bd%Wc14@`idKPW~xs_@8WU
z^|5nKWy>L~+BP<3+LZ3Dsg{gwv14t^n(49HYNJgzIcvJQu5Ht82r-tlM2J9-P?AyK
z&gZ2)dCZZ7C`&g~h1~8Q_mGWe+<mE`SA2R~`Q(l754+$Cmt_$$Kv0tgB*p^<35^39
zr8KhArm~w#w@U3&n`KQ(X-!FKDp|EDRj9_SX$d^g`rm8E)6Mkzc6goLyTv6%E%y;w
z?D9#@<qAweQF@6cOj_u`ef?ea@9Xup{G=6o(G2eGMX?b^ySj^&x|ETw?zy>LHrF>@
zbk5F9x!JT_t;}~^Eo$bq&SrCLl|HwP-=d1XKm+(~`<L#%MtAa@Z&=KT);EJ31(ATc
zIp=RxyQ-_#T)ErLaR!YYM>^|V&XA5VD~@V0^7P`b5T9^EiYl9-yNDoW0D(Y$zcZwg
zNT6*EXkNAU;-(z`pU#UvyLZ=qxA~o6KI|X4FZ%Yx@*z>6&O@~l(p;yR^n`A294WJ;
zuzZD=ZaVH!d3}g2n-GUW9w}|_v-kJ-KR-VrA|fzDunelJOw#io<v@40cIK<jUv}ci
zf1tK{A2E~LF6grFGef4XE(%1ZoIwXKUx!~qA^rZ_Nm`@@5eg=zGLi|SB4SUOxXl`2
zq|vh*NsKz5G1n}Pv4u;6C-w*evGd$a4xmk0E>(OKDivoZ^@1HC+RGK*@B{H#g69tD
zchSq~r;W}gVmO+qtITf|zE03s(1UQ<!XR!yNfd-GX3s<6!`s2{o_D<wH*U-3B#C&H
zCxe2wh>>pcN3T{a5)&o(y<UDk-#<S$$LIA)ki|)1gqDdkfhD76YcMoM*tXh>7-pL+
zQ!;ExSv1ON-+Sx3^=-EA4?4N^bo0X~zmm%H?DPAZ=Y777@%Pi}^t^k`;lgE2J5dVM
zDUwF6)Ux7{O;yLw##>|Y@6Q`^7^2@R&pKS)CtYUt@@=-TGvvT)a;G-1w98bcF$7Lv
z&IJn5^qAj|z}l<6#=L#^k9mne$J=OFL<DKD{rpnWlt+d@A>>d%hR6&2Olx}6lCa@6
zp^3Dz(V%m}7O2LZOt#q&J*WjwDo{T;;Ma~g1QeAa3A%9#2K_9Lg;}>}!ZyV50G}v%
z60m}OxnUZB)xRU}Vem8nd|cfRV!&#g1<*~jG1XODR^BE?m`jPMw{|sbtRoX>(G*w?
zp)~*iNehOJrZki=A6zE`c(R+thfbL;+8%+%+~&5S)MQG@X2S(sbwr7Nlf{DqX^0RM
z4N~(3lAH3S<t5em->i=|Hj^Zas7#(DVnPosyV@4vECq|f86rursTbgy5}_V&`Y}Ap
zZFYIs->W~Thi$>e3<jpi;O(tJ*fq%-R_)JDy5|JlY=+Lcp(X-5Kkjx+8-FhLJ`Yu0
zS8A$~iISE{s;MZNR4Q|ta@AGZrBonQ)?L*rSyN+L)~a%>T-36wQfbzu%#bxw%Br%m
zwQAK>bgrsas;DYfS(jO5s@1iXs_Isir!J*xs;bqxtwl9T!As3ltyNV@<faU@ISkU~
ztt(7bYL<1&RY6r!s?|YNYF<@VR;pI1Rcfgw3YA?OO;uF}s#dC2wNkaM1wt~*)oQA$
zq?)R&YOPYV)y+z*<yxxMRZEnbsat_na<)mQGblDCX;RZGP!<=hs;EU;R!K_?&vRmG
zxdO_n)m3HbSF=`?s;O!fRcSDenyJo~u;yvnVU?tsvRZSOI(ccJ6(O1pHx{bsA>ncj
zcU0*cQ`u^zmbFY&xJ(5Tf|aR+oUTxoa_Xq8g;y(86v4KaR7GbKNP;z0T>z5St5sC2
zsbmRzD3Yr(CoQVgYMiw(XDUm=jU?4%38b{evsGzYuCA%fQ6(uUV09}>t5CyA*HWs*
z(^9o<2D(_08dmLY$)rY>TG9)(Qi57))l}kDq?=V$R;!~GRZ_LHmNhz+teSSJr7>b@
zC8>?7R;E~;RI=4lS*oj&YOJXVqRW9=TQC}BZl!8nRn1AJs+L-{B-E5mQnaYyUUQA7
zR;;qs5UvJZDVB{&)gqZxrnssgRf+{uK+?5HWJOk1sb!#e6*TG*tb*;FoXu4$Nrk5v
z1(>N+l^H-4T9VB!YNRo0*rjz<O6s;(XJ+MqDy3YAjMP)A30MNOs8uSds?km$RjOA7
zRjh(C3hJt)nzX7K5Lgw}1gfQJ=Bkydm0ZD9OjSiTidQvNRV=m2xH&lH>XmVVX(@D_
zfCGslKmb6bKoEcgBv1h<fPg|UKuAD_j1VX$NI)oJFhpixgeX7|h>|f08H5H%0Rjso
zfsB#>#sC2bh=C9wL_|P{hnKAp`u`?B$cTuDh={4m$=0A`JH92Yuxob@caaegs=0X)
z0vukdW@aPjefR0-pFQ{7c-n2W*bVgCNyCC0XbYa(lwM;^<B^_q%_X<#ZFsz>NNf<H
zplvobHcS&f$GM8l-BCE0n~!~*e8iYFty<!147L$4qG3b0j4~woIIFqp(v)%mjP&x<
z>AiDab<CS<TGw?(2-z>f=hXfr^5osR>v~)5=Zna+np}3}>$o-zOS;=~bG{$s?%VKb
zb&vGRFLGoHezuUf!ejlv>;E_Ny|eFreC!+!_H92qt&h(Y`Vwfi?Ik^9<#pyuK1-i&
zdu5%#oth4cI~fN<26N+b6d!A^RpLH$>n`baInmN{lOzz`+~rly7bC_K8wX$!S8})m
zloO1YUIf9EUg2EsFu67yi-lF$0~;fi${4ur6QjCP>^nPjb;u<PoM()o&UxSt6<ip{
z{J)PI{l77BM)#q@Kh!?@+vm&`{(sATJBnsyn`ZBO{|CLN5%O6CKA7W9O5e$#|A`<F
zB(scU@^uva_x7LMyl%}6I{_(F^~)5+GG%3q&4%3_o3`exKO6B2dsSt++tsr$Ru0lt
zWpGOFcMKUrZ9UrauT?dfgP6!CQx%VOUmbPUQgzaX`c~LEoq5kWJ>pek;hJAM0>it@
z<1Y6<<(uxU1GGK0;OYrq25e^M6NtSytxW37K5do`U>pIk7{RP0Ukyb{V#SMZo2JB5
ztz$_M188YP3=$(-#p@WuGm{#fWX)ycRy}XBz%usnXvK+iF~d|+_0<EO_Sx3>nzyHV
z$s1KXhi9IyB%uQB-n=(Cs;6dDHWumU&;o*4RZ6fZMsTsv8#24Ipci%0-340R)%zA;
zBW>0vIy&1e>=?bqsNQL#3>t0(h!~pyZb_}YRCRV&UuCSCXO5vltJw#;p_y-IRxWL3
z+cUIf;+C~x?cy%iC&x{YUtVB$Lz=!;nlD<cyJ<UZ%_gh4P?fsdT`uT?O(?FlUAh~N
z{sqzNelM@u@oz4{{;Q+u*xYG<C;I=Py?o@s{(@lIcKnwHm41_BuX8+b*0H)&x49)n
zYD#!;D`CtD1u9LWwQk$94$-j@k}aep((4ry63mp%r6`#iGd9SSWQ<iYflZ8}jM!uw
zF(WdNlFT$|g+_^%7)VCLH5D+_maoU3FX7$W))6TR3Dr}GDxhLaNDH7TIH{0`Vx0#J
zPso}GR6;tZMYxGYR0+TlB6?enEj#bNpJTrJ+50=+9@hG)lN|U^d3<HwzI*DAd@LV6
zZ+QE}A3f(UlLw4ixchg5n^hluwXTjv5@A8mele-z1Yd#v{d6xgGCDCUS+_a1@7?qy
zZ%=%cn5fh}QMTay;x+>0Q5m_D897`wgs{MD8%GSfn#6qV#S@8=A(Td5D>ICa9Wo*a
z1~d$45RC~5_cF*`U+5CzJ1@>C*r#>BocG@NUr8(P#79C`t8aVfM5FU^{(ED?_Z9b+
zt$sL&es^MbERk<v*Ur_>vDI$nj^TID8ZF!#$;>A1)jbVuP2X>Qb=S)8v#M?(wj?m3
zU~ow%P}~s>_0mgqFVwD*rKOd(=DyXn{cWY0QoVJ`N?*rUOES|z|8yb#;D+P;B3~jR
zA{%G4eT)7+=UV;m_xtbR_$sQZW@cyRUEPbjyQ-?0V8NQ*(!oS8Pg`7Ncsw!&h9)K1
z^hKllH6YleV~7YC*x2EXzzi!tabQ~>KWReW;QYw4e{5_upkoaO=Y8nND>7tbAUA5l
zt)R2HPplXU#$pkZS^a|McD8G2qkPs3AF+%Wtzl)O@ku@JNHP>;8(eu0^(0{}nN*fY
zv1(05#xh$n(voIt8*Esj(UPRnRHln2l%l@={~uqUSXT8CL+p~cfIAvUN&q3rgZk&^
z@yvFJ&TZov?<YXhLuoQH;x^uQt95gST<c;fV<ns1YU?1fm@$GWul5Ls3`$U#0E`G0
z^jFZeUy%_9;{@_3Aclhpi%os3vWuMtV0i!|8;iId<&0=egyY{NHS=iQ4?twxG$&iH
za<W@(VJtkfZKCMtNIty=ta#HxoaDe@v>0uo?^(*s4+|{`wK=l=p~4CbU~B{2Q_<$v
z+tmAgqfxIuZ|7DuNmQ1KqimWjC22HTHIl_8ixODUV=^|4B^tENq^w#>EWLk!cgML&
zX)RbBp|P{!AFsfd+xg^OM)Qx$(;=Ar#Acw`e&PT-8UZ1I(1an0h&x%#b;<4_=x1@9
zt$=Joj5B)gzFE^Tuv<wqniSNmtkzrQ&*RTL=bm)&w^o+S4FJ#rEg)Td2@&N31eO|6
zncfx(z=v>_IUaMpn=BTdwK?QQa!L$?%@j)lQKE?|s}@;<80s^}lO-85d*3u`@N8mP
zOMirG0cH8p$KnBv4KcJ0F*TVYGHEt6nl?5mEi)!YTGEW8MvH9IBN}ZCV(Kl$#Na|o
z5PR>-nfL3K>+PqDfO8n^e>R!=QM<YW-tfJ5pghD%ynf%8K&7{g@-e!c#t<bvF}O$;
z5RsU?dS~DzA)vY*1L3aKzBtl@Wl5h7`_0z8eNN|4I09o!hjwoWz>HxGOE|S>Wr?+n
zo5C<y7-?fvNFtbu&Z}(JeHuoMA)vN{+4hjS&>1o!nUAAm8XHJ#0ga7l$+S^Ynxk1Z
zDk{dtlUX%m7K~eFP-!_S0F(<IeB4GRJfp`awCZ5T-6SB{m%G}juchl$qe&<$HM2S8
z>rDs^A7gV3xtW%dN`WHub@3mnpFefJ>%3=w*U#TS*t*uQCL82$vCWQ>RPm8(Yd(c?
znjY@_40wKk1N<LA2|W<eYhM4KUoLw;-_OtQ_L+XY+MjAsCS{we{28H43F_)E@WMq6
zAD_JWlw%1m+>@bJlTyL7jsFG$L?3$IEfxZ3%ni1T;`m@clc999gWUPeES+Q<155n`
z*d{bK4WKkqSuG|s$hI{m#YUkjiX&8NO&U!aHI1USG|girqiRZ^(8dEyV-UQo$0W)~
zO9AIR?qBfhJg5SeAqiqJe7}d+hB9_%2oO1#sAWQ(aXdNX>p3~X9`3{tZ*i<xB#7!G
zP9kPRC1^-${ssMQf%Gs87GKHvtz^Ks!LcJA&%>IXC8I%TW1xdyGJCkj(UDg*+f(p>
z0zR0!7`+`L)V@G<T|j2+dt-!=EF1VdFg6kLIg2=`K8ZG)2AWB<lX6-p)=ZY7q}xWU
zlu>L{YK;-B%^PDDqhnH1YLh0aDg8YAK5vTBPQ&kE+cH~+;E0ctB00ig(~Oh$TSyYF
zPaI|LHKIp{na+flHcO50(~@d;kpQbv5def*5<dEmr=U<|xA%Q-cvy4FDjTGZvy2yQ
zdSF%1tm!Z|{Sa?j&|?WAxzt)I7W#Rzu7HPiI<?{0v)aTXO!J-|LhbY%H=(h&!{|1F
zrVMBs5c1PCM$u{wNmOjjlN%bvq_rBv%EhBbBNZhZQ!0|Nq||CMUUyhX615f8?tVG?
zefEouMQX8(cSxOVaF8X;vzo(>M!CDcZV_9?;jScxXuSq`r<{!-7c$|*Ll7cB7BT1t
z&<{kdFGL#LeFK}VqY&_j>S!quP7s^K-K~>mA&`^Y2AQUG#iVE>2EE-(shIiH@Y#4~
zTPqmCyf=vt4gtWd81c!y1(eyi`LEqcX_X~qGcstj%}l0kCS@kcsHn9SQf)?!qf$|$
zX_}IZD%Nc+rqpdsV%ocV`sdLjx$XRqu`)u>a8j80F+XIM#@N{ByPaLMfDB%uGt_c(
zRW0Qti$N_2Hoy^<2?ex-762|@df(D@lBOLG6HgAaS)dnGYMQFas9N-u=i5APbK~t_
zO6?tN>+|#P;V<`hx^ds?)K}|n^-AmU$<CI-g|qc<kJ?rDtJ3|I+sZ!a$05UI)1|Lz
zI{71we?A{RHpdYT6d4#L*q7o=e^2u#{D%L=l=aWAS4Z#ge}Ag7zf1mp?;+jpEKFp~
z<xImWs;_ym*OD(c?aqJCFZ?oLW;62D<iGYeVRBR-nzj5Nt?NWEhZx4FV^rXBFqQ?q
z^<gNhfj|td`_L?Rqy8QU--u><a1ju`d%pNt(?{c9MV8drHY~|(ZwlpQ%`T~K%Ux4!
zvvTW7mQ9^IXLY8QmtAgbZMnBLG+H(*8l<sgsMMQe+9OeDv1vBO)+#Eu>+kpZ`1<$l
z-$tstNeCoMy8dr9KMH*Nhgl|j!CH~vK#g}71Y8$)d(z}aVqHTJ4;xwKX7G@aV8J0$
zK%$R{eJ8;mOd;)+5Qfi@I@{TW@s9)~j7~le3h>q#LvH=~gt1~YV{bajA7P%yw%Dsj
zH=~#k*kBs;h|>j}C@{fQ#A_HA0N`gUOnQXy;BB=L=kHtLS(=%lO|~p$H8yH#OiBuj
zRLWvT#)dH_3>Xw;0u(Bq_CF<ZEx{^?b~RKq#1j=%fTwP)xD$s;QZ7flXYZ}vs>g6~
z?~iY8UFq=Zz3uFZ@TkRAILf0uAZeBe@{iG#1awGX;JFE9HBoX~ih(lfLW?A)NP)Y$
zq(f!Zv0b*Vp(`wwM3SliZ8BmrXghoaZS?$D=;EKZwqL#UeX*Bg)8u`yVEfn}&zq-j
zgL^(bhv#2>=Du-<+`uN^F0qaFe!gzAQ$@{G5HbfX1eXvnD$6W$Wujf7B7}tk@Cr(v
z6nyD>(YZ{T@InwN_Ko8=oo9ROSd98|bsv50$G6>fyxw;`-|YOnS$t+W1GzuT^mK4;
z^Zb8Gr%*xs!Hn~mv{-)!fCz#J5+S;6!GEZq!T7V^oZtEWlJEMsaR1uqU%76hOTO)G
z9&HL`*N1gJ?&@`2_fs4A0LBYHM<jqSVuD+9L!eAxriUbexj@@O!?xTwb2^M->Bhtq
zu9=hqb4JSMI|l~QjxA>!2?lsGX3;v}EH;4)9b=uxEOW7uHb@S3b%E2PlQxwznd~{r
zJ1N-&&l+>CS)Ay_&ge0q3~ACg2TlVBV{QR5WW-BYCb9$B&;fGmqm<@s-2G^4{tyFQ
z1OPJ7G5{9)^0W0{U!ULk{QhO#im8Z>xz2N&&U5fjUuGI5iIXxZxI|4kM6pc5+4vw3
z^}AmWRF+p~++Q0VMNOD*I)+1f9{6obxmYVL?cEK{{{);5h(iwLT=oha9|eO2Rc~Dr
z0B)?CcVdl-dg`Y^Zy_eMYZu+ctSx7CLJ*!F_N;TOZ+j?5P7u4w0pS+$mp0d2yy=-X
z#a8tV-jwR^jmQCGZuczOdM91kvMweeQ3Nt8@DXlR^4}Me*H>?71Kt^ykg!{xDm1ga
z#c8|ItTccHAkdJ2O^6aI^Ww-^EXs<SQ_-DR%O(ucYAD#nD_V^P>O~T|=4)D}icCht
zu*+0gN`!XXu@0`r!L*o~O*RcFcHXHxn~lixcsGm2-x}N660B(oYTg*I4&!iRG4FAT
zpx`ZbFkcSdHCcIexEZbt@XYh7TdzfEH{OD+X{avYGr3l864MOJ%*(tybssY`Z??v<
z*k)fz?AdL*#-6JrA$4R~C&G=1BK4CtR%jKJ$BFSH$Fp>Mvv9jsz@b5i-W`D3G7U4f
z>fYT6*l)YI=2nrsMd0d`h7hm}Pj20E_JuOsN4QlE!N3~^Mb4d*;bXy?W_#F+DUm5G
zhU)4}*K3if4P};0K@yd9)eh#O(L*t&V^>^YB+7?a4XCy=ZkP;cZE?gz-XAX86JXvT
zyRuSNSmF`NQ>Q59&JFk9Yqy~Q?0gRH>BHmK$H%?!niqU++air6Ce+$yQbwqlDG@D<
ziYUf1LSZ9Dgp}13nUt9!R4LbVn@pG*5{hAD3X;{R(+p|?4GK(1X2zJ?Y+x8JiXIda
zMKRljF*jE&Lj56;Q;Hg4M^Xsc@MThADyYQt9zKs+^j~Y^fim&OpC5OS@3*AzPgGt|
z%50=Wj8l>~Q7R!Iq7lCkZ@zw?ci#8F8n?<PyIH)!??-^nL=b475XpccMxugBsSI$G
z5QsHL0qmXdtn1~;W{0!9J@0#g?fZkX&#%kfaT*69%5gvjT)UfYL?AKIkJM8i_stl_
z0%_hd?SP9IBrr6D9(Vquf8}-mJfAq_@%Wrn%Ws^QPv_T(t!;S=OZK(vHrrF|C#fvG
z86LM?oAwoX>v=^=T5KzByrGSz#gAj%#rpY=mFHg`_pWO%TXEQr1LQX#kM(|pK%x{8
z6(mlWe4@YZR5C&&$}~LdxvxGRf1ls^{{H_2iFbeOL%u{nyQ-?Gk(E_W?jGGy--o;4
zefP}m@2`*J-oI+rpSRBu$t;wXYDt<DW{Q@`j;$$mfiI>ZUAn&i$IW}*Dx!F`Dx1j(
zHKCei^PKBl$aHWv7SiGFG0~952bPgtU@J<<aBhPd9V~S_#tj*#{3}1G&PbV)8sFQ^
zzpt+uJ#dqJjW7B!v@l~EO)&hr$*3k-NuAw|5#4lSVG#|n$Gv}DO`<*KdJ&<ZKw%M2
z-^DQgM49KW^05#YtL-F^YdYR|w=VIj9(8=y=?N88Cm!?7){MXiMi|(EC=x|2RQvFn
zKnnx6`lBy8zp=Uwls>J^VPJvhmZ>dJGF80lu(ELFZI$OIAb4Qupd$OzFc4!4NyD5S
z-V-lvHYUbLZ+wh?aD3N+!^6vx+J=S+ubS)6d&0{@Xg@khwA{>C#F0prEJ>m&`Pc#p
zSUL9G^%d1GpJ(PolwPbJwQAL2RCI(0#(1)D#$J|7(Uj6ijcZwn!LrDA830Jx2?*4`
zeuD5v%p=%AucGFa1zUr1dngGyoTjoE&RYuf4`Tx=-XaFUPOAnzFTl@-aB=N}7~Xzu
zK{#ngbhAx>HkMoKRuf5SkioLdb%pTk3>}7{8EE<6&bV4jNczBRO}5%>V9++xZH*?|
zLvLN3AQGZI?BtlAZ|ngJ0e;{1WPi=K$8%`1`Pa=CTYov{w$iVaV}<VngoIAdI_uNH
zDl(Sg2AYnx^z>s1v9xg%%sZnj!p15B%Ry}ppHy%!gIE|l)54ln5M_p|rrPRJkj`3W
zZMTaGEjb@qv+3BoTF(CLA?Tp9A4b?V4Y*QTQcDp8WY#<1+Sw&5+J1ZWmA^}Zem}Z-
z%aU`9l@*NSiRw;j$Tw2;k}n2j#-YU^6T_PDN7SNs*L{D!^}o;h*l1Dzd4kve`?N6w
zVHhW-CyKkx-Pu=(b*ywWBTbEuFxI}cr!afq;e_|aukZK!|6*h6UES8TpEZuZ-}DPR
z+<$Yo{vB2m9K1^_^dCzktzeR~RHmxw>X+%@y@=W~PT<xFCei?L^9E8#O5pj(i|ab)
zT7VNZh-}SDGjiB~{GarB=@EI1o8d=UT|M3mb)z`XC%v~6BrD&Gykr&yB9}q9#-p3U
zC3%?CYpn)CuQ{CegRyqCo~$*yW!PFINS*JI)Zj2_jkX}YQT+()3p)lbneiVdDwH&j
zUJ?+3#?Sz0>4q)y2FZ8GKJfYMBO-+ZY734T6*g*n_X$`caodW6dUjNGcm$(EL8Xn5
zR#(&MSG9B7p+NkK2B<2v1y@|6k;tTJRF0PwNi9M2-YJIB7I10=HBwy5MAS<cpD~q#
zI1_nuf~{W+bkw%(nQ^Ik6<eXP!xUfIs&wLXDblZW6fCf8TG!hHU|Fzv#2-#UOsCcN
zwMy{@kRuxbA`bC_`{haVn&KTUxdh6rqrEccD0G~MpI~?_K_M!UoYu>Ct=XqrM=Gkd
zlJ8p~AX?Tf_>Tm5We_+r@g3)~dfJTBh8;At!fGYMDhr!va}tSM30xY;)i{LPxg=qM
zwxN{e8}0y<S#fbYIjTiukor$S(R{C)?`xUC8U&8GfdLE4K6B?o)cmQncvFk38sS;j
zQK{LKw)I49&;4jX)$r?>uBGlDRnd&;qfeqUCTa@Y*^XUZ+qPg3s~>#ae(OgrKL79c
z;)4IU10b+F$(4_<E4DpfkGI=?*QqeBr;5u8X8zpt_wFrT!#ufmf)|7m`qv%dbD1c}
zsqK;ad`K|}xGZRV&|&d`f8T%1^zk(RS^t0U{r|H%6O}U&sJV!YfHGuEL|fcMK1NJN
zdfbH<_I}Uctl#U*{Lp9p6F)AiR^3tji}+crMWu~+NKnGBVORV`VS022L1mBF!Y7H?
zfqKC?=Xvt@k^soGQ~9Ut*T{t(e2(>tj<!y*d7S^NR_Z**eMcjF*7v@+TUWczE-xdH
zL7=<8Po};Bp!v|9eaKf<HeA1z?7;Ah6E6_GwM8lK<$Ez$j|0PNkEYB4j-5VrWoFKa
zprH`K=)7Ydo9GtN(3qEF_nV!j2AE|eD$aokNjKM#8^~Q<QoDpOh)eC^&Eu?b8{c|P
zv-P#_5N!QxgKuo9>G9pJ`R_dE-+O!GlfDS{wu_Cv$24mDJMVq1y%>4>A8V|AzO9ri
zZX&AX7Vg~DqT5p=2phYJVM=4M#t&B49{WFi_iwk#7rcYzPnv3&I)v@nAW3r;qLX)I
z63T`Wq^spDn~TSfbd|n0#^!M5#@{cz+yj)8fm?MkA{z>_s$!FOHtjcaU?mFxI$kCh
zRQ)1QkfaKTs-sd9CGqOuwZ8SEz7vCa+v3OL=RrS$32|1cnr$+o8f0Sei^59=Kn{e&
zKw!WCmu6@D{u=!L{wF_t_5P(j#mfD+^$_}=PLAbf`6Z1s`|k+e+tPf%)b|+0vT<Wt
z*dPG#G1io}>1z>d%gd_iOZm5{K9^RtUDLR^8QnE*=UsH}W(O`qCUdg8IOi@h<u-W(
zot1b&12_;~*+Y&@@}0)T!E#P_9V?C8E`ijfl$;Lhu9*qVIPU5$?n>(H?#r(2$#-b}
zYhT-W+U0Tuw}_9g&%yov|6(R}l`#))tAFv5m(!qhPrU$S21Echl`xkx1L8je5kFt!
z?#Zd6S8V>pR#^SBK+0}^JkmJ#of?w5cn3i8AU<3#Z!ee=j0>iAI2f$u9KB^`1xGVw
zzS_;-4xDE5;jeSpP~tJVd)jd!a{CXtH69(v`tT~8#IT-Ua&Hr`^GA>*)!E-W$xvHM
z*X-CCK6kn>`D}7jt37vX4lWYK?xtpC*ZT<J*vd89D!wA3%NEWDAJ30(Hn#@>H@NQ!
zFzh^#D4<ah5w{h3-9lo}3qTA&(h>ooCJhe=w@|mZu5=YdPT;6dEfDVvmx}KeV9!y!
zVwLp^n^!TD1l*f$^!3N=-Ni2Wo1q<J+QDLHRx0h?S`g*ao*Nnl+p;tRmg>7L-f8Xa
zvT*{$=yjVr#FHwghpZ1Gv}mzeD!s5|=Wc+k+@jpB&6jp`3Bu}*+XnjUtE1s))|{+-
z#ks+5?oL;N`<$V{VSZX1lWpE<UITnQKt2;l7?9FU13+~f+}vETTO#lHku2O|&us@l
ziauZ@^Hs!bhC)6B;u&?a@wb~!cosD@)mnkyw>i$b_U63Qi5QQl8h%YmC_f_tY$;9=
z6qV|9YJ>6><XuHn7&IkQe)A40VnFFrL3*kQMKG$U`iM`^Pb7&+#}G^}RDvc2c*;em
zRZ5shH2lGJMhQWRuR_&AB#s8ck-DZTQt)yXs2~tkKr<jQnh7Wppj>C*u6IYm{^c#3
zSgCxg%P|2rzvvzJ6+wfs*jEX+WYGc*wAvCupPs2px7E&ZoMRbzrt~2!6w1f_3~2rK
zAKBNn{{3IS&q#QXYQDQ2uaDmURhda$?(J(j=FtsE^@}k#)#{?BviG*i+iX$_f-9dz
zo=Ak{COJY@7K_E%eqRv|x)5xt;iizYk5;`+QA|gG;Ls8n76vi{mL$JPCV$c(g&oN%
zV1hmpOx%M#gAJe<Yx+g~x?g%ezih+)|9`Ra>b0t?(5+Ud{?yDsh`|CfV>L1cL`FnL
zPR;ISh<oTC&#|oiS#V2ENSVH1ET%{_+oC^pW1EgiGXU}SGm^Go+`y03mP*S-vF|#_
zS_@%@L_r_MeZnstmiopK{vC_8o`>_E=~;x3z3;B|cFb=*AVQ>LT(;%zdj4<b8P+cb
zMzQn#LabsAXFX$)dAjOy{mx=AyIMGhw~S&)LQ7e7@Lx}Wuq<r*uO_FRa~Ft*4kgQf
zXw6tY2M;~YH<d7Qu^%OMg_s4ZN2fq^6=zK?KX!Y{NYId{V1R(p=F#$TKQG)AO#H0o
zqdBJ?)*%O9L;^`8uAK~w=jHEt&LBEVy_?O8zc4tF0^LubSdVayyp;8YM9}jJST-qW
z+Xi#2h1v$!jLu;gj`EJl!~uh_m`2*$RUA38((hQ5NXGo%d03km)?P*`ntQ}p*e==_
z!V6l)4#NjyIL%@aomVbnd{>i6gkls+D`*A3IuR(+JH%!eNR30cI#=9K@fRyBy3K}t
zOL@d}=I5H5tA)mI-nT`M9fO3By2Zak`#xw*Wp|l7Vul~{-KwCrc+mWz7OGgAPJzWE
zzc90F0Gi<urV$WlMXtiTF&bjdYiQmuu2djVyQrd=G~v8KhE+}wU{;f5L4a@PTG)Kp
zb|4PW2YqK#iG#l~2oE+8YaV01qIC{<tiL?NbvdJ7K-jvy#g4jlRl%Bq1dcHxnnqY<
zoTvm#LfZf`(Wa6!+i)Q+_~?F<z5l<z*E{*oeZv1$XW!p{sc1dO{c)-JNKIT@Ez&r7
ziM!&K-B-7faV?a7c>`aeuMVkbt9KLp{{DVFM9lpPugU(zJE~f(3HS3)T%UtI<KK7P
z9(SGq{9aCLhx7-*ygjo&?rWp>!mCeNePE5-&YhafrFb`k`75y<qg&Z~WA|}_vV@MF
z#Meddx%K}ZW0jeVXX`(Al&;;(RsWxd3j03Xu3Jlo*8A=aUl#S>V}Jnhd?-Yt?vg(1
zzZ`MTT^hph#&dwmo$7S)L>5M^R!)R;iKXL*4A&d<?d-{%Wf*<3re^`7JI&(?`a0fd
zd%$`r$g;DA!J1?<)#qI$MdlF>9AqIH5=S^khYa~Wa%zh7qNZ`Y2g$Rt?HPwzK8XVA
zI@sEtvTJ8Ejb!UO=#AnE!8ztGClT1<K_$_zewh!82e4`BqwIS8=Y}%dw%B%A2}=RG
z+#@xQV|5xv4eA6|;Mb*S;#(Jip9Twgh+s#~Zjc4Drux1VcG$q$&SVN}zcHJS0Pr%a
zL_O<BfUROp8bB_b$U)t1I&tT2=!xf)>m7A-c*FWFLdJ;e6ir-bS1>atCEmJ;Z+M=y
z*y50p0bYmG=0LzfrK8>b^Mw_NstQzNFS62#yv8EDJ}lK4ZCKe#WO=mb<1CxFgvKwN
zu$xboqmWp9G4MykWIlJj1$O#-&<SPE!VOPP&tEItC%BwTyvBY@lCzwcjLIi7^byYG
zM>N*B`8`f6g~)X`!m~ug>sha{=W{hRip7RdEqhu6099H3{r+;&sN>u+=b0_>rMCY5
z@9JpPSNl%Xczo&dpJ7tvmvz9|NF$HCo%$8eciU0FJp9j<@^vYCHZTOs6CnP0FVcf0
zD_|o3fcG==;Q9Ripg^<wX>afLKe#3$22ABl%tS;(zt0ah5f%Ohh(B%J3%Yj4bBirs
z>L81Vp0%xhwXuHz@Scrv;$>5T<c_4?BE37-@P8*@b{fI&xhA@d0ugiX++ME+#Y<HD
zW}1{OM|_KQ<d~~tDCC~ZQByR@*ZU_mtz)hSSPWuySX{X^Jw;Jq3)A7~rE=O|JKp-9
zBRPFlmRHxMj9rKW8q>ybbQwAt1;&JU&<n1N$gE%>Z7EVh5?h%G1Evct2s4Wh1A%DZ
z!D)fU2?vCEpeRXoP=wk@GLl4SP`m50#`;A2aYPkFhM|5GixNb=;EYC?bPW_3s%X)G
zRUZ1iwpAmzJ_C)B*BfhAyM1q@aH47yw4&;!%TfqHQ<rq6?aVY%eQl@RXW7JiufBPG
zo44Newm#%LNjFYq-J#h*P&-zsmrX(>iY_R(HSzBbzCL~Md#APa2W|Cv`|DlZW{2-@
zeJl2Nz&+A$yIhZX?)&dYp2yB{*g3t2-+kEM310TmvF}J8``3JH?)%rgcFaC~W6nPF
zi)8zD`!TfKG;M9}Hv8Uud{>LtyNlSnYXm$$Z>#UN!EJA=&yC}UJA2i&--WDA6fX0C
zrHh8n<2b)?lCBTZ0RtEe5E?TD-*a(KpXl>9KL4-Z?|a7Z^u&CnE(AhU-udG?-<{*W
zaNfGtS@O&QLja-$0tPTiZIZN>*O%`vUEJ*j93|U1+pg-DPO@COb=2&*x;>S537#>^
z8N-Jil|fAM=VM`ZS33rF40k-`bJ)n7nOAIQ9AI6XiVK_@3XTp;^RvT%af6(xfHLP~
z6jQWjWrJTutqu^;mVp+Jl{xwM{QF#g+Nvb1hGvKUPIHDpXCVY8hY%tfNw7_tCwbu$
z^W{~4KgdD1x1#`NZjBCXsUP%cd#P~lU0t=&=@WyzqnD#LlNoccWC-aGj#sL-oTcox
zGT7GU8|SFY6C0+hmGo@3UeEm|%Dmtp_@zL7+o0y+e!q(BZ$U&^s?jeio+*;Ja`w=f
za=KvQ(*gg+<zp0n8sCRJYvF@Ea(pi{t;|g+!Sq+GJCw7)fSuDIl((EjW(?-G+nhw`
z8Uc-rOKB_s#3qE8lSzUqG*)+%ZyP5Hv$(s$a*m3wVBH|XK>MKW)ti~Cf?Y&h6zw8H
zt%7Cfm5%uE&Jr3zUO{mRzcwE?A9h8eceI7M)l=IZWmxO!5Xqwg1!E7G+S;L4R}>Y#
z#Wh<5cmwZyUU3EH5hDynq--lSDp|JLQIZfg$E?PP3lJJWb5mG>)D&EFizI<$Q3FjJ
zA|D2EDTtg0h%|s4NVP;~cV!P|abVU>tY{uV7JcM6A!KPDWsoR~G<Q9`c2?EbU3GI-
zE=8)tOsg17L;Y4i<kh|EXOV3_xjcA?i`321g(=pxW;FM$+#8sQQ#+U|kW7MvhJYFY
zh!~K80LPLOhlg%vO-<d5nYxRJa$Pk_snSKLD7358Xq5d`NJ@#sft19A)GmcEMF;^k
zOi(F$i*-^mSG=T)#w37#^){pt)QPH4Dm3VlR0LC$(^Q+1H6WDPs!7z8q427p(S#tR
zEmJAFsANo#U^Ie~prIlo<)629bDh=$1>Q{+a^hyQjaWMC6~EYo5VNnF$zVps&JzI0
zz-g9qF;A+*^IXyW`hR8z=8b;}BfH%F)Y?^dtLLWwuF-g%?sl@7Ra4jMPH|^*&evX}
z*9xBZxy0)#)z50Hw9|sUHyoeV+uq6S`cV0My61U*e{#9=#+2_p_=vA+s-G@8-QG>D
zc1yg^RB%rVan9}It5$i{>O0G|q&D)US>kOCV&!I|*nVcFX>;J3W0;pNHNN*gFGeLq
z_R?zokok!iqqNgLl}DNkxmm)<=UQ#!h!^BzUqPdK-nvL@-vVkWI~+ck`O?x><)Gc@
zaQ<_sIo`iU_I{N+*s3Vno7NL7Th;SrUHCcV?)L%ZaH7xS^!{|`n=oK|n*_S)KP>A4
zAC0k~aWAqcuw6fWnBBhn)u;o1Cu!D~itL?MMtDayej&9Y#k)rJ`d`yThfhV;Ir$uS
z-u*S{&P@~W=bkFbKYDkYUyI_7(4O(Rz8-g+eq40zd|Ax%j}nOPcjQ~=lYYh6O}cSd
zZgQaUDOwhatgF6ik<r@j<z@RD&tn|FiG0OnZ1#ly?4{E$y}tOQAmQSzEj1LC(j@S`
zviB1>d~QFx@mf1`(vC3-vSk&)&A$G2(iyUq=C*1(f<YQ}4H8;Ww(h4}H1zDb;Iwbg
zlsCAkG{k=Lqaq6KIMP>2)Z@NRE3`h|2PC*`W!v>}?&E;1`p*%(lBDj+w=)?sBCOSu
zrFIXJhwM%rQ`YsS@Z<HlhHuk*I@qqnhONd@+~=g~eOyT7Q6Sw$ESUmON9FX!Z)vye
zZ@7MPkDK3-9uS@0;iyHmb0N!w2*_(dV8O1{IZwClkG>PpSIgVGZr(WYT-0+s>cQ%p
zV@Q_uQ4T1AplC34P0(NggbZUDxCX%~OV-&#3q3Y|Bnp0S;{SNRHTm;CINV+_i{tyX
zjqx+!UjYrp^oE!mp7E~u({U#=Hj(se8}B$wbeOf|Y|l;>&3W3o?t3S6Ys<1Y5#~6J
z<L`8y_g<8m{1)+p4Nw*!P=G8A0sd?BG#yDGPm&UXNFYQoDV{Vw|LD2<|2qG2gup*>
z=0|-y2A6-+<Nx3LknZ^r0A@wIGca2g9~$pB&K}AK<qyC=VSx{@2lzFifN_JoFk>OU
zY!*uV(r+eA2+K2P>GI&nW{21e4QLpQorWvJ&7+2m3`g^L!B}Y&cS=Q;UOmni_3^(z
z*I|e|eGKdFqaGaw5N7s;@gRr~#-H<CB>o-1+hbQ`Qv!cgC0q@SjklVLW3m{Sr&OW8
z$Vo%BLHx%#_kXs{ZGIv($NY?#fl(JTGczLSTtmCKc58dNnUO!L6?b=24&XB?tu<hX
zii(jrRaKD@5fJY66*HApRd;upnVFe)byZbWR4TIaW@ct&Ow8R~i@UgpK#A(5ySCFa
zd6~~Gy~(7dtg32OTD(s9N4(abBOUNoOyy8!Rx9|;@%~$dV!KpC?5eE8#m&mZMTm%p
zmRe;>7}w@z+Nw$?o>wD?nhUg&?fWrRAVfR6D#F^T<z2nTWJE?lh-O5URGVgnRmIPr
zBTsjj$eEu3Gkj!3$jQXGSoo_QzelMjDjo8tpkNa-F_7->Y#QGq*^v?4nQh&&rPU=W
ziF|x|+(blRx~9pKnU`#~)|<_qmyU1cAD^4xx%fCC@Vr86=j>{Az5FXIB3-E+m%Yz_
zK-SoXx??H&olzOCUUi$EOinS;d8pBIlmd(XQt(QW&*vy5Qw|`S2>^m1kXi_W&_sCq
zcks&2s=98<zvc&+=~|8m;xb~xD;+~_Av~Gu0gK+~3a!eT&<23rR&&(oDhtX4v_5&f
zzanY2M-4^^-1m#Om*vqOqg_pNN((bm^@uT*b}|RJ$6Z9n2MGyJFT#8hw6Wbi9o9tl
zW2#x2!|Of8=8dQAA~tUdJ3EXS>#02O+QoK=i3UUMH>W|ksKvRp{TS>^w5?C)Tdr+v
zjMoXBZ2%QK1tRa)YuSrmtEH>`{-@>4TPvN!OaA@#frsXH{eHvsfM+E>mqv<Y(m2GC
zj$b|>4?spiA9?qATlt9`l0)aWpu#UFw_OXRv)eRpJsgV6vgJpDmr)O(5&}%-uqy@{
z(Fy=i8J)nubpVV5Juj`IIOeq7_dFTw`*oZ}>PCG)6|NiJIwr@nG)5mKi~&TL)?*$5
z-|o3o|Ig3uQYXCWNQmFxe~Cz`+5M5@l|*fd`PG5W-C1?28b&Xs@bP_9;DT%s0{{X9
z0CEMe2j~I>#t*;X&@P{I;LmymPy7A*{F@HU%+39LhZ7MF%-BIlpFe<0@DY4aeje9$
zgJy-#=p_mGx3qU3vHRqL0zDdbU?mWZL3hdZJmUpUjp%K6dGcF9h2VH*wGJb_Yeqzb
zFE$WnbZ;l>_`iOMvoF~r{l#?!v!jFUUn_JXK65*NA_!Q*D|7oWArqjZ#J{7^Fdg`O
zkG$XBE6<+g4&Weg5Pb1)i=H0m5dw{c)Yujo_^hg#c*L7CoQpk9snQwQ@a#uu)&swu
z9{bw&C!9zF`s`4?;JtEL!*2y);rwxo)LX&#{YwR7?s2YSuMl#&HMmmN8Fg7YCelLA
zeP4mk&w-PvUxyGzE4d~}O#=<Erc+STE{T*|20t$L8!>}S(+Gpy%?Po8d?tcX3lLih
zh!nu!_l5X$0ni)D5SN+C^15eCGyoe0b*9fTiX_qUJ~5S_s9Wl<?CHjLxQKezeiBxk
zMxaS79l63jo`LC*Vy0#N-?jE&vB!T1c8yKN+j;R0JkFEGE8AP}UMSIyuuM{oQm&jA
z-AU=dTo=7<xwh8RLqkdd3`;_qH!or0_k)9`G$9w4IHOQJV3mT8sRBSna~!SI=ASy{
zL`*4?Hu}6%puGL9xQVoZM(5EP{Wsrx<YdSD5d5F-Y;V~=*=M5ARH^>kzwaF$A|@tg
z;VPq$$%H0R<1QgMvI@q~XJNHZ)}GyPp3<(o&;anj2j~I>K(=7d{JLR{b{GBp`-q7B
z#6(1Yf3*>lGcz#}cS5qOLaQO~TW_-R{p&-|Uf?~B8J~AxPv{ruSiWIQGg-S*6DIax
zzmhk3OZhqkx)R~Pb=MZwKi8cI1HSdng3H6}Qf0|s&&CIb_$<j}pX+m4mz=*oUn{HQ
zdf3PCW^yEW09&tq9syzVe>J@->k-jXO}e7#x9o=wRg{j_VAA>2qZwm&cz5BB2;w!N
z_Rlx4y<|Wf&caU6k^u**u_PdH)7*to4WUWnDxz-XqMH~+#Z(}H#gL(@sU#_s#SR>n
zG8B<RDU_4DkdVjT-ah-^e08u38{c1c@By|vfHCRzt!?d$SB3X@&z`pi-+l4!_a5`C
z813B%ZHs2P?ST3n4eu1v9o>;3Lb##T!Ymt!bxMZj5jM#sP}nh0#Q-oA&A{%ET6GTT
zQAiluX`!c9<{1?Vk#ZnGGE4yoYT}}b6$H&9l`=~vL7~Yc5(AitcM&3J6*Qp^YN{-;
zN<)h(LWMP6-tNimZ1yqX4mV?Z`vtuwH#y<#a}N95?#Fi7x7EBmI6EH3cH_Xl^!2+u
z8x8AkcE`Q<x3Sthw%v_`VIG~FdC%9gt?i2U*7tpriK(Clfe0|-2LgADMU!^q)Ds^3
zzt%CXM4$j&Y-mXOF(-!qukYr({_~%_y#JkN@?KAd-TJJPn*4D4@2jCX$~d8%G)6hY
zT#8%d{K4=I3>U%(5DZ|lK>`LQA&J&Xy#1EMWB0qc&DUMltxLH%E?08pcU;FATyE>4
z=H}$NbCkI5ax^89)4AEJmUKDSW!mM*w=TH3bgntYInM6aB|Ec|obH59x_4dI7^IqA
z+xqK&4R7q*-_`rMzt892`wwsaT*LlEL|!|)s_VcN5r7DQ0GRZlq}Q;NCYwAjr}A>&
zRPH8wiu)oA4>&)twkm;HIkOgj0iCyf&z^G`=%a}m>NRK?HOMhj0C?YJ8Vc`;HGPpx
z?it1k04ILjM!f93p}O^G_q}j%H&_L|8d8$g`l@xDBbS4~4;#^U&tXE0m=Z#qFKIPx
zk&6ymxv2MDOb1*#@_NSD;nKzr02VE~c&j<S62}Q+pHv9e41OwFB_vW90}#+A13|hY
z6Ij-aR6Efw==U77Y!S^jmZBoFZdL0~OXR&{0uEZ%tXwyNNEcl8V8GQZxF>I2wHFP#
z#y51l>NV%RM!^zG;L@t1_SR98t7>_4%;q?6YU0B+tnlHxq+h+h_n7d(;3Ae2<<8^Q
z-?rGb+V{YzkG)p5l&9gzJM11En5#3pn_HTY6c=!I4$RrQ@x1lt#l3WP8jVIZRx4Fn
z4|ji`%fI6!Klq2YrtxpB%%^cTiQVgwQ_Y&EJGWllcKUfw6uVJ|m0@bBau}r0#E|EX
zbJsb|y!P$RcIvs?wS<9uG+|}XZlnMPOn!u+N{^dW4HqgP>N8LmJeZ+XO_*7uBBK;8
z6%A04gj@=sZYN16N~p$N2%KUe8YYaWqAA5vQerO@AatLJZi1evNGf$l$<Xvld8Eiv
zoPfB4q$t3uKn-Q6j^An9(dNlbOq5lYXd<NFr4A);I^|ycqi;3S)uac%I^NID<@0J>
zyQ6CW9`@f4?_EW_KfAx@*TR&zL;J6$bp0$wD{L~F_top~dRJwOn8uah?@Mvw?|aC_
zG?k5=WL@4ztD-HD%GDs&Z1USJqFJApJm@fi0RkEVK+z2*Bro0oU%)CpDjPq^{fu9y
zd_MkF{QUjzpTG0DnYo|#zb@|Xs;eke%*15KnaIh=hlbe<(gf0J3-BcG>;E<S`?>oL
z(ArmBs?)Xep>(5W+tD~xyDLu{$%^Mxt9xhe@FN|9>{`lghTeNf$#-yI5F4H9^@8>g
zV>jHmjhpNc>=43B{4V?y_!7n4>)*FR&%RiCRAdXNT!+p_Ep=_ck~!J_72W{APlNaF
z`WeK0m@&pnme!632&VAx^D8q9v&=7#<G_rA$`@NHQAzqCAnZFSc!YzQ4>f=gV<Lr*
zF9dwglaF(L6_xDc60-9d*{$xY8*@LVG(GxP*W+9#HJr{Oo$uejD|=hwGv_FoRDmpW
z5#YJ;zeE{9JNXN|;KmNP(3gt{uE}+>eDcb>sp~*=E|#tDJK{7LBci7k5p?KgE-iJO
z+VJQOgFSi8X;hd(6>d+A2S)^gB6?L9w{^b+PXr|A8)$@PL=ZC(l1U*Cf{dZBq<eYR
zP+ddq{b47d1f#CQ(!`5M=YI9hwgw41l_$iAOj>EP7eY7`aKt3uTJt$Xg2|Xl?fJ~2
z#Bu@>QH!q)i)$zkJmyM4<1mm1L+=|K$+UsY?>5kTJ@waF;G<!>XgbK7O?i01Tnsx}
zG3t6Vwd(i675tSdXL<M!1%3J}?N@)Cj?cH>zp3+IyZldm`F@cNueN0SqV-BOT}Y^>
z>UW0Qn4+4rt57HkKnLi30kC060p9_<3qL&#{(p?kF7E&D`tMB1Rs45zivNB91D=8C
z2q9ilBq^@glcjWD;4ejyA2a>_X3%kk+n|)Ggb;{Lj_9omO8~Cd>GqH^x1tu>GzeVb
z9Ub@K9DPTR%<}Vy?z3(u6rJYfA-Z8;%aPv1LNNqh8NziG2S8dH0YWWn{W<6e^w1&8
z68nfjlXn!TM@!khyY?%wcD88r*K?DYWpfs&<w~5rRWC%h(2kLxQsEgr&Hw|w1ReM~
z-e<e6MMN($?a#{y{*9X)0?wdnADsNF$KLp=vr&9r=$KXvDe|6(5=Oi}2ZAXX@=5dI
zUU^>d-VVHk6stZ;2`hS`b{&{s4jaHoRs#e<7&1PxL4%T(rm4qvy*ML?);;-}^3uSN
zqab2<61FdgN31URz0f=d3HJ8R<)kNK&q5G5!8&n?inz9LvJimIcf%eZEx$m}d*Slq
z-6*xbb!Fdis##WiB<wpVwmKGPC$B-cyevjy2!+#27FmBaOW|TWJB+@*Yh4C0kOk(%
zLOs{dp3lg4T8=!`@RJ4z-YO$dm+<Kb!+UH7Km#i1-**k&y#Bt$BdT9O8~}$v1OjLc
zY7egI{>S=nPEvn{!b|RF%zIu}S)0zY6S`>h{flp^V{1oDD(xCm`W;MAV)iCDIXe^E
z%t=#y<|Os-?r@QoF6Io_MFIpggQAH(0{Si(rrHnR^{f4Fy#BZQ{r{i7y8gR6?^823
zR4VLU-R0fTs;ZfpoT<v0UW|X{zcqd9-yKuJ#LK_Y^EYH~D5^6QS!lX?QmS80MLQPN
zOF6ONoxCJzwhUx2P|++KWN)dxeTv6Hq9^oa?>=)kh<8}Fc6l?8+{s;Z=a6Tr!F@}>
z^`40?Cc43cgaC)=e#6qYkAnyq$jE#TeeVU~WOMA-LD9OPgCXrwb<dOWg}XBqG<*&L
zz|LDeJ`<N|32!2W;Dm$<TQ%M!J-87h)zuRUuI{D_BqXRzf(3S(w<wx-Q$bM(8%3{s
zdkG(VrPl%59n19^*!bt?x&U=IAwb)0)T^SCZk$vo2NhFoT30t#RY_?(i;~)q8<?gN
z(@C-ZkkSlU1qtGDG=|fen3VvWN^wjm37OjC7z(a7@SVM%dGB`?3vr&Y4p}I8Ni>vA
z-6DWuc!Wb}WXvf;3aF^LNLJYC-H;Te$#kX6jue9{x=%aJcvmGaOR9WrnzyemG(#^F
z6+tOt>DdgmU^c`JIGU=KpxE|@Yh!$E@13`|2i^;;9f#B4no5#va#NB<3`nRdLJ&+%
zlPZ8QPuH$4J$SLUU$MH}dUm%L-nyFxrr?zB+o>o_lHn2!0zf>Bgz<D?^ALL&{M_!f
z#87}qdM?0Y1sEKX34##BGw<(S{{PS4^Vg2?`@hKV{(Je3tX|=f*zxWNaq%|2+QV~~
zl|3G1Uf-W(9I?K!WDRQRRF!`I$Cs9*t>xERl(zHpuU*}ArPH*H%c4t@CEZT$kvpby
zT|18D*LH|HF6)uQc4^G%*LFFprd@G4#sL7YKv2I#><1y70HUfR#xip{cR81I+}S#A
z<;HhW3!UB0&h6SY*KoMI`?vPWDivrJh#vQ#d|3T_{ZRY=KQ;OM&1$A$nVD5?2YdSF
zfwT>wv<-v%nMzs)Oe}r4)t&hEn)?-ZS3>YwKuXPZmGA9dUvE02dwW&qo5Oe>JSyty
zKEc_SqI130<Ea#^<-%q44c!&$omoQ-Q1Hm+ZgFn!jn|;;UObKOO_ab?)U3RR1w6NX
zL5w;ts+jP2dT!p}dqq&n3b%9(df1iM+yu&L19yAIs_0#8m5H^p9qV~7B@E56o2X_y
zSBZcV%>bh@cv~p<RVFJbX}p<-a`?wuJJq`0JoCJl8n%;VZA))q<unZmi6#kvDsOeY
zV4Y~iR3>kFCN%XGwjC|kn;o9NW-JR`Oj`Q98wWR?rUqj(RL-V-Yl=5Ct$DlJ9q33|
zmWrY#!h)Kgs@PXu#GduF+6>#Q!F{>eypimJ`K#v%zFc9hLc~+mch?o7&7r2RvSH%9
z1`m7B7GS(kV{!uS0=Ko<el$2UQ$ihb+XlS)I_$>a?Cd8p_XTLoV|&zUiPkrqCsKuk
zkij%0#F&u4U?zkPagW7h)E7`k>N$%l?r3o>!5C$`dGp@zj|pJOg_5QG(Fr8d5(F*-
zTGh*L1XSwo<%Gq_5d(Dyl}I{(5Y&|jj8!s2r2%4<dCESC`Ih`6uSzL7NvcG_Mpu<o
zao3Rwkgp0VH0UZRKvWe-sp1f-0Hf-SD8Q#uD5+IddIG%alB69_l!Bm?Ou}lEf&xk~
zG-|xla;U`3PoJK;O4R(NM?wK+!gue8G<}Blqa0m}+pe-YtMcFC@0;qXp{P;dKy1hN
z`ajo?&&T}ZN)cvpHvc}2|GV!_es%v(O;;6>cQ%#JC$8eUT--Vv9@Be?lH|$eFRwW`
z?Gbh2rF?~sPJ3m3vBcOTQLcbs5AX~KMcqH*^}8we_x=3;j{m5Nnf}#O$j5hl#k*xy
zQFnJO**(J+*d7)CHKQ9JXY=U!9yCqs{2#NXHa_|1H_euk1d>?Ms4kKOl2K{`3a-1|
z`|{^%3a(B+k6wLxx}uTmMI)}9ijmj7a#W7{v)=Ze%oo-J#ocoXUv~S!itzKUw00s<
zcnWzpxrms*;^OWkkjHgz9bfYjK=MZFRYSa9GJ3uq0!!zjO8uXHR+P~_nE8Vce6J=f
z8JtB?&>aRf@68!C4BHXSJYdAuFjRMhN6cBKQ<&Ln*bl%^6czedy4N+r;mQDlFPLJO
zcbQa#UJ8U5p9puHW>mySCY}onYb<sb7{_bVusaTv5gq$QRss6Gvf{IV#UgNGrb*^;
zl@Q)g#U0$*GAyalB*v7J?Ox*{k{DOdEGb}2MYVrA)>6b_Mqn*!U<kS+0qH%6XK1j*
zjkdkYg*)VthzVr5&}iv(pJpGG5*)8?an^E8V!mQ(j+$z>y{gL7)m2qR$+u=7M)%-+
zE{|{n^cts4YG5blt7QRrkDfX8;IPXSvNsUX@~RPZ1hTG?*mhkth=d({%F@LwUw!2o
z!Kec2YdVzkGd3;(z?;T()o3}xzH|)ub6D@nVh`B|?LUBS(=-tA_oiM?(mNh%yy!LZ
zZ+jkL&UdT5?<9#;FHIlw`S#ffd5Wn~_WAR~+rN3hpTR4}-N%cyEWPVH(XCcu`qsFL
z@vKn*YxFhy8T5WFgRh@g|35y}e^dTDyZy$8<o;L8w`Ela`~8Ob&QNpoHiHAUfxG)P
zkJg<yA=8Rl{s8_1GQ#$-ql+e3@Klo(QM~@Nj3DK_@ynYkY159Z=)(Z$3@6IQa%9Sv
zliCz4Y(d}gop}uRy;$VNn|^Ow%hqpO)w{gz)!65Ac63f_dI<4;%z@x<=RJKikDX$8
zv5Iif1gi|%60Bf#R(EH}oSGnu)}pIeE1>ABc)+Jau5x+Aj1!kNTJrF(p&cVVZ<)>D
zIsCwm1b6!Q{@3HRD&vK%VB@Ceft8~bWa3<FhiE<!3$brTU(AGiUi|rhk~KE5KHaX4
zvB#yH6TSHu&JaY~a;W7>JUS9ONXlCBiku@NfwOs)cm{XnN5XNRn38dVJcHTHVywd=
zo@+A_Ldl6|RnfYyMY{vA)V%t&&qJ4(2=<bVTVpDf6X;3MbWx{`Z`~xP8%fGn5VIE&
zFAf6WxttmE%PQI+-T+72{IBNC3_6To$bXo>oS<*D_YQdq-DTv?)LJKRQ%#dD^Dbux
ztNi}wKJs^u@BHdxx()dn0{?1mBNbO;vvKtvowBWY4;s7H?qp4sdENaHlp~!WNL%U5
z_h7v@>^^!)eV2#FXl?l6`NoRL29~g?9LtG!0RYwkV_N-dUSja@*S00Q(O-k_^Y8QS
zqBJ5db^DPcLS`;zA~JHSvZ|{ts;V`TIy&FUF(84_dVB{x-qN5SYCWlgO`p3L@E^h7
zHv@bzs=cV0tX$k&;|mwbU(j$41_U8`d7SF`*%<4BXQxUd^}Q~+?kxSaTeH%}lK!bO
z?al73>16G(gC_-G;Z#B!Z$6!fJ3*}GAFrN=z`nezw6TWYdC|k-pS7)cT0n$h<=f{s
zY#~-uH?_o+Jq`eTW_1aM%rIEh>O%>~P$X3AAO;W$`D60z@>=(K@wSd{TUVV@&uxD{
zUD#d?*$LL2$KNmB*!cI4ZN9H5dv3F{*v#u}eeuJt!R=ie?|a9ysqe1Hr+f8zy;>Kx
zy3(5~dDmubsGBFgyFFg+-cngRtG0JgO1Ew#AaQjnl4V%o5`r6r05f*S20Z<Dxa%Kn
z>zkd&yrvGj4}Gzn3Rhc(`u86Bz8|r($Gi_%0bD>d$3zH)RIcLEw8*s;P=+y_4ijW?
z#k@M~8ws|1iPkNE9IAyNF(Rts%ZFgl!b^loY#lbH?&j1Y9Mn+NU6hJLZ99u<Qn6JG
zsvE17C~Rsf?v;Zr%tV7p0tbV+MAZ$;-lpR9LJ%WoqXCRSF^fb9XbmM^{}J8S;gi4f
z`2T-Nd;D&rTV1@lL7#mS7mwZcGTR-KzV2tMcIz3<Y+%s9LqmYUizTnM*HtB|{oBRz
z(=)EM(B#0m?1C70af~kPWX~>DSByBy8N%fZ4ijUZ&NIo4lPiHTCmA_Ifd#<3Ie7sx
zn;QwTioEBJOq^#q-HUM>x^>q}qDzwP*MB$lXxIWEGzf-=H<SAMoc#Rz`~Qnf&G@UC
znK=;=nN>%hMJxu>%mED#*b=W851)NLClzO}A2X`AYx@OPEt$(rHdhTjEl^mrW$|}P
zm|2iKpoLSwLz=dsDZ|B4dDk><ic71EkF|JTNC&exlh>Qjv$cc)<5qp+%P>Qp^4BW_
z@aeSrvdGFOfs2NMGlLzvuq}XyY>eBI{acPC75fuWUFGVu;Js1PS6q6Gp-wvRt`ZHd
zz!H~)uJtRgJ{>%GOuCD;R)(uZX^`|STJ}+zxIqRR>d?<(?#dI18I~If)~p#ukF9kr
z+u>8MJm~G_)2iwToXGm~XtM9v>g2G7*CCbVyS9W=yr8<ip|}>Ii0>ZoxQY`Gc8XbE
z*c%nV^tB~YiW;oAv`U`$gz%LTQ(j!<n6Em{iV0SGJxpdy%?%i~E$e!)*cfK9c+swU
zjYhYJW+GyuaaVfPQ5GpeO(qF6fusx*NeoXD`9n81|39r}jK()5R6EXZIMhL>T6?)F
zgeVX+gv1RAGynh`A}DfCCk<P&$8y-+rd7cXinzE{FdbKnXU?Kwi7I$iM34%gsYtje
ziYOno@1Wb!57qUbeYf8nUEXhwi+E$3y8`Kr6E{~>HZoMfY_c1oB@jgMCYQbG0uc!5
z!BtYBLW*(&JxNHt6Jmj<=4rQ8R8xvZYthqG3wia`SgJCjpzFp7bxe6jRPw(K{An<A
z*=OGJoW^&J>mSbJ6Bu~BGYz&e5p(+w?PukC;!j=Q@O}M9Ls_gx#rMipk3o9oF201t
zZJE7oc&*lC9g{>tyro;XoX=2&cz*hu#go^LSmT~wZZUlumJvpQ1*XK}`FMML0~<8V
zgaK%PkYH$jv;-h8*x2b8K6YST>-_uwL%yBe<K#!&eSwuTGa~>MRhLvKW!=?Qs;aX6
zO?v#X_pgI~q7Z?M`!)N*tQQv!FtVo=U#`Da6n_Vu9X8gxGPBEFkoh)h>#pvxjKuE6
z*e=DLcJ&j1OtFrF&|-d1N~8%87)p{E(|DpkYRsy{pvP`>kx*xfb8EVA-fzb+g`U};
z&riYc&o8-lp2!q>?_POBtSnQ<mC(9av%Giak$u9-N}=5jg>P(X01yKQ1=e06^n{Xy
zp&nhtbL{=OQ|1k<{bNlkeRZU{j{&A`@1Q#7RNtM8wcm(%c6h1C+on=rRT<r@tH&F4
z!?LHXgP%_Gf4jcgIUR+cneN#_#R2qqbcrN+bXE=Qy>)Tll9L=ncbBbCj}BjW*0|<I
z_;Aknt1LNMd$LwB;ou$ze4x*MH(qZFZN@8_nm8^laNk_-ei7G3&lYk}R>`966Acv+
ziLSwRDaMDa<xMA|;ul>)Gim*wprhe&PdYdIc4&!1?M@D|I_U!JSA8YtyZ#3q-jQc~
zPMNLuiTwY6p22?nJp5+y6tYvv6J2)Z2@dZ4H2@9h#=m;!?_+%*Js&T%_xCC1_viD_
zkcf@>`9t}yeMX#pk&b{mdXqZ$M*J{-fEXIq_Zt^7W-mI%VRQBSvT>ZrOMq}MtFu3>
ziz^vAe0_SWtCiaKyyJ1RQ;XIq=QtkHP-!CERxRI)usaU8*5j-W7PwGg@4VpXGn|?p
zAdu(|gL%&3U{jI8WO79(P@`f?X)F_$Zo<yHpzao=?{NC>UA)Cjk}1++SOBE^6|}2V
z+EW#hfaEFL+`4tAAL8r|!UB6(%}nQZTD=B{&bq;!knA2MDI#EzXcmQCJI-9}$g;PL
zMtU{W?lVbexvrsaSc<&WMVojionrS>oyHEsut#D!DQ`W=)SGgz-mkv!20IbjG3Gj1
z;9SZ)dMwq_C<zMQ<E`x)0*rHF+Vi8HDUA0j75Vvz{MA4U2vkpR&V(X7Vy)lr0_Qkp
z<BF|+TI6P`v5e9N@y>b}{qrBc@Aj%c2>Xm@nU5}e4~;v89aNS%e}Y#Q7{3L+K(V#*
zCzW%Evb(c1>aAk&w)rq{qqjV(%Jdc*<CiEv*w)5}>q9?&?z8Gf`SSk2`}_M<Ri>}U
zccD@KNRc|3y7SKu-@gv|lR3;|_8+zS`_8{sTr{Rp_}B0+($1bOEc0K*A>;VhSi&l<
zsIG)`j<{Oxd0lnaybc{}xYIY$T~OuTDtS{E*0f^^6pdzoEOl>qD;Dn<CUt<*oomI|
z9ftbGFsrk^MK40<J>6>CDMc=Y(#7^WQ@r`h6V5qVSKAo+1EB7(YdA69lNfZ<8yip0
z2&YXpsWlw8DN9UjyLCi5V``#VBBu>gS56hoTU6nqTr`V>Lu_dfI2c^2vX!;l==<JW
zi1FVt>l+3!-2L^RbGubYNEIZ_)RHC&$3;O%RZT)uG~kg`HV~Z*fKz0W7VL0LHm2s?
z3a+lzt06$xFi~+0vS5`|QZAv%3B!$Tk8i&7?#OoEA8)<Z!q+{UhVcnp+bAhF3gU}`
z#*|!=G=gAcTPLs><J-?$vGn%02iWl)@Vn<*v18bb1@Ez)?{k>=`yJck*>DEkPU;mU
z1UCt^3>sACuFz1NNbXfAf)ltHK?50ZK*Z4Q+}%Jh5G)ep$Ls9Tcs-w!d&Hy(0VhHd
z{r|@Qy!rai&p*liPgC#ki{B%%b(8EJ2WZ~t?<;(albl+PWhglFzn>07*TE!@Y#U!&
zZU}+H2yp^%;w-xDT~0~IIL_{KrQ5j|88~(vD7+|+Gs*+A*$05#b8@<CE~hxm-Ojq{
za=G2yoRaC+CD|q2rgCy!-Pznix{?c<4(-#sV{^IP*HlaiyOR&*v8{Re`T6{Qzr*`~
zhxh(WN9uo7cR!4)rBu7SodL)(parGoh@h(dz1z%<r+57SKk$2BH)!yJ6NOG0y4a($
zBv*vZS6By@VQJ5lN~X+oA6Cj*3d*A=RH$;ZqnF3mjZE6pSA&mIL>NL>xq(sFrtF2b
z3=o=BhUZd*ZVs#AL&Gw~gI6yY#V}?{T~BV#q1={V9<8ckp82AUyfVR)30QXeiR#zy
zHkIP3q(JO=5zg~<vDaMzNNOMqpfn(Qwq=c^T+JJ~HM`tm)ovC?YdOSFiDOBFX<z}?
z<!;W+xwkb@u)?t=M%Jh(qSO_QQkxpm*(G^O@U&RdST#&l+J)bx8{a<MxqB}#vt>=r
ztI-?LqXNcg`UMXiHgF}^H*or?-b#I9oimecPaE;9a_4T}Pg}oDb<s}g4dmSDbB?XR
z#n~@=(sGzqM{<FwwVrijI#b2i>E&UJZI^XAq_esxnwe2~M&!~Bq>;9k%u!_pZU#B5
zrz;O^!y)WxQ#AJw+Az$qw$N#+WHnlZDr;;|&9GL)X{EMeAT5Z7uU9q?69~>GO$}+o
zKt00oBi=-CFlJn#k#d0YtX><jk7*cu!FyubwqD%tbaPSL$8Q~$#nE8W7@J5MOh{>n
z7;F2P{(rlDapxSz`8m{U?}t8%_V><xvUAXUb>tJT*vO@~eVIx}Vl$ma`1*2Yj&w(c
zH_G^gI)0>1GiOkEfsqjxz)U_yC#>2}){kpD1VwzC1c&1GY^L5)N#&MJ@xA1rPF?tn
zL{i0^^!)PSra!{p$;#m#d`0OHE{N`2@@dC^W{m5~uYT#xM(mI>G=SL9JXNYPWLa9K
za^&MxX{#+-T(nyG@6FD6yVr4R9a>Vu44%l?9t^>gJR39g!k4=WE}T^mOTfu*XHE@2
zW7+l`eVZQp-*z$f_~i@luY1|g90A`t4?g?t2i`6yuL=-212U<Gn)M2R#1vtu1YuJs
zs;1K(sR0ed)Nvs}x=^^}q=0g%Qb922LeOrIRZY-UDG*vJswD}IAn8~1|35_J6*|sd
zqhJ#<+xDke9W=+hX|Y|ixLqwJu})kt`_!^k;C4R!`SbMos`^~?6LL2z5fEg^uWT+`
z<nhvv0hzjUrNg(r=WW^~`1#XDi3P&m9vSvto5pS3G=kv~uK5OKTadJKyIyqVSo)|)
zcE`Ci+F7p+DK?(!Cj7v?iG6J&aac2E<#F~&W4i*wO%dtbBoGZDI1AIb&KOr~UQU?w
z2bXR~s%=L69bNI~P@GV2M{8>^6K6PvP%GP^+pOTCp||P9>y=K#`AqEZ5)-RM<BB^z
zAzou!D?7qpE%OqSx4KBg+EVp=YvWk9+N>(Dr<SV3_1m*cM6DY8jLpWjY<LjvtLjC;
z7^aCn!Q&g=PdnFKpxKV=1wLUM>})F*>z>>{!;6Yq_*3(cuI{VZPQE%?ca7gBUv2Mf
zoR+k&jlD;=o7f7>yzh6`-VA$%w{5dz@5bI$yUsZs(3(?OWaPLsP^!KJq4%{;tJA-f
zxNx-f$vj8Fkaiq9_lH=l`*cV77|f4V?m_lDRbM^br+rEALc@5zCKMNF>9TT;myej_
z)?2R=6uG8kGPN=&^1*r*-f`5SYDyuTb2*N?hg9RFc1%kIVQG*{mn(Z^?t5mN^Ld+z
zp0$!U>Ep3B``wt!XWZQfxqeq^b2%HoQG0Ei$qdJgaEUd)1&>EV%};u=M*YbiuP%1G
zkgaN?-8Nj`#`2%9YrXC-oEvKvW2`#4K(+{ZMpL`jf+J7IB;vPtv3xGX$mh4^>7o4Z
zkQ3peo!$~tXLE7XEsmX--us)GZZ|FIJI)@s-J9pV&tF%3INo(QS?tvJkG`p=sX4|A
z+v8X|uV-m0t&iD0fx>A%>`@lU_bO-9qw(*ZZr1(e;`<wx@R!e2+MKhF_VCJH1}ZHk
zd(!7E%BYNu?u*44<(>@hp1f4<#++ozk6&wka+i+oD6?>e@~62@$b8#I{oix5R^*qt
zJ;Fgo*d{--DV|(d@3SpAZhW4kQuT)Bi?;W0SH63-l6Ygj@gq}br!UA?bME&iXEAb+
zeB;h@iQu>EtC&rTcA96LH{(Jq9F`!pm+2()jfq~O;`uF6UtzYk&0Fry)#|y{-3eqg
ztV4ucD7)IcDxV9L-b)d}Wbiz8Z#I?g4^N}B#bZ7?ye~J-WI~<0a#g(Mkfm~`N>%Ss
zo^Os{Efbj5IldnX2&S9XPv3*&{Pa`e&60TcvoX$Z##L#{soRR*Mc0QW*r7M@{p=hg
zbd9ECbGG}wgxYe)m3_(dUHbU<&LhJwM)uRb(RIiIe%$Q#$JLDP`)fYFio;^2>mGNk
z>$ep(d&_<pzk7uYnc#dM8)4gRd(Z{5_dh;-+&xng`|?9ERZz&e<eP7M<_)*mWS*Ha
zEE=)g4GK;%;<|1a0;6Wnm>m!?6flTxnDLT~xQ7!2gp$YEB$ZPmnIwLii6SH{;ptBU
zh3L!!4i68d{BO|r)m!U#i&)nGPK@?%=K1Fj`o~1Rc%-RYzKy-2%jCju3GprHUdgLt
zEGv%eikLeC?8|Catu67@l6Kf;_1rEd_c^~eb2@w2x+~`|ILH`qAkfhL=x7il=kTT%
z>96B|zn^37Vj?agBH}MoGdERLUzeGgRaG-GAqS&ma7JeQZ@Kqf`5zDLIf0J>B8C2P
zs0lAs`Z*uIwK~&3@3%nbbiC3E8Wo`%Q6=H7BJ1@P`~BEb0m*+JKxn_$@!xolo%8kT
zyu3dkQg@4lk;;kwIm@S@WDL*4#GM`YM(3NJKRxbQOqsVDp|RqkA|iy&Q;UWQp;I$5
z1VG8Us=K?psmYjkcE`xnWXQ_PyBBv;Gcz+Yl~ZDcOw4K`A|fHB-QDgT>{u67LaM5&
zrXnI8++fU%nVFoKoT{padv|<ybjZ1$%*@5cYG!6qW^^!CUvBQ~P^pnKw|94`cY4l4
zYc2208$qtcyS>}JxNywPRS~G7n7NTNGcy{IH8)v*sE2Ul<U~Kg^XJO1msVGIe=_e^
zcQZ3F88b6DGVZlmU|h`1jR~BXh|H;xGSih=+sKHHvaVnmk|Vi*Ge=$B+*J<D%Z@d(
zGc!xO#6)fHBPMc%0ODsZ@MdOZ-P~Oi#70BA<O0ZtxQmf9b6OQub}s&AUESS_`I%y8
z<yBQsjXpY}Qi59e?{RlxsxpqMs;a9l?=v$nW@csG+e92hK14W7%&G3CUG6&(5pyY*
zQ#_fOnVGzym${h}5fM$5RfCszl|m9C96RPjV40bcnTna0eFl4oxQL6)s;Qa4Dk1V8
zAUoy=$c&7FjBIyiK&vwD?~!#AGcz-RnVr}rW!`FXsy7*u?*4I({C1&EIjy!~mFR<2
zXD4gUvVhzvXx7gV%ZI`uW6gH^#RSFR)sNs`i(S2MG8ATS;Zp}skJyakTB#>S0x}a9
z31YTRNXfN`)-!@58{VJ%9Zi2B{GNjJUEPbkEVFLfu-w93vnAJ?u)5qzCpRb~NCE<F
zsNgoI>4uw96hZo$r15-7d`^Th%v!^gac$k>y~MhDs{HIl>bwT^Y`Pu$U4raPY;0_M
z-!+p4GXycj5XY@|)=`5De(dtpSgmz6)+$Nsg_mN!1m^lmmJSPwOq6QHYdXfa-T5a~
z%|v%|yuphsCbth4Th<<{cP`$c?+!PB#=BjKc9)fVeq{2ix=S3xnVFsk3-eJIhWeQ4
z(PSHxYz>8%AoTS5H1E^)mwZ^T3%sX4a9`@xCR@E|g3<42zEds`JO^6*=GXoEPmn6-
z^WEz)CP&AV{E&>bT#}et4NF*vi(AB;lENSc0k6=}>-e*}U#m~|{aR*d{6tUl(=+!@
zKQAzfzk@-@g%>{e&1=P;VEqg9s4rKMO6JeZ*(|wEjH*V&Z5Ovk>dV&OJL`Nq#xQ=Q
zuNIk5%ek%Q&DJM4tT((Ci^d#FjO#uD*t=6$v0(kXf^>HU_lYNh;;=^x8x7%3UY<LQ
z&MidjTV7vT!~3CV+P|NEGdM9H)XhKHXl7sG_tn&<*_hPUt|oD2ZtS9#vEN{J9mu;5
zW<ai#tD!PmAXyBPrfT-l-*9ba`lZ1fMhGGb=X=OWkTMzA8|m|vJ<juJ6qRui-Yo(R
zELLoD*>#O?F_SvY>MIkD*I>IAP2$3K;XQ6-j^s9PCOfq`4DNdG0@Y3;lctO?CGZXe
zfj2^>K0H4dEoZMDCM&!~dtaneoN{Azqi=Q#-G|0tzICTrQ`-PRnSJCw_nhv>mWIFM
z-+TV;-M;&Ly*u#Nyngj-@>#j|Jy)||%jy+)x*WPxx9%gKRQ8XR=<W|rA0m}lw~w8U
z?&+%fzU9Qx;*h*S8zVBXLt3Ch2ETgWI1cN7BhmT!`S<rTF%eUhRrys_l~q(IPE5?m
z%Brf$%Ma5rsw&|AXt-PF27?)a%Dta~;db`-3nogF;1<LJsoX7ru&w4lZw+hr7uPR=
z!>ZNyI+^_EJj<fzYPU|D%|=Ts-Lk8l>NYsm9@V6u!T3BsJU=@=Zc4AWN0T|lnT*M^
zY<JZP5xvZUD1%2v9IXh_F1cjceszmd)UskFrrRcTO)!l?AcO-%J84u^OvMV^G>f8(
zy8_y)a+0GZ2te_YKq2v@oDz6@kA;XpRv43FCLy#Y(57HO=NNNkU9k!r5$l|683=b|
zCw7H*cl*7af3e>khGrou%tWFRh6G6Ixd<3m903<3o#|h#V~yj!O2?lcdzv$N?svef
zO^vvcil$iHLIJCok|L}{1hqyxs*{6*2iw)yJ6quSqr7(SvY73C?f2dG!H*2P?OHw@
z02`S0`|rE6Xu0fl>%)&;t=jjQ#J$?oploiK5X-XSsRb*a%eiP{Ez2dQ)sYyuM6z5r
zS7lJZw*vxVozV>|B$S-PZUmHCcMgKfn=a8O>FD<toBW?g>-NnrQTmyRn23jFtcbXa
zcXt@>?^O8_5fPf3nTULccNY-vPW2G)@W>I6`8(Mc1{fH0+~e<-cQ}{4(a*O>-~diH
zaaYfu%*=mZukZZm<fWtwpSLJEpTvJ3yu-NTk9LWD-Cuimmx(@kzV(jxU5QH@7r+$^
zNhUBz{6&<aJ0!UQL_#i7>y+mP9OPpzoGB^I+~hmEA(h<YoGRzI$UKfk5ZK1Z>DObs
zJEV%ct|xTrP0V%?*#|BRWn7qc##CJ6VO*Svo>#U}3<oQRDTfNfP(axOaF65=F@G#6
z8uwoQkAI)}&+o3f``3)$$9HD8x{u>Siq?Qq*0cc@iC<PD4t^sU=}O<^Ni<?c2!;)b
zLQBT-zygEHkGgVq&@-}CH`4T6b~RO+op7Fxu;)cDH+42peK*S=72M#oMRb#kN!I7Q
z2UR5PfRHnqIx*(Nsp}g@E|Q8rV2hArCuXN(Gi58|!&WFV4H+qf85M9#<5(WLeVJK#
zo7VmQm3`b5j1bR!g62p%o5r<T;>ml9jm{*vd2uTV27xglp)>$Tf$$zfce1Y-z8sZP
z7Ud4SjFC#Ii&Q3tGM03EQnl|&G3L2w$GtO?>Q~hlXy|7?$}YAC)msS%uA@Xz?&;nw
zQV*<~Lu9TMh&1l)db}&572Ka`D<)4tXH()da>%`dzz8RSZZPK7=8Pf<tVAfco4hk_
zu4ZjA-&aQT+psKmWKmltmcEog+xJd$z1qlUDIWm`i2xQfG?2g;A%MUJf$p<^qZwpE
z{{PHt8+nHnc*U8+Yc;)Z7|dk|Bojym34#WI5uD-(Y^>aqGOlS=6*pGg(|{@@IE@Gk
z^c2XRg-8`d6bOo;MI<Q)PzIC$FyKz35R&|<(l8LJqmOv<{azPi+~e&})#I4k-XEdg
zX0n%w_uKA|Na(&Fl>1A)KYM%{sY<CNh(MZX7x|MtKNK`gzssc<!M!Rz9e9y6R){Bo
ztaGyarMW7|snLJs;rU9>JdX3T_ARA9gUGhtZ^94Q{Q8XDvdzL`M_*??^{L0EyGztL
zvBKs>Zmb<X`H$$vB(Eo~T)cSBaChX%+26e0^*kE^i~)>DV8(3VgntM}&-MR-fruL$
zes>?6`;Ya1f4}vAz4!k-{_EvcRaDH*PE}P^R$blQ*t)5h?3*n8jPGpdcT$NeWAqy`
zPH*xwsY3hqf@->+lC`kjcSl0$V)qI^Z=CCgTmymLuMaYBmqzJjokUhmw-x=;c<)*j
zup<q_vVM3^!QekU13dM}jh9exgK~Wev*p>hgn=P^2@ME)L=b?11g%Py)pa$&aZczs
zS$*;5HxE<X_1u5>ef@Xy;SHX(Uoa1k<?VLmysF$oG!fgfjK2fGJPczC65ueUR#a%B
zDYWigLNo;lv|tt_M$6v!ciCE=bVvd~daB=oAWpbD`YeO{=0302jn#fJrd89`j@E~y
zkV>C=1<<?Jix#JY<sI1D0&u#EF7G{O2S-`yh|g1;mZgNsfa44jKm!c{pt>7vvn(<P
zY$^E2(zT$`p7v<wT<@pmW!?~pwQDB+nL!Um!ENN;JDY`d3ktZb|DVfgsZ{*_Dt*`F
z`+L0lJ)lmIolqm2F)0lF;RX-3jjL4xYO<Q%;IhxW3N$D6pvU-kx4)_RU!Raa2j;&W
zv%SpEdO(>`2mIEQ0pboox2qf0iDYztlidBtQbvWT9DarBuqu#2_x0EAwlYW4kZ91t
zSq&k+uKE(Ll43WE;ZSta$g;1zsC>xI=Z|-Isw2X5v`E}ybVS82;nK_2qFi2Uu<Tu}
z9zPm8MgkU7p$$Xm-K~|pnI;;B)68K=y4QsU!q&zMu302*2GllhL1fTdP8eMgNTx$P
zrCSo(QD_?qO)OXz8P9jtU3u1eCj4EnzTFkP`lnNZ4&g%uYw@guzdr!=eh(0)n*p?A
zuE8B?1`G{~5HN--Jfv(}R+cw#vn_O1MU{gl8*j|yptcm&MU~-M?-Y6EzTC7yMprLX
zUa@kXwQyD;)OWH?XB)v&h?h5U6|V+o!@yn(AXhitbG^*738214utpv=-INrb7-E$4
zE|r*cJ>nz=QydaRw>?y&d|h3v@H4_-#{4_z+8hOsGsCOrUi|y@q`qSkuP&K`@pg1R
zp*U^kY@91srtQVGmy)U(RZt+P*Wmv%?0?AqcuVu2pFA1QS)Xz9^4{&T-1kB5lzFh4
ze1}&{)g4FRd1}Zd*@%x%Nl=?{lKFk2!e-=q?z7v+Zc8vhLNWS8hsPm^G4q}0`~JUw
z+UGg@4&tIC@&Jf|6*ATM?)ecBnUz@im4D3+fN$qs#f1U#3`jPI`;+t^O0$GOLuRx(
z$W?+H<YSLG3RpjG$%9zJB`Iso?6e&S=^5UFA~Bgaq*|7NUsEOYa5!Hx);gPf=jrtt
z!`^7PteI^Y)NZPBqZr>|U5mA#C7QJe!#gA)1+tmNh$hFO8bxIc6*!0l#+z&z-V}<N
zQW3^c5lXTt%D5kQnhXXDHCAtGf=4k9VTiU6J~Hfy2LzbgC&0fQ<9(y$J>#%rqRFdc
z&gvY7Gw(Ro_7AUP+<krQ2KbAxV=t^IVcuXh?|tvFgShKKZn4H+U7j=9?D+cI&(EjP
z^R;u1_syq}KJoWnFaz}*+L9%cB?F>@uHuGM92Eq%K{lP=+pXF4oNt5bI(&FvK|Z;(
z4b|MuvfbPkl7YyWB!ZcA?nO<_QAYTF<oiy$@0}cYdtlhXgN?p1=Q`baG?%({1>P=s
z93pYf?~=ZK^Y53AHH`LOjikf7_wUb(#6G?^M+dgZ&F26BJ-Yu{uk-o8uJPw_`G1lk
zd46&pH5cXMtot6*=B7OF8jow(67XP<b}$#M^IxfSS5vNT?&n*(Bf4s?b(6cg>gqQ;
zq>3^{8@F_vlI70L&C2eVUESJI)4Ep<E@<rCrNZjr3DwFvcPofG?seBow>j8l!!jZx
zBLrl6Ab$pc9^6X*KV$djMEd=GOMe~R>YLB+`c>aT@4uZ=NU!sVLy-$@>wd75*ue=*
zlt{>01SXhZ(XeR7NwG1BNg~4wNdYF3iG~bFX$ht^8VwneKtL?Y2qlsxKuZYBf+H~q
z$k8G!Aq52{00cnUB4{X0i%CTmlNqHNQVbZ=F-SoHqd<_wNl?I&Xk-FRX);DBEftKB
ztcFZz$rPB>Q4=x+V=*zKXp+=p1V)QvRDhV&C{$8NU~L(uNDPo-3X>F2OtT0hD2*i~
zVMA*GngrO)P#DD(D-eq?P?jJ}vW&|R8Z20fD6~-;F=!|>krj(9+Gx=k2qs0b5&*GE
zA%PncK$H|PW>_IJG*%6aOk#?LlNlI_mQ5_OicLisF_A2#Cd^=jwFVd^B^d}9(pV5g
zK@_$uFoOs*pr+de3Q!Rgu_PKOX=Vu$#A-}MB-%`yQe=#z8UPT)8%)^3M1X2aH3b?h
z%96=Rqb4@Sf{PJ~G;ByEDP~2nY(z$&q`+w;sFf`mF=8<hVj@yV$wN%hpo)nIjEQ8_
z&49>~U<9cEm<c4LXu(X{G-$xkP+~?>1rdPMQzS4A5(5Ypgn$DXK}8vjAqX-gv0{;w
zmIA?4Q3VE#rUt@FCdSy>BL<5kgj$NmqiYGUlv$KXjGDxSHfoB9*o~t`))OQcHb|2N
z2xcr4QDu}tqY@|*QjCg<G>k@RjEKn-8IUH0HqA&7hK!R&D9I_XWU>h@rnZKPhBXyw
z2_!%^(@nP12Gd*X^RwqXKDxV|P7TgYOSm1qV=scwO};2sJiETCtR#!Im$nOov?02l
zVSchX0v!Wr&Ai#%U50~Jl?_1&wg};VrM}Ti*b&#7^KA$?TJ_?h+_RX@iO#U*!E3lo
z9l4&nnWn13K*=|>rt;=PUTdz_;EmX!SdnQ=^^Rs+H(i&ruhcGjuQaTJ!xLw(xdqE0
zHsn59qTPT2P`X`lCKlE0dXYzvBEWr>I#|Fi_p4=*YlUiidlZ#*gM*wghNXD}Trq6p
z+g5N74*)1Y<IL7pw|(z;-*ecmhaq>Hxud+B!NTsjDXiV~2evY4uXVlSD{VTh-p#r@
zb}(fw8Zm7tmBa-)=$&A8Eoeh@SUt}1c4t*%l}^f6yM5QTYrDId-*zFQxfMrsL6v&K
zot0fXkgK^;#O~XHj5m8S>3WkZi&`_Uw^usq8qF&5()a^L$TXUkaNQ&}cJa-3oGZI}
zi}EzJa+!*g$=fS|9lW}4Pd1pXoX!@yosQQ=5iF;`UH7SWjAJafDbl_zx9n6^c9mCD
z;1CBuLA{Lf5>T6qyB;un3hC_SMfQrpNQ@&mTzcN+*kdNs8J(o0w&kE<GB!KcRQlEA
z*R;*IH0j%@Fy2K9Qg~iO$dEeMh$Tqyqib{8hI`$ZDuHx*8{%Ex1+>JoxtjHnz1>||
zRZ8AkxzHT4oO>K~-tIR@;p4l~bfs@eML$3<+^yP2cDO_|WkIio0A+*^hF0pUs&=Vc
z)7FL3QR7pSR$^xuL2L%Z*acNeDWNRXDQuAHNJ|d8aA?h~dF@Mhb2FV_$F0;-RUkK<
z?_>jsCFh~^gpRS<VbIz)C|#kL{fX|1M>t}^;-H;}7LQRr;*Yh}K@A?P%HGV)YX~TF
z3Ju!cnUriny|+DMuUHe-Ut@IKgD5S2va?KH)VlLMLh$)|g`Ff$&a9zeNO^$YgJNp8
z6V+qewCgM^wyuo}(YiNpNxl>>i42!{Z#`o=*c}GVrt3xMIODkZPPX+{?&c+?YwpJ{
zZ^YNCpPLS#so5RZX}b@B!0Tz|TS_V_g=OpV1}sLMY6V@H)a7w`$X3^FRN<Ejwr)M}
z#RJ%u#zBQ^VKrtthnrV#w{H71RtdWHmFI4TFWYT5e%W=q(Nwq(S<KNi81~}JfI|fd
zNWk9rq}Cf@_>0{faEi*h>e1PEJ0ZlnUtM6)vEK5!s`nyn=52%y@<z6f#t^=(mp7t#
z^mSIGs-z}i566^;cdd0>v?A^oR@3(N#fjHBS+lTdd(_OFFJ;ans^w@63f|1|rGRpU
z_TVnqxcd|rvQZV{axyGS2K<!C>OJW()k@C7?>3fVD|9}+O5TZGGsD0D5%;}dRo53u
zUXI|^ok(2MlI%p(d!|W2wqmh%oqE;S4Bjj8SJb#*5SHwn-42FeyYL$qmge7V)!nnM
zJZT)pk2M``FJEoEn1xjmL&syB2370IyxA;Qh6;J%1=q8$oHAFfM^(L6FTmx+RquFF
zeh_%hlh4Dz$dgGqBr&Gyf}uj3f=I(@kl1W6i)j>4ZMv-#vpCtoz1TrYg6CO$;@hn`
z-m$qD_lmXyJ_9KTL$(1qXEWTc>>57MHD_$_S&0f==@uLmRJWV&9cq^g9lhwZ_>SRm
zgnI;oIAX(W5Gy3Tz{3`r*VRte<Y`@Zh~u?b4$u!WRqJK7c8rHL@RiJHLR#L)wRLLY
za*fq+%)bu0u=AY`os7i}vwd531ElYH)$C&c%D{oEmv`0GNL@M$Rbp_A+zl|sI|^(U
z4UB@Bl43%-z_#fPB3SC)n?xlqH0cC(tQd4mRh444fX&BQwJcJs(T~`P9h+AUl~a5+
z^EuU-p-v^sthN&v<SA(7-i1-2*@ELY8%2wZthQIDN{ybOy_aHLp4P;8Hy<6&kkG0%
zc<kET%5<Tv5l}tPTBr#1EpD`LJAxA+;iD~grm1dnn!(HEt1|<6k3g_%0min{p~r7k
z?^vbfT`lWWXO_IIUcWG;6Sed;FjCva#Ek=E5HL>*9HnKTmZEOx2P$jJ+&$N<buH1}
z<zA;ls6#eSZa7ZCPMyx6O%UwyJnCwy#YT>*y`k9gaBa@Mox7I?3>E~IDcL-CrauEo
z3+;n<uXt8_bhOe<RWhr!VDBn{(yr31ZQcO2wKpoc=y|;2uTwr2EOuK7`1vs_cq`%D
z@cXwOt)j1~q8e=mb({kI(<TaO)b>>D42`7k(sdQS-?!{e?t8o9@wTTes%l)*9c-;2
zCsK7#N@1;Dy?yxn>py-z;|`%#bmN`1);lE|t;-LCxgMr0A1mtuVD;7bd3qt}OLds%
zTTgD7&_upAt5+MI3mY}S-E-nM7W%9N(YmU<y%)WmF*!u=)^}%Pd@%8<tYjw7uvQUj
zxL%>Gq}6s^b%}Qhxll3V$|tP~)xswBtFtuM5jQX`PbC4|GnB0s{i^Rs-2+L%4lBV|
z$DK&8du(qo-kG$87Rr<;T`0lo^J@2S;F9pjYVKs7w|%>dgT1Td`ms@@OebuSIP@w_
zd=GhR9b-Yfa#q??!~x`61m7yLig3%@S{{0y3*nR!jZk=-B{SDd0Y(u8TN+$`@s@-k
zv0;$b6F?hc%GJo{SjOH8o8N}(0B@OE@n#yFFLi7@1=+R&P5N@jyt{_c)mwF`Ou0uc
zl^tEMwZar`Wo1`;-c>V#9B>(Rn#D*8BNbk(m%Id3VSutJwYfp+W?c?rgx&DjA3>d%
zDy3kmjLJAX9ao64+gSAl;n%dhI^!(Opieel!b$7X=4#=rWNsD5VZvXvLVEkC41FS3
zCt7sfQ7|i<Hcr(L*JCqC-rsk3T3GU!Xjsk8e&u?Wv^Bu?c%00-wDzzhCq+hp-JRuK
z;<(2!usE)$v>$W8`yjC#tl`Ko4JA1lx5TuXPJ~oXT$QIIlfWBqFjy+q)2(T3^jJOb
zX>Q`_Hm@bjCpQtw(0$hTo}?zw*=r?j4DQI07rd`Dg)?N_%(1fEFsH#TejRWtUA_T(
z-hLwzo(Q<%k+bHK2o=;@RD!6S-uJwo@z=dA5ZeL3uW;RpPV<tf(vF!`YqG<z?*k7J
zN)bq2Z+k+z_q^MF;z=|rn{C*~2Ldm!3u~-!y4iibzU!KSh_kJ5mNNJqR~DoW+=IQT
zXzr2%qV3hptQVGn%*z|?6Q>j5<0qL3h2ynp<Qu~DO3Lf7b*BrG`I0P9)bke@{7|t)
z3z@NO1ZN2W4@Dco=8m8?vh!7MMJ;5DyC%MPH-m-&D-Mw{3rk+Xg0ADgX&SVbn<!qA
zmMXgz`LZt(+#T%KZa*IDM(KgHxn)T;2XWm4y|-jx?_ihUDErnUY>`w#wEbqyYGbyA
zWXIyr!7E_}R)FOQ88@`0)EKii-7+0=xrk{aoi5B;D<FJp0#-pofyG_Drw^-P%kLn^
zU^JF*39gJYmRZNtc->RQ?*ZT+g&13Vg6fVTPj3Uqxk+$FsiPd&IG(<TIpUeBvZh^T
zW@<}YBsW4((SZ{DL&Uc(lbzn|EcJMUcpZ~TY(yGNht)dmk#bVWj;|<pbo5j^b<`ar
z%?4jJ-g^?tqVDMJ@qP*NNL#_ZeWq^Qeyw%_qitkZH*7hrbgm-&F4I&C&KmO#Xt#2L
z8=y}uIqBX2Od(gO8HVF+0F{>Bm14YxswYgX!8_Al7QKA*zGC`=lC*VD?bxHdn5oP5
zUQoIf#}_Yk+7+DcmWx~|*5CzskzqCBN4QSr>5afm(9*eRdFLVS8P{&`8|;UUDg#_s
za5`6LOCY&>tN~pJ-OxC0KS3O!vujR9!(q_Omi!ck&^qpj9bo6Ldd5xboaj7I(-$yw
zz@ESa@;MnHyOJdmXtuLC(&QWOcHZ-s(&kr5K0DDUnm3V>P0Ft><`y3BaI4BYk8hFF
zeQ;IxL$!dCV;;g=+2KLNRP!bW4M645uU=usvo~Jxnkr>hEjhQ<OI5awQQ{^I$2xk~
zfT;T_;#701mD903UWazCXdfC~HxrtQEGip?!BtyARLI|6-iT~i%x1&aA3*I(jxZ8I
z<G4-U*I=2LyIl+()rmvCc37)4k8aJoh)mayHz)v%JYzu1$y?PAsa-T`)&pg#8G)K0
zOeV9E7%1vWil|M~IO<_ImMivTTKl_nj$k3V;eb-_dvZ4ENxo#)W*k90Rhc)^4DF!X
z(Pq`2oH!9y^vk?8&uyEtD2wXWG=ru&*Cb+Gy>VYtonl@bK}?Mz89<k)Ur74>d<n}(
zXq3WqU$&zKrUB(yiwQJNx~>bLR;sM{&ak_&*4|6^xY759B$Gywt-hr}AZnVYYjdb-
zI|q1Sbv5O#r^xM$KCJ4#E5OiaZnYtc+m44l<!qtaMgVrWZgMkkd&^g+oV^<sR<dAP
z8tRN<kHtJUoR#R+tQ&YO=|ZS1kBu3%P?N*00fZJ@KJ|)=c-XHra<-Yc9QGdGmNTuO
z!EkWB7t7U3=JJ|5(q+xTmr{a?-#<Xe9`=pcJGBQ;5kiO)JD0D+9wuGi5bCoUx4X2a
z_fux6rFFD6@VtGRQ`_Czy?K^*UMjh@m$g-wkUM1Pl&l$$vAtDrb*2WJ8hr7NdY4)>
zbcXm@-F)Dx4G#?nmN>$pE4a^it5!h_gqm*k?|7k`-sHd@GvSQ_WSZIvbM1<|c<es8
zH@4{Sde-bxpyc;u&U%nvIxF71zP6*>SGz(P0#PD-qx3NnJc3dQ2r(iG5;x`dvmQb9
zPU3l2+msJ`&qmwAKC<rSoyv+Xhl!P#wvbpAmo-<nJsQ2e?|bw2!SG=E>T>9ev~Y2K
zUdvVLmE}(CjX_i$RVLapZ$7fA?|t{X<@%~gs#bp8=63K4p-HaGEauB~YM`>R$_^$9
zps#JW#z_4QNkAqMDTx`01f&DfMG|NqYE4ZD*@??lRI8S)PeiTM6;h!|HOs5=JKlcn
z=iaUN9`~afmgTGE_n4JI%~HfOdmS6u^zDgU&n<51uXR_iVOMhdOjfFbt#zESlVFyr
z>X!BHJovH1-uJv7spYB%Es~>FNlk_?ZR+(~EZZ7uS1YD2S?txxpxDD&m3hu{oaN4Q
zopsqO#g%LU=T#-+D5vA9NnSLGdUtS78*Qzv3?P6BKuDVr=W;^;h)9B90KtR?2+0B=
zK@qmwZGey;9-X%vzt%qE7{+U>t$wx7RQkDJqgeWOf+K4>O#Ause<YZG5A`03_HoPg
zh*fVn&H5Qyt1_^%psCErtN#L=*L%cuN{X0~70$CaC}j6$a<h(;nGoGXMg*&|;^^sY
z`hPtPqrP|NInEkiw9y=7W0}U?kykeM<lDSz;LJ_k)c7JNBQGkOGOw3pM|XF2sH%Ds
zSViH@b|NAfUmbW1O>EM7I6d<3fl~GtghWI|^LrcDyP0(e%@0ocX7{|>V$lHIPkK4M
z?fOzZ8~LyLX#I{x(<vm0OqSe){Y1aN->^#iY;bu9Z-bIyJ?=lPu5aYkW!>G~-QH$q
zW@ct)W@ct)W!>G~Q*h!rj>%+I8zfrLEd$oI)Rzu7<OfDv%BpiDBAAMbkR+KVTS~cl
zy+@2byJ+(HUvAq;ORE};(=4{Y3kGOhsoQcil>3X`s7K51CY3K<^MUfonMqeGOjRpT
zKG-_mJo=-%BRg)PY6_`Z)Z#Kh$zqjfGP35gB;^8WL4c`FDseThW%sH{Nu;@Qj@%+O
z2C4;R*{b!QDdwoi-tcX|v;>r@2IP>57^tN;N-}~?wv}vClab22guR1yktrtAoTSZ*
zJW~>rRlTb91xo6=ieTIos;b9IIyNfZQ;_yL^<G#*8hqxx?|Hz!sGB8MEs$u!R&!Lb
zX>O_JsjQRb^5K0otgo)mpLISdP*Y)475BaG9$xLCR;kNYjEz>odv~ZeE!}I)v>vW?
z=hZ&rR7aHaC`t+Dl~rFXwWVd2HX@x#hu6L09qV}G-nzTM=iW)GR*)ycPp7wVuoX}^
z4y)LG>DDI2d%Isxoww85F4x}R(YEvJ#_b*5W7Tg3Q~?o0(-8~;st`6Pl~Sf*B8Ds*
zwY`@0<6E#tJ;$rFU3Y4)0t8i5p-jxA3R0K?CMaU5fGQwFZnJM%jE&WLf>k`HTPn>s
zSfNn4rChzHC3zfjyu?I~W<VvRIhj*1i%dV7-u3-qW1QFgv-bX4|4m+n9o^XTnC)Hm
zeU(wa(0?eP>X)6(e_X7Mxjy&L@67q}kvNk`lQ-LUc3zb)%ZKNm&bK)gy^kpp%s+4~
zK6UR~;pHzCi?&KAyWHh(J^Rf0-^$;ZGtV1l&cwq-0RVaoVPen#N3Yvic=26~v4)hK
z^<a#U9m*7!iRTx680P)dcjuYD<_`P!<!*)~4DGg(=;%l~1T+S;K!&sk5E02DGXspt
z$BS6JZOg`F7hO}%zNK5r=}$5J?82^_CVQKjeZe7zsY#4nLbFhK_}ktbMjCaSaoS$6
zWCUYG02%_Ly{<nv^oLZ@nV#fs&;VyCdWN_gHUUdqsG98GaVLDfrZq3#`ta-5<gU%J
zu*ign5A;Y$2`|p~A4X&BDRJFOnuu^sNesp!BYkVV>F=H7eRHqhh>5gEb>}i~;v`Sc
zeL~JUP^Pe^p0$-F8P3rY+ViuW$mLJA{O@nk$C9_=ocX!E+E*z3mffDNDRq5ugy|!p
z2DCMx_r&wOy}teHLh+_;nyUO|4LjvI)yE}SI-aDou3h%d2oC@d#3SgyB7XWfl^WNb
zUAou5Jk93;KotcQ?}_03UvJj*(A8@Xd>=X}{k-TtcWBCawc&X!_V+K)R-NC3_^%e@
zp1h<UhU%^CfMOS?fRCdAER0C{GbdHb_gr<!f%1-fp?@f&-Ps%wU$_{&Ty?(4nv!Jk
zi?giI2_1|;eBYkW*w3EYx|~<B4%`u(XC+R2ieMj9(DQ6C%hoZD^LBk3-r?mVw7d7O
z$-77H_Dpo$>7P+V9}2DfOYrU*@%=7EzilNi5!}bS<>$BL;lE{R_rB5H?3OlHy7=<k
z+plBaIlkV=qAlq@ByH6@zVZ?+TC-)9-<h7C^*lJU@{{6%ZP9P$nGF5wV_WCWHfC^&
z(v&-tp>-8SGVhJOnqK&&Pf|{d{txeGPrDgw?TdO&cQ}z;NUoHryw_-+?iw6(U{#-c
zg`n{jl~uTwrcZL?)lDl|S6yf-k)n(5v%BA4oUIyBZ)e0b_awKsoEt~nfGYa@?`89v
zE<1Ce{kmkZiV%~&MvL?X?p7qXJx^!R7uO<_zZ_dg8#^j-vnrfUc=ygLEb*S^VxBw2
z?)h}R1ymeM&?vmPYk=VH1a}SY7GQA*?rsY#5Fog_dywD`K?4cS;ubu(?*<5LfaKnP
zbM5=y`QNLvQ{7!%-CbQhb7oIZbromCZD{=EYn9A?89I-j@4Y9`z?+H3X3&MvgM^PS
zT{E9W>9^<m6jhhZKIc~hooX6jeuJxdB!A@UX#cQB?nmgCAaNKn$wQd3D``1lD}y#c
zrXm;SCDFj}6R&t`DSeRNqr7OoBy`j;D5LbHc;S!sZ-tUO>--}h&9m3jmkT$u4?Au+
zW{}Xna?a_=wDs^L$Af6325vX;&*AuCMx2_gH!mwE2YBkIs<#EkHs9;PZ(d^+9&H<C
zcjv%wnNB38cQ{JjS?Zpir;i+nJb8X}2<C8>POv0)Z8cLeyxh29L59b*%T$Hktc&z0
zSvq<OiA*uJNe&A53A0;d(Q~BI`_}B17;S|Zz?z?zUwW*K#pf>KX5)WGowhV-Y{oFv
z1NR!E`-ow^S-U;C31t%U7tMqFdZlng4$FR#LnWN&AF>jY7JojxFn)hxetg1v_$^%&
zPv@pz<CG*(<@WH!b*6OMf|;v)XZb)}&&`9iuAmf&A;Z`6HSdPphQ#SYBQZU<tZ%3E
zQX&A#6+&UdbH(k|&2HHxG2L(5-z8)oC5qp?W|dS5^Ob%8HtEzfJvom=M#QzC_MPlF
z_9pfY#BJq{e6(Y9bPIV{tv>TM<a8)%UlHm)LPYmUpUQ(d_ft*#BVuE8hh5y!xvfbC
zy25$Z5TRoa%uv2k&RZ#%Qd%noJVp0>r1A;9oR+FMmwed#1V47I4cj)ha}5hFG9hvz
zBo`72kLf@k41u-0&gUX%Fx!1ryie5DM!PxSXK@=B7e6FJ{xVz1;x*Xo_7VawToU?@
z(aAl_t#H&TELoAQ)$-kqcBwEG;dxwNrpY9J3vywXun@vU*7s5x+_Yw~!Dp9q8A<8=
z4jsV9j!d~40g#i$#dKAWD|ifTVjEM{Za?OcD8=Ldq0I7nP}yXUICx%u%X7tN6zqqI
zM9v|=&G8J&He6$#SSAS-4u96@LCc>+-kQFC`^?Q~w%+jdgz30zb7pRS@O1r$iGdMC
zak&cPy%$V(V3}LA!wv`dz~su2qvZ4;vxj%!Ld%d-2&#|}hJ{fn&DXXcIk;C3mA6M~
z(MOItjh)@EpGU2{ez*O--Qsd7tkwx1Q*0hZ1?Q$5d^;DzvQxnW)vpigKOow++R1??
z8483c$l=|lD6N^z<&$k=b!k3`t#1NuIZ8qnFGIud6%GU1u?SL@I!Xig)U-qgH7v<)
z2Bee^KG_C69J;o%4;cw2T;V}K49P~NxRLcEq2j(E4CX@~!?Z}jJqUy!|D3tEJ+XWs
z-oEyszQ8|6VinbGnoHIS@>!9BT$oinwddbLXuBqf`S>xVA3hFvE7TbI-p;v(ZZFFG
z+C=`r_;h|kb#M><c5HvzaARWRDQGx<=8e_M)q6PF8#qT!v+qgRE>%qBvF8KJkrFvi
z@{O$F><**kZ%oE>9!6?J5uwrvqF8@0Gq3F$B-LIqDy$^p7SZiAQ_X{cTnTJsQTEpo
z7IPZ)k9&Lupyru>>|ti(+@5?2+U=V)U$HnLqDX0<n~JNmzP<Q~U!O4+2m4I@c&@Ux
zVh<0PdBbJWCnwXSVp;nva9t|!S?)|JMvnZ}<ic&?taPEH^sX<Cbx@$VJ`k1{TYq*k
z3Ep(h*!%EhQmcy!^?Aq6g?Np@oy3OUd3%jvu|$^!aLeCRy(?oA?!UU6-HN>0A!FZ7
z+k>;Ee$YSs?n?a1aq=PbOjG`bTWhadGpkXP^_P^LCp{kkSq^}N3;@WMYq_v?0`Gc!
zxSc6iOzCCA=@oc0%G}^1)cY(-g{&xsW)~;Uw=6V`7Ud<+-tg84kBZg4KN#U*13w#g
zmDf<wp6_r-+3nxnSM+=B+UVPFTW`!+Tg$8La*r!O{?+O9dH4uJ65%XvxJu_FY%a4m
z%M6~018HY57L66q5~hOTl=xltco#pmd((REme8S6ee=Q+JaF&&Do>89hHE&@;r`IO
z@#kwe0DwERBn$XI09lq90QiT9#r&cLfCXUAPy=MhBFh3Gzd5n6un;r^pz!_1X=w-~
z2>6Zv2aweO0A>!^zgZCce*w;mzcc?75wzbOrTsM^B7>|s^f%vcj4UhoZ{hErk!63E
zk>#@x7$G2HTmV8QM2b7~Hv=Mz#f*%g{BDRKA%4I45G7<;`u|uE6vR-Fzb5iK4_I$u
zPDAwZR~{EKgrfDk;a`x3kP}%JA^hL-{9VY9{~xh_^Q0jfB5JXaWfA@SCNSe6jywMa
zf64ee$NW!+$g+UH^oO1OoBHn{f75<b5RxJW{|gZPr6HsQApfKB-^8ll1jv6%`Az!2
z0)p%JFvti!{mugLggQF@Vf=fR{|WY+iuHF1TlXK9zmwmM{}Zt4H`~9}$g;n4$g&88
zfV6-6`d6L*rhiu>upo0<M%F*;kI?0R^nX<f_?L(*`*+>%6mc;Fu(O#n6!-uL_;--s
zc>uEPZzTWwHux<ehinyx0w1DZWLZS%f5ZQb^&b_{(ce^L*}rN3mHwLSU-u0Jp}fDy
z|1RV|{Z#$0#)xbc09g&u$3K<-OF}^a7K$L>zm0z@5&?+h_j)n|Ajq-+#19McKrv^?
z0{(`-2LCIIEc;jTPj^^|AyD|3u{bm#L%(nHzv_OYzeYutMV9?{mHrU}Ama9)vi=kI
z|7eM5{J(%1fGjJtq$M)b?zZ{2nvrD@)s|O{on1de{uG_tojZA)*SNl!dQo`okST1R
z6cJayc206CQkioX2V$oG0j-)I-c!(R4)lPfpy6Z@GFv9*rrj>(9*KK7?;{Z=D7N?a
z;*)v?VI_7=(9!}djdL)p*o}unlHCLYU?$ejHoL)=*!KxTxArh&FX(;Ccz|Xz{!Hh(
z3T=+%w``Hz7j3+<FA|rmRJLrzDqXT2g(MTV*wNhh=w%mT;uscO`EV(gyzWPM_9(^G
z#+qPtU;1k0Pl1_P*SOX^-uA_#y>t%zp;`A!<PMK`3qmvH<TN{gqt^k*M!`QcG3u(?
zR|N``Jfk8kdRP`PfJH6@;88lwI_g-xs)<)QCsnUnU8t|ry<#p>9C~>kmrSPGSy#RR
zJbA(6k?pRfjl4uAYkM_ASzP(YN|a2Z{R<%?ljE9RJnB##o;gF5E%s*d^8uv9>oW1o
z)5c304}UKyI~(Vk!C_5Hysh`|sp`bHi%J8Mi6gB&)B3lAQuAQAFm;eD)JS0^V#&aq
z+}j1aKJxyGixt*qWUSCCNY-|XlAE6kl3uvR&yks&H$YD|7}ubn`tZUc$|=s1!(rE!
zEV_}L&eHH+lv%KOC3F^tydm+5EI8?+xCx$yg)8iFOlf-IOAC#d_n5O-+U{|=bl=`H
z^+;gCS<}Auow6n98y{VAmYHf5PU|@BO-PA4O~yL9dnokMPxP3r$$+nIq9+~HV0*cv
zzUV|P-e?weiTOb)`$PR?(=UQ7PJxdng1>(11R%m0abx|gOZ?$6Zl=!3I1<PD*x01l
z<{?J+BC>}fwM?~?FamkwdGceU>CRQIt+nvgu%#hgfFp?hDWB4{eH*`lqFT;(7%#ZX
zBcrc%NHV&cEB(7DgzEWeyJh)#XD3xZ`RFl2CW=r<O!T0T0_211mJoz7s{5U+)VK+%
zJqCw`C2+nYw#}2p9IN~V9_g14Lne#GVlAyvhCQ_hz##t(p6=L~jhYp6Y_N%0uDlvZ
zP{Mk8v}C@)cyGZigrW=&;kO7nZ;_{i{e5O?_`@jB^%<`fiED_pYtbCbUYX@c;8E=4
z;y634o2E}+7j&n0z=5Oa)%Etq7Nj@WMA@~c$EAYGr_s{3#IuSh#Rw#vFHZ{*DkP=P
zt-iLn-G08}@!o;kIMb<k<929VZ_CV2KLLs-@4@GEy7*(2a=R`L7{zR;{6*i*(21;1
zX+Q&bB+CgF2eMRY?C|<@rC)|MD=+k+w3;>^8`V$EuCcP=wD^n7$aNbg;$v*HzamX#
z>o7RPMk)Lpz`C2H(47d}`YzQ74Ke{oHW(((U+_DLI8tk+%VC|U#Tvi&$7NozTz&Wy
z?H@r#4qD7%?EoUvfI-qWIj`f3kuI*LQyVm?qdo2;pL@ntkfLg&8tTtN>!#DQ*r6vp
z=q9K9OBARd9q7mIN>vsjgX>JYmaaC}g0t0zL9{1<b~|G>Ra;uvHQdYfp9>8HU;Aic
zFmhK+bUz!5&bdivK=Cj%@2?M5PT8I!XT9s7v*@gN<P}ul^mSV^-dvGy_QcHe-}9e5
ztRrVF58LFW7nt`lgrYd94|d^P#Pfw7^;7~I4z0G57eB|S>43a$rt=cuxaeNxZ-bqf
z{4BITr-HSdN#`x}<|C!rKDfM}UD*Ryz*#JZ`+!D%PFMFJW+5Qk7>`9PCp?_^9@=U}
z<K}9E9kBv$uNyd1Q0DPD;S$aEcJx?4MBnwdu5rid9nbZLg4aV_R+D;?k^&jG*5)l`
zXn><D&`0VzYlf<QoM7ixJUGJX_6|_hMvku-))gn|{x&zEN<mQ{7}b(P%E9+-(M}5N
zAv9we*_j&w4sFfg;^D?Lcq{2v=9fILEU!G(f1$bCS6ACGF=n^xZUUJ1l+fzl-l8z^
z`QgZObu8(ggRuK9LfHFpkQymK#5P9{fcofL-EWNp{)lH_7H)jAP@{*6`$mYs!d+47
z&yTxv7kvp2M9&4^ECBVz1qBhY4@^M0AP~sjvK=4E&Gi)8dD}|~@HIvGD!)2#yY+B;
zGM9hD$o+Xs1%m&hjM0LP&NOnKa)B%+F5F5$y07<6+RzfHnl3I#L^c`kk{dvC!Fs9*
z+4Zlbz-Vnm`W8de{uAzxDkE`K`cdqif?Bgbv+v1V?(IQe3sSlMbF#u0uXRenySsC9
z@jUQHOocxc8UA>MW4e&+<Z4Q}+S4fI5E}A>>y&rpWNjIuXb}Hv1!0{1`vPjtAQJm+
z6@fWf9azxCw|Pp6oo_&3NT<ugO?DXPqWaXdmlGDiiL3+T6J-tM+T{I%#1v_^$xSEX
zz{L9>-5$`#khmnsbT5I#F_!`P!}|v{-bV5owstHKggNm8_Rd*M&B@ruQvS_@zD;_?
z+cqaWbb8^cJzNL7Al>HFJm@kk1$y_}u{zL1UocZbYs9Y%^4-=v=XK%E4+pzoYC-&W
z5w3^3V@?mkK%o9hF1g)9MP&>SWU4kl(ZK=F0~SP)FJGt7*VoyXEIqnyH>+P44FQ3?
zK?rsMRtE=<x;n&ZVopT-2}L_dQUl`9;PlECWCQ~=5!X{#QHwYZH<_218|tjzQQyC0
zF=B8uqNva=%9;Nb|2)4Sa7V1c!C^WN<gwOA6AO6B|LR9uEKahpNAs&7L9xrqa2BA=
zw4p`c=E0$i-OoJ4nL<4GH;gjMQe>P}yLGjOg$ILjiipr%hX#sbrod`-Q)dq|)+-iA
zR1v+Vocz^|I*aY|y`21PhgF~raVwgYD+GnE6S|_wW;hsfsfYb0<l(yTION3y{+~3r
zlnlbsQw@C-N$v*j&ETm1y%0*uXN{Pb2K9CwZET|k*$-I|2&Dcr?d=erGY`+Hv|#7<
z&+=>{B77*!+n1k|AAj{83UjX{7y8I{GN|X|N`w`s!E4tm_G=V2a57J#pkTIwUurD;
za&)>sHsHtLKuAbP;MM)(&(PeiL4lgD3<Su8N4`1(<mk3#osF0RD8~U6h5MZCAzski
z21FR}{JhvujByai>lT;5+qQKE`>|_RZz&4BgB2sIBbeK5tg{oYwBfimJ^}g=;{tkk
zPI%uh0>BGlc(3QG5ipY2<@!KG$Anlh2PH+!xWq}sy2MGN|DeBd2!1PvsVhSYY7*}T
z-FG&+dG(Aw1ay<YG?Bj|xQl9QKzzbwIDfjkDwxi%b_4_Hb?3vQlbRl6Y7QlNvc21E
zWGq6;3wrDF1I9rU;Y@4-ElqAJniJ%Dl#h^+SqUcsvd%{L`?#Dx`S***#~j>nG#8;z
zx<epQB&GcP0wDl<;k;Q;G!Jp~6(pB!fa_om`Ou0u0U2E1*FQ~a!1<nVZ7Nw&Cno&b
zlo3?KO?s{Cq~>b6|2^RLxgclZK_743D<Y|%zkD8cm*pwBj%NzF5PMWFE9I$c%(CR^
zdJS~u)O1To<FOc6Z1Dd~KZEn2&%F%)6_yn8y7}OT=<3f8AW-S1*`c!Lto`rv6b45I
z5JlN_+8Sk3udES(qTJc-#7%UPY?dOX8xawvf)zt6UO8U#Q57!f7clH&SjfeR1j1ff
z>b8Ag|7YKA|H%gcmFyP=*5MXncdQmFHNQnn_v9|lns@yqptV5Q;2-dl&=A<~3HlrG
zoYy%xa@N(wSnME9l;)P1<RXy`zV;ZGMUp<du>J9~44-hGN!s;uAqbKWc?`MTl{yg}
zxG;rnJ3<w>vF-pV#N|RmTGg(=!Hw6(Q8L$<Z=9lJ6d4{z7=AJm{$!7O86r<tDNlQi
z8G@;>EKiHdP(k=7dDKhxC`n9(2StXRIE6<=1nrj%;Wc4whdeENl(Ztl1_MDG1Hl<#
zOx*7_3z)%i3M2A#4GaWOo5(iJ>h|00u731yDjxw8@5>1O{2GQ#j{0W2Cu_L%kC5id
zRK%b0-|##j0DwY|<@MF??=n&~Y%mxu3&5Diz5#pm0;HX!`5p6H;SuBdTLV@Y0nAt;
zL+Fsr4>X9~BW5SG&)t#rwSXV5d8Gkm%w<^ekMMzYk3^6;wLdU2{IneB6kR?-NiQnh
zARGW#1(3g>bv|0(o>?(nu^c=efOEdfs)!i52p~}I?8g`y+;kR!b;+2*$vqv-R?p|}
zi%$Y?9eWB!FKC|-UMs$F(SoeWV8s%5<-+&NlAx0F`ngaT@Tz@#({X$Vit_0W$D?uU
zdQPe->3&MS(WTU~ZyX)zo20TEZ<@@B*E_>iXvt=&2gchCDy!%jo$6weTbd7)!!vqH
zn_H)+0J32yXg361Y7xHWy~=e;S$S7{^ELD}%2(QNBMb&RPac4v*%Y*cA?Y*R2o2|2
z1-&1(8{Yxgmb8#(<P?RcQ1peZ&#h-=Pu*6wNK!-SG`faS7F-uQmtW~ZuZF;DTc?sH
zb)e0w@T`!(75yI$0eHY#r%$`R5&j{*z}(vbNVO5T#CnPjS><I&WdP^&vPu#xEvfh6
zLI4!Gnhe$Ww0IqTrezda06^_LD~*Bm)j2vsyF#d(gs7ZMs*}oy0&;~aW?t5$raKD&
zFi)j_0sr;!<<XDFpHpdyY)@~-=;L&HQ03o55n*M}$7yj8%clQ`Cj{Cl0?^*1Dan%j
zsak>E{4_9>%%mEwi>U|bU{XMGlV9YpigzZS=T4hP&SKQni_}Arov(;+b?R&|b91RD
zwRMRjic=zvGAK8UVmFLZSHg}*567l_{Rx?VB9}eU-9}im(E#YwS+Q)&-Ib`kvCvBD
zR0kx>2uCXiRuWZ`up_5&0G!!@F43r%X$Bn508?jmG)hGdN)pteI9B>+03`VC_^-L6
zKhyZb+777imoB{Mt%*LN*`;-6O6R%;<Qjf!Taj$sqCg$1TbEV0@lHmQ&I@M^5)sUv
zPdsia8H=vait$=rxM;!O8&m-M=2dru1LD4(Cb!(zyK?M|DBqu8<>6E}HJ#U>V{yvX
z7E=q5x(s!f+$WhW*B$V7-rv;Fm$>GP+k8Q3w1g()OffMDxZ?P4*Kzucz@$dPH>~a@
z`%x;!?R6N3s07!M8*S8BUVoC`<PK~HOKN@Yj#4JPq7PS_xUDC<r!=Y2_RSXTeVjF;
zKgz93eWkf1-=-7`mhdtx8hTanV1LKuoLJu1VTgNG(BFH!v>XJ4iK^~8+VAZ5n07t+
z&stu0hq$sA4RUmO202{K!0>!~1v6!91+ZMKZYCQn7BBcSvN1x23(M|Y21e>mUNoK+
zPODLjfFh=z<&kdpl^nWCG&IzU+ES8Hr#;?!0!<V|ifvlA`wZ@YSdg6hrs|s~XO?cp
z?~OX$)LZ?;9BR_My*@cy8N&ON9r1-=4Xhr@M~_;_?Evq?JE?|d7Cdb5RF#YlOFyr-
z<qi-nyY1w|WiDrDm&0{{c7?)<zoCO;%(qP$eVL%IkZawWejIkm=c4*LU7l>}dY0A~
z+w^zUq^7|sR3%MUW{Nypm%&HU#UdU76I%r$KJUGRqq;5f9;?5*fh>1y{28EU<0&`k
z`7iEG>v9WIP9y_u+ws&Ss&gz(p07&CZ%<W;OMEb^4j$g{>~-n-MsaR40ypV27GTjj
zFrT-nYRa!l)iJfGy}G}h@gD;hjosJiJF3>NPhJ6o5<HGQMJ;bBBpj5CeI*$mEPy-j
zK0z-*?&sW=SYyie>xM2f0bDp##ti}6=W>UA7>4<MX6x&snTs}Ay%eB?Cl|Mrstk^u
zns?DQ1x5CKeVO{jy&~No)^+?u-&VVFI=@m6zUvg^mJIkJ$k4NM{J6#k+15JCQ6nRh
zn7AU15LDBe-LdZ7HgQTUJPuL~gmitFqowc%)^*n=6tEddh#R&Ap;g~n;v-DbK(9cX
z#=Oir>Wz}FUNYVOJ;p8`W|Y~Lc+WGxbUyPe(9h3lJPz=D5jYCRSo@-OjvmuE1DOPM
zDDJFDO^%BfT9^~bPH#K8Ew~qLm^YMEuI}g-&kwuYx#)4xiqM>BT;wL48xr{kdN=hA
z8{B8i2!M_JnXygz-X*J#vFZ-Fl7XJDnRc!B=|eX9XE15An7iOn%R3(VgY}Xb?I^>E
zH9c6A-%fb6U5T!y*h;f4gJho7_xm4CcbM5uJ|6*2#dpPea9bETi54b#SeMjgH2S}5
zykc2t@)_GJX2>4^2G6+K_=>5T=-rg+_jxomEidHy`K-B3O-*B`9V5I;2G1H7Z}c|~
zd{_-=W>thL#*_9jyjs3sHlzWW26}gUfYf@|bX=}X`Uf3c`-C>@sJI<1&)PG$dEney
zGGI{?aT7=P<C~&3o@vzWBl7`&gR{C?$`3M=^=GPCJU4YFPFr^lJrs>3j(lcy6(qT0
z{$`ZguLTEuGX$<0W<E#VCeXa?X`uL^v^g|0HB&%Q)HaK=W%Fq!<6CX_D%t)(CEk(y
zwtAhZT6TK}-;9=)Z6T!>$h}Ri3#>&f(o9oGIh+2z-D=kU+tiT8AWd#4RbNo_w*QGG
zRU5n#m`maSaya4g6y@`BXgE%;Fu~w+#6A7wp-^ujSu8YL@Z1_G<Hy+(<Mt!_wweEm
zj{op5^C+>rt)23~Mfq;!w7apOAsm;Gc?4Be8HvF<-&mefjX7r@ofKzgO>ElTuE&VG
zXVxjwlf3i5zq`0w->t+VpyFsIA<D$cn;eTgy*>O$_^mSiC*nx~1vxH01#Tmv2oPu{
z`8~00eqkhrf!uQ<Tdrc988Wz#n;<ITXJTc=S1-!rUo7WCw<d{{L>$~06u+eBP!v$G
zkVC+(O*x!;?aFtXJ|bh3il2o=l3CU5795*K{fQhv=J^6y<=cIX9>B>;T&GNtS6RW^
z_0^EY1nYjknv4q$dACm-OpMliNzSV3n#_|K(cv+SfURCVJqkv`D~&chR!i~l&ukz8
z!bEh|A$2R~7;81fX=Y89*}McB#{4QQ)hW54`jZtFi|Wl9xBB*^RaWx}d+#X<eKNZ-
z8e1kgV9~7gz94Ba$un}5P%9xyGaPGsi~ZY?oI?NowZwwtHu!~)Aa+)D^mKOo0Ej)+
zV#B(AuQ^qc>7eV7B&++Q4}U^(YQSc6bGFm!k)FG#|MZ4?PioAX2&XVDzmbp`nTQ~N
zEh9IXhUH8M=Z%~DWfM?|O3mSwd86OJ#xBmBYd2me6(zf{qRk7dt{>1<kP#m115;ci
zdOBjyt9rg~svw3ns>&Gwl!_3B3KfB9OJSc@vQa^sQW~S`9ic9!Ejhx{Tg0`Gxc)%A
z-+%qS4vDb(5#=e&s5Zn8@xDKeWO&&T$M|e2=vPVN`A>^`SFniY+*oU1^8h@`s(FQA
zJw~<gLmp{+x$-#ITQONJ9DX9?eV@$6a7HX07YUv*T5{|G8h|1-CR0|hP45b+DDtI~
zx=mU{lwu(&3RWKF4h#Jd&~ApifXZ#YAupwR+0B&1))d=q(Lq$?Oq7dz+qcMg(y8N?
zTVij3YKu(2Vf*=dcf@8!U-{dXK%^n%orn&->Y+aN?@Uv??9#|EKeJ*Z69d2QwIba^
zF{Vrfk(5_c!isiHl1ym=o^145j%Yw10or-0^@U{>R%ScYCTq)YVlyj-PGySQnj0j_
z$Clgc;>8mYiUEqYMxC|(uOd_w!h-=b^;i9@Io8GKCvEjvv%6RWHb+QnEwaTXqJ_ou
z!=g&0$k0!a%&D#*3GJJ=olY;9QJIn347~I57ST}eV+mQp-wL3RwqaqUwXp#RpOX{I
z@maMxy_Tw5&2JzkQj^I`(_w))<t@&Us2K?$wNcl}y+Y#?_YaTG>!~BrO3w`cl!djH
zEgQXfWykd{dX}EYp>v_g3$>s|zPh!%Q^m!ZGH+tR*E9_)ypOjcIz?$`6x(Y!-7nS?
zrLJjJBp}lw$QH@vg&hM!8=vztT~<5g+M;+g<)WGGboK@VQSOYHq=FhIQE!>izDO_f
z<O))VS3(7kLP6PC2AaADi;q>JZ}waHDHI@N<STk!D<k2v$WJ`3tvxM*M82$-Xk10W
zt5zE{z)|vWdhfGO@7R3gYSC<~y`F)xBRRd7#eMxyJ{*e-HT0B631Ry9B~aPe<%dUa
z+cZ$3AGW8zdyhxlW}Qgg)BC>Q+y~u`148jUCaa*ZUWlV3liKj>02XfDYD7QM2C0vm
zx#r;P;hBg0PP(f9OuR^pQlfeAWpt|Ye)}@#jl4B_*IP&~xok_~u!o-hXa7~>83MB6
zZsPN-LYrcB5u5$RYNx$+`zgqW#;L_trp{LWEYYkh{E^<SL$yG32fG0##aKppikYtv
zV~Wo>!dtD9xMW}J3#LAcaf;k_1q*XRsRgt&<3<a~&eV!O3nM|9fjwDpfKS6{HdtTe
z`11#_4>C<N=ckDJyi6KRlWE2qSwWvM?}TziU@Q=cmB+>$N%lQty0C>?vwvz>T)fAg
zvb}8uh;FDu`b7e{=uk@o*^P#DVp0Kr<VqkJv)o7^spHaElpg0fGdg+Ke%z9Y4nD`0
zNdTu1v$xi=unxX|Pw_Ki^!mbz_B2JcLtb=Qif;TIEAo~29unh1HV0KPOXKNcRcB*Z
zhlnJHvm14bBB|=OYnA$yl^8D;KbIX_F@uHm>H|!xr5f?)!Of0=*INUkcg)lNB9hew
zNtW0tmn2o@V&dIG)_d4%o4lFz!@7F%?Gj>FqTHp`s3~!vlWi3UV!kA374M)-%;lh?
z>|jK-<VfDaR^nzp+wNh>n6$F}Oj^=GX;JJJj}eBq3NbCJFRbn~HB0_#*6HYwbf+|-
zkj2c_k}ou}$~J4hI3dcsvQ(?=OA+L5x?UVQrr*%}zWW{Cu1k-jQ>L#du3&&ECKXm9
z2lQg4P+7K^pM`%a95R|M9dNf;)IxJp(%GSG*?X4H<Nn$yJ;<hTO?dJZX{gxoO8Yh$
zFSpzA{$ktZgfy?eCT{X@b+1OHh;i8}75^)tZAQ*j98x(lPnH-KeBTw(d`MG=L!)tR
zTV-MKC(Pa;brvf1;UM`XJ&m-(vRCg!oTe}Wka2-FRB=n-lxlU7$Z$Ev)2$&e=|&2@
z#2C!H!=YFl(nsFnc6eQrsb=9K--4RfKyNN)McZjG&X`tMI2fx!-u1Rjz&<`ek~4g$
zyl4v_?`%eh#>=_Lht>NV_IcoZs~L#o#iv##Z`_usRnZR>*|Stt?GF2>vI#VOLils4
zY&C{ll3&=z<rZfiC*1S$9gN&&K74+0z$oeQMV}HK&m|&mC63HGvei35BaX(IoNx3X
zu2sy?BlW={1As)H!l;HCZTA3F!)|W^pEO>3`m)#zOMZ^T79X;T%U5Jt^H3;`7X&z8
z^h9C4F^i89t$u?dw5YRp;4(&-NEpQ-lXg%%;;l+Ht46q&eHE+z;&VE{&_NML={=tv
z{Q~<La%77O-eY-5JdqjLa(KE{wD1i)`>XtvRAtb?<G|0S7I)dlER;!NtG9qSjRLX=
z!UeJj#D4CZ9Tn6+>YJV<&+md^E3hIlZ2G}3I^BH7_v3*pTQAEu6j24mR5R74;P+E@
z@oW0vEln)s;N3*&x1Ko!yL{KP>x7V)%1RmI<}di%m7>wVsEa3yV!iXuG4wF>XZak0
zl1?xmXm!#szI@5ddm1CzEt1KI9r*f0*R;2c)6`P4|3>anDrtLot0%Yq>hW3JDGVdC
zo80p7mqboGl<<M4N{~&LZKv^RzLZ6qUi*h=Qb9Ki+xA#wa3U-3qkl@^-Sk%9a31I_
zG3(CbAxd%!4<dHj<?~CVF8<3@uNuCe7Z|77^!{8sy$2Q=kZd@F;+A$>l_Isp7sJaN
zzlQIR*y9#}QQ+sbzOdD$IH|XXO-naoCBC<G{JS%sb?NMaQrkkZ?gK86?tgLJ8(kv7
zKKh84wm9H-54ofCvspZ(Y17|$=A9E*Yr)59zv|3?NV}&*+90{%kQn^+lT3+j{)yew
zMs^1v{xG}ogr#~tC^bf~O?za-e@o|6JRPUABrBQrXdEG)dsvh9(YxW{8;s!|-!_oI
z8cMV=#)oxTGUxS#)Q>T#aw101#>)1+)Xnqhq>zq9JfeK(d-g`?$?+>m2K=h9MT!Qs
zo6NcgGu;Q#$&#mKf79AJm4oB<49mT9snYyUwd+NW#jTlyKiiQmf5n!5c}6)0?UK9K
z5L39@N@13Mf~veyXkL||Uk(i)$xqG9&`WtCPo5?|hIggVIa6%SFKUdOOZJCV-_vUE
z0S4$y@EGt?rzI@YMtn>%$+YXsXMZ>cY`bgzmW9qvEcwI!u1er&Sd>)emmuk(^IeEd
z8CTvgm^ULVCS~xz2NxC&<+yOuBgyilQ5m?(s?&1C00%B)xm$)D97*<@NZ0eM$K2f-
z-<~{s|8R?5CbQZSD>0PJ#z$UkrZN#)#)ztxxJ(}=dPFz)X!vvclA(a<EaGy+C;^#i
zQQ_<}Qt24IsI(?3CY_!mX2eLSt1WJI&oIOVc{IGLOkz`9A?Qi^b(L6d{=T{}yRX#n
zqex%swkyLHQ*^nVFiR9VVcYyQ(jpR$#hf{JYsUMNfqYA(@8SHcPT?3aC>fC~bxf;&
z;H`}x8BivX3LzrfFBfgBa`@ij+xN80=spax6^b3KR$B(oT#CTop3eqM%a<X(g-Rz)
z_q+R}v)mT<9C&6T!b($fquUZ%r%^AIQBF!bF{rsb2J0c)CiE`aLQ1V5LLjPH$1k&9
zMR(En%UG(^2LwdpA))iMQ`Z=q&!55aFLrK=hc?8p*n<ynO8M9F_$fQdHv#@&A&Ipj
z=U=`%81Xc=7z1A+LL@AbD(U&I+d(^>R60iewt6eNRFjZW>wSyrTJ?+mBfKWI9z0oZ
zq|r+{?y?c`%-VapprL({HArH<7#yb);Ubr6%4P#1^EvJp$CH~xs)?5z_-zm&B;t&H
z9*)#e;eyfgtBBK|<~l)`j;Hbl@t}-Qut=5Ak6bgXiD3}Fw8tIt=G84_xWO#YwmLS-
z)3Pp6c^l7~IZnNoc{*1R^-aY%Un&#|wHhUM(Nd=W#Y^Z;$NV6^Dw#P+si!BvxK{QZ
zn=NF=$fKP#^c?Z=qZH4?)q?4JjaM|%QwYzuQrmksl2WT1l=m35NYLdN2I<U0jD9Qc
z9S+T5i=Efy8)eW}7<x84l-xm2{g(wrsu+T!NqZ7~gR_;Ao9J#D@nS^^Bc&{}Uj2td
z7y?DAAj%W+{!I)SYjA0lNt_lgpLU*N2tB=32-AKo!beRei844cSxeWSJjEO8EtHjF
z0lA*tuplp}Zt)u)dm>+`F~P_G5s19XpM;H0l`(BO)=;9O+w>ftdGcV0Z9vn0UBD&q
zbMMUNoC!l9SNC&V|0SuN(HkyKmv5pi`=>PCH?^UW4764|kO#ge=yyT@fDu(e)+quT
z$PQ#A(Z!648B`ATO}PnUrWfxk7sOZE!XPrX%Hm0(#QasZqpcN=iU{5g0K85<s_A-f
zKNCQe+t2QV(Z4@sZ#}}SDhBbc0gLF1Zcu4=#`MniOsSsfsXY_!>h=W9!l)`Wb&;hC
zH#W_EyE?E&ben0YwTr2|3W$_YqUZYvBd8={P3>zG^RcKXv&)CVI*sevXrfjo0Vn`0
ze$){Fj%UTOSHGuSN7~`;Ab-!U(ys8N)0Lj~wx}cwIEVKBxDmJNa>Q9RrxClHvs^f5
zUv+v=lOT7y?zlhbXmhlK?0Zw*Seuz9=8w8pizzzn#g88P<JTac$Tq`A$~qs8)ltuN
z-K);c+vsBDF{0GtCNqa0%T>D!U)Wc77H7?GI5|xrhI7@52H78j4&H~hcz$FL51^#=
zfu$vPMsADk5^Lwr<?d|PQ8n{2pEjf0E^)i%XMcldjhNA!Hz8|8*GQ7-m78kd3@vnB
zhX^vUn+vPF7SIkpZ2d(MMv*BB{9qC`SpUZO?ryDM7(mXPri{#hS;ibk2PT*^ym>bp
zjvD@jqL8t~0+WnYb{JU!n-R@+!f3s9JUm8Li1qFnrh%dC=M5C<qYM@E+gYKlq8G5x
z57m>R0cncNm&U{Wu5ye*4DzV5@kdtFfGZ?FrEI2LO{T_{qg|=au>%83QCO3r*U8}e
zXZMuO@@><MTI_Nlw<$f4dRWaMT2D;kcI)R8{N(c2nupNbJ6p^6@7$QNRVw@4!S?<z
zw&YmN^?<9D4Tz#^kJL-B|J8VHh@b0}#UfCCS2gH^XpxE2!|BVxKLnR~s+L19jkhMd
z@We%SCRq2Ea~2IV);TBbx-{gGxwY_gg=MW;=Voq;``iZ}u4YG$zZV~P>u=VddDe~=
zeHGXZKJof>{JcN5<W>|v0+bkZbS!a4(7FmeE(4NA9lDqD(B8M07u|n<DxAq>n>;oa
zeGT?OGud`~{z5sO3w*ut_DaPPRY!x;z9vXlOXe$(z3ZN}*E7{~V9Zw(vTkk_NbO2R
z)xH)wgf>@~9AOVDY7V$>RC~rlReM>v5j0QdNaM6?m=#d7X~=rEQg}n-<=vh*anS2s
z;u3Wy(Q^Xb#(G!}b8nr*9Gg{gAt(&qu-%y@dgqHx)A|rArZ;W2U-2#2);&{!t}4t@
z+n^je_T%Pf?jYQ0(>SRd2j&?>vrgmdv3)OU_HJ+>uB13;jZ+*=Sn4oPM0%!S;OF&@
z^zp`~TR<|WQox8!A{R?nMrA`z#-gEmc=&1(A-Zg;9ava}Q$XmThAc=&<zm)huhBxX
zTxLWLSh%U6=G_+xBEJtkP=2^9IeFdRdgu!c*4fcv6W5nKW)iBpb`q7k6vJ8Q99B9%
z?P?}6F81#=;nYx5(=*7<sH|sEo7gm$jU%l1gb$8q#l5acWMb(tFu6Z{+DaAP=uy)S
zhl_uW_g%ZYQuOmjnW`(BZMI$WbfU1eQZm;}hx@;xo!$94K6PT#yaDyYp8_G(u$rr=
z2Itc!XN#Lt$$h;%;3hJv|1f>#TVm@-h><rOU@NNr#~FJ0C==e`3pS5{x>HyOTx!0F
zBmul%FS5@4v7dIcF7R#EHz_MOSENnw)FeV$mNtW&j5bsCN%s>(goX3%af99q8?^Fw
z-)5WZ``Q(Ir&vyErMP?@F}`Rt(<*F11)X)i96zM{(|qRK6aUx^dl3vGKi@fKrY;Q&
z@t%_o-nD?;?m&MrA?)Jq#_U^0S%4XBdWMx9*(_~(#+Vav$bfM4=QP&n)w!X!=|P3u
z;@%q4YA+74lCv7l`Zatf?jD}3#fIFLuxdrCo6WS1<8xH7MZA8Lx$pfF%oCR+JTyzg
zaZmgxd!@ZUtdZqd(b+X6!nEe}*ynqA`Qa6z#ZJlqU!6z&Q6L8cs~mw-XT4agdZ}53
zCkLL37@Jp--&#?>)E}7rAHku#&)~ysBj0{D`v;4CiM6l_oMzd&P(I*d$q4?M*RTGa
zy*j?vZ&Que65o%<w;A^0u0AFWGG;6fWs47i<vJLa?1m^^LI_rOb=No(xPO$V)e|Jn
zmvaR!#DyLlpG1eun{;bNP;>3|aZ9t=1VFYtJ`zH<LsOxY+N4VHA76tv2EgNj7F{-+
z%Arx}gk`9_U`dFp8S|XsXU+7S5r`RX7pukCn);-ksfJxgc4b30i!-N&UDu)U_8sWb
zgESR4b11!#8_u2x7ReC&UP2+amejo`=Rdz#d=s3B^c8O8-sdU32jUM8u&Do$J8<{X
zA*}ywyT~!@*W(QQFz-E(MX#1Kotvct@j#fdWGot#+ZK`F%D=LLr-u3acKunfvMcq+
z(+R~RTX8BG<|UJN9kF<fWw}S8wxj6T{=67GZNqT@<Y8tMolCxAnzEK@q<GJKP^n$?
zHVu#96WC~WSMK3GoFsd4kH)t5nk@3B)R!#LGPg5ceQlua8cVZ1<w)Tc0{<}BWCs@I
z@5vt+x>(}1*2a;x8~d^C_tge2dLUCL#IWwLHgIf_SOIsqHWEEGfjD@n)^cQI`_Tkw
zti6*Lt)4hjGXQd?135G5$V@d5ubYfY#EdpznRACwI}Ouk4ZD2#Bm}Yxol&#k54i(X
zWry32Qn0<Ntf7(?O<kY7ua{TihRYp^zTCx@@YTNEQt%pt8XVR+UUK_+=u%b@Re@B^
zuCmR9<3)~ordy?=kc|_(KY4|*^n>}XgNS~^c%DB<8{9?-Ldg%TX`jHJDG9T+;5;!4
zfXM`%1byAYSoHL6&1uwFy5eCxD_<)zt@BwIfX`pJcQGAK5tW<53&K7>G=dX{T0ILR
zx7fwl>IS~v>NxULO+GNqHWq)OVLE6xr#5@{DCXjJanenEP^&s^HMjNL2$(P&T$VmJ
zs{7$2?3)vB5N}A5<t&&gXykwnaqQWb0qVZao|ri>u(kA|;w0G4L}#hf@TI4<Gfvih
zqOyV6Nx77xWEd2qw#!0$*WJ-|XH`}QyNOu*UTl5lN#I<K5I9~_KS=W9g%NOL+AQP7
zsCy><t(u^)lKw(;=Q)tYuKOT=IY&KX(d0!=MrE6xLD8sdb8`pS75d;Q#<fr_4ii6y
z#apxf%pODPgYgQsU}*Ks`J|S>5)IR#!23rtVvTnaw1`k!2k_1_c<7M<=A1M^aZ~!{
zt{c*jf+8kB7V(u)Hyu|#9aT{lUsY3Su<K<|81&n;LGdN+!IagU#9nYp&GczOic@_}
zH}LE-Sf{WA%)lcilDnxAi?KE5>kY*fzq~^8SEq+8D%2X84CD~o-?CoMh;P~){`l2>
z`{7NX(d#&+0SH?NSAHwZx!rm1+<*LpuEpc<q{Y`kUy|m)*VEM!PVM)IEwZz@S@O+e
z;0TLl60#;r;2y$mT^L@*H&2N?R}#{<_cXI~jB9`<$&E|D*s){&yl|`Z`M|yBbfV?J
zQQqiHc9#Zdrz!&kcbSg0&fDb5U!mQ6r0}^<ovq%~9;%j&1Q?Q|S%(`((bsY^=v9(*
zZKUZ%zEaiXPITVrxVy-4%g`zG9h;|iZ%)%G+`5~Sc2)FP65#~xC}s$#9#8N$T=aXa
zGrNEE(w4k1^Y7WNb(td3XU?&+i_EH0cqMG0sARCLHg0}U0y-&nrFKubc$VM62*AwP
zwKd>~BO;Y1WF&)bK=Ug_8>Y8+o{QX<2ofLOTe<NuGG^b43vbS&SBnpYqjOUPb@7yY
zkuWm8D7yvKIUxb`nrfdHO4L-n#w*FUPyd2kd)bDnXn#CK&epOEI1tYz%1z9uKfqw`
zIVl!H4Ol(L8hbqRn;^i7Us**37*;Z)iL}vUk^tfuk}?X09b$?2Et*K(XBs^_9NjzI
z!Vl3-YEs0{P$dxFf!`meIt33&+jg@901SzNaxM0qgHNt8JqN-cIa-ty^LHR$S&lvF
zea_oZkyvf$l@;twQKwu41s19$+q@&si$|z#*DSopej)YB1-q|N`v?4yff@DZ7GiV1
z7qQ)chMA%G@`RpVmS_QhNr?Ko5k~y|58fu1x=6^3sR(I=d~4wwC+(S@uPhTbKDp-K
zP6k#+R)KxSqB+R*P2Dec>T=o?^Cd&XE{~Rb*E+LCGAFa+`Sr5{U|sWiUgpP=lxtE@
z;JW}9lMb2yxSB#Up>*Jp;f%ef*7Vg?Q@^tDVB)GL&z<?Cu#vve+dxEUL`5Wk>_jwR
zn4dKBoz82Ep$<0#Z#*+}#vl(}0*NXm<<I?;T&V8^A{D2wb@j0is91QeW-fy;SU(vt
zExCO`YiFEb9;DtVq*$+>ai+3s>G1hs5oJ+Tf*ynIgq5)3(#G6c8A)mkbS0fs)Ade}
zO2-nwjI<hIc=dBHo0SH3ZggikFn9a#E2!kyAAJ3^JIZ6v=5P{J6a*`04g9fV-q%h#
zfiP=8{i%O?hYw|rkLa0xDU$zrjS%Zh)sEp@W>1@)*c3ktC6k{P8I3$<Fg3;Or3NDe
zi&5gKwf~QcMi7`CrDW#jV-xSTt!FdjkDQOnHJiatkv$Ovi{*zkllqg#&+}9c%SY4T
za(A;XUAJk{#)(#e&2+|zPxmDIrUo}pi6}QZ_O$!S2l3h;t#^PArR#X=T=5T#MJ5N-
z)5{gQpktY#nyyNn#cSzLL5vS$)Kln{IwRqZ#<HNd?+NT_)bC!FFMBqCslz_;Sn0I*
zsiVzAy^$L!3mg3Psc5!LVZzc@FCxw*b`k&uMJ>|~*%*wq^jYe7aX>sVGJLVA9zp5H
zbZrIc_)V$a_+NBAZ=Z1x7zXt<FdxXc2oxD>_l}ux$T(vDN`FV}9fY(7i!l=E8XA2J
zNdJ<VDx6umW3P@f84?@c{`T_cLxix*^3xNhjXz}yvs619<beM$by9e4tBPmd7vKOI
z7~HkT|HE2`Cl0?VC|7`L#}Ok946uc;Hdzs*UDGwYSayH9!rK0LNvp1V%k>2DM7hVM
z15Y14hK4^7=!L%B{C>^U+40iu7n6sNl>Rn>A=P#KfPE=vaE(y$I;~qlb5LsT3-8dy
z;N}wF-3FBai38fZSfZI5jQ8gwg`by8Z70Ab_R<4yzsEE-eYBD>AD?)my%Y})htQSz
zyPR`N)XL}|dD<4Z^4GByvUa8&w>_JX3Hv<I?}Dq)eRV^g+PyB8?jJTrkbZyx{)+Pb
z$=6*XHZPzw14Fk+S>%)MuUIGAcb9!(L*6fKjRYPrPB$=WQ4V7_*Fk;Z!d<9Pn(~`p
zNFybmJ6<~8$?3FQy^7OR^<91b9um75bS#J1#6StsKa7c!W!DvnI;KmbOy2vYzf7g#
zQ#9TwInMw1l8~b0qZP{cLG_;>iVth@g0pYf19GpCykjrXP#y(s%-2W=M3|14y&WFX
zc9X%oLE~Zmx3eMd70>$y13yblsND=_t;E))^p5-Ah9E7Y&%5(92YzyAqqf#ukIfHA
zm1*yT&KUb1lzd-xeI@1Z!B~q2N_Iu;{t;{PQf-DS7_2r<3Yok-e9xTUwc%jp(#V|7
z)3*MMB;kFX`~_JiiTW55>1fV~py}+36XbKfY(c$hn{4bd(?kQM#x+0SlHs2Fs$n#7
z9zCCIhc0^0Exa670=vIR+}u7vAFly<4>-*3+;7e@zvi-g)|KnOh)%M?fB0PBINJyr
z5ZUwd=a+~3ifoMBLMsA!q)$#|Q%aR%HtMx{@84(9V}%>h^gEK+iW}T|@)tQGL+FtZ
z{$P<COfs<a8PSjdhVA2UI#2Ti^Ag}O$RRE+B8nIl6MI3O@kK&p0)v4d2@fWL;FF|V
z&}?Thm8)wC{g4bXXGI+gryAvzkLtzX#*9@=T%su@k}8p_9Pzaem@*-&T9_?PE9VK>
zB^_%|O@uu?XPr)6`8M>}m7;F7t%b3UGs@jCKH1j8Gx^>VwEDE&QBj9=UoKv+N4#n0
zY-*f$A>)ol=W{fYp*=DO7WfmBvVsxeP#a}g_uaBCtLXih0DCAs$p$;w$+v-ie23z#
z0wO|bWJX55IA+XvHx|YagS02TAosPVmiVTwcP3*OqQut7tdaCcxI!Nz0fh9J<)zi4
z$3J^cYIv<A_>}$k2`&9Q5f;>KC<@^eulIhbrS0&3TJ1yy%%4lWESlu@<z31K%Jf4Z
zbKo8LfJq6w4O&;9DX3vtH{G|rJT)5(g<c>+q}v`lI5;9ap&)oJ`ue~KBjW8RME)<r
z{|~Jrw$(rZYoJRA1d3>p3g7)02AYF?7={}^U^~c(MdMppsLrR@DXv{$H&38xPEkY)
zA|u@pYL%0`ap!ryj^v9Su~oZVp^}icA5kwouVGEwKm@&J^hbmw>KKqerY(m8cTfb7
zjw>G&65bZzJEhh$`s&%s#jzV^YsrSDiALyTT(e_rps%X#PvXesFw+>E$9&J^OPzeZ
z)^*!~P34HJe~5jJ%udD7=xW+ViDF7<N*fb+5KE*%TL^1{t=mAMzYufC4|~yzu#Ya8
ztCa@kg8V1*HSe~!*O~_*5VwEy1p}`kY~B&`gzWx5bg=_(7ZenLLa#i3YXzn=Z~&P`
znBgPL%xM@Ju^AeP07xV64t3F#L_Z^c{FMJNmYVkm??>=~DR>ua?qozkn~6A)H(9)b
zivIaxBuQvLu95W7E^C`ZJ!xP%^AyVwh#68duEw>L@8T0<<Ns~ZHp<YB4JT>DNt42?
zG5*U2@)llFCvIq>-W3#riFz5gWT8O(eOxhpeAfdJId_<FNxj;XBbZ%(yL{~UlY&@|
zb~<~-Qf8J`&9i88P;EgqmEc?FB}ytH3a1!<kzp()m>G<i6|=9$R#1fnw@{uv42GLf
z0!wI+uuzN1!ePzgm($ES`>6l+WIp5SM|0St0oR6Hf^R|0@gv{qJ8mfMh{=@!9TqTO
zj=?FhhWP;d%4*^@rJ93WdbEU)e7V!1MTsa0|Mroygrtg;HUodR>iT!9`FIyJOsk+B
zh<Lhu%n~MNT5RQey}XuRW!0hmB&J*IoneN=t(TC58v6hyN}CyxAUXFyZ4M?(Q4zHQ
z`FC0ziXxZ0L|FQ1xyuJ$Y01<J+AQBSLiiVQ`NQKecX+$p{AR5QSND?Q{d%-5D(5lb
zJs85|b#NbLEG&bFVPVF}s`o(de1lTtyN5P=aYZ3{G^(f6L%Q7Mu$O~%@HvCUN?Lva
z=Cs%E+oYGlKWb;6KAP2L#PVXFoQ>%}<cNB@gsN@a|B4qm#Fj|aw_|knkqa*_#eReO
z2&&t0J|lG{uOw;rQLu%5G(Qy7Vtf(Ho{*sL;KL|-=!|33R)adh*WNmL<yNAkp%a#3
z`7E(%!$zm+co2ae;;sU=H3a;O6TWa-Jge0c=SdBy2<&O!Z0$vl57G7enzR%?f0~^&
z+~!+m8D%+9P^@=m-|&5L;!L-8$wmnGnW3Cm<dTqu?csNy<0IPA{82rbp~gORKU5l|
z(}#R4H_RXXAx@ep*ar&;*UYRedaQt^Qn$@BXKGtHTNpScix+nWeOeV;HGPGghzR9C
zlTvRZONn_N#9<&|rJ6uEtsml;fV?j`3riw=Vhr4RpLf}mpsQ9pmDx+KKKu39`%xss
zbwhHGcvn?djyj1U<dwteJ1iDDuG5Fkk|#(*A?<F)A3s(JEEm3HrH1E=5tO=J#h-sy
zc6I_QFq7L{VnmEU+>Jb~hdU(Sy;pd)Tn3GiO&Vr(_<|XzwQ}COaby7(bP%c3TJVsK
z$I3@)N+n-%<}>KgG0$hxFHmCSDd?ReC1D_~QTt4-y;j?)OTtEwIKfj~gRPV8bMKU7
zy65EW<M;O6>a7`T=;MRs(p|no#?fdg$U3A+Ohj$=Xd(g15u9L8RZ{-#)^o*xO-whi
zXDvWuy|yifl=j<V+6Q?X_;PG9yc1V-dU@ZAPl@V+I;nEJX6w0yJLlNf%n+jPlB@W9
z>dsF}W?JtZ(AumKA$Qz;GoFs0NHl+S@NMmt8n1yn^goAfG}F(q=krHIUf7luH{EkG
zNNgVoWUm+dIFTB2fA2DC(;YKeS&a7EGvRQ5OufDM{`1AP8wU?Fwa|@Q^!YEgqs#uA
zj_VH8<1GSl(pG(iX5EnU@9!LFkzP=b_;(KSaUNKjeiUFyty5teBp#M{jbY>zB3-tw
z%gn=b&|1)~*R<M{JVoWOn(>ReBr%s^%*we-el9wswkve?XNl>W<^KoXKq0?P=<6k9
z&nxr|4tGCF=M^Nh#5!R3@zj}CSc7GD1=jCkQVT*al~(Qg`!*_T%CBsFzi&*WQm+<6
zTI5JX=$!W3Dl#l*MosUIuH%$NYHKlR!O}G~B1<Mygffdc1Vj?Vni*j{+^m%GVxwbY
zq<ajP(An+hfqFkC`ufTe`e{f{*7=uy(<3xoyAJUs*#Q}jZ5L<25%mhYC1H`wlHXQ#
z%B*Tbg=%ed5{q<)7TY8(k@6+;ii0;j-(*qtlsPF|UtqHP8+_Y`GIBEPCp(XADr{Di
zXz({2bLn)4RO5~zPOELIs@jp9Ij>Bz&mAQe$<J@5tHr)Z#~fyeNZ!ylGX}kNQ2>uY
zqbSy?DbVrzwZ2}`r<GQPS9g&9dg1DM#TrIJsg`0VGua?Rlf)b#`-FEh;j2leGrF2;
zNEd7%UU34kgf3XyLqa?B@$rl(Ribc2L;E-6=2YL4gc)7~r48}fJ(=|Dvnm>r^eMD`
zNXn#+&&q9j_cS?csT#bU^jKn~!r7mdGA4d%&z>#G+7u@$s+K<5BYkAfdFktnHrpGS
zD?QBZ2%Qkv=Sjt}vrLn{sdP)gZH~0(j#d20^UU8btJaU5vXe8jTFTDJkE@+lSIL(J
z&B$YJbvj1LB(b`sEIt+N%$I1Z-=BWn=*&ivGhPW(<<)qU__C2D8YG3gHRpWu&kkz3
z>g%jRa#^p6=Wb@bY*A(^c6l~d9Qfw^B;%WKEfuD5H-?wotBlH^mAOKZQ`P3nMmMx*
ztx}&MB~N6-V8SSO<I`-E?Tuo%st{l_Y79t;Q{MA9C1syv=m<YnL?tQHQujDzxZ8qW
zzA2KpcZ-D$kF1uNE@G!iQ23=3%G$%kjx&f`<{JuNm<l!icstMh-TVJHPx*K6xf{r-
zul>8Z-n6@9H2;vLv_|S@Sa!z)gXJd%xtgOqXinTk?qX39+geq=jaOf@jZ80xsfBCJ
z3({`4)d72|&=bDEQO;(u`$Dpwsj_peW4CwQ)q!@Z(<s@YnLOk4b2GiuGec{$-S2zt
z>MTb&%``)ImfYf~?$%T)^A;C-o(Yw>yA(N9RPB!SP%j40d)S=hj%~8id3&&kjN98S
zQ@ygwHTNg6-aErHao!<0dkQwx@b|ZNnA=FVdE(zE5MLLZUb9^QncdhHeQTrwPoNkr
zM?@u_&|ydi76kVODB3~yx!ZboYn5A6?rsBeW1Q>gW4yLQ<nx@0<oB7?3Vaop*Luy+
zX>D8xz|l+F#=Tp;^|~l;U~h8~tM7YaGb6pY5IJ|t$bkT7d)>ONH($G|8XW@fo7Uc@
z^$8bx6CGNL7SWTqqv`K(8LM+S9TUcsnCk(yW*2Jd#aDXnIDBT{mwvR&Z(whG-uJFF
zJGVnqadv}ySW8LWbF@27>$JHUZ(XN%4jY->?|p}N$hD?sYToaar)A_0BrI=yNl-Y`
z%IZ?8^lxvA+k1x{-Eu0NKBi{cESdyX_A4G0XRO%Gwv6jo+xD?YF9?XVT2eaL<fMXQ
z#fzKEvR$=rFCEHWa%uqGG^*eugfIvZ5kaEslUzdM1*KijP|jg`?b5uMyLR1Gwk^53
zo3`kN;K)t7N!>-Z+|0|mNz~0ctG88EPR+ThtF(c;t1eTQRTWIO?%djwcOjWhW`adh
zbuQR+6T1TH!?#s*s@%6WoVmEDk#jDo%(R8KZ3~-#=v1WUsxGM|RO!KMTgu6qp=q;I
zI2)O(3QHGLGg9s*Wh9Vv8J8(cx~i2{?$WBWRdp)v>Zv7Es;SLPx^k^4q=c%Qrs|xT
znyS01tK9Fe-*)F*)T(ZLo40M;-OSX?)vCL7PVLnScH4H_MX)aFqL`G_nsY6IRZg6S
zWn8&InQbR^GVR)PL93QaZmBtznTx4r-OWIj;%;V<lrGr2b2m3kO{XDI2$VrkK!AV?
zZ#P1&2p}<35LH8+b=Nu43ZSYHkyIk8#zj?CRa6iK1!Q24U0$b5oe+mWs7Rv*Kmd63
z!)MWO2n>+KkNNU9g`}(_@V|XubG(7hxspja-xCQecSBMEU{U^sWz;}{z=-0%_XGQn
za*2R63tDkm^ZoYlYecHAY~@zJpO<~RyZu%b-QE6XW@cq)k1ncaW_dH}UsYw@-s)yo
zJ$H9??q9PrA2TyE-uJ!ld*1ck-QTk_Gc!5wd*1iG?|a_&z3+S8_r33X-uJ!ld*1iG
z?99x}ySucz_GV^gd)4oF^D^%0s(BvJ8X6k1(ACTu06bbBA?3HpvI!>=r^SzDfs{$=
zhV<X8>&8M%q8wQWdZ|3w2g*Q+F%SR|!YVkmPtR7yWqP5m>R+d<|B?Drqc`hAJn!CP
ztCe$GV|glANm3_C&i9GK`zs3f<2C!LM-{eX);iP>+Um2fxX8M-kGts<r#9PW$R@L4
zv+o*SPy$3Yt9`Jb=A(Y0;&Kbb3Bzq6s**VU`aL4mTXNwaH*@DrkAiaO8rWWN(3Lp$
zL1Fh3G8Ga704Mzu%t;!iqgt&yZZ5<s!kr7c2hj!r7vTs`efyvTX;oAWyv8w&ZD3Ih
z)O`RN6bbl-P0m-1o!puRQ>I-U#YVnuo;T~u$F^E#Tx2lkyyGtq#o0ZCXN?v)nq{4_
z1ZZ(FtpEXWP8nEgG@!JB02&}bYeWbT8WuIAHjnJVpH-E=iHUnhzVtvnimJL)vVSzO
zy{xrj`ZlPslsY0S3%SmC_A`9`El4c|6;qeYC**tb_-=Wk#<FnOt3LfLO1c2d`REKu
zUYvkEO?nATihvOaLK~^(v;JP8rN;-ce}URK#iK-n?S23lffRnw5%G$G!St$yO^0yU
zEd6%Qw>$4VZEu~fM@Q8~Li$w&elYvjS<rEyN`+Aj(g^uxFM-{l3LPR-K-`itGC>G{
zU=0qjzs=7rWNmrYlymL@cs#tf5FyE$)*wR^<BdRwsG&7b1S$<Wg%Z`VzKreSh=87a
zj%q6ydAfsOf$$;f2ecKB6(4BdszthQx(BX3UH~E?gtq4&HpZ=I8l8oL5*6W1{~nzF
z`Pa`k+~{gxvID=vx}Q^@YjQK4P|OPNBn=1H3+*H$5Cp>*u5jL;21)fMPmf*n{fhga
zhq~$BSfR3fb$vc<dR%mjAd>*VAVJX5B(NCGL`=`R<e-V9h^nK7&aF-?Wpyq|P*|8y
z*i=zBO}4u4;f?E!8P4A49h+-&wl#?{?}tr9mk|&pSzhH4&QQdM!R(WZ7ACOKixv~x
zXkOJ6Ply`VgXh9st3wh8LNL5K>~T{?$O)mV@Av%vUVp#bqmh#HuKDY}UL<`>1}Z9&
zQ9Z<wJNx<f_ml2CG7CWv3Nl866G(p)UMMO5F~tfT-~klnLJsDa>P_BF08r28vLHko
zNRl8#C7FwnjF%~vOE>fL`u`sPkK?D^kHksq_W7TYVATXi=!*DX;4J)P-J(!)=CREg
zkOU7RHvO8}v5NjPo0)}c6fsd&k-9wW2BfJTA0`-sEJ*RL_L#H$A!1_pGr{@h$hn48
z%bAH2EM+ZZ<M_n%hc6n<@?~n<r<|IEMe8%iT86BGIM3fiCRhodSqPlcA+_6VNh4Jd
z6gkcnLz8S!Z3Suv5HzI;w5Falm30Bedfg57LsDDuk$9BVsg8K#M>fUYnJi4Pl;WDP
zmL^jfNQV;Q7Mwz2>ssGDeCPV;Kcw#jypf1|0!j98o$Cf4chjYchK=`35eAhcNfwZj
zDuPR9LSJ^@`txUaA!UfAfS6?080s)Krw|mBE+P2=sL+%_Ky}wnK;i-Cj9BB3Kd!aM
z9(T6eMNZOSfuW*Wort+lH6|?Dj~sI}Lu<P{j7*qL3@5nRb)e4K$%!@yPNd#+F!k0D
z4Xqn%=Dhy0ccY8sG?bZ#1co4_IFQ7YG$jW;Z>=bpf$w}G=HK@j`R~8qzn**!L*yZI
zfiW=$$*e=RFri3OT7&1IxMbQWT3SjHlLX>krw~wu4}ZXS!N%V|KfUYEzJDLSdr==u
z2=8(t<|5=x#743PL<oq?6;<{70MA{EySux)74KD5R784w1y_aL-TU6~9`N>Nvok7Y
zW@ctJ897rk&C=hqGdW{gs+1bg8V}+@N4P_TfIn;Y{PWMfbSS+_0367R)IR#*b=O8u
zo@nEJfpzl;9?Bm`0*nFdjv!8<AC7(sg?p#t!X%0nRXvuRXgxa6d274~AE6xQ&UpRz
zfL+L5Ipe)YtK0(IzzSOIG(5P_U;@n==s}-)otNIj#UyRR5VR+rb)hZqy?Wo*zTSHf
z<9rE1>$g9@Z2gn$p}zc?5HTtC7c#!f?19YtJxQ?#5<h43r*pLR2iXlbFo!(;$^*PV
zVE91yDa@Z_+74hjyMXFLh(4qS@_dEv4(Dlpko<r<jo@}5>KYV1ZTsIE&!5MYdQok!
z&Esl_$)clN*6BFi_pUbm`{#ar{l_u$v+i8UNYh$?<{ZI5Q}<tTj-iMsT1}zElmW4}
z*YWQhaFo)NeUlMRY)Hh@&mC>FKCBKZPr5w*`O@Yjp5NO%=4BH@Y*HcUun1(%DHjLC
z%`hJ{gx8y0y12WWb7b9`=T}^Ib<wN=k8lP_eYumBmv}(h7Ujv5T9|%G5<xrsaqI5h
zuDR|*cO2W#J@Z;H9=j{bf!Cl0rF7Y<ouZCqEy`Orb$mgd>@H<1$7$IzlhHXzPf9&F
zJGmz!P4&Kf_LZ?cWQMRb@?P|r%G||sIF>6xPe%0@&edJ^&dBP`kvp<$jU{*7?Se-s
zdC4A`6!}Wr7Ov3lXJlfdO`THY+?vbHoZ2qBO>a&rEX<c%G!QJ;U~XA}G9YLagai;F
zL~^;+d9W@jgq<vM_17iRPVpPJzE0%qVP+BrM=@~-QphEcacO~tV!44kWZ9<J7E~~_
zF|{&jVIenXiMu5b*Bg+si*1dumI*T4r6g*CODrKU0Bo?zq?X1~+et{wD_I0G)PYR0
z;ei~sM&T?hfmD#NX~GSNASDF^5C9k(<oKLVBz!7@yFOq0{w6=QOa10{%zohg`u5Ei
zUgm7~hveS5B-i&Xe*3PUj(Pd<-syQaG7x}Y6t?4v=46?fBoGq@2nB+oX8#Od<k**3
zBvs}H0}%w0L1+yIG|~|oAUcuiXx(Oc`<u)R?2F0gFypt^ub%$Cy!hUTl9sfu&)v53
znj8z5H2CJNW6aiOR2_B73wAXYb5m@?KyZPn5+F5KFI4kj(f7C6?F{%45&o^O)4#ri
zn!uaqT6f;pzkfdGePsBoNk+bfWx2O4Ez7LdW@KUXbD5JQIW#nrCQfeVwp)42HfBuK
z)c|JiHnTV0)bl-}?e0&(AJ&jC+(x{E01@2nykD4Khyu3{=uMxcx!!ep{p9T<WzJ0O
zxwC5V&j-fQqUma?)loEdG(4=^$-2&+btRHgr8w&W0|r2dU;}#3-aD7yo%_FK`}G=`
znVFfHnyqRP@&c_`p1peY>({T(_5R=2%=J^x=j+%W+k@Xc?n(Y_(sQ3bcIch$Y+J-j
zp*4iEv`pT7-6KuyhVnCh_~c15lF)|_3T8unw*DrBP0nE54MOvciWSo7Ov&bfbe_SX
zf8q#kcQKq*Rh5<+`!yp;tWBvjy4ForEX^_yh_nnL5fC5<Ph<0+pTF`%D<mO-{qyo+
zPE8|ytz$1AcEpur389rGvLX5V?mm8(vnUzm>?l~!>;6^GzhH5VPuimBhynzLQb+xx
zPGdO6TqA=5!z@I^kpxQB4#0EgX22%CA-wTrL(|TA{*Htm1mOq2bD>!sE4i-r1>4A>
z;U}(pa6@>Tp|>u$;Dd)$<p-ZS&B+)xNb5*&ZE7}$pB^|NxNe8n*L#C>?#BW9#;Pp2
zQF9Ec%w;nyw7-rrXj?c$CP<Og@!u2c9Lo9mw_<9tZsH(Ba6!6*&Loft02l^RZ<$wF
zTDH}6*2$r)EUKD^y}oWE+?&y4JJ2+9Q(*YxbdzZ&(oHl&zBWURh+-Z&?_j%z!u#_=
zy60tg;<wj)0vtRDXioMw6L#eK<BP`xoOR5T<RZ~^k(Op*N@p&G-NAI!uKO+x?X_z_
z^`JC2f+q(R7P^FNGa33u#kbq+)xdy0*LrWg_PzS<?s?>=4H+4dNo|Va8|`{{-3I;h
zftkk*(0bX#9B4;IQP#90r8JJ*XctQ8U1S$5G?SLw18L1B;lH-%H{K24>%E0^rqi;!
z8*jLd$Zu0l=>4i3+=?;X)YxdQmoe4bt2q(jVvA(~AW-}8y7P`JUTb`N#~H@g%;9i{
zI==0)9va19lLX@w#5B`I6-^Bu4?TCV8a@W>wS$078B;uQ=8-t#2uIxI3fH|Ebsc-b
zv7t5JIw(NEVYkb$Si%4#XO0*Z5E*0WBta9`O5NOO+nZd7<#em7m(K)9Bm!JO0096X
z1@k{Xdf%D%ZJL@_@n25q&AdP-6|@Fq`E?KkcnB5%&_E;5DxkF%s*0%KYwv4gUeUc{
z?ha<dfu~C*VB8=mfE!DC*l+_sI{$2FJa0pNK(jj=--UIDbm%3ODZ(u8?E(a4pkxVh
z>|=9q*6mA$LAi7aqOc|^PH}|Y2Ls<d?_mB8`NqeZ*86O0=e!(ejx)gV&O3xd!)UOO
zN|TC)siKsKh$@3Ao_zV|-b0Ut?;iYyHwUp>Ub3@vRPOrEYX!xaf<U<$A^{>Ia{7RX
z(SbnHBO9%82*4Nzheun2VmtO&`J0w@cGo!R)EegLcP$lBM&J$yj(hVLc-MNz-Fv>f
z=R!Hw*%Q6%3gZMt48;{)iJS*r{oGyC<7*6OK5u<=fzzm**IjIBHnFqAW|1BdPJHo!
z9e`Ym@n~XbOWXp+SO)WXShj-fHLOc-<PZo1z$6ku5|AWB1h5n)F^IucMY0S!`S-7}
zo;>g2^BCgeINshhYUiE#*7rYn$fj2q9|SC6P|zMMBWPc*y5sea*XuaeINuxb$<M2C
zGGf`W5iuK)F+qWa><kJ*e$8XggnsNhC-ieX{O*kzkC>p#^~ZdHU{`~`J_@ie#3cEW
zY(+!04pdx7p0Rcb08lKzzly-SkRgwL9>LZI7)eHc;1U4uicAwSoJkpQVsThM-L>!g
zYj5%X+vGSVUr<a5onM@ZYX1LW|3pjq5bqn?7|;{L8UR+5h=GG4Br#A?LsXhgyZ5i{
zz<lGJc1UGly9`D4S~e_ZK{0@VX=c{w&@LjzsRk^GCs0CE5cAdUj2J)~wEJO<Fib=0
z5(TvYAYnQ8e!{_!%tfa|oM{j*_W;`3&pWPTy6#tVFrxO`U9Zae)a(o|o1~gaWF5yX
z<Ig{*UE~bAEXoKm0#K-md(mi>6;%+yiP!hnetYj%>-GFxb_|FXu}~T!`GODxh|0l@
zS&?<343>zG?7P2aUVwrXT-{}Q>Z4ITL)ITW7@0wl>!>qx#{T~H>#}K45Y1a6H*Pxm
z`}SYeq0ZVG8A0gLe=X`t(MCchsuU8HD{r%%-6j+m5hR0UsRm3~s4FU@MuH;*MM*Z=
zMWECg0gxe?lQ*2rxfIJvRyH!_#Zk7)l(|U4QnHDXCK*`|azG@8D1odYWj28j_gykF
z(hC?(HqtQ=gjA^w4HZm=cM(oC=#KW^zSh+g>g`wHv+LG%MBAJ+GZ!n`%f78eYZk4f
z8glcq6q&v0%k0{$Ni8@pbY+TnM(}jnt)oYRvwT&Bb;81QhgmJvZjqUmcdBP<-CCD4
z2{wq?cVlMul}^dUmAJY09iF?oT;1i2k$E}R_V@l*=F?OuF4xuycKZ~Oer&$F-rynt
zfzSbfAP^ixW#DLqN<m~HC58mTaHETTRgAF|I-Ma&Y;4~3RACVW6^|Is1Xw>^#!{r1
zB$e{I11U(F8xgT@I_$=!o$b9wyPK|1PMvC5uxq<rSk_;1Lm*|K-`Djj?nA%d@BSWn
zcmE#xaVNcPT>X;|=GsDhqT%q52m_jh`h;K2&z4`wK>DQrA$H9WF4{4G%!I{EqKX95
z4vg>Dn{WGh#U@)$@?t26f(d{k3=m^+5{wN~qT^}EeD-~Oa+H^Ac8jZ;w%ZYzj4Y|)
z2kV=tK>K~{KO7f+gs6|XnfE>CB$hRYsEB#H^2`zuq2H9Pk(Ah#S)CP(jWrzedh2}p
zG2@c)8;;C}RUl}HSe3Zb-!XQ^7mkB{=X<Uxk-}|Pku(Z$00GDp<Uoj;iY?G{QX(P?
zPE(?jX@M#e6%J+)pyFJCE{q_g2?hWFKb}AMF0<}@@nF}}c@dBX_$pukAPwq|%#8XQ
zaC|LlpROCOA<twsK?`Zq=`0+i$X(eK;FU#ikSc*86aovb_?dRr;ah5w*4lB^s@z(U
zBIUS}BNP#G+(;%W1hW=mNQ$H;VQ~mCQbgDAG^RaY@H92A;P}5iPuchIyYU&s%S`TO
zW~zpSkogir@%fLJ{k6hj6El6j{{H^{{{N5H@%;72e|WzVRf+O@_ozX#rp>Y@C}~Ct
zXA0z;=lIAel2B$<EMZl~`uoPM=ZHiR$2gG;X1?{7YP#dToK@q3KsZ4{aC7|sul2)5
zZO{`~s@Ug+TECu##7Wbs$9?zC|6I4%E;&a%amMq+A~i%u_hkSa$Or}?aVja9aSTAZ
zh=MI3l2}HpO;B4TjLa<ybw(^nl@Y53tdiJ9W&~v-E@VVyh>u=>KbigifA7=3I`OwV
zyXbx|d`<ZhGLkDYB$F(JpR|Ke?Bn*|&VKo~-Oaeq_TQZO)_J)Fq)ie;A}R&tMHI1B
z1WZHVfN|#@8;5%$X_M=(13WIY4GEvwK<}^EaSYJ)R5Ux6k&6?){22#QWbZlNq2hCA
zJp~`43OE250iLrnI(_x<{5s!=y7Shg)aXt*udcBmz=(z5kG^9N1`q@RK8Y|*H82Gf
zZm6Dp^w!7S;K7aZ8%6VzV)DdarX`kOk&Q%Ypii1~Yj#o=hYt8MaXZHl(T?+%H6h0s
zbyIDDIgYrF&2~FIup8FfV;yd7yc^0>kD(orip7T$B_(Vrhu;AE_B{9P?%#58Z@vx<
zZ0A=N+~a<aHZ)-JXi6w5l8Osfwn*^Ps-Cu(%+@13cX{{69oAZ=j6_I%LTCm;B#2)S
zgl?-YSq{&qK~jEp`RV6gKBS(b7@{J?fq?@9+{~W6O^YdoCwyRGn4b|&9f&5-guBQs
zYe0bkq#Dox=b?hyM{zl9f=njYZfsEC#}v^KNXt9##~W?8IXAf5r@|>IDjK2j1^MsI
z9=-R!esRn)^Qw;Ot?urc@g!mi1b|5-MHECH2)6z6!MVIxbGg1=jxpXn`6xeX$89z+
z1Vj=$AG;2qj|fH%C?-Bu+1dw<WZlt-GY79#6wH-T)-h2ZAP<9Dz4+4dN3lMn<)MBH
z&JpDlfIz{i2qGei9|aq~PWC-_&I8HDg^3aQk|ai^v`A?ow%n-eazP|Bbb?54hZQ(q
zI@i{{=J4K|z0CS4lfgK!hi##mqzIBu`o>J*$V8X2zI^XXmFS$e;`|K}41Qh636GHx
zi&O`nU(Y?rHnLJ4vv1?#Gnc6(f&@Z7h=J$L9=hKJd5n8kPOMg-IqJU;lXyWeK1}O$
zd7*y#L<M4<L|BnDBffE&xz_m3sMnOx!xA2%EA!LlfS-$*))}@diuN+<Q>_et(*xY<
z_v^p}G60@zpT=j_e!pMO_v?PI9BtPfb&0a8`>XI{F>IvZj1*WqGUkY*(Gvd0^13w^
z9MR|Ee%QLFLaK=Vfc;Fc_GzhMs1N!sa#x!6pN~6jw%MK@JJ)=1tKaD7D2OeI1b;My
z%OoU>%#cZ!7d?JGKcDCM{{B2_yjy<cnB;yxKR;J*<AJL+`Tf5<@11x16wBxd03}kf
z2Z*mf*6;PWn<rUch7What_-*j70Zqf-QmG`CUWj}##9K1RAR23GhVN+&UQ(v%N&!i
z<ms0nY0#VTkT5VIK}{Y4vI)9GN#)mgI@U9tTUwzYfN2FPni(&@pKNRbY?T7ZC=fOk
zNa9RPpr}z2WKx;bt}owr^Yi=t`}yAekc?3ZfWiXNXaW>KVh3F{O7n&riZeN#{ym@1
zvnX@t9?Th;cT~lGVXhcXnUNCcsJXwlu5aP$<n*EkQCpyl)84H6GbUt75+)v2P!+yx
zv_A=!h{==;5f&mMD3a@~SIftC+Ua?9)WIk%2w>Z|+?yq2vepG9q>>D`+iPxR<=oZR
zaoe49xyN*J>+K}ihb_7>h%h&GuJ-GX9WxptG=$PoOtC{16}#8m*zCCd*5-KUzVACa
zUUInL2B4;iqtM*S?h3lk6*;9XOlrN#eA9Flb@x!h_V%-n1iO){j50EX+{ww3nI-fw
zbCV#=3NI3^$5m6JPfg75L{Dtc+m=@G3s-imH66!D!?!%|WtC3^$zr7p2E%Hpkh`~9
zbm8#lCajZlXc!PSAOJKAskFcx1V-wpo9hHF1A%xzrc2wCp^H{;LDeZ4go2dB#a+2H
z&D4V1a6(o}t%bOdCAdmA7}iT`T#ABL;Vs7DKrO3#X34WbxoeEBON}Uqxk}?jOHxuP
z3<?#ptYu3`0tk{a92h>JFBF|Zg{@oP;#hyrd;R}_T`z+F%!V|G+iN%$8#^{OtFlA8
zOjL?SLYXz`MyXRWV8lQ^{nhH1xZXBiJQ@W75XB-)5FnJiv~5!u-@nghJM6_25q7s7
zjfttEq9Z>e_{F=Ev$N^R42{gujN_Rx^;P(Xd|{Jvv)*!j?6Qo%Z*FFPB0)DFrs#;<
z*{0}m2!T)0e>}#0zixZhiR?6Ya&nI5WMqvP^x(W0!?$?8f-jQbAOSL@$w*}r3TGgS
zfDA;LE^}kEj_m>5o3kcm%#uwTm%Zni6a{2~#NjcLzWMnt2CAR|p#Pcgu0JQN-;ozT
z&i(P7xa+;U>i4(ZdT;M^MG!=#R8ebJtqp3wXn&3O>VIFKpRCVvfe^B*w!6E#yQ%<b
ze*(Yh549)lwXfg5e*OFU|6k|)`gH$~@O=IXeo3PIpPvD_DJN88_&i)d3;^eyoz0mx
z0A3*(`I!v)`q3}|*VHIgdSl4yjY#OpK-q!l5dt6xfCL6+e}A@ea~VI8{B^&As+b}L
zs{jG|*(Dj2uY8n_f59kG&MJPmrM{tWpwIk@`1$*RsWVKaiIF0RNYRX<Vqu9XAgO*Y
zs47i}!4VOAYijlH`uk1uy!1;cJ@~(`*TzWGzUa!dVbzV;-+bqe1m{?a=Jw4dlRhV4
z7(fF60uf#-dEMW9=geapb-sT6L{#v`_3qyLix7}NL_4Ynp5FSWGfzJ6x6O_Cuwp{N
z2t<%c_kPPDo+CzHdXXjvO6l|ILfj8V7PkCn)XozTGHmq#$}zgPWDS%DraRf5ZMfT=
zXE=AUF4AHjUt}txC&Ym<kv8i4ea!p0t*h-`s|)f@pF*h!h#T-kWY~a+y0u<>dcOCi
z@AmIzFcV&-Gx7ug3Xu%Om<zGczZ9fRgsMG!@`J<x&k!96a!<{iBTQ}}FvJ4!Of;aK
zHehhzy9a8aQ&ZPZZ3L%Y*7DKdRS;ECUU%j^%^n=*ZE|CejdUIu;_JPEdLT`{b5Rj7
zM9|O?FcVq;3ovr5MNW!JppH=@jx5~Ed|+&*I9UDYL{Ljq+*#(s7RDbYZD#EfXy>RL
zMj}cnsN;V(v6F7K<Ier#jN4+*3FwjpL)xphPWH9)jxPGi=6NgLwewpWxc3~TCW`G^
zXmQV#5Ike7cZ>mkF@q@yDn<Fu%e6th$F6D`7z%ujy1CzOcCc-~o7`}5ztm7R=<9s-
z_MxJXhzOHp00t{GSoLNkz`_FdR6ylfK$wJKdQ~VB344(jXaGwnf_{nh^h87^z{4GO
z=y8i6qJZnk5Gak*2GXfQHtA9(2}pV%z$B0i0zoiH`IqQ=6Q29rr#rbbwbl~gu?g}h
zYLu#c5ni_Lckde4xGpw+AA*_8o2epwoS|w!MP<=}TE|e3)9c?)Y*ax=S6-{fnX}$F
zK6#=%*7(m}ak>$%!XGfJg{9fKr}%%e{{O%8_#c`6eBxJ)w(ns36TF2K)htv+OYsHz
z|3}@8jkrIfZGS%}xKM8zwtuS3&)B-G-{i0u0s!(DcN?B}&Yn2Q#&*Wj<wVsb2{yi(
z|3B;e|C9ZH$47sHi81fb)Q^)tv6cF4*Y1UDV!}y7ADXVf^UUjS?qG_kC@H9^i8LY`
z_oErn;l_-IH&xDh<0=|}JcZr>+7~d5sLLR$3$`T6nZ^k-jr9=T&7s?j37J!9F$WxP
zttS(`S&V;eWYn5&YJIe1VnDu_i_?C-cguQcNO2lLXIR0ubanHs-cER&=0n-hD1lO=
zT}Vc$3L>gx1Yz#)@Av!t{>MQ0enI(YW{9>(NPz+q1q_Fe_{`2pfm3V0bKl3`Ywy1H
zV|`Wiik%Nc0{XSX9VIOgQe=63`y0LLAAXDL@NbFnp8aC}_qaI{5X&ZGG4?h50wN*=
zQ9+UlO)(8oiKJSTm}w>$U~44?N(xPuR!Rh=+v@V^7j(OIxn*~D?r+jYA`>!=f}%nK
z5U~a^kVF#%5$CGlXV4y&(r6;ZQLkG+ji_$)*Il-r?k9Fl&_=IL+e}QDs}A<wqc?;+
zZQpF%nVHDk648BXab8n)(%R#=mdvC%ZPt{ATj`Sf60XG}lc6)+V<pLK)90%?oWAY5
zsTXLSe5}qBN2-%MuC}QS!Zep>Wzkx(K2<^>L<k%Ph#<ke=%zUi+JPMqAcRDjpe}U@
zWgNWd0g@QtHnN$>Aw>{Ku0l*ia5`cjG97l~Aw2EQ5hmp2WsJrwg@8$93^}{IaYUBl
zRw$8WZ0@wskxYo@HnkSQR#dgNmcl}bNh~Hx)|h5mt+9kcFj1nB#w|id1Yn|bce}aB
za6%l5C34lywbE*Wu=D325W_uI{<~3!?sMP2-|y6)A0IsLZrr>5_O{zTG`CV-u=kqY
zC^;ep2|<)SPcm=qK+HuVK?I18Kz7SwjMA^{R6r8yQl0STr<L4=+OoVyI~F!`28f$O
z7(kH1STh97;3DRJ*}Pix^FY~GuAN|U&XTMV(t<-kW_#MA<by^hXF?*P>-_IFd;5G)
z&BEUK+X5b^z_yF>{y4+g)!lceqCG)SnKL&!FV@A5@@?fTyyTp(He`|+y3EO>l0zaP
z$`XnuT5`;yC}|!by6oS;wzXBQ|Aw>%fY5~i4OXnbKH7WY{6BQe0>d80O;LwHO-UT=
zq_7f!Iu$FSoEEjQ`p_C0`;tYQzkZ|jx%`{@sEC18O;uG@Rdi?#00-}0&>8>&(STYo
zTGN(+e}4C$-uJy9>-SVxCCBUhH~4&p5R8EPdL(HO$u#CbuzxS}L-JT869AA6<$4><
zQrYvIYQw%7)OBO3-@f*F9!@0ZtjoQbtCBUee53C^{{LU2_0NlcKc2qa*A{*&eZ_nH
zh=mc+0DgD)NL~5xN++HBmHd6vX<z&V4^b!9;`hZQ0Ad6{^VEsQNqdA(XY@a+7}{)E
z7T>GA%v<n}rfGOek!J#@tUYyb$jslE8217&(e%8r?|Zp#zHYgak-G}I?froUJ$(@X
zh=>D)$e$;AW@LT)G^omy27;(x&zR)AS0e$HOyRMXh~OZ24(|Q?@tGaBx#NvvZ5g=V
zK7B;s4UYOi#3=YCML-pCLdy(rLoqD@KD2ZTPZ~WE8o3$~a7po9j0FmBZQX?LBxqok
zbEyi&x|KdKGUpY!+l}|re`yjUzBSo5c<;uu#DVN@Bo)_}V(>os@0lcNZ`YQxN2Bw1
zLJRLs)n)DF<%KowA|emJObfjC<xC?pb-9o1M|DHxgXj_JAV34xts28Y-@-lW`nx=e
zD<R`<+}&F~@}qkWVY}R300JO2LtouDGv)j$Zg=*Md*R?mTpHV`k+p_<S~wDW@zr4G
zceskQh_FM9C)~p>(9eRTMG=&uhy%Cm@rVF-hNlP(C<w=LfCgh`yfFi-AWTsjZhZg+
z5rA!Q_2f-C&r^W6@K=Krv%9BoXd}6E2(&aPYePb+m>??~#0yeohQV?}A4gNp@}E1Z
zt`b3>pduoqv+5w2)CnbB!J$IKBlg)By+uuq?6W{<05lmnI}SU4m-Nrq?cetPHTt{r
z&pq+uZyk8oj3$aIkyJqtJpdvF{{Mfk<_rFxpFe3y{hD*tWdBy^Ris(YGiLR^*XxYq
zd)xH3scltJ$K#3pKVPrk`EdjY5e-N1v7e3k@qTPN0(Ie=@Qr!K9Q$S@*BQ>jIAu3K
zu^-T?V1QO3Rfq@>;sgNw`uF{N(Vy3pPrd5+<y}=K(g-3v&t{G{^BikjZ=P&p7Tt&9
znh`0Ys8OX|7{CESJt`_3YsZH#np{Q$hYWb6nfEQabFTMzCT9taYaWf+IuQ^YhQL69
zC-SCmuix|e{P_5B;)lOT5hzWKYaya0pw!xY{{MBZHw=bD7W{Gjd++YPb`jq6J+b$9
z!tGV&jKh){>t^Xa`!l?*;zgRdn;G2tr#vFWLLQKiU#Z#ug9J6A1+4-gMYNX98ErW6
zZLV_eYn|6X#fb$J2_@VqXlQ95g#1?a(Xt~CI;kIkRbGd8_}l_+vhMa=9ydBL<nHy)
zNxJKDtz~xewswtTjx$wc%ih(kRZ}&qi@V#LHLY%SmE1aJvpQDp36m>mJ)05~EJqvb
zo5>cgiPH10FiiJncI&>*r_>0#!t%O|f_h|SbCHvzV*p?X3Ny8RVgyWBl}>7RCFI1W
za_9;%c<au!oq2({2Ex@c1~%I)wIp)b%2`MQRK!K2T&fHz5)u+wWw_e5Kw@RM!UV8t
z;S`G?)njNijV%%sjYg><WFY~P#j9)pjwuGlUKcEyWbB8aaM3?#uAkk0%V)=_9k1@*
zmZ2w-XUIkF<*0J6q;!2~6+!@#klOy_Q&moc0W=B`i+{%VLL)xzn?CM<H&oFAc{pCu
zgeW*UqaP0MWJYV_8VZO35&(#L(gamCBQ#FSjQiCk7g^{uo>u34DykH=ba<LVG%_HW
z+$C+g5JYBj+izgaCuZHs=6dJr_mH7un~vwIuRYW0k)iTi+0JhBo6eE5?#z=nXIx0x
zSu-<3G`j>uP;Ha~Db$fhA^;!eO;bHZAHde0O}|-N_0U|NW^7l)f3Mf$CkZb<Usm{h
zp1(Hp(&uBa)byl9uL1e++hYE0-}CQ%_qaq=RJB!ARaMcUpatk?0e5M4cYojY{eOKg
z_4~2l7<)-fB!5Nj|479G4Z?*B0iezQ1Rvy(+H`cs3wokp%K$$B2O-0|u-c6dX?@}E
z-|wS{Ux)JkzanG48U>-xJNYY-pXcyYpA)a$QmM%|dLn><6g&_-07NnTh~MD%-YVnj
zbJt|zs--~U5xe}%ndykly_sI10zt2t>3W|l)f%|JHO$Y2Jctq7fC!5p03M(~f$Sg<
z^Phr3_feABMTu?@Vo3=BFe8#xR|KH7y$umnPT^21r8;!wR2Ubn_7!)B-N{XWQ&<cc
zdh^`--b|k#WimnA=Ghw=cE*YWSi<M$%ypiA8>bh~Jq?NgGQf{S4`6)7Y|h1eRKc%x
z5Ft|tD*S~qo{~Y@sn!g6+%}8Mq3Pz?WD*g8E6;*JW*txy5bnMD+W-<T<?R8yW=0qf
zb<hLU0Z<6}?00$DRd?^-vD#h)-6C<%ekY`(Jv7&;;>p%{;EA@Ws%3zPSpn050tdR~
zi_D$(b+<|QAb31>K%DvNY#plk>uk?U&7KJjIz_qBB49*db@K$iC(U=GTpdjt^S@Sz
zM<>j__qLQ?O^HfCAq+?>cCFrmV68fojZ_f3;0K~AB0hJ(y;#o|vutaAmHW=~DsFf<
z*a8d+qTTcsfS?@;9fMM?sG&qM^t5u+fkL7qPNr-C1VJF5f@Tc&oaU62eF%ZZJlXa0
zv6W0*^3Ws*gBlENP=TfZ5cmDR-~0am&)YX`=3v3>K>eV-57m49Pwm(0?0Ub@%{B{L
zU_b#>Yh}LwWC!Pe-}`Ut``Ebge^H+$yY2s_J^Q>gC)vM9GS)oM!lS>u1|md1LPYd;
ziTHe!Nk+V{+!|xndN(&}RD%7;kdKapgXjntLx>O{0g;vX_<FA<oH#*6oUEKUaLHFm
z&&!*;)<<TO2)P?u7<6QuCkc}7a%X<g>VE$JKR%n(K@p2B0AviX5Hey`JpwH#A*CUp
zo&d~=0_|1(nc*7!d)~RhU~cm6>bVnyWDOAg-u9z2uvjKNd)~<nC!D`VPJQotGsKza
zn`?dWAJ_&VB37tMq%>k=qC;^}NU_MO{m8;h2?H=D1p2z$HWh5uTTAeuUEEmk=={j2
zZSHhp$u)V=&5c#Im?U0Hs=Df)yE|sq-Q13?tXel^gdT0q+9z=hlzCaK4km{MIemHC
zTSE)I4=t;{c-h1bCCi-~?&Fm1cE?t$VvMT0+Ez0tye!pY<}P=#&@;AVmASaEWbM|m
zcBba%yS3)-WnKc6j#a=80z?8HbxcvdwT-dKhbX$<!OuC{Id*PxbUhWl0n7mb+7Uad
zfgzMhXdn@UpkT>j+(5Yq*4o(xDH$9qLR$ccR$5~%X(B=dC6TrTNn75=Sa6t}j1oI?
zj8IHsnPUPgYhu8Z1!!QHG7cpO69yF(k;*t&TF?^+iBy1y5F*eaBshQVHTz>tr4Q@-
z*CuRWw~C$rZ`;iM+j3~A_F}qlF9^D~UXYSI8BAUGj@Llg#!3@2FaaVUffFfL;r?0}
zdp8`@(}0apAM_9WOIiR84FRLl#}Lra)2V-^{VV&D|Ev83N#ie1dE@imd#9#}nU(pR
z{r;}rYLiv9dAnPI6iG5}Zu!goSG#O?#ePpBrl)pLG(fu}D{Q8$&hMf#Pzb_oxopwA
z!SmuH5IxT)d}oA*mOoHPzke(7-+?PVPBz@-?%q&YCQ+3D2=z2qxq%T0z!M<MxI$$!
z00<$|89q6xGq!u%j<P$Lb?U2cd_r!mO8w&drKCOWYQ41t<{EhuJBE(PeT_YPKh097
z&z#Jg{KpklOI1}>Rl%X5pg)}r4FN_B_JI<t&erbx`~Cj^eEut9sDH8kzarTdw6Q;u
z$)Hy0(SPxFy9Z!>8GcP~3W_G?+w*BrMCRhvho9$TAI|yY&-2&vKLGpw2mF3_e0|^P
z$UFIzz1$dR<Zbs57dm|<H#*;}e%8pf(IH-cW{_o%#DsD5-)kPo5VW9JCyPFYfFd?+
zG6s;RYteYn780)7I?|Qk7Ds{ve89^zP$O&C!Rj&Pt#^$^+n)sF=Yh!z0H}M`Pj@!*
z5P<*zBnS}@8P*Ulg>^G)(e`9(2~4T<2HLtv7kZ>XBp_fvf!#n9LLMlrLKP_W9uR#E
zXKTarmS>e-=xH5OHWWaJk?=r(7SIa4aJ48&(^0Y_8YPkkDvWAc(4l6;0ze1huVS!@
zFhcT>tyW}k&b$Sl^7Kui;2?LXWNr$y{&jn=cD$J@D)W#Tmt)|LXnEoumz1U0+76ZN
z5#Z03Y{nTQG5m#8jfH<Z%d6?nl>A;{RVY<hl$GDFP3$3@mJ0N&&`tY9d51jk;NK{}
zY0a2{0*HvBBf;=SE%?4M@^lyjer^Npg#C(OjJj$Wb7<$2Fb*SEHsS<I$(pecohK;Q
zv7%}C5x<`<ch{C{+?*J@64@JOq-<s1z#)d(p(J^x!|#r)WRD2fve&;Vdu7zA6^7}C
z3`AYe$f1(9WeYm4t=TY^A6CPuD1v+teSs!1XUg%-`mZT^r@01Rn?qy169a7zStG%i
zszxOsrW2E1y@-fHy%3lzr)*{v%>}a~3SRELt+A|xeG(NNdwcV-ow^q;XFRFr{@?HY
z{x9;Hme_&*1`voKfdqW|YC$9Hpb5Xy+OS|eeP6^xLr>P72!b+g6o62a@A+{V-&)pg
zBNhF$94C^{|2O-8zwh_l?}b!){Ldrclz#<#_`c)rc=HqBIPm=l9J734$o1&?dqj=!
zQ7UL1n~&3I0d=0TzgeK|4VBq8C%fg-Cop9)XIkPMoRBNjNfrlQWtve8iKQTjAQBo3
zx&_Qxo9_KE@F)octu5+oQ<<7gREB9F)f2n;yz}w?zu)&`-=eS}K`{BBJB--fw;*n6
zS7E<Ce;<8y;s?Y&U5Jl=8J}LKdztpW0z1z~l+g$e5h650RekF9)!m_q`{ZZSq8GfY
z?}lb(q;P>q>EOxx{A_d2IX}Hni3BZDzu+tqVx*4s?b9vWI_1>m)ynQ}5~oZv#KjV+
z<z`sRZddGi{gLafw&Qar-GL$VEd@l>!}f~-)Kx|TDz?oGS#~5E8Sre)s~1bMl&zD9
zP88lz$vbsttCDy(dqzCma=2)!rFE%Yybkr%gPGRG-OSrlCY}wYb!T~&*#mGp8nA=5
zr#a_Ss|R}M)@B-=8H%fqCC3Kj+|m_x(pi&LImY778C;aQ5IO)1zzN9KVnKi+XSS)<
z8UjXzWL~y6Czm04r!2*7V%-vxY>}i&Fj7oLl`z^iNl@5=BPkk25NZRonI`<dhqt$$
zyyk0L=Xw1#e)E~iJ?tH9>c73KvtJ)q!&2uo>Fyf#GWme>-J~umAdMch3qZ6$1Lfmw
zHik}!l=BDz1VID}Dt&JIeYLwxZswFR$tfOH?-kh@oYj#G)Ax-E^Y&8xmK7!Ao8;7`
zSs9tR{k8TG7seYkLU-bGh8_4ue@rGeW3zzYN~Kp&uJ>N{N=XDiC}jP9%+)(K#lVs&
zFhZh<3b;TF?HSfEWW$|fKAI#iDTrj5CnTAd8zxCLmzBj!$H>g`Bc{))i{5jOqz|>f
zpD!GE6mRA<NkVQe#?Pl6?+oD-XdoyeAfN{d3|LmAxb8(>Mx>~S!Ro52s;a6e05z|`
z2DMxv`V4n>d;Y(#>;3)u1N-)S(xVgzf&Sm?{1OFM_P*924VeT<L1r3?ADI_Btk?U8
ze1CWEz~~R~{U$$i{K@`*KbO7^x*8t-$7iwp@o(-wl#qIw`}lK|4i|;~X04mwTgtkG
z59%a2{^k#Ke|G*p@J;=E-+i+E+&;?|(3zi`Bo-$mNX(fR00{N~L%=?Zx(r(KcD75h
zl)ozz<f7?_c|m9pAOZIR3t^Yk717o-FF1V<E$?b9%ctTp;u&~^>slJ{QF{#z19A-T
z5G@LPyDjYD2!fzuX+9H?%EL9kbSb5Ofxw6p*(258AeT)0nHq-Bq$Za(C1crGLt|bN
zg(0*PUL1JfBrh+!!;0&NwWc`KeQS-q`*9ohhOS*-u2M`s6I@5|3?~ONeNcp`aqVkB
z1iN$yx-;ju#~RSnDj-ck>jxIOTd+C^MwAe~??>Y_W+N^~pcb?ZF2=UPj9!R&`)U-R
z+L;Xw-mj+nP1u+2#KBPM097O#dRpk_%$(5nV>!DgJ*pDBadn}f{Q&ibL_<Lv0t$?N
zAhHQ2B#lmI3<K602it1I^Z*95)vgwt*AAvE-=l1)Yun=Xu4?(>dMqddh!G|rK>J|B
zllDG}A2R27T$1o{R$#37P2Q2=r*ynzz@xRpn;w`4=dr2%pv6SGs`_kOfCU(V1N;8{
z|9{`>{O{}Zd7jIy&G)V}FXH$Y@$P>p5`JMV-oNKS00nezw)Dt0f29igf5H6o`4u1U
z`~JUwzVoC9KUe&F^huw=pfBMFq)X7e{)jOO|6qS#N1Z=C9r;{9m;Fb{-<rk=&3GQK
z3GMG=-@mjteg+ZV<`y6n07OXy$I_or*hO<ix09~_Uil9Wc!X==avm#k8H7TYRVD6!
zR`)?f#E}}IN(ciqs)U~v6d9VMar)}c4GVtfxikF#Kh51g-~-v8nUg<Itq?zy0-2ea
z`|OFUI?$@AXW5YEfz^8c8Pm6H$G?9(aGUVSB1C@vqS;CLNR?LBT1j=)bduR6PMf5b
zNq48L?X9iXcRLPccXFN9Ov2c=FFqiOY*Q5~vdoGIN)R#k!2do@ZO`i_mBd2HIO>2D
zi2ZNS`7vRNlcRRCXvGeq5B*2Sx=p`1US?o(<k-BbP1N}}GHqTUiA24rw(xPy*T9U+
zO?P2?GIrKISnIo3r&q%S;Ks<eGnbqwbh@tE;W8<4c)CWnDdk^o?`WP_J1Smtyf(tS
zVQQMZt2D+nsq>=c1(`LS^S-mb=REJu{O$m}K%<C3z)C8t#9@eyjdn>!U_?nQ?0{)$
zr_xO9M{V=Y+wN@S49UkhQ>|fhAoacni!n6xa(J6J8B`;tFoxPg8tJwsJy~VzI<=ib
zaE4i}j<7_;lty%K7<bH;yVbDL)e74!%3az`&~~U>a_hZvX|8ePt=o>X#oMjs*}4=V
zs9lWG;ilcv(br21)}dl<<<O3>mscIoWDwX#td0f-6A#-nB=OPv68*pJ+6B#jgZvz_
z9gW)m9(yylJF0!{%?oz#b2~q<;@9Y_sDbN~YwJYxi^eb5Hg(EARd|c7JYwTqO~-h~
z39hDJ@0Z_YjjzqUpWSKm{Fh%7c)UIDl{vVP$?ioH@X=9JxNRHpj1V5aIU+(T;_wjc
znK2?f8m9*oZT;-)*#lmx;WGQlv}xf>k}k469e0VFTZBh~gr6Upy^IsSFD(<{8=QF1
z@;ao;Q$iJ*7D#rCFP#xl)N?1|W@<*ihd6=x-0yd9-OCNKApk~cqy-`u6|C8|-rT*T
zh+}MB)?(C}Qm1WZ{mN6~CM(ve^$))by9KiC?B`!tp#(;K0FX!`2s@<5lR6Td03aj?
zg2{?>y);XqmSgkhtfPFF3r;(Gj_iZzSX6e&QelD>S3gDt8K&w0!59d~HYHEc7(}0o
z%=4<&1Z<5No1E_V*U}CFu!4XL40s?20s%pVf*c40L6fn9MO}y6f;R;m`CLc1leqNN
z6eG_1CYq(WUHBH2$PJn38U%4l+wl`3wb!sUJ99NuhvY!<NP!R{i@7b$N@z@pnF0h&
zOeDb&1Ooy9qJ>Y2-;v=HiyjH8W9VU48pdwH4)gE^{&JVu;y*IKBv9&|EQvOFWpvb4
zWl*fy2=Ucf^hg8e&+@#Vzm16e^?f?f6EicpnVDb!8UTL)0iXx?V8|4N)g4tmSNr|`
z{u&?03-x}{5lF=ojpEqZ0!?d8kmbPIG1+1Xw(>hMhW}zlgy?^4Vz>9~2$xV_W{aQU
z>C0U$ewSj#v|88S)qV{hscx*>_$Gch&9Y0jmmBs81c=I?=ksip<RSEeLH;!$5sYDL
z2y_(E2L?#Q>;j%ya}?ZQJb9=fEE0Yz-`V_q9L<V&{-rheZkox|;vyqVN1%u#4MF6Q
zC=>`00()C7dN72rSL6bWZ3PJ1-$+?uV9o)u0(ZQ*IW!N)ZId%j(t?o|hL^j)s3RLZ
z<DYrDB<<c-yVGaQ{B?JHJ~;3=g7WjMn_hnXo;~CDJLcPMJD4|cN=;a#MhOvyYD_aG
zV)0n2rB(P(4`DMcudl6U{&?Z_zk|rx<o73fPz;(e-#Q&$`M){G)9wWiN2uV@Z=kw(
z(_7xi2ikL&-GDR$;TC|R6uptZ3-3T0*61XW2Xqb4IHyqU*g_r#JY93JMXmF}ik?Fl
z<uR)g;qZ~2LUV&&8hpeALhz;|3PD-P-R)k~DIpsKL1S6~t6Bhp?7Etw(F9FW$b!Jg
z6y1;$y3RN)2vo6b2!N#)VyF~`vejUnsCIPFq_i>4B8{=AQJp<W5ZI7RTWEm%MV-0t
zo1UMRI7~;a00;U{e|3M^BAKbXyEq!l-btV7h@5=ir4P^3XXz8?Qv6V(M#;v}A_2ZP
zIYGoYc--iHAJ_W-LR^YFWxz%G^zb23xxJVs*WduZHTZytU*S~uolI0SP#SB|yt_`l
z2maB^*Wf4~!63)oK?o5C!ktV+|Dad9SNzYgDNV(!mdcnwQV=2p8Y9VyYlrQ&a_jHc
zhNjs&NT1c#0hqXnI`M#vq#0rw`pF`5<607PdFQiEY5-~wbV4k`j?gP(0)pU?3!7>o
zGHtU=@uvNL{tsPq-<>^qJXBxwW5||e#u}v<gOI|EEn@6Tc7`HLVaQgpWv8UczC>gv
z3gIiVZwXn(zBdfn_eqvXgYWP0{eFMH|9|H*@4kD_J@?#m&O47gZ|*xs#u#e#KwGhh
zdYsqAp`9kKkWc258ZyVBxB1VA3;dN2;##;z1B+gI4t$7fOqPO_htHY-7jF*0eSKZ3
zc%J24%tGBq_SxGVLP|JJqW1<VRcC=mD1@J+rnFQbI7|njNdh|H+q~x=WJ0tuFRSbK
z%viZm;~Na@(RnVy-$azdb$v-rMgvQ@=(L2cY9rIjmk*Y{toUMG$s3_<lOn(WVhxJf
zX!fo380M)FrP?z6gINjKpN_k?s?uHDHZayE<n9radsJIupK<NzZLhtZ@yAYX+mC{*
zA9W_Iyz5vVe;#1MdzFjLla_?b^!lY{?zs(H`PwuG^sUucJK#Hfde)w-qub_G1b7)z
zFXP9XHMd{p@0)G_0hQQVGGY@{{eq=*wm$xhrJt(L+E!p&Mb!T`<i~bmH}Qld3;3i=
zeaf6{?Qo5N1KjFIcTdGA&+@~*k>U3;UN<GTe`@udzrLfp{jlggD*v-pSKpXa(nL^l
z|LO~U$43px%_WklZZC7bzcsl2aB*`?Z*@A8*|sUOG02Uw{}GLV1&h4ATzd}a8HKnq
zL`F7Q`+0>IQtNR$PJ#L{n7*yvdU@u)RnDa^-D!faj9u-veP(SIVp=A4R{ZZ0_whtY
zIe8IgH}j@l2Xm92YdxPA_i0di+$+WX-XEjy2#SA^fL=2`N3yhZksB+mrp>z#Ljmcp
z<9#;&w(;L3w2URwXs|ah?6P=|7h5qp*X!qS<(5TMb=rqtkcsCL$!n-{u^2+gs;YC3
zCv^~3@>kxI`<Mp1ho?K2%~2HQtxn-mrS~mjo02^XhD|34V|D$ZAice=K^F_cVg2;(
zY>-j&z?Gmybt6X5ElEQNvq9bARvIR~7*u2~Y<~3tFX#nYPfu2i`T?(M0tnQtH)z`I
z@GEbHPS)9pAtAl2x9>Wc*gWt=bk?1@eA@=bB~4!BYDaqp1!pEec-RzM?o5dU&XDqn
zLA+3k(|5kn=ujt+k}8Tq=7>WOg9%ZZARV{zWWL$epluoZ<VO9s^W>va76i*y6~<;W
z(A6?zz-A#BfOUT2U7c68FK%OxnP-1SfBya6-h7&Vsq(tpVLu;J$W_`d(4bQGk}~9A
z|Bs?e9+8pl?uLZB7nwF}JiL)TlI>X0rtsOj3Iy75OrMkRLHjoyh{k6p?1jA=MOQ>c
zacNrJoS{sIqFcmX?AtY_JJiFls&`UTupzmA_lM?ot~YDO*Gndo_*r;^Ad1guDhM?}
z8BEmi3Ogu<`4S{i(D5P8jpFhOugltVar2qyn_MdKocUCOQk)8U@7XVX@j7gyt6sp%
zsw-!TARXo86}m%RvJ@97(P+7E)%n^3X|tB7m0PRG`uQ)WoH9c_SF9N>X}Qf2t=8f`
zc#g7~GLYM^KiOXg!<bvOC~G&CBNcY$A0B4xcXrxtG*UZz|AdHhy<o0^VPBCB)Gsjo
z)WYV0nv{p3$Ys$AtzXc~%mq^$M9Du@dF7Ix8Z9=+3lxXJCtLc>Iziu>ojg`%T&8lq
z)pcPQbdSGPz6^11-Yx#7#cphycuNHqWK%K#cU=;ZJWA43d<X~GM*WOpGv!^j|FRV?
zP|vg7`rNhqDm#^b8k;kZ6Y$@d(o6AqXLGh7&4)xe>q^B+;_T~QPDG|i){@mh{of`w
zvxk2UyRaoS_^^BsWbDx*Y@)n?_@)P^X!E5M#C3a8DL-82I+vsX^Zhs1)3RT)MRBQU
zJ`-o~1inZf9El+o`z0C2H&Rw}ISW3`@7jI*8_ZYQDDQUbuuaV3CExD^oi-hnYZooK
zX=KKKO;JT{(!H02zvaF13=G{q*IYouTqm(lL0oW>OOm{g;n*!5`{Den-`#brwIk8V
za(g#U%d3gq6yNr1N^o65ORG8;@x1=h&U~=r_OVjPMA7Q5P+`_ME4+<6pdQ12L)tC$
z0#`}Lf=uibHReM-to+*`MOvmtl^3mN2JXOdhaY7%>_mY^OK>3&v(m2I9NR(Y>+(HG
z3XNr<G%};y6YOT>F7n2oD$py598F|UjW_cV7nCs=3#B|~`3~3tIjqm_l{f*L>@7+Z
z4^NBtpjD52MT2O8zssawUVF0ER}rFL{n@Shq_23GiH%D6M1TH%3jGJINa_;3N?oL#
z9S8Dt5r&sbrz66|(uJF^BEhr=btf@bD-9_e|1K>}7hV8kWKTjSNp`@y)sd;rPKm0*
zF_I4939f}PsiUQWL)BODrl#l^(_Sasr1U2spl#mdcW1YY92Lbe>~@yycfNPz#l+-&
z7gcvEE;Qo!j&zQ4mj0O1p^+yBJiat4&Kt_N5Q%zNVCTYKg3z&4uX4-l92d)XV-eMf
zQdYT!de?RiJdBPUa$|Ed?$fR~$94W(WR#ioU+K<?VHVI-iyR$rsJp_6Y7Lo#yiGx&
zmR)G8G|h!TPEQA5%I1D7*fa9jmPL=*i$12(^m^i#<DK-ThwQiY17G(>ZK$EGJ;8jC
zdY)pn^%_af+FY1JQUh3c3F=heyau_(d4Fd<{tK9j-qt%Oj5C8FL+v=Y;JIWACL}dt
zK5mKAtMBNmw0z4d)1ww5;pFB<dC*2#P4x;jRedYvE9%#|55dX$hYJVZ)hCO6RJ1qo
z+~kI)Tr--Sdz)WjFkaVRUv(C7YHAej)tQ~0k<7p=^t@U<CB}$C4GJ*G%KW3Q+88|)
zOigg3Qe*t4H=X0f2l**AlKckDqH96_g?scl!jMKH>LOMPrXdKYbqRgLh@wQ{dJS}^
z_i5=tSY>HLuu!?+pReuZG&lQa?(4N14czslR4rn-jlJg?j$`6&&sC{@EE+ApAuT61
z(Xeaz?XpZ@KgK?wvDwpn8i(!b8r8t$TK0LF312Chmb{C-7@Zx!TjSTa{;^!9LUG1i
zl!}Q!yA^k%?0cakDR6mMx{vUvVabeCpVz|6PIUs|B)xgLX%d{EgA7%rE?m`GhEX|j
zKysjb5FuOh>nomSLXP>8h)@uX3y3SsdxX7Rb-r+JT4QpRzB9vq*_3jeSIvE`sK04?
z)!kumOI0o=l<EPfu`fup>{mY2lhT%gF0-N7OpdA#dI1KLajm$63O(mF`OP2B(9J{z
zaxi7!HDZ0HOvR`rlHMj-qaQ6It$J_U`{U28j19_mwjBWxBb4zwi=oPdP^q%YN8X}U
z1Jv$)rs|q91_Ay#BAF|MkufHR=AOFuyJ|5{*EPjLdC#LO2PG$eg+eGa7ks01nQ+Yz
z7;>&HeDnZQ8$%S|6!hrKB#me#k|r*06}(4W!;Xc<dNzR6MC9R*OkIbt=CxF6==as(
z>9rRE*xPAiIPE`D7Oyzl@q(zK5Pq}R8`0k9kdJAh_^L-Xx^q+5nEEgfm}?#%<Cd`i
zMhjOVhldT_;x#XbgSe42d2b1!b9(;x8C=~QrY0b>|A>bsH(Z50z3kFB$9P|U#yfx?
zN64RT>Ro<LAk~Gq$cY60^pS$Y{3hPk3O*V`n=iX)P53vC`w+(hR?4=2Pc(Hnn0c?g
zy@J5!_Iuz5iGk;vh~4-VIhbQGZbb-j3xQY%7h|piVNLup=Li^5hHV#*H@LS@W&ti9
zuFw?Y$fme$B$b1_@wny6!Zj2B)-0(UzF`>brh_NPV>JI$-#5{yuzv4Mw-=xZ#`GdY
zjm0$TrhBT-Jd9e)5OXaD#&^G`uL1(<W8wek6`KkL?^=MVygrR}4zkc#n|25Q5mESS
zUPMcxSe6_PuwcsSCoFeR$>`~wbkZOX;{C17`TbJc<?k7$)nZW^*w4A`$l0e6%#%{F
z{StoMP1`{$E=nFjy{q*+s|12)9l`vG^er%7ZdaFc&MybhlktppHF}cP3FTDT`KKQU
zp&*{on~{LNvQH|KP4pZ_>2o!BX_=CNrSE|>Op9G3T+NBFl@)e%!iY6zB=wfRi)f9L
z)7A(cFY}kkLiHSj$fDk04iXh4JE6LX=}4)s*$6ts%Q5MBWcjwIwWdCcc>ONt3N|Zp
zuprHCQ!lfj(Mu1@eK9a?I_9t4t{#Hn049H`;-V|X*Dm3^X$>U1Cb8z*YlUNh!et0a
zt2#H1pF7f6OW#4Az1NXKV;5*GIj$K+Mmv4qxi{p#{T*?O62Z+c&Vcxn%xyvaqw!?2
zE^R@~v1r}Vuklids{tZ)gJUA6;L{)s$n{1k#>EI_WCR-z8yXMkd+Y?RWYr$$kQxKW
zACyd2cTeK(IN#*7wd_3DK1bx|{A{vv7dm&qap=q1?-~4dLy4k)H{}-Kh5`d}0|-;%
zEduFT(?bM;#}ylujn?$r)+YrIApL{*$9{CjIiS(bj)J<r8Ki(&pXEHMZ8BjIhr^&9
z0Cy~(0zzHlz?*kCeSL%D1s&Am<NcZxm)krMDaI7f?Clw}Sy^G~c`+9+dZt9NSzN_8
z?4Z-QN-M?GMq=$iZ6kz@(38C`=qeVAjSJ}iw&hz!KJbZ%&&`X7NPL~s858Z4R}*-h
zR~1ZO1yatXgHc?=wo<D=p3(9$a)Uw>sHmU}cd!g>kgpJ4kjnk5I1NV9_MXhAb1^(f
z4dtYzx45jdt8<hJg{Ufv!9{%2%pA|=(yH#CaB{}7XU4^}Rib9VYN+5mf6WIhwp9?L
zZi>UL1lSt4`8GC9YrJ%6D)%9iNsn5rWsi8v|H|s#y!yK>n~$eJ3RdVqxtKdj8}wQc
zB~(#l($IBDC!ivX`BU5~W!KFFX1MR0T78FYRAAWlxn(ukWa%(6-(n-n4%p+yut9v#
zi({Jjm!HV=est4CBg}>`CvU!%3zrCrpAMCe4~&R^ngp%vglw}q>1{DVh9Q|8z@vS>
z+)p(3;B02PziW@*X5i8W08w!bpV$rt2O4G`(I57j+X)zD#BSCR+)qHCG#nFo(6_HV
ze=s<OD|2a(kz6q-n<&APu1f?N%TK&)UBCAh%}%A2!^o@lA%QQ`qkC_P;jqk$`sXdJ
zN6dk?zc@c!8NQ5SyYcwwd9Ahm0Z2Z{FIX9e30B4Bwky5!=5M5|Itf3%u_pICjjZ_f
zfa1WwPGZrIW-=go-9K|tu{A@pi_?!l^YG8WU%^C*%`EMu#g<%x;WpEcZPg;b__@$|
z)xEgCZmC=;bDUZ?;04Ta>&qXCLpq!%%_Ngus^Y+!eC(nW-vJPaq{{6I5KHLY%T>j1
zQ)Hp8U==^QQEz6WO`fl#N{+SL0rw9K5-+PRW`3FW6`C^NQxbZrbWgih>^z@?x<g6X
z@)Cq*=&v}8<8>f3@{cCs^rGkUjMDAGx{aoma(u>=Oi+YL(~|j<UGueuG#+AI#!6|&
zqXD}jyYEmB#+nKuRquD5{$0Nb56-|#^((-Jp`A|*)+y0pkN0RJu%SRkB#mp%(sjLT
zck(rw8#XpJEH<&@{&zpiEECP^*l|BEdPA4p-lr7g&K$Q4Ebkv~{K&i7aUmur`oTF)
zz0u+_tiz?bm;K9o+~){04XFinOZ&w9rY-BW4|cxz*GfF)A8IGYvpw#*6na>W`H>in
zO9(BVb;8_QMFxtek<z#b2C{O#1kWVg){}Y~vl`i>;_0pT&xPfuwwd+KU9OLa6c@^H
z&iXcS^&4KsM#awH2IPXqNO;BHVdPx)bMcstC|~&}5*kq&NTYDtQ2btiiXL%N`U(wK
zyeuuBQ03;qA?FO^-;V<~mOsxb`7Z?fA9f9z+*Z|AG2XV2q_P+fk0pH_SdUt+-ikpq
zVM|xUzR&r|vi4SoApCqvbdMDu`6bJxTq#{9YRH&0?KW&xPZe`AWxkKSjc-&lkn3K4
z%ybi};2tz@x6qyn8{!BZkCZn=CMk}^ilyiI{oYVqU*RT99=4<(FT@_-+#sbB$(q?R
z?5k$HAVGFPFbkDg0+$2$z7v?2TELjjgidyaJomkmSz&<?Qr?1SIr1R){oO*8FDH1B
zJJV-#r`@U8ZLFPqe%*Y()+w68*jcEH>klw5n*aJ5w~XOd=T;u*C1r;!>^21nVcgY)
zSROoF>WbZI^vcS2%fbgt)tt8t+boxpFY`@$Oip$r!W`1yp}ck1@i7ha2-t^*Go{Iz
zIwtFt3cKSc`oaF*ySp`?{Sp~)B?s$W(|vsg0r;5eK1Pn_mcVz2wX%w&+})Ss9^V2;
z1f=#4OJUPukz{Lxb<ok_K-$Ny<U}2HT5mMk2+a><-7@4wn$ms&b9i!Uo8K-F7ONgN
ztG}lTtTH2`p*^`S7d>~gq%SE~DGYs1=#Xn%U`v;FdOR#45@}3INxZFNY?^4MEfUzD
zI8uoBN_oTdX6t*YEi!BEs>8}G(}?t9^N$Ax6OU?Ko=n#mTRB{ReQV!!JA=iE`zXd8
zN|%r})QyYtT7%wOpyYb#I{abd(q{XC?Kh`av|V#~JKa!pw*8$~)33%IbOy$<yi9!k
zR}c-KK2+gEAMj89vg1xj$cr$WpraLrW%Ui84~dy-yth)}jFyovE~(C|y(!6mufUi3
z!^e-daa?o9doA@$W^%eW^0EDEJ*C@MOjt_I=fy4zF|rmq&ITPA5cbDTA2y(^DRMxq
z7F6mvw6?rY9da0+Y4u)<c}{C@dY8+vYf?N#E1Z{(>KOzksH{x=E8y$=Td$7aph3CK
z+LVuZ#c>Q01$O9%krk@^wry;55b>BJ>%+d;xbo(wq+lDXKvIVh*Ealq-CK*#^S`oQ
z{<Y<CzWZ6D29&o?TyK2HJb*BjtbE0gv>ON{S6?oLkTJ2}A`)sb8XC8qi$4@2oWn6$
z=@}zf+3aSx8E@H9#HQl;Hoi;;4*xb4ij1+D)riy#z8F5XfaOl&`;O0UI}QCxmJhU|
zD9xZ3WSrqhqtE<G;r-+{95MZM654XkeX{ZRq%~#T=c8q~Rgfh&70qx>)?s<wzW;h}
z!D+B;Uvt}54!nRm$8F`;-*r=TXn7&Phk{BO{^d&MK>4HU5|it@zTeCJ>=V0%?_T4&
zmiP=t>zukvy)y94dVgT%<}vyAO8*}+kH;({|H_QiZrX@DrD$ztv$5GPrXBm<&z-7B
zgj&DFOF@LA*OLd#`C?r0uHnIGnPP>c&a7V=S=rVfg04{6e5SivFrp&5MsHCVZX!S#
zmvJY~U)E48V8VPp`{|N|NEz){YavYohdecm_mnLE=Lw1@CxMaK4zb#O0zQeiKR1+=
zRYymMO7r-6za)4e(s|8*rG|_@18IHf@MI#d^heAqeIO&ivXwGY$X6E0=E`_M+@oo>
zSMJRl?=m!64DbslC(u=PFgKN&ss_V_=~q^r^%-JaWfvchCR_<#ew2kFrPr?S)->8W
z#Xulb5K6UHRr_RZZCP|%UDRU@21-ygHgqVgQlX?${?Fw%&4IHs<2JEuFzx|^q#oVk
zSaSEmw((mJ$WQ{EkCqnOXquOCTutAJk`nduw!3xL9R?xMe#zAoTpv~ZUH{tSvT*}E
zu0XRhG8S8c<L&HpdL`WEi>F6dyMNRP*Re4vzje52?ClpFtSK0&7$X2RvV9#*maql~
zD>gJA{cXVGV+nu0{3otf%MCRg>OYR<sG<d**ZS<YyV9IqpWukMY)KD1++7*S%FFRr
z{dE|1;acLnfVdzHveLpL)j6eV=*{iK$m9Y{I4YtpQ78~Qf8=<hT~!KCOXMO$;9=qn
zp>Px|LQ|wfKvg2AJ35@IH}PRUvQm#h=&&71=S_YJ{Lyt(k{t-Ts24@VT+h6k>)6P%
z*b*=`fhI8;-7ey#O=;n@?K2fj#a7u{n6zX!HAfxAKTluqZH#T78#WPv@uf|(z=V^a
znVL)Oo_Eb<h}AG_^!rR~L-V@l2d$TTi8bwnpxnAm#hH<ZpQtPr;eoLI#TNf;;`;>V
zj)sUxxrTMJf<5X0^Wqm5m&gs}XROu4rX_M`u#bNOUV(RtQ^YzzNI)u5O(i0X5e(|w
zU438Fv)Lt=20$ub5qxcDZwN~&a*v^pbh-U*NIk}(&PYex;#%vw$amb?J~itfQe}d7
z16O>zp6gRl=A%Nn$K%5wmrb?nD-5+o!V1PdN5;@&iy3OrX-3?4E~GqQXUY2_fnmuN
zHrBX@>q%C*ZD}(RoD&ZMQHq291#qdz;D1%rKNYa{KW8`sI0MAEf13Y~G9E<tFRRm2
z0SJr&*nvRse+oJf_%-N^f}vFy1qZ<yT0tP>f6{;`5eV@_6%;@V(4UP1fe;{iLpl(G
zjuO)f);>jpf&PEzh=+q!0Ldx!z`X$7zd-j-ZxW^zg!|NbMjj6+bgEJ!ssMxl_St|&
zRK>x-K(LM>2qcUGOfxzvCPr@vg5%%-VLZ@-0*#=63K)e0lsE+dIRXp;X2t<JAi$@+
zl;ZJc^8yV(ms6qX4dK8>o>Ou<fRYY=rZ><*2ULLalndw#d0P3;&S#>7QKtw%no}{)
z3;;+>cghox3IqmFfH}|RIHLii0ww@~QS`<rz=Egsvq^9Ocfhg;Mm-cD2fz)C0(#Ei
zlr`?OI0Z%|P=HZIhJf;56bOJ*2RWTB9uSS8_4GP{iVVT0TtHwH=oC)P0hDmSG5`Q{
zI56sLVxWb?0mHy35FKzaP#^%{r>8T`&Qv%>o$?17r$|7`v%WLzY4N`v2h5j<0(kuk
z|LeA=Tuw#!hw+&o#h>B+^Qbf7&xp=0z-dibxAoLJ0EVZg1mLWQ2LsK20DOAw{}0ZL
z0yOCWR{+6Jy9)l(@03UwkP88dKlKx!1xO4(wPw&kiA7D#+QH#&i#7qp7XBIq{0t1T
znwZyEau+>rg)+-xp<p3r`z9K9q3arN;X8LTRAOi%uvm6p_oyrh`Kqvr*viC;<lOa3
zNfB_Asr!SmIjXShF-}vlMI4K+w?{dK75uL{fhjX6o$fkKO_w=sn;u;37#3$S^c^xC
zPvDbF(xb;s8L2%mM&`bIY|fYYA{5Wy#7rCicE}c^>ursB_6gN?b7plV9M2?0SDZQ8
z{tYQm%p%0W!yeB;uz%}qnRC~rOrN@Hzl7Iq{k`FhY#Cqs%u#B&p&pIy)IKCNs;4Za
zNCM%^mGYX;Nu{AfL{!WCfsec0LsNWft4BIWO-p8>?DzCa#wCxZ#6=)w)9({4&HV~!
zT~RiX{I|TQkQMh(JZuQEz~p%}en>0-%Ln}W_QH>Gcb}P=!s4lhhKH}~dL0w`51Brt
zK2#g<$2UuSW4jCAJ-oGhK@EO+=23v>t;@ZBeX~anOX`Nd^@DsC0@t{&<c~<aLF}Qz
zKpH;tBsY!k{Hzdu#LOH!#s~tFYf6Y#TnPvwZ?#_UhE8`hlj?Ye7=hhXpRBgk6CECy
z-HZFpi#0d~jsq<iD;!Gqj<IGXyS&9F`1ttvMCo$V45zHDTwmNm7NN2Egj(;1GxEH8
zD@B?zH#D68qb{^i5*ptb{mzvn@Q0)j<o9QH8q8-T;PmQ1rzGvUpxVSZiF3d2mE?hL
z(`Ev~Eo0esAfVM@z*DArHm8uHRwmf)&nFQzP3HVas!Ej$>Z9BEnFcbU+33552|}X@
zc;}%ig)WBs0oXnX!8J2`B_!}Sd7nfg67donseL>yW%b@9(kx;2o*Sv&QEELUW$d;q
zu!V0BEf7F#I&A4z)Ym3j^Guyc{rs~<YDzh0EqyE(;*y>TO+GMsJe|2aMw+C?I5xLb
z3M#TH8Se8H7k*)Ge)0HA@7;`z4gEbelYq-hvqO|)W|&I)hQr_?C#Vw?3S@l~cBmd$
zf5xYfgVjY%WclroY9``ZY=TU$RXLPB3YeWHRQwb}J9&8dPq~CU<in_#zFf%A7h-+&
zMf}eXak~)Uiv)S4d0PLxqAmi7m{@FBOP{m2MI`KD?giPQ)pMK~g}BnyX?aX{<+Cwr
zz8RMnQ9K7Fm5M`8Zv-g5FEt&7(qb3-aRc_2xGwOGseLUrhx?+yTANHP4SbPesaGQQ
zu~1YZy5jG4h!Z166%wRh(lR`PI6ORjpk<Z{a>!Bdzf3y(bL0^=6}R8d)uIh8U<HM%
zB!;(MrMqe@rF|zn;*NB6;6M;*XFGs2?>~SIeHPm+sVe`D78jvSbRdvg?Xdi=kzEnd
zFZXmwW7Y>|Ru~FWS#e&ZpAFm0@qv3@ev?$3td;Q8xX;$^`!>YeyDr1`<5iI2;Sk8g
z-~1>T>&1srPnIW+0gv-aE_wG164IIjV_u?wJSpA?QS#e8JPFBOA@8qb`pM^@;6j=K
zN1pk6<kXwk{Rq~a2U@NCEMc$`i#}oW$8I)bu~ZRCXYXA_((J%Z1^FISGb$~9Fc3i|
zZ)H|-u$GmP_Q%Y>mmNe8q(rw$UK*IyoFdwk+)!M0n9)(wbLtkrkBCV%Y+?-_2if`i
z4kUdi6*>|WPmYh9D<uiRyIZkWwZ$GOzkp34BDAFR9>zPf3q+1qTu5g5*b7ZLubr02
zWDlhy1Gmsg7mW1)xbNqIV;ndZ<JE-rfa4EvYqdY)Q{=_!zk|}X(T0Bl^19sv^12z*
zhEGwcgh<kc&j7>8T`(4a!x2FJib};7pk|>BUsr~t1Bg?W04o828!%{F8It)ARR};C
Vl6@iplt)(GY(G>~bkbkF{vXHUSjYeX

literal 0
HcmV?d00001

diff --git a/tests/static/data/peeringdb_net_3333_10745.json b/tests/static/data/peeringdb_net_3333_10745.json
new file mode 100644
index 00000000..1e937b8a
--- /dev/null
+++ b/tests/static/data/peeringdb_net_3333_10745.json
@@ -0,0 +1 @@
+{"data": [{"id": 5104, "org_id": 8829, "name": "RIPE NCC", "aka": "R\u00e9seaux IP Europ\u00e9ens Network Coordination Centre", "name_long": "", "website": "http://www.ripe.net", "asn": 3333, "looking_glass": "", "route_server": "", "irr_as_set": "AS-RIPENCC", "info_type": "Non-Profit", "info_prefixes4": 30, "info_prefixes6": 20, "info_traffic": "1-5Gbps", "info_ratio": "Balanced", "info_scope": "Global", "info_unicast": true, "info_multicast": false, "info_ipv6": true, "info_never_via_route_servers": false, "ix_count": 1, "fac_count": 0, "notes": "", "netixlan_updated": "2022-05-27T09:56:39.774266Z", "netfac_updated": null, "poc_updated": "2016-03-14T21:46:47Z", "policy_url": "", "policy_general": "Selective", "policy_locations": "Not Required", "policy_ratio": false, "policy_contracts": "Not Required", "allow_ixp_update": false, "status_dashboard": null, "rir_status": "ok", "rir_status_updated": "2022-07-27T05:29:57.260109Z", "created": "2012-11-09T06:06:08Z", "updated": "2022-07-27T05:33:20Z", "status": "ok"}, {"id": 2171, "org_id": 1989, "name": "ARIN", "aka": "American Registry for Internet Numbers", "name_long": "", "website": "https://www.arin.net", "asn": 10745, "looking_glass": "", "route_server": "", "irr_as_set": "", "info_type": "Non-Profit", "info_prefixes4": 5, "info_prefixes6": 0, "info_traffic": "20-100Mbps", "info_ratio": "Heavy Outbound", "info_scope": "Global", "info_unicast": true, "info_multicast": false, "info_ipv6": true, "info_never_via_route_servers": false, "ix_count": 1, "fac_count": 0, "notes": "4 Byte ASN supported (and peers sought!) at Equinix San Jose / Ashburn and the SIX in Seattle.", "netixlan_updated": "2021-09-22T00:07:15.642546Z", "netfac_updated": null, "poc_updated": "2020-06-18T19:16:19Z", "policy_url": "", "policy_general": "Open", "policy_locations": "Not Required", "policy_ratio": false, "policy_contracts": "Not Required", "allow_ixp_update": false, "status_dashboard": null, "rir_status": "ok", "rir_status_updated": "2022-07-27T05:29:57.260109Z", "created": "2009-02-10T18:20:28Z", "updated": "2022-07-27T05:33:33Z", "status": "ok"}], "meta": {}}
\ No newline at end of file
diff --git a/tests/static/test_enricher_irrdb.py b/tests/static/test_enricher_irrdb.py
index 2d9ae57b..03dac4ed 100644
--- a/tests/static/test_enricher_irrdb.py
+++ b/tests/static/test_enricher_irrdb.py
@@ -20,9 +20,11 @@
 import unittest
 import yaml
 
+from pierky.arouteserver.tests.base import setup_requests_mock
 from pierky.arouteserver.builder import TemplateContextDumper
 from pierky.arouteserver.tests.mocked_env import MockedEnv
 
+
 class TestIRRDBEnricher_Base(unittest.TestCase):
 
     GENERAL_SIMPLE = {
@@ -64,9 +66,12 @@ def setup_builder(self, general, clients, ip_ver=4):
     def setUp(self, *patches):
         MockedEnv(base_dir=os.path.dirname(__file__), default=False, irr=True)
         self.temp_dir = tempfile.mkdtemp(suffix="arouteserver_unittest")
+        # Prevent actual calls to external APIs.
+        self.requests_mock = setup_requests_mock()
 
     def tearDown(self):
         MockedEnv.stopall()
+        self.requests_mock.stop()
         shutil.rmtree(self.temp_dir, ignore_errors=True)
 
     def write_file(self, name, dic):

From 56a8070e37378bbc133b5a1085d61b912462b7df Mon Sep 17 00:00:00 2001
From: Pier Carlo Chiodi <pierky@pierky.com>
Date: Sun, 9 Oct 2022 14:40:04 +0200
Subject: [PATCH 4/5] OpenBGPD 7.7

---
 .github/workflows/cicd.yml                       |  2 +-
 docs/FEATURES.rst                                |  2 +-
 pierky/arouteserver/builder.py                   |  2 +-
 pierky/arouteserver/tests/live_tests/openbgpd.py | 14 ++++++++++++--
 4 files changed, 15 insertions(+), 5 deletions(-)

diff --git a/.github/workflows/cicd.yml b/.github/workflows/cicd.yml
index 541a736c..679c907a 100644
--- a/.github/workflows/cicd.yml
+++ b/.github/workflows/cicd.yml
@@ -69,8 +69,8 @@ jobs:
           echo "$DOCKER_PASSWORD" | docker login --username "$DOCKER_USERNAME" --password-stdin
           docker pull pierky/bird:1.6.8
           docker pull pierky/bird:2.0.10
-          docker pull pierky/openbgpd:7.5
           docker pull pierky/openbgpd:7.6
+          docker pull pierky/openbgpd:7.7
           docker pull pierky/exabgp:4.2.7
           docker pull nlnetlabs/routinator:v0.8.3
         env:
diff --git a/docs/FEATURES.rst b/docs/FEATURES.rst
index fdcd4357..19619ed5 100644
--- a/docs/FEATURES.rst
+++ b/docs/FEATURES.rst
@@ -33,7 +33,7 @@ How it works
 
 #. `Jinja2`_ built-in templates are used to render the final route server's configuration file.
 
-   Currently, **BIRD** (>= 1.6.3 up to 1.6.8), **BIRD v2** (starting from 2.0.7) and **OpenBGPD** (OpenBSD 6.1 up to 7.6 and also OpenBGPD Portable 6.5p1 up to 7.6) are supported, with almost `feature parity <https://arouteserver.readthedocs.io/en/latest/SUPPORTED_SPEAKERS.html#supported-features>`__ between them.
+   Currently, **BIRD** (>= 1.6.3 up to 1.6.8), **BIRD v2** (starting from 2.0.7) and **OpenBGPD** (OpenBSD 6.1 up to 7.7 and also OpenBGPD Portable 6.5p1 up to 7.7) are supported, with almost `feature parity <https://arouteserver.readthedocs.io/en/latest/SUPPORTED_SPEAKERS.html#supported-features>`__ between them.
 
 **Validation** and testing of the configurations generated with this tool are performed using the built-in **live tests** framework: `Docker`_ instances are used to simulate several scenarios and to validate the behaviour of the route server after configuring it with ARouteServer. More details on the `Live tests <https://arouteserver.readthedocs.io/en/latest/LIVETESTS.html>`__ section.
 
diff --git a/pierky/arouteserver/builder.py b/pierky/arouteserver/builder.py
index 7ec45cda..74d41af1 100644
--- a/pierky/arouteserver/builder.py
+++ b/pierky/arouteserver/builder.py
@@ -954,7 +954,7 @@ class OpenBGPDConfigBuilder(ConfigBuilder):
 
     AVAILABLE_VERSION = ["6.0", "6.1", "6.2", "6.3", "6.4", "6.5", "6.6", "6.7",
                          "6.8", "6.9", "7.0", "7.1", "7.2", "7.3", "7.4", "7.5",
-                         "7.6"]
+                         "7.6", "7.7"]
     DEFAULT_VERSION = AVAILABLE_VERSION[-1]
 
     IGNORABLE_ISSUES = ConfigBuilder.IGNORABLE_ISSUES + \
diff --git a/pierky/arouteserver/tests/live_tests/openbgpd.py b/pierky/arouteserver/tests/live_tests/openbgpd.py
index 6dec01e1..7b5e6d06 100644
--- a/pierky/arouteserver/tests/live_tests/openbgpd.py
+++ b/pierky/arouteserver/tests/live_tests/openbgpd.py
@@ -617,5 +617,15 @@ class OpenBGPD76PortableInstance(OpenBGPDPortableInstance):
     TARGET_VERSION = "7.6"
 
 
-OpenBGPDPortablePreviousInstance = OpenBGPD75PortableInstance
-OpenBGPDPortableLatestInstance = OpenBGPD76PortableInstance
+class OpenBGPD77PortableInstance(OpenBGPDPortableInstance):
+
+    DOCKER_IMAGE = "pierky/openbgpd:7.7"
+
+    TAG = "openbgpd77p"
+
+    BGP_SPEAKER_VERSION = "7.7"
+    TARGET_VERSION = "7.7"
+
+
+OpenBGPDPortablePreviousInstance = OpenBGPD76PortableInstance
+OpenBGPDPortableLatestInstance = OpenBGPD77PortableInstance

From 5f874a6d547674c03701f6ca76e60a66c25c2db4 Mon Sep 17 00:00:00 2001
From: Pier Carlo Chiodi <pierky@pierky.com>
Date: Thu, 13 Oct 2022 08:01:49 +0200
Subject: [PATCH 5/5] Update docs, examples and tests

---
 README.rst                                    |     2 +-
 docs/SUPPORTED_SPEAKERS_CI.txt                |    68 +-
 examples/auto-config/bird4.conf               |     8 +-
 examples/auto-config/openbgpd.conf            |     2 +-
 examples/bird_hooks/bird4.conf                |     4 +-
 examples/bird_hooks/bird6.conf                |     2 +-
 examples/default/bird4.conf                   |     4 +-
 examples/default/bird6.conf                   |     2 +-
 examples/default/bird_v2.conf                 |     6 +-
 examples/default/openbgpd.conf                |     2 +-
 examples/default/template-context             |    93 +-
 examples/default/template-context4            |    93 +-
 examples/default/template-context6            |    93 +-
 examples/rich/bird4.conf                      |     8 +-
 examples/rich/bird6.conf                      |     4 +-
 examples/rich/bird_v2.conf                    |    10 +-
 examples/rich/openbgpd.conf                   |    20 +-
 examples/rich/template-context                |   111 +-
 examples/rich/template-context4               |    97 +-
 examples/rich/template-context6               |    93 +-
 examples/rpki_rtr/bird_v2.conf                |    12 +-
 tests/last                                    |  1584 +--
 tests/last.json                               |     2 +-
 tests/last_results/extres.last                |     2 +-
 .../live_bird_hooks_example_bird1.last        |     2 +-
 .../last_results/live_communities_bird1.last  |     2 +-
 .../last_results/live_communities_bird2.last  |     2 +-
 .../live_communities_openbgpd_portable.last   |    70 +-
 tests/last_results/live_default_bird1.last    |     2 +-
 tests/last_results/live_default_bird2.last    |     2 +-
 .../live_default_openbgpd_portable.last       |    26 +-
 tests/last_results/live_global_bird1.last     |     2 +-
 tests/last_results/live_global_bird2.last     |     2 +-
 .../live_global_openbgpd_portable.last        |   724 +-
 tests/last_results/live_gshut_bird1.last      |     2 +-
 tests/last_results/live_gshut_bird2.last      |     2 +-
 .../live_gshut_openbgpd_portable.last         |    38 +-
 tests/last_results/live_max_prefix_bird1.last |     2 +-
 tests/last_results/live_max_prefix_bird2.last |     2 +-
 .../live_max_prefix_openbgpd_portable.last    |    38 +-
 .../last_results/live_path_hiding_bird1.last  |     2 +-
 .../last_results/live_path_hiding_bird2.last  |     2 +-
 .../live_path_hiding_openbgpd_portable.last   |   110 +-
 .../last_results/live_rich_example_bird1.last |     2 +-
 .../last_results/live_rich_example_bird2.last |     2 +-
 .../live_rich_example_openbgpd_portable.last  |    26 +-
 tests/last_results/live_rpki_bird1.last       |     2 +-
 tests/last_results/live_rpki_bird2.last       |     2 +-
 .../live_rpki_bov_comms_bird1.last            |     2 +-
 .../live_rpki_bov_comms_bird2.last            |     2 +-
 .../live_rpki_rtr_example_bird2.last          |     2 +-
 ...ve_rpki_rtr_example_openbgpd_portable.last |    26 +-
 tests/last_results/live_tag_as_set_bird1.last |     2 +-
 tests/last_results/live_tag_as_set_bird2.last |     2 +-
 .../live_tag_as_set_openbgpd_portable.last    |   366 +-
 .../live_tag_reject_policy_bird1.last         |     2 +-
 .../live_tag_reject_policy_bird2.last         |     2 +-
 ...e_tag_reject_policy_openbgpd_portable.last |   106 +-
 tests/last_results/static.last                |     2 +-
 .../openbgpd76p.conf                          |  1887 +++
 .../openbgpd77p.conf                          |  1887 +++
 .../openbgpd76p.conf                          |  1887 +++
 .../openbgpd77p.conf                          |  1887 +++
 .../openbgpd77p/AS1.txt                       |    28 +
 .../openbgpd77p/AS131073.txt                  |    28 +
 .../openbgpd77p/AS2.txt                       |     7 +
 .../openbgpd77p/rs.txt                        |    49 +
 .../openbgpd77p/AS1.txt                       |    28 +
 .../openbgpd77p/AS131073.txt                  |    28 +
 .../openbgpd77p/AS2.txt                       |     7 +
 .../openbgpd77p/rs.txt                        |    49 +
 .../openbgpd76p.conf                          |  1273 ++
 .../openbgpd77p.conf                          |  1273 ++
 .../openbgpd76p.conf                          |  1273 ++
 .../openbgpd77p.conf                          |  1273 ++
 .../openbgpd77p/rs.txt                        |     0
 .../openbgpd77p/rs.txt                        |     0
 .../openbgpd76p.conf                          | 10254 ++++++++++++++++
 .../openbgpd77p.conf                          | 10254 ++++++++++++++++
 .../openbgpd76p.conf                          | 10254 ++++++++++++++++
 .../openbgpd77p.conf                          | 10254 ++++++++++++++++
 .../openbgpd76p/AS101.txt                     |   588 +
 .../openbgpd76p/AS1_1.txt                     |   350 +
 .../openbgpd76p/AS1_2.txt                     |   322 +
 .../openbgpd76p/AS2.txt                       |   406 +
 .../openbgpd76p/AS222.txt                     |     0
 .../openbgpd76p/AS3.txt                       |   322 +
 .../openbgpd76p/AS4.txt                       |   266 +
 .../openbgpd76p/rs.txt                        |   847 ++
 .../openbgpd77p/AS101.txt                     |   588 +
 .../openbgpd77p/AS1_1.txt                     |   350 +
 .../openbgpd77p/AS1_2.txt                     |   322 +
 .../openbgpd77p/AS2.txt                       |   406 +
 .../openbgpd77p/AS222.txt                     |     0
 .../openbgpd77p/AS3.txt                       |   322 +
 .../openbgpd77p/AS4.txt                       |   266 +
 .../openbgpd77p/rs.txt                        |   847 ++
 .../openbgpd76p/AS101.txt                     |   588 +
 .../openbgpd76p/AS1_1.txt                     |   357 +
 .../openbgpd76p/AS1_2.txt                     |   329 +
 .../openbgpd76p/AS2.txt                       |   413 +
 .../openbgpd76p/AS222.txt                     |     0
 .../openbgpd76p/AS3.txt                       |   322 +
 .../openbgpd76p/AS4.txt                       |   266 +
 .../openbgpd76p/rs.txt                        |   868 ++
 .../openbgpd77p/AS101.txt                     |   588 +
 .../openbgpd77p/AS1_1.txt                     |   357 +
 .../openbgpd77p/AS1_2.txt                     |   329 +
 .../openbgpd77p/AS2.txt                       |   413 +
 .../openbgpd77p/AS222.txt                     |     0
 .../openbgpd77p/AS3.txt                       |   322 +
 .../openbgpd77p/AS4.txt                       |   266 +
 .../openbgpd77p/rs.txt                        |   868 ++
 .../openbgpd76p.conf                          |   665 +
 .../openbgpd77p.conf                          |   665 +
 .../openbgpd77p/AS1.txt                       |    14 +
 .../openbgpd77p/AS2.txt                       |    14 +
 .../openbgpd77p/rs.txt                        |    28 +
 .../openbgpd76p.conf                          |  2263 ++++
 .../openbgpd77p.conf                          |  2263 ++++
 .../openbgpd76p.conf                          |  2263 ++++
 .../openbgpd77p.conf                          |  2263 ++++
 .../MaxPrefixScenario_BIRD2IPv4/bird2/AS2.txt |    14 -
 .../MaxPrefixScenario_BIRD2IPv6/bird2/AS1.txt |    14 -
 .../MaxPrefixScenario_BIRDIPv4/bird16/AS2.txt |    14 -
 .../openbgpd77p/AS1.txt                       |     0
 .../openbgpd77p/AS2.txt                       |     0
 .../openbgpd77p/AS3.txt                       |     0
 .../openbgpd77p/AS4.txt                       |     0
 .../openbgpd77p/rs.txt                        |     0
 .../openbgpd77p/AS1.txt                       |     0
 .../openbgpd77p/AS2.txt                       |     0
 .../openbgpd77p/AS3.txt                       |     0
 .../openbgpd77p/AS4.txt                       |     0
 .../openbgpd77p/rs.txt                        |     0
 .../openbgpd76p.conf                          |  2281 ++++
 .../openbgpd77p.conf                          |  2281 ++++
 .../openbgpd76p.conf                          |  2281 ++++
 .../openbgpd77p.conf                          |  2281 ++++
 .../openbgpd76p.conf                          |  2290 ++++
 .../openbgpd77p.conf                          |  2290 ++++
 .../openbgpd76p.conf                          |  2290 ++++
 .../openbgpd77p.conf                          |  2290 ++++
 .../openbgpd76p/AS1.txt                       |     7 +
 .../openbgpd76p/AS101.txt                     |     0
 .../openbgpd76p/AS2.txt                       |     7 +
 .../openbgpd76p/AS3.txt                       |     0
 .../openbgpd76p/AS4.txt                       |     7 +
 .../openbgpd76p/rs.txt                        |    14 +
 .../openbgpd77p/AS1.txt                       |     7 +
 .../openbgpd77p/AS101.txt                     |     0
 .../openbgpd77p/AS2.txt                       |     7 +
 .../openbgpd77p/AS3.txt                       |     0
 .../openbgpd77p/AS4.txt                       |     7 +
 .../openbgpd77p/rs.txt                        |    14 +
 .../openbgpd77p/AS1.txt                       |     7 +
 .../openbgpd77p/AS101.txt                     |     0
 .../openbgpd77p/AS2.txt                       |     7 +
 .../openbgpd77p/AS3.txt                       |     0
 .../openbgpd77p/AS4.txt                       |     7 +
 .../openbgpd77p/rs.txt                        |    14 +
 .../openbgpd76p/AS1.txt                       |     7 +
 .../openbgpd76p/AS101.txt                     |     0
 .../openbgpd76p/AS2.txt                       |     0
 .../openbgpd76p/AS3.txt                       |     0
 .../openbgpd76p/AS4.txt                       |     7 +
 .../openbgpd76p/rs.txt                        |     7 +
 .../openbgpd77p/AS1.txt                       |     7 +
 .../openbgpd77p/AS101.txt                     |     0
 .../openbgpd77p/AS2.txt                       |     0
 .../openbgpd77p/AS3.txt                       |     0
 .../openbgpd77p/AS4.txt                       |     7 +
 .../openbgpd77p/rs.txt                        |     7 +
 .../openbgpd77p/AS1.txt                       |     7 +
 .../openbgpd77p/AS101.txt                     |     0
 .../openbgpd77p/AS2.txt                       |     0
 .../openbgpd77p/AS3.txt                       |     0
 .../openbgpd77p/AS4.txt                       |     7 +
 .../openbgpd77p/rs.txt                        |     7 +
 .../openbgpd68.conf                           |     2 +-
 .../openbgpd70.conf                           |     2 +-
 .../openbgpd76p.conf                          |  4015 ++++++
 .../openbgpd77p.conf                          |  4015 ++++++
 .../openbgpd68.conf                           |     2 +-
 .../openbgpd70.conf                           |     2 +-
 .../bird2.conf                                |    10 +-
 .../bird2.conf                                |    10 +-
 .../bird16.conf                               |     6 +-
 .../bird16.conf                               |     4 +-
 .../openbgpd77p/rs.txt                        |     0
 .../openbgpd76p.conf                          |  1186 ++
 .../openbgpd77p.conf                          |  1186 ++
 .../openbgpd76p.conf                          |  1186 ++
 .../openbgpd77p.conf                          |  1186 ++
 .../openbgpd76p.conf                          |   802 ++
 .../openbgpd77p.conf                          |   802 ++
 .../openbgpd77p/AS1_1.txt                     |     0
 .../openbgpd77p/rs.txt                        |     0
 .../openbgpd76p.conf                          |  3557 ++++++
 .../openbgpd77p.conf                          |  3557 ++++++
 .../openbgpd76p.conf                          |  3557 ++++++
 .../openbgpd77p.conf                          |  3557 ++++++
 .../bird2.conf                                |     6 +-
 .../bird16.conf                               |     4 +-
 .../bird16.conf                               |     4 +-
 .../bird2.conf                                |     6 +-
 .../openbgpd76p.conf                          |  3741 ++++++
 .../openbgpd77p.conf                          |  3741 ++++++
 .../openbgpd76p.conf                          |  3741 ++++++
 .../openbgpd77p.conf                          |  3741 ++++++
 .../openbgpd77p/AS1.txt                       |   168 +
 .../openbgpd77p/AS2.txt                       |    70 +
 .../openbgpd77p/AS4.txt                       |   126 +
 .../openbgpd77p/AS5.txt                       |   147 +
 .../openbgpd77p/AS6.txt                       |   161 +
 .../openbgpd77p/rs.txt                        |   294 +
 .../openbgpd77p/AS1.txt                       |   168 +
 .../openbgpd77p/AS2.txt                       |    70 +
 .../openbgpd77p/AS4.txt                       |   126 +
 .../openbgpd77p/AS5.txt                       |   147 +
 .../openbgpd77p/AS6.txt                       |   161 +
 .../openbgpd77p/rs.txt                        |   294 +
 .../openbgpd77p/AS1.txt                       |   231 +
 .../openbgpd77p/AS2.txt                       |   133 +
 .../openbgpd77p/AS4.txt                       |   168 +
 .../openbgpd77p/AS5.txt                       |   189 +
 .../openbgpd77p/AS6.txt                       |   203 +
 .../openbgpd77p/rs.txt                        |   294 +
 .../openbgpd77p/AS1.txt                       |   231 +
 .../openbgpd77p/AS2.txt                       |   133 +
 .../openbgpd77p/AS4.txt                       |   168 +
 .../openbgpd77p/AS5.txt                       |   189 +
 .../openbgpd77p/AS6.txt                       |   203 +
 .../openbgpd77p/rs.txt                        |   294 +
 .../openbgpd76p.conf                          |  7608 ++++++++++++
 .../openbgpd77p.conf                          |  7608 ++++++++++++
 .../openbgpd77p/AS101.txt                     |   406 +
 .../openbgpd77p/AS1_1.txt                     |   280 +
 .../openbgpd77p/AS1_2.txt                     |   259 +
 .../openbgpd77p/AS2.txt                       |   350 +
 .../openbgpd77p/AS3.txt                       |   238 +
 .../openbgpd77p/rc.txt                        |   259 +
 .../openbgpd77p/rs.txt                        |   777 ++
 243 files changed, 162976 insertions(+), 2007 deletions(-)
 create mode 100644 tests/live_tests/scenarios/communities/configs/BGPCommunitiesScenario_OpenBGPDIPv4/openbgpd76p.conf
 create mode 100644 tests/live_tests/scenarios/communities/configs/BGPCommunitiesScenario_OpenBGPDIPv4/openbgpd77p.conf
 create mode 100644 tests/live_tests/scenarios/communities/configs/BGPCommunitiesScenario_OpenBGPDIPv6/openbgpd76p.conf
 create mode 100644 tests/live_tests/scenarios/communities/configs/BGPCommunitiesScenario_OpenBGPDIPv6/openbgpd77p.conf
 create mode 100644 tests/live_tests/scenarios/communities/routes/BGPCommunitiesScenario_OpenBGPDIPv4/openbgpd77p/AS1.txt
 create mode 100644 tests/live_tests/scenarios/communities/routes/BGPCommunitiesScenario_OpenBGPDIPv4/openbgpd77p/AS131073.txt
 create mode 100644 tests/live_tests/scenarios/communities/routes/BGPCommunitiesScenario_OpenBGPDIPv4/openbgpd77p/AS2.txt
 create mode 100644 tests/live_tests/scenarios/communities/routes/BGPCommunitiesScenario_OpenBGPDIPv4/openbgpd77p/rs.txt
 create mode 100644 tests/live_tests/scenarios/communities/routes/BGPCommunitiesScenario_OpenBGPDIPv6/openbgpd77p/AS1.txt
 create mode 100644 tests/live_tests/scenarios/communities/routes/BGPCommunitiesScenario_OpenBGPDIPv6/openbgpd77p/AS131073.txt
 create mode 100644 tests/live_tests/scenarios/communities/routes/BGPCommunitiesScenario_OpenBGPDIPv6/openbgpd77p/AS2.txt
 create mode 100644 tests/live_tests/scenarios/communities/routes/BGPCommunitiesScenario_OpenBGPDIPv6/openbgpd77p/rs.txt
 create mode 100644 tests/live_tests/scenarios/default/configs/DefaultConfigScenarioOpenBGPD_IPv4/openbgpd76p.conf
 create mode 100644 tests/live_tests/scenarios/default/configs/DefaultConfigScenarioOpenBGPD_IPv4/openbgpd77p.conf
 create mode 100644 tests/live_tests/scenarios/default/configs/DefaultConfigScenarioOpenBGPD_IPv6/openbgpd76p.conf
 create mode 100644 tests/live_tests/scenarios/default/configs/DefaultConfigScenarioOpenBGPD_IPv6/openbgpd77p.conf
 create mode 100644 tests/live_tests/scenarios/default/routes/DefaultConfigScenarioOpenBGPD_IPv4/openbgpd77p/rs.txt
 create mode 100644 tests/live_tests/scenarios/default/routes/DefaultConfigScenarioOpenBGPD_IPv6/openbgpd77p/rs.txt
 create mode 100644 tests/live_tests/scenarios/global/configs/BasicScenario_OpenBGPDIPv4/openbgpd76p.conf
 create mode 100644 tests/live_tests/scenarios/global/configs/BasicScenario_OpenBGPDIPv4/openbgpd77p.conf
 create mode 100644 tests/live_tests/scenarios/global/configs/BasicScenario_OpenBGPDIPv6/openbgpd76p.conf
 create mode 100644 tests/live_tests/scenarios/global/configs/BasicScenario_OpenBGPDIPv6/openbgpd77p.conf
 create mode 100644 tests/live_tests/scenarios/global/routes/BasicScenario_OpenBGPDIPv4/openbgpd76p/AS101.txt
 create mode 100644 tests/live_tests/scenarios/global/routes/BasicScenario_OpenBGPDIPv4/openbgpd76p/AS1_1.txt
 create mode 100644 tests/live_tests/scenarios/global/routes/BasicScenario_OpenBGPDIPv4/openbgpd76p/AS1_2.txt
 create mode 100644 tests/live_tests/scenarios/global/routes/BasicScenario_OpenBGPDIPv4/openbgpd76p/AS2.txt
 create mode 100644 tests/live_tests/scenarios/global/routes/BasicScenario_OpenBGPDIPv4/openbgpd76p/AS222.txt
 create mode 100644 tests/live_tests/scenarios/global/routes/BasicScenario_OpenBGPDIPv4/openbgpd76p/AS3.txt
 create mode 100644 tests/live_tests/scenarios/global/routes/BasicScenario_OpenBGPDIPv4/openbgpd76p/AS4.txt
 create mode 100644 tests/live_tests/scenarios/global/routes/BasicScenario_OpenBGPDIPv4/openbgpd76p/rs.txt
 create mode 100644 tests/live_tests/scenarios/global/routes/BasicScenario_OpenBGPDIPv4/openbgpd77p/AS101.txt
 create mode 100644 tests/live_tests/scenarios/global/routes/BasicScenario_OpenBGPDIPv4/openbgpd77p/AS1_1.txt
 create mode 100644 tests/live_tests/scenarios/global/routes/BasicScenario_OpenBGPDIPv4/openbgpd77p/AS1_2.txt
 create mode 100644 tests/live_tests/scenarios/global/routes/BasicScenario_OpenBGPDIPv4/openbgpd77p/AS2.txt
 create mode 100644 tests/live_tests/scenarios/global/routes/BasicScenario_OpenBGPDIPv4/openbgpd77p/AS222.txt
 create mode 100644 tests/live_tests/scenarios/global/routes/BasicScenario_OpenBGPDIPv4/openbgpd77p/AS3.txt
 create mode 100644 tests/live_tests/scenarios/global/routes/BasicScenario_OpenBGPDIPv4/openbgpd77p/AS4.txt
 create mode 100644 tests/live_tests/scenarios/global/routes/BasicScenario_OpenBGPDIPv4/openbgpd77p/rs.txt
 create mode 100644 tests/live_tests/scenarios/global/routes/BasicScenario_OpenBGPDIPv6/openbgpd76p/AS101.txt
 create mode 100644 tests/live_tests/scenarios/global/routes/BasicScenario_OpenBGPDIPv6/openbgpd76p/AS1_1.txt
 create mode 100644 tests/live_tests/scenarios/global/routes/BasicScenario_OpenBGPDIPv6/openbgpd76p/AS1_2.txt
 create mode 100644 tests/live_tests/scenarios/global/routes/BasicScenario_OpenBGPDIPv6/openbgpd76p/AS2.txt
 create mode 100644 tests/live_tests/scenarios/global/routes/BasicScenario_OpenBGPDIPv6/openbgpd76p/AS222.txt
 create mode 100644 tests/live_tests/scenarios/global/routes/BasicScenario_OpenBGPDIPv6/openbgpd76p/AS3.txt
 create mode 100644 tests/live_tests/scenarios/global/routes/BasicScenario_OpenBGPDIPv6/openbgpd76p/AS4.txt
 create mode 100644 tests/live_tests/scenarios/global/routes/BasicScenario_OpenBGPDIPv6/openbgpd76p/rs.txt
 create mode 100644 tests/live_tests/scenarios/global/routes/BasicScenario_OpenBGPDIPv6/openbgpd77p/AS101.txt
 create mode 100644 tests/live_tests/scenarios/global/routes/BasicScenario_OpenBGPDIPv6/openbgpd77p/AS1_1.txt
 create mode 100644 tests/live_tests/scenarios/global/routes/BasicScenario_OpenBGPDIPv6/openbgpd77p/AS1_2.txt
 create mode 100644 tests/live_tests/scenarios/global/routes/BasicScenario_OpenBGPDIPv6/openbgpd77p/AS2.txt
 create mode 100644 tests/live_tests/scenarios/global/routes/BasicScenario_OpenBGPDIPv6/openbgpd77p/AS222.txt
 create mode 100644 tests/live_tests/scenarios/global/routes/BasicScenario_OpenBGPDIPv6/openbgpd77p/AS3.txt
 create mode 100644 tests/live_tests/scenarios/global/routes/BasicScenario_OpenBGPDIPv6/openbgpd77p/AS4.txt
 create mode 100644 tests/live_tests/scenarios/global/routes/BasicScenario_OpenBGPDIPv6/openbgpd77p/rs.txt
 create mode 100644 tests/live_tests/scenarios/gshut/configs/GShutScenario_OpenBGPDIPv4/openbgpd76p.conf
 create mode 100644 tests/live_tests/scenarios/gshut/configs/GShutScenario_OpenBGPDIPv4/openbgpd77p.conf
 create mode 100644 tests/live_tests/scenarios/gshut/routes/GShutScenario_OpenBGPDIPv4/openbgpd77p/AS1.txt
 create mode 100644 tests/live_tests/scenarios/gshut/routes/GShutScenario_OpenBGPDIPv4/openbgpd77p/AS2.txt
 create mode 100644 tests/live_tests/scenarios/gshut/routes/GShutScenario_OpenBGPDIPv4/openbgpd77p/rs.txt
 create mode 100644 tests/live_tests/scenarios/max_prefix/configs/MaxPrefixScenario_OpenBGPDIPv4/openbgpd76p.conf
 create mode 100644 tests/live_tests/scenarios/max_prefix/configs/MaxPrefixScenario_OpenBGPDIPv4/openbgpd77p.conf
 create mode 100644 tests/live_tests/scenarios/max_prefix/configs/MaxPrefixScenario_OpenBGPDIPv6/openbgpd76p.conf
 create mode 100644 tests/live_tests/scenarios/max_prefix/configs/MaxPrefixScenario_OpenBGPDIPv6/openbgpd77p.conf
 create mode 100644 tests/live_tests/scenarios/max_prefix/routes/MaxPrefixScenario_OpenBGPDIPv4/openbgpd77p/AS1.txt
 create mode 100644 tests/live_tests/scenarios/max_prefix/routes/MaxPrefixScenario_OpenBGPDIPv4/openbgpd77p/AS2.txt
 create mode 100644 tests/live_tests/scenarios/max_prefix/routes/MaxPrefixScenario_OpenBGPDIPv4/openbgpd77p/AS3.txt
 create mode 100644 tests/live_tests/scenarios/max_prefix/routes/MaxPrefixScenario_OpenBGPDIPv4/openbgpd77p/AS4.txt
 create mode 100644 tests/live_tests/scenarios/max_prefix/routes/MaxPrefixScenario_OpenBGPDIPv4/openbgpd77p/rs.txt
 create mode 100644 tests/live_tests/scenarios/max_prefix/routes/MaxPrefixScenario_OpenBGPDIPv6/openbgpd77p/AS1.txt
 create mode 100644 tests/live_tests/scenarios/max_prefix/routes/MaxPrefixScenario_OpenBGPDIPv6/openbgpd77p/AS2.txt
 create mode 100644 tests/live_tests/scenarios/max_prefix/routes/MaxPrefixScenario_OpenBGPDIPv6/openbgpd77p/AS3.txt
 create mode 100644 tests/live_tests/scenarios/max_prefix/routes/MaxPrefixScenario_OpenBGPDIPv6/openbgpd77p/AS4.txt
 create mode 100644 tests/live_tests/scenarios/max_prefix/routes/MaxPrefixScenario_OpenBGPDIPv6/openbgpd77p/rs.txt
 create mode 100644 tests/live_tests/scenarios/path_hiding/configs/PathHidingScenario_MitigationOff_OpenBGPDIPv4/openbgpd76p.conf
 create mode 100644 tests/live_tests/scenarios/path_hiding/configs/PathHidingScenario_MitigationOff_OpenBGPDIPv4/openbgpd77p.conf
 create mode 100644 tests/live_tests/scenarios/path_hiding/configs/PathHidingScenario_MitigationOff_OpenBGPDIPv6/openbgpd76p.conf
 create mode 100644 tests/live_tests/scenarios/path_hiding/configs/PathHidingScenario_MitigationOff_OpenBGPDIPv6/openbgpd77p.conf
 create mode 100644 tests/live_tests/scenarios/path_hiding/configs/PathHidingScenario_MitigationOn_OpenBGPDIPv4/openbgpd76p.conf
 create mode 100644 tests/live_tests/scenarios/path_hiding/configs/PathHidingScenario_MitigationOn_OpenBGPDIPv4/openbgpd77p.conf
 create mode 100644 tests/live_tests/scenarios/path_hiding/configs/PathHidingScenario_MitigationOn_OpenBGPDIPv6/openbgpd76p.conf
 create mode 100644 tests/live_tests/scenarios/path_hiding/configs/PathHidingScenario_MitigationOn_OpenBGPDIPv6/openbgpd77p.conf
 create mode 100644 tests/live_tests/scenarios/path_hiding/routes/PathHidingScenario_MitigationOff_OpenBGPDIPv4/openbgpd76p/AS1.txt
 create mode 100644 tests/live_tests/scenarios/path_hiding/routes/PathHidingScenario_MitigationOff_OpenBGPDIPv4/openbgpd76p/AS101.txt
 create mode 100644 tests/live_tests/scenarios/path_hiding/routes/PathHidingScenario_MitigationOff_OpenBGPDIPv4/openbgpd76p/AS2.txt
 create mode 100644 tests/live_tests/scenarios/path_hiding/routes/PathHidingScenario_MitigationOff_OpenBGPDIPv4/openbgpd76p/AS3.txt
 create mode 100644 tests/live_tests/scenarios/path_hiding/routes/PathHidingScenario_MitigationOff_OpenBGPDIPv4/openbgpd76p/AS4.txt
 create mode 100644 tests/live_tests/scenarios/path_hiding/routes/PathHidingScenario_MitigationOff_OpenBGPDIPv4/openbgpd76p/rs.txt
 create mode 100644 tests/live_tests/scenarios/path_hiding/routes/PathHidingScenario_MitigationOff_OpenBGPDIPv4/openbgpd77p/AS1.txt
 create mode 100644 tests/live_tests/scenarios/path_hiding/routes/PathHidingScenario_MitigationOff_OpenBGPDIPv4/openbgpd77p/AS101.txt
 create mode 100644 tests/live_tests/scenarios/path_hiding/routes/PathHidingScenario_MitigationOff_OpenBGPDIPv4/openbgpd77p/AS2.txt
 create mode 100644 tests/live_tests/scenarios/path_hiding/routes/PathHidingScenario_MitigationOff_OpenBGPDIPv4/openbgpd77p/AS3.txt
 create mode 100644 tests/live_tests/scenarios/path_hiding/routes/PathHidingScenario_MitigationOff_OpenBGPDIPv4/openbgpd77p/AS4.txt
 create mode 100644 tests/live_tests/scenarios/path_hiding/routes/PathHidingScenario_MitigationOff_OpenBGPDIPv4/openbgpd77p/rs.txt
 create mode 100644 tests/live_tests/scenarios/path_hiding/routes/PathHidingScenario_MitigationOff_OpenBGPDIPv6/openbgpd77p/AS1.txt
 create mode 100644 tests/live_tests/scenarios/path_hiding/routes/PathHidingScenario_MitigationOff_OpenBGPDIPv6/openbgpd77p/AS101.txt
 create mode 100644 tests/live_tests/scenarios/path_hiding/routes/PathHidingScenario_MitigationOff_OpenBGPDIPv6/openbgpd77p/AS2.txt
 create mode 100644 tests/live_tests/scenarios/path_hiding/routes/PathHidingScenario_MitigationOff_OpenBGPDIPv6/openbgpd77p/AS3.txt
 create mode 100644 tests/live_tests/scenarios/path_hiding/routes/PathHidingScenario_MitigationOff_OpenBGPDIPv6/openbgpd77p/AS4.txt
 create mode 100644 tests/live_tests/scenarios/path_hiding/routes/PathHidingScenario_MitigationOff_OpenBGPDIPv6/openbgpd77p/rs.txt
 create mode 100644 tests/live_tests/scenarios/path_hiding/routes/PathHidingScenario_MitigationOn_OpenBGPDIPv4/openbgpd76p/AS1.txt
 create mode 100644 tests/live_tests/scenarios/path_hiding/routes/PathHidingScenario_MitigationOn_OpenBGPDIPv4/openbgpd76p/AS101.txt
 create mode 100644 tests/live_tests/scenarios/path_hiding/routes/PathHidingScenario_MitigationOn_OpenBGPDIPv4/openbgpd76p/AS2.txt
 create mode 100644 tests/live_tests/scenarios/path_hiding/routes/PathHidingScenario_MitigationOn_OpenBGPDIPv4/openbgpd76p/AS3.txt
 create mode 100644 tests/live_tests/scenarios/path_hiding/routes/PathHidingScenario_MitigationOn_OpenBGPDIPv4/openbgpd76p/AS4.txt
 create mode 100644 tests/live_tests/scenarios/path_hiding/routes/PathHidingScenario_MitigationOn_OpenBGPDIPv4/openbgpd76p/rs.txt
 create mode 100644 tests/live_tests/scenarios/path_hiding/routes/PathHidingScenario_MitigationOn_OpenBGPDIPv4/openbgpd77p/AS1.txt
 create mode 100644 tests/live_tests/scenarios/path_hiding/routes/PathHidingScenario_MitigationOn_OpenBGPDIPv4/openbgpd77p/AS101.txt
 create mode 100644 tests/live_tests/scenarios/path_hiding/routes/PathHidingScenario_MitigationOn_OpenBGPDIPv4/openbgpd77p/AS2.txt
 create mode 100644 tests/live_tests/scenarios/path_hiding/routes/PathHidingScenario_MitigationOn_OpenBGPDIPv4/openbgpd77p/AS3.txt
 create mode 100644 tests/live_tests/scenarios/path_hiding/routes/PathHidingScenario_MitigationOn_OpenBGPDIPv4/openbgpd77p/AS4.txt
 create mode 100644 tests/live_tests/scenarios/path_hiding/routes/PathHidingScenario_MitigationOn_OpenBGPDIPv4/openbgpd77p/rs.txt
 create mode 100644 tests/live_tests/scenarios/path_hiding/routes/PathHidingScenario_MitigationOn_OpenBGPDIPv6/openbgpd77p/AS1.txt
 create mode 100644 tests/live_tests/scenarios/path_hiding/routes/PathHidingScenario_MitigationOn_OpenBGPDIPv6/openbgpd77p/AS101.txt
 create mode 100644 tests/live_tests/scenarios/path_hiding/routes/PathHidingScenario_MitigationOn_OpenBGPDIPv6/openbgpd77p/AS2.txt
 create mode 100644 tests/live_tests/scenarios/path_hiding/routes/PathHidingScenario_MitigationOn_OpenBGPDIPv6/openbgpd77p/AS3.txt
 create mode 100644 tests/live_tests/scenarios/path_hiding/routes/PathHidingScenario_MitigationOn_OpenBGPDIPv6/openbgpd77p/AS4.txt
 create mode 100644 tests/live_tests/scenarios/path_hiding/routes/PathHidingScenario_MitigationOn_OpenBGPDIPv6/openbgpd77p/rs.txt
 create mode 100644 tests/live_tests/scenarios/rich_example/configs/RichConfigExampleScenarioOpenBGPD_IPv4/openbgpd76p.conf
 create mode 100644 tests/live_tests/scenarios/rich_example/configs/RichConfigExampleScenarioOpenBGPD_IPv4/openbgpd77p.conf
 create mode 100644 tests/live_tests/scenarios/rich_example/routes/RichConfigExampleScenarioOpenBGPD_IPv4/openbgpd77p/rs.txt
 create mode 100644 tests/live_tests/scenarios/rpki_bov_comms/configs/RPKICustomBOVCommunitiesScenario_OpenBGPDPortableLatest_IPv4/openbgpd76p.conf
 create mode 100644 tests/live_tests/scenarios/rpki_bov_comms/configs/RPKICustomBOVCommunitiesScenario_OpenBGPDPortableLatest_IPv4/openbgpd77p.conf
 create mode 100644 tests/live_tests/scenarios/rpki_bov_comms/configs/RPKICustomBOVCommunitiesScenario_OpenBGPDPortableLatest_IPv6/openbgpd76p.conf
 create mode 100644 tests/live_tests/scenarios/rpki_bov_comms/configs/RPKICustomBOVCommunitiesScenario_OpenBGPDPortableLatest_IPv6/openbgpd77p.conf
 create mode 100644 tests/live_tests/scenarios/rpki_rtr_example/configs/RPKIRTRScenario_OpenBGPDIPv4/openbgpd76p.conf
 create mode 100644 tests/live_tests/scenarios/rpki_rtr_example/configs/RPKIRTRScenario_OpenBGPDIPv4/openbgpd77p.conf
 create mode 100644 tests/live_tests/scenarios/rpki_rtr_example/routes/RPKIRTRScenario_OpenBGPDIPv4/openbgpd77p/AS1_1.txt
 create mode 100644 tests/live_tests/scenarios/rpki_rtr_example/routes/RPKIRTRScenario_OpenBGPDIPv4/openbgpd77p/rs.txt
 create mode 100644 tests/live_tests/scenarios/tag_as_set/configs/TagASSetScenario_EmptyAS_SETs_OpenBGPDIPv4/openbgpd76p.conf
 create mode 100644 tests/live_tests/scenarios/tag_as_set/configs/TagASSetScenario_EmptyAS_SETs_OpenBGPDIPv4/openbgpd77p.conf
 create mode 100644 tests/live_tests/scenarios/tag_as_set/configs/TagASSetScenario_EmptyAS_SETs_OpenBGPDIPv6/openbgpd76p.conf
 create mode 100644 tests/live_tests/scenarios/tag_as_set/configs/TagASSetScenario_EmptyAS_SETs_OpenBGPDIPv6/openbgpd77p.conf
 create mode 100644 tests/live_tests/scenarios/tag_as_set/configs/TagASSetScenario_WithAS_SETs_OpenBGPDIPv4/openbgpd76p.conf
 create mode 100644 tests/live_tests/scenarios/tag_as_set/configs/TagASSetScenario_WithAS_SETs_OpenBGPDIPv4/openbgpd77p.conf
 create mode 100644 tests/live_tests/scenarios/tag_as_set/configs/TagASSetScenario_WithAS_SETs_OpenBGPDIPv6/openbgpd76p.conf
 create mode 100644 tests/live_tests/scenarios/tag_as_set/configs/TagASSetScenario_WithAS_SETs_OpenBGPDIPv6/openbgpd77p.conf
 create mode 100644 tests/live_tests/scenarios/tag_as_set/routes/TagASSetScenario_EmptyAS_SETs_OpenBGPDIPv4/openbgpd77p/AS1.txt
 create mode 100644 tests/live_tests/scenarios/tag_as_set/routes/TagASSetScenario_EmptyAS_SETs_OpenBGPDIPv4/openbgpd77p/AS2.txt
 create mode 100644 tests/live_tests/scenarios/tag_as_set/routes/TagASSetScenario_EmptyAS_SETs_OpenBGPDIPv4/openbgpd77p/AS4.txt
 create mode 100644 tests/live_tests/scenarios/tag_as_set/routes/TagASSetScenario_EmptyAS_SETs_OpenBGPDIPv4/openbgpd77p/AS5.txt
 create mode 100644 tests/live_tests/scenarios/tag_as_set/routes/TagASSetScenario_EmptyAS_SETs_OpenBGPDIPv4/openbgpd77p/AS6.txt
 create mode 100644 tests/live_tests/scenarios/tag_as_set/routes/TagASSetScenario_EmptyAS_SETs_OpenBGPDIPv4/openbgpd77p/rs.txt
 create mode 100644 tests/live_tests/scenarios/tag_as_set/routes/TagASSetScenario_EmptyAS_SETs_OpenBGPDIPv6/openbgpd77p/AS1.txt
 create mode 100644 tests/live_tests/scenarios/tag_as_set/routes/TagASSetScenario_EmptyAS_SETs_OpenBGPDIPv6/openbgpd77p/AS2.txt
 create mode 100644 tests/live_tests/scenarios/tag_as_set/routes/TagASSetScenario_EmptyAS_SETs_OpenBGPDIPv6/openbgpd77p/AS4.txt
 create mode 100644 tests/live_tests/scenarios/tag_as_set/routes/TagASSetScenario_EmptyAS_SETs_OpenBGPDIPv6/openbgpd77p/AS5.txt
 create mode 100644 tests/live_tests/scenarios/tag_as_set/routes/TagASSetScenario_EmptyAS_SETs_OpenBGPDIPv6/openbgpd77p/AS6.txt
 create mode 100644 tests/live_tests/scenarios/tag_as_set/routes/TagASSetScenario_EmptyAS_SETs_OpenBGPDIPv6/openbgpd77p/rs.txt
 create mode 100644 tests/live_tests/scenarios/tag_as_set/routes/TagASSetScenario_WithAS_SETs_OpenBGPDIPv4/openbgpd77p/AS1.txt
 create mode 100644 tests/live_tests/scenarios/tag_as_set/routes/TagASSetScenario_WithAS_SETs_OpenBGPDIPv4/openbgpd77p/AS2.txt
 create mode 100644 tests/live_tests/scenarios/tag_as_set/routes/TagASSetScenario_WithAS_SETs_OpenBGPDIPv4/openbgpd77p/AS4.txt
 create mode 100644 tests/live_tests/scenarios/tag_as_set/routes/TagASSetScenario_WithAS_SETs_OpenBGPDIPv4/openbgpd77p/AS5.txt
 create mode 100644 tests/live_tests/scenarios/tag_as_set/routes/TagASSetScenario_WithAS_SETs_OpenBGPDIPv4/openbgpd77p/AS6.txt
 create mode 100644 tests/live_tests/scenarios/tag_as_set/routes/TagASSetScenario_WithAS_SETs_OpenBGPDIPv4/openbgpd77p/rs.txt
 create mode 100644 tests/live_tests/scenarios/tag_as_set/routes/TagASSetScenario_WithAS_SETs_OpenBGPDIPv6/openbgpd77p/AS1.txt
 create mode 100644 tests/live_tests/scenarios/tag_as_set/routes/TagASSetScenario_WithAS_SETs_OpenBGPDIPv6/openbgpd77p/AS2.txt
 create mode 100644 tests/live_tests/scenarios/tag_as_set/routes/TagASSetScenario_WithAS_SETs_OpenBGPDIPv6/openbgpd77p/AS4.txt
 create mode 100644 tests/live_tests/scenarios/tag_as_set/routes/TagASSetScenario_WithAS_SETs_OpenBGPDIPv6/openbgpd77p/AS5.txt
 create mode 100644 tests/live_tests/scenarios/tag_as_set/routes/TagASSetScenario_WithAS_SETs_OpenBGPDIPv6/openbgpd77p/AS6.txt
 create mode 100644 tests/live_tests/scenarios/tag_as_set/routes/TagASSetScenario_WithAS_SETs_OpenBGPDIPv6/openbgpd77p/rs.txt
 create mode 100644 tests/live_tests/scenarios/tag_reject_policy/configs/TagRejectPolicyScenario_OpenBGPDIPv4/openbgpd76p.conf
 create mode 100644 tests/live_tests/scenarios/tag_reject_policy/configs/TagRejectPolicyScenario_OpenBGPDIPv4/openbgpd77p.conf
 create mode 100644 tests/live_tests/scenarios/tag_reject_policy/routes/TagRejectPolicyScenario_OpenBGPDIPv4/openbgpd77p/AS101.txt
 create mode 100644 tests/live_tests/scenarios/tag_reject_policy/routes/TagRejectPolicyScenario_OpenBGPDIPv4/openbgpd77p/AS1_1.txt
 create mode 100644 tests/live_tests/scenarios/tag_reject_policy/routes/TagRejectPolicyScenario_OpenBGPDIPv4/openbgpd77p/AS1_2.txt
 create mode 100644 tests/live_tests/scenarios/tag_reject_policy/routes/TagRejectPolicyScenario_OpenBGPDIPv4/openbgpd77p/AS2.txt
 create mode 100644 tests/live_tests/scenarios/tag_reject_policy/routes/TagRejectPolicyScenario_OpenBGPDIPv4/openbgpd77p/AS3.txt
 create mode 100644 tests/live_tests/scenarios/tag_reject_policy/routes/TagRejectPolicyScenario_OpenBGPDIPv4/openbgpd77p/rc.txt
 create mode 100644 tests/live_tests/scenarios/tag_reject_policy/routes/TagRejectPolicyScenario_OpenBGPDIPv4/openbgpd77p/rs.txt

diff --git a/README.rst b/README.rst
index be0b5de3..9603b5c1 100644
--- a/README.rst
+++ b/README.rst
@@ -43,7 +43,7 @@ How it works
 
 #. `Jinja2`_ built-in templates are used to render the final route server's configuration file.
 
-   Currently, **BIRD** (>= 1.6.3 up to 1.6.8), **BIRD v2** (starting from 2.0.7) and **OpenBGPD** (OpenBSD 6.1 up to 7.5 and also OpenBGPD Portable 6.5p1 up to 7.5) are supported, with almost `feature parity <https://arouteserver.readthedocs.io/en/latest/SUPPORTED_SPEAKERS.html#supported-features>`__ between them.
+   Currently, **BIRD** (>= 1.6.3 up to 1.6.8), **BIRD v2** (starting from 2.0.7) and **OpenBGPD** (OpenBSD 6.1 up to 7.7 and also OpenBGPD Portable 6.5p1 up to 7.7) are supported, with almost `feature parity <https://arouteserver.readthedocs.io/en/latest/SUPPORTED_SPEAKERS.html#supported-features>`__ between them.
 
 **Validation** and testing of the configurations generated with this tool are performed using the built-in **live tests** framework: `Docker`_ instances are used to simulate several scenarios and to validate the behaviour of the route server after configuring it with ARouteServer. More details on the `Live tests <https://arouteserver.readthedocs.io/en/latest/LIVETESTS.html>`__ section.
 
diff --git a/docs/SUPPORTED_SPEAKERS_CI.txt b/docs/SUPPORTED_SPEAKERS_CI.txt
index 5ba9a7db..b4b30886 100644
--- a/docs/SUPPORTED_SPEAKERS_CI.txt
+++ b/docs/SUPPORTED_SPEAKERS_CI.txt
@@ -7,7 +7,7 @@ Total test cases per BGP speaker
 **BGP speaker** **Total** **Passed ✔** **Failed ✖** **Skipped** 
 BIRD            816       807          0            9           
 BIRD v2         820       811          0            9           
-OpenBGPD 7.5    442       439          0            3           
+OpenBGPD 7.7    442       439          0            3           
 =============== ========= ============ ============ ===========  
 
 Scenarios
@@ -17,7 +17,7 @@ Scenarios
 ++++++++++++++++++++++++++++++++++
 
 ========================================== ======== =========== ================   
-**Test**                                   **BIRD** **BIRD v2** **OpenBGPD 7.5** 
+**Test**                                   **BIRD** **BIRD v2** **OpenBGPD 7.7** 
 AS_PATH too long                           ✔        ✔           ✔                
 RPKI INVALID route                         ✔        ✔           ✔                
 bogon prefix                               ✔        ✔           ✔                
@@ -44,7 +44,7 @@ transit-free ASN in AS_PATH                ✔        ✔           ✔
 ++++++++++++++++++++++++++++++++++
 
 ========================================== ======== =========== ================   
-**Test**                                   **BIRD** **BIRD v2** **OpenBGPD 7.5** 
+**Test**                                   **BIRD** **BIRD v2** **OpenBGPD 7.7** 
 AS_PATH too long                           ✔        ✔           ✔                
 RPKI INVALID route                         ✔        ✔           ✔                
 bogon prefix                               ✔        ✔           ✔                
@@ -71,7 +71,7 @@ BGP communities, IPv4
 +++++++++++++++++++++
 
 =============================== ======== =========== ================   
-**Test**                        **BIRD** **BIRD v2** **OpenBGPD 7.5** 
+**Test**                        **BIRD** **BIRD v2** **OpenBGPD 7.7** 
 announce to AS1 only (ext)      ✔        ✔           ✔                
 announce to AS1 only (lrg)      ✔        ✔           ✔                
 announce to AS1 only (std)      ✔        ✔           ✔                
@@ -89,7 +89,7 @@ BGP communities, IPv6
 +++++++++++++++++++++
 
 =============================== ======== =========== ================   
-**Test**                        **BIRD** **BIRD v2** **OpenBGPD 7.5** 
+**Test**                        **BIRD** **BIRD v2** **OpenBGPD 7.7** 
 announce to AS1 only (ext)      ✔        ✔           ✔                
 announce to AS1 only (lrg)      ✔        ✔           ✔                
 announce to AS1 only (std)      ✔        ✔           ✔                
@@ -107,7 +107,7 @@ BOV custom comms, IPv4
 ++++++++++++++++++++++
 
 =================================== ======== =========== ================   
-**Test**                            **BIRD** **BIRD v2** **OpenBGPD 7.5** 
+**Test**                            **BIRD** **BIRD v2** **OpenBGPD 7.7** 
 RPKI, AS2 invalid prefix, bad ASN   ✔        ✔                            
 RPKI, AS2 valid prefix, exact match ✔        ✔                            
 log contains errors                 ✔        ✔                            
@@ -118,7 +118,7 @@ BOV custom comms, IPv6
 ++++++++++++++++++++++
 
 =================================== ======== =========== ================   
-**Test**                            **BIRD** **BIRD v2** **OpenBGPD 7.5** 
+**Test**                            **BIRD** **BIRD v2** **OpenBGPD 7.7** 
 RPKI, AS2 invalid prefix, bad ASN   ✔        ✔                            
 RPKI, AS2 valid prefix, exact match ✔        ✔                            
 log contains errors                 ✔        ✔                            
@@ -129,7 +129,7 @@ RPKI INVALID tagging, IPv4
 ++++++++++++++++++++++++++
 
 ==================================== ======== =========== ================   
-**Test**                             **BIRD** **BIRD v2** **OpenBGPD 7.5** 
+**Test**                             **BIRD** **BIRD v2** **OpenBGPD 7.7** 
 RPKI, AS2 invalid prefix, bad ASN    ✔        ✔                            
 RPKI, AS2 invalid prefix, bad length ✔        ✔                            
 RPKI, AS2 unknown prefix             ✔        ✔                            
@@ -148,7 +148,7 @@ RPKI INVALID tagging, IPv6
 ++++++++++++++++++++++++++
 
 ==================================== ======== =========== ================   
-**Test**                             **BIRD** **BIRD v2** **OpenBGPD 7.5** 
+**Test**                             **BIRD** **BIRD v2** **OpenBGPD 7.7** 
 RPKI, AS2 invalid prefix, bad ASN    ✔        ✔                            
 RPKI, AS2 invalid prefix, bad length ✔        ✔                            
 RPKI, AS2 unknown prefix             ✔        ✔                            
@@ -167,7 +167,7 @@ RTR protocol
 ++++++++++++
 
 ================================================================== ======== =========== ================   
-**Test**                                                           **BIRD** **BIRD v2** **OpenBGPD 7.5** 
+**Test**                                                           **BIRD** **BIRD v2** **OpenBGPD 7.7** 
 check the RTR session is up                                                 ✔           ✔                
 log contains errors                                                         ✔           ✔                
 restart OpenBGPD to speed up RTR session establishment                                  ✔                
@@ -181,7 +181,7 @@ default config, IPv4
 ++++++++++++++++++++
 
 =================== ======== =========== ================   
-**Test**            **BIRD** **BIRD v2** **OpenBGPD 7.5** 
+**Test**            **BIRD** **BIRD v2** **OpenBGPD 7.7** 
 log contains errors ✔        ✔           ✔                
 =================== ======== =========== ================   
 
@@ -189,7 +189,7 @@ default config, IPv6
 ++++++++++++++++++++
 
 =================== ======== =========== ================   
-**Test**            **BIRD** **BIRD v2** **OpenBGPD 7.5** 
+**Test**            **BIRD** **BIRD v2** **OpenBGPD 7.7** 
 log contains errors ✔        ✔           ✔                
 =================== ======== =========== ================   
 
@@ -197,7 +197,7 @@ examples, rich config, IPv4
 +++++++++++++++++++++++++++
 
 =================== ======== =========== ================   
-**Test**            **BIRD** **BIRD v2** **OpenBGPD 7.5** 
+**Test**            **BIRD** **BIRD v2** **OpenBGPD 7.7** 
 log contains errors ✔        ✔           ✔                
 =================== ======== =========== ================   
 
@@ -205,7 +205,7 @@ examples, rich config, IPv6
 +++++++++++++++++++++++++++
 
 =================== ======== =========== ================   
-**Test**            **BIRD** **BIRD v2** **OpenBGPD 7.5** 
+**Test**            **BIRD** **BIRD v2** **OpenBGPD 7.7** 
 log contains errors ✔        ✔           ✔                
 =================== ======== =========== ================   
 
@@ -213,7 +213,7 @@ global scenario, IPv4
 +++++++++++++++++++++
 
 =============================================================================== ======== =========== ================   
-**Test**                                                                        **BIRD** **BIRD v2** **OpenBGPD 7.5** 
+**Test**                                                                        **BIRD** **BIRD v2** **OpenBGPD 7.7** 
 RPKI, blackhole request for a covered prefix                                    ✔        ✔           ✔                
 RPKI, invalid prefix (bad ASN) not propagated to clients                        ✔        ✔           ✔                
 RPKI, invalid prefix (bad ASN) received by rs                                   ✔        ✔           ✔                
@@ -304,7 +304,7 @@ global scenario, IPv4, tag
 ++++++++++++++++++++++++++
 
 =============================================================================== ======== =========== ================   
-**Test**                                                                        **BIRD** **BIRD v2** **OpenBGPD 7.5** 
+**Test**                                                                        **BIRD** **BIRD v2** **OpenBGPD 7.7** 
 RPKI, blackhole request for a covered prefix                                    ✔        ✔                            
 RPKI, invalid prefix (bad ASN) not propagated to clients                        ✔        ✔                            
 RPKI, invalid prefix (bad ASN) received by rs                                   ✔        ✔                            
@@ -395,7 +395,7 @@ global scenario, IPv4, tag&reject
 +++++++++++++++++++++++++++++++++
 
 =============================================================================== ======== =========== ================   
-**Test**                                                                        **BIRD** **BIRD v2** **OpenBGPD 7.5** 
+**Test**                                                                        **BIRD** **BIRD v2** **OpenBGPD 7.7** 
 RPKI, blackhole request for a covered prefix                                    ✔        ✔                            
 RPKI, invalid prefix (bad ASN) not propagated to clients                        ✔        ✔                            
 RPKI, invalid prefix (bad ASN) received by rs                                   ✔        ✔                            
@@ -486,7 +486,7 @@ global scenario, IPv6
 +++++++++++++++++++++
 
 =============================================================================== ======== =========== ================   
-**Test**                                                                        **BIRD** **BIRD v2** **OpenBGPD 7.5** 
+**Test**                                                                        **BIRD** **BIRD v2** **OpenBGPD 7.7** 
 RPKI, blackhole request for a covered prefix                                    ✔        ✔           ✔                
 RPKI, invalid prefix (bad ASN) not propagated to clients                        ✔        ✔           ✔                
 RPKI, invalid prefix (bad ASN) received by rs                                   ✔        ✔           ✔                
@@ -577,7 +577,7 @@ global scenario, IPv6, tag
 ++++++++++++++++++++++++++
 
 =============================================================================== ======== =========== ================   
-**Test**                                                                        **BIRD** **BIRD v2** **OpenBGPD 7.5** 
+**Test**                                                                        **BIRD** **BIRD v2** **OpenBGPD 7.7** 
 RPKI, blackhole request for a covered prefix                                    ✔        ✔                            
 RPKI, invalid prefix (bad ASN) not propagated to clients                        ✔        ✔                            
 RPKI, invalid prefix (bad ASN) received by rs                                   ✔        ✔                            
@@ -668,7 +668,7 @@ global scenario, IPv6, tag&reject
 +++++++++++++++++++++++++++++++++
 
 =============================================================================== ======== =========== ================   
-**Test**                                                                        **BIRD** **BIRD v2** **OpenBGPD 7.5** 
+**Test**                                                                        **BIRD** **BIRD v2** **OpenBGPD 7.7** 
 RPKI, blackhole request for a covered prefix                                    ✔        ✔                            
 RPKI, invalid prefix (bad ASN) not propagated to clients                        ✔        ✔                            
 RPKI, invalid prefix (bad ASN) received by rs                                   ✔        ✔                            
@@ -759,7 +759,7 @@ gshut, IPv4
 +++++++++++
 
 ==================================================== ======== =========== ================   
-**Test**                                             **BIRD** **BIRD v2** **OpenBGPD 7.5** 
+**Test**                                             **BIRD** **BIRD v2** **OpenBGPD 7.7** 
 clients receive routes tagged with GRACEFUL_SHUTDOWN ✔        ✔           ✔                
 log contains errors                                  ✔        ✔           ✔                
 reconfigure                                          ✔        ✔           ✔                
@@ -769,7 +769,7 @@ gshut, IPv6
 +++++++++++
 
 ==================================================== ======== =========== ================   
-**Test**                                             **BIRD** **BIRD v2** **OpenBGPD 7.5** 
+**Test**                                             **BIRD** **BIRD v2** **OpenBGPD 7.7** 
 clients receive routes tagged with GRACEFUL_SHUTDOWN ✔        ✔           ✔                
 log contains errors                                  ✔        ✔           ✔                
 reconfigure                                          ✔        ✔           ✔                
@@ -779,7 +779,7 @@ hooks example, IPv4
 +++++++++++++++++++
 
 =================== ======== =========== ================   
-**Test**            **BIRD** **BIRD v2** **OpenBGPD 7.5** 
+**Test**            **BIRD** **BIRD v2** **OpenBGPD 7.7** 
 log contains errors ✔                                     
 =================== ======== =========== ================   
 
@@ -787,7 +787,7 @@ hooks example, IPv6
 +++++++++++++++++++
 
 =================== ======== =========== ================   
-**Test**            **BIRD** **BIRD v2** **OpenBGPD 7.5** 
+**Test**            **BIRD** **BIRD v2** **OpenBGPD 7.7** 
 log contains errors ✔                                     
 =================== ======== =========== ================   
 
@@ -795,7 +795,7 @@ max-prefix, IPv4
 ++++++++++++++++
 
 ================================================================ ======== =========== ================   
-**Test**                                                         **BIRD** **BIRD v2** **OpenBGPD 7.5** 
+**Test**                                                         **BIRD** **BIRD v2** **OpenBGPD 7.7** 
 AS5 session is down (max-prefix hit, action == shutdown)         ✔        ✔                            
 clients log max-prefix notification                                                   ✔                
 log contains errors                                              ✔        ✔           ✔                
@@ -815,7 +815,7 @@ max-prefix, IPv6
 ++++++++++++++++
 
 ================================================================ ======== =========== ================   
-**Test**                                                         **BIRD** **BIRD v2** **OpenBGPD 7.5** 
+**Test**                                                         **BIRD** **BIRD v2** **OpenBGPD 7.7** 
 AS5 session is down (max-prefix hit, action == shutdown)         ✔        ✔                            
 clients log max-prefix notification                                                   ✔                
 log contains errors                                              ✔        ✔           ✔                
@@ -835,7 +835,7 @@ path hiding, mitigation off, IPv4
 +++++++++++++++++++++++++++++++++
 
 =================================================== ======== =========== ================   
-**Test**                                            **BIRD** **BIRD v2** **OpenBGPD 7.5** 
+**Test**                                            **BIRD** **BIRD v2** **OpenBGPD 7.7** 
 AS1 wants rs to not announce to AS3 and AS4         ✔        ✔           ✔                
 AS3 does not receive prefix at all                  ✔        ✔           ✔                
 AS4 receives the prefix via AS2 because of ADD-PATH ✔        ✔           ✔                
@@ -849,7 +849,7 @@ path hiding, mitigation off, IPv6
 +++++++++++++++++++++++++++++++++
 
 =================================================== ======== =========== ================   
-**Test**                                            **BIRD** **BIRD v2** **OpenBGPD 7.5** 
+**Test**                                            **BIRD** **BIRD v2** **OpenBGPD 7.7** 
 AS1 wants rs to not announce to AS3 and AS4         ✔        ✔           ✔                
 AS3 does not receive prefix at all                  ✔        ✔           ✔                
 AS4 receives the prefix via AS2 because of ADD-PATH ✔        ✔           ✔                
@@ -863,7 +863,7 @@ path hiding, mitigation on, IPv4
 ++++++++++++++++++++++++++++++++
 
 ======================================================== ======== =========== ================   
-**Test**                                                 **BIRD** **BIRD v2** **OpenBGPD 7.5** 
+**Test**                                                 **BIRD** **BIRD v2** **OpenBGPD 7.7** 
 2nd best is withdrawn and AS3 should not see it anymore  skip     skip        ✔                
 AS1 wants rs to not announce to AS3 and AS4              ✔        ✔           ✔                
 AS3 and AS4 don't receive prefix via AS1                 ✔        ✔           ✔                
@@ -878,7 +878,7 @@ path hiding, mitigation on, IPv6
 ++++++++++++++++++++++++++++++++
 
 ======================================================== ======== =========== ================   
-**Test**                                                 **BIRD** **BIRD v2** **OpenBGPD 7.5** 
+**Test**                                                 **BIRD** **BIRD v2** **OpenBGPD 7.7** 
 2nd best is withdrawn and AS3 should not see it anymore  skip     skip        ✔                
 AS1 wants rs to not announce to AS3 and AS4              ✔        ✔           ✔                
 AS3 and AS4 don't receive prefix via AS1                 ✔        ✔           ✔                
@@ -893,7 +893,7 @@ tag prefix/origin empty AS-SET, IPv4
 ++++++++++++++++++++++++++++++++++++
 
 ====================================================================================== ======== =========== ================   
-**Test**                                                                               **BIRD** **BIRD v2** **OpenBGPD 7.5** 
+**Test**                                                                               **BIRD** **BIRD v2** **OpenBGPD 7.7** 
 AS2 ARIN Whois DB: tag only (w/o prefix_validated_via_arin_whois_db_dump)              ✔        ✔           ✔                
 AS2 ROA + ARIN Whois DB: tag only (w/o comms [arin_whois_db_dump, rpki_roas])          ✔        ✔           ✔                
 AS2 RPKI ROAs as route objects: tag only (w/o prefix_validated_via_rpki_roas)          ✔        ✔           ✔                
@@ -935,7 +935,7 @@ tag prefix/origin empty AS-SET, IPv6
 ++++++++++++++++++++++++++++++++++++
 
 ====================================================================================== ======== =========== ================   
-**Test**                                                                               **BIRD** **BIRD v2** **OpenBGPD 7.5** 
+**Test**                                                                               **BIRD** **BIRD v2** **OpenBGPD 7.7** 
 AS2 ARIN Whois DB: tag only (w/o prefix_validated_via_arin_whois_db_dump)              ✔        ✔           ✔                
 AS2 ROA + ARIN Whois DB: tag only (w/o comms [arin_whois_db_dump, rpki_roas])          ✔        ✔           ✔                
 AS2 RPKI ROAs as route objects: tag only (w/o prefix_validated_via_rpki_roas)          ✔        ✔           ✔                
@@ -977,7 +977,7 @@ tag prefix/origin in AS-SET, IPv4
 +++++++++++++++++++++++++++++++++
 
 ======================================================================================== ======== =========== ================   
-**Test**                                                                                 **BIRD** **BIRD v2** **OpenBGPD 7.5** 
+**Test**                                                                                 **BIRD** **BIRD v2** **OpenBGPD 7.7** 
 AS2 ARIN Whois DB: tag only (w/ prefix_validated_via_arin_whois_db_dump)                 ✔        ✔           ✔                
 AS2 ROA + ARIN Whois DB: tag only (w/ comms [arin_whois_db_dump, rpki_roas])             ✔        ✔           ✔                
 AS2 RPKI ROAs as route objects: tag only (w/ prefix_validated_via_rpki_roas)             ✔        ✔           ✔                
@@ -1028,7 +1028,7 @@ tag prefix/origin in AS-SET, IPv6
 +++++++++++++++++++++++++++++++++
 
 ======================================================================================== ======== =========== ================   
-**Test**                                                                                 **BIRD** **BIRD v2** **OpenBGPD 7.5** 
+**Test**                                                                                 **BIRD** **BIRD v2** **OpenBGPD 7.7** 
 AS2 ARIN Whois DB: tag only (w/ prefix_validated_via_arin_whois_db_dump)                 ✔        ✔           ✔                
 AS2 ROA + ARIN Whois DB: tag only (w/ comms [arin_whois_db_dump, rpki_roas])             ✔        ✔           ✔                
 AS2 RPKI ROAs as route objects: tag only (w/ prefix_validated_via_rpki_roas)             ✔        ✔           ✔                
diff --git a/examples/auto-config/bird4.conf b/examples/auto-config/bird4.conf
index 8ba00d76..fe894bc7 100644
--- a/examples/auto-config/bird4.conf
+++ b/examples/auto-config/bird4.conf
@@ -74,10 +74,10 @@ define AS_SET_AS_RIPENCC_prefixes_4 = [
 
 # ARIN Whois database records
 define ARIN_Whois_db_AS10745_4 = [
-	192.136.136.0/24{24,32}, 	199.43.0.0/24{24,32}, 	192.149.252.0/24{24,32}
+	192.149.252.0/24{24,32}, 	199.43.0.0/24{24,32}, 	192.136.136.0/24{24,32}
 ];
 define ARIN_Whois_db_AS12654_4 = [
-	23.128.25.0/24{24,32}, 	23.128.124.0/24{24,32}, 	23.128.125.0/24{24,32}, 	23.128.24.0/24{24,32}
+	23.128.24.0/24{24,32}, 	23.128.125.0/24{24,32}, 	23.128.124.0/24{24,32}, 	23.128.25.0/24{24,32}
 ];
 
 
@@ -813,7 +813,7 @@ filter receive_from_AS10745_1 {
 		{ tag_and_reject(8, 10745); reject "AS_PATH [", bgp_path ,"] contains transit-free ASN - REJECTING ", net; }
 
 	# AS_PATH: never via route-servers ASNs
-	if bgp_path ~ [92, 174, 278, 680, 714, 1273, 1299, 1955, 2152, 2914, 3257, 3265, 3292, 3320, 3491, 3630, 3754, 5391, 5432, 5511, 6079, 6730, 6805, 6830, 6908, 7155, 7843, 7862, 8075, 8365, 8455, 8607, 8943, 9908, 10013, 11164, 11260, 11290, 11670, 12322, 12353, 12822, 13030, 13032, 14295, 15692, 16509, 17012, 18520, 19237, 20115, 20161, 21396, 23888, 23961, 24282, 24800, 27947, 29169, 30967, 30983, 31764, 33983, 34108, 34209, 34587, 35836, 35900, 36165, 36459, 37271, 37529, 38713, 39326, 39651, 40029, 40063, 43470, 46450, 47377, 47583, 48237, 48265, 48408, 49127, 49910, 49922, 51530, 51630, 53859, 54295, 55244, 57433, 57468, 57866, 58768, 60412, 60757, 61756, 62164, 62567, 62623, 63290, 131398, 131996, 132563, 132829, 132996, 133317, 134022, 135706, 135848, 136106, 136874, 137207, 137610, 138023, 138769, 138953, 139667, 140287, 141091, 141120, 141134, 141140, 141411, 141856, 141892, 142164, 142348, 142369, 146846, 146958, 147059, 149296, 149663, 149826, 201978, 202561, 202793, 206275, 207353, 207484, 208425, 209699, 210030, 210715, 212512, 212539, 212623, 212706, 212953, 213202, 262191, 262888, 263258, 263686, 263801, 263856, 264424, 265337, 265630, 267214, 267442, 267561, 268091, 269156, 269190, 269367, 269512, 269654, 269906, 270407, 270544, 270781, 270828, 271053, 271172, 271200, 272018, 272124, 327732, 328445, 328572, 328582, 328959, 393573, 393684, 396304, 396477, 398203, 399338] then
+	if bgp_path ~ [92, 174, 278, 680, 714, 1273, 1299, 1955, 2152, 2914, 3257, 3265, 3292, 3320, 3491, 3630, 3754, 5391, 5432, 5511, 6079, 6730, 6805, 6830, 6908, 7155, 7843, 7862, 8075, 8365, 8455, 8607, 8943, 9908, 10013, 11164, 11260, 11290, 11670, 12322, 12353, 12822, 12926, 13030, 13032, 13941, 14295, 15692, 16509, 17012, 18520, 19237, 20115, 20161, 21396, 23888, 23961, 24282, 24800, 26068, 27947, 29169, 30967, 30983, 31764, 33983, 34108, 34209, 34587, 35836, 35900, 36165, 36459, 37271, 37529, 38713, 39326, 39651, 40029, 40063, 43470, 46450, 47377, 47583, 47584, 48237, 48265, 48408, 49127, 49910, 49922, 51530, 51630, 52990, 53859, 54295, 54574, 55244, 57433, 57866, 58768, 60412, 60757, 61756, 62164, 62567, 62623, 63290, 131398, 131996, 132563, 132829, 132996, 134022, 135706, 135848, 136106, 136874, 137207, 137610, 138023, 138769, 138953, 139667, 140287, 141091, 141120, 141134, 141140, 141411, 141856, 141892, 142164, 142348, 142369, 146846, 146958, 147059, 149296, 149391, 149663, 149826, 201978, 202561, 202793, 203133, 203283, 206275, 207353, 207484, 208425, 209310, 209699, 210030, 210715, 212512, 212539, 212623, 212706, 213202, 262191, 262888, 263258, 263686, 263801, 263856, 264424, 265337, 265630, 267214, 267561, 268091, 269156, 269190, 269367, 269512, 269654, 269906, 270407, 270544, 270781, 270828, 271053, 271172, 271200, 272018, 272124, 327732, 328445, 328572, 328582, 328959, 393573, 393684, 396304, 396477, 398203, 398395, 399338] then
 	{ tag_and_reject(15, 10745); reject "AS_PATH [", bgp_path ,"] contains never via route-servers ASN - REJECTING ", net; }
 
 
@@ -1035,7 +1035,7 @@ filter receive_from_AS3333_1 {
 		{ tag_and_reject(8, 3333); reject "AS_PATH [", bgp_path ,"] contains transit-free ASN - REJECTING ", net; }
 
 	# AS_PATH: never via route-servers ASNs
-	if bgp_path ~ [92, 174, 278, 680, 714, 1273, 1299, 1955, 2152, 2914, 3257, 3265, 3292, 3320, 3491, 3630, 3754, 5391, 5432, 5511, 6079, 6730, 6805, 6830, 6908, 7155, 7843, 7862, 8075, 8365, 8455, 8607, 8943, 9908, 10013, 11164, 11260, 11290, 11670, 12322, 12353, 12822, 13030, 13032, 14295, 15692, 16509, 17012, 18520, 19237, 20115, 20161, 21396, 23888, 23961, 24282, 24800, 27947, 29169, 30967, 30983, 31764, 33983, 34108, 34209, 34587, 35836, 35900, 36165, 36459, 37271, 37529, 38713, 39326, 39651, 40029, 40063, 43470, 46450, 47377, 47583, 48237, 48265, 48408, 49127, 49910, 49922, 51530, 51630, 53859, 54295, 55244, 57433, 57468, 57866, 58768, 60412, 60757, 61756, 62164, 62567, 62623, 63290, 131398, 131996, 132563, 132829, 132996, 133317, 134022, 135706, 135848, 136106, 136874, 137207, 137610, 138023, 138769, 138953, 139667, 140287, 141091, 141120, 141134, 141140, 141411, 141856, 141892, 142164, 142348, 142369, 146846, 146958, 147059, 149296, 149663, 149826, 201978, 202561, 202793, 206275, 207353, 207484, 208425, 209699, 210030, 210715, 212512, 212539, 212623, 212706, 212953, 213202, 262191, 262888, 263258, 263686, 263801, 263856, 264424, 265337, 265630, 267214, 267442, 267561, 268091, 269156, 269190, 269367, 269512, 269654, 269906, 270407, 270544, 270781, 270828, 271053, 271172, 271200, 272018, 272124, 327732, 328445, 328572, 328582, 328959, 393573, 393684, 396304, 396477, 398203, 399338] then
+	if bgp_path ~ [92, 174, 278, 680, 714, 1273, 1299, 1955, 2152, 2914, 3257, 3265, 3292, 3320, 3491, 3630, 3754, 5391, 5432, 5511, 6079, 6730, 6805, 6830, 6908, 7155, 7843, 7862, 8075, 8365, 8455, 8607, 8943, 9908, 10013, 11164, 11260, 11290, 11670, 12322, 12353, 12822, 12926, 13030, 13032, 13941, 14295, 15692, 16509, 17012, 18520, 19237, 20115, 20161, 21396, 23888, 23961, 24282, 24800, 26068, 27947, 29169, 30967, 30983, 31764, 33983, 34108, 34209, 34587, 35836, 35900, 36165, 36459, 37271, 37529, 38713, 39326, 39651, 40029, 40063, 43470, 46450, 47377, 47583, 47584, 48237, 48265, 48408, 49127, 49910, 49922, 51530, 51630, 52990, 53859, 54295, 54574, 55244, 57433, 57866, 58768, 60412, 60757, 61756, 62164, 62567, 62623, 63290, 131398, 131996, 132563, 132829, 132996, 134022, 135706, 135848, 136106, 136874, 137207, 137610, 138023, 138769, 138953, 139667, 140287, 141091, 141120, 141134, 141140, 141411, 141856, 141892, 142164, 142348, 142369, 146846, 146958, 147059, 149296, 149391, 149663, 149826, 201978, 202561, 202793, 203133, 203283, 206275, 207353, 207484, 208425, 209310, 209699, 210030, 210715, 212512, 212539, 212623, 212706, 213202, 262191, 262888, 263258, 263686, 263801, 263856, 264424, 265337, 265630, 267214, 267561, 268091, 269156, 269190, 269367, 269512, 269654, 269906, 270407, 270544, 270781, 270828, 271053, 271172, 271200, 272018, 272124, 327732, 328445, 328572, 328582, 328959, 393573, 393684, 396304, 396477, 398203, 398395, 399338] then
 	{ tag_and_reject(15, 3333); reject "AS_PATH [", bgp_path ,"] contains never via route-servers ASN - REJECTING ", net; }
 
 
diff --git a/examples/auto-config/openbgpd.conf b/examples/auto-config/openbgpd.conf
index 8f59a10a..88cfa301 100644
--- a/examples/auto-config/openbgpd.conf
+++ b/examples/auto-config/openbgpd.conf
@@ -237,7 +237,7 @@ prefix-set "bogons" {
 
 # never via route-servers ASNs
 as-set "neverviarouteserver" {
-	92, 174, 278, 680, 714, 1273, 1299, 1955, 2152, 2914, 3257, 3265, 3292, 3320, 3491, 3630, 3754, 5391, 5432, 5511, 6079, 6730, 6805, 6830, 6908, 7155, 7843, 7862, 8075, 8365, 8455, 8607, 8943, 9908, 10013, 11164, 11260, 11290, 11670, 12322, 12353, 12822, 13030, 13032, 14295, 15692, 16509, 17012, 18520, 19237, 20115, 20161, 21396, 23888, 23961, 24282, 24800, 27947, 29169, 30967, 30983, 31764, 33983, 34108, 34209, 34587, 35836, 35900, 36165, 36459, 37271, 37529, 38713, 39326, 39651, 40029, 40063, 43470, 46450, 47377, 47583, 48237, 48265, 48408, 49127, 49910, 49922, 51530, 51630, 53859, 54295, 55244, 57433, 57468, 57866, 58768, 60412, 60757, 61756, 62164, 62567, 62623, 63290, 131398, 131996, 132563, 132829, 132996, 133317, 134022, 135706, 135848, 136106, 136874, 137207, 137610, 138023, 138769, 138953, 139667, 140287, 141091, 141120, 141134, 141140, 141411, 141856, 141892, 142164, 142348, 142369, 146846, 146958, 147059, 149296, 149663, 149826, 201978, 202561, 202793, 206275, 207353, 207484, 208425, 209699, 210030, 210715, 212512, 212539, 212623, 212706, 212953, 213202, 262191, 262888, 263258, 263686, 263801, 263856, 264424, 265337, 265630, 267214, 267442, 267561, 268091, 269156, 269190, 269367, 269512, 269654, 269906, 270407, 270544, 270781, 270828, 271053, 271172, 271200, 272018, 272124, 327732, 328445, 328572, 328582, 328959, 393573, 393684, 396304, 396477, 398203, 399338
+	92, 174, 278, 680, 714, 1273, 1299, 1955, 2152, 2914, 3257, 3265, 3292, 3320, 3491, 3630, 3754, 5391, 5432, 5511, 6079, 6730, 6805, 6830, 6908, 7155, 7843, 7862, 8075, 8365, 8455, 8607, 8943, 9908, 10013, 11164, 11260, 11290, 11670, 12322, 12353, 12822, 12926, 13030, 13032, 13941, 14295, 15692, 16509, 17012, 18520, 19237, 20115, 20161, 21396, 23888, 23961, 24282, 24800, 26068, 27947, 29169, 30967, 30983, 31764, 33983, 34108, 34209, 34587, 35836, 35900, 36165, 36459, 37271, 37529, 38713, 39326, 39651, 40029, 40063, 43470, 46450, 47377, 47583, 47584, 48237, 48265, 48408, 49127, 49910, 49922, 51530, 51630, 52990, 53859, 54295, 54574, 55244, 57433, 57866, 58768, 60412, 60757, 61756, 62164, 62567, 62623, 63290, 131398, 131996, 132563, 132829, 132996, 134022, 135706, 135848, 136106, 136874, 137207, 137610, 138023, 138769, 138953, 139667, 140287, 141091, 141120, 141134, 141140, 141411, 141856, 141892, 142164, 142348, 142369, 146846, 146958, 147059, 149296, 149391, 149663, 149826, 201978, 202561, 202793, 203133, 203283, 206275, 207353, 207484, 208425, 209310, 209699, 210030, 210715, 212512, 212539, 212623, 212706, 213202, 262191, 262888, 263258, 263686, 263801, 263856, 264424, 265337, 265630, 267214, 267561, 268091, 269156, 269190, 269367, 269512, 269654, 269906, 270407, 270544, 270781, 270828, 271053, 271172, 271200, 272018, 272124, 327732, 328445, 328572, 328582, 328959, 393573, 393684, 396304, 396477, 398203, 398395, 399338
 }
 
 # =====================================================================================
diff --git a/examples/bird_hooks/bird4.conf b/examples/bird_hooks/bird4.conf
index ed2b876f..0a308341 100644
--- a/examples/bird_hooks/bird4.conf
+++ b/examples/bird_hooks/bird4.conf
@@ -567,7 +567,7 @@ filter receive_from_AS10745_1 {
 
 
 	# AS_PATH: never via route-servers ASNs
-	if bgp_path ~ [92, 174, 278, 680, 714, 1273, 1299, 1955, 2152, 2914, 3257, 3265, 3292, 3320, 3491, 3630, 3754, 5391, 5432, 5511, 6079, 6730, 6805, 6830, 6908, 7155, 7843, 7862, 8075, 8365, 8455, 8607, 8943, 9908, 10013, 11164, 11260, 11290, 11670, 12322, 12353, 12822, 13030, 13032, 14295, 15692, 16509, 17012, 18520, 19237, 20115, 20161, 21396, 23888, 23961, 24282, 24800, 27947, 29169, 30967, 30983, 31764, 33983, 34108, 34209, 34587, 35836, 35900, 36165, 36459, 37271, 37529, 38713, 39326, 39651, 40029, 40063, 43470, 46450, 47377, 47583, 48237, 48265, 48408, 49127, 49910, 49922, 51530, 51630, 53859, 54295, 55244, 57433, 57468, 57866, 58768, 60412, 60757, 61756, 62164, 62567, 62623, 63290, 131398, 131996, 132563, 132829, 132996, 133317, 134022, 135706, 135848, 136106, 136874, 137207, 137610, 138023, 138769, 138953, 139667, 140287, 141091, 141120, 141134, 141140, 141411, 141856, 141892, 142164, 142348, 142369, 146846, 146958, 147059, 149296, 149663, 149826, 201978, 202561, 202793, 206275, 207353, 207484, 208425, 209699, 210030, 210715, 212512, 212539, 212623, 212706, 212953, 213202, 262191, 262888, 263258, 263686, 263801, 263856, 264424, 265337, 265630, 267214, 267442, 267561, 268091, 269156, 269190, 269367, 269512, 269654, 269906, 270407, 270544, 270781, 270828, 271053, 271172, 271200, 272018, 272124, 327732, 328445, 328572, 328582, 328959, 393573, 393684, 396304, 396477, 398203, 399338] then
+	if bgp_path ~ [92, 174, 278, 680, 714, 1273, 1299, 1955, 2152, 2914, 3257, 3265, 3292, 3320, 3491, 3630, 3754, 5391, 5432, 5511, 6079, 6730, 6805, 6830, 6908, 7155, 7843, 7862, 8075, 8365, 8455, 8607, 8943, 9908, 10013, 11164, 11260, 11290, 11670, 12322, 12353, 12822, 12926, 13030, 13032, 13941, 14295, 15692, 16509, 17012, 18520, 19237, 20115, 20161, 21396, 23888, 23961, 24282, 24800, 26068, 27947, 29169, 30967, 30983, 31764, 33983, 34108, 34209, 34587, 35836, 35900, 36165, 36459, 37271, 37529, 38713, 39326, 39651, 40029, 40063, 43470, 46450, 47377, 47583, 47584, 48237, 48265, 48408, 49127, 49910, 49922, 51530, 51630, 52990, 53859, 54295, 54574, 55244, 57433, 57866, 58768, 60412, 60757, 61756, 62164, 62567, 62623, 63290, 131398, 131996, 132563, 132829, 132996, 134022, 135706, 135848, 136106, 136874, 137207, 137610, 138023, 138769, 138953, 139667, 140287, 141091, 141120, 141134, 141140, 141411, 141856, 141892, 142164, 142348, 142369, 146846, 146958, 147059, 149296, 149391, 149663, 149826, 201978, 202561, 202793, 203133, 203283, 206275, 207353, 207484, 208425, 209310, 209699, 210030, 210715, 212512, 212539, 212623, 212706, 213202, 262191, 262888, 263258, 263686, 263801, 263856, 264424, 265337, 265630, 267214, 267561, 268091, 269156, 269190, 269367, 269512, 269654, 269906, 270407, 270544, 270781, 270828, 271053, 271172, 271200, 272018, 272124, 327732, 328445, 328572, 328582, 328959, 393573, 393684, 396304, 396477, 398203, 398395, 399338] then
 	reject "AS_PATH [", bgp_path ,"] contains never via route-servers ASN - REJECTING ", net;
 
 
@@ -769,7 +769,7 @@ filter receive_from_AS3333_1 {
 
 
 	# AS_PATH: never via route-servers ASNs
-	if bgp_path ~ [92, 174, 278, 680, 714, 1273, 1299, 1955, 2152, 2914, 3257, 3265, 3292, 3320, 3491, 3630, 3754, 5391, 5432, 5511, 6079, 6730, 6805, 6830, 6908, 7155, 7843, 7862, 8075, 8365, 8455, 8607, 8943, 9908, 10013, 11164, 11260, 11290, 11670, 12322, 12353, 12822, 13030, 13032, 14295, 15692, 16509, 17012, 18520, 19237, 20115, 20161, 21396, 23888, 23961, 24282, 24800, 27947, 29169, 30967, 30983, 31764, 33983, 34108, 34209, 34587, 35836, 35900, 36165, 36459, 37271, 37529, 38713, 39326, 39651, 40029, 40063, 43470, 46450, 47377, 47583, 48237, 48265, 48408, 49127, 49910, 49922, 51530, 51630, 53859, 54295, 55244, 57433, 57468, 57866, 58768, 60412, 60757, 61756, 62164, 62567, 62623, 63290, 131398, 131996, 132563, 132829, 132996, 133317, 134022, 135706, 135848, 136106, 136874, 137207, 137610, 138023, 138769, 138953, 139667, 140287, 141091, 141120, 141134, 141140, 141411, 141856, 141892, 142164, 142348, 142369, 146846, 146958, 147059, 149296, 149663, 149826, 201978, 202561, 202793, 206275, 207353, 207484, 208425, 209699, 210030, 210715, 212512, 212539, 212623, 212706, 212953, 213202, 262191, 262888, 263258, 263686, 263801, 263856, 264424, 265337, 265630, 267214, 267442, 267561, 268091, 269156, 269190, 269367, 269512, 269654, 269906, 270407, 270544, 270781, 270828, 271053, 271172, 271200, 272018, 272124, 327732, 328445, 328572, 328582, 328959, 393573, 393684, 396304, 396477, 398203, 399338] then
+	if bgp_path ~ [92, 174, 278, 680, 714, 1273, 1299, 1955, 2152, 2914, 3257, 3265, 3292, 3320, 3491, 3630, 3754, 5391, 5432, 5511, 6079, 6730, 6805, 6830, 6908, 7155, 7843, 7862, 8075, 8365, 8455, 8607, 8943, 9908, 10013, 11164, 11260, 11290, 11670, 12322, 12353, 12822, 12926, 13030, 13032, 13941, 14295, 15692, 16509, 17012, 18520, 19237, 20115, 20161, 21396, 23888, 23961, 24282, 24800, 26068, 27947, 29169, 30967, 30983, 31764, 33983, 34108, 34209, 34587, 35836, 35900, 36165, 36459, 37271, 37529, 38713, 39326, 39651, 40029, 40063, 43470, 46450, 47377, 47583, 47584, 48237, 48265, 48408, 49127, 49910, 49922, 51530, 51630, 52990, 53859, 54295, 54574, 55244, 57433, 57866, 58768, 60412, 60757, 61756, 62164, 62567, 62623, 63290, 131398, 131996, 132563, 132829, 132996, 134022, 135706, 135848, 136106, 136874, 137207, 137610, 138023, 138769, 138953, 139667, 140287, 141091, 141120, 141134, 141140, 141411, 141856, 141892, 142164, 142348, 142369, 146846, 146958, 147059, 149296, 149391, 149663, 149826, 201978, 202561, 202793, 203133, 203283, 206275, 207353, 207484, 208425, 209310, 209699, 210030, 210715, 212512, 212539, 212623, 212706, 213202, 262191, 262888, 263258, 263686, 263801, 263856, 264424, 265337, 265630, 267214, 267561, 268091, 269156, 269190, 269367, 269512, 269654, 269906, 270407, 270544, 270781, 270828, 271053, 271172, 271200, 272018, 272124, 327732, 328445, 328572, 328582, 328959, 393573, 393684, 396304, 396477, 398203, 398395, 399338] then
 	reject "AS_PATH [", bgp_path ,"] contains never via route-servers ASN - REJECTING ", net;
 
 
diff --git a/examples/bird_hooks/bird6.conf b/examples/bird_hooks/bird6.conf
index 148466bb..d15e23c8 100644
--- a/examples/bird_hooks/bird6.conf
+++ b/examples/bird_hooks/bird6.conf
@@ -605,7 +605,7 @@ filter receive_from_AS10745_2 {
 
 
 	# AS_PATH: never via route-servers ASNs
-	if bgp_path ~ [92, 174, 278, 680, 714, 1273, 1299, 1955, 2152, 2914, 3257, 3265, 3292, 3320, 3491, 3630, 3754, 5391, 5432, 5511, 6079, 6730, 6805, 6830, 6908, 7155, 7843, 7862, 8075, 8365, 8455, 8607, 8943, 9908, 10013, 11164, 11260, 11290, 11670, 12322, 12353, 12822, 13030, 13032, 14295, 15692, 16509, 17012, 18520, 19237, 20115, 20161, 21396, 23888, 23961, 24282, 24800, 27947, 29169, 30967, 30983, 31764, 33983, 34108, 34209, 34587, 35836, 35900, 36165, 36459, 37271, 37529, 38713, 39326, 39651, 40029, 40063, 43470, 46450, 47377, 47583, 48237, 48265, 48408, 49127, 49910, 49922, 51530, 51630, 53859, 54295, 55244, 57433, 57468, 57866, 58768, 60412, 60757, 61756, 62164, 62567, 62623, 63290, 131398, 131996, 132563, 132829, 132996, 133317, 134022, 135706, 135848, 136106, 136874, 137207, 137610, 138023, 138769, 138953, 139667, 140287, 141091, 141120, 141134, 141140, 141411, 141856, 141892, 142164, 142348, 142369, 146846, 146958, 147059, 149296, 149663, 149826, 201978, 202561, 202793, 206275, 207353, 207484, 208425, 209699, 210030, 210715, 212512, 212539, 212623, 212706, 212953, 213202, 262191, 262888, 263258, 263686, 263801, 263856, 264424, 265337, 265630, 267214, 267442, 267561, 268091, 269156, 269190, 269367, 269512, 269654, 269906, 270407, 270544, 270781, 270828, 271053, 271172, 271200, 272018, 272124, 327732, 328445, 328572, 328582, 328959, 393573, 393684, 396304, 396477, 398203, 399338] then
+	if bgp_path ~ [92, 174, 278, 680, 714, 1273, 1299, 1955, 2152, 2914, 3257, 3265, 3292, 3320, 3491, 3630, 3754, 5391, 5432, 5511, 6079, 6730, 6805, 6830, 6908, 7155, 7843, 7862, 8075, 8365, 8455, 8607, 8943, 9908, 10013, 11164, 11260, 11290, 11670, 12322, 12353, 12822, 12926, 13030, 13032, 13941, 14295, 15692, 16509, 17012, 18520, 19237, 20115, 20161, 21396, 23888, 23961, 24282, 24800, 26068, 27947, 29169, 30967, 30983, 31764, 33983, 34108, 34209, 34587, 35836, 35900, 36165, 36459, 37271, 37529, 38713, 39326, 39651, 40029, 40063, 43470, 46450, 47377, 47583, 47584, 48237, 48265, 48408, 49127, 49910, 49922, 51530, 51630, 52990, 53859, 54295, 54574, 55244, 57433, 57866, 58768, 60412, 60757, 61756, 62164, 62567, 62623, 63290, 131398, 131996, 132563, 132829, 132996, 134022, 135706, 135848, 136106, 136874, 137207, 137610, 138023, 138769, 138953, 139667, 140287, 141091, 141120, 141134, 141140, 141411, 141856, 141892, 142164, 142348, 142369, 146846, 146958, 147059, 149296, 149391, 149663, 149826, 201978, 202561, 202793, 203133, 203283, 206275, 207353, 207484, 208425, 209310, 209699, 210030, 210715, 212512, 212539, 212623, 212706, 213202, 262191, 262888, 263258, 263686, 263801, 263856, 264424, 265337, 265630, 267214, 267561, 268091, 269156, 269190, 269367, 269512, 269654, 269906, 270407, 270544, 270781, 270828, 271053, 271172, 271200, 272018, 272124, 327732, 328445, 328572, 328582, 328959, 393573, 393684, 396304, 396477, 398203, 398395, 399338] then
 	reject "AS_PATH [", bgp_path ,"] contains never via route-servers ASN - REJECTING ", net;
 
 
diff --git a/examples/default/bird4.conf b/examples/default/bird4.conf
index eae2f694..e556287a 100644
--- a/examples/default/bird4.conf
+++ b/examples/default/bird4.conf
@@ -301,7 +301,7 @@ filter receive_from_AS10745_1 {
 
 
 	# AS_PATH: never via route-servers ASNs
-	if bgp_path ~ [92, 174, 278, 680, 714, 1273, 1299, 1955, 2152, 2914, 3257, 3265, 3292, 3320, 3491, 3630, 3754, 5391, 5432, 5511, 6079, 6730, 6805, 6830, 6908, 7155, 7843, 7862, 8075, 8365, 8455, 8607, 8943, 9908, 10013, 11164, 11260, 11290, 11670, 12322, 12353, 12822, 13030, 13032, 14295, 15692, 16509, 17012, 18520, 19237, 20115, 20161, 21396, 23888, 23961, 24282, 24800, 27947, 29169, 30967, 30983, 31764, 33983, 34108, 34209, 34587, 35836, 35900, 36165, 36459, 37271, 37529, 38713, 39326, 39651, 40029, 40063, 43470, 46450, 47377, 47583, 48237, 48265, 48408, 49127, 49910, 49922, 51530, 51630, 53859, 54295, 55244, 57433, 57468, 57866, 58768, 60412, 60757, 61756, 62164, 62567, 62623, 63290, 131398, 131996, 132563, 132829, 132996, 133317, 134022, 135706, 135848, 136106, 136874, 137207, 137610, 138023, 138769, 138953, 139667, 140287, 141091, 141120, 141134, 141140, 141411, 141856, 141892, 142164, 142348, 142369, 146846, 146958, 147059, 149296, 149663, 149826, 201978, 202561, 202793, 206275, 207353, 207484, 208425, 209699, 210030, 210715, 212512, 212539, 212623, 212706, 212953, 213202, 262191, 262888, 263258, 263686, 263801, 263856, 264424, 265337, 265630, 267214, 267442, 267561, 268091, 269156, 269190, 269367, 269512, 269654, 269906, 270407, 270544, 270781, 270828, 271053, 271172, 271200, 272018, 272124, 327732, 328445, 328572, 328582, 328959, 393573, 393684, 396304, 396477, 398203, 399338] then
+	if bgp_path ~ [92, 174, 278, 680, 714, 1273, 1299, 1955, 2152, 2914, 3257, 3265, 3292, 3320, 3491, 3630, 3754, 5391, 5432, 5511, 6079, 6730, 6805, 6830, 6908, 7155, 7843, 7862, 8075, 8365, 8455, 8607, 8943, 9908, 10013, 11164, 11260, 11290, 11670, 12322, 12353, 12822, 12926, 13030, 13032, 13941, 14295, 15692, 16509, 17012, 18520, 19237, 20115, 20161, 21396, 23888, 23961, 24282, 24800, 26068, 27947, 29169, 30967, 30983, 31764, 33983, 34108, 34209, 34587, 35836, 35900, 36165, 36459, 37271, 37529, 38713, 39326, 39651, 40029, 40063, 43470, 46450, 47377, 47583, 47584, 48237, 48265, 48408, 49127, 49910, 49922, 51530, 51630, 52990, 53859, 54295, 54574, 55244, 57433, 57866, 58768, 60412, 60757, 61756, 62164, 62567, 62623, 63290, 131398, 131996, 132563, 132829, 132996, 134022, 135706, 135848, 136106, 136874, 137207, 137610, 138023, 138769, 138953, 139667, 140287, 141091, 141120, 141134, 141140, 141411, 141856, 141892, 142164, 142348, 142369, 146846, 146958, 147059, 149296, 149391, 149663, 149826, 201978, 202561, 202793, 203133, 203283, 206275, 207353, 207484, 208425, 209310, 209699, 210030, 210715, 212512, 212539, 212623, 212706, 213202, 262191, 262888, 263258, 263686, 263801, 263856, 264424, 265337, 265630, 267214, 267561, 268091, 269156, 269190, 269367, 269512, 269654, 269906, 270407, 270544, 270781, 270828, 271053, 271172, 271200, 272018, 272124, 327732, 328445, 328572, 328582, 328959, 393573, 393684, 396304, 396477, 398203, 398395, 399338] then
 	reject "AS_PATH [", bgp_path ,"] contains never via route-servers ASN - REJECTING ", net;
 
 
@@ -465,7 +465,7 @@ filter receive_from_AS3333_1 {
 
 
 	# AS_PATH: never via route-servers ASNs
-	if bgp_path ~ [92, 174, 278, 680, 714, 1273, 1299, 1955, 2152, 2914, 3257, 3265, 3292, 3320, 3491, 3630, 3754, 5391, 5432, 5511, 6079, 6730, 6805, 6830, 6908, 7155, 7843, 7862, 8075, 8365, 8455, 8607, 8943, 9908, 10013, 11164, 11260, 11290, 11670, 12322, 12353, 12822, 13030, 13032, 14295, 15692, 16509, 17012, 18520, 19237, 20115, 20161, 21396, 23888, 23961, 24282, 24800, 27947, 29169, 30967, 30983, 31764, 33983, 34108, 34209, 34587, 35836, 35900, 36165, 36459, 37271, 37529, 38713, 39326, 39651, 40029, 40063, 43470, 46450, 47377, 47583, 48237, 48265, 48408, 49127, 49910, 49922, 51530, 51630, 53859, 54295, 55244, 57433, 57468, 57866, 58768, 60412, 60757, 61756, 62164, 62567, 62623, 63290, 131398, 131996, 132563, 132829, 132996, 133317, 134022, 135706, 135848, 136106, 136874, 137207, 137610, 138023, 138769, 138953, 139667, 140287, 141091, 141120, 141134, 141140, 141411, 141856, 141892, 142164, 142348, 142369, 146846, 146958, 147059, 149296, 149663, 149826, 201978, 202561, 202793, 206275, 207353, 207484, 208425, 209699, 210030, 210715, 212512, 212539, 212623, 212706, 212953, 213202, 262191, 262888, 263258, 263686, 263801, 263856, 264424, 265337, 265630, 267214, 267442, 267561, 268091, 269156, 269190, 269367, 269512, 269654, 269906, 270407, 270544, 270781, 270828, 271053, 271172, 271200, 272018, 272124, 327732, 328445, 328572, 328582, 328959, 393573, 393684, 396304, 396477, 398203, 399338] then
+	if bgp_path ~ [92, 174, 278, 680, 714, 1273, 1299, 1955, 2152, 2914, 3257, 3265, 3292, 3320, 3491, 3630, 3754, 5391, 5432, 5511, 6079, 6730, 6805, 6830, 6908, 7155, 7843, 7862, 8075, 8365, 8455, 8607, 8943, 9908, 10013, 11164, 11260, 11290, 11670, 12322, 12353, 12822, 12926, 13030, 13032, 13941, 14295, 15692, 16509, 17012, 18520, 19237, 20115, 20161, 21396, 23888, 23961, 24282, 24800, 26068, 27947, 29169, 30967, 30983, 31764, 33983, 34108, 34209, 34587, 35836, 35900, 36165, 36459, 37271, 37529, 38713, 39326, 39651, 40029, 40063, 43470, 46450, 47377, 47583, 47584, 48237, 48265, 48408, 49127, 49910, 49922, 51530, 51630, 52990, 53859, 54295, 54574, 55244, 57433, 57866, 58768, 60412, 60757, 61756, 62164, 62567, 62623, 63290, 131398, 131996, 132563, 132829, 132996, 134022, 135706, 135848, 136106, 136874, 137207, 137610, 138023, 138769, 138953, 139667, 140287, 141091, 141120, 141134, 141140, 141411, 141856, 141892, 142164, 142348, 142369, 146846, 146958, 147059, 149296, 149391, 149663, 149826, 201978, 202561, 202793, 203133, 203283, 206275, 207353, 207484, 208425, 209310, 209699, 210030, 210715, 212512, 212539, 212623, 212706, 213202, 262191, 262888, 263258, 263686, 263801, 263856, 264424, 265337, 265630, 267214, 267561, 268091, 269156, 269190, 269367, 269512, 269654, 269906, 270407, 270544, 270781, 270828, 271053, 271172, 271200, 272018, 272124, 327732, 328445, 328572, 328582, 328959, 393573, 393684, 396304, 396477, 398203, 398395, 399338] then
 	reject "AS_PATH [", bgp_path ,"] contains never via route-servers ASN - REJECTING ", net;
 
 
diff --git a/examples/default/bird6.conf b/examples/default/bird6.conf
index 38dbc473..684a6e8b 100644
--- a/examples/default/bird6.conf
+++ b/examples/default/bird6.conf
@@ -339,7 +339,7 @@ filter receive_from_AS10745_2 {
 
 
 	# AS_PATH: never via route-servers ASNs
-	if bgp_path ~ [92, 174, 278, 680, 714, 1273, 1299, 1955, 2152, 2914, 3257, 3265, 3292, 3320, 3491, 3630, 3754, 5391, 5432, 5511, 6079, 6730, 6805, 6830, 6908, 7155, 7843, 7862, 8075, 8365, 8455, 8607, 8943, 9908, 10013, 11164, 11260, 11290, 11670, 12322, 12353, 12822, 13030, 13032, 14295, 15692, 16509, 17012, 18520, 19237, 20115, 20161, 21396, 23888, 23961, 24282, 24800, 27947, 29169, 30967, 30983, 31764, 33983, 34108, 34209, 34587, 35836, 35900, 36165, 36459, 37271, 37529, 38713, 39326, 39651, 40029, 40063, 43470, 46450, 47377, 47583, 48237, 48265, 48408, 49127, 49910, 49922, 51530, 51630, 53859, 54295, 55244, 57433, 57468, 57866, 58768, 60412, 60757, 61756, 62164, 62567, 62623, 63290, 131398, 131996, 132563, 132829, 132996, 133317, 134022, 135706, 135848, 136106, 136874, 137207, 137610, 138023, 138769, 138953, 139667, 140287, 141091, 141120, 141134, 141140, 141411, 141856, 141892, 142164, 142348, 142369, 146846, 146958, 147059, 149296, 149663, 149826, 201978, 202561, 202793, 206275, 207353, 207484, 208425, 209699, 210030, 210715, 212512, 212539, 212623, 212706, 212953, 213202, 262191, 262888, 263258, 263686, 263801, 263856, 264424, 265337, 265630, 267214, 267442, 267561, 268091, 269156, 269190, 269367, 269512, 269654, 269906, 270407, 270544, 270781, 270828, 271053, 271172, 271200, 272018, 272124, 327732, 328445, 328572, 328582, 328959, 393573, 393684, 396304, 396477, 398203, 399338] then
+	if bgp_path ~ [92, 174, 278, 680, 714, 1273, 1299, 1955, 2152, 2914, 3257, 3265, 3292, 3320, 3491, 3630, 3754, 5391, 5432, 5511, 6079, 6730, 6805, 6830, 6908, 7155, 7843, 7862, 8075, 8365, 8455, 8607, 8943, 9908, 10013, 11164, 11260, 11290, 11670, 12322, 12353, 12822, 12926, 13030, 13032, 13941, 14295, 15692, 16509, 17012, 18520, 19237, 20115, 20161, 21396, 23888, 23961, 24282, 24800, 26068, 27947, 29169, 30967, 30983, 31764, 33983, 34108, 34209, 34587, 35836, 35900, 36165, 36459, 37271, 37529, 38713, 39326, 39651, 40029, 40063, 43470, 46450, 47377, 47583, 47584, 48237, 48265, 48408, 49127, 49910, 49922, 51530, 51630, 52990, 53859, 54295, 54574, 55244, 57433, 57866, 58768, 60412, 60757, 61756, 62164, 62567, 62623, 63290, 131398, 131996, 132563, 132829, 132996, 134022, 135706, 135848, 136106, 136874, 137207, 137610, 138023, 138769, 138953, 139667, 140287, 141091, 141120, 141134, 141140, 141411, 141856, 141892, 142164, 142348, 142369, 146846, 146958, 147059, 149296, 149391, 149663, 149826, 201978, 202561, 202793, 203133, 203283, 206275, 207353, 207484, 208425, 209310, 209699, 210030, 210715, 212512, 212539, 212623, 212706, 213202, 262191, 262888, 263258, 263686, 263801, 263856, 264424, 265337, 265630, 267214, 267561, 268091, 269156, 269190, 269367, 269512, 269654, 269906, 270407, 270544, 270781, 270828, 271053, 271172, 271200, 272018, 272124, 327732, 328445, 328572, 328582, 328959, 393573, 393684, 396304, 396477, 398203, 398395, 399338] then
 	reject "AS_PATH [", bgp_path ,"] contains never via route-servers ASN - REJECTING ", net;
 
 
diff --git a/examples/default/bird_v2.conf b/examples/default/bird_v2.conf
index 0a70c86f..bc0c67c5 100644
--- a/examples/default/bird_v2.conf
+++ b/examples/default/bird_v2.conf
@@ -419,7 +419,7 @@ filter receive_from_AS10745_1 {
 
 
 	# AS_PATH: never via route-servers ASNs
-	if bgp_path ~ [92, 174, 278, 680, 714, 1273, 1299, 1955, 2152, 2914, 3257, 3265, 3292, 3320, 3491, 3630, 3754, 5391, 5432, 5511, 6079, 6730, 6805, 6830, 6908, 7155, 7843, 7862, 8075, 8365, 8455, 8607, 8943, 9908, 10013, 11164, 11260, 11290, 11670, 12322, 12353, 12822, 13030, 13032, 14295, 15692, 16509, 17012, 18520, 19237, 20115, 20161, 21396, 23888, 23961, 24282, 24800, 27947, 29169, 30967, 30983, 31764, 33983, 34108, 34209, 34587, 35836, 35900, 36165, 36459, 37271, 37529, 38713, 39326, 39651, 40029, 40063, 43470, 46450, 47377, 47583, 48237, 48265, 48408, 49127, 49910, 49922, 51530, 51630, 53859, 54295, 55244, 57433, 57468, 57866, 58768, 60412, 60757, 61756, 62164, 62567, 62623, 63290, 131398, 131996, 132563, 132829, 132996, 133317, 134022, 135706, 135848, 136106, 136874, 137207, 137610, 138023, 138769, 138953, 139667, 140287, 141091, 141120, 141134, 141140, 141411, 141856, 141892, 142164, 142348, 142369, 146846, 146958, 147059, 149296, 149663, 149826, 201978, 202561, 202793, 206275, 207353, 207484, 208425, 209699, 210030, 210715, 212512, 212539, 212623, 212706, 212953, 213202, 262191, 262888, 263258, 263686, 263801, 263856, 264424, 265337, 265630, 267214, 267442, 267561, 268091, 269156, 269190, 269367, 269512, 269654, 269906, 270407, 270544, 270781, 270828, 271053, 271172, 271200, 272018, 272124, 327732, 328445, 328572, 328582, 328959, 393573, 393684, 396304, 396477, 398203, 399338] then
+	if bgp_path ~ [92, 174, 278, 680, 714, 1273, 1299, 1955, 2152, 2914, 3257, 3265, 3292, 3320, 3491, 3630, 3754, 5391, 5432, 5511, 6079, 6730, 6805, 6830, 6908, 7155, 7843, 7862, 8075, 8365, 8455, 8607, 8943, 9908, 10013, 11164, 11260, 11290, 11670, 12322, 12353, 12822, 12926, 13030, 13032, 13941, 14295, 15692, 16509, 17012, 18520, 19237, 20115, 20161, 21396, 23888, 23961, 24282, 24800, 26068, 27947, 29169, 30967, 30983, 31764, 33983, 34108, 34209, 34587, 35836, 35900, 36165, 36459, 37271, 37529, 38713, 39326, 39651, 40029, 40063, 43470, 46450, 47377, 47583, 47584, 48237, 48265, 48408, 49127, 49910, 49922, 51530, 51630, 52990, 53859, 54295, 54574, 55244, 57433, 57866, 58768, 60412, 60757, 61756, 62164, 62567, 62623, 63290, 131398, 131996, 132563, 132829, 132996, 134022, 135706, 135848, 136106, 136874, 137207, 137610, 138023, 138769, 138953, 139667, 140287, 141091, 141120, 141134, 141140, 141411, 141856, 141892, 142164, 142348, 142369, 146846, 146958, 147059, 149296, 149391, 149663, 149826, 201978, 202561, 202793, 203133, 203283, 206275, 207353, 207484, 208425, 209310, 209699, 210030, 210715, 212512, 212539, 212623, 212706, 213202, 262191, 262888, 263258, 263686, 263801, 263856, 264424, 265337, 265630, 267214, 267561, 268091, 269156, 269190, 269367, 269512, 269654, 269906, 270407, 270544, 270781, 270828, 271053, 271172, 271200, 272018, 272124, 327732, 328445, 328572, 328582, 328959, 393573, 393684, 396304, 396477, 398203, 398395, 399338] then
 	reject "AS_PATH [", bgp_path ,"] contains never via route-servers ASN - REJECTING ", net;
 
 
@@ -594,7 +594,7 @@ filter receive_from_AS10745_2 {
 
 
 	# AS_PATH: never via route-servers ASNs
-	if bgp_path ~ [92, 174, 278, 680, 714, 1273, 1299, 1955, 2152, 2914, 3257, 3265, 3292, 3320, 3491, 3630, 3754, 5391, 5432, 5511, 6079, 6730, 6805, 6830, 6908, 7155, 7843, 7862, 8075, 8365, 8455, 8607, 8943, 9908, 10013, 11164, 11260, 11290, 11670, 12322, 12353, 12822, 13030, 13032, 14295, 15692, 16509, 17012, 18520, 19237, 20115, 20161, 21396, 23888, 23961, 24282, 24800, 27947, 29169, 30967, 30983, 31764, 33983, 34108, 34209, 34587, 35836, 35900, 36165, 36459, 37271, 37529, 38713, 39326, 39651, 40029, 40063, 43470, 46450, 47377, 47583, 48237, 48265, 48408, 49127, 49910, 49922, 51530, 51630, 53859, 54295, 55244, 57433, 57468, 57866, 58768, 60412, 60757, 61756, 62164, 62567, 62623, 63290, 131398, 131996, 132563, 132829, 132996, 133317, 134022, 135706, 135848, 136106, 136874, 137207, 137610, 138023, 138769, 138953, 139667, 140287, 141091, 141120, 141134, 141140, 141411, 141856, 141892, 142164, 142348, 142369, 146846, 146958, 147059, 149296, 149663, 149826, 201978, 202561, 202793, 206275, 207353, 207484, 208425, 209699, 210030, 210715, 212512, 212539, 212623, 212706, 212953, 213202, 262191, 262888, 263258, 263686, 263801, 263856, 264424, 265337, 265630, 267214, 267442, 267561, 268091, 269156, 269190, 269367, 269512, 269654, 269906, 270407, 270544, 270781, 270828, 271053, 271172, 271200, 272018, 272124, 327732, 328445, 328572, 328582, 328959, 393573, 393684, 396304, 396477, 398203, 399338] then
+	if bgp_path ~ [92, 174, 278, 680, 714, 1273, 1299, 1955, 2152, 2914, 3257, 3265, 3292, 3320, 3491, 3630, 3754, 5391, 5432, 5511, 6079, 6730, 6805, 6830, 6908, 7155, 7843, 7862, 8075, 8365, 8455, 8607, 8943, 9908, 10013, 11164, 11260, 11290, 11670, 12322, 12353, 12822, 12926, 13030, 13032, 13941, 14295, 15692, 16509, 17012, 18520, 19237, 20115, 20161, 21396, 23888, 23961, 24282, 24800, 26068, 27947, 29169, 30967, 30983, 31764, 33983, 34108, 34209, 34587, 35836, 35900, 36165, 36459, 37271, 37529, 38713, 39326, 39651, 40029, 40063, 43470, 46450, 47377, 47583, 47584, 48237, 48265, 48408, 49127, 49910, 49922, 51530, 51630, 52990, 53859, 54295, 54574, 55244, 57433, 57866, 58768, 60412, 60757, 61756, 62164, 62567, 62623, 63290, 131398, 131996, 132563, 132829, 132996, 134022, 135706, 135848, 136106, 136874, 137207, 137610, 138023, 138769, 138953, 139667, 140287, 141091, 141120, 141134, 141140, 141411, 141856, 141892, 142164, 142348, 142369, 146846, 146958, 147059, 149296, 149391, 149663, 149826, 201978, 202561, 202793, 203133, 203283, 206275, 207353, 207484, 208425, 209310, 209699, 210030, 210715, 212512, 212539, 212623, 212706, 213202, 262191, 262888, 263258, 263686, 263801, 263856, 264424, 265337, 265630, 267214, 267561, 268091, 269156, 269190, 269367, 269512, 269654, 269906, 270407, 270544, 270781, 270828, 271053, 271172, 271200, 272018, 272124, 327732, 328445, 328572, 328582, 328959, 393573, 393684, 396304, 396477, 398203, 398395, 399338] then
 	reject "AS_PATH [", bgp_path ,"] contains never via route-servers ASN - REJECTING ", net;
 
 
@@ -773,7 +773,7 @@ filter receive_from_AS3333_1 {
 
 
 	# AS_PATH: never via route-servers ASNs
-	if bgp_path ~ [92, 174, 278, 680, 714, 1273, 1299, 1955, 2152, 2914, 3257, 3265, 3292, 3320, 3491, 3630, 3754, 5391, 5432, 5511, 6079, 6730, 6805, 6830, 6908, 7155, 7843, 7862, 8075, 8365, 8455, 8607, 8943, 9908, 10013, 11164, 11260, 11290, 11670, 12322, 12353, 12822, 13030, 13032, 14295, 15692, 16509, 17012, 18520, 19237, 20115, 20161, 21396, 23888, 23961, 24282, 24800, 27947, 29169, 30967, 30983, 31764, 33983, 34108, 34209, 34587, 35836, 35900, 36165, 36459, 37271, 37529, 38713, 39326, 39651, 40029, 40063, 43470, 46450, 47377, 47583, 48237, 48265, 48408, 49127, 49910, 49922, 51530, 51630, 53859, 54295, 55244, 57433, 57468, 57866, 58768, 60412, 60757, 61756, 62164, 62567, 62623, 63290, 131398, 131996, 132563, 132829, 132996, 133317, 134022, 135706, 135848, 136106, 136874, 137207, 137610, 138023, 138769, 138953, 139667, 140287, 141091, 141120, 141134, 141140, 141411, 141856, 141892, 142164, 142348, 142369, 146846, 146958, 147059, 149296, 149663, 149826, 201978, 202561, 202793, 206275, 207353, 207484, 208425, 209699, 210030, 210715, 212512, 212539, 212623, 212706, 212953, 213202, 262191, 262888, 263258, 263686, 263801, 263856, 264424, 265337, 265630, 267214, 267442, 267561, 268091, 269156, 269190, 269367, 269512, 269654, 269906, 270407, 270544, 270781, 270828, 271053, 271172, 271200, 272018, 272124, 327732, 328445, 328572, 328582, 328959, 393573, 393684, 396304, 396477, 398203, 399338] then
+	if bgp_path ~ [92, 174, 278, 680, 714, 1273, 1299, 1955, 2152, 2914, 3257, 3265, 3292, 3320, 3491, 3630, 3754, 5391, 5432, 5511, 6079, 6730, 6805, 6830, 6908, 7155, 7843, 7862, 8075, 8365, 8455, 8607, 8943, 9908, 10013, 11164, 11260, 11290, 11670, 12322, 12353, 12822, 12926, 13030, 13032, 13941, 14295, 15692, 16509, 17012, 18520, 19237, 20115, 20161, 21396, 23888, 23961, 24282, 24800, 26068, 27947, 29169, 30967, 30983, 31764, 33983, 34108, 34209, 34587, 35836, 35900, 36165, 36459, 37271, 37529, 38713, 39326, 39651, 40029, 40063, 43470, 46450, 47377, 47583, 47584, 48237, 48265, 48408, 49127, 49910, 49922, 51530, 51630, 52990, 53859, 54295, 54574, 55244, 57433, 57866, 58768, 60412, 60757, 61756, 62164, 62567, 62623, 63290, 131398, 131996, 132563, 132829, 132996, 134022, 135706, 135848, 136106, 136874, 137207, 137610, 138023, 138769, 138953, 139667, 140287, 141091, 141120, 141134, 141140, 141411, 141856, 141892, 142164, 142348, 142369, 146846, 146958, 147059, 149296, 149391, 149663, 149826, 201978, 202561, 202793, 203133, 203283, 206275, 207353, 207484, 208425, 209310, 209699, 210030, 210715, 212512, 212539, 212623, 212706, 213202, 262191, 262888, 263258, 263686, 263801, 263856, 264424, 265337, 265630, 267214, 267561, 268091, 269156, 269190, 269367, 269512, 269654, 269906, 270407, 270544, 270781, 270828, 271053, 271172, 271200, 272018, 272124, 327732, 328445, 328572, 328582, 328959, 393573, 393684, 396304, 396477, 398203, 398395, 399338] then
 	reject "AS_PATH [", bgp_path ,"] contains never via route-servers ASN - REJECTING ", net;
 
 
diff --git a/examples/default/openbgpd.conf b/examples/default/openbgpd.conf
index 14dc1d43..f39646b0 100644
--- a/examples/default/openbgpd.conf
+++ b/examples/default/openbgpd.conf
@@ -185,7 +185,7 @@ prefix-set "bogons" {
 
 # never via route-servers ASNs
 as-set "neverviarouteserver" {
-	92, 174, 278, 680, 714, 1273, 1299, 1955, 2152, 2914, 3257, 3265, 3292, 3320, 3491, 3630, 3754, 5391, 5432, 5511, 6079, 6730, 6805, 6830, 6908, 7155, 7843, 7862, 8075, 8365, 8455, 8607, 8943, 9908, 10013, 11164, 11260, 11290, 11670, 12322, 12353, 12822, 13030, 13032, 14295, 15692, 16509, 17012, 18520, 19237, 20115, 20161, 21396, 23888, 23961, 24282, 24800, 27947, 29169, 30967, 30983, 31764, 33983, 34108, 34209, 34587, 35836, 35900, 36165, 36459, 37271, 37529, 38713, 39326, 39651, 40029, 40063, 43470, 46450, 47377, 47583, 48237, 48265, 48408, 49127, 49910, 49922, 51530, 51630, 53859, 54295, 55244, 57433, 57468, 57866, 58768, 60412, 60757, 61756, 62164, 62567, 62623, 63290, 131398, 131996, 132563, 132829, 132996, 133317, 134022, 135706, 135848, 136106, 136874, 137207, 137610, 138023, 138769, 138953, 139667, 140287, 141091, 141120, 141134, 141140, 141411, 141856, 141892, 142164, 142348, 142369, 146846, 146958, 147059, 149296, 149663, 149826, 201978, 202561, 202793, 206275, 207353, 207484, 208425, 209699, 210030, 210715, 212512, 212539, 212623, 212706, 212953, 213202, 262191, 262888, 263258, 263686, 263801, 263856, 264424, 265337, 265630, 267214, 267442, 267561, 268091, 269156, 269190, 269367, 269512, 269654, 269906, 270407, 270544, 270781, 270828, 271053, 271172, 271200, 272018, 272124, 327732, 328445, 328572, 328582, 328959, 393573, 393684, 396304, 396477, 398203, 399338
+	92, 174, 278, 680, 714, 1273, 1299, 1955, 2152, 2914, 3257, 3265, 3292, 3320, 3491, 3630, 3754, 5391, 5432, 5511, 6079, 6730, 6805, 6830, 6908, 7155, 7843, 7862, 8075, 8365, 8455, 8607, 8943, 9908, 10013, 11164, 11260, 11290, 11670, 12322, 12353, 12822, 12926, 13030, 13032, 13941, 14295, 15692, 16509, 17012, 18520, 19237, 20115, 20161, 21396, 23888, 23961, 24282, 24800, 26068, 27947, 29169, 30967, 30983, 31764, 33983, 34108, 34209, 34587, 35836, 35900, 36165, 36459, 37271, 37529, 38713, 39326, 39651, 40029, 40063, 43470, 46450, 47377, 47583, 47584, 48237, 48265, 48408, 49127, 49910, 49922, 51530, 51630, 52990, 53859, 54295, 54574, 55244, 57433, 57866, 58768, 60412, 60757, 61756, 62164, 62567, 62623, 63290, 131398, 131996, 132563, 132829, 132996, 134022, 135706, 135848, 136106, 136874, 137207, 137610, 138023, 138769, 138953, 139667, 140287, 141091, 141120, 141134, 141140, 141411, 141856, 141892, 142164, 142348, 142369, 146846, 146958, 147059, 149296, 149391, 149663, 149826, 201978, 202561, 202793, 203133, 203283, 206275, 207353, 207484, 208425, 209310, 209699, 210030, 210715, 212512, 212539, 212623, 212706, 213202, 262191, 262888, 263258, 263686, 263801, 263856, 264424, 265337, 265630, 267214, 267561, 268091, 269156, 269190, 269367, 269512, 269654, 269906, 270407, 270544, 270781, 270828, 271053, 271172, 271200, 272018, 272124, 327732, 328445, 328572, 328582, 328959, 393573, 393684, 396304, 396477, 398203, 398395, 399338
 }
 
 # =====================================================================================
diff --git a/examples/default/template-context b/examples/default/template-context
index b96372e0..27a5d5be 100644
--- a/examples/default/template-context
+++ b/examples/default/template-context
@@ -1050,22 +1050,31 @@ registrobr_whois_db_records
 
 never_via_route_servers_asns
 ----------------------------
-- 34209
 - 6079
+- 7843
+- 1299
+- 3257
 - 3265
-- 11670
 - 8607
+- 6805
 - 12322
 - 6730
 - 13030
 - 3320
+- 1273
 - 174
 - 680
-- 8455
 - 2152
+- 6830
 - 3292
-- 35836
+- 5511
+- 8365
 - 21396
+- 8075
+- 39326
+- 6908
+- 11164
+- 5432
 - 2914
 - 29169
 - 16509
@@ -1073,69 +1082,56 @@ never_via_route_servers_asns
 - 20161
 - 11260
 - 34108
-- 7843
 - 20115
 - 39651
+- 48237
 - 9908
 - 15692
+- 47377
 - 10013
 - 8943
 - 5391
-- 48237
 - 37271
+- 714
 - 12353
-- 6908
+- 8455
+- 12926
 - 40029
-- 6830
-- 36459
-- 51530
-- 1273
 - 57433
-- 39326
-- 27947
-- 714
-- 62567
-- 8075
-- 3257
-- 11164
-- 12822
-- 35900
-- 5511
-- 7155
-- 6805
-- 47377
 - 57866
+- 36459
+- 7155
+- 12822
 - 46450
-- 263801
 - 17012
+- 263801
 - 63290
-- 8365
-- 5432
 - 278
+- 62567
 - 202793
 - 33983
+- 26068
 - 134022
-- 43470
 - 3754
-- 3630
 - 135706
 - 264424
 - 132563
+- 11670
+- 3630
 - 7862
 - 48408
-- 137207
 - 24282
 - 265630
 - 37529
 - 131996
 - 132829
-- 19237
-- 23961
+- 27947
+- 34209
 - 263856
 - 135848
-- 147059
+- 19237
 - 24800
-- 62623
+- 54574
 - 137610
 - 34587
 - 138023
@@ -1143,46 +1139,48 @@ never_via_route_servers_asns
 - 132996
 - 30983
 - 263258
+- 13941
 - 396477
 - 262191
 - 54295
-- 18520
-- 14295
 - 138953
 - 58768
 - 1955
 - 328572
 - 49127
 - 393573
+- 18520
+- 14295
 - 393684
 - 269156
 - 207353
 - 209699
 - 270544
 - 328582
-- 267442
 - 48265
 - 328445
+- 398395
 - 60412
 - 207484
 - 268091
 - 270781
 - 138769
-- 57468
-- 212953
 - 270407
-- 133317
+- 209310
 - 271053
 - 270828
 - 271172
+- 62623
 - 140287
 - 212706
 - 212623
+- 43470
 - 269367
 - 36165
 - 202561
 - 213202
 - 141120
+- 35836
 - 141411
 - 262888
 - 131398
@@ -1191,7 +1189,6 @@ never_via_route_servers_asns
 - 53859
 - 269654
 - 141892
-- 1299
 - 267214
 - 62164
 - 263686
@@ -1202,16 +1199,17 @@ never_via_route_servers_asns
 - 141140
 - 271200
 - 13032
+- 51530
 - 31764
 - 142369
+- 137207
 - 142348
 - 23888
-- 398203
 - 141856
 - 146846
 - 146958
+- 398203
 - 139667
-- 49922
 - 47583
 - 60757
 - 269512
@@ -1221,6 +1219,7 @@ never_via_route_servers_asns
 - 55244
 - 49910
 - 92
+- 147059
 - 136874
 - 40063
 - 149296
@@ -1230,15 +1229,23 @@ never_via_route_servers_asns
 - 272018
 - 396304
 - 269190
+- 35900
 - 265337
 - 201978
 - 208425
 - 212512
 - 142164
 - 149663
+- 23961
 - 149826
 - 210715
 - 206275
 - 272124
 - 61756
+- 49922
 - 267561
+- 47584
+- 52990
+- 203283
+- 203133
+- 149391
diff --git a/examples/default/template-context4 b/examples/default/template-context4
index 05cfde4a..55177790 100644
--- a/examples/default/template-context4
+++ b/examples/default/template-context4
@@ -1020,22 +1020,31 @@ registrobr_whois_db_records
 
 never_via_route_servers_asns
 ----------------------------
-- 34209
 - 6079
+- 7843
+- 1299
+- 3257
 - 3265
-- 11670
 - 8607
+- 6805
 - 12322
 - 6730
 - 13030
 - 3320
+- 1273
 - 174
 - 680
-- 8455
 - 2152
+- 6830
 - 3292
-- 35836
+- 5511
+- 8365
 - 21396
+- 8075
+- 39326
+- 6908
+- 11164
+- 5432
 - 2914
 - 29169
 - 16509
@@ -1043,69 +1052,56 @@ never_via_route_servers_asns
 - 20161
 - 11260
 - 34108
-- 7843
 - 20115
 - 39651
+- 48237
 - 9908
 - 15692
+- 47377
 - 10013
 - 8943
 - 5391
-- 48237
 - 37271
+- 714
 - 12353
-- 6908
+- 8455
+- 12926
 - 40029
-- 6830
-- 36459
-- 51530
-- 1273
 - 57433
-- 39326
-- 27947
-- 714
-- 62567
-- 8075
-- 3257
-- 11164
-- 12822
-- 35900
-- 5511
-- 7155
-- 6805
-- 47377
 - 57866
+- 36459
+- 7155
+- 12822
 - 46450
-- 263801
 - 17012
+- 263801
 - 63290
-- 8365
-- 5432
 - 278
+- 62567
 - 202793
 - 33983
+- 26068
 - 134022
-- 43470
 - 3754
-- 3630
 - 135706
 - 264424
 - 132563
+- 11670
+- 3630
 - 7862
 - 48408
-- 137207
 - 24282
 - 265630
 - 37529
 - 131996
 - 132829
-- 19237
-- 23961
+- 27947
+- 34209
 - 263856
 - 135848
-- 147059
+- 19237
 - 24800
-- 62623
+- 54574
 - 137610
 - 34587
 - 138023
@@ -1113,46 +1109,48 @@ never_via_route_servers_asns
 - 132996
 - 30983
 - 263258
+- 13941
 - 396477
 - 262191
 - 54295
-- 18520
-- 14295
 - 138953
 - 58768
 - 1955
 - 328572
 - 49127
 - 393573
+- 18520
+- 14295
 - 393684
 - 269156
 - 207353
 - 209699
 - 270544
 - 328582
-- 267442
 - 48265
 - 328445
+- 398395
 - 60412
 - 207484
 - 268091
 - 270781
 - 138769
-- 57468
-- 212953
 - 270407
-- 133317
+- 209310
 - 271053
 - 270828
 - 271172
+- 62623
 - 140287
 - 212706
 - 212623
+- 43470
 - 269367
 - 36165
 - 202561
 - 213202
 - 141120
+- 35836
 - 141411
 - 262888
 - 131398
@@ -1161,7 +1159,6 @@ never_via_route_servers_asns
 - 53859
 - 269654
 - 141892
-- 1299
 - 267214
 - 62164
 - 263686
@@ -1172,16 +1169,17 @@ never_via_route_servers_asns
 - 141140
 - 271200
 - 13032
+- 51530
 - 31764
 - 142369
+- 137207
 - 142348
 - 23888
-- 398203
 - 141856
 - 146846
 - 146958
+- 398203
 - 139667
-- 49922
 - 47583
 - 60757
 - 269512
@@ -1191,6 +1189,7 @@ never_via_route_servers_asns
 - 55244
 - 49910
 - 92
+- 147059
 - 136874
 - 40063
 - 149296
@@ -1200,15 +1199,23 @@ never_via_route_servers_asns
 - 272018
 - 396304
 - 269190
+- 35900
 - 265337
 - 201978
 - 208425
 - 212512
 - 142164
 - 149663
+- 23961
 - 149826
 - 210715
 - 206275
 - 272124
 - 61756
+- 49922
 - 267561
+- 47584
+- 52990
+- 203283
+- 203133
+- 149391
diff --git a/examples/default/template-context6 b/examples/default/template-context6
index afcd5dc4..8a4f04f4 100644
--- a/examples/default/template-context6
+++ b/examples/default/template-context6
@@ -969,22 +969,31 @@ registrobr_whois_db_records
 
 never_via_route_servers_asns
 ----------------------------
-- 34209
 - 6079
+- 7843
+- 1299
+- 3257
 - 3265
-- 11670
 - 8607
+- 6805
 - 12322
 - 6730
 - 13030
 - 3320
+- 1273
 - 174
 - 680
-- 8455
 - 2152
+- 6830
 - 3292
-- 35836
+- 5511
+- 8365
 - 21396
+- 8075
+- 39326
+- 6908
+- 11164
+- 5432
 - 2914
 - 29169
 - 16509
@@ -992,69 +1001,56 @@ never_via_route_servers_asns
 - 20161
 - 11260
 - 34108
-- 7843
 - 20115
 - 39651
+- 48237
 - 9908
 - 15692
+- 47377
 - 10013
 - 8943
 - 5391
-- 48237
 - 37271
+- 714
 - 12353
-- 6908
+- 8455
+- 12926
 - 40029
-- 6830
-- 36459
-- 51530
-- 1273
 - 57433
-- 39326
-- 27947
-- 714
-- 62567
-- 8075
-- 3257
-- 11164
-- 12822
-- 35900
-- 5511
-- 7155
-- 6805
-- 47377
 - 57866
+- 36459
+- 7155
+- 12822
 - 46450
-- 263801
 - 17012
+- 263801
 - 63290
-- 8365
-- 5432
 - 278
+- 62567
 - 202793
 - 33983
+- 26068
 - 134022
-- 43470
 - 3754
-- 3630
 - 135706
 - 264424
 - 132563
+- 11670
+- 3630
 - 7862
 - 48408
-- 137207
 - 24282
 - 265630
 - 37529
 - 131996
 - 132829
-- 19237
-- 23961
+- 27947
+- 34209
 - 263856
 - 135848
-- 147059
+- 19237
 - 24800
-- 62623
+- 54574
 - 137610
 - 34587
 - 138023
@@ -1062,46 +1058,48 @@ never_via_route_servers_asns
 - 132996
 - 30983
 - 263258
+- 13941
 - 396477
 - 262191
 - 54295
-- 18520
-- 14295
 - 138953
 - 58768
 - 1955
 - 328572
 - 49127
 - 393573
+- 18520
+- 14295
 - 393684
 - 269156
 - 207353
 - 209699
 - 270544
 - 328582
-- 267442
 - 48265
 - 328445
+- 398395
 - 60412
 - 207484
 - 268091
 - 270781
 - 138769
-- 57468
-- 212953
 - 270407
-- 133317
+- 209310
 - 271053
 - 270828
 - 271172
+- 62623
 - 140287
 - 212706
 - 212623
+- 43470
 - 269367
 - 36165
 - 202561
 - 213202
 - 141120
+- 35836
 - 141411
 - 262888
 - 131398
@@ -1110,7 +1108,6 @@ never_via_route_servers_asns
 - 53859
 - 269654
 - 141892
-- 1299
 - 267214
 - 62164
 - 263686
@@ -1121,16 +1118,17 @@ never_via_route_servers_asns
 - 141140
 - 271200
 - 13032
+- 51530
 - 31764
 - 142369
+- 137207
 - 142348
 - 23888
-- 398203
 - 141856
 - 146846
 - 146958
+- 398203
 - 139667
-- 49922
 - 47583
 - 60757
 - 269512
@@ -1140,6 +1138,7 @@ never_via_route_servers_asns
 - 55244
 - 49910
 - 92
+- 147059
 - 136874
 - 40063
 - 149296
@@ -1149,15 +1148,23 @@ never_via_route_servers_asns
 - 272018
 - 396304
 - 269190
+- 35900
 - 265337
 - 201978
 - 208425
 - 212512
 - 142164
 - 149663
+- 23961
 - 149826
 - 210715
 - 206275
 - 272124
 - 61756
+- 49922
 - 267561
+- 47584
+- 52990
+- 203283
+- 203133
+- 149391
diff --git a/examples/rich/bird4.conf b/examples/rich/bird4.conf
index dfe478e3..87e04cf6 100644
--- a/examples/rich/bird4.conf
+++ b/examples/rich/bird4.conf
@@ -74,10 +74,10 @@ define AS_SET_AS_RIPENCC_prefixes_4 = [
 
 # ARIN Whois database records
 define ARIN_Whois_db_AS10745_4 = [
-	192.136.136.0/24{24,32}, 	192.149.252.0/24{24,32}, 	199.43.0.0/24{24,32}
+	192.149.252.0/24{24,32}, 	192.136.136.0/24{24,32}, 	199.43.0.0/24{24,32}
 ];
 define ARIN_Whois_db_AS12654_4 = [
-	23.128.125.0/24{24,32}, 	23.128.25.0/24{24,32}, 	23.128.24.0/24{24,32}, 	23.128.124.0/24{24,32}
+	23.128.24.0/24{24,32}, 	23.128.124.0/24{24,32}, 	23.128.125.0/24{24,32}, 	23.128.25.0/24{24,32}
 ];
 
 
@@ -1758,7 +1758,7 @@ filter receive_from_AS10745_1 {
 
 
 	# AS_PATH: never via route-servers ASNs
-	if bgp_path ~ [92, 174, 278, 680, 714, 1273, 1299, 1955, 2152, 2914, 3257, 3265, 3292, 3320, 3491, 3630, 3754, 5391, 5432, 5511, 6079, 6730, 6805, 6830, 6908, 7155, 7843, 7862, 8075, 8365, 8455, 8607, 8943, 9908, 10013, 11164, 11260, 11290, 11670, 12322, 12353, 12822, 13030, 13032, 14295, 15692, 16509, 17012, 18520, 19237, 20115, 20161, 21396, 23888, 23961, 24282, 24800, 27947, 29169, 30967, 30983, 31764, 33983, 34108, 34209, 34587, 35836, 35900, 36165, 36459, 37271, 37529, 38713, 39326, 39651, 40029, 40063, 43470, 46450, 47377, 47583, 48237, 48265, 48408, 49127, 49910, 49922, 51530, 51630, 53859, 54295, 55244, 57433, 57468, 57866, 58768, 60412, 60757, 61756, 62164, 62567, 62623, 63290, 131398, 131996, 132563, 132829, 132996, 133317, 134022, 135706, 135848, 136106, 136874, 137207, 137610, 138023, 138769, 138953, 139667, 140287, 141091, 141120, 141134, 141140, 141411, 141856, 141892, 142164, 142348, 142369, 146846, 146958, 147059, 149296, 149663, 149826, 201978, 202561, 202793, 206275, 207353, 207484, 208425, 209699, 210030, 210715, 212512, 212539, 212623, 212706, 212953, 213202, 262191, 262888, 263258, 263686, 263801, 263856, 264424, 265337, 265630, 267214, 267442, 267561, 268091, 269156, 269190, 269367, 269512, 269654, 269906, 270407, 270544, 270781, 270828, 271053, 271172, 271200, 272018, 272124, 327732, 328445, 328572, 328582, 328959, 393573, 393684, 396304, 396477, 398203, 399338] then
+	if bgp_path ~ [92, 174, 278, 680, 714, 1273, 1299, 1955, 2152, 2914, 3257, 3265, 3292, 3320, 3491, 3630, 3754, 5391, 5432, 5511, 6079, 6730, 6805, 6830, 6908, 7155, 7843, 7862, 8075, 8365, 8455, 8607, 8943, 9908, 10013, 11164, 11260, 11290, 11670, 12322, 12353, 12822, 12926, 13030, 13032, 13941, 14295, 15692, 16509, 17012, 18520, 19237, 20115, 20161, 21396, 23888, 23961, 24282, 24800, 26068, 27947, 29169, 30967, 30983, 31764, 33983, 34108, 34209, 34587, 35836, 35900, 36165, 36459, 37271, 37529, 38713, 39326, 39651, 40029, 40063, 43470, 46450, 47377, 47583, 47584, 48237, 48265, 48408, 49127, 49910, 49922, 51530, 51630, 52990, 53859, 54295, 54574, 55244, 57433, 57866, 58768, 60412, 60757, 61756, 62164, 62567, 62623, 63290, 131398, 131996, 132563, 132829, 132996, 134022, 135706, 135848, 136106, 136874, 137207, 137610, 138023, 138769, 138953, 139667, 140287, 141091, 141120, 141134, 141140, 141411, 141856, 141892, 142164, 142348, 142369, 146846, 146958, 147059, 149296, 149391, 149663, 149826, 201978, 202561, 202793, 203133, 203283, 206275, 207353, 207484, 208425, 209310, 209699, 210030, 210715, 212512, 212539, 212623, 212706, 213202, 262191, 262888, 263258, 263686, 263801, 263856, 264424, 265337, 265630, 267214, 267561, 268091, 269156, 269190, 269367, 269512, 269654, 269906, 270407, 270544, 270781, 270828, 271053, 271172, 271200, 272018, 272124, 327732, 328445, 328572, 328582, 328959, 393573, 393684, 396304, 396477, 398203, 398395, 399338] then
 	reject "AS_PATH [", bgp_path ,"] contains never via route-servers ASN - REJECTING ", net;
 
 
@@ -1978,7 +1978,7 @@ filter receive_from_AS3333_1 {
 
 
 	# AS_PATH: never via route-servers ASNs
-	if bgp_path ~ [92, 174, 278, 680, 714, 1273, 1299, 1955, 2152, 2914, 3257, 3265, 3292, 3320, 3491, 3630, 3754, 5391, 5432, 5511, 6079, 6730, 6805, 6830, 6908, 7155, 7843, 7862, 8075, 8365, 8455, 8607, 8943, 9908, 10013, 11164, 11260, 11290, 11670, 12322, 12353, 12822, 13030, 13032, 14295, 15692, 16509, 17012, 18520, 19237, 20115, 20161, 21396, 23888, 23961, 24282, 24800, 27947, 29169, 30967, 30983, 31764, 33983, 34108, 34209, 34587, 35836, 35900, 36165, 36459, 37271, 37529, 38713, 39326, 39651, 40029, 40063, 43470, 46450, 47377, 47583, 48237, 48265, 48408, 49127, 49910, 49922, 51530, 51630, 53859, 54295, 55244, 57433, 57468, 57866, 58768, 60412, 60757, 61756, 62164, 62567, 62623, 63290, 131398, 131996, 132563, 132829, 132996, 133317, 134022, 135706, 135848, 136106, 136874, 137207, 137610, 138023, 138769, 138953, 139667, 140287, 141091, 141120, 141134, 141140, 141411, 141856, 141892, 142164, 142348, 142369, 146846, 146958, 147059, 149296, 149663, 149826, 201978, 202561, 202793, 206275, 207353, 207484, 208425, 209699, 210030, 210715, 212512, 212539, 212623, 212706, 212953, 213202, 262191, 262888, 263258, 263686, 263801, 263856, 264424, 265337, 265630, 267214, 267442, 267561, 268091, 269156, 269190, 269367, 269512, 269654, 269906, 270407, 270544, 270781, 270828, 271053, 271172, 271200, 272018, 272124, 327732, 328445, 328572, 328582, 328959, 393573, 393684, 396304, 396477, 398203, 399338] then
+	if bgp_path ~ [92, 174, 278, 680, 714, 1273, 1299, 1955, 2152, 2914, 3257, 3265, 3292, 3320, 3491, 3630, 3754, 5391, 5432, 5511, 6079, 6730, 6805, 6830, 6908, 7155, 7843, 7862, 8075, 8365, 8455, 8607, 8943, 9908, 10013, 11164, 11260, 11290, 11670, 12322, 12353, 12822, 12926, 13030, 13032, 13941, 14295, 15692, 16509, 17012, 18520, 19237, 20115, 20161, 21396, 23888, 23961, 24282, 24800, 26068, 27947, 29169, 30967, 30983, 31764, 33983, 34108, 34209, 34587, 35836, 35900, 36165, 36459, 37271, 37529, 38713, 39326, 39651, 40029, 40063, 43470, 46450, 47377, 47583, 47584, 48237, 48265, 48408, 49127, 49910, 49922, 51530, 51630, 52990, 53859, 54295, 54574, 55244, 57433, 57866, 58768, 60412, 60757, 61756, 62164, 62567, 62623, 63290, 131398, 131996, 132563, 132829, 132996, 134022, 135706, 135848, 136106, 136874, 137207, 137610, 138023, 138769, 138953, 139667, 140287, 141091, 141120, 141134, 141140, 141411, 141856, 141892, 142164, 142348, 142369, 146846, 146958, 147059, 149296, 149391, 149663, 149826, 201978, 202561, 202793, 203133, 203283, 206275, 207353, 207484, 208425, 209310, 209699, 210030, 210715, 212512, 212539, 212623, 212706, 213202, 262191, 262888, 263258, 263686, 263801, 263856, 264424, 265337, 265630, 267214, 267561, 268091, 269156, 269190, 269367, 269512, 269654, 269906, 270407, 270544, 270781, 270828, 271053, 271172, 271200, 272018, 272124, 327732, 328445, 328572, 328582, 328959, 393573, 393684, 396304, 396477, 398203, 398395, 399338] then
 	reject "AS_PATH [", bgp_path ,"] contains never via route-servers ASN - REJECTING ", net;
 
 
diff --git a/examples/rich/bird6.conf b/examples/rich/bird6.conf
index cbeb32fb..008c90b0 100644
--- a/examples/rich/bird6.conf
+++ b/examples/rich/bird6.conf
@@ -45,7 +45,7 @@ define AS_SET_AS10745_prefixes_6 = [
 
 # ARIN Whois database records
 define ARIN_Whois_db_AS10745_6 = [
-	2001:500:110::/48{48,128}, 	2001:500:4::/48{48,128}
+	2001:500:4::/48{48,128}, 	2001:500:110::/48{48,128}
 ];
 
 
@@ -1772,7 +1772,7 @@ filter receive_from_AS10745_2 {
 
 
 	# AS_PATH: never via route-servers ASNs
-	if bgp_path ~ [92, 174, 278, 680, 714, 1273, 1299, 1955, 2152, 2914, 3257, 3265, 3292, 3320, 3491, 3630, 3754, 5391, 5432, 5511, 6079, 6730, 6805, 6830, 6908, 7155, 7843, 7862, 8075, 8365, 8455, 8607, 8943, 9908, 10013, 11164, 11260, 11290, 11670, 12322, 12353, 12822, 13030, 13032, 14295, 15692, 16509, 17012, 18520, 19237, 20115, 20161, 21396, 23888, 23961, 24282, 24800, 27947, 29169, 30967, 30983, 31764, 33983, 34108, 34209, 34587, 35836, 35900, 36165, 36459, 37271, 37529, 38713, 39326, 39651, 40029, 40063, 43470, 46450, 47377, 47583, 48237, 48265, 48408, 49127, 49910, 49922, 51530, 51630, 53859, 54295, 55244, 57433, 57468, 57866, 58768, 60412, 60757, 61756, 62164, 62567, 62623, 63290, 131398, 131996, 132563, 132829, 132996, 133317, 134022, 135706, 135848, 136106, 136874, 137207, 137610, 138023, 138769, 138953, 139667, 140287, 141091, 141120, 141134, 141140, 141411, 141856, 141892, 142164, 142348, 142369, 146846, 146958, 147059, 149296, 149663, 149826, 201978, 202561, 202793, 206275, 207353, 207484, 208425, 209699, 210030, 210715, 212512, 212539, 212623, 212706, 212953, 213202, 262191, 262888, 263258, 263686, 263801, 263856, 264424, 265337, 265630, 267214, 267442, 267561, 268091, 269156, 269190, 269367, 269512, 269654, 269906, 270407, 270544, 270781, 270828, 271053, 271172, 271200, 272018, 272124, 327732, 328445, 328572, 328582, 328959, 393573, 393684, 396304, 396477, 398203, 399338] then
+	if bgp_path ~ [92, 174, 278, 680, 714, 1273, 1299, 1955, 2152, 2914, 3257, 3265, 3292, 3320, 3491, 3630, 3754, 5391, 5432, 5511, 6079, 6730, 6805, 6830, 6908, 7155, 7843, 7862, 8075, 8365, 8455, 8607, 8943, 9908, 10013, 11164, 11260, 11290, 11670, 12322, 12353, 12822, 12926, 13030, 13032, 13941, 14295, 15692, 16509, 17012, 18520, 19237, 20115, 20161, 21396, 23888, 23961, 24282, 24800, 26068, 27947, 29169, 30967, 30983, 31764, 33983, 34108, 34209, 34587, 35836, 35900, 36165, 36459, 37271, 37529, 38713, 39326, 39651, 40029, 40063, 43470, 46450, 47377, 47583, 47584, 48237, 48265, 48408, 49127, 49910, 49922, 51530, 51630, 52990, 53859, 54295, 54574, 55244, 57433, 57866, 58768, 60412, 60757, 61756, 62164, 62567, 62623, 63290, 131398, 131996, 132563, 132829, 132996, 134022, 135706, 135848, 136106, 136874, 137207, 137610, 138023, 138769, 138953, 139667, 140287, 141091, 141120, 141134, 141140, 141411, 141856, 141892, 142164, 142348, 142369, 146846, 146958, 147059, 149296, 149391, 149663, 149826, 201978, 202561, 202793, 203133, 203283, 206275, 207353, 207484, 208425, 209310, 209699, 210030, 210715, 212512, 212539, 212623, 212706, 213202, 262191, 262888, 263258, 263686, 263801, 263856, 264424, 265337, 265630, 267214, 267561, 268091, 269156, 269190, 269367, 269512, 269654, 269906, 270407, 270544, 270781, 270828, 271053, 271172, 271200, 272018, 272124, 327732, 328445, 328572, 328582, 328959, 393573, 393684, 396304, 396477, 398203, 398395, 399338] then
 	reject "AS_PATH [", bgp_path ,"] contains never via route-servers ASN - REJECTING ", net;
 
 
diff --git a/examples/rich/bird_v2.conf b/examples/rich/bird_v2.conf
index 6cb4a0b9..28ca6012 100644
--- a/examples/rich/bird_v2.conf
+++ b/examples/rich/bird_v2.conf
@@ -98,13 +98,13 @@ define AS_SET_AS_RIPENCC_prefixes_6 = [
 
 # ARIN Whois database records
 define ARIN_Whois_db_AS10745_4 = [
-	192.136.136.0/24{24,32}, 	199.43.0.0/24{24,32}, 	192.149.252.0/24{24,32}
+	192.136.136.0/24{24,32}, 	192.149.252.0/24{24,32}, 	199.43.0.0/24{24,32}
 ];
 define ARIN_Whois_db_AS10745_6 = [
 	2001:500:4::/48{48,128}, 	2001:500:110::/48{48,128}
 ];
 define ARIN_Whois_db_AS12654_4 = [
-	23.128.125.0/24{24,32}, 	23.128.124.0/24{24,32}, 	23.128.24.0/24{24,32}, 	23.128.25.0/24{24,32}
+	23.128.124.0/24{24,32}, 	23.128.24.0/24{24,32}, 	23.128.125.0/24{24,32}, 	23.128.25.0/24{24,32}
 ];
 # no IPv6 prefixes found in the ARIN Whois database for ASAS12654
 
@@ -1940,7 +1940,7 @@ filter receive_from_AS10745_1 {
 
 
 	# AS_PATH: never via route-servers ASNs
-	if bgp_path ~ [92, 174, 278, 680, 714, 1273, 1299, 1955, 2152, 2914, 3257, 3265, 3292, 3320, 3491, 3630, 3754, 5391, 5432, 5511, 6079, 6730, 6805, 6830, 6908, 7155, 7843, 7862, 8075, 8365, 8455, 8607, 8943, 9908, 10013, 11164, 11260, 11290, 11670, 12322, 12353, 12822, 13030, 13032, 14295, 15692, 16509, 17012, 18520, 19237, 20115, 20161, 21396, 23888, 23961, 24282, 24800, 27947, 29169, 30967, 30983, 31764, 33983, 34108, 34209, 34587, 35836, 35900, 36165, 36459, 37271, 37529, 38713, 39326, 39651, 40029, 40063, 43470, 46450, 47377, 47583, 48237, 48265, 48408, 49127, 49910, 49922, 51530, 51630, 53859, 54295, 55244, 57433, 57468, 57866, 58768, 60412, 60757, 61756, 62164, 62567, 62623, 63290, 131398, 131996, 132563, 132829, 132996, 133317, 134022, 135706, 135848, 136106, 136874, 137207, 137610, 138023, 138769, 138953, 139667, 140287, 141091, 141120, 141134, 141140, 141411, 141856, 141892, 142164, 142348, 142369, 146846, 146958, 147059, 149296, 149663, 149826, 201978, 202561, 202793, 206275, 207353, 207484, 208425, 209699, 210030, 210715, 212512, 212539, 212623, 212706, 212953, 213202, 262191, 262888, 263258, 263686, 263801, 263856, 264424, 265337, 265630, 267214, 267442, 267561, 268091, 269156, 269190, 269367, 269512, 269654, 269906, 270407, 270544, 270781, 270828, 271053, 271172, 271200, 272018, 272124, 327732, 328445, 328572, 328582, 328959, 393573, 393684, 396304, 396477, 398203, 399338] then
+	if bgp_path ~ [92, 174, 278, 680, 714, 1273, 1299, 1955, 2152, 2914, 3257, 3265, 3292, 3320, 3491, 3630, 3754, 5391, 5432, 5511, 6079, 6730, 6805, 6830, 6908, 7155, 7843, 7862, 8075, 8365, 8455, 8607, 8943, 9908, 10013, 11164, 11260, 11290, 11670, 12322, 12353, 12822, 12926, 13030, 13032, 13941, 14295, 15692, 16509, 17012, 18520, 19237, 20115, 20161, 21396, 23888, 23961, 24282, 24800, 26068, 27947, 29169, 30967, 30983, 31764, 33983, 34108, 34209, 34587, 35836, 35900, 36165, 36459, 37271, 37529, 38713, 39326, 39651, 40029, 40063, 43470, 46450, 47377, 47583, 47584, 48237, 48265, 48408, 49127, 49910, 49922, 51530, 51630, 52990, 53859, 54295, 54574, 55244, 57433, 57866, 58768, 60412, 60757, 61756, 62164, 62567, 62623, 63290, 131398, 131996, 132563, 132829, 132996, 134022, 135706, 135848, 136106, 136874, 137207, 137610, 138023, 138769, 138953, 139667, 140287, 141091, 141120, 141134, 141140, 141411, 141856, 141892, 142164, 142348, 142369, 146846, 146958, 147059, 149296, 149391, 149663, 149826, 201978, 202561, 202793, 203133, 203283, 206275, 207353, 207484, 208425, 209310, 209699, 210030, 210715, 212512, 212539, 212623, 212706, 213202, 262191, 262888, 263258, 263686, 263801, 263856, 264424, 265337, 265630, 267214, 267561, 268091, 269156, 269190, 269367, 269512, 269654, 269906, 270407, 270544, 270781, 270828, 271053, 271172, 271200, 272018, 272124, 327732, 328445, 328572, 328582, 328959, 393573, 393684, 396304, 396477, 398203, 398395, 399338] then
 	reject "AS_PATH [", bgp_path ,"] contains never via route-servers ASN - REJECTING ", net;
 
 
@@ -2165,7 +2165,7 @@ filter receive_from_AS10745_2 {
 
 
 	# AS_PATH: never via route-servers ASNs
-	if bgp_path ~ [92, 174, 278, 680, 714, 1273, 1299, 1955, 2152, 2914, 3257, 3265, 3292, 3320, 3491, 3630, 3754, 5391, 5432, 5511, 6079, 6730, 6805, 6830, 6908, 7155, 7843, 7862, 8075, 8365, 8455, 8607, 8943, 9908, 10013, 11164, 11260, 11290, 11670, 12322, 12353, 12822, 13030, 13032, 14295, 15692, 16509, 17012, 18520, 19237, 20115, 20161, 21396, 23888, 23961, 24282, 24800, 27947, 29169, 30967, 30983, 31764, 33983, 34108, 34209, 34587, 35836, 35900, 36165, 36459, 37271, 37529, 38713, 39326, 39651, 40029, 40063, 43470, 46450, 47377, 47583, 48237, 48265, 48408, 49127, 49910, 49922, 51530, 51630, 53859, 54295, 55244, 57433, 57468, 57866, 58768, 60412, 60757, 61756, 62164, 62567, 62623, 63290, 131398, 131996, 132563, 132829, 132996, 133317, 134022, 135706, 135848, 136106, 136874, 137207, 137610, 138023, 138769, 138953, 139667, 140287, 141091, 141120, 141134, 141140, 141411, 141856, 141892, 142164, 142348, 142369, 146846, 146958, 147059, 149296, 149663, 149826, 201978, 202561, 202793, 206275, 207353, 207484, 208425, 209699, 210030, 210715, 212512, 212539, 212623, 212706, 212953, 213202, 262191, 262888, 263258, 263686, 263801, 263856, 264424, 265337, 265630, 267214, 267442, 267561, 268091, 269156, 269190, 269367, 269512, 269654, 269906, 270407, 270544, 270781, 270828, 271053, 271172, 271200, 272018, 272124, 327732, 328445, 328572, 328582, 328959, 393573, 393684, 396304, 396477, 398203, 399338] then
+	if bgp_path ~ [92, 174, 278, 680, 714, 1273, 1299, 1955, 2152, 2914, 3257, 3265, 3292, 3320, 3491, 3630, 3754, 5391, 5432, 5511, 6079, 6730, 6805, 6830, 6908, 7155, 7843, 7862, 8075, 8365, 8455, 8607, 8943, 9908, 10013, 11164, 11260, 11290, 11670, 12322, 12353, 12822, 12926, 13030, 13032, 13941, 14295, 15692, 16509, 17012, 18520, 19237, 20115, 20161, 21396, 23888, 23961, 24282, 24800, 26068, 27947, 29169, 30967, 30983, 31764, 33983, 34108, 34209, 34587, 35836, 35900, 36165, 36459, 37271, 37529, 38713, 39326, 39651, 40029, 40063, 43470, 46450, 47377, 47583, 47584, 48237, 48265, 48408, 49127, 49910, 49922, 51530, 51630, 52990, 53859, 54295, 54574, 55244, 57433, 57866, 58768, 60412, 60757, 61756, 62164, 62567, 62623, 63290, 131398, 131996, 132563, 132829, 132996, 134022, 135706, 135848, 136106, 136874, 137207, 137610, 138023, 138769, 138953, 139667, 140287, 141091, 141120, 141134, 141140, 141411, 141856, 141892, 142164, 142348, 142369, 146846, 146958, 147059, 149296, 149391, 149663, 149826, 201978, 202561, 202793, 203133, 203283, 206275, 207353, 207484, 208425, 209310, 209699, 210030, 210715, 212512, 212539, 212623, 212706, 213202, 262191, 262888, 263258, 263686, 263801, 263856, 264424, 265337, 265630, 267214, 267561, 268091, 269156, 269190, 269367, 269512, 269654, 269906, 270407, 270544, 270781, 270828, 271053, 271172, 271200, 272018, 272124, 327732, 328445, 328572, 328582, 328959, 393573, 393684, 396304, 396477, 398203, 398395, 399338] then
 	reject "AS_PATH [", bgp_path ,"] contains never via route-servers ASN - REJECTING ", net;
 
 
@@ -2399,7 +2399,7 @@ filter receive_from_AS3333_1 {
 
 
 	# AS_PATH: never via route-servers ASNs
-	if bgp_path ~ [92, 174, 278, 680, 714, 1273, 1299, 1955, 2152, 2914, 3257, 3265, 3292, 3320, 3491, 3630, 3754, 5391, 5432, 5511, 6079, 6730, 6805, 6830, 6908, 7155, 7843, 7862, 8075, 8365, 8455, 8607, 8943, 9908, 10013, 11164, 11260, 11290, 11670, 12322, 12353, 12822, 13030, 13032, 14295, 15692, 16509, 17012, 18520, 19237, 20115, 20161, 21396, 23888, 23961, 24282, 24800, 27947, 29169, 30967, 30983, 31764, 33983, 34108, 34209, 34587, 35836, 35900, 36165, 36459, 37271, 37529, 38713, 39326, 39651, 40029, 40063, 43470, 46450, 47377, 47583, 48237, 48265, 48408, 49127, 49910, 49922, 51530, 51630, 53859, 54295, 55244, 57433, 57468, 57866, 58768, 60412, 60757, 61756, 62164, 62567, 62623, 63290, 131398, 131996, 132563, 132829, 132996, 133317, 134022, 135706, 135848, 136106, 136874, 137207, 137610, 138023, 138769, 138953, 139667, 140287, 141091, 141120, 141134, 141140, 141411, 141856, 141892, 142164, 142348, 142369, 146846, 146958, 147059, 149296, 149663, 149826, 201978, 202561, 202793, 206275, 207353, 207484, 208425, 209699, 210030, 210715, 212512, 212539, 212623, 212706, 212953, 213202, 262191, 262888, 263258, 263686, 263801, 263856, 264424, 265337, 265630, 267214, 267442, 267561, 268091, 269156, 269190, 269367, 269512, 269654, 269906, 270407, 270544, 270781, 270828, 271053, 271172, 271200, 272018, 272124, 327732, 328445, 328572, 328582, 328959, 393573, 393684, 396304, 396477, 398203, 399338] then
+	if bgp_path ~ [92, 174, 278, 680, 714, 1273, 1299, 1955, 2152, 2914, 3257, 3265, 3292, 3320, 3491, 3630, 3754, 5391, 5432, 5511, 6079, 6730, 6805, 6830, 6908, 7155, 7843, 7862, 8075, 8365, 8455, 8607, 8943, 9908, 10013, 11164, 11260, 11290, 11670, 12322, 12353, 12822, 12926, 13030, 13032, 13941, 14295, 15692, 16509, 17012, 18520, 19237, 20115, 20161, 21396, 23888, 23961, 24282, 24800, 26068, 27947, 29169, 30967, 30983, 31764, 33983, 34108, 34209, 34587, 35836, 35900, 36165, 36459, 37271, 37529, 38713, 39326, 39651, 40029, 40063, 43470, 46450, 47377, 47583, 47584, 48237, 48265, 48408, 49127, 49910, 49922, 51530, 51630, 52990, 53859, 54295, 54574, 55244, 57433, 57866, 58768, 60412, 60757, 61756, 62164, 62567, 62623, 63290, 131398, 131996, 132563, 132829, 132996, 134022, 135706, 135848, 136106, 136874, 137207, 137610, 138023, 138769, 138953, 139667, 140287, 141091, 141120, 141134, 141140, 141411, 141856, 141892, 142164, 142348, 142369, 146846, 146958, 147059, 149296, 149391, 149663, 149826, 201978, 202561, 202793, 203133, 203283, 206275, 207353, 207484, 208425, 209310, 209699, 210030, 210715, 212512, 212539, 212623, 212706, 213202, 262191, 262888, 263258, 263686, 263801, 263856, 264424, 265337, 265630, 267214, 267561, 268091, 269156, 269190, 269367, 269512, 269654, 269906, 270407, 270544, 270781, 270828, 271053, 271172, 271200, 272018, 272124, 327732, 328445, 328572, 328582, 328959, 393573, 393684, 396304, 396477, 398203, 398395, 399338] then
 	reject "AS_PATH [", bgp_path ,"] contains never via route-servers ASN - REJECTING ", net;
 
 
diff --git a/examples/rich/openbgpd.conf b/examples/rich/openbgpd.conf
index 4394b08c..baaed97c 100644
--- a/examples/rich/openbgpd.conf
+++ b/examples/rich/openbgpd.conf
@@ -115,11 +115,7 @@ group "clients" {
 	neighbor 192.0.2.22 {
 		remote-as 10745
 
-		# This is needed to avoid the bgpd error
-		#	"neighbors with add-path send cannot use 'rde evaluate all'"
-		# It overrides the global 'rde evaluate all' setting for
-		# the neighbors for which ADD-PATH is configured.
-		rde evaluate default
+		rde evaluate all
 
 		passive
 		ttl-security yes
@@ -139,11 +135,7 @@ group "clients" {
 	neighbor 2001:db8:1:1::22 {
 		remote-as 10745
 
-		# This is needed to avoid the bgpd error
-		#	"neighbors with add-path send cannot use 'rde evaluate all'"
-		# It overrides the global 'rde evaluate all' setting for
-		# the neighbors for which ADD-PATH is configured.
-		rde evaluate default
+		rde evaluate all
 
 		passive
 		ttl-security yes
@@ -163,11 +155,7 @@ group "clients" {
 	neighbor 192.0.2.11 {
 		remote-as 3333
 
-		# This is needed to avoid the bgpd error
-		#	"neighbors with add-path send cannot use 'rde evaluate all'"
-		# It overrides the global 'rde evaluate all' setting for
-		# the neighbors for which ADD-PATH is configured.
-		rde evaluate default
+		rde evaluate all
 
 		passive
 		ttl-security yes
@@ -255,7 +243,7 @@ prefix-set "bogons" {
 
 # never via route-servers ASNs
 as-set "neverviarouteserver" {
-	92, 174, 278, 680, 714, 1273, 1299, 1955, 2152, 2914, 3257, 3265, 3292, 3320, 3491, 3630, 3754, 5391, 5432, 5511, 6079, 6730, 6805, 6830, 6908, 7155, 7843, 7862, 8075, 8365, 8455, 8607, 8943, 9908, 10013, 11164, 11260, 11290, 11670, 12322, 12353, 12822, 13030, 13032, 14295, 15692, 16509, 17012, 18520, 19237, 20115, 20161, 21396, 23888, 23961, 24282, 24800, 27947, 29169, 30967, 30983, 31764, 33983, 34108, 34209, 34587, 35836, 35900, 36165, 36459, 37271, 37529, 38713, 39326, 39651, 40029, 40063, 43470, 46450, 47377, 47583, 48237, 48265, 48408, 49127, 49910, 49922, 51530, 51630, 53859, 54295, 55244, 57433, 57468, 57866, 58768, 60412, 60757, 61756, 62164, 62567, 62623, 63290, 131398, 131996, 132563, 132829, 132996, 133317, 134022, 135706, 135848, 136106, 136874, 137207, 137610, 138023, 138769, 138953, 139667, 140287, 141091, 141120, 141134, 141140, 141411, 141856, 141892, 142164, 142348, 142369, 146846, 146958, 147059, 149296, 149663, 149826, 201978, 202561, 202793, 206275, 207353, 207484, 208425, 209699, 210030, 210715, 212512, 212539, 212623, 212706, 212953, 213202, 262191, 262888, 263258, 263686, 263801, 263856, 264424, 265337, 265630, 267214, 267442, 267561, 268091, 269156, 269190, 269367, 269512, 269654, 269906, 270407, 270544, 270781, 270828, 271053, 271172, 271200, 272018, 272124, 327732, 328445, 328572, 328582, 328959, 393573, 393684, 396304, 396477, 398203, 399338
+	92, 174, 278, 680, 714, 1273, 1299, 1955, 2152, 2914, 3257, 3265, 3292, 3320, 3491, 3630, 3754, 5391, 5432, 5511, 6079, 6730, 6805, 6830, 6908, 7155, 7843, 7862, 8075, 8365, 8455, 8607, 8943, 9908, 10013, 11164, 11260, 11290, 11670, 12322, 12353, 12822, 12926, 13030, 13032, 13941, 14295, 15692, 16509, 17012, 18520, 19237, 20115, 20161, 21396, 23888, 23961, 24282, 24800, 26068, 27947, 29169, 30967, 30983, 31764, 33983, 34108, 34209, 34587, 35836, 35900, 36165, 36459, 37271, 37529, 38713, 39326, 39651, 40029, 40063, 43470, 46450, 47377, 47583, 47584, 48237, 48265, 48408, 49127, 49910, 49922, 51530, 51630, 52990, 53859, 54295, 54574, 55244, 57433, 57866, 58768, 60412, 60757, 61756, 62164, 62567, 62623, 63290, 131398, 131996, 132563, 132829, 132996, 134022, 135706, 135848, 136106, 136874, 137207, 137610, 138023, 138769, 138953, 139667, 140287, 141091, 141120, 141134, 141140, 141411, 141856, 141892, 142164, 142348, 142369, 146846, 146958, 147059, 149296, 149391, 149663, 149826, 201978, 202561, 202793, 203133, 203283, 206275, 207353, 207484, 208425, 209310, 209699, 210030, 210715, 212512, 212539, 212623, 212706, 213202, 262191, 262888, 263258, 263686, 263801, 263856, 264424, 265337, 265630, 267214, 267561, 268091, 269156, 269190, 269367, 269512, 269654, 269906, 270407, 270544, 270781, 270828, 271053, 271172, 271200, 272018, 272124, 327732, 328445, 328572, 328582, 328959, 393573, 393684, 396304, 396477, 398203, 398395, 399338
 }
 
 # =====================================================================================
diff --git a/examples/rich/template-context b/examples/rich/template-context
index 0621733c..dc4edbd7 100644
--- a/examples/rich/template-context
+++ b/examples/rich/template-context
@@ -1404,6 +1404,12 @@ AS10745:
   length: 24
   max_length: 32
   prefix: 192.136.136.0
+- exact: false
+  ge: 48
+  le: 128
+  length: 48
+  max_length: 128
+  prefix: '2001:500:110::'
 - exact: false
   ge: 48
   le: 128
@@ -1416,25 +1422,19 @@ AS10745:
   length: 24
   max_length: 32
   prefix: 192.149.252.0
-- exact: false
-  ge: 48
-  le: 128
-  length: 48
-  max_length: 128
-  prefix: '2001:500:110::'
 AS12654:
 - exact: false
   ge: 24
   le: 32
   length: 24
   max_length: 32
-  prefix: 23.128.124.0
+  prefix: 23.128.25.0
 - exact: false
   ge: 24
   le: 32
   length: 24
   max_length: 32
-  prefix: 23.128.125.0
+  prefix: 23.128.124.0
 - exact: false
   ge: 24
   le: 32
@@ -1446,7 +1446,7 @@ AS12654:
   le: 32
   length: 24
   max_length: 32
-  prefix: 23.128.25.0
+  prefix: 23.128.125.0
 
 
 registrobr_whois_db_records
@@ -1458,90 +1458,86 @@ never_via_route_servers_asns
 ----------------------------
 - 2914
 - 3491
-- 34209
 - 6079
+- 7843
+- 1299
+- 3257
 - 3265
-- 11670
 - 8607
+- 6805
 - 12322
 - 6730
 - 13030
 - 3320
+- 1273
 - 174
 - 680
-- 8455
 - 2152
+- 6830
 - 3292
-- 35836
+- 5511
+- 8365
 - 21396
+- 8075
+- 39326
+- 6908
+- 11164
+- 5432
 - 29169
 - 16509
 - 20161
 - 11260
 - 34108
-- 7843
 - 20115
 - 39651
+- 48237
 - 9908
 - 15692
+- 47377
 - 10013
 - 8943
 - 5391
-- 48237
 - 37271
+- 714
 - 12353
-- 6908
+- 8455
+- 12926
 - 40029
-- 6830
-- 36459
-- 51530
-- 1273
 - 57433
-- 39326
-- 27947
-- 714
-- 62567
-- 8075
-- 3257
-- 11164
-- 12822
-- 35900
-- 5511
-- 7155
-- 6805
-- 47377
 - 57866
+- 36459
+- 7155
+- 12822
 - 46450
-- 263801
 - 17012
+- 263801
 - 63290
-- 8365
-- 5432
 - 278
+- 62567
 - 202793
 - 33983
+- 26068
 - 134022
-- 43470
 - 3754
-- 3630
 - 135706
 - 264424
 - 132563
+- 11670
+- 3630
 - 7862
 - 48408
-- 137207
 - 24282
 - 265630
 - 37529
 - 131996
 - 132829
-- 19237
-- 23961
+- 27947
+- 34209
 - 263856
 - 135848
-- 147059
+- 19237
 - 24800
-- 62623
+- 54574
 - 137610
 - 34587
 - 138023
@@ -1549,46 +1545,48 @@ never_via_route_servers_asns
 - 132996
 - 30983
 - 263258
+- 13941
 - 396477
 - 262191
 - 54295
-- 18520
-- 14295
 - 138953
 - 58768
 - 1955
 - 328572
 - 49127
 - 393573
+- 18520
+- 14295
 - 393684
 - 269156
 - 207353
 - 209699
 - 270544
 - 328582
-- 267442
 - 48265
 - 328445
+- 398395
 - 60412
 - 207484
 - 268091
 - 270781
 - 138769
-- 57468
-- 212953
 - 270407
-- 133317
+- 209310
 - 271053
 - 270828
 - 271172
+- 62623
 - 140287
 - 212706
 - 212623
+- 43470
 - 269367
 - 36165
 - 202561
 - 213202
 - 141120
+- 35836
 - 141411
 - 262888
 - 131398
@@ -1597,7 +1595,6 @@ never_via_route_servers_asns
 - 53859
 - 269654
 - 141892
-- 1299
 - 267214
 - 62164
 - 263686
@@ -1608,16 +1605,17 @@ never_via_route_servers_asns
 - 141140
 - 271200
 - 13032
+- 51530
 - 31764
 - 142369
+- 137207
 - 142348
 - 23888
-- 398203
 - 141856
 - 146846
 - 146958
+- 398203
 - 139667
-- 49922
 - 47583
 - 60757
 - 269512
@@ -1627,6 +1625,7 @@ never_via_route_servers_asns
 - 55244
 - 49910
 - 92
+- 147059
 - 136874
 - 40063
 - 149296
@@ -1636,15 +1635,23 @@ never_via_route_servers_asns
 - 272018
 - 396304
 - 269190
+- 35900
 - 265337
 - 201978
 - 208425
 - 212512
 - 142164
 - 149663
+- 23961
 - 149826
 - 210715
 - 206275
 - 272124
 - 61756
+- 49922
 - 267561
+- 47584
+- 52990
+- 203283
+- 203133
+- 149391
diff --git a/examples/rich/template-context4 b/examples/rich/template-context4
index b2491f70..e0d41f87 100644
--- a/examples/rich/template-context4
+++ b/examples/rich/template-context4
@@ -1225,13 +1225,13 @@ AS10745:
   le: 32
   length: 24
   max_length: 32
-  prefix: 192.149.252.0
+  prefix: 192.136.136.0
 - exact: false
   ge: 24
   le: 32
   length: 24
   max_length: 32
-  prefix: 192.136.136.0
+  prefix: 192.149.252.0
 - exact: false
   ge: 24
   le: 32
@@ -1274,90 +1274,86 @@ never_via_route_servers_asns
 ----------------------------
 - 2914
 - 3491
-- 34209
 - 6079
+- 7843
+- 1299
+- 3257
 - 3265
-- 11670
 - 8607
+- 6805
 - 12322
 - 6730
 - 13030
 - 3320
+- 1273
 - 174
 - 680
-- 8455
 - 2152
+- 6830
 - 3292
-- 35836
+- 5511
+- 8365
 - 21396
+- 8075
+- 39326
+- 6908
+- 11164
+- 5432
 - 29169
 - 16509
 - 20161
 - 11260
 - 34108
-- 7843
 - 20115
 - 39651
+- 48237
 - 9908
 - 15692
+- 47377
 - 10013
 - 8943
 - 5391
-- 48237
 - 37271
+- 714
 - 12353
-- 6908
+- 8455
+- 12926
 - 40029
-- 6830
-- 36459
-- 51530
-- 1273
 - 57433
-- 39326
-- 27947
-- 714
-- 62567
-- 8075
-- 3257
-- 11164
-- 12822
-- 35900
-- 5511
-- 7155
-- 6805
-- 47377
 - 57866
+- 36459
+- 7155
+- 12822
 - 46450
-- 263801
 - 17012
+- 263801
 - 63290
-- 8365
-- 5432
 - 278
+- 62567
 - 202793
 - 33983
+- 26068
 - 134022
-- 43470
 - 3754
-- 3630
 - 135706
 - 264424
 - 132563
+- 11670
+- 3630
 - 7862
 - 48408
-- 137207
 - 24282
 - 265630
 - 37529
 - 131996
 - 132829
-- 19237
-- 23961
+- 27947
+- 34209
 - 263856
 - 135848
-- 147059
+- 19237
 - 24800
-- 62623
+- 54574
 - 137610
 - 34587
 - 138023
@@ -1365,46 +1361,48 @@ never_via_route_servers_asns
 - 132996
 - 30983
 - 263258
+- 13941
 - 396477
 - 262191
 - 54295
-- 18520
-- 14295
 - 138953
 - 58768
 - 1955
 - 328572
 - 49127
 - 393573
+- 18520
+- 14295
 - 393684
 - 269156
 - 207353
 - 209699
 - 270544
 - 328582
-- 267442
 - 48265
 - 328445
+- 398395
 - 60412
 - 207484
 - 268091
 - 270781
 - 138769
-- 57468
-- 212953
 - 270407
-- 133317
+- 209310
 - 271053
 - 270828
 - 271172
+- 62623
 - 140287
 - 212706
 - 212623
+- 43470
 - 269367
 - 36165
 - 202561
 - 213202
 - 141120
+- 35836
 - 141411
 - 262888
 - 131398
@@ -1413,7 +1411,6 @@ never_via_route_servers_asns
 - 53859
 - 269654
 - 141892
-- 1299
 - 267214
 - 62164
 - 263686
@@ -1424,16 +1421,17 @@ never_via_route_servers_asns
 - 141140
 - 271200
 - 13032
+- 51530
 - 31764
 - 142369
+- 137207
 - 142348
 - 23888
-- 398203
 - 141856
 - 146846
 - 146958
+- 398203
 - 139667
-- 49922
 - 47583
 - 60757
 - 269512
@@ -1443,6 +1441,7 @@ never_via_route_servers_asns
 - 55244
 - 49910
 - 92
+- 147059
 - 136874
 - 40063
 - 149296
@@ -1452,15 +1451,23 @@ never_via_route_servers_asns
 - 272018
 - 396304
 - 269190
+- 35900
 - 265337
 - 201978
 - 208425
 - 212512
 - 142164
 - 149663
+- 23961
 - 149826
 - 210715
 - 206275
 - 272124
 - 61756
+- 49922
 - 267561
+- 47584
+- 52990
+- 203283
+- 203133
+- 149391
diff --git a/examples/rich/template-context6 b/examples/rich/template-context6
index 0e1d3075..0401ad5d 100644
--- a/examples/rich/template-context6
+++ b/examples/rich/template-context6
@@ -1024,90 +1024,86 @@ never_via_route_servers_asns
 ----------------------------
 - 2914
 - 3491
-- 34209
 - 6079
+- 7843
+- 1299
+- 3257
 - 3265
-- 11670
 - 8607
+- 6805
 - 12322
 - 6730
 - 13030
 - 3320
+- 1273
 - 174
 - 680
-- 8455
 - 2152
+- 6830
 - 3292
-- 35836
+- 5511
+- 8365
 - 21396
+- 8075
+- 39326
+- 6908
+- 11164
+- 5432
 - 29169
 - 16509
 - 20161
 - 11260
 - 34108
-- 7843
 - 20115
 - 39651
+- 48237
 - 9908
 - 15692
+- 47377
 - 10013
 - 8943
 - 5391
-- 48237
 - 37271
+- 714
 - 12353
-- 6908
+- 8455
+- 12926
 - 40029
-- 6830
-- 36459
-- 51530
-- 1273
 - 57433
-- 39326
-- 27947
-- 714
-- 62567
-- 8075
-- 3257
-- 11164
-- 12822
-- 35900
-- 5511
-- 7155
-- 6805
-- 47377
 - 57866
+- 36459
+- 7155
+- 12822
 - 46450
-- 263801
 - 17012
+- 263801
 - 63290
-- 8365
-- 5432
 - 278
+- 62567
 - 202793
 - 33983
+- 26068
 - 134022
-- 43470
 - 3754
-- 3630
 - 135706
 - 264424
 - 132563
+- 11670
+- 3630
 - 7862
 - 48408
-- 137207
 - 24282
 - 265630
 - 37529
 - 131996
 - 132829
-- 19237
-- 23961
+- 27947
+- 34209
 - 263856
 - 135848
-- 147059
+- 19237
 - 24800
-- 62623
+- 54574
 - 137610
 - 34587
 - 138023
@@ -1115,46 +1111,48 @@ never_via_route_servers_asns
 - 132996
 - 30983
 - 263258
+- 13941
 - 396477
 - 262191
 - 54295
-- 18520
-- 14295
 - 138953
 - 58768
 - 1955
 - 328572
 - 49127
 - 393573
+- 18520
+- 14295
 - 393684
 - 269156
 - 207353
 - 209699
 - 270544
 - 328582
-- 267442
 - 48265
 - 328445
+- 398395
 - 60412
 - 207484
 - 268091
 - 270781
 - 138769
-- 57468
-- 212953
 - 270407
-- 133317
+- 209310
 - 271053
 - 270828
 - 271172
+- 62623
 - 140287
 - 212706
 - 212623
+- 43470
 - 269367
 - 36165
 - 202561
 - 213202
 - 141120
+- 35836
 - 141411
 - 262888
 - 131398
@@ -1163,7 +1161,6 @@ never_via_route_servers_asns
 - 53859
 - 269654
 - 141892
-- 1299
 - 267214
 - 62164
 - 263686
@@ -1174,16 +1171,17 @@ never_via_route_servers_asns
 - 141140
 - 271200
 - 13032
+- 51530
 - 31764
 - 142369
+- 137207
 - 142348
 - 23888
-- 398203
 - 141856
 - 146846
 - 146958
+- 398203
 - 139667
-- 49922
 - 47583
 - 60757
 - 269512
@@ -1193,6 +1191,7 @@ never_via_route_servers_asns
 - 55244
 - 49910
 - 92
+- 147059
 - 136874
 - 40063
 - 149296
@@ -1202,15 +1201,23 @@ never_via_route_servers_asns
 - 272018
 - 396304
 - 269190
+- 35900
 - 265337
 - 201978
 - 208425
 - 212512
 - 142164
 - 149663
+- 23961
 - 149826
 - 210715
 - 206275
 - 272124
 - 61756
+- 49922
 - 267561
+- 47584
+- 52990
+- 203283
+- 203133
+- 149391
diff --git a/examples/rpki_rtr/bird_v2.conf b/examples/rpki_rtr/bird_v2.conf
index 65de2f92..a3301eba 100644
--- a/examples/rpki_rtr/bird_v2.conf
+++ b/examples/rpki_rtr/bird_v2.conf
@@ -63,8 +63,8 @@ define AS_SET_AS1_asns = [
 ];
 
 define AS_SET_AS1_prefixes_4 = [
-	4.36.110.0/24, 	88.218.16.0/24, 	178.208.184.0/24, 	178.253.38.0/24,
-	178.253.55.0/24, 	185.255.126.0/24, 	199.48.180.0/24
+	4.36.110.0/24, 	178.208.184.0/24, 	178.253.38.0/24, 	178.253.55.0/24,
+	192.109.109.0/24, 	199.48.180.0/24
 ];
 # no IPv6 prefixes found for AS1
 
@@ -470,7 +470,7 @@ filter receive_from_AS10745_1 {
 
 
 	# AS_PATH: never via route-servers ASNs
-	if bgp_path ~ [92, 174, 278, 680, 714, 1273, 1299, 1955, 2152, 2914, 3257, 3265, 3292, 3320, 3491, 3630, 3754, 5391, 5432, 5511, 6079, 6730, 6805, 6830, 6908, 7155, 7843, 7862, 8075, 8365, 8455, 8607, 8943, 9908, 10013, 11164, 11260, 11290, 11670, 12322, 12353, 12822, 13030, 13032, 14295, 15692, 16509, 17012, 18520, 19237, 20115, 20161, 21396, 23888, 23961, 24282, 24800, 27947, 29169, 30967, 30983, 31764, 33983, 34108, 34209, 34587, 35836, 35900, 36165, 36459, 37271, 37529, 38713, 39326, 39651, 40029, 40063, 43470, 46450, 47377, 47583, 48237, 48265, 48408, 49127, 49910, 49922, 51530, 51630, 53859, 54295, 55244, 57433, 57468, 57866, 58768, 60412, 60757, 61756, 62164, 62567, 62623, 63290, 131398, 131996, 132563, 132829, 132996, 133317, 134022, 135706, 135848, 136106, 136874, 137207, 137610, 138023, 138769, 138953, 139667, 140287, 141091, 141120, 141134, 141140, 141411, 141856, 141892, 142164, 142348, 142369, 146846, 146958, 147059, 149296, 149663, 149826, 201978, 202561, 202793, 206275, 207353, 207484, 208425, 209699, 210030, 210715, 212512, 212539, 212623, 212706, 212953, 213202, 262191, 262888, 263258, 263686, 263801, 263856, 264424, 265337, 265630, 267214, 267442, 267561, 268091, 269156, 269190, 269367, 269512, 269654, 269906, 270407, 270544, 270781, 270828, 271053, 271172, 271200, 272018, 272124, 327732, 328445, 328572, 328582, 328959, 393573, 393684, 396304, 396477, 398203, 399338] then
+	if bgp_path ~ [92, 174, 278, 680, 714, 1273, 1299, 1955, 2152, 2914, 3257, 3265, 3292, 3320, 3491, 3630, 3754, 5391, 5432, 5511, 6079, 6730, 6805, 6830, 6908, 7155, 7843, 7862, 8075, 8365, 8455, 8607, 8943, 9908, 10013, 11164, 11260, 11290, 11670, 12322, 12353, 12822, 12926, 13030, 13032, 13941, 14295, 15692, 16509, 17012, 18520, 19237, 20115, 20161, 21396, 23888, 23961, 24282, 24800, 26068, 27947, 29169, 30967, 30983, 31764, 33983, 34108, 34209, 34587, 35836, 35900, 36165, 36459, 37271, 37529, 38713, 39326, 39651, 40029, 40063, 43470, 46450, 47377, 47583, 47584, 48237, 48265, 48408, 49127, 49910, 49922, 51530, 51630, 52990, 53859, 54295, 54574, 55244, 57433, 57866, 58768, 60412, 60757, 61756, 62164, 62567, 62623, 63290, 131398, 131996, 132563, 132829, 132996, 134022, 135706, 135848, 136106, 136874, 137207, 137610, 138023, 138769, 138953, 139667, 140287, 141091, 141120, 141134, 141140, 141411, 141856, 141892, 142164, 142348, 142369, 146846, 146958, 147059, 149296, 149391, 149663, 149826, 201978, 202561, 202793, 203133, 203283, 206275, 207353, 207484, 208425, 209310, 209699, 210030, 210715, 212512, 212539, 212623, 212706, 213202, 262191, 262888, 263258, 263686, 263801, 263856, 264424, 265337, 265630, 267214, 267561, 268091, 269156, 269190, 269367, 269512, 269654, 269906, 270407, 270544, 270781, 270828, 271053, 271172, 271200, 272018, 272124, 327732, 328445, 328572, 328582, 328959, 393573, 393684, 396304, 396477, 398203, 398395, 399338] then
 	reject "AS_PATH [", bgp_path ,"] contains never via route-servers ASN - REJECTING ", net;
 
 
@@ -648,7 +648,7 @@ filter receive_from_AS10745_2 {
 
 
 	# AS_PATH: never via route-servers ASNs
-	if bgp_path ~ [92, 174, 278, 680, 714, 1273, 1299, 1955, 2152, 2914, 3257, 3265, 3292, 3320, 3491, 3630, 3754, 5391, 5432, 5511, 6079, 6730, 6805, 6830, 6908, 7155, 7843, 7862, 8075, 8365, 8455, 8607, 8943, 9908, 10013, 11164, 11260, 11290, 11670, 12322, 12353, 12822, 13030, 13032, 14295, 15692, 16509, 17012, 18520, 19237, 20115, 20161, 21396, 23888, 23961, 24282, 24800, 27947, 29169, 30967, 30983, 31764, 33983, 34108, 34209, 34587, 35836, 35900, 36165, 36459, 37271, 37529, 38713, 39326, 39651, 40029, 40063, 43470, 46450, 47377, 47583, 48237, 48265, 48408, 49127, 49910, 49922, 51530, 51630, 53859, 54295, 55244, 57433, 57468, 57866, 58768, 60412, 60757, 61756, 62164, 62567, 62623, 63290, 131398, 131996, 132563, 132829, 132996, 133317, 134022, 135706, 135848, 136106, 136874, 137207, 137610, 138023, 138769, 138953, 139667, 140287, 141091, 141120, 141134, 141140, 141411, 141856, 141892, 142164, 142348, 142369, 146846, 146958, 147059, 149296, 149663, 149826, 201978, 202561, 202793, 206275, 207353, 207484, 208425, 209699, 210030, 210715, 212512, 212539, 212623, 212706, 212953, 213202, 262191, 262888, 263258, 263686, 263801, 263856, 264424, 265337, 265630, 267214, 267442, 267561, 268091, 269156, 269190, 269367, 269512, 269654, 269906, 270407, 270544, 270781, 270828, 271053, 271172, 271200, 272018, 272124, 327732, 328445, 328572, 328582, 328959, 393573, 393684, 396304, 396477, 398203, 399338] then
+	if bgp_path ~ [92, 174, 278, 680, 714, 1273, 1299, 1955, 2152, 2914, 3257, 3265, 3292, 3320, 3491, 3630, 3754, 5391, 5432, 5511, 6079, 6730, 6805, 6830, 6908, 7155, 7843, 7862, 8075, 8365, 8455, 8607, 8943, 9908, 10013, 11164, 11260, 11290, 11670, 12322, 12353, 12822, 12926, 13030, 13032, 13941, 14295, 15692, 16509, 17012, 18520, 19237, 20115, 20161, 21396, 23888, 23961, 24282, 24800, 26068, 27947, 29169, 30967, 30983, 31764, 33983, 34108, 34209, 34587, 35836, 35900, 36165, 36459, 37271, 37529, 38713, 39326, 39651, 40029, 40063, 43470, 46450, 47377, 47583, 47584, 48237, 48265, 48408, 49127, 49910, 49922, 51530, 51630, 52990, 53859, 54295, 54574, 55244, 57433, 57866, 58768, 60412, 60757, 61756, 62164, 62567, 62623, 63290, 131398, 131996, 132563, 132829, 132996, 134022, 135706, 135848, 136106, 136874, 137207, 137610, 138023, 138769, 138953, 139667, 140287, 141091, 141120, 141134, 141140, 141411, 141856, 141892, 142164, 142348, 142369, 146846, 146958, 147059, 149296, 149391, 149663, 149826, 201978, 202561, 202793, 203133, 203283, 206275, 207353, 207484, 208425, 209310, 209699, 210030, 210715, 212512, 212539, 212623, 212706, 213202, 262191, 262888, 263258, 263686, 263801, 263856, 264424, 265337, 265630, 267214, 267561, 268091, 269156, 269190, 269367, 269512, 269654, 269906, 270407, 270544, 270781, 270828, 271053, 271172, 271200, 272018, 272124, 327732, 328445, 328572, 328582, 328959, 393573, 393684, 396304, 396477, 398203, 398395, 399338] then
 	reject "AS_PATH [", bgp_path ,"] contains never via route-servers ASN - REJECTING ", net;
 
 
@@ -830,7 +830,7 @@ filter receive_from_AS1_1 {
 
 
 	# AS_PATH: never via route-servers ASNs
-	if bgp_path ~ [92, 174, 278, 680, 714, 1273, 1299, 1955, 2152, 2914, 3257, 3265, 3292, 3320, 3491, 3630, 3754, 5391, 5432, 5511, 6079, 6730, 6805, 6830, 6908, 7155, 7843, 7862, 8075, 8365, 8455, 8607, 8943, 9908, 10013, 11164, 11260, 11290, 11670, 12322, 12353, 12822, 13030, 13032, 14295, 15692, 16509, 17012, 18520, 19237, 20115, 20161, 21396, 23888, 23961, 24282, 24800, 27947, 29169, 30967, 30983, 31764, 33983, 34108, 34209, 34587, 35836, 35900, 36165, 36459, 37271, 37529, 38713, 39326, 39651, 40029, 40063, 43470, 46450, 47377, 47583, 48237, 48265, 48408, 49127, 49910, 49922, 51530, 51630, 53859, 54295, 55244, 57433, 57468, 57866, 58768, 60412, 60757, 61756, 62164, 62567, 62623, 63290, 131398, 131996, 132563, 132829, 132996, 133317, 134022, 135706, 135848, 136106, 136874, 137207, 137610, 138023, 138769, 138953, 139667, 140287, 141091, 141120, 141134, 141140, 141411, 141856, 141892, 142164, 142348, 142369, 146846, 146958, 147059, 149296, 149663, 149826, 201978, 202561, 202793, 206275, 207353, 207484, 208425, 209699, 210030, 210715, 212512, 212539, 212623, 212706, 212953, 213202, 262191, 262888, 263258, 263686, 263801, 263856, 264424, 265337, 265630, 267214, 267442, 267561, 268091, 269156, 269190, 269367, 269512, 269654, 269906, 270407, 270544, 270781, 270828, 271053, 271172, 271200, 272018, 272124, 327732, 328445, 328572, 328582, 328959, 393573, 393684, 396304, 396477, 398203, 399338] then
+	if bgp_path ~ [92, 174, 278, 680, 714, 1273, 1299, 1955, 2152, 2914, 3257, 3265, 3292, 3320, 3491, 3630, 3754, 5391, 5432, 5511, 6079, 6730, 6805, 6830, 6908, 7155, 7843, 7862, 8075, 8365, 8455, 8607, 8943, 9908, 10013, 11164, 11260, 11290, 11670, 12322, 12353, 12822, 12926, 13030, 13032, 13941, 14295, 15692, 16509, 17012, 18520, 19237, 20115, 20161, 21396, 23888, 23961, 24282, 24800, 26068, 27947, 29169, 30967, 30983, 31764, 33983, 34108, 34209, 34587, 35836, 35900, 36165, 36459, 37271, 37529, 38713, 39326, 39651, 40029, 40063, 43470, 46450, 47377, 47583, 47584, 48237, 48265, 48408, 49127, 49910, 49922, 51530, 51630, 52990, 53859, 54295, 54574, 55244, 57433, 57866, 58768, 60412, 60757, 61756, 62164, 62567, 62623, 63290, 131398, 131996, 132563, 132829, 132996, 134022, 135706, 135848, 136106, 136874, 137207, 137610, 138023, 138769, 138953, 139667, 140287, 141091, 141120, 141134, 141140, 141411, 141856, 141892, 142164, 142348, 142369, 146846, 146958, 147059, 149296, 149391, 149663, 149826, 201978, 202561, 202793, 203133, 203283, 206275, 207353, 207484, 208425, 209310, 209699, 210030, 210715, 212512, 212539, 212623, 212706, 213202, 262191, 262888, 263258, 263686, 263801, 263856, 264424, 265337, 265630, 267214, 267561, 268091, 269156, 269190, 269367, 269512, 269654, 269906, 270407, 270544, 270781, 270828, 271053, 271172, 271200, 272018, 272124, 327732, 328445, 328572, 328582, 328959, 393573, 393684, 396304, 396477, 398203, 398395, 399338] then
 	reject "AS_PATH [", bgp_path ,"] contains never via route-servers ASN - REJECTING ", net;
 
 
@@ -1008,7 +1008,7 @@ filter receive_from_AS3333_1 {
 
 
 	# AS_PATH: never via route-servers ASNs
-	if bgp_path ~ [92, 174, 278, 680, 714, 1273, 1299, 1955, 2152, 2914, 3257, 3265, 3292, 3320, 3491, 3630, 3754, 5391, 5432, 5511, 6079, 6730, 6805, 6830, 6908, 7155, 7843, 7862, 8075, 8365, 8455, 8607, 8943, 9908, 10013, 11164, 11260, 11290, 11670, 12322, 12353, 12822, 13030, 13032, 14295, 15692, 16509, 17012, 18520, 19237, 20115, 20161, 21396, 23888, 23961, 24282, 24800, 27947, 29169, 30967, 30983, 31764, 33983, 34108, 34209, 34587, 35836, 35900, 36165, 36459, 37271, 37529, 38713, 39326, 39651, 40029, 40063, 43470, 46450, 47377, 47583, 48237, 48265, 48408, 49127, 49910, 49922, 51530, 51630, 53859, 54295, 55244, 57433, 57468, 57866, 58768, 60412, 60757, 61756, 62164, 62567, 62623, 63290, 131398, 131996, 132563, 132829, 132996, 133317, 134022, 135706, 135848, 136106, 136874, 137207, 137610, 138023, 138769, 138953, 139667, 140287, 141091, 141120, 141134, 141140, 141411, 141856, 141892, 142164, 142348, 142369, 146846, 146958, 147059, 149296, 149663, 149826, 201978, 202561, 202793, 206275, 207353, 207484, 208425, 209699, 210030, 210715, 212512, 212539, 212623, 212706, 212953, 213202, 262191, 262888, 263258, 263686, 263801, 263856, 264424, 265337, 265630, 267214, 267442, 267561, 268091, 269156, 269190, 269367, 269512, 269654, 269906, 270407, 270544, 270781, 270828, 271053, 271172, 271200, 272018, 272124, 327732, 328445, 328572, 328582, 328959, 393573, 393684, 396304, 396477, 398203, 399338] then
+	if bgp_path ~ [92, 174, 278, 680, 714, 1273, 1299, 1955, 2152, 2914, 3257, 3265, 3292, 3320, 3491, 3630, 3754, 5391, 5432, 5511, 6079, 6730, 6805, 6830, 6908, 7155, 7843, 7862, 8075, 8365, 8455, 8607, 8943, 9908, 10013, 11164, 11260, 11290, 11670, 12322, 12353, 12822, 12926, 13030, 13032, 13941, 14295, 15692, 16509, 17012, 18520, 19237, 20115, 20161, 21396, 23888, 23961, 24282, 24800, 26068, 27947, 29169, 30967, 30983, 31764, 33983, 34108, 34209, 34587, 35836, 35900, 36165, 36459, 37271, 37529, 38713, 39326, 39651, 40029, 40063, 43470, 46450, 47377, 47583, 47584, 48237, 48265, 48408, 49127, 49910, 49922, 51530, 51630, 52990, 53859, 54295, 54574, 55244, 57433, 57866, 58768, 60412, 60757, 61756, 62164, 62567, 62623, 63290, 131398, 131996, 132563, 132829, 132996, 134022, 135706, 135848, 136106, 136874, 137207, 137610, 138023, 138769, 138953, 139667, 140287, 141091, 141120, 141134, 141140, 141411, 141856, 141892, 142164, 142348, 142369, 146846, 146958, 147059, 149296, 149391, 149663, 149826, 201978, 202561, 202793, 203133, 203283, 206275, 207353, 207484, 208425, 209310, 209699, 210030, 210715, 212512, 212539, 212623, 212706, 213202, 262191, 262888, 263258, 263686, 263801, 263856, 264424, 265337, 265630, 267214, 267561, 268091, 269156, 269190, 269367, 269512, 269654, 269906, 270407, 270544, 270781, 270828, 271053, 271172, 271200, 272018, 272124, 327732, 328445, 328572, 328582, 328959, 393573, 393684, 396304, 396477, 398203, 398395, 399338] then
 	reject "AS_PATH [", bgp_path ,"] contains never via route-servers ASN - REJECTING ", net;
 
 
diff --git a/tests/last b/tests/last
index a0264ca2..77e7ceae 100644
--- a/tests/last
+++ b/tests/last
@@ -247,7 +247,7 @@ RTT getter parser: new line only ... ok
 RTT getter parser: none ... ok
 
 ----------------------------------------------------------------------
-Ran 247 tests in 68.563s
+Ran 247 tests in 63.405s
 
 OK
 External resources: ARIN Whois database dump ... ok
@@ -267,7 +267,7 @@ External resources: prefixes from AS-SET via bgpq3 ... ok
 External resources: prefixes from AS-SET via bgpq4 ... ok
 
 ----------------------------------------------------------------------
-Ran 15 tests in 48.245s
+Ran 15 tests in 62.975s
 
 OK
 Live test, BIRD, hooks example, IPv4: setting instances up...
@@ -284,7 +284,7 @@ Live test, BIRD, hooks example, IPv6: dumping routes...
 Live test, BIRD, hooks example, IPv6: stopping instances...
 
 ----------------------------------------------------------------------
-Ran 4 tests in 14.255s
+Ran 4 tests in 15.078s
 
 OK
 Live test, BIRD, BGP communities, IPv4: setting instances up...
@@ -323,7 +323,7 @@ Live test, BIRD, BGP communities, IPv6: dumping routes...
 Live test, BIRD, BGP communities, IPv6: stopping instances...
 
 ----------------------------------------------------------------------
-Ran 26 tests in 64.025s
+Ran 26 tests in 69.024s
 
 OK
 Live test, BIRD, default config, IPv4: setting instances up...
@@ -340,7 +340,7 @@ Live test, BIRD, default config, IPv6: dumping routes...
 Live test, BIRD, default config, IPv6: stopping instances...
 
 ----------------------------------------------------------------------
-Ran 4 tests in 15.047s
+Ran 4 tests in 16.964s
 
 OK
 Live test, BIRD, global scenario, IPv4: setting instances up...
@@ -881,7 +881,7 @@ Live test, BIRD, global scenario, IPv6, tag&reject: dumping routes...
 Live test, BIRD, global scenario, IPv6, tag&reject: stopping instances...
 
 ----------------------------------------------------------------------
-Ran 512 tests in 509.215s
+Ran 512 tests in 540.852s
 
 OK (SKIP=6)
 Live test, BIRD, gshut, IPv4: setting instances up...
@@ -904,7 +904,7 @@ Live test, BIRD, gshut, IPv6: dumping routes...
 Live test, BIRD, gshut, IPv6: stopping instances...
 
 ----------------------------------------------------------------------
-Ran 10 tests in 44.425s
+Ran 10 tests in 49.582s
 
 OK
 Live test, BIRD, max-prefix, IPv4: setting instances up...
@@ -943,7 +943,7 @@ Live test, BIRD, max-prefix, IPv6: dumping routes...
 Live test, BIRD, max-prefix, IPv6: stopping instances...
 
 ----------------------------------------------------------------------
-Ran 26 tests in 165.497s
+Ran 26 tests in 172.653s
 
 OK
 Live test, BIRD, path hiding, mitigation off, IPv4: setting instances up...
@@ -1002,7 +1002,7 @@ Live test, BIRD, path hiding, mitigation on, IPv6: dumping routes...
 Live test, BIRD, path hiding, mitigation on, IPv6: stopping instances...
 
 ----------------------------------------------------------------------
-Ran 38 tests in 174.239s
+Ran 38 tests in 176.240s
 
 OK (SKIP=2)
 Live test, BIRD, examples, rich config, IPv4: setting instances up...
@@ -1019,7 +1019,7 @@ Live test, BIRD, examples, rich config, IPv6: dumping routes...
 Live test, BIRD, examples, rich config, IPv6: stopping instances...
 
 ----------------------------------------------------------------------
-Ran 4 tests in 26.304s
+Ran 4 tests in 20.184s
 
 OK
 Live test, BIRD, RPKI INVALID tagging, IPv4: setting instances up...
@@ -1060,7 +1060,7 @@ Live test, BIRD, RPKI INVALID tagging, IPv6: dumping routes...
 Live test, BIRD, RPKI INVALID tagging, IPv6: stopping instances...
 
 ----------------------------------------------------------------------
-Ran 28 tests in 83.631s
+Ran 28 tests in 79.876s
 
 OK
 Live test, BIRD, BOV custom comms, IPv4: setting instances up...
@@ -1085,7 +1085,7 @@ Live test, BIRD, BOV custom comms, IPv6: dumping routes...
 Live test, BIRD, BOV custom comms, IPv6: stopping instances...
 
 ----------------------------------------------------------------------
-Ran 12 tests in 46.496s
+Ran 12 tests in 45.674s
 
 OK
 Live test, BIRD, tag prefix/origin in AS-SET, IPv4: setting instances up...
@@ -1272,7 +1272,7 @@ Live test, BIRD, tag prefix/origin empty AS-SET, IPv6: dumping routes...
 Live test, BIRD, tag prefix/origin empty AS-SET, IPv6: stopping instances...
 
 ----------------------------------------------------------------------
-Ran 166 tests in 168.950s
+Ran 166 tests in 172.100s
 
 OK
 Live test, BIRD, 'tag' reject policy scenario, IPv4: setting instances up...
@@ -1329,7 +1329,7 @@ Live test, BIRD, 'tag' reject policy scenario, IPv6: dumping routes...
 Live test, BIRD, 'tag' reject policy scenario, IPv6: stopping instances...
 
 ----------------------------------------------------------------------
-Ran 44 tests in 114.618s
+Ran 44 tests in 121.872s
 
 OK (SKIP=1)
 Live test, BIRD v2, BGP communities, IPv4: setting instances up...
@@ -1368,7 +1368,7 @@ Live test, BIRD v2, BGP communities, IPv6: dumping routes...
 Live test, BIRD v2, BGP communities, IPv6: stopping instances...
 
 ----------------------------------------------------------------------
-Ran 26 tests in 63.218s
+Ran 26 tests in 67.131s
 
 OK
 Live test, BIRD v2, default config, IPv4: setting instances up...
@@ -1385,7 +1385,7 @@ Live test, BIRD v2, default config, IPv6: dumping routes...
 Live test, BIRD v2, default config, IPv6: stopping instances...
 
 ----------------------------------------------------------------------
-Ran 4 tests in 14.591s
+Ran 4 tests in 15.314s
 
 OK
 Live test, BIRD v2, global scenario, IPv4: setting instances up...
@@ -1926,7 +1926,7 @@ Live test, BIRD v2, global scenario, IPv6, tag&reject: dumping routes...
 Live test, BIRD v2, global scenario, IPv6, tag&reject: stopping instances...
 
 ----------------------------------------------------------------------
-Ran 512 tests in 499.002s
+Ran 512 tests in 513.873s
 
 OK (SKIP=6)
 Live test, BIRD v2, gshut, IPv4: setting instances up...
@@ -1949,7 +1949,7 @@ Live test, BIRD v2, gshut, IPv6: dumping routes...
 Live test, BIRD v2, gshut, IPv6: stopping instances...
 
 ----------------------------------------------------------------------
-Ran 10 tests in 44.138s
+Ran 10 tests in 50.348s
 
 OK
 Live test, BIRD v2, max-prefix, IPv4: setting instances up...
@@ -1988,7 +1988,7 @@ Live test, BIRD v2, max-prefix, IPv6: dumping routes...
 Live test, BIRD v2, max-prefix, IPv6: stopping instances...
 
 ----------------------------------------------------------------------
-Ran 26 tests in 165.985s
+Ran 26 tests in 183.754s
 
 OK
 Live test, BIRD v2, path hiding, mitigation off, IPv4: setting instances up...
@@ -2047,7 +2047,7 @@ Live test, BIRD v2, path hiding, mitigation on, IPv6: dumping routes...
 Live test, BIRD v2, path hiding, mitigation on, IPv6: stopping instances...
 
 ----------------------------------------------------------------------
-Ran 38 tests in 171.075s
+Ran 38 tests in 179.261s
 
 OK (SKIP=2)
 Live test, BIRD v2, examples, rich config, IPv4: setting instances up...
@@ -2064,7 +2064,7 @@ Live test, BIRD v2, examples, rich config, IPv6: dumping routes...
 Live test, BIRD v2, examples, rich config, IPv6: stopping instances...
 
 ----------------------------------------------------------------------
-Ran 4 tests in 24.751s
+Ran 4 tests in 19.984s
 
 OK
 Live test, BIRD v2, RPKI INVALID tagging, IPv4: setting instances up...
@@ -2105,7 +2105,7 @@ Live test, BIRD v2, RPKI INVALID tagging, IPv6: dumping routes...
 Live test, BIRD v2, RPKI INVALID tagging, IPv6: stopping instances...
 
 ----------------------------------------------------------------------
-Ran 28 tests in 77.980s
+Ran 28 tests in 79.172s
 
 OK
 Live test, BIRD v2, BOV custom comms, IPv4: setting instances up...
@@ -2130,7 +2130,7 @@ Live test, BIRD v2, BOV custom comms, IPv6: dumping routes...
 Live test, BIRD v2, BOV custom comms, IPv6: stopping instances...
 
 ----------------------------------------------------------------------
-Ran 12 tests in 44.362s
+Ran 12 tests in 45.535s
 
 OK
 Live test, BIRD v2, RTR protocol: setting instances up...
@@ -2147,7 +2147,7 @@ Live test, BIRD v2, RTR protocol: dumping routes...
 Live test, BIRD v2, RTR protocol: stopping instances...
 
 ----------------------------------------------------------------------
-Ran 8 tests in 40.609s
+Ran 8 tests in 41.031s
 
 OK
 Live test, BIRD v2, tag prefix/origin in AS-SET, IPv4: setting instances up...
@@ -2334,7 +2334,7 @@ Live test, BIRD v2, tag prefix/origin empty AS-SET, IPv6: dumping routes...
 Live test, BIRD v2, tag prefix/origin empty AS-SET, IPv6: stopping instances...
 
 ----------------------------------------------------------------------
-Ran 166 tests in 163.047s
+Ran 166 tests in 181.076s
 
 OK
 Live test, BIRD v2, 'tag' reject policy scenario, IPv4: setting instances up...
@@ -2391,810 +2391,810 @@ Live test, BIRD v2, 'tag' reject policy scenario, IPv6: dumping routes...
 Live test, BIRD v2, 'tag' reject policy scenario, IPv6: stopping instances...
 
 ----------------------------------------------------------------------
-Ran 44 tests in 114.054s
+Ran 44 tests in 118.667s
 
 OK (SKIP=1)
-Live test, OpenBGPD 7.5, BGP communities, IPv4: setting instances up...
-Live test, OpenBGPD 7.5, BGP communities, IPv4: instances setup ... ok
-Live test, OpenBGPD 7.5, BGP communities, IPv4: sessions are up ... ok
-Live test, OpenBGPD 7.5, BGP communities, IPv4: announce to AS1 only (ext) ... ok
-Live test, OpenBGPD 7.5, BGP communities, IPv4: announce to AS1 only (lrg) ... ok
-Live test, OpenBGPD 7.5, BGP communities, IPv4: announce to AS1 only (std) ... ok
-Live test, OpenBGPD 7.5, BGP communities, IPv4: announce to AS131073 only (ext) ... ok
-Live test, OpenBGPD 7.5, BGP communities, IPv4: announce to AS131073 only (lrg) ... ok
-Live test, OpenBGPD 7.5, BGP communities, IPv4: custom BGP community (ext) ... ok
-Live test, OpenBGPD 7.5, BGP communities, IPv4: custom BGP community (lrg) ... ok
-Live test, OpenBGPD 7.5, BGP communities, IPv4: custom BGP community (std) ... ok
-Live test, OpenBGPD 7.5, BGP communities, IPv4: custom BGP community scrubbed ... ok
-Live test, OpenBGPD 7.5, BGP communities, IPv4: reconfigure ... ok
-Live test, OpenBGPD 7.5, BGP communities, IPv4: log contains errors ... ok
-Live test, OpenBGPD 7.5, BGP communities, IPv4: dumping rs config...
-Live test, OpenBGPD 7.5, BGP communities, IPv4: dumping routes...
-Live test, OpenBGPD 7.5, BGP communities, IPv4: stopping instances...
-Live test, OpenBGPD 7.5, BGP communities, IPv6: setting instances up...
-Live test, OpenBGPD 7.5, BGP communities, IPv6: instances setup ... ok
-Live test, OpenBGPD 7.5, BGP communities, IPv6: sessions are up ... ok
-Live test, OpenBGPD 7.5, BGP communities, IPv6: announce to AS1 only (ext) ... ok
-Live test, OpenBGPD 7.5, BGP communities, IPv6: announce to AS1 only (lrg) ... ok
-Live test, OpenBGPD 7.5, BGP communities, IPv6: announce to AS1 only (std) ... ok
-Live test, OpenBGPD 7.5, BGP communities, IPv6: announce to AS131073 only (ext) ... ok
-Live test, OpenBGPD 7.5, BGP communities, IPv6: announce to AS131073 only (lrg) ... ok
-Live test, OpenBGPD 7.5, BGP communities, IPv6: custom BGP community (ext) ... ok
-Live test, OpenBGPD 7.5, BGP communities, IPv6: custom BGP community (lrg) ... ok
-Live test, OpenBGPD 7.5, BGP communities, IPv6: custom BGP community (std) ... ok
-Live test, OpenBGPD 7.5, BGP communities, IPv6: custom BGP community scrubbed ... ok
-Live test, OpenBGPD 7.5, BGP communities, IPv6: reconfigure ... ok
-Live test, OpenBGPD 7.5, BGP communities, IPv6: log contains errors ... ok
-Live test, OpenBGPD 7.5, BGP communities, IPv6: dumping rs config...
-Live test, OpenBGPD 7.5, BGP communities, IPv6: dumping routes...
-Live test, OpenBGPD 7.5, BGP communities, IPv6: stopping instances...
+Live test, OpenBGPD 7.7, BGP communities, IPv4: setting instances up...
+Live test, OpenBGPD 7.7, BGP communities, IPv4: instances setup ... ok
+Live test, OpenBGPD 7.7, BGP communities, IPv4: sessions are up ... ok
+Live test, OpenBGPD 7.7, BGP communities, IPv4: announce to AS1 only (ext) ... ok
+Live test, OpenBGPD 7.7, BGP communities, IPv4: announce to AS1 only (lrg) ... ok
+Live test, OpenBGPD 7.7, BGP communities, IPv4: announce to AS1 only (std) ... ok
+Live test, OpenBGPD 7.7, BGP communities, IPv4: announce to AS131073 only (ext) ... ok
+Live test, OpenBGPD 7.7, BGP communities, IPv4: announce to AS131073 only (lrg) ... ok
+Live test, OpenBGPD 7.7, BGP communities, IPv4: custom BGP community (ext) ... ok
+Live test, OpenBGPD 7.7, BGP communities, IPv4: custom BGP community (lrg) ... ok
+Live test, OpenBGPD 7.7, BGP communities, IPv4: custom BGP community (std) ... ok
+Live test, OpenBGPD 7.7, BGP communities, IPv4: custom BGP community scrubbed ... ok
+Live test, OpenBGPD 7.7, BGP communities, IPv4: reconfigure ... ok
+Live test, OpenBGPD 7.7, BGP communities, IPv4: log contains errors ... ok
+Live test, OpenBGPD 7.7, BGP communities, IPv4: dumping rs config...
+Live test, OpenBGPD 7.7, BGP communities, IPv4: dumping routes...
+Live test, OpenBGPD 7.7, BGP communities, IPv4: stopping instances...
+Live test, OpenBGPD 7.7, BGP communities, IPv6: setting instances up...
+Live test, OpenBGPD 7.7, BGP communities, IPv6: instances setup ... ok
+Live test, OpenBGPD 7.7, BGP communities, IPv6: sessions are up ... ok
+Live test, OpenBGPD 7.7, BGP communities, IPv6: announce to AS1 only (ext) ... ok
+Live test, OpenBGPD 7.7, BGP communities, IPv6: announce to AS1 only (lrg) ... ok
+Live test, OpenBGPD 7.7, BGP communities, IPv6: announce to AS1 only (std) ... ok
+Live test, OpenBGPD 7.7, BGP communities, IPv6: announce to AS131073 only (ext) ... ok
+Live test, OpenBGPD 7.7, BGP communities, IPv6: announce to AS131073 only (lrg) ... ok
+Live test, OpenBGPD 7.7, BGP communities, IPv6: custom BGP community (ext) ... ok
+Live test, OpenBGPD 7.7, BGP communities, IPv6: custom BGP community (lrg) ... ok
+Live test, OpenBGPD 7.7, BGP communities, IPv6: custom BGP community (std) ... ok
+Live test, OpenBGPD 7.7, BGP communities, IPv6: custom BGP community scrubbed ... ok
+Live test, OpenBGPD 7.7, BGP communities, IPv6: reconfigure ... ok
+Live test, OpenBGPD 7.7, BGP communities, IPv6: log contains errors ... ok
+Live test, OpenBGPD 7.7, BGP communities, IPv6: dumping rs config...
+Live test, OpenBGPD 7.7, BGP communities, IPv6: dumping routes...
+Live test, OpenBGPD 7.7, BGP communities, IPv6: stopping instances...
 
 ----------------------------------------------------------------------
-Ran 26 tests in 66.482s
+Ran 26 tests in 68.085s
 
 OK
-Live test, OpenBGPD 7.5, default config, IPv4: setting instances up...
-Live test, OpenBGPD 7.5, default config, IPv4: instances setup ... ok
-Live test, OpenBGPD 7.5, default config, IPv4: log contains errors ... ok
-Live test, OpenBGPD 7.5, default config, IPv4: dumping rs config...
-Live test, OpenBGPD 7.5, default config, IPv4: dumping routes...
-Live test, OpenBGPD 7.5, default config, IPv4: stopping instances...
-Live test, OpenBGPD 7.5, default config, IPv6: setting instances up...
-Live test, OpenBGPD 7.5, default config, IPv6: instances setup ... ok
-Live test, OpenBGPD 7.5, default config, IPv6: log contains errors ... ok
-Live test, OpenBGPD 7.5, default config, IPv6: dumping rs config...
-Live test, OpenBGPD 7.5, default config, IPv6: dumping routes...
-Live test, OpenBGPD 7.5, default config, IPv6: stopping instances...
+Live test, OpenBGPD 7.7, default config, IPv4: setting instances up...
+Live test, OpenBGPD 7.7, default config, IPv4: instances setup ... ok
+Live test, OpenBGPD 7.7, default config, IPv4: log contains errors ... ok
+Live test, OpenBGPD 7.7, default config, IPv4: dumping rs config...
+Live test, OpenBGPD 7.7, default config, IPv4: dumping routes...
+Live test, OpenBGPD 7.7, default config, IPv4: stopping instances...
+Live test, OpenBGPD 7.7, default config, IPv6: setting instances up...
+Live test, OpenBGPD 7.7, default config, IPv6: instances setup ... ok
+Live test, OpenBGPD 7.7, default config, IPv6: log contains errors ... ok
+Live test, OpenBGPD 7.7, default config, IPv6: dumping rs config...
+Live test, OpenBGPD 7.7, default config, IPv6: dumping routes...
+Live test, OpenBGPD 7.7, default config, IPv6: stopping instances...
 
 ----------------------------------------------------------------------
-Ran 4 tests in 11.577s
+Ran 4 tests in 12.137s
 
 OK
-Live test, OpenBGPD 7.5, global scenario, IPv4: setting instances up...
-Live test, OpenBGPD 7.5, global scenario, IPv4: instances setup ... ok
-Live test, OpenBGPD 7.5, global scenario, IPv4: sessions are up ... ok
-Live test, OpenBGPD 7.5, global scenario, IPv4: session configured via local include files ... ok
-Live test, OpenBGPD 7.5, global scenario, IPv4: good prefixes because of use_arin_bulk_whois_data ... ok
-Live test, OpenBGPD 7.5, global scenario, IPv4: good prefixes received by rs: IRRdb white-list ... ok
-Live test, OpenBGPD 7.5, global scenario, IPv4: good prefixes because of use_registrobr_bulk_whois_data ... ok
-Live test, OpenBGPD 7.5, global scenario, IPv4: good prefixes because of use_rpki_roas_as_route_objects: exact ... ok
-Live test, OpenBGPD 7.5, global scenario, IPv4: good prefixes because of use_rpki_roas_as_route_objects: covering ... ok
-Live test, OpenBGPD 7.5, global scenario, IPv4: good prefixes received by rs ... ok
-Live test, OpenBGPD 7.5, global scenario, IPv4: good prefixes received by rs: non-client NEXT_HOP ... ok
-Live test, OpenBGPD 7.5, global scenario, IPv4: bad prefixes received by rs: not IPv6 global unicast space ... ok
-Live test, OpenBGPD 7.5, global scenario, IPv4: bad prefixes received by rs: IRRdb white-list ... ok
-Live test, OpenBGPD 7.5, global scenario, IPv4: bad prefixes received by rs: AS_SET origin, RFC6907 7.1.9 ... ok
-Live test, OpenBGPD 7.5, global scenario, IPv4: bad prefixes received by rs: IRR check for AS_SET origin, BIRD ... SKIP: BIRD specific
-Live test, OpenBGPD 7.5, global scenario, IPv4: bad prefixes received by rs: IRR check for AS_SET origin, OpenBGPD ... ok
-Live test, OpenBGPD 7.5, global scenario, IPv4: bad prefixes received by rs: AS_PATH len ... ok
-Live test, OpenBGPD 7.5, global scenario, IPv4: bad prefixes received by rs: bogon ... ok
-Live test, OpenBGPD 7.5, global scenario, IPv4: bad prefixes received by rs: client blacklist ... ok
-Live test, OpenBGPD 7.5, global scenario, IPv4: bad prefixes received by rs: global blacklist ... ok
-Live test, OpenBGPD 7.5, global scenario, IPv4: bad prefixes received by rs: invalid ASN in AS-PATH ... ok
-Live test, OpenBGPD 7.5, global scenario, IPv4: bad prefixes received by rs: invalid NEXT_HOP ... ok
-Live test, OpenBGPD 7.5, global scenario, IPv4: bad prefixes received by rs: left-most ASN ... ok
-Live test, OpenBGPD 7.5, global scenario, IPv4: bad prefixes received by rs: never via route servers ASN in AS-PATH (asns list) ... ok
-Live test, OpenBGPD 7.5, global scenario, IPv4: bad prefixes received by rs: never via route servers ASN in AS-PATH (PeeringDB) ... ok
-Live test, OpenBGPD 7.5, global scenario, IPv4: bad prefixes received by rs: origin not in AS-SET ... ok
-Live test, OpenBGPD 7.5, global scenario, IPv4: bad prefixes received by rs: prefix not in AS-SET ... ok
-Live test, OpenBGPD 7.5, global scenario, IPv4: bad prefixes received by rs: invalid prefix-len ... ok
-Live test, OpenBGPD 7.5, global scenario, IPv4: bad prefixes received by rs: transit-free ASN in AS-PATH ... ok
-Live test, OpenBGPD 7.5, global scenario, IPv4: bad prefixes received by rs: transit-free ASN in AS-PATH from a transit peer ... ok
-Live test, OpenBGPD 7.5, global scenario, IPv4: bad prefixes received by rs: unknown NEXT_HOP ... ok
-Live test, OpenBGPD 7.5, global scenario, IPv4: bad prefixes received by rs: RPKI ROAs as route objects failed ... ok
-Live test, OpenBGPD 7.5, global scenario, IPv4: bad prefixes received by rs: default route ... ok
-Live test, OpenBGPD 7.5, global scenario, IPv4: bad prefixes not received by clients ... ok
-Live test, OpenBGPD 7.5, global scenario, IPv4: bad prefixes received by rs: bogon (wrong tag) ... ok
-Live test, OpenBGPD 7.5, global scenario, IPv4: bad prefixes received by rs: global blacklist (wrong tag) ... ok
-Live test, OpenBGPD 7.5, global scenario, IPv4: RPKI, blackhole request for a covered prefix ... ok
-Live test, OpenBGPD 7.5, global scenario, IPv4: RPKI, invalid prefix (bad ASN) received by rs ... ok
-Live test, OpenBGPD 7.5, global scenario, IPv4: RPKI, invalid prefix (bad length) received by rs ... ok
-Live test, OpenBGPD 7.5, global scenario, IPv4: RPKI, invalid prefix (bad ASN) not propagated to clients ... ok
-Live test, OpenBGPD 7.5, global scenario, IPv4: RPKI, valid prefix received by rs ... ok
-Live test, OpenBGPD 7.5, global scenario, IPv4: RPKI, valid prefix propagated to clients ... ok
-Live test, OpenBGPD 7.5, global scenario, IPv4: prefixes from AS101 received by its upstreams ... ok
-Live test, OpenBGPD 7.5, global scenario, IPv4: prefixes from AS101 received by rs ... ok
-Live test, OpenBGPD 7.5, global scenario, IPv4: bad communities as seen by AS101 upstreams ... ok
-Live test, OpenBGPD 7.5, global scenario, IPv4: bad communities scrubbed by rs (lrg) ... ok
-Live test, OpenBGPD 7.5, global scenario, IPv4: bad communities scrubbed by rs (std) ... ok
-Live test, OpenBGPD 7.5, global scenario, IPv4: other communities not scrubbed by rs (lrg) ... ok
-Live test, OpenBGPD 7.5, global scenario, IPv4: other communities not scrubbed by rs (std) ... ok
-Live test, OpenBGPD 7.5, global scenario, IPv4: blackhole filtering requests as seen by rs (BLACKHOLE) ... ok
-Live test, OpenBGPD 7.5, global scenario, IPv4: blackhole filtering requests as seen by rs (lrg cust) ... ok
-Live test, OpenBGPD 7.5, global scenario, IPv4: blackhole filtering requests as seen by rs (std cust) ... ok
-Live test, OpenBGPD 7.5, global scenario, IPv4: blackholed prefixes as seen by enabled clients (BLACKHOLE) ... ok
-Live test, OpenBGPD 7.5, global scenario, IPv4: blackholed prefixes as seen by enabled clients (lrg_cust) ... ok
-Live test, OpenBGPD 7.5, global scenario, IPv4: blackholed prefixes as seen by enabled clients (std_cust) ... ok
-Live test, OpenBGPD 7.5, global scenario, IPv4: blackholed prefixes not seen by not enabled clients ... ok
-Live test, OpenBGPD 7.5, global scenario, IPv4: gshut by an enabled client ... ok
-Live test, OpenBGPD 7.5, global scenario, IPv4: gshut by a not enabled client ... ok
-Live test, OpenBGPD 7.5, global scenario, IPv4: control communities, announce to AS1 only ... ok
-Live test, OpenBGPD 7.5, global scenario, IPv4: control communities, don't announce to any ... ok
-Live test, OpenBGPD 7.5, global scenario, IPv4: control communities, announce to all except AS1 ... ok
-Live test, OpenBGPD 7.5, global scenario, IPv4: control communities, prepend once to any ... ok
-Live test, OpenBGPD 7.5, global scenario, IPv4: control communities, prepend twice to any ... ok
-Live test, OpenBGPD 7.5, global scenario, IPv4: control communities, prepend thrice to any ... ok
-Live test, OpenBGPD 7.5, global scenario, IPv4: control communities, prepend once to AS1 ... ok
-Live test, OpenBGPD 7.5, global scenario, IPv4: control communities, prepend twice to AS2 ... ok
-Live test, OpenBGPD 7.5, global scenario, IPv4: control communities, prepend thrice to AS1, once to others ... ok
-Live test, OpenBGPD 7.5, global scenario, IPv4: control communities, NO_EXPORT to AS1 ... ok
-Live test, OpenBGPD 7.5, global scenario, IPv4: control communities, NO_EXPORT to any ... ok
-Live test, OpenBGPD 7.5, global scenario, IPv4: control communities, RFC1997 NO_EXPORT ... ok
-Live test, OpenBGPD 7.5, global scenario, IPv4: control communities, RTT, blackhole, not peers > 20 ms ... ok
-Live test, OpenBGPD 7.5, global scenario, IPv4: control communities, RTT, not peers > 15 ms ... ok
-Live test, OpenBGPD 7.5, global scenario, IPv4: control communities, RTT, not peers > 5 ms ... ok
-Live test, OpenBGPD 7.5, global scenario, IPv4: control communities, RTT, not peers > 5 ms + AS3 ... ok
-Live test, OpenBGPD 7.5, global scenario, IPv4: control communities, RTT, not peers <= 5 and > 100 ms ... ok
-Live test, OpenBGPD 7.5, global scenario, IPv4: control communities, RTT, only peers <= 15 ms ... ok
-Live test, OpenBGPD 7.5, global scenario, IPv4: control communities, RTT, only peers <= 5 ms ... ok
-Live test, OpenBGPD 7.5, global scenario, IPv4: control communities, RTT, ext comms, prepend 1x > 10 ms, 2x > 20 ms ... ok
-Live test, OpenBGPD 7.5, global scenario, IPv4: control communities, RTT, prepend 3x > 100 ms, 2x > 10 ms ... ok
-Live test, OpenBGPD 7.5, global scenario, IPv4: control communities, RTT, prepend 3x <= 5 ms, 2x <= 20 ms, 1x any ... ok
-Live test, OpenBGPD 7.5, global scenario, IPv4: prefixes received by clients: AS1_1 ... ok
-Live test, OpenBGPD 7.5, global scenario, IPv4: prefixes received by clients: AS1_2 ... ok
-Live test, OpenBGPD 7.5, global scenario, IPv4: prefixes received by clients: AS2 ... ok
-Live test, OpenBGPD 7.5, global scenario, IPv4: prefixes received by clients: AS3 ... ok
-Live test, OpenBGPD 7.5, global scenario, IPv4: prefixes received by clients: AS3 (with ADD-PATH) ... ok
-Live test, OpenBGPD 7.5, global scenario, IPv4: reconfigure ... ok
-Live test, OpenBGPD 7.5, global scenario, IPv4: log contains errors ... ok
-Live test, OpenBGPD 7.5, global scenario, IPv4: dumping rs config...
-Live test, OpenBGPD 7.5, global scenario, IPv4: dumping routes...
-Live test, OpenBGPD 7.5, global scenario, IPv4: stopping instances...
-Live test, OpenBGPD 7.5, global scenario, IPv6: setting instances up...
-Live test, OpenBGPD 7.5, global scenario, IPv6: instances setup ... ok
-Live test, OpenBGPD 7.5, global scenario, IPv6: sessions are up ... ok
-Live test, OpenBGPD 7.5, global scenario, IPv6: session configured via local include files ... ok
-Live test, OpenBGPD 7.5, global scenario, IPv6: good prefixes because of use_arin_bulk_whois_data ... ok
-Live test, OpenBGPD 7.5, global scenario, IPv6: good prefixes received by rs: IRRdb white-list ... ok
-Live test, OpenBGPD 7.5, global scenario, IPv6: good prefixes because of use_registrobr_bulk_whois_data ... ok
-Live test, OpenBGPD 7.5, global scenario, IPv6: good prefixes because of use_rpki_roas_as_route_objects: exact ... ok
-Live test, OpenBGPD 7.5, global scenario, IPv6: good prefixes because of use_rpki_roas_as_route_objects: covering ... ok
-Live test, OpenBGPD 7.5, global scenario, IPv6: good prefixes received by rs ... ok
-Live test, OpenBGPD 7.5, global scenario, IPv6: good prefixes received by rs: non-client NEXT_HOP ... ok
-Live test, OpenBGPD 7.5, global scenario, IPv6: bad prefixes received by rs: not IPv6 global unicast space ... ok
-Live test, OpenBGPD 7.5, global scenario, IPv6: bad prefixes received by rs: IRRdb white-list ... ok
-Live test, OpenBGPD 7.5, global scenario, IPv6: bad prefixes received by rs: AS_SET origin, RFC6907 7.1.9 ... ok
-Live test, OpenBGPD 7.5, global scenario, IPv6: bad prefixes received by rs: IRR check for AS_SET origin, BIRD ... SKIP: BIRD specific
-Live test, OpenBGPD 7.5, global scenario, IPv6: bad prefixes received by rs: IRR check for AS_SET origin, OpenBGPD ... ok
-Live test, OpenBGPD 7.5, global scenario, IPv6: bad prefixes received by rs: AS_PATH len ... ok
-Live test, OpenBGPD 7.5, global scenario, IPv6: bad prefixes received by rs: bogon ... ok
-Live test, OpenBGPD 7.5, global scenario, IPv6: bad prefixes received by rs: client blacklist ... ok
-Live test, OpenBGPD 7.5, global scenario, IPv6: bad prefixes received by rs: global blacklist ... ok
-Live test, OpenBGPD 7.5, global scenario, IPv6: bad prefixes received by rs: invalid ASN in AS-PATH ... ok
-Live test, OpenBGPD 7.5, global scenario, IPv6: bad prefixes received by rs: invalid NEXT_HOP ... ok
-Live test, OpenBGPD 7.5, global scenario, IPv6: bad prefixes received by rs: left-most ASN ... ok
-Live test, OpenBGPD 7.5, global scenario, IPv6: bad prefixes received by rs: never via route servers ASN in AS-PATH (asns list) ... ok
-Live test, OpenBGPD 7.5, global scenario, IPv6: bad prefixes received by rs: never via route servers ASN in AS-PATH (PeeringDB) ... ok
-Live test, OpenBGPD 7.5, global scenario, IPv6: bad prefixes received by rs: origin not in AS-SET ... ok
-Live test, OpenBGPD 7.5, global scenario, IPv6: bad prefixes received by rs: prefix not in AS-SET ... ok
-Live test, OpenBGPD 7.5, global scenario, IPv6: bad prefixes received by rs: invalid prefix-len ... ok
-Live test, OpenBGPD 7.5, global scenario, IPv6: bad prefixes received by rs: transit-free ASN in AS-PATH ... ok
-Live test, OpenBGPD 7.5, global scenario, IPv6: bad prefixes received by rs: transit-free ASN in AS-PATH from a transit peer ... ok
-Live test, OpenBGPD 7.5, global scenario, IPv6: bad prefixes received by rs: unknown NEXT_HOP ... ok
-Live test, OpenBGPD 7.5, global scenario, IPv6: bad prefixes received by rs: RPKI ROAs as route objects failed ... ok
-Live test, OpenBGPD 7.5, global scenario, IPv6: bad prefixes received by rs: default route ... ok
-Live test, OpenBGPD 7.5, global scenario, IPv6: bad prefixes not received by clients ... ok
-Live test, OpenBGPD 7.5, global scenario, IPv6: bad prefixes received by rs: bogon (wrong tag) ... ok
-Live test, OpenBGPD 7.5, global scenario, IPv6: bad prefixes received by rs: global blacklist (wrong tag) ... ok
-Live test, OpenBGPD 7.5, global scenario, IPv6: RPKI, blackhole request for a covered prefix ... ok
-Live test, OpenBGPD 7.5, global scenario, IPv6: RPKI, invalid prefix (bad ASN) received by rs ... ok
-Live test, OpenBGPD 7.5, global scenario, IPv6: RPKI, invalid prefix (bad length) received by rs ... ok
-Live test, OpenBGPD 7.5, global scenario, IPv6: RPKI, invalid prefix (bad ASN) not propagated to clients ... ok
-Live test, OpenBGPD 7.5, global scenario, IPv6: RPKI, valid prefix received by rs ... ok
-Live test, OpenBGPD 7.5, global scenario, IPv6: RPKI, valid prefix propagated to clients ... ok
-Live test, OpenBGPD 7.5, global scenario, IPv6: prefixes from AS101 received by its upstreams ... ok
-Live test, OpenBGPD 7.5, global scenario, IPv6: prefixes from AS101 received by rs ... ok
-Live test, OpenBGPD 7.5, global scenario, IPv6: bad communities as seen by AS101 upstreams ... ok
-Live test, OpenBGPD 7.5, global scenario, IPv6: bad communities scrubbed by rs (lrg) ... ok
-Live test, OpenBGPD 7.5, global scenario, IPv6: bad communities scrubbed by rs (std) ... ok
-Live test, OpenBGPD 7.5, global scenario, IPv6: other communities not scrubbed by rs (lrg) ... ok
-Live test, OpenBGPD 7.5, global scenario, IPv6: other communities not scrubbed by rs (std) ... ok
-Live test, OpenBGPD 7.5, global scenario, IPv6: blackhole filtering requests as seen by rs (BLACKHOLE) ... ok
-Live test, OpenBGPD 7.5, global scenario, IPv6: blackhole filtering requests as seen by rs (lrg cust) ... ok
-Live test, OpenBGPD 7.5, global scenario, IPv6: blackhole filtering requests as seen by rs (std cust) ... ok
-Live test, OpenBGPD 7.5, global scenario, IPv6: blackholed prefixes as seen by enabled clients (BLACKHOLE) ... ok
-Live test, OpenBGPD 7.5, global scenario, IPv6: blackholed prefixes as seen by enabled clients (lrg_cust) ... ok
-Live test, OpenBGPD 7.5, global scenario, IPv6: blackholed prefixes as seen by enabled clients (std_cust) ... ok
-Live test, OpenBGPD 7.5, global scenario, IPv6: blackholed prefixes not seen by not enabled clients ... ok
-Live test, OpenBGPD 7.5, global scenario, IPv6: gshut by an enabled client ... ok
-Live test, OpenBGPD 7.5, global scenario, IPv6: gshut by a not enabled client ... ok
-Live test, OpenBGPD 7.5, global scenario, IPv6: control communities, announce to AS1 only ... ok
-Live test, OpenBGPD 7.5, global scenario, IPv6: control communities, don't announce to any ... ok
-Live test, OpenBGPD 7.5, global scenario, IPv6: control communities, announce to all except AS1 ... ok
-Live test, OpenBGPD 7.5, global scenario, IPv6: control communities, prepend once to any ... ok
-Live test, OpenBGPD 7.5, global scenario, IPv6: control communities, prepend twice to any ... ok
-Live test, OpenBGPD 7.5, global scenario, IPv6: control communities, prepend thrice to any ... ok
-Live test, OpenBGPD 7.5, global scenario, IPv6: control communities, prepend once to AS1 ... ok
-Live test, OpenBGPD 7.5, global scenario, IPv6: control communities, prepend twice to AS2 ... ok
-Live test, OpenBGPD 7.5, global scenario, IPv6: control communities, prepend thrice to AS1, once to others ... ok
-Live test, OpenBGPD 7.5, global scenario, IPv6: control communities, NO_EXPORT to AS1 ... ok
-Live test, OpenBGPD 7.5, global scenario, IPv6: control communities, NO_EXPORT to any ... ok
-Live test, OpenBGPD 7.5, global scenario, IPv6: control communities, RFC1997 NO_EXPORT ... ok
-Live test, OpenBGPD 7.5, global scenario, IPv6: control communities, RTT, blackhole, not peers > 20 ms ... ok
-Live test, OpenBGPD 7.5, global scenario, IPv6: control communities, RTT, not peers > 15 ms ... ok
-Live test, OpenBGPD 7.5, global scenario, IPv6: control communities, RTT, not peers > 5 ms ... ok
-Live test, OpenBGPD 7.5, global scenario, IPv6: control communities, RTT, not peers > 5 ms + AS3 ... ok
-Live test, OpenBGPD 7.5, global scenario, IPv6: control communities, RTT, not peers <= 5 and > 100 ms ... ok
-Live test, OpenBGPD 7.5, global scenario, IPv6: control communities, RTT, only peers <= 15 ms ... ok
-Live test, OpenBGPD 7.5, global scenario, IPv6: control communities, RTT, only peers <= 5 ms ... ok
-Live test, OpenBGPD 7.5, global scenario, IPv6: control communities, RTT, ext comms, prepend 1x > 10 ms, 2x > 20 ms ... ok
-Live test, OpenBGPD 7.5, global scenario, IPv6: control communities, RTT, prepend 3x > 100 ms, 2x > 10 ms ... ok
-Live test, OpenBGPD 7.5, global scenario, IPv6: control communities, RTT, prepend 3x <= 5 ms, 2x <= 20 ms, 1x any ... ok
-Live test, OpenBGPD 7.5, global scenario, IPv6: prefixes received by clients: AS1_1 ... ok
-Live test, OpenBGPD 7.5, global scenario, IPv6: prefixes received by clients: AS1_2 ... ok
-Live test, OpenBGPD 7.5, global scenario, IPv6: prefixes received by clients: AS2 ... ok
-Live test, OpenBGPD 7.5, global scenario, IPv6: prefixes received by clients: AS3 ... ok
-Live test, OpenBGPD 7.5, global scenario, IPv6: prefixes received by clients: AS3 (with ADD-PATH) ... ok
-Live test, OpenBGPD 7.5, global scenario, IPv6: reconfigure ... ok
-Live test, OpenBGPD 7.5, global scenario, IPv6: log contains errors ... ok
-Live test, OpenBGPD 7.5, global scenario, IPv6: dumping rs config...
-Live test, OpenBGPD 7.5, global scenario, IPv6: dumping routes...
-Live test, OpenBGPD 7.5, global scenario, IPv6: stopping instances...
-Live test, OpenBGPD 7.4, global scenario, IPv4: setting instances up...
-Live test, OpenBGPD 7.4, global scenario, IPv4: instances setup ... ok
-Live test, OpenBGPD 7.4, global scenario, IPv4: sessions are up ... ok
-Live test, OpenBGPD 7.4, global scenario, IPv4: session configured via local include files ... ok
-Live test, OpenBGPD 7.4, global scenario, IPv4: good prefixes because of use_arin_bulk_whois_data ... ok
-Live test, OpenBGPD 7.4, global scenario, IPv4: good prefixes received by rs: IRRdb white-list ... ok
-Live test, OpenBGPD 7.4, global scenario, IPv4: good prefixes because of use_registrobr_bulk_whois_data ... ok
-Live test, OpenBGPD 7.4, global scenario, IPv4: good prefixes because of use_rpki_roas_as_route_objects: exact ... ok
-Live test, OpenBGPD 7.4, global scenario, IPv4: good prefixes because of use_rpki_roas_as_route_objects: covering ... ok
-Live test, OpenBGPD 7.4, global scenario, IPv4: good prefixes received by rs ... ok
-Live test, OpenBGPD 7.4, global scenario, IPv4: good prefixes received by rs: non-client NEXT_HOP ... ok
-Live test, OpenBGPD 7.4, global scenario, IPv4: bad prefixes received by rs: not IPv6 global unicast space ... ok
-Live test, OpenBGPD 7.4, global scenario, IPv4: bad prefixes received by rs: IRRdb white-list ... ok
-Live test, OpenBGPD 7.4, global scenario, IPv4: bad prefixes received by rs: AS_SET origin, RFC6907 7.1.9 ... ok
-Live test, OpenBGPD 7.4, global scenario, IPv4: bad prefixes received by rs: IRR check for AS_SET origin, BIRD ... SKIP: BIRD specific
-Live test, OpenBGPD 7.4, global scenario, IPv4: bad prefixes received by rs: IRR check for AS_SET origin, OpenBGPD ... ok
-Live test, OpenBGPD 7.4, global scenario, IPv4: bad prefixes received by rs: AS_PATH len ... ok
-Live test, OpenBGPD 7.4, global scenario, IPv4: bad prefixes received by rs: bogon ... ok
-Live test, OpenBGPD 7.4, global scenario, IPv4: bad prefixes received by rs: client blacklist ... ok
-Live test, OpenBGPD 7.4, global scenario, IPv4: bad prefixes received by rs: global blacklist ... ok
-Live test, OpenBGPD 7.4, global scenario, IPv4: bad prefixes received by rs: invalid ASN in AS-PATH ... ok
-Live test, OpenBGPD 7.4, global scenario, IPv4: bad prefixes received by rs: invalid NEXT_HOP ... ok
-Live test, OpenBGPD 7.4, global scenario, IPv4: bad prefixes received by rs: left-most ASN ... ok
-Live test, OpenBGPD 7.4, global scenario, IPv4: bad prefixes received by rs: never via route servers ASN in AS-PATH (asns list) ... ok
-Live test, OpenBGPD 7.4, global scenario, IPv4: bad prefixes received by rs: never via route servers ASN in AS-PATH (PeeringDB) ... ok
-Live test, OpenBGPD 7.4, global scenario, IPv4: bad prefixes received by rs: origin not in AS-SET ... ok
-Live test, OpenBGPD 7.4, global scenario, IPv4: bad prefixes received by rs: prefix not in AS-SET ... ok
-Live test, OpenBGPD 7.4, global scenario, IPv4: bad prefixes received by rs: invalid prefix-len ... ok
-Live test, OpenBGPD 7.4, global scenario, IPv4: bad prefixes received by rs: transit-free ASN in AS-PATH ... ok
-Live test, OpenBGPD 7.4, global scenario, IPv4: bad prefixes received by rs: transit-free ASN in AS-PATH from a transit peer ... ok
-Live test, OpenBGPD 7.4, global scenario, IPv4: bad prefixes received by rs: unknown NEXT_HOP ... ok
-Live test, OpenBGPD 7.4, global scenario, IPv4: bad prefixes received by rs: RPKI ROAs as route objects failed ... ok
-Live test, OpenBGPD 7.4, global scenario, IPv4: bad prefixes received by rs: default route ... ok
-Live test, OpenBGPD 7.4, global scenario, IPv4: bad prefixes not received by clients ... ok
-Live test, OpenBGPD 7.4, global scenario, IPv4: bad prefixes received by rs: bogon (wrong tag) ... ok
-Live test, OpenBGPD 7.4, global scenario, IPv4: bad prefixes received by rs: global blacklist (wrong tag) ... ok
-Live test, OpenBGPD 7.4, global scenario, IPv4: RPKI, blackhole request for a covered prefix ... ok
-Live test, OpenBGPD 7.4, global scenario, IPv4: RPKI, invalid prefix (bad ASN) received by rs ... ok
-Live test, OpenBGPD 7.4, global scenario, IPv4: RPKI, invalid prefix (bad length) received by rs ... ok
-Live test, OpenBGPD 7.4, global scenario, IPv4: RPKI, invalid prefix (bad ASN) not propagated to clients ... ok
-Live test, OpenBGPD 7.4, global scenario, IPv4: RPKI, valid prefix received by rs ... ok
-Live test, OpenBGPD 7.4, global scenario, IPv4: RPKI, valid prefix propagated to clients ... ok
-Live test, OpenBGPD 7.4, global scenario, IPv4: prefixes from AS101 received by its upstreams ... ok
-Live test, OpenBGPD 7.4, global scenario, IPv4: prefixes from AS101 received by rs ... ok
-Live test, OpenBGPD 7.4, global scenario, IPv4: bad communities as seen by AS101 upstreams ... ok
-Live test, OpenBGPD 7.4, global scenario, IPv4: bad communities scrubbed by rs (lrg) ... ok
-Live test, OpenBGPD 7.4, global scenario, IPv4: bad communities scrubbed by rs (std) ... ok
-Live test, OpenBGPD 7.4, global scenario, IPv4: other communities not scrubbed by rs (lrg) ... ok
-Live test, OpenBGPD 7.4, global scenario, IPv4: other communities not scrubbed by rs (std) ... ok
-Live test, OpenBGPD 7.4, global scenario, IPv4: blackhole filtering requests as seen by rs (BLACKHOLE) ... ok
-Live test, OpenBGPD 7.4, global scenario, IPv4: blackhole filtering requests as seen by rs (lrg cust) ... ok
-Live test, OpenBGPD 7.4, global scenario, IPv4: blackhole filtering requests as seen by rs (std cust) ... ok
-Live test, OpenBGPD 7.4, global scenario, IPv4: blackholed prefixes as seen by enabled clients (BLACKHOLE) ... ok
-Live test, OpenBGPD 7.4, global scenario, IPv4: blackholed prefixes as seen by enabled clients (lrg_cust) ... ok
-Live test, OpenBGPD 7.4, global scenario, IPv4: blackholed prefixes as seen by enabled clients (std_cust) ... ok
-Live test, OpenBGPD 7.4, global scenario, IPv4: blackholed prefixes not seen by not enabled clients ... ok
-Live test, OpenBGPD 7.4, global scenario, IPv4: gshut by an enabled client ... ok
-Live test, OpenBGPD 7.4, global scenario, IPv4: gshut by a not enabled client ... ok
-Live test, OpenBGPD 7.4, global scenario, IPv4: control communities, announce to AS1 only ... ok
-Live test, OpenBGPD 7.4, global scenario, IPv4: control communities, don't announce to any ... ok
-Live test, OpenBGPD 7.4, global scenario, IPv4: control communities, announce to all except AS1 ... ok
-Live test, OpenBGPD 7.4, global scenario, IPv4: control communities, prepend once to any ... ok
-Live test, OpenBGPD 7.4, global scenario, IPv4: control communities, prepend twice to any ... ok
-Live test, OpenBGPD 7.4, global scenario, IPv4: control communities, prepend thrice to any ... ok
-Live test, OpenBGPD 7.4, global scenario, IPv4: control communities, prepend once to AS1 ... ok
-Live test, OpenBGPD 7.4, global scenario, IPv4: control communities, prepend twice to AS2 ... ok
-Live test, OpenBGPD 7.4, global scenario, IPv4: control communities, prepend thrice to AS1, once to others ... ok
-Live test, OpenBGPD 7.4, global scenario, IPv4: control communities, NO_EXPORT to AS1 ... ok
-Live test, OpenBGPD 7.4, global scenario, IPv4: control communities, NO_EXPORT to any ... ok
-Live test, OpenBGPD 7.4, global scenario, IPv4: control communities, RFC1997 NO_EXPORT ... ok
-Live test, OpenBGPD 7.4, global scenario, IPv4: control communities, RTT, blackhole, not peers > 20 ms ... ok
-Live test, OpenBGPD 7.4, global scenario, IPv4: control communities, RTT, not peers > 15 ms ... ok
-Live test, OpenBGPD 7.4, global scenario, IPv4: control communities, RTT, not peers > 5 ms ... ok
-Live test, OpenBGPD 7.4, global scenario, IPv4: control communities, RTT, not peers > 5 ms + AS3 ... ok
-Live test, OpenBGPD 7.4, global scenario, IPv4: control communities, RTT, not peers <= 5 and > 100 ms ... ok
-Live test, OpenBGPD 7.4, global scenario, IPv4: control communities, RTT, only peers <= 15 ms ... ok
-Live test, OpenBGPD 7.4, global scenario, IPv4: control communities, RTT, only peers <= 5 ms ... ok
-Live test, OpenBGPD 7.4, global scenario, IPv4: control communities, RTT, ext comms, prepend 1x > 10 ms, 2x > 20 ms ... ok
-Live test, OpenBGPD 7.4, global scenario, IPv4: control communities, RTT, prepend 3x > 100 ms, 2x > 10 ms ... ok
-Live test, OpenBGPD 7.4, global scenario, IPv4: control communities, RTT, prepend 3x <= 5 ms, 2x <= 20 ms, 1x any ... ok
-Live test, OpenBGPD 7.4, global scenario, IPv4: prefixes received by clients: AS1_1 ... ok
-Live test, OpenBGPD 7.4, global scenario, IPv4: prefixes received by clients: AS1_2 ... ok
-Live test, OpenBGPD 7.4, global scenario, IPv4: prefixes received by clients: AS2 ... ok
-Live test, OpenBGPD 7.4, global scenario, IPv4: prefixes received by clients: AS3 ... ok
-Live test, OpenBGPD 7.4, global scenario, IPv4: prefixes received by clients: AS3 (with ADD-PATH) ... SKIP: ADD-PATH not supported by OpenBGPD < 7.5
-Live test, OpenBGPD 7.4, global scenario, IPv4: reconfigure ... ok
-Live test, OpenBGPD 7.4, global scenario, IPv4: log contains errors ... ok
-Live test, OpenBGPD 7.4, global scenario, IPv4: dumping rs config...
-Live test, OpenBGPD 7.4, global scenario, IPv4: dumping routes...
-Live test, OpenBGPD 7.4, global scenario, IPv4: stopping instances...
-Live test, OpenBGPD 7.4, global scenario, IPv6: setting instances up...
-Live test, OpenBGPD 7.4, global scenario, IPv6: instances setup ... ok
-Live test, OpenBGPD 7.4, global scenario, IPv6: sessions are up ... ok
-Live test, OpenBGPD 7.4, global scenario, IPv6: session configured via local include files ... ok
-Live test, OpenBGPD 7.4, global scenario, IPv6: good prefixes because of use_arin_bulk_whois_data ... ok
-Live test, OpenBGPD 7.4, global scenario, IPv6: good prefixes received by rs: IRRdb white-list ... ok
-Live test, OpenBGPD 7.4, global scenario, IPv6: good prefixes because of use_registrobr_bulk_whois_data ... ok
-Live test, OpenBGPD 7.4, global scenario, IPv6: good prefixes because of use_rpki_roas_as_route_objects: exact ... ok
-Live test, OpenBGPD 7.4, global scenario, IPv6: good prefixes because of use_rpki_roas_as_route_objects: covering ... ok
-Live test, OpenBGPD 7.4, global scenario, IPv6: good prefixes received by rs ... ok
-Live test, OpenBGPD 7.4, global scenario, IPv6: good prefixes received by rs: non-client NEXT_HOP ... ok
-Live test, OpenBGPD 7.4, global scenario, IPv6: bad prefixes received by rs: not IPv6 global unicast space ... ok
-Live test, OpenBGPD 7.4, global scenario, IPv6: bad prefixes received by rs: IRRdb white-list ... ok
-Live test, OpenBGPD 7.4, global scenario, IPv6: bad prefixes received by rs: AS_SET origin, RFC6907 7.1.9 ... ok
-Live test, OpenBGPD 7.4, global scenario, IPv6: bad prefixes received by rs: IRR check for AS_SET origin, BIRD ... SKIP: BIRD specific
-Live test, OpenBGPD 7.4, global scenario, IPv6: bad prefixes received by rs: IRR check for AS_SET origin, OpenBGPD ... ok
-Live test, OpenBGPD 7.4, global scenario, IPv6: bad prefixes received by rs: AS_PATH len ... ok
-Live test, OpenBGPD 7.4, global scenario, IPv6: bad prefixes received by rs: bogon ... ok
-Live test, OpenBGPD 7.4, global scenario, IPv6: bad prefixes received by rs: client blacklist ... ok
-Live test, OpenBGPD 7.4, global scenario, IPv6: bad prefixes received by rs: global blacklist ... ok
-Live test, OpenBGPD 7.4, global scenario, IPv6: bad prefixes received by rs: invalid ASN in AS-PATH ... ok
-Live test, OpenBGPD 7.4, global scenario, IPv6: bad prefixes received by rs: invalid NEXT_HOP ... ok
-Live test, OpenBGPD 7.4, global scenario, IPv6: bad prefixes received by rs: left-most ASN ... ok
-Live test, OpenBGPD 7.4, global scenario, IPv6: bad prefixes received by rs: never via route servers ASN in AS-PATH (asns list) ... ok
-Live test, OpenBGPD 7.4, global scenario, IPv6: bad prefixes received by rs: never via route servers ASN in AS-PATH (PeeringDB) ... ok
-Live test, OpenBGPD 7.4, global scenario, IPv6: bad prefixes received by rs: origin not in AS-SET ... ok
-Live test, OpenBGPD 7.4, global scenario, IPv6: bad prefixes received by rs: prefix not in AS-SET ... ok
-Live test, OpenBGPD 7.4, global scenario, IPv6: bad prefixes received by rs: invalid prefix-len ... ok
-Live test, OpenBGPD 7.4, global scenario, IPv6: bad prefixes received by rs: transit-free ASN in AS-PATH ... ok
-Live test, OpenBGPD 7.4, global scenario, IPv6: bad prefixes received by rs: transit-free ASN in AS-PATH from a transit peer ... ok
-Live test, OpenBGPD 7.4, global scenario, IPv6: bad prefixes received by rs: unknown NEXT_HOP ... ok
-Live test, OpenBGPD 7.4, global scenario, IPv6: bad prefixes received by rs: RPKI ROAs as route objects failed ... ok
-Live test, OpenBGPD 7.4, global scenario, IPv6: bad prefixes received by rs: default route ... ok
-Live test, OpenBGPD 7.4, global scenario, IPv6: bad prefixes not received by clients ... ok
-Live test, OpenBGPD 7.4, global scenario, IPv6: bad prefixes received by rs: bogon (wrong tag) ... ok
-Live test, OpenBGPD 7.4, global scenario, IPv6: bad prefixes received by rs: global blacklist (wrong tag) ... ok
-Live test, OpenBGPD 7.4, global scenario, IPv6: RPKI, blackhole request for a covered prefix ... ok
-Live test, OpenBGPD 7.4, global scenario, IPv6: RPKI, invalid prefix (bad ASN) received by rs ... ok
-Live test, OpenBGPD 7.4, global scenario, IPv6: RPKI, invalid prefix (bad length) received by rs ... ok
-Live test, OpenBGPD 7.4, global scenario, IPv6: RPKI, invalid prefix (bad ASN) not propagated to clients ... ok
-Live test, OpenBGPD 7.4, global scenario, IPv6: RPKI, valid prefix received by rs ... ok
-Live test, OpenBGPD 7.4, global scenario, IPv6: RPKI, valid prefix propagated to clients ... ok
-Live test, OpenBGPD 7.4, global scenario, IPv6: prefixes from AS101 received by its upstreams ... ok
-Live test, OpenBGPD 7.4, global scenario, IPv6: prefixes from AS101 received by rs ... ok
-Live test, OpenBGPD 7.4, global scenario, IPv6: bad communities as seen by AS101 upstreams ... ok
-Live test, OpenBGPD 7.4, global scenario, IPv6: bad communities scrubbed by rs (lrg) ... ok
-Live test, OpenBGPD 7.4, global scenario, IPv6: bad communities scrubbed by rs (std) ... ok
-Live test, OpenBGPD 7.4, global scenario, IPv6: other communities not scrubbed by rs (lrg) ... ok
-Live test, OpenBGPD 7.4, global scenario, IPv6: other communities not scrubbed by rs (std) ... ok
-Live test, OpenBGPD 7.4, global scenario, IPv6: blackhole filtering requests as seen by rs (BLACKHOLE) ... ok
-Live test, OpenBGPD 7.4, global scenario, IPv6: blackhole filtering requests as seen by rs (lrg cust) ... ok
-Live test, OpenBGPD 7.4, global scenario, IPv6: blackhole filtering requests as seen by rs (std cust) ... ok
-Live test, OpenBGPD 7.4, global scenario, IPv6: blackholed prefixes as seen by enabled clients (BLACKHOLE) ... ok
-Live test, OpenBGPD 7.4, global scenario, IPv6: blackholed prefixes as seen by enabled clients (lrg_cust) ... ok
-Live test, OpenBGPD 7.4, global scenario, IPv6: blackholed prefixes as seen by enabled clients (std_cust) ... ok
-Live test, OpenBGPD 7.4, global scenario, IPv6: blackholed prefixes not seen by not enabled clients ... ok
-Live test, OpenBGPD 7.4, global scenario, IPv6: gshut by an enabled client ... ok
-Live test, OpenBGPD 7.4, global scenario, IPv6: gshut by a not enabled client ... ok
-Live test, OpenBGPD 7.4, global scenario, IPv6: control communities, announce to AS1 only ... ok
-Live test, OpenBGPD 7.4, global scenario, IPv6: control communities, don't announce to any ... ok
-Live test, OpenBGPD 7.4, global scenario, IPv6: control communities, announce to all except AS1 ... ok
-Live test, OpenBGPD 7.4, global scenario, IPv6: control communities, prepend once to any ... ok
-Live test, OpenBGPD 7.4, global scenario, IPv6: control communities, prepend twice to any ... ok
-Live test, OpenBGPD 7.4, global scenario, IPv6: control communities, prepend thrice to any ... ok
-Live test, OpenBGPD 7.4, global scenario, IPv6: control communities, prepend once to AS1 ... ok
-Live test, OpenBGPD 7.4, global scenario, IPv6: control communities, prepend twice to AS2 ... ok
-Live test, OpenBGPD 7.4, global scenario, IPv6: control communities, prepend thrice to AS1, once to others ... ok
-Live test, OpenBGPD 7.4, global scenario, IPv6: control communities, NO_EXPORT to AS1 ... ok
-Live test, OpenBGPD 7.4, global scenario, IPv6: control communities, NO_EXPORT to any ... ok
-Live test, OpenBGPD 7.4, global scenario, IPv6: control communities, RFC1997 NO_EXPORT ... ok
-Live test, OpenBGPD 7.4, global scenario, IPv6: control communities, RTT, blackhole, not peers > 20 ms ... ok
-Live test, OpenBGPD 7.4, global scenario, IPv6: control communities, RTT, not peers > 15 ms ... ok
-Live test, OpenBGPD 7.4, global scenario, IPv6: control communities, RTT, not peers > 5 ms ... ok
-Live test, OpenBGPD 7.4, global scenario, IPv6: control communities, RTT, not peers > 5 ms + AS3 ... ok
-Live test, OpenBGPD 7.4, global scenario, IPv6: control communities, RTT, not peers <= 5 and > 100 ms ... ok
-Live test, OpenBGPD 7.4, global scenario, IPv6: control communities, RTT, only peers <= 15 ms ... ok
-Live test, OpenBGPD 7.4, global scenario, IPv6: control communities, RTT, only peers <= 5 ms ... ok
-Live test, OpenBGPD 7.4, global scenario, IPv6: control communities, RTT, ext comms, prepend 1x > 10 ms, 2x > 20 ms ... ok
-Live test, OpenBGPD 7.4, global scenario, IPv6: control communities, RTT, prepend 3x > 100 ms, 2x > 10 ms ... ok
-Live test, OpenBGPD 7.4, global scenario, IPv6: control communities, RTT, prepend 3x <= 5 ms, 2x <= 20 ms, 1x any ... ok
-Live test, OpenBGPD 7.4, global scenario, IPv6: prefixes received by clients: AS1_1 ... ok
-Live test, OpenBGPD 7.4, global scenario, IPv6: prefixes received by clients: AS1_2 ... ok
-Live test, OpenBGPD 7.4, global scenario, IPv6: prefixes received by clients: AS2 ... ok
-Live test, OpenBGPD 7.4, global scenario, IPv6: prefixes received by clients: AS3 ... ok
-Live test, OpenBGPD 7.4, global scenario, IPv6: prefixes received by clients: AS3 (with ADD-PATH) ... SKIP: ADD-PATH not supported by OpenBGPD < 7.5
-Live test, OpenBGPD 7.4, global scenario, IPv6: reconfigure ... ok
-Live test, OpenBGPD 7.4, global scenario, IPv6: log contains errors ... ok
-Live test, OpenBGPD 7.4, global scenario, IPv6: dumping rs config...
-Live test, OpenBGPD 7.4, global scenario, IPv6: dumping routes...
-Live test, OpenBGPD 7.4, global scenario, IPv6: stopping instances...
+Live test, OpenBGPD 7.7, global scenario, IPv4: setting instances up...
+Live test, OpenBGPD 7.7, global scenario, IPv4: instances setup ... ok
+Live test, OpenBGPD 7.7, global scenario, IPv4: sessions are up ... ok
+Live test, OpenBGPD 7.7, global scenario, IPv4: session configured via local include files ... ok
+Live test, OpenBGPD 7.7, global scenario, IPv4: good prefixes because of use_arin_bulk_whois_data ... ok
+Live test, OpenBGPD 7.7, global scenario, IPv4: good prefixes received by rs: IRRdb white-list ... ok
+Live test, OpenBGPD 7.7, global scenario, IPv4: good prefixes because of use_registrobr_bulk_whois_data ... ok
+Live test, OpenBGPD 7.7, global scenario, IPv4: good prefixes because of use_rpki_roas_as_route_objects: exact ... ok
+Live test, OpenBGPD 7.7, global scenario, IPv4: good prefixes because of use_rpki_roas_as_route_objects: covering ... ok
+Live test, OpenBGPD 7.7, global scenario, IPv4: good prefixes received by rs ... ok
+Live test, OpenBGPD 7.7, global scenario, IPv4: good prefixes received by rs: non-client NEXT_HOP ... ok
+Live test, OpenBGPD 7.7, global scenario, IPv4: bad prefixes received by rs: not IPv6 global unicast space ... ok
+Live test, OpenBGPD 7.7, global scenario, IPv4: bad prefixes received by rs: IRRdb white-list ... ok
+Live test, OpenBGPD 7.7, global scenario, IPv4: bad prefixes received by rs: AS_SET origin, RFC6907 7.1.9 ... ok
+Live test, OpenBGPD 7.7, global scenario, IPv4: bad prefixes received by rs: IRR check for AS_SET origin, BIRD ... SKIP: BIRD specific
+Live test, OpenBGPD 7.7, global scenario, IPv4: bad prefixes received by rs: IRR check for AS_SET origin, OpenBGPD ... ok
+Live test, OpenBGPD 7.7, global scenario, IPv4: bad prefixes received by rs: AS_PATH len ... ok
+Live test, OpenBGPD 7.7, global scenario, IPv4: bad prefixes received by rs: bogon ... ok
+Live test, OpenBGPD 7.7, global scenario, IPv4: bad prefixes received by rs: client blacklist ... ok
+Live test, OpenBGPD 7.7, global scenario, IPv4: bad prefixes received by rs: global blacklist ... ok
+Live test, OpenBGPD 7.7, global scenario, IPv4: bad prefixes received by rs: invalid ASN in AS-PATH ... ok
+Live test, OpenBGPD 7.7, global scenario, IPv4: bad prefixes received by rs: invalid NEXT_HOP ... ok
+Live test, OpenBGPD 7.7, global scenario, IPv4: bad prefixes received by rs: left-most ASN ... ok
+Live test, OpenBGPD 7.7, global scenario, IPv4: bad prefixes received by rs: never via route servers ASN in AS-PATH (asns list) ... ok
+Live test, OpenBGPD 7.7, global scenario, IPv4: bad prefixes received by rs: never via route servers ASN in AS-PATH (PeeringDB) ... ok
+Live test, OpenBGPD 7.7, global scenario, IPv4: bad prefixes received by rs: origin not in AS-SET ... ok
+Live test, OpenBGPD 7.7, global scenario, IPv4: bad prefixes received by rs: prefix not in AS-SET ... ok
+Live test, OpenBGPD 7.7, global scenario, IPv4: bad prefixes received by rs: invalid prefix-len ... ok
+Live test, OpenBGPD 7.7, global scenario, IPv4: bad prefixes received by rs: transit-free ASN in AS-PATH ... ok
+Live test, OpenBGPD 7.7, global scenario, IPv4: bad prefixes received by rs: transit-free ASN in AS-PATH from a transit peer ... ok
+Live test, OpenBGPD 7.7, global scenario, IPv4: bad prefixes received by rs: unknown NEXT_HOP ... ok
+Live test, OpenBGPD 7.7, global scenario, IPv4: bad prefixes received by rs: RPKI ROAs as route objects failed ... ok
+Live test, OpenBGPD 7.7, global scenario, IPv4: bad prefixes received by rs: default route ... ok
+Live test, OpenBGPD 7.7, global scenario, IPv4: bad prefixes not received by clients ... ok
+Live test, OpenBGPD 7.7, global scenario, IPv4: bad prefixes received by rs: bogon (wrong tag) ... ok
+Live test, OpenBGPD 7.7, global scenario, IPv4: bad prefixes received by rs: global blacklist (wrong tag) ... ok
+Live test, OpenBGPD 7.7, global scenario, IPv4: RPKI, blackhole request for a covered prefix ... ok
+Live test, OpenBGPD 7.7, global scenario, IPv4: RPKI, invalid prefix (bad ASN) received by rs ... ok
+Live test, OpenBGPD 7.7, global scenario, IPv4: RPKI, invalid prefix (bad length) received by rs ... ok
+Live test, OpenBGPD 7.7, global scenario, IPv4: RPKI, invalid prefix (bad ASN) not propagated to clients ... ok
+Live test, OpenBGPD 7.7, global scenario, IPv4: RPKI, valid prefix received by rs ... ok
+Live test, OpenBGPD 7.7, global scenario, IPv4: RPKI, valid prefix propagated to clients ... ok
+Live test, OpenBGPD 7.7, global scenario, IPv4: prefixes from AS101 received by its upstreams ... ok
+Live test, OpenBGPD 7.7, global scenario, IPv4: prefixes from AS101 received by rs ... ok
+Live test, OpenBGPD 7.7, global scenario, IPv4: bad communities as seen by AS101 upstreams ... ok
+Live test, OpenBGPD 7.7, global scenario, IPv4: bad communities scrubbed by rs (lrg) ... ok
+Live test, OpenBGPD 7.7, global scenario, IPv4: bad communities scrubbed by rs (std) ... ok
+Live test, OpenBGPD 7.7, global scenario, IPv4: other communities not scrubbed by rs (lrg) ... ok
+Live test, OpenBGPD 7.7, global scenario, IPv4: other communities not scrubbed by rs (std) ... ok
+Live test, OpenBGPD 7.7, global scenario, IPv4: blackhole filtering requests as seen by rs (BLACKHOLE) ... ok
+Live test, OpenBGPD 7.7, global scenario, IPv4: blackhole filtering requests as seen by rs (lrg cust) ... ok
+Live test, OpenBGPD 7.7, global scenario, IPv4: blackhole filtering requests as seen by rs (std cust) ... ok
+Live test, OpenBGPD 7.7, global scenario, IPv4: blackholed prefixes as seen by enabled clients (BLACKHOLE) ... ok
+Live test, OpenBGPD 7.7, global scenario, IPv4: blackholed prefixes as seen by enabled clients (lrg_cust) ... ok
+Live test, OpenBGPD 7.7, global scenario, IPv4: blackholed prefixes as seen by enabled clients (std_cust) ... ok
+Live test, OpenBGPD 7.7, global scenario, IPv4: blackholed prefixes not seen by not enabled clients ... ok
+Live test, OpenBGPD 7.7, global scenario, IPv4: gshut by an enabled client ... ok
+Live test, OpenBGPD 7.7, global scenario, IPv4: gshut by a not enabled client ... ok
+Live test, OpenBGPD 7.7, global scenario, IPv4: control communities, announce to AS1 only ... ok
+Live test, OpenBGPD 7.7, global scenario, IPv4: control communities, don't announce to any ... ok
+Live test, OpenBGPD 7.7, global scenario, IPv4: control communities, announce to all except AS1 ... ok
+Live test, OpenBGPD 7.7, global scenario, IPv4: control communities, prepend once to any ... ok
+Live test, OpenBGPD 7.7, global scenario, IPv4: control communities, prepend twice to any ... ok
+Live test, OpenBGPD 7.7, global scenario, IPv4: control communities, prepend thrice to any ... ok
+Live test, OpenBGPD 7.7, global scenario, IPv4: control communities, prepend once to AS1 ... ok
+Live test, OpenBGPD 7.7, global scenario, IPv4: control communities, prepend twice to AS2 ... ok
+Live test, OpenBGPD 7.7, global scenario, IPv4: control communities, prepend thrice to AS1, once to others ... ok
+Live test, OpenBGPD 7.7, global scenario, IPv4: control communities, NO_EXPORT to AS1 ... ok
+Live test, OpenBGPD 7.7, global scenario, IPv4: control communities, NO_EXPORT to any ... ok
+Live test, OpenBGPD 7.7, global scenario, IPv4: control communities, RFC1997 NO_EXPORT ... ok
+Live test, OpenBGPD 7.7, global scenario, IPv4: control communities, RTT, blackhole, not peers > 20 ms ... ok
+Live test, OpenBGPD 7.7, global scenario, IPv4: control communities, RTT, not peers > 15 ms ... ok
+Live test, OpenBGPD 7.7, global scenario, IPv4: control communities, RTT, not peers > 5 ms ... ok
+Live test, OpenBGPD 7.7, global scenario, IPv4: control communities, RTT, not peers > 5 ms + AS3 ... ok
+Live test, OpenBGPD 7.7, global scenario, IPv4: control communities, RTT, not peers <= 5 and > 100 ms ... ok
+Live test, OpenBGPD 7.7, global scenario, IPv4: control communities, RTT, only peers <= 15 ms ... ok
+Live test, OpenBGPD 7.7, global scenario, IPv4: control communities, RTT, only peers <= 5 ms ... ok
+Live test, OpenBGPD 7.7, global scenario, IPv4: control communities, RTT, ext comms, prepend 1x > 10 ms, 2x > 20 ms ... ok
+Live test, OpenBGPD 7.7, global scenario, IPv4: control communities, RTT, prepend 3x > 100 ms, 2x > 10 ms ... ok
+Live test, OpenBGPD 7.7, global scenario, IPv4: control communities, RTT, prepend 3x <= 5 ms, 2x <= 20 ms, 1x any ... ok
+Live test, OpenBGPD 7.7, global scenario, IPv4: prefixes received by clients: AS1_1 ... ok
+Live test, OpenBGPD 7.7, global scenario, IPv4: prefixes received by clients: AS1_2 ... ok
+Live test, OpenBGPD 7.7, global scenario, IPv4: prefixes received by clients: AS2 ... ok
+Live test, OpenBGPD 7.7, global scenario, IPv4: prefixes received by clients: AS3 ... ok
+Live test, OpenBGPD 7.7, global scenario, IPv4: prefixes received by clients: AS3 (with ADD-PATH) ... ok
+Live test, OpenBGPD 7.7, global scenario, IPv4: reconfigure ... ok
+Live test, OpenBGPD 7.7, global scenario, IPv4: log contains errors ... ok
+Live test, OpenBGPD 7.7, global scenario, IPv4: dumping rs config...
+Live test, OpenBGPD 7.7, global scenario, IPv4: dumping routes...
+Live test, OpenBGPD 7.7, global scenario, IPv4: stopping instances...
+Live test, OpenBGPD 7.7, global scenario, IPv6: setting instances up...
+Live test, OpenBGPD 7.7, global scenario, IPv6: instances setup ... ok
+Live test, OpenBGPD 7.7, global scenario, IPv6: sessions are up ... ok
+Live test, OpenBGPD 7.7, global scenario, IPv6: session configured via local include files ... ok
+Live test, OpenBGPD 7.7, global scenario, IPv6: good prefixes because of use_arin_bulk_whois_data ... ok
+Live test, OpenBGPD 7.7, global scenario, IPv6: good prefixes received by rs: IRRdb white-list ... ok
+Live test, OpenBGPD 7.7, global scenario, IPv6: good prefixes because of use_registrobr_bulk_whois_data ... ok
+Live test, OpenBGPD 7.7, global scenario, IPv6: good prefixes because of use_rpki_roas_as_route_objects: exact ... ok
+Live test, OpenBGPD 7.7, global scenario, IPv6: good prefixes because of use_rpki_roas_as_route_objects: covering ... ok
+Live test, OpenBGPD 7.7, global scenario, IPv6: good prefixes received by rs ... ok
+Live test, OpenBGPD 7.7, global scenario, IPv6: good prefixes received by rs: non-client NEXT_HOP ... ok
+Live test, OpenBGPD 7.7, global scenario, IPv6: bad prefixes received by rs: not IPv6 global unicast space ... ok
+Live test, OpenBGPD 7.7, global scenario, IPv6: bad prefixes received by rs: IRRdb white-list ... ok
+Live test, OpenBGPD 7.7, global scenario, IPv6: bad prefixes received by rs: AS_SET origin, RFC6907 7.1.9 ... ok
+Live test, OpenBGPD 7.7, global scenario, IPv6: bad prefixes received by rs: IRR check for AS_SET origin, BIRD ... SKIP: BIRD specific
+Live test, OpenBGPD 7.7, global scenario, IPv6: bad prefixes received by rs: IRR check for AS_SET origin, OpenBGPD ... ok
+Live test, OpenBGPD 7.7, global scenario, IPv6: bad prefixes received by rs: AS_PATH len ... ok
+Live test, OpenBGPD 7.7, global scenario, IPv6: bad prefixes received by rs: bogon ... ok
+Live test, OpenBGPD 7.7, global scenario, IPv6: bad prefixes received by rs: client blacklist ... ok
+Live test, OpenBGPD 7.7, global scenario, IPv6: bad prefixes received by rs: global blacklist ... ok
+Live test, OpenBGPD 7.7, global scenario, IPv6: bad prefixes received by rs: invalid ASN in AS-PATH ... ok
+Live test, OpenBGPD 7.7, global scenario, IPv6: bad prefixes received by rs: invalid NEXT_HOP ... ok
+Live test, OpenBGPD 7.7, global scenario, IPv6: bad prefixes received by rs: left-most ASN ... ok
+Live test, OpenBGPD 7.7, global scenario, IPv6: bad prefixes received by rs: never via route servers ASN in AS-PATH (asns list) ... ok
+Live test, OpenBGPD 7.7, global scenario, IPv6: bad prefixes received by rs: never via route servers ASN in AS-PATH (PeeringDB) ... ok
+Live test, OpenBGPD 7.7, global scenario, IPv6: bad prefixes received by rs: origin not in AS-SET ... ok
+Live test, OpenBGPD 7.7, global scenario, IPv6: bad prefixes received by rs: prefix not in AS-SET ... ok
+Live test, OpenBGPD 7.7, global scenario, IPv6: bad prefixes received by rs: invalid prefix-len ... ok
+Live test, OpenBGPD 7.7, global scenario, IPv6: bad prefixes received by rs: transit-free ASN in AS-PATH ... ok
+Live test, OpenBGPD 7.7, global scenario, IPv6: bad prefixes received by rs: transit-free ASN in AS-PATH from a transit peer ... ok
+Live test, OpenBGPD 7.7, global scenario, IPv6: bad prefixes received by rs: unknown NEXT_HOP ... ok
+Live test, OpenBGPD 7.7, global scenario, IPv6: bad prefixes received by rs: RPKI ROAs as route objects failed ... ok
+Live test, OpenBGPD 7.7, global scenario, IPv6: bad prefixes received by rs: default route ... ok
+Live test, OpenBGPD 7.7, global scenario, IPv6: bad prefixes not received by clients ... ok
+Live test, OpenBGPD 7.7, global scenario, IPv6: bad prefixes received by rs: bogon (wrong tag) ... ok
+Live test, OpenBGPD 7.7, global scenario, IPv6: bad prefixes received by rs: global blacklist (wrong tag) ... ok
+Live test, OpenBGPD 7.7, global scenario, IPv6: RPKI, blackhole request for a covered prefix ... ok
+Live test, OpenBGPD 7.7, global scenario, IPv6: RPKI, invalid prefix (bad ASN) received by rs ... ok
+Live test, OpenBGPD 7.7, global scenario, IPv6: RPKI, invalid prefix (bad length) received by rs ... ok
+Live test, OpenBGPD 7.7, global scenario, IPv6: RPKI, invalid prefix (bad ASN) not propagated to clients ... ok
+Live test, OpenBGPD 7.7, global scenario, IPv6: RPKI, valid prefix received by rs ... ok
+Live test, OpenBGPD 7.7, global scenario, IPv6: RPKI, valid prefix propagated to clients ... ok
+Live test, OpenBGPD 7.7, global scenario, IPv6: prefixes from AS101 received by its upstreams ... ok
+Live test, OpenBGPD 7.7, global scenario, IPv6: prefixes from AS101 received by rs ... ok
+Live test, OpenBGPD 7.7, global scenario, IPv6: bad communities as seen by AS101 upstreams ... ok
+Live test, OpenBGPD 7.7, global scenario, IPv6: bad communities scrubbed by rs (lrg) ... ok
+Live test, OpenBGPD 7.7, global scenario, IPv6: bad communities scrubbed by rs (std) ... ok
+Live test, OpenBGPD 7.7, global scenario, IPv6: other communities not scrubbed by rs (lrg) ... ok
+Live test, OpenBGPD 7.7, global scenario, IPv6: other communities not scrubbed by rs (std) ... ok
+Live test, OpenBGPD 7.7, global scenario, IPv6: blackhole filtering requests as seen by rs (BLACKHOLE) ... ok
+Live test, OpenBGPD 7.7, global scenario, IPv6: blackhole filtering requests as seen by rs (lrg cust) ... ok
+Live test, OpenBGPD 7.7, global scenario, IPv6: blackhole filtering requests as seen by rs (std cust) ... ok
+Live test, OpenBGPD 7.7, global scenario, IPv6: blackholed prefixes as seen by enabled clients (BLACKHOLE) ... ok
+Live test, OpenBGPD 7.7, global scenario, IPv6: blackholed prefixes as seen by enabled clients (lrg_cust) ... ok
+Live test, OpenBGPD 7.7, global scenario, IPv6: blackholed prefixes as seen by enabled clients (std_cust) ... ok
+Live test, OpenBGPD 7.7, global scenario, IPv6: blackholed prefixes not seen by not enabled clients ... ok
+Live test, OpenBGPD 7.7, global scenario, IPv6: gshut by an enabled client ... ok
+Live test, OpenBGPD 7.7, global scenario, IPv6: gshut by a not enabled client ... ok
+Live test, OpenBGPD 7.7, global scenario, IPv6: control communities, announce to AS1 only ... ok
+Live test, OpenBGPD 7.7, global scenario, IPv6: control communities, don't announce to any ... ok
+Live test, OpenBGPD 7.7, global scenario, IPv6: control communities, announce to all except AS1 ... ok
+Live test, OpenBGPD 7.7, global scenario, IPv6: control communities, prepend once to any ... ok
+Live test, OpenBGPD 7.7, global scenario, IPv6: control communities, prepend twice to any ... ok
+Live test, OpenBGPD 7.7, global scenario, IPv6: control communities, prepend thrice to any ... ok
+Live test, OpenBGPD 7.7, global scenario, IPv6: control communities, prepend once to AS1 ... ok
+Live test, OpenBGPD 7.7, global scenario, IPv6: control communities, prepend twice to AS2 ... ok
+Live test, OpenBGPD 7.7, global scenario, IPv6: control communities, prepend thrice to AS1, once to others ... ok
+Live test, OpenBGPD 7.7, global scenario, IPv6: control communities, NO_EXPORT to AS1 ... ok
+Live test, OpenBGPD 7.7, global scenario, IPv6: control communities, NO_EXPORT to any ... ok
+Live test, OpenBGPD 7.7, global scenario, IPv6: control communities, RFC1997 NO_EXPORT ... ok
+Live test, OpenBGPD 7.7, global scenario, IPv6: control communities, RTT, blackhole, not peers > 20 ms ... ok
+Live test, OpenBGPD 7.7, global scenario, IPv6: control communities, RTT, not peers > 15 ms ... ok
+Live test, OpenBGPD 7.7, global scenario, IPv6: control communities, RTT, not peers > 5 ms ... ok
+Live test, OpenBGPD 7.7, global scenario, IPv6: control communities, RTT, not peers > 5 ms + AS3 ... ok
+Live test, OpenBGPD 7.7, global scenario, IPv6: control communities, RTT, not peers <= 5 and > 100 ms ... ok
+Live test, OpenBGPD 7.7, global scenario, IPv6: control communities, RTT, only peers <= 15 ms ... ok
+Live test, OpenBGPD 7.7, global scenario, IPv6: control communities, RTT, only peers <= 5 ms ... ok
+Live test, OpenBGPD 7.7, global scenario, IPv6: control communities, RTT, ext comms, prepend 1x > 10 ms, 2x > 20 ms ... ok
+Live test, OpenBGPD 7.7, global scenario, IPv6: control communities, RTT, prepend 3x > 100 ms, 2x > 10 ms ... ok
+Live test, OpenBGPD 7.7, global scenario, IPv6: control communities, RTT, prepend 3x <= 5 ms, 2x <= 20 ms, 1x any ... ok
+Live test, OpenBGPD 7.7, global scenario, IPv6: prefixes received by clients: AS1_1 ... ok
+Live test, OpenBGPD 7.7, global scenario, IPv6: prefixes received by clients: AS1_2 ... ok
+Live test, OpenBGPD 7.7, global scenario, IPv6: prefixes received by clients: AS2 ... ok
+Live test, OpenBGPD 7.7, global scenario, IPv6: prefixes received by clients: AS3 ... ok
+Live test, OpenBGPD 7.7, global scenario, IPv6: prefixes received by clients: AS3 (with ADD-PATH) ... ok
+Live test, OpenBGPD 7.7, global scenario, IPv6: reconfigure ... ok
+Live test, OpenBGPD 7.7, global scenario, IPv6: log contains errors ... ok
+Live test, OpenBGPD 7.7, global scenario, IPv6: dumping rs config...
+Live test, OpenBGPD 7.7, global scenario, IPv6: dumping routes...
+Live test, OpenBGPD 7.7, global scenario, IPv6: stopping instances...
+Live test, OpenBGPD 7.6, global scenario, IPv4: setting instances up...
+Live test, OpenBGPD 7.6, global scenario, IPv4: instances setup ... ok
+Live test, OpenBGPD 7.6, global scenario, IPv4: sessions are up ... ok
+Live test, OpenBGPD 7.6, global scenario, IPv4: session configured via local include files ... ok
+Live test, OpenBGPD 7.6, global scenario, IPv4: good prefixes because of use_arin_bulk_whois_data ... ok
+Live test, OpenBGPD 7.6, global scenario, IPv4: good prefixes received by rs: IRRdb white-list ... ok
+Live test, OpenBGPD 7.6, global scenario, IPv4: good prefixes because of use_registrobr_bulk_whois_data ... ok
+Live test, OpenBGPD 7.6, global scenario, IPv4: good prefixes because of use_rpki_roas_as_route_objects: exact ... ok
+Live test, OpenBGPD 7.6, global scenario, IPv4: good prefixes because of use_rpki_roas_as_route_objects: covering ... ok
+Live test, OpenBGPD 7.6, global scenario, IPv4: good prefixes received by rs ... ok
+Live test, OpenBGPD 7.6, global scenario, IPv4: good prefixes received by rs: non-client NEXT_HOP ... ok
+Live test, OpenBGPD 7.6, global scenario, IPv4: bad prefixes received by rs: not IPv6 global unicast space ... ok
+Live test, OpenBGPD 7.6, global scenario, IPv4: bad prefixes received by rs: IRRdb white-list ... ok
+Live test, OpenBGPD 7.6, global scenario, IPv4: bad prefixes received by rs: AS_SET origin, RFC6907 7.1.9 ... ok
+Live test, OpenBGPD 7.6, global scenario, IPv4: bad prefixes received by rs: IRR check for AS_SET origin, BIRD ... SKIP: BIRD specific
+Live test, OpenBGPD 7.6, global scenario, IPv4: bad prefixes received by rs: IRR check for AS_SET origin, OpenBGPD ... ok
+Live test, OpenBGPD 7.6, global scenario, IPv4: bad prefixes received by rs: AS_PATH len ... ok
+Live test, OpenBGPD 7.6, global scenario, IPv4: bad prefixes received by rs: bogon ... ok
+Live test, OpenBGPD 7.6, global scenario, IPv4: bad prefixes received by rs: client blacklist ... ok
+Live test, OpenBGPD 7.6, global scenario, IPv4: bad prefixes received by rs: global blacklist ... ok
+Live test, OpenBGPD 7.6, global scenario, IPv4: bad prefixes received by rs: invalid ASN in AS-PATH ... ok
+Live test, OpenBGPD 7.6, global scenario, IPv4: bad prefixes received by rs: invalid NEXT_HOP ... ok
+Live test, OpenBGPD 7.6, global scenario, IPv4: bad prefixes received by rs: left-most ASN ... ok
+Live test, OpenBGPD 7.6, global scenario, IPv4: bad prefixes received by rs: never via route servers ASN in AS-PATH (asns list) ... ok
+Live test, OpenBGPD 7.6, global scenario, IPv4: bad prefixes received by rs: never via route servers ASN in AS-PATH (PeeringDB) ... ok
+Live test, OpenBGPD 7.6, global scenario, IPv4: bad prefixes received by rs: origin not in AS-SET ... ok
+Live test, OpenBGPD 7.6, global scenario, IPv4: bad prefixes received by rs: prefix not in AS-SET ... ok
+Live test, OpenBGPD 7.6, global scenario, IPv4: bad prefixes received by rs: invalid prefix-len ... ok
+Live test, OpenBGPD 7.6, global scenario, IPv4: bad prefixes received by rs: transit-free ASN in AS-PATH ... ok
+Live test, OpenBGPD 7.6, global scenario, IPv4: bad prefixes received by rs: transit-free ASN in AS-PATH from a transit peer ... ok
+Live test, OpenBGPD 7.6, global scenario, IPv4: bad prefixes received by rs: unknown NEXT_HOP ... ok
+Live test, OpenBGPD 7.6, global scenario, IPv4: bad prefixes received by rs: RPKI ROAs as route objects failed ... ok
+Live test, OpenBGPD 7.6, global scenario, IPv4: bad prefixes received by rs: default route ... ok
+Live test, OpenBGPD 7.6, global scenario, IPv4: bad prefixes not received by clients ... ok
+Live test, OpenBGPD 7.6, global scenario, IPv4: bad prefixes received by rs: bogon (wrong tag) ... ok
+Live test, OpenBGPD 7.6, global scenario, IPv4: bad prefixes received by rs: global blacklist (wrong tag) ... ok
+Live test, OpenBGPD 7.6, global scenario, IPv4: RPKI, blackhole request for a covered prefix ... ok
+Live test, OpenBGPD 7.6, global scenario, IPv4: RPKI, invalid prefix (bad ASN) received by rs ... ok
+Live test, OpenBGPD 7.6, global scenario, IPv4: RPKI, invalid prefix (bad length) received by rs ... ok
+Live test, OpenBGPD 7.6, global scenario, IPv4: RPKI, invalid prefix (bad ASN) not propagated to clients ... ok
+Live test, OpenBGPD 7.6, global scenario, IPv4: RPKI, valid prefix received by rs ... ok
+Live test, OpenBGPD 7.6, global scenario, IPv4: RPKI, valid prefix propagated to clients ... ok
+Live test, OpenBGPD 7.6, global scenario, IPv4: prefixes from AS101 received by its upstreams ... ok
+Live test, OpenBGPD 7.6, global scenario, IPv4: prefixes from AS101 received by rs ... ok
+Live test, OpenBGPD 7.6, global scenario, IPv4: bad communities as seen by AS101 upstreams ... ok
+Live test, OpenBGPD 7.6, global scenario, IPv4: bad communities scrubbed by rs (lrg) ... ok
+Live test, OpenBGPD 7.6, global scenario, IPv4: bad communities scrubbed by rs (std) ... ok
+Live test, OpenBGPD 7.6, global scenario, IPv4: other communities not scrubbed by rs (lrg) ... ok
+Live test, OpenBGPD 7.6, global scenario, IPv4: other communities not scrubbed by rs (std) ... ok
+Live test, OpenBGPD 7.6, global scenario, IPv4: blackhole filtering requests as seen by rs (BLACKHOLE) ... ok
+Live test, OpenBGPD 7.6, global scenario, IPv4: blackhole filtering requests as seen by rs (lrg cust) ... ok
+Live test, OpenBGPD 7.6, global scenario, IPv4: blackhole filtering requests as seen by rs (std cust) ... ok
+Live test, OpenBGPD 7.6, global scenario, IPv4: blackholed prefixes as seen by enabled clients (BLACKHOLE) ... ok
+Live test, OpenBGPD 7.6, global scenario, IPv4: blackholed prefixes as seen by enabled clients (lrg_cust) ... ok
+Live test, OpenBGPD 7.6, global scenario, IPv4: blackholed prefixes as seen by enabled clients (std_cust) ... ok
+Live test, OpenBGPD 7.6, global scenario, IPv4: blackholed prefixes not seen by not enabled clients ... ok
+Live test, OpenBGPD 7.6, global scenario, IPv4: gshut by an enabled client ... ok
+Live test, OpenBGPD 7.6, global scenario, IPv4: gshut by a not enabled client ... ok
+Live test, OpenBGPD 7.6, global scenario, IPv4: control communities, announce to AS1 only ... ok
+Live test, OpenBGPD 7.6, global scenario, IPv4: control communities, don't announce to any ... ok
+Live test, OpenBGPD 7.6, global scenario, IPv4: control communities, announce to all except AS1 ... ok
+Live test, OpenBGPD 7.6, global scenario, IPv4: control communities, prepend once to any ... ok
+Live test, OpenBGPD 7.6, global scenario, IPv4: control communities, prepend twice to any ... ok
+Live test, OpenBGPD 7.6, global scenario, IPv4: control communities, prepend thrice to any ... ok
+Live test, OpenBGPD 7.6, global scenario, IPv4: control communities, prepend once to AS1 ... ok
+Live test, OpenBGPD 7.6, global scenario, IPv4: control communities, prepend twice to AS2 ... ok
+Live test, OpenBGPD 7.6, global scenario, IPv4: control communities, prepend thrice to AS1, once to others ... ok
+Live test, OpenBGPD 7.6, global scenario, IPv4: control communities, NO_EXPORT to AS1 ... ok
+Live test, OpenBGPD 7.6, global scenario, IPv4: control communities, NO_EXPORT to any ... ok
+Live test, OpenBGPD 7.6, global scenario, IPv4: control communities, RFC1997 NO_EXPORT ... ok
+Live test, OpenBGPD 7.6, global scenario, IPv4: control communities, RTT, blackhole, not peers > 20 ms ... ok
+Live test, OpenBGPD 7.6, global scenario, IPv4: control communities, RTT, not peers > 15 ms ... ok
+Live test, OpenBGPD 7.6, global scenario, IPv4: control communities, RTT, not peers > 5 ms ... ok
+Live test, OpenBGPD 7.6, global scenario, IPv4: control communities, RTT, not peers > 5 ms + AS3 ... ok
+Live test, OpenBGPD 7.6, global scenario, IPv4: control communities, RTT, not peers <= 5 and > 100 ms ... ok
+Live test, OpenBGPD 7.6, global scenario, IPv4: control communities, RTT, only peers <= 15 ms ... ok
+Live test, OpenBGPD 7.6, global scenario, IPv4: control communities, RTT, only peers <= 5 ms ... ok
+Live test, OpenBGPD 7.6, global scenario, IPv4: control communities, RTT, ext comms, prepend 1x > 10 ms, 2x > 20 ms ... ok
+Live test, OpenBGPD 7.6, global scenario, IPv4: control communities, RTT, prepend 3x > 100 ms, 2x > 10 ms ... ok
+Live test, OpenBGPD 7.6, global scenario, IPv4: control communities, RTT, prepend 3x <= 5 ms, 2x <= 20 ms, 1x any ... ok
+Live test, OpenBGPD 7.6, global scenario, IPv4: prefixes received by clients: AS1_1 ... ok
+Live test, OpenBGPD 7.6, global scenario, IPv4: prefixes received by clients: AS1_2 ... ok
+Live test, OpenBGPD 7.6, global scenario, IPv4: prefixes received by clients: AS2 ... ok
+Live test, OpenBGPD 7.6, global scenario, IPv4: prefixes received by clients: AS3 ... ok
+Live test, OpenBGPD 7.6, global scenario, IPv4: prefixes received by clients: AS3 (with ADD-PATH) ... ok
+Live test, OpenBGPD 7.6, global scenario, IPv4: reconfigure ... ok
+Live test, OpenBGPD 7.6, global scenario, IPv4: log contains errors ... ok
+Live test, OpenBGPD 7.6, global scenario, IPv4: dumping rs config...
+Live test, OpenBGPD 7.6, global scenario, IPv4: dumping routes...
+Live test, OpenBGPD 7.6, global scenario, IPv4: stopping instances...
+Live test, OpenBGPD 7.6, global scenario, IPv6: setting instances up...
+Live test, OpenBGPD 7.6, global scenario, IPv6: instances setup ... ok
+Live test, OpenBGPD 7.6, global scenario, IPv6: sessions are up ... ok
+Live test, OpenBGPD 7.6, global scenario, IPv6: session configured via local include files ... ok
+Live test, OpenBGPD 7.6, global scenario, IPv6: good prefixes because of use_arin_bulk_whois_data ... ok
+Live test, OpenBGPD 7.6, global scenario, IPv6: good prefixes received by rs: IRRdb white-list ... ok
+Live test, OpenBGPD 7.6, global scenario, IPv6: good prefixes because of use_registrobr_bulk_whois_data ... ok
+Live test, OpenBGPD 7.6, global scenario, IPv6: good prefixes because of use_rpki_roas_as_route_objects: exact ... ok
+Live test, OpenBGPD 7.6, global scenario, IPv6: good prefixes because of use_rpki_roas_as_route_objects: covering ... ok
+Live test, OpenBGPD 7.6, global scenario, IPv6: good prefixes received by rs ... ok
+Live test, OpenBGPD 7.6, global scenario, IPv6: good prefixes received by rs: non-client NEXT_HOP ... ok
+Live test, OpenBGPD 7.6, global scenario, IPv6: bad prefixes received by rs: not IPv6 global unicast space ... ok
+Live test, OpenBGPD 7.6, global scenario, IPv6: bad prefixes received by rs: IRRdb white-list ... ok
+Live test, OpenBGPD 7.6, global scenario, IPv6: bad prefixes received by rs: AS_SET origin, RFC6907 7.1.9 ... ok
+Live test, OpenBGPD 7.6, global scenario, IPv6: bad prefixes received by rs: IRR check for AS_SET origin, BIRD ... SKIP: BIRD specific
+Live test, OpenBGPD 7.6, global scenario, IPv6: bad prefixes received by rs: IRR check for AS_SET origin, OpenBGPD ... ok
+Live test, OpenBGPD 7.6, global scenario, IPv6: bad prefixes received by rs: AS_PATH len ... ok
+Live test, OpenBGPD 7.6, global scenario, IPv6: bad prefixes received by rs: bogon ... ok
+Live test, OpenBGPD 7.6, global scenario, IPv6: bad prefixes received by rs: client blacklist ... ok
+Live test, OpenBGPD 7.6, global scenario, IPv6: bad prefixes received by rs: global blacklist ... ok
+Live test, OpenBGPD 7.6, global scenario, IPv6: bad prefixes received by rs: invalid ASN in AS-PATH ... ok
+Live test, OpenBGPD 7.6, global scenario, IPv6: bad prefixes received by rs: invalid NEXT_HOP ... ok
+Live test, OpenBGPD 7.6, global scenario, IPv6: bad prefixes received by rs: left-most ASN ... ok
+Live test, OpenBGPD 7.6, global scenario, IPv6: bad prefixes received by rs: never via route servers ASN in AS-PATH (asns list) ... ok
+Live test, OpenBGPD 7.6, global scenario, IPv6: bad prefixes received by rs: never via route servers ASN in AS-PATH (PeeringDB) ... ok
+Live test, OpenBGPD 7.6, global scenario, IPv6: bad prefixes received by rs: origin not in AS-SET ... ok
+Live test, OpenBGPD 7.6, global scenario, IPv6: bad prefixes received by rs: prefix not in AS-SET ... ok
+Live test, OpenBGPD 7.6, global scenario, IPv6: bad prefixes received by rs: invalid prefix-len ... ok
+Live test, OpenBGPD 7.6, global scenario, IPv6: bad prefixes received by rs: transit-free ASN in AS-PATH ... ok
+Live test, OpenBGPD 7.6, global scenario, IPv6: bad prefixes received by rs: transit-free ASN in AS-PATH from a transit peer ... ok
+Live test, OpenBGPD 7.6, global scenario, IPv6: bad prefixes received by rs: unknown NEXT_HOP ... ok
+Live test, OpenBGPD 7.6, global scenario, IPv6: bad prefixes received by rs: RPKI ROAs as route objects failed ... ok
+Live test, OpenBGPD 7.6, global scenario, IPv6: bad prefixes received by rs: default route ... ok
+Live test, OpenBGPD 7.6, global scenario, IPv6: bad prefixes not received by clients ... ok
+Live test, OpenBGPD 7.6, global scenario, IPv6: bad prefixes received by rs: bogon (wrong tag) ... ok
+Live test, OpenBGPD 7.6, global scenario, IPv6: bad prefixes received by rs: global blacklist (wrong tag) ... ok
+Live test, OpenBGPD 7.6, global scenario, IPv6: RPKI, blackhole request for a covered prefix ... ok
+Live test, OpenBGPD 7.6, global scenario, IPv6: RPKI, invalid prefix (bad ASN) received by rs ... ok
+Live test, OpenBGPD 7.6, global scenario, IPv6: RPKI, invalid prefix (bad length) received by rs ... ok
+Live test, OpenBGPD 7.6, global scenario, IPv6: RPKI, invalid prefix (bad ASN) not propagated to clients ... ok
+Live test, OpenBGPD 7.6, global scenario, IPv6: RPKI, valid prefix received by rs ... ok
+Live test, OpenBGPD 7.6, global scenario, IPv6: RPKI, valid prefix propagated to clients ... ok
+Live test, OpenBGPD 7.6, global scenario, IPv6: prefixes from AS101 received by its upstreams ... ok
+Live test, OpenBGPD 7.6, global scenario, IPv6: prefixes from AS101 received by rs ... ok
+Live test, OpenBGPD 7.6, global scenario, IPv6: bad communities as seen by AS101 upstreams ... ok
+Live test, OpenBGPD 7.6, global scenario, IPv6: bad communities scrubbed by rs (lrg) ... ok
+Live test, OpenBGPD 7.6, global scenario, IPv6: bad communities scrubbed by rs (std) ... ok
+Live test, OpenBGPD 7.6, global scenario, IPv6: other communities not scrubbed by rs (lrg) ... ok
+Live test, OpenBGPD 7.6, global scenario, IPv6: other communities not scrubbed by rs (std) ... ok
+Live test, OpenBGPD 7.6, global scenario, IPv6: blackhole filtering requests as seen by rs (BLACKHOLE) ... ok
+Live test, OpenBGPD 7.6, global scenario, IPv6: blackhole filtering requests as seen by rs (lrg cust) ... ok
+Live test, OpenBGPD 7.6, global scenario, IPv6: blackhole filtering requests as seen by rs (std cust) ... ok
+Live test, OpenBGPD 7.6, global scenario, IPv6: blackholed prefixes as seen by enabled clients (BLACKHOLE) ... ok
+Live test, OpenBGPD 7.6, global scenario, IPv6: blackholed prefixes as seen by enabled clients (lrg_cust) ... ok
+Live test, OpenBGPD 7.6, global scenario, IPv6: blackholed prefixes as seen by enabled clients (std_cust) ... ok
+Live test, OpenBGPD 7.6, global scenario, IPv6: blackholed prefixes not seen by not enabled clients ... ok
+Live test, OpenBGPD 7.6, global scenario, IPv6: gshut by an enabled client ... ok
+Live test, OpenBGPD 7.6, global scenario, IPv6: gshut by a not enabled client ... ok
+Live test, OpenBGPD 7.6, global scenario, IPv6: control communities, announce to AS1 only ... ok
+Live test, OpenBGPD 7.6, global scenario, IPv6: control communities, don't announce to any ... ok
+Live test, OpenBGPD 7.6, global scenario, IPv6: control communities, announce to all except AS1 ... ok
+Live test, OpenBGPD 7.6, global scenario, IPv6: control communities, prepend once to any ... ok
+Live test, OpenBGPD 7.6, global scenario, IPv6: control communities, prepend twice to any ... ok
+Live test, OpenBGPD 7.6, global scenario, IPv6: control communities, prepend thrice to any ... ok
+Live test, OpenBGPD 7.6, global scenario, IPv6: control communities, prepend once to AS1 ... ok
+Live test, OpenBGPD 7.6, global scenario, IPv6: control communities, prepend twice to AS2 ... ok
+Live test, OpenBGPD 7.6, global scenario, IPv6: control communities, prepend thrice to AS1, once to others ... ok
+Live test, OpenBGPD 7.6, global scenario, IPv6: control communities, NO_EXPORT to AS1 ... ok
+Live test, OpenBGPD 7.6, global scenario, IPv6: control communities, NO_EXPORT to any ... ok
+Live test, OpenBGPD 7.6, global scenario, IPv6: control communities, RFC1997 NO_EXPORT ... ok
+Live test, OpenBGPD 7.6, global scenario, IPv6: control communities, RTT, blackhole, not peers > 20 ms ... ok
+Live test, OpenBGPD 7.6, global scenario, IPv6: control communities, RTT, not peers > 15 ms ... ok
+Live test, OpenBGPD 7.6, global scenario, IPv6: control communities, RTT, not peers > 5 ms ... ok
+Live test, OpenBGPD 7.6, global scenario, IPv6: control communities, RTT, not peers > 5 ms + AS3 ... ok
+Live test, OpenBGPD 7.6, global scenario, IPv6: control communities, RTT, not peers <= 5 and > 100 ms ... ok
+Live test, OpenBGPD 7.6, global scenario, IPv6: control communities, RTT, only peers <= 15 ms ... ok
+Live test, OpenBGPD 7.6, global scenario, IPv6: control communities, RTT, only peers <= 5 ms ... ok
+Live test, OpenBGPD 7.6, global scenario, IPv6: control communities, RTT, ext comms, prepend 1x > 10 ms, 2x > 20 ms ... ok
+Live test, OpenBGPD 7.6, global scenario, IPv6: control communities, RTT, prepend 3x > 100 ms, 2x > 10 ms ... ok
+Live test, OpenBGPD 7.6, global scenario, IPv6: control communities, RTT, prepend 3x <= 5 ms, 2x <= 20 ms, 1x any ... ok
+Live test, OpenBGPD 7.6, global scenario, IPv6: prefixes received by clients: AS1_1 ... ok
+Live test, OpenBGPD 7.6, global scenario, IPv6: prefixes received by clients: AS1_2 ... ok
+Live test, OpenBGPD 7.6, global scenario, IPv6: prefixes received by clients: AS2 ... ok
+Live test, OpenBGPD 7.6, global scenario, IPv6: prefixes received by clients: AS3 ... ok
+Live test, OpenBGPD 7.6, global scenario, IPv6: prefixes received by clients: AS3 (with ADD-PATH) ... ok
+Live test, OpenBGPD 7.6, global scenario, IPv6: reconfigure ... ok
+Live test, OpenBGPD 7.6, global scenario, IPv6: log contains errors ... ok
+Live test, OpenBGPD 7.6, global scenario, IPv6: dumping rs config...
+Live test, OpenBGPD 7.6, global scenario, IPv6: dumping routes...
+Live test, OpenBGPD 7.6, global scenario, IPv6: stopping instances...
 
 ----------------------------------------------------------------------
-Ran 344 tests in 329.423s
-
-OK (SKIP=6)
-Live test, OpenBGPD 7.5, gshut, IPv4: setting instances up...
-Live test, OpenBGPD 7.5, gshut, IPv4: instances setup ... ok
-Live test, OpenBGPD 7.5, gshut, IPv4: sessions are up ... ok
-Live test, OpenBGPD 7.5, gshut, IPv4: clients receive routes tagged with GRACEFUL_SHUTDOWN ... ok
-Live test, OpenBGPD 7.5, gshut, IPv4: reconfigure ... ok
-Live test, OpenBGPD 7.5, gshut, IPv4: log contains errors ... ok
-Live test, OpenBGPD 7.5, gshut, IPv4: dumping rs config...
-Live test, OpenBGPD 7.5, gshut, IPv4: dumping routes...
-Live test, OpenBGPD 7.5, gshut, IPv4: stopping instances...
-Live test, OpenBGPD 7.5, gshut, IPv6: setting instances up...
-Live test, OpenBGPD 7.5, gshut, IPv6: instances setup ... ok
-Live test, OpenBGPD 7.5, gshut, IPv6: sessions are up ... ok
-Live test, OpenBGPD 7.5, gshut, IPv6: clients receive routes tagged with GRACEFUL_SHUTDOWN ... ok
-Live test, OpenBGPD 7.5, gshut, IPv6: reconfigure ... ok
-Live test, OpenBGPD 7.5, gshut, IPv6: log contains errors ... ok
-Live test, OpenBGPD 7.5, gshut, IPv6: dumping rs config...
-Live test, OpenBGPD 7.5, gshut, IPv6: dumping routes...
-Live test, OpenBGPD 7.5, gshut, IPv6: stopping instances...
+Ran 344 tests in 372.628s
+
+OK (SKIP=4)
+Live test, OpenBGPD 7.7, gshut, IPv4: setting instances up...
+Live test, OpenBGPD 7.7, gshut, IPv4: instances setup ... ok
+Live test, OpenBGPD 7.7, gshut, IPv4: sessions are up ... ok
+Live test, OpenBGPD 7.7, gshut, IPv4: clients receive routes tagged with GRACEFUL_SHUTDOWN ... ok
+Live test, OpenBGPD 7.7, gshut, IPv4: reconfigure ... ok
+Live test, OpenBGPD 7.7, gshut, IPv4: log contains errors ... ok
+Live test, OpenBGPD 7.7, gshut, IPv4: dumping rs config...
+Live test, OpenBGPD 7.7, gshut, IPv4: dumping routes...
+Live test, OpenBGPD 7.7, gshut, IPv4: stopping instances...
+Live test, OpenBGPD 7.7, gshut, IPv6: setting instances up...
+Live test, OpenBGPD 7.7, gshut, IPv6: instances setup ... ok
+Live test, OpenBGPD 7.7, gshut, IPv6: sessions are up ... ok
+Live test, OpenBGPD 7.7, gshut, IPv6: clients receive routes tagged with GRACEFUL_SHUTDOWN ... ok
+Live test, OpenBGPD 7.7, gshut, IPv6: reconfigure ... ok
+Live test, OpenBGPD 7.7, gshut, IPv6: log contains errors ... ok
+Live test, OpenBGPD 7.7, gshut, IPv6: dumping rs config...
+Live test, OpenBGPD 7.7, gshut, IPv6: dumping routes...
+Live test, OpenBGPD 7.7, gshut, IPv6: stopping instances...
 
 ----------------------------------------------------------------------
-Ran 10 tests in 49.272s
+Ran 10 tests in 53.914s
 
 OK
-Live test, OpenBGPD 7.5, max-prefix, IPv4: setting instances up...
-Live test, OpenBGPD 7.5, max-prefix, IPv4: instances setup ... ok
-Live test, OpenBGPD 7.5, max-prefix, IPv4: sessions are down ... ok
-Live test, OpenBGPD 7.5, max-prefix, IPv4: clients log max-prefix notification ... ok
-Live test, OpenBGPD 7.5, max-prefix, IPv4: reconfigure ... ok
-Live test, OpenBGPD 7.5, max-prefix, IPv4: log contains errors ... ok
-Live test, OpenBGPD 7.5, max-prefix, IPv4: dumping rs config...
-Live test, OpenBGPD 7.5, max-prefix, IPv4: dumping routes...
-Live test, OpenBGPD 7.5, max-prefix, IPv4: stopping instances...
-Live test, OpenBGPD 7.5, max-prefix, IPv6: setting instances up...
-Live test, OpenBGPD 7.5, max-prefix, IPv6: instances setup ... ok
-Live test, OpenBGPD 7.5, max-prefix, IPv6: sessions are down ... ok
-Live test, OpenBGPD 7.5, max-prefix, IPv6: clients log max-prefix notification ... ok
-Live test, OpenBGPD 7.5, max-prefix, IPv6: reconfigure ... ok
-Live test, OpenBGPD 7.5, max-prefix, IPv6: log contains errors ... ok
-Live test, OpenBGPD 7.5, max-prefix, IPv6: dumping rs config...
-Live test, OpenBGPD 7.5, max-prefix, IPv6: dumping routes...
-Live test, OpenBGPD 7.5, max-prefix, IPv6: stopping instances...
+Live test, OpenBGPD 7.7, max-prefix, IPv4: setting instances up...
+Live test, OpenBGPD 7.7, max-prefix, IPv4: instances setup ... ok
+Live test, OpenBGPD 7.7, max-prefix, IPv4: sessions are down ... ok
+Live test, OpenBGPD 7.7, max-prefix, IPv4: clients log max-prefix notification ... ok
+Live test, OpenBGPD 7.7, max-prefix, IPv4: reconfigure ... ok
+Live test, OpenBGPD 7.7, max-prefix, IPv4: log contains errors ... ok
+Live test, OpenBGPD 7.7, max-prefix, IPv4: dumping rs config...
+Live test, OpenBGPD 7.7, max-prefix, IPv4: dumping routes...
+Live test, OpenBGPD 7.7, max-prefix, IPv4: stopping instances...
+Live test, OpenBGPD 7.7, max-prefix, IPv6: setting instances up...
+Live test, OpenBGPD 7.7, max-prefix, IPv6: instances setup ... ok
+Live test, OpenBGPD 7.7, max-prefix, IPv6: sessions are down ... ok
+Live test, OpenBGPD 7.7, max-prefix, IPv6: clients log max-prefix notification ... ok
+Live test, OpenBGPD 7.7, max-prefix, IPv6: reconfigure ... ok
+Live test, OpenBGPD 7.7, max-prefix, IPv6: log contains errors ... ok
+Live test, OpenBGPD 7.7, max-prefix, IPv6: dumping rs config...
+Live test, OpenBGPD 7.7, max-prefix, IPv6: dumping routes...
+Live test, OpenBGPD 7.7, max-prefix, IPv6: stopping instances...
 
 ----------------------------------------------------------------------
-Ran 10 tests in 358.497s
+Ran 10 tests in 393.754s
 
 OK
-Live test, OpenBGPD 7.5, path hiding, mitigation off, IPv4: setting instances up...
-Live test, OpenBGPD 7.5, path hiding, mitigation off, IPv4: instances setup ... ok
-Live test, OpenBGPD 7.5, path hiding, mitigation off, IPv4: sessions are up ... ok
-Live test, OpenBGPD 7.5, path hiding, mitigation off, IPv4: rs should receive prefix from both AS1 and AS2 ... ok
-Live test, OpenBGPD 7.5, path hiding, mitigation off, IPv4: rs should have best toward AS1 ... ok
-Live test, OpenBGPD 7.5, path hiding, mitigation off, IPv4: AS1 wants rs to not announce to AS3 and AS4 ... ok
-Live test, OpenBGPD 7.5, path hiding, mitigation off, IPv4: AS3 does not receive prefix at all ... ok
-Live test, OpenBGPD 7.5, path hiding, mitigation off, IPv4: AS4 receives the prefix via AS2 because of ADD-PATH ... ok
-Live test, OpenBGPD 7.5, path hiding, mitigation off, IPv4: reconfigure ... ok
-Live test, OpenBGPD 7.5, path hiding, mitigation off, IPv4: log contains errors ... ok
-Live test, OpenBGPD 7.5, path hiding, mitigation off, IPv4: dumping rs config...
-Live test, OpenBGPD 7.5, path hiding, mitigation off, IPv4: dumping routes...
-Live test, OpenBGPD 7.5, path hiding, mitigation off, IPv4: stopping instances...
-Live test, OpenBGPD 7.5, path hiding, mitigation on, IPv4: setting instances up...
-Live test, OpenBGPD 7.5, path hiding, mitigation on, IPv4: instances setup ... ok
-Live test, OpenBGPD 7.5, path hiding, mitigation on, IPv4: sessions are up ... ok
-Live test, OpenBGPD 7.5, path hiding, mitigation on, IPv4: rs should receive prefix from both AS1 and AS2 ... ok
-Live test, OpenBGPD 7.5, path hiding, mitigation on, IPv4: rs should have best toward AS1 ... ok
-Live test, OpenBGPD 7.5, path hiding, mitigation on, IPv4: AS1 wants rs to not announce to AS3 and AS4 ... ok
-Live test, OpenBGPD 7.5, path hiding, mitigation on, IPv4: AS3 and AS4 receive prefix with sub-optimal path via AS2 ... ok
-Live test, OpenBGPD 7.5, path hiding, mitigation on, IPv4: AS3 and AS4 don't receive prefix via AS1 ... ok
-Live test, OpenBGPD 7.5, path hiding, mitigation on, IPv4: 2nd best is withdrawn and AS3 should not see it anymore ... ok
-Live test, OpenBGPD 7.5, path hiding, mitigation on, IPv4: reconfigure ... ok
-Live test, OpenBGPD 7.5, path hiding, mitigation on, IPv4: log contains errors ... ok
-Live test, OpenBGPD 7.5, path hiding, mitigation on, IPv4: dumping rs config...
-Live test, OpenBGPD 7.5, path hiding, mitigation on, IPv4: dumping routes...
-Live test, OpenBGPD 7.5, path hiding, mitigation on, IPv4: stopping instances...
-Live test, OpenBGPD 7.5, path hiding, mitigation off, IPv6: setting instances up...
-Live test, OpenBGPD 7.5, path hiding, mitigation off, IPv6: instances setup ... ok
-Live test, OpenBGPD 7.5, path hiding, mitigation off, IPv6: sessions are up ... ok
-Live test, OpenBGPD 7.5, path hiding, mitigation off, IPv6: rs should receive prefix from both AS1 and AS2 ... ok
-Live test, OpenBGPD 7.5, path hiding, mitigation off, IPv6: rs should have best toward AS1 ... ok
-Live test, OpenBGPD 7.5, path hiding, mitigation off, IPv6: AS1 wants rs to not announce to AS3 and AS4 ... ok
-Live test, OpenBGPD 7.5, path hiding, mitigation off, IPv6: AS3 does not receive prefix at all ... ok
-Live test, OpenBGPD 7.5, path hiding, mitigation off, IPv6: AS4 receives the prefix via AS2 because of ADD-PATH ... ok
-Live test, OpenBGPD 7.5, path hiding, mitigation off, IPv6: reconfigure ... ok
-Live test, OpenBGPD 7.5, path hiding, mitigation off, IPv6: log contains errors ... ok
-Live test, OpenBGPD 7.5, path hiding, mitigation off, IPv6: dumping rs config...
-Live test, OpenBGPD 7.5, path hiding, mitigation off, IPv6: dumping routes...
-Live test, OpenBGPD 7.5, path hiding, mitigation off, IPv6: stopping instances...
-Live test, OpenBGPD 7.5, path hiding, mitigation on, IPv6: setting instances up...
-Live test, OpenBGPD 7.5, path hiding, mitigation on, IPv6: instances setup ... ok
-Live test, OpenBGPD 7.5, path hiding, mitigation on, IPv6: sessions are up ... ok
-Live test, OpenBGPD 7.5, path hiding, mitigation on, IPv6: rs should receive prefix from both AS1 and AS2 ... ok
-Live test, OpenBGPD 7.5, path hiding, mitigation on, IPv6: rs should have best toward AS1 ... ok
-Live test, OpenBGPD 7.5, path hiding, mitigation on, IPv6: AS1 wants rs to not announce to AS3 and AS4 ... ok
-Live test, OpenBGPD 7.5, path hiding, mitigation on, IPv6: AS3 and AS4 receive prefix with sub-optimal path via AS2 ... ok
-Live test, OpenBGPD 7.5, path hiding, mitigation on, IPv6: AS3 and AS4 don't receive prefix via AS1 ... ok
-Live test, OpenBGPD 7.5, path hiding, mitigation on, IPv6: 2nd best is withdrawn and AS3 should not see it anymore ... ok
-Live test, OpenBGPD 7.5, path hiding, mitigation on, IPv6: reconfigure ... ok
-Live test, OpenBGPD 7.5, path hiding, mitigation on, IPv6: log contains errors ... ok
-Live test, OpenBGPD 7.5, path hiding, mitigation on, IPv6: dumping rs config...
-Live test, OpenBGPD 7.5, path hiding, mitigation on, IPv6: dumping routes...
-Live test, OpenBGPD 7.5, path hiding, mitigation on, IPv6: stopping instances...
+Live test, OpenBGPD 7.7, path hiding, mitigation off, IPv4: setting instances up...
+Live test, OpenBGPD 7.7, path hiding, mitigation off, IPv4: instances setup ... ok
+Live test, OpenBGPD 7.7, path hiding, mitigation off, IPv4: sessions are up ... ok
+Live test, OpenBGPD 7.7, path hiding, mitigation off, IPv4: rs should receive prefix from both AS1 and AS2 ... ok
+Live test, OpenBGPD 7.7, path hiding, mitigation off, IPv4: rs should have best toward AS1 ... ok
+Live test, OpenBGPD 7.7, path hiding, mitigation off, IPv4: AS1 wants rs to not announce to AS3 and AS4 ... ok
+Live test, OpenBGPD 7.7, path hiding, mitigation off, IPv4: AS3 does not receive prefix at all ... ok
+Live test, OpenBGPD 7.7, path hiding, mitigation off, IPv4: AS4 receives the prefix via AS2 because of ADD-PATH ... ok
+Live test, OpenBGPD 7.7, path hiding, mitigation off, IPv4: reconfigure ... ok
+Live test, OpenBGPD 7.7, path hiding, mitigation off, IPv4: log contains errors ... ok
+Live test, OpenBGPD 7.7, path hiding, mitigation off, IPv4: dumping rs config...
+Live test, OpenBGPD 7.7, path hiding, mitigation off, IPv4: dumping routes...
+Live test, OpenBGPD 7.7, path hiding, mitigation off, IPv4: stopping instances...
+Live test, OpenBGPD 7.7, path hiding, mitigation on, IPv4: setting instances up...
+Live test, OpenBGPD 7.7, path hiding, mitigation on, IPv4: instances setup ... ok
+Live test, OpenBGPD 7.7, path hiding, mitigation on, IPv4: sessions are up ... ok
+Live test, OpenBGPD 7.7, path hiding, mitigation on, IPv4: rs should receive prefix from both AS1 and AS2 ... ok
+Live test, OpenBGPD 7.7, path hiding, mitigation on, IPv4: rs should have best toward AS1 ... ok
+Live test, OpenBGPD 7.7, path hiding, mitigation on, IPv4: AS1 wants rs to not announce to AS3 and AS4 ... ok
+Live test, OpenBGPD 7.7, path hiding, mitigation on, IPv4: AS3 and AS4 receive prefix with sub-optimal path via AS2 ... ok
+Live test, OpenBGPD 7.7, path hiding, mitigation on, IPv4: AS3 and AS4 don't receive prefix via AS1 ... ok
+Live test, OpenBGPD 7.7, path hiding, mitigation on, IPv4: 2nd best is withdrawn and AS3 should not see it anymore ... ok
+Live test, OpenBGPD 7.7, path hiding, mitigation on, IPv4: reconfigure ... ok
+Live test, OpenBGPD 7.7, path hiding, mitigation on, IPv4: log contains errors ... ok
+Live test, OpenBGPD 7.7, path hiding, mitigation on, IPv4: dumping rs config...
+Live test, OpenBGPD 7.7, path hiding, mitigation on, IPv4: dumping routes...
+Live test, OpenBGPD 7.7, path hiding, mitigation on, IPv4: stopping instances...
+Live test, OpenBGPD 7.7, path hiding, mitigation off, IPv6: setting instances up...
+Live test, OpenBGPD 7.7, path hiding, mitigation off, IPv6: instances setup ... ok
+Live test, OpenBGPD 7.7, path hiding, mitigation off, IPv6: sessions are up ... ok
+Live test, OpenBGPD 7.7, path hiding, mitigation off, IPv6: rs should receive prefix from both AS1 and AS2 ... ok
+Live test, OpenBGPD 7.7, path hiding, mitigation off, IPv6: rs should have best toward AS1 ... ok
+Live test, OpenBGPD 7.7, path hiding, mitigation off, IPv6: AS1 wants rs to not announce to AS3 and AS4 ... ok
+Live test, OpenBGPD 7.7, path hiding, mitigation off, IPv6: AS3 does not receive prefix at all ... ok
+Live test, OpenBGPD 7.7, path hiding, mitigation off, IPv6: AS4 receives the prefix via AS2 because of ADD-PATH ... ok
+Live test, OpenBGPD 7.7, path hiding, mitigation off, IPv6: reconfigure ... ok
+Live test, OpenBGPD 7.7, path hiding, mitigation off, IPv6: log contains errors ... ok
+Live test, OpenBGPD 7.7, path hiding, mitigation off, IPv6: dumping rs config...
+Live test, OpenBGPD 7.7, path hiding, mitigation off, IPv6: dumping routes...
+Live test, OpenBGPD 7.7, path hiding, mitigation off, IPv6: stopping instances...
+Live test, OpenBGPD 7.7, path hiding, mitigation on, IPv6: setting instances up...
+Live test, OpenBGPD 7.7, path hiding, mitigation on, IPv6: instances setup ... ok
+Live test, OpenBGPD 7.7, path hiding, mitigation on, IPv6: sessions are up ... ok
+Live test, OpenBGPD 7.7, path hiding, mitigation on, IPv6: rs should receive prefix from both AS1 and AS2 ... ok
+Live test, OpenBGPD 7.7, path hiding, mitigation on, IPv6: rs should have best toward AS1 ... ok
+Live test, OpenBGPD 7.7, path hiding, mitigation on, IPv6: AS1 wants rs to not announce to AS3 and AS4 ... ok
+Live test, OpenBGPD 7.7, path hiding, mitigation on, IPv6: AS3 and AS4 receive prefix with sub-optimal path via AS2 ... ok
+Live test, OpenBGPD 7.7, path hiding, mitigation on, IPv6: AS3 and AS4 don't receive prefix via AS1 ... ok
+Live test, OpenBGPD 7.7, path hiding, mitigation on, IPv6: 2nd best is withdrawn and AS3 should not see it anymore ... ok
+Live test, OpenBGPD 7.7, path hiding, mitigation on, IPv6: reconfigure ... ok
+Live test, OpenBGPD 7.7, path hiding, mitigation on, IPv6: log contains errors ... ok
+Live test, OpenBGPD 7.7, path hiding, mitigation on, IPv6: dumping rs config...
+Live test, OpenBGPD 7.7, path hiding, mitigation on, IPv6: dumping routes...
+Live test, OpenBGPD 7.7, path hiding, mitigation on, IPv6: stopping instances...
 
 ----------------------------------------------------------------------
-Ran 38 tests in 192.492s
+Ran 38 tests in 197.166s
 
 OK
-Live test, OpenBGPD 7.5, examples, rich config, IPv4: setting instances up...
-Live test, OpenBGPD 7.5, examples, rich config, IPv4: instances setup ... ok
-Live test, OpenBGPD 7.5, examples, rich config, IPv4: log contains errors ... ok
-Live test, OpenBGPD 7.5, examples, rich config, IPv4: dumping rs config...
-Live test, OpenBGPD 7.5, examples, rich config, IPv4: dumping routes...
-Live test, OpenBGPD 7.5, examples, rich config, IPv4: stopping instances...
-Live test, OpenBGPD 7.5, examples, rich config, IPv6: setting instances up...
-Live test, OpenBGPD 7.5, examples, rich config, IPv6: instances setup ... ok
-Live test, OpenBGPD 7.5, examples, rich config, IPv6: log contains errors ... ok
-Live test, OpenBGPD 7.5, examples, rich config, IPv6: dumping rs config...
-Live test, OpenBGPD 7.5, examples, rich config, IPv6: dumping routes...
-Live test, OpenBGPD 7.5, examples, rich config, IPv6: stopping instances...
+Live test, OpenBGPD 7.7, examples, rich config, IPv4: setting instances up...
+Live test, OpenBGPD 7.7, examples, rich config, IPv4: instances setup ... ok
+Live test, OpenBGPD 7.7, examples, rich config, IPv4: log contains errors ... ok
+Live test, OpenBGPD 7.7, examples, rich config, IPv4: dumping rs config...
+Live test, OpenBGPD 7.7, examples, rich config, IPv4: dumping routes...
+Live test, OpenBGPD 7.7, examples, rich config, IPv4: stopping instances...
+Live test, OpenBGPD 7.7, examples, rich config, IPv6: setting instances up...
+Live test, OpenBGPD 7.7, examples, rich config, IPv6: instances setup ... ok
+Live test, OpenBGPD 7.7, examples, rich config, IPv6: log contains errors ... ok
+Live test, OpenBGPD 7.7, examples, rich config, IPv6: dumping rs config...
+Live test, OpenBGPD 7.7, examples, rich config, IPv6: dumping routes...
+Live test, OpenBGPD 7.7, examples, rich config, IPv6: stopping instances...
 
 ----------------------------------------------------------------------
-Ran 4 tests in 22.056s
+Ran 4 tests in 17.642s
 
 OK
-Live test, OpenBGPD 7.5, RTR protocol: setting instances up...
-Live test, OpenBGPD 7.5, RTR protocol: instances setup ... ok
-Live test, OpenBGPD 7.5, RTR protocol: sessions are up ... ok
-Live test, OpenBGPD 7.5, RTR protocol: route accepted because validator not running ... ok
-Live test, OpenBGPD 7.5, RTR protocol: spin up the validator ... ok
-Live test, OpenBGPD 7.5, RTR protocol: restart OpenBGPD to speed up RTR session establishment ... ok
-Live test, OpenBGPD 7.5, RTR protocol: check the RTR session is up ... ok
-Live test, OpenBGPD 7.5, RTR protocol: route dropped after spinning the validator up ... ok
-Live test, OpenBGPD 7.5, RTR protocol: log contains errors ... ok
-Live test, OpenBGPD 7.5, RTR protocol: dumping rs config...
-Live test, OpenBGPD 7.5, RTR protocol: dumping routes...
-Live test, OpenBGPD 7.5, RTR protocol: stopping instances...
+Live test, OpenBGPD 7.7, RTR protocol: setting instances up...
+Live test, OpenBGPD 7.7, RTR protocol: instances setup ... ok
+Live test, OpenBGPD 7.7, RTR protocol: sessions are up ... ok
+Live test, OpenBGPD 7.7, RTR protocol: route accepted because validator not running ... ok
+Live test, OpenBGPD 7.7, RTR protocol: spin up the validator ... ok
+Live test, OpenBGPD 7.7, RTR protocol: restart OpenBGPD to speed up RTR session establishment ... ok
+Live test, OpenBGPD 7.7, RTR protocol: check the RTR session is up ... ok
+Live test, OpenBGPD 7.7, RTR protocol: route dropped after spinning the validator up ... ok
+Live test, OpenBGPD 7.7, RTR protocol: log contains errors ... ok
+Live test, OpenBGPD 7.7, RTR protocol: dumping rs config...
+Live test, OpenBGPD 7.7, RTR protocol: dumping routes...
+Live test, OpenBGPD 7.7, RTR protocol: stopping instances...
 
 ----------------------------------------------------------------------
-Ran 8 tests in 43.032s
+Ran 8 tests in 44.083s
 
 OK
-Live test, OpenBGPD 7.5, tag prefix/origin in AS-SET, IPv4: setting instances up...
-Live test, OpenBGPD 7.5, tag prefix/origin in AS-SET, IPv4: instances setup ... ok
-Live test, OpenBGPD 7.5, tag prefix/origin in AS-SET, IPv4: sessions are up ... ok
-Live test, OpenBGPD 7.5, tag prefix/origin in AS-SET, IPv4: AS2 prefix ko origin ko ... ok
-Live test, OpenBGPD 7.5, tag prefix/origin in AS-SET, IPv4: AS2 prefix ko origin ok ... ok
-Live test, OpenBGPD 7.5, tag prefix/origin in AS-SET, IPv4: AS2 prefix ok origin ko ... ok
-Live test, OpenBGPD 7.5, tag prefix/origin in AS-SET, IPv4: AS2 prefix ok origin ok ... ok
-Live test, OpenBGPD 7.5, tag prefix/origin in AS-SET, IPv4: AS4 route filtered (origin ko) ... ok
-Live test, OpenBGPD 7.5, tag prefix/origin in AS-SET, IPv4: AS4 prefix ko origin ok ... ok
-Live test, OpenBGPD 7.5, tag prefix/origin in AS-SET, IPv4: AS4 prefix ok origin ok ... ok
-Live test, OpenBGPD 7.5, tag prefix/origin in AS-SET, IPv4: AS4 route filtered (prefix ko, origin ko) ... ok
-Live test, OpenBGPD 7.5, tag prefix/origin in AS-SET, IPv4: AS5 route filtered (prefix ko, origin ko) ... ok
-Live test, OpenBGPD 7.5, tag prefix/origin in AS-SET, IPv4: AS5 route filtered (prefix ko) ... ok
-Live test, OpenBGPD 7.5, tag prefix/origin in AS-SET, IPv4: AS5 prefix ok origin ko ... ok
-Live test, OpenBGPD 7.5, tag prefix/origin in AS-SET, IPv4: AS5 prefix ok origin ok ... ok
-Live test, OpenBGPD 7.5, tag prefix/origin in AS-SET, IPv4: AS2 white list, prefix ko, origin WL ... ok
-Live test, OpenBGPD 7.5, tag prefix/origin in AS-SET, IPv4: AS2 white list, prefix ok, origin WL ... ok
-Live test, OpenBGPD 7.5, tag prefix/origin in AS-SET, IPv4: AS2 white list, prefix WL, origin ko ... ok
-Live test, OpenBGPD 7.5, tag prefix/origin in AS-SET, IPv4: AS2 white list, prefix WL, origin ok ... ok
-Live test, OpenBGPD 7.5, tag prefix/origin in AS-SET, IPv4: AS2 white list, prefix WL, origin WL ... ok
-Live test, OpenBGPD 7.5, tag prefix/origin in AS-SET, IPv4: AS4 route white list, ok (exact) ... ok
-Live test, OpenBGPD 7.5, tag prefix/origin in AS-SET, IPv4: AS4 route white list, reject (more spec) ... ok
-Live test, OpenBGPD 7.5, tag prefix/origin in AS-SET, IPv4: AS4 route white list, ok (more spec) ... ok
-Live test, OpenBGPD 7.5, tag prefix/origin in AS-SET, IPv4: AS4 route white list, reject (origin KO) ... ok
-Live test, OpenBGPD 7.5, tag prefix/origin in AS-SET, IPv4: AS4 route white list, ok (origin any) ... ok
-Live test, OpenBGPD 7.5, tag prefix/origin in AS-SET, IPv4: AS4 white list, prefix ko, origin WL ... ok
-Live test, OpenBGPD 7.5, tag prefix/origin in AS-SET, IPv4: AS4 white list, prefix ok, origin WL ... ok
-Live test, OpenBGPD 7.5, tag prefix/origin in AS-SET, IPv4: AS4 white list, prefix WL, origin ko ... ok
-Live test, OpenBGPD 7.5, tag prefix/origin in AS-SET, IPv4: AS4 white list, prefix WL, origin ok ... ok
-Live test, OpenBGPD 7.5, tag prefix/origin in AS-SET, IPv4: AS4 white list, prefix WL, origin WL ... ok
-Live test, OpenBGPD 7.5, tag prefix/origin in AS-SET, IPv4: AS5 white list, prefix ko, origin WL ... ok
-Live test, OpenBGPD 7.5, tag prefix/origin in AS-SET, IPv4: AS5 white list, prefix ok, origin WL ... ok
-Live test, OpenBGPD 7.5, tag prefix/origin in AS-SET, IPv4: AS5 white list, prefix WL, origin ko ... ok
-Live test, OpenBGPD 7.5, tag prefix/origin in AS-SET, IPv4: AS5 white list, prefix WL, origin ok ... ok
-Live test, OpenBGPD 7.5, tag prefix/origin in AS-SET, IPv4: AS5 white list, prefix WL, origin WL ... ok
-Live test, OpenBGPD 7.5, tag prefix/origin in AS-SET, IPv4: AS2 RPKI ROAs as route objects: tag only (w/ prefix_validated_via_rpki_roas) ... ok
-Live test, OpenBGPD 7.5, tag prefix/origin in AS-SET, IPv4: AS6 RPKI ROAs as route objects: invalid origin ASN ... ok
-Live test, OpenBGPD 7.5, tag prefix/origin in AS-SET, IPv4: AS6 RPKI ROAs as route objects: ok ... ok
-Live test, OpenBGPD 7.5, tag prefix/origin in AS-SET, IPv4: AS2 ARIN Whois DB: tag only (w/ prefix_validated_via_arin_whois_db_dump) ... ok
-Live test, OpenBGPD 7.5, tag prefix/origin in AS-SET, IPv4: AS6 ARIN Whois DB: ok ... ok
-Live test, OpenBGPD 7.5, tag prefix/origin in AS-SET, IPv4: AS2 prefix ok, origin ok, ARIN: tag only (w/ prefix_validated_via_arin_whois_db_dump) ... ok
-Live test, OpenBGPD 7.5, tag prefix/origin in AS-SET, IPv4: AS2 prefix ok, origin ok, ROA: tag only (w/ prefix_validated_via_rpki_roas) ... ok
-Live test, OpenBGPD 7.5, tag prefix/origin in AS-SET, IPv4: AS2 ROA + ARIN Whois DB: tag only (w/ comms [arin_whois_db_dump, rpki_roas]) ... ok
-Live test, OpenBGPD 7.5, tag prefix/origin in AS-SET, IPv4: AS6 prefix ok, origin ok, ROA + ARIN: enforce (w/ comms [arin_whois_db_dump, rpki_roas]) ... ok
-Live test, OpenBGPD 7.5, tag prefix/origin in AS-SET, IPv4: AS6 ROA + ARIN Whois DB: enforce (w/ comms [arin_whois_db_dump, rpki_roas]) ... ok
-Live test, OpenBGPD 7.5, tag prefix/origin in AS-SET, IPv4: reconfigure ... ok
-Live test, OpenBGPD 7.5, tag prefix/origin in AS-SET, IPv4: log contains errors ... ok
-Live test, OpenBGPD 7.5, tag prefix/origin in AS-SET, IPv4: dumping rs config...
-Live test, OpenBGPD 7.5, tag prefix/origin in AS-SET, IPv4: dumping routes...
-Live test, OpenBGPD 7.5, tag prefix/origin in AS-SET, IPv4: stopping instances...
-Live test, OpenBGPD 7.5, tag prefix/origin empty AS-SET, IPv4: setting instances up...
-Live test, OpenBGPD 7.5, tag prefix/origin empty AS-SET, IPv4: instances setup ... ok
-Live test, OpenBGPD 7.5, tag prefix/origin empty AS-SET, IPv4: sessions are up ... ok
-Live test, OpenBGPD 7.5, tag prefix/origin empty AS-SET, IPv4: AS2 no enforcement, prefix and origin not in AS-SET ... ok
-Live test, OpenBGPD 7.5, tag prefix/origin empty AS-SET, IPv4: AS4 origin enforcement ... ok
-Live test, OpenBGPD 7.5, tag prefix/origin empty AS-SET, IPv4: AS4 prefix enforcement ... ok
-Live test, OpenBGPD 7.5, tag prefix/origin empty AS-SET, IPv4: AS2 white list, prefix ko, origin WL ... ok
-Live test, OpenBGPD 7.5, tag prefix/origin empty AS-SET, IPv4: AS2 white list, prefix ok, origin WL ... ok
-Live test, OpenBGPD 7.5, tag prefix/origin empty AS-SET, IPv4: AS2 white list, prefix WL, origin ko ... ok
-Live test, OpenBGPD 7.5, tag prefix/origin empty AS-SET, IPv4: AS2 white list, prefix WL, origin ok ... ok
-Live test, OpenBGPD 7.5, tag prefix/origin empty AS-SET, IPv4: AS2 white list, prefix WL, origin WL ... ok
-Live test, OpenBGPD 7.5, tag prefix/origin empty AS-SET, IPv4: AS4 route white list, ok (exact) ... ok
-Live test, OpenBGPD 7.5, tag prefix/origin empty AS-SET, IPv4: AS4 route white list, reject (more spec) ... ok
-Live test, OpenBGPD 7.5, tag prefix/origin empty AS-SET, IPv4: AS4 route white list, ok (more spec) ... ok
-Live test, OpenBGPD 7.5, tag prefix/origin empty AS-SET, IPv4: AS4 route white list, reject (origin KO) ... ok
-Live test, OpenBGPD 7.5, tag prefix/origin empty AS-SET, IPv4: AS4 route white list, ok (origin any) ... ok
-Live test, OpenBGPD 7.5, tag prefix/origin empty AS-SET, IPv4: AS4 white list, prefix ko, origin WL ... ok
-Live test, OpenBGPD 7.5, tag prefix/origin empty AS-SET, IPv4: AS4 white list, prefix ok, origin WL ... ok
-Live test, OpenBGPD 7.5, tag prefix/origin empty AS-SET, IPv4: AS4 white list, prefix WL, origin ko ... ok
-Live test, OpenBGPD 7.5, tag prefix/origin empty AS-SET, IPv4: AS4 white list, prefix WL, origin ok ... ok
-Live test, OpenBGPD 7.5, tag prefix/origin empty AS-SET, IPv4: AS4 white list, prefix WL, origin WL ... ok
-Live test, OpenBGPD 7.5, tag prefix/origin empty AS-SET, IPv4: AS5 white list, prefix ko, origin WL ... ok
-Live test, OpenBGPD 7.5, tag prefix/origin empty AS-SET, IPv4: AS5 white list, prefix ok, origin WL ... ok
-Live test, OpenBGPD 7.5, tag prefix/origin empty AS-SET, IPv4: AS5 white list, prefix WL, origin ko ... ok
-Live test, OpenBGPD 7.5, tag prefix/origin empty AS-SET, IPv4: AS5 white list, prefix WL, origin ok ... ok
-Live test, OpenBGPD 7.5, tag prefix/origin empty AS-SET, IPv4: AS5 white list, prefix WL, origin WL ... ok
-Live test, OpenBGPD 7.5, tag prefix/origin empty AS-SET, IPv4: AS2 RPKI ROAs as route objects: tag only (w/o prefix_validated_via_rpki_roas) ... ok
-Live test, OpenBGPD 7.5, tag prefix/origin empty AS-SET, IPv4: AS6 RPKI ROAs as route objects: invalid origin ASN ... ok
-Live test, OpenBGPD 7.5, tag prefix/origin empty AS-SET, IPv4: AS6 RPKI ROAs as route objects: ko ... ok
-Live test, OpenBGPD 7.5, tag prefix/origin empty AS-SET, IPv4: AS2 ARIN Whois DB: tag only (w/o prefix_validated_via_arin_whois_db_dump) ... ok
-Live test, OpenBGPD 7.5, tag prefix/origin empty AS-SET, IPv4: AS6 ARIN Whois DB: ok (solely because of route white list) ... ok
-Live test, OpenBGPD 7.5, tag prefix/origin empty AS-SET, IPv4: AS2 prefix ok, origin ok, ARIN: tag only (w/o prefix_validated_via_arin_whois_db_dump) ... ok
-Live test, OpenBGPD 7.5, tag prefix/origin empty AS-SET, IPv4: AS2 prefix ok, origin ok, ROA: tag only (w/o prefix_validated_via_rpki_roas) ... ok
-Live test, OpenBGPD 7.5, tag prefix/origin empty AS-SET, IPv4: AS2 ROA + ARIN Whois DB: tag only (w/o comms [arin_whois_db_dump, rpki_roas]) ... ok
-Live test, OpenBGPD 7.5, tag prefix/origin empty AS-SET, IPv4: AS6 prefix ok, origin ok, ROA + ARIN: rejected ... ok
-Live test, OpenBGPD 7.5, tag prefix/origin empty AS-SET, IPv4: AS6 ROA + ARIN Whois DB: enforced (rejected) ... ok
-Live test, OpenBGPD 7.5, tag prefix/origin empty AS-SET, IPv4: reconfigure ... ok
-Live test, OpenBGPD 7.5, tag prefix/origin empty AS-SET, IPv4: log contains errors ... ok
-Live test, OpenBGPD 7.5, tag prefix/origin empty AS-SET, IPv4: dumping rs config...
-Live test, OpenBGPD 7.5, tag prefix/origin empty AS-SET, IPv4: dumping routes...
-Live test, OpenBGPD 7.5, tag prefix/origin empty AS-SET, IPv4: stopping instances...
-Live test, OpenBGPD 7.5, tag prefix/origin in AS-SET, IPv6: setting instances up...
-Live test, OpenBGPD 7.5, tag prefix/origin in AS-SET, IPv6: instances setup ... ok
-Live test, OpenBGPD 7.5, tag prefix/origin in AS-SET, IPv6: sessions are up ... ok
-Live test, OpenBGPD 7.5, tag prefix/origin in AS-SET, IPv6: AS2 prefix ko origin ko ... ok
-Live test, OpenBGPD 7.5, tag prefix/origin in AS-SET, IPv6: AS2 prefix ko origin ok ... ok
-Live test, OpenBGPD 7.5, tag prefix/origin in AS-SET, IPv6: AS2 prefix ok origin ko ... ok
-Live test, OpenBGPD 7.5, tag prefix/origin in AS-SET, IPv6: AS2 prefix ok origin ok ... ok
-Live test, OpenBGPD 7.5, tag prefix/origin in AS-SET, IPv6: AS4 route filtered (origin ko) ... ok
-Live test, OpenBGPD 7.5, tag prefix/origin in AS-SET, IPv6: AS4 prefix ko origin ok ... ok
-Live test, OpenBGPD 7.5, tag prefix/origin in AS-SET, IPv6: AS4 prefix ok origin ok ... ok
-Live test, OpenBGPD 7.5, tag prefix/origin in AS-SET, IPv6: AS4 route filtered (prefix ko, origin ko) ... ok
-Live test, OpenBGPD 7.5, tag prefix/origin in AS-SET, IPv6: AS5 route filtered (prefix ko, origin ko) ... ok
-Live test, OpenBGPD 7.5, tag prefix/origin in AS-SET, IPv6: AS5 route filtered (prefix ko) ... ok
-Live test, OpenBGPD 7.5, tag prefix/origin in AS-SET, IPv6: AS5 prefix ok origin ko ... ok
-Live test, OpenBGPD 7.5, tag prefix/origin in AS-SET, IPv6: AS5 prefix ok origin ok ... ok
-Live test, OpenBGPD 7.5, tag prefix/origin in AS-SET, IPv6: AS2 white list, prefix ko, origin WL ... ok
-Live test, OpenBGPD 7.5, tag prefix/origin in AS-SET, IPv6: AS2 white list, prefix ok, origin WL ... ok
-Live test, OpenBGPD 7.5, tag prefix/origin in AS-SET, IPv6: AS2 white list, prefix WL, origin ko ... ok
-Live test, OpenBGPD 7.5, tag prefix/origin in AS-SET, IPv6: AS2 white list, prefix WL, origin ok ... ok
-Live test, OpenBGPD 7.5, tag prefix/origin in AS-SET, IPv6: AS2 white list, prefix WL, origin WL ... ok
-Live test, OpenBGPD 7.5, tag prefix/origin in AS-SET, IPv6: AS4 route white list, ok (exact) ... ok
-Live test, OpenBGPD 7.5, tag prefix/origin in AS-SET, IPv6: AS4 route white list, reject (more spec) ... ok
-Live test, OpenBGPD 7.5, tag prefix/origin in AS-SET, IPv6: AS4 route white list, ok (more spec) ... ok
-Live test, OpenBGPD 7.5, tag prefix/origin in AS-SET, IPv6: AS4 route white list, reject (origin KO) ... ok
-Live test, OpenBGPD 7.5, tag prefix/origin in AS-SET, IPv6: AS4 route white list, ok (origin any) ... ok
-Live test, OpenBGPD 7.5, tag prefix/origin in AS-SET, IPv6: AS4 white list, prefix ko, origin WL ... ok
-Live test, OpenBGPD 7.5, tag prefix/origin in AS-SET, IPv6: AS4 white list, prefix ok, origin WL ... ok
-Live test, OpenBGPD 7.5, tag prefix/origin in AS-SET, IPv6: AS4 white list, prefix WL, origin ko ... ok
-Live test, OpenBGPD 7.5, tag prefix/origin in AS-SET, IPv6: AS4 white list, prefix WL, origin ok ... ok
-Live test, OpenBGPD 7.5, tag prefix/origin in AS-SET, IPv6: AS4 white list, prefix WL, origin WL ... ok
-Live test, OpenBGPD 7.5, tag prefix/origin in AS-SET, IPv6: AS5 white list, prefix ko, origin WL ... ok
-Live test, OpenBGPD 7.5, tag prefix/origin in AS-SET, IPv6: AS5 white list, prefix ok, origin WL ... ok
-Live test, OpenBGPD 7.5, tag prefix/origin in AS-SET, IPv6: AS5 white list, prefix WL, origin ko ... ok
-Live test, OpenBGPD 7.5, tag prefix/origin in AS-SET, IPv6: AS5 white list, prefix WL, origin ok ... ok
-Live test, OpenBGPD 7.5, tag prefix/origin in AS-SET, IPv6: AS5 white list, prefix WL, origin WL ... ok
-Live test, OpenBGPD 7.5, tag prefix/origin in AS-SET, IPv6: AS2 RPKI ROAs as route objects: tag only (w/ prefix_validated_via_rpki_roas) ... ok
-Live test, OpenBGPD 7.5, tag prefix/origin in AS-SET, IPv6: AS6 RPKI ROAs as route objects: invalid origin ASN ... ok
-Live test, OpenBGPD 7.5, tag prefix/origin in AS-SET, IPv6: AS6 RPKI ROAs as route objects: ok ... ok
-Live test, OpenBGPD 7.5, tag prefix/origin in AS-SET, IPv6: AS2 ARIN Whois DB: tag only (w/ prefix_validated_via_arin_whois_db_dump) ... ok
-Live test, OpenBGPD 7.5, tag prefix/origin in AS-SET, IPv6: AS6 ARIN Whois DB: ok ... ok
-Live test, OpenBGPD 7.5, tag prefix/origin in AS-SET, IPv6: AS2 prefix ok, origin ok, ARIN: tag only (w/ prefix_validated_via_arin_whois_db_dump) ... ok
-Live test, OpenBGPD 7.5, tag prefix/origin in AS-SET, IPv6: AS2 prefix ok, origin ok, ROA: tag only (w/ prefix_validated_via_rpki_roas) ... ok
-Live test, OpenBGPD 7.5, tag prefix/origin in AS-SET, IPv6: AS2 ROA + ARIN Whois DB: tag only (w/ comms [arin_whois_db_dump, rpki_roas]) ... ok
-Live test, OpenBGPD 7.5, tag prefix/origin in AS-SET, IPv6: AS6 prefix ok, origin ok, ROA + ARIN: enforce (w/ comms [arin_whois_db_dump, rpki_roas]) ... ok
-Live test, OpenBGPD 7.5, tag prefix/origin in AS-SET, IPv6: AS6 ROA + ARIN Whois DB: enforce (w/ comms [arin_whois_db_dump, rpki_roas]) ... ok
-Live test, OpenBGPD 7.5, tag prefix/origin in AS-SET, IPv6: reconfigure ... ok
-Live test, OpenBGPD 7.5, tag prefix/origin in AS-SET, IPv6: log contains errors ... ok
-Live test, OpenBGPD 7.5, tag prefix/origin in AS-SET, IPv6: dumping rs config...
-Live test, OpenBGPD 7.5, tag prefix/origin in AS-SET, IPv6: dumping routes...
-Live test, OpenBGPD 7.5, tag prefix/origin in AS-SET, IPv6: stopping instances...
-Live test, OpenBGPD 7.5, tag prefix/origin empty AS-SET, IPv6: setting instances up...
-Live test, OpenBGPD 7.5, tag prefix/origin empty AS-SET, IPv6: instances setup ... ok
-Live test, OpenBGPD 7.5, tag prefix/origin empty AS-SET, IPv6: sessions are up ... ok
-Live test, OpenBGPD 7.5, tag prefix/origin empty AS-SET, IPv6: AS2 no enforcement, prefix and origin not in AS-SET ... ok
-Live test, OpenBGPD 7.5, tag prefix/origin empty AS-SET, IPv6: AS4 origin enforcement ... ok
-Live test, OpenBGPD 7.5, tag prefix/origin empty AS-SET, IPv6: AS4 prefix enforcement ... ok
-Live test, OpenBGPD 7.5, tag prefix/origin empty AS-SET, IPv6: AS2 white list, prefix ko, origin WL ... ok
-Live test, OpenBGPD 7.5, tag prefix/origin empty AS-SET, IPv6: AS2 white list, prefix ok, origin WL ... ok
-Live test, OpenBGPD 7.5, tag prefix/origin empty AS-SET, IPv6: AS2 white list, prefix WL, origin ko ... ok
-Live test, OpenBGPD 7.5, tag prefix/origin empty AS-SET, IPv6: AS2 white list, prefix WL, origin ok ... ok
-Live test, OpenBGPD 7.5, tag prefix/origin empty AS-SET, IPv6: AS2 white list, prefix WL, origin WL ... ok
-Live test, OpenBGPD 7.5, tag prefix/origin empty AS-SET, IPv6: AS4 route white list, ok (exact) ... ok
-Live test, OpenBGPD 7.5, tag prefix/origin empty AS-SET, IPv6: AS4 route white list, reject (more spec) ... ok
-Live test, OpenBGPD 7.5, tag prefix/origin empty AS-SET, IPv6: AS4 route white list, ok (more spec) ... ok
-Live test, OpenBGPD 7.5, tag prefix/origin empty AS-SET, IPv6: AS4 route white list, reject (origin KO) ... ok
-Live test, OpenBGPD 7.5, tag prefix/origin empty AS-SET, IPv6: AS4 route white list, ok (origin any) ... ok
-Live test, OpenBGPD 7.5, tag prefix/origin empty AS-SET, IPv6: AS4 white list, prefix ko, origin WL ... ok
-Live test, OpenBGPD 7.5, tag prefix/origin empty AS-SET, IPv6: AS4 white list, prefix ok, origin WL ... ok
-Live test, OpenBGPD 7.5, tag prefix/origin empty AS-SET, IPv6: AS4 white list, prefix WL, origin ko ... ok
-Live test, OpenBGPD 7.5, tag prefix/origin empty AS-SET, IPv6: AS4 white list, prefix WL, origin ok ... ok
-Live test, OpenBGPD 7.5, tag prefix/origin empty AS-SET, IPv6: AS4 white list, prefix WL, origin WL ... ok
-Live test, OpenBGPD 7.5, tag prefix/origin empty AS-SET, IPv6: AS5 white list, prefix ko, origin WL ... ok
-Live test, OpenBGPD 7.5, tag prefix/origin empty AS-SET, IPv6: AS5 white list, prefix ok, origin WL ... ok
-Live test, OpenBGPD 7.5, tag prefix/origin empty AS-SET, IPv6: AS5 white list, prefix WL, origin ko ... ok
-Live test, OpenBGPD 7.5, tag prefix/origin empty AS-SET, IPv6: AS5 white list, prefix WL, origin ok ... ok
-Live test, OpenBGPD 7.5, tag prefix/origin empty AS-SET, IPv6: AS5 white list, prefix WL, origin WL ... ok
-Live test, OpenBGPD 7.5, tag prefix/origin empty AS-SET, IPv6: AS2 RPKI ROAs as route objects: tag only (w/o prefix_validated_via_rpki_roas) ... ok
-Live test, OpenBGPD 7.5, tag prefix/origin empty AS-SET, IPv6: AS6 RPKI ROAs as route objects: invalid origin ASN ... ok
-Live test, OpenBGPD 7.5, tag prefix/origin empty AS-SET, IPv6: AS6 RPKI ROAs as route objects: ko ... ok
-Live test, OpenBGPD 7.5, tag prefix/origin empty AS-SET, IPv6: AS2 ARIN Whois DB: tag only (w/o prefix_validated_via_arin_whois_db_dump) ... ok
-Live test, OpenBGPD 7.5, tag prefix/origin empty AS-SET, IPv6: AS6 ARIN Whois DB: ok (solely because of route white list) ... ok
-Live test, OpenBGPD 7.5, tag prefix/origin empty AS-SET, IPv6: AS2 prefix ok, origin ok, ARIN: tag only (w/o prefix_validated_via_arin_whois_db_dump) ... ok
-Live test, OpenBGPD 7.5, tag prefix/origin empty AS-SET, IPv6: AS2 prefix ok, origin ok, ROA: tag only (w/o prefix_validated_via_rpki_roas) ... ok
-Live test, OpenBGPD 7.5, tag prefix/origin empty AS-SET, IPv6: AS2 ROA + ARIN Whois DB: tag only (w/o comms [arin_whois_db_dump, rpki_roas]) ... ok
-Live test, OpenBGPD 7.5, tag prefix/origin empty AS-SET, IPv6: AS6 prefix ok, origin ok, ROA + ARIN: rejected ... ok
-Live test, OpenBGPD 7.5, tag prefix/origin empty AS-SET, IPv6: AS6 ROA + ARIN Whois DB: enforced (rejected) ... ok
-Live test, OpenBGPD 7.5, tag prefix/origin empty AS-SET, IPv6: reconfigure ... ok
-Live test, OpenBGPD 7.5, tag prefix/origin empty AS-SET, IPv6: log contains errors ... ok
-Live test, OpenBGPD 7.5, tag prefix/origin empty AS-SET, IPv6: dumping rs config...
-Live test, OpenBGPD 7.5, tag prefix/origin empty AS-SET, IPv6: dumping routes...
-Live test, OpenBGPD 7.5, tag prefix/origin empty AS-SET, IPv6: stopping instances...
+Live test, OpenBGPD 7.7, tag prefix/origin in AS-SET, IPv4: setting instances up...
+Live test, OpenBGPD 7.7, tag prefix/origin in AS-SET, IPv4: instances setup ... ok
+Live test, OpenBGPD 7.7, tag prefix/origin in AS-SET, IPv4: sessions are up ... ok
+Live test, OpenBGPD 7.7, tag prefix/origin in AS-SET, IPv4: AS2 prefix ko origin ko ... ok
+Live test, OpenBGPD 7.7, tag prefix/origin in AS-SET, IPv4: AS2 prefix ko origin ok ... ok
+Live test, OpenBGPD 7.7, tag prefix/origin in AS-SET, IPv4: AS2 prefix ok origin ko ... ok
+Live test, OpenBGPD 7.7, tag prefix/origin in AS-SET, IPv4: AS2 prefix ok origin ok ... ok
+Live test, OpenBGPD 7.7, tag prefix/origin in AS-SET, IPv4: AS4 route filtered (origin ko) ... ok
+Live test, OpenBGPD 7.7, tag prefix/origin in AS-SET, IPv4: AS4 prefix ko origin ok ... ok
+Live test, OpenBGPD 7.7, tag prefix/origin in AS-SET, IPv4: AS4 prefix ok origin ok ... ok
+Live test, OpenBGPD 7.7, tag prefix/origin in AS-SET, IPv4: AS4 route filtered (prefix ko, origin ko) ... ok
+Live test, OpenBGPD 7.7, tag prefix/origin in AS-SET, IPv4: AS5 route filtered (prefix ko, origin ko) ... ok
+Live test, OpenBGPD 7.7, tag prefix/origin in AS-SET, IPv4: AS5 route filtered (prefix ko) ... ok
+Live test, OpenBGPD 7.7, tag prefix/origin in AS-SET, IPv4: AS5 prefix ok origin ko ... ok
+Live test, OpenBGPD 7.7, tag prefix/origin in AS-SET, IPv4: AS5 prefix ok origin ok ... ok
+Live test, OpenBGPD 7.7, tag prefix/origin in AS-SET, IPv4: AS2 white list, prefix ko, origin WL ... ok
+Live test, OpenBGPD 7.7, tag prefix/origin in AS-SET, IPv4: AS2 white list, prefix ok, origin WL ... ok
+Live test, OpenBGPD 7.7, tag prefix/origin in AS-SET, IPv4: AS2 white list, prefix WL, origin ko ... ok
+Live test, OpenBGPD 7.7, tag prefix/origin in AS-SET, IPv4: AS2 white list, prefix WL, origin ok ... ok
+Live test, OpenBGPD 7.7, tag prefix/origin in AS-SET, IPv4: AS2 white list, prefix WL, origin WL ... ok
+Live test, OpenBGPD 7.7, tag prefix/origin in AS-SET, IPv4: AS4 route white list, ok (exact) ... ok
+Live test, OpenBGPD 7.7, tag prefix/origin in AS-SET, IPv4: AS4 route white list, reject (more spec) ... ok
+Live test, OpenBGPD 7.7, tag prefix/origin in AS-SET, IPv4: AS4 route white list, ok (more spec) ... ok
+Live test, OpenBGPD 7.7, tag prefix/origin in AS-SET, IPv4: AS4 route white list, reject (origin KO) ... ok
+Live test, OpenBGPD 7.7, tag prefix/origin in AS-SET, IPv4: AS4 route white list, ok (origin any) ... ok
+Live test, OpenBGPD 7.7, tag prefix/origin in AS-SET, IPv4: AS4 white list, prefix ko, origin WL ... ok
+Live test, OpenBGPD 7.7, tag prefix/origin in AS-SET, IPv4: AS4 white list, prefix ok, origin WL ... ok
+Live test, OpenBGPD 7.7, tag prefix/origin in AS-SET, IPv4: AS4 white list, prefix WL, origin ko ... ok
+Live test, OpenBGPD 7.7, tag prefix/origin in AS-SET, IPv4: AS4 white list, prefix WL, origin ok ... ok
+Live test, OpenBGPD 7.7, tag prefix/origin in AS-SET, IPv4: AS4 white list, prefix WL, origin WL ... ok
+Live test, OpenBGPD 7.7, tag prefix/origin in AS-SET, IPv4: AS5 white list, prefix ko, origin WL ... ok
+Live test, OpenBGPD 7.7, tag prefix/origin in AS-SET, IPv4: AS5 white list, prefix ok, origin WL ... ok
+Live test, OpenBGPD 7.7, tag prefix/origin in AS-SET, IPv4: AS5 white list, prefix WL, origin ko ... ok
+Live test, OpenBGPD 7.7, tag prefix/origin in AS-SET, IPv4: AS5 white list, prefix WL, origin ok ... ok
+Live test, OpenBGPD 7.7, tag prefix/origin in AS-SET, IPv4: AS5 white list, prefix WL, origin WL ... ok
+Live test, OpenBGPD 7.7, tag prefix/origin in AS-SET, IPv4: AS2 RPKI ROAs as route objects: tag only (w/ prefix_validated_via_rpki_roas) ... ok
+Live test, OpenBGPD 7.7, tag prefix/origin in AS-SET, IPv4: AS6 RPKI ROAs as route objects: invalid origin ASN ... ok
+Live test, OpenBGPD 7.7, tag prefix/origin in AS-SET, IPv4: AS6 RPKI ROAs as route objects: ok ... ok
+Live test, OpenBGPD 7.7, tag prefix/origin in AS-SET, IPv4: AS2 ARIN Whois DB: tag only (w/ prefix_validated_via_arin_whois_db_dump) ... ok
+Live test, OpenBGPD 7.7, tag prefix/origin in AS-SET, IPv4: AS6 ARIN Whois DB: ok ... ok
+Live test, OpenBGPD 7.7, tag prefix/origin in AS-SET, IPv4: AS2 prefix ok, origin ok, ARIN: tag only (w/ prefix_validated_via_arin_whois_db_dump) ... ok
+Live test, OpenBGPD 7.7, tag prefix/origin in AS-SET, IPv4: AS2 prefix ok, origin ok, ROA: tag only (w/ prefix_validated_via_rpki_roas) ... ok
+Live test, OpenBGPD 7.7, tag prefix/origin in AS-SET, IPv4: AS2 ROA + ARIN Whois DB: tag only (w/ comms [arin_whois_db_dump, rpki_roas]) ... ok
+Live test, OpenBGPD 7.7, tag prefix/origin in AS-SET, IPv4: AS6 prefix ok, origin ok, ROA + ARIN: enforce (w/ comms [arin_whois_db_dump, rpki_roas]) ... ok
+Live test, OpenBGPD 7.7, tag prefix/origin in AS-SET, IPv4: AS6 ROA + ARIN Whois DB: enforce (w/ comms [arin_whois_db_dump, rpki_roas]) ... ok
+Live test, OpenBGPD 7.7, tag prefix/origin in AS-SET, IPv4: reconfigure ... ok
+Live test, OpenBGPD 7.7, tag prefix/origin in AS-SET, IPv4: log contains errors ... ok
+Live test, OpenBGPD 7.7, tag prefix/origin in AS-SET, IPv4: dumping rs config...
+Live test, OpenBGPD 7.7, tag prefix/origin in AS-SET, IPv4: dumping routes...
+Live test, OpenBGPD 7.7, tag prefix/origin in AS-SET, IPv4: stopping instances...
+Live test, OpenBGPD 7.7, tag prefix/origin empty AS-SET, IPv4: setting instances up...
+Live test, OpenBGPD 7.7, tag prefix/origin empty AS-SET, IPv4: instances setup ... ok
+Live test, OpenBGPD 7.7, tag prefix/origin empty AS-SET, IPv4: sessions are up ... ok
+Live test, OpenBGPD 7.7, tag prefix/origin empty AS-SET, IPv4: AS2 no enforcement, prefix and origin not in AS-SET ... ok
+Live test, OpenBGPD 7.7, tag prefix/origin empty AS-SET, IPv4: AS4 origin enforcement ... ok
+Live test, OpenBGPD 7.7, tag prefix/origin empty AS-SET, IPv4: AS4 prefix enforcement ... ok
+Live test, OpenBGPD 7.7, tag prefix/origin empty AS-SET, IPv4: AS2 white list, prefix ko, origin WL ... ok
+Live test, OpenBGPD 7.7, tag prefix/origin empty AS-SET, IPv4: AS2 white list, prefix ok, origin WL ... ok
+Live test, OpenBGPD 7.7, tag prefix/origin empty AS-SET, IPv4: AS2 white list, prefix WL, origin ko ... ok
+Live test, OpenBGPD 7.7, tag prefix/origin empty AS-SET, IPv4: AS2 white list, prefix WL, origin ok ... ok
+Live test, OpenBGPD 7.7, tag prefix/origin empty AS-SET, IPv4: AS2 white list, prefix WL, origin WL ... ok
+Live test, OpenBGPD 7.7, tag prefix/origin empty AS-SET, IPv4: AS4 route white list, ok (exact) ... ok
+Live test, OpenBGPD 7.7, tag prefix/origin empty AS-SET, IPv4: AS4 route white list, reject (more spec) ... ok
+Live test, OpenBGPD 7.7, tag prefix/origin empty AS-SET, IPv4: AS4 route white list, ok (more spec) ... ok
+Live test, OpenBGPD 7.7, tag prefix/origin empty AS-SET, IPv4: AS4 route white list, reject (origin KO) ... ok
+Live test, OpenBGPD 7.7, tag prefix/origin empty AS-SET, IPv4: AS4 route white list, ok (origin any) ... ok
+Live test, OpenBGPD 7.7, tag prefix/origin empty AS-SET, IPv4: AS4 white list, prefix ko, origin WL ... ok
+Live test, OpenBGPD 7.7, tag prefix/origin empty AS-SET, IPv4: AS4 white list, prefix ok, origin WL ... ok
+Live test, OpenBGPD 7.7, tag prefix/origin empty AS-SET, IPv4: AS4 white list, prefix WL, origin ko ... ok
+Live test, OpenBGPD 7.7, tag prefix/origin empty AS-SET, IPv4: AS4 white list, prefix WL, origin ok ... ok
+Live test, OpenBGPD 7.7, tag prefix/origin empty AS-SET, IPv4: AS4 white list, prefix WL, origin WL ... ok
+Live test, OpenBGPD 7.7, tag prefix/origin empty AS-SET, IPv4: AS5 white list, prefix ko, origin WL ... ok
+Live test, OpenBGPD 7.7, tag prefix/origin empty AS-SET, IPv4: AS5 white list, prefix ok, origin WL ... ok
+Live test, OpenBGPD 7.7, tag prefix/origin empty AS-SET, IPv4: AS5 white list, prefix WL, origin ko ... ok
+Live test, OpenBGPD 7.7, tag prefix/origin empty AS-SET, IPv4: AS5 white list, prefix WL, origin ok ... ok
+Live test, OpenBGPD 7.7, tag prefix/origin empty AS-SET, IPv4: AS5 white list, prefix WL, origin WL ... ok
+Live test, OpenBGPD 7.7, tag prefix/origin empty AS-SET, IPv4: AS2 RPKI ROAs as route objects: tag only (w/o prefix_validated_via_rpki_roas) ... ok
+Live test, OpenBGPD 7.7, tag prefix/origin empty AS-SET, IPv4: AS6 RPKI ROAs as route objects: invalid origin ASN ... ok
+Live test, OpenBGPD 7.7, tag prefix/origin empty AS-SET, IPv4: AS6 RPKI ROAs as route objects: ko ... ok
+Live test, OpenBGPD 7.7, tag prefix/origin empty AS-SET, IPv4: AS2 ARIN Whois DB: tag only (w/o prefix_validated_via_arin_whois_db_dump) ... ok
+Live test, OpenBGPD 7.7, tag prefix/origin empty AS-SET, IPv4: AS6 ARIN Whois DB: ok (solely because of route white list) ... ok
+Live test, OpenBGPD 7.7, tag prefix/origin empty AS-SET, IPv4: AS2 prefix ok, origin ok, ARIN: tag only (w/o prefix_validated_via_arin_whois_db_dump) ... ok
+Live test, OpenBGPD 7.7, tag prefix/origin empty AS-SET, IPv4: AS2 prefix ok, origin ok, ROA: tag only (w/o prefix_validated_via_rpki_roas) ... ok
+Live test, OpenBGPD 7.7, tag prefix/origin empty AS-SET, IPv4: AS2 ROA + ARIN Whois DB: tag only (w/o comms [arin_whois_db_dump, rpki_roas]) ... ok
+Live test, OpenBGPD 7.7, tag prefix/origin empty AS-SET, IPv4: AS6 prefix ok, origin ok, ROA + ARIN: rejected ... ok
+Live test, OpenBGPD 7.7, tag prefix/origin empty AS-SET, IPv4: AS6 ROA + ARIN Whois DB: enforced (rejected) ... ok
+Live test, OpenBGPD 7.7, tag prefix/origin empty AS-SET, IPv4: reconfigure ... ok
+Live test, OpenBGPD 7.7, tag prefix/origin empty AS-SET, IPv4: log contains errors ... ok
+Live test, OpenBGPD 7.7, tag prefix/origin empty AS-SET, IPv4: dumping rs config...
+Live test, OpenBGPD 7.7, tag prefix/origin empty AS-SET, IPv4: dumping routes...
+Live test, OpenBGPD 7.7, tag prefix/origin empty AS-SET, IPv4: stopping instances...
+Live test, OpenBGPD 7.7, tag prefix/origin in AS-SET, IPv6: setting instances up...
+Live test, OpenBGPD 7.7, tag prefix/origin in AS-SET, IPv6: instances setup ... ok
+Live test, OpenBGPD 7.7, tag prefix/origin in AS-SET, IPv6: sessions are up ... ok
+Live test, OpenBGPD 7.7, tag prefix/origin in AS-SET, IPv6: AS2 prefix ko origin ko ... ok
+Live test, OpenBGPD 7.7, tag prefix/origin in AS-SET, IPv6: AS2 prefix ko origin ok ... ok
+Live test, OpenBGPD 7.7, tag prefix/origin in AS-SET, IPv6: AS2 prefix ok origin ko ... ok
+Live test, OpenBGPD 7.7, tag prefix/origin in AS-SET, IPv6: AS2 prefix ok origin ok ... ok
+Live test, OpenBGPD 7.7, tag prefix/origin in AS-SET, IPv6: AS4 route filtered (origin ko) ... ok
+Live test, OpenBGPD 7.7, tag prefix/origin in AS-SET, IPv6: AS4 prefix ko origin ok ... ok
+Live test, OpenBGPD 7.7, tag prefix/origin in AS-SET, IPv6: AS4 prefix ok origin ok ... ok
+Live test, OpenBGPD 7.7, tag prefix/origin in AS-SET, IPv6: AS4 route filtered (prefix ko, origin ko) ... ok
+Live test, OpenBGPD 7.7, tag prefix/origin in AS-SET, IPv6: AS5 route filtered (prefix ko, origin ko) ... ok
+Live test, OpenBGPD 7.7, tag prefix/origin in AS-SET, IPv6: AS5 route filtered (prefix ko) ... ok
+Live test, OpenBGPD 7.7, tag prefix/origin in AS-SET, IPv6: AS5 prefix ok origin ko ... ok
+Live test, OpenBGPD 7.7, tag prefix/origin in AS-SET, IPv6: AS5 prefix ok origin ok ... ok
+Live test, OpenBGPD 7.7, tag prefix/origin in AS-SET, IPv6: AS2 white list, prefix ko, origin WL ... ok
+Live test, OpenBGPD 7.7, tag prefix/origin in AS-SET, IPv6: AS2 white list, prefix ok, origin WL ... ok
+Live test, OpenBGPD 7.7, tag prefix/origin in AS-SET, IPv6: AS2 white list, prefix WL, origin ko ... ok
+Live test, OpenBGPD 7.7, tag prefix/origin in AS-SET, IPv6: AS2 white list, prefix WL, origin ok ... ok
+Live test, OpenBGPD 7.7, tag prefix/origin in AS-SET, IPv6: AS2 white list, prefix WL, origin WL ... ok
+Live test, OpenBGPD 7.7, tag prefix/origin in AS-SET, IPv6: AS4 route white list, ok (exact) ... ok
+Live test, OpenBGPD 7.7, tag prefix/origin in AS-SET, IPv6: AS4 route white list, reject (more spec) ... ok
+Live test, OpenBGPD 7.7, tag prefix/origin in AS-SET, IPv6: AS4 route white list, ok (more spec) ... ok
+Live test, OpenBGPD 7.7, tag prefix/origin in AS-SET, IPv6: AS4 route white list, reject (origin KO) ... ok
+Live test, OpenBGPD 7.7, tag prefix/origin in AS-SET, IPv6: AS4 route white list, ok (origin any) ... ok
+Live test, OpenBGPD 7.7, tag prefix/origin in AS-SET, IPv6: AS4 white list, prefix ko, origin WL ... ok
+Live test, OpenBGPD 7.7, tag prefix/origin in AS-SET, IPv6: AS4 white list, prefix ok, origin WL ... ok
+Live test, OpenBGPD 7.7, tag prefix/origin in AS-SET, IPv6: AS4 white list, prefix WL, origin ko ... ok
+Live test, OpenBGPD 7.7, tag prefix/origin in AS-SET, IPv6: AS4 white list, prefix WL, origin ok ... ok
+Live test, OpenBGPD 7.7, tag prefix/origin in AS-SET, IPv6: AS4 white list, prefix WL, origin WL ... ok
+Live test, OpenBGPD 7.7, tag prefix/origin in AS-SET, IPv6: AS5 white list, prefix ko, origin WL ... ok
+Live test, OpenBGPD 7.7, tag prefix/origin in AS-SET, IPv6: AS5 white list, prefix ok, origin WL ... ok
+Live test, OpenBGPD 7.7, tag prefix/origin in AS-SET, IPv6: AS5 white list, prefix WL, origin ko ... ok
+Live test, OpenBGPD 7.7, tag prefix/origin in AS-SET, IPv6: AS5 white list, prefix WL, origin ok ... ok
+Live test, OpenBGPD 7.7, tag prefix/origin in AS-SET, IPv6: AS5 white list, prefix WL, origin WL ... ok
+Live test, OpenBGPD 7.7, tag prefix/origin in AS-SET, IPv6: AS2 RPKI ROAs as route objects: tag only (w/ prefix_validated_via_rpki_roas) ... ok
+Live test, OpenBGPD 7.7, tag prefix/origin in AS-SET, IPv6: AS6 RPKI ROAs as route objects: invalid origin ASN ... ok
+Live test, OpenBGPD 7.7, tag prefix/origin in AS-SET, IPv6: AS6 RPKI ROAs as route objects: ok ... ok
+Live test, OpenBGPD 7.7, tag prefix/origin in AS-SET, IPv6: AS2 ARIN Whois DB: tag only (w/ prefix_validated_via_arin_whois_db_dump) ... ok
+Live test, OpenBGPD 7.7, tag prefix/origin in AS-SET, IPv6: AS6 ARIN Whois DB: ok ... ok
+Live test, OpenBGPD 7.7, tag prefix/origin in AS-SET, IPv6: AS2 prefix ok, origin ok, ARIN: tag only (w/ prefix_validated_via_arin_whois_db_dump) ... ok
+Live test, OpenBGPD 7.7, tag prefix/origin in AS-SET, IPv6: AS2 prefix ok, origin ok, ROA: tag only (w/ prefix_validated_via_rpki_roas) ... ok
+Live test, OpenBGPD 7.7, tag prefix/origin in AS-SET, IPv6: AS2 ROA + ARIN Whois DB: tag only (w/ comms [arin_whois_db_dump, rpki_roas]) ... ok
+Live test, OpenBGPD 7.7, tag prefix/origin in AS-SET, IPv6: AS6 prefix ok, origin ok, ROA + ARIN: enforce (w/ comms [arin_whois_db_dump, rpki_roas]) ... ok
+Live test, OpenBGPD 7.7, tag prefix/origin in AS-SET, IPv6: AS6 ROA + ARIN Whois DB: enforce (w/ comms [arin_whois_db_dump, rpki_roas]) ... ok
+Live test, OpenBGPD 7.7, tag prefix/origin in AS-SET, IPv6: reconfigure ... ok
+Live test, OpenBGPD 7.7, tag prefix/origin in AS-SET, IPv6: log contains errors ... ok
+Live test, OpenBGPD 7.7, tag prefix/origin in AS-SET, IPv6: dumping rs config...
+Live test, OpenBGPD 7.7, tag prefix/origin in AS-SET, IPv6: dumping routes...
+Live test, OpenBGPD 7.7, tag prefix/origin in AS-SET, IPv6: stopping instances...
+Live test, OpenBGPD 7.7, tag prefix/origin empty AS-SET, IPv6: setting instances up...
+Live test, OpenBGPD 7.7, tag prefix/origin empty AS-SET, IPv6: instances setup ... ok
+Live test, OpenBGPD 7.7, tag prefix/origin empty AS-SET, IPv6: sessions are up ... ok
+Live test, OpenBGPD 7.7, tag prefix/origin empty AS-SET, IPv6: AS2 no enforcement, prefix and origin not in AS-SET ... ok
+Live test, OpenBGPD 7.7, tag prefix/origin empty AS-SET, IPv6: AS4 origin enforcement ... ok
+Live test, OpenBGPD 7.7, tag prefix/origin empty AS-SET, IPv6: AS4 prefix enforcement ... ok
+Live test, OpenBGPD 7.7, tag prefix/origin empty AS-SET, IPv6: AS2 white list, prefix ko, origin WL ... ok
+Live test, OpenBGPD 7.7, tag prefix/origin empty AS-SET, IPv6: AS2 white list, prefix ok, origin WL ... ok
+Live test, OpenBGPD 7.7, tag prefix/origin empty AS-SET, IPv6: AS2 white list, prefix WL, origin ko ... ok
+Live test, OpenBGPD 7.7, tag prefix/origin empty AS-SET, IPv6: AS2 white list, prefix WL, origin ok ... ok
+Live test, OpenBGPD 7.7, tag prefix/origin empty AS-SET, IPv6: AS2 white list, prefix WL, origin WL ... ok
+Live test, OpenBGPD 7.7, tag prefix/origin empty AS-SET, IPv6: AS4 route white list, ok (exact) ... ok
+Live test, OpenBGPD 7.7, tag prefix/origin empty AS-SET, IPv6: AS4 route white list, reject (more spec) ... ok
+Live test, OpenBGPD 7.7, tag prefix/origin empty AS-SET, IPv6: AS4 route white list, ok (more spec) ... ok
+Live test, OpenBGPD 7.7, tag prefix/origin empty AS-SET, IPv6: AS4 route white list, reject (origin KO) ... ok
+Live test, OpenBGPD 7.7, tag prefix/origin empty AS-SET, IPv6: AS4 route white list, ok (origin any) ... ok
+Live test, OpenBGPD 7.7, tag prefix/origin empty AS-SET, IPv6: AS4 white list, prefix ko, origin WL ... ok
+Live test, OpenBGPD 7.7, tag prefix/origin empty AS-SET, IPv6: AS4 white list, prefix ok, origin WL ... ok
+Live test, OpenBGPD 7.7, tag prefix/origin empty AS-SET, IPv6: AS4 white list, prefix WL, origin ko ... ok
+Live test, OpenBGPD 7.7, tag prefix/origin empty AS-SET, IPv6: AS4 white list, prefix WL, origin ok ... ok
+Live test, OpenBGPD 7.7, tag prefix/origin empty AS-SET, IPv6: AS4 white list, prefix WL, origin WL ... ok
+Live test, OpenBGPD 7.7, tag prefix/origin empty AS-SET, IPv6: AS5 white list, prefix ko, origin WL ... ok
+Live test, OpenBGPD 7.7, tag prefix/origin empty AS-SET, IPv6: AS5 white list, prefix ok, origin WL ... ok
+Live test, OpenBGPD 7.7, tag prefix/origin empty AS-SET, IPv6: AS5 white list, prefix WL, origin ko ... ok
+Live test, OpenBGPD 7.7, tag prefix/origin empty AS-SET, IPv6: AS5 white list, prefix WL, origin ok ... ok
+Live test, OpenBGPD 7.7, tag prefix/origin empty AS-SET, IPv6: AS5 white list, prefix WL, origin WL ... ok
+Live test, OpenBGPD 7.7, tag prefix/origin empty AS-SET, IPv6: AS2 RPKI ROAs as route objects: tag only (w/o prefix_validated_via_rpki_roas) ... ok
+Live test, OpenBGPD 7.7, tag prefix/origin empty AS-SET, IPv6: AS6 RPKI ROAs as route objects: invalid origin ASN ... ok
+Live test, OpenBGPD 7.7, tag prefix/origin empty AS-SET, IPv6: AS6 RPKI ROAs as route objects: ko ... ok
+Live test, OpenBGPD 7.7, tag prefix/origin empty AS-SET, IPv6: AS2 ARIN Whois DB: tag only (w/o prefix_validated_via_arin_whois_db_dump) ... ok
+Live test, OpenBGPD 7.7, tag prefix/origin empty AS-SET, IPv6: AS6 ARIN Whois DB: ok (solely because of route white list) ... ok
+Live test, OpenBGPD 7.7, tag prefix/origin empty AS-SET, IPv6: AS2 prefix ok, origin ok, ARIN: tag only (w/o prefix_validated_via_arin_whois_db_dump) ... ok
+Live test, OpenBGPD 7.7, tag prefix/origin empty AS-SET, IPv6: AS2 prefix ok, origin ok, ROA: tag only (w/o prefix_validated_via_rpki_roas) ... ok
+Live test, OpenBGPD 7.7, tag prefix/origin empty AS-SET, IPv6: AS2 ROA + ARIN Whois DB: tag only (w/o comms [arin_whois_db_dump, rpki_roas]) ... ok
+Live test, OpenBGPD 7.7, tag prefix/origin empty AS-SET, IPv6: AS6 prefix ok, origin ok, ROA + ARIN: rejected ... ok
+Live test, OpenBGPD 7.7, tag prefix/origin empty AS-SET, IPv6: AS6 ROA + ARIN Whois DB: enforced (rejected) ... ok
+Live test, OpenBGPD 7.7, tag prefix/origin empty AS-SET, IPv6: reconfigure ... ok
+Live test, OpenBGPD 7.7, tag prefix/origin empty AS-SET, IPv6: log contains errors ... ok
+Live test, OpenBGPD 7.7, tag prefix/origin empty AS-SET, IPv6: dumping rs config...
+Live test, OpenBGPD 7.7, tag prefix/origin empty AS-SET, IPv6: dumping routes...
+Live test, OpenBGPD 7.7, tag prefix/origin empty AS-SET, IPv6: stopping instances...
 
 ----------------------------------------------------------------------
-Ran 166 tests in 173.555s
+Ran 166 tests in 181.276s
 
 OK
-Live test, OpenBGPD 7.5, 'tag' reject policy scenario, IPv4: setting instances up...
-Live test, OpenBGPD 7.5, 'tag' reject policy scenario, IPv4: instances setup ... ok
-Live test, OpenBGPD 7.5, 'tag' reject policy scenario, IPv4: sessions are up ... ok
-Live test, OpenBGPD 7.5, 'tag' reject policy scenario, IPv4: AS_PATH too long ... ok
-Live test, OpenBGPD 7.5, 'tag' reject policy scenario, IPv4: bogon prefix ... ok
-Live test, OpenBGPD 7.5, 'tag' reject policy scenario, IPv4: bogon prefix, wrong announcing ASN ... ok
-Live test, OpenBGPD 7.5, 'tag' reject policy scenario, IPv4: prefix in client's blacklist ... ok
-Live test, OpenBGPD 7.5, 'tag' reject policy scenario, IPv4: invalid ASN in AS_PATH ... ok
-Live test, OpenBGPD 7.5, 'tag' reject policy scenario, IPv4: invalid NEXT_HOP ... ok
-Live test, OpenBGPD 7.5, 'tag' reject policy scenario, IPv4: local black list ... ok
-Live test, OpenBGPD 7.5, 'tag' reject policy scenario, IPv4: prefix is not in IPv6 global unicast space ... SKIP: IPv6 only test
-Live test, OpenBGPD 7.5, 'tag' reject policy scenario, IPv4: origin not in as-macro ... ok
-Live test, OpenBGPD 7.5, 'tag' reject policy scenario, IPv4: invalid left-most ASN ... ok
-Live test, OpenBGPD 7.5, 'tag' reject policy scenario, IPv4: prefix length ... ok
-Live test, OpenBGPD 7.5, 'tag' reject policy scenario, IPv4: prefix not in as-macro ... ok
-Live test, OpenBGPD 7.5, 'tag' reject policy scenario, IPv4: RPKI INVALID route ... ok
-Live test, OpenBGPD 7.5, 'tag' reject policy scenario, IPv4: transit-free ASN in AS_PATH ... ok
-Live test, OpenBGPD 7.5, 'tag' reject policy scenario, IPv4: good routes not received ... ok
-Live test, OpenBGPD 7.5, 'tag' reject policy scenario, IPv4: prefixes received by clients: AS1_1 ... ok
-Live test, OpenBGPD 7.5, 'tag' reject policy scenario, IPv4: prefixes received by clients: AS1_2 ... ok
-Live test, OpenBGPD 7.5, 'tag' reject policy scenario, IPv4: prefixes received by clients: AS2 ... ok
-Live test, OpenBGPD 7.5, 'tag' reject policy scenario, IPv4: reconfigure ... ok
-Live test, OpenBGPD 7.5, 'tag' reject policy scenario, IPv4: log contains errors ... ok
-Live test, OpenBGPD 7.5, 'tag' reject policy scenario, IPv4: dumping rs config...
-Live test, OpenBGPD 7.5, 'tag' reject policy scenario, IPv4: dumping routes...
-Live test, OpenBGPD 7.5, 'tag' reject policy scenario, IPv4: stopping instances...
-Live test, OpenBGPD 7.5, 'tag' reject policy scenario, IPv6: setting instances up...
-Live test, OpenBGPD 7.5, 'tag' reject policy scenario, IPv6: instances setup ... ok
-Live test, OpenBGPD 7.5, 'tag' reject policy scenario, IPv6: sessions are up ... ok
-Live test, OpenBGPD 7.5, 'tag' reject policy scenario, IPv6: AS_PATH too long ... ok
-Live test, OpenBGPD 7.5, 'tag' reject policy scenario, IPv6: bogon prefix ... ok
-Live test, OpenBGPD 7.5, 'tag' reject policy scenario, IPv6: bogon prefix, wrong announcing ASN ... ok
-Live test, OpenBGPD 7.5, 'tag' reject policy scenario, IPv6: prefix in client's blacklist ... ok
-Live test, OpenBGPD 7.5, 'tag' reject policy scenario, IPv6: invalid ASN in AS_PATH ... ok
-Live test, OpenBGPD 7.5, 'tag' reject policy scenario, IPv6: invalid NEXT_HOP ... ok
-Live test, OpenBGPD 7.5, 'tag' reject policy scenario, IPv6: local black list ... ok
-Live test, OpenBGPD 7.5, 'tag' reject policy scenario, IPv6: prefix is not in IPv6 global unicast space ... ok
-Live test, OpenBGPD 7.5, 'tag' reject policy scenario, IPv6: origin not in as-macro ... ok
-Live test, OpenBGPD 7.5, 'tag' reject policy scenario, IPv6: invalid left-most ASN ... ok
-Live test, OpenBGPD 7.5, 'tag' reject policy scenario, IPv6: prefix length ... ok
-Live test, OpenBGPD 7.5, 'tag' reject policy scenario, IPv6: prefix not in as-macro ... ok
-Live test, OpenBGPD 7.5, 'tag' reject policy scenario, IPv6: RPKI INVALID route ... ok
-Live test, OpenBGPD 7.5, 'tag' reject policy scenario, IPv6: transit-free ASN in AS_PATH ... ok
-Live test, OpenBGPD 7.5, 'tag' reject policy scenario, IPv6: good routes not received ... ok
-Live test, OpenBGPD 7.5, 'tag' reject policy scenario, IPv6: prefixes received by clients: AS1_1 ... ok
-Live test, OpenBGPD 7.5, 'tag' reject policy scenario, IPv6: prefixes received by clients: AS1_2 ... ok
-Live test, OpenBGPD 7.5, 'tag' reject policy scenario, IPv6: prefixes received by clients: AS2 ... ok
-Live test, OpenBGPD 7.5, 'tag' reject policy scenario, IPv6: reconfigure ... ok
-Live test, OpenBGPD 7.5, 'tag' reject policy scenario, IPv6: log contains errors ... ok
-Live test, OpenBGPD 7.5, 'tag' reject policy scenario, IPv6: dumping rs config...
-Live test, OpenBGPD 7.5, 'tag' reject policy scenario, IPv6: dumping routes...
-Live test, OpenBGPD 7.5, 'tag' reject policy scenario, IPv6: stopping instances...
+Live test, OpenBGPD 7.7, 'tag' reject policy scenario, IPv4: setting instances up...
+Live test, OpenBGPD 7.7, 'tag' reject policy scenario, IPv4: instances setup ... ok
+Live test, OpenBGPD 7.7, 'tag' reject policy scenario, IPv4: sessions are up ... ok
+Live test, OpenBGPD 7.7, 'tag' reject policy scenario, IPv4: AS_PATH too long ... ok
+Live test, OpenBGPD 7.7, 'tag' reject policy scenario, IPv4: bogon prefix ... ok
+Live test, OpenBGPD 7.7, 'tag' reject policy scenario, IPv4: bogon prefix, wrong announcing ASN ... ok
+Live test, OpenBGPD 7.7, 'tag' reject policy scenario, IPv4: prefix in client's blacklist ... ok
+Live test, OpenBGPD 7.7, 'tag' reject policy scenario, IPv4: invalid ASN in AS_PATH ... ok
+Live test, OpenBGPD 7.7, 'tag' reject policy scenario, IPv4: invalid NEXT_HOP ... ok
+Live test, OpenBGPD 7.7, 'tag' reject policy scenario, IPv4: local black list ... ok
+Live test, OpenBGPD 7.7, 'tag' reject policy scenario, IPv4: prefix is not in IPv6 global unicast space ... SKIP: IPv6 only test
+Live test, OpenBGPD 7.7, 'tag' reject policy scenario, IPv4: origin not in as-macro ... ok
+Live test, OpenBGPD 7.7, 'tag' reject policy scenario, IPv4: invalid left-most ASN ... ok
+Live test, OpenBGPD 7.7, 'tag' reject policy scenario, IPv4: prefix length ... ok
+Live test, OpenBGPD 7.7, 'tag' reject policy scenario, IPv4: prefix not in as-macro ... ok
+Live test, OpenBGPD 7.7, 'tag' reject policy scenario, IPv4: RPKI INVALID route ... ok
+Live test, OpenBGPD 7.7, 'tag' reject policy scenario, IPv4: transit-free ASN in AS_PATH ... ok
+Live test, OpenBGPD 7.7, 'tag' reject policy scenario, IPv4: good routes not received ... ok
+Live test, OpenBGPD 7.7, 'tag' reject policy scenario, IPv4: prefixes received by clients: AS1_1 ... ok
+Live test, OpenBGPD 7.7, 'tag' reject policy scenario, IPv4: prefixes received by clients: AS1_2 ... ok
+Live test, OpenBGPD 7.7, 'tag' reject policy scenario, IPv4: prefixes received by clients: AS2 ... ok
+Live test, OpenBGPD 7.7, 'tag' reject policy scenario, IPv4: reconfigure ... ok
+Live test, OpenBGPD 7.7, 'tag' reject policy scenario, IPv4: log contains errors ... ok
+Live test, OpenBGPD 7.7, 'tag' reject policy scenario, IPv4: dumping rs config...
+Live test, OpenBGPD 7.7, 'tag' reject policy scenario, IPv4: dumping routes...
+Live test, OpenBGPD 7.7, 'tag' reject policy scenario, IPv4: stopping instances...
+Live test, OpenBGPD 7.7, 'tag' reject policy scenario, IPv6: setting instances up...
+Live test, OpenBGPD 7.7, 'tag' reject policy scenario, IPv6: instances setup ... ok
+Live test, OpenBGPD 7.7, 'tag' reject policy scenario, IPv6: sessions are up ... ok
+Live test, OpenBGPD 7.7, 'tag' reject policy scenario, IPv6: AS_PATH too long ... ok
+Live test, OpenBGPD 7.7, 'tag' reject policy scenario, IPv6: bogon prefix ... ok
+Live test, OpenBGPD 7.7, 'tag' reject policy scenario, IPv6: bogon prefix, wrong announcing ASN ... ok
+Live test, OpenBGPD 7.7, 'tag' reject policy scenario, IPv6: prefix in client's blacklist ... ok
+Live test, OpenBGPD 7.7, 'tag' reject policy scenario, IPv6: invalid ASN in AS_PATH ... ok
+Live test, OpenBGPD 7.7, 'tag' reject policy scenario, IPv6: invalid NEXT_HOP ... ok
+Live test, OpenBGPD 7.7, 'tag' reject policy scenario, IPv6: local black list ... ok
+Live test, OpenBGPD 7.7, 'tag' reject policy scenario, IPv6: prefix is not in IPv6 global unicast space ... ok
+Live test, OpenBGPD 7.7, 'tag' reject policy scenario, IPv6: origin not in as-macro ... ok
+Live test, OpenBGPD 7.7, 'tag' reject policy scenario, IPv6: invalid left-most ASN ... ok
+Live test, OpenBGPD 7.7, 'tag' reject policy scenario, IPv6: prefix length ... ok
+Live test, OpenBGPD 7.7, 'tag' reject policy scenario, IPv6: prefix not in as-macro ... ok
+Live test, OpenBGPD 7.7, 'tag' reject policy scenario, IPv6: RPKI INVALID route ... ok
+Live test, OpenBGPD 7.7, 'tag' reject policy scenario, IPv6: transit-free ASN in AS_PATH ... ok
+Live test, OpenBGPD 7.7, 'tag' reject policy scenario, IPv6: good routes not received ... ok
+Live test, OpenBGPD 7.7, 'tag' reject policy scenario, IPv6: prefixes received by clients: AS1_1 ... ok
+Live test, OpenBGPD 7.7, 'tag' reject policy scenario, IPv6: prefixes received by clients: AS1_2 ... ok
+Live test, OpenBGPD 7.7, 'tag' reject policy scenario, IPv6: prefixes received by clients: AS2 ... ok
+Live test, OpenBGPD 7.7, 'tag' reject policy scenario, IPv6: reconfigure ... ok
+Live test, OpenBGPD 7.7, 'tag' reject policy scenario, IPv6: log contains errors ... ok
+Live test, OpenBGPD 7.7, 'tag' reject policy scenario, IPv6: dumping rs config...
+Live test, OpenBGPD 7.7, 'tag' reject policy scenario, IPv6: dumping routes...
+Live test, OpenBGPD 7.7, 'tag' reject policy scenario, IPv6: stopping instances...
 
 ----------------------------------------------------------------------
-Ran 44 tests in 124.940s
+Ran 44 tests in 124.558s
 
 OK (SKIP=1)
diff --git a/tests/last.json b/tests/last.json
index 5fe29e1e..0be3ea09 100644
--- a/tests/last.json
+++ b/tests/last.json
@@ -1 +1 @@
-{"unique_test_cases":     2643}
+{"unique_test_cases":     2645}
diff --git a/tests/last_results/extres.last b/tests/last_results/extres.last
index a8f55924..30bd3fc5 100644
--- a/tests/last_results/extres.last
+++ b/tests/last_results/extres.last
@@ -15,6 +15,6 @@ External resources: prefixes from AS-SET via bgpq3 ... ok
 External resources: prefixes from AS-SET via bgpq4 ... ok
 
 ----------------------------------------------------------------------
-Ran 15 tests in 48.245s
+Ran 15 tests in 62.975s
 
 OK
diff --git a/tests/last_results/live_bird_hooks_example_bird1.last b/tests/last_results/live_bird_hooks_example_bird1.last
index 92337cca..5f01cabd 100644
--- a/tests/last_results/live_bird_hooks_example_bird1.last
+++ b/tests/last_results/live_bird_hooks_example_bird1.last
@@ -12,6 +12,6 @@ Live test, BIRD, hooks example, IPv6: dumping routes...
 Live test, BIRD, hooks example, IPv6: stopping instances...
 
 ----------------------------------------------------------------------
-Ran 4 tests in 14.255s
+Ran 4 tests in 15.078s
 
 OK
diff --git a/tests/last_results/live_communities_bird1.last b/tests/last_results/live_communities_bird1.last
index d3fafc0d..3dec994d 100644
--- a/tests/last_results/live_communities_bird1.last
+++ b/tests/last_results/live_communities_bird1.last
@@ -34,6 +34,6 @@ Live test, BIRD, BGP communities, IPv6: dumping routes...
 Live test, BIRD, BGP communities, IPv6: stopping instances...
 
 ----------------------------------------------------------------------
-Ran 26 tests in 64.025s
+Ran 26 tests in 69.024s
 
 OK
diff --git a/tests/last_results/live_communities_bird2.last b/tests/last_results/live_communities_bird2.last
index 16fe8ed2..4a390dc7 100644
--- a/tests/last_results/live_communities_bird2.last
+++ b/tests/last_results/live_communities_bird2.last
@@ -34,6 +34,6 @@ Live test, BIRD v2, BGP communities, IPv6: dumping routes...
 Live test, BIRD v2, BGP communities, IPv6: stopping instances...
 
 ----------------------------------------------------------------------
-Ran 26 tests in 63.218s
+Ran 26 tests in 67.131s
 
 OK
diff --git a/tests/last_results/live_communities_openbgpd_portable.last b/tests/last_results/live_communities_openbgpd_portable.last
index 4713e203..dfac1cf5 100644
--- a/tests/last_results/live_communities_openbgpd_portable.last
+++ b/tests/last_results/live_communities_openbgpd_portable.last
@@ -1,39 +1,39 @@
-Live test, OpenBGPD 7.5, BGP communities, IPv4: setting instances up...
-Live test, OpenBGPD 7.5, BGP communities, IPv4: instances setup ... ok
-Live test, OpenBGPD 7.5, BGP communities, IPv4: sessions are up ... ok
-Live test, OpenBGPD 7.5, BGP communities, IPv4: announce to AS1 only (ext) ... ok
-Live test, OpenBGPD 7.5, BGP communities, IPv4: announce to AS1 only (lrg) ... ok
-Live test, OpenBGPD 7.5, BGP communities, IPv4: announce to AS1 only (std) ... ok
-Live test, OpenBGPD 7.5, BGP communities, IPv4: announce to AS131073 only (ext) ... ok
-Live test, OpenBGPD 7.5, BGP communities, IPv4: announce to AS131073 only (lrg) ... ok
-Live test, OpenBGPD 7.5, BGP communities, IPv4: custom BGP community (ext) ... ok
-Live test, OpenBGPD 7.5, BGP communities, IPv4: custom BGP community (lrg) ... ok
-Live test, OpenBGPD 7.5, BGP communities, IPv4: custom BGP community (std) ... ok
-Live test, OpenBGPD 7.5, BGP communities, IPv4: custom BGP community scrubbed ... ok
-Live test, OpenBGPD 7.5, BGP communities, IPv4: reconfigure ... ok
-Live test, OpenBGPD 7.5, BGP communities, IPv4: log contains errors ... ok
-Live test, OpenBGPD 7.5, BGP communities, IPv4: dumping rs config...
-Live test, OpenBGPD 7.5, BGP communities, IPv4: dumping routes...
-Live test, OpenBGPD 7.5, BGP communities, IPv4: stopping instances...
-Live test, OpenBGPD 7.5, BGP communities, IPv6: setting instances up...
-Live test, OpenBGPD 7.5, BGP communities, IPv6: instances setup ... ok
-Live test, OpenBGPD 7.5, BGP communities, IPv6: sessions are up ... ok
-Live test, OpenBGPD 7.5, BGP communities, IPv6: announce to AS1 only (ext) ... ok
-Live test, OpenBGPD 7.5, BGP communities, IPv6: announce to AS1 only (lrg) ... ok
-Live test, OpenBGPD 7.5, BGP communities, IPv6: announce to AS1 only (std) ... ok
-Live test, OpenBGPD 7.5, BGP communities, IPv6: announce to AS131073 only (ext) ... ok
-Live test, OpenBGPD 7.5, BGP communities, IPv6: announce to AS131073 only (lrg) ... ok
-Live test, OpenBGPD 7.5, BGP communities, IPv6: custom BGP community (ext) ... ok
-Live test, OpenBGPD 7.5, BGP communities, IPv6: custom BGP community (lrg) ... ok
-Live test, OpenBGPD 7.5, BGP communities, IPv6: custom BGP community (std) ... ok
-Live test, OpenBGPD 7.5, BGP communities, IPv6: custom BGP community scrubbed ... ok
-Live test, OpenBGPD 7.5, BGP communities, IPv6: reconfigure ... ok
-Live test, OpenBGPD 7.5, BGP communities, IPv6: log contains errors ... ok
-Live test, OpenBGPD 7.5, BGP communities, IPv6: dumping rs config...
-Live test, OpenBGPD 7.5, BGP communities, IPv6: dumping routes...
-Live test, OpenBGPD 7.5, BGP communities, IPv6: stopping instances...
+Live test, OpenBGPD 7.7, BGP communities, IPv4: setting instances up...
+Live test, OpenBGPD 7.7, BGP communities, IPv4: instances setup ... ok
+Live test, OpenBGPD 7.7, BGP communities, IPv4: sessions are up ... ok
+Live test, OpenBGPD 7.7, BGP communities, IPv4: announce to AS1 only (ext) ... ok
+Live test, OpenBGPD 7.7, BGP communities, IPv4: announce to AS1 only (lrg) ... ok
+Live test, OpenBGPD 7.7, BGP communities, IPv4: announce to AS1 only (std) ... ok
+Live test, OpenBGPD 7.7, BGP communities, IPv4: announce to AS131073 only (ext) ... ok
+Live test, OpenBGPD 7.7, BGP communities, IPv4: announce to AS131073 only (lrg) ... ok
+Live test, OpenBGPD 7.7, BGP communities, IPv4: custom BGP community (ext) ... ok
+Live test, OpenBGPD 7.7, BGP communities, IPv4: custom BGP community (lrg) ... ok
+Live test, OpenBGPD 7.7, BGP communities, IPv4: custom BGP community (std) ... ok
+Live test, OpenBGPD 7.7, BGP communities, IPv4: custom BGP community scrubbed ... ok
+Live test, OpenBGPD 7.7, BGP communities, IPv4: reconfigure ... ok
+Live test, OpenBGPD 7.7, BGP communities, IPv4: log contains errors ... ok
+Live test, OpenBGPD 7.7, BGP communities, IPv4: dumping rs config...
+Live test, OpenBGPD 7.7, BGP communities, IPv4: dumping routes...
+Live test, OpenBGPD 7.7, BGP communities, IPv4: stopping instances...
+Live test, OpenBGPD 7.7, BGP communities, IPv6: setting instances up...
+Live test, OpenBGPD 7.7, BGP communities, IPv6: instances setup ... ok
+Live test, OpenBGPD 7.7, BGP communities, IPv6: sessions are up ... ok
+Live test, OpenBGPD 7.7, BGP communities, IPv6: announce to AS1 only (ext) ... ok
+Live test, OpenBGPD 7.7, BGP communities, IPv6: announce to AS1 only (lrg) ... ok
+Live test, OpenBGPD 7.7, BGP communities, IPv6: announce to AS1 only (std) ... ok
+Live test, OpenBGPD 7.7, BGP communities, IPv6: announce to AS131073 only (ext) ... ok
+Live test, OpenBGPD 7.7, BGP communities, IPv6: announce to AS131073 only (lrg) ... ok
+Live test, OpenBGPD 7.7, BGP communities, IPv6: custom BGP community (ext) ... ok
+Live test, OpenBGPD 7.7, BGP communities, IPv6: custom BGP community (lrg) ... ok
+Live test, OpenBGPD 7.7, BGP communities, IPv6: custom BGP community (std) ... ok
+Live test, OpenBGPD 7.7, BGP communities, IPv6: custom BGP community scrubbed ... ok
+Live test, OpenBGPD 7.7, BGP communities, IPv6: reconfigure ... ok
+Live test, OpenBGPD 7.7, BGP communities, IPv6: log contains errors ... ok
+Live test, OpenBGPD 7.7, BGP communities, IPv6: dumping rs config...
+Live test, OpenBGPD 7.7, BGP communities, IPv6: dumping routes...
+Live test, OpenBGPD 7.7, BGP communities, IPv6: stopping instances...
 
 ----------------------------------------------------------------------
-Ran 26 tests in 66.482s
+Ran 26 tests in 68.085s
 
 OK
diff --git a/tests/last_results/live_default_bird1.last b/tests/last_results/live_default_bird1.last
index cfb8af3c..9af09ea8 100644
--- a/tests/last_results/live_default_bird1.last
+++ b/tests/last_results/live_default_bird1.last
@@ -12,6 +12,6 @@ Live test, BIRD, default config, IPv6: dumping routes...
 Live test, BIRD, default config, IPv6: stopping instances...
 
 ----------------------------------------------------------------------
-Ran 4 tests in 15.047s
+Ran 4 tests in 16.964s
 
 OK
diff --git a/tests/last_results/live_default_bird2.last b/tests/last_results/live_default_bird2.last
index f14f1280..34c5fa5b 100644
--- a/tests/last_results/live_default_bird2.last
+++ b/tests/last_results/live_default_bird2.last
@@ -12,6 +12,6 @@ Live test, BIRD v2, default config, IPv6: dumping routes...
 Live test, BIRD v2, default config, IPv6: stopping instances...
 
 ----------------------------------------------------------------------
-Ran 4 tests in 14.591s
+Ran 4 tests in 15.314s
 
 OK
diff --git a/tests/last_results/live_default_openbgpd_portable.last b/tests/last_results/live_default_openbgpd_portable.last
index 4c72ec3a..c1ce05b5 100644
--- a/tests/last_results/live_default_openbgpd_portable.last
+++ b/tests/last_results/live_default_openbgpd_portable.last
@@ -1,17 +1,17 @@
-Live test, OpenBGPD 7.5, default config, IPv4: setting instances up...
-Live test, OpenBGPD 7.5, default config, IPv4: instances setup ... ok
-Live test, OpenBGPD 7.5, default config, IPv4: log contains errors ... ok
-Live test, OpenBGPD 7.5, default config, IPv4: dumping rs config...
-Live test, OpenBGPD 7.5, default config, IPv4: dumping routes...
-Live test, OpenBGPD 7.5, default config, IPv4: stopping instances...
-Live test, OpenBGPD 7.5, default config, IPv6: setting instances up...
-Live test, OpenBGPD 7.5, default config, IPv6: instances setup ... ok
-Live test, OpenBGPD 7.5, default config, IPv6: log contains errors ... ok
-Live test, OpenBGPD 7.5, default config, IPv6: dumping rs config...
-Live test, OpenBGPD 7.5, default config, IPv6: dumping routes...
-Live test, OpenBGPD 7.5, default config, IPv6: stopping instances...
+Live test, OpenBGPD 7.7, default config, IPv4: setting instances up...
+Live test, OpenBGPD 7.7, default config, IPv4: instances setup ... ok
+Live test, OpenBGPD 7.7, default config, IPv4: log contains errors ... ok
+Live test, OpenBGPD 7.7, default config, IPv4: dumping rs config...
+Live test, OpenBGPD 7.7, default config, IPv4: dumping routes...
+Live test, OpenBGPD 7.7, default config, IPv4: stopping instances...
+Live test, OpenBGPD 7.7, default config, IPv6: setting instances up...
+Live test, OpenBGPD 7.7, default config, IPv6: instances setup ... ok
+Live test, OpenBGPD 7.7, default config, IPv6: log contains errors ... ok
+Live test, OpenBGPD 7.7, default config, IPv6: dumping rs config...
+Live test, OpenBGPD 7.7, default config, IPv6: dumping routes...
+Live test, OpenBGPD 7.7, default config, IPv6: stopping instances...
 
 ----------------------------------------------------------------------
-Ran 4 tests in 11.577s
+Ran 4 tests in 12.137s
 
 OK
diff --git a/tests/last_results/live_global_bird1.last b/tests/last_results/live_global_bird1.last
index 8421e0d6..a0d83ffe 100644
--- a/tests/last_results/live_global_bird1.last
+++ b/tests/last_results/live_global_bird1.last
@@ -536,6 +536,6 @@ Live test, BIRD, global scenario, IPv6, tag&reject: dumping routes...
 Live test, BIRD, global scenario, IPv6, tag&reject: stopping instances...
 
 ----------------------------------------------------------------------
-Ran 512 tests in 509.215s
+Ran 512 tests in 540.852s
 
 OK (SKIP=6)
diff --git a/tests/last_results/live_global_bird2.last b/tests/last_results/live_global_bird2.last
index 1f968b87..5c0aa4d7 100644
--- a/tests/last_results/live_global_bird2.last
+++ b/tests/last_results/live_global_bird2.last
@@ -536,6 +536,6 @@ Live test, BIRD v2, global scenario, IPv6, tag&reject: dumping routes...
 Live test, BIRD v2, global scenario, IPv6, tag&reject: stopping instances...
 
 ----------------------------------------------------------------------
-Ran 512 tests in 499.002s
+Ran 512 tests in 513.873s
 
 OK (SKIP=6)
diff --git a/tests/last_results/live_global_openbgpd_portable.last b/tests/last_results/live_global_openbgpd_portable.last
index 62efed92..8f6ac85c 100644
--- a/tests/last_results/live_global_openbgpd_portable.last
+++ b/tests/last_results/live_global_openbgpd_portable.last
@@ -1,365 +1,365 @@
-Live test, OpenBGPD 7.5, global scenario, IPv4: setting instances up...
-Live test, OpenBGPD 7.5, global scenario, IPv4: instances setup ... ok
-Live test, OpenBGPD 7.5, global scenario, IPv4: sessions are up ... ok
-Live test, OpenBGPD 7.5, global scenario, IPv4: session configured via local include files ... ok
-Live test, OpenBGPD 7.5, global scenario, IPv4: good prefixes because of use_arin_bulk_whois_data ... ok
-Live test, OpenBGPD 7.5, global scenario, IPv4: good prefixes received by rs: IRRdb white-list ... ok
-Live test, OpenBGPD 7.5, global scenario, IPv4: good prefixes because of use_registrobr_bulk_whois_data ... ok
-Live test, OpenBGPD 7.5, global scenario, IPv4: good prefixes because of use_rpki_roas_as_route_objects: exact ... ok
-Live test, OpenBGPD 7.5, global scenario, IPv4: good prefixes because of use_rpki_roas_as_route_objects: covering ... ok
-Live test, OpenBGPD 7.5, global scenario, IPv4: good prefixes received by rs ... ok
-Live test, OpenBGPD 7.5, global scenario, IPv4: good prefixes received by rs: non-client NEXT_HOP ... ok
-Live test, OpenBGPD 7.5, global scenario, IPv4: bad prefixes received by rs: not IPv6 global unicast space ... ok
-Live test, OpenBGPD 7.5, global scenario, IPv4: bad prefixes received by rs: IRRdb white-list ... ok
-Live test, OpenBGPD 7.5, global scenario, IPv4: bad prefixes received by rs: AS_SET origin, RFC6907 7.1.9 ... ok
-Live test, OpenBGPD 7.5, global scenario, IPv4: bad prefixes received by rs: IRR check for AS_SET origin, BIRD ... SKIP: BIRD specific
-Live test, OpenBGPD 7.5, global scenario, IPv4: bad prefixes received by rs: IRR check for AS_SET origin, OpenBGPD ... ok
-Live test, OpenBGPD 7.5, global scenario, IPv4: bad prefixes received by rs: AS_PATH len ... ok
-Live test, OpenBGPD 7.5, global scenario, IPv4: bad prefixes received by rs: bogon ... ok
-Live test, OpenBGPD 7.5, global scenario, IPv4: bad prefixes received by rs: client blacklist ... ok
-Live test, OpenBGPD 7.5, global scenario, IPv4: bad prefixes received by rs: global blacklist ... ok
-Live test, OpenBGPD 7.5, global scenario, IPv4: bad prefixes received by rs: invalid ASN in AS-PATH ... ok
-Live test, OpenBGPD 7.5, global scenario, IPv4: bad prefixes received by rs: invalid NEXT_HOP ... ok
-Live test, OpenBGPD 7.5, global scenario, IPv4: bad prefixes received by rs: left-most ASN ... ok
-Live test, OpenBGPD 7.5, global scenario, IPv4: bad prefixes received by rs: never via route servers ASN in AS-PATH (asns list) ... ok
-Live test, OpenBGPD 7.5, global scenario, IPv4: bad prefixes received by rs: never via route servers ASN in AS-PATH (PeeringDB) ... ok
-Live test, OpenBGPD 7.5, global scenario, IPv4: bad prefixes received by rs: origin not in AS-SET ... ok
-Live test, OpenBGPD 7.5, global scenario, IPv4: bad prefixes received by rs: prefix not in AS-SET ... ok
-Live test, OpenBGPD 7.5, global scenario, IPv4: bad prefixes received by rs: invalid prefix-len ... ok
-Live test, OpenBGPD 7.5, global scenario, IPv4: bad prefixes received by rs: transit-free ASN in AS-PATH ... ok
-Live test, OpenBGPD 7.5, global scenario, IPv4: bad prefixes received by rs: transit-free ASN in AS-PATH from a transit peer ... ok
-Live test, OpenBGPD 7.5, global scenario, IPv4: bad prefixes received by rs: unknown NEXT_HOP ... ok
-Live test, OpenBGPD 7.5, global scenario, IPv4: bad prefixes received by rs: RPKI ROAs as route objects failed ... ok
-Live test, OpenBGPD 7.5, global scenario, IPv4: bad prefixes received by rs: default route ... ok
-Live test, OpenBGPD 7.5, global scenario, IPv4: bad prefixes not received by clients ... ok
-Live test, OpenBGPD 7.5, global scenario, IPv4: bad prefixes received by rs: bogon (wrong tag) ... ok
-Live test, OpenBGPD 7.5, global scenario, IPv4: bad prefixes received by rs: global blacklist (wrong tag) ... ok
-Live test, OpenBGPD 7.5, global scenario, IPv4: RPKI, blackhole request for a covered prefix ... ok
-Live test, OpenBGPD 7.5, global scenario, IPv4: RPKI, invalid prefix (bad ASN) received by rs ... ok
-Live test, OpenBGPD 7.5, global scenario, IPv4: RPKI, invalid prefix (bad length) received by rs ... ok
-Live test, OpenBGPD 7.5, global scenario, IPv4: RPKI, invalid prefix (bad ASN) not propagated to clients ... ok
-Live test, OpenBGPD 7.5, global scenario, IPv4: RPKI, valid prefix received by rs ... ok
-Live test, OpenBGPD 7.5, global scenario, IPv4: RPKI, valid prefix propagated to clients ... ok
-Live test, OpenBGPD 7.5, global scenario, IPv4: prefixes from AS101 received by its upstreams ... ok
-Live test, OpenBGPD 7.5, global scenario, IPv4: prefixes from AS101 received by rs ... ok
-Live test, OpenBGPD 7.5, global scenario, IPv4: bad communities as seen by AS101 upstreams ... ok
-Live test, OpenBGPD 7.5, global scenario, IPv4: bad communities scrubbed by rs (lrg) ... ok
-Live test, OpenBGPD 7.5, global scenario, IPv4: bad communities scrubbed by rs (std) ... ok
-Live test, OpenBGPD 7.5, global scenario, IPv4: other communities not scrubbed by rs (lrg) ... ok
-Live test, OpenBGPD 7.5, global scenario, IPv4: other communities not scrubbed by rs (std) ... ok
-Live test, OpenBGPD 7.5, global scenario, IPv4: blackhole filtering requests as seen by rs (BLACKHOLE) ... ok
-Live test, OpenBGPD 7.5, global scenario, IPv4: blackhole filtering requests as seen by rs (lrg cust) ... ok
-Live test, OpenBGPD 7.5, global scenario, IPv4: blackhole filtering requests as seen by rs (std cust) ... ok
-Live test, OpenBGPD 7.5, global scenario, IPv4: blackholed prefixes as seen by enabled clients (BLACKHOLE) ... ok
-Live test, OpenBGPD 7.5, global scenario, IPv4: blackholed prefixes as seen by enabled clients (lrg_cust) ... ok
-Live test, OpenBGPD 7.5, global scenario, IPv4: blackholed prefixes as seen by enabled clients (std_cust) ... ok
-Live test, OpenBGPD 7.5, global scenario, IPv4: blackholed prefixes not seen by not enabled clients ... ok
-Live test, OpenBGPD 7.5, global scenario, IPv4: gshut by an enabled client ... ok
-Live test, OpenBGPD 7.5, global scenario, IPv4: gshut by a not enabled client ... ok
-Live test, OpenBGPD 7.5, global scenario, IPv4: control communities, announce to AS1 only ... ok
-Live test, OpenBGPD 7.5, global scenario, IPv4: control communities, don't announce to any ... ok
-Live test, OpenBGPD 7.5, global scenario, IPv4: control communities, announce to all except AS1 ... ok
-Live test, OpenBGPD 7.5, global scenario, IPv4: control communities, prepend once to any ... ok
-Live test, OpenBGPD 7.5, global scenario, IPv4: control communities, prepend twice to any ... ok
-Live test, OpenBGPD 7.5, global scenario, IPv4: control communities, prepend thrice to any ... ok
-Live test, OpenBGPD 7.5, global scenario, IPv4: control communities, prepend once to AS1 ... ok
-Live test, OpenBGPD 7.5, global scenario, IPv4: control communities, prepend twice to AS2 ... ok
-Live test, OpenBGPD 7.5, global scenario, IPv4: control communities, prepend thrice to AS1, once to others ... ok
-Live test, OpenBGPD 7.5, global scenario, IPv4: control communities, NO_EXPORT to AS1 ... ok
-Live test, OpenBGPD 7.5, global scenario, IPv4: control communities, NO_EXPORT to any ... ok
-Live test, OpenBGPD 7.5, global scenario, IPv4: control communities, RFC1997 NO_EXPORT ... ok
-Live test, OpenBGPD 7.5, global scenario, IPv4: control communities, RTT, blackhole, not peers > 20 ms ... ok
-Live test, OpenBGPD 7.5, global scenario, IPv4: control communities, RTT, not peers > 15 ms ... ok
-Live test, OpenBGPD 7.5, global scenario, IPv4: control communities, RTT, not peers > 5 ms ... ok
-Live test, OpenBGPD 7.5, global scenario, IPv4: control communities, RTT, not peers > 5 ms + AS3 ... ok
-Live test, OpenBGPD 7.5, global scenario, IPv4: control communities, RTT, not peers <= 5 and > 100 ms ... ok
-Live test, OpenBGPD 7.5, global scenario, IPv4: control communities, RTT, only peers <= 15 ms ... ok
-Live test, OpenBGPD 7.5, global scenario, IPv4: control communities, RTT, only peers <= 5 ms ... ok
-Live test, OpenBGPD 7.5, global scenario, IPv4: control communities, RTT, ext comms, prepend 1x > 10 ms, 2x > 20 ms ... ok
-Live test, OpenBGPD 7.5, global scenario, IPv4: control communities, RTT, prepend 3x > 100 ms, 2x > 10 ms ... ok
-Live test, OpenBGPD 7.5, global scenario, IPv4: control communities, RTT, prepend 3x <= 5 ms, 2x <= 20 ms, 1x any ... ok
-Live test, OpenBGPD 7.5, global scenario, IPv4: prefixes received by clients: AS1_1 ... ok
-Live test, OpenBGPD 7.5, global scenario, IPv4: prefixes received by clients: AS1_2 ... ok
-Live test, OpenBGPD 7.5, global scenario, IPv4: prefixes received by clients: AS2 ... ok
-Live test, OpenBGPD 7.5, global scenario, IPv4: prefixes received by clients: AS3 ... ok
-Live test, OpenBGPD 7.5, global scenario, IPv4: prefixes received by clients: AS3 (with ADD-PATH) ... ok
-Live test, OpenBGPD 7.5, global scenario, IPv4: reconfigure ... ok
-Live test, OpenBGPD 7.5, global scenario, IPv4: log contains errors ... ok
-Live test, OpenBGPD 7.5, global scenario, IPv4: dumping rs config...
-Live test, OpenBGPD 7.5, global scenario, IPv4: dumping routes...
-Live test, OpenBGPD 7.5, global scenario, IPv4: stopping instances...
-Live test, OpenBGPD 7.5, global scenario, IPv6: setting instances up...
-Live test, OpenBGPD 7.5, global scenario, IPv6: instances setup ... ok
-Live test, OpenBGPD 7.5, global scenario, IPv6: sessions are up ... ok
-Live test, OpenBGPD 7.5, global scenario, IPv6: session configured via local include files ... ok
-Live test, OpenBGPD 7.5, global scenario, IPv6: good prefixes because of use_arin_bulk_whois_data ... ok
-Live test, OpenBGPD 7.5, global scenario, IPv6: good prefixes received by rs: IRRdb white-list ... ok
-Live test, OpenBGPD 7.5, global scenario, IPv6: good prefixes because of use_registrobr_bulk_whois_data ... ok
-Live test, OpenBGPD 7.5, global scenario, IPv6: good prefixes because of use_rpki_roas_as_route_objects: exact ... ok
-Live test, OpenBGPD 7.5, global scenario, IPv6: good prefixes because of use_rpki_roas_as_route_objects: covering ... ok
-Live test, OpenBGPD 7.5, global scenario, IPv6: good prefixes received by rs ... ok
-Live test, OpenBGPD 7.5, global scenario, IPv6: good prefixes received by rs: non-client NEXT_HOP ... ok
-Live test, OpenBGPD 7.5, global scenario, IPv6: bad prefixes received by rs: not IPv6 global unicast space ... ok
-Live test, OpenBGPD 7.5, global scenario, IPv6: bad prefixes received by rs: IRRdb white-list ... ok
-Live test, OpenBGPD 7.5, global scenario, IPv6: bad prefixes received by rs: AS_SET origin, RFC6907 7.1.9 ... ok
-Live test, OpenBGPD 7.5, global scenario, IPv6: bad prefixes received by rs: IRR check for AS_SET origin, BIRD ... SKIP: BIRD specific
-Live test, OpenBGPD 7.5, global scenario, IPv6: bad prefixes received by rs: IRR check for AS_SET origin, OpenBGPD ... ok
-Live test, OpenBGPD 7.5, global scenario, IPv6: bad prefixes received by rs: AS_PATH len ... ok
-Live test, OpenBGPD 7.5, global scenario, IPv6: bad prefixes received by rs: bogon ... ok
-Live test, OpenBGPD 7.5, global scenario, IPv6: bad prefixes received by rs: client blacklist ... ok
-Live test, OpenBGPD 7.5, global scenario, IPv6: bad prefixes received by rs: global blacklist ... ok
-Live test, OpenBGPD 7.5, global scenario, IPv6: bad prefixes received by rs: invalid ASN in AS-PATH ... ok
-Live test, OpenBGPD 7.5, global scenario, IPv6: bad prefixes received by rs: invalid NEXT_HOP ... ok
-Live test, OpenBGPD 7.5, global scenario, IPv6: bad prefixes received by rs: left-most ASN ... ok
-Live test, OpenBGPD 7.5, global scenario, IPv6: bad prefixes received by rs: never via route servers ASN in AS-PATH (asns list) ... ok
-Live test, OpenBGPD 7.5, global scenario, IPv6: bad prefixes received by rs: never via route servers ASN in AS-PATH (PeeringDB) ... ok
-Live test, OpenBGPD 7.5, global scenario, IPv6: bad prefixes received by rs: origin not in AS-SET ... ok
-Live test, OpenBGPD 7.5, global scenario, IPv6: bad prefixes received by rs: prefix not in AS-SET ... ok
-Live test, OpenBGPD 7.5, global scenario, IPv6: bad prefixes received by rs: invalid prefix-len ... ok
-Live test, OpenBGPD 7.5, global scenario, IPv6: bad prefixes received by rs: transit-free ASN in AS-PATH ... ok
-Live test, OpenBGPD 7.5, global scenario, IPv6: bad prefixes received by rs: transit-free ASN in AS-PATH from a transit peer ... ok
-Live test, OpenBGPD 7.5, global scenario, IPv6: bad prefixes received by rs: unknown NEXT_HOP ... ok
-Live test, OpenBGPD 7.5, global scenario, IPv6: bad prefixes received by rs: RPKI ROAs as route objects failed ... ok
-Live test, OpenBGPD 7.5, global scenario, IPv6: bad prefixes received by rs: default route ... ok
-Live test, OpenBGPD 7.5, global scenario, IPv6: bad prefixes not received by clients ... ok
-Live test, OpenBGPD 7.5, global scenario, IPv6: bad prefixes received by rs: bogon (wrong tag) ... ok
-Live test, OpenBGPD 7.5, global scenario, IPv6: bad prefixes received by rs: global blacklist (wrong tag) ... ok
-Live test, OpenBGPD 7.5, global scenario, IPv6: RPKI, blackhole request for a covered prefix ... ok
-Live test, OpenBGPD 7.5, global scenario, IPv6: RPKI, invalid prefix (bad ASN) received by rs ... ok
-Live test, OpenBGPD 7.5, global scenario, IPv6: RPKI, invalid prefix (bad length) received by rs ... ok
-Live test, OpenBGPD 7.5, global scenario, IPv6: RPKI, invalid prefix (bad ASN) not propagated to clients ... ok
-Live test, OpenBGPD 7.5, global scenario, IPv6: RPKI, valid prefix received by rs ... ok
-Live test, OpenBGPD 7.5, global scenario, IPv6: RPKI, valid prefix propagated to clients ... ok
-Live test, OpenBGPD 7.5, global scenario, IPv6: prefixes from AS101 received by its upstreams ... ok
-Live test, OpenBGPD 7.5, global scenario, IPv6: prefixes from AS101 received by rs ... ok
-Live test, OpenBGPD 7.5, global scenario, IPv6: bad communities as seen by AS101 upstreams ... ok
-Live test, OpenBGPD 7.5, global scenario, IPv6: bad communities scrubbed by rs (lrg) ... ok
-Live test, OpenBGPD 7.5, global scenario, IPv6: bad communities scrubbed by rs (std) ... ok
-Live test, OpenBGPD 7.5, global scenario, IPv6: other communities not scrubbed by rs (lrg) ... ok
-Live test, OpenBGPD 7.5, global scenario, IPv6: other communities not scrubbed by rs (std) ... ok
-Live test, OpenBGPD 7.5, global scenario, IPv6: blackhole filtering requests as seen by rs (BLACKHOLE) ... ok
-Live test, OpenBGPD 7.5, global scenario, IPv6: blackhole filtering requests as seen by rs (lrg cust) ... ok
-Live test, OpenBGPD 7.5, global scenario, IPv6: blackhole filtering requests as seen by rs (std cust) ... ok
-Live test, OpenBGPD 7.5, global scenario, IPv6: blackholed prefixes as seen by enabled clients (BLACKHOLE) ... ok
-Live test, OpenBGPD 7.5, global scenario, IPv6: blackholed prefixes as seen by enabled clients (lrg_cust) ... ok
-Live test, OpenBGPD 7.5, global scenario, IPv6: blackholed prefixes as seen by enabled clients (std_cust) ... ok
-Live test, OpenBGPD 7.5, global scenario, IPv6: blackholed prefixes not seen by not enabled clients ... ok
-Live test, OpenBGPD 7.5, global scenario, IPv6: gshut by an enabled client ... ok
-Live test, OpenBGPD 7.5, global scenario, IPv6: gshut by a not enabled client ... ok
-Live test, OpenBGPD 7.5, global scenario, IPv6: control communities, announce to AS1 only ... ok
-Live test, OpenBGPD 7.5, global scenario, IPv6: control communities, don't announce to any ... ok
-Live test, OpenBGPD 7.5, global scenario, IPv6: control communities, announce to all except AS1 ... ok
-Live test, OpenBGPD 7.5, global scenario, IPv6: control communities, prepend once to any ... ok
-Live test, OpenBGPD 7.5, global scenario, IPv6: control communities, prepend twice to any ... ok
-Live test, OpenBGPD 7.5, global scenario, IPv6: control communities, prepend thrice to any ... ok
-Live test, OpenBGPD 7.5, global scenario, IPv6: control communities, prepend once to AS1 ... ok
-Live test, OpenBGPD 7.5, global scenario, IPv6: control communities, prepend twice to AS2 ... ok
-Live test, OpenBGPD 7.5, global scenario, IPv6: control communities, prepend thrice to AS1, once to others ... ok
-Live test, OpenBGPD 7.5, global scenario, IPv6: control communities, NO_EXPORT to AS1 ... ok
-Live test, OpenBGPD 7.5, global scenario, IPv6: control communities, NO_EXPORT to any ... ok
-Live test, OpenBGPD 7.5, global scenario, IPv6: control communities, RFC1997 NO_EXPORT ... ok
-Live test, OpenBGPD 7.5, global scenario, IPv6: control communities, RTT, blackhole, not peers > 20 ms ... ok
-Live test, OpenBGPD 7.5, global scenario, IPv6: control communities, RTT, not peers > 15 ms ... ok
-Live test, OpenBGPD 7.5, global scenario, IPv6: control communities, RTT, not peers > 5 ms ... ok
-Live test, OpenBGPD 7.5, global scenario, IPv6: control communities, RTT, not peers > 5 ms + AS3 ... ok
-Live test, OpenBGPD 7.5, global scenario, IPv6: control communities, RTT, not peers <= 5 and > 100 ms ... ok
-Live test, OpenBGPD 7.5, global scenario, IPv6: control communities, RTT, only peers <= 15 ms ... ok
-Live test, OpenBGPD 7.5, global scenario, IPv6: control communities, RTT, only peers <= 5 ms ... ok
-Live test, OpenBGPD 7.5, global scenario, IPv6: control communities, RTT, ext comms, prepend 1x > 10 ms, 2x > 20 ms ... ok
-Live test, OpenBGPD 7.5, global scenario, IPv6: control communities, RTT, prepend 3x > 100 ms, 2x > 10 ms ... ok
-Live test, OpenBGPD 7.5, global scenario, IPv6: control communities, RTT, prepend 3x <= 5 ms, 2x <= 20 ms, 1x any ... ok
-Live test, OpenBGPD 7.5, global scenario, IPv6: prefixes received by clients: AS1_1 ... ok
-Live test, OpenBGPD 7.5, global scenario, IPv6: prefixes received by clients: AS1_2 ... ok
-Live test, OpenBGPD 7.5, global scenario, IPv6: prefixes received by clients: AS2 ... ok
-Live test, OpenBGPD 7.5, global scenario, IPv6: prefixes received by clients: AS3 ... ok
-Live test, OpenBGPD 7.5, global scenario, IPv6: prefixes received by clients: AS3 (with ADD-PATH) ... ok
-Live test, OpenBGPD 7.5, global scenario, IPv6: reconfigure ... ok
-Live test, OpenBGPD 7.5, global scenario, IPv6: log contains errors ... ok
-Live test, OpenBGPD 7.5, global scenario, IPv6: dumping rs config...
-Live test, OpenBGPD 7.5, global scenario, IPv6: dumping routes...
-Live test, OpenBGPD 7.5, global scenario, IPv6: stopping instances...
-Live test, OpenBGPD 7.4, global scenario, IPv4: setting instances up...
-Live test, OpenBGPD 7.4, global scenario, IPv4: instances setup ... ok
-Live test, OpenBGPD 7.4, global scenario, IPv4: sessions are up ... ok
-Live test, OpenBGPD 7.4, global scenario, IPv4: session configured via local include files ... ok
-Live test, OpenBGPD 7.4, global scenario, IPv4: good prefixes because of use_arin_bulk_whois_data ... ok
-Live test, OpenBGPD 7.4, global scenario, IPv4: good prefixes received by rs: IRRdb white-list ... ok
-Live test, OpenBGPD 7.4, global scenario, IPv4: good prefixes because of use_registrobr_bulk_whois_data ... ok
-Live test, OpenBGPD 7.4, global scenario, IPv4: good prefixes because of use_rpki_roas_as_route_objects: exact ... ok
-Live test, OpenBGPD 7.4, global scenario, IPv4: good prefixes because of use_rpki_roas_as_route_objects: covering ... ok
-Live test, OpenBGPD 7.4, global scenario, IPv4: good prefixes received by rs ... ok
-Live test, OpenBGPD 7.4, global scenario, IPv4: good prefixes received by rs: non-client NEXT_HOP ... ok
-Live test, OpenBGPD 7.4, global scenario, IPv4: bad prefixes received by rs: not IPv6 global unicast space ... ok
-Live test, OpenBGPD 7.4, global scenario, IPv4: bad prefixes received by rs: IRRdb white-list ... ok
-Live test, OpenBGPD 7.4, global scenario, IPv4: bad prefixes received by rs: AS_SET origin, RFC6907 7.1.9 ... ok
-Live test, OpenBGPD 7.4, global scenario, IPv4: bad prefixes received by rs: IRR check for AS_SET origin, BIRD ... SKIP: BIRD specific
-Live test, OpenBGPD 7.4, global scenario, IPv4: bad prefixes received by rs: IRR check for AS_SET origin, OpenBGPD ... ok
-Live test, OpenBGPD 7.4, global scenario, IPv4: bad prefixes received by rs: AS_PATH len ... ok
-Live test, OpenBGPD 7.4, global scenario, IPv4: bad prefixes received by rs: bogon ... ok
-Live test, OpenBGPD 7.4, global scenario, IPv4: bad prefixes received by rs: client blacklist ... ok
-Live test, OpenBGPD 7.4, global scenario, IPv4: bad prefixes received by rs: global blacklist ... ok
-Live test, OpenBGPD 7.4, global scenario, IPv4: bad prefixes received by rs: invalid ASN in AS-PATH ... ok
-Live test, OpenBGPD 7.4, global scenario, IPv4: bad prefixes received by rs: invalid NEXT_HOP ... ok
-Live test, OpenBGPD 7.4, global scenario, IPv4: bad prefixes received by rs: left-most ASN ... ok
-Live test, OpenBGPD 7.4, global scenario, IPv4: bad prefixes received by rs: never via route servers ASN in AS-PATH (asns list) ... ok
-Live test, OpenBGPD 7.4, global scenario, IPv4: bad prefixes received by rs: never via route servers ASN in AS-PATH (PeeringDB) ... ok
-Live test, OpenBGPD 7.4, global scenario, IPv4: bad prefixes received by rs: origin not in AS-SET ... ok
-Live test, OpenBGPD 7.4, global scenario, IPv4: bad prefixes received by rs: prefix not in AS-SET ... ok
-Live test, OpenBGPD 7.4, global scenario, IPv4: bad prefixes received by rs: invalid prefix-len ... ok
-Live test, OpenBGPD 7.4, global scenario, IPv4: bad prefixes received by rs: transit-free ASN in AS-PATH ... ok
-Live test, OpenBGPD 7.4, global scenario, IPv4: bad prefixes received by rs: transit-free ASN in AS-PATH from a transit peer ... ok
-Live test, OpenBGPD 7.4, global scenario, IPv4: bad prefixes received by rs: unknown NEXT_HOP ... ok
-Live test, OpenBGPD 7.4, global scenario, IPv4: bad prefixes received by rs: RPKI ROAs as route objects failed ... ok
-Live test, OpenBGPD 7.4, global scenario, IPv4: bad prefixes received by rs: default route ... ok
-Live test, OpenBGPD 7.4, global scenario, IPv4: bad prefixes not received by clients ... ok
-Live test, OpenBGPD 7.4, global scenario, IPv4: bad prefixes received by rs: bogon (wrong tag) ... ok
-Live test, OpenBGPD 7.4, global scenario, IPv4: bad prefixes received by rs: global blacklist (wrong tag) ... ok
-Live test, OpenBGPD 7.4, global scenario, IPv4: RPKI, blackhole request for a covered prefix ... ok
-Live test, OpenBGPD 7.4, global scenario, IPv4: RPKI, invalid prefix (bad ASN) received by rs ... ok
-Live test, OpenBGPD 7.4, global scenario, IPv4: RPKI, invalid prefix (bad length) received by rs ... ok
-Live test, OpenBGPD 7.4, global scenario, IPv4: RPKI, invalid prefix (bad ASN) not propagated to clients ... ok
-Live test, OpenBGPD 7.4, global scenario, IPv4: RPKI, valid prefix received by rs ... ok
-Live test, OpenBGPD 7.4, global scenario, IPv4: RPKI, valid prefix propagated to clients ... ok
-Live test, OpenBGPD 7.4, global scenario, IPv4: prefixes from AS101 received by its upstreams ... ok
-Live test, OpenBGPD 7.4, global scenario, IPv4: prefixes from AS101 received by rs ... ok
-Live test, OpenBGPD 7.4, global scenario, IPv4: bad communities as seen by AS101 upstreams ... ok
-Live test, OpenBGPD 7.4, global scenario, IPv4: bad communities scrubbed by rs (lrg) ... ok
-Live test, OpenBGPD 7.4, global scenario, IPv4: bad communities scrubbed by rs (std) ... ok
-Live test, OpenBGPD 7.4, global scenario, IPv4: other communities not scrubbed by rs (lrg) ... ok
-Live test, OpenBGPD 7.4, global scenario, IPv4: other communities not scrubbed by rs (std) ... ok
-Live test, OpenBGPD 7.4, global scenario, IPv4: blackhole filtering requests as seen by rs (BLACKHOLE) ... ok
-Live test, OpenBGPD 7.4, global scenario, IPv4: blackhole filtering requests as seen by rs (lrg cust) ... ok
-Live test, OpenBGPD 7.4, global scenario, IPv4: blackhole filtering requests as seen by rs (std cust) ... ok
-Live test, OpenBGPD 7.4, global scenario, IPv4: blackholed prefixes as seen by enabled clients (BLACKHOLE) ... ok
-Live test, OpenBGPD 7.4, global scenario, IPv4: blackholed prefixes as seen by enabled clients (lrg_cust) ... ok
-Live test, OpenBGPD 7.4, global scenario, IPv4: blackholed prefixes as seen by enabled clients (std_cust) ... ok
-Live test, OpenBGPD 7.4, global scenario, IPv4: blackholed prefixes not seen by not enabled clients ... ok
-Live test, OpenBGPD 7.4, global scenario, IPv4: gshut by an enabled client ... ok
-Live test, OpenBGPD 7.4, global scenario, IPv4: gshut by a not enabled client ... ok
-Live test, OpenBGPD 7.4, global scenario, IPv4: control communities, announce to AS1 only ... ok
-Live test, OpenBGPD 7.4, global scenario, IPv4: control communities, don't announce to any ... ok
-Live test, OpenBGPD 7.4, global scenario, IPv4: control communities, announce to all except AS1 ... ok
-Live test, OpenBGPD 7.4, global scenario, IPv4: control communities, prepend once to any ... ok
-Live test, OpenBGPD 7.4, global scenario, IPv4: control communities, prepend twice to any ... ok
-Live test, OpenBGPD 7.4, global scenario, IPv4: control communities, prepend thrice to any ... ok
-Live test, OpenBGPD 7.4, global scenario, IPv4: control communities, prepend once to AS1 ... ok
-Live test, OpenBGPD 7.4, global scenario, IPv4: control communities, prepend twice to AS2 ... ok
-Live test, OpenBGPD 7.4, global scenario, IPv4: control communities, prepend thrice to AS1, once to others ... ok
-Live test, OpenBGPD 7.4, global scenario, IPv4: control communities, NO_EXPORT to AS1 ... ok
-Live test, OpenBGPD 7.4, global scenario, IPv4: control communities, NO_EXPORT to any ... ok
-Live test, OpenBGPD 7.4, global scenario, IPv4: control communities, RFC1997 NO_EXPORT ... ok
-Live test, OpenBGPD 7.4, global scenario, IPv4: control communities, RTT, blackhole, not peers > 20 ms ... ok
-Live test, OpenBGPD 7.4, global scenario, IPv4: control communities, RTT, not peers > 15 ms ... ok
-Live test, OpenBGPD 7.4, global scenario, IPv4: control communities, RTT, not peers > 5 ms ... ok
-Live test, OpenBGPD 7.4, global scenario, IPv4: control communities, RTT, not peers > 5 ms + AS3 ... ok
-Live test, OpenBGPD 7.4, global scenario, IPv4: control communities, RTT, not peers <= 5 and > 100 ms ... ok
-Live test, OpenBGPD 7.4, global scenario, IPv4: control communities, RTT, only peers <= 15 ms ... ok
-Live test, OpenBGPD 7.4, global scenario, IPv4: control communities, RTT, only peers <= 5 ms ... ok
-Live test, OpenBGPD 7.4, global scenario, IPv4: control communities, RTT, ext comms, prepend 1x > 10 ms, 2x > 20 ms ... ok
-Live test, OpenBGPD 7.4, global scenario, IPv4: control communities, RTT, prepend 3x > 100 ms, 2x > 10 ms ... ok
-Live test, OpenBGPD 7.4, global scenario, IPv4: control communities, RTT, prepend 3x <= 5 ms, 2x <= 20 ms, 1x any ... ok
-Live test, OpenBGPD 7.4, global scenario, IPv4: prefixes received by clients: AS1_1 ... ok
-Live test, OpenBGPD 7.4, global scenario, IPv4: prefixes received by clients: AS1_2 ... ok
-Live test, OpenBGPD 7.4, global scenario, IPv4: prefixes received by clients: AS2 ... ok
-Live test, OpenBGPD 7.4, global scenario, IPv4: prefixes received by clients: AS3 ... ok
-Live test, OpenBGPD 7.4, global scenario, IPv4: prefixes received by clients: AS3 (with ADD-PATH) ... SKIP: ADD-PATH not supported by OpenBGPD < 7.5
-Live test, OpenBGPD 7.4, global scenario, IPv4: reconfigure ... ok
-Live test, OpenBGPD 7.4, global scenario, IPv4: log contains errors ... ok
-Live test, OpenBGPD 7.4, global scenario, IPv4: dumping rs config...
-Live test, OpenBGPD 7.4, global scenario, IPv4: dumping routes...
-Live test, OpenBGPD 7.4, global scenario, IPv4: stopping instances...
-Live test, OpenBGPD 7.4, global scenario, IPv6: setting instances up...
-Live test, OpenBGPD 7.4, global scenario, IPv6: instances setup ... ok
-Live test, OpenBGPD 7.4, global scenario, IPv6: sessions are up ... ok
-Live test, OpenBGPD 7.4, global scenario, IPv6: session configured via local include files ... ok
-Live test, OpenBGPD 7.4, global scenario, IPv6: good prefixes because of use_arin_bulk_whois_data ... ok
-Live test, OpenBGPD 7.4, global scenario, IPv6: good prefixes received by rs: IRRdb white-list ... ok
-Live test, OpenBGPD 7.4, global scenario, IPv6: good prefixes because of use_registrobr_bulk_whois_data ... ok
-Live test, OpenBGPD 7.4, global scenario, IPv6: good prefixes because of use_rpki_roas_as_route_objects: exact ... ok
-Live test, OpenBGPD 7.4, global scenario, IPv6: good prefixes because of use_rpki_roas_as_route_objects: covering ... ok
-Live test, OpenBGPD 7.4, global scenario, IPv6: good prefixes received by rs ... ok
-Live test, OpenBGPD 7.4, global scenario, IPv6: good prefixes received by rs: non-client NEXT_HOP ... ok
-Live test, OpenBGPD 7.4, global scenario, IPv6: bad prefixes received by rs: not IPv6 global unicast space ... ok
-Live test, OpenBGPD 7.4, global scenario, IPv6: bad prefixes received by rs: IRRdb white-list ... ok
-Live test, OpenBGPD 7.4, global scenario, IPv6: bad prefixes received by rs: AS_SET origin, RFC6907 7.1.9 ... ok
-Live test, OpenBGPD 7.4, global scenario, IPv6: bad prefixes received by rs: IRR check for AS_SET origin, BIRD ... SKIP: BIRD specific
-Live test, OpenBGPD 7.4, global scenario, IPv6: bad prefixes received by rs: IRR check for AS_SET origin, OpenBGPD ... ok
-Live test, OpenBGPD 7.4, global scenario, IPv6: bad prefixes received by rs: AS_PATH len ... ok
-Live test, OpenBGPD 7.4, global scenario, IPv6: bad prefixes received by rs: bogon ... ok
-Live test, OpenBGPD 7.4, global scenario, IPv6: bad prefixes received by rs: client blacklist ... ok
-Live test, OpenBGPD 7.4, global scenario, IPv6: bad prefixes received by rs: global blacklist ... ok
-Live test, OpenBGPD 7.4, global scenario, IPv6: bad prefixes received by rs: invalid ASN in AS-PATH ... ok
-Live test, OpenBGPD 7.4, global scenario, IPv6: bad prefixes received by rs: invalid NEXT_HOP ... ok
-Live test, OpenBGPD 7.4, global scenario, IPv6: bad prefixes received by rs: left-most ASN ... ok
-Live test, OpenBGPD 7.4, global scenario, IPv6: bad prefixes received by rs: never via route servers ASN in AS-PATH (asns list) ... ok
-Live test, OpenBGPD 7.4, global scenario, IPv6: bad prefixes received by rs: never via route servers ASN in AS-PATH (PeeringDB) ... ok
-Live test, OpenBGPD 7.4, global scenario, IPv6: bad prefixes received by rs: origin not in AS-SET ... ok
-Live test, OpenBGPD 7.4, global scenario, IPv6: bad prefixes received by rs: prefix not in AS-SET ... ok
-Live test, OpenBGPD 7.4, global scenario, IPv6: bad prefixes received by rs: invalid prefix-len ... ok
-Live test, OpenBGPD 7.4, global scenario, IPv6: bad prefixes received by rs: transit-free ASN in AS-PATH ... ok
-Live test, OpenBGPD 7.4, global scenario, IPv6: bad prefixes received by rs: transit-free ASN in AS-PATH from a transit peer ... ok
-Live test, OpenBGPD 7.4, global scenario, IPv6: bad prefixes received by rs: unknown NEXT_HOP ... ok
-Live test, OpenBGPD 7.4, global scenario, IPv6: bad prefixes received by rs: RPKI ROAs as route objects failed ... ok
-Live test, OpenBGPD 7.4, global scenario, IPv6: bad prefixes received by rs: default route ... ok
-Live test, OpenBGPD 7.4, global scenario, IPv6: bad prefixes not received by clients ... ok
-Live test, OpenBGPD 7.4, global scenario, IPv6: bad prefixes received by rs: bogon (wrong tag) ... ok
-Live test, OpenBGPD 7.4, global scenario, IPv6: bad prefixes received by rs: global blacklist (wrong tag) ... ok
-Live test, OpenBGPD 7.4, global scenario, IPv6: RPKI, blackhole request for a covered prefix ... ok
-Live test, OpenBGPD 7.4, global scenario, IPv6: RPKI, invalid prefix (bad ASN) received by rs ... ok
-Live test, OpenBGPD 7.4, global scenario, IPv6: RPKI, invalid prefix (bad length) received by rs ... ok
-Live test, OpenBGPD 7.4, global scenario, IPv6: RPKI, invalid prefix (bad ASN) not propagated to clients ... ok
-Live test, OpenBGPD 7.4, global scenario, IPv6: RPKI, valid prefix received by rs ... ok
-Live test, OpenBGPD 7.4, global scenario, IPv6: RPKI, valid prefix propagated to clients ... ok
-Live test, OpenBGPD 7.4, global scenario, IPv6: prefixes from AS101 received by its upstreams ... ok
-Live test, OpenBGPD 7.4, global scenario, IPv6: prefixes from AS101 received by rs ... ok
-Live test, OpenBGPD 7.4, global scenario, IPv6: bad communities as seen by AS101 upstreams ... ok
-Live test, OpenBGPD 7.4, global scenario, IPv6: bad communities scrubbed by rs (lrg) ... ok
-Live test, OpenBGPD 7.4, global scenario, IPv6: bad communities scrubbed by rs (std) ... ok
-Live test, OpenBGPD 7.4, global scenario, IPv6: other communities not scrubbed by rs (lrg) ... ok
-Live test, OpenBGPD 7.4, global scenario, IPv6: other communities not scrubbed by rs (std) ... ok
-Live test, OpenBGPD 7.4, global scenario, IPv6: blackhole filtering requests as seen by rs (BLACKHOLE) ... ok
-Live test, OpenBGPD 7.4, global scenario, IPv6: blackhole filtering requests as seen by rs (lrg cust) ... ok
-Live test, OpenBGPD 7.4, global scenario, IPv6: blackhole filtering requests as seen by rs (std cust) ... ok
-Live test, OpenBGPD 7.4, global scenario, IPv6: blackholed prefixes as seen by enabled clients (BLACKHOLE) ... ok
-Live test, OpenBGPD 7.4, global scenario, IPv6: blackholed prefixes as seen by enabled clients (lrg_cust) ... ok
-Live test, OpenBGPD 7.4, global scenario, IPv6: blackholed prefixes as seen by enabled clients (std_cust) ... ok
-Live test, OpenBGPD 7.4, global scenario, IPv6: blackholed prefixes not seen by not enabled clients ... ok
-Live test, OpenBGPD 7.4, global scenario, IPv6: gshut by an enabled client ... ok
-Live test, OpenBGPD 7.4, global scenario, IPv6: gshut by a not enabled client ... ok
-Live test, OpenBGPD 7.4, global scenario, IPv6: control communities, announce to AS1 only ... ok
-Live test, OpenBGPD 7.4, global scenario, IPv6: control communities, don't announce to any ... ok
-Live test, OpenBGPD 7.4, global scenario, IPv6: control communities, announce to all except AS1 ... ok
-Live test, OpenBGPD 7.4, global scenario, IPv6: control communities, prepend once to any ... ok
-Live test, OpenBGPD 7.4, global scenario, IPv6: control communities, prepend twice to any ... ok
-Live test, OpenBGPD 7.4, global scenario, IPv6: control communities, prepend thrice to any ... ok
-Live test, OpenBGPD 7.4, global scenario, IPv6: control communities, prepend once to AS1 ... ok
-Live test, OpenBGPD 7.4, global scenario, IPv6: control communities, prepend twice to AS2 ... ok
-Live test, OpenBGPD 7.4, global scenario, IPv6: control communities, prepend thrice to AS1, once to others ... ok
-Live test, OpenBGPD 7.4, global scenario, IPv6: control communities, NO_EXPORT to AS1 ... ok
-Live test, OpenBGPD 7.4, global scenario, IPv6: control communities, NO_EXPORT to any ... ok
-Live test, OpenBGPD 7.4, global scenario, IPv6: control communities, RFC1997 NO_EXPORT ... ok
-Live test, OpenBGPD 7.4, global scenario, IPv6: control communities, RTT, blackhole, not peers > 20 ms ... ok
-Live test, OpenBGPD 7.4, global scenario, IPv6: control communities, RTT, not peers > 15 ms ... ok
-Live test, OpenBGPD 7.4, global scenario, IPv6: control communities, RTT, not peers > 5 ms ... ok
-Live test, OpenBGPD 7.4, global scenario, IPv6: control communities, RTT, not peers > 5 ms + AS3 ... ok
-Live test, OpenBGPD 7.4, global scenario, IPv6: control communities, RTT, not peers <= 5 and > 100 ms ... ok
-Live test, OpenBGPD 7.4, global scenario, IPv6: control communities, RTT, only peers <= 15 ms ... ok
-Live test, OpenBGPD 7.4, global scenario, IPv6: control communities, RTT, only peers <= 5 ms ... ok
-Live test, OpenBGPD 7.4, global scenario, IPv6: control communities, RTT, ext comms, prepend 1x > 10 ms, 2x > 20 ms ... ok
-Live test, OpenBGPD 7.4, global scenario, IPv6: control communities, RTT, prepend 3x > 100 ms, 2x > 10 ms ... ok
-Live test, OpenBGPD 7.4, global scenario, IPv6: control communities, RTT, prepend 3x <= 5 ms, 2x <= 20 ms, 1x any ... ok
-Live test, OpenBGPD 7.4, global scenario, IPv6: prefixes received by clients: AS1_1 ... ok
-Live test, OpenBGPD 7.4, global scenario, IPv6: prefixes received by clients: AS1_2 ... ok
-Live test, OpenBGPD 7.4, global scenario, IPv6: prefixes received by clients: AS2 ... ok
-Live test, OpenBGPD 7.4, global scenario, IPv6: prefixes received by clients: AS3 ... ok
-Live test, OpenBGPD 7.4, global scenario, IPv6: prefixes received by clients: AS3 (with ADD-PATH) ... SKIP: ADD-PATH not supported by OpenBGPD < 7.5
-Live test, OpenBGPD 7.4, global scenario, IPv6: reconfigure ... ok
-Live test, OpenBGPD 7.4, global scenario, IPv6: log contains errors ... ok
-Live test, OpenBGPD 7.4, global scenario, IPv6: dumping rs config...
-Live test, OpenBGPD 7.4, global scenario, IPv6: dumping routes...
-Live test, OpenBGPD 7.4, global scenario, IPv6: stopping instances...
+Live test, OpenBGPD 7.7, global scenario, IPv4: setting instances up...
+Live test, OpenBGPD 7.7, global scenario, IPv4: instances setup ... ok
+Live test, OpenBGPD 7.7, global scenario, IPv4: sessions are up ... ok
+Live test, OpenBGPD 7.7, global scenario, IPv4: session configured via local include files ... ok
+Live test, OpenBGPD 7.7, global scenario, IPv4: good prefixes because of use_arin_bulk_whois_data ... ok
+Live test, OpenBGPD 7.7, global scenario, IPv4: good prefixes received by rs: IRRdb white-list ... ok
+Live test, OpenBGPD 7.7, global scenario, IPv4: good prefixes because of use_registrobr_bulk_whois_data ... ok
+Live test, OpenBGPD 7.7, global scenario, IPv4: good prefixes because of use_rpki_roas_as_route_objects: exact ... ok
+Live test, OpenBGPD 7.7, global scenario, IPv4: good prefixes because of use_rpki_roas_as_route_objects: covering ... ok
+Live test, OpenBGPD 7.7, global scenario, IPv4: good prefixes received by rs ... ok
+Live test, OpenBGPD 7.7, global scenario, IPv4: good prefixes received by rs: non-client NEXT_HOP ... ok
+Live test, OpenBGPD 7.7, global scenario, IPv4: bad prefixes received by rs: not IPv6 global unicast space ... ok
+Live test, OpenBGPD 7.7, global scenario, IPv4: bad prefixes received by rs: IRRdb white-list ... ok
+Live test, OpenBGPD 7.7, global scenario, IPv4: bad prefixes received by rs: AS_SET origin, RFC6907 7.1.9 ... ok
+Live test, OpenBGPD 7.7, global scenario, IPv4: bad prefixes received by rs: IRR check for AS_SET origin, BIRD ... SKIP: BIRD specific
+Live test, OpenBGPD 7.7, global scenario, IPv4: bad prefixes received by rs: IRR check for AS_SET origin, OpenBGPD ... ok
+Live test, OpenBGPD 7.7, global scenario, IPv4: bad prefixes received by rs: AS_PATH len ... ok
+Live test, OpenBGPD 7.7, global scenario, IPv4: bad prefixes received by rs: bogon ... ok
+Live test, OpenBGPD 7.7, global scenario, IPv4: bad prefixes received by rs: client blacklist ... ok
+Live test, OpenBGPD 7.7, global scenario, IPv4: bad prefixes received by rs: global blacklist ... ok
+Live test, OpenBGPD 7.7, global scenario, IPv4: bad prefixes received by rs: invalid ASN in AS-PATH ... ok
+Live test, OpenBGPD 7.7, global scenario, IPv4: bad prefixes received by rs: invalid NEXT_HOP ... ok
+Live test, OpenBGPD 7.7, global scenario, IPv4: bad prefixes received by rs: left-most ASN ... ok
+Live test, OpenBGPD 7.7, global scenario, IPv4: bad prefixes received by rs: never via route servers ASN in AS-PATH (asns list) ... ok
+Live test, OpenBGPD 7.7, global scenario, IPv4: bad prefixes received by rs: never via route servers ASN in AS-PATH (PeeringDB) ... ok
+Live test, OpenBGPD 7.7, global scenario, IPv4: bad prefixes received by rs: origin not in AS-SET ... ok
+Live test, OpenBGPD 7.7, global scenario, IPv4: bad prefixes received by rs: prefix not in AS-SET ... ok
+Live test, OpenBGPD 7.7, global scenario, IPv4: bad prefixes received by rs: invalid prefix-len ... ok
+Live test, OpenBGPD 7.7, global scenario, IPv4: bad prefixes received by rs: transit-free ASN in AS-PATH ... ok
+Live test, OpenBGPD 7.7, global scenario, IPv4: bad prefixes received by rs: transit-free ASN in AS-PATH from a transit peer ... ok
+Live test, OpenBGPD 7.7, global scenario, IPv4: bad prefixes received by rs: unknown NEXT_HOP ... ok
+Live test, OpenBGPD 7.7, global scenario, IPv4: bad prefixes received by rs: RPKI ROAs as route objects failed ... ok
+Live test, OpenBGPD 7.7, global scenario, IPv4: bad prefixes received by rs: default route ... ok
+Live test, OpenBGPD 7.7, global scenario, IPv4: bad prefixes not received by clients ... ok
+Live test, OpenBGPD 7.7, global scenario, IPv4: bad prefixes received by rs: bogon (wrong tag) ... ok
+Live test, OpenBGPD 7.7, global scenario, IPv4: bad prefixes received by rs: global blacklist (wrong tag) ... ok
+Live test, OpenBGPD 7.7, global scenario, IPv4: RPKI, blackhole request for a covered prefix ... ok
+Live test, OpenBGPD 7.7, global scenario, IPv4: RPKI, invalid prefix (bad ASN) received by rs ... ok
+Live test, OpenBGPD 7.7, global scenario, IPv4: RPKI, invalid prefix (bad length) received by rs ... ok
+Live test, OpenBGPD 7.7, global scenario, IPv4: RPKI, invalid prefix (bad ASN) not propagated to clients ... ok
+Live test, OpenBGPD 7.7, global scenario, IPv4: RPKI, valid prefix received by rs ... ok
+Live test, OpenBGPD 7.7, global scenario, IPv4: RPKI, valid prefix propagated to clients ... ok
+Live test, OpenBGPD 7.7, global scenario, IPv4: prefixes from AS101 received by its upstreams ... ok
+Live test, OpenBGPD 7.7, global scenario, IPv4: prefixes from AS101 received by rs ... ok
+Live test, OpenBGPD 7.7, global scenario, IPv4: bad communities as seen by AS101 upstreams ... ok
+Live test, OpenBGPD 7.7, global scenario, IPv4: bad communities scrubbed by rs (lrg) ... ok
+Live test, OpenBGPD 7.7, global scenario, IPv4: bad communities scrubbed by rs (std) ... ok
+Live test, OpenBGPD 7.7, global scenario, IPv4: other communities not scrubbed by rs (lrg) ... ok
+Live test, OpenBGPD 7.7, global scenario, IPv4: other communities not scrubbed by rs (std) ... ok
+Live test, OpenBGPD 7.7, global scenario, IPv4: blackhole filtering requests as seen by rs (BLACKHOLE) ... ok
+Live test, OpenBGPD 7.7, global scenario, IPv4: blackhole filtering requests as seen by rs (lrg cust) ... ok
+Live test, OpenBGPD 7.7, global scenario, IPv4: blackhole filtering requests as seen by rs (std cust) ... ok
+Live test, OpenBGPD 7.7, global scenario, IPv4: blackholed prefixes as seen by enabled clients (BLACKHOLE) ... ok
+Live test, OpenBGPD 7.7, global scenario, IPv4: blackholed prefixes as seen by enabled clients (lrg_cust) ... ok
+Live test, OpenBGPD 7.7, global scenario, IPv4: blackholed prefixes as seen by enabled clients (std_cust) ... ok
+Live test, OpenBGPD 7.7, global scenario, IPv4: blackholed prefixes not seen by not enabled clients ... ok
+Live test, OpenBGPD 7.7, global scenario, IPv4: gshut by an enabled client ... ok
+Live test, OpenBGPD 7.7, global scenario, IPv4: gshut by a not enabled client ... ok
+Live test, OpenBGPD 7.7, global scenario, IPv4: control communities, announce to AS1 only ... ok
+Live test, OpenBGPD 7.7, global scenario, IPv4: control communities, don't announce to any ... ok
+Live test, OpenBGPD 7.7, global scenario, IPv4: control communities, announce to all except AS1 ... ok
+Live test, OpenBGPD 7.7, global scenario, IPv4: control communities, prepend once to any ... ok
+Live test, OpenBGPD 7.7, global scenario, IPv4: control communities, prepend twice to any ... ok
+Live test, OpenBGPD 7.7, global scenario, IPv4: control communities, prepend thrice to any ... ok
+Live test, OpenBGPD 7.7, global scenario, IPv4: control communities, prepend once to AS1 ... ok
+Live test, OpenBGPD 7.7, global scenario, IPv4: control communities, prepend twice to AS2 ... ok
+Live test, OpenBGPD 7.7, global scenario, IPv4: control communities, prepend thrice to AS1, once to others ... ok
+Live test, OpenBGPD 7.7, global scenario, IPv4: control communities, NO_EXPORT to AS1 ... ok
+Live test, OpenBGPD 7.7, global scenario, IPv4: control communities, NO_EXPORT to any ... ok
+Live test, OpenBGPD 7.7, global scenario, IPv4: control communities, RFC1997 NO_EXPORT ... ok
+Live test, OpenBGPD 7.7, global scenario, IPv4: control communities, RTT, blackhole, not peers > 20 ms ... ok
+Live test, OpenBGPD 7.7, global scenario, IPv4: control communities, RTT, not peers > 15 ms ... ok
+Live test, OpenBGPD 7.7, global scenario, IPv4: control communities, RTT, not peers > 5 ms ... ok
+Live test, OpenBGPD 7.7, global scenario, IPv4: control communities, RTT, not peers > 5 ms + AS3 ... ok
+Live test, OpenBGPD 7.7, global scenario, IPv4: control communities, RTT, not peers <= 5 and > 100 ms ... ok
+Live test, OpenBGPD 7.7, global scenario, IPv4: control communities, RTT, only peers <= 15 ms ... ok
+Live test, OpenBGPD 7.7, global scenario, IPv4: control communities, RTT, only peers <= 5 ms ... ok
+Live test, OpenBGPD 7.7, global scenario, IPv4: control communities, RTT, ext comms, prepend 1x > 10 ms, 2x > 20 ms ... ok
+Live test, OpenBGPD 7.7, global scenario, IPv4: control communities, RTT, prepend 3x > 100 ms, 2x > 10 ms ... ok
+Live test, OpenBGPD 7.7, global scenario, IPv4: control communities, RTT, prepend 3x <= 5 ms, 2x <= 20 ms, 1x any ... ok
+Live test, OpenBGPD 7.7, global scenario, IPv4: prefixes received by clients: AS1_1 ... ok
+Live test, OpenBGPD 7.7, global scenario, IPv4: prefixes received by clients: AS1_2 ... ok
+Live test, OpenBGPD 7.7, global scenario, IPv4: prefixes received by clients: AS2 ... ok
+Live test, OpenBGPD 7.7, global scenario, IPv4: prefixes received by clients: AS3 ... ok
+Live test, OpenBGPD 7.7, global scenario, IPv4: prefixes received by clients: AS3 (with ADD-PATH) ... ok
+Live test, OpenBGPD 7.7, global scenario, IPv4: reconfigure ... ok
+Live test, OpenBGPD 7.7, global scenario, IPv4: log contains errors ... ok
+Live test, OpenBGPD 7.7, global scenario, IPv4: dumping rs config...
+Live test, OpenBGPD 7.7, global scenario, IPv4: dumping routes...
+Live test, OpenBGPD 7.7, global scenario, IPv4: stopping instances...
+Live test, OpenBGPD 7.7, global scenario, IPv6: setting instances up...
+Live test, OpenBGPD 7.7, global scenario, IPv6: instances setup ... ok
+Live test, OpenBGPD 7.7, global scenario, IPv6: sessions are up ... ok
+Live test, OpenBGPD 7.7, global scenario, IPv6: session configured via local include files ... ok
+Live test, OpenBGPD 7.7, global scenario, IPv6: good prefixes because of use_arin_bulk_whois_data ... ok
+Live test, OpenBGPD 7.7, global scenario, IPv6: good prefixes received by rs: IRRdb white-list ... ok
+Live test, OpenBGPD 7.7, global scenario, IPv6: good prefixes because of use_registrobr_bulk_whois_data ... ok
+Live test, OpenBGPD 7.7, global scenario, IPv6: good prefixes because of use_rpki_roas_as_route_objects: exact ... ok
+Live test, OpenBGPD 7.7, global scenario, IPv6: good prefixes because of use_rpki_roas_as_route_objects: covering ... ok
+Live test, OpenBGPD 7.7, global scenario, IPv6: good prefixes received by rs ... ok
+Live test, OpenBGPD 7.7, global scenario, IPv6: good prefixes received by rs: non-client NEXT_HOP ... ok
+Live test, OpenBGPD 7.7, global scenario, IPv6: bad prefixes received by rs: not IPv6 global unicast space ... ok
+Live test, OpenBGPD 7.7, global scenario, IPv6: bad prefixes received by rs: IRRdb white-list ... ok
+Live test, OpenBGPD 7.7, global scenario, IPv6: bad prefixes received by rs: AS_SET origin, RFC6907 7.1.9 ... ok
+Live test, OpenBGPD 7.7, global scenario, IPv6: bad prefixes received by rs: IRR check for AS_SET origin, BIRD ... SKIP: BIRD specific
+Live test, OpenBGPD 7.7, global scenario, IPv6: bad prefixes received by rs: IRR check for AS_SET origin, OpenBGPD ... ok
+Live test, OpenBGPD 7.7, global scenario, IPv6: bad prefixes received by rs: AS_PATH len ... ok
+Live test, OpenBGPD 7.7, global scenario, IPv6: bad prefixes received by rs: bogon ... ok
+Live test, OpenBGPD 7.7, global scenario, IPv6: bad prefixes received by rs: client blacklist ... ok
+Live test, OpenBGPD 7.7, global scenario, IPv6: bad prefixes received by rs: global blacklist ... ok
+Live test, OpenBGPD 7.7, global scenario, IPv6: bad prefixes received by rs: invalid ASN in AS-PATH ... ok
+Live test, OpenBGPD 7.7, global scenario, IPv6: bad prefixes received by rs: invalid NEXT_HOP ... ok
+Live test, OpenBGPD 7.7, global scenario, IPv6: bad prefixes received by rs: left-most ASN ... ok
+Live test, OpenBGPD 7.7, global scenario, IPv6: bad prefixes received by rs: never via route servers ASN in AS-PATH (asns list) ... ok
+Live test, OpenBGPD 7.7, global scenario, IPv6: bad prefixes received by rs: never via route servers ASN in AS-PATH (PeeringDB) ... ok
+Live test, OpenBGPD 7.7, global scenario, IPv6: bad prefixes received by rs: origin not in AS-SET ... ok
+Live test, OpenBGPD 7.7, global scenario, IPv6: bad prefixes received by rs: prefix not in AS-SET ... ok
+Live test, OpenBGPD 7.7, global scenario, IPv6: bad prefixes received by rs: invalid prefix-len ... ok
+Live test, OpenBGPD 7.7, global scenario, IPv6: bad prefixes received by rs: transit-free ASN in AS-PATH ... ok
+Live test, OpenBGPD 7.7, global scenario, IPv6: bad prefixes received by rs: transit-free ASN in AS-PATH from a transit peer ... ok
+Live test, OpenBGPD 7.7, global scenario, IPv6: bad prefixes received by rs: unknown NEXT_HOP ... ok
+Live test, OpenBGPD 7.7, global scenario, IPv6: bad prefixes received by rs: RPKI ROAs as route objects failed ... ok
+Live test, OpenBGPD 7.7, global scenario, IPv6: bad prefixes received by rs: default route ... ok
+Live test, OpenBGPD 7.7, global scenario, IPv6: bad prefixes not received by clients ... ok
+Live test, OpenBGPD 7.7, global scenario, IPv6: bad prefixes received by rs: bogon (wrong tag) ... ok
+Live test, OpenBGPD 7.7, global scenario, IPv6: bad prefixes received by rs: global blacklist (wrong tag) ... ok
+Live test, OpenBGPD 7.7, global scenario, IPv6: RPKI, blackhole request for a covered prefix ... ok
+Live test, OpenBGPD 7.7, global scenario, IPv6: RPKI, invalid prefix (bad ASN) received by rs ... ok
+Live test, OpenBGPD 7.7, global scenario, IPv6: RPKI, invalid prefix (bad length) received by rs ... ok
+Live test, OpenBGPD 7.7, global scenario, IPv6: RPKI, invalid prefix (bad ASN) not propagated to clients ... ok
+Live test, OpenBGPD 7.7, global scenario, IPv6: RPKI, valid prefix received by rs ... ok
+Live test, OpenBGPD 7.7, global scenario, IPv6: RPKI, valid prefix propagated to clients ... ok
+Live test, OpenBGPD 7.7, global scenario, IPv6: prefixes from AS101 received by its upstreams ... ok
+Live test, OpenBGPD 7.7, global scenario, IPv6: prefixes from AS101 received by rs ... ok
+Live test, OpenBGPD 7.7, global scenario, IPv6: bad communities as seen by AS101 upstreams ... ok
+Live test, OpenBGPD 7.7, global scenario, IPv6: bad communities scrubbed by rs (lrg) ... ok
+Live test, OpenBGPD 7.7, global scenario, IPv6: bad communities scrubbed by rs (std) ... ok
+Live test, OpenBGPD 7.7, global scenario, IPv6: other communities not scrubbed by rs (lrg) ... ok
+Live test, OpenBGPD 7.7, global scenario, IPv6: other communities not scrubbed by rs (std) ... ok
+Live test, OpenBGPD 7.7, global scenario, IPv6: blackhole filtering requests as seen by rs (BLACKHOLE) ... ok
+Live test, OpenBGPD 7.7, global scenario, IPv6: blackhole filtering requests as seen by rs (lrg cust) ... ok
+Live test, OpenBGPD 7.7, global scenario, IPv6: blackhole filtering requests as seen by rs (std cust) ... ok
+Live test, OpenBGPD 7.7, global scenario, IPv6: blackholed prefixes as seen by enabled clients (BLACKHOLE) ... ok
+Live test, OpenBGPD 7.7, global scenario, IPv6: blackholed prefixes as seen by enabled clients (lrg_cust) ... ok
+Live test, OpenBGPD 7.7, global scenario, IPv6: blackholed prefixes as seen by enabled clients (std_cust) ... ok
+Live test, OpenBGPD 7.7, global scenario, IPv6: blackholed prefixes not seen by not enabled clients ... ok
+Live test, OpenBGPD 7.7, global scenario, IPv6: gshut by an enabled client ... ok
+Live test, OpenBGPD 7.7, global scenario, IPv6: gshut by a not enabled client ... ok
+Live test, OpenBGPD 7.7, global scenario, IPv6: control communities, announce to AS1 only ... ok
+Live test, OpenBGPD 7.7, global scenario, IPv6: control communities, don't announce to any ... ok
+Live test, OpenBGPD 7.7, global scenario, IPv6: control communities, announce to all except AS1 ... ok
+Live test, OpenBGPD 7.7, global scenario, IPv6: control communities, prepend once to any ... ok
+Live test, OpenBGPD 7.7, global scenario, IPv6: control communities, prepend twice to any ... ok
+Live test, OpenBGPD 7.7, global scenario, IPv6: control communities, prepend thrice to any ... ok
+Live test, OpenBGPD 7.7, global scenario, IPv6: control communities, prepend once to AS1 ... ok
+Live test, OpenBGPD 7.7, global scenario, IPv6: control communities, prepend twice to AS2 ... ok
+Live test, OpenBGPD 7.7, global scenario, IPv6: control communities, prepend thrice to AS1, once to others ... ok
+Live test, OpenBGPD 7.7, global scenario, IPv6: control communities, NO_EXPORT to AS1 ... ok
+Live test, OpenBGPD 7.7, global scenario, IPv6: control communities, NO_EXPORT to any ... ok
+Live test, OpenBGPD 7.7, global scenario, IPv6: control communities, RFC1997 NO_EXPORT ... ok
+Live test, OpenBGPD 7.7, global scenario, IPv6: control communities, RTT, blackhole, not peers > 20 ms ... ok
+Live test, OpenBGPD 7.7, global scenario, IPv6: control communities, RTT, not peers > 15 ms ... ok
+Live test, OpenBGPD 7.7, global scenario, IPv6: control communities, RTT, not peers > 5 ms ... ok
+Live test, OpenBGPD 7.7, global scenario, IPv6: control communities, RTT, not peers > 5 ms + AS3 ... ok
+Live test, OpenBGPD 7.7, global scenario, IPv6: control communities, RTT, not peers <= 5 and > 100 ms ... ok
+Live test, OpenBGPD 7.7, global scenario, IPv6: control communities, RTT, only peers <= 15 ms ... ok
+Live test, OpenBGPD 7.7, global scenario, IPv6: control communities, RTT, only peers <= 5 ms ... ok
+Live test, OpenBGPD 7.7, global scenario, IPv6: control communities, RTT, ext comms, prepend 1x > 10 ms, 2x > 20 ms ... ok
+Live test, OpenBGPD 7.7, global scenario, IPv6: control communities, RTT, prepend 3x > 100 ms, 2x > 10 ms ... ok
+Live test, OpenBGPD 7.7, global scenario, IPv6: control communities, RTT, prepend 3x <= 5 ms, 2x <= 20 ms, 1x any ... ok
+Live test, OpenBGPD 7.7, global scenario, IPv6: prefixes received by clients: AS1_1 ... ok
+Live test, OpenBGPD 7.7, global scenario, IPv6: prefixes received by clients: AS1_2 ... ok
+Live test, OpenBGPD 7.7, global scenario, IPv6: prefixes received by clients: AS2 ... ok
+Live test, OpenBGPD 7.7, global scenario, IPv6: prefixes received by clients: AS3 ... ok
+Live test, OpenBGPD 7.7, global scenario, IPv6: prefixes received by clients: AS3 (with ADD-PATH) ... ok
+Live test, OpenBGPD 7.7, global scenario, IPv6: reconfigure ... ok
+Live test, OpenBGPD 7.7, global scenario, IPv6: log contains errors ... ok
+Live test, OpenBGPD 7.7, global scenario, IPv6: dumping rs config...
+Live test, OpenBGPD 7.7, global scenario, IPv6: dumping routes...
+Live test, OpenBGPD 7.7, global scenario, IPv6: stopping instances...
+Live test, OpenBGPD 7.6, global scenario, IPv4: setting instances up...
+Live test, OpenBGPD 7.6, global scenario, IPv4: instances setup ... ok
+Live test, OpenBGPD 7.6, global scenario, IPv4: sessions are up ... ok
+Live test, OpenBGPD 7.6, global scenario, IPv4: session configured via local include files ... ok
+Live test, OpenBGPD 7.6, global scenario, IPv4: good prefixes because of use_arin_bulk_whois_data ... ok
+Live test, OpenBGPD 7.6, global scenario, IPv4: good prefixes received by rs: IRRdb white-list ... ok
+Live test, OpenBGPD 7.6, global scenario, IPv4: good prefixes because of use_registrobr_bulk_whois_data ... ok
+Live test, OpenBGPD 7.6, global scenario, IPv4: good prefixes because of use_rpki_roas_as_route_objects: exact ... ok
+Live test, OpenBGPD 7.6, global scenario, IPv4: good prefixes because of use_rpki_roas_as_route_objects: covering ... ok
+Live test, OpenBGPD 7.6, global scenario, IPv4: good prefixes received by rs ... ok
+Live test, OpenBGPD 7.6, global scenario, IPv4: good prefixes received by rs: non-client NEXT_HOP ... ok
+Live test, OpenBGPD 7.6, global scenario, IPv4: bad prefixes received by rs: not IPv6 global unicast space ... ok
+Live test, OpenBGPD 7.6, global scenario, IPv4: bad prefixes received by rs: IRRdb white-list ... ok
+Live test, OpenBGPD 7.6, global scenario, IPv4: bad prefixes received by rs: AS_SET origin, RFC6907 7.1.9 ... ok
+Live test, OpenBGPD 7.6, global scenario, IPv4: bad prefixes received by rs: IRR check for AS_SET origin, BIRD ... SKIP: BIRD specific
+Live test, OpenBGPD 7.6, global scenario, IPv4: bad prefixes received by rs: IRR check for AS_SET origin, OpenBGPD ... ok
+Live test, OpenBGPD 7.6, global scenario, IPv4: bad prefixes received by rs: AS_PATH len ... ok
+Live test, OpenBGPD 7.6, global scenario, IPv4: bad prefixes received by rs: bogon ... ok
+Live test, OpenBGPD 7.6, global scenario, IPv4: bad prefixes received by rs: client blacklist ... ok
+Live test, OpenBGPD 7.6, global scenario, IPv4: bad prefixes received by rs: global blacklist ... ok
+Live test, OpenBGPD 7.6, global scenario, IPv4: bad prefixes received by rs: invalid ASN in AS-PATH ... ok
+Live test, OpenBGPD 7.6, global scenario, IPv4: bad prefixes received by rs: invalid NEXT_HOP ... ok
+Live test, OpenBGPD 7.6, global scenario, IPv4: bad prefixes received by rs: left-most ASN ... ok
+Live test, OpenBGPD 7.6, global scenario, IPv4: bad prefixes received by rs: never via route servers ASN in AS-PATH (asns list) ... ok
+Live test, OpenBGPD 7.6, global scenario, IPv4: bad prefixes received by rs: never via route servers ASN in AS-PATH (PeeringDB) ... ok
+Live test, OpenBGPD 7.6, global scenario, IPv4: bad prefixes received by rs: origin not in AS-SET ... ok
+Live test, OpenBGPD 7.6, global scenario, IPv4: bad prefixes received by rs: prefix not in AS-SET ... ok
+Live test, OpenBGPD 7.6, global scenario, IPv4: bad prefixes received by rs: invalid prefix-len ... ok
+Live test, OpenBGPD 7.6, global scenario, IPv4: bad prefixes received by rs: transit-free ASN in AS-PATH ... ok
+Live test, OpenBGPD 7.6, global scenario, IPv4: bad prefixes received by rs: transit-free ASN in AS-PATH from a transit peer ... ok
+Live test, OpenBGPD 7.6, global scenario, IPv4: bad prefixes received by rs: unknown NEXT_HOP ... ok
+Live test, OpenBGPD 7.6, global scenario, IPv4: bad prefixes received by rs: RPKI ROAs as route objects failed ... ok
+Live test, OpenBGPD 7.6, global scenario, IPv4: bad prefixes received by rs: default route ... ok
+Live test, OpenBGPD 7.6, global scenario, IPv4: bad prefixes not received by clients ... ok
+Live test, OpenBGPD 7.6, global scenario, IPv4: bad prefixes received by rs: bogon (wrong tag) ... ok
+Live test, OpenBGPD 7.6, global scenario, IPv4: bad prefixes received by rs: global blacklist (wrong tag) ... ok
+Live test, OpenBGPD 7.6, global scenario, IPv4: RPKI, blackhole request for a covered prefix ... ok
+Live test, OpenBGPD 7.6, global scenario, IPv4: RPKI, invalid prefix (bad ASN) received by rs ... ok
+Live test, OpenBGPD 7.6, global scenario, IPv4: RPKI, invalid prefix (bad length) received by rs ... ok
+Live test, OpenBGPD 7.6, global scenario, IPv4: RPKI, invalid prefix (bad ASN) not propagated to clients ... ok
+Live test, OpenBGPD 7.6, global scenario, IPv4: RPKI, valid prefix received by rs ... ok
+Live test, OpenBGPD 7.6, global scenario, IPv4: RPKI, valid prefix propagated to clients ... ok
+Live test, OpenBGPD 7.6, global scenario, IPv4: prefixes from AS101 received by its upstreams ... ok
+Live test, OpenBGPD 7.6, global scenario, IPv4: prefixes from AS101 received by rs ... ok
+Live test, OpenBGPD 7.6, global scenario, IPv4: bad communities as seen by AS101 upstreams ... ok
+Live test, OpenBGPD 7.6, global scenario, IPv4: bad communities scrubbed by rs (lrg) ... ok
+Live test, OpenBGPD 7.6, global scenario, IPv4: bad communities scrubbed by rs (std) ... ok
+Live test, OpenBGPD 7.6, global scenario, IPv4: other communities not scrubbed by rs (lrg) ... ok
+Live test, OpenBGPD 7.6, global scenario, IPv4: other communities not scrubbed by rs (std) ... ok
+Live test, OpenBGPD 7.6, global scenario, IPv4: blackhole filtering requests as seen by rs (BLACKHOLE) ... ok
+Live test, OpenBGPD 7.6, global scenario, IPv4: blackhole filtering requests as seen by rs (lrg cust) ... ok
+Live test, OpenBGPD 7.6, global scenario, IPv4: blackhole filtering requests as seen by rs (std cust) ... ok
+Live test, OpenBGPD 7.6, global scenario, IPv4: blackholed prefixes as seen by enabled clients (BLACKHOLE) ... ok
+Live test, OpenBGPD 7.6, global scenario, IPv4: blackholed prefixes as seen by enabled clients (lrg_cust) ... ok
+Live test, OpenBGPD 7.6, global scenario, IPv4: blackholed prefixes as seen by enabled clients (std_cust) ... ok
+Live test, OpenBGPD 7.6, global scenario, IPv4: blackholed prefixes not seen by not enabled clients ... ok
+Live test, OpenBGPD 7.6, global scenario, IPv4: gshut by an enabled client ... ok
+Live test, OpenBGPD 7.6, global scenario, IPv4: gshut by a not enabled client ... ok
+Live test, OpenBGPD 7.6, global scenario, IPv4: control communities, announce to AS1 only ... ok
+Live test, OpenBGPD 7.6, global scenario, IPv4: control communities, don't announce to any ... ok
+Live test, OpenBGPD 7.6, global scenario, IPv4: control communities, announce to all except AS1 ... ok
+Live test, OpenBGPD 7.6, global scenario, IPv4: control communities, prepend once to any ... ok
+Live test, OpenBGPD 7.6, global scenario, IPv4: control communities, prepend twice to any ... ok
+Live test, OpenBGPD 7.6, global scenario, IPv4: control communities, prepend thrice to any ... ok
+Live test, OpenBGPD 7.6, global scenario, IPv4: control communities, prepend once to AS1 ... ok
+Live test, OpenBGPD 7.6, global scenario, IPv4: control communities, prepend twice to AS2 ... ok
+Live test, OpenBGPD 7.6, global scenario, IPv4: control communities, prepend thrice to AS1, once to others ... ok
+Live test, OpenBGPD 7.6, global scenario, IPv4: control communities, NO_EXPORT to AS1 ... ok
+Live test, OpenBGPD 7.6, global scenario, IPv4: control communities, NO_EXPORT to any ... ok
+Live test, OpenBGPD 7.6, global scenario, IPv4: control communities, RFC1997 NO_EXPORT ... ok
+Live test, OpenBGPD 7.6, global scenario, IPv4: control communities, RTT, blackhole, not peers > 20 ms ... ok
+Live test, OpenBGPD 7.6, global scenario, IPv4: control communities, RTT, not peers > 15 ms ... ok
+Live test, OpenBGPD 7.6, global scenario, IPv4: control communities, RTT, not peers > 5 ms ... ok
+Live test, OpenBGPD 7.6, global scenario, IPv4: control communities, RTT, not peers > 5 ms + AS3 ... ok
+Live test, OpenBGPD 7.6, global scenario, IPv4: control communities, RTT, not peers <= 5 and > 100 ms ... ok
+Live test, OpenBGPD 7.6, global scenario, IPv4: control communities, RTT, only peers <= 15 ms ... ok
+Live test, OpenBGPD 7.6, global scenario, IPv4: control communities, RTT, only peers <= 5 ms ... ok
+Live test, OpenBGPD 7.6, global scenario, IPv4: control communities, RTT, ext comms, prepend 1x > 10 ms, 2x > 20 ms ... ok
+Live test, OpenBGPD 7.6, global scenario, IPv4: control communities, RTT, prepend 3x > 100 ms, 2x > 10 ms ... ok
+Live test, OpenBGPD 7.6, global scenario, IPv4: control communities, RTT, prepend 3x <= 5 ms, 2x <= 20 ms, 1x any ... ok
+Live test, OpenBGPD 7.6, global scenario, IPv4: prefixes received by clients: AS1_1 ... ok
+Live test, OpenBGPD 7.6, global scenario, IPv4: prefixes received by clients: AS1_2 ... ok
+Live test, OpenBGPD 7.6, global scenario, IPv4: prefixes received by clients: AS2 ... ok
+Live test, OpenBGPD 7.6, global scenario, IPv4: prefixes received by clients: AS3 ... ok
+Live test, OpenBGPD 7.6, global scenario, IPv4: prefixes received by clients: AS3 (with ADD-PATH) ... ok
+Live test, OpenBGPD 7.6, global scenario, IPv4: reconfigure ... ok
+Live test, OpenBGPD 7.6, global scenario, IPv4: log contains errors ... ok
+Live test, OpenBGPD 7.6, global scenario, IPv4: dumping rs config...
+Live test, OpenBGPD 7.6, global scenario, IPv4: dumping routes...
+Live test, OpenBGPD 7.6, global scenario, IPv4: stopping instances...
+Live test, OpenBGPD 7.6, global scenario, IPv6: setting instances up...
+Live test, OpenBGPD 7.6, global scenario, IPv6: instances setup ... ok
+Live test, OpenBGPD 7.6, global scenario, IPv6: sessions are up ... ok
+Live test, OpenBGPD 7.6, global scenario, IPv6: session configured via local include files ... ok
+Live test, OpenBGPD 7.6, global scenario, IPv6: good prefixes because of use_arin_bulk_whois_data ... ok
+Live test, OpenBGPD 7.6, global scenario, IPv6: good prefixes received by rs: IRRdb white-list ... ok
+Live test, OpenBGPD 7.6, global scenario, IPv6: good prefixes because of use_registrobr_bulk_whois_data ... ok
+Live test, OpenBGPD 7.6, global scenario, IPv6: good prefixes because of use_rpki_roas_as_route_objects: exact ... ok
+Live test, OpenBGPD 7.6, global scenario, IPv6: good prefixes because of use_rpki_roas_as_route_objects: covering ... ok
+Live test, OpenBGPD 7.6, global scenario, IPv6: good prefixes received by rs ... ok
+Live test, OpenBGPD 7.6, global scenario, IPv6: good prefixes received by rs: non-client NEXT_HOP ... ok
+Live test, OpenBGPD 7.6, global scenario, IPv6: bad prefixes received by rs: not IPv6 global unicast space ... ok
+Live test, OpenBGPD 7.6, global scenario, IPv6: bad prefixes received by rs: IRRdb white-list ... ok
+Live test, OpenBGPD 7.6, global scenario, IPv6: bad prefixes received by rs: AS_SET origin, RFC6907 7.1.9 ... ok
+Live test, OpenBGPD 7.6, global scenario, IPv6: bad prefixes received by rs: IRR check for AS_SET origin, BIRD ... SKIP: BIRD specific
+Live test, OpenBGPD 7.6, global scenario, IPv6: bad prefixes received by rs: IRR check for AS_SET origin, OpenBGPD ... ok
+Live test, OpenBGPD 7.6, global scenario, IPv6: bad prefixes received by rs: AS_PATH len ... ok
+Live test, OpenBGPD 7.6, global scenario, IPv6: bad prefixes received by rs: bogon ... ok
+Live test, OpenBGPD 7.6, global scenario, IPv6: bad prefixes received by rs: client blacklist ... ok
+Live test, OpenBGPD 7.6, global scenario, IPv6: bad prefixes received by rs: global blacklist ... ok
+Live test, OpenBGPD 7.6, global scenario, IPv6: bad prefixes received by rs: invalid ASN in AS-PATH ... ok
+Live test, OpenBGPD 7.6, global scenario, IPv6: bad prefixes received by rs: invalid NEXT_HOP ... ok
+Live test, OpenBGPD 7.6, global scenario, IPv6: bad prefixes received by rs: left-most ASN ... ok
+Live test, OpenBGPD 7.6, global scenario, IPv6: bad prefixes received by rs: never via route servers ASN in AS-PATH (asns list) ... ok
+Live test, OpenBGPD 7.6, global scenario, IPv6: bad prefixes received by rs: never via route servers ASN in AS-PATH (PeeringDB) ... ok
+Live test, OpenBGPD 7.6, global scenario, IPv6: bad prefixes received by rs: origin not in AS-SET ... ok
+Live test, OpenBGPD 7.6, global scenario, IPv6: bad prefixes received by rs: prefix not in AS-SET ... ok
+Live test, OpenBGPD 7.6, global scenario, IPv6: bad prefixes received by rs: invalid prefix-len ... ok
+Live test, OpenBGPD 7.6, global scenario, IPv6: bad prefixes received by rs: transit-free ASN in AS-PATH ... ok
+Live test, OpenBGPD 7.6, global scenario, IPv6: bad prefixes received by rs: transit-free ASN in AS-PATH from a transit peer ... ok
+Live test, OpenBGPD 7.6, global scenario, IPv6: bad prefixes received by rs: unknown NEXT_HOP ... ok
+Live test, OpenBGPD 7.6, global scenario, IPv6: bad prefixes received by rs: RPKI ROAs as route objects failed ... ok
+Live test, OpenBGPD 7.6, global scenario, IPv6: bad prefixes received by rs: default route ... ok
+Live test, OpenBGPD 7.6, global scenario, IPv6: bad prefixes not received by clients ... ok
+Live test, OpenBGPD 7.6, global scenario, IPv6: bad prefixes received by rs: bogon (wrong tag) ... ok
+Live test, OpenBGPD 7.6, global scenario, IPv6: bad prefixes received by rs: global blacklist (wrong tag) ... ok
+Live test, OpenBGPD 7.6, global scenario, IPv6: RPKI, blackhole request for a covered prefix ... ok
+Live test, OpenBGPD 7.6, global scenario, IPv6: RPKI, invalid prefix (bad ASN) received by rs ... ok
+Live test, OpenBGPD 7.6, global scenario, IPv6: RPKI, invalid prefix (bad length) received by rs ... ok
+Live test, OpenBGPD 7.6, global scenario, IPv6: RPKI, invalid prefix (bad ASN) not propagated to clients ... ok
+Live test, OpenBGPD 7.6, global scenario, IPv6: RPKI, valid prefix received by rs ... ok
+Live test, OpenBGPD 7.6, global scenario, IPv6: RPKI, valid prefix propagated to clients ... ok
+Live test, OpenBGPD 7.6, global scenario, IPv6: prefixes from AS101 received by its upstreams ... ok
+Live test, OpenBGPD 7.6, global scenario, IPv6: prefixes from AS101 received by rs ... ok
+Live test, OpenBGPD 7.6, global scenario, IPv6: bad communities as seen by AS101 upstreams ... ok
+Live test, OpenBGPD 7.6, global scenario, IPv6: bad communities scrubbed by rs (lrg) ... ok
+Live test, OpenBGPD 7.6, global scenario, IPv6: bad communities scrubbed by rs (std) ... ok
+Live test, OpenBGPD 7.6, global scenario, IPv6: other communities not scrubbed by rs (lrg) ... ok
+Live test, OpenBGPD 7.6, global scenario, IPv6: other communities not scrubbed by rs (std) ... ok
+Live test, OpenBGPD 7.6, global scenario, IPv6: blackhole filtering requests as seen by rs (BLACKHOLE) ... ok
+Live test, OpenBGPD 7.6, global scenario, IPv6: blackhole filtering requests as seen by rs (lrg cust) ... ok
+Live test, OpenBGPD 7.6, global scenario, IPv6: blackhole filtering requests as seen by rs (std cust) ... ok
+Live test, OpenBGPD 7.6, global scenario, IPv6: blackholed prefixes as seen by enabled clients (BLACKHOLE) ... ok
+Live test, OpenBGPD 7.6, global scenario, IPv6: blackholed prefixes as seen by enabled clients (lrg_cust) ... ok
+Live test, OpenBGPD 7.6, global scenario, IPv6: blackholed prefixes as seen by enabled clients (std_cust) ... ok
+Live test, OpenBGPD 7.6, global scenario, IPv6: blackholed prefixes not seen by not enabled clients ... ok
+Live test, OpenBGPD 7.6, global scenario, IPv6: gshut by an enabled client ... ok
+Live test, OpenBGPD 7.6, global scenario, IPv6: gshut by a not enabled client ... ok
+Live test, OpenBGPD 7.6, global scenario, IPv6: control communities, announce to AS1 only ... ok
+Live test, OpenBGPD 7.6, global scenario, IPv6: control communities, don't announce to any ... ok
+Live test, OpenBGPD 7.6, global scenario, IPv6: control communities, announce to all except AS1 ... ok
+Live test, OpenBGPD 7.6, global scenario, IPv6: control communities, prepend once to any ... ok
+Live test, OpenBGPD 7.6, global scenario, IPv6: control communities, prepend twice to any ... ok
+Live test, OpenBGPD 7.6, global scenario, IPv6: control communities, prepend thrice to any ... ok
+Live test, OpenBGPD 7.6, global scenario, IPv6: control communities, prepend once to AS1 ... ok
+Live test, OpenBGPD 7.6, global scenario, IPv6: control communities, prepend twice to AS2 ... ok
+Live test, OpenBGPD 7.6, global scenario, IPv6: control communities, prepend thrice to AS1, once to others ... ok
+Live test, OpenBGPD 7.6, global scenario, IPv6: control communities, NO_EXPORT to AS1 ... ok
+Live test, OpenBGPD 7.6, global scenario, IPv6: control communities, NO_EXPORT to any ... ok
+Live test, OpenBGPD 7.6, global scenario, IPv6: control communities, RFC1997 NO_EXPORT ... ok
+Live test, OpenBGPD 7.6, global scenario, IPv6: control communities, RTT, blackhole, not peers > 20 ms ... ok
+Live test, OpenBGPD 7.6, global scenario, IPv6: control communities, RTT, not peers > 15 ms ... ok
+Live test, OpenBGPD 7.6, global scenario, IPv6: control communities, RTT, not peers > 5 ms ... ok
+Live test, OpenBGPD 7.6, global scenario, IPv6: control communities, RTT, not peers > 5 ms + AS3 ... ok
+Live test, OpenBGPD 7.6, global scenario, IPv6: control communities, RTT, not peers <= 5 and > 100 ms ... ok
+Live test, OpenBGPD 7.6, global scenario, IPv6: control communities, RTT, only peers <= 15 ms ... ok
+Live test, OpenBGPD 7.6, global scenario, IPv6: control communities, RTT, only peers <= 5 ms ... ok
+Live test, OpenBGPD 7.6, global scenario, IPv6: control communities, RTT, ext comms, prepend 1x > 10 ms, 2x > 20 ms ... ok
+Live test, OpenBGPD 7.6, global scenario, IPv6: control communities, RTT, prepend 3x > 100 ms, 2x > 10 ms ... ok
+Live test, OpenBGPD 7.6, global scenario, IPv6: control communities, RTT, prepend 3x <= 5 ms, 2x <= 20 ms, 1x any ... ok
+Live test, OpenBGPD 7.6, global scenario, IPv6: prefixes received by clients: AS1_1 ... ok
+Live test, OpenBGPD 7.6, global scenario, IPv6: prefixes received by clients: AS1_2 ... ok
+Live test, OpenBGPD 7.6, global scenario, IPv6: prefixes received by clients: AS2 ... ok
+Live test, OpenBGPD 7.6, global scenario, IPv6: prefixes received by clients: AS3 ... ok
+Live test, OpenBGPD 7.6, global scenario, IPv6: prefixes received by clients: AS3 (with ADD-PATH) ... ok
+Live test, OpenBGPD 7.6, global scenario, IPv6: reconfigure ... ok
+Live test, OpenBGPD 7.6, global scenario, IPv6: log contains errors ... ok
+Live test, OpenBGPD 7.6, global scenario, IPv6: dumping rs config...
+Live test, OpenBGPD 7.6, global scenario, IPv6: dumping routes...
+Live test, OpenBGPD 7.6, global scenario, IPv6: stopping instances...
 
 ----------------------------------------------------------------------
-Ran 344 tests in 329.423s
+Ran 344 tests in 372.628s
 
-OK (SKIP=6)
+OK (SKIP=4)
diff --git a/tests/last_results/live_gshut_bird1.last b/tests/last_results/live_gshut_bird1.last
index 4d0856d1..d2ede3e2 100644
--- a/tests/last_results/live_gshut_bird1.last
+++ b/tests/last_results/live_gshut_bird1.last
@@ -18,6 +18,6 @@ Live test, BIRD, gshut, IPv6: dumping routes...
 Live test, BIRD, gshut, IPv6: stopping instances...
 
 ----------------------------------------------------------------------
-Ran 10 tests in 44.425s
+Ran 10 tests in 49.582s
 
 OK
diff --git a/tests/last_results/live_gshut_bird2.last b/tests/last_results/live_gshut_bird2.last
index e433400f..0de78281 100644
--- a/tests/last_results/live_gshut_bird2.last
+++ b/tests/last_results/live_gshut_bird2.last
@@ -18,6 +18,6 @@ Live test, BIRD v2, gshut, IPv6: dumping routes...
 Live test, BIRD v2, gshut, IPv6: stopping instances...
 
 ----------------------------------------------------------------------
-Ran 10 tests in 44.138s
+Ran 10 tests in 50.348s
 
 OK
diff --git a/tests/last_results/live_gshut_openbgpd_portable.last b/tests/last_results/live_gshut_openbgpd_portable.last
index ec46baf6..5ad80810 100644
--- a/tests/last_results/live_gshut_openbgpd_portable.last
+++ b/tests/last_results/live_gshut_openbgpd_portable.last
@@ -1,23 +1,23 @@
-Live test, OpenBGPD 7.5, gshut, IPv4: setting instances up...
-Live test, OpenBGPD 7.5, gshut, IPv4: instances setup ... ok
-Live test, OpenBGPD 7.5, gshut, IPv4: sessions are up ... ok
-Live test, OpenBGPD 7.5, gshut, IPv4: clients receive routes tagged with GRACEFUL_SHUTDOWN ... ok
-Live test, OpenBGPD 7.5, gshut, IPv4: reconfigure ... ok
-Live test, OpenBGPD 7.5, gshut, IPv4: log contains errors ... ok
-Live test, OpenBGPD 7.5, gshut, IPv4: dumping rs config...
-Live test, OpenBGPD 7.5, gshut, IPv4: dumping routes...
-Live test, OpenBGPD 7.5, gshut, IPv4: stopping instances...
-Live test, OpenBGPD 7.5, gshut, IPv6: setting instances up...
-Live test, OpenBGPD 7.5, gshut, IPv6: instances setup ... ok
-Live test, OpenBGPD 7.5, gshut, IPv6: sessions are up ... ok
-Live test, OpenBGPD 7.5, gshut, IPv6: clients receive routes tagged with GRACEFUL_SHUTDOWN ... ok
-Live test, OpenBGPD 7.5, gshut, IPv6: reconfigure ... ok
-Live test, OpenBGPD 7.5, gshut, IPv6: log contains errors ... ok
-Live test, OpenBGPD 7.5, gshut, IPv6: dumping rs config...
-Live test, OpenBGPD 7.5, gshut, IPv6: dumping routes...
-Live test, OpenBGPD 7.5, gshut, IPv6: stopping instances...
+Live test, OpenBGPD 7.7, gshut, IPv4: setting instances up...
+Live test, OpenBGPD 7.7, gshut, IPv4: instances setup ... ok
+Live test, OpenBGPD 7.7, gshut, IPv4: sessions are up ... ok
+Live test, OpenBGPD 7.7, gshut, IPv4: clients receive routes tagged with GRACEFUL_SHUTDOWN ... ok
+Live test, OpenBGPD 7.7, gshut, IPv4: reconfigure ... ok
+Live test, OpenBGPD 7.7, gshut, IPv4: log contains errors ... ok
+Live test, OpenBGPD 7.7, gshut, IPv4: dumping rs config...
+Live test, OpenBGPD 7.7, gshut, IPv4: dumping routes...
+Live test, OpenBGPD 7.7, gshut, IPv4: stopping instances...
+Live test, OpenBGPD 7.7, gshut, IPv6: setting instances up...
+Live test, OpenBGPD 7.7, gshut, IPv6: instances setup ... ok
+Live test, OpenBGPD 7.7, gshut, IPv6: sessions are up ... ok
+Live test, OpenBGPD 7.7, gshut, IPv6: clients receive routes tagged with GRACEFUL_SHUTDOWN ... ok
+Live test, OpenBGPD 7.7, gshut, IPv6: reconfigure ... ok
+Live test, OpenBGPD 7.7, gshut, IPv6: log contains errors ... ok
+Live test, OpenBGPD 7.7, gshut, IPv6: dumping rs config...
+Live test, OpenBGPD 7.7, gshut, IPv6: dumping routes...
+Live test, OpenBGPD 7.7, gshut, IPv6: stopping instances...
 
 ----------------------------------------------------------------------
-Ran 10 tests in 49.272s
+Ran 10 tests in 53.914s
 
 OK
diff --git a/tests/last_results/live_max_prefix_bird1.last b/tests/last_results/live_max_prefix_bird1.last
index 4fdcc454..95b36e02 100644
--- a/tests/last_results/live_max_prefix_bird1.last
+++ b/tests/last_results/live_max_prefix_bird1.last
@@ -34,6 +34,6 @@ Live test, BIRD, max-prefix, IPv6: dumping routes...
 Live test, BIRD, max-prefix, IPv6: stopping instances...
 
 ----------------------------------------------------------------------
-Ran 26 tests in 165.497s
+Ran 26 tests in 172.653s
 
 OK
diff --git a/tests/last_results/live_max_prefix_bird2.last b/tests/last_results/live_max_prefix_bird2.last
index 2bee3272..5541eabc 100644
--- a/tests/last_results/live_max_prefix_bird2.last
+++ b/tests/last_results/live_max_prefix_bird2.last
@@ -34,6 +34,6 @@ Live test, BIRD v2, max-prefix, IPv6: dumping routes...
 Live test, BIRD v2, max-prefix, IPv6: stopping instances...
 
 ----------------------------------------------------------------------
-Ran 26 tests in 165.985s
+Ran 26 tests in 183.754s
 
 OK
diff --git a/tests/last_results/live_max_prefix_openbgpd_portable.last b/tests/last_results/live_max_prefix_openbgpd_portable.last
index 11f19c8f..fcae306f 100644
--- a/tests/last_results/live_max_prefix_openbgpd_portable.last
+++ b/tests/last_results/live_max_prefix_openbgpd_portable.last
@@ -1,23 +1,23 @@
-Live test, OpenBGPD 7.5, max-prefix, IPv4: setting instances up...
-Live test, OpenBGPD 7.5, max-prefix, IPv4: instances setup ... ok
-Live test, OpenBGPD 7.5, max-prefix, IPv4: sessions are down ... ok
-Live test, OpenBGPD 7.5, max-prefix, IPv4: clients log max-prefix notification ... ok
-Live test, OpenBGPD 7.5, max-prefix, IPv4: reconfigure ... ok
-Live test, OpenBGPD 7.5, max-prefix, IPv4: log contains errors ... ok
-Live test, OpenBGPD 7.5, max-prefix, IPv4: dumping rs config...
-Live test, OpenBGPD 7.5, max-prefix, IPv4: dumping routes...
-Live test, OpenBGPD 7.5, max-prefix, IPv4: stopping instances...
-Live test, OpenBGPD 7.5, max-prefix, IPv6: setting instances up...
-Live test, OpenBGPD 7.5, max-prefix, IPv6: instances setup ... ok
-Live test, OpenBGPD 7.5, max-prefix, IPv6: sessions are down ... ok
-Live test, OpenBGPD 7.5, max-prefix, IPv6: clients log max-prefix notification ... ok
-Live test, OpenBGPD 7.5, max-prefix, IPv6: reconfigure ... ok
-Live test, OpenBGPD 7.5, max-prefix, IPv6: log contains errors ... ok
-Live test, OpenBGPD 7.5, max-prefix, IPv6: dumping rs config...
-Live test, OpenBGPD 7.5, max-prefix, IPv6: dumping routes...
-Live test, OpenBGPD 7.5, max-prefix, IPv6: stopping instances...
+Live test, OpenBGPD 7.7, max-prefix, IPv4: setting instances up...
+Live test, OpenBGPD 7.7, max-prefix, IPv4: instances setup ... ok
+Live test, OpenBGPD 7.7, max-prefix, IPv4: sessions are down ... ok
+Live test, OpenBGPD 7.7, max-prefix, IPv4: clients log max-prefix notification ... ok
+Live test, OpenBGPD 7.7, max-prefix, IPv4: reconfigure ... ok
+Live test, OpenBGPD 7.7, max-prefix, IPv4: log contains errors ... ok
+Live test, OpenBGPD 7.7, max-prefix, IPv4: dumping rs config...
+Live test, OpenBGPD 7.7, max-prefix, IPv4: dumping routes...
+Live test, OpenBGPD 7.7, max-prefix, IPv4: stopping instances...
+Live test, OpenBGPD 7.7, max-prefix, IPv6: setting instances up...
+Live test, OpenBGPD 7.7, max-prefix, IPv6: instances setup ... ok
+Live test, OpenBGPD 7.7, max-prefix, IPv6: sessions are down ... ok
+Live test, OpenBGPD 7.7, max-prefix, IPv6: clients log max-prefix notification ... ok
+Live test, OpenBGPD 7.7, max-prefix, IPv6: reconfigure ... ok
+Live test, OpenBGPD 7.7, max-prefix, IPv6: log contains errors ... ok
+Live test, OpenBGPD 7.7, max-prefix, IPv6: dumping rs config...
+Live test, OpenBGPD 7.7, max-prefix, IPv6: dumping routes...
+Live test, OpenBGPD 7.7, max-prefix, IPv6: stopping instances...
 
 ----------------------------------------------------------------------
-Ran 10 tests in 358.497s
+Ran 10 tests in 393.754s
 
 OK
diff --git a/tests/last_results/live_path_hiding_bird1.last b/tests/last_results/live_path_hiding_bird1.last
index bb686c0f..009970f2 100644
--- a/tests/last_results/live_path_hiding_bird1.last
+++ b/tests/last_results/live_path_hiding_bird1.last
@@ -54,6 +54,6 @@ Live test, BIRD, path hiding, mitigation on, IPv6: dumping routes...
 Live test, BIRD, path hiding, mitigation on, IPv6: stopping instances...
 
 ----------------------------------------------------------------------
-Ran 38 tests in 174.239s
+Ran 38 tests in 176.240s
 
 OK (SKIP=2)
diff --git a/tests/last_results/live_path_hiding_bird2.last b/tests/last_results/live_path_hiding_bird2.last
index e0c3f0d4..2e50910c 100644
--- a/tests/last_results/live_path_hiding_bird2.last
+++ b/tests/last_results/live_path_hiding_bird2.last
@@ -54,6 +54,6 @@ Live test, BIRD v2, path hiding, mitigation on, IPv6: dumping routes...
 Live test, BIRD v2, path hiding, mitigation on, IPv6: stopping instances...
 
 ----------------------------------------------------------------------
-Ran 38 tests in 171.075s
+Ran 38 tests in 179.261s
 
 OK (SKIP=2)
diff --git a/tests/last_results/live_path_hiding_openbgpd_portable.last b/tests/last_results/live_path_hiding_openbgpd_portable.last
index c42ef11b..8cd13c0b 100644
--- a/tests/last_results/live_path_hiding_openbgpd_portable.last
+++ b/tests/last_results/live_path_hiding_openbgpd_portable.last
@@ -1,59 +1,59 @@
-Live test, OpenBGPD 7.5, path hiding, mitigation off, IPv4: setting instances up...
-Live test, OpenBGPD 7.5, path hiding, mitigation off, IPv4: instances setup ... ok
-Live test, OpenBGPD 7.5, path hiding, mitigation off, IPv4: sessions are up ... ok
-Live test, OpenBGPD 7.5, path hiding, mitigation off, IPv4: rs should receive prefix from both AS1 and AS2 ... ok
-Live test, OpenBGPD 7.5, path hiding, mitigation off, IPv4: rs should have best toward AS1 ... ok
-Live test, OpenBGPD 7.5, path hiding, mitigation off, IPv4: AS1 wants rs to not announce to AS3 and AS4 ... ok
-Live test, OpenBGPD 7.5, path hiding, mitigation off, IPv4: AS3 does not receive prefix at all ... ok
-Live test, OpenBGPD 7.5, path hiding, mitigation off, IPv4: AS4 receives the prefix via AS2 because of ADD-PATH ... ok
-Live test, OpenBGPD 7.5, path hiding, mitigation off, IPv4: reconfigure ... ok
-Live test, OpenBGPD 7.5, path hiding, mitigation off, IPv4: log contains errors ... ok
-Live test, OpenBGPD 7.5, path hiding, mitigation off, IPv4: dumping rs config...
-Live test, OpenBGPD 7.5, path hiding, mitigation off, IPv4: dumping routes...
-Live test, OpenBGPD 7.5, path hiding, mitigation off, IPv4: stopping instances...
-Live test, OpenBGPD 7.5, path hiding, mitigation on, IPv4: setting instances up...
-Live test, OpenBGPD 7.5, path hiding, mitigation on, IPv4: instances setup ... ok
-Live test, OpenBGPD 7.5, path hiding, mitigation on, IPv4: sessions are up ... ok
-Live test, OpenBGPD 7.5, path hiding, mitigation on, IPv4: rs should receive prefix from both AS1 and AS2 ... ok
-Live test, OpenBGPD 7.5, path hiding, mitigation on, IPv4: rs should have best toward AS1 ... ok
-Live test, OpenBGPD 7.5, path hiding, mitigation on, IPv4: AS1 wants rs to not announce to AS3 and AS4 ... ok
-Live test, OpenBGPD 7.5, path hiding, mitigation on, IPv4: AS3 and AS4 receive prefix with sub-optimal path via AS2 ... ok
-Live test, OpenBGPD 7.5, path hiding, mitigation on, IPv4: AS3 and AS4 don't receive prefix via AS1 ... ok
-Live test, OpenBGPD 7.5, path hiding, mitigation on, IPv4: 2nd best is withdrawn and AS3 should not see it anymore ... ok
-Live test, OpenBGPD 7.5, path hiding, mitigation on, IPv4: reconfigure ... ok
-Live test, OpenBGPD 7.5, path hiding, mitigation on, IPv4: log contains errors ... ok
-Live test, OpenBGPD 7.5, path hiding, mitigation on, IPv4: dumping rs config...
-Live test, OpenBGPD 7.5, path hiding, mitigation on, IPv4: dumping routes...
-Live test, OpenBGPD 7.5, path hiding, mitigation on, IPv4: stopping instances...
-Live test, OpenBGPD 7.5, path hiding, mitigation off, IPv6: setting instances up...
-Live test, OpenBGPD 7.5, path hiding, mitigation off, IPv6: instances setup ... ok
-Live test, OpenBGPD 7.5, path hiding, mitigation off, IPv6: sessions are up ... ok
-Live test, OpenBGPD 7.5, path hiding, mitigation off, IPv6: rs should receive prefix from both AS1 and AS2 ... ok
-Live test, OpenBGPD 7.5, path hiding, mitigation off, IPv6: rs should have best toward AS1 ... ok
-Live test, OpenBGPD 7.5, path hiding, mitigation off, IPv6: AS1 wants rs to not announce to AS3 and AS4 ... ok
-Live test, OpenBGPD 7.5, path hiding, mitigation off, IPv6: AS3 does not receive prefix at all ... ok
-Live test, OpenBGPD 7.5, path hiding, mitigation off, IPv6: AS4 receives the prefix via AS2 because of ADD-PATH ... ok
-Live test, OpenBGPD 7.5, path hiding, mitigation off, IPv6: reconfigure ... ok
-Live test, OpenBGPD 7.5, path hiding, mitigation off, IPv6: log contains errors ... ok
-Live test, OpenBGPD 7.5, path hiding, mitigation off, IPv6: dumping rs config...
-Live test, OpenBGPD 7.5, path hiding, mitigation off, IPv6: dumping routes...
-Live test, OpenBGPD 7.5, path hiding, mitigation off, IPv6: stopping instances...
-Live test, OpenBGPD 7.5, path hiding, mitigation on, IPv6: setting instances up...
-Live test, OpenBGPD 7.5, path hiding, mitigation on, IPv6: instances setup ... ok
-Live test, OpenBGPD 7.5, path hiding, mitigation on, IPv6: sessions are up ... ok
-Live test, OpenBGPD 7.5, path hiding, mitigation on, IPv6: rs should receive prefix from both AS1 and AS2 ... ok
-Live test, OpenBGPD 7.5, path hiding, mitigation on, IPv6: rs should have best toward AS1 ... ok
-Live test, OpenBGPD 7.5, path hiding, mitigation on, IPv6: AS1 wants rs to not announce to AS3 and AS4 ... ok
-Live test, OpenBGPD 7.5, path hiding, mitigation on, IPv6: AS3 and AS4 receive prefix with sub-optimal path via AS2 ... ok
-Live test, OpenBGPD 7.5, path hiding, mitigation on, IPv6: AS3 and AS4 don't receive prefix via AS1 ... ok
-Live test, OpenBGPD 7.5, path hiding, mitigation on, IPv6: 2nd best is withdrawn and AS3 should not see it anymore ... ok
-Live test, OpenBGPD 7.5, path hiding, mitigation on, IPv6: reconfigure ... ok
-Live test, OpenBGPD 7.5, path hiding, mitigation on, IPv6: log contains errors ... ok
-Live test, OpenBGPD 7.5, path hiding, mitigation on, IPv6: dumping rs config...
-Live test, OpenBGPD 7.5, path hiding, mitigation on, IPv6: dumping routes...
-Live test, OpenBGPD 7.5, path hiding, mitigation on, IPv6: stopping instances...
+Live test, OpenBGPD 7.7, path hiding, mitigation off, IPv4: setting instances up...
+Live test, OpenBGPD 7.7, path hiding, mitigation off, IPv4: instances setup ... ok
+Live test, OpenBGPD 7.7, path hiding, mitigation off, IPv4: sessions are up ... ok
+Live test, OpenBGPD 7.7, path hiding, mitigation off, IPv4: rs should receive prefix from both AS1 and AS2 ... ok
+Live test, OpenBGPD 7.7, path hiding, mitigation off, IPv4: rs should have best toward AS1 ... ok
+Live test, OpenBGPD 7.7, path hiding, mitigation off, IPv4: AS1 wants rs to not announce to AS3 and AS4 ... ok
+Live test, OpenBGPD 7.7, path hiding, mitigation off, IPv4: AS3 does not receive prefix at all ... ok
+Live test, OpenBGPD 7.7, path hiding, mitigation off, IPv4: AS4 receives the prefix via AS2 because of ADD-PATH ... ok
+Live test, OpenBGPD 7.7, path hiding, mitigation off, IPv4: reconfigure ... ok
+Live test, OpenBGPD 7.7, path hiding, mitigation off, IPv4: log contains errors ... ok
+Live test, OpenBGPD 7.7, path hiding, mitigation off, IPv4: dumping rs config...
+Live test, OpenBGPD 7.7, path hiding, mitigation off, IPv4: dumping routes...
+Live test, OpenBGPD 7.7, path hiding, mitigation off, IPv4: stopping instances...
+Live test, OpenBGPD 7.7, path hiding, mitigation on, IPv4: setting instances up...
+Live test, OpenBGPD 7.7, path hiding, mitigation on, IPv4: instances setup ... ok
+Live test, OpenBGPD 7.7, path hiding, mitigation on, IPv4: sessions are up ... ok
+Live test, OpenBGPD 7.7, path hiding, mitigation on, IPv4: rs should receive prefix from both AS1 and AS2 ... ok
+Live test, OpenBGPD 7.7, path hiding, mitigation on, IPv4: rs should have best toward AS1 ... ok
+Live test, OpenBGPD 7.7, path hiding, mitigation on, IPv4: AS1 wants rs to not announce to AS3 and AS4 ... ok
+Live test, OpenBGPD 7.7, path hiding, mitigation on, IPv4: AS3 and AS4 receive prefix with sub-optimal path via AS2 ... ok
+Live test, OpenBGPD 7.7, path hiding, mitigation on, IPv4: AS3 and AS4 don't receive prefix via AS1 ... ok
+Live test, OpenBGPD 7.7, path hiding, mitigation on, IPv4: 2nd best is withdrawn and AS3 should not see it anymore ... ok
+Live test, OpenBGPD 7.7, path hiding, mitigation on, IPv4: reconfigure ... ok
+Live test, OpenBGPD 7.7, path hiding, mitigation on, IPv4: log contains errors ... ok
+Live test, OpenBGPD 7.7, path hiding, mitigation on, IPv4: dumping rs config...
+Live test, OpenBGPD 7.7, path hiding, mitigation on, IPv4: dumping routes...
+Live test, OpenBGPD 7.7, path hiding, mitigation on, IPv4: stopping instances...
+Live test, OpenBGPD 7.7, path hiding, mitigation off, IPv6: setting instances up...
+Live test, OpenBGPD 7.7, path hiding, mitigation off, IPv6: instances setup ... ok
+Live test, OpenBGPD 7.7, path hiding, mitigation off, IPv6: sessions are up ... ok
+Live test, OpenBGPD 7.7, path hiding, mitigation off, IPv6: rs should receive prefix from both AS1 and AS2 ... ok
+Live test, OpenBGPD 7.7, path hiding, mitigation off, IPv6: rs should have best toward AS1 ... ok
+Live test, OpenBGPD 7.7, path hiding, mitigation off, IPv6: AS1 wants rs to not announce to AS3 and AS4 ... ok
+Live test, OpenBGPD 7.7, path hiding, mitigation off, IPv6: AS3 does not receive prefix at all ... ok
+Live test, OpenBGPD 7.7, path hiding, mitigation off, IPv6: AS4 receives the prefix via AS2 because of ADD-PATH ... ok
+Live test, OpenBGPD 7.7, path hiding, mitigation off, IPv6: reconfigure ... ok
+Live test, OpenBGPD 7.7, path hiding, mitigation off, IPv6: log contains errors ... ok
+Live test, OpenBGPD 7.7, path hiding, mitigation off, IPv6: dumping rs config...
+Live test, OpenBGPD 7.7, path hiding, mitigation off, IPv6: dumping routes...
+Live test, OpenBGPD 7.7, path hiding, mitigation off, IPv6: stopping instances...
+Live test, OpenBGPD 7.7, path hiding, mitigation on, IPv6: setting instances up...
+Live test, OpenBGPD 7.7, path hiding, mitigation on, IPv6: instances setup ... ok
+Live test, OpenBGPD 7.7, path hiding, mitigation on, IPv6: sessions are up ... ok
+Live test, OpenBGPD 7.7, path hiding, mitigation on, IPv6: rs should receive prefix from both AS1 and AS2 ... ok
+Live test, OpenBGPD 7.7, path hiding, mitigation on, IPv6: rs should have best toward AS1 ... ok
+Live test, OpenBGPD 7.7, path hiding, mitigation on, IPv6: AS1 wants rs to not announce to AS3 and AS4 ... ok
+Live test, OpenBGPD 7.7, path hiding, mitigation on, IPv6: AS3 and AS4 receive prefix with sub-optimal path via AS2 ... ok
+Live test, OpenBGPD 7.7, path hiding, mitigation on, IPv6: AS3 and AS4 don't receive prefix via AS1 ... ok
+Live test, OpenBGPD 7.7, path hiding, mitigation on, IPv6: 2nd best is withdrawn and AS3 should not see it anymore ... ok
+Live test, OpenBGPD 7.7, path hiding, mitigation on, IPv6: reconfigure ... ok
+Live test, OpenBGPD 7.7, path hiding, mitigation on, IPv6: log contains errors ... ok
+Live test, OpenBGPD 7.7, path hiding, mitigation on, IPv6: dumping rs config...
+Live test, OpenBGPD 7.7, path hiding, mitigation on, IPv6: dumping routes...
+Live test, OpenBGPD 7.7, path hiding, mitigation on, IPv6: stopping instances...
 
 ----------------------------------------------------------------------
-Ran 38 tests in 192.492s
+Ran 38 tests in 197.166s
 
 OK
diff --git a/tests/last_results/live_rich_example_bird1.last b/tests/last_results/live_rich_example_bird1.last
index 66db6cbc..eeed77e8 100644
--- a/tests/last_results/live_rich_example_bird1.last
+++ b/tests/last_results/live_rich_example_bird1.last
@@ -12,6 +12,6 @@ Live test, BIRD, examples, rich config, IPv6: dumping routes...
 Live test, BIRD, examples, rich config, IPv6: stopping instances...
 
 ----------------------------------------------------------------------
-Ran 4 tests in 26.304s
+Ran 4 tests in 20.184s
 
 OK
diff --git a/tests/last_results/live_rich_example_bird2.last b/tests/last_results/live_rich_example_bird2.last
index fceac3e1..90101dec 100644
--- a/tests/last_results/live_rich_example_bird2.last
+++ b/tests/last_results/live_rich_example_bird2.last
@@ -12,6 +12,6 @@ Live test, BIRD v2, examples, rich config, IPv6: dumping routes...
 Live test, BIRD v2, examples, rich config, IPv6: stopping instances...
 
 ----------------------------------------------------------------------
-Ran 4 tests in 24.751s
+Ran 4 tests in 19.984s
 
 OK
diff --git a/tests/last_results/live_rich_example_openbgpd_portable.last b/tests/last_results/live_rich_example_openbgpd_portable.last
index 3be63f53..9ad9d857 100644
--- a/tests/last_results/live_rich_example_openbgpd_portable.last
+++ b/tests/last_results/live_rich_example_openbgpd_portable.last
@@ -1,17 +1,17 @@
-Live test, OpenBGPD 7.5, examples, rich config, IPv4: setting instances up...
-Live test, OpenBGPD 7.5, examples, rich config, IPv4: instances setup ... ok
-Live test, OpenBGPD 7.5, examples, rich config, IPv4: log contains errors ... ok
-Live test, OpenBGPD 7.5, examples, rich config, IPv4: dumping rs config...
-Live test, OpenBGPD 7.5, examples, rich config, IPv4: dumping routes...
-Live test, OpenBGPD 7.5, examples, rich config, IPv4: stopping instances...
-Live test, OpenBGPD 7.5, examples, rich config, IPv6: setting instances up...
-Live test, OpenBGPD 7.5, examples, rich config, IPv6: instances setup ... ok
-Live test, OpenBGPD 7.5, examples, rich config, IPv6: log contains errors ... ok
-Live test, OpenBGPD 7.5, examples, rich config, IPv6: dumping rs config...
-Live test, OpenBGPD 7.5, examples, rich config, IPv6: dumping routes...
-Live test, OpenBGPD 7.5, examples, rich config, IPv6: stopping instances...
+Live test, OpenBGPD 7.7, examples, rich config, IPv4: setting instances up...
+Live test, OpenBGPD 7.7, examples, rich config, IPv4: instances setup ... ok
+Live test, OpenBGPD 7.7, examples, rich config, IPv4: log contains errors ... ok
+Live test, OpenBGPD 7.7, examples, rich config, IPv4: dumping rs config...
+Live test, OpenBGPD 7.7, examples, rich config, IPv4: dumping routes...
+Live test, OpenBGPD 7.7, examples, rich config, IPv4: stopping instances...
+Live test, OpenBGPD 7.7, examples, rich config, IPv6: setting instances up...
+Live test, OpenBGPD 7.7, examples, rich config, IPv6: instances setup ... ok
+Live test, OpenBGPD 7.7, examples, rich config, IPv6: log contains errors ... ok
+Live test, OpenBGPD 7.7, examples, rich config, IPv6: dumping rs config...
+Live test, OpenBGPD 7.7, examples, rich config, IPv6: dumping routes...
+Live test, OpenBGPD 7.7, examples, rich config, IPv6: stopping instances...
 
 ----------------------------------------------------------------------
-Ran 4 tests in 22.056s
+Ran 4 tests in 17.642s
 
 OK
diff --git a/tests/last_results/live_rpki_bird1.last b/tests/last_results/live_rpki_bird1.last
index 8db2f85d..81a5dd89 100644
--- a/tests/last_results/live_rpki_bird1.last
+++ b/tests/last_results/live_rpki_bird1.last
@@ -36,6 +36,6 @@ Live test, BIRD, RPKI INVALID tagging, IPv6: dumping routes...
 Live test, BIRD, RPKI INVALID tagging, IPv6: stopping instances...
 
 ----------------------------------------------------------------------
-Ran 28 tests in 83.631s
+Ran 28 tests in 79.876s
 
 OK
diff --git a/tests/last_results/live_rpki_bird2.last b/tests/last_results/live_rpki_bird2.last
index 3c8412f7..743627e9 100644
--- a/tests/last_results/live_rpki_bird2.last
+++ b/tests/last_results/live_rpki_bird2.last
@@ -36,6 +36,6 @@ Live test, BIRD v2, RPKI INVALID tagging, IPv6: dumping routes...
 Live test, BIRD v2, RPKI INVALID tagging, IPv6: stopping instances...
 
 ----------------------------------------------------------------------
-Ran 28 tests in 77.980s
+Ran 28 tests in 79.172s
 
 OK
diff --git a/tests/last_results/live_rpki_bov_comms_bird1.last b/tests/last_results/live_rpki_bov_comms_bird1.last
index 23f41a98..24017b5f 100644
--- a/tests/last_results/live_rpki_bov_comms_bird1.last
+++ b/tests/last_results/live_rpki_bov_comms_bird1.last
@@ -20,6 +20,6 @@ Live test, BIRD, BOV custom comms, IPv6: dumping routes...
 Live test, BIRD, BOV custom comms, IPv6: stopping instances...
 
 ----------------------------------------------------------------------
-Ran 12 tests in 46.496s
+Ran 12 tests in 45.674s
 
 OK
diff --git a/tests/last_results/live_rpki_bov_comms_bird2.last b/tests/last_results/live_rpki_bov_comms_bird2.last
index 416b061f..b048f02f 100644
--- a/tests/last_results/live_rpki_bov_comms_bird2.last
+++ b/tests/last_results/live_rpki_bov_comms_bird2.last
@@ -20,6 +20,6 @@ Live test, BIRD v2, BOV custom comms, IPv6: dumping routes...
 Live test, BIRD v2, BOV custom comms, IPv6: stopping instances...
 
 ----------------------------------------------------------------------
-Ran 12 tests in 44.362s
+Ran 12 tests in 45.535s
 
 OK
diff --git a/tests/last_results/live_rpki_rtr_example_bird2.last b/tests/last_results/live_rpki_rtr_example_bird2.last
index 5ea22317..b26b86e1 100644
--- a/tests/last_results/live_rpki_rtr_example_bird2.last
+++ b/tests/last_results/live_rpki_rtr_example_bird2.last
@@ -12,6 +12,6 @@ Live test, BIRD v2, RTR protocol: dumping routes...
 Live test, BIRD v2, RTR protocol: stopping instances...
 
 ----------------------------------------------------------------------
-Ran 8 tests in 40.609s
+Ran 8 tests in 41.031s
 
 OK
diff --git a/tests/last_results/live_rpki_rtr_example_openbgpd_portable.last b/tests/last_results/live_rpki_rtr_example_openbgpd_portable.last
index 0e7bab0e..be0a1200 100644
--- a/tests/last_results/live_rpki_rtr_example_openbgpd_portable.last
+++ b/tests/last_results/live_rpki_rtr_example_openbgpd_portable.last
@@ -1,17 +1,17 @@
-Live test, OpenBGPD 7.5, RTR protocol: setting instances up...
-Live test, OpenBGPD 7.5, RTR protocol: instances setup ... ok
-Live test, OpenBGPD 7.5, RTR protocol: sessions are up ... ok
-Live test, OpenBGPD 7.5, RTR protocol: route accepted because validator not running ... ok
-Live test, OpenBGPD 7.5, RTR protocol: spin up the validator ... ok
-Live test, OpenBGPD 7.5, RTR protocol: restart OpenBGPD to speed up RTR session establishment ... ok
-Live test, OpenBGPD 7.5, RTR protocol: check the RTR session is up ... ok
-Live test, OpenBGPD 7.5, RTR protocol: route dropped after spinning the validator up ... ok
-Live test, OpenBGPD 7.5, RTR protocol: log contains errors ... ok
-Live test, OpenBGPD 7.5, RTR protocol: dumping rs config...
-Live test, OpenBGPD 7.5, RTR protocol: dumping routes...
-Live test, OpenBGPD 7.5, RTR protocol: stopping instances...
+Live test, OpenBGPD 7.7, RTR protocol: setting instances up...
+Live test, OpenBGPD 7.7, RTR protocol: instances setup ... ok
+Live test, OpenBGPD 7.7, RTR protocol: sessions are up ... ok
+Live test, OpenBGPD 7.7, RTR protocol: route accepted because validator not running ... ok
+Live test, OpenBGPD 7.7, RTR protocol: spin up the validator ... ok
+Live test, OpenBGPD 7.7, RTR protocol: restart OpenBGPD to speed up RTR session establishment ... ok
+Live test, OpenBGPD 7.7, RTR protocol: check the RTR session is up ... ok
+Live test, OpenBGPD 7.7, RTR protocol: route dropped after spinning the validator up ... ok
+Live test, OpenBGPD 7.7, RTR protocol: log contains errors ... ok
+Live test, OpenBGPD 7.7, RTR protocol: dumping rs config...
+Live test, OpenBGPD 7.7, RTR protocol: dumping routes...
+Live test, OpenBGPD 7.7, RTR protocol: stopping instances...
 
 ----------------------------------------------------------------------
-Ran 8 tests in 43.032s
+Ran 8 tests in 44.083s
 
 OK
diff --git a/tests/last_results/live_tag_as_set_bird1.last b/tests/last_results/live_tag_as_set_bird1.last
index 66ee0cd2..6e6f3bff 100644
--- a/tests/last_results/live_tag_as_set_bird1.last
+++ b/tests/last_results/live_tag_as_set_bird1.last
@@ -182,6 +182,6 @@ Live test, BIRD, tag prefix/origin empty AS-SET, IPv6: dumping routes...
 Live test, BIRD, tag prefix/origin empty AS-SET, IPv6: stopping instances...
 
 ----------------------------------------------------------------------
-Ran 166 tests in 168.950s
+Ran 166 tests in 172.100s
 
 OK
diff --git a/tests/last_results/live_tag_as_set_bird2.last b/tests/last_results/live_tag_as_set_bird2.last
index 5681139a..eeae0d18 100644
--- a/tests/last_results/live_tag_as_set_bird2.last
+++ b/tests/last_results/live_tag_as_set_bird2.last
@@ -182,6 +182,6 @@ Live test, BIRD v2, tag prefix/origin empty AS-SET, IPv6: dumping routes...
 Live test, BIRD v2, tag prefix/origin empty AS-SET, IPv6: stopping instances...
 
 ----------------------------------------------------------------------
-Ran 166 tests in 163.047s
+Ran 166 tests in 181.076s
 
 OK
diff --git a/tests/last_results/live_tag_as_set_openbgpd_portable.last b/tests/last_results/live_tag_as_set_openbgpd_portable.last
index 9957c020..10552536 100644
--- a/tests/last_results/live_tag_as_set_openbgpd_portable.last
+++ b/tests/last_results/live_tag_as_set_openbgpd_portable.last
@@ -1,187 +1,187 @@
-Live test, OpenBGPD 7.5, tag prefix/origin in AS-SET, IPv4: setting instances up...
-Live test, OpenBGPD 7.5, tag prefix/origin in AS-SET, IPv4: instances setup ... ok
-Live test, OpenBGPD 7.5, tag prefix/origin in AS-SET, IPv4: sessions are up ... ok
-Live test, OpenBGPD 7.5, tag prefix/origin in AS-SET, IPv4: AS2 prefix ko origin ko ... ok
-Live test, OpenBGPD 7.5, tag prefix/origin in AS-SET, IPv4: AS2 prefix ko origin ok ... ok
-Live test, OpenBGPD 7.5, tag prefix/origin in AS-SET, IPv4: AS2 prefix ok origin ko ... ok
-Live test, OpenBGPD 7.5, tag prefix/origin in AS-SET, IPv4: AS2 prefix ok origin ok ... ok
-Live test, OpenBGPD 7.5, tag prefix/origin in AS-SET, IPv4: AS4 route filtered (origin ko) ... ok
-Live test, OpenBGPD 7.5, tag prefix/origin in AS-SET, IPv4: AS4 prefix ko origin ok ... ok
-Live test, OpenBGPD 7.5, tag prefix/origin in AS-SET, IPv4: AS4 prefix ok origin ok ... ok
-Live test, OpenBGPD 7.5, tag prefix/origin in AS-SET, IPv4: AS4 route filtered (prefix ko, origin ko) ... ok
-Live test, OpenBGPD 7.5, tag prefix/origin in AS-SET, IPv4: AS5 route filtered (prefix ko, origin ko) ... ok
-Live test, OpenBGPD 7.5, tag prefix/origin in AS-SET, IPv4: AS5 route filtered (prefix ko) ... ok
-Live test, OpenBGPD 7.5, tag prefix/origin in AS-SET, IPv4: AS5 prefix ok origin ko ... ok
-Live test, OpenBGPD 7.5, tag prefix/origin in AS-SET, IPv4: AS5 prefix ok origin ok ... ok
-Live test, OpenBGPD 7.5, tag prefix/origin in AS-SET, IPv4: AS2 white list, prefix ko, origin WL ... ok
-Live test, OpenBGPD 7.5, tag prefix/origin in AS-SET, IPv4: AS2 white list, prefix ok, origin WL ... ok
-Live test, OpenBGPD 7.5, tag prefix/origin in AS-SET, IPv4: AS2 white list, prefix WL, origin ko ... ok
-Live test, OpenBGPD 7.5, tag prefix/origin in AS-SET, IPv4: AS2 white list, prefix WL, origin ok ... ok
-Live test, OpenBGPD 7.5, tag prefix/origin in AS-SET, IPv4: AS2 white list, prefix WL, origin WL ... ok
-Live test, OpenBGPD 7.5, tag prefix/origin in AS-SET, IPv4: AS4 route white list, ok (exact) ... ok
-Live test, OpenBGPD 7.5, tag prefix/origin in AS-SET, IPv4: AS4 route white list, reject (more spec) ... ok
-Live test, OpenBGPD 7.5, tag prefix/origin in AS-SET, IPv4: AS4 route white list, ok (more spec) ... ok
-Live test, OpenBGPD 7.5, tag prefix/origin in AS-SET, IPv4: AS4 route white list, reject (origin KO) ... ok
-Live test, OpenBGPD 7.5, tag prefix/origin in AS-SET, IPv4: AS4 route white list, ok (origin any) ... ok
-Live test, OpenBGPD 7.5, tag prefix/origin in AS-SET, IPv4: AS4 white list, prefix ko, origin WL ... ok
-Live test, OpenBGPD 7.5, tag prefix/origin in AS-SET, IPv4: AS4 white list, prefix ok, origin WL ... ok
-Live test, OpenBGPD 7.5, tag prefix/origin in AS-SET, IPv4: AS4 white list, prefix WL, origin ko ... ok
-Live test, OpenBGPD 7.5, tag prefix/origin in AS-SET, IPv4: AS4 white list, prefix WL, origin ok ... ok
-Live test, OpenBGPD 7.5, tag prefix/origin in AS-SET, IPv4: AS4 white list, prefix WL, origin WL ... ok
-Live test, OpenBGPD 7.5, tag prefix/origin in AS-SET, IPv4: AS5 white list, prefix ko, origin WL ... ok
-Live test, OpenBGPD 7.5, tag prefix/origin in AS-SET, IPv4: AS5 white list, prefix ok, origin WL ... ok
-Live test, OpenBGPD 7.5, tag prefix/origin in AS-SET, IPv4: AS5 white list, prefix WL, origin ko ... ok
-Live test, OpenBGPD 7.5, tag prefix/origin in AS-SET, IPv4: AS5 white list, prefix WL, origin ok ... ok
-Live test, OpenBGPD 7.5, tag prefix/origin in AS-SET, IPv4: AS5 white list, prefix WL, origin WL ... ok
-Live test, OpenBGPD 7.5, tag prefix/origin in AS-SET, IPv4: AS2 RPKI ROAs as route objects: tag only (w/ prefix_validated_via_rpki_roas) ... ok
-Live test, OpenBGPD 7.5, tag prefix/origin in AS-SET, IPv4: AS6 RPKI ROAs as route objects: invalid origin ASN ... ok
-Live test, OpenBGPD 7.5, tag prefix/origin in AS-SET, IPv4: AS6 RPKI ROAs as route objects: ok ... ok
-Live test, OpenBGPD 7.5, tag prefix/origin in AS-SET, IPv4: AS2 ARIN Whois DB: tag only (w/ prefix_validated_via_arin_whois_db_dump) ... ok
-Live test, OpenBGPD 7.5, tag prefix/origin in AS-SET, IPv4: AS6 ARIN Whois DB: ok ... ok
-Live test, OpenBGPD 7.5, tag prefix/origin in AS-SET, IPv4: AS2 prefix ok, origin ok, ARIN: tag only (w/ prefix_validated_via_arin_whois_db_dump) ... ok
-Live test, OpenBGPD 7.5, tag prefix/origin in AS-SET, IPv4: AS2 prefix ok, origin ok, ROA: tag only (w/ prefix_validated_via_rpki_roas) ... ok
-Live test, OpenBGPD 7.5, tag prefix/origin in AS-SET, IPv4: AS2 ROA + ARIN Whois DB: tag only (w/ comms [arin_whois_db_dump, rpki_roas]) ... ok
-Live test, OpenBGPD 7.5, tag prefix/origin in AS-SET, IPv4: AS6 prefix ok, origin ok, ROA + ARIN: enforce (w/ comms [arin_whois_db_dump, rpki_roas]) ... ok
-Live test, OpenBGPD 7.5, tag prefix/origin in AS-SET, IPv4: AS6 ROA + ARIN Whois DB: enforce (w/ comms [arin_whois_db_dump, rpki_roas]) ... ok
-Live test, OpenBGPD 7.5, tag prefix/origin in AS-SET, IPv4: reconfigure ... ok
-Live test, OpenBGPD 7.5, tag prefix/origin in AS-SET, IPv4: log contains errors ... ok
-Live test, OpenBGPD 7.5, tag prefix/origin in AS-SET, IPv4: dumping rs config...
-Live test, OpenBGPD 7.5, tag prefix/origin in AS-SET, IPv4: dumping routes...
-Live test, OpenBGPD 7.5, tag prefix/origin in AS-SET, IPv4: stopping instances...
-Live test, OpenBGPD 7.5, tag prefix/origin empty AS-SET, IPv4: setting instances up...
-Live test, OpenBGPD 7.5, tag prefix/origin empty AS-SET, IPv4: instances setup ... ok
-Live test, OpenBGPD 7.5, tag prefix/origin empty AS-SET, IPv4: sessions are up ... ok
-Live test, OpenBGPD 7.5, tag prefix/origin empty AS-SET, IPv4: AS2 no enforcement, prefix and origin not in AS-SET ... ok
-Live test, OpenBGPD 7.5, tag prefix/origin empty AS-SET, IPv4: AS4 origin enforcement ... ok
-Live test, OpenBGPD 7.5, tag prefix/origin empty AS-SET, IPv4: AS4 prefix enforcement ... ok
-Live test, OpenBGPD 7.5, tag prefix/origin empty AS-SET, IPv4: AS2 white list, prefix ko, origin WL ... ok
-Live test, OpenBGPD 7.5, tag prefix/origin empty AS-SET, IPv4: AS2 white list, prefix ok, origin WL ... ok
-Live test, OpenBGPD 7.5, tag prefix/origin empty AS-SET, IPv4: AS2 white list, prefix WL, origin ko ... ok
-Live test, OpenBGPD 7.5, tag prefix/origin empty AS-SET, IPv4: AS2 white list, prefix WL, origin ok ... ok
-Live test, OpenBGPD 7.5, tag prefix/origin empty AS-SET, IPv4: AS2 white list, prefix WL, origin WL ... ok
-Live test, OpenBGPD 7.5, tag prefix/origin empty AS-SET, IPv4: AS4 route white list, ok (exact) ... ok
-Live test, OpenBGPD 7.5, tag prefix/origin empty AS-SET, IPv4: AS4 route white list, reject (more spec) ... ok
-Live test, OpenBGPD 7.5, tag prefix/origin empty AS-SET, IPv4: AS4 route white list, ok (more spec) ... ok
-Live test, OpenBGPD 7.5, tag prefix/origin empty AS-SET, IPv4: AS4 route white list, reject (origin KO) ... ok
-Live test, OpenBGPD 7.5, tag prefix/origin empty AS-SET, IPv4: AS4 route white list, ok (origin any) ... ok
-Live test, OpenBGPD 7.5, tag prefix/origin empty AS-SET, IPv4: AS4 white list, prefix ko, origin WL ... ok
-Live test, OpenBGPD 7.5, tag prefix/origin empty AS-SET, IPv4: AS4 white list, prefix ok, origin WL ... ok
-Live test, OpenBGPD 7.5, tag prefix/origin empty AS-SET, IPv4: AS4 white list, prefix WL, origin ko ... ok
-Live test, OpenBGPD 7.5, tag prefix/origin empty AS-SET, IPv4: AS4 white list, prefix WL, origin ok ... ok
-Live test, OpenBGPD 7.5, tag prefix/origin empty AS-SET, IPv4: AS4 white list, prefix WL, origin WL ... ok
-Live test, OpenBGPD 7.5, tag prefix/origin empty AS-SET, IPv4: AS5 white list, prefix ko, origin WL ... ok
-Live test, OpenBGPD 7.5, tag prefix/origin empty AS-SET, IPv4: AS5 white list, prefix ok, origin WL ... ok
-Live test, OpenBGPD 7.5, tag prefix/origin empty AS-SET, IPv4: AS5 white list, prefix WL, origin ko ... ok
-Live test, OpenBGPD 7.5, tag prefix/origin empty AS-SET, IPv4: AS5 white list, prefix WL, origin ok ... ok
-Live test, OpenBGPD 7.5, tag prefix/origin empty AS-SET, IPv4: AS5 white list, prefix WL, origin WL ... ok
-Live test, OpenBGPD 7.5, tag prefix/origin empty AS-SET, IPv4: AS2 RPKI ROAs as route objects: tag only (w/o prefix_validated_via_rpki_roas) ... ok
-Live test, OpenBGPD 7.5, tag prefix/origin empty AS-SET, IPv4: AS6 RPKI ROAs as route objects: invalid origin ASN ... ok
-Live test, OpenBGPD 7.5, tag prefix/origin empty AS-SET, IPv4: AS6 RPKI ROAs as route objects: ko ... ok
-Live test, OpenBGPD 7.5, tag prefix/origin empty AS-SET, IPv4: AS2 ARIN Whois DB: tag only (w/o prefix_validated_via_arin_whois_db_dump) ... ok
-Live test, OpenBGPD 7.5, tag prefix/origin empty AS-SET, IPv4: AS6 ARIN Whois DB: ok (solely because of route white list) ... ok
-Live test, OpenBGPD 7.5, tag prefix/origin empty AS-SET, IPv4: AS2 prefix ok, origin ok, ARIN: tag only (w/o prefix_validated_via_arin_whois_db_dump) ... ok
-Live test, OpenBGPD 7.5, tag prefix/origin empty AS-SET, IPv4: AS2 prefix ok, origin ok, ROA: tag only (w/o prefix_validated_via_rpki_roas) ... ok
-Live test, OpenBGPD 7.5, tag prefix/origin empty AS-SET, IPv4: AS2 ROA + ARIN Whois DB: tag only (w/o comms [arin_whois_db_dump, rpki_roas]) ... ok
-Live test, OpenBGPD 7.5, tag prefix/origin empty AS-SET, IPv4: AS6 prefix ok, origin ok, ROA + ARIN: rejected ... ok
-Live test, OpenBGPD 7.5, tag prefix/origin empty AS-SET, IPv4: AS6 ROA + ARIN Whois DB: enforced (rejected) ... ok
-Live test, OpenBGPD 7.5, tag prefix/origin empty AS-SET, IPv4: reconfigure ... ok
-Live test, OpenBGPD 7.5, tag prefix/origin empty AS-SET, IPv4: log contains errors ... ok
-Live test, OpenBGPD 7.5, tag prefix/origin empty AS-SET, IPv4: dumping rs config...
-Live test, OpenBGPD 7.5, tag prefix/origin empty AS-SET, IPv4: dumping routes...
-Live test, OpenBGPD 7.5, tag prefix/origin empty AS-SET, IPv4: stopping instances...
-Live test, OpenBGPD 7.5, tag prefix/origin in AS-SET, IPv6: setting instances up...
-Live test, OpenBGPD 7.5, tag prefix/origin in AS-SET, IPv6: instances setup ... ok
-Live test, OpenBGPD 7.5, tag prefix/origin in AS-SET, IPv6: sessions are up ... ok
-Live test, OpenBGPD 7.5, tag prefix/origin in AS-SET, IPv6: AS2 prefix ko origin ko ... ok
-Live test, OpenBGPD 7.5, tag prefix/origin in AS-SET, IPv6: AS2 prefix ko origin ok ... ok
-Live test, OpenBGPD 7.5, tag prefix/origin in AS-SET, IPv6: AS2 prefix ok origin ko ... ok
-Live test, OpenBGPD 7.5, tag prefix/origin in AS-SET, IPv6: AS2 prefix ok origin ok ... ok
-Live test, OpenBGPD 7.5, tag prefix/origin in AS-SET, IPv6: AS4 route filtered (origin ko) ... ok
-Live test, OpenBGPD 7.5, tag prefix/origin in AS-SET, IPv6: AS4 prefix ko origin ok ... ok
-Live test, OpenBGPD 7.5, tag prefix/origin in AS-SET, IPv6: AS4 prefix ok origin ok ... ok
-Live test, OpenBGPD 7.5, tag prefix/origin in AS-SET, IPv6: AS4 route filtered (prefix ko, origin ko) ... ok
-Live test, OpenBGPD 7.5, tag prefix/origin in AS-SET, IPv6: AS5 route filtered (prefix ko, origin ko) ... ok
-Live test, OpenBGPD 7.5, tag prefix/origin in AS-SET, IPv6: AS5 route filtered (prefix ko) ... ok
-Live test, OpenBGPD 7.5, tag prefix/origin in AS-SET, IPv6: AS5 prefix ok origin ko ... ok
-Live test, OpenBGPD 7.5, tag prefix/origin in AS-SET, IPv6: AS5 prefix ok origin ok ... ok
-Live test, OpenBGPD 7.5, tag prefix/origin in AS-SET, IPv6: AS2 white list, prefix ko, origin WL ... ok
-Live test, OpenBGPD 7.5, tag prefix/origin in AS-SET, IPv6: AS2 white list, prefix ok, origin WL ... ok
-Live test, OpenBGPD 7.5, tag prefix/origin in AS-SET, IPv6: AS2 white list, prefix WL, origin ko ... ok
-Live test, OpenBGPD 7.5, tag prefix/origin in AS-SET, IPv6: AS2 white list, prefix WL, origin ok ... ok
-Live test, OpenBGPD 7.5, tag prefix/origin in AS-SET, IPv6: AS2 white list, prefix WL, origin WL ... ok
-Live test, OpenBGPD 7.5, tag prefix/origin in AS-SET, IPv6: AS4 route white list, ok (exact) ... ok
-Live test, OpenBGPD 7.5, tag prefix/origin in AS-SET, IPv6: AS4 route white list, reject (more spec) ... ok
-Live test, OpenBGPD 7.5, tag prefix/origin in AS-SET, IPv6: AS4 route white list, ok (more spec) ... ok
-Live test, OpenBGPD 7.5, tag prefix/origin in AS-SET, IPv6: AS4 route white list, reject (origin KO) ... ok
-Live test, OpenBGPD 7.5, tag prefix/origin in AS-SET, IPv6: AS4 route white list, ok (origin any) ... ok
-Live test, OpenBGPD 7.5, tag prefix/origin in AS-SET, IPv6: AS4 white list, prefix ko, origin WL ... ok
-Live test, OpenBGPD 7.5, tag prefix/origin in AS-SET, IPv6: AS4 white list, prefix ok, origin WL ... ok
-Live test, OpenBGPD 7.5, tag prefix/origin in AS-SET, IPv6: AS4 white list, prefix WL, origin ko ... ok
-Live test, OpenBGPD 7.5, tag prefix/origin in AS-SET, IPv6: AS4 white list, prefix WL, origin ok ... ok
-Live test, OpenBGPD 7.5, tag prefix/origin in AS-SET, IPv6: AS4 white list, prefix WL, origin WL ... ok
-Live test, OpenBGPD 7.5, tag prefix/origin in AS-SET, IPv6: AS5 white list, prefix ko, origin WL ... ok
-Live test, OpenBGPD 7.5, tag prefix/origin in AS-SET, IPv6: AS5 white list, prefix ok, origin WL ... ok
-Live test, OpenBGPD 7.5, tag prefix/origin in AS-SET, IPv6: AS5 white list, prefix WL, origin ko ... ok
-Live test, OpenBGPD 7.5, tag prefix/origin in AS-SET, IPv6: AS5 white list, prefix WL, origin ok ... ok
-Live test, OpenBGPD 7.5, tag prefix/origin in AS-SET, IPv6: AS5 white list, prefix WL, origin WL ... ok
-Live test, OpenBGPD 7.5, tag prefix/origin in AS-SET, IPv6: AS2 RPKI ROAs as route objects: tag only (w/ prefix_validated_via_rpki_roas) ... ok
-Live test, OpenBGPD 7.5, tag prefix/origin in AS-SET, IPv6: AS6 RPKI ROAs as route objects: invalid origin ASN ... ok
-Live test, OpenBGPD 7.5, tag prefix/origin in AS-SET, IPv6: AS6 RPKI ROAs as route objects: ok ... ok
-Live test, OpenBGPD 7.5, tag prefix/origin in AS-SET, IPv6: AS2 ARIN Whois DB: tag only (w/ prefix_validated_via_arin_whois_db_dump) ... ok
-Live test, OpenBGPD 7.5, tag prefix/origin in AS-SET, IPv6: AS6 ARIN Whois DB: ok ... ok
-Live test, OpenBGPD 7.5, tag prefix/origin in AS-SET, IPv6: AS2 prefix ok, origin ok, ARIN: tag only (w/ prefix_validated_via_arin_whois_db_dump) ... ok
-Live test, OpenBGPD 7.5, tag prefix/origin in AS-SET, IPv6: AS2 prefix ok, origin ok, ROA: tag only (w/ prefix_validated_via_rpki_roas) ... ok
-Live test, OpenBGPD 7.5, tag prefix/origin in AS-SET, IPv6: AS2 ROA + ARIN Whois DB: tag only (w/ comms [arin_whois_db_dump, rpki_roas]) ... ok
-Live test, OpenBGPD 7.5, tag prefix/origin in AS-SET, IPv6: AS6 prefix ok, origin ok, ROA + ARIN: enforce (w/ comms [arin_whois_db_dump, rpki_roas]) ... ok
-Live test, OpenBGPD 7.5, tag prefix/origin in AS-SET, IPv6: AS6 ROA + ARIN Whois DB: enforce (w/ comms [arin_whois_db_dump, rpki_roas]) ... ok
-Live test, OpenBGPD 7.5, tag prefix/origin in AS-SET, IPv6: reconfigure ... ok
-Live test, OpenBGPD 7.5, tag prefix/origin in AS-SET, IPv6: log contains errors ... ok
-Live test, OpenBGPD 7.5, tag prefix/origin in AS-SET, IPv6: dumping rs config...
-Live test, OpenBGPD 7.5, tag prefix/origin in AS-SET, IPv6: dumping routes...
-Live test, OpenBGPD 7.5, tag prefix/origin in AS-SET, IPv6: stopping instances...
-Live test, OpenBGPD 7.5, tag prefix/origin empty AS-SET, IPv6: setting instances up...
-Live test, OpenBGPD 7.5, tag prefix/origin empty AS-SET, IPv6: instances setup ... ok
-Live test, OpenBGPD 7.5, tag prefix/origin empty AS-SET, IPv6: sessions are up ... ok
-Live test, OpenBGPD 7.5, tag prefix/origin empty AS-SET, IPv6: AS2 no enforcement, prefix and origin not in AS-SET ... ok
-Live test, OpenBGPD 7.5, tag prefix/origin empty AS-SET, IPv6: AS4 origin enforcement ... ok
-Live test, OpenBGPD 7.5, tag prefix/origin empty AS-SET, IPv6: AS4 prefix enforcement ... ok
-Live test, OpenBGPD 7.5, tag prefix/origin empty AS-SET, IPv6: AS2 white list, prefix ko, origin WL ... ok
-Live test, OpenBGPD 7.5, tag prefix/origin empty AS-SET, IPv6: AS2 white list, prefix ok, origin WL ... ok
-Live test, OpenBGPD 7.5, tag prefix/origin empty AS-SET, IPv6: AS2 white list, prefix WL, origin ko ... ok
-Live test, OpenBGPD 7.5, tag prefix/origin empty AS-SET, IPv6: AS2 white list, prefix WL, origin ok ... ok
-Live test, OpenBGPD 7.5, tag prefix/origin empty AS-SET, IPv6: AS2 white list, prefix WL, origin WL ... ok
-Live test, OpenBGPD 7.5, tag prefix/origin empty AS-SET, IPv6: AS4 route white list, ok (exact) ... ok
-Live test, OpenBGPD 7.5, tag prefix/origin empty AS-SET, IPv6: AS4 route white list, reject (more spec) ... ok
-Live test, OpenBGPD 7.5, tag prefix/origin empty AS-SET, IPv6: AS4 route white list, ok (more spec) ... ok
-Live test, OpenBGPD 7.5, tag prefix/origin empty AS-SET, IPv6: AS4 route white list, reject (origin KO) ... ok
-Live test, OpenBGPD 7.5, tag prefix/origin empty AS-SET, IPv6: AS4 route white list, ok (origin any) ... ok
-Live test, OpenBGPD 7.5, tag prefix/origin empty AS-SET, IPv6: AS4 white list, prefix ko, origin WL ... ok
-Live test, OpenBGPD 7.5, tag prefix/origin empty AS-SET, IPv6: AS4 white list, prefix ok, origin WL ... ok
-Live test, OpenBGPD 7.5, tag prefix/origin empty AS-SET, IPv6: AS4 white list, prefix WL, origin ko ... ok
-Live test, OpenBGPD 7.5, tag prefix/origin empty AS-SET, IPv6: AS4 white list, prefix WL, origin ok ... ok
-Live test, OpenBGPD 7.5, tag prefix/origin empty AS-SET, IPv6: AS4 white list, prefix WL, origin WL ... ok
-Live test, OpenBGPD 7.5, tag prefix/origin empty AS-SET, IPv6: AS5 white list, prefix ko, origin WL ... ok
-Live test, OpenBGPD 7.5, tag prefix/origin empty AS-SET, IPv6: AS5 white list, prefix ok, origin WL ... ok
-Live test, OpenBGPD 7.5, tag prefix/origin empty AS-SET, IPv6: AS5 white list, prefix WL, origin ko ... ok
-Live test, OpenBGPD 7.5, tag prefix/origin empty AS-SET, IPv6: AS5 white list, prefix WL, origin ok ... ok
-Live test, OpenBGPD 7.5, tag prefix/origin empty AS-SET, IPv6: AS5 white list, prefix WL, origin WL ... ok
-Live test, OpenBGPD 7.5, tag prefix/origin empty AS-SET, IPv6: AS2 RPKI ROAs as route objects: tag only (w/o prefix_validated_via_rpki_roas) ... ok
-Live test, OpenBGPD 7.5, tag prefix/origin empty AS-SET, IPv6: AS6 RPKI ROAs as route objects: invalid origin ASN ... ok
-Live test, OpenBGPD 7.5, tag prefix/origin empty AS-SET, IPv6: AS6 RPKI ROAs as route objects: ko ... ok
-Live test, OpenBGPD 7.5, tag prefix/origin empty AS-SET, IPv6: AS2 ARIN Whois DB: tag only (w/o prefix_validated_via_arin_whois_db_dump) ... ok
-Live test, OpenBGPD 7.5, tag prefix/origin empty AS-SET, IPv6: AS6 ARIN Whois DB: ok (solely because of route white list) ... ok
-Live test, OpenBGPD 7.5, tag prefix/origin empty AS-SET, IPv6: AS2 prefix ok, origin ok, ARIN: tag only (w/o prefix_validated_via_arin_whois_db_dump) ... ok
-Live test, OpenBGPD 7.5, tag prefix/origin empty AS-SET, IPv6: AS2 prefix ok, origin ok, ROA: tag only (w/o prefix_validated_via_rpki_roas) ... ok
-Live test, OpenBGPD 7.5, tag prefix/origin empty AS-SET, IPv6: AS2 ROA + ARIN Whois DB: tag only (w/o comms [arin_whois_db_dump, rpki_roas]) ... ok
-Live test, OpenBGPD 7.5, tag prefix/origin empty AS-SET, IPv6: AS6 prefix ok, origin ok, ROA + ARIN: rejected ... ok
-Live test, OpenBGPD 7.5, tag prefix/origin empty AS-SET, IPv6: AS6 ROA + ARIN Whois DB: enforced (rejected) ... ok
-Live test, OpenBGPD 7.5, tag prefix/origin empty AS-SET, IPv6: reconfigure ... ok
-Live test, OpenBGPD 7.5, tag prefix/origin empty AS-SET, IPv6: log contains errors ... ok
-Live test, OpenBGPD 7.5, tag prefix/origin empty AS-SET, IPv6: dumping rs config...
-Live test, OpenBGPD 7.5, tag prefix/origin empty AS-SET, IPv6: dumping routes...
-Live test, OpenBGPD 7.5, tag prefix/origin empty AS-SET, IPv6: stopping instances...
+Live test, OpenBGPD 7.7, tag prefix/origin in AS-SET, IPv4: setting instances up...
+Live test, OpenBGPD 7.7, tag prefix/origin in AS-SET, IPv4: instances setup ... ok
+Live test, OpenBGPD 7.7, tag prefix/origin in AS-SET, IPv4: sessions are up ... ok
+Live test, OpenBGPD 7.7, tag prefix/origin in AS-SET, IPv4: AS2 prefix ko origin ko ... ok
+Live test, OpenBGPD 7.7, tag prefix/origin in AS-SET, IPv4: AS2 prefix ko origin ok ... ok
+Live test, OpenBGPD 7.7, tag prefix/origin in AS-SET, IPv4: AS2 prefix ok origin ko ... ok
+Live test, OpenBGPD 7.7, tag prefix/origin in AS-SET, IPv4: AS2 prefix ok origin ok ... ok
+Live test, OpenBGPD 7.7, tag prefix/origin in AS-SET, IPv4: AS4 route filtered (origin ko) ... ok
+Live test, OpenBGPD 7.7, tag prefix/origin in AS-SET, IPv4: AS4 prefix ko origin ok ... ok
+Live test, OpenBGPD 7.7, tag prefix/origin in AS-SET, IPv4: AS4 prefix ok origin ok ... ok
+Live test, OpenBGPD 7.7, tag prefix/origin in AS-SET, IPv4: AS4 route filtered (prefix ko, origin ko) ... ok
+Live test, OpenBGPD 7.7, tag prefix/origin in AS-SET, IPv4: AS5 route filtered (prefix ko, origin ko) ... ok
+Live test, OpenBGPD 7.7, tag prefix/origin in AS-SET, IPv4: AS5 route filtered (prefix ko) ... ok
+Live test, OpenBGPD 7.7, tag prefix/origin in AS-SET, IPv4: AS5 prefix ok origin ko ... ok
+Live test, OpenBGPD 7.7, tag prefix/origin in AS-SET, IPv4: AS5 prefix ok origin ok ... ok
+Live test, OpenBGPD 7.7, tag prefix/origin in AS-SET, IPv4: AS2 white list, prefix ko, origin WL ... ok
+Live test, OpenBGPD 7.7, tag prefix/origin in AS-SET, IPv4: AS2 white list, prefix ok, origin WL ... ok
+Live test, OpenBGPD 7.7, tag prefix/origin in AS-SET, IPv4: AS2 white list, prefix WL, origin ko ... ok
+Live test, OpenBGPD 7.7, tag prefix/origin in AS-SET, IPv4: AS2 white list, prefix WL, origin ok ... ok
+Live test, OpenBGPD 7.7, tag prefix/origin in AS-SET, IPv4: AS2 white list, prefix WL, origin WL ... ok
+Live test, OpenBGPD 7.7, tag prefix/origin in AS-SET, IPv4: AS4 route white list, ok (exact) ... ok
+Live test, OpenBGPD 7.7, tag prefix/origin in AS-SET, IPv4: AS4 route white list, reject (more spec) ... ok
+Live test, OpenBGPD 7.7, tag prefix/origin in AS-SET, IPv4: AS4 route white list, ok (more spec) ... ok
+Live test, OpenBGPD 7.7, tag prefix/origin in AS-SET, IPv4: AS4 route white list, reject (origin KO) ... ok
+Live test, OpenBGPD 7.7, tag prefix/origin in AS-SET, IPv4: AS4 route white list, ok (origin any) ... ok
+Live test, OpenBGPD 7.7, tag prefix/origin in AS-SET, IPv4: AS4 white list, prefix ko, origin WL ... ok
+Live test, OpenBGPD 7.7, tag prefix/origin in AS-SET, IPv4: AS4 white list, prefix ok, origin WL ... ok
+Live test, OpenBGPD 7.7, tag prefix/origin in AS-SET, IPv4: AS4 white list, prefix WL, origin ko ... ok
+Live test, OpenBGPD 7.7, tag prefix/origin in AS-SET, IPv4: AS4 white list, prefix WL, origin ok ... ok
+Live test, OpenBGPD 7.7, tag prefix/origin in AS-SET, IPv4: AS4 white list, prefix WL, origin WL ... ok
+Live test, OpenBGPD 7.7, tag prefix/origin in AS-SET, IPv4: AS5 white list, prefix ko, origin WL ... ok
+Live test, OpenBGPD 7.7, tag prefix/origin in AS-SET, IPv4: AS5 white list, prefix ok, origin WL ... ok
+Live test, OpenBGPD 7.7, tag prefix/origin in AS-SET, IPv4: AS5 white list, prefix WL, origin ko ... ok
+Live test, OpenBGPD 7.7, tag prefix/origin in AS-SET, IPv4: AS5 white list, prefix WL, origin ok ... ok
+Live test, OpenBGPD 7.7, tag prefix/origin in AS-SET, IPv4: AS5 white list, prefix WL, origin WL ... ok
+Live test, OpenBGPD 7.7, tag prefix/origin in AS-SET, IPv4: AS2 RPKI ROAs as route objects: tag only (w/ prefix_validated_via_rpki_roas) ... ok
+Live test, OpenBGPD 7.7, tag prefix/origin in AS-SET, IPv4: AS6 RPKI ROAs as route objects: invalid origin ASN ... ok
+Live test, OpenBGPD 7.7, tag prefix/origin in AS-SET, IPv4: AS6 RPKI ROAs as route objects: ok ... ok
+Live test, OpenBGPD 7.7, tag prefix/origin in AS-SET, IPv4: AS2 ARIN Whois DB: tag only (w/ prefix_validated_via_arin_whois_db_dump) ... ok
+Live test, OpenBGPD 7.7, tag prefix/origin in AS-SET, IPv4: AS6 ARIN Whois DB: ok ... ok
+Live test, OpenBGPD 7.7, tag prefix/origin in AS-SET, IPv4: AS2 prefix ok, origin ok, ARIN: tag only (w/ prefix_validated_via_arin_whois_db_dump) ... ok
+Live test, OpenBGPD 7.7, tag prefix/origin in AS-SET, IPv4: AS2 prefix ok, origin ok, ROA: tag only (w/ prefix_validated_via_rpki_roas) ... ok
+Live test, OpenBGPD 7.7, tag prefix/origin in AS-SET, IPv4: AS2 ROA + ARIN Whois DB: tag only (w/ comms [arin_whois_db_dump, rpki_roas]) ... ok
+Live test, OpenBGPD 7.7, tag prefix/origin in AS-SET, IPv4: AS6 prefix ok, origin ok, ROA + ARIN: enforce (w/ comms [arin_whois_db_dump, rpki_roas]) ... ok
+Live test, OpenBGPD 7.7, tag prefix/origin in AS-SET, IPv4: AS6 ROA + ARIN Whois DB: enforce (w/ comms [arin_whois_db_dump, rpki_roas]) ... ok
+Live test, OpenBGPD 7.7, tag prefix/origin in AS-SET, IPv4: reconfigure ... ok
+Live test, OpenBGPD 7.7, tag prefix/origin in AS-SET, IPv4: log contains errors ... ok
+Live test, OpenBGPD 7.7, tag prefix/origin in AS-SET, IPv4: dumping rs config...
+Live test, OpenBGPD 7.7, tag prefix/origin in AS-SET, IPv4: dumping routes...
+Live test, OpenBGPD 7.7, tag prefix/origin in AS-SET, IPv4: stopping instances...
+Live test, OpenBGPD 7.7, tag prefix/origin empty AS-SET, IPv4: setting instances up...
+Live test, OpenBGPD 7.7, tag prefix/origin empty AS-SET, IPv4: instances setup ... ok
+Live test, OpenBGPD 7.7, tag prefix/origin empty AS-SET, IPv4: sessions are up ... ok
+Live test, OpenBGPD 7.7, tag prefix/origin empty AS-SET, IPv4: AS2 no enforcement, prefix and origin not in AS-SET ... ok
+Live test, OpenBGPD 7.7, tag prefix/origin empty AS-SET, IPv4: AS4 origin enforcement ... ok
+Live test, OpenBGPD 7.7, tag prefix/origin empty AS-SET, IPv4: AS4 prefix enforcement ... ok
+Live test, OpenBGPD 7.7, tag prefix/origin empty AS-SET, IPv4: AS2 white list, prefix ko, origin WL ... ok
+Live test, OpenBGPD 7.7, tag prefix/origin empty AS-SET, IPv4: AS2 white list, prefix ok, origin WL ... ok
+Live test, OpenBGPD 7.7, tag prefix/origin empty AS-SET, IPv4: AS2 white list, prefix WL, origin ko ... ok
+Live test, OpenBGPD 7.7, tag prefix/origin empty AS-SET, IPv4: AS2 white list, prefix WL, origin ok ... ok
+Live test, OpenBGPD 7.7, tag prefix/origin empty AS-SET, IPv4: AS2 white list, prefix WL, origin WL ... ok
+Live test, OpenBGPD 7.7, tag prefix/origin empty AS-SET, IPv4: AS4 route white list, ok (exact) ... ok
+Live test, OpenBGPD 7.7, tag prefix/origin empty AS-SET, IPv4: AS4 route white list, reject (more spec) ... ok
+Live test, OpenBGPD 7.7, tag prefix/origin empty AS-SET, IPv4: AS4 route white list, ok (more spec) ... ok
+Live test, OpenBGPD 7.7, tag prefix/origin empty AS-SET, IPv4: AS4 route white list, reject (origin KO) ... ok
+Live test, OpenBGPD 7.7, tag prefix/origin empty AS-SET, IPv4: AS4 route white list, ok (origin any) ... ok
+Live test, OpenBGPD 7.7, tag prefix/origin empty AS-SET, IPv4: AS4 white list, prefix ko, origin WL ... ok
+Live test, OpenBGPD 7.7, tag prefix/origin empty AS-SET, IPv4: AS4 white list, prefix ok, origin WL ... ok
+Live test, OpenBGPD 7.7, tag prefix/origin empty AS-SET, IPv4: AS4 white list, prefix WL, origin ko ... ok
+Live test, OpenBGPD 7.7, tag prefix/origin empty AS-SET, IPv4: AS4 white list, prefix WL, origin ok ... ok
+Live test, OpenBGPD 7.7, tag prefix/origin empty AS-SET, IPv4: AS4 white list, prefix WL, origin WL ... ok
+Live test, OpenBGPD 7.7, tag prefix/origin empty AS-SET, IPv4: AS5 white list, prefix ko, origin WL ... ok
+Live test, OpenBGPD 7.7, tag prefix/origin empty AS-SET, IPv4: AS5 white list, prefix ok, origin WL ... ok
+Live test, OpenBGPD 7.7, tag prefix/origin empty AS-SET, IPv4: AS5 white list, prefix WL, origin ko ... ok
+Live test, OpenBGPD 7.7, tag prefix/origin empty AS-SET, IPv4: AS5 white list, prefix WL, origin ok ... ok
+Live test, OpenBGPD 7.7, tag prefix/origin empty AS-SET, IPv4: AS5 white list, prefix WL, origin WL ... ok
+Live test, OpenBGPD 7.7, tag prefix/origin empty AS-SET, IPv4: AS2 RPKI ROAs as route objects: tag only (w/o prefix_validated_via_rpki_roas) ... ok
+Live test, OpenBGPD 7.7, tag prefix/origin empty AS-SET, IPv4: AS6 RPKI ROAs as route objects: invalid origin ASN ... ok
+Live test, OpenBGPD 7.7, tag prefix/origin empty AS-SET, IPv4: AS6 RPKI ROAs as route objects: ko ... ok
+Live test, OpenBGPD 7.7, tag prefix/origin empty AS-SET, IPv4: AS2 ARIN Whois DB: tag only (w/o prefix_validated_via_arin_whois_db_dump) ... ok
+Live test, OpenBGPD 7.7, tag prefix/origin empty AS-SET, IPv4: AS6 ARIN Whois DB: ok (solely because of route white list) ... ok
+Live test, OpenBGPD 7.7, tag prefix/origin empty AS-SET, IPv4: AS2 prefix ok, origin ok, ARIN: tag only (w/o prefix_validated_via_arin_whois_db_dump) ... ok
+Live test, OpenBGPD 7.7, tag prefix/origin empty AS-SET, IPv4: AS2 prefix ok, origin ok, ROA: tag only (w/o prefix_validated_via_rpki_roas) ... ok
+Live test, OpenBGPD 7.7, tag prefix/origin empty AS-SET, IPv4: AS2 ROA + ARIN Whois DB: tag only (w/o comms [arin_whois_db_dump, rpki_roas]) ... ok
+Live test, OpenBGPD 7.7, tag prefix/origin empty AS-SET, IPv4: AS6 prefix ok, origin ok, ROA + ARIN: rejected ... ok
+Live test, OpenBGPD 7.7, tag prefix/origin empty AS-SET, IPv4: AS6 ROA + ARIN Whois DB: enforced (rejected) ... ok
+Live test, OpenBGPD 7.7, tag prefix/origin empty AS-SET, IPv4: reconfigure ... ok
+Live test, OpenBGPD 7.7, tag prefix/origin empty AS-SET, IPv4: log contains errors ... ok
+Live test, OpenBGPD 7.7, tag prefix/origin empty AS-SET, IPv4: dumping rs config...
+Live test, OpenBGPD 7.7, tag prefix/origin empty AS-SET, IPv4: dumping routes...
+Live test, OpenBGPD 7.7, tag prefix/origin empty AS-SET, IPv4: stopping instances...
+Live test, OpenBGPD 7.7, tag prefix/origin in AS-SET, IPv6: setting instances up...
+Live test, OpenBGPD 7.7, tag prefix/origin in AS-SET, IPv6: instances setup ... ok
+Live test, OpenBGPD 7.7, tag prefix/origin in AS-SET, IPv6: sessions are up ... ok
+Live test, OpenBGPD 7.7, tag prefix/origin in AS-SET, IPv6: AS2 prefix ko origin ko ... ok
+Live test, OpenBGPD 7.7, tag prefix/origin in AS-SET, IPv6: AS2 prefix ko origin ok ... ok
+Live test, OpenBGPD 7.7, tag prefix/origin in AS-SET, IPv6: AS2 prefix ok origin ko ... ok
+Live test, OpenBGPD 7.7, tag prefix/origin in AS-SET, IPv6: AS2 prefix ok origin ok ... ok
+Live test, OpenBGPD 7.7, tag prefix/origin in AS-SET, IPv6: AS4 route filtered (origin ko) ... ok
+Live test, OpenBGPD 7.7, tag prefix/origin in AS-SET, IPv6: AS4 prefix ko origin ok ... ok
+Live test, OpenBGPD 7.7, tag prefix/origin in AS-SET, IPv6: AS4 prefix ok origin ok ... ok
+Live test, OpenBGPD 7.7, tag prefix/origin in AS-SET, IPv6: AS4 route filtered (prefix ko, origin ko) ... ok
+Live test, OpenBGPD 7.7, tag prefix/origin in AS-SET, IPv6: AS5 route filtered (prefix ko, origin ko) ... ok
+Live test, OpenBGPD 7.7, tag prefix/origin in AS-SET, IPv6: AS5 route filtered (prefix ko) ... ok
+Live test, OpenBGPD 7.7, tag prefix/origin in AS-SET, IPv6: AS5 prefix ok origin ko ... ok
+Live test, OpenBGPD 7.7, tag prefix/origin in AS-SET, IPv6: AS5 prefix ok origin ok ... ok
+Live test, OpenBGPD 7.7, tag prefix/origin in AS-SET, IPv6: AS2 white list, prefix ko, origin WL ... ok
+Live test, OpenBGPD 7.7, tag prefix/origin in AS-SET, IPv6: AS2 white list, prefix ok, origin WL ... ok
+Live test, OpenBGPD 7.7, tag prefix/origin in AS-SET, IPv6: AS2 white list, prefix WL, origin ko ... ok
+Live test, OpenBGPD 7.7, tag prefix/origin in AS-SET, IPv6: AS2 white list, prefix WL, origin ok ... ok
+Live test, OpenBGPD 7.7, tag prefix/origin in AS-SET, IPv6: AS2 white list, prefix WL, origin WL ... ok
+Live test, OpenBGPD 7.7, tag prefix/origin in AS-SET, IPv6: AS4 route white list, ok (exact) ... ok
+Live test, OpenBGPD 7.7, tag prefix/origin in AS-SET, IPv6: AS4 route white list, reject (more spec) ... ok
+Live test, OpenBGPD 7.7, tag prefix/origin in AS-SET, IPv6: AS4 route white list, ok (more spec) ... ok
+Live test, OpenBGPD 7.7, tag prefix/origin in AS-SET, IPv6: AS4 route white list, reject (origin KO) ... ok
+Live test, OpenBGPD 7.7, tag prefix/origin in AS-SET, IPv6: AS4 route white list, ok (origin any) ... ok
+Live test, OpenBGPD 7.7, tag prefix/origin in AS-SET, IPv6: AS4 white list, prefix ko, origin WL ... ok
+Live test, OpenBGPD 7.7, tag prefix/origin in AS-SET, IPv6: AS4 white list, prefix ok, origin WL ... ok
+Live test, OpenBGPD 7.7, tag prefix/origin in AS-SET, IPv6: AS4 white list, prefix WL, origin ko ... ok
+Live test, OpenBGPD 7.7, tag prefix/origin in AS-SET, IPv6: AS4 white list, prefix WL, origin ok ... ok
+Live test, OpenBGPD 7.7, tag prefix/origin in AS-SET, IPv6: AS4 white list, prefix WL, origin WL ... ok
+Live test, OpenBGPD 7.7, tag prefix/origin in AS-SET, IPv6: AS5 white list, prefix ko, origin WL ... ok
+Live test, OpenBGPD 7.7, tag prefix/origin in AS-SET, IPv6: AS5 white list, prefix ok, origin WL ... ok
+Live test, OpenBGPD 7.7, tag prefix/origin in AS-SET, IPv6: AS5 white list, prefix WL, origin ko ... ok
+Live test, OpenBGPD 7.7, tag prefix/origin in AS-SET, IPv6: AS5 white list, prefix WL, origin ok ... ok
+Live test, OpenBGPD 7.7, tag prefix/origin in AS-SET, IPv6: AS5 white list, prefix WL, origin WL ... ok
+Live test, OpenBGPD 7.7, tag prefix/origin in AS-SET, IPv6: AS2 RPKI ROAs as route objects: tag only (w/ prefix_validated_via_rpki_roas) ... ok
+Live test, OpenBGPD 7.7, tag prefix/origin in AS-SET, IPv6: AS6 RPKI ROAs as route objects: invalid origin ASN ... ok
+Live test, OpenBGPD 7.7, tag prefix/origin in AS-SET, IPv6: AS6 RPKI ROAs as route objects: ok ... ok
+Live test, OpenBGPD 7.7, tag prefix/origin in AS-SET, IPv6: AS2 ARIN Whois DB: tag only (w/ prefix_validated_via_arin_whois_db_dump) ... ok
+Live test, OpenBGPD 7.7, tag prefix/origin in AS-SET, IPv6: AS6 ARIN Whois DB: ok ... ok
+Live test, OpenBGPD 7.7, tag prefix/origin in AS-SET, IPv6: AS2 prefix ok, origin ok, ARIN: tag only (w/ prefix_validated_via_arin_whois_db_dump) ... ok
+Live test, OpenBGPD 7.7, tag prefix/origin in AS-SET, IPv6: AS2 prefix ok, origin ok, ROA: tag only (w/ prefix_validated_via_rpki_roas) ... ok
+Live test, OpenBGPD 7.7, tag prefix/origin in AS-SET, IPv6: AS2 ROA + ARIN Whois DB: tag only (w/ comms [arin_whois_db_dump, rpki_roas]) ... ok
+Live test, OpenBGPD 7.7, tag prefix/origin in AS-SET, IPv6: AS6 prefix ok, origin ok, ROA + ARIN: enforce (w/ comms [arin_whois_db_dump, rpki_roas]) ... ok
+Live test, OpenBGPD 7.7, tag prefix/origin in AS-SET, IPv6: AS6 ROA + ARIN Whois DB: enforce (w/ comms [arin_whois_db_dump, rpki_roas]) ... ok
+Live test, OpenBGPD 7.7, tag prefix/origin in AS-SET, IPv6: reconfigure ... ok
+Live test, OpenBGPD 7.7, tag prefix/origin in AS-SET, IPv6: log contains errors ... ok
+Live test, OpenBGPD 7.7, tag prefix/origin in AS-SET, IPv6: dumping rs config...
+Live test, OpenBGPD 7.7, tag prefix/origin in AS-SET, IPv6: dumping routes...
+Live test, OpenBGPD 7.7, tag prefix/origin in AS-SET, IPv6: stopping instances...
+Live test, OpenBGPD 7.7, tag prefix/origin empty AS-SET, IPv6: setting instances up...
+Live test, OpenBGPD 7.7, tag prefix/origin empty AS-SET, IPv6: instances setup ... ok
+Live test, OpenBGPD 7.7, tag prefix/origin empty AS-SET, IPv6: sessions are up ... ok
+Live test, OpenBGPD 7.7, tag prefix/origin empty AS-SET, IPv6: AS2 no enforcement, prefix and origin not in AS-SET ... ok
+Live test, OpenBGPD 7.7, tag prefix/origin empty AS-SET, IPv6: AS4 origin enforcement ... ok
+Live test, OpenBGPD 7.7, tag prefix/origin empty AS-SET, IPv6: AS4 prefix enforcement ... ok
+Live test, OpenBGPD 7.7, tag prefix/origin empty AS-SET, IPv6: AS2 white list, prefix ko, origin WL ... ok
+Live test, OpenBGPD 7.7, tag prefix/origin empty AS-SET, IPv6: AS2 white list, prefix ok, origin WL ... ok
+Live test, OpenBGPD 7.7, tag prefix/origin empty AS-SET, IPv6: AS2 white list, prefix WL, origin ko ... ok
+Live test, OpenBGPD 7.7, tag prefix/origin empty AS-SET, IPv6: AS2 white list, prefix WL, origin ok ... ok
+Live test, OpenBGPD 7.7, tag prefix/origin empty AS-SET, IPv6: AS2 white list, prefix WL, origin WL ... ok
+Live test, OpenBGPD 7.7, tag prefix/origin empty AS-SET, IPv6: AS4 route white list, ok (exact) ... ok
+Live test, OpenBGPD 7.7, tag prefix/origin empty AS-SET, IPv6: AS4 route white list, reject (more spec) ... ok
+Live test, OpenBGPD 7.7, tag prefix/origin empty AS-SET, IPv6: AS4 route white list, ok (more spec) ... ok
+Live test, OpenBGPD 7.7, tag prefix/origin empty AS-SET, IPv6: AS4 route white list, reject (origin KO) ... ok
+Live test, OpenBGPD 7.7, tag prefix/origin empty AS-SET, IPv6: AS4 route white list, ok (origin any) ... ok
+Live test, OpenBGPD 7.7, tag prefix/origin empty AS-SET, IPv6: AS4 white list, prefix ko, origin WL ... ok
+Live test, OpenBGPD 7.7, tag prefix/origin empty AS-SET, IPv6: AS4 white list, prefix ok, origin WL ... ok
+Live test, OpenBGPD 7.7, tag prefix/origin empty AS-SET, IPv6: AS4 white list, prefix WL, origin ko ... ok
+Live test, OpenBGPD 7.7, tag prefix/origin empty AS-SET, IPv6: AS4 white list, prefix WL, origin ok ... ok
+Live test, OpenBGPD 7.7, tag prefix/origin empty AS-SET, IPv6: AS4 white list, prefix WL, origin WL ... ok
+Live test, OpenBGPD 7.7, tag prefix/origin empty AS-SET, IPv6: AS5 white list, prefix ko, origin WL ... ok
+Live test, OpenBGPD 7.7, tag prefix/origin empty AS-SET, IPv6: AS5 white list, prefix ok, origin WL ... ok
+Live test, OpenBGPD 7.7, tag prefix/origin empty AS-SET, IPv6: AS5 white list, prefix WL, origin ko ... ok
+Live test, OpenBGPD 7.7, tag prefix/origin empty AS-SET, IPv6: AS5 white list, prefix WL, origin ok ... ok
+Live test, OpenBGPD 7.7, tag prefix/origin empty AS-SET, IPv6: AS5 white list, prefix WL, origin WL ... ok
+Live test, OpenBGPD 7.7, tag prefix/origin empty AS-SET, IPv6: AS2 RPKI ROAs as route objects: tag only (w/o prefix_validated_via_rpki_roas) ... ok
+Live test, OpenBGPD 7.7, tag prefix/origin empty AS-SET, IPv6: AS6 RPKI ROAs as route objects: invalid origin ASN ... ok
+Live test, OpenBGPD 7.7, tag prefix/origin empty AS-SET, IPv6: AS6 RPKI ROAs as route objects: ko ... ok
+Live test, OpenBGPD 7.7, tag prefix/origin empty AS-SET, IPv6: AS2 ARIN Whois DB: tag only (w/o prefix_validated_via_arin_whois_db_dump) ... ok
+Live test, OpenBGPD 7.7, tag prefix/origin empty AS-SET, IPv6: AS6 ARIN Whois DB: ok (solely because of route white list) ... ok
+Live test, OpenBGPD 7.7, tag prefix/origin empty AS-SET, IPv6: AS2 prefix ok, origin ok, ARIN: tag only (w/o prefix_validated_via_arin_whois_db_dump) ... ok
+Live test, OpenBGPD 7.7, tag prefix/origin empty AS-SET, IPv6: AS2 prefix ok, origin ok, ROA: tag only (w/o prefix_validated_via_rpki_roas) ... ok
+Live test, OpenBGPD 7.7, tag prefix/origin empty AS-SET, IPv6: AS2 ROA + ARIN Whois DB: tag only (w/o comms [arin_whois_db_dump, rpki_roas]) ... ok
+Live test, OpenBGPD 7.7, tag prefix/origin empty AS-SET, IPv6: AS6 prefix ok, origin ok, ROA + ARIN: rejected ... ok
+Live test, OpenBGPD 7.7, tag prefix/origin empty AS-SET, IPv6: AS6 ROA + ARIN Whois DB: enforced (rejected) ... ok
+Live test, OpenBGPD 7.7, tag prefix/origin empty AS-SET, IPv6: reconfigure ... ok
+Live test, OpenBGPD 7.7, tag prefix/origin empty AS-SET, IPv6: log contains errors ... ok
+Live test, OpenBGPD 7.7, tag prefix/origin empty AS-SET, IPv6: dumping rs config...
+Live test, OpenBGPD 7.7, tag prefix/origin empty AS-SET, IPv6: dumping routes...
+Live test, OpenBGPD 7.7, tag prefix/origin empty AS-SET, IPv6: stopping instances...
 
 ----------------------------------------------------------------------
-Ran 166 tests in 173.555s
+Ran 166 tests in 181.276s
 
 OK
diff --git a/tests/last_results/live_tag_reject_policy_bird1.last b/tests/last_results/live_tag_reject_policy_bird1.last
index d0a99b95..d6af5cac 100644
--- a/tests/last_results/live_tag_reject_policy_bird1.last
+++ b/tests/last_results/live_tag_reject_policy_bird1.last
@@ -52,6 +52,6 @@ Live test, BIRD, 'tag' reject policy scenario, IPv6: dumping routes...
 Live test, BIRD, 'tag' reject policy scenario, IPv6: stopping instances...
 
 ----------------------------------------------------------------------
-Ran 44 tests in 114.618s
+Ran 44 tests in 121.872s
 
 OK (SKIP=1)
diff --git a/tests/last_results/live_tag_reject_policy_bird2.last b/tests/last_results/live_tag_reject_policy_bird2.last
index 4d950fe2..ac4db591 100644
--- a/tests/last_results/live_tag_reject_policy_bird2.last
+++ b/tests/last_results/live_tag_reject_policy_bird2.last
@@ -52,6 +52,6 @@ Live test, BIRD v2, 'tag' reject policy scenario, IPv6: dumping routes...
 Live test, BIRD v2, 'tag' reject policy scenario, IPv6: stopping instances...
 
 ----------------------------------------------------------------------
-Ran 44 tests in 114.054s
+Ran 44 tests in 118.667s
 
 OK (SKIP=1)
diff --git a/tests/last_results/live_tag_reject_policy_openbgpd_portable.last b/tests/last_results/live_tag_reject_policy_openbgpd_portable.last
index 66098030..d8d90c2c 100644
--- a/tests/last_results/live_tag_reject_policy_openbgpd_portable.last
+++ b/tests/last_results/live_tag_reject_policy_openbgpd_portable.last
@@ -1,57 +1,57 @@
-Live test, OpenBGPD 7.5, 'tag' reject policy scenario, IPv4: setting instances up...
-Live test, OpenBGPD 7.5, 'tag' reject policy scenario, IPv4: instances setup ... ok
-Live test, OpenBGPD 7.5, 'tag' reject policy scenario, IPv4: sessions are up ... ok
-Live test, OpenBGPD 7.5, 'tag' reject policy scenario, IPv4: AS_PATH too long ... ok
-Live test, OpenBGPD 7.5, 'tag' reject policy scenario, IPv4: bogon prefix ... ok
-Live test, OpenBGPD 7.5, 'tag' reject policy scenario, IPv4: bogon prefix, wrong announcing ASN ... ok
-Live test, OpenBGPD 7.5, 'tag' reject policy scenario, IPv4: prefix in client's blacklist ... ok
-Live test, OpenBGPD 7.5, 'tag' reject policy scenario, IPv4: invalid ASN in AS_PATH ... ok
-Live test, OpenBGPD 7.5, 'tag' reject policy scenario, IPv4: invalid NEXT_HOP ... ok
-Live test, OpenBGPD 7.5, 'tag' reject policy scenario, IPv4: local black list ... ok
-Live test, OpenBGPD 7.5, 'tag' reject policy scenario, IPv4: prefix is not in IPv6 global unicast space ... SKIP: IPv6 only test
-Live test, OpenBGPD 7.5, 'tag' reject policy scenario, IPv4: origin not in as-macro ... ok
-Live test, OpenBGPD 7.5, 'tag' reject policy scenario, IPv4: invalid left-most ASN ... ok
-Live test, OpenBGPD 7.5, 'tag' reject policy scenario, IPv4: prefix length ... ok
-Live test, OpenBGPD 7.5, 'tag' reject policy scenario, IPv4: prefix not in as-macro ... ok
-Live test, OpenBGPD 7.5, 'tag' reject policy scenario, IPv4: RPKI INVALID route ... ok
-Live test, OpenBGPD 7.5, 'tag' reject policy scenario, IPv4: transit-free ASN in AS_PATH ... ok
-Live test, OpenBGPD 7.5, 'tag' reject policy scenario, IPv4: good routes not received ... ok
-Live test, OpenBGPD 7.5, 'tag' reject policy scenario, IPv4: prefixes received by clients: AS1_1 ... ok
-Live test, OpenBGPD 7.5, 'tag' reject policy scenario, IPv4: prefixes received by clients: AS1_2 ... ok
-Live test, OpenBGPD 7.5, 'tag' reject policy scenario, IPv4: prefixes received by clients: AS2 ... ok
-Live test, OpenBGPD 7.5, 'tag' reject policy scenario, IPv4: reconfigure ... ok
-Live test, OpenBGPD 7.5, 'tag' reject policy scenario, IPv4: log contains errors ... ok
-Live test, OpenBGPD 7.5, 'tag' reject policy scenario, IPv4: dumping rs config...
-Live test, OpenBGPD 7.5, 'tag' reject policy scenario, IPv4: dumping routes...
-Live test, OpenBGPD 7.5, 'tag' reject policy scenario, IPv4: stopping instances...
-Live test, OpenBGPD 7.5, 'tag' reject policy scenario, IPv6: setting instances up...
-Live test, OpenBGPD 7.5, 'tag' reject policy scenario, IPv6: instances setup ... ok
-Live test, OpenBGPD 7.5, 'tag' reject policy scenario, IPv6: sessions are up ... ok
-Live test, OpenBGPD 7.5, 'tag' reject policy scenario, IPv6: AS_PATH too long ... ok
-Live test, OpenBGPD 7.5, 'tag' reject policy scenario, IPv6: bogon prefix ... ok
-Live test, OpenBGPD 7.5, 'tag' reject policy scenario, IPv6: bogon prefix, wrong announcing ASN ... ok
-Live test, OpenBGPD 7.5, 'tag' reject policy scenario, IPv6: prefix in client's blacklist ... ok
-Live test, OpenBGPD 7.5, 'tag' reject policy scenario, IPv6: invalid ASN in AS_PATH ... ok
-Live test, OpenBGPD 7.5, 'tag' reject policy scenario, IPv6: invalid NEXT_HOP ... ok
-Live test, OpenBGPD 7.5, 'tag' reject policy scenario, IPv6: local black list ... ok
-Live test, OpenBGPD 7.5, 'tag' reject policy scenario, IPv6: prefix is not in IPv6 global unicast space ... ok
-Live test, OpenBGPD 7.5, 'tag' reject policy scenario, IPv6: origin not in as-macro ... ok
-Live test, OpenBGPD 7.5, 'tag' reject policy scenario, IPv6: invalid left-most ASN ... ok
-Live test, OpenBGPD 7.5, 'tag' reject policy scenario, IPv6: prefix length ... ok
-Live test, OpenBGPD 7.5, 'tag' reject policy scenario, IPv6: prefix not in as-macro ... ok
-Live test, OpenBGPD 7.5, 'tag' reject policy scenario, IPv6: RPKI INVALID route ... ok
-Live test, OpenBGPD 7.5, 'tag' reject policy scenario, IPv6: transit-free ASN in AS_PATH ... ok
-Live test, OpenBGPD 7.5, 'tag' reject policy scenario, IPv6: good routes not received ... ok
-Live test, OpenBGPD 7.5, 'tag' reject policy scenario, IPv6: prefixes received by clients: AS1_1 ... ok
-Live test, OpenBGPD 7.5, 'tag' reject policy scenario, IPv6: prefixes received by clients: AS1_2 ... ok
-Live test, OpenBGPD 7.5, 'tag' reject policy scenario, IPv6: prefixes received by clients: AS2 ... ok
-Live test, OpenBGPD 7.5, 'tag' reject policy scenario, IPv6: reconfigure ... ok
-Live test, OpenBGPD 7.5, 'tag' reject policy scenario, IPv6: log contains errors ... ok
-Live test, OpenBGPD 7.5, 'tag' reject policy scenario, IPv6: dumping rs config...
-Live test, OpenBGPD 7.5, 'tag' reject policy scenario, IPv6: dumping routes...
-Live test, OpenBGPD 7.5, 'tag' reject policy scenario, IPv6: stopping instances...
+Live test, OpenBGPD 7.7, 'tag' reject policy scenario, IPv4: setting instances up...
+Live test, OpenBGPD 7.7, 'tag' reject policy scenario, IPv4: instances setup ... ok
+Live test, OpenBGPD 7.7, 'tag' reject policy scenario, IPv4: sessions are up ... ok
+Live test, OpenBGPD 7.7, 'tag' reject policy scenario, IPv4: AS_PATH too long ... ok
+Live test, OpenBGPD 7.7, 'tag' reject policy scenario, IPv4: bogon prefix ... ok
+Live test, OpenBGPD 7.7, 'tag' reject policy scenario, IPv4: bogon prefix, wrong announcing ASN ... ok
+Live test, OpenBGPD 7.7, 'tag' reject policy scenario, IPv4: prefix in client's blacklist ... ok
+Live test, OpenBGPD 7.7, 'tag' reject policy scenario, IPv4: invalid ASN in AS_PATH ... ok
+Live test, OpenBGPD 7.7, 'tag' reject policy scenario, IPv4: invalid NEXT_HOP ... ok
+Live test, OpenBGPD 7.7, 'tag' reject policy scenario, IPv4: local black list ... ok
+Live test, OpenBGPD 7.7, 'tag' reject policy scenario, IPv4: prefix is not in IPv6 global unicast space ... SKIP: IPv6 only test
+Live test, OpenBGPD 7.7, 'tag' reject policy scenario, IPv4: origin not in as-macro ... ok
+Live test, OpenBGPD 7.7, 'tag' reject policy scenario, IPv4: invalid left-most ASN ... ok
+Live test, OpenBGPD 7.7, 'tag' reject policy scenario, IPv4: prefix length ... ok
+Live test, OpenBGPD 7.7, 'tag' reject policy scenario, IPv4: prefix not in as-macro ... ok
+Live test, OpenBGPD 7.7, 'tag' reject policy scenario, IPv4: RPKI INVALID route ... ok
+Live test, OpenBGPD 7.7, 'tag' reject policy scenario, IPv4: transit-free ASN in AS_PATH ... ok
+Live test, OpenBGPD 7.7, 'tag' reject policy scenario, IPv4: good routes not received ... ok
+Live test, OpenBGPD 7.7, 'tag' reject policy scenario, IPv4: prefixes received by clients: AS1_1 ... ok
+Live test, OpenBGPD 7.7, 'tag' reject policy scenario, IPv4: prefixes received by clients: AS1_2 ... ok
+Live test, OpenBGPD 7.7, 'tag' reject policy scenario, IPv4: prefixes received by clients: AS2 ... ok
+Live test, OpenBGPD 7.7, 'tag' reject policy scenario, IPv4: reconfigure ... ok
+Live test, OpenBGPD 7.7, 'tag' reject policy scenario, IPv4: log contains errors ... ok
+Live test, OpenBGPD 7.7, 'tag' reject policy scenario, IPv4: dumping rs config...
+Live test, OpenBGPD 7.7, 'tag' reject policy scenario, IPv4: dumping routes...
+Live test, OpenBGPD 7.7, 'tag' reject policy scenario, IPv4: stopping instances...
+Live test, OpenBGPD 7.7, 'tag' reject policy scenario, IPv6: setting instances up...
+Live test, OpenBGPD 7.7, 'tag' reject policy scenario, IPv6: instances setup ... ok
+Live test, OpenBGPD 7.7, 'tag' reject policy scenario, IPv6: sessions are up ... ok
+Live test, OpenBGPD 7.7, 'tag' reject policy scenario, IPv6: AS_PATH too long ... ok
+Live test, OpenBGPD 7.7, 'tag' reject policy scenario, IPv6: bogon prefix ... ok
+Live test, OpenBGPD 7.7, 'tag' reject policy scenario, IPv6: bogon prefix, wrong announcing ASN ... ok
+Live test, OpenBGPD 7.7, 'tag' reject policy scenario, IPv6: prefix in client's blacklist ... ok
+Live test, OpenBGPD 7.7, 'tag' reject policy scenario, IPv6: invalid ASN in AS_PATH ... ok
+Live test, OpenBGPD 7.7, 'tag' reject policy scenario, IPv6: invalid NEXT_HOP ... ok
+Live test, OpenBGPD 7.7, 'tag' reject policy scenario, IPv6: local black list ... ok
+Live test, OpenBGPD 7.7, 'tag' reject policy scenario, IPv6: prefix is not in IPv6 global unicast space ... ok
+Live test, OpenBGPD 7.7, 'tag' reject policy scenario, IPv6: origin not in as-macro ... ok
+Live test, OpenBGPD 7.7, 'tag' reject policy scenario, IPv6: invalid left-most ASN ... ok
+Live test, OpenBGPD 7.7, 'tag' reject policy scenario, IPv6: prefix length ... ok
+Live test, OpenBGPD 7.7, 'tag' reject policy scenario, IPv6: prefix not in as-macro ... ok
+Live test, OpenBGPD 7.7, 'tag' reject policy scenario, IPv6: RPKI INVALID route ... ok
+Live test, OpenBGPD 7.7, 'tag' reject policy scenario, IPv6: transit-free ASN in AS_PATH ... ok
+Live test, OpenBGPD 7.7, 'tag' reject policy scenario, IPv6: good routes not received ... ok
+Live test, OpenBGPD 7.7, 'tag' reject policy scenario, IPv6: prefixes received by clients: AS1_1 ... ok
+Live test, OpenBGPD 7.7, 'tag' reject policy scenario, IPv6: prefixes received by clients: AS1_2 ... ok
+Live test, OpenBGPD 7.7, 'tag' reject policy scenario, IPv6: prefixes received by clients: AS2 ... ok
+Live test, OpenBGPD 7.7, 'tag' reject policy scenario, IPv6: reconfigure ... ok
+Live test, OpenBGPD 7.7, 'tag' reject policy scenario, IPv6: log contains errors ... ok
+Live test, OpenBGPD 7.7, 'tag' reject policy scenario, IPv6: dumping rs config...
+Live test, OpenBGPD 7.7, 'tag' reject policy scenario, IPv6: dumping routes...
+Live test, OpenBGPD 7.7, 'tag' reject policy scenario, IPv6: stopping instances...
 
 ----------------------------------------------------------------------
-Ran 44 tests in 124.940s
+Ran 44 tests in 124.558s
 
 OK (SKIP=1)
diff --git a/tests/last_results/static.last b/tests/last_results/static.last
index ae1b8b97..7bffbd02 100644
--- a/tests/last_results/static.last
+++ b/tests/last_results/static.last
@@ -247,6 +247,6 @@ RTT getter parser: new line only ... ok
 RTT getter parser: none ... ok
 
 ----------------------------------------------------------------------
-Ran 247 tests in 68.563s
+Ran 247 tests in 63.405s
 
 OK
diff --git a/tests/live_tests/scenarios/communities/configs/BGPCommunitiesScenario_OpenBGPDIPv4/openbgpd76p.conf b/tests/live_tests/scenarios/communities/configs/BGPCommunitiesScenario_OpenBGPDIPv4/openbgpd76p.conf
new file mode 100644
index 00000000..b171bc60
--- /dev/null
+++ b/tests/live_tests/scenarios/communities/configs/BGPCommunitiesScenario_OpenBGPDIPv4/openbgpd76p.conf
@@ -0,0 +1,1887 @@
+# built by ARouteServer
+AS 999
+router-id 192.0.2.2
+
+fib-update no
+log updates
+
+nexthop qualify via default
+
+rde evaluate all
+
+INTCOMM_PREF_OK_ROA="soo 65535:1"
+INTCOMM_ROUTE_OK_WL="soo 65535:2"
+INTCOMM_PREF_OK_ARINDB="soo 65535:3"
+INTCOMM_PREF_OK_REGISTROBRDB="soo 65535:12"
+
+INTCOMM_ORIGIN_OK="soo 65535:4"
+INTCOMM_ORIGIN_KO="soo 65535:5"
+INTCOMM_PREFIX_OK="soo 65535:6"
+INTCOMM_PREFIX_KO="soo 65535:7"
+INTCOMM_IRR_REJECT="soo 65535:8"
+
+INTCOMM_RPKI_UNKNOWN="soo 65535:9"
+INTCOMM_RPKI_INVALID="soo 65535:10"
+INTCOMM_RPKI_VALID="soo 65535:11"
+
+INTCOMM_PROCESS_PREPEND_COMMS="soo 65535:13"
+
+INTCOMM_NO_EXPORT="soo 65535:65281"
+INTCOMM_NO_ADVERTISE="soo 65535:65282"
+
+# ---------------------------------------------------------
+# IRRDB
+
+
+
+
+# ---------------------------------------------------------
+# MEMBERS
+
+group "clients" {
+
+	neighbor 192.0.2.33 {
+		remote-as 131073
+
+		rde evaluate all
+
+		passive
+		ttl-security no
+		transparent-as yes
+		enforce neighbor-as no
+
+		announce as-4byte yes
+		announce IPv6 none
+		announce IPv4 unicast
+
+		set nexthop no-modify
+	}
+
+	neighbor 2001:db8:1:1::33 {
+		remote-as 131073
+
+		rde evaluate all
+
+		passive
+		ttl-security no
+		transparent-as yes
+		enforce neighbor-as no
+
+		announce as-4byte yes
+		announce IPv6 unicast
+		announce IPv4 none
+
+		set nexthop no-modify
+	}
+
+	neighbor 192.0.2.11 {
+		remote-as 1
+
+		rde evaluate all
+
+		passive
+		ttl-security no
+		transparent-as yes
+		enforce neighbor-as no
+
+		announce as-4byte yes
+		announce IPv6 none
+		announce IPv4 unicast
+
+		set nexthop no-modify
+	}
+
+	neighbor 2001:db8:1:1::11 {
+		remote-as 1
+
+		rde evaluate all
+
+		passive
+		ttl-security no
+		transparent-as yes
+		enforce neighbor-as no
+
+		announce as-4byte yes
+		announce IPv6 unicast
+		announce IPv4 none
+
+		set nexthop no-modify
+	}
+
+	neighbor 192.0.2.22 {
+		remote-as 2
+
+		rde evaluate all
+
+		passive
+		ttl-security no
+		transparent-as yes
+		enforce neighbor-as no
+
+		announce as-4byte yes
+		announce IPv6 none
+		announce IPv4 unicast
+
+		set nexthop no-modify
+	}
+
+	neighbor 2001:db8:1:1::22 {
+		remote-as 2
+
+		rde evaluate all
+
+		passive
+		ttl-security no
+		transparent-as yes
+		enforce neighbor-as no
+
+		announce as-4byte yes
+		announce IPv6 unicast
+		announce IPv4 none
+
+		set nexthop no-modify
+	}
+}
+
+
+
+# ---------------------------------------------------------
+# FILTERS
+
+# NO_ADVERTISE usage notes.
+# The NO_ADVERTISE well-know community is used here to handle
+# filters that span over multiple steps. At first it is added
+# to any route, then it is removed as filters conditions are
+# satisfied. Finally, if it is still present, it means that
+# the route should be discarded.
+
+
+
+
+
+prefix-set "bogons" {
+    0.0.0.0/0
+    0.0.0.0/8 prefixlen 8 - 32
+    10.0.0.0/8 prefixlen 8 - 32
+    127.0.0.0/8 prefixlen 8 - 32
+    169.254.0.0/16 prefixlen 16 - 32
+    172.16.0.0/12 prefixlen 12 - 32
+    192.0.2.0/24 prefixlen 24 - 32
+    192.88.99.0/24 prefixlen 24 - 32
+    192.168.0.0/16 prefixlen 16 - 32
+    198.18.0.0/15 prefixlen 15 - 32
+    198.51.100.0/24 prefixlen 24 - 32
+    203.0.113.0/24 prefixlen 24 - 32
+    224.0.0.0/3 prefixlen 3 - 32
+    100.64.0.0/10 prefixlen 10 - 32
+    ::/0
+    ::/8 prefixlen 8 - 128
+    64:ff9b::/96 prefixlen 96 - 128
+    100::/8 prefixlen 8 - 128
+    200::/7 prefixlen 7 - 128
+    400::/6 prefixlen 6 - 128
+    800::/5 prefixlen 5 - 128
+    1000::/4 prefixlen 4 - 128
+    2001::/33 prefixlen 33 - 128
+    2001:0:8000::/33 prefixlen 33 - 128
+    2001:2::/48 prefixlen 48 - 128
+    2001:3::/32 prefixlen 32 - 128
+    2001:10::/28 prefixlen 28 - 128
+    2001:20::/28 prefixlen 28 - 128
+    2001:db8::/32 prefixlen 32 - 128
+    2002::/16 prefixlen 16 - 128
+    3ffe::/16 prefixlen 16 - 128
+    4000::/3 prefixlen 3 - 128
+    5f00::/8 prefixlen 8 - 128
+    6000::/3 prefixlen 3 - 128
+    8000::/3 prefixlen 3 - 128
+    a000::/3 prefixlen 3 - 128
+    c000::/3 prefixlen 3 - 128
+    e000::/4 prefixlen 4 - 128
+    f000::/5 prefixlen 5 - 128
+    f800::/6 prefixlen 6 - 128
+    fc00::/7 prefixlen 7 - 128
+    fe80::/10 prefixlen 10 - 128
+    fec0::/10 prefixlen 10 - 128
+    ff00::/8 prefixlen 8 - 128
+
+}
+
+
+# =====================================================================================
+# Global rules.
+
+# This part of configuration is processed at the beginning of the filters.
+# The rules defined in this part are applied to all the clients, and not on a
+# client-by-client basis (see the 'match from group clients'), so only global policies
+# can be implemented here, that is no client-level configuration are allowed.
+
+
+
+# Scrub communities from inbound routes
+# reject_cause
+match from group clients set community delete 65520:*
+
+# reject_cause_map_6
+match from group clients set large-community delete 999:1101:7
+
+# rejected_route_announced_by
+match from group clients set ext-community delete rt 65520:*
+
+# cust_comm1
+match from group clients set community delete 65501:65501
+match from group clients set ext-community delete rt 65501:65501
+match from group clients set large-community delete 999:65501:65501
+
+
+# Scrub internal communities from inbound routes
+match from group clients set {
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+# The main goal of this block is to enrich routes received from clients by attaching to them
+# internal informational communities which are used later by the rest of the filter rules.
+
+# Internal communities used for RFC1997 well-known communities handling
+
+# Transform NO_EXPORT into $INTCOMM_NO_EXPORT
+match from group clients community NO_EXPORT set { ext-community $INTCOMM_NO_EXPORT community delete NO_EXPORT }
+
+# Transform NO_ADVERTISE into $INTCOMM_NO_ADVERTISE
+match from group clients community NO_ADVERTISE set { ext-community $INTCOMM_NO_ADVERTISE community delete NO_ADVERTISE }
+
+
+
+
+
+
+
+
+
+# Set the 'rejected_route_announced_by' community for all the clients.
+# It will be removed later if the route is not invalid
+match from 192.0.2.33 set ext-community rt 65520:131073
+
+match from 2001:db8:1:1::33 set ext-community rt 65520:131073
+
+match from 192.0.2.11 set ext-community rt 65520:1
+
+match from 2001:db8:1:1::11 set ext-community rt 65520:1
+
+match from 192.0.2.22 set ext-community rt 65520:2
+
+match from 2001:db8:1:1::22 set ext-community rt 65520:2
+
+
+
+
+# AS_PATH: length
+# Reject inbound routes when 'from group clients max-as-len 32' - reject code: 1
+allow quick from group clients max-as-len 32 set {
+	localpref 1
+	community 65520:0
+	community 65520:1
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+# Prefix: only IPv6 Global Unicast space allowed
+match from group clients inet6 set community NO_ADVERTISE
+match from group clients prefix 2000::/3 or-longer set community delete NO_ADVERTISE
+# Reject inbound routes when 'from group clients community NO_ADVERTISE' - reject code: 10
+allow quick from group clients community NO_ADVERTISE set {
+	localpref 1
+	community 65520:0
+	community 65520:10
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# Prefix: bogon
+# Reject inbound routes when 'from group clients prefix-set bogons' - reject code: 2
+allow quick from group clients prefix-set bogons set {
+	localpref 1
+	community 65520:0
+	community 65520:2
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+
+# =====================================================================================
+# Per client rules.
+
+
+# ---------------------------------------------
+# client AS131073_1, inbound
+
+
+
+# NEXT_HOP
+match from 192.0.2.33 set community NO_ADVERTISE
+match from 192.0.2.33 nexthop 192.0.2.33 set community delete NO_ADVERTISE
+# Reject inbound routes when 'from 192.0.2.33 community NO_ADVERTISE' - reject code: 5
+allow quick from 192.0.2.33 community NO_ADVERTISE set {
+	localpref 1
+	community 65520:0
+	community 65520:5
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: left-most ASN
+# Reject inbound routes when 'from 192.0.2.33 peer-as != 131073' - reject code: 6
+# community from reject_cause_map
+allow quick from 192.0.2.33 peer-as != 131073 set {
+	localpref 1
+	community 65520:0
+	community 65520:6
+	large-community 999:1101:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: invalid ASNs
+# Reject inbound routes when 'from 192.0.2.33 AS 23456' - reject code: 7
+allow quick from 192.0.2.33 AS 23456 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 192.0.2.33 AS 64496 - 131071' - reject code: 7
+allow quick from 192.0.2.33 AS 64496 - 131071 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 192.0.2.33 AS 4200000000 - 4294967295' - reject code: 7
+allow quick from 192.0.2.33 AS 4200000000 - 4294967295 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+
+
+
+
+
+
+
+
+
+# Prefix: length
+# Reject inbound routes when 'from 192.0.2.33 prefix 0.0.0.0/0 prefixlen 8 >< 24' - reject code: 13
+allow quick from 192.0.2.33 prefix 0.0.0.0/0 prefixlen 8 >< 24 set {
+	localpref 1
+	community 65520:0
+	community 65520:13
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+# Remove internal communities before accepting the route
+match from 192.0.2.33 set {
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+match from 192.0.2.33 set ext-community delete rt 65520:131073
+
+
+
+allow quick from 192.0.2.33
+
+
+
+# ---------------------------------------------
+# client AS131073_1, outbound
+
+deny quick to 192.0.2.33 community 65520:0
+
+
+
+# Blackhole request?
+# No blackhole filtering policy given
+deny quick to 192.0.2.33 community BLACKHOLE
+
+
+
+# NO_EXPORT and NO_ADVERTISE communities
+
+# BGP control communities
+allow to 192.0.2.33
+
+# do_not_announce_to_any
+deny to 192.0.2.33 community 0:999
+deny to 192.0.2.33 ext-community rt 0:999
+deny to 192.0.2.33 large-community 999:0:999
+
+# do_not_announce_to_peer
+# Warning: must skip 0:peer_as because peer_as > 65535 (131073)
+deny quick to 192.0.2.33 ext-community rt 0:131073
+deny quick to 192.0.2.33 large-community 999:0:131073
+
+# announce_to_peer
+# Warning: must skip 999:peer_as because peer_as > 65535 (131073)
+allow to 192.0.2.33 ext-community rt 999:131073
+allow to 192.0.2.33 large-community 999:999:131073
+
+
+# Add the $INTCOMM_PROCESS_PREPEND_COMMS ext community to signal that communities
+# for prepending can be processed. As soon as one prepending action is performed,
+# this internal community is removed, so that further actions are not processed.
+match to 192.0.2.33 set ext-community $INTCOMM_PROCESS_PREPEND_COMMS
+
+
+
+
+
+# ---------------------------------------------
+# client AS131073_2, inbound
+
+
+
+# NEXT_HOP
+match from 2001:db8:1:1::33 set community NO_ADVERTISE
+match from 2001:db8:1:1::33 nexthop 2001:db8:1:1::33 set community delete NO_ADVERTISE
+# Reject inbound routes when 'from 2001:db8:1:1::33 community NO_ADVERTISE' - reject code: 5
+allow quick from 2001:db8:1:1::33 community NO_ADVERTISE set {
+	localpref 1
+	community 65520:0
+	community 65520:5
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: left-most ASN
+# Reject inbound routes when 'from 2001:db8:1:1::33 peer-as != 131073' - reject code: 6
+# community from reject_cause_map
+allow quick from 2001:db8:1:1::33 peer-as != 131073 set {
+	localpref 1
+	community 65520:0
+	community 65520:6
+	large-community 999:1101:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: invalid ASNs
+# Reject inbound routes when 'from 2001:db8:1:1::33 AS 23456' - reject code: 7
+allow quick from 2001:db8:1:1::33 AS 23456 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 2001:db8:1:1::33 AS 64496 - 131071' - reject code: 7
+allow quick from 2001:db8:1:1::33 AS 64496 - 131071 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 2001:db8:1:1::33 AS 4200000000 - 4294967295' - reject code: 7
+allow quick from 2001:db8:1:1::33 AS 4200000000 - 4294967295 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+
+
+
+
+
+
+
+
+
+# Prefix: length
+# Reject inbound routes when 'from 2001:db8:1:1::33 prefix ::/0 prefixlen 12 >< 48' - reject code: 13
+allow quick from 2001:db8:1:1::33 prefix ::/0 prefixlen 12 >< 48 set {
+	localpref 1
+	community 65520:0
+	community 65520:13
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+# Remove internal communities before accepting the route
+match from 2001:db8:1:1::33 set {
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+match from 2001:db8:1:1::33 set ext-community delete rt 65520:131073
+
+
+
+allow quick from 2001:db8:1:1::33
+
+
+
+# ---------------------------------------------
+# client AS131073_2, outbound
+
+deny quick to 2001:db8:1:1::33 community 65520:0
+
+
+
+# Blackhole request?
+# No blackhole filtering policy given
+deny quick to 2001:db8:1:1::33 community BLACKHOLE
+
+
+
+# NO_EXPORT and NO_ADVERTISE communities
+
+# BGP control communities
+allow to 2001:db8:1:1::33
+
+# do_not_announce_to_any
+deny to 2001:db8:1:1::33 community 0:999
+deny to 2001:db8:1:1::33 ext-community rt 0:999
+deny to 2001:db8:1:1::33 large-community 999:0:999
+
+# do_not_announce_to_peer
+# Warning: must skip 0:peer_as because peer_as > 65535 (131073)
+deny quick to 2001:db8:1:1::33 ext-community rt 0:131073
+deny quick to 2001:db8:1:1::33 large-community 999:0:131073
+
+# announce_to_peer
+# Warning: must skip 999:peer_as because peer_as > 65535 (131073)
+allow to 2001:db8:1:1::33 ext-community rt 999:131073
+allow to 2001:db8:1:1::33 large-community 999:999:131073
+
+
+# Add the $INTCOMM_PROCESS_PREPEND_COMMS ext community to signal that communities
+# for prepending can be processed. As soon as one prepending action is performed,
+# this internal community is removed, so that further actions are not processed.
+match to 2001:db8:1:1::33 set ext-community $INTCOMM_PROCESS_PREPEND_COMMS
+
+
+
+
+
+# ---------------------------------------------
+# client AS1_1, inbound
+
+
+# Attach custom BGP communities
+# cust_comm1
+match from 192.0.2.11 set community 65501:65501
+match from 192.0.2.11 set ext-community rt 65501:65501
+match from 192.0.2.11 set large-community 999:65501:65501
+
+# NEXT_HOP
+match from 192.0.2.11 set community NO_ADVERTISE
+match from 192.0.2.11 nexthop 192.0.2.11 set community delete NO_ADVERTISE
+# Reject inbound routes when 'from 192.0.2.11 community NO_ADVERTISE' - reject code: 5
+allow quick from 192.0.2.11 community NO_ADVERTISE set {
+	localpref 1
+	community 65520:0
+	community 65520:5
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: left-most ASN
+# Reject inbound routes when 'from 192.0.2.11 peer-as != 1' - reject code: 6
+# community from reject_cause_map
+allow quick from 192.0.2.11 peer-as != 1 set {
+	localpref 1
+	community 65520:0
+	community 65520:6
+	large-community 999:1101:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: invalid ASNs
+# Reject inbound routes when 'from 192.0.2.11 AS 23456' - reject code: 7
+allow quick from 192.0.2.11 AS 23456 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 192.0.2.11 AS 64496 - 131071' - reject code: 7
+allow quick from 192.0.2.11 AS 64496 - 131071 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 192.0.2.11 AS 4200000000 - 4294967295' - reject code: 7
+allow quick from 192.0.2.11 AS 4200000000 - 4294967295 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+
+
+
+
+
+
+
+
+
+# Prefix: length
+# Reject inbound routes when 'from 192.0.2.11 prefix 0.0.0.0/0 prefixlen 8 >< 24' - reject code: 13
+allow quick from 192.0.2.11 prefix 0.0.0.0/0 prefixlen 8 >< 24 set {
+	localpref 1
+	community 65520:0
+	community 65520:13
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+# Remove internal communities before accepting the route
+match from 192.0.2.11 set {
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+match from 192.0.2.11 set ext-community delete rt 65520:1
+
+
+
+allow quick from 192.0.2.11
+
+
+
+# ---------------------------------------------
+# client AS1_1, outbound
+
+deny quick to 192.0.2.11 community 65520:0
+
+
+
+# Blackhole request?
+# No blackhole filtering policy given
+deny quick to 192.0.2.11 community BLACKHOLE
+
+
+
+# NO_EXPORT and NO_ADVERTISE communities
+
+# BGP control communities
+allow to 192.0.2.11
+
+# do_not_announce_to_any
+deny to 192.0.2.11 community 0:999
+deny to 192.0.2.11 ext-community rt 0:999
+deny to 192.0.2.11 large-community 999:0:999
+
+# do_not_announce_to_peer
+deny quick to 192.0.2.11 community 0:1
+deny quick to 192.0.2.11 ext-community rt 0:1
+deny quick to 192.0.2.11 large-community 999:0:1
+
+# announce_to_peer
+allow to 192.0.2.11 community 999:1
+allow to 192.0.2.11 ext-community rt 999:1
+allow to 192.0.2.11 large-community 999:999:1
+
+
+# Add the $INTCOMM_PROCESS_PREPEND_COMMS ext community to signal that communities
+# for prepending can be processed. As soon as one prepending action is performed,
+# this internal community is removed, so that further actions are not processed.
+match to 192.0.2.11 set ext-community $INTCOMM_PROCESS_PREPEND_COMMS
+
+
+
+
+
+# ---------------------------------------------
+# client AS1_2, inbound
+
+
+# Attach custom BGP communities
+# cust_comm1
+match from 2001:db8:1:1::11 set community 65501:65501
+match from 2001:db8:1:1::11 set ext-community rt 65501:65501
+match from 2001:db8:1:1::11 set large-community 999:65501:65501
+
+# NEXT_HOP
+match from 2001:db8:1:1::11 set community NO_ADVERTISE
+match from 2001:db8:1:1::11 nexthop 2001:db8:1:1::11 set community delete NO_ADVERTISE
+# Reject inbound routes when 'from 2001:db8:1:1::11 community NO_ADVERTISE' - reject code: 5
+allow quick from 2001:db8:1:1::11 community NO_ADVERTISE set {
+	localpref 1
+	community 65520:0
+	community 65520:5
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: left-most ASN
+# Reject inbound routes when 'from 2001:db8:1:1::11 peer-as != 1' - reject code: 6
+# community from reject_cause_map
+allow quick from 2001:db8:1:1::11 peer-as != 1 set {
+	localpref 1
+	community 65520:0
+	community 65520:6
+	large-community 999:1101:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: invalid ASNs
+# Reject inbound routes when 'from 2001:db8:1:1::11 AS 23456' - reject code: 7
+allow quick from 2001:db8:1:1::11 AS 23456 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 2001:db8:1:1::11 AS 64496 - 131071' - reject code: 7
+allow quick from 2001:db8:1:1::11 AS 64496 - 131071 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 2001:db8:1:1::11 AS 4200000000 - 4294967295' - reject code: 7
+allow quick from 2001:db8:1:1::11 AS 4200000000 - 4294967295 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+
+
+
+
+
+
+
+
+
+# Prefix: length
+# Reject inbound routes when 'from 2001:db8:1:1::11 prefix ::/0 prefixlen 12 >< 48' - reject code: 13
+allow quick from 2001:db8:1:1::11 prefix ::/0 prefixlen 12 >< 48 set {
+	localpref 1
+	community 65520:0
+	community 65520:13
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+# Remove internal communities before accepting the route
+match from 2001:db8:1:1::11 set {
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+match from 2001:db8:1:1::11 set ext-community delete rt 65520:1
+
+
+
+allow quick from 2001:db8:1:1::11
+
+
+
+# ---------------------------------------------
+# client AS1_2, outbound
+
+deny quick to 2001:db8:1:1::11 community 65520:0
+
+
+
+# Blackhole request?
+# No blackhole filtering policy given
+deny quick to 2001:db8:1:1::11 community BLACKHOLE
+
+
+
+# NO_EXPORT and NO_ADVERTISE communities
+
+# BGP control communities
+allow to 2001:db8:1:1::11
+
+# do_not_announce_to_any
+deny to 2001:db8:1:1::11 community 0:999
+deny to 2001:db8:1:1::11 ext-community rt 0:999
+deny to 2001:db8:1:1::11 large-community 999:0:999
+
+# do_not_announce_to_peer
+deny quick to 2001:db8:1:1::11 community 0:1
+deny quick to 2001:db8:1:1::11 ext-community rt 0:1
+deny quick to 2001:db8:1:1::11 large-community 999:0:1
+
+# announce_to_peer
+allow to 2001:db8:1:1::11 community 999:1
+allow to 2001:db8:1:1::11 ext-community rt 999:1
+allow to 2001:db8:1:1::11 large-community 999:999:1
+
+
+# Add the $INTCOMM_PROCESS_PREPEND_COMMS ext community to signal that communities
+# for prepending can be processed. As soon as one prepending action is performed,
+# this internal community is removed, so that further actions are not processed.
+match to 2001:db8:1:1::11 set ext-community $INTCOMM_PROCESS_PREPEND_COMMS
+
+
+
+
+
+# ---------------------------------------------
+# client AS2_1, inbound
+
+
+
+# NEXT_HOP
+match from 192.0.2.22 set community NO_ADVERTISE
+match from 192.0.2.22 nexthop 192.0.2.22 set community delete NO_ADVERTISE
+# Reject inbound routes when 'from 192.0.2.22 community NO_ADVERTISE' - reject code: 5
+allow quick from 192.0.2.22 community NO_ADVERTISE set {
+	localpref 1
+	community 65520:0
+	community 65520:5
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: left-most ASN
+# Reject inbound routes when 'from 192.0.2.22 peer-as != 2' - reject code: 6
+# community from reject_cause_map
+allow quick from 192.0.2.22 peer-as != 2 set {
+	localpref 1
+	community 65520:0
+	community 65520:6
+	large-community 999:1101:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: invalid ASNs
+# Reject inbound routes when 'from 192.0.2.22 AS 23456' - reject code: 7
+allow quick from 192.0.2.22 AS 23456 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 192.0.2.22 AS 64496 - 131071' - reject code: 7
+allow quick from 192.0.2.22 AS 64496 - 131071 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 192.0.2.22 AS 4200000000 - 4294967295' - reject code: 7
+allow quick from 192.0.2.22 AS 4200000000 - 4294967295 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+
+
+
+
+
+
+
+
+
+# Prefix: length
+# Reject inbound routes when 'from 192.0.2.22 prefix 0.0.0.0/0 prefixlen 8 >< 24' - reject code: 13
+allow quick from 192.0.2.22 prefix 0.0.0.0/0 prefixlen 8 >< 24 set {
+	localpref 1
+	community 65520:0
+	community 65520:13
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+# Remove internal communities before accepting the route
+match from 192.0.2.22 set {
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+match from 192.0.2.22 set ext-community delete rt 65520:2
+
+
+
+allow quick from 192.0.2.22
+
+
+
+# ---------------------------------------------
+# client AS2_1, outbound
+
+deny quick to 192.0.2.22 community 65520:0
+
+
+
+# Blackhole request?
+# No blackhole filtering policy given
+deny quick to 192.0.2.22 community BLACKHOLE
+
+
+
+# NO_EXPORT and NO_ADVERTISE communities
+
+# BGP control communities
+allow to 192.0.2.22
+
+# do_not_announce_to_any
+deny to 192.0.2.22 community 0:999
+deny to 192.0.2.22 ext-community rt 0:999
+deny to 192.0.2.22 large-community 999:0:999
+
+# do_not_announce_to_peer
+deny quick to 192.0.2.22 community 0:2
+deny quick to 192.0.2.22 ext-community rt 0:2
+deny quick to 192.0.2.22 large-community 999:0:2
+
+# announce_to_peer
+allow to 192.0.2.22 community 999:2
+allow to 192.0.2.22 ext-community rt 999:2
+allow to 192.0.2.22 large-community 999:999:2
+
+
+# Add the $INTCOMM_PROCESS_PREPEND_COMMS ext community to signal that communities
+# for prepending can be processed. As soon as one prepending action is performed,
+# this internal community is removed, so that further actions are not processed.
+match to 192.0.2.22 set ext-community $INTCOMM_PROCESS_PREPEND_COMMS
+
+
+
+
+
+# ---------------------------------------------
+# client AS2_2, inbound
+
+
+
+# NEXT_HOP
+match from 2001:db8:1:1::22 set community NO_ADVERTISE
+match from 2001:db8:1:1::22 nexthop 2001:db8:1:1::22 set community delete NO_ADVERTISE
+# Reject inbound routes when 'from 2001:db8:1:1::22 community NO_ADVERTISE' - reject code: 5
+allow quick from 2001:db8:1:1::22 community NO_ADVERTISE set {
+	localpref 1
+	community 65520:0
+	community 65520:5
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: left-most ASN
+# Reject inbound routes when 'from 2001:db8:1:1::22 peer-as != 2' - reject code: 6
+# community from reject_cause_map
+allow quick from 2001:db8:1:1::22 peer-as != 2 set {
+	localpref 1
+	community 65520:0
+	community 65520:6
+	large-community 999:1101:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: invalid ASNs
+# Reject inbound routes when 'from 2001:db8:1:1::22 AS 23456' - reject code: 7
+allow quick from 2001:db8:1:1::22 AS 23456 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 2001:db8:1:1::22 AS 64496 - 131071' - reject code: 7
+allow quick from 2001:db8:1:1::22 AS 64496 - 131071 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 2001:db8:1:1::22 AS 4200000000 - 4294967295' - reject code: 7
+allow quick from 2001:db8:1:1::22 AS 4200000000 - 4294967295 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+
+
+
+
+
+
+
+
+
+# Prefix: length
+# Reject inbound routes when 'from 2001:db8:1:1::22 prefix ::/0 prefixlen 12 >< 48' - reject code: 13
+allow quick from 2001:db8:1:1::22 prefix ::/0 prefixlen 12 >< 48 set {
+	localpref 1
+	community 65520:0
+	community 65520:13
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+# Remove internal communities before accepting the route
+match from 2001:db8:1:1::22 set {
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+match from 2001:db8:1:1::22 set ext-community delete rt 65520:2
+
+
+
+allow quick from 2001:db8:1:1::22
+
+
+
+# ---------------------------------------------
+# client AS2_2, outbound
+
+deny quick to 2001:db8:1:1::22 community 65520:0
+
+
+
+# Blackhole request?
+# No blackhole filtering policy given
+deny quick to 2001:db8:1:1::22 community BLACKHOLE
+
+
+
+# NO_EXPORT and NO_ADVERTISE communities
+
+# BGP control communities
+allow to 2001:db8:1:1::22
+
+# do_not_announce_to_any
+deny to 2001:db8:1:1::22 community 0:999
+deny to 2001:db8:1:1::22 ext-community rt 0:999
+deny to 2001:db8:1:1::22 large-community 999:0:999
+
+# do_not_announce_to_peer
+deny quick to 2001:db8:1:1::22 community 0:2
+deny quick to 2001:db8:1:1::22 ext-community rt 0:2
+deny quick to 2001:db8:1:1::22 large-community 999:0:2
+
+# announce_to_peer
+allow to 2001:db8:1:1::22 community 999:2
+allow to 2001:db8:1:1::22 ext-community rt 999:2
+allow to 2001:db8:1:1::22 large-community 999:999:2
+
+
+# Add the $INTCOMM_PROCESS_PREPEND_COMMS ext community to signal that communities
+# for prepending can be processed. As soon as one prepending action is performed,
+# this internal community is removed, so that further actions are not processed.
+match to 2001:db8:1:1::22 set ext-community $INTCOMM_PROCESS_PREPEND_COMMS
+
+
+
+
+
+
+
+# Scrub communities from outbound routes
+# announce_to_peer
+match to group clients set community delete 999:*
+match to group clients set ext-community delete rt 999:*
+match to group clients set large-community delete 999:999:*
+
+# do_not_announce_to_any
+match to group clients set community delete 0:999
+match to group clients set ext-community delete rt 0:999
+match to group clients set large-community delete 999:0:999
+
+# do_not_announce_to_peer
+match to group clients set community delete 0:*
+match to group clients set ext-community delete rt 0:*
+match to group clients set large-community delete 999:0:*
+
+# reject_cause
+match to group clients set community delete 65520:*
+
+# reject_cause_map_6
+match to group clients set large-community delete 999:1101:7
+
+# rejected_route_announced_by
+match to group clients set ext-community delete rt 65520:*
+
+
+# Scrub prepending communities
+
+
+# RFC1997 NO_EXPORT/NO_ADVERTISE received from clients and propagated because of pass-through policy
+match to group clients ext-community $INTCOMM_NO_EXPORT set community NO_EXPORT
+match to group clients ext-community $INTCOMM_NO_ADVERTISE set community NO_ADVERTISE
+
+# Remove internal communities before announcing the route
+match to group clients set {
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
diff --git a/tests/live_tests/scenarios/communities/configs/BGPCommunitiesScenario_OpenBGPDIPv4/openbgpd77p.conf b/tests/live_tests/scenarios/communities/configs/BGPCommunitiesScenario_OpenBGPDIPv4/openbgpd77p.conf
new file mode 100644
index 00000000..b171bc60
--- /dev/null
+++ b/tests/live_tests/scenarios/communities/configs/BGPCommunitiesScenario_OpenBGPDIPv4/openbgpd77p.conf
@@ -0,0 +1,1887 @@
+# built by ARouteServer
+AS 999
+router-id 192.0.2.2
+
+fib-update no
+log updates
+
+nexthop qualify via default
+
+rde evaluate all
+
+INTCOMM_PREF_OK_ROA="soo 65535:1"
+INTCOMM_ROUTE_OK_WL="soo 65535:2"
+INTCOMM_PREF_OK_ARINDB="soo 65535:3"
+INTCOMM_PREF_OK_REGISTROBRDB="soo 65535:12"
+
+INTCOMM_ORIGIN_OK="soo 65535:4"
+INTCOMM_ORIGIN_KO="soo 65535:5"
+INTCOMM_PREFIX_OK="soo 65535:6"
+INTCOMM_PREFIX_KO="soo 65535:7"
+INTCOMM_IRR_REJECT="soo 65535:8"
+
+INTCOMM_RPKI_UNKNOWN="soo 65535:9"
+INTCOMM_RPKI_INVALID="soo 65535:10"
+INTCOMM_RPKI_VALID="soo 65535:11"
+
+INTCOMM_PROCESS_PREPEND_COMMS="soo 65535:13"
+
+INTCOMM_NO_EXPORT="soo 65535:65281"
+INTCOMM_NO_ADVERTISE="soo 65535:65282"
+
+# ---------------------------------------------------------
+# IRRDB
+
+
+
+
+# ---------------------------------------------------------
+# MEMBERS
+
+group "clients" {
+
+	neighbor 192.0.2.33 {
+		remote-as 131073
+
+		rde evaluate all
+
+		passive
+		ttl-security no
+		transparent-as yes
+		enforce neighbor-as no
+
+		announce as-4byte yes
+		announce IPv6 none
+		announce IPv4 unicast
+
+		set nexthop no-modify
+	}
+
+	neighbor 2001:db8:1:1::33 {
+		remote-as 131073
+
+		rde evaluate all
+
+		passive
+		ttl-security no
+		transparent-as yes
+		enforce neighbor-as no
+
+		announce as-4byte yes
+		announce IPv6 unicast
+		announce IPv4 none
+
+		set nexthop no-modify
+	}
+
+	neighbor 192.0.2.11 {
+		remote-as 1
+
+		rde evaluate all
+
+		passive
+		ttl-security no
+		transparent-as yes
+		enforce neighbor-as no
+
+		announce as-4byte yes
+		announce IPv6 none
+		announce IPv4 unicast
+
+		set nexthop no-modify
+	}
+
+	neighbor 2001:db8:1:1::11 {
+		remote-as 1
+
+		rde evaluate all
+
+		passive
+		ttl-security no
+		transparent-as yes
+		enforce neighbor-as no
+
+		announce as-4byte yes
+		announce IPv6 unicast
+		announce IPv4 none
+
+		set nexthop no-modify
+	}
+
+	neighbor 192.0.2.22 {
+		remote-as 2
+
+		rde evaluate all
+
+		passive
+		ttl-security no
+		transparent-as yes
+		enforce neighbor-as no
+
+		announce as-4byte yes
+		announce IPv6 none
+		announce IPv4 unicast
+
+		set nexthop no-modify
+	}
+
+	neighbor 2001:db8:1:1::22 {
+		remote-as 2
+
+		rde evaluate all
+
+		passive
+		ttl-security no
+		transparent-as yes
+		enforce neighbor-as no
+
+		announce as-4byte yes
+		announce IPv6 unicast
+		announce IPv4 none
+
+		set nexthop no-modify
+	}
+}
+
+
+
+# ---------------------------------------------------------
+# FILTERS
+
+# NO_ADVERTISE usage notes.
+# The NO_ADVERTISE well-know community is used here to handle
+# filters that span over multiple steps. At first it is added
+# to any route, then it is removed as filters conditions are
+# satisfied. Finally, if it is still present, it means that
+# the route should be discarded.
+
+
+
+
+
+prefix-set "bogons" {
+    0.0.0.0/0
+    0.0.0.0/8 prefixlen 8 - 32
+    10.0.0.0/8 prefixlen 8 - 32
+    127.0.0.0/8 prefixlen 8 - 32
+    169.254.0.0/16 prefixlen 16 - 32
+    172.16.0.0/12 prefixlen 12 - 32
+    192.0.2.0/24 prefixlen 24 - 32
+    192.88.99.0/24 prefixlen 24 - 32
+    192.168.0.0/16 prefixlen 16 - 32
+    198.18.0.0/15 prefixlen 15 - 32
+    198.51.100.0/24 prefixlen 24 - 32
+    203.0.113.0/24 prefixlen 24 - 32
+    224.0.0.0/3 prefixlen 3 - 32
+    100.64.0.0/10 prefixlen 10 - 32
+    ::/0
+    ::/8 prefixlen 8 - 128
+    64:ff9b::/96 prefixlen 96 - 128
+    100::/8 prefixlen 8 - 128
+    200::/7 prefixlen 7 - 128
+    400::/6 prefixlen 6 - 128
+    800::/5 prefixlen 5 - 128
+    1000::/4 prefixlen 4 - 128
+    2001::/33 prefixlen 33 - 128
+    2001:0:8000::/33 prefixlen 33 - 128
+    2001:2::/48 prefixlen 48 - 128
+    2001:3::/32 prefixlen 32 - 128
+    2001:10::/28 prefixlen 28 - 128
+    2001:20::/28 prefixlen 28 - 128
+    2001:db8::/32 prefixlen 32 - 128
+    2002::/16 prefixlen 16 - 128
+    3ffe::/16 prefixlen 16 - 128
+    4000::/3 prefixlen 3 - 128
+    5f00::/8 prefixlen 8 - 128
+    6000::/3 prefixlen 3 - 128
+    8000::/3 prefixlen 3 - 128
+    a000::/3 prefixlen 3 - 128
+    c000::/3 prefixlen 3 - 128
+    e000::/4 prefixlen 4 - 128
+    f000::/5 prefixlen 5 - 128
+    f800::/6 prefixlen 6 - 128
+    fc00::/7 prefixlen 7 - 128
+    fe80::/10 prefixlen 10 - 128
+    fec0::/10 prefixlen 10 - 128
+    ff00::/8 prefixlen 8 - 128
+
+}
+
+
+# =====================================================================================
+# Global rules.
+
+# This part of configuration is processed at the beginning of the filters.
+# The rules defined in this part are applied to all the clients, and not on a
+# client-by-client basis (see the 'match from group clients'), so only global policies
+# can be implemented here, that is no client-level configuration are allowed.
+
+
+
+# Scrub communities from inbound routes
+# reject_cause
+match from group clients set community delete 65520:*
+
+# reject_cause_map_6
+match from group clients set large-community delete 999:1101:7
+
+# rejected_route_announced_by
+match from group clients set ext-community delete rt 65520:*
+
+# cust_comm1
+match from group clients set community delete 65501:65501
+match from group clients set ext-community delete rt 65501:65501
+match from group clients set large-community delete 999:65501:65501
+
+
+# Scrub internal communities from inbound routes
+match from group clients set {
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+# The main goal of this block is to enrich routes received from clients by attaching to them
+# internal informational communities which are used later by the rest of the filter rules.
+
+# Internal communities used for RFC1997 well-known communities handling
+
+# Transform NO_EXPORT into $INTCOMM_NO_EXPORT
+match from group clients community NO_EXPORT set { ext-community $INTCOMM_NO_EXPORT community delete NO_EXPORT }
+
+# Transform NO_ADVERTISE into $INTCOMM_NO_ADVERTISE
+match from group clients community NO_ADVERTISE set { ext-community $INTCOMM_NO_ADVERTISE community delete NO_ADVERTISE }
+
+
+
+
+
+
+
+
+
+# Set the 'rejected_route_announced_by' community for all the clients.
+# It will be removed later if the route is not invalid
+match from 192.0.2.33 set ext-community rt 65520:131073
+
+match from 2001:db8:1:1::33 set ext-community rt 65520:131073
+
+match from 192.0.2.11 set ext-community rt 65520:1
+
+match from 2001:db8:1:1::11 set ext-community rt 65520:1
+
+match from 192.0.2.22 set ext-community rt 65520:2
+
+match from 2001:db8:1:1::22 set ext-community rt 65520:2
+
+
+
+
+# AS_PATH: length
+# Reject inbound routes when 'from group clients max-as-len 32' - reject code: 1
+allow quick from group clients max-as-len 32 set {
+	localpref 1
+	community 65520:0
+	community 65520:1
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+# Prefix: only IPv6 Global Unicast space allowed
+match from group clients inet6 set community NO_ADVERTISE
+match from group clients prefix 2000::/3 or-longer set community delete NO_ADVERTISE
+# Reject inbound routes when 'from group clients community NO_ADVERTISE' - reject code: 10
+allow quick from group clients community NO_ADVERTISE set {
+	localpref 1
+	community 65520:0
+	community 65520:10
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# Prefix: bogon
+# Reject inbound routes when 'from group clients prefix-set bogons' - reject code: 2
+allow quick from group clients prefix-set bogons set {
+	localpref 1
+	community 65520:0
+	community 65520:2
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+
+# =====================================================================================
+# Per client rules.
+
+
+# ---------------------------------------------
+# client AS131073_1, inbound
+
+
+
+# NEXT_HOP
+match from 192.0.2.33 set community NO_ADVERTISE
+match from 192.0.2.33 nexthop 192.0.2.33 set community delete NO_ADVERTISE
+# Reject inbound routes when 'from 192.0.2.33 community NO_ADVERTISE' - reject code: 5
+allow quick from 192.0.2.33 community NO_ADVERTISE set {
+	localpref 1
+	community 65520:0
+	community 65520:5
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: left-most ASN
+# Reject inbound routes when 'from 192.0.2.33 peer-as != 131073' - reject code: 6
+# community from reject_cause_map
+allow quick from 192.0.2.33 peer-as != 131073 set {
+	localpref 1
+	community 65520:0
+	community 65520:6
+	large-community 999:1101:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: invalid ASNs
+# Reject inbound routes when 'from 192.0.2.33 AS 23456' - reject code: 7
+allow quick from 192.0.2.33 AS 23456 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 192.0.2.33 AS 64496 - 131071' - reject code: 7
+allow quick from 192.0.2.33 AS 64496 - 131071 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 192.0.2.33 AS 4200000000 - 4294967295' - reject code: 7
+allow quick from 192.0.2.33 AS 4200000000 - 4294967295 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+
+
+
+
+
+
+
+
+
+# Prefix: length
+# Reject inbound routes when 'from 192.0.2.33 prefix 0.0.0.0/0 prefixlen 8 >< 24' - reject code: 13
+allow quick from 192.0.2.33 prefix 0.0.0.0/0 prefixlen 8 >< 24 set {
+	localpref 1
+	community 65520:0
+	community 65520:13
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+# Remove internal communities before accepting the route
+match from 192.0.2.33 set {
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+match from 192.0.2.33 set ext-community delete rt 65520:131073
+
+
+
+allow quick from 192.0.2.33
+
+
+
+# ---------------------------------------------
+# client AS131073_1, outbound
+
+deny quick to 192.0.2.33 community 65520:0
+
+
+
+# Blackhole request?
+# No blackhole filtering policy given
+deny quick to 192.0.2.33 community BLACKHOLE
+
+
+
+# NO_EXPORT and NO_ADVERTISE communities
+
+# BGP control communities
+allow to 192.0.2.33
+
+# do_not_announce_to_any
+deny to 192.0.2.33 community 0:999
+deny to 192.0.2.33 ext-community rt 0:999
+deny to 192.0.2.33 large-community 999:0:999
+
+# do_not_announce_to_peer
+# Warning: must skip 0:peer_as because peer_as > 65535 (131073)
+deny quick to 192.0.2.33 ext-community rt 0:131073
+deny quick to 192.0.2.33 large-community 999:0:131073
+
+# announce_to_peer
+# Warning: must skip 999:peer_as because peer_as > 65535 (131073)
+allow to 192.0.2.33 ext-community rt 999:131073
+allow to 192.0.2.33 large-community 999:999:131073
+
+
+# Add the $INTCOMM_PROCESS_PREPEND_COMMS ext community to signal that communities
+# for prepending can be processed. As soon as one prepending action is performed,
+# this internal community is removed, so that further actions are not processed.
+match to 192.0.2.33 set ext-community $INTCOMM_PROCESS_PREPEND_COMMS
+
+
+
+
+
+# ---------------------------------------------
+# client AS131073_2, inbound
+
+
+
+# NEXT_HOP
+match from 2001:db8:1:1::33 set community NO_ADVERTISE
+match from 2001:db8:1:1::33 nexthop 2001:db8:1:1::33 set community delete NO_ADVERTISE
+# Reject inbound routes when 'from 2001:db8:1:1::33 community NO_ADVERTISE' - reject code: 5
+allow quick from 2001:db8:1:1::33 community NO_ADVERTISE set {
+	localpref 1
+	community 65520:0
+	community 65520:5
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: left-most ASN
+# Reject inbound routes when 'from 2001:db8:1:1::33 peer-as != 131073' - reject code: 6
+# community from reject_cause_map
+allow quick from 2001:db8:1:1::33 peer-as != 131073 set {
+	localpref 1
+	community 65520:0
+	community 65520:6
+	large-community 999:1101:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: invalid ASNs
+# Reject inbound routes when 'from 2001:db8:1:1::33 AS 23456' - reject code: 7
+allow quick from 2001:db8:1:1::33 AS 23456 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 2001:db8:1:1::33 AS 64496 - 131071' - reject code: 7
+allow quick from 2001:db8:1:1::33 AS 64496 - 131071 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 2001:db8:1:1::33 AS 4200000000 - 4294967295' - reject code: 7
+allow quick from 2001:db8:1:1::33 AS 4200000000 - 4294967295 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+
+
+
+
+
+
+
+
+
+# Prefix: length
+# Reject inbound routes when 'from 2001:db8:1:1::33 prefix ::/0 prefixlen 12 >< 48' - reject code: 13
+allow quick from 2001:db8:1:1::33 prefix ::/0 prefixlen 12 >< 48 set {
+	localpref 1
+	community 65520:0
+	community 65520:13
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+# Remove internal communities before accepting the route
+match from 2001:db8:1:1::33 set {
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+match from 2001:db8:1:1::33 set ext-community delete rt 65520:131073
+
+
+
+allow quick from 2001:db8:1:1::33
+
+
+
+# ---------------------------------------------
+# client AS131073_2, outbound
+
+deny quick to 2001:db8:1:1::33 community 65520:0
+
+
+
+# Blackhole request?
+# No blackhole filtering policy given
+deny quick to 2001:db8:1:1::33 community BLACKHOLE
+
+
+
+# NO_EXPORT and NO_ADVERTISE communities
+
+# BGP control communities
+allow to 2001:db8:1:1::33
+
+# do_not_announce_to_any
+deny to 2001:db8:1:1::33 community 0:999
+deny to 2001:db8:1:1::33 ext-community rt 0:999
+deny to 2001:db8:1:1::33 large-community 999:0:999
+
+# do_not_announce_to_peer
+# Warning: must skip 0:peer_as because peer_as > 65535 (131073)
+deny quick to 2001:db8:1:1::33 ext-community rt 0:131073
+deny quick to 2001:db8:1:1::33 large-community 999:0:131073
+
+# announce_to_peer
+# Warning: must skip 999:peer_as because peer_as > 65535 (131073)
+allow to 2001:db8:1:1::33 ext-community rt 999:131073
+allow to 2001:db8:1:1::33 large-community 999:999:131073
+
+
+# Add the $INTCOMM_PROCESS_PREPEND_COMMS ext community to signal that communities
+# for prepending can be processed. As soon as one prepending action is performed,
+# this internal community is removed, so that further actions are not processed.
+match to 2001:db8:1:1::33 set ext-community $INTCOMM_PROCESS_PREPEND_COMMS
+
+
+
+
+
+# ---------------------------------------------
+# client AS1_1, inbound
+
+
+# Attach custom BGP communities
+# cust_comm1
+match from 192.0.2.11 set community 65501:65501
+match from 192.0.2.11 set ext-community rt 65501:65501
+match from 192.0.2.11 set large-community 999:65501:65501
+
+# NEXT_HOP
+match from 192.0.2.11 set community NO_ADVERTISE
+match from 192.0.2.11 nexthop 192.0.2.11 set community delete NO_ADVERTISE
+# Reject inbound routes when 'from 192.0.2.11 community NO_ADVERTISE' - reject code: 5
+allow quick from 192.0.2.11 community NO_ADVERTISE set {
+	localpref 1
+	community 65520:0
+	community 65520:5
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: left-most ASN
+# Reject inbound routes when 'from 192.0.2.11 peer-as != 1' - reject code: 6
+# community from reject_cause_map
+allow quick from 192.0.2.11 peer-as != 1 set {
+	localpref 1
+	community 65520:0
+	community 65520:6
+	large-community 999:1101:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: invalid ASNs
+# Reject inbound routes when 'from 192.0.2.11 AS 23456' - reject code: 7
+allow quick from 192.0.2.11 AS 23456 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 192.0.2.11 AS 64496 - 131071' - reject code: 7
+allow quick from 192.0.2.11 AS 64496 - 131071 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 192.0.2.11 AS 4200000000 - 4294967295' - reject code: 7
+allow quick from 192.0.2.11 AS 4200000000 - 4294967295 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+
+
+
+
+
+
+
+
+
+# Prefix: length
+# Reject inbound routes when 'from 192.0.2.11 prefix 0.0.0.0/0 prefixlen 8 >< 24' - reject code: 13
+allow quick from 192.0.2.11 prefix 0.0.0.0/0 prefixlen 8 >< 24 set {
+	localpref 1
+	community 65520:0
+	community 65520:13
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+# Remove internal communities before accepting the route
+match from 192.0.2.11 set {
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+match from 192.0.2.11 set ext-community delete rt 65520:1
+
+
+
+allow quick from 192.0.2.11
+
+
+
+# ---------------------------------------------
+# client AS1_1, outbound
+
+deny quick to 192.0.2.11 community 65520:0
+
+
+
+# Blackhole request?
+# No blackhole filtering policy given
+deny quick to 192.0.2.11 community BLACKHOLE
+
+
+
+# NO_EXPORT and NO_ADVERTISE communities
+
+# BGP control communities
+allow to 192.0.2.11
+
+# do_not_announce_to_any
+deny to 192.0.2.11 community 0:999
+deny to 192.0.2.11 ext-community rt 0:999
+deny to 192.0.2.11 large-community 999:0:999
+
+# do_not_announce_to_peer
+deny quick to 192.0.2.11 community 0:1
+deny quick to 192.0.2.11 ext-community rt 0:1
+deny quick to 192.0.2.11 large-community 999:0:1
+
+# announce_to_peer
+allow to 192.0.2.11 community 999:1
+allow to 192.0.2.11 ext-community rt 999:1
+allow to 192.0.2.11 large-community 999:999:1
+
+
+# Add the $INTCOMM_PROCESS_PREPEND_COMMS ext community to signal that communities
+# for prepending can be processed. As soon as one prepending action is performed,
+# this internal community is removed, so that further actions are not processed.
+match to 192.0.2.11 set ext-community $INTCOMM_PROCESS_PREPEND_COMMS
+
+
+
+
+
+# ---------------------------------------------
+# client AS1_2, inbound
+
+
+# Attach custom BGP communities
+# cust_comm1
+match from 2001:db8:1:1::11 set community 65501:65501
+match from 2001:db8:1:1::11 set ext-community rt 65501:65501
+match from 2001:db8:1:1::11 set large-community 999:65501:65501
+
+# NEXT_HOP
+match from 2001:db8:1:1::11 set community NO_ADVERTISE
+match from 2001:db8:1:1::11 nexthop 2001:db8:1:1::11 set community delete NO_ADVERTISE
+# Reject inbound routes when 'from 2001:db8:1:1::11 community NO_ADVERTISE' - reject code: 5
+allow quick from 2001:db8:1:1::11 community NO_ADVERTISE set {
+	localpref 1
+	community 65520:0
+	community 65520:5
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: left-most ASN
+# Reject inbound routes when 'from 2001:db8:1:1::11 peer-as != 1' - reject code: 6
+# community from reject_cause_map
+allow quick from 2001:db8:1:1::11 peer-as != 1 set {
+	localpref 1
+	community 65520:0
+	community 65520:6
+	large-community 999:1101:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: invalid ASNs
+# Reject inbound routes when 'from 2001:db8:1:1::11 AS 23456' - reject code: 7
+allow quick from 2001:db8:1:1::11 AS 23456 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 2001:db8:1:1::11 AS 64496 - 131071' - reject code: 7
+allow quick from 2001:db8:1:1::11 AS 64496 - 131071 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 2001:db8:1:1::11 AS 4200000000 - 4294967295' - reject code: 7
+allow quick from 2001:db8:1:1::11 AS 4200000000 - 4294967295 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+
+
+
+
+
+
+
+
+
+# Prefix: length
+# Reject inbound routes when 'from 2001:db8:1:1::11 prefix ::/0 prefixlen 12 >< 48' - reject code: 13
+allow quick from 2001:db8:1:1::11 prefix ::/0 prefixlen 12 >< 48 set {
+	localpref 1
+	community 65520:0
+	community 65520:13
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+# Remove internal communities before accepting the route
+match from 2001:db8:1:1::11 set {
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+match from 2001:db8:1:1::11 set ext-community delete rt 65520:1
+
+
+
+allow quick from 2001:db8:1:1::11
+
+
+
+# ---------------------------------------------
+# client AS1_2, outbound
+
+deny quick to 2001:db8:1:1::11 community 65520:0
+
+
+
+# Blackhole request?
+# No blackhole filtering policy given
+deny quick to 2001:db8:1:1::11 community BLACKHOLE
+
+
+
+# NO_EXPORT and NO_ADVERTISE communities
+
+# BGP control communities
+allow to 2001:db8:1:1::11
+
+# do_not_announce_to_any
+deny to 2001:db8:1:1::11 community 0:999
+deny to 2001:db8:1:1::11 ext-community rt 0:999
+deny to 2001:db8:1:1::11 large-community 999:0:999
+
+# do_not_announce_to_peer
+deny quick to 2001:db8:1:1::11 community 0:1
+deny quick to 2001:db8:1:1::11 ext-community rt 0:1
+deny quick to 2001:db8:1:1::11 large-community 999:0:1
+
+# announce_to_peer
+allow to 2001:db8:1:1::11 community 999:1
+allow to 2001:db8:1:1::11 ext-community rt 999:1
+allow to 2001:db8:1:1::11 large-community 999:999:1
+
+
+# Add the $INTCOMM_PROCESS_PREPEND_COMMS ext community to signal that communities
+# for prepending can be processed. As soon as one prepending action is performed,
+# this internal community is removed, so that further actions are not processed.
+match to 2001:db8:1:1::11 set ext-community $INTCOMM_PROCESS_PREPEND_COMMS
+
+
+
+
+
+# ---------------------------------------------
+# client AS2_1, inbound
+
+
+
+# NEXT_HOP
+match from 192.0.2.22 set community NO_ADVERTISE
+match from 192.0.2.22 nexthop 192.0.2.22 set community delete NO_ADVERTISE
+# Reject inbound routes when 'from 192.0.2.22 community NO_ADVERTISE' - reject code: 5
+allow quick from 192.0.2.22 community NO_ADVERTISE set {
+	localpref 1
+	community 65520:0
+	community 65520:5
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: left-most ASN
+# Reject inbound routes when 'from 192.0.2.22 peer-as != 2' - reject code: 6
+# community from reject_cause_map
+allow quick from 192.0.2.22 peer-as != 2 set {
+	localpref 1
+	community 65520:0
+	community 65520:6
+	large-community 999:1101:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: invalid ASNs
+# Reject inbound routes when 'from 192.0.2.22 AS 23456' - reject code: 7
+allow quick from 192.0.2.22 AS 23456 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 192.0.2.22 AS 64496 - 131071' - reject code: 7
+allow quick from 192.0.2.22 AS 64496 - 131071 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 192.0.2.22 AS 4200000000 - 4294967295' - reject code: 7
+allow quick from 192.0.2.22 AS 4200000000 - 4294967295 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+
+
+
+
+
+
+
+
+
+# Prefix: length
+# Reject inbound routes when 'from 192.0.2.22 prefix 0.0.0.0/0 prefixlen 8 >< 24' - reject code: 13
+allow quick from 192.0.2.22 prefix 0.0.0.0/0 prefixlen 8 >< 24 set {
+	localpref 1
+	community 65520:0
+	community 65520:13
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+# Remove internal communities before accepting the route
+match from 192.0.2.22 set {
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+match from 192.0.2.22 set ext-community delete rt 65520:2
+
+
+
+allow quick from 192.0.2.22
+
+
+
+# ---------------------------------------------
+# client AS2_1, outbound
+
+deny quick to 192.0.2.22 community 65520:0
+
+
+
+# Blackhole request?
+# No blackhole filtering policy given
+deny quick to 192.0.2.22 community BLACKHOLE
+
+
+
+# NO_EXPORT and NO_ADVERTISE communities
+
+# BGP control communities
+allow to 192.0.2.22
+
+# do_not_announce_to_any
+deny to 192.0.2.22 community 0:999
+deny to 192.0.2.22 ext-community rt 0:999
+deny to 192.0.2.22 large-community 999:0:999
+
+# do_not_announce_to_peer
+deny quick to 192.0.2.22 community 0:2
+deny quick to 192.0.2.22 ext-community rt 0:2
+deny quick to 192.0.2.22 large-community 999:0:2
+
+# announce_to_peer
+allow to 192.0.2.22 community 999:2
+allow to 192.0.2.22 ext-community rt 999:2
+allow to 192.0.2.22 large-community 999:999:2
+
+
+# Add the $INTCOMM_PROCESS_PREPEND_COMMS ext community to signal that communities
+# for prepending can be processed. As soon as one prepending action is performed,
+# this internal community is removed, so that further actions are not processed.
+match to 192.0.2.22 set ext-community $INTCOMM_PROCESS_PREPEND_COMMS
+
+
+
+
+
+# ---------------------------------------------
+# client AS2_2, inbound
+
+
+
+# NEXT_HOP
+match from 2001:db8:1:1::22 set community NO_ADVERTISE
+match from 2001:db8:1:1::22 nexthop 2001:db8:1:1::22 set community delete NO_ADVERTISE
+# Reject inbound routes when 'from 2001:db8:1:1::22 community NO_ADVERTISE' - reject code: 5
+allow quick from 2001:db8:1:1::22 community NO_ADVERTISE set {
+	localpref 1
+	community 65520:0
+	community 65520:5
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: left-most ASN
+# Reject inbound routes when 'from 2001:db8:1:1::22 peer-as != 2' - reject code: 6
+# community from reject_cause_map
+allow quick from 2001:db8:1:1::22 peer-as != 2 set {
+	localpref 1
+	community 65520:0
+	community 65520:6
+	large-community 999:1101:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: invalid ASNs
+# Reject inbound routes when 'from 2001:db8:1:1::22 AS 23456' - reject code: 7
+allow quick from 2001:db8:1:1::22 AS 23456 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 2001:db8:1:1::22 AS 64496 - 131071' - reject code: 7
+allow quick from 2001:db8:1:1::22 AS 64496 - 131071 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 2001:db8:1:1::22 AS 4200000000 - 4294967295' - reject code: 7
+allow quick from 2001:db8:1:1::22 AS 4200000000 - 4294967295 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+
+
+
+
+
+
+
+
+
+# Prefix: length
+# Reject inbound routes when 'from 2001:db8:1:1::22 prefix ::/0 prefixlen 12 >< 48' - reject code: 13
+allow quick from 2001:db8:1:1::22 prefix ::/0 prefixlen 12 >< 48 set {
+	localpref 1
+	community 65520:0
+	community 65520:13
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+# Remove internal communities before accepting the route
+match from 2001:db8:1:1::22 set {
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+match from 2001:db8:1:1::22 set ext-community delete rt 65520:2
+
+
+
+allow quick from 2001:db8:1:1::22
+
+
+
+# ---------------------------------------------
+# client AS2_2, outbound
+
+deny quick to 2001:db8:1:1::22 community 65520:0
+
+
+
+# Blackhole request?
+# No blackhole filtering policy given
+deny quick to 2001:db8:1:1::22 community BLACKHOLE
+
+
+
+# NO_EXPORT and NO_ADVERTISE communities
+
+# BGP control communities
+allow to 2001:db8:1:1::22
+
+# do_not_announce_to_any
+deny to 2001:db8:1:1::22 community 0:999
+deny to 2001:db8:1:1::22 ext-community rt 0:999
+deny to 2001:db8:1:1::22 large-community 999:0:999
+
+# do_not_announce_to_peer
+deny quick to 2001:db8:1:1::22 community 0:2
+deny quick to 2001:db8:1:1::22 ext-community rt 0:2
+deny quick to 2001:db8:1:1::22 large-community 999:0:2
+
+# announce_to_peer
+allow to 2001:db8:1:1::22 community 999:2
+allow to 2001:db8:1:1::22 ext-community rt 999:2
+allow to 2001:db8:1:1::22 large-community 999:999:2
+
+
+# Add the $INTCOMM_PROCESS_PREPEND_COMMS ext community to signal that communities
+# for prepending can be processed. As soon as one prepending action is performed,
+# this internal community is removed, so that further actions are not processed.
+match to 2001:db8:1:1::22 set ext-community $INTCOMM_PROCESS_PREPEND_COMMS
+
+
+
+
+
+
+
+# Scrub communities from outbound routes
+# announce_to_peer
+match to group clients set community delete 999:*
+match to group clients set ext-community delete rt 999:*
+match to group clients set large-community delete 999:999:*
+
+# do_not_announce_to_any
+match to group clients set community delete 0:999
+match to group clients set ext-community delete rt 0:999
+match to group clients set large-community delete 999:0:999
+
+# do_not_announce_to_peer
+match to group clients set community delete 0:*
+match to group clients set ext-community delete rt 0:*
+match to group clients set large-community delete 999:0:*
+
+# reject_cause
+match to group clients set community delete 65520:*
+
+# reject_cause_map_6
+match to group clients set large-community delete 999:1101:7
+
+# rejected_route_announced_by
+match to group clients set ext-community delete rt 65520:*
+
+
+# Scrub prepending communities
+
+
+# RFC1997 NO_EXPORT/NO_ADVERTISE received from clients and propagated because of pass-through policy
+match to group clients ext-community $INTCOMM_NO_EXPORT set community NO_EXPORT
+match to group clients ext-community $INTCOMM_NO_ADVERTISE set community NO_ADVERTISE
+
+# Remove internal communities before announcing the route
+match to group clients set {
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
diff --git a/tests/live_tests/scenarios/communities/configs/BGPCommunitiesScenario_OpenBGPDIPv6/openbgpd76p.conf b/tests/live_tests/scenarios/communities/configs/BGPCommunitiesScenario_OpenBGPDIPv6/openbgpd76p.conf
new file mode 100644
index 00000000..b171bc60
--- /dev/null
+++ b/tests/live_tests/scenarios/communities/configs/BGPCommunitiesScenario_OpenBGPDIPv6/openbgpd76p.conf
@@ -0,0 +1,1887 @@
+# built by ARouteServer
+AS 999
+router-id 192.0.2.2
+
+fib-update no
+log updates
+
+nexthop qualify via default
+
+rde evaluate all
+
+INTCOMM_PREF_OK_ROA="soo 65535:1"
+INTCOMM_ROUTE_OK_WL="soo 65535:2"
+INTCOMM_PREF_OK_ARINDB="soo 65535:3"
+INTCOMM_PREF_OK_REGISTROBRDB="soo 65535:12"
+
+INTCOMM_ORIGIN_OK="soo 65535:4"
+INTCOMM_ORIGIN_KO="soo 65535:5"
+INTCOMM_PREFIX_OK="soo 65535:6"
+INTCOMM_PREFIX_KO="soo 65535:7"
+INTCOMM_IRR_REJECT="soo 65535:8"
+
+INTCOMM_RPKI_UNKNOWN="soo 65535:9"
+INTCOMM_RPKI_INVALID="soo 65535:10"
+INTCOMM_RPKI_VALID="soo 65535:11"
+
+INTCOMM_PROCESS_PREPEND_COMMS="soo 65535:13"
+
+INTCOMM_NO_EXPORT="soo 65535:65281"
+INTCOMM_NO_ADVERTISE="soo 65535:65282"
+
+# ---------------------------------------------------------
+# IRRDB
+
+
+
+
+# ---------------------------------------------------------
+# MEMBERS
+
+group "clients" {
+
+	neighbor 192.0.2.33 {
+		remote-as 131073
+
+		rde evaluate all
+
+		passive
+		ttl-security no
+		transparent-as yes
+		enforce neighbor-as no
+
+		announce as-4byte yes
+		announce IPv6 none
+		announce IPv4 unicast
+
+		set nexthop no-modify
+	}
+
+	neighbor 2001:db8:1:1::33 {
+		remote-as 131073
+
+		rde evaluate all
+
+		passive
+		ttl-security no
+		transparent-as yes
+		enforce neighbor-as no
+
+		announce as-4byte yes
+		announce IPv6 unicast
+		announce IPv4 none
+
+		set nexthop no-modify
+	}
+
+	neighbor 192.0.2.11 {
+		remote-as 1
+
+		rde evaluate all
+
+		passive
+		ttl-security no
+		transparent-as yes
+		enforce neighbor-as no
+
+		announce as-4byte yes
+		announce IPv6 none
+		announce IPv4 unicast
+
+		set nexthop no-modify
+	}
+
+	neighbor 2001:db8:1:1::11 {
+		remote-as 1
+
+		rde evaluate all
+
+		passive
+		ttl-security no
+		transparent-as yes
+		enforce neighbor-as no
+
+		announce as-4byte yes
+		announce IPv6 unicast
+		announce IPv4 none
+
+		set nexthop no-modify
+	}
+
+	neighbor 192.0.2.22 {
+		remote-as 2
+
+		rde evaluate all
+
+		passive
+		ttl-security no
+		transparent-as yes
+		enforce neighbor-as no
+
+		announce as-4byte yes
+		announce IPv6 none
+		announce IPv4 unicast
+
+		set nexthop no-modify
+	}
+
+	neighbor 2001:db8:1:1::22 {
+		remote-as 2
+
+		rde evaluate all
+
+		passive
+		ttl-security no
+		transparent-as yes
+		enforce neighbor-as no
+
+		announce as-4byte yes
+		announce IPv6 unicast
+		announce IPv4 none
+
+		set nexthop no-modify
+	}
+}
+
+
+
+# ---------------------------------------------------------
+# FILTERS
+
+# NO_ADVERTISE usage notes.
+# The NO_ADVERTISE well-know community is used here to handle
+# filters that span over multiple steps. At first it is added
+# to any route, then it is removed as filters conditions are
+# satisfied. Finally, if it is still present, it means that
+# the route should be discarded.
+
+
+
+
+
+prefix-set "bogons" {
+    0.0.0.0/0
+    0.0.0.0/8 prefixlen 8 - 32
+    10.0.0.0/8 prefixlen 8 - 32
+    127.0.0.0/8 prefixlen 8 - 32
+    169.254.0.0/16 prefixlen 16 - 32
+    172.16.0.0/12 prefixlen 12 - 32
+    192.0.2.0/24 prefixlen 24 - 32
+    192.88.99.0/24 prefixlen 24 - 32
+    192.168.0.0/16 prefixlen 16 - 32
+    198.18.0.0/15 prefixlen 15 - 32
+    198.51.100.0/24 prefixlen 24 - 32
+    203.0.113.0/24 prefixlen 24 - 32
+    224.0.0.0/3 prefixlen 3 - 32
+    100.64.0.0/10 prefixlen 10 - 32
+    ::/0
+    ::/8 prefixlen 8 - 128
+    64:ff9b::/96 prefixlen 96 - 128
+    100::/8 prefixlen 8 - 128
+    200::/7 prefixlen 7 - 128
+    400::/6 prefixlen 6 - 128
+    800::/5 prefixlen 5 - 128
+    1000::/4 prefixlen 4 - 128
+    2001::/33 prefixlen 33 - 128
+    2001:0:8000::/33 prefixlen 33 - 128
+    2001:2::/48 prefixlen 48 - 128
+    2001:3::/32 prefixlen 32 - 128
+    2001:10::/28 prefixlen 28 - 128
+    2001:20::/28 prefixlen 28 - 128
+    2001:db8::/32 prefixlen 32 - 128
+    2002::/16 prefixlen 16 - 128
+    3ffe::/16 prefixlen 16 - 128
+    4000::/3 prefixlen 3 - 128
+    5f00::/8 prefixlen 8 - 128
+    6000::/3 prefixlen 3 - 128
+    8000::/3 prefixlen 3 - 128
+    a000::/3 prefixlen 3 - 128
+    c000::/3 prefixlen 3 - 128
+    e000::/4 prefixlen 4 - 128
+    f000::/5 prefixlen 5 - 128
+    f800::/6 prefixlen 6 - 128
+    fc00::/7 prefixlen 7 - 128
+    fe80::/10 prefixlen 10 - 128
+    fec0::/10 prefixlen 10 - 128
+    ff00::/8 prefixlen 8 - 128
+
+}
+
+
+# =====================================================================================
+# Global rules.
+
+# This part of configuration is processed at the beginning of the filters.
+# The rules defined in this part are applied to all the clients, and not on a
+# client-by-client basis (see the 'match from group clients'), so only global policies
+# can be implemented here, that is no client-level configuration are allowed.
+
+
+
+# Scrub communities from inbound routes
+# reject_cause
+match from group clients set community delete 65520:*
+
+# reject_cause_map_6
+match from group clients set large-community delete 999:1101:7
+
+# rejected_route_announced_by
+match from group clients set ext-community delete rt 65520:*
+
+# cust_comm1
+match from group clients set community delete 65501:65501
+match from group clients set ext-community delete rt 65501:65501
+match from group clients set large-community delete 999:65501:65501
+
+
+# Scrub internal communities from inbound routes
+match from group clients set {
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+# The main goal of this block is to enrich routes received from clients by attaching to them
+# internal informational communities which are used later by the rest of the filter rules.
+
+# Internal communities used for RFC1997 well-known communities handling
+
+# Transform NO_EXPORT into $INTCOMM_NO_EXPORT
+match from group clients community NO_EXPORT set { ext-community $INTCOMM_NO_EXPORT community delete NO_EXPORT }
+
+# Transform NO_ADVERTISE into $INTCOMM_NO_ADVERTISE
+match from group clients community NO_ADVERTISE set { ext-community $INTCOMM_NO_ADVERTISE community delete NO_ADVERTISE }
+
+
+
+
+
+
+
+
+
+# Set the 'rejected_route_announced_by' community for all the clients.
+# It will be removed later if the route is not invalid
+match from 192.0.2.33 set ext-community rt 65520:131073
+
+match from 2001:db8:1:1::33 set ext-community rt 65520:131073
+
+match from 192.0.2.11 set ext-community rt 65520:1
+
+match from 2001:db8:1:1::11 set ext-community rt 65520:1
+
+match from 192.0.2.22 set ext-community rt 65520:2
+
+match from 2001:db8:1:1::22 set ext-community rt 65520:2
+
+
+
+
+# AS_PATH: length
+# Reject inbound routes when 'from group clients max-as-len 32' - reject code: 1
+allow quick from group clients max-as-len 32 set {
+	localpref 1
+	community 65520:0
+	community 65520:1
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+# Prefix: only IPv6 Global Unicast space allowed
+match from group clients inet6 set community NO_ADVERTISE
+match from group clients prefix 2000::/3 or-longer set community delete NO_ADVERTISE
+# Reject inbound routes when 'from group clients community NO_ADVERTISE' - reject code: 10
+allow quick from group clients community NO_ADVERTISE set {
+	localpref 1
+	community 65520:0
+	community 65520:10
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# Prefix: bogon
+# Reject inbound routes when 'from group clients prefix-set bogons' - reject code: 2
+allow quick from group clients prefix-set bogons set {
+	localpref 1
+	community 65520:0
+	community 65520:2
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+
+# =====================================================================================
+# Per client rules.
+
+
+# ---------------------------------------------
+# client AS131073_1, inbound
+
+
+
+# NEXT_HOP
+match from 192.0.2.33 set community NO_ADVERTISE
+match from 192.0.2.33 nexthop 192.0.2.33 set community delete NO_ADVERTISE
+# Reject inbound routes when 'from 192.0.2.33 community NO_ADVERTISE' - reject code: 5
+allow quick from 192.0.2.33 community NO_ADVERTISE set {
+	localpref 1
+	community 65520:0
+	community 65520:5
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: left-most ASN
+# Reject inbound routes when 'from 192.0.2.33 peer-as != 131073' - reject code: 6
+# community from reject_cause_map
+allow quick from 192.0.2.33 peer-as != 131073 set {
+	localpref 1
+	community 65520:0
+	community 65520:6
+	large-community 999:1101:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: invalid ASNs
+# Reject inbound routes when 'from 192.0.2.33 AS 23456' - reject code: 7
+allow quick from 192.0.2.33 AS 23456 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 192.0.2.33 AS 64496 - 131071' - reject code: 7
+allow quick from 192.0.2.33 AS 64496 - 131071 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 192.0.2.33 AS 4200000000 - 4294967295' - reject code: 7
+allow quick from 192.0.2.33 AS 4200000000 - 4294967295 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+
+
+
+
+
+
+
+
+
+# Prefix: length
+# Reject inbound routes when 'from 192.0.2.33 prefix 0.0.0.0/0 prefixlen 8 >< 24' - reject code: 13
+allow quick from 192.0.2.33 prefix 0.0.0.0/0 prefixlen 8 >< 24 set {
+	localpref 1
+	community 65520:0
+	community 65520:13
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+# Remove internal communities before accepting the route
+match from 192.0.2.33 set {
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+match from 192.0.2.33 set ext-community delete rt 65520:131073
+
+
+
+allow quick from 192.0.2.33
+
+
+
+# ---------------------------------------------
+# client AS131073_1, outbound
+
+deny quick to 192.0.2.33 community 65520:0
+
+
+
+# Blackhole request?
+# No blackhole filtering policy given
+deny quick to 192.0.2.33 community BLACKHOLE
+
+
+
+# NO_EXPORT and NO_ADVERTISE communities
+
+# BGP control communities
+allow to 192.0.2.33
+
+# do_not_announce_to_any
+deny to 192.0.2.33 community 0:999
+deny to 192.0.2.33 ext-community rt 0:999
+deny to 192.0.2.33 large-community 999:0:999
+
+# do_not_announce_to_peer
+# Warning: must skip 0:peer_as because peer_as > 65535 (131073)
+deny quick to 192.0.2.33 ext-community rt 0:131073
+deny quick to 192.0.2.33 large-community 999:0:131073
+
+# announce_to_peer
+# Warning: must skip 999:peer_as because peer_as > 65535 (131073)
+allow to 192.0.2.33 ext-community rt 999:131073
+allow to 192.0.2.33 large-community 999:999:131073
+
+
+# Add the $INTCOMM_PROCESS_PREPEND_COMMS ext community to signal that communities
+# for prepending can be processed. As soon as one prepending action is performed,
+# this internal community is removed, so that further actions are not processed.
+match to 192.0.2.33 set ext-community $INTCOMM_PROCESS_PREPEND_COMMS
+
+
+
+
+
+# ---------------------------------------------
+# client AS131073_2, inbound
+
+
+
+# NEXT_HOP
+match from 2001:db8:1:1::33 set community NO_ADVERTISE
+match from 2001:db8:1:1::33 nexthop 2001:db8:1:1::33 set community delete NO_ADVERTISE
+# Reject inbound routes when 'from 2001:db8:1:1::33 community NO_ADVERTISE' - reject code: 5
+allow quick from 2001:db8:1:1::33 community NO_ADVERTISE set {
+	localpref 1
+	community 65520:0
+	community 65520:5
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: left-most ASN
+# Reject inbound routes when 'from 2001:db8:1:1::33 peer-as != 131073' - reject code: 6
+# community from reject_cause_map
+allow quick from 2001:db8:1:1::33 peer-as != 131073 set {
+	localpref 1
+	community 65520:0
+	community 65520:6
+	large-community 999:1101:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: invalid ASNs
+# Reject inbound routes when 'from 2001:db8:1:1::33 AS 23456' - reject code: 7
+allow quick from 2001:db8:1:1::33 AS 23456 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 2001:db8:1:1::33 AS 64496 - 131071' - reject code: 7
+allow quick from 2001:db8:1:1::33 AS 64496 - 131071 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 2001:db8:1:1::33 AS 4200000000 - 4294967295' - reject code: 7
+allow quick from 2001:db8:1:1::33 AS 4200000000 - 4294967295 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+
+
+
+
+
+
+
+
+
+# Prefix: length
+# Reject inbound routes when 'from 2001:db8:1:1::33 prefix ::/0 prefixlen 12 >< 48' - reject code: 13
+allow quick from 2001:db8:1:1::33 prefix ::/0 prefixlen 12 >< 48 set {
+	localpref 1
+	community 65520:0
+	community 65520:13
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+# Remove internal communities before accepting the route
+match from 2001:db8:1:1::33 set {
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+match from 2001:db8:1:1::33 set ext-community delete rt 65520:131073
+
+
+
+allow quick from 2001:db8:1:1::33
+
+
+
+# ---------------------------------------------
+# client AS131073_2, outbound
+
+deny quick to 2001:db8:1:1::33 community 65520:0
+
+
+
+# Blackhole request?
+# No blackhole filtering policy given
+deny quick to 2001:db8:1:1::33 community BLACKHOLE
+
+
+
+# NO_EXPORT and NO_ADVERTISE communities
+
+# BGP control communities
+allow to 2001:db8:1:1::33
+
+# do_not_announce_to_any
+deny to 2001:db8:1:1::33 community 0:999
+deny to 2001:db8:1:1::33 ext-community rt 0:999
+deny to 2001:db8:1:1::33 large-community 999:0:999
+
+# do_not_announce_to_peer
+# Warning: must skip 0:peer_as because peer_as > 65535 (131073)
+deny quick to 2001:db8:1:1::33 ext-community rt 0:131073
+deny quick to 2001:db8:1:1::33 large-community 999:0:131073
+
+# announce_to_peer
+# Warning: must skip 999:peer_as because peer_as > 65535 (131073)
+allow to 2001:db8:1:1::33 ext-community rt 999:131073
+allow to 2001:db8:1:1::33 large-community 999:999:131073
+
+
+# Add the $INTCOMM_PROCESS_PREPEND_COMMS ext community to signal that communities
+# for prepending can be processed. As soon as one prepending action is performed,
+# this internal community is removed, so that further actions are not processed.
+match to 2001:db8:1:1::33 set ext-community $INTCOMM_PROCESS_PREPEND_COMMS
+
+
+
+
+
+# ---------------------------------------------
+# client AS1_1, inbound
+
+
+# Attach custom BGP communities
+# cust_comm1
+match from 192.0.2.11 set community 65501:65501
+match from 192.0.2.11 set ext-community rt 65501:65501
+match from 192.0.2.11 set large-community 999:65501:65501
+
+# NEXT_HOP
+match from 192.0.2.11 set community NO_ADVERTISE
+match from 192.0.2.11 nexthop 192.0.2.11 set community delete NO_ADVERTISE
+# Reject inbound routes when 'from 192.0.2.11 community NO_ADVERTISE' - reject code: 5
+allow quick from 192.0.2.11 community NO_ADVERTISE set {
+	localpref 1
+	community 65520:0
+	community 65520:5
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: left-most ASN
+# Reject inbound routes when 'from 192.0.2.11 peer-as != 1' - reject code: 6
+# community from reject_cause_map
+allow quick from 192.0.2.11 peer-as != 1 set {
+	localpref 1
+	community 65520:0
+	community 65520:6
+	large-community 999:1101:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: invalid ASNs
+# Reject inbound routes when 'from 192.0.2.11 AS 23456' - reject code: 7
+allow quick from 192.0.2.11 AS 23456 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 192.0.2.11 AS 64496 - 131071' - reject code: 7
+allow quick from 192.0.2.11 AS 64496 - 131071 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 192.0.2.11 AS 4200000000 - 4294967295' - reject code: 7
+allow quick from 192.0.2.11 AS 4200000000 - 4294967295 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+
+
+
+
+
+
+
+
+
+# Prefix: length
+# Reject inbound routes when 'from 192.0.2.11 prefix 0.0.0.0/0 prefixlen 8 >< 24' - reject code: 13
+allow quick from 192.0.2.11 prefix 0.0.0.0/0 prefixlen 8 >< 24 set {
+	localpref 1
+	community 65520:0
+	community 65520:13
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+# Remove internal communities before accepting the route
+match from 192.0.2.11 set {
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+match from 192.0.2.11 set ext-community delete rt 65520:1
+
+
+
+allow quick from 192.0.2.11
+
+
+
+# ---------------------------------------------
+# client AS1_1, outbound
+
+deny quick to 192.0.2.11 community 65520:0
+
+
+
+# Blackhole request?
+# No blackhole filtering policy given
+deny quick to 192.0.2.11 community BLACKHOLE
+
+
+
+# NO_EXPORT and NO_ADVERTISE communities
+
+# BGP control communities
+allow to 192.0.2.11
+
+# do_not_announce_to_any
+deny to 192.0.2.11 community 0:999
+deny to 192.0.2.11 ext-community rt 0:999
+deny to 192.0.2.11 large-community 999:0:999
+
+# do_not_announce_to_peer
+deny quick to 192.0.2.11 community 0:1
+deny quick to 192.0.2.11 ext-community rt 0:1
+deny quick to 192.0.2.11 large-community 999:0:1
+
+# announce_to_peer
+allow to 192.0.2.11 community 999:1
+allow to 192.0.2.11 ext-community rt 999:1
+allow to 192.0.2.11 large-community 999:999:1
+
+
+# Add the $INTCOMM_PROCESS_PREPEND_COMMS ext community to signal that communities
+# for prepending can be processed. As soon as one prepending action is performed,
+# this internal community is removed, so that further actions are not processed.
+match to 192.0.2.11 set ext-community $INTCOMM_PROCESS_PREPEND_COMMS
+
+
+
+
+
+# ---------------------------------------------
+# client AS1_2, inbound
+
+
+# Attach custom BGP communities
+# cust_comm1
+match from 2001:db8:1:1::11 set community 65501:65501
+match from 2001:db8:1:1::11 set ext-community rt 65501:65501
+match from 2001:db8:1:1::11 set large-community 999:65501:65501
+
+# NEXT_HOP
+match from 2001:db8:1:1::11 set community NO_ADVERTISE
+match from 2001:db8:1:1::11 nexthop 2001:db8:1:1::11 set community delete NO_ADVERTISE
+# Reject inbound routes when 'from 2001:db8:1:1::11 community NO_ADVERTISE' - reject code: 5
+allow quick from 2001:db8:1:1::11 community NO_ADVERTISE set {
+	localpref 1
+	community 65520:0
+	community 65520:5
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: left-most ASN
+# Reject inbound routes when 'from 2001:db8:1:1::11 peer-as != 1' - reject code: 6
+# community from reject_cause_map
+allow quick from 2001:db8:1:1::11 peer-as != 1 set {
+	localpref 1
+	community 65520:0
+	community 65520:6
+	large-community 999:1101:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: invalid ASNs
+# Reject inbound routes when 'from 2001:db8:1:1::11 AS 23456' - reject code: 7
+allow quick from 2001:db8:1:1::11 AS 23456 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 2001:db8:1:1::11 AS 64496 - 131071' - reject code: 7
+allow quick from 2001:db8:1:1::11 AS 64496 - 131071 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 2001:db8:1:1::11 AS 4200000000 - 4294967295' - reject code: 7
+allow quick from 2001:db8:1:1::11 AS 4200000000 - 4294967295 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+
+
+
+
+
+
+
+
+
+# Prefix: length
+# Reject inbound routes when 'from 2001:db8:1:1::11 prefix ::/0 prefixlen 12 >< 48' - reject code: 13
+allow quick from 2001:db8:1:1::11 prefix ::/0 prefixlen 12 >< 48 set {
+	localpref 1
+	community 65520:0
+	community 65520:13
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+# Remove internal communities before accepting the route
+match from 2001:db8:1:1::11 set {
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+match from 2001:db8:1:1::11 set ext-community delete rt 65520:1
+
+
+
+allow quick from 2001:db8:1:1::11
+
+
+
+# ---------------------------------------------
+# client AS1_2, outbound
+
+deny quick to 2001:db8:1:1::11 community 65520:0
+
+
+
+# Blackhole request?
+# No blackhole filtering policy given
+deny quick to 2001:db8:1:1::11 community BLACKHOLE
+
+
+
+# NO_EXPORT and NO_ADVERTISE communities
+
+# BGP control communities
+allow to 2001:db8:1:1::11
+
+# do_not_announce_to_any
+deny to 2001:db8:1:1::11 community 0:999
+deny to 2001:db8:1:1::11 ext-community rt 0:999
+deny to 2001:db8:1:1::11 large-community 999:0:999
+
+# do_not_announce_to_peer
+deny quick to 2001:db8:1:1::11 community 0:1
+deny quick to 2001:db8:1:1::11 ext-community rt 0:1
+deny quick to 2001:db8:1:1::11 large-community 999:0:1
+
+# announce_to_peer
+allow to 2001:db8:1:1::11 community 999:1
+allow to 2001:db8:1:1::11 ext-community rt 999:1
+allow to 2001:db8:1:1::11 large-community 999:999:1
+
+
+# Add the $INTCOMM_PROCESS_PREPEND_COMMS ext community to signal that communities
+# for prepending can be processed. As soon as one prepending action is performed,
+# this internal community is removed, so that further actions are not processed.
+match to 2001:db8:1:1::11 set ext-community $INTCOMM_PROCESS_PREPEND_COMMS
+
+
+
+
+
+# ---------------------------------------------
+# client AS2_1, inbound
+
+
+
+# NEXT_HOP
+match from 192.0.2.22 set community NO_ADVERTISE
+match from 192.0.2.22 nexthop 192.0.2.22 set community delete NO_ADVERTISE
+# Reject inbound routes when 'from 192.0.2.22 community NO_ADVERTISE' - reject code: 5
+allow quick from 192.0.2.22 community NO_ADVERTISE set {
+	localpref 1
+	community 65520:0
+	community 65520:5
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: left-most ASN
+# Reject inbound routes when 'from 192.0.2.22 peer-as != 2' - reject code: 6
+# community from reject_cause_map
+allow quick from 192.0.2.22 peer-as != 2 set {
+	localpref 1
+	community 65520:0
+	community 65520:6
+	large-community 999:1101:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: invalid ASNs
+# Reject inbound routes when 'from 192.0.2.22 AS 23456' - reject code: 7
+allow quick from 192.0.2.22 AS 23456 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 192.0.2.22 AS 64496 - 131071' - reject code: 7
+allow quick from 192.0.2.22 AS 64496 - 131071 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 192.0.2.22 AS 4200000000 - 4294967295' - reject code: 7
+allow quick from 192.0.2.22 AS 4200000000 - 4294967295 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+
+
+
+
+
+
+
+
+
+# Prefix: length
+# Reject inbound routes when 'from 192.0.2.22 prefix 0.0.0.0/0 prefixlen 8 >< 24' - reject code: 13
+allow quick from 192.0.2.22 prefix 0.0.0.0/0 prefixlen 8 >< 24 set {
+	localpref 1
+	community 65520:0
+	community 65520:13
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+# Remove internal communities before accepting the route
+match from 192.0.2.22 set {
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+match from 192.0.2.22 set ext-community delete rt 65520:2
+
+
+
+allow quick from 192.0.2.22
+
+
+
+# ---------------------------------------------
+# client AS2_1, outbound
+
+deny quick to 192.0.2.22 community 65520:0
+
+
+
+# Blackhole request?
+# No blackhole filtering policy given
+deny quick to 192.0.2.22 community BLACKHOLE
+
+
+
+# NO_EXPORT and NO_ADVERTISE communities
+
+# BGP control communities
+allow to 192.0.2.22
+
+# do_not_announce_to_any
+deny to 192.0.2.22 community 0:999
+deny to 192.0.2.22 ext-community rt 0:999
+deny to 192.0.2.22 large-community 999:0:999
+
+# do_not_announce_to_peer
+deny quick to 192.0.2.22 community 0:2
+deny quick to 192.0.2.22 ext-community rt 0:2
+deny quick to 192.0.2.22 large-community 999:0:2
+
+# announce_to_peer
+allow to 192.0.2.22 community 999:2
+allow to 192.0.2.22 ext-community rt 999:2
+allow to 192.0.2.22 large-community 999:999:2
+
+
+# Add the $INTCOMM_PROCESS_PREPEND_COMMS ext community to signal that communities
+# for prepending can be processed. As soon as one prepending action is performed,
+# this internal community is removed, so that further actions are not processed.
+match to 192.0.2.22 set ext-community $INTCOMM_PROCESS_PREPEND_COMMS
+
+
+
+
+
+# ---------------------------------------------
+# client AS2_2, inbound
+
+
+
+# NEXT_HOP
+match from 2001:db8:1:1::22 set community NO_ADVERTISE
+match from 2001:db8:1:1::22 nexthop 2001:db8:1:1::22 set community delete NO_ADVERTISE
+# Reject inbound routes when 'from 2001:db8:1:1::22 community NO_ADVERTISE' - reject code: 5
+allow quick from 2001:db8:1:1::22 community NO_ADVERTISE set {
+	localpref 1
+	community 65520:0
+	community 65520:5
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: left-most ASN
+# Reject inbound routes when 'from 2001:db8:1:1::22 peer-as != 2' - reject code: 6
+# community from reject_cause_map
+allow quick from 2001:db8:1:1::22 peer-as != 2 set {
+	localpref 1
+	community 65520:0
+	community 65520:6
+	large-community 999:1101:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: invalid ASNs
+# Reject inbound routes when 'from 2001:db8:1:1::22 AS 23456' - reject code: 7
+allow quick from 2001:db8:1:1::22 AS 23456 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 2001:db8:1:1::22 AS 64496 - 131071' - reject code: 7
+allow quick from 2001:db8:1:1::22 AS 64496 - 131071 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 2001:db8:1:1::22 AS 4200000000 - 4294967295' - reject code: 7
+allow quick from 2001:db8:1:1::22 AS 4200000000 - 4294967295 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+
+
+
+
+
+
+
+
+
+# Prefix: length
+# Reject inbound routes when 'from 2001:db8:1:1::22 prefix ::/0 prefixlen 12 >< 48' - reject code: 13
+allow quick from 2001:db8:1:1::22 prefix ::/0 prefixlen 12 >< 48 set {
+	localpref 1
+	community 65520:0
+	community 65520:13
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+# Remove internal communities before accepting the route
+match from 2001:db8:1:1::22 set {
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+match from 2001:db8:1:1::22 set ext-community delete rt 65520:2
+
+
+
+allow quick from 2001:db8:1:1::22
+
+
+
+# ---------------------------------------------
+# client AS2_2, outbound
+
+deny quick to 2001:db8:1:1::22 community 65520:0
+
+
+
+# Blackhole request?
+# No blackhole filtering policy given
+deny quick to 2001:db8:1:1::22 community BLACKHOLE
+
+
+
+# NO_EXPORT and NO_ADVERTISE communities
+
+# BGP control communities
+allow to 2001:db8:1:1::22
+
+# do_not_announce_to_any
+deny to 2001:db8:1:1::22 community 0:999
+deny to 2001:db8:1:1::22 ext-community rt 0:999
+deny to 2001:db8:1:1::22 large-community 999:0:999
+
+# do_not_announce_to_peer
+deny quick to 2001:db8:1:1::22 community 0:2
+deny quick to 2001:db8:1:1::22 ext-community rt 0:2
+deny quick to 2001:db8:1:1::22 large-community 999:0:2
+
+# announce_to_peer
+allow to 2001:db8:1:1::22 community 999:2
+allow to 2001:db8:1:1::22 ext-community rt 999:2
+allow to 2001:db8:1:1::22 large-community 999:999:2
+
+
+# Add the $INTCOMM_PROCESS_PREPEND_COMMS ext community to signal that communities
+# for prepending can be processed. As soon as one prepending action is performed,
+# this internal community is removed, so that further actions are not processed.
+match to 2001:db8:1:1::22 set ext-community $INTCOMM_PROCESS_PREPEND_COMMS
+
+
+
+
+
+
+
+# Scrub communities from outbound routes
+# announce_to_peer
+match to group clients set community delete 999:*
+match to group clients set ext-community delete rt 999:*
+match to group clients set large-community delete 999:999:*
+
+# do_not_announce_to_any
+match to group clients set community delete 0:999
+match to group clients set ext-community delete rt 0:999
+match to group clients set large-community delete 999:0:999
+
+# do_not_announce_to_peer
+match to group clients set community delete 0:*
+match to group clients set ext-community delete rt 0:*
+match to group clients set large-community delete 999:0:*
+
+# reject_cause
+match to group clients set community delete 65520:*
+
+# reject_cause_map_6
+match to group clients set large-community delete 999:1101:7
+
+# rejected_route_announced_by
+match to group clients set ext-community delete rt 65520:*
+
+
+# Scrub prepending communities
+
+
+# RFC1997 NO_EXPORT/NO_ADVERTISE received from clients and propagated because of pass-through policy
+match to group clients ext-community $INTCOMM_NO_EXPORT set community NO_EXPORT
+match to group clients ext-community $INTCOMM_NO_ADVERTISE set community NO_ADVERTISE
+
+# Remove internal communities before announcing the route
+match to group clients set {
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
diff --git a/tests/live_tests/scenarios/communities/configs/BGPCommunitiesScenario_OpenBGPDIPv6/openbgpd77p.conf b/tests/live_tests/scenarios/communities/configs/BGPCommunitiesScenario_OpenBGPDIPv6/openbgpd77p.conf
new file mode 100644
index 00000000..b171bc60
--- /dev/null
+++ b/tests/live_tests/scenarios/communities/configs/BGPCommunitiesScenario_OpenBGPDIPv6/openbgpd77p.conf
@@ -0,0 +1,1887 @@
+# built by ARouteServer
+AS 999
+router-id 192.0.2.2
+
+fib-update no
+log updates
+
+nexthop qualify via default
+
+rde evaluate all
+
+INTCOMM_PREF_OK_ROA="soo 65535:1"
+INTCOMM_ROUTE_OK_WL="soo 65535:2"
+INTCOMM_PREF_OK_ARINDB="soo 65535:3"
+INTCOMM_PREF_OK_REGISTROBRDB="soo 65535:12"
+
+INTCOMM_ORIGIN_OK="soo 65535:4"
+INTCOMM_ORIGIN_KO="soo 65535:5"
+INTCOMM_PREFIX_OK="soo 65535:6"
+INTCOMM_PREFIX_KO="soo 65535:7"
+INTCOMM_IRR_REJECT="soo 65535:8"
+
+INTCOMM_RPKI_UNKNOWN="soo 65535:9"
+INTCOMM_RPKI_INVALID="soo 65535:10"
+INTCOMM_RPKI_VALID="soo 65535:11"
+
+INTCOMM_PROCESS_PREPEND_COMMS="soo 65535:13"
+
+INTCOMM_NO_EXPORT="soo 65535:65281"
+INTCOMM_NO_ADVERTISE="soo 65535:65282"
+
+# ---------------------------------------------------------
+# IRRDB
+
+
+
+
+# ---------------------------------------------------------
+# MEMBERS
+
+group "clients" {
+
+	neighbor 192.0.2.33 {
+		remote-as 131073
+
+		rde evaluate all
+
+		passive
+		ttl-security no
+		transparent-as yes
+		enforce neighbor-as no
+
+		announce as-4byte yes
+		announce IPv6 none
+		announce IPv4 unicast
+
+		set nexthop no-modify
+	}
+
+	neighbor 2001:db8:1:1::33 {
+		remote-as 131073
+
+		rde evaluate all
+
+		passive
+		ttl-security no
+		transparent-as yes
+		enforce neighbor-as no
+
+		announce as-4byte yes
+		announce IPv6 unicast
+		announce IPv4 none
+
+		set nexthop no-modify
+	}
+
+	neighbor 192.0.2.11 {
+		remote-as 1
+
+		rde evaluate all
+
+		passive
+		ttl-security no
+		transparent-as yes
+		enforce neighbor-as no
+
+		announce as-4byte yes
+		announce IPv6 none
+		announce IPv4 unicast
+
+		set nexthop no-modify
+	}
+
+	neighbor 2001:db8:1:1::11 {
+		remote-as 1
+
+		rde evaluate all
+
+		passive
+		ttl-security no
+		transparent-as yes
+		enforce neighbor-as no
+
+		announce as-4byte yes
+		announce IPv6 unicast
+		announce IPv4 none
+
+		set nexthop no-modify
+	}
+
+	neighbor 192.0.2.22 {
+		remote-as 2
+
+		rde evaluate all
+
+		passive
+		ttl-security no
+		transparent-as yes
+		enforce neighbor-as no
+
+		announce as-4byte yes
+		announce IPv6 none
+		announce IPv4 unicast
+
+		set nexthop no-modify
+	}
+
+	neighbor 2001:db8:1:1::22 {
+		remote-as 2
+
+		rde evaluate all
+
+		passive
+		ttl-security no
+		transparent-as yes
+		enforce neighbor-as no
+
+		announce as-4byte yes
+		announce IPv6 unicast
+		announce IPv4 none
+
+		set nexthop no-modify
+	}
+}
+
+
+
+# ---------------------------------------------------------
+# FILTERS
+
+# NO_ADVERTISE usage notes.
+# The NO_ADVERTISE well-know community is used here to handle
+# filters that span over multiple steps. At first it is added
+# to any route, then it is removed as filters conditions are
+# satisfied. Finally, if it is still present, it means that
+# the route should be discarded.
+
+
+
+
+
+prefix-set "bogons" {
+    0.0.0.0/0
+    0.0.0.0/8 prefixlen 8 - 32
+    10.0.0.0/8 prefixlen 8 - 32
+    127.0.0.0/8 prefixlen 8 - 32
+    169.254.0.0/16 prefixlen 16 - 32
+    172.16.0.0/12 prefixlen 12 - 32
+    192.0.2.0/24 prefixlen 24 - 32
+    192.88.99.0/24 prefixlen 24 - 32
+    192.168.0.0/16 prefixlen 16 - 32
+    198.18.0.0/15 prefixlen 15 - 32
+    198.51.100.0/24 prefixlen 24 - 32
+    203.0.113.0/24 prefixlen 24 - 32
+    224.0.0.0/3 prefixlen 3 - 32
+    100.64.0.0/10 prefixlen 10 - 32
+    ::/0
+    ::/8 prefixlen 8 - 128
+    64:ff9b::/96 prefixlen 96 - 128
+    100::/8 prefixlen 8 - 128
+    200::/7 prefixlen 7 - 128
+    400::/6 prefixlen 6 - 128
+    800::/5 prefixlen 5 - 128
+    1000::/4 prefixlen 4 - 128
+    2001::/33 prefixlen 33 - 128
+    2001:0:8000::/33 prefixlen 33 - 128
+    2001:2::/48 prefixlen 48 - 128
+    2001:3::/32 prefixlen 32 - 128
+    2001:10::/28 prefixlen 28 - 128
+    2001:20::/28 prefixlen 28 - 128
+    2001:db8::/32 prefixlen 32 - 128
+    2002::/16 prefixlen 16 - 128
+    3ffe::/16 prefixlen 16 - 128
+    4000::/3 prefixlen 3 - 128
+    5f00::/8 prefixlen 8 - 128
+    6000::/3 prefixlen 3 - 128
+    8000::/3 prefixlen 3 - 128
+    a000::/3 prefixlen 3 - 128
+    c000::/3 prefixlen 3 - 128
+    e000::/4 prefixlen 4 - 128
+    f000::/5 prefixlen 5 - 128
+    f800::/6 prefixlen 6 - 128
+    fc00::/7 prefixlen 7 - 128
+    fe80::/10 prefixlen 10 - 128
+    fec0::/10 prefixlen 10 - 128
+    ff00::/8 prefixlen 8 - 128
+
+}
+
+
+# =====================================================================================
+# Global rules.
+
+# This part of configuration is processed at the beginning of the filters.
+# The rules defined in this part are applied to all the clients, and not on a
+# client-by-client basis (see the 'match from group clients'), so only global policies
+# can be implemented here, that is no client-level configuration are allowed.
+
+
+
+# Scrub communities from inbound routes
+# reject_cause
+match from group clients set community delete 65520:*
+
+# reject_cause_map_6
+match from group clients set large-community delete 999:1101:7
+
+# rejected_route_announced_by
+match from group clients set ext-community delete rt 65520:*
+
+# cust_comm1
+match from group clients set community delete 65501:65501
+match from group clients set ext-community delete rt 65501:65501
+match from group clients set large-community delete 999:65501:65501
+
+
+# Scrub internal communities from inbound routes
+match from group clients set {
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+# The main goal of this block is to enrich routes received from clients by attaching to them
+# internal informational communities which are used later by the rest of the filter rules.
+
+# Internal communities used for RFC1997 well-known communities handling
+
+# Transform NO_EXPORT into $INTCOMM_NO_EXPORT
+match from group clients community NO_EXPORT set { ext-community $INTCOMM_NO_EXPORT community delete NO_EXPORT }
+
+# Transform NO_ADVERTISE into $INTCOMM_NO_ADVERTISE
+match from group clients community NO_ADVERTISE set { ext-community $INTCOMM_NO_ADVERTISE community delete NO_ADVERTISE }
+
+
+
+
+
+
+
+
+
+# Set the 'rejected_route_announced_by' community for all the clients.
+# It will be removed later if the route is not invalid
+match from 192.0.2.33 set ext-community rt 65520:131073
+
+match from 2001:db8:1:1::33 set ext-community rt 65520:131073
+
+match from 192.0.2.11 set ext-community rt 65520:1
+
+match from 2001:db8:1:1::11 set ext-community rt 65520:1
+
+match from 192.0.2.22 set ext-community rt 65520:2
+
+match from 2001:db8:1:1::22 set ext-community rt 65520:2
+
+
+
+
+# AS_PATH: length
+# Reject inbound routes when 'from group clients max-as-len 32' - reject code: 1
+allow quick from group clients max-as-len 32 set {
+	localpref 1
+	community 65520:0
+	community 65520:1
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+# Prefix: only IPv6 Global Unicast space allowed
+match from group clients inet6 set community NO_ADVERTISE
+match from group clients prefix 2000::/3 or-longer set community delete NO_ADVERTISE
+# Reject inbound routes when 'from group clients community NO_ADVERTISE' - reject code: 10
+allow quick from group clients community NO_ADVERTISE set {
+	localpref 1
+	community 65520:0
+	community 65520:10
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# Prefix: bogon
+# Reject inbound routes when 'from group clients prefix-set bogons' - reject code: 2
+allow quick from group clients prefix-set bogons set {
+	localpref 1
+	community 65520:0
+	community 65520:2
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+
+# =====================================================================================
+# Per client rules.
+
+
+# ---------------------------------------------
+# client AS131073_1, inbound
+
+
+
+# NEXT_HOP
+match from 192.0.2.33 set community NO_ADVERTISE
+match from 192.0.2.33 nexthop 192.0.2.33 set community delete NO_ADVERTISE
+# Reject inbound routes when 'from 192.0.2.33 community NO_ADVERTISE' - reject code: 5
+allow quick from 192.0.2.33 community NO_ADVERTISE set {
+	localpref 1
+	community 65520:0
+	community 65520:5
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: left-most ASN
+# Reject inbound routes when 'from 192.0.2.33 peer-as != 131073' - reject code: 6
+# community from reject_cause_map
+allow quick from 192.0.2.33 peer-as != 131073 set {
+	localpref 1
+	community 65520:0
+	community 65520:6
+	large-community 999:1101:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: invalid ASNs
+# Reject inbound routes when 'from 192.0.2.33 AS 23456' - reject code: 7
+allow quick from 192.0.2.33 AS 23456 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 192.0.2.33 AS 64496 - 131071' - reject code: 7
+allow quick from 192.0.2.33 AS 64496 - 131071 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 192.0.2.33 AS 4200000000 - 4294967295' - reject code: 7
+allow quick from 192.0.2.33 AS 4200000000 - 4294967295 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+
+
+
+
+
+
+
+
+
+# Prefix: length
+# Reject inbound routes when 'from 192.0.2.33 prefix 0.0.0.0/0 prefixlen 8 >< 24' - reject code: 13
+allow quick from 192.0.2.33 prefix 0.0.0.0/0 prefixlen 8 >< 24 set {
+	localpref 1
+	community 65520:0
+	community 65520:13
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+# Remove internal communities before accepting the route
+match from 192.0.2.33 set {
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+match from 192.0.2.33 set ext-community delete rt 65520:131073
+
+
+
+allow quick from 192.0.2.33
+
+
+
+# ---------------------------------------------
+# client AS131073_1, outbound
+
+deny quick to 192.0.2.33 community 65520:0
+
+
+
+# Blackhole request?
+# No blackhole filtering policy given
+deny quick to 192.0.2.33 community BLACKHOLE
+
+
+
+# NO_EXPORT and NO_ADVERTISE communities
+
+# BGP control communities
+allow to 192.0.2.33
+
+# do_not_announce_to_any
+deny to 192.0.2.33 community 0:999
+deny to 192.0.2.33 ext-community rt 0:999
+deny to 192.0.2.33 large-community 999:0:999
+
+# do_not_announce_to_peer
+# Warning: must skip 0:peer_as because peer_as > 65535 (131073)
+deny quick to 192.0.2.33 ext-community rt 0:131073
+deny quick to 192.0.2.33 large-community 999:0:131073
+
+# announce_to_peer
+# Warning: must skip 999:peer_as because peer_as > 65535 (131073)
+allow to 192.0.2.33 ext-community rt 999:131073
+allow to 192.0.2.33 large-community 999:999:131073
+
+
+# Add the $INTCOMM_PROCESS_PREPEND_COMMS ext community to signal that communities
+# for prepending can be processed. As soon as one prepending action is performed,
+# this internal community is removed, so that further actions are not processed.
+match to 192.0.2.33 set ext-community $INTCOMM_PROCESS_PREPEND_COMMS
+
+
+
+
+
+# ---------------------------------------------
+# client AS131073_2, inbound
+
+
+
+# NEXT_HOP
+match from 2001:db8:1:1::33 set community NO_ADVERTISE
+match from 2001:db8:1:1::33 nexthop 2001:db8:1:1::33 set community delete NO_ADVERTISE
+# Reject inbound routes when 'from 2001:db8:1:1::33 community NO_ADVERTISE' - reject code: 5
+allow quick from 2001:db8:1:1::33 community NO_ADVERTISE set {
+	localpref 1
+	community 65520:0
+	community 65520:5
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: left-most ASN
+# Reject inbound routes when 'from 2001:db8:1:1::33 peer-as != 131073' - reject code: 6
+# community from reject_cause_map
+allow quick from 2001:db8:1:1::33 peer-as != 131073 set {
+	localpref 1
+	community 65520:0
+	community 65520:6
+	large-community 999:1101:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: invalid ASNs
+# Reject inbound routes when 'from 2001:db8:1:1::33 AS 23456' - reject code: 7
+allow quick from 2001:db8:1:1::33 AS 23456 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 2001:db8:1:1::33 AS 64496 - 131071' - reject code: 7
+allow quick from 2001:db8:1:1::33 AS 64496 - 131071 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 2001:db8:1:1::33 AS 4200000000 - 4294967295' - reject code: 7
+allow quick from 2001:db8:1:1::33 AS 4200000000 - 4294967295 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+
+
+
+
+
+
+
+
+
+# Prefix: length
+# Reject inbound routes when 'from 2001:db8:1:1::33 prefix ::/0 prefixlen 12 >< 48' - reject code: 13
+allow quick from 2001:db8:1:1::33 prefix ::/0 prefixlen 12 >< 48 set {
+	localpref 1
+	community 65520:0
+	community 65520:13
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+# Remove internal communities before accepting the route
+match from 2001:db8:1:1::33 set {
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+match from 2001:db8:1:1::33 set ext-community delete rt 65520:131073
+
+
+
+allow quick from 2001:db8:1:1::33
+
+
+
+# ---------------------------------------------
+# client AS131073_2, outbound
+
+deny quick to 2001:db8:1:1::33 community 65520:0
+
+
+
+# Blackhole request?
+# No blackhole filtering policy given
+deny quick to 2001:db8:1:1::33 community BLACKHOLE
+
+
+
+# NO_EXPORT and NO_ADVERTISE communities
+
+# BGP control communities
+allow to 2001:db8:1:1::33
+
+# do_not_announce_to_any
+deny to 2001:db8:1:1::33 community 0:999
+deny to 2001:db8:1:1::33 ext-community rt 0:999
+deny to 2001:db8:1:1::33 large-community 999:0:999
+
+# do_not_announce_to_peer
+# Warning: must skip 0:peer_as because peer_as > 65535 (131073)
+deny quick to 2001:db8:1:1::33 ext-community rt 0:131073
+deny quick to 2001:db8:1:1::33 large-community 999:0:131073
+
+# announce_to_peer
+# Warning: must skip 999:peer_as because peer_as > 65535 (131073)
+allow to 2001:db8:1:1::33 ext-community rt 999:131073
+allow to 2001:db8:1:1::33 large-community 999:999:131073
+
+
+# Add the $INTCOMM_PROCESS_PREPEND_COMMS ext community to signal that communities
+# for prepending can be processed. As soon as one prepending action is performed,
+# this internal community is removed, so that further actions are not processed.
+match to 2001:db8:1:1::33 set ext-community $INTCOMM_PROCESS_PREPEND_COMMS
+
+
+
+
+
+# ---------------------------------------------
+# client AS1_1, inbound
+
+
+# Attach custom BGP communities
+# cust_comm1
+match from 192.0.2.11 set community 65501:65501
+match from 192.0.2.11 set ext-community rt 65501:65501
+match from 192.0.2.11 set large-community 999:65501:65501
+
+# NEXT_HOP
+match from 192.0.2.11 set community NO_ADVERTISE
+match from 192.0.2.11 nexthop 192.0.2.11 set community delete NO_ADVERTISE
+# Reject inbound routes when 'from 192.0.2.11 community NO_ADVERTISE' - reject code: 5
+allow quick from 192.0.2.11 community NO_ADVERTISE set {
+	localpref 1
+	community 65520:0
+	community 65520:5
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: left-most ASN
+# Reject inbound routes when 'from 192.0.2.11 peer-as != 1' - reject code: 6
+# community from reject_cause_map
+allow quick from 192.0.2.11 peer-as != 1 set {
+	localpref 1
+	community 65520:0
+	community 65520:6
+	large-community 999:1101:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: invalid ASNs
+# Reject inbound routes when 'from 192.0.2.11 AS 23456' - reject code: 7
+allow quick from 192.0.2.11 AS 23456 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 192.0.2.11 AS 64496 - 131071' - reject code: 7
+allow quick from 192.0.2.11 AS 64496 - 131071 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 192.0.2.11 AS 4200000000 - 4294967295' - reject code: 7
+allow quick from 192.0.2.11 AS 4200000000 - 4294967295 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+
+
+
+
+
+
+
+
+
+# Prefix: length
+# Reject inbound routes when 'from 192.0.2.11 prefix 0.0.0.0/0 prefixlen 8 >< 24' - reject code: 13
+allow quick from 192.0.2.11 prefix 0.0.0.0/0 prefixlen 8 >< 24 set {
+	localpref 1
+	community 65520:0
+	community 65520:13
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+# Remove internal communities before accepting the route
+match from 192.0.2.11 set {
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+match from 192.0.2.11 set ext-community delete rt 65520:1
+
+
+
+allow quick from 192.0.2.11
+
+
+
+# ---------------------------------------------
+# client AS1_1, outbound
+
+deny quick to 192.0.2.11 community 65520:0
+
+
+
+# Blackhole request?
+# No blackhole filtering policy given
+deny quick to 192.0.2.11 community BLACKHOLE
+
+
+
+# NO_EXPORT and NO_ADVERTISE communities
+
+# BGP control communities
+allow to 192.0.2.11
+
+# do_not_announce_to_any
+deny to 192.0.2.11 community 0:999
+deny to 192.0.2.11 ext-community rt 0:999
+deny to 192.0.2.11 large-community 999:0:999
+
+# do_not_announce_to_peer
+deny quick to 192.0.2.11 community 0:1
+deny quick to 192.0.2.11 ext-community rt 0:1
+deny quick to 192.0.2.11 large-community 999:0:1
+
+# announce_to_peer
+allow to 192.0.2.11 community 999:1
+allow to 192.0.2.11 ext-community rt 999:1
+allow to 192.0.2.11 large-community 999:999:1
+
+
+# Add the $INTCOMM_PROCESS_PREPEND_COMMS ext community to signal that communities
+# for prepending can be processed. As soon as one prepending action is performed,
+# this internal community is removed, so that further actions are not processed.
+match to 192.0.2.11 set ext-community $INTCOMM_PROCESS_PREPEND_COMMS
+
+
+
+
+
+# ---------------------------------------------
+# client AS1_2, inbound
+
+
+# Attach custom BGP communities
+# cust_comm1
+match from 2001:db8:1:1::11 set community 65501:65501
+match from 2001:db8:1:1::11 set ext-community rt 65501:65501
+match from 2001:db8:1:1::11 set large-community 999:65501:65501
+
+# NEXT_HOP
+match from 2001:db8:1:1::11 set community NO_ADVERTISE
+match from 2001:db8:1:1::11 nexthop 2001:db8:1:1::11 set community delete NO_ADVERTISE
+# Reject inbound routes when 'from 2001:db8:1:1::11 community NO_ADVERTISE' - reject code: 5
+allow quick from 2001:db8:1:1::11 community NO_ADVERTISE set {
+	localpref 1
+	community 65520:0
+	community 65520:5
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: left-most ASN
+# Reject inbound routes when 'from 2001:db8:1:1::11 peer-as != 1' - reject code: 6
+# community from reject_cause_map
+allow quick from 2001:db8:1:1::11 peer-as != 1 set {
+	localpref 1
+	community 65520:0
+	community 65520:6
+	large-community 999:1101:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: invalid ASNs
+# Reject inbound routes when 'from 2001:db8:1:1::11 AS 23456' - reject code: 7
+allow quick from 2001:db8:1:1::11 AS 23456 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 2001:db8:1:1::11 AS 64496 - 131071' - reject code: 7
+allow quick from 2001:db8:1:1::11 AS 64496 - 131071 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 2001:db8:1:1::11 AS 4200000000 - 4294967295' - reject code: 7
+allow quick from 2001:db8:1:1::11 AS 4200000000 - 4294967295 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+
+
+
+
+
+
+
+
+
+# Prefix: length
+# Reject inbound routes when 'from 2001:db8:1:1::11 prefix ::/0 prefixlen 12 >< 48' - reject code: 13
+allow quick from 2001:db8:1:1::11 prefix ::/0 prefixlen 12 >< 48 set {
+	localpref 1
+	community 65520:0
+	community 65520:13
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+# Remove internal communities before accepting the route
+match from 2001:db8:1:1::11 set {
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+match from 2001:db8:1:1::11 set ext-community delete rt 65520:1
+
+
+
+allow quick from 2001:db8:1:1::11
+
+
+
+# ---------------------------------------------
+# client AS1_2, outbound
+
+deny quick to 2001:db8:1:1::11 community 65520:0
+
+
+
+# Blackhole request?
+# No blackhole filtering policy given
+deny quick to 2001:db8:1:1::11 community BLACKHOLE
+
+
+
+# NO_EXPORT and NO_ADVERTISE communities
+
+# BGP control communities
+allow to 2001:db8:1:1::11
+
+# do_not_announce_to_any
+deny to 2001:db8:1:1::11 community 0:999
+deny to 2001:db8:1:1::11 ext-community rt 0:999
+deny to 2001:db8:1:1::11 large-community 999:0:999
+
+# do_not_announce_to_peer
+deny quick to 2001:db8:1:1::11 community 0:1
+deny quick to 2001:db8:1:1::11 ext-community rt 0:1
+deny quick to 2001:db8:1:1::11 large-community 999:0:1
+
+# announce_to_peer
+allow to 2001:db8:1:1::11 community 999:1
+allow to 2001:db8:1:1::11 ext-community rt 999:1
+allow to 2001:db8:1:1::11 large-community 999:999:1
+
+
+# Add the $INTCOMM_PROCESS_PREPEND_COMMS ext community to signal that communities
+# for prepending can be processed. As soon as one prepending action is performed,
+# this internal community is removed, so that further actions are not processed.
+match to 2001:db8:1:1::11 set ext-community $INTCOMM_PROCESS_PREPEND_COMMS
+
+
+
+
+
+# ---------------------------------------------
+# client AS2_1, inbound
+
+
+
+# NEXT_HOP
+match from 192.0.2.22 set community NO_ADVERTISE
+match from 192.0.2.22 nexthop 192.0.2.22 set community delete NO_ADVERTISE
+# Reject inbound routes when 'from 192.0.2.22 community NO_ADVERTISE' - reject code: 5
+allow quick from 192.0.2.22 community NO_ADVERTISE set {
+	localpref 1
+	community 65520:0
+	community 65520:5
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: left-most ASN
+# Reject inbound routes when 'from 192.0.2.22 peer-as != 2' - reject code: 6
+# community from reject_cause_map
+allow quick from 192.0.2.22 peer-as != 2 set {
+	localpref 1
+	community 65520:0
+	community 65520:6
+	large-community 999:1101:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: invalid ASNs
+# Reject inbound routes when 'from 192.0.2.22 AS 23456' - reject code: 7
+allow quick from 192.0.2.22 AS 23456 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 192.0.2.22 AS 64496 - 131071' - reject code: 7
+allow quick from 192.0.2.22 AS 64496 - 131071 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 192.0.2.22 AS 4200000000 - 4294967295' - reject code: 7
+allow quick from 192.0.2.22 AS 4200000000 - 4294967295 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+
+
+
+
+
+
+
+
+
+# Prefix: length
+# Reject inbound routes when 'from 192.0.2.22 prefix 0.0.0.0/0 prefixlen 8 >< 24' - reject code: 13
+allow quick from 192.0.2.22 prefix 0.0.0.0/0 prefixlen 8 >< 24 set {
+	localpref 1
+	community 65520:0
+	community 65520:13
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+# Remove internal communities before accepting the route
+match from 192.0.2.22 set {
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+match from 192.0.2.22 set ext-community delete rt 65520:2
+
+
+
+allow quick from 192.0.2.22
+
+
+
+# ---------------------------------------------
+# client AS2_1, outbound
+
+deny quick to 192.0.2.22 community 65520:0
+
+
+
+# Blackhole request?
+# No blackhole filtering policy given
+deny quick to 192.0.2.22 community BLACKHOLE
+
+
+
+# NO_EXPORT and NO_ADVERTISE communities
+
+# BGP control communities
+allow to 192.0.2.22
+
+# do_not_announce_to_any
+deny to 192.0.2.22 community 0:999
+deny to 192.0.2.22 ext-community rt 0:999
+deny to 192.0.2.22 large-community 999:0:999
+
+# do_not_announce_to_peer
+deny quick to 192.0.2.22 community 0:2
+deny quick to 192.0.2.22 ext-community rt 0:2
+deny quick to 192.0.2.22 large-community 999:0:2
+
+# announce_to_peer
+allow to 192.0.2.22 community 999:2
+allow to 192.0.2.22 ext-community rt 999:2
+allow to 192.0.2.22 large-community 999:999:2
+
+
+# Add the $INTCOMM_PROCESS_PREPEND_COMMS ext community to signal that communities
+# for prepending can be processed. As soon as one prepending action is performed,
+# this internal community is removed, so that further actions are not processed.
+match to 192.0.2.22 set ext-community $INTCOMM_PROCESS_PREPEND_COMMS
+
+
+
+
+
+# ---------------------------------------------
+# client AS2_2, inbound
+
+
+
+# NEXT_HOP
+match from 2001:db8:1:1::22 set community NO_ADVERTISE
+match from 2001:db8:1:1::22 nexthop 2001:db8:1:1::22 set community delete NO_ADVERTISE
+# Reject inbound routes when 'from 2001:db8:1:1::22 community NO_ADVERTISE' - reject code: 5
+allow quick from 2001:db8:1:1::22 community NO_ADVERTISE set {
+	localpref 1
+	community 65520:0
+	community 65520:5
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: left-most ASN
+# Reject inbound routes when 'from 2001:db8:1:1::22 peer-as != 2' - reject code: 6
+# community from reject_cause_map
+allow quick from 2001:db8:1:1::22 peer-as != 2 set {
+	localpref 1
+	community 65520:0
+	community 65520:6
+	large-community 999:1101:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: invalid ASNs
+# Reject inbound routes when 'from 2001:db8:1:1::22 AS 23456' - reject code: 7
+allow quick from 2001:db8:1:1::22 AS 23456 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 2001:db8:1:1::22 AS 64496 - 131071' - reject code: 7
+allow quick from 2001:db8:1:1::22 AS 64496 - 131071 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 2001:db8:1:1::22 AS 4200000000 - 4294967295' - reject code: 7
+allow quick from 2001:db8:1:1::22 AS 4200000000 - 4294967295 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+
+
+
+
+
+
+
+
+
+# Prefix: length
+# Reject inbound routes when 'from 2001:db8:1:1::22 prefix ::/0 prefixlen 12 >< 48' - reject code: 13
+allow quick from 2001:db8:1:1::22 prefix ::/0 prefixlen 12 >< 48 set {
+	localpref 1
+	community 65520:0
+	community 65520:13
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+# Remove internal communities before accepting the route
+match from 2001:db8:1:1::22 set {
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+match from 2001:db8:1:1::22 set ext-community delete rt 65520:2
+
+
+
+allow quick from 2001:db8:1:1::22
+
+
+
+# ---------------------------------------------
+# client AS2_2, outbound
+
+deny quick to 2001:db8:1:1::22 community 65520:0
+
+
+
+# Blackhole request?
+# No blackhole filtering policy given
+deny quick to 2001:db8:1:1::22 community BLACKHOLE
+
+
+
+# NO_EXPORT and NO_ADVERTISE communities
+
+# BGP control communities
+allow to 2001:db8:1:1::22
+
+# do_not_announce_to_any
+deny to 2001:db8:1:1::22 community 0:999
+deny to 2001:db8:1:1::22 ext-community rt 0:999
+deny to 2001:db8:1:1::22 large-community 999:0:999
+
+# do_not_announce_to_peer
+deny quick to 2001:db8:1:1::22 community 0:2
+deny quick to 2001:db8:1:1::22 ext-community rt 0:2
+deny quick to 2001:db8:1:1::22 large-community 999:0:2
+
+# announce_to_peer
+allow to 2001:db8:1:1::22 community 999:2
+allow to 2001:db8:1:1::22 ext-community rt 999:2
+allow to 2001:db8:1:1::22 large-community 999:999:2
+
+
+# Add the $INTCOMM_PROCESS_PREPEND_COMMS ext community to signal that communities
+# for prepending can be processed. As soon as one prepending action is performed,
+# this internal community is removed, so that further actions are not processed.
+match to 2001:db8:1:1::22 set ext-community $INTCOMM_PROCESS_PREPEND_COMMS
+
+
+
+
+
+
+
+# Scrub communities from outbound routes
+# announce_to_peer
+match to group clients set community delete 999:*
+match to group clients set ext-community delete rt 999:*
+match to group clients set large-community delete 999:999:*
+
+# do_not_announce_to_any
+match to group clients set community delete 0:999
+match to group clients set ext-community delete rt 0:999
+match to group clients set large-community delete 999:0:999
+
+# do_not_announce_to_peer
+match to group clients set community delete 0:*
+match to group clients set ext-community delete rt 0:*
+match to group clients set large-community delete 999:0:*
+
+# reject_cause
+match to group clients set community delete 65520:*
+
+# reject_cause_map_6
+match to group clients set large-community delete 999:1101:7
+
+# rejected_route_announced_by
+match to group clients set ext-community delete rt 65520:*
+
+
+# Scrub prepending communities
+
+
+# RFC1997 NO_EXPORT/NO_ADVERTISE received from clients and propagated because of pass-through policy
+match to group clients ext-community $INTCOMM_NO_EXPORT set community NO_EXPORT
+match to group clients ext-community $INTCOMM_NO_ADVERTISE set community NO_ADVERTISE
+
+# Remove internal communities before announcing the route
+match to group clients set {
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
diff --git a/tests/live_tests/scenarios/communities/routes/BGPCommunitiesScenario_OpenBGPDIPv4/openbgpd77p/AS1.txt b/tests/live_tests/scenarios/communities/routes/BGPCommunitiesScenario_OpenBGPDIPv4/openbgpd77p/AS1.txt
new file mode 100644
index 00000000..5da2643f
--- /dev/null
+++ b/tests/live_tests/scenarios/communities/routes/BGPCommunitiesScenario_OpenBGPDIPv4/openbgpd77p/AS1.txt
@@ -0,0 +1,28 @@
+2.0.1.0/24, AS_PATH: 2, NEXT_HOP: 192.0.2.22, via 192.0.2.2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2.0.2.0/24, AS_PATH: 2, NEXT_HOP: 192.0.2.22, via 192.0.2.2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2.0.3.0/24, AS_PATH: 2, NEXT_HOP: 192.0.2.22, via 192.0.2.2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2.0.6.0/24, AS_PATH: 2, NEXT_HOP: 192.0.2.22, via 192.0.2.2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
diff --git a/tests/live_tests/scenarios/communities/routes/BGPCommunitiesScenario_OpenBGPDIPv4/openbgpd77p/AS131073.txt b/tests/live_tests/scenarios/communities/routes/BGPCommunitiesScenario_OpenBGPDIPv4/openbgpd77p/AS131073.txt
new file mode 100644
index 00000000..8600918f
--- /dev/null
+++ b/tests/live_tests/scenarios/communities/routes/BGPCommunitiesScenario_OpenBGPDIPv4/openbgpd77p/AS131073.txt
@@ -0,0 +1,28 @@
+1.0.1.0/24, AS_PATH: 1, NEXT_HOP: 192.0.2.11, via 192.0.2.2
+  std comms: 65501:65501
+  ext comms: rt:65501:65501
+  lrg comms: 999:65501:65501
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2.0.4.0/24, AS_PATH: 2, NEXT_HOP: 192.0.2.22, via 192.0.2.2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2.0.5.0/24, AS_PATH: 2, NEXT_HOP: 192.0.2.22, via 192.0.2.2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2.0.6.0/24, AS_PATH: 2, NEXT_HOP: 192.0.2.22, via 192.0.2.2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
diff --git a/tests/live_tests/scenarios/communities/routes/BGPCommunitiesScenario_OpenBGPDIPv4/openbgpd77p/AS2.txt b/tests/live_tests/scenarios/communities/routes/BGPCommunitiesScenario_OpenBGPDIPv4/openbgpd77p/AS2.txt
new file mode 100644
index 00000000..0cb7d282
--- /dev/null
+++ b/tests/live_tests/scenarios/communities/routes/BGPCommunitiesScenario_OpenBGPDIPv4/openbgpd77p/AS2.txt
@@ -0,0 +1,7 @@
+1.0.1.0/24, AS_PATH: 1, NEXT_HOP: 192.0.2.11, via 192.0.2.2
+  std comms: 65501:65501
+  ext comms: rt:65501:65501
+  lrg comms: 999:65501:65501
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
diff --git a/tests/live_tests/scenarios/communities/routes/BGPCommunitiesScenario_OpenBGPDIPv4/openbgpd77p/rs.txt b/tests/live_tests/scenarios/communities/routes/BGPCommunitiesScenario_OpenBGPDIPv4/openbgpd77p/rs.txt
new file mode 100644
index 00000000..d7d39207
--- /dev/null
+++ b/tests/live_tests/scenarios/communities/routes/BGPCommunitiesScenario_OpenBGPDIPv4/openbgpd77p/rs.txt
@@ -0,0 +1,49 @@
+1.0.1.0/24, AS_PATH: 1, NEXT_HOP: 192.0.2.11, via 192.0.2.11
+  std comms: 65501:65501
+  ext comms: rt:65501:65501
+  lrg comms: 999:65501:65501
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2.0.1.0/24, AS_PATH: 2, NEXT_HOP: 192.0.2.22, via 192.0.2.22
+  std comms: 0:999, 999:1
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2.0.2.0/24, AS_PATH: 2, NEXT_HOP: 192.0.2.22, via 192.0.2.22
+  std comms:
+  ext comms: rt:0:999, rt:999:1
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2.0.3.0/24, AS_PATH: 2, NEXT_HOP: 192.0.2.22, via 192.0.2.22
+  std comms:
+  ext comms:
+  lrg comms: 999:0:999, 999:999:1
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2.0.4.0/24, AS_PATH: 2, NEXT_HOP: 192.0.2.22, via 192.0.2.22
+  std comms: 0:999
+  ext comms: rt:999:131073
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2.0.5.0/24, AS_PATH: 2, NEXT_HOP: 192.0.2.22, via 192.0.2.22
+  std comms:
+  ext comms:
+  lrg comms: 999:0:999, 999:999:131073
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2.0.6.0/24, AS_PATH: 2, NEXT_HOP: 192.0.2.22, via 192.0.2.22
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
diff --git a/tests/live_tests/scenarios/communities/routes/BGPCommunitiesScenario_OpenBGPDIPv6/openbgpd77p/AS1.txt b/tests/live_tests/scenarios/communities/routes/BGPCommunitiesScenario_OpenBGPDIPv6/openbgpd77p/AS1.txt
new file mode 100644
index 00000000..99f3fa19
--- /dev/null
+++ b/tests/live_tests/scenarios/communities/routes/BGPCommunitiesScenario_OpenBGPDIPv6/openbgpd77p/AS1.txt
@@ -0,0 +1,28 @@
+2a00:1::/32, AS_PATH: 2, NEXT_HOP: 2001:db8:1:1::22, via 2001:db8:1:1::2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a00:2::/32, AS_PATH: 2, NEXT_HOP: 2001:db8:1:1::22, via 2001:db8:1:1::2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a00:3::/32, AS_PATH: 2, NEXT_HOP: 2001:db8:1:1::22, via 2001:db8:1:1::2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a00:6::/32, AS_PATH: 2, NEXT_HOP: 2001:db8:1:1::22, via 2001:db8:1:1::2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
diff --git a/tests/live_tests/scenarios/communities/routes/BGPCommunitiesScenario_OpenBGPDIPv6/openbgpd77p/AS131073.txt b/tests/live_tests/scenarios/communities/routes/BGPCommunitiesScenario_OpenBGPDIPv6/openbgpd77p/AS131073.txt
new file mode 100644
index 00000000..ff54ced5
--- /dev/null
+++ b/tests/live_tests/scenarios/communities/routes/BGPCommunitiesScenario_OpenBGPDIPv6/openbgpd77p/AS131073.txt
@@ -0,0 +1,28 @@
+2a00:4::/32, AS_PATH: 2, NEXT_HOP: 2001:db8:1:1::22, via 2001:db8:1:1::2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a00:5::/32, AS_PATH: 2, NEXT_HOP: 2001:db8:1:1::22, via 2001:db8:1:1::2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a00:6::/32, AS_PATH: 2, NEXT_HOP: 2001:db8:1:1::22, via 2001:db8:1:1::2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a01:1::/32, AS_PATH: 1, NEXT_HOP: 2001:db8:1:1::11, via 2001:db8:1:1::2
+  std comms: 65501:65501
+  ext comms: rt:65501:65501
+  lrg comms: 999:65501:65501
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
diff --git a/tests/live_tests/scenarios/communities/routes/BGPCommunitiesScenario_OpenBGPDIPv6/openbgpd77p/AS2.txt b/tests/live_tests/scenarios/communities/routes/BGPCommunitiesScenario_OpenBGPDIPv6/openbgpd77p/AS2.txt
new file mode 100644
index 00000000..6f4f0803
--- /dev/null
+++ b/tests/live_tests/scenarios/communities/routes/BGPCommunitiesScenario_OpenBGPDIPv6/openbgpd77p/AS2.txt
@@ -0,0 +1,7 @@
+2a01:1::/32, AS_PATH: 1, NEXT_HOP: 2001:db8:1:1::11, via 2001:db8:1:1::2
+  std comms: 65501:65501
+  ext comms: rt:65501:65501
+  lrg comms: 999:65501:65501
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
diff --git a/tests/live_tests/scenarios/communities/routes/BGPCommunitiesScenario_OpenBGPDIPv6/openbgpd77p/rs.txt b/tests/live_tests/scenarios/communities/routes/BGPCommunitiesScenario_OpenBGPDIPv6/openbgpd77p/rs.txt
new file mode 100644
index 00000000..fff34e4e
--- /dev/null
+++ b/tests/live_tests/scenarios/communities/routes/BGPCommunitiesScenario_OpenBGPDIPv6/openbgpd77p/rs.txt
@@ -0,0 +1,49 @@
+2a00:1::/32, AS_PATH: 2, NEXT_HOP: 2001:db8:1:1::22, via 2001:db8:1:1::22
+  std comms: 0:999, 999:1
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a00:2::/32, AS_PATH: 2, NEXT_HOP: 2001:db8:1:1::22, via 2001:db8:1:1::22
+  std comms:
+  ext comms: rt:0:999, rt:999:1
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a00:3::/32, AS_PATH: 2, NEXT_HOP: 2001:db8:1:1::22, via 2001:db8:1:1::22
+  std comms:
+  ext comms:
+  lrg comms: 999:0:999, 999:999:1
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a00:4::/32, AS_PATH: 2, NEXT_HOP: 2001:db8:1:1::22, via 2001:db8:1:1::22
+  std comms: 0:999
+  ext comms: rt:999:131073
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a00:5::/32, AS_PATH: 2, NEXT_HOP: 2001:db8:1:1::22, via 2001:db8:1:1::22
+  std comms:
+  ext comms:
+  lrg comms: 999:0:999, 999:999:131073
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a00:6::/32, AS_PATH: 2, NEXT_HOP: 2001:db8:1:1::22, via 2001:db8:1:1::22
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a01:1::/32, AS_PATH: 1, NEXT_HOP: 2001:db8:1:1::11, via 2001:db8:1:1::11
+  std comms: 65501:65501
+  ext comms: rt:65501:65501
+  lrg comms: 999:65501:65501
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
diff --git a/tests/live_tests/scenarios/default/configs/DefaultConfigScenarioOpenBGPD_IPv4/openbgpd76p.conf b/tests/live_tests/scenarios/default/configs/DefaultConfigScenarioOpenBGPD_IPv4/openbgpd76p.conf
new file mode 100644
index 00000000..c47a7620
--- /dev/null
+++ b/tests/live_tests/scenarios/default/configs/DefaultConfigScenarioOpenBGPD_IPv4/openbgpd76p.conf
@@ -0,0 +1,1273 @@
+# built by ARouteServer
+AS 999
+router-id 192.0.2.2
+
+fib-update no
+log updates
+
+nexthop qualify via default
+
+rde evaluate all
+
+INTCOMM_PREF_OK_ROA="soo 65535:1"
+INTCOMM_ROUTE_OK_WL="soo 65535:2"
+INTCOMM_PREF_OK_ARINDB="soo 65535:3"
+INTCOMM_PREF_OK_REGISTROBRDB="soo 65535:12"
+
+INTCOMM_ORIGIN_OK="soo 65535:4"
+INTCOMM_ORIGIN_KO="soo 65535:5"
+INTCOMM_PREFIX_OK="soo 65535:6"
+INTCOMM_PREFIX_KO="soo 65535:7"
+INTCOMM_IRR_REJECT="soo 65535:8"
+
+INTCOMM_RPKI_UNKNOWN="soo 65535:9"
+INTCOMM_RPKI_INVALID="soo 65535:10"
+INTCOMM_RPKI_VALID="soo 65535:11"
+
+INTCOMM_PROCESS_PREPEND_COMMS="soo 65535:13"
+
+INTCOMM_NO_EXPORT="soo 65535:65281"
+INTCOMM_NO_ADVERTISE="soo 65535:65282"
+
+# ---------------------------------------------------------
+# IRRDB
+
+# AS3333, used by client AS3333_1
+as-set "AS_SET_AS3333_asns" {
+    3333
+}
+prefix-set "AS_SET_AS3333_prefixes" {
+    193.0.0.0/21
+}
+
+# AS10745, used by client AS10745_1, client AS10745_2
+as-set "AS_SET_AS10745_asns" {
+    10745
+}
+prefix-set "AS_SET_AS10745_prefixes" {
+    199.43.0.0/24
+}
+
+
+
+
+# ---------------------------------------------------------
+# MEMBERS
+
+group "clients" {
+
+	neighbor 192.0.2.22 {
+		remote-as 10745
+
+		rde evaluate all
+
+		passive
+		ttl-security no
+		transparent-as yes
+		enforce neighbor-as no
+
+		announce as-4byte yes
+		announce IPv6 none
+		announce IPv4 unicast
+
+		set nexthop no-modify
+	}
+
+	neighbor 2001:db:1:1::22 {
+		remote-as 10745
+
+		rde evaluate all
+
+		passive
+		ttl-security no
+		transparent-as yes
+		enforce neighbor-as no
+
+		announce as-4byte yes
+		announce IPv6 unicast
+		announce IPv4 none
+
+		set nexthop no-modify
+	}
+
+	neighbor 192.0.2.11 {
+		remote-as 3333
+
+		rde evaluate all
+
+		passive
+		ttl-security no
+		transparent-as yes
+		enforce neighbor-as no
+
+		announce as-4byte yes
+		announce IPv6 none
+		announce IPv4 unicast
+
+		set nexthop no-modify
+	}
+}
+
+
+
+# ---------------------------------------------------------
+# FILTERS
+
+# NO_ADVERTISE usage notes.
+# The NO_ADVERTISE well-know community is used here to handle
+# filters that span over multiple steps. At first it is added
+# to any route, then it is removed as filters conditions are
+# satisfied. Finally, if it is still present, it means that
+# the route should be discarded.
+
+
+
+
+
+prefix-set "bogons" {
+    0.0.0.0/0
+    0.0.0.0/8 prefixlen 8 - 32
+    10.0.0.0/8 prefixlen 8 - 32
+    127.0.0.0/8 prefixlen 8 - 32
+    169.254.0.0/16 prefixlen 16 - 32
+    172.16.0.0/12 prefixlen 12 - 32
+    192.0.2.0/24 prefixlen 24 - 32
+    192.88.99.0/24 prefixlen 24 - 32
+    192.168.0.0/16 prefixlen 16 - 32
+    198.18.0.0/15 prefixlen 15 - 32
+    198.51.100.0/24 prefixlen 24 - 32
+    203.0.113.0/24 prefixlen 24 - 32
+    224.0.0.0/3 prefixlen 3 - 32
+    100.64.0.0/10 prefixlen 10 - 32
+    ::/0
+    ::/8 prefixlen 8 - 128
+    64:ff9b::/96 prefixlen 96 - 128
+    100::/8 prefixlen 8 - 128
+    200::/7 prefixlen 7 - 128
+    400::/6 prefixlen 6 - 128
+    800::/5 prefixlen 5 - 128
+    1000::/4 prefixlen 4 - 128
+    2001::/33 prefixlen 33 - 128
+    2001:0:8000::/33 prefixlen 33 - 128
+    2001:2::/48 prefixlen 48 - 128
+    2001:3::/32 prefixlen 32 - 128
+    2001:10::/28 prefixlen 28 - 128
+    2001:20::/28 prefixlen 28 - 128
+    2001:db8::/32 prefixlen 32 - 128
+    2002::/16 prefixlen 16 - 128
+    3ffe::/16 prefixlen 16 - 128
+    4000::/3 prefixlen 3 - 128
+    5f00::/8 prefixlen 8 - 128
+    6000::/3 prefixlen 3 - 128
+    8000::/3 prefixlen 3 - 128
+    a000::/3 prefixlen 3 - 128
+    c000::/3 prefixlen 3 - 128
+    e000::/4 prefixlen 4 - 128
+    f000::/5 prefixlen 5 - 128
+    f800::/6 prefixlen 6 - 128
+    fc00::/7 prefixlen 7 - 128
+    fe80::/10 prefixlen 10 - 128
+    fec0::/10 prefixlen 10 - 128
+    ff00::/8 prefixlen 8 - 128
+
+}
+
+
+# =====================================================================================
+# Global rules.
+
+# This part of configuration is processed at the beginning of the filters.
+# The rules defined in this part are applied to all the clients, and not on a
+# client-by-client basis (see the 'match from group clients'), so only global policies
+# can be implemented here, that is no client-level configuration are allowed.
+
+
+
+# Scrub communities from inbound routes
+# reject_cause
+match from group clients set community delete 65520:*
+
+# reject_cause_map_6
+match from group clients set large-community delete 999:1101:7
+
+# rejected_route_announced_by
+match from group clients set ext-community delete rt 65520:*
+
+
+# Scrub internal communities from inbound routes
+match from group clients set {
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+# The main goal of this block is to enrich routes received from clients by attaching to them
+# internal informational communities which are used later by the rest of the filter rules.
+
+# Internal communities used for RFC1997 well-known communities handling
+
+# Transform NO_EXPORT into $INTCOMM_NO_EXPORT
+match from group clients community NO_EXPORT set { ext-community $INTCOMM_NO_EXPORT community delete NO_EXPORT }
+
+# Transform NO_ADVERTISE into $INTCOMM_NO_ADVERTISE
+match from group clients community NO_ADVERTISE set { ext-community $INTCOMM_NO_ADVERTISE community delete NO_ADVERTISE }
+
+
+
+
+
+
+
+
+
+# Set the 'rejected_route_announced_by' community for all the clients.
+# It will be removed later if the route is not invalid
+match from 192.0.2.22 set ext-community rt 65520:10745
+
+match from 2001:db:1:1::22 set ext-community rt 65520:10745
+
+match from 192.0.2.11 set ext-community rt 65520:3333
+
+
+
+
+# AS_PATH: length
+# Reject inbound routes when 'from group clients max-as-len 32' - reject code: 1
+allow quick from group clients max-as-len 32 set {
+	localpref 1
+	community 65520:0
+	community 65520:1
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+# Prefix: only IPv6 Global Unicast space allowed
+match from group clients inet6 set community NO_ADVERTISE
+match from group clients prefix 2000::/3 or-longer set community delete NO_ADVERTISE
+# Reject inbound routes when 'from group clients community NO_ADVERTISE' - reject code: 10
+allow quick from group clients community NO_ADVERTISE set {
+	localpref 1
+	community 65520:0
+	community 65520:10
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# Prefix: bogon
+# Reject inbound routes when 'from group clients prefix-set bogons' - reject code: 2
+allow quick from group clients prefix-set bogons set {
+	localpref 1
+	community 65520:0
+	community 65520:2
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+
+# =====================================================================================
+# Per client rules.
+
+
+# ---------------------------------------------
+# client AS10745_1, inbound
+
+
+
+# NEXT_HOP
+match from 192.0.2.22 set community NO_ADVERTISE
+match from 192.0.2.22 nexthop 192.0.2.22 set community delete NO_ADVERTISE
+# Reject inbound routes when 'from 192.0.2.22 community NO_ADVERTISE' - reject code: 5
+allow quick from 192.0.2.22 community NO_ADVERTISE set {
+	localpref 1
+	community 65520:0
+	community 65520:5
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: left-most ASN
+# Reject inbound routes when 'from 192.0.2.22 peer-as != 10745' - reject code: 6
+# community from reject_cause_map
+allow quick from 192.0.2.22 peer-as != 10745 set {
+	localpref 1
+	community 65520:0
+	community 65520:6
+	large-community 999:1101:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: invalid ASNs
+# Reject inbound routes when 'from 192.0.2.22 AS 23456' - reject code: 7
+allow quick from 192.0.2.22 AS 23456 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 192.0.2.22 AS 64496 - 131071' - reject code: 7
+allow quick from 192.0.2.22 AS 64496 - 131071 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 192.0.2.22 AS 4200000000 - 4294967295' - reject code: 7
+allow quick from 192.0.2.22 AS 4200000000 - 4294967295 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+
+
+match from 192.0.2.22 set ext-community $INTCOMM_IRR_REJECT
+
+# AS_PATH: check origin via AS-SET
+# IRRDB filters for AS10745_1, AS10745: asns
+# add $INTCOMM_ORIGIN_KO to any; it will be removed later if at least one AS-SET authorizes this object
+match from 192.0.2.22 set ext-community $INTCOMM_ORIGIN_KO
+# verifying if object is authorized by AS-SETs
+match from 192.0.2.22 source-as as-set AS_SET_AS10745_asns set {
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community $INTCOMM_ORIGIN_OK
+} # AS10745
+
+
+# Prefix: check prefix via AS-SET
+# IRRDB filters for AS10745_1, AS10745: prefixes
+# add $INTCOMM_PREFIX_KO to any; it will be removed later if at least one AS-SET authorizes this object
+match from 192.0.2.22 set ext-community $INTCOMM_PREFIX_KO
+# verifying if object is authorized by AS-SETs
+match from 192.0.2.22 prefix-set AS_SET_AS10745_prefixes set {
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community $INTCOMM_PREFIX_OK
+} # AS10745
+
+
+
+
+
+
+# enforcing: origin ASN
+# Reject inbound routes when 'from 192.0.2.22 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_ORIGIN_KO' - reject code: 9
+allow quick from 192.0.2.22 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_ORIGIN_KO set {
+	localpref 1
+	community 65520:0
+	community 65520:9
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# enforcing: prefix
+# Reject inbound routes when 'from 192.0.2.22 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_PREFIX_KO' - reject code: 12
+allow quick from 192.0.2.22 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_PREFIX_KO set {
+	localpref 1
+	community 65520:0
+	community 65520:12
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+
+# Prefix: length
+# Reject inbound routes when 'from 192.0.2.22 prefix 0.0.0.0/0 prefixlen 8 >< 24' - reject code: 13
+allow quick from 192.0.2.22 prefix 0.0.0.0/0 prefixlen 8 >< 24 set {
+	localpref 1
+	community 65520:0
+	community 65520:13
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+# Remove internal communities before accepting the route
+match from 192.0.2.22 set {
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+match from 192.0.2.22 set ext-community delete rt 65520:10745
+
+
+
+allow quick from 192.0.2.22
+
+
+
+# ---------------------------------------------
+# client AS10745_1, outbound
+
+deny quick to 192.0.2.22 community 65520:0
+
+
+
+# Blackhole request?
+# No blackhole filtering policy given
+deny quick to 192.0.2.22 community BLACKHOLE
+
+
+
+# NO_EXPORT and NO_ADVERTISE communities
+
+# BGP control communities
+allow to 192.0.2.22
+
+
+# Add the $INTCOMM_PROCESS_PREPEND_COMMS ext community to signal that communities
+# for prepending can be processed. As soon as one prepending action is performed,
+# this internal community is removed, so that further actions are not processed.
+match to 192.0.2.22 set ext-community $INTCOMM_PROCESS_PREPEND_COMMS
+
+
+
+
+
+# ---------------------------------------------
+# client AS10745_2, inbound
+
+
+
+# NEXT_HOP
+match from 2001:db:1:1::22 set community NO_ADVERTISE
+match from 2001:db:1:1::22 nexthop 2001:db:1:1::22 set community delete NO_ADVERTISE
+# Reject inbound routes when 'from 2001:db:1:1::22 community NO_ADVERTISE' - reject code: 5
+allow quick from 2001:db:1:1::22 community NO_ADVERTISE set {
+	localpref 1
+	community 65520:0
+	community 65520:5
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: left-most ASN
+# Reject inbound routes when 'from 2001:db:1:1::22 peer-as != 10745' - reject code: 6
+# community from reject_cause_map
+allow quick from 2001:db:1:1::22 peer-as != 10745 set {
+	localpref 1
+	community 65520:0
+	community 65520:6
+	large-community 999:1101:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: invalid ASNs
+# Reject inbound routes when 'from 2001:db:1:1::22 AS 23456' - reject code: 7
+allow quick from 2001:db:1:1::22 AS 23456 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 2001:db:1:1::22 AS 64496 - 131071' - reject code: 7
+allow quick from 2001:db:1:1::22 AS 64496 - 131071 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 2001:db:1:1::22 AS 4200000000 - 4294967295' - reject code: 7
+allow quick from 2001:db:1:1::22 AS 4200000000 - 4294967295 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+
+
+match from 2001:db:1:1::22 set ext-community $INTCOMM_IRR_REJECT
+
+# AS_PATH: check origin via AS-SET
+# IRRDB filters for AS10745_2, AS10745: asns
+# add $INTCOMM_ORIGIN_KO to any; it will be removed later if at least one AS-SET authorizes this object
+match from 2001:db:1:1::22 set ext-community $INTCOMM_ORIGIN_KO
+# verifying if object is authorized by AS-SETs
+match from 2001:db:1:1::22 source-as as-set AS_SET_AS10745_asns set {
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community $INTCOMM_ORIGIN_OK
+} # AS10745
+
+
+# Prefix: check prefix via AS-SET
+# IRRDB filters for AS10745_2, AS10745: prefixes
+# add $INTCOMM_PREFIX_KO to any; it will be removed later if at least one AS-SET authorizes this object
+match from 2001:db:1:1::22 set ext-community $INTCOMM_PREFIX_KO
+# verifying if object is authorized by AS-SETs
+match from 2001:db:1:1::22 prefix-set AS_SET_AS10745_prefixes set {
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community $INTCOMM_PREFIX_OK
+} # AS10745
+
+
+
+
+
+
+# enforcing: origin ASN
+# Reject inbound routes when 'from 2001:db:1:1::22 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_ORIGIN_KO' - reject code: 9
+allow quick from 2001:db:1:1::22 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_ORIGIN_KO set {
+	localpref 1
+	community 65520:0
+	community 65520:9
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# enforcing: prefix
+# Reject inbound routes when 'from 2001:db:1:1::22 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_PREFIX_KO' - reject code: 12
+allow quick from 2001:db:1:1::22 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_PREFIX_KO set {
+	localpref 1
+	community 65520:0
+	community 65520:12
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+
+# Prefix: length
+# Reject inbound routes when 'from 2001:db:1:1::22 prefix ::/0 prefixlen 12 >< 48' - reject code: 13
+allow quick from 2001:db:1:1::22 prefix ::/0 prefixlen 12 >< 48 set {
+	localpref 1
+	community 65520:0
+	community 65520:13
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+# Remove internal communities before accepting the route
+match from 2001:db:1:1::22 set {
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+match from 2001:db:1:1::22 set ext-community delete rt 65520:10745
+
+
+
+allow quick from 2001:db:1:1::22
+
+
+
+# ---------------------------------------------
+# client AS10745_2, outbound
+
+deny quick to 2001:db:1:1::22 community 65520:0
+
+
+
+# Blackhole request?
+# No blackhole filtering policy given
+deny quick to 2001:db:1:1::22 community BLACKHOLE
+
+
+
+# NO_EXPORT and NO_ADVERTISE communities
+
+# BGP control communities
+allow to 2001:db:1:1::22
+
+
+# Add the $INTCOMM_PROCESS_PREPEND_COMMS ext community to signal that communities
+# for prepending can be processed. As soon as one prepending action is performed,
+# this internal community is removed, so that further actions are not processed.
+match to 2001:db:1:1::22 set ext-community $INTCOMM_PROCESS_PREPEND_COMMS
+
+
+
+
+
+# ---------------------------------------------
+# client AS3333_1, inbound
+
+
+
+# NEXT_HOP
+match from 192.0.2.11 set community NO_ADVERTISE
+match from 192.0.2.11 nexthop 192.0.2.11 set community delete NO_ADVERTISE
+# Reject inbound routes when 'from 192.0.2.11 community NO_ADVERTISE' - reject code: 5
+allow quick from 192.0.2.11 community NO_ADVERTISE set {
+	localpref 1
+	community 65520:0
+	community 65520:5
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: left-most ASN
+# Reject inbound routes when 'from 192.0.2.11 peer-as != 3333' - reject code: 6
+# community from reject_cause_map
+allow quick from 192.0.2.11 peer-as != 3333 set {
+	localpref 1
+	community 65520:0
+	community 65520:6
+	large-community 999:1101:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: invalid ASNs
+# Reject inbound routes when 'from 192.0.2.11 AS 23456' - reject code: 7
+allow quick from 192.0.2.11 AS 23456 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 192.0.2.11 AS 64496 - 131071' - reject code: 7
+allow quick from 192.0.2.11 AS 64496 - 131071 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 192.0.2.11 AS 4200000000 - 4294967295' - reject code: 7
+allow quick from 192.0.2.11 AS 4200000000 - 4294967295 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+
+
+match from 192.0.2.11 set ext-community $INTCOMM_IRR_REJECT
+
+# AS_PATH: check origin via AS-SET
+# IRRDB filters for AS3333_1, AS3333: asns
+# add $INTCOMM_ORIGIN_KO to any; it will be removed later if at least one AS-SET authorizes this object
+match from 192.0.2.11 set ext-community $INTCOMM_ORIGIN_KO
+# verifying if object is authorized by AS-SETs
+match from 192.0.2.11 source-as as-set AS_SET_AS3333_asns set {
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community $INTCOMM_ORIGIN_OK
+} # AS3333
+
+
+# Prefix: check prefix via AS-SET
+# IRRDB filters for AS3333_1, AS3333: prefixes
+# add $INTCOMM_PREFIX_KO to any; it will be removed later if at least one AS-SET authorizes this object
+match from 192.0.2.11 set ext-community $INTCOMM_PREFIX_KO
+# verifying if object is authorized by AS-SETs
+match from 192.0.2.11 prefix-set AS_SET_AS3333_prefixes set {
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community $INTCOMM_PREFIX_OK
+} # AS3333
+
+
+
+
+
+
+# enforcing: origin ASN
+# Reject inbound routes when 'from 192.0.2.11 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_ORIGIN_KO' - reject code: 9
+allow quick from 192.0.2.11 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_ORIGIN_KO set {
+	localpref 1
+	community 65520:0
+	community 65520:9
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# enforcing: prefix
+# Reject inbound routes when 'from 192.0.2.11 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_PREFIX_KO' - reject code: 12
+allow quick from 192.0.2.11 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_PREFIX_KO set {
+	localpref 1
+	community 65520:0
+	community 65520:12
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+
+# Prefix: length
+# Reject inbound routes when 'from 192.0.2.11 prefix 0.0.0.0/0 prefixlen 8 >< 24' - reject code: 13
+allow quick from 192.0.2.11 prefix 0.0.0.0/0 prefixlen 8 >< 24 set {
+	localpref 1
+	community 65520:0
+	community 65520:13
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+# Remove internal communities before accepting the route
+match from 192.0.2.11 set {
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+match from 192.0.2.11 set ext-community delete rt 65520:3333
+
+
+
+allow quick from 192.0.2.11
+
+
+
+# ---------------------------------------------
+# client AS3333_1, outbound
+
+deny quick to 192.0.2.11 community 65520:0
+
+
+
+# Blackhole request?
+# No blackhole filtering policy given
+deny quick to 192.0.2.11 community BLACKHOLE
+
+
+
+# NO_EXPORT and NO_ADVERTISE communities
+
+# BGP control communities
+allow to 192.0.2.11
+
+
+# Add the $INTCOMM_PROCESS_PREPEND_COMMS ext community to signal that communities
+# for prepending can be processed. As soon as one prepending action is performed,
+# this internal community is removed, so that further actions are not processed.
+match to 192.0.2.11 set ext-community $INTCOMM_PROCESS_PREPEND_COMMS
+
+
+
+
+
+
+
+# Scrub communities from outbound routes
+# reject_cause
+match to group clients set community delete 65520:*
+
+# reject_cause_map_6
+match to group clients set large-community delete 999:1101:7
+
+# rejected_route_announced_by
+match to group clients set ext-community delete rt 65520:*
+
+
+# Scrub prepending communities
+
+
+# RFC1997 NO_EXPORT/NO_ADVERTISE received from clients and propagated because of pass-through policy
+match to group clients ext-community $INTCOMM_NO_EXPORT set community NO_EXPORT
+match to group clients ext-community $INTCOMM_NO_ADVERTISE set community NO_ADVERTISE
+
+# Remove internal communities before announcing the route
+match to group clients set {
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
diff --git a/tests/live_tests/scenarios/default/configs/DefaultConfigScenarioOpenBGPD_IPv4/openbgpd77p.conf b/tests/live_tests/scenarios/default/configs/DefaultConfigScenarioOpenBGPD_IPv4/openbgpd77p.conf
new file mode 100644
index 00000000..c47a7620
--- /dev/null
+++ b/tests/live_tests/scenarios/default/configs/DefaultConfigScenarioOpenBGPD_IPv4/openbgpd77p.conf
@@ -0,0 +1,1273 @@
+# built by ARouteServer
+AS 999
+router-id 192.0.2.2
+
+fib-update no
+log updates
+
+nexthop qualify via default
+
+rde evaluate all
+
+INTCOMM_PREF_OK_ROA="soo 65535:1"
+INTCOMM_ROUTE_OK_WL="soo 65535:2"
+INTCOMM_PREF_OK_ARINDB="soo 65535:3"
+INTCOMM_PREF_OK_REGISTROBRDB="soo 65535:12"
+
+INTCOMM_ORIGIN_OK="soo 65535:4"
+INTCOMM_ORIGIN_KO="soo 65535:5"
+INTCOMM_PREFIX_OK="soo 65535:6"
+INTCOMM_PREFIX_KO="soo 65535:7"
+INTCOMM_IRR_REJECT="soo 65535:8"
+
+INTCOMM_RPKI_UNKNOWN="soo 65535:9"
+INTCOMM_RPKI_INVALID="soo 65535:10"
+INTCOMM_RPKI_VALID="soo 65535:11"
+
+INTCOMM_PROCESS_PREPEND_COMMS="soo 65535:13"
+
+INTCOMM_NO_EXPORT="soo 65535:65281"
+INTCOMM_NO_ADVERTISE="soo 65535:65282"
+
+# ---------------------------------------------------------
+# IRRDB
+
+# AS3333, used by client AS3333_1
+as-set "AS_SET_AS3333_asns" {
+    3333
+}
+prefix-set "AS_SET_AS3333_prefixes" {
+    193.0.0.0/21
+}
+
+# AS10745, used by client AS10745_1, client AS10745_2
+as-set "AS_SET_AS10745_asns" {
+    10745
+}
+prefix-set "AS_SET_AS10745_prefixes" {
+    199.43.0.0/24
+}
+
+
+
+
+# ---------------------------------------------------------
+# MEMBERS
+
+group "clients" {
+
+	neighbor 192.0.2.22 {
+		remote-as 10745
+
+		rde evaluate all
+
+		passive
+		ttl-security no
+		transparent-as yes
+		enforce neighbor-as no
+
+		announce as-4byte yes
+		announce IPv6 none
+		announce IPv4 unicast
+
+		set nexthop no-modify
+	}
+
+	neighbor 2001:db:1:1::22 {
+		remote-as 10745
+
+		rde evaluate all
+
+		passive
+		ttl-security no
+		transparent-as yes
+		enforce neighbor-as no
+
+		announce as-4byte yes
+		announce IPv6 unicast
+		announce IPv4 none
+
+		set nexthop no-modify
+	}
+
+	neighbor 192.0.2.11 {
+		remote-as 3333
+
+		rde evaluate all
+
+		passive
+		ttl-security no
+		transparent-as yes
+		enforce neighbor-as no
+
+		announce as-4byte yes
+		announce IPv6 none
+		announce IPv4 unicast
+
+		set nexthop no-modify
+	}
+}
+
+
+
+# ---------------------------------------------------------
+# FILTERS
+
+# NO_ADVERTISE usage notes.
+# The NO_ADVERTISE well-know community is used here to handle
+# filters that span over multiple steps. At first it is added
+# to any route, then it is removed as filters conditions are
+# satisfied. Finally, if it is still present, it means that
+# the route should be discarded.
+
+
+
+
+
+prefix-set "bogons" {
+    0.0.0.0/0
+    0.0.0.0/8 prefixlen 8 - 32
+    10.0.0.0/8 prefixlen 8 - 32
+    127.0.0.0/8 prefixlen 8 - 32
+    169.254.0.0/16 prefixlen 16 - 32
+    172.16.0.0/12 prefixlen 12 - 32
+    192.0.2.0/24 prefixlen 24 - 32
+    192.88.99.0/24 prefixlen 24 - 32
+    192.168.0.0/16 prefixlen 16 - 32
+    198.18.0.0/15 prefixlen 15 - 32
+    198.51.100.0/24 prefixlen 24 - 32
+    203.0.113.0/24 prefixlen 24 - 32
+    224.0.0.0/3 prefixlen 3 - 32
+    100.64.0.0/10 prefixlen 10 - 32
+    ::/0
+    ::/8 prefixlen 8 - 128
+    64:ff9b::/96 prefixlen 96 - 128
+    100::/8 prefixlen 8 - 128
+    200::/7 prefixlen 7 - 128
+    400::/6 prefixlen 6 - 128
+    800::/5 prefixlen 5 - 128
+    1000::/4 prefixlen 4 - 128
+    2001::/33 prefixlen 33 - 128
+    2001:0:8000::/33 prefixlen 33 - 128
+    2001:2::/48 prefixlen 48 - 128
+    2001:3::/32 prefixlen 32 - 128
+    2001:10::/28 prefixlen 28 - 128
+    2001:20::/28 prefixlen 28 - 128
+    2001:db8::/32 prefixlen 32 - 128
+    2002::/16 prefixlen 16 - 128
+    3ffe::/16 prefixlen 16 - 128
+    4000::/3 prefixlen 3 - 128
+    5f00::/8 prefixlen 8 - 128
+    6000::/3 prefixlen 3 - 128
+    8000::/3 prefixlen 3 - 128
+    a000::/3 prefixlen 3 - 128
+    c000::/3 prefixlen 3 - 128
+    e000::/4 prefixlen 4 - 128
+    f000::/5 prefixlen 5 - 128
+    f800::/6 prefixlen 6 - 128
+    fc00::/7 prefixlen 7 - 128
+    fe80::/10 prefixlen 10 - 128
+    fec0::/10 prefixlen 10 - 128
+    ff00::/8 prefixlen 8 - 128
+
+}
+
+
+# =====================================================================================
+# Global rules.
+
+# This part of configuration is processed at the beginning of the filters.
+# The rules defined in this part are applied to all the clients, and not on a
+# client-by-client basis (see the 'match from group clients'), so only global policies
+# can be implemented here, that is no client-level configuration are allowed.
+
+
+
+# Scrub communities from inbound routes
+# reject_cause
+match from group clients set community delete 65520:*
+
+# reject_cause_map_6
+match from group clients set large-community delete 999:1101:7
+
+# rejected_route_announced_by
+match from group clients set ext-community delete rt 65520:*
+
+
+# Scrub internal communities from inbound routes
+match from group clients set {
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+# The main goal of this block is to enrich routes received from clients by attaching to them
+# internal informational communities which are used later by the rest of the filter rules.
+
+# Internal communities used for RFC1997 well-known communities handling
+
+# Transform NO_EXPORT into $INTCOMM_NO_EXPORT
+match from group clients community NO_EXPORT set { ext-community $INTCOMM_NO_EXPORT community delete NO_EXPORT }
+
+# Transform NO_ADVERTISE into $INTCOMM_NO_ADVERTISE
+match from group clients community NO_ADVERTISE set { ext-community $INTCOMM_NO_ADVERTISE community delete NO_ADVERTISE }
+
+
+
+
+
+
+
+
+
+# Set the 'rejected_route_announced_by' community for all the clients.
+# It will be removed later if the route is not invalid
+match from 192.0.2.22 set ext-community rt 65520:10745
+
+match from 2001:db:1:1::22 set ext-community rt 65520:10745
+
+match from 192.0.2.11 set ext-community rt 65520:3333
+
+
+
+
+# AS_PATH: length
+# Reject inbound routes when 'from group clients max-as-len 32' - reject code: 1
+allow quick from group clients max-as-len 32 set {
+	localpref 1
+	community 65520:0
+	community 65520:1
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+# Prefix: only IPv6 Global Unicast space allowed
+match from group clients inet6 set community NO_ADVERTISE
+match from group clients prefix 2000::/3 or-longer set community delete NO_ADVERTISE
+# Reject inbound routes when 'from group clients community NO_ADVERTISE' - reject code: 10
+allow quick from group clients community NO_ADVERTISE set {
+	localpref 1
+	community 65520:0
+	community 65520:10
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# Prefix: bogon
+# Reject inbound routes when 'from group clients prefix-set bogons' - reject code: 2
+allow quick from group clients prefix-set bogons set {
+	localpref 1
+	community 65520:0
+	community 65520:2
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+
+# =====================================================================================
+# Per client rules.
+
+
+# ---------------------------------------------
+# client AS10745_1, inbound
+
+
+
+# NEXT_HOP
+match from 192.0.2.22 set community NO_ADVERTISE
+match from 192.0.2.22 nexthop 192.0.2.22 set community delete NO_ADVERTISE
+# Reject inbound routes when 'from 192.0.2.22 community NO_ADVERTISE' - reject code: 5
+allow quick from 192.0.2.22 community NO_ADVERTISE set {
+	localpref 1
+	community 65520:0
+	community 65520:5
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: left-most ASN
+# Reject inbound routes when 'from 192.0.2.22 peer-as != 10745' - reject code: 6
+# community from reject_cause_map
+allow quick from 192.0.2.22 peer-as != 10745 set {
+	localpref 1
+	community 65520:0
+	community 65520:6
+	large-community 999:1101:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: invalid ASNs
+# Reject inbound routes when 'from 192.0.2.22 AS 23456' - reject code: 7
+allow quick from 192.0.2.22 AS 23456 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 192.0.2.22 AS 64496 - 131071' - reject code: 7
+allow quick from 192.0.2.22 AS 64496 - 131071 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 192.0.2.22 AS 4200000000 - 4294967295' - reject code: 7
+allow quick from 192.0.2.22 AS 4200000000 - 4294967295 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+
+
+match from 192.0.2.22 set ext-community $INTCOMM_IRR_REJECT
+
+# AS_PATH: check origin via AS-SET
+# IRRDB filters for AS10745_1, AS10745: asns
+# add $INTCOMM_ORIGIN_KO to any; it will be removed later if at least one AS-SET authorizes this object
+match from 192.0.2.22 set ext-community $INTCOMM_ORIGIN_KO
+# verifying if object is authorized by AS-SETs
+match from 192.0.2.22 source-as as-set AS_SET_AS10745_asns set {
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community $INTCOMM_ORIGIN_OK
+} # AS10745
+
+
+# Prefix: check prefix via AS-SET
+# IRRDB filters for AS10745_1, AS10745: prefixes
+# add $INTCOMM_PREFIX_KO to any; it will be removed later if at least one AS-SET authorizes this object
+match from 192.0.2.22 set ext-community $INTCOMM_PREFIX_KO
+# verifying if object is authorized by AS-SETs
+match from 192.0.2.22 prefix-set AS_SET_AS10745_prefixes set {
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community $INTCOMM_PREFIX_OK
+} # AS10745
+
+
+
+
+
+
+# enforcing: origin ASN
+# Reject inbound routes when 'from 192.0.2.22 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_ORIGIN_KO' - reject code: 9
+allow quick from 192.0.2.22 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_ORIGIN_KO set {
+	localpref 1
+	community 65520:0
+	community 65520:9
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# enforcing: prefix
+# Reject inbound routes when 'from 192.0.2.22 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_PREFIX_KO' - reject code: 12
+allow quick from 192.0.2.22 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_PREFIX_KO set {
+	localpref 1
+	community 65520:0
+	community 65520:12
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+
+# Prefix: length
+# Reject inbound routes when 'from 192.0.2.22 prefix 0.0.0.0/0 prefixlen 8 >< 24' - reject code: 13
+allow quick from 192.0.2.22 prefix 0.0.0.0/0 prefixlen 8 >< 24 set {
+	localpref 1
+	community 65520:0
+	community 65520:13
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+# Remove internal communities before accepting the route
+match from 192.0.2.22 set {
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+match from 192.0.2.22 set ext-community delete rt 65520:10745
+
+
+
+allow quick from 192.0.2.22
+
+
+
+# ---------------------------------------------
+# client AS10745_1, outbound
+
+deny quick to 192.0.2.22 community 65520:0
+
+
+
+# Blackhole request?
+# No blackhole filtering policy given
+deny quick to 192.0.2.22 community BLACKHOLE
+
+
+
+# NO_EXPORT and NO_ADVERTISE communities
+
+# BGP control communities
+allow to 192.0.2.22
+
+
+# Add the $INTCOMM_PROCESS_PREPEND_COMMS ext community to signal that communities
+# for prepending can be processed. As soon as one prepending action is performed,
+# this internal community is removed, so that further actions are not processed.
+match to 192.0.2.22 set ext-community $INTCOMM_PROCESS_PREPEND_COMMS
+
+
+
+
+
+# ---------------------------------------------
+# client AS10745_2, inbound
+
+
+
+# NEXT_HOP
+match from 2001:db:1:1::22 set community NO_ADVERTISE
+match from 2001:db:1:1::22 nexthop 2001:db:1:1::22 set community delete NO_ADVERTISE
+# Reject inbound routes when 'from 2001:db:1:1::22 community NO_ADVERTISE' - reject code: 5
+allow quick from 2001:db:1:1::22 community NO_ADVERTISE set {
+	localpref 1
+	community 65520:0
+	community 65520:5
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: left-most ASN
+# Reject inbound routes when 'from 2001:db:1:1::22 peer-as != 10745' - reject code: 6
+# community from reject_cause_map
+allow quick from 2001:db:1:1::22 peer-as != 10745 set {
+	localpref 1
+	community 65520:0
+	community 65520:6
+	large-community 999:1101:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: invalid ASNs
+# Reject inbound routes when 'from 2001:db:1:1::22 AS 23456' - reject code: 7
+allow quick from 2001:db:1:1::22 AS 23456 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 2001:db:1:1::22 AS 64496 - 131071' - reject code: 7
+allow quick from 2001:db:1:1::22 AS 64496 - 131071 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 2001:db:1:1::22 AS 4200000000 - 4294967295' - reject code: 7
+allow quick from 2001:db:1:1::22 AS 4200000000 - 4294967295 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+
+
+match from 2001:db:1:1::22 set ext-community $INTCOMM_IRR_REJECT
+
+# AS_PATH: check origin via AS-SET
+# IRRDB filters for AS10745_2, AS10745: asns
+# add $INTCOMM_ORIGIN_KO to any; it will be removed later if at least one AS-SET authorizes this object
+match from 2001:db:1:1::22 set ext-community $INTCOMM_ORIGIN_KO
+# verifying if object is authorized by AS-SETs
+match from 2001:db:1:1::22 source-as as-set AS_SET_AS10745_asns set {
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community $INTCOMM_ORIGIN_OK
+} # AS10745
+
+
+# Prefix: check prefix via AS-SET
+# IRRDB filters for AS10745_2, AS10745: prefixes
+# add $INTCOMM_PREFIX_KO to any; it will be removed later if at least one AS-SET authorizes this object
+match from 2001:db:1:1::22 set ext-community $INTCOMM_PREFIX_KO
+# verifying if object is authorized by AS-SETs
+match from 2001:db:1:1::22 prefix-set AS_SET_AS10745_prefixes set {
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community $INTCOMM_PREFIX_OK
+} # AS10745
+
+
+
+
+
+
+# enforcing: origin ASN
+# Reject inbound routes when 'from 2001:db:1:1::22 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_ORIGIN_KO' - reject code: 9
+allow quick from 2001:db:1:1::22 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_ORIGIN_KO set {
+	localpref 1
+	community 65520:0
+	community 65520:9
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# enforcing: prefix
+# Reject inbound routes when 'from 2001:db:1:1::22 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_PREFIX_KO' - reject code: 12
+allow quick from 2001:db:1:1::22 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_PREFIX_KO set {
+	localpref 1
+	community 65520:0
+	community 65520:12
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+
+# Prefix: length
+# Reject inbound routes when 'from 2001:db:1:1::22 prefix ::/0 prefixlen 12 >< 48' - reject code: 13
+allow quick from 2001:db:1:1::22 prefix ::/0 prefixlen 12 >< 48 set {
+	localpref 1
+	community 65520:0
+	community 65520:13
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+# Remove internal communities before accepting the route
+match from 2001:db:1:1::22 set {
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+match from 2001:db:1:1::22 set ext-community delete rt 65520:10745
+
+
+
+allow quick from 2001:db:1:1::22
+
+
+
+# ---------------------------------------------
+# client AS10745_2, outbound
+
+deny quick to 2001:db:1:1::22 community 65520:0
+
+
+
+# Blackhole request?
+# No blackhole filtering policy given
+deny quick to 2001:db:1:1::22 community BLACKHOLE
+
+
+
+# NO_EXPORT and NO_ADVERTISE communities
+
+# BGP control communities
+allow to 2001:db:1:1::22
+
+
+# Add the $INTCOMM_PROCESS_PREPEND_COMMS ext community to signal that communities
+# for prepending can be processed. As soon as one prepending action is performed,
+# this internal community is removed, so that further actions are not processed.
+match to 2001:db:1:1::22 set ext-community $INTCOMM_PROCESS_PREPEND_COMMS
+
+
+
+
+
+# ---------------------------------------------
+# client AS3333_1, inbound
+
+
+
+# NEXT_HOP
+match from 192.0.2.11 set community NO_ADVERTISE
+match from 192.0.2.11 nexthop 192.0.2.11 set community delete NO_ADVERTISE
+# Reject inbound routes when 'from 192.0.2.11 community NO_ADVERTISE' - reject code: 5
+allow quick from 192.0.2.11 community NO_ADVERTISE set {
+	localpref 1
+	community 65520:0
+	community 65520:5
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: left-most ASN
+# Reject inbound routes when 'from 192.0.2.11 peer-as != 3333' - reject code: 6
+# community from reject_cause_map
+allow quick from 192.0.2.11 peer-as != 3333 set {
+	localpref 1
+	community 65520:0
+	community 65520:6
+	large-community 999:1101:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: invalid ASNs
+# Reject inbound routes when 'from 192.0.2.11 AS 23456' - reject code: 7
+allow quick from 192.0.2.11 AS 23456 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 192.0.2.11 AS 64496 - 131071' - reject code: 7
+allow quick from 192.0.2.11 AS 64496 - 131071 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 192.0.2.11 AS 4200000000 - 4294967295' - reject code: 7
+allow quick from 192.0.2.11 AS 4200000000 - 4294967295 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+
+
+match from 192.0.2.11 set ext-community $INTCOMM_IRR_REJECT
+
+# AS_PATH: check origin via AS-SET
+# IRRDB filters for AS3333_1, AS3333: asns
+# add $INTCOMM_ORIGIN_KO to any; it will be removed later if at least one AS-SET authorizes this object
+match from 192.0.2.11 set ext-community $INTCOMM_ORIGIN_KO
+# verifying if object is authorized by AS-SETs
+match from 192.0.2.11 source-as as-set AS_SET_AS3333_asns set {
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community $INTCOMM_ORIGIN_OK
+} # AS3333
+
+
+# Prefix: check prefix via AS-SET
+# IRRDB filters for AS3333_1, AS3333: prefixes
+# add $INTCOMM_PREFIX_KO to any; it will be removed later if at least one AS-SET authorizes this object
+match from 192.0.2.11 set ext-community $INTCOMM_PREFIX_KO
+# verifying if object is authorized by AS-SETs
+match from 192.0.2.11 prefix-set AS_SET_AS3333_prefixes set {
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community $INTCOMM_PREFIX_OK
+} # AS3333
+
+
+
+
+
+
+# enforcing: origin ASN
+# Reject inbound routes when 'from 192.0.2.11 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_ORIGIN_KO' - reject code: 9
+allow quick from 192.0.2.11 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_ORIGIN_KO set {
+	localpref 1
+	community 65520:0
+	community 65520:9
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# enforcing: prefix
+# Reject inbound routes when 'from 192.0.2.11 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_PREFIX_KO' - reject code: 12
+allow quick from 192.0.2.11 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_PREFIX_KO set {
+	localpref 1
+	community 65520:0
+	community 65520:12
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+
+# Prefix: length
+# Reject inbound routes when 'from 192.0.2.11 prefix 0.0.0.0/0 prefixlen 8 >< 24' - reject code: 13
+allow quick from 192.0.2.11 prefix 0.0.0.0/0 prefixlen 8 >< 24 set {
+	localpref 1
+	community 65520:0
+	community 65520:13
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+# Remove internal communities before accepting the route
+match from 192.0.2.11 set {
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+match from 192.0.2.11 set ext-community delete rt 65520:3333
+
+
+
+allow quick from 192.0.2.11
+
+
+
+# ---------------------------------------------
+# client AS3333_1, outbound
+
+deny quick to 192.0.2.11 community 65520:0
+
+
+
+# Blackhole request?
+# No blackhole filtering policy given
+deny quick to 192.0.2.11 community BLACKHOLE
+
+
+
+# NO_EXPORT and NO_ADVERTISE communities
+
+# BGP control communities
+allow to 192.0.2.11
+
+
+# Add the $INTCOMM_PROCESS_PREPEND_COMMS ext community to signal that communities
+# for prepending can be processed. As soon as one prepending action is performed,
+# this internal community is removed, so that further actions are not processed.
+match to 192.0.2.11 set ext-community $INTCOMM_PROCESS_PREPEND_COMMS
+
+
+
+
+
+
+
+# Scrub communities from outbound routes
+# reject_cause
+match to group clients set community delete 65520:*
+
+# reject_cause_map_6
+match to group clients set large-community delete 999:1101:7
+
+# rejected_route_announced_by
+match to group clients set ext-community delete rt 65520:*
+
+
+# Scrub prepending communities
+
+
+# RFC1997 NO_EXPORT/NO_ADVERTISE received from clients and propagated because of pass-through policy
+match to group clients ext-community $INTCOMM_NO_EXPORT set community NO_EXPORT
+match to group clients ext-community $INTCOMM_NO_ADVERTISE set community NO_ADVERTISE
+
+# Remove internal communities before announcing the route
+match to group clients set {
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
diff --git a/tests/live_tests/scenarios/default/configs/DefaultConfigScenarioOpenBGPD_IPv6/openbgpd76p.conf b/tests/live_tests/scenarios/default/configs/DefaultConfigScenarioOpenBGPD_IPv6/openbgpd76p.conf
new file mode 100644
index 00000000..423372e3
--- /dev/null
+++ b/tests/live_tests/scenarios/default/configs/DefaultConfigScenarioOpenBGPD_IPv6/openbgpd76p.conf
@@ -0,0 +1,1273 @@
+# built by ARouteServer
+AS 999
+router-id 192.0.2.2
+
+fib-update no
+log updates
+
+nexthop qualify via default
+
+rde evaluate all
+
+INTCOMM_PREF_OK_ROA="soo 65535:1"
+INTCOMM_ROUTE_OK_WL="soo 65535:2"
+INTCOMM_PREF_OK_ARINDB="soo 65535:3"
+INTCOMM_PREF_OK_REGISTROBRDB="soo 65535:12"
+
+INTCOMM_ORIGIN_OK="soo 65535:4"
+INTCOMM_ORIGIN_KO="soo 65535:5"
+INTCOMM_PREFIX_OK="soo 65535:6"
+INTCOMM_PREFIX_KO="soo 65535:7"
+INTCOMM_IRR_REJECT="soo 65535:8"
+
+INTCOMM_RPKI_UNKNOWN="soo 65535:9"
+INTCOMM_RPKI_INVALID="soo 65535:10"
+INTCOMM_RPKI_VALID="soo 65535:11"
+
+INTCOMM_PROCESS_PREPEND_COMMS="soo 65535:13"
+
+INTCOMM_NO_EXPORT="soo 65535:65281"
+INTCOMM_NO_ADVERTISE="soo 65535:65282"
+
+# ---------------------------------------------------------
+# IRRDB
+
+# AS3333, used by client AS3333_1
+as-set "AS_SET_AS3333_asns" {
+    3333
+}
+prefix-set "AS_SET_AS3333_prefixes" {
+    2001:67c:2e8::/48
+}
+
+# AS10745, used by client AS10745_1, client AS10745_2
+as-set "AS_SET_AS10745_asns" {
+    10745
+}
+prefix-set "AS_SET_AS10745_prefixes" {
+    2001:500:4::/48
+}
+
+
+
+
+# ---------------------------------------------------------
+# MEMBERS
+
+group "clients" {
+
+	neighbor 192.0.2.22 {
+		remote-as 10745
+
+		rde evaluate all
+
+		passive
+		ttl-security no
+		transparent-as yes
+		enforce neighbor-as no
+
+		announce as-4byte yes
+		announce IPv6 none
+		announce IPv4 unicast
+
+		set nexthop no-modify
+	}
+
+	neighbor 2001:db:1:1::22 {
+		remote-as 10745
+
+		rde evaluate all
+
+		passive
+		ttl-security no
+		transparent-as yes
+		enforce neighbor-as no
+
+		announce as-4byte yes
+		announce IPv6 unicast
+		announce IPv4 none
+
+		set nexthop no-modify
+	}
+
+	neighbor 192.0.2.11 {
+		remote-as 3333
+
+		rde evaluate all
+
+		passive
+		ttl-security no
+		transparent-as yes
+		enforce neighbor-as no
+
+		announce as-4byte yes
+		announce IPv6 none
+		announce IPv4 unicast
+
+		set nexthop no-modify
+	}
+}
+
+
+
+# ---------------------------------------------------------
+# FILTERS
+
+# NO_ADVERTISE usage notes.
+# The NO_ADVERTISE well-know community is used here to handle
+# filters that span over multiple steps. At first it is added
+# to any route, then it is removed as filters conditions are
+# satisfied. Finally, if it is still present, it means that
+# the route should be discarded.
+
+
+
+
+
+prefix-set "bogons" {
+    0.0.0.0/0
+    0.0.0.0/8 prefixlen 8 - 32
+    10.0.0.0/8 prefixlen 8 - 32
+    127.0.0.0/8 prefixlen 8 - 32
+    169.254.0.0/16 prefixlen 16 - 32
+    172.16.0.0/12 prefixlen 12 - 32
+    192.0.2.0/24 prefixlen 24 - 32
+    192.88.99.0/24 prefixlen 24 - 32
+    192.168.0.0/16 prefixlen 16 - 32
+    198.18.0.0/15 prefixlen 15 - 32
+    198.51.100.0/24 prefixlen 24 - 32
+    203.0.113.0/24 prefixlen 24 - 32
+    224.0.0.0/3 prefixlen 3 - 32
+    100.64.0.0/10 prefixlen 10 - 32
+    ::/0
+    ::/8 prefixlen 8 - 128
+    64:ff9b::/96 prefixlen 96 - 128
+    100::/8 prefixlen 8 - 128
+    200::/7 prefixlen 7 - 128
+    400::/6 prefixlen 6 - 128
+    800::/5 prefixlen 5 - 128
+    1000::/4 prefixlen 4 - 128
+    2001::/33 prefixlen 33 - 128
+    2001:0:8000::/33 prefixlen 33 - 128
+    2001:2::/48 prefixlen 48 - 128
+    2001:3::/32 prefixlen 32 - 128
+    2001:10::/28 prefixlen 28 - 128
+    2001:20::/28 prefixlen 28 - 128
+    2001:db8::/32 prefixlen 32 - 128
+    2002::/16 prefixlen 16 - 128
+    3ffe::/16 prefixlen 16 - 128
+    4000::/3 prefixlen 3 - 128
+    5f00::/8 prefixlen 8 - 128
+    6000::/3 prefixlen 3 - 128
+    8000::/3 prefixlen 3 - 128
+    a000::/3 prefixlen 3 - 128
+    c000::/3 prefixlen 3 - 128
+    e000::/4 prefixlen 4 - 128
+    f000::/5 prefixlen 5 - 128
+    f800::/6 prefixlen 6 - 128
+    fc00::/7 prefixlen 7 - 128
+    fe80::/10 prefixlen 10 - 128
+    fec0::/10 prefixlen 10 - 128
+    ff00::/8 prefixlen 8 - 128
+
+}
+
+
+# =====================================================================================
+# Global rules.
+
+# This part of configuration is processed at the beginning of the filters.
+# The rules defined in this part are applied to all the clients, and not on a
+# client-by-client basis (see the 'match from group clients'), so only global policies
+# can be implemented here, that is no client-level configuration are allowed.
+
+
+
+# Scrub communities from inbound routes
+# reject_cause
+match from group clients set community delete 65520:*
+
+# reject_cause_map_6
+match from group clients set large-community delete 999:1101:7
+
+# rejected_route_announced_by
+match from group clients set ext-community delete rt 65520:*
+
+
+# Scrub internal communities from inbound routes
+match from group clients set {
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+# The main goal of this block is to enrich routes received from clients by attaching to them
+# internal informational communities which are used later by the rest of the filter rules.
+
+# Internal communities used for RFC1997 well-known communities handling
+
+# Transform NO_EXPORT into $INTCOMM_NO_EXPORT
+match from group clients community NO_EXPORT set { ext-community $INTCOMM_NO_EXPORT community delete NO_EXPORT }
+
+# Transform NO_ADVERTISE into $INTCOMM_NO_ADVERTISE
+match from group clients community NO_ADVERTISE set { ext-community $INTCOMM_NO_ADVERTISE community delete NO_ADVERTISE }
+
+
+
+
+
+
+
+
+
+# Set the 'rejected_route_announced_by' community for all the clients.
+# It will be removed later if the route is not invalid
+match from 192.0.2.22 set ext-community rt 65520:10745
+
+match from 2001:db:1:1::22 set ext-community rt 65520:10745
+
+match from 192.0.2.11 set ext-community rt 65520:3333
+
+
+
+
+# AS_PATH: length
+# Reject inbound routes when 'from group clients max-as-len 32' - reject code: 1
+allow quick from group clients max-as-len 32 set {
+	localpref 1
+	community 65520:0
+	community 65520:1
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+# Prefix: only IPv6 Global Unicast space allowed
+match from group clients inet6 set community NO_ADVERTISE
+match from group clients prefix 2000::/3 or-longer set community delete NO_ADVERTISE
+# Reject inbound routes when 'from group clients community NO_ADVERTISE' - reject code: 10
+allow quick from group clients community NO_ADVERTISE set {
+	localpref 1
+	community 65520:0
+	community 65520:10
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# Prefix: bogon
+# Reject inbound routes when 'from group clients prefix-set bogons' - reject code: 2
+allow quick from group clients prefix-set bogons set {
+	localpref 1
+	community 65520:0
+	community 65520:2
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+
+# =====================================================================================
+# Per client rules.
+
+
+# ---------------------------------------------
+# client AS10745_1, inbound
+
+
+
+# NEXT_HOP
+match from 192.0.2.22 set community NO_ADVERTISE
+match from 192.0.2.22 nexthop 192.0.2.22 set community delete NO_ADVERTISE
+# Reject inbound routes when 'from 192.0.2.22 community NO_ADVERTISE' - reject code: 5
+allow quick from 192.0.2.22 community NO_ADVERTISE set {
+	localpref 1
+	community 65520:0
+	community 65520:5
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: left-most ASN
+# Reject inbound routes when 'from 192.0.2.22 peer-as != 10745' - reject code: 6
+# community from reject_cause_map
+allow quick from 192.0.2.22 peer-as != 10745 set {
+	localpref 1
+	community 65520:0
+	community 65520:6
+	large-community 999:1101:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: invalid ASNs
+# Reject inbound routes when 'from 192.0.2.22 AS 23456' - reject code: 7
+allow quick from 192.0.2.22 AS 23456 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 192.0.2.22 AS 64496 - 131071' - reject code: 7
+allow quick from 192.0.2.22 AS 64496 - 131071 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 192.0.2.22 AS 4200000000 - 4294967295' - reject code: 7
+allow quick from 192.0.2.22 AS 4200000000 - 4294967295 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+
+
+match from 192.0.2.22 set ext-community $INTCOMM_IRR_REJECT
+
+# AS_PATH: check origin via AS-SET
+# IRRDB filters for AS10745_1, AS10745: asns
+# add $INTCOMM_ORIGIN_KO to any; it will be removed later if at least one AS-SET authorizes this object
+match from 192.0.2.22 set ext-community $INTCOMM_ORIGIN_KO
+# verifying if object is authorized by AS-SETs
+match from 192.0.2.22 source-as as-set AS_SET_AS10745_asns set {
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community $INTCOMM_ORIGIN_OK
+} # AS10745
+
+
+# Prefix: check prefix via AS-SET
+# IRRDB filters for AS10745_1, AS10745: prefixes
+# add $INTCOMM_PREFIX_KO to any; it will be removed later if at least one AS-SET authorizes this object
+match from 192.0.2.22 set ext-community $INTCOMM_PREFIX_KO
+# verifying if object is authorized by AS-SETs
+match from 192.0.2.22 prefix-set AS_SET_AS10745_prefixes set {
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community $INTCOMM_PREFIX_OK
+} # AS10745
+
+
+
+
+
+
+# enforcing: origin ASN
+# Reject inbound routes when 'from 192.0.2.22 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_ORIGIN_KO' - reject code: 9
+allow quick from 192.0.2.22 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_ORIGIN_KO set {
+	localpref 1
+	community 65520:0
+	community 65520:9
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# enforcing: prefix
+# Reject inbound routes when 'from 192.0.2.22 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_PREFIX_KO' - reject code: 12
+allow quick from 192.0.2.22 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_PREFIX_KO set {
+	localpref 1
+	community 65520:0
+	community 65520:12
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+
+# Prefix: length
+# Reject inbound routes when 'from 192.0.2.22 prefix 0.0.0.0/0 prefixlen 8 >< 24' - reject code: 13
+allow quick from 192.0.2.22 prefix 0.0.0.0/0 prefixlen 8 >< 24 set {
+	localpref 1
+	community 65520:0
+	community 65520:13
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+# Remove internal communities before accepting the route
+match from 192.0.2.22 set {
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+match from 192.0.2.22 set ext-community delete rt 65520:10745
+
+
+
+allow quick from 192.0.2.22
+
+
+
+# ---------------------------------------------
+# client AS10745_1, outbound
+
+deny quick to 192.0.2.22 community 65520:0
+
+
+
+# Blackhole request?
+# No blackhole filtering policy given
+deny quick to 192.0.2.22 community BLACKHOLE
+
+
+
+# NO_EXPORT and NO_ADVERTISE communities
+
+# BGP control communities
+allow to 192.0.2.22
+
+
+# Add the $INTCOMM_PROCESS_PREPEND_COMMS ext community to signal that communities
+# for prepending can be processed. As soon as one prepending action is performed,
+# this internal community is removed, so that further actions are not processed.
+match to 192.0.2.22 set ext-community $INTCOMM_PROCESS_PREPEND_COMMS
+
+
+
+
+
+# ---------------------------------------------
+# client AS10745_2, inbound
+
+
+
+# NEXT_HOP
+match from 2001:db:1:1::22 set community NO_ADVERTISE
+match from 2001:db:1:1::22 nexthop 2001:db:1:1::22 set community delete NO_ADVERTISE
+# Reject inbound routes when 'from 2001:db:1:1::22 community NO_ADVERTISE' - reject code: 5
+allow quick from 2001:db:1:1::22 community NO_ADVERTISE set {
+	localpref 1
+	community 65520:0
+	community 65520:5
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: left-most ASN
+# Reject inbound routes when 'from 2001:db:1:1::22 peer-as != 10745' - reject code: 6
+# community from reject_cause_map
+allow quick from 2001:db:1:1::22 peer-as != 10745 set {
+	localpref 1
+	community 65520:0
+	community 65520:6
+	large-community 999:1101:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: invalid ASNs
+# Reject inbound routes when 'from 2001:db:1:1::22 AS 23456' - reject code: 7
+allow quick from 2001:db:1:1::22 AS 23456 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 2001:db:1:1::22 AS 64496 - 131071' - reject code: 7
+allow quick from 2001:db:1:1::22 AS 64496 - 131071 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 2001:db:1:1::22 AS 4200000000 - 4294967295' - reject code: 7
+allow quick from 2001:db:1:1::22 AS 4200000000 - 4294967295 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+
+
+match from 2001:db:1:1::22 set ext-community $INTCOMM_IRR_REJECT
+
+# AS_PATH: check origin via AS-SET
+# IRRDB filters for AS10745_2, AS10745: asns
+# add $INTCOMM_ORIGIN_KO to any; it will be removed later if at least one AS-SET authorizes this object
+match from 2001:db:1:1::22 set ext-community $INTCOMM_ORIGIN_KO
+# verifying if object is authorized by AS-SETs
+match from 2001:db:1:1::22 source-as as-set AS_SET_AS10745_asns set {
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community $INTCOMM_ORIGIN_OK
+} # AS10745
+
+
+# Prefix: check prefix via AS-SET
+# IRRDB filters for AS10745_2, AS10745: prefixes
+# add $INTCOMM_PREFIX_KO to any; it will be removed later if at least one AS-SET authorizes this object
+match from 2001:db:1:1::22 set ext-community $INTCOMM_PREFIX_KO
+# verifying if object is authorized by AS-SETs
+match from 2001:db:1:1::22 prefix-set AS_SET_AS10745_prefixes set {
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community $INTCOMM_PREFIX_OK
+} # AS10745
+
+
+
+
+
+
+# enforcing: origin ASN
+# Reject inbound routes when 'from 2001:db:1:1::22 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_ORIGIN_KO' - reject code: 9
+allow quick from 2001:db:1:1::22 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_ORIGIN_KO set {
+	localpref 1
+	community 65520:0
+	community 65520:9
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# enforcing: prefix
+# Reject inbound routes when 'from 2001:db:1:1::22 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_PREFIX_KO' - reject code: 12
+allow quick from 2001:db:1:1::22 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_PREFIX_KO set {
+	localpref 1
+	community 65520:0
+	community 65520:12
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+
+# Prefix: length
+# Reject inbound routes when 'from 2001:db:1:1::22 prefix ::/0 prefixlen 12 >< 48' - reject code: 13
+allow quick from 2001:db:1:1::22 prefix ::/0 prefixlen 12 >< 48 set {
+	localpref 1
+	community 65520:0
+	community 65520:13
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+# Remove internal communities before accepting the route
+match from 2001:db:1:1::22 set {
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+match from 2001:db:1:1::22 set ext-community delete rt 65520:10745
+
+
+
+allow quick from 2001:db:1:1::22
+
+
+
+# ---------------------------------------------
+# client AS10745_2, outbound
+
+deny quick to 2001:db:1:1::22 community 65520:0
+
+
+
+# Blackhole request?
+# No blackhole filtering policy given
+deny quick to 2001:db:1:1::22 community BLACKHOLE
+
+
+
+# NO_EXPORT and NO_ADVERTISE communities
+
+# BGP control communities
+allow to 2001:db:1:1::22
+
+
+# Add the $INTCOMM_PROCESS_PREPEND_COMMS ext community to signal that communities
+# for prepending can be processed. As soon as one prepending action is performed,
+# this internal community is removed, so that further actions are not processed.
+match to 2001:db:1:1::22 set ext-community $INTCOMM_PROCESS_PREPEND_COMMS
+
+
+
+
+
+# ---------------------------------------------
+# client AS3333_1, inbound
+
+
+
+# NEXT_HOP
+match from 192.0.2.11 set community NO_ADVERTISE
+match from 192.0.2.11 nexthop 192.0.2.11 set community delete NO_ADVERTISE
+# Reject inbound routes when 'from 192.0.2.11 community NO_ADVERTISE' - reject code: 5
+allow quick from 192.0.2.11 community NO_ADVERTISE set {
+	localpref 1
+	community 65520:0
+	community 65520:5
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: left-most ASN
+# Reject inbound routes when 'from 192.0.2.11 peer-as != 3333' - reject code: 6
+# community from reject_cause_map
+allow quick from 192.0.2.11 peer-as != 3333 set {
+	localpref 1
+	community 65520:0
+	community 65520:6
+	large-community 999:1101:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: invalid ASNs
+# Reject inbound routes when 'from 192.0.2.11 AS 23456' - reject code: 7
+allow quick from 192.0.2.11 AS 23456 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 192.0.2.11 AS 64496 - 131071' - reject code: 7
+allow quick from 192.0.2.11 AS 64496 - 131071 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 192.0.2.11 AS 4200000000 - 4294967295' - reject code: 7
+allow quick from 192.0.2.11 AS 4200000000 - 4294967295 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+
+
+match from 192.0.2.11 set ext-community $INTCOMM_IRR_REJECT
+
+# AS_PATH: check origin via AS-SET
+# IRRDB filters for AS3333_1, AS3333: asns
+# add $INTCOMM_ORIGIN_KO to any; it will be removed later if at least one AS-SET authorizes this object
+match from 192.0.2.11 set ext-community $INTCOMM_ORIGIN_KO
+# verifying if object is authorized by AS-SETs
+match from 192.0.2.11 source-as as-set AS_SET_AS3333_asns set {
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community $INTCOMM_ORIGIN_OK
+} # AS3333
+
+
+# Prefix: check prefix via AS-SET
+# IRRDB filters for AS3333_1, AS3333: prefixes
+# add $INTCOMM_PREFIX_KO to any; it will be removed later if at least one AS-SET authorizes this object
+match from 192.0.2.11 set ext-community $INTCOMM_PREFIX_KO
+# verifying if object is authorized by AS-SETs
+match from 192.0.2.11 prefix-set AS_SET_AS3333_prefixes set {
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community $INTCOMM_PREFIX_OK
+} # AS3333
+
+
+
+
+
+
+# enforcing: origin ASN
+# Reject inbound routes when 'from 192.0.2.11 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_ORIGIN_KO' - reject code: 9
+allow quick from 192.0.2.11 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_ORIGIN_KO set {
+	localpref 1
+	community 65520:0
+	community 65520:9
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# enforcing: prefix
+# Reject inbound routes when 'from 192.0.2.11 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_PREFIX_KO' - reject code: 12
+allow quick from 192.0.2.11 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_PREFIX_KO set {
+	localpref 1
+	community 65520:0
+	community 65520:12
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+
+# Prefix: length
+# Reject inbound routes when 'from 192.0.2.11 prefix 0.0.0.0/0 prefixlen 8 >< 24' - reject code: 13
+allow quick from 192.0.2.11 prefix 0.0.0.0/0 prefixlen 8 >< 24 set {
+	localpref 1
+	community 65520:0
+	community 65520:13
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+# Remove internal communities before accepting the route
+match from 192.0.2.11 set {
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+match from 192.0.2.11 set ext-community delete rt 65520:3333
+
+
+
+allow quick from 192.0.2.11
+
+
+
+# ---------------------------------------------
+# client AS3333_1, outbound
+
+deny quick to 192.0.2.11 community 65520:0
+
+
+
+# Blackhole request?
+# No blackhole filtering policy given
+deny quick to 192.0.2.11 community BLACKHOLE
+
+
+
+# NO_EXPORT and NO_ADVERTISE communities
+
+# BGP control communities
+allow to 192.0.2.11
+
+
+# Add the $INTCOMM_PROCESS_PREPEND_COMMS ext community to signal that communities
+# for prepending can be processed. As soon as one prepending action is performed,
+# this internal community is removed, so that further actions are not processed.
+match to 192.0.2.11 set ext-community $INTCOMM_PROCESS_PREPEND_COMMS
+
+
+
+
+
+
+
+# Scrub communities from outbound routes
+# reject_cause
+match to group clients set community delete 65520:*
+
+# reject_cause_map_6
+match to group clients set large-community delete 999:1101:7
+
+# rejected_route_announced_by
+match to group clients set ext-community delete rt 65520:*
+
+
+# Scrub prepending communities
+
+
+# RFC1997 NO_EXPORT/NO_ADVERTISE received from clients and propagated because of pass-through policy
+match to group clients ext-community $INTCOMM_NO_EXPORT set community NO_EXPORT
+match to group clients ext-community $INTCOMM_NO_ADVERTISE set community NO_ADVERTISE
+
+# Remove internal communities before announcing the route
+match to group clients set {
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
diff --git a/tests/live_tests/scenarios/default/configs/DefaultConfigScenarioOpenBGPD_IPv6/openbgpd77p.conf b/tests/live_tests/scenarios/default/configs/DefaultConfigScenarioOpenBGPD_IPv6/openbgpd77p.conf
new file mode 100644
index 00000000..423372e3
--- /dev/null
+++ b/tests/live_tests/scenarios/default/configs/DefaultConfigScenarioOpenBGPD_IPv6/openbgpd77p.conf
@@ -0,0 +1,1273 @@
+# built by ARouteServer
+AS 999
+router-id 192.0.2.2
+
+fib-update no
+log updates
+
+nexthop qualify via default
+
+rde evaluate all
+
+INTCOMM_PREF_OK_ROA="soo 65535:1"
+INTCOMM_ROUTE_OK_WL="soo 65535:2"
+INTCOMM_PREF_OK_ARINDB="soo 65535:3"
+INTCOMM_PREF_OK_REGISTROBRDB="soo 65535:12"
+
+INTCOMM_ORIGIN_OK="soo 65535:4"
+INTCOMM_ORIGIN_KO="soo 65535:5"
+INTCOMM_PREFIX_OK="soo 65535:6"
+INTCOMM_PREFIX_KO="soo 65535:7"
+INTCOMM_IRR_REJECT="soo 65535:8"
+
+INTCOMM_RPKI_UNKNOWN="soo 65535:9"
+INTCOMM_RPKI_INVALID="soo 65535:10"
+INTCOMM_RPKI_VALID="soo 65535:11"
+
+INTCOMM_PROCESS_PREPEND_COMMS="soo 65535:13"
+
+INTCOMM_NO_EXPORT="soo 65535:65281"
+INTCOMM_NO_ADVERTISE="soo 65535:65282"
+
+# ---------------------------------------------------------
+# IRRDB
+
+# AS3333, used by client AS3333_1
+as-set "AS_SET_AS3333_asns" {
+    3333
+}
+prefix-set "AS_SET_AS3333_prefixes" {
+    2001:67c:2e8::/48
+}
+
+# AS10745, used by client AS10745_1, client AS10745_2
+as-set "AS_SET_AS10745_asns" {
+    10745
+}
+prefix-set "AS_SET_AS10745_prefixes" {
+    2001:500:4::/48
+}
+
+
+
+
+# ---------------------------------------------------------
+# MEMBERS
+
+group "clients" {
+
+	neighbor 192.0.2.22 {
+		remote-as 10745
+
+		rde evaluate all
+
+		passive
+		ttl-security no
+		transparent-as yes
+		enforce neighbor-as no
+
+		announce as-4byte yes
+		announce IPv6 none
+		announce IPv4 unicast
+
+		set nexthop no-modify
+	}
+
+	neighbor 2001:db:1:1::22 {
+		remote-as 10745
+
+		rde evaluate all
+
+		passive
+		ttl-security no
+		transparent-as yes
+		enforce neighbor-as no
+
+		announce as-4byte yes
+		announce IPv6 unicast
+		announce IPv4 none
+
+		set nexthop no-modify
+	}
+
+	neighbor 192.0.2.11 {
+		remote-as 3333
+
+		rde evaluate all
+
+		passive
+		ttl-security no
+		transparent-as yes
+		enforce neighbor-as no
+
+		announce as-4byte yes
+		announce IPv6 none
+		announce IPv4 unicast
+
+		set nexthop no-modify
+	}
+}
+
+
+
+# ---------------------------------------------------------
+# FILTERS
+
+# NO_ADVERTISE usage notes.
+# The NO_ADVERTISE well-know community is used here to handle
+# filters that span over multiple steps. At first it is added
+# to any route, then it is removed as filters conditions are
+# satisfied. Finally, if it is still present, it means that
+# the route should be discarded.
+
+
+
+
+
+prefix-set "bogons" {
+    0.0.0.0/0
+    0.0.0.0/8 prefixlen 8 - 32
+    10.0.0.0/8 prefixlen 8 - 32
+    127.0.0.0/8 prefixlen 8 - 32
+    169.254.0.0/16 prefixlen 16 - 32
+    172.16.0.0/12 prefixlen 12 - 32
+    192.0.2.0/24 prefixlen 24 - 32
+    192.88.99.0/24 prefixlen 24 - 32
+    192.168.0.0/16 prefixlen 16 - 32
+    198.18.0.0/15 prefixlen 15 - 32
+    198.51.100.0/24 prefixlen 24 - 32
+    203.0.113.0/24 prefixlen 24 - 32
+    224.0.0.0/3 prefixlen 3 - 32
+    100.64.0.0/10 prefixlen 10 - 32
+    ::/0
+    ::/8 prefixlen 8 - 128
+    64:ff9b::/96 prefixlen 96 - 128
+    100::/8 prefixlen 8 - 128
+    200::/7 prefixlen 7 - 128
+    400::/6 prefixlen 6 - 128
+    800::/5 prefixlen 5 - 128
+    1000::/4 prefixlen 4 - 128
+    2001::/33 prefixlen 33 - 128
+    2001:0:8000::/33 prefixlen 33 - 128
+    2001:2::/48 prefixlen 48 - 128
+    2001:3::/32 prefixlen 32 - 128
+    2001:10::/28 prefixlen 28 - 128
+    2001:20::/28 prefixlen 28 - 128
+    2001:db8::/32 prefixlen 32 - 128
+    2002::/16 prefixlen 16 - 128
+    3ffe::/16 prefixlen 16 - 128
+    4000::/3 prefixlen 3 - 128
+    5f00::/8 prefixlen 8 - 128
+    6000::/3 prefixlen 3 - 128
+    8000::/3 prefixlen 3 - 128
+    a000::/3 prefixlen 3 - 128
+    c000::/3 prefixlen 3 - 128
+    e000::/4 prefixlen 4 - 128
+    f000::/5 prefixlen 5 - 128
+    f800::/6 prefixlen 6 - 128
+    fc00::/7 prefixlen 7 - 128
+    fe80::/10 prefixlen 10 - 128
+    fec0::/10 prefixlen 10 - 128
+    ff00::/8 prefixlen 8 - 128
+
+}
+
+
+# =====================================================================================
+# Global rules.
+
+# This part of configuration is processed at the beginning of the filters.
+# The rules defined in this part are applied to all the clients, and not on a
+# client-by-client basis (see the 'match from group clients'), so only global policies
+# can be implemented here, that is no client-level configuration are allowed.
+
+
+
+# Scrub communities from inbound routes
+# reject_cause
+match from group clients set community delete 65520:*
+
+# reject_cause_map_6
+match from group clients set large-community delete 999:1101:7
+
+# rejected_route_announced_by
+match from group clients set ext-community delete rt 65520:*
+
+
+# Scrub internal communities from inbound routes
+match from group clients set {
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+# The main goal of this block is to enrich routes received from clients by attaching to them
+# internal informational communities which are used later by the rest of the filter rules.
+
+# Internal communities used for RFC1997 well-known communities handling
+
+# Transform NO_EXPORT into $INTCOMM_NO_EXPORT
+match from group clients community NO_EXPORT set { ext-community $INTCOMM_NO_EXPORT community delete NO_EXPORT }
+
+# Transform NO_ADVERTISE into $INTCOMM_NO_ADVERTISE
+match from group clients community NO_ADVERTISE set { ext-community $INTCOMM_NO_ADVERTISE community delete NO_ADVERTISE }
+
+
+
+
+
+
+
+
+
+# Set the 'rejected_route_announced_by' community for all the clients.
+# It will be removed later if the route is not invalid
+match from 192.0.2.22 set ext-community rt 65520:10745
+
+match from 2001:db:1:1::22 set ext-community rt 65520:10745
+
+match from 192.0.2.11 set ext-community rt 65520:3333
+
+
+
+
+# AS_PATH: length
+# Reject inbound routes when 'from group clients max-as-len 32' - reject code: 1
+allow quick from group clients max-as-len 32 set {
+	localpref 1
+	community 65520:0
+	community 65520:1
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+# Prefix: only IPv6 Global Unicast space allowed
+match from group clients inet6 set community NO_ADVERTISE
+match from group clients prefix 2000::/3 or-longer set community delete NO_ADVERTISE
+# Reject inbound routes when 'from group clients community NO_ADVERTISE' - reject code: 10
+allow quick from group clients community NO_ADVERTISE set {
+	localpref 1
+	community 65520:0
+	community 65520:10
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# Prefix: bogon
+# Reject inbound routes when 'from group clients prefix-set bogons' - reject code: 2
+allow quick from group clients prefix-set bogons set {
+	localpref 1
+	community 65520:0
+	community 65520:2
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+
+# =====================================================================================
+# Per client rules.
+
+
+# ---------------------------------------------
+# client AS10745_1, inbound
+
+
+
+# NEXT_HOP
+match from 192.0.2.22 set community NO_ADVERTISE
+match from 192.0.2.22 nexthop 192.0.2.22 set community delete NO_ADVERTISE
+# Reject inbound routes when 'from 192.0.2.22 community NO_ADVERTISE' - reject code: 5
+allow quick from 192.0.2.22 community NO_ADVERTISE set {
+	localpref 1
+	community 65520:0
+	community 65520:5
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: left-most ASN
+# Reject inbound routes when 'from 192.0.2.22 peer-as != 10745' - reject code: 6
+# community from reject_cause_map
+allow quick from 192.0.2.22 peer-as != 10745 set {
+	localpref 1
+	community 65520:0
+	community 65520:6
+	large-community 999:1101:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: invalid ASNs
+# Reject inbound routes when 'from 192.0.2.22 AS 23456' - reject code: 7
+allow quick from 192.0.2.22 AS 23456 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 192.0.2.22 AS 64496 - 131071' - reject code: 7
+allow quick from 192.0.2.22 AS 64496 - 131071 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 192.0.2.22 AS 4200000000 - 4294967295' - reject code: 7
+allow quick from 192.0.2.22 AS 4200000000 - 4294967295 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+
+
+match from 192.0.2.22 set ext-community $INTCOMM_IRR_REJECT
+
+# AS_PATH: check origin via AS-SET
+# IRRDB filters for AS10745_1, AS10745: asns
+# add $INTCOMM_ORIGIN_KO to any; it will be removed later if at least one AS-SET authorizes this object
+match from 192.0.2.22 set ext-community $INTCOMM_ORIGIN_KO
+# verifying if object is authorized by AS-SETs
+match from 192.0.2.22 source-as as-set AS_SET_AS10745_asns set {
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community $INTCOMM_ORIGIN_OK
+} # AS10745
+
+
+# Prefix: check prefix via AS-SET
+# IRRDB filters for AS10745_1, AS10745: prefixes
+# add $INTCOMM_PREFIX_KO to any; it will be removed later if at least one AS-SET authorizes this object
+match from 192.0.2.22 set ext-community $INTCOMM_PREFIX_KO
+# verifying if object is authorized by AS-SETs
+match from 192.0.2.22 prefix-set AS_SET_AS10745_prefixes set {
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community $INTCOMM_PREFIX_OK
+} # AS10745
+
+
+
+
+
+
+# enforcing: origin ASN
+# Reject inbound routes when 'from 192.0.2.22 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_ORIGIN_KO' - reject code: 9
+allow quick from 192.0.2.22 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_ORIGIN_KO set {
+	localpref 1
+	community 65520:0
+	community 65520:9
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# enforcing: prefix
+# Reject inbound routes when 'from 192.0.2.22 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_PREFIX_KO' - reject code: 12
+allow quick from 192.0.2.22 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_PREFIX_KO set {
+	localpref 1
+	community 65520:0
+	community 65520:12
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+
+# Prefix: length
+# Reject inbound routes when 'from 192.0.2.22 prefix 0.0.0.0/0 prefixlen 8 >< 24' - reject code: 13
+allow quick from 192.0.2.22 prefix 0.0.0.0/0 prefixlen 8 >< 24 set {
+	localpref 1
+	community 65520:0
+	community 65520:13
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+# Remove internal communities before accepting the route
+match from 192.0.2.22 set {
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+match from 192.0.2.22 set ext-community delete rt 65520:10745
+
+
+
+allow quick from 192.0.2.22
+
+
+
+# ---------------------------------------------
+# client AS10745_1, outbound
+
+deny quick to 192.0.2.22 community 65520:0
+
+
+
+# Blackhole request?
+# No blackhole filtering policy given
+deny quick to 192.0.2.22 community BLACKHOLE
+
+
+
+# NO_EXPORT and NO_ADVERTISE communities
+
+# BGP control communities
+allow to 192.0.2.22
+
+
+# Add the $INTCOMM_PROCESS_PREPEND_COMMS ext community to signal that communities
+# for prepending can be processed. As soon as one prepending action is performed,
+# this internal community is removed, so that further actions are not processed.
+match to 192.0.2.22 set ext-community $INTCOMM_PROCESS_PREPEND_COMMS
+
+
+
+
+
+# ---------------------------------------------
+# client AS10745_2, inbound
+
+
+
+# NEXT_HOP
+match from 2001:db:1:1::22 set community NO_ADVERTISE
+match from 2001:db:1:1::22 nexthop 2001:db:1:1::22 set community delete NO_ADVERTISE
+# Reject inbound routes when 'from 2001:db:1:1::22 community NO_ADVERTISE' - reject code: 5
+allow quick from 2001:db:1:1::22 community NO_ADVERTISE set {
+	localpref 1
+	community 65520:0
+	community 65520:5
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: left-most ASN
+# Reject inbound routes when 'from 2001:db:1:1::22 peer-as != 10745' - reject code: 6
+# community from reject_cause_map
+allow quick from 2001:db:1:1::22 peer-as != 10745 set {
+	localpref 1
+	community 65520:0
+	community 65520:6
+	large-community 999:1101:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: invalid ASNs
+# Reject inbound routes when 'from 2001:db:1:1::22 AS 23456' - reject code: 7
+allow quick from 2001:db:1:1::22 AS 23456 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 2001:db:1:1::22 AS 64496 - 131071' - reject code: 7
+allow quick from 2001:db:1:1::22 AS 64496 - 131071 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 2001:db:1:1::22 AS 4200000000 - 4294967295' - reject code: 7
+allow quick from 2001:db:1:1::22 AS 4200000000 - 4294967295 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+
+
+match from 2001:db:1:1::22 set ext-community $INTCOMM_IRR_REJECT
+
+# AS_PATH: check origin via AS-SET
+# IRRDB filters for AS10745_2, AS10745: asns
+# add $INTCOMM_ORIGIN_KO to any; it will be removed later if at least one AS-SET authorizes this object
+match from 2001:db:1:1::22 set ext-community $INTCOMM_ORIGIN_KO
+# verifying if object is authorized by AS-SETs
+match from 2001:db:1:1::22 source-as as-set AS_SET_AS10745_asns set {
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community $INTCOMM_ORIGIN_OK
+} # AS10745
+
+
+# Prefix: check prefix via AS-SET
+# IRRDB filters for AS10745_2, AS10745: prefixes
+# add $INTCOMM_PREFIX_KO to any; it will be removed later if at least one AS-SET authorizes this object
+match from 2001:db:1:1::22 set ext-community $INTCOMM_PREFIX_KO
+# verifying if object is authorized by AS-SETs
+match from 2001:db:1:1::22 prefix-set AS_SET_AS10745_prefixes set {
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community $INTCOMM_PREFIX_OK
+} # AS10745
+
+
+
+
+
+
+# enforcing: origin ASN
+# Reject inbound routes when 'from 2001:db:1:1::22 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_ORIGIN_KO' - reject code: 9
+allow quick from 2001:db:1:1::22 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_ORIGIN_KO set {
+	localpref 1
+	community 65520:0
+	community 65520:9
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# enforcing: prefix
+# Reject inbound routes when 'from 2001:db:1:1::22 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_PREFIX_KO' - reject code: 12
+allow quick from 2001:db:1:1::22 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_PREFIX_KO set {
+	localpref 1
+	community 65520:0
+	community 65520:12
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+
+# Prefix: length
+# Reject inbound routes when 'from 2001:db:1:1::22 prefix ::/0 prefixlen 12 >< 48' - reject code: 13
+allow quick from 2001:db:1:1::22 prefix ::/0 prefixlen 12 >< 48 set {
+	localpref 1
+	community 65520:0
+	community 65520:13
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+# Remove internal communities before accepting the route
+match from 2001:db:1:1::22 set {
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+match from 2001:db:1:1::22 set ext-community delete rt 65520:10745
+
+
+
+allow quick from 2001:db:1:1::22
+
+
+
+# ---------------------------------------------
+# client AS10745_2, outbound
+
+deny quick to 2001:db:1:1::22 community 65520:0
+
+
+
+# Blackhole request?
+# No blackhole filtering policy given
+deny quick to 2001:db:1:1::22 community BLACKHOLE
+
+
+
+# NO_EXPORT and NO_ADVERTISE communities
+
+# BGP control communities
+allow to 2001:db:1:1::22
+
+
+# Add the $INTCOMM_PROCESS_PREPEND_COMMS ext community to signal that communities
+# for prepending can be processed. As soon as one prepending action is performed,
+# this internal community is removed, so that further actions are not processed.
+match to 2001:db:1:1::22 set ext-community $INTCOMM_PROCESS_PREPEND_COMMS
+
+
+
+
+
+# ---------------------------------------------
+# client AS3333_1, inbound
+
+
+
+# NEXT_HOP
+match from 192.0.2.11 set community NO_ADVERTISE
+match from 192.0.2.11 nexthop 192.0.2.11 set community delete NO_ADVERTISE
+# Reject inbound routes when 'from 192.0.2.11 community NO_ADVERTISE' - reject code: 5
+allow quick from 192.0.2.11 community NO_ADVERTISE set {
+	localpref 1
+	community 65520:0
+	community 65520:5
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: left-most ASN
+# Reject inbound routes when 'from 192.0.2.11 peer-as != 3333' - reject code: 6
+# community from reject_cause_map
+allow quick from 192.0.2.11 peer-as != 3333 set {
+	localpref 1
+	community 65520:0
+	community 65520:6
+	large-community 999:1101:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: invalid ASNs
+# Reject inbound routes when 'from 192.0.2.11 AS 23456' - reject code: 7
+allow quick from 192.0.2.11 AS 23456 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 192.0.2.11 AS 64496 - 131071' - reject code: 7
+allow quick from 192.0.2.11 AS 64496 - 131071 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 192.0.2.11 AS 4200000000 - 4294967295' - reject code: 7
+allow quick from 192.0.2.11 AS 4200000000 - 4294967295 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+
+
+match from 192.0.2.11 set ext-community $INTCOMM_IRR_REJECT
+
+# AS_PATH: check origin via AS-SET
+# IRRDB filters for AS3333_1, AS3333: asns
+# add $INTCOMM_ORIGIN_KO to any; it will be removed later if at least one AS-SET authorizes this object
+match from 192.0.2.11 set ext-community $INTCOMM_ORIGIN_KO
+# verifying if object is authorized by AS-SETs
+match from 192.0.2.11 source-as as-set AS_SET_AS3333_asns set {
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community $INTCOMM_ORIGIN_OK
+} # AS3333
+
+
+# Prefix: check prefix via AS-SET
+# IRRDB filters for AS3333_1, AS3333: prefixes
+# add $INTCOMM_PREFIX_KO to any; it will be removed later if at least one AS-SET authorizes this object
+match from 192.0.2.11 set ext-community $INTCOMM_PREFIX_KO
+# verifying if object is authorized by AS-SETs
+match from 192.0.2.11 prefix-set AS_SET_AS3333_prefixes set {
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community $INTCOMM_PREFIX_OK
+} # AS3333
+
+
+
+
+
+
+# enforcing: origin ASN
+# Reject inbound routes when 'from 192.0.2.11 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_ORIGIN_KO' - reject code: 9
+allow quick from 192.0.2.11 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_ORIGIN_KO set {
+	localpref 1
+	community 65520:0
+	community 65520:9
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# enforcing: prefix
+# Reject inbound routes when 'from 192.0.2.11 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_PREFIX_KO' - reject code: 12
+allow quick from 192.0.2.11 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_PREFIX_KO set {
+	localpref 1
+	community 65520:0
+	community 65520:12
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+
+# Prefix: length
+# Reject inbound routes when 'from 192.0.2.11 prefix 0.0.0.0/0 prefixlen 8 >< 24' - reject code: 13
+allow quick from 192.0.2.11 prefix 0.0.0.0/0 prefixlen 8 >< 24 set {
+	localpref 1
+	community 65520:0
+	community 65520:13
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+# Remove internal communities before accepting the route
+match from 192.0.2.11 set {
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+match from 192.0.2.11 set ext-community delete rt 65520:3333
+
+
+
+allow quick from 192.0.2.11
+
+
+
+# ---------------------------------------------
+# client AS3333_1, outbound
+
+deny quick to 192.0.2.11 community 65520:0
+
+
+
+# Blackhole request?
+# No blackhole filtering policy given
+deny quick to 192.0.2.11 community BLACKHOLE
+
+
+
+# NO_EXPORT and NO_ADVERTISE communities
+
+# BGP control communities
+allow to 192.0.2.11
+
+
+# Add the $INTCOMM_PROCESS_PREPEND_COMMS ext community to signal that communities
+# for prepending can be processed. As soon as one prepending action is performed,
+# this internal community is removed, so that further actions are not processed.
+match to 192.0.2.11 set ext-community $INTCOMM_PROCESS_PREPEND_COMMS
+
+
+
+
+
+
+
+# Scrub communities from outbound routes
+# reject_cause
+match to group clients set community delete 65520:*
+
+# reject_cause_map_6
+match to group clients set large-community delete 999:1101:7
+
+# rejected_route_announced_by
+match to group clients set ext-community delete rt 65520:*
+
+
+# Scrub prepending communities
+
+
+# RFC1997 NO_EXPORT/NO_ADVERTISE received from clients and propagated because of pass-through policy
+match to group clients ext-community $INTCOMM_NO_EXPORT set community NO_EXPORT
+match to group clients ext-community $INTCOMM_NO_ADVERTISE set community NO_ADVERTISE
+
+# Remove internal communities before announcing the route
+match to group clients set {
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
diff --git a/tests/live_tests/scenarios/default/routes/DefaultConfigScenarioOpenBGPD_IPv4/openbgpd77p/rs.txt b/tests/live_tests/scenarios/default/routes/DefaultConfigScenarioOpenBGPD_IPv4/openbgpd77p/rs.txt
new file mode 100644
index 00000000..e69de29b
diff --git a/tests/live_tests/scenarios/default/routes/DefaultConfigScenarioOpenBGPD_IPv6/openbgpd77p/rs.txt b/tests/live_tests/scenarios/default/routes/DefaultConfigScenarioOpenBGPD_IPv6/openbgpd77p/rs.txt
new file mode 100644
index 00000000..e69de29b
diff --git a/tests/live_tests/scenarios/global/configs/BasicScenario_OpenBGPDIPv4/openbgpd76p.conf b/tests/live_tests/scenarios/global/configs/BasicScenario_OpenBGPDIPv4/openbgpd76p.conf
new file mode 100644
index 00000000..f3b3121f
--- /dev/null
+++ b/tests/live_tests/scenarios/global/configs/BasicScenario_OpenBGPDIPv4/openbgpd76p.conf
@@ -0,0 +1,10254 @@
+# built by ARouteServer
+AS 999
+router-id 192.0.2.2
+
+fib-update no
+log updates
+
+nexthop qualify via default
+
+rde evaluate all
+
+INTCOMM_PREF_OK_ROA="soo 65535:1"
+INTCOMM_ROUTE_OK_WL="soo 65535:2"
+INTCOMM_PREF_OK_ARINDB="soo 65535:3"
+INTCOMM_PREF_OK_REGISTROBRDB="soo 65535:12"
+
+INTCOMM_ORIGIN_OK="soo 65535:4"
+INTCOMM_ORIGIN_KO="soo 65535:5"
+INTCOMM_PREFIX_OK="soo 65535:6"
+INTCOMM_PREFIX_KO="soo 65535:7"
+INTCOMM_IRR_REJECT="soo 65535:8"
+
+INTCOMM_RPKI_UNKNOWN="soo 65535:9"
+INTCOMM_RPKI_INVALID="soo 65535:10"
+INTCOMM_RPKI_VALID="soo 65535:11"
+
+INTCOMM_PROCESS_PREPEND_COMMS="soo 65535:13"
+
+INTCOMM_NO_EXPORT="soo 65535:65281"
+INTCOMM_NO_ADVERTISE="soo 65535:65282"
+
+# ---------------------------------------------------------
+# IRRDB
+
+# AS222, used by client AS222_1, client AS222_2
+# no origin ASNs found for AS222
+# no prefixes found for AS222
+
+# AS2, used by client AS2_1, client AS2_2
+# no origin ASNs found for AS2
+# no prefixes found for AS2
+
+# AS-AS1, AS-AS1_CUSTOMERS, used by client AS1_1, client AS1_2, client AS1_3, client AS1_4
+as-set "AS_SET_AS_AS1_AS_AS1_CUSTOMERS_asns" {
+    1 101 103 104
+}
+prefix-set "AS_SET_AS_AS1_AS_AS1_CUSTOMERS_prefixes" {
+    1.0.0.0/8 prefixlen 8 - 32
+    128.0.0.0/7 prefixlen 7 - 32
+    101.0.0.0/16 prefixlen 16 - 32
+    103.0.0.0/16 prefixlen 16 - 32
+}
+
+# AS-AS2, AS-AS2_CUSTOMERS, used by client AS2_1, client AS2_2
+as-set "AS_SET_AS_AS2_AS_AS2_CUSTOMERS_asns" {
+    2 101 103
+}
+prefix-set "AS_SET_AS_AS2_AS_AS2_CUSTOMERS_prefixes" {
+    2.0.0.0/16 prefixlen 16 - 32
+    101.0.0.0/16 prefixlen 16 - 32
+    103.0.0.0/16 prefixlen 16 - 32
+}
+
+# WHITE_LIST_AS1_2, used by client AS1_2 white list
+as-set "AS_SET_WHITE_LIST_AS1_2_asns" {
+    1011
+}
+prefix-set "AS_SET_WHITE_LIST_AS1_2_prefixes" {
+    11.1.0.0/16 prefixlen 16 - 32
+    2a11:1::/32 prefixlen 32 - 128
+}
+
+# AS-AS222, used by client AS222_1, client AS222_2
+as-set "AS_SET_AS_AS222_asns" {
+    333
+}
+prefix-set "AS_SET_AS_AS222_prefixes" {
+    222.0.0.0/8 prefixlen 8 - 32
+}
+
+# AS1, used by client AS1_1, client AS1_2, client AS1_3, client AS1_4
+# no origin ASNs found for AS1
+# no prefixes found for AS1
+
+# WHITE_LIST_AS1_1, used by client AS1_1 white list
+as-set "AS_SET_WHITE_LIST_AS1_1_asns" {
+    1011
+}
+prefix-set "AS_SET_WHITE_LIST_AS1_1_prefixes" {
+    11.1.0.0/16 prefixlen 16 - 32
+    2a11:1::/32 prefixlen 32 - 128
+}
+
+
+
+
+# ---------------------------------------------------------
+# MEMBERS
+
+group "clients" {
+
+	# RTT: 0.1 ms (normalized value: 1)
+	neighbor 192.0.2.11 {
+		remote-as 1
+
+		rde evaluate all
+
+		descr "AS1_1 client"
+		passive
+		ttl-security no
+		transparent-as yes
+		enforce neighbor-as no
+
+		announce as-4byte yes
+		announce IPv6 none
+		announce IPv4 unicast
+
+		set nexthop no-modify
+	}
+
+	neighbor 2001:db8:1:1::11 {
+		remote-as 1
+
+		rde evaluate all
+
+		descr "AS1_1 client"
+		passive
+		ttl-security no
+		transparent-as yes
+		enforce neighbor-as no
+
+		announce as-4byte yes
+		announce IPv6 unicast
+		announce IPv4 none
+
+		set nexthop no-modify
+	}
+
+	# RTT: 5 ms (normalized value: 5)
+	neighbor 192.0.2.12 {
+		remote-as 1
+
+		rde evaluate all
+
+		descr "AS1_2 client"
+		passive
+		ttl-security no
+		transparent-as yes
+		enforce neighbor-as no
+
+		announce as-4byte yes
+		announce IPv6 none
+		announce IPv4 unicast
+
+		set nexthop no-modify
+	}
+
+	neighbor 2001:db8:1:1::12 {
+		remote-as 1
+
+		rde evaluate all
+
+		descr "AS1_2 client"
+		passive
+		ttl-security no
+		transparent-as yes
+		enforce neighbor-as no
+
+		announce as-4byte yes
+		announce IPv6 unicast
+		announce IPv4 none
+
+		set nexthop no-modify
+	}
+
+	neighbor 192.0.2.222 {
+		remote-as 222
+
+		rde evaluate all
+
+		descr "AS222_1 client"
+		ttl-security no
+		transparent-as yes
+		enforce neighbor-as no
+
+		announce as-4byte yes
+		announce IPv6 none
+		announce IPv4 unicast
+
+		set nexthop no-modify
+	}
+
+	neighbor 2001:db8:1:1::222 {
+		remote-as 222
+
+		rde evaluate all
+
+		descr "AS222_1 client"
+		ttl-security no
+		transparent-as yes
+		enforce neighbor-as no
+
+		announce as-4byte yes
+		announce IPv6 unicast
+		announce IPv4 none
+
+		set nexthop no-modify
+	}
+
+	# RTT: 17.3 ms (normalized value: 17)
+	neighbor 192.0.2.21 {
+		remote-as 2
+
+		rde evaluate all
+
+		descr "AS2_1 client"
+		passive
+		ttl-security no
+		transparent-as yes
+		enforce neighbor-as no
+
+		announce as-4byte yes
+		announce IPv6 none
+		announce IPv4 unicast
+
+		set nexthop no-modify
+	}
+
+	neighbor 2001:db8:1:1::21 {
+		remote-as 2
+
+		rde evaluate all
+
+		descr "AS2_1 client"
+		passive
+		ttl-security no
+		transparent-as yes
+		enforce neighbor-as no
+
+		announce as-4byte yes
+		announce IPv6 unicast
+		announce IPv4 none
+
+		set nexthop no-modify
+	}
+
+	# RTT: 123.8 ms (normalized value: 124)
+	neighbor 192.0.2.31 {
+		remote-as 3
+
+		rde evaluate all
+
+		descr "AS3_1 client"
+		ttl-security no
+		transparent-as no
+		enforce neighbor-as no
+
+		announce as-4byte yes
+		announce IPv6 none
+		announce IPv4 unicast
+		announce add-path send best plus 5
+
+		set nexthop no-modify
+	}
+
+	neighbor 2001:db8:1:1::31 {
+		remote-as 3
+
+		rde evaluate all
+
+		descr "AS3_1 client"
+		ttl-security no
+		transparent-as no
+		enforce neighbor-as no
+
+		announce as-4byte yes
+		announce IPv6 unicast
+		announce IPv4 none
+		announce add-path send best plus 5
+
+		set nexthop no-modify
+	}
+
+	# RTT: 600 ms (normalized value: 600)
+	neighbor 192.0.2.41 {
+		remote-as 4
+
+		rde evaluate all
+
+		descr "AS4_1 client"
+		passive
+		ttl-security no
+		transparent-as yes
+		enforce neighbor-as no
+
+		announce as-4byte yes
+		announce IPv6 none
+		announce IPv4 unicast
+
+		set nexthop no-modify
+	}
+
+	neighbor 2001:db8:1:1::41 {
+		remote-as 4
+
+		rde evaluate all
+
+		descr "AS4_1 client"
+		passive
+		ttl-security no
+		transparent-as yes
+		enforce neighbor-as no
+
+		announce as-4byte yes
+		announce IPv6 unicast
+		announce IPv4 none
+
+		set nexthop no-modify
+	}
+}
+
+include "/etc/bgpd/post-clients.local"
+
+
+
+# ---------------------------------------------------------
+# FILTERS
+
+# NO_ADVERTISE usage notes.
+# The NO_ADVERTISE well-know community is used here to handle
+# filters that span over multiple steps. At first it is added
+# to any route, then it is removed as filters conditions are
+# satisfied. Finally, if it is still present, it means that
+# the route should be discarded.
+
+
+
+
+prefix-set "global_black_list_pref" {
+    192.0.2.0/24 prefixlen 24 - 32
+    2001:db8::/32 prefixlen 32 - 128
+
+}
+
+prefix-set "bogons" {
+    0.0.0.0/0
+    0.0.0.0/8 prefixlen 8 - 32
+    10.0.0.0/8 prefixlen 8 - 32
+    127.0.0.0/8 prefixlen 8 - 32
+    169.254.0.0/16 prefixlen 16 - 32
+    172.16.0.0/12 prefixlen 12 - 32
+    192.0.2.0/24 prefixlen 24 - 32
+    192.88.99.0/24 prefixlen 24 - 32
+    192.168.0.0/16 prefixlen 16 - 32
+    198.18.0.0/15 prefixlen 15 - 32
+    198.51.100.0/24 prefixlen 24 - 32
+    203.0.113.0/24 prefixlen 24 - 32
+    224.0.0.0/3 prefixlen 3 - 32
+    100.64.0.0/10 prefixlen 10 - 32
+    ::/0
+    ::/8 prefixlen 8 - 128
+    64:ff9b::/96 prefixlen 96 - 128
+    100::/8 prefixlen 8 - 128
+    200::/7 prefixlen 7 - 128
+    400::/6 prefixlen 6 - 128
+    800::/5 prefixlen 5 - 128
+    1000::/4 prefixlen 4 - 128
+    2001::/33 prefixlen 33 - 128
+    2001:0:8000::/33 prefixlen 33 - 128
+    2001:2::/48 prefixlen 48 - 128
+    2001:3::/32 prefixlen 32 - 128
+    2001:10::/28 prefixlen 28 - 128
+    2001:20::/28 prefixlen 28 - 128
+    2001:db8::/32 prefixlen 32 - 128
+    2002::/16 prefixlen 16 - 128
+    3ffe::/16 prefixlen 16 - 128
+    4000::/3 prefixlen 3 - 128
+    5f00::/8 prefixlen 8 - 128
+    6000::/3 prefixlen 3 - 128
+    8000::/3 prefixlen 3 - 128
+    a000::/3 prefixlen 3 - 128
+    c000::/3 prefixlen 3 - 128
+    e000::/4 prefixlen 4 - 128
+    f000::/5 prefixlen 5 - 128
+    f800::/6 prefixlen 6 - 128
+    fc00::/7 prefixlen 7 - 128
+    fe80::/10 prefixlen 10 - 128
+    fec0::/10 prefixlen 10 - 128
+    ff00::/8 prefixlen 8 - 128
+
+}
+
+# never via route-servers ASNs
+as-set "neverviarouteserver" {
+	666, 777
+}
+
+# =====================================================================================
+# Global rules.
+
+# This part of configuration is processed at the beginning of the filters.
+# The rules defined in this part are applied to all the clients, and not on a
+# client-by-client basis (see the 'match from group clients'), so only global policies
+# can be implemented here, that is no client-level configuration are allowed.
+
+
+
+# Scrub communities from inbound routes
+# origin_not_present_in_as_set
+match from group clients set community delete 65530:0
+match from group clients set large-community delete 999:65530:0
+
+# origin_present_in_as_set
+match from group clients set community delete 65530:1
+match from group clients set large-community delete 999:65530:1
+
+# prefix_validated_via_arin_whois_db_dump
+match from group clients set community delete 65530:3
+match from group clients set large-community delete 999:65530:3
+
+# prefix_validated_via_rpki_roas
+match from group clients set community delete 65530:2
+match from group clients set large-community delete 999:65530:2
+
+# reject_cause
+match from group clients set community delete 65520:*
+
+# reject_cause_map_6
+match from group clients set large-community delete 999:1101:7
+
+# rejected_route_announced_by
+match from group clients set ext-community delete rt 65520:*
+
+# rpki_bgp_origin_validation_not_performed
+match from group clients set community delete 65530:4
+match from group clients set large-community delete 999:65530:4
+
+
+# Scrub internal communities from inbound routes
+match from group clients set {
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+# The main goal of this block is to enrich routes received from clients by attaching to them
+# internal informational communities which are used later by the rest of the filter rules.
+
+# Internal communities used for RFC1997 well-known communities handling
+
+# Transform NO_EXPORT into $INTCOMM_NO_EXPORT
+match from group clients community NO_EXPORT set { ext-community $INTCOMM_NO_EXPORT community delete NO_EXPORT }
+
+# Transform NO_ADVERTISE into $INTCOMM_NO_ADVERTISE
+match from group clients community NO_ADVERTISE set { ext-community $INTCOMM_NO_ADVERTISE community delete NO_ADVERTISE }
+
+
+# ---------------------------------------------------------
+# ROAs source
+
+
+roa-set {
+    101.3.0.0/16 maxlen 24 source-as 105 expires 4102444799
+    101.2.0.0/17 source-as 101 expires 4102444799
+    101.2.128.0/17 maxlen 24 source-as 101 expires 4102444799
+    101.0.128.0/20 maxlen 23 source-as 101 expires 4102444799
+    101.0.8.0/24 source-as 101 expires 4102444799
+    101.0.9.0/24 source-as 102 expires 4102444799
+    222.1.1.0/24 source-as 333 expires 4102444799
+    3101:3::/32 maxlen 48 source-as 105 expires 4102444799
+    3101:0:8000::/33 maxlen 34 source-as 101 expires 4102444799
+    3101:2:8000::/33 maxlen 48 source-as 101 expires 4102444799
+    3101:2::/33 source-as 101 expires 4102444799
+    3101:0:8::/48 source-as 101 expires 4102444799
+    3101:0:9::/48 source-as 102 expires 4102444799
+    3222:0:1::/48 source-as 333 expires 4102444799
+
+}
+
+
+
+# ---------------------------------------------------------
+# RPKI-based Origin Validation
+
+
+# Add $INTCOMM_RPKI_UNKNOWN, $INTCOMM_RPKI_INVALID and $INTCOMM_RPKI_VALID
+# ext community on the basis of ovs.
+match from group clients ovs not-found set {
+    ext-community $INTCOMM_RPKI_UNKNOWN
+    ext-community ovs not-found
+    
+}
+match from group clients ovs valid set {
+    ext-community $INTCOMM_RPKI_VALID
+    ext-community ovs valid
+    
+}
+match from group clients ovs invalid set {
+    ext-community $INTCOMM_RPKI_INVALID
+    ext-community ovs invalid
+    
+}
+
+
+
+# ---------------------------------------------------------
+# RPKI ROAs used as route objects.
+
+# Add the $INTCOMM_PREF_OK_ROA ext community to routes whose
+# origin ASN has a ROA for the announced prefix.
+# It will be used later during IRRDB validation in
+# case the origin ASN is authorized by a client's
+# AS-SET but the prefix is not.
+
+# Since RPKI-based Origin Validation is already performed above,
+# use the origin validation state to identify valid routes.
+match from group clients ovs valid set ext-community $INTCOMM_PREF_OK_ROA
+
+
+# ARIN Whois records used for preifx validation
+# ---------------------------------------------
+
+# Add the $INTCOMM_PREF_OK_ARINDB ext community to routes whose
+# origin ASN has an ARIN Whois record for the announced prefix.
+# It will be used later during IRRDB validation in
+# case the origin ASN is authorized by a client's
+# AS-SET but the prefix is not.
+origin-set "ARINDB" {
+104.0.0.0/23 prefixlen 23 - 32 source-as 104
+3104::/32 prefixlen 32 - 128 source-as 104
+}
+match from group clients origin-set ARINDB set ext-community $INTCOMM_PREF_OK_ARINDB
+
+# NIC.BR Whois records used for preifx validation
+# -----------------------------------------------
+
+# Add the $INTCOMM_PREF_OK_REGISTROBRDB ext community to routes whose
+# origin ASN has a NIC.BR Whois record for the announced prefix.
+# It will be used later during IRRDB validation in
+# case the origin ASN is authorized by a client's
+# AS-SET but the prefix is not.
+origin-set "REGISTROBRDB" {
+104.1.1.0/24 prefixlen 24 - 32 source-as 104
+3104:1:1::/48 prefixlen 48 - 128 source-as 104
+}
+match from group clients origin-set REGISTROBRDB set ext-community $INTCOMM_PREF_OK_REGISTROBRDB
+
+
+
+# Set the 'rejected_route_announced_by' community for all the clients.
+# It will be removed later if the route is not invalid
+match from 192.0.2.11 set ext-community rt 65520:1
+
+match from 2001:db8:1:1::11 set ext-community rt 65520:1
+
+match from 192.0.2.12 set ext-community rt 65520:1
+
+match from 2001:db8:1:1::12 set ext-community rt 65520:1
+
+match from 192.0.2.222 set ext-community rt 65520:222
+
+match from 2001:db8:1:1::222 set ext-community rt 65520:222
+
+match from 192.0.2.21 set ext-community rt 65520:2
+
+match from 2001:db8:1:1::21 set ext-community rt 65520:2
+
+match from 192.0.2.31 set ext-community rt 65520:3
+
+match from 2001:db8:1:1::31 set ext-community rt 65520:3
+
+match from 192.0.2.41 set ext-community rt 65520:4
+
+match from 2001:db8:1:1::41 set ext-community rt 65520:4
+
+
+
+
+# AS_PATH: length
+# Reject inbound routes when 'from group clients max-as-len 6' - reject code: 1
+allow quick from group clients max-as-len 6 set {
+	localpref 1
+	community 65520:0
+	community 65520:1
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# Prefix: global blacklist
+# Reject inbound routes when 'from group clients prefix-set global_black_list_pref' - reject code: 3
+allow quick from group clients prefix-set global_black_list_pref set {
+	localpref 1
+	community 65520:0
+	community 65520:3
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# Prefix: only IPv6 Global Unicast space allowed
+match from group clients inet6 set community NO_ADVERTISE
+match from group clients prefix 2000::/3 or-longer set community delete NO_ADVERTISE
+# Reject inbound routes when 'from group clients community NO_ADVERTISE' - reject code: 10
+allow quick from group clients community NO_ADVERTISE set {
+	localpref 1
+	community 65520:0
+	community 65520:10
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# Prefix: bogon
+# Reject inbound routes when 'from group clients prefix-set bogons' - reject code: 2
+allow quick from group clients prefix-set bogons set {
+	localpref 1
+	community 65520:0
+	community 65520:2
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+
+# =====================================================================================
+# Per client rules.
+
+
+# ---------------------------------------------
+# client AS1_1, inbound
+
+
+
+# NEXT_HOP
+match from 192.0.2.11 set community NO_ADVERTISE
+match from 192.0.2.11 nexthop 192.0.2.11 set community delete NO_ADVERTISE
+# Reject inbound routes when 'from 192.0.2.11 community NO_ADVERTISE' - reject code: 5
+allow quick from 192.0.2.11 community NO_ADVERTISE set {
+	localpref 1
+	community 65520:0
+	community 65520:5
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: left-most ASN
+# Reject inbound routes when 'from 192.0.2.11 peer-as != 1' - reject code: 6
+# community from reject_cause_map
+allow quick from 192.0.2.11 peer-as != 1 set {
+	localpref 1
+	community 65520:0
+	community 65520:6
+	large-community 999:1101:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: invalid ASNs
+# Reject inbound routes when 'from 192.0.2.11 AS 23456' - reject code: 7
+allow quick from 192.0.2.11 AS 23456 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 192.0.2.11 AS 64496 - 131071' - reject code: 7
+allow quick from 192.0.2.11 AS 64496 - 131071 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 192.0.2.11 AS 4200000000 - 4294967295' - reject code: 7
+allow quick from 192.0.2.11 AS 4200000000 - 4294967295 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: transit-free ASNs
+# Reject inbound routes when 'from 192.0.2.11 AS { 3, 174 }' - reject code: 8
+allow quick from 192.0.2.11 AS { 3, 174 } set {
+	localpref 1
+	community 65520:0
+	community 65520:8
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: never via route-servers ASNs
+# Reject inbound routes when 'from 192.0.2.11 AS as-set neverviarouteserver' - reject code: 15
+allow quick from 192.0.2.11 AS as-set neverviarouteserver set {
+	localpref 1
+	community 65520:0
+	community 65520:15
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# client's white list
+# Add the $INTCOMM_ROUTE_OK_WL ext community to routes which
+# are validated by a client's white list entry.
+# It will be used later during IRRDB validation in
+# case the route is not authorized by a client's
+# AS-SET.
+match from 192.0.2.11 prefix 11.3.0.0/16 source-as 1011 set ext-community $INTCOMM_ROUTE_OK_WL	# None
+match from 192.0.2.11 prefix 11.4.0.0/16 prefixlen 16 - 32 set ext-community $INTCOMM_ROUTE_OK_WL	# None
+match from 192.0.2.11 prefix 2a11:3::/32 source-as 1011 set ext-community $INTCOMM_ROUTE_OK_WL	# None
+match from 192.0.2.11 prefix 2a11:4::/32 prefixlen 32 - 128 set ext-community $INTCOMM_ROUTE_OK_WL	# None
+
+match from 192.0.2.11 set ext-community $INTCOMM_IRR_REJECT
+
+# AS_PATH: check origin via AS-SET
+# IRRDB filters for AS1_1, AS1: asns
+# add $INTCOMM_ORIGIN_KO to any; it will be removed later if at least one AS-SET authorizes this object
+match from 192.0.2.11 set ext-community $INTCOMM_ORIGIN_KO
+# verifying if object is authorized by AS-SETs
+match from 192.0.2.11 source-as as-set AS_SET_AS_AS1_AS_AS1_CUSTOMERS_asns set {
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community $INTCOMM_ORIGIN_OK
+} # AS_AS1_AS_AS1_CUSTOMERS
+# AS-SET AS1 referenced but empty.
+match from 192.0.2.11 source-as as-set AS_SET_WHITE_LIST_AS1_1_asns set {
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community $INTCOMM_ORIGIN_OK
+} # WHITE_LIST_AS1_1
+
+
+# Prefix: check prefix via AS-SET
+# IRRDB filters for AS1_1, AS1: prefixes
+# add $INTCOMM_PREFIX_KO to any; it will be removed later if at least one AS-SET authorizes this object
+match from 192.0.2.11 set ext-community $INTCOMM_PREFIX_KO
+# verifying if object is authorized by AS-SETs
+match from 192.0.2.11 prefix-set AS_SET_AS_AS1_AS_AS1_CUSTOMERS_prefixes set {
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community $INTCOMM_PREFIX_OK
+} # AS_AS1_AS_AS1_CUSTOMERS
+# AS-SET AS1 referenced but empty.
+match from 192.0.2.11 prefix-set AS_SET_WHITE_LIST_AS1_1_prefixes set {
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community $INTCOMM_PREFIX_OK
+} # WHITE_LIST_AS1_1
+
+
+# routes tagged with $INTCOMM_PREF_OK_ROA community have the prefix validated by a ROA; origin ASN previously validated ($INTCOMM_ORIGIN_OK)
+match from 192.0.2.11 ext-community $INTCOMM_ORIGIN_OK ext-community $INTCOMM_PREF_OK_ROA set ext-community delete $INTCOMM_IRR_REJECT
+
+# routes tagged with $INTCOMM_PREF_OK_ARINDB community have the prefix validated by an ARIN Whois record; origin ASN previously validated ($INTCOMM_ORIGIN_OK)
+match from 192.0.2.11 ext-community $INTCOMM_ORIGIN_OK ext-community $INTCOMM_PREF_OK_ARINDB set ext-community delete $INTCOMM_IRR_REJECT
+
+# routes tagged with $INTCOMM_PREF_OK_REGISTROBRDB community have the prefix validated by a NICBR Whois record; origin ASN previously validated ($INTCOMM_ORIGIN_OK)
+match from 192.0.2.11 ext-community $INTCOMM_ORIGIN_OK ext-community $INTCOMM_PREF_OK_REGISTROBRDB set ext-community delete $INTCOMM_IRR_REJECT
+
+# route authorized by a client's white list?
+match from 192.0.2.11 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_ROUTE_OK_WL set ext-community delete $INTCOMM_IRR_REJECT
+
+# enforcing: origin ASN
+# Reject inbound routes when 'from 192.0.2.11 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_ORIGIN_KO' - reject code: 9
+allow quick from 192.0.2.11 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_ORIGIN_KO set {
+	localpref 1
+	community 65520:0
+	community 65520:9
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# enforcing: prefix
+# Reject inbound routes when 'from 192.0.2.11 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_PREFIX_KO' - reject code: 12
+allow quick from 192.0.2.11 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_PREFIX_KO set {
+	localpref 1
+	community 65520:0
+	community 65520:12
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# Blackhole request?
+match from 192.0.2.11 set ext-community delete rt 65520:1
+
+
+# Remove internal communities before accepting the route
+match from 192.0.2.11 community BLACKHOLE set {
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+allow from 192.0.2.11 community 65534:0 set {
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+allow from 192.0.2.11 large-community 65534:0:0 set {
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# Add the rpki_bgp_origin_validation_not_performed community
+match from 192.0.2.11 community BLACKHOLE set community 65530:4
+match from 192.0.2.11 community BLACKHOLE set large-community 999:65530:4
+
+match from 192.0.2.11 community 65534:0 set { community 65530:4 large-community 999:65530:4}
+match from 192.0.2.11 large-community 65534:0:0 set { community 65530:4 large-community 999:65530:4}
+
+
+allow quick from 192.0.2.11 community BLACKHOLE
+allow quick from 192.0.2.11 community 65534:0
+allow quick from 192.0.2.11 large-community 65534:0:0
+
+
+match from 192.0.2.11 set ext-community rt 65520:1
+
+
+# RPKI-based Origin Validation
+# Reject inbound routes when 'from 192.0.2.11 ext-community $INTCOMM_RPKI_INVALID' - reject code: 14
+allow quick from 192.0.2.11 ext-community $INTCOMM_RPKI_INVALID set {
+	localpref 1
+	community 65520:0
+	community 65520:14
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# Prefix: length
+# Reject inbound routes when 'from 192.0.2.11 prefix 0.0.0.0/0 prefixlen 8 >< 24' - reject code: 13
+allow quick from 192.0.2.11 prefix 0.0.0.0/0 prefixlen 8 >< 24 set {
+	localpref 1
+	community 65520:0
+	community 65520:13
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# Graceful shutdown
+match from 192.0.2.11 community GRACEFUL_SHUTDOWN set localpref 5
+
+# Remove internal communities before accepting the route
+match from 192.0.2.11 set {
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+match from 192.0.2.11 set ext-community delete rt 65520:1
+
+
+
+allow quick from 192.0.2.11
+
+
+
+# ---------------------------------------------
+# client AS1_1, outbound
+
+deny quick to 192.0.2.11 community 65520:0
+
+
+
+# Blackhole request?
+# Configured policy: rewrite-next-hop
+match to 192.0.2.11 community 65534:0 set community BLACKHOLE
+match to 192.0.2.11 large-community 65534:0:0 set community BLACKHOLE
+
+match to 192.0.2.11 community BLACKHOLE set community NO_EXPORT
+match to 192.0.2.11 community BLACKHOLE set nexthop 192.0.2.66
+
+
+# RPKI-based Origin Validation
+# Do not announce INVALID to clients
+deny quick to 192.0.2.11 ext-community $INTCOMM_RPKI_INVALID
+
+# NO_EXPORT and NO_ADVERTISE communities
+# add_noexport_to_any
+match to 192.0.2.11 community 65507:999 set community NO_EXPORT
+match to 192.0.2.11 ext-community rt 65507:999 set community NO_EXPORT
+match to 192.0.2.11 large-community 999:65507:999 set community NO_EXPORT
+
+# add_noadvertise_to_any
+match to 192.0.2.11 community 65508:999 set community NO_ADVERTISE
+match to 192.0.2.11 ext-community rt 65508:999 set community NO_ADVERTISE
+match to 192.0.2.11 large-community 999:65508:999 set community NO_ADVERTISE
+
+# add_noexport_to_peer
+match to 192.0.2.11 community 65509:1 set community NO_EXPORT
+match to 192.0.2.11 ext-community rt 65509:1 set community NO_EXPORT
+match to 192.0.2.11 large-community 999:65509:1 set community NO_EXPORT
+
+# add_noadvertise_to_peer
+match to 192.0.2.11 community 65510:1 set community NO_ADVERTISE
+match to 192.0.2.11 ext-community rt 65510:1 set community NO_ADVERTISE
+match to 192.0.2.11 large-community 999:65510:1 set community NO_ADVERTISE
+
+
+# BGP control communities
+allow to 192.0.2.11
+
+# do_not_announce_to_any
+deny to 192.0.2.11 community 0:999
+deny to 192.0.2.11 ext-community rt 0:999
+deny to 192.0.2.11 large-community 999:0:999
+
+# do_not_announce_to_peer
+deny quick to 192.0.2.11 community 0:1
+deny quick to 192.0.2.11 ext-community rt 0:1
+deny quick to 192.0.2.11 large-community 999:0:1
+
+# do_not_announce_to_peers_with_rtt_lower_than 5 ms
+deny to 192.0.2.11 community 64530:5
+deny to 192.0.2.11 ext-community rt 64530:5
+deny to 192.0.2.11 large-community 999:64530:5
+
+
+# do_not_announce_to_peers_with_rtt_lower_than 10 ms
+deny to 192.0.2.11 community 64530:10
+deny to 192.0.2.11 ext-community rt 64530:10
+deny to 192.0.2.11 large-community 999:64530:10
+
+
+# do_not_announce_to_peers_with_rtt_lower_than 15 ms
+deny to 192.0.2.11 community 64530:15
+deny to 192.0.2.11 ext-community rt 64530:15
+deny to 192.0.2.11 large-community 999:64530:15
+
+
+# do_not_announce_to_peers_with_rtt_lower_than 20 ms
+deny to 192.0.2.11 community 64530:20
+deny to 192.0.2.11 ext-community rt 64530:20
+deny to 192.0.2.11 large-community 999:64530:20
+
+
+# do_not_announce_to_peers_with_rtt_lower_than 30 ms
+deny to 192.0.2.11 community 64530:30
+deny to 192.0.2.11 ext-community rt 64530:30
+deny to 192.0.2.11 large-community 999:64530:30
+
+
+# do_not_announce_to_peers_with_rtt_lower_than 50 ms
+deny to 192.0.2.11 community 64530:50
+deny to 192.0.2.11 ext-community rt 64530:50
+deny to 192.0.2.11 large-community 999:64530:50
+
+
+# do_not_announce_to_peers_with_rtt_lower_than 100 ms
+deny to 192.0.2.11 community 64530:100
+deny to 192.0.2.11 ext-community rt 64530:100
+deny to 192.0.2.11 large-community 999:64530:100
+
+
+# do_not_announce_to_peers_with_rtt_lower_than 200 ms
+deny to 192.0.2.11 community 64530:200
+deny to 192.0.2.11 ext-community rt 64530:200
+deny to 192.0.2.11 large-community 999:64530:200
+
+
+# do_not_announce_to_peers_with_rtt_lower_than 500 ms
+deny to 192.0.2.11 community 64530:500
+deny to 192.0.2.11 ext-community rt 64530:500
+deny to 192.0.2.11 large-community 999:64530:500
+
+
+# announce_to_peers_with_rtt_lower_than 5 ms
+allow to 192.0.2.11 community 64532:5
+allow to 192.0.2.11 ext-community rt 64532:5
+allow to 192.0.2.11 large-community 999:64532:5
+
+
+# announce_to_peers_with_rtt_lower_than 10 ms
+allow to 192.0.2.11 community 64532:10
+allow to 192.0.2.11 ext-community rt 64532:10
+allow to 192.0.2.11 large-community 999:64532:10
+
+
+# announce_to_peers_with_rtt_lower_than 15 ms
+allow to 192.0.2.11 community 64532:15
+allow to 192.0.2.11 ext-community rt 64532:15
+allow to 192.0.2.11 large-community 999:64532:15
+
+
+# announce_to_peers_with_rtt_lower_than 20 ms
+allow to 192.0.2.11 community 64532:20
+allow to 192.0.2.11 ext-community rt 64532:20
+allow to 192.0.2.11 large-community 999:64532:20
+
+
+# announce_to_peers_with_rtt_lower_than 30 ms
+allow to 192.0.2.11 community 64532:30
+allow to 192.0.2.11 ext-community rt 64532:30
+allow to 192.0.2.11 large-community 999:64532:30
+
+
+# announce_to_peers_with_rtt_lower_than 50 ms
+allow to 192.0.2.11 community 64532:50
+allow to 192.0.2.11 ext-community rt 64532:50
+allow to 192.0.2.11 large-community 999:64532:50
+
+
+# announce_to_peers_with_rtt_lower_than 100 ms
+allow to 192.0.2.11 community 64532:100
+allow to 192.0.2.11 ext-community rt 64532:100
+allow to 192.0.2.11 large-community 999:64532:100
+
+
+# announce_to_peers_with_rtt_lower_than 200 ms
+allow to 192.0.2.11 community 64532:200
+allow to 192.0.2.11 ext-community rt 64532:200
+allow to 192.0.2.11 large-community 999:64532:200
+
+
+# announce_to_peers_with_rtt_lower_than 500 ms
+allow to 192.0.2.11 community 64532:500
+allow to 192.0.2.11 ext-community rt 64532:500
+allow to 192.0.2.11 large-community 999:64532:500
+
+
+# announce_to_peer
+allow to 192.0.2.11 community 65501:1
+allow to 192.0.2.11 ext-community rt 65501:1
+allow to 192.0.2.11 large-community 999:65501:1
+
+
+# Add the $INTCOMM_PROCESS_PREPEND_COMMS ext community to signal that communities
+# for prepending can be processed. As soon as one prepending action is performed,
+# this internal community is removed, so that further actions are not processed.
+match to 192.0.2.11 set ext-community $INTCOMM_PROCESS_PREPEND_COMMS
+
+# prepend_once_to_peer AS1; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 65521:1 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 65521:1 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:65521:1 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+# prepend_twice_to_peer AS1; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 65522:1 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 65522:1 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:65522:1 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+# prepend_thrice_to_peer AS1; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 65523:1 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 65523:1 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:65523:1 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_once_to_peers_with_rtt_lower_than 5 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64534:5 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64534:5 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64534:5 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_twice_to_peers_with_rtt_lower_than 5 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64535:5 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64535:5 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64535:5 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_thrice_to_peers_with_rtt_lower_than 5 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64536:5 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64536:5 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64536:5 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_once_to_peers_with_rtt_lower_than 10 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64534:10 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64534:10 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64534:10 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_twice_to_peers_with_rtt_lower_than 10 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64535:10 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64535:10 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64535:10 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_thrice_to_peers_with_rtt_lower_than 10 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64536:10 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64536:10 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64536:10 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_once_to_peers_with_rtt_lower_than 15 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64534:15 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64534:15 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64534:15 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_twice_to_peers_with_rtt_lower_than 15 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64535:15 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64535:15 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64535:15 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_thrice_to_peers_with_rtt_lower_than 15 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64536:15 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64536:15 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64536:15 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_once_to_peers_with_rtt_lower_than 20 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64534:20 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64534:20 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64534:20 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_twice_to_peers_with_rtt_lower_than 20 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64535:20 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64535:20 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64535:20 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_thrice_to_peers_with_rtt_lower_than 20 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64536:20 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64536:20 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64536:20 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_once_to_peers_with_rtt_lower_than 30 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64534:30 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64534:30 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64534:30 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_twice_to_peers_with_rtt_lower_than 30 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64535:30 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64535:30 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64535:30 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_thrice_to_peers_with_rtt_lower_than 30 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64536:30 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64536:30 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64536:30 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_once_to_peers_with_rtt_lower_than 50 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64534:50 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64534:50 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64534:50 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_twice_to_peers_with_rtt_lower_than 50 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64535:50 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64535:50 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64535:50 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_thrice_to_peers_with_rtt_lower_than 50 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64536:50 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64536:50 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64536:50 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_once_to_peers_with_rtt_lower_than 100 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64534:100 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64534:100 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64534:100 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_twice_to_peers_with_rtt_lower_than 100 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64535:100 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64535:100 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64535:100 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_thrice_to_peers_with_rtt_lower_than 100 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64536:100 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64536:100 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64536:100 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_once_to_peers_with_rtt_lower_than 200 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64534:200 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64534:200 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64534:200 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_twice_to_peers_with_rtt_lower_than 200 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64535:200 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64535:200 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64535:200 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_thrice_to_peers_with_rtt_lower_than 200 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64536:200 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64536:200 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64536:200 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_once_to_peers_with_rtt_lower_than 500 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64534:500 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64534:500 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64534:500 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_twice_to_peers_with_rtt_lower_than 500 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64535:500 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64535:500 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64535:500 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_thrice_to_peers_with_rtt_lower_than 500 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64536:500 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64536:500 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64536:500 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+
+# prepend_once_to_any; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 65521:65521 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 65521:65521 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:65521:65521 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+# prepend_twice_to_any; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 65522:65522 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 65522:65522 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:65522:65522 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+# prepend_thrice_to_any; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 65523:65523 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 65523:65523 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:65523:65523 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+
+# ---------------------------------------------
+# client AS1_2, inbound
+
+
+
+# NEXT_HOP
+match from 2001:db8:1:1::11 set community NO_ADVERTISE
+match from 2001:db8:1:1::11 nexthop 2001:db8:1:1::11 set community delete NO_ADVERTISE
+# Reject inbound routes when 'from 2001:db8:1:1::11 community NO_ADVERTISE' - reject code: 5
+allow quick from 2001:db8:1:1::11 community NO_ADVERTISE set {
+	localpref 1
+	community 65520:0
+	community 65520:5
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: left-most ASN
+# Reject inbound routes when 'from 2001:db8:1:1::11 peer-as != 1' - reject code: 6
+# community from reject_cause_map
+allow quick from 2001:db8:1:1::11 peer-as != 1 set {
+	localpref 1
+	community 65520:0
+	community 65520:6
+	large-community 999:1101:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: invalid ASNs
+# Reject inbound routes when 'from 2001:db8:1:1::11 AS 23456' - reject code: 7
+allow quick from 2001:db8:1:1::11 AS 23456 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 2001:db8:1:1::11 AS 64496 - 131071' - reject code: 7
+allow quick from 2001:db8:1:1::11 AS 64496 - 131071 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 2001:db8:1:1::11 AS 4200000000 - 4294967295' - reject code: 7
+allow quick from 2001:db8:1:1::11 AS 4200000000 - 4294967295 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: transit-free ASNs
+# Reject inbound routes when 'from 2001:db8:1:1::11 AS { 3, 174 }' - reject code: 8
+allow quick from 2001:db8:1:1::11 AS { 3, 174 } set {
+	localpref 1
+	community 65520:0
+	community 65520:8
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: never via route-servers ASNs
+# Reject inbound routes when 'from 2001:db8:1:1::11 AS as-set neverviarouteserver' - reject code: 15
+allow quick from 2001:db8:1:1::11 AS as-set neverviarouteserver set {
+	localpref 1
+	community 65520:0
+	community 65520:15
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# client's white list
+# Add the $INTCOMM_ROUTE_OK_WL ext community to routes which
+# are validated by a client's white list entry.
+# It will be used later during IRRDB validation in
+# case the route is not authorized by a client's
+# AS-SET.
+match from 2001:db8:1:1::11 prefix 11.3.0.0/16 source-as 1011 set ext-community $INTCOMM_ROUTE_OK_WL	# None
+match from 2001:db8:1:1::11 prefix 11.4.0.0/16 prefixlen 16 - 32 set ext-community $INTCOMM_ROUTE_OK_WL	# None
+match from 2001:db8:1:1::11 prefix 2a11:3::/32 source-as 1011 set ext-community $INTCOMM_ROUTE_OK_WL	# None
+match from 2001:db8:1:1::11 prefix 2a11:4::/32 prefixlen 32 - 128 set ext-community $INTCOMM_ROUTE_OK_WL	# None
+
+match from 2001:db8:1:1::11 set ext-community $INTCOMM_IRR_REJECT
+
+# AS_PATH: check origin via AS-SET
+# IRRDB filters for AS1_2, AS1: asns
+# add $INTCOMM_ORIGIN_KO to any; it will be removed later if at least one AS-SET authorizes this object
+match from 2001:db8:1:1::11 set ext-community $INTCOMM_ORIGIN_KO
+# verifying if object is authorized by AS-SETs
+match from 2001:db8:1:1::11 source-as as-set AS_SET_AS_AS1_AS_AS1_CUSTOMERS_asns set {
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community $INTCOMM_ORIGIN_OK
+} # AS_AS1_AS_AS1_CUSTOMERS
+match from 2001:db8:1:1::11 source-as as-set AS_SET_WHITE_LIST_AS1_2_asns set {
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community $INTCOMM_ORIGIN_OK
+} # WHITE_LIST_AS1_2
+# AS-SET AS1 referenced but empty.
+
+
+# Prefix: check prefix via AS-SET
+# IRRDB filters for AS1_2, AS1: prefixes
+# add $INTCOMM_PREFIX_KO to any; it will be removed later if at least one AS-SET authorizes this object
+match from 2001:db8:1:1::11 set ext-community $INTCOMM_PREFIX_KO
+# verifying if object is authorized by AS-SETs
+match from 2001:db8:1:1::11 prefix-set AS_SET_AS_AS1_AS_AS1_CUSTOMERS_prefixes set {
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community $INTCOMM_PREFIX_OK
+} # AS_AS1_AS_AS1_CUSTOMERS
+match from 2001:db8:1:1::11 prefix-set AS_SET_WHITE_LIST_AS1_2_prefixes set {
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community $INTCOMM_PREFIX_OK
+} # WHITE_LIST_AS1_2
+# AS-SET AS1 referenced but empty.
+
+
+# routes tagged with $INTCOMM_PREF_OK_ROA community have the prefix validated by a ROA; origin ASN previously validated ($INTCOMM_ORIGIN_OK)
+match from 2001:db8:1:1::11 ext-community $INTCOMM_ORIGIN_OK ext-community $INTCOMM_PREF_OK_ROA set ext-community delete $INTCOMM_IRR_REJECT
+
+# routes tagged with $INTCOMM_PREF_OK_ARINDB community have the prefix validated by an ARIN Whois record; origin ASN previously validated ($INTCOMM_ORIGIN_OK)
+match from 2001:db8:1:1::11 ext-community $INTCOMM_ORIGIN_OK ext-community $INTCOMM_PREF_OK_ARINDB set ext-community delete $INTCOMM_IRR_REJECT
+
+# routes tagged with $INTCOMM_PREF_OK_REGISTROBRDB community have the prefix validated by a NICBR Whois record; origin ASN previously validated ($INTCOMM_ORIGIN_OK)
+match from 2001:db8:1:1::11 ext-community $INTCOMM_ORIGIN_OK ext-community $INTCOMM_PREF_OK_REGISTROBRDB set ext-community delete $INTCOMM_IRR_REJECT
+
+# route authorized by a client's white list?
+match from 2001:db8:1:1::11 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_ROUTE_OK_WL set ext-community delete $INTCOMM_IRR_REJECT
+
+# enforcing: origin ASN
+# Reject inbound routes when 'from 2001:db8:1:1::11 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_ORIGIN_KO' - reject code: 9
+allow quick from 2001:db8:1:1::11 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_ORIGIN_KO set {
+	localpref 1
+	community 65520:0
+	community 65520:9
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# enforcing: prefix
+# Reject inbound routes when 'from 2001:db8:1:1::11 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_PREFIX_KO' - reject code: 12
+allow quick from 2001:db8:1:1::11 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_PREFIX_KO set {
+	localpref 1
+	community 65520:0
+	community 65520:12
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# Blackhole request?
+match from 2001:db8:1:1::11 set ext-community delete rt 65520:1
+
+
+# Remove internal communities before accepting the route
+match from 2001:db8:1:1::11 community BLACKHOLE set {
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+allow from 2001:db8:1:1::11 community 65534:0 set {
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+allow from 2001:db8:1:1::11 large-community 65534:0:0 set {
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# Add the rpki_bgp_origin_validation_not_performed community
+match from 2001:db8:1:1::11 community BLACKHOLE set community 65530:4
+match from 2001:db8:1:1::11 community BLACKHOLE set large-community 999:65530:4
+
+match from 2001:db8:1:1::11 community 65534:0 set { community 65530:4 large-community 999:65530:4}
+match from 2001:db8:1:1::11 large-community 65534:0:0 set { community 65530:4 large-community 999:65530:4}
+
+
+allow quick from 2001:db8:1:1::11 community BLACKHOLE
+allow quick from 2001:db8:1:1::11 community 65534:0
+allow quick from 2001:db8:1:1::11 large-community 65534:0:0
+
+
+match from 2001:db8:1:1::11 set ext-community rt 65520:1
+
+
+# RPKI-based Origin Validation
+# Reject inbound routes when 'from 2001:db8:1:1::11 ext-community $INTCOMM_RPKI_INVALID' - reject code: 14
+allow quick from 2001:db8:1:1::11 ext-community $INTCOMM_RPKI_INVALID set {
+	localpref 1
+	community 65520:0
+	community 65520:14
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# Prefix: length
+# Reject inbound routes when 'from 2001:db8:1:1::11 prefix ::/0 prefixlen 17 >< 48' - reject code: 13
+allow quick from 2001:db8:1:1::11 prefix ::/0 prefixlen 17 >< 48 set {
+	localpref 1
+	community 65520:0
+	community 65520:13
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# Graceful shutdown
+match from 2001:db8:1:1::11 community GRACEFUL_SHUTDOWN set localpref 5
+
+# Remove internal communities before accepting the route
+match from 2001:db8:1:1::11 set {
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+match from 2001:db8:1:1::11 set ext-community delete rt 65520:1
+
+
+
+allow quick from 2001:db8:1:1::11
+
+
+
+# ---------------------------------------------
+# client AS1_2, outbound
+
+deny quick to 2001:db8:1:1::11 community 65520:0
+
+
+
+# Blackhole request?
+# Configured policy: rewrite-next-hop
+match to 2001:db8:1:1::11 community 65534:0 set community BLACKHOLE
+match to 2001:db8:1:1::11 large-community 65534:0:0 set community BLACKHOLE
+
+match to 2001:db8:1:1::11 community BLACKHOLE set community NO_EXPORT
+match to 2001:db8:1:1::11 community BLACKHOLE set nexthop 2001:db8:1:1::66
+
+
+# RPKI-based Origin Validation
+# Do not announce INVALID to clients
+deny quick to 2001:db8:1:1::11 ext-community $INTCOMM_RPKI_INVALID
+
+# NO_EXPORT and NO_ADVERTISE communities
+# add_noexport_to_any
+match to 2001:db8:1:1::11 community 65507:999 set community NO_EXPORT
+match to 2001:db8:1:1::11 ext-community rt 65507:999 set community NO_EXPORT
+match to 2001:db8:1:1::11 large-community 999:65507:999 set community NO_EXPORT
+
+# add_noadvertise_to_any
+match to 2001:db8:1:1::11 community 65508:999 set community NO_ADVERTISE
+match to 2001:db8:1:1::11 ext-community rt 65508:999 set community NO_ADVERTISE
+match to 2001:db8:1:1::11 large-community 999:65508:999 set community NO_ADVERTISE
+
+# add_noexport_to_peer
+match to 2001:db8:1:1::11 community 65509:1 set community NO_EXPORT
+match to 2001:db8:1:1::11 ext-community rt 65509:1 set community NO_EXPORT
+match to 2001:db8:1:1::11 large-community 999:65509:1 set community NO_EXPORT
+
+# add_noadvertise_to_peer
+match to 2001:db8:1:1::11 community 65510:1 set community NO_ADVERTISE
+match to 2001:db8:1:1::11 ext-community rt 65510:1 set community NO_ADVERTISE
+match to 2001:db8:1:1::11 large-community 999:65510:1 set community NO_ADVERTISE
+
+
+# BGP control communities
+allow to 2001:db8:1:1::11
+
+# do_not_announce_to_any
+deny to 2001:db8:1:1::11 community 0:999
+deny to 2001:db8:1:1::11 ext-community rt 0:999
+deny to 2001:db8:1:1::11 large-community 999:0:999
+
+# do_not_announce_to_peer
+deny quick to 2001:db8:1:1::11 community 0:1
+deny quick to 2001:db8:1:1::11 ext-community rt 0:1
+deny quick to 2001:db8:1:1::11 large-community 999:0:1
+
+# announce_to_peer
+allow to 2001:db8:1:1::11 community 65501:1
+allow to 2001:db8:1:1::11 ext-community rt 65501:1
+allow to 2001:db8:1:1::11 large-community 999:65501:1
+
+
+# Add the $INTCOMM_PROCESS_PREPEND_COMMS ext community to signal that communities
+# for prepending can be processed. As soon as one prepending action is performed,
+# this internal community is removed, so that further actions are not processed.
+match to 2001:db8:1:1::11 set ext-community $INTCOMM_PROCESS_PREPEND_COMMS
+
+# prepend_once_to_peer AS1; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 65521:1 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 65521:1 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:65521:1 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+# prepend_twice_to_peer AS1; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 65522:1 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 65522:1 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:65522:1 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+# prepend_thrice_to_peer AS1; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 65523:1 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 65523:1 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:65523:1 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+
+# prepend_once_to_any; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 65521:65521 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 65521:65521 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:65521:65521 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+# prepend_twice_to_any; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 65522:65522 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 65522:65522 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:65522:65522 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+# prepend_thrice_to_any; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 65523:65523 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 65523:65523 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:65523:65523 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+
+# ---------------------------------------------
+# client AS1_3, inbound
+
+
+
+# NEXT_HOP
+match from 192.0.2.12 set community NO_ADVERTISE
+match from 192.0.2.12 nexthop 192.0.2.11 set community delete NO_ADVERTISE
+match from 192.0.2.12 nexthop 192.0.2.12 set community delete NO_ADVERTISE
+# Reject inbound routes when 'from 192.0.2.12 community NO_ADVERTISE' - reject code: 5
+allow quick from 192.0.2.12 community NO_ADVERTISE set {
+	localpref 1
+	community 65520:0
+	community 65520:5
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: left-most ASN
+# Reject inbound routes when 'from 192.0.2.12 peer-as != 1' - reject code: 6
+# community from reject_cause_map
+allow quick from 192.0.2.12 peer-as != 1 set {
+	localpref 1
+	community 65520:0
+	community 65520:6
+	large-community 999:1101:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: invalid ASNs
+# Reject inbound routes when 'from 192.0.2.12 AS 23456' - reject code: 7
+allow quick from 192.0.2.12 AS 23456 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 192.0.2.12 AS 64496 - 131071' - reject code: 7
+allow quick from 192.0.2.12 AS 64496 - 131071 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 192.0.2.12 AS 4200000000 - 4294967295' - reject code: 7
+allow quick from 192.0.2.12 AS 4200000000 - 4294967295 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: transit-free ASNs
+# Reject inbound routes when 'from 192.0.2.12 AS { 3, 174 }' - reject code: 8
+allow quick from 192.0.2.12 AS { 3, 174 } set {
+	localpref 1
+	community 65520:0
+	community 65520:8
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: never via route-servers ASNs
+# Reject inbound routes when 'from 192.0.2.12 AS as-set neverviarouteserver' - reject code: 15
+allow quick from 192.0.2.12 AS as-set neverviarouteserver set {
+	localpref 1
+	community 65520:0
+	community 65520:15
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+match from 192.0.2.12 set ext-community $INTCOMM_IRR_REJECT
+
+# AS_PATH: check origin via AS-SET
+# IRRDB filters for AS1_3, AS1: asns
+# add $INTCOMM_ORIGIN_KO to any; it will be removed later if at least one AS-SET authorizes this object
+match from 192.0.2.12 set ext-community $INTCOMM_ORIGIN_KO
+# verifying if object is authorized by AS-SETs
+match from 192.0.2.12 source-as as-set AS_SET_AS_AS1_AS_AS1_CUSTOMERS_asns set {
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community $INTCOMM_ORIGIN_OK
+} # AS_AS1_AS_AS1_CUSTOMERS
+# AS-SET AS1 referenced but empty.
+
+
+# Prefix: check prefix via AS-SET
+# IRRDB filters for AS1_3, AS1: prefixes
+# add $INTCOMM_PREFIX_KO to any; it will be removed later if at least one AS-SET authorizes this object
+match from 192.0.2.12 set ext-community $INTCOMM_PREFIX_KO
+# verifying if object is authorized by AS-SETs
+match from 192.0.2.12 prefix-set AS_SET_AS_AS1_AS_AS1_CUSTOMERS_prefixes set {
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community $INTCOMM_PREFIX_OK
+} # AS_AS1_AS_AS1_CUSTOMERS
+# AS-SET AS1 referenced but empty.
+
+
+# routes tagged with $INTCOMM_PREF_OK_ROA community have the prefix validated by a ROA; origin ASN previously validated ($INTCOMM_ORIGIN_OK)
+match from 192.0.2.12 ext-community $INTCOMM_ORIGIN_OK ext-community $INTCOMM_PREF_OK_ROA set ext-community delete $INTCOMM_IRR_REJECT
+
+# routes tagged with $INTCOMM_PREF_OK_ARINDB community have the prefix validated by an ARIN Whois record; origin ASN previously validated ($INTCOMM_ORIGIN_OK)
+match from 192.0.2.12 ext-community $INTCOMM_ORIGIN_OK ext-community $INTCOMM_PREF_OK_ARINDB set ext-community delete $INTCOMM_IRR_REJECT
+
+# routes tagged with $INTCOMM_PREF_OK_REGISTROBRDB community have the prefix validated by a NICBR Whois record; origin ASN previously validated ($INTCOMM_ORIGIN_OK)
+match from 192.0.2.12 ext-community $INTCOMM_ORIGIN_OK ext-community $INTCOMM_PREF_OK_REGISTROBRDB set ext-community delete $INTCOMM_IRR_REJECT
+
+
+# enforcing: origin ASN
+# Reject inbound routes when 'from 192.0.2.12 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_ORIGIN_KO' - reject code: 9
+allow quick from 192.0.2.12 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_ORIGIN_KO set {
+	localpref 1
+	community 65520:0
+	community 65520:9
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# enforcing: prefix
+# Reject inbound routes when 'from 192.0.2.12 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_PREFIX_KO' - reject code: 12
+allow quick from 192.0.2.12 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_PREFIX_KO set {
+	localpref 1
+	community 65520:0
+	community 65520:12
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# Blackhole request?
+match from 192.0.2.12 set ext-community delete rt 65520:1
+
+
+# Remove internal communities before accepting the route
+match from 192.0.2.12 community BLACKHOLE set {
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+allow from 192.0.2.12 community 65534:0 set {
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+allow from 192.0.2.12 large-community 65534:0:0 set {
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# Add the rpki_bgp_origin_validation_not_performed community
+match from 192.0.2.12 community BLACKHOLE set community 65530:4
+match from 192.0.2.12 community BLACKHOLE set large-community 999:65530:4
+
+match from 192.0.2.12 community 65534:0 set { community 65530:4 large-community 999:65530:4}
+match from 192.0.2.12 large-community 65534:0:0 set { community 65530:4 large-community 999:65530:4}
+
+
+allow quick from 192.0.2.12 community BLACKHOLE
+allow quick from 192.0.2.12 community 65534:0
+allow quick from 192.0.2.12 large-community 65534:0:0
+
+
+match from 192.0.2.12 set ext-community rt 65520:1
+
+
+# RPKI-based Origin Validation
+# Reject inbound routes when 'from 192.0.2.12 ext-community $INTCOMM_RPKI_INVALID' - reject code: 14
+allow quick from 192.0.2.12 ext-community $INTCOMM_RPKI_INVALID set {
+	localpref 1
+	community 65520:0
+	community 65520:14
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# Prefix: length
+# Reject inbound routes when 'from 192.0.2.12 prefix 0.0.0.0/0 prefixlen 8 >< 24' - reject code: 13
+allow quick from 192.0.2.12 prefix 0.0.0.0/0 prefixlen 8 >< 24 set {
+	localpref 1
+	community 65520:0
+	community 65520:13
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# Graceful shutdown
+match from 192.0.2.12 community GRACEFUL_SHUTDOWN set localpref 5
+
+# Remove internal communities before accepting the route
+match from 192.0.2.12 set {
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+match from 192.0.2.12 set ext-community delete rt 65520:1
+
+
+
+allow quick from 192.0.2.12
+
+
+
+# ---------------------------------------------
+# client AS1_3, outbound
+
+deny quick to 192.0.2.12 community 65520:0
+
+
+
+# Blackhole request?
+# Client not enabled to receive blackhole routes
+deny quick to 192.0.2.12 community BLACKHOLE
+deny quick to 192.0.2.12 community 65534:0
+deny quick to 192.0.2.12 large-community 65534:0:0
+
+
+# RPKI-based Origin Validation
+# Do not announce INVALID to clients
+deny quick to 192.0.2.12 ext-community $INTCOMM_RPKI_INVALID
+
+# NO_EXPORT and NO_ADVERTISE communities
+# add_noexport_to_any
+match to 192.0.2.12 community 65507:999 set community NO_EXPORT
+match to 192.0.2.12 ext-community rt 65507:999 set community NO_EXPORT
+match to 192.0.2.12 large-community 999:65507:999 set community NO_EXPORT
+
+# add_noadvertise_to_any
+match to 192.0.2.12 community 65508:999 set community NO_ADVERTISE
+match to 192.0.2.12 ext-community rt 65508:999 set community NO_ADVERTISE
+match to 192.0.2.12 large-community 999:65508:999 set community NO_ADVERTISE
+
+# add_noexport_to_peer
+match to 192.0.2.12 community 65509:1 set community NO_EXPORT
+match to 192.0.2.12 ext-community rt 65509:1 set community NO_EXPORT
+match to 192.0.2.12 large-community 999:65509:1 set community NO_EXPORT
+
+# add_noadvertise_to_peer
+match to 192.0.2.12 community 65510:1 set community NO_ADVERTISE
+match to 192.0.2.12 ext-community rt 65510:1 set community NO_ADVERTISE
+match to 192.0.2.12 large-community 999:65510:1 set community NO_ADVERTISE
+
+
+# BGP control communities
+allow to 192.0.2.12
+
+# do_not_announce_to_any
+deny to 192.0.2.12 community 0:999
+deny to 192.0.2.12 ext-community rt 0:999
+deny to 192.0.2.12 large-community 999:0:999
+
+# do_not_announce_to_peer
+deny quick to 192.0.2.12 community 0:1
+deny quick to 192.0.2.12 ext-community rt 0:1
+deny quick to 192.0.2.12 large-community 999:0:1
+
+# do_not_announce_to_peers_with_rtt_lower_than 5 ms
+deny to 192.0.2.12 community 64530:5
+deny to 192.0.2.12 ext-community rt 64530:5
+deny to 192.0.2.12 large-community 999:64530:5
+
+
+# do_not_announce_to_peers_with_rtt_lower_than 10 ms
+deny to 192.0.2.12 community 64530:10
+deny to 192.0.2.12 ext-community rt 64530:10
+deny to 192.0.2.12 large-community 999:64530:10
+
+
+# do_not_announce_to_peers_with_rtt_lower_than 15 ms
+deny to 192.0.2.12 community 64530:15
+deny to 192.0.2.12 ext-community rt 64530:15
+deny to 192.0.2.12 large-community 999:64530:15
+
+
+# do_not_announce_to_peers_with_rtt_lower_than 20 ms
+deny to 192.0.2.12 community 64530:20
+deny to 192.0.2.12 ext-community rt 64530:20
+deny to 192.0.2.12 large-community 999:64530:20
+
+
+# do_not_announce_to_peers_with_rtt_lower_than 30 ms
+deny to 192.0.2.12 community 64530:30
+deny to 192.0.2.12 ext-community rt 64530:30
+deny to 192.0.2.12 large-community 999:64530:30
+
+
+# do_not_announce_to_peers_with_rtt_lower_than 50 ms
+deny to 192.0.2.12 community 64530:50
+deny to 192.0.2.12 ext-community rt 64530:50
+deny to 192.0.2.12 large-community 999:64530:50
+
+
+# do_not_announce_to_peers_with_rtt_lower_than 100 ms
+deny to 192.0.2.12 community 64530:100
+deny to 192.0.2.12 ext-community rt 64530:100
+deny to 192.0.2.12 large-community 999:64530:100
+
+
+# do_not_announce_to_peers_with_rtt_lower_than 200 ms
+deny to 192.0.2.12 community 64530:200
+deny to 192.0.2.12 ext-community rt 64530:200
+deny to 192.0.2.12 large-community 999:64530:200
+
+
+# do_not_announce_to_peers_with_rtt_lower_than 500 ms
+deny to 192.0.2.12 community 64530:500
+deny to 192.0.2.12 ext-community rt 64530:500
+deny to 192.0.2.12 large-community 999:64530:500
+
+
+# announce_to_peers_with_rtt_lower_than 5 ms
+allow to 192.0.2.12 community 64532:5
+allow to 192.0.2.12 ext-community rt 64532:5
+allow to 192.0.2.12 large-community 999:64532:5
+
+
+# announce_to_peers_with_rtt_lower_than 10 ms
+allow to 192.0.2.12 community 64532:10
+allow to 192.0.2.12 ext-community rt 64532:10
+allow to 192.0.2.12 large-community 999:64532:10
+
+
+# announce_to_peers_with_rtt_lower_than 15 ms
+allow to 192.0.2.12 community 64532:15
+allow to 192.0.2.12 ext-community rt 64532:15
+allow to 192.0.2.12 large-community 999:64532:15
+
+
+# announce_to_peers_with_rtt_lower_than 20 ms
+allow to 192.0.2.12 community 64532:20
+allow to 192.0.2.12 ext-community rt 64532:20
+allow to 192.0.2.12 large-community 999:64532:20
+
+
+# announce_to_peers_with_rtt_lower_than 30 ms
+allow to 192.0.2.12 community 64532:30
+allow to 192.0.2.12 ext-community rt 64532:30
+allow to 192.0.2.12 large-community 999:64532:30
+
+
+# announce_to_peers_with_rtt_lower_than 50 ms
+allow to 192.0.2.12 community 64532:50
+allow to 192.0.2.12 ext-community rt 64532:50
+allow to 192.0.2.12 large-community 999:64532:50
+
+
+# announce_to_peers_with_rtt_lower_than 100 ms
+allow to 192.0.2.12 community 64532:100
+allow to 192.0.2.12 ext-community rt 64532:100
+allow to 192.0.2.12 large-community 999:64532:100
+
+
+# announce_to_peers_with_rtt_lower_than 200 ms
+allow to 192.0.2.12 community 64532:200
+allow to 192.0.2.12 ext-community rt 64532:200
+allow to 192.0.2.12 large-community 999:64532:200
+
+
+# announce_to_peers_with_rtt_lower_than 500 ms
+allow to 192.0.2.12 community 64532:500
+allow to 192.0.2.12 ext-community rt 64532:500
+allow to 192.0.2.12 large-community 999:64532:500
+
+
+# announce_to_peer
+allow to 192.0.2.12 community 65501:1
+allow to 192.0.2.12 ext-community rt 65501:1
+allow to 192.0.2.12 large-community 999:65501:1
+
+
+# Add the $INTCOMM_PROCESS_PREPEND_COMMS ext community to signal that communities
+# for prepending can be processed. As soon as one prepending action is performed,
+# this internal community is removed, so that further actions are not processed.
+match to 192.0.2.12 set ext-community $INTCOMM_PROCESS_PREPEND_COMMS
+
+# prepend_once_to_peer AS1; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 65521:1 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 65521:1 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:65521:1 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+# prepend_twice_to_peer AS1; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 65522:1 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 65522:1 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:65522:1 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+# prepend_thrice_to_peer AS1; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 65523:1 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 65523:1 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:65523:1 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_once_to_peers_with_rtt_lower_than 5 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64534:5 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64534:5 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64534:5 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_twice_to_peers_with_rtt_lower_than 5 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64535:5 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64535:5 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64535:5 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_thrice_to_peers_with_rtt_lower_than 5 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64536:5 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64536:5 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64536:5 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_once_to_peers_with_rtt_lower_than 10 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64534:10 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64534:10 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64534:10 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_twice_to_peers_with_rtt_lower_than 10 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64535:10 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64535:10 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64535:10 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_thrice_to_peers_with_rtt_lower_than 10 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64536:10 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64536:10 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64536:10 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_once_to_peers_with_rtt_lower_than 15 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64534:15 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64534:15 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64534:15 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_twice_to_peers_with_rtt_lower_than 15 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64535:15 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64535:15 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64535:15 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_thrice_to_peers_with_rtt_lower_than 15 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64536:15 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64536:15 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64536:15 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_once_to_peers_with_rtt_lower_than 20 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64534:20 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64534:20 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64534:20 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_twice_to_peers_with_rtt_lower_than 20 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64535:20 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64535:20 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64535:20 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_thrice_to_peers_with_rtt_lower_than 20 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64536:20 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64536:20 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64536:20 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_once_to_peers_with_rtt_lower_than 30 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64534:30 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64534:30 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64534:30 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_twice_to_peers_with_rtt_lower_than 30 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64535:30 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64535:30 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64535:30 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_thrice_to_peers_with_rtt_lower_than 30 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64536:30 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64536:30 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64536:30 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_once_to_peers_with_rtt_lower_than 50 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64534:50 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64534:50 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64534:50 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_twice_to_peers_with_rtt_lower_than 50 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64535:50 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64535:50 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64535:50 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_thrice_to_peers_with_rtt_lower_than 50 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64536:50 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64536:50 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64536:50 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_once_to_peers_with_rtt_lower_than 100 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64534:100 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64534:100 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64534:100 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_twice_to_peers_with_rtt_lower_than 100 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64535:100 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64535:100 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64535:100 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_thrice_to_peers_with_rtt_lower_than 100 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64536:100 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64536:100 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64536:100 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_once_to_peers_with_rtt_lower_than 200 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64534:200 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64534:200 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64534:200 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_twice_to_peers_with_rtt_lower_than 200 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64535:200 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64535:200 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64535:200 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_thrice_to_peers_with_rtt_lower_than 200 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64536:200 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64536:200 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64536:200 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_once_to_peers_with_rtt_lower_than 500 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64534:500 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64534:500 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64534:500 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_twice_to_peers_with_rtt_lower_than 500 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64535:500 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64535:500 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64535:500 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_thrice_to_peers_with_rtt_lower_than 500 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64536:500 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64536:500 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64536:500 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+
+# prepend_once_to_any; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 65521:65521 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 65521:65521 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:65521:65521 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+# prepend_twice_to_any; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 65522:65522 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 65522:65522 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:65522:65522 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+# prepend_thrice_to_any; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 65523:65523 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 65523:65523 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:65523:65523 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+
+# ---------------------------------------------
+# client AS1_4, inbound
+
+
+
+# NEXT_HOP
+match from 2001:db8:1:1::12 set community NO_ADVERTISE
+match from 2001:db8:1:1::12 nexthop 2001:db8:1:1::11 set community delete NO_ADVERTISE
+match from 2001:db8:1:1::12 nexthop 2001:db8:1:1::12 set community delete NO_ADVERTISE
+# Reject inbound routes when 'from 2001:db8:1:1::12 community NO_ADVERTISE' - reject code: 5
+allow quick from 2001:db8:1:1::12 community NO_ADVERTISE set {
+	localpref 1
+	community 65520:0
+	community 65520:5
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: left-most ASN
+# Reject inbound routes when 'from 2001:db8:1:1::12 peer-as != 1' - reject code: 6
+# community from reject_cause_map
+allow quick from 2001:db8:1:1::12 peer-as != 1 set {
+	localpref 1
+	community 65520:0
+	community 65520:6
+	large-community 999:1101:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: invalid ASNs
+# Reject inbound routes when 'from 2001:db8:1:1::12 AS 23456' - reject code: 7
+allow quick from 2001:db8:1:1::12 AS 23456 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 2001:db8:1:1::12 AS 64496 - 131071' - reject code: 7
+allow quick from 2001:db8:1:1::12 AS 64496 - 131071 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 2001:db8:1:1::12 AS 4200000000 - 4294967295' - reject code: 7
+allow quick from 2001:db8:1:1::12 AS 4200000000 - 4294967295 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: transit-free ASNs
+# Reject inbound routes when 'from 2001:db8:1:1::12 AS { 3, 174 }' - reject code: 8
+allow quick from 2001:db8:1:1::12 AS { 3, 174 } set {
+	localpref 1
+	community 65520:0
+	community 65520:8
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: never via route-servers ASNs
+# Reject inbound routes when 'from 2001:db8:1:1::12 AS as-set neverviarouteserver' - reject code: 15
+allow quick from 2001:db8:1:1::12 AS as-set neverviarouteserver set {
+	localpref 1
+	community 65520:0
+	community 65520:15
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+match from 2001:db8:1:1::12 set ext-community $INTCOMM_IRR_REJECT
+
+# AS_PATH: check origin via AS-SET
+# IRRDB filters for AS1_4, AS1: asns
+# add $INTCOMM_ORIGIN_KO to any; it will be removed later if at least one AS-SET authorizes this object
+match from 2001:db8:1:1::12 set ext-community $INTCOMM_ORIGIN_KO
+# verifying if object is authorized by AS-SETs
+match from 2001:db8:1:1::12 source-as as-set AS_SET_AS_AS1_AS_AS1_CUSTOMERS_asns set {
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community $INTCOMM_ORIGIN_OK
+} # AS_AS1_AS_AS1_CUSTOMERS
+# AS-SET AS1 referenced but empty.
+
+
+# Prefix: check prefix via AS-SET
+# IRRDB filters for AS1_4, AS1: prefixes
+# add $INTCOMM_PREFIX_KO to any; it will be removed later if at least one AS-SET authorizes this object
+match from 2001:db8:1:1::12 set ext-community $INTCOMM_PREFIX_KO
+# verifying if object is authorized by AS-SETs
+match from 2001:db8:1:1::12 prefix-set AS_SET_AS_AS1_AS_AS1_CUSTOMERS_prefixes set {
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community $INTCOMM_PREFIX_OK
+} # AS_AS1_AS_AS1_CUSTOMERS
+# AS-SET AS1 referenced but empty.
+
+
+# routes tagged with $INTCOMM_PREF_OK_ROA community have the prefix validated by a ROA; origin ASN previously validated ($INTCOMM_ORIGIN_OK)
+match from 2001:db8:1:1::12 ext-community $INTCOMM_ORIGIN_OK ext-community $INTCOMM_PREF_OK_ROA set ext-community delete $INTCOMM_IRR_REJECT
+
+# routes tagged with $INTCOMM_PREF_OK_ARINDB community have the prefix validated by an ARIN Whois record; origin ASN previously validated ($INTCOMM_ORIGIN_OK)
+match from 2001:db8:1:1::12 ext-community $INTCOMM_ORIGIN_OK ext-community $INTCOMM_PREF_OK_ARINDB set ext-community delete $INTCOMM_IRR_REJECT
+
+# routes tagged with $INTCOMM_PREF_OK_REGISTROBRDB community have the prefix validated by a NICBR Whois record; origin ASN previously validated ($INTCOMM_ORIGIN_OK)
+match from 2001:db8:1:1::12 ext-community $INTCOMM_ORIGIN_OK ext-community $INTCOMM_PREF_OK_REGISTROBRDB set ext-community delete $INTCOMM_IRR_REJECT
+
+
+# enforcing: origin ASN
+# Reject inbound routes when 'from 2001:db8:1:1::12 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_ORIGIN_KO' - reject code: 9
+allow quick from 2001:db8:1:1::12 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_ORIGIN_KO set {
+	localpref 1
+	community 65520:0
+	community 65520:9
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# enforcing: prefix
+# Reject inbound routes when 'from 2001:db8:1:1::12 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_PREFIX_KO' - reject code: 12
+allow quick from 2001:db8:1:1::12 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_PREFIX_KO set {
+	localpref 1
+	community 65520:0
+	community 65520:12
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# Blackhole request?
+match from 2001:db8:1:1::12 set ext-community delete rt 65520:1
+
+
+# Remove internal communities before accepting the route
+match from 2001:db8:1:1::12 community BLACKHOLE set {
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+allow from 2001:db8:1:1::12 community 65534:0 set {
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+allow from 2001:db8:1:1::12 large-community 65534:0:0 set {
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# Add the rpki_bgp_origin_validation_not_performed community
+match from 2001:db8:1:1::12 community BLACKHOLE set community 65530:4
+match from 2001:db8:1:1::12 community BLACKHOLE set large-community 999:65530:4
+
+match from 2001:db8:1:1::12 community 65534:0 set { community 65530:4 large-community 999:65530:4}
+match from 2001:db8:1:1::12 large-community 65534:0:0 set { community 65530:4 large-community 999:65530:4}
+
+
+allow quick from 2001:db8:1:1::12 community BLACKHOLE
+allow quick from 2001:db8:1:1::12 community 65534:0
+allow quick from 2001:db8:1:1::12 large-community 65534:0:0
+
+
+match from 2001:db8:1:1::12 set ext-community rt 65520:1
+
+
+# RPKI-based Origin Validation
+# Reject inbound routes when 'from 2001:db8:1:1::12 ext-community $INTCOMM_RPKI_INVALID' - reject code: 14
+allow quick from 2001:db8:1:1::12 ext-community $INTCOMM_RPKI_INVALID set {
+	localpref 1
+	community 65520:0
+	community 65520:14
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# Prefix: length
+# Reject inbound routes when 'from 2001:db8:1:1::12 prefix ::/0 prefixlen 17 >< 48' - reject code: 13
+allow quick from 2001:db8:1:1::12 prefix ::/0 prefixlen 17 >< 48 set {
+	localpref 1
+	community 65520:0
+	community 65520:13
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# Graceful shutdown
+match from 2001:db8:1:1::12 community GRACEFUL_SHUTDOWN set localpref 5
+
+# Remove internal communities before accepting the route
+match from 2001:db8:1:1::12 set {
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+match from 2001:db8:1:1::12 set ext-community delete rt 65520:1
+
+
+
+allow quick from 2001:db8:1:1::12
+
+
+
+# ---------------------------------------------
+# client AS1_4, outbound
+
+deny quick to 2001:db8:1:1::12 community 65520:0
+
+
+
+# Blackhole request?
+# Client not enabled to receive blackhole routes
+deny quick to 2001:db8:1:1::12 community BLACKHOLE
+deny quick to 2001:db8:1:1::12 community 65534:0
+deny quick to 2001:db8:1:1::12 large-community 65534:0:0
+
+
+# RPKI-based Origin Validation
+# Do not announce INVALID to clients
+deny quick to 2001:db8:1:1::12 ext-community $INTCOMM_RPKI_INVALID
+
+# NO_EXPORT and NO_ADVERTISE communities
+# add_noexport_to_any
+match to 2001:db8:1:1::12 community 65507:999 set community NO_EXPORT
+match to 2001:db8:1:1::12 ext-community rt 65507:999 set community NO_EXPORT
+match to 2001:db8:1:1::12 large-community 999:65507:999 set community NO_EXPORT
+
+# add_noadvertise_to_any
+match to 2001:db8:1:1::12 community 65508:999 set community NO_ADVERTISE
+match to 2001:db8:1:1::12 ext-community rt 65508:999 set community NO_ADVERTISE
+match to 2001:db8:1:1::12 large-community 999:65508:999 set community NO_ADVERTISE
+
+# add_noexport_to_peer
+match to 2001:db8:1:1::12 community 65509:1 set community NO_EXPORT
+match to 2001:db8:1:1::12 ext-community rt 65509:1 set community NO_EXPORT
+match to 2001:db8:1:1::12 large-community 999:65509:1 set community NO_EXPORT
+
+# add_noadvertise_to_peer
+match to 2001:db8:1:1::12 community 65510:1 set community NO_ADVERTISE
+match to 2001:db8:1:1::12 ext-community rt 65510:1 set community NO_ADVERTISE
+match to 2001:db8:1:1::12 large-community 999:65510:1 set community NO_ADVERTISE
+
+
+# BGP control communities
+allow to 2001:db8:1:1::12
+
+# do_not_announce_to_any
+deny to 2001:db8:1:1::12 community 0:999
+deny to 2001:db8:1:1::12 ext-community rt 0:999
+deny to 2001:db8:1:1::12 large-community 999:0:999
+
+# do_not_announce_to_peer
+deny quick to 2001:db8:1:1::12 community 0:1
+deny quick to 2001:db8:1:1::12 ext-community rt 0:1
+deny quick to 2001:db8:1:1::12 large-community 999:0:1
+
+# announce_to_peer
+allow to 2001:db8:1:1::12 community 65501:1
+allow to 2001:db8:1:1::12 ext-community rt 65501:1
+allow to 2001:db8:1:1::12 large-community 999:65501:1
+
+
+# Add the $INTCOMM_PROCESS_PREPEND_COMMS ext community to signal that communities
+# for prepending can be processed. As soon as one prepending action is performed,
+# this internal community is removed, so that further actions are not processed.
+match to 2001:db8:1:1::12 set ext-community $INTCOMM_PROCESS_PREPEND_COMMS
+
+# prepend_once_to_peer AS1; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 65521:1 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 65521:1 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:65521:1 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+# prepend_twice_to_peer AS1; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 65522:1 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 65522:1 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:65522:1 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+# prepend_thrice_to_peer AS1; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 65523:1 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 65523:1 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:65523:1 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+
+# prepend_once_to_any; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 65521:65521 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 65521:65521 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:65521:65521 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+# prepend_twice_to_any; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 65522:65522 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 65522:65522 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:65522:65522 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+# prepend_thrice_to_any; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 65523:65523 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 65523:65523 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:65523:65523 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+
+# ---------------------------------------------
+# client AS222_1, inbound
+
+
+
+# NEXT_HOP
+match from 192.0.2.222 set community NO_ADVERTISE
+match from 192.0.2.222 nexthop 192.0.2.222 set community delete NO_ADVERTISE
+# Reject inbound routes when 'from 192.0.2.222 community NO_ADVERTISE' - reject code: 5
+allow quick from 192.0.2.222 community NO_ADVERTISE set {
+	localpref 1
+	community 65520:0
+	community 65520:5
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: left-most ASN
+# Reject inbound routes when 'from 192.0.2.222 peer-as != 222' - reject code: 6
+# community from reject_cause_map
+allow quick from 192.0.2.222 peer-as != 222 set {
+	localpref 1
+	community 65520:0
+	community 65520:6
+	large-community 999:1101:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: invalid ASNs
+# Reject inbound routes when 'from 192.0.2.222 AS 23456' - reject code: 7
+allow quick from 192.0.2.222 AS 23456 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 192.0.2.222 AS 64496 - 131071' - reject code: 7
+allow quick from 192.0.2.222 AS 64496 - 131071 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 192.0.2.222 AS 4200000000 - 4294967295' - reject code: 7
+allow quick from 192.0.2.222 AS 4200000000 - 4294967295 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: transit-free ASNs
+# Reject inbound routes when 'from 192.0.2.222 AS { 3, 174 }' - reject code: 8
+allow quick from 192.0.2.222 AS { 3, 174 } set {
+	localpref 1
+	community 65520:0
+	community 65520:8
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: never via route-servers ASNs
+# Reject inbound routes when 'from 192.0.2.222 AS as-set neverviarouteserver' - reject code: 15
+allow quick from 192.0.2.222 AS as-set neverviarouteserver set {
+	localpref 1
+	community 65520:0
+	community 65520:15
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# client's white list
+# Add the $INTCOMM_ROUTE_OK_WL ext community to routes which
+# are validated by a client's white list entry.
+# It will be used later during IRRDB validation in
+# case the route is not authorized by a client's
+# AS-SET.
+match from 192.0.2.222 prefix 222.1.1.0/24 set ext-community $INTCOMM_ROUTE_OK_WL	# None
+match from 192.0.2.222 prefix 3222:0:1::/48 set ext-community $INTCOMM_ROUTE_OK_WL	# None
+
+match from 192.0.2.222 set ext-community $INTCOMM_IRR_REJECT
+
+# AS_PATH: check origin via AS-SET
+# IRRDB filters for AS222_1, AS222: asns
+# add $INTCOMM_ORIGIN_KO to any; it will be removed later if at least one AS-SET authorizes this object
+match from 192.0.2.222 set ext-community $INTCOMM_ORIGIN_KO
+# verifying if object is authorized by AS-SETs
+# AS-SET AS222 referenced but empty.
+match from 192.0.2.222 source-as as-set AS_SET_AS_AS222_asns set {
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community $INTCOMM_ORIGIN_OK
+} # AS_AS222
+
+
+# Prefix: check prefix via AS-SET
+# IRRDB filters for AS222_1, AS222: prefixes
+# add $INTCOMM_PREFIX_KO to any; it will be removed later if at least one AS-SET authorizes this object
+match from 192.0.2.222 set ext-community $INTCOMM_PREFIX_KO
+# verifying if object is authorized by AS-SETs
+# AS-SET AS222 referenced but empty.
+match from 192.0.2.222 prefix-set AS_SET_AS_AS222_prefixes set {
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community $INTCOMM_PREFIX_OK
+} # AS_AS222
+
+
+# routes tagged with $INTCOMM_PREF_OK_ROA community have the prefix validated by a ROA; origin ASN previously validated ($INTCOMM_ORIGIN_OK)
+match from 192.0.2.222 ext-community $INTCOMM_ORIGIN_OK ext-community $INTCOMM_PREF_OK_ROA set ext-community delete $INTCOMM_IRR_REJECT
+
+# routes tagged with $INTCOMM_PREF_OK_ARINDB community have the prefix validated by an ARIN Whois record; origin ASN previously validated ($INTCOMM_ORIGIN_OK)
+match from 192.0.2.222 ext-community $INTCOMM_ORIGIN_OK ext-community $INTCOMM_PREF_OK_ARINDB set ext-community delete $INTCOMM_IRR_REJECT
+
+# routes tagged with $INTCOMM_PREF_OK_REGISTROBRDB community have the prefix validated by a NICBR Whois record; origin ASN previously validated ($INTCOMM_ORIGIN_OK)
+match from 192.0.2.222 ext-community $INTCOMM_ORIGIN_OK ext-community $INTCOMM_PREF_OK_REGISTROBRDB set ext-community delete $INTCOMM_IRR_REJECT
+
+# route authorized by a client's white list?
+match from 192.0.2.222 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_ROUTE_OK_WL set ext-community delete $INTCOMM_IRR_REJECT
+
+# enforcing: origin ASN
+# Reject inbound routes when 'from 192.0.2.222 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_ORIGIN_KO' - reject code: 9
+allow quick from 192.0.2.222 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_ORIGIN_KO set {
+	localpref 1
+	community 65520:0
+	community 65520:9
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# enforcing: prefix
+# Reject inbound routes when 'from 192.0.2.222 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_PREFIX_KO' - reject code: 12
+allow quick from 192.0.2.222 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_PREFIX_KO set {
+	localpref 1
+	community 65520:0
+	community 65520:12
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# Blackhole request?
+match from 192.0.2.222 set ext-community delete rt 65520:222
+
+
+# Remove internal communities before accepting the route
+match from 192.0.2.222 community BLACKHOLE set {
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+allow from 192.0.2.222 community 65534:0 set {
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+allow from 192.0.2.222 large-community 65534:0:0 set {
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# Add the rpki_bgp_origin_validation_not_performed community
+match from 192.0.2.222 community BLACKHOLE set community 65530:4
+match from 192.0.2.222 community BLACKHOLE set large-community 999:65530:4
+
+match from 192.0.2.222 community 65534:0 set { community 65530:4 large-community 999:65530:4}
+match from 192.0.2.222 large-community 65534:0:0 set { community 65530:4 large-community 999:65530:4}
+
+
+allow quick from 192.0.2.222 community BLACKHOLE
+allow quick from 192.0.2.222 community 65534:0
+allow quick from 192.0.2.222 large-community 65534:0:0
+
+
+match from 192.0.2.222 set ext-community rt 65520:222
+
+
+# RPKI-based Origin Validation
+# Reject inbound routes when 'from 192.0.2.222 ext-community $INTCOMM_RPKI_INVALID' - reject code: 14
+allow quick from 192.0.2.222 ext-community $INTCOMM_RPKI_INVALID set {
+	localpref 1
+	community 65520:0
+	community 65520:14
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# Prefix: length
+# Reject inbound routes when 'from 192.0.2.222 prefix 0.0.0.0/0 prefixlen 8 >< 24' - reject code: 13
+allow quick from 192.0.2.222 prefix 0.0.0.0/0 prefixlen 8 >< 24 set {
+	localpref 1
+	community 65520:0
+	community 65520:13
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# Graceful shutdown
+match from 192.0.2.222 community GRACEFUL_SHUTDOWN set localpref 5
+
+# Remove internal communities before accepting the route
+match from 192.0.2.222 set {
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+match from 192.0.2.222 set ext-community delete rt 65520:222
+
+
+
+allow quick from 192.0.2.222
+
+
+
+# ---------------------------------------------
+# client AS222_1, outbound
+
+deny quick to 192.0.2.222 community 65520:0
+
+
+
+# Blackhole request?
+# Configured policy: rewrite-next-hop
+match to 192.0.2.222 community 65534:0 set community BLACKHOLE
+match to 192.0.2.222 large-community 65534:0:0 set community BLACKHOLE
+
+match to 192.0.2.222 community BLACKHOLE set community NO_EXPORT
+match to 192.0.2.222 community BLACKHOLE set nexthop 192.0.2.66
+
+
+# RPKI-based Origin Validation
+# Do not announce INVALID to clients
+deny quick to 192.0.2.222 ext-community $INTCOMM_RPKI_INVALID
+
+# NO_EXPORT and NO_ADVERTISE communities
+# add_noexport_to_any
+match to 192.0.2.222 community 65507:999 set community NO_EXPORT
+match to 192.0.2.222 ext-community rt 65507:999 set community NO_EXPORT
+match to 192.0.2.222 large-community 999:65507:999 set community NO_EXPORT
+
+# add_noadvertise_to_any
+match to 192.0.2.222 community 65508:999 set community NO_ADVERTISE
+match to 192.0.2.222 ext-community rt 65508:999 set community NO_ADVERTISE
+match to 192.0.2.222 large-community 999:65508:999 set community NO_ADVERTISE
+
+# add_noexport_to_peer
+match to 192.0.2.222 community 65509:222 set community NO_EXPORT
+match to 192.0.2.222 ext-community rt 65509:222 set community NO_EXPORT
+match to 192.0.2.222 large-community 999:65509:222 set community NO_EXPORT
+
+# add_noadvertise_to_peer
+match to 192.0.2.222 community 65510:222 set community NO_ADVERTISE
+match to 192.0.2.222 ext-community rt 65510:222 set community NO_ADVERTISE
+match to 192.0.2.222 large-community 999:65510:222 set community NO_ADVERTISE
+
+
+# BGP control communities
+allow to 192.0.2.222
+
+# do_not_announce_to_any
+deny to 192.0.2.222 community 0:999
+deny to 192.0.2.222 ext-community rt 0:999
+deny to 192.0.2.222 large-community 999:0:999
+
+# do_not_announce_to_peer
+deny quick to 192.0.2.222 community 0:222
+deny quick to 192.0.2.222 ext-community rt 0:222
+deny quick to 192.0.2.222 large-community 999:0:222
+
+# announce_to_peer
+allow to 192.0.2.222 community 65501:222
+allow to 192.0.2.222 ext-community rt 65501:222
+allow to 192.0.2.222 large-community 999:65501:222
+
+
+# Add the $INTCOMM_PROCESS_PREPEND_COMMS ext community to signal that communities
+# for prepending can be processed. As soon as one prepending action is performed,
+# this internal community is removed, so that further actions are not processed.
+match to 192.0.2.222 set ext-community $INTCOMM_PROCESS_PREPEND_COMMS
+
+# prepend_once_to_peer AS222; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.222 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 65521:222 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.222 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 65521:222 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.222 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:65521:222 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+# prepend_twice_to_peer AS222; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.222 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 65522:222 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.222 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 65522:222 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.222 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:65522:222 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+# prepend_thrice_to_peer AS222; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.222 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 65523:222 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.222 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 65523:222 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.222 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:65523:222 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+
+# prepend_once_to_any; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.222 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 65521:65521 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.222 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 65521:65521 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.222 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:65521:65521 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+# prepend_twice_to_any; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.222 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 65522:65522 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.222 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 65522:65522 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.222 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:65522:65522 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+# prepend_thrice_to_any; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.222 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 65523:65523 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.222 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 65523:65523 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.222 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:65523:65523 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+
+# ---------------------------------------------
+# client AS222_2, inbound
+
+
+
+# NEXT_HOP
+match from 2001:db8:1:1::222 set community NO_ADVERTISE
+match from 2001:db8:1:1::222 nexthop 2001:db8:1:1::222 set community delete NO_ADVERTISE
+# Reject inbound routes when 'from 2001:db8:1:1::222 community NO_ADVERTISE' - reject code: 5
+allow quick from 2001:db8:1:1::222 community NO_ADVERTISE set {
+	localpref 1
+	community 65520:0
+	community 65520:5
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: left-most ASN
+# Reject inbound routes when 'from 2001:db8:1:1::222 peer-as != 222' - reject code: 6
+# community from reject_cause_map
+allow quick from 2001:db8:1:1::222 peer-as != 222 set {
+	localpref 1
+	community 65520:0
+	community 65520:6
+	large-community 999:1101:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: invalid ASNs
+# Reject inbound routes when 'from 2001:db8:1:1::222 AS 23456' - reject code: 7
+allow quick from 2001:db8:1:1::222 AS 23456 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 2001:db8:1:1::222 AS 64496 - 131071' - reject code: 7
+allow quick from 2001:db8:1:1::222 AS 64496 - 131071 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 2001:db8:1:1::222 AS 4200000000 - 4294967295' - reject code: 7
+allow quick from 2001:db8:1:1::222 AS 4200000000 - 4294967295 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: transit-free ASNs
+# Reject inbound routes when 'from 2001:db8:1:1::222 AS { 3, 174 }' - reject code: 8
+allow quick from 2001:db8:1:1::222 AS { 3, 174 } set {
+	localpref 1
+	community 65520:0
+	community 65520:8
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: never via route-servers ASNs
+# Reject inbound routes when 'from 2001:db8:1:1::222 AS as-set neverviarouteserver' - reject code: 15
+allow quick from 2001:db8:1:1::222 AS as-set neverviarouteserver set {
+	localpref 1
+	community 65520:0
+	community 65520:15
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# client's white list
+# Add the $INTCOMM_ROUTE_OK_WL ext community to routes which
+# are validated by a client's white list entry.
+# It will be used later during IRRDB validation in
+# case the route is not authorized by a client's
+# AS-SET.
+match from 2001:db8:1:1::222 prefix 222.1.1.0/24 set ext-community $INTCOMM_ROUTE_OK_WL	# None
+match from 2001:db8:1:1::222 prefix 3222:0:1::/48 set ext-community $INTCOMM_ROUTE_OK_WL	# None
+
+match from 2001:db8:1:1::222 set ext-community $INTCOMM_IRR_REJECT
+
+# AS_PATH: check origin via AS-SET
+# IRRDB filters for AS222_2, AS222: asns
+# add $INTCOMM_ORIGIN_KO to any; it will be removed later if at least one AS-SET authorizes this object
+match from 2001:db8:1:1::222 set ext-community $INTCOMM_ORIGIN_KO
+# verifying if object is authorized by AS-SETs
+# AS-SET AS222 referenced but empty.
+match from 2001:db8:1:1::222 source-as as-set AS_SET_AS_AS222_asns set {
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community $INTCOMM_ORIGIN_OK
+} # AS_AS222
+
+
+# Prefix: check prefix via AS-SET
+# IRRDB filters for AS222_2, AS222: prefixes
+# add $INTCOMM_PREFIX_KO to any; it will be removed later if at least one AS-SET authorizes this object
+match from 2001:db8:1:1::222 set ext-community $INTCOMM_PREFIX_KO
+# verifying if object is authorized by AS-SETs
+# AS-SET AS222 referenced but empty.
+match from 2001:db8:1:1::222 prefix-set AS_SET_AS_AS222_prefixes set {
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community $INTCOMM_PREFIX_OK
+} # AS_AS222
+
+
+# routes tagged with $INTCOMM_PREF_OK_ROA community have the prefix validated by a ROA; origin ASN previously validated ($INTCOMM_ORIGIN_OK)
+match from 2001:db8:1:1::222 ext-community $INTCOMM_ORIGIN_OK ext-community $INTCOMM_PREF_OK_ROA set ext-community delete $INTCOMM_IRR_REJECT
+
+# routes tagged with $INTCOMM_PREF_OK_ARINDB community have the prefix validated by an ARIN Whois record; origin ASN previously validated ($INTCOMM_ORIGIN_OK)
+match from 2001:db8:1:1::222 ext-community $INTCOMM_ORIGIN_OK ext-community $INTCOMM_PREF_OK_ARINDB set ext-community delete $INTCOMM_IRR_REJECT
+
+# routes tagged with $INTCOMM_PREF_OK_REGISTROBRDB community have the prefix validated by a NICBR Whois record; origin ASN previously validated ($INTCOMM_ORIGIN_OK)
+match from 2001:db8:1:1::222 ext-community $INTCOMM_ORIGIN_OK ext-community $INTCOMM_PREF_OK_REGISTROBRDB set ext-community delete $INTCOMM_IRR_REJECT
+
+# route authorized by a client's white list?
+match from 2001:db8:1:1::222 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_ROUTE_OK_WL set ext-community delete $INTCOMM_IRR_REJECT
+
+# enforcing: origin ASN
+# Reject inbound routes when 'from 2001:db8:1:1::222 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_ORIGIN_KO' - reject code: 9
+allow quick from 2001:db8:1:1::222 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_ORIGIN_KO set {
+	localpref 1
+	community 65520:0
+	community 65520:9
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# enforcing: prefix
+# Reject inbound routes when 'from 2001:db8:1:1::222 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_PREFIX_KO' - reject code: 12
+allow quick from 2001:db8:1:1::222 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_PREFIX_KO set {
+	localpref 1
+	community 65520:0
+	community 65520:12
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# Blackhole request?
+match from 2001:db8:1:1::222 set ext-community delete rt 65520:222
+
+
+# Remove internal communities before accepting the route
+match from 2001:db8:1:1::222 community BLACKHOLE set {
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+allow from 2001:db8:1:1::222 community 65534:0 set {
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+allow from 2001:db8:1:1::222 large-community 65534:0:0 set {
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# Add the rpki_bgp_origin_validation_not_performed community
+match from 2001:db8:1:1::222 community BLACKHOLE set community 65530:4
+match from 2001:db8:1:1::222 community BLACKHOLE set large-community 999:65530:4
+
+match from 2001:db8:1:1::222 community 65534:0 set { community 65530:4 large-community 999:65530:4}
+match from 2001:db8:1:1::222 large-community 65534:0:0 set { community 65530:4 large-community 999:65530:4}
+
+
+allow quick from 2001:db8:1:1::222 community BLACKHOLE
+allow quick from 2001:db8:1:1::222 community 65534:0
+allow quick from 2001:db8:1:1::222 large-community 65534:0:0
+
+
+match from 2001:db8:1:1::222 set ext-community rt 65520:222
+
+
+# RPKI-based Origin Validation
+# Reject inbound routes when 'from 2001:db8:1:1::222 ext-community $INTCOMM_RPKI_INVALID' - reject code: 14
+allow quick from 2001:db8:1:1::222 ext-community $INTCOMM_RPKI_INVALID set {
+	localpref 1
+	community 65520:0
+	community 65520:14
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# Prefix: length
+# Reject inbound routes when 'from 2001:db8:1:1::222 prefix ::/0 prefixlen 17 >< 48' - reject code: 13
+allow quick from 2001:db8:1:1::222 prefix ::/0 prefixlen 17 >< 48 set {
+	localpref 1
+	community 65520:0
+	community 65520:13
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# Graceful shutdown
+match from 2001:db8:1:1::222 community GRACEFUL_SHUTDOWN set localpref 5
+
+# Remove internal communities before accepting the route
+match from 2001:db8:1:1::222 set {
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+match from 2001:db8:1:1::222 set ext-community delete rt 65520:222
+
+
+
+allow quick from 2001:db8:1:1::222
+
+
+
+# ---------------------------------------------
+# client AS222_2, outbound
+
+deny quick to 2001:db8:1:1::222 community 65520:0
+
+
+
+# Blackhole request?
+# Configured policy: rewrite-next-hop
+match to 2001:db8:1:1::222 community 65534:0 set community BLACKHOLE
+match to 2001:db8:1:1::222 large-community 65534:0:0 set community BLACKHOLE
+
+match to 2001:db8:1:1::222 community BLACKHOLE set community NO_EXPORT
+match to 2001:db8:1:1::222 community BLACKHOLE set nexthop 2001:db8:1:1::66
+
+
+# RPKI-based Origin Validation
+# Do not announce INVALID to clients
+deny quick to 2001:db8:1:1::222 ext-community $INTCOMM_RPKI_INVALID
+
+# NO_EXPORT and NO_ADVERTISE communities
+# add_noexport_to_any
+match to 2001:db8:1:1::222 community 65507:999 set community NO_EXPORT
+match to 2001:db8:1:1::222 ext-community rt 65507:999 set community NO_EXPORT
+match to 2001:db8:1:1::222 large-community 999:65507:999 set community NO_EXPORT
+
+# add_noadvertise_to_any
+match to 2001:db8:1:1::222 community 65508:999 set community NO_ADVERTISE
+match to 2001:db8:1:1::222 ext-community rt 65508:999 set community NO_ADVERTISE
+match to 2001:db8:1:1::222 large-community 999:65508:999 set community NO_ADVERTISE
+
+# add_noexport_to_peer
+match to 2001:db8:1:1::222 community 65509:222 set community NO_EXPORT
+match to 2001:db8:1:1::222 ext-community rt 65509:222 set community NO_EXPORT
+match to 2001:db8:1:1::222 large-community 999:65509:222 set community NO_EXPORT
+
+# add_noadvertise_to_peer
+match to 2001:db8:1:1::222 community 65510:222 set community NO_ADVERTISE
+match to 2001:db8:1:1::222 ext-community rt 65510:222 set community NO_ADVERTISE
+match to 2001:db8:1:1::222 large-community 999:65510:222 set community NO_ADVERTISE
+
+
+# BGP control communities
+allow to 2001:db8:1:1::222
+
+# do_not_announce_to_any
+deny to 2001:db8:1:1::222 community 0:999
+deny to 2001:db8:1:1::222 ext-community rt 0:999
+deny to 2001:db8:1:1::222 large-community 999:0:999
+
+# do_not_announce_to_peer
+deny quick to 2001:db8:1:1::222 community 0:222
+deny quick to 2001:db8:1:1::222 ext-community rt 0:222
+deny quick to 2001:db8:1:1::222 large-community 999:0:222
+
+# announce_to_peer
+allow to 2001:db8:1:1::222 community 65501:222
+allow to 2001:db8:1:1::222 ext-community rt 65501:222
+allow to 2001:db8:1:1::222 large-community 999:65501:222
+
+
+# Add the $INTCOMM_PROCESS_PREPEND_COMMS ext community to signal that communities
+# for prepending can be processed. As soon as one prepending action is performed,
+# this internal community is removed, so that further actions are not processed.
+match to 2001:db8:1:1::222 set ext-community $INTCOMM_PROCESS_PREPEND_COMMS
+
+# prepend_once_to_peer AS222; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::222 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 65521:222 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::222 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 65521:222 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::222 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:65521:222 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+# prepend_twice_to_peer AS222; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::222 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 65522:222 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::222 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 65522:222 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::222 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:65522:222 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+# prepend_thrice_to_peer AS222; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::222 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 65523:222 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::222 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 65523:222 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::222 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:65523:222 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+
+# prepend_once_to_any; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::222 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 65521:65521 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::222 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 65521:65521 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::222 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:65521:65521 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+# prepend_twice_to_any; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::222 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 65522:65522 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::222 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 65522:65522 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::222 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:65522:65522 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+# prepend_thrice_to_any; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::222 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 65523:65523 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::222 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 65523:65523 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::222 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:65523:65523 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+
+# ---------------------------------------------
+# client AS2_1, inbound
+
+
+
+# NEXT_HOP
+match from 192.0.2.21 set community NO_ADVERTISE
+match from 192.0.2.21 nexthop 192.0.2.21 set community delete NO_ADVERTISE
+match from 192.0.2.21 nexthop 192.0.2.22 set community delete NO_ADVERTISE
+# Reject inbound routes when 'from 192.0.2.21 community NO_ADVERTISE' - reject code: 5
+allow quick from 192.0.2.21 community NO_ADVERTISE set {
+	localpref 1
+	community 65520:0
+	community 65520:5
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: left-most ASN
+# Reject inbound routes when 'from 192.0.2.21 peer-as != 2' - reject code: 6
+# community from reject_cause_map
+allow quick from 192.0.2.21 peer-as != 2 set {
+	localpref 1
+	community 65520:0
+	community 65520:6
+	large-community 999:1101:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: invalid ASNs
+# Reject inbound routes when 'from 192.0.2.21 AS 23456' - reject code: 7
+allow quick from 192.0.2.21 AS 23456 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 192.0.2.21 AS 64496 - 131071' - reject code: 7
+allow quick from 192.0.2.21 AS 64496 - 131071 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 192.0.2.21 AS 4200000000 - 4294967295' - reject code: 7
+allow quick from 192.0.2.21 AS 4200000000 - 4294967295 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: transit-free ASNs
+# Reject inbound routes when 'from 192.0.2.21 AS { 3, 174 }' - reject code: 8
+allow quick from 192.0.2.21 AS { 3, 174 } set {
+	localpref 1
+	community 65520:0
+	community 65520:8
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: never via route-servers ASNs
+# Reject inbound routes when 'from 192.0.2.21 AS as-set neverviarouteserver' - reject code: 15
+allow quick from 192.0.2.21 AS as-set neverviarouteserver set {
+	localpref 1
+	community 65520:0
+	community 65520:15
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+match from 192.0.2.21 set ext-community $INTCOMM_IRR_REJECT
+
+# AS_PATH: check origin via AS-SET
+# IRRDB filters for AS2_1, AS2: asns
+# add $INTCOMM_ORIGIN_KO to any; it will be removed later if at least one AS-SET authorizes this object
+match from 192.0.2.21 set ext-community $INTCOMM_ORIGIN_KO
+# verifying if object is authorized by AS-SETs
+# AS-SET AS2 referenced but empty.
+match from 192.0.2.21 source-as as-set AS_SET_AS_AS2_AS_AS2_CUSTOMERS_asns set {
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community $INTCOMM_ORIGIN_OK
+} # AS_AS2_AS_AS2_CUSTOMERS
+
+
+# Prefix: check prefix via AS-SET
+# IRRDB filters for AS2_1, AS2: prefixes
+# add $INTCOMM_PREFIX_KO to any; it will be removed later if at least one AS-SET authorizes this object
+match from 192.0.2.21 set ext-community $INTCOMM_PREFIX_KO
+# verifying if object is authorized by AS-SETs
+# AS-SET AS2 referenced but empty.
+match from 192.0.2.21 prefix-set AS_SET_AS_AS2_AS_AS2_CUSTOMERS_prefixes set {
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community $INTCOMM_PREFIX_OK
+} # AS_AS2_AS_AS2_CUSTOMERS
+
+
+# routes tagged with $INTCOMM_PREF_OK_ROA community have the prefix validated by a ROA; origin ASN previously validated ($INTCOMM_ORIGIN_OK)
+match from 192.0.2.21 ext-community $INTCOMM_ORIGIN_OK ext-community $INTCOMM_PREF_OK_ROA set ext-community delete $INTCOMM_IRR_REJECT
+
+# routes tagged with $INTCOMM_PREF_OK_ARINDB community have the prefix validated by an ARIN Whois record; origin ASN previously validated ($INTCOMM_ORIGIN_OK)
+match from 192.0.2.21 ext-community $INTCOMM_ORIGIN_OK ext-community $INTCOMM_PREF_OK_ARINDB set ext-community delete $INTCOMM_IRR_REJECT
+
+# routes tagged with $INTCOMM_PREF_OK_REGISTROBRDB community have the prefix validated by a NICBR Whois record; origin ASN previously validated ($INTCOMM_ORIGIN_OK)
+match from 192.0.2.21 ext-community $INTCOMM_ORIGIN_OK ext-community $INTCOMM_PREF_OK_REGISTROBRDB set ext-community delete $INTCOMM_IRR_REJECT
+
+
+# enforcing: origin ASN
+# Reject inbound routes when 'from 192.0.2.21 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_ORIGIN_KO' - reject code: 9
+allow quick from 192.0.2.21 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_ORIGIN_KO set {
+	localpref 1
+	community 65520:0
+	community 65520:9
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# enforcing: prefix
+# Reject inbound routes when 'from 192.0.2.21 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_PREFIX_KO' - reject code: 12
+allow quick from 192.0.2.21 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_PREFIX_KO set {
+	localpref 1
+	community 65520:0
+	community 65520:12
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# Blackhole request?
+match from 192.0.2.21 set ext-community delete rt 65520:2
+
+
+# Remove internal communities before accepting the route
+match from 192.0.2.21 community BLACKHOLE set {
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+allow from 192.0.2.21 community 65534:0 set {
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+allow from 192.0.2.21 large-community 65534:0:0 set {
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# Add the rpki_bgp_origin_validation_not_performed community
+match from 192.0.2.21 community BLACKHOLE set community 65530:4
+match from 192.0.2.21 community BLACKHOLE set large-community 999:65530:4
+
+match from 192.0.2.21 community 65534:0 set { community 65530:4 large-community 999:65530:4}
+match from 192.0.2.21 large-community 65534:0:0 set { community 65530:4 large-community 999:65530:4}
+
+
+allow quick from 192.0.2.21 community BLACKHOLE
+allow quick from 192.0.2.21 community 65534:0
+allow quick from 192.0.2.21 large-community 65534:0:0
+
+
+match from 192.0.2.21 set ext-community rt 65520:2
+
+
+# RPKI-based Origin Validation
+# Reject inbound routes when 'from 192.0.2.21 ext-community $INTCOMM_RPKI_INVALID' - reject code: 14
+allow quick from 192.0.2.21 ext-community $INTCOMM_RPKI_INVALID set {
+	localpref 1
+	community 65520:0
+	community 65520:14
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# Prefix: length
+# Reject inbound routes when 'from 192.0.2.21 prefix 0.0.0.0/0 prefixlen 8 >< 24' - reject code: 13
+allow quick from 192.0.2.21 prefix 0.0.0.0/0 prefixlen 8 >< 24 set {
+	localpref 1
+	community 65520:0
+	community 65520:13
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# Graceful shutdown
+match from 192.0.2.21 community GRACEFUL_SHUTDOWN set community delete GRACEFUL_SHUTDOWN
+
+# Remove internal communities before accepting the route
+match from 192.0.2.21 set {
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+match from 192.0.2.21 set ext-community delete rt 65520:2
+
+
+
+allow quick from 192.0.2.21
+
+
+
+# ---------------------------------------------
+# client AS2_1, outbound
+
+deny quick to 192.0.2.21 community 65520:0
+
+
+
+# Blackhole request?
+# Configured policy: rewrite-next-hop
+match to 192.0.2.21 community 65534:0 set community BLACKHOLE
+match to 192.0.2.21 large-community 65534:0:0 set community BLACKHOLE
+
+match to 192.0.2.21 community BLACKHOLE set community NO_EXPORT
+match to 192.0.2.21 community BLACKHOLE set nexthop 192.0.2.66
+
+
+# RPKI-based Origin Validation
+# Do not announce INVALID to clients
+deny quick to 192.0.2.21 ext-community $INTCOMM_RPKI_INVALID
+
+# NO_EXPORT and NO_ADVERTISE communities
+# add_noexport_to_any
+match to 192.0.2.21 community 65507:999 set community NO_EXPORT
+match to 192.0.2.21 ext-community rt 65507:999 set community NO_EXPORT
+match to 192.0.2.21 large-community 999:65507:999 set community NO_EXPORT
+
+# add_noadvertise_to_any
+match to 192.0.2.21 community 65508:999 set community NO_ADVERTISE
+match to 192.0.2.21 ext-community rt 65508:999 set community NO_ADVERTISE
+match to 192.0.2.21 large-community 999:65508:999 set community NO_ADVERTISE
+
+# add_noexport_to_peer
+match to 192.0.2.21 community 65509:2 set community NO_EXPORT
+match to 192.0.2.21 ext-community rt 65509:2 set community NO_EXPORT
+match to 192.0.2.21 large-community 999:65509:2 set community NO_EXPORT
+
+# add_noadvertise_to_peer
+match to 192.0.2.21 community 65510:2 set community NO_ADVERTISE
+match to 192.0.2.21 ext-community rt 65510:2 set community NO_ADVERTISE
+match to 192.0.2.21 large-community 999:65510:2 set community NO_ADVERTISE
+
+
+# BGP control communities
+allow to 192.0.2.21
+
+# do_not_announce_to_any
+deny to 192.0.2.21 community 0:999
+deny to 192.0.2.21 ext-community rt 0:999
+deny to 192.0.2.21 large-community 999:0:999
+
+# do_not_announce_to_peer
+deny quick to 192.0.2.21 community 0:2
+deny quick to 192.0.2.21 ext-community rt 0:2
+deny quick to 192.0.2.21 large-community 999:0:2
+
+# do_not_announce_to_peers_with_rtt_lower_than 20 ms
+deny to 192.0.2.21 community 64530:20
+deny to 192.0.2.21 ext-community rt 64530:20
+deny to 192.0.2.21 large-community 999:64530:20
+
+
+# do_not_announce_to_peers_with_rtt_lower_than 30 ms
+deny to 192.0.2.21 community 64530:30
+deny to 192.0.2.21 ext-community rt 64530:30
+deny to 192.0.2.21 large-community 999:64530:30
+
+
+# do_not_announce_to_peers_with_rtt_lower_than 50 ms
+deny to 192.0.2.21 community 64530:50
+deny to 192.0.2.21 ext-community rt 64530:50
+deny to 192.0.2.21 large-community 999:64530:50
+
+
+# do_not_announce_to_peers_with_rtt_lower_than 100 ms
+deny to 192.0.2.21 community 64530:100
+deny to 192.0.2.21 ext-community rt 64530:100
+deny to 192.0.2.21 large-community 999:64530:100
+
+
+# do_not_announce_to_peers_with_rtt_lower_than 200 ms
+deny to 192.0.2.21 community 64530:200
+deny to 192.0.2.21 ext-community rt 64530:200
+deny to 192.0.2.21 large-community 999:64530:200
+
+
+# do_not_announce_to_peers_with_rtt_lower_than 500 ms
+deny to 192.0.2.21 community 64530:500
+deny to 192.0.2.21 ext-community rt 64530:500
+deny to 192.0.2.21 large-community 999:64530:500
+
+
+# announce_to_peers_with_rtt_lower_than 20 ms
+allow to 192.0.2.21 community 64532:20
+allow to 192.0.2.21 ext-community rt 64532:20
+allow to 192.0.2.21 large-community 999:64532:20
+
+
+# announce_to_peers_with_rtt_lower_than 30 ms
+allow to 192.0.2.21 community 64532:30
+allow to 192.0.2.21 ext-community rt 64532:30
+allow to 192.0.2.21 large-community 999:64532:30
+
+
+# announce_to_peers_with_rtt_lower_than 50 ms
+allow to 192.0.2.21 community 64532:50
+allow to 192.0.2.21 ext-community rt 64532:50
+allow to 192.0.2.21 large-community 999:64532:50
+
+
+# announce_to_peers_with_rtt_lower_than 100 ms
+allow to 192.0.2.21 community 64532:100
+allow to 192.0.2.21 ext-community rt 64532:100
+allow to 192.0.2.21 large-community 999:64532:100
+
+
+# announce_to_peers_with_rtt_lower_than 200 ms
+allow to 192.0.2.21 community 64532:200
+allow to 192.0.2.21 ext-community rt 64532:200
+allow to 192.0.2.21 large-community 999:64532:200
+
+
+# announce_to_peers_with_rtt_lower_than 500 ms
+allow to 192.0.2.21 community 64532:500
+allow to 192.0.2.21 ext-community rt 64532:500
+allow to 192.0.2.21 large-community 999:64532:500
+
+
+# do_not_announce_to_peers_with_rtt_higher_than 5 ms
+deny to 192.0.2.21 community 64531:5
+deny to 192.0.2.21 ext-community rt 64531:5
+deny to 192.0.2.21 large-community 999:64531:5
+
+
+# do_not_announce_to_peers_with_rtt_higher_than 10 ms
+deny to 192.0.2.21 community 64531:10
+deny to 192.0.2.21 ext-community rt 64531:10
+deny to 192.0.2.21 large-community 999:64531:10
+
+
+# do_not_announce_to_peers_with_rtt_higher_than 15 ms
+deny to 192.0.2.21 community 64531:15
+deny to 192.0.2.21 ext-community rt 64531:15
+deny to 192.0.2.21 large-community 999:64531:15
+
+
+# announce_to_peers_with_rtt_higher_than 5 ms
+allow to 192.0.2.21 community 64533:5
+allow to 192.0.2.21 ext-community rt 64533:5
+allow to 192.0.2.21 large-community 999:64533:5
+
+
+# announce_to_peers_with_rtt_higher_than 10 ms
+allow to 192.0.2.21 community 64533:10
+allow to 192.0.2.21 ext-community rt 64533:10
+allow to 192.0.2.21 large-community 999:64533:10
+
+
+# announce_to_peers_with_rtt_higher_than 15 ms
+allow to 192.0.2.21 community 64533:15
+allow to 192.0.2.21 ext-community rt 64533:15
+allow to 192.0.2.21 large-community 999:64533:15
+
+
+# announce_to_peer
+allow to 192.0.2.21 community 65501:2
+allow to 192.0.2.21 ext-community rt 65501:2
+allow to 192.0.2.21 large-community 999:65501:2
+
+
+# Add the $INTCOMM_PROCESS_PREPEND_COMMS ext community to signal that communities
+# for prepending can be processed. As soon as one prepending action is performed,
+# this internal community is removed, so that further actions are not processed.
+match to 192.0.2.21 set ext-community $INTCOMM_PROCESS_PREPEND_COMMS
+
+# prepend_once_to_peer AS2; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 65521:2 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 65521:2 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:65521:2 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+# prepend_twice_to_peer AS2; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 65522:2 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 65522:2 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:65522:2 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+# prepend_thrice_to_peer AS2; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 65523:2 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 65523:2 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:65523:2 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_once_to_peers_with_rtt_higher_than 15 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64537:15 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64537:15 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64537:15 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_twice_to_peers_with_rtt_higher_than 15 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64538:15 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64538:15 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64538:15 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_thrice_to_peers_with_rtt_higher_than 15 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64539:15 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64539:15 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64539:15 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_once_to_peers_with_rtt_higher_than 10 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64537:10 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64537:10 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64537:10 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_twice_to_peers_with_rtt_higher_than 10 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64538:10 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64538:10 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64538:10 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_thrice_to_peers_with_rtt_higher_than 10 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64539:10 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64539:10 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64539:10 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_once_to_peers_with_rtt_higher_than 5 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64537:5 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64537:5 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64537:5 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_twice_to_peers_with_rtt_higher_than 5 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64538:5 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64538:5 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64538:5 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_thrice_to_peers_with_rtt_higher_than 5 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64539:5 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64539:5 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64539:5 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_once_to_peers_with_rtt_lower_than 20 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64534:20 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64534:20 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64534:20 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_twice_to_peers_with_rtt_lower_than 20 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64535:20 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64535:20 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64535:20 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_thrice_to_peers_with_rtt_lower_than 20 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64536:20 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64536:20 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64536:20 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_once_to_peers_with_rtt_lower_than 30 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64534:30 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64534:30 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64534:30 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_twice_to_peers_with_rtt_lower_than 30 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64535:30 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64535:30 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64535:30 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_thrice_to_peers_with_rtt_lower_than 30 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64536:30 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64536:30 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64536:30 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_once_to_peers_with_rtt_lower_than 50 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64534:50 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64534:50 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64534:50 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_twice_to_peers_with_rtt_lower_than 50 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64535:50 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64535:50 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64535:50 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_thrice_to_peers_with_rtt_lower_than 50 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64536:50 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64536:50 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64536:50 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_once_to_peers_with_rtt_lower_than 100 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64534:100 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64534:100 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64534:100 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_twice_to_peers_with_rtt_lower_than 100 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64535:100 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64535:100 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64535:100 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_thrice_to_peers_with_rtt_lower_than 100 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64536:100 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64536:100 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64536:100 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_once_to_peers_with_rtt_lower_than 200 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64534:200 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64534:200 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64534:200 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_twice_to_peers_with_rtt_lower_than 200 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64535:200 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64535:200 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64535:200 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_thrice_to_peers_with_rtt_lower_than 200 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64536:200 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64536:200 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64536:200 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_once_to_peers_with_rtt_lower_than 500 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64534:500 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64534:500 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64534:500 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_twice_to_peers_with_rtt_lower_than 500 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64535:500 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64535:500 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64535:500 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_thrice_to_peers_with_rtt_lower_than 500 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64536:500 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64536:500 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64536:500 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+
+# prepend_once_to_any; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 65521:65521 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 65521:65521 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:65521:65521 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+# prepend_twice_to_any; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 65522:65522 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 65522:65522 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:65522:65522 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+# prepend_thrice_to_any; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 65523:65523 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 65523:65523 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:65523:65523 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+
+# ---------------------------------------------
+# client AS2_2, inbound
+
+
+
+# NEXT_HOP
+match from 2001:db8:1:1::21 set community NO_ADVERTISE
+match from 2001:db8:1:1::21 nexthop 2001:db8:1:1::21 set community delete NO_ADVERTISE
+match from 2001:db8:1:1::21 nexthop 2001:db8:1:1::22 set community delete NO_ADVERTISE
+# Reject inbound routes when 'from 2001:db8:1:1::21 community NO_ADVERTISE' - reject code: 5
+allow quick from 2001:db8:1:1::21 community NO_ADVERTISE set {
+	localpref 1
+	community 65520:0
+	community 65520:5
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: left-most ASN
+# Reject inbound routes when 'from 2001:db8:1:1::21 peer-as != 2' - reject code: 6
+# community from reject_cause_map
+allow quick from 2001:db8:1:1::21 peer-as != 2 set {
+	localpref 1
+	community 65520:0
+	community 65520:6
+	large-community 999:1101:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: invalid ASNs
+# Reject inbound routes when 'from 2001:db8:1:1::21 AS 23456' - reject code: 7
+allow quick from 2001:db8:1:1::21 AS 23456 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 2001:db8:1:1::21 AS 64496 - 131071' - reject code: 7
+allow quick from 2001:db8:1:1::21 AS 64496 - 131071 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 2001:db8:1:1::21 AS 4200000000 - 4294967295' - reject code: 7
+allow quick from 2001:db8:1:1::21 AS 4200000000 - 4294967295 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: transit-free ASNs
+# Reject inbound routes when 'from 2001:db8:1:1::21 AS { 3, 174 }' - reject code: 8
+allow quick from 2001:db8:1:1::21 AS { 3, 174 } set {
+	localpref 1
+	community 65520:0
+	community 65520:8
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: never via route-servers ASNs
+# Reject inbound routes when 'from 2001:db8:1:1::21 AS as-set neverviarouteserver' - reject code: 15
+allow quick from 2001:db8:1:1::21 AS as-set neverviarouteserver set {
+	localpref 1
+	community 65520:0
+	community 65520:15
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+match from 2001:db8:1:1::21 set ext-community $INTCOMM_IRR_REJECT
+
+# AS_PATH: check origin via AS-SET
+# IRRDB filters for AS2_2, AS2: asns
+# add $INTCOMM_ORIGIN_KO to any; it will be removed later if at least one AS-SET authorizes this object
+match from 2001:db8:1:1::21 set ext-community $INTCOMM_ORIGIN_KO
+# verifying if object is authorized by AS-SETs
+# AS-SET AS2 referenced but empty.
+match from 2001:db8:1:1::21 source-as as-set AS_SET_AS_AS2_AS_AS2_CUSTOMERS_asns set {
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community $INTCOMM_ORIGIN_OK
+} # AS_AS2_AS_AS2_CUSTOMERS
+
+
+# Prefix: check prefix via AS-SET
+# IRRDB filters for AS2_2, AS2: prefixes
+# add $INTCOMM_PREFIX_KO to any; it will be removed later if at least one AS-SET authorizes this object
+match from 2001:db8:1:1::21 set ext-community $INTCOMM_PREFIX_KO
+# verifying if object is authorized by AS-SETs
+# AS-SET AS2 referenced but empty.
+match from 2001:db8:1:1::21 prefix-set AS_SET_AS_AS2_AS_AS2_CUSTOMERS_prefixes set {
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community $INTCOMM_PREFIX_OK
+} # AS_AS2_AS_AS2_CUSTOMERS
+
+
+# routes tagged with $INTCOMM_PREF_OK_ROA community have the prefix validated by a ROA; origin ASN previously validated ($INTCOMM_ORIGIN_OK)
+match from 2001:db8:1:1::21 ext-community $INTCOMM_ORIGIN_OK ext-community $INTCOMM_PREF_OK_ROA set ext-community delete $INTCOMM_IRR_REJECT
+
+# routes tagged with $INTCOMM_PREF_OK_ARINDB community have the prefix validated by an ARIN Whois record; origin ASN previously validated ($INTCOMM_ORIGIN_OK)
+match from 2001:db8:1:1::21 ext-community $INTCOMM_ORIGIN_OK ext-community $INTCOMM_PREF_OK_ARINDB set ext-community delete $INTCOMM_IRR_REJECT
+
+# routes tagged with $INTCOMM_PREF_OK_REGISTROBRDB community have the prefix validated by a NICBR Whois record; origin ASN previously validated ($INTCOMM_ORIGIN_OK)
+match from 2001:db8:1:1::21 ext-community $INTCOMM_ORIGIN_OK ext-community $INTCOMM_PREF_OK_REGISTROBRDB set ext-community delete $INTCOMM_IRR_REJECT
+
+
+# enforcing: origin ASN
+# Reject inbound routes when 'from 2001:db8:1:1::21 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_ORIGIN_KO' - reject code: 9
+allow quick from 2001:db8:1:1::21 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_ORIGIN_KO set {
+	localpref 1
+	community 65520:0
+	community 65520:9
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# enforcing: prefix
+# Reject inbound routes when 'from 2001:db8:1:1::21 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_PREFIX_KO' - reject code: 12
+allow quick from 2001:db8:1:1::21 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_PREFIX_KO set {
+	localpref 1
+	community 65520:0
+	community 65520:12
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# Blackhole request?
+match from 2001:db8:1:1::21 set ext-community delete rt 65520:2
+
+
+# Remove internal communities before accepting the route
+match from 2001:db8:1:1::21 community BLACKHOLE set {
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+allow from 2001:db8:1:1::21 community 65534:0 set {
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+allow from 2001:db8:1:1::21 large-community 65534:0:0 set {
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# Add the rpki_bgp_origin_validation_not_performed community
+match from 2001:db8:1:1::21 community BLACKHOLE set community 65530:4
+match from 2001:db8:1:1::21 community BLACKHOLE set large-community 999:65530:4
+
+match from 2001:db8:1:1::21 community 65534:0 set { community 65530:4 large-community 999:65530:4}
+match from 2001:db8:1:1::21 large-community 65534:0:0 set { community 65530:4 large-community 999:65530:4}
+
+
+allow quick from 2001:db8:1:1::21 community BLACKHOLE
+allow quick from 2001:db8:1:1::21 community 65534:0
+allow quick from 2001:db8:1:1::21 large-community 65534:0:0
+
+
+match from 2001:db8:1:1::21 set ext-community rt 65520:2
+
+
+# RPKI-based Origin Validation
+# Reject inbound routes when 'from 2001:db8:1:1::21 ext-community $INTCOMM_RPKI_INVALID' - reject code: 14
+allow quick from 2001:db8:1:1::21 ext-community $INTCOMM_RPKI_INVALID set {
+	localpref 1
+	community 65520:0
+	community 65520:14
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# Prefix: length
+# Reject inbound routes when 'from 2001:db8:1:1::21 prefix ::/0 prefixlen 17 >< 48' - reject code: 13
+allow quick from 2001:db8:1:1::21 prefix ::/0 prefixlen 17 >< 48 set {
+	localpref 1
+	community 65520:0
+	community 65520:13
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# Graceful shutdown
+match from 2001:db8:1:1::21 community GRACEFUL_SHUTDOWN set community delete GRACEFUL_SHUTDOWN
+
+# Remove internal communities before accepting the route
+match from 2001:db8:1:1::21 set {
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+match from 2001:db8:1:1::21 set ext-community delete rt 65520:2
+
+
+
+allow quick from 2001:db8:1:1::21
+
+
+
+# ---------------------------------------------
+# client AS2_2, outbound
+
+deny quick to 2001:db8:1:1::21 community 65520:0
+
+
+
+# Blackhole request?
+# Configured policy: rewrite-next-hop
+match to 2001:db8:1:1::21 community 65534:0 set community BLACKHOLE
+match to 2001:db8:1:1::21 large-community 65534:0:0 set community BLACKHOLE
+
+match to 2001:db8:1:1::21 community BLACKHOLE set community NO_EXPORT
+match to 2001:db8:1:1::21 community BLACKHOLE set nexthop 2001:db8:1:1::66
+
+
+# RPKI-based Origin Validation
+# Do not announce INVALID to clients
+deny quick to 2001:db8:1:1::21 ext-community $INTCOMM_RPKI_INVALID
+
+# NO_EXPORT and NO_ADVERTISE communities
+# add_noexport_to_any
+match to 2001:db8:1:1::21 community 65507:999 set community NO_EXPORT
+match to 2001:db8:1:1::21 ext-community rt 65507:999 set community NO_EXPORT
+match to 2001:db8:1:1::21 large-community 999:65507:999 set community NO_EXPORT
+
+# add_noadvertise_to_any
+match to 2001:db8:1:1::21 community 65508:999 set community NO_ADVERTISE
+match to 2001:db8:1:1::21 ext-community rt 65508:999 set community NO_ADVERTISE
+match to 2001:db8:1:1::21 large-community 999:65508:999 set community NO_ADVERTISE
+
+# add_noexport_to_peer
+match to 2001:db8:1:1::21 community 65509:2 set community NO_EXPORT
+match to 2001:db8:1:1::21 ext-community rt 65509:2 set community NO_EXPORT
+match to 2001:db8:1:1::21 large-community 999:65509:2 set community NO_EXPORT
+
+# add_noadvertise_to_peer
+match to 2001:db8:1:1::21 community 65510:2 set community NO_ADVERTISE
+match to 2001:db8:1:1::21 ext-community rt 65510:2 set community NO_ADVERTISE
+match to 2001:db8:1:1::21 large-community 999:65510:2 set community NO_ADVERTISE
+
+
+# BGP control communities
+allow to 2001:db8:1:1::21
+
+# do_not_announce_to_any
+deny to 2001:db8:1:1::21 community 0:999
+deny to 2001:db8:1:1::21 ext-community rt 0:999
+deny to 2001:db8:1:1::21 large-community 999:0:999
+
+# do_not_announce_to_peer
+deny quick to 2001:db8:1:1::21 community 0:2
+deny quick to 2001:db8:1:1::21 ext-community rt 0:2
+deny quick to 2001:db8:1:1::21 large-community 999:0:2
+
+# announce_to_peer
+allow to 2001:db8:1:1::21 community 65501:2
+allow to 2001:db8:1:1::21 ext-community rt 65501:2
+allow to 2001:db8:1:1::21 large-community 999:65501:2
+
+
+# Add the $INTCOMM_PROCESS_PREPEND_COMMS ext community to signal that communities
+# for prepending can be processed. As soon as one prepending action is performed,
+# this internal community is removed, so that further actions are not processed.
+match to 2001:db8:1:1::21 set ext-community $INTCOMM_PROCESS_PREPEND_COMMS
+
+# prepend_once_to_peer AS2; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 65521:2 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 65521:2 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:65521:2 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+# prepend_twice_to_peer AS2; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 65522:2 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 65522:2 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:65522:2 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+# prepend_thrice_to_peer AS2; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 65523:2 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 65523:2 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:65523:2 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+
+# prepend_once_to_any; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 65521:65521 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 65521:65521 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:65521:65521 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+# prepend_twice_to_any; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 65522:65522 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 65522:65522 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:65522:65522 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+# prepend_thrice_to_any; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 65523:65523 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 65523:65523 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:65523:65523 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+
+# ---------------------------------------------
+# client AS3_1, inbound
+
+
+
+# NEXT_HOP
+match from 192.0.2.31 set community NO_ADVERTISE
+match from 192.0.2.31 nexthop 192.0.2.31 set community delete NO_ADVERTISE
+# Reject inbound routes when 'from 192.0.2.31 community NO_ADVERTISE' - reject code: 5
+allow quick from 192.0.2.31 community NO_ADVERTISE set {
+	localpref 1
+	community 65520:0
+	community 65520:5
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: left-most ASN
+# Reject inbound routes when 'from 192.0.2.31 peer-as != 3' - reject code: 6
+# community from reject_cause_map
+allow quick from 192.0.2.31 peer-as != 3 set {
+	localpref 1
+	community 65520:0
+	community 65520:6
+	large-community 999:1101:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: invalid ASNs
+# Reject inbound routes when 'from 192.0.2.31 AS 23456' - reject code: 7
+allow quick from 192.0.2.31 AS 23456 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 192.0.2.31 AS 64496 - 131071' - reject code: 7
+allow quick from 192.0.2.31 AS 64496 - 131071 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 192.0.2.31 AS 4200000000 - 4294967295' - reject code: 7
+allow quick from 192.0.2.31 AS 4200000000 - 4294967295 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: transit-free ASNs
+# Reject inbound routes when 'from 192.0.2.31 AS { 174 }' - reject code: 8
+allow quick from 192.0.2.31 AS { 174 } set {
+	localpref 1
+	community 65520:0
+	community 65520:8
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: never via route-servers ASNs
+# Reject inbound routes when 'from 192.0.2.31 AS as-set neverviarouteserver' - reject code: 15
+allow quick from 192.0.2.31 AS as-set neverviarouteserver set {
+	localpref 1
+	community 65520:0
+	community 65520:15
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+
+
+# Prefix: client's blacklist
+prefix-set "client_AS3_1_black_list_pref_ipv4" {
+    3.0.1.0/24 prefixlen 24 - 32
+
+}
+# Reject inbound routes when 'from 192.0.2.31 prefix-set client_AS3_1_black_list_pref_ipv4' - reject code: 11
+allow quick from 192.0.2.31 prefix-set client_AS3_1_black_list_pref_ipv4 set {
+	localpref 1
+	community 65520:0
+	community 65520:11
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+
+# Blackhole request?
+match from 192.0.2.31 set ext-community delete rt 65520:3
+
+
+# Remove internal communities before accepting the route
+match from 192.0.2.31 community BLACKHOLE set {
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+allow from 192.0.2.31 community 65534:0 set {
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+allow from 192.0.2.31 large-community 65534:0:0 set {
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# Add the rpki_bgp_origin_validation_not_performed community
+match from 192.0.2.31 community BLACKHOLE set community 65530:4
+match from 192.0.2.31 community BLACKHOLE set large-community 999:65530:4
+
+match from 192.0.2.31 community 65534:0 set { community 65530:4 large-community 999:65530:4}
+match from 192.0.2.31 large-community 65534:0:0 set { community 65530:4 large-community 999:65530:4}
+
+
+allow quick from 192.0.2.31 community BLACKHOLE
+allow quick from 192.0.2.31 community 65534:0
+allow quick from 192.0.2.31 large-community 65534:0:0
+
+
+match from 192.0.2.31 set ext-community rt 65520:3
+
+
+# RPKI-based Origin Validation
+# Reject inbound routes when 'from 192.0.2.31 ext-community $INTCOMM_RPKI_INVALID' - reject code: 14
+allow quick from 192.0.2.31 ext-community $INTCOMM_RPKI_INVALID set {
+	localpref 1
+	community 65520:0
+	community 65520:14
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# Prefix: length
+# Reject inbound routes when 'from 192.0.2.31 prefix 0.0.0.0/0 prefixlen 8 >< 24' - reject code: 13
+allow quick from 192.0.2.31 prefix 0.0.0.0/0 prefixlen 8 >< 24 set {
+	localpref 1
+	community 65520:0
+	community 65520:13
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# Graceful shutdown
+match from 192.0.2.31 community GRACEFUL_SHUTDOWN set localpref 5
+
+# Remove internal communities before accepting the route
+match from 192.0.2.31 set {
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+match from 192.0.2.31 set ext-community delete rt 65520:3
+
+
+
+allow quick from 192.0.2.31
+
+
+
+# ---------------------------------------------
+# client AS3_1, outbound
+
+deny quick to 192.0.2.31 community 65520:0
+
+
+
+# Blackhole request?
+# Configured policy: rewrite-next-hop
+match to 192.0.2.31 community 65534:0 set community BLACKHOLE
+match to 192.0.2.31 large-community 65534:0:0 set community BLACKHOLE
+
+match to 192.0.2.31 community BLACKHOLE set community NO_EXPORT
+match to 192.0.2.31 community BLACKHOLE set nexthop 192.0.2.66
+
+
+# RPKI-based Origin Validation
+# Do not announce INVALID to clients
+deny quick to 192.0.2.31 ext-community $INTCOMM_RPKI_INVALID
+
+# NO_EXPORT and NO_ADVERTISE communities
+# add_noexport_to_any
+match to 192.0.2.31 community 65507:999 set community NO_EXPORT
+match to 192.0.2.31 ext-community rt 65507:999 set community NO_EXPORT
+match to 192.0.2.31 large-community 999:65507:999 set community NO_EXPORT
+
+# add_noadvertise_to_any
+match to 192.0.2.31 community 65508:999 set community NO_ADVERTISE
+match to 192.0.2.31 ext-community rt 65508:999 set community NO_ADVERTISE
+match to 192.0.2.31 large-community 999:65508:999 set community NO_ADVERTISE
+
+# add_noexport_to_peer
+match to 192.0.2.31 community 65509:3 set community NO_EXPORT
+match to 192.0.2.31 ext-community rt 65509:3 set community NO_EXPORT
+match to 192.0.2.31 large-community 999:65509:3 set community NO_EXPORT
+
+# add_noadvertise_to_peer
+match to 192.0.2.31 community 65510:3 set community NO_ADVERTISE
+match to 192.0.2.31 ext-community rt 65510:3 set community NO_ADVERTISE
+match to 192.0.2.31 large-community 999:65510:3 set community NO_ADVERTISE
+
+
+# BGP control communities
+allow to 192.0.2.31
+
+# do_not_announce_to_any
+deny to 192.0.2.31 community 0:999
+deny to 192.0.2.31 ext-community rt 0:999
+deny to 192.0.2.31 large-community 999:0:999
+
+# do_not_announce_to_peer
+deny quick to 192.0.2.31 community 0:3
+deny quick to 192.0.2.31 ext-community rt 0:3
+deny quick to 192.0.2.31 large-community 999:0:3
+
+# do_not_announce_to_peers_with_rtt_lower_than 200 ms
+deny to 192.0.2.31 community 64530:200
+deny to 192.0.2.31 ext-community rt 64530:200
+deny to 192.0.2.31 large-community 999:64530:200
+
+
+# do_not_announce_to_peers_with_rtt_lower_than 500 ms
+deny to 192.0.2.31 community 64530:500
+deny to 192.0.2.31 ext-community rt 64530:500
+deny to 192.0.2.31 large-community 999:64530:500
+
+
+# announce_to_peers_with_rtt_lower_than 200 ms
+allow to 192.0.2.31 community 64532:200
+allow to 192.0.2.31 ext-community rt 64532:200
+allow to 192.0.2.31 large-community 999:64532:200
+
+
+# announce_to_peers_with_rtt_lower_than 500 ms
+allow to 192.0.2.31 community 64532:500
+allow to 192.0.2.31 ext-community rt 64532:500
+allow to 192.0.2.31 large-community 999:64532:500
+
+
+# do_not_announce_to_peers_with_rtt_higher_than 5 ms
+deny to 192.0.2.31 community 64531:5
+deny to 192.0.2.31 ext-community rt 64531:5
+deny to 192.0.2.31 large-community 999:64531:5
+
+
+# do_not_announce_to_peers_with_rtt_higher_than 10 ms
+deny to 192.0.2.31 community 64531:10
+deny to 192.0.2.31 ext-community rt 64531:10
+deny to 192.0.2.31 large-community 999:64531:10
+
+
+# do_not_announce_to_peers_with_rtt_higher_than 15 ms
+deny to 192.0.2.31 community 64531:15
+deny to 192.0.2.31 ext-community rt 64531:15
+deny to 192.0.2.31 large-community 999:64531:15
+
+
+# do_not_announce_to_peers_with_rtt_higher_than 20 ms
+deny to 192.0.2.31 community 64531:20
+deny to 192.0.2.31 ext-community rt 64531:20
+deny to 192.0.2.31 large-community 999:64531:20
+
+
+# do_not_announce_to_peers_with_rtt_higher_than 30 ms
+deny to 192.0.2.31 community 64531:30
+deny to 192.0.2.31 ext-community rt 64531:30
+deny to 192.0.2.31 large-community 999:64531:30
+
+
+# do_not_announce_to_peers_with_rtt_higher_than 50 ms
+deny to 192.0.2.31 community 64531:50
+deny to 192.0.2.31 ext-community rt 64531:50
+deny to 192.0.2.31 large-community 999:64531:50
+
+
+# do_not_announce_to_peers_with_rtt_higher_than 100 ms
+deny to 192.0.2.31 community 64531:100
+deny to 192.0.2.31 ext-community rt 64531:100
+deny to 192.0.2.31 large-community 999:64531:100
+
+
+# announce_to_peers_with_rtt_higher_than 5 ms
+allow to 192.0.2.31 community 64533:5
+allow to 192.0.2.31 ext-community rt 64533:5
+allow to 192.0.2.31 large-community 999:64533:5
+
+
+# announce_to_peers_with_rtt_higher_than 10 ms
+allow to 192.0.2.31 community 64533:10
+allow to 192.0.2.31 ext-community rt 64533:10
+allow to 192.0.2.31 large-community 999:64533:10
+
+
+# announce_to_peers_with_rtt_higher_than 15 ms
+allow to 192.0.2.31 community 64533:15
+allow to 192.0.2.31 ext-community rt 64533:15
+allow to 192.0.2.31 large-community 999:64533:15
+
+
+# announce_to_peers_with_rtt_higher_than 20 ms
+allow to 192.0.2.31 community 64533:20
+allow to 192.0.2.31 ext-community rt 64533:20
+allow to 192.0.2.31 large-community 999:64533:20
+
+
+# announce_to_peers_with_rtt_higher_than 30 ms
+allow to 192.0.2.31 community 64533:30
+allow to 192.0.2.31 ext-community rt 64533:30
+allow to 192.0.2.31 large-community 999:64533:30
+
+
+# announce_to_peers_with_rtt_higher_than 50 ms
+allow to 192.0.2.31 community 64533:50
+allow to 192.0.2.31 ext-community rt 64533:50
+allow to 192.0.2.31 large-community 999:64533:50
+
+
+# announce_to_peers_with_rtt_higher_than 100 ms
+allow to 192.0.2.31 community 64533:100
+allow to 192.0.2.31 ext-community rt 64533:100
+allow to 192.0.2.31 large-community 999:64533:100
+
+
+# announce_to_peer
+allow to 192.0.2.31 community 65501:3
+allow to 192.0.2.31 ext-community rt 65501:3
+allow to 192.0.2.31 large-community 999:65501:3
+
+
+# Add the $INTCOMM_PROCESS_PREPEND_COMMS ext community to signal that communities
+# for prepending can be processed. As soon as one prepending action is performed,
+# this internal community is removed, so that further actions are not processed.
+match to 192.0.2.31 set ext-community $INTCOMM_PROCESS_PREPEND_COMMS
+
+# prepend_once_to_peer AS3; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 65521:3 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 65521:3 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:65521:3 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+# prepend_twice_to_peer AS3; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 65522:3 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 65522:3 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:65522:3 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+# prepend_thrice_to_peer AS3; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 65523:3 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 65523:3 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:65523:3 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_once_to_peers_with_rtt_higher_than 100 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64537:100 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64537:100 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64537:100 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_twice_to_peers_with_rtt_higher_than 100 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64538:100 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64538:100 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64538:100 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_thrice_to_peers_with_rtt_higher_than 100 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64539:100 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64539:100 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64539:100 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_once_to_peers_with_rtt_higher_than 50 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64537:50 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64537:50 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64537:50 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_twice_to_peers_with_rtt_higher_than 50 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64538:50 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64538:50 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64538:50 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_thrice_to_peers_with_rtt_higher_than 50 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64539:50 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64539:50 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64539:50 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_once_to_peers_with_rtt_higher_than 30 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64537:30 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64537:30 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64537:30 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_twice_to_peers_with_rtt_higher_than 30 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64538:30 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64538:30 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64538:30 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_thrice_to_peers_with_rtt_higher_than 30 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64539:30 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64539:30 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64539:30 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_once_to_peers_with_rtt_higher_than 20 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64537:20 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64537:20 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64537:20 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_twice_to_peers_with_rtt_higher_than 20 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64538:20 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64538:20 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64538:20 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_thrice_to_peers_with_rtt_higher_than 20 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64539:20 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64539:20 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64539:20 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_once_to_peers_with_rtt_higher_than 15 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64537:15 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64537:15 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64537:15 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_twice_to_peers_with_rtt_higher_than 15 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64538:15 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64538:15 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64538:15 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_thrice_to_peers_with_rtt_higher_than 15 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64539:15 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64539:15 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64539:15 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_once_to_peers_with_rtt_higher_than 10 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64537:10 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64537:10 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64537:10 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_twice_to_peers_with_rtt_higher_than 10 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64538:10 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64538:10 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64538:10 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_thrice_to_peers_with_rtt_higher_than 10 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64539:10 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64539:10 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64539:10 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_once_to_peers_with_rtt_higher_than 5 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64537:5 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64537:5 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64537:5 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_twice_to_peers_with_rtt_higher_than 5 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64538:5 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64538:5 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64538:5 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_thrice_to_peers_with_rtt_higher_than 5 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64539:5 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64539:5 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64539:5 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_once_to_peers_with_rtt_lower_than 200 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64534:200 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64534:200 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64534:200 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_twice_to_peers_with_rtt_lower_than 200 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64535:200 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64535:200 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64535:200 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_thrice_to_peers_with_rtt_lower_than 200 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64536:200 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64536:200 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64536:200 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_once_to_peers_with_rtt_lower_than 500 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64534:500 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64534:500 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64534:500 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_twice_to_peers_with_rtt_lower_than 500 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64535:500 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64535:500 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64535:500 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_thrice_to_peers_with_rtt_lower_than 500 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64536:500 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64536:500 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64536:500 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+
+# prepend_once_to_any; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 65521:65521 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 65521:65521 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:65521:65521 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+# prepend_twice_to_any; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 65522:65522 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 65522:65522 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:65522:65522 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+# prepend_thrice_to_any; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 65523:65523 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 65523:65523 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:65523:65523 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+
+# ---------------------------------------------
+# client AS3_2, inbound
+
+
+
+# NEXT_HOP
+match from 2001:db8:1:1::31 set community NO_ADVERTISE
+match from 2001:db8:1:1::31 nexthop 2001:db8:1:1::31 set community delete NO_ADVERTISE
+# Reject inbound routes when 'from 2001:db8:1:1::31 community NO_ADVERTISE' - reject code: 5
+allow quick from 2001:db8:1:1::31 community NO_ADVERTISE set {
+	localpref 1
+	community 65520:0
+	community 65520:5
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: left-most ASN
+# Reject inbound routes when 'from 2001:db8:1:1::31 peer-as != 3' - reject code: 6
+# community from reject_cause_map
+allow quick from 2001:db8:1:1::31 peer-as != 3 set {
+	localpref 1
+	community 65520:0
+	community 65520:6
+	large-community 999:1101:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: invalid ASNs
+# Reject inbound routes when 'from 2001:db8:1:1::31 AS 23456' - reject code: 7
+allow quick from 2001:db8:1:1::31 AS 23456 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 2001:db8:1:1::31 AS 64496 - 131071' - reject code: 7
+allow quick from 2001:db8:1:1::31 AS 64496 - 131071 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 2001:db8:1:1::31 AS 4200000000 - 4294967295' - reject code: 7
+allow quick from 2001:db8:1:1::31 AS 4200000000 - 4294967295 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: transit-free ASNs
+# Reject inbound routes when 'from 2001:db8:1:1::31 AS { 174 }' - reject code: 8
+allow quick from 2001:db8:1:1::31 AS { 174 } set {
+	localpref 1
+	community 65520:0
+	community 65520:8
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: never via route-servers ASNs
+# Reject inbound routes when 'from 2001:db8:1:1::31 AS as-set neverviarouteserver' - reject code: 15
+allow quick from 2001:db8:1:1::31 AS as-set neverviarouteserver set {
+	localpref 1
+	community 65520:0
+	community 65520:15
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+
+
+# Prefix: client's blacklist
+prefix-set "client_AS3_2_black_list_pref_ipv6" {
+    2a03:0:1::/48 prefixlen 48 - 128
+
+}
+# Reject inbound routes when 'from 2001:db8:1:1::31 prefix-set client_AS3_2_black_list_pref_ipv6' - reject code: 11
+allow quick from 2001:db8:1:1::31 prefix-set client_AS3_2_black_list_pref_ipv6 set {
+	localpref 1
+	community 65520:0
+	community 65520:11
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+
+# Blackhole request?
+match from 2001:db8:1:1::31 set ext-community delete rt 65520:3
+
+
+# Remove internal communities before accepting the route
+match from 2001:db8:1:1::31 community BLACKHOLE set {
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+allow from 2001:db8:1:1::31 community 65534:0 set {
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+allow from 2001:db8:1:1::31 large-community 65534:0:0 set {
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# Add the rpki_bgp_origin_validation_not_performed community
+match from 2001:db8:1:1::31 community BLACKHOLE set community 65530:4
+match from 2001:db8:1:1::31 community BLACKHOLE set large-community 999:65530:4
+
+match from 2001:db8:1:1::31 community 65534:0 set { community 65530:4 large-community 999:65530:4}
+match from 2001:db8:1:1::31 large-community 65534:0:0 set { community 65530:4 large-community 999:65530:4}
+
+
+allow quick from 2001:db8:1:1::31 community BLACKHOLE
+allow quick from 2001:db8:1:1::31 community 65534:0
+allow quick from 2001:db8:1:1::31 large-community 65534:0:0
+
+
+match from 2001:db8:1:1::31 set ext-community rt 65520:3
+
+
+# RPKI-based Origin Validation
+# Reject inbound routes when 'from 2001:db8:1:1::31 ext-community $INTCOMM_RPKI_INVALID' - reject code: 14
+allow quick from 2001:db8:1:1::31 ext-community $INTCOMM_RPKI_INVALID set {
+	localpref 1
+	community 65520:0
+	community 65520:14
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# Prefix: length
+# Reject inbound routes when 'from 2001:db8:1:1::31 prefix ::/0 prefixlen 17 >< 48' - reject code: 13
+allow quick from 2001:db8:1:1::31 prefix ::/0 prefixlen 17 >< 48 set {
+	localpref 1
+	community 65520:0
+	community 65520:13
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# Graceful shutdown
+match from 2001:db8:1:1::31 community GRACEFUL_SHUTDOWN set localpref 5
+
+# Remove internal communities before accepting the route
+match from 2001:db8:1:1::31 set {
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+match from 2001:db8:1:1::31 set ext-community delete rt 65520:3
+
+
+
+allow quick from 2001:db8:1:1::31
+
+
+
+# ---------------------------------------------
+# client AS3_2, outbound
+
+deny quick to 2001:db8:1:1::31 community 65520:0
+
+
+
+# Blackhole request?
+# Configured policy: rewrite-next-hop
+match to 2001:db8:1:1::31 community 65534:0 set community BLACKHOLE
+match to 2001:db8:1:1::31 large-community 65534:0:0 set community BLACKHOLE
+
+match to 2001:db8:1:1::31 community BLACKHOLE set community NO_EXPORT
+match to 2001:db8:1:1::31 community BLACKHOLE set nexthop 2001:db8:1:1::66
+
+
+# RPKI-based Origin Validation
+# Do not announce INVALID to clients
+deny quick to 2001:db8:1:1::31 ext-community $INTCOMM_RPKI_INVALID
+
+# NO_EXPORT and NO_ADVERTISE communities
+# add_noexport_to_any
+match to 2001:db8:1:1::31 community 65507:999 set community NO_EXPORT
+match to 2001:db8:1:1::31 ext-community rt 65507:999 set community NO_EXPORT
+match to 2001:db8:1:1::31 large-community 999:65507:999 set community NO_EXPORT
+
+# add_noadvertise_to_any
+match to 2001:db8:1:1::31 community 65508:999 set community NO_ADVERTISE
+match to 2001:db8:1:1::31 ext-community rt 65508:999 set community NO_ADVERTISE
+match to 2001:db8:1:1::31 large-community 999:65508:999 set community NO_ADVERTISE
+
+# add_noexport_to_peer
+match to 2001:db8:1:1::31 community 65509:3 set community NO_EXPORT
+match to 2001:db8:1:1::31 ext-community rt 65509:3 set community NO_EXPORT
+match to 2001:db8:1:1::31 large-community 999:65509:3 set community NO_EXPORT
+
+# add_noadvertise_to_peer
+match to 2001:db8:1:1::31 community 65510:3 set community NO_ADVERTISE
+match to 2001:db8:1:1::31 ext-community rt 65510:3 set community NO_ADVERTISE
+match to 2001:db8:1:1::31 large-community 999:65510:3 set community NO_ADVERTISE
+
+
+# BGP control communities
+allow to 2001:db8:1:1::31
+
+# do_not_announce_to_any
+deny to 2001:db8:1:1::31 community 0:999
+deny to 2001:db8:1:1::31 ext-community rt 0:999
+deny to 2001:db8:1:1::31 large-community 999:0:999
+
+# do_not_announce_to_peer
+deny quick to 2001:db8:1:1::31 community 0:3
+deny quick to 2001:db8:1:1::31 ext-community rt 0:3
+deny quick to 2001:db8:1:1::31 large-community 999:0:3
+
+# announce_to_peer
+allow to 2001:db8:1:1::31 community 65501:3
+allow to 2001:db8:1:1::31 ext-community rt 65501:3
+allow to 2001:db8:1:1::31 large-community 999:65501:3
+
+
+# Add the $INTCOMM_PROCESS_PREPEND_COMMS ext community to signal that communities
+# for prepending can be processed. As soon as one prepending action is performed,
+# this internal community is removed, so that further actions are not processed.
+match to 2001:db8:1:1::31 set ext-community $INTCOMM_PROCESS_PREPEND_COMMS
+
+# prepend_once_to_peer AS3; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 65521:3 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 65521:3 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:65521:3 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+# prepend_twice_to_peer AS3; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 65522:3 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 65522:3 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:65522:3 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+# prepend_thrice_to_peer AS3; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 65523:3 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 65523:3 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:65523:3 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+
+# prepend_once_to_any; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 65521:65521 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 65521:65521 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:65521:65521 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+# prepend_twice_to_any; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 65522:65522 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 65522:65522 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:65522:65522 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+# prepend_thrice_to_any; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 65523:65523 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 65523:65523 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:65523:65523 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+
+# ---------------------------------------------
+# client AS4_1, inbound
+
+
+
+# NEXT_HOP
+match from 192.0.2.41 set community NO_ADVERTISE
+match from 192.0.2.41 nexthop 192.0.2.41 set community delete NO_ADVERTISE
+# Reject inbound routes when 'from 192.0.2.41 community NO_ADVERTISE' - reject code: 5
+allow quick from 192.0.2.41 community NO_ADVERTISE set {
+	localpref 1
+	community 65520:0
+	community 65520:5
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: left-most ASN
+# Reject inbound routes when 'from 192.0.2.41 peer-as != 4' - reject code: 6
+# community from reject_cause_map
+allow quick from 192.0.2.41 peer-as != 4 set {
+	localpref 1
+	community 65520:0
+	community 65520:6
+	large-community 999:1101:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: invalid ASNs
+# Reject inbound routes when 'from 192.0.2.41 AS 23456' - reject code: 7
+allow quick from 192.0.2.41 AS 23456 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 192.0.2.41 AS 64496 - 131071' - reject code: 7
+allow quick from 192.0.2.41 AS 64496 - 131071 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 192.0.2.41 AS 4200000000 - 4294967295' - reject code: 7
+allow quick from 192.0.2.41 AS 4200000000 - 4294967295 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: transit-free ASNs
+# Reject inbound routes when 'from 192.0.2.41 AS { 3, 174 }' - reject code: 8
+allow quick from 192.0.2.41 AS { 3, 174 } set {
+	localpref 1
+	community 65520:0
+	community 65520:8
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: never via route-servers ASNs
+# Reject inbound routes when 'from 192.0.2.41 AS as-set neverviarouteserver' - reject code: 15
+allow quick from 192.0.2.41 AS as-set neverviarouteserver set {
+	localpref 1
+	community 65520:0
+	community 65520:15
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+
+
+
+
+
+# Blackhole request?
+match from 192.0.2.41 set ext-community delete rt 65520:4
+
+
+# Remove internal communities before accepting the route
+match from 192.0.2.41 community BLACKHOLE set {
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+allow from 192.0.2.41 community 65534:0 set {
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+allow from 192.0.2.41 large-community 65534:0:0 set {
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# Add the rpki_bgp_origin_validation_not_performed community
+match from 192.0.2.41 community BLACKHOLE set community 65530:4
+match from 192.0.2.41 community BLACKHOLE set large-community 999:65530:4
+
+match from 192.0.2.41 community 65534:0 set { community 65530:4 large-community 999:65530:4}
+match from 192.0.2.41 large-community 65534:0:0 set { community 65530:4 large-community 999:65530:4}
+
+
+allow quick from 192.0.2.41 community BLACKHOLE
+allow quick from 192.0.2.41 community 65534:0
+allow quick from 192.0.2.41 large-community 65534:0:0
+
+
+match from 192.0.2.41 set ext-community rt 65520:4
+
+
+# RPKI-based Origin Validation
+# Reject inbound routes when 'from 192.0.2.41 ext-community $INTCOMM_RPKI_INVALID' - reject code: 14
+allow quick from 192.0.2.41 ext-community $INTCOMM_RPKI_INVALID set {
+	localpref 1
+	community 65520:0
+	community 65520:14
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# Prefix: length
+# Reject inbound routes when 'from 192.0.2.41 prefix 0.0.0.0/0 prefixlen 8 >< 24' - reject code: 13
+allow quick from 192.0.2.41 prefix 0.0.0.0/0 prefixlen 8 >< 24 set {
+	localpref 1
+	community 65520:0
+	community 65520:13
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# Graceful shutdown
+match from 192.0.2.41 community GRACEFUL_SHUTDOWN set localpref 5
+
+# Remove internal communities before accepting the route
+match from 192.0.2.41 set {
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+match from 192.0.2.41 set ext-community delete rt 65520:4
+
+
+
+allow quick from 192.0.2.41
+
+
+
+# ---------------------------------------------
+# client AS4_1, outbound
+
+deny quick to 192.0.2.41 community 65520:0
+
+
+
+# Blackhole request?
+# Configured policy: rewrite-next-hop
+match to 192.0.2.41 community 65534:0 set community BLACKHOLE
+match to 192.0.2.41 large-community 65534:0:0 set community BLACKHOLE
+
+match to 192.0.2.41 community BLACKHOLE set community NO_EXPORT
+match to 192.0.2.41 community BLACKHOLE set nexthop 192.0.2.66
+
+
+# RPKI-based Origin Validation
+# Do not announce INVALID to clients
+deny quick to 192.0.2.41 ext-community $INTCOMM_RPKI_INVALID
+
+# NO_EXPORT and NO_ADVERTISE communities
+# add_noexport_to_any
+match to 192.0.2.41 community 65507:999 set community NO_EXPORT
+match to 192.0.2.41 ext-community rt 65507:999 set community NO_EXPORT
+match to 192.0.2.41 large-community 999:65507:999 set community NO_EXPORT
+
+# add_noadvertise_to_any
+match to 192.0.2.41 community 65508:999 set community NO_ADVERTISE
+match to 192.0.2.41 ext-community rt 65508:999 set community NO_ADVERTISE
+match to 192.0.2.41 large-community 999:65508:999 set community NO_ADVERTISE
+
+# add_noexport_to_peer
+match to 192.0.2.41 community 65509:4 set community NO_EXPORT
+match to 192.0.2.41 ext-community rt 65509:4 set community NO_EXPORT
+match to 192.0.2.41 large-community 999:65509:4 set community NO_EXPORT
+
+# add_noadvertise_to_peer
+match to 192.0.2.41 community 65510:4 set community NO_ADVERTISE
+match to 192.0.2.41 ext-community rt 65510:4 set community NO_ADVERTISE
+match to 192.0.2.41 large-community 999:65510:4 set community NO_ADVERTISE
+
+
+# BGP control communities
+allow to 192.0.2.41
+
+# do_not_announce_to_any
+deny to 192.0.2.41 community 0:999
+deny to 192.0.2.41 ext-community rt 0:999
+deny to 192.0.2.41 large-community 999:0:999
+
+# do_not_announce_to_peer
+deny quick to 192.0.2.41 community 0:4
+deny quick to 192.0.2.41 ext-community rt 0:4
+deny quick to 192.0.2.41 large-community 999:0:4
+
+# do_not_announce_to_peers_with_rtt_higher_than 5 ms
+deny to 192.0.2.41 community 64531:5
+deny to 192.0.2.41 ext-community rt 64531:5
+deny to 192.0.2.41 large-community 999:64531:5
+
+
+# do_not_announce_to_peers_with_rtt_higher_than 10 ms
+deny to 192.0.2.41 community 64531:10
+deny to 192.0.2.41 ext-community rt 64531:10
+deny to 192.0.2.41 large-community 999:64531:10
+
+
+# do_not_announce_to_peers_with_rtt_higher_than 15 ms
+deny to 192.0.2.41 community 64531:15
+deny to 192.0.2.41 ext-community rt 64531:15
+deny to 192.0.2.41 large-community 999:64531:15
+
+
+# do_not_announce_to_peers_with_rtt_higher_than 20 ms
+deny to 192.0.2.41 community 64531:20
+deny to 192.0.2.41 ext-community rt 64531:20
+deny to 192.0.2.41 large-community 999:64531:20
+
+
+# do_not_announce_to_peers_with_rtt_higher_than 30 ms
+deny to 192.0.2.41 community 64531:30
+deny to 192.0.2.41 ext-community rt 64531:30
+deny to 192.0.2.41 large-community 999:64531:30
+
+
+# do_not_announce_to_peers_with_rtt_higher_than 50 ms
+deny to 192.0.2.41 community 64531:50
+deny to 192.0.2.41 ext-community rt 64531:50
+deny to 192.0.2.41 large-community 999:64531:50
+
+
+# do_not_announce_to_peers_with_rtt_higher_than 100 ms
+deny to 192.0.2.41 community 64531:100
+deny to 192.0.2.41 ext-community rt 64531:100
+deny to 192.0.2.41 large-community 999:64531:100
+
+
+# do_not_announce_to_peers_with_rtt_higher_than 200 ms
+deny to 192.0.2.41 community 64531:200
+deny to 192.0.2.41 ext-community rt 64531:200
+deny to 192.0.2.41 large-community 999:64531:200
+
+
+# do_not_announce_to_peers_with_rtt_higher_than 500 ms
+deny to 192.0.2.41 community 64531:500
+deny to 192.0.2.41 ext-community rt 64531:500
+deny to 192.0.2.41 large-community 999:64531:500
+
+
+# announce_to_peers_with_rtt_higher_than 5 ms
+allow to 192.0.2.41 community 64533:5
+allow to 192.0.2.41 ext-community rt 64533:5
+allow to 192.0.2.41 large-community 999:64533:5
+
+
+# announce_to_peers_with_rtt_higher_than 10 ms
+allow to 192.0.2.41 community 64533:10
+allow to 192.0.2.41 ext-community rt 64533:10
+allow to 192.0.2.41 large-community 999:64533:10
+
+
+# announce_to_peers_with_rtt_higher_than 15 ms
+allow to 192.0.2.41 community 64533:15
+allow to 192.0.2.41 ext-community rt 64533:15
+allow to 192.0.2.41 large-community 999:64533:15
+
+
+# announce_to_peers_with_rtt_higher_than 20 ms
+allow to 192.0.2.41 community 64533:20
+allow to 192.0.2.41 ext-community rt 64533:20
+allow to 192.0.2.41 large-community 999:64533:20
+
+
+# announce_to_peers_with_rtt_higher_than 30 ms
+allow to 192.0.2.41 community 64533:30
+allow to 192.0.2.41 ext-community rt 64533:30
+allow to 192.0.2.41 large-community 999:64533:30
+
+
+# announce_to_peers_with_rtt_higher_than 50 ms
+allow to 192.0.2.41 community 64533:50
+allow to 192.0.2.41 ext-community rt 64533:50
+allow to 192.0.2.41 large-community 999:64533:50
+
+
+# announce_to_peers_with_rtt_higher_than 100 ms
+allow to 192.0.2.41 community 64533:100
+allow to 192.0.2.41 ext-community rt 64533:100
+allow to 192.0.2.41 large-community 999:64533:100
+
+
+# announce_to_peers_with_rtt_higher_than 200 ms
+allow to 192.0.2.41 community 64533:200
+allow to 192.0.2.41 ext-community rt 64533:200
+allow to 192.0.2.41 large-community 999:64533:200
+
+
+# announce_to_peers_with_rtt_higher_than 500 ms
+allow to 192.0.2.41 community 64533:500
+allow to 192.0.2.41 ext-community rt 64533:500
+allow to 192.0.2.41 large-community 999:64533:500
+
+
+# announce_to_peer
+allow to 192.0.2.41 community 65501:4
+allow to 192.0.2.41 ext-community rt 65501:4
+allow to 192.0.2.41 large-community 999:65501:4
+
+
+# Add the $INTCOMM_PROCESS_PREPEND_COMMS ext community to signal that communities
+# for prepending can be processed. As soon as one prepending action is performed,
+# this internal community is removed, so that further actions are not processed.
+match to 192.0.2.41 set ext-community $INTCOMM_PROCESS_PREPEND_COMMS
+
+# prepend_once_to_peer AS4; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 65521:4 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 65521:4 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:65521:4 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+# prepend_twice_to_peer AS4; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 65522:4 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 65522:4 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:65522:4 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+# prepend_thrice_to_peer AS4; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 65523:4 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 65523:4 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:65523:4 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_once_to_peers_with_rtt_higher_than 500 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64537:500 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64537:500 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64537:500 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_twice_to_peers_with_rtt_higher_than 500 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64538:500 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64538:500 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64538:500 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_thrice_to_peers_with_rtt_higher_than 500 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64539:500 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64539:500 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64539:500 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_once_to_peers_with_rtt_higher_than 200 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64537:200 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64537:200 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64537:200 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_twice_to_peers_with_rtt_higher_than 200 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64538:200 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64538:200 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64538:200 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_thrice_to_peers_with_rtt_higher_than 200 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64539:200 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64539:200 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64539:200 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_once_to_peers_with_rtt_higher_than 100 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64537:100 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64537:100 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64537:100 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_twice_to_peers_with_rtt_higher_than 100 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64538:100 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64538:100 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64538:100 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_thrice_to_peers_with_rtt_higher_than 100 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64539:100 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64539:100 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64539:100 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_once_to_peers_with_rtt_higher_than 50 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64537:50 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64537:50 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64537:50 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_twice_to_peers_with_rtt_higher_than 50 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64538:50 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64538:50 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64538:50 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_thrice_to_peers_with_rtt_higher_than 50 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64539:50 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64539:50 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64539:50 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_once_to_peers_with_rtt_higher_than 30 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64537:30 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64537:30 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64537:30 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_twice_to_peers_with_rtt_higher_than 30 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64538:30 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64538:30 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64538:30 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_thrice_to_peers_with_rtt_higher_than 30 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64539:30 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64539:30 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64539:30 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_once_to_peers_with_rtt_higher_than 20 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64537:20 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64537:20 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64537:20 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_twice_to_peers_with_rtt_higher_than 20 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64538:20 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64538:20 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64538:20 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_thrice_to_peers_with_rtt_higher_than 20 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64539:20 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64539:20 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64539:20 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_once_to_peers_with_rtt_higher_than 15 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64537:15 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64537:15 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64537:15 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_twice_to_peers_with_rtt_higher_than 15 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64538:15 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64538:15 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64538:15 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_thrice_to_peers_with_rtt_higher_than 15 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64539:15 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64539:15 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64539:15 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_once_to_peers_with_rtt_higher_than 10 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64537:10 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64537:10 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64537:10 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_twice_to_peers_with_rtt_higher_than 10 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64538:10 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64538:10 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64538:10 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_thrice_to_peers_with_rtt_higher_than 10 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64539:10 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64539:10 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64539:10 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_once_to_peers_with_rtt_higher_than 5 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64537:5 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64537:5 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64537:5 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_twice_to_peers_with_rtt_higher_than 5 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64538:5 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64538:5 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64538:5 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_thrice_to_peers_with_rtt_higher_than 5 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64539:5 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64539:5 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64539:5 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+
+# prepend_once_to_any; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 65521:65521 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 65521:65521 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:65521:65521 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+# prepend_twice_to_any; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 65522:65522 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 65522:65522 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:65522:65522 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+# prepend_thrice_to_any; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 65523:65523 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 65523:65523 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:65523:65523 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+
+# ---------------------------------------------
+# client AS4_2, inbound
+
+
+
+# NEXT_HOP
+match from 2001:db8:1:1::41 set community NO_ADVERTISE
+match from 2001:db8:1:1::41 nexthop 2001:db8:1:1::41 set community delete NO_ADVERTISE
+# Reject inbound routes when 'from 2001:db8:1:1::41 community NO_ADVERTISE' - reject code: 5
+allow quick from 2001:db8:1:1::41 community NO_ADVERTISE set {
+	localpref 1
+	community 65520:0
+	community 65520:5
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: left-most ASN
+# Reject inbound routes when 'from 2001:db8:1:1::41 peer-as != 4' - reject code: 6
+# community from reject_cause_map
+allow quick from 2001:db8:1:1::41 peer-as != 4 set {
+	localpref 1
+	community 65520:0
+	community 65520:6
+	large-community 999:1101:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: invalid ASNs
+# Reject inbound routes when 'from 2001:db8:1:1::41 AS 23456' - reject code: 7
+allow quick from 2001:db8:1:1::41 AS 23456 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 2001:db8:1:1::41 AS 64496 - 131071' - reject code: 7
+allow quick from 2001:db8:1:1::41 AS 64496 - 131071 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 2001:db8:1:1::41 AS 4200000000 - 4294967295' - reject code: 7
+allow quick from 2001:db8:1:1::41 AS 4200000000 - 4294967295 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: transit-free ASNs
+# Reject inbound routes when 'from 2001:db8:1:1::41 AS { 3, 174 }' - reject code: 8
+allow quick from 2001:db8:1:1::41 AS { 3, 174 } set {
+	localpref 1
+	community 65520:0
+	community 65520:8
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: never via route-servers ASNs
+# Reject inbound routes when 'from 2001:db8:1:1::41 AS as-set neverviarouteserver' - reject code: 15
+allow quick from 2001:db8:1:1::41 AS as-set neverviarouteserver set {
+	localpref 1
+	community 65520:0
+	community 65520:15
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+
+
+
+
+
+# Blackhole request?
+match from 2001:db8:1:1::41 set ext-community delete rt 65520:4
+
+
+# Remove internal communities before accepting the route
+match from 2001:db8:1:1::41 community BLACKHOLE set {
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+allow from 2001:db8:1:1::41 community 65534:0 set {
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+allow from 2001:db8:1:1::41 large-community 65534:0:0 set {
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# Add the rpki_bgp_origin_validation_not_performed community
+match from 2001:db8:1:1::41 community BLACKHOLE set community 65530:4
+match from 2001:db8:1:1::41 community BLACKHOLE set large-community 999:65530:4
+
+match from 2001:db8:1:1::41 community 65534:0 set { community 65530:4 large-community 999:65530:4}
+match from 2001:db8:1:1::41 large-community 65534:0:0 set { community 65530:4 large-community 999:65530:4}
+
+
+allow quick from 2001:db8:1:1::41 community BLACKHOLE
+allow quick from 2001:db8:1:1::41 community 65534:0
+allow quick from 2001:db8:1:1::41 large-community 65534:0:0
+
+
+match from 2001:db8:1:1::41 set ext-community rt 65520:4
+
+
+# RPKI-based Origin Validation
+# Reject inbound routes when 'from 2001:db8:1:1::41 ext-community $INTCOMM_RPKI_INVALID' - reject code: 14
+allow quick from 2001:db8:1:1::41 ext-community $INTCOMM_RPKI_INVALID set {
+	localpref 1
+	community 65520:0
+	community 65520:14
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# Prefix: length
+# Reject inbound routes when 'from 2001:db8:1:1::41 prefix ::/0 prefixlen 17 >< 48' - reject code: 13
+allow quick from 2001:db8:1:1::41 prefix ::/0 prefixlen 17 >< 48 set {
+	localpref 1
+	community 65520:0
+	community 65520:13
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# Graceful shutdown
+match from 2001:db8:1:1::41 community GRACEFUL_SHUTDOWN set localpref 5
+
+# Remove internal communities before accepting the route
+match from 2001:db8:1:1::41 set {
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+match from 2001:db8:1:1::41 set ext-community delete rt 65520:4
+
+
+
+allow quick from 2001:db8:1:1::41
+
+
+
+# ---------------------------------------------
+# client AS4_2, outbound
+
+deny quick to 2001:db8:1:1::41 community 65520:0
+
+
+
+# Blackhole request?
+# Configured policy: rewrite-next-hop
+match to 2001:db8:1:1::41 community 65534:0 set community BLACKHOLE
+match to 2001:db8:1:1::41 large-community 65534:0:0 set community BLACKHOLE
+
+match to 2001:db8:1:1::41 community BLACKHOLE set community NO_EXPORT
+match to 2001:db8:1:1::41 community BLACKHOLE set nexthop 2001:db8:1:1::66
+
+
+# RPKI-based Origin Validation
+# Do not announce INVALID to clients
+deny quick to 2001:db8:1:1::41 ext-community $INTCOMM_RPKI_INVALID
+
+# NO_EXPORT and NO_ADVERTISE communities
+# add_noexport_to_any
+match to 2001:db8:1:1::41 community 65507:999 set community NO_EXPORT
+match to 2001:db8:1:1::41 ext-community rt 65507:999 set community NO_EXPORT
+match to 2001:db8:1:1::41 large-community 999:65507:999 set community NO_EXPORT
+
+# add_noadvertise_to_any
+match to 2001:db8:1:1::41 community 65508:999 set community NO_ADVERTISE
+match to 2001:db8:1:1::41 ext-community rt 65508:999 set community NO_ADVERTISE
+match to 2001:db8:1:1::41 large-community 999:65508:999 set community NO_ADVERTISE
+
+# add_noexport_to_peer
+match to 2001:db8:1:1::41 community 65509:4 set community NO_EXPORT
+match to 2001:db8:1:1::41 ext-community rt 65509:4 set community NO_EXPORT
+match to 2001:db8:1:1::41 large-community 999:65509:4 set community NO_EXPORT
+
+# add_noadvertise_to_peer
+match to 2001:db8:1:1::41 community 65510:4 set community NO_ADVERTISE
+match to 2001:db8:1:1::41 ext-community rt 65510:4 set community NO_ADVERTISE
+match to 2001:db8:1:1::41 large-community 999:65510:4 set community NO_ADVERTISE
+
+
+# BGP control communities
+allow to 2001:db8:1:1::41
+
+# do_not_announce_to_any
+deny to 2001:db8:1:1::41 community 0:999
+deny to 2001:db8:1:1::41 ext-community rt 0:999
+deny to 2001:db8:1:1::41 large-community 999:0:999
+
+# do_not_announce_to_peer
+deny quick to 2001:db8:1:1::41 community 0:4
+deny quick to 2001:db8:1:1::41 ext-community rt 0:4
+deny quick to 2001:db8:1:1::41 large-community 999:0:4
+
+# announce_to_peer
+allow to 2001:db8:1:1::41 community 65501:4
+allow to 2001:db8:1:1::41 ext-community rt 65501:4
+allow to 2001:db8:1:1::41 large-community 999:65501:4
+
+
+# Add the $INTCOMM_PROCESS_PREPEND_COMMS ext community to signal that communities
+# for prepending can be processed. As soon as one prepending action is performed,
+# this internal community is removed, so that further actions are not processed.
+match to 2001:db8:1:1::41 set ext-community $INTCOMM_PROCESS_PREPEND_COMMS
+
+# prepend_once_to_peer AS4; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 65521:4 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 65521:4 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:65521:4 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+# prepend_twice_to_peer AS4; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 65522:4 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 65522:4 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:65522:4 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+# prepend_thrice_to_peer AS4; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 65523:4 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 65523:4 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:65523:4 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+
+# prepend_once_to_any; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 65521:65521 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 65521:65521 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:65521:65521 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+# prepend_twice_to_any; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 65522:65522 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 65522:65522 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:65522:65522 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+# prepend_thrice_to_any; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 65523:65523 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 65523:65523 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:65523:65523 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+
+
+
+# Scrub communities from outbound routes
+# add_noadvertise_to_any
+match to group clients set community delete 65508:999
+match to group clients set ext-community delete rt 65508:999
+match to group clients set large-community delete 999:65508:999
+
+# add_noadvertise_to_peer
+match to group clients set community delete 65510:*
+match to group clients set ext-community delete rt 65510:*
+match to group clients set large-community delete 999:65510:*
+
+# add_noexport_to_any
+match to group clients set community delete 65507:999
+match to group clients set ext-community delete rt 65507:999
+match to group clients set large-community delete 999:65507:999
+
+# add_noexport_to_peer
+match to group clients set community delete 65509:*
+match to group clients set ext-community delete rt 65509:*
+match to group clients set large-community delete 999:65509:*
+
+# announce_to_peer
+match to group clients set community delete 65501:*
+match to group clients set ext-community delete rt 65501:*
+match to group clients set large-community delete 999:65501:*
+
+# announce_to_peers_with_rtt_higher_than
+match to group clients set community delete 64533:*
+match to group clients set ext-community delete rt 64533:*
+match to group clients set large-community delete 999:64533:*
+
+# announce_to_peers_with_rtt_lower_than
+match to group clients set community delete 64532:*
+match to group clients set ext-community delete rt 64532:*
+match to group clients set large-community delete 999:64532:*
+
+# blackholing
+match to group clients set community delete 65534:0
+match to group clients set large-community delete 65534:0:0
+
+# do_not_announce_to_any
+match to group clients set community delete 0:999
+match to group clients set ext-community delete rt 0:999
+match to group clients set large-community delete 999:0:999
+
+# do_not_announce_to_peer
+match to group clients set community delete 0:*
+match to group clients set ext-community delete rt 0:*
+match to group clients set large-community delete 999:0:*
+
+# do_not_announce_to_peers_with_rtt_higher_than
+match to group clients set community delete 64531:*
+match to group clients set ext-community delete rt 64531:*
+match to group clients set large-community delete 999:64531:*
+
+# do_not_announce_to_peers_with_rtt_lower_than
+match to group clients set community delete 64530:*
+match to group clients set ext-community delete rt 64530:*
+match to group clients set large-community delete 999:64530:*
+
+# prepend_once_to_any
+match to group clients set community delete 65521:65521
+match to group clients set ext-community delete rt 65521:65521
+match to group clients set large-community delete 999:65521:65521
+
+# prepend_once_to_peer
+match to group clients set community delete 65521:*
+match to group clients set ext-community delete rt 65521:*
+match to group clients set large-community delete 999:65521:*
+
+# prepend_once_to_peers_with_rtt_higher_than
+match to group clients set community delete 64537:*
+match to group clients set ext-community delete rt 64537:*
+match to group clients set large-community delete 999:64537:*
+
+# prepend_once_to_peers_with_rtt_lower_than
+match to group clients set community delete 64534:*
+match to group clients set ext-community delete rt 64534:*
+match to group clients set large-community delete 999:64534:*
+
+# prepend_thrice_to_any
+match to group clients set community delete 65523:65523
+match to group clients set ext-community delete rt 65523:65523
+match to group clients set large-community delete 999:65523:65523
+
+# prepend_thrice_to_peer
+match to group clients set community delete 65523:*
+match to group clients set ext-community delete rt 65523:*
+match to group clients set large-community delete 999:65523:*
+
+# prepend_thrice_to_peers_with_rtt_higher_than
+match to group clients set community delete 64539:*
+match to group clients set ext-community delete rt 64539:*
+match to group clients set large-community delete 999:64539:*
+
+# prepend_thrice_to_peers_with_rtt_lower_than
+match to group clients set community delete 64536:*
+match to group clients set ext-community delete rt 64536:*
+match to group clients set large-community delete 999:64536:*
+
+# prepend_twice_to_any
+match to group clients set community delete 65522:65522
+match to group clients set ext-community delete rt 65522:65522
+match to group clients set large-community delete 999:65522:65522
+
+# prepend_twice_to_peer
+match to group clients set community delete 65522:*
+match to group clients set ext-community delete rt 65522:*
+match to group clients set large-community delete 999:65522:*
+
+# prepend_twice_to_peers_with_rtt_higher_than
+match to group clients set community delete 64538:*
+match to group clients set ext-community delete rt 64538:*
+match to group clients set large-community delete 999:64538:*
+
+# prepend_twice_to_peers_with_rtt_lower_than
+match to group clients set community delete 64535:*
+match to group clients set ext-community delete rt 64535:*
+match to group clients set large-community delete 999:64535:*
+
+# reject_cause
+match to group clients set community delete 65520:*
+
+# reject_cause_map_6
+match to group clients set large-community delete 999:1101:7
+
+# rejected_route_announced_by
+match to group clients set ext-community delete rt 65520:*
+
+
+# Scrub prepending communities
+match to group clients set {
+	community delete 65521:65521
+	ext-community delete rt 65521:65521
+	large-community delete 999:65521:65521
+
+}
+match to group clients set {
+	community delete 65521:*
+	ext-community delete rt 65521:*
+	large-community delete 999:65521:*
+
+}
+match to group clients set {
+	community delete 64537:*
+	ext-community delete rt 64537:*
+	large-community delete 999:64537:*
+
+}
+match to group clients set {
+	community delete 64534:*
+	ext-community delete rt 64534:*
+	large-community delete 999:64534:*
+
+}
+match to group clients set {
+	community delete 65523:65523
+	ext-community delete rt 65523:65523
+	large-community delete 999:65523:65523
+
+}
+match to group clients set {
+	community delete 65523:*
+	ext-community delete rt 65523:*
+	large-community delete 999:65523:*
+
+}
+match to group clients set {
+	community delete 64539:*
+	ext-community delete rt 64539:*
+	large-community delete 999:64539:*
+
+}
+match to group clients set {
+	community delete 64536:*
+	ext-community delete rt 64536:*
+	large-community delete 999:64536:*
+
+}
+match to group clients set {
+	community delete 65522:65522
+	ext-community delete rt 65522:65522
+	large-community delete 999:65522:65522
+
+}
+match to group clients set {
+	community delete 65522:*
+	ext-community delete rt 65522:*
+	large-community delete 999:65522:*
+
+}
+match to group clients set {
+	community delete 64538:*
+	ext-community delete rt 64538:*
+	large-community delete 999:64538:*
+
+}
+match to group clients set {
+	community delete 64535:*
+	ext-community delete rt 64535:*
+	large-community delete 999:64535:*
+
+}
+
+
+# RFC1997 NO_EXPORT/NO_ADVERTISE received from clients and propagated because of pass-through policy
+match to group clients ext-community $INTCOMM_NO_EXPORT set community NO_EXPORT
+match to group clients ext-community $INTCOMM_NO_ADVERTISE set community NO_ADVERTISE
+
+# Remove internal communities before announcing the route
+match to group clients set {
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+include "/etc/bgpd/post-filters.local"
+
+
diff --git a/tests/live_tests/scenarios/global/configs/BasicScenario_OpenBGPDIPv4/openbgpd77p.conf b/tests/live_tests/scenarios/global/configs/BasicScenario_OpenBGPDIPv4/openbgpd77p.conf
new file mode 100644
index 00000000..f3b3121f
--- /dev/null
+++ b/tests/live_tests/scenarios/global/configs/BasicScenario_OpenBGPDIPv4/openbgpd77p.conf
@@ -0,0 +1,10254 @@
+# built by ARouteServer
+AS 999
+router-id 192.0.2.2
+
+fib-update no
+log updates
+
+nexthop qualify via default
+
+rde evaluate all
+
+INTCOMM_PREF_OK_ROA="soo 65535:1"
+INTCOMM_ROUTE_OK_WL="soo 65535:2"
+INTCOMM_PREF_OK_ARINDB="soo 65535:3"
+INTCOMM_PREF_OK_REGISTROBRDB="soo 65535:12"
+
+INTCOMM_ORIGIN_OK="soo 65535:4"
+INTCOMM_ORIGIN_KO="soo 65535:5"
+INTCOMM_PREFIX_OK="soo 65535:6"
+INTCOMM_PREFIX_KO="soo 65535:7"
+INTCOMM_IRR_REJECT="soo 65535:8"
+
+INTCOMM_RPKI_UNKNOWN="soo 65535:9"
+INTCOMM_RPKI_INVALID="soo 65535:10"
+INTCOMM_RPKI_VALID="soo 65535:11"
+
+INTCOMM_PROCESS_PREPEND_COMMS="soo 65535:13"
+
+INTCOMM_NO_EXPORT="soo 65535:65281"
+INTCOMM_NO_ADVERTISE="soo 65535:65282"
+
+# ---------------------------------------------------------
+# IRRDB
+
+# AS222, used by client AS222_1, client AS222_2
+# no origin ASNs found for AS222
+# no prefixes found for AS222
+
+# AS2, used by client AS2_1, client AS2_2
+# no origin ASNs found for AS2
+# no prefixes found for AS2
+
+# AS-AS1, AS-AS1_CUSTOMERS, used by client AS1_1, client AS1_2, client AS1_3, client AS1_4
+as-set "AS_SET_AS_AS1_AS_AS1_CUSTOMERS_asns" {
+    1 101 103 104
+}
+prefix-set "AS_SET_AS_AS1_AS_AS1_CUSTOMERS_prefixes" {
+    1.0.0.0/8 prefixlen 8 - 32
+    128.0.0.0/7 prefixlen 7 - 32
+    101.0.0.0/16 prefixlen 16 - 32
+    103.0.0.0/16 prefixlen 16 - 32
+}
+
+# AS-AS2, AS-AS2_CUSTOMERS, used by client AS2_1, client AS2_2
+as-set "AS_SET_AS_AS2_AS_AS2_CUSTOMERS_asns" {
+    2 101 103
+}
+prefix-set "AS_SET_AS_AS2_AS_AS2_CUSTOMERS_prefixes" {
+    2.0.0.0/16 prefixlen 16 - 32
+    101.0.0.0/16 prefixlen 16 - 32
+    103.0.0.0/16 prefixlen 16 - 32
+}
+
+# WHITE_LIST_AS1_2, used by client AS1_2 white list
+as-set "AS_SET_WHITE_LIST_AS1_2_asns" {
+    1011
+}
+prefix-set "AS_SET_WHITE_LIST_AS1_2_prefixes" {
+    11.1.0.0/16 prefixlen 16 - 32
+    2a11:1::/32 prefixlen 32 - 128
+}
+
+# AS-AS222, used by client AS222_1, client AS222_2
+as-set "AS_SET_AS_AS222_asns" {
+    333
+}
+prefix-set "AS_SET_AS_AS222_prefixes" {
+    222.0.0.0/8 prefixlen 8 - 32
+}
+
+# AS1, used by client AS1_1, client AS1_2, client AS1_3, client AS1_4
+# no origin ASNs found for AS1
+# no prefixes found for AS1
+
+# WHITE_LIST_AS1_1, used by client AS1_1 white list
+as-set "AS_SET_WHITE_LIST_AS1_1_asns" {
+    1011
+}
+prefix-set "AS_SET_WHITE_LIST_AS1_1_prefixes" {
+    11.1.0.0/16 prefixlen 16 - 32
+    2a11:1::/32 prefixlen 32 - 128
+}
+
+
+
+
+# ---------------------------------------------------------
+# MEMBERS
+
+group "clients" {
+
+	# RTT: 0.1 ms (normalized value: 1)
+	neighbor 192.0.2.11 {
+		remote-as 1
+
+		rde evaluate all
+
+		descr "AS1_1 client"
+		passive
+		ttl-security no
+		transparent-as yes
+		enforce neighbor-as no
+
+		announce as-4byte yes
+		announce IPv6 none
+		announce IPv4 unicast
+
+		set nexthop no-modify
+	}
+
+	neighbor 2001:db8:1:1::11 {
+		remote-as 1
+
+		rde evaluate all
+
+		descr "AS1_1 client"
+		passive
+		ttl-security no
+		transparent-as yes
+		enforce neighbor-as no
+
+		announce as-4byte yes
+		announce IPv6 unicast
+		announce IPv4 none
+
+		set nexthop no-modify
+	}
+
+	# RTT: 5 ms (normalized value: 5)
+	neighbor 192.0.2.12 {
+		remote-as 1
+
+		rde evaluate all
+
+		descr "AS1_2 client"
+		passive
+		ttl-security no
+		transparent-as yes
+		enforce neighbor-as no
+
+		announce as-4byte yes
+		announce IPv6 none
+		announce IPv4 unicast
+
+		set nexthop no-modify
+	}
+
+	neighbor 2001:db8:1:1::12 {
+		remote-as 1
+
+		rde evaluate all
+
+		descr "AS1_2 client"
+		passive
+		ttl-security no
+		transparent-as yes
+		enforce neighbor-as no
+
+		announce as-4byte yes
+		announce IPv6 unicast
+		announce IPv4 none
+
+		set nexthop no-modify
+	}
+
+	neighbor 192.0.2.222 {
+		remote-as 222
+
+		rde evaluate all
+
+		descr "AS222_1 client"
+		ttl-security no
+		transparent-as yes
+		enforce neighbor-as no
+
+		announce as-4byte yes
+		announce IPv6 none
+		announce IPv4 unicast
+
+		set nexthop no-modify
+	}
+
+	neighbor 2001:db8:1:1::222 {
+		remote-as 222
+
+		rde evaluate all
+
+		descr "AS222_1 client"
+		ttl-security no
+		transparent-as yes
+		enforce neighbor-as no
+
+		announce as-4byte yes
+		announce IPv6 unicast
+		announce IPv4 none
+
+		set nexthop no-modify
+	}
+
+	# RTT: 17.3 ms (normalized value: 17)
+	neighbor 192.0.2.21 {
+		remote-as 2
+
+		rde evaluate all
+
+		descr "AS2_1 client"
+		passive
+		ttl-security no
+		transparent-as yes
+		enforce neighbor-as no
+
+		announce as-4byte yes
+		announce IPv6 none
+		announce IPv4 unicast
+
+		set nexthop no-modify
+	}
+
+	neighbor 2001:db8:1:1::21 {
+		remote-as 2
+
+		rde evaluate all
+
+		descr "AS2_1 client"
+		passive
+		ttl-security no
+		transparent-as yes
+		enforce neighbor-as no
+
+		announce as-4byte yes
+		announce IPv6 unicast
+		announce IPv4 none
+
+		set nexthop no-modify
+	}
+
+	# RTT: 123.8 ms (normalized value: 124)
+	neighbor 192.0.2.31 {
+		remote-as 3
+
+		rde evaluate all
+
+		descr "AS3_1 client"
+		ttl-security no
+		transparent-as no
+		enforce neighbor-as no
+
+		announce as-4byte yes
+		announce IPv6 none
+		announce IPv4 unicast
+		announce add-path send best plus 5
+
+		set nexthop no-modify
+	}
+
+	neighbor 2001:db8:1:1::31 {
+		remote-as 3
+
+		rde evaluate all
+
+		descr "AS3_1 client"
+		ttl-security no
+		transparent-as no
+		enforce neighbor-as no
+
+		announce as-4byte yes
+		announce IPv6 unicast
+		announce IPv4 none
+		announce add-path send best plus 5
+
+		set nexthop no-modify
+	}
+
+	# RTT: 600 ms (normalized value: 600)
+	neighbor 192.0.2.41 {
+		remote-as 4
+
+		rde evaluate all
+
+		descr "AS4_1 client"
+		passive
+		ttl-security no
+		transparent-as yes
+		enforce neighbor-as no
+
+		announce as-4byte yes
+		announce IPv6 none
+		announce IPv4 unicast
+
+		set nexthop no-modify
+	}
+
+	neighbor 2001:db8:1:1::41 {
+		remote-as 4
+
+		rde evaluate all
+
+		descr "AS4_1 client"
+		passive
+		ttl-security no
+		transparent-as yes
+		enforce neighbor-as no
+
+		announce as-4byte yes
+		announce IPv6 unicast
+		announce IPv4 none
+
+		set nexthop no-modify
+	}
+}
+
+include "/etc/bgpd/post-clients.local"
+
+
+
+# ---------------------------------------------------------
+# FILTERS
+
+# NO_ADVERTISE usage notes.
+# The NO_ADVERTISE well-know community is used here to handle
+# filters that span over multiple steps. At first it is added
+# to any route, then it is removed as filters conditions are
+# satisfied. Finally, if it is still present, it means that
+# the route should be discarded.
+
+
+
+
+prefix-set "global_black_list_pref" {
+    192.0.2.0/24 prefixlen 24 - 32
+    2001:db8::/32 prefixlen 32 - 128
+
+}
+
+prefix-set "bogons" {
+    0.0.0.0/0
+    0.0.0.0/8 prefixlen 8 - 32
+    10.0.0.0/8 prefixlen 8 - 32
+    127.0.0.0/8 prefixlen 8 - 32
+    169.254.0.0/16 prefixlen 16 - 32
+    172.16.0.0/12 prefixlen 12 - 32
+    192.0.2.0/24 prefixlen 24 - 32
+    192.88.99.0/24 prefixlen 24 - 32
+    192.168.0.0/16 prefixlen 16 - 32
+    198.18.0.0/15 prefixlen 15 - 32
+    198.51.100.0/24 prefixlen 24 - 32
+    203.0.113.0/24 prefixlen 24 - 32
+    224.0.0.0/3 prefixlen 3 - 32
+    100.64.0.0/10 prefixlen 10 - 32
+    ::/0
+    ::/8 prefixlen 8 - 128
+    64:ff9b::/96 prefixlen 96 - 128
+    100::/8 prefixlen 8 - 128
+    200::/7 prefixlen 7 - 128
+    400::/6 prefixlen 6 - 128
+    800::/5 prefixlen 5 - 128
+    1000::/4 prefixlen 4 - 128
+    2001::/33 prefixlen 33 - 128
+    2001:0:8000::/33 prefixlen 33 - 128
+    2001:2::/48 prefixlen 48 - 128
+    2001:3::/32 prefixlen 32 - 128
+    2001:10::/28 prefixlen 28 - 128
+    2001:20::/28 prefixlen 28 - 128
+    2001:db8::/32 prefixlen 32 - 128
+    2002::/16 prefixlen 16 - 128
+    3ffe::/16 prefixlen 16 - 128
+    4000::/3 prefixlen 3 - 128
+    5f00::/8 prefixlen 8 - 128
+    6000::/3 prefixlen 3 - 128
+    8000::/3 prefixlen 3 - 128
+    a000::/3 prefixlen 3 - 128
+    c000::/3 prefixlen 3 - 128
+    e000::/4 prefixlen 4 - 128
+    f000::/5 prefixlen 5 - 128
+    f800::/6 prefixlen 6 - 128
+    fc00::/7 prefixlen 7 - 128
+    fe80::/10 prefixlen 10 - 128
+    fec0::/10 prefixlen 10 - 128
+    ff00::/8 prefixlen 8 - 128
+
+}
+
+# never via route-servers ASNs
+as-set "neverviarouteserver" {
+	666, 777
+}
+
+# =====================================================================================
+# Global rules.
+
+# This part of configuration is processed at the beginning of the filters.
+# The rules defined in this part are applied to all the clients, and not on a
+# client-by-client basis (see the 'match from group clients'), so only global policies
+# can be implemented here, that is no client-level configuration are allowed.
+
+
+
+# Scrub communities from inbound routes
+# origin_not_present_in_as_set
+match from group clients set community delete 65530:0
+match from group clients set large-community delete 999:65530:0
+
+# origin_present_in_as_set
+match from group clients set community delete 65530:1
+match from group clients set large-community delete 999:65530:1
+
+# prefix_validated_via_arin_whois_db_dump
+match from group clients set community delete 65530:3
+match from group clients set large-community delete 999:65530:3
+
+# prefix_validated_via_rpki_roas
+match from group clients set community delete 65530:2
+match from group clients set large-community delete 999:65530:2
+
+# reject_cause
+match from group clients set community delete 65520:*
+
+# reject_cause_map_6
+match from group clients set large-community delete 999:1101:7
+
+# rejected_route_announced_by
+match from group clients set ext-community delete rt 65520:*
+
+# rpki_bgp_origin_validation_not_performed
+match from group clients set community delete 65530:4
+match from group clients set large-community delete 999:65530:4
+
+
+# Scrub internal communities from inbound routes
+match from group clients set {
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+# The main goal of this block is to enrich routes received from clients by attaching to them
+# internal informational communities which are used later by the rest of the filter rules.
+
+# Internal communities used for RFC1997 well-known communities handling
+
+# Transform NO_EXPORT into $INTCOMM_NO_EXPORT
+match from group clients community NO_EXPORT set { ext-community $INTCOMM_NO_EXPORT community delete NO_EXPORT }
+
+# Transform NO_ADVERTISE into $INTCOMM_NO_ADVERTISE
+match from group clients community NO_ADVERTISE set { ext-community $INTCOMM_NO_ADVERTISE community delete NO_ADVERTISE }
+
+
+# ---------------------------------------------------------
+# ROAs source
+
+
+roa-set {
+    101.3.0.0/16 maxlen 24 source-as 105 expires 4102444799
+    101.2.0.0/17 source-as 101 expires 4102444799
+    101.2.128.0/17 maxlen 24 source-as 101 expires 4102444799
+    101.0.128.0/20 maxlen 23 source-as 101 expires 4102444799
+    101.0.8.0/24 source-as 101 expires 4102444799
+    101.0.9.0/24 source-as 102 expires 4102444799
+    222.1.1.0/24 source-as 333 expires 4102444799
+    3101:3::/32 maxlen 48 source-as 105 expires 4102444799
+    3101:0:8000::/33 maxlen 34 source-as 101 expires 4102444799
+    3101:2:8000::/33 maxlen 48 source-as 101 expires 4102444799
+    3101:2::/33 source-as 101 expires 4102444799
+    3101:0:8::/48 source-as 101 expires 4102444799
+    3101:0:9::/48 source-as 102 expires 4102444799
+    3222:0:1::/48 source-as 333 expires 4102444799
+
+}
+
+
+
+# ---------------------------------------------------------
+# RPKI-based Origin Validation
+
+
+# Add $INTCOMM_RPKI_UNKNOWN, $INTCOMM_RPKI_INVALID and $INTCOMM_RPKI_VALID
+# ext community on the basis of ovs.
+match from group clients ovs not-found set {
+    ext-community $INTCOMM_RPKI_UNKNOWN
+    ext-community ovs not-found
+    
+}
+match from group clients ovs valid set {
+    ext-community $INTCOMM_RPKI_VALID
+    ext-community ovs valid
+    
+}
+match from group clients ovs invalid set {
+    ext-community $INTCOMM_RPKI_INVALID
+    ext-community ovs invalid
+    
+}
+
+
+
+# ---------------------------------------------------------
+# RPKI ROAs used as route objects.
+
+# Add the $INTCOMM_PREF_OK_ROA ext community to routes whose
+# origin ASN has a ROA for the announced prefix.
+# It will be used later during IRRDB validation in
+# case the origin ASN is authorized by a client's
+# AS-SET but the prefix is not.
+
+# Since RPKI-based Origin Validation is already performed above,
+# use the origin validation state to identify valid routes.
+match from group clients ovs valid set ext-community $INTCOMM_PREF_OK_ROA
+
+
+# ARIN Whois records used for preifx validation
+# ---------------------------------------------
+
+# Add the $INTCOMM_PREF_OK_ARINDB ext community to routes whose
+# origin ASN has an ARIN Whois record for the announced prefix.
+# It will be used later during IRRDB validation in
+# case the origin ASN is authorized by a client's
+# AS-SET but the prefix is not.
+origin-set "ARINDB" {
+104.0.0.0/23 prefixlen 23 - 32 source-as 104
+3104::/32 prefixlen 32 - 128 source-as 104
+}
+match from group clients origin-set ARINDB set ext-community $INTCOMM_PREF_OK_ARINDB
+
+# NIC.BR Whois records used for preifx validation
+# -----------------------------------------------
+
+# Add the $INTCOMM_PREF_OK_REGISTROBRDB ext community to routes whose
+# origin ASN has a NIC.BR Whois record for the announced prefix.
+# It will be used later during IRRDB validation in
+# case the origin ASN is authorized by a client's
+# AS-SET but the prefix is not.
+origin-set "REGISTROBRDB" {
+104.1.1.0/24 prefixlen 24 - 32 source-as 104
+3104:1:1::/48 prefixlen 48 - 128 source-as 104
+}
+match from group clients origin-set REGISTROBRDB set ext-community $INTCOMM_PREF_OK_REGISTROBRDB
+
+
+
+# Set the 'rejected_route_announced_by' community for all the clients.
+# It will be removed later if the route is not invalid
+match from 192.0.2.11 set ext-community rt 65520:1
+
+match from 2001:db8:1:1::11 set ext-community rt 65520:1
+
+match from 192.0.2.12 set ext-community rt 65520:1
+
+match from 2001:db8:1:1::12 set ext-community rt 65520:1
+
+match from 192.0.2.222 set ext-community rt 65520:222
+
+match from 2001:db8:1:1::222 set ext-community rt 65520:222
+
+match from 192.0.2.21 set ext-community rt 65520:2
+
+match from 2001:db8:1:1::21 set ext-community rt 65520:2
+
+match from 192.0.2.31 set ext-community rt 65520:3
+
+match from 2001:db8:1:1::31 set ext-community rt 65520:3
+
+match from 192.0.2.41 set ext-community rt 65520:4
+
+match from 2001:db8:1:1::41 set ext-community rt 65520:4
+
+
+
+
+# AS_PATH: length
+# Reject inbound routes when 'from group clients max-as-len 6' - reject code: 1
+allow quick from group clients max-as-len 6 set {
+	localpref 1
+	community 65520:0
+	community 65520:1
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# Prefix: global blacklist
+# Reject inbound routes when 'from group clients prefix-set global_black_list_pref' - reject code: 3
+allow quick from group clients prefix-set global_black_list_pref set {
+	localpref 1
+	community 65520:0
+	community 65520:3
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# Prefix: only IPv6 Global Unicast space allowed
+match from group clients inet6 set community NO_ADVERTISE
+match from group clients prefix 2000::/3 or-longer set community delete NO_ADVERTISE
+# Reject inbound routes when 'from group clients community NO_ADVERTISE' - reject code: 10
+allow quick from group clients community NO_ADVERTISE set {
+	localpref 1
+	community 65520:0
+	community 65520:10
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# Prefix: bogon
+# Reject inbound routes when 'from group clients prefix-set bogons' - reject code: 2
+allow quick from group clients prefix-set bogons set {
+	localpref 1
+	community 65520:0
+	community 65520:2
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+
+# =====================================================================================
+# Per client rules.
+
+
+# ---------------------------------------------
+# client AS1_1, inbound
+
+
+
+# NEXT_HOP
+match from 192.0.2.11 set community NO_ADVERTISE
+match from 192.0.2.11 nexthop 192.0.2.11 set community delete NO_ADVERTISE
+# Reject inbound routes when 'from 192.0.2.11 community NO_ADVERTISE' - reject code: 5
+allow quick from 192.0.2.11 community NO_ADVERTISE set {
+	localpref 1
+	community 65520:0
+	community 65520:5
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: left-most ASN
+# Reject inbound routes when 'from 192.0.2.11 peer-as != 1' - reject code: 6
+# community from reject_cause_map
+allow quick from 192.0.2.11 peer-as != 1 set {
+	localpref 1
+	community 65520:0
+	community 65520:6
+	large-community 999:1101:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: invalid ASNs
+# Reject inbound routes when 'from 192.0.2.11 AS 23456' - reject code: 7
+allow quick from 192.0.2.11 AS 23456 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 192.0.2.11 AS 64496 - 131071' - reject code: 7
+allow quick from 192.0.2.11 AS 64496 - 131071 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 192.0.2.11 AS 4200000000 - 4294967295' - reject code: 7
+allow quick from 192.0.2.11 AS 4200000000 - 4294967295 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: transit-free ASNs
+# Reject inbound routes when 'from 192.0.2.11 AS { 3, 174 }' - reject code: 8
+allow quick from 192.0.2.11 AS { 3, 174 } set {
+	localpref 1
+	community 65520:0
+	community 65520:8
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: never via route-servers ASNs
+# Reject inbound routes when 'from 192.0.2.11 AS as-set neverviarouteserver' - reject code: 15
+allow quick from 192.0.2.11 AS as-set neverviarouteserver set {
+	localpref 1
+	community 65520:0
+	community 65520:15
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# client's white list
+# Add the $INTCOMM_ROUTE_OK_WL ext community to routes which
+# are validated by a client's white list entry.
+# It will be used later during IRRDB validation in
+# case the route is not authorized by a client's
+# AS-SET.
+match from 192.0.2.11 prefix 11.3.0.0/16 source-as 1011 set ext-community $INTCOMM_ROUTE_OK_WL	# None
+match from 192.0.2.11 prefix 11.4.0.0/16 prefixlen 16 - 32 set ext-community $INTCOMM_ROUTE_OK_WL	# None
+match from 192.0.2.11 prefix 2a11:3::/32 source-as 1011 set ext-community $INTCOMM_ROUTE_OK_WL	# None
+match from 192.0.2.11 prefix 2a11:4::/32 prefixlen 32 - 128 set ext-community $INTCOMM_ROUTE_OK_WL	# None
+
+match from 192.0.2.11 set ext-community $INTCOMM_IRR_REJECT
+
+# AS_PATH: check origin via AS-SET
+# IRRDB filters for AS1_1, AS1: asns
+# add $INTCOMM_ORIGIN_KO to any; it will be removed later if at least one AS-SET authorizes this object
+match from 192.0.2.11 set ext-community $INTCOMM_ORIGIN_KO
+# verifying if object is authorized by AS-SETs
+match from 192.0.2.11 source-as as-set AS_SET_AS_AS1_AS_AS1_CUSTOMERS_asns set {
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community $INTCOMM_ORIGIN_OK
+} # AS_AS1_AS_AS1_CUSTOMERS
+# AS-SET AS1 referenced but empty.
+match from 192.0.2.11 source-as as-set AS_SET_WHITE_LIST_AS1_1_asns set {
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community $INTCOMM_ORIGIN_OK
+} # WHITE_LIST_AS1_1
+
+
+# Prefix: check prefix via AS-SET
+# IRRDB filters for AS1_1, AS1: prefixes
+# add $INTCOMM_PREFIX_KO to any; it will be removed later if at least one AS-SET authorizes this object
+match from 192.0.2.11 set ext-community $INTCOMM_PREFIX_KO
+# verifying if object is authorized by AS-SETs
+match from 192.0.2.11 prefix-set AS_SET_AS_AS1_AS_AS1_CUSTOMERS_prefixes set {
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community $INTCOMM_PREFIX_OK
+} # AS_AS1_AS_AS1_CUSTOMERS
+# AS-SET AS1 referenced but empty.
+match from 192.0.2.11 prefix-set AS_SET_WHITE_LIST_AS1_1_prefixes set {
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community $INTCOMM_PREFIX_OK
+} # WHITE_LIST_AS1_1
+
+
+# routes tagged with $INTCOMM_PREF_OK_ROA community have the prefix validated by a ROA; origin ASN previously validated ($INTCOMM_ORIGIN_OK)
+match from 192.0.2.11 ext-community $INTCOMM_ORIGIN_OK ext-community $INTCOMM_PREF_OK_ROA set ext-community delete $INTCOMM_IRR_REJECT
+
+# routes tagged with $INTCOMM_PREF_OK_ARINDB community have the prefix validated by an ARIN Whois record; origin ASN previously validated ($INTCOMM_ORIGIN_OK)
+match from 192.0.2.11 ext-community $INTCOMM_ORIGIN_OK ext-community $INTCOMM_PREF_OK_ARINDB set ext-community delete $INTCOMM_IRR_REJECT
+
+# routes tagged with $INTCOMM_PREF_OK_REGISTROBRDB community have the prefix validated by a NICBR Whois record; origin ASN previously validated ($INTCOMM_ORIGIN_OK)
+match from 192.0.2.11 ext-community $INTCOMM_ORIGIN_OK ext-community $INTCOMM_PREF_OK_REGISTROBRDB set ext-community delete $INTCOMM_IRR_REJECT
+
+# route authorized by a client's white list?
+match from 192.0.2.11 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_ROUTE_OK_WL set ext-community delete $INTCOMM_IRR_REJECT
+
+# enforcing: origin ASN
+# Reject inbound routes when 'from 192.0.2.11 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_ORIGIN_KO' - reject code: 9
+allow quick from 192.0.2.11 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_ORIGIN_KO set {
+	localpref 1
+	community 65520:0
+	community 65520:9
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# enforcing: prefix
+# Reject inbound routes when 'from 192.0.2.11 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_PREFIX_KO' - reject code: 12
+allow quick from 192.0.2.11 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_PREFIX_KO set {
+	localpref 1
+	community 65520:0
+	community 65520:12
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# Blackhole request?
+match from 192.0.2.11 set ext-community delete rt 65520:1
+
+
+# Remove internal communities before accepting the route
+match from 192.0.2.11 community BLACKHOLE set {
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+allow from 192.0.2.11 community 65534:0 set {
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+allow from 192.0.2.11 large-community 65534:0:0 set {
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# Add the rpki_bgp_origin_validation_not_performed community
+match from 192.0.2.11 community BLACKHOLE set community 65530:4
+match from 192.0.2.11 community BLACKHOLE set large-community 999:65530:4
+
+match from 192.0.2.11 community 65534:0 set { community 65530:4 large-community 999:65530:4}
+match from 192.0.2.11 large-community 65534:0:0 set { community 65530:4 large-community 999:65530:4}
+
+
+allow quick from 192.0.2.11 community BLACKHOLE
+allow quick from 192.0.2.11 community 65534:0
+allow quick from 192.0.2.11 large-community 65534:0:0
+
+
+match from 192.0.2.11 set ext-community rt 65520:1
+
+
+# RPKI-based Origin Validation
+# Reject inbound routes when 'from 192.0.2.11 ext-community $INTCOMM_RPKI_INVALID' - reject code: 14
+allow quick from 192.0.2.11 ext-community $INTCOMM_RPKI_INVALID set {
+	localpref 1
+	community 65520:0
+	community 65520:14
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# Prefix: length
+# Reject inbound routes when 'from 192.0.2.11 prefix 0.0.0.0/0 prefixlen 8 >< 24' - reject code: 13
+allow quick from 192.0.2.11 prefix 0.0.0.0/0 prefixlen 8 >< 24 set {
+	localpref 1
+	community 65520:0
+	community 65520:13
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# Graceful shutdown
+match from 192.0.2.11 community GRACEFUL_SHUTDOWN set localpref 5
+
+# Remove internal communities before accepting the route
+match from 192.0.2.11 set {
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+match from 192.0.2.11 set ext-community delete rt 65520:1
+
+
+
+allow quick from 192.0.2.11
+
+
+
+# ---------------------------------------------
+# client AS1_1, outbound
+
+deny quick to 192.0.2.11 community 65520:0
+
+
+
+# Blackhole request?
+# Configured policy: rewrite-next-hop
+match to 192.0.2.11 community 65534:0 set community BLACKHOLE
+match to 192.0.2.11 large-community 65534:0:0 set community BLACKHOLE
+
+match to 192.0.2.11 community BLACKHOLE set community NO_EXPORT
+match to 192.0.2.11 community BLACKHOLE set nexthop 192.0.2.66
+
+
+# RPKI-based Origin Validation
+# Do not announce INVALID to clients
+deny quick to 192.0.2.11 ext-community $INTCOMM_RPKI_INVALID
+
+# NO_EXPORT and NO_ADVERTISE communities
+# add_noexport_to_any
+match to 192.0.2.11 community 65507:999 set community NO_EXPORT
+match to 192.0.2.11 ext-community rt 65507:999 set community NO_EXPORT
+match to 192.0.2.11 large-community 999:65507:999 set community NO_EXPORT
+
+# add_noadvertise_to_any
+match to 192.0.2.11 community 65508:999 set community NO_ADVERTISE
+match to 192.0.2.11 ext-community rt 65508:999 set community NO_ADVERTISE
+match to 192.0.2.11 large-community 999:65508:999 set community NO_ADVERTISE
+
+# add_noexport_to_peer
+match to 192.0.2.11 community 65509:1 set community NO_EXPORT
+match to 192.0.2.11 ext-community rt 65509:1 set community NO_EXPORT
+match to 192.0.2.11 large-community 999:65509:1 set community NO_EXPORT
+
+# add_noadvertise_to_peer
+match to 192.0.2.11 community 65510:1 set community NO_ADVERTISE
+match to 192.0.2.11 ext-community rt 65510:1 set community NO_ADVERTISE
+match to 192.0.2.11 large-community 999:65510:1 set community NO_ADVERTISE
+
+
+# BGP control communities
+allow to 192.0.2.11
+
+# do_not_announce_to_any
+deny to 192.0.2.11 community 0:999
+deny to 192.0.2.11 ext-community rt 0:999
+deny to 192.0.2.11 large-community 999:0:999
+
+# do_not_announce_to_peer
+deny quick to 192.0.2.11 community 0:1
+deny quick to 192.0.2.11 ext-community rt 0:1
+deny quick to 192.0.2.11 large-community 999:0:1
+
+# do_not_announce_to_peers_with_rtt_lower_than 5 ms
+deny to 192.0.2.11 community 64530:5
+deny to 192.0.2.11 ext-community rt 64530:5
+deny to 192.0.2.11 large-community 999:64530:5
+
+
+# do_not_announce_to_peers_with_rtt_lower_than 10 ms
+deny to 192.0.2.11 community 64530:10
+deny to 192.0.2.11 ext-community rt 64530:10
+deny to 192.0.2.11 large-community 999:64530:10
+
+
+# do_not_announce_to_peers_with_rtt_lower_than 15 ms
+deny to 192.0.2.11 community 64530:15
+deny to 192.0.2.11 ext-community rt 64530:15
+deny to 192.0.2.11 large-community 999:64530:15
+
+
+# do_not_announce_to_peers_with_rtt_lower_than 20 ms
+deny to 192.0.2.11 community 64530:20
+deny to 192.0.2.11 ext-community rt 64530:20
+deny to 192.0.2.11 large-community 999:64530:20
+
+
+# do_not_announce_to_peers_with_rtt_lower_than 30 ms
+deny to 192.0.2.11 community 64530:30
+deny to 192.0.2.11 ext-community rt 64530:30
+deny to 192.0.2.11 large-community 999:64530:30
+
+
+# do_not_announce_to_peers_with_rtt_lower_than 50 ms
+deny to 192.0.2.11 community 64530:50
+deny to 192.0.2.11 ext-community rt 64530:50
+deny to 192.0.2.11 large-community 999:64530:50
+
+
+# do_not_announce_to_peers_with_rtt_lower_than 100 ms
+deny to 192.0.2.11 community 64530:100
+deny to 192.0.2.11 ext-community rt 64530:100
+deny to 192.0.2.11 large-community 999:64530:100
+
+
+# do_not_announce_to_peers_with_rtt_lower_than 200 ms
+deny to 192.0.2.11 community 64530:200
+deny to 192.0.2.11 ext-community rt 64530:200
+deny to 192.0.2.11 large-community 999:64530:200
+
+
+# do_not_announce_to_peers_with_rtt_lower_than 500 ms
+deny to 192.0.2.11 community 64530:500
+deny to 192.0.2.11 ext-community rt 64530:500
+deny to 192.0.2.11 large-community 999:64530:500
+
+
+# announce_to_peers_with_rtt_lower_than 5 ms
+allow to 192.0.2.11 community 64532:5
+allow to 192.0.2.11 ext-community rt 64532:5
+allow to 192.0.2.11 large-community 999:64532:5
+
+
+# announce_to_peers_with_rtt_lower_than 10 ms
+allow to 192.0.2.11 community 64532:10
+allow to 192.0.2.11 ext-community rt 64532:10
+allow to 192.0.2.11 large-community 999:64532:10
+
+
+# announce_to_peers_with_rtt_lower_than 15 ms
+allow to 192.0.2.11 community 64532:15
+allow to 192.0.2.11 ext-community rt 64532:15
+allow to 192.0.2.11 large-community 999:64532:15
+
+
+# announce_to_peers_with_rtt_lower_than 20 ms
+allow to 192.0.2.11 community 64532:20
+allow to 192.0.2.11 ext-community rt 64532:20
+allow to 192.0.2.11 large-community 999:64532:20
+
+
+# announce_to_peers_with_rtt_lower_than 30 ms
+allow to 192.0.2.11 community 64532:30
+allow to 192.0.2.11 ext-community rt 64532:30
+allow to 192.0.2.11 large-community 999:64532:30
+
+
+# announce_to_peers_with_rtt_lower_than 50 ms
+allow to 192.0.2.11 community 64532:50
+allow to 192.0.2.11 ext-community rt 64532:50
+allow to 192.0.2.11 large-community 999:64532:50
+
+
+# announce_to_peers_with_rtt_lower_than 100 ms
+allow to 192.0.2.11 community 64532:100
+allow to 192.0.2.11 ext-community rt 64532:100
+allow to 192.0.2.11 large-community 999:64532:100
+
+
+# announce_to_peers_with_rtt_lower_than 200 ms
+allow to 192.0.2.11 community 64532:200
+allow to 192.0.2.11 ext-community rt 64532:200
+allow to 192.0.2.11 large-community 999:64532:200
+
+
+# announce_to_peers_with_rtt_lower_than 500 ms
+allow to 192.0.2.11 community 64532:500
+allow to 192.0.2.11 ext-community rt 64532:500
+allow to 192.0.2.11 large-community 999:64532:500
+
+
+# announce_to_peer
+allow to 192.0.2.11 community 65501:1
+allow to 192.0.2.11 ext-community rt 65501:1
+allow to 192.0.2.11 large-community 999:65501:1
+
+
+# Add the $INTCOMM_PROCESS_PREPEND_COMMS ext community to signal that communities
+# for prepending can be processed. As soon as one prepending action is performed,
+# this internal community is removed, so that further actions are not processed.
+match to 192.0.2.11 set ext-community $INTCOMM_PROCESS_PREPEND_COMMS
+
+# prepend_once_to_peer AS1; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 65521:1 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 65521:1 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:65521:1 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+# prepend_twice_to_peer AS1; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 65522:1 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 65522:1 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:65522:1 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+# prepend_thrice_to_peer AS1; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 65523:1 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 65523:1 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:65523:1 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_once_to_peers_with_rtt_lower_than 5 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64534:5 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64534:5 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64534:5 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_twice_to_peers_with_rtt_lower_than 5 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64535:5 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64535:5 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64535:5 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_thrice_to_peers_with_rtt_lower_than 5 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64536:5 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64536:5 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64536:5 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_once_to_peers_with_rtt_lower_than 10 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64534:10 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64534:10 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64534:10 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_twice_to_peers_with_rtt_lower_than 10 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64535:10 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64535:10 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64535:10 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_thrice_to_peers_with_rtt_lower_than 10 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64536:10 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64536:10 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64536:10 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_once_to_peers_with_rtt_lower_than 15 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64534:15 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64534:15 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64534:15 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_twice_to_peers_with_rtt_lower_than 15 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64535:15 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64535:15 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64535:15 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_thrice_to_peers_with_rtt_lower_than 15 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64536:15 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64536:15 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64536:15 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_once_to_peers_with_rtt_lower_than 20 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64534:20 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64534:20 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64534:20 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_twice_to_peers_with_rtt_lower_than 20 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64535:20 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64535:20 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64535:20 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_thrice_to_peers_with_rtt_lower_than 20 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64536:20 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64536:20 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64536:20 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_once_to_peers_with_rtt_lower_than 30 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64534:30 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64534:30 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64534:30 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_twice_to_peers_with_rtt_lower_than 30 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64535:30 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64535:30 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64535:30 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_thrice_to_peers_with_rtt_lower_than 30 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64536:30 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64536:30 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64536:30 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_once_to_peers_with_rtt_lower_than 50 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64534:50 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64534:50 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64534:50 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_twice_to_peers_with_rtt_lower_than 50 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64535:50 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64535:50 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64535:50 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_thrice_to_peers_with_rtt_lower_than 50 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64536:50 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64536:50 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64536:50 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_once_to_peers_with_rtt_lower_than 100 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64534:100 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64534:100 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64534:100 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_twice_to_peers_with_rtt_lower_than 100 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64535:100 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64535:100 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64535:100 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_thrice_to_peers_with_rtt_lower_than 100 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64536:100 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64536:100 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64536:100 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_once_to_peers_with_rtt_lower_than 200 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64534:200 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64534:200 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64534:200 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_twice_to_peers_with_rtt_lower_than 200 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64535:200 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64535:200 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64535:200 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_thrice_to_peers_with_rtt_lower_than 200 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64536:200 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64536:200 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64536:200 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_once_to_peers_with_rtt_lower_than 500 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64534:500 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64534:500 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64534:500 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_twice_to_peers_with_rtt_lower_than 500 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64535:500 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64535:500 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64535:500 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_thrice_to_peers_with_rtt_lower_than 500 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64536:500 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64536:500 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64536:500 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+
+# prepend_once_to_any; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 65521:65521 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 65521:65521 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:65521:65521 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+# prepend_twice_to_any; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 65522:65522 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 65522:65522 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:65522:65522 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+# prepend_thrice_to_any; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 65523:65523 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 65523:65523 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:65523:65523 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+
+# ---------------------------------------------
+# client AS1_2, inbound
+
+
+
+# NEXT_HOP
+match from 2001:db8:1:1::11 set community NO_ADVERTISE
+match from 2001:db8:1:1::11 nexthop 2001:db8:1:1::11 set community delete NO_ADVERTISE
+# Reject inbound routes when 'from 2001:db8:1:1::11 community NO_ADVERTISE' - reject code: 5
+allow quick from 2001:db8:1:1::11 community NO_ADVERTISE set {
+	localpref 1
+	community 65520:0
+	community 65520:5
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: left-most ASN
+# Reject inbound routes when 'from 2001:db8:1:1::11 peer-as != 1' - reject code: 6
+# community from reject_cause_map
+allow quick from 2001:db8:1:1::11 peer-as != 1 set {
+	localpref 1
+	community 65520:0
+	community 65520:6
+	large-community 999:1101:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: invalid ASNs
+# Reject inbound routes when 'from 2001:db8:1:1::11 AS 23456' - reject code: 7
+allow quick from 2001:db8:1:1::11 AS 23456 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 2001:db8:1:1::11 AS 64496 - 131071' - reject code: 7
+allow quick from 2001:db8:1:1::11 AS 64496 - 131071 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 2001:db8:1:1::11 AS 4200000000 - 4294967295' - reject code: 7
+allow quick from 2001:db8:1:1::11 AS 4200000000 - 4294967295 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: transit-free ASNs
+# Reject inbound routes when 'from 2001:db8:1:1::11 AS { 3, 174 }' - reject code: 8
+allow quick from 2001:db8:1:1::11 AS { 3, 174 } set {
+	localpref 1
+	community 65520:0
+	community 65520:8
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: never via route-servers ASNs
+# Reject inbound routes when 'from 2001:db8:1:1::11 AS as-set neverviarouteserver' - reject code: 15
+allow quick from 2001:db8:1:1::11 AS as-set neverviarouteserver set {
+	localpref 1
+	community 65520:0
+	community 65520:15
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# client's white list
+# Add the $INTCOMM_ROUTE_OK_WL ext community to routes which
+# are validated by a client's white list entry.
+# It will be used later during IRRDB validation in
+# case the route is not authorized by a client's
+# AS-SET.
+match from 2001:db8:1:1::11 prefix 11.3.0.0/16 source-as 1011 set ext-community $INTCOMM_ROUTE_OK_WL	# None
+match from 2001:db8:1:1::11 prefix 11.4.0.0/16 prefixlen 16 - 32 set ext-community $INTCOMM_ROUTE_OK_WL	# None
+match from 2001:db8:1:1::11 prefix 2a11:3::/32 source-as 1011 set ext-community $INTCOMM_ROUTE_OK_WL	# None
+match from 2001:db8:1:1::11 prefix 2a11:4::/32 prefixlen 32 - 128 set ext-community $INTCOMM_ROUTE_OK_WL	# None
+
+match from 2001:db8:1:1::11 set ext-community $INTCOMM_IRR_REJECT
+
+# AS_PATH: check origin via AS-SET
+# IRRDB filters for AS1_2, AS1: asns
+# add $INTCOMM_ORIGIN_KO to any; it will be removed later if at least one AS-SET authorizes this object
+match from 2001:db8:1:1::11 set ext-community $INTCOMM_ORIGIN_KO
+# verifying if object is authorized by AS-SETs
+match from 2001:db8:1:1::11 source-as as-set AS_SET_AS_AS1_AS_AS1_CUSTOMERS_asns set {
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community $INTCOMM_ORIGIN_OK
+} # AS_AS1_AS_AS1_CUSTOMERS
+match from 2001:db8:1:1::11 source-as as-set AS_SET_WHITE_LIST_AS1_2_asns set {
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community $INTCOMM_ORIGIN_OK
+} # WHITE_LIST_AS1_2
+# AS-SET AS1 referenced but empty.
+
+
+# Prefix: check prefix via AS-SET
+# IRRDB filters for AS1_2, AS1: prefixes
+# add $INTCOMM_PREFIX_KO to any; it will be removed later if at least one AS-SET authorizes this object
+match from 2001:db8:1:1::11 set ext-community $INTCOMM_PREFIX_KO
+# verifying if object is authorized by AS-SETs
+match from 2001:db8:1:1::11 prefix-set AS_SET_AS_AS1_AS_AS1_CUSTOMERS_prefixes set {
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community $INTCOMM_PREFIX_OK
+} # AS_AS1_AS_AS1_CUSTOMERS
+match from 2001:db8:1:1::11 prefix-set AS_SET_WHITE_LIST_AS1_2_prefixes set {
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community $INTCOMM_PREFIX_OK
+} # WHITE_LIST_AS1_2
+# AS-SET AS1 referenced but empty.
+
+
+# routes tagged with $INTCOMM_PREF_OK_ROA community have the prefix validated by a ROA; origin ASN previously validated ($INTCOMM_ORIGIN_OK)
+match from 2001:db8:1:1::11 ext-community $INTCOMM_ORIGIN_OK ext-community $INTCOMM_PREF_OK_ROA set ext-community delete $INTCOMM_IRR_REJECT
+
+# routes tagged with $INTCOMM_PREF_OK_ARINDB community have the prefix validated by an ARIN Whois record; origin ASN previously validated ($INTCOMM_ORIGIN_OK)
+match from 2001:db8:1:1::11 ext-community $INTCOMM_ORIGIN_OK ext-community $INTCOMM_PREF_OK_ARINDB set ext-community delete $INTCOMM_IRR_REJECT
+
+# routes tagged with $INTCOMM_PREF_OK_REGISTROBRDB community have the prefix validated by a NICBR Whois record; origin ASN previously validated ($INTCOMM_ORIGIN_OK)
+match from 2001:db8:1:1::11 ext-community $INTCOMM_ORIGIN_OK ext-community $INTCOMM_PREF_OK_REGISTROBRDB set ext-community delete $INTCOMM_IRR_REJECT
+
+# route authorized by a client's white list?
+match from 2001:db8:1:1::11 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_ROUTE_OK_WL set ext-community delete $INTCOMM_IRR_REJECT
+
+# enforcing: origin ASN
+# Reject inbound routes when 'from 2001:db8:1:1::11 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_ORIGIN_KO' - reject code: 9
+allow quick from 2001:db8:1:1::11 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_ORIGIN_KO set {
+	localpref 1
+	community 65520:0
+	community 65520:9
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# enforcing: prefix
+# Reject inbound routes when 'from 2001:db8:1:1::11 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_PREFIX_KO' - reject code: 12
+allow quick from 2001:db8:1:1::11 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_PREFIX_KO set {
+	localpref 1
+	community 65520:0
+	community 65520:12
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# Blackhole request?
+match from 2001:db8:1:1::11 set ext-community delete rt 65520:1
+
+
+# Remove internal communities before accepting the route
+match from 2001:db8:1:1::11 community BLACKHOLE set {
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+allow from 2001:db8:1:1::11 community 65534:0 set {
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+allow from 2001:db8:1:1::11 large-community 65534:0:0 set {
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# Add the rpki_bgp_origin_validation_not_performed community
+match from 2001:db8:1:1::11 community BLACKHOLE set community 65530:4
+match from 2001:db8:1:1::11 community BLACKHOLE set large-community 999:65530:4
+
+match from 2001:db8:1:1::11 community 65534:0 set { community 65530:4 large-community 999:65530:4}
+match from 2001:db8:1:1::11 large-community 65534:0:0 set { community 65530:4 large-community 999:65530:4}
+
+
+allow quick from 2001:db8:1:1::11 community BLACKHOLE
+allow quick from 2001:db8:1:1::11 community 65534:0
+allow quick from 2001:db8:1:1::11 large-community 65534:0:0
+
+
+match from 2001:db8:1:1::11 set ext-community rt 65520:1
+
+
+# RPKI-based Origin Validation
+# Reject inbound routes when 'from 2001:db8:1:1::11 ext-community $INTCOMM_RPKI_INVALID' - reject code: 14
+allow quick from 2001:db8:1:1::11 ext-community $INTCOMM_RPKI_INVALID set {
+	localpref 1
+	community 65520:0
+	community 65520:14
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# Prefix: length
+# Reject inbound routes when 'from 2001:db8:1:1::11 prefix ::/0 prefixlen 17 >< 48' - reject code: 13
+allow quick from 2001:db8:1:1::11 prefix ::/0 prefixlen 17 >< 48 set {
+	localpref 1
+	community 65520:0
+	community 65520:13
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# Graceful shutdown
+match from 2001:db8:1:1::11 community GRACEFUL_SHUTDOWN set localpref 5
+
+# Remove internal communities before accepting the route
+match from 2001:db8:1:1::11 set {
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+match from 2001:db8:1:1::11 set ext-community delete rt 65520:1
+
+
+
+allow quick from 2001:db8:1:1::11
+
+
+
+# ---------------------------------------------
+# client AS1_2, outbound
+
+deny quick to 2001:db8:1:1::11 community 65520:0
+
+
+
+# Blackhole request?
+# Configured policy: rewrite-next-hop
+match to 2001:db8:1:1::11 community 65534:0 set community BLACKHOLE
+match to 2001:db8:1:1::11 large-community 65534:0:0 set community BLACKHOLE
+
+match to 2001:db8:1:1::11 community BLACKHOLE set community NO_EXPORT
+match to 2001:db8:1:1::11 community BLACKHOLE set nexthop 2001:db8:1:1::66
+
+
+# RPKI-based Origin Validation
+# Do not announce INVALID to clients
+deny quick to 2001:db8:1:1::11 ext-community $INTCOMM_RPKI_INVALID
+
+# NO_EXPORT and NO_ADVERTISE communities
+# add_noexport_to_any
+match to 2001:db8:1:1::11 community 65507:999 set community NO_EXPORT
+match to 2001:db8:1:1::11 ext-community rt 65507:999 set community NO_EXPORT
+match to 2001:db8:1:1::11 large-community 999:65507:999 set community NO_EXPORT
+
+# add_noadvertise_to_any
+match to 2001:db8:1:1::11 community 65508:999 set community NO_ADVERTISE
+match to 2001:db8:1:1::11 ext-community rt 65508:999 set community NO_ADVERTISE
+match to 2001:db8:1:1::11 large-community 999:65508:999 set community NO_ADVERTISE
+
+# add_noexport_to_peer
+match to 2001:db8:1:1::11 community 65509:1 set community NO_EXPORT
+match to 2001:db8:1:1::11 ext-community rt 65509:1 set community NO_EXPORT
+match to 2001:db8:1:1::11 large-community 999:65509:1 set community NO_EXPORT
+
+# add_noadvertise_to_peer
+match to 2001:db8:1:1::11 community 65510:1 set community NO_ADVERTISE
+match to 2001:db8:1:1::11 ext-community rt 65510:1 set community NO_ADVERTISE
+match to 2001:db8:1:1::11 large-community 999:65510:1 set community NO_ADVERTISE
+
+
+# BGP control communities
+allow to 2001:db8:1:1::11
+
+# do_not_announce_to_any
+deny to 2001:db8:1:1::11 community 0:999
+deny to 2001:db8:1:1::11 ext-community rt 0:999
+deny to 2001:db8:1:1::11 large-community 999:0:999
+
+# do_not_announce_to_peer
+deny quick to 2001:db8:1:1::11 community 0:1
+deny quick to 2001:db8:1:1::11 ext-community rt 0:1
+deny quick to 2001:db8:1:1::11 large-community 999:0:1
+
+# announce_to_peer
+allow to 2001:db8:1:1::11 community 65501:1
+allow to 2001:db8:1:1::11 ext-community rt 65501:1
+allow to 2001:db8:1:1::11 large-community 999:65501:1
+
+
+# Add the $INTCOMM_PROCESS_PREPEND_COMMS ext community to signal that communities
+# for prepending can be processed. As soon as one prepending action is performed,
+# this internal community is removed, so that further actions are not processed.
+match to 2001:db8:1:1::11 set ext-community $INTCOMM_PROCESS_PREPEND_COMMS
+
+# prepend_once_to_peer AS1; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 65521:1 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 65521:1 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:65521:1 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+# prepend_twice_to_peer AS1; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 65522:1 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 65522:1 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:65522:1 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+# prepend_thrice_to_peer AS1; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 65523:1 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 65523:1 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:65523:1 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+
+# prepend_once_to_any; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 65521:65521 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 65521:65521 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:65521:65521 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+# prepend_twice_to_any; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 65522:65522 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 65522:65522 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:65522:65522 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+# prepend_thrice_to_any; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 65523:65523 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 65523:65523 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:65523:65523 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+
+# ---------------------------------------------
+# client AS1_3, inbound
+
+
+
+# NEXT_HOP
+match from 192.0.2.12 set community NO_ADVERTISE
+match from 192.0.2.12 nexthop 192.0.2.11 set community delete NO_ADVERTISE
+match from 192.0.2.12 nexthop 192.0.2.12 set community delete NO_ADVERTISE
+# Reject inbound routes when 'from 192.0.2.12 community NO_ADVERTISE' - reject code: 5
+allow quick from 192.0.2.12 community NO_ADVERTISE set {
+	localpref 1
+	community 65520:0
+	community 65520:5
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: left-most ASN
+# Reject inbound routes when 'from 192.0.2.12 peer-as != 1' - reject code: 6
+# community from reject_cause_map
+allow quick from 192.0.2.12 peer-as != 1 set {
+	localpref 1
+	community 65520:0
+	community 65520:6
+	large-community 999:1101:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: invalid ASNs
+# Reject inbound routes when 'from 192.0.2.12 AS 23456' - reject code: 7
+allow quick from 192.0.2.12 AS 23456 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 192.0.2.12 AS 64496 - 131071' - reject code: 7
+allow quick from 192.0.2.12 AS 64496 - 131071 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 192.0.2.12 AS 4200000000 - 4294967295' - reject code: 7
+allow quick from 192.0.2.12 AS 4200000000 - 4294967295 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: transit-free ASNs
+# Reject inbound routes when 'from 192.0.2.12 AS { 3, 174 }' - reject code: 8
+allow quick from 192.0.2.12 AS { 3, 174 } set {
+	localpref 1
+	community 65520:0
+	community 65520:8
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: never via route-servers ASNs
+# Reject inbound routes when 'from 192.0.2.12 AS as-set neverviarouteserver' - reject code: 15
+allow quick from 192.0.2.12 AS as-set neverviarouteserver set {
+	localpref 1
+	community 65520:0
+	community 65520:15
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+match from 192.0.2.12 set ext-community $INTCOMM_IRR_REJECT
+
+# AS_PATH: check origin via AS-SET
+# IRRDB filters for AS1_3, AS1: asns
+# add $INTCOMM_ORIGIN_KO to any; it will be removed later if at least one AS-SET authorizes this object
+match from 192.0.2.12 set ext-community $INTCOMM_ORIGIN_KO
+# verifying if object is authorized by AS-SETs
+match from 192.0.2.12 source-as as-set AS_SET_AS_AS1_AS_AS1_CUSTOMERS_asns set {
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community $INTCOMM_ORIGIN_OK
+} # AS_AS1_AS_AS1_CUSTOMERS
+# AS-SET AS1 referenced but empty.
+
+
+# Prefix: check prefix via AS-SET
+# IRRDB filters for AS1_3, AS1: prefixes
+# add $INTCOMM_PREFIX_KO to any; it will be removed later if at least one AS-SET authorizes this object
+match from 192.0.2.12 set ext-community $INTCOMM_PREFIX_KO
+# verifying if object is authorized by AS-SETs
+match from 192.0.2.12 prefix-set AS_SET_AS_AS1_AS_AS1_CUSTOMERS_prefixes set {
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community $INTCOMM_PREFIX_OK
+} # AS_AS1_AS_AS1_CUSTOMERS
+# AS-SET AS1 referenced but empty.
+
+
+# routes tagged with $INTCOMM_PREF_OK_ROA community have the prefix validated by a ROA; origin ASN previously validated ($INTCOMM_ORIGIN_OK)
+match from 192.0.2.12 ext-community $INTCOMM_ORIGIN_OK ext-community $INTCOMM_PREF_OK_ROA set ext-community delete $INTCOMM_IRR_REJECT
+
+# routes tagged with $INTCOMM_PREF_OK_ARINDB community have the prefix validated by an ARIN Whois record; origin ASN previously validated ($INTCOMM_ORIGIN_OK)
+match from 192.0.2.12 ext-community $INTCOMM_ORIGIN_OK ext-community $INTCOMM_PREF_OK_ARINDB set ext-community delete $INTCOMM_IRR_REJECT
+
+# routes tagged with $INTCOMM_PREF_OK_REGISTROBRDB community have the prefix validated by a NICBR Whois record; origin ASN previously validated ($INTCOMM_ORIGIN_OK)
+match from 192.0.2.12 ext-community $INTCOMM_ORIGIN_OK ext-community $INTCOMM_PREF_OK_REGISTROBRDB set ext-community delete $INTCOMM_IRR_REJECT
+
+
+# enforcing: origin ASN
+# Reject inbound routes when 'from 192.0.2.12 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_ORIGIN_KO' - reject code: 9
+allow quick from 192.0.2.12 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_ORIGIN_KO set {
+	localpref 1
+	community 65520:0
+	community 65520:9
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# enforcing: prefix
+# Reject inbound routes when 'from 192.0.2.12 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_PREFIX_KO' - reject code: 12
+allow quick from 192.0.2.12 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_PREFIX_KO set {
+	localpref 1
+	community 65520:0
+	community 65520:12
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# Blackhole request?
+match from 192.0.2.12 set ext-community delete rt 65520:1
+
+
+# Remove internal communities before accepting the route
+match from 192.0.2.12 community BLACKHOLE set {
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+allow from 192.0.2.12 community 65534:0 set {
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+allow from 192.0.2.12 large-community 65534:0:0 set {
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# Add the rpki_bgp_origin_validation_not_performed community
+match from 192.0.2.12 community BLACKHOLE set community 65530:4
+match from 192.0.2.12 community BLACKHOLE set large-community 999:65530:4
+
+match from 192.0.2.12 community 65534:0 set { community 65530:4 large-community 999:65530:4}
+match from 192.0.2.12 large-community 65534:0:0 set { community 65530:4 large-community 999:65530:4}
+
+
+allow quick from 192.0.2.12 community BLACKHOLE
+allow quick from 192.0.2.12 community 65534:0
+allow quick from 192.0.2.12 large-community 65534:0:0
+
+
+match from 192.0.2.12 set ext-community rt 65520:1
+
+
+# RPKI-based Origin Validation
+# Reject inbound routes when 'from 192.0.2.12 ext-community $INTCOMM_RPKI_INVALID' - reject code: 14
+allow quick from 192.0.2.12 ext-community $INTCOMM_RPKI_INVALID set {
+	localpref 1
+	community 65520:0
+	community 65520:14
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# Prefix: length
+# Reject inbound routes when 'from 192.0.2.12 prefix 0.0.0.0/0 prefixlen 8 >< 24' - reject code: 13
+allow quick from 192.0.2.12 prefix 0.0.0.0/0 prefixlen 8 >< 24 set {
+	localpref 1
+	community 65520:0
+	community 65520:13
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# Graceful shutdown
+match from 192.0.2.12 community GRACEFUL_SHUTDOWN set localpref 5
+
+# Remove internal communities before accepting the route
+match from 192.0.2.12 set {
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+match from 192.0.2.12 set ext-community delete rt 65520:1
+
+
+
+allow quick from 192.0.2.12
+
+
+
+# ---------------------------------------------
+# client AS1_3, outbound
+
+deny quick to 192.0.2.12 community 65520:0
+
+
+
+# Blackhole request?
+# Client not enabled to receive blackhole routes
+deny quick to 192.0.2.12 community BLACKHOLE
+deny quick to 192.0.2.12 community 65534:0
+deny quick to 192.0.2.12 large-community 65534:0:0
+
+
+# RPKI-based Origin Validation
+# Do not announce INVALID to clients
+deny quick to 192.0.2.12 ext-community $INTCOMM_RPKI_INVALID
+
+# NO_EXPORT and NO_ADVERTISE communities
+# add_noexport_to_any
+match to 192.0.2.12 community 65507:999 set community NO_EXPORT
+match to 192.0.2.12 ext-community rt 65507:999 set community NO_EXPORT
+match to 192.0.2.12 large-community 999:65507:999 set community NO_EXPORT
+
+# add_noadvertise_to_any
+match to 192.0.2.12 community 65508:999 set community NO_ADVERTISE
+match to 192.0.2.12 ext-community rt 65508:999 set community NO_ADVERTISE
+match to 192.0.2.12 large-community 999:65508:999 set community NO_ADVERTISE
+
+# add_noexport_to_peer
+match to 192.0.2.12 community 65509:1 set community NO_EXPORT
+match to 192.0.2.12 ext-community rt 65509:1 set community NO_EXPORT
+match to 192.0.2.12 large-community 999:65509:1 set community NO_EXPORT
+
+# add_noadvertise_to_peer
+match to 192.0.2.12 community 65510:1 set community NO_ADVERTISE
+match to 192.0.2.12 ext-community rt 65510:1 set community NO_ADVERTISE
+match to 192.0.2.12 large-community 999:65510:1 set community NO_ADVERTISE
+
+
+# BGP control communities
+allow to 192.0.2.12
+
+# do_not_announce_to_any
+deny to 192.0.2.12 community 0:999
+deny to 192.0.2.12 ext-community rt 0:999
+deny to 192.0.2.12 large-community 999:0:999
+
+# do_not_announce_to_peer
+deny quick to 192.0.2.12 community 0:1
+deny quick to 192.0.2.12 ext-community rt 0:1
+deny quick to 192.0.2.12 large-community 999:0:1
+
+# do_not_announce_to_peers_with_rtt_lower_than 5 ms
+deny to 192.0.2.12 community 64530:5
+deny to 192.0.2.12 ext-community rt 64530:5
+deny to 192.0.2.12 large-community 999:64530:5
+
+
+# do_not_announce_to_peers_with_rtt_lower_than 10 ms
+deny to 192.0.2.12 community 64530:10
+deny to 192.0.2.12 ext-community rt 64530:10
+deny to 192.0.2.12 large-community 999:64530:10
+
+
+# do_not_announce_to_peers_with_rtt_lower_than 15 ms
+deny to 192.0.2.12 community 64530:15
+deny to 192.0.2.12 ext-community rt 64530:15
+deny to 192.0.2.12 large-community 999:64530:15
+
+
+# do_not_announce_to_peers_with_rtt_lower_than 20 ms
+deny to 192.0.2.12 community 64530:20
+deny to 192.0.2.12 ext-community rt 64530:20
+deny to 192.0.2.12 large-community 999:64530:20
+
+
+# do_not_announce_to_peers_with_rtt_lower_than 30 ms
+deny to 192.0.2.12 community 64530:30
+deny to 192.0.2.12 ext-community rt 64530:30
+deny to 192.0.2.12 large-community 999:64530:30
+
+
+# do_not_announce_to_peers_with_rtt_lower_than 50 ms
+deny to 192.0.2.12 community 64530:50
+deny to 192.0.2.12 ext-community rt 64530:50
+deny to 192.0.2.12 large-community 999:64530:50
+
+
+# do_not_announce_to_peers_with_rtt_lower_than 100 ms
+deny to 192.0.2.12 community 64530:100
+deny to 192.0.2.12 ext-community rt 64530:100
+deny to 192.0.2.12 large-community 999:64530:100
+
+
+# do_not_announce_to_peers_with_rtt_lower_than 200 ms
+deny to 192.0.2.12 community 64530:200
+deny to 192.0.2.12 ext-community rt 64530:200
+deny to 192.0.2.12 large-community 999:64530:200
+
+
+# do_not_announce_to_peers_with_rtt_lower_than 500 ms
+deny to 192.0.2.12 community 64530:500
+deny to 192.0.2.12 ext-community rt 64530:500
+deny to 192.0.2.12 large-community 999:64530:500
+
+
+# announce_to_peers_with_rtt_lower_than 5 ms
+allow to 192.0.2.12 community 64532:5
+allow to 192.0.2.12 ext-community rt 64532:5
+allow to 192.0.2.12 large-community 999:64532:5
+
+
+# announce_to_peers_with_rtt_lower_than 10 ms
+allow to 192.0.2.12 community 64532:10
+allow to 192.0.2.12 ext-community rt 64532:10
+allow to 192.0.2.12 large-community 999:64532:10
+
+
+# announce_to_peers_with_rtt_lower_than 15 ms
+allow to 192.0.2.12 community 64532:15
+allow to 192.0.2.12 ext-community rt 64532:15
+allow to 192.0.2.12 large-community 999:64532:15
+
+
+# announce_to_peers_with_rtt_lower_than 20 ms
+allow to 192.0.2.12 community 64532:20
+allow to 192.0.2.12 ext-community rt 64532:20
+allow to 192.0.2.12 large-community 999:64532:20
+
+
+# announce_to_peers_with_rtt_lower_than 30 ms
+allow to 192.0.2.12 community 64532:30
+allow to 192.0.2.12 ext-community rt 64532:30
+allow to 192.0.2.12 large-community 999:64532:30
+
+
+# announce_to_peers_with_rtt_lower_than 50 ms
+allow to 192.0.2.12 community 64532:50
+allow to 192.0.2.12 ext-community rt 64532:50
+allow to 192.0.2.12 large-community 999:64532:50
+
+
+# announce_to_peers_with_rtt_lower_than 100 ms
+allow to 192.0.2.12 community 64532:100
+allow to 192.0.2.12 ext-community rt 64532:100
+allow to 192.0.2.12 large-community 999:64532:100
+
+
+# announce_to_peers_with_rtt_lower_than 200 ms
+allow to 192.0.2.12 community 64532:200
+allow to 192.0.2.12 ext-community rt 64532:200
+allow to 192.0.2.12 large-community 999:64532:200
+
+
+# announce_to_peers_with_rtt_lower_than 500 ms
+allow to 192.0.2.12 community 64532:500
+allow to 192.0.2.12 ext-community rt 64532:500
+allow to 192.0.2.12 large-community 999:64532:500
+
+
+# announce_to_peer
+allow to 192.0.2.12 community 65501:1
+allow to 192.0.2.12 ext-community rt 65501:1
+allow to 192.0.2.12 large-community 999:65501:1
+
+
+# Add the $INTCOMM_PROCESS_PREPEND_COMMS ext community to signal that communities
+# for prepending can be processed. As soon as one prepending action is performed,
+# this internal community is removed, so that further actions are not processed.
+match to 192.0.2.12 set ext-community $INTCOMM_PROCESS_PREPEND_COMMS
+
+# prepend_once_to_peer AS1; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 65521:1 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 65521:1 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:65521:1 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+# prepend_twice_to_peer AS1; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 65522:1 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 65522:1 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:65522:1 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+# prepend_thrice_to_peer AS1; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 65523:1 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 65523:1 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:65523:1 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_once_to_peers_with_rtt_lower_than 5 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64534:5 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64534:5 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64534:5 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_twice_to_peers_with_rtt_lower_than 5 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64535:5 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64535:5 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64535:5 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_thrice_to_peers_with_rtt_lower_than 5 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64536:5 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64536:5 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64536:5 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_once_to_peers_with_rtt_lower_than 10 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64534:10 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64534:10 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64534:10 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_twice_to_peers_with_rtt_lower_than 10 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64535:10 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64535:10 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64535:10 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_thrice_to_peers_with_rtt_lower_than 10 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64536:10 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64536:10 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64536:10 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_once_to_peers_with_rtt_lower_than 15 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64534:15 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64534:15 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64534:15 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_twice_to_peers_with_rtt_lower_than 15 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64535:15 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64535:15 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64535:15 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_thrice_to_peers_with_rtt_lower_than 15 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64536:15 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64536:15 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64536:15 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_once_to_peers_with_rtt_lower_than 20 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64534:20 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64534:20 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64534:20 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_twice_to_peers_with_rtt_lower_than 20 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64535:20 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64535:20 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64535:20 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_thrice_to_peers_with_rtt_lower_than 20 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64536:20 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64536:20 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64536:20 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_once_to_peers_with_rtt_lower_than 30 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64534:30 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64534:30 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64534:30 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_twice_to_peers_with_rtt_lower_than 30 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64535:30 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64535:30 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64535:30 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_thrice_to_peers_with_rtt_lower_than 30 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64536:30 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64536:30 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64536:30 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_once_to_peers_with_rtt_lower_than 50 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64534:50 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64534:50 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64534:50 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_twice_to_peers_with_rtt_lower_than 50 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64535:50 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64535:50 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64535:50 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_thrice_to_peers_with_rtt_lower_than 50 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64536:50 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64536:50 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64536:50 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_once_to_peers_with_rtt_lower_than 100 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64534:100 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64534:100 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64534:100 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_twice_to_peers_with_rtt_lower_than 100 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64535:100 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64535:100 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64535:100 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_thrice_to_peers_with_rtt_lower_than 100 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64536:100 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64536:100 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64536:100 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_once_to_peers_with_rtt_lower_than 200 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64534:200 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64534:200 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64534:200 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_twice_to_peers_with_rtt_lower_than 200 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64535:200 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64535:200 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64535:200 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_thrice_to_peers_with_rtt_lower_than 200 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64536:200 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64536:200 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64536:200 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_once_to_peers_with_rtt_lower_than 500 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64534:500 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64534:500 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64534:500 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_twice_to_peers_with_rtt_lower_than 500 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64535:500 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64535:500 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64535:500 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_thrice_to_peers_with_rtt_lower_than 500 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64536:500 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64536:500 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64536:500 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+
+# prepend_once_to_any; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 65521:65521 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 65521:65521 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:65521:65521 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+# prepend_twice_to_any; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 65522:65522 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 65522:65522 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:65522:65522 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+# prepend_thrice_to_any; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 65523:65523 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 65523:65523 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:65523:65523 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+
+# ---------------------------------------------
+# client AS1_4, inbound
+
+
+
+# NEXT_HOP
+match from 2001:db8:1:1::12 set community NO_ADVERTISE
+match from 2001:db8:1:1::12 nexthop 2001:db8:1:1::11 set community delete NO_ADVERTISE
+match from 2001:db8:1:1::12 nexthop 2001:db8:1:1::12 set community delete NO_ADVERTISE
+# Reject inbound routes when 'from 2001:db8:1:1::12 community NO_ADVERTISE' - reject code: 5
+allow quick from 2001:db8:1:1::12 community NO_ADVERTISE set {
+	localpref 1
+	community 65520:0
+	community 65520:5
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: left-most ASN
+# Reject inbound routes when 'from 2001:db8:1:1::12 peer-as != 1' - reject code: 6
+# community from reject_cause_map
+allow quick from 2001:db8:1:1::12 peer-as != 1 set {
+	localpref 1
+	community 65520:0
+	community 65520:6
+	large-community 999:1101:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: invalid ASNs
+# Reject inbound routes when 'from 2001:db8:1:1::12 AS 23456' - reject code: 7
+allow quick from 2001:db8:1:1::12 AS 23456 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 2001:db8:1:1::12 AS 64496 - 131071' - reject code: 7
+allow quick from 2001:db8:1:1::12 AS 64496 - 131071 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 2001:db8:1:1::12 AS 4200000000 - 4294967295' - reject code: 7
+allow quick from 2001:db8:1:1::12 AS 4200000000 - 4294967295 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: transit-free ASNs
+# Reject inbound routes when 'from 2001:db8:1:1::12 AS { 3, 174 }' - reject code: 8
+allow quick from 2001:db8:1:1::12 AS { 3, 174 } set {
+	localpref 1
+	community 65520:0
+	community 65520:8
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: never via route-servers ASNs
+# Reject inbound routes when 'from 2001:db8:1:1::12 AS as-set neverviarouteserver' - reject code: 15
+allow quick from 2001:db8:1:1::12 AS as-set neverviarouteserver set {
+	localpref 1
+	community 65520:0
+	community 65520:15
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+match from 2001:db8:1:1::12 set ext-community $INTCOMM_IRR_REJECT
+
+# AS_PATH: check origin via AS-SET
+# IRRDB filters for AS1_4, AS1: asns
+# add $INTCOMM_ORIGIN_KO to any; it will be removed later if at least one AS-SET authorizes this object
+match from 2001:db8:1:1::12 set ext-community $INTCOMM_ORIGIN_KO
+# verifying if object is authorized by AS-SETs
+match from 2001:db8:1:1::12 source-as as-set AS_SET_AS_AS1_AS_AS1_CUSTOMERS_asns set {
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community $INTCOMM_ORIGIN_OK
+} # AS_AS1_AS_AS1_CUSTOMERS
+# AS-SET AS1 referenced but empty.
+
+
+# Prefix: check prefix via AS-SET
+# IRRDB filters for AS1_4, AS1: prefixes
+# add $INTCOMM_PREFIX_KO to any; it will be removed later if at least one AS-SET authorizes this object
+match from 2001:db8:1:1::12 set ext-community $INTCOMM_PREFIX_KO
+# verifying if object is authorized by AS-SETs
+match from 2001:db8:1:1::12 prefix-set AS_SET_AS_AS1_AS_AS1_CUSTOMERS_prefixes set {
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community $INTCOMM_PREFIX_OK
+} # AS_AS1_AS_AS1_CUSTOMERS
+# AS-SET AS1 referenced but empty.
+
+
+# routes tagged with $INTCOMM_PREF_OK_ROA community have the prefix validated by a ROA; origin ASN previously validated ($INTCOMM_ORIGIN_OK)
+match from 2001:db8:1:1::12 ext-community $INTCOMM_ORIGIN_OK ext-community $INTCOMM_PREF_OK_ROA set ext-community delete $INTCOMM_IRR_REJECT
+
+# routes tagged with $INTCOMM_PREF_OK_ARINDB community have the prefix validated by an ARIN Whois record; origin ASN previously validated ($INTCOMM_ORIGIN_OK)
+match from 2001:db8:1:1::12 ext-community $INTCOMM_ORIGIN_OK ext-community $INTCOMM_PREF_OK_ARINDB set ext-community delete $INTCOMM_IRR_REJECT
+
+# routes tagged with $INTCOMM_PREF_OK_REGISTROBRDB community have the prefix validated by a NICBR Whois record; origin ASN previously validated ($INTCOMM_ORIGIN_OK)
+match from 2001:db8:1:1::12 ext-community $INTCOMM_ORIGIN_OK ext-community $INTCOMM_PREF_OK_REGISTROBRDB set ext-community delete $INTCOMM_IRR_REJECT
+
+
+# enforcing: origin ASN
+# Reject inbound routes when 'from 2001:db8:1:1::12 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_ORIGIN_KO' - reject code: 9
+allow quick from 2001:db8:1:1::12 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_ORIGIN_KO set {
+	localpref 1
+	community 65520:0
+	community 65520:9
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# enforcing: prefix
+# Reject inbound routes when 'from 2001:db8:1:1::12 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_PREFIX_KO' - reject code: 12
+allow quick from 2001:db8:1:1::12 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_PREFIX_KO set {
+	localpref 1
+	community 65520:0
+	community 65520:12
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# Blackhole request?
+match from 2001:db8:1:1::12 set ext-community delete rt 65520:1
+
+
+# Remove internal communities before accepting the route
+match from 2001:db8:1:1::12 community BLACKHOLE set {
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+allow from 2001:db8:1:1::12 community 65534:0 set {
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+allow from 2001:db8:1:1::12 large-community 65534:0:0 set {
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# Add the rpki_bgp_origin_validation_not_performed community
+match from 2001:db8:1:1::12 community BLACKHOLE set community 65530:4
+match from 2001:db8:1:1::12 community BLACKHOLE set large-community 999:65530:4
+
+match from 2001:db8:1:1::12 community 65534:0 set { community 65530:4 large-community 999:65530:4}
+match from 2001:db8:1:1::12 large-community 65534:0:0 set { community 65530:4 large-community 999:65530:4}
+
+
+allow quick from 2001:db8:1:1::12 community BLACKHOLE
+allow quick from 2001:db8:1:1::12 community 65534:0
+allow quick from 2001:db8:1:1::12 large-community 65534:0:0
+
+
+match from 2001:db8:1:1::12 set ext-community rt 65520:1
+
+
+# RPKI-based Origin Validation
+# Reject inbound routes when 'from 2001:db8:1:1::12 ext-community $INTCOMM_RPKI_INVALID' - reject code: 14
+allow quick from 2001:db8:1:1::12 ext-community $INTCOMM_RPKI_INVALID set {
+	localpref 1
+	community 65520:0
+	community 65520:14
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# Prefix: length
+# Reject inbound routes when 'from 2001:db8:1:1::12 prefix ::/0 prefixlen 17 >< 48' - reject code: 13
+allow quick from 2001:db8:1:1::12 prefix ::/0 prefixlen 17 >< 48 set {
+	localpref 1
+	community 65520:0
+	community 65520:13
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# Graceful shutdown
+match from 2001:db8:1:1::12 community GRACEFUL_SHUTDOWN set localpref 5
+
+# Remove internal communities before accepting the route
+match from 2001:db8:1:1::12 set {
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+match from 2001:db8:1:1::12 set ext-community delete rt 65520:1
+
+
+
+allow quick from 2001:db8:1:1::12
+
+
+
+# ---------------------------------------------
+# client AS1_4, outbound
+
+deny quick to 2001:db8:1:1::12 community 65520:0
+
+
+
+# Blackhole request?
+# Client not enabled to receive blackhole routes
+deny quick to 2001:db8:1:1::12 community BLACKHOLE
+deny quick to 2001:db8:1:1::12 community 65534:0
+deny quick to 2001:db8:1:1::12 large-community 65534:0:0
+
+
+# RPKI-based Origin Validation
+# Do not announce INVALID to clients
+deny quick to 2001:db8:1:1::12 ext-community $INTCOMM_RPKI_INVALID
+
+# NO_EXPORT and NO_ADVERTISE communities
+# add_noexport_to_any
+match to 2001:db8:1:1::12 community 65507:999 set community NO_EXPORT
+match to 2001:db8:1:1::12 ext-community rt 65507:999 set community NO_EXPORT
+match to 2001:db8:1:1::12 large-community 999:65507:999 set community NO_EXPORT
+
+# add_noadvertise_to_any
+match to 2001:db8:1:1::12 community 65508:999 set community NO_ADVERTISE
+match to 2001:db8:1:1::12 ext-community rt 65508:999 set community NO_ADVERTISE
+match to 2001:db8:1:1::12 large-community 999:65508:999 set community NO_ADVERTISE
+
+# add_noexport_to_peer
+match to 2001:db8:1:1::12 community 65509:1 set community NO_EXPORT
+match to 2001:db8:1:1::12 ext-community rt 65509:1 set community NO_EXPORT
+match to 2001:db8:1:1::12 large-community 999:65509:1 set community NO_EXPORT
+
+# add_noadvertise_to_peer
+match to 2001:db8:1:1::12 community 65510:1 set community NO_ADVERTISE
+match to 2001:db8:1:1::12 ext-community rt 65510:1 set community NO_ADVERTISE
+match to 2001:db8:1:1::12 large-community 999:65510:1 set community NO_ADVERTISE
+
+
+# BGP control communities
+allow to 2001:db8:1:1::12
+
+# do_not_announce_to_any
+deny to 2001:db8:1:1::12 community 0:999
+deny to 2001:db8:1:1::12 ext-community rt 0:999
+deny to 2001:db8:1:1::12 large-community 999:0:999
+
+# do_not_announce_to_peer
+deny quick to 2001:db8:1:1::12 community 0:1
+deny quick to 2001:db8:1:1::12 ext-community rt 0:1
+deny quick to 2001:db8:1:1::12 large-community 999:0:1
+
+# announce_to_peer
+allow to 2001:db8:1:1::12 community 65501:1
+allow to 2001:db8:1:1::12 ext-community rt 65501:1
+allow to 2001:db8:1:1::12 large-community 999:65501:1
+
+
+# Add the $INTCOMM_PROCESS_PREPEND_COMMS ext community to signal that communities
+# for prepending can be processed. As soon as one prepending action is performed,
+# this internal community is removed, so that further actions are not processed.
+match to 2001:db8:1:1::12 set ext-community $INTCOMM_PROCESS_PREPEND_COMMS
+
+# prepend_once_to_peer AS1; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 65521:1 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 65521:1 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:65521:1 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+# prepend_twice_to_peer AS1; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 65522:1 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 65522:1 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:65522:1 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+# prepend_thrice_to_peer AS1; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 65523:1 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 65523:1 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:65523:1 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+
+# prepend_once_to_any; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 65521:65521 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 65521:65521 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:65521:65521 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+# prepend_twice_to_any; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 65522:65522 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 65522:65522 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:65522:65522 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+# prepend_thrice_to_any; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 65523:65523 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 65523:65523 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:65523:65523 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+
+# ---------------------------------------------
+# client AS222_1, inbound
+
+
+
+# NEXT_HOP
+match from 192.0.2.222 set community NO_ADVERTISE
+match from 192.0.2.222 nexthop 192.0.2.222 set community delete NO_ADVERTISE
+# Reject inbound routes when 'from 192.0.2.222 community NO_ADVERTISE' - reject code: 5
+allow quick from 192.0.2.222 community NO_ADVERTISE set {
+	localpref 1
+	community 65520:0
+	community 65520:5
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: left-most ASN
+# Reject inbound routes when 'from 192.0.2.222 peer-as != 222' - reject code: 6
+# community from reject_cause_map
+allow quick from 192.0.2.222 peer-as != 222 set {
+	localpref 1
+	community 65520:0
+	community 65520:6
+	large-community 999:1101:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: invalid ASNs
+# Reject inbound routes when 'from 192.0.2.222 AS 23456' - reject code: 7
+allow quick from 192.0.2.222 AS 23456 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 192.0.2.222 AS 64496 - 131071' - reject code: 7
+allow quick from 192.0.2.222 AS 64496 - 131071 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 192.0.2.222 AS 4200000000 - 4294967295' - reject code: 7
+allow quick from 192.0.2.222 AS 4200000000 - 4294967295 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: transit-free ASNs
+# Reject inbound routes when 'from 192.0.2.222 AS { 3, 174 }' - reject code: 8
+allow quick from 192.0.2.222 AS { 3, 174 } set {
+	localpref 1
+	community 65520:0
+	community 65520:8
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: never via route-servers ASNs
+# Reject inbound routes when 'from 192.0.2.222 AS as-set neverviarouteserver' - reject code: 15
+allow quick from 192.0.2.222 AS as-set neverviarouteserver set {
+	localpref 1
+	community 65520:0
+	community 65520:15
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# client's white list
+# Add the $INTCOMM_ROUTE_OK_WL ext community to routes which
+# are validated by a client's white list entry.
+# It will be used later during IRRDB validation in
+# case the route is not authorized by a client's
+# AS-SET.
+match from 192.0.2.222 prefix 222.1.1.0/24 set ext-community $INTCOMM_ROUTE_OK_WL	# None
+match from 192.0.2.222 prefix 3222:0:1::/48 set ext-community $INTCOMM_ROUTE_OK_WL	# None
+
+match from 192.0.2.222 set ext-community $INTCOMM_IRR_REJECT
+
+# AS_PATH: check origin via AS-SET
+# IRRDB filters for AS222_1, AS222: asns
+# add $INTCOMM_ORIGIN_KO to any; it will be removed later if at least one AS-SET authorizes this object
+match from 192.0.2.222 set ext-community $INTCOMM_ORIGIN_KO
+# verifying if object is authorized by AS-SETs
+# AS-SET AS222 referenced but empty.
+match from 192.0.2.222 source-as as-set AS_SET_AS_AS222_asns set {
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community $INTCOMM_ORIGIN_OK
+} # AS_AS222
+
+
+# Prefix: check prefix via AS-SET
+# IRRDB filters for AS222_1, AS222: prefixes
+# add $INTCOMM_PREFIX_KO to any; it will be removed later if at least one AS-SET authorizes this object
+match from 192.0.2.222 set ext-community $INTCOMM_PREFIX_KO
+# verifying if object is authorized by AS-SETs
+# AS-SET AS222 referenced but empty.
+match from 192.0.2.222 prefix-set AS_SET_AS_AS222_prefixes set {
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community $INTCOMM_PREFIX_OK
+} # AS_AS222
+
+
+# routes tagged with $INTCOMM_PREF_OK_ROA community have the prefix validated by a ROA; origin ASN previously validated ($INTCOMM_ORIGIN_OK)
+match from 192.0.2.222 ext-community $INTCOMM_ORIGIN_OK ext-community $INTCOMM_PREF_OK_ROA set ext-community delete $INTCOMM_IRR_REJECT
+
+# routes tagged with $INTCOMM_PREF_OK_ARINDB community have the prefix validated by an ARIN Whois record; origin ASN previously validated ($INTCOMM_ORIGIN_OK)
+match from 192.0.2.222 ext-community $INTCOMM_ORIGIN_OK ext-community $INTCOMM_PREF_OK_ARINDB set ext-community delete $INTCOMM_IRR_REJECT
+
+# routes tagged with $INTCOMM_PREF_OK_REGISTROBRDB community have the prefix validated by a NICBR Whois record; origin ASN previously validated ($INTCOMM_ORIGIN_OK)
+match from 192.0.2.222 ext-community $INTCOMM_ORIGIN_OK ext-community $INTCOMM_PREF_OK_REGISTROBRDB set ext-community delete $INTCOMM_IRR_REJECT
+
+# route authorized by a client's white list?
+match from 192.0.2.222 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_ROUTE_OK_WL set ext-community delete $INTCOMM_IRR_REJECT
+
+# enforcing: origin ASN
+# Reject inbound routes when 'from 192.0.2.222 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_ORIGIN_KO' - reject code: 9
+allow quick from 192.0.2.222 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_ORIGIN_KO set {
+	localpref 1
+	community 65520:0
+	community 65520:9
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# enforcing: prefix
+# Reject inbound routes when 'from 192.0.2.222 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_PREFIX_KO' - reject code: 12
+allow quick from 192.0.2.222 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_PREFIX_KO set {
+	localpref 1
+	community 65520:0
+	community 65520:12
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# Blackhole request?
+match from 192.0.2.222 set ext-community delete rt 65520:222
+
+
+# Remove internal communities before accepting the route
+match from 192.0.2.222 community BLACKHOLE set {
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+allow from 192.0.2.222 community 65534:0 set {
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+allow from 192.0.2.222 large-community 65534:0:0 set {
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# Add the rpki_bgp_origin_validation_not_performed community
+match from 192.0.2.222 community BLACKHOLE set community 65530:4
+match from 192.0.2.222 community BLACKHOLE set large-community 999:65530:4
+
+match from 192.0.2.222 community 65534:0 set { community 65530:4 large-community 999:65530:4}
+match from 192.0.2.222 large-community 65534:0:0 set { community 65530:4 large-community 999:65530:4}
+
+
+allow quick from 192.0.2.222 community BLACKHOLE
+allow quick from 192.0.2.222 community 65534:0
+allow quick from 192.0.2.222 large-community 65534:0:0
+
+
+match from 192.0.2.222 set ext-community rt 65520:222
+
+
+# RPKI-based Origin Validation
+# Reject inbound routes when 'from 192.0.2.222 ext-community $INTCOMM_RPKI_INVALID' - reject code: 14
+allow quick from 192.0.2.222 ext-community $INTCOMM_RPKI_INVALID set {
+	localpref 1
+	community 65520:0
+	community 65520:14
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# Prefix: length
+# Reject inbound routes when 'from 192.0.2.222 prefix 0.0.0.0/0 prefixlen 8 >< 24' - reject code: 13
+allow quick from 192.0.2.222 prefix 0.0.0.0/0 prefixlen 8 >< 24 set {
+	localpref 1
+	community 65520:0
+	community 65520:13
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# Graceful shutdown
+match from 192.0.2.222 community GRACEFUL_SHUTDOWN set localpref 5
+
+# Remove internal communities before accepting the route
+match from 192.0.2.222 set {
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+match from 192.0.2.222 set ext-community delete rt 65520:222
+
+
+
+allow quick from 192.0.2.222
+
+
+
+# ---------------------------------------------
+# client AS222_1, outbound
+
+deny quick to 192.0.2.222 community 65520:0
+
+
+
+# Blackhole request?
+# Configured policy: rewrite-next-hop
+match to 192.0.2.222 community 65534:0 set community BLACKHOLE
+match to 192.0.2.222 large-community 65534:0:0 set community BLACKHOLE
+
+match to 192.0.2.222 community BLACKHOLE set community NO_EXPORT
+match to 192.0.2.222 community BLACKHOLE set nexthop 192.0.2.66
+
+
+# RPKI-based Origin Validation
+# Do not announce INVALID to clients
+deny quick to 192.0.2.222 ext-community $INTCOMM_RPKI_INVALID
+
+# NO_EXPORT and NO_ADVERTISE communities
+# add_noexport_to_any
+match to 192.0.2.222 community 65507:999 set community NO_EXPORT
+match to 192.0.2.222 ext-community rt 65507:999 set community NO_EXPORT
+match to 192.0.2.222 large-community 999:65507:999 set community NO_EXPORT
+
+# add_noadvertise_to_any
+match to 192.0.2.222 community 65508:999 set community NO_ADVERTISE
+match to 192.0.2.222 ext-community rt 65508:999 set community NO_ADVERTISE
+match to 192.0.2.222 large-community 999:65508:999 set community NO_ADVERTISE
+
+# add_noexport_to_peer
+match to 192.0.2.222 community 65509:222 set community NO_EXPORT
+match to 192.0.2.222 ext-community rt 65509:222 set community NO_EXPORT
+match to 192.0.2.222 large-community 999:65509:222 set community NO_EXPORT
+
+# add_noadvertise_to_peer
+match to 192.0.2.222 community 65510:222 set community NO_ADVERTISE
+match to 192.0.2.222 ext-community rt 65510:222 set community NO_ADVERTISE
+match to 192.0.2.222 large-community 999:65510:222 set community NO_ADVERTISE
+
+
+# BGP control communities
+allow to 192.0.2.222
+
+# do_not_announce_to_any
+deny to 192.0.2.222 community 0:999
+deny to 192.0.2.222 ext-community rt 0:999
+deny to 192.0.2.222 large-community 999:0:999
+
+# do_not_announce_to_peer
+deny quick to 192.0.2.222 community 0:222
+deny quick to 192.0.2.222 ext-community rt 0:222
+deny quick to 192.0.2.222 large-community 999:0:222
+
+# announce_to_peer
+allow to 192.0.2.222 community 65501:222
+allow to 192.0.2.222 ext-community rt 65501:222
+allow to 192.0.2.222 large-community 999:65501:222
+
+
+# Add the $INTCOMM_PROCESS_PREPEND_COMMS ext community to signal that communities
+# for prepending can be processed. As soon as one prepending action is performed,
+# this internal community is removed, so that further actions are not processed.
+match to 192.0.2.222 set ext-community $INTCOMM_PROCESS_PREPEND_COMMS
+
+# prepend_once_to_peer AS222; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.222 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 65521:222 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.222 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 65521:222 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.222 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:65521:222 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+# prepend_twice_to_peer AS222; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.222 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 65522:222 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.222 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 65522:222 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.222 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:65522:222 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+# prepend_thrice_to_peer AS222; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.222 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 65523:222 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.222 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 65523:222 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.222 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:65523:222 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+
+# prepend_once_to_any; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.222 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 65521:65521 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.222 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 65521:65521 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.222 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:65521:65521 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+# prepend_twice_to_any; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.222 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 65522:65522 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.222 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 65522:65522 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.222 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:65522:65522 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+# prepend_thrice_to_any; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.222 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 65523:65523 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.222 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 65523:65523 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.222 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:65523:65523 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+
+# ---------------------------------------------
+# client AS222_2, inbound
+
+
+
+# NEXT_HOP
+match from 2001:db8:1:1::222 set community NO_ADVERTISE
+match from 2001:db8:1:1::222 nexthop 2001:db8:1:1::222 set community delete NO_ADVERTISE
+# Reject inbound routes when 'from 2001:db8:1:1::222 community NO_ADVERTISE' - reject code: 5
+allow quick from 2001:db8:1:1::222 community NO_ADVERTISE set {
+	localpref 1
+	community 65520:0
+	community 65520:5
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: left-most ASN
+# Reject inbound routes when 'from 2001:db8:1:1::222 peer-as != 222' - reject code: 6
+# community from reject_cause_map
+allow quick from 2001:db8:1:1::222 peer-as != 222 set {
+	localpref 1
+	community 65520:0
+	community 65520:6
+	large-community 999:1101:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: invalid ASNs
+# Reject inbound routes when 'from 2001:db8:1:1::222 AS 23456' - reject code: 7
+allow quick from 2001:db8:1:1::222 AS 23456 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 2001:db8:1:1::222 AS 64496 - 131071' - reject code: 7
+allow quick from 2001:db8:1:1::222 AS 64496 - 131071 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 2001:db8:1:1::222 AS 4200000000 - 4294967295' - reject code: 7
+allow quick from 2001:db8:1:1::222 AS 4200000000 - 4294967295 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: transit-free ASNs
+# Reject inbound routes when 'from 2001:db8:1:1::222 AS { 3, 174 }' - reject code: 8
+allow quick from 2001:db8:1:1::222 AS { 3, 174 } set {
+	localpref 1
+	community 65520:0
+	community 65520:8
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: never via route-servers ASNs
+# Reject inbound routes when 'from 2001:db8:1:1::222 AS as-set neverviarouteserver' - reject code: 15
+allow quick from 2001:db8:1:1::222 AS as-set neverviarouteserver set {
+	localpref 1
+	community 65520:0
+	community 65520:15
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# client's white list
+# Add the $INTCOMM_ROUTE_OK_WL ext community to routes which
+# are validated by a client's white list entry.
+# It will be used later during IRRDB validation in
+# case the route is not authorized by a client's
+# AS-SET.
+match from 2001:db8:1:1::222 prefix 222.1.1.0/24 set ext-community $INTCOMM_ROUTE_OK_WL	# None
+match from 2001:db8:1:1::222 prefix 3222:0:1::/48 set ext-community $INTCOMM_ROUTE_OK_WL	# None
+
+match from 2001:db8:1:1::222 set ext-community $INTCOMM_IRR_REJECT
+
+# AS_PATH: check origin via AS-SET
+# IRRDB filters for AS222_2, AS222: asns
+# add $INTCOMM_ORIGIN_KO to any; it will be removed later if at least one AS-SET authorizes this object
+match from 2001:db8:1:1::222 set ext-community $INTCOMM_ORIGIN_KO
+# verifying if object is authorized by AS-SETs
+# AS-SET AS222 referenced but empty.
+match from 2001:db8:1:1::222 source-as as-set AS_SET_AS_AS222_asns set {
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community $INTCOMM_ORIGIN_OK
+} # AS_AS222
+
+
+# Prefix: check prefix via AS-SET
+# IRRDB filters for AS222_2, AS222: prefixes
+# add $INTCOMM_PREFIX_KO to any; it will be removed later if at least one AS-SET authorizes this object
+match from 2001:db8:1:1::222 set ext-community $INTCOMM_PREFIX_KO
+# verifying if object is authorized by AS-SETs
+# AS-SET AS222 referenced but empty.
+match from 2001:db8:1:1::222 prefix-set AS_SET_AS_AS222_prefixes set {
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community $INTCOMM_PREFIX_OK
+} # AS_AS222
+
+
+# routes tagged with $INTCOMM_PREF_OK_ROA community have the prefix validated by a ROA; origin ASN previously validated ($INTCOMM_ORIGIN_OK)
+match from 2001:db8:1:1::222 ext-community $INTCOMM_ORIGIN_OK ext-community $INTCOMM_PREF_OK_ROA set ext-community delete $INTCOMM_IRR_REJECT
+
+# routes tagged with $INTCOMM_PREF_OK_ARINDB community have the prefix validated by an ARIN Whois record; origin ASN previously validated ($INTCOMM_ORIGIN_OK)
+match from 2001:db8:1:1::222 ext-community $INTCOMM_ORIGIN_OK ext-community $INTCOMM_PREF_OK_ARINDB set ext-community delete $INTCOMM_IRR_REJECT
+
+# routes tagged with $INTCOMM_PREF_OK_REGISTROBRDB community have the prefix validated by a NICBR Whois record; origin ASN previously validated ($INTCOMM_ORIGIN_OK)
+match from 2001:db8:1:1::222 ext-community $INTCOMM_ORIGIN_OK ext-community $INTCOMM_PREF_OK_REGISTROBRDB set ext-community delete $INTCOMM_IRR_REJECT
+
+# route authorized by a client's white list?
+match from 2001:db8:1:1::222 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_ROUTE_OK_WL set ext-community delete $INTCOMM_IRR_REJECT
+
+# enforcing: origin ASN
+# Reject inbound routes when 'from 2001:db8:1:1::222 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_ORIGIN_KO' - reject code: 9
+allow quick from 2001:db8:1:1::222 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_ORIGIN_KO set {
+	localpref 1
+	community 65520:0
+	community 65520:9
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# enforcing: prefix
+# Reject inbound routes when 'from 2001:db8:1:1::222 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_PREFIX_KO' - reject code: 12
+allow quick from 2001:db8:1:1::222 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_PREFIX_KO set {
+	localpref 1
+	community 65520:0
+	community 65520:12
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# Blackhole request?
+match from 2001:db8:1:1::222 set ext-community delete rt 65520:222
+
+
+# Remove internal communities before accepting the route
+match from 2001:db8:1:1::222 community BLACKHOLE set {
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+allow from 2001:db8:1:1::222 community 65534:0 set {
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+allow from 2001:db8:1:1::222 large-community 65534:0:0 set {
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# Add the rpki_bgp_origin_validation_not_performed community
+match from 2001:db8:1:1::222 community BLACKHOLE set community 65530:4
+match from 2001:db8:1:1::222 community BLACKHOLE set large-community 999:65530:4
+
+match from 2001:db8:1:1::222 community 65534:0 set { community 65530:4 large-community 999:65530:4}
+match from 2001:db8:1:1::222 large-community 65534:0:0 set { community 65530:4 large-community 999:65530:4}
+
+
+allow quick from 2001:db8:1:1::222 community BLACKHOLE
+allow quick from 2001:db8:1:1::222 community 65534:0
+allow quick from 2001:db8:1:1::222 large-community 65534:0:0
+
+
+match from 2001:db8:1:1::222 set ext-community rt 65520:222
+
+
+# RPKI-based Origin Validation
+# Reject inbound routes when 'from 2001:db8:1:1::222 ext-community $INTCOMM_RPKI_INVALID' - reject code: 14
+allow quick from 2001:db8:1:1::222 ext-community $INTCOMM_RPKI_INVALID set {
+	localpref 1
+	community 65520:0
+	community 65520:14
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# Prefix: length
+# Reject inbound routes when 'from 2001:db8:1:1::222 prefix ::/0 prefixlen 17 >< 48' - reject code: 13
+allow quick from 2001:db8:1:1::222 prefix ::/0 prefixlen 17 >< 48 set {
+	localpref 1
+	community 65520:0
+	community 65520:13
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# Graceful shutdown
+match from 2001:db8:1:1::222 community GRACEFUL_SHUTDOWN set localpref 5
+
+# Remove internal communities before accepting the route
+match from 2001:db8:1:1::222 set {
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+match from 2001:db8:1:1::222 set ext-community delete rt 65520:222
+
+
+
+allow quick from 2001:db8:1:1::222
+
+
+
+# ---------------------------------------------
+# client AS222_2, outbound
+
+deny quick to 2001:db8:1:1::222 community 65520:0
+
+
+
+# Blackhole request?
+# Configured policy: rewrite-next-hop
+match to 2001:db8:1:1::222 community 65534:0 set community BLACKHOLE
+match to 2001:db8:1:1::222 large-community 65534:0:0 set community BLACKHOLE
+
+match to 2001:db8:1:1::222 community BLACKHOLE set community NO_EXPORT
+match to 2001:db8:1:1::222 community BLACKHOLE set nexthop 2001:db8:1:1::66
+
+
+# RPKI-based Origin Validation
+# Do not announce INVALID to clients
+deny quick to 2001:db8:1:1::222 ext-community $INTCOMM_RPKI_INVALID
+
+# NO_EXPORT and NO_ADVERTISE communities
+# add_noexport_to_any
+match to 2001:db8:1:1::222 community 65507:999 set community NO_EXPORT
+match to 2001:db8:1:1::222 ext-community rt 65507:999 set community NO_EXPORT
+match to 2001:db8:1:1::222 large-community 999:65507:999 set community NO_EXPORT
+
+# add_noadvertise_to_any
+match to 2001:db8:1:1::222 community 65508:999 set community NO_ADVERTISE
+match to 2001:db8:1:1::222 ext-community rt 65508:999 set community NO_ADVERTISE
+match to 2001:db8:1:1::222 large-community 999:65508:999 set community NO_ADVERTISE
+
+# add_noexport_to_peer
+match to 2001:db8:1:1::222 community 65509:222 set community NO_EXPORT
+match to 2001:db8:1:1::222 ext-community rt 65509:222 set community NO_EXPORT
+match to 2001:db8:1:1::222 large-community 999:65509:222 set community NO_EXPORT
+
+# add_noadvertise_to_peer
+match to 2001:db8:1:1::222 community 65510:222 set community NO_ADVERTISE
+match to 2001:db8:1:1::222 ext-community rt 65510:222 set community NO_ADVERTISE
+match to 2001:db8:1:1::222 large-community 999:65510:222 set community NO_ADVERTISE
+
+
+# BGP control communities
+allow to 2001:db8:1:1::222
+
+# do_not_announce_to_any
+deny to 2001:db8:1:1::222 community 0:999
+deny to 2001:db8:1:1::222 ext-community rt 0:999
+deny to 2001:db8:1:1::222 large-community 999:0:999
+
+# do_not_announce_to_peer
+deny quick to 2001:db8:1:1::222 community 0:222
+deny quick to 2001:db8:1:1::222 ext-community rt 0:222
+deny quick to 2001:db8:1:1::222 large-community 999:0:222
+
+# announce_to_peer
+allow to 2001:db8:1:1::222 community 65501:222
+allow to 2001:db8:1:1::222 ext-community rt 65501:222
+allow to 2001:db8:1:1::222 large-community 999:65501:222
+
+
+# Add the $INTCOMM_PROCESS_PREPEND_COMMS ext community to signal that communities
+# for prepending can be processed. As soon as one prepending action is performed,
+# this internal community is removed, so that further actions are not processed.
+match to 2001:db8:1:1::222 set ext-community $INTCOMM_PROCESS_PREPEND_COMMS
+
+# prepend_once_to_peer AS222; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::222 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 65521:222 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::222 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 65521:222 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::222 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:65521:222 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+# prepend_twice_to_peer AS222; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::222 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 65522:222 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::222 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 65522:222 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::222 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:65522:222 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+# prepend_thrice_to_peer AS222; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::222 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 65523:222 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::222 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 65523:222 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::222 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:65523:222 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+
+# prepend_once_to_any; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::222 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 65521:65521 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::222 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 65521:65521 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::222 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:65521:65521 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+# prepend_twice_to_any; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::222 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 65522:65522 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::222 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 65522:65522 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::222 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:65522:65522 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+# prepend_thrice_to_any; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::222 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 65523:65523 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::222 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 65523:65523 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::222 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:65523:65523 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+
+# ---------------------------------------------
+# client AS2_1, inbound
+
+
+
+# NEXT_HOP
+match from 192.0.2.21 set community NO_ADVERTISE
+match from 192.0.2.21 nexthop 192.0.2.21 set community delete NO_ADVERTISE
+match from 192.0.2.21 nexthop 192.0.2.22 set community delete NO_ADVERTISE
+# Reject inbound routes when 'from 192.0.2.21 community NO_ADVERTISE' - reject code: 5
+allow quick from 192.0.2.21 community NO_ADVERTISE set {
+	localpref 1
+	community 65520:0
+	community 65520:5
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: left-most ASN
+# Reject inbound routes when 'from 192.0.2.21 peer-as != 2' - reject code: 6
+# community from reject_cause_map
+allow quick from 192.0.2.21 peer-as != 2 set {
+	localpref 1
+	community 65520:0
+	community 65520:6
+	large-community 999:1101:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: invalid ASNs
+# Reject inbound routes when 'from 192.0.2.21 AS 23456' - reject code: 7
+allow quick from 192.0.2.21 AS 23456 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 192.0.2.21 AS 64496 - 131071' - reject code: 7
+allow quick from 192.0.2.21 AS 64496 - 131071 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 192.0.2.21 AS 4200000000 - 4294967295' - reject code: 7
+allow quick from 192.0.2.21 AS 4200000000 - 4294967295 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: transit-free ASNs
+# Reject inbound routes when 'from 192.0.2.21 AS { 3, 174 }' - reject code: 8
+allow quick from 192.0.2.21 AS { 3, 174 } set {
+	localpref 1
+	community 65520:0
+	community 65520:8
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: never via route-servers ASNs
+# Reject inbound routes when 'from 192.0.2.21 AS as-set neverviarouteserver' - reject code: 15
+allow quick from 192.0.2.21 AS as-set neverviarouteserver set {
+	localpref 1
+	community 65520:0
+	community 65520:15
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+match from 192.0.2.21 set ext-community $INTCOMM_IRR_REJECT
+
+# AS_PATH: check origin via AS-SET
+# IRRDB filters for AS2_1, AS2: asns
+# add $INTCOMM_ORIGIN_KO to any; it will be removed later if at least one AS-SET authorizes this object
+match from 192.0.2.21 set ext-community $INTCOMM_ORIGIN_KO
+# verifying if object is authorized by AS-SETs
+# AS-SET AS2 referenced but empty.
+match from 192.0.2.21 source-as as-set AS_SET_AS_AS2_AS_AS2_CUSTOMERS_asns set {
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community $INTCOMM_ORIGIN_OK
+} # AS_AS2_AS_AS2_CUSTOMERS
+
+
+# Prefix: check prefix via AS-SET
+# IRRDB filters for AS2_1, AS2: prefixes
+# add $INTCOMM_PREFIX_KO to any; it will be removed later if at least one AS-SET authorizes this object
+match from 192.0.2.21 set ext-community $INTCOMM_PREFIX_KO
+# verifying if object is authorized by AS-SETs
+# AS-SET AS2 referenced but empty.
+match from 192.0.2.21 prefix-set AS_SET_AS_AS2_AS_AS2_CUSTOMERS_prefixes set {
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community $INTCOMM_PREFIX_OK
+} # AS_AS2_AS_AS2_CUSTOMERS
+
+
+# routes tagged with $INTCOMM_PREF_OK_ROA community have the prefix validated by a ROA; origin ASN previously validated ($INTCOMM_ORIGIN_OK)
+match from 192.0.2.21 ext-community $INTCOMM_ORIGIN_OK ext-community $INTCOMM_PREF_OK_ROA set ext-community delete $INTCOMM_IRR_REJECT
+
+# routes tagged with $INTCOMM_PREF_OK_ARINDB community have the prefix validated by an ARIN Whois record; origin ASN previously validated ($INTCOMM_ORIGIN_OK)
+match from 192.0.2.21 ext-community $INTCOMM_ORIGIN_OK ext-community $INTCOMM_PREF_OK_ARINDB set ext-community delete $INTCOMM_IRR_REJECT
+
+# routes tagged with $INTCOMM_PREF_OK_REGISTROBRDB community have the prefix validated by a NICBR Whois record; origin ASN previously validated ($INTCOMM_ORIGIN_OK)
+match from 192.0.2.21 ext-community $INTCOMM_ORIGIN_OK ext-community $INTCOMM_PREF_OK_REGISTROBRDB set ext-community delete $INTCOMM_IRR_REJECT
+
+
+# enforcing: origin ASN
+# Reject inbound routes when 'from 192.0.2.21 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_ORIGIN_KO' - reject code: 9
+allow quick from 192.0.2.21 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_ORIGIN_KO set {
+	localpref 1
+	community 65520:0
+	community 65520:9
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# enforcing: prefix
+# Reject inbound routes when 'from 192.0.2.21 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_PREFIX_KO' - reject code: 12
+allow quick from 192.0.2.21 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_PREFIX_KO set {
+	localpref 1
+	community 65520:0
+	community 65520:12
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# Blackhole request?
+match from 192.0.2.21 set ext-community delete rt 65520:2
+
+
+# Remove internal communities before accepting the route
+match from 192.0.2.21 community BLACKHOLE set {
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+allow from 192.0.2.21 community 65534:0 set {
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+allow from 192.0.2.21 large-community 65534:0:0 set {
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# Add the rpki_bgp_origin_validation_not_performed community
+match from 192.0.2.21 community BLACKHOLE set community 65530:4
+match from 192.0.2.21 community BLACKHOLE set large-community 999:65530:4
+
+match from 192.0.2.21 community 65534:0 set { community 65530:4 large-community 999:65530:4}
+match from 192.0.2.21 large-community 65534:0:0 set { community 65530:4 large-community 999:65530:4}
+
+
+allow quick from 192.0.2.21 community BLACKHOLE
+allow quick from 192.0.2.21 community 65534:0
+allow quick from 192.0.2.21 large-community 65534:0:0
+
+
+match from 192.0.2.21 set ext-community rt 65520:2
+
+
+# RPKI-based Origin Validation
+# Reject inbound routes when 'from 192.0.2.21 ext-community $INTCOMM_RPKI_INVALID' - reject code: 14
+allow quick from 192.0.2.21 ext-community $INTCOMM_RPKI_INVALID set {
+	localpref 1
+	community 65520:0
+	community 65520:14
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# Prefix: length
+# Reject inbound routes when 'from 192.0.2.21 prefix 0.0.0.0/0 prefixlen 8 >< 24' - reject code: 13
+allow quick from 192.0.2.21 prefix 0.0.0.0/0 prefixlen 8 >< 24 set {
+	localpref 1
+	community 65520:0
+	community 65520:13
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# Graceful shutdown
+match from 192.0.2.21 community GRACEFUL_SHUTDOWN set community delete GRACEFUL_SHUTDOWN
+
+# Remove internal communities before accepting the route
+match from 192.0.2.21 set {
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+match from 192.0.2.21 set ext-community delete rt 65520:2
+
+
+
+allow quick from 192.0.2.21
+
+
+
+# ---------------------------------------------
+# client AS2_1, outbound
+
+deny quick to 192.0.2.21 community 65520:0
+
+
+
+# Blackhole request?
+# Configured policy: rewrite-next-hop
+match to 192.0.2.21 community 65534:0 set community BLACKHOLE
+match to 192.0.2.21 large-community 65534:0:0 set community BLACKHOLE
+
+match to 192.0.2.21 community BLACKHOLE set community NO_EXPORT
+match to 192.0.2.21 community BLACKHOLE set nexthop 192.0.2.66
+
+
+# RPKI-based Origin Validation
+# Do not announce INVALID to clients
+deny quick to 192.0.2.21 ext-community $INTCOMM_RPKI_INVALID
+
+# NO_EXPORT and NO_ADVERTISE communities
+# add_noexport_to_any
+match to 192.0.2.21 community 65507:999 set community NO_EXPORT
+match to 192.0.2.21 ext-community rt 65507:999 set community NO_EXPORT
+match to 192.0.2.21 large-community 999:65507:999 set community NO_EXPORT
+
+# add_noadvertise_to_any
+match to 192.0.2.21 community 65508:999 set community NO_ADVERTISE
+match to 192.0.2.21 ext-community rt 65508:999 set community NO_ADVERTISE
+match to 192.0.2.21 large-community 999:65508:999 set community NO_ADVERTISE
+
+# add_noexport_to_peer
+match to 192.0.2.21 community 65509:2 set community NO_EXPORT
+match to 192.0.2.21 ext-community rt 65509:2 set community NO_EXPORT
+match to 192.0.2.21 large-community 999:65509:2 set community NO_EXPORT
+
+# add_noadvertise_to_peer
+match to 192.0.2.21 community 65510:2 set community NO_ADVERTISE
+match to 192.0.2.21 ext-community rt 65510:2 set community NO_ADVERTISE
+match to 192.0.2.21 large-community 999:65510:2 set community NO_ADVERTISE
+
+
+# BGP control communities
+allow to 192.0.2.21
+
+# do_not_announce_to_any
+deny to 192.0.2.21 community 0:999
+deny to 192.0.2.21 ext-community rt 0:999
+deny to 192.0.2.21 large-community 999:0:999
+
+# do_not_announce_to_peer
+deny quick to 192.0.2.21 community 0:2
+deny quick to 192.0.2.21 ext-community rt 0:2
+deny quick to 192.0.2.21 large-community 999:0:2
+
+# do_not_announce_to_peers_with_rtt_lower_than 20 ms
+deny to 192.0.2.21 community 64530:20
+deny to 192.0.2.21 ext-community rt 64530:20
+deny to 192.0.2.21 large-community 999:64530:20
+
+
+# do_not_announce_to_peers_with_rtt_lower_than 30 ms
+deny to 192.0.2.21 community 64530:30
+deny to 192.0.2.21 ext-community rt 64530:30
+deny to 192.0.2.21 large-community 999:64530:30
+
+
+# do_not_announce_to_peers_with_rtt_lower_than 50 ms
+deny to 192.0.2.21 community 64530:50
+deny to 192.0.2.21 ext-community rt 64530:50
+deny to 192.0.2.21 large-community 999:64530:50
+
+
+# do_not_announce_to_peers_with_rtt_lower_than 100 ms
+deny to 192.0.2.21 community 64530:100
+deny to 192.0.2.21 ext-community rt 64530:100
+deny to 192.0.2.21 large-community 999:64530:100
+
+
+# do_not_announce_to_peers_with_rtt_lower_than 200 ms
+deny to 192.0.2.21 community 64530:200
+deny to 192.0.2.21 ext-community rt 64530:200
+deny to 192.0.2.21 large-community 999:64530:200
+
+
+# do_not_announce_to_peers_with_rtt_lower_than 500 ms
+deny to 192.0.2.21 community 64530:500
+deny to 192.0.2.21 ext-community rt 64530:500
+deny to 192.0.2.21 large-community 999:64530:500
+
+
+# announce_to_peers_with_rtt_lower_than 20 ms
+allow to 192.0.2.21 community 64532:20
+allow to 192.0.2.21 ext-community rt 64532:20
+allow to 192.0.2.21 large-community 999:64532:20
+
+
+# announce_to_peers_with_rtt_lower_than 30 ms
+allow to 192.0.2.21 community 64532:30
+allow to 192.0.2.21 ext-community rt 64532:30
+allow to 192.0.2.21 large-community 999:64532:30
+
+
+# announce_to_peers_with_rtt_lower_than 50 ms
+allow to 192.0.2.21 community 64532:50
+allow to 192.0.2.21 ext-community rt 64532:50
+allow to 192.0.2.21 large-community 999:64532:50
+
+
+# announce_to_peers_with_rtt_lower_than 100 ms
+allow to 192.0.2.21 community 64532:100
+allow to 192.0.2.21 ext-community rt 64532:100
+allow to 192.0.2.21 large-community 999:64532:100
+
+
+# announce_to_peers_with_rtt_lower_than 200 ms
+allow to 192.0.2.21 community 64532:200
+allow to 192.0.2.21 ext-community rt 64532:200
+allow to 192.0.2.21 large-community 999:64532:200
+
+
+# announce_to_peers_with_rtt_lower_than 500 ms
+allow to 192.0.2.21 community 64532:500
+allow to 192.0.2.21 ext-community rt 64532:500
+allow to 192.0.2.21 large-community 999:64532:500
+
+
+# do_not_announce_to_peers_with_rtt_higher_than 5 ms
+deny to 192.0.2.21 community 64531:5
+deny to 192.0.2.21 ext-community rt 64531:5
+deny to 192.0.2.21 large-community 999:64531:5
+
+
+# do_not_announce_to_peers_with_rtt_higher_than 10 ms
+deny to 192.0.2.21 community 64531:10
+deny to 192.0.2.21 ext-community rt 64531:10
+deny to 192.0.2.21 large-community 999:64531:10
+
+
+# do_not_announce_to_peers_with_rtt_higher_than 15 ms
+deny to 192.0.2.21 community 64531:15
+deny to 192.0.2.21 ext-community rt 64531:15
+deny to 192.0.2.21 large-community 999:64531:15
+
+
+# announce_to_peers_with_rtt_higher_than 5 ms
+allow to 192.0.2.21 community 64533:5
+allow to 192.0.2.21 ext-community rt 64533:5
+allow to 192.0.2.21 large-community 999:64533:5
+
+
+# announce_to_peers_with_rtt_higher_than 10 ms
+allow to 192.0.2.21 community 64533:10
+allow to 192.0.2.21 ext-community rt 64533:10
+allow to 192.0.2.21 large-community 999:64533:10
+
+
+# announce_to_peers_with_rtt_higher_than 15 ms
+allow to 192.0.2.21 community 64533:15
+allow to 192.0.2.21 ext-community rt 64533:15
+allow to 192.0.2.21 large-community 999:64533:15
+
+
+# announce_to_peer
+allow to 192.0.2.21 community 65501:2
+allow to 192.0.2.21 ext-community rt 65501:2
+allow to 192.0.2.21 large-community 999:65501:2
+
+
+# Add the $INTCOMM_PROCESS_PREPEND_COMMS ext community to signal that communities
+# for prepending can be processed. As soon as one prepending action is performed,
+# this internal community is removed, so that further actions are not processed.
+match to 192.0.2.21 set ext-community $INTCOMM_PROCESS_PREPEND_COMMS
+
+# prepend_once_to_peer AS2; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 65521:2 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 65521:2 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:65521:2 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+# prepend_twice_to_peer AS2; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 65522:2 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 65522:2 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:65522:2 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+# prepend_thrice_to_peer AS2; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 65523:2 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 65523:2 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:65523:2 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_once_to_peers_with_rtt_higher_than 15 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64537:15 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64537:15 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64537:15 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_twice_to_peers_with_rtt_higher_than 15 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64538:15 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64538:15 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64538:15 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_thrice_to_peers_with_rtt_higher_than 15 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64539:15 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64539:15 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64539:15 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_once_to_peers_with_rtt_higher_than 10 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64537:10 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64537:10 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64537:10 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_twice_to_peers_with_rtt_higher_than 10 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64538:10 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64538:10 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64538:10 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_thrice_to_peers_with_rtt_higher_than 10 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64539:10 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64539:10 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64539:10 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_once_to_peers_with_rtt_higher_than 5 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64537:5 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64537:5 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64537:5 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_twice_to_peers_with_rtt_higher_than 5 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64538:5 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64538:5 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64538:5 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_thrice_to_peers_with_rtt_higher_than 5 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64539:5 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64539:5 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64539:5 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_once_to_peers_with_rtt_lower_than 20 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64534:20 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64534:20 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64534:20 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_twice_to_peers_with_rtt_lower_than 20 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64535:20 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64535:20 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64535:20 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_thrice_to_peers_with_rtt_lower_than 20 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64536:20 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64536:20 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64536:20 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_once_to_peers_with_rtt_lower_than 30 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64534:30 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64534:30 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64534:30 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_twice_to_peers_with_rtt_lower_than 30 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64535:30 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64535:30 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64535:30 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_thrice_to_peers_with_rtt_lower_than 30 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64536:30 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64536:30 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64536:30 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_once_to_peers_with_rtt_lower_than 50 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64534:50 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64534:50 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64534:50 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_twice_to_peers_with_rtt_lower_than 50 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64535:50 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64535:50 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64535:50 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_thrice_to_peers_with_rtt_lower_than 50 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64536:50 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64536:50 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64536:50 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_once_to_peers_with_rtt_lower_than 100 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64534:100 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64534:100 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64534:100 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_twice_to_peers_with_rtt_lower_than 100 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64535:100 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64535:100 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64535:100 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_thrice_to_peers_with_rtt_lower_than 100 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64536:100 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64536:100 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64536:100 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_once_to_peers_with_rtt_lower_than 200 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64534:200 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64534:200 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64534:200 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_twice_to_peers_with_rtt_lower_than 200 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64535:200 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64535:200 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64535:200 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_thrice_to_peers_with_rtt_lower_than 200 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64536:200 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64536:200 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64536:200 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_once_to_peers_with_rtt_lower_than 500 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64534:500 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64534:500 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64534:500 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_twice_to_peers_with_rtt_lower_than 500 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64535:500 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64535:500 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64535:500 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_thrice_to_peers_with_rtt_lower_than 500 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64536:500 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64536:500 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64536:500 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+
+# prepend_once_to_any; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 65521:65521 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 65521:65521 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:65521:65521 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+# prepend_twice_to_any; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 65522:65522 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 65522:65522 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:65522:65522 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+# prepend_thrice_to_any; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 65523:65523 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 65523:65523 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:65523:65523 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+
+# ---------------------------------------------
+# client AS2_2, inbound
+
+
+
+# NEXT_HOP
+match from 2001:db8:1:1::21 set community NO_ADVERTISE
+match from 2001:db8:1:1::21 nexthop 2001:db8:1:1::21 set community delete NO_ADVERTISE
+match from 2001:db8:1:1::21 nexthop 2001:db8:1:1::22 set community delete NO_ADVERTISE
+# Reject inbound routes when 'from 2001:db8:1:1::21 community NO_ADVERTISE' - reject code: 5
+allow quick from 2001:db8:1:1::21 community NO_ADVERTISE set {
+	localpref 1
+	community 65520:0
+	community 65520:5
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: left-most ASN
+# Reject inbound routes when 'from 2001:db8:1:1::21 peer-as != 2' - reject code: 6
+# community from reject_cause_map
+allow quick from 2001:db8:1:1::21 peer-as != 2 set {
+	localpref 1
+	community 65520:0
+	community 65520:6
+	large-community 999:1101:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: invalid ASNs
+# Reject inbound routes when 'from 2001:db8:1:1::21 AS 23456' - reject code: 7
+allow quick from 2001:db8:1:1::21 AS 23456 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 2001:db8:1:1::21 AS 64496 - 131071' - reject code: 7
+allow quick from 2001:db8:1:1::21 AS 64496 - 131071 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 2001:db8:1:1::21 AS 4200000000 - 4294967295' - reject code: 7
+allow quick from 2001:db8:1:1::21 AS 4200000000 - 4294967295 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: transit-free ASNs
+# Reject inbound routes when 'from 2001:db8:1:1::21 AS { 3, 174 }' - reject code: 8
+allow quick from 2001:db8:1:1::21 AS { 3, 174 } set {
+	localpref 1
+	community 65520:0
+	community 65520:8
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: never via route-servers ASNs
+# Reject inbound routes when 'from 2001:db8:1:1::21 AS as-set neverviarouteserver' - reject code: 15
+allow quick from 2001:db8:1:1::21 AS as-set neverviarouteserver set {
+	localpref 1
+	community 65520:0
+	community 65520:15
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+match from 2001:db8:1:1::21 set ext-community $INTCOMM_IRR_REJECT
+
+# AS_PATH: check origin via AS-SET
+# IRRDB filters for AS2_2, AS2: asns
+# add $INTCOMM_ORIGIN_KO to any; it will be removed later if at least one AS-SET authorizes this object
+match from 2001:db8:1:1::21 set ext-community $INTCOMM_ORIGIN_KO
+# verifying if object is authorized by AS-SETs
+# AS-SET AS2 referenced but empty.
+match from 2001:db8:1:1::21 source-as as-set AS_SET_AS_AS2_AS_AS2_CUSTOMERS_asns set {
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community $INTCOMM_ORIGIN_OK
+} # AS_AS2_AS_AS2_CUSTOMERS
+
+
+# Prefix: check prefix via AS-SET
+# IRRDB filters for AS2_2, AS2: prefixes
+# add $INTCOMM_PREFIX_KO to any; it will be removed later if at least one AS-SET authorizes this object
+match from 2001:db8:1:1::21 set ext-community $INTCOMM_PREFIX_KO
+# verifying if object is authorized by AS-SETs
+# AS-SET AS2 referenced but empty.
+match from 2001:db8:1:1::21 prefix-set AS_SET_AS_AS2_AS_AS2_CUSTOMERS_prefixes set {
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community $INTCOMM_PREFIX_OK
+} # AS_AS2_AS_AS2_CUSTOMERS
+
+
+# routes tagged with $INTCOMM_PREF_OK_ROA community have the prefix validated by a ROA; origin ASN previously validated ($INTCOMM_ORIGIN_OK)
+match from 2001:db8:1:1::21 ext-community $INTCOMM_ORIGIN_OK ext-community $INTCOMM_PREF_OK_ROA set ext-community delete $INTCOMM_IRR_REJECT
+
+# routes tagged with $INTCOMM_PREF_OK_ARINDB community have the prefix validated by an ARIN Whois record; origin ASN previously validated ($INTCOMM_ORIGIN_OK)
+match from 2001:db8:1:1::21 ext-community $INTCOMM_ORIGIN_OK ext-community $INTCOMM_PREF_OK_ARINDB set ext-community delete $INTCOMM_IRR_REJECT
+
+# routes tagged with $INTCOMM_PREF_OK_REGISTROBRDB community have the prefix validated by a NICBR Whois record; origin ASN previously validated ($INTCOMM_ORIGIN_OK)
+match from 2001:db8:1:1::21 ext-community $INTCOMM_ORIGIN_OK ext-community $INTCOMM_PREF_OK_REGISTROBRDB set ext-community delete $INTCOMM_IRR_REJECT
+
+
+# enforcing: origin ASN
+# Reject inbound routes when 'from 2001:db8:1:1::21 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_ORIGIN_KO' - reject code: 9
+allow quick from 2001:db8:1:1::21 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_ORIGIN_KO set {
+	localpref 1
+	community 65520:0
+	community 65520:9
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# enforcing: prefix
+# Reject inbound routes when 'from 2001:db8:1:1::21 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_PREFIX_KO' - reject code: 12
+allow quick from 2001:db8:1:1::21 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_PREFIX_KO set {
+	localpref 1
+	community 65520:0
+	community 65520:12
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# Blackhole request?
+match from 2001:db8:1:1::21 set ext-community delete rt 65520:2
+
+
+# Remove internal communities before accepting the route
+match from 2001:db8:1:1::21 community BLACKHOLE set {
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+allow from 2001:db8:1:1::21 community 65534:0 set {
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+allow from 2001:db8:1:1::21 large-community 65534:0:0 set {
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# Add the rpki_bgp_origin_validation_not_performed community
+match from 2001:db8:1:1::21 community BLACKHOLE set community 65530:4
+match from 2001:db8:1:1::21 community BLACKHOLE set large-community 999:65530:4
+
+match from 2001:db8:1:1::21 community 65534:0 set { community 65530:4 large-community 999:65530:4}
+match from 2001:db8:1:1::21 large-community 65534:0:0 set { community 65530:4 large-community 999:65530:4}
+
+
+allow quick from 2001:db8:1:1::21 community BLACKHOLE
+allow quick from 2001:db8:1:1::21 community 65534:0
+allow quick from 2001:db8:1:1::21 large-community 65534:0:0
+
+
+match from 2001:db8:1:1::21 set ext-community rt 65520:2
+
+
+# RPKI-based Origin Validation
+# Reject inbound routes when 'from 2001:db8:1:1::21 ext-community $INTCOMM_RPKI_INVALID' - reject code: 14
+allow quick from 2001:db8:1:1::21 ext-community $INTCOMM_RPKI_INVALID set {
+	localpref 1
+	community 65520:0
+	community 65520:14
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# Prefix: length
+# Reject inbound routes when 'from 2001:db8:1:1::21 prefix ::/0 prefixlen 17 >< 48' - reject code: 13
+allow quick from 2001:db8:1:1::21 prefix ::/0 prefixlen 17 >< 48 set {
+	localpref 1
+	community 65520:0
+	community 65520:13
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# Graceful shutdown
+match from 2001:db8:1:1::21 community GRACEFUL_SHUTDOWN set community delete GRACEFUL_SHUTDOWN
+
+# Remove internal communities before accepting the route
+match from 2001:db8:1:1::21 set {
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+match from 2001:db8:1:1::21 set ext-community delete rt 65520:2
+
+
+
+allow quick from 2001:db8:1:1::21
+
+
+
+# ---------------------------------------------
+# client AS2_2, outbound
+
+deny quick to 2001:db8:1:1::21 community 65520:0
+
+
+
+# Blackhole request?
+# Configured policy: rewrite-next-hop
+match to 2001:db8:1:1::21 community 65534:0 set community BLACKHOLE
+match to 2001:db8:1:1::21 large-community 65534:0:0 set community BLACKHOLE
+
+match to 2001:db8:1:1::21 community BLACKHOLE set community NO_EXPORT
+match to 2001:db8:1:1::21 community BLACKHOLE set nexthop 2001:db8:1:1::66
+
+
+# RPKI-based Origin Validation
+# Do not announce INVALID to clients
+deny quick to 2001:db8:1:1::21 ext-community $INTCOMM_RPKI_INVALID
+
+# NO_EXPORT and NO_ADVERTISE communities
+# add_noexport_to_any
+match to 2001:db8:1:1::21 community 65507:999 set community NO_EXPORT
+match to 2001:db8:1:1::21 ext-community rt 65507:999 set community NO_EXPORT
+match to 2001:db8:1:1::21 large-community 999:65507:999 set community NO_EXPORT
+
+# add_noadvertise_to_any
+match to 2001:db8:1:1::21 community 65508:999 set community NO_ADVERTISE
+match to 2001:db8:1:1::21 ext-community rt 65508:999 set community NO_ADVERTISE
+match to 2001:db8:1:1::21 large-community 999:65508:999 set community NO_ADVERTISE
+
+# add_noexport_to_peer
+match to 2001:db8:1:1::21 community 65509:2 set community NO_EXPORT
+match to 2001:db8:1:1::21 ext-community rt 65509:2 set community NO_EXPORT
+match to 2001:db8:1:1::21 large-community 999:65509:2 set community NO_EXPORT
+
+# add_noadvertise_to_peer
+match to 2001:db8:1:1::21 community 65510:2 set community NO_ADVERTISE
+match to 2001:db8:1:1::21 ext-community rt 65510:2 set community NO_ADVERTISE
+match to 2001:db8:1:1::21 large-community 999:65510:2 set community NO_ADVERTISE
+
+
+# BGP control communities
+allow to 2001:db8:1:1::21
+
+# do_not_announce_to_any
+deny to 2001:db8:1:1::21 community 0:999
+deny to 2001:db8:1:1::21 ext-community rt 0:999
+deny to 2001:db8:1:1::21 large-community 999:0:999
+
+# do_not_announce_to_peer
+deny quick to 2001:db8:1:1::21 community 0:2
+deny quick to 2001:db8:1:1::21 ext-community rt 0:2
+deny quick to 2001:db8:1:1::21 large-community 999:0:2
+
+# announce_to_peer
+allow to 2001:db8:1:1::21 community 65501:2
+allow to 2001:db8:1:1::21 ext-community rt 65501:2
+allow to 2001:db8:1:1::21 large-community 999:65501:2
+
+
+# Add the $INTCOMM_PROCESS_PREPEND_COMMS ext community to signal that communities
+# for prepending can be processed. As soon as one prepending action is performed,
+# this internal community is removed, so that further actions are not processed.
+match to 2001:db8:1:1::21 set ext-community $INTCOMM_PROCESS_PREPEND_COMMS
+
+# prepend_once_to_peer AS2; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 65521:2 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 65521:2 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:65521:2 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+# prepend_twice_to_peer AS2; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 65522:2 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 65522:2 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:65522:2 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+# prepend_thrice_to_peer AS2; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 65523:2 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 65523:2 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:65523:2 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+
+# prepend_once_to_any; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 65521:65521 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 65521:65521 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:65521:65521 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+# prepend_twice_to_any; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 65522:65522 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 65522:65522 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:65522:65522 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+# prepend_thrice_to_any; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 65523:65523 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 65523:65523 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:65523:65523 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+
+# ---------------------------------------------
+# client AS3_1, inbound
+
+
+
+# NEXT_HOP
+match from 192.0.2.31 set community NO_ADVERTISE
+match from 192.0.2.31 nexthop 192.0.2.31 set community delete NO_ADVERTISE
+# Reject inbound routes when 'from 192.0.2.31 community NO_ADVERTISE' - reject code: 5
+allow quick from 192.0.2.31 community NO_ADVERTISE set {
+	localpref 1
+	community 65520:0
+	community 65520:5
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: left-most ASN
+# Reject inbound routes when 'from 192.0.2.31 peer-as != 3' - reject code: 6
+# community from reject_cause_map
+allow quick from 192.0.2.31 peer-as != 3 set {
+	localpref 1
+	community 65520:0
+	community 65520:6
+	large-community 999:1101:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: invalid ASNs
+# Reject inbound routes when 'from 192.0.2.31 AS 23456' - reject code: 7
+allow quick from 192.0.2.31 AS 23456 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 192.0.2.31 AS 64496 - 131071' - reject code: 7
+allow quick from 192.0.2.31 AS 64496 - 131071 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 192.0.2.31 AS 4200000000 - 4294967295' - reject code: 7
+allow quick from 192.0.2.31 AS 4200000000 - 4294967295 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: transit-free ASNs
+# Reject inbound routes when 'from 192.0.2.31 AS { 174 }' - reject code: 8
+allow quick from 192.0.2.31 AS { 174 } set {
+	localpref 1
+	community 65520:0
+	community 65520:8
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: never via route-servers ASNs
+# Reject inbound routes when 'from 192.0.2.31 AS as-set neverviarouteserver' - reject code: 15
+allow quick from 192.0.2.31 AS as-set neverviarouteserver set {
+	localpref 1
+	community 65520:0
+	community 65520:15
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+
+
+# Prefix: client's blacklist
+prefix-set "client_AS3_1_black_list_pref_ipv4" {
+    3.0.1.0/24 prefixlen 24 - 32
+
+}
+# Reject inbound routes when 'from 192.0.2.31 prefix-set client_AS3_1_black_list_pref_ipv4' - reject code: 11
+allow quick from 192.0.2.31 prefix-set client_AS3_1_black_list_pref_ipv4 set {
+	localpref 1
+	community 65520:0
+	community 65520:11
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+
+# Blackhole request?
+match from 192.0.2.31 set ext-community delete rt 65520:3
+
+
+# Remove internal communities before accepting the route
+match from 192.0.2.31 community BLACKHOLE set {
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+allow from 192.0.2.31 community 65534:0 set {
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+allow from 192.0.2.31 large-community 65534:0:0 set {
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# Add the rpki_bgp_origin_validation_not_performed community
+match from 192.0.2.31 community BLACKHOLE set community 65530:4
+match from 192.0.2.31 community BLACKHOLE set large-community 999:65530:4
+
+match from 192.0.2.31 community 65534:0 set { community 65530:4 large-community 999:65530:4}
+match from 192.0.2.31 large-community 65534:0:0 set { community 65530:4 large-community 999:65530:4}
+
+
+allow quick from 192.0.2.31 community BLACKHOLE
+allow quick from 192.0.2.31 community 65534:0
+allow quick from 192.0.2.31 large-community 65534:0:0
+
+
+match from 192.0.2.31 set ext-community rt 65520:3
+
+
+# RPKI-based Origin Validation
+# Reject inbound routes when 'from 192.0.2.31 ext-community $INTCOMM_RPKI_INVALID' - reject code: 14
+allow quick from 192.0.2.31 ext-community $INTCOMM_RPKI_INVALID set {
+	localpref 1
+	community 65520:0
+	community 65520:14
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# Prefix: length
+# Reject inbound routes when 'from 192.0.2.31 prefix 0.0.0.0/0 prefixlen 8 >< 24' - reject code: 13
+allow quick from 192.0.2.31 prefix 0.0.0.0/0 prefixlen 8 >< 24 set {
+	localpref 1
+	community 65520:0
+	community 65520:13
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# Graceful shutdown
+match from 192.0.2.31 community GRACEFUL_SHUTDOWN set localpref 5
+
+# Remove internal communities before accepting the route
+match from 192.0.2.31 set {
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+match from 192.0.2.31 set ext-community delete rt 65520:3
+
+
+
+allow quick from 192.0.2.31
+
+
+
+# ---------------------------------------------
+# client AS3_1, outbound
+
+deny quick to 192.0.2.31 community 65520:0
+
+
+
+# Blackhole request?
+# Configured policy: rewrite-next-hop
+match to 192.0.2.31 community 65534:0 set community BLACKHOLE
+match to 192.0.2.31 large-community 65534:0:0 set community BLACKHOLE
+
+match to 192.0.2.31 community BLACKHOLE set community NO_EXPORT
+match to 192.0.2.31 community BLACKHOLE set nexthop 192.0.2.66
+
+
+# RPKI-based Origin Validation
+# Do not announce INVALID to clients
+deny quick to 192.0.2.31 ext-community $INTCOMM_RPKI_INVALID
+
+# NO_EXPORT and NO_ADVERTISE communities
+# add_noexport_to_any
+match to 192.0.2.31 community 65507:999 set community NO_EXPORT
+match to 192.0.2.31 ext-community rt 65507:999 set community NO_EXPORT
+match to 192.0.2.31 large-community 999:65507:999 set community NO_EXPORT
+
+# add_noadvertise_to_any
+match to 192.0.2.31 community 65508:999 set community NO_ADVERTISE
+match to 192.0.2.31 ext-community rt 65508:999 set community NO_ADVERTISE
+match to 192.0.2.31 large-community 999:65508:999 set community NO_ADVERTISE
+
+# add_noexport_to_peer
+match to 192.0.2.31 community 65509:3 set community NO_EXPORT
+match to 192.0.2.31 ext-community rt 65509:3 set community NO_EXPORT
+match to 192.0.2.31 large-community 999:65509:3 set community NO_EXPORT
+
+# add_noadvertise_to_peer
+match to 192.0.2.31 community 65510:3 set community NO_ADVERTISE
+match to 192.0.2.31 ext-community rt 65510:3 set community NO_ADVERTISE
+match to 192.0.2.31 large-community 999:65510:3 set community NO_ADVERTISE
+
+
+# BGP control communities
+allow to 192.0.2.31
+
+# do_not_announce_to_any
+deny to 192.0.2.31 community 0:999
+deny to 192.0.2.31 ext-community rt 0:999
+deny to 192.0.2.31 large-community 999:0:999
+
+# do_not_announce_to_peer
+deny quick to 192.0.2.31 community 0:3
+deny quick to 192.0.2.31 ext-community rt 0:3
+deny quick to 192.0.2.31 large-community 999:0:3
+
+# do_not_announce_to_peers_with_rtt_lower_than 200 ms
+deny to 192.0.2.31 community 64530:200
+deny to 192.0.2.31 ext-community rt 64530:200
+deny to 192.0.2.31 large-community 999:64530:200
+
+
+# do_not_announce_to_peers_with_rtt_lower_than 500 ms
+deny to 192.0.2.31 community 64530:500
+deny to 192.0.2.31 ext-community rt 64530:500
+deny to 192.0.2.31 large-community 999:64530:500
+
+
+# announce_to_peers_with_rtt_lower_than 200 ms
+allow to 192.0.2.31 community 64532:200
+allow to 192.0.2.31 ext-community rt 64532:200
+allow to 192.0.2.31 large-community 999:64532:200
+
+
+# announce_to_peers_with_rtt_lower_than 500 ms
+allow to 192.0.2.31 community 64532:500
+allow to 192.0.2.31 ext-community rt 64532:500
+allow to 192.0.2.31 large-community 999:64532:500
+
+
+# do_not_announce_to_peers_with_rtt_higher_than 5 ms
+deny to 192.0.2.31 community 64531:5
+deny to 192.0.2.31 ext-community rt 64531:5
+deny to 192.0.2.31 large-community 999:64531:5
+
+
+# do_not_announce_to_peers_with_rtt_higher_than 10 ms
+deny to 192.0.2.31 community 64531:10
+deny to 192.0.2.31 ext-community rt 64531:10
+deny to 192.0.2.31 large-community 999:64531:10
+
+
+# do_not_announce_to_peers_with_rtt_higher_than 15 ms
+deny to 192.0.2.31 community 64531:15
+deny to 192.0.2.31 ext-community rt 64531:15
+deny to 192.0.2.31 large-community 999:64531:15
+
+
+# do_not_announce_to_peers_with_rtt_higher_than 20 ms
+deny to 192.0.2.31 community 64531:20
+deny to 192.0.2.31 ext-community rt 64531:20
+deny to 192.0.2.31 large-community 999:64531:20
+
+
+# do_not_announce_to_peers_with_rtt_higher_than 30 ms
+deny to 192.0.2.31 community 64531:30
+deny to 192.0.2.31 ext-community rt 64531:30
+deny to 192.0.2.31 large-community 999:64531:30
+
+
+# do_not_announce_to_peers_with_rtt_higher_than 50 ms
+deny to 192.0.2.31 community 64531:50
+deny to 192.0.2.31 ext-community rt 64531:50
+deny to 192.0.2.31 large-community 999:64531:50
+
+
+# do_not_announce_to_peers_with_rtt_higher_than 100 ms
+deny to 192.0.2.31 community 64531:100
+deny to 192.0.2.31 ext-community rt 64531:100
+deny to 192.0.2.31 large-community 999:64531:100
+
+
+# announce_to_peers_with_rtt_higher_than 5 ms
+allow to 192.0.2.31 community 64533:5
+allow to 192.0.2.31 ext-community rt 64533:5
+allow to 192.0.2.31 large-community 999:64533:5
+
+
+# announce_to_peers_with_rtt_higher_than 10 ms
+allow to 192.0.2.31 community 64533:10
+allow to 192.0.2.31 ext-community rt 64533:10
+allow to 192.0.2.31 large-community 999:64533:10
+
+
+# announce_to_peers_with_rtt_higher_than 15 ms
+allow to 192.0.2.31 community 64533:15
+allow to 192.0.2.31 ext-community rt 64533:15
+allow to 192.0.2.31 large-community 999:64533:15
+
+
+# announce_to_peers_with_rtt_higher_than 20 ms
+allow to 192.0.2.31 community 64533:20
+allow to 192.0.2.31 ext-community rt 64533:20
+allow to 192.0.2.31 large-community 999:64533:20
+
+
+# announce_to_peers_with_rtt_higher_than 30 ms
+allow to 192.0.2.31 community 64533:30
+allow to 192.0.2.31 ext-community rt 64533:30
+allow to 192.0.2.31 large-community 999:64533:30
+
+
+# announce_to_peers_with_rtt_higher_than 50 ms
+allow to 192.0.2.31 community 64533:50
+allow to 192.0.2.31 ext-community rt 64533:50
+allow to 192.0.2.31 large-community 999:64533:50
+
+
+# announce_to_peers_with_rtt_higher_than 100 ms
+allow to 192.0.2.31 community 64533:100
+allow to 192.0.2.31 ext-community rt 64533:100
+allow to 192.0.2.31 large-community 999:64533:100
+
+
+# announce_to_peer
+allow to 192.0.2.31 community 65501:3
+allow to 192.0.2.31 ext-community rt 65501:3
+allow to 192.0.2.31 large-community 999:65501:3
+
+
+# Add the $INTCOMM_PROCESS_PREPEND_COMMS ext community to signal that communities
+# for prepending can be processed. As soon as one prepending action is performed,
+# this internal community is removed, so that further actions are not processed.
+match to 192.0.2.31 set ext-community $INTCOMM_PROCESS_PREPEND_COMMS
+
+# prepend_once_to_peer AS3; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 65521:3 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 65521:3 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:65521:3 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+# prepend_twice_to_peer AS3; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 65522:3 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 65522:3 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:65522:3 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+# prepend_thrice_to_peer AS3; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 65523:3 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 65523:3 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:65523:3 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_once_to_peers_with_rtt_higher_than 100 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64537:100 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64537:100 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64537:100 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_twice_to_peers_with_rtt_higher_than 100 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64538:100 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64538:100 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64538:100 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_thrice_to_peers_with_rtt_higher_than 100 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64539:100 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64539:100 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64539:100 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_once_to_peers_with_rtt_higher_than 50 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64537:50 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64537:50 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64537:50 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_twice_to_peers_with_rtt_higher_than 50 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64538:50 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64538:50 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64538:50 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_thrice_to_peers_with_rtt_higher_than 50 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64539:50 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64539:50 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64539:50 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_once_to_peers_with_rtt_higher_than 30 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64537:30 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64537:30 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64537:30 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_twice_to_peers_with_rtt_higher_than 30 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64538:30 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64538:30 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64538:30 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_thrice_to_peers_with_rtt_higher_than 30 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64539:30 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64539:30 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64539:30 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_once_to_peers_with_rtt_higher_than 20 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64537:20 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64537:20 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64537:20 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_twice_to_peers_with_rtt_higher_than 20 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64538:20 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64538:20 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64538:20 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_thrice_to_peers_with_rtt_higher_than 20 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64539:20 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64539:20 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64539:20 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_once_to_peers_with_rtt_higher_than 15 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64537:15 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64537:15 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64537:15 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_twice_to_peers_with_rtt_higher_than 15 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64538:15 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64538:15 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64538:15 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_thrice_to_peers_with_rtt_higher_than 15 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64539:15 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64539:15 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64539:15 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_once_to_peers_with_rtt_higher_than 10 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64537:10 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64537:10 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64537:10 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_twice_to_peers_with_rtt_higher_than 10 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64538:10 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64538:10 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64538:10 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_thrice_to_peers_with_rtt_higher_than 10 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64539:10 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64539:10 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64539:10 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_once_to_peers_with_rtt_higher_than 5 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64537:5 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64537:5 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64537:5 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_twice_to_peers_with_rtt_higher_than 5 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64538:5 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64538:5 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64538:5 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_thrice_to_peers_with_rtt_higher_than 5 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64539:5 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64539:5 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64539:5 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_once_to_peers_with_rtt_lower_than 200 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64534:200 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64534:200 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64534:200 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_twice_to_peers_with_rtt_lower_than 200 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64535:200 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64535:200 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64535:200 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_thrice_to_peers_with_rtt_lower_than 200 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64536:200 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64536:200 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64536:200 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_once_to_peers_with_rtt_lower_than 500 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64534:500 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64534:500 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64534:500 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_twice_to_peers_with_rtt_lower_than 500 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64535:500 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64535:500 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64535:500 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_thrice_to_peers_with_rtt_lower_than 500 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64536:500 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64536:500 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64536:500 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+
+# prepend_once_to_any; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 65521:65521 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 65521:65521 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:65521:65521 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+# prepend_twice_to_any; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 65522:65522 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 65522:65522 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:65522:65522 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+# prepend_thrice_to_any; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 65523:65523 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 65523:65523 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:65523:65523 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+
+# ---------------------------------------------
+# client AS3_2, inbound
+
+
+
+# NEXT_HOP
+match from 2001:db8:1:1::31 set community NO_ADVERTISE
+match from 2001:db8:1:1::31 nexthop 2001:db8:1:1::31 set community delete NO_ADVERTISE
+# Reject inbound routes when 'from 2001:db8:1:1::31 community NO_ADVERTISE' - reject code: 5
+allow quick from 2001:db8:1:1::31 community NO_ADVERTISE set {
+	localpref 1
+	community 65520:0
+	community 65520:5
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: left-most ASN
+# Reject inbound routes when 'from 2001:db8:1:1::31 peer-as != 3' - reject code: 6
+# community from reject_cause_map
+allow quick from 2001:db8:1:1::31 peer-as != 3 set {
+	localpref 1
+	community 65520:0
+	community 65520:6
+	large-community 999:1101:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: invalid ASNs
+# Reject inbound routes when 'from 2001:db8:1:1::31 AS 23456' - reject code: 7
+allow quick from 2001:db8:1:1::31 AS 23456 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 2001:db8:1:1::31 AS 64496 - 131071' - reject code: 7
+allow quick from 2001:db8:1:1::31 AS 64496 - 131071 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 2001:db8:1:1::31 AS 4200000000 - 4294967295' - reject code: 7
+allow quick from 2001:db8:1:1::31 AS 4200000000 - 4294967295 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: transit-free ASNs
+# Reject inbound routes when 'from 2001:db8:1:1::31 AS { 174 }' - reject code: 8
+allow quick from 2001:db8:1:1::31 AS { 174 } set {
+	localpref 1
+	community 65520:0
+	community 65520:8
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: never via route-servers ASNs
+# Reject inbound routes when 'from 2001:db8:1:1::31 AS as-set neverviarouteserver' - reject code: 15
+allow quick from 2001:db8:1:1::31 AS as-set neverviarouteserver set {
+	localpref 1
+	community 65520:0
+	community 65520:15
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+
+
+# Prefix: client's blacklist
+prefix-set "client_AS3_2_black_list_pref_ipv6" {
+    2a03:0:1::/48 prefixlen 48 - 128
+
+}
+# Reject inbound routes when 'from 2001:db8:1:1::31 prefix-set client_AS3_2_black_list_pref_ipv6' - reject code: 11
+allow quick from 2001:db8:1:1::31 prefix-set client_AS3_2_black_list_pref_ipv6 set {
+	localpref 1
+	community 65520:0
+	community 65520:11
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+
+# Blackhole request?
+match from 2001:db8:1:1::31 set ext-community delete rt 65520:3
+
+
+# Remove internal communities before accepting the route
+match from 2001:db8:1:1::31 community BLACKHOLE set {
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+allow from 2001:db8:1:1::31 community 65534:0 set {
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+allow from 2001:db8:1:1::31 large-community 65534:0:0 set {
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# Add the rpki_bgp_origin_validation_not_performed community
+match from 2001:db8:1:1::31 community BLACKHOLE set community 65530:4
+match from 2001:db8:1:1::31 community BLACKHOLE set large-community 999:65530:4
+
+match from 2001:db8:1:1::31 community 65534:0 set { community 65530:4 large-community 999:65530:4}
+match from 2001:db8:1:1::31 large-community 65534:0:0 set { community 65530:4 large-community 999:65530:4}
+
+
+allow quick from 2001:db8:1:1::31 community BLACKHOLE
+allow quick from 2001:db8:1:1::31 community 65534:0
+allow quick from 2001:db8:1:1::31 large-community 65534:0:0
+
+
+match from 2001:db8:1:1::31 set ext-community rt 65520:3
+
+
+# RPKI-based Origin Validation
+# Reject inbound routes when 'from 2001:db8:1:1::31 ext-community $INTCOMM_RPKI_INVALID' - reject code: 14
+allow quick from 2001:db8:1:1::31 ext-community $INTCOMM_RPKI_INVALID set {
+	localpref 1
+	community 65520:0
+	community 65520:14
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# Prefix: length
+# Reject inbound routes when 'from 2001:db8:1:1::31 prefix ::/0 prefixlen 17 >< 48' - reject code: 13
+allow quick from 2001:db8:1:1::31 prefix ::/0 prefixlen 17 >< 48 set {
+	localpref 1
+	community 65520:0
+	community 65520:13
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# Graceful shutdown
+match from 2001:db8:1:1::31 community GRACEFUL_SHUTDOWN set localpref 5
+
+# Remove internal communities before accepting the route
+match from 2001:db8:1:1::31 set {
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+match from 2001:db8:1:1::31 set ext-community delete rt 65520:3
+
+
+
+allow quick from 2001:db8:1:1::31
+
+
+
+# ---------------------------------------------
+# client AS3_2, outbound
+
+deny quick to 2001:db8:1:1::31 community 65520:0
+
+
+
+# Blackhole request?
+# Configured policy: rewrite-next-hop
+match to 2001:db8:1:1::31 community 65534:0 set community BLACKHOLE
+match to 2001:db8:1:1::31 large-community 65534:0:0 set community BLACKHOLE
+
+match to 2001:db8:1:1::31 community BLACKHOLE set community NO_EXPORT
+match to 2001:db8:1:1::31 community BLACKHOLE set nexthop 2001:db8:1:1::66
+
+
+# RPKI-based Origin Validation
+# Do not announce INVALID to clients
+deny quick to 2001:db8:1:1::31 ext-community $INTCOMM_RPKI_INVALID
+
+# NO_EXPORT and NO_ADVERTISE communities
+# add_noexport_to_any
+match to 2001:db8:1:1::31 community 65507:999 set community NO_EXPORT
+match to 2001:db8:1:1::31 ext-community rt 65507:999 set community NO_EXPORT
+match to 2001:db8:1:1::31 large-community 999:65507:999 set community NO_EXPORT
+
+# add_noadvertise_to_any
+match to 2001:db8:1:1::31 community 65508:999 set community NO_ADVERTISE
+match to 2001:db8:1:1::31 ext-community rt 65508:999 set community NO_ADVERTISE
+match to 2001:db8:1:1::31 large-community 999:65508:999 set community NO_ADVERTISE
+
+# add_noexport_to_peer
+match to 2001:db8:1:1::31 community 65509:3 set community NO_EXPORT
+match to 2001:db8:1:1::31 ext-community rt 65509:3 set community NO_EXPORT
+match to 2001:db8:1:1::31 large-community 999:65509:3 set community NO_EXPORT
+
+# add_noadvertise_to_peer
+match to 2001:db8:1:1::31 community 65510:3 set community NO_ADVERTISE
+match to 2001:db8:1:1::31 ext-community rt 65510:3 set community NO_ADVERTISE
+match to 2001:db8:1:1::31 large-community 999:65510:3 set community NO_ADVERTISE
+
+
+# BGP control communities
+allow to 2001:db8:1:1::31
+
+# do_not_announce_to_any
+deny to 2001:db8:1:1::31 community 0:999
+deny to 2001:db8:1:1::31 ext-community rt 0:999
+deny to 2001:db8:1:1::31 large-community 999:0:999
+
+# do_not_announce_to_peer
+deny quick to 2001:db8:1:1::31 community 0:3
+deny quick to 2001:db8:1:1::31 ext-community rt 0:3
+deny quick to 2001:db8:1:1::31 large-community 999:0:3
+
+# announce_to_peer
+allow to 2001:db8:1:1::31 community 65501:3
+allow to 2001:db8:1:1::31 ext-community rt 65501:3
+allow to 2001:db8:1:1::31 large-community 999:65501:3
+
+
+# Add the $INTCOMM_PROCESS_PREPEND_COMMS ext community to signal that communities
+# for prepending can be processed. As soon as one prepending action is performed,
+# this internal community is removed, so that further actions are not processed.
+match to 2001:db8:1:1::31 set ext-community $INTCOMM_PROCESS_PREPEND_COMMS
+
+# prepend_once_to_peer AS3; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 65521:3 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 65521:3 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:65521:3 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+# prepend_twice_to_peer AS3; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 65522:3 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 65522:3 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:65522:3 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+# prepend_thrice_to_peer AS3; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 65523:3 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 65523:3 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:65523:3 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+
+# prepend_once_to_any; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 65521:65521 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 65521:65521 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:65521:65521 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+# prepend_twice_to_any; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 65522:65522 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 65522:65522 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:65522:65522 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+# prepend_thrice_to_any; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 65523:65523 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 65523:65523 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:65523:65523 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+
+# ---------------------------------------------
+# client AS4_1, inbound
+
+
+
+# NEXT_HOP
+match from 192.0.2.41 set community NO_ADVERTISE
+match from 192.0.2.41 nexthop 192.0.2.41 set community delete NO_ADVERTISE
+# Reject inbound routes when 'from 192.0.2.41 community NO_ADVERTISE' - reject code: 5
+allow quick from 192.0.2.41 community NO_ADVERTISE set {
+	localpref 1
+	community 65520:0
+	community 65520:5
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: left-most ASN
+# Reject inbound routes when 'from 192.0.2.41 peer-as != 4' - reject code: 6
+# community from reject_cause_map
+allow quick from 192.0.2.41 peer-as != 4 set {
+	localpref 1
+	community 65520:0
+	community 65520:6
+	large-community 999:1101:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: invalid ASNs
+# Reject inbound routes when 'from 192.0.2.41 AS 23456' - reject code: 7
+allow quick from 192.0.2.41 AS 23456 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 192.0.2.41 AS 64496 - 131071' - reject code: 7
+allow quick from 192.0.2.41 AS 64496 - 131071 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 192.0.2.41 AS 4200000000 - 4294967295' - reject code: 7
+allow quick from 192.0.2.41 AS 4200000000 - 4294967295 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: transit-free ASNs
+# Reject inbound routes when 'from 192.0.2.41 AS { 3, 174 }' - reject code: 8
+allow quick from 192.0.2.41 AS { 3, 174 } set {
+	localpref 1
+	community 65520:0
+	community 65520:8
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: never via route-servers ASNs
+# Reject inbound routes when 'from 192.0.2.41 AS as-set neverviarouteserver' - reject code: 15
+allow quick from 192.0.2.41 AS as-set neverviarouteserver set {
+	localpref 1
+	community 65520:0
+	community 65520:15
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+
+
+
+
+
+# Blackhole request?
+match from 192.0.2.41 set ext-community delete rt 65520:4
+
+
+# Remove internal communities before accepting the route
+match from 192.0.2.41 community BLACKHOLE set {
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+allow from 192.0.2.41 community 65534:0 set {
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+allow from 192.0.2.41 large-community 65534:0:0 set {
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# Add the rpki_bgp_origin_validation_not_performed community
+match from 192.0.2.41 community BLACKHOLE set community 65530:4
+match from 192.0.2.41 community BLACKHOLE set large-community 999:65530:4
+
+match from 192.0.2.41 community 65534:0 set { community 65530:4 large-community 999:65530:4}
+match from 192.0.2.41 large-community 65534:0:0 set { community 65530:4 large-community 999:65530:4}
+
+
+allow quick from 192.0.2.41 community BLACKHOLE
+allow quick from 192.0.2.41 community 65534:0
+allow quick from 192.0.2.41 large-community 65534:0:0
+
+
+match from 192.0.2.41 set ext-community rt 65520:4
+
+
+# RPKI-based Origin Validation
+# Reject inbound routes when 'from 192.0.2.41 ext-community $INTCOMM_RPKI_INVALID' - reject code: 14
+allow quick from 192.0.2.41 ext-community $INTCOMM_RPKI_INVALID set {
+	localpref 1
+	community 65520:0
+	community 65520:14
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# Prefix: length
+# Reject inbound routes when 'from 192.0.2.41 prefix 0.0.0.0/0 prefixlen 8 >< 24' - reject code: 13
+allow quick from 192.0.2.41 prefix 0.0.0.0/0 prefixlen 8 >< 24 set {
+	localpref 1
+	community 65520:0
+	community 65520:13
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# Graceful shutdown
+match from 192.0.2.41 community GRACEFUL_SHUTDOWN set localpref 5
+
+# Remove internal communities before accepting the route
+match from 192.0.2.41 set {
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+match from 192.0.2.41 set ext-community delete rt 65520:4
+
+
+
+allow quick from 192.0.2.41
+
+
+
+# ---------------------------------------------
+# client AS4_1, outbound
+
+deny quick to 192.0.2.41 community 65520:0
+
+
+
+# Blackhole request?
+# Configured policy: rewrite-next-hop
+match to 192.0.2.41 community 65534:0 set community BLACKHOLE
+match to 192.0.2.41 large-community 65534:0:0 set community BLACKHOLE
+
+match to 192.0.2.41 community BLACKHOLE set community NO_EXPORT
+match to 192.0.2.41 community BLACKHOLE set nexthop 192.0.2.66
+
+
+# RPKI-based Origin Validation
+# Do not announce INVALID to clients
+deny quick to 192.0.2.41 ext-community $INTCOMM_RPKI_INVALID
+
+# NO_EXPORT and NO_ADVERTISE communities
+# add_noexport_to_any
+match to 192.0.2.41 community 65507:999 set community NO_EXPORT
+match to 192.0.2.41 ext-community rt 65507:999 set community NO_EXPORT
+match to 192.0.2.41 large-community 999:65507:999 set community NO_EXPORT
+
+# add_noadvertise_to_any
+match to 192.0.2.41 community 65508:999 set community NO_ADVERTISE
+match to 192.0.2.41 ext-community rt 65508:999 set community NO_ADVERTISE
+match to 192.0.2.41 large-community 999:65508:999 set community NO_ADVERTISE
+
+# add_noexport_to_peer
+match to 192.0.2.41 community 65509:4 set community NO_EXPORT
+match to 192.0.2.41 ext-community rt 65509:4 set community NO_EXPORT
+match to 192.0.2.41 large-community 999:65509:4 set community NO_EXPORT
+
+# add_noadvertise_to_peer
+match to 192.0.2.41 community 65510:4 set community NO_ADVERTISE
+match to 192.0.2.41 ext-community rt 65510:4 set community NO_ADVERTISE
+match to 192.0.2.41 large-community 999:65510:4 set community NO_ADVERTISE
+
+
+# BGP control communities
+allow to 192.0.2.41
+
+# do_not_announce_to_any
+deny to 192.0.2.41 community 0:999
+deny to 192.0.2.41 ext-community rt 0:999
+deny to 192.0.2.41 large-community 999:0:999
+
+# do_not_announce_to_peer
+deny quick to 192.0.2.41 community 0:4
+deny quick to 192.0.2.41 ext-community rt 0:4
+deny quick to 192.0.2.41 large-community 999:0:4
+
+# do_not_announce_to_peers_with_rtt_higher_than 5 ms
+deny to 192.0.2.41 community 64531:5
+deny to 192.0.2.41 ext-community rt 64531:5
+deny to 192.0.2.41 large-community 999:64531:5
+
+
+# do_not_announce_to_peers_with_rtt_higher_than 10 ms
+deny to 192.0.2.41 community 64531:10
+deny to 192.0.2.41 ext-community rt 64531:10
+deny to 192.0.2.41 large-community 999:64531:10
+
+
+# do_not_announce_to_peers_with_rtt_higher_than 15 ms
+deny to 192.0.2.41 community 64531:15
+deny to 192.0.2.41 ext-community rt 64531:15
+deny to 192.0.2.41 large-community 999:64531:15
+
+
+# do_not_announce_to_peers_with_rtt_higher_than 20 ms
+deny to 192.0.2.41 community 64531:20
+deny to 192.0.2.41 ext-community rt 64531:20
+deny to 192.0.2.41 large-community 999:64531:20
+
+
+# do_not_announce_to_peers_with_rtt_higher_than 30 ms
+deny to 192.0.2.41 community 64531:30
+deny to 192.0.2.41 ext-community rt 64531:30
+deny to 192.0.2.41 large-community 999:64531:30
+
+
+# do_not_announce_to_peers_with_rtt_higher_than 50 ms
+deny to 192.0.2.41 community 64531:50
+deny to 192.0.2.41 ext-community rt 64531:50
+deny to 192.0.2.41 large-community 999:64531:50
+
+
+# do_not_announce_to_peers_with_rtt_higher_than 100 ms
+deny to 192.0.2.41 community 64531:100
+deny to 192.0.2.41 ext-community rt 64531:100
+deny to 192.0.2.41 large-community 999:64531:100
+
+
+# do_not_announce_to_peers_with_rtt_higher_than 200 ms
+deny to 192.0.2.41 community 64531:200
+deny to 192.0.2.41 ext-community rt 64531:200
+deny to 192.0.2.41 large-community 999:64531:200
+
+
+# do_not_announce_to_peers_with_rtt_higher_than 500 ms
+deny to 192.0.2.41 community 64531:500
+deny to 192.0.2.41 ext-community rt 64531:500
+deny to 192.0.2.41 large-community 999:64531:500
+
+
+# announce_to_peers_with_rtt_higher_than 5 ms
+allow to 192.0.2.41 community 64533:5
+allow to 192.0.2.41 ext-community rt 64533:5
+allow to 192.0.2.41 large-community 999:64533:5
+
+
+# announce_to_peers_with_rtt_higher_than 10 ms
+allow to 192.0.2.41 community 64533:10
+allow to 192.0.2.41 ext-community rt 64533:10
+allow to 192.0.2.41 large-community 999:64533:10
+
+
+# announce_to_peers_with_rtt_higher_than 15 ms
+allow to 192.0.2.41 community 64533:15
+allow to 192.0.2.41 ext-community rt 64533:15
+allow to 192.0.2.41 large-community 999:64533:15
+
+
+# announce_to_peers_with_rtt_higher_than 20 ms
+allow to 192.0.2.41 community 64533:20
+allow to 192.0.2.41 ext-community rt 64533:20
+allow to 192.0.2.41 large-community 999:64533:20
+
+
+# announce_to_peers_with_rtt_higher_than 30 ms
+allow to 192.0.2.41 community 64533:30
+allow to 192.0.2.41 ext-community rt 64533:30
+allow to 192.0.2.41 large-community 999:64533:30
+
+
+# announce_to_peers_with_rtt_higher_than 50 ms
+allow to 192.0.2.41 community 64533:50
+allow to 192.0.2.41 ext-community rt 64533:50
+allow to 192.0.2.41 large-community 999:64533:50
+
+
+# announce_to_peers_with_rtt_higher_than 100 ms
+allow to 192.0.2.41 community 64533:100
+allow to 192.0.2.41 ext-community rt 64533:100
+allow to 192.0.2.41 large-community 999:64533:100
+
+
+# announce_to_peers_with_rtt_higher_than 200 ms
+allow to 192.0.2.41 community 64533:200
+allow to 192.0.2.41 ext-community rt 64533:200
+allow to 192.0.2.41 large-community 999:64533:200
+
+
+# announce_to_peers_with_rtt_higher_than 500 ms
+allow to 192.0.2.41 community 64533:500
+allow to 192.0.2.41 ext-community rt 64533:500
+allow to 192.0.2.41 large-community 999:64533:500
+
+
+# announce_to_peer
+allow to 192.0.2.41 community 65501:4
+allow to 192.0.2.41 ext-community rt 65501:4
+allow to 192.0.2.41 large-community 999:65501:4
+
+
+# Add the $INTCOMM_PROCESS_PREPEND_COMMS ext community to signal that communities
+# for prepending can be processed. As soon as one prepending action is performed,
+# this internal community is removed, so that further actions are not processed.
+match to 192.0.2.41 set ext-community $INTCOMM_PROCESS_PREPEND_COMMS
+
+# prepend_once_to_peer AS4; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 65521:4 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 65521:4 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:65521:4 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+# prepend_twice_to_peer AS4; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 65522:4 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 65522:4 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:65522:4 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+# prepend_thrice_to_peer AS4; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 65523:4 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 65523:4 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:65523:4 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_once_to_peers_with_rtt_higher_than 500 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64537:500 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64537:500 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64537:500 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_twice_to_peers_with_rtt_higher_than 500 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64538:500 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64538:500 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64538:500 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_thrice_to_peers_with_rtt_higher_than 500 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64539:500 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64539:500 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64539:500 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_once_to_peers_with_rtt_higher_than 200 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64537:200 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64537:200 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64537:200 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_twice_to_peers_with_rtt_higher_than 200 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64538:200 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64538:200 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64538:200 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_thrice_to_peers_with_rtt_higher_than 200 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64539:200 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64539:200 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64539:200 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_once_to_peers_with_rtt_higher_than 100 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64537:100 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64537:100 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64537:100 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_twice_to_peers_with_rtt_higher_than 100 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64538:100 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64538:100 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64538:100 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_thrice_to_peers_with_rtt_higher_than 100 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64539:100 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64539:100 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64539:100 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_once_to_peers_with_rtt_higher_than 50 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64537:50 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64537:50 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64537:50 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_twice_to_peers_with_rtt_higher_than 50 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64538:50 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64538:50 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64538:50 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_thrice_to_peers_with_rtt_higher_than 50 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64539:50 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64539:50 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64539:50 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_once_to_peers_with_rtt_higher_than 30 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64537:30 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64537:30 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64537:30 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_twice_to_peers_with_rtt_higher_than 30 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64538:30 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64538:30 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64538:30 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_thrice_to_peers_with_rtt_higher_than 30 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64539:30 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64539:30 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64539:30 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_once_to_peers_with_rtt_higher_than 20 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64537:20 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64537:20 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64537:20 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_twice_to_peers_with_rtt_higher_than 20 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64538:20 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64538:20 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64538:20 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_thrice_to_peers_with_rtt_higher_than 20 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64539:20 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64539:20 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64539:20 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_once_to_peers_with_rtt_higher_than 15 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64537:15 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64537:15 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64537:15 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_twice_to_peers_with_rtt_higher_than 15 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64538:15 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64538:15 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64538:15 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_thrice_to_peers_with_rtt_higher_than 15 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64539:15 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64539:15 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64539:15 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_once_to_peers_with_rtt_higher_than 10 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64537:10 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64537:10 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64537:10 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_twice_to_peers_with_rtt_higher_than 10 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64538:10 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64538:10 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64538:10 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_thrice_to_peers_with_rtt_higher_than 10 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64539:10 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64539:10 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64539:10 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_once_to_peers_with_rtt_higher_than 5 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64537:5 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64537:5 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64537:5 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_twice_to_peers_with_rtt_higher_than 5 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64538:5 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64538:5 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64538:5 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_thrice_to_peers_with_rtt_higher_than 5 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64539:5 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64539:5 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64539:5 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+
+# prepend_once_to_any; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 65521:65521 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 65521:65521 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:65521:65521 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+# prepend_twice_to_any; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 65522:65522 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 65522:65522 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:65522:65522 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+# prepend_thrice_to_any; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 65523:65523 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 65523:65523 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:65523:65523 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+
+# ---------------------------------------------
+# client AS4_2, inbound
+
+
+
+# NEXT_HOP
+match from 2001:db8:1:1::41 set community NO_ADVERTISE
+match from 2001:db8:1:1::41 nexthop 2001:db8:1:1::41 set community delete NO_ADVERTISE
+# Reject inbound routes when 'from 2001:db8:1:1::41 community NO_ADVERTISE' - reject code: 5
+allow quick from 2001:db8:1:1::41 community NO_ADVERTISE set {
+	localpref 1
+	community 65520:0
+	community 65520:5
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: left-most ASN
+# Reject inbound routes when 'from 2001:db8:1:1::41 peer-as != 4' - reject code: 6
+# community from reject_cause_map
+allow quick from 2001:db8:1:1::41 peer-as != 4 set {
+	localpref 1
+	community 65520:0
+	community 65520:6
+	large-community 999:1101:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: invalid ASNs
+# Reject inbound routes when 'from 2001:db8:1:1::41 AS 23456' - reject code: 7
+allow quick from 2001:db8:1:1::41 AS 23456 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 2001:db8:1:1::41 AS 64496 - 131071' - reject code: 7
+allow quick from 2001:db8:1:1::41 AS 64496 - 131071 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 2001:db8:1:1::41 AS 4200000000 - 4294967295' - reject code: 7
+allow quick from 2001:db8:1:1::41 AS 4200000000 - 4294967295 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: transit-free ASNs
+# Reject inbound routes when 'from 2001:db8:1:1::41 AS { 3, 174 }' - reject code: 8
+allow quick from 2001:db8:1:1::41 AS { 3, 174 } set {
+	localpref 1
+	community 65520:0
+	community 65520:8
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: never via route-servers ASNs
+# Reject inbound routes when 'from 2001:db8:1:1::41 AS as-set neverviarouteserver' - reject code: 15
+allow quick from 2001:db8:1:1::41 AS as-set neverviarouteserver set {
+	localpref 1
+	community 65520:0
+	community 65520:15
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+
+
+
+
+
+# Blackhole request?
+match from 2001:db8:1:1::41 set ext-community delete rt 65520:4
+
+
+# Remove internal communities before accepting the route
+match from 2001:db8:1:1::41 community BLACKHOLE set {
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+allow from 2001:db8:1:1::41 community 65534:0 set {
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+allow from 2001:db8:1:1::41 large-community 65534:0:0 set {
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# Add the rpki_bgp_origin_validation_not_performed community
+match from 2001:db8:1:1::41 community BLACKHOLE set community 65530:4
+match from 2001:db8:1:1::41 community BLACKHOLE set large-community 999:65530:4
+
+match from 2001:db8:1:1::41 community 65534:0 set { community 65530:4 large-community 999:65530:4}
+match from 2001:db8:1:1::41 large-community 65534:0:0 set { community 65530:4 large-community 999:65530:4}
+
+
+allow quick from 2001:db8:1:1::41 community BLACKHOLE
+allow quick from 2001:db8:1:1::41 community 65534:0
+allow quick from 2001:db8:1:1::41 large-community 65534:0:0
+
+
+match from 2001:db8:1:1::41 set ext-community rt 65520:4
+
+
+# RPKI-based Origin Validation
+# Reject inbound routes when 'from 2001:db8:1:1::41 ext-community $INTCOMM_RPKI_INVALID' - reject code: 14
+allow quick from 2001:db8:1:1::41 ext-community $INTCOMM_RPKI_INVALID set {
+	localpref 1
+	community 65520:0
+	community 65520:14
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# Prefix: length
+# Reject inbound routes when 'from 2001:db8:1:1::41 prefix ::/0 prefixlen 17 >< 48' - reject code: 13
+allow quick from 2001:db8:1:1::41 prefix ::/0 prefixlen 17 >< 48 set {
+	localpref 1
+	community 65520:0
+	community 65520:13
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# Graceful shutdown
+match from 2001:db8:1:1::41 community GRACEFUL_SHUTDOWN set localpref 5
+
+# Remove internal communities before accepting the route
+match from 2001:db8:1:1::41 set {
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+match from 2001:db8:1:1::41 set ext-community delete rt 65520:4
+
+
+
+allow quick from 2001:db8:1:1::41
+
+
+
+# ---------------------------------------------
+# client AS4_2, outbound
+
+deny quick to 2001:db8:1:1::41 community 65520:0
+
+
+
+# Blackhole request?
+# Configured policy: rewrite-next-hop
+match to 2001:db8:1:1::41 community 65534:0 set community BLACKHOLE
+match to 2001:db8:1:1::41 large-community 65534:0:0 set community BLACKHOLE
+
+match to 2001:db8:1:1::41 community BLACKHOLE set community NO_EXPORT
+match to 2001:db8:1:1::41 community BLACKHOLE set nexthop 2001:db8:1:1::66
+
+
+# RPKI-based Origin Validation
+# Do not announce INVALID to clients
+deny quick to 2001:db8:1:1::41 ext-community $INTCOMM_RPKI_INVALID
+
+# NO_EXPORT and NO_ADVERTISE communities
+# add_noexport_to_any
+match to 2001:db8:1:1::41 community 65507:999 set community NO_EXPORT
+match to 2001:db8:1:1::41 ext-community rt 65507:999 set community NO_EXPORT
+match to 2001:db8:1:1::41 large-community 999:65507:999 set community NO_EXPORT
+
+# add_noadvertise_to_any
+match to 2001:db8:1:1::41 community 65508:999 set community NO_ADVERTISE
+match to 2001:db8:1:1::41 ext-community rt 65508:999 set community NO_ADVERTISE
+match to 2001:db8:1:1::41 large-community 999:65508:999 set community NO_ADVERTISE
+
+# add_noexport_to_peer
+match to 2001:db8:1:1::41 community 65509:4 set community NO_EXPORT
+match to 2001:db8:1:1::41 ext-community rt 65509:4 set community NO_EXPORT
+match to 2001:db8:1:1::41 large-community 999:65509:4 set community NO_EXPORT
+
+# add_noadvertise_to_peer
+match to 2001:db8:1:1::41 community 65510:4 set community NO_ADVERTISE
+match to 2001:db8:1:1::41 ext-community rt 65510:4 set community NO_ADVERTISE
+match to 2001:db8:1:1::41 large-community 999:65510:4 set community NO_ADVERTISE
+
+
+# BGP control communities
+allow to 2001:db8:1:1::41
+
+# do_not_announce_to_any
+deny to 2001:db8:1:1::41 community 0:999
+deny to 2001:db8:1:1::41 ext-community rt 0:999
+deny to 2001:db8:1:1::41 large-community 999:0:999
+
+# do_not_announce_to_peer
+deny quick to 2001:db8:1:1::41 community 0:4
+deny quick to 2001:db8:1:1::41 ext-community rt 0:4
+deny quick to 2001:db8:1:1::41 large-community 999:0:4
+
+# announce_to_peer
+allow to 2001:db8:1:1::41 community 65501:4
+allow to 2001:db8:1:1::41 ext-community rt 65501:4
+allow to 2001:db8:1:1::41 large-community 999:65501:4
+
+
+# Add the $INTCOMM_PROCESS_PREPEND_COMMS ext community to signal that communities
+# for prepending can be processed. As soon as one prepending action is performed,
+# this internal community is removed, so that further actions are not processed.
+match to 2001:db8:1:1::41 set ext-community $INTCOMM_PROCESS_PREPEND_COMMS
+
+# prepend_once_to_peer AS4; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 65521:4 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 65521:4 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:65521:4 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+# prepend_twice_to_peer AS4; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 65522:4 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 65522:4 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:65522:4 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+# prepend_thrice_to_peer AS4; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 65523:4 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 65523:4 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:65523:4 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+
+# prepend_once_to_any; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 65521:65521 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 65521:65521 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:65521:65521 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+# prepend_twice_to_any; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 65522:65522 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 65522:65522 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:65522:65522 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+# prepend_thrice_to_any; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 65523:65523 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 65523:65523 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:65523:65523 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+
+
+
+# Scrub communities from outbound routes
+# add_noadvertise_to_any
+match to group clients set community delete 65508:999
+match to group clients set ext-community delete rt 65508:999
+match to group clients set large-community delete 999:65508:999
+
+# add_noadvertise_to_peer
+match to group clients set community delete 65510:*
+match to group clients set ext-community delete rt 65510:*
+match to group clients set large-community delete 999:65510:*
+
+# add_noexport_to_any
+match to group clients set community delete 65507:999
+match to group clients set ext-community delete rt 65507:999
+match to group clients set large-community delete 999:65507:999
+
+# add_noexport_to_peer
+match to group clients set community delete 65509:*
+match to group clients set ext-community delete rt 65509:*
+match to group clients set large-community delete 999:65509:*
+
+# announce_to_peer
+match to group clients set community delete 65501:*
+match to group clients set ext-community delete rt 65501:*
+match to group clients set large-community delete 999:65501:*
+
+# announce_to_peers_with_rtt_higher_than
+match to group clients set community delete 64533:*
+match to group clients set ext-community delete rt 64533:*
+match to group clients set large-community delete 999:64533:*
+
+# announce_to_peers_with_rtt_lower_than
+match to group clients set community delete 64532:*
+match to group clients set ext-community delete rt 64532:*
+match to group clients set large-community delete 999:64532:*
+
+# blackholing
+match to group clients set community delete 65534:0
+match to group clients set large-community delete 65534:0:0
+
+# do_not_announce_to_any
+match to group clients set community delete 0:999
+match to group clients set ext-community delete rt 0:999
+match to group clients set large-community delete 999:0:999
+
+# do_not_announce_to_peer
+match to group clients set community delete 0:*
+match to group clients set ext-community delete rt 0:*
+match to group clients set large-community delete 999:0:*
+
+# do_not_announce_to_peers_with_rtt_higher_than
+match to group clients set community delete 64531:*
+match to group clients set ext-community delete rt 64531:*
+match to group clients set large-community delete 999:64531:*
+
+# do_not_announce_to_peers_with_rtt_lower_than
+match to group clients set community delete 64530:*
+match to group clients set ext-community delete rt 64530:*
+match to group clients set large-community delete 999:64530:*
+
+# prepend_once_to_any
+match to group clients set community delete 65521:65521
+match to group clients set ext-community delete rt 65521:65521
+match to group clients set large-community delete 999:65521:65521
+
+# prepend_once_to_peer
+match to group clients set community delete 65521:*
+match to group clients set ext-community delete rt 65521:*
+match to group clients set large-community delete 999:65521:*
+
+# prepend_once_to_peers_with_rtt_higher_than
+match to group clients set community delete 64537:*
+match to group clients set ext-community delete rt 64537:*
+match to group clients set large-community delete 999:64537:*
+
+# prepend_once_to_peers_with_rtt_lower_than
+match to group clients set community delete 64534:*
+match to group clients set ext-community delete rt 64534:*
+match to group clients set large-community delete 999:64534:*
+
+# prepend_thrice_to_any
+match to group clients set community delete 65523:65523
+match to group clients set ext-community delete rt 65523:65523
+match to group clients set large-community delete 999:65523:65523
+
+# prepend_thrice_to_peer
+match to group clients set community delete 65523:*
+match to group clients set ext-community delete rt 65523:*
+match to group clients set large-community delete 999:65523:*
+
+# prepend_thrice_to_peers_with_rtt_higher_than
+match to group clients set community delete 64539:*
+match to group clients set ext-community delete rt 64539:*
+match to group clients set large-community delete 999:64539:*
+
+# prepend_thrice_to_peers_with_rtt_lower_than
+match to group clients set community delete 64536:*
+match to group clients set ext-community delete rt 64536:*
+match to group clients set large-community delete 999:64536:*
+
+# prepend_twice_to_any
+match to group clients set community delete 65522:65522
+match to group clients set ext-community delete rt 65522:65522
+match to group clients set large-community delete 999:65522:65522
+
+# prepend_twice_to_peer
+match to group clients set community delete 65522:*
+match to group clients set ext-community delete rt 65522:*
+match to group clients set large-community delete 999:65522:*
+
+# prepend_twice_to_peers_with_rtt_higher_than
+match to group clients set community delete 64538:*
+match to group clients set ext-community delete rt 64538:*
+match to group clients set large-community delete 999:64538:*
+
+# prepend_twice_to_peers_with_rtt_lower_than
+match to group clients set community delete 64535:*
+match to group clients set ext-community delete rt 64535:*
+match to group clients set large-community delete 999:64535:*
+
+# reject_cause
+match to group clients set community delete 65520:*
+
+# reject_cause_map_6
+match to group clients set large-community delete 999:1101:7
+
+# rejected_route_announced_by
+match to group clients set ext-community delete rt 65520:*
+
+
+# Scrub prepending communities
+match to group clients set {
+	community delete 65521:65521
+	ext-community delete rt 65521:65521
+	large-community delete 999:65521:65521
+
+}
+match to group clients set {
+	community delete 65521:*
+	ext-community delete rt 65521:*
+	large-community delete 999:65521:*
+
+}
+match to group clients set {
+	community delete 64537:*
+	ext-community delete rt 64537:*
+	large-community delete 999:64537:*
+
+}
+match to group clients set {
+	community delete 64534:*
+	ext-community delete rt 64534:*
+	large-community delete 999:64534:*
+
+}
+match to group clients set {
+	community delete 65523:65523
+	ext-community delete rt 65523:65523
+	large-community delete 999:65523:65523
+
+}
+match to group clients set {
+	community delete 65523:*
+	ext-community delete rt 65523:*
+	large-community delete 999:65523:*
+
+}
+match to group clients set {
+	community delete 64539:*
+	ext-community delete rt 64539:*
+	large-community delete 999:64539:*
+
+}
+match to group clients set {
+	community delete 64536:*
+	ext-community delete rt 64536:*
+	large-community delete 999:64536:*
+
+}
+match to group clients set {
+	community delete 65522:65522
+	ext-community delete rt 65522:65522
+	large-community delete 999:65522:65522
+
+}
+match to group clients set {
+	community delete 65522:*
+	ext-community delete rt 65522:*
+	large-community delete 999:65522:*
+
+}
+match to group clients set {
+	community delete 64538:*
+	ext-community delete rt 64538:*
+	large-community delete 999:64538:*
+
+}
+match to group clients set {
+	community delete 64535:*
+	ext-community delete rt 64535:*
+	large-community delete 999:64535:*
+
+}
+
+
+# RFC1997 NO_EXPORT/NO_ADVERTISE received from clients and propagated because of pass-through policy
+match to group clients ext-community $INTCOMM_NO_EXPORT set community NO_EXPORT
+match to group clients ext-community $INTCOMM_NO_ADVERTISE set community NO_ADVERTISE
+
+# Remove internal communities before announcing the route
+match to group clients set {
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+include "/etc/bgpd/post-filters.local"
+
+
diff --git a/tests/live_tests/scenarios/global/configs/BasicScenario_OpenBGPDIPv6/openbgpd76p.conf b/tests/live_tests/scenarios/global/configs/BasicScenario_OpenBGPDIPv6/openbgpd76p.conf
new file mode 100644
index 00000000..28ccbce0
--- /dev/null
+++ b/tests/live_tests/scenarios/global/configs/BasicScenario_OpenBGPDIPv6/openbgpd76p.conf
@@ -0,0 +1,10254 @@
+# built by ARouteServer
+AS 999
+router-id 192.0.2.2
+
+fib-update no
+log updates
+
+nexthop qualify via default
+
+rde evaluate all
+
+INTCOMM_PREF_OK_ROA="soo 65535:1"
+INTCOMM_ROUTE_OK_WL="soo 65535:2"
+INTCOMM_PREF_OK_ARINDB="soo 65535:3"
+INTCOMM_PREF_OK_REGISTROBRDB="soo 65535:12"
+
+INTCOMM_ORIGIN_OK="soo 65535:4"
+INTCOMM_ORIGIN_KO="soo 65535:5"
+INTCOMM_PREFIX_OK="soo 65535:6"
+INTCOMM_PREFIX_KO="soo 65535:7"
+INTCOMM_IRR_REJECT="soo 65535:8"
+
+INTCOMM_RPKI_UNKNOWN="soo 65535:9"
+INTCOMM_RPKI_INVALID="soo 65535:10"
+INTCOMM_RPKI_VALID="soo 65535:11"
+
+INTCOMM_PROCESS_PREPEND_COMMS="soo 65535:13"
+
+INTCOMM_NO_EXPORT="soo 65535:65281"
+INTCOMM_NO_ADVERTISE="soo 65535:65282"
+
+# ---------------------------------------------------------
+# IRRDB
+
+# AS222, used by client AS222_1, client AS222_2
+# no origin ASNs found for AS222
+# no prefixes found for AS222
+
+# AS2, used by client AS2_1, client AS2_2
+# no origin ASNs found for AS2
+# no prefixes found for AS2
+
+# AS-AS1, AS-AS1_CUSTOMERS, used by client AS1_1, client AS1_2, client AS1_3, client AS1_4
+as-set "AS_SET_AS_AS1_AS_AS1_CUSTOMERS_asns" {
+    1 101 103 104
+}
+prefix-set "AS_SET_AS_AS1_AS_AS1_CUSTOMERS_prefixes" {
+    2a01::/32 prefixlen 32 - 128
+    2a99::/16 prefixlen 16 - 128
+    3101::/32 prefixlen 32 - 128
+    3103::/32 prefixlen 32 - 128
+}
+
+# AS-AS2, AS-AS2_CUSTOMERS, used by client AS2_1, client AS2_2
+as-set "AS_SET_AS_AS2_AS_AS2_CUSTOMERS_asns" {
+    2 101 103
+}
+prefix-set "AS_SET_AS_AS2_AS_AS2_CUSTOMERS_prefixes" {
+    2a02::/32 prefixlen 32 - 128
+    3101::/32 prefixlen 32 - 128
+    3103::/32 prefixlen 32 - 128
+}
+
+# WHITE_LIST_AS1_2, used by client AS1_2 white list
+as-set "AS_SET_WHITE_LIST_AS1_2_asns" {
+    1011
+}
+prefix-set "AS_SET_WHITE_LIST_AS1_2_prefixes" {
+    11.1.0.0/16 prefixlen 16 - 32
+    2a11:1::/32 prefixlen 32 - 128
+}
+
+# AS-AS222, used by client AS222_1, client AS222_2
+as-set "AS_SET_AS_AS222_asns" {
+    333
+}
+prefix-set "AS_SET_AS_AS222_prefixes" {
+    3222::/32 prefixlen 32 - 128
+}
+
+# AS1, used by client AS1_1, client AS1_2, client AS1_3, client AS1_4
+# no origin ASNs found for AS1
+# no prefixes found for AS1
+
+# WHITE_LIST_AS1_1, used by client AS1_1 white list
+as-set "AS_SET_WHITE_LIST_AS1_1_asns" {
+    1011
+}
+prefix-set "AS_SET_WHITE_LIST_AS1_1_prefixes" {
+    11.1.0.0/16 prefixlen 16 - 32
+    2a11:1::/32 prefixlen 32 - 128
+}
+
+
+
+
+# ---------------------------------------------------------
+# MEMBERS
+
+group "clients" {
+
+	neighbor 192.0.2.11 {
+		remote-as 1
+
+		rde evaluate all
+
+		descr "AS1_1 client"
+		passive
+		ttl-security no
+		transparent-as yes
+		enforce neighbor-as no
+
+		announce as-4byte yes
+		announce IPv6 none
+		announce IPv4 unicast
+
+		set nexthop no-modify
+	}
+
+	# RTT: 0.1 ms (normalized value: 1)
+	neighbor 2001:db8:1:1::11 {
+		remote-as 1
+
+		rde evaluate all
+
+		descr "AS1_1 client"
+		passive
+		ttl-security no
+		transparent-as yes
+		enforce neighbor-as no
+
+		announce as-4byte yes
+		announce IPv6 unicast
+		announce IPv4 none
+
+		set nexthop no-modify
+	}
+
+	neighbor 192.0.2.12 {
+		remote-as 1
+
+		rde evaluate all
+
+		descr "AS1_2 client"
+		passive
+		ttl-security no
+		transparent-as yes
+		enforce neighbor-as no
+
+		announce as-4byte yes
+		announce IPv6 none
+		announce IPv4 unicast
+
+		set nexthop no-modify
+	}
+
+	# RTT: 5 ms (normalized value: 5)
+	neighbor 2001:db8:1:1::12 {
+		remote-as 1
+
+		rde evaluate all
+
+		descr "AS1_2 client"
+		passive
+		ttl-security no
+		transparent-as yes
+		enforce neighbor-as no
+
+		announce as-4byte yes
+		announce IPv6 unicast
+		announce IPv4 none
+
+		set nexthop no-modify
+	}
+
+	neighbor 192.0.2.222 {
+		remote-as 222
+
+		rde evaluate all
+
+		descr "AS222_1 client"
+		ttl-security no
+		transparent-as yes
+		enforce neighbor-as no
+
+		announce as-4byte yes
+		announce IPv6 none
+		announce IPv4 unicast
+
+		set nexthop no-modify
+	}
+
+	neighbor 2001:db8:1:1::222 {
+		remote-as 222
+
+		rde evaluate all
+
+		descr "AS222_1 client"
+		ttl-security no
+		transparent-as yes
+		enforce neighbor-as no
+
+		announce as-4byte yes
+		announce IPv6 unicast
+		announce IPv4 none
+
+		set nexthop no-modify
+	}
+
+	neighbor 192.0.2.21 {
+		remote-as 2
+
+		rde evaluate all
+
+		descr "AS2_1 client"
+		passive
+		ttl-security no
+		transparent-as yes
+		enforce neighbor-as no
+
+		announce as-4byte yes
+		announce IPv6 none
+		announce IPv4 unicast
+
+		set nexthop no-modify
+	}
+
+	# RTT: 17.3 ms (normalized value: 17)
+	neighbor 2001:db8:1:1::21 {
+		remote-as 2
+
+		rde evaluate all
+
+		descr "AS2_1 client"
+		passive
+		ttl-security no
+		transparent-as yes
+		enforce neighbor-as no
+
+		announce as-4byte yes
+		announce IPv6 unicast
+		announce IPv4 none
+
+		set nexthop no-modify
+	}
+
+	neighbor 192.0.2.31 {
+		remote-as 3
+
+		rde evaluate all
+
+		descr "AS3_1 client"
+		ttl-security no
+		transparent-as no
+		enforce neighbor-as no
+
+		announce as-4byte yes
+		announce IPv6 none
+		announce IPv4 unicast
+		announce add-path send best plus 5
+
+		set nexthop no-modify
+	}
+
+	# RTT: 123.8 ms (normalized value: 124)
+	neighbor 2001:db8:1:1::31 {
+		remote-as 3
+
+		rde evaluate all
+
+		descr "AS3_1 client"
+		ttl-security no
+		transparent-as no
+		enforce neighbor-as no
+
+		announce as-4byte yes
+		announce IPv6 unicast
+		announce IPv4 none
+		announce add-path send best plus 5
+
+		set nexthop no-modify
+	}
+
+	neighbor 192.0.2.41 {
+		remote-as 4
+
+		rde evaluate all
+
+		descr "AS4_1 client"
+		passive
+		ttl-security no
+		transparent-as yes
+		enforce neighbor-as no
+
+		announce as-4byte yes
+		announce IPv6 none
+		announce IPv4 unicast
+
+		set nexthop no-modify
+	}
+
+	# RTT: 600 ms (normalized value: 600)
+	neighbor 2001:db8:1:1::41 {
+		remote-as 4
+
+		rde evaluate all
+
+		descr "AS4_1 client"
+		passive
+		ttl-security no
+		transparent-as yes
+		enforce neighbor-as no
+
+		announce as-4byte yes
+		announce IPv6 unicast
+		announce IPv4 none
+
+		set nexthop no-modify
+	}
+}
+
+include "/etc/bgpd/post-clients.local"
+
+
+
+# ---------------------------------------------------------
+# FILTERS
+
+# NO_ADVERTISE usage notes.
+# The NO_ADVERTISE well-know community is used here to handle
+# filters that span over multiple steps. At first it is added
+# to any route, then it is removed as filters conditions are
+# satisfied. Finally, if it is still present, it means that
+# the route should be discarded.
+
+
+
+
+prefix-set "global_black_list_pref" {
+    192.0.2.0/24 prefixlen 24 - 32
+    2001:db8::/32 prefixlen 32 - 128
+
+}
+
+prefix-set "bogons" {
+    0.0.0.0/0
+    0.0.0.0/8 prefixlen 8 - 32
+    10.0.0.0/8 prefixlen 8 - 32
+    127.0.0.0/8 prefixlen 8 - 32
+    169.254.0.0/16 prefixlen 16 - 32
+    172.16.0.0/12 prefixlen 12 - 32
+    192.0.2.0/24 prefixlen 24 - 32
+    192.88.99.0/24 prefixlen 24 - 32
+    192.168.0.0/16 prefixlen 16 - 32
+    198.18.0.0/15 prefixlen 15 - 32
+    198.51.100.0/24 prefixlen 24 - 32
+    203.0.113.0/24 prefixlen 24 - 32
+    224.0.0.0/3 prefixlen 3 - 32
+    100.64.0.0/10 prefixlen 10 - 32
+    ::/0
+    ::/8 prefixlen 8 - 128
+    64:ff9b::/96 prefixlen 96 - 128
+    100::/8 prefixlen 8 - 128
+    200::/7 prefixlen 7 - 128
+    400::/6 prefixlen 6 - 128
+    800::/5 prefixlen 5 - 128
+    1000::/4 prefixlen 4 - 128
+    2001::/33 prefixlen 33 - 128
+    2001:0:8000::/33 prefixlen 33 - 128
+    2001:2::/48 prefixlen 48 - 128
+    2001:3::/32 prefixlen 32 - 128
+    2001:10::/28 prefixlen 28 - 128
+    2001:20::/28 prefixlen 28 - 128
+    2001:db8::/32 prefixlen 32 - 128
+    2002::/16 prefixlen 16 - 128
+    3ffe::/16 prefixlen 16 - 128
+    4000::/3 prefixlen 3 - 128
+    5f00::/8 prefixlen 8 - 128
+    6000::/3 prefixlen 3 - 128
+    8000::/3 prefixlen 3 - 128
+    a000::/3 prefixlen 3 - 128
+    c000::/3 prefixlen 3 - 128
+    e000::/4 prefixlen 4 - 128
+    f000::/5 prefixlen 5 - 128
+    f800::/6 prefixlen 6 - 128
+    fc00::/7 prefixlen 7 - 128
+    fe80::/10 prefixlen 10 - 128
+    fec0::/10 prefixlen 10 - 128
+    ff00::/8 prefixlen 8 - 128
+
+}
+
+# never via route-servers ASNs
+as-set "neverviarouteserver" {
+	666, 777
+}
+
+# =====================================================================================
+# Global rules.
+
+# This part of configuration is processed at the beginning of the filters.
+# The rules defined in this part are applied to all the clients, and not on a
+# client-by-client basis (see the 'match from group clients'), so only global policies
+# can be implemented here, that is no client-level configuration are allowed.
+
+
+
+# Scrub communities from inbound routes
+# origin_not_present_in_as_set
+match from group clients set community delete 65530:0
+match from group clients set large-community delete 999:65530:0
+
+# origin_present_in_as_set
+match from group clients set community delete 65530:1
+match from group clients set large-community delete 999:65530:1
+
+# prefix_validated_via_arin_whois_db_dump
+match from group clients set community delete 65530:3
+match from group clients set large-community delete 999:65530:3
+
+# prefix_validated_via_rpki_roas
+match from group clients set community delete 65530:2
+match from group clients set large-community delete 999:65530:2
+
+# reject_cause
+match from group clients set community delete 65520:*
+
+# reject_cause_map_6
+match from group clients set large-community delete 999:1101:7
+
+# rejected_route_announced_by
+match from group clients set ext-community delete rt 65520:*
+
+# rpki_bgp_origin_validation_not_performed
+match from group clients set community delete 65530:4
+match from group clients set large-community delete 999:65530:4
+
+
+# Scrub internal communities from inbound routes
+match from group clients set {
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+# The main goal of this block is to enrich routes received from clients by attaching to them
+# internal informational communities which are used later by the rest of the filter rules.
+
+# Internal communities used for RFC1997 well-known communities handling
+
+# Transform NO_EXPORT into $INTCOMM_NO_EXPORT
+match from group clients community NO_EXPORT set { ext-community $INTCOMM_NO_EXPORT community delete NO_EXPORT }
+
+# Transform NO_ADVERTISE into $INTCOMM_NO_ADVERTISE
+match from group clients community NO_ADVERTISE set { ext-community $INTCOMM_NO_ADVERTISE community delete NO_ADVERTISE }
+
+
+# ---------------------------------------------------------
+# ROAs source
+
+
+roa-set {
+    101.3.0.0/16 maxlen 24 source-as 105 expires 4102444799
+    101.2.0.0/17 source-as 101 expires 4102444799
+    101.2.128.0/17 maxlen 24 source-as 101 expires 4102444799
+    101.0.128.0/20 maxlen 23 source-as 101 expires 4102444799
+    101.0.8.0/24 source-as 101 expires 4102444799
+    101.0.9.0/24 source-as 102 expires 4102444799
+    222.1.1.0/24 source-as 333 expires 4102444799
+    3101:3::/32 maxlen 48 source-as 105 expires 4102444799
+    3101:0:8000::/33 maxlen 34 source-as 101 expires 4102444799
+    3101:2:8000::/33 maxlen 48 source-as 101 expires 4102444799
+    3101:2::/33 source-as 101 expires 4102444799
+    3101:0:8::/48 source-as 101 expires 4102444799
+    3101:0:9::/48 source-as 102 expires 4102444799
+    3222:0:1::/48 source-as 333 expires 4102444799
+
+}
+
+
+
+# ---------------------------------------------------------
+# RPKI-based Origin Validation
+
+
+# Add $INTCOMM_RPKI_UNKNOWN, $INTCOMM_RPKI_INVALID and $INTCOMM_RPKI_VALID
+# ext community on the basis of ovs.
+match from group clients ovs not-found set {
+    ext-community $INTCOMM_RPKI_UNKNOWN
+    ext-community ovs not-found
+    
+}
+match from group clients ovs valid set {
+    ext-community $INTCOMM_RPKI_VALID
+    ext-community ovs valid
+    
+}
+match from group clients ovs invalid set {
+    ext-community $INTCOMM_RPKI_INVALID
+    ext-community ovs invalid
+    
+}
+
+
+
+# ---------------------------------------------------------
+# RPKI ROAs used as route objects.
+
+# Add the $INTCOMM_PREF_OK_ROA ext community to routes whose
+# origin ASN has a ROA for the announced prefix.
+# It will be used later during IRRDB validation in
+# case the origin ASN is authorized by a client's
+# AS-SET but the prefix is not.
+
+# Since RPKI-based Origin Validation is already performed above,
+# use the origin validation state to identify valid routes.
+match from group clients ovs valid set ext-community $INTCOMM_PREF_OK_ROA
+
+
+# ARIN Whois records used for preifx validation
+# ---------------------------------------------
+
+# Add the $INTCOMM_PREF_OK_ARINDB ext community to routes whose
+# origin ASN has an ARIN Whois record for the announced prefix.
+# It will be used later during IRRDB validation in
+# case the origin ASN is authorized by a client's
+# AS-SET but the prefix is not.
+origin-set "ARINDB" {
+104.0.0.0/23 prefixlen 23 - 32 source-as 104
+3104::/32 prefixlen 32 - 128 source-as 104
+}
+match from group clients origin-set ARINDB set ext-community $INTCOMM_PREF_OK_ARINDB
+
+# NIC.BR Whois records used for preifx validation
+# -----------------------------------------------
+
+# Add the $INTCOMM_PREF_OK_REGISTROBRDB ext community to routes whose
+# origin ASN has a NIC.BR Whois record for the announced prefix.
+# It will be used later during IRRDB validation in
+# case the origin ASN is authorized by a client's
+# AS-SET but the prefix is not.
+origin-set "REGISTROBRDB" {
+104.1.1.0/24 prefixlen 24 - 32 source-as 104
+3104:1:1::/48 prefixlen 48 - 128 source-as 104
+}
+match from group clients origin-set REGISTROBRDB set ext-community $INTCOMM_PREF_OK_REGISTROBRDB
+
+
+
+# Set the 'rejected_route_announced_by' community for all the clients.
+# It will be removed later if the route is not invalid
+match from 192.0.2.11 set ext-community rt 65520:1
+
+match from 2001:db8:1:1::11 set ext-community rt 65520:1
+
+match from 192.0.2.12 set ext-community rt 65520:1
+
+match from 2001:db8:1:1::12 set ext-community rt 65520:1
+
+match from 192.0.2.222 set ext-community rt 65520:222
+
+match from 2001:db8:1:1::222 set ext-community rt 65520:222
+
+match from 192.0.2.21 set ext-community rt 65520:2
+
+match from 2001:db8:1:1::21 set ext-community rt 65520:2
+
+match from 192.0.2.31 set ext-community rt 65520:3
+
+match from 2001:db8:1:1::31 set ext-community rt 65520:3
+
+match from 192.0.2.41 set ext-community rt 65520:4
+
+match from 2001:db8:1:1::41 set ext-community rt 65520:4
+
+
+
+
+# AS_PATH: length
+# Reject inbound routes when 'from group clients max-as-len 6' - reject code: 1
+allow quick from group clients max-as-len 6 set {
+	localpref 1
+	community 65520:0
+	community 65520:1
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# Prefix: global blacklist
+# Reject inbound routes when 'from group clients prefix-set global_black_list_pref' - reject code: 3
+allow quick from group clients prefix-set global_black_list_pref set {
+	localpref 1
+	community 65520:0
+	community 65520:3
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# Prefix: only IPv6 Global Unicast space allowed
+match from group clients inet6 set community NO_ADVERTISE
+match from group clients prefix 2000::/3 or-longer set community delete NO_ADVERTISE
+# Reject inbound routes when 'from group clients community NO_ADVERTISE' - reject code: 10
+allow quick from group clients community NO_ADVERTISE set {
+	localpref 1
+	community 65520:0
+	community 65520:10
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# Prefix: bogon
+# Reject inbound routes when 'from group clients prefix-set bogons' - reject code: 2
+allow quick from group clients prefix-set bogons set {
+	localpref 1
+	community 65520:0
+	community 65520:2
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+
+# =====================================================================================
+# Per client rules.
+
+
+# ---------------------------------------------
+# client AS1_1, inbound
+
+
+
+# NEXT_HOP
+match from 192.0.2.11 set community NO_ADVERTISE
+match from 192.0.2.11 nexthop 192.0.2.11 set community delete NO_ADVERTISE
+# Reject inbound routes when 'from 192.0.2.11 community NO_ADVERTISE' - reject code: 5
+allow quick from 192.0.2.11 community NO_ADVERTISE set {
+	localpref 1
+	community 65520:0
+	community 65520:5
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: left-most ASN
+# Reject inbound routes when 'from 192.0.2.11 peer-as != 1' - reject code: 6
+# community from reject_cause_map
+allow quick from 192.0.2.11 peer-as != 1 set {
+	localpref 1
+	community 65520:0
+	community 65520:6
+	large-community 999:1101:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: invalid ASNs
+# Reject inbound routes when 'from 192.0.2.11 AS 23456' - reject code: 7
+allow quick from 192.0.2.11 AS 23456 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 192.0.2.11 AS 64496 - 131071' - reject code: 7
+allow quick from 192.0.2.11 AS 64496 - 131071 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 192.0.2.11 AS 4200000000 - 4294967295' - reject code: 7
+allow quick from 192.0.2.11 AS 4200000000 - 4294967295 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: transit-free ASNs
+# Reject inbound routes when 'from 192.0.2.11 AS { 3, 174 }' - reject code: 8
+allow quick from 192.0.2.11 AS { 3, 174 } set {
+	localpref 1
+	community 65520:0
+	community 65520:8
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: never via route-servers ASNs
+# Reject inbound routes when 'from 192.0.2.11 AS as-set neverviarouteserver' - reject code: 15
+allow quick from 192.0.2.11 AS as-set neverviarouteserver set {
+	localpref 1
+	community 65520:0
+	community 65520:15
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# client's white list
+# Add the $INTCOMM_ROUTE_OK_WL ext community to routes which
+# are validated by a client's white list entry.
+# It will be used later during IRRDB validation in
+# case the route is not authorized by a client's
+# AS-SET.
+match from 192.0.2.11 prefix 11.3.0.0/16 source-as 1011 set ext-community $INTCOMM_ROUTE_OK_WL	# None
+match from 192.0.2.11 prefix 11.4.0.0/16 prefixlen 16 - 32 set ext-community $INTCOMM_ROUTE_OK_WL	# None
+match from 192.0.2.11 prefix 2a11:3::/32 source-as 1011 set ext-community $INTCOMM_ROUTE_OK_WL	# None
+match from 192.0.2.11 prefix 2a11:4::/32 prefixlen 32 - 128 set ext-community $INTCOMM_ROUTE_OK_WL	# None
+
+match from 192.0.2.11 set ext-community $INTCOMM_IRR_REJECT
+
+# AS_PATH: check origin via AS-SET
+# IRRDB filters for AS1_1, AS1: asns
+# add $INTCOMM_ORIGIN_KO to any; it will be removed later if at least one AS-SET authorizes this object
+match from 192.0.2.11 set ext-community $INTCOMM_ORIGIN_KO
+# verifying if object is authorized by AS-SETs
+match from 192.0.2.11 source-as as-set AS_SET_AS_AS1_AS_AS1_CUSTOMERS_asns set {
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community $INTCOMM_ORIGIN_OK
+} # AS_AS1_AS_AS1_CUSTOMERS
+# AS-SET AS1 referenced but empty.
+match from 192.0.2.11 source-as as-set AS_SET_WHITE_LIST_AS1_1_asns set {
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community $INTCOMM_ORIGIN_OK
+} # WHITE_LIST_AS1_1
+
+
+# Prefix: check prefix via AS-SET
+# IRRDB filters for AS1_1, AS1: prefixes
+# add $INTCOMM_PREFIX_KO to any; it will be removed later if at least one AS-SET authorizes this object
+match from 192.0.2.11 set ext-community $INTCOMM_PREFIX_KO
+# verifying if object is authorized by AS-SETs
+match from 192.0.2.11 prefix-set AS_SET_AS_AS1_AS_AS1_CUSTOMERS_prefixes set {
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community $INTCOMM_PREFIX_OK
+} # AS_AS1_AS_AS1_CUSTOMERS
+# AS-SET AS1 referenced but empty.
+match from 192.0.2.11 prefix-set AS_SET_WHITE_LIST_AS1_1_prefixes set {
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community $INTCOMM_PREFIX_OK
+} # WHITE_LIST_AS1_1
+
+
+# routes tagged with $INTCOMM_PREF_OK_ROA community have the prefix validated by a ROA; origin ASN previously validated ($INTCOMM_ORIGIN_OK)
+match from 192.0.2.11 ext-community $INTCOMM_ORIGIN_OK ext-community $INTCOMM_PREF_OK_ROA set ext-community delete $INTCOMM_IRR_REJECT
+
+# routes tagged with $INTCOMM_PREF_OK_ARINDB community have the prefix validated by an ARIN Whois record; origin ASN previously validated ($INTCOMM_ORIGIN_OK)
+match from 192.0.2.11 ext-community $INTCOMM_ORIGIN_OK ext-community $INTCOMM_PREF_OK_ARINDB set ext-community delete $INTCOMM_IRR_REJECT
+
+# routes tagged with $INTCOMM_PREF_OK_REGISTROBRDB community have the prefix validated by a NICBR Whois record; origin ASN previously validated ($INTCOMM_ORIGIN_OK)
+match from 192.0.2.11 ext-community $INTCOMM_ORIGIN_OK ext-community $INTCOMM_PREF_OK_REGISTROBRDB set ext-community delete $INTCOMM_IRR_REJECT
+
+# route authorized by a client's white list?
+match from 192.0.2.11 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_ROUTE_OK_WL set ext-community delete $INTCOMM_IRR_REJECT
+
+# enforcing: origin ASN
+# Reject inbound routes when 'from 192.0.2.11 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_ORIGIN_KO' - reject code: 9
+allow quick from 192.0.2.11 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_ORIGIN_KO set {
+	localpref 1
+	community 65520:0
+	community 65520:9
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# enforcing: prefix
+# Reject inbound routes when 'from 192.0.2.11 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_PREFIX_KO' - reject code: 12
+allow quick from 192.0.2.11 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_PREFIX_KO set {
+	localpref 1
+	community 65520:0
+	community 65520:12
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# Blackhole request?
+match from 192.0.2.11 set ext-community delete rt 65520:1
+
+
+# Remove internal communities before accepting the route
+match from 192.0.2.11 community BLACKHOLE set {
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+allow from 192.0.2.11 community 65534:0 set {
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+allow from 192.0.2.11 large-community 65534:0:0 set {
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# Add the rpki_bgp_origin_validation_not_performed community
+match from 192.0.2.11 community BLACKHOLE set community 65530:4
+match from 192.0.2.11 community BLACKHOLE set large-community 999:65530:4
+
+match from 192.0.2.11 community 65534:0 set { community 65530:4 large-community 999:65530:4}
+match from 192.0.2.11 large-community 65534:0:0 set { community 65530:4 large-community 999:65530:4}
+
+
+allow quick from 192.0.2.11 community BLACKHOLE
+allow quick from 192.0.2.11 community 65534:0
+allow quick from 192.0.2.11 large-community 65534:0:0
+
+
+match from 192.0.2.11 set ext-community rt 65520:1
+
+
+# RPKI-based Origin Validation
+# Reject inbound routes when 'from 192.0.2.11 ext-community $INTCOMM_RPKI_INVALID' - reject code: 14
+allow quick from 192.0.2.11 ext-community $INTCOMM_RPKI_INVALID set {
+	localpref 1
+	community 65520:0
+	community 65520:14
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# Prefix: length
+# Reject inbound routes when 'from 192.0.2.11 prefix 0.0.0.0/0 prefixlen 8 >< 24' - reject code: 13
+allow quick from 192.0.2.11 prefix 0.0.0.0/0 prefixlen 8 >< 24 set {
+	localpref 1
+	community 65520:0
+	community 65520:13
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# Graceful shutdown
+match from 192.0.2.11 community GRACEFUL_SHUTDOWN set localpref 5
+
+# Remove internal communities before accepting the route
+match from 192.0.2.11 set {
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+match from 192.0.2.11 set ext-community delete rt 65520:1
+
+
+
+allow quick from 192.0.2.11
+
+
+
+# ---------------------------------------------
+# client AS1_1, outbound
+
+deny quick to 192.0.2.11 community 65520:0
+
+
+
+# Blackhole request?
+# Configured policy: rewrite-next-hop
+match to 192.0.2.11 community 65534:0 set community BLACKHOLE
+match to 192.0.2.11 large-community 65534:0:0 set community BLACKHOLE
+
+match to 192.0.2.11 community BLACKHOLE set community NO_EXPORT
+match to 192.0.2.11 community BLACKHOLE set nexthop 192.0.2.66
+
+
+# RPKI-based Origin Validation
+# Do not announce INVALID to clients
+deny quick to 192.0.2.11 ext-community $INTCOMM_RPKI_INVALID
+
+# NO_EXPORT and NO_ADVERTISE communities
+# add_noexport_to_any
+match to 192.0.2.11 community 65507:999 set community NO_EXPORT
+match to 192.0.2.11 ext-community rt 65507:999 set community NO_EXPORT
+match to 192.0.2.11 large-community 999:65507:999 set community NO_EXPORT
+
+# add_noadvertise_to_any
+match to 192.0.2.11 community 65508:999 set community NO_ADVERTISE
+match to 192.0.2.11 ext-community rt 65508:999 set community NO_ADVERTISE
+match to 192.0.2.11 large-community 999:65508:999 set community NO_ADVERTISE
+
+# add_noexport_to_peer
+match to 192.0.2.11 community 65509:1 set community NO_EXPORT
+match to 192.0.2.11 ext-community rt 65509:1 set community NO_EXPORT
+match to 192.0.2.11 large-community 999:65509:1 set community NO_EXPORT
+
+# add_noadvertise_to_peer
+match to 192.0.2.11 community 65510:1 set community NO_ADVERTISE
+match to 192.0.2.11 ext-community rt 65510:1 set community NO_ADVERTISE
+match to 192.0.2.11 large-community 999:65510:1 set community NO_ADVERTISE
+
+
+# BGP control communities
+allow to 192.0.2.11
+
+# do_not_announce_to_any
+deny to 192.0.2.11 community 0:999
+deny to 192.0.2.11 ext-community rt 0:999
+deny to 192.0.2.11 large-community 999:0:999
+
+# do_not_announce_to_peer
+deny quick to 192.0.2.11 community 0:1
+deny quick to 192.0.2.11 ext-community rt 0:1
+deny quick to 192.0.2.11 large-community 999:0:1
+
+# announce_to_peer
+allow to 192.0.2.11 community 65501:1
+allow to 192.0.2.11 ext-community rt 65501:1
+allow to 192.0.2.11 large-community 999:65501:1
+
+
+# Add the $INTCOMM_PROCESS_PREPEND_COMMS ext community to signal that communities
+# for prepending can be processed. As soon as one prepending action is performed,
+# this internal community is removed, so that further actions are not processed.
+match to 192.0.2.11 set ext-community $INTCOMM_PROCESS_PREPEND_COMMS
+
+# prepend_once_to_peer AS1; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 65521:1 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 65521:1 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:65521:1 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+# prepend_twice_to_peer AS1; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 65522:1 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 65522:1 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:65522:1 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+# prepend_thrice_to_peer AS1; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 65523:1 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 65523:1 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:65523:1 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+
+# prepend_once_to_any; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 65521:65521 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 65521:65521 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:65521:65521 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+# prepend_twice_to_any; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 65522:65522 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 65522:65522 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:65522:65522 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+# prepend_thrice_to_any; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 65523:65523 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 65523:65523 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:65523:65523 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+
+# ---------------------------------------------
+# client AS1_2, inbound
+
+
+
+# NEXT_HOP
+match from 2001:db8:1:1::11 set community NO_ADVERTISE
+match from 2001:db8:1:1::11 nexthop 2001:db8:1:1::11 set community delete NO_ADVERTISE
+# Reject inbound routes when 'from 2001:db8:1:1::11 community NO_ADVERTISE' - reject code: 5
+allow quick from 2001:db8:1:1::11 community NO_ADVERTISE set {
+	localpref 1
+	community 65520:0
+	community 65520:5
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: left-most ASN
+# Reject inbound routes when 'from 2001:db8:1:1::11 peer-as != 1' - reject code: 6
+# community from reject_cause_map
+allow quick from 2001:db8:1:1::11 peer-as != 1 set {
+	localpref 1
+	community 65520:0
+	community 65520:6
+	large-community 999:1101:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: invalid ASNs
+# Reject inbound routes when 'from 2001:db8:1:1::11 AS 23456' - reject code: 7
+allow quick from 2001:db8:1:1::11 AS 23456 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 2001:db8:1:1::11 AS 64496 - 131071' - reject code: 7
+allow quick from 2001:db8:1:1::11 AS 64496 - 131071 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 2001:db8:1:1::11 AS 4200000000 - 4294967295' - reject code: 7
+allow quick from 2001:db8:1:1::11 AS 4200000000 - 4294967295 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: transit-free ASNs
+# Reject inbound routes when 'from 2001:db8:1:1::11 AS { 3, 174 }' - reject code: 8
+allow quick from 2001:db8:1:1::11 AS { 3, 174 } set {
+	localpref 1
+	community 65520:0
+	community 65520:8
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: never via route-servers ASNs
+# Reject inbound routes when 'from 2001:db8:1:1::11 AS as-set neverviarouteserver' - reject code: 15
+allow quick from 2001:db8:1:1::11 AS as-set neverviarouteserver set {
+	localpref 1
+	community 65520:0
+	community 65520:15
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# client's white list
+# Add the $INTCOMM_ROUTE_OK_WL ext community to routes which
+# are validated by a client's white list entry.
+# It will be used later during IRRDB validation in
+# case the route is not authorized by a client's
+# AS-SET.
+match from 2001:db8:1:1::11 prefix 11.3.0.0/16 source-as 1011 set ext-community $INTCOMM_ROUTE_OK_WL	# None
+match from 2001:db8:1:1::11 prefix 11.4.0.0/16 prefixlen 16 - 32 set ext-community $INTCOMM_ROUTE_OK_WL	# None
+match from 2001:db8:1:1::11 prefix 2a11:3::/32 source-as 1011 set ext-community $INTCOMM_ROUTE_OK_WL	# None
+match from 2001:db8:1:1::11 prefix 2a11:4::/32 prefixlen 32 - 128 set ext-community $INTCOMM_ROUTE_OK_WL	# None
+
+match from 2001:db8:1:1::11 set ext-community $INTCOMM_IRR_REJECT
+
+# AS_PATH: check origin via AS-SET
+# IRRDB filters for AS1_2, AS1: asns
+# add $INTCOMM_ORIGIN_KO to any; it will be removed later if at least one AS-SET authorizes this object
+match from 2001:db8:1:1::11 set ext-community $INTCOMM_ORIGIN_KO
+# verifying if object is authorized by AS-SETs
+match from 2001:db8:1:1::11 source-as as-set AS_SET_AS_AS1_AS_AS1_CUSTOMERS_asns set {
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community $INTCOMM_ORIGIN_OK
+} # AS_AS1_AS_AS1_CUSTOMERS
+match from 2001:db8:1:1::11 source-as as-set AS_SET_WHITE_LIST_AS1_2_asns set {
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community $INTCOMM_ORIGIN_OK
+} # WHITE_LIST_AS1_2
+# AS-SET AS1 referenced but empty.
+
+
+# Prefix: check prefix via AS-SET
+# IRRDB filters for AS1_2, AS1: prefixes
+# add $INTCOMM_PREFIX_KO to any; it will be removed later if at least one AS-SET authorizes this object
+match from 2001:db8:1:1::11 set ext-community $INTCOMM_PREFIX_KO
+# verifying if object is authorized by AS-SETs
+match from 2001:db8:1:1::11 prefix-set AS_SET_AS_AS1_AS_AS1_CUSTOMERS_prefixes set {
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community $INTCOMM_PREFIX_OK
+} # AS_AS1_AS_AS1_CUSTOMERS
+match from 2001:db8:1:1::11 prefix-set AS_SET_WHITE_LIST_AS1_2_prefixes set {
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community $INTCOMM_PREFIX_OK
+} # WHITE_LIST_AS1_2
+# AS-SET AS1 referenced but empty.
+
+
+# routes tagged with $INTCOMM_PREF_OK_ROA community have the prefix validated by a ROA; origin ASN previously validated ($INTCOMM_ORIGIN_OK)
+match from 2001:db8:1:1::11 ext-community $INTCOMM_ORIGIN_OK ext-community $INTCOMM_PREF_OK_ROA set ext-community delete $INTCOMM_IRR_REJECT
+
+# routes tagged with $INTCOMM_PREF_OK_ARINDB community have the prefix validated by an ARIN Whois record; origin ASN previously validated ($INTCOMM_ORIGIN_OK)
+match from 2001:db8:1:1::11 ext-community $INTCOMM_ORIGIN_OK ext-community $INTCOMM_PREF_OK_ARINDB set ext-community delete $INTCOMM_IRR_REJECT
+
+# routes tagged with $INTCOMM_PREF_OK_REGISTROBRDB community have the prefix validated by a NICBR Whois record; origin ASN previously validated ($INTCOMM_ORIGIN_OK)
+match from 2001:db8:1:1::11 ext-community $INTCOMM_ORIGIN_OK ext-community $INTCOMM_PREF_OK_REGISTROBRDB set ext-community delete $INTCOMM_IRR_REJECT
+
+# route authorized by a client's white list?
+match from 2001:db8:1:1::11 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_ROUTE_OK_WL set ext-community delete $INTCOMM_IRR_REJECT
+
+# enforcing: origin ASN
+# Reject inbound routes when 'from 2001:db8:1:1::11 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_ORIGIN_KO' - reject code: 9
+allow quick from 2001:db8:1:1::11 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_ORIGIN_KO set {
+	localpref 1
+	community 65520:0
+	community 65520:9
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# enforcing: prefix
+# Reject inbound routes when 'from 2001:db8:1:1::11 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_PREFIX_KO' - reject code: 12
+allow quick from 2001:db8:1:1::11 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_PREFIX_KO set {
+	localpref 1
+	community 65520:0
+	community 65520:12
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# Blackhole request?
+match from 2001:db8:1:1::11 set ext-community delete rt 65520:1
+
+
+# Remove internal communities before accepting the route
+match from 2001:db8:1:1::11 community BLACKHOLE set {
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+allow from 2001:db8:1:1::11 community 65534:0 set {
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+allow from 2001:db8:1:1::11 large-community 65534:0:0 set {
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# Add the rpki_bgp_origin_validation_not_performed community
+match from 2001:db8:1:1::11 community BLACKHOLE set community 65530:4
+match from 2001:db8:1:1::11 community BLACKHOLE set large-community 999:65530:4
+
+match from 2001:db8:1:1::11 community 65534:0 set { community 65530:4 large-community 999:65530:4}
+match from 2001:db8:1:1::11 large-community 65534:0:0 set { community 65530:4 large-community 999:65530:4}
+
+
+allow quick from 2001:db8:1:1::11 community BLACKHOLE
+allow quick from 2001:db8:1:1::11 community 65534:0
+allow quick from 2001:db8:1:1::11 large-community 65534:0:0
+
+
+match from 2001:db8:1:1::11 set ext-community rt 65520:1
+
+
+# RPKI-based Origin Validation
+# Reject inbound routes when 'from 2001:db8:1:1::11 ext-community $INTCOMM_RPKI_INVALID' - reject code: 14
+allow quick from 2001:db8:1:1::11 ext-community $INTCOMM_RPKI_INVALID set {
+	localpref 1
+	community 65520:0
+	community 65520:14
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# Prefix: length
+# Reject inbound routes when 'from 2001:db8:1:1::11 prefix ::/0 prefixlen 17 >< 48' - reject code: 13
+allow quick from 2001:db8:1:1::11 prefix ::/0 prefixlen 17 >< 48 set {
+	localpref 1
+	community 65520:0
+	community 65520:13
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# Graceful shutdown
+match from 2001:db8:1:1::11 community GRACEFUL_SHUTDOWN set localpref 5
+
+# Remove internal communities before accepting the route
+match from 2001:db8:1:1::11 set {
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+match from 2001:db8:1:1::11 set ext-community delete rt 65520:1
+
+
+
+allow quick from 2001:db8:1:1::11
+
+
+
+# ---------------------------------------------
+# client AS1_2, outbound
+
+deny quick to 2001:db8:1:1::11 community 65520:0
+
+
+
+# Blackhole request?
+# Configured policy: rewrite-next-hop
+match to 2001:db8:1:1::11 community 65534:0 set community BLACKHOLE
+match to 2001:db8:1:1::11 large-community 65534:0:0 set community BLACKHOLE
+
+match to 2001:db8:1:1::11 community BLACKHOLE set community NO_EXPORT
+match to 2001:db8:1:1::11 community BLACKHOLE set nexthop 2001:db8:1:1::66
+
+
+# RPKI-based Origin Validation
+# Do not announce INVALID to clients
+deny quick to 2001:db8:1:1::11 ext-community $INTCOMM_RPKI_INVALID
+
+# NO_EXPORT and NO_ADVERTISE communities
+# add_noexport_to_any
+match to 2001:db8:1:1::11 community 65507:999 set community NO_EXPORT
+match to 2001:db8:1:1::11 ext-community rt 65507:999 set community NO_EXPORT
+match to 2001:db8:1:1::11 large-community 999:65507:999 set community NO_EXPORT
+
+# add_noadvertise_to_any
+match to 2001:db8:1:1::11 community 65508:999 set community NO_ADVERTISE
+match to 2001:db8:1:1::11 ext-community rt 65508:999 set community NO_ADVERTISE
+match to 2001:db8:1:1::11 large-community 999:65508:999 set community NO_ADVERTISE
+
+# add_noexport_to_peer
+match to 2001:db8:1:1::11 community 65509:1 set community NO_EXPORT
+match to 2001:db8:1:1::11 ext-community rt 65509:1 set community NO_EXPORT
+match to 2001:db8:1:1::11 large-community 999:65509:1 set community NO_EXPORT
+
+# add_noadvertise_to_peer
+match to 2001:db8:1:1::11 community 65510:1 set community NO_ADVERTISE
+match to 2001:db8:1:1::11 ext-community rt 65510:1 set community NO_ADVERTISE
+match to 2001:db8:1:1::11 large-community 999:65510:1 set community NO_ADVERTISE
+
+
+# BGP control communities
+allow to 2001:db8:1:1::11
+
+# do_not_announce_to_any
+deny to 2001:db8:1:1::11 community 0:999
+deny to 2001:db8:1:1::11 ext-community rt 0:999
+deny to 2001:db8:1:1::11 large-community 999:0:999
+
+# do_not_announce_to_peer
+deny quick to 2001:db8:1:1::11 community 0:1
+deny quick to 2001:db8:1:1::11 ext-community rt 0:1
+deny quick to 2001:db8:1:1::11 large-community 999:0:1
+
+# do_not_announce_to_peers_with_rtt_lower_than 5 ms
+deny to 2001:db8:1:1::11 community 64530:5
+deny to 2001:db8:1:1::11 ext-community rt 64530:5
+deny to 2001:db8:1:1::11 large-community 999:64530:5
+
+
+# do_not_announce_to_peers_with_rtt_lower_than 10 ms
+deny to 2001:db8:1:1::11 community 64530:10
+deny to 2001:db8:1:1::11 ext-community rt 64530:10
+deny to 2001:db8:1:1::11 large-community 999:64530:10
+
+
+# do_not_announce_to_peers_with_rtt_lower_than 15 ms
+deny to 2001:db8:1:1::11 community 64530:15
+deny to 2001:db8:1:1::11 ext-community rt 64530:15
+deny to 2001:db8:1:1::11 large-community 999:64530:15
+
+
+# do_not_announce_to_peers_with_rtt_lower_than 20 ms
+deny to 2001:db8:1:1::11 community 64530:20
+deny to 2001:db8:1:1::11 ext-community rt 64530:20
+deny to 2001:db8:1:1::11 large-community 999:64530:20
+
+
+# do_not_announce_to_peers_with_rtt_lower_than 30 ms
+deny to 2001:db8:1:1::11 community 64530:30
+deny to 2001:db8:1:1::11 ext-community rt 64530:30
+deny to 2001:db8:1:1::11 large-community 999:64530:30
+
+
+# do_not_announce_to_peers_with_rtt_lower_than 50 ms
+deny to 2001:db8:1:1::11 community 64530:50
+deny to 2001:db8:1:1::11 ext-community rt 64530:50
+deny to 2001:db8:1:1::11 large-community 999:64530:50
+
+
+# do_not_announce_to_peers_with_rtt_lower_than 100 ms
+deny to 2001:db8:1:1::11 community 64530:100
+deny to 2001:db8:1:1::11 ext-community rt 64530:100
+deny to 2001:db8:1:1::11 large-community 999:64530:100
+
+
+# do_not_announce_to_peers_with_rtt_lower_than 200 ms
+deny to 2001:db8:1:1::11 community 64530:200
+deny to 2001:db8:1:1::11 ext-community rt 64530:200
+deny to 2001:db8:1:1::11 large-community 999:64530:200
+
+
+# do_not_announce_to_peers_with_rtt_lower_than 500 ms
+deny to 2001:db8:1:1::11 community 64530:500
+deny to 2001:db8:1:1::11 ext-community rt 64530:500
+deny to 2001:db8:1:1::11 large-community 999:64530:500
+
+
+# announce_to_peers_with_rtt_lower_than 5 ms
+allow to 2001:db8:1:1::11 community 64532:5
+allow to 2001:db8:1:1::11 ext-community rt 64532:5
+allow to 2001:db8:1:1::11 large-community 999:64532:5
+
+
+# announce_to_peers_with_rtt_lower_than 10 ms
+allow to 2001:db8:1:1::11 community 64532:10
+allow to 2001:db8:1:1::11 ext-community rt 64532:10
+allow to 2001:db8:1:1::11 large-community 999:64532:10
+
+
+# announce_to_peers_with_rtt_lower_than 15 ms
+allow to 2001:db8:1:1::11 community 64532:15
+allow to 2001:db8:1:1::11 ext-community rt 64532:15
+allow to 2001:db8:1:1::11 large-community 999:64532:15
+
+
+# announce_to_peers_with_rtt_lower_than 20 ms
+allow to 2001:db8:1:1::11 community 64532:20
+allow to 2001:db8:1:1::11 ext-community rt 64532:20
+allow to 2001:db8:1:1::11 large-community 999:64532:20
+
+
+# announce_to_peers_with_rtt_lower_than 30 ms
+allow to 2001:db8:1:1::11 community 64532:30
+allow to 2001:db8:1:1::11 ext-community rt 64532:30
+allow to 2001:db8:1:1::11 large-community 999:64532:30
+
+
+# announce_to_peers_with_rtt_lower_than 50 ms
+allow to 2001:db8:1:1::11 community 64532:50
+allow to 2001:db8:1:1::11 ext-community rt 64532:50
+allow to 2001:db8:1:1::11 large-community 999:64532:50
+
+
+# announce_to_peers_with_rtt_lower_than 100 ms
+allow to 2001:db8:1:1::11 community 64532:100
+allow to 2001:db8:1:1::11 ext-community rt 64532:100
+allow to 2001:db8:1:1::11 large-community 999:64532:100
+
+
+# announce_to_peers_with_rtt_lower_than 200 ms
+allow to 2001:db8:1:1::11 community 64532:200
+allow to 2001:db8:1:1::11 ext-community rt 64532:200
+allow to 2001:db8:1:1::11 large-community 999:64532:200
+
+
+# announce_to_peers_with_rtt_lower_than 500 ms
+allow to 2001:db8:1:1::11 community 64532:500
+allow to 2001:db8:1:1::11 ext-community rt 64532:500
+allow to 2001:db8:1:1::11 large-community 999:64532:500
+
+
+# announce_to_peer
+allow to 2001:db8:1:1::11 community 65501:1
+allow to 2001:db8:1:1::11 ext-community rt 65501:1
+allow to 2001:db8:1:1::11 large-community 999:65501:1
+
+
+# Add the $INTCOMM_PROCESS_PREPEND_COMMS ext community to signal that communities
+# for prepending can be processed. As soon as one prepending action is performed,
+# this internal community is removed, so that further actions are not processed.
+match to 2001:db8:1:1::11 set ext-community $INTCOMM_PROCESS_PREPEND_COMMS
+
+# prepend_once_to_peer AS1; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 65521:1 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 65521:1 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:65521:1 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+# prepend_twice_to_peer AS1; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 65522:1 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 65522:1 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:65522:1 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+# prepend_thrice_to_peer AS1; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 65523:1 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 65523:1 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:65523:1 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_once_to_peers_with_rtt_lower_than 5 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64534:5 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64534:5 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64534:5 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_twice_to_peers_with_rtt_lower_than 5 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64535:5 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64535:5 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64535:5 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_thrice_to_peers_with_rtt_lower_than 5 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64536:5 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64536:5 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64536:5 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_once_to_peers_with_rtt_lower_than 10 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64534:10 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64534:10 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64534:10 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_twice_to_peers_with_rtt_lower_than 10 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64535:10 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64535:10 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64535:10 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_thrice_to_peers_with_rtt_lower_than 10 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64536:10 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64536:10 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64536:10 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_once_to_peers_with_rtt_lower_than 15 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64534:15 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64534:15 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64534:15 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_twice_to_peers_with_rtt_lower_than 15 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64535:15 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64535:15 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64535:15 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_thrice_to_peers_with_rtt_lower_than 15 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64536:15 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64536:15 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64536:15 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_once_to_peers_with_rtt_lower_than 20 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64534:20 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64534:20 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64534:20 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_twice_to_peers_with_rtt_lower_than 20 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64535:20 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64535:20 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64535:20 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_thrice_to_peers_with_rtt_lower_than 20 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64536:20 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64536:20 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64536:20 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_once_to_peers_with_rtt_lower_than 30 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64534:30 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64534:30 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64534:30 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_twice_to_peers_with_rtt_lower_than 30 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64535:30 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64535:30 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64535:30 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_thrice_to_peers_with_rtt_lower_than 30 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64536:30 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64536:30 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64536:30 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_once_to_peers_with_rtt_lower_than 50 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64534:50 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64534:50 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64534:50 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_twice_to_peers_with_rtt_lower_than 50 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64535:50 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64535:50 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64535:50 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_thrice_to_peers_with_rtt_lower_than 50 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64536:50 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64536:50 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64536:50 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_once_to_peers_with_rtt_lower_than 100 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64534:100 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64534:100 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64534:100 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_twice_to_peers_with_rtt_lower_than 100 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64535:100 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64535:100 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64535:100 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_thrice_to_peers_with_rtt_lower_than 100 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64536:100 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64536:100 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64536:100 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_once_to_peers_with_rtt_lower_than 200 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64534:200 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64534:200 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64534:200 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_twice_to_peers_with_rtt_lower_than 200 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64535:200 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64535:200 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64535:200 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_thrice_to_peers_with_rtt_lower_than 200 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64536:200 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64536:200 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64536:200 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_once_to_peers_with_rtt_lower_than 500 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64534:500 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64534:500 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64534:500 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_twice_to_peers_with_rtt_lower_than 500 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64535:500 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64535:500 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64535:500 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_thrice_to_peers_with_rtt_lower_than 500 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64536:500 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64536:500 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64536:500 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+
+# prepend_once_to_any; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 65521:65521 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 65521:65521 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:65521:65521 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+# prepend_twice_to_any; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 65522:65522 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 65522:65522 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:65522:65522 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+# prepend_thrice_to_any; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 65523:65523 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 65523:65523 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:65523:65523 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+
+# ---------------------------------------------
+# client AS1_3, inbound
+
+
+
+# NEXT_HOP
+match from 192.0.2.12 set community NO_ADVERTISE
+match from 192.0.2.12 nexthop 192.0.2.11 set community delete NO_ADVERTISE
+match from 192.0.2.12 nexthop 192.0.2.12 set community delete NO_ADVERTISE
+# Reject inbound routes when 'from 192.0.2.12 community NO_ADVERTISE' - reject code: 5
+allow quick from 192.0.2.12 community NO_ADVERTISE set {
+	localpref 1
+	community 65520:0
+	community 65520:5
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: left-most ASN
+# Reject inbound routes when 'from 192.0.2.12 peer-as != 1' - reject code: 6
+# community from reject_cause_map
+allow quick from 192.0.2.12 peer-as != 1 set {
+	localpref 1
+	community 65520:0
+	community 65520:6
+	large-community 999:1101:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: invalid ASNs
+# Reject inbound routes when 'from 192.0.2.12 AS 23456' - reject code: 7
+allow quick from 192.0.2.12 AS 23456 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 192.0.2.12 AS 64496 - 131071' - reject code: 7
+allow quick from 192.0.2.12 AS 64496 - 131071 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 192.0.2.12 AS 4200000000 - 4294967295' - reject code: 7
+allow quick from 192.0.2.12 AS 4200000000 - 4294967295 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: transit-free ASNs
+# Reject inbound routes when 'from 192.0.2.12 AS { 3, 174 }' - reject code: 8
+allow quick from 192.0.2.12 AS { 3, 174 } set {
+	localpref 1
+	community 65520:0
+	community 65520:8
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: never via route-servers ASNs
+# Reject inbound routes when 'from 192.0.2.12 AS as-set neverviarouteserver' - reject code: 15
+allow quick from 192.0.2.12 AS as-set neverviarouteserver set {
+	localpref 1
+	community 65520:0
+	community 65520:15
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+match from 192.0.2.12 set ext-community $INTCOMM_IRR_REJECT
+
+# AS_PATH: check origin via AS-SET
+# IRRDB filters for AS1_3, AS1: asns
+# add $INTCOMM_ORIGIN_KO to any; it will be removed later if at least one AS-SET authorizes this object
+match from 192.0.2.12 set ext-community $INTCOMM_ORIGIN_KO
+# verifying if object is authorized by AS-SETs
+match from 192.0.2.12 source-as as-set AS_SET_AS_AS1_AS_AS1_CUSTOMERS_asns set {
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community $INTCOMM_ORIGIN_OK
+} # AS_AS1_AS_AS1_CUSTOMERS
+# AS-SET AS1 referenced but empty.
+
+
+# Prefix: check prefix via AS-SET
+# IRRDB filters for AS1_3, AS1: prefixes
+# add $INTCOMM_PREFIX_KO to any; it will be removed later if at least one AS-SET authorizes this object
+match from 192.0.2.12 set ext-community $INTCOMM_PREFIX_KO
+# verifying if object is authorized by AS-SETs
+match from 192.0.2.12 prefix-set AS_SET_AS_AS1_AS_AS1_CUSTOMERS_prefixes set {
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community $INTCOMM_PREFIX_OK
+} # AS_AS1_AS_AS1_CUSTOMERS
+# AS-SET AS1 referenced but empty.
+
+
+# routes tagged with $INTCOMM_PREF_OK_ROA community have the prefix validated by a ROA; origin ASN previously validated ($INTCOMM_ORIGIN_OK)
+match from 192.0.2.12 ext-community $INTCOMM_ORIGIN_OK ext-community $INTCOMM_PREF_OK_ROA set ext-community delete $INTCOMM_IRR_REJECT
+
+# routes tagged with $INTCOMM_PREF_OK_ARINDB community have the prefix validated by an ARIN Whois record; origin ASN previously validated ($INTCOMM_ORIGIN_OK)
+match from 192.0.2.12 ext-community $INTCOMM_ORIGIN_OK ext-community $INTCOMM_PREF_OK_ARINDB set ext-community delete $INTCOMM_IRR_REJECT
+
+# routes tagged with $INTCOMM_PREF_OK_REGISTROBRDB community have the prefix validated by a NICBR Whois record; origin ASN previously validated ($INTCOMM_ORIGIN_OK)
+match from 192.0.2.12 ext-community $INTCOMM_ORIGIN_OK ext-community $INTCOMM_PREF_OK_REGISTROBRDB set ext-community delete $INTCOMM_IRR_REJECT
+
+
+# enforcing: origin ASN
+# Reject inbound routes when 'from 192.0.2.12 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_ORIGIN_KO' - reject code: 9
+allow quick from 192.0.2.12 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_ORIGIN_KO set {
+	localpref 1
+	community 65520:0
+	community 65520:9
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# enforcing: prefix
+# Reject inbound routes when 'from 192.0.2.12 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_PREFIX_KO' - reject code: 12
+allow quick from 192.0.2.12 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_PREFIX_KO set {
+	localpref 1
+	community 65520:0
+	community 65520:12
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# Blackhole request?
+match from 192.0.2.12 set ext-community delete rt 65520:1
+
+
+# Remove internal communities before accepting the route
+match from 192.0.2.12 community BLACKHOLE set {
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+allow from 192.0.2.12 community 65534:0 set {
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+allow from 192.0.2.12 large-community 65534:0:0 set {
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# Add the rpki_bgp_origin_validation_not_performed community
+match from 192.0.2.12 community BLACKHOLE set community 65530:4
+match from 192.0.2.12 community BLACKHOLE set large-community 999:65530:4
+
+match from 192.0.2.12 community 65534:0 set { community 65530:4 large-community 999:65530:4}
+match from 192.0.2.12 large-community 65534:0:0 set { community 65530:4 large-community 999:65530:4}
+
+
+allow quick from 192.0.2.12 community BLACKHOLE
+allow quick from 192.0.2.12 community 65534:0
+allow quick from 192.0.2.12 large-community 65534:0:0
+
+
+match from 192.0.2.12 set ext-community rt 65520:1
+
+
+# RPKI-based Origin Validation
+# Reject inbound routes when 'from 192.0.2.12 ext-community $INTCOMM_RPKI_INVALID' - reject code: 14
+allow quick from 192.0.2.12 ext-community $INTCOMM_RPKI_INVALID set {
+	localpref 1
+	community 65520:0
+	community 65520:14
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# Prefix: length
+# Reject inbound routes when 'from 192.0.2.12 prefix 0.0.0.0/0 prefixlen 8 >< 24' - reject code: 13
+allow quick from 192.0.2.12 prefix 0.0.0.0/0 prefixlen 8 >< 24 set {
+	localpref 1
+	community 65520:0
+	community 65520:13
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# Graceful shutdown
+match from 192.0.2.12 community GRACEFUL_SHUTDOWN set localpref 5
+
+# Remove internal communities before accepting the route
+match from 192.0.2.12 set {
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+match from 192.0.2.12 set ext-community delete rt 65520:1
+
+
+
+allow quick from 192.0.2.12
+
+
+
+# ---------------------------------------------
+# client AS1_3, outbound
+
+deny quick to 192.0.2.12 community 65520:0
+
+
+
+# Blackhole request?
+# Client not enabled to receive blackhole routes
+deny quick to 192.0.2.12 community BLACKHOLE
+deny quick to 192.0.2.12 community 65534:0
+deny quick to 192.0.2.12 large-community 65534:0:0
+
+
+# RPKI-based Origin Validation
+# Do not announce INVALID to clients
+deny quick to 192.0.2.12 ext-community $INTCOMM_RPKI_INVALID
+
+# NO_EXPORT and NO_ADVERTISE communities
+# add_noexport_to_any
+match to 192.0.2.12 community 65507:999 set community NO_EXPORT
+match to 192.0.2.12 ext-community rt 65507:999 set community NO_EXPORT
+match to 192.0.2.12 large-community 999:65507:999 set community NO_EXPORT
+
+# add_noadvertise_to_any
+match to 192.0.2.12 community 65508:999 set community NO_ADVERTISE
+match to 192.0.2.12 ext-community rt 65508:999 set community NO_ADVERTISE
+match to 192.0.2.12 large-community 999:65508:999 set community NO_ADVERTISE
+
+# add_noexport_to_peer
+match to 192.0.2.12 community 65509:1 set community NO_EXPORT
+match to 192.0.2.12 ext-community rt 65509:1 set community NO_EXPORT
+match to 192.0.2.12 large-community 999:65509:1 set community NO_EXPORT
+
+# add_noadvertise_to_peer
+match to 192.0.2.12 community 65510:1 set community NO_ADVERTISE
+match to 192.0.2.12 ext-community rt 65510:1 set community NO_ADVERTISE
+match to 192.0.2.12 large-community 999:65510:1 set community NO_ADVERTISE
+
+
+# BGP control communities
+allow to 192.0.2.12
+
+# do_not_announce_to_any
+deny to 192.0.2.12 community 0:999
+deny to 192.0.2.12 ext-community rt 0:999
+deny to 192.0.2.12 large-community 999:0:999
+
+# do_not_announce_to_peer
+deny quick to 192.0.2.12 community 0:1
+deny quick to 192.0.2.12 ext-community rt 0:1
+deny quick to 192.0.2.12 large-community 999:0:1
+
+# announce_to_peer
+allow to 192.0.2.12 community 65501:1
+allow to 192.0.2.12 ext-community rt 65501:1
+allow to 192.0.2.12 large-community 999:65501:1
+
+
+# Add the $INTCOMM_PROCESS_PREPEND_COMMS ext community to signal that communities
+# for prepending can be processed. As soon as one prepending action is performed,
+# this internal community is removed, so that further actions are not processed.
+match to 192.0.2.12 set ext-community $INTCOMM_PROCESS_PREPEND_COMMS
+
+# prepend_once_to_peer AS1; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 65521:1 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 65521:1 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:65521:1 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+# prepend_twice_to_peer AS1; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 65522:1 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 65522:1 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:65522:1 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+# prepend_thrice_to_peer AS1; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 65523:1 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 65523:1 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:65523:1 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+
+# prepend_once_to_any; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 65521:65521 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 65521:65521 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:65521:65521 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+# prepend_twice_to_any; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 65522:65522 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 65522:65522 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:65522:65522 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+# prepend_thrice_to_any; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 65523:65523 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 65523:65523 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:65523:65523 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+
+# ---------------------------------------------
+# client AS1_4, inbound
+
+
+
+# NEXT_HOP
+match from 2001:db8:1:1::12 set community NO_ADVERTISE
+match from 2001:db8:1:1::12 nexthop 2001:db8:1:1::11 set community delete NO_ADVERTISE
+match from 2001:db8:1:1::12 nexthop 2001:db8:1:1::12 set community delete NO_ADVERTISE
+# Reject inbound routes when 'from 2001:db8:1:1::12 community NO_ADVERTISE' - reject code: 5
+allow quick from 2001:db8:1:1::12 community NO_ADVERTISE set {
+	localpref 1
+	community 65520:0
+	community 65520:5
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: left-most ASN
+# Reject inbound routes when 'from 2001:db8:1:1::12 peer-as != 1' - reject code: 6
+# community from reject_cause_map
+allow quick from 2001:db8:1:1::12 peer-as != 1 set {
+	localpref 1
+	community 65520:0
+	community 65520:6
+	large-community 999:1101:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: invalid ASNs
+# Reject inbound routes when 'from 2001:db8:1:1::12 AS 23456' - reject code: 7
+allow quick from 2001:db8:1:1::12 AS 23456 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 2001:db8:1:1::12 AS 64496 - 131071' - reject code: 7
+allow quick from 2001:db8:1:1::12 AS 64496 - 131071 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 2001:db8:1:1::12 AS 4200000000 - 4294967295' - reject code: 7
+allow quick from 2001:db8:1:1::12 AS 4200000000 - 4294967295 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: transit-free ASNs
+# Reject inbound routes when 'from 2001:db8:1:1::12 AS { 3, 174 }' - reject code: 8
+allow quick from 2001:db8:1:1::12 AS { 3, 174 } set {
+	localpref 1
+	community 65520:0
+	community 65520:8
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: never via route-servers ASNs
+# Reject inbound routes when 'from 2001:db8:1:1::12 AS as-set neverviarouteserver' - reject code: 15
+allow quick from 2001:db8:1:1::12 AS as-set neverviarouteserver set {
+	localpref 1
+	community 65520:0
+	community 65520:15
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+match from 2001:db8:1:1::12 set ext-community $INTCOMM_IRR_REJECT
+
+# AS_PATH: check origin via AS-SET
+# IRRDB filters for AS1_4, AS1: asns
+# add $INTCOMM_ORIGIN_KO to any; it will be removed later if at least one AS-SET authorizes this object
+match from 2001:db8:1:1::12 set ext-community $INTCOMM_ORIGIN_KO
+# verifying if object is authorized by AS-SETs
+match from 2001:db8:1:1::12 source-as as-set AS_SET_AS_AS1_AS_AS1_CUSTOMERS_asns set {
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community $INTCOMM_ORIGIN_OK
+} # AS_AS1_AS_AS1_CUSTOMERS
+# AS-SET AS1 referenced but empty.
+
+
+# Prefix: check prefix via AS-SET
+# IRRDB filters for AS1_4, AS1: prefixes
+# add $INTCOMM_PREFIX_KO to any; it will be removed later if at least one AS-SET authorizes this object
+match from 2001:db8:1:1::12 set ext-community $INTCOMM_PREFIX_KO
+# verifying if object is authorized by AS-SETs
+match from 2001:db8:1:1::12 prefix-set AS_SET_AS_AS1_AS_AS1_CUSTOMERS_prefixes set {
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community $INTCOMM_PREFIX_OK
+} # AS_AS1_AS_AS1_CUSTOMERS
+# AS-SET AS1 referenced but empty.
+
+
+# routes tagged with $INTCOMM_PREF_OK_ROA community have the prefix validated by a ROA; origin ASN previously validated ($INTCOMM_ORIGIN_OK)
+match from 2001:db8:1:1::12 ext-community $INTCOMM_ORIGIN_OK ext-community $INTCOMM_PREF_OK_ROA set ext-community delete $INTCOMM_IRR_REJECT
+
+# routes tagged with $INTCOMM_PREF_OK_ARINDB community have the prefix validated by an ARIN Whois record; origin ASN previously validated ($INTCOMM_ORIGIN_OK)
+match from 2001:db8:1:1::12 ext-community $INTCOMM_ORIGIN_OK ext-community $INTCOMM_PREF_OK_ARINDB set ext-community delete $INTCOMM_IRR_REJECT
+
+# routes tagged with $INTCOMM_PREF_OK_REGISTROBRDB community have the prefix validated by a NICBR Whois record; origin ASN previously validated ($INTCOMM_ORIGIN_OK)
+match from 2001:db8:1:1::12 ext-community $INTCOMM_ORIGIN_OK ext-community $INTCOMM_PREF_OK_REGISTROBRDB set ext-community delete $INTCOMM_IRR_REJECT
+
+
+# enforcing: origin ASN
+# Reject inbound routes when 'from 2001:db8:1:1::12 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_ORIGIN_KO' - reject code: 9
+allow quick from 2001:db8:1:1::12 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_ORIGIN_KO set {
+	localpref 1
+	community 65520:0
+	community 65520:9
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# enforcing: prefix
+# Reject inbound routes when 'from 2001:db8:1:1::12 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_PREFIX_KO' - reject code: 12
+allow quick from 2001:db8:1:1::12 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_PREFIX_KO set {
+	localpref 1
+	community 65520:0
+	community 65520:12
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# Blackhole request?
+match from 2001:db8:1:1::12 set ext-community delete rt 65520:1
+
+
+# Remove internal communities before accepting the route
+match from 2001:db8:1:1::12 community BLACKHOLE set {
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+allow from 2001:db8:1:1::12 community 65534:0 set {
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+allow from 2001:db8:1:1::12 large-community 65534:0:0 set {
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# Add the rpki_bgp_origin_validation_not_performed community
+match from 2001:db8:1:1::12 community BLACKHOLE set community 65530:4
+match from 2001:db8:1:1::12 community BLACKHOLE set large-community 999:65530:4
+
+match from 2001:db8:1:1::12 community 65534:0 set { community 65530:4 large-community 999:65530:4}
+match from 2001:db8:1:1::12 large-community 65534:0:0 set { community 65530:4 large-community 999:65530:4}
+
+
+allow quick from 2001:db8:1:1::12 community BLACKHOLE
+allow quick from 2001:db8:1:1::12 community 65534:0
+allow quick from 2001:db8:1:1::12 large-community 65534:0:0
+
+
+match from 2001:db8:1:1::12 set ext-community rt 65520:1
+
+
+# RPKI-based Origin Validation
+# Reject inbound routes when 'from 2001:db8:1:1::12 ext-community $INTCOMM_RPKI_INVALID' - reject code: 14
+allow quick from 2001:db8:1:1::12 ext-community $INTCOMM_RPKI_INVALID set {
+	localpref 1
+	community 65520:0
+	community 65520:14
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# Prefix: length
+# Reject inbound routes when 'from 2001:db8:1:1::12 prefix ::/0 prefixlen 17 >< 48' - reject code: 13
+allow quick from 2001:db8:1:1::12 prefix ::/0 prefixlen 17 >< 48 set {
+	localpref 1
+	community 65520:0
+	community 65520:13
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# Graceful shutdown
+match from 2001:db8:1:1::12 community GRACEFUL_SHUTDOWN set localpref 5
+
+# Remove internal communities before accepting the route
+match from 2001:db8:1:1::12 set {
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+match from 2001:db8:1:1::12 set ext-community delete rt 65520:1
+
+
+
+allow quick from 2001:db8:1:1::12
+
+
+
+# ---------------------------------------------
+# client AS1_4, outbound
+
+deny quick to 2001:db8:1:1::12 community 65520:0
+
+
+
+# Blackhole request?
+# Client not enabled to receive blackhole routes
+deny quick to 2001:db8:1:1::12 community BLACKHOLE
+deny quick to 2001:db8:1:1::12 community 65534:0
+deny quick to 2001:db8:1:1::12 large-community 65534:0:0
+
+
+# RPKI-based Origin Validation
+# Do not announce INVALID to clients
+deny quick to 2001:db8:1:1::12 ext-community $INTCOMM_RPKI_INVALID
+
+# NO_EXPORT and NO_ADVERTISE communities
+# add_noexport_to_any
+match to 2001:db8:1:1::12 community 65507:999 set community NO_EXPORT
+match to 2001:db8:1:1::12 ext-community rt 65507:999 set community NO_EXPORT
+match to 2001:db8:1:1::12 large-community 999:65507:999 set community NO_EXPORT
+
+# add_noadvertise_to_any
+match to 2001:db8:1:1::12 community 65508:999 set community NO_ADVERTISE
+match to 2001:db8:1:1::12 ext-community rt 65508:999 set community NO_ADVERTISE
+match to 2001:db8:1:1::12 large-community 999:65508:999 set community NO_ADVERTISE
+
+# add_noexport_to_peer
+match to 2001:db8:1:1::12 community 65509:1 set community NO_EXPORT
+match to 2001:db8:1:1::12 ext-community rt 65509:1 set community NO_EXPORT
+match to 2001:db8:1:1::12 large-community 999:65509:1 set community NO_EXPORT
+
+# add_noadvertise_to_peer
+match to 2001:db8:1:1::12 community 65510:1 set community NO_ADVERTISE
+match to 2001:db8:1:1::12 ext-community rt 65510:1 set community NO_ADVERTISE
+match to 2001:db8:1:1::12 large-community 999:65510:1 set community NO_ADVERTISE
+
+
+# BGP control communities
+allow to 2001:db8:1:1::12
+
+# do_not_announce_to_any
+deny to 2001:db8:1:1::12 community 0:999
+deny to 2001:db8:1:1::12 ext-community rt 0:999
+deny to 2001:db8:1:1::12 large-community 999:0:999
+
+# do_not_announce_to_peer
+deny quick to 2001:db8:1:1::12 community 0:1
+deny quick to 2001:db8:1:1::12 ext-community rt 0:1
+deny quick to 2001:db8:1:1::12 large-community 999:0:1
+
+# do_not_announce_to_peers_with_rtt_lower_than 5 ms
+deny to 2001:db8:1:1::12 community 64530:5
+deny to 2001:db8:1:1::12 ext-community rt 64530:5
+deny to 2001:db8:1:1::12 large-community 999:64530:5
+
+
+# do_not_announce_to_peers_with_rtt_lower_than 10 ms
+deny to 2001:db8:1:1::12 community 64530:10
+deny to 2001:db8:1:1::12 ext-community rt 64530:10
+deny to 2001:db8:1:1::12 large-community 999:64530:10
+
+
+# do_not_announce_to_peers_with_rtt_lower_than 15 ms
+deny to 2001:db8:1:1::12 community 64530:15
+deny to 2001:db8:1:1::12 ext-community rt 64530:15
+deny to 2001:db8:1:1::12 large-community 999:64530:15
+
+
+# do_not_announce_to_peers_with_rtt_lower_than 20 ms
+deny to 2001:db8:1:1::12 community 64530:20
+deny to 2001:db8:1:1::12 ext-community rt 64530:20
+deny to 2001:db8:1:1::12 large-community 999:64530:20
+
+
+# do_not_announce_to_peers_with_rtt_lower_than 30 ms
+deny to 2001:db8:1:1::12 community 64530:30
+deny to 2001:db8:1:1::12 ext-community rt 64530:30
+deny to 2001:db8:1:1::12 large-community 999:64530:30
+
+
+# do_not_announce_to_peers_with_rtt_lower_than 50 ms
+deny to 2001:db8:1:1::12 community 64530:50
+deny to 2001:db8:1:1::12 ext-community rt 64530:50
+deny to 2001:db8:1:1::12 large-community 999:64530:50
+
+
+# do_not_announce_to_peers_with_rtt_lower_than 100 ms
+deny to 2001:db8:1:1::12 community 64530:100
+deny to 2001:db8:1:1::12 ext-community rt 64530:100
+deny to 2001:db8:1:1::12 large-community 999:64530:100
+
+
+# do_not_announce_to_peers_with_rtt_lower_than 200 ms
+deny to 2001:db8:1:1::12 community 64530:200
+deny to 2001:db8:1:1::12 ext-community rt 64530:200
+deny to 2001:db8:1:1::12 large-community 999:64530:200
+
+
+# do_not_announce_to_peers_with_rtt_lower_than 500 ms
+deny to 2001:db8:1:1::12 community 64530:500
+deny to 2001:db8:1:1::12 ext-community rt 64530:500
+deny to 2001:db8:1:1::12 large-community 999:64530:500
+
+
+# announce_to_peers_with_rtt_lower_than 5 ms
+allow to 2001:db8:1:1::12 community 64532:5
+allow to 2001:db8:1:1::12 ext-community rt 64532:5
+allow to 2001:db8:1:1::12 large-community 999:64532:5
+
+
+# announce_to_peers_with_rtt_lower_than 10 ms
+allow to 2001:db8:1:1::12 community 64532:10
+allow to 2001:db8:1:1::12 ext-community rt 64532:10
+allow to 2001:db8:1:1::12 large-community 999:64532:10
+
+
+# announce_to_peers_with_rtt_lower_than 15 ms
+allow to 2001:db8:1:1::12 community 64532:15
+allow to 2001:db8:1:1::12 ext-community rt 64532:15
+allow to 2001:db8:1:1::12 large-community 999:64532:15
+
+
+# announce_to_peers_with_rtt_lower_than 20 ms
+allow to 2001:db8:1:1::12 community 64532:20
+allow to 2001:db8:1:1::12 ext-community rt 64532:20
+allow to 2001:db8:1:1::12 large-community 999:64532:20
+
+
+# announce_to_peers_with_rtt_lower_than 30 ms
+allow to 2001:db8:1:1::12 community 64532:30
+allow to 2001:db8:1:1::12 ext-community rt 64532:30
+allow to 2001:db8:1:1::12 large-community 999:64532:30
+
+
+# announce_to_peers_with_rtt_lower_than 50 ms
+allow to 2001:db8:1:1::12 community 64532:50
+allow to 2001:db8:1:1::12 ext-community rt 64532:50
+allow to 2001:db8:1:1::12 large-community 999:64532:50
+
+
+# announce_to_peers_with_rtt_lower_than 100 ms
+allow to 2001:db8:1:1::12 community 64532:100
+allow to 2001:db8:1:1::12 ext-community rt 64532:100
+allow to 2001:db8:1:1::12 large-community 999:64532:100
+
+
+# announce_to_peers_with_rtt_lower_than 200 ms
+allow to 2001:db8:1:1::12 community 64532:200
+allow to 2001:db8:1:1::12 ext-community rt 64532:200
+allow to 2001:db8:1:1::12 large-community 999:64532:200
+
+
+# announce_to_peers_with_rtt_lower_than 500 ms
+allow to 2001:db8:1:1::12 community 64532:500
+allow to 2001:db8:1:1::12 ext-community rt 64532:500
+allow to 2001:db8:1:1::12 large-community 999:64532:500
+
+
+# announce_to_peer
+allow to 2001:db8:1:1::12 community 65501:1
+allow to 2001:db8:1:1::12 ext-community rt 65501:1
+allow to 2001:db8:1:1::12 large-community 999:65501:1
+
+
+# Add the $INTCOMM_PROCESS_PREPEND_COMMS ext community to signal that communities
+# for prepending can be processed. As soon as one prepending action is performed,
+# this internal community is removed, so that further actions are not processed.
+match to 2001:db8:1:1::12 set ext-community $INTCOMM_PROCESS_PREPEND_COMMS
+
+# prepend_once_to_peer AS1; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 65521:1 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 65521:1 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:65521:1 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+# prepend_twice_to_peer AS1; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 65522:1 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 65522:1 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:65522:1 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+# prepend_thrice_to_peer AS1; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 65523:1 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 65523:1 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:65523:1 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_once_to_peers_with_rtt_lower_than 5 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64534:5 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64534:5 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64534:5 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_twice_to_peers_with_rtt_lower_than 5 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64535:5 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64535:5 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64535:5 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_thrice_to_peers_with_rtt_lower_than 5 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64536:5 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64536:5 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64536:5 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_once_to_peers_with_rtt_lower_than 10 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64534:10 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64534:10 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64534:10 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_twice_to_peers_with_rtt_lower_than 10 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64535:10 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64535:10 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64535:10 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_thrice_to_peers_with_rtt_lower_than 10 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64536:10 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64536:10 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64536:10 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_once_to_peers_with_rtt_lower_than 15 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64534:15 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64534:15 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64534:15 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_twice_to_peers_with_rtt_lower_than 15 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64535:15 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64535:15 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64535:15 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_thrice_to_peers_with_rtt_lower_than 15 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64536:15 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64536:15 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64536:15 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_once_to_peers_with_rtt_lower_than 20 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64534:20 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64534:20 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64534:20 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_twice_to_peers_with_rtt_lower_than 20 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64535:20 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64535:20 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64535:20 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_thrice_to_peers_with_rtt_lower_than 20 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64536:20 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64536:20 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64536:20 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_once_to_peers_with_rtt_lower_than 30 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64534:30 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64534:30 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64534:30 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_twice_to_peers_with_rtt_lower_than 30 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64535:30 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64535:30 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64535:30 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_thrice_to_peers_with_rtt_lower_than 30 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64536:30 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64536:30 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64536:30 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_once_to_peers_with_rtt_lower_than 50 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64534:50 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64534:50 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64534:50 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_twice_to_peers_with_rtt_lower_than 50 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64535:50 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64535:50 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64535:50 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_thrice_to_peers_with_rtt_lower_than 50 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64536:50 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64536:50 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64536:50 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_once_to_peers_with_rtt_lower_than 100 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64534:100 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64534:100 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64534:100 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_twice_to_peers_with_rtt_lower_than 100 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64535:100 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64535:100 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64535:100 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_thrice_to_peers_with_rtt_lower_than 100 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64536:100 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64536:100 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64536:100 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_once_to_peers_with_rtt_lower_than 200 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64534:200 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64534:200 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64534:200 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_twice_to_peers_with_rtt_lower_than 200 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64535:200 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64535:200 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64535:200 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_thrice_to_peers_with_rtt_lower_than 200 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64536:200 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64536:200 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64536:200 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_once_to_peers_with_rtt_lower_than 500 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64534:500 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64534:500 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64534:500 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_twice_to_peers_with_rtt_lower_than 500 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64535:500 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64535:500 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64535:500 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_thrice_to_peers_with_rtt_lower_than 500 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64536:500 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64536:500 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64536:500 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+
+# prepend_once_to_any; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 65521:65521 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 65521:65521 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:65521:65521 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+# prepend_twice_to_any; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 65522:65522 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 65522:65522 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:65522:65522 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+# prepend_thrice_to_any; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 65523:65523 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 65523:65523 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:65523:65523 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+
+# ---------------------------------------------
+# client AS222_1, inbound
+
+
+
+# NEXT_HOP
+match from 192.0.2.222 set community NO_ADVERTISE
+match from 192.0.2.222 nexthop 192.0.2.222 set community delete NO_ADVERTISE
+# Reject inbound routes when 'from 192.0.2.222 community NO_ADVERTISE' - reject code: 5
+allow quick from 192.0.2.222 community NO_ADVERTISE set {
+	localpref 1
+	community 65520:0
+	community 65520:5
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: left-most ASN
+# Reject inbound routes when 'from 192.0.2.222 peer-as != 222' - reject code: 6
+# community from reject_cause_map
+allow quick from 192.0.2.222 peer-as != 222 set {
+	localpref 1
+	community 65520:0
+	community 65520:6
+	large-community 999:1101:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: invalid ASNs
+# Reject inbound routes when 'from 192.0.2.222 AS 23456' - reject code: 7
+allow quick from 192.0.2.222 AS 23456 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 192.0.2.222 AS 64496 - 131071' - reject code: 7
+allow quick from 192.0.2.222 AS 64496 - 131071 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 192.0.2.222 AS 4200000000 - 4294967295' - reject code: 7
+allow quick from 192.0.2.222 AS 4200000000 - 4294967295 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: transit-free ASNs
+# Reject inbound routes when 'from 192.0.2.222 AS { 3, 174 }' - reject code: 8
+allow quick from 192.0.2.222 AS { 3, 174 } set {
+	localpref 1
+	community 65520:0
+	community 65520:8
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: never via route-servers ASNs
+# Reject inbound routes when 'from 192.0.2.222 AS as-set neverviarouteserver' - reject code: 15
+allow quick from 192.0.2.222 AS as-set neverviarouteserver set {
+	localpref 1
+	community 65520:0
+	community 65520:15
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# client's white list
+# Add the $INTCOMM_ROUTE_OK_WL ext community to routes which
+# are validated by a client's white list entry.
+# It will be used later during IRRDB validation in
+# case the route is not authorized by a client's
+# AS-SET.
+match from 192.0.2.222 prefix 222.1.1.0/24 set ext-community $INTCOMM_ROUTE_OK_WL	# None
+match from 192.0.2.222 prefix 3222:0:1::/48 set ext-community $INTCOMM_ROUTE_OK_WL	# None
+
+match from 192.0.2.222 set ext-community $INTCOMM_IRR_REJECT
+
+# AS_PATH: check origin via AS-SET
+# IRRDB filters for AS222_1, AS222: asns
+# add $INTCOMM_ORIGIN_KO to any; it will be removed later if at least one AS-SET authorizes this object
+match from 192.0.2.222 set ext-community $INTCOMM_ORIGIN_KO
+# verifying if object is authorized by AS-SETs
+# AS-SET AS222 referenced but empty.
+match from 192.0.2.222 source-as as-set AS_SET_AS_AS222_asns set {
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community $INTCOMM_ORIGIN_OK
+} # AS_AS222
+
+
+# Prefix: check prefix via AS-SET
+# IRRDB filters for AS222_1, AS222: prefixes
+# add $INTCOMM_PREFIX_KO to any; it will be removed later if at least one AS-SET authorizes this object
+match from 192.0.2.222 set ext-community $INTCOMM_PREFIX_KO
+# verifying if object is authorized by AS-SETs
+# AS-SET AS222 referenced but empty.
+match from 192.0.2.222 prefix-set AS_SET_AS_AS222_prefixes set {
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community $INTCOMM_PREFIX_OK
+} # AS_AS222
+
+
+# routes tagged with $INTCOMM_PREF_OK_ROA community have the prefix validated by a ROA; origin ASN previously validated ($INTCOMM_ORIGIN_OK)
+match from 192.0.2.222 ext-community $INTCOMM_ORIGIN_OK ext-community $INTCOMM_PREF_OK_ROA set ext-community delete $INTCOMM_IRR_REJECT
+
+# routes tagged with $INTCOMM_PREF_OK_ARINDB community have the prefix validated by an ARIN Whois record; origin ASN previously validated ($INTCOMM_ORIGIN_OK)
+match from 192.0.2.222 ext-community $INTCOMM_ORIGIN_OK ext-community $INTCOMM_PREF_OK_ARINDB set ext-community delete $INTCOMM_IRR_REJECT
+
+# routes tagged with $INTCOMM_PREF_OK_REGISTROBRDB community have the prefix validated by a NICBR Whois record; origin ASN previously validated ($INTCOMM_ORIGIN_OK)
+match from 192.0.2.222 ext-community $INTCOMM_ORIGIN_OK ext-community $INTCOMM_PREF_OK_REGISTROBRDB set ext-community delete $INTCOMM_IRR_REJECT
+
+# route authorized by a client's white list?
+match from 192.0.2.222 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_ROUTE_OK_WL set ext-community delete $INTCOMM_IRR_REJECT
+
+# enforcing: origin ASN
+# Reject inbound routes when 'from 192.0.2.222 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_ORIGIN_KO' - reject code: 9
+allow quick from 192.0.2.222 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_ORIGIN_KO set {
+	localpref 1
+	community 65520:0
+	community 65520:9
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# enforcing: prefix
+# Reject inbound routes when 'from 192.0.2.222 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_PREFIX_KO' - reject code: 12
+allow quick from 192.0.2.222 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_PREFIX_KO set {
+	localpref 1
+	community 65520:0
+	community 65520:12
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# Blackhole request?
+match from 192.0.2.222 set ext-community delete rt 65520:222
+
+
+# Remove internal communities before accepting the route
+match from 192.0.2.222 community BLACKHOLE set {
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+allow from 192.0.2.222 community 65534:0 set {
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+allow from 192.0.2.222 large-community 65534:0:0 set {
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# Add the rpki_bgp_origin_validation_not_performed community
+match from 192.0.2.222 community BLACKHOLE set community 65530:4
+match from 192.0.2.222 community BLACKHOLE set large-community 999:65530:4
+
+match from 192.0.2.222 community 65534:0 set { community 65530:4 large-community 999:65530:4}
+match from 192.0.2.222 large-community 65534:0:0 set { community 65530:4 large-community 999:65530:4}
+
+
+allow quick from 192.0.2.222 community BLACKHOLE
+allow quick from 192.0.2.222 community 65534:0
+allow quick from 192.0.2.222 large-community 65534:0:0
+
+
+match from 192.0.2.222 set ext-community rt 65520:222
+
+
+# RPKI-based Origin Validation
+# Reject inbound routes when 'from 192.0.2.222 ext-community $INTCOMM_RPKI_INVALID' - reject code: 14
+allow quick from 192.0.2.222 ext-community $INTCOMM_RPKI_INVALID set {
+	localpref 1
+	community 65520:0
+	community 65520:14
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# Prefix: length
+# Reject inbound routes when 'from 192.0.2.222 prefix 0.0.0.0/0 prefixlen 8 >< 24' - reject code: 13
+allow quick from 192.0.2.222 prefix 0.0.0.0/0 prefixlen 8 >< 24 set {
+	localpref 1
+	community 65520:0
+	community 65520:13
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# Graceful shutdown
+match from 192.0.2.222 community GRACEFUL_SHUTDOWN set localpref 5
+
+# Remove internal communities before accepting the route
+match from 192.0.2.222 set {
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+match from 192.0.2.222 set ext-community delete rt 65520:222
+
+
+
+allow quick from 192.0.2.222
+
+
+
+# ---------------------------------------------
+# client AS222_1, outbound
+
+deny quick to 192.0.2.222 community 65520:0
+
+
+
+# Blackhole request?
+# Configured policy: rewrite-next-hop
+match to 192.0.2.222 community 65534:0 set community BLACKHOLE
+match to 192.0.2.222 large-community 65534:0:0 set community BLACKHOLE
+
+match to 192.0.2.222 community BLACKHOLE set community NO_EXPORT
+match to 192.0.2.222 community BLACKHOLE set nexthop 192.0.2.66
+
+
+# RPKI-based Origin Validation
+# Do not announce INVALID to clients
+deny quick to 192.0.2.222 ext-community $INTCOMM_RPKI_INVALID
+
+# NO_EXPORT and NO_ADVERTISE communities
+# add_noexport_to_any
+match to 192.0.2.222 community 65507:999 set community NO_EXPORT
+match to 192.0.2.222 ext-community rt 65507:999 set community NO_EXPORT
+match to 192.0.2.222 large-community 999:65507:999 set community NO_EXPORT
+
+# add_noadvertise_to_any
+match to 192.0.2.222 community 65508:999 set community NO_ADVERTISE
+match to 192.0.2.222 ext-community rt 65508:999 set community NO_ADVERTISE
+match to 192.0.2.222 large-community 999:65508:999 set community NO_ADVERTISE
+
+# add_noexport_to_peer
+match to 192.0.2.222 community 65509:222 set community NO_EXPORT
+match to 192.0.2.222 ext-community rt 65509:222 set community NO_EXPORT
+match to 192.0.2.222 large-community 999:65509:222 set community NO_EXPORT
+
+# add_noadvertise_to_peer
+match to 192.0.2.222 community 65510:222 set community NO_ADVERTISE
+match to 192.0.2.222 ext-community rt 65510:222 set community NO_ADVERTISE
+match to 192.0.2.222 large-community 999:65510:222 set community NO_ADVERTISE
+
+
+# BGP control communities
+allow to 192.0.2.222
+
+# do_not_announce_to_any
+deny to 192.0.2.222 community 0:999
+deny to 192.0.2.222 ext-community rt 0:999
+deny to 192.0.2.222 large-community 999:0:999
+
+# do_not_announce_to_peer
+deny quick to 192.0.2.222 community 0:222
+deny quick to 192.0.2.222 ext-community rt 0:222
+deny quick to 192.0.2.222 large-community 999:0:222
+
+# announce_to_peer
+allow to 192.0.2.222 community 65501:222
+allow to 192.0.2.222 ext-community rt 65501:222
+allow to 192.0.2.222 large-community 999:65501:222
+
+
+# Add the $INTCOMM_PROCESS_PREPEND_COMMS ext community to signal that communities
+# for prepending can be processed. As soon as one prepending action is performed,
+# this internal community is removed, so that further actions are not processed.
+match to 192.0.2.222 set ext-community $INTCOMM_PROCESS_PREPEND_COMMS
+
+# prepend_once_to_peer AS222; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.222 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 65521:222 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.222 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 65521:222 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.222 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:65521:222 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+# prepend_twice_to_peer AS222; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.222 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 65522:222 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.222 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 65522:222 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.222 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:65522:222 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+# prepend_thrice_to_peer AS222; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.222 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 65523:222 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.222 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 65523:222 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.222 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:65523:222 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+
+# prepend_once_to_any; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.222 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 65521:65521 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.222 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 65521:65521 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.222 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:65521:65521 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+# prepend_twice_to_any; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.222 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 65522:65522 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.222 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 65522:65522 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.222 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:65522:65522 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+# prepend_thrice_to_any; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.222 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 65523:65523 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.222 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 65523:65523 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.222 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:65523:65523 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+
+# ---------------------------------------------
+# client AS222_2, inbound
+
+
+
+# NEXT_HOP
+match from 2001:db8:1:1::222 set community NO_ADVERTISE
+match from 2001:db8:1:1::222 nexthop 2001:db8:1:1::222 set community delete NO_ADVERTISE
+# Reject inbound routes when 'from 2001:db8:1:1::222 community NO_ADVERTISE' - reject code: 5
+allow quick from 2001:db8:1:1::222 community NO_ADVERTISE set {
+	localpref 1
+	community 65520:0
+	community 65520:5
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: left-most ASN
+# Reject inbound routes when 'from 2001:db8:1:1::222 peer-as != 222' - reject code: 6
+# community from reject_cause_map
+allow quick from 2001:db8:1:1::222 peer-as != 222 set {
+	localpref 1
+	community 65520:0
+	community 65520:6
+	large-community 999:1101:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: invalid ASNs
+# Reject inbound routes when 'from 2001:db8:1:1::222 AS 23456' - reject code: 7
+allow quick from 2001:db8:1:1::222 AS 23456 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 2001:db8:1:1::222 AS 64496 - 131071' - reject code: 7
+allow quick from 2001:db8:1:1::222 AS 64496 - 131071 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 2001:db8:1:1::222 AS 4200000000 - 4294967295' - reject code: 7
+allow quick from 2001:db8:1:1::222 AS 4200000000 - 4294967295 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: transit-free ASNs
+# Reject inbound routes when 'from 2001:db8:1:1::222 AS { 3, 174 }' - reject code: 8
+allow quick from 2001:db8:1:1::222 AS { 3, 174 } set {
+	localpref 1
+	community 65520:0
+	community 65520:8
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: never via route-servers ASNs
+# Reject inbound routes when 'from 2001:db8:1:1::222 AS as-set neverviarouteserver' - reject code: 15
+allow quick from 2001:db8:1:1::222 AS as-set neverviarouteserver set {
+	localpref 1
+	community 65520:0
+	community 65520:15
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# client's white list
+# Add the $INTCOMM_ROUTE_OK_WL ext community to routes which
+# are validated by a client's white list entry.
+# It will be used later during IRRDB validation in
+# case the route is not authorized by a client's
+# AS-SET.
+match from 2001:db8:1:1::222 prefix 222.1.1.0/24 set ext-community $INTCOMM_ROUTE_OK_WL	# None
+match from 2001:db8:1:1::222 prefix 3222:0:1::/48 set ext-community $INTCOMM_ROUTE_OK_WL	# None
+
+match from 2001:db8:1:1::222 set ext-community $INTCOMM_IRR_REJECT
+
+# AS_PATH: check origin via AS-SET
+# IRRDB filters for AS222_2, AS222: asns
+# add $INTCOMM_ORIGIN_KO to any; it will be removed later if at least one AS-SET authorizes this object
+match from 2001:db8:1:1::222 set ext-community $INTCOMM_ORIGIN_KO
+# verifying if object is authorized by AS-SETs
+# AS-SET AS222 referenced but empty.
+match from 2001:db8:1:1::222 source-as as-set AS_SET_AS_AS222_asns set {
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community $INTCOMM_ORIGIN_OK
+} # AS_AS222
+
+
+# Prefix: check prefix via AS-SET
+# IRRDB filters for AS222_2, AS222: prefixes
+# add $INTCOMM_PREFIX_KO to any; it will be removed later if at least one AS-SET authorizes this object
+match from 2001:db8:1:1::222 set ext-community $INTCOMM_PREFIX_KO
+# verifying if object is authorized by AS-SETs
+# AS-SET AS222 referenced but empty.
+match from 2001:db8:1:1::222 prefix-set AS_SET_AS_AS222_prefixes set {
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community $INTCOMM_PREFIX_OK
+} # AS_AS222
+
+
+# routes tagged with $INTCOMM_PREF_OK_ROA community have the prefix validated by a ROA; origin ASN previously validated ($INTCOMM_ORIGIN_OK)
+match from 2001:db8:1:1::222 ext-community $INTCOMM_ORIGIN_OK ext-community $INTCOMM_PREF_OK_ROA set ext-community delete $INTCOMM_IRR_REJECT
+
+# routes tagged with $INTCOMM_PREF_OK_ARINDB community have the prefix validated by an ARIN Whois record; origin ASN previously validated ($INTCOMM_ORIGIN_OK)
+match from 2001:db8:1:1::222 ext-community $INTCOMM_ORIGIN_OK ext-community $INTCOMM_PREF_OK_ARINDB set ext-community delete $INTCOMM_IRR_REJECT
+
+# routes tagged with $INTCOMM_PREF_OK_REGISTROBRDB community have the prefix validated by a NICBR Whois record; origin ASN previously validated ($INTCOMM_ORIGIN_OK)
+match from 2001:db8:1:1::222 ext-community $INTCOMM_ORIGIN_OK ext-community $INTCOMM_PREF_OK_REGISTROBRDB set ext-community delete $INTCOMM_IRR_REJECT
+
+# route authorized by a client's white list?
+match from 2001:db8:1:1::222 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_ROUTE_OK_WL set ext-community delete $INTCOMM_IRR_REJECT
+
+# enforcing: origin ASN
+# Reject inbound routes when 'from 2001:db8:1:1::222 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_ORIGIN_KO' - reject code: 9
+allow quick from 2001:db8:1:1::222 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_ORIGIN_KO set {
+	localpref 1
+	community 65520:0
+	community 65520:9
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# enforcing: prefix
+# Reject inbound routes when 'from 2001:db8:1:1::222 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_PREFIX_KO' - reject code: 12
+allow quick from 2001:db8:1:1::222 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_PREFIX_KO set {
+	localpref 1
+	community 65520:0
+	community 65520:12
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# Blackhole request?
+match from 2001:db8:1:1::222 set ext-community delete rt 65520:222
+
+
+# Remove internal communities before accepting the route
+match from 2001:db8:1:1::222 community BLACKHOLE set {
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+allow from 2001:db8:1:1::222 community 65534:0 set {
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+allow from 2001:db8:1:1::222 large-community 65534:0:0 set {
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# Add the rpki_bgp_origin_validation_not_performed community
+match from 2001:db8:1:1::222 community BLACKHOLE set community 65530:4
+match from 2001:db8:1:1::222 community BLACKHOLE set large-community 999:65530:4
+
+match from 2001:db8:1:1::222 community 65534:0 set { community 65530:4 large-community 999:65530:4}
+match from 2001:db8:1:1::222 large-community 65534:0:0 set { community 65530:4 large-community 999:65530:4}
+
+
+allow quick from 2001:db8:1:1::222 community BLACKHOLE
+allow quick from 2001:db8:1:1::222 community 65534:0
+allow quick from 2001:db8:1:1::222 large-community 65534:0:0
+
+
+match from 2001:db8:1:1::222 set ext-community rt 65520:222
+
+
+# RPKI-based Origin Validation
+# Reject inbound routes when 'from 2001:db8:1:1::222 ext-community $INTCOMM_RPKI_INVALID' - reject code: 14
+allow quick from 2001:db8:1:1::222 ext-community $INTCOMM_RPKI_INVALID set {
+	localpref 1
+	community 65520:0
+	community 65520:14
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# Prefix: length
+# Reject inbound routes when 'from 2001:db8:1:1::222 prefix ::/0 prefixlen 17 >< 48' - reject code: 13
+allow quick from 2001:db8:1:1::222 prefix ::/0 prefixlen 17 >< 48 set {
+	localpref 1
+	community 65520:0
+	community 65520:13
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# Graceful shutdown
+match from 2001:db8:1:1::222 community GRACEFUL_SHUTDOWN set localpref 5
+
+# Remove internal communities before accepting the route
+match from 2001:db8:1:1::222 set {
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+match from 2001:db8:1:1::222 set ext-community delete rt 65520:222
+
+
+
+allow quick from 2001:db8:1:1::222
+
+
+
+# ---------------------------------------------
+# client AS222_2, outbound
+
+deny quick to 2001:db8:1:1::222 community 65520:0
+
+
+
+# Blackhole request?
+# Configured policy: rewrite-next-hop
+match to 2001:db8:1:1::222 community 65534:0 set community BLACKHOLE
+match to 2001:db8:1:1::222 large-community 65534:0:0 set community BLACKHOLE
+
+match to 2001:db8:1:1::222 community BLACKHOLE set community NO_EXPORT
+match to 2001:db8:1:1::222 community BLACKHOLE set nexthop 2001:db8:1:1::66
+
+
+# RPKI-based Origin Validation
+# Do not announce INVALID to clients
+deny quick to 2001:db8:1:1::222 ext-community $INTCOMM_RPKI_INVALID
+
+# NO_EXPORT and NO_ADVERTISE communities
+# add_noexport_to_any
+match to 2001:db8:1:1::222 community 65507:999 set community NO_EXPORT
+match to 2001:db8:1:1::222 ext-community rt 65507:999 set community NO_EXPORT
+match to 2001:db8:1:1::222 large-community 999:65507:999 set community NO_EXPORT
+
+# add_noadvertise_to_any
+match to 2001:db8:1:1::222 community 65508:999 set community NO_ADVERTISE
+match to 2001:db8:1:1::222 ext-community rt 65508:999 set community NO_ADVERTISE
+match to 2001:db8:1:1::222 large-community 999:65508:999 set community NO_ADVERTISE
+
+# add_noexport_to_peer
+match to 2001:db8:1:1::222 community 65509:222 set community NO_EXPORT
+match to 2001:db8:1:1::222 ext-community rt 65509:222 set community NO_EXPORT
+match to 2001:db8:1:1::222 large-community 999:65509:222 set community NO_EXPORT
+
+# add_noadvertise_to_peer
+match to 2001:db8:1:1::222 community 65510:222 set community NO_ADVERTISE
+match to 2001:db8:1:1::222 ext-community rt 65510:222 set community NO_ADVERTISE
+match to 2001:db8:1:1::222 large-community 999:65510:222 set community NO_ADVERTISE
+
+
+# BGP control communities
+allow to 2001:db8:1:1::222
+
+# do_not_announce_to_any
+deny to 2001:db8:1:1::222 community 0:999
+deny to 2001:db8:1:1::222 ext-community rt 0:999
+deny to 2001:db8:1:1::222 large-community 999:0:999
+
+# do_not_announce_to_peer
+deny quick to 2001:db8:1:1::222 community 0:222
+deny quick to 2001:db8:1:1::222 ext-community rt 0:222
+deny quick to 2001:db8:1:1::222 large-community 999:0:222
+
+# announce_to_peer
+allow to 2001:db8:1:1::222 community 65501:222
+allow to 2001:db8:1:1::222 ext-community rt 65501:222
+allow to 2001:db8:1:1::222 large-community 999:65501:222
+
+
+# Add the $INTCOMM_PROCESS_PREPEND_COMMS ext community to signal that communities
+# for prepending can be processed. As soon as one prepending action is performed,
+# this internal community is removed, so that further actions are not processed.
+match to 2001:db8:1:1::222 set ext-community $INTCOMM_PROCESS_PREPEND_COMMS
+
+# prepend_once_to_peer AS222; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::222 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 65521:222 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::222 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 65521:222 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::222 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:65521:222 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+# prepend_twice_to_peer AS222; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::222 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 65522:222 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::222 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 65522:222 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::222 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:65522:222 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+# prepend_thrice_to_peer AS222; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::222 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 65523:222 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::222 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 65523:222 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::222 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:65523:222 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+
+# prepend_once_to_any; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::222 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 65521:65521 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::222 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 65521:65521 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::222 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:65521:65521 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+# prepend_twice_to_any; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::222 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 65522:65522 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::222 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 65522:65522 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::222 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:65522:65522 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+# prepend_thrice_to_any; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::222 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 65523:65523 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::222 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 65523:65523 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::222 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:65523:65523 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+
+# ---------------------------------------------
+# client AS2_1, inbound
+
+
+
+# NEXT_HOP
+match from 192.0.2.21 set community NO_ADVERTISE
+match from 192.0.2.21 nexthop 192.0.2.21 set community delete NO_ADVERTISE
+match from 192.0.2.21 nexthop 192.0.2.22 set community delete NO_ADVERTISE
+# Reject inbound routes when 'from 192.0.2.21 community NO_ADVERTISE' - reject code: 5
+allow quick from 192.0.2.21 community NO_ADVERTISE set {
+	localpref 1
+	community 65520:0
+	community 65520:5
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: left-most ASN
+# Reject inbound routes when 'from 192.0.2.21 peer-as != 2' - reject code: 6
+# community from reject_cause_map
+allow quick from 192.0.2.21 peer-as != 2 set {
+	localpref 1
+	community 65520:0
+	community 65520:6
+	large-community 999:1101:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: invalid ASNs
+# Reject inbound routes when 'from 192.0.2.21 AS 23456' - reject code: 7
+allow quick from 192.0.2.21 AS 23456 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 192.0.2.21 AS 64496 - 131071' - reject code: 7
+allow quick from 192.0.2.21 AS 64496 - 131071 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 192.0.2.21 AS 4200000000 - 4294967295' - reject code: 7
+allow quick from 192.0.2.21 AS 4200000000 - 4294967295 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: transit-free ASNs
+# Reject inbound routes when 'from 192.0.2.21 AS { 3, 174 }' - reject code: 8
+allow quick from 192.0.2.21 AS { 3, 174 } set {
+	localpref 1
+	community 65520:0
+	community 65520:8
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: never via route-servers ASNs
+# Reject inbound routes when 'from 192.0.2.21 AS as-set neverviarouteserver' - reject code: 15
+allow quick from 192.0.2.21 AS as-set neverviarouteserver set {
+	localpref 1
+	community 65520:0
+	community 65520:15
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+match from 192.0.2.21 set ext-community $INTCOMM_IRR_REJECT
+
+# AS_PATH: check origin via AS-SET
+# IRRDB filters for AS2_1, AS2: asns
+# add $INTCOMM_ORIGIN_KO to any; it will be removed later if at least one AS-SET authorizes this object
+match from 192.0.2.21 set ext-community $INTCOMM_ORIGIN_KO
+# verifying if object is authorized by AS-SETs
+# AS-SET AS2 referenced but empty.
+match from 192.0.2.21 source-as as-set AS_SET_AS_AS2_AS_AS2_CUSTOMERS_asns set {
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community $INTCOMM_ORIGIN_OK
+} # AS_AS2_AS_AS2_CUSTOMERS
+
+
+# Prefix: check prefix via AS-SET
+# IRRDB filters for AS2_1, AS2: prefixes
+# add $INTCOMM_PREFIX_KO to any; it will be removed later if at least one AS-SET authorizes this object
+match from 192.0.2.21 set ext-community $INTCOMM_PREFIX_KO
+# verifying if object is authorized by AS-SETs
+# AS-SET AS2 referenced but empty.
+match from 192.0.2.21 prefix-set AS_SET_AS_AS2_AS_AS2_CUSTOMERS_prefixes set {
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community $INTCOMM_PREFIX_OK
+} # AS_AS2_AS_AS2_CUSTOMERS
+
+
+# routes tagged with $INTCOMM_PREF_OK_ROA community have the prefix validated by a ROA; origin ASN previously validated ($INTCOMM_ORIGIN_OK)
+match from 192.0.2.21 ext-community $INTCOMM_ORIGIN_OK ext-community $INTCOMM_PREF_OK_ROA set ext-community delete $INTCOMM_IRR_REJECT
+
+# routes tagged with $INTCOMM_PREF_OK_ARINDB community have the prefix validated by an ARIN Whois record; origin ASN previously validated ($INTCOMM_ORIGIN_OK)
+match from 192.0.2.21 ext-community $INTCOMM_ORIGIN_OK ext-community $INTCOMM_PREF_OK_ARINDB set ext-community delete $INTCOMM_IRR_REJECT
+
+# routes tagged with $INTCOMM_PREF_OK_REGISTROBRDB community have the prefix validated by a NICBR Whois record; origin ASN previously validated ($INTCOMM_ORIGIN_OK)
+match from 192.0.2.21 ext-community $INTCOMM_ORIGIN_OK ext-community $INTCOMM_PREF_OK_REGISTROBRDB set ext-community delete $INTCOMM_IRR_REJECT
+
+
+# enforcing: origin ASN
+# Reject inbound routes when 'from 192.0.2.21 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_ORIGIN_KO' - reject code: 9
+allow quick from 192.0.2.21 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_ORIGIN_KO set {
+	localpref 1
+	community 65520:0
+	community 65520:9
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# enforcing: prefix
+# Reject inbound routes when 'from 192.0.2.21 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_PREFIX_KO' - reject code: 12
+allow quick from 192.0.2.21 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_PREFIX_KO set {
+	localpref 1
+	community 65520:0
+	community 65520:12
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# Blackhole request?
+match from 192.0.2.21 set ext-community delete rt 65520:2
+
+
+# Remove internal communities before accepting the route
+match from 192.0.2.21 community BLACKHOLE set {
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+allow from 192.0.2.21 community 65534:0 set {
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+allow from 192.0.2.21 large-community 65534:0:0 set {
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# Add the rpki_bgp_origin_validation_not_performed community
+match from 192.0.2.21 community BLACKHOLE set community 65530:4
+match from 192.0.2.21 community BLACKHOLE set large-community 999:65530:4
+
+match from 192.0.2.21 community 65534:0 set { community 65530:4 large-community 999:65530:4}
+match from 192.0.2.21 large-community 65534:0:0 set { community 65530:4 large-community 999:65530:4}
+
+
+allow quick from 192.0.2.21 community BLACKHOLE
+allow quick from 192.0.2.21 community 65534:0
+allow quick from 192.0.2.21 large-community 65534:0:0
+
+
+match from 192.0.2.21 set ext-community rt 65520:2
+
+
+# RPKI-based Origin Validation
+# Reject inbound routes when 'from 192.0.2.21 ext-community $INTCOMM_RPKI_INVALID' - reject code: 14
+allow quick from 192.0.2.21 ext-community $INTCOMM_RPKI_INVALID set {
+	localpref 1
+	community 65520:0
+	community 65520:14
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# Prefix: length
+# Reject inbound routes when 'from 192.0.2.21 prefix 0.0.0.0/0 prefixlen 8 >< 24' - reject code: 13
+allow quick from 192.0.2.21 prefix 0.0.0.0/0 prefixlen 8 >< 24 set {
+	localpref 1
+	community 65520:0
+	community 65520:13
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# Graceful shutdown
+match from 192.0.2.21 community GRACEFUL_SHUTDOWN set community delete GRACEFUL_SHUTDOWN
+
+# Remove internal communities before accepting the route
+match from 192.0.2.21 set {
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+match from 192.0.2.21 set ext-community delete rt 65520:2
+
+
+
+allow quick from 192.0.2.21
+
+
+
+# ---------------------------------------------
+# client AS2_1, outbound
+
+deny quick to 192.0.2.21 community 65520:0
+
+
+
+# Blackhole request?
+# Configured policy: rewrite-next-hop
+match to 192.0.2.21 community 65534:0 set community BLACKHOLE
+match to 192.0.2.21 large-community 65534:0:0 set community BLACKHOLE
+
+match to 192.0.2.21 community BLACKHOLE set community NO_EXPORT
+match to 192.0.2.21 community BLACKHOLE set nexthop 192.0.2.66
+
+
+# RPKI-based Origin Validation
+# Do not announce INVALID to clients
+deny quick to 192.0.2.21 ext-community $INTCOMM_RPKI_INVALID
+
+# NO_EXPORT and NO_ADVERTISE communities
+# add_noexport_to_any
+match to 192.0.2.21 community 65507:999 set community NO_EXPORT
+match to 192.0.2.21 ext-community rt 65507:999 set community NO_EXPORT
+match to 192.0.2.21 large-community 999:65507:999 set community NO_EXPORT
+
+# add_noadvertise_to_any
+match to 192.0.2.21 community 65508:999 set community NO_ADVERTISE
+match to 192.0.2.21 ext-community rt 65508:999 set community NO_ADVERTISE
+match to 192.0.2.21 large-community 999:65508:999 set community NO_ADVERTISE
+
+# add_noexport_to_peer
+match to 192.0.2.21 community 65509:2 set community NO_EXPORT
+match to 192.0.2.21 ext-community rt 65509:2 set community NO_EXPORT
+match to 192.0.2.21 large-community 999:65509:2 set community NO_EXPORT
+
+# add_noadvertise_to_peer
+match to 192.0.2.21 community 65510:2 set community NO_ADVERTISE
+match to 192.0.2.21 ext-community rt 65510:2 set community NO_ADVERTISE
+match to 192.0.2.21 large-community 999:65510:2 set community NO_ADVERTISE
+
+
+# BGP control communities
+allow to 192.0.2.21
+
+# do_not_announce_to_any
+deny to 192.0.2.21 community 0:999
+deny to 192.0.2.21 ext-community rt 0:999
+deny to 192.0.2.21 large-community 999:0:999
+
+# do_not_announce_to_peer
+deny quick to 192.0.2.21 community 0:2
+deny quick to 192.0.2.21 ext-community rt 0:2
+deny quick to 192.0.2.21 large-community 999:0:2
+
+# announce_to_peer
+allow to 192.0.2.21 community 65501:2
+allow to 192.0.2.21 ext-community rt 65501:2
+allow to 192.0.2.21 large-community 999:65501:2
+
+
+# Add the $INTCOMM_PROCESS_PREPEND_COMMS ext community to signal that communities
+# for prepending can be processed. As soon as one prepending action is performed,
+# this internal community is removed, so that further actions are not processed.
+match to 192.0.2.21 set ext-community $INTCOMM_PROCESS_PREPEND_COMMS
+
+# prepend_once_to_peer AS2; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 65521:2 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 65521:2 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:65521:2 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+# prepend_twice_to_peer AS2; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 65522:2 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 65522:2 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:65522:2 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+# prepend_thrice_to_peer AS2; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 65523:2 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 65523:2 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:65523:2 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+
+# prepend_once_to_any; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 65521:65521 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 65521:65521 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:65521:65521 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+# prepend_twice_to_any; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 65522:65522 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 65522:65522 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:65522:65522 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+# prepend_thrice_to_any; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 65523:65523 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 65523:65523 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:65523:65523 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+
+# ---------------------------------------------
+# client AS2_2, inbound
+
+
+
+# NEXT_HOP
+match from 2001:db8:1:1::21 set community NO_ADVERTISE
+match from 2001:db8:1:1::21 nexthop 2001:db8:1:1::21 set community delete NO_ADVERTISE
+match from 2001:db8:1:1::21 nexthop 2001:db8:1:1::22 set community delete NO_ADVERTISE
+# Reject inbound routes when 'from 2001:db8:1:1::21 community NO_ADVERTISE' - reject code: 5
+allow quick from 2001:db8:1:1::21 community NO_ADVERTISE set {
+	localpref 1
+	community 65520:0
+	community 65520:5
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: left-most ASN
+# Reject inbound routes when 'from 2001:db8:1:1::21 peer-as != 2' - reject code: 6
+# community from reject_cause_map
+allow quick from 2001:db8:1:1::21 peer-as != 2 set {
+	localpref 1
+	community 65520:0
+	community 65520:6
+	large-community 999:1101:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: invalid ASNs
+# Reject inbound routes when 'from 2001:db8:1:1::21 AS 23456' - reject code: 7
+allow quick from 2001:db8:1:1::21 AS 23456 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 2001:db8:1:1::21 AS 64496 - 131071' - reject code: 7
+allow quick from 2001:db8:1:1::21 AS 64496 - 131071 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 2001:db8:1:1::21 AS 4200000000 - 4294967295' - reject code: 7
+allow quick from 2001:db8:1:1::21 AS 4200000000 - 4294967295 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: transit-free ASNs
+# Reject inbound routes when 'from 2001:db8:1:1::21 AS { 3, 174 }' - reject code: 8
+allow quick from 2001:db8:1:1::21 AS { 3, 174 } set {
+	localpref 1
+	community 65520:0
+	community 65520:8
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: never via route-servers ASNs
+# Reject inbound routes when 'from 2001:db8:1:1::21 AS as-set neverviarouteserver' - reject code: 15
+allow quick from 2001:db8:1:1::21 AS as-set neverviarouteserver set {
+	localpref 1
+	community 65520:0
+	community 65520:15
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+match from 2001:db8:1:1::21 set ext-community $INTCOMM_IRR_REJECT
+
+# AS_PATH: check origin via AS-SET
+# IRRDB filters for AS2_2, AS2: asns
+# add $INTCOMM_ORIGIN_KO to any; it will be removed later if at least one AS-SET authorizes this object
+match from 2001:db8:1:1::21 set ext-community $INTCOMM_ORIGIN_KO
+# verifying if object is authorized by AS-SETs
+# AS-SET AS2 referenced but empty.
+match from 2001:db8:1:1::21 source-as as-set AS_SET_AS_AS2_AS_AS2_CUSTOMERS_asns set {
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community $INTCOMM_ORIGIN_OK
+} # AS_AS2_AS_AS2_CUSTOMERS
+
+
+# Prefix: check prefix via AS-SET
+# IRRDB filters for AS2_2, AS2: prefixes
+# add $INTCOMM_PREFIX_KO to any; it will be removed later if at least one AS-SET authorizes this object
+match from 2001:db8:1:1::21 set ext-community $INTCOMM_PREFIX_KO
+# verifying if object is authorized by AS-SETs
+# AS-SET AS2 referenced but empty.
+match from 2001:db8:1:1::21 prefix-set AS_SET_AS_AS2_AS_AS2_CUSTOMERS_prefixes set {
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community $INTCOMM_PREFIX_OK
+} # AS_AS2_AS_AS2_CUSTOMERS
+
+
+# routes tagged with $INTCOMM_PREF_OK_ROA community have the prefix validated by a ROA; origin ASN previously validated ($INTCOMM_ORIGIN_OK)
+match from 2001:db8:1:1::21 ext-community $INTCOMM_ORIGIN_OK ext-community $INTCOMM_PREF_OK_ROA set ext-community delete $INTCOMM_IRR_REJECT
+
+# routes tagged with $INTCOMM_PREF_OK_ARINDB community have the prefix validated by an ARIN Whois record; origin ASN previously validated ($INTCOMM_ORIGIN_OK)
+match from 2001:db8:1:1::21 ext-community $INTCOMM_ORIGIN_OK ext-community $INTCOMM_PREF_OK_ARINDB set ext-community delete $INTCOMM_IRR_REJECT
+
+# routes tagged with $INTCOMM_PREF_OK_REGISTROBRDB community have the prefix validated by a NICBR Whois record; origin ASN previously validated ($INTCOMM_ORIGIN_OK)
+match from 2001:db8:1:1::21 ext-community $INTCOMM_ORIGIN_OK ext-community $INTCOMM_PREF_OK_REGISTROBRDB set ext-community delete $INTCOMM_IRR_REJECT
+
+
+# enforcing: origin ASN
+# Reject inbound routes when 'from 2001:db8:1:1::21 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_ORIGIN_KO' - reject code: 9
+allow quick from 2001:db8:1:1::21 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_ORIGIN_KO set {
+	localpref 1
+	community 65520:0
+	community 65520:9
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# enforcing: prefix
+# Reject inbound routes when 'from 2001:db8:1:1::21 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_PREFIX_KO' - reject code: 12
+allow quick from 2001:db8:1:1::21 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_PREFIX_KO set {
+	localpref 1
+	community 65520:0
+	community 65520:12
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# Blackhole request?
+match from 2001:db8:1:1::21 set ext-community delete rt 65520:2
+
+
+# Remove internal communities before accepting the route
+match from 2001:db8:1:1::21 community BLACKHOLE set {
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+allow from 2001:db8:1:1::21 community 65534:0 set {
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+allow from 2001:db8:1:1::21 large-community 65534:0:0 set {
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# Add the rpki_bgp_origin_validation_not_performed community
+match from 2001:db8:1:1::21 community BLACKHOLE set community 65530:4
+match from 2001:db8:1:1::21 community BLACKHOLE set large-community 999:65530:4
+
+match from 2001:db8:1:1::21 community 65534:0 set { community 65530:4 large-community 999:65530:4}
+match from 2001:db8:1:1::21 large-community 65534:0:0 set { community 65530:4 large-community 999:65530:4}
+
+
+allow quick from 2001:db8:1:1::21 community BLACKHOLE
+allow quick from 2001:db8:1:1::21 community 65534:0
+allow quick from 2001:db8:1:1::21 large-community 65534:0:0
+
+
+match from 2001:db8:1:1::21 set ext-community rt 65520:2
+
+
+# RPKI-based Origin Validation
+# Reject inbound routes when 'from 2001:db8:1:1::21 ext-community $INTCOMM_RPKI_INVALID' - reject code: 14
+allow quick from 2001:db8:1:1::21 ext-community $INTCOMM_RPKI_INVALID set {
+	localpref 1
+	community 65520:0
+	community 65520:14
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# Prefix: length
+# Reject inbound routes when 'from 2001:db8:1:1::21 prefix ::/0 prefixlen 17 >< 48' - reject code: 13
+allow quick from 2001:db8:1:1::21 prefix ::/0 prefixlen 17 >< 48 set {
+	localpref 1
+	community 65520:0
+	community 65520:13
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# Graceful shutdown
+match from 2001:db8:1:1::21 community GRACEFUL_SHUTDOWN set community delete GRACEFUL_SHUTDOWN
+
+# Remove internal communities before accepting the route
+match from 2001:db8:1:1::21 set {
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+match from 2001:db8:1:1::21 set ext-community delete rt 65520:2
+
+
+
+allow quick from 2001:db8:1:1::21
+
+
+
+# ---------------------------------------------
+# client AS2_2, outbound
+
+deny quick to 2001:db8:1:1::21 community 65520:0
+
+
+
+# Blackhole request?
+# Configured policy: rewrite-next-hop
+match to 2001:db8:1:1::21 community 65534:0 set community BLACKHOLE
+match to 2001:db8:1:1::21 large-community 65534:0:0 set community BLACKHOLE
+
+match to 2001:db8:1:1::21 community BLACKHOLE set community NO_EXPORT
+match to 2001:db8:1:1::21 community BLACKHOLE set nexthop 2001:db8:1:1::66
+
+
+# RPKI-based Origin Validation
+# Do not announce INVALID to clients
+deny quick to 2001:db8:1:1::21 ext-community $INTCOMM_RPKI_INVALID
+
+# NO_EXPORT and NO_ADVERTISE communities
+# add_noexport_to_any
+match to 2001:db8:1:1::21 community 65507:999 set community NO_EXPORT
+match to 2001:db8:1:1::21 ext-community rt 65507:999 set community NO_EXPORT
+match to 2001:db8:1:1::21 large-community 999:65507:999 set community NO_EXPORT
+
+# add_noadvertise_to_any
+match to 2001:db8:1:1::21 community 65508:999 set community NO_ADVERTISE
+match to 2001:db8:1:1::21 ext-community rt 65508:999 set community NO_ADVERTISE
+match to 2001:db8:1:1::21 large-community 999:65508:999 set community NO_ADVERTISE
+
+# add_noexport_to_peer
+match to 2001:db8:1:1::21 community 65509:2 set community NO_EXPORT
+match to 2001:db8:1:1::21 ext-community rt 65509:2 set community NO_EXPORT
+match to 2001:db8:1:1::21 large-community 999:65509:2 set community NO_EXPORT
+
+# add_noadvertise_to_peer
+match to 2001:db8:1:1::21 community 65510:2 set community NO_ADVERTISE
+match to 2001:db8:1:1::21 ext-community rt 65510:2 set community NO_ADVERTISE
+match to 2001:db8:1:1::21 large-community 999:65510:2 set community NO_ADVERTISE
+
+
+# BGP control communities
+allow to 2001:db8:1:1::21
+
+# do_not_announce_to_any
+deny to 2001:db8:1:1::21 community 0:999
+deny to 2001:db8:1:1::21 ext-community rt 0:999
+deny to 2001:db8:1:1::21 large-community 999:0:999
+
+# do_not_announce_to_peer
+deny quick to 2001:db8:1:1::21 community 0:2
+deny quick to 2001:db8:1:1::21 ext-community rt 0:2
+deny quick to 2001:db8:1:1::21 large-community 999:0:2
+
+# do_not_announce_to_peers_with_rtt_lower_than 20 ms
+deny to 2001:db8:1:1::21 community 64530:20
+deny to 2001:db8:1:1::21 ext-community rt 64530:20
+deny to 2001:db8:1:1::21 large-community 999:64530:20
+
+
+# do_not_announce_to_peers_with_rtt_lower_than 30 ms
+deny to 2001:db8:1:1::21 community 64530:30
+deny to 2001:db8:1:1::21 ext-community rt 64530:30
+deny to 2001:db8:1:1::21 large-community 999:64530:30
+
+
+# do_not_announce_to_peers_with_rtt_lower_than 50 ms
+deny to 2001:db8:1:1::21 community 64530:50
+deny to 2001:db8:1:1::21 ext-community rt 64530:50
+deny to 2001:db8:1:1::21 large-community 999:64530:50
+
+
+# do_not_announce_to_peers_with_rtt_lower_than 100 ms
+deny to 2001:db8:1:1::21 community 64530:100
+deny to 2001:db8:1:1::21 ext-community rt 64530:100
+deny to 2001:db8:1:1::21 large-community 999:64530:100
+
+
+# do_not_announce_to_peers_with_rtt_lower_than 200 ms
+deny to 2001:db8:1:1::21 community 64530:200
+deny to 2001:db8:1:1::21 ext-community rt 64530:200
+deny to 2001:db8:1:1::21 large-community 999:64530:200
+
+
+# do_not_announce_to_peers_with_rtt_lower_than 500 ms
+deny to 2001:db8:1:1::21 community 64530:500
+deny to 2001:db8:1:1::21 ext-community rt 64530:500
+deny to 2001:db8:1:1::21 large-community 999:64530:500
+
+
+# announce_to_peers_with_rtt_lower_than 20 ms
+allow to 2001:db8:1:1::21 community 64532:20
+allow to 2001:db8:1:1::21 ext-community rt 64532:20
+allow to 2001:db8:1:1::21 large-community 999:64532:20
+
+
+# announce_to_peers_with_rtt_lower_than 30 ms
+allow to 2001:db8:1:1::21 community 64532:30
+allow to 2001:db8:1:1::21 ext-community rt 64532:30
+allow to 2001:db8:1:1::21 large-community 999:64532:30
+
+
+# announce_to_peers_with_rtt_lower_than 50 ms
+allow to 2001:db8:1:1::21 community 64532:50
+allow to 2001:db8:1:1::21 ext-community rt 64532:50
+allow to 2001:db8:1:1::21 large-community 999:64532:50
+
+
+# announce_to_peers_with_rtt_lower_than 100 ms
+allow to 2001:db8:1:1::21 community 64532:100
+allow to 2001:db8:1:1::21 ext-community rt 64532:100
+allow to 2001:db8:1:1::21 large-community 999:64532:100
+
+
+# announce_to_peers_with_rtt_lower_than 200 ms
+allow to 2001:db8:1:1::21 community 64532:200
+allow to 2001:db8:1:1::21 ext-community rt 64532:200
+allow to 2001:db8:1:1::21 large-community 999:64532:200
+
+
+# announce_to_peers_with_rtt_lower_than 500 ms
+allow to 2001:db8:1:1::21 community 64532:500
+allow to 2001:db8:1:1::21 ext-community rt 64532:500
+allow to 2001:db8:1:1::21 large-community 999:64532:500
+
+
+# do_not_announce_to_peers_with_rtt_higher_than 5 ms
+deny to 2001:db8:1:1::21 community 64531:5
+deny to 2001:db8:1:1::21 ext-community rt 64531:5
+deny to 2001:db8:1:1::21 large-community 999:64531:5
+
+
+# do_not_announce_to_peers_with_rtt_higher_than 10 ms
+deny to 2001:db8:1:1::21 community 64531:10
+deny to 2001:db8:1:1::21 ext-community rt 64531:10
+deny to 2001:db8:1:1::21 large-community 999:64531:10
+
+
+# do_not_announce_to_peers_with_rtt_higher_than 15 ms
+deny to 2001:db8:1:1::21 community 64531:15
+deny to 2001:db8:1:1::21 ext-community rt 64531:15
+deny to 2001:db8:1:1::21 large-community 999:64531:15
+
+
+# announce_to_peers_with_rtt_higher_than 5 ms
+allow to 2001:db8:1:1::21 community 64533:5
+allow to 2001:db8:1:1::21 ext-community rt 64533:5
+allow to 2001:db8:1:1::21 large-community 999:64533:5
+
+
+# announce_to_peers_with_rtt_higher_than 10 ms
+allow to 2001:db8:1:1::21 community 64533:10
+allow to 2001:db8:1:1::21 ext-community rt 64533:10
+allow to 2001:db8:1:1::21 large-community 999:64533:10
+
+
+# announce_to_peers_with_rtt_higher_than 15 ms
+allow to 2001:db8:1:1::21 community 64533:15
+allow to 2001:db8:1:1::21 ext-community rt 64533:15
+allow to 2001:db8:1:1::21 large-community 999:64533:15
+
+
+# announce_to_peer
+allow to 2001:db8:1:1::21 community 65501:2
+allow to 2001:db8:1:1::21 ext-community rt 65501:2
+allow to 2001:db8:1:1::21 large-community 999:65501:2
+
+
+# Add the $INTCOMM_PROCESS_PREPEND_COMMS ext community to signal that communities
+# for prepending can be processed. As soon as one prepending action is performed,
+# this internal community is removed, so that further actions are not processed.
+match to 2001:db8:1:1::21 set ext-community $INTCOMM_PROCESS_PREPEND_COMMS
+
+# prepend_once_to_peer AS2; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 65521:2 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 65521:2 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:65521:2 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+# prepend_twice_to_peer AS2; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 65522:2 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 65522:2 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:65522:2 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+# prepend_thrice_to_peer AS2; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 65523:2 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 65523:2 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:65523:2 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_once_to_peers_with_rtt_higher_than 15 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64537:15 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64537:15 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64537:15 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_twice_to_peers_with_rtt_higher_than 15 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64538:15 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64538:15 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64538:15 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_thrice_to_peers_with_rtt_higher_than 15 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64539:15 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64539:15 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64539:15 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_once_to_peers_with_rtt_higher_than 10 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64537:10 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64537:10 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64537:10 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_twice_to_peers_with_rtt_higher_than 10 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64538:10 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64538:10 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64538:10 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_thrice_to_peers_with_rtt_higher_than 10 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64539:10 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64539:10 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64539:10 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_once_to_peers_with_rtt_higher_than 5 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64537:5 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64537:5 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64537:5 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_twice_to_peers_with_rtt_higher_than 5 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64538:5 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64538:5 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64538:5 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_thrice_to_peers_with_rtt_higher_than 5 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64539:5 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64539:5 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64539:5 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_once_to_peers_with_rtt_lower_than 20 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64534:20 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64534:20 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64534:20 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_twice_to_peers_with_rtt_lower_than 20 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64535:20 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64535:20 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64535:20 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_thrice_to_peers_with_rtt_lower_than 20 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64536:20 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64536:20 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64536:20 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_once_to_peers_with_rtt_lower_than 30 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64534:30 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64534:30 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64534:30 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_twice_to_peers_with_rtt_lower_than 30 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64535:30 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64535:30 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64535:30 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_thrice_to_peers_with_rtt_lower_than 30 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64536:30 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64536:30 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64536:30 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_once_to_peers_with_rtt_lower_than 50 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64534:50 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64534:50 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64534:50 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_twice_to_peers_with_rtt_lower_than 50 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64535:50 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64535:50 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64535:50 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_thrice_to_peers_with_rtt_lower_than 50 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64536:50 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64536:50 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64536:50 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_once_to_peers_with_rtt_lower_than 100 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64534:100 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64534:100 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64534:100 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_twice_to_peers_with_rtt_lower_than 100 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64535:100 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64535:100 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64535:100 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_thrice_to_peers_with_rtt_lower_than 100 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64536:100 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64536:100 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64536:100 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_once_to_peers_with_rtt_lower_than 200 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64534:200 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64534:200 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64534:200 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_twice_to_peers_with_rtt_lower_than 200 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64535:200 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64535:200 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64535:200 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_thrice_to_peers_with_rtt_lower_than 200 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64536:200 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64536:200 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64536:200 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_once_to_peers_with_rtt_lower_than 500 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64534:500 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64534:500 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64534:500 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_twice_to_peers_with_rtt_lower_than 500 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64535:500 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64535:500 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64535:500 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_thrice_to_peers_with_rtt_lower_than 500 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64536:500 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64536:500 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64536:500 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+
+# prepend_once_to_any; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 65521:65521 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 65521:65521 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:65521:65521 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+# prepend_twice_to_any; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 65522:65522 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 65522:65522 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:65522:65522 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+# prepend_thrice_to_any; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 65523:65523 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 65523:65523 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:65523:65523 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+
+# ---------------------------------------------
+# client AS3_1, inbound
+
+
+
+# NEXT_HOP
+match from 192.0.2.31 set community NO_ADVERTISE
+match from 192.0.2.31 nexthop 192.0.2.31 set community delete NO_ADVERTISE
+# Reject inbound routes when 'from 192.0.2.31 community NO_ADVERTISE' - reject code: 5
+allow quick from 192.0.2.31 community NO_ADVERTISE set {
+	localpref 1
+	community 65520:0
+	community 65520:5
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: left-most ASN
+# Reject inbound routes when 'from 192.0.2.31 peer-as != 3' - reject code: 6
+# community from reject_cause_map
+allow quick from 192.0.2.31 peer-as != 3 set {
+	localpref 1
+	community 65520:0
+	community 65520:6
+	large-community 999:1101:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: invalid ASNs
+# Reject inbound routes when 'from 192.0.2.31 AS 23456' - reject code: 7
+allow quick from 192.0.2.31 AS 23456 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 192.0.2.31 AS 64496 - 131071' - reject code: 7
+allow quick from 192.0.2.31 AS 64496 - 131071 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 192.0.2.31 AS 4200000000 - 4294967295' - reject code: 7
+allow quick from 192.0.2.31 AS 4200000000 - 4294967295 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: transit-free ASNs
+# Reject inbound routes when 'from 192.0.2.31 AS { 174 }' - reject code: 8
+allow quick from 192.0.2.31 AS { 174 } set {
+	localpref 1
+	community 65520:0
+	community 65520:8
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: never via route-servers ASNs
+# Reject inbound routes when 'from 192.0.2.31 AS as-set neverviarouteserver' - reject code: 15
+allow quick from 192.0.2.31 AS as-set neverviarouteserver set {
+	localpref 1
+	community 65520:0
+	community 65520:15
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+
+
+# Prefix: client's blacklist
+prefix-set "client_AS3_1_black_list_pref_ipv4" {
+    3.0.1.0/24 prefixlen 24 - 32
+
+}
+# Reject inbound routes when 'from 192.0.2.31 prefix-set client_AS3_1_black_list_pref_ipv4' - reject code: 11
+allow quick from 192.0.2.31 prefix-set client_AS3_1_black_list_pref_ipv4 set {
+	localpref 1
+	community 65520:0
+	community 65520:11
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+
+# Blackhole request?
+match from 192.0.2.31 set ext-community delete rt 65520:3
+
+
+# Remove internal communities before accepting the route
+match from 192.0.2.31 community BLACKHOLE set {
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+allow from 192.0.2.31 community 65534:0 set {
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+allow from 192.0.2.31 large-community 65534:0:0 set {
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# Add the rpki_bgp_origin_validation_not_performed community
+match from 192.0.2.31 community BLACKHOLE set community 65530:4
+match from 192.0.2.31 community BLACKHOLE set large-community 999:65530:4
+
+match from 192.0.2.31 community 65534:0 set { community 65530:4 large-community 999:65530:4}
+match from 192.0.2.31 large-community 65534:0:0 set { community 65530:4 large-community 999:65530:4}
+
+
+allow quick from 192.0.2.31 community BLACKHOLE
+allow quick from 192.0.2.31 community 65534:0
+allow quick from 192.0.2.31 large-community 65534:0:0
+
+
+match from 192.0.2.31 set ext-community rt 65520:3
+
+
+# RPKI-based Origin Validation
+# Reject inbound routes when 'from 192.0.2.31 ext-community $INTCOMM_RPKI_INVALID' - reject code: 14
+allow quick from 192.0.2.31 ext-community $INTCOMM_RPKI_INVALID set {
+	localpref 1
+	community 65520:0
+	community 65520:14
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# Prefix: length
+# Reject inbound routes when 'from 192.0.2.31 prefix 0.0.0.0/0 prefixlen 8 >< 24' - reject code: 13
+allow quick from 192.0.2.31 prefix 0.0.0.0/0 prefixlen 8 >< 24 set {
+	localpref 1
+	community 65520:0
+	community 65520:13
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# Graceful shutdown
+match from 192.0.2.31 community GRACEFUL_SHUTDOWN set localpref 5
+
+# Remove internal communities before accepting the route
+match from 192.0.2.31 set {
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+match from 192.0.2.31 set ext-community delete rt 65520:3
+
+
+
+allow quick from 192.0.2.31
+
+
+
+# ---------------------------------------------
+# client AS3_1, outbound
+
+deny quick to 192.0.2.31 community 65520:0
+
+
+
+# Blackhole request?
+# Configured policy: rewrite-next-hop
+match to 192.0.2.31 community 65534:0 set community BLACKHOLE
+match to 192.0.2.31 large-community 65534:0:0 set community BLACKHOLE
+
+match to 192.0.2.31 community BLACKHOLE set community NO_EXPORT
+match to 192.0.2.31 community BLACKHOLE set nexthop 192.0.2.66
+
+
+# RPKI-based Origin Validation
+# Do not announce INVALID to clients
+deny quick to 192.0.2.31 ext-community $INTCOMM_RPKI_INVALID
+
+# NO_EXPORT and NO_ADVERTISE communities
+# add_noexport_to_any
+match to 192.0.2.31 community 65507:999 set community NO_EXPORT
+match to 192.0.2.31 ext-community rt 65507:999 set community NO_EXPORT
+match to 192.0.2.31 large-community 999:65507:999 set community NO_EXPORT
+
+# add_noadvertise_to_any
+match to 192.0.2.31 community 65508:999 set community NO_ADVERTISE
+match to 192.0.2.31 ext-community rt 65508:999 set community NO_ADVERTISE
+match to 192.0.2.31 large-community 999:65508:999 set community NO_ADVERTISE
+
+# add_noexport_to_peer
+match to 192.0.2.31 community 65509:3 set community NO_EXPORT
+match to 192.0.2.31 ext-community rt 65509:3 set community NO_EXPORT
+match to 192.0.2.31 large-community 999:65509:3 set community NO_EXPORT
+
+# add_noadvertise_to_peer
+match to 192.0.2.31 community 65510:3 set community NO_ADVERTISE
+match to 192.0.2.31 ext-community rt 65510:3 set community NO_ADVERTISE
+match to 192.0.2.31 large-community 999:65510:3 set community NO_ADVERTISE
+
+
+# BGP control communities
+allow to 192.0.2.31
+
+# do_not_announce_to_any
+deny to 192.0.2.31 community 0:999
+deny to 192.0.2.31 ext-community rt 0:999
+deny to 192.0.2.31 large-community 999:0:999
+
+# do_not_announce_to_peer
+deny quick to 192.0.2.31 community 0:3
+deny quick to 192.0.2.31 ext-community rt 0:3
+deny quick to 192.0.2.31 large-community 999:0:3
+
+# announce_to_peer
+allow to 192.0.2.31 community 65501:3
+allow to 192.0.2.31 ext-community rt 65501:3
+allow to 192.0.2.31 large-community 999:65501:3
+
+
+# Add the $INTCOMM_PROCESS_PREPEND_COMMS ext community to signal that communities
+# for prepending can be processed. As soon as one prepending action is performed,
+# this internal community is removed, so that further actions are not processed.
+match to 192.0.2.31 set ext-community $INTCOMM_PROCESS_PREPEND_COMMS
+
+# prepend_once_to_peer AS3; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 65521:3 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 65521:3 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:65521:3 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+# prepend_twice_to_peer AS3; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 65522:3 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 65522:3 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:65522:3 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+# prepend_thrice_to_peer AS3; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 65523:3 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 65523:3 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:65523:3 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+
+# prepend_once_to_any; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 65521:65521 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 65521:65521 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:65521:65521 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+# prepend_twice_to_any; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 65522:65522 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 65522:65522 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:65522:65522 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+# prepend_thrice_to_any; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 65523:65523 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 65523:65523 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:65523:65523 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+
+# ---------------------------------------------
+# client AS3_2, inbound
+
+
+
+# NEXT_HOP
+match from 2001:db8:1:1::31 set community NO_ADVERTISE
+match from 2001:db8:1:1::31 nexthop 2001:db8:1:1::31 set community delete NO_ADVERTISE
+# Reject inbound routes when 'from 2001:db8:1:1::31 community NO_ADVERTISE' - reject code: 5
+allow quick from 2001:db8:1:1::31 community NO_ADVERTISE set {
+	localpref 1
+	community 65520:0
+	community 65520:5
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: left-most ASN
+# Reject inbound routes when 'from 2001:db8:1:1::31 peer-as != 3' - reject code: 6
+# community from reject_cause_map
+allow quick from 2001:db8:1:1::31 peer-as != 3 set {
+	localpref 1
+	community 65520:0
+	community 65520:6
+	large-community 999:1101:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: invalid ASNs
+# Reject inbound routes when 'from 2001:db8:1:1::31 AS 23456' - reject code: 7
+allow quick from 2001:db8:1:1::31 AS 23456 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 2001:db8:1:1::31 AS 64496 - 131071' - reject code: 7
+allow quick from 2001:db8:1:1::31 AS 64496 - 131071 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 2001:db8:1:1::31 AS 4200000000 - 4294967295' - reject code: 7
+allow quick from 2001:db8:1:1::31 AS 4200000000 - 4294967295 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: transit-free ASNs
+# Reject inbound routes when 'from 2001:db8:1:1::31 AS { 174 }' - reject code: 8
+allow quick from 2001:db8:1:1::31 AS { 174 } set {
+	localpref 1
+	community 65520:0
+	community 65520:8
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: never via route-servers ASNs
+# Reject inbound routes when 'from 2001:db8:1:1::31 AS as-set neverviarouteserver' - reject code: 15
+allow quick from 2001:db8:1:1::31 AS as-set neverviarouteserver set {
+	localpref 1
+	community 65520:0
+	community 65520:15
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+
+
+# Prefix: client's blacklist
+prefix-set "client_AS3_2_black_list_pref_ipv6" {
+    2a03:0:1::/48 prefixlen 48 - 128
+
+}
+# Reject inbound routes when 'from 2001:db8:1:1::31 prefix-set client_AS3_2_black_list_pref_ipv6' - reject code: 11
+allow quick from 2001:db8:1:1::31 prefix-set client_AS3_2_black_list_pref_ipv6 set {
+	localpref 1
+	community 65520:0
+	community 65520:11
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+
+# Blackhole request?
+match from 2001:db8:1:1::31 set ext-community delete rt 65520:3
+
+
+# Remove internal communities before accepting the route
+match from 2001:db8:1:1::31 community BLACKHOLE set {
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+allow from 2001:db8:1:1::31 community 65534:0 set {
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+allow from 2001:db8:1:1::31 large-community 65534:0:0 set {
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# Add the rpki_bgp_origin_validation_not_performed community
+match from 2001:db8:1:1::31 community BLACKHOLE set community 65530:4
+match from 2001:db8:1:1::31 community BLACKHOLE set large-community 999:65530:4
+
+match from 2001:db8:1:1::31 community 65534:0 set { community 65530:4 large-community 999:65530:4}
+match from 2001:db8:1:1::31 large-community 65534:0:0 set { community 65530:4 large-community 999:65530:4}
+
+
+allow quick from 2001:db8:1:1::31 community BLACKHOLE
+allow quick from 2001:db8:1:1::31 community 65534:0
+allow quick from 2001:db8:1:1::31 large-community 65534:0:0
+
+
+match from 2001:db8:1:1::31 set ext-community rt 65520:3
+
+
+# RPKI-based Origin Validation
+# Reject inbound routes when 'from 2001:db8:1:1::31 ext-community $INTCOMM_RPKI_INVALID' - reject code: 14
+allow quick from 2001:db8:1:1::31 ext-community $INTCOMM_RPKI_INVALID set {
+	localpref 1
+	community 65520:0
+	community 65520:14
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# Prefix: length
+# Reject inbound routes when 'from 2001:db8:1:1::31 prefix ::/0 prefixlen 17 >< 48' - reject code: 13
+allow quick from 2001:db8:1:1::31 prefix ::/0 prefixlen 17 >< 48 set {
+	localpref 1
+	community 65520:0
+	community 65520:13
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# Graceful shutdown
+match from 2001:db8:1:1::31 community GRACEFUL_SHUTDOWN set localpref 5
+
+# Remove internal communities before accepting the route
+match from 2001:db8:1:1::31 set {
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+match from 2001:db8:1:1::31 set ext-community delete rt 65520:3
+
+
+
+allow quick from 2001:db8:1:1::31
+
+
+
+# ---------------------------------------------
+# client AS3_2, outbound
+
+deny quick to 2001:db8:1:1::31 community 65520:0
+
+
+
+# Blackhole request?
+# Configured policy: rewrite-next-hop
+match to 2001:db8:1:1::31 community 65534:0 set community BLACKHOLE
+match to 2001:db8:1:1::31 large-community 65534:0:0 set community BLACKHOLE
+
+match to 2001:db8:1:1::31 community BLACKHOLE set community NO_EXPORT
+match to 2001:db8:1:1::31 community BLACKHOLE set nexthop 2001:db8:1:1::66
+
+
+# RPKI-based Origin Validation
+# Do not announce INVALID to clients
+deny quick to 2001:db8:1:1::31 ext-community $INTCOMM_RPKI_INVALID
+
+# NO_EXPORT and NO_ADVERTISE communities
+# add_noexport_to_any
+match to 2001:db8:1:1::31 community 65507:999 set community NO_EXPORT
+match to 2001:db8:1:1::31 ext-community rt 65507:999 set community NO_EXPORT
+match to 2001:db8:1:1::31 large-community 999:65507:999 set community NO_EXPORT
+
+# add_noadvertise_to_any
+match to 2001:db8:1:1::31 community 65508:999 set community NO_ADVERTISE
+match to 2001:db8:1:1::31 ext-community rt 65508:999 set community NO_ADVERTISE
+match to 2001:db8:1:1::31 large-community 999:65508:999 set community NO_ADVERTISE
+
+# add_noexport_to_peer
+match to 2001:db8:1:1::31 community 65509:3 set community NO_EXPORT
+match to 2001:db8:1:1::31 ext-community rt 65509:3 set community NO_EXPORT
+match to 2001:db8:1:1::31 large-community 999:65509:3 set community NO_EXPORT
+
+# add_noadvertise_to_peer
+match to 2001:db8:1:1::31 community 65510:3 set community NO_ADVERTISE
+match to 2001:db8:1:1::31 ext-community rt 65510:3 set community NO_ADVERTISE
+match to 2001:db8:1:1::31 large-community 999:65510:3 set community NO_ADVERTISE
+
+
+# BGP control communities
+allow to 2001:db8:1:1::31
+
+# do_not_announce_to_any
+deny to 2001:db8:1:1::31 community 0:999
+deny to 2001:db8:1:1::31 ext-community rt 0:999
+deny to 2001:db8:1:1::31 large-community 999:0:999
+
+# do_not_announce_to_peer
+deny quick to 2001:db8:1:1::31 community 0:3
+deny quick to 2001:db8:1:1::31 ext-community rt 0:3
+deny quick to 2001:db8:1:1::31 large-community 999:0:3
+
+# do_not_announce_to_peers_with_rtt_lower_than 200 ms
+deny to 2001:db8:1:1::31 community 64530:200
+deny to 2001:db8:1:1::31 ext-community rt 64530:200
+deny to 2001:db8:1:1::31 large-community 999:64530:200
+
+
+# do_not_announce_to_peers_with_rtt_lower_than 500 ms
+deny to 2001:db8:1:1::31 community 64530:500
+deny to 2001:db8:1:1::31 ext-community rt 64530:500
+deny to 2001:db8:1:1::31 large-community 999:64530:500
+
+
+# announce_to_peers_with_rtt_lower_than 200 ms
+allow to 2001:db8:1:1::31 community 64532:200
+allow to 2001:db8:1:1::31 ext-community rt 64532:200
+allow to 2001:db8:1:1::31 large-community 999:64532:200
+
+
+# announce_to_peers_with_rtt_lower_than 500 ms
+allow to 2001:db8:1:1::31 community 64532:500
+allow to 2001:db8:1:1::31 ext-community rt 64532:500
+allow to 2001:db8:1:1::31 large-community 999:64532:500
+
+
+# do_not_announce_to_peers_with_rtt_higher_than 5 ms
+deny to 2001:db8:1:1::31 community 64531:5
+deny to 2001:db8:1:1::31 ext-community rt 64531:5
+deny to 2001:db8:1:1::31 large-community 999:64531:5
+
+
+# do_not_announce_to_peers_with_rtt_higher_than 10 ms
+deny to 2001:db8:1:1::31 community 64531:10
+deny to 2001:db8:1:1::31 ext-community rt 64531:10
+deny to 2001:db8:1:1::31 large-community 999:64531:10
+
+
+# do_not_announce_to_peers_with_rtt_higher_than 15 ms
+deny to 2001:db8:1:1::31 community 64531:15
+deny to 2001:db8:1:1::31 ext-community rt 64531:15
+deny to 2001:db8:1:1::31 large-community 999:64531:15
+
+
+# do_not_announce_to_peers_with_rtt_higher_than 20 ms
+deny to 2001:db8:1:1::31 community 64531:20
+deny to 2001:db8:1:1::31 ext-community rt 64531:20
+deny to 2001:db8:1:1::31 large-community 999:64531:20
+
+
+# do_not_announce_to_peers_with_rtt_higher_than 30 ms
+deny to 2001:db8:1:1::31 community 64531:30
+deny to 2001:db8:1:1::31 ext-community rt 64531:30
+deny to 2001:db8:1:1::31 large-community 999:64531:30
+
+
+# do_not_announce_to_peers_with_rtt_higher_than 50 ms
+deny to 2001:db8:1:1::31 community 64531:50
+deny to 2001:db8:1:1::31 ext-community rt 64531:50
+deny to 2001:db8:1:1::31 large-community 999:64531:50
+
+
+# do_not_announce_to_peers_with_rtt_higher_than 100 ms
+deny to 2001:db8:1:1::31 community 64531:100
+deny to 2001:db8:1:1::31 ext-community rt 64531:100
+deny to 2001:db8:1:1::31 large-community 999:64531:100
+
+
+# announce_to_peers_with_rtt_higher_than 5 ms
+allow to 2001:db8:1:1::31 community 64533:5
+allow to 2001:db8:1:1::31 ext-community rt 64533:5
+allow to 2001:db8:1:1::31 large-community 999:64533:5
+
+
+# announce_to_peers_with_rtt_higher_than 10 ms
+allow to 2001:db8:1:1::31 community 64533:10
+allow to 2001:db8:1:1::31 ext-community rt 64533:10
+allow to 2001:db8:1:1::31 large-community 999:64533:10
+
+
+# announce_to_peers_with_rtt_higher_than 15 ms
+allow to 2001:db8:1:1::31 community 64533:15
+allow to 2001:db8:1:1::31 ext-community rt 64533:15
+allow to 2001:db8:1:1::31 large-community 999:64533:15
+
+
+# announce_to_peers_with_rtt_higher_than 20 ms
+allow to 2001:db8:1:1::31 community 64533:20
+allow to 2001:db8:1:1::31 ext-community rt 64533:20
+allow to 2001:db8:1:1::31 large-community 999:64533:20
+
+
+# announce_to_peers_with_rtt_higher_than 30 ms
+allow to 2001:db8:1:1::31 community 64533:30
+allow to 2001:db8:1:1::31 ext-community rt 64533:30
+allow to 2001:db8:1:1::31 large-community 999:64533:30
+
+
+# announce_to_peers_with_rtt_higher_than 50 ms
+allow to 2001:db8:1:1::31 community 64533:50
+allow to 2001:db8:1:1::31 ext-community rt 64533:50
+allow to 2001:db8:1:1::31 large-community 999:64533:50
+
+
+# announce_to_peers_with_rtt_higher_than 100 ms
+allow to 2001:db8:1:1::31 community 64533:100
+allow to 2001:db8:1:1::31 ext-community rt 64533:100
+allow to 2001:db8:1:1::31 large-community 999:64533:100
+
+
+# announce_to_peer
+allow to 2001:db8:1:1::31 community 65501:3
+allow to 2001:db8:1:1::31 ext-community rt 65501:3
+allow to 2001:db8:1:1::31 large-community 999:65501:3
+
+
+# Add the $INTCOMM_PROCESS_PREPEND_COMMS ext community to signal that communities
+# for prepending can be processed. As soon as one prepending action is performed,
+# this internal community is removed, so that further actions are not processed.
+match to 2001:db8:1:1::31 set ext-community $INTCOMM_PROCESS_PREPEND_COMMS
+
+# prepend_once_to_peer AS3; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 65521:3 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 65521:3 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:65521:3 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+# prepend_twice_to_peer AS3; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 65522:3 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 65522:3 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:65522:3 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+# prepend_thrice_to_peer AS3; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 65523:3 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 65523:3 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:65523:3 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_once_to_peers_with_rtt_higher_than 100 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64537:100 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64537:100 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64537:100 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_twice_to_peers_with_rtt_higher_than 100 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64538:100 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64538:100 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64538:100 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_thrice_to_peers_with_rtt_higher_than 100 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64539:100 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64539:100 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64539:100 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_once_to_peers_with_rtt_higher_than 50 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64537:50 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64537:50 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64537:50 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_twice_to_peers_with_rtt_higher_than 50 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64538:50 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64538:50 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64538:50 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_thrice_to_peers_with_rtt_higher_than 50 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64539:50 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64539:50 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64539:50 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_once_to_peers_with_rtt_higher_than 30 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64537:30 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64537:30 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64537:30 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_twice_to_peers_with_rtt_higher_than 30 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64538:30 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64538:30 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64538:30 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_thrice_to_peers_with_rtt_higher_than 30 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64539:30 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64539:30 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64539:30 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_once_to_peers_with_rtt_higher_than 20 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64537:20 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64537:20 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64537:20 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_twice_to_peers_with_rtt_higher_than 20 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64538:20 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64538:20 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64538:20 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_thrice_to_peers_with_rtt_higher_than 20 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64539:20 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64539:20 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64539:20 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_once_to_peers_with_rtt_higher_than 15 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64537:15 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64537:15 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64537:15 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_twice_to_peers_with_rtt_higher_than 15 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64538:15 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64538:15 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64538:15 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_thrice_to_peers_with_rtt_higher_than 15 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64539:15 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64539:15 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64539:15 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_once_to_peers_with_rtt_higher_than 10 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64537:10 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64537:10 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64537:10 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_twice_to_peers_with_rtt_higher_than 10 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64538:10 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64538:10 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64538:10 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_thrice_to_peers_with_rtt_higher_than 10 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64539:10 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64539:10 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64539:10 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_once_to_peers_with_rtt_higher_than 5 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64537:5 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64537:5 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64537:5 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_twice_to_peers_with_rtt_higher_than 5 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64538:5 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64538:5 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64538:5 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_thrice_to_peers_with_rtt_higher_than 5 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64539:5 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64539:5 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64539:5 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_once_to_peers_with_rtt_lower_than 200 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64534:200 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64534:200 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64534:200 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_twice_to_peers_with_rtt_lower_than 200 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64535:200 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64535:200 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64535:200 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_thrice_to_peers_with_rtt_lower_than 200 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64536:200 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64536:200 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64536:200 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_once_to_peers_with_rtt_lower_than 500 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64534:500 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64534:500 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64534:500 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_twice_to_peers_with_rtt_lower_than 500 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64535:500 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64535:500 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64535:500 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_thrice_to_peers_with_rtt_lower_than 500 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64536:500 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64536:500 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64536:500 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+
+# prepend_once_to_any; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 65521:65521 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 65521:65521 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:65521:65521 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+# prepend_twice_to_any; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 65522:65522 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 65522:65522 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:65522:65522 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+# prepend_thrice_to_any; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 65523:65523 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 65523:65523 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:65523:65523 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+
+# ---------------------------------------------
+# client AS4_1, inbound
+
+
+
+# NEXT_HOP
+match from 192.0.2.41 set community NO_ADVERTISE
+match from 192.0.2.41 nexthop 192.0.2.41 set community delete NO_ADVERTISE
+# Reject inbound routes when 'from 192.0.2.41 community NO_ADVERTISE' - reject code: 5
+allow quick from 192.0.2.41 community NO_ADVERTISE set {
+	localpref 1
+	community 65520:0
+	community 65520:5
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: left-most ASN
+# Reject inbound routes when 'from 192.0.2.41 peer-as != 4' - reject code: 6
+# community from reject_cause_map
+allow quick from 192.0.2.41 peer-as != 4 set {
+	localpref 1
+	community 65520:0
+	community 65520:6
+	large-community 999:1101:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: invalid ASNs
+# Reject inbound routes when 'from 192.0.2.41 AS 23456' - reject code: 7
+allow quick from 192.0.2.41 AS 23456 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 192.0.2.41 AS 64496 - 131071' - reject code: 7
+allow quick from 192.0.2.41 AS 64496 - 131071 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 192.0.2.41 AS 4200000000 - 4294967295' - reject code: 7
+allow quick from 192.0.2.41 AS 4200000000 - 4294967295 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: transit-free ASNs
+# Reject inbound routes when 'from 192.0.2.41 AS { 3, 174 }' - reject code: 8
+allow quick from 192.0.2.41 AS { 3, 174 } set {
+	localpref 1
+	community 65520:0
+	community 65520:8
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: never via route-servers ASNs
+# Reject inbound routes when 'from 192.0.2.41 AS as-set neverviarouteserver' - reject code: 15
+allow quick from 192.0.2.41 AS as-set neverviarouteserver set {
+	localpref 1
+	community 65520:0
+	community 65520:15
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+
+
+
+
+
+# Blackhole request?
+match from 192.0.2.41 set ext-community delete rt 65520:4
+
+
+# Remove internal communities before accepting the route
+match from 192.0.2.41 community BLACKHOLE set {
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+allow from 192.0.2.41 community 65534:0 set {
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+allow from 192.0.2.41 large-community 65534:0:0 set {
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# Add the rpki_bgp_origin_validation_not_performed community
+match from 192.0.2.41 community BLACKHOLE set community 65530:4
+match from 192.0.2.41 community BLACKHOLE set large-community 999:65530:4
+
+match from 192.0.2.41 community 65534:0 set { community 65530:4 large-community 999:65530:4}
+match from 192.0.2.41 large-community 65534:0:0 set { community 65530:4 large-community 999:65530:4}
+
+
+allow quick from 192.0.2.41 community BLACKHOLE
+allow quick from 192.0.2.41 community 65534:0
+allow quick from 192.0.2.41 large-community 65534:0:0
+
+
+match from 192.0.2.41 set ext-community rt 65520:4
+
+
+# RPKI-based Origin Validation
+# Reject inbound routes when 'from 192.0.2.41 ext-community $INTCOMM_RPKI_INVALID' - reject code: 14
+allow quick from 192.0.2.41 ext-community $INTCOMM_RPKI_INVALID set {
+	localpref 1
+	community 65520:0
+	community 65520:14
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# Prefix: length
+# Reject inbound routes when 'from 192.0.2.41 prefix 0.0.0.0/0 prefixlen 8 >< 24' - reject code: 13
+allow quick from 192.0.2.41 prefix 0.0.0.0/0 prefixlen 8 >< 24 set {
+	localpref 1
+	community 65520:0
+	community 65520:13
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# Graceful shutdown
+match from 192.0.2.41 community GRACEFUL_SHUTDOWN set localpref 5
+
+# Remove internal communities before accepting the route
+match from 192.0.2.41 set {
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+match from 192.0.2.41 set ext-community delete rt 65520:4
+
+
+
+allow quick from 192.0.2.41
+
+
+
+# ---------------------------------------------
+# client AS4_1, outbound
+
+deny quick to 192.0.2.41 community 65520:0
+
+
+
+# Blackhole request?
+# Configured policy: rewrite-next-hop
+match to 192.0.2.41 community 65534:0 set community BLACKHOLE
+match to 192.0.2.41 large-community 65534:0:0 set community BLACKHOLE
+
+match to 192.0.2.41 community BLACKHOLE set community NO_EXPORT
+match to 192.0.2.41 community BLACKHOLE set nexthop 192.0.2.66
+
+
+# RPKI-based Origin Validation
+# Do not announce INVALID to clients
+deny quick to 192.0.2.41 ext-community $INTCOMM_RPKI_INVALID
+
+# NO_EXPORT and NO_ADVERTISE communities
+# add_noexport_to_any
+match to 192.0.2.41 community 65507:999 set community NO_EXPORT
+match to 192.0.2.41 ext-community rt 65507:999 set community NO_EXPORT
+match to 192.0.2.41 large-community 999:65507:999 set community NO_EXPORT
+
+# add_noadvertise_to_any
+match to 192.0.2.41 community 65508:999 set community NO_ADVERTISE
+match to 192.0.2.41 ext-community rt 65508:999 set community NO_ADVERTISE
+match to 192.0.2.41 large-community 999:65508:999 set community NO_ADVERTISE
+
+# add_noexport_to_peer
+match to 192.0.2.41 community 65509:4 set community NO_EXPORT
+match to 192.0.2.41 ext-community rt 65509:4 set community NO_EXPORT
+match to 192.0.2.41 large-community 999:65509:4 set community NO_EXPORT
+
+# add_noadvertise_to_peer
+match to 192.0.2.41 community 65510:4 set community NO_ADVERTISE
+match to 192.0.2.41 ext-community rt 65510:4 set community NO_ADVERTISE
+match to 192.0.2.41 large-community 999:65510:4 set community NO_ADVERTISE
+
+
+# BGP control communities
+allow to 192.0.2.41
+
+# do_not_announce_to_any
+deny to 192.0.2.41 community 0:999
+deny to 192.0.2.41 ext-community rt 0:999
+deny to 192.0.2.41 large-community 999:0:999
+
+# do_not_announce_to_peer
+deny quick to 192.0.2.41 community 0:4
+deny quick to 192.0.2.41 ext-community rt 0:4
+deny quick to 192.0.2.41 large-community 999:0:4
+
+# announce_to_peer
+allow to 192.0.2.41 community 65501:4
+allow to 192.0.2.41 ext-community rt 65501:4
+allow to 192.0.2.41 large-community 999:65501:4
+
+
+# Add the $INTCOMM_PROCESS_PREPEND_COMMS ext community to signal that communities
+# for prepending can be processed. As soon as one prepending action is performed,
+# this internal community is removed, so that further actions are not processed.
+match to 192.0.2.41 set ext-community $INTCOMM_PROCESS_PREPEND_COMMS
+
+# prepend_once_to_peer AS4; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 65521:4 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 65521:4 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:65521:4 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+# prepend_twice_to_peer AS4; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 65522:4 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 65522:4 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:65522:4 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+# prepend_thrice_to_peer AS4; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 65523:4 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 65523:4 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:65523:4 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+
+# prepend_once_to_any; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 65521:65521 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 65521:65521 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:65521:65521 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+# prepend_twice_to_any; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 65522:65522 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 65522:65522 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:65522:65522 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+# prepend_thrice_to_any; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 65523:65523 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 65523:65523 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:65523:65523 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+
+# ---------------------------------------------
+# client AS4_2, inbound
+
+
+
+# NEXT_HOP
+match from 2001:db8:1:1::41 set community NO_ADVERTISE
+match from 2001:db8:1:1::41 nexthop 2001:db8:1:1::41 set community delete NO_ADVERTISE
+# Reject inbound routes when 'from 2001:db8:1:1::41 community NO_ADVERTISE' - reject code: 5
+allow quick from 2001:db8:1:1::41 community NO_ADVERTISE set {
+	localpref 1
+	community 65520:0
+	community 65520:5
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: left-most ASN
+# Reject inbound routes when 'from 2001:db8:1:1::41 peer-as != 4' - reject code: 6
+# community from reject_cause_map
+allow quick from 2001:db8:1:1::41 peer-as != 4 set {
+	localpref 1
+	community 65520:0
+	community 65520:6
+	large-community 999:1101:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: invalid ASNs
+# Reject inbound routes when 'from 2001:db8:1:1::41 AS 23456' - reject code: 7
+allow quick from 2001:db8:1:1::41 AS 23456 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 2001:db8:1:1::41 AS 64496 - 131071' - reject code: 7
+allow quick from 2001:db8:1:1::41 AS 64496 - 131071 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 2001:db8:1:1::41 AS 4200000000 - 4294967295' - reject code: 7
+allow quick from 2001:db8:1:1::41 AS 4200000000 - 4294967295 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: transit-free ASNs
+# Reject inbound routes when 'from 2001:db8:1:1::41 AS { 3, 174 }' - reject code: 8
+allow quick from 2001:db8:1:1::41 AS { 3, 174 } set {
+	localpref 1
+	community 65520:0
+	community 65520:8
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: never via route-servers ASNs
+# Reject inbound routes when 'from 2001:db8:1:1::41 AS as-set neverviarouteserver' - reject code: 15
+allow quick from 2001:db8:1:1::41 AS as-set neverviarouteserver set {
+	localpref 1
+	community 65520:0
+	community 65520:15
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+
+
+
+
+
+# Blackhole request?
+match from 2001:db8:1:1::41 set ext-community delete rt 65520:4
+
+
+# Remove internal communities before accepting the route
+match from 2001:db8:1:1::41 community BLACKHOLE set {
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+allow from 2001:db8:1:1::41 community 65534:0 set {
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+allow from 2001:db8:1:1::41 large-community 65534:0:0 set {
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# Add the rpki_bgp_origin_validation_not_performed community
+match from 2001:db8:1:1::41 community BLACKHOLE set community 65530:4
+match from 2001:db8:1:1::41 community BLACKHOLE set large-community 999:65530:4
+
+match from 2001:db8:1:1::41 community 65534:0 set { community 65530:4 large-community 999:65530:4}
+match from 2001:db8:1:1::41 large-community 65534:0:0 set { community 65530:4 large-community 999:65530:4}
+
+
+allow quick from 2001:db8:1:1::41 community BLACKHOLE
+allow quick from 2001:db8:1:1::41 community 65534:0
+allow quick from 2001:db8:1:1::41 large-community 65534:0:0
+
+
+match from 2001:db8:1:1::41 set ext-community rt 65520:4
+
+
+# RPKI-based Origin Validation
+# Reject inbound routes when 'from 2001:db8:1:1::41 ext-community $INTCOMM_RPKI_INVALID' - reject code: 14
+allow quick from 2001:db8:1:1::41 ext-community $INTCOMM_RPKI_INVALID set {
+	localpref 1
+	community 65520:0
+	community 65520:14
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# Prefix: length
+# Reject inbound routes when 'from 2001:db8:1:1::41 prefix ::/0 prefixlen 17 >< 48' - reject code: 13
+allow quick from 2001:db8:1:1::41 prefix ::/0 prefixlen 17 >< 48 set {
+	localpref 1
+	community 65520:0
+	community 65520:13
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# Graceful shutdown
+match from 2001:db8:1:1::41 community GRACEFUL_SHUTDOWN set localpref 5
+
+# Remove internal communities before accepting the route
+match from 2001:db8:1:1::41 set {
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+match from 2001:db8:1:1::41 set ext-community delete rt 65520:4
+
+
+
+allow quick from 2001:db8:1:1::41
+
+
+
+# ---------------------------------------------
+# client AS4_2, outbound
+
+deny quick to 2001:db8:1:1::41 community 65520:0
+
+
+
+# Blackhole request?
+# Configured policy: rewrite-next-hop
+match to 2001:db8:1:1::41 community 65534:0 set community BLACKHOLE
+match to 2001:db8:1:1::41 large-community 65534:0:0 set community BLACKHOLE
+
+match to 2001:db8:1:1::41 community BLACKHOLE set community NO_EXPORT
+match to 2001:db8:1:1::41 community BLACKHOLE set nexthop 2001:db8:1:1::66
+
+
+# RPKI-based Origin Validation
+# Do not announce INVALID to clients
+deny quick to 2001:db8:1:1::41 ext-community $INTCOMM_RPKI_INVALID
+
+# NO_EXPORT and NO_ADVERTISE communities
+# add_noexport_to_any
+match to 2001:db8:1:1::41 community 65507:999 set community NO_EXPORT
+match to 2001:db8:1:1::41 ext-community rt 65507:999 set community NO_EXPORT
+match to 2001:db8:1:1::41 large-community 999:65507:999 set community NO_EXPORT
+
+# add_noadvertise_to_any
+match to 2001:db8:1:1::41 community 65508:999 set community NO_ADVERTISE
+match to 2001:db8:1:1::41 ext-community rt 65508:999 set community NO_ADVERTISE
+match to 2001:db8:1:1::41 large-community 999:65508:999 set community NO_ADVERTISE
+
+# add_noexport_to_peer
+match to 2001:db8:1:1::41 community 65509:4 set community NO_EXPORT
+match to 2001:db8:1:1::41 ext-community rt 65509:4 set community NO_EXPORT
+match to 2001:db8:1:1::41 large-community 999:65509:4 set community NO_EXPORT
+
+# add_noadvertise_to_peer
+match to 2001:db8:1:1::41 community 65510:4 set community NO_ADVERTISE
+match to 2001:db8:1:1::41 ext-community rt 65510:4 set community NO_ADVERTISE
+match to 2001:db8:1:1::41 large-community 999:65510:4 set community NO_ADVERTISE
+
+
+# BGP control communities
+allow to 2001:db8:1:1::41
+
+# do_not_announce_to_any
+deny to 2001:db8:1:1::41 community 0:999
+deny to 2001:db8:1:1::41 ext-community rt 0:999
+deny to 2001:db8:1:1::41 large-community 999:0:999
+
+# do_not_announce_to_peer
+deny quick to 2001:db8:1:1::41 community 0:4
+deny quick to 2001:db8:1:1::41 ext-community rt 0:4
+deny quick to 2001:db8:1:1::41 large-community 999:0:4
+
+# do_not_announce_to_peers_with_rtt_higher_than 5 ms
+deny to 2001:db8:1:1::41 community 64531:5
+deny to 2001:db8:1:1::41 ext-community rt 64531:5
+deny to 2001:db8:1:1::41 large-community 999:64531:5
+
+
+# do_not_announce_to_peers_with_rtt_higher_than 10 ms
+deny to 2001:db8:1:1::41 community 64531:10
+deny to 2001:db8:1:1::41 ext-community rt 64531:10
+deny to 2001:db8:1:1::41 large-community 999:64531:10
+
+
+# do_not_announce_to_peers_with_rtt_higher_than 15 ms
+deny to 2001:db8:1:1::41 community 64531:15
+deny to 2001:db8:1:1::41 ext-community rt 64531:15
+deny to 2001:db8:1:1::41 large-community 999:64531:15
+
+
+# do_not_announce_to_peers_with_rtt_higher_than 20 ms
+deny to 2001:db8:1:1::41 community 64531:20
+deny to 2001:db8:1:1::41 ext-community rt 64531:20
+deny to 2001:db8:1:1::41 large-community 999:64531:20
+
+
+# do_not_announce_to_peers_with_rtt_higher_than 30 ms
+deny to 2001:db8:1:1::41 community 64531:30
+deny to 2001:db8:1:1::41 ext-community rt 64531:30
+deny to 2001:db8:1:1::41 large-community 999:64531:30
+
+
+# do_not_announce_to_peers_with_rtt_higher_than 50 ms
+deny to 2001:db8:1:1::41 community 64531:50
+deny to 2001:db8:1:1::41 ext-community rt 64531:50
+deny to 2001:db8:1:1::41 large-community 999:64531:50
+
+
+# do_not_announce_to_peers_with_rtt_higher_than 100 ms
+deny to 2001:db8:1:1::41 community 64531:100
+deny to 2001:db8:1:1::41 ext-community rt 64531:100
+deny to 2001:db8:1:1::41 large-community 999:64531:100
+
+
+# do_not_announce_to_peers_with_rtt_higher_than 200 ms
+deny to 2001:db8:1:1::41 community 64531:200
+deny to 2001:db8:1:1::41 ext-community rt 64531:200
+deny to 2001:db8:1:1::41 large-community 999:64531:200
+
+
+# do_not_announce_to_peers_with_rtt_higher_than 500 ms
+deny to 2001:db8:1:1::41 community 64531:500
+deny to 2001:db8:1:1::41 ext-community rt 64531:500
+deny to 2001:db8:1:1::41 large-community 999:64531:500
+
+
+# announce_to_peers_with_rtt_higher_than 5 ms
+allow to 2001:db8:1:1::41 community 64533:5
+allow to 2001:db8:1:1::41 ext-community rt 64533:5
+allow to 2001:db8:1:1::41 large-community 999:64533:5
+
+
+# announce_to_peers_with_rtt_higher_than 10 ms
+allow to 2001:db8:1:1::41 community 64533:10
+allow to 2001:db8:1:1::41 ext-community rt 64533:10
+allow to 2001:db8:1:1::41 large-community 999:64533:10
+
+
+# announce_to_peers_with_rtt_higher_than 15 ms
+allow to 2001:db8:1:1::41 community 64533:15
+allow to 2001:db8:1:1::41 ext-community rt 64533:15
+allow to 2001:db8:1:1::41 large-community 999:64533:15
+
+
+# announce_to_peers_with_rtt_higher_than 20 ms
+allow to 2001:db8:1:1::41 community 64533:20
+allow to 2001:db8:1:1::41 ext-community rt 64533:20
+allow to 2001:db8:1:1::41 large-community 999:64533:20
+
+
+# announce_to_peers_with_rtt_higher_than 30 ms
+allow to 2001:db8:1:1::41 community 64533:30
+allow to 2001:db8:1:1::41 ext-community rt 64533:30
+allow to 2001:db8:1:1::41 large-community 999:64533:30
+
+
+# announce_to_peers_with_rtt_higher_than 50 ms
+allow to 2001:db8:1:1::41 community 64533:50
+allow to 2001:db8:1:1::41 ext-community rt 64533:50
+allow to 2001:db8:1:1::41 large-community 999:64533:50
+
+
+# announce_to_peers_with_rtt_higher_than 100 ms
+allow to 2001:db8:1:1::41 community 64533:100
+allow to 2001:db8:1:1::41 ext-community rt 64533:100
+allow to 2001:db8:1:1::41 large-community 999:64533:100
+
+
+# announce_to_peers_with_rtt_higher_than 200 ms
+allow to 2001:db8:1:1::41 community 64533:200
+allow to 2001:db8:1:1::41 ext-community rt 64533:200
+allow to 2001:db8:1:1::41 large-community 999:64533:200
+
+
+# announce_to_peers_with_rtt_higher_than 500 ms
+allow to 2001:db8:1:1::41 community 64533:500
+allow to 2001:db8:1:1::41 ext-community rt 64533:500
+allow to 2001:db8:1:1::41 large-community 999:64533:500
+
+
+# announce_to_peer
+allow to 2001:db8:1:1::41 community 65501:4
+allow to 2001:db8:1:1::41 ext-community rt 65501:4
+allow to 2001:db8:1:1::41 large-community 999:65501:4
+
+
+# Add the $INTCOMM_PROCESS_PREPEND_COMMS ext community to signal that communities
+# for prepending can be processed. As soon as one prepending action is performed,
+# this internal community is removed, so that further actions are not processed.
+match to 2001:db8:1:1::41 set ext-community $INTCOMM_PROCESS_PREPEND_COMMS
+
+# prepend_once_to_peer AS4; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 65521:4 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 65521:4 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:65521:4 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+# prepend_twice_to_peer AS4; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 65522:4 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 65522:4 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:65522:4 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+# prepend_thrice_to_peer AS4; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 65523:4 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 65523:4 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:65523:4 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_once_to_peers_with_rtt_higher_than 500 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64537:500 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64537:500 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64537:500 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_twice_to_peers_with_rtt_higher_than 500 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64538:500 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64538:500 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64538:500 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_thrice_to_peers_with_rtt_higher_than 500 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64539:500 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64539:500 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64539:500 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_once_to_peers_with_rtt_higher_than 200 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64537:200 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64537:200 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64537:200 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_twice_to_peers_with_rtt_higher_than 200 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64538:200 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64538:200 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64538:200 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_thrice_to_peers_with_rtt_higher_than 200 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64539:200 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64539:200 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64539:200 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_once_to_peers_with_rtt_higher_than 100 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64537:100 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64537:100 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64537:100 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_twice_to_peers_with_rtt_higher_than 100 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64538:100 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64538:100 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64538:100 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_thrice_to_peers_with_rtt_higher_than 100 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64539:100 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64539:100 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64539:100 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_once_to_peers_with_rtt_higher_than 50 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64537:50 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64537:50 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64537:50 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_twice_to_peers_with_rtt_higher_than 50 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64538:50 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64538:50 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64538:50 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_thrice_to_peers_with_rtt_higher_than 50 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64539:50 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64539:50 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64539:50 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_once_to_peers_with_rtt_higher_than 30 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64537:30 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64537:30 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64537:30 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_twice_to_peers_with_rtt_higher_than 30 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64538:30 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64538:30 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64538:30 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_thrice_to_peers_with_rtt_higher_than 30 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64539:30 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64539:30 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64539:30 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_once_to_peers_with_rtt_higher_than 20 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64537:20 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64537:20 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64537:20 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_twice_to_peers_with_rtt_higher_than 20 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64538:20 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64538:20 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64538:20 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_thrice_to_peers_with_rtt_higher_than 20 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64539:20 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64539:20 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64539:20 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_once_to_peers_with_rtt_higher_than 15 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64537:15 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64537:15 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64537:15 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_twice_to_peers_with_rtt_higher_than 15 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64538:15 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64538:15 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64538:15 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_thrice_to_peers_with_rtt_higher_than 15 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64539:15 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64539:15 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64539:15 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_once_to_peers_with_rtt_higher_than 10 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64537:10 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64537:10 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64537:10 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_twice_to_peers_with_rtt_higher_than 10 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64538:10 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64538:10 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64538:10 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_thrice_to_peers_with_rtt_higher_than 10 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64539:10 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64539:10 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64539:10 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_once_to_peers_with_rtt_higher_than 5 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64537:5 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64537:5 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64537:5 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_twice_to_peers_with_rtt_higher_than 5 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64538:5 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64538:5 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64538:5 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_thrice_to_peers_with_rtt_higher_than 5 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64539:5 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64539:5 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64539:5 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+
+# prepend_once_to_any; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 65521:65521 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 65521:65521 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:65521:65521 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+# prepend_twice_to_any; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 65522:65522 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 65522:65522 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:65522:65522 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+# prepend_thrice_to_any; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 65523:65523 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 65523:65523 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:65523:65523 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+
+
+
+# Scrub communities from outbound routes
+# add_noadvertise_to_any
+match to group clients set community delete 65508:999
+match to group clients set ext-community delete rt 65508:999
+match to group clients set large-community delete 999:65508:999
+
+# add_noadvertise_to_peer
+match to group clients set community delete 65510:*
+match to group clients set ext-community delete rt 65510:*
+match to group clients set large-community delete 999:65510:*
+
+# add_noexport_to_any
+match to group clients set community delete 65507:999
+match to group clients set ext-community delete rt 65507:999
+match to group clients set large-community delete 999:65507:999
+
+# add_noexport_to_peer
+match to group clients set community delete 65509:*
+match to group clients set ext-community delete rt 65509:*
+match to group clients set large-community delete 999:65509:*
+
+# announce_to_peer
+match to group clients set community delete 65501:*
+match to group clients set ext-community delete rt 65501:*
+match to group clients set large-community delete 999:65501:*
+
+# announce_to_peers_with_rtt_higher_than
+match to group clients set community delete 64533:*
+match to group clients set ext-community delete rt 64533:*
+match to group clients set large-community delete 999:64533:*
+
+# announce_to_peers_with_rtt_lower_than
+match to group clients set community delete 64532:*
+match to group clients set ext-community delete rt 64532:*
+match to group clients set large-community delete 999:64532:*
+
+# blackholing
+match to group clients set community delete 65534:0
+match to group clients set large-community delete 65534:0:0
+
+# do_not_announce_to_any
+match to group clients set community delete 0:999
+match to group clients set ext-community delete rt 0:999
+match to group clients set large-community delete 999:0:999
+
+# do_not_announce_to_peer
+match to group clients set community delete 0:*
+match to group clients set ext-community delete rt 0:*
+match to group clients set large-community delete 999:0:*
+
+# do_not_announce_to_peers_with_rtt_higher_than
+match to group clients set community delete 64531:*
+match to group clients set ext-community delete rt 64531:*
+match to group clients set large-community delete 999:64531:*
+
+# do_not_announce_to_peers_with_rtt_lower_than
+match to group clients set community delete 64530:*
+match to group clients set ext-community delete rt 64530:*
+match to group clients set large-community delete 999:64530:*
+
+# prepend_once_to_any
+match to group clients set community delete 65521:65521
+match to group clients set ext-community delete rt 65521:65521
+match to group clients set large-community delete 999:65521:65521
+
+# prepend_once_to_peer
+match to group clients set community delete 65521:*
+match to group clients set ext-community delete rt 65521:*
+match to group clients set large-community delete 999:65521:*
+
+# prepend_once_to_peers_with_rtt_higher_than
+match to group clients set community delete 64537:*
+match to group clients set ext-community delete rt 64537:*
+match to group clients set large-community delete 999:64537:*
+
+# prepend_once_to_peers_with_rtt_lower_than
+match to group clients set community delete 64534:*
+match to group clients set ext-community delete rt 64534:*
+match to group clients set large-community delete 999:64534:*
+
+# prepend_thrice_to_any
+match to group clients set community delete 65523:65523
+match to group clients set ext-community delete rt 65523:65523
+match to group clients set large-community delete 999:65523:65523
+
+# prepend_thrice_to_peer
+match to group clients set community delete 65523:*
+match to group clients set ext-community delete rt 65523:*
+match to group clients set large-community delete 999:65523:*
+
+# prepend_thrice_to_peers_with_rtt_higher_than
+match to group clients set community delete 64539:*
+match to group clients set ext-community delete rt 64539:*
+match to group clients set large-community delete 999:64539:*
+
+# prepend_thrice_to_peers_with_rtt_lower_than
+match to group clients set community delete 64536:*
+match to group clients set ext-community delete rt 64536:*
+match to group clients set large-community delete 999:64536:*
+
+# prepend_twice_to_any
+match to group clients set community delete 65522:65522
+match to group clients set ext-community delete rt 65522:65522
+match to group clients set large-community delete 999:65522:65522
+
+# prepend_twice_to_peer
+match to group clients set community delete 65522:*
+match to group clients set ext-community delete rt 65522:*
+match to group clients set large-community delete 999:65522:*
+
+# prepend_twice_to_peers_with_rtt_higher_than
+match to group clients set community delete 64538:*
+match to group clients set ext-community delete rt 64538:*
+match to group clients set large-community delete 999:64538:*
+
+# prepend_twice_to_peers_with_rtt_lower_than
+match to group clients set community delete 64535:*
+match to group clients set ext-community delete rt 64535:*
+match to group clients set large-community delete 999:64535:*
+
+# reject_cause
+match to group clients set community delete 65520:*
+
+# reject_cause_map_6
+match to group clients set large-community delete 999:1101:7
+
+# rejected_route_announced_by
+match to group clients set ext-community delete rt 65520:*
+
+
+# Scrub prepending communities
+match to group clients set {
+	community delete 65521:65521
+	ext-community delete rt 65521:65521
+	large-community delete 999:65521:65521
+
+}
+match to group clients set {
+	community delete 65521:*
+	ext-community delete rt 65521:*
+	large-community delete 999:65521:*
+
+}
+match to group clients set {
+	community delete 64537:*
+	ext-community delete rt 64537:*
+	large-community delete 999:64537:*
+
+}
+match to group clients set {
+	community delete 64534:*
+	ext-community delete rt 64534:*
+	large-community delete 999:64534:*
+
+}
+match to group clients set {
+	community delete 65523:65523
+	ext-community delete rt 65523:65523
+	large-community delete 999:65523:65523
+
+}
+match to group clients set {
+	community delete 65523:*
+	ext-community delete rt 65523:*
+	large-community delete 999:65523:*
+
+}
+match to group clients set {
+	community delete 64539:*
+	ext-community delete rt 64539:*
+	large-community delete 999:64539:*
+
+}
+match to group clients set {
+	community delete 64536:*
+	ext-community delete rt 64536:*
+	large-community delete 999:64536:*
+
+}
+match to group clients set {
+	community delete 65522:65522
+	ext-community delete rt 65522:65522
+	large-community delete 999:65522:65522
+
+}
+match to group clients set {
+	community delete 65522:*
+	ext-community delete rt 65522:*
+	large-community delete 999:65522:*
+
+}
+match to group clients set {
+	community delete 64538:*
+	ext-community delete rt 64538:*
+	large-community delete 999:64538:*
+
+}
+match to group clients set {
+	community delete 64535:*
+	ext-community delete rt 64535:*
+	large-community delete 999:64535:*
+
+}
+
+
+# RFC1997 NO_EXPORT/NO_ADVERTISE received from clients and propagated because of pass-through policy
+match to group clients ext-community $INTCOMM_NO_EXPORT set community NO_EXPORT
+match to group clients ext-community $INTCOMM_NO_ADVERTISE set community NO_ADVERTISE
+
+# Remove internal communities before announcing the route
+match to group clients set {
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+include "/etc/bgpd/post-filters.local"
+
+
diff --git a/tests/live_tests/scenarios/global/configs/BasicScenario_OpenBGPDIPv6/openbgpd77p.conf b/tests/live_tests/scenarios/global/configs/BasicScenario_OpenBGPDIPv6/openbgpd77p.conf
new file mode 100644
index 00000000..28ccbce0
--- /dev/null
+++ b/tests/live_tests/scenarios/global/configs/BasicScenario_OpenBGPDIPv6/openbgpd77p.conf
@@ -0,0 +1,10254 @@
+# built by ARouteServer
+AS 999
+router-id 192.0.2.2
+
+fib-update no
+log updates
+
+nexthop qualify via default
+
+rde evaluate all
+
+INTCOMM_PREF_OK_ROA="soo 65535:1"
+INTCOMM_ROUTE_OK_WL="soo 65535:2"
+INTCOMM_PREF_OK_ARINDB="soo 65535:3"
+INTCOMM_PREF_OK_REGISTROBRDB="soo 65535:12"
+
+INTCOMM_ORIGIN_OK="soo 65535:4"
+INTCOMM_ORIGIN_KO="soo 65535:5"
+INTCOMM_PREFIX_OK="soo 65535:6"
+INTCOMM_PREFIX_KO="soo 65535:7"
+INTCOMM_IRR_REJECT="soo 65535:8"
+
+INTCOMM_RPKI_UNKNOWN="soo 65535:9"
+INTCOMM_RPKI_INVALID="soo 65535:10"
+INTCOMM_RPKI_VALID="soo 65535:11"
+
+INTCOMM_PROCESS_PREPEND_COMMS="soo 65535:13"
+
+INTCOMM_NO_EXPORT="soo 65535:65281"
+INTCOMM_NO_ADVERTISE="soo 65535:65282"
+
+# ---------------------------------------------------------
+# IRRDB
+
+# AS222, used by client AS222_1, client AS222_2
+# no origin ASNs found for AS222
+# no prefixes found for AS222
+
+# AS2, used by client AS2_1, client AS2_2
+# no origin ASNs found for AS2
+# no prefixes found for AS2
+
+# AS-AS1, AS-AS1_CUSTOMERS, used by client AS1_1, client AS1_2, client AS1_3, client AS1_4
+as-set "AS_SET_AS_AS1_AS_AS1_CUSTOMERS_asns" {
+    1 101 103 104
+}
+prefix-set "AS_SET_AS_AS1_AS_AS1_CUSTOMERS_prefixes" {
+    2a01::/32 prefixlen 32 - 128
+    2a99::/16 prefixlen 16 - 128
+    3101::/32 prefixlen 32 - 128
+    3103::/32 prefixlen 32 - 128
+}
+
+# AS-AS2, AS-AS2_CUSTOMERS, used by client AS2_1, client AS2_2
+as-set "AS_SET_AS_AS2_AS_AS2_CUSTOMERS_asns" {
+    2 101 103
+}
+prefix-set "AS_SET_AS_AS2_AS_AS2_CUSTOMERS_prefixes" {
+    2a02::/32 prefixlen 32 - 128
+    3101::/32 prefixlen 32 - 128
+    3103::/32 prefixlen 32 - 128
+}
+
+# WHITE_LIST_AS1_2, used by client AS1_2 white list
+as-set "AS_SET_WHITE_LIST_AS1_2_asns" {
+    1011
+}
+prefix-set "AS_SET_WHITE_LIST_AS1_2_prefixes" {
+    11.1.0.0/16 prefixlen 16 - 32
+    2a11:1::/32 prefixlen 32 - 128
+}
+
+# AS-AS222, used by client AS222_1, client AS222_2
+as-set "AS_SET_AS_AS222_asns" {
+    333
+}
+prefix-set "AS_SET_AS_AS222_prefixes" {
+    3222::/32 prefixlen 32 - 128
+}
+
+# AS1, used by client AS1_1, client AS1_2, client AS1_3, client AS1_4
+# no origin ASNs found for AS1
+# no prefixes found for AS1
+
+# WHITE_LIST_AS1_1, used by client AS1_1 white list
+as-set "AS_SET_WHITE_LIST_AS1_1_asns" {
+    1011
+}
+prefix-set "AS_SET_WHITE_LIST_AS1_1_prefixes" {
+    11.1.0.0/16 prefixlen 16 - 32
+    2a11:1::/32 prefixlen 32 - 128
+}
+
+
+
+
+# ---------------------------------------------------------
+# MEMBERS
+
+group "clients" {
+
+	neighbor 192.0.2.11 {
+		remote-as 1
+
+		rde evaluate all
+
+		descr "AS1_1 client"
+		passive
+		ttl-security no
+		transparent-as yes
+		enforce neighbor-as no
+
+		announce as-4byte yes
+		announce IPv6 none
+		announce IPv4 unicast
+
+		set nexthop no-modify
+	}
+
+	# RTT: 0.1 ms (normalized value: 1)
+	neighbor 2001:db8:1:1::11 {
+		remote-as 1
+
+		rde evaluate all
+
+		descr "AS1_1 client"
+		passive
+		ttl-security no
+		transparent-as yes
+		enforce neighbor-as no
+
+		announce as-4byte yes
+		announce IPv6 unicast
+		announce IPv4 none
+
+		set nexthop no-modify
+	}
+
+	neighbor 192.0.2.12 {
+		remote-as 1
+
+		rde evaluate all
+
+		descr "AS1_2 client"
+		passive
+		ttl-security no
+		transparent-as yes
+		enforce neighbor-as no
+
+		announce as-4byte yes
+		announce IPv6 none
+		announce IPv4 unicast
+
+		set nexthop no-modify
+	}
+
+	# RTT: 5 ms (normalized value: 5)
+	neighbor 2001:db8:1:1::12 {
+		remote-as 1
+
+		rde evaluate all
+
+		descr "AS1_2 client"
+		passive
+		ttl-security no
+		transparent-as yes
+		enforce neighbor-as no
+
+		announce as-4byte yes
+		announce IPv6 unicast
+		announce IPv4 none
+
+		set nexthop no-modify
+	}
+
+	neighbor 192.0.2.222 {
+		remote-as 222
+
+		rde evaluate all
+
+		descr "AS222_1 client"
+		ttl-security no
+		transparent-as yes
+		enforce neighbor-as no
+
+		announce as-4byte yes
+		announce IPv6 none
+		announce IPv4 unicast
+
+		set nexthop no-modify
+	}
+
+	neighbor 2001:db8:1:1::222 {
+		remote-as 222
+
+		rde evaluate all
+
+		descr "AS222_1 client"
+		ttl-security no
+		transparent-as yes
+		enforce neighbor-as no
+
+		announce as-4byte yes
+		announce IPv6 unicast
+		announce IPv4 none
+
+		set nexthop no-modify
+	}
+
+	neighbor 192.0.2.21 {
+		remote-as 2
+
+		rde evaluate all
+
+		descr "AS2_1 client"
+		passive
+		ttl-security no
+		transparent-as yes
+		enforce neighbor-as no
+
+		announce as-4byte yes
+		announce IPv6 none
+		announce IPv4 unicast
+
+		set nexthop no-modify
+	}
+
+	# RTT: 17.3 ms (normalized value: 17)
+	neighbor 2001:db8:1:1::21 {
+		remote-as 2
+
+		rde evaluate all
+
+		descr "AS2_1 client"
+		passive
+		ttl-security no
+		transparent-as yes
+		enforce neighbor-as no
+
+		announce as-4byte yes
+		announce IPv6 unicast
+		announce IPv4 none
+
+		set nexthop no-modify
+	}
+
+	neighbor 192.0.2.31 {
+		remote-as 3
+
+		rde evaluate all
+
+		descr "AS3_1 client"
+		ttl-security no
+		transparent-as no
+		enforce neighbor-as no
+
+		announce as-4byte yes
+		announce IPv6 none
+		announce IPv4 unicast
+		announce add-path send best plus 5
+
+		set nexthop no-modify
+	}
+
+	# RTT: 123.8 ms (normalized value: 124)
+	neighbor 2001:db8:1:1::31 {
+		remote-as 3
+
+		rde evaluate all
+
+		descr "AS3_1 client"
+		ttl-security no
+		transparent-as no
+		enforce neighbor-as no
+
+		announce as-4byte yes
+		announce IPv6 unicast
+		announce IPv4 none
+		announce add-path send best plus 5
+
+		set nexthop no-modify
+	}
+
+	neighbor 192.0.2.41 {
+		remote-as 4
+
+		rde evaluate all
+
+		descr "AS4_1 client"
+		passive
+		ttl-security no
+		transparent-as yes
+		enforce neighbor-as no
+
+		announce as-4byte yes
+		announce IPv6 none
+		announce IPv4 unicast
+
+		set nexthop no-modify
+	}
+
+	# RTT: 600 ms (normalized value: 600)
+	neighbor 2001:db8:1:1::41 {
+		remote-as 4
+
+		rde evaluate all
+
+		descr "AS4_1 client"
+		passive
+		ttl-security no
+		transparent-as yes
+		enforce neighbor-as no
+
+		announce as-4byte yes
+		announce IPv6 unicast
+		announce IPv4 none
+
+		set nexthop no-modify
+	}
+}
+
+include "/etc/bgpd/post-clients.local"
+
+
+
+# ---------------------------------------------------------
+# FILTERS
+
+# NO_ADVERTISE usage notes.
+# The NO_ADVERTISE well-know community is used here to handle
+# filters that span over multiple steps. At first it is added
+# to any route, then it is removed as filters conditions are
+# satisfied. Finally, if it is still present, it means that
+# the route should be discarded.
+
+
+
+
+prefix-set "global_black_list_pref" {
+    192.0.2.0/24 prefixlen 24 - 32
+    2001:db8::/32 prefixlen 32 - 128
+
+}
+
+prefix-set "bogons" {
+    0.0.0.0/0
+    0.0.0.0/8 prefixlen 8 - 32
+    10.0.0.0/8 prefixlen 8 - 32
+    127.0.0.0/8 prefixlen 8 - 32
+    169.254.0.0/16 prefixlen 16 - 32
+    172.16.0.0/12 prefixlen 12 - 32
+    192.0.2.0/24 prefixlen 24 - 32
+    192.88.99.0/24 prefixlen 24 - 32
+    192.168.0.0/16 prefixlen 16 - 32
+    198.18.0.0/15 prefixlen 15 - 32
+    198.51.100.0/24 prefixlen 24 - 32
+    203.0.113.0/24 prefixlen 24 - 32
+    224.0.0.0/3 prefixlen 3 - 32
+    100.64.0.0/10 prefixlen 10 - 32
+    ::/0
+    ::/8 prefixlen 8 - 128
+    64:ff9b::/96 prefixlen 96 - 128
+    100::/8 prefixlen 8 - 128
+    200::/7 prefixlen 7 - 128
+    400::/6 prefixlen 6 - 128
+    800::/5 prefixlen 5 - 128
+    1000::/4 prefixlen 4 - 128
+    2001::/33 prefixlen 33 - 128
+    2001:0:8000::/33 prefixlen 33 - 128
+    2001:2::/48 prefixlen 48 - 128
+    2001:3::/32 prefixlen 32 - 128
+    2001:10::/28 prefixlen 28 - 128
+    2001:20::/28 prefixlen 28 - 128
+    2001:db8::/32 prefixlen 32 - 128
+    2002::/16 prefixlen 16 - 128
+    3ffe::/16 prefixlen 16 - 128
+    4000::/3 prefixlen 3 - 128
+    5f00::/8 prefixlen 8 - 128
+    6000::/3 prefixlen 3 - 128
+    8000::/3 prefixlen 3 - 128
+    a000::/3 prefixlen 3 - 128
+    c000::/3 prefixlen 3 - 128
+    e000::/4 prefixlen 4 - 128
+    f000::/5 prefixlen 5 - 128
+    f800::/6 prefixlen 6 - 128
+    fc00::/7 prefixlen 7 - 128
+    fe80::/10 prefixlen 10 - 128
+    fec0::/10 prefixlen 10 - 128
+    ff00::/8 prefixlen 8 - 128
+
+}
+
+# never via route-servers ASNs
+as-set "neverviarouteserver" {
+	666, 777
+}
+
+# =====================================================================================
+# Global rules.
+
+# This part of configuration is processed at the beginning of the filters.
+# The rules defined in this part are applied to all the clients, and not on a
+# client-by-client basis (see the 'match from group clients'), so only global policies
+# can be implemented here, that is no client-level configuration are allowed.
+
+
+
+# Scrub communities from inbound routes
+# origin_not_present_in_as_set
+match from group clients set community delete 65530:0
+match from group clients set large-community delete 999:65530:0
+
+# origin_present_in_as_set
+match from group clients set community delete 65530:1
+match from group clients set large-community delete 999:65530:1
+
+# prefix_validated_via_arin_whois_db_dump
+match from group clients set community delete 65530:3
+match from group clients set large-community delete 999:65530:3
+
+# prefix_validated_via_rpki_roas
+match from group clients set community delete 65530:2
+match from group clients set large-community delete 999:65530:2
+
+# reject_cause
+match from group clients set community delete 65520:*
+
+# reject_cause_map_6
+match from group clients set large-community delete 999:1101:7
+
+# rejected_route_announced_by
+match from group clients set ext-community delete rt 65520:*
+
+# rpki_bgp_origin_validation_not_performed
+match from group clients set community delete 65530:4
+match from group clients set large-community delete 999:65530:4
+
+
+# Scrub internal communities from inbound routes
+match from group clients set {
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+# The main goal of this block is to enrich routes received from clients by attaching to them
+# internal informational communities which are used later by the rest of the filter rules.
+
+# Internal communities used for RFC1997 well-known communities handling
+
+# Transform NO_EXPORT into $INTCOMM_NO_EXPORT
+match from group clients community NO_EXPORT set { ext-community $INTCOMM_NO_EXPORT community delete NO_EXPORT }
+
+# Transform NO_ADVERTISE into $INTCOMM_NO_ADVERTISE
+match from group clients community NO_ADVERTISE set { ext-community $INTCOMM_NO_ADVERTISE community delete NO_ADVERTISE }
+
+
+# ---------------------------------------------------------
+# ROAs source
+
+
+roa-set {
+    101.3.0.0/16 maxlen 24 source-as 105 expires 4102444799
+    101.2.0.0/17 source-as 101 expires 4102444799
+    101.2.128.0/17 maxlen 24 source-as 101 expires 4102444799
+    101.0.128.0/20 maxlen 23 source-as 101 expires 4102444799
+    101.0.8.0/24 source-as 101 expires 4102444799
+    101.0.9.0/24 source-as 102 expires 4102444799
+    222.1.1.0/24 source-as 333 expires 4102444799
+    3101:3::/32 maxlen 48 source-as 105 expires 4102444799
+    3101:0:8000::/33 maxlen 34 source-as 101 expires 4102444799
+    3101:2:8000::/33 maxlen 48 source-as 101 expires 4102444799
+    3101:2::/33 source-as 101 expires 4102444799
+    3101:0:8::/48 source-as 101 expires 4102444799
+    3101:0:9::/48 source-as 102 expires 4102444799
+    3222:0:1::/48 source-as 333 expires 4102444799
+
+}
+
+
+
+# ---------------------------------------------------------
+# RPKI-based Origin Validation
+
+
+# Add $INTCOMM_RPKI_UNKNOWN, $INTCOMM_RPKI_INVALID and $INTCOMM_RPKI_VALID
+# ext community on the basis of ovs.
+match from group clients ovs not-found set {
+    ext-community $INTCOMM_RPKI_UNKNOWN
+    ext-community ovs not-found
+    
+}
+match from group clients ovs valid set {
+    ext-community $INTCOMM_RPKI_VALID
+    ext-community ovs valid
+    
+}
+match from group clients ovs invalid set {
+    ext-community $INTCOMM_RPKI_INVALID
+    ext-community ovs invalid
+    
+}
+
+
+
+# ---------------------------------------------------------
+# RPKI ROAs used as route objects.
+
+# Add the $INTCOMM_PREF_OK_ROA ext community to routes whose
+# origin ASN has a ROA for the announced prefix.
+# It will be used later during IRRDB validation in
+# case the origin ASN is authorized by a client's
+# AS-SET but the prefix is not.
+
+# Since RPKI-based Origin Validation is already performed above,
+# use the origin validation state to identify valid routes.
+match from group clients ovs valid set ext-community $INTCOMM_PREF_OK_ROA
+
+
+# ARIN Whois records used for preifx validation
+# ---------------------------------------------
+
+# Add the $INTCOMM_PREF_OK_ARINDB ext community to routes whose
+# origin ASN has an ARIN Whois record for the announced prefix.
+# It will be used later during IRRDB validation in
+# case the origin ASN is authorized by a client's
+# AS-SET but the prefix is not.
+origin-set "ARINDB" {
+104.0.0.0/23 prefixlen 23 - 32 source-as 104
+3104::/32 prefixlen 32 - 128 source-as 104
+}
+match from group clients origin-set ARINDB set ext-community $INTCOMM_PREF_OK_ARINDB
+
+# NIC.BR Whois records used for preifx validation
+# -----------------------------------------------
+
+# Add the $INTCOMM_PREF_OK_REGISTROBRDB ext community to routes whose
+# origin ASN has a NIC.BR Whois record for the announced prefix.
+# It will be used later during IRRDB validation in
+# case the origin ASN is authorized by a client's
+# AS-SET but the prefix is not.
+origin-set "REGISTROBRDB" {
+104.1.1.0/24 prefixlen 24 - 32 source-as 104
+3104:1:1::/48 prefixlen 48 - 128 source-as 104
+}
+match from group clients origin-set REGISTROBRDB set ext-community $INTCOMM_PREF_OK_REGISTROBRDB
+
+
+
+# Set the 'rejected_route_announced_by' community for all the clients.
+# It will be removed later if the route is not invalid
+match from 192.0.2.11 set ext-community rt 65520:1
+
+match from 2001:db8:1:1::11 set ext-community rt 65520:1
+
+match from 192.0.2.12 set ext-community rt 65520:1
+
+match from 2001:db8:1:1::12 set ext-community rt 65520:1
+
+match from 192.0.2.222 set ext-community rt 65520:222
+
+match from 2001:db8:1:1::222 set ext-community rt 65520:222
+
+match from 192.0.2.21 set ext-community rt 65520:2
+
+match from 2001:db8:1:1::21 set ext-community rt 65520:2
+
+match from 192.0.2.31 set ext-community rt 65520:3
+
+match from 2001:db8:1:1::31 set ext-community rt 65520:3
+
+match from 192.0.2.41 set ext-community rt 65520:4
+
+match from 2001:db8:1:1::41 set ext-community rt 65520:4
+
+
+
+
+# AS_PATH: length
+# Reject inbound routes when 'from group clients max-as-len 6' - reject code: 1
+allow quick from group clients max-as-len 6 set {
+	localpref 1
+	community 65520:0
+	community 65520:1
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# Prefix: global blacklist
+# Reject inbound routes when 'from group clients prefix-set global_black_list_pref' - reject code: 3
+allow quick from group clients prefix-set global_black_list_pref set {
+	localpref 1
+	community 65520:0
+	community 65520:3
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# Prefix: only IPv6 Global Unicast space allowed
+match from group clients inet6 set community NO_ADVERTISE
+match from group clients prefix 2000::/3 or-longer set community delete NO_ADVERTISE
+# Reject inbound routes when 'from group clients community NO_ADVERTISE' - reject code: 10
+allow quick from group clients community NO_ADVERTISE set {
+	localpref 1
+	community 65520:0
+	community 65520:10
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# Prefix: bogon
+# Reject inbound routes when 'from group clients prefix-set bogons' - reject code: 2
+allow quick from group clients prefix-set bogons set {
+	localpref 1
+	community 65520:0
+	community 65520:2
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+
+# =====================================================================================
+# Per client rules.
+
+
+# ---------------------------------------------
+# client AS1_1, inbound
+
+
+
+# NEXT_HOP
+match from 192.0.2.11 set community NO_ADVERTISE
+match from 192.0.2.11 nexthop 192.0.2.11 set community delete NO_ADVERTISE
+# Reject inbound routes when 'from 192.0.2.11 community NO_ADVERTISE' - reject code: 5
+allow quick from 192.0.2.11 community NO_ADVERTISE set {
+	localpref 1
+	community 65520:0
+	community 65520:5
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: left-most ASN
+# Reject inbound routes when 'from 192.0.2.11 peer-as != 1' - reject code: 6
+# community from reject_cause_map
+allow quick from 192.0.2.11 peer-as != 1 set {
+	localpref 1
+	community 65520:0
+	community 65520:6
+	large-community 999:1101:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: invalid ASNs
+# Reject inbound routes when 'from 192.0.2.11 AS 23456' - reject code: 7
+allow quick from 192.0.2.11 AS 23456 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 192.0.2.11 AS 64496 - 131071' - reject code: 7
+allow quick from 192.0.2.11 AS 64496 - 131071 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 192.0.2.11 AS 4200000000 - 4294967295' - reject code: 7
+allow quick from 192.0.2.11 AS 4200000000 - 4294967295 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: transit-free ASNs
+# Reject inbound routes when 'from 192.0.2.11 AS { 3, 174 }' - reject code: 8
+allow quick from 192.0.2.11 AS { 3, 174 } set {
+	localpref 1
+	community 65520:0
+	community 65520:8
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: never via route-servers ASNs
+# Reject inbound routes when 'from 192.0.2.11 AS as-set neverviarouteserver' - reject code: 15
+allow quick from 192.0.2.11 AS as-set neverviarouteserver set {
+	localpref 1
+	community 65520:0
+	community 65520:15
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# client's white list
+# Add the $INTCOMM_ROUTE_OK_WL ext community to routes which
+# are validated by a client's white list entry.
+# It will be used later during IRRDB validation in
+# case the route is not authorized by a client's
+# AS-SET.
+match from 192.0.2.11 prefix 11.3.0.0/16 source-as 1011 set ext-community $INTCOMM_ROUTE_OK_WL	# None
+match from 192.0.2.11 prefix 11.4.0.0/16 prefixlen 16 - 32 set ext-community $INTCOMM_ROUTE_OK_WL	# None
+match from 192.0.2.11 prefix 2a11:3::/32 source-as 1011 set ext-community $INTCOMM_ROUTE_OK_WL	# None
+match from 192.0.2.11 prefix 2a11:4::/32 prefixlen 32 - 128 set ext-community $INTCOMM_ROUTE_OK_WL	# None
+
+match from 192.0.2.11 set ext-community $INTCOMM_IRR_REJECT
+
+# AS_PATH: check origin via AS-SET
+# IRRDB filters for AS1_1, AS1: asns
+# add $INTCOMM_ORIGIN_KO to any; it will be removed later if at least one AS-SET authorizes this object
+match from 192.0.2.11 set ext-community $INTCOMM_ORIGIN_KO
+# verifying if object is authorized by AS-SETs
+match from 192.0.2.11 source-as as-set AS_SET_AS_AS1_AS_AS1_CUSTOMERS_asns set {
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community $INTCOMM_ORIGIN_OK
+} # AS_AS1_AS_AS1_CUSTOMERS
+# AS-SET AS1 referenced but empty.
+match from 192.0.2.11 source-as as-set AS_SET_WHITE_LIST_AS1_1_asns set {
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community $INTCOMM_ORIGIN_OK
+} # WHITE_LIST_AS1_1
+
+
+# Prefix: check prefix via AS-SET
+# IRRDB filters for AS1_1, AS1: prefixes
+# add $INTCOMM_PREFIX_KO to any; it will be removed later if at least one AS-SET authorizes this object
+match from 192.0.2.11 set ext-community $INTCOMM_PREFIX_KO
+# verifying if object is authorized by AS-SETs
+match from 192.0.2.11 prefix-set AS_SET_AS_AS1_AS_AS1_CUSTOMERS_prefixes set {
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community $INTCOMM_PREFIX_OK
+} # AS_AS1_AS_AS1_CUSTOMERS
+# AS-SET AS1 referenced but empty.
+match from 192.0.2.11 prefix-set AS_SET_WHITE_LIST_AS1_1_prefixes set {
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community $INTCOMM_PREFIX_OK
+} # WHITE_LIST_AS1_1
+
+
+# routes tagged with $INTCOMM_PREF_OK_ROA community have the prefix validated by a ROA; origin ASN previously validated ($INTCOMM_ORIGIN_OK)
+match from 192.0.2.11 ext-community $INTCOMM_ORIGIN_OK ext-community $INTCOMM_PREF_OK_ROA set ext-community delete $INTCOMM_IRR_REJECT
+
+# routes tagged with $INTCOMM_PREF_OK_ARINDB community have the prefix validated by an ARIN Whois record; origin ASN previously validated ($INTCOMM_ORIGIN_OK)
+match from 192.0.2.11 ext-community $INTCOMM_ORIGIN_OK ext-community $INTCOMM_PREF_OK_ARINDB set ext-community delete $INTCOMM_IRR_REJECT
+
+# routes tagged with $INTCOMM_PREF_OK_REGISTROBRDB community have the prefix validated by a NICBR Whois record; origin ASN previously validated ($INTCOMM_ORIGIN_OK)
+match from 192.0.2.11 ext-community $INTCOMM_ORIGIN_OK ext-community $INTCOMM_PREF_OK_REGISTROBRDB set ext-community delete $INTCOMM_IRR_REJECT
+
+# route authorized by a client's white list?
+match from 192.0.2.11 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_ROUTE_OK_WL set ext-community delete $INTCOMM_IRR_REJECT
+
+# enforcing: origin ASN
+# Reject inbound routes when 'from 192.0.2.11 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_ORIGIN_KO' - reject code: 9
+allow quick from 192.0.2.11 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_ORIGIN_KO set {
+	localpref 1
+	community 65520:0
+	community 65520:9
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# enforcing: prefix
+# Reject inbound routes when 'from 192.0.2.11 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_PREFIX_KO' - reject code: 12
+allow quick from 192.0.2.11 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_PREFIX_KO set {
+	localpref 1
+	community 65520:0
+	community 65520:12
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# Blackhole request?
+match from 192.0.2.11 set ext-community delete rt 65520:1
+
+
+# Remove internal communities before accepting the route
+match from 192.0.2.11 community BLACKHOLE set {
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+allow from 192.0.2.11 community 65534:0 set {
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+allow from 192.0.2.11 large-community 65534:0:0 set {
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# Add the rpki_bgp_origin_validation_not_performed community
+match from 192.0.2.11 community BLACKHOLE set community 65530:4
+match from 192.0.2.11 community BLACKHOLE set large-community 999:65530:4
+
+match from 192.0.2.11 community 65534:0 set { community 65530:4 large-community 999:65530:4}
+match from 192.0.2.11 large-community 65534:0:0 set { community 65530:4 large-community 999:65530:4}
+
+
+allow quick from 192.0.2.11 community BLACKHOLE
+allow quick from 192.0.2.11 community 65534:0
+allow quick from 192.0.2.11 large-community 65534:0:0
+
+
+match from 192.0.2.11 set ext-community rt 65520:1
+
+
+# RPKI-based Origin Validation
+# Reject inbound routes when 'from 192.0.2.11 ext-community $INTCOMM_RPKI_INVALID' - reject code: 14
+allow quick from 192.0.2.11 ext-community $INTCOMM_RPKI_INVALID set {
+	localpref 1
+	community 65520:0
+	community 65520:14
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# Prefix: length
+# Reject inbound routes when 'from 192.0.2.11 prefix 0.0.0.0/0 prefixlen 8 >< 24' - reject code: 13
+allow quick from 192.0.2.11 prefix 0.0.0.0/0 prefixlen 8 >< 24 set {
+	localpref 1
+	community 65520:0
+	community 65520:13
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# Graceful shutdown
+match from 192.0.2.11 community GRACEFUL_SHUTDOWN set localpref 5
+
+# Remove internal communities before accepting the route
+match from 192.0.2.11 set {
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+match from 192.0.2.11 set ext-community delete rt 65520:1
+
+
+
+allow quick from 192.0.2.11
+
+
+
+# ---------------------------------------------
+# client AS1_1, outbound
+
+deny quick to 192.0.2.11 community 65520:0
+
+
+
+# Blackhole request?
+# Configured policy: rewrite-next-hop
+match to 192.0.2.11 community 65534:0 set community BLACKHOLE
+match to 192.0.2.11 large-community 65534:0:0 set community BLACKHOLE
+
+match to 192.0.2.11 community BLACKHOLE set community NO_EXPORT
+match to 192.0.2.11 community BLACKHOLE set nexthop 192.0.2.66
+
+
+# RPKI-based Origin Validation
+# Do not announce INVALID to clients
+deny quick to 192.0.2.11 ext-community $INTCOMM_RPKI_INVALID
+
+# NO_EXPORT and NO_ADVERTISE communities
+# add_noexport_to_any
+match to 192.0.2.11 community 65507:999 set community NO_EXPORT
+match to 192.0.2.11 ext-community rt 65507:999 set community NO_EXPORT
+match to 192.0.2.11 large-community 999:65507:999 set community NO_EXPORT
+
+# add_noadvertise_to_any
+match to 192.0.2.11 community 65508:999 set community NO_ADVERTISE
+match to 192.0.2.11 ext-community rt 65508:999 set community NO_ADVERTISE
+match to 192.0.2.11 large-community 999:65508:999 set community NO_ADVERTISE
+
+# add_noexport_to_peer
+match to 192.0.2.11 community 65509:1 set community NO_EXPORT
+match to 192.0.2.11 ext-community rt 65509:1 set community NO_EXPORT
+match to 192.0.2.11 large-community 999:65509:1 set community NO_EXPORT
+
+# add_noadvertise_to_peer
+match to 192.0.2.11 community 65510:1 set community NO_ADVERTISE
+match to 192.0.2.11 ext-community rt 65510:1 set community NO_ADVERTISE
+match to 192.0.2.11 large-community 999:65510:1 set community NO_ADVERTISE
+
+
+# BGP control communities
+allow to 192.0.2.11
+
+# do_not_announce_to_any
+deny to 192.0.2.11 community 0:999
+deny to 192.0.2.11 ext-community rt 0:999
+deny to 192.0.2.11 large-community 999:0:999
+
+# do_not_announce_to_peer
+deny quick to 192.0.2.11 community 0:1
+deny quick to 192.0.2.11 ext-community rt 0:1
+deny quick to 192.0.2.11 large-community 999:0:1
+
+# announce_to_peer
+allow to 192.0.2.11 community 65501:1
+allow to 192.0.2.11 ext-community rt 65501:1
+allow to 192.0.2.11 large-community 999:65501:1
+
+
+# Add the $INTCOMM_PROCESS_PREPEND_COMMS ext community to signal that communities
+# for prepending can be processed. As soon as one prepending action is performed,
+# this internal community is removed, so that further actions are not processed.
+match to 192.0.2.11 set ext-community $INTCOMM_PROCESS_PREPEND_COMMS
+
+# prepend_once_to_peer AS1; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 65521:1 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 65521:1 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:65521:1 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+# prepend_twice_to_peer AS1; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 65522:1 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 65522:1 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:65522:1 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+# prepend_thrice_to_peer AS1; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 65523:1 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 65523:1 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:65523:1 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+
+# prepend_once_to_any; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 65521:65521 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 65521:65521 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:65521:65521 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+# prepend_twice_to_any; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 65522:65522 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 65522:65522 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:65522:65522 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+# prepend_thrice_to_any; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 65523:65523 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 65523:65523 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:65523:65523 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+
+# ---------------------------------------------
+# client AS1_2, inbound
+
+
+
+# NEXT_HOP
+match from 2001:db8:1:1::11 set community NO_ADVERTISE
+match from 2001:db8:1:1::11 nexthop 2001:db8:1:1::11 set community delete NO_ADVERTISE
+# Reject inbound routes when 'from 2001:db8:1:1::11 community NO_ADVERTISE' - reject code: 5
+allow quick from 2001:db8:1:1::11 community NO_ADVERTISE set {
+	localpref 1
+	community 65520:0
+	community 65520:5
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: left-most ASN
+# Reject inbound routes when 'from 2001:db8:1:1::11 peer-as != 1' - reject code: 6
+# community from reject_cause_map
+allow quick from 2001:db8:1:1::11 peer-as != 1 set {
+	localpref 1
+	community 65520:0
+	community 65520:6
+	large-community 999:1101:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: invalid ASNs
+# Reject inbound routes when 'from 2001:db8:1:1::11 AS 23456' - reject code: 7
+allow quick from 2001:db8:1:1::11 AS 23456 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 2001:db8:1:1::11 AS 64496 - 131071' - reject code: 7
+allow quick from 2001:db8:1:1::11 AS 64496 - 131071 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 2001:db8:1:1::11 AS 4200000000 - 4294967295' - reject code: 7
+allow quick from 2001:db8:1:1::11 AS 4200000000 - 4294967295 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: transit-free ASNs
+# Reject inbound routes when 'from 2001:db8:1:1::11 AS { 3, 174 }' - reject code: 8
+allow quick from 2001:db8:1:1::11 AS { 3, 174 } set {
+	localpref 1
+	community 65520:0
+	community 65520:8
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: never via route-servers ASNs
+# Reject inbound routes when 'from 2001:db8:1:1::11 AS as-set neverviarouteserver' - reject code: 15
+allow quick from 2001:db8:1:1::11 AS as-set neverviarouteserver set {
+	localpref 1
+	community 65520:0
+	community 65520:15
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# client's white list
+# Add the $INTCOMM_ROUTE_OK_WL ext community to routes which
+# are validated by a client's white list entry.
+# It will be used later during IRRDB validation in
+# case the route is not authorized by a client's
+# AS-SET.
+match from 2001:db8:1:1::11 prefix 11.3.0.0/16 source-as 1011 set ext-community $INTCOMM_ROUTE_OK_WL	# None
+match from 2001:db8:1:1::11 prefix 11.4.0.0/16 prefixlen 16 - 32 set ext-community $INTCOMM_ROUTE_OK_WL	# None
+match from 2001:db8:1:1::11 prefix 2a11:3::/32 source-as 1011 set ext-community $INTCOMM_ROUTE_OK_WL	# None
+match from 2001:db8:1:1::11 prefix 2a11:4::/32 prefixlen 32 - 128 set ext-community $INTCOMM_ROUTE_OK_WL	# None
+
+match from 2001:db8:1:1::11 set ext-community $INTCOMM_IRR_REJECT
+
+# AS_PATH: check origin via AS-SET
+# IRRDB filters for AS1_2, AS1: asns
+# add $INTCOMM_ORIGIN_KO to any; it will be removed later if at least one AS-SET authorizes this object
+match from 2001:db8:1:1::11 set ext-community $INTCOMM_ORIGIN_KO
+# verifying if object is authorized by AS-SETs
+match from 2001:db8:1:1::11 source-as as-set AS_SET_AS_AS1_AS_AS1_CUSTOMERS_asns set {
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community $INTCOMM_ORIGIN_OK
+} # AS_AS1_AS_AS1_CUSTOMERS
+match from 2001:db8:1:1::11 source-as as-set AS_SET_WHITE_LIST_AS1_2_asns set {
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community $INTCOMM_ORIGIN_OK
+} # WHITE_LIST_AS1_2
+# AS-SET AS1 referenced but empty.
+
+
+# Prefix: check prefix via AS-SET
+# IRRDB filters for AS1_2, AS1: prefixes
+# add $INTCOMM_PREFIX_KO to any; it will be removed later if at least one AS-SET authorizes this object
+match from 2001:db8:1:1::11 set ext-community $INTCOMM_PREFIX_KO
+# verifying if object is authorized by AS-SETs
+match from 2001:db8:1:1::11 prefix-set AS_SET_AS_AS1_AS_AS1_CUSTOMERS_prefixes set {
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community $INTCOMM_PREFIX_OK
+} # AS_AS1_AS_AS1_CUSTOMERS
+match from 2001:db8:1:1::11 prefix-set AS_SET_WHITE_LIST_AS1_2_prefixes set {
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community $INTCOMM_PREFIX_OK
+} # WHITE_LIST_AS1_2
+# AS-SET AS1 referenced but empty.
+
+
+# routes tagged with $INTCOMM_PREF_OK_ROA community have the prefix validated by a ROA; origin ASN previously validated ($INTCOMM_ORIGIN_OK)
+match from 2001:db8:1:1::11 ext-community $INTCOMM_ORIGIN_OK ext-community $INTCOMM_PREF_OK_ROA set ext-community delete $INTCOMM_IRR_REJECT
+
+# routes tagged with $INTCOMM_PREF_OK_ARINDB community have the prefix validated by an ARIN Whois record; origin ASN previously validated ($INTCOMM_ORIGIN_OK)
+match from 2001:db8:1:1::11 ext-community $INTCOMM_ORIGIN_OK ext-community $INTCOMM_PREF_OK_ARINDB set ext-community delete $INTCOMM_IRR_REJECT
+
+# routes tagged with $INTCOMM_PREF_OK_REGISTROBRDB community have the prefix validated by a NICBR Whois record; origin ASN previously validated ($INTCOMM_ORIGIN_OK)
+match from 2001:db8:1:1::11 ext-community $INTCOMM_ORIGIN_OK ext-community $INTCOMM_PREF_OK_REGISTROBRDB set ext-community delete $INTCOMM_IRR_REJECT
+
+# route authorized by a client's white list?
+match from 2001:db8:1:1::11 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_ROUTE_OK_WL set ext-community delete $INTCOMM_IRR_REJECT
+
+# enforcing: origin ASN
+# Reject inbound routes when 'from 2001:db8:1:1::11 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_ORIGIN_KO' - reject code: 9
+allow quick from 2001:db8:1:1::11 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_ORIGIN_KO set {
+	localpref 1
+	community 65520:0
+	community 65520:9
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# enforcing: prefix
+# Reject inbound routes when 'from 2001:db8:1:1::11 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_PREFIX_KO' - reject code: 12
+allow quick from 2001:db8:1:1::11 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_PREFIX_KO set {
+	localpref 1
+	community 65520:0
+	community 65520:12
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# Blackhole request?
+match from 2001:db8:1:1::11 set ext-community delete rt 65520:1
+
+
+# Remove internal communities before accepting the route
+match from 2001:db8:1:1::11 community BLACKHOLE set {
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+allow from 2001:db8:1:1::11 community 65534:0 set {
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+allow from 2001:db8:1:1::11 large-community 65534:0:0 set {
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# Add the rpki_bgp_origin_validation_not_performed community
+match from 2001:db8:1:1::11 community BLACKHOLE set community 65530:4
+match from 2001:db8:1:1::11 community BLACKHOLE set large-community 999:65530:4
+
+match from 2001:db8:1:1::11 community 65534:0 set { community 65530:4 large-community 999:65530:4}
+match from 2001:db8:1:1::11 large-community 65534:0:0 set { community 65530:4 large-community 999:65530:4}
+
+
+allow quick from 2001:db8:1:1::11 community BLACKHOLE
+allow quick from 2001:db8:1:1::11 community 65534:0
+allow quick from 2001:db8:1:1::11 large-community 65534:0:0
+
+
+match from 2001:db8:1:1::11 set ext-community rt 65520:1
+
+
+# RPKI-based Origin Validation
+# Reject inbound routes when 'from 2001:db8:1:1::11 ext-community $INTCOMM_RPKI_INVALID' - reject code: 14
+allow quick from 2001:db8:1:1::11 ext-community $INTCOMM_RPKI_INVALID set {
+	localpref 1
+	community 65520:0
+	community 65520:14
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# Prefix: length
+# Reject inbound routes when 'from 2001:db8:1:1::11 prefix ::/0 prefixlen 17 >< 48' - reject code: 13
+allow quick from 2001:db8:1:1::11 prefix ::/0 prefixlen 17 >< 48 set {
+	localpref 1
+	community 65520:0
+	community 65520:13
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# Graceful shutdown
+match from 2001:db8:1:1::11 community GRACEFUL_SHUTDOWN set localpref 5
+
+# Remove internal communities before accepting the route
+match from 2001:db8:1:1::11 set {
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+match from 2001:db8:1:1::11 set ext-community delete rt 65520:1
+
+
+
+allow quick from 2001:db8:1:1::11
+
+
+
+# ---------------------------------------------
+# client AS1_2, outbound
+
+deny quick to 2001:db8:1:1::11 community 65520:0
+
+
+
+# Blackhole request?
+# Configured policy: rewrite-next-hop
+match to 2001:db8:1:1::11 community 65534:0 set community BLACKHOLE
+match to 2001:db8:1:1::11 large-community 65534:0:0 set community BLACKHOLE
+
+match to 2001:db8:1:1::11 community BLACKHOLE set community NO_EXPORT
+match to 2001:db8:1:1::11 community BLACKHOLE set nexthop 2001:db8:1:1::66
+
+
+# RPKI-based Origin Validation
+# Do not announce INVALID to clients
+deny quick to 2001:db8:1:1::11 ext-community $INTCOMM_RPKI_INVALID
+
+# NO_EXPORT and NO_ADVERTISE communities
+# add_noexport_to_any
+match to 2001:db8:1:1::11 community 65507:999 set community NO_EXPORT
+match to 2001:db8:1:1::11 ext-community rt 65507:999 set community NO_EXPORT
+match to 2001:db8:1:1::11 large-community 999:65507:999 set community NO_EXPORT
+
+# add_noadvertise_to_any
+match to 2001:db8:1:1::11 community 65508:999 set community NO_ADVERTISE
+match to 2001:db8:1:1::11 ext-community rt 65508:999 set community NO_ADVERTISE
+match to 2001:db8:1:1::11 large-community 999:65508:999 set community NO_ADVERTISE
+
+# add_noexport_to_peer
+match to 2001:db8:1:1::11 community 65509:1 set community NO_EXPORT
+match to 2001:db8:1:1::11 ext-community rt 65509:1 set community NO_EXPORT
+match to 2001:db8:1:1::11 large-community 999:65509:1 set community NO_EXPORT
+
+# add_noadvertise_to_peer
+match to 2001:db8:1:1::11 community 65510:1 set community NO_ADVERTISE
+match to 2001:db8:1:1::11 ext-community rt 65510:1 set community NO_ADVERTISE
+match to 2001:db8:1:1::11 large-community 999:65510:1 set community NO_ADVERTISE
+
+
+# BGP control communities
+allow to 2001:db8:1:1::11
+
+# do_not_announce_to_any
+deny to 2001:db8:1:1::11 community 0:999
+deny to 2001:db8:1:1::11 ext-community rt 0:999
+deny to 2001:db8:1:1::11 large-community 999:0:999
+
+# do_not_announce_to_peer
+deny quick to 2001:db8:1:1::11 community 0:1
+deny quick to 2001:db8:1:1::11 ext-community rt 0:1
+deny quick to 2001:db8:1:1::11 large-community 999:0:1
+
+# do_not_announce_to_peers_with_rtt_lower_than 5 ms
+deny to 2001:db8:1:1::11 community 64530:5
+deny to 2001:db8:1:1::11 ext-community rt 64530:5
+deny to 2001:db8:1:1::11 large-community 999:64530:5
+
+
+# do_not_announce_to_peers_with_rtt_lower_than 10 ms
+deny to 2001:db8:1:1::11 community 64530:10
+deny to 2001:db8:1:1::11 ext-community rt 64530:10
+deny to 2001:db8:1:1::11 large-community 999:64530:10
+
+
+# do_not_announce_to_peers_with_rtt_lower_than 15 ms
+deny to 2001:db8:1:1::11 community 64530:15
+deny to 2001:db8:1:1::11 ext-community rt 64530:15
+deny to 2001:db8:1:1::11 large-community 999:64530:15
+
+
+# do_not_announce_to_peers_with_rtt_lower_than 20 ms
+deny to 2001:db8:1:1::11 community 64530:20
+deny to 2001:db8:1:1::11 ext-community rt 64530:20
+deny to 2001:db8:1:1::11 large-community 999:64530:20
+
+
+# do_not_announce_to_peers_with_rtt_lower_than 30 ms
+deny to 2001:db8:1:1::11 community 64530:30
+deny to 2001:db8:1:1::11 ext-community rt 64530:30
+deny to 2001:db8:1:1::11 large-community 999:64530:30
+
+
+# do_not_announce_to_peers_with_rtt_lower_than 50 ms
+deny to 2001:db8:1:1::11 community 64530:50
+deny to 2001:db8:1:1::11 ext-community rt 64530:50
+deny to 2001:db8:1:1::11 large-community 999:64530:50
+
+
+# do_not_announce_to_peers_with_rtt_lower_than 100 ms
+deny to 2001:db8:1:1::11 community 64530:100
+deny to 2001:db8:1:1::11 ext-community rt 64530:100
+deny to 2001:db8:1:1::11 large-community 999:64530:100
+
+
+# do_not_announce_to_peers_with_rtt_lower_than 200 ms
+deny to 2001:db8:1:1::11 community 64530:200
+deny to 2001:db8:1:1::11 ext-community rt 64530:200
+deny to 2001:db8:1:1::11 large-community 999:64530:200
+
+
+# do_not_announce_to_peers_with_rtt_lower_than 500 ms
+deny to 2001:db8:1:1::11 community 64530:500
+deny to 2001:db8:1:1::11 ext-community rt 64530:500
+deny to 2001:db8:1:1::11 large-community 999:64530:500
+
+
+# announce_to_peers_with_rtt_lower_than 5 ms
+allow to 2001:db8:1:1::11 community 64532:5
+allow to 2001:db8:1:1::11 ext-community rt 64532:5
+allow to 2001:db8:1:1::11 large-community 999:64532:5
+
+
+# announce_to_peers_with_rtt_lower_than 10 ms
+allow to 2001:db8:1:1::11 community 64532:10
+allow to 2001:db8:1:1::11 ext-community rt 64532:10
+allow to 2001:db8:1:1::11 large-community 999:64532:10
+
+
+# announce_to_peers_with_rtt_lower_than 15 ms
+allow to 2001:db8:1:1::11 community 64532:15
+allow to 2001:db8:1:1::11 ext-community rt 64532:15
+allow to 2001:db8:1:1::11 large-community 999:64532:15
+
+
+# announce_to_peers_with_rtt_lower_than 20 ms
+allow to 2001:db8:1:1::11 community 64532:20
+allow to 2001:db8:1:1::11 ext-community rt 64532:20
+allow to 2001:db8:1:1::11 large-community 999:64532:20
+
+
+# announce_to_peers_with_rtt_lower_than 30 ms
+allow to 2001:db8:1:1::11 community 64532:30
+allow to 2001:db8:1:1::11 ext-community rt 64532:30
+allow to 2001:db8:1:1::11 large-community 999:64532:30
+
+
+# announce_to_peers_with_rtt_lower_than 50 ms
+allow to 2001:db8:1:1::11 community 64532:50
+allow to 2001:db8:1:1::11 ext-community rt 64532:50
+allow to 2001:db8:1:1::11 large-community 999:64532:50
+
+
+# announce_to_peers_with_rtt_lower_than 100 ms
+allow to 2001:db8:1:1::11 community 64532:100
+allow to 2001:db8:1:1::11 ext-community rt 64532:100
+allow to 2001:db8:1:1::11 large-community 999:64532:100
+
+
+# announce_to_peers_with_rtt_lower_than 200 ms
+allow to 2001:db8:1:1::11 community 64532:200
+allow to 2001:db8:1:1::11 ext-community rt 64532:200
+allow to 2001:db8:1:1::11 large-community 999:64532:200
+
+
+# announce_to_peers_with_rtt_lower_than 500 ms
+allow to 2001:db8:1:1::11 community 64532:500
+allow to 2001:db8:1:1::11 ext-community rt 64532:500
+allow to 2001:db8:1:1::11 large-community 999:64532:500
+
+
+# announce_to_peer
+allow to 2001:db8:1:1::11 community 65501:1
+allow to 2001:db8:1:1::11 ext-community rt 65501:1
+allow to 2001:db8:1:1::11 large-community 999:65501:1
+
+
+# Add the $INTCOMM_PROCESS_PREPEND_COMMS ext community to signal that communities
+# for prepending can be processed. As soon as one prepending action is performed,
+# this internal community is removed, so that further actions are not processed.
+match to 2001:db8:1:1::11 set ext-community $INTCOMM_PROCESS_PREPEND_COMMS
+
+# prepend_once_to_peer AS1; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 65521:1 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 65521:1 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:65521:1 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+# prepend_twice_to_peer AS1; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 65522:1 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 65522:1 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:65522:1 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+# prepend_thrice_to_peer AS1; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 65523:1 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 65523:1 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:65523:1 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_once_to_peers_with_rtt_lower_than 5 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64534:5 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64534:5 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64534:5 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_twice_to_peers_with_rtt_lower_than 5 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64535:5 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64535:5 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64535:5 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_thrice_to_peers_with_rtt_lower_than 5 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64536:5 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64536:5 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64536:5 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_once_to_peers_with_rtt_lower_than 10 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64534:10 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64534:10 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64534:10 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_twice_to_peers_with_rtt_lower_than 10 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64535:10 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64535:10 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64535:10 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_thrice_to_peers_with_rtt_lower_than 10 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64536:10 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64536:10 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64536:10 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_once_to_peers_with_rtt_lower_than 15 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64534:15 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64534:15 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64534:15 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_twice_to_peers_with_rtt_lower_than 15 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64535:15 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64535:15 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64535:15 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_thrice_to_peers_with_rtt_lower_than 15 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64536:15 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64536:15 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64536:15 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_once_to_peers_with_rtt_lower_than 20 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64534:20 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64534:20 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64534:20 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_twice_to_peers_with_rtt_lower_than 20 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64535:20 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64535:20 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64535:20 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_thrice_to_peers_with_rtt_lower_than 20 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64536:20 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64536:20 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64536:20 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_once_to_peers_with_rtt_lower_than 30 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64534:30 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64534:30 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64534:30 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_twice_to_peers_with_rtt_lower_than 30 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64535:30 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64535:30 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64535:30 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_thrice_to_peers_with_rtt_lower_than 30 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64536:30 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64536:30 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64536:30 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_once_to_peers_with_rtt_lower_than 50 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64534:50 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64534:50 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64534:50 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_twice_to_peers_with_rtt_lower_than 50 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64535:50 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64535:50 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64535:50 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_thrice_to_peers_with_rtt_lower_than 50 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64536:50 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64536:50 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64536:50 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_once_to_peers_with_rtt_lower_than 100 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64534:100 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64534:100 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64534:100 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_twice_to_peers_with_rtt_lower_than 100 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64535:100 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64535:100 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64535:100 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_thrice_to_peers_with_rtt_lower_than 100 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64536:100 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64536:100 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64536:100 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_once_to_peers_with_rtt_lower_than 200 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64534:200 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64534:200 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64534:200 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_twice_to_peers_with_rtt_lower_than 200 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64535:200 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64535:200 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64535:200 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_thrice_to_peers_with_rtt_lower_than 200 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64536:200 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64536:200 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64536:200 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_once_to_peers_with_rtt_lower_than 500 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64534:500 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64534:500 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64534:500 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_twice_to_peers_with_rtt_lower_than 500 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64535:500 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64535:500 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64535:500 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_thrice_to_peers_with_rtt_lower_than 500 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64536:500 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64536:500 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64536:500 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+
+# prepend_once_to_any; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 65521:65521 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 65521:65521 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:65521:65521 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+# prepend_twice_to_any; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 65522:65522 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 65522:65522 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:65522:65522 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+# prepend_thrice_to_any; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 65523:65523 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 65523:65523 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:65523:65523 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+
+# ---------------------------------------------
+# client AS1_3, inbound
+
+
+
+# NEXT_HOP
+match from 192.0.2.12 set community NO_ADVERTISE
+match from 192.0.2.12 nexthop 192.0.2.11 set community delete NO_ADVERTISE
+match from 192.0.2.12 nexthop 192.0.2.12 set community delete NO_ADVERTISE
+# Reject inbound routes when 'from 192.0.2.12 community NO_ADVERTISE' - reject code: 5
+allow quick from 192.0.2.12 community NO_ADVERTISE set {
+	localpref 1
+	community 65520:0
+	community 65520:5
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: left-most ASN
+# Reject inbound routes when 'from 192.0.2.12 peer-as != 1' - reject code: 6
+# community from reject_cause_map
+allow quick from 192.0.2.12 peer-as != 1 set {
+	localpref 1
+	community 65520:0
+	community 65520:6
+	large-community 999:1101:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: invalid ASNs
+# Reject inbound routes when 'from 192.0.2.12 AS 23456' - reject code: 7
+allow quick from 192.0.2.12 AS 23456 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 192.0.2.12 AS 64496 - 131071' - reject code: 7
+allow quick from 192.0.2.12 AS 64496 - 131071 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 192.0.2.12 AS 4200000000 - 4294967295' - reject code: 7
+allow quick from 192.0.2.12 AS 4200000000 - 4294967295 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: transit-free ASNs
+# Reject inbound routes when 'from 192.0.2.12 AS { 3, 174 }' - reject code: 8
+allow quick from 192.0.2.12 AS { 3, 174 } set {
+	localpref 1
+	community 65520:0
+	community 65520:8
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: never via route-servers ASNs
+# Reject inbound routes when 'from 192.0.2.12 AS as-set neverviarouteserver' - reject code: 15
+allow quick from 192.0.2.12 AS as-set neverviarouteserver set {
+	localpref 1
+	community 65520:0
+	community 65520:15
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+match from 192.0.2.12 set ext-community $INTCOMM_IRR_REJECT
+
+# AS_PATH: check origin via AS-SET
+# IRRDB filters for AS1_3, AS1: asns
+# add $INTCOMM_ORIGIN_KO to any; it will be removed later if at least one AS-SET authorizes this object
+match from 192.0.2.12 set ext-community $INTCOMM_ORIGIN_KO
+# verifying if object is authorized by AS-SETs
+match from 192.0.2.12 source-as as-set AS_SET_AS_AS1_AS_AS1_CUSTOMERS_asns set {
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community $INTCOMM_ORIGIN_OK
+} # AS_AS1_AS_AS1_CUSTOMERS
+# AS-SET AS1 referenced but empty.
+
+
+# Prefix: check prefix via AS-SET
+# IRRDB filters for AS1_3, AS1: prefixes
+# add $INTCOMM_PREFIX_KO to any; it will be removed later if at least one AS-SET authorizes this object
+match from 192.0.2.12 set ext-community $INTCOMM_PREFIX_KO
+# verifying if object is authorized by AS-SETs
+match from 192.0.2.12 prefix-set AS_SET_AS_AS1_AS_AS1_CUSTOMERS_prefixes set {
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community $INTCOMM_PREFIX_OK
+} # AS_AS1_AS_AS1_CUSTOMERS
+# AS-SET AS1 referenced but empty.
+
+
+# routes tagged with $INTCOMM_PREF_OK_ROA community have the prefix validated by a ROA; origin ASN previously validated ($INTCOMM_ORIGIN_OK)
+match from 192.0.2.12 ext-community $INTCOMM_ORIGIN_OK ext-community $INTCOMM_PREF_OK_ROA set ext-community delete $INTCOMM_IRR_REJECT
+
+# routes tagged with $INTCOMM_PREF_OK_ARINDB community have the prefix validated by an ARIN Whois record; origin ASN previously validated ($INTCOMM_ORIGIN_OK)
+match from 192.0.2.12 ext-community $INTCOMM_ORIGIN_OK ext-community $INTCOMM_PREF_OK_ARINDB set ext-community delete $INTCOMM_IRR_REJECT
+
+# routes tagged with $INTCOMM_PREF_OK_REGISTROBRDB community have the prefix validated by a NICBR Whois record; origin ASN previously validated ($INTCOMM_ORIGIN_OK)
+match from 192.0.2.12 ext-community $INTCOMM_ORIGIN_OK ext-community $INTCOMM_PREF_OK_REGISTROBRDB set ext-community delete $INTCOMM_IRR_REJECT
+
+
+# enforcing: origin ASN
+# Reject inbound routes when 'from 192.0.2.12 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_ORIGIN_KO' - reject code: 9
+allow quick from 192.0.2.12 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_ORIGIN_KO set {
+	localpref 1
+	community 65520:0
+	community 65520:9
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# enforcing: prefix
+# Reject inbound routes when 'from 192.0.2.12 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_PREFIX_KO' - reject code: 12
+allow quick from 192.0.2.12 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_PREFIX_KO set {
+	localpref 1
+	community 65520:0
+	community 65520:12
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# Blackhole request?
+match from 192.0.2.12 set ext-community delete rt 65520:1
+
+
+# Remove internal communities before accepting the route
+match from 192.0.2.12 community BLACKHOLE set {
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+allow from 192.0.2.12 community 65534:0 set {
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+allow from 192.0.2.12 large-community 65534:0:0 set {
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# Add the rpki_bgp_origin_validation_not_performed community
+match from 192.0.2.12 community BLACKHOLE set community 65530:4
+match from 192.0.2.12 community BLACKHOLE set large-community 999:65530:4
+
+match from 192.0.2.12 community 65534:0 set { community 65530:4 large-community 999:65530:4}
+match from 192.0.2.12 large-community 65534:0:0 set { community 65530:4 large-community 999:65530:4}
+
+
+allow quick from 192.0.2.12 community BLACKHOLE
+allow quick from 192.0.2.12 community 65534:0
+allow quick from 192.0.2.12 large-community 65534:0:0
+
+
+match from 192.0.2.12 set ext-community rt 65520:1
+
+
+# RPKI-based Origin Validation
+# Reject inbound routes when 'from 192.0.2.12 ext-community $INTCOMM_RPKI_INVALID' - reject code: 14
+allow quick from 192.0.2.12 ext-community $INTCOMM_RPKI_INVALID set {
+	localpref 1
+	community 65520:0
+	community 65520:14
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# Prefix: length
+# Reject inbound routes when 'from 192.0.2.12 prefix 0.0.0.0/0 prefixlen 8 >< 24' - reject code: 13
+allow quick from 192.0.2.12 prefix 0.0.0.0/0 prefixlen 8 >< 24 set {
+	localpref 1
+	community 65520:0
+	community 65520:13
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# Graceful shutdown
+match from 192.0.2.12 community GRACEFUL_SHUTDOWN set localpref 5
+
+# Remove internal communities before accepting the route
+match from 192.0.2.12 set {
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+match from 192.0.2.12 set ext-community delete rt 65520:1
+
+
+
+allow quick from 192.0.2.12
+
+
+
+# ---------------------------------------------
+# client AS1_3, outbound
+
+deny quick to 192.0.2.12 community 65520:0
+
+
+
+# Blackhole request?
+# Client not enabled to receive blackhole routes
+deny quick to 192.0.2.12 community BLACKHOLE
+deny quick to 192.0.2.12 community 65534:0
+deny quick to 192.0.2.12 large-community 65534:0:0
+
+
+# RPKI-based Origin Validation
+# Do not announce INVALID to clients
+deny quick to 192.0.2.12 ext-community $INTCOMM_RPKI_INVALID
+
+# NO_EXPORT and NO_ADVERTISE communities
+# add_noexport_to_any
+match to 192.0.2.12 community 65507:999 set community NO_EXPORT
+match to 192.0.2.12 ext-community rt 65507:999 set community NO_EXPORT
+match to 192.0.2.12 large-community 999:65507:999 set community NO_EXPORT
+
+# add_noadvertise_to_any
+match to 192.0.2.12 community 65508:999 set community NO_ADVERTISE
+match to 192.0.2.12 ext-community rt 65508:999 set community NO_ADVERTISE
+match to 192.0.2.12 large-community 999:65508:999 set community NO_ADVERTISE
+
+# add_noexport_to_peer
+match to 192.0.2.12 community 65509:1 set community NO_EXPORT
+match to 192.0.2.12 ext-community rt 65509:1 set community NO_EXPORT
+match to 192.0.2.12 large-community 999:65509:1 set community NO_EXPORT
+
+# add_noadvertise_to_peer
+match to 192.0.2.12 community 65510:1 set community NO_ADVERTISE
+match to 192.0.2.12 ext-community rt 65510:1 set community NO_ADVERTISE
+match to 192.0.2.12 large-community 999:65510:1 set community NO_ADVERTISE
+
+
+# BGP control communities
+allow to 192.0.2.12
+
+# do_not_announce_to_any
+deny to 192.0.2.12 community 0:999
+deny to 192.0.2.12 ext-community rt 0:999
+deny to 192.0.2.12 large-community 999:0:999
+
+# do_not_announce_to_peer
+deny quick to 192.0.2.12 community 0:1
+deny quick to 192.0.2.12 ext-community rt 0:1
+deny quick to 192.0.2.12 large-community 999:0:1
+
+# announce_to_peer
+allow to 192.0.2.12 community 65501:1
+allow to 192.0.2.12 ext-community rt 65501:1
+allow to 192.0.2.12 large-community 999:65501:1
+
+
+# Add the $INTCOMM_PROCESS_PREPEND_COMMS ext community to signal that communities
+# for prepending can be processed. As soon as one prepending action is performed,
+# this internal community is removed, so that further actions are not processed.
+match to 192.0.2.12 set ext-community $INTCOMM_PROCESS_PREPEND_COMMS
+
+# prepend_once_to_peer AS1; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 65521:1 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 65521:1 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:65521:1 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+# prepend_twice_to_peer AS1; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 65522:1 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 65522:1 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:65522:1 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+# prepend_thrice_to_peer AS1; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 65523:1 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 65523:1 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:65523:1 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+
+# prepend_once_to_any; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 65521:65521 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 65521:65521 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:65521:65521 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+# prepend_twice_to_any; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 65522:65522 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 65522:65522 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:65522:65522 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+# prepend_thrice_to_any; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 65523:65523 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 65523:65523 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:65523:65523 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+
+# ---------------------------------------------
+# client AS1_4, inbound
+
+
+
+# NEXT_HOP
+match from 2001:db8:1:1::12 set community NO_ADVERTISE
+match from 2001:db8:1:1::12 nexthop 2001:db8:1:1::11 set community delete NO_ADVERTISE
+match from 2001:db8:1:1::12 nexthop 2001:db8:1:1::12 set community delete NO_ADVERTISE
+# Reject inbound routes when 'from 2001:db8:1:1::12 community NO_ADVERTISE' - reject code: 5
+allow quick from 2001:db8:1:1::12 community NO_ADVERTISE set {
+	localpref 1
+	community 65520:0
+	community 65520:5
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: left-most ASN
+# Reject inbound routes when 'from 2001:db8:1:1::12 peer-as != 1' - reject code: 6
+# community from reject_cause_map
+allow quick from 2001:db8:1:1::12 peer-as != 1 set {
+	localpref 1
+	community 65520:0
+	community 65520:6
+	large-community 999:1101:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: invalid ASNs
+# Reject inbound routes when 'from 2001:db8:1:1::12 AS 23456' - reject code: 7
+allow quick from 2001:db8:1:1::12 AS 23456 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 2001:db8:1:1::12 AS 64496 - 131071' - reject code: 7
+allow quick from 2001:db8:1:1::12 AS 64496 - 131071 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 2001:db8:1:1::12 AS 4200000000 - 4294967295' - reject code: 7
+allow quick from 2001:db8:1:1::12 AS 4200000000 - 4294967295 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: transit-free ASNs
+# Reject inbound routes when 'from 2001:db8:1:1::12 AS { 3, 174 }' - reject code: 8
+allow quick from 2001:db8:1:1::12 AS { 3, 174 } set {
+	localpref 1
+	community 65520:0
+	community 65520:8
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: never via route-servers ASNs
+# Reject inbound routes when 'from 2001:db8:1:1::12 AS as-set neverviarouteserver' - reject code: 15
+allow quick from 2001:db8:1:1::12 AS as-set neverviarouteserver set {
+	localpref 1
+	community 65520:0
+	community 65520:15
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+match from 2001:db8:1:1::12 set ext-community $INTCOMM_IRR_REJECT
+
+# AS_PATH: check origin via AS-SET
+# IRRDB filters for AS1_4, AS1: asns
+# add $INTCOMM_ORIGIN_KO to any; it will be removed later if at least one AS-SET authorizes this object
+match from 2001:db8:1:1::12 set ext-community $INTCOMM_ORIGIN_KO
+# verifying if object is authorized by AS-SETs
+match from 2001:db8:1:1::12 source-as as-set AS_SET_AS_AS1_AS_AS1_CUSTOMERS_asns set {
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community $INTCOMM_ORIGIN_OK
+} # AS_AS1_AS_AS1_CUSTOMERS
+# AS-SET AS1 referenced but empty.
+
+
+# Prefix: check prefix via AS-SET
+# IRRDB filters for AS1_4, AS1: prefixes
+# add $INTCOMM_PREFIX_KO to any; it will be removed later if at least one AS-SET authorizes this object
+match from 2001:db8:1:1::12 set ext-community $INTCOMM_PREFIX_KO
+# verifying if object is authorized by AS-SETs
+match from 2001:db8:1:1::12 prefix-set AS_SET_AS_AS1_AS_AS1_CUSTOMERS_prefixes set {
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community $INTCOMM_PREFIX_OK
+} # AS_AS1_AS_AS1_CUSTOMERS
+# AS-SET AS1 referenced but empty.
+
+
+# routes tagged with $INTCOMM_PREF_OK_ROA community have the prefix validated by a ROA; origin ASN previously validated ($INTCOMM_ORIGIN_OK)
+match from 2001:db8:1:1::12 ext-community $INTCOMM_ORIGIN_OK ext-community $INTCOMM_PREF_OK_ROA set ext-community delete $INTCOMM_IRR_REJECT
+
+# routes tagged with $INTCOMM_PREF_OK_ARINDB community have the prefix validated by an ARIN Whois record; origin ASN previously validated ($INTCOMM_ORIGIN_OK)
+match from 2001:db8:1:1::12 ext-community $INTCOMM_ORIGIN_OK ext-community $INTCOMM_PREF_OK_ARINDB set ext-community delete $INTCOMM_IRR_REJECT
+
+# routes tagged with $INTCOMM_PREF_OK_REGISTROBRDB community have the prefix validated by a NICBR Whois record; origin ASN previously validated ($INTCOMM_ORIGIN_OK)
+match from 2001:db8:1:1::12 ext-community $INTCOMM_ORIGIN_OK ext-community $INTCOMM_PREF_OK_REGISTROBRDB set ext-community delete $INTCOMM_IRR_REJECT
+
+
+# enforcing: origin ASN
+# Reject inbound routes when 'from 2001:db8:1:1::12 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_ORIGIN_KO' - reject code: 9
+allow quick from 2001:db8:1:1::12 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_ORIGIN_KO set {
+	localpref 1
+	community 65520:0
+	community 65520:9
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# enforcing: prefix
+# Reject inbound routes when 'from 2001:db8:1:1::12 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_PREFIX_KO' - reject code: 12
+allow quick from 2001:db8:1:1::12 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_PREFIX_KO set {
+	localpref 1
+	community 65520:0
+	community 65520:12
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# Blackhole request?
+match from 2001:db8:1:1::12 set ext-community delete rt 65520:1
+
+
+# Remove internal communities before accepting the route
+match from 2001:db8:1:1::12 community BLACKHOLE set {
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+allow from 2001:db8:1:1::12 community 65534:0 set {
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+allow from 2001:db8:1:1::12 large-community 65534:0:0 set {
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# Add the rpki_bgp_origin_validation_not_performed community
+match from 2001:db8:1:1::12 community BLACKHOLE set community 65530:4
+match from 2001:db8:1:1::12 community BLACKHOLE set large-community 999:65530:4
+
+match from 2001:db8:1:1::12 community 65534:0 set { community 65530:4 large-community 999:65530:4}
+match from 2001:db8:1:1::12 large-community 65534:0:0 set { community 65530:4 large-community 999:65530:4}
+
+
+allow quick from 2001:db8:1:1::12 community BLACKHOLE
+allow quick from 2001:db8:1:1::12 community 65534:0
+allow quick from 2001:db8:1:1::12 large-community 65534:0:0
+
+
+match from 2001:db8:1:1::12 set ext-community rt 65520:1
+
+
+# RPKI-based Origin Validation
+# Reject inbound routes when 'from 2001:db8:1:1::12 ext-community $INTCOMM_RPKI_INVALID' - reject code: 14
+allow quick from 2001:db8:1:1::12 ext-community $INTCOMM_RPKI_INVALID set {
+	localpref 1
+	community 65520:0
+	community 65520:14
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# Prefix: length
+# Reject inbound routes when 'from 2001:db8:1:1::12 prefix ::/0 prefixlen 17 >< 48' - reject code: 13
+allow quick from 2001:db8:1:1::12 prefix ::/0 prefixlen 17 >< 48 set {
+	localpref 1
+	community 65520:0
+	community 65520:13
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# Graceful shutdown
+match from 2001:db8:1:1::12 community GRACEFUL_SHUTDOWN set localpref 5
+
+# Remove internal communities before accepting the route
+match from 2001:db8:1:1::12 set {
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+match from 2001:db8:1:1::12 set ext-community delete rt 65520:1
+
+
+
+allow quick from 2001:db8:1:1::12
+
+
+
+# ---------------------------------------------
+# client AS1_4, outbound
+
+deny quick to 2001:db8:1:1::12 community 65520:0
+
+
+
+# Blackhole request?
+# Client not enabled to receive blackhole routes
+deny quick to 2001:db8:1:1::12 community BLACKHOLE
+deny quick to 2001:db8:1:1::12 community 65534:0
+deny quick to 2001:db8:1:1::12 large-community 65534:0:0
+
+
+# RPKI-based Origin Validation
+# Do not announce INVALID to clients
+deny quick to 2001:db8:1:1::12 ext-community $INTCOMM_RPKI_INVALID
+
+# NO_EXPORT and NO_ADVERTISE communities
+# add_noexport_to_any
+match to 2001:db8:1:1::12 community 65507:999 set community NO_EXPORT
+match to 2001:db8:1:1::12 ext-community rt 65507:999 set community NO_EXPORT
+match to 2001:db8:1:1::12 large-community 999:65507:999 set community NO_EXPORT
+
+# add_noadvertise_to_any
+match to 2001:db8:1:1::12 community 65508:999 set community NO_ADVERTISE
+match to 2001:db8:1:1::12 ext-community rt 65508:999 set community NO_ADVERTISE
+match to 2001:db8:1:1::12 large-community 999:65508:999 set community NO_ADVERTISE
+
+# add_noexport_to_peer
+match to 2001:db8:1:1::12 community 65509:1 set community NO_EXPORT
+match to 2001:db8:1:1::12 ext-community rt 65509:1 set community NO_EXPORT
+match to 2001:db8:1:1::12 large-community 999:65509:1 set community NO_EXPORT
+
+# add_noadvertise_to_peer
+match to 2001:db8:1:1::12 community 65510:1 set community NO_ADVERTISE
+match to 2001:db8:1:1::12 ext-community rt 65510:1 set community NO_ADVERTISE
+match to 2001:db8:1:1::12 large-community 999:65510:1 set community NO_ADVERTISE
+
+
+# BGP control communities
+allow to 2001:db8:1:1::12
+
+# do_not_announce_to_any
+deny to 2001:db8:1:1::12 community 0:999
+deny to 2001:db8:1:1::12 ext-community rt 0:999
+deny to 2001:db8:1:1::12 large-community 999:0:999
+
+# do_not_announce_to_peer
+deny quick to 2001:db8:1:1::12 community 0:1
+deny quick to 2001:db8:1:1::12 ext-community rt 0:1
+deny quick to 2001:db8:1:1::12 large-community 999:0:1
+
+# do_not_announce_to_peers_with_rtt_lower_than 5 ms
+deny to 2001:db8:1:1::12 community 64530:5
+deny to 2001:db8:1:1::12 ext-community rt 64530:5
+deny to 2001:db8:1:1::12 large-community 999:64530:5
+
+
+# do_not_announce_to_peers_with_rtt_lower_than 10 ms
+deny to 2001:db8:1:1::12 community 64530:10
+deny to 2001:db8:1:1::12 ext-community rt 64530:10
+deny to 2001:db8:1:1::12 large-community 999:64530:10
+
+
+# do_not_announce_to_peers_with_rtt_lower_than 15 ms
+deny to 2001:db8:1:1::12 community 64530:15
+deny to 2001:db8:1:1::12 ext-community rt 64530:15
+deny to 2001:db8:1:1::12 large-community 999:64530:15
+
+
+# do_not_announce_to_peers_with_rtt_lower_than 20 ms
+deny to 2001:db8:1:1::12 community 64530:20
+deny to 2001:db8:1:1::12 ext-community rt 64530:20
+deny to 2001:db8:1:1::12 large-community 999:64530:20
+
+
+# do_not_announce_to_peers_with_rtt_lower_than 30 ms
+deny to 2001:db8:1:1::12 community 64530:30
+deny to 2001:db8:1:1::12 ext-community rt 64530:30
+deny to 2001:db8:1:1::12 large-community 999:64530:30
+
+
+# do_not_announce_to_peers_with_rtt_lower_than 50 ms
+deny to 2001:db8:1:1::12 community 64530:50
+deny to 2001:db8:1:1::12 ext-community rt 64530:50
+deny to 2001:db8:1:1::12 large-community 999:64530:50
+
+
+# do_not_announce_to_peers_with_rtt_lower_than 100 ms
+deny to 2001:db8:1:1::12 community 64530:100
+deny to 2001:db8:1:1::12 ext-community rt 64530:100
+deny to 2001:db8:1:1::12 large-community 999:64530:100
+
+
+# do_not_announce_to_peers_with_rtt_lower_than 200 ms
+deny to 2001:db8:1:1::12 community 64530:200
+deny to 2001:db8:1:1::12 ext-community rt 64530:200
+deny to 2001:db8:1:1::12 large-community 999:64530:200
+
+
+# do_not_announce_to_peers_with_rtt_lower_than 500 ms
+deny to 2001:db8:1:1::12 community 64530:500
+deny to 2001:db8:1:1::12 ext-community rt 64530:500
+deny to 2001:db8:1:1::12 large-community 999:64530:500
+
+
+# announce_to_peers_with_rtt_lower_than 5 ms
+allow to 2001:db8:1:1::12 community 64532:5
+allow to 2001:db8:1:1::12 ext-community rt 64532:5
+allow to 2001:db8:1:1::12 large-community 999:64532:5
+
+
+# announce_to_peers_with_rtt_lower_than 10 ms
+allow to 2001:db8:1:1::12 community 64532:10
+allow to 2001:db8:1:1::12 ext-community rt 64532:10
+allow to 2001:db8:1:1::12 large-community 999:64532:10
+
+
+# announce_to_peers_with_rtt_lower_than 15 ms
+allow to 2001:db8:1:1::12 community 64532:15
+allow to 2001:db8:1:1::12 ext-community rt 64532:15
+allow to 2001:db8:1:1::12 large-community 999:64532:15
+
+
+# announce_to_peers_with_rtt_lower_than 20 ms
+allow to 2001:db8:1:1::12 community 64532:20
+allow to 2001:db8:1:1::12 ext-community rt 64532:20
+allow to 2001:db8:1:1::12 large-community 999:64532:20
+
+
+# announce_to_peers_with_rtt_lower_than 30 ms
+allow to 2001:db8:1:1::12 community 64532:30
+allow to 2001:db8:1:1::12 ext-community rt 64532:30
+allow to 2001:db8:1:1::12 large-community 999:64532:30
+
+
+# announce_to_peers_with_rtt_lower_than 50 ms
+allow to 2001:db8:1:1::12 community 64532:50
+allow to 2001:db8:1:1::12 ext-community rt 64532:50
+allow to 2001:db8:1:1::12 large-community 999:64532:50
+
+
+# announce_to_peers_with_rtt_lower_than 100 ms
+allow to 2001:db8:1:1::12 community 64532:100
+allow to 2001:db8:1:1::12 ext-community rt 64532:100
+allow to 2001:db8:1:1::12 large-community 999:64532:100
+
+
+# announce_to_peers_with_rtt_lower_than 200 ms
+allow to 2001:db8:1:1::12 community 64532:200
+allow to 2001:db8:1:1::12 ext-community rt 64532:200
+allow to 2001:db8:1:1::12 large-community 999:64532:200
+
+
+# announce_to_peers_with_rtt_lower_than 500 ms
+allow to 2001:db8:1:1::12 community 64532:500
+allow to 2001:db8:1:1::12 ext-community rt 64532:500
+allow to 2001:db8:1:1::12 large-community 999:64532:500
+
+
+# announce_to_peer
+allow to 2001:db8:1:1::12 community 65501:1
+allow to 2001:db8:1:1::12 ext-community rt 65501:1
+allow to 2001:db8:1:1::12 large-community 999:65501:1
+
+
+# Add the $INTCOMM_PROCESS_PREPEND_COMMS ext community to signal that communities
+# for prepending can be processed. As soon as one prepending action is performed,
+# this internal community is removed, so that further actions are not processed.
+match to 2001:db8:1:1::12 set ext-community $INTCOMM_PROCESS_PREPEND_COMMS
+
+# prepend_once_to_peer AS1; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 65521:1 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 65521:1 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:65521:1 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+# prepend_twice_to_peer AS1; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 65522:1 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 65522:1 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:65522:1 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+# prepend_thrice_to_peer AS1; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 65523:1 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 65523:1 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:65523:1 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_once_to_peers_with_rtt_lower_than 5 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64534:5 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64534:5 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64534:5 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_twice_to_peers_with_rtt_lower_than 5 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64535:5 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64535:5 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64535:5 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_thrice_to_peers_with_rtt_lower_than 5 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64536:5 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64536:5 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64536:5 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_once_to_peers_with_rtt_lower_than 10 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64534:10 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64534:10 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64534:10 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_twice_to_peers_with_rtt_lower_than 10 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64535:10 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64535:10 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64535:10 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_thrice_to_peers_with_rtt_lower_than 10 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64536:10 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64536:10 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64536:10 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_once_to_peers_with_rtt_lower_than 15 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64534:15 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64534:15 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64534:15 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_twice_to_peers_with_rtt_lower_than 15 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64535:15 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64535:15 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64535:15 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_thrice_to_peers_with_rtt_lower_than 15 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64536:15 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64536:15 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64536:15 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_once_to_peers_with_rtt_lower_than 20 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64534:20 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64534:20 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64534:20 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_twice_to_peers_with_rtt_lower_than 20 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64535:20 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64535:20 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64535:20 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_thrice_to_peers_with_rtt_lower_than 20 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64536:20 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64536:20 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64536:20 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_once_to_peers_with_rtt_lower_than 30 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64534:30 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64534:30 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64534:30 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_twice_to_peers_with_rtt_lower_than 30 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64535:30 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64535:30 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64535:30 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_thrice_to_peers_with_rtt_lower_than 30 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64536:30 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64536:30 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64536:30 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_once_to_peers_with_rtt_lower_than 50 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64534:50 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64534:50 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64534:50 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_twice_to_peers_with_rtt_lower_than 50 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64535:50 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64535:50 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64535:50 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_thrice_to_peers_with_rtt_lower_than 50 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64536:50 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64536:50 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64536:50 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_once_to_peers_with_rtt_lower_than 100 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64534:100 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64534:100 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64534:100 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_twice_to_peers_with_rtt_lower_than 100 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64535:100 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64535:100 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64535:100 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_thrice_to_peers_with_rtt_lower_than 100 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64536:100 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64536:100 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64536:100 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_once_to_peers_with_rtt_lower_than 200 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64534:200 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64534:200 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64534:200 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_twice_to_peers_with_rtt_lower_than 200 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64535:200 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64535:200 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64535:200 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_thrice_to_peers_with_rtt_lower_than 200 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64536:200 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64536:200 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64536:200 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_once_to_peers_with_rtt_lower_than 500 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64534:500 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64534:500 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64534:500 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_twice_to_peers_with_rtt_lower_than 500 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64535:500 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64535:500 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64535:500 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_thrice_to_peers_with_rtt_lower_than 500 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64536:500 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64536:500 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64536:500 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+
+# prepend_once_to_any; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 65521:65521 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 65521:65521 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:65521:65521 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+# prepend_twice_to_any; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 65522:65522 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 65522:65522 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:65522:65522 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+# prepend_thrice_to_any; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 65523:65523 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 65523:65523 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:65523:65523 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+
+# ---------------------------------------------
+# client AS222_1, inbound
+
+
+
+# NEXT_HOP
+match from 192.0.2.222 set community NO_ADVERTISE
+match from 192.0.2.222 nexthop 192.0.2.222 set community delete NO_ADVERTISE
+# Reject inbound routes when 'from 192.0.2.222 community NO_ADVERTISE' - reject code: 5
+allow quick from 192.0.2.222 community NO_ADVERTISE set {
+	localpref 1
+	community 65520:0
+	community 65520:5
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: left-most ASN
+# Reject inbound routes when 'from 192.0.2.222 peer-as != 222' - reject code: 6
+# community from reject_cause_map
+allow quick from 192.0.2.222 peer-as != 222 set {
+	localpref 1
+	community 65520:0
+	community 65520:6
+	large-community 999:1101:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: invalid ASNs
+# Reject inbound routes when 'from 192.0.2.222 AS 23456' - reject code: 7
+allow quick from 192.0.2.222 AS 23456 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 192.0.2.222 AS 64496 - 131071' - reject code: 7
+allow quick from 192.0.2.222 AS 64496 - 131071 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 192.0.2.222 AS 4200000000 - 4294967295' - reject code: 7
+allow quick from 192.0.2.222 AS 4200000000 - 4294967295 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: transit-free ASNs
+# Reject inbound routes when 'from 192.0.2.222 AS { 3, 174 }' - reject code: 8
+allow quick from 192.0.2.222 AS { 3, 174 } set {
+	localpref 1
+	community 65520:0
+	community 65520:8
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: never via route-servers ASNs
+# Reject inbound routes when 'from 192.0.2.222 AS as-set neverviarouteserver' - reject code: 15
+allow quick from 192.0.2.222 AS as-set neverviarouteserver set {
+	localpref 1
+	community 65520:0
+	community 65520:15
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# client's white list
+# Add the $INTCOMM_ROUTE_OK_WL ext community to routes which
+# are validated by a client's white list entry.
+# It will be used later during IRRDB validation in
+# case the route is not authorized by a client's
+# AS-SET.
+match from 192.0.2.222 prefix 222.1.1.0/24 set ext-community $INTCOMM_ROUTE_OK_WL	# None
+match from 192.0.2.222 prefix 3222:0:1::/48 set ext-community $INTCOMM_ROUTE_OK_WL	# None
+
+match from 192.0.2.222 set ext-community $INTCOMM_IRR_REJECT
+
+# AS_PATH: check origin via AS-SET
+# IRRDB filters for AS222_1, AS222: asns
+# add $INTCOMM_ORIGIN_KO to any; it will be removed later if at least one AS-SET authorizes this object
+match from 192.0.2.222 set ext-community $INTCOMM_ORIGIN_KO
+# verifying if object is authorized by AS-SETs
+# AS-SET AS222 referenced but empty.
+match from 192.0.2.222 source-as as-set AS_SET_AS_AS222_asns set {
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community $INTCOMM_ORIGIN_OK
+} # AS_AS222
+
+
+# Prefix: check prefix via AS-SET
+# IRRDB filters for AS222_1, AS222: prefixes
+# add $INTCOMM_PREFIX_KO to any; it will be removed later if at least one AS-SET authorizes this object
+match from 192.0.2.222 set ext-community $INTCOMM_PREFIX_KO
+# verifying if object is authorized by AS-SETs
+# AS-SET AS222 referenced but empty.
+match from 192.0.2.222 prefix-set AS_SET_AS_AS222_prefixes set {
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community $INTCOMM_PREFIX_OK
+} # AS_AS222
+
+
+# routes tagged with $INTCOMM_PREF_OK_ROA community have the prefix validated by a ROA; origin ASN previously validated ($INTCOMM_ORIGIN_OK)
+match from 192.0.2.222 ext-community $INTCOMM_ORIGIN_OK ext-community $INTCOMM_PREF_OK_ROA set ext-community delete $INTCOMM_IRR_REJECT
+
+# routes tagged with $INTCOMM_PREF_OK_ARINDB community have the prefix validated by an ARIN Whois record; origin ASN previously validated ($INTCOMM_ORIGIN_OK)
+match from 192.0.2.222 ext-community $INTCOMM_ORIGIN_OK ext-community $INTCOMM_PREF_OK_ARINDB set ext-community delete $INTCOMM_IRR_REJECT
+
+# routes tagged with $INTCOMM_PREF_OK_REGISTROBRDB community have the prefix validated by a NICBR Whois record; origin ASN previously validated ($INTCOMM_ORIGIN_OK)
+match from 192.0.2.222 ext-community $INTCOMM_ORIGIN_OK ext-community $INTCOMM_PREF_OK_REGISTROBRDB set ext-community delete $INTCOMM_IRR_REJECT
+
+# route authorized by a client's white list?
+match from 192.0.2.222 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_ROUTE_OK_WL set ext-community delete $INTCOMM_IRR_REJECT
+
+# enforcing: origin ASN
+# Reject inbound routes when 'from 192.0.2.222 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_ORIGIN_KO' - reject code: 9
+allow quick from 192.0.2.222 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_ORIGIN_KO set {
+	localpref 1
+	community 65520:0
+	community 65520:9
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# enforcing: prefix
+# Reject inbound routes when 'from 192.0.2.222 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_PREFIX_KO' - reject code: 12
+allow quick from 192.0.2.222 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_PREFIX_KO set {
+	localpref 1
+	community 65520:0
+	community 65520:12
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# Blackhole request?
+match from 192.0.2.222 set ext-community delete rt 65520:222
+
+
+# Remove internal communities before accepting the route
+match from 192.0.2.222 community BLACKHOLE set {
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+allow from 192.0.2.222 community 65534:0 set {
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+allow from 192.0.2.222 large-community 65534:0:0 set {
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# Add the rpki_bgp_origin_validation_not_performed community
+match from 192.0.2.222 community BLACKHOLE set community 65530:4
+match from 192.0.2.222 community BLACKHOLE set large-community 999:65530:4
+
+match from 192.0.2.222 community 65534:0 set { community 65530:4 large-community 999:65530:4}
+match from 192.0.2.222 large-community 65534:0:0 set { community 65530:4 large-community 999:65530:4}
+
+
+allow quick from 192.0.2.222 community BLACKHOLE
+allow quick from 192.0.2.222 community 65534:0
+allow quick from 192.0.2.222 large-community 65534:0:0
+
+
+match from 192.0.2.222 set ext-community rt 65520:222
+
+
+# RPKI-based Origin Validation
+# Reject inbound routes when 'from 192.0.2.222 ext-community $INTCOMM_RPKI_INVALID' - reject code: 14
+allow quick from 192.0.2.222 ext-community $INTCOMM_RPKI_INVALID set {
+	localpref 1
+	community 65520:0
+	community 65520:14
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# Prefix: length
+# Reject inbound routes when 'from 192.0.2.222 prefix 0.0.0.0/0 prefixlen 8 >< 24' - reject code: 13
+allow quick from 192.0.2.222 prefix 0.0.0.0/0 prefixlen 8 >< 24 set {
+	localpref 1
+	community 65520:0
+	community 65520:13
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# Graceful shutdown
+match from 192.0.2.222 community GRACEFUL_SHUTDOWN set localpref 5
+
+# Remove internal communities before accepting the route
+match from 192.0.2.222 set {
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+match from 192.0.2.222 set ext-community delete rt 65520:222
+
+
+
+allow quick from 192.0.2.222
+
+
+
+# ---------------------------------------------
+# client AS222_1, outbound
+
+deny quick to 192.0.2.222 community 65520:0
+
+
+
+# Blackhole request?
+# Configured policy: rewrite-next-hop
+match to 192.0.2.222 community 65534:0 set community BLACKHOLE
+match to 192.0.2.222 large-community 65534:0:0 set community BLACKHOLE
+
+match to 192.0.2.222 community BLACKHOLE set community NO_EXPORT
+match to 192.0.2.222 community BLACKHOLE set nexthop 192.0.2.66
+
+
+# RPKI-based Origin Validation
+# Do not announce INVALID to clients
+deny quick to 192.0.2.222 ext-community $INTCOMM_RPKI_INVALID
+
+# NO_EXPORT and NO_ADVERTISE communities
+# add_noexport_to_any
+match to 192.0.2.222 community 65507:999 set community NO_EXPORT
+match to 192.0.2.222 ext-community rt 65507:999 set community NO_EXPORT
+match to 192.0.2.222 large-community 999:65507:999 set community NO_EXPORT
+
+# add_noadvertise_to_any
+match to 192.0.2.222 community 65508:999 set community NO_ADVERTISE
+match to 192.0.2.222 ext-community rt 65508:999 set community NO_ADVERTISE
+match to 192.0.2.222 large-community 999:65508:999 set community NO_ADVERTISE
+
+# add_noexport_to_peer
+match to 192.0.2.222 community 65509:222 set community NO_EXPORT
+match to 192.0.2.222 ext-community rt 65509:222 set community NO_EXPORT
+match to 192.0.2.222 large-community 999:65509:222 set community NO_EXPORT
+
+# add_noadvertise_to_peer
+match to 192.0.2.222 community 65510:222 set community NO_ADVERTISE
+match to 192.0.2.222 ext-community rt 65510:222 set community NO_ADVERTISE
+match to 192.0.2.222 large-community 999:65510:222 set community NO_ADVERTISE
+
+
+# BGP control communities
+allow to 192.0.2.222
+
+# do_not_announce_to_any
+deny to 192.0.2.222 community 0:999
+deny to 192.0.2.222 ext-community rt 0:999
+deny to 192.0.2.222 large-community 999:0:999
+
+# do_not_announce_to_peer
+deny quick to 192.0.2.222 community 0:222
+deny quick to 192.0.2.222 ext-community rt 0:222
+deny quick to 192.0.2.222 large-community 999:0:222
+
+# announce_to_peer
+allow to 192.0.2.222 community 65501:222
+allow to 192.0.2.222 ext-community rt 65501:222
+allow to 192.0.2.222 large-community 999:65501:222
+
+
+# Add the $INTCOMM_PROCESS_PREPEND_COMMS ext community to signal that communities
+# for prepending can be processed. As soon as one prepending action is performed,
+# this internal community is removed, so that further actions are not processed.
+match to 192.0.2.222 set ext-community $INTCOMM_PROCESS_PREPEND_COMMS
+
+# prepend_once_to_peer AS222; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.222 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 65521:222 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.222 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 65521:222 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.222 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:65521:222 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+# prepend_twice_to_peer AS222; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.222 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 65522:222 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.222 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 65522:222 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.222 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:65522:222 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+# prepend_thrice_to_peer AS222; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.222 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 65523:222 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.222 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 65523:222 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.222 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:65523:222 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+
+# prepend_once_to_any; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.222 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 65521:65521 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.222 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 65521:65521 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.222 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:65521:65521 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+# prepend_twice_to_any; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.222 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 65522:65522 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.222 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 65522:65522 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.222 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:65522:65522 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+# prepend_thrice_to_any; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.222 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 65523:65523 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.222 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 65523:65523 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.222 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:65523:65523 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+
+# ---------------------------------------------
+# client AS222_2, inbound
+
+
+
+# NEXT_HOP
+match from 2001:db8:1:1::222 set community NO_ADVERTISE
+match from 2001:db8:1:1::222 nexthop 2001:db8:1:1::222 set community delete NO_ADVERTISE
+# Reject inbound routes when 'from 2001:db8:1:1::222 community NO_ADVERTISE' - reject code: 5
+allow quick from 2001:db8:1:1::222 community NO_ADVERTISE set {
+	localpref 1
+	community 65520:0
+	community 65520:5
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: left-most ASN
+# Reject inbound routes when 'from 2001:db8:1:1::222 peer-as != 222' - reject code: 6
+# community from reject_cause_map
+allow quick from 2001:db8:1:1::222 peer-as != 222 set {
+	localpref 1
+	community 65520:0
+	community 65520:6
+	large-community 999:1101:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: invalid ASNs
+# Reject inbound routes when 'from 2001:db8:1:1::222 AS 23456' - reject code: 7
+allow quick from 2001:db8:1:1::222 AS 23456 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 2001:db8:1:1::222 AS 64496 - 131071' - reject code: 7
+allow quick from 2001:db8:1:1::222 AS 64496 - 131071 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 2001:db8:1:1::222 AS 4200000000 - 4294967295' - reject code: 7
+allow quick from 2001:db8:1:1::222 AS 4200000000 - 4294967295 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: transit-free ASNs
+# Reject inbound routes when 'from 2001:db8:1:1::222 AS { 3, 174 }' - reject code: 8
+allow quick from 2001:db8:1:1::222 AS { 3, 174 } set {
+	localpref 1
+	community 65520:0
+	community 65520:8
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: never via route-servers ASNs
+# Reject inbound routes when 'from 2001:db8:1:1::222 AS as-set neverviarouteserver' - reject code: 15
+allow quick from 2001:db8:1:1::222 AS as-set neverviarouteserver set {
+	localpref 1
+	community 65520:0
+	community 65520:15
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# client's white list
+# Add the $INTCOMM_ROUTE_OK_WL ext community to routes which
+# are validated by a client's white list entry.
+# It will be used later during IRRDB validation in
+# case the route is not authorized by a client's
+# AS-SET.
+match from 2001:db8:1:1::222 prefix 222.1.1.0/24 set ext-community $INTCOMM_ROUTE_OK_WL	# None
+match from 2001:db8:1:1::222 prefix 3222:0:1::/48 set ext-community $INTCOMM_ROUTE_OK_WL	# None
+
+match from 2001:db8:1:1::222 set ext-community $INTCOMM_IRR_REJECT
+
+# AS_PATH: check origin via AS-SET
+# IRRDB filters for AS222_2, AS222: asns
+# add $INTCOMM_ORIGIN_KO to any; it will be removed later if at least one AS-SET authorizes this object
+match from 2001:db8:1:1::222 set ext-community $INTCOMM_ORIGIN_KO
+# verifying if object is authorized by AS-SETs
+# AS-SET AS222 referenced but empty.
+match from 2001:db8:1:1::222 source-as as-set AS_SET_AS_AS222_asns set {
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community $INTCOMM_ORIGIN_OK
+} # AS_AS222
+
+
+# Prefix: check prefix via AS-SET
+# IRRDB filters for AS222_2, AS222: prefixes
+# add $INTCOMM_PREFIX_KO to any; it will be removed later if at least one AS-SET authorizes this object
+match from 2001:db8:1:1::222 set ext-community $INTCOMM_PREFIX_KO
+# verifying if object is authorized by AS-SETs
+# AS-SET AS222 referenced but empty.
+match from 2001:db8:1:1::222 prefix-set AS_SET_AS_AS222_prefixes set {
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community $INTCOMM_PREFIX_OK
+} # AS_AS222
+
+
+# routes tagged with $INTCOMM_PREF_OK_ROA community have the prefix validated by a ROA; origin ASN previously validated ($INTCOMM_ORIGIN_OK)
+match from 2001:db8:1:1::222 ext-community $INTCOMM_ORIGIN_OK ext-community $INTCOMM_PREF_OK_ROA set ext-community delete $INTCOMM_IRR_REJECT
+
+# routes tagged with $INTCOMM_PREF_OK_ARINDB community have the prefix validated by an ARIN Whois record; origin ASN previously validated ($INTCOMM_ORIGIN_OK)
+match from 2001:db8:1:1::222 ext-community $INTCOMM_ORIGIN_OK ext-community $INTCOMM_PREF_OK_ARINDB set ext-community delete $INTCOMM_IRR_REJECT
+
+# routes tagged with $INTCOMM_PREF_OK_REGISTROBRDB community have the prefix validated by a NICBR Whois record; origin ASN previously validated ($INTCOMM_ORIGIN_OK)
+match from 2001:db8:1:1::222 ext-community $INTCOMM_ORIGIN_OK ext-community $INTCOMM_PREF_OK_REGISTROBRDB set ext-community delete $INTCOMM_IRR_REJECT
+
+# route authorized by a client's white list?
+match from 2001:db8:1:1::222 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_ROUTE_OK_WL set ext-community delete $INTCOMM_IRR_REJECT
+
+# enforcing: origin ASN
+# Reject inbound routes when 'from 2001:db8:1:1::222 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_ORIGIN_KO' - reject code: 9
+allow quick from 2001:db8:1:1::222 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_ORIGIN_KO set {
+	localpref 1
+	community 65520:0
+	community 65520:9
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# enforcing: prefix
+# Reject inbound routes when 'from 2001:db8:1:1::222 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_PREFIX_KO' - reject code: 12
+allow quick from 2001:db8:1:1::222 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_PREFIX_KO set {
+	localpref 1
+	community 65520:0
+	community 65520:12
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# Blackhole request?
+match from 2001:db8:1:1::222 set ext-community delete rt 65520:222
+
+
+# Remove internal communities before accepting the route
+match from 2001:db8:1:1::222 community BLACKHOLE set {
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+allow from 2001:db8:1:1::222 community 65534:0 set {
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+allow from 2001:db8:1:1::222 large-community 65534:0:0 set {
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# Add the rpki_bgp_origin_validation_not_performed community
+match from 2001:db8:1:1::222 community BLACKHOLE set community 65530:4
+match from 2001:db8:1:1::222 community BLACKHOLE set large-community 999:65530:4
+
+match from 2001:db8:1:1::222 community 65534:0 set { community 65530:4 large-community 999:65530:4}
+match from 2001:db8:1:1::222 large-community 65534:0:0 set { community 65530:4 large-community 999:65530:4}
+
+
+allow quick from 2001:db8:1:1::222 community BLACKHOLE
+allow quick from 2001:db8:1:1::222 community 65534:0
+allow quick from 2001:db8:1:1::222 large-community 65534:0:0
+
+
+match from 2001:db8:1:1::222 set ext-community rt 65520:222
+
+
+# RPKI-based Origin Validation
+# Reject inbound routes when 'from 2001:db8:1:1::222 ext-community $INTCOMM_RPKI_INVALID' - reject code: 14
+allow quick from 2001:db8:1:1::222 ext-community $INTCOMM_RPKI_INVALID set {
+	localpref 1
+	community 65520:0
+	community 65520:14
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# Prefix: length
+# Reject inbound routes when 'from 2001:db8:1:1::222 prefix ::/0 prefixlen 17 >< 48' - reject code: 13
+allow quick from 2001:db8:1:1::222 prefix ::/0 prefixlen 17 >< 48 set {
+	localpref 1
+	community 65520:0
+	community 65520:13
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# Graceful shutdown
+match from 2001:db8:1:1::222 community GRACEFUL_SHUTDOWN set localpref 5
+
+# Remove internal communities before accepting the route
+match from 2001:db8:1:1::222 set {
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+match from 2001:db8:1:1::222 set ext-community delete rt 65520:222
+
+
+
+allow quick from 2001:db8:1:1::222
+
+
+
+# ---------------------------------------------
+# client AS222_2, outbound
+
+deny quick to 2001:db8:1:1::222 community 65520:0
+
+
+
+# Blackhole request?
+# Configured policy: rewrite-next-hop
+match to 2001:db8:1:1::222 community 65534:0 set community BLACKHOLE
+match to 2001:db8:1:1::222 large-community 65534:0:0 set community BLACKHOLE
+
+match to 2001:db8:1:1::222 community BLACKHOLE set community NO_EXPORT
+match to 2001:db8:1:1::222 community BLACKHOLE set nexthop 2001:db8:1:1::66
+
+
+# RPKI-based Origin Validation
+# Do not announce INVALID to clients
+deny quick to 2001:db8:1:1::222 ext-community $INTCOMM_RPKI_INVALID
+
+# NO_EXPORT and NO_ADVERTISE communities
+# add_noexport_to_any
+match to 2001:db8:1:1::222 community 65507:999 set community NO_EXPORT
+match to 2001:db8:1:1::222 ext-community rt 65507:999 set community NO_EXPORT
+match to 2001:db8:1:1::222 large-community 999:65507:999 set community NO_EXPORT
+
+# add_noadvertise_to_any
+match to 2001:db8:1:1::222 community 65508:999 set community NO_ADVERTISE
+match to 2001:db8:1:1::222 ext-community rt 65508:999 set community NO_ADVERTISE
+match to 2001:db8:1:1::222 large-community 999:65508:999 set community NO_ADVERTISE
+
+# add_noexport_to_peer
+match to 2001:db8:1:1::222 community 65509:222 set community NO_EXPORT
+match to 2001:db8:1:1::222 ext-community rt 65509:222 set community NO_EXPORT
+match to 2001:db8:1:1::222 large-community 999:65509:222 set community NO_EXPORT
+
+# add_noadvertise_to_peer
+match to 2001:db8:1:1::222 community 65510:222 set community NO_ADVERTISE
+match to 2001:db8:1:1::222 ext-community rt 65510:222 set community NO_ADVERTISE
+match to 2001:db8:1:1::222 large-community 999:65510:222 set community NO_ADVERTISE
+
+
+# BGP control communities
+allow to 2001:db8:1:1::222
+
+# do_not_announce_to_any
+deny to 2001:db8:1:1::222 community 0:999
+deny to 2001:db8:1:1::222 ext-community rt 0:999
+deny to 2001:db8:1:1::222 large-community 999:0:999
+
+# do_not_announce_to_peer
+deny quick to 2001:db8:1:1::222 community 0:222
+deny quick to 2001:db8:1:1::222 ext-community rt 0:222
+deny quick to 2001:db8:1:1::222 large-community 999:0:222
+
+# announce_to_peer
+allow to 2001:db8:1:1::222 community 65501:222
+allow to 2001:db8:1:1::222 ext-community rt 65501:222
+allow to 2001:db8:1:1::222 large-community 999:65501:222
+
+
+# Add the $INTCOMM_PROCESS_PREPEND_COMMS ext community to signal that communities
+# for prepending can be processed. As soon as one prepending action is performed,
+# this internal community is removed, so that further actions are not processed.
+match to 2001:db8:1:1::222 set ext-community $INTCOMM_PROCESS_PREPEND_COMMS
+
+# prepend_once_to_peer AS222; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::222 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 65521:222 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::222 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 65521:222 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::222 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:65521:222 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+# prepend_twice_to_peer AS222; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::222 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 65522:222 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::222 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 65522:222 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::222 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:65522:222 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+# prepend_thrice_to_peer AS222; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::222 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 65523:222 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::222 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 65523:222 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::222 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:65523:222 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+
+# prepend_once_to_any; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::222 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 65521:65521 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::222 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 65521:65521 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::222 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:65521:65521 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+# prepend_twice_to_any; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::222 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 65522:65522 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::222 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 65522:65522 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::222 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:65522:65522 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+# prepend_thrice_to_any; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::222 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 65523:65523 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::222 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 65523:65523 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::222 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:65523:65523 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+
+# ---------------------------------------------
+# client AS2_1, inbound
+
+
+
+# NEXT_HOP
+match from 192.0.2.21 set community NO_ADVERTISE
+match from 192.0.2.21 nexthop 192.0.2.21 set community delete NO_ADVERTISE
+match from 192.0.2.21 nexthop 192.0.2.22 set community delete NO_ADVERTISE
+# Reject inbound routes when 'from 192.0.2.21 community NO_ADVERTISE' - reject code: 5
+allow quick from 192.0.2.21 community NO_ADVERTISE set {
+	localpref 1
+	community 65520:0
+	community 65520:5
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: left-most ASN
+# Reject inbound routes when 'from 192.0.2.21 peer-as != 2' - reject code: 6
+# community from reject_cause_map
+allow quick from 192.0.2.21 peer-as != 2 set {
+	localpref 1
+	community 65520:0
+	community 65520:6
+	large-community 999:1101:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: invalid ASNs
+# Reject inbound routes when 'from 192.0.2.21 AS 23456' - reject code: 7
+allow quick from 192.0.2.21 AS 23456 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 192.0.2.21 AS 64496 - 131071' - reject code: 7
+allow quick from 192.0.2.21 AS 64496 - 131071 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 192.0.2.21 AS 4200000000 - 4294967295' - reject code: 7
+allow quick from 192.0.2.21 AS 4200000000 - 4294967295 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: transit-free ASNs
+# Reject inbound routes when 'from 192.0.2.21 AS { 3, 174 }' - reject code: 8
+allow quick from 192.0.2.21 AS { 3, 174 } set {
+	localpref 1
+	community 65520:0
+	community 65520:8
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: never via route-servers ASNs
+# Reject inbound routes when 'from 192.0.2.21 AS as-set neverviarouteserver' - reject code: 15
+allow quick from 192.0.2.21 AS as-set neverviarouteserver set {
+	localpref 1
+	community 65520:0
+	community 65520:15
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+match from 192.0.2.21 set ext-community $INTCOMM_IRR_REJECT
+
+# AS_PATH: check origin via AS-SET
+# IRRDB filters for AS2_1, AS2: asns
+# add $INTCOMM_ORIGIN_KO to any; it will be removed later if at least one AS-SET authorizes this object
+match from 192.0.2.21 set ext-community $INTCOMM_ORIGIN_KO
+# verifying if object is authorized by AS-SETs
+# AS-SET AS2 referenced but empty.
+match from 192.0.2.21 source-as as-set AS_SET_AS_AS2_AS_AS2_CUSTOMERS_asns set {
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community $INTCOMM_ORIGIN_OK
+} # AS_AS2_AS_AS2_CUSTOMERS
+
+
+# Prefix: check prefix via AS-SET
+# IRRDB filters for AS2_1, AS2: prefixes
+# add $INTCOMM_PREFIX_KO to any; it will be removed later if at least one AS-SET authorizes this object
+match from 192.0.2.21 set ext-community $INTCOMM_PREFIX_KO
+# verifying if object is authorized by AS-SETs
+# AS-SET AS2 referenced but empty.
+match from 192.0.2.21 prefix-set AS_SET_AS_AS2_AS_AS2_CUSTOMERS_prefixes set {
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community $INTCOMM_PREFIX_OK
+} # AS_AS2_AS_AS2_CUSTOMERS
+
+
+# routes tagged with $INTCOMM_PREF_OK_ROA community have the prefix validated by a ROA; origin ASN previously validated ($INTCOMM_ORIGIN_OK)
+match from 192.0.2.21 ext-community $INTCOMM_ORIGIN_OK ext-community $INTCOMM_PREF_OK_ROA set ext-community delete $INTCOMM_IRR_REJECT
+
+# routes tagged with $INTCOMM_PREF_OK_ARINDB community have the prefix validated by an ARIN Whois record; origin ASN previously validated ($INTCOMM_ORIGIN_OK)
+match from 192.0.2.21 ext-community $INTCOMM_ORIGIN_OK ext-community $INTCOMM_PREF_OK_ARINDB set ext-community delete $INTCOMM_IRR_REJECT
+
+# routes tagged with $INTCOMM_PREF_OK_REGISTROBRDB community have the prefix validated by a NICBR Whois record; origin ASN previously validated ($INTCOMM_ORIGIN_OK)
+match from 192.0.2.21 ext-community $INTCOMM_ORIGIN_OK ext-community $INTCOMM_PREF_OK_REGISTROBRDB set ext-community delete $INTCOMM_IRR_REJECT
+
+
+# enforcing: origin ASN
+# Reject inbound routes when 'from 192.0.2.21 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_ORIGIN_KO' - reject code: 9
+allow quick from 192.0.2.21 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_ORIGIN_KO set {
+	localpref 1
+	community 65520:0
+	community 65520:9
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# enforcing: prefix
+# Reject inbound routes when 'from 192.0.2.21 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_PREFIX_KO' - reject code: 12
+allow quick from 192.0.2.21 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_PREFIX_KO set {
+	localpref 1
+	community 65520:0
+	community 65520:12
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# Blackhole request?
+match from 192.0.2.21 set ext-community delete rt 65520:2
+
+
+# Remove internal communities before accepting the route
+match from 192.0.2.21 community BLACKHOLE set {
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+allow from 192.0.2.21 community 65534:0 set {
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+allow from 192.0.2.21 large-community 65534:0:0 set {
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# Add the rpki_bgp_origin_validation_not_performed community
+match from 192.0.2.21 community BLACKHOLE set community 65530:4
+match from 192.0.2.21 community BLACKHOLE set large-community 999:65530:4
+
+match from 192.0.2.21 community 65534:0 set { community 65530:4 large-community 999:65530:4}
+match from 192.0.2.21 large-community 65534:0:0 set { community 65530:4 large-community 999:65530:4}
+
+
+allow quick from 192.0.2.21 community BLACKHOLE
+allow quick from 192.0.2.21 community 65534:0
+allow quick from 192.0.2.21 large-community 65534:0:0
+
+
+match from 192.0.2.21 set ext-community rt 65520:2
+
+
+# RPKI-based Origin Validation
+# Reject inbound routes when 'from 192.0.2.21 ext-community $INTCOMM_RPKI_INVALID' - reject code: 14
+allow quick from 192.0.2.21 ext-community $INTCOMM_RPKI_INVALID set {
+	localpref 1
+	community 65520:0
+	community 65520:14
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# Prefix: length
+# Reject inbound routes when 'from 192.0.2.21 prefix 0.0.0.0/0 prefixlen 8 >< 24' - reject code: 13
+allow quick from 192.0.2.21 prefix 0.0.0.0/0 prefixlen 8 >< 24 set {
+	localpref 1
+	community 65520:0
+	community 65520:13
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# Graceful shutdown
+match from 192.0.2.21 community GRACEFUL_SHUTDOWN set community delete GRACEFUL_SHUTDOWN
+
+# Remove internal communities before accepting the route
+match from 192.0.2.21 set {
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+match from 192.0.2.21 set ext-community delete rt 65520:2
+
+
+
+allow quick from 192.0.2.21
+
+
+
+# ---------------------------------------------
+# client AS2_1, outbound
+
+deny quick to 192.0.2.21 community 65520:0
+
+
+
+# Blackhole request?
+# Configured policy: rewrite-next-hop
+match to 192.0.2.21 community 65534:0 set community BLACKHOLE
+match to 192.0.2.21 large-community 65534:0:0 set community BLACKHOLE
+
+match to 192.0.2.21 community BLACKHOLE set community NO_EXPORT
+match to 192.0.2.21 community BLACKHOLE set nexthop 192.0.2.66
+
+
+# RPKI-based Origin Validation
+# Do not announce INVALID to clients
+deny quick to 192.0.2.21 ext-community $INTCOMM_RPKI_INVALID
+
+# NO_EXPORT and NO_ADVERTISE communities
+# add_noexport_to_any
+match to 192.0.2.21 community 65507:999 set community NO_EXPORT
+match to 192.0.2.21 ext-community rt 65507:999 set community NO_EXPORT
+match to 192.0.2.21 large-community 999:65507:999 set community NO_EXPORT
+
+# add_noadvertise_to_any
+match to 192.0.2.21 community 65508:999 set community NO_ADVERTISE
+match to 192.0.2.21 ext-community rt 65508:999 set community NO_ADVERTISE
+match to 192.0.2.21 large-community 999:65508:999 set community NO_ADVERTISE
+
+# add_noexport_to_peer
+match to 192.0.2.21 community 65509:2 set community NO_EXPORT
+match to 192.0.2.21 ext-community rt 65509:2 set community NO_EXPORT
+match to 192.0.2.21 large-community 999:65509:2 set community NO_EXPORT
+
+# add_noadvertise_to_peer
+match to 192.0.2.21 community 65510:2 set community NO_ADVERTISE
+match to 192.0.2.21 ext-community rt 65510:2 set community NO_ADVERTISE
+match to 192.0.2.21 large-community 999:65510:2 set community NO_ADVERTISE
+
+
+# BGP control communities
+allow to 192.0.2.21
+
+# do_not_announce_to_any
+deny to 192.0.2.21 community 0:999
+deny to 192.0.2.21 ext-community rt 0:999
+deny to 192.0.2.21 large-community 999:0:999
+
+# do_not_announce_to_peer
+deny quick to 192.0.2.21 community 0:2
+deny quick to 192.0.2.21 ext-community rt 0:2
+deny quick to 192.0.2.21 large-community 999:0:2
+
+# announce_to_peer
+allow to 192.0.2.21 community 65501:2
+allow to 192.0.2.21 ext-community rt 65501:2
+allow to 192.0.2.21 large-community 999:65501:2
+
+
+# Add the $INTCOMM_PROCESS_PREPEND_COMMS ext community to signal that communities
+# for prepending can be processed. As soon as one prepending action is performed,
+# this internal community is removed, so that further actions are not processed.
+match to 192.0.2.21 set ext-community $INTCOMM_PROCESS_PREPEND_COMMS
+
+# prepend_once_to_peer AS2; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 65521:2 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 65521:2 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:65521:2 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+# prepend_twice_to_peer AS2; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 65522:2 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 65522:2 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:65522:2 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+# prepend_thrice_to_peer AS2; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 65523:2 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 65523:2 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:65523:2 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+
+# prepend_once_to_any; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 65521:65521 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 65521:65521 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:65521:65521 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+# prepend_twice_to_any; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 65522:65522 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 65522:65522 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:65522:65522 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+# prepend_thrice_to_any; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 65523:65523 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 65523:65523 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:65523:65523 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+
+# ---------------------------------------------
+# client AS2_2, inbound
+
+
+
+# NEXT_HOP
+match from 2001:db8:1:1::21 set community NO_ADVERTISE
+match from 2001:db8:1:1::21 nexthop 2001:db8:1:1::21 set community delete NO_ADVERTISE
+match from 2001:db8:1:1::21 nexthop 2001:db8:1:1::22 set community delete NO_ADVERTISE
+# Reject inbound routes when 'from 2001:db8:1:1::21 community NO_ADVERTISE' - reject code: 5
+allow quick from 2001:db8:1:1::21 community NO_ADVERTISE set {
+	localpref 1
+	community 65520:0
+	community 65520:5
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: left-most ASN
+# Reject inbound routes when 'from 2001:db8:1:1::21 peer-as != 2' - reject code: 6
+# community from reject_cause_map
+allow quick from 2001:db8:1:1::21 peer-as != 2 set {
+	localpref 1
+	community 65520:0
+	community 65520:6
+	large-community 999:1101:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: invalid ASNs
+# Reject inbound routes when 'from 2001:db8:1:1::21 AS 23456' - reject code: 7
+allow quick from 2001:db8:1:1::21 AS 23456 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 2001:db8:1:1::21 AS 64496 - 131071' - reject code: 7
+allow quick from 2001:db8:1:1::21 AS 64496 - 131071 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 2001:db8:1:1::21 AS 4200000000 - 4294967295' - reject code: 7
+allow quick from 2001:db8:1:1::21 AS 4200000000 - 4294967295 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: transit-free ASNs
+# Reject inbound routes when 'from 2001:db8:1:1::21 AS { 3, 174 }' - reject code: 8
+allow quick from 2001:db8:1:1::21 AS { 3, 174 } set {
+	localpref 1
+	community 65520:0
+	community 65520:8
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: never via route-servers ASNs
+# Reject inbound routes when 'from 2001:db8:1:1::21 AS as-set neverviarouteserver' - reject code: 15
+allow quick from 2001:db8:1:1::21 AS as-set neverviarouteserver set {
+	localpref 1
+	community 65520:0
+	community 65520:15
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+match from 2001:db8:1:1::21 set ext-community $INTCOMM_IRR_REJECT
+
+# AS_PATH: check origin via AS-SET
+# IRRDB filters for AS2_2, AS2: asns
+# add $INTCOMM_ORIGIN_KO to any; it will be removed later if at least one AS-SET authorizes this object
+match from 2001:db8:1:1::21 set ext-community $INTCOMM_ORIGIN_KO
+# verifying if object is authorized by AS-SETs
+# AS-SET AS2 referenced but empty.
+match from 2001:db8:1:1::21 source-as as-set AS_SET_AS_AS2_AS_AS2_CUSTOMERS_asns set {
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community $INTCOMM_ORIGIN_OK
+} # AS_AS2_AS_AS2_CUSTOMERS
+
+
+# Prefix: check prefix via AS-SET
+# IRRDB filters for AS2_2, AS2: prefixes
+# add $INTCOMM_PREFIX_KO to any; it will be removed later if at least one AS-SET authorizes this object
+match from 2001:db8:1:1::21 set ext-community $INTCOMM_PREFIX_KO
+# verifying if object is authorized by AS-SETs
+# AS-SET AS2 referenced but empty.
+match from 2001:db8:1:1::21 prefix-set AS_SET_AS_AS2_AS_AS2_CUSTOMERS_prefixes set {
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community $INTCOMM_PREFIX_OK
+} # AS_AS2_AS_AS2_CUSTOMERS
+
+
+# routes tagged with $INTCOMM_PREF_OK_ROA community have the prefix validated by a ROA; origin ASN previously validated ($INTCOMM_ORIGIN_OK)
+match from 2001:db8:1:1::21 ext-community $INTCOMM_ORIGIN_OK ext-community $INTCOMM_PREF_OK_ROA set ext-community delete $INTCOMM_IRR_REJECT
+
+# routes tagged with $INTCOMM_PREF_OK_ARINDB community have the prefix validated by an ARIN Whois record; origin ASN previously validated ($INTCOMM_ORIGIN_OK)
+match from 2001:db8:1:1::21 ext-community $INTCOMM_ORIGIN_OK ext-community $INTCOMM_PREF_OK_ARINDB set ext-community delete $INTCOMM_IRR_REJECT
+
+# routes tagged with $INTCOMM_PREF_OK_REGISTROBRDB community have the prefix validated by a NICBR Whois record; origin ASN previously validated ($INTCOMM_ORIGIN_OK)
+match from 2001:db8:1:1::21 ext-community $INTCOMM_ORIGIN_OK ext-community $INTCOMM_PREF_OK_REGISTROBRDB set ext-community delete $INTCOMM_IRR_REJECT
+
+
+# enforcing: origin ASN
+# Reject inbound routes when 'from 2001:db8:1:1::21 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_ORIGIN_KO' - reject code: 9
+allow quick from 2001:db8:1:1::21 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_ORIGIN_KO set {
+	localpref 1
+	community 65520:0
+	community 65520:9
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# enforcing: prefix
+# Reject inbound routes when 'from 2001:db8:1:1::21 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_PREFIX_KO' - reject code: 12
+allow quick from 2001:db8:1:1::21 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_PREFIX_KO set {
+	localpref 1
+	community 65520:0
+	community 65520:12
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# Blackhole request?
+match from 2001:db8:1:1::21 set ext-community delete rt 65520:2
+
+
+# Remove internal communities before accepting the route
+match from 2001:db8:1:1::21 community BLACKHOLE set {
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+allow from 2001:db8:1:1::21 community 65534:0 set {
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+allow from 2001:db8:1:1::21 large-community 65534:0:0 set {
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# Add the rpki_bgp_origin_validation_not_performed community
+match from 2001:db8:1:1::21 community BLACKHOLE set community 65530:4
+match from 2001:db8:1:1::21 community BLACKHOLE set large-community 999:65530:4
+
+match from 2001:db8:1:1::21 community 65534:0 set { community 65530:4 large-community 999:65530:4}
+match from 2001:db8:1:1::21 large-community 65534:0:0 set { community 65530:4 large-community 999:65530:4}
+
+
+allow quick from 2001:db8:1:1::21 community BLACKHOLE
+allow quick from 2001:db8:1:1::21 community 65534:0
+allow quick from 2001:db8:1:1::21 large-community 65534:0:0
+
+
+match from 2001:db8:1:1::21 set ext-community rt 65520:2
+
+
+# RPKI-based Origin Validation
+# Reject inbound routes when 'from 2001:db8:1:1::21 ext-community $INTCOMM_RPKI_INVALID' - reject code: 14
+allow quick from 2001:db8:1:1::21 ext-community $INTCOMM_RPKI_INVALID set {
+	localpref 1
+	community 65520:0
+	community 65520:14
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# Prefix: length
+# Reject inbound routes when 'from 2001:db8:1:1::21 prefix ::/0 prefixlen 17 >< 48' - reject code: 13
+allow quick from 2001:db8:1:1::21 prefix ::/0 prefixlen 17 >< 48 set {
+	localpref 1
+	community 65520:0
+	community 65520:13
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# Graceful shutdown
+match from 2001:db8:1:1::21 community GRACEFUL_SHUTDOWN set community delete GRACEFUL_SHUTDOWN
+
+# Remove internal communities before accepting the route
+match from 2001:db8:1:1::21 set {
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+match from 2001:db8:1:1::21 set ext-community delete rt 65520:2
+
+
+
+allow quick from 2001:db8:1:1::21
+
+
+
+# ---------------------------------------------
+# client AS2_2, outbound
+
+deny quick to 2001:db8:1:1::21 community 65520:0
+
+
+
+# Blackhole request?
+# Configured policy: rewrite-next-hop
+match to 2001:db8:1:1::21 community 65534:0 set community BLACKHOLE
+match to 2001:db8:1:1::21 large-community 65534:0:0 set community BLACKHOLE
+
+match to 2001:db8:1:1::21 community BLACKHOLE set community NO_EXPORT
+match to 2001:db8:1:1::21 community BLACKHOLE set nexthop 2001:db8:1:1::66
+
+
+# RPKI-based Origin Validation
+# Do not announce INVALID to clients
+deny quick to 2001:db8:1:1::21 ext-community $INTCOMM_RPKI_INVALID
+
+# NO_EXPORT and NO_ADVERTISE communities
+# add_noexport_to_any
+match to 2001:db8:1:1::21 community 65507:999 set community NO_EXPORT
+match to 2001:db8:1:1::21 ext-community rt 65507:999 set community NO_EXPORT
+match to 2001:db8:1:1::21 large-community 999:65507:999 set community NO_EXPORT
+
+# add_noadvertise_to_any
+match to 2001:db8:1:1::21 community 65508:999 set community NO_ADVERTISE
+match to 2001:db8:1:1::21 ext-community rt 65508:999 set community NO_ADVERTISE
+match to 2001:db8:1:1::21 large-community 999:65508:999 set community NO_ADVERTISE
+
+# add_noexport_to_peer
+match to 2001:db8:1:1::21 community 65509:2 set community NO_EXPORT
+match to 2001:db8:1:1::21 ext-community rt 65509:2 set community NO_EXPORT
+match to 2001:db8:1:1::21 large-community 999:65509:2 set community NO_EXPORT
+
+# add_noadvertise_to_peer
+match to 2001:db8:1:1::21 community 65510:2 set community NO_ADVERTISE
+match to 2001:db8:1:1::21 ext-community rt 65510:2 set community NO_ADVERTISE
+match to 2001:db8:1:1::21 large-community 999:65510:2 set community NO_ADVERTISE
+
+
+# BGP control communities
+allow to 2001:db8:1:1::21
+
+# do_not_announce_to_any
+deny to 2001:db8:1:1::21 community 0:999
+deny to 2001:db8:1:1::21 ext-community rt 0:999
+deny to 2001:db8:1:1::21 large-community 999:0:999
+
+# do_not_announce_to_peer
+deny quick to 2001:db8:1:1::21 community 0:2
+deny quick to 2001:db8:1:1::21 ext-community rt 0:2
+deny quick to 2001:db8:1:1::21 large-community 999:0:2
+
+# do_not_announce_to_peers_with_rtt_lower_than 20 ms
+deny to 2001:db8:1:1::21 community 64530:20
+deny to 2001:db8:1:1::21 ext-community rt 64530:20
+deny to 2001:db8:1:1::21 large-community 999:64530:20
+
+
+# do_not_announce_to_peers_with_rtt_lower_than 30 ms
+deny to 2001:db8:1:1::21 community 64530:30
+deny to 2001:db8:1:1::21 ext-community rt 64530:30
+deny to 2001:db8:1:1::21 large-community 999:64530:30
+
+
+# do_not_announce_to_peers_with_rtt_lower_than 50 ms
+deny to 2001:db8:1:1::21 community 64530:50
+deny to 2001:db8:1:1::21 ext-community rt 64530:50
+deny to 2001:db8:1:1::21 large-community 999:64530:50
+
+
+# do_not_announce_to_peers_with_rtt_lower_than 100 ms
+deny to 2001:db8:1:1::21 community 64530:100
+deny to 2001:db8:1:1::21 ext-community rt 64530:100
+deny to 2001:db8:1:1::21 large-community 999:64530:100
+
+
+# do_not_announce_to_peers_with_rtt_lower_than 200 ms
+deny to 2001:db8:1:1::21 community 64530:200
+deny to 2001:db8:1:1::21 ext-community rt 64530:200
+deny to 2001:db8:1:1::21 large-community 999:64530:200
+
+
+# do_not_announce_to_peers_with_rtt_lower_than 500 ms
+deny to 2001:db8:1:1::21 community 64530:500
+deny to 2001:db8:1:1::21 ext-community rt 64530:500
+deny to 2001:db8:1:1::21 large-community 999:64530:500
+
+
+# announce_to_peers_with_rtt_lower_than 20 ms
+allow to 2001:db8:1:1::21 community 64532:20
+allow to 2001:db8:1:1::21 ext-community rt 64532:20
+allow to 2001:db8:1:1::21 large-community 999:64532:20
+
+
+# announce_to_peers_with_rtt_lower_than 30 ms
+allow to 2001:db8:1:1::21 community 64532:30
+allow to 2001:db8:1:1::21 ext-community rt 64532:30
+allow to 2001:db8:1:1::21 large-community 999:64532:30
+
+
+# announce_to_peers_with_rtt_lower_than 50 ms
+allow to 2001:db8:1:1::21 community 64532:50
+allow to 2001:db8:1:1::21 ext-community rt 64532:50
+allow to 2001:db8:1:1::21 large-community 999:64532:50
+
+
+# announce_to_peers_with_rtt_lower_than 100 ms
+allow to 2001:db8:1:1::21 community 64532:100
+allow to 2001:db8:1:1::21 ext-community rt 64532:100
+allow to 2001:db8:1:1::21 large-community 999:64532:100
+
+
+# announce_to_peers_with_rtt_lower_than 200 ms
+allow to 2001:db8:1:1::21 community 64532:200
+allow to 2001:db8:1:1::21 ext-community rt 64532:200
+allow to 2001:db8:1:1::21 large-community 999:64532:200
+
+
+# announce_to_peers_with_rtt_lower_than 500 ms
+allow to 2001:db8:1:1::21 community 64532:500
+allow to 2001:db8:1:1::21 ext-community rt 64532:500
+allow to 2001:db8:1:1::21 large-community 999:64532:500
+
+
+# do_not_announce_to_peers_with_rtt_higher_than 5 ms
+deny to 2001:db8:1:1::21 community 64531:5
+deny to 2001:db8:1:1::21 ext-community rt 64531:5
+deny to 2001:db8:1:1::21 large-community 999:64531:5
+
+
+# do_not_announce_to_peers_with_rtt_higher_than 10 ms
+deny to 2001:db8:1:1::21 community 64531:10
+deny to 2001:db8:1:1::21 ext-community rt 64531:10
+deny to 2001:db8:1:1::21 large-community 999:64531:10
+
+
+# do_not_announce_to_peers_with_rtt_higher_than 15 ms
+deny to 2001:db8:1:1::21 community 64531:15
+deny to 2001:db8:1:1::21 ext-community rt 64531:15
+deny to 2001:db8:1:1::21 large-community 999:64531:15
+
+
+# announce_to_peers_with_rtt_higher_than 5 ms
+allow to 2001:db8:1:1::21 community 64533:5
+allow to 2001:db8:1:1::21 ext-community rt 64533:5
+allow to 2001:db8:1:1::21 large-community 999:64533:5
+
+
+# announce_to_peers_with_rtt_higher_than 10 ms
+allow to 2001:db8:1:1::21 community 64533:10
+allow to 2001:db8:1:1::21 ext-community rt 64533:10
+allow to 2001:db8:1:1::21 large-community 999:64533:10
+
+
+# announce_to_peers_with_rtt_higher_than 15 ms
+allow to 2001:db8:1:1::21 community 64533:15
+allow to 2001:db8:1:1::21 ext-community rt 64533:15
+allow to 2001:db8:1:1::21 large-community 999:64533:15
+
+
+# announce_to_peer
+allow to 2001:db8:1:1::21 community 65501:2
+allow to 2001:db8:1:1::21 ext-community rt 65501:2
+allow to 2001:db8:1:1::21 large-community 999:65501:2
+
+
+# Add the $INTCOMM_PROCESS_PREPEND_COMMS ext community to signal that communities
+# for prepending can be processed. As soon as one prepending action is performed,
+# this internal community is removed, so that further actions are not processed.
+match to 2001:db8:1:1::21 set ext-community $INTCOMM_PROCESS_PREPEND_COMMS
+
+# prepend_once_to_peer AS2; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 65521:2 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 65521:2 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:65521:2 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+# prepend_twice_to_peer AS2; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 65522:2 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 65522:2 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:65522:2 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+# prepend_thrice_to_peer AS2; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 65523:2 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 65523:2 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:65523:2 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_once_to_peers_with_rtt_higher_than 15 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64537:15 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64537:15 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64537:15 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_twice_to_peers_with_rtt_higher_than 15 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64538:15 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64538:15 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64538:15 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_thrice_to_peers_with_rtt_higher_than 15 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64539:15 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64539:15 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64539:15 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_once_to_peers_with_rtt_higher_than 10 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64537:10 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64537:10 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64537:10 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_twice_to_peers_with_rtt_higher_than 10 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64538:10 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64538:10 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64538:10 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_thrice_to_peers_with_rtt_higher_than 10 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64539:10 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64539:10 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64539:10 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_once_to_peers_with_rtt_higher_than 5 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64537:5 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64537:5 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64537:5 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_twice_to_peers_with_rtt_higher_than 5 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64538:5 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64538:5 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64538:5 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_thrice_to_peers_with_rtt_higher_than 5 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64539:5 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64539:5 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64539:5 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_once_to_peers_with_rtt_lower_than 20 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64534:20 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64534:20 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64534:20 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_twice_to_peers_with_rtt_lower_than 20 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64535:20 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64535:20 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64535:20 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_thrice_to_peers_with_rtt_lower_than 20 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64536:20 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64536:20 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64536:20 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_once_to_peers_with_rtt_lower_than 30 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64534:30 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64534:30 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64534:30 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_twice_to_peers_with_rtt_lower_than 30 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64535:30 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64535:30 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64535:30 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_thrice_to_peers_with_rtt_lower_than 30 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64536:30 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64536:30 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64536:30 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_once_to_peers_with_rtt_lower_than 50 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64534:50 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64534:50 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64534:50 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_twice_to_peers_with_rtt_lower_than 50 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64535:50 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64535:50 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64535:50 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_thrice_to_peers_with_rtt_lower_than 50 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64536:50 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64536:50 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64536:50 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_once_to_peers_with_rtt_lower_than 100 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64534:100 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64534:100 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64534:100 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_twice_to_peers_with_rtt_lower_than 100 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64535:100 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64535:100 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64535:100 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_thrice_to_peers_with_rtt_lower_than 100 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64536:100 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64536:100 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64536:100 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_once_to_peers_with_rtt_lower_than 200 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64534:200 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64534:200 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64534:200 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_twice_to_peers_with_rtt_lower_than 200 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64535:200 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64535:200 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64535:200 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_thrice_to_peers_with_rtt_lower_than 200 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64536:200 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64536:200 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64536:200 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_once_to_peers_with_rtt_lower_than 500 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64534:500 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64534:500 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64534:500 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_twice_to_peers_with_rtt_lower_than 500 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64535:500 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64535:500 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64535:500 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_thrice_to_peers_with_rtt_lower_than 500 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64536:500 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64536:500 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64536:500 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+
+# prepend_once_to_any; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 65521:65521 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 65521:65521 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:65521:65521 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+# prepend_twice_to_any; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 65522:65522 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 65522:65522 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:65522:65522 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+# prepend_thrice_to_any; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 65523:65523 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 65523:65523 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:65523:65523 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+
+# ---------------------------------------------
+# client AS3_1, inbound
+
+
+
+# NEXT_HOP
+match from 192.0.2.31 set community NO_ADVERTISE
+match from 192.0.2.31 nexthop 192.0.2.31 set community delete NO_ADVERTISE
+# Reject inbound routes when 'from 192.0.2.31 community NO_ADVERTISE' - reject code: 5
+allow quick from 192.0.2.31 community NO_ADVERTISE set {
+	localpref 1
+	community 65520:0
+	community 65520:5
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: left-most ASN
+# Reject inbound routes when 'from 192.0.2.31 peer-as != 3' - reject code: 6
+# community from reject_cause_map
+allow quick from 192.0.2.31 peer-as != 3 set {
+	localpref 1
+	community 65520:0
+	community 65520:6
+	large-community 999:1101:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: invalid ASNs
+# Reject inbound routes when 'from 192.0.2.31 AS 23456' - reject code: 7
+allow quick from 192.0.2.31 AS 23456 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 192.0.2.31 AS 64496 - 131071' - reject code: 7
+allow quick from 192.0.2.31 AS 64496 - 131071 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 192.0.2.31 AS 4200000000 - 4294967295' - reject code: 7
+allow quick from 192.0.2.31 AS 4200000000 - 4294967295 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: transit-free ASNs
+# Reject inbound routes when 'from 192.0.2.31 AS { 174 }' - reject code: 8
+allow quick from 192.0.2.31 AS { 174 } set {
+	localpref 1
+	community 65520:0
+	community 65520:8
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: never via route-servers ASNs
+# Reject inbound routes when 'from 192.0.2.31 AS as-set neverviarouteserver' - reject code: 15
+allow quick from 192.0.2.31 AS as-set neverviarouteserver set {
+	localpref 1
+	community 65520:0
+	community 65520:15
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+
+
+# Prefix: client's blacklist
+prefix-set "client_AS3_1_black_list_pref_ipv4" {
+    3.0.1.0/24 prefixlen 24 - 32
+
+}
+# Reject inbound routes when 'from 192.0.2.31 prefix-set client_AS3_1_black_list_pref_ipv4' - reject code: 11
+allow quick from 192.0.2.31 prefix-set client_AS3_1_black_list_pref_ipv4 set {
+	localpref 1
+	community 65520:0
+	community 65520:11
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+
+# Blackhole request?
+match from 192.0.2.31 set ext-community delete rt 65520:3
+
+
+# Remove internal communities before accepting the route
+match from 192.0.2.31 community BLACKHOLE set {
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+allow from 192.0.2.31 community 65534:0 set {
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+allow from 192.0.2.31 large-community 65534:0:0 set {
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# Add the rpki_bgp_origin_validation_not_performed community
+match from 192.0.2.31 community BLACKHOLE set community 65530:4
+match from 192.0.2.31 community BLACKHOLE set large-community 999:65530:4
+
+match from 192.0.2.31 community 65534:0 set { community 65530:4 large-community 999:65530:4}
+match from 192.0.2.31 large-community 65534:0:0 set { community 65530:4 large-community 999:65530:4}
+
+
+allow quick from 192.0.2.31 community BLACKHOLE
+allow quick from 192.0.2.31 community 65534:0
+allow quick from 192.0.2.31 large-community 65534:0:0
+
+
+match from 192.0.2.31 set ext-community rt 65520:3
+
+
+# RPKI-based Origin Validation
+# Reject inbound routes when 'from 192.0.2.31 ext-community $INTCOMM_RPKI_INVALID' - reject code: 14
+allow quick from 192.0.2.31 ext-community $INTCOMM_RPKI_INVALID set {
+	localpref 1
+	community 65520:0
+	community 65520:14
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# Prefix: length
+# Reject inbound routes when 'from 192.0.2.31 prefix 0.0.0.0/0 prefixlen 8 >< 24' - reject code: 13
+allow quick from 192.0.2.31 prefix 0.0.0.0/0 prefixlen 8 >< 24 set {
+	localpref 1
+	community 65520:0
+	community 65520:13
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# Graceful shutdown
+match from 192.0.2.31 community GRACEFUL_SHUTDOWN set localpref 5
+
+# Remove internal communities before accepting the route
+match from 192.0.2.31 set {
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+match from 192.0.2.31 set ext-community delete rt 65520:3
+
+
+
+allow quick from 192.0.2.31
+
+
+
+# ---------------------------------------------
+# client AS3_1, outbound
+
+deny quick to 192.0.2.31 community 65520:0
+
+
+
+# Blackhole request?
+# Configured policy: rewrite-next-hop
+match to 192.0.2.31 community 65534:0 set community BLACKHOLE
+match to 192.0.2.31 large-community 65534:0:0 set community BLACKHOLE
+
+match to 192.0.2.31 community BLACKHOLE set community NO_EXPORT
+match to 192.0.2.31 community BLACKHOLE set nexthop 192.0.2.66
+
+
+# RPKI-based Origin Validation
+# Do not announce INVALID to clients
+deny quick to 192.0.2.31 ext-community $INTCOMM_RPKI_INVALID
+
+# NO_EXPORT and NO_ADVERTISE communities
+# add_noexport_to_any
+match to 192.0.2.31 community 65507:999 set community NO_EXPORT
+match to 192.0.2.31 ext-community rt 65507:999 set community NO_EXPORT
+match to 192.0.2.31 large-community 999:65507:999 set community NO_EXPORT
+
+# add_noadvertise_to_any
+match to 192.0.2.31 community 65508:999 set community NO_ADVERTISE
+match to 192.0.2.31 ext-community rt 65508:999 set community NO_ADVERTISE
+match to 192.0.2.31 large-community 999:65508:999 set community NO_ADVERTISE
+
+# add_noexport_to_peer
+match to 192.0.2.31 community 65509:3 set community NO_EXPORT
+match to 192.0.2.31 ext-community rt 65509:3 set community NO_EXPORT
+match to 192.0.2.31 large-community 999:65509:3 set community NO_EXPORT
+
+# add_noadvertise_to_peer
+match to 192.0.2.31 community 65510:3 set community NO_ADVERTISE
+match to 192.0.2.31 ext-community rt 65510:3 set community NO_ADVERTISE
+match to 192.0.2.31 large-community 999:65510:3 set community NO_ADVERTISE
+
+
+# BGP control communities
+allow to 192.0.2.31
+
+# do_not_announce_to_any
+deny to 192.0.2.31 community 0:999
+deny to 192.0.2.31 ext-community rt 0:999
+deny to 192.0.2.31 large-community 999:0:999
+
+# do_not_announce_to_peer
+deny quick to 192.0.2.31 community 0:3
+deny quick to 192.0.2.31 ext-community rt 0:3
+deny quick to 192.0.2.31 large-community 999:0:3
+
+# announce_to_peer
+allow to 192.0.2.31 community 65501:3
+allow to 192.0.2.31 ext-community rt 65501:3
+allow to 192.0.2.31 large-community 999:65501:3
+
+
+# Add the $INTCOMM_PROCESS_PREPEND_COMMS ext community to signal that communities
+# for prepending can be processed. As soon as one prepending action is performed,
+# this internal community is removed, so that further actions are not processed.
+match to 192.0.2.31 set ext-community $INTCOMM_PROCESS_PREPEND_COMMS
+
+# prepend_once_to_peer AS3; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 65521:3 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 65521:3 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:65521:3 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+# prepend_twice_to_peer AS3; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 65522:3 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 65522:3 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:65522:3 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+# prepend_thrice_to_peer AS3; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 65523:3 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 65523:3 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:65523:3 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+
+# prepend_once_to_any; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 65521:65521 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 65521:65521 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:65521:65521 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+# prepend_twice_to_any; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 65522:65522 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 65522:65522 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:65522:65522 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+# prepend_thrice_to_any; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 65523:65523 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 65523:65523 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:65523:65523 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+
+# ---------------------------------------------
+# client AS3_2, inbound
+
+
+
+# NEXT_HOP
+match from 2001:db8:1:1::31 set community NO_ADVERTISE
+match from 2001:db8:1:1::31 nexthop 2001:db8:1:1::31 set community delete NO_ADVERTISE
+# Reject inbound routes when 'from 2001:db8:1:1::31 community NO_ADVERTISE' - reject code: 5
+allow quick from 2001:db8:1:1::31 community NO_ADVERTISE set {
+	localpref 1
+	community 65520:0
+	community 65520:5
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: left-most ASN
+# Reject inbound routes when 'from 2001:db8:1:1::31 peer-as != 3' - reject code: 6
+# community from reject_cause_map
+allow quick from 2001:db8:1:1::31 peer-as != 3 set {
+	localpref 1
+	community 65520:0
+	community 65520:6
+	large-community 999:1101:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: invalid ASNs
+# Reject inbound routes when 'from 2001:db8:1:1::31 AS 23456' - reject code: 7
+allow quick from 2001:db8:1:1::31 AS 23456 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 2001:db8:1:1::31 AS 64496 - 131071' - reject code: 7
+allow quick from 2001:db8:1:1::31 AS 64496 - 131071 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 2001:db8:1:1::31 AS 4200000000 - 4294967295' - reject code: 7
+allow quick from 2001:db8:1:1::31 AS 4200000000 - 4294967295 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: transit-free ASNs
+# Reject inbound routes when 'from 2001:db8:1:1::31 AS { 174 }' - reject code: 8
+allow quick from 2001:db8:1:1::31 AS { 174 } set {
+	localpref 1
+	community 65520:0
+	community 65520:8
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: never via route-servers ASNs
+# Reject inbound routes when 'from 2001:db8:1:1::31 AS as-set neverviarouteserver' - reject code: 15
+allow quick from 2001:db8:1:1::31 AS as-set neverviarouteserver set {
+	localpref 1
+	community 65520:0
+	community 65520:15
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+
+
+# Prefix: client's blacklist
+prefix-set "client_AS3_2_black_list_pref_ipv6" {
+    2a03:0:1::/48 prefixlen 48 - 128
+
+}
+# Reject inbound routes when 'from 2001:db8:1:1::31 prefix-set client_AS3_2_black_list_pref_ipv6' - reject code: 11
+allow quick from 2001:db8:1:1::31 prefix-set client_AS3_2_black_list_pref_ipv6 set {
+	localpref 1
+	community 65520:0
+	community 65520:11
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+
+# Blackhole request?
+match from 2001:db8:1:1::31 set ext-community delete rt 65520:3
+
+
+# Remove internal communities before accepting the route
+match from 2001:db8:1:1::31 community BLACKHOLE set {
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+allow from 2001:db8:1:1::31 community 65534:0 set {
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+allow from 2001:db8:1:1::31 large-community 65534:0:0 set {
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# Add the rpki_bgp_origin_validation_not_performed community
+match from 2001:db8:1:1::31 community BLACKHOLE set community 65530:4
+match from 2001:db8:1:1::31 community BLACKHOLE set large-community 999:65530:4
+
+match from 2001:db8:1:1::31 community 65534:0 set { community 65530:4 large-community 999:65530:4}
+match from 2001:db8:1:1::31 large-community 65534:0:0 set { community 65530:4 large-community 999:65530:4}
+
+
+allow quick from 2001:db8:1:1::31 community BLACKHOLE
+allow quick from 2001:db8:1:1::31 community 65534:0
+allow quick from 2001:db8:1:1::31 large-community 65534:0:0
+
+
+match from 2001:db8:1:1::31 set ext-community rt 65520:3
+
+
+# RPKI-based Origin Validation
+# Reject inbound routes when 'from 2001:db8:1:1::31 ext-community $INTCOMM_RPKI_INVALID' - reject code: 14
+allow quick from 2001:db8:1:1::31 ext-community $INTCOMM_RPKI_INVALID set {
+	localpref 1
+	community 65520:0
+	community 65520:14
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# Prefix: length
+# Reject inbound routes when 'from 2001:db8:1:1::31 prefix ::/0 prefixlen 17 >< 48' - reject code: 13
+allow quick from 2001:db8:1:1::31 prefix ::/0 prefixlen 17 >< 48 set {
+	localpref 1
+	community 65520:0
+	community 65520:13
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# Graceful shutdown
+match from 2001:db8:1:1::31 community GRACEFUL_SHUTDOWN set localpref 5
+
+# Remove internal communities before accepting the route
+match from 2001:db8:1:1::31 set {
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+match from 2001:db8:1:1::31 set ext-community delete rt 65520:3
+
+
+
+allow quick from 2001:db8:1:1::31
+
+
+
+# ---------------------------------------------
+# client AS3_2, outbound
+
+deny quick to 2001:db8:1:1::31 community 65520:0
+
+
+
+# Blackhole request?
+# Configured policy: rewrite-next-hop
+match to 2001:db8:1:1::31 community 65534:0 set community BLACKHOLE
+match to 2001:db8:1:1::31 large-community 65534:0:0 set community BLACKHOLE
+
+match to 2001:db8:1:1::31 community BLACKHOLE set community NO_EXPORT
+match to 2001:db8:1:1::31 community BLACKHOLE set nexthop 2001:db8:1:1::66
+
+
+# RPKI-based Origin Validation
+# Do not announce INVALID to clients
+deny quick to 2001:db8:1:1::31 ext-community $INTCOMM_RPKI_INVALID
+
+# NO_EXPORT and NO_ADVERTISE communities
+# add_noexport_to_any
+match to 2001:db8:1:1::31 community 65507:999 set community NO_EXPORT
+match to 2001:db8:1:1::31 ext-community rt 65507:999 set community NO_EXPORT
+match to 2001:db8:1:1::31 large-community 999:65507:999 set community NO_EXPORT
+
+# add_noadvertise_to_any
+match to 2001:db8:1:1::31 community 65508:999 set community NO_ADVERTISE
+match to 2001:db8:1:1::31 ext-community rt 65508:999 set community NO_ADVERTISE
+match to 2001:db8:1:1::31 large-community 999:65508:999 set community NO_ADVERTISE
+
+# add_noexport_to_peer
+match to 2001:db8:1:1::31 community 65509:3 set community NO_EXPORT
+match to 2001:db8:1:1::31 ext-community rt 65509:3 set community NO_EXPORT
+match to 2001:db8:1:1::31 large-community 999:65509:3 set community NO_EXPORT
+
+# add_noadvertise_to_peer
+match to 2001:db8:1:1::31 community 65510:3 set community NO_ADVERTISE
+match to 2001:db8:1:1::31 ext-community rt 65510:3 set community NO_ADVERTISE
+match to 2001:db8:1:1::31 large-community 999:65510:3 set community NO_ADVERTISE
+
+
+# BGP control communities
+allow to 2001:db8:1:1::31
+
+# do_not_announce_to_any
+deny to 2001:db8:1:1::31 community 0:999
+deny to 2001:db8:1:1::31 ext-community rt 0:999
+deny to 2001:db8:1:1::31 large-community 999:0:999
+
+# do_not_announce_to_peer
+deny quick to 2001:db8:1:1::31 community 0:3
+deny quick to 2001:db8:1:1::31 ext-community rt 0:3
+deny quick to 2001:db8:1:1::31 large-community 999:0:3
+
+# do_not_announce_to_peers_with_rtt_lower_than 200 ms
+deny to 2001:db8:1:1::31 community 64530:200
+deny to 2001:db8:1:1::31 ext-community rt 64530:200
+deny to 2001:db8:1:1::31 large-community 999:64530:200
+
+
+# do_not_announce_to_peers_with_rtt_lower_than 500 ms
+deny to 2001:db8:1:1::31 community 64530:500
+deny to 2001:db8:1:1::31 ext-community rt 64530:500
+deny to 2001:db8:1:1::31 large-community 999:64530:500
+
+
+# announce_to_peers_with_rtt_lower_than 200 ms
+allow to 2001:db8:1:1::31 community 64532:200
+allow to 2001:db8:1:1::31 ext-community rt 64532:200
+allow to 2001:db8:1:1::31 large-community 999:64532:200
+
+
+# announce_to_peers_with_rtt_lower_than 500 ms
+allow to 2001:db8:1:1::31 community 64532:500
+allow to 2001:db8:1:1::31 ext-community rt 64532:500
+allow to 2001:db8:1:1::31 large-community 999:64532:500
+
+
+# do_not_announce_to_peers_with_rtt_higher_than 5 ms
+deny to 2001:db8:1:1::31 community 64531:5
+deny to 2001:db8:1:1::31 ext-community rt 64531:5
+deny to 2001:db8:1:1::31 large-community 999:64531:5
+
+
+# do_not_announce_to_peers_with_rtt_higher_than 10 ms
+deny to 2001:db8:1:1::31 community 64531:10
+deny to 2001:db8:1:1::31 ext-community rt 64531:10
+deny to 2001:db8:1:1::31 large-community 999:64531:10
+
+
+# do_not_announce_to_peers_with_rtt_higher_than 15 ms
+deny to 2001:db8:1:1::31 community 64531:15
+deny to 2001:db8:1:1::31 ext-community rt 64531:15
+deny to 2001:db8:1:1::31 large-community 999:64531:15
+
+
+# do_not_announce_to_peers_with_rtt_higher_than 20 ms
+deny to 2001:db8:1:1::31 community 64531:20
+deny to 2001:db8:1:1::31 ext-community rt 64531:20
+deny to 2001:db8:1:1::31 large-community 999:64531:20
+
+
+# do_not_announce_to_peers_with_rtt_higher_than 30 ms
+deny to 2001:db8:1:1::31 community 64531:30
+deny to 2001:db8:1:1::31 ext-community rt 64531:30
+deny to 2001:db8:1:1::31 large-community 999:64531:30
+
+
+# do_not_announce_to_peers_with_rtt_higher_than 50 ms
+deny to 2001:db8:1:1::31 community 64531:50
+deny to 2001:db8:1:1::31 ext-community rt 64531:50
+deny to 2001:db8:1:1::31 large-community 999:64531:50
+
+
+# do_not_announce_to_peers_with_rtt_higher_than 100 ms
+deny to 2001:db8:1:1::31 community 64531:100
+deny to 2001:db8:1:1::31 ext-community rt 64531:100
+deny to 2001:db8:1:1::31 large-community 999:64531:100
+
+
+# announce_to_peers_with_rtt_higher_than 5 ms
+allow to 2001:db8:1:1::31 community 64533:5
+allow to 2001:db8:1:1::31 ext-community rt 64533:5
+allow to 2001:db8:1:1::31 large-community 999:64533:5
+
+
+# announce_to_peers_with_rtt_higher_than 10 ms
+allow to 2001:db8:1:1::31 community 64533:10
+allow to 2001:db8:1:1::31 ext-community rt 64533:10
+allow to 2001:db8:1:1::31 large-community 999:64533:10
+
+
+# announce_to_peers_with_rtt_higher_than 15 ms
+allow to 2001:db8:1:1::31 community 64533:15
+allow to 2001:db8:1:1::31 ext-community rt 64533:15
+allow to 2001:db8:1:1::31 large-community 999:64533:15
+
+
+# announce_to_peers_with_rtt_higher_than 20 ms
+allow to 2001:db8:1:1::31 community 64533:20
+allow to 2001:db8:1:1::31 ext-community rt 64533:20
+allow to 2001:db8:1:1::31 large-community 999:64533:20
+
+
+# announce_to_peers_with_rtt_higher_than 30 ms
+allow to 2001:db8:1:1::31 community 64533:30
+allow to 2001:db8:1:1::31 ext-community rt 64533:30
+allow to 2001:db8:1:1::31 large-community 999:64533:30
+
+
+# announce_to_peers_with_rtt_higher_than 50 ms
+allow to 2001:db8:1:1::31 community 64533:50
+allow to 2001:db8:1:1::31 ext-community rt 64533:50
+allow to 2001:db8:1:1::31 large-community 999:64533:50
+
+
+# announce_to_peers_with_rtt_higher_than 100 ms
+allow to 2001:db8:1:1::31 community 64533:100
+allow to 2001:db8:1:1::31 ext-community rt 64533:100
+allow to 2001:db8:1:1::31 large-community 999:64533:100
+
+
+# announce_to_peer
+allow to 2001:db8:1:1::31 community 65501:3
+allow to 2001:db8:1:1::31 ext-community rt 65501:3
+allow to 2001:db8:1:1::31 large-community 999:65501:3
+
+
+# Add the $INTCOMM_PROCESS_PREPEND_COMMS ext community to signal that communities
+# for prepending can be processed. As soon as one prepending action is performed,
+# this internal community is removed, so that further actions are not processed.
+match to 2001:db8:1:1::31 set ext-community $INTCOMM_PROCESS_PREPEND_COMMS
+
+# prepend_once_to_peer AS3; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 65521:3 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 65521:3 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:65521:3 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+# prepend_twice_to_peer AS3; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 65522:3 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 65522:3 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:65522:3 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+# prepend_thrice_to_peer AS3; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 65523:3 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 65523:3 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:65523:3 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_once_to_peers_with_rtt_higher_than 100 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64537:100 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64537:100 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64537:100 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_twice_to_peers_with_rtt_higher_than 100 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64538:100 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64538:100 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64538:100 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_thrice_to_peers_with_rtt_higher_than 100 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64539:100 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64539:100 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64539:100 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_once_to_peers_with_rtt_higher_than 50 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64537:50 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64537:50 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64537:50 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_twice_to_peers_with_rtt_higher_than 50 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64538:50 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64538:50 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64538:50 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_thrice_to_peers_with_rtt_higher_than 50 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64539:50 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64539:50 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64539:50 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_once_to_peers_with_rtt_higher_than 30 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64537:30 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64537:30 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64537:30 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_twice_to_peers_with_rtt_higher_than 30 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64538:30 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64538:30 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64538:30 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_thrice_to_peers_with_rtt_higher_than 30 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64539:30 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64539:30 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64539:30 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_once_to_peers_with_rtt_higher_than 20 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64537:20 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64537:20 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64537:20 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_twice_to_peers_with_rtt_higher_than 20 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64538:20 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64538:20 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64538:20 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_thrice_to_peers_with_rtt_higher_than 20 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64539:20 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64539:20 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64539:20 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_once_to_peers_with_rtt_higher_than 15 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64537:15 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64537:15 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64537:15 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_twice_to_peers_with_rtt_higher_than 15 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64538:15 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64538:15 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64538:15 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_thrice_to_peers_with_rtt_higher_than 15 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64539:15 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64539:15 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64539:15 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_once_to_peers_with_rtt_higher_than 10 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64537:10 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64537:10 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64537:10 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_twice_to_peers_with_rtt_higher_than 10 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64538:10 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64538:10 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64538:10 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_thrice_to_peers_with_rtt_higher_than 10 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64539:10 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64539:10 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64539:10 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_once_to_peers_with_rtt_higher_than 5 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64537:5 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64537:5 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64537:5 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_twice_to_peers_with_rtt_higher_than 5 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64538:5 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64538:5 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64538:5 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_thrice_to_peers_with_rtt_higher_than 5 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64539:5 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64539:5 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64539:5 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_once_to_peers_with_rtt_lower_than 200 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64534:200 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64534:200 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64534:200 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_twice_to_peers_with_rtt_lower_than 200 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64535:200 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64535:200 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64535:200 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_thrice_to_peers_with_rtt_lower_than 200 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64536:200 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64536:200 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64536:200 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_once_to_peers_with_rtt_lower_than 500 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64534:500 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64534:500 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64534:500 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_twice_to_peers_with_rtt_lower_than 500 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64535:500 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64535:500 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64535:500 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_thrice_to_peers_with_rtt_lower_than 500 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64536:500 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64536:500 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64536:500 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+
+# prepend_once_to_any; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 65521:65521 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 65521:65521 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:65521:65521 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+# prepend_twice_to_any; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 65522:65522 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 65522:65522 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:65522:65522 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+# prepend_thrice_to_any; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 65523:65523 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 65523:65523 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:65523:65523 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+
+# ---------------------------------------------
+# client AS4_1, inbound
+
+
+
+# NEXT_HOP
+match from 192.0.2.41 set community NO_ADVERTISE
+match from 192.0.2.41 nexthop 192.0.2.41 set community delete NO_ADVERTISE
+# Reject inbound routes when 'from 192.0.2.41 community NO_ADVERTISE' - reject code: 5
+allow quick from 192.0.2.41 community NO_ADVERTISE set {
+	localpref 1
+	community 65520:0
+	community 65520:5
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: left-most ASN
+# Reject inbound routes when 'from 192.0.2.41 peer-as != 4' - reject code: 6
+# community from reject_cause_map
+allow quick from 192.0.2.41 peer-as != 4 set {
+	localpref 1
+	community 65520:0
+	community 65520:6
+	large-community 999:1101:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: invalid ASNs
+# Reject inbound routes when 'from 192.0.2.41 AS 23456' - reject code: 7
+allow quick from 192.0.2.41 AS 23456 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 192.0.2.41 AS 64496 - 131071' - reject code: 7
+allow quick from 192.0.2.41 AS 64496 - 131071 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 192.0.2.41 AS 4200000000 - 4294967295' - reject code: 7
+allow quick from 192.0.2.41 AS 4200000000 - 4294967295 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: transit-free ASNs
+# Reject inbound routes when 'from 192.0.2.41 AS { 3, 174 }' - reject code: 8
+allow quick from 192.0.2.41 AS { 3, 174 } set {
+	localpref 1
+	community 65520:0
+	community 65520:8
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: never via route-servers ASNs
+# Reject inbound routes when 'from 192.0.2.41 AS as-set neverviarouteserver' - reject code: 15
+allow quick from 192.0.2.41 AS as-set neverviarouteserver set {
+	localpref 1
+	community 65520:0
+	community 65520:15
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+
+
+
+
+
+# Blackhole request?
+match from 192.0.2.41 set ext-community delete rt 65520:4
+
+
+# Remove internal communities before accepting the route
+match from 192.0.2.41 community BLACKHOLE set {
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+allow from 192.0.2.41 community 65534:0 set {
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+allow from 192.0.2.41 large-community 65534:0:0 set {
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# Add the rpki_bgp_origin_validation_not_performed community
+match from 192.0.2.41 community BLACKHOLE set community 65530:4
+match from 192.0.2.41 community BLACKHOLE set large-community 999:65530:4
+
+match from 192.0.2.41 community 65534:0 set { community 65530:4 large-community 999:65530:4}
+match from 192.0.2.41 large-community 65534:0:0 set { community 65530:4 large-community 999:65530:4}
+
+
+allow quick from 192.0.2.41 community BLACKHOLE
+allow quick from 192.0.2.41 community 65534:0
+allow quick from 192.0.2.41 large-community 65534:0:0
+
+
+match from 192.0.2.41 set ext-community rt 65520:4
+
+
+# RPKI-based Origin Validation
+# Reject inbound routes when 'from 192.0.2.41 ext-community $INTCOMM_RPKI_INVALID' - reject code: 14
+allow quick from 192.0.2.41 ext-community $INTCOMM_RPKI_INVALID set {
+	localpref 1
+	community 65520:0
+	community 65520:14
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# Prefix: length
+# Reject inbound routes when 'from 192.0.2.41 prefix 0.0.0.0/0 prefixlen 8 >< 24' - reject code: 13
+allow quick from 192.0.2.41 prefix 0.0.0.0/0 prefixlen 8 >< 24 set {
+	localpref 1
+	community 65520:0
+	community 65520:13
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# Graceful shutdown
+match from 192.0.2.41 community GRACEFUL_SHUTDOWN set localpref 5
+
+# Remove internal communities before accepting the route
+match from 192.0.2.41 set {
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+match from 192.0.2.41 set ext-community delete rt 65520:4
+
+
+
+allow quick from 192.0.2.41
+
+
+
+# ---------------------------------------------
+# client AS4_1, outbound
+
+deny quick to 192.0.2.41 community 65520:0
+
+
+
+# Blackhole request?
+# Configured policy: rewrite-next-hop
+match to 192.0.2.41 community 65534:0 set community BLACKHOLE
+match to 192.0.2.41 large-community 65534:0:0 set community BLACKHOLE
+
+match to 192.0.2.41 community BLACKHOLE set community NO_EXPORT
+match to 192.0.2.41 community BLACKHOLE set nexthop 192.0.2.66
+
+
+# RPKI-based Origin Validation
+# Do not announce INVALID to clients
+deny quick to 192.0.2.41 ext-community $INTCOMM_RPKI_INVALID
+
+# NO_EXPORT and NO_ADVERTISE communities
+# add_noexport_to_any
+match to 192.0.2.41 community 65507:999 set community NO_EXPORT
+match to 192.0.2.41 ext-community rt 65507:999 set community NO_EXPORT
+match to 192.0.2.41 large-community 999:65507:999 set community NO_EXPORT
+
+# add_noadvertise_to_any
+match to 192.0.2.41 community 65508:999 set community NO_ADVERTISE
+match to 192.0.2.41 ext-community rt 65508:999 set community NO_ADVERTISE
+match to 192.0.2.41 large-community 999:65508:999 set community NO_ADVERTISE
+
+# add_noexport_to_peer
+match to 192.0.2.41 community 65509:4 set community NO_EXPORT
+match to 192.0.2.41 ext-community rt 65509:4 set community NO_EXPORT
+match to 192.0.2.41 large-community 999:65509:4 set community NO_EXPORT
+
+# add_noadvertise_to_peer
+match to 192.0.2.41 community 65510:4 set community NO_ADVERTISE
+match to 192.0.2.41 ext-community rt 65510:4 set community NO_ADVERTISE
+match to 192.0.2.41 large-community 999:65510:4 set community NO_ADVERTISE
+
+
+# BGP control communities
+allow to 192.0.2.41
+
+# do_not_announce_to_any
+deny to 192.0.2.41 community 0:999
+deny to 192.0.2.41 ext-community rt 0:999
+deny to 192.0.2.41 large-community 999:0:999
+
+# do_not_announce_to_peer
+deny quick to 192.0.2.41 community 0:4
+deny quick to 192.0.2.41 ext-community rt 0:4
+deny quick to 192.0.2.41 large-community 999:0:4
+
+# announce_to_peer
+allow to 192.0.2.41 community 65501:4
+allow to 192.0.2.41 ext-community rt 65501:4
+allow to 192.0.2.41 large-community 999:65501:4
+
+
+# Add the $INTCOMM_PROCESS_PREPEND_COMMS ext community to signal that communities
+# for prepending can be processed. As soon as one prepending action is performed,
+# this internal community is removed, so that further actions are not processed.
+match to 192.0.2.41 set ext-community $INTCOMM_PROCESS_PREPEND_COMMS
+
+# prepend_once_to_peer AS4; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 65521:4 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 65521:4 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:65521:4 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+# prepend_twice_to_peer AS4; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 65522:4 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 65522:4 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:65522:4 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+# prepend_thrice_to_peer AS4; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 65523:4 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 65523:4 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:65523:4 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+
+# prepend_once_to_any; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 65521:65521 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 65521:65521 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:65521:65521 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+# prepend_twice_to_any; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 65522:65522 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 65522:65522 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:65522:65522 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+# prepend_thrice_to_any; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 65523:65523 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 65523:65523 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:65523:65523 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+
+# ---------------------------------------------
+# client AS4_2, inbound
+
+
+
+# NEXT_HOP
+match from 2001:db8:1:1::41 set community NO_ADVERTISE
+match from 2001:db8:1:1::41 nexthop 2001:db8:1:1::41 set community delete NO_ADVERTISE
+# Reject inbound routes when 'from 2001:db8:1:1::41 community NO_ADVERTISE' - reject code: 5
+allow quick from 2001:db8:1:1::41 community NO_ADVERTISE set {
+	localpref 1
+	community 65520:0
+	community 65520:5
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: left-most ASN
+# Reject inbound routes when 'from 2001:db8:1:1::41 peer-as != 4' - reject code: 6
+# community from reject_cause_map
+allow quick from 2001:db8:1:1::41 peer-as != 4 set {
+	localpref 1
+	community 65520:0
+	community 65520:6
+	large-community 999:1101:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: invalid ASNs
+# Reject inbound routes when 'from 2001:db8:1:1::41 AS 23456' - reject code: 7
+allow quick from 2001:db8:1:1::41 AS 23456 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 2001:db8:1:1::41 AS 64496 - 131071' - reject code: 7
+allow quick from 2001:db8:1:1::41 AS 64496 - 131071 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 2001:db8:1:1::41 AS 4200000000 - 4294967295' - reject code: 7
+allow quick from 2001:db8:1:1::41 AS 4200000000 - 4294967295 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: transit-free ASNs
+# Reject inbound routes when 'from 2001:db8:1:1::41 AS { 3, 174 }' - reject code: 8
+allow quick from 2001:db8:1:1::41 AS { 3, 174 } set {
+	localpref 1
+	community 65520:0
+	community 65520:8
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: never via route-servers ASNs
+# Reject inbound routes when 'from 2001:db8:1:1::41 AS as-set neverviarouteserver' - reject code: 15
+allow quick from 2001:db8:1:1::41 AS as-set neverviarouteserver set {
+	localpref 1
+	community 65520:0
+	community 65520:15
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+
+
+
+
+
+# Blackhole request?
+match from 2001:db8:1:1::41 set ext-community delete rt 65520:4
+
+
+# Remove internal communities before accepting the route
+match from 2001:db8:1:1::41 community BLACKHOLE set {
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+allow from 2001:db8:1:1::41 community 65534:0 set {
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+allow from 2001:db8:1:1::41 large-community 65534:0:0 set {
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# Add the rpki_bgp_origin_validation_not_performed community
+match from 2001:db8:1:1::41 community BLACKHOLE set community 65530:4
+match from 2001:db8:1:1::41 community BLACKHOLE set large-community 999:65530:4
+
+match from 2001:db8:1:1::41 community 65534:0 set { community 65530:4 large-community 999:65530:4}
+match from 2001:db8:1:1::41 large-community 65534:0:0 set { community 65530:4 large-community 999:65530:4}
+
+
+allow quick from 2001:db8:1:1::41 community BLACKHOLE
+allow quick from 2001:db8:1:1::41 community 65534:0
+allow quick from 2001:db8:1:1::41 large-community 65534:0:0
+
+
+match from 2001:db8:1:1::41 set ext-community rt 65520:4
+
+
+# RPKI-based Origin Validation
+# Reject inbound routes when 'from 2001:db8:1:1::41 ext-community $INTCOMM_RPKI_INVALID' - reject code: 14
+allow quick from 2001:db8:1:1::41 ext-community $INTCOMM_RPKI_INVALID set {
+	localpref 1
+	community 65520:0
+	community 65520:14
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# Prefix: length
+# Reject inbound routes when 'from 2001:db8:1:1::41 prefix ::/0 prefixlen 17 >< 48' - reject code: 13
+allow quick from 2001:db8:1:1::41 prefix ::/0 prefixlen 17 >< 48 set {
+	localpref 1
+	community 65520:0
+	community 65520:13
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# Graceful shutdown
+match from 2001:db8:1:1::41 community GRACEFUL_SHUTDOWN set localpref 5
+
+# Remove internal communities before accepting the route
+match from 2001:db8:1:1::41 set {
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+match from 2001:db8:1:1::41 set ext-community delete rt 65520:4
+
+
+
+allow quick from 2001:db8:1:1::41
+
+
+
+# ---------------------------------------------
+# client AS4_2, outbound
+
+deny quick to 2001:db8:1:1::41 community 65520:0
+
+
+
+# Blackhole request?
+# Configured policy: rewrite-next-hop
+match to 2001:db8:1:1::41 community 65534:0 set community BLACKHOLE
+match to 2001:db8:1:1::41 large-community 65534:0:0 set community BLACKHOLE
+
+match to 2001:db8:1:1::41 community BLACKHOLE set community NO_EXPORT
+match to 2001:db8:1:1::41 community BLACKHOLE set nexthop 2001:db8:1:1::66
+
+
+# RPKI-based Origin Validation
+# Do not announce INVALID to clients
+deny quick to 2001:db8:1:1::41 ext-community $INTCOMM_RPKI_INVALID
+
+# NO_EXPORT and NO_ADVERTISE communities
+# add_noexport_to_any
+match to 2001:db8:1:1::41 community 65507:999 set community NO_EXPORT
+match to 2001:db8:1:1::41 ext-community rt 65507:999 set community NO_EXPORT
+match to 2001:db8:1:1::41 large-community 999:65507:999 set community NO_EXPORT
+
+# add_noadvertise_to_any
+match to 2001:db8:1:1::41 community 65508:999 set community NO_ADVERTISE
+match to 2001:db8:1:1::41 ext-community rt 65508:999 set community NO_ADVERTISE
+match to 2001:db8:1:1::41 large-community 999:65508:999 set community NO_ADVERTISE
+
+# add_noexport_to_peer
+match to 2001:db8:1:1::41 community 65509:4 set community NO_EXPORT
+match to 2001:db8:1:1::41 ext-community rt 65509:4 set community NO_EXPORT
+match to 2001:db8:1:1::41 large-community 999:65509:4 set community NO_EXPORT
+
+# add_noadvertise_to_peer
+match to 2001:db8:1:1::41 community 65510:4 set community NO_ADVERTISE
+match to 2001:db8:1:1::41 ext-community rt 65510:4 set community NO_ADVERTISE
+match to 2001:db8:1:1::41 large-community 999:65510:4 set community NO_ADVERTISE
+
+
+# BGP control communities
+allow to 2001:db8:1:1::41
+
+# do_not_announce_to_any
+deny to 2001:db8:1:1::41 community 0:999
+deny to 2001:db8:1:1::41 ext-community rt 0:999
+deny to 2001:db8:1:1::41 large-community 999:0:999
+
+# do_not_announce_to_peer
+deny quick to 2001:db8:1:1::41 community 0:4
+deny quick to 2001:db8:1:1::41 ext-community rt 0:4
+deny quick to 2001:db8:1:1::41 large-community 999:0:4
+
+# do_not_announce_to_peers_with_rtt_higher_than 5 ms
+deny to 2001:db8:1:1::41 community 64531:5
+deny to 2001:db8:1:1::41 ext-community rt 64531:5
+deny to 2001:db8:1:1::41 large-community 999:64531:5
+
+
+# do_not_announce_to_peers_with_rtt_higher_than 10 ms
+deny to 2001:db8:1:1::41 community 64531:10
+deny to 2001:db8:1:1::41 ext-community rt 64531:10
+deny to 2001:db8:1:1::41 large-community 999:64531:10
+
+
+# do_not_announce_to_peers_with_rtt_higher_than 15 ms
+deny to 2001:db8:1:1::41 community 64531:15
+deny to 2001:db8:1:1::41 ext-community rt 64531:15
+deny to 2001:db8:1:1::41 large-community 999:64531:15
+
+
+# do_not_announce_to_peers_with_rtt_higher_than 20 ms
+deny to 2001:db8:1:1::41 community 64531:20
+deny to 2001:db8:1:1::41 ext-community rt 64531:20
+deny to 2001:db8:1:1::41 large-community 999:64531:20
+
+
+# do_not_announce_to_peers_with_rtt_higher_than 30 ms
+deny to 2001:db8:1:1::41 community 64531:30
+deny to 2001:db8:1:1::41 ext-community rt 64531:30
+deny to 2001:db8:1:1::41 large-community 999:64531:30
+
+
+# do_not_announce_to_peers_with_rtt_higher_than 50 ms
+deny to 2001:db8:1:1::41 community 64531:50
+deny to 2001:db8:1:1::41 ext-community rt 64531:50
+deny to 2001:db8:1:1::41 large-community 999:64531:50
+
+
+# do_not_announce_to_peers_with_rtt_higher_than 100 ms
+deny to 2001:db8:1:1::41 community 64531:100
+deny to 2001:db8:1:1::41 ext-community rt 64531:100
+deny to 2001:db8:1:1::41 large-community 999:64531:100
+
+
+# do_not_announce_to_peers_with_rtt_higher_than 200 ms
+deny to 2001:db8:1:1::41 community 64531:200
+deny to 2001:db8:1:1::41 ext-community rt 64531:200
+deny to 2001:db8:1:1::41 large-community 999:64531:200
+
+
+# do_not_announce_to_peers_with_rtt_higher_than 500 ms
+deny to 2001:db8:1:1::41 community 64531:500
+deny to 2001:db8:1:1::41 ext-community rt 64531:500
+deny to 2001:db8:1:1::41 large-community 999:64531:500
+
+
+# announce_to_peers_with_rtt_higher_than 5 ms
+allow to 2001:db8:1:1::41 community 64533:5
+allow to 2001:db8:1:1::41 ext-community rt 64533:5
+allow to 2001:db8:1:1::41 large-community 999:64533:5
+
+
+# announce_to_peers_with_rtt_higher_than 10 ms
+allow to 2001:db8:1:1::41 community 64533:10
+allow to 2001:db8:1:1::41 ext-community rt 64533:10
+allow to 2001:db8:1:1::41 large-community 999:64533:10
+
+
+# announce_to_peers_with_rtt_higher_than 15 ms
+allow to 2001:db8:1:1::41 community 64533:15
+allow to 2001:db8:1:1::41 ext-community rt 64533:15
+allow to 2001:db8:1:1::41 large-community 999:64533:15
+
+
+# announce_to_peers_with_rtt_higher_than 20 ms
+allow to 2001:db8:1:1::41 community 64533:20
+allow to 2001:db8:1:1::41 ext-community rt 64533:20
+allow to 2001:db8:1:1::41 large-community 999:64533:20
+
+
+# announce_to_peers_with_rtt_higher_than 30 ms
+allow to 2001:db8:1:1::41 community 64533:30
+allow to 2001:db8:1:1::41 ext-community rt 64533:30
+allow to 2001:db8:1:1::41 large-community 999:64533:30
+
+
+# announce_to_peers_with_rtt_higher_than 50 ms
+allow to 2001:db8:1:1::41 community 64533:50
+allow to 2001:db8:1:1::41 ext-community rt 64533:50
+allow to 2001:db8:1:1::41 large-community 999:64533:50
+
+
+# announce_to_peers_with_rtt_higher_than 100 ms
+allow to 2001:db8:1:1::41 community 64533:100
+allow to 2001:db8:1:1::41 ext-community rt 64533:100
+allow to 2001:db8:1:1::41 large-community 999:64533:100
+
+
+# announce_to_peers_with_rtt_higher_than 200 ms
+allow to 2001:db8:1:1::41 community 64533:200
+allow to 2001:db8:1:1::41 ext-community rt 64533:200
+allow to 2001:db8:1:1::41 large-community 999:64533:200
+
+
+# announce_to_peers_with_rtt_higher_than 500 ms
+allow to 2001:db8:1:1::41 community 64533:500
+allow to 2001:db8:1:1::41 ext-community rt 64533:500
+allow to 2001:db8:1:1::41 large-community 999:64533:500
+
+
+# announce_to_peer
+allow to 2001:db8:1:1::41 community 65501:4
+allow to 2001:db8:1:1::41 ext-community rt 65501:4
+allow to 2001:db8:1:1::41 large-community 999:65501:4
+
+
+# Add the $INTCOMM_PROCESS_PREPEND_COMMS ext community to signal that communities
+# for prepending can be processed. As soon as one prepending action is performed,
+# this internal community is removed, so that further actions are not processed.
+match to 2001:db8:1:1::41 set ext-community $INTCOMM_PROCESS_PREPEND_COMMS
+
+# prepend_once_to_peer AS4; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 65521:4 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 65521:4 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:65521:4 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+# prepend_twice_to_peer AS4; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 65522:4 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 65522:4 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:65522:4 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+# prepend_thrice_to_peer AS4; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 65523:4 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 65523:4 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:65523:4 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_once_to_peers_with_rtt_higher_than 500 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64537:500 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64537:500 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64537:500 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_twice_to_peers_with_rtt_higher_than 500 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64538:500 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64538:500 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64538:500 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_thrice_to_peers_with_rtt_higher_than 500 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64539:500 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64539:500 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64539:500 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_once_to_peers_with_rtt_higher_than 200 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64537:200 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64537:200 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64537:200 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_twice_to_peers_with_rtt_higher_than 200 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64538:200 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64538:200 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64538:200 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_thrice_to_peers_with_rtt_higher_than 200 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64539:200 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64539:200 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64539:200 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_once_to_peers_with_rtt_higher_than 100 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64537:100 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64537:100 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64537:100 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_twice_to_peers_with_rtt_higher_than 100 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64538:100 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64538:100 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64538:100 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_thrice_to_peers_with_rtt_higher_than 100 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64539:100 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64539:100 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64539:100 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_once_to_peers_with_rtt_higher_than 50 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64537:50 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64537:50 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64537:50 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_twice_to_peers_with_rtt_higher_than 50 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64538:50 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64538:50 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64538:50 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_thrice_to_peers_with_rtt_higher_than 50 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64539:50 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64539:50 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64539:50 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_once_to_peers_with_rtt_higher_than 30 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64537:30 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64537:30 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64537:30 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_twice_to_peers_with_rtt_higher_than 30 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64538:30 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64538:30 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64538:30 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_thrice_to_peers_with_rtt_higher_than 30 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64539:30 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64539:30 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64539:30 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_once_to_peers_with_rtt_higher_than 20 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64537:20 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64537:20 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64537:20 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_twice_to_peers_with_rtt_higher_than 20 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64538:20 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64538:20 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64538:20 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_thrice_to_peers_with_rtt_higher_than 20 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64539:20 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64539:20 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64539:20 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_once_to_peers_with_rtt_higher_than 15 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64537:15 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64537:15 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64537:15 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_twice_to_peers_with_rtt_higher_than 15 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64538:15 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64538:15 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64538:15 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_thrice_to_peers_with_rtt_higher_than 15 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64539:15 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64539:15 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64539:15 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_once_to_peers_with_rtt_higher_than 10 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64537:10 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64537:10 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64537:10 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_twice_to_peers_with_rtt_higher_than 10 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64538:10 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64538:10 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64538:10 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_thrice_to_peers_with_rtt_higher_than 10 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64539:10 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64539:10 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64539:10 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_once_to_peers_with_rtt_higher_than 5 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64537:5 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64537:5 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64537:5 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_twice_to_peers_with_rtt_higher_than 5 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64538:5 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64538:5 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64538:5 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_thrice_to_peers_with_rtt_higher_than 5 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64539:5 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64539:5 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64539:5 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+
+# prepend_once_to_any; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 65521:65521 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 65521:65521 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:65521:65521 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+# prepend_twice_to_any; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 65522:65522 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 65522:65522 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:65522:65522 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+# prepend_thrice_to_any; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 65523:65523 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 65523:65523 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:65523:65523 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+
+
+
+# Scrub communities from outbound routes
+# add_noadvertise_to_any
+match to group clients set community delete 65508:999
+match to group clients set ext-community delete rt 65508:999
+match to group clients set large-community delete 999:65508:999
+
+# add_noadvertise_to_peer
+match to group clients set community delete 65510:*
+match to group clients set ext-community delete rt 65510:*
+match to group clients set large-community delete 999:65510:*
+
+# add_noexport_to_any
+match to group clients set community delete 65507:999
+match to group clients set ext-community delete rt 65507:999
+match to group clients set large-community delete 999:65507:999
+
+# add_noexport_to_peer
+match to group clients set community delete 65509:*
+match to group clients set ext-community delete rt 65509:*
+match to group clients set large-community delete 999:65509:*
+
+# announce_to_peer
+match to group clients set community delete 65501:*
+match to group clients set ext-community delete rt 65501:*
+match to group clients set large-community delete 999:65501:*
+
+# announce_to_peers_with_rtt_higher_than
+match to group clients set community delete 64533:*
+match to group clients set ext-community delete rt 64533:*
+match to group clients set large-community delete 999:64533:*
+
+# announce_to_peers_with_rtt_lower_than
+match to group clients set community delete 64532:*
+match to group clients set ext-community delete rt 64532:*
+match to group clients set large-community delete 999:64532:*
+
+# blackholing
+match to group clients set community delete 65534:0
+match to group clients set large-community delete 65534:0:0
+
+# do_not_announce_to_any
+match to group clients set community delete 0:999
+match to group clients set ext-community delete rt 0:999
+match to group clients set large-community delete 999:0:999
+
+# do_not_announce_to_peer
+match to group clients set community delete 0:*
+match to group clients set ext-community delete rt 0:*
+match to group clients set large-community delete 999:0:*
+
+# do_not_announce_to_peers_with_rtt_higher_than
+match to group clients set community delete 64531:*
+match to group clients set ext-community delete rt 64531:*
+match to group clients set large-community delete 999:64531:*
+
+# do_not_announce_to_peers_with_rtt_lower_than
+match to group clients set community delete 64530:*
+match to group clients set ext-community delete rt 64530:*
+match to group clients set large-community delete 999:64530:*
+
+# prepend_once_to_any
+match to group clients set community delete 65521:65521
+match to group clients set ext-community delete rt 65521:65521
+match to group clients set large-community delete 999:65521:65521
+
+# prepend_once_to_peer
+match to group clients set community delete 65521:*
+match to group clients set ext-community delete rt 65521:*
+match to group clients set large-community delete 999:65521:*
+
+# prepend_once_to_peers_with_rtt_higher_than
+match to group clients set community delete 64537:*
+match to group clients set ext-community delete rt 64537:*
+match to group clients set large-community delete 999:64537:*
+
+# prepend_once_to_peers_with_rtt_lower_than
+match to group clients set community delete 64534:*
+match to group clients set ext-community delete rt 64534:*
+match to group clients set large-community delete 999:64534:*
+
+# prepend_thrice_to_any
+match to group clients set community delete 65523:65523
+match to group clients set ext-community delete rt 65523:65523
+match to group clients set large-community delete 999:65523:65523
+
+# prepend_thrice_to_peer
+match to group clients set community delete 65523:*
+match to group clients set ext-community delete rt 65523:*
+match to group clients set large-community delete 999:65523:*
+
+# prepend_thrice_to_peers_with_rtt_higher_than
+match to group clients set community delete 64539:*
+match to group clients set ext-community delete rt 64539:*
+match to group clients set large-community delete 999:64539:*
+
+# prepend_thrice_to_peers_with_rtt_lower_than
+match to group clients set community delete 64536:*
+match to group clients set ext-community delete rt 64536:*
+match to group clients set large-community delete 999:64536:*
+
+# prepend_twice_to_any
+match to group clients set community delete 65522:65522
+match to group clients set ext-community delete rt 65522:65522
+match to group clients set large-community delete 999:65522:65522
+
+# prepend_twice_to_peer
+match to group clients set community delete 65522:*
+match to group clients set ext-community delete rt 65522:*
+match to group clients set large-community delete 999:65522:*
+
+# prepend_twice_to_peers_with_rtt_higher_than
+match to group clients set community delete 64538:*
+match to group clients set ext-community delete rt 64538:*
+match to group clients set large-community delete 999:64538:*
+
+# prepend_twice_to_peers_with_rtt_lower_than
+match to group clients set community delete 64535:*
+match to group clients set ext-community delete rt 64535:*
+match to group clients set large-community delete 999:64535:*
+
+# reject_cause
+match to group clients set community delete 65520:*
+
+# reject_cause_map_6
+match to group clients set large-community delete 999:1101:7
+
+# rejected_route_announced_by
+match to group clients set ext-community delete rt 65520:*
+
+
+# Scrub prepending communities
+match to group clients set {
+	community delete 65521:65521
+	ext-community delete rt 65521:65521
+	large-community delete 999:65521:65521
+
+}
+match to group clients set {
+	community delete 65521:*
+	ext-community delete rt 65521:*
+	large-community delete 999:65521:*
+
+}
+match to group clients set {
+	community delete 64537:*
+	ext-community delete rt 64537:*
+	large-community delete 999:64537:*
+
+}
+match to group clients set {
+	community delete 64534:*
+	ext-community delete rt 64534:*
+	large-community delete 999:64534:*
+
+}
+match to group clients set {
+	community delete 65523:65523
+	ext-community delete rt 65523:65523
+	large-community delete 999:65523:65523
+
+}
+match to group clients set {
+	community delete 65523:*
+	ext-community delete rt 65523:*
+	large-community delete 999:65523:*
+
+}
+match to group clients set {
+	community delete 64539:*
+	ext-community delete rt 64539:*
+	large-community delete 999:64539:*
+
+}
+match to group clients set {
+	community delete 64536:*
+	ext-community delete rt 64536:*
+	large-community delete 999:64536:*
+
+}
+match to group clients set {
+	community delete 65522:65522
+	ext-community delete rt 65522:65522
+	large-community delete 999:65522:65522
+
+}
+match to group clients set {
+	community delete 65522:*
+	ext-community delete rt 65522:*
+	large-community delete 999:65522:*
+
+}
+match to group clients set {
+	community delete 64538:*
+	ext-community delete rt 64538:*
+	large-community delete 999:64538:*
+
+}
+match to group clients set {
+	community delete 64535:*
+	ext-community delete rt 64535:*
+	large-community delete 999:64535:*
+
+}
+
+
+# RFC1997 NO_EXPORT/NO_ADVERTISE received from clients and propagated because of pass-through policy
+match to group clients ext-community $INTCOMM_NO_EXPORT set community NO_EXPORT
+match to group clients ext-community $INTCOMM_NO_ADVERTISE set community NO_ADVERTISE
+
+# Remove internal communities before announcing the route
+match to group clients set {
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+include "/etc/bgpd/post-filters.local"
+
+
diff --git a/tests/live_tests/scenarios/global/routes/BasicScenario_OpenBGPDIPv4/openbgpd76p/AS101.txt b/tests/live_tests/scenarios/global/routes/BasicScenario_OpenBGPDIPv4/openbgpd76p/AS101.txt
new file mode 100644
index 00000000..6fcbe9f9
--- /dev/null
+++ b/tests/live_tests/scenarios/global/routes/BasicScenario_OpenBGPDIPv4/openbgpd76p/AS101.txt
@@ -0,0 +1,588 @@
+1.0.1.0/24, AS_PATH: 1, NEXT_HOP: 192.0.2.11, via 192.0.2.11
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+1.0.1.0/24, AS_PATH: 1, NEXT_HOP: 192.0.2.12, via 192.0.2.12
+  std comms:
+  ext comms:
+  lrg comms:
+  best: False, LOCAL_PREF: 100
+  filtered: False ()
+
+1.0.1.0/24, AS_PATH: 2 1, NEXT_HOP: 192.0.2.11, via 192.0.2.21
+  std comms:
+  ext comms:
+  lrg comms:
+  best: False, LOCAL_PREF: 100
+  filtered: False ()
+
+1.0.2.0/24, AS_PATH: 1, NEXT_HOP: 192.0.2.11, via 192.0.2.11
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+1.0.2.0/24, AS_PATH: 1, NEXT_HOP: 192.0.2.12, via 192.0.2.12
+  std comms:
+  ext comms:
+  lrg comms:
+  best: False, LOCAL_PREF: 100
+  filtered: False ()
+
+1.0.2.0/24, AS_PATH: 2 1, NEXT_HOP: 192.0.2.11, via 192.0.2.21
+  std comms:
+  ext comms:
+  lrg comms:
+  best: False, LOCAL_PREF: 100
+  filtered: False ()
+
+1.0.3.0/24, AS_PATH: 1, NEXT_HOP: 192.0.2.12, via 192.0.2.12
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+1.0.3.0/24, AS_PATH: 2 1, NEXT_HOP: 192.0.2.11, via 192.0.2.21
+  std comms:
+  ext comms:
+  lrg comms:
+  best: False, LOCAL_PREF: 100
+  filtered: False ()
+
+10.0.0.0/24, AS_PATH: 1, NEXT_HOP: 192.0.2.11, via 192.0.2.11
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+11.1.1.0/24, AS_PATH: 1, NEXT_HOP: 192.0.2.11, via 192.0.2.11
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+11.1.1.0/24, AS_PATH: 2 1 1011, NEXT_HOP: 192.0.2.11, via 192.0.2.21
+  std comms:
+  ext comms:
+  lrg comms:
+  best: False, LOCAL_PREF: 100
+  filtered: False ()
+
+11.1.2.0/24, AS_PATH: 1, NEXT_HOP: 192.0.2.11, via 192.0.2.11
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+11.2.1.0/24, AS_PATH: 1, NEXT_HOP: 192.0.2.11, via 192.0.2.11
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+11.3.0.0/16, AS_PATH: 1, NEXT_HOP: 192.0.2.11, via 192.0.2.11
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+11.3.0.0/16, AS_PATH: 2 1 1011, NEXT_HOP: 192.0.2.11, via 192.0.2.21
+  std comms:
+  ext comms:
+  lrg comms:
+  best: False, LOCAL_PREF: 100
+  filtered: False ()
+
+11.3.1.0/24, AS_PATH: 1, NEXT_HOP: 192.0.2.11, via 192.0.2.11
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+11.4.1.0/24, AS_PATH: 1, NEXT_HOP: 192.0.2.11, via 192.0.2.11
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+11.4.1.0/24, AS_PATH: 2 1 1000, NEXT_HOP: 192.0.2.11, via 192.0.2.21
+  std comms:
+  ext comms:
+  lrg comms:
+  best: False, LOCAL_PREF: 100
+  filtered: False ()
+
+128.0.0.0/10, AS_PATH: 1, NEXT_HOP: 192.0.2.11, via 192.0.2.11
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+128.0.0.0/7, AS_PATH: 1, NEXT_HOP: 192.0.2.11, via 192.0.2.11
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+128.0.0.0/8, AS_PATH: 1, NEXT_HOP: 192.0.2.11, via 192.0.2.11
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+128.0.0.0/9, AS_PATH: 1, NEXT_HOP: 192.0.2.11, via 192.0.2.11
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+192.0.2.0/24, AS_PATH: 1, NEXT_HOP: 192.0.2.11, via 192.0.2.11
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2.0.1.0/24, AS_PATH: 1 2, NEXT_HOP: 192.0.2.21, via 192.0.2.11
+  std comms:
+  ext comms:
+  lrg comms:
+  best: False, LOCAL_PREF: 100
+  filtered: False ()
+
+2.0.1.0/24, AS_PATH: 1 2, NEXT_HOP: 192.0.2.21, via 192.0.2.12
+  std comms:
+  ext comms:
+  lrg comms:
+  best: False, LOCAL_PREF: 100
+  filtered: False ()
+
+2.0.1.0/24, AS_PATH: 2, NEXT_HOP: 192.0.2.21, via 192.0.2.21
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2.0.2.0/24, AS_PATH: 1 2, NEXT_HOP: 192.0.2.21, via 192.0.2.11
+  std comms:
+  ext comms:
+  lrg comms:
+  best: False, LOCAL_PREF: 100
+  filtered: False ()
+
+2.0.2.0/24, AS_PATH: 1 2, NEXT_HOP: 192.0.2.21, via 192.0.2.12
+  std comms:
+  ext comms:
+  lrg comms:
+  best: False, LOCAL_PREF: 100
+  filtered: False ()
+
+2.0.2.0/24, AS_PATH: 2, NEXT_HOP: 192.0.2.21, via 192.0.2.21
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2.0.3.1/32, AS_PATH: 2, NEXT_HOP: 192.0.2.21, via 192.0.2.21
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2.0.3.2/32, AS_PATH: 2, NEXT_HOP: 192.0.2.21, via 192.0.2.21
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2.0.3.3/32, AS_PATH: 2, NEXT_HOP: 192.0.2.21, via 192.0.2.21
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2.0.4.0/24, AS_PATH: 1 2, NEXT_HOP: 192.0.2.22, via 192.0.2.11
+  std comms:
+  ext comms:
+  lrg comms:
+  best: False, LOCAL_PREF: 100
+  filtered: False ()
+
+2.0.4.0/24, AS_PATH: 1 2, NEXT_HOP: 192.0.2.22, via 192.0.2.12
+  std comms:
+  ext comms:
+  lrg comms:
+  best: False, LOCAL_PREF: 100
+  filtered: False ()
+
+2.0.4.0/24, AS_PATH: 2, NEXT_HOP: 192.0.2.21, via 192.0.2.21
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2.0.5.0/24, AS_PATH: 2, NEXT_HOP: 192.0.2.21, via 192.0.2.21
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+222.2.2.0/24, AS_PATH: 1 222 333, NEXT_HOP: 192.0.2.222, via 192.0.2.11
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+222.2.2.0/24, AS_PATH: 1 222 333, NEXT_HOP: 192.0.2.222, via 192.0.2.12
+  std comms:
+  ext comms:
+  lrg comms:
+  best: False, LOCAL_PREF: 100
+  filtered: False ()
+
+222.2.2.0/24, AS_PATH: 2 222 333, NEXT_HOP: 192.0.2.222, via 192.0.2.21
+  std comms:
+  ext comms:
+  lrg comms:
+  best: False, LOCAL_PREF: 100
+  filtered: False ()
+
+222.3.3.0/24, AS_PATH: 1 222 333, NEXT_HOP: 192.0.2.222, via 192.0.2.11
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+222.3.3.0/24, AS_PATH: 1 222 333, NEXT_HOP: 192.0.2.222, via 192.0.2.12
+  std comms:
+  ext comms:
+  lrg comms:
+  best: False, LOCAL_PREF: 100
+  filtered: False ()
+
+222.3.3.0/24, AS_PATH: 2 222 333, NEXT_HOP: 192.0.2.222, via 192.0.2.21
+  std comms:
+  ext comms:
+  lrg comms:
+  best: False, LOCAL_PREF: 100
+  filtered: False ()
+
+3.0.10.0/24, AS_PATH: 1 3 3 3 3, NEXT_HOP: 192.0.2.31, via 192.0.2.11
+  std comms:
+  ext comms:
+  lrg comms:
+  best: False, LOCAL_PREF: 100
+  filtered: False ()
+
+3.0.10.0/24, AS_PATH: 1 3 3 3 3, NEXT_HOP: 192.0.2.31, via 192.0.2.12
+  std comms:
+  ext comms:
+  lrg comms:
+  best: False, LOCAL_PREF: 100
+  filtered: False ()
+
+3.0.10.0/24, AS_PATH: 2 3 3, NEXT_HOP: 192.0.2.31, via 192.0.2.21
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+3.0.12.0/24, AS_PATH: 2 3 3 3 3, NEXT_HOP: 192.0.2.31, via 192.0.2.21
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+3.0.2.0/24, AS_PATH: 1 3, NEXT_HOP: 192.0.2.31, via 192.0.2.11
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+3.0.2.0/24, AS_PATH: 1 3, NEXT_HOP: 192.0.2.31, via 192.0.2.12
+  std comms:
+  ext comms:
+  lrg comms:
+  best: False, LOCAL_PREF: 100
+  filtered: False ()
+
+3.0.3.0/24, AS_PATH: 2 3, NEXT_HOP: 192.0.2.31, via 192.0.2.21
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+3.0.5.0/24, AS_PATH: 1 3 3, NEXT_HOP: 192.0.2.31, via 192.0.2.11
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+3.0.5.0/24, AS_PATH: 1 3 3, NEXT_HOP: 192.0.2.31, via 192.0.2.12
+  std comms:
+  ext comms:
+  lrg comms:
+  best: False, LOCAL_PREF: 100
+  filtered: False ()
+
+3.0.5.0/24, AS_PATH: 2 3 3, NEXT_HOP: 192.0.2.31, via 192.0.2.21
+  std comms:
+  ext comms:
+  lrg comms:
+  best: False, LOCAL_PREF: 100
+  filtered: False ()
+
+3.0.6.0/24, AS_PATH: 1 3 3 3, NEXT_HOP: 192.0.2.31, via 192.0.2.11
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+3.0.6.0/24, AS_PATH: 1 3 3 3, NEXT_HOP: 192.0.2.31, via 192.0.2.12
+  std comms:
+  ext comms:
+  lrg comms:
+  best: False, LOCAL_PREF: 100
+  filtered: False ()
+
+3.0.6.0/24, AS_PATH: 2 3 3 3, NEXT_HOP: 192.0.2.31, via 192.0.2.21
+  std comms:
+  ext comms:
+  lrg comms:
+  best: False, LOCAL_PREF: 100
+  filtered: False ()
+
+3.0.7.0/24, AS_PATH: 1 3 3 3 3, NEXT_HOP: 192.0.2.31, via 192.0.2.11
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+3.0.7.0/24, AS_PATH: 1 3 3 3 3, NEXT_HOP: 192.0.2.31, via 192.0.2.12
+  std comms:
+  ext comms:
+  lrg comms:
+  best: False, LOCAL_PREF: 100
+  filtered: False ()
+
+3.0.7.0/24, AS_PATH: 2 3 3 3 3, NEXT_HOP: 192.0.2.31, via 192.0.2.21
+  std comms:
+  ext comms:
+  lrg comms:
+  best: False, LOCAL_PREF: 100
+  filtered: False ()
+
+3.0.8.0/24, AS_PATH: 1 3 3, NEXT_HOP: 192.0.2.31, via 192.0.2.11
+  std comms:
+  ext comms:
+  lrg comms:
+  best: False, LOCAL_PREF: 100
+  filtered: False ()
+
+3.0.8.0/24, AS_PATH: 1 3 3, NEXT_HOP: 192.0.2.31, via 192.0.2.12
+  std comms:
+  ext comms:
+  lrg comms:
+  best: False, LOCAL_PREF: 100
+  filtered: False ()
+
+3.0.8.0/24, AS_PATH: 2 3, NEXT_HOP: 192.0.2.31, via 192.0.2.21
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+3.0.9.0/24, AS_PATH: 1 3, NEXT_HOP: 192.0.2.31, via 192.0.2.11
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+3.0.9.0/24, AS_PATH: 1 3, NEXT_HOP: 192.0.2.31, via 192.0.2.12
+  std comms:
+  ext comms:
+  lrg comms:
+  best: False, LOCAL_PREF: 100
+  filtered: False ()
+
+3.0.9.0/24, AS_PATH: 2 3 3 3, NEXT_HOP: 192.0.2.31, via 192.0.2.21
+  std comms:
+  ext comms:
+  lrg comms:
+  best: False, LOCAL_PREF: 100
+  filtered: False ()
+
+4.0.1.0/24, AS_PATH: 1 4, NEXT_HOP: 192.0.2.41, via 192.0.2.11
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+4.0.1.0/24, AS_PATH: 1 4, NEXT_HOP: 192.0.2.41, via 192.0.2.12
+  std comms:
+  ext comms:
+  lrg comms:
+  best: False, LOCAL_PREF: 100
+  filtered: False ()
+
+4.0.10.0/24, AS_PATH: 1 4, NEXT_HOP: 192.0.2.41, via 192.0.2.11
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+4.0.10.0/24, AS_PATH: 1 4, NEXT_HOP: 192.0.2.41, via 192.0.2.12
+  std comms:
+  ext comms:
+  lrg comms:
+  best: False, LOCAL_PREF: 100
+  filtered: False ()
+
+4.0.10.0/24, AS_PATH: 2 4 4, NEXT_HOP: 192.0.2.41, via 192.0.2.21
+  std comms:
+  ext comms:
+  lrg comms:
+  best: False, LOCAL_PREF: 100
+  filtered: False ()
+
+4.0.2.0/24, AS_PATH: 1 4, NEXT_HOP: 192.0.2.41, via 192.0.2.11
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+4.0.2.0/24, AS_PATH: 1 4, NEXT_HOP: 192.0.2.41, via 192.0.2.12
+  std comms:
+  ext comms:
+  lrg comms:
+  best: False, LOCAL_PREF: 100
+  filtered: False ()
+
+4.0.3.0/24, AS_PATH: 1 4, NEXT_HOP: 192.0.2.41, via 192.0.2.11
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+4.0.3.0/24, AS_PATH: 1 4, NEXT_HOP: 192.0.2.41, via 192.0.2.12
+  std comms:
+  ext comms:
+  lrg comms:
+  best: False, LOCAL_PREF: 100
+  filtered: False ()
+
+4.0.4.0/24, AS_PATH: 1 4, NEXT_HOP: 192.0.2.41, via 192.0.2.11
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+4.0.4.0/24, AS_PATH: 1 4, NEXT_HOP: 192.0.2.41, via 192.0.2.12
+  std comms:
+  ext comms:
+  lrg comms:
+  best: False, LOCAL_PREF: 100
+  filtered: False ()
+
+4.0.5.0/24, AS_PATH: 1 4, NEXT_HOP: 192.0.2.41, via 192.0.2.11
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+4.0.5.0/24, AS_PATH: 1 4, NEXT_HOP: 192.0.2.41, via 192.0.2.12
+  std comms:
+  ext comms:
+  lrg comms:
+  best: False, LOCAL_PREF: 100
+  filtered: False ()
+
+4.0.6.0/24, AS_PATH: 2 4, NEXT_HOP: 192.0.2.41, via 192.0.2.21
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+4.0.8.0/24, AS_PATH: 1 4, NEXT_HOP: 192.0.2.41, via 192.0.2.11
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+4.0.8.0/24, AS_PATH: 1 4, NEXT_HOP: 192.0.2.41, via 192.0.2.12
+  std comms:
+  ext comms:
+  lrg comms:
+  best: False, LOCAL_PREF: 100
+  filtered: False ()
+
+4.0.8.0/24, AS_PATH: 2 4 4 4, NEXT_HOP: 192.0.2.41, via 192.0.2.21
+  std comms:
+  ext comms:
+  lrg comms:
+  best: False, LOCAL_PREF: 100
+  filtered: False ()
+
+4.0.9.0/24, AS_PATH: 1 4 4 4 4, NEXT_HOP: 192.0.2.41, via 192.0.2.11
+  std comms:
+  ext comms:
+  lrg comms:
+  best: False, LOCAL_PREF: 100
+  filtered: False ()
+
+4.0.9.0/24, AS_PATH: 1 4 4 4 4, NEXT_HOP: 192.0.2.41, via 192.0.2.12
+  std comms:
+  ext comms:
+  lrg comms:
+  best: False, LOCAL_PREF: 100
+  filtered: False ()
+
+4.0.9.0/24, AS_PATH: 2 4 4 4, NEXT_HOP: 192.0.2.41, via 192.0.2.21
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
diff --git a/tests/live_tests/scenarios/global/routes/BasicScenario_OpenBGPDIPv4/openbgpd76p/AS1_1.txt b/tests/live_tests/scenarios/global/routes/BasicScenario_OpenBGPDIPv4/openbgpd76p/AS1_1.txt
new file mode 100644
index 00000000..3a6fd1d4
--- /dev/null
+++ b/tests/live_tests/scenarios/global/routes/BasicScenario_OpenBGPDIPv4/openbgpd76p/AS1_1.txt
@@ -0,0 +1,350 @@
+101.0.1.0/24, AS_PATH: 101, NEXT_HOP: 192.0.2.101, via 192.0.2.101
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+101.0.10.0/24, AS_PATH: 101 666, NEXT_HOP: 192.0.2.101, via 192.0.2.101
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+101.0.11.0/24, AS_PATH: 101 777, NEXT_HOP: 192.0.2.101, via 192.0.2.101
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+101.0.128.0/24, AS_PATH: 101, NEXT_HOP: 192.0.2.101, via 192.0.2.101
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+101.0.128.1/32, AS_PATH: 101, NEXT_HOP: 192.0.2.101, via 192.0.2.101
+  std comms: 65535:666
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+101.0.2.0/24, AS_PATH: 101, NEXT_HOP: 192.0.2.101, via 192.0.2.101
+  std comms: 65530:0
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+101.0.3.0/24, AS_PATH: 101, NEXT_HOP: 192.0.2.101, via 192.0.2.101
+  std comms:
+  ext comms:
+  lrg comms: 999:65530:0
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+101.0.4.0/24, AS_PATH: 101, NEXT_HOP: 192.0.2.101, via 192.0.2.101
+  std comms: 888:0
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+101.0.5.0/24, AS_PATH: 101, NEXT_HOP: 192.0.2.101, via 192.0.2.101
+  std comms:
+  ext comms:
+  lrg comms: 888:0:0
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+101.0.6.0/24, AS_PATH: 101, NEXT_HOP: 192.0.2.101, via 192.0.2.101
+  std comms: 65530:1, 777:0
+  ext comms:
+  lrg comms: 777:0:0, 999:65530:1
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+101.0.7.0/24, AS_PATH: 101 174, NEXT_HOP: 192.0.2.101, via 192.0.2.101
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+101.0.8.0/24, AS_PATH: 101, NEXT_HOP: 192.0.2.101, via 192.0.2.101
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+101.0.9.0/24, AS_PATH: 101, NEXT_HOP: 192.0.2.101, via 192.0.2.101
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+101.1.0.0/24, AS_PATH: 101, NEXT_HOP: 192.0.2.101, via 192.0.2.101
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+101.2.0.0/17, AS_PATH: 101, NEXT_HOP: 192.0.2.101, via 192.0.2.101
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+101.2.1.0/24, AS_PATH: 101, NEXT_HOP: 192.0.2.101, via 192.0.2.101
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+101.2.128.0/24, AS_PATH: 101, NEXT_HOP: 192.0.2.101, via 192.0.2.101
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+101.3.0.0/24, AS_PATH: 101 105, NEXT_HOP: 192.0.2.101, via 192.0.2.101
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+102.0.1.0/24, AS_PATH: 101 102, NEXT_HOP: 192.0.2.101, via 192.0.2.101
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+103.0.1.0/24, AS_PATH: 101 103, NEXT_HOP: 192.0.2.101, via 192.0.2.101
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+103.0.2.0/24, AS_PATH: 101 101 103, NEXT_HOP: 192.0.2.101, via 192.0.2.101
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+104.0.1.0/24, AS_PATH: 101 104, NEXT_HOP: 192.0.2.101, via 192.0.2.101
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+104.1.1.0/24, AS_PATH: 101 104, NEXT_HOP: 192.0.2.101, via 192.0.2.101
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2.0.1.0/24, AS_PATH: 2, NEXT_HOP: 192.0.2.21, via 192.0.2.2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2.0.2.0/24, AS_PATH: 2, NEXT_HOP: 192.0.2.21, via 192.0.2.2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2.0.3.1/32, AS_PATH: 2, NEXT_HOP: 192.0.2.66, via 192.0.2.2
+  std comms: 65530:4, 65535:65281, 65535:666
+  ext comms:
+  lrg comms: 999:65530:4
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2.0.3.2/32, AS_PATH: 2, NEXT_HOP: 192.0.2.66, via 192.0.2.2
+  std comms: 65530:4, 65535:65281, 65535:666
+  ext comms:
+  lrg comms: 999:65530:4
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2.0.3.3/32, AS_PATH: 2, NEXT_HOP: 192.0.2.66, via 192.0.2.2
+  std comms: 65530:4, 65535:65281, 65535:666
+  ext comms:
+  lrg comms: 999:65530:4
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2.0.4.0/24, AS_PATH: 2, NEXT_HOP: 192.0.2.22, via 192.0.2.2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+222.2.2.0/24, AS_PATH: 222 333, NEXT_HOP: 192.0.2.222, via 192.0.2.2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+222.3.3.0/24, AS_PATH: 222 333, NEXT_HOP: 192.0.2.222, via 192.0.2.2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+3.0.10.0/24, AS_PATH: 3 3 3 3, NEXT_HOP: 192.0.2.31, via 192.0.2.2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+3.0.11.0/24, AS_PATH: 3, NEXT_HOP: 192.0.2.31, via 192.0.2.2
+  std comms: 65535:65281
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+3.0.12.0/24, AS_PATH: 3, NEXT_HOP: 192.0.2.31, via 192.0.2.2
+  std comms: 65535:65281
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+3.0.13.0/24, AS_PATH: 3, NEXT_HOP: 192.0.2.31, via 192.0.2.2
+  std comms: 65535:65281
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+3.0.2.0/24, AS_PATH: 3, NEXT_HOP: 192.0.2.31, via 192.0.2.2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+3.0.5.0/24, AS_PATH: 3 3, NEXT_HOP: 192.0.2.31, via 192.0.2.2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+3.0.6.0/24, AS_PATH: 3 3 3, NEXT_HOP: 192.0.2.31, via 192.0.2.2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+3.0.7.0/24, AS_PATH: 3 3 3 3, NEXT_HOP: 192.0.2.31, via 192.0.2.2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+3.0.8.0/24, AS_PATH: 3 3, NEXT_HOP: 192.0.2.31, via 192.0.2.2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+3.0.9.0/24, AS_PATH: 3, NEXT_HOP: 192.0.2.31, via 192.0.2.2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+4.0.1.0/24, AS_PATH: 4, NEXT_HOP: 192.0.2.41, via 192.0.2.2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+4.0.10.0/24, AS_PATH: 4, NEXT_HOP: 192.0.2.41, via 192.0.2.2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+4.0.2.0/24, AS_PATH: 4, NEXT_HOP: 192.0.2.41, via 192.0.2.2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+4.0.3.0/24, AS_PATH: 4, NEXT_HOP: 192.0.2.41, via 192.0.2.2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+4.0.4.0/24, AS_PATH: 4, NEXT_HOP: 192.0.2.41, via 192.0.2.2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+4.0.5.0/24, AS_PATH: 4, NEXT_HOP: 192.0.2.41, via 192.0.2.2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+4.0.7.1/32, AS_PATH: 4, NEXT_HOP: 192.0.2.66, via 192.0.2.2
+  std comms: 65530:4, 65535:65281, 65535:666
+  ext comms:
+  lrg comms: 999:65530:4
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+4.0.8.0/24, AS_PATH: 4, NEXT_HOP: 192.0.2.41, via 192.0.2.2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+4.0.9.0/24, AS_PATH: 4 4 4 4, NEXT_HOP: 192.0.2.41, via 192.0.2.2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
diff --git a/tests/live_tests/scenarios/global/routes/BasicScenario_OpenBGPDIPv4/openbgpd76p/AS1_2.txt b/tests/live_tests/scenarios/global/routes/BasicScenario_OpenBGPDIPv4/openbgpd76p/AS1_2.txt
new file mode 100644
index 00000000..8642e190
--- /dev/null
+++ b/tests/live_tests/scenarios/global/routes/BasicScenario_OpenBGPDIPv4/openbgpd76p/AS1_2.txt
@@ -0,0 +1,322 @@
+101.0.1.0/24, AS_PATH: 101, NEXT_HOP: 192.0.2.101, via 192.0.2.101
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+101.0.10.0/24, AS_PATH: 101 666, NEXT_HOP: 192.0.2.101, via 192.0.2.101
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+101.0.11.0/24, AS_PATH: 101 777, NEXT_HOP: 192.0.2.101, via 192.0.2.101
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+101.0.128.0/24, AS_PATH: 101, NEXT_HOP: 192.0.2.101, via 192.0.2.101
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+101.0.128.1/32, AS_PATH: 101, NEXT_HOP: 192.0.2.101, via 192.0.2.101
+  std comms: 65535:666
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+101.0.2.0/24, AS_PATH: 101, NEXT_HOP: 192.0.2.101, via 192.0.2.101
+  std comms: 65530:0
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+101.0.3.0/24, AS_PATH: 101, NEXT_HOP: 192.0.2.101, via 192.0.2.101
+  std comms:
+  ext comms:
+  lrg comms: 999:65530:0
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+101.0.4.0/24, AS_PATH: 101, NEXT_HOP: 192.0.2.101, via 192.0.2.101
+  std comms: 888:0
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+101.0.5.0/24, AS_PATH: 101, NEXT_HOP: 192.0.2.101, via 192.0.2.101
+  std comms:
+  ext comms:
+  lrg comms: 888:0:0
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+101.0.6.0/24, AS_PATH: 101, NEXT_HOP: 192.0.2.101, via 192.0.2.101
+  std comms: 65530:1, 777:0
+  ext comms:
+  lrg comms: 777:0:0, 999:65530:1
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+101.0.7.0/24, AS_PATH: 101 174, NEXT_HOP: 192.0.2.101, via 192.0.2.101
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+101.0.8.0/24, AS_PATH: 101, NEXT_HOP: 192.0.2.101, via 192.0.2.101
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+101.0.9.0/24, AS_PATH: 101, NEXT_HOP: 192.0.2.101, via 192.0.2.101
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+101.1.0.0/24, AS_PATH: 101, NEXT_HOP: 192.0.2.101, via 192.0.2.101
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+101.2.0.0/17, AS_PATH: 101, NEXT_HOP: 192.0.2.101, via 192.0.2.101
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+101.2.1.0/24, AS_PATH: 101, NEXT_HOP: 192.0.2.101, via 192.0.2.101
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+101.2.128.0/24, AS_PATH: 101, NEXT_HOP: 192.0.2.101, via 192.0.2.101
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+101.3.0.0/24, AS_PATH: 101 105, NEXT_HOP: 192.0.2.101, via 192.0.2.101
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+102.0.1.0/24, AS_PATH: 101 102, NEXT_HOP: 192.0.2.101, via 192.0.2.101
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+103.0.1.0/24, AS_PATH: 101 103, NEXT_HOP: 192.0.2.101, via 192.0.2.101
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+103.0.2.0/24, AS_PATH: 101 101 103, NEXT_HOP: 192.0.2.101, via 192.0.2.101
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+104.0.1.0/24, AS_PATH: 101 104, NEXT_HOP: 192.0.2.101, via 192.0.2.101
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+104.1.1.0/24, AS_PATH: 101 104, NEXT_HOP: 192.0.2.101, via 192.0.2.101
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2.0.1.0/24, AS_PATH: 2, NEXT_HOP: 192.0.2.21, via 192.0.2.2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2.0.2.0/24, AS_PATH: 2, NEXT_HOP: 192.0.2.21, via 192.0.2.2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2.0.4.0/24, AS_PATH: 2, NEXT_HOP: 192.0.2.22, via 192.0.2.2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+222.2.2.0/24, AS_PATH: 222 333, NEXT_HOP: 192.0.2.222, via 192.0.2.2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+222.3.3.0/24, AS_PATH: 222 333, NEXT_HOP: 192.0.2.222, via 192.0.2.2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+3.0.10.0/24, AS_PATH: 3 3 3 3, NEXT_HOP: 192.0.2.31, via 192.0.2.2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+3.0.11.0/24, AS_PATH: 3, NEXT_HOP: 192.0.2.31, via 192.0.2.2
+  std comms: 65535:65281
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+3.0.12.0/24, AS_PATH: 3, NEXT_HOP: 192.0.2.31, via 192.0.2.2
+  std comms: 65535:65281
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+3.0.13.0/24, AS_PATH: 3, NEXT_HOP: 192.0.2.31, via 192.0.2.2
+  std comms: 65535:65281
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+3.0.2.0/24, AS_PATH: 3, NEXT_HOP: 192.0.2.31, via 192.0.2.2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+3.0.5.0/24, AS_PATH: 3 3, NEXT_HOP: 192.0.2.31, via 192.0.2.2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+3.0.6.0/24, AS_PATH: 3 3 3, NEXT_HOP: 192.0.2.31, via 192.0.2.2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+3.0.7.0/24, AS_PATH: 3 3 3 3, NEXT_HOP: 192.0.2.31, via 192.0.2.2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+3.0.8.0/24, AS_PATH: 3 3, NEXT_HOP: 192.0.2.31, via 192.0.2.2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+3.0.9.0/24, AS_PATH: 3, NEXT_HOP: 192.0.2.31, via 192.0.2.2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+4.0.1.0/24, AS_PATH: 4, NEXT_HOP: 192.0.2.41, via 192.0.2.2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+4.0.10.0/24, AS_PATH: 4, NEXT_HOP: 192.0.2.41, via 192.0.2.2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+4.0.2.0/24, AS_PATH: 4, NEXT_HOP: 192.0.2.41, via 192.0.2.2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+4.0.3.0/24, AS_PATH: 4, NEXT_HOP: 192.0.2.41, via 192.0.2.2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+4.0.4.0/24, AS_PATH: 4, NEXT_HOP: 192.0.2.41, via 192.0.2.2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+4.0.5.0/24, AS_PATH: 4, NEXT_HOP: 192.0.2.41, via 192.0.2.2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+4.0.8.0/24, AS_PATH: 4, NEXT_HOP: 192.0.2.41, via 192.0.2.2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+4.0.9.0/24, AS_PATH: 4 4 4 4, NEXT_HOP: 192.0.2.41, via 192.0.2.2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
diff --git a/tests/live_tests/scenarios/global/routes/BasicScenario_OpenBGPDIPv4/openbgpd76p/AS2.txt b/tests/live_tests/scenarios/global/routes/BasicScenario_OpenBGPDIPv4/openbgpd76p/AS2.txt
new file mode 100644
index 00000000..23715fb7
--- /dev/null
+++ b/tests/live_tests/scenarios/global/routes/BasicScenario_OpenBGPDIPv4/openbgpd76p/AS2.txt
@@ -0,0 +1,406 @@
+1.0.1.0/24, AS_PATH: 1, NEXT_HOP: 192.0.2.11, via 192.0.2.2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+1.0.2.0/24, AS_PATH: 1, NEXT_HOP: 192.0.2.11, via 192.0.2.2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+1.0.3.0/24, AS_PATH: 1, NEXT_HOP: 192.0.2.11, via 192.0.2.2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+101.0.1.0/24, AS_PATH: 1 101, NEXT_HOP: 192.0.2.11, via 192.0.2.2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: False, LOCAL_PREF: 100
+  filtered: False ()
+
+101.0.1.0/24, AS_PATH: 101, NEXT_HOP: 192.0.2.101, via 192.0.2.101
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+101.0.10.0/24, AS_PATH: 101 666, NEXT_HOP: 192.0.2.101, via 192.0.2.101
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+101.0.11.0/24, AS_PATH: 101 777, NEXT_HOP: 192.0.2.101, via 192.0.2.101
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+101.0.128.0/24, AS_PATH: 101, NEXT_HOP: 192.0.2.101, via 192.0.2.101
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+101.0.128.1/32, AS_PATH: 1 101, NEXT_HOP: 192.0.2.66, via 192.0.2.2
+  std comms: 65530:4, 65535:65281, 65535:666
+  ext comms:
+  lrg comms: 999:65530:4
+  best: False, LOCAL_PREF: 100
+  filtered: False ()
+
+101.0.128.1/32, AS_PATH: 101, NEXT_HOP: 192.0.2.101, via 192.0.2.101
+  std comms: 65535:666
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+101.0.2.0/24, AS_PATH: 1 101, NEXT_HOP: 192.0.2.11, via 192.0.2.2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: False, LOCAL_PREF: 100
+  filtered: False ()
+
+101.0.2.0/24, AS_PATH: 101, NEXT_HOP: 192.0.2.101, via 192.0.2.101
+  std comms: 65530:0
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+101.0.3.0/24, AS_PATH: 1 101, NEXT_HOP: 192.0.2.11, via 192.0.2.2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: False, LOCAL_PREF: 100
+  filtered: False ()
+
+101.0.3.0/24, AS_PATH: 101, NEXT_HOP: 192.0.2.101, via 192.0.2.101
+  std comms:
+  ext comms:
+  lrg comms: 999:65530:0
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+101.0.4.0/24, AS_PATH: 1 101, NEXT_HOP: 192.0.2.11, via 192.0.2.2
+  std comms: 888:0
+  ext comms:
+  lrg comms:
+  best: False, LOCAL_PREF: 100
+  filtered: False ()
+
+101.0.4.0/24, AS_PATH: 101, NEXT_HOP: 192.0.2.101, via 192.0.2.101
+  std comms: 888:0
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+101.0.5.0/24, AS_PATH: 1 101, NEXT_HOP: 192.0.2.11, via 192.0.2.2
+  std comms:
+  ext comms:
+  lrg comms: 888:0:0
+  best: False, LOCAL_PREF: 100
+  filtered: False ()
+
+101.0.5.0/24, AS_PATH: 101, NEXT_HOP: 192.0.2.101, via 192.0.2.101
+  std comms:
+  ext comms:
+  lrg comms: 888:0:0
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+101.0.6.0/24, AS_PATH: 1 101, NEXT_HOP: 192.0.2.11, via 192.0.2.2
+  std comms: 777:0
+  ext comms:
+  lrg comms: 777:0:0
+  best: False, LOCAL_PREF: 100
+  filtered: False ()
+
+101.0.6.0/24, AS_PATH: 101, NEXT_HOP: 192.0.2.101, via 192.0.2.101
+  std comms: 65530:1, 777:0
+  ext comms:
+  lrg comms: 777:0:0, 999:65530:1
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+101.0.7.0/24, AS_PATH: 101 174, NEXT_HOP: 192.0.2.101, via 192.0.2.101
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+101.0.8.0/24, AS_PATH: 1 101, NEXT_HOP: 192.0.2.11, via 192.0.2.2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: False, LOCAL_PREF: 100
+  filtered: False ()
+
+101.0.8.0/24, AS_PATH: 101, NEXT_HOP: 192.0.2.101, via 192.0.2.101
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+101.0.9.0/24, AS_PATH: 101, NEXT_HOP: 192.0.2.101, via 192.0.2.101
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+101.1.0.0/24, AS_PATH: 101, NEXT_HOP: 192.0.2.101, via 192.0.2.101
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+101.2.0.0/17, AS_PATH: 1 101, NEXT_HOP: 192.0.2.11, via 192.0.2.2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: False, LOCAL_PREF: 100
+  filtered: False ()
+
+101.2.0.0/17, AS_PATH: 101, NEXT_HOP: 192.0.2.101, via 192.0.2.101
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+101.2.1.0/24, AS_PATH: 101, NEXT_HOP: 192.0.2.101, via 192.0.2.101
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+101.2.128.0/24, AS_PATH: 1 101, NEXT_HOP: 192.0.2.11, via 192.0.2.2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: False, LOCAL_PREF: 100
+  filtered: False ()
+
+101.2.128.0/24, AS_PATH: 101, NEXT_HOP: 192.0.2.101, via 192.0.2.101
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+101.3.0.0/24, AS_PATH: 101 105, NEXT_HOP: 192.0.2.101, via 192.0.2.101
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+102.0.1.0/24, AS_PATH: 101 102, NEXT_HOP: 192.0.2.101, via 192.0.2.101
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+103.0.1.0/24, AS_PATH: 101 101 103, NEXT_HOP: 192.0.2.101, via 192.0.2.101
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+103.0.2.0/24, AS_PATH: 101 103, NEXT_HOP: 192.0.2.101, via 192.0.2.101
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+104.0.1.0/24, AS_PATH: 1 101 104, NEXT_HOP: 192.0.2.11, via 192.0.2.2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: False, LOCAL_PREF: 100
+  filtered: False ()
+
+104.0.1.0/24, AS_PATH: 101 104, NEXT_HOP: 192.0.2.101, via 192.0.2.101
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+104.1.1.0/24, AS_PATH: 1 101 104, NEXT_HOP: 192.0.2.11, via 192.0.2.2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: False, LOCAL_PREF: 100
+  filtered: False ()
+
+104.1.1.0/24, AS_PATH: 101 104, NEXT_HOP: 192.0.2.101, via 192.0.2.101
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+11.1.1.0/24, AS_PATH: 1 1011, NEXT_HOP: 192.0.2.11, via 192.0.2.2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+11.3.0.0/16, AS_PATH: 1 1011, NEXT_HOP: 192.0.2.11, via 192.0.2.2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+11.4.1.0/24, AS_PATH: 1 1000, NEXT_HOP: 192.0.2.11, via 192.0.2.2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+222.2.2.0/24, AS_PATH: 222 333, NEXT_HOP: 192.0.2.222, via 192.0.2.2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+222.3.3.0/24, AS_PATH: 222 333, NEXT_HOP: 192.0.2.222, via 192.0.2.2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+3.0.10.0/24, AS_PATH: 3 3, NEXT_HOP: 192.0.2.31, via 192.0.2.2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+3.0.11.0/24, AS_PATH: 3, NEXT_HOP: 192.0.2.31, via 192.0.2.2
+  std comms: 65535:65281
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+3.0.12.0/24, AS_PATH: 3 3 3 3, NEXT_HOP: 192.0.2.31, via 192.0.2.2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+3.0.13.0/24, AS_PATH: 3, NEXT_HOP: 192.0.2.31, via 192.0.2.2
+  std comms: 65535:65281
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+3.0.3.0/24, AS_PATH: 3, NEXT_HOP: 192.0.2.31, via 192.0.2.2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+3.0.5.0/24, AS_PATH: 3 3, NEXT_HOP: 192.0.2.31, via 192.0.2.2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+3.0.6.0/24, AS_PATH: 3 3 3, NEXT_HOP: 192.0.2.31, via 192.0.2.2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+3.0.7.0/24, AS_PATH: 3 3 3 3, NEXT_HOP: 192.0.2.31, via 192.0.2.2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+3.0.8.0/24, AS_PATH: 3, NEXT_HOP: 192.0.2.31, via 192.0.2.2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+3.0.9.0/24, AS_PATH: 3 3 3, NEXT_HOP: 192.0.2.31, via 192.0.2.2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+4.0.10.0/24, AS_PATH: 4 4, NEXT_HOP: 192.0.2.41, via 192.0.2.2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+4.0.6.0/24, AS_PATH: 4, NEXT_HOP: 192.0.2.41, via 192.0.2.2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+4.0.7.1/32, AS_PATH: 4, NEXT_HOP: 192.0.2.66, via 192.0.2.2
+  std comms: 65530:4, 65535:65281, 65535:666
+  ext comms:
+  lrg comms: 999:65530:4
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+4.0.8.0/24, AS_PATH: 4 4 4, NEXT_HOP: 192.0.2.41, via 192.0.2.2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+4.0.9.0/24, AS_PATH: 4 4 4, NEXT_HOP: 192.0.2.41, via 192.0.2.2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
diff --git a/tests/live_tests/scenarios/global/routes/BasicScenario_OpenBGPDIPv4/openbgpd76p/AS222.txt b/tests/live_tests/scenarios/global/routes/BasicScenario_OpenBGPDIPv4/openbgpd76p/AS222.txt
new file mode 100644
index 00000000..e69de29b
diff --git a/tests/live_tests/scenarios/global/routes/BasicScenario_OpenBGPDIPv4/openbgpd76p/AS3.txt b/tests/live_tests/scenarios/global/routes/BasicScenario_OpenBGPDIPv4/openbgpd76p/AS3.txt
new file mode 100644
index 00000000..23711ab8
--- /dev/null
+++ b/tests/live_tests/scenarios/global/routes/BasicScenario_OpenBGPDIPv4/openbgpd76p/AS3.txt
@@ -0,0 +1,322 @@
+1.0.1.0/24, AS_PATH: 999 1, NEXT_HOP: 192.0.2.11, via 192.0.2.2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 101
+  filtered: False ()
+
+1.0.1.0/24, AS_PATH: 999 1, NEXT_HOP: 192.0.2.12, via 192.0.2.2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: False, LOCAL_PREF: 101
+  filtered: False ()
+
+1.0.2.0/24, AS_PATH: 999 1, NEXT_HOP: 192.0.2.11, via 192.0.2.2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 101
+  filtered: False ()
+
+1.0.2.0/24, AS_PATH: 999 1, NEXT_HOP: 192.0.2.12, via 192.0.2.2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: False, LOCAL_PREF: 101
+  filtered: False ()
+
+1.0.3.0/24, AS_PATH: 999 1, NEXT_HOP: 192.0.2.11, via 192.0.2.2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 101
+  filtered: False ()
+
+101.0.1.0/24, AS_PATH: 999 1 101, NEXT_HOP: 192.0.2.11, via 192.0.2.2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 101
+  filtered: False ()
+
+101.0.1.0/24, AS_PATH: 999 2 101, NEXT_HOP: 192.0.2.21, via 192.0.2.2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: False, LOCAL_PREF: 100
+  filtered: False ()
+
+101.0.128.1/32, AS_PATH: 999 1 101, NEXT_HOP: 192.0.2.66, via 192.0.2.2
+  std comms: 65530:4, 65535:65281, 65535:666
+  ext comms:
+  lrg comms: 999:65530:4
+  best: True, LOCAL_PREF: 101
+  filtered: False ()
+
+101.0.128.1/32, AS_PATH: 999 2 101, NEXT_HOP: 192.0.2.66, via 192.0.2.2
+  std comms: 65530:4, 65535:65281, 65535:666
+  ext comms:
+  lrg comms: 999:65530:4
+  best: False, LOCAL_PREF: 100
+  filtered: False ()
+
+101.0.2.0/24, AS_PATH: 999 1 101, NEXT_HOP: 192.0.2.11, via 192.0.2.2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 101
+  filtered: False ()
+
+101.0.2.0/24, AS_PATH: 999 2 101, NEXT_HOP: 192.0.2.21, via 192.0.2.2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: False, LOCAL_PREF: 100
+  filtered: False ()
+
+101.0.3.0/24, AS_PATH: 999 1 101, NEXT_HOP: 192.0.2.11, via 192.0.2.2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 101
+  filtered: False ()
+
+101.0.3.0/24, AS_PATH: 999 2 101, NEXT_HOP: 192.0.2.21, via 192.0.2.2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: False, LOCAL_PREF: 100
+  filtered: False ()
+
+101.0.4.0/24, AS_PATH: 999 1 101, NEXT_HOP: 192.0.2.11, via 192.0.2.2
+  std comms: 888:0
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 101
+  filtered: False ()
+
+101.0.4.0/24, AS_PATH: 999 2 101, NEXT_HOP: 192.0.2.21, via 192.0.2.2
+  std comms: 888:0
+  ext comms:
+  lrg comms:
+  best: False, LOCAL_PREF: 100
+  filtered: False ()
+
+101.0.5.0/24, AS_PATH: 999 1 101, NEXT_HOP: 192.0.2.11, via 192.0.2.2
+  std comms:
+  ext comms:
+  lrg comms: 888:0:0
+  best: True, LOCAL_PREF: 101
+  filtered: False ()
+
+101.0.5.0/24, AS_PATH: 999 2 101, NEXT_HOP: 192.0.2.21, via 192.0.2.2
+  std comms:
+  ext comms:
+  lrg comms: 888:0:0
+  best: False, LOCAL_PREF: 100
+  filtered: False ()
+
+101.0.6.0/24, AS_PATH: 999 1 101, NEXT_HOP: 192.0.2.11, via 192.0.2.2
+  std comms: 777:0
+  ext comms:
+  lrg comms: 777:0:0
+  best: True, LOCAL_PREF: 101
+  filtered: False ()
+
+101.0.6.0/24, AS_PATH: 999 2 101, NEXT_HOP: 192.0.2.21, via 192.0.2.2
+  std comms: 777:0
+  ext comms:
+  lrg comms: 777:0:0
+  best: False, LOCAL_PREF: 100
+  filtered: False ()
+
+101.0.8.0/24, AS_PATH: 999 1 101, NEXT_HOP: 192.0.2.11, via 192.0.2.2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 101
+  filtered: False ()
+
+101.0.8.0/24, AS_PATH: 999 2 101, NEXT_HOP: 192.0.2.21, via 192.0.2.2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: False, LOCAL_PREF: 100
+  filtered: False ()
+
+101.2.0.0/17, AS_PATH: 999 1 101, NEXT_HOP: 192.0.2.11, via 192.0.2.2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 101
+  filtered: False ()
+
+101.2.0.0/17, AS_PATH: 999 2 101, NEXT_HOP: 192.0.2.21, via 192.0.2.2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: False, LOCAL_PREF: 100
+  filtered: False ()
+
+101.2.128.0/24, AS_PATH: 999 1 101, NEXT_HOP: 192.0.2.11, via 192.0.2.2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 101
+  filtered: False ()
+
+101.2.128.0/24, AS_PATH: 999 2 101, NEXT_HOP: 192.0.2.21, via 192.0.2.2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: False, LOCAL_PREF: 100
+  filtered: False ()
+
+103.0.1.0/24, AS_PATH: 999 1 101 103, NEXT_HOP: 192.0.2.11, via 192.0.2.2
+  std comms: 65535:0
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 101
+  filtered: False ()
+
+103.0.1.0/24, AS_PATH: 999 2 101 101 103, NEXT_HOP: 192.0.2.21, via 192.0.2.2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: False, LOCAL_PREF: 100
+  filtered: False ()
+
+103.0.2.0/24, AS_PATH: 999 1 101 101 103, NEXT_HOP: 192.0.2.11, via 192.0.2.2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 101
+  filtered: False ()
+
+103.0.2.0/24, AS_PATH: 999 2 101 103, NEXT_HOP: 192.0.2.21, via 192.0.2.2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: False, LOCAL_PREF: 100
+  filtered: False ()
+
+104.0.1.0/24, AS_PATH: 999 1 101 104, NEXT_HOP: 192.0.2.11, via 192.0.2.2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 101
+  filtered: False ()
+
+104.1.1.0/24, AS_PATH: 999 1 101 104, NEXT_HOP: 192.0.2.11, via 192.0.2.2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 101
+  filtered: False ()
+
+11.1.1.0/24, AS_PATH: 999 1 1011, NEXT_HOP: 192.0.2.11, via 192.0.2.2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 101
+  filtered: False ()
+
+11.3.0.0/16, AS_PATH: 999 1 1011, NEXT_HOP: 192.0.2.11, via 192.0.2.2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 101
+  filtered: False ()
+
+11.4.1.0/24, AS_PATH: 999 1 1000, NEXT_HOP: 192.0.2.11, via 192.0.2.2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 101
+  filtered: False ()
+
+2.0.1.0/24, AS_PATH: 999 2, NEXT_HOP: 192.0.2.21, via 192.0.2.2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2.0.2.0/24, AS_PATH: 999 2, NEXT_HOP: 192.0.2.21, via 192.0.2.2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2.0.3.1/32, AS_PATH: 999 2, NEXT_HOP: 192.0.2.66, via 192.0.2.2
+  std comms: 65530:4, 65535:65281, 65535:666
+  ext comms:
+  lrg comms: 999:65530:4
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2.0.3.2/32, AS_PATH: 999 2, NEXT_HOP: 192.0.2.66, via 192.0.2.2
+  std comms: 65530:4, 65535:65281, 65535:666
+  ext comms:
+  lrg comms: 999:65530:4
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2.0.3.3/32, AS_PATH: 999 2, NEXT_HOP: 192.0.2.66, via 192.0.2.2
+  std comms: 65530:4, 65535:65281, 65535:666
+  ext comms:
+  lrg comms: 999:65530:4
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2.0.4.0/24, AS_PATH: 999 2, NEXT_HOP: 192.0.2.22, via 192.0.2.2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+222.2.2.0/24, AS_PATH: 999 222 333, NEXT_HOP: 192.0.2.222, via 192.0.2.2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+222.3.3.0/24, AS_PATH: 999 222 333, NEXT_HOP: 192.0.2.222, via 192.0.2.2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+4.0.10.0/24, AS_PATH: 999 4 4 4, NEXT_HOP: 192.0.2.41, via 192.0.2.2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+4.0.5.0/24, AS_PATH: 999 4, NEXT_HOP: 192.0.2.41, via 192.0.2.2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+4.0.8.0/24, AS_PATH: 999 4 4 4 4, NEXT_HOP: 192.0.2.41, via 192.0.2.2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+4.0.9.0/24, AS_PATH: 999 4 4, NEXT_HOP: 192.0.2.41, via 192.0.2.2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
diff --git a/tests/live_tests/scenarios/global/routes/BasicScenario_OpenBGPDIPv4/openbgpd76p/AS4.txt b/tests/live_tests/scenarios/global/routes/BasicScenario_OpenBGPDIPv4/openbgpd76p/AS4.txt
new file mode 100644
index 00000000..6bbc453d
--- /dev/null
+++ b/tests/live_tests/scenarios/global/routes/BasicScenario_OpenBGPDIPv4/openbgpd76p/AS4.txt
@@ -0,0 +1,266 @@
+1.0.1.0/24, AS_PATH: 1, NEXT_HOP: 192.0.2.11, via 192.0.2.2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+1.0.2.0/24, AS_PATH: 1, NEXT_HOP: 192.0.2.11, via 192.0.2.2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+1.0.3.0/24, AS_PATH: 1, NEXT_HOP: 192.0.2.11, via 192.0.2.2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+101.0.1.0/24, AS_PATH: 1 101, NEXT_HOP: 192.0.2.11, via 192.0.2.2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+101.0.128.1/32, AS_PATH: 1 101, NEXT_HOP: 192.0.2.66, via 192.0.2.2
+  std comms: 65530:4, 65535:65281, 65535:666
+  ext comms:
+  lrg comms: 999:65530:4
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+101.0.2.0/24, AS_PATH: 1 101, NEXT_HOP: 192.0.2.11, via 192.0.2.2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+101.0.3.0/24, AS_PATH: 1 101, NEXT_HOP: 192.0.2.11, via 192.0.2.2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+101.0.4.0/24, AS_PATH: 1 101, NEXT_HOP: 192.0.2.11, via 192.0.2.2
+  std comms: 888:0
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+101.0.5.0/24, AS_PATH: 1 101, NEXT_HOP: 192.0.2.11, via 192.0.2.2
+  std comms:
+  ext comms:
+  lrg comms: 888:0:0
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+101.0.6.0/24, AS_PATH: 1 101, NEXT_HOP: 192.0.2.11, via 192.0.2.2
+  std comms: 777:0
+  ext comms:
+  lrg comms: 777:0:0
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+101.0.8.0/24, AS_PATH: 1 101, NEXT_HOP: 192.0.2.11, via 192.0.2.2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+101.2.0.0/17, AS_PATH: 1 101, NEXT_HOP: 192.0.2.11, via 192.0.2.2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+101.2.128.0/24, AS_PATH: 1 101, NEXT_HOP: 192.0.2.11, via 192.0.2.2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+103.0.1.0/24, AS_PATH: 2 101 101 103, NEXT_HOP: 192.0.2.21, via 192.0.2.2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+103.0.2.0/24, AS_PATH: 2 101 103, NEXT_HOP: 192.0.2.21, via 192.0.2.2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+104.0.1.0/24, AS_PATH: 1 101 104, NEXT_HOP: 192.0.2.11, via 192.0.2.2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+104.1.1.0/24, AS_PATH: 1 101 104, NEXT_HOP: 192.0.2.11, via 192.0.2.2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+11.1.1.0/24, AS_PATH: 1 1011, NEXT_HOP: 192.0.2.11, via 192.0.2.2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+11.3.0.0/16, AS_PATH: 1 1011, NEXT_HOP: 192.0.2.11, via 192.0.2.2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+11.4.1.0/24, AS_PATH: 1 1000, NEXT_HOP: 192.0.2.11, via 192.0.2.2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2.0.1.0/24, AS_PATH: 2, NEXT_HOP: 192.0.2.21, via 192.0.2.2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2.0.2.0/24, AS_PATH: 2, NEXT_HOP: 192.0.2.21, via 192.0.2.2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2.0.3.1/32, AS_PATH: 2, NEXT_HOP: 192.0.2.66, via 192.0.2.2
+  std comms: 65530:4, 65535:65281, 65535:666
+  ext comms:
+  lrg comms: 999:65530:4
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2.0.3.2/32, AS_PATH: 2, NEXT_HOP: 192.0.2.66, via 192.0.2.2
+  std comms: 65530:4, 65535:65281, 65535:666
+  ext comms:
+  lrg comms: 999:65530:4
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2.0.3.3/32, AS_PATH: 2, NEXT_HOP: 192.0.2.66, via 192.0.2.2
+  std comms: 65530:4, 65535:65281, 65535:666
+  ext comms:
+  lrg comms: 999:65530:4
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2.0.4.0/24, AS_PATH: 2, NEXT_HOP: 192.0.2.22, via 192.0.2.2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+222.2.2.0/24, AS_PATH: 222 333, NEXT_HOP: 192.0.2.222, via 192.0.2.2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+222.3.3.0/24, AS_PATH: 222 333, NEXT_HOP: 192.0.2.222, via 192.0.2.2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+3.0.10.0/24, AS_PATH: 3 3, NEXT_HOP: 192.0.2.31, via 192.0.2.2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+3.0.11.0/24, AS_PATH: 3, NEXT_HOP: 192.0.2.31, via 192.0.2.2
+  std comms: 65535:65281
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+3.0.12.0/24, AS_PATH: 3, NEXT_HOP: 192.0.2.31, via 192.0.2.2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+3.0.13.0/24, AS_PATH: 3, NEXT_HOP: 192.0.2.31, via 192.0.2.2
+  std comms: 65535:65281
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+3.0.3.0/24, AS_PATH: 3, NEXT_HOP: 192.0.2.31, via 192.0.2.2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+3.0.5.0/24, AS_PATH: 3 3, NEXT_HOP: 192.0.2.31, via 192.0.2.2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+3.0.6.0/24, AS_PATH: 3 3 3, NEXT_HOP: 192.0.2.31, via 192.0.2.2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+3.0.7.0/24, AS_PATH: 3 3 3 3, NEXT_HOP: 192.0.2.31, via 192.0.2.2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+3.0.8.0/24, AS_PATH: 3, NEXT_HOP: 192.0.2.31, via 192.0.2.2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+3.0.9.0/24, AS_PATH: 3, NEXT_HOP: 192.0.2.31, via 192.0.2.2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
diff --git a/tests/live_tests/scenarios/global/routes/BasicScenario_OpenBGPDIPv4/openbgpd76p/rs.txt b/tests/live_tests/scenarios/global/routes/BasicScenario_OpenBGPDIPv4/openbgpd76p/rs.txt
new file mode 100644
index 00000000..d26b2f1b
--- /dev/null
+++ b/tests/live_tests/scenarios/global/routes/BasicScenario_OpenBGPDIPv4/openbgpd76p/rs.txt
@@ -0,0 +1,847 @@
+0.0.0.0/0, AS_PATH: 3, NEXT_HOP: 192.0.2.31, via 192.0.2.31
+  std comms:
+  ext comms: rfc8097-not-found
+  lrg comms:
+  best: True, LOCAL_PREF: 1
+  filtered: True (2)
+
+1.0.1.0/24, AS_PATH: 1, NEXT_HOP: 192.0.2.11, via 192.0.2.11
+  std comms:
+  ext comms: rfc8097-not-found
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+1.0.1.0/24, AS_PATH: 1, NEXT_HOP: 192.0.2.12, via 192.0.2.12
+  std comms:
+  ext comms: rfc8097-not-found
+  lrg comms:
+  best: False, LOCAL_PREF: 100
+  filtered: False ()
+
+1.0.2.0/24, AS_PATH: 1, NEXT_HOP: 192.0.2.11, via 192.0.2.11
+  std comms:
+  ext comms: rfc8097-not-found
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+1.0.2.0/24, AS_PATH: 1, NEXT_HOP: 192.0.2.12, via 192.0.2.12
+  std comms:
+  ext comms: rfc8097-not-found
+  lrg comms:
+  best: False, LOCAL_PREF: 100
+  filtered: False ()
+
+1.0.3.0/24, AS_PATH: 1, NEXT_HOP: 192.0.2.11, via 192.0.2.12
+  std comms:
+  ext comms: rfc8097-not-found
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+10.0.0.0/24, AS_PATH: 1, NEXT_HOP: 192.0.2.11, via 192.0.2.11
+  std comms:
+  ext comms: rfc8097-not-found
+  lrg comms:
+  best: True, LOCAL_PREF: 1
+  filtered: True (2)
+
+101.0.1.0/24, AS_PATH: 1 101, NEXT_HOP: 192.0.2.101, via 192.0.2.12
+  std comms:
+  ext comms: rfc8097-not-found
+  lrg comms:
+  best: False, LOCAL_PREF: 1
+  filtered: True (5)
+
+101.0.1.0/24, AS_PATH: 1 101, NEXT_HOP: 192.0.2.11, via 192.0.2.11
+  std comms:
+  ext comms: rfc8097-not-found
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+101.0.1.0/24, AS_PATH: 2 101, NEXT_HOP: 192.0.2.21, via 192.0.2.21
+  std comms:
+  ext comms: rfc8097-not-found
+  lrg comms:
+  best: False, LOCAL_PREF: 100
+  filtered: False ()
+
+101.0.10.0/24, AS_PATH: 1 101 666, NEXT_HOP: 192.0.2.101, via 192.0.2.12
+  std comms:
+  ext comms: rfc8097-not-found
+  lrg comms:
+  best: False, LOCAL_PREF: 1
+  filtered: True (5)
+
+101.0.10.0/24, AS_PATH: 1 101 666, NEXT_HOP: 192.0.2.11, via 192.0.2.11
+  std comms:
+  ext comms: rfc8097-not-found
+  lrg comms:
+  best: True, LOCAL_PREF: 1
+  filtered: True (15)
+
+101.0.10.0/24, AS_PATH: 2 101 666, NEXT_HOP: 192.0.2.21, via 192.0.2.21
+  std comms:
+  ext comms: rfc8097-not-found
+  lrg comms:
+  best: False, LOCAL_PREF: 1
+  filtered: True (15)
+
+101.0.11.0/24, AS_PATH: 1 101 777, NEXT_HOP: 192.0.2.101, via 192.0.2.12
+  std comms:
+  ext comms: rfc8097-not-found
+  lrg comms:
+  best: False, LOCAL_PREF: 1
+  filtered: True (5)
+
+101.0.11.0/24, AS_PATH: 1 101 777, NEXT_HOP: 192.0.2.11, via 192.0.2.11
+  std comms:
+  ext comms: rfc8097-not-found
+  lrg comms:
+  best: True, LOCAL_PREF: 1
+  filtered: True (15)
+
+101.0.11.0/24, AS_PATH: 2 101 777, NEXT_HOP: 192.0.2.21, via 192.0.2.21
+  std comms:
+  ext comms: rfc8097-not-found
+  lrg comms:
+  best: False, LOCAL_PREF: 1
+  filtered: True (15)
+
+101.0.128.0/24, AS_PATH: 1 101, NEXT_HOP: 192.0.2.101, via 192.0.2.12
+  std comms:
+  ext comms: rfc8097-invalid
+  lrg comms:
+  best: False, LOCAL_PREF: 1
+  filtered: True (5)
+
+101.0.128.0/24, AS_PATH: 1 101, NEXT_HOP: 192.0.2.11, via 192.0.2.11
+  std comms:
+  ext comms: rfc8097-invalid
+  lrg comms:
+  best: True, LOCAL_PREF: 1
+  filtered: True (14)
+
+101.0.128.0/24, AS_PATH: 2 101, NEXT_HOP: 192.0.2.21, via 192.0.2.21
+  std comms:
+  ext comms: rfc8097-invalid
+  lrg comms:
+  best: False, LOCAL_PREF: 1
+  filtered: True (14)
+
+101.0.128.1/32, AS_PATH: 1 101, NEXT_HOP: 192.0.2.101, via 192.0.2.12
+  std comms: 65535:666
+  ext comms: rfc8097-invalid
+  lrg comms:
+  best: False, LOCAL_PREF: 1
+  filtered: True (5)
+
+101.0.128.1/32, AS_PATH: 1 101, NEXT_HOP: 192.0.2.11, via 192.0.2.11
+  std comms: 65530:4, 65535:666
+  ext comms: rfc8097-invalid
+  lrg comms: 999:65530:4
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+101.0.128.1/32, AS_PATH: 2 101, NEXT_HOP: 192.0.2.21, via 192.0.2.21
+  std comms: 65530:4, 65535:666
+  ext comms: rfc8097-invalid
+  lrg comms: 999:65530:4
+  best: False, LOCAL_PREF: 100
+  filtered: False ()
+
+101.0.2.0/24, AS_PATH: 1 101, NEXT_HOP: 192.0.2.101, via 192.0.2.12
+  std comms:
+  ext comms: rfc8097-not-found
+  lrg comms:
+  best: False, LOCAL_PREF: 1
+  filtered: True (5)
+
+101.0.2.0/24, AS_PATH: 1 101, NEXT_HOP: 192.0.2.11, via 192.0.2.11
+  std comms:
+  ext comms: rfc8097-not-found
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+101.0.2.0/24, AS_PATH: 2 101, NEXT_HOP: 192.0.2.21, via 192.0.2.21
+  std comms:
+  ext comms: rfc8097-not-found
+  lrg comms:
+  best: False, LOCAL_PREF: 100
+  filtered: False ()
+
+101.0.3.0/24, AS_PATH: 1 101, NEXT_HOP: 192.0.2.101, via 192.0.2.12
+  std comms:
+  ext comms: rfc8097-not-found
+  lrg comms:
+  best: False, LOCAL_PREF: 1
+  filtered: True (5)
+
+101.0.3.0/24, AS_PATH: 1 101, NEXT_HOP: 192.0.2.11, via 192.0.2.11
+  std comms:
+  ext comms: rfc8097-not-found
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+101.0.3.0/24, AS_PATH: 2 101, NEXT_HOP: 192.0.2.21, via 192.0.2.21
+  std comms:
+  ext comms: rfc8097-not-found
+  lrg comms:
+  best: False, LOCAL_PREF: 100
+  filtered: False ()
+
+101.0.4.0/24, AS_PATH: 1 101, NEXT_HOP: 192.0.2.101, via 192.0.2.12
+  std comms: 888:0
+  ext comms: rfc8097-not-found
+  lrg comms:
+  best: False, LOCAL_PREF: 1
+  filtered: True (5)
+
+101.0.4.0/24, AS_PATH: 1 101, NEXT_HOP: 192.0.2.11, via 192.0.2.11
+  std comms: 888:0
+  ext comms: rfc8097-not-found
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+101.0.4.0/24, AS_PATH: 2 101, NEXT_HOP: 192.0.2.21, via 192.0.2.21
+  std comms: 888:0
+  ext comms: rfc8097-not-found
+  lrg comms:
+  best: False, LOCAL_PREF: 100
+  filtered: False ()
+
+101.0.5.0/24, AS_PATH: 1 101, NEXT_HOP: 192.0.2.101, via 192.0.2.12
+  std comms:
+  ext comms: rfc8097-not-found
+  lrg comms: 888:0:0
+  best: False, LOCAL_PREF: 1
+  filtered: True (5)
+
+101.0.5.0/24, AS_PATH: 1 101, NEXT_HOP: 192.0.2.11, via 192.0.2.11
+  std comms:
+  ext comms: rfc8097-not-found
+  lrg comms: 888:0:0
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+101.0.5.0/24, AS_PATH: 2 101, NEXT_HOP: 192.0.2.21, via 192.0.2.21
+  std comms:
+  ext comms: rfc8097-not-found
+  lrg comms: 888:0:0
+  best: False, LOCAL_PREF: 100
+  filtered: False ()
+
+101.0.6.0/24, AS_PATH: 1 101, NEXT_HOP: 192.0.2.101, via 192.0.2.12
+  std comms: 777:0
+  ext comms: rfc8097-not-found
+  lrg comms: 777:0:0
+  best: False, LOCAL_PREF: 1
+  filtered: True (5)
+
+101.0.6.0/24, AS_PATH: 1 101, NEXT_HOP: 192.0.2.11, via 192.0.2.11
+  std comms: 777:0
+  ext comms: rfc8097-not-found
+  lrg comms: 777:0:0
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+101.0.6.0/24, AS_PATH: 2 101, NEXT_HOP: 192.0.2.21, via 192.0.2.21
+  std comms: 777:0
+  ext comms: rfc8097-not-found
+  lrg comms: 777:0:0
+  best: False, LOCAL_PREF: 100
+  filtered: False ()
+
+101.0.7.0/24, AS_PATH: 1 101 174, NEXT_HOP: 192.0.2.101, via 192.0.2.12
+  std comms:
+  ext comms: rfc8097-not-found
+  lrg comms:
+  best: False, LOCAL_PREF: 1
+  filtered: True (5)
+
+101.0.7.0/24, AS_PATH: 1 101 174, NEXT_HOP: 192.0.2.11, via 192.0.2.11
+  std comms:
+  ext comms: rfc8097-not-found
+  lrg comms:
+  best: True, LOCAL_PREF: 1
+  filtered: True (8)
+
+101.0.7.0/24, AS_PATH: 2 101 174, NEXT_HOP: 192.0.2.21, via 192.0.2.21
+  std comms:
+  ext comms: rfc8097-not-found
+  lrg comms:
+  best: False, LOCAL_PREF: 1
+  filtered: True (8)
+
+101.0.8.0/24, AS_PATH: 1 101, NEXT_HOP: 192.0.2.101, via 192.0.2.12
+  std comms:
+  ext comms: rfc8097-valid
+  lrg comms:
+  best: False, LOCAL_PREF: 1
+  filtered: True (5)
+
+101.0.8.0/24, AS_PATH: 1 101, NEXT_HOP: 192.0.2.11, via 192.0.2.11
+  std comms:
+  ext comms: rfc8097-valid
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+101.0.8.0/24, AS_PATH: 2 101, NEXT_HOP: 192.0.2.21, via 192.0.2.21
+  std comms:
+  ext comms: rfc8097-valid
+  lrg comms:
+  best: False, LOCAL_PREF: 100
+  filtered: False ()
+
+101.0.9.0/24, AS_PATH: 1 101, NEXT_HOP: 192.0.2.101, via 192.0.2.12
+  std comms:
+  ext comms: rfc8097-invalid
+  lrg comms:
+  best: False, LOCAL_PREF: 1
+  filtered: True (5)
+
+101.0.9.0/24, AS_PATH: 1 101, NEXT_HOP: 192.0.2.11, via 192.0.2.11
+  std comms:
+  ext comms: rfc8097-invalid
+  lrg comms:
+  best: True, LOCAL_PREF: 1
+  filtered: True (14)
+
+101.0.9.0/24, AS_PATH: 2 101, NEXT_HOP: 192.0.2.21, via 192.0.2.21
+  std comms:
+  ext comms: rfc8097-invalid
+  lrg comms:
+  best: False, LOCAL_PREF: 1
+  filtered: True (14)
+
+101.1.0.0/24, AS_PATH: 1 101, NEXT_HOP: 192.0.2.101, via 192.0.2.12
+  std comms:
+  ext comms: rfc8097-not-found
+  lrg comms:
+  best: False, LOCAL_PREF: 1
+  filtered: True (5)
+
+101.1.0.0/24, AS_PATH: 1 101, NEXT_HOP: 192.0.2.11, via 192.0.2.11
+  std comms:
+  ext comms: rfc8097-not-found
+  lrg comms:
+  best: True, LOCAL_PREF: 1
+  filtered: True (12)
+
+101.1.0.0/24, AS_PATH: 2 101, NEXT_HOP: 192.0.2.21, via 192.0.2.21
+  std comms:
+  ext comms: rfc8097-not-found
+  lrg comms:
+  best: False, LOCAL_PREF: 1
+  filtered: True (12)
+
+101.2.0.0/17, AS_PATH: 1 101, NEXT_HOP: 192.0.2.101, via 192.0.2.12
+  std comms:
+  ext comms: rfc8097-valid
+  lrg comms:
+  best: False, LOCAL_PREF: 1
+  filtered: True (5)
+
+101.2.0.0/17, AS_PATH: 1 101, NEXT_HOP: 192.0.2.11, via 192.0.2.11
+  std comms:
+  ext comms: rfc8097-valid
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+101.2.0.0/17, AS_PATH: 2 101, NEXT_HOP: 192.0.2.21, via 192.0.2.21
+  std comms:
+  ext comms: rfc8097-valid
+  lrg comms:
+  best: False, LOCAL_PREF: 100
+  filtered: False ()
+
+101.2.1.0/24, AS_PATH: 1 101, NEXT_HOP: 192.0.2.101, via 192.0.2.12
+  std comms:
+  ext comms: rfc8097-invalid
+  lrg comms:
+  best: False, LOCAL_PREF: 1
+  filtered: True (5)
+
+101.2.1.0/24, AS_PATH: 1 101, NEXT_HOP: 192.0.2.11, via 192.0.2.11
+  std comms:
+  ext comms: rfc8097-invalid
+  lrg comms:
+  best: True, LOCAL_PREF: 1
+  filtered: True (12)
+
+101.2.1.0/24, AS_PATH: 2 101, NEXT_HOP: 192.0.2.21, via 192.0.2.21
+  std comms:
+  ext comms: rfc8097-invalid
+  lrg comms:
+  best: False, LOCAL_PREF: 1
+  filtered: True (12)
+
+101.2.128.0/24, AS_PATH: 1 101, NEXT_HOP: 192.0.2.101, via 192.0.2.12
+  std comms:
+  ext comms: rfc8097-valid
+  lrg comms:
+  best: False, LOCAL_PREF: 1
+  filtered: True (5)
+
+101.2.128.0/24, AS_PATH: 1 101, NEXT_HOP: 192.0.2.11, via 192.0.2.11
+  std comms:
+  ext comms: rfc8097-valid
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+101.2.128.0/24, AS_PATH: 2 101, NEXT_HOP: 192.0.2.21, via 192.0.2.21
+  std comms:
+  ext comms: rfc8097-valid
+  lrg comms:
+  best: False, LOCAL_PREF: 100
+  filtered: False ()
+
+101.3.0.0/24, AS_PATH: 1 101 105, NEXT_HOP: 192.0.2.101, via 192.0.2.12
+  std comms:
+  ext comms: rfc8097-valid
+  lrg comms:
+  best: False, LOCAL_PREF: 1
+  filtered: True (5)
+
+101.3.0.0/24, AS_PATH: 1 101 105, NEXT_HOP: 192.0.2.11, via 192.0.2.11
+  std comms:
+  ext comms: rfc8097-valid
+  lrg comms:
+  best: True, LOCAL_PREF: 1
+  filtered: True (9)
+
+101.3.0.0/24, AS_PATH: 2 101 105, NEXT_HOP: 192.0.2.21, via 192.0.2.21
+  std comms:
+  ext comms: rfc8097-valid
+  lrg comms:
+  best: False, LOCAL_PREF: 1
+  filtered: True (9)
+
+102.0.1.0/24, AS_PATH: 1 101 102, NEXT_HOP: 192.0.2.101, via 192.0.2.12
+  std comms:
+  ext comms: rfc8097-not-found
+  lrg comms:
+  best: False, LOCAL_PREF: 1
+  filtered: True (5)
+
+102.0.1.0/24, AS_PATH: 1 101 102, NEXT_HOP: 192.0.2.11, via 192.0.2.11
+  std comms:
+  ext comms: rfc8097-not-found
+  lrg comms:
+  best: True, LOCAL_PREF: 1
+  filtered: True (9)
+
+102.0.1.0/24, AS_PATH: 2 101 102, NEXT_HOP: 192.0.2.21, via 192.0.2.21
+  std comms:
+  ext comms: rfc8097-not-found
+  lrg comms:
+  best: False, LOCAL_PREF: 1
+  filtered: True (9)
+
+103.0.1.0/24, AS_PATH: 1 101 103, NEXT_HOP: 192.0.2.101, via 192.0.2.12
+  std comms: 65535:0
+  ext comms: rfc8097-not-found
+  lrg comms:
+  best: False, LOCAL_PREF: 1
+  filtered: True (5)
+
+103.0.1.0/24, AS_PATH: 1 101 103, NEXT_HOP: 192.0.2.11, via 192.0.2.11
+  std comms: 65535:0
+  ext comms: rfc8097-not-found
+  lrg comms:
+  best: False, LOCAL_PREF: 5
+  filtered: False ()
+
+103.0.1.0/24, AS_PATH: 2 101 101 103, NEXT_HOP: 192.0.2.21, via 192.0.2.21
+  std comms:
+  ext comms: rfc8097-not-found
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+103.0.2.0/24, AS_PATH: 1 101 101 103, NEXT_HOP: 192.0.2.101, via 192.0.2.12
+  std comms:
+  ext comms: rfc8097-not-found
+  lrg comms:
+  best: False, LOCAL_PREF: 1
+  filtered: True (5)
+
+103.0.2.0/24, AS_PATH: 1 101 101 103, NEXT_HOP: 192.0.2.11, via 192.0.2.11
+  std comms:
+  ext comms: rfc8097-not-found
+  lrg comms:
+  best: False, LOCAL_PREF: 100
+  filtered: False ()
+
+103.0.2.0/24, AS_PATH: 2 101 103, NEXT_HOP: 192.0.2.21, via 192.0.2.21
+  std comms:
+  ext comms: rfc8097-not-found
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+104.0.1.0/24, AS_PATH: 1 101 104, NEXT_HOP: 192.0.2.101, via 192.0.2.12
+  std comms:
+  ext comms: rfc8097-not-found
+  lrg comms:
+  best: False, LOCAL_PREF: 1
+  filtered: True (5)
+
+104.0.1.0/24, AS_PATH: 1 101 104, NEXT_HOP: 192.0.2.11, via 192.0.2.11
+  std comms:
+  ext comms: rfc8097-not-found
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+104.0.1.0/24, AS_PATH: 2 101 104, NEXT_HOP: 192.0.2.21, via 192.0.2.21
+  std comms:
+  ext comms: rfc8097-not-found
+  lrg comms:
+  best: False, LOCAL_PREF: 1
+  filtered: True (9)
+
+104.1.1.0/24, AS_PATH: 1 101 104, NEXT_HOP: 192.0.2.101, via 192.0.2.12
+  std comms:
+  ext comms: rfc8097-not-found
+  lrg comms:
+  best: False, LOCAL_PREF: 1
+  filtered: True (5)
+
+104.1.1.0/24, AS_PATH: 1 101 104, NEXT_HOP: 192.0.2.11, via 192.0.2.11
+  std comms:
+  ext comms: rfc8097-not-found
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+104.1.1.0/24, AS_PATH: 2 101 104, NEXT_HOP: 192.0.2.21, via 192.0.2.21
+  std comms:
+  ext comms: rfc8097-not-found
+  lrg comms:
+  best: False, LOCAL_PREF: 1
+  filtered: True (9)
+
+11.1.1.0/24, AS_PATH: 1 1011, NEXT_HOP: 192.0.2.11, via 192.0.2.11
+  std comms:
+  ext comms: rfc8097-not-found
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+11.1.2.0/24, AS_PATH: 1 1000, NEXT_HOP: 192.0.2.11, via 192.0.2.11
+  std comms:
+  ext comms: rfc8097-not-found
+  lrg comms:
+  best: True, LOCAL_PREF: 1
+  filtered: True (9)
+
+11.2.1.0/24, AS_PATH: 1 1011, NEXT_HOP: 192.0.2.11, via 192.0.2.11
+  std comms:
+  ext comms: rfc8097-not-found
+  lrg comms:
+  best: True, LOCAL_PREF: 1
+  filtered: True (12)
+
+11.3.0.0/16, AS_PATH: 1 1011, NEXT_HOP: 192.0.2.11, via 192.0.2.11
+  std comms:
+  ext comms: rfc8097-not-found
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+11.3.1.0/24, AS_PATH: 1 1011, NEXT_HOP: 192.0.2.11, via 192.0.2.11
+  std comms:
+  ext comms: rfc8097-not-found
+  lrg comms:
+  best: True, LOCAL_PREF: 1
+  filtered: True (12)
+
+11.4.1.0/24, AS_PATH: 1 1000, NEXT_HOP: 192.0.2.11, via 192.0.2.11
+  std comms:
+  ext comms: rfc8097-not-found
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+128.0.0.0/10, AS_PATH: 1 2 2 2 2 2 2 1, NEXT_HOP: 192.0.2.11, via 192.0.2.11
+  std comms:
+  ext comms: rfc8097-not-found
+  lrg comms:
+  best: True, LOCAL_PREF: 1
+  filtered: True (1)
+
+128.0.0.0/7, AS_PATH: 1, NEXT_HOP: 192.0.2.11, via 192.0.2.11
+  std comms:
+  ext comms: rfc8097-not-found
+  lrg comms:
+  best: True, LOCAL_PREF: 1
+  filtered: True (13)
+
+128.0.0.0/8, AS_PATH: 2 1, NEXT_HOP: 192.0.2.11, via 192.0.2.11
+  std comms:
+  ext comms: rfc8097-not-found
+  lrg comms: 999:1101:7
+  best: True, LOCAL_PREF: 1
+  filtered: True (6)
+
+128.0.0.0/9, AS_PATH: 1 65536 1, NEXT_HOP: 192.0.2.11, via 192.0.2.11
+  std comms:
+  ext comms: rfc8097-not-found
+  lrg comms:
+  best: True, LOCAL_PREF: 1
+  filtered: True (7)
+
+192.0.2.0/24, AS_PATH: 1, NEXT_HOP: 192.0.2.11, via 192.0.2.11
+  std comms:
+  ext comms: rfc8097-not-found
+  lrg comms:
+  best: True, LOCAL_PREF: 1
+  filtered: True (3)
+
+2.0.1.0/24, AS_PATH: 2, NEXT_HOP: 192.0.2.21, via 192.0.2.21
+  std comms:
+  ext comms: rfc8097-not-found
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2.0.2.0/24, AS_PATH: 2, NEXT_HOP: 192.0.2.21, via 192.0.2.21
+  std comms:
+  ext comms: rfc8097-not-found
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2.0.3.1/32, AS_PATH: 2, NEXT_HOP: 192.0.2.21, via 192.0.2.21
+  std comms: 65530:4, 65535:666
+  ext comms: rfc8097-not-found
+  lrg comms: 999:65530:4
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2.0.3.2/32, AS_PATH: 2, NEXT_HOP: 192.0.2.21, via 192.0.2.21
+  std comms: 65530:4, 65534:0
+  ext comms: rfc8097-not-found
+  lrg comms: 999:65530:4
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2.0.3.3/32, AS_PATH: 2, NEXT_HOP: 192.0.2.21, via 192.0.2.21
+  std comms: 65530:4
+  ext comms: rfc8097-not-found
+  lrg comms: 65534:0:0, 999:65530:4
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2.0.4.0/24, AS_PATH: 2, NEXT_HOP: 192.0.2.22, via 192.0.2.21
+  std comms:
+  ext comms: rfc8097-not-found
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2.0.5.0/24, AS_PATH: 2, NEXT_HOP: 192.0.2.23, via 192.0.2.21
+  std comms:
+  ext comms: rfc8097-not-found
+  lrg comms:
+  best: True, LOCAL_PREF: 1
+  filtered: True (5)
+
+222.1.1.0/24, AS_PATH: 222 333, NEXT_HOP: 192.0.2.222, via 192.0.2.222
+  std comms:
+  ext comms: rfc8097-invalid
+  lrg comms:
+  best: True, LOCAL_PREF: 1
+  filtered: True (14)
+
+222.2.2.0/24, AS_PATH: 222 333, NEXT_HOP: 192.0.2.222, via 192.0.2.222
+  std comms:
+  ext comms: rfc8097-not-found
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+222.3.3.0/24, AS_PATH: 222 333, NEXT_HOP: 192.0.2.222, via 192.0.2.222
+  std comms:
+  ext comms: rfc8097-not-found
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+3.0.1.0/24, AS_PATH: 3, NEXT_HOP: 192.0.2.31, via 192.0.2.31
+  std comms:
+  ext comms: rfc8097-not-found
+  lrg comms:
+  best: True, LOCAL_PREF: 1
+  filtered: True (11)
+
+3.0.10.0/24, AS_PATH: 3, NEXT_HOP: 192.0.2.31, via 192.0.2.31
+  std comms: 65521:65521, 65523:1
+  ext comms: rfc8097-not-found
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+3.0.11.0/24, AS_PATH: 3, NEXT_HOP: 192.0.2.31, via 192.0.2.31
+  std comms: 65507:999
+  ext comms: rfc8097-not-found
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+3.0.12.0/24, AS_PATH: 3, NEXT_HOP: 192.0.2.31, via 192.0.2.31
+  std comms: 65509:1, 65523:2
+  ext comms: rfc8097-not-found
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+3.0.13.0/24, AS_PATH: 3, NEXT_HOP: 192.0.2.31, via 192.0.2.31
+  std comms:
+  ext comms: rfc8097-not-found, soo:65535:65281
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+3.0.14.0/24, AS_PATH: 3 174 33, NEXT_HOP: 192.0.2.31, via 192.0.2.31
+  std comms:
+  ext comms: rfc8097-not-found
+  lrg comms:
+  best: True, LOCAL_PREF: 1
+  filtered: True (8)
+
+3.0.2.0/24, AS_PATH: 3, NEXT_HOP: 192.0.2.31, via 192.0.2.31
+  std comms: 0:999, 65501:1
+  ext comms: rfc8097-not-found
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+3.0.3.0/24, AS_PATH: 3, NEXT_HOP: 192.0.2.31, via 192.0.2.31
+  std comms: 0:1
+  ext comms: rfc8097-not-found
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+3.0.4.0/24, AS_PATH: 3, NEXT_HOP: 192.0.2.31, via 192.0.2.31
+  std comms: 0:999
+  ext comms: rfc8097-not-found
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+3.0.5.0/24, AS_PATH: 3, NEXT_HOP: 192.0.2.31, via 192.0.2.31
+  std comms: 65521:65521
+  ext comms: rfc8097-not-found
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+3.0.6.0/24, AS_PATH: 3, NEXT_HOP: 192.0.2.31, via 192.0.2.31
+  std comms: 65522:65522
+  ext comms: rfc8097-not-found
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+3.0.7.0/24, AS_PATH: 3, NEXT_HOP: 192.0.2.31, via 192.0.2.31
+  std comms: 65523:65523
+  ext comms: rfc8097-not-found
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+3.0.8.0/24, AS_PATH: 3, NEXT_HOP: 192.0.2.31, via 192.0.2.31
+  std comms: 65521:1
+  ext comms: rfc8097-not-found
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+3.0.9.0/24, AS_PATH: 3, NEXT_HOP: 192.0.2.31, via 192.0.2.31
+  std comms: 65522:2
+  ext comms: rfc8097-not-found
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+4.0.1.0/24, AS_PATH: 4, NEXT_HOP: 192.0.2.41, via 192.0.2.41
+  std comms: 0:999, 64532:15
+  ext comms: rfc8097-not-found
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+4.0.10.0/24, AS_PATH: 4, NEXT_HOP: 192.0.2.41, via 192.0.2.41
+  std comms:
+  ext comms: rfc8097-not-found, rt:64537:10, rt:64538:20
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+4.0.2.0/24, AS_PATH: 4, NEXT_HOP: 192.0.2.41, via 192.0.2.41
+  std comms: 0:999, 64532:5
+  ext comms: rfc8097-not-found
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+4.0.3.0/24, AS_PATH: 4, NEXT_HOP: 192.0.2.41, via 192.0.2.41
+  std comms: 64531:15
+  ext comms: rfc8097-not-found
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+4.0.4.0/24, AS_PATH: 4, NEXT_HOP: 192.0.2.41, via 192.0.2.41
+  std comms: 64531:5
+  ext comms: rfc8097-not-found
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+4.0.5.0/24, AS_PATH: 4, NEXT_HOP: 192.0.2.41, via 192.0.2.41
+  std comms: 64531:5, 65501:3
+  ext comms: rfc8097-not-found
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+4.0.6.0/24, AS_PATH: 4, NEXT_HOP: 192.0.2.41, via 192.0.2.41
+  std comms: 64530:5, 64531:100
+  ext comms: rfc8097-not-found
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+4.0.7.1/32, AS_PATH: 4, NEXT_HOP: 192.0.2.41, via 192.0.2.41
+  std comms: 64531:20, 65530:4, 65535:666
+  ext comms: rfc8097-not-found
+  lrg comms: 999:65530:4
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+4.0.8.0/24, AS_PATH: 4, NEXT_HOP: 192.0.2.41, via 192.0.2.41
+  std comms: 64538:10, 64539:100
+  ext comms: rfc8097-not-found
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+4.0.9.0/24, AS_PATH: 4, NEXT_HOP: 192.0.2.41, via 192.0.2.41
+  std comms: 64535:20, 64536:5, 65521:65521
+  ext comms: rfc8097-not-found
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
diff --git a/tests/live_tests/scenarios/global/routes/BasicScenario_OpenBGPDIPv4/openbgpd77p/AS101.txt b/tests/live_tests/scenarios/global/routes/BasicScenario_OpenBGPDIPv4/openbgpd77p/AS101.txt
new file mode 100644
index 00000000..6fcbe9f9
--- /dev/null
+++ b/tests/live_tests/scenarios/global/routes/BasicScenario_OpenBGPDIPv4/openbgpd77p/AS101.txt
@@ -0,0 +1,588 @@
+1.0.1.0/24, AS_PATH: 1, NEXT_HOP: 192.0.2.11, via 192.0.2.11
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+1.0.1.0/24, AS_PATH: 1, NEXT_HOP: 192.0.2.12, via 192.0.2.12
+  std comms:
+  ext comms:
+  lrg comms:
+  best: False, LOCAL_PREF: 100
+  filtered: False ()
+
+1.0.1.0/24, AS_PATH: 2 1, NEXT_HOP: 192.0.2.11, via 192.0.2.21
+  std comms:
+  ext comms:
+  lrg comms:
+  best: False, LOCAL_PREF: 100
+  filtered: False ()
+
+1.0.2.0/24, AS_PATH: 1, NEXT_HOP: 192.0.2.11, via 192.0.2.11
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+1.0.2.0/24, AS_PATH: 1, NEXT_HOP: 192.0.2.12, via 192.0.2.12
+  std comms:
+  ext comms:
+  lrg comms:
+  best: False, LOCAL_PREF: 100
+  filtered: False ()
+
+1.0.2.0/24, AS_PATH: 2 1, NEXT_HOP: 192.0.2.11, via 192.0.2.21
+  std comms:
+  ext comms:
+  lrg comms:
+  best: False, LOCAL_PREF: 100
+  filtered: False ()
+
+1.0.3.0/24, AS_PATH: 1, NEXT_HOP: 192.0.2.12, via 192.0.2.12
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+1.0.3.0/24, AS_PATH: 2 1, NEXT_HOP: 192.0.2.11, via 192.0.2.21
+  std comms:
+  ext comms:
+  lrg comms:
+  best: False, LOCAL_PREF: 100
+  filtered: False ()
+
+10.0.0.0/24, AS_PATH: 1, NEXT_HOP: 192.0.2.11, via 192.0.2.11
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+11.1.1.0/24, AS_PATH: 1, NEXT_HOP: 192.0.2.11, via 192.0.2.11
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+11.1.1.0/24, AS_PATH: 2 1 1011, NEXT_HOP: 192.0.2.11, via 192.0.2.21
+  std comms:
+  ext comms:
+  lrg comms:
+  best: False, LOCAL_PREF: 100
+  filtered: False ()
+
+11.1.2.0/24, AS_PATH: 1, NEXT_HOP: 192.0.2.11, via 192.0.2.11
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+11.2.1.0/24, AS_PATH: 1, NEXT_HOP: 192.0.2.11, via 192.0.2.11
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+11.3.0.0/16, AS_PATH: 1, NEXT_HOP: 192.0.2.11, via 192.0.2.11
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+11.3.0.0/16, AS_PATH: 2 1 1011, NEXT_HOP: 192.0.2.11, via 192.0.2.21
+  std comms:
+  ext comms:
+  lrg comms:
+  best: False, LOCAL_PREF: 100
+  filtered: False ()
+
+11.3.1.0/24, AS_PATH: 1, NEXT_HOP: 192.0.2.11, via 192.0.2.11
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+11.4.1.0/24, AS_PATH: 1, NEXT_HOP: 192.0.2.11, via 192.0.2.11
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+11.4.1.0/24, AS_PATH: 2 1 1000, NEXT_HOP: 192.0.2.11, via 192.0.2.21
+  std comms:
+  ext comms:
+  lrg comms:
+  best: False, LOCAL_PREF: 100
+  filtered: False ()
+
+128.0.0.0/10, AS_PATH: 1, NEXT_HOP: 192.0.2.11, via 192.0.2.11
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+128.0.0.0/7, AS_PATH: 1, NEXT_HOP: 192.0.2.11, via 192.0.2.11
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+128.0.0.0/8, AS_PATH: 1, NEXT_HOP: 192.0.2.11, via 192.0.2.11
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+128.0.0.0/9, AS_PATH: 1, NEXT_HOP: 192.0.2.11, via 192.0.2.11
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+192.0.2.0/24, AS_PATH: 1, NEXT_HOP: 192.0.2.11, via 192.0.2.11
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2.0.1.0/24, AS_PATH: 1 2, NEXT_HOP: 192.0.2.21, via 192.0.2.11
+  std comms:
+  ext comms:
+  lrg comms:
+  best: False, LOCAL_PREF: 100
+  filtered: False ()
+
+2.0.1.0/24, AS_PATH: 1 2, NEXT_HOP: 192.0.2.21, via 192.0.2.12
+  std comms:
+  ext comms:
+  lrg comms:
+  best: False, LOCAL_PREF: 100
+  filtered: False ()
+
+2.0.1.0/24, AS_PATH: 2, NEXT_HOP: 192.0.2.21, via 192.0.2.21
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2.0.2.0/24, AS_PATH: 1 2, NEXT_HOP: 192.0.2.21, via 192.0.2.11
+  std comms:
+  ext comms:
+  lrg comms:
+  best: False, LOCAL_PREF: 100
+  filtered: False ()
+
+2.0.2.0/24, AS_PATH: 1 2, NEXT_HOP: 192.0.2.21, via 192.0.2.12
+  std comms:
+  ext comms:
+  lrg comms:
+  best: False, LOCAL_PREF: 100
+  filtered: False ()
+
+2.0.2.0/24, AS_PATH: 2, NEXT_HOP: 192.0.2.21, via 192.0.2.21
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2.0.3.1/32, AS_PATH: 2, NEXT_HOP: 192.0.2.21, via 192.0.2.21
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2.0.3.2/32, AS_PATH: 2, NEXT_HOP: 192.0.2.21, via 192.0.2.21
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2.0.3.3/32, AS_PATH: 2, NEXT_HOP: 192.0.2.21, via 192.0.2.21
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2.0.4.0/24, AS_PATH: 1 2, NEXT_HOP: 192.0.2.22, via 192.0.2.11
+  std comms:
+  ext comms:
+  lrg comms:
+  best: False, LOCAL_PREF: 100
+  filtered: False ()
+
+2.0.4.0/24, AS_PATH: 1 2, NEXT_HOP: 192.0.2.22, via 192.0.2.12
+  std comms:
+  ext comms:
+  lrg comms:
+  best: False, LOCAL_PREF: 100
+  filtered: False ()
+
+2.0.4.0/24, AS_PATH: 2, NEXT_HOP: 192.0.2.21, via 192.0.2.21
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2.0.5.0/24, AS_PATH: 2, NEXT_HOP: 192.0.2.21, via 192.0.2.21
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+222.2.2.0/24, AS_PATH: 1 222 333, NEXT_HOP: 192.0.2.222, via 192.0.2.11
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+222.2.2.0/24, AS_PATH: 1 222 333, NEXT_HOP: 192.0.2.222, via 192.0.2.12
+  std comms:
+  ext comms:
+  lrg comms:
+  best: False, LOCAL_PREF: 100
+  filtered: False ()
+
+222.2.2.0/24, AS_PATH: 2 222 333, NEXT_HOP: 192.0.2.222, via 192.0.2.21
+  std comms:
+  ext comms:
+  lrg comms:
+  best: False, LOCAL_PREF: 100
+  filtered: False ()
+
+222.3.3.0/24, AS_PATH: 1 222 333, NEXT_HOP: 192.0.2.222, via 192.0.2.11
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+222.3.3.0/24, AS_PATH: 1 222 333, NEXT_HOP: 192.0.2.222, via 192.0.2.12
+  std comms:
+  ext comms:
+  lrg comms:
+  best: False, LOCAL_PREF: 100
+  filtered: False ()
+
+222.3.3.0/24, AS_PATH: 2 222 333, NEXT_HOP: 192.0.2.222, via 192.0.2.21
+  std comms:
+  ext comms:
+  lrg comms:
+  best: False, LOCAL_PREF: 100
+  filtered: False ()
+
+3.0.10.0/24, AS_PATH: 1 3 3 3 3, NEXT_HOP: 192.0.2.31, via 192.0.2.11
+  std comms:
+  ext comms:
+  lrg comms:
+  best: False, LOCAL_PREF: 100
+  filtered: False ()
+
+3.0.10.0/24, AS_PATH: 1 3 3 3 3, NEXT_HOP: 192.0.2.31, via 192.0.2.12
+  std comms:
+  ext comms:
+  lrg comms:
+  best: False, LOCAL_PREF: 100
+  filtered: False ()
+
+3.0.10.0/24, AS_PATH: 2 3 3, NEXT_HOP: 192.0.2.31, via 192.0.2.21
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+3.0.12.0/24, AS_PATH: 2 3 3 3 3, NEXT_HOP: 192.0.2.31, via 192.0.2.21
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+3.0.2.0/24, AS_PATH: 1 3, NEXT_HOP: 192.0.2.31, via 192.0.2.11
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+3.0.2.0/24, AS_PATH: 1 3, NEXT_HOP: 192.0.2.31, via 192.0.2.12
+  std comms:
+  ext comms:
+  lrg comms:
+  best: False, LOCAL_PREF: 100
+  filtered: False ()
+
+3.0.3.0/24, AS_PATH: 2 3, NEXT_HOP: 192.0.2.31, via 192.0.2.21
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+3.0.5.0/24, AS_PATH: 1 3 3, NEXT_HOP: 192.0.2.31, via 192.0.2.11
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+3.0.5.0/24, AS_PATH: 1 3 3, NEXT_HOP: 192.0.2.31, via 192.0.2.12
+  std comms:
+  ext comms:
+  lrg comms:
+  best: False, LOCAL_PREF: 100
+  filtered: False ()
+
+3.0.5.0/24, AS_PATH: 2 3 3, NEXT_HOP: 192.0.2.31, via 192.0.2.21
+  std comms:
+  ext comms:
+  lrg comms:
+  best: False, LOCAL_PREF: 100
+  filtered: False ()
+
+3.0.6.0/24, AS_PATH: 1 3 3 3, NEXT_HOP: 192.0.2.31, via 192.0.2.11
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+3.0.6.0/24, AS_PATH: 1 3 3 3, NEXT_HOP: 192.0.2.31, via 192.0.2.12
+  std comms:
+  ext comms:
+  lrg comms:
+  best: False, LOCAL_PREF: 100
+  filtered: False ()
+
+3.0.6.0/24, AS_PATH: 2 3 3 3, NEXT_HOP: 192.0.2.31, via 192.0.2.21
+  std comms:
+  ext comms:
+  lrg comms:
+  best: False, LOCAL_PREF: 100
+  filtered: False ()
+
+3.0.7.0/24, AS_PATH: 1 3 3 3 3, NEXT_HOP: 192.0.2.31, via 192.0.2.11
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+3.0.7.0/24, AS_PATH: 1 3 3 3 3, NEXT_HOP: 192.0.2.31, via 192.0.2.12
+  std comms:
+  ext comms:
+  lrg comms:
+  best: False, LOCAL_PREF: 100
+  filtered: False ()
+
+3.0.7.0/24, AS_PATH: 2 3 3 3 3, NEXT_HOP: 192.0.2.31, via 192.0.2.21
+  std comms:
+  ext comms:
+  lrg comms:
+  best: False, LOCAL_PREF: 100
+  filtered: False ()
+
+3.0.8.0/24, AS_PATH: 1 3 3, NEXT_HOP: 192.0.2.31, via 192.0.2.11
+  std comms:
+  ext comms:
+  lrg comms:
+  best: False, LOCAL_PREF: 100
+  filtered: False ()
+
+3.0.8.0/24, AS_PATH: 1 3 3, NEXT_HOP: 192.0.2.31, via 192.0.2.12
+  std comms:
+  ext comms:
+  lrg comms:
+  best: False, LOCAL_PREF: 100
+  filtered: False ()
+
+3.0.8.0/24, AS_PATH: 2 3, NEXT_HOP: 192.0.2.31, via 192.0.2.21
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+3.0.9.0/24, AS_PATH: 1 3, NEXT_HOP: 192.0.2.31, via 192.0.2.11
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+3.0.9.0/24, AS_PATH: 1 3, NEXT_HOP: 192.0.2.31, via 192.0.2.12
+  std comms:
+  ext comms:
+  lrg comms:
+  best: False, LOCAL_PREF: 100
+  filtered: False ()
+
+3.0.9.0/24, AS_PATH: 2 3 3 3, NEXT_HOP: 192.0.2.31, via 192.0.2.21
+  std comms:
+  ext comms:
+  lrg comms:
+  best: False, LOCAL_PREF: 100
+  filtered: False ()
+
+4.0.1.0/24, AS_PATH: 1 4, NEXT_HOP: 192.0.2.41, via 192.0.2.11
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+4.0.1.0/24, AS_PATH: 1 4, NEXT_HOP: 192.0.2.41, via 192.0.2.12
+  std comms:
+  ext comms:
+  lrg comms:
+  best: False, LOCAL_PREF: 100
+  filtered: False ()
+
+4.0.10.0/24, AS_PATH: 1 4, NEXT_HOP: 192.0.2.41, via 192.0.2.11
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+4.0.10.0/24, AS_PATH: 1 4, NEXT_HOP: 192.0.2.41, via 192.0.2.12
+  std comms:
+  ext comms:
+  lrg comms:
+  best: False, LOCAL_PREF: 100
+  filtered: False ()
+
+4.0.10.0/24, AS_PATH: 2 4 4, NEXT_HOP: 192.0.2.41, via 192.0.2.21
+  std comms:
+  ext comms:
+  lrg comms:
+  best: False, LOCAL_PREF: 100
+  filtered: False ()
+
+4.0.2.0/24, AS_PATH: 1 4, NEXT_HOP: 192.0.2.41, via 192.0.2.11
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+4.0.2.0/24, AS_PATH: 1 4, NEXT_HOP: 192.0.2.41, via 192.0.2.12
+  std comms:
+  ext comms:
+  lrg comms:
+  best: False, LOCAL_PREF: 100
+  filtered: False ()
+
+4.0.3.0/24, AS_PATH: 1 4, NEXT_HOP: 192.0.2.41, via 192.0.2.11
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+4.0.3.0/24, AS_PATH: 1 4, NEXT_HOP: 192.0.2.41, via 192.0.2.12
+  std comms:
+  ext comms:
+  lrg comms:
+  best: False, LOCAL_PREF: 100
+  filtered: False ()
+
+4.0.4.0/24, AS_PATH: 1 4, NEXT_HOP: 192.0.2.41, via 192.0.2.11
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+4.0.4.0/24, AS_PATH: 1 4, NEXT_HOP: 192.0.2.41, via 192.0.2.12
+  std comms:
+  ext comms:
+  lrg comms:
+  best: False, LOCAL_PREF: 100
+  filtered: False ()
+
+4.0.5.0/24, AS_PATH: 1 4, NEXT_HOP: 192.0.2.41, via 192.0.2.11
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+4.0.5.0/24, AS_PATH: 1 4, NEXT_HOP: 192.0.2.41, via 192.0.2.12
+  std comms:
+  ext comms:
+  lrg comms:
+  best: False, LOCAL_PREF: 100
+  filtered: False ()
+
+4.0.6.0/24, AS_PATH: 2 4, NEXT_HOP: 192.0.2.41, via 192.0.2.21
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+4.0.8.0/24, AS_PATH: 1 4, NEXT_HOP: 192.0.2.41, via 192.0.2.11
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+4.0.8.0/24, AS_PATH: 1 4, NEXT_HOP: 192.0.2.41, via 192.0.2.12
+  std comms:
+  ext comms:
+  lrg comms:
+  best: False, LOCAL_PREF: 100
+  filtered: False ()
+
+4.0.8.0/24, AS_PATH: 2 4 4 4, NEXT_HOP: 192.0.2.41, via 192.0.2.21
+  std comms:
+  ext comms:
+  lrg comms:
+  best: False, LOCAL_PREF: 100
+  filtered: False ()
+
+4.0.9.0/24, AS_PATH: 1 4 4 4 4, NEXT_HOP: 192.0.2.41, via 192.0.2.11
+  std comms:
+  ext comms:
+  lrg comms:
+  best: False, LOCAL_PREF: 100
+  filtered: False ()
+
+4.0.9.0/24, AS_PATH: 1 4 4 4 4, NEXT_HOP: 192.0.2.41, via 192.0.2.12
+  std comms:
+  ext comms:
+  lrg comms:
+  best: False, LOCAL_PREF: 100
+  filtered: False ()
+
+4.0.9.0/24, AS_PATH: 2 4 4 4, NEXT_HOP: 192.0.2.41, via 192.0.2.21
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
diff --git a/tests/live_tests/scenarios/global/routes/BasicScenario_OpenBGPDIPv4/openbgpd77p/AS1_1.txt b/tests/live_tests/scenarios/global/routes/BasicScenario_OpenBGPDIPv4/openbgpd77p/AS1_1.txt
new file mode 100644
index 00000000..3a6fd1d4
--- /dev/null
+++ b/tests/live_tests/scenarios/global/routes/BasicScenario_OpenBGPDIPv4/openbgpd77p/AS1_1.txt
@@ -0,0 +1,350 @@
+101.0.1.0/24, AS_PATH: 101, NEXT_HOP: 192.0.2.101, via 192.0.2.101
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+101.0.10.0/24, AS_PATH: 101 666, NEXT_HOP: 192.0.2.101, via 192.0.2.101
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+101.0.11.0/24, AS_PATH: 101 777, NEXT_HOP: 192.0.2.101, via 192.0.2.101
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+101.0.128.0/24, AS_PATH: 101, NEXT_HOP: 192.0.2.101, via 192.0.2.101
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+101.0.128.1/32, AS_PATH: 101, NEXT_HOP: 192.0.2.101, via 192.0.2.101
+  std comms: 65535:666
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+101.0.2.0/24, AS_PATH: 101, NEXT_HOP: 192.0.2.101, via 192.0.2.101
+  std comms: 65530:0
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+101.0.3.0/24, AS_PATH: 101, NEXT_HOP: 192.0.2.101, via 192.0.2.101
+  std comms:
+  ext comms:
+  lrg comms: 999:65530:0
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+101.0.4.0/24, AS_PATH: 101, NEXT_HOP: 192.0.2.101, via 192.0.2.101
+  std comms: 888:0
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+101.0.5.0/24, AS_PATH: 101, NEXT_HOP: 192.0.2.101, via 192.0.2.101
+  std comms:
+  ext comms:
+  lrg comms: 888:0:0
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+101.0.6.0/24, AS_PATH: 101, NEXT_HOP: 192.0.2.101, via 192.0.2.101
+  std comms: 65530:1, 777:0
+  ext comms:
+  lrg comms: 777:0:0, 999:65530:1
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+101.0.7.0/24, AS_PATH: 101 174, NEXT_HOP: 192.0.2.101, via 192.0.2.101
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+101.0.8.0/24, AS_PATH: 101, NEXT_HOP: 192.0.2.101, via 192.0.2.101
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+101.0.9.0/24, AS_PATH: 101, NEXT_HOP: 192.0.2.101, via 192.0.2.101
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+101.1.0.0/24, AS_PATH: 101, NEXT_HOP: 192.0.2.101, via 192.0.2.101
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+101.2.0.0/17, AS_PATH: 101, NEXT_HOP: 192.0.2.101, via 192.0.2.101
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+101.2.1.0/24, AS_PATH: 101, NEXT_HOP: 192.0.2.101, via 192.0.2.101
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+101.2.128.0/24, AS_PATH: 101, NEXT_HOP: 192.0.2.101, via 192.0.2.101
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+101.3.0.0/24, AS_PATH: 101 105, NEXT_HOP: 192.0.2.101, via 192.0.2.101
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+102.0.1.0/24, AS_PATH: 101 102, NEXT_HOP: 192.0.2.101, via 192.0.2.101
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+103.0.1.0/24, AS_PATH: 101 103, NEXT_HOP: 192.0.2.101, via 192.0.2.101
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+103.0.2.0/24, AS_PATH: 101 101 103, NEXT_HOP: 192.0.2.101, via 192.0.2.101
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+104.0.1.0/24, AS_PATH: 101 104, NEXT_HOP: 192.0.2.101, via 192.0.2.101
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+104.1.1.0/24, AS_PATH: 101 104, NEXT_HOP: 192.0.2.101, via 192.0.2.101
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2.0.1.0/24, AS_PATH: 2, NEXT_HOP: 192.0.2.21, via 192.0.2.2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2.0.2.0/24, AS_PATH: 2, NEXT_HOP: 192.0.2.21, via 192.0.2.2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2.0.3.1/32, AS_PATH: 2, NEXT_HOP: 192.0.2.66, via 192.0.2.2
+  std comms: 65530:4, 65535:65281, 65535:666
+  ext comms:
+  lrg comms: 999:65530:4
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2.0.3.2/32, AS_PATH: 2, NEXT_HOP: 192.0.2.66, via 192.0.2.2
+  std comms: 65530:4, 65535:65281, 65535:666
+  ext comms:
+  lrg comms: 999:65530:4
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2.0.3.3/32, AS_PATH: 2, NEXT_HOP: 192.0.2.66, via 192.0.2.2
+  std comms: 65530:4, 65535:65281, 65535:666
+  ext comms:
+  lrg comms: 999:65530:4
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2.0.4.0/24, AS_PATH: 2, NEXT_HOP: 192.0.2.22, via 192.0.2.2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+222.2.2.0/24, AS_PATH: 222 333, NEXT_HOP: 192.0.2.222, via 192.0.2.2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+222.3.3.0/24, AS_PATH: 222 333, NEXT_HOP: 192.0.2.222, via 192.0.2.2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+3.0.10.0/24, AS_PATH: 3 3 3 3, NEXT_HOP: 192.0.2.31, via 192.0.2.2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+3.0.11.0/24, AS_PATH: 3, NEXT_HOP: 192.0.2.31, via 192.0.2.2
+  std comms: 65535:65281
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+3.0.12.0/24, AS_PATH: 3, NEXT_HOP: 192.0.2.31, via 192.0.2.2
+  std comms: 65535:65281
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+3.0.13.0/24, AS_PATH: 3, NEXT_HOP: 192.0.2.31, via 192.0.2.2
+  std comms: 65535:65281
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+3.0.2.0/24, AS_PATH: 3, NEXT_HOP: 192.0.2.31, via 192.0.2.2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+3.0.5.0/24, AS_PATH: 3 3, NEXT_HOP: 192.0.2.31, via 192.0.2.2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+3.0.6.0/24, AS_PATH: 3 3 3, NEXT_HOP: 192.0.2.31, via 192.0.2.2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+3.0.7.0/24, AS_PATH: 3 3 3 3, NEXT_HOP: 192.0.2.31, via 192.0.2.2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+3.0.8.0/24, AS_PATH: 3 3, NEXT_HOP: 192.0.2.31, via 192.0.2.2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+3.0.9.0/24, AS_PATH: 3, NEXT_HOP: 192.0.2.31, via 192.0.2.2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+4.0.1.0/24, AS_PATH: 4, NEXT_HOP: 192.0.2.41, via 192.0.2.2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+4.0.10.0/24, AS_PATH: 4, NEXT_HOP: 192.0.2.41, via 192.0.2.2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+4.0.2.0/24, AS_PATH: 4, NEXT_HOP: 192.0.2.41, via 192.0.2.2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+4.0.3.0/24, AS_PATH: 4, NEXT_HOP: 192.0.2.41, via 192.0.2.2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+4.0.4.0/24, AS_PATH: 4, NEXT_HOP: 192.0.2.41, via 192.0.2.2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+4.0.5.0/24, AS_PATH: 4, NEXT_HOP: 192.0.2.41, via 192.0.2.2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+4.0.7.1/32, AS_PATH: 4, NEXT_HOP: 192.0.2.66, via 192.0.2.2
+  std comms: 65530:4, 65535:65281, 65535:666
+  ext comms:
+  lrg comms: 999:65530:4
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+4.0.8.0/24, AS_PATH: 4, NEXT_HOP: 192.0.2.41, via 192.0.2.2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+4.0.9.0/24, AS_PATH: 4 4 4 4, NEXT_HOP: 192.0.2.41, via 192.0.2.2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
diff --git a/tests/live_tests/scenarios/global/routes/BasicScenario_OpenBGPDIPv4/openbgpd77p/AS1_2.txt b/tests/live_tests/scenarios/global/routes/BasicScenario_OpenBGPDIPv4/openbgpd77p/AS1_2.txt
new file mode 100644
index 00000000..8642e190
--- /dev/null
+++ b/tests/live_tests/scenarios/global/routes/BasicScenario_OpenBGPDIPv4/openbgpd77p/AS1_2.txt
@@ -0,0 +1,322 @@
+101.0.1.0/24, AS_PATH: 101, NEXT_HOP: 192.0.2.101, via 192.0.2.101
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+101.0.10.0/24, AS_PATH: 101 666, NEXT_HOP: 192.0.2.101, via 192.0.2.101
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+101.0.11.0/24, AS_PATH: 101 777, NEXT_HOP: 192.0.2.101, via 192.0.2.101
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+101.0.128.0/24, AS_PATH: 101, NEXT_HOP: 192.0.2.101, via 192.0.2.101
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+101.0.128.1/32, AS_PATH: 101, NEXT_HOP: 192.0.2.101, via 192.0.2.101
+  std comms: 65535:666
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+101.0.2.0/24, AS_PATH: 101, NEXT_HOP: 192.0.2.101, via 192.0.2.101
+  std comms: 65530:0
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+101.0.3.0/24, AS_PATH: 101, NEXT_HOP: 192.0.2.101, via 192.0.2.101
+  std comms:
+  ext comms:
+  lrg comms: 999:65530:0
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+101.0.4.0/24, AS_PATH: 101, NEXT_HOP: 192.0.2.101, via 192.0.2.101
+  std comms: 888:0
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+101.0.5.0/24, AS_PATH: 101, NEXT_HOP: 192.0.2.101, via 192.0.2.101
+  std comms:
+  ext comms:
+  lrg comms: 888:0:0
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+101.0.6.0/24, AS_PATH: 101, NEXT_HOP: 192.0.2.101, via 192.0.2.101
+  std comms: 65530:1, 777:0
+  ext comms:
+  lrg comms: 777:0:0, 999:65530:1
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+101.0.7.0/24, AS_PATH: 101 174, NEXT_HOP: 192.0.2.101, via 192.0.2.101
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+101.0.8.0/24, AS_PATH: 101, NEXT_HOP: 192.0.2.101, via 192.0.2.101
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+101.0.9.0/24, AS_PATH: 101, NEXT_HOP: 192.0.2.101, via 192.0.2.101
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+101.1.0.0/24, AS_PATH: 101, NEXT_HOP: 192.0.2.101, via 192.0.2.101
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+101.2.0.0/17, AS_PATH: 101, NEXT_HOP: 192.0.2.101, via 192.0.2.101
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+101.2.1.0/24, AS_PATH: 101, NEXT_HOP: 192.0.2.101, via 192.0.2.101
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+101.2.128.0/24, AS_PATH: 101, NEXT_HOP: 192.0.2.101, via 192.0.2.101
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+101.3.0.0/24, AS_PATH: 101 105, NEXT_HOP: 192.0.2.101, via 192.0.2.101
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+102.0.1.0/24, AS_PATH: 101 102, NEXT_HOP: 192.0.2.101, via 192.0.2.101
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+103.0.1.0/24, AS_PATH: 101 103, NEXT_HOP: 192.0.2.101, via 192.0.2.101
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+103.0.2.0/24, AS_PATH: 101 101 103, NEXT_HOP: 192.0.2.101, via 192.0.2.101
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+104.0.1.0/24, AS_PATH: 101 104, NEXT_HOP: 192.0.2.101, via 192.0.2.101
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+104.1.1.0/24, AS_PATH: 101 104, NEXT_HOP: 192.0.2.101, via 192.0.2.101
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2.0.1.0/24, AS_PATH: 2, NEXT_HOP: 192.0.2.21, via 192.0.2.2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2.0.2.0/24, AS_PATH: 2, NEXT_HOP: 192.0.2.21, via 192.0.2.2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2.0.4.0/24, AS_PATH: 2, NEXT_HOP: 192.0.2.22, via 192.0.2.2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+222.2.2.0/24, AS_PATH: 222 333, NEXT_HOP: 192.0.2.222, via 192.0.2.2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+222.3.3.0/24, AS_PATH: 222 333, NEXT_HOP: 192.0.2.222, via 192.0.2.2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+3.0.10.0/24, AS_PATH: 3 3 3 3, NEXT_HOP: 192.0.2.31, via 192.0.2.2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+3.0.11.0/24, AS_PATH: 3, NEXT_HOP: 192.0.2.31, via 192.0.2.2
+  std comms: 65535:65281
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+3.0.12.0/24, AS_PATH: 3, NEXT_HOP: 192.0.2.31, via 192.0.2.2
+  std comms: 65535:65281
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+3.0.13.0/24, AS_PATH: 3, NEXT_HOP: 192.0.2.31, via 192.0.2.2
+  std comms: 65535:65281
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+3.0.2.0/24, AS_PATH: 3, NEXT_HOP: 192.0.2.31, via 192.0.2.2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+3.0.5.0/24, AS_PATH: 3 3, NEXT_HOP: 192.0.2.31, via 192.0.2.2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+3.0.6.0/24, AS_PATH: 3 3 3, NEXT_HOP: 192.0.2.31, via 192.0.2.2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+3.0.7.0/24, AS_PATH: 3 3 3 3, NEXT_HOP: 192.0.2.31, via 192.0.2.2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+3.0.8.0/24, AS_PATH: 3 3, NEXT_HOP: 192.0.2.31, via 192.0.2.2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+3.0.9.0/24, AS_PATH: 3, NEXT_HOP: 192.0.2.31, via 192.0.2.2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+4.0.1.0/24, AS_PATH: 4, NEXT_HOP: 192.0.2.41, via 192.0.2.2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+4.0.10.0/24, AS_PATH: 4, NEXT_HOP: 192.0.2.41, via 192.0.2.2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+4.0.2.0/24, AS_PATH: 4, NEXT_HOP: 192.0.2.41, via 192.0.2.2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+4.0.3.0/24, AS_PATH: 4, NEXT_HOP: 192.0.2.41, via 192.0.2.2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+4.0.4.0/24, AS_PATH: 4, NEXT_HOP: 192.0.2.41, via 192.0.2.2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+4.0.5.0/24, AS_PATH: 4, NEXT_HOP: 192.0.2.41, via 192.0.2.2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+4.0.8.0/24, AS_PATH: 4, NEXT_HOP: 192.0.2.41, via 192.0.2.2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+4.0.9.0/24, AS_PATH: 4 4 4 4, NEXT_HOP: 192.0.2.41, via 192.0.2.2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
diff --git a/tests/live_tests/scenarios/global/routes/BasicScenario_OpenBGPDIPv4/openbgpd77p/AS2.txt b/tests/live_tests/scenarios/global/routes/BasicScenario_OpenBGPDIPv4/openbgpd77p/AS2.txt
new file mode 100644
index 00000000..23715fb7
--- /dev/null
+++ b/tests/live_tests/scenarios/global/routes/BasicScenario_OpenBGPDIPv4/openbgpd77p/AS2.txt
@@ -0,0 +1,406 @@
+1.0.1.0/24, AS_PATH: 1, NEXT_HOP: 192.0.2.11, via 192.0.2.2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+1.0.2.0/24, AS_PATH: 1, NEXT_HOP: 192.0.2.11, via 192.0.2.2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+1.0.3.0/24, AS_PATH: 1, NEXT_HOP: 192.0.2.11, via 192.0.2.2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+101.0.1.0/24, AS_PATH: 1 101, NEXT_HOP: 192.0.2.11, via 192.0.2.2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: False, LOCAL_PREF: 100
+  filtered: False ()
+
+101.0.1.0/24, AS_PATH: 101, NEXT_HOP: 192.0.2.101, via 192.0.2.101
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+101.0.10.0/24, AS_PATH: 101 666, NEXT_HOP: 192.0.2.101, via 192.0.2.101
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+101.0.11.0/24, AS_PATH: 101 777, NEXT_HOP: 192.0.2.101, via 192.0.2.101
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+101.0.128.0/24, AS_PATH: 101, NEXT_HOP: 192.0.2.101, via 192.0.2.101
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+101.0.128.1/32, AS_PATH: 1 101, NEXT_HOP: 192.0.2.66, via 192.0.2.2
+  std comms: 65530:4, 65535:65281, 65535:666
+  ext comms:
+  lrg comms: 999:65530:4
+  best: False, LOCAL_PREF: 100
+  filtered: False ()
+
+101.0.128.1/32, AS_PATH: 101, NEXT_HOP: 192.0.2.101, via 192.0.2.101
+  std comms: 65535:666
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+101.0.2.0/24, AS_PATH: 1 101, NEXT_HOP: 192.0.2.11, via 192.0.2.2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: False, LOCAL_PREF: 100
+  filtered: False ()
+
+101.0.2.0/24, AS_PATH: 101, NEXT_HOP: 192.0.2.101, via 192.0.2.101
+  std comms: 65530:0
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+101.0.3.0/24, AS_PATH: 1 101, NEXT_HOP: 192.0.2.11, via 192.0.2.2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: False, LOCAL_PREF: 100
+  filtered: False ()
+
+101.0.3.0/24, AS_PATH: 101, NEXT_HOP: 192.0.2.101, via 192.0.2.101
+  std comms:
+  ext comms:
+  lrg comms: 999:65530:0
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+101.0.4.0/24, AS_PATH: 1 101, NEXT_HOP: 192.0.2.11, via 192.0.2.2
+  std comms: 888:0
+  ext comms:
+  lrg comms:
+  best: False, LOCAL_PREF: 100
+  filtered: False ()
+
+101.0.4.0/24, AS_PATH: 101, NEXT_HOP: 192.0.2.101, via 192.0.2.101
+  std comms: 888:0
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+101.0.5.0/24, AS_PATH: 1 101, NEXT_HOP: 192.0.2.11, via 192.0.2.2
+  std comms:
+  ext comms:
+  lrg comms: 888:0:0
+  best: False, LOCAL_PREF: 100
+  filtered: False ()
+
+101.0.5.0/24, AS_PATH: 101, NEXT_HOP: 192.0.2.101, via 192.0.2.101
+  std comms:
+  ext comms:
+  lrg comms: 888:0:0
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+101.0.6.0/24, AS_PATH: 1 101, NEXT_HOP: 192.0.2.11, via 192.0.2.2
+  std comms: 777:0
+  ext comms:
+  lrg comms: 777:0:0
+  best: False, LOCAL_PREF: 100
+  filtered: False ()
+
+101.0.6.0/24, AS_PATH: 101, NEXT_HOP: 192.0.2.101, via 192.0.2.101
+  std comms: 65530:1, 777:0
+  ext comms:
+  lrg comms: 777:0:0, 999:65530:1
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+101.0.7.0/24, AS_PATH: 101 174, NEXT_HOP: 192.0.2.101, via 192.0.2.101
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+101.0.8.0/24, AS_PATH: 1 101, NEXT_HOP: 192.0.2.11, via 192.0.2.2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: False, LOCAL_PREF: 100
+  filtered: False ()
+
+101.0.8.0/24, AS_PATH: 101, NEXT_HOP: 192.0.2.101, via 192.0.2.101
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+101.0.9.0/24, AS_PATH: 101, NEXT_HOP: 192.0.2.101, via 192.0.2.101
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+101.1.0.0/24, AS_PATH: 101, NEXT_HOP: 192.0.2.101, via 192.0.2.101
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+101.2.0.0/17, AS_PATH: 1 101, NEXT_HOP: 192.0.2.11, via 192.0.2.2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: False, LOCAL_PREF: 100
+  filtered: False ()
+
+101.2.0.0/17, AS_PATH: 101, NEXT_HOP: 192.0.2.101, via 192.0.2.101
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+101.2.1.0/24, AS_PATH: 101, NEXT_HOP: 192.0.2.101, via 192.0.2.101
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+101.2.128.0/24, AS_PATH: 1 101, NEXT_HOP: 192.0.2.11, via 192.0.2.2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: False, LOCAL_PREF: 100
+  filtered: False ()
+
+101.2.128.0/24, AS_PATH: 101, NEXT_HOP: 192.0.2.101, via 192.0.2.101
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+101.3.0.0/24, AS_PATH: 101 105, NEXT_HOP: 192.0.2.101, via 192.0.2.101
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+102.0.1.0/24, AS_PATH: 101 102, NEXT_HOP: 192.0.2.101, via 192.0.2.101
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+103.0.1.0/24, AS_PATH: 101 101 103, NEXT_HOP: 192.0.2.101, via 192.0.2.101
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+103.0.2.0/24, AS_PATH: 101 103, NEXT_HOP: 192.0.2.101, via 192.0.2.101
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+104.0.1.0/24, AS_PATH: 1 101 104, NEXT_HOP: 192.0.2.11, via 192.0.2.2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: False, LOCAL_PREF: 100
+  filtered: False ()
+
+104.0.1.0/24, AS_PATH: 101 104, NEXT_HOP: 192.0.2.101, via 192.0.2.101
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+104.1.1.0/24, AS_PATH: 1 101 104, NEXT_HOP: 192.0.2.11, via 192.0.2.2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: False, LOCAL_PREF: 100
+  filtered: False ()
+
+104.1.1.0/24, AS_PATH: 101 104, NEXT_HOP: 192.0.2.101, via 192.0.2.101
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+11.1.1.0/24, AS_PATH: 1 1011, NEXT_HOP: 192.0.2.11, via 192.0.2.2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+11.3.0.0/16, AS_PATH: 1 1011, NEXT_HOP: 192.0.2.11, via 192.0.2.2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+11.4.1.0/24, AS_PATH: 1 1000, NEXT_HOP: 192.0.2.11, via 192.0.2.2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+222.2.2.0/24, AS_PATH: 222 333, NEXT_HOP: 192.0.2.222, via 192.0.2.2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+222.3.3.0/24, AS_PATH: 222 333, NEXT_HOP: 192.0.2.222, via 192.0.2.2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+3.0.10.0/24, AS_PATH: 3 3, NEXT_HOP: 192.0.2.31, via 192.0.2.2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+3.0.11.0/24, AS_PATH: 3, NEXT_HOP: 192.0.2.31, via 192.0.2.2
+  std comms: 65535:65281
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+3.0.12.0/24, AS_PATH: 3 3 3 3, NEXT_HOP: 192.0.2.31, via 192.0.2.2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+3.0.13.0/24, AS_PATH: 3, NEXT_HOP: 192.0.2.31, via 192.0.2.2
+  std comms: 65535:65281
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+3.0.3.0/24, AS_PATH: 3, NEXT_HOP: 192.0.2.31, via 192.0.2.2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+3.0.5.0/24, AS_PATH: 3 3, NEXT_HOP: 192.0.2.31, via 192.0.2.2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+3.0.6.0/24, AS_PATH: 3 3 3, NEXT_HOP: 192.0.2.31, via 192.0.2.2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+3.0.7.0/24, AS_PATH: 3 3 3 3, NEXT_HOP: 192.0.2.31, via 192.0.2.2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+3.0.8.0/24, AS_PATH: 3, NEXT_HOP: 192.0.2.31, via 192.0.2.2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+3.0.9.0/24, AS_PATH: 3 3 3, NEXT_HOP: 192.0.2.31, via 192.0.2.2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+4.0.10.0/24, AS_PATH: 4 4, NEXT_HOP: 192.0.2.41, via 192.0.2.2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+4.0.6.0/24, AS_PATH: 4, NEXT_HOP: 192.0.2.41, via 192.0.2.2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+4.0.7.1/32, AS_PATH: 4, NEXT_HOP: 192.0.2.66, via 192.0.2.2
+  std comms: 65530:4, 65535:65281, 65535:666
+  ext comms:
+  lrg comms: 999:65530:4
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+4.0.8.0/24, AS_PATH: 4 4 4, NEXT_HOP: 192.0.2.41, via 192.0.2.2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+4.0.9.0/24, AS_PATH: 4 4 4, NEXT_HOP: 192.0.2.41, via 192.0.2.2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
diff --git a/tests/live_tests/scenarios/global/routes/BasicScenario_OpenBGPDIPv4/openbgpd77p/AS222.txt b/tests/live_tests/scenarios/global/routes/BasicScenario_OpenBGPDIPv4/openbgpd77p/AS222.txt
new file mode 100644
index 00000000..e69de29b
diff --git a/tests/live_tests/scenarios/global/routes/BasicScenario_OpenBGPDIPv4/openbgpd77p/AS3.txt b/tests/live_tests/scenarios/global/routes/BasicScenario_OpenBGPDIPv4/openbgpd77p/AS3.txt
new file mode 100644
index 00000000..23711ab8
--- /dev/null
+++ b/tests/live_tests/scenarios/global/routes/BasicScenario_OpenBGPDIPv4/openbgpd77p/AS3.txt
@@ -0,0 +1,322 @@
+1.0.1.0/24, AS_PATH: 999 1, NEXT_HOP: 192.0.2.11, via 192.0.2.2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 101
+  filtered: False ()
+
+1.0.1.0/24, AS_PATH: 999 1, NEXT_HOP: 192.0.2.12, via 192.0.2.2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: False, LOCAL_PREF: 101
+  filtered: False ()
+
+1.0.2.0/24, AS_PATH: 999 1, NEXT_HOP: 192.0.2.11, via 192.0.2.2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 101
+  filtered: False ()
+
+1.0.2.0/24, AS_PATH: 999 1, NEXT_HOP: 192.0.2.12, via 192.0.2.2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: False, LOCAL_PREF: 101
+  filtered: False ()
+
+1.0.3.0/24, AS_PATH: 999 1, NEXT_HOP: 192.0.2.11, via 192.0.2.2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 101
+  filtered: False ()
+
+101.0.1.0/24, AS_PATH: 999 1 101, NEXT_HOP: 192.0.2.11, via 192.0.2.2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 101
+  filtered: False ()
+
+101.0.1.0/24, AS_PATH: 999 2 101, NEXT_HOP: 192.0.2.21, via 192.0.2.2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: False, LOCAL_PREF: 100
+  filtered: False ()
+
+101.0.128.1/32, AS_PATH: 999 1 101, NEXT_HOP: 192.0.2.66, via 192.0.2.2
+  std comms: 65530:4, 65535:65281, 65535:666
+  ext comms:
+  lrg comms: 999:65530:4
+  best: True, LOCAL_PREF: 101
+  filtered: False ()
+
+101.0.128.1/32, AS_PATH: 999 2 101, NEXT_HOP: 192.0.2.66, via 192.0.2.2
+  std comms: 65530:4, 65535:65281, 65535:666
+  ext comms:
+  lrg comms: 999:65530:4
+  best: False, LOCAL_PREF: 100
+  filtered: False ()
+
+101.0.2.0/24, AS_PATH: 999 1 101, NEXT_HOP: 192.0.2.11, via 192.0.2.2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 101
+  filtered: False ()
+
+101.0.2.0/24, AS_PATH: 999 2 101, NEXT_HOP: 192.0.2.21, via 192.0.2.2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: False, LOCAL_PREF: 100
+  filtered: False ()
+
+101.0.3.0/24, AS_PATH: 999 1 101, NEXT_HOP: 192.0.2.11, via 192.0.2.2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 101
+  filtered: False ()
+
+101.0.3.0/24, AS_PATH: 999 2 101, NEXT_HOP: 192.0.2.21, via 192.0.2.2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: False, LOCAL_PREF: 100
+  filtered: False ()
+
+101.0.4.0/24, AS_PATH: 999 1 101, NEXT_HOP: 192.0.2.11, via 192.0.2.2
+  std comms: 888:0
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 101
+  filtered: False ()
+
+101.0.4.0/24, AS_PATH: 999 2 101, NEXT_HOP: 192.0.2.21, via 192.0.2.2
+  std comms: 888:0
+  ext comms:
+  lrg comms:
+  best: False, LOCAL_PREF: 100
+  filtered: False ()
+
+101.0.5.0/24, AS_PATH: 999 1 101, NEXT_HOP: 192.0.2.11, via 192.0.2.2
+  std comms:
+  ext comms:
+  lrg comms: 888:0:0
+  best: True, LOCAL_PREF: 101
+  filtered: False ()
+
+101.0.5.0/24, AS_PATH: 999 2 101, NEXT_HOP: 192.0.2.21, via 192.0.2.2
+  std comms:
+  ext comms:
+  lrg comms: 888:0:0
+  best: False, LOCAL_PREF: 100
+  filtered: False ()
+
+101.0.6.0/24, AS_PATH: 999 1 101, NEXT_HOP: 192.0.2.11, via 192.0.2.2
+  std comms: 777:0
+  ext comms:
+  lrg comms: 777:0:0
+  best: True, LOCAL_PREF: 101
+  filtered: False ()
+
+101.0.6.0/24, AS_PATH: 999 2 101, NEXT_HOP: 192.0.2.21, via 192.0.2.2
+  std comms: 777:0
+  ext comms:
+  lrg comms: 777:0:0
+  best: False, LOCAL_PREF: 100
+  filtered: False ()
+
+101.0.8.0/24, AS_PATH: 999 1 101, NEXT_HOP: 192.0.2.11, via 192.0.2.2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 101
+  filtered: False ()
+
+101.0.8.0/24, AS_PATH: 999 2 101, NEXT_HOP: 192.0.2.21, via 192.0.2.2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: False, LOCAL_PREF: 100
+  filtered: False ()
+
+101.2.0.0/17, AS_PATH: 999 1 101, NEXT_HOP: 192.0.2.11, via 192.0.2.2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 101
+  filtered: False ()
+
+101.2.0.0/17, AS_PATH: 999 2 101, NEXT_HOP: 192.0.2.21, via 192.0.2.2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: False, LOCAL_PREF: 100
+  filtered: False ()
+
+101.2.128.0/24, AS_PATH: 999 1 101, NEXT_HOP: 192.0.2.11, via 192.0.2.2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 101
+  filtered: False ()
+
+101.2.128.0/24, AS_PATH: 999 2 101, NEXT_HOP: 192.0.2.21, via 192.0.2.2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: False, LOCAL_PREF: 100
+  filtered: False ()
+
+103.0.1.0/24, AS_PATH: 999 1 101 103, NEXT_HOP: 192.0.2.11, via 192.0.2.2
+  std comms: 65535:0
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 101
+  filtered: False ()
+
+103.0.1.0/24, AS_PATH: 999 2 101 101 103, NEXT_HOP: 192.0.2.21, via 192.0.2.2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: False, LOCAL_PREF: 100
+  filtered: False ()
+
+103.0.2.0/24, AS_PATH: 999 1 101 101 103, NEXT_HOP: 192.0.2.11, via 192.0.2.2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 101
+  filtered: False ()
+
+103.0.2.0/24, AS_PATH: 999 2 101 103, NEXT_HOP: 192.0.2.21, via 192.0.2.2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: False, LOCAL_PREF: 100
+  filtered: False ()
+
+104.0.1.0/24, AS_PATH: 999 1 101 104, NEXT_HOP: 192.0.2.11, via 192.0.2.2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 101
+  filtered: False ()
+
+104.1.1.0/24, AS_PATH: 999 1 101 104, NEXT_HOP: 192.0.2.11, via 192.0.2.2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 101
+  filtered: False ()
+
+11.1.1.0/24, AS_PATH: 999 1 1011, NEXT_HOP: 192.0.2.11, via 192.0.2.2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 101
+  filtered: False ()
+
+11.3.0.0/16, AS_PATH: 999 1 1011, NEXT_HOP: 192.0.2.11, via 192.0.2.2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 101
+  filtered: False ()
+
+11.4.1.0/24, AS_PATH: 999 1 1000, NEXT_HOP: 192.0.2.11, via 192.0.2.2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 101
+  filtered: False ()
+
+2.0.1.0/24, AS_PATH: 999 2, NEXT_HOP: 192.0.2.21, via 192.0.2.2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2.0.2.0/24, AS_PATH: 999 2, NEXT_HOP: 192.0.2.21, via 192.0.2.2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2.0.3.1/32, AS_PATH: 999 2, NEXT_HOP: 192.0.2.66, via 192.0.2.2
+  std comms: 65530:4, 65535:65281, 65535:666
+  ext comms:
+  lrg comms: 999:65530:4
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2.0.3.2/32, AS_PATH: 999 2, NEXT_HOP: 192.0.2.66, via 192.0.2.2
+  std comms: 65530:4, 65535:65281, 65535:666
+  ext comms:
+  lrg comms: 999:65530:4
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2.0.3.3/32, AS_PATH: 999 2, NEXT_HOP: 192.0.2.66, via 192.0.2.2
+  std comms: 65530:4, 65535:65281, 65535:666
+  ext comms:
+  lrg comms: 999:65530:4
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2.0.4.0/24, AS_PATH: 999 2, NEXT_HOP: 192.0.2.22, via 192.0.2.2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+222.2.2.0/24, AS_PATH: 999 222 333, NEXT_HOP: 192.0.2.222, via 192.0.2.2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+222.3.3.0/24, AS_PATH: 999 222 333, NEXT_HOP: 192.0.2.222, via 192.0.2.2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+4.0.10.0/24, AS_PATH: 999 4 4 4, NEXT_HOP: 192.0.2.41, via 192.0.2.2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+4.0.5.0/24, AS_PATH: 999 4, NEXT_HOP: 192.0.2.41, via 192.0.2.2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+4.0.8.0/24, AS_PATH: 999 4 4 4 4, NEXT_HOP: 192.0.2.41, via 192.0.2.2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+4.0.9.0/24, AS_PATH: 999 4 4, NEXT_HOP: 192.0.2.41, via 192.0.2.2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
diff --git a/tests/live_tests/scenarios/global/routes/BasicScenario_OpenBGPDIPv4/openbgpd77p/AS4.txt b/tests/live_tests/scenarios/global/routes/BasicScenario_OpenBGPDIPv4/openbgpd77p/AS4.txt
new file mode 100644
index 00000000..6bbc453d
--- /dev/null
+++ b/tests/live_tests/scenarios/global/routes/BasicScenario_OpenBGPDIPv4/openbgpd77p/AS4.txt
@@ -0,0 +1,266 @@
+1.0.1.0/24, AS_PATH: 1, NEXT_HOP: 192.0.2.11, via 192.0.2.2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+1.0.2.0/24, AS_PATH: 1, NEXT_HOP: 192.0.2.11, via 192.0.2.2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+1.0.3.0/24, AS_PATH: 1, NEXT_HOP: 192.0.2.11, via 192.0.2.2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+101.0.1.0/24, AS_PATH: 1 101, NEXT_HOP: 192.0.2.11, via 192.0.2.2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+101.0.128.1/32, AS_PATH: 1 101, NEXT_HOP: 192.0.2.66, via 192.0.2.2
+  std comms: 65530:4, 65535:65281, 65535:666
+  ext comms:
+  lrg comms: 999:65530:4
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+101.0.2.0/24, AS_PATH: 1 101, NEXT_HOP: 192.0.2.11, via 192.0.2.2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+101.0.3.0/24, AS_PATH: 1 101, NEXT_HOP: 192.0.2.11, via 192.0.2.2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+101.0.4.0/24, AS_PATH: 1 101, NEXT_HOP: 192.0.2.11, via 192.0.2.2
+  std comms: 888:0
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+101.0.5.0/24, AS_PATH: 1 101, NEXT_HOP: 192.0.2.11, via 192.0.2.2
+  std comms:
+  ext comms:
+  lrg comms: 888:0:0
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+101.0.6.0/24, AS_PATH: 1 101, NEXT_HOP: 192.0.2.11, via 192.0.2.2
+  std comms: 777:0
+  ext comms:
+  lrg comms: 777:0:0
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+101.0.8.0/24, AS_PATH: 1 101, NEXT_HOP: 192.0.2.11, via 192.0.2.2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+101.2.0.0/17, AS_PATH: 1 101, NEXT_HOP: 192.0.2.11, via 192.0.2.2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+101.2.128.0/24, AS_PATH: 1 101, NEXT_HOP: 192.0.2.11, via 192.0.2.2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+103.0.1.0/24, AS_PATH: 2 101 101 103, NEXT_HOP: 192.0.2.21, via 192.0.2.2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+103.0.2.0/24, AS_PATH: 2 101 103, NEXT_HOP: 192.0.2.21, via 192.0.2.2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+104.0.1.0/24, AS_PATH: 1 101 104, NEXT_HOP: 192.0.2.11, via 192.0.2.2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+104.1.1.0/24, AS_PATH: 1 101 104, NEXT_HOP: 192.0.2.11, via 192.0.2.2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+11.1.1.0/24, AS_PATH: 1 1011, NEXT_HOP: 192.0.2.11, via 192.0.2.2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+11.3.0.0/16, AS_PATH: 1 1011, NEXT_HOP: 192.0.2.11, via 192.0.2.2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+11.4.1.0/24, AS_PATH: 1 1000, NEXT_HOP: 192.0.2.11, via 192.0.2.2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2.0.1.0/24, AS_PATH: 2, NEXT_HOP: 192.0.2.21, via 192.0.2.2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2.0.2.0/24, AS_PATH: 2, NEXT_HOP: 192.0.2.21, via 192.0.2.2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2.0.3.1/32, AS_PATH: 2, NEXT_HOP: 192.0.2.66, via 192.0.2.2
+  std comms: 65530:4, 65535:65281, 65535:666
+  ext comms:
+  lrg comms: 999:65530:4
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2.0.3.2/32, AS_PATH: 2, NEXT_HOP: 192.0.2.66, via 192.0.2.2
+  std comms: 65530:4, 65535:65281, 65535:666
+  ext comms:
+  lrg comms: 999:65530:4
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2.0.3.3/32, AS_PATH: 2, NEXT_HOP: 192.0.2.66, via 192.0.2.2
+  std comms: 65530:4, 65535:65281, 65535:666
+  ext comms:
+  lrg comms: 999:65530:4
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2.0.4.0/24, AS_PATH: 2, NEXT_HOP: 192.0.2.22, via 192.0.2.2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+222.2.2.0/24, AS_PATH: 222 333, NEXT_HOP: 192.0.2.222, via 192.0.2.2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+222.3.3.0/24, AS_PATH: 222 333, NEXT_HOP: 192.0.2.222, via 192.0.2.2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+3.0.10.0/24, AS_PATH: 3 3, NEXT_HOP: 192.0.2.31, via 192.0.2.2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+3.0.11.0/24, AS_PATH: 3, NEXT_HOP: 192.0.2.31, via 192.0.2.2
+  std comms: 65535:65281
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+3.0.12.0/24, AS_PATH: 3, NEXT_HOP: 192.0.2.31, via 192.0.2.2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+3.0.13.0/24, AS_PATH: 3, NEXT_HOP: 192.0.2.31, via 192.0.2.2
+  std comms: 65535:65281
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+3.0.3.0/24, AS_PATH: 3, NEXT_HOP: 192.0.2.31, via 192.0.2.2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+3.0.5.0/24, AS_PATH: 3 3, NEXT_HOP: 192.0.2.31, via 192.0.2.2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+3.0.6.0/24, AS_PATH: 3 3 3, NEXT_HOP: 192.0.2.31, via 192.0.2.2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+3.0.7.0/24, AS_PATH: 3 3 3 3, NEXT_HOP: 192.0.2.31, via 192.0.2.2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+3.0.8.0/24, AS_PATH: 3, NEXT_HOP: 192.0.2.31, via 192.0.2.2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+3.0.9.0/24, AS_PATH: 3, NEXT_HOP: 192.0.2.31, via 192.0.2.2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
diff --git a/tests/live_tests/scenarios/global/routes/BasicScenario_OpenBGPDIPv4/openbgpd77p/rs.txt b/tests/live_tests/scenarios/global/routes/BasicScenario_OpenBGPDIPv4/openbgpd77p/rs.txt
new file mode 100644
index 00000000..d26b2f1b
--- /dev/null
+++ b/tests/live_tests/scenarios/global/routes/BasicScenario_OpenBGPDIPv4/openbgpd77p/rs.txt
@@ -0,0 +1,847 @@
+0.0.0.0/0, AS_PATH: 3, NEXT_HOP: 192.0.2.31, via 192.0.2.31
+  std comms:
+  ext comms: rfc8097-not-found
+  lrg comms:
+  best: True, LOCAL_PREF: 1
+  filtered: True (2)
+
+1.0.1.0/24, AS_PATH: 1, NEXT_HOP: 192.0.2.11, via 192.0.2.11
+  std comms:
+  ext comms: rfc8097-not-found
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+1.0.1.0/24, AS_PATH: 1, NEXT_HOP: 192.0.2.12, via 192.0.2.12
+  std comms:
+  ext comms: rfc8097-not-found
+  lrg comms:
+  best: False, LOCAL_PREF: 100
+  filtered: False ()
+
+1.0.2.0/24, AS_PATH: 1, NEXT_HOP: 192.0.2.11, via 192.0.2.11
+  std comms:
+  ext comms: rfc8097-not-found
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+1.0.2.0/24, AS_PATH: 1, NEXT_HOP: 192.0.2.12, via 192.0.2.12
+  std comms:
+  ext comms: rfc8097-not-found
+  lrg comms:
+  best: False, LOCAL_PREF: 100
+  filtered: False ()
+
+1.0.3.0/24, AS_PATH: 1, NEXT_HOP: 192.0.2.11, via 192.0.2.12
+  std comms:
+  ext comms: rfc8097-not-found
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+10.0.0.0/24, AS_PATH: 1, NEXT_HOP: 192.0.2.11, via 192.0.2.11
+  std comms:
+  ext comms: rfc8097-not-found
+  lrg comms:
+  best: True, LOCAL_PREF: 1
+  filtered: True (2)
+
+101.0.1.0/24, AS_PATH: 1 101, NEXT_HOP: 192.0.2.101, via 192.0.2.12
+  std comms:
+  ext comms: rfc8097-not-found
+  lrg comms:
+  best: False, LOCAL_PREF: 1
+  filtered: True (5)
+
+101.0.1.0/24, AS_PATH: 1 101, NEXT_HOP: 192.0.2.11, via 192.0.2.11
+  std comms:
+  ext comms: rfc8097-not-found
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+101.0.1.0/24, AS_PATH: 2 101, NEXT_HOP: 192.0.2.21, via 192.0.2.21
+  std comms:
+  ext comms: rfc8097-not-found
+  lrg comms:
+  best: False, LOCAL_PREF: 100
+  filtered: False ()
+
+101.0.10.0/24, AS_PATH: 1 101 666, NEXT_HOP: 192.0.2.101, via 192.0.2.12
+  std comms:
+  ext comms: rfc8097-not-found
+  lrg comms:
+  best: False, LOCAL_PREF: 1
+  filtered: True (5)
+
+101.0.10.0/24, AS_PATH: 1 101 666, NEXT_HOP: 192.0.2.11, via 192.0.2.11
+  std comms:
+  ext comms: rfc8097-not-found
+  lrg comms:
+  best: True, LOCAL_PREF: 1
+  filtered: True (15)
+
+101.0.10.0/24, AS_PATH: 2 101 666, NEXT_HOP: 192.0.2.21, via 192.0.2.21
+  std comms:
+  ext comms: rfc8097-not-found
+  lrg comms:
+  best: False, LOCAL_PREF: 1
+  filtered: True (15)
+
+101.0.11.0/24, AS_PATH: 1 101 777, NEXT_HOP: 192.0.2.101, via 192.0.2.12
+  std comms:
+  ext comms: rfc8097-not-found
+  lrg comms:
+  best: False, LOCAL_PREF: 1
+  filtered: True (5)
+
+101.0.11.0/24, AS_PATH: 1 101 777, NEXT_HOP: 192.0.2.11, via 192.0.2.11
+  std comms:
+  ext comms: rfc8097-not-found
+  lrg comms:
+  best: True, LOCAL_PREF: 1
+  filtered: True (15)
+
+101.0.11.0/24, AS_PATH: 2 101 777, NEXT_HOP: 192.0.2.21, via 192.0.2.21
+  std comms:
+  ext comms: rfc8097-not-found
+  lrg comms:
+  best: False, LOCAL_PREF: 1
+  filtered: True (15)
+
+101.0.128.0/24, AS_PATH: 1 101, NEXT_HOP: 192.0.2.101, via 192.0.2.12
+  std comms:
+  ext comms: rfc8097-invalid
+  lrg comms:
+  best: False, LOCAL_PREF: 1
+  filtered: True (5)
+
+101.0.128.0/24, AS_PATH: 1 101, NEXT_HOP: 192.0.2.11, via 192.0.2.11
+  std comms:
+  ext comms: rfc8097-invalid
+  lrg comms:
+  best: True, LOCAL_PREF: 1
+  filtered: True (14)
+
+101.0.128.0/24, AS_PATH: 2 101, NEXT_HOP: 192.0.2.21, via 192.0.2.21
+  std comms:
+  ext comms: rfc8097-invalid
+  lrg comms:
+  best: False, LOCAL_PREF: 1
+  filtered: True (14)
+
+101.0.128.1/32, AS_PATH: 1 101, NEXT_HOP: 192.0.2.101, via 192.0.2.12
+  std comms: 65535:666
+  ext comms: rfc8097-invalid
+  lrg comms:
+  best: False, LOCAL_PREF: 1
+  filtered: True (5)
+
+101.0.128.1/32, AS_PATH: 1 101, NEXT_HOP: 192.0.2.11, via 192.0.2.11
+  std comms: 65530:4, 65535:666
+  ext comms: rfc8097-invalid
+  lrg comms: 999:65530:4
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+101.0.128.1/32, AS_PATH: 2 101, NEXT_HOP: 192.0.2.21, via 192.0.2.21
+  std comms: 65530:4, 65535:666
+  ext comms: rfc8097-invalid
+  lrg comms: 999:65530:4
+  best: False, LOCAL_PREF: 100
+  filtered: False ()
+
+101.0.2.0/24, AS_PATH: 1 101, NEXT_HOP: 192.0.2.101, via 192.0.2.12
+  std comms:
+  ext comms: rfc8097-not-found
+  lrg comms:
+  best: False, LOCAL_PREF: 1
+  filtered: True (5)
+
+101.0.2.0/24, AS_PATH: 1 101, NEXT_HOP: 192.0.2.11, via 192.0.2.11
+  std comms:
+  ext comms: rfc8097-not-found
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+101.0.2.0/24, AS_PATH: 2 101, NEXT_HOP: 192.0.2.21, via 192.0.2.21
+  std comms:
+  ext comms: rfc8097-not-found
+  lrg comms:
+  best: False, LOCAL_PREF: 100
+  filtered: False ()
+
+101.0.3.0/24, AS_PATH: 1 101, NEXT_HOP: 192.0.2.101, via 192.0.2.12
+  std comms:
+  ext comms: rfc8097-not-found
+  lrg comms:
+  best: False, LOCAL_PREF: 1
+  filtered: True (5)
+
+101.0.3.0/24, AS_PATH: 1 101, NEXT_HOP: 192.0.2.11, via 192.0.2.11
+  std comms:
+  ext comms: rfc8097-not-found
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+101.0.3.0/24, AS_PATH: 2 101, NEXT_HOP: 192.0.2.21, via 192.0.2.21
+  std comms:
+  ext comms: rfc8097-not-found
+  lrg comms:
+  best: False, LOCAL_PREF: 100
+  filtered: False ()
+
+101.0.4.0/24, AS_PATH: 1 101, NEXT_HOP: 192.0.2.101, via 192.0.2.12
+  std comms: 888:0
+  ext comms: rfc8097-not-found
+  lrg comms:
+  best: False, LOCAL_PREF: 1
+  filtered: True (5)
+
+101.0.4.0/24, AS_PATH: 1 101, NEXT_HOP: 192.0.2.11, via 192.0.2.11
+  std comms: 888:0
+  ext comms: rfc8097-not-found
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+101.0.4.0/24, AS_PATH: 2 101, NEXT_HOP: 192.0.2.21, via 192.0.2.21
+  std comms: 888:0
+  ext comms: rfc8097-not-found
+  lrg comms:
+  best: False, LOCAL_PREF: 100
+  filtered: False ()
+
+101.0.5.0/24, AS_PATH: 1 101, NEXT_HOP: 192.0.2.101, via 192.0.2.12
+  std comms:
+  ext comms: rfc8097-not-found
+  lrg comms: 888:0:0
+  best: False, LOCAL_PREF: 1
+  filtered: True (5)
+
+101.0.5.0/24, AS_PATH: 1 101, NEXT_HOP: 192.0.2.11, via 192.0.2.11
+  std comms:
+  ext comms: rfc8097-not-found
+  lrg comms: 888:0:0
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+101.0.5.0/24, AS_PATH: 2 101, NEXT_HOP: 192.0.2.21, via 192.0.2.21
+  std comms:
+  ext comms: rfc8097-not-found
+  lrg comms: 888:0:0
+  best: False, LOCAL_PREF: 100
+  filtered: False ()
+
+101.0.6.0/24, AS_PATH: 1 101, NEXT_HOP: 192.0.2.101, via 192.0.2.12
+  std comms: 777:0
+  ext comms: rfc8097-not-found
+  lrg comms: 777:0:0
+  best: False, LOCAL_PREF: 1
+  filtered: True (5)
+
+101.0.6.0/24, AS_PATH: 1 101, NEXT_HOP: 192.0.2.11, via 192.0.2.11
+  std comms: 777:0
+  ext comms: rfc8097-not-found
+  lrg comms: 777:0:0
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+101.0.6.0/24, AS_PATH: 2 101, NEXT_HOP: 192.0.2.21, via 192.0.2.21
+  std comms: 777:0
+  ext comms: rfc8097-not-found
+  lrg comms: 777:0:0
+  best: False, LOCAL_PREF: 100
+  filtered: False ()
+
+101.0.7.0/24, AS_PATH: 1 101 174, NEXT_HOP: 192.0.2.101, via 192.0.2.12
+  std comms:
+  ext comms: rfc8097-not-found
+  lrg comms:
+  best: False, LOCAL_PREF: 1
+  filtered: True (5)
+
+101.0.7.0/24, AS_PATH: 1 101 174, NEXT_HOP: 192.0.2.11, via 192.0.2.11
+  std comms:
+  ext comms: rfc8097-not-found
+  lrg comms:
+  best: True, LOCAL_PREF: 1
+  filtered: True (8)
+
+101.0.7.0/24, AS_PATH: 2 101 174, NEXT_HOP: 192.0.2.21, via 192.0.2.21
+  std comms:
+  ext comms: rfc8097-not-found
+  lrg comms:
+  best: False, LOCAL_PREF: 1
+  filtered: True (8)
+
+101.0.8.0/24, AS_PATH: 1 101, NEXT_HOP: 192.0.2.101, via 192.0.2.12
+  std comms:
+  ext comms: rfc8097-valid
+  lrg comms:
+  best: False, LOCAL_PREF: 1
+  filtered: True (5)
+
+101.0.8.0/24, AS_PATH: 1 101, NEXT_HOP: 192.0.2.11, via 192.0.2.11
+  std comms:
+  ext comms: rfc8097-valid
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+101.0.8.0/24, AS_PATH: 2 101, NEXT_HOP: 192.0.2.21, via 192.0.2.21
+  std comms:
+  ext comms: rfc8097-valid
+  lrg comms:
+  best: False, LOCAL_PREF: 100
+  filtered: False ()
+
+101.0.9.0/24, AS_PATH: 1 101, NEXT_HOP: 192.0.2.101, via 192.0.2.12
+  std comms:
+  ext comms: rfc8097-invalid
+  lrg comms:
+  best: False, LOCAL_PREF: 1
+  filtered: True (5)
+
+101.0.9.0/24, AS_PATH: 1 101, NEXT_HOP: 192.0.2.11, via 192.0.2.11
+  std comms:
+  ext comms: rfc8097-invalid
+  lrg comms:
+  best: True, LOCAL_PREF: 1
+  filtered: True (14)
+
+101.0.9.0/24, AS_PATH: 2 101, NEXT_HOP: 192.0.2.21, via 192.0.2.21
+  std comms:
+  ext comms: rfc8097-invalid
+  lrg comms:
+  best: False, LOCAL_PREF: 1
+  filtered: True (14)
+
+101.1.0.0/24, AS_PATH: 1 101, NEXT_HOP: 192.0.2.101, via 192.0.2.12
+  std comms:
+  ext comms: rfc8097-not-found
+  lrg comms:
+  best: False, LOCAL_PREF: 1
+  filtered: True (5)
+
+101.1.0.0/24, AS_PATH: 1 101, NEXT_HOP: 192.0.2.11, via 192.0.2.11
+  std comms:
+  ext comms: rfc8097-not-found
+  lrg comms:
+  best: True, LOCAL_PREF: 1
+  filtered: True (12)
+
+101.1.0.0/24, AS_PATH: 2 101, NEXT_HOP: 192.0.2.21, via 192.0.2.21
+  std comms:
+  ext comms: rfc8097-not-found
+  lrg comms:
+  best: False, LOCAL_PREF: 1
+  filtered: True (12)
+
+101.2.0.0/17, AS_PATH: 1 101, NEXT_HOP: 192.0.2.101, via 192.0.2.12
+  std comms:
+  ext comms: rfc8097-valid
+  lrg comms:
+  best: False, LOCAL_PREF: 1
+  filtered: True (5)
+
+101.2.0.0/17, AS_PATH: 1 101, NEXT_HOP: 192.0.2.11, via 192.0.2.11
+  std comms:
+  ext comms: rfc8097-valid
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+101.2.0.0/17, AS_PATH: 2 101, NEXT_HOP: 192.0.2.21, via 192.0.2.21
+  std comms:
+  ext comms: rfc8097-valid
+  lrg comms:
+  best: False, LOCAL_PREF: 100
+  filtered: False ()
+
+101.2.1.0/24, AS_PATH: 1 101, NEXT_HOP: 192.0.2.101, via 192.0.2.12
+  std comms:
+  ext comms: rfc8097-invalid
+  lrg comms:
+  best: False, LOCAL_PREF: 1
+  filtered: True (5)
+
+101.2.1.0/24, AS_PATH: 1 101, NEXT_HOP: 192.0.2.11, via 192.0.2.11
+  std comms:
+  ext comms: rfc8097-invalid
+  lrg comms:
+  best: True, LOCAL_PREF: 1
+  filtered: True (12)
+
+101.2.1.0/24, AS_PATH: 2 101, NEXT_HOP: 192.0.2.21, via 192.0.2.21
+  std comms:
+  ext comms: rfc8097-invalid
+  lrg comms:
+  best: False, LOCAL_PREF: 1
+  filtered: True (12)
+
+101.2.128.0/24, AS_PATH: 1 101, NEXT_HOP: 192.0.2.101, via 192.0.2.12
+  std comms:
+  ext comms: rfc8097-valid
+  lrg comms:
+  best: False, LOCAL_PREF: 1
+  filtered: True (5)
+
+101.2.128.0/24, AS_PATH: 1 101, NEXT_HOP: 192.0.2.11, via 192.0.2.11
+  std comms:
+  ext comms: rfc8097-valid
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+101.2.128.0/24, AS_PATH: 2 101, NEXT_HOP: 192.0.2.21, via 192.0.2.21
+  std comms:
+  ext comms: rfc8097-valid
+  lrg comms:
+  best: False, LOCAL_PREF: 100
+  filtered: False ()
+
+101.3.0.0/24, AS_PATH: 1 101 105, NEXT_HOP: 192.0.2.101, via 192.0.2.12
+  std comms:
+  ext comms: rfc8097-valid
+  lrg comms:
+  best: False, LOCAL_PREF: 1
+  filtered: True (5)
+
+101.3.0.0/24, AS_PATH: 1 101 105, NEXT_HOP: 192.0.2.11, via 192.0.2.11
+  std comms:
+  ext comms: rfc8097-valid
+  lrg comms:
+  best: True, LOCAL_PREF: 1
+  filtered: True (9)
+
+101.3.0.0/24, AS_PATH: 2 101 105, NEXT_HOP: 192.0.2.21, via 192.0.2.21
+  std comms:
+  ext comms: rfc8097-valid
+  lrg comms:
+  best: False, LOCAL_PREF: 1
+  filtered: True (9)
+
+102.0.1.0/24, AS_PATH: 1 101 102, NEXT_HOP: 192.0.2.101, via 192.0.2.12
+  std comms:
+  ext comms: rfc8097-not-found
+  lrg comms:
+  best: False, LOCAL_PREF: 1
+  filtered: True (5)
+
+102.0.1.0/24, AS_PATH: 1 101 102, NEXT_HOP: 192.0.2.11, via 192.0.2.11
+  std comms:
+  ext comms: rfc8097-not-found
+  lrg comms:
+  best: True, LOCAL_PREF: 1
+  filtered: True (9)
+
+102.0.1.0/24, AS_PATH: 2 101 102, NEXT_HOP: 192.0.2.21, via 192.0.2.21
+  std comms:
+  ext comms: rfc8097-not-found
+  lrg comms:
+  best: False, LOCAL_PREF: 1
+  filtered: True (9)
+
+103.0.1.0/24, AS_PATH: 1 101 103, NEXT_HOP: 192.0.2.101, via 192.0.2.12
+  std comms: 65535:0
+  ext comms: rfc8097-not-found
+  lrg comms:
+  best: False, LOCAL_PREF: 1
+  filtered: True (5)
+
+103.0.1.0/24, AS_PATH: 1 101 103, NEXT_HOP: 192.0.2.11, via 192.0.2.11
+  std comms: 65535:0
+  ext comms: rfc8097-not-found
+  lrg comms:
+  best: False, LOCAL_PREF: 5
+  filtered: False ()
+
+103.0.1.0/24, AS_PATH: 2 101 101 103, NEXT_HOP: 192.0.2.21, via 192.0.2.21
+  std comms:
+  ext comms: rfc8097-not-found
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+103.0.2.0/24, AS_PATH: 1 101 101 103, NEXT_HOP: 192.0.2.101, via 192.0.2.12
+  std comms:
+  ext comms: rfc8097-not-found
+  lrg comms:
+  best: False, LOCAL_PREF: 1
+  filtered: True (5)
+
+103.0.2.0/24, AS_PATH: 1 101 101 103, NEXT_HOP: 192.0.2.11, via 192.0.2.11
+  std comms:
+  ext comms: rfc8097-not-found
+  lrg comms:
+  best: False, LOCAL_PREF: 100
+  filtered: False ()
+
+103.0.2.0/24, AS_PATH: 2 101 103, NEXT_HOP: 192.0.2.21, via 192.0.2.21
+  std comms:
+  ext comms: rfc8097-not-found
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+104.0.1.0/24, AS_PATH: 1 101 104, NEXT_HOP: 192.0.2.101, via 192.0.2.12
+  std comms:
+  ext comms: rfc8097-not-found
+  lrg comms:
+  best: False, LOCAL_PREF: 1
+  filtered: True (5)
+
+104.0.1.0/24, AS_PATH: 1 101 104, NEXT_HOP: 192.0.2.11, via 192.0.2.11
+  std comms:
+  ext comms: rfc8097-not-found
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+104.0.1.0/24, AS_PATH: 2 101 104, NEXT_HOP: 192.0.2.21, via 192.0.2.21
+  std comms:
+  ext comms: rfc8097-not-found
+  lrg comms:
+  best: False, LOCAL_PREF: 1
+  filtered: True (9)
+
+104.1.1.0/24, AS_PATH: 1 101 104, NEXT_HOP: 192.0.2.101, via 192.0.2.12
+  std comms:
+  ext comms: rfc8097-not-found
+  lrg comms:
+  best: False, LOCAL_PREF: 1
+  filtered: True (5)
+
+104.1.1.0/24, AS_PATH: 1 101 104, NEXT_HOP: 192.0.2.11, via 192.0.2.11
+  std comms:
+  ext comms: rfc8097-not-found
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+104.1.1.0/24, AS_PATH: 2 101 104, NEXT_HOP: 192.0.2.21, via 192.0.2.21
+  std comms:
+  ext comms: rfc8097-not-found
+  lrg comms:
+  best: False, LOCAL_PREF: 1
+  filtered: True (9)
+
+11.1.1.0/24, AS_PATH: 1 1011, NEXT_HOP: 192.0.2.11, via 192.0.2.11
+  std comms:
+  ext comms: rfc8097-not-found
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+11.1.2.0/24, AS_PATH: 1 1000, NEXT_HOP: 192.0.2.11, via 192.0.2.11
+  std comms:
+  ext comms: rfc8097-not-found
+  lrg comms:
+  best: True, LOCAL_PREF: 1
+  filtered: True (9)
+
+11.2.1.0/24, AS_PATH: 1 1011, NEXT_HOP: 192.0.2.11, via 192.0.2.11
+  std comms:
+  ext comms: rfc8097-not-found
+  lrg comms:
+  best: True, LOCAL_PREF: 1
+  filtered: True (12)
+
+11.3.0.0/16, AS_PATH: 1 1011, NEXT_HOP: 192.0.2.11, via 192.0.2.11
+  std comms:
+  ext comms: rfc8097-not-found
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+11.3.1.0/24, AS_PATH: 1 1011, NEXT_HOP: 192.0.2.11, via 192.0.2.11
+  std comms:
+  ext comms: rfc8097-not-found
+  lrg comms:
+  best: True, LOCAL_PREF: 1
+  filtered: True (12)
+
+11.4.1.0/24, AS_PATH: 1 1000, NEXT_HOP: 192.0.2.11, via 192.0.2.11
+  std comms:
+  ext comms: rfc8097-not-found
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+128.0.0.0/10, AS_PATH: 1 2 2 2 2 2 2 1, NEXT_HOP: 192.0.2.11, via 192.0.2.11
+  std comms:
+  ext comms: rfc8097-not-found
+  lrg comms:
+  best: True, LOCAL_PREF: 1
+  filtered: True (1)
+
+128.0.0.0/7, AS_PATH: 1, NEXT_HOP: 192.0.2.11, via 192.0.2.11
+  std comms:
+  ext comms: rfc8097-not-found
+  lrg comms:
+  best: True, LOCAL_PREF: 1
+  filtered: True (13)
+
+128.0.0.0/8, AS_PATH: 2 1, NEXT_HOP: 192.0.2.11, via 192.0.2.11
+  std comms:
+  ext comms: rfc8097-not-found
+  lrg comms: 999:1101:7
+  best: True, LOCAL_PREF: 1
+  filtered: True (6)
+
+128.0.0.0/9, AS_PATH: 1 65536 1, NEXT_HOP: 192.0.2.11, via 192.0.2.11
+  std comms:
+  ext comms: rfc8097-not-found
+  lrg comms:
+  best: True, LOCAL_PREF: 1
+  filtered: True (7)
+
+192.0.2.0/24, AS_PATH: 1, NEXT_HOP: 192.0.2.11, via 192.0.2.11
+  std comms:
+  ext comms: rfc8097-not-found
+  lrg comms:
+  best: True, LOCAL_PREF: 1
+  filtered: True (3)
+
+2.0.1.0/24, AS_PATH: 2, NEXT_HOP: 192.0.2.21, via 192.0.2.21
+  std comms:
+  ext comms: rfc8097-not-found
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2.0.2.0/24, AS_PATH: 2, NEXT_HOP: 192.0.2.21, via 192.0.2.21
+  std comms:
+  ext comms: rfc8097-not-found
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2.0.3.1/32, AS_PATH: 2, NEXT_HOP: 192.0.2.21, via 192.0.2.21
+  std comms: 65530:4, 65535:666
+  ext comms: rfc8097-not-found
+  lrg comms: 999:65530:4
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2.0.3.2/32, AS_PATH: 2, NEXT_HOP: 192.0.2.21, via 192.0.2.21
+  std comms: 65530:4, 65534:0
+  ext comms: rfc8097-not-found
+  lrg comms: 999:65530:4
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2.0.3.3/32, AS_PATH: 2, NEXT_HOP: 192.0.2.21, via 192.0.2.21
+  std comms: 65530:4
+  ext comms: rfc8097-not-found
+  lrg comms: 65534:0:0, 999:65530:4
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2.0.4.0/24, AS_PATH: 2, NEXT_HOP: 192.0.2.22, via 192.0.2.21
+  std comms:
+  ext comms: rfc8097-not-found
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2.0.5.0/24, AS_PATH: 2, NEXT_HOP: 192.0.2.23, via 192.0.2.21
+  std comms:
+  ext comms: rfc8097-not-found
+  lrg comms:
+  best: True, LOCAL_PREF: 1
+  filtered: True (5)
+
+222.1.1.0/24, AS_PATH: 222 333, NEXT_HOP: 192.0.2.222, via 192.0.2.222
+  std comms:
+  ext comms: rfc8097-invalid
+  lrg comms:
+  best: True, LOCAL_PREF: 1
+  filtered: True (14)
+
+222.2.2.0/24, AS_PATH: 222 333, NEXT_HOP: 192.0.2.222, via 192.0.2.222
+  std comms:
+  ext comms: rfc8097-not-found
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+222.3.3.0/24, AS_PATH: 222 333, NEXT_HOP: 192.0.2.222, via 192.0.2.222
+  std comms:
+  ext comms: rfc8097-not-found
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+3.0.1.0/24, AS_PATH: 3, NEXT_HOP: 192.0.2.31, via 192.0.2.31
+  std comms:
+  ext comms: rfc8097-not-found
+  lrg comms:
+  best: True, LOCAL_PREF: 1
+  filtered: True (11)
+
+3.0.10.0/24, AS_PATH: 3, NEXT_HOP: 192.0.2.31, via 192.0.2.31
+  std comms: 65521:65521, 65523:1
+  ext comms: rfc8097-not-found
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+3.0.11.0/24, AS_PATH: 3, NEXT_HOP: 192.0.2.31, via 192.0.2.31
+  std comms: 65507:999
+  ext comms: rfc8097-not-found
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+3.0.12.0/24, AS_PATH: 3, NEXT_HOP: 192.0.2.31, via 192.0.2.31
+  std comms: 65509:1, 65523:2
+  ext comms: rfc8097-not-found
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+3.0.13.0/24, AS_PATH: 3, NEXT_HOP: 192.0.2.31, via 192.0.2.31
+  std comms:
+  ext comms: rfc8097-not-found, soo:65535:65281
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+3.0.14.0/24, AS_PATH: 3 174 33, NEXT_HOP: 192.0.2.31, via 192.0.2.31
+  std comms:
+  ext comms: rfc8097-not-found
+  lrg comms:
+  best: True, LOCAL_PREF: 1
+  filtered: True (8)
+
+3.0.2.0/24, AS_PATH: 3, NEXT_HOP: 192.0.2.31, via 192.0.2.31
+  std comms: 0:999, 65501:1
+  ext comms: rfc8097-not-found
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+3.0.3.0/24, AS_PATH: 3, NEXT_HOP: 192.0.2.31, via 192.0.2.31
+  std comms: 0:1
+  ext comms: rfc8097-not-found
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+3.0.4.0/24, AS_PATH: 3, NEXT_HOP: 192.0.2.31, via 192.0.2.31
+  std comms: 0:999
+  ext comms: rfc8097-not-found
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+3.0.5.0/24, AS_PATH: 3, NEXT_HOP: 192.0.2.31, via 192.0.2.31
+  std comms: 65521:65521
+  ext comms: rfc8097-not-found
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+3.0.6.0/24, AS_PATH: 3, NEXT_HOP: 192.0.2.31, via 192.0.2.31
+  std comms: 65522:65522
+  ext comms: rfc8097-not-found
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+3.0.7.0/24, AS_PATH: 3, NEXT_HOP: 192.0.2.31, via 192.0.2.31
+  std comms: 65523:65523
+  ext comms: rfc8097-not-found
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+3.0.8.0/24, AS_PATH: 3, NEXT_HOP: 192.0.2.31, via 192.0.2.31
+  std comms: 65521:1
+  ext comms: rfc8097-not-found
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+3.0.9.0/24, AS_PATH: 3, NEXT_HOP: 192.0.2.31, via 192.0.2.31
+  std comms: 65522:2
+  ext comms: rfc8097-not-found
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+4.0.1.0/24, AS_PATH: 4, NEXT_HOP: 192.0.2.41, via 192.0.2.41
+  std comms: 0:999, 64532:15
+  ext comms: rfc8097-not-found
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+4.0.10.0/24, AS_PATH: 4, NEXT_HOP: 192.0.2.41, via 192.0.2.41
+  std comms:
+  ext comms: rfc8097-not-found, rt:64537:10, rt:64538:20
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+4.0.2.0/24, AS_PATH: 4, NEXT_HOP: 192.0.2.41, via 192.0.2.41
+  std comms: 0:999, 64532:5
+  ext comms: rfc8097-not-found
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+4.0.3.0/24, AS_PATH: 4, NEXT_HOP: 192.0.2.41, via 192.0.2.41
+  std comms: 64531:15
+  ext comms: rfc8097-not-found
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+4.0.4.0/24, AS_PATH: 4, NEXT_HOP: 192.0.2.41, via 192.0.2.41
+  std comms: 64531:5
+  ext comms: rfc8097-not-found
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+4.0.5.0/24, AS_PATH: 4, NEXT_HOP: 192.0.2.41, via 192.0.2.41
+  std comms: 64531:5, 65501:3
+  ext comms: rfc8097-not-found
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+4.0.6.0/24, AS_PATH: 4, NEXT_HOP: 192.0.2.41, via 192.0.2.41
+  std comms: 64530:5, 64531:100
+  ext comms: rfc8097-not-found
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+4.0.7.1/32, AS_PATH: 4, NEXT_HOP: 192.0.2.41, via 192.0.2.41
+  std comms: 64531:20, 65530:4, 65535:666
+  ext comms: rfc8097-not-found
+  lrg comms: 999:65530:4
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+4.0.8.0/24, AS_PATH: 4, NEXT_HOP: 192.0.2.41, via 192.0.2.41
+  std comms: 64538:10, 64539:100
+  ext comms: rfc8097-not-found
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+4.0.9.0/24, AS_PATH: 4, NEXT_HOP: 192.0.2.41, via 192.0.2.41
+  std comms: 64535:20, 64536:5, 65521:65521
+  ext comms: rfc8097-not-found
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
diff --git a/tests/live_tests/scenarios/global/routes/BasicScenario_OpenBGPDIPv6/openbgpd76p/AS101.txt b/tests/live_tests/scenarios/global/routes/BasicScenario_OpenBGPDIPv6/openbgpd76p/AS101.txt
new file mode 100644
index 00000000..022728e9
--- /dev/null
+++ b/tests/live_tests/scenarios/global/routes/BasicScenario_OpenBGPDIPv6/openbgpd76p/AS101.txt
@@ -0,0 +1,588 @@
+2001::/48, AS_PATH: 1, NEXT_HOP: 2001:db8:1:1::11, via 2001:db8:1:1::11
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2001:db8:1::/48, AS_PATH: 1, NEXT_HOP: 2001:db8:1:1::11, via 2001:db8:1:1::11
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a01:0:1::/48, AS_PATH: 1, NEXT_HOP: 2001:db8:1:1::11, via 2001:db8:1:1::11
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a01:0:1::/48, AS_PATH: 1, NEXT_HOP: 2001:db8:1:1::12, via 2001:db8:1:1::12
+  std comms:
+  ext comms:
+  lrg comms:
+  best: False, LOCAL_PREF: 100
+  filtered: False ()
+
+2a01:0:1::/48, AS_PATH: 2 1, NEXT_HOP: 2001:db8:1:1::21, via 2001:db8:1:1::21
+  std comms:
+  ext comms:
+  lrg comms:
+  best: False, LOCAL_PREF: 100
+  filtered: False ()
+
+2a01:0:2::/48, AS_PATH: 1, NEXT_HOP: 2001:db8:1:1::11, via 2001:db8:1:1::11
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a01:0:2::/48, AS_PATH: 1, NEXT_HOP: 2001:db8:1:1::12, via 2001:db8:1:1::12
+  std comms:
+  ext comms:
+  lrg comms:
+  best: False, LOCAL_PREF: 100
+  filtered: False ()
+
+2a01:0:2::/48, AS_PATH: 2 1, NEXT_HOP: 2001:db8:1:1::21, via 2001:db8:1:1::21
+  std comms:
+  ext comms:
+  lrg comms:
+  best: False, LOCAL_PREF: 100
+  filtered: False ()
+
+2a01:0:3::/48, AS_PATH: 1, NEXT_HOP: 2001:db8:1:1::12, via 2001:db8:1:1::12
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a01:0:3::/48, AS_PATH: 2 1, NEXT_HOP: 2001:db8:1:1::21, via 2001:db8:1:1::21
+  std comms:
+  ext comms:
+  lrg comms:
+  best: False, LOCAL_PREF: 100
+  filtered: False ()
+
+2a02:0:1::/48, AS_PATH: 1 2, NEXT_HOP: 2001:db8:1:1::11, via 2001:db8:1:1::11
+  std comms:
+  ext comms:
+  lrg comms:
+  best: False, LOCAL_PREF: 100
+  filtered: False ()
+
+2a02:0:1::/48, AS_PATH: 1 2, NEXT_HOP: 2001:db8:1:1::12, via 2001:db8:1:1::12
+  std comms:
+  ext comms:
+  lrg comms:
+  best: False, LOCAL_PREF: 100
+  filtered: False ()
+
+2a02:0:1::/48, AS_PATH: 2, NEXT_HOP: 2001:db8:1:1::21, via 2001:db8:1:1::21
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a02:0:2::/48, AS_PATH: 1 2, NEXT_HOP: 2001:db8:1:1::11, via 2001:db8:1:1::11
+  std comms:
+  ext comms:
+  lrg comms:
+  best: False, LOCAL_PREF: 100
+  filtered: False ()
+
+2a02:0:2::/48, AS_PATH: 1 2, NEXT_HOP: 2001:db8:1:1::12, via 2001:db8:1:1::12
+  std comms:
+  ext comms:
+  lrg comms:
+  best: False, LOCAL_PREF: 100
+  filtered: False ()
+
+2a02:0:2::/48, AS_PATH: 2, NEXT_HOP: 2001:db8:1:1::21, via 2001:db8:1:1::21
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a02:0:3::1/128, AS_PATH: 2, NEXT_HOP: 2001:db8:1:1::21, via 2001:db8:1:1::21
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a02:0:3::2/128, AS_PATH: 2, NEXT_HOP: 2001:db8:1:1::21, via 2001:db8:1:1::21
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a02:0:3::3/128, AS_PATH: 2, NEXT_HOP: 2001:db8:1:1::21, via 2001:db8:1:1::21
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a02:0:4::/48, AS_PATH: 1 2, NEXT_HOP: 2001:db8:1:1::11, via 2001:db8:1:1::11
+  std comms:
+  ext comms:
+  lrg comms:
+  best: False, LOCAL_PREF: 100
+  filtered: False ()
+
+2a02:0:4::/48, AS_PATH: 1 2, NEXT_HOP: 2001:db8:1:1::12, via 2001:db8:1:1::12
+  std comms:
+  ext comms:
+  lrg comms:
+  best: False, LOCAL_PREF: 100
+  filtered: False ()
+
+2a02:0:4::/48, AS_PATH: 2, NEXT_HOP: 2001:db8:1:1::21, via 2001:db8:1:1::21
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a02:0:5::/48, AS_PATH: 2, NEXT_HOP: 2001:db8:1:1::21, via 2001:db8:1:1::21
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a03:0:2::/48, AS_PATH: 1 3, NEXT_HOP: 2001:db8:1:1::11, via 2001:db8:1:1::11
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a03:0:2::/48, AS_PATH: 1 3, NEXT_HOP: 2001:db8:1:1::12, via 2001:db8:1:1::12
+  std comms:
+  ext comms:
+  lrg comms:
+  best: False, LOCAL_PREF: 100
+  filtered: False ()
+
+2a03:0:3::/48, AS_PATH: 2 3, NEXT_HOP: 2001:db8:1:1::21, via 2001:db8:1:1::21
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a03:0:5::/48, AS_PATH: 1 3 3, NEXT_HOP: 2001:db8:1:1::11, via 2001:db8:1:1::11
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a03:0:5::/48, AS_PATH: 1 3 3, NEXT_HOP: 2001:db8:1:1::12, via 2001:db8:1:1::12
+  std comms:
+  ext comms:
+  lrg comms:
+  best: False, LOCAL_PREF: 100
+  filtered: False ()
+
+2a03:0:5::/48, AS_PATH: 2 3 3, NEXT_HOP: 2001:db8:1:1::21, via 2001:db8:1:1::21
+  std comms:
+  ext comms:
+  lrg comms:
+  best: False, LOCAL_PREF: 100
+  filtered: False ()
+
+2a03:0:6::/48, AS_PATH: 1 3 3 3, NEXT_HOP: 2001:db8:1:1::11, via 2001:db8:1:1::11
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a03:0:6::/48, AS_PATH: 1 3 3 3, NEXT_HOP: 2001:db8:1:1::12, via 2001:db8:1:1::12
+  std comms:
+  ext comms:
+  lrg comms:
+  best: False, LOCAL_PREF: 100
+  filtered: False ()
+
+2a03:0:6::/48, AS_PATH: 2 3 3 3, NEXT_HOP: 2001:db8:1:1::21, via 2001:db8:1:1::21
+  std comms:
+  ext comms:
+  lrg comms:
+  best: False, LOCAL_PREF: 100
+  filtered: False ()
+
+2a03:0:7::/48, AS_PATH: 1 3 3 3 3, NEXT_HOP: 2001:db8:1:1::11, via 2001:db8:1:1::11
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a03:0:7::/48, AS_PATH: 1 3 3 3 3, NEXT_HOP: 2001:db8:1:1::12, via 2001:db8:1:1::12
+  std comms:
+  ext comms:
+  lrg comms:
+  best: False, LOCAL_PREF: 100
+  filtered: False ()
+
+2a03:0:7::/48, AS_PATH: 2 3 3 3 3, NEXT_HOP: 2001:db8:1:1::21, via 2001:db8:1:1::21
+  std comms:
+  ext comms:
+  lrg comms:
+  best: False, LOCAL_PREF: 100
+  filtered: False ()
+
+2a03:0:8::/48, AS_PATH: 1 3 3, NEXT_HOP: 2001:db8:1:1::11, via 2001:db8:1:1::11
+  std comms:
+  ext comms:
+  lrg comms:
+  best: False, LOCAL_PREF: 100
+  filtered: False ()
+
+2a03:0:8::/48, AS_PATH: 1 3 3, NEXT_HOP: 2001:db8:1:1::12, via 2001:db8:1:1::12
+  std comms:
+  ext comms:
+  lrg comms:
+  best: False, LOCAL_PREF: 100
+  filtered: False ()
+
+2a03:0:8::/48, AS_PATH: 2 3, NEXT_HOP: 2001:db8:1:1::21, via 2001:db8:1:1::21
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a03:0:9::/48, AS_PATH: 1 3, NEXT_HOP: 2001:db8:1:1::11, via 2001:db8:1:1::11
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a03:0:9::/48, AS_PATH: 1 3, NEXT_HOP: 2001:db8:1:1::12, via 2001:db8:1:1::12
+  std comms:
+  ext comms:
+  lrg comms:
+  best: False, LOCAL_PREF: 100
+  filtered: False ()
+
+2a03:0:9::/48, AS_PATH: 2 3 3 3, NEXT_HOP: 2001:db8:1:1::21, via 2001:db8:1:1::21
+  std comms:
+  ext comms:
+  lrg comms:
+  best: False, LOCAL_PREF: 100
+  filtered: False ()
+
+2a03:0:a::/48, AS_PATH: 1 3 3 3 3, NEXT_HOP: 2001:db8:1:1::11, via 2001:db8:1:1::11
+  std comms:
+  ext comms:
+  lrg comms:
+  best: False, LOCAL_PREF: 100
+  filtered: False ()
+
+2a03:0:a::/48, AS_PATH: 1 3 3 3 3, NEXT_HOP: 2001:db8:1:1::12, via 2001:db8:1:1::12
+  std comms:
+  ext comms:
+  lrg comms:
+  best: False, LOCAL_PREF: 100
+  filtered: False ()
+
+2a03:0:a::/48, AS_PATH: 2 3 3, NEXT_HOP: 2001:db8:1:1::21, via 2001:db8:1:1::21
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a03:0:c::/48, AS_PATH: 2 3 3 3 3, NEXT_HOP: 2001:db8:1:1::21, via 2001:db8:1:1::21
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a04:0:1::/48, AS_PATH: 1 4, NEXT_HOP: 2001:db8:1:1::11, via 2001:db8:1:1::11
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a04:0:1::/48, AS_PATH: 1 4, NEXT_HOP: 2001:db8:1:1::12, via 2001:db8:1:1::12
+  std comms:
+  ext comms:
+  lrg comms:
+  best: False, LOCAL_PREF: 100
+  filtered: False ()
+
+2a04:0:2::/48, AS_PATH: 1 4, NEXT_HOP: 2001:db8:1:1::11, via 2001:db8:1:1::11
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a04:0:2::/48, AS_PATH: 1 4, NEXT_HOP: 2001:db8:1:1::12, via 2001:db8:1:1::12
+  std comms:
+  ext comms:
+  lrg comms:
+  best: False, LOCAL_PREF: 100
+  filtered: False ()
+
+2a04:0:3::/48, AS_PATH: 1 4, NEXT_HOP: 2001:db8:1:1::11, via 2001:db8:1:1::11
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a04:0:3::/48, AS_PATH: 1 4, NEXT_HOP: 2001:db8:1:1::12, via 2001:db8:1:1::12
+  std comms:
+  ext comms:
+  lrg comms:
+  best: False, LOCAL_PREF: 100
+  filtered: False ()
+
+2a04:0:4::/48, AS_PATH: 1 4, NEXT_HOP: 2001:db8:1:1::11, via 2001:db8:1:1::11
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a04:0:4::/48, AS_PATH: 1 4, NEXT_HOP: 2001:db8:1:1::12, via 2001:db8:1:1::12
+  std comms:
+  ext comms:
+  lrg comms:
+  best: False, LOCAL_PREF: 100
+  filtered: False ()
+
+2a04:0:5::/48, AS_PATH: 1 4, NEXT_HOP: 2001:db8:1:1::11, via 2001:db8:1:1::11
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a04:0:5::/48, AS_PATH: 1 4, NEXT_HOP: 2001:db8:1:1::12, via 2001:db8:1:1::12
+  std comms:
+  ext comms:
+  lrg comms:
+  best: False, LOCAL_PREF: 100
+  filtered: False ()
+
+2a04:0:6::/48, AS_PATH: 2 4, NEXT_HOP: 2001:db8:1:1::21, via 2001:db8:1:1::21
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a04:0:8::/48, AS_PATH: 1 4, NEXT_HOP: 2001:db8:1:1::11, via 2001:db8:1:1::11
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a04:0:8::/48, AS_PATH: 1 4, NEXT_HOP: 2001:db8:1:1::12, via 2001:db8:1:1::12
+  std comms:
+  ext comms:
+  lrg comms:
+  best: False, LOCAL_PREF: 100
+  filtered: False ()
+
+2a04:0:8::/48, AS_PATH: 2 4 4 4, NEXT_HOP: 2001:db8:1:1::21, via 2001:db8:1:1::21
+  std comms:
+  ext comms:
+  lrg comms:
+  best: False, LOCAL_PREF: 100
+  filtered: False ()
+
+2a04:0:9::/48, AS_PATH: 1 4 4 4 4, NEXT_HOP: 2001:db8:1:1::11, via 2001:db8:1:1::11
+  std comms:
+  ext comms:
+  lrg comms:
+  best: False, LOCAL_PREF: 100
+  filtered: False ()
+
+2a04:0:9::/48, AS_PATH: 1 4 4 4 4, NEXT_HOP: 2001:db8:1:1::12, via 2001:db8:1:1::12
+  std comms:
+  ext comms:
+  lrg comms:
+  best: False, LOCAL_PREF: 100
+  filtered: False ()
+
+2a04:0:9::/48, AS_PATH: 2 4 4 4, NEXT_HOP: 2001:db8:1:1::21, via 2001:db8:1:1::21
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a04:0:a::/48, AS_PATH: 1 4, NEXT_HOP: 2001:db8:1:1::11, via 2001:db8:1:1::11
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a04:0:a::/48, AS_PATH: 1 4, NEXT_HOP: 2001:db8:1:1::12, via 2001:db8:1:1::12
+  std comms:
+  ext comms:
+  lrg comms:
+  best: False, LOCAL_PREF: 100
+  filtered: False ()
+
+2a04:0:a::/48, AS_PATH: 2 4 4, NEXT_HOP: 2001:db8:1:1::21, via 2001:db8:1:1::21
+  std comms:
+  ext comms:
+  lrg comms:
+  best: False, LOCAL_PREF: 100
+  filtered: False ()
+
+2a11:1:1::/48, AS_PATH: 1, NEXT_HOP: 2001:db8:1:1::11, via 2001:db8:1:1::11
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a11:1:1::/48, AS_PATH: 2 1 1011, NEXT_HOP: 2001:db8:1:1::21, via 2001:db8:1:1::21
+  std comms:
+  ext comms:
+  lrg comms:
+  best: False, LOCAL_PREF: 100
+  filtered: False ()
+
+2a11:1:2::/48, AS_PATH: 1, NEXT_HOP: 2001:db8:1:1::11, via 2001:db8:1:1::11
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a11:2:1::/48, AS_PATH: 1, NEXT_HOP: 2001:db8:1:1::11, via 2001:db8:1:1::11
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a11:3:1::/48, AS_PATH: 1, NEXT_HOP: 2001:db8:1:1::11, via 2001:db8:1:1::11
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a11:3::/32, AS_PATH: 1, NEXT_HOP: 2001:db8:1:1::11, via 2001:db8:1:1::11
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a11:3::/32, AS_PATH: 2 1 1011, NEXT_HOP: 2001:db8:1:1::21, via 2001:db8:1:1::21
+  std comms:
+  ext comms:
+  lrg comms:
+  best: False, LOCAL_PREF: 100
+  filtered: False ()
+
+2a11:4:1::/48, AS_PATH: 1, NEXT_HOP: 2001:db8:1:1::11, via 2001:db8:1:1::11
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a11:4:1::/48, AS_PATH: 2 1 1000, NEXT_HOP: 2001:db8:1:1::21, via 2001:db8:1:1::21
+  std comms:
+  ext comms:
+  lrg comms:
+  best: False, LOCAL_PREF: 100
+  filtered: False ()
+
+2a99:1::/48, AS_PATH: 1, NEXT_HOP: 2001:db8:1:1::11, via 2001:db8:1:1::11
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a99:2::/48, AS_PATH: 1, NEXT_HOP: 2001:db8:1:1::11, via 2001:db8:1:1::11
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a99::/16, AS_PATH: 1, NEXT_HOP: 2001:db8:1:1::11, via 2001:db8:1:1::11
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a99::/32, AS_PATH: 1, NEXT_HOP: 2001:db8:1:1::11, via 2001:db8:1:1::11
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+3222:0:2::/48, AS_PATH: 1 222 333, NEXT_HOP: 2001:db8:1:1::11, via 2001:db8:1:1::11
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+3222:0:2::/48, AS_PATH: 1 222 333, NEXT_HOP: 2001:db8:1:1::12, via 2001:db8:1:1::12
+  std comms:
+  ext comms:
+  lrg comms:
+  best: False, LOCAL_PREF: 100
+  filtered: False ()
+
+3222:0:2::/48, AS_PATH: 2 222 333, NEXT_HOP: 2001:db8:1:1::21, via 2001:db8:1:1::21
+  std comms:
+  ext comms:
+  lrg comms:
+  best: False, LOCAL_PREF: 100
+  filtered: False ()
+
+3222:0:3::/48, AS_PATH: 1 222 333, NEXT_HOP: 2001:db8:1:1::11, via 2001:db8:1:1::11
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+3222:0:3::/48, AS_PATH: 1 222 333, NEXT_HOP: 2001:db8:1:1::12, via 2001:db8:1:1::12
+  std comms:
+  ext comms:
+  lrg comms:
+  best: False, LOCAL_PREF: 100
+  filtered: False ()
+
+3222:0:3::/48, AS_PATH: 2 222 333, NEXT_HOP: 2001:db8:1:1::21, via 2001:db8:1:1::21
+  std comms:
+  ext comms:
+  lrg comms:
+  best: False, LOCAL_PREF: 100
+  filtered: False ()
+
diff --git a/tests/live_tests/scenarios/global/routes/BasicScenario_OpenBGPDIPv6/openbgpd76p/AS1_1.txt b/tests/live_tests/scenarios/global/routes/BasicScenario_OpenBGPDIPv6/openbgpd76p/AS1_1.txt
new file mode 100644
index 00000000..4db874d8
--- /dev/null
+++ b/tests/live_tests/scenarios/global/routes/BasicScenario_OpenBGPDIPv6/openbgpd76p/AS1_1.txt
@@ -0,0 +1,357 @@
+2a02:0:1::/48, AS_PATH: 2, NEXT_HOP: 2001:db8:1:1::21, via 2001:db8:1:1::2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a02:0:2::/48, AS_PATH: 2, NEXT_HOP: 2001:db8:1:1::21, via 2001:db8:1:1::2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a02:0:3::1/128, AS_PATH: 2, NEXT_HOP: 2001:db8:1:1::66, via 2001:db8:1:1::2
+  std comms: 65530:4, 65535:65281, 65535:666
+  ext comms:
+  lrg comms: 999:65530:4
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a02:0:3::2/128, AS_PATH: 2, NEXT_HOP: 2001:db8:1:1::66, via 2001:db8:1:1::2
+  std comms: 65530:4, 65535:65281, 65535:666
+  ext comms:
+  lrg comms: 999:65530:4
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a02:0:3::3/128, AS_PATH: 2, NEXT_HOP: 2001:db8:1:1::66, via 2001:db8:1:1::2
+  std comms: 65530:4, 65535:65281, 65535:666
+  ext comms:
+  lrg comms: 999:65530:4
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a02:0:4::/48, AS_PATH: 2, NEXT_HOP: 2001:db8:1:1::22, via 2001:db8:1:1::2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a03:0:2::/48, AS_PATH: 3, NEXT_HOP: 2001:db8:1:1::31, via 2001:db8:1:1::2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a03:0:5::/48, AS_PATH: 3 3, NEXT_HOP: 2001:db8:1:1::31, via 2001:db8:1:1::2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a03:0:6::/48, AS_PATH: 3 3 3, NEXT_HOP: 2001:db8:1:1::31, via 2001:db8:1:1::2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a03:0:7::/48, AS_PATH: 3 3 3 3, NEXT_HOP: 2001:db8:1:1::31, via 2001:db8:1:1::2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a03:0:8::/48, AS_PATH: 3 3, NEXT_HOP: 2001:db8:1:1::31, via 2001:db8:1:1::2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a03:0:9::/48, AS_PATH: 3, NEXT_HOP: 2001:db8:1:1::31, via 2001:db8:1:1::2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a03:0:a::/48, AS_PATH: 3 3 3 3, NEXT_HOP: 2001:db8:1:1::31, via 2001:db8:1:1::2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a03:0:b::/48, AS_PATH: 3, NEXT_HOP: 2001:db8:1:1::31, via 2001:db8:1:1::2
+  std comms: 65535:65281
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a03:0:c::/48, AS_PATH: 3, NEXT_HOP: 2001:db8:1:1::31, via 2001:db8:1:1::2
+  std comms: 65535:65281
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a03:0:d::/48, AS_PATH: 3, NEXT_HOP: 2001:db8:1:1::31, via 2001:db8:1:1::2
+  std comms: 65535:65281
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a04:0:1::/48, AS_PATH: 4, NEXT_HOP: 2001:db8:1:1::41, via 2001:db8:1:1::2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a04:0:2::/48, AS_PATH: 4, NEXT_HOP: 2001:db8:1:1::41, via 2001:db8:1:1::2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a04:0:3::/48, AS_PATH: 4, NEXT_HOP: 2001:db8:1:1::41, via 2001:db8:1:1::2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a04:0:4::/48, AS_PATH: 4, NEXT_HOP: 2001:db8:1:1::41, via 2001:db8:1:1::2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a04:0:5::/48, AS_PATH: 4, NEXT_HOP: 2001:db8:1:1::41, via 2001:db8:1:1::2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a04:0:7::1/128, AS_PATH: 4, NEXT_HOP: 2001:db8:1:1::66, via 2001:db8:1:1::2
+  std comms: 65530:4, 65535:65281, 65535:666
+  ext comms:
+  lrg comms: 999:65530:4
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a04:0:8::/48, AS_PATH: 4, NEXT_HOP: 2001:db8:1:1::41, via 2001:db8:1:1::2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a04:0:9::/48, AS_PATH: 4 4 4 4, NEXT_HOP: 2001:db8:1:1::41, via 2001:db8:1:1::2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a04:0:a::/48, AS_PATH: 4, NEXT_HOP: 2001:db8:1:1::41, via 2001:db8:1:1::2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+3101:0:10::/48, AS_PATH: 101 666, NEXT_HOP: 2001:db8:1:1::101, via 2001:db8:1:1::101
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+3101:0:11::/48, AS_PATH: 101 777, NEXT_HOP: 2001:db8:1:1::101, via 2001:db8:1:1::101
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+3101:0:1::/48, AS_PATH: 101, NEXT_HOP: 2001:db8:1:1::101, via 2001:db8:1:1::101
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+3101:0:2::/48, AS_PATH: 101, NEXT_HOP: 2001:db8:1:1::101, via 2001:db8:1:1::101
+  std comms: 65530:0
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+3101:0:3::/48, AS_PATH: 101, NEXT_HOP: 2001:db8:1:1::101, via 2001:db8:1:1::101
+  std comms:
+  ext comms:
+  lrg comms: 999:65530:0
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+3101:0:4::/48, AS_PATH: 101, NEXT_HOP: 2001:db8:1:1::101, via 2001:db8:1:1::101
+  std comms: 888:0
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+3101:0:5::/48, AS_PATH: 101, NEXT_HOP: 2001:db8:1:1::101, via 2001:db8:1:1::101
+  std comms:
+  ext comms:
+  lrg comms: 888:0:0
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+3101:0:6::/48, AS_PATH: 101, NEXT_HOP: 2001:db8:1:1::101, via 2001:db8:1:1::101
+  std comms: 65530:1, 777:0
+  ext comms:
+  lrg comms: 777:0:0, 999:65530:1
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+3101:0:7::/48, AS_PATH: 101 174, NEXT_HOP: 2001:db8:1:1::101, via 2001:db8:1:1::101
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+3101:0:8000::/48, AS_PATH: 101, NEXT_HOP: 2001:db8:1:1::101, via 2001:db8:1:1::101
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+3101:0:8000::1/128, AS_PATH: 101, NEXT_HOP: 2001:db8:1:1::101, via 2001:db8:1:1::101
+  std comms: 65535:666
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+3101:0:8::/48, AS_PATH: 101, NEXT_HOP: 2001:db8:1:1::101, via 2001:db8:1:1::101
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+3101:0:9::/48, AS_PATH: 101, NEXT_HOP: 2001:db8:1:1::101, via 2001:db8:1:1::101
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+3101:1::/48, AS_PATH: 101, NEXT_HOP: 2001:db8:1:1::101, via 2001:db8:1:1::101
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+3101:2:4000::/34, AS_PATH: 101, NEXT_HOP: 2001:db8:1:1::101, via 2001:db8:1:1::101
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+3101:2:8000::/48, AS_PATH: 101, NEXT_HOP: 2001:db8:1:1::101, via 2001:db8:1:1::101
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+3101:2::/33, AS_PATH: 101, NEXT_HOP: 2001:db8:1:1::101, via 2001:db8:1:1::101
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+3101:3:1::/48, AS_PATH: 101 105, NEXT_HOP: 2001:db8:1:1::101, via 2001:db8:1:1::101
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+3102:0:1::/48, AS_PATH: 101 102, NEXT_HOP: 2001:db8:1:1::101, via 2001:db8:1:1::101
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+3103:0:1::/48, AS_PATH: 101 103, NEXT_HOP: 2001:db8:1:1::101, via 2001:db8:1:1::101
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+3103:0:2::/48, AS_PATH: 101 101 103, NEXT_HOP: 2001:db8:1:1::101, via 2001:db8:1:1::101
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+3104:0:1::/48, AS_PATH: 101 104, NEXT_HOP: 2001:db8:1:1::101, via 2001:db8:1:1::101
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+3104:1:1::/48, AS_PATH: 101 104, NEXT_HOP: 2001:db8:1:1::101, via 2001:db8:1:1::101
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+3222:0:2::/48, AS_PATH: 222 333, NEXT_HOP: 2001:db8:1:1::222, via 2001:db8:1:1::2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+3222:0:3::/48, AS_PATH: 222 333, NEXT_HOP: 2001:db8:1:1::222, via 2001:db8:1:1::2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+8000:1::/32, AS_PATH: 101, NEXT_HOP: 2001:db8:1:1::101, via 2001:db8:1:1::101
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
diff --git a/tests/live_tests/scenarios/global/routes/BasicScenario_OpenBGPDIPv6/openbgpd76p/AS1_2.txt b/tests/live_tests/scenarios/global/routes/BasicScenario_OpenBGPDIPv6/openbgpd76p/AS1_2.txt
new file mode 100644
index 00000000..5e6299fb
--- /dev/null
+++ b/tests/live_tests/scenarios/global/routes/BasicScenario_OpenBGPDIPv6/openbgpd76p/AS1_2.txt
@@ -0,0 +1,329 @@
+2a02:0:1::/48, AS_PATH: 2, NEXT_HOP: 2001:db8:1:1::21, via 2001:db8:1:1::2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a02:0:2::/48, AS_PATH: 2, NEXT_HOP: 2001:db8:1:1::21, via 2001:db8:1:1::2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a02:0:4::/48, AS_PATH: 2, NEXT_HOP: 2001:db8:1:1::22, via 2001:db8:1:1::2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a03:0:2::/48, AS_PATH: 3, NEXT_HOP: 2001:db8:1:1::31, via 2001:db8:1:1::2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a03:0:5::/48, AS_PATH: 3 3, NEXT_HOP: 2001:db8:1:1::31, via 2001:db8:1:1::2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a03:0:6::/48, AS_PATH: 3 3 3, NEXT_HOP: 2001:db8:1:1::31, via 2001:db8:1:1::2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a03:0:7::/48, AS_PATH: 3 3 3 3, NEXT_HOP: 2001:db8:1:1::31, via 2001:db8:1:1::2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a03:0:8::/48, AS_PATH: 3 3, NEXT_HOP: 2001:db8:1:1::31, via 2001:db8:1:1::2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a03:0:9::/48, AS_PATH: 3, NEXT_HOP: 2001:db8:1:1::31, via 2001:db8:1:1::2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a03:0:a::/48, AS_PATH: 3 3 3 3, NEXT_HOP: 2001:db8:1:1::31, via 2001:db8:1:1::2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a03:0:b::/48, AS_PATH: 3, NEXT_HOP: 2001:db8:1:1::31, via 2001:db8:1:1::2
+  std comms: 65535:65281
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a03:0:c::/48, AS_PATH: 3, NEXT_HOP: 2001:db8:1:1::31, via 2001:db8:1:1::2
+  std comms: 65535:65281
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a03:0:d::/48, AS_PATH: 3, NEXT_HOP: 2001:db8:1:1::31, via 2001:db8:1:1::2
+  std comms: 65535:65281
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a04:0:1::/48, AS_PATH: 4, NEXT_HOP: 2001:db8:1:1::41, via 2001:db8:1:1::2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a04:0:2::/48, AS_PATH: 4, NEXT_HOP: 2001:db8:1:1::41, via 2001:db8:1:1::2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a04:0:3::/48, AS_PATH: 4, NEXT_HOP: 2001:db8:1:1::41, via 2001:db8:1:1::2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a04:0:4::/48, AS_PATH: 4, NEXT_HOP: 2001:db8:1:1::41, via 2001:db8:1:1::2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a04:0:5::/48, AS_PATH: 4, NEXT_HOP: 2001:db8:1:1::41, via 2001:db8:1:1::2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a04:0:8::/48, AS_PATH: 4, NEXT_HOP: 2001:db8:1:1::41, via 2001:db8:1:1::2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a04:0:9::/48, AS_PATH: 4 4 4 4, NEXT_HOP: 2001:db8:1:1::41, via 2001:db8:1:1::2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a04:0:a::/48, AS_PATH: 4, NEXT_HOP: 2001:db8:1:1::41, via 2001:db8:1:1::2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+3101:0:10::/48, AS_PATH: 101 666, NEXT_HOP: 2001:db8:1:1::101, via 2001:db8:1:1::101
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+3101:0:11::/48, AS_PATH: 101 777, NEXT_HOP: 2001:db8:1:1::101, via 2001:db8:1:1::101
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+3101:0:1::/48, AS_PATH: 101, NEXT_HOP: 2001:db8:1:1::101, via 2001:db8:1:1::101
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+3101:0:2::/48, AS_PATH: 101, NEXT_HOP: 2001:db8:1:1::101, via 2001:db8:1:1::101
+  std comms: 65530:0
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+3101:0:3::/48, AS_PATH: 101, NEXT_HOP: 2001:db8:1:1::101, via 2001:db8:1:1::101
+  std comms:
+  ext comms:
+  lrg comms: 999:65530:0
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+3101:0:4::/48, AS_PATH: 101, NEXT_HOP: 2001:db8:1:1::101, via 2001:db8:1:1::101
+  std comms: 888:0
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+3101:0:5::/48, AS_PATH: 101, NEXT_HOP: 2001:db8:1:1::101, via 2001:db8:1:1::101
+  std comms:
+  ext comms:
+  lrg comms: 888:0:0
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+3101:0:6::/48, AS_PATH: 101, NEXT_HOP: 2001:db8:1:1::101, via 2001:db8:1:1::101
+  std comms: 65530:1, 777:0
+  ext comms:
+  lrg comms: 777:0:0, 999:65530:1
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+3101:0:7::/48, AS_PATH: 101 174, NEXT_HOP: 2001:db8:1:1::101, via 2001:db8:1:1::101
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+3101:0:8000::/48, AS_PATH: 101, NEXT_HOP: 2001:db8:1:1::101, via 2001:db8:1:1::101
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+3101:0:8000::1/128, AS_PATH: 101, NEXT_HOP: 2001:db8:1:1::101, via 2001:db8:1:1::101
+  std comms: 65535:666
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+3101:0:8::/48, AS_PATH: 101, NEXT_HOP: 2001:db8:1:1::101, via 2001:db8:1:1::101
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+3101:0:9::/48, AS_PATH: 101, NEXT_HOP: 2001:db8:1:1::101, via 2001:db8:1:1::101
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+3101:1::/48, AS_PATH: 101, NEXT_HOP: 2001:db8:1:1::101, via 2001:db8:1:1::101
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+3101:2:4000::/34, AS_PATH: 101, NEXT_HOP: 2001:db8:1:1::101, via 2001:db8:1:1::101
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+3101:2:8000::/48, AS_PATH: 101, NEXT_HOP: 2001:db8:1:1::101, via 2001:db8:1:1::101
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+3101:2::/33, AS_PATH: 101, NEXT_HOP: 2001:db8:1:1::101, via 2001:db8:1:1::101
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+3101:3:1::/48, AS_PATH: 101 105, NEXT_HOP: 2001:db8:1:1::101, via 2001:db8:1:1::101
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+3102:0:1::/48, AS_PATH: 101 102, NEXT_HOP: 2001:db8:1:1::101, via 2001:db8:1:1::101
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+3103:0:1::/48, AS_PATH: 101 103, NEXT_HOP: 2001:db8:1:1::101, via 2001:db8:1:1::101
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+3103:0:2::/48, AS_PATH: 101 101 103, NEXT_HOP: 2001:db8:1:1::101, via 2001:db8:1:1::101
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+3104:0:1::/48, AS_PATH: 101 104, NEXT_HOP: 2001:db8:1:1::101, via 2001:db8:1:1::101
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+3104:1:1::/48, AS_PATH: 101 104, NEXT_HOP: 2001:db8:1:1::101, via 2001:db8:1:1::101
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+3222:0:2::/48, AS_PATH: 222 333, NEXT_HOP: 2001:db8:1:1::222, via 2001:db8:1:1::2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+3222:0:3::/48, AS_PATH: 222 333, NEXT_HOP: 2001:db8:1:1::222, via 2001:db8:1:1::2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+8000:1::/32, AS_PATH: 101, NEXT_HOP: 2001:db8:1:1::101, via 2001:db8:1:1::101
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
diff --git a/tests/live_tests/scenarios/global/routes/BasicScenario_OpenBGPDIPv6/openbgpd76p/AS2.txt b/tests/live_tests/scenarios/global/routes/BasicScenario_OpenBGPDIPv6/openbgpd76p/AS2.txt
new file mode 100644
index 00000000..bac1b23a
--- /dev/null
+++ b/tests/live_tests/scenarios/global/routes/BasicScenario_OpenBGPDIPv6/openbgpd76p/AS2.txt
@@ -0,0 +1,413 @@
+2a01:0:1::/48, AS_PATH: 1, NEXT_HOP: 2001:db8:1:1::11, via 2001:db8:1:1::2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a01:0:2::/48, AS_PATH: 1, NEXT_HOP: 2001:db8:1:1::11, via 2001:db8:1:1::2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a01:0:3::/48, AS_PATH: 1, NEXT_HOP: 2001:db8:1:1::11, via 2001:db8:1:1::2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a03:0:3::/48, AS_PATH: 3, NEXT_HOP: 2001:db8:1:1::31, via 2001:db8:1:1::2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a03:0:5::/48, AS_PATH: 3 3, NEXT_HOP: 2001:db8:1:1::31, via 2001:db8:1:1::2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a03:0:6::/48, AS_PATH: 3 3 3, NEXT_HOP: 2001:db8:1:1::31, via 2001:db8:1:1::2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a03:0:7::/48, AS_PATH: 3 3 3 3, NEXT_HOP: 2001:db8:1:1::31, via 2001:db8:1:1::2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a03:0:8::/48, AS_PATH: 3, NEXT_HOP: 2001:db8:1:1::31, via 2001:db8:1:1::2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a03:0:9::/48, AS_PATH: 3 3 3, NEXT_HOP: 2001:db8:1:1::31, via 2001:db8:1:1::2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a03:0:a::/48, AS_PATH: 3 3, NEXT_HOP: 2001:db8:1:1::31, via 2001:db8:1:1::2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a03:0:b::/48, AS_PATH: 3, NEXT_HOP: 2001:db8:1:1::31, via 2001:db8:1:1::2
+  std comms: 65535:65281
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a03:0:c::/48, AS_PATH: 3 3 3 3, NEXT_HOP: 2001:db8:1:1::31, via 2001:db8:1:1::2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a03:0:d::/48, AS_PATH: 3, NEXT_HOP: 2001:db8:1:1::31, via 2001:db8:1:1::2
+  std comms: 65535:65281
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a04:0:6::/48, AS_PATH: 4, NEXT_HOP: 2001:db8:1:1::41, via 2001:db8:1:1::2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a04:0:7::1/128, AS_PATH: 4, NEXT_HOP: 2001:db8:1:1::66, via 2001:db8:1:1::2
+  std comms: 65530:4, 65535:65281, 65535:666
+  ext comms:
+  lrg comms: 999:65530:4
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a04:0:8::/48, AS_PATH: 4 4 4, NEXT_HOP: 2001:db8:1:1::41, via 2001:db8:1:1::2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a04:0:9::/48, AS_PATH: 4 4 4, NEXT_HOP: 2001:db8:1:1::41, via 2001:db8:1:1::2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a04:0:a::/48, AS_PATH: 4 4, NEXT_HOP: 2001:db8:1:1::41, via 2001:db8:1:1::2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a11:1:1::/48, AS_PATH: 1 1011, NEXT_HOP: 2001:db8:1:1::11, via 2001:db8:1:1::2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a11:3::/32, AS_PATH: 1 1011, NEXT_HOP: 2001:db8:1:1::11, via 2001:db8:1:1::2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a11:4:1::/48, AS_PATH: 1 1000, NEXT_HOP: 2001:db8:1:1::11, via 2001:db8:1:1::2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+3101:0:10::/48, AS_PATH: 101 666, NEXT_HOP: 2001:db8:1:1::101, via 2001:db8:1:1::101
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+3101:0:11::/48, AS_PATH: 101 777, NEXT_HOP: 2001:db8:1:1::101, via 2001:db8:1:1::101
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+3101:0:1::/48, AS_PATH: 1 101, NEXT_HOP: 2001:db8:1:1::11, via 2001:db8:1:1::2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: False, LOCAL_PREF: 100
+  filtered: False ()
+
+3101:0:1::/48, AS_PATH: 101, NEXT_HOP: 2001:db8:1:1::101, via 2001:db8:1:1::101
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+3101:0:2::/48, AS_PATH: 1 101, NEXT_HOP: 2001:db8:1:1::11, via 2001:db8:1:1::2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: False, LOCAL_PREF: 100
+  filtered: False ()
+
+3101:0:2::/48, AS_PATH: 101, NEXT_HOP: 2001:db8:1:1::101, via 2001:db8:1:1::101
+  std comms: 65530:0
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+3101:0:3::/48, AS_PATH: 1 101, NEXT_HOP: 2001:db8:1:1::11, via 2001:db8:1:1::2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: False, LOCAL_PREF: 100
+  filtered: False ()
+
+3101:0:3::/48, AS_PATH: 101, NEXT_HOP: 2001:db8:1:1::101, via 2001:db8:1:1::101
+  std comms:
+  ext comms:
+  lrg comms: 999:65530:0
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+3101:0:4::/48, AS_PATH: 1 101, NEXT_HOP: 2001:db8:1:1::11, via 2001:db8:1:1::2
+  std comms: 888:0
+  ext comms:
+  lrg comms:
+  best: False, LOCAL_PREF: 100
+  filtered: False ()
+
+3101:0:4::/48, AS_PATH: 101, NEXT_HOP: 2001:db8:1:1::101, via 2001:db8:1:1::101
+  std comms: 888:0
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+3101:0:5::/48, AS_PATH: 1 101, NEXT_HOP: 2001:db8:1:1::11, via 2001:db8:1:1::2
+  std comms:
+  ext comms:
+  lrg comms: 888:0:0
+  best: False, LOCAL_PREF: 100
+  filtered: False ()
+
+3101:0:5::/48, AS_PATH: 101, NEXT_HOP: 2001:db8:1:1::101, via 2001:db8:1:1::101
+  std comms:
+  ext comms:
+  lrg comms: 888:0:0
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+3101:0:6::/48, AS_PATH: 1 101, NEXT_HOP: 2001:db8:1:1::11, via 2001:db8:1:1::2
+  std comms: 777:0
+  ext comms:
+  lrg comms: 777:0:0
+  best: False, LOCAL_PREF: 100
+  filtered: False ()
+
+3101:0:6::/48, AS_PATH: 101, NEXT_HOP: 2001:db8:1:1::101, via 2001:db8:1:1::101
+  std comms: 65530:1, 777:0
+  ext comms:
+  lrg comms: 777:0:0, 999:65530:1
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+3101:0:7::/48, AS_PATH: 101 174, NEXT_HOP: 2001:db8:1:1::101, via 2001:db8:1:1::101
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+3101:0:8000::/48, AS_PATH: 101, NEXT_HOP: 2001:db8:1:1::101, via 2001:db8:1:1::101
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+3101:0:8000::1/128, AS_PATH: 1 101, NEXT_HOP: 2001:db8:1:1::66, via 2001:db8:1:1::2
+  std comms: 65530:4, 65535:65281, 65535:666
+  ext comms:
+  lrg comms: 999:65530:4
+  best: False, LOCAL_PREF: 100
+  filtered: False ()
+
+3101:0:8000::1/128, AS_PATH: 101, NEXT_HOP: 2001:db8:1:1::101, via 2001:db8:1:1::101
+  std comms: 65535:666
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+3101:0:8::/48, AS_PATH: 1 101, NEXT_HOP: 2001:db8:1:1::11, via 2001:db8:1:1::2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: False, LOCAL_PREF: 100
+  filtered: False ()
+
+3101:0:8::/48, AS_PATH: 101, NEXT_HOP: 2001:db8:1:1::101, via 2001:db8:1:1::101
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+3101:0:9::/48, AS_PATH: 101, NEXT_HOP: 2001:db8:1:1::101, via 2001:db8:1:1::101
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+3101:1::/48, AS_PATH: 101, NEXT_HOP: 2001:db8:1:1::101, via 2001:db8:1:1::101
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+3101:2:4000::/34, AS_PATH: 101, NEXT_HOP: 2001:db8:1:1::101, via 2001:db8:1:1::101
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+3101:2:8000::/48, AS_PATH: 1 101, NEXT_HOP: 2001:db8:1:1::11, via 2001:db8:1:1::2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: False, LOCAL_PREF: 100
+  filtered: False ()
+
+3101:2:8000::/48, AS_PATH: 101, NEXT_HOP: 2001:db8:1:1::101, via 2001:db8:1:1::101
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+3101:2::/33, AS_PATH: 1 101, NEXT_HOP: 2001:db8:1:1::11, via 2001:db8:1:1::2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: False, LOCAL_PREF: 100
+  filtered: False ()
+
+3101:2::/33, AS_PATH: 101, NEXT_HOP: 2001:db8:1:1::101, via 2001:db8:1:1::101
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+3101:3:1::/48, AS_PATH: 101 105, NEXT_HOP: 2001:db8:1:1::101, via 2001:db8:1:1::101
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+3102:0:1::/48, AS_PATH: 101 102, NEXT_HOP: 2001:db8:1:1::101, via 2001:db8:1:1::101
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+3103:0:1::/48, AS_PATH: 101 101 103, NEXT_HOP: 2001:db8:1:1::101, via 2001:db8:1:1::101
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+3103:0:2::/48, AS_PATH: 101 103, NEXT_HOP: 2001:db8:1:1::101, via 2001:db8:1:1::101
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+3104:0:1::/48, AS_PATH: 1 101 104, NEXT_HOP: 2001:db8:1:1::11, via 2001:db8:1:1::2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: False, LOCAL_PREF: 100
+  filtered: False ()
+
+3104:0:1::/48, AS_PATH: 101 104, NEXT_HOP: 2001:db8:1:1::101, via 2001:db8:1:1::101
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+3104:1:1::/48, AS_PATH: 1 101 104, NEXT_HOP: 2001:db8:1:1::11, via 2001:db8:1:1::2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: False, LOCAL_PREF: 100
+  filtered: False ()
+
+3104:1:1::/48, AS_PATH: 101 104, NEXT_HOP: 2001:db8:1:1::101, via 2001:db8:1:1::101
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+3222:0:2::/48, AS_PATH: 222 333, NEXT_HOP: 2001:db8:1:1::222, via 2001:db8:1:1::2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+3222:0:3::/48, AS_PATH: 222 333, NEXT_HOP: 2001:db8:1:1::222, via 2001:db8:1:1::2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+8000:1::/32, AS_PATH: 101, NEXT_HOP: 2001:db8:1:1::101, via 2001:db8:1:1::101
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
diff --git a/tests/live_tests/scenarios/global/routes/BasicScenario_OpenBGPDIPv6/openbgpd76p/AS222.txt b/tests/live_tests/scenarios/global/routes/BasicScenario_OpenBGPDIPv6/openbgpd76p/AS222.txt
new file mode 100644
index 00000000..e69de29b
diff --git a/tests/live_tests/scenarios/global/routes/BasicScenario_OpenBGPDIPv6/openbgpd76p/AS3.txt b/tests/live_tests/scenarios/global/routes/BasicScenario_OpenBGPDIPv6/openbgpd76p/AS3.txt
new file mode 100644
index 00000000..86ea2ff0
--- /dev/null
+++ b/tests/live_tests/scenarios/global/routes/BasicScenario_OpenBGPDIPv6/openbgpd76p/AS3.txt
@@ -0,0 +1,322 @@
+2a01:0:1::/48, AS_PATH: 999 1, NEXT_HOP: 2001:db8:1:1::11, via 2001:db8:1:1::2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 101
+  filtered: False ()
+
+2a01:0:1::/48, AS_PATH: 999 1, NEXT_HOP: 2001:db8:1:1::12, via 2001:db8:1:1::2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: False, LOCAL_PREF: 101
+  filtered: False ()
+
+2a01:0:2::/48, AS_PATH: 999 1, NEXT_HOP: 2001:db8:1:1::11, via 2001:db8:1:1::2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 101
+  filtered: False ()
+
+2a01:0:2::/48, AS_PATH: 999 1, NEXT_HOP: 2001:db8:1:1::12, via 2001:db8:1:1::2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: False, LOCAL_PREF: 101
+  filtered: False ()
+
+2a01:0:3::/48, AS_PATH: 999 1, NEXT_HOP: 2001:db8:1:1::11, via 2001:db8:1:1::2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 101
+  filtered: False ()
+
+2a02:0:1::/48, AS_PATH: 999 2, NEXT_HOP: 2001:db8:1:1::21, via 2001:db8:1:1::2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a02:0:2::/48, AS_PATH: 999 2, NEXT_HOP: 2001:db8:1:1::21, via 2001:db8:1:1::2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a02:0:3::1/128, AS_PATH: 999 2, NEXT_HOP: 2001:db8:1:1::66, via 2001:db8:1:1::2
+  std comms: 65530:4, 65535:65281, 65535:666
+  ext comms:
+  lrg comms: 999:65530:4
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a02:0:3::2/128, AS_PATH: 999 2, NEXT_HOP: 2001:db8:1:1::66, via 2001:db8:1:1::2
+  std comms: 65530:4, 65535:65281, 65535:666
+  ext comms:
+  lrg comms: 999:65530:4
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a02:0:3::3/128, AS_PATH: 999 2, NEXT_HOP: 2001:db8:1:1::66, via 2001:db8:1:1::2
+  std comms: 65530:4, 65535:65281, 65535:666
+  ext comms:
+  lrg comms: 999:65530:4
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a02:0:4::/48, AS_PATH: 999 2, NEXT_HOP: 2001:db8:1:1::22, via 2001:db8:1:1::2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a04:0:5::/48, AS_PATH: 999 4, NEXT_HOP: 2001:db8:1:1::41, via 2001:db8:1:1::2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a04:0:8::/48, AS_PATH: 999 4 4 4 4, NEXT_HOP: 2001:db8:1:1::41, via 2001:db8:1:1::2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a04:0:9::/48, AS_PATH: 999 4 4, NEXT_HOP: 2001:db8:1:1::41, via 2001:db8:1:1::2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a04:0:a::/48, AS_PATH: 999 4 4 4, NEXT_HOP: 2001:db8:1:1::41, via 2001:db8:1:1::2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a11:1:1::/48, AS_PATH: 999 1 1011, NEXT_HOP: 2001:db8:1:1::11, via 2001:db8:1:1::2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 101
+  filtered: False ()
+
+2a11:3::/32, AS_PATH: 999 1 1011, NEXT_HOP: 2001:db8:1:1::11, via 2001:db8:1:1::2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 101
+  filtered: False ()
+
+2a11:4:1::/48, AS_PATH: 999 1 1000, NEXT_HOP: 2001:db8:1:1::11, via 2001:db8:1:1::2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 101
+  filtered: False ()
+
+3101:0:1::/48, AS_PATH: 999 1 101, NEXT_HOP: 2001:db8:1:1::11, via 2001:db8:1:1::2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 101
+  filtered: False ()
+
+3101:0:1::/48, AS_PATH: 999 2 101, NEXT_HOP: 2001:db8:1:1::21, via 2001:db8:1:1::2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: False, LOCAL_PREF: 100
+  filtered: False ()
+
+3101:0:2::/48, AS_PATH: 999 1 101, NEXT_HOP: 2001:db8:1:1::11, via 2001:db8:1:1::2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 101
+  filtered: False ()
+
+3101:0:2::/48, AS_PATH: 999 2 101, NEXT_HOP: 2001:db8:1:1::21, via 2001:db8:1:1::2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: False, LOCAL_PREF: 100
+  filtered: False ()
+
+3101:0:3::/48, AS_PATH: 999 1 101, NEXT_HOP: 2001:db8:1:1::11, via 2001:db8:1:1::2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 101
+  filtered: False ()
+
+3101:0:3::/48, AS_PATH: 999 2 101, NEXT_HOP: 2001:db8:1:1::21, via 2001:db8:1:1::2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: False, LOCAL_PREF: 100
+  filtered: False ()
+
+3101:0:4::/48, AS_PATH: 999 1 101, NEXT_HOP: 2001:db8:1:1::11, via 2001:db8:1:1::2
+  std comms: 888:0
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 101
+  filtered: False ()
+
+3101:0:4::/48, AS_PATH: 999 2 101, NEXT_HOP: 2001:db8:1:1::21, via 2001:db8:1:1::2
+  std comms: 888:0
+  ext comms:
+  lrg comms:
+  best: False, LOCAL_PREF: 100
+  filtered: False ()
+
+3101:0:5::/48, AS_PATH: 999 1 101, NEXT_HOP: 2001:db8:1:1::11, via 2001:db8:1:1::2
+  std comms:
+  ext comms:
+  lrg comms: 888:0:0
+  best: True, LOCAL_PREF: 101
+  filtered: False ()
+
+3101:0:5::/48, AS_PATH: 999 2 101, NEXT_HOP: 2001:db8:1:1::21, via 2001:db8:1:1::2
+  std comms:
+  ext comms:
+  lrg comms: 888:0:0
+  best: False, LOCAL_PREF: 100
+  filtered: False ()
+
+3101:0:6::/48, AS_PATH: 999 1 101, NEXT_HOP: 2001:db8:1:1::11, via 2001:db8:1:1::2
+  std comms: 777:0
+  ext comms:
+  lrg comms: 777:0:0
+  best: True, LOCAL_PREF: 101
+  filtered: False ()
+
+3101:0:6::/48, AS_PATH: 999 2 101, NEXT_HOP: 2001:db8:1:1::21, via 2001:db8:1:1::2
+  std comms: 777:0
+  ext comms:
+  lrg comms: 777:0:0
+  best: False, LOCAL_PREF: 100
+  filtered: False ()
+
+3101:0:8000::1/128, AS_PATH: 999 1 101, NEXT_HOP: 2001:db8:1:1::66, via 2001:db8:1:1::2
+  std comms: 65530:4, 65535:65281, 65535:666
+  ext comms:
+  lrg comms: 999:65530:4
+  best: True, LOCAL_PREF: 101
+  filtered: False ()
+
+3101:0:8000::1/128, AS_PATH: 999 2 101, NEXT_HOP: 2001:db8:1:1::66, via 2001:db8:1:1::2
+  std comms: 65530:4, 65535:65281, 65535:666
+  ext comms:
+  lrg comms: 999:65530:4
+  best: False, LOCAL_PREF: 100
+  filtered: False ()
+
+3101:0:8::/48, AS_PATH: 999 1 101, NEXT_HOP: 2001:db8:1:1::11, via 2001:db8:1:1::2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 101
+  filtered: False ()
+
+3101:0:8::/48, AS_PATH: 999 2 101, NEXT_HOP: 2001:db8:1:1::21, via 2001:db8:1:1::2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: False, LOCAL_PREF: 100
+  filtered: False ()
+
+3101:2:8000::/48, AS_PATH: 999 1 101, NEXT_HOP: 2001:db8:1:1::11, via 2001:db8:1:1::2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 101
+  filtered: False ()
+
+3101:2:8000::/48, AS_PATH: 999 2 101, NEXT_HOP: 2001:db8:1:1::21, via 2001:db8:1:1::2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: False, LOCAL_PREF: 100
+  filtered: False ()
+
+3101:2::/33, AS_PATH: 999 1 101, NEXT_HOP: 2001:db8:1:1::11, via 2001:db8:1:1::2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 101
+  filtered: False ()
+
+3101:2::/33, AS_PATH: 999 2 101, NEXT_HOP: 2001:db8:1:1::21, via 2001:db8:1:1::2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: False, LOCAL_PREF: 100
+  filtered: False ()
+
+3103:0:1::/48, AS_PATH: 999 1 101 103, NEXT_HOP: 2001:db8:1:1::11, via 2001:db8:1:1::2
+  std comms: 65535:0
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 101
+  filtered: False ()
+
+3103:0:1::/48, AS_PATH: 999 2 101 101 103, NEXT_HOP: 2001:db8:1:1::21, via 2001:db8:1:1::2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: False, LOCAL_PREF: 100
+  filtered: False ()
+
+3103:0:2::/48, AS_PATH: 999 1 101 101 103, NEXT_HOP: 2001:db8:1:1::11, via 2001:db8:1:1::2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 101
+  filtered: False ()
+
+3103:0:2::/48, AS_PATH: 999 2 101 103, NEXT_HOP: 2001:db8:1:1::21, via 2001:db8:1:1::2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: False, LOCAL_PREF: 100
+  filtered: False ()
+
+3104:0:1::/48, AS_PATH: 999 1 101 104, NEXT_HOP: 2001:db8:1:1::11, via 2001:db8:1:1::2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 101
+  filtered: False ()
+
+3104:1:1::/48, AS_PATH: 999 1 101 104, NEXT_HOP: 2001:db8:1:1::11, via 2001:db8:1:1::2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 101
+  filtered: False ()
+
+3222:0:2::/48, AS_PATH: 999 222 333, NEXT_HOP: 2001:db8:1:1::222, via 2001:db8:1:1::2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+3222:0:3::/48, AS_PATH: 999 222 333, NEXT_HOP: 2001:db8:1:1::222, via 2001:db8:1:1::2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
diff --git a/tests/live_tests/scenarios/global/routes/BasicScenario_OpenBGPDIPv6/openbgpd76p/AS4.txt b/tests/live_tests/scenarios/global/routes/BasicScenario_OpenBGPDIPv6/openbgpd76p/AS4.txt
new file mode 100644
index 00000000..5214013c
--- /dev/null
+++ b/tests/live_tests/scenarios/global/routes/BasicScenario_OpenBGPDIPv6/openbgpd76p/AS4.txt
@@ -0,0 +1,266 @@
+2a01:0:1::/48, AS_PATH: 1, NEXT_HOP: 2001:db8:1:1::11, via 2001:db8:1:1::2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a01:0:2::/48, AS_PATH: 1, NEXT_HOP: 2001:db8:1:1::11, via 2001:db8:1:1::2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a01:0:3::/48, AS_PATH: 1, NEXT_HOP: 2001:db8:1:1::11, via 2001:db8:1:1::2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a02:0:1::/48, AS_PATH: 2, NEXT_HOP: 2001:db8:1:1::21, via 2001:db8:1:1::2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a02:0:2::/48, AS_PATH: 2, NEXT_HOP: 2001:db8:1:1::21, via 2001:db8:1:1::2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a02:0:3::1/128, AS_PATH: 2, NEXT_HOP: 2001:db8:1:1::66, via 2001:db8:1:1::2
+  std comms: 65530:4, 65535:65281, 65535:666
+  ext comms:
+  lrg comms: 999:65530:4
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a02:0:3::2/128, AS_PATH: 2, NEXT_HOP: 2001:db8:1:1::66, via 2001:db8:1:1::2
+  std comms: 65530:4, 65535:65281, 65535:666
+  ext comms:
+  lrg comms: 999:65530:4
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a02:0:3::3/128, AS_PATH: 2, NEXT_HOP: 2001:db8:1:1::66, via 2001:db8:1:1::2
+  std comms: 65530:4, 65535:65281, 65535:666
+  ext comms:
+  lrg comms: 999:65530:4
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a02:0:4::/48, AS_PATH: 2, NEXT_HOP: 2001:db8:1:1::22, via 2001:db8:1:1::2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a03:0:3::/48, AS_PATH: 3, NEXT_HOP: 2001:db8:1:1::31, via 2001:db8:1:1::2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a03:0:5::/48, AS_PATH: 3 3, NEXT_HOP: 2001:db8:1:1::31, via 2001:db8:1:1::2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a03:0:6::/48, AS_PATH: 3 3 3, NEXT_HOP: 2001:db8:1:1::31, via 2001:db8:1:1::2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a03:0:7::/48, AS_PATH: 3 3 3 3, NEXT_HOP: 2001:db8:1:1::31, via 2001:db8:1:1::2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a03:0:8::/48, AS_PATH: 3, NEXT_HOP: 2001:db8:1:1::31, via 2001:db8:1:1::2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a03:0:9::/48, AS_PATH: 3, NEXT_HOP: 2001:db8:1:1::31, via 2001:db8:1:1::2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a03:0:a::/48, AS_PATH: 3 3, NEXT_HOP: 2001:db8:1:1::31, via 2001:db8:1:1::2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a03:0:b::/48, AS_PATH: 3, NEXT_HOP: 2001:db8:1:1::31, via 2001:db8:1:1::2
+  std comms: 65535:65281
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a03:0:c::/48, AS_PATH: 3, NEXT_HOP: 2001:db8:1:1::31, via 2001:db8:1:1::2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a03:0:d::/48, AS_PATH: 3, NEXT_HOP: 2001:db8:1:1::31, via 2001:db8:1:1::2
+  std comms: 65535:65281
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a11:1:1::/48, AS_PATH: 1 1011, NEXT_HOP: 2001:db8:1:1::11, via 2001:db8:1:1::2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a11:3::/32, AS_PATH: 1 1011, NEXT_HOP: 2001:db8:1:1::11, via 2001:db8:1:1::2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a11:4:1::/48, AS_PATH: 1 1000, NEXT_HOP: 2001:db8:1:1::11, via 2001:db8:1:1::2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+3101:0:1::/48, AS_PATH: 1 101, NEXT_HOP: 2001:db8:1:1::11, via 2001:db8:1:1::2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+3101:0:2::/48, AS_PATH: 1 101, NEXT_HOP: 2001:db8:1:1::11, via 2001:db8:1:1::2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+3101:0:3::/48, AS_PATH: 1 101, NEXT_HOP: 2001:db8:1:1::11, via 2001:db8:1:1::2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+3101:0:4::/48, AS_PATH: 1 101, NEXT_HOP: 2001:db8:1:1::11, via 2001:db8:1:1::2
+  std comms: 888:0
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+3101:0:5::/48, AS_PATH: 1 101, NEXT_HOP: 2001:db8:1:1::11, via 2001:db8:1:1::2
+  std comms:
+  ext comms:
+  lrg comms: 888:0:0
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+3101:0:6::/48, AS_PATH: 1 101, NEXT_HOP: 2001:db8:1:1::11, via 2001:db8:1:1::2
+  std comms: 777:0
+  ext comms:
+  lrg comms: 777:0:0
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+3101:0:8000::1/128, AS_PATH: 1 101, NEXT_HOP: 2001:db8:1:1::66, via 2001:db8:1:1::2
+  std comms: 65530:4, 65535:65281, 65535:666
+  ext comms:
+  lrg comms: 999:65530:4
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+3101:0:8::/48, AS_PATH: 1 101, NEXT_HOP: 2001:db8:1:1::11, via 2001:db8:1:1::2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+3101:2:8000::/48, AS_PATH: 1 101, NEXT_HOP: 2001:db8:1:1::11, via 2001:db8:1:1::2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+3101:2::/33, AS_PATH: 1 101, NEXT_HOP: 2001:db8:1:1::11, via 2001:db8:1:1::2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+3103:0:1::/48, AS_PATH: 2 101 101 103, NEXT_HOP: 2001:db8:1:1::21, via 2001:db8:1:1::2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+3103:0:2::/48, AS_PATH: 2 101 103, NEXT_HOP: 2001:db8:1:1::21, via 2001:db8:1:1::2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+3104:0:1::/48, AS_PATH: 1 101 104, NEXT_HOP: 2001:db8:1:1::11, via 2001:db8:1:1::2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+3104:1:1::/48, AS_PATH: 1 101 104, NEXT_HOP: 2001:db8:1:1::11, via 2001:db8:1:1::2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+3222:0:2::/48, AS_PATH: 222 333, NEXT_HOP: 2001:db8:1:1::222, via 2001:db8:1:1::2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+3222:0:3::/48, AS_PATH: 222 333, NEXT_HOP: 2001:db8:1:1::222, via 2001:db8:1:1::2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
diff --git a/tests/live_tests/scenarios/global/routes/BasicScenario_OpenBGPDIPv6/openbgpd76p/rs.txt b/tests/live_tests/scenarios/global/routes/BasicScenario_OpenBGPDIPv6/openbgpd76p/rs.txt
new file mode 100644
index 00000000..14c428e5
--- /dev/null
+++ b/tests/live_tests/scenarios/global/routes/BasicScenario_OpenBGPDIPv6/openbgpd76p/rs.txt
@@ -0,0 +1,868 @@
+2001::/48, AS_PATH: 1, NEXT_HOP: 2001:db8:1:1::11, via 2001:db8:1:1::11
+  std comms:
+  ext comms: rfc8097-not-found
+  lrg comms:
+  best: True, LOCAL_PREF: 1
+  filtered: True (2)
+
+2001:db8:1::/48, AS_PATH: 1, NEXT_HOP: 2001:db8:1:1::11, via 2001:db8:1:1::11
+  std comms:
+  ext comms: rfc8097-not-found
+  lrg comms:
+  best: True, LOCAL_PREF: 1
+  filtered: True (3)
+
+2a01:0:1::/48, AS_PATH: 1, NEXT_HOP: 2001:db8:1:1::11, via 2001:db8:1:1::11
+  std comms:
+  ext comms: rfc8097-not-found
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a01:0:1::/48, AS_PATH: 1, NEXT_HOP: 2001:db8:1:1::12, via 2001:db8:1:1::12
+  std comms:
+  ext comms: rfc8097-not-found
+  lrg comms:
+  best: False, LOCAL_PREF: 100
+  filtered: False ()
+
+2a01:0:2::/48, AS_PATH: 1, NEXT_HOP: 2001:db8:1:1::11, via 2001:db8:1:1::11
+  std comms:
+  ext comms: rfc8097-not-found
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a01:0:2::/48, AS_PATH: 1, NEXT_HOP: 2001:db8:1:1::12, via 2001:db8:1:1::12
+  std comms:
+  ext comms: rfc8097-not-found
+  lrg comms:
+  best: False, LOCAL_PREF: 100
+  filtered: False ()
+
+2a01:0:3::/48, AS_PATH: 1, NEXT_HOP: 2001:db8:1:1::11, via 2001:db8:1:1::12
+  std comms:
+  ext comms: rfc8097-not-found
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a02:0:1::/48, AS_PATH: 2, NEXT_HOP: 2001:db8:1:1::21, via 2001:db8:1:1::21
+  std comms:
+  ext comms: rfc8097-not-found
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a02:0:2::/48, AS_PATH: 2, NEXT_HOP: 2001:db8:1:1::21, via 2001:db8:1:1::21
+  std comms:
+  ext comms: rfc8097-not-found
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a02:0:3::1/128, AS_PATH: 2, NEXT_HOP: 2001:db8:1:1::21, via 2001:db8:1:1::21
+  std comms: 65530:4, 65535:666
+  ext comms: rfc8097-not-found
+  lrg comms: 999:65530:4
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a02:0:3::2/128, AS_PATH: 2, NEXT_HOP: 2001:db8:1:1::21, via 2001:db8:1:1::21
+  std comms: 65530:4, 65534:0
+  ext comms: rfc8097-not-found
+  lrg comms: 999:65530:4
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a02:0:3::3/128, AS_PATH: 2, NEXT_HOP: 2001:db8:1:1::21, via 2001:db8:1:1::21
+  std comms: 65530:4
+  ext comms: rfc8097-not-found
+  lrg comms: 65534:0:0, 999:65530:4
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a02:0:4::/48, AS_PATH: 2, NEXT_HOP: 2001:db8:1:1::22, via 2001:db8:1:1::21
+  std comms:
+  ext comms: rfc8097-not-found
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a02:0:5::/48, AS_PATH: 2, NEXT_HOP: 2001:db8:1:1::23, via 2001:db8:1:1::21
+  std comms:
+  ext comms: rfc8097-not-found
+  lrg comms:
+  best: True, LOCAL_PREF: 1
+  filtered: True (5)
+
+2a03:0:1::/48, AS_PATH: 3, NEXT_HOP: 2001:db8:1:1::31, via 2001:db8:1:1::31
+  std comms:
+  ext comms: rfc8097-not-found
+  lrg comms:
+  best: True, LOCAL_PREF: 1
+  filtered: True (11)
+
+2a03:0:2::/48, AS_PATH: 3, NEXT_HOP: 2001:db8:1:1::31, via 2001:db8:1:1::31
+  std comms: 0:999, 65501:1
+  ext comms: rfc8097-not-found
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a03:0:3::/48, AS_PATH: 3, NEXT_HOP: 2001:db8:1:1::31, via 2001:db8:1:1::31
+  std comms: 0:1
+  ext comms: rfc8097-not-found
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a03:0:4::/48, AS_PATH: 3, NEXT_HOP: 2001:db8:1:1::31, via 2001:db8:1:1::31
+  std comms: 0:999
+  ext comms: rfc8097-not-found
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a03:0:5::/48, AS_PATH: 3, NEXT_HOP: 2001:db8:1:1::31, via 2001:db8:1:1::31
+  std comms: 65521:65521
+  ext comms: rfc8097-not-found
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a03:0:6::/48, AS_PATH: 3, NEXT_HOP: 2001:db8:1:1::31, via 2001:db8:1:1::31
+  std comms: 65522:65522
+  ext comms: rfc8097-not-found
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a03:0:7::/48, AS_PATH: 3, NEXT_HOP: 2001:db8:1:1::31, via 2001:db8:1:1::31
+  std comms: 65523:65523
+  ext comms: rfc8097-not-found
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a03:0:8::/48, AS_PATH: 3, NEXT_HOP: 2001:db8:1:1::31, via 2001:db8:1:1::31
+  std comms: 65521:1
+  ext comms: rfc8097-not-found
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a03:0:9::/48, AS_PATH: 3, NEXT_HOP: 2001:db8:1:1::31, via 2001:db8:1:1::31
+  std comms: 65522:2
+  ext comms: rfc8097-not-found
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a03:0:a::/48, AS_PATH: 3, NEXT_HOP: 2001:db8:1:1::31, via 2001:db8:1:1::31
+  std comms: 65521:65521, 65523:1
+  ext comms: rfc8097-not-found
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a03:0:b::/48, AS_PATH: 3, NEXT_HOP: 2001:db8:1:1::31, via 2001:db8:1:1::31
+  std comms: 65507:999
+  ext comms: rfc8097-not-found
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a03:0:c::/48, AS_PATH: 3, NEXT_HOP: 2001:db8:1:1::31, via 2001:db8:1:1::31
+  std comms: 65509:1, 65523:2
+  ext comms: rfc8097-not-found
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a03:0:d::/48, AS_PATH: 3, NEXT_HOP: 2001:db8:1:1::31, via 2001:db8:1:1::31
+  std comms:
+  ext comms: rfc8097-not-found, soo:65535:65281
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a03:0:e::/48, AS_PATH: 3 174 33, NEXT_HOP: 2001:db8:1:1::31, via 2001:db8:1:1::31
+  std comms:
+  ext comms: rfc8097-not-found
+  lrg comms:
+  best: True, LOCAL_PREF: 1
+  filtered: True (8)
+
+2a04:0:1::/48, AS_PATH: 4, NEXT_HOP: 2001:db8:1:1::41, via 2001:db8:1:1::41
+  std comms: 0:999, 64532:15
+  ext comms: rfc8097-not-found
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a04:0:2::/48, AS_PATH: 4, NEXT_HOP: 2001:db8:1:1::41, via 2001:db8:1:1::41
+  std comms: 0:999, 64532:5
+  ext comms: rfc8097-not-found
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a04:0:3::/48, AS_PATH: 4, NEXT_HOP: 2001:db8:1:1::41, via 2001:db8:1:1::41
+  std comms: 64531:15
+  ext comms: rfc8097-not-found
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a04:0:4::/48, AS_PATH: 4, NEXT_HOP: 2001:db8:1:1::41, via 2001:db8:1:1::41
+  std comms: 64531:5
+  ext comms: rfc8097-not-found
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a04:0:5::/48, AS_PATH: 4, NEXT_HOP: 2001:db8:1:1::41, via 2001:db8:1:1::41
+  std comms: 64531:5, 65501:3
+  ext comms: rfc8097-not-found
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a04:0:6::/48, AS_PATH: 4, NEXT_HOP: 2001:db8:1:1::41, via 2001:db8:1:1::41
+  std comms: 64530:5, 64531:100
+  ext comms: rfc8097-not-found
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a04:0:7::1/128, AS_PATH: 4, NEXT_HOP: 2001:db8:1:1::41, via 2001:db8:1:1::41
+  std comms: 64531:20, 65530:4, 65535:666
+  ext comms: rfc8097-not-found
+  lrg comms: 999:65530:4
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a04:0:8::/48, AS_PATH: 4, NEXT_HOP: 2001:db8:1:1::41, via 2001:db8:1:1::41
+  std comms: 64538:10, 64539:100
+  ext comms: rfc8097-not-found
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a04:0:9::/48, AS_PATH: 4, NEXT_HOP: 2001:db8:1:1::41, via 2001:db8:1:1::41
+  std comms: 64535:20, 64536:5, 65521:65521
+  ext comms: rfc8097-not-found
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a04:0:a::/48, AS_PATH: 4, NEXT_HOP: 2001:db8:1:1::41, via 2001:db8:1:1::41
+  std comms:
+  ext comms: rfc8097-not-found, rt:64537:10, rt:64538:20
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a11:1:1::/48, AS_PATH: 1 1011, NEXT_HOP: 2001:db8:1:1::11, via 2001:db8:1:1::11
+  std comms:
+  ext comms: rfc8097-not-found
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a11:1:2::/48, AS_PATH: 1 1000, NEXT_HOP: 2001:db8:1:1::11, via 2001:db8:1:1::11
+  std comms:
+  ext comms: rfc8097-not-found
+  lrg comms:
+  best: True, LOCAL_PREF: 1
+  filtered: True (9)
+
+2a11:2:1::/48, AS_PATH: 1 1011, NEXT_HOP: 2001:db8:1:1::11, via 2001:db8:1:1::11
+  std comms:
+  ext comms: rfc8097-not-found
+  lrg comms:
+  best: True, LOCAL_PREF: 1
+  filtered: True (12)
+
+2a11:3:1::/48, AS_PATH: 1 1011, NEXT_HOP: 2001:db8:1:1::11, via 2001:db8:1:1::11
+  std comms:
+  ext comms: rfc8097-not-found
+  lrg comms:
+  best: True, LOCAL_PREF: 1
+  filtered: True (12)
+
+2a11:3::/32, AS_PATH: 1 1011, NEXT_HOP: 2001:db8:1:1::11, via 2001:db8:1:1::11
+  std comms:
+  ext comms: rfc8097-not-found
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a11:4:1::/48, AS_PATH: 1 1000, NEXT_HOP: 2001:db8:1:1::11, via 2001:db8:1:1::11
+  std comms:
+  ext comms: rfc8097-not-found
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a99:1::/48, AS_PATH: 1 65536 1, NEXT_HOP: 2001:db8:1:1::11, via 2001:db8:1:1::11
+  std comms:
+  ext comms: rfc8097-not-found
+  lrg comms:
+  best: True, LOCAL_PREF: 1
+  filtered: True (7)
+
+2a99:2::/48, AS_PATH: 1 2 2 2 2 2 2 1, NEXT_HOP: 2001:db8:1:1::11, via 2001:db8:1:1::11
+  std comms:
+  ext comms: rfc8097-not-found
+  lrg comms:
+  best: True, LOCAL_PREF: 1
+  filtered: True (1)
+
+2a99::/16, AS_PATH: 1, NEXT_HOP: 2001:db8:1:1::11, via 2001:db8:1:1::11
+  std comms:
+  ext comms: rfc8097-not-found
+  lrg comms:
+  best: True, LOCAL_PREF: 1
+  filtered: True (13)
+
+2a99::/32, AS_PATH: 2 1, NEXT_HOP: 2001:db8:1:1::11, via 2001:db8:1:1::11
+  std comms:
+  ext comms: rfc8097-not-found
+  lrg comms: 999:1101:7
+  best: True, LOCAL_PREF: 1
+  filtered: True (6)
+
+3101:0:10::/48, AS_PATH: 1 101 666, NEXT_HOP: 2001:db8:1:1::101, via 2001:db8:1:1::12
+  std comms:
+  ext comms: rfc8097-not-found
+  lrg comms:
+  best: False, LOCAL_PREF: 1
+  filtered: True (5)
+
+3101:0:10::/48, AS_PATH: 1 101 666, NEXT_HOP: 2001:db8:1:1::11, via 2001:db8:1:1::11
+  std comms:
+  ext comms: rfc8097-not-found
+  lrg comms:
+  best: True, LOCAL_PREF: 1
+  filtered: True (15)
+
+3101:0:10::/48, AS_PATH: 2 101 666, NEXT_HOP: 2001:db8:1:1::21, via 2001:db8:1:1::21
+  std comms:
+  ext comms: rfc8097-not-found
+  lrg comms:
+  best: False, LOCAL_PREF: 1
+  filtered: True (15)
+
+3101:0:11::/48, AS_PATH: 1 101 777, NEXT_HOP: 2001:db8:1:1::101, via 2001:db8:1:1::12
+  std comms:
+  ext comms: rfc8097-not-found
+  lrg comms:
+  best: False, LOCAL_PREF: 1
+  filtered: True (5)
+
+3101:0:11::/48, AS_PATH: 1 101 777, NEXT_HOP: 2001:db8:1:1::11, via 2001:db8:1:1::11
+  std comms:
+  ext comms: rfc8097-not-found
+  lrg comms:
+  best: True, LOCAL_PREF: 1
+  filtered: True (15)
+
+3101:0:11::/48, AS_PATH: 2 101 777, NEXT_HOP: 2001:db8:1:1::21, via 2001:db8:1:1::21
+  std comms:
+  ext comms: rfc8097-not-found
+  lrg comms:
+  best: False, LOCAL_PREF: 1
+  filtered: True (15)
+
+3101:0:1::/48, AS_PATH: 1 101, NEXT_HOP: 2001:db8:1:1::101, via 2001:db8:1:1::12
+  std comms:
+  ext comms: rfc8097-not-found
+  lrg comms:
+  best: False, LOCAL_PREF: 1
+  filtered: True (5)
+
+3101:0:1::/48, AS_PATH: 1 101, NEXT_HOP: 2001:db8:1:1::11, via 2001:db8:1:1::11
+  std comms:
+  ext comms: rfc8097-not-found
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+3101:0:1::/48, AS_PATH: 2 101, NEXT_HOP: 2001:db8:1:1::21, via 2001:db8:1:1::21
+  std comms:
+  ext comms: rfc8097-not-found
+  lrg comms:
+  best: False, LOCAL_PREF: 100
+  filtered: False ()
+
+3101:0:2::/48, AS_PATH: 1 101, NEXT_HOP: 2001:db8:1:1::101, via 2001:db8:1:1::12
+  std comms:
+  ext comms: rfc8097-not-found
+  lrg comms:
+  best: False, LOCAL_PREF: 1
+  filtered: True (5)
+
+3101:0:2::/48, AS_PATH: 1 101, NEXT_HOP: 2001:db8:1:1::11, via 2001:db8:1:1::11
+  std comms:
+  ext comms: rfc8097-not-found
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+3101:0:2::/48, AS_PATH: 2 101, NEXT_HOP: 2001:db8:1:1::21, via 2001:db8:1:1::21
+  std comms:
+  ext comms: rfc8097-not-found
+  lrg comms:
+  best: False, LOCAL_PREF: 100
+  filtered: False ()
+
+3101:0:3::/48, AS_PATH: 1 101, NEXT_HOP: 2001:db8:1:1::101, via 2001:db8:1:1::12
+  std comms:
+  ext comms: rfc8097-not-found
+  lrg comms:
+  best: False, LOCAL_PREF: 1
+  filtered: True (5)
+
+3101:0:3::/48, AS_PATH: 1 101, NEXT_HOP: 2001:db8:1:1::11, via 2001:db8:1:1::11
+  std comms:
+  ext comms: rfc8097-not-found
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+3101:0:3::/48, AS_PATH: 2 101, NEXT_HOP: 2001:db8:1:1::21, via 2001:db8:1:1::21
+  std comms:
+  ext comms: rfc8097-not-found
+  lrg comms:
+  best: False, LOCAL_PREF: 100
+  filtered: False ()
+
+3101:0:4::/48, AS_PATH: 1 101, NEXT_HOP: 2001:db8:1:1::101, via 2001:db8:1:1::12
+  std comms: 888:0
+  ext comms: rfc8097-not-found
+  lrg comms:
+  best: False, LOCAL_PREF: 1
+  filtered: True (5)
+
+3101:0:4::/48, AS_PATH: 1 101, NEXT_HOP: 2001:db8:1:1::11, via 2001:db8:1:1::11
+  std comms: 888:0
+  ext comms: rfc8097-not-found
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+3101:0:4::/48, AS_PATH: 2 101, NEXT_HOP: 2001:db8:1:1::21, via 2001:db8:1:1::21
+  std comms: 888:0
+  ext comms: rfc8097-not-found
+  lrg comms:
+  best: False, LOCAL_PREF: 100
+  filtered: False ()
+
+3101:0:5::/48, AS_PATH: 1 101, NEXT_HOP: 2001:db8:1:1::101, via 2001:db8:1:1::12
+  std comms:
+  ext comms: rfc8097-not-found
+  lrg comms: 888:0:0
+  best: False, LOCAL_PREF: 1
+  filtered: True (5)
+
+3101:0:5::/48, AS_PATH: 1 101, NEXT_HOP: 2001:db8:1:1::11, via 2001:db8:1:1::11
+  std comms:
+  ext comms: rfc8097-not-found
+  lrg comms: 888:0:0
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+3101:0:5::/48, AS_PATH: 2 101, NEXT_HOP: 2001:db8:1:1::21, via 2001:db8:1:1::21
+  std comms:
+  ext comms: rfc8097-not-found
+  lrg comms: 888:0:0
+  best: False, LOCAL_PREF: 100
+  filtered: False ()
+
+3101:0:6::/48, AS_PATH: 1 101, NEXT_HOP: 2001:db8:1:1::101, via 2001:db8:1:1::12
+  std comms: 777:0
+  ext comms: rfc8097-not-found
+  lrg comms: 777:0:0
+  best: False, LOCAL_PREF: 1
+  filtered: True (5)
+
+3101:0:6::/48, AS_PATH: 1 101, NEXT_HOP: 2001:db8:1:1::11, via 2001:db8:1:1::11
+  std comms: 777:0
+  ext comms: rfc8097-not-found
+  lrg comms: 777:0:0
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+3101:0:6::/48, AS_PATH: 2 101, NEXT_HOP: 2001:db8:1:1::21, via 2001:db8:1:1::21
+  std comms: 777:0
+  ext comms: rfc8097-not-found
+  lrg comms: 777:0:0
+  best: False, LOCAL_PREF: 100
+  filtered: False ()
+
+3101:0:7::/48, AS_PATH: 1 101 174, NEXT_HOP: 2001:db8:1:1::101, via 2001:db8:1:1::12
+  std comms:
+  ext comms: rfc8097-not-found
+  lrg comms:
+  best: False, LOCAL_PREF: 1
+  filtered: True (5)
+
+3101:0:7::/48, AS_PATH: 1 101 174, NEXT_HOP: 2001:db8:1:1::11, via 2001:db8:1:1::11
+  std comms:
+  ext comms: rfc8097-not-found
+  lrg comms:
+  best: True, LOCAL_PREF: 1
+  filtered: True (8)
+
+3101:0:7::/48, AS_PATH: 2 101 174, NEXT_HOP: 2001:db8:1:1::21, via 2001:db8:1:1::21
+  std comms:
+  ext comms: rfc8097-not-found
+  lrg comms:
+  best: False, LOCAL_PREF: 1
+  filtered: True (8)
+
+3101:0:8000::/48, AS_PATH: 1 101, NEXT_HOP: 2001:db8:1:1::101, via 2001:db8:1:1::12
+  std comms:
+  ext comms: rfc8097-invalid
+  lrg comms:
+  best: False, LOCAL_PREF: 1
+  filtered: True (5)
+
+3101:0:8000::/48, AS_PATH: 1 101, NEXT_HOP: 2001:db8:1:1::11, via 2001:db8:1:1::11
+  std comms:
+  ext comms: rfc8097-invalid
+  lrg comms:
+  best: True, LOCAL_PREF: 1
+  filtered: True (14)
+
+3101:0:8000::/48, AS_PATH: 2 101, NEXT_HOP: 2001:db8:1:1::21, via 2001:db8:1:1::21
+  std comms:
+  ext comms: rfc8097-invalid
+  lrg comms:
+  best: False, LOCAL_PREF: 1
+  filtered: True (14)
+
+3101:0:8000::1/128, AS_PATH: 1 101, NEXT_HOP: 2001:db8:1:1::101, via 2001:db8:1:1::12
+  std comms: 65535:666
+  ext comms: rfc8097-invalid
+  lrg comms:
+  best: False, LOCAL_PREF: 1
+  filtered: True (5)
+
+3101:0:8000::1/128, AS_PATH: 1 101, NEXT_HOP: 2001:db8:1:1::11, via 2001:db8:1:1::11
+  std comms: 65530:4, 65535:666
+  ext comms: rfc8097-invalid
+  lrg comms: 999:65530:4
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+3101:0:8000::1/128, AS_PATH: 2 101, NEXT_HOP: 2001:db8:1:1::21, via 2001:db8:1:1::21
+  std comms: 65530:4, 65535:666
+  ext comms: rfc8097-invalid
+  lrg comms: 999:65530:4
+  best: False, LOCAL_PREF: 100
+  filtered: False ()
+
+3101:0:8::/48, AS_PATH: 1 101, NEXT_HOP: 2001:db8:1:1::101, via 2001:db8:1:1::12
+  std comms:
+  ext comms: rfc8097-valid
+  lrg comms:
+  best: False, LOCAL_PREF: 1
+  filtered: True (5)
+
+3101:0:8::/48, AS_PATH: 1 101, NEXT_HOP: 2001:db8:1:1::11, via 2001:db8:1:1::11
+  std comms:
+  ext comms: rfc8097-valid
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+3101:0:8::/48, AS_PATH: 2 101, NEXT_HOP: 2001:db8:1:1::21, via 2001:db8:1:1::21
+  std comms:
+  ext comms: rfc8097-valid
+  lrg comms:
+  best: False, LOCAL_PREF: 100
+  filtered: False ()
+
+3101:0:9::/48, AS_PATH: 1 101, NEXT_HOP: 2001:db8:1:1::101, via 2001:db8:1:1::12
+  std comms:
+  ext comms: rfc8097-invalid
+  lrg comms:
+  best: False, LOCAL_PREF: 1
+  filtered: True (5)
+
+3101:0:9::/48, AS_PATH: 1 101, NEXT_HOP: 2001:db8:1:1::11, via 2001:db8:1:1::11
+  std comms:
+  ext comms: rfc8097-invalid
+  lrg comms:
+  best: True, LOCAL_PREF: 1
+  filtered: True (14)
+
+3101:0:9::/48, AS_PATH: 2 101, NEXT_HOP: 2001:db8:1:1::21, via 2001:db8:1:1::21
+  std comms:
+  ext comms: rfc8097-invalid
+  lrg comms:
+  best: False, LOCAL_PREF: 1
+  filtered: True (14)
+
+3101:1::/48, AS_PATH: 1 101, NEXT_HOP: 2001:db8:1:1::101, via 2001:db8:1:1::12
+  std comms:
+  ext comms: rfc8097-not-found
+  lrg comms:
+  best: False, LOCAL_PREF: 1
+  filtered: True (5)
+
+3101:1::/48, AS_PATH: 1 101, NEXT_HOP: 2001:db8:1:1::11, via 2001:db8:1:1::11
+  std comms:
+  ext comms: rfc8097-not-found
+  lrg comms:
+  best: True, LOCAL_PREF: 1
+  filtered: True (12)
+
+3101:1::/48, AS_PATH: 2 101, NEXT_HOP: 2001:db8:1:1::21, via 2001:db8:1:1::21
+  std comms:
+  ext comms: rfc8097-not-found
+  lrg comms:
+  best: False, LOCAL_PREF: 1
+  filtered: True (12)
+
+3101:2:4000::/34, AS_PATH: 1 101, NEXT_HOP: 2001:db8:1:1::101, via 2001:db8:1:1::12
+  std comms:
+  ext comms: rfc8097-invalid
+  lrg comms:
+  best: False, LOCAL_PREF: 1
+  filtered: True (5)
+
+3101:2:4000::/34, AS_PATH: 1 101, NEXT_HOP: 2001:db8:1:1::11, via 2001:db8:1:1::11
+  std comms:
+  ext comms: rfc8097-invalid
+  lrg comms:
+  best: True, LOCAL_PREF: 1
+  filtered: True (12)
+
+3101:2:4000::/34, AS_PATH: 2 101, NEXT_HOP: 2001:db8:1:1::21, via 2001:db8:1:1::21
+  std comms:
+  ext comms: rfc8097-invalid
+  lrg comms:
+  best: False, LOCAL_PREF: 1
+  filtered: True (12)
+
+3101:2:8000::/48, AS_PATH: 1 101, NEXT_HOP: 2001:db8:1:1::101, via 2001:db8:1:1::12
+  std comms:
+  ext comms: rfc8097-valid
+  lrg comms:
+  best: False, LOCAL_PREF: 1
+  filtered: True (5)
+
+3101:2:8000::/48, AS_PATH: 1 101, NEXT_HOP: 2001:db8:1:1::11, via 2001:db8:1:1::11
+  std comms:
+  ext comms: rfc8097-valid
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+3101:2:8000::/48, AS_PATH: 2 101, NEXT_HOP: 2001:db8:1:1::21, via 2001:db8:1:1::21
+  std comms:
+  ext comms: rfc8097-valid
+  lrg comms:
+  best: False, LOCAL_PREF: 100
+  filtered: False ()
+
+3101:2::/33, AS_PATH: 1 101, NEXT_HOP: 2001:db8:1:1::101, via 2001:db8:1:1::12
+  std comms:
+  ext comms: rfc8097-valid
+  lrg comms:
+  best: False, LOCAL_PREF: 1
+  filtered: True (5)
+
+3101:2::/33, AS_PATH: 1 101, NEXT_HOP: 2001:db8:1:1::11, via 2001:db8:1:1::11
+  std comms:
+  ext comms: rfc8097-valid
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+3101:2::/33, AS_PATH: 2 101, NEXT_HOP: 2001:db8:1:1::21, via 2001:db8:1:1::21
+  std comms:
+  ext comms: rfc8097-valid
+  lrg comms:
+  best: False, LOCAL_PREF: 100
+  filtered: False ()
+
+3101:3:1::/48, AS_PATH: 1 101 105, NEXT_HOP: 2001:db8:1:1::101, via 2001:db8:1:1::12
+  std comms:
+  ext comms: rfc8097-valid
+  lrg comms:
+  best: False, LOCAL_PREF: 1
+  filtered: True (5)
+
+3101:3:1::/48, AS_PATH: 1 101 105, NEXT_HOP: 2001:db8:1:1::11, via 2001:db8:1:1::11
+  std comms:
+  ext comms: rfc8097-valid
+  lrg comms:
+  best: True, LOCAL_PREF: 1
+  filtered: True (9)
+
+3101:3:1::/48, AS_PATH: 2 101 105, NEXT_HOP: 2001:db8:1:1::21, via 2001:db8:1:1::21
+  std comms:
+  ext comms: rfc8097-valid
+  lrg comms:
+  best: False, LOCAL_PREF: 1
+  filtered: True (9)
+
+3102:0:1::/48, AS_PATH: 1 101 102, NEXT_HOP: 2001:db8:1:1::101, via 2001:db8:1:1::12
+  std comms:
+  ext comms: rfc8097-not-found
+  lrg comms:
+  best: False, LOCAL_PREF: 1
+  filtered: True (5)
+
+3102:0:1::/48, AS_PATH: 1 101 102, NEXT_HOP: 2001:db8:1:1::11, via 2001:db8:1:1::11
+  std comms:
+  ext comms: rfc8097-not-found
+  lrg comms:
+  best: True, LOCAL_PREF: 1
+  filtered: True (9)
+
+3102:0:1::/48, AS_PATH: 2 101 102, NEXT_HOP: 2001:db8:1:1::21, via 2001:db8:1:1::21
+  std comms:
+  ext comms: rfc8097-not-found
+  lrg comms:
+  best: False, LOCAL_PREF: 1
+  filtered: True (9)
+
+3103:0:1::/48, AS_PATH: 1 101 103, NEXT_HOP: 2001:db8:1:1::101, via 2001:db8:1:1::12
+  std comms: 65535:0
+  ext comms: rfc8097-not-found
+  lrg comms:
+  best: False, LOCAL_PREF: 1
+  filtered: True (5)
+
+3103:0:1::/48, AS_PATH: 1 101 103, NEXT_HOP: 2001:db8:1:1::11, via 2001:db8:1:1::11
+  std comms: 65535:0
+  ext comms: rfc8097-not-found
+  lrg comms:
+  best: False, LOCAL_PREF: 5
+  filtered: False ()
+
+3103:0:1::/48, AS_PATH: 2 101 101 103, NEXT_HOP: 2001:db8:1:1::21, via 2001:db8:1:1::21
+  std comms:
+  ext comms: rfc8097-not-found
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+3103:0:2::/48, AS_PATH: 1 101 101 103, NEXT_HOP: 2001:db8:1:1::101, via 2001:db8:1:1::12
+  std comms:
+  ext comms: rfc8097-not-found
+  lrg comms:
+  best: False, LOCAL_PREF: 1
+  filtered: True (5)
+
+3103:0:2::/48, AS_PATH: 1 101 101 103, NEXT_HOP: 2001:db8:1:1::11, via 2001:db8:1:1::11
+  std comms:
+  ext comms: rfc8097-not-found
+  lrg comms:
+  best: False, LOCAL_PREF: 100
+  filtered: False ()
+
+3103:0:2::/48, AS_PATH: 2 101 103, NEXT_HOP: 2001:db8:1:1::21, via 2001:db8:1:1::21
+  std comms:
+  ext comms: rfc8097-not-found
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+3104:0:1::/48, AS_PATH: 1 101 104, NEXT_HOP: 2001:db8:1:1::101, via 2001:db8:1:1::12
+  std comms:
+  ext comms: rfc8097-not-found
+  lrg comms:
+  best: False, LOCAL_PREF: 1
+  filtered: True (5)
+
+3104:0:1::/48, AS_PATH: 1 101 104, NEXT_HOP: 2001:db8:1:1::11, via 2001:db8:1:1::11
+  std comms:
+  ext comms: rfc8097-not-found
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+3104:0:1::/48, AS_PATH: 2 101 104, NEXT_HOP: 2001:db8:1:1::21, via 2001:db8:1:1::21
+  std comms:
+  ext comms: rfc8097-not-found
+  lrg comms:
+  best: False, LOCAL_PREF: 1
+  filtered: True (9)
+
+3104:1:1::/48, AS_PATH: 1 101 104, NEXT_HOP: 2001:db8:1:1::101, via 2001:db8:1:1::12
+  std comms:
+  ext comms: rfc8097-not-found
+  lrg comms:
+  best: False, LOCAL_PREF: 1
+  filtered: True (5)
+
+3104:1:1::/48, AS_PATH: 1 101 104, NEXT_HOP: 2001:db8:1:1::11, via 2001:db8:1:1::11
+  std comms:
+  ext comms: rfc8097-not-found
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+3104:1:1::/48, AS_PATH: 2 101 104, NEXT_HOP: 2001:db8:1:1::21, via 2001:db8:1:1::21
+  std comms:
+  ext comms: rfc8097-not-found
+  lrg comms:
+  best: False, LOCAL_PREF: 1
+  filtered: True (9)
+
+3222:0:1::/48, AS_PATH: 222 333, NEXT_HOP: 2001:db8:1:1::222, via 2001:db8:1:1::222
+  std comms:
+  ext comms: rfc8097-invalid
+  lrg comms:
+  best: True, LOCAL_PREF: 1
+  filtered: True (14)
+
+3222:0:2::/48, AS_PATH: 222 333, NEXT_HOP: 2001:db8:1:1::222, via 2001:db8:1:1::222
+  std comms:
+  ext comms: rfc8097-not-found
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+3222:0:3::/48, AS_PATH: 222 333, NEXT_HOP: 2001:db8:1:1::222, via 2001:db8:1:1::222
+  std comms:
+  ext comms: rfc8097-not-found
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+8000:1::/32, AS_PATH: 1 101, NEXT_HOP: 2001:db8:1:1::101, via 2001:db8:1:1::12
+  std comms:
+  ext comms: rfc8097-not-found
+  lrg comms:
+  best: False, LOCAL_PREF: 1
+  filtered: True (10)
+
+8000:1::/32, AS_PATH: 1 101, NEXT_HOP: 2001:db8:1:1::11, via 2001:db8:1:1::11
+  std comms:
+  ext comms: rfc8097-not-found
+  lrg comms:
+  best: True, LOCAL_PREF: 1
+  filtered: True (10)
+
+8000:1::/32, AS_PATH: 2 101, NEXT_HOP: 2001:db8:1:1::21, via 2001:db8:1:1::21
+  std comms:
+  ext comms: rfc8097-not-found
+  lrg comms:
+  best: False, LOCAL_PREF: 1
+  filtered: True (10)
+
+::/0, AS_PATH: 3, NEXT_HOP: 2001:db8:1:1::31, via 2001:db8:1:1::31
+  std comms:
+  ext comms: rfc8097-not-found
+  lrg comms:
+  best: True, LOCAL_PREF: 1
+  filtered: True (10)
+
diff --git a/tests/live_tests/scenarios/global/routes/BasicScenario_OpenBGPDIPv6/openbgpd77p/AS101.txt b/tests/live_tests/scenarios/global/routes/BasicScenario_OpenBGPDIPv6/openbgpd77p/AS101.txt
new file mode 100644
index 00000000..022728e9
--- /dev/null
+++ b/tests/live_tests/scenarios/global/routes/BasicScenario_OpenBGPDIPv6/openbgpd77p/AS101.txt
@@ -0,0 +1,588 @@
+2001::/48, AS_PATH: 1, NEXT_HOP: 2001:db8:1:1::11, via 2001:db8:1:1::11
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2001:db8:1::/48, AS_PATH: 1, NEXT_HOP: 2001:db8:1:1::11, via 2001:db8:1:1::11
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a01:0:1::/48, AS_PATH: 1, NEXT_HOP: 2001:db8:1:1::11, via 2001:db8:1:1::11
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a01:0:1::/48, AS_PATH: 1, NEXT_HOP: 2001:db8:1:1::12, via 2001:db8:1:1::12
+  std comms:
+  ext comms:
+  lrg comms:
+  best: False, LOCAL_PREF: 100
+  filtered: False ()
+
+2a01:0:1::/48, AS_PATH: 2 1, NEXT_HOP: 2001:db8:1:1::21, via 2001:db8:1:1::21
+  std comms:
+  ext comms:
+  lrg comms:
+  best: False, LOCAL_PREF: 100
+  filtered: False ()
+
+2a01:0:2::/48, AS_PATH: 1, NEXT_HOP: 2001:db8:1:1::11, via 2001:db8:1:1::11
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a01:0:2::/48, AS_PATH: 1, NEXT_HOP: 2001:db8:1:1::12, via 2001:db8:1:1::12
+  std comms:
+  ext comms:
+  lrg comms:
+  best: False, LOCAL_PREF: 100
+  filtered: False ()
+
+2a01:0:2::/48, AS_PATH: 2 1, NEXT_HOP: 2001:db8:1:1::21, via 2001:db8:1:1::21
+  std comms:
+  ext comms:
+  lrg comms:
+  best: False, LOCAL_PREF: 100
+  filtered: False ()
+
+2a01:0:3::/48, AS_PATH: 1, NEXT_HOP: 2001:db8:1:1::12, via 2001:db8:1:1::12
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a01:0:3::/48, AS_PATH: 2 1, NEXT_HOP: 2001:db8:1:1::21, via 2001:db8:1:1::21
+  std comms:
+  ext comms:
+  lrg comms:
+  best: False, LOCAL_PREF: 100
+  filtered: False ()
+
+2a02:0:1::/48, AS_PATH: 1 2, NEXT_HOP: 2001:db8:1:1::11, via 2001:db8:1:1::11
+  std comms:
+  ext comms:
+  lrg comms:
+  best: False, LOCAL_PREF: 100
+  filtered: False ()
+
+2a02:0:1::/48, AS_PATH: 1 2, NEXT_HOP: 2001:db8:1:1::12, via 2001:db8:1:1::12
+  std comms:
+  ext comms:
+  lrg comms:
+  best: False, LOCAL_PREF: 100
+  filtered: False ()
+
+2a02:0:1::/48, AS_PATH: 2, NEXT_HOP: 2001:db8:1:1::21, via 2001:db8:1:1::21
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a02:0:2::/48, AS_PATH: 1 2, NEXT_HOP: 2001:db8:1:1::11, via 2001:db8:1:1::11
+  std comms:
+  ext comms:
+  lrg comms:
+  best: False, LOCAL_PREF: 100
+  filtered: False ()
+
+2a02:0:2::/48, AS_PATH: 1 2, NEXT_HOP: 2001:db8:1:1::12, via 2001:db8:1:1::12
+  std comms:
+  ext comms:
+  lrg comms:
+  best: False, LOCAL_PREF: 100
+  filtered: False ()
+
+2a02:0:2::/48, AS_PATH: 2, NEXT_HOP: 2001:db8:1:1::21, via 2001:db8:1:1::21
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a02:0:3::1/128, AS_PATH: 2, NEXT_HOP: 2001:db8:1:1::21, via 2001:db8:1:1::21
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a02:0:3::2/128, AS_PATH: 2, NEXT_HOP: 2001:db8:1:1::21, via 2001:db8:1:1::21
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a02:0:3::3/128, AS_PATH: 2, NEXT_HOP: 2001:db8:1:1::21, via 2001:db8:1:1::21
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a02:0:4::/48, AS_PATH: 1 2, NEXT_HOP: 2001:db8:1:1::11, via 2001:db8:1:1::11
+  std comms:
+  ext comms:
+  lrg comms:
+  best: False, LOCAL_PREF: 100
+  filtered: False ()
+
+2a02:0:4::/48, AS_PATH: 1 2, NEXT_HOP: 2001:db8:1:1::12, via 2001:db8:1:1::12
+  std comms:
+  ext comms:
+  lrg comms:
+  best: False, LOCAL_PREF: 100
+  filtered: False ()
+
+2a02:0:4::/48, AS_PATH: 2, NEXT_HOP: 2001:db8:1:1::21, via 2001:db8:1:1::21
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a02:0:5::/48, AS_PATH: 2, NEXT_HOP: 2001:db8:1:1::21, via 2001:db8:1:1::21
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a03:0:2::/48, AS_PATH: 1 3, NEXT_HOP: 2001:db8:1:1::11, via 2001:db8:1:1::11
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a03:0:2::/48, AS_PATH: 1 3, NEXT_HOP: 2001:db8:1:1::12, via 2001:db8:1:1::12
+  std comms:
+  ext comms:
+  lrg comms:
+  best: False, LOCAL_PREF: 100
+  filtered: False ()
+
+2a03:0:3::/48, AS_PATH: 2 3, NEXT_HOP: 2001:db8:1:1::21, via 2001:db8:1:1::21
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a03:0:5::/48, AS_PATH: 1 3 3, NEXT_HOP: 2001:db8:1:1::11, via 2001:db8:1:1::11
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a03:0:5::/48, AS_PATH: 1 3 3, NEXT_HOP: 2001:db8:1:1::12, via 2001:db8:1:1::12
+  std comms:
+  ext comms:
+  lrg comms:
+  best: False, LOCAL_PREF: 100
+  filtered: False ()
+
+2a03:0:5::/48, AS_PATH: 2 3 3, NEXT_HOP: 2001:db8:1:1::21, via 2001:db8:1:1::21
+  std comms:
+  ext comms:
+  lrg comms:
+  best: False, LOCAL_PREF: 100
+  filtered: False ()
+
+2a03:0:6::/48, AS_PATH: 1 3 3 3, NEXT_HOP: 2001:db8:1:1::11, via 2001:db8:1:1::11
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a03:0:6::/48, AS_PATH: 1 3 3 3, NEXT_HOP: 2001:db8:1:1::12, via 2001:db8:1:1::12
+  std comms:
+  ext comms:
+  lrg comms:
+  best: False, LOCAL_PREF: 100
+  filtered: False ()
+
+2a03:0:6::/48, AS_PATH: 2 3 3 3, NEXT_HOP: 2001:db8:1:1::21, via 2001:db8:1:1::21
+  std comms:
+  ext comms:
+  lrg comms:
+  best: False, LOCAL_PREF: 100
+  filtered: False ()
+
+2a03:0:7::/48, AS_PATH: 1 3 3 3 3, NEXT_HOP: 2001:db8:1:1::11, via 2001:db8:1:1::11
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a03:0:7::/48, AS_PATH: 1 3 3 3 3, NEXT_HOP: 2001:db8:1:1::12, via 2001:db8:1:1::12
+  std comms:
+  ext comms:
+  lrg comms:
+  best: False, LOCAL_PREF: 100
+  filtered: False ()
+
+2a03:0:7::/48, AS_PATH: 2 3 3 3 3, NEXT_HOP: 2001:db8:1:1::21, via 2001:db8:1:1::21
+  std comms:
+  ext comms:
+  lrg comms:
+  best: False, LOCAL_PREF: 100
+  filtered: False ()
+
+2a03:0:8::/48, AS_PATH: 1 3 3, NEXT_HOP: 2001:db8:1:1::11, via 2001:db8:1:1::11
+  std comms:
+  ext comms:
+  lrg comms:
+  best: False, LOCAL_PREF: 100
+  filtered: False ()
+
+2a03:0:8::/48, AS_PATH: 1 3 3, NEXT_HOP: 2001:db8:1:1::12, via 2001:db8:1:1::12
+  std comms:
+  ext comms:
+  lrg comms:
+  best: False, LOCAL_PREF: 100
+  filtered: False ()
+
+2a03:0:8::/48, AS_PATH: 2 3, NEXT_HOP: 2001:db8:1:1::21, via 2001:db8:1:1::21
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a03:0:9::/48, AS_PATH: 1 3, NEXT_HOP: 2001:db8:1:1::11, via 2001:db8:1:1::11
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a03:0:9::/48, AS_PATH: 1 3, NEXT_HOP: 2001:db8:1:1::12, via 2001:db8:1:1::12
+  std comms:
+  ext comms:
+  lrg comms:
+  best: False, LOCAL_PREF: 100
+  filtered: False ()
+
+2a03:0:9::/48, AS_PATH: 2 3 3 3, NEXT_HOP: 2001:db8:1:1::21, via 2001:db8:1:1::21
+  std comms:
+  ext comms:
+  lrg comms:
+  best: False, LOCAL_PREF: 100
+  filtered: False ()
+
+2a03:0:a::/48, AS_PATH: 1 3 3 3 3, NEXT_HOP: 2001:db8:1:1::11, via 2001:db8:1:1::11
+  std comms:
+  ext comms:
+  lrg comms:
+  best: False, LOCAL_PREF: 100
+  filtered: False ()
+
+2a03:0:a::/48, AS_PATH: 1 3 3 3 3, NEXT_HOP: 2001:db8:1:1::12, via 2001:db8:1:1::12
+  std comms:
+  ext comms:
+  lrg comms:
+  best: False, LOCAL_PREF: 100
+  filtered: False ()
+
+2a03:0:a::/48, AS_PATH: 2 3 3, NEXT_HOP: 2001:db8:1:1::21, via 2001:db8:1:1::21
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a03:0:c::/48, AS_PATH: 2 3 3 3 3, NEXT_HOP: 2001:db8:1:1::21, via 2001:db8:1:1::21
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a04:0:1::/48, AS_PATH: 1 4, NEXT_HOP: 2001:db8:1:1::11, via 2001:db8:1:1::11
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a04:0:1::/48, AS_PATH: 1 4, NEXT_HOP: 2001:db8:1:1::12, via 2001:db8:1:1::12
+  std comms:
+  ext comms:
+  lrg comms:
+  best: False, LOCAL_PREF: 100
+  filtered: False ()
+
+2a04:0:2::/48, AS_PATH: 1 4, NEXT_HOP: 2001:db8:1:1::11, via 2001:db8:1:1::11
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a04:0:2::/48, AS_PATH: 1 4, NEXT_HOP: 2001:db8:1:1::12, via 2001:db8:1:1::12
+  std comms:
+  ext comms:
+  lrg comms:
+  best: False, LOCAL_PREF: 100
+  filtered: False ()
+
+2a04:0:3::/48, AS_PATH: 1 4, NEXT_HOP: 2001:db8:1:1::11, via 2001:db8:1:1::11
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a04:0:3::/48, AS_PATH: 1 4, NEXT_HOP: 2001:db8:1:1::12, via 2001:db8:1:1::12
+  std comms:
+  ext comms:
+  lrg comms:
+  best: False, LOCAL_PREF: 100
+  filtered: False ()
+
+2a04:0:4::/48, AS_PATH: 1 4, NEXT_HOP: 2001:db8:1:1::11, via 2001:db8:1:1::11
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a04:0:4::/48, AS_PATH: 1 4, NEXT_HOP: 2001:db8:1:1::12, via 2001:db8:1:1::12
+  std comms:
+  ext comms:
+  lrg comms:
+  best: False, LOCAL_PREF: 100
+  filtered: False ()
+
+2a04:0:5::/48, AS_PATH: 1 4, NEXT_HOP: 2001:db8:1:1::11, via 2001:db8:1:1::11
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a04:0:5::/48, AS_PATH: 1 4, NEXT_HOP: 2001:db8:1:1::12, via 2001:db8:1:1::12
+  std comms:
+  ext comms:
+  lrg comms:
+  best: False, LOCAL_PREF: 100
+  filtered: False ()
+
+2a04:0:6::/48, AS_PATH: 2 4, NEXT_HOP: 2001:db8:1:1::21, via 2001:db8:1:1::21
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a04:0:8::/48, AS_PATH: 1 4, NEXT_HOP: 2001:db8:1:1::11, via 2001:db8:1:1::11
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a04:0:8::/48, AS_PATH: 1 4, NEXT_HOP: 2001:db8:1:1::12, via 2001:db8:1:1::12
+  std comms:
+  ext comms:
+  lrg comms:
+  best: False, LOCAL_PREF: 100
+  filtered: False ()
+
+2a04:0:8::/48, AS_PATH: 2 4 4 4, NEXT_HOP: 2001:db8:1:1::21, via 2001:db8:1:1::21
+  std comms:
+  ext comms:
+  lrg comms:
+  best: False, LOCAL_PREF: 100
+  filtered: False ()
+
+2a04:0:9::/48, AS_PATH: 1 4 4 4 4, NEXT_HOP: 2001:db8:1:1::11, via 2001:db8:1:1::11
+  std comms:
+  ext comms:
+  lrg comms:
+  best: False, LOCAL_PREF: 100
+  filtered: False ()
+
+2a04:0:9::/48, AS_PATH: 1 4 4 4 4, NEXT_HOP: 2001:db8:1:1::12, via 2001:db8:1:1::12
+  std comms:
+  ext comms:
+  lrg comms:
+  best: False, LOCAL_PREF: 100
+  filtered: False ()
+
+2a04:0:9::/48, AS_PATH: 2 4 4 4, NEXT_HOP: 2001:db8:1:1::21, via 2001:db8:1:1::21
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a04:0:a::/48, AS_PATH: 1 4, NEXT_HOP: 2001:db8:1:1::11, via 2001:db8:1:1::11
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a04:0:a::/48, AS_PATH: 1 4, NEXT_HOP: 2001:db8:1:1::12, via 2001:db8:1:1::12
+  std comms:
+  ext comms:
+  lrg comms:
+  best: False, LOCAL_PREF: 100
+  filtered: False ()
+
+2a04:0:a::/48, AS_PATH: 2 4 4, NEXT_HOP: 2001:db8:1:1::21, via 2001:db8:1:1::21
+  std comms:
+  ext comms:
+  lrg comms:
+  best: False, LOCAL_PREF: 100
+  filtered: False ()
+
+2a11:1:1::/48, AS_PATH: 1, NEXT_HOP: 2001:db8:1:1::11, via 2001:db8:1:1::11
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a11:1:1::/48, AS_PATH: 2 1 1011, NEXT_HOP: 2001:db8:1:1::21, via 2001:db8:1:1::21
+  std comms:
+  ext comms:
+  lrg comms:
+  best: False, LOCAL_PREF: 100
+  filtered: False ()
+
+2a11:1:2::/48, AS_PATH: 1, NEXT_HOP: 2001:db8:1:1::11, via 2001:db8:1:1::11
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a11:2:1::/48, AS_PATH: 1, NEXT_HOP: 2001:db8:1:1::11, via 2001:db8:1:1::11
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a11:3:1::/48, AS_PATH: 1, NEXT_HOP: 2001:db8:1:1::11, via 2001:db8:1:1::11
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a11:3::/32, AS_PATH: 1, NEXT_HOP: 2001:db8:1:1::11, via 2001:db8:1:1::11
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a11:3::/32, AS_PATH: 2 1 1011, NEXT_HOP: 2001:db8:1:1::21, via 2001:db8:1:1::21
+  std comms:
+  ext comms:
+  lrg comms:
+  best: False, LOCAL_PREF: 100
+  filtered: False ()
+
+2a11:4:1::/48, AS_PATH: 1, NEXT_HOP: 2001:db8:1:1::11, via 2001:db8:1:1::11
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a11:4:1::/48, AS_PATH: 2 1 1000, NEXT_HOP: 2001:db8:1:1::21, via 2001:db8:1:1::21
+  std comms:
+  ext comms:
+  lrg comms:
+  best: False, LOCAL_PREF: 100
+  filtered: False ()
+
+2a99:1::/48, AS_PATH: 1, NEXT_HOP: 2001:db8:1:1::11, via 2001:db8:1:1::11
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a99:2::/48, AS_PATH: 1, NEXT_HOP: 2001:db8:1:1::11, via 2001:db8:1:1::11
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a99::/16, AS_PATH: 1, NEXT_HOP: 2001:db8:1:1::11, via 2001:db8:1:1::11
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a99::/32, AS_PATH: 1, NEXT_HOP: 2001:db8:1:1::11, via 2001:db8:1:1::11
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+3222:0:2::/48, AS_PATH: 1 222 333, NEXT_HOP: 2001:db8:1:1::11, via 2001:db8:1:1::11
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+3222:0:2::/48, AS_PATH: 1 222 333, NEXT_HOP: 2001:db8:1:1::12, via 2001:db8:1:1::12
+  std comms:
+  ext comms:
+  lrg comms:
+  best: False, LOCAL_PREF: 100
+  filtered: False ()
+
+3222:0:2::/48, AS_PATH: 2 222 333, NEXT_HOP: 2001:db8:1:1::21, via 2001:db8:1:1::21
+  std comms:
+  ext comms:
+  lrg comms:
+  best: False, LOCAL_PREF: 100
+  filtered: False ()
+
+3222:0:3::/48, AS_PATH: 1 222 333, NEXT_HOP: 2001:db8:1:1::11, via 2001:db8:1:1::11
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+3222:0:3::/48, AS_PATH: 1 222 333, NEXT_HOP: 2001:db8:1:1::12, via 2001:db8:1:1::12
+  std comms:
+  ext comms:
+  lrg comms:
+  best: False, LOCAL_PREF: 100
+  filtered: False ()
+
+3222:0:3::/48, AS_PATH: 2 222 333, NEXT_HOP: 2001:db8:1:1::21, via 2001:db8:1:1::21
+  std comms:
+  ext comms:
+  lrg comms:
+  best: False, LOCAL_PREF: 100
+  filtered: False ()
+
diff --git a/tests/live_tests/scenarios/global/routes/BasicScenario_OpenBGPDIPv6/openbgpd77p/AS1_1.txt b/tests/live_tests/scenarios/global/routes/BasicScenario_OpenBGPDIPv6/openbgpd77p/AS1_1.txt
new file mode 100644
index 00000000..4db874d8
--- /dev/null
+++ b/tests/live_tests/scenarios/global/routes/BasicScenario_OpenBGPDIPv6/openbgpd77p/AS1_1.txt
@@ -0,0 +1,357 @@
+2a02:0:1::/48, AS_PATH: 2, NEXT_HOP: 2001:db8:1:1::21, via 2001:db8:1:1::2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a02:0:2::/48, AS_PATH: 2, NEXT_HOP: 2001:db8:1:1::21, via 2001:db8:1:1::2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a02:0:3::1/128, AS_PATH: 2, NEXT_HOP: 2001:db8:1:1::66, via 2001:db8:1:1::2
+  std comms: 65530:4, 65535:65281, 65535:666
+  ext comms:
+  lrg comms: 999:65530:4
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a02:0:3::2/128, AS_PATH: 2, NEXT_HOP: 2001:db8:1:1::66, via 2001:db8:1:1::2
+  std comms: 65530:4, 65535:65281, 65535:666
+  ext comms:
+  lrg comms: 999:65530:4
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a02:0:3::3/128, AS_PATH: 2, NEXT_HOP: 2001:db8:1:1::66, via 2001:db8:1:1::2
+  std comms: 65530:4, 65535:65281, 65535:666
+  ext comms:
+  lrg comms: 999:65530:4
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a02:0:4::/48, AS_PATH: 2, NEXT_HOP: 2001:db8:1:1::22, via 2001:db8:1:1::2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a03:0:2::/48, AS_PATH: 3, NEXT_HOP: 2001:db8:1:1::31, via 2001:db8:1:1::2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a03:0:5::/48, AS_PATH: 3 3, NEXT_HOP: 2001:db8:1:1::31, via 2001:db8:1:1::2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a03:0:6::/48, AS_PATH: 3 3 3, NEXT_HOP: 2001:db8:1:1::31, via 2001:db8:1:1::2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a03:0:7::/48, AS_PATH: 3 3 3 3, NEXT_HOP: 2001:db8:1:1::31, via 2001:db8:1:1::2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a03:0:8::/48, AS_PATH: 3 3, NEXT_HOP: 2001:db8:1:1::31, via 2001:db8:1:1::2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a03:0:9::/48, AS_PATH: 3, NEXT_HOP: 2001:db8:1:1::31, via 2001:db8:1:1::2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a03:0:a::/48, AS_PATH: 3 3 3 3, NEXT_HOP: 2001:db8:1:1::31, via 2001:db8:1:1::2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a03:0:b::/48, AS_PATH: 3, NEXT_HOP: 2001:db8:1:1::31, via 2001:db8:1:1::2
+  std comms: 65535:65281
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a03:0:c::/48, AS_PATH: 3, NEXT_HOP: 2001:db8:1:1::31, via 2001:db8:1:1::2
+  std comms: 65535:65281
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a03:0:d::/48, AS_PATH: 3, NEXT_HOP: 2001:db8:1:1::31, via 2001:db8:1:1::2
+  std comms: 65535:65281
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a04:0:1::/48, AS_PATH: 4, NEXT_HOP: 2001:db8:1:1::41, via 2001:db8:1:1::2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a04:0:2::/48, AS_PATH: 4, NEXT_HOP: 2001:db8:1:1::41, via 2001:db8:1:1::2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a04:0:3::/48, AS_PATH: 4, NEXT_HOP: 2001:db8:1:1::41, via 2001:db8:1:1::2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a04:0:4::/48, AS_PATH: 4, NEXT_HOP: 2001:db8:1:1::41, via 2001:db8:1:1::2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a04:0:5::/48, AS_PATH: 4, NEXT_HOP: 2001:db8:1:1::41, via 2001:db8:1:1::2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a04:0:7::1/128, AS_PATH: 4, NEXT_HOP: 2001:db8:1:1::66, via 2001:db8:1:1::2
+  std comms: 65530:4, 65535:65281, 65535:666
+  ext comms:
+  lrg comms: 999:65530:4
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a04:0:8::/48, AS_PATH: 4, NEXT_HOP: 2001:db8:1:1::41, via 2001:db8:1:1::2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a04:0:9::/48, AS_PATH: 4 4 4 4, NEXT_HOP: 2001:db8:1:1::41, via 2001:db8:1:1::2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a04:0:a::/48, AS_PATH: 4, NEXT_HOP: 2001:db8:1:1::41, via 2001:db8:1:1::2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+3101:0:10::/48, AS_PATH: 101 666, NEXT_HOP: 2001:db8:1:1::101, via 2001:db8:1:1::101
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+3101:0:11::/48, AS_PATH: 101 777, NEXT_HOP: 2001:db8:1:1::101, via 2001:db8:1:1::101
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+3101:0:1::/48, AS_PATH: 101, NEXT_HOP: 2001:db8:1:1::101, via 2001:db8:1:1::101
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+3101:0:2::/48, AS_PATH: 101, NEXT_HOP: 2001:db8:1:1::101, via 2001:db8:1:1::101
+  std comms: 65530:0
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+3101:0:3::/48, AS_PATH: 101, NEXT_HOP: 2001:db8:1:1::101, via 2001:db8:1:1::101
+  std comms:
+  ext comms:
+  lrg comms: 999:65530:0
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+3101:0:4::/48, AS_PATH: 101, NEXT_HOP: 2001:db8:1:1::101, via 2001:db8:1:1::101
+  std comms: 888:0
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+3101:0:5::/48, AS_PATH: 101, NEXT_HOP: 2001:db8:1:1::101, via 2001:db8:1:1::101
+  std comms:
+  ext comms:
+  lrg comms: 888:0:0
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+3101:0:6::/48, AS_PATH: 101, NEXT_HOP: 2001:db8:1:1::101, via 2001:db8:1:1::101
+  std comms: 65530:1, 777:0
+  ext comms:
+  lrg comms: 777:0:0, 999:65530:1
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+3101:0:7::/48, AS_PATH: 101 174, NEXT_HOP: 2001:db8:1:1::101, via 2001:db8:1:1::101
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+3101:0:8000::/48, AS_PATH: 101, NEXT_HOP: 2001:db8:1:1::101, via 2001:db8:1:1::101
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+3101:0:8000::1/128, AS_PATH: 101, NEXT_HOP: 2001:db8:1:1::101, via 2001:db8:1:1::101
+  std comms: 65535:666
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+3101:0:8::/48, AS_PATH: 101, NEXT_HOP: 2001:db8:1:1::101, via 2001:db8:1:1::101
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+3101:0:9::/48, AS_PATH: 101, NEXT_HOP: 2001:db8:1:1::101, via 2001:db8:1:1::101
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+3101:1::/48, AS_PATH: 101, NEXT_HOP: 2001:db8:1:1::101, via 2001:db8:1:1::101
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+3101:2:4000::/34, AS_PATH: 101, NEXT_HOP: 2001:db8:1:1::101, via 2001:db8:1:1::101
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+3101:2:8000::/48, AS_PATH: 101, NEXT_HOP: 2001:db8:1:1::101, via 2001:db8:1:1::101
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+3101:2::/33, AS_PATH: 101, NEXT_HOP: 2001:db8:1:1::101, via 2001:db8:1:1::101
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+3101:3:1::/48, AS_PATH: 101 105, NEXT_HOP: 2001:db8:1:1::101, via 2001:db8:1:1::101
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+3102:0:1::/48, AS_PATH: 101 102, NEXT_HOP: 2001:db8:1:1::101, via 2001:db8:1:1::101
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+3103:0:1::/48, AS_PATH: 101 103, NEXT_HOP: 2001:db8:1:1::101, via 2001:db8:1:1::101
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+3103:0:2::/48, AS_PATH: 101 101 103, NEXT_HOP: 2001:db8:1:1::101, via 2001:db8:1:1::101
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+3104:0:1::/48, AS_PATH: 101 104, NEXT_HOP: 2001:db8:1:1::101, via 2001:db8:1:1::101
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+3104:1:1::/48, AS_PATH: 101 104, NEXT_HOP: 2001:db8:1:1::101, via 2001:db8:1:1::101
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+3222:0:2::/48, AS_PATH: 222 333, NEXT_HOP: 2001:db8:1:1::222, via 2001:db8:1:1::2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+3222:0:3::/48, AS_PATH: 222 333, NEXT_HOP: 2001:db8:1:1::222, via 2001:db8:1:1::2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+8000:1::/32, AS_PATH: 101, NEXT_HOP: 2001:db8:1:1::101, via 2001:db8:1:1::101
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
diff --git a/tests/live_tests/scenarios/global/routes/BasicScenario_OpenBGPDIPv6/openbgpd77p/AS1_2.txt b/tests/live_tests/scenarios/global/routes/BasicScenario_OpenBGPDIPv6/openbgpd77p/AS1_2.txt
new file mode 100644
index 00000000..5e6299fb
--- /dev/null
+++ b/tests/live_tests/scenarios/global/routes/BasicScenario_OpenBGPDIPv6/openbgpd77p/AS1_2.txt
@@ -0,0 +1,329 @@
+2a02:0:1::/48, AS_PATH: 2, NEXT_HOP: 2001:db8:1:1::21, via 2001:db8:1:1::2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a02:0:2::/48, AS_PATH: 2, NEXT_HOP: 2001:db8:1:1::21, via 2001:db8:1:1::2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a02:0:4::/48, AS_PATH: 2, NEXT_HOP: 2001:db8:1:1::22, via 2001:db8:1:1::2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a03:0:2::/48, AS_PATH: 3, NEXT_HOP: 2001:db8:1:1::31, via 2001:db8:1:1::2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a03:0:5::/48, AS_PATH: 3 3, NEXT_HOP: 2001:db8:1:1::31, via 2001:db8:1:1::2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a03:0:6::/48, AS_PATH: 3 3 3, NEXT_HOP: 2001:db8:1:1::31, via 2001:db8:1:1::2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a03:0:7::/48, AS_PATH: 3 3 3 3, NEXT_HOP: 2001:db8:1:1::31, via 2001:db8:1:1::2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a03:0:8::/48, AS_PATH: 3 3, NEXT_HOP: 2001:db8:1:1::31, via 2001:db8:1:1::2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a03:0:9::/48, AS_PATH: 3, NEXT_HOP: 2001:db8:1:1::31, via 2001:db8:1:1::2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a03:0:a::/48, AS_PATH: 3 3 3 3, NEXT_HOP: 2001:db8:1:1::31, via 2001:db8:1:1::2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a03:0:b::/48, AS_PATH: 3, NEXT_HOP: 2001:db8:1:1::31, via 2001:db8:1:1::2
+  std comms: 65535:65281
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a03:0:c::/48, AS_PATH: 3, NEXT_HOP: 2001:db8:1:1::31, via 2001:db8:1:1::2
+  std comms: 65535:65281
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a03:0:d::/48, AS_PATH: 3, NEXT_HOP: 2001:db8:1:1::31, via 2001:db8:1:1::2
+  std comms: 65535:65281
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a04:0:1::/48, AS_PATH: 4, NEXT_HOP: 2001:db8:1:1::41, via 2001:db8:1:1::2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a04:0:2::/48, AS_PATH: 4, NEXT_HOP: 2001:db8:1:1::41, via 2001:db8:1:1::2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a04:0:3::/48, AS_PATH: 4, NEXT_HOP: 2001:db8:1:1::41, via 2001:db8:1:1::2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a04:0:4::/48, AS_PATH: 4, NEXT_HOP: 2001:db8:1:1::41, via 2001:db8:1:1::2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a04:0:5::/48, AS_PATH: 4, NEXT_HOP: 2001:db8:1:1::41, via 2001:db8:1:1::2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a04:0:8::/48, AS_PATH: 4, NEXT_HOP: 2001:db8:1:1::41, via 2001:db8:1:1::2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a04:0:9::/48, AS_PATH: 4 4 4 4, NEXT_HOP: 2001:db8:1:1::41, via 2001:db8:1:1::2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a04:0:a::/48, AS_PATH: 4, NEXT_HOP: 2001:db8:1:1::41, via 2001:db8:1:1::2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+3101:0:10::/48, AS_PATH: 101 666, NEXT_HOP: 2001:db8:1:1::101, via 2001:db8:1:1::101
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+3101:0:11::/48, AS_PATH: 101 777, NEXT_HOP: 2001:db8:1:1::101, via 2001:db8:1:1::101
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+3101:0:1::/48, AS_PATH: 101, NEXT_HOP: 2001:db8:1:1::101, via 2001:db8:1:1::101
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+3101:0:2::/48, AS_PATH: 101, NEXT_HOP: 2001:db8:1:1::101, via 2001:db8:1:1::101
+  std comms: 65530:0
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+3101:0:3::/48, AS_PATH: 101, NEXT_HOP: 2001:db8:1:1::101, via 2001:db8:1:1::101
+  std comms:
+  ext comms:
+  lrg comms: 999:65530:0
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+3101:0:4::/48, AS_PATH: 101, NEXT_HOP: 2001:db8:1:1::101, via 2001:db8:1:1::101
+  std comms: 888:0
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+3101:0:5::/48, AS_PATH: 101, NEXT_HOP: 2001:db8:1:1::101, via 2001:db8:1:1::101
+  std comms:
+  ext comms:
+  lrg comms: 888:0:0
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+3101:0:6::/48, AS_PATH: 101, NEXT_HOP: 2001:db8:1:1::101, via 2001:db8:1:1::101
+  std comms: 65530:1, 777:0
+  ext comms:
+  lrg comms: 777:0:0, 999:65530:1
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+3101:0:7::/48, AS_PATH: 101 174, NEXT_HOP: 2001:db8:1:1::101, via 2001:db8:1:1::101
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+3101:0:8000::/48, AS_PATH: 101, NEXT_HOP: 2001:db8:1:1::101, via 2001:db8:1:1::101
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+3101:0:8000::1/128, AS_PATH: 101, NEXT_HOP: 2001:db8:1:1::101, via 2001:db8:1:1::101
+  std comms: 65535:666
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+3101:0:8::/48, AS_PATH: 101, NEXT_HOP: 2001:db8:1:1::101, via 2001:db8:1:1::101
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+3101:0:9::/48, AS_PATH: 101, NEXT_HOP: 2001:db8:1:1::101, via 2001:db8:1:1::101
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+3101:1::/48, AS_PATH: 101, NEXT_HOP: 2001:db8:1:1::101, via 2001:db8:1:1::101
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+3101:2:4000::/34, AS_PATH: 101, NEXT_HOP: 2001:db8:1:1::101, via 2001:db8:1:1::101
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+3101:2:8000::/48, AS_PATH: 101, NEXT_HOP: 2001:db8:1:1::101, via 2001:db8:1:1::101
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+3101:2::/33, AS_PATH: 101, NEXT_HOP: 2001:db8:1:1::101, via 2001:db8:1:1::101
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+3101:3:1::/48, AS_PATH: 101 105, NEXT_HOP: 2001:db8:1:1::101, via 2001:db8:1:1::101
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+3102:0:1::/48, AS_PATH: 101 102, NEXT_HOP: 2001:db8:1:1::101, via 2001:db8:1:1::101
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+3103:0:1::/48, AS_PATH: 101 103, NEXT_HOP: 2001:db8:1:1::101, via 2001:db8:1:1::101
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+3103:0:2::/48, AS_PATH: 101 101 103, NEXT_HOP: 2001:db8:1:1::101, via 2001:db8:1:1::101
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+3104:0:1::/48, AS_PATH: 101 104, NEXT_HOP: 2001:db8:1:1::101, via 2001:db8:1:1::101
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+3104:1:1::/48, AS_PATH: 101 104, NEXT_HOP: 2001:db8:1:1::101, via 2001:db8:1:1::101
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+3222:0:2::/48, AS_PATH: 222 333, NEXT_HOP: 2001:db8:1:1::222, via 2001:db8:1:1::2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+3222:0:3::/48, AS_PATH: 222 333, NEXT_HOP: 2001:db8:1:1::222, via 2001:db8:1:1::2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+8000:1::/32, AS_PATH: 101, NEXT_HOP: 2001:db8:1:1::101, via 2001:db8:1:1::101
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
diff --git a/tests/live_tests/scenarios/global/routes/BasicScenario_OpenBGPDIPv6/openbgpd77p/AS2.txt b/tests/live_tests/scenarios/global/routes/BasicScenario_OpenBGPDIPv6/openbgpd77p/AS2.txt
new file mode 100644
index 00000000..bac1b23a
--- /dev/null
+++ b/tests/live_tests/scenarios/global/routes/BasicScenario_OpenBGPDIPv6/openbgpd77p/AS2.txt
@@ -0,0 +1,413 @@
+2a01:0:1::/48, AS_PATH: 1, NEXT_HOP: 2001:db8:1:1::11, via 2001:db8:1:1::2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a01:0:2::/48, AS_PATH: 1, NEXT_HOP: 2001:db8:1:1::11, via 2001:db8:1:1::2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a01:0:3::/48, AS_PATH: 1, NEXT_HOP: 2001:db8:1:1::11, via 2001:db8:1:1::2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a03:0:3::/48, AS_PATH: 3, NEXT_HOP: 2001:db8:1:1::31, via 2001:db8:1:1::2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a03:0:5::/48, AS_PATH: 3 3, NEXT_HOP: 2001:db8:1:1::31, via 2001:db8:1:1::2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a03:0:6::/48, AS_PATH: 3 3 3, NEXT_HOP: 2001:db8:1:1::31, via 2001:db8:1:1::2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a03:0:7::/48, AS_PATH: 3 3 3 3, NEXT_HOP: 2001:db8:1:1::31, via 2001:db8:1:1::2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a03:0:8::/48, AS_PATH: 3, NEXT_HOP: 2001:db8:1:1::31, via 2001:db8:1:1::2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a03:0:9::/48, AS_PATH: 3 3 3, NEXT_HOP: 2001:db8:1:1::31, via 2001:db8:1:1::2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a03:0:a::/48, AS_PATH: 3 3, NEXT_HOP: 2001:db8:1:1::31, via 2001:db8:1:1::2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a03:0:b::/48, AS_PATH: 3, NEXT_HOP: 2001:db8:1:1::31, via 2001:db8:1:1::2
+  std comms: 65535:65281
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a03:0:c::/48, AS_PATH: 3 3 3 3, NEXT_HOP: 2001:db8:1:1::31, via 2001:db8:1:1::2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a03:0:d::/48, AS_PATH: 3, NEXT_HOP: 2001:db8:1:1::31, via 2001:db8:1:1::2
+  std comms: 65535:65281
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a04:0:6::/48, AS_PATH: 4, NEXT_HOP: 2001:db8:1:1::41, via 2001:db8:1:1::2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a04:0:7::1/128, AS_PATH: 4, NEXT_HOP: 2001:db8:1:1::66, via 2001:db8:1:1::2
+  std comms: 65530:4, 65535:65281, 65535:666
+  ext comms:
+  lrg comms: 999:65530:4
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a04:0:8::/48, AS_PATH: 4 4 4, NEXT_HOP: 2001:db8:1:1::41, via 2001:db8:1:1::2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a04:0:9::/48, AS_PATH: 4 4 4, NEXT_HOP: 2001:db8:1:1::41, via 2001:db8:1:1::2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a04:0:a::/48, AS_PATH: 4 4, NEXT_HOP: 2001:db8:1:1::41, via 2001:db8:1:1::2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a11:1:1::/48, AS_PATH: 1 1011, NEXT_HOP: 2001:db8:1:1::11, via 2001:db8:1:1::2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a11:3::/32, AS_PATH: 1 1011, NEXT_HOP: 2001:db8:1:1::11, via 2001:db8:1:1::2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a11:4:1::/48, AS_PATH: 1 1000, NEXT_HOP: 2001:db8:1:1::11, via 2001:db8:1:1::2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+3101:0:10::/48, AS_PATH: 101 666, NEXT_HOP: 2001:db8:1:1::101, via 2001:db8:1:1::101
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+3101:0:11::/48, AS_PATH: 101 777, NEXT_HOP: 2001:db8:1:1::101, via 2001:db8:1:1::101
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+3101:0:1::/48, AS_PATH: 1 101, NEXT_HOP: 2001:db8:1:1::11, via 2001:db8:1:1::2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: False, LOCAL_PREF: 100
+  filtered: False ()
+
+3101:0:1::/48, AS_PATH: 101, NEXT_HOP: 2001:db8:1:1::101, via 2001:db8:1:1::101
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+3101:0:2::/48, AS_PATH: 1 101, NEXT_HOP: 2001:db8:1:1::11, via 2001:db8:1:1::2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: False, LOCAL_PREF: 100
+  filtered: False ()
+
+3101:0:2::/48, AS_PATH: 101, NEXT_HOP: 2001:db8:1:1::101, via 2001:db8:1:1::101
+  std comms: 65530:0
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+3101:0:3::/48, AS_PATH: 1 101, NEXT_HOP: 2001:db8:1:1::11, via 2001:db8:1:1::2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: False, LOCAL_PREF: 100
+  filtered: False ()
+
+3101:0:3::/48, AS_PATH: 101, NEXT_HOP: 2001:db8:1:1::101, via 2001:db8:1:1::101
+  std comms:
+  ext comms:
+  lrg comms: 999:65530:0
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+3101:0:4::/48, AS_PATH: 1 101, NEXT_HOP: 2001:db8:1:1::11, via 2001:db8:1:1::2
+  std comms: 888:0
+  ext comms:
+  lrg comms:
+  best: False, LOCAL_PREF: 100
+  filtered: False ()
+
+3101:0:4::/48, AS_PATH: 101, NEXT_HOP: 2001:db8:1:1::101, via 2001:db8:1:1::101
+  std comms: 888:0
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+3101:0:5::/48, AS_PATH: 1 101, NEXT_HOP: 2001:db8:1:1::11, via 2001:db8:1:1::2
+  std comms:
+  ext comms:
+  lrg comms: 888:0:0
+  best: False, LOCAL_PREF: 100
+  filtered: False ()
+
+3101:0:5::/48, AS_PATH: 101, NEXT_HOP: 2001:db8:1:1::101, via 2001:db8:1:1::101
+  std comms:
+  ext comms:
+  lrg comms: 888:0:0
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+3101:0:6::/48, AS_PATH: 1 101, NEXT_HOP: 2001:db8:1:1::11, via 2001:db8:1:1::2
+  std comms: 777:0
+  ext comms:
+  lrg comms: 777:0:0
+  best: False, LOCAL_PREF: 100
+  filtered: False ()
+
+3101:0:6::/48, AS_PATH: 101, NEXT_HOP: 2001:db8:1:1::101, via 2001:db8:1:1::101
+  std comms: 65530:1, 777:0
+  ext comms:
+  lrg comms: 777:0:0, 999:65530:1
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+3101:0:7::/48, AS_PATH: 101 174, NEXT_HOP: 2001:db8:1:1::101, via 2001:db8:1:1::101
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+3101:0:8000::/48, AS_PATH: 101, NEXT_HOP: 2001:db8:1:1::101, via 2001:db8:1:1::101
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+3101:0:8000::1/128, AS_PATH: 1 101, NEXT_HOP: 2001:db8:1:1::66, via 2001:db8:1:1::2
+  std comms: 65530:4, 65535:65281, 65535:666
+  ext comms:
+  lrg comms: 999:65530:4
+  best: False, LOCAL_PREF: 100
+  filtered: False ()
+
+3101:0:8000::1/128, AS_PATH: 101, NEXT_HOP: 2001:db8:1:1::101, via 2001:db8:1:1::101
+  std comms: 65535:666
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+3101:0:8::/48, AS_PATH: 1 101, NEXT_HOP: 2001:db8:1:1::11, via 2001:db8:1:1::2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: False, LOCAL_PREF: 100
+  filtered: False ()
+
+3101:0:8::/48, AS_PATH: 101, NEXT_HOP: 2001:db8:1:1::101, via 2001:db8:1:1::101
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+3101:0:9::/48, AS_PATH: 101, NEXT_HOP: 2001:db8:1:1::101, via 2001:db8:1:1::101
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+3101:1::/48, AS_PATH: 101, NEXT_HOP: 2001:db8:1:1::101, via 2001:db8:1:1::101
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+3101:2:4000::/34, AS_PATH: 101, NEXT_HOP: 2001:db8:1:1::101, via 2001:db8:1:1::101
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+3101:2:8000::/48, AS_PATH: 1 101, NEXT_HOP: 2001:db8:1:1::11, via 2001:db8:1:1::2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: False, LOCAL_PREF: 100
+  filtered: False ()
+
+3101:2:8000::/48, AS_PATH: 101, NEXT_HOP: 2001:db8:1:1::101, via 2001:db8:1:1::101
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+3101:2::/33, AS_PATH: 1 101, NEXT_HOP: 2001:db8:1:1::11, via 2001:db8:1:1::2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: False, LOCAL_PREF: 100
+  filtered: False ()
+
+3101:2::/33, AS_PATH: 101, NEXT_HOP: 2001:db8:1:1::101, via 2001:db8:1:1::101
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+3101:3:1::/48, AS_PATH: 101 105, NEXT_HOP: 2001:db8:1:1::101, via 2001:db8:1:1::101
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+3102:0:1::/48, AS_PATH: 101 102, NEXT_HOP: 2001:db8:1:1::101, via 2001:db8:1:1::101
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+3103:0:1::/48, AS_PATH: 101 101 103, NEXT_HOP: 2001:db8:1:1::101, via 2001:db8:1:1::101
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+3103:0:2::/48, AS_PATH: 101 103, NEXT_HOP: 2001:db8:1:1::101, via 2001:db8:1:1::101
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+3104:0:1::/48, AS_PATH: 1 101 104, NEXT_HOP: 2001:db8:1:1::11, via 2001:db8:1:1::2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: False, LOCAL_PREF: 100
+  filtered: False ()
+
+3104:0:1::/48, AS_PATH: 101 104, NEXT_HOP: 2001:db8:1:1::101, via 2001:db8:1:1::101
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+3104:1:1::/48, AS_PATH: 1 101 104, NEXT_HOP: 2001:db8:1:1::11, via 2001:db8:1:1::2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: False, LOCAL_PREF: 100
+  filtered: False ()
+
+3104:1:1::/48, AS_PATH: 101 104, NEXT_HOP: 2001:db8:1:1::101, via 2001:db8:1:1::101
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+3222:0:2::/48, AS_PATH: 222 333, NEXT_HOP: 2001:db8:1:1::222, via 2001:db8:1:1::2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+3222:0:3::/48, AS_PATH: 222 333, NEXT_HOP: 2001:db8:1:1::222, via 2001:db8:1:1::2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+8000:1::/32, AS_PATH: 101, NEXT_HOP: 2001:db8:1:1::101, via 2001:db8:1:1::101
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
diff --git a/tests/live_tests/scenarios/global/routes/BasicScenario_OpenBGPDIPv6/openbgpd77p/AS222.txt b/tests/live_tests/scenarios/global/routes/BasicScenario_OpenBGPDIPv6/openbgpd77p/AS222.txt
new file mode 100644
index 00000000..e69de29b
diff --git a/tests/live_tests/scenarios/global/routes/BasicScenario_OpenBGPDIPv6/openbgpd77p/AS3.txt b/tests/live_tests/scenarios/global/routes/BasicScenario_OpenBGPDIPv6/openbgpd77p/AS3.txt
new file mode 100644
index 00000000..86ea2ff0
--- /dev/null
+++ b/tests/live_tests/scenarios/global/routes/BasicScenario_OpenBGPDIPv6/openbgpd77p/AS3.txt
@@ -0,0 +1,322 @@
+2a01:0:1::/48, AS_PATH: 999 1, NEXT_HOP: 2001:db8:1:1::11, via 2001:db8:1:1::2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 101
+  filtered: False ()
+
+2a01:0:1::/48, AS_PATH: 999 1, NEXT_HOP: 2001:db8:1:1::12, via 2001:db8:1:1::2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: False, LOCAL_PREF: 101
+  filtered: False ()
+
+2a01:0:2::/48, AS_PATH: 999 1, NEXT_HOP: 2001:db8:1:1::11, via 2001:db8:1:1::2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 101
+  filtered: False ()
+
+2a01:0:2::/48, AS_PATH: 999 1, NEXT_HOP: 2001:db8:1:1::12, via 2001:db8:1:1::2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: False, LOCAL_PREF: 101
+  filtered: False ()
+
+2a01:0:3::/48, AS_PATH: 999 1, NEXT_HOP: 2001:db8:1:1::11, via 2001:db8:1:1::2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 101
+  filtered: False ()
+
+2a02:0:1::/48, AS_PATH: 999 2, NEXT_HOP: 2001:db8:1:1::21, via 2001:db8:1:1::2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a02:0:2::/48, AS_PATH: 999 2, NEXT_HOP: 2001:db8:1:1::21, via 2001:db8:1:1::2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a02:0:3::1/128, AS_PATH: 999 2, NEXT_HOP: 2001:db8:1:1::66, via 2001:db8:1:1::2
+  std comms: 65530:4, 65535:65281, 65535:666
+  ext comms:
+  lrg comms: 999:65530:4
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a02:0:3::2/128, AS_PATH: 999 2, NEXT_HOP: 2001:db8:1:1::66, via 2001:db8:1:1::2
+  std comms: 65530:4, 65535:65281, 65535:666
+  ext comms:
+  lrg comms: 999:65530:4
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a02:0:3::3/128, AS_PATH: 999 2, NEXT_HOP: 2001:db8:1:1::66, via 2001:db8:1:1::2
+  std comms: 65530:4, 65535:65281, 65535:666
+  ext comms:
+  lrg comms: 999:65530:4
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a02:0:4::/48, AS_PATH: 999 2, NEXT_HOP: 2001:db8:1:1::22, via 2001:db8:1:1::2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a04:0:5::/48, AS_PATH: 999 4, NEXT_HOP: 2001:db8:1:1::41, via 2001:db8:1:1::2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a04:0:8::/48, AS_PATH: 999 4 4 4 4, NEXT_HOP: 2001:db8:1:1::41, via 2001:db8:1:1::2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a04:0:9::/48, AS_PATH: 999 4 4, NEXT_HOP: 2001:db8:1:1::41, via 2001:db8:1:1::2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a04:0:a::/48, AS_PATH: 999 4 4 4, NEXT_HOP: 2001:db8:1:1::41, via 2001:db8:1:1::2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a11:1:1::/48, AS_PATH: 999 1 1011, NEXT_HOP: 2001:db8:1:1::11, via 2001:db8:1:1::2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 101
+  filtered: False ()
+
+2a11:3::/32, AS_PATH: 999 1 1011, NEXT_HOP: 2001:db8:1:1::11, via 2001:db8:1:1::2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 101
+  filtered: False ()
+
+2a11:4:1::/48, AS_PATH: 999 1 1000, NEXT_HOP: 2001:db8:1:1::11, via 2001:db8:1:1::2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 101
+  filtered: False ()
+
+3101:0:1::/48, AS_PATH: 999 1 101, NEXT_HOP: 2001:db8:1:1::11, via 2001:db8:1:1::2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 101
+  filtered: False ()
+
+3101:0:1::/48, AS_PATH: 999 2 101, NEXT_HOP: 2001:db8:1:1::21, via 2001:db8:1:1::2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: False, LOCAL_PREF: 100
+  filtered: False ()
+
+3101:0:2::/48, AS_PATH: 999 1 101, NEXT_HOP: 2001:db8:1:1::11, via 2001:db8:1:1::2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 101
+  filtered: False ()
+
+3101:0:2::/48, AS_PATH: 999 2 101, NEXT_HOP: 2001:db8:1:1::21, via 2001:db8:1:1::2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: False, LOCAL_PREF: 100
+  filtered: False ()
+
+3101:0:3::/48, AS_PATH: 999 1 101, NEXT_HOP: 2001:db8:1:1::11, via 2001:db8:1:1::2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 101
+  filtered: False ()
+
+3101:0:3::/48, AS_PATH: 999 2 101, NEXT_HOP: 2001:db8:1:1::21, via 2001:db8:1:1::2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: False, LOCAL_PREF: 100
+  filtered: False ()
+
+3101:0:4::/48, AS_PATH: 999 1 101, NEXT_HOP: 2001:db8:1:1::11, via 2001:db8:1:1::2
+  std comms: 888:0
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 101
+  filtered: False ()
+
+3101:0:4::/48, AS_PATH: 999 2 101, NEXT_HOP: 2001:db8:1:1::21, via 2001:db8:1:1::2
+  std comms: 888:0
+  ext comms:
+  lrg comms:
+  best: False, LOCAL_PREF: 100
+  filtered: False ()
+
+3101:0:5::/48, AS_PATH: 999 1 101, NEXT_HOP: 2001:db8:1:1::11, via 2001:db8:1:1::2
+  std comms:
+  ext comms:
+  lrg comms: 888:0:0
+  best: True, LOCAL_PREF: 101
+  filtered: False ()
+
+3101:0:5::/48, AS_PATH: 999 2 101, NEXT_HOP: 2001:db8:1:1::21, via 2001:db8:1:1::2
+  std comms:
+  ext comms:
+  lrg comms: 888:0:0
+  best: False, LOCAL_PREF: 100
+  filtered: False ()
+
+3101:0:6::/48, AS_PATH: 999 1 101, NEXT_HOP: 2001:db8:1:1::11, via 2001:db8:1:1::2
+  std comms: 777:0
+  ext comms:
+  lrg comms: 777:0:0
+  best: True, LOCAL_PREF: 101
+  filtered: False ()
+
+3101:0:6::/48, AS_PATH: 999 2 101, NEXT_HOP: 2001:db8:1:1::21, via 2001:db8:1:1::2
+  std comms: 777:0
+  ext comms:
+  lrg comms: 777:0:0
+  best: False, LOCAL_PREF: 100
+  filtered: False ()
+
+3101:0:8000::1/128, AS_PATH: 999 1 101, NEXT_HOP: 2001:db8:1:1::66, via 2001:db8:1:1::2
+  std comms: 65530:4, 65535:65281, 65535:666
+  ext comms:
+  lrg comms: 999:65530:4
+  best: True, LOCAL_PREF: 101
+  filtered: False ()
+
+3101:0:8000::1/128, AS_PATH: 999 2 101, NEXT_HOP: 2001:db8:1:1::66, via 2001:db8:1:1::2
+  std comms: 65530:4, 65535:65281, 65535:666
+  ext comms:
+  lrg comms: 999:65530:4
+  best: False, LOCAL_PREF: 100
+  filtered: False ()
+
+3101:0:8::/48, AS_PATH: 999 1 101, NEXT_HOP: 2001:db8:1:1::11, via 2001:db8:1:1::2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 101
+  filtered: False ()
+
+3101:0:8::/48, AS_PATH: 999 2 101, NEXT_HOP: 2001:db8:1:1::21, via 2001:db8:1:1::2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: False, LOCAL_PREF: 100
+  filtered: False ()
+
+3101:2:8000::/48, AS_PATH: 999 1 101, NEXT_HOP: 2001:db8:1:1::11, via 2001:db8:1:1::2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 101
+  filtered: False ()
+
+3101:2:8000::/48, AS_PATH: 999 2 101, NEXT_HOP: 2001:db8:1:1::21, via 2001:db8:1:1::2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: False, LOCAL_PREF: 100
+  filtered: False ()
+
+3101:2::/33, AS_PATH: 999 1 101, NEXT_HOP: 2001:db8:1:1::11, via 2001:db8:1:1::2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 101
+  filtered: False ()
+
+3101:2::/33, AS_PATH: 999 2 101, NEXT_HOP: 2001:db8:1:1::21, via 2001:db8:1:1::2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: False, LOCAL_PREF: 100
+  filtered: False ()
+
+3103:0:1::/48, AS_PATH: 999 1 101 103, NEXT_HOP: 2001:db8:1:1::11, via 2001:db8:1:1::2
+  std comms: 65535:0
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 101
+  filtered: False ()
+
+3103:0:1::/48, AS_PATH: 999 2 101 101 103, NEXT_HOP: 2001:db8:1:1::21, via 2001:db8:1:1::2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: False, LOCAL_PREF: 100
+  filtered: False ()
+
+3103:0:2::/48, AS_PATH: 999 1 101 101 103, NEXT_HOP: 2001:db8:1:1::11, via 2001:db8:1:1::2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 101
+  filtered: False ()
+
+3103:0:2::/48, AS_PATH: 999 2 101 103, NEXT_HOP: 2001:db8:1:1::21, via 2001:db8:1:1::2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: False, LOCAL_PREF: 100
+  filtered: False ()
+
+3104:0:1::/48, AS_PATH: 999 1 101 104, NEXT_HOP: 2001:db8:1:1::11, via 2001:db8:1:1::2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 101
+  filtered: False ()
+
+3104:1:1::/48, AS_PATH: 999 1 101 104, NEXT_HOP: 2001:db8:1:1::11, via 2001:db8:1:1::2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 101
+  filtered: False ()
+
+3222:0:2::/48, AS_PATH: 999 222 333, NEXT_HOP: 2001:db8:1:1::222, via 2001:db8:1:1::2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+3222:0:3::/48, AS_PATH: 999 222 333, NEXT_HOP: 2001:db8:1:1::222, via 2001:db8:1:1::2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
diff --git a/tests/live_tests/scenarios/global/routes/BasicScenario_OpenBGPDIPv6/openbgpd77p/AS4.txt b/tests/live_tests/scenarios/global/routes/BasicScenario_OpenBGPDIPv6/openbgpd77p/AS4.txt
new file mode 100644
index 00000000..5214013c
--- /dev/null
+++ b/tests/live_tests/scenarios/global/routes/BasicScenario_OpenBGPDIPv6/openbgpd77p/AS4.txt
@@ -0,0 +1,266 @@
+2a01:0:1::/48, AS_PATH: 1, NEXT_HOP: 2001:db8:1:1::11, via 2001:db8:1:1::2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a01:0:2::/48, AS_PATH: 1, NEXT_HOP: 2001:db8:1:1::11, via 2001:db8:1:1::2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a01:0:3::/48, AS_PATH: 1, NEXT_HOP: 2001:db8:1:1::11, via 2001:db8:1:1::2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a02:0:1::/48, AS_PATH: 2, NEXT_HOP: 2001:db8:1:1::21, via 2001:db8:1:1::2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a02:0:2::/48, AS_PATH: 2, NEXT_HOP: 2001:db8:1:1::21, via 2001:db8:1:1::2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a02:0:3::1/128, AS_PATH: 2, NEXT_HOP: 2001:db8:1:1::66, via 2001:db8:1:1::2
+  std comms: 65530:4, 65535:65281, 65535:666
+  ext comms:
+  lrg comms: 999:65530:4
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a02:0:3::2/128, AS_PATH: 2, NEXT_HOP: 2001:db8:1:1::66, via 2001:db8:1:1::2
+  std comms: 65530:4, 65535:65281, 65535:666
+  ext comms:
+  lrg comms: 999:65530:4
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a02:0:3::3/128, AS_PATH: 2, NEXT_HOP: 2001:db8:1:1::66, via 2001:db8:1:1::2
+  std comms: 65530:4, 65535:65281, 65535:666
+  ext comms:
+  lrg comms: 999:65530:4
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a02:0:4::/48, AS_PATH: 2, NEXT_HOP: 2001:db8:1:1::22, via 2001:db8:1:1::2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a03:0:3::/48, AS_PATH: 3, NEXT_HOP: 2001:db8:1:1::31, via 2001:db8:1:1::2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a03:0:5::/48, AS_PATH: 3 3, NEXT_HOP: 2001:db8:1:1::31, via 2001:db8:1:1::2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a03:0:6::/48, AS_PATH: 3 3 3, NEXT_HOP: 2001:db8:1:1::31, via 2001:db8:1:1::2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a03:0:7::/48, AS_PATH: 3 3 3 3, NEXT_HOP: 2001:db8:1:1::31, via 2001:db8:1:1::2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a03:0:8::/48, AS_PATH: 3, NEXT_HOP: 2001:db8:1:1::31, via 2001:db8:1:1::2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a03:0:9::/48, AS_PATH: 3, NEXT_HOP: 2001:db8:1:1::31, via 2001:db8:1:1::2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a03:0:a::/48, AS_PATH: 3 3, NEXT_HOP: 2001:db8:1:1::31, via 2001:db8:1:1::2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a03:0:b::/48, AS_PATH: 3, NEXT_HOP: 2001:db8:1:1::31, via 2001:db8:1:1::2
+  std comms: 65535:65281
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a03:0:c::/48, AS_PATH: 3, NEXT_HOP: 2001:db8:1:1::31, via 2001:db8:1:1::2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a03:0:d::/48, AS_PATH: 3, NEXT_HOP: 2001:db8:1:1::31, via 2001:db8:1:1::2
+  std comms: 65535:65281
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a11:1:1::/48, AS_PATH: 1 1011, NEXT_HOP: 2001:db8:1:1::11, via 2001:db8:1:1::2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a11:3::/32, AS_PATH: 1 1011, NEXT_HOP: 2001:db8:1:1::11, via 2001:db8:1:1::2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a11:4:1::/48, AS_PATH: 1 1000, NEXT_HOP: 2001:db8:1:1::11, via 2001:db8:1:1::2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+3101:0:1::/48, AS_PATH: 1 101, NEXT_HOP: 2001:db8:1:1::11, via 2001:db8:1:1::2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+3101:0:2::/48, AS_PATH: 1 101, NEXT_HOP: 2001:db8:1:1::11, via 2001:db8:1:1::2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+3101:0:3::/48, AS_PATH: 1 101, NEXT_HOP: 2001:db8:1:1::11, via 2001:db8:1:1::2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+3101:0:4::/48, AS_PATH: 1 101, NEXT_HOP: 2001:db8:1:1::11, via 2001:db8:1:1::2
+  std comms: 888:0
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+3101:0:5::/48, AS_PATH: 1 101, NEXT_HOP: 2001:db8:1:1::11, via 2001:db8:1:1::2
+  std comms:
+  ext comms:
+  lrg comms: 888:0:0
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+3101:0:6::/48, AS_PATH: 1 101, NEXT_HOP: 2001:db8:1:1::11, via 2001:db8:1:1::2
+  std comms: 777:0
+  ext comms:
+  lrg comms: 777:0:0
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+3101:0:8000::1/128, AS_PATH: 1 101, NEXT_HOP: 2001:db8:1:1::66, via 2001:db8:1:1::2
+  std comms: 65530:4, 65535:65281, 65535:666
+  ext comms:
+  lrg comms: 999:65530:4
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+3101:0:8::/48, AS_PATH: 1 101, NEXT_HOP: 2001:db8:1:1::11, via 2001:db8:1:1::2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+3101:2:8000::/48, AS_PATH: 1 101, NEXT_HOP: 2001:db8:1:1::11, via 2001:db8:1:1::2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+3101:2::/33, AS_PATH: 1 101, NEXT_HOP: 2001:db8:1:1::11, via 2001:db8:1:1::2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+3103:0:1::/48, AS_PATH: 2 101 101 103, NEXT_HOP: 2001:db8:1:1::21, via 2001:db8:1:1::2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+3103:0:2::/48, AS_PATH: 2 101 103, NEXT_HOP: 2001:db8:1:1::21, via 2001:db8:1:1::2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+3104:0:1::/48, AS_PATH: 1 101 104, NEXT_HOP: 2001:db8:1:1::11, via 2001:db8:1:1::2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+3104:1:1::/48, AS_PATH: 1 101 104, NEXT_HOP: 2001:db8:1:1::11, via 2001:db8:1:1::2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+3222:0:2::/48, AS_PATH: 222 333, NEXT_HOP: 2001:db8:1:1::222, via 2001:db8:1:1::2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+3222:0:3::/48, AS_PATH: 222 333, NEXT_HOP: 2001:db8:1:1::222, via 2001:db8:1:1::2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
diff --git a/tests/live_tests/scenarios/global/routes/BasicScenario_OpenBGPDIPv6/openbgpd77p/rs.txt b/tests/live_tests/scenarios/global/routes/BasicScenario_OpenBGPDIPv6/openbgpd77p/rs.txt
new file mode 100644
index 00000000..14c428e5
--- /dev/null
+++ b/tests/live_tests/scenarios/global/routes/BasicScenario_OpenBGPDIPv6/openbgpd77p/rs.txt
@@ -0,0 +1,868 @@
+2001::/48, AS_PATH: 1, NEXT_HOP: 2001:db8:1:1::11, via 2001:db8:1:1::11
+  std comms:
+  ext comms: rfc8097-not-found
+  lrg comms:
+  best: True, LOCAL_PREF: 1
+  filtered: True (2)
+
+2001:db8:1::/48, AS_PATH: 1, NEXT_HOP: 2001:db8:1:1::11, via 2001:db8:1:1::11
+  std comms:
+  ext comms: rfc8097-not-found
+  lrg comms:
+  best: True, LOCAL_PREF: 1
+  filtered: True (3)
+
+2a01:0:1::/48, AS_PATH: 1, NEXT_HOP: 2001:db8:1:1::11, via 2001:db8:1:1::11
+  std comms:
+  ext comms: rfc8097-not-found
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a01:0:1::/48, AS_PATH: 1, NEXT_HOP: 2001:db8:1:1::12, via 2001:db8:1:1::12
+  std comms:
+  ext comms: rfc8097-not-found
+  lrg comms:
+  best: False, LOCAL_PREF: 100
+  filtered: False ()
+
+2a01:0:2::/48, AS_PATH: 1, NEXT_HOP: 2001:db8:1:1::11, via 2001:db8:1:1::11
+  std comms:
+  ext comms: rfc8097-not-found
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a01:0:2::/48, AS_PATH: 1, NEXT_HOP: 2001:db8:1:1::12, via 2001:db8:1:1::12
+  std comms:
+  ext comms: rfc8097-not-found
+  lrg comms:
+  best: False, LOCAL_PREF: 100
+  filtered: False ()
+
+2a01:0:3::/48, AS_PATH: 1, NEXT_HOP: 2001:db8:1:1::11, via 2001:db8:1:1::12
+  std comms:
+  ext comms: rfc8097-not-found
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a02:0:1::/48, AS_PATH: 2, NEXT_HOP: 2001:db8:1:1::21, via 2001:db8:1:1::21
+  std comms:
+  ext comms: rfc8097-not-found
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a02:0:2::/48, AS_PATH: 2, NEXT_HOP: 2001:db8:1:1::21, via 2001:db8:1:1::21
+  std comms:
+  ext comms: rfc8097-not-found
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a02:0:3::1/128, AS_PATH: 2, NEXT_HOP: 2001:db8:1:1::21, via 2001:db8:1:1::21
+  std comms: 65530:4, 65535:666
+  ext comms: rfc8097-not-found
+  lrg comms: 999:65530:4
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a02:0:3::2/128, AS_PATH: 2, NEXT_HOP: 2001:db8:1:1::21, via 2001:db8:1:1::21
+  std comms: 65530:4, 65534:0
+  ext comms: rfc8097-not-found
+  lrg comms: 999:65530:4
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a02:0:3::3/128, AS_PATH: 2, NEXT_HOP: 2001:db8:1:1::21, via 2001:db8:1:1::21
+  std comms: 65530:4
+  ext comms: rfc8097-not-found
+  lrg comms: 65534:0:0, 999:65530:4
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a02:0:4::/48, AS_PATH: 2, NEXT_HOP: 2001:db8:1:1::22, via 2001:db8:1:1::21
+  std comms:
+  ext comms: rfc8097-not-found
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a02:0:5::/48, AS_PATH: 2, NEXT_HOP: 2001:db8:1:1::23, via 2001:db8:1:1::21
+  std comms:
+  ext comms: rfc8097-not-found
+  lrg comms:
+  best: True, LOCAL_PREF: 1
+  filtered: True (5)
+
+2a03:0:1::/48, AS_PATH: 3, NEXT_HOP: 2001:db8:1:1::31, via 2001:db8:1:1::31
+  std comms:
+  ext comms: rfc8097-not-found
+  lrg comms:
+  best: True, LOCAL_PREF: 1
+  filtered: True (11)
+
+2a03:0:2::/48, AS_PATH: 3, NEXT_HOP: 2001:db8:1:1::31, via 2001:db8:1:1::31
+  std comms: 0:999, 65501:1
+  ext comms: rfc8097-not-found
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a03:0:3::/48, AS_PATH: 3, NEXT_HOP: 2001:db8:1:1::31, via 2001:db8:1:1::31
+  std comms: 0:1
+  ext comms: rfc8097-not-found
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a03:0:4::/48, AS_PATH: 3, NEXT_HOP: 2001:db8:1:1::31, via 2001:db8:1:1::31
+  std comms: 0:999
+  ext comms: rfc8097-not-found
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a03:0:5::/48, AS_PATH: 3, NEXT_HOP: 2001:db8:1:1::31, via 2001:db8:1:1::31
+  std comms: 65521:65521
+  ext comms: rfc8097-not-found
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a03:0:6::/48, AS_PATH: 3, NEXT_HOP: 2001:db8:1:1::31, via 2001:db8:1:1::31
+  std comms: 65522:65522
+  ext comms: rfc8097-not-found
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a03:0:7::/48, AS_PATH: 3, NEXT_HOP: 2001:db8:1:1::31, via 2001:db8:1:1::31
+  std comms: 65523:65523
+  ext comms: rfc8097-not-found
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a03:0:8::/48, AS_PATH: 3, NEXT_HOP: 2001:db8:1:1::31, via 2001:db8:1:1::31
+  std comms: 65521:1
+  ext comms: rfc8097-not-found
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a03:0:9::/48, AS_PATH: 3, NEXT_HOP: 2001:db8:1:1::31, via 2001:db8:1:1::31
+  std comms: 65522:2
+  ext comms: rfc8097-not-found
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a03:0:a::/48, AS_PATH: 3, NEXT_HOP: 2001:db8:1:1::31, via 2001:db8:1:1::31
+  std comms: 65521:65521, 65523:1
+  ext comms: rfc8097-not-found
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a03:0:b::/48, AS_PATH: 3, NEXT_HOP: 2001:db8:1:1::31, via 2001:db8:1:1::31
+  std comms: 65507:999
+  ext comms: rfc8097-not-found
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a03:0:c::/48, AS_PATH: 3, NEXT_HOP: 2001:db8:1:1::31, via 2001:db8:1:1::31
+  std comms: 65509:1, 65523:2
+  ext comms: rfc8097-not-found
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a03:0:d::/48, AS_PATH: 3, NEXT_HOP: 2001:db8:1:1::31, via 2001:db8:1:1::31
+  std comms:
+  ext comms: rfc8097-not-found, soo:65535:65281
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a03:0:e::/48, AS_PATH: 3 174 33, NEXT_HOP: 2001:db8:1:1::31, via 2001:db8:1:1::31
+  std comms:
+  ext comms: rfc8097-not-found
+  lrg comms:
+  best: True, LOCAL_PREF: 1
+  filtered: True (8)
+
+2a04:0:1::/48, AS_PATH: 4, NEXT_HOP: 2001:db8:1:1::41, via 2001:db8:1:1::41
+  std comms: 0:999, 64532:15
+  ext comms: rfc8097-not-found
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a04:0:2::/48, AS_PATH: 4, NEXT_HOP: 2001:db8:1:1::41, via 2001:db8:1:1::41
+  std comms: 0:999, 64532:5
+  ext comms: rfc8097-not-found
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a04:0:3::/48, AS_PATH: 4, NEXT_HOP: 2001:db8:1:1::41, via 2001:db8:1:1::41
+  std comms: 64531:15
+  ext comms: rfc8097-not-found
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a04:0:4::/48, AS_PATH: 4, NEXT_HOP: 2001:db8:1:1::41, via 2001:db8:1:1::41
+  std comms: 64531:5
+  ext comms: rfc8097-not-found
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a04:0:5::/48, AS_PATH: 4, NEXT_HOP: 2001:db8:1:1::41, via 2001:db8:1:1::41
+  std comms: 64531:5, 65501:3
+  ext comms: rfc8097-not-found
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a04:0:6::/48, AS_PATH: 4, NEXT_HOP: 2001:db8:1:1::41, via 2001:db8:1:1::41
+  std comms: 64530:5, 64531:100
+  ext comms: rfc8097-not-found
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a04:0:7::1/128, AS_PATH: 4, NEXT_HOP: 2001:db8:1:1::41, via 2001:db8:1:1::41
+  std comms: 64531:20, 65530:4, 65535:666
+  ext comms: rfc8097-not-found
+  lrg comms: 999:65530:4
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a04:0:8::/48, AS_PATH: 4, NEXT_HOP: 2001:db8:1:1::41, via 2001:db8:1:1::41
+  std comms: 64538:10, 64539:100
+  ext comms: rfc8097-not-found
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a04:0:9::/48, AS_PATH: 4, NEXT_HOP: 2001:db8:1:1::41, via 2001:db8:1:1::41
+  std comms: 64535:20, 64536:5, 65521:65521
+  ext comms: rfc8097-not-found
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a04:0:a::/48, AS_PATH: 4, NEXT_HOP: 2001:db8:1:1::41, via 2001:db8:1:1::41
+  std comms:
+  ext comms: rfc8097-not-found, rt:64537:10, rt:64538:20
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a11:1:1::/48, AS_PATH: 1 1011, NEXT_HOP: 2001:db8:1:1::11, via 2001:db8:1:1::11
+  std comms:
+  ext comms: rfc8097-not-found
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a11:1:2::/48, AS_PATH: 1 1000, NEXT_HOP: 2001:db8:1:1::11, via 2001:db8:1:1::11
+  std comms:
+  ext comms: rfc8097-not-found
+  lrg comms:
+  best: True, LOCAL_PREF: 1
+  filtered: True (9)
+
+2a11:2:1::/48, AS_PATH: 1 1011, NEXT_HOP: 2001:db8:1:1::11, via 2001:db8:1:1::11
+  std comms:
+  ext comms: rfc8097-not-found
+  lrg comms:
+  best: True, LOCAL_PREF: 1
+  filtered: True (12)
+
+2a11:3:1::/48, AS_PATH: 1 1011, NEXT_HOP: 2001:db8:1:1::11, via 2001:db8:1:1::11
+  std comms:
+  ext comms: rfc8097-not-found
+  lrg comms:
+  best: True, LOCAL_PREF: 1
+  filtered: True (12)
+
+2a11:3::/32, AS_PATH: 1 1011, NEXT_HOP: 2001:db8:1:1::11, via 2001:db8:1:1::11
+  std comms:
+  ext comms: rfc8097-not-found
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a11:4:1::/48, AS_PATH: 1 1000, NEXT_HOP: 2001:db8:1:1::11, via 2001:db8:1:1::11
+  std comms:
+  ext comms: rfc8097-not-found
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a99:1::/48, AS_PATH: 1 65536 1, NEXT_HOP: 2001:db8:1:1::11, via 2001:db8:1:1::11
+  std comms:
+  ext comms: rfc8097-not-found
+  lrg comms:
+  best: True, LOCAL_PREF: 1
+  filtered: True (7)
+
+2a99:2::/48, AS_PATH: 1 2 2 2 2 2 2 1, NEXT_HOP: 2001:db8:1:1::11, via 2001:db8:1:1::11
+  std comms:
+  ext comms: rfc8097-not-found
+  lrg comms:
+  best: True, LOCAL_PREF: 1
+  filtered: True (1)
+
+2a99::/16, AS_PATH: 1, NEXT_HOP: 2001:db8:1:1::11, via 2001:db8:1:1::11
+  std comms:
+  ext comms: rfc8097-not-found
+  lrg comms:
+  best: True, LOCAL_PREF: 1
+  filtered: True (13)
+
+2a99::/32, AS_PATH: 2 1, NEXT_HOP: 2001:db8:1:1::11, via 2001:db8:1:1::11
+  std comms:
+  ext comms: rfc8097-not-found
+  lrg comms: 999:1101:7
+  best: True, LOCAL_PREF: 1
+  filtered: True (6)
+
+3101:0:10::/48, AS_PATH: 1 101 666, NEXT_HOP: 2001:db8:1:1::101, via 2001:db8:1:1::12
+  std comms:
+  ext comms: rfc8097-not-found
+  lrg comms:
+  best: False, LOCAL_PREF: 1
+  filtered: True (5)
+
+3101:0:10::/48, AS_PATH: 1 101 666, NEXT_HOP: 2001:db8:1:1::11, via 2001:db8:1:1::11
+  std comms:
+  ext comms: rfc8097-not-found
+  lrg comms:
+  best: True, LOCAL_PREF: 1
+  filtered: True (15)
+
+3101:0:10::/48, AS_PATH: 2 101 666, NEXT_HOP: 2001:db8:1:1::21, via 2001:db8:1:1::21
+  std comms:
+  ext comms: rfc8097-not-found
+  lrg comms:
+  best: False, LOCAL_PREF: 1
+  filtered: True (15)
+
+3101:0:11::/48, AS_PATH: 1 101 777, NEXT_HOP: 2001:db8:1:1::101, via 2001:db8:1:1::12
+  std comms:
+  ext comms: rfc8097-not-found
+  lrg comms:
+  best: False, LOCAL_PREF: 1
+  filtered: True (5)
+
+3101:0:11::/48, AS_PATH: 1 101 777, NEXT_HOP: 2001:db8:1:1::11, via 2001:db8:1:1::11
+  std comms:
+  ext comms: rfc8097-not-found
+  lrg comms:
+  best: True, LOCAL_PREF: 1
+  filtered: True (15)
+
+3101:0:11::/48, AS_PATH: 2 101 777, NEXT_HOP: 2001:db8:1:1::21, via 2001:db8:1:1::21
+  std comms:
+  ext comms: rfc8097-not-found
+  lrg comms:
+  best: False, LOCAL_PREF: 1
+  filtered: True (15)
+
+3101:0:1::/48, AS_PATH: 1 101, NEXT_HOP: 2001:db8:1:1::101, via 2001:db8:1:1::12
+  std comms:
+  ext comms: rfc8097-not-found
+  lrg comms:
+  best: False, LOCAL_PREF: 1
+  filtered: True (5)
+
+3101:0:1::/48, AS_PATH: 1 101, NEXT_HOP: 2001:db8:1:1::11, via 2001:db8:1:1::11
+  std comms:
+  ext comms: rfc8097-not-found
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+3101:0:1::/48, AS_PATH: 2 101, NEXT_HOP: 2001:db8:1:1::21, via 2001:db8:1:1::21
+  std comms:
+  ext comms: rfc8097-not-found
+  lrg comms:
+  best: False, LOCAL_PREF: 100
+  filtered: False ()
+
+3101:0:2::/48, AS_PATH: 1 101, NEXT_HOP: 2001:db8:1:1::101, via 2001:db8:1:1::12
+  std comms:
+  ext comms: rfc8097-not-found
+  lrg comms:
+  best: False, LOCAL_PREF: 1
+  filtered: True (5)
+
+3101:0:2::/48, AS_PATH: 1 101, NEXT_HOP: 2001:db8:1:1::11, via 2001:db8:1:1::11
+  std comms:
+  ext comms: rfc8097-not-found
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+3101:0:2::/48, AS_PATH: 2 101, NEXT_HOP: 2001:db8:1:1::21, via 2001:db8:1:1::21
+  std comms:
+  ext comms: rfc8097-not-found
+  lrg comms:
+  best: False, LOCAL_PREF: 100
+  filtered: False ()
+
+3101:0:3::/48, AS_PATH: 1 101, NEXT_HOP: 2001:db8:1:1::101, via 2001:db8:1:1::12
+  std comms:
+  ext comms: rfc8097-not-found
+  lrg comms:
+  best: False, LOCAL_PREF: 1
+  filtered: True (5)
+
+3101:0:3::/48, AS_PATH: 1 101, NEXT_HOP: 2001:db8:1:1::11, via 2001:db8:1:1::11
+  std comms:
+  ext comms: rfc8097-not-found
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+3101:0:3::/48, AS_PATH: 2 101, NEXT_HOP: 2001:db8:1:1::21, via 2001:db8:1:1::21
+  std comms:
+  ext comms: rfc8097-not-found
+  lrg comms:
+  best: False, LOCAL_PREF: 100
+  filtered: False ()
+
+3101:0:4::/48, AS_PATH: 1 101, NEXT_HOP: 2001:db8:1:1::101, via 2001:db8:1:1::12
+  std comms: 888:0
+  ext comms: rfc8097-not-found
+  lrg comms:
+  best: False, LOCAL_PREF: 1
+  filtered: True (5)
+
+3101:0:4::/48, AS_PATH: 1 101, NEXT_HOP: 2001:db8:1:1::11, via 2001:db8:1:1::11
+  std comms: 888:0
+  ext comms: rfc8097-not-found
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+3101:0:4::/48, AS_PATH: 2 101, NEXT_HOP: 2001:db8:1:1::21, via 2001:db8:1:1::21
+  std comms: 888:0
+  ext comms: rfc8097-not-found
+  lrg comms:
+  best: False, LOCAL_PREF: 100
+  filtered: False ()
+
+3101:0:5::/48, AS_PATH: 1 101, NEXT_HOP: 2001:db8:1:1::101, via 2001:db8:1:1::12
+  std comms:
+  ext comms: rfc8097-not-found
+  lrg comms: 888:0:0
+  best: False, LOCAL_PREF: 1
+  filtered: True (5)
+
+3101:0:5::/48, AS_PATH: 1 101, NEXT_HOP: 2001:db8:1:1::11, via 2001:db8:1:1::11
+  std comms:
+  ext comms: rfc8097-not-found
+  lrg comms: 888:0:0
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+3101:0:5::/48, AS_PATH: 2 101, NEXT_HOP: 2001:db8:1:1::21, via 2001:db8:1:1::21
+  std comms:
+  ext comms: rfc8097-not-found
+  lrg comms: 888:0:0
+  best: False, LOCAL_PREF: 100
+  filtered: False ()
+
+3101:0:6::/48, AS_PATH: 1 101, NEXT_HOP: 2001:db8:1:1::101, via 2001:db8:1:1::12
+  std comms: 777:0
+  ext comms: rfc8097-not-found
+  lrg comms: 777:0:0
+  best: False, LOCAL_PREF: 1
+  filtered: True (5)
+
+3101:0:6::/48, AS_PATH: 1 101, NEXT_HOP: 2001:db8:1:1::11, via 2001:db8:1:1::11
+  std comms: 777:0
+  ext comms: rfc8097-not-found
+  lrg comms: 777:0:0
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+3101:0:6::/48, AS_PATH: 2 101, NEXT_HOP: 2001:db8:1:1::21, via 2001:db8:1:1::21
+  std comms: 777:0
+  ext comms: rfc8097-not-found
+  lrg comms: 777:0:0
+  best: False, LOCAL_PREF: 100
+  filtered: False ()
+
+3101:0:7::/48, AS_PATH: 1 101 174, NEXT_HOP: 2001:db8:1:1::101, via 2001:db8:1:1::12
+  std comms:
+  ext comms: rfc8097-not-found
+  lrg comms:
+  best: False, LOCAL_PREF: 1
+  filtered: True (5)
+
+3101:0:7::/48, AS_PATH: 1 101 174, NEXT_HOP: 2001:db8:1:1::11, via 2001:db8:1:1::11
+  std comms:
+  ext comms: rfc8097-not-found
+  lrg comms:
+  best: True, LOCAL_PREF: 1
+  filtered: True (8)
+
+3101:0:7::/48, AS_PATH: 2 101 174, NEXT_HOP: 2001:db8:1:1::21, via 2001:db8:1:1::21
+  std comms:
+  ext comms: rfc8097-not-found
+  lrg comms:
+  best: False, LOCAL_PREF: 1
+  filtered: True (8)
+
+3101:0:8000::/48, AS_PATH: 1 101, NEXT_HOP: 2001:db8:1:1::101, via 2001:db8:1:1::12
+  std comms:
+  ext comms: rfc8097-invalid
+  lrg comms:
+  best: False, LOCAL_PREF: 1
+  filtered: True (5)
+
+3101:0:8000::/48, AS_PATH: 1 101, NEXT_HOP: 2001:db8:1:1::11, via 2001:db8:1:1::11
+  std comms:
+  ext comms: rfc8097-invalid
+  lrg comms:
+  best: True, LOCAL_PREF: 1
+  filtered: True (14)
+
+3101:0:8000::/48, AS_PATH: 2 101, NEXT_HOP: 2001:db8:1:1::21, via 2001:db8:1:1::21
+  std comms:
+  ext comms: rfc8097-invalid
+  lrg comms:
+  best: False, LOCAL_PREF: 1
+  filtered: True (14)
+
+3101:0:8000::1/128, AS_PATH: 1 101, NEXT_HOP: 2001:db8:1:1::101, via 2001:db8:1:1::12
+  std comms: 65535:666
+  ext comms: rfc8097-invalid
+  lrg comms:
+  best: False, LOCAL_PREF: 1
+  filtered: True (5)
+
+3101:0:8000::1/128, AS_PATH: 1 101, NEXT_HOP: 2001:db8:1:1::11, via 2001:db8:1:1::11
+  std comms: 65530:4, 65535:666
+  ext comms: rfc8097-invalid
+  lrg comms: 999:65530:4
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+3101:0:8000::1/128, AS_PATH: 2 101, NEXT_HOP: 2001:db8:1:1::21, via 2001:db8:1:1::21
+  std comms: 65530:4, 65535:666
+  ext comms: rfc8097-invalid
+  lrg comms: 999:65530:4
+  best: False, LOCAL_PREF: 100
+  filtered: False ()
+
+3101:0:8::/48, AS_PATH: 1 101, NEXT_HOP: 2001:db8:1:1::101, via 2001:db8:1:1::12
+  std comms:
+  ext comms: rfc8097-valid
+  lrg comms:
+  best: False, LOCAL_PREF: 1
+  filtered: True (5)
+
+3101:0:8::/48, AS_PATH: 1 101, NEXT_HOP: 2001:db8:1:1::11, via 2001:db8:1:1::11
+  std comms:
+  ext comms: rfc8097-valid
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+3101:0:8::/48, AS_PATH: 2 101, NEXT_HOP: 2001:db8:1:1::21, via 2001:db8:1:1::21
+  std comms:
+  ext comms: rfc8097-valid
+  lrg comms:
+  best: False, LOCAL_PREF: 100
+  filtered: False ()
+
+3101:0:9::/48, AS_PATH: 1 101, NEXT_HOP: 2001:db8:1:1::101, via 2001:db8:1:1::12
+  std comms:
+  ext comms: rfc8097-invalid
+  lrg comms:
+  best: False, LOCAL_PREF: 1
+  filtered: True (5)
+
+3101:0:9::/48, AS_PATH: 1 101, NEXT_HOP: 2001:db8:1:1::11, via 2001:db8:1:1::11
+  std comms:
+  ext comms: rfc8097-invalid
+  lrg comms:
+  best: True, LOCAL_PREF: 1
+  filtered: True (14)
+
+3101:0:9::/48, AS_PATH: 2 101, NEXT_HOP: 2001:db8:1:1::21, via 2001:db8:1:1::21
+  std comms:
+  ext comms: rfc8097-invalid
+  lrg comms:
+  best: False, LOCAL_PREF: 1
+  filtered: True (14)
+
+3101:1::/48, AS_PATH: 1 101, NEXT_HOP: 2001:db8:1:1::101, via 2001:db8:1:1::12
+  std comms:
+  ext comms: rfc8097-not-found
+  lrg comms:
+  best: False, LOCAL_PREF: 1
+  filtered: True (5)
+
+3101:1::/48, AS_PATH: 1 101, NEXT_HOP: 2001:db8:1:1::11, via 2001:db8:1:1::11
+  std comms:
+  ext comms: rfc8097-not-found
+  lrg comms:
+  best: True, LOCAL_PREF: 1
+  filtered: True (12)
+
+3101:1::/48, AS_PATH: 2 101, NEXT_HOP: 2001:db8:1:1::21, via 2001:db8:1:1::21
+  std comms:
+  ext comms: rfc8097-not-found
+  lrg comms:
+  best: False, LOCAL_PREF: 1
+  filtered: True (12)
+
+3101:2:4000::/34, AS_PATH: 1 101, NEXT_HOP: 2001:db8:1:1::101, via 2001:db8:1:1::12
+  std comms:
+  ext comms: rfc8097-invalid
+  lrg comms:
+  best: False, LOCAL_PREF: 1
+  filtered: True (5)
+
+3101:2:4000::/34, AS_PATH: 1 101, NEXT_HOP: 2001:db8:1:1::11, via 2001:db8:1:1::11
+  std comms:
+  ext comms: rfc8097-invalid
+  lrg comms:
+  best: True, LOCAL_PREF: 1
+  filtered: True (12)
+
+3101:2:4000::/34, AS_PATH: 2 101, NEXT_HOP: 2001:db8:1:1::21, via 2001:db8:1:1::21
+  std comms:
+  ext comms: rfc8097-invalid
+  lrg comms:
+  best: False, LOCAL_PREF: 1
+  filtered: True (12)
+
+3101:2:8000::/48, AS_PATH: 1 101, NEXT_HOP: 2001:db8:1:1::101, via 2001:db8:1:1::12
+  std comms:
+  ext comms: rfc8097-valid
+  lrg comms:
+  best: False, LOCAL_PREF: 1
+  filtered: True (5)
+
+3101:2:8000::/48, AS_PATH: 1 101, NEXT_HOP: 2001:db8:1:1::11, via 2001:db8:1:1::11
+  std comms:
+  ext comms: rfc8097-valid
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+3101:2:8000::/48, AS_PATH: 2 101, NEXT_HOP: 2001:db8:1:1::21, via 2001:db8:1:1::21
+  std comms:
+  ext comms: rfc8097-valid
+  lrg comms:
+  best: False, LOCAL_PREF: 100
+  filtered: False ()
+
+3101:2::/33, AS_PATH: 1 101, NEXT_HOP: 2001:db8:1:1::101, via 2001:db8:1:1::12
+  std comms:
+  ext comms: rfc8097-valid
+  lrg comms:
+  best: False, LOCAL_PREF: 1
+  filtered: True (5)
+
+3101:2::/33, AS_PATH: 1 101, NEXT_HOP: 2001:db8:1:1::11, via 2001:db8:1:1::11
+  std comms:
+  ext comms: rfc8097-valid
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+3101:2::/33, AS_PATH: 2 101, NEXT_HOP: 2001:db8:1:1::21, via 2001:db8:1:1::21
+  std comms:
+  ext comms: rfc8097-valid
+  lrg comms:
+  best: False, LOCAL_PREF: 100
+  filtered: False ()
+
+3101:3:1::/48, AS_PATH: 1 101 105, NEXT_HOP: 2001:db8:1:1::101, via 2001:db8:1:1::12
+  std comms:
+  ext comms: rfc8097-valid
+  lrg comms:
+  best: False, LOCAL_PREF: 1
+  filtered: True (5)
+
+3101:3:1::/48, AS_PATH: 1 101 105, NEXT_HOP: 2001:db8:1:1::11, via 2001:db8:1:1::11
+  std comms:
+  ext comms: rfc8097-valid
+  lrg comms:
+  best: True, LOCAL_PREF: 1
+  filtered: True (9)
+
+3101:3:1::/48, AS_PATH: 2 101 105, NEXT_HOP: 2001:db8:1:1::21, via 2001:db8:1:1::21
+  std comms:
+  ext comms: rfc8097-valid
+  lrg comms:
+  best: False, LOCAL_PREF: 1
+  filtered: True (9)
+
+3102:0:1::/48, AS_PATH: 1 101 102, NEXT_HOP: 2001:db8:1:1::101, via 2001:db8:1:1::12
+  std comms:
+  ext comms: rfc8097-not-found
+  lrg comms:
+  best: False, LOCAL_PREF: 1
+  filtered: True (5)
+
+3102:0:1::/48, AS_PATH: 1 101 102, NEXT_HOP: 2001:db8:1:1::11, via 2001:db8:1:1::11
+  std comms:
+  ext comms: rfc8097-not-found
+  lrg comms:
+  best: True, LOCAL_PREF: 1
+  filtered: True (9)
+
+3102:0:1::/48, AS_PATH: 2 101 102, NEXT_HOP: 2001:db8:1:1::21, via 2001:db8:1:1::21
+  std comms:
+  ext comms: rfc8097-not-found
+  lrg comms:
+  best: False, LOCAL_PREF: 1
+  filtered: True (9)
+
+3103:0:1::/48, AS_PATH: 1 101 103, NEXT_HOP: 2001:db8:1:1::101, via 2001:db8:1:1::12
+  std comms: 65535:0
+  ext comms: rfc8097-not-found
+  lrg comms:
+  best: False, LOCAL_PREF: 1
+  filtered: True (5)
+
+3103:0:1::/48, AS_PATH: 1 101 103, NEXT_HOP: 2001:db8:1:1::11, via 2001:db8:1:1::11
+  std comms: 65535:0
+  ext comms: rfc8097-not-found
+  lrg comms:
+  best: False, LOCAL_PREF: 5
+  filtered: False ()
+
+3103:0:1::/48, AS_PATH: 2 101 101 103, NEXT_HOP: 2001:db8:1:1::21, via 2001:db8:1:1::21
+  std comms:
+  ext comms: rfc8097-not-found
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+3103:0:2::/48, AS_PATH: 1 101 101 103, NEXT_HOP: 2001:db8:1:1::101, via 2001:db8:1:1::12
+  std comms:
+  ext comms: rfc8097-not-found
+  lrg comms:
+  best: False, LOCAL_PREF: 1
+  filtered: True (5)
+
+3103:0:2::/48, AS_PATH: 1 101 101 103, NEXT_HOP: 2001:db8:1:1::11, via 2001:db8:1:1::11
+  std comms:
+  ext comms: rfc8097-not-found
+  lrg comms:
+  best: False, LOCAL_PREF: 100
+  filtered: False ()
+
+3103:0:2::/48, AS_PATH: 2 101 103, NEXT_HOP: 2001:db8:1:1::21, via 2001:db8:1:1::21
+  std comms:
+  ext comms: rfc8097-not-found
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+3104:0:1::/48, AS_PATH: 1 101 104, NEXT_HOP: 2001:db8:1:1::101, via 2001:db8:1:1::12
+  std comms:
+  ext comms: rfc8097-not-found
+  lrg comms:
+  best: False, LOCAL_PREF: 1
+  filtered: True (5)
+
+3104:0:1::/48, AS_PATH: 1 101 104, NEXT_HOP: 2001:db8:1:1::11, via 2001:db8:1:1::11
+  std comms:
+  ext comms: rfc8097-not-found
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+3104:0:1::/48, AS_PATH: 2 101 104, NEXT_HOP: 2001:db8:1:1::21, via 2001:db8:1:1::21
+  std comms:
+  ext comms: rfc8097-not-found
+  lrg comms:
+  best: False, LOCAL_PREF: 1
+  filtered: True (9)
+
+3104:1:1::/48, AS_PATH: 1 101 104, NEXT_HOP: 2001:db8:1:1::101, via 2001:db8:1:1::12
+  std comms:
+  ext comms: rfc8097-not-found
+  lrg comms:
+  best: False, LOCAL_PREF: 1
+  filtered: True (5)
+
+3104:1:1::/48, AS_PATH: 1 101 104, NEXT_HOP: 2001:db8:1:1::11, via 2001:db8:1:1::11
+  std comms:
+  ext comms: rfc8097-not-found
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+3104:1:1::/48, AS_PATH: 2 101 104, NEXT_HOP: 2001:db8:1:1::21, via 2001:db8:1:1::21
+  std comms:
+  ext comms: rfc8097-not-found
+  lrg comms:
+  best: False, LOCAL_PREF: 1
+  filtered: True (9)
+
+3222:0:1::/48, AS_PATH: 222 333, NEXT_HOP: 2001:db8:1:1::222, via 2001:db8:1:1::222
+  std comms:
+  ext comms: rfc8097-invalid
+  lrg comms:
+  best: True, LOCAL_PREF: 1
+  filtered: True (14)
+
+3222:0:2::/48, AS_PATH: 222 333, NEXT_HOP: 2001:db8:1:1::222, via 2001:db8:1:1::222
+  std comms:
+  ext comms: rfc8097-not-found
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+3222:0:3::/48, AS_PATH: 222 333, NEXT_HOP: 2001:db8:1:1::222, via 2001:db8:1:1::222
+  std comms:
+  ext comms: rfc8097-not-found
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+8000:1::/32, AS_PATH: 1 101, NEXT_HOP: 2001:db8:1:1::101, via 2001:db8:1:1::12
+  std comms:
+  ext comms: rfc8097-not-found
+  lrg comms:
+  best: False, LOCAL_PREF: 1
+  filtered: True (10)
+
+8000:1::/32, AS_PATH: 1 101, NEXT_HOP: 2001:db8:1:1::11, via 2001:db8:1:1::11
+  std comms:
+  ext comms: rfc8097-not-found
+  lrg comms:
+  best: True, LOCAL_PREF: 1
+  filtered: True (10)
+
+8000:1::/32, AS_PATH: 2 101, NEXT_HOP: 2001:db8:1:1::21, via 2001:db8:1:1::21
+  std comms:
+  ext comms: rfc8097-not-found
+  lrg comms:
+  best: False, LOCAL_PREF: 1
+  filtered: True (10)
+
+::/0, AS_PATH: 3, NEXT_HOP: 2001:db8:1:1::31, via 2001:db8:1:1::31
+  std comms:
+  ext comms: rfc8097-not-found
+  lrg comms:
+  best: True, LOCAL_PREF: 1
+  filtered: True (10)
+
diff --git a/tests/live_tests/scenarios/gshut/configs/GShutScenario_OpenBGPDIPv4/openbgpd76p.conf b/tests/live_tests/scenarios/gshut/configs/GShutScenario_OpenBGPDIPv4/openbgpd76p.conf
new file mode 100644
index 00000000..0c8a1432
--- /dev/null
+++ b/tests/live_tests/scenarios/gshut/configs/GShutScenario_OpenBGPDIPv4/openbgpd76p.conf
@@ -0,0 +1,665 @@
+# built by ARouteServer
+AS 999
+router-id 192.0.2.2
+
+fib-update no
+log updates
+
+nexthop qualify via default
+
+rde evaluate all
+
+INTCOMM_PREF_OK_ROA="soo 65535:1"
+INTCOMM_ROUTE_OK_WL="soo 65535:2"
+INTCOMM_PREF_OK_ARINDB="soo 65535:3"
+INTCOMM_PREF_OK_REGISTROBRDB="soo 65535:12"
+
+INTCOMM_ORIGIN_OK="soo 65535:4"
+INTCOMM_ORIGIN_KO="soo 65535:5"
+INTCOMM_PREFIX_OK="soo 65535:6"
+INTCOMM_PREFIX_KO="soo 65535:7"
+INTCOMM_IRR_REJECT="soo 65535:8"
+
+INTCOMM_RPKI_UNKNOWN="soo 65535:9"
+INTCOMM_RPKI_INVALID="soo 65535:10"
+INTCOMM_RPKI_VALID="soo 65535:11"
+
+INTCOMM_PROCESS_PREPEND_COMMS="soo 65535:13"
+
+INTCOMM_NO_EXPORT="soo 65535:65281"
+INTCOMM_NO_ADVERTISE="soo 65535:65282"
+
+# ---------------------------------------------------------
+# IRRDB
+
+
+
+
+# ---------------------------------------------------------
+# MEMBERS
+
+group "clients" {
+
+	neighbor 192.0.2.11 {
+		remote-as 1
+
+		rde evaluate all
+
+		descr "AS1_1 client"
+		passive
+		ttl-security no
+		transparent-as yes
+		enforce neighbor-as no
+
+		announce as-4byte yes
+		announce IPv6 none
+		announce IPv4 unicast
+
+		set nexthop no-modify
+	}
+
+	neighbor 2001:db8:1:1::11 {
+		remote-as 1
+
+		rde evaluate all
+
+		descr "AS1_1 client"
+		passive
+		ttl-security no
+		transparent-as yes
+		enforce neighbor-as no
+
+		announce as-4byte yes
+		announce IPv6 unicast
+		announce IPv4 none
+
+		set nexthop no-modify
+	}
+
+	neighbor 192.0.2.21 {
+		remote-as 2
+
+		rde evaluate all
+
+		descr "AS2_1 client"
+		passive
+		ttl-security no
+		transparent-as yes
+		enforce neighbor-as no
+
+		announce as-4byte yes
+		announce IPv6 none
+		announce IPv4 unicast
+
+		set nexthop no-modify
+	}
+
+	neighbor 2001:db8:1:1::21 {
+		remote-as 2
+
+		rde evaluate all
+
+		descr "AS2_1 client"
+		passive
+		ttl-security no
+		transparent-as yes
+		enforce neighbor-as no
+
+		announce as-4byte yes
+		announce IPv6 unicast
+		announce IPv4 none
+
+		set nexthop no-modify
+	}
+}
+
+
+
+# ---------------------------------------------------------
+# FILTERS
+
+# NO_ADVERTISE usage notes.
+# The NO_ADVERTISE well-know community is used here to handle
+# filters that span over multiple steps. At first it is added
+# to any route, then it is removed as filters conditions are
+# satisfied. Finally, if it is still present, it means that
+# the route should be discarded.
+
+
+
+
+
+prefix-set "bogons" {
+    0.0.0.0/0
+    0.0.0.0/8 prefixlen 8 - 32
+    10.0.0.0/8 prefixlen 8 - 32
+    127.0.0.0/8 prefixlen 8 - 32
+    169.254.0.0/16 prefixlen 16 - 32
+    172.16.0.0/12 prefixlen 12 - 32
+    192.0.2.0/24 prefixlen 24 - 32
+    192.88.99.0/24 prefixlen 24 - 32
+    192.168.0.0/16 prefixlen 16 - 32
+    198.18.0.0/15 prefixlen 15 - 32
+    198.51.100.0/24 prefixlen 24 - 32
+    203.0.113.0/24 prefixlen 24 - 32
+    224.0.0.0/3 prefixlen 3 - 32
+    100.64.0.0/10 prefixlen 10 - 32
+    ::/0
+    ::/8 prefixlen 8 - 128
+    64:ff9b::/96 prefixlen 96 - 128
+    100::/8 prefixlen 8 - 128
+    200::/7 prefixlen 7 - 128
+    400::/6 prefixlen 6 - 128
+    800::/5 prefixlen 5 - 128
+    1000::/4 prefixlen 4 - 128
+    2001::/33 prefixlen 33 - 128
+    2001:0:8000::/33 prefixlen 33 - 128
+    2001:2::/48 prefixlen 48 - 128
+    2001:3::/32 prefixlen 32 - 128
+    2001:10::/28 prefixlen 28 - 128
+    2001:20::/28 prefixlen 28 - 128
+    2001:db8::/32 prefixlen 32 - 128
+    2002::/16 prefixlen 16 - 128
+    3ffe::/16 prefixlen 16 - 128
+    4000::/3 prefixlen 3 - 128
+    5f00::/8 prefixlen 8 - 128
+    6000::/3 prefixlen 3 - 128
+    8000::/3 prefixlen 3 - 128
+    a000::/3 prefixlen 3 - 128
+    c000::/3 prefixlen 3 - 128
+    e000::/4 prefixlen 4 - 128
+    f000::/5 prefixlen 5 - 128
+    f800::/6 prefixlen 6 - 128
+    fc00::/7 prefixlen 7 - 128
+    fe80::/10 prefixlen 10 - 128
+    fec0::/10 prefixlen 10 - 128
+    ff00::/8 prefixlen 8 - 128
+
+}
+
+
+# =====================================================================================
+# Global rules.
+
+# This part of configuration is processed at the beginning of the filters.
+# The rules defined in this part are applied to all the clients, and not on a
+# client-by-client basis (see the 'match from group clients'), so only global policies
+# can be implemented here, that is no client-level configuration are allowed.
+
+
+
+# Scrub communities from inbound routes
+
+# Scrub internal communities from inbound routes
+match from group clients set {
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+# The main goal of this block is to enrich routes received from clients by attaching to them
+# internal informational communities which are used later by the rest of the filter rules.
+
+# Internal communities used for RFC1997 well-known communities handling
+
+# Transform NO_EXPORT into $INTCOMM_NO_EXPORT
+match from group clients community NO_EXPORT set { ext-community $INTCOMM_NO_EXPORT community delete NO_EXPORT }
+
+# Transform NO_ADVERTISE into $INTCOMM_NO_ADVERTISE
+match from group clients community NO_ADVERTISE set { ext-community $INTCOMM_NO_ADVERTISE community delete NO_ADVERTISE }
+
+
+
+
+
+
+
+
+
+
+
+
+# AS_PATH: length
+# Reject inbound routes when 'from group clients max-as-len 32' - reject code: 1
+deny quick from group clients max-as-len 32
+
+
+
+# Prefix: only IPv6 Global Unicast space allowed
+match from group clients inet6 set community NO_ADVERTISE
+match from group clients prefix 2000::/3 or-longer set community delete NO_ADVERTISE
+# Reject inbound routes when 'from group clients community NO_ADVERTISE' - reject code: 10
+deny quick from group clients community NO_ADVERTISE
+
+
+# Prefix: bogon
+# Reject inbound routes when 'from group clients prefix-set bogons' - reject code: 2
+deny quick from group clients prefix-set bogons
+
+
+
+
+# =====================================================================================
+# Per client rules.
+
+
+# ---------------------------------------------
+# client AS1_1, inbound
+
+
+
+# NEXT_HOP
+match from 192.0.2.11 set community NO_ADVERTISE
+match from 192.0.2.11 nexthop 192.0.2.11 set community delete NO_ADVERTISE
+# Reject inbound routes when 'from 192.0.2.11 community NO_ADVERTISE' - reject code: 5
+deny quick from 192.0.2.11 community NO_ADVERTISE
+
+
+# AS_PATH: left-most ASN
+# Reject inbound routes when 'from 192.0.2.11 peer-as != 1' - reject code: 6
+deny quick from 192.0.2.11 peer-as != 1
+
+
+# AS_PATH: invalid ASNs
+# Reject inbound routes when 'from 192.0.2.11 AS 23456' - reject code: 7
+deny quick from 192.0.2.11 AS 23456
+
+# Reject inbound routes when 'from 192.0.2.11 AS 64496 - 131071' - reject code: 7
+deny quick from 192.0.2.11 AS 64496 - 131071
+
+# Reject inbound routes when 'from 192.0.2.11 AS 4200000000 - 4294967295' - reject code: 7
+deny quick from 192.0.2.11 AS 4200000000 - 4294967295
+
+
+
+
+
+
+
+
+
+
+
+
+# Prefix: length
+# Reject inbound routes when 'from 192.0.2.11 prefix 0.0.0.0/0 prefixlen 8 >< 24' - reject code: 13
+deny quick from 192.0.2.11 prefix 0.0.0.0/0 prefixlen 8 >< 24
+
+
+
+# Remove internal communities before accepting the route
+match from 192.0.2.11 set {
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+
+allow quick from 192.0.2.11
+
+
+
+# ---------------------------------------------
+# client AS1_1, outbound
+
+
+# Blackhole request?
+# No blackhole filtering policy given
+deny quick to 192.0.2.11 community BLACKHOLE
+
+
+
+# NO_EXPORT and NO_ADVERTISE communities
+
+# BGP control communities
+allow to 192.0.2.11
+
+
+# Add the $INTCOMM_PROCESS_PREPEND_COMMS ext community to signal that communities
+# for prepending can be processed. As soon as one prepending action is performed,
+# this internal community is removed, so that further actions are not processed.
+match to 192.0.2.11 set ext-community $INTCOMM_PROCESS_PREPEND_COMMS
+
+
+
+
+
+# ---------------------------------------------
+# client AS1_2, inbound
+
+
+
+# NEXT_HOP
+match from 2001:db8:1:1::11 set community NO_ADVERTISE
+match from 2001:db8:1:1::11 nexthop 2001:db8:1:1::11 set community delete NO_ADVERTISE
+# Reject inbound routes when 'from 2001:db8:1:1::11 community NO_ADVERTISE' - reject code: 5
+deny quick from 2001:db8:1:1::11 community NO_ADVERTISE
+
+
+# AS_PATH: left-most ASN
+# Reject inbound routes when 'from 2001:db8:1:1::11 peer-as != 1' - reject code: 6
+deny quick from 2001:db8:1:1::11 peer-as != 1
+
+
+# AS_PATH: invalid ASNs
+# Reject inbound routes when 'from 2001:db8:1:1::11 AS 23456' - reject code: 7
+deny quick from 2001:db8:1:1::11 AS 23456
+
+# Reject inbound routes when 'from 2001:db8:1:1::11 AS 64496 - 131071' - reject code: 7
+deny quick from 2001:db8:1:1::11 AS 64496 - 131071
+
+# Reject inbound routes when 'from 2001:db8:1:1::11 AS 4200000000 - 4294967295' - reject code: 7
+deny quick from 2001:db8:1:1::11 AS 4200000000 - 4294967295
+
+
+
+
+
+
+
+
+
+
+
+
+# Prefix: length
+# Reject inbound routes when 'from 2001:db8:1:1::11 prefix ::/0 prefixlen 12 >< 48' - reject code: 13
+deny quick from 2001:db8:1:1::11 prefix ::/0 prefixlen 12 >< 48
+
+
+
+# Remove internal communities before accepting the route
+match from 2001:db8:1:1::11 set {
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+
+allow quick from 2001:db8:1:1::11
+
+
+
+# ---------------------------------------------
+# client AS1_2, outbound
+
+
+# Blackhole request?
+# No blackhole filtering policy given
+deny quick to 2001:db8:1:1::11 community BLACKHOLE
+
+
+
+# NO_EXPORT and NO_ADVERTISE communities
+
+# BGP control communities
+allow to 2001:db8:1:1::11
+
+
+# Add the $INTCOMM_PROCESS_PREPEND_COMMS ext community to signal that communities
+# for prepending can be processed. As soon as one prepending action is performed,
+# this internal community is removed, so that further actions are not processed.
+match to 2001:db8:1:1::11 set ext-community $INTCOMM_PROCESS_PREPEND_COMMS
+
+
+
+
+
+# ---------------------------------------------
+# client AS2_1, inbound
+
+
+
+# NEXT_HOP
+match from 192.0.2.21 set community NO_ADVERTISE
+match from 192.0.2.21 nexthop 192.0.2.21 set community delete NO_ADVERTISE
+# Reject inbound routes when 'from 192.0.2.21 community NO_ADVERTISE' - reject code: 5
+deny quick from 192.0.2.21 community NO_ADVERTISE
+
+
+# AS_PATH: left-most ASN
+# Reject inbound routes when 'from 192.0.2.21 peer-as != 2' - reject code: 6
+deny quick from 192.0.2.21 peer-as != 2
+
+
+# AS_PATH: invalid ASNs
+# Reject inbound routes when 'from 192.0.2.21 AS 23456' - reject code: 7
+deny quick from 192.0.2.21 AS 23456
+
+# Reject inbound routes when 'from 192.0.2.21 AS 64496 - 131071' - reject code: 7
+deny quick from 192.0.2.21 AS 64496 - 131071
+
+# Reject inbound routes when 'from 192.0.2.21 AS 4200000000 - 4294967295' - reject code: 7
+deny quick from 192.0.2.21 AS 4200000000 - 4294967295
+
+
+
+
+
+
+
+
+
+
+
+
+# Prefix: length
+# Reject inbound routes when 'from 192.0.2.21 prefix 0.0.0.0/0 prefixlen 8 >< 24' - reject code: 13
+deny quick from 192.0.2.21 prefix 0.0.0.0/0 prefixlen 8 >< 24
+
+
+
+# Remove internal communities before accepting the route
+match from 192.0.2.21 set {
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+
+allow quick from 192.0.2.21
+
+
+
+# ---------------------------------------------
+# client AS2_1, outbound
+
+
+# Blackhole request?
+# No blackhole filtering policy given
+deny quick to 192.0.2.21 community BLACKHOLE
+
+
+
+# NO_EXPORT and NO_ADVERTISE communities
+
+# BGP control communities
+allow to 192.0.2.21
+
+
+# Add the $INTCOMM_PROCESS_PREPEND_COMMS ext community to signal that communities
+# for prepending can be processed. As soon as one prepending action is performed,
+# this internal community is removed, so that further actions are not processed.
+match to 192.0.2.21 set ext-community $INTCOMM_PROCESS_PREPEND_COMMS
+
+
+
+
+
+# ---------------------------------------------
+# client AS2_2, inbound
+
+
+
+# NEXT_HOP
+match from 2001:db8:1:1::21 set community NO_ADVERTISE
+match from 2001:db8:1:1::21 nexthop 2001:db8:1:1::21 set community delete NO_ADVERTISE
+# Reject inbound routes when 'from 2001:db8:1:1::21 community NO_ADVERTISE' - reject code: 5
+deny quick from 2001:db8:1:1::21 community NO_ADVERTISE
+
+
+# AS_PATH: left-most ASN
+# Reject inbound routes when 'from 2001:db8:1:1::21 peer-as != 2' - reject code: 6
+deny quick from 2001:db8:1:1::21 peer-as != 2
+
+
+# AS_PATH: invalid ASNs
+# Reject inbound routes when 'from 2001:db8:1:1::21 AS 23456' - reject code: 7
+deny quick from 2001:db8:1:1::21 AS 23456
+
+# Reject inbound routes when 'from 2001:db8:1:1::21 AS 64496 - 131071' - reject code: 7
+deny quick from 2001:db8:1:1::21 AS 64496 - 131071
+
+# Reject inbound routes when 'from 2001:db8:1:1::21 AS 4200000000 - 4294967295' - reject code: 7
+deny quick from 2001:db8:1:1::21 AS 4200000000 - 4294967295
+
+
+
+
+
+
+
+
+
+
+
+
+# Prefix: length
+# Reject inbound routes when 'from 2001:db8:1:1::21 prefix ::/0 prefixlen 12 >< 48' - reject code: 13
+deny quick from 2001:db8:1:1::21 prefix ::/0 prefixlen 12 >< 48
+
+
+
+# Remove internal communities before accepting the route
+match from 2001:db8:1:1::21 set {
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+
+allow quick from 2001:db8:1:1::21
+
+
+
+# ---------------------------------------------
+# client AS2_2, outbound
+
+
+# Blackhole request?
+# No blackhole filtering policy given
+deny quick to 2001:db8:1:1::21 community BLACKHOLE
+
+
+
+# NO_EXPORT and NO_ADVERTISE communities
+
+# BGP control communities
+allow to 2001:db8:1:1::21
+
+
+# Add the $INTCOMM_PROCESS_PREPEND_COMMS ext community to signal that communities
+# for prepending can be processed. As soon as one prepending action is performed,
+# this internal community is removed, so that further actions are not processed.
+match to 2001:db8:1:1::21 set ext-community $INTCOMM_PROCESS_PREPEND_COMMS
+
+
+
+
+
+
+
+# Scrub communities from outbound routes
+
+# Scrub prepending communities
+
+match to group clients set community GRACEFUL_SHUTDOWN
+
+# RFC1997 NO_EXPORT/NO_ADVERTISE received from clients and propagated because of pass-through policy
+match to group clients ext-community $INTCOMM_NO_EXPORT set community NO_EXPORT
+match to group clients ext-community $INTCOMM_NO_ADVERTISE set community NO_ADVERTISE
+
+# Remove internal communities before announcing the route
+match to group clients set {
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
diff --git a/tests/live_tests/scenarios/gshut/configs/GShutScenario_OpenBGPDIPv4/openbgpd77p.conf b/tests/live_tests/scenarios/gshut/configs/GShutScenario_OpenBGPDIPv4/openbgpd77p.conf
new file mode 100644
index 00000000..0c8a1432
--- /dev/null
+++ b/tests/live_tests/scenarios/gshut/configs/GShutScenario_OpenBGPDIPv4/openbgpd77p.conf
@@ -0,0 +1,665 @@
+# built by ARouteServer
+AS 999
+router-id 192.0.2.2
+
+fib-update no
+log updates
+
+nexthop qualify via default
+
+rde evaluate all
+
+INTCOMM_PREF_OK_ROA="soo 65535:1"
+INTCOMM_ROUTE_OK_WL="soo 65535:2"
+INTCOMM_PREF_OK_ARINDB="soo 65535:3"
+INTCOMM_PREF_OK_REGISTROBRDB="soo 65535:12"
+
+INTCOMM_ORIGIN_OK="soo 65535:4"
+INTCOMM_ORIGIN_KO="soo 65535:5"
+INTCOMM_PREFIX_OK="soo 65535:6"
+INTCOMM_PREFIX_KO="soo 65535:7"
+INTCOMM_IRR_REJECT="soo 65535:8"
+
+INTCOMM_RPKI_UNKNOWN="soo 65535:9"
+INTCOMM_RPKI_INVALID="soo 65535:10"
+INTCOMM_RPKI_VALID="soo 65535:11"
+
+INTCOMM_PROCESS_PREPEND_COMMS="soo 65535:13"
+
+INTCOMM_NO_EXPORT="soo 65535:65281"
+INTCOMM_NO_ADVERTISE="soo 65535:65282"
+
+# ---------------------------------------------------------
+# IRRDB
+
+
+
+
+# ---------------------------------------------------------
+# MEMBERS
+
+group "clients" {
+
+	neighbor 192.0.2.11 {
+		remote-as 1
+
+		rde evaluate all
+
+		descr "AS1_1 client"
+		passive
+		ttl-security no
+		transparent-as yes
+		enforce neighbor-as no
+
+		announce as-4byte yes
+		announce IPv6 none
+		announce IPv4 unicast
+
+		set nexthop no-modify
+	}
+
+	neighbor 2001:db8:1:1::11 {
+		remote-as 1
+
+		rde evaluate all
+
+		descr "AS1_1 client"
+		passive
+		ttl-security no
+		transparent-as yes
+		enforce neighbor-as no
+
+		announce as-4byte yes
+		announce IPv6 unicast
+		announce IPv4 none
+
+		set nexthop no-modify
+	}
+
+	neighbor 192.0.2.21 {
+		remote-as 2
+
+		rde evaluate all
+
+		descr "AS2_1 client"
+		passive
+		ttl-security no
+		transparent-as yes
+		enforce neighbor-as no
+
+		announce as-4byte yes
+		announce IPv6 none
+		announce IPv4 unicast
+
+		set nexthop no-modify
+	}
+
+	neighbor 2001:db8:1:1::21 {
+		remote-as 2
+
+		rde evaluate all
+
+		descr "AS2_1 client"
+		passive
+		ttl-security no
+		transparent-as yes
+		enforce neighbor-as no
+
+		announce as-4byte yes
+		announce IPv6 unicast
+		announce IPv4 none
+
+		set nexthop no-modify
+	}
+}
+
+
+
+# ---------------------------------------------------------
+# FILTERS
+
+# NO_ADVERTISE usage notes.
+# The NO_ADVERTISE well-know community is used here to handle
+# filters that span over multiple steps. At first it is added
+# to any route, then it is removed as filters conditions are
+# satisfied. Finally, if it is still present, it means that
+# the route should be discarded.
+
+
+
+
+
+prefix-set "bogons" {
+    0.0.0.0/0
+    0.0.0.0/8 prefixlen 8 - 32
+    10.0.0.0/8 prefixlen 8 - 32
+    127.0.0.0/8 prefixlen 8 - 32
+    169.254.0.0/16 prefixlen 16 - 32
+    172.16.0.0/12 prefixlen 12 - 32
+    192.0.2.0/24 prefixlen 24 - 32
+    192.88.99.0/24 prefixlen 24 - 32
+    192.168.0.0/16 prefixlen 16 - 32
+    198.18.0.0/15 prefixlen 15 - 32
+    198.51.100.0/24 prefixlen 24 - 32
+    203.0.113.0/24 prefixlen 24 - 32
+    224.0.0.0/3 prefixlen 3 - 32
+    100.64.0.0/10 prefixlen 10 - 32
+    ::/0
+    ::/8 prefixlen 8 - 128
+    64:ff9b::/96 prefixlen 96 - 128
+    100::/8 prefixlen 8 - 128
+    200::/7 prefixlen 7 - 128
+    400::/6 prefixlen 6 - 128
+    800::/5 prefixlen 5 - 128
+    1000::/4 prefixlen 4 - 128
+    2001::/33 prefixlen 33 - 128
+    2001:0:8000::/33 prefixlen 33 - 128
+    2001:2::/48 prefixlen 48 - 128
+    2001:3::/32 prefixlen 32 - 128
+    2001:10::/28 prefixlen 28 - 128
+    2001:20::/28 prefixlen 28 - 128
+    2001:db8::/32 prefixlen 32 - 128
+    2002::/16 prefixlen 16 - 128
+    3ffe::/16 prefixlen 16 - 128
+    4000::/3 prefixlen 3 - 128
+    5f00::/8 prefixlen 8 - 128
+    6000::/3 prefixlen 3 - 128
+    8000::/3 prefixlen 3 - 128
+    a000::/3 prefixlen 3 - 128
+    c000::/3 prefixlen 3 - 128
+    e000::/4 prefixlen 4 - 128
+    f000::/5 prefixlen 5 - 128
+    f800::/6 prefixlen 6 - 128
+    fc00::/7 prefixlen 7 - 128
+    fe80::/10 prefixlen 10 - 128
+    fec0::/10 prefixlen 10 - 128
+    ff00::/8 prefixlen 8 - 128
+
+}
+
+
+# =====================================================================================
+# Global rules.
+
+# This part of configuration is processed at the beginning of the filters.
+# The rules defined in this part are applied to all the clients, and not on a
+# client-by-client basis (see the 'match from group clients'), so only global policies
+# can be implemented here, that is no client-level configuration are allowed.
+
+
+
+# Scrub communities from inbound routes
+
+# Scrub internal communities from inbound routes
+match from group clients set {
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+# The main goal of this block is to enrich routes received from clients by attaching to them
+# internal informational communities which are used later by the rest of the filter rules.
+
+# Internal communities used for RFC1997 well-known communities handling
+
+# Transform NO_EXPORT into $INTCOMM_NO_EXPORT
+match from group clients community NO_EXPORT set { ext-community $INTCOMM_NO_EXPORT community delete NO_EXPORT }
+
+# Transform NO_ADVERTISE into $INTCOMM_NO_ADVERTISE
+match from group clients community NO_ADVERTISE set { ext-community $INTCOMM_NO_ADVERTISE community delete NO_ADVERTISE }
+
+
+
+
+
+
+
+
+
+
+
+
+# AS_PATH: length
+# Reject inbound routes when 'from group clients max-as-len 32' - reject code: 1
+deny quick from group clients max-as-len 32
+
+
+
+# Prefix: only IPv6 Global Unicast space allowed
+match from group clients inet6 set community NO_ADVERTISE
+match from group clients prefix 2000::/3 or-longer set community delete NO_ADVERTISE
+# Reject inbound routes when 'from group clients community NO_ADVERTISE' - reject code: 10
+deny quick from group clients community NO_ADVERTISE
+
+
+# Prefix: bogon
+# Reject inbound routes when 'from group clients prefix-set bogons' - reject code: 2
+deny quick from group clients prefix-set bogons
+
+
+
+
+# =====================================================================================
+# Per client rules.
+
+
+# ---------------------------------------------
+# client AS1_1, inbound
+
+
+
+# NEXT_HOP
+match from 192.0.2.11 set community NO_ADVERTISE
+match from 192.0.2.11 nexthop 192.0.2.11 set community delete NO_ADVERTISE
+# Reject inbound routes when 'from 192.0.2.11 community NO_ADVERTISE' - reject code: 5
+deny quick from 192.0.2.11 community NO_ADVERTISE
+
+
+# AS_PATH: left-most ASN
+# Reject inbound routes when 'from 192.0.2.11 peer-as != 1' - reject code: 6
+deny quick from 192.0.2.11 peer-as != 1
+
+
+# AS_PATH: invalid ASNs
+# Reject inbound routes when 'from 192.0.2.11 AS 23456' - reject code: 7
+deny quick from 192.0.2.11 AS 23456
+
+# Reject inbound routes when 'from 192.0.2.11 AS 64496 - 131071' - reject code: 7
+deny quick from 192.0.2.11 AS 64496 - 131071
+
+# Reject inbound routes when 'from 192.0.2.11 AS 4200000000 - 4294967295' - reject code: 7
+deny quick from 192.0.2.11 AS 4200000000 - 4294967295
+
+
+
+
+
+
+
+
+
+
+
+
+# Prefix: length
+# Reject inbound routes when 'from 192.0.2.11 prefix 0.0.0.0/0 prefixlen 8 >< 24' - reject code: 13
+deny quick from 192.0.2.11 prefix 0.0.0.0/0 prefixlen 8 >< 24
+
+
+
+# Remove internal communities before accepting the route
+match from 192.0.2.11 set {
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+
+allow quick from 192.0.2.11
+
+
+
+# ---------------------------------------------
+# client AS1_1, outbound
+
+
+# Blackhole request?
+# No blackhole filtering policy given
+deny quick to 192.0.2.11 community BLACKHOLE
+
+
+
+# NO_EXPORT and NO_ADVERTISE communities
+
+# BGP control communities
+allow to 192.0.2.11
+
+
+# Add the $INTCOMM_PROCESS_PREPEND_COMMS ext community to signal that communities
+# for prepending can be processed. As soon as one prepending action is performed,
+# this internal community is removed, so that further actions are not processed.
+match to 192.0.2.11 set ext-community $INTCOMM_PROCESS_PREPEND_COMMS
+
+
+
+
+
+# ---------------------------------------------
+# client AS1_2, inbound
+
+
+
+# NEXT_HOP
+match from 2001:db8:1:1::11 set community NO_ADVERTISE
+match from 2001:db8:1:1::11 nexthop 2001:db8:1:1::11 set community delete NO_ADVERTISE
+# Reject inbound routes when 'from 2001:db8:1:1::11 community NO_ADVERTISE' - reject code: 5
+deny quick from 2001:db8:1:1::11 community NO_ADVERTISE
+
+
+# AS_PATH: left-most ASN
+# Reject inbound routes when 'from 2001:db8:1:1::11 peer-as != 1' - reject code: 6
+deny quick from 2001:db8:1:1::11 peer-as != 1
+
+
+# AS_PATH: invalid ASNs
+# Reject inbound routes when 'from 2001:db8:1:1::11 AS 23456' - reject code: 7
+deny quick from 2001:db8:1:1::11 AS 23456
+
+# Reject inbound routes when 'from 2001:db8:1:1::11 AS 64496 - 131071' - reject code: 7
+deny quick from 2001:db8:1:1::11 AS 64496 - 131071
+
+# Reject inbound routes when 'from 2001:db8:1:1::11 AS 4200000000 - 4294967295' - reject code: 7
+deny quick from 2001:db8:1:1::11 AS 4200000000 - 4294967295
+
+
+
+
+
+
+
+
+
+
+
+
+# Prefix: length
+# Reject inbound routes when 'from 2001:db8:1:1::11 prefix ::/0 prefixlen 12 >< 48' - reject code: 13
+deny quick from 2001:db8:1:1::11 prefix ::/0 prefixlen 12 >< 48
+
+
+
+# Remove internal communities before accepting the route
+match from 2001:db8:1:1::11 set {
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+
+allow quick from 2001:db8:1:1::11
+
+
+
+# ---------------------------------------------
+# client AS1_2, outbound
+
+
+# Blackhole request?
+# No blackhole filtering policy given
+deny quick to 2001:db8:1:1::11 community BLACKHOLE
+
+
+
+# NO_EXPORT and NO_ADVERTISE communities
+
+# BGP control communities
+allow to 2001:db8:1:1::11
+
+
+# Add the $INTCOMM_PROCESS_PREPEND_COMMS ext community to signal that communities
+# for prepending can be processed. As soon as one prepending action is performed,
+# this internal community is removed, so that further actions are not processed.
+match to 2001:db8:1:1::11 set ext-community $INTCOMM_PROCESS_PREPEND_COMMS
+
+
+
+
+
+# ---------------------------------------------
+# client AS2_1, inbound
+
+
+
+# NEXT_HOP
+match from 192.0.2.21 set community NO_ADVERTISE
+match from 192.0.2.21 nexthop 192.0.2.21 set community delete NO_ADVERTISE
+# Reject inbound routes when 'from 192.0.2.21 community NO_ADVERTISE' - reject code: 5
+deny quick from 192.0.2.21 community NO_ADVERTISE
+
+
+# AS_PATH: left-most ASN
+# Reject inbound routes when 'from 192.0.2.21 peer-as != 2' - reject code: 6
+deny quick from 192.0.2.21 peer-as != 2
+
+
+# AS_PATH: invalid ASNs
+# Reject inbound routes when 'from 192.0.2.21 AS 23456' - reject code: 7
+deny quick from 192.0.2.21 AS 23456
+
+# Reject inbound routes when 'from 192.0.2.21 AS 64496 - 131071' - reject code: 7
+deny quick from 192.0.2.21 AS 64496 - 131071
+
+# Reject inbound routes when 'from 192.0.2.21 AS 4200000000 - 4294967295' - reject code: 7
+deny quick from 192.0.2.21 AS 4200000000 - 4294967295
+
+
+
+
+
+
+
+
+
+
+
+
+# Prefix: length
+# Reject inbound routes when 'from 192.0.2.21 prefix 0.0.0.0/0 prefixlen 8 >< 24' - reject code: 13
+deny quick from 192.0.2.21 prefix 0.0.0.0/0 prefixlen 8 >< 24
+
+
+
+# Remove internal communities before accepting the route
+match from 192.0.2.21 set {
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+
+allow quick from 192.0.2.21
+
+
+
+# ---------------------------------------------
+# client AS2_1, outbound
+
+
+# Blackhole request?
+# No blackhole filtering policy given
+deny quick to 192.0.2.21 community BLACKHOLE
+
+
+
+# NO_EXPORT and NO_ADVERTISE communities
+
+# BGP control communities
+allow to 192.0.2.21
+
+
+# Add the $INTCOMM_PROCESS_PREPEND_COMMS ext community to signal that communities
+# for prepending can be processed. As soon as one prepending action is performed,
+# this internal community is removed, so that further actions are not processed.
+match to 192.0.2.21 set ext-community $INTCOMM_PROCESS_PREPEND_COMMS
+
+
+
+
+
+# ---------------------------------------------
+# client AS2_2, inbound
+
+
+
+# NEXT_HOP
+match from 2001:db8:1:1::21 set community NO_ADVERTISE
+match from 2001:db8:1:1::21 nexthop 2001:db8:1:1::21 set community delete NO_ADVERTISE
+# Reject inbound routes when 'from 2001:db8:1:1::21 community NO_ADVERTISE' - reject code: 5
+deny quick from 2001:db8:1:1::21 community NO_ADVERTISE
+
+
+# AS_PATH: left-most ASN
+# Reject inbound routes when 'from 2001:db8:1:1::21 peer-as != 2' - reject code: 6
+deny quick from 2001:db8:1:1::21 peer-as != 2
+
+
+# AS_PATH: invalid ASNs
+# Reject inbound routes when 'from 2001:db8:1:1::21 AS 23456' - reject code: 7
+deny quick from 2001:db8:1:1::21 AS 23456
+
+# Reject inbound routes when 'from 2001:db8:1:1::21 AS 64496 - 131071' - reject code: 7
+deny quick from 2001:db8:1:1::21 AS 64496 - 131071
+
+# Reject inbound routes when 'from 2001:db8:1:1::21 AS 4200000000 - 4294967295' - reject code: 7
+deny quick from 2001:db8:1:1::21 AS 4200000000 - 4294967295
+
+
+
+
+
+
+
+
+
+
+
+
+# Prefix: length
+# Reject inbound routes when 'from 2001:db8:1:1::21 prefix ::/0 prefixlen 12 >< 48' - reject code: 13
+deny quick from 2001:db8:1:1::21 prefix ::/0 prefixlen 12 >< 48
+
+
+
+# Remove internal communities before accepting the route
+match from 2001:db8:1:1::21 set {
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+
+allow quick from 2001:db8:1:1::21
+
+
+
+# ---------------------------------------------
+# client AS2_2, outbound
+
+
+# Blackhole request?
+# No blackhole filtering policy given
+deny quick to 2001:db8:1:1::21 community BLACKHOLE
+
+
+
+# NO_EXPORT and NO_ADVERTISE communities
+
+# BGP control communities
+allow to 2001:db8:1:1::21
+
+
+# Add the $INTCOMM_PROCESS_PREPEND_COMMS ext community to signal that communities
+# for prepending can be processed. As soon as one prepending action is performed,
+# this internal community is removed, so that further actions are not processed.
+match to 2001:db8:1:1::21 set ext-community $INTCOMM_PROCESS_PREPEND_COMMS
+
+
+
+
+
+
+
+# Scrub communities from outbound routes
+
+# Scrub prepending communities
+
+match to group clients set community GRACEFUL_SHUTDOWN
+
+# RFC1997 NO_EXPORT/NO_ADVERTISE received from clients and propagated because of pass-through policy
+match to group clients ext-community $INTCOMM_NO_EXPORT set community NO_EXPORT
+match to group clients ext-community $INTCOMM_NO_ADVERTISE set community NO_ADVERTISE
+
+# Remove internal communities before announcing the route
+match to group clients set {
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
diff --git a/tests/live_tests/scenarios/gshut/routes/GShutScenario_OpenBGPDIPv4/openbgpd77p/AS1.txt b/tests/live_tests/scenarios/gshut/routes/GShutScenario_OpenBGPDIPv4/openbgpd77p/AS1.txt
new file mode 100644
index 00000000..6a695ab1
--- /dev/null
+++ b/tests/live_tests/scenarios/gshut/routes/GShutScenario_OpenBGPDIPv4/openbgpd77p/AS1.txt
@@ -0,0 +1,14 @@
+2a02:2:1::/48, AS_PATH: 2, NEXT_HOP: 2001:db8:1:1::21, via 2001:db8:1:1::2
+  std comms: 65535:0
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a02:2:2::/48, AS_PATH: 2, NEXT_HOP: 2001:db8:1:1::21, via 2001:db8:1:1::2
+  std comms: 65535:0
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
diff --git a/tests/live_tests/scenarios/gshut/routes/GShutScenario_OpenBGPDIPv4/openbgpd77p/AS2.txt b/tests/live_tests/scenarios/gshut/routes/GShutScenario_OpenBGPDIPv4/openbgpd77p/AS2.txt
new file mode 100644
index 00000000..4d268b5f
--- /dev/null
+++ b/tests/live_tests/scenarios/gshut/routes/GShutScenario_OpenBGPDIPv4/openbgpd77p/AS2.txt
@@ -0,0 +1,14 @@
+2a02:1:1::/48, AS_PATH: 1, NEXT_HOP: 2001:db8:1:1::11, via 2001:db8:1:1::2
+  std comms: 65535:0
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a02:1:2::/48, AS_PATH: 1, NEXT_HOP: 2001:db8:1:1::11, via 2001:db8:1:1::2
+  std comms: 65535:0
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
diff --git a/tests/live_tests/scenarios/gshut/routes/GShutScenario_OpenBGPDIPv4/openbgpd77p/rs.txt b/tests/live_tests/scenarios/gshut/routes/GShutScenario_OpenBGPDIPv4/openbgpd77p/rs.txt
new file mode 100644
index 00000000..3f3e8bb6
--- /dev/null
+++ b/tests/live_tests/scenarios/gshut/routes/GShutScenario_OpenBGPDIPv4/openbgpd77p/rs.txt
@@ -0,0 +1,28 @@
+2a02:1:1::/48, AS_PATH: 1, NEXT_HOP: 2001:db8:1:1::11, via 2001:db8:1:1::11
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a02:1:2::/48, AS_PATH: 1, NEXT_HOP: 2001:db8:1:1::11, via 2001:db8:1:1::11
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a02:2:1::/48, AS_PATH: 2, NEXT_HOP: 2001:db8:1:1::21, via 2001:db8:1:1::21
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a02:2:2::/48, AS_PATH: 2, NEXT_HOP: 2001:db8:1:1::21, via 2001:db8:1:1::21
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
diff --git a/tests/live_tests/scenarios/max_prefix/configs/MaxPrefixScenario_OpenBGPDIPv4/openbgpd76p.conf b/tests/live_tests/scenarios/max_prefix/configs/MaxPrefixScenario_OpenBGPDIPv4/openbgpd76p.conf
new file mode 100644
index 00000000..b5874e6e
--- /dev/null
+++ b/tests/live_tests/scenarios/max_prefix/configs/MaxPrefixScenario_OpenBGPDIPv4/openbgpd76p.conf
@@ -0,0 +1,2263 @@
+# built by ARouteServer
+AS 999
+router-id 192.0.2.2
+
+fib-update no
+log updates
+
+nexthop qualify via default
+
+rde evaluate all
+
+INTCOMM_PREF_OK_ROA="soo 65535:1"
+INTCOMM_ROUTE_OK_WL="soo 65535:2"
+INTCOMM_PREF_OK_ARINDB="soo 65535:3"
+INTCOMM_PREF_OK_REGISTROBRDB="soo 65535:12"
+
+INTCOMM_ORIGIN_OK="soo 65535:4"
+INTCOMM_ORIGIN_KO="soo 65535:5"
+INTCOMM_PREFIX_OK="soo 65535:6"
+INTCOMM_PREFIX_KO="soo 65535:7"
+INTCOMM_IRR_REJECT="soo 65535:8"
+
+INTCOMM_RPKI_UNKNOWN="soo 65535:9"
+INTCOMM_RPKI_INVALID="soo 65535:10"
+INTCOMM_RPKI_VALID="soo 65535:11"
+
+INTCOMM_PROCESS_PREPEND_COMMS="soo 65535:13"
+
+INTCOMM_NO_EXPORT="soo 65535:65281"
+INTCOMM_NO_ADVERTISE="soo 65535:65282"
+
+# ---------------------------------------------------------
+# IRRDB
+
+
+
+
+# ---------------------------------------------------------
+# MEMBERS
+
+group "clients" {
+
+	neighbor 192.0.2.11 {
+		remote-as 1
+
+		rde evaluate all
+
+		passive
+		ttl-security no
+		max-prefix 4
+		transparent-as yes
+		enforce neighbor-as no
+
+		announce as-4byte yes
+		announce IPv6 none
+		announce IPv4 unicast
+
+		set nexthop no-modify
+	}
+
+	neighbor 2001:db8:1:1::11 {
+		remote-as 1
+
+		rde evaluate all
+
+		passive
+		ttl-security no
+		max-prefix 4
+		transparent-as yes
+		enforce neighbor-as no
+
+		announce as-4byte yes
+		announce IPv6 unicast
+		announce IPv4 none
+
+		set nexthop no-modify
+	}
+
+	neighbor 192.0.2.21 {
+		remote-as 2
+
+		rde evaluate all
+
+		passive
+		ttl-security no
+		max-prefix 3
+		transparent-as yes
+		enforce neighbor-as no
+
+		announce as-4byte yes
+		announce IPv6 none
+		announce IPv4 unicast
+
+		set nexthop no-modify
+	}
+
+	neighbor 2001:db8:1:1::21 {
+		remote-as 2
+
+		rde evaluate all
+
+		passive
+		ttl-security no
+		max-prefix 3
+		transparent-as yes
+		enforce neighbor-as no
+
+		announce as-4byte yes
+		announce IPv6 unicast
+		announce IPv4 none
+
+		set nexthop no-modify
+	}
+
+	neighbor 192.0.2.31 {
+		remote-as 3
+
+		rde evaluate all
+
+		passive
+		ttl-security no
+		max-prefix 2
+		transparent-as yes
+		enforce neighbor-as no
+
+		announce as-4byte yes
+		announce IPv6 none
+		announce IPv4 unicast
+
+		set nexthop no-modify
+	}
+
+	neighbor 2001:db8:1:1::31 {
+		remote-as 3
+
+		rde evaluate all
+
+		passive
+		ttl-security no
+		max-prefix 2
+		transparent-as yes
+		enforce neighbor-as no
+
+		announce as-4byte yes
+		announce IPv6 unicast
+		announce IPv4 none
+
+		set nexthop no-modify
+	}
+
+	neighbor 192.0.2.41 {
+		remote-as 4
+
+		rde evaluate all
+
+		passive
+		ttl-security no
+		max-prefix 6
+		transparent-as yes
+		enforce neighbor-as no
+
+		announce as-4byte yes
+		announce IPv6 none
+		announce IPv4 unicast
+
+		set nexthop no-modify
+	}
+
+	neighbor 2001:db8:1:1::41 {
+		remote-as 4
+
+		rde evaluate all
+
+		passive
+		ttl-security no
+		max-prefix 6
+		transparent-as yes
+		enforce neighbor-as no
+
+		announce as-4byte yes
+		announce IPv6 unicast
+		announce IPv4 none
+
+		set nexthop no-modify
+	}
+}
+
+
+
+# ---------------------------------------------------------
+# FILTERS
+
+# NO_ADVERTISE usage notes.
+# The NO_ADVERTISE well-know community is used here to handle
+# filters that span over multiple steps. At first it is added
+# to any route, then it is removed as filters conditions are
+# satisfied. Finally, if it is still present, it means that
+# the route should be discarded.
+
+
+
+
+
+prefix-set "bogons" {
+    0.0.0.0/0
+    0.0.0.0/8 prefixlen 8 - 32
+    10.0.0.0/8 prefixlen 8 - 32
+    127.0.0.0/8 prefixlen 8 - 32
+    169.254.0.0/16 prefixlen 16 - 32
+    172.16.0.0/12 prefixlen 12 - 32
+    192.0.2.0/24 prefixlen 24 - 32
+    192.88.99.0/24 prefixlen 24 - 32
+    192.168.0.0/16 prefixlen 16 - 32
+    198.18.0.0/15 prefixlen 15 - 32
+    198.51.100.0/24 prefixlen 24 - 32
+    203.0.113.0/24 prefixlen 24 - 32
+    224.0.0.0/3 prefixlen 3 - 32
+    100.64.0.0/10 prefixlen 10 - 32
+    ::/0
+    ::/8 prefixlen 8 - 128
+    64:ff9b::/96 prefixlen 96 - 128
+    100::/8 prefixlen 8 - 128
+    200::/7 prefixlen 7 - 128
+    400::/6 prefixlen 6 - 128
+    800::/5 prefixlen 5 - 128
+    1000::/4 prefixlen 4 - 128
+    2001::/33 prefixlen 33 - 128
+    2001:0:8000::/33 prefixlen 33 - 128
+    2001:2::/48 prefixlen 48 - 128
+    2001:3::/32 prefixlen 32 - 128
+    2001:10::/28 prefixlen 28 - 128
+    2001:20::/28 prefixlen 28 - 128
+    2001:db8::/32 prefixlen 32 - 128
+    2002::/16 prefixlen 16 - 128
+    3ffe::/16 prefixlen 16 - 128
+    4000::/3 prefixlen 3 - 128
+    5f00::/8 prefixlen 8 - 128
+    6000::/3 prefixlen 3 - 128
+    8000::/3 prefixlen 3 - 128
+    a000::/3 prefixlen 3 - 128
+    c000::/3 prefixlen 3 - 128
+    e000::/4 prefixlen 4 - 128
+    f000::/5 prefixlen 5 - 128
+    f800::/6 prefixlen 6 - 128
+    fc00::/7 prefixlen 7 - 128
+    fe80::/10 prefixlen 10 - 128
+    fec0::/10 prefixlen 10 - 128
+    ff00::/8 prefixlen 8 - 128
+
+}
+
+
+# =====================================================================================
+# Global rules.
+
+# This part of configuration is processed at the beginning of the filters.
+# The rules defined in this part are applied to all the clients, and not on a
+# client-by-client basis (see the 'match from group clients'), so only global policies
+# can be implemented here, that is no client-level configuration are allowed.
+
+
+
+# Scrub communities from inbound routes
+# reject_cause
+match from group clients set community delete 65520:*
+
+# reject_cause_map_6
+match from group clients set large-community delete 999:1101:7
+
+# rejected_route_announced_by
+match from group clients set ext-community delete rt 65520:*
+
+
+# Scrub internal communities from inbound routes
+match from group clients set {
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+# The main goal of this block is to enrich routes received from clients by attaching to them
+# internal informational communities which are used later by the rest of the filter rules.
+
+# Internal communities used for RFC1997 well-known communities handling
+
+# Transform NO_EXPORT into $INTCOMM_NO_EXPORT
+match from group clients community NO_EXPORT set { ext-community $INTCOMM_NO_EXPORT community delete NO_EXPORT }
+
+# Transform NO_ADVERTISE into $INTCOMM_NO_ADVERTISE
+match from group clients community NO_ADVERTISE set { ext-community $INTCOMM_NO_ADVERTISE community delete NO_ADVERTISE }
+
+
+
+
+
+
+
+
+
+# Set the 'rejected_route_announced_by' community for all the clients.
+# It will be removed later if the route is not invalid
+match from 192.0.2.11 set ext-community rt 65520:1
+
+match from 2001:db8:1:1::11 set ext-community rt 65520:1
+
+match from 192.0.2.21 set ext-community rt 65520:2
+
+match from 2001:db8:1:1::21 set ext-community rt 65520:2
+
+match from 192.0.2.31 set ext-community rt 65520:3
+
+match from 2001:db8:1:1::31 set ext-community rt 65520:3
+
+match from 192.0.2.41 set ext-community rt 65520:4
+
+match from 2001:db8:1:1::41 set ext-community rt 65520:4
+
+
+
+
+# AS_PATH: length
+# Reject inbound routes when 'from group clients max-as-len 32' - reject code: 1
+allow quick from group clients max-as-len 32 set {
+	localpref 1
+	community 65520:0
+	community 65520:1
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+# Prefix: only IPv6 Global Unicast space allowed
+match from group clients inet6 set community NO_ADVERTISE
+match from group clients prefix 2000::/3 or-longer set community delete NO_ADVERTISE
+# Reject inbound routes when 'from group clients community NO_ADVERTISE' - reject code: 10
+allow quick from group clients community NO_ADVERTISE set {
+	localpref 1
+	community 65520:0
+	community 65520:10
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# Prefix: bogon
+# Reject inbound routes when 'from group clients prefix-set bogons' - reject code: 2
+allow quick from group clients prefix-set bogons set {
+	localpref 1
+	community 65520:0
+	community 65520:2
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+
+# =====================================================================================
+# Per client rules.
+
+
+# ---------------------------------------------
+# client AS1_1, inbound
+
+
+
+# NEXT_HOP
+match from 192.0.2.11 set community NO_ADVERTISE
+match from 192.0.2.11 nexthop 192.0.2.11 set community delete NO_ADVERTISE
+# Reject inbound routes when 'from 192.0.2.11 community NO_ADVERTISE' - reject code: 5
+allow quick from 192.0.2.11 community NO_ADVERTISE set {
+	localpref 1
+	community 65520:0
+	community 65520:5
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: left-most ASN
+# Reject inbound routes when 'from 192.0.2.11 peer-as != 1' - reject code: 6
+# community from reject_cause_map
+allow quick from 192.0.2.11 peer-as != 1 set {
+	localpref 1
+	community 65520:0
+	community 65520:6
+	large-community 999:1101:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: invalid ASNs
+# Reject inbound routes when 'from 192.0.2.11 AS 23456' - reject code: 7
+allow quick from 192.0.2.11 AS 23456 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 192.0.2.11 AS 64496 - 131071' - reject code: 7
+allow quick from 192.0.2.11 AS 64496 - 131071 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 192.0.2.11 AS 4200000000 - 4294967295' - reject code: 7
+allow quick from 192.0.2.11 AS 4200000000 - 4294967295 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+
+
+
+
+
+
+
+
+
+# Prefix: length
+# Reject inbound routes when 'from 192.0.2.11 prefix 0.0.0.0/0 prefixlen 8 >< 24' - reject code: 13
+allow quick from 192.0.2.11 prefix 0.0.0.0/0 prefixlen 8 >< 24 set {
+	localpref 1
+	community 65520:0
+	community 65520:13
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+# Remove internal communities before accepting the route
+match from 192.0.2.11 set {
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+match from 192.0.2.11 set ext-community delete rt 65520:1
+
+
+
+allow quick from 192.0.2.11
+
+
+
+# ---------------------------------------------
+# client AS1_1, outbound
+
+deny quick to 192.0.2.11 community 65520:0
+
+
+
+# Blackhole request?
+# No blackhole filtering policy given
+deny quick to 192.0.2.11 community BLACKHOLE
+
+
+
+# NO_EXPORT and NO_ADVERTISE communities
+
+# BGP control communities
+allow to 192.0.2.11
+
+
+# Add the $INTCOMM_PROCESS_PREPEND_COMMS ext community to signal that communities
+# for prepending can be processed. As soon as one prepending action is performed,
+# this internal community is removed, so that further actions are not processed.
+match to 192.0.2.11 set ext-community $INTCOMM_PROCESS_PREPEND_COMMS
+
+
+
+
+
+# ---------------------------------------------
+# client AS1_2, inbound
+
+
+
+# NEXT_HOP
+match from 2001:db8:1:1::11 set community NO_ADVERTISE
+match from 2001:db8:1:1::11 nexthop 2001:db8:1:1::11 set community delete NO_ADVERTISE
+# Reject inbound routes when 'from 2001:db8:1:1::11 community NO_ADVERTISE' - reject code: 5
+allow quick from 2001:db8:1:1::11 community NO_ADVERTISE set {
+	localpref 1
+	community 65520:0
+	community 65520:5
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: left-most ASN
+# Reject inbound routes when 'from 2001:db8:1:1::11 peer-as != 1' - reject code: 6
+# community from reject_cause_map
+allow quick from 2001:db8:1:1::11 peer-as != 1 set {
+	localpref 1
+	community 65520:0
+	community 65520:6
+	large-community 999:1101:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: invalid ASNs
+# Reject inbound routes when 'from 2001:db8:1:1::11 AS 23456' - reject code: 7
+allow quick from 2001:db8:1:1::11 AS 23456 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 2001:db8:1:1::11 AS 64496 - 131071' - reject code: 7
+allow quick from 2001:db8:1:1::11 AS 64496 - 131071 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 2001:db8:1:1::11 AS 4200000000 - 4294967295' - reject code: 7
+allow quick from 2001:db8:1:1::11 AS 4200000000 - 4294967295 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+
+
+
+
+
+
+
+
+
+# Prefix: length
+# Reject inbound routes when 'from 2001:db8:1:1::11 prefix ::/0 prefixlen 12 >< 48' - reject code: 13
+allow quick from 2001:db8:1:1::11 prefix ::/0 prefixlen 12 >< 48 set {
+	localpref 1
+	community 65520:0
+	community 65520:13
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+# Remove internal communities before accepting the route
+match from 2001:db8:1:1::11 set {
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+match from 2001:db8:1:1::11 set ext-community delete rt 65520:1
+
+
+
+allow quick from 2001:db8:1:1::11
+
+
+
+# ---------------------------------------------
+# client AS1_2, outbound
+
+deny quick to 2001:db8:1:1::11 community 65520:0
+
+
+
+# Blackhole request?
+# No blackhole filtering policy given
+deny quick to 2001:db8:1:1::11 community BLACKHOLE
+
+
+
+# NO_EXPORT and NO_ADVERTISE communities
+
+# BGP control communities
+allow to 2001:db8:1:1::11
+
+
+# Add the $INTCOMM_PROCESS_PREPEND_COMMS ext community to signal that communities
+# for prepending can be processed. As soon as one prepending action is performed,
+# this internal community is removed, so that further actions are not processed.
+match to 2001:db8:1:1::11 set ext-community $INTCOMM_PROCESS_PREPEND_COMMS
+
+
+
+
+
+# ---------------------------------------------
+# client AS2_1, inbound
+
+
+
+# NEXT_HOP
+match from 192.0.2.21 set community NO_ADVERTISE
+match from 192.0.2.21 nexthop 192.0.2.21 set community delete NO_ADVERTISE
+# Reject inbound routes when 'from 192.0.2.21 community NO_ADVERTISE' - reject code: 5
+allow quick from 192.0.2.21 community NO_ADVERTISE set {
+	localpref 1
+	community 65520:0
+	community 65520:5
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: left-most ASN
+# Reject inbound routes when 'from 192.0.2.21 peer-as != 2' - reject code: 6
+# community from reject_cause_map
+allow quick from 192.0.2.21 peer-as != 2 set {
+	localpref 1
+	community 65520:0
+	community 65520:6
+	large-community 999:1101:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: invalid ASNs
+# Reject inbound routes when 'from 192.0.2.21 AS 23456' - reject code: 7
+allow quick from 192.0.2.21 AS 23456 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 192.0.2.21 AS 64496 - 131071' - reject code: 7
+allow quick from 192.0.2.21 AS 64496 - 131071 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 192.0.2.21 AS 4200000000 - 4294967295' - reject code: 7
+allow quick from 192.0.2.21 AS 4200000000 - 4294967295 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+
+
+
+
+
+
+
+
+
+# Prefix: length
+# Reject inbound routes when 'from 192.0.2.21 prefix 0.0.0.0/0 prefixlen 8 >< 24' - reject code: 13
+allow quick from 192.0.2.21 prefix 0.0.0.0/0 prefixlen 8 >< 24 set {
+	localpref 1
+	community 65520:0
+	community 65520:13
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+# Remove internal communities before accepting the route
+match from 192.0.2.21 set {
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+match from 192.0.2.21 set ext-community delete rt 65520:2
+
+
+
+allow quick from 192.0.2.21
+
+
+
+# ---------------------------------------------
+# client AS2_1, outbound
+
+deny quick to 192.0.2.21 community 65520:0
+
+
+
+# Blackhole request?
+# No blackhole filtering policy given
+deny quick to 192.0.2.21 community BLACKHOLE
+
+
+
+# NO_EXPORT and NO_ADVERTISE communities
+
+# BGP control communities
+allow to 192.0.2.21
+
+
+# Add the $INTCOMM_PROCESS_PREPEND_COMMS ext community to signal that communities
+# for prepending can be processed. As soon as one prepending action is performed,
+# this internal community is removed, so that further actions are not processed.
+match to 192.0.2.21 set ext-community $INTCOMM_PROCESS_PREPEND_COMMS
+
+
+
+
+
+# ---------------------------------------------
+# client AS2_2, inbound
+
+
+
+# NEXT_HOP
+match from 2001:db8:1:1::21 set community NO_ADVERTISE
+match from 2001:db8:1:1::21 nexthop 2001:db8:1:1::21 set community delete NO_ADVERTISE
+# Reject inbound routes when 'from 2001:db8:1:1::21 community NO_ADVERTISE' - reject code: 5
+allow quick from 2001:db8:1:1::21 community NO_ADVERTISE set {
+	localpref 1
+	community 65520:0
+	community 65520:5
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: left-most ASN
+# Reject inbound routes when 'from 2001:db8:1:1::21 peer-as != 2' - reject code: 6
+# community from reject_cause_map
+allow quick from 2001:db8:1:1::21 peer-as != 2 set {
+	localpref 1
+	community 65520:0
+	community 65520:6
+	large-community 999:1101:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: invalid ASNs
+# Reject inbound routes when 'from 2001:db8:1:1::21 AS 23456' - reject code: 7
+allow quick from 2001:db8:1:1::21 AS 23456 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 2001:db8:1:1::21 AS 64496 - 131071' - reject code: 7
+allow quick from 2001:db8:1:1::21 AS 64496 - 131071 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 2001:db8:1:1::21 AS 4200000000 - 4294967295' - reject code: 7
+allow quick from 2001:db8:1:1::21 AS 4200000000 - 4294967295 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+
+
+
+
+
+
+
+
+
+# Prefix: length
+# Reject inbound routes when 'from 2001:db8:1:1::21 prefix ::/0 prefixlen 12 >< 48' - reject code: 13
+allow quick from 2001:db8:1:1::21 prefix ::/0 prefixlen 12 >< 48 set {
+	localpref 1
+	community 65520:0
+	community 65520:13
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+# Remove internal communities before accepting the route
+match from 2001:db8:1:1::21 set {
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+match from 2001:db8:1:1::21 set ext-community delete rt 65520:2
+
+
+
+allow quick from 2001:db8:1:1::21
+
+
+
+# ---------------------------------------------
+# client AS2_2, outbound
+
+deny quick to 2001:db8:1:1::21 community 65520:0
+
+
+
+# Blackhole request?
+# No blackhole filtering policy given
+deny quick to 2001:db8:1:1::21 community BLACKHOLE
+
+
+
+# NO_EXPORT and NO_ADVERTISE communities
+
+# BGP control communities
+allow to 2001:db8:1:1::21
+
+
+# Add the $INTCOMM_PROCESS_PREPEND_COMMS ext community to signal that communities
+# for prepending can be processed. As soon as one prepending action is performed,
+# this internal community is removed, so that further actions are not processed.
+match to 2001:db8:1:1::21 set ext-community $INTCOMM_PROCESS_PREPEND_COMMS
+
+
+
+
+
+# ---------------------------------------------
+# client AS3_1, inbound
+
+
+
+# NEXT_HOP
+match from 192.0.2.31 set community NO_ADVERTISE
+match from 192.0.2.31 nexthop 192.0.2.31 set community delete NO_ADVERTISE
+# Reject inbound routes when 'from 192.0.2.31 community NO_ADVERTISE' - reject code: 5
+allow quick from 192.0.2.31 community NO_ADVERTISE set {
+	localpref 1
+	community 65520:0
+	community 65520:5
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: left-most ASN
+# Reject inbound routes when 'from 192.0.2.31 peer-as != 3' - reject code: 6
+# community from reject_cause_map
+allow quick from 192.0.2.31 peer-as != 3 set {
+	localpref 1
+	community 65520:0
+	community 65520:6
+	large-community 999:1101:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: invalid ASNs
+# Reject inbound routes when 'from 192.0.2.31 AS 23456' - reject code: 7
+allow quick from 192.0.2.31 AS 23456 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 192.0.2.31 AS 64496 - 131071' - reject code: 7
+allow quick from 192.0.2.31 AS 64496 - 131071 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 192.0.2.31 AS 4200000000 - 4294967295' - reject code: 7
+allow quick from 192.0.2.31 AS 4200000000 - 4294967295 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+
+
+
+
+
+
+
+
+
+# Prefix: length
+# Reject inbound routes when 'from 192.0.2.31 prefix 0.0.0.0/0 prefixlen 8 >< 24' - reject code: 13
+allow quick from 192.0.2.31 prefix 0.0.0.0/0 prefixlen 8 >< 24 set {
+	localpref 1
+	community 65520:0
+	community 65520:13
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+# Remove internal communities before accepting the route
+match from 192.0.2.31 set {
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+match from 192.0.2.31 set ext-community delete rt 65520:3
+
+
+
+allow quick from 192.0.2.31
+
+
+
+# ---------------------------------------------
+# client AS3_1, outbound
+
+deny quick to 192.0.2.31 community 65520:0
+
+
+
+# Blackhole request?
+# No blackhole filtering policy given
+deny quick to 192.0.2.31 community BLACKHOLE
+
+
+
+# NO_EXPORT and NO_ADVERTISE communities
+
+# BGP control communities
+allow to 192.0.2.31
+
+
+# Add the $INTCOMM_PROCESS_PREPEND_COMMS ext community to signal that communities
+# for prepending can be processed. As soon as one prepending action is performed,
+# this internal community is removed, so that further actions are not processed.
+match to 192.0.2.31 set ext-community $INTCOMM_PROCESS_PREPEND_COMMS
+
+
+
+
+
+# ---------------------------------------------
+# client AS3_2, inbound
+
+
+
+# NEXT_HOP
+match from 2001:db8:1:1::31 set community NO_ADVERTISE
+match from 2001:db8:1:1::31 nexthop 2001:db8:1:1::31 set community delete NO_ADVERTISE
+# Reject inbound routes when 'from 2001:db8:1:1::31 community NO_ADVERTISE' - reject code: 5
+allow quick from 2001:db8:1:1::31 community NO_ADVERTISE set {
+	localpref 1
+	community 65520:0
+	community 65520:5
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: left-most ASN
+# Reject inbound routes when 'from 2001:db8:1:1::31 peer-as != 3' - reject code: 6
+# community from reject_cause_map
+allow quick from 2001:db8:1:1::31 peer-as != 3 set {
+	localpref 1
+	community 65520:0
+	community 65520:6
+	large-community 999:1101:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: invalid ASNs
+# Reject inbound routes when 'from 2001:db8:1:1::31 AS 23456' - reject code: 7
+allow quick from 2001:db8:1:1::31 AS 23456 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 2001:db8:1:1::31 AS 64496 - 131071' - reject code: 7
+allow quick from 2001:db8:1:1::31 AS 64496 - 131071 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 2001:db8:1:1::31 AS 4200000000 - 4294967295' - reject code: 7
+allow quick from 2001:db8:1:1::31 AS 4200000000 - 4294967295 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+
+
+
+
+
+
+
+
+
+# Prefix: length
+# Reject inbound routes when 'from 2001:db8:1:1::31 prefix ::/0 prefixlen 12 >< 48' - reject code: 13
+allow quick from 2001:db8:1:1::31 prefix ::/0 prefixlen 12 >< 48 set {
+	localpref 1
+	community 65520:0
+	community 65520:13
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+# Remove internal communities before accepting the route
+match from 2001:db8:1:1::31 set {
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+match from 2001:db8:1:1::31 set ext-community delete rt 65520:3
+
+
+
+allow quick from 2001:db8:1:1::31
+
+
+
+# ---------------------------------------------
+# client AS3_2, outbound
+
+deny quick to 2001:db8:1:1::31 community 65520:0
+
+
+
+# Blackhole request?
+# No blackhole filtering policy given
+deny quick to 2001:db8:1:1::31 community BLACKHOLE
+
+
+
+# NO_EXPORT and NO_ADVERTISE communities
+
+# BGP control communities
+allow to 2001:db8:1:1::31
+
+
+# Add the $INTCOMM_PROCESS_PREPEND_COMMS ext community to signal that communities
+# for prepending can be processed. As soon as one prepending action is performed,
+# this internal community is removed, so that further actions are not processed.
+match to 2001:db8:1:1::31 set ext-community $INTCOMM_PROCESS_PREPEND_COMMS
+
+
+
+
+
+# ---------------------------------------------
+# client AS4_1, inbound
+
+
+
+# NEXT_HOP
+match from 192.0.2.41 set community NO_ADVERTISE
+match from 192.0.2.41 nexthop 192.0.2.41 set community delete NO_ADVERTISE
+# Reject inbound routes when 'from 192.0.2.41 community NO_ADVERTISE' - reject code: 5
+allow quick from 192.0.2.41 community NO_ADVERTISE set {
+	localpref 1
+	community 65520:0
+	community 65520:5
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: left-most ASN
+# Reject inbound routes when 'from 192.0.2.41 peer-as != 4' - reject code: 6
+# community from reject_cause_map
+allow quick from 192.0.2.41 peer-as != 4 set {
+	localpref 1
+	community 65520:0
+	community 65520:6
+	large-community 999:1101:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: invalid ASNs
+# Reject inbound routes when 'from 192.0.2.41 AS 23456' - reject code: 7
+allow quick from 192.0.2.41 AS 23456 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 192.0.2.41 AS 64496 - 131071' - reject code: 7
+allow quick from 192.0.2.41 AS 64496 - 131071 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 192.0.2.41 AS 4200000000 - 4294967295' - reject code: 7
+allow quick from 192.0.2.41 AS 4200000000 - 4294967295 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+
+
+
+
+
+
+
+
+
+# Prefix: length
+# Reject inbound routes when 'from 192.0.2.41 prefix 0.0.0.0/0 prefixlen 8 >< 24' - reject code: 13
+allow quick from 192.0.2.41 prefix 0.0.0.0/0 prefixlen 8 >< 24 set {
+	localpref 1
+	community 65520:0
+	community 65520:13
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+# Remove internal communities before accepting the route
+match from 192.0.2.41 set {
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+match from 192.0.2.41 set ext-community delete rt 65520:4
+
+
+
+allow quick from 192.0.2.41
+
+
+
+# ---------------------------------------------
+# client AS4_1, outbound
+
+deny quick to 192.0.2.41 community 65520:0
+
+
+
+# Blackhole request?
+# No blackhole filtering policy given
+deny quick to 192.0.2.41 community BLACKHOLE
+
+
+
+# NO_EXPORT and NO_ADVERTISE communities
+
+# BGP control communities
+allow to 192.0.2.41
+
+
+# Add the $INTCOMM_PROCESS_PREPEND_COMMS ext community to signal that communities
+# for prepending can be processed. As soon as one prepending action is performed,
+# this internal community is removed, so that further actions are not processed.
+match to 192.0.2.41 set ext-community $INTCOMM_PROCESS_PREPEND_COMMS
+
+
+
+
+
+# ---------------------------------------------
+# client AS4_2, inbound
+
+
+
+# NEXT_HOP
+match from 2001:db8:1:1::41 set community NO_ADVERTISE
+match from 2001:db8:1:1::41 nexthop 2001:db8:1:1::41 set community delete NO_ADVERTISE
+# Reject inbound routes when 'from 2001:db8:1:1::41 community NO_ADVERTISE' - reject code: 5
+allow quick from 2001:db8:1:1::41 community NO_ADVERTISE set {
+	localpref 1
+	community 65520:0
+	community 65520:5
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: left-most ASN
+# Reject inbound routes when 'from 2001:db8:1:1::41 peer-as != 4' - reject code: 6
+# community from reject_cause_map
+allow quick from 2001:db8:1:1::41 peer-as != 4 set {
+	localpref 1
+	community 65520:0
+	community 65520:6
+	large-community 999:1101:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: invalid ASNs
+# Reject inbound routes when 'from 2001:db8:1:1::41 AS 23456' - reject code: 7
+allow quick from 2001:db8:1:1::41 AS 23456 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 2001:db8:1:1::41 AS 64496 - 131071' - reject code: 7
+allow quick from 2001:db8:1:1::41 AS 64496 - 131071 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 2001:db8:1:1::41 AS 4200000000 - 4294967295' - reject code: 7
+allow quick from 2001:db8:1:1::41 AS 4200000000 - 4294967295 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+
+
+
+
+
+
+
+
+
+# Prefix: length
+# Reject inbound routes when 'from 2001:db8:1:1::41 prefix ::/0 prefixlen 12 >< 48' - reject code: 13
+allow quick from 2001:db8:1:1::41 prefix ::/0 prefixlen 12 >< 48 set {
+	localpref 1
+	community 65520:0
+	community 65520:13
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+# Remove internal communities before accepting the route
+match from 2001:db8:1:1::41 set {
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+match from 2001:db8:1:1::41 set ext-community delete rt 65520:4
+
+
+
+allow quick from 2001:db8:1:1::41
+
+
+
+# ---------------------------------------------
+# client AS4_2, outbound
+
+deny quick to 2001:db8:1:1::41 community 65520:0
+
+
+
+# Blackhole request?
+# No blackhole filtering policy given
+deny quick to 2001:db8:1:1::41 community BLACKHOLE
+
+
+
+# NO_EXPORT and NO_ADVERTISE communities
+
+# BGP control communities
+allow to 2001:db8:1:1::41
+
+
+# Add the $INTCOMM_PROCESS_PREPEND_COMMS ext community to signal that communities
+# for prepending can be processed. As soon as one prepending action is performed,
+# this internal community is removed, so that further actions are not processed.
+match to 2001:db8:1:1::41 set ext-community $INTCOMM_PROCESS_PREPEND_COMMS
+
+
+
+
+
+
+
+# Scrub communities from outbound routes
+# reject_cause
+match to group clients set community delete 65520:*
+
+# reject_cause_map_6
+match to group clients set large-community delete 999:1101:7
+
+# rejected_route_announced_by
+match to group clients set ext-community delete rt 65520:*
+
+
+# Scrub prepending communities
+
+
+# RFC1997 NO_EXPORT/NO_ADVERTISE received from clients and propagated because of pass-through policy
+match to group clients ext-community $INTCOMM_NO_EXPORT set community NO_EXPORT
+match to group clients ext-community $INTCOMM_NO_ADVERTISE set community NO_ADVERTISE
+
+# Remove internal communities before announcing the route
+match to group clients set {
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
diff --git a/tests/live_tests/scenarios/max_prefix/configs/MaxPrefixScenario_OpenBGPDIPv4/openbgpd77p.conf b/tests/live_tests/scenarios/max_prefix/configs/MaxPrefixScenario_OpenBGPDIPv4/openbgpd77p.conf
new file mode 100644
index 00000000..b5874e6e
--- /dev/null
+++ b/tests/live_tests/scenarios/max_prefix/configs/MaxPrefixScenario_OpenBGPDIPv4/openbgpd77p.conf
@@ -0,0 +1,2263 @@
+# built by ARouteServer
+AS 999
+router-id 192.0.2.2
+
+fib-update no
+log updates
+
+nexthop qualify via default
+
+rde evaluate all
+
+INTCOMM_PREF_OK_ROA="soo 65535:1"
+INTCOMM_ROUTE_OK_WL="soo 65535:2"
+INTCOMM_PREF_OK_ARINDB="soo 65535:3"
+INTCOMM_PREF_OK_REGISTROBRDB="soo 65535:12"
+
+INTCOMM_ORIGIN_OK="soo 65535:4"
+INTCOMM_ORIGIN_KO="soo 65535:5"
+INTCOMM_PREFIX_OK="soo 65535:6"
+INTCOMM_PREFIX_KO="soo 65535:7"
+INTCOMM_IRR_REJECT="soo 65535:8"
+
+INTCOMM_RPKI_UNKNOWN="soo 65535:9"
+INTCOMM_RPKI_INVALID="soo 65535:10"
+INTCOMM_RPKI_VALID="soo 65535:11"
+
+INTCOMM_PROCESS_PREPEND_COMMS="soo 65535:13"
+
+INTCOMM_NO_EXPORT="soo 65535:65281"
+INTCOMM_NO_ADVERTISE="soo 65535:65282"
+
+# ---------------------------------------------------------
+# IRRDB
+
+
+
+
+# ---------------------------------------------------------
+# MEMBERS
+
+group "clients" {
+
+	neighbor 192.0.2.11 {
+		remote-as 1
+
+		rde evaluate all
+
+		passive
+		ttl-security no
+		max-prefix 4
+		transparent-as yes
+		enforce neighbor-as no
+
+		announce as-4byte yes
+		announce IPv6 none
+		announce IPv4 unicast
+
+		set nexthop no-modify
+	}
+
+	neighbor 2001:db8:1:1::11 {
+		remote-as 1
+
+		rde evaluate all
+
+		passive
+		ttl-security no
+		max-prefix 4
+		transparent-as yes
+		enforce neighbor-as no
+
+		announce as-4byte yes
+		announce IPv6 unicast
+		announce IPv4 none
+
+		set nexthop no-modify
+	}
+
+	neighbor 192.0.2.21 {
+		remote-as 2
+
+		rde evaluate all
+
+		passive
+		ttl-security no
+		max-prefix 3
+		transparent-as yes
+		enforce neighbor-as no
+
+		announce as-4byte yes
+		announce IPv6 none
+		announce IPv4 unicast
+
+		set nexthop no-modify
+	}
+
+	neighbor 2001:db8:1:1::21 {
+		remote-as 2
+
+		rde evaluate all
+
+		passive
+		ttl-security no
+		max-prefix 3
+		transparent-as yes
+		enforce neighbor-as no
+
+		announce as-4byte yes
+		announce IPv6 unicast
+		announce IPv4 none
+
+		set nexthop no-modify
+	}
+
+	neighbor 192.0.2.31 {
+		remote-as 3
+
+		rde evaluate all
+
+		passive
+		ttl-security no
+		max-prefix 2
+		transparent-as yes
+		enforce neighbor-as no
+
+		announce as-4byte yes
+		announce IPv6 none
+		announce IPv4 unicast
+
+		set nexthop no-modify
+	}
+
+	neighbor 2001:db8:1:1::31 {
+		remote-as 3
+
+		rde evaluate all
+
+		passive
+		ttl-security no
+		max-prefix 2
+		transparent-as yes
+		enforce neighbor-as no
+
+		announce as-4byte yes
+		announce IPv6 unicast
+		announce IPv4 none
+
+		set nexthop no-modify
+	}
+
+	neighbor 192.0.2.41 {
+		remote-as 4
+
+		rde evaluate all
+
+		passive
+		ttl-security no
+		max-prefix 6
+		transparent-as yes
+		enforce neighbor-as no
+
+		announce as-4byte yes
+		announce IPv6 none
+		announce IPv4 unicast
+
+		set nexthop no-modify
+	}
+
+	neighbor 2001:db8:1:1::41 {
+		remote-as 4
+
+		rde evaluate all
+
+		passive
+		ttl-security no
+		max-prefix 6
+		transparent-as yes
+		enforce neighbor-as no
+
+		announce as-4byte yes
+		announce IPv6 unicast
+		announce IPv4 none
+
+		set nexthop no-modify
+	}
+}
+
+
+
+# ---------------------------------------------------------
+# FILTERS
+
+# NO_ADVERTISE usage notes.
+# The NO_ADVERTISE well-know community is used here to handle
+# filters that span over multiple steps. At first it is added
+# to any route, then it is removed as filters conditions are
+# satisfied. Finally, if it is still present, it means that
+# the route should be discarded.
+
+
+
+
+
+prefix-set "bogons" {
+    0.0.0.0/0
+    0.0.0.0/8 prefixlen 8 - 32
+    10.0.0.0/8 prefixlen 8 - 32
+    127.0.0.0/8 prefixlen 8 - 32
+    169.254.0.0/16 prefixlen 16 - 32
+    172.16.0.0/12 prefixlen 12 - 32
+    192.0.2.0/24 prefixlen 24 - 32
+    192.88.99.0/24 prefixlen 24 - 32
+    192.168.0.0/16 prefixlen 16 - 32
+    198.18.0.0/15 prefixlen 15 - 32
+    198.51.100.0/24 prefixlen 24 - 32
+    203.0.113.0/24 prefixlen 24 - 32
+    224.0.0.0/3 prefixlen 3 - 32
+    100.64.0.0/10 prefixlen 10 - 32
+    ::/0
+    ::/8 prefixlen 8 - 128
+    64:ff9b::/96 prefixlen 96 - 128
+    100::/8 prefixlen 8 - 128
+    200::/7 prefixlen 7 - 128
+    400::/6 prefixlen 6 - 128
+    800::/5 prefixlen 5 - 128
+    1000::/4 prefixlen 4 - 128
+    2001::/33 prefixlen 33 - 128
+    2001:0:8000::/33 prefixlen 33 - 128
+    2001:2::/48 prefixlen 48 - 128
+    2001:3::/32 prefixlen 32 - 128
+    2001:10::/28 prefixlen 28 - 128
+    2001:20::/28 prefixlen 28 - 128
+    2001:db8::/32 prefixlen 32 - 128
+    2002::/16 prefixlen 16 - 128
+    3ffe::/16 prefixlen 16 - 128
+    4000::/3 prefixlen 3 - 128
+    5f00::/8 prefixlen 8 - 128
+    6000::/3 prefixlen 3 - 128
+    8000::/3 prefixlen 3 - 128
+    a000::/3 prefixlen 3 - 128
+    c000::/3 prefixlen 3 - 128
+    e000::/4 prefixlen 4 - 128
+    f000::/5 prefixlen 5 - 128
+    f800::/6 prefixlen 6 - 128
+    fc00::/7 prefixlen 7 - 128
+    fe80::/10 prefixlen 10 - 128
+    fec0::/10 prefixlen 10 - 128
+    ff00::/8 prefixlen 8 - 128
+
+}
+
+
+# =====================================================================================
+# Global rules.
+
+# This part of configuration is processed at the beginning of the filters.
+# The rules defined in this part are applied to all the clients, and not on a
+# client-by-client basis (see the 'match from group clients'), so only global policies
+# can be implemented here, that is no client-level configuration are allowed.
+
+
+
+# Scrub communities from inbound routes
+# reject_cause
+match from group clients set community delete 65520:*
+
+# reject_cause_map_6
+match from group clients set large-community delete 999:1101:7
+
+# rejected_route_announced_by
+match from group clients set ext-community delete rt 65520:*
+
+
+# Scrub internal communities from inbound routes
+match from group clients set {
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+# The main goal of this block is to enrich routes received from clients by attaching to them
+# internal informational communities which are used later by the rest of the filter rules.
+
+# Internal communities used for RFC1997 well-known communities handling
+
+# Transform NO_EXPORT into $INTCOMM_NO_EXPORT
+match from group clients community NO_EXPORT set { ext-community $INTCOMM_NO_EXPORT community delete NO_EXPORT }
+
+# Transform NO_ADVERTISE into $INTCOMM_NO_ADVERTISE
+match from group clients community NO_ADVERTISE set { ext-community $INTCOMM_NO_ADVERTISE community delete NO_ADVERTISE }
+
+
+
+
+
+
+
+
+
+# Set the 'rejected_route_announced_by' community for all the clients.
+# It will be removed later if the route is not invalid
+match from 192.0.2.11 set ext-community rt 65520:1
+
+match from 2001:db8:1:1::11 set ext-community rt 65520:1
+
+match from 192.0.2.21 set ext-community rt 65520:2
+
+match from 2001:db8:1:1::21 set ext-community rt 65520:2
+
+match from 192.0.2.31 set ext-community rt 65520:3
+
+match from 2001:db8:1:1::31 set ext-community rt 65520:3
+
+match from 192.0.2.41 set ext-community rt 65520:4
+
+match from 2001:db8:1:1::41 set ext-community rt 65520:4
+
+
+
+
+# AS_PATH: length
+# Reject inbound routes when 'from group clients max-as-len 32' - reject code: 1
+allow quick from group clients max-as-len 32 set {
+	localpref 1
+	community 65520:0
+	community 65520:1
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+# Prefix: only IPv6 Global Unicast space allowed
+match from group clients inet6 set community NO_ADVERTISE
+match from group clients prefix 2000::/3 or-longer set community delete NO_ADVERTISE
+# Reject inbound routes when 'from group clients community NO_ADVERTISE' - reject code: 10
+allow quick from group clients community NO_ADVERTISE set {
+	localpref 1
+	community 65520:0
+	community 65520:10
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# Prefix: bogon
+# Reject inbound routes when 'from group clients prefix-set bogons' - reject code: 2
+allow quick from group clients prefix-set bogons set {
+	localpref 1
+	community 65520:0
+	community 65520:2
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+
+# =====================================================================================
+# Per client rules.
+
+
+# ---------------------------------------------
+# client AS1_1, inbound
+
+
+
+# NEXT_HOP
+match from 192.0.2.11 set community NO_ADVERTISE
+match from 192.0.2.11 nexthop 192.0.2.11 set community delete NO_ADVERTISE
+# Reject inbound routes when 'from 192.0.2.11 community NO_ADVERTISE' - reject code: 5
+allow quick from 192.0.2.11 community NO_ADVERTISE set {
+	localpref 1
+	community 65520:0
+	community 65520:5
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: left-most ASN
+# Reject inbound routes when 'from 192.0.2.11 peer-as != 1' - reject code: 6
+# community from reject_cause_map
+allow quick from 192.0.2.11 peer-as != 1 set {
+	localpref 1
+	community 65520:0
+	community 65520:6
+	large-community 999:1101:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: invalid ASNs
+# Reject inbound routes when 'from 192.0.2.11 AS 23456' - reject code: 7
+allow quick from 192.0.2.11 AS 23456 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 192.0.2.11 AS 64496 - 131071' - reject code: 7
+allow quick from 192.0.2.11 AS 64496 - 131071 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 192.0.2.11 AS 4200000000 - 4294967295' - reject code: 7
+allow quick from 192.0.2.11 AS 4200000000 - 4294967295 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+
+
+
+
+
+
+
+
+
+# Prefix: length
+# Reject inbound routes when 'from 192.0.2.11 prefix 0.0.0.0/0 prefixlen 8 >< 24' - reject code: 13
+allow quick from 192.0.2.11 prefix 0.0.0.0/0 prefixlen 8 >< 24 set {
+	localpref 1
+	community 65520:0
+	community 65520:13
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+# Remove internal communities before accepting the route
+match from 192.0.2.11 set {
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+match from 192.0.2.11 set ext-community delete rt 65520:1
+
+
+
+allow quick from 192.0.2.11
+
+
+
+# ---------------------------------------------
+# client AS1_1, outbound
+
+deny quick to 192.0.2.11 community 65520:0
+
+
+
+# Blackhole request?
+# No blackhole filtering policy given
+deny quick to 192.0.2.11 community BLACKHOLE
+
+
+
+# NO_EXPORT and NO_ADVERTISE communities
+
+# BGP control communities
+allow to 192.0.2.11
+
+
+# Add the $INTCOMM_PROCESS_PREPEND_COMMS ext community to signal that communities
+# for prepending can be processed. As soon as one prepending action is performed,
+# this internal community is removed, so that further actions are not processed.
+match to 192.0.2.11 set ext-community $INTCOMM_PROCESS_PREPEND_COMMS
+
+
+
+
+
+# ---------------------------------------------
+# client AS1_2, inbound
+
+
+
+# NEXT_HOP
+match from 2001:db8:1:1::11 set community NO_ADVERTISE
+match from 2001:db8:1:1::11 nexthop 2001:db8:1:1::11 set community delete NO_ADVERTISE
+# Reject inbound routes when 'from 2001:db8:1:1::11 community NO_ADVERTISE' - reject code: 5
+allow quick from 2001:db8:1:1::11 community NO_ADVERTISE set {
+	localpref 1
+	community 65520:0
+	community 65520:5
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: left-most ASN
+# Reject inbound routes when 'from 2001:db8:1:1::11 peer-as != 1' - reject code: 6
+# community from reject_cause_map
+allow quick from 2001:db8:1:1::11 peer-as != 1 set {
+	localpref 1
+	community 65520:0
+	community 65520:6
+	large-community 999:1101:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: invalid ASNs
+# Reject inbound routes when 'from 2001:db8:1:1::11 AS 23456' - reject code: 7
+allow quick from 2001:db8:1:1::11 AS 23456 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 2001:db8:1:1::11 AS 64496 - 131071' - reject code: 7
+allow quick from 2001:db8:1:1::11 AS 64496 - 131071 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 2001:db8:1:1::11 AS 4200000000 - 4294967295' - reject code: 7
+allow quick from 2001:db8:1:1::11 AS 4200000000 - 4294967295 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+
+
+
+
+
+
+
+
+
+# Prefix: length
+# Reject inbound routes when 'from 2001:db8:1:1::11 prefix ::/0 prefixlen 12 >< 48' - reject code: 13
+allow quick from 2001:db8:1:1::11 prefix ::/0 prefixlen 12 >< 48 set {
+	localpref 1
+	community 65520:0
+	community 65520:13
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+# Remove internal communities before accepting the route
+match from 2001:db8:1:1::11 set {
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+match from 2001:db8:1:1::11 set ext-community delete rt 65520:1
+
+
+
+allow quick from 2001:db8:1:1::11
+
+
+
+# ---------------------------------------------
+# client AS1_2, outbound
+
+deny quick to 2001:db8:1:1::11 community 65520:0
+
+
+
+# Blackhole request?
+# No blackhole filtering policy given
+deny quick to 2001:db8:1:1::11 community BLACKHOLE
+
+
+
+# NO_EXPORT and NO_ADVERTISE communities
+
+# BGP control communities
+allow to 2001:db8:1:1::11
+
+
+# Add the $INTCOMM_PROCESS_PREPEND_COMMS ext community to signal that communities
+# for prepending can be processed. As soon as one prepending action is performed,
+# this internal community is removed, so that further actions are not processed.
+match to 2001:db8:1:1::11 set ext-community $INTCOMM_PROCESS_PREPEND_COMMS
+
+
+
+
+
+# ---------------------------------------------
+# client AS2_1, inbound
+
+
+
+# NEXT_HOP
+match from 192.0.2.21 set community NO_ADVERTISE
+match from 192.0.2.21 nexthop 192.0.2.21 set community delete NO_ADVERTISE
+# Reject inbound routes when 'from 192.0.2.21 community NO_ADVERTISE' - reject code: 5
+allow quick from 192.0.2.21 community NO_ADVERTISE set {
+	localpref 1
+	community 65520:0
+	community 65520:5
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: left-most ASN
+# Reject inbound routes when 'from 192.0.2.21 peer-as != 2' - reject code: 6
+# community from reject_cause_map
+allow quick from 192.0.2.21 peer-as != 2 set {
+	localpref 1
+	community 65520:0
+	community 65520:6
+	large-community 999:1101:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: invalid ASNs
+# Reject inbound routes when 'from 192.0.2.21 AS 23456' - reject code: 7
+allow quick from 192.0.2.21 AS 23456 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 192.0.2.21 AS 64496 - 131071' - reject code: 7
+allow quick from 192.0.2.21 AS 64496 - 131071 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 192.0.2.21 AS 4200000000 - 4294967295' - reject code: 7
+allow quick from 192.0.2.21 AS 4200000000 - 4294967295 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+
+
+
+
+
+
+
+
+
+# Prefix: length
+# Reject inbound routes when 'from 192.0.2.21 prefix 0.0.0.0/0 prefixlen 8 >< 24' - reject code: 13
+allow quick from 192.0.2.21 prefix 0.0.0.0/0 prefixlen 8 >< 24 set {
+	localpref 1
+	community 65520:0
+	community 65520:13
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+# Remove internal communities before accepting the route
+match from 192.0.2.21 set {
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+match from 192.0.2.21 set ext-community delete rt 65520:2
+
+
+
+allow quick from 192.0.2.21
+
+
+
+# ---------------------------------------------
+# client AS2_1, outbound
+
+deny quick to 192.0.2.21 community 65520:0
+
+
+
+# Blackhole request?
+# No blackhole filtering policy given
+deny quick to 192.0.2.21 community BLACKHOLE
+
+
+
+# NO_EXPORT and NO_ADVERTISE communities
+
+# BGP control communities
+allow to 192.0.2.21
+
+
+# Add the $INTCOMM_PROCESS_PREPEND_COMMS ext community to signal that communities
+# for prepending can be processed. As soon as one prepending action is performed,
+# this internal community is removed, so that further actions are not processed.
+match to 192.0.2.21 set ext-community $INTCOMM_PROCESS_PREPEND_COMMS
+
+
+
+
+
+# ---------------------------------------------
+# client AS2_2, inbound
+
+
+
+# NEXT_HOP
+match from 2001:db8:1:1::21 set community NO_ADVERTISE
+match from 2001:db8:1:1::21 nexthop 2001:db8:1:1::21 set community delete NO_ADVERTISE
+# Reject inbound routes when 'from 2001:db8:1:1::21 community NO_ADVERTISE' - reject code: 5
+allow quick from 2001:db8:1:1::21 community NO_ADVERTISE set {
+	localpref 1
+	community 65520:0
+	community 65520:5
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: left-most ASN
+# Reject inbound routes when 'from 2001:db8:1:1::21 peer-as != 2' - reject code: 6
+# community from reject_cause_map
+allow quick from 2001:db8:1:1::21 peer-as != 2 set {
+	localpref 1
+	community 65520:0
+	community 65520:6
+	large-community 999:1101:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: invalid ASNs
+# Reject inbound routes when 'from 2001:db8:1:1::21 AS 23456' - reject code: 7
+allow quick from 2001:db8:1:1::21 AS 23456 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 2001:db8:1:1::21 AS 64496 - 131071' - reject code: 7
+allow quick from 2001:db8:1:1::21 AS 64496 - 131071 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 2001:db8:1:1::21 AS 4200000000 - 4294967295' - reject code: 7
+allow quick from 2001:db8:1:1::21 AS 4200000000 - 4294967295 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+
+
+
+
+
+
+
+
+
+# Prefix: length
+# Reject inbound routes when 'from 2001:db8:1:1::21 prefix ::/0 prefixlen 12 >< 48' - reject code: 13
+allow quick from 2001:db8:1:1::21 prefix ::/0 prefixlen 12 >< 48 set {
+	localpref 1
+	community 65520:0
+	community 65520:13
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+# Remove internal communities before accepting the route
+match from 2001:db8:1:1::21 set {
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+match from 2001:db8:1:1::21 set ext-community delete rt 65520:2
+
+
+
+allow quick from 2001:db8:1:1::21
+
+
+
+# ---------------------------------------------
+# client AS2_2, outbound
+
+deny quick to 2001:db8:1:1::21 community 65520:0
+
+
+
+# Blackhole request?
+# No blackhole filtering policy given
+deny quick to 2001:db8:1:1::21 community BLACKHOLE
+
+
+
+# NO_EXPORT and NO_ADVERTISE communities
+
+# BGP control communities
+allow to 2001:db8:1:1::21
+
+
+# Add the $INTCOMM_PROCESS_PREPEND_COMMS ext community to signal that communities
+# for prepending can be processed. As soon as one prepending action is performed,
+# this internal community is removed, so that further actions are not processed.
+match to 2001:db8:1:1::21 set ext-community $INTCOMM_PROCESS_PREPEND_COMMS
+
+
+
+
+
+# ---------------------------------------------
+# client AS3_1, inbound
+
+
+
+# NEXT_HOP
+match from 192.0.2.31 set community NO_ADVERTISE
+match from 192.0.2.31 nexthop 192.0.2.31 set community delete NO_ADVERTISE
+# Reject inbound routes when 'from 192.0.2.31 community NO_ADVERTISE' - reject code: 5
+allow quick from 192.0.2.31 community NO_ADVERTISE set {
+	localpref 1
+	community 65520:0
+	community 65520:5
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: left-most ASN
+# Reject inbound routes when 'from 192.0.2.31 peer-as != 3' - reject code: 6
+# community from reject_cause_map
+allow quick from 192.0.2.31 peer-as != 3 set {
+	localpref 1
+	community 65520:0
+	community 65520:6
+	large-community 999:1101:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: invalid ASNs
+# Reject inbound routes when 'from 192.0.2.31 AS 23456' - reject code: 7
+allow quick from 192.0.2.31 AS 23456 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 192.0.2.31 AS 64496 - 131071' - reject code: 7
+allow quick from 192.0.2.31 AS 64496 - 131071 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 192.0.2.31 AS 4200000000 - 4294967295' - reject code: 7
+allow quick from 192.0.2.31 AS 4200000000 - 4294967295 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+
+
+
+
+
+
+
+
+
+# Prefix: length
+# Reject inbound routes when 'from 192.0.2.31 prefix 0.0.0.0/0 prefixlen 8 >< 24' - reject code: 13
+allow quick from 192.0.2.31 prefix 0.0.0.0/0 prefixlen 8 >< 24 set {
+	localpref 1
+	community 65520:0
+	community 65520:13
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+# Remove internal communities before accepting the route
+match from 192.0.2.31 set {
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+match from 192.0.2.31 set ext-community delete rt 65520:3
+
+
+
+allow quick from 192.0.2.31
+
+
+
+# ---------------------------------------------
+# client AS3_1, outbound
+
+deny quick to 192.0.2.31 community 65520:0
+
+
+
+# Blackhole request?
+# No blackhole filtering policy given
+deny quick to 192.0.2.31 community BLACKHOLE
+
+
+
+# NO_EXPORT and NO_ADVERTISE communities
+
+# BGP control communities
+allow to 192.0.2.31
+
+
+# Add the $INTCOMM_PROCESS_PREPEND_COMMS ext community to signal that communities
+# for prepending can be processed. As soon as one prepending action is performed,
+# this internal community is removed, so that further actions are not processed.
+match to 192.0.2.31 set ext-community $INTCOMM_PROCESS_PREPEND_COMMS
+
+
+
+
+
+# ---------------------------------------------
+# client AS3_2, inbound
+
+
+
+# NEXT_HOP
+match from 2001:db8:1:1::31 set community NO_ADVERTISE
+match from 2001:db8:1:1::31 nexthop 2001:db8:1:1::31 set community delete NO_ADVERTISE
+# Reject inbound routes when 'from 2001:db8:1:1::31 community NO_ADVERTISE' - reject code: 5
+allow quick from 2001:db8:1:1::31 community NO_ADVERTISE set {
+	localpref 1
+	community 65520:0
+	community 65520:5
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: left-most ASN
+# Reject inbound routes when 'from 2001:db8:1:1::31 peer-as != 3' - reject code: 6
+# community from reject_cause_map
+allow quick from 2001:db8:1:1::31 peer-as != 3 set {
+	localpref 1
+	community 65520:0
+	community 65520:6
+	large-community 999:1101:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: invalid ASNs
+# Reject inbound routes when 'from 2001:db8:1:1::31 AS 23456' - reject code: 7
+allow quick from 2001:db8:1:1::31 AS 23456 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 2001:db8:1:1::31 AS 64496 - 131071' - reject code: 7
+allow quick from 2001:db8:1:1::31 AS 64496 - 131071 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 2001:db8:1:1::31 AS 4200000000 - 4294967295' - reject code: 7
+allow quick from 2001:db8:1:1::31 AS 4200000000 - 4294967295 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+
+
+
+
+
+
+
+
+
+# Prefix: length
+# Reject inbound routes when 'from 2001:db8:1:1::31 prefix ::/0 prefixlen 12 >< 48' - reject code: 13
+allow quick from 2001:db8:1:1::31 prefix ::/0 prefixlen 12 >< 48 set {
+	localpref 1
+	community 65520:0
+	community 65520:13
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+# Remove internal communities before accepting the route
+match from 2001:db8:1:1::31 set {
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+match from 2001:db8:1:1::31 set ext-community delete rt 65520:3
+
+
+
+allow quick from 2001:db8:1:1::31
+
+
+
+# ---------------------------------------------
+# client AS3_2, outbound
+
+deny quick to 2001:db8:1:1::31 community 65520:0
+
+
+
+# Blackhole request?
+# No blackhole filtering policy given
+deny quick to 2001:db8:1:1::31 community BLACKHOLE
+
+
+
+# NO_EXPORT and NO_ADVERTISE communities
+
+# BGP control communities
+allow to 2001:db8:1:1::31
+
+
+# Add the $INTCOMM_PROCESS_PREPEND_COMMS ext community to signal that communities
+# for prepending can be processed. As soon as one prepending action is performed,
+# this internal community is removed, so that further actions are not processed.
+match to 2001:db8:1:1::31 set ext-community $INTCOMM_PROCESS_PREPEND_COMMS
+
+
+
+
+
+# ---------------------------------------------
+# client AS4_1, inbound
+
+
+
+# NEXT_HOP
+match from 192.0.2.41 set community NO_ADVERTISE
+match from 192.0.2.41 nexthop 192.0.2.41 set community delete NO_ADVERTISE
+# Reject inbound routes when 'from 192.0.2.41 community NO_ADVERTISE' - reject code: 5
+allow quick from 192.0.2.41 community NO_ADVERTISE set {
+	localpref 1
+	community 65520:0
+	community 65520:5
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: left-most ASN
+# Reject inbound routes when 'from 192.0.2.41 peer-as != 4' - reject code: 6
+# community from reject_cause_map
+allow quick from 192.0.2.41 peer-as != 4 set {
+	localpref 1
+	community 65520:0
+	community 65520:6
+	large-community 999:1101:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: invalid ASNs
+# Reject inbound routes when 'from 192.0.2.41 AS 23456' - reject code: 7
+allow quick from 192.0.2.41 AS 23456 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 192.0.2.41 AS 64496 - 131071' - reject code: 7
+allow quick from 192.0.2.41 AS 64496 - 131071 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 192.0.2.41 AS 4200000000 - 4294967295' - reject code: 7
+allow quick from 192.0.2.41 AS 4200000000 - 4294967295 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+
+
+
+
+
+
+
+
+
+# Prefix: length
+# Reject inbound routes when 'from 192.0.2.41 prefix 0.0.0.0/0 prefixlen 8 >< 24' - reject code: 13
+allow quick from 192.0.2.41 prefix 0.0.0.0/0 prefixlen 8 >< 24 set {
+	localpref 1
+	community 65520:0
+	community 65520:13
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+# Remove internal communities before accepting the route
+match from 192.0.2.41 set {
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+match from 192.0.2.41 set ext-community delete rt 65520:4
+
+
+
+allow quick from 192.0.2.41
+
+
+
+# ---------------------------------------------
+# client AS4_1, outbound
+
+deny quick to 192.0.2.41 community 65520:0
+
+
+
+# Blackhole request?
+# No blackhole filtering policy given
+deny quick to 192.0.2.41 community BLACKHOLE
+
+
+
+# NO_EXPORT and NO_ADVERTISE communities
+
+# BGP control communities
+allow to 192.0.2.41
+
+
+# Add the $INTCOMM_PROCESS_PREPEND_COMMS ext community to signal that communities
+# for prepending can be processed. As soon as one prepending action is performed,
+# this internal community is removed, so that further actions are not processed.
+match to 192.0.2.41 set ext-community $INTCOMM_PROCESS_PREPEND_COMMS
+
+
+
+
+
+# ---------------------------------------------
+# client AS4_2, inbound
+
+
+
+# NEXT_HOP
+match from 2001:db8:1:1::41 set community NO_ADVERTISE
+match from 2001:db8:1:1::41 nexthop 2001:db8:1:1::41 set community delete NO_ADVERTISE
+# Reject inbound routes when 'from 2001:db8:1:1::41 community NO_ADVERTISE' - reject code: 5
+allow quick from 2001:db8:1:1::41 community NO_ADVERTISE set {
+	localpref 1
+	community 65520:0
+	community 65520:5
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: left-most ASN
+# Reject inbound routes when 'from 2001:db8:1:1::41 peer-as != 4' - reject code: 6
+# community from reject_cause_map
+allow quick from 2001:db8:1:1::41 peer-as != 4 set {
+	localpref 1
+	community 65520:0
+	community 65520:6
+	large-community 999:1101:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: invalid ASNs
+# Reject inbound routes when 'from 2001:db8:1:1::41 AS 23456' - reject code: 7
+allow quick from 2001:db8:1:1::41 AS 23456 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 2001:db8:1:1::41 AS 64496 - 131071' - reject code: 7
+allow quick from 2001:db8:1:1::41 AS 64496 - 131071 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 2001:db8:1:1::41 AS 4200000000 - 4294967295' - reject code: 7
+allow quick from 2001:db8:1:1::41 AS 4200000000 - 4294967295 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+
+
+
+
+
+
+
+
+
+# Prefix: length
+# Reject inbound routes when 'from 2001:db8:1:1::41 prefix ::/0 prefixlen 12 >< 48' - reject code: 13
+allow quick from 2001:db8:1:1::41 prefix ::/0 prefixlen 12 >< 48 set {
+	localpref 1
+	community 65520:0
+	community 65520:13
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+# Remove internal communities before accepting the route
+match from 2001:db8:1:1::41 set {
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+match from 2001:db8:1:1::41 set ext-community delete rt 65520:4
+
+
+
+allow quick from 2001:db8:1:1::41
+
+
+
+# ---------------------------------------------
+# client AS4_2, outbound
+
+deny quick to 2001:db8:1:1::41 community 65520:0
+
+
+
+# Blackhole request?
+# No blackhole filtering policy given
+deny quick to 2001:db8:1:1::41 community BLACKHOLE
+
+
+
+# NO_EXPORT and NO_ADVERTISE communities
+
+# BGP control communities
+allow to 2001:db8:1:1::41
+
+
+# Add the $INTCOMM_PROCESS_PREPEND_COMMS ext community to signal that communities
+# for prepending can be processed. As soon as one prepending action is performed,
+# this internal community is removed, so that further actions are not processed.
+match to 2001:db8:1:1::41 set ext-community $INTCOMM_PROCESS_PREPEND_COMMS
+
+
+
+
+
+
+
+# Scrub communities from outbound routes
+# reject_cause
+match to group clients set community delete 65520:*
+
+# reject_cause_map_6
+match to group clients set large-community delete 999:1101:7
+
+# rejected_route_announced_by
+match to group clients set ext-community delete rt 65520:*
+
+
+# Scrub prepending communities
+
+
+# RFC1997 NO_EXPORT/NO_ADVERTISE received from clients and propagated because of pass-through policy
+match to group clients ext-community $INTCOMM_NO_EXPORT set community NO_EXPORT
+match to group clients ext-community $INTCOMM_NO_ADVERTISE set community NO_ADVERTISE
+
+# Remove internal communities before announcing the route
+match to group clients set {
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
diff --git a/tests/live_tests/scenarios/max_prefix/configs/MaxPrefixScenario_OpenBGPDIPv6/openbgpd76p.conf b/tests/live_tests/scenarios/max_prefix/configs/MaxPrefixScenario_OpenBGPDIPv6/openbgpd76p.conf
new file mode 100644
index 00000000..b5874e6e
--- /dev/null
+++ b/tests/live_tests/scenarios/max_prefix/configs/MaxPrefixScenario_OpenBGPDIPv6/openbgpd76p.conf
@@ -0,0 +1,2263 @@
+# built by ARouteServer
+AS 999
+router-id 192.0.2.2
+
+fib-update no
+log updates
+
+nexthop qualify via default
+
+rde evaluate all
+
+INTCOMM_PREF_OK_ROA="soo 65535:1"
+INTCOMM_ROUTE_OK_WL="soo 65535:2"
+INTCOMM_PREF_OK_ARINDB="soo 65535:3"
+INTCOMM_PREF_OK_REGISTROBRDB="soo 65535:12"
+
+INTCOMM_ORIGIN_OK="soo 65535:4"
+INTCOMM_ORIGIN_KO="soo 65535:5"
+INTCOMM_PREFIX_OK="soo 65535:6"
+INTCOMM_PREFIX_KO="soo 65535:7"
+INTCOMM_IRR_REJECT="soo 65535:8"
+
+INTCOMM_RPKI_UNKNOWN="soo 65535:9"
+INTCOMM_RPKI_INVALID="soo 65535:10"
+INTCOMM_RPKI_VALID="soo 65535:11"
+
+INTCOMM_PROCESS_PREPEND_COMMS="soo 65535:13"
+
+INTCOMM_NO_EXPORT="soo 65535:65281"
+INTCOMM_NO_ADVERTISE="soo 65535:65282"
+
+# ---------------------------------------------------------
+# IRRDB
+
+
+
+
+# ---------------------------------------------------------
+# MEMBERS
+
+group "clients" {
+
+	neighbor 192.0.2.11 {
+		remote-as 1
+
+		rde evaluate all
+
+		passive
+		ttl-security no
+		max-prefix 4
+		transparent-as yes
+		enforce neighbor-as no
+
+		announce as-4byte yes
+		announce IPv6 none
+		announce IPv4 unicast
+
+		set nexthop no-modify
+	}
+
+	neighbor 2001:db8:1:1::11 {
+		remote-as 1
+
+		rde evaluate all
+
+		passive
+		ttl-security no
+		max-prefix 4
+		transparent-as yes
+		enforce neighbor-as no
+
+		announce as-4byte yes
+		announce IPv6 unicast
+		announce IPv4 none
+
+		set nexthop no-modify
+	}
+
+	neighbor 192.0.2.21 {
+		remote-as 2
+
+		rde evaluate all
+
+		passive
+		ttl-security no
+		max-prefix 3
+		transparent-as yes
+		enforce neighbor-as no
+
+		announce as-4byte yes
+		announce IPv6 none
+		announce IPv4 unicast
+
+		set nexthop no-modify
+	}
+
+	neighbor 2001:db8:1:1::21 {
+		remote-as 2
+
+		rde evaluate all
+
+		passive
+		ttl-security no
+		max-prefix 3
+		transparent-as yes
+		enforce neighbor-as no
+
+		announce as-4byte yes
+		announce IPv6 unicast
+		announce IPv4 none
+
+		set nexthop no-modify
+	}
+
+	neighbor 192.0.2.31 {
+		remote-as 3
+
+		rde evaluate all
+
+		passive
+		ttl-security no
+		max-prefix 2
+		transparent-as yes
+		enforce neighbor-as no
+
+		announce as-4byte yes
+		announce IPv6 none
+		announce IPv4 unicast
+
+		set nexthop no-modify
+	}
+
+	neighbor 2001:db8:1:1::31 {
+		remote-as 3
+
+		rde evaluate all
+
+		passive
+		ttl-security no
+		max-prefix 2
+		transparent-as yes
+		enforce neighbor-as no
+
+		announce as-4byte yes
+		announce IPv6 unicast
+		announce IPv4 none
+
+		set nexthop no-modify
+	}
+
+	neighbor 192.0.2.41 {
+		remote-as 4
+
+		rde evaluate all
+
+		passive
+		ttl-security no
+		max-prefix 6
+		transparent-as yes
+		enforce neighbor-as no
+
+		announce as-4byte yes
+		announce IPv6 none
+		announce IPv4 unicast
+
+		set nexthop no-modify
+	}
+
+	neighbor 2001:db8:1:1::41 {
+		remote-as 4
+
+		rde evaluate all
+
+		passive
+		ttl-security no
+		max-prefix 6
+		transparent-as yes
+		enforce neighbor-as no
+
+		announce as-4byte yes
+		announce IPv6 unicast
+		announce IPv4 none
+
+		set nexthop no-modify
+	}
+}
+
+
+
+# ---------------------------------------------------------
+# FILTERS
+
+# NO_ADVERTISE usage notes.
+# The NO_ADVERTISE well-know community is used here to handle
+# filters that span over multiple steps. At first it is added
+# to any route, then it is removed as filters conditions are
+# satisfied. Finally, if it is still present, it means that
+# the route should be discarded.
+
+
+
+
+
+prefix-set "bogons" {
+    0.0.0.0/0
+    0.0.0.0/8 prefixlen 8 - 32
+    10.0.0.0/8 prefixlen 8 - 32
+    127.0.0.0/8 prefixlen 8 - 32
+    169.254.0.0/16 prefixlen 16 - 32
+    172.16.0.0/12 prefixlen 12 - 32
+    192.0.2.0/24 prefixlen 24 - 32
+    192.88.99.0/24 prefixlen 24 - 32
+    192.168.0.0/16 prefixlen 16 - 32
+    198.18.0.0/15 prefixlen 15 - 32
+    198.51.100.0/24 prefixlen 24 - 32
+    203.0.113.0/24 prefixlen 24 - 32
+    224.0.0.0/3 prefixlen 3 - 32
+    100.64.0.0/10 prefixlen 10 - 32
+    ::/0
+    ::/8 prefixlen 8 - 128
+    64:ff9b::/96 prefixlen 96 - 128
+    100::/8 prefixlen 8 - 128
+    200::/7 prefixlen 7 - 128
+    400::/6 prefixlen 6 - 128
+    800::/5 prefixlen 5 - 128
+    1000::/4 prefixlen 4 - 128
+    2001::/33 prefixlen 33 - 128
+    2001:0:8000::/33 prefixlen 33 - 128
+    2001:2::/48 prefixlen 48 - 128
+    2001:3::/32 prefixlen 32 - 128
+    2001:10::/28 prefixlen 28 - 128
+    2001:20::/28 prefixlen 28 - 128
+    2001:db8::/32 prefixlen 32 - 128
+    2002::/16 prefixlen 16 - 128
+    3ffe::/16 prefixlen 16 - 128
+    4000::/3 prefixlen 3 - 128
+    5f00::/8 prefixlen 8 - 128
+    6000::/3 prefixlen 3 - 128
+    8000::/3 prefixlen 3 - 128
+    a000::/3 prefixlen 3 - 128
+    c000::/3 prefixlen 3 - 128
+    e000::/4 prefixlen 4 - 128
+    f000::/5 prefixlen 5 - 128
+    f800::/6 prefixlen 6 - 128
+    fc00::/7 prefixlen 7 - 128
+    fe80::/10 prefixlen 10 - 128
+    fec0::/10 prefixlen 10 - 128
+    ff00::/8 prefixlen 8 - 128
+
+}
+
+
+# =====================================================================================
+# Global rules.
+
+# This part of configuration is processed at the beginning of the filters.
+# The rules defined in this part are applied to all the clients, and not on a
+# client-by-client basis (see the 'match from group clients'), so only global policies
+# can be implemented here, that is no client-level configuration are allowed.
+
+
+
+# Scrub communities from inbound routes
+# reject_cause
+match from group clients set community delete 65520:*
+
+# reject_cause_map_6
+match from group clients set large-community delete 999:1101:7
+
+# rejected_route_announced_by
+match from group clients set ext-community delete rt 65520:*
+
+
+# Scrub internal communities from inbound routes
+match from group clients set {
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+# The main goal of this block is to enrich routes received from clients by attaching to them
+# internal informational communities which are used later by the rest of the filter rules.
+
+# Internal communities used for RFC1997 well-known communities handling
+
+# Transform NO_EXPORT into $INTCOMM_NO_EXPORT
+match from group clients community NO_EXPORT set { ext-community $INTCOMM_NO_EXPORT community delete NO_EXPORT }
+
+# Transform NO_ADVERTISE into $INTCOMM_NO_ADVERTISE
+match from group clients community NO_ADVERTISE set { ext-community $INTCOMM_NO_ADVERTISE community delete NO_ADVERTISE }
+
+
+
+
+
+
+
+
+
+# Set the 'rejected_route_announced_by' community for all the clients.
+# It will be removed later if the route is not invalid
+match from 192.0.2.11 set ext-community rt 65520:1
+
+match from 2001:db8:1:1::11 set ext-community rt 65520:1
+
+match from 192.0.2.21 set ext-community rt 65520:2
+
+match from 2001:db8:1:1::21 set ext-community rt 65520:2
+
+match from 192.0.2.31 set ext-community rt 65520:3
+
+match from 2001:db8:1:1::31 set ext-community rt 65520:3
+
+match from 192.0.2.41 set ext-community rt 65520:4
+
+match from 2001:db8:1:1::41 set ext-community rt 65520:4
+
+
+
+
+# AS_PATH: length
+# Reject inbound routes when 'from group clients max-as-len 32' - reject code: 1
+allow quick from group clients max-as-len 32 set {
+	localpref 1
+	community 65520:0
+	community 65520:1
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+# Prefix: only IPv6 Global Unicast space allowed
+match from group clients inet6 set community NO_ADVERTISE
+match from group clients prefix 2000::/3 or-longer set community delete NO_ADVERTISE
+# Reject inbound routes when 'from group clients community NO_ADVERTISE' - reject code: 10
+allow quick from group clients community NO_ADVERTISE set {
+	localpref 1
+	community 65520:0
+	community 65520:10
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# Prefix: bogon
+# Reject inbound routes when 'from group clients prefix-set bogons' - reject code: 2
+allow quick from group clients prefix-set bogons set {
+	localpref 1
+	community 65520:0
+	community 65520:2
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+
+# =====================================================================================
+# Per client rules.
+
+
+# ---------------------------------------------
+# client AS1_1, inbound
+
+
+
+# NEXT_HOP
+match from 192.0.2.11 set community NO_ADVERTISE
+match from 192.0.2.11 nexthop 192.0.2.11 set community delete NO_ADVERTISE
+# Reject inbound routes when 'from 192.0.2.11 community NO_ADVERTISE' - reject code: 5
+allow quick from 192.0.2.11 community NO_ADVERTISE set {
+	localpref 1
+	community 65520:0
+	community 65520:5
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: left-most ASN
+# Reject inbound routes when 'from 192.0.2.11 peer-as != 1' - reject code: 6
+# community from reject_cause_map
+allow quick from 192.0.2.11 peer-as != 1 set {
+	localpref 1
+	community 65520:0
+	community 65520:6
+	large-community 999:1101:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: invalid ASNs
+# Reject inbound routes when 'from 192.0.2.11 AS 23456' - reject code: 7
+allow quick from 192.0.2.11 AS 23456 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 192.0.2.11 AS 64496 - 131071' - reject code: 7
+allow quick from 192.0.2.11 AS 64496 - 131071 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 192.0.2.11 AS 4200000000 - 4294967295' - reject code: 7
+allow quick from 192.0.2.11 AS 4200000000 - 4294967295 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+
+
+
+
+
+
+
+
+
+# Prefix: length
+# Reject inbound routes when 'from 192.0.2.11 prefix 0.0.0.0/0 prefixlen 8 >< 24' - reject code: 13
+allow quick from 192.0.2.11 prefix 0.0.0.0/0 prefixlen 8 >< 24 set {
+	localpref 1
+	community 65520:0
+	community 65520:13
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+# Remove internal communities before accepting the route
+match from 192.0.2.11 set {
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+match from 192.0.2.11 set ext-community delete rt 65520:1
+
+
+
+allow quick from 192.0.2.11
+
+
+
+# ---------------------------------------------
+# client AS1_1, outbound
+
+deny quick to 192.0.2.11 community 65520:0
+
+
+
+# Blackhole request?
+# No blackhole filtering policy given
+deny quick to 192.0.2.11 community BLACKHOLE
+
+
+
+# NO_EXPORT and NO_ADVERTISE communities
+
+# BGP control communities
+allow to 192.0.2.11
+
+
+# Add the $INTCOMM_PROCESS_PREPEND_COMMS ext community to signal that communities
+# for prepending can be processed. As soon as one prepending action is performed,
+# this internal community is removed, so that further actions are not processed.
+match to 192.0.2.11 set ext-community $INTCOMM_PROCESS_PREPEND_COMMS
+
+
+
+
+
+# ---------------------------------------------
+# client AS1_2, inbound
+
+
+
+# NEXT_HOP
+match from 2001:db8:1:1::11 set community NO_ADVERTISE
+match from 2001:db8:1:1::11 nexthop 2001:db8:1:1::11 set community delete NO_ADVERTISE
+# Reject inbound routes when 'from 2001:db8:1:1::11 community NO_ADVERTISE' - reject code: 5
+allow quick from 2001:db8:1:1::11 community NO_ADVERTISE set {
+	localpref 1
+	community 65520:0
+	community 65520:5
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: left-most ASN
+# Reject inbound routes when 'from 2001:db8:1:1::11 peer-as != 1' - reject code: 6
+# community from reject_cause_map
+allow quick from 2001:db8:1:1::11 peer-as != 1 set {
+	localpref 1
+	community 65520:0
+	community 65520:6
+	large-community 999:1101:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: invalid ASNs
+# Reject inbound routes when 'from 2001:db8:1:1::11 AS 23456' - reject code: 7
+allow quick from 2001:db8:1:1::11 AS 23456 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 2001:db8:1:1::11 AS 64496 - 131071' - reject code: 7
+allow quick from 2001:db8:1:1::11 AS 64496 - 131071 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 2001:db8:1:1::11 AS 4200000000 - 4294967295' - reject code: 7
+allow quick from 2001:db8:1:1::11 AS 4200000000 - 4294967295 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+
+
+
+
+
+
+
+
+
+# Prefix: length
+# Reject inbound routes when 'from 2001:db8:1:1::11 prefix ::/0 prefixlen 12 >< 48' - reject code: 13
+allow quick from 2001:db8:1:1::11 prefix ::/0 prefixlen 12 >< 48 set {
+	localpref 1
+	community 65520:0
+	community 65520:13
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+# Remove internal communities before accepting the route
+match from 2001:db8:1:1::11 set {
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+match from 2001:db8:1:1::11 set ext-community delete rt 65520:1
+
+
+
+allow quick from 2001:db8:1:1::11
+
+
+
+# ---------------------------------------------
+# client AS1_2, outbound
+
+deny quick to 2001:db8:1:1::11 community 65520:0
+
+
+
+# Blackhole request?
+# No blackhole filtering policy given
+deny quick to 2001:db8:1:1::11 community BLACKHOLE
+
+
+
+# NO_EXPORT and NO_ADVERTISE communities
+
+# BGP control communities
+allow to 2001:db8:1:1::11
+
+
+# Add the $INTCOMM_PROCESS_PREPEND_COMMS ext community to signal that communities
+# for prepending can be processed. As soon as one prepending action is performed,
+# this internal community is removed, so that further actions are not processed.
+match to 2001:db8:1:1::11 set ext-community $INTCOMM_PROCESS_PREPEND_COMMS
+
+
+
+
+
+# ---------------------------------------------
+# client AS2_1, inbound
+
+
+
+# NEXT_HOP
+match from 192.0.2.21 set community NO_ADVERTISE
+match from 192.0.2.21 nexthop 192.0.2.21 set community delete NO_ADVERTISE
+# Reject inbound routes when 'from 192.0.2.21 community NO_ADVERTISE' - reject code: 5
+allow quick from 192.0.2.21 community NO_ADVERTISE set {
+	localpref 1
+	community 65520:0
+	community 65520:5
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: left-most ASN
+# Reject inbound routes when 'from 192.0.2.21 peer-as != 2' - reject code: 6
+# community from reject_cause_map
+allow quick from 192.0.2.21 peer-as != 2 set {
+	localpref 1
+	community 65520:0
+	community 65520:6
+	large-community 999:1101:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: invalid ASNs
+# Reject inbound routes when 'from 192.0.2.21 AS 23456' - reject code: 7
+allow quick from 192.0.2.21 AS 23456 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 192.0.2.21 AS 64496 - 131071' - reject code: 7
+allow quick from 192.0.2.21 AS 64496 - 131071 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 192.0.2.21 AS 4200000000 - 4294967295' - reject code: 7
+allow quick from 192.0.2.21 AS 4200000000 - 4294967295 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+
+
+
+
+
+
+
+
+
+# Prefix: length
+# Reject inbound routes when 'from 192.0.2.21 prefix 0.0.0.0/0 prefixlen 8 >< 24' - reject code: 13
+allow quick from 192.0.2.21 prefix 0.0.0.0/0 prefixlen 8 >< 24 set {
+	localpref 1
+	community 65520:0
+	community 65520:13
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+# Remove internal communities before accepting the route
+match from 192.0.2.21 set {
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+match from 192.0.2.21 set ext-community delete rt 65520:2
+
+
+
+allow quick from 192.0.2.21
+
+
+
+# ---------------------------------------------
+# client AS2_1, outbound
+
+deny quick to 192.0.2.21 community 65520:0
+
+
+
+# Blackhole request?
+# No blackhole filtering policy given
+deny quick to 192.0.2.21 community BLACKHOLE
+
+
+
+# NO_EXPORT and NO_ADVERTISE communities
+
+# BGP control communities
+allow to 192.0.2.21
+
+
+# Add the $INTCOMM_PROCESS_PREPEND_COMMS ext community to signal that communities
+# for prepending can be processed. As soon as one prepending action is performed,
+# this internal community is removed, so that further actions are not processed.
+match to 192.0.2.21 set ext-community $INTCOMM_PROCESS_PREPEND_COMMS
+
+
+
+
+
+# ---------------------------------------------
+# client AS2_2, inbound
+
+
+
+# NEXT_HOP
+match from 2001:db8:1:1::21 set community NO_ADVERTISE
+match from 2001:db8:1:1::21 nexthop 2001:db8:1:1::21 set community delete NO_ADVERTISE
+# Reject inbound routes when 'from 2001:db8:1:1::21 community NO_ADVERTISE' - reject code: 5
+allow quick from 2001:db8:1:1::21 community NO_ADVERTISE set {
+	localpref 1
+	community 65520:0
+	community 65520:5
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: left-most ASN
+# Reject inbound routes when 'from 2001:db8:1:1::21 peer-as != 2' - reject code: 6
+# community from reject_cause_map
+allow quick from 2001:db8:1:1::21 peer-as != 2 set {
+	localpref 1
+	community 65520:0
+	community 65520:6
+	large-community 999:1101:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: invalid ASNs
+# Reject inbound routes when 'from 2001:db8:1:1::21 AS 23456' - reject code: 7
+allow quick from 2001:db8:1:1::21 AS 23456 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 2001:db8:1:1::21 AS 64496 - 131071' - reject code: 7
+allow quick from 2001:db8:1:1::21 AS 64496 - 131071 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 2001:db8:1:1::21 AS 4200000000 - 4294967295' - reject code: 7
+allow quick from 2001:db8:1:1::21 AS 4200000000 - 4294967295 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+
+
+
+
+
+
+
+
+
+# Prefix: length
+# Reject inbound routes when 'from 2001:db8:1:1::21 prefix ::/0 prefixlen 12 >< 48' - reject code: 13
+allow quick from 2001:db8:1:1::21 prefix ::/0 prefixlen 12 >< 48 set {
+	localpref 1
+	community 65520:0
+	community 65520:13
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+# Remove internal communities before accepting the route
+match from 2001:db8:1:1::21 set {
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+match from 2001:db8:1:1::21 set ext-community delete rt 65520:2
+
+
+
+allow quick from 2001:db8:1:1::21
+
+
+
+# ---------------------------------------------
+# client AS2_2, outbound
+
+deny quick to 2001:db8:1:1::21 community 65520:0
+
+
+
+# Blackhole request?
+# No blackhole filtering policy given
+deny quick to 2001:db8:1:1::21 community BLACKHOLE
+
+
+
+# NO_EXPORT and NO_ADVERTISE communities
+
+# BGP control communities
+allow to 2001:db8:1:1::21
+
+
+# Add the $INTCOMM_PROCESS_PREPEND_COMMS ext community to signal that communities
+# for prepending can be processed. As soon as one prepending action is performed,
+# this internal community is removed, so that further actions are not processed.
+match to 2001:db8:1:1::21 set ext-community $INTCOMM_PROCESS_PREPEND_COMMS
+
+
+
+
+
+# ---------------------------------------------
+# client AS3_1, inbound
+
+
+
+# NEXT_HOP
+match from 192.0.2.31 set community NO_ADVERTISE
+match from 192.0.2.31 nexthop 192.0.2.31 set community delete NO_ADVERTISE
+# Reject inbound routes when 'from 192.0.2.31 community NO_ADVERTISE' - reject code: 5
+allow quick from 192.0.2.31 community NO_ADVERTISE set {
+	localpref 1
+	community 65520:0
+	community 65520:5
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: left-most ASN
+# Reject inbound routes when 'from 192.0.2.31 peer-as != 3' - reject code: 6
+# community from reject_cause_map
+allow quick from 192.0.2.31 peer-as != 3 set {
+	localpref 1
+	community 65520:0
+	community 65520:6
+	large-community 999:1101:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: invalid ASNs
+# Reject inbound routes when 'from 192.0.2.31 AS 23456' - reject code: 7
+allow quick from 192.0.2.31 AS 23456 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 192.0.2.31 AS 64496 - 131071' - reject code: 7
+allow quick from 192.0.2.31 AS 64496 - 131071 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 192.0.2.31 AS 4200000000 - 4294967295' - reject code: 7
+allow quick from 192.0.2.31 AS 4200000000 - 4294967295 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+
+
+
+
+
+
+
+
+
+# Prefix: length
+# Reject inbound routes when 'from 192.0.2.31 prefix 0.0.0.0/0 prefixlen 8 >< 24' - reject code: 13
+allow quick from 192.0.2.31 prefix 0.0.0.0/0 prefixlen 8 >< 24 set {
+	localpref 1
+	community 65520:0
+	community 65520:13
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+# Remove internal communities before accepting the route
+match from 192.0.2.31 set {
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+match from 192.0.2.31 set ext-community delete rt 65520:3
+
+
+
+allow quick from 192.0.2.31
+
+
+
+# ---------------------------------------------
+# client AS3_1, outbound
+
+deny quick to 192.0.2.31 community 65520:0
+
+
+
+# Blackhole request?
+# No blackhole filtering policy given
+deny quick to 192.0.2.31 community BLACKHOLE
+
+
+
+# NO_EXPORT and NO_ADVERTISE communities
+
+# BGP control communities
+allow to 192.0.2.31
+
+
+# Add the $INTCOMM_PROCESS_PREPEND_COMMS ext community to signal that communities
+# for prepending can be processed. As soon as one prepending action is performed,
+# this internal community is removed, so that further actions are not processed.
+match to 192.0.2.31 set ext-community $INTCOMM_PROCESS_PREPEND_COMMS
+
+
+
+
+
+# ---------------------------------------------
+# client AS3_2, inbound
+
+
+
+# NEXT_HOP
+match from 2001:db8:1:1::31 set community NO_ADVERTISE
+match from 2001:db8:1:1::31 nexthop 2001:db8:1:1::31 set community delete NO_ADVERTISE
+# Reject inbound routes when 'from 2001:db8:1:1::31 community NO_ADVERTISE' - reject code: 5
+allow quick from 2001:db8:1:1::31 community NO_ADVERTISE set {
+	localpref 1
+	community 65520:0
+	community 65520:5
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: left-most ASN
+# Reject inbound routes when 'from 2001:db8:1:1::31 peer-as != 3' - reject code: 6
+# community from reject_cause_map
+allow quick from 2001:db8:1:1::31 peer-as != 3 set {
+	localpref 1
+	community 65520:0
+	community 65520:6
+	large-community 999:1101:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: invalid ASNs
+# Reject inbound routes when 'from 2001:db8:1:1::31 AS 23456' - reject code: 7
+allow quick from 2001:db8:1:1::31 AS 23456 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 2001:db8:1:1::31 AS 64496 - 131071' - reject code: 7
+allow quick from 2001:db8:1:1::31 AS 64496 - 131071 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 2001:db8:1:1::31 AS 4200000000 - 4294967295' - reject code: 7
+allow quick from 2001:db8:1:1::31 AS 4200000000 - 4294967295 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+
+
+
+
+
+
+
+
+
+# Prefix: length
+# Reject inbound routes when 'from 2001:db8:1:1::31 prefix ::/0 prefixlen 12 >< 48' - reject code: 13
+allow quick from 2001:db8:1:1::31 prefix ::/0 prefixlen 12 >< 48 set {
+	localpref 1
+	community 65520:0
+	community 65520:13
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+# Remove internal communities before accepting the route
+match from 2001:db8:1:1::31 set {
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+match from 2001:db8:1:1::31 set ext-community delete rt 65520:3
+
+
+
+allow quick from 2001:db8:1:1::31
+
+
+
+# ---------------------------------------------
+# client AS3_2, outbound
+
+deny quick to 2001:db8:1:1::31 community 65520:0
+
+
+
+# Blackhole request?
+# No blackhole filtering policy given
+deny quick to 2001:db8:1:1::31 community BLACKHOLE
+
+
+
+# NO_EXPORT and NO_ADVERTISE communities
+
+# BGP control communities
+allow to 2001:db8:1:1::31
+
+
+# Add the $INTCOMM_PROCESS_PREPEND_COMMS ext community to signal that communities
+# for prepending can be processed. As soon as one prepending action is performed,
+# this internal community is removed, so that further actions are not processed.
+match to 2001:db8:1:1::31 set ext-community $INTCOMM_PROCESS_PREPEND_COMMS
+
+
+
+
+
+# ---------------------------------------------
+# client AS4_1, inbound
+
+
+
+# NEXT_HOP
+match from 192.0.2.41 set community NO_ADVERTISE
+match from 192.0.2.41 nexthop 192.0.2.41 set community delete NO_ADVERTISE
+# Reject inbound routes when 'from 192.0.2.41 community NO_ADVERTISE' - reject code: 5
+allow quick from 192.0.2.41 community NO_ADVERTISE set {
+	localpref 1
+	community 65520:0
+	community 65520:5
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: left-most ASN
+# Reject inbound routes when 'from 192.0.2.41 peer-as != 4' - reject code: 6
+# community from reject_cause_map
+allow quick from 192.0.2.41 peer-as != 4 set {
+	localpref 1
+	community 65520:0
+	community 65520:6
+	large-community 999:1101:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: invalid ASNs
+# Reject inbound routes when 'from 192.0.2.41 AS 23456' - reject code: 7
+allow quick from 192.0.2.41 AS 23456 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 192.0.2.41 AS 64496 - 131071' - reject code: 7
+allow quick from 192.0.2.41 AS 64496 - 131071 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 192.0.2.41 AS 4200000000 - 4294967295' - reject code: 7
+allow quick from 192.0.2.41 AS 4200000000 - 4294967295 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+
+
+
+
+
+
+
+
+
+# Prefix: length
+# Reject inbound routes when 'from 192.0.2.41 prefix 0.0.0.0/0 prefixlen 8 >< 24' - reject code: 13
+allow quick from 192.0.2.41 prefix 0.0.0.0/0 prefixlen 8 >< 24 set {
+	localpref 1
+	community 65520:0
+	community 65520:13
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+# Remove internal communities before accepting the route
+match from 192.0.2.41 set {
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+match from 192.0.2.41 set ext-community delete rt 65520:4
+
+
+
+allow quick from 192.0.2.41
+
+
+
+# ---------------------------------------------
+# client AS4_1, outbound
+
+deny quick to 192.0.2.41 community 65520:0
+
+
+
+# Blackhole request?
+# No blackhole filtering policy given
+deny quick to 192.0.2.41 community BLACKHOLE
+
+
+
+# NO_EXPORT and NO_ADVERTISE communities
+
+# BGP control communities
+allow to 192.0.2.41
+
+
+# Add the $INTCOMM_PROCESS_PREPEND_COMMS ext community to signal that communities
+# for prepending can be processed. As soon as one prepending action is performed,
+# this internal community is removed, so that further actions are not processed.
+match to 192.0.2.41 set ext-community $INTCOMM_PROCESS_PREPEND_COMMS
+
+
+
+
+
+# ---------------------------------------------
+# client AS4_2, inbound
+
+
+
+# NEXT_HOP
+match from 2001:db8:1:1::41 set community NO_ADVERTISE
+match from 2001:db8:1:1::41 nexthop 2001:db8:1:1::41 set community delete NO_ADVERTISE
+# Reject inbound routes when 'from 2001:db8:1:1::41 community NO_ADVERTISE' - reject code: 5
+allow quick from 2001:db8:1:1::41 community NO_ADVERTISE set {
+	localpref 1
+	community 65520:0
+	community 65520:5
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: left-most ASN
+# Reject inbound routes when 'from 2001:db8:1:1::41 peer-as != 4' - reject code: 6
+# community from reject_cause_map
+allow quick from 2001:db8:1:1::41 peer-as != 4 set {
+	localpref 1
+	community 65520:0
+	community 65520:6
+	large-community 999:1101:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: invalid ASNs
+# Reject inbound routes when 'from 2001:db8:1:1::41 AS 23456' - reject code: 7
+allow quick from 2001:db8:1:1::41 AS 23456 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 2001:db8:1:1::41 AS 64496 - 131071' - reject code: 7
+allow quick from 2001:db8:1:1::41 AS 64496 - 131071 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 2001:db8:1:1::41 AS 4200000000 - 4294967295' - reject code: 7
+allow quick from 2001:db8:1:1::41 AS 4200000000 - 4294967295 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+
+
+
+
+
+
+
+
+
+# Prefix: length
+# Reject inbound routes when 'from 2001:db8:1:1::41 prefix ::/0 prefixlen 12 >< 48' - reject code: 13
+allow quick from 2001:db8:1:1::41 prefix ::/0 prefixlen 12 >< 48 set {
+	localpref 1
+	community 65520:0
+	community 65520:13
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+# Remove internal communities before accepting the route
+match from 2001:db8:1:1::41 set {
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+match from 2001:db8:1:1::41 set ext-community delete rt 65520:4
+
+
+
+allow quick from 2001:db8:1:1::41
+
+
+
+# ---------------------------------------------
+# client AS4_2, outbound
+
+deny quick to 2001:db8:1:1::41 community 65520:0
+
+
+
+# Blackhole request?
+# No blackhole filtering policy given
+deny quick to 2001:db8:1:1::41 community BLACKHOLE
+
+
+
+# NO_EXPORT and NO_ADVERTISE communities
+
+# BGP control communities
+allow to 2001:db8:1:1::41
+
+
+# Add the $INTCOMM_PROCESS_PREPEND_COMMS ext community to signal that communities
+# for prepending can be processed. As soon as one prepending action is performed,
+# this internal community is removed, so that further actions are not processed.
+match to 2001:db8:1:1::41 set ext-community $INTCOMM_PROCESS_PREPEND_COMMS
+
+
+
+
+
+
+
+# Scrub communities from outbound routes
+# reject_cause
+match to group clients set community delete 65520:*
+
+# reject_cause_map_6
+match to group clients set large-community delete 999:1101:7
+
+# rejected_route_announced_by
+match to group clients set ext-community delete rt 65520:*
+
+
+# Scrub prepending communities
+
+
+# RFC1997 NO_EXPORT/NO_ADVERTISE received from clients and propagated because of pass-through policy
+match to group clients ext-community $INTCOMM_NO_EXPORT set community NO_EXPORT
+match to group clients ext-community $INTCOMM_NO_ADVERTISE set community NO_ADVERTISE
+
+# Remove internal communities before announcing the route
+match to group clients set {
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
diff --git a/tests/live_tests/scenarios/max_prefix/configs/MaxPrefixScenario_OpenBGPDIPv6/openbgpd77p.conf b/tests/live_tests/scenarios/max_prefix/configs/MaxPrefixScenario_OpenBGPDIPv6/openbgpd77p.conf
new file mode 100644
index 00000000..b5874e6e
--- /dev/null
+++ b/tests/live_tests/scenarios/max_prefix/configs/MaxPrefixScenario_OpenBGPDIPv6/openbgpd77p.conf
@@ -0,0 +1,2263 @@
+# built by ARouteServer
+AS 999
+router-id 192.0.2.2
+
+fib-update no
+log updates
+
+nexthop qualify via default
+
+rde evaluate all
+
+INTCOMM_PREF_OK_ROA="soo 65535:1"
+INTCOMM_ROUTE_OK_WL="soo 65535:2"
+INTCOMM_PREF_OK_ARINDB="soo 65535:3"
+INTCOMM_PREF_OK_REGISTROBRDB="soo 65535:12"
+
+INTCOMM_ORIGIN_OK="soo 65535:4"
+INTCOMM_ORIGIN_KO="soo 65535:5"
+INTCOMM_PREFIX_OK="soo 65535:6"
+INTCOMM_PREFIX_KO="soo 65535:7"
+INTCOMM_IRR_REJECT="soo 65535:8"
+
+INTCOMM_RPKI_UNKNOWN="soo 65535:9"
+INTCOMM_RPKI_INVALID="soo 65535:10"
+INTCOMM_RPKI_VALID="soo 65535:11"
+
+INTCOMM_PROCESS_PREPEND_COMMS="soo 65535:13"
+
+INTCOMM_NO_EXPORT="soo 65535:65281"
+INTCOMM_NO_ADVERTISE="soo 65535:65282"
+
+# ---------------------------------------------------------
+# IRRDB
+
+
+
+
+# ---------------------------------------------------------
+# MEMBERS
+
+group "clients" {
+
+	neighbor 192.0.2.11 {
+		remote-as 1
+
+		rde evaluate all
+
+		passive
+		ttl-security no
+		max-prefix 4
+		transparent-as yes
+		enforce neighbor-as no
+
+		announce as-4byte yes
+		announce IPv6 none
+		announce IPv4 unicast
+
+		set nexthop no-modify
+	}
+
+	neighbor 2001:db8:1:1::11 {
+		remote-as 1
+
+		rde evaluate all
+
+		passive
+		ttl-security no
+		max-prefix 4
+		transparent-as yes
+		enforce neighbor-as no
+
+		announce as-4byte yes
+		announce IPv6 unicast
+		announce IPv4 none
+
+		set nexthop no-modify
+	}
+
+	neighbor 192.0.2.21 {
+		remote-as 2
+
+		rde evaluate all
+
+		passive
+		ttl-security no
+		max-prefix 3
+		transparent-as yes
+		enforce neighbor-as no
+
+		announce as-4byte yes
+		announce IPv6 none
+		announce IPv4 unicast
+
+		set nexthop no-modify
+	}
+
+	neighbor 2001:db8:1:1::21 {
+		remote-as 2
+
+		rde evaluate all
+
+		passive
+		ttl-security no
+		max-prefix 3
+		transparent-as yes
+		enforce neighbor-as no
+
+		announce as-4byte yes
+		announce IPv6 unicast
+		announce IPv4 none
+
+		set nexthop no-modify
+	}
+
+	neighbor 192.0.2.31 {
+		remote-as 3
+
+		rde evaluate all
+
+		passive
+		ttl-security no
+		max-prefix 2
+		transparent-as yes
+		enforce neighbor-as no
+
+		announce as-4byte yes
+		announce IPv6 none
+		announce IPv4 unicast
+
+		set nexthop no-modify
+	}
+
+	neighbor 2001:db8:1:1::31 {
+		remote-as 3
+
+		rde evaluate all
+
+		passive
+		ttl-security no
+		max-prefix 2
+		transparent-as yes
+		enforce neighbor-as no
+
+		announce as-4byte yes
+		announce IPv6 unicast
+		announce IPv4 none
+
+		set nexthop no-modify
+	}
+
+	neighbor 192.0.2.41 {
+		remote-as 4
+
+		rde evaluate all
+
+		passive
+		ttl-security no
+		max-prefix 6
+		transparent-as yes
+		enforce neighbor-as no
+
+		announce as-4byte yes
+		announce IPv6 none
+		announce IPv4 unicast
+
+		set nexthop no-modify
+	}
+
+	neighbor 2001:db8:1:1::41 {
+		remote-as 4
+
+		rde evaluate all
+
+		passive
+		ttl-security no
+		max-prefix 6
+		transparent-as yes
+		enforce neighbor-as no
+
+		announce as-4byte yes
+		announce IPv6 unicast
+		announce IPv4 none
+
+		set nexthop no-modify
+	}
+}
+
+
+
+# ---------------------------------------------------------
+# FILTERS
+
+# NO_ADVERTISE usage notes.
+# The NO_ADVERTISE well-know community is used here to handle
+# filters that span over multiple steps. At first it is added
+# to any route, then it is removed as filters conditions are
+# satisfied. Finally, if it is still present, it means that
+# the route should be discarded.
+
+
+
+
+
+prefix-set "bogons" {
+    0.0.0.0/0
+    0.0.0.0/8 prefixlen 8 - 32
+    10.0.0.0/8 prefixlen 8 - 32
+    127.0.0.0/8 prefixlen 8 - 32
+    169.254.0.0/16 prefixlen 16 - 32
+    172.16.0.0/12 prefixlen 12 - 32
+    192.0.2.0/24 prefixlen 24 - 32
+    192.88.99.0/24 prefixlen 24 - 32
+    192.168.0.0/16 prefixlen 16 - 32
+    198.18.0.0/15 prefixlen 15 - 32
+    198.51.100.0/24 prefixlen 24 - 32
+    203.0.113.0/24 prefixlen 24 - 32
+    224.0.0.0/3 prefixlen 3 - 32
+    100.64.0.0/10 prefixlen 10 - 32
+    ::/0
+    ::/8 prefixlen 8 - 128
+    64:ff9b::/96 prefixlen 96 - 128
+    100::/8 prefixlen 8 - 128
+    200::/7 prefixlen 7 - 128
+    400::/6 prefixlen 6 - 128
+    800::/5 prefixlen 5 - 128
+    1000::/4 prefixlen 4 - 128
+    2001::/33 prefixlen 33 - 128
+    2001:0:8000::/33 prefixlen 33 - 128
+    2001:2::/48 prefixlen 48 - 128
+    2001:3::/32 prefixlen 32 - 128
+    2001:10::/28 prefixlen 28 - 128
+    2001:20::/28 prefixlen 28 - 128
+    2001:db8::/32 prefixlen 32 - 128
+    2002::/16 prefixlen 16 - 128
+    3ffe::/16 prefixlen 16 - 128
+    4000::/3 prefixlen 3 - 128
+    5f00::/8 prefixlen 8 - 128
+    6000::/3 prefixlen 3 - 128
+    8000::/3 prefixlen 3 - 128
+    a000::/3 prefixlen 3 - 128
+    c000::/3 prefixlen 3 - 128
+    e000::/4 prefixlen 4 - 128
+    f000::/5 prefixlen 5 - 128
+    f800::/6 prefixlen 6 - 128
+    fc00::/7 prefixlen 7 - 128
+    fe80::/10 prefixlen 10 - 128
+    fec0::/10 prefixlen 10 - 128
+    ff00::/8 prefixlen 8 - 128
+
+}
+
+
+# =====================================================================================
+# Global rules.
+
+# This part of configuration is processed at the beginning of the filters.
+# The rules defined in this part are applied to all the clients, and not on a
+# client-by-client basis (see the 'match from group clients'), so only global policies
+# can be implemented here, that is no client-level configuration are allowed.
+
+
+
+# Scrub communities from inbound routes
+# reject_cause
+match from group clients set community delete 65520:*
+
+# reject_cause_map_6
+match from group clients set large-community delete 999:1101:7
+
+# rejected_route_announced_by
+match from group clients set ext-community delete rt 65520:*
+
+
+# Scrub internal communities from inbound routes
+match from group clients set {
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+# The main goal of this block is to enrich routes received from clients by attaching to them
+# internal informational communities which are used later by the rest of the filter rules.
+
+# Internal communities used for RFC1997 well-known communities handling
+
+# Transform NO_EXPORT into $INTCOMM_NO_EXPORT
+match from group clients community NO_EXPORT set { ext-community $INTCOMM_NO_EXPORT community delete NO_EXPORT }
+
+# Transform NO_ADVERTISE into $INTCOMM_NO_ADVERTISE
+match from group clients community NO_ADVERTISE set { ext-community $INTCOMM_NO_ADVERTISE community delete NO_ADVERTISE }
+
+
+
+
+
+
+
+
+
+# Set the 'rejected_route_announced_by' community for all the clients.
+# It will be removed later if the route is not invalid
+match from 192.0.2.11 set ext-community rt 65520:1
+
+match from 2001:db8:1:1::11 set ext-community rt 65520:1
+
+match from 192.0.2.21 set ext-community rt 65520:2
+
+match from 2001:db8:1:1::21 set ext-community rt 65520:2
+
+match from 192.0.2.31 set ext-community rt 65520:3
+
+match from 2001:db8:1:1::31 set ext-community rt 65520:3
+
+match from 192.0.2.41 set ext-community rt 65520:4
+
+match from 2001:db8:1:1::41 set ext-community rt 65520:4
+
+
+
+
+# AS_PATH: length
+# Reject inbound routes when 'from group clients max-as-len 32' - reject code: 1
+allow quick from group clients max-as-len 32 set {
+	localpref 1
+	community 65520:0
+	community 65520:1
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+# Prefix: only IPv6 Global Unicast space allowed
+match from group clients inet6 set community NO_ADVERTISE
+match from group clients prefix 2000::/3 or-longer set community delete NO_ADVERTISE
+# Reject inbound routes when 'from group clients community NO_ADVERTISE' - reject code: 10
+allow quick from group clients community NO_ADVERTISE set {
+	localpref 1
+	community 65520:0
+	community 65520:10
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# Prefix: bogon
+# Reject inbound routes when 'from group clients prefix-set bogons' - reject code: 2
+allow quick from group clients prefix-set bogons set {
+	localpref 1
+	community 65520:0
+	community 65520:2
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+
+# =====================================================================================
+# Per client rules.
+
+
+# ---------------------------------------------
+# client AS1_1, inbound
+
+
+
+# NEXT_HOP
+match from 192.0.2.11 set community NO_ADVERTISE
+match from 192.0.2.11 nexthop 192.0.2.11 set community delete NO_ADVERTISE
+# Reject inbound routes when 'from 192.0.2.11 community NO_ADVERTISE' - reject code: 5
+allow quick from 192.0.2.11 community NO_ADVERTISE set {
+	localpref 1
+	community 65520:0
+	community 65520:5
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: left-most ASN
+# Reject inbound routes when 'from 192.0.2.11 peer-as != 1' - reject code: 6
+# community from reject_cause_map
+allow quick from 192.0.2.11 peer-as != 1 set {
+	localpref 1
+	community 65520:0
+	community 65520:6
+	large-community 999:1101:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: invalid ASNs
+# Reject inbound routes when 'from 192.0.2.11 AS 23456' - reject code: 7
+allow quick from 192.0.2.11 AS 23456 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 192.0.2.11 AS 64496 - 131071' - reject code: 7
+allow quick from 192.0.2.11 AS 64496 - 131071 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 192.0.2.11 AS 4200000000 - 4294967295' - reject code: 7
+allow quick from 192.0.2.11 AS 4200000000 - 4294967295 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+
+
+
+
+
+
+
+
+
+# Prefix: length
+# Reject inbound routes when 'from 192.0.2.11 prefix 0.0.0.0/0 prefixlen 8 >< 24' - reject code: 13
+allow quick from 192.0.2.11 prefix 0.0.0.0/0 prefixlen 8 >< 24 set {
+	localpref 1
+	community 65520:0
+	community 65520:13
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+# Remove internal communities before accepting the route
+match from 192.0.2.11 set {
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+match from 192.0.2.11 set ext-community delete rt 65520:1
+
+
+
+allow quick from 192.0.2.11
+
+
+
+# ---------------------------------------------
+# client AS1_1, outbound
+
+deny quick to 192.0.2.11 community 65520:0
+
+
+
+# Blackhole request?
+# No blackhole filtering policy given
+deny quick to 192.0.2.11 community BLACKHOLE
+
+
+
+# NO_EXPORT and NO_ADVERTISE communities
+
+# BGP control communities
+allow to 192.0.2.11
+
+
+# Add the $INTCOMM_PROCESS_PREPEND_COMMS ext community to signal that communities
+# for prepending can be processed. As soon as one prepending action is performed,
+# this internal community is removed, so that further actions are not processed.
+match to 192.0.2.11 set ext-community $INTCOMM_PROCESS_PREPEND_COMMS
+
+
+
+
+
+# ---------------------------------------------
+# client AS1_2, inbound
+
+
+
+# NEXT_HOP
+match from 2001:db8:1:1::11 set community NO_ADVERTISE
+match from 2001:db8:1:1::11 nexthop 2001:db8:1:1::11 set community delete NO_ADVERTISE
+# Reject inbound routes when 'from 2001:db8:1:1::11 community NO_ADVERTISE' - reject code: 5
+allow quick from 2001:db8:1:1::11 community NO_ADVERTISE set {
+	localpref 1
+	community 65520:0
+	community 65520:5
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: left-most ASN
+# Reject inbound routes when 'from 2001:db8:1:1::11 peer-as != 1' - reject code: 6
+# community from reject_cause_map
+allow quick from 2001:db8:1:1::11 peer-as != 1 set {
+	localpref 1
+	community 65520:0
+	community 65520:6
+	large-community 999:1101:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: invalid ASNs
+# Reject inbound routes when 'from 2001:db8:1:1::11 AS 23456' - reject code: 7
+allow quick from 2001:db8:1:1::11 AS 23456 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 2001:db8:1:1::11 AS 64496 - 131071' - reject code: 7
+allow quick from 2001:db8:1:1::11 AS 64496 - 131071 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 2001:db8:1:1::11 AS 4200000000 - 4294967295' - reject code: 7
+allow quick from 2001:db8:1:1::11 AS 4200000000 - 4294967295 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+
+
+
+
+
+
+
+
+
+# Prefix: length
+# Reject inbound routes when 'from 2001:db8:1:1::11 prefix ::/0 prefixlen 12 >< 48' - reject code: 13
+allow quick from 2001:db8:1:1::11 prefix ::/0 prefixlen 12 >< 48 set {
+	localpref 1
+	community 65520:0
+	community 65520:13
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+# Remove internal communities before accepting the route
+match from 2001:db8:1:1::11 set {
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+match from 2001:db8:1:1::11 set ext-community delete rt 65520:1
+
+
+
+allow quick from 2001:db8:1:1::11
+
+
+
+# ---------------------------------------------
+# client AS1_2, outbound
+
+deny quick to 2001:db8:1:1::11 community 65520:0
+
+
+
+# Blackhole request?
+# No blackhole filtering policy given
+deny quick to 2001:db8:1:1::11 community BLACKHOLE
+
+
+
+# NO_EXPORT and NO_ADVERTISE communities
+
+# BGP control communities
+allow to 2001:db8:1:1::11
+
+
+# Add the $INTCOMM_PROCESS_PREPEND_COMMS ext community to signal that communities
+# for prepending can be processed. As soon as one prepending action is performed,
+# this internal community is removed, so that further actions are not processed.
+match to 2001:db8:1:1::11 set ext-community $INTCOMM_PROCESS_PREPEND_COMMS
+
+
+
+
+
+# ---------------------------------------------
+# client AS2_1, inbound
+
+
+
+# NEXT_HOP
+match from 192.0.2.21 set community NO_ADVERTISE
+match from 192.0.2.21 nexthop 192.0.2.21 set community delete NO_ADVERTISE
+# Reject inbound routes when 'from 192.0.2.21 community NO_ADVERTISE' - reject code: 5
+allow quick from 192.0.2.21 community NO_ADVERTISE set {
+	localpref 1
+	community 65520:0
+	community 65520:5
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: left-most ASN
+# Reject inbound routes when 'from 192.0.2.21 peer-as != 2' - reject code: 6
+# community from reject_cause_map
+allow quick from 192.0.2.21 peer-as != 2 set {
+	localpref 1
+	community 65520:0
+	community 65520:6
+	large-community 999:1101:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: invalid ASNs
+# Reject inbound routes when 'from 192.0.2.21 AS 23456' - reject code: 7
+allow quick from 192.0.2.21 AS 23456 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 192.0.2.21 AS 64496 - 131071' - reject code: 7
+allow quick from 192.0.2.21 AS 64496 - 131071 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 192.0.2.21 AS 4200000000 - 4294967295' - reject code: 7
+allow quick from 192.0.2.21 AS 4200000000 - 4294967295 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+
+
+
+
+
+
+
+
+
+# Prefix: length
+# Reject inbound routes when 'from 192.0.2.21 prefix 0.0.0.0/0 prefixlen 8 >< 24' - reject code: 13
+allow quick from 192.0.2.21 prefix 0.0.0.0/0 prefixlen 8 >< 24 set {
+	localpref 1
+	community 65520:0
+	community 65520:13
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+# Remove internal communities before accepting the route
+match from 192.0.2.21 set {
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+match from 192.0.2.21 set ext-community delete rt 65520:2
+
+
+
+allow quick from 192.0.2.21
+
+
+
+# ---------------------------------------------
+# client AS2_1, outbound
+
+deny quick to 192.0.2.21 community 65520:0
+
+
+
+# Blackhole request?
+# No blackhole filtering policy given
+deny quick to 192.0.2.21 community BLACKHOLE
+
+
+
+# NO_EXPORT and NO_ADVERTISE communities
+
+# BGP control communities
+allow to 192.0.2.21
+
+
+# Add the $INTCOMM_PROCESS_PREPEND_COMMS ext community to signal that communities
+# for prepending can be processed. As soon as one prepending action is performed,
+# this internal community is removed, so that further actions are not processed.
+match to 192.0.2.21 set ext-community $INTCOMM_PROCESS_PREPEND_COMMS
+
+
+
+
+
+# ---------------------------------------------
+# client AS2_2, inbound
+
+
+
+# NEXT_HOP
+match from 2001:db8:1:1::21 set community NO_ADVERTISE
+match from 2001:db8:1:1::21 nexthop 2001:db8:1:1::21 set community delete NO_ADVERTISE
+# Reject inbound routes when 'from 2001:db8:1:1::21 community NO_ADVERTISE' - reject code: 5
+allow quick from 2001:db8:1:1::21 community NO_ADVERTISE set {
+	localpref 1
+	community 65520:0
+	community 65520:5
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: left-most ASN
+# Reject inbound routes when 'from 2001:db8:1:1::21 peer-as != 2' - reject code: 6
+# community from reject_cause_map
+allow quick from 2001:db8:1:1::21 peer-as != 2 set {
+	localpref 1
+	community 65520:0
+	community 65520:6
+	large-community 999:1101:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: invalid ASNs
+# Reject inbound routes when 'from 2001:db8:1:1::21 AS 23456' - reject code: 7
+allow quick from 2001:db8:1:1::21 AS 23456 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 2001:db8:1:1::21 AS 64496 - 131071' - reject code: 7
+allow quick from 2001:db8:1:1::21 AS 64496 - 131071 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 2001:db8:1:1::21 AS 4200000000 - 4294967295' - reject code: 7
+allow quick from 2001:db8:1:1::21 AS 4200000000 - 4294967295 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+
+
+
+
+
+
+
+
+
+# Prefix: length
+# Reject inbound routes when 'from 2001:db8:1:1::21 prefix ::/0 prefixlen 12 >< 48' - reject code: 13
+allow quick from 2001:db8:1:1::21 prefix ::/0 prefixlen 12 >< 48 set {
+	localpref 1
+	community 65520:0
+	community 65520:13
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+# Remove internal communities before accepting the route
+match from 2001:db8:1:1::21 set {
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+match from 2001:db8:1:1::21 set ext-community delete rt 65520:2
+
+
+
+allow quick from 2001:db8:1:1::21
+
+
+
+# ---------------------------------------------
+# client AS2_2, outbound
+
+deny quick to 2001:db8:1:1::21 community 65520:0
+
+
+
+# Blackhole request?
+# No blackhole filtering policy given
+deny quick to 2001:db8:1:1::21 community BLACKHOLE
+
+
+
+# NO_EXPORT and NO_ADVERTISE communities
+
+# BGP control communities
+allow to 2001:db8:1:1::21
+
+
+# Add the $INTCOMM_PROCESS_PREPEND_COMMS ext community to signal that communities
+# for prepending can be processed. As soon as one prepending action is performed,
+# this internal community is removed, so that further actions are not processed.
+match to 2001:db8:1:1::21 set ext-community $INTCOMM_PROCESS_PREPEND_COMMS
+
+
+
+
+
+# ---------------------------------------------
+# client AS3_1, inbound
+
+
+
+# NEXT_HOP
+match from 192.0.2.31 set community NO_ADVERTISE
+match from 192.0.2.31 nexthop 192.0.2.31 set community delete NO_ADVERTISE
+# Reject inbound routes when 'from 192.0.2.31 community NO_ADVERTISE' - reject code: 5
+allow quick from 192.0.2.31 community NO_ADVERTISE set {
+	localpref 1
+	community 65520:0
+	community 65520:5
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: left-most ASN
+# Reject inbound routes when 'from 192.0.2.31 peer-as != 3' - reject code: 6
+# community from reject_cause_map
+allow quick from 192.0.2.31 peer-as != 3 set {
+	localpref 1
+	community 65520:0
+	community 65520:6
+	large-community 999:1101:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: invalid ASNs
+# Reject inbound routes when 'from 192.0.2.31 AS 23456' - reject code: 7
+allow quick from 192.0.2.31 AS 23456 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 192.0.2.31 AS 64496 - 131071' - reject code: 7
+allow quick from 192.0.2.31 AS 64496 - 131071 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 192.0.2.31 AS 4200000000 - 4294967295' - reject code: 7
+allow quick from 192.0.2.31 AS 4200000000 - 4294967295 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+
+
+
+
+
+
+
+
+
+# Prefix: length
+# Reject inbound routes when 'from 192.0.2.31 prefix 0.0.0.0/0 prefixlen 8 >< 24' - reject code: 13
+allow quick from 192.0.2.31 prefix 0.0.0.0/0 prefixlen 8 >< 24 set {
+	localpref 1
+	community 65520:0
+	community 65520:13
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+# Remove internal communities before accepting the route
+match from 192.0.2.31 set {
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+match from 192.0.2.31 set ext-community delete rt 65520:3
+
+
+
+allow quick from 192.0.2.31
+
+
+
+# ---------------------------------------------
+# client AS3_1, outbound
+
+deny quick to 192.0.2.31 community 65520:0
+
+
+
+# Blackhole request?
+# No blackhole filtering policy given
+deny quick to 192.0.2.31 community BLACKHOLE
+
+
+
+# NO_EXPORT and NO_ADVERTISE communities
+
+# BGP control communities
+allow to 192.0.2.31
+
+
+# Add the $INTCOMM_PROCESS_PREPEND_COMMS ext community to signal that communities
+# for prepending can be processed. As soon as one prepending action is performed,
+# this internal community is removed, so that further actions are not processed.
+match to 192.0.2.31 set ext-community $INTCOMM_PROCESS_PREPEND_COMMS
+
+
+
+
+
+# ---------------------------------------------
+# client AS3_2, inbound
+
+
+
+# NEXT_HOP
+match from 2001:db8:1:1::31 set community NO_ADVERTISE
+match from 2001:db8:1:1::31 nexthop 2001:db8:1:1::31 set community delete NO_ADVERTISE
+# Reject inbound routes when 'from 2001:db8:1:1::31 community NO_ADVERTISE' - reject code: 5
+allow quick from 2001:db8:1:1::31 community NO_ADVERTISE set {
+	localpref 1
+	community 65520:0
+	community 65520:5
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: left-most ASN
+# Reject inbound routes when 'from 2001:db8:1:1::31 peer-as != 3' - reject code: 6
+# community from reject_cause_map
+allow quick from 2001:db8:1:1::31 peer-as != 3 set {
+	localpref 1
+	community 65520:0
+	community 65520:6
+	large-community 999:1101:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: invalid ASNs
+# Reject inbound routes when 'from 2001:db8:1:1::31 AS 23456' - reject code: 7
+allow quick from 2001:db8:1:1::31 AS 23456 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 2001:db8:1:1::31 AS 64496 - 131071' - reject code: 7
+allow quick from 2001:db8:1:1::31 AS 64496 - 131071 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 2001:db8:1:1::31 AS 4200000000 - 4294967295' - reject code: 7
+allow quick from 2001:db8:1:1::31 AS 4200000000 - 4294967295 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+
+
+
+
+
+
+
+
+
+# Prefix: length
+# Reject inbound routes when 'from 2001:db8:1:1::31 prefix ::/0 prefixlen 12 >< 48' - reject code: 13
+allow quick from 2001:db8:1:1::31 prefix ::/0 prefixlen 12 >< 48 set {
+	localpref 1
+	community 65520:0
+	community 65520:13
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+# Remove internal communities before accepting the route
+match from 2001:db8:1:1::31 set {
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+match from 2001:db8:1:1::31 set ext-community delete rt 65520:3
+
+
+
+allow quick from 2001:db8:1:1::31
+
+
+
+# ---------------------------------------------
+# client AS3_2, outbound
+
+deny quick to 2001:db8:1:1::31 community 65520:0
+
+
+
+# Blackhole request?
+# No blackhole filtering policy given
+deny quick to 2001:db8:1:1::31 community BLACKHOLE
+
+
+
+# NO_EXPORT and NO_ADVERTISE communities
+
+# BGP control communities
+allow to 2001:db8:1:1::31
+
+
+# Add the $INTCOMM_PROCESS_PREPEND_COMMS ext community to signal that communities
+# for prepending can be processed. As soon as one prepending action is performed,
+# this internal community is removed, so that further actions are not processed.
+match to 2001:db8:1:1::31 set ext-community $INTCOMM_PROCESS_PREPEND_COMMS
+
+
+
+
+
+# ---------------------------------------------
+# client AS4_1, inbound
+
+
+
+# NEXT_HOP
+match from 192.0.2.41 set community NO_ADVERTISE
+match from 192.0.2.41 nexthop 192.0.2.41 set community delete NO_ADVERTISE
+# Reject inbound routes when 'from 192.0.2.41 community NO_ADVERTISE' - reject code: 5
+allow quick from 192.0.2.41 community NO_ADVERTISE set {
+	localpref 1
+	community 65520:0
+	community 65520:5
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: left-most ASN
+# Reject inbound routes when 'from 192.0.2.41 peer-as != 4' - reject code: 6
+# community from reject_cause_map
+allow quick from 192.0.2.41 peer-as != 4 set {
+	localpref 1
+	community 65520:0
+	community 65520:6
+	large-community 999:1101:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: invalid ASNs
+# Reject inbound routes when 'from 192.0.2.41 AS 23456' - reject code: 7
+allow quick from 192.0.2.41 AS 23456 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 192.0.2.41 AS 64496 - 131071' - reject code: 7
+allow quick from 192.0.2.41 AS 64496 - 131071 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 192.0.2.41 AS 4200000000 - 4294967295' - reject code: 7
+allow quick from 192.0.2.41 AS 4200000000 - 4294967295 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+
+
+
+
+
+
+
+
+
+# Prefix: length
+# Reject inbound routes when 'from 192.0.2.41 prefix 0.0.0.0/0 prefixlen 8 >< 24' - reject code: 13
+allow quick from 192.0.2.41 prefix 0.0.0.0/0 prefixlen 8 >< 24 set {
+	localpref 1
+	community 65520:0
+	community 65520:13
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+# Remove internal communities before accepting the route
+match from 192.0.2.41 set {
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+match from 192.0.2.41 set ext-community delete rt 65520:4
+
+
+
+allow quick from 192.0.2.41
+
+
+
+# ---------------------------------------------
+# client AS4_1, outbound
+
+deny quick to 192.0.2.41 community 65520:0
+
+
+
+# Blackhole request?
+# No blackhole filtering policy given
+deny quick to 192.0.2.41 community BLACKHOLE
+
+
+
+# NO_EXPORT and NO_ADVERTISE communities
+
+# BGP control communities
+allow to 192.0.2.41
+
+
+# Add the $INTCOMM_PROCESS_PREPEND_COMMS ext community to signal that communities
+# for prepending can be processed. As soon as one prepending action is performed,
+# this internal community is removed, so that further actions are not processed.
+match to 192.0.2.41 set ext-community $INTCOMM_PROCESS_PREPEND_COMMS
+
+
+
+
+
+# ---------------------------------------------
+# client AS4_2, inbound
+
+
+
+# NEXT_HOP
+match from 2001:db8:1:1::41 set community NO_ADVERTISE
+match from 2001:db8:1:1::41 nexthop 2001:db8:1:1::41 set community delete NO_ADVERTISE
+# Reject inbound routes when 'from 2001:db8:1:1::41 community NO_ADVERTISE' - reject code: 5
+allow quick from 2001:db8:1:1::41 community NO_ADVERTISE set {
+	localpref 1
+	community 65520:0
+	community 65520:5
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: left-most ASN
+# Reject inbound routes when 'from 2001:db8:1:1::41 peer-as != 4' - reject code: 6
+# community from reject_cause_map
+allow quick from 2001:db8:1:1::41 peer-as != 4 set {
+	localpref 1
+	community 65520:0
+	community 65520:6
+	large-community 999:1101:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: invalid ASNs
+# Reject inbound routes when 'from 2001:db8:1:1::41 AS 23456' - reject code: 7
+allow quick from 2001:db8:1:1::41 AS 23456 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 2001:db8:1:1::41 AS 64496 - 131071' - reject code: 7
+allow quick from 2001:db8:1:1::41 AS 64496 - 131071 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 2001:db8:1:1::41 AS 4200000000 - 4294967295' - reject code: 7
+allow quick from 2001:db8:1:1::41 AS 4200000000 - 4294967295 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+
+
+
+
+
+
+
+
+
+# Prefix: length
+# Reject inbound routes when 'from 2001:db8:1:1::41 prefix ::/0 prefixlen 12 >< 48' - reject code: 13
+allow quick from 2001:db8:1:1::41 prefix ::/0 prefixlen 12 >< 48 set {
+	localpref 1
+	community 65520:0
+	community 65520:13
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+# Remove internal communities before accepting the route
+match from 2001:db8:1:1::41 set {
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+match from 2001:db8:1:1::41 set ext-community delete rt 65520:4
+
+
+
+allow quick from 2001:db8:1:1::41
+
+
+
+# ---------------------------------------------
+# client AS4_2, outbound
+
+deny quick to 2001:db8:1:1::41 community 65520:0
+
+
+
+# Blackhole request?
+# No blackhole filtering policy given
+deny quick to 2001:db8:1:1::41 community BLACKHOLE
+
+
+
+# NO_EXPORT and NO_ADVERTISE communities
+
+# BGP control communities
+allow to 2001:db8:1:1::41
+
+
+# Add the $INTCOMM_PROCESS_PREPEND_COMMS ext community to signal that communities
+# for prepending can be processed. As soon as one prepending action is performed,
+# this internal community is removed, so that further actions are not processed.
+match to 2001:db8:1:1::41 set ext-community $INTCOMM_PROCESS_PREPEND_COMMS
+
+
+
+
+
+
+
+# Scrub communities from outbound routes
+# reject_cause
+match to group clients set community delete 65520:*
+
+# reject_cause_map_6
+match to group clients set large-community delete 999:1101:7
+
+# rejected_route_announced_by
+match to group clients set ext-community delete rt 65520:*
+
+
+# Scrub prepending communities
+
+
+# RFC1997 NO_EXPORT/NO_ADVERTISE received from clients and propagated because of pass-through policy
+match to group clients ext-community $INTCOMM_NO_EXPORT set community NO_EXPORT
+match to group clients ext-community $INTCOMM_NO_ADVERTISE set community NO_ADVERTISE
+
+# Remove internal communities before announcing the route
+match to group clients set {
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
diff --git a/tests/live_tests/scenarios/max_prefix/routes/MaxPrefixScenario_BIRD2IPv4/bird2/AS2.txt b/tests/live_tests/scenarios/max_prefix/routes/MaxPrefixScenario_BIRD2IPv4/bird2/AS2.txt
index d1c26932..a81a7a2c 100644
--- a/tests/live_tests/scenarios/max_prefix/routes/MaxPrefixScenario_BIRD2IPv4/bird2/AS2.txt
+++ b/tests/live_tests/scenarios/max_prefix/routes/MaxPrefixScenario_BIRD2IPv4/bird2/AS2.txt
@@ -82,20 +82,6 @@
   best: True, LOCAL_PREF: 100
   filtered: False ()
 
-5.0.1.0/24, AS_PATH: 5, NEXT_HOP: 192.0.2.51, via 192.0.2.2
-  std comms:
-  ext comms:
-  lrg comms:
-  best: True, LOCAL_PREF: 100
-  filtered: False ()
-
-5.0.2.0/24, AS_PATH: 5, NEXT_HOP: 192.0.2.51, via 192.0.2.2
-  std comms:
-  ext comms:
-  lrg comms:
-  best: True, LOCAL_PREF: 100
-  filtered: False ()
-
 6.0.1.0/24, AS_PATH: 6, NEXT_HOP: 192.0.2.61, via 192.0.2.2
   std comms:
   ext comms:
diff --git a/tests/live_tests/scenarios/max_prefix/routes/MaxPrefixScenario_BIRD2IPv6/bird2/AS1.txt b/tests/live_tests/scenarios/max_prefix/routes/MaxPrefixScenario_BIRD2IPv6/bird2/AS1.txt
index d26d5640..3bf882aa 100644
--- a/tests/live_tests/scenarios/max_prefix/routes/MaxPrefixScenario_BIRD2IPv6/bird2/AS1.txt
+++ b/tests/live_tests/scenarios/max_prefix/routes/MaxPrefixScenario_BIRD2IPv6/bird2/AS1.txt
@@ -75,20 +75,6 @@
   best: True, LOCAL_PREF: 100
   filtered: False ()
 
-2a05:0:1::/48, AS_PATH: 5, NEXT_HOP: 2001:db8:1:1::51, via 2001:db8:1:1::2
-  std comms:
-  ext comms:
-  lrg comms:
-  best: True, LOCAL_PREF: 100
-  filtered: False ()
-
-2a05:0:2::/48, AS_PATH: 5, NEXT_HOP: 2001:db8:1:1::51, via 2001:db8:1:1::2
-  std comms:
-  ext comms:
-  lrg comms:
-  best: True, LOCAL_PREF: 100
-  filtered: False ()
-
 2a06:0:1::/48, AS_PATH: 6, NEXT_HOP: 2001:db8:1:1::61, via 2001:db8:1:1::2
   std comms:
   ext comms:
diff --git a/tests/live_tests/scenarios/max_prefix/routes/MaxPrefixScenario_BIRDIPv4/bird16/AS2.txt b/tests/live_tests/scenarios/max_prefix/routes/MaxPrefixScenario_BIRDIPv4/bird16/AS2.txt
index d1c26932..a81a7a2c 100644
--- a/tests/live_tests/scenarios/max_prefix/routes/MaxPrefixScenario_BIRDIPv4/bird16/AS2.txt
+++ b/tests/live_tests/scenarios/max_prefix/routes/MaxPrefixScenario_BIRDIPv4/bird16/AS2.txt
@@ -82,20 +82,6 @@
   best: True, LOCAL_PREF: 100
   filtered: False ()
 
-5.0.1.0/24, AS_PATH: 5, NEXT_HOP: 192.0.2.51, via 192.0.2.2
-  std comms:
-  ext comms:
-  lrg comms:
-  best: True, LOCAL_PREF: 100
-  filtered: False ()
-
-5.0.2.0/24, AS_PATH: 5, NEXT_HOP: 192.0.2.51, via 192.0.2.2
-  std comms:
-  ext comms:
-  lrg comms:
-  best: True, LOCAL_PREF: 100
-  filtered: False ()
-
 6.0.1.0/24, AS_PATH: 6, NEXT_HOP: 192.0.2.61, via 192.0.2.2
   std comms:
   ext comms:
diff --git a/tests/live_tests/scenarios/max_prefix/routes/MaxPrefixScenario_OpenBGPDIPv4/openbgpd77p/AS1.txt b/tests/live_tests/scenarios/max_prefix/routes/MaxPrefixScenario_OpenBGPDIPv4/openbgpd77p/AS1.txt
new file mode 100644
index 00000000..e69de29b
diff --git a/tests/live_tests/scenarios/max_prefix/routes/MaxPrefixScenario_OpenBGPDIPv4/openbgpd77p/AS2.txt b/tests/live_tests/scenarios/max_prefix/routes/MaxPrefixScenario_OpenBGPDIPv4/openbgpd77p/AS2.txt
new file mode 100644
index 00000000..e69de29b
diff --git a/tests/live_tests/scenarios/max_prefix/routes/MaxPrefixScenario_OpenBGPDIPv4/openbgpd77p/AS3.txt b/tests/live_tests/scenarios/max_prefix/routes/MaxPrefixScenario_OpenBGPDIPv4/openbgpd77p/AS3.txt
new file mode 100644
index 00000000..e69de29b
diff --git a/tests/live_tests/scenarios/max_prefix/routes/MaxPrefixScenario_OpenBGPDIPv4/openbgpd77p/AS4.txt b/tests/live_tests/scenarios/max_prefix/routes/MaxPrefixScenario_OpenBGPDIPv4/openbgpd77p/AS4.txt
new file mode 100644
index 00000000..e69de29b
diff --git a/tests/live_tests/scenarios/max_prefix/routes/MaxPrefixScenario_OpenBGPDIPv4/openbgpd77p/rs.txt b/tests/live_tests/scenarios/max_prefix/routes/MaxPrefixScenario_OpenBGPDIPv4/openbgpd77p/rs.txt
new file mode 100644
index 00000000..e69de29b
diff --git a/tests/live_tests/scenarios/max_prefix/routes/MaxPrefixScenario_OpenBGPDIPv6/openbgpd77p/AS1.txt b/tests/live_tests/scenarios/max_prefix/routes/MaxPrefixScenario_OpenBGPDIPv6/openbgpd77p/AS1.txt
new file mode 100644
index 00000000..e69de29b
diff --git a/tests/live_tests/scenarios/max_prefix/routes/MaxPrefixScenario_OpenBGPDIPv6/openbgpd77p/AS2.txt b/tests/live_tests/scenarios/max_prefix/routes/MaxPrefixScenario_OpenBGPDIPv6/openbgpd77p/AS2.txt
new file mode 100644
index 00000000..e69de29b
diff --git a/tests/live_tests/scenarios/max_prefix/routes/MaxPrefixScenario_OpenBGPDIPv6/openbgpd77p/AS3.txt b/tests/live_tests/scenarios/max_prefix/routes/MaxPrefixScenario_OpenBGPDIPv6/openbgpd77p/AS3.txt
new file mode 100644
index 00000000..e69de29b
diff --git a/tests/live_tests/scenarios/max_prefix/routes/MaxPrefixScenario_OpenBGPDIPv6/openbgpd77p/AS4.txt b/tests/live_tests/scenarios/max_prefix/routes/MaxPrefixScenario_OpenBGPDIPv6/openbgpd77p/AS4.txt
new file mode 100644
index 00000000..e69de29b
diff --git a/tests/live_tests/scenarios/max_prefix/routes/MaxPrefixScenario_OpenBGPDIPv6/openbgpd77p/rs.txt b/tests/live_tests/scenarios/max_prefix/routes/MaxPrefixScenario_OpenBGPDIPv6/openbgpd77p/rs.txt
new file mode 100644
index 00000000..e69de29b
diff --git a/tests/live_tests/scenarios/path_hiding/configs/PathHidingScenario_MitigationOff_OpenBGPDIPv4/openbgpd76p.conf b/tests/live_tests/scenarios/path_hiding/configs/PathHidingScenario_MitigationOff_OpenBGPDIPv4/openbgpd76p.conf
new file mode 100644
index 00000000..99962116
--- /dev/null
+++ b/tests/live_tests/scenarios/path_hiding/configs/PathHidingScenario_MitigationOff_OpenBGPDIPv4/openbgpd76p.conf
@@ -0,0 +1,2281 @@
+# built by ARouteServer
+AS 999
+router-id 192.0.2.2
+
+fib-update no
+log updates
+
+nexthop qualify via default
+
+
+INTCOMM_PREF_OK_ROA="soo 65535:1"
+INTCOMM_ROUTE_OK_WL="soo 65535:2"
+INTCOMM_PREF_OK_ARINDB="soo 65535:3"
+INTCOMM_PREF_OK_REGISTROBRDB="soo 65535:12"
+
+INTCOMM_ORIGIN_OK="soo 65535:4"
+INTCOMM_ORIGIN_KO="soo 65535:5"
+INTCOMM_PREFIX_OK="soo 65535:6"
+INTCOMM_PREFIX_KO="soo 65535:7"
+INTCOMM_IRR_REJECT="soo 65535:8"
+
+INTCOMM_RPKI_UNKNOWN="soo 65535:9"
+INTCOMM_RPKI_INVALID="soo 65535:10"
+INTCOMM_RPKI_VALID="soo 65535:11"
+
+INTCOMM_PROCESS_PREPEND_COMMS="soo 65535:13"
+
+INTCOMM_NO_EXPORT="soo 65535:65281"
+INTCOMM_NO_ADVERTISE="soo 65535:65282"
+
+# ---------------------------------------------------------
+# IRRDB
+
+
+
+
+# ---------------------------------------------------------
+# MEMBERS
+
+group "clients" {
+
+	neighbor 192.0.2.11 {
+		remote-as 1
+
+
+		passive
+		ttl-security no
+		transparent-as yes
+		enforce neighbor-as no
+
+		announce as-4byte yes
+		announce IPv6 none
+		announce IPv4 unicast
+		announce add-path send best plus 5
+
+		set nexthop no-modify
+	}
+
+	neighbor 2001:db8:1:1::11 {
+		remote-as 1
+
+
+		passive
+		ttl-security no
+		transparent-as yes
+		enforce neighbor-as no
+
+		announce as-4byte yes
+		announce IPv6 unicast
+		announce IPv4 none
+		announce add-path send best plus 5
+
+		set nexthop no-modify
+	}
+
+	neighbor 192.0.2.21 {
+		remote-as 2
+
+
+		passive
+		ttl-security no
+		transparent-as yes
+		enforce neighbor-as no
+
+		announce as-4byte yes
+		announce IPv6 none
+		announce IPv4 unicast
+		announce add-path send best plus 5
+
+		set nexthop no-modify
+	}
+
+	neighbor 2001:db8:1:1::21 {
+		remote-as 2
+
+
+		passive
+		ttl-security no
+		transparent-as yes
+		enforce neighbor-as no
+
+		announce as-4byte yes
+		announce IPv6 unicast
+		announce IPv4 none
+		announce add-path send best plus 5
+
+		set nexthop no-modify
+	}
+
+	neighbor 192.0.2.31 {
+		remote-as 3
+
+
+		passive
+		ttl-security no
+		transparent-as yes
+		enforce neighbor-as no
+
+		announce as-4byte yes
+		announce IPv6 none
+		announce IPv4 unicast
+		announce add-path send best plus 5
+
+		set nexthop no-modify
+	}
+
+	neighbor 2001:db8:1:1::31 {
+		remote-as 3
+
+
+		passive
+		ttl-security no
+		transparent-as yes
+		enforce neighbor-as no
+
+		announce as-4byte yes
+		announce IPv6 unicast
+		announce IPv4 none
+		announce add-path send best plus 5
+
+		set nexthop no-modify
+	}
+
+	neighbor 192.0.2.41 {
+		remote-as 4
+
+
+		passive
+		ttl-security no
+		transparent-as yes
+		enforce neighbor-as no
+
+		announce as-4byte yes
+		announce IPv6 none
+		announce IPv4 unicast
+		announce add-path send best plus 5
+
+		set nexthop no-modify
+	}
+
+	neighbor 2001:db8:1:1::41 {
+		remote-as 4
+
+
+		passive
+		ttl-security no
+		transparent-as yes
+		enforce neighbor-as no
+
+		announce as-4byte yes
+		announce IPv6 unicast
+		announce IPv4 none
+		announce add-path send best plus 5
+
+		set nexthop no-modify
+	}
+}
+
+
+
+# ---------------------------------------------------------
+# FILTERS
+
+# NO_ADVERTISE usage notes.
+# The NO_ADVERTISE well-know community is used here to handle
+# filters that span over multiple steps. At first it is added
+# to any route, then it is removed as filters conditions are
+# satisfied. Finally, if it is still present, it means that
+# the route should be discarded.
+
+
+
+
+
+prefix-set "bogons" {
+    0.0.0.0/0
+    0.0.0.0/8 prefixlen 8 - 32
+    10.0.0.0/8 prefixlen 8 - 32
+    127.0.0.0/8 prefixlen 8 - 32
+    169.254.0.0/16 prefixlen 16 - 32
+    172.16.0.0/12 prefixlen 12 - 32
+    192.0.2.0/24 prefixlen 24 - 32
+    192.88.99.0/24 prefixlen 24 - 32
+    192.168.0.0/16 prefixlen 16 - 32
+    198.18.0.0/15 prefixlen 15 - 32
+    198.51.100.0/24 prefixlen 24 - 32
+    203.0.113.0/24 prefixlen 24 - 32
+    224.0.0.0/3 prefixlen 3 - 32
+    100.64.0.0/10 prefixlen 10 - 32
+    ::/0
+    ::/8 prefixlen 8 - 128
+    64:ff9b::/96 prefixlen 96 - 128
+    100::/8 prefixlen 8 - 128
+    200::/7 prefixlen 7 - 128
+    400::/6 prefixlen 6 - 128
+    800::/5 prefixlen 5 - 128
+    1000::/4 prefixlen 4 - 128
+    2001::/33 prefixlen 33 - 128
+    2001:0:8000::/33 prefixlen 33 - 128
+    2001:2::/48 prefixlen 48 - 128
+    2001:3::/32 prefixlen 32 - 128
+    2001:10::/28 prefixlen 28 - 128
+    2001:20::/28 prefixlen 28 - 128
+    2001:db8::/32 prefixlen 32 - 128
+    2002::/16 prefixlen 16 - 128
+    3ffe::/16 prefixlen 16 - 128
+    4000::/3 prefixlen 3 - 128
+    5f00::/8 prefixlen 8 - 128
+    6000::/3 prefixlen 3 - 128
+    8000::/3 prefixlen 3 - 128
+    a000::/3 prefixlen 3 - 128
+    c000::/3 prefixlen 3 - 128
+    e000::/4 prefixlen 4 - 128
+    f000::/5 prefixlen 5 - 128
+    f800::/6 prefixlen 6 - 128
+    fc00::/7 prefixlen 7 - 128
+    fe80::/10 prefixlen 10 - 128
+    fec0::/10 prefixlen 10 - 128
+    ff00::/8 prefixlen 8 - 128
+
+}
+
+
+# =====================================================================================
+# Global rules.
+
+# This part of configuration is processed at the beginning of the filters.
+# The rules defined in this part are applied to all the clients, and not on a
+# client-by-client basis (see the 'match from group clients'), so only global policies
+# can be implemented here, that is no client-level configuration are allowed.
+
+
+
+# Scrub communities from inbound routes
+# reject_cause
+match from group clients set community delete 65520:*
+
+# reject_cause_map_6
+match from group clients set large-community delete 999:1101:7
+
+# rejected_route_announced_by
+match from group clients set ext-community delete rt 65520:*
+
+
+# Scrub internal communities from inbound routes
+match from group clients set {
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+# The main goal of this block is to enrich routes received from clients by attaching to them
+# internal informational communities which are used later by the rest of the filter rules.
+
+# Internal communities used for RFC1997 well-known communities handling
+
+# Transform NO_EXPORT into $INTCOMM_NO_EXPORT
+match from group clients community NO_EXPORT set { ext-community $INTCOMM_NO_EXPORT community delete NO_EXPORT }
+
+# Transform NO_ADVERTISE into $INTCOMM_NO_ADVERTISE
+match from group clients community NO_ADVERTISE set { ext-community $INTCOMM_NO_ADVERTISE community delete NO_ADVERTISE }
+
+
+
+
+
+
+
+
+
+# Set the 'rejected_route_announced_by' community for all the clients.
+# It will be removed later if the route is not invalid
+match from 192.0.2.11 set ext-community rt 65520:1
+
+match from 2001:db8:1:1::11 set ext-community rt 65520:1
+
+match from 192.0.2.21 set ext-community rt 65520:2
+
+match from 2001:db8:1:1::21 set ext-community rt 65520:2
+
+match from 192.0.2.31 set ext-community rt 65520:3
+
+match from 2001:db8:1:1::31 set ext-community rt 65520:3
+
+match from 192.0.2.41 set ext-community rt 65520:4
+
+match from 2001:db8:1:1::41 set ext-community rt 65520:4
+
+
+
+
+# AS_PATH: length
+# Reject inbound routes when 'from group clients max-as-len 32' - reject code: 1
+allow quick from group clients max-as-len 32 set {
+	localpref 1
+	community 65520:0
+	community 65520:1
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+# Prefix: only IPv6 Global Unicast space allowed
+match from group clients inet6 set community NO_ADVERTISE
+match from group clients prefix 2000::/3 or-longer set community delete NO_ADVERTISE
+# Reject inbound routes when 'from group clients community NO_ADVERTISE' - reject code: 10
+allow quick from group clients community NO_ADVERTISE set {
+	localpref 1
+	community 65520:0
+	community 65520:10
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# Prefix: bogon
+# Reject inbound routes when 'from group clients prefix-set bogons' - reject code: 2
+allow quick from group clients prefix-set bogons set {
+	localpref 1
+	community 65520:0
+	community 65520:2
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+
+# =====================================================================================
+# Per client rules.
+
+
+# ---------------------------------------------
+# client AS1_1, inbound
+
+
+
+# NEXT_HOP
+match from 192.0.2.11 set community NO_ADVERTISE
+match from 192.0.2.11 nexthop 192.0.2.11 set community delete NO_ADVERTISE
+# Reject inbound routes when 'from 192.0.2.11 community NO_ADVERTISE' - reject code: 5
+allow quick from 192.0.2.11 community NO_ADVERTISE set {
+	localpref 1
+	community 65520:0
+	community 65520:5
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: left-most ASN
+# Reject inbound routes when 'from 192.0.2.11 peer-as != 1' - reject code: 6
+# community from reject_cause_map
+allow quick from 192.0.2.11 peer-as != 1 set {
+	localpref 1
+	community 65520:0
+	community 65520:6
+	large-community 999:1101:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: invalid ASNs
+# Reject inbound routes when 'from 192.0.2.11 AS 23456' - reject code: 7
+allow quick from 192.0.2.11 AS 23456 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 192.0.2.11 AS 64496 - 131071' - reject code: 7
+allow quick from 192.0.2.11 AS 64496 - 131071 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 192.0.2.11 AS 4200000000 - 4294967295' - reject code: 7
+allow quick from 192.0.2.11 AS 4200000000 - 4294967295 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+
+
+
+
+
+
+
+
+
+# Prefix: length
+# Reject inbound routes when 'from 192.0.2.11 prefix 0.0.0.0/0 prefixlen 8 >< 24' - reject code: 13
+allow quick from 192.0.2.11 prefix 0.0.0.0/0 prefixlen 8 >< 24 set {
+	localpref 1
+	community 65520:0
+	community 65520:13
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+# Remove internal communities before accepting the route
+match from 192.0.2.11 set {
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+match from 192.0.2.11 set ext-community delete rt 65520:1
+
+
+
+allow quick from 192.0.2.11
+
+
+
+# ---------------------------------------------
+# client AS1_1, outbound
+
+deny quick to 192.0.2.11 community 65520:0
+
+
+
+# Blackhole request?
+# No blackhole filtering policy given
+deny quick to 192.0.2.11 community BLACKHOLE
+
+
+
+# NO_EXPORT and NO_ADVERTISE communities
+
+# BGP control communities
+allow to 192.0.2.11
+
+# do_not_announce_to_peer
+deny quick to 192.0.2.11 community 0:1
+
+
+# Add the $INTCOMM_PROCESS_PREPEND_COMMS ext community to signal that communities
+# for prepending can be processed. As soon as one prepending action is performed,
+# this internal community is removed, so that further actions are not processed.
+match to 192.0.2.11 set ext-community $INTCOMM_PROCESS_PREPEND_COMMS
+
+
+
+
+
+# ---------------------------------------------
+# client AS1_2, inbound
+
+
+
+# NEXT_HOP
+match from 2001:db8:1:1::11 set community NO_ADVERTISE
+match from 2001:db8:1:1::11 nexthop 2001:db8:1:1::11 set community delete NO_ADVERTISE
+# Reject inbound routes when 'from 2001:db8:1:1::11 community NO_ADVERTISE' - reject code: 5
+allow quick from 2001:db8:1:1::11 community NO_ADVERTISE set {
+	localpref 1
+	community 65520:0
+	community 65520:5
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: left-most ASN
+# Reject inbound routes when 'from 2001:db8:1:1::11 peer-as != 1' - reject code: 6
+# community from reject_cause_map
+allow quick from 2001:db8:1:1::11 peer-as != 1 set {
+	localpref 1
+	community 65520:0
+	community 65520:6
+	large-community 999:1101:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: invalid ASNs
+# Reject inbound routes when 'from 2001:db8:1:1::11 AS 23456' - reject code: 7
+allow quick from 2001:db8:1:1::11 AS 23456 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 2001:db8:1:1::11 AS 64496 - 131071' - reject code: 7
+allow quick from 2001:db8:1:1::11 AS 64496 - 131071 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 2001:db8:1:1::11 AS 4200000000 - 4294967295' - reject code: 7
+allow quick from 2001:db8:1:1::11 AS 4200000000 - 4294967295 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+
+
+
+
+
+
+
+
+
+# Prefix: length
+# Reject inbound routes when 'from 2001:db8:1:1::11 prefix ::/0 prefixlen 12 >< 48' - reject code: 13
+allow quick from 2001:db8:1:1::11 prefix ::/0 prefixlen 12 >< 48 set {
+	localpref 1
+	community 65520:0
+	community 65520:13
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+# Remove internal communities before accepting the route
+match from 2001:db8:1:1::11 set {
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+match from 2001:db8:1:1::11 set ext-community delete rt 65520:1
+
+
+
+allow quick from 2001:db8:1:1::11
+
+
+
+# ---------------------------------------------
+# client AS1_2, outbound
+
+deny quick to 2001:db8:1:1::11 community 65520:0
+
+
+
+# Blackhole request?
+# No blackhole filtering policy given
+deny quick to 2001:db8:1:1::11 community BLACKHOLE
+
+
+
+# NO_EXPORT and NO_ADVERTISE communities
+
+# BGP control communities
+allow to 2001:db8:1:1::11
+
+# do_not_announce_to_peer
+deny quick to 2001:db8:1:1::11 community 0:1
+
+
+# Add the $INTCOMM_PROCESS_PREPEND_COMMS ext community to signal that communities
+# for prepending can be processed. As soon as one prepending action is performed,
+# this internal community is removed, so that further actions are not processed.
+match to 2001:db8:1:1::11 set ext-community $INTCOMM_PROCESS_PREPEND_COMMS
+
+
+
+
+
+# ---------------------------------------------
+# client AS2_1, inbound
+
+
+
+# NEXT_HOP
+match from 192.0.2.21 set community NO_ADVERTISE
+match from 192.0.2.21 nexthop 192.0.2.21 set community delete NO_ADVERTISE
+# Reject inbound routes when 'from 192.0.2.21 community NO_ADVERTISE' - reject code: 5
+allow quick from 192.0.2.21 community NO_ADVERTISE set {
+	localpref 1
+	community 65520:0
+	community 65520:5
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: left-most ASN
+# Reject inbound routes when 'from 192.0.2.21 peer-as != 2' - reject code: 6
+# community from reject_cause_map
+allow quick from 192.0.2.21 peer-as != 2 set {
+	localpref 1
+	community 65520:0
+	community 65520:6
+	large-community 999:1101:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: invalid ASNs
+# Reject inbound routes when 'from 192.0.2.21 AS 23456' - reject code: 7
+allow quick from 192.0.2.21 AS 23456 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 192.0.2.21 AS 64496 - 131071' - reject code: 7
+allow quick from 192.0.2.21 AS 64496 - 131071 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 192.0.2.21 AS 4200000000 - 4294967295' - reject code: 7
+allow quick from 192.0.2.21 AS 4200000000 - 4294967295 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+
+
+
+
+
+
+
+
+
+# Prefix: length
+# Reject inbound routes when 'from 192.0.2.21 prefix 0.0.0.0/0 prefixlen 8 >< 24' - reject code: 13
+allow quick from 192.0.2.21 prefix 0.0.0.0/0 prefixlen 8 >< 24 set {
+	localpref 1
+	community 65520:0
+	community 65520:13
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+# Remove internal communities before accepting the route
+match from 192.0.2.21 set {
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+match from 192.0.2.21 set ext-community delete rt 65520:2
+
+
+
+allow quick from 192.0.2.21
+
+
+
+# ---------------------------------------------
+# client AS2_1, outbound
+
+deny quick to 192.0.2.21 community 65520:0
+
+
+
+# Blackhole request?
+# No blackhole filtering policy given
+deny quick to 192.0.2.21 community BLACKHOLE
+
+
+
+# NO_EXPORT and NO_ADVERTISE communities
+
+# BGP control communities
+allow to 192.0.2.21
+
+# do_not_announce_to_peer
+deny quick to 192.0.2.21 community 0:2
+
+
+# Add the $INTCOMM_PROCESS_PREPEND_COMMS ext community to signal that communities
+# for prepending can be processed. As soon as one prepending action is performed,
+# this internal community is removed, so that further actions are not processed.
+match to 192.0.2.21 set ext-community $INTCOMM_PROCESS_PREPEND_COMMS
+
+
+
+
+
+# ---------------------------------------------
+# client AS2_2, inbound
+
+
+
+# NEXT_HOP
+match from 2001:db8:1:1::21 set community NO_ADVERTISE
+match from 2001:db8:1:1::21 nexthop 2001:db8:1:1::21 set community delete NO_ADVERTISE
+# Reject inbound routes when 'from 2001:db8:1:1::21 community NO_ADVERTISE' - reject code: 5
+allow quick from 2001:db8:1:1::21 community NO_ADVERTISE set {
+	localpref 1
+	community 65520:0
+	community 65520:5
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: left-most ASN
+# Reject inbound routes when 'from 2001:db8:1:1::21 peer-as != 2' - reject code: 6
+# community from reject_cause_map
+allow quick from 2001:db8:1:1::21 peer-as != 2 set {
+	localpref 1
+	community 65520:0
+	community 65520:6
+	large-community 999:1101:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: invalid ASNs
+# Reject inbound routes when 'from 2001:db8:1:1::21 AS 23456' - reject code: 7
+allow quick from 2001:db8:1:1::21 AS 23456 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 2001:db8:1:1::21 AS 64496 - 131071' - reject code: 7
+allow quick from 2001:db8:1:1::21 AS 64496 - 131071 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 2001:db8:1:1::21 AS 4200000000 - 4294967295' - reject code: 7
+allow quick from 2001:db8:1:1::21 AS 4200000000 - 4294967295 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+
+
+
+
+
+
+
+
+
+# Prefix: length
+# Reject inbound routes when 'from 2001:db8:1:1::21 prefix ::/0 prefixlen 12 >< 48' - reject code: 13
+allow quick from 2001:db8:1:1::21 prefix ::/0 prefixlen 12 >< 48 set {
+	localpref 1
+	community 65520:0
+	community 65520:13
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+# Remove internal communities before accepting the route
+match from 2001:db8:1:1::21 set {
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+match from 2001:db8:1:1::21 set ext-community delete rt 65520:2
+
+
+
+allow quick from 2001:db8:1:1::21
+
+
+
+# ---------------------------------------------
+# client AS2_2, outbound
+
+deny quick to 2001:db8:1:1::21 community 65520:0
+
+
+
+# Blackhole request?
+# No blackhole filtering policy given
+deny quick to 2001:db8:1:1::21 community BLACKHOLE
+
+
+
+# NO_EXPORT and NO_ADVERTISE communities
+
+# BGP control communities
+allow to 2001:db8:1:1::21
+
+# do_not_announce_to_peer
+deny quick to 2001:db8:1:1::21 community 0:2
+
+
+# Add the $INTCOMM_PROCESS_PREPEND_COMMS ext community to signal that communities
+# for prepending can be processed. As soon as one prepending action is performed,
+# this internal community is removed, so that further actions are not processed.
+match to 2001:db8:1:1::21 set ext-community $INTCOMM_PROCESS_PREPEND_COMMS
+
+
+
+
+
+# ---------------------------------------------
+# client AS3_1, inbound
+
+
+
+# NEXT_HOP
+match from 192.0.2.31 set community NO_ADVERTISE
+match from 192.0.2.31 nexthop 192.0.2.31 set community delete NO_ADVERTISE
+# Reject inbound routes when 'from 192.0.2.31 community NO_ADVERTISE' - reject code: 5
+allow quick from 192.0.2.31 community NO_ADVERTISE set {
+	localpref 1
+	community 65520:0
+	community 65520:5
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: left-most ASN
+# Reject inbound routes when 'from 192.0.2.31 peer-as != 3' - reject code: 6
+# community from reject_cause_map
+allow quick from 192.0.2.31 peer-as != 3 set {
+	localpref 1
+	community 65520:0
+	community 65520:6
+	large-community 999:1101:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: invalid ASNs
+# Reject inbound routes when 'from 192.0.2.31 AS 23456' - reject code: 7
+allow quick from 192.0.2.31 AS 23456 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 192.0.2.31 AS 64496 - 131071' - reject code: 7
+allow quick from 192.0.2.31 AS 64496 - 131071 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 192.0.2.31 AS 4200000000 - 4294967295' - reject code: 7
+allow quick from 192.0.2.31 AS 4200000000 - 4294967295 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+
+
+
+
+
+
+
+
+
+# Prefix: length
+# Reject inbound routes when 'from 192.0.2.31 prefix 0.0.0.0/0 prefixlen 8 >< 24' - reject code: 13
+allow quick from 192.0.2.31 prefix 0.0.0.0/0 prefixlen 8 >< 24 set {
+	localpref 1
+	community 65520:0
+	community 65520:13
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+# Remove internal communities before accepting the route
+match from 192.0.2.31 set {
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+match from 192.0.2.31 set ext-community delete rt 65520:3
+
+
+
+allow quick from 192.0.2.31
+
+
+
+# ---------------------------------------------
+# client AS3_1, outbound
+
+deny quick to 192.0.2.31 community 65520:0
+
+
+
+# Blackhole request?
+# No blackhole filtering policy given
+deny quick to 192.0.2.31 community BLACKHOLE
+
+
+
+# NO_EXPORT and NO_ADVERTISE communities
+
+# BGP control communities
+allow to 192.0.2.31
+
+# do_not_announce_to_peer
+deny quick to 192.0.2.31 community 0:3
+
+
+# Add the $INTCOMM_PROCESS_PREPEND_COMMS ext community to signal that communities
+# for prepending can be processed. As soon as one prepending action is performed,
+# this internal community is removed, so that further actions are not processed.
+match to 192.0.2.31 set ext-community $INTCOMM_PROCESS_PREPEND_COMMS
+
+
+
+
+
+# ---------------------------------------------
+# client AS3_2, inbound
+
+
+
+# NEXT_HOP
+match from 2001:db8:1:1::31 set community NO_ADVERTISE
+match from 2001:db8:1:1::31 nexthop 2001:db8:1:1::31 set community delete NO_ADVERTISE
+# Reject inbound routes when 'from 2001:db8:1:1::31 community NO_ADVERTISE' - reject code: 5
+allow quick from 2001:db8:1:1::31 community NO_ADVERTISE set {
+	localpref 1
+	community 65520:0
+	community 65520:5
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: left-most ASN
+# Reject inbound routes when 'from 2001:db8:1:1::31 peer-as != 3' - reject code: 6
+# community from reject_cause_map
+allow quick from 2001:db8:1:1::31 peer-as != 3 set {
+	localpref 1
+	community 65520:0
+	community 65520:6
+	large-community 999:1101:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: invalid ASNs
+# Reject inbound routes when 'from 2001:db8:1:1::31 AS 23456' - reject code: 7
+allow quick from 2001:db8:1:1::31 AS 23456 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 2001:db8:1:1::31 AS 64496 - 131071' - reject code: 7
+allow quick from 2001:db8:1:1::31 AS 64496 - 131071 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 2001:db8:1:1::31 AS 4200000000 - 4294967295' - reject code: 7
+allow quick from 2001:db8:1:1::31 AS 4200000000 - 4294967295 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+
+
+
+
+
+
+
+
+
+# Prefix: length
+# Reject inbound routes when 'from 2001:db8:1:1::31 prefix ::/0 prefixlen 12 >< 48' - reject code: 13
+allow quick from 2001:db8:1:1::31 prefix ::/0 prefixlen 12 >< 48 set {
+	localpref 1
+	community 65520:0
+	community 65520:13
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+# Remove internal communities before accepting the route
+match from 2001:db8:1:1::31 set {
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+match from 2001:db8:1:1::31 set ext-community delete rt 65520:3
+
+
+
+allow quick from 2001:db8:1:1::31
+
+
+
+# ---------------------------------------------
+# client AS3_2, outbound
+
+deny quick to 2001:db8:1:1::31 community 65520:0
+
+
+
+# Blackhole request?
+# No blackhole filtering policy given
+deny quick to 2001:db8:1:1::31 community BLACKHOLE
+
+
+
+# NO_EXPORT and NO_ADVERTISE communities
+
+# BGP control communities
+allow to 2001:db8:1:1::31
+
+# do_not_announce_to_peer
+deny quick to 2001:db8:1:1::31 community 0:3
+
+
+# Add the $INTCOMM_PROCESS_PREPEND_COMMS ext community to signal that communities
+# for prepending can be processed. As soon as one prepending action is performed,
+# this internal community is removed, so that further actions are not processed.
+match to 2001:db8:1:1::31 set ext-community $INTCOMM_PROCESS_PREPEND_COMMS
+
+
+
+
+
+# ---------------------------------------------
+# client AS4_1, inbound
+
+
+
+# NEXT_HOP
+match from 192.0.2.41 set community NO_ADVERTISE
+match from 192.0.2.41 nexthop 192.0.2.41 set community delete NO_ADVERTISE
+# Reject inbound routes when 'from 192.0.2.41 community NO_ADVERTISE' - reject code: 5
+allow quick from 192.0.2.41 community NO_ADVERTISE set {
+	localpref 1
+	community 65520:0
+	community 65520:5
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: left-most ASN
+# Reject inbound routes when 'from 192.0.2.41 peer-as != 4' - reject code: 6
+# community from reject_cause_map
+allow quick from 192.0.2.41 peer-as != 4 set {
+	localpref 1
+	community 65520:0
+	community 65520:6
+	large-community 999:1101:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: invalid ASNs
+# Reject inbound routes when 'from 192.0.2.41 AS 23456' - reject code: 7
+allow quick from 192.0.2.41 AS 23456 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 192.0.2.41 AS 64496 - 131071' - reject code: 7
+allow quick from 192.0.2.41 AS 64496 - 131071 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 192.0.2.41 AS 4200000000 - 4294967295' - reject code: 7
+allow quick from 192.0.2.41 AS 4200000000 - 4294967295 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+
+
+
+
+
+
+
+
+
+# Prefix: length
+# Reject inbound routes when 'from 192.0.2.41 prefix 0.0.0.0/0 prefixlen 8 >< 24' - reject code: 13
+allow quick from 192.0.2.41 prefix 0.0.0.0/0 prefixlen 8 >< 24 set {
+	localpref 1
+	community 65520:0
+	community 65520:13
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+# Remove internal communities before accepting the route
+match from 192.0.2.41 set {
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+match from 192.0.2.41 set ext-community delete rt 65520:4
+
+
+
+allow quick from 192.0.2.41
+
+
+
+# ---------------------------------------------
+# client AS4_1, outbound
+
+deny quick to 192.0.2.41 community 65520:0
+
+
+
+# Blackhole request?
+# No blackhole filtering policy given
+deny quick to 192.0.2.41 community BLACKHOLE
+
+
+
+# NO_EXPORT and NO_ADVERTISE communities
+
+# BGP control communities
+allow to 192.0.2.41
+
+# do_not_announce_to_peer
+deny quick to 192.0.2.41 community 0:4
+
+
+# Add the $INTCOMM_PROCESS_PREPEND_COMMS ext community to signal that communities
+# for prepending can be processed. As soon as one prepending action is performed,
+# this internal community is removed, so that further actions are not processed.
+match to 192.0.2.41 set ext-community $INTCOMM_PROCESS_PREPEND_COMMS
+
+
+
+
+
+# ---------------------------------------------
+# client AS4_2, inbound
+
+
+
+# NEXT_HOP
+match from 2001:db8:1:1::41 set community NO_ADVERTISE
+match from 2001:db8:1:1::41 nexthop 2001:db8:1:1::41 set community delete NO_ADVERTISE
+# Reject inbound routes when 'from 2001:db8:1:1::41 community NO_ADVERTISE' - reject code: 5
+allow quick from 2001:db8:1:1::41 community NO_ADVERTISE set {
+	localpref 1
+	community 65520:0
+	community 65520:5
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: left-most ASN
+# Reject inbound routes when 'from 2001:db8:1:1::41 peer-as != 4' - reject code: 6
+# community from reject_cause_map
+allow quick from 2001:db8:1:1::41 peer-as != 4 set {
+	localpref 1
+	community 65520:0
+	community 65520:6
+	large-community 999:1101:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: invalid ASNs
+# Reject inbound routes when 'from 2001:db8:1:1::41 AS 23456' - reject code: 7
+allow quick from 2001:db8:1:1::41 AS 23456 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 2001:db8:1:1::41 AS 64496 - 131071' - reject code: 7
+allow quick from 2001:db8:1:1::41 AS 64496 - 131071 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 2001:db8:1:1::41 AS 4200000000 - 4294967295' - reject code: 7
+allow quick from 2001:db8:1:1::41 AS 4200000000 - 4294967295 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+
+
+
+
+
+
+
+
+
+# Prefix: length
+# Reject inbound routes when 'from 2001:db8:1:1::41 prefix ::/0 prefixlen 12 >< 48' - reject code: 13
+allow quick from 2001:db8:1:1::41 prefix ::/0 prefixlen 12 >< 48 set {
+	localpref 1
+	community 65520:0
+	community 65520:13
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+# Remove internal communities before accepting the route
+match from 2001:db8:1:1::41 set {
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+match from 2001:db8:1:1::41 set ext-community delete rt 65520:4
+
+
+
+allow quick from 2001:db8:1:1::41
+
+
+
+# ---------------------------------------------
+# client AS4_2, outbound
+
+deny quick to 2001:db8:1:1::41 community 65520:0
+
+
+
+# Blackhole request?
+# No blackhole filtering policy given
+deny quick to 2001:db8:1:1::41 community BLACKHOLE
+
+
+
+# NO_EXPORT and NO_ADVERTISE communities
+
+# BGP control communities
+allow to 2001:db8:1:1::41
+
+# do_not_announce_to_peer
+deny quick to 2001:db8:1:1::41 community 0:4
+
+
+# Add the $INTCOMM_PROCESS_PREPEND_COMMS ext community to signal that communities
+# for prepending can be processed. As soon as one prepending action is performed,
+# this internal community is removed, so that further actions are not processed.
+match to 2001:db8:1:1::41 set ext-community $INTCOMM_PROCESS_PREPEND_COMMS
+
+
+
+
+
+
+
+# Scrub communities from outbound routes
+# do_not_announce_to_peer
+match to group clients set community delete 0:*
+
+# reject_cause
+match to group clients set community delete 65520:*
+
+# reject_cause_map_6
+match to group clients set large-community delete 999:1101:7
+
+# rejected_route_announced_by
+match to group clients set ext-community delete rt 65520:*
+
+
+# Scrub prepending communities
+
+
+# RFC1997 NO_EXPORT/NO_ADVERTISE received from clients and propagated because of pass-through policy
+match to group clients ext-community $INTCOMM_NO_EXPORT set community NO_EXPORT
+match to group clients ext-community $INTCOMM_NO_ADVERTISE set community NO_ADVERTISE
+
+# Remove internal communities before announcing the route
+match to group clients set {
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
diff --git a/tests/live_tests/scenarios/path_hiding/configs/PathHidingScenario_MitigationOff_OpenBGPDIPv4/openbgpd77p.conf b/tests/live_tests/scenarios/path_hiding/configs/PathHidingScenario_MitigationOff_OpenBGPDIPv4/openbgpd77p.conf
new file mode 100644
index 00000000..99962116
--- /dev/null
+++ b/tests/live_tests/scenarios/path_hiding/configs/PathHidingScenario_MitigationOff_OpenBGPDIPv4/openbgpd77p.conf
@@ -0,0 +1,2281 @@
+# built by ARouteServer
+AS 999
+router-id 192.0.2.2
+
+fib-update no
+log updates
+
+nexthop qualify via default
+
+
+INTCOMM_PREF_OK_ROA="soo 65535:1"
+INTCOMM_ROUTE_OK_WL="soo 65535:2"
+INTCOMM_PREF_OK_ARINDB="soo 65535:3"
+INTCOMM_PREF_OK_REGISTROBRDB="soo 65535:12"
+
+INTCOMM_ORIGIN_OK="soo 65535:4"
+INTCOMM_ORIGIN_KO="soo 65535:5"
+INTCOMM_PREFIX_OK="soo 65535:6"
+INTCOMM_PREFIX_KO="soo 65535:7"
+INTCOMM_IRR_REJECT="soo 65535:8"
+
+INTCOMM_RPKI_UNKNOWN="soo 65535:9"
+INTCOMM_RPKI_INVALID="soo 65535:10"
+INTCOMM_RPKI_VALID="soo 65535:11"
+
+INTCOMM_PROCESS_PREPEND_COMMS="soo 65535:13"
+
+INTCOMM_NO_EXPORT="soo 65535:65281"
+INTCOMM_NO_ADVERTISE="soo 65535:65282"
+
+# ---------------------------------------------------------
+# IRRDB
+
+
+
+
+# ---------------------------------------------------------
+# MEMBERS
+
+group "clients" {
+
+	neighbor 192.0.2.11 {
+		remote-as 1
+
+
+		passive
+		ttl-security no
+		transparent-as yes
+		enforce neighbor-as no
+
+		announce as-4byte yes
+		announce IPv6 none
+		announce IPv4 unicast
+		announce add-path send best plus 5
+
+		set nexthop no-modify
+	}
+
+	neighbor 2001:db8:1:1::11 {
+		remote-as 1
+
+
+		passive
+		ttl-security no
+		transparent-as yes
+		enforce neighbor-as no
+
+		announce as-4byte yes
+		announce IPv6 unicast
+		announce IPv4 none
+		announce add-path send best plus 5
+
+		set nexthop no-modify
+	}
+
+	neighbor 192.0.2.21 {
+		remote-as 2
+
+
+		passive
+		ttl-security no
+		transparent-as yes
+		enforce neighbor-as no
+
+		announce as-4byte yes
+		announce IPv6 none
+		announce IPv4 unicast
+		announce add-path send best plus 5
+
+		set nexthop no-modify
+	}
+
+	neighbor 2001:db8:1:1::21 {
+		remote-as 2
+
+
+		passive
+		ttl-security no
+		transparent-as yes
+		enforce neighbor-as no
+
+		announce as-4byte yes
+		announce IPv6 unicast
+		announce IPv4 none
+		announce add-path send best plus 5
+
+		set nexthop no-modify
+	}
+
+	neighbor 192.0.2.31 {
+		remote-as 3
+
+
+		passive
+		ttl-security no
+		transparent-as yes
+		enforce neighbor-as no
+
+		announce as-4byte yes
+		announce IPv6 none
+		announce IPv4 unicast
+		announce add-path send best plus 5
+
+		set nexthop no-modify
+	}
+
+	neighbor 2001:db8:1:1::31 {
+		remote-as 3
+
+
+		passive
+		ttl-security no
+		transparent-as yes
+		enforce neighbor-as no
+
+		announce as-4byte yes
+		announce IPv6 unicast
+		announce IPv4 none
+		announce add-path send best plus 5
+
+		set nexthop no-modify
+	}
+
+	neighbor 192.0.2.41 {
+		remote-as 4
+
+
+		passive
+		ttl-security no
+		transparent-as yes
+		enforce neighbor-as no
+
+		announce as-4byte yes
+		announce IPv6 none
+		announce IPv4 unicast
+		announce add-path send best plus 5
+
+		set nexthop no-modify
+	}
+
+	neighbor 2001:db8:1:1::41 {
+		remote-as 4
+
+
+		passive
+		ttl-security no
+		transparent-as yes
+		enforce neighbor-as no
+
+		announce as-4byte yes
+		announce IPv6 unicast
+		announce IPv4 none
+		announce add-path send best plus 5
+
+		set nexthop no-modify
+	}
+}
+
+
+
+# ---------------------------------------------------------
+# FILTERS
+
+# NO_ADVERTISE usage notes.
+# The NO_ADVERTISE well-know community is used here to handle
+# filters that span over multiple steps. At first it is added
+# to any route, then it is removed as filters conditions are
+# satisfied. Finally, if it is still present, it means that
+# the route should be discarded.
+
+
+
+
+
+prefix-set "bogons" {
+    0.0.0.0/0
+    0.0.0.0/8 prefixlen 8 - 32
+    10.0.0.0/8 prefixlen 8 - 32
+    127.0.0.0/8 prefixlen 8 - 32
+    169.254.0.0/16 prefixlen 16 - 32
+    172.16.0.0/12 prefixlen 12 - 32
+    192.0.2.0/24 prefixlen 24 - 32
+    192.88.99.0/24 prefixlen 24 - 32
+    192.168.0.0/16 prefixlen 16 - 32
+    198.18.0.0/15 prefixlen 15 - 32
+    198.51.100.0/24 prefixlen 24 - 32
+    203.0.113.0/24 prefixlen 24 - 32
+    224.0.0.0/3 prefixlen 3 - 32
+    100.64.0.0/10 prefixlen 10 - 32
+    ::/0
+    ::/8 prefixlen 8 - 128
+    64:ff9b::/96 prefixlen 96 - 128
+    100::/8 prefixlen 8 - 128
+    200::/7 prefixlen 7 - 128
+    400::/6 prefixlen 6 - 128
+    800::/5 prefixlen 5 - 128
+    1000::/4 prefixlen 4 - 128
+    2001::/33 prefixlen 33 - 128
+    2001:0:8000::/33 prefixlen 33 - 128
+    2001:2::/48 prefixlen 48 - 128
+    2001:3::/32 prefixlen 32 - 128
+    2001:10::/28 prefixlen 28 - 128
+    2001:20::/28 prefixlen 28 - 128
+    2001:db8::/32 prefixlen 32 - 128
+    2002::/16 prefixlen 16 - 128
+    3ffe::/16 prefixlen 16 - 128
+    4000::/3 prefixlen 3 - 128
+    5f00::/8 prefixlen 8 - 128
+    6000::/3 prefixlen 3 - 128
+    8000::/3 prefixlen 3 - 128
+    a000::/3 prefixlen 3 - 128
+    c000::/3 prefixlen 3 - 128
+    e000::/4 prefixlen 4 - 128
+    f000::/5 prefixlen 5 - 128
+    f800::/6 prefixlen 6 - 128
+    fc00::/7 prefixlen 7 - 128
+    fe80::/10 prefixlen 10 - 128
+    fec0::/10 prefixlen 10 - 128
+    ff00::/8 prefixlen 8 - 128
+
+}
+
+
+# =====================================================================================
+# Global rules.
+
+# This part of configuration is processed at the beginning of the filters.
+# The rules defined in this part are applied to all the clients, and not on a
+# client-by-client basis (see the 'match from group clients'), so only global policies
+# can be implemented here, that is no client-level configuration are allowed.
+
+
+
+# Scrub communities from inbound routes
+# reject_cause
+match from group clients set community delete 65520:*
+
+# reject_cause_map_6
+match from group clients set large-community delete 999:1101:7
+
+# rejected_route_announced_by
+match from group clients set ext-community delete rt 65520:*
+
+
+# Scrub internal communities from inbound routes
+match from group clients set {
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+# The main goal of this block is to enrich routes received from clients by attaching to them
+# internal informational communities which are used later by the rest of the filter rules.
+
+# Internal communities used for RFC1997 well-known communities handling
+
+# Transform NO_EXPORT into $INTCOMM_NO_EXPORT
+match from group clients community NO_EXPORT set { ext-community $INTCOMM_NO_EXPORT community delete NO_EXPORT }
+
+# Transform NO_ADVERTISE into $INTCOMM_NO_ADVERTISE
+match from group clients community NO_ADVERTISE set { ext-community $INTCOMM_NO_ADVERTISE community delete NO_ADVERTISE }
+
+
+
+
+
+
+
+
+
+# Set the 'rejected_route_announced_by' community for all the clients.
+# It will be removed later if the route is not invalid
+match from 192.0.2.11 set ext-community rt 65520:1
+
+match from 2001:db8:1:1::11 set ext-community rt 65520:1
+
+match from 192.0.2.21 set ext-community rt 65520:2
+
+match from 2001:db8:1:1::21 set ext-community rt 65520:2
+
+match from 192.0.2.31 set ext-community rt 65520:3
+
+match from 2001:db8:1:1::31 set ext-community rt 65520:3
+
+match from 192.0.2.41 set ext-community rt 65520:4
+
+match from 2001:db8:1:1::41 set ext-community rt 65520:4
+
+
+
+
+# AS_PATH: length
+# Reject inbound routes when 'from group clients max-as-len 32' - reject code: 1
+allow quick from group clients max-as-len 32 set {
+	localpref 1
+	community 65520:0
+	community 65520:1
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+# Prefix: only IPv6 Global Unicast space allowed
+match from group clients inet6 set community NO_ADVERTISE
+match from group clients prefix 2000::/3 or-longer set community delete NO_ADVERTISE
+# Reject inbound routes when 'from group clients community NO_ADVERTISE' - reject code: 10
+allow quick from group clients community NO_ADVERTISE set {
+	localpref 1
+	community 65520:0
+	community 65520:10
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# Prefix: bogon
+# Reject inbound routes when 'from group clients prefix-set bogons' - reject code: 2
+allow quick from group clients prefix-set bogons set {
+	localpref 1
+	community 65520:0
+	community 65520:2
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+
+# =====================================================================================
+# Per client rules.
+
+
+# ---------------------------------------------
+# client AS1_1, inbound
+
+
+
+# NEXT_HOP
+match from 192.0.2.11 set community NO_ADVERTISE
+match from 192.0.2.11 nexthop 192.0.2.11 set community delete NO_ADVERTISE
+# Reject inbound routes when 'from 192.0.2.11 community NO_ADVERTISE' - reject code: 5
+allow quick from 192.0.2.11 community NO_ADVERTISE set {
+	localpref 1
+	community 65520:0
+	community 65520:5
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: left-most ASN
+# Reject inbound routes when 'from 192.0.2.11 peer-as != 1' - reject code: 6
+# community from reject_cause_map
+allow quick from 192.0.2.11 peer-as != 1 set {
+	localpref 1
+	community 65520:0
+	community 65520:6
+	large-community 999:1101:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: invalid ASNs
+# Reject inbound routes when 'from 192.0.2.11 AS 23456' - reject code: 7
+allow quick from 192.0.2.11 AS 23456 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 192.0.2.11 AS 64496 - 131071' - reject code: 7
+allow quick from 192.0.2.11 AS 64496 - 131071 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 192.0.2.11 AS 4200000000 - 4294967295' - reject code: 7
+allow quick from 192.0.2.11 AS 4200000000 - 4294967295 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+
+
+
+
+
+
+
+
+
+# Prefix: length
+# Reject inbound routes when 'from 192.0.2.11 prefix 0.0.0.0/0 prefixlen 8 >< 24' - reject code: 13
+allow quick from 192.0.2.11 prefix 0.0.0.0/0 prefixlen 8 >< 24 set {
+	localpref 1
+	community 65520:0
+	community 65520:13
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+# Remove internal communities before accepting the route
+match from 192.0.2.11 set {
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+match from 192.0.2.11 set ext-community delete rt 65520:1
+
+
+
+allow quick from 192.0.2.11
+
+
+
+# ---------------------------------------------
+# client AS1_1, outbound
+
+deny quick to 192.0.2.11 community 65520:0
+
+
+
+# Blackhole request?
+# No blackhole filtering policy given
+deny quick to 192.0.2.11 community BLACKHOLE
+
+
+
+# NO_EXPORT and NO_ADVERTISE communities
+
+# BGP control communities
+allow to 192.0.2.11
+
+# do_not_announce_to_peer
+deny quick to 192.0.2.11 community 0:1
+
+
+# Add the $INTCOMM_PROCESS_PREPEND_COMMS ext community to signal that communities
+# for prepending can be processed. As soon as one prepending action is performed,
+# this internal community is removed, so that further actions are not processed.
+match to 192.0.2.11 set ext-community $INTCOMM_PROCESS_PREPEND_COMMS
+
+
+
+
+
+# ---------------------------------------------
+# client AS1_2, inbound
+
+
+
+# NEXT_HOP
+match from 2001:db8:1:1::11 set community NO_ADVERTISE
+match from 2001:db8:1:1::11 nexthop 2001:db8:1:1::11 set community delete NO_ADVERTISE
+# Reject inbound routes when 'from 2001:db8:1:1::11 community NO_ADVERTISE' - reject code: 5
+allow quick from 2001:db8:1:1::11 community NO_ADVERTISE set {
+	localpref 1
+	community 65520:0
+	community 65520:5
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: left-most ASN
+# Reject inbound routes when 'from 2001:db8:1:1::11 peer-as != 1' - reject code: 6
+# community from reject_cause_map
+allow quick from 2001:db8:1:1::11 peer-as != 1 set {
+	localpref 1
+	community 65520:0
+	community 65520:6
+	large-community 999:1101:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: invalid ASNs
+# Reject inbound routes when 'from 2001:db8:1:1::11 AS 23456' - reject code: 7
+allow quick from 2001:db8:1:1::11 AS 23456 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 2001:db8:1:1::11 AS 64496 - 131071' - reject code: 7
+allow quick from 2001:db8:1:1::11 AS 64496 - 131071 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 2001:db8:1:1::11 AS 4200000000 - 4294967295' - reject code: 7
+allow quick from 2001:db8:1:1::11 AS 4200000000 - 4294967295 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+
+
+
+
+
+
+
+
+
+# Prefix: length
+# Reject inbound routes when 'from 2001:db8:1:1::11 prefix ::/0 prefixlen 12 >< 48' - reject code: 13
+allow quick from 2001:db8:1:1::11 prefix ::/0 prefixlen 12 >< 48 set {
+	localpref 1
+	community 65520:0
+	community 65520:13
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+# Remove internal communities before accepting the route
+match from 2001:db8:1:1::11 set {
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+match from 2001:db8:1:1::11 set ext-community delete rt 65520:1
+
+
+
+allow quick from 2001:db8:1:1::11
+
+
+
+# ---------------------------------------------
+# client AS1_2, outbound
+
+deny quick to 2001:db8:1:1::11 community 65520:0
+
+
+
+# Blackhole request?
+# No blackhole filtering policy given
+deny quick to 2001:db8:1:1::11 community BLACKHOLE
+
+
+
+# NO_EXPORT and NO_ADVERTISE communities
+
+# BGP control communities
+allow to 2001:db8:1:1::11
+
+# do_not_announce_to_peer
+deny quick to 2001:db8:1:1::11 community 0:1
+
+
+# Add the $INTCOMM_PROCESS_PREPEND_COMMS ext community to signal that communities
+# for prepending can be processed. As soon as one prepending action is performed,
+# this internal community is removed, so that further actions are not processed.
+match to 2001:db8:1:1::11 set ext-community $INTCOMM_PROCESS_PREPEND_COMMS
+
+
+
+
+
+# ---------------------------------------------
+# client AS2_1, inbound
+
+
+
+# NEXT_HOP
+match from 192.0.2.21 set community NO_ADVERTISE
+match from 192.0.2.21 nexthop 192.0.2.21 set community delete NO_ADVERTISE
+# Reject inbound routes when 'from 192.0.2.21 community NO_ADVERTISE' - reject code: 5
+allow quick from 192.0.2.21 community NO_ADVERTISE set {
+	localpref 1
+	community 65520:0
+	community 65520:5
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: left-most ASN
+# Reject inbound routes when 'from 192.0.2.21 peer-as != 2' - reject code: 6
+# community from reject_cause_map
+allow quick from 192.0.2.21 peer-as != 2 set {
+	localpref 1
+	community 65520:0
+	community 65520:6
+	large-community 999:1101:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: invalid ASNs
+# Reject inbound routes when 'from 192.0.2.21 AS 23456' - reject code: 7
+allow quick from 192.0.2.21 AS 23456 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 192.0.2.21 AS 64496 - 131071' - reject code: 7
+allow quick from 192.0.2.21 AS 64496 - 131071 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 192.0.2.21 AS 4200000000 - 4294967295' - reject code: 7
+allow quick from 192.0.2.21 AS 4200000000 - 4294967295 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+
+
+
+
+
+
+
+
+
+# Prefix: length
+# Reject inbound routes when 'from 192.0.2.21 prefix 0.0.0.0/0 prefixlen 8 >< 24' - reject code: 13
+allow quick from 192.0.2.21 prefix 0.0.0.0/0 prefixlen 8 >< 24 set {
+	localpref 1
+	community 65520:0
+	community 65520:13
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+# Remove internal communities before accepting the route
+match from 192.0.2.21 set {
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+match from 192.0.2.21 set ext-community delete rt 65520:2
+
+
+
+allow quick from 192.0.2.21
+
+
+
+# ---------------------------------------------
+# client AS2_1, outbound
+
+deny quick to 192.0.2.21 community 65520:0
+
+
+
+# Blackhole request?
+# No blackhole filtering policy given
+deny quick to 192.0.2.21 community BLACKHOLE
+
+
+
+# NO_EXPORT and NO_ADVERTISE communities
+
+# BGP control communities
+allow to 192.0.2.21
+
+# do_not_announce_to_peer
+deny quick to 192.0.2.21 community 0:2
+
+
+# Add the $INTCOMM_PROCESS_PREPEND_COMMS ext community to signal that communities
+# for prepending can be processed. As soon as one prepending action is performed,
+# this internal community is removed, so that further actions are not processed.
+match to 192.0.2.21 set ext-community $INTCOMM_PROCESS_PREPEND_COMMS
+
+
+
+
+
+# ---------------------------------------------
+# client AS2_2, inbound
+
+
+
+# NEXT_HOP
+match from 2001:db8:1:1::21 set community NO_ADVERTISE
+match from 2001:db8:1:1::21 nexthop 2001:db8:1:1::21 set community delete NO_ADVERTISE
+# Reject inbound routes when 'from 2001:db8:1:1::21 community NO_ADVERTISE' - reject code: 5
+allow quick from 2001:db8:1:1::21 community NO_ADVERTISE set {
+	localpref 1
+	community 65520:0
+	community 65520:5
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: left-most ASN
+# Reject inbound routes when 'from 2001:db8:1:1::21 peer-as != 2' - reject code: 6
+# community from reject_cause_map
+allow quick from 2001:db8:1:1::21 peer-as != 2 set {
+	localpref 1
+	community 65520:0
+	community 65520:6
+	large-community 999:1101:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: invalid ASNs
+# Reject inbound routes when 'from 2001:db8:1:1::21 AS 23456' - reject code: 7
+allow quick from 2001:db8:1:1::21 AS 23456 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 2001:db8:1:1::21 AS 64496 - 131071' - reject code: 7
+allow quick from 2001:db8:1:1::21 AS 64496 - 131071 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 2001:db8:1:1::21 AS 4200000000 - 4294967295' - reject code: 7
+allow quick from 2001:db8:1:1::21 AS 4200000000 - 4294967295 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+
+
+
+
+
+
+
+
+
+# Prefix: length
+# Reject inbound routes when 'from 2001:db8:1:1::21 prefix ::/0 prefixlen 12 >< 48' - reject code: 13
+allow quick from 2001:db8:1:1::21 prefix ::/0 prefixlen 12 >< 48 set {
+	localpref 1
+	community 65520:0
+	community 65520:13
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+# Remove internal communities before accepting the route
+match from 2001:db8:1:1::21 set {
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+match from 2001:db8:1:1::21 set ext-community delete rt 65520:2
+
+
+
+allow quick from 2001:db8:1:1::21
+
+
+
+# ---------------------------------------------
+# client AS2_2, outbound
+
+deny quick to 2001:db8:1:1::21 community 65520:0
+
+
+
+# Blackhole request?
+# No blackhole filtering policy given
+deny quick to 2001:db8:1:1::21 community BLACKHOLE
+
+
+
+# NO_EXPORT and NO_ADVERTISE communities
+
+# BGP control communities
+allow to 2001:db8:1:1::21
+
+# do_not_announce_to_peer
+deny quick to 2001:db8:1:1::21 community 0:2
+
+
+# Add the $INTCOMM_PROCESS_PREPEND_COMMS ext community to signal that communities
+# for prepending can be processed. As soon as one prepending action is performed,
+# this internal community is removed, so that further actions are not processed.
+match to 2001:db8:1:1::21 set ext-community $INTCOMM_PROCESS_PREPEND_COMMS
+
+
+
+
+
+# ---------------------------------------------
+# client AS3_1, inbound
+
+
+
+# NEXT_HOP
+match from 192.0.2.31 set community NO_ADVERTISE
+match from 192.0.2.31 nexthop 192.0.2.31 set community delete NO_ADVERTISE
+# Reject inbound routes when 'from 192.0.2.31 community NO_ADVERTISE' - reject code: 5
+allow quick from 192.0.2.31 community NO_ADVERTISE set {
+	localpref 1
+	community 65520:0
+	community 65520:5
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: left-most ASN
+# Reject inbound routes when 'from 192.0.2.31 peer-as != 3' - reject code: 6
+# community from reject_cause_map
+allow quick from 192.0.2.31 peer-as != 3 set {
+	localpref 1
+	community 65520:0
+	community 65520:6
+	large-community 999:1101:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: invalid ASNs
+# Reject inbound routes when 'from 192.0.2.31 AS 23456' - reject code: 7
+allow quick from 192.0.2.31 AS 23456 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 192.0.2.31 AS 64496 - 131071' - reject code: 7
+allow quick from 192.0.2.31 AS 64496 - 131071 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 192.0.2.31 AS 4200000000 - 4294967295' - reject code: 7
+allow quick from 192.0.2.31 AS 4200000000 - 4294967295 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+
+
+
+
+
+
+
+
+
+# Prefix: length
+# Reject inbound routes when 'from 192.0.2.31 prefix 0.0.0.0/0 prefixlen 8 >< 24' - reject code: 13
+allow quick from 192.0.2.31 prefix 0.0.0.0/0 prefixlen 8 >< 24 set {
+	localpref 1
+	community 65520:0
+	community 65520:13
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+# Remove internal communities before accepting the route
+match from 192.0.2.31 set {
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+match from 192.0.2.31 set ext-community delete rt 65520:3
+
+
+
+allow quick from 192.0.2.31
+
+
+
+# ---------------------------------------------
+# client AS3_1, outbound
+
+deny quick to 192.0.2.31 community 65520:0
+
+
+
+# Blackhole request?
+# No blackhole filtering policy given
+deny quick to 192.0.2.31 community BLACKHOLE
+
+
+
+# NO_EXPORT and NO_ADVERTISE communities
+
+# BGP control communities
+allow to 192.0.2.31
+
+# do_not_announce_to_peer
+deny quick to 192.0.2.31 community 0:3
+
+
+# Add the $INTCOMM_PROCESS_PREPEND_COMMS ext community to signal that communities
+# for prepending can be processed. As soon as one prepending action is performed,
+# this internal community is removed, so that further actions are not processed.
+match to 192.0.2.31 set ext-community $INTCOMM_PROCESS_PREPEND_COMMS
+
+
+
+
+
+# ---------------------------------------------
+# client AS3_2, inbound
+
+
+
+# NEXT_HOP
+match from 2001:db8:1:1::31 set community NO_ADVERTISE
+match from 2001:db8:1:1::31 nexthop 2001:db8:1:1::31 set community delete NO_ADVERTISE
+# Reject inbound routes when 'from 2001:db8:1:1::31 community NO_ADVERTISE' - reject code: 5
+allow quick from 2001:db8:1:1::31 community NO_ADVERTISE set {
+	localpref 1
+	community 65520:0
+	community 65520:5
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: left-most ASN
+# Reject inbound routes when 'from 2001:db8:1:1::31 peer-as != 3' - reject code: 6
+# community from reject_cause_map
+allow quick from 2001:db8:1:1::31 peer-as != 3 set {
+	localpref 1
+	community 65520:0
+	community 65520:6
+	large-community 999:1101:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: invalid ASNs
+# Reject inbound routes when 'from 2001:db8:1:1::31 AS 23456' - reject code: 7
+allow quick from 2001:db8:1:1::31 AS 23456 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 2001:db8:1:1::31 AS 64496 - 131071' - reject code: 7
+allow quick from 2001:db8:1:1::31 AS 64496 - 131071 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 2001:db8:1:1::31 AS 4200000000 - 4294967295' - reject code: 7
+allow quick from 2001:db8:1:1::31 AS 4200000000 - 4294967295 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+
+
+
+
+
+
+
+
+
+# Prefix: length
+# Reject inbound routes when 'from 2001:db8:1:1::31 prefix ::/0 prefixlen 12 >< 48' - reject code: 13
+allow quick from 2001:db8:1:1::31 prefix ::/0 prefixlen 12 >< 48 set {
+	localpref 1
+	community 65520:0
+	community 65520:13
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+# Remove internal communities before accepting the route
+match from 2001:db8:1:1::31 set {
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+match from 2001:db8:1:1::31 set ext-community delete rt 65520:3
+
+
+
+allow quick from 2001:db8:1:1::31
+
+
+
+# ---------------------------------------------
+# client AS3_2, outbound
+
+deny quick to 2001:db8:1:1::31 community 65520:0
+
+
+
+# Blackhole request?
+# No blackhole filtering policy given
+deny quick to 2001:db8:1:1::31 community BLACKHOLE
+
+
+
+# NO_EXPORT and NO_ADVERTISE communities
+
+# BGP control communities
+allow to 2001:db8:1:1::31
+
+# do_not_announce_to_peer
+deny quick to 2001:db8:1:1::31 community 0:3
+
+
+# Add the $INTCOMM_PROCESS_PREPEND_COMMS ext community to signal that communities
+# for prepending can be processed. As soon as one prepending action is performed,
+# this internal community is removed, so that further actions are not processed.
+match to 2001:db8:1:1::31 set ext-community $INTCOMM_PROCESS_PREPEND_COMMS
+
+
+
+
+
+# ---------------------------------------------
+# client AS4_1, inbound
+
+
+
+# NEXT_HOP
+match from 192.0.2.41 set community NO_ADVERTISE
+match from 192.0.2.41 nexthop 192.0.2.41 set community delete NO_ADVERTISE
+# Reject inbound routes when 'from 192.0.2.41 community NO_ADVERTISE' - reject code: 5
+allow quick from 192.0.2.41 community NO_ADVERTISE set {
+	localpref 1
+	community 65520:0
+	community 65520:5
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: left-most ASN
+# Reject inbound routes when 'from 192.0.2.41 peer-as != 4' - reject code: 6
+# community from reject_cause_map
+allow quick from 192.0.2.41 peer-as != 4 set {
+	localpref 1
+	community 65520:0
+	community 65520:6
+	large-community 999:1101:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: invalid ASNs
+# Reject inbound routes when 'from 192.0.2.41 AS 23456' - reject code: 7
+allow quick from 192.0.2.41 AS 23456 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 192.0.2.41 AS 64496 - 131071' - reject code: 7
+allow quick from 192.0.2.41 AS 64496 - 131071 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 192.0.2.41 AS 4200000000 - 4294967295' - reject code: 7
+allow quick from 192.0.2.41 AS 4200000000 - 4294967295 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+
+
+
+
+
+
+
+
+
+# Prefix: length
+# Reject inbound routes when 'from 192.0.2.41 prefix 0.0.0.0/0 prefixlen 8 >< 24' - reject code: 13
+allow quick from 192.0.2.41 prefix 0.0.0.0/0 prefixlen 8 >< 24 set {
+	localpref 1
+	community 65520:0
+	community 65520:13
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+# Remove internal communities before accepting the route
+match from 192.0.2.41 set {
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+match from 192.0.2.41 set ext-community delete rt 65520:4
+
+
+
+allow quick from 192.0.2.41
+
+
+
+# ---------------------------------------------
+# client AS4_1, outbound
+
+deny quick to 192.0.2.41 community 65520:0
+
+
+
+# Blackhole request?
+# No blackhole filtering policy given
+deny quick to 192.0.2.41 community BLACKHOLE
+
+
+
+# NO_EXPORT and NO_ADVERTISE communities
+
+# BGP control communities
+allow to 192.0.2.41
+
+# do_not_announce_to_peer
+deny quick to 192.0.2.41 community 0:4
+
+
+# Add the $INTCOMM_PROCESS_PREPEND_COMMS ext community to signal that communities
+# for prepending can be processed. As soon as one prepending action is performed,
+# this internal community is removed, so that further actions are not processed.
+match to 192.0.2.41 set ext-community $INTCOMM_PROCESS_PREPEND_COMMS
+
+
+
+
+
+# ---------------------------------------------
+# client AS4_2, inbound
+
+
+
+# NEXT_HOP
+match from 2001:db8:1:1::41 set community NO_ADVERTISE
+match from 2001:db8:1:1::41 nexthop 2001:db8:1:1::41 set community delete NO_ADVERTISE
+# Reject inbound routes when 'from 2001:db8:1:1::41 community NO_ADVERTISE' - reject code: 5
+allow quick from 2001:db8:1:1::41 community NO_ADVERTISE set {
+	localpref 1
+	community 65520:0
+	community 65520:5
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: left-most ASN
+# Reject inbound routes when 'from 2001:db8:1:1::41 peer-as != 4' - reject code: 6
+# community from reject_cause_map
+allow quick from 2001:db8:1:1::41 peer-as != 4 set {
+	localpref 1
+	community 65520:0
+	community 65520:6
+	large-community 999:1101:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: invalid ASNs
+# Reject inbound routes when 'from 2001:db8:1:1::41 AS 23456' - reject code: 7
+allow quick from 2001:db8:1:1::41 AS 23456 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 2001:db8:1:1::41 AS 64496 - 131071' - reject code: 7
+allow quick from 2001:db8:1:1::41 AS 64496 - 131071 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 2001:db8:1:1::41 AS 4200000000 - 4294967295' - reject code: 7
+allow quick from 2001:db8:1:1::41 AS 4200000000 - 4294967295 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+
+
+
+
+
+
+
+
+
+# Prefix: length
+# Reject inbound routes when 'from 2001:db8:1:1::41 prefix ::/0 prefixlen 12 >< 48' - reject code: 13
+allow quick from 2001:db8:1:1::41 prefix ::/0 prefixlen 12 >< 48 set {
+	localpref 1
+	community 65520:0
+	community 65520:13
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+# Remove internal communities before accepting the route
+match from 2001:db8:1:1::41 set {
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+match from 2001:db8:1:1::41 set ext-community delete rt 65520:4
+
+
+
+allow quick from 2001:db8:1:1::41
+
+
+
+# ---------------------------------------------
+# client AS4_2, outbound
+
+deny quick to 2001:db8:1:1::41 community 65520:0
+
+
+
+# Blackhole request?
+# No blackhole filtering policy given
+deny quick to 2001:db8:1:1::41 community BLACKHOLE
+
+
+
+# NO_EXPORT and NO_ADVERTISE communities
+
+# BGP control communities
+allow to 2001:db8:1:1::41
+
+# do_not_announce_to_peer
+deny quick to 2001:db8:1:1::41 community 0:4
+
+
+# Add the $INTCOMM_PROCESS_PREPEND_COMMS ext community to signal that communities
+# for prepending can be processed. As soon as one prepending action is performed,
+# this internal community is removed, so that further actions are not processed.
+match to 2001:db8:1:1::41 set ext-community $INTCOMM_PROCESS_PREPEND_COMMS
+
+
+
+
+
+
+
+# Scrub communities from outbound routes
+# do_not_announce_to_peer
+match to group clients set community delete 0:*
+
+# reject_cause
+match to group clients set community delete 65520:*
+
+# reject_cause_map_6
+match to group clients set large-community delete 999:1101:7
+
+# rejected_route_announced_by
+match to group clients set ext-community delete rt 65520:*
+
+
+# Scrub prepending communities
+
+
+# RFC1997 NO_EXPORT/NO_ADVERTISE received from clients and propagated because of pass-through policy
+match to group clients ext-community $INTCOMM_NO_EXPORT set community NO_EXPORT
+match to group clients ext-community $INTCOMM_NO_ADVERTISE set community NO_ADVERTISE
+
+# Remove internal communities before announcing the route
+match to group clients set {
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
diff --git a/tests/live_tests/scenarios/path_hiding/configs/PathHidingScenario_MitigationOff_OpenBGPDIPv6/openbgpd76p.conf b/tests/live_tests/scenarios/path_hiding/configs/PathHidingScenario_MitigationOff_OpenBGPDIPv6/openbgpd76p.conf
new file mode 100644
index 00000000..99962116
--- /dev/null
+++ b/tests/live_tests/scenarios/path_hiding/configs/PathHidingScenario_MitigationOff_OpenBGPDIPv6/openbgpd76p.conf
@@ -0,0 +1,2281 @@
+# built by ARouteServer
+AS 999
+router-id 192.0.2.2
+
+fib-update no
+log updates
+
+nexthop qualify via default
+
+
+INTCOMM_PREF_OK_ROA="soo 65535:1"
+INTCOMM_ROUTE_OK_WL="soo 65535:2"
+INTCOMM_PREF_OK_ARINDB="soo 65535:3"
+INTCOMM_PREF_OK_REGISTROBRDB="soo 65535:12"
+
+INTCOMM_ORIGIN_OK="soo 65535:4"
+INTCOMM_ORIGIN_KO="soo 65535:5"
+INTCOMM_PREFIX_OK="soo 65535:6"
+INTCOMM_PREFIX_KO="soo 65535:7"
+INTCOMM_IRR_REJECT="soo 65535:8"
+
+INTCOMM_RPKI_UNKNOWN="soo 65535:9"
+INTCOMM_RPKI_INVALID="soo 65535:10"
+INTCOMM_RPKI_VALID="soo 65535:11"
+
+INTCOMM_PROCESS_PREPEND_COMMS="soo 65535:13"
+
+INTCOMM_NO_EXPORT="soo 65535:65281"
+INTCOMM_NO_ADVERTISE="soo 65535:65282"
+
+# ---------------------------------------------------------
+# IRRDB
+
+
+
+
+# ---------------------------------------------------------
+# MEMBERS
+
+group "clients" {
+
+	neighbor 192.0.2.11 {
+		remote-as 1
+
+
+		passive
+		ttl-security no
+		transparent-as yes
+		enforce neighbor-as no
+
+		announce as-4byte yes
+		announce IPv6 none
+		announce IPv4 unicast
+		announce add-path send best plus 5
+
+		set nexthop no-modify
+	}
+
+	neighbor 2001:db8:1:1::11 {
+		remote-as 1
+
+
+		passive
+		ttl-security no
+		transparent-as yes
+		enforce neighbor-as no
+
+		announce as-4byte yes
+		announce IPv6 unicast
+		announce IPv4 none
+		announce add-path send best plus 5
+
+		set nexthop no-modify
+	}
+
+	neighbor 192.0.2.21 {
+		remote-as 2
+
+
+		passive
+		ttl-security no
+		transparent-as yes
+		enforce neighbor-as no
+
+		announce as-4byte yes
+		announce IPv6 none
+		announce IPv4 unicast
+		announce add-path send best plus 5
+
+		set nexthop no-modify
+	}
+
+	neighbor 2001:db8:1:1::21 {
+		remote-as 2
+
+
+		passive
+		ttl-security no
+		transparent-as yes
+		enforce neighbor-as no
+
+		announce as-4byte yes
+		announce IPv6 unicast
+		announce IPv4 none
+		announce add-path send best plus 5
+
+		set nexthop no-modify
+	}
+
+	neighbor 192.0.2.31 {
+		remote-as 3
+
+
+		passive
+		ttl-security no
+		transparent-as yes
+		enforce neighbor-as no
+
+		announce as-4byte yes
+		announce IPv6 none
+		announce IPv4 unicast
+		announce add-path send best plus 5
+
+		set nexthop no-modify
+	}
+
+	neighbor 2001:db8:1:1::31 {
+		remote-as 3
+
+
+		passive
+		ttl-security no
+		transparent-as yes
+		enforce neighbor-as no
+
+		announce as-4byte yes
+		announce IPv6 unicast
+		announce IPv4 none
+		announce add-path send best plus 5
+
+		set nexthop no-modify
+	}
+
+	neighbor 192.0.2.41 {
+		remote-as 4
+
+
+		passive
+		ttl-security no
+		transparent-as yes
+		enforce neighbor-as no
+
+		announce as-4byte yes
+		announce IPv6 none
+		announce IPv4 unicast
+		announce add-path send best plus 5
+
+		set nexthop no-modify
+	}
+
+	neighbor 2001:db8:1:1::41 {
+		remote-as 4
+
+
+		passive
+		ttl-security no
+		transparent-as yes
+		enforce neighbor-as no
+
+		announce as-4byte yes
+		announce IPv6 unicast
+		announce IPv4 none
+		announce add-path send best plus 5
+
+		set nexthop no-modify
+	}
+}
+
+
+
+# ---------------------------------------------------------
+# FILTERS
+
+# NO_ADVERTISE usage notes.
+# The NO_ADVERTISE well-know community is used here to handle
+# filters that span over multiple steps. At first it is added
+# to any route, then it is removed as filters conditions are
+# satisfied. Finally, if it is still present, it means that
+# the route should be discarded.
+
+
+
+
+
+prefix-set "bogons" {
+    0.0.0.0/0
+    0.0.0.0/8 prefixlen 8 - 32
+    10.0.0.0/8 prefixlen 8 - 32
+    127.0.0.0/8 prefixlen 8 - 32
+    169.254.0.0/16 prefixlen 16 - 32
+    172.16.0.0/12 prefixlen 12 - 32
+    192.0.2.0/24 prefixlen 24 - 32
+    192.88.99.0/24 prefixlen 24 - 32
+    192.168.0.0/16 prefixlen 16 - 32
+    198.18.0.0/15 prefixlen 15 - 32
+    198.51.100.0/24 prefixlen 24 - 32
+    203.0.113.0/24 prefixlen 24 - 32
+    224.0.0.0/3 prefixlen 3 - 32
+    100.64.0.0/10 prefixlen 10 - 32
+    ::/0
+    ::/8 prefixlen 8 - 128
+    64:ff9b::/96 prefixlen 96 - 128
+    100::/8 prefixlen 8 - 128
+    200::/7 prefixlen 7 - 128
+    400::/6 prefixlen 6 - 128
+    800::/5 prefixlen 5 - 128
+    1000::/4 prefixlen 4 - 128
+    2001::/33 prefixlen 33 - 128
+    2001:0:8000::/33 prefixlen 33 - 128
+    2001:2::/48 prefixlen 48 - 128
+    2001:3::/32 prefixlen 32 - 128
+    2001:10::/28 prefixlen 28 - 128
+    2001:20::/28 prefixlen 28 - 128
+    2001:db8::/32 prefixlen 32 - 128
+    2002::/16 prefixlen 16 - 128
+    3ffe::/16 prefixlen 16 - 128
+    4000::/3 prefixlen 3 - 128
+    5f00::/8 prefixlen 8 - 128
+    6000::/3 prefixlen 3 - 128
+    8000::/3 prefixlen 3 - 128
+    a000::/3 prefixlen 3 - 128
+    c000::/3 prefixlen 3 - 128
+    e000::/4 prefixlen 4 - 128
+    f000::/5 prefixlen 5 - 128
+    f800::/6 prefixlen 6 - 128
+    fc00::/7 prefixlen 7 - 128
+    fe80::/10 prefixlen 10 - 128
+    fec0::/10 prefixlen 10 - 128
+    ff00::/8 prefixlen 8 - 128
+
+}
+
+
+# =====================================================================================
+# Global rules.
+
+# This part of configuration is processed at the beginning of the filters.
+# The rules defined in this part are applied to all the clients, and not on a
+# client-by-client basis (see the 'match from group clients'), so only global policies
+# can be implemented here, that is no client-level configuration are allowed.
+
+
+
+# Scrub communities from inbound routes
+# reject_cause
+match from group clients set community delete 65520:*
+
+# reject_cause_map_6
+match from group clients set large-community delete 999:1101:7
+
+# rejected_route_announced_by
+match from group clients set ext-community delete rt 65520:*
+
+
+# Scrub internal communities from inbound routes
+match from group clients set {
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+# The main goal of this block is to enrich routes received from clients by attaching to them
+# internal informational communities which are used later by the rest of the filter rules.
+
+# Internal communities used for RFC1997 well-known communities handling
+
+# Transform NO_EXPORT into $INTCOMM_NO_EXPORT
+match from group clients community NO_EXPORT set { ext-community $INTCOMM_NO_EXPORT community delete NO_EXPORT }
+
+# Transform NO_ADVERTISE into $INTCOMM_NO_ADVERTISE
+match from group clients community NO_ADVERTISE set { ext-community $INTCOMM_NO_ADVERTISE community delete NO_ADVERTISE }
+
+
+
+
+
+
+
+
+
+# Set the 'rejected_route_announced_by' community for all the clients.
+# It will be removed later if the route is not invalid
+match from 192.0.2.11 set ext-community rt 65520:1
+
+match from 2001:db8:1:1::11 set ext-community rt 65520:1
+
+match from 192.0.2.21 set ext-community rt 65520:2
+
+match from 2001:db8:1:1::21 set ext-community rt 65520:2
+
+match from 192.0.2.31 set ext-community rt 65520:3
+
+match from 2001:db8:1:1::31 set ext-community rt 65520:3
+
+match from 192.0.2.41 set ext-community rt 65520:4
+
+match from 2001:db8:1:1::41 set ext-community rt 65520:4
+
+
+
+
+# AS_PATH: length
+# Reject inbound routes when 'from group clients max-as-len 32' - reject code: 1
+allow quick from group clients max-as-len 32 set {
+	localpref 1
+	community 65520:0
+	community 65520:1
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+# Prefix: only IPv6 Global Unicast space allowed
+match from group clients inet6 set community NO_ADVERTISE
+match from group clients prefix 2000::/3 or-longer set community delete NO_ADVERTISE
+# Reject inbound routes when 'from group clients community NO_ADVERTISE' - reject code: 10
+allow quick from group clients community NO_ADVERTISE set {
+	localpref 1
+	community 65520:0
+	community 65520:10
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# Prefix: bogon
+# Reject inbound routes when 'from group clients prefix-set bogons' - reject code: 2
+allow quick from group clients prefix-set bogons set {
+	localpref 1
+	community 65520:0
+	community 65520:2
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+
+# =====================================================================================
+# Per client rules.
+
+
+# ---------------------------------------------
+# client AS1_1, inbound
+
+
+
+# NEXT_HOP
+match from 192.0.2.11 set community NO_ADVERTISE
+match from 192.0.2.11 nexthop 192.0.2.11 set community delete NO_ADVERTISE
+# Reject inbound routes when 'from 192.0.2.11 community NO_ADVERTISE' - reject code: 5
+allow quick from 192.0.2.11 community NO_ADVERTISE set {
+	localpref 1
+	community 65520:0
+	community 65520:5
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: left-most ASN
+# Reject inbound routes when 'from 192.0.2.11 peer-as != 1' - reject code: 6
+# community from reject_cause_map
+allow quick from 192.0.2.11 peer-as != 1 set {
+	localpref 1
+	community 65520:0
+	community 65520:6
+	large-community 999:1101:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: invalid ASNs
+# Reject inbound routes when 'from 192.0.2.11 AS 23456' - reject code: 7
+allow quick from 192.0.2.11 AS 23456 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 192.0.2.11 AS 64496 - 131071' - reject code: 7
+allow quick from 192.0.2.11 AS 64496 - 131071 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 192.0.2.11 AS 4200000000 - 4294967295' - reject code: 7
+allow quick from 192.0.2.11 AS 4200000000 - 4294967295 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+
+
+
+
+
+
+
+
+
+# Prefix: length
+# Reject inbound routes when 'from 192.0.2.11 prefix 0.0.0.0/0 prefixlen 8 >< 24' - reject code: 13
+allow quick from 192.0.2.11 prefix 0.0.0.0/0 prefixlen 8 >< 24 set {
+	localpref 1
+	community 65520:0
+	community 65520:13
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+# Remove internal communities before accepting the route
+match from 192.0.2.11 set {
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+match from 192.0.2.11 set ext-community delete rt 65520:1
+
+
+
+allow quick from 192.0.2.11
+
+
+
+# ---------------------------------------------
+# client AS1_1, outbound
+
+deny quick to 192.0.2.11 community 65520:0
+
+
+
+# Blackhole request?
+# No blackhole filtering policy given
+deny quick to 192.0.2.11 community BLACKHOLE
+
+
+
+# NO_EXPORT and NO_ADVERTISE communities
+
+# BGP control communities
+allow to 192.0.2.11
+
+# do_not_announce_to_peer
+deny quick to 192.0.2.11 community 0:1
+
+
+# Add the $INTCOMM_PROCESS_PREPEND_COMMS ext community to signal that communities
+# for prepending can be processed. As soon as one prepending action is performed,
+# this internal community is removed, so that further actions are not processed.
+match to 192.0.2.11 set ext-community $INTCOMM_PROCESS_PREPEND_COMMS
+
+
+
+
+
+# ---------------------------------------------
+# client AS1_2, inbound
+
+
+
+# NEXT_HOP
+match from 2001:db8:1:1::11 set community NO_ADVERTISE
+match from 2001:db8:1:1::11 nexthop 2001:db8:1:1::11 set community delete NO_ADVERTISE
+# Reject inbound routes when 'from 2001:db8:1:1::11 community NO_ADVERTISE' - reject code: 5
+allow quick from 2001:db8:1:1::11 community NO_ADVERTISE set {
+	localpref 1
+	community 65520:0
+	community 65520:5
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: left-most ASN
+# Reject inbound routes when 'from 2001:db8:1:1::11 peer-as != 1' - reject code: 6
+# community from reject_cause_map
+allow quick from 2001:db8:1:1::11 peer-as != 1 set {
+	localpref 1
+	community 65520:0
+	community 65520:6
+	large-community 999:1101:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: invalid ASNs
+# Reject inbound routes when 'from 2001:db8:1:1::11 AS 23456' - reject code: 7
+allow quick from 2001:db8:1:1::11 AS 23456 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 2001:db8:1:1::11 AS 64496 - 131071' - reject code: 7
+allow quick from 2001:db8:1:1::11 AS 64496 - 131071 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 2001:db8:1:1::11 AS 4200000000 - 4294967295' - reject code: 7
+allow quick from 2001:db8:1:1::11 AS 4200000000 - 4294967295 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+
+
+
+
+
+
+
+
+
+# Prefix: length
+# Reject inbound routes when 'from 2001:db8:1:1::11 prefix ::/0 prefixlen 12 >< 48' - reject code: 13
+allow quick from 2001:db8:1:1::11 prefix ::/0 prefixlen 12 >< 48 set {
+	localpref 1
+	community 65520:0
+	community 65520:13
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+# Remove internal communities before accepting the route
+match from 2001:db8:1:1::11 set {
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+match from 2001:db8:1:1::11 set ext-community delete rt 65520:1
+
+
+
+allow quick from 2001:db8:1:1::11
+
+
+
+# ---------------------------------------------
+# client AS1_2, outbound
+
+deny quick to 2001:db8:1:1::11 community 65520:0
+
+
+
+# Blackhole request?
+# No blackhole filtering policy given
+deny quick to 2001:db8:1:1::11 community BLACKHOLE
+
+
+
+# NO_EXPORT and NO_ADVERTISE communities
+
+# BGP control communities
+allow to 2001:db8:1:1::11
+
+# do_not_announce_to_peer
+deny quick to 2001:db8:1:1::11 community 0:1
+
+
+# Add the $INTCOMM_PROCESS_PREPEND_COMMS ext community to signal that communities
+# for prepending can be processed. As soon as one prepending action is performed,
+# this internal community is removed, so that further actions are not processed.
+match to 2001:db8:1:1::11 set ext-community $INTCOMM_PROCESS_PREPEND_COMMS
+
+
+
+
+
+# ---------------------------------------------
+# client AS2_1, inbound
+
+
+
+# NEXT_HOP
+match from 192.0.2.21 set community NO_ADVERTISE
+match from 192.0.2.21 nexthop 192.0.2.21 set community delete NO_ADVERTISE
+# Reject inbound routes when 'from 192.0.2.21 community NO_ADVERTISE' - reject code: 5
+allow quick from 192.0.2.21 community NO_ADVERTISE set {
+	localpref 1
+	community 65520:0
+	community 65520:5
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: left-most ASN
+# Reject inbound routes when 'from 192.0.2.21 peer-as != 2' - reject code: 6
+# community from reject_cause_map
+allow quick from 192.0.2.21 peer-as != 2 set {
+	localpref 1
+	community 65520:0
+	community 65520:6
+	large-community 999:1101:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: invalid ASNs
+# Reject inbound routes when 'from 192.0.2.21 AS 23456' - reject code: 7
+allow quick from 192.0.2.21 AS 23456 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 192.0.2.21 AS 64496 - 131071' - reject code: 7
+allow quick from 192.0.2.21 AS 64496 - 131071 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 192.0.2.21 AS 4200000000 - 4294967295' - reject code: 7
+allow quick from 192.0.2.21 AS 4200000000 - 4294967295 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+
+
+
+
+
+
+
+
+
+# Prefix: length
+# Reject inbound routes when 'from 192.0.2.21 prefix 0.0.0.0/0 prefixlen 8 >< 24' - reject code: 13
+allow quick from 192.0.2.21 prefix 0.0.0.0/0 prefixlen 8 >< 24 set {
+	localpref 1
+	community 65520:0
+	community 65520:13
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+# Remove internal communities before accepting the route
+match from 192.0.2.21 set {
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+match from 192.0.2.21 set ext-community delete rt 65520:2
+
+
+
+allow quick from 192.0.2.21
+
+
+
+# ---------------------------------------------
+# client AS2_1, outbound
+
+deny quick to 192.0.2.21 community 65520:0
+
+
+
+# Blackhole request?
+# No blackhole filtering policy given
+deny quick to 192.0.2.21 community BLACKHOLE
+
+
+
+# NO_EXPORT and NO_ADVERTISE communities
+
+# BGP control communities
+allow to 192.0.2.21
+
+# do_not_announce_to_peer
+deny quick to 192.0.2.21 community 0:2
+
+
+# Add the $INTCOMM_PROCESS_PREPEND_COMMS ext community to signal that communities
+# for prepending can be processed. As soon as one prepending action is performed,
+# this internal community is removed, so that further actions are not processed.
+match to 192.0.2.21 set ext-community $INTCOMM_PROCESS_PREPEND_COMMS
+
+
+
+
+
+# ---------------------------------------------
+# client AS2_2, inbound
+
+
+
+# NEXT_HOP
+match from 2001:db8:1:1::21 set community NO_ADVERTISE
+match from 2001:db8:1:1::21 nexthop 2001:db8:1:1::21 set community delete NO_ADVERTISE
+# Reject inbound routes when 'from 2001:db8:1:1::21 community NO_ADVERTISE' - reject code: 5
+allow quick from 2001:db8:1:1::21 community NO_ADVERTISE set {
+	localpref 1
+	community 65520:0
+	community 65520:5
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: left-most ASN
+# Reject inbound routes when 'from 2001:db8:1:1::21 peer-as != 2' - reject code: 6
+# community from reject_cause_map
+allow quick from 2001:db8:1:1::21 peer-as != 2 set {
+	localpref 1
+	community 65520:0
+	community 65520:6
+	large-community 999:1101:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: invalid ASNs
+# Reject inbound routes when 'from 2001:db8:1:1::21 AS 23456' - reject code: 7
+allow quick from 2001:db8:1:1::21 AS 23456 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 2001:db8:1:1::21 AS 64496 - 131071' - reject code: 7
+allow quick from 2001:db8:1:1::21 AS 64496 - 131071 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 2001:db8:1:1::21 AS 4200000000 - 4294967295' - reject code: 7
+allow quick from 2001:db8:1:1::21 AS 4200000000 - 4294967295 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+
+
+
+
+
+
+
+
+
+# Prefix: length
+# Reject inbound routes when 'from 2001:db8:1:1::21 prefix ::/0 prefixlen 12 >< 48' - reject code: 13
+allow quick from 2001:db8:1:1::21 prefix ::/0 prefixlen 12 >< 48 set {
+	localpref 1
+	community 65520:0
+	community 65520:13
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+# Remove internal communities before accepting the route
+match from 2001:db8:1:1::21 set {
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+match from 2001:db8:1:1::21 set ext-community delete rt 65520:2
+
+
+
+allow quick from 2001:db8:1:1::21
+
+
+
+# ---------------------------------------------
+# client AS2_2, outbound
+
+deny quick to 2001:db8:1:1::21 community 65520:0
+
+
+
+# Blackhole request?
+# No blackhole filtering policy given
+deny quick to 2001:db8:1:1::21 community BLACKHOLE
+
+
+
+# NO_EXPORT and NO_ADVERTISE communities
+
+# BGP control communities
+allow to 2001:db8:1:1::21
+
+# do_not_announce_to_peer
+deny quick to 2001:db8:1:1::21 community 0:2
+
+
+# Add the $INTCOMM_PROCESS_PREPEND_COMMS ext community to signal that communities
+# for prepending can be processed. As soon as one prepending action is performed,
+# this internal community is removed, so that further actions are not processed.
+match to 2001:db8:1:1::21 set ext-community $INTCOMM_PROCESS_PREPEND_COMMS
+
+
+
+
+
+# ---------------------------------------------
+# client AS3_1, inbound
+
+
+
+# NEXT_HOP
+match from 192.0.2.31 set community NO_ADVERTISE
+match from 192.0.2.31 nexthop 192.0.2.31 set community delete NO_ADVERTISE
+# Reject inbound routes when 'from 192.0.2.31 community NO_ADVERTISE' - reject code: 5
+allow quick from 192.0.2.31 community NO_ADVERTISE set {
+	localpref 1
+	community 65520:0
+	community 65520:5
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: left-most ASN
+# Reject inbound routes when 'from 192.0.2.31 peer-as != 3' - reject code: 6
+# community from reject_cause_map
+allow quick from 192.0.2.31 peer-as != 3 set {
+	localpref 1
+	community 65520:0
+	community 65520:6
+	large-community 999:1101:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: invalid ASNs
+# Reject inbound routes when 'from 192.0.2.31 AS 23456' - reject code: 7
+allow quick from 192.0.2.31 AS 23456 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 192.0.2.31 AS 64496 - 131071' - reject code: 7
+allow quick from 192.0.2.31 AS 64496 - 131071 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 192.0.2.31 AS 4200000000 - 4294967295' - reject code: 7
+allow quick from 192.0.2.31 AS 4200000000 - 4294967295 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+
+
+
+
+
+
+
+
+
+# Prefix: length
+# Reject inbound routes when 'from 192.0.2.31 prefix 0.0.0.0/0 prefixlen 8 >< 24' - reject code: 13
+allow quick from 192.0.2.31 prefix 0.0.0.0/0 prefixlen 8 >< 24 set {
+	localpref 1
+	community 65520:0
+	community 65520:13
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+# Remove internal communities before accepting the route
+match from 192.0.2.31 set {
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+match from 192.0.2.31 set ext-community delete rt 65520:3
+
+
+
+allow quick from 192.0.2.31
+
+
+
+# ---------------------------------------------
+# client AS3_1, outbound
+
+deny quick to 192.0.2.31 community 65520:0
+
+
+
+# Blackhole request?
+# No blackhole filtering policy given
+deny quick to 192.0.2.31 community BLACKHOLE
+
+
+
+# NO_EXPORT and NO_ADVERTISE communities
+
+# BGP control communities
+allow to 192.0.2.31
+
+# do_not_announce_to_peer
+deny quick to 192.0.2.31 community 0:3
+
+
+# Add the $INTCOMM_PROCESS_PREPEND_COMMS ext community to signal that communities
+# for prepending can be processed. As soon as one prepending action is performed,
+# this internal community is removed, so that further actions are not processed.
+match to 192.0.2.31 set ext-community $INTCOMM_PROCESS_PREPEND_COMMS
+
+
+
+
+
+# ---------------------------------------------
+# client AS3_2, inbound
+
+
+
+# NEXT_HOP
+match from 2001:db8:1:1::31 set community NO_ADVERTISE
+match from 2001:db8:1:1::31 nexthop 2001:db8:1:1::31 set community delete NO_ADVERTISE
+# Reject inbound routes when 'from 2001:db8:1:1::31 community NO_ADVERTISE' - reject code: 5
+allow quick from 2001:db8:1:1::31 community NO_ADVERTISE set {
+	localpref 1
+	community 65520:0
+	community 65520:5
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: left-most ASN
+# Reject inbound routes when 'from 2001:db8:1:1::31 peer-as != 3' - reject code: 6
+# community from reject_cause_map
+allow quick from 2001:db8:1:1::31 peer-as != 3 set {
+	localpref 1
+	community 65520:0
+	community 65520:6
+	large-community 999:1101:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: invalid ASNs
+# Reject inbound routes when 'from 2001:db8:1:1::31 AS 23456' - reject code: 7
+allow quick from 2001:db8:1:1::31 AS 23456 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 2001:db8:1:1::31 AS 64496 - 131071' - reject code: 7
+allow quick from 2001:db8:1:1::31 AS 64496 - 131071 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 2001:db8:1:1::31 AS 4200000000 - 4294967295' - reject code: 7
+allow quick from 2001:db8:1:1::31 AS 4200000000 - 4294967295 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+
+
+
+
+
+
+
+
+
+# Prefix: length
+# Reject inbound routes when 'from 2001:db8:1:1::31 prefix ::/0 prefixlen 12 >< 48' - reject code: 13
+allow quick from 2001:db8:1:1::31 prefix ::/0 prefixlen 12 >< 48 set {
+	localpref 1
+	community 65520:0
+	community 65520:13
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+# Remove internal communities before accepting the route
+match from 2001:db8:1:1::31 set {
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+match from 2001:db8:1:1::31 set ext-community delete rt 65520:3
+
+
+
+allow quick from 2001:db8:1:1::31
+
+
+
+# ---------------------------------------------
+# client AS3_2, outbound
+
+deny quick to 2001:db8:1:1::31 community 65520:0
+
+
+
+# Blackhole request?
+# No blackhole filtering policy given
+deny quick to 2001:db8:1:1::31 community BLACKHOLE
+
+
+
+# NO_EXPORT and NO_ADVERTISE communities
+
+# BGP control communities
+allow to 2001:db8:1:1::31
+
+# do_not_announce_to_peer
+deny quick to 2001:db8:1:1::31 community 0:3
+
+
+# Add the $INTCOMM_PROCESS_PREPEND_COMMS ext community to signal that communities
+# for prepending can be processed. As soon as one prepending action is performed,
+# this internal community is removed, so that further actions are not processed.
+match to 2001:db8:1:1::31 set ext-community $INTCOMM_PROCESS_PREPEND_COMMS
+
+
+
+
+
+# ---------------------------------------------
+# client AS4_1, inbound
+
+
+
+# NEXT_HOP
+match from 192.0.2.41 set community NO_ADVERTISE
+match from 192.0.2.41 nexthop 192.0.2.41 set community delete NO_ADVERTISE
+# Reject inbound routes when 'from 192.0.2.41 community NO_ADVERTISE' - reject code: 5
+allow quick from 192.0.2.41 community NO_ADVERTISE set {
+	localpref 1
+	community 65520:0
+	community 65520:5
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: left-most ASN
+# Reject inbound routes when 'from 192.0.2.41 peer-as != 4' - reject code: 6
+# community from reject_cause_map
+allow quick from 192.0.2.41 peer-as != 4 set {
+	localpref 1
+	community 65520:0
+	community 65520:6
+	large-community 999:1101:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: invalid ASNs
+# Reject inbound routes when 'from 192.0.2.41 AS 23456' - reject code: 7
+allow quick from 192.0.2.41 AS 23456 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 192.0.2.41 AS 64496 - 131071' - reject code: 7
+allow quick from 192.0.2.41 AS 64496 - 131071 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 192.0.2.41 AS 4200000000 - 4294967295' - reject code: 7
+allow quick from 192.0.2.41 AS 4200000000 - 4294967295 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+
+
+
+
+
+
+
+
+
+# Prefix: length
+# Reject inbound routes when 'from 192.0.2.41 prefix 0.0.0.0/0 prefixlen 8 >< 24' - reject code: 13
+allow quick from 192.0.2.41 prefix 0.0.0.0/0 prefixlen 8 >< 24 set {
+	localpref 1
+	community 65520:0
+	community 65520:13
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+# Remove internal communities before accepting the route
+match from 192.0.2.41 set {
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+match from 192.0.2.41 set ext-community delete rt 65520:4
+
+
+
+allow quick from 192.0.2.41
+
+
+
+# ---------------------------------------------
+# client AS4_1, outbound
+
+deny quick to 192.0.2.41 community 65520:0
+
+
+
+# Blackhole request?
+# No blackhole filtering policy given
+deny quick to 192.0.2.41 community BLACKHOLE
+
+
+
+# NO_EXPORT and NO_ADVERTISE communities
+
+# BGP control communities
+allow to 192.0.2.41
+
+# do_not_announce_to_peer
+deny quick to 192.0.2.41 community 0:4
+
+
+# Add the $INTCOMM_PROCESS_PREPEND_COMMS ext community to signal that communities
+# for prepending can be processed. As soon as one prepending action is performed,
+# this internal community is removed, so that further actions are not processed.
+match to 192.0.2.41 set ext-community $INTCOMM_PROCESS_PREPEND_COMMS
+
+
+
+
+
+# ---------------------------------------------
+# client AS4_2, inbound
+
+
+
+# NEXT_HOP
+match from 2001:db8:1:1::41 set community NO_ADVERTISE
+match from 2001:db8:1:1::41 nexthop 2001:db8:1:1::41 set community delete NO_ADVERTISE
+# Reject inbound routes when 'from 2001:db8:1:1::41 community NO_ADVERTISE' - reject code: 5
+allow quick from 2001:db8:1:1::41 community NO_ADVERTISE set {
+	localpref 1
+	community 65520:0
+	community 65520:5
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: left-most ASN
+# Reject inbound routes when 'from 2001:db8:1:1::41 peer-as != 4' - reject code: 6
+# community from reject_cause_map
+allow quick from 2001:db8:1:1::41 peer-as != 4 set {
+	localpref 1
+	community 65520:0
+	community 65520:6
+	large-community 999:1101:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: invalid ASNs
+# Reject inbound routes when 'from 2001:db8:1:1::41 AS 23456' - reject code: 7
+allow quick from 2001:db8:1:1::41 AS 23456 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 2001:db8:1:1::41 AS 64496 - 131071' - reject code: 7
+allow quick from 2001:db8:1:1::41 AS 64496 - 131071 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 2001:db8:1:1::41 AS 4200000000 - 4294967295' - reject code: 7
+allow quick from 2001:db8:1:1::41 AS 4200000000 - 4294967295 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+
+
+
+
+
+
+
+
+
+# Prefix: length
+# Reject inbound routes when 'from 2001:db8:1:1::41 prefix ::/0 prefixlen 12 >< 48' - reject code: 13
+allow quick from 2001:db8:1:1::41 prefix ::/0 prefixlen 12 >< 48 set {
+	localpref 1
+	community 65520:0
+	community 65520:13
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+# Remove internal communities before accepting the route
+match from 2001:db8:1:1::41 set {
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+match from 2001:db8:1:1::41 set ext-community delete rt 65520:4
+
+
+
+allow quick from 2001:db8:1:1::41
+
+
+
+# ---------------------------------------------
+# client AS4_2, outbound
+
+deny quick to 2001:db8:1:1::41 community 65520:0
+
+
+
+# Blackhole request?
+# No blackhole filtering policy given
+deny quick to 2001:db8:1:1::41 community BLACKHOLE
+
+
+
+# NO_EXPORT and NO_ADVERTISE communities
+
+# BGP control communities
+allow to 2001:db8:1:1::41
+
+# do_not_announce_to_peer
+deny quick to 2001:db8:1:1::41 community 0:4
+
+
+# Add the $INTCOMM_PROCESS_PREPEND_COMMS ext community to signal that communities
+# for prepending can be processed. As soon as one prepending action is performed,
+# this internal community is removed, so that further actions are not processed.
+match to 2001:db8:1:1::41 set ext-community $INTCOMM_PROCESS_PREPEND_COMMS
+
+
+
+
+
+
+
+# Scrub communities from outbound routes
+# do_not_announce_to_peer
+match to group clients set community delete 0:*
+
+# reject_cause
+match to group clients set community delete 65520:*
+
+# reject_cause_map_6
+match to group clients set large-community delete 999:1101:7
+
+# rejected_route_announced_by
+match to group clients set ext-community delete rt 65520:*
+
+
+# Scrub prepending communities
+
+
+# RFC1997 NO_EXPORT/NO_ADVERTISE received from clients and propagated because of pass-through policy
+match to group clients ext-community $INTCOMM_NO_EXPORT set community NO_EXPORT
+match to group clients ext-community $INTCOMM_NO_ADVERTISE set community NO_ADVERTISE
+
+# Remove internal communities before announcing the route
+match to group clients set {
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
diff --git a/tests/live_tests/scenarios/path_hiding/configs/PathHidingScenario_MitigationOff_OpenBGPDIPv6/openbgpd77p.conf b/tests/live_tests/scenarios/path_hiding/configs/PathHidingScenario_MitigationOff_OpenBGPDIPv6/openbgpd77p.conf
new file mode 100644
index 00000000..99962116
--- /dev/null
+++ b/tests/live_tests/scenarios/path_hiding/configs/PathHidingScenario_MitigationOff_OpenBGPDIPv6/openbgpd77p.conf
@@ -0,0 +1,2281 @@
+# built by ARouteServer
+AS 999
+router-id 192.0.2.2
+
+fib-update no
+log updates
+
+nexthop qualify via default
+
+
+INTCOMM_PREF_OK_ROA="soo 65535:1"
+INTCOMM_ROUTE_OK_WL="soo 65535:2"
+INTCOMM_PREF_OK_ARINDB="soo 65535:3"
+INTCOMM_PREF_OK_REGISTROBRDB="soo 65535:12"
+
+INTCOMM_ORIGIN_OK="soo 65535:4"
+INTCOMM_ORIGIN_KO="soo 65535:5"
+INTCOMM_PREFIX_OK="soo 65535:6"
+INTCOMM_PREFIX_KO="soo 65535:7"
+INTCOMM_IRR_REJECT="soo 65535:8"
+
+INTCOMM_RPKI_UNKNOWN="soo 65535:9"
+INTCOMM_RPKI_INVALID="soo 65535:10"
+INTCOMM_RPKI_VALID="soo 65535:11"
+
+INTCOMM_PROCESS_PREPEND_COMMS="soo 65535:13"
+
+INTCOMM_NO_EXPORT="soo 65535:65281"
+INTCOMM_NO_ADVERTISE="soo 65535:65282"
+
+# ---------------------------------------------------------
+# IRRDB
+
+
+
+
+# ---------------------------------------------------------
+# MEMBERS
+
+group "clients" {
+
+	neighbor 192.0.2.11 {
+		remote-as 1
+
+
+		passive
+		ttl-security no
+		transparent-as yes
+		enforce neighbor-as no
+
+		announce as-4byte yes
+		announce IPv6 none
+		announce IPv4 unicast
+		announce add-path send best plus 5
+
+		set nexthop no-modify
+	}
+
+	neighbor 2001:db8:1:1::11 {
+		remote-as 1
+
+
+		passive
+		ttl-security no
+		transparent-as yes
+		enforce neighbor-as no
+
+		announce as-4byte yes
+		announce IPv6 unicast
+		announce IPv4 none
+		announce add-path send best plus 5
+
+		set nexthop no-modify
+	}
+
+	neighbor 192.0.2.21 {
+		remote-as 2
+
+
+		passive
+		ttl-security no
+		transparent-as yes
+		enforce neighbor-as no
+
+		announce as-4byte yes
+		announce IPv6 none
+		announce IPv4 unicast
+		announce add-path send best plus 5
+
+		set nexthop no-modify
+	}
+
+	neighbor 2001:db8:1:1::21 {
+		remote-as 2
+
+
+		passive
+		ttl-security no
+		transparent-as yes
+		enforce neighbor-as no
+
+		announce as-4byte yes
+		announce IPv6 unicast
+		announce IPv4 none
+		announce add-path send best plus 5
+
+		set nexthop no-modify
+	}
+
+	neighbor 192.0.2.31 {
+		remote-as 3
+
+
+		passive
+		ttl-security no
+		transparent-as yes
+		enforce neighbor-as no
+
+		announce as-4byte yes
+		announce IPv6 none
+		announce IPv4 unicast
+		announce add-path send best plus 5
+
+		set nexthop no-modify
+	}
+
+	neighbor 2001:db8:1:1::31 {
+		remote-as 3
+
+
+		passive
+		ttl-security no
+		transparent-as yes
+		enforce neighbor-as no
+
+		announce as-4byte yes
+		announce IPv6 unicast
+		announce IPv4 none
+		announce add-path send best plus 5
+
+		set nexthop no-modify
+	}
+
+	neighbor 192.0.2.41 {
+		remote-as 4
+
+
+		passive
+		ttl-security no
+		transparent-as yes
+		enforce neighbor-as no
+
+		announce as-4byte yes
+		announce IPv6 none
+		announce IPv4 unicast
+		announce add-path send best plus 5
+
+		set nexthop no-modify
+	}
+
+	neighbor 2001:db8:1:1::41 {
+		remote-as 4
+
+
+		passive
+		ttl-security no
+		transparent-as yes
+		enforce neighbor-as no
+
+		announce as-4byte yes
+		announce IPv6 unicast
+		announce IPv4 none
+		announce add-path send best plus 5
+
+		set nexthop no-modify
+	}
+}
+
+
+
+# ---------------------------------------------------------
+# FILTERS
+
+# NO_ADVERTISE usage notes.
+# The NO_ADVERTISE well-know community is used here to handle
+# filters that span over multiple steps. At first it is added
+# to any route, then it is removed as filters conditions are
+# satisfied. Finally, if it is still present, it means that
+# the route should be discarded.
+
+
+
+
+
+prefix-set "bogons" {
+    0.0.0.0/0
+    0.0.0.0/8 prefixlen 8 - 32
+    10.0.0.0/8 prefixlen 8 - 32
+    127.0.0.0/8 prefixlen 8 - 32
+    169.254.0.0/16 prefixlen 16 - 32
+    172.16.0.0/12 prefixlen 12 - 32
+    192.0.2.0/24 prefixlen 24 - 32
+    192.88.99.0/24 prefixlen 24 - 32
+    192.168.0.0/16 prefixlen 16 - 32
+    198.18.0.0/15 prefixlen 15 - 32
+    198.51.100.0/24 prefixlen 24 - 32
+    203.0.113.0/24 prefixlen 24 - 32
+    224.0.0.0/3 prefixlen 3 - 32
+    100.64.0.0/10 prefixlen 10 - 32
+    ::/0
+    ::/8 prefixlen 8 - 128
+    64:ff9b::/96 prefixlen 96 - 128
+    100::/8 prefixlen 8 - 128
+    200::/7 prefixlen 7 - 128
+    400::/6 prefixlen 6 - 128
+    800::/5 prefixlen 5 - 128
+    1000::/4 prefixlen 4 - 128
+    2001::/33 prefixlen 33 - 128
+    2001:0:8000::/33 prefixlen 33 - 128
+    2001:2::/48 prefixlen 48 - 128
+    2001:3::/32 prefixlen 32 - 128
+    2001:10::/28 prefixlen 28 - 128
+    2001:20::/28 prefixlen 28 - 128
+    2001:db8::/32 prefixlen 32 - 128
+    2002::/16 prefixlen 16 - 128
+    3ffe::/16 prefixlen 16 - 128
+    4000::/3 prefixlen 3 - 128
+    5f00::/8 prefixlen 8 - 128
+    6000::/3 prefixlen 3 - 128
+    8000::/3 prefixlen 3 - 128
+    a000::/3 prefixlen 3 - 128
+    c000::/3 prefixlen 3 - 128
+    e000::/4 prefixlen 4 - 128
+    f000::/5 prefixlen 5 - 128
+    f800::/6 prefixlen 6 - 128
+    fc00::/7 prefixlen 7 - 128
+    fe80::/10 prefixlen 10 - 128
+    fec0::/10 prefixlen 10 - 128
+    ff00::/8 prefixlen 8 - 128
+
+}
+
+
+# =====================================================================================
+# Global rules.
+
+# This part of configuration is processed at the beginning of the filters.
+# The rules defined in this part are applied to all the clients, and not on a
+# client-by-client basis (see the 'match from group clients'), so only global policies
+# can be implemented here, that is no client-level configuration are allowed.
+
+
+
+# Scrub communities from inbound routes
+# reject_cause
+match from group clients set community delete 65520:*
+
+# reject_cause_map_6
+match from group clients set large-community delete 999:1101:7
+
+# rejected_route_announced_by
+match from group clients set ext-community delete rt 65520:*
+
+
+# Scrub internal communities from inbound routes
+match from group clients set {
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+# The main goal of this block is to enrich routes received from clients by attaching to them
+# internal informational communities which are used later by the rest of the filter rules.
+
+# Internal communities used for RFC1997 well-known communities handling
+
+# Transform NO_EXPORT into $INTCOMM_NO_EXPORT
+match from group clients community NO_EXPORT set { ext-community $INTCOMM_NO_EXPORT community delete NO_EXPORT }
+
+# Transform NO_ADVERTISE into $INTCOMM_NO_ADVERTISE
+match from group clients community NO_ADVERTISE set { ext-community $INTCOMM_NO_ADVERTISE community delete NO_ADVERTISE }
+
+
+
+
+
+
+
+
+
+# Set the 'rejected_route_announced_by' community for all the clients.
+# It will be removed later if the route is not invalid
+match from 192.0.2.11 set ext-community rt 65520:1
+
+match from 2001:db8:1:1::11 set ext-community rt 65520:1
+
+match from 192.0.2.21 set ext-community rt 65520:2
+
+match from 2001:db8:1:1::21 set ext-community rt 65520:2
+
+match from 192.0.2.31 set ext-community rt 65520:3
+
+match from 2001:db8:1:1::31 set ext-community rt 65520:3
+
+match from 192.0.2.41 set ext-community rt 65520:4
+
+match from 2001:db8:1:1::41 set ext-community rt 65520:4
+
+
+
+
+# AS_PATH: length
+# Reject inbound routes when 'from group clients max-as-len 32' - reject code: 1
+allow quick from group clients max-as-len 32 set {
+	localpref 1
+	community 65520:0
+	community 65520:1
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+# Prefix: only IPv6 Global Unicast space allowed
+match from group clients inet6 set community NO_ADVERTISE
+match from group clients prefix 2000::/3 or-longer set community delete NO_ADVERTISE
+# Reject inbound routes when 'from group clients community NO_ADVERTISE' - reject code: 10
+allow quick from group clients community NO_ADVERTISE set {
+	localpref 1
+	community 65520:0
+	community 65520:10
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# Prefix: bogon
+# Reject inbound routes when 'from group clients prefix-set bogons' - reject code: 2
+allow quick from group clients prefix-set bogons set {
+	localpref 1
+	community 65520:0
+	community 65520:2
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+
+# =====================================================================================
+# Per client rules.
+
+
+# ---------------------------------------------
+# client AS1_1, inbound
+
+
+
+# NEXT_HOP
+match from 192.0.2.11 set community NO_ADVERTISE
+match from 192.0.2.11 nexthop 192.0.2.11 set community delete NO_ADVERTISE
+# Reject inbound routes when 'from 192.0.2.11 community NO_ADVERTISE' - reject code: 5
+allow quick from 192.0.2.11 community NO_ADVERTISE set {
+	localpref 1
+	community 65520:0
+	community 65520:5
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: left-most ASN
+# Reject inbound routes when 'from 192.0.2.11 peer-as != 1' - reject code: 6
+# community from reject_cause_map
+allow quick from 192.0.2.11 peer-as != 1 set {
+	localpref 1
+	community 65520:0
+	community 65520:6
+	large-community 999:1101:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: invalid ASNs
+# Reject inbound routes when 'from 192.0.2.11 AS 23456' - reject code: 7
+allow quick from 192.0.2.11 AS 23456 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 192.0.2.11 AS 64496 - 131071' - reject code: 7
+allow quick from 192.0.2.11 AS 64496 - 131071 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 192.0.2.11 AS 4200000000 - 4294967295' - reject code: 7
+allow quick from 192.0.2.11 AS 4200000000 - 4294967295 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+
+
+
+
+
+
+
+
+
+# Prefix: length
+# Reject inbound routes when 'from 192.0.2.11 prefix 0.0.0.0/0 prefixlen 8 >< 24' - reject code: 13
+allow quick from 192.0.2.11 prefix 0.0.0.0/0 prefixlen 8 >< 24 set {
+	localpref 1
+	community 65520:0
+	community 65520:13
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+# Remove internal communities before accepting the route
+match from 192.0.2.11 set {
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+match from 192.0.2.11 set ext-community delete rt 65520:1
+
+
+
+allow quick from 192.0.2.11
+
+
+
+# ---------------------------------------------
+# client AS1_1, outbound
+
+deny quick to 192.0.2.11 community 65520:0
+
+
+
+# Blackhole request?
+# No blackhole filtering policy given
+deny quick to 192.0.2.11 community BLACKHOLE
+
+
+
+# NO_EXPORT and NO_ADVERTISE communities
+
+# BGP control communities
+allow to 192.0.2.11
+
+# do_not_announce_to_peer
+deny quick to 192.0.2.11 community 0:1
+
+
+# Add the $INTCOMM_PROCESS_PREPEND_COMMS ext community to signal that communities
+# for prepending can be processed. As soon as one prepending action is performed,
+# this internal community is removed, so that further actions are not processed.
+match to 192.0.2.11 set ext-community $INTCOMM_PROCESS_PREPEND_COMMS
+
+
+
+
+
+# ---------------------------------------------
+# client AS1_2, inbound
+
+
+
+# NEXT_HOP
+match from 2001:db8:1:1::11 set community NO_ADVERTISE
+match from 2001:db8:1:1::11 nexthop 2001:db8:1:1::11 set community delete NO_ADVERTISE
+# Reject inbound routes when 'from 2001:db8:1:1::11 community NO_ADVERTISE' - reject code: 5
+allow quick from 2001:db8:1:1::11 community NO_ADVERTISE set {
+	localpref 1
+	community 65520:0
+	community 65520:5
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: left-most ASN
+# Reject inbound routes when 'from 2001:db8:1:1::11 peer-as != 1' - reject code: 6
+# community from reject_cause_map
+allow quick from 2001:db8:1:1::11 peer-as != 1 set {
+	localpref 1
+	community 65520:0
+	community 65520:6
+	large-community 999:1101:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: invalid ASNs
+# Reject inbound routes when 'from 2001:db8:1:1::11 AS 23456' - reject code: 7
+allow quick from 2001:db8:1:1::11 AS 23456 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 2001:db8:1:1::11 AS 64496 - 131071' - reject code: 7
+allow quick from 2001:db8:1:1::11 AS 64496 - 131071 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 2001:db8:1:1::11 AS 4200000000 - 4294967295' - reject code: 7
+allow quick from 2001:db8:1:1::11 AS 4200000000 - 4294967295 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+
+
+
+
+
+
+
+
+
+# Prefix: length
+# Reject inbound routes when 'from 2001:db8:1:1::11 prefix ::/0 prefixlen 12 >< 48' - reject code: 13
+allow quick from 2001:db8:1:1::11 prefix ::/0 prefixlen 12 >< 48 set {
+	localpref 1
+	community 65520:0
+	community 65520:13
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+# Remove internal communities before accepting the route
+match from 2001:db8:1:1::11 set {
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+match from 2001:db8:1:1::11 set ext-community delete rt 65520:1
+
+
+
+allow quick from 2001:db8:1:1::11
+
+
+
+# ---------------------------------------------
+# client AS1_2, outbound
+
+deny quick to 2001:db8:1:1::11 community 65520:0
+
+
+
+# Blackhole request?
+# No blackhole filtering policy given
+deny quick to 2001:db8:1:1::11 community BLACKHOLE
+
+
+
+# NO_EXPORT and NO_ADVERTISE communities
+
+# BGP control communities
+allow to 2001:db8:1:1::11
+
+# do_not_announce_to_peer
+deny quick to 2001:db8:1:1::11 community 0:1
+
+
+# Add the $INTCOMM_PROCESS_PREPEND_COMMS ext community to signal that communities
+# for prepending can be processed. As soon as one prepending action is performed,
+# this internal community is removed, so that further actions are not processed.
+match to 2001:db8:1:1::11 set ext-community $INTCOMM_PROCESS_PREPEND_COMMS
+
+
+
+
+
+# ---------------------------------------------
+# client AS2_1, inbound
+
+
+
+# NEXT_HOP
+match from 192.0.2.21 set community NO_ADVERTISE
+match from 192.0.2.21 nexthop 192.0.2.21 set community delete NO_ADVERTISE
+# Reject inbound routes when 'from 192.0.2.21 community NO_ADVERTISE' - reject code: 5
+allow quick from 192.0.2.21 community NO_ADVERTISE set {
+	localpref 1
+	community 65520:0
+	community 65520:5
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: left-most ASN
+# Reject inbound routes when 'from 192.0.2.21 peer-as != 2' - reject code: 6
+# community from reject_cause_map
+allow quick from 192.0.2.21 peer-as != 2 set {
+	localpref 1
+	community 65520:0
+	community 65520:6
+	large-community 999:1101:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: invalid ASNs
+# Reject inbound routes when 'from 192.0.2.21 AS 23456' - reject code: 7
+allow quick from 192.0.2.21 AS 23456 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 192.0.2.21 AS 64496 - 131071' - reject code: 7
+allow quick from 192.0.2.21 AS 64496 - 131071 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 192.0.2.21 AS 4200000000 - 4294967295' - reject code: 7
+allow quick from 192.0.2.21 AS 4200000000 - 4294967295 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+
+
+
+
+
+
+
+
+
+# Prefix: length
+# Reject inbound routes when 'from 192.0.2.21 prefix 0.0.0.0/0 prefixlen 8 >< 24' - reject code: 13
+allow quick from 192.0.2.21 prefix 0.0.0.0/0 prefixlen 8 >< 24 set {
+	localpref 1
+	community 65520:0
+	community 65520:13
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+# Remove internal communities before accepting the route
+match from 192.0.2.21 set {
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+match from 192.0.2.21 set ext-community delete rt 65520:2
+
+
+
+allow quick from 192.0.2.21
+
+
+
+# ---------------------------------------------
+# client AS2_1, outbound
+
+deny quick to 192.0.2.21 community 65520:0
+
+
+
+# Blackhole request?
+# No blackhole filtering policy given
+deny quick to 192.0.2.21 community BLACKHOLE
+
+
+
+# NO_EXPORT and NO_ADVERTISE communities
+
+# BGP control communities
+allow to 192.0.2.21
+
+# do_not_announce_to_peer
+deny quick to 192.0.2.21 community 0:2
+
+
+# Add the $INTCOMM_PROCESS_PREPEND_COMMS ext community to signal that communities
+# for prepending can be processed. As soon as one prepending action is performed,
+# this internal community is removed, so that further actions are not processed.
+match to 192.0.2.21 set ext-community $INTCOMM_PROCESS_PREPEND_COMMS
+
+
+
+
+
+# ---------------------------------------------
+# client AS2_2, inbound
+
+
+
+# NEXT_HOP
+match from 2001:db8:1:1::21 set community NO_ADVERTISE
+match from 2001:db8:1:1::21 nexthop 2001:db8:1:1::21 set community delete NO_ADVERTISE
+# Reject inbound routes when 'from 2001:db8:1:1::21 community NO_ADVERTISE' - reject code: 5
+allow quick from 2001:db8:1:1::21 community NO_ADVERTISE set {
+	localpref 1
+	community 65520:0
+	community 65520:5
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: left-most ASN
+# Reject inbound routes when 'from 2001:db8:1:1::21 peer-as != 2' - reject code: 6
+# community from reject_cause_map
+allow quick from 2001:db8:1:1::21 peer-as != 2 set {
+	localpref 1
+	community 65520:0
+	community 65520:6
+	large-community 999:1101:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: invalid ASNs
+# Reject inbound routes when 'from 2001:db8:1:1::21 AS 23456' - reject code: 7
+allow quick from 2001:db8:1:1::21 AS 23456 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 2001:db8:1:1::21 AS 64496 - 131071' - reject code: 7
+allow quick from 2001:db8:1:1::21 AS 64496 - 131071 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 2001:db8:1:1::21 AS 4200000000 - 4294967295' - reject code: 7
+allow quick from 2001:db8:1:1::21 AS 4200000000 - 4294967295 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+
+
+
+
+
+
+
+
+
+# Prefix: length
+# Reject inbound routes when 'from 2001:db8:1:1::21 prefix ::/0 prefixlen 12 >< 48' - reject code: 13
+allow quick from 2001:db8:1:1::21 prefix ::/0 prefixlen 12 >< 48 set {
+	localpref 1
+	community 65520:0
+	community 65520:13
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+# Remove internal communities before accepting the route
+match from 2001:db8:1:1::21 set {
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+match from 2001:db8:1:1::21 set ext-community delete rt 65520:2
+
+
+
+allow quick from 2001:db8:1:1::21
+
+
+
+# ---------------------------------------------
+# client AS2_2, outbound
+
+deny quick to 2001:db8:1:1::21 community 65520:0
+
+
+
+# Blackhole request?
+# No blackhole filtering policy given
+deny quick to 2001:db8:1:1::21 community BLACKHOLE
+
+
+
+# NO_EXPORT and NO_ADVERTISE communities
+
+# BGP control communities
+allow to 2001:db8:1:1::21
+
+# do_not_announce_to_peer
+deny quick to 2001:db8:1:1::21 community 0:2
+
+
+# Add the $INTCOMM_PROCESS_PREPEND_COMMS ext community to signal that communities
+# for prepending can be processed. As soon as one prepending action is performed,
+# this internal community is removed, so that further actions are not processed.
+match to 2001:db8:1:1::21 set ext-community $INTCOMM_PROCESS_PREPEND_COMMS
+
+
+
+
+
+# ---------------------------------------------
+# client AS3_1, inbound
+
+
+
+# NEXT_HOP
+match from 192.0.2.31 set community NO_ADVERTISE
+match from 192.0.2.31 nexthop 192.0.2.31 set community delete NO_ADVERTISE
+# Reject inbound routes when 'from 192.0.2.31 community NO_ADVERTISE' - reject code: 5
+allow quick from 192.0.2.31 community NO_ADVERTISE set {
+	localpref 1
+	community 65520:0
+	community 65520:5
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: left-most ASN
+# Reject inbound routes when 'from 192.0.2.31 peer-as != 3' - reject code: 6
+# community from reject_cause_map
+allow quick from 192.0.2.31 peer-as != 3 set {
+	localpref 1
+	community 65520:0
+	community 65520:6
+	large-community 999:1101:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: invalid ASNs
+# Reject inbound routes when 'from 192.0.2.31 AS 23456' - reject code: 7
+allow quick from 192.0.2.31 AS 23456 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 192.0.2.31 AS 64496 - 131071' - reject code: 7
+allow quick from 192.0.2.31 AS 64496 - 131071 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 192.0.2.31 AS 4200000000 - 4294967295' - reject code: 7
+allow quick from 192.0.2.31 AS 4200000000 - 4294967295 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+
+
+
+
+
+
+
+
+
+# Prefix: length
+# Reject inbound routes when 'from 192.0.2.31 prefix 0.0.0.0/0 prefixlen 8 >< 24' - reject code: 13
+allow quick from 192.0.2.31 prefix 0.0.0.0/0 prefixlen 8 >< 24 set {
+	localpref 1
+	community 65520:0
+	community 65520:13
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+# Remove internal communities before accepting the route
+match from 192.0.2.31 set {
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+match from 192.0.2.31 set ext-community delete rt 65520:3
+
+
+
+allow quick from 192.0.2.31
+
+
+
+# ---------------------------------------------
+# client AS3_1, outbound
+
+deny quick to 192.0.2.31 community 65520:0
+
+
+
+# Blackhole request?
+# No blackhole filtering policy given
+deny quick to 192.0.2.31 community BLACKHOLE
+
+
+
+# NO_EXPORT and NO_ADVERTISE communities
+
+# BGP control communities
+allow to 192.0.2.31
+
+# do_not_announce_to_peer
+deny quick to 192.0.2.31 community 0:3
+
+
+# Add the $INTCOMM_PROCESS_PREPEND_COMMS ext community to signal that communities
+# for prepending can be processed. As soon as one prepending action is performed,
+# this internal community is removed, so that further actions are not processed.
+match to 192.0.2.31 set ext-community $INTCOMM_PROCESS_PREPEND_COMMS
+
+
+
+
+
+# ---------------------------------------------
+# client AS3_2, inbound
+
+
+
+# NEXT_HOP
+match from 2001:db8:1:1::31 set community NO_ADVERTISE
+match from 2001:db8:1:1::31 nexthop 2001:db8:1:1::31 set community delete NO_ADVERTISE
+# Reject inbound routes when 'from 2001:db8:1:1::31 community NO_ADVERTISE' - reject code: 5
+allow quick from 2001:db8:1:1::31 community NO_ADVERTISE set {
+	localpref 1
+	community 65520:0
+	community 65520:5
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: left-most ASN
+# Reject inbound routes when 'from 2001:db8:1:1::31 peer-as != 3' - reject code: 6
+# community from reject_cause_map
+allow quick from 2001:db8:1:1::31 peer-as != 3 set {
+	localpref 1
+	community 65520:0
+	community 65520:6
+	large-community 999:1101:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: invalid ASNs
+# Reject inbound routes when 'from 2001:db8:1:1::31 AS 23456' - reject code: 7
+allow quick from 2001:db8:1:1::31 AS 23456 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 2001:db8:1:1::31 AS 64496 - 131071' - reject code: 7
+allow quick from 2001:db8:1:1::31 AS 64496 - 131071 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 2001:db8:1:1::31 AS 4200000000 - 4294967295' - reject code: 7
+allow quick from 2001:db8:1:1::31 AS 4200000000 - 4294967295 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+
+
+
+
+
+
+
+
+
+# Prefix: length
+# Reject inbound routes when 'from 2001:db8:1:1::31 prefix ::/0 prefixlen 12 >< 48' - reject code: 13
+allow quick from 2001:db8:1:1::31 prefix ::/0 prefixlen 12 >< 48 set {
+	localpref 1
+	community 65520:0
+	community 65520:13
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+# Remove internal communities before accepting the route
+match from 2001:db8:1:1::31 set {
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+match from 2001:db8:1:1::31 set ext-community delete rt 65520:3
+
+
+
+allow quick from 2001:db8:1:1::31
+
+
+
+# ---------------------------------------------
+# client AS3_2, outbound
+
+deny quick to 2001:db8:1:1::31 community 65520:0
+
+
+
+# Blackhole request?
+# No blackhole filtering policy given
+deny quick to 2001:db8:1:1::31 community BLACKHOLE
+
+
+
+# NO_EXPORT and NO_ADVERTISE communities
+
+# BGP control communities
+allow to 2001:db8:1:1::31
+
+# do_not_announce_to_peer
+deny quick to 2001:db8:1:1::31 community 0:3
+
+
+# Add the $INTCOMM_PROCESS_PREPEND_COMMS ext community to signal that communities
+# for prepending can be processed. As soon as one prepending action is performed,
+# this internal community is removed, so that further actions are not processed.
+match to 2001:db8:1:1::31 set ext-community $INTCOMM_PROCESS_PREPEND_COMMS
+
+
+
+
+
+# ---------------------------------------------
+# client AS4_1, inbound
+
+
+
+# NEXT_HOP
+match from 192.0.2.41 set community NO_ADVERTISE
+match from 192.0.2.41 nexthop 192.0.2.41 set community delete NO_ADVERTISE
+# Reject inbound routes when 'from 192.0.2.41 community NO_ADVERTISE' - reject code: 5
+allow quick from 192.0.2.41 community NO_ADVERTISE set {
+	localpref 1
+	community 65520:0
+	community 65520:5
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: left-most ASN
+# Reject inbound routes when 'from 192.0.2.41 peer-as != 4' - reject code: 6
+# community from reject_cause_map
+allow quick from 192.0.2.41 peer-as != 4 set {
+	localpref 1
+	community 65520:0
+	community 65520:6
+	large-community 999:1101:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: invalid ASNs
+# Reject inbound routes when 'from 192.0.2.41 AS 23456' - reject code: 7
+allow quick from 192.0.2.41 AS 23456 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 192.0.2.41 AS 64496 - 131071' - reject code: 7
+allow quick from 192.0.2.41 AS 64496 - 131071 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 192.0.2.41 AS 4200000000 - 4294967295' - reject code: 7
+allow quick from 192.0.2.41 AS 4200000000 - 4294967295 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+
+
+
+
+
+
+
+
+
+# Prefix: length
+# Reject inbound routes when 'from 192.0.2.41 prefix 0.0.0.0/0 prefixlen 8 >< 24' - reject code: 13
+allow quick from 192.0.2.41 prefix 0.0.0.0/0 prefixlen 8 >< 24 set {
+	localpref 1
+	community 65520:0
+	community 65520:13
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+# Remove internal communities before accepting the route
+match from 192.0.2.41 set {
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+match from 192.0.2.41 set ext-community delete rt 65520:4
+
+
+
+allow quick from 192.0.2.41
+
+
+
+# ---------------------------------------------
+# client AS4_1, outbound
+
+deny quick to 192.0.2.41 community 65520:0
+
+
+
+# Blackhole request?
+# No blackhole filtering policy given
+deny quick to 192.0.2.41 community BLACKHOLE
+
+
+
+# NO_EXPORT and NO_ADVERTISE communities
+
+# BGP control communities
+allow to 192.0.2.41
+
+# do_not_announce_to_peer
+deny quick to 192.0.2.41 community 0:4
+
+
+# Add the $INTCOMM_PROCESS_PREPEND_COMMS ext community to signal that communities
+# for prepending can be processed. As soon as one prepending action is performed,
+# this internal community is removed, so that further actions are not processed.
+match to 192.0.2.41 set ext-community $INTCOMM_PROCESS_PREPEND_COMMS
+
+
+
+
+
+# ---------------------------------------------
+# client AS4_2, inbound
+
+
+
+# NEXT_HOP
+match from 2001:db8:1:1::41 set community NO_ADVERTISE
+match from 2001:db8:1:1::41 nexthop 2001:db8:1:1::41 set community delete NO_ADVERTISE
+# Reject inbound routes when 'from 2001:db8:1:1::41 community NO_ADVERTISE' - reject code: 5
+allow quick from 2001:db8:1:1::41 community NO_ADVERTISE set {
+	localpref 1
+	community 65520:0
+	community 65520:5
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: left-most ASN
+# Reject inbound routes when 'from 2001:db8:1:1::41 peer-as != 4' - reject code: 6
+# community from reject_cause_map
+allow quick from 2001:db8:1:1::41 peer-as != 4 set {
+	localpref 1
+	community 65520:0
+	community 65520:6
+	large-community 999:1101:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: invalid ASNs
+# Reject inbound routes when 'from 2001:db8:1:1::41 AS 23456' - reject code: 7
+allow quick from 2001:db8:1:1::41 AS 23456 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 2001:db8:1:1::41 AS 64496 - 131071' - reject code: 7
+allow quick from 2001:db8:1:1::41 AS 64496 - 131071 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 2001:db8:1:1::41 AS 4200000000 - 4294967295' - reject code: 7
+allow quick from 2001:db8:1:1::41 AS 4200000000 - 4294967295 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+
+
+
+
+
+
+
+
+
+# Prefix: length
+# Reject inbound routes when 'from 2001:db8:1:1::41 prefix ::/0 prefixlen 12 >< 48' - reject code: 13
+allow quick from 2001:db8:1:1::41 prefix ::/0 prefixlen 12 >< 48 set {
+	localpref 1
+	community 65520:0
+	community 65520:13
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+# Remove internal communities before accepting the route
+match from 2001:db8:1:1::41 set {
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+match from 2001:db8:1:1::41 set ext-community delete rt 65520:4
+
+
+
+allow quick from 2001:db8:1:1::41
+
+
+
+# ---------------------------------------------
+# client AS4_2, outbound
+
+deny quick to 2001:db8:1:1::41 community 65520:0
+
+
+
+# Blackhole request?
+# No blackhole filtering policy given
+deny quick to 2001:db8:1:1::41 community BLACKHOLE
+
+
+
+# NO_EXPORT and NO_ADVERTISE communities
+
+# BGP control communities
+allow to 2001:db8:1:1::41
+
+# do_not_announce_to_peer
+deny quick to 2001:db8:1:1::41 community 0:4
+
+
+# Add the $INTCOMM_PROCESS_PREPEND_COMMS ext community to signal that communities
+# for prepending can be processed. As soon as one prepending action is performed,
+# this internal community is removed, so that further actions are not processed.
+match to 2001:db8:1:1::41 set ext-community $INTCOMM_PROCESS_PREPEND_COMMS
+
+
+
+
+
+
+
+# Scrub communities from outbound routes
+# do_not_announce_to_peer
+match to group clients set community delete 0:*
+
+# reject_cause
+match to group clients set community delete 65520:*
+
+# reject_cause_map_6
+match to group clients set large-community delete 999:1101:7
+
+# rejected_route_announced_by
+match to group clients set ext-community delete rt 65520:*
+
+
+# Scrub prepending communities
+
+
+# RFC1997 NO_EXPORT/NO_ADVERTISE received from clients and propagated because of pass-through policy
+match to group clients ext-community $INTCOMM_NO_EXPORT set community NO_EXPORT
+match to group clients ext-community $INTCOMM_NO_ADVERTISE set community NO_ADVERTISE
+
+# Remove internal communities before announcing the route
+match to group clients set {
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
diff --git a/tests/live_tests/scenarios/path_hiding/configs/PathHidingScenario_MitigationOn_OpenBGPDIPv4/openbgpd76p.conf b/tests/live_tests/scenarios/path_hiding/configs/PathHidingScenario_MitigationOn_OpenBGPDIPv4/openbgpd76p.conf
new file mode 100644
index 00000000..7edb7c56
--- /dev/null
+++ b/tests/live_tests/scenarios/path_hiding/configs/PathHidingScenario_MitigationOn_OpenBGPDIPv4/openbgpd76p.conf
@@ -0,0 +1,2290 @@
+# built by ARouteServer
+AS 999
+router-id 192.0.2.2
+
+fib-update no
+log updates
+
+nexthop qualify via default
+
+rde evaluate all
+
+INTCOMM_PREF_OK_ROA="soo 65535:1"
+INTCOMM_ROUTE_OK_WL="soo 65535:2"
+INTCOMM_PREF_OK_ARINDB="soo 65535:3"
+INTCOMM_PREF_OK_REGISTROBRDB="soo 65535:12"
+
+INTCOMM_ORIGIN_OK="soo 65535:4"
+INTCOMM_ORIGIN_KO="soo 65535:5"
+INTCOMM_PREFIX_OK="soo 65535:6"
+INTCOMM_PREFIX_KO="soo 65535:7"
+INTCOMM_IRR_REJECT="soo 65535:8"
+
+INTCOMM_RPKI_UNKNOWN="soo 65535:9"
+INTCOMM_RPKI_INVALID="soo 65535:10"
+INTCOMM_RPKI_VALID="soo 65535:11"
+
+INTCOMM_PROCESS_PREPEND_COMMS="soo 65535:13"
+
+INTCOMM_NO_EXPORT="soo 65535:65281"
+INTCOMM_NO_ADVERTISE="soo 65535:65282"
+
+# ---------------------------------------------------------
+# IRRDB
+
+
+
+
+# ---------------------------------------------------------
+# MEMBERS
+
+group "clients" {
+
+	neighbor 192.0.2.11 {
+		remote-as 1
+
+		rde evaluate all
+
+		passive
+		ttl-security no
+		transparent-as yes
+		enforce neighbor-as no
+
+		announce as-4byte yes
+		announce IPv6 none
+		announce IPv4 unicast
+		announce add-path send best plus 5
+
+		set nexthop no-modify
+	}
+
+	neighbor 2001:db8:1:1::11 {
+		remote-as 1
+
+		rde evaluate all
+
+		passive
+		ttl-security no
+		transparent-as yes
+		enforce neighbor-as no
+
+		announce as-4byte yes
+		announce IPv6 unicast
+		announce IPv4 none
+		announce add-path send best plus 5
+
+		set nexthop no-modify
+	}
+
+	neighbor 192.0.2.21 {
+		remote-as 2
+
+		rde evaluate all
+
+		passive
+		ttl-security no
+		transparent-as yes
+		enforce neighbor-as no
+
+		announce as-4byte yes
+		announce IPv6 none
+		announce IPv4 unicast
+		announce add-path send best plus 5
+
+		set nexthop no-modify
+	}
+
+	neighbor 2001:db8:1:1::21 {
+		remote-as 2
+
+		rde evaluate all
+
+		passive
+		ttl-security no
+		transparent-as yes
+		enforce neighbor-as no
+
+		announce as-4byte yes
+		announce IPv6 unicast
+		announce IPv4 none
+		announce add-path send best plus 5
+
+		set nexthop no-modify
+	}
+
+	neighbor 192.0.2.31 {
+		remote-as 3
+
+		rde evaluate all
+
+		passive
+		ttl-security no
+		transparent-as yes
+		enforce neighbor-as no
+
+		announce as-4byte yes
+		announce IPv6 none
+		announce IPv4 unicast
+		announce add-path send best plus 5
+
+		set nexthop no-modify
+	}
+
+	neighbor 2001:db8:1:1::31 {
+		remote-as 3
+
+		rde evaluate all
+
+		passive
+		ttl-security no
+		transparent-as yes
+		enforce neighbor-as no
+
+		announce as-4byte yes
+		announce IPv6 unicast
+		announce IPv4 none
+		announce add-path send best plus 5
+
+		set nexthop no-modify
+	}
+
+	neighbor 192.0.2.41 {
+		remote-as 4
+
+		rde evaluate all
+
+		passive
+		ttl-security no
+		transparent-as yes
+		enforce neighbor-as no
+
+		announce as-4byte yes
+		announce IPv6 none
+		announce IPv4 unicast
+		announce add-path send best plus 5
+
+		set nexthop no-modify
+	}
+
+	neighbor 2001:db8:1:1::41 {
+		remote-as 4
+
+		rde evaluate all
+
+		passive
+		ttl-security no
+		transparent-as yes
+		enforce neighbor-as no
+
+		announce as-4byte yes
+		announce IPv6 unicast
+		announce IPv4 none
+		announce add-path send best plus 5
+
+		set nexthop no-modify
+	}
+}
+
+
+
+# ---------------------------------------------------------
+# FILTERS
+
+# NO_ADVERTISE usage notes.
+# The NO_ADVERTISE well-know community is used here to handle
+# filters that span over multiple steps. At first it is added
+# to any route, then it is removed as filters conditions are
+# satisfied. Finally, if it is still present, it means that
+# the route should be discarded.
+
+
+
+
+
+prefix-set "bogons" {
+    0.0.0.0/0
+    0.0.0.0/8 prefixlen 8 - 32
+    10.0.0.0/8 prefixlen 8 - 32
+    127.0.0.0/8 prefixlen 8 - 32
+    169.254.0.0/16 prefixlen 16 - 32
+    172.16.0.0/12 prefixlen 12 - 32
+    192.0.2.0/24 prefixlen 24 - 32
+    192.88.99.0/24 prefixlen 24 - 32
+    192.168.0.0/16 prefixlen 16 - 32
+    198.18.0.0/15 prefixlen 15 - 32
+    198.51.100.0/24 prefixlen 24 - 32
+    203.0.113.0/24 prefixlen 24 - 32
+    224.0.0.0/3 prefixlen 3 - 32
+    100.64.0.0/10 prefixlen 10 - 32
+    ::/0
+    ::/8 prefixlen 8 - 128
+    64:ff9b::/96 prefixlen 96 - 128
+    100::/8 prefixlen 8 - 128
+    200::/7 prefixlen 7 - 128
+    400::/6 prefixlen 6 - 128
+    800::/5 prefixlen 5 - 128
+    1000::/4 prefixlen 4 - 128
+    2001::/33 prefixlen 33 - 128
+    2001:0:8000::/33 prefixlen 33 - 128
+    2001:2::/48 prefixlen 48 - 128
+    2001:3::/32 prefixlen 32 - 128
+    2001:10::/28 prefixlen 28 - 128
+    2001:20::/28 prefixlen 28 - 128
+    2001:db8::/32 prefixlen 32 - 128
+    2002::/16 prefixlen 16 - 128
+    3ffe::/16 prefixlen 16 - 128
+    4000::/3 prefixlen 3 - 128
+    5f00::/8 prefixlen 8 - 128
+    6000::/3 prefixlen 3 - 128
+    8000::/3 prefixlen 3 - 128
+    a000::/3 prefixlen 3 - 128
+    c000::/3 prefixlen 3 - 128
+    e000::/4 prefixlen 4 - 128
+    f000::/5 prefixlen 5 - 128
+    f800::/6 prefixlen 6 - 128
+    fc00::/7 prefixlen 7 - 128
+    fe80::/10 prefixlen 10 - 128
+    fec0::/10 prefixlen 10 - 128
+    ff00::/8 prefixlen 8 - 128
+
+}
+
+
+# =====================================================================================
+# Global rules.
+
+# This part of configuration is processed at the beginning of the filters.
+# The rules defined in this part are applied to all the clients, and not on a
+# client-by-client basis (see the 'match from group clients'), so only global policies
+# can be implemented here, that is no client-level configuration are allowed.
+
+
+
+# Scrub communities from inbound routes
+# reject_cause
+match from group clients set community delete 65520:*
+
+# reject_cause_map_6
+match from group clients set large-community delete 999:1101:7
+
+# rejected_route_announced_by
+match from group clients set ext-community delete rt 65520:*
+
+
+# Scrub internal communities from inbound routes
+match from group clients set {
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+# The main goal of this block is to enrich routes received from clients by attaching to them
+# internal informational communities which are used later by the rest of the filter rules.
+
+# Internal communities used for RFC1997 well-known communities handling
+
+# Transform NO_EXPORT into $INTCOMM_NO_EXPORT
+match from group clients community NO_EXPORT set { ext-community $INTCOMM_NO_EXPORT community delete NO_EXPORT }
+
+# Transform NO_ADVERTISE into $INTCOMM_NO_ADVERTISE
+match from group clients community NO_ADVERTISE set { ext-community $INTCOMM_NO_ADVERTISE community delete NO_ADVERTISE }
+
+
+
+
+
+
+
+
+
+# Set the 'rejected_route_announced_by' community for all the clients.
+# It will be removed later if the route is not invalid
+match from 192.0.2.11 set ext-community rt 65520:1
+
+match from 2001:db8:1:1::11 set ext-community rt 65520:1
+
+match from 192.0.2.21 set ext-community rt 65520:2
+
+match from 2001:db8:1:1::21 set ext-community rt 65520:2
+
+match from 192.0.2.31 set ext-community rt 65520:3
+
+match from 2001:db8:1:1::31 set ext-community rt 65520:3
+
+match from 192.0.2.41 set ext-community rt 65520:4
+
+match from 2001:db8:1:1::41 set ext-community rt 65520:4
+
+
+
+
+# AS_PATH: length
+# Reject inbound routes when 'from group clients max-as-len 32' - reject code: 1
+allow quick from group clients max-as-len 32 set {
+	localpref 1
+	community 65520:0
+	community 65520:1
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+# Prefix: only IPv6 Global Unicast space allowed
+match from group clients inet6 set community NO_ADVERTISE
+match from group clients prefix 2000::/3 or-longer set community delete NO_ADVERTISE
+# Reject inbound routes when 'from group clients community NO_ADVERTISE' - reject code: 10
+allow quick from group clients community NO_ADVERTISE set {
+	localpref 1
+	community 65520:0
+	community 65520:10
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# Prefix: bogon
+# Reject inbound routes when 'from group clients prefix-set bogons' - reject code: 2
+allow quick from group clients prefix-set bogons set {
+	localpref 1
+	community 65520:0
+	community 65520:2
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+
+# =====================================================================================
+# Per client rules.
+
+
+# ---------------------------------------------
+# client AS1_1, inbound
+
+
+
+# NEXT_HOP
+match from 192.0.2.11 set community NO_ADVERTISE
+match from 192.0.2.11 nexthop 192.0.2.11 set community delete NO_ADVERTISE
+# Reject inbound routes when 'from 192.0.2.11 community NO_ADVERTISE' - reject code: 5
+allow quick from 192.0.2.11 community NO_ADVERTISE set {
+	localpref 1
+	community 65520:0
+	community 65520:5
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: left-most ASN
+# Reject inbound routes when 'from 192.0.2.11 peer-as != 1' - reject code: 6
+# community from reject_cause_map
+allow quick from 192.0.2.11 peer-as != 1 set {
+	localpref 1
+	community 65520:0
+	community 65520:6
+	large-community 999:1101:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: invalid ASNs
+# Reject inbound routes when 'from 192.0.2.11 AS 23456' - reject code: 7
+allow quick from 192.0.2.11 AS 23456 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 192.0.2.11 AS 64496 - 131071' - reject code: 7
+allow quick from 192.0.2.11 AS 64496 - 131071 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 192.0.2.11 AS 4200000000 - 4294967295' - reject code: 7
+allow quick from 192.0.2.11 AS 4200000000 - 4294967295 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+
+
+
+
+
+
+
+
+
+# Prefix: length
+# Reject inbound routes when 'from 192.0.2.11 prefix 0.0.0.0/0 prefixlen 8 >< 24' - reject code: 13
+allow quick from 192.0.2.11 prefix 0.0.0.0/0 prefixlen 8 >< 24 set {
+	localpref 1
+	community 65520:0
+	community 65520:13
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+# Remove internal communities before accepting the route
+match from 192.0.2.11 set {
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+match from 192.0.2.11 set ext-community delete rt 65520:1
+
+
+
+allow quick from 192.0.2.11
+
+
+
+# ---------------------------------------------
+# client AS1_1, outbound
+
+deny quick to 192.0.2.11 community 65520:0
+
+
+
+# Blackhole request?
+# No blackhole filtering policy given
+deny quick to 192.0.2.11 community BLACKHOLE
+
+
+
+# NO_EXPORT and NO_ADVERTISE communities
+
+# BGP control communities
+allow to 192.0.2.11
+
+# do_not_announce_to_peer
+deny quick to 192.0.2.11 community 0:1
+
+
+# Add the $INTCOMM_PROCESS_PREPEND_COMMS ext community to signal that communities
+# for prepending can be processed. As soon as one prepending action is performed,
+# this internal community is removed, so that further actions are not processed.
+match to 192.0.2.11 set ext-community $INTCOMM_PROCESS_PREPEND_COMMS
+
+
+
+
+
+# ---------------------------------------------
+# client AS1_2, inbound
+
+
+
+# NEXT_HOP
+match from 2001:db8:1:1::11 set community NO_ADVERTISE
+match from 2001:db8:1:1::11 nexthop 2001:db8:1:1::11 set community delete NO_ADVERTISE
+# Reject inbound routes when 'from 2001:db8:1:1::11 community NO_ADVERTISE' - reject code: 5
+allow quick from 2001:db8:1:1::11 community NO_ADVERTISE set {
+	localpref 1
+	community 65520:0
+	community 65520:5
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: left-most ASN
+# Reject inbound routes when 'from 2001:db8:1:1::11 peer-as != 1' - reject code: 6
+# community from reject_cause_map
+allow quick from 2001:db8:1:1::11 peer-as != 1 set {
+	localpref 1
+	community 65520:0
+	community 65520:6
+	large-community 999:1101:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: invalid ASNs
+# Reject inbound routes when 'from 2001:db8:1:1::11 AS 23456' - reject code: 7
+allow quick from 2001:db8:1:1::11 AS 23456 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 2001:db8:1:1::11 AS 64496 - 131071' - reject code: 7
+allow quick from 2001:db8:1:1::11 AS 64496 - 131071 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 2001:db8:1:1::11 AS 4200000000 - 4294967295' - reject code: 7
+allow quick from 2001:db8:1:1::11 AS 4200000000 - 4294967295 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+
+
+
+
+
+
+
+
+
+# Prefix: length
+# Reject inbound routes when 'from 2001:db8:1:1::11 prefix ::/0 prefixlen 12 >< 48' - reject code: 13
+allow quick from 2001:db8:1:1::11 prefix ::/0 prefixlen 12 >< 48 set {
+	localpref 1
+	community 65520:0
+	community 65520:13
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+# Remove internal communities before accepting the route
+match from 2001:db8:1:1::11 set {
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+match from 2001:db8:1:1::11 set ext-community delete rt 65520:1
+
+
+
+allow quick from 2001:db8:1:1::11
+
+
+
+# ---------------------------------------------
+# client AS1_2, outbound
+
+deny quick to 2001:db8:1:1::11 community 65520:0
+
+
+
+# Blackhole request?
+# No blackhole filtering policy given
+deny quick to 2001:db8:1:1::11 community BLACKHOLE
+
+
+
+# NO_EXPORT and NO_ADVERTISE communities
+
+# BGP control communities
+allow to 2001:db8:1:1::11
+
+# do_not_announce_to_peer
+deny quick to 2001:db8:1:1::11 community 0:1
+
+
+# Add the $INTCOMM_PROCESS_PREPEND_COMMS ext community to signal that communities
+# for prepending can be processed. As soon as one prepending action is performed,
+# this internal community is removed, so that further actions are not processed.
+match to 2001:db8:1:1::11 set ext-community $INTCOMM_PROCESS_PREPEND_COMMS
+
+
+
+
+
+# ---------------------------------------------
+# client AS2_1, inbound
+
+
+
+# NEXT_HOP
+match from 192.0.2.21 set community NO_ADVERTISE
+match from 192.0.2.21 nexthop 192.0.2.21 set community delete NO_ADVERTISE
+# Reject inbound routes when 'from 192.0.2.21 community NO_ADVERTISE' - reject code: 5
+allow quick from 192.0.2.21 community NO_ADVERTISE set {
+	localpref 1
+	community 65520:0
+	community 65520:5
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: left-most ASN
+# Reject inbound routes when 'from 192.0.2.21 peer-as != 2' - reject code: 6
+# community from reject_cause_map
+allow quick from 192.0.2.21 peer-as != 2 set {
+	localpref 1
+	community 65520:0
+	community 65520:6
+	large-community 999:1101:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: invalid ASNs
+# Reject inbound routes when 'from 192.0.2.21 AS 23456' - reject code: 7
+allow quick from 192.0.2.21 AS 23456 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 192.0.2.21 AS 64496 - 131071' - reject code: 7
+allow quick from 192.0.2.21 AS 64496 - 131071 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 192.0.2.21 AS 4200000000 - 4294967295' - reject code: 7
+allow quick from 192.0.2.21 AS 4200000000 - 4294967295 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+
+
+
+
+
+
+
+
+
+# Prefix: length
+# Reject inbound routes when 'from 192.0.2.21 prefix 0.0.0.0/0 prefixlen 8 >< 24' - reject code: 13
+allow quick from 192.0.2.21 prefix 0.0.0.0/0 prefixlen 8 >< 24 set {
+	localpref 1
+	community 65520:0
+	community 65520:13
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+# Remove internal communities before accepting the route
+match from 192.0.2.21 set {
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+match from 192.0.2.21 set ext-community delete rt 65520:2
+
+
+
+allow quick from 192.0.2.21
+
+
+
+# ---------------------------------------------
+# client AS2_1, outbound
+
+deny quick to 192.0.2.21 community 65520:0
+
+
+
+# Blackhole request?
+# No blackhole filtering policy given
+deny quick to 192.0.2.21 community BLACKHOLE
+
+
+
+# NO_EXPORT and NO_ADVERTISE communities
+
+# BGP control communities
+allow to 192.0.2.21
+
+# do_not_announce_to_peer
+deny quick to 192.0.2.21 community 0:2
+
+
+# Add the $INTCOMM_PROCESS_PREPEND_COMMS ext community to signal that communities
+# for prepending can be processed. As soon as one prepending action is performed,
+# this internal community is removed, so that further actions are not processed.
+match to 192.0.2.21 set ext-community $INTCOMM_PROCESS_PREPEND_COMMS
+
+
+
+
+
+# ---------------------------------------------
+# client AS2_2, inbound
+
+
+
+# NEXT_HOP
+match from 2001:db8:1:1::21 set community NO_ADVERTISE
+match from 2001:db8:1:1::21 nexthop 2001:db8:1:1::21 set community delete NO_ADVERTISE
+# Reject inbound routes when 'from 2001:db8:1:1::21 community NO_ADVERTISE' - reject code: 5
+allow quick from 2001:db8:1:1::21 community NO_ADVERTISE set {
+	localpref 1
+	community 65520:0
+	community 65520:5
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: left-most ASN
+# Reject inbound routes when 'from 2001:db8:1:1::21 peer-as != 2' - reject code: 6
+# community from reject_cause_map
+allow quick from 2001:db8:1:1::21 peer-as != 2 set {
+	localpref 1
+	community 65520:0
+	community 65520:6
+	large-community 999:1101:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: invalid ASNs
+# Reject inbound routes when 'from 2001:db8:1:1::21 AS 23456' - reject code: 7
+allow quick from 2001:db8:1:1::21 AS 23456 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 2001:db8:1:1::21 AS 64496 - 131071' - reject code: 7
+allow quick from 2001:db8:1:1::21 AS 64496 - 131071 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 2001:db8:1:1::21 AS 4200000000 - 4294967295' - reject code: 7
+allow quick from 2001:db8:1:1::21 AS 4200000000 - 4294967295 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+
+
+
+
+
+
+
+
+
+# Prefix: length
+# Reject inbound routes when 'from 2001:db8:1:1::21 prefix ::/0 prefixlen 12 >< 48' - reject code: 13
+allow quick from 2001:db8:1:1::21 prefix ::/0 prefixlen 12 >< 48 set {
+	localpref 1
+	community 65520:0
+	community 65520:13
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+# Remove internal communities before accepting the route
+match from 2001:db8:1:1::21 set {
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+match from 2001:db8:1:1::21 set ext-community delete rt 65520:2
+
+
+
+allow quick from 2001:db8:1:1::21
+
+
+
+# ---------------------------------------------
+# client AS2_2, outbound
+
+deny quick to 2001:db8:1:1::21 community 65520:0
+
+
+
+# Blackhole request?
+# No blackhole filtering policy given
+deny quick to 2001:db8:1:1::21 community BLACKHOLE
+
+
+
+# NO_EXPORT and NO_ADVERTISE communities
+
+# BGP control communities
+allow to 2001:db8:1:1::21
+
+# do_not_announce_to_peer
+deny quick to 2001:db8:1:1::21 community 0:2
+
+
+# Add the $INTCOMM_PROCESS_PREPEND_COMMS ext community to signal that communities
+# for prepending can be processed. As soon as one prepending action is performed,
+# this internal community is removed, so that further actions are not processed.
+match to 2001:db8:1:1::21 set ext-community $INTCOMM_PROCESS_PREPEND_COMMS
+
+
+
+
+
+# ---------------------------------------------
+# client AS3_1, inbound
+
+
+
+# NEXT_HOP
+match from 192.0.2.31 set community NO_ADVERTISE
+match from 192.0.2.31 nexthop 192.0.2.31 set community delete NO_ADVERTISE
+# Reject inbound routes when 'from 192.0.2.31 community NO_ADVERTISE' - reject code: 5
+allow quick from 192.0.2.31 community NO_ADVERTISE set {
+	localpref 1
+	community 65520:0
+	community 65520:5
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: left-most ASN
+# Reject inbound routes when 'from 192.0.2.31 peer-as != 3' - reject code: 6
+# community from reject_cause_map
+allow quick from 192.0.2.31 peer-as != 3 set {
+	localpref 1
+	community 65520:0
+	community 65520:6
+	large-community 999:1101:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: invalid ASNs
+# Reject inbound routes when 'from 192.0.2.31 AS 23456' - reject code: 7
+allow quick from 192.0.2.31 AS 23456 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 192.0.2.31 AS 64496 - 131071' - reject code: 7
+allow quick from 192.0.2.31 AS 64496 - 131071 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 192.0.2.31 AS 4200000000 - 4294967295' - reject code: 7
+allow quick from 192.0.2.31 AS 4200000000 - 4294967295 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+
+
+
+
+
+
+
+
+
+# Prefix: length
+# Reject inbound routes when 'from 192.0.2.31 prefix 0.0.0.0/0 prefixlen 8 >< 24' - reject code: 13
+allow quick from 192.0.2.31 prefix 0.0.0.0/0 prefixlen 8 >< 24 set {
+	localpref 1
+	community 65520:0
+	community 65520:13
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+# Remove internal communities before accepting the route
+match from 192.0.2.31 set {
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+match from 192.0.2.31 set ext-community delete rt 65520:3
+
+
+
+allow quick from 192.0.2.31
+
+
+
+# ---------------------------------------------
+# client AS3_1, outbound
+
+deny quick to 192.0.2.31 community 65520:0
+
+
+
+# Blackhole request?
+# No blackhole filtering policy given
+deny quick to 192.0.2.31 community BLACKHOLE
+
+
+
+# NO_EXPORT and NO_ADVERTISE communities
+
+# BGP control communities
+allow to 192.0.2.31
+
+# do_not_announce_to_peer
+deny quick to 192.0.2.31 community 0:3
+
+
+# Add the $INTCOMM_PROCESS_PREPEND_COMMS ext community to signal that communities
+# for prepending can be processed. As soon as one prepending action is performed,
+# this internal community is removed, so that further actions are not processed.
+match to 192.0.2.31 set ext-community $INTCOMM_PROCESS_PREPEND_COMMS
+
+
+
+
+
+# ---------------------------------------------
+# client AS3_2, inbound
+
+
+
+# NEXT_HOP
+match from 2001:db8:1:1::31 set community NO_ADVERTISE
+match from 2001:db8:1:1::31 nexthop 2001:db8:1:1::31 set community delete NO_ADVERTISE
+# Reject inbound routes when 'from 2001:db8:1:1::31 community NO_ADVERTISE' - reject code: 5
+allow quick from 2001:db8:1:1::31 community NO_ADVERTISE set {
+	localpref 1
+	community 65520:0
+	community 65520:5
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: left-most ASN
+# Reject inbound routes when 'from 2001:db8:1:1::31 peer-as != 3' - reject code: 6
+# community from reject_cause_map
+allow quick from 2001:db8:1:1::31 peer-as != 3 set {
+	localpref 1
+	community 65520:0
+	community 65520:6
+	large-community 999:1101:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: invalid ASNs
+# Reject inbound routes when 'from 2001:db8:1:1::31 AS 23456' - reject code: 7
+allow quick from 2001:db8:1:1::31 AS 23456 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 2001:db8:1:1::31 AS 64496 - 131071' - reject code: 7
+allow quick from 2001:db8:1:1::31 AS 64496 - 131071 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 2001:db8:1:1::31 AS 4200000000 - 4294967295' - reject code: 7
+allow quick from 2001:db8:1:1::31 AS 4200000000 - 4294967295 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+
+
+
+
+
+
+
+
+
+# Prefix: length
+# Reject inbound routes when 'from 2001:db8:1:1::31 prefix ::/0 prefixlen 12 >< 48' - reject code: 13
+allow quick from 2001:db8:1:1::31 prefix ::/0 prefixlen 12 >< 48 set {
+	localpref 1
+	community 65520:0
+	community 65520:13
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+# Remove internal communities before accepting the route
+match from 2001:db8:1:1::31 set {
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+match from 2001:db8:1:1::31 set ext-community delete rt 65520:3
+
+
+
+allow quick from 2001:db8:1:1::31
+
+
+
+# ---------------------------------------------
+# client AS3_2, outbound
+
+deny quick to 2001:db8:1:1::31 community 65520:0
+
+
+
+# Blackhole request?
+# No blackhole filtering policy given
+deny quick to 2001:db8:1:1::31 community BLACKHOLE
+
+
+
+# NO_EXPORT and NO_ADVERTISE communities
+
+# BGP control communities
+allow to 2001:db8:1:1::31
+
+# do_not_announce_to_peer
+deny quick to 2001:db8:1:1::31 community 0:3
+
+
+# Add the $INTCOMM_PROCESS_PREPEND_COMMS ext community to signal that communities
+# for prepending can be processed. As soon as one prepending action is performed,
+# this internal community is removed, so that further actions are not processed.
+match to 2001:db8:1:1::31 set ext-community $INTCOMM_PROCESS_PREPEND_COMMS
+
+
+
+
+
+# ---------------------------------------------
+# client AS4_1, inbound
+
+
+
+# NEXT_HOP
+match from 192.0.2.41 set community NO_ADVERTISE
+match from 192.0.2.41 nexthop 192.0.2.41 set community delete NO_ADVERTISE
+# Reject inbound routes when 'from 192.0.2.41 community NO_ADVERTISE' - reject code: 5
+allow quick from 192.0.2.41 community NO_ADVERTISE set {
+	localpref 1
+	community 65520:0
+	community 65520:5
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: left-most ASN
+# Reject inbound routes when 'from 192.0.2.41 peer-as != 4' - reject code: 6
+# community from reject_cause_map
+allow quick from 192.0.2.41 peer-as != 4 set {
+	localpref 1
+	community 65520:0
+	community 65520:6
+	large-community 999:1101:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: invalid ASNs
+# Reject inbound routes when 'from 192.0.2.41 AS 23456' - reject code: 7
+allow quick from 192.0.2.41 AS 23456 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 192.0.2.41 AS 64496 - 131071' - reject code: 7
+allow quick from 192.0.2.41 AS 64496 - 131071 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 192.0.2.41 AS 4200000000 - 4294967295' - reject code: 7
+allow quick from 192.0.2.41 AS 4200000000 - 4294967295 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+
+
+
+
+
+
+
+
+
+# Prefix: length
+# Reject inbound routes when 'from 192.0.2.41 prefix 0.0.0.0/0 prefixlen 8 >< 24' - reject code: 13
+allow quick from 192.0.2.41 prefix 0.0.0.0/0 prefixlen 8 >< 24 set {
+	localpref 1
+	community 65520:0
+	community 65520:13
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+# Remove internal communities before accepting the route
+match from 192.0.2.41 set {
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+match from 192.0.2.41 set ext-community delete rt 65520:4
+
+
+
+allow quick from 192.0.2.41
+
+
+
+# ---------------------------------------------
+# client AS4_1, outbound
+
+deny quick to 192.0.2.41 community 65520:0
+
+
+
+# Blackhole request?
+# No blackhole filtering policy given
+deny quick to 192.0.2.41 community BLACKHOLE
+
+
+
+# NO_EXPORT and NO_ADVERTISE communities
+
+# BGP control communities
+allow to 192.0.2.41
+
+# do_not_announce_to_peer
+deny quick to 192.0.2.41 community 0:4
+
+
+# Add the $INTCOMM_PROCESS_PREPEND_COMMS ext community to signal that communities
+# for prepending can be processed. As soon as one prepending action is performed,
+# this internal community is removed, so that further actions are not processed.
+match to 192.0.2.41 set ext-community $INTCOMM_PROCESS_PREPEND_COMMS
+
+
+
+
+
+# ---------------------------------------------
+# client AS4_2, inbound
+
+
+
+# NEXT_HOP
+match from 2001:db8:1:1::41 set community NO_ADVERTISE
+match from 2001:db8:1:1::41 nexthop 2001:db8:1:1::41 set community delete NO_ADVERTISE
+# Reject inbound routes when 'from 2001:db8:1:1::41 community NO_ADVERTISE' - reject code: 5
+allow quick from 2001:db8:1:1::41 community NO_ADVERTISE set {
+	localpref 1
+	community 65520:0
+	community 65520:5
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: left-most ASN
+# Reject inbound routes when 'from 2001:db8:1:1::41 peer-as != 4' - reject code: 6
+# community from reject_cause_map
+allow quick from 2001:db8:1:1::41 peer-as != 4 set {
+	localpref 1
+	community 65520:0
+	community 65520:6
+	large-community 999:1101:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: invalid ASNs
+# Reject inbound routes when 'from 2001:db8:1:1::41 AS 23456' - reject code: 7
+allow quick from 2001:db8:1:1::41 AS 23456 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 2001:db8:1:1::41 AS 64496 - 131071' - reject code: 7
+allow quick from 2001:db8:1:1::41 AS 64496 - 131071 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 2001:db8:1:1::41 AS 4200000000 - 4294967295' - reject code: 7
+allow quick from 2001:db8:1:1::41 AS 4200000000 - 4294967295 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+
+
+
+
+
+
+
+
+
+# Prefix: length
+# Reject inbound routes when 'from 2001:db8:1:1::41 prefix ::/0 prefixlen 12 >< 48' - reject code: 13
+allow quick from 2001:db8:1:1::41 prefix ::/0 prefixlen 12 >< 48 set {
+	localpref 1
+	community 65520:0
+	community 65520:13
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+# Remove internal communities before accepting the route
+match from 2001:db8:1:1::41 set {
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+match from 2001:db8:1:1::41 set ext-community delete rt 65520:4
+
+
+
+allow quick from 2001:db8:1:1::41
+
+
+
+# ---------------------------------------------
+# client AS4_2, outbound
+
+deny quick to 2001:db8:1:1::41 community 65520:0
+
+
+
+# Blackhole request?
+# No blackhole filtering policy given
+deny quick to 2001:db8:1:1::41 community BLACKHOLE
+
+
+
+# NO_EXPORT and NO_ADVERTISE communities
+
+# BGP control communities
+allow to 2001:db8:1:1::41
+
+# do_not_announce_to_peer
+deny quick to 2001:db8:1:1::41 community 0:4
+
+
+# Add the $INTCOMM_PROCESS_PREPEND_COMMS ext community to signal that communities
+# for prepending can be processed. As soon as one prepending action is performed,
+# this internal community is removed, so that further actions are not processed.
+match to 2001:db8:1:1::41 set ext-community $INTCOMM_PROCESS_PREPEND_COMMS
+
+
+
+
+
+
+
+# Scrub communities from outbound routes
+# do_not_announce_to_peer
+match to group clients set community delete 0:*
+
+# reject_cause
+match to group clients set community delete 65520:*
+
+# reject_cause_map_6
+match to group clients set large-community delete 999:1101:7
+
+# rejected_route_announced_by
+match to group clients set ext-community delete rt 65520:*
+
+
+# Scrub prepending communities
+
+
+# RFC1997 NO_EXPORT/NO_ADVERTISE received from clients and propagated because of pass-through policy
+match to group clients ext-community $INTCOMM_NO_EXPORT set community NO_EXPORT
+match to group clients ext-community $INTCOMM_NO_ADVERTISE set community NO_ADVERTISE
+
+# Remove internal communities before announcing the route
+match to group clients set {
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
diff --git a/tests/live_tests/scenarios/path_hiding/configs/PathHidingScenario_MitigationOn_OpenBGPDIPv4/openbgpd77p.conf b/tests/live_tests/scenarios/path_hiding/configs/PathHidingScenario_MitigationOn_OpenBGPDIPv4/openbgpd77p.conf
new file mode 100644
index 00000000..7edb7c56
--- /dev/null
+++ b/tests/live_tests/scenarios/path_hiding/configs/PathHidingScenario_MitigationOn_OpenBGPDIPv4/openbgpd77p.conf
@@ -0,0 +1,2290 @@
+# built by ARouteServer
+AS 999
+router-id 192.0.2.2
+
+fib-update no
+log updates
+
+nexthop qualify via default
+
+rde evaluate all
+
+INTCOMM_PREF_OK_ROA="soo 65535:1"
+INTCOMM_ROUTE_OK_WL="soo 65535:2"
+INTCOMM_PREF_OK_ARINDB="soo 65535:3"
+INTCOMM_PREF_OK_REGISTROBRDB="soo 65535:12"
+
+INTCOMM_ORIGIN_OK="soo 65535:4"
+INTCOMM_ORIGIN_KO="soo 65535:5"
+INTCOMM_PREFIX_OK="soo 65535:6"
+INTCOMM_PREFIX_KO="soo 65535:7"
+INTCOMM_IRR_REJECT="soo 65535:8"
+
+INTCOMM_RPKI_UNKNOWN="soo 65535:9"
+INTCOMM_RPKI_INVALID="soo 65535:10"
+INTCOMM_RPKI_VALID="soo 65535:11"
+
+INTCOMM_PROCESS_PREPEND_COMMS="soo 65535:13"
+
+INTCOMM_NO_EXPORT="soo 65535:65281"
+INTCOMM_NO_ADVERTISE="soo 65535:65282"
+
+# ---------------------------------------------------------
+# IRRDB
+
+
+
+
+# ---------------------------------------------------------
+# MEMBERS
+
+group "clients" {
+
+	neighbor 192.0.2.11 {
+		remote-as 1
+
+		rde evaluate all
+
+		passive
+		ttl-security no
+		transparent-as yes
+		enforce neighbor-as no
+
+		announce as-4byte yes
+		announce IPv6 none
+		announce IPv4 unicast
+		announce add-path send best plus 5
+
+		set nexthop no-modify
+	}
+
+	neighbor 2001:db8:1:1::11 {
+		remote-as 1
+
+		rde evaluate all
+
+		passive
+		ttl-security no
+		transparent-as yes
+		enforce neighbor-as no
+
+		announce as-4byte yes
+		announce IPv6 unicast
+		announce IPv4 none
+		announce add-path send best plus 5
+
+		set nexthop no-modify
+	}
+
+	neighbor 192.0.2.21 {
+		remote-as 2
+
+		rde evaluate all
+
+		passive
+		ttl-security no
+		transparent-as yes
+		enforce neighbor-as no
+
+		announce as-4byte yes
+		announce IPv6 none
+		announce IPv4 unicast
+		announce add-path send best plus 5
+
+		set nexthop no-modify
+	}
+
+	neighbor 2001:db8:1:1::21 {
+		remote-as 2
+
+		rde evaluate all
+
+		passive
+		ttl-security no
+		transparent-as yes
+		enforce neighbor-as no
+
+		announce as-4byte yes
+		announce IPv6 unicast
+		announce IPv4 none
+		announce add-path send best plus 5
+
+		set nexthop no-modify
+	}
+
+	neighbor 192.0.2.31 {
+		remote-as 3
+
+		rde evaluate all
+
+		passive
+		ttl-security no
+		transparent-as yes
+		enforce neighbor-as no
+
+		announce as-4byte yes
+		announce IPv6 none
+		announce IPv4 unicast
+		announce add-path send best plus 5
+
+		set nexthop no-modify
+	}
+
+	neighbor 2001:db8:1:1::31 {
+		remote-as 3
+
+		rde evaluate all
+
+		passive
+		ttl-security no
+		transparent-as yes
+		enforce neighbor-as no
+
+		announce as-4byte yes
+		announce IPv6 unicast
+		announce IPv4 none
+		announce add-path send best plus 5
+
+		set nexthop no-modify
+	}
+
+	neighbor 192.0.2.41 {
+		remote-as 4
+
+		rde evaluate all
+
+		passive
+		ttl-security no
+		transparent-as yes
+		enforce neighbor-as no
+
+		announce as-4byte yes
+		announce IPv6 none
+		announce IPv4 unicast
+		announce add-path send best plus 5
+
+		set nexthop no-modify
+	}
+
+	neighbor 2001:db8:1:1::41 {
+		remote-as 4
+
+		rde evaluate all
+
+		passive
+		ttl-security no
+		transparent-as yes
+		enforce neighbor-as no
+
+		announce as-4byte yes
+		announce IPv6 unicast
+		announce IPv4 none
+		announce add-path send best plus 5
+
+		set nexthop no-modify
+	}
+}
+
+
+
+# ---------------------------------------------------------
+# FILTERS
+
+# NO_ADVERTISE usage notes.
+# The NO_ADVERTISE well-know community is used here to handle
+# filters that span over multiple steps. At first it is added
+# to any route, then it is removed as filters conditions are
+# satisfied. Finally, if it is still present, it means that
+# the route should be discarded.
+
+
+
+
+
+prefix-set "bogons" {
+    0.0.0.0/0
+    0.0.0.0/8 prefixlen 8 - 32
+    10.0.0.0/8 prefixlen 8 - 32
+    127.0.0.0/8 prefixlen 8 - 32
+    169.254.0.0/16 prefixlen 16 - 32
+    172.16.0.0/12 prefixlen 12 - 32
+    192.0.2.0/24 prefixlen 24 - 32
+    192.88.99.0/24 prefixlen 24 - 32
+    192.168.0.0/16 prefixlen 16 - 32
+    198.18.0.0/15 prefixlen 15 - 32
+    198.51.100.0/24 prefixlen 24 - 32
+    203.0.113.0/24 prefixlen 24 - 32
+    224.0.0.0/3 prefixlen 3 - 32
+    100.64.0.0/10 prefixlen 10 - 32
+    ::/0
+    ::/8 prefixlen 8 - 128
+    64:ff9b::/96 prefixlen 96 - 128
+    100::/8 prefixlen 8 - 128
+    200::/7 prefixlen 7 - 128
+    400::/6 prefixlen 6 - 128
+    800::/5 prefixlen 5 - 128
+    1000::/4 prefixlen 4 - 128
+    2001::/33 prefixlen 33 - 128
+    2001:0:8000::/33 prefixlen 33 - 128
+    2001:2::/48 prefixlen 48 - 128
+    2001:3::/32 prefixlen 32 - 128
+    2001:10::/28 prefixlen 28 - 128
+    2001:20::/28 prefixlen 28 - 128
+    2001:db8::/32 prefixlen 32 - 128
+    2002::/16 prefixlen 16 - 128
+    3ffe::/16 prefixlen 16 - 128
+    4000::/3 prefixlen 3 - 128
+    5f00::/8 prefixlen 8 - 128
+    6000::/3 prefixlen 3 - 128
+    8000::/3 prefixlen 3 - 128
+    a000::/3 prefixlen 3 - 128
+    c000::/3 prefixlen 3 - 128
+    e000::/4 prefixlen 4 - 128
+    f000::/5 prefixlen 5 - 128
+    f800::/6 prefixlen 6 - 128
+    fc00::/7 prefixlen 7 - 128
+    fe80::/10 prefixlen 10 - 128
+    fec0::/10 prefixlen 10 - 128
+    ff00::/8 prefixlen 8 - 128
+
+}
+
+
+# =====================================================================================
+# Global rules.
+
+# This part of configuration is processed at the beginning of the filters.
+# The rules defined in this part are applied to all the clients, and not on a
+# client-by-client basis (see the 'match from group clients'), so only global policies
+# can be implemented here, that is no client-level configuration are allowed.
+
+
+
+# Scrub communities from inbound routes
+# reject_cause
+match from group clients set community delete 65520:*
+
+# reject_cause_map_6
+match from group clients set large-community delete 999:1101:7
+
+# rejected_route_announced_by
+match from group clients set ext-community delete rt 65520:*
+
+
+# Scrub internal communities from inbound routes
+match from group clients set {
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+# The main goal of this block is to enrich routes received from clients by attaching to them
+# internal informational communities which are used later by the rest of the filter rules.
+
+# Internal communities used for RFC1997 well-known communities handling
+
+# Transform NO_EXPORT into $INTCOMM_NO_EXPORT
+match from group clients community NO_EXPORT set { ext-community $INTCOMM_NO_EXPORT community delete NO_EXPORT }
+
+# Transform NO_ADVERTISE into $INTCOMM_NO_ADVERTISE
+match from group clients community NO_ADVERTISE set { ext-community $INTCOMM_NO_ADVERTISE community delete NO_ADVERTISE }
+
+
+
+
+
+
+
+
+
+# Set the 'rejected_route_announced_by' community for all the clients.
+# It will be removed later if the route is not invalid
+match from 192.0.2.11 set ext-community rt 65520:1
+
+match from 2001:db8:1:1::11 set ext-community rt 65520:1
+
+match from 192.0.2.21 set ext-community rt 65520:2
+
+match from 2001:db8:1:1::21 set ext-community rt 65520:2
+
+match from 192.0.2.31 set ext-community rt 65520:3
+
+match from 2001:db8:1:1::31 set ext-community rt 65520:3
+
+match from 192.0.2.41 set ext-community rt 65520:4
+
+match from 2001:db8:1:1::41 set ext-community rt 65520:4
+
+
+
+
+# AS_PATH: length
+# Reject inbound routes when 'from group clients max-as-len 32' - reject code: 1
+allow quick from group clients max-as-len 32 set {
+	localpref 1
+	community 65520:0
+	community 65520:1
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+# Prefix: only IPv6 Global Unicast space allowed
+match from group clients inet6 set community NO_ADVERTISE
+match from group clients prefix 2000::/3 or-longer set community delete NO_ADVERTISE
+# Reject inbound routes when 'from group clients community NO_ADVERTISE' - reject code: 10
+allow quick from group clients community NO_ADVERTISE set {
+	localpref 1
+	community 65520:0
+	community 65520:10
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# Prefix: bogon
+# Reject inbound routes when 'from group clients prefix-set bogons' - reject code: 2
+allow quick from group clients prefix-set bogons set {
+	localpref 1
+	community 65520:0
+	community 65520:2
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+
+# =====================================================================================
+# Per client rules.
+
+
+# ---------------------------------------------
+# client AS1_1, inbound
+
+
+
+# NEXT_HOP
+match from 192.0.2.11 set community NO_ADVERTISE
+match from 192.0.2.11 nexthop 192.0.2.11 set community delete NO_ADVERTISE
+# Reject inbound routes when 'from 192.0.2.11 community NO_ADVERTISE' - reject code: 5
+allow quick from 192.0.2.11 community NO_ADVERTISE set {
+	localpref 1
+	community 65520:0
+	community 65520:5
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: left-most ASN
+# Reject inbound routes when 'from 192.0.2.11 peer-as != 1' - reject code: 6
+# community from reject_cause_map
+allow quick from 192.0.2.11 peer-as != 1 set {
+	localpref 1
+	community 65520:0
+	community 65520:6
+	large-community 999:1101:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: invalid ASNs
+# Reject inbound routes when 'from 192.0.2.11 AS 23456' - reject code: 7
+allow quick from 192.0.2.11 AS 23456 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 192.0.2.11 AS 64496 - 131071' - reject code: 7
+allow quick from 192.0.2.11 AS 64496 - 131071 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 192.0.2.11 AS 4200000000 - 4294967295' - reject code: 7
+allow quick from 192.0.2.11 AS 4200000000 - 4294967295 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+
+
+
+
+
+
+
+
+
+# Prefix: length
+# Reject inbound routes when 'from 192.0.2.11 prefix 0.0.0.0/0 prefixlen 8 >< 24' - reject code: 13
+allow quick from 192.0.2.11 prefix 0.0.0.0/0 prefixlen 8 >< 24 set {
+	localpref 1
+	community 65520:0
+	community 65520:13
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+# Remove internal communities before accepting the route
+match from 192.0.2.11 set {
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+match from 192.0.2.11 set ext-community delete rt 65520:1
+
+
+
+allow quick from 192.0.2.11
+
+
+
+# ---------------------------------------------
+# client AS1_1, outbound
+
+deny quick to 192.0.2.11 community 65520:0
+
+
+
+# Blackhole request?
+# No blackhole filtering policy given
+deny quick to 192.0.2.11 community BLACKHOLE
+
+
+
+# NO_EXPORT and NO_ADVERTISE communities
+
+# BGP control communities
+allow to 192.0.2.11
+
+# do_not_announce_to_peer
+deny quick to 192.0.2.11 community 0:1
+
+
+# Add the $INTCOMM_PROCESS_PREPEND_COMMS ext community to signal that communities
+# for prepending can be processed. As soon as one prepending action is performed,
+# this internal community is removed, so that further actions are not processed.
+match to 192.0.2.11 set ext-community $INTCOMM_PROCESS_PREPEND_COMMS
+
+
+
+
+
+# ---------------------------------------------
+# client AS1_2, inbound
+
+
+
+# NEXT_HOP
+match from 2001:db8:1:1::11 set community NO_ADVERTISE
+match from 2001:db8:1:1::11 nexthop 2001:db8:1:1::11 set community delete NO_ADVERTISE
+# Reject inbound routes when 'from 2001:db8:1:1::11 community NO_ADVERTISE' - reject code: 5
+allow quick from 2001:db8:1:1::11 community NO_ADVERTISE set {
+	localpref 1
+	community 65520:0
+	community 65520:5
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: left-most ASN
+# Reject inbound routes when 'from 2001:db8:1:1::11 peer-as != 1' - reject code: 6
+# community from reject_cause_map
+allow quick from 2001:db8:1:1::11 peer-as != 1 set {
+	localpref 1
+	community 65520:0
+	community 65520:6
+	large-community 999:1101:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: invalid ASNs
+# Reject inbound routes when 'from 2001:db8:1:1::11 AS 23456' - reject code: 7
+allow quick from 2001:db8:1:1::11 AS 23456 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 2001:db8:1:1::11 AS 64496 - 131071' - reject code: 7
+allow quick from 2001:db8:1:1::11 AS 64496 - 131071 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 2001:db8:1:1::11 AS 4200000000 - 4294967295' - reject code: 7
+allow quick from 2001:db8:1:1::11 AS 4200000000 - 4294967295 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+
+
+
+
+
+
+
+
+
+# Prefix: length
+# Reject inbound routes when 'from 2001:db8:1:1::11 prefix ::/0 prefixlen 12 >< 48' - reject code: 13
+allow quick from 2001:db8:1:1::11 prefix ::/0 prefixlen 12 >< 48 set {
+	localpref 1
+	community 65520:0
+	community 65520:13
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+# Remove internal communities before accepting the route
+match from 2001:db8:1:1::11 set {
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+match from 2001:db8:1:1::11 set ext-community delete rt 65520:1
+
+
+
+allow quick from 2001:db8:1:1::11
+
+
+
+# ---------------------------------------------
+# client AS1_2, outbound
+
+deny quick to 2001:db8:1:1::11 community 65520:0
+
+
+
+# Blackhole request?
+# No blackhole filtering policy given
+deny quick to 2001:db8:1:1::11 community BLACKHOLE
+
+
+
+# NO_EXPORT and NO_ADVERTISE communities
+
+# BGP control communities
+allow to 2001:db8:1:1::11
+
+# do_not_announce_to_peer
+deny quick to 2001:db8:1:1::11 community 0:1
+
+
+# Add the $INTCOMM_PROCESS_PREPEND_COMMS ext community to signal that communities
+# for prepending can be processed. As soon as one prepending action is performed,
+# this internal community is removed, so that further actions are not processed.
+match to 2001:db8:1:1::11 set ext-community $INTCOMM_PROCESS_PREPEND_COMMS
+
+
+
+
+
+# ---------------------------------------------
+# client AS2_1, inbound
+
+
+
+# NEXT_HOP
+match from 192.0.2.21 set community NO_ADVERTISE
+match from 192.0.2.21 nexthop 192.0.2.21 set community delete NO_ADVERTISE
+# Reject inbound routes when 'from 192.0.2.21 community NO_ADVERTISE' - reject code: 5
+allow quick from 192.0.2.21 community NO_ADVERTISE set {
+	localpref 1
+	community 65520:0
+	community 65520:5
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: left-most ASN
+# Reject inbound routes when 'from 192.0.2.21 peer-as != 2' - reject code: 6
+# community from reject_cause_map
+allow quick from 192.0.2.21 peer-as != 2 set {
+	localpref 1
+	community 65520:0
+	community 65520:6
+	large-community 999:1101:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: invalid ASNs
+# Reject inbound routes when 'from 192.0.2.21 AS 23456' - reject code: 7
+allow quick from 192.0.2.21 AS 23456 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 192.0.2.21 AS 64496 - 131071' - reject code: 7
+allow quick from 192.0.2.21 AS 64496 - 131071 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 192.0.2.21 AS 4200000000 - 4294967295' - reject code: 7
+allow quick from 192.0.2.21 AS 4200000000 - 4294967295 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+
+
+
+
+
+
+
+
+
+# Prefix: length
+# Reject inbound routes when 'from 192.0.2.21 prefix 0.0.0.0/0 prefixlen 8 >< 24' - reject code: 13
+allow quick from 192.0.2.21 prefix 0.0.0.0/0 prefixlen 8 >< 24 set {
+	localpref 1
+	community 65520:0
+	community 65520:13
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+# Remove internal communities before accepting the route
+match from 192.0.2.21 set {
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+match from 192.0.2.21 set ext-community delete rt 65520:2
+
+
+
+allow quick from 192.0.2.21
+
+
+
+# ---------------------------------------------
+# client AS2_1, outbound
+
+deny quick to 192.0.2.21 community 65520:0
+
+
+
+# Blackhole request?
+# No blackhole filtering policy given
+deny quick to 192.0.2.21 community BLACKHOLE
+
+
+
+# NO_EXPORT and NO_ADVERTISE communities
+
+# BGP control communities
+allow to 192.0.2.21
+
+# do_not_announce_to_peer
+deny quick to 192.0.2.21 community 0:2
+
+
+# Add the $INTCOMM_PROCESS_PREPEND_COMMS ext community to signal that communities
+# for prepending can be processed. As soon as one prepending action is performed,
+# this internal community is removed, so that further actions are not processed.
+match to 192.0.2.21 set ext-community $INTCOMM_PROCESS_PREPEND_COMMS
+
+
+
+
+
+# ---------------------------------------------
+# client AS2_2, inbound
+
+
+
+# NEXT_HOP
+match from 2001:db8:1:1::21 set community NO_ADVERTISE
+match from 2001:db8:1:1::21 nexthop 2001:db8:1:1::21 set community delete NO_ADVERTISE
+# Reject inbound routes when 'from 2001:db8:1:1::21 community NO_ADVERTISE' - reject code: 5
+allow quick from 2001:db8:1:1::21 community NO_ADVERTISE set {
+	localpref 1
+	community 65520:0
+	community 65520:5
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: left-most ASN
+# Reject inbound routes when 'from 2001:db8:1:1::21 peer-as != 2' - reject code: 6
+# community from reject_cause_map
+allow quick from 2001:db8:1:1::21 peer-as != 2 set {
+	localpref 1
+	community 65520:0
+	community 65520:6
+	large-community 999:1101:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: invalid ASNs
+# Reject inbound routes when 'from 2001:db8:1:1::21 AS 23456' - reject code: 7
+allow quick from 2001:db8:1:1::21 AS 23456 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 2001:db8:1:1::21 AS 64496 - 131071' - reject code: 7
+allow quick from 2001:db8:1:1::21 AS 64496 - 131071 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 2001:db8:1:1::21 AS 4200000000 - 4294967295' - reject code: 7
+allow quick from 2001:db8:1:1::21 AS 4200000000 - 4294967295 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+
+
+
+
+
+
+
+
+
+# Prefix: length
+# Reject inbound routes when 'from 2001:db8:1:1::21 prefix ::/0 prefixlen 12 >< 48' - reject code: 13
+allow quick from 2001:db8:1:1::21 prefix ::/0 prefixlen 12 >< 48 set {
+	localpref 1
+	community 65520:0
+	community 65520:13
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+# Remove internal communities before accepting the route
+match from 2001:db8:1:1::21 set {
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+match from 2001:db8:1:1::21 set ext-community delete rt 65520:2
+
+
+
+allow quick from 2001:db8:1:1::21
+
+
+
+# ---------------------------------------------
+# client AS2_2, outbound
+
+deny quick to 2001:db8:1:1::21 community 65520:0
+
+
+
+# Blackhole request?
+# No blackhole filtering policy given
+deny quick to 2001:db8:1:1::21 community BLACKHOLE
+
+
+
+# NO_EXPORT and NO_ADVERTISE communities
+
+# BGP control communities
+allow to 2001:db8:1:1::21
+
+# do_not_announce_to_peer
+deny quick to 2001:db8:1:1::21 community 0:2
+
+
+# Add the $INTCOMM_PROCESS_PREPEND_COMMS ext community to signal that communities
+# for prepending can be processed. As soon as one prepending action is performed,
+# this internal community is removed, so that further actions are not processed.
+match to 2001:db8:1:1::21 set ext-community $INTCOMM_PROCESS_PREPEND_COMMS
+
+
+
+
+
+# ---------------------------------------------
+# client AS3_1, inbound
+
+
+
+# NEXT_HOP
+match from 192.0.2.31 set community NO_ADVERTISE
+match from 192.0.2.31 nexthop 192.0.2.31 set community delete NO_ADVERTISE
+# Reject inbound routes when 'from 192.0.2.31 community NO_ADVERTISE' - reject code: 5
+allow quick from 192.0.2.31 community NO_ADVERTISE set {
+	localpref 1
+	community 65520:0
+	community 65520:5
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: left-most ASN
+# Reject inbound routes when 'from 192.0.2.31 peer-as != 3' - reject code: 6
+# community from reject_cause_map
+allow quick from 192.0.2.31 peer-as != 3 set {
+	localpref 1
+	community 65520:0
+	community 65520:6
+	large-community 999:1101:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: invalid ASNs
+# Reject inbound routes when 'from 192.0.2.31 AS 23456' - reject code: 7
+allow quick from 192.0.2.31 AS 23456 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 192.0.2.31 AS 64496 - 131071' - reject code: 7
+allow quick from 192.0.2.31 AS 64496 - 131071 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 192.0.2.31 AS 4200000000 - 4294967295' - reject code: 7
+allow quick from 192.0.2.31 AS 4200000000 - 4294967295 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+
+
+
+
+
+
+
+
+
+# Prefix: length
+# Reject inbound routes when 'from 192.0.2.31 prefix 0.0.0.0/0 prefixlen 8 >< 24' - reject code: 13
+allow quick from 192.0.2.31 prefix 0.0.0.0/0 prefixlen 8 >< 24 set {
+	localpref 1
+	community 65520:0
+	community 65520:13
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+# Remove internal communities before accepting the route
+match from 192.0.2.31 set {
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+match from 192.0.2.31 set ext-community delete rt 65520:3
+
+
+
+allow quick from 192.0.2.31
+
+
+
+# ---------------------------------------------
+# client AS3_1, outbound
+
+deny quick to 192.0.2.31 community 65520:0
+
+
+
+# Blackhole request?
+# No blackhole filtering policy given
+deny quick to 192.0.2.31 community BLACKHOLE
+
+
+
+# NO_EXPORT and NO_ADVERTISE communities
+
+# BGP control communities
+allow to 192.0.2.31
+
+# do_not_announce_to_peer
+deny quick to 192.0.2.31 community 0:3
+
+
+# Add the $INTCOMM_PROCESS_PREPEND_COMMS ext community to signal that communities
+# for prepending can be processed. As soon as one prepending action is performed,
+# this internal community is removed, so that further actions are not processed.
+match to 192.0.2.31 set ext-community $INTCOMM_PROCESS_PREPEND_COMMS
+
+
+
+
+
+# ---------------------------------------------
+# client AS3_2, inbound
+
+
+
+# NEXT_HOP
+match from 2001:db8:1:1::31 set community NO_ADVERTISE
+match from 2001:db8:1:1::31 nexthop 2001:db8:1:1::31 set community delete NO_ADVERTISE
+# Reject inbound routes when 'from 2001:db8:1:1::31 community NO_ADVERTISE' - reject code: 5
+allow quick from 2001:db8:1:1::31 community NO_ADVERTISE set {
+	localpref 1
+	community 65520:0
+	community 65520:5
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: left-most ASN
+# Reject inbound routes when 'from 2001:db8:1:1::31 peer-as != 3' - reject code: 6
+# community from reject_cause_map
+allow quick from 2001:db8:1:1::31 peer-as != 3 set {
+	localpref 1
+	community 65520:0
+	community 65520:6
+	large-community 999:1101:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: invalid ASNs
+# Reject inbound routes when 'from 2001:db8:1:1::31 AS 23456' - reject code: 7
+allow quick from 2001:db8:1:1::31 AS 23456 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 2001:db8:1:1::31 AS 64496 - 131071' - reject code: 7
+allow quick from 2001:db8:1:1::31 AS 64496 - 131071 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 2001:db8:1:1::31 AS 4200000000 - 4294967295' - reject code: 7
+allow quick from 2001:db8:1:1::31 AS 4200000000 - 4294967295 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+
+
+
+
+
+
+
+
+
+# Prefix: length
+# Reject inbound routes when 'from 2001:db8:1:1::31 prefix ::/0 prefixlen 12 >< 48' - reject code: 13
+allow quick from 2001:db8:1:1::31 prefix ::/0 prefixlen 12 >< 48 set {
+	localpref 1
+	community 65520:0
+	community 65520:13
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+# Remove internal communities before accepting the route
+match from 2001:db8:1:1::31 set {
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+match from 2001:db8:1:1::31 set ext-community delete rt 65520:3
+
+
+
+allow quick from 2001:db8:1:1::31
+
+
+
+# ---------------------------------------------
+# client AS3_2, outbound
+
+deny quick to 2001:db8:1:1::31 community 65520:0
+
+
+
+# Blackhole request?
+# No blackhole filtering policy given
+deny quick to 2001:db8:1:1::31 community BLACKHOLE
+
+
+
+# NO_EXPORT and NO_ADVERTISE communities
+
+# BGP control communities
+allow to 2001:db8:1:1::31
+
+# do_not_announce_to_peer
+deny quick to 2001:db8:1:1::31 community 0:3
+
+
+# Add the $INTCOMM_PROCESS_PREPEND_COMMS ext community to signal that communities
+# for prepending can be processed. As soon as one prepending action is performed,
+# this internal community is removed, so that further actions are not processed.
+match to 2001:db8:1:1::31 set ext-community $INTCOMM_PROCESS_PREPEND_COMMS
+
+
+
+
+
+# ---------------------------------------------
+# client AS4_1, inbound
+
+
+
+# NEXT_HOP
+match from 192.0.2.41 set community NO_ADVERTISE
+match from 192.0.2.41 nexthop 192.0.2.41 set community delete NO_ADVERTISE
+# Reject inbound routes when 'from 192.0.2.41 community NO_ADVERTISE' - reject code: 5
+allow quick from 192.0.2.41 community NO_ADVERTISE set {
+	localpref 1
+	community 65520:0
+	community 65520:5
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: left-most ASN
+# Reject inbound routes when 'from 192.0.2.41 peer-as != 4' - reject code: 6
+# community from reject_cause_map
+allow quick from 192.0.2.41 peer-as != 4 set {
+	localpref 1
+	community 65520:0
+	community 65520:6
+	large-community 999:1101:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: invalid ASNs
+# Reject inbound routes when 'from 192.0.2.41 AS 23456' - reject code: 7
+allow quick from 192.0.2.41 AS 23456 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 192.0.2.41 AS 64496 - 131071' - reject code: 7
+allow quick from 192.0.2.41 AS 64496 - 131071 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 192.0.2.41 AS 4200000000 - 4294967295' - reject code: 7
+allow quick from 192.0.2.41 AS 4200000000 - 4294967295 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+
+
+
+
+
+
+
+
+
+# Prefix: length
+# Reject inbound routes when 'from 192.0.2.41 prefix 0.0.0.0/0 prefixlen 8 >< 24' - reject code: 13
+allow quick from 192.0.2.41 prefix 0.0.0.0/0 prefixlen 8 >< 24 set {
+	localpref 1
+	community 65520:0
+	community 65520:13
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+# Remove internal communities before accepting the route
+match from 192.0.2.41 set {
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+match from 192.0.2.41 set ext-community delete rt 65520:4
+
+
+
+allow quick from 192.0.2.41
+
+
+
+# ---------------------------------------------
+# client AS4_1, outbound
+
+deny quick to 192.0.2.41 community 65520:0
+
+
+
+# Blackhole request?
+# No blackhole filtering policy given
+deny quick to 192.0.2.41 community BLACKHOLE
+
+
+
+# NO_EXPORT and NO_ADVERTISE communities
+
+# BGP control communities
+allow to 192.0.2.41
+
+# do_not_announce_to_peer
+deny quick to 192.0.2.41 community 0:4
+
+
+# Add the $INTCOMM_PROCESS_PREPEND_COMMS ext community to signal that communities
+# for prepending can be processed. As soon as one prepending action is performed,
+# this internal community is removed, so that further actions are not processed.
+match to 192.0.2.41 set ext-community $INTCOMM_PROCESS_PREPEND_COMMS
+
+
+
+
+
+# ---------------------------------------------
+# client AS4_2, inbound
+
+
+
+# NEXT_HOP
+match from 2001:db8:1:1::41 set community NO_ADVERTISE
+match from 2001:db8:1:1::41 nexthop 2001:db8:1:1::41 set community delete NO_ADVERTISE
+# Reject inbound routes when 'from 2001:db8:1:1::41 community NO_ADVERTISE' - reject code: 5
+allow quick from 2001:db8:1:1::41 community NO_ADVERTISE set {
+	localpref 1
+	community 65520:0
+	community 65520:5
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: left-most ASN
+# Reject inbound routes when 'from 2001:db8:1:1::41 peer-as != 4' - reject code: 6
+# community from reject_cause_map
+allow quick from 2001:db8:1:1::41 peer-as != 4 set {
+	localpref 1
+	community 65520:0
+	community 65520:6
+	large-community 999:1101:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: invalid ASNs
+# Reject inbound routes when 'from 2001:db8:1:1::41 AS 23456' - reject code: 7
+allow quick from 2001:db8:1:1::41 AS 23456 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 2001:db8:1:1::41 AS 64496 - 131071' - reject code: 7
+allow quick from 2001:db8:1:1::41 AS 64496 - 131071 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 2001:db8:1:1::41 AS 4200000000 - 4294967295' - reject code: 7
+allow quick from 2001:db8:1:1::41 AS 4200000000 - 4294967295 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+
+
+
+
+
+
+
+
+
+# Prefix: length
+# Reject inbound routes when 'from 2001:db8:1:1::41 prefix ::/0 prefixlen 12 >< 48' - reject code: 13
+allow quick from 2001:db8:1:1::41 prefix ::/0 prefixlen 12 >< 48 set {
+	localpref 1
+	community 65520:0
+	community 65520:13
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+# Remove internal communities before accepting the route
+match from 2001:db8:1:1::41 set {
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+match from 2001:db8:1:1::41 set ext-community delete rt 65520:4
+
+
+
+allow quick from 2001:db8:1:1::41
+
+
+
+# ---------------------------------------------
+# client AS4_2, outbound
+
+deny quick to 2001:db8:1:1::41 community 65520:0
+
+
+
+# Blackhole request?
+# No blackhole filtering policy given
+deny quick to 2001:db8:1:1::41 community BLACKHOLE
+
+
+
+# NO_EXPORT and NO_ADVERTISE communities
+
+# BGP control communities
+allow to 2001:db8:1:1::41
+
+# do_not_announce_to_peer
+deny quick to 2001:db8:1:1::41 community 0:4
+
+
+# Add the $INTCOMM_PROCESS_PREPEND_COMMS ext community to signal that communities
+# for prepending can be processed. As soon as one prepending action is performed,
+# this internal community is removed, so that further actions are not processed.
+match to 2001:db8:1:1::41 set ext-community $INTCOMM_PROCESS_PREPEND_COMMS
+
+
+
+
+
+
+
+# Scrub communities from outbound routes
+# do_not_announce_to_peer
+match to group clients set community delete 0:*
+
+# reject_cause
+match to group clients set community delete 65520:*
+
+# reject_cause_map_6
+match to group clients set large-community delete 999:1101:7
+
+# rejected_route_announced_by
+match to group clients set ext-community delete rt 65520:*
+
+
+# Scrub prepending communities
+
+
+# RFC1997 NO_EXPORT/NO_ADVERTISE received from clients and propagated because of pass-through policy
+match to group clients ext-community $INTCOMM_NO_EXPORT set community NO_EXPORT
+match to group clients ext-community $INTCOMM_NO_ADVERTISE set community NO_ADVERTISE
+
+# Remove internal communities before announcing the route
+match to group clients set {
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
diff --git a/tests/live_tests/scenarios/path_hiding/configs/PathHidingScenario_MitigationOn_OpenBGPDIPv6/openbgpd76p.conf b/tests/live_tests/scenarios/path_hiding/configs/PathHidingScenario_MitigationOn_OpenBGPDIPv6/openbgpd76p.conf
new file mode 100644
index 00000000..7edb7c56
--- /dev/null
+++ b/tests/live_tests/scenarios/path_hiding/configs/PathHidingScenario_MitigationOn_OpenBGPDIPv6/openbgpd76p.conf
@@ -0,0 +1,2290 @@
+# built by ARouteServer
+AS 999
+router-id 192.0.2.2
+
+fib-update no
+log updates
+
+nexthop qualify via default
+
+rde evaluate all
+
+INTCOMM_PREF_OK_ROA="soo 65535:1"
+INTCOMM_ROUTE_OK_WL="soo 65535:2"
+INTCOMM_PREF_OK_ARINDB="soo 65535:3"
+INTCOMM_PREF_OK_REGISTROBRDB="soo 65535:12"
+
+INTCOMM_ORIGIN_OK="soo 65535:4"
+INTCOMM_ORIGIN_KO="soo 65535:5"
+INTCOMM_PREFIX_OK="soo 65535:6"
+INTCOMM_PREFIX_KO="soo 65535:7"
+INTCOMM_IRR_REJECT="soo 65535:8"
+
+INTCOMM_RPKI_UNKNOWN="soo 65535:9"
+INTCOMM_RPKI_INVALID="soo 65535:10"
+INTCOMM_RPKI_VALID="soo 65535:11"
+
+INTCOMM_PROCESS_PREPEND_COMMS="soo 65535:13"
+
+INTCOMM_NO_EXPORT="soo 65535:65281"
+INTCOMM_NO_ADVERTISE="soo 65535:65282"
+
+# ---------------------------------------------------------
+# IRRDB
+
+
+
+
+# ---------------------------------------------------------
+# MEMBERS
+
+group "clients" {
+
+	neighbor 192.0.2.11 {
+		remote-as 1
+
+		rde evaluate all
+
+		passive
+		ttl-security no
+		transparent-as yes
+		enforce neighbor-as no
+
+		announce as-4byte yes
+		announce IPv6 none
+		announce IPv4 unicast
+		announce add-path send best plus 5
+
+		set nexthop no-modify
+	}
+
+	neighbor 2001:db8:1:1::11 {
+		remote-as 1
+
+		rde evaluate all
+
+		passive
+		ttl-security no
+		transparent-as yes
+		enforce neighbor-as no
+
+		announce as-4byte yes
+		announce IPv6 unicast
+		announce IPv4 none
+		announce add-path send best plus 5
+
+		set nexthop no-modify
+	}
+
+	neighbor 192.0.2.21 {
+		remote-as 2
+
+		rde evaluate all
+
+		passive
+		ttl-security no
+		transparent-as yes
+		enforce neighbor-as no
+
+		announce as-4byte yes
+		announce IPv6 none
+		announce IPv4 unicast
+		announce add-path send best plus 5
+
+		set nexthop no-modify
+	}
+
+	neighbor 2001:db8:1:1::21 {
+		remote-as 2
+
+		rde evaluate all
+
+		passive
+		ttl-security no
+		transparent-as yes
+		enforce neighbor-as no
+
+		announce as-4byte yes
+		announce IPv6 unicast
+		announce IPv4 none
+		announce add-path send best plus 5
+
+		set nexthop no-modify
+	}
+
+	neighbor 192.0.2.31 {
+		remote-as 3
+
+		rde evaluate all
+
+		passive
+		ttl-security no
+		transparent-as yes
+		enforce neighbor-as no
+
+		announce as-4byte yes
+		announce IPv6 none
+		announce IPv4 unicast
+		announce add-path send best plus 5
+
+		set nexthop no-modify
+	}
+
+	neighbor 2001:db8:1:1::31 {
+		remote-as 3
+
+		rde evaluate all
+
+		passive
+		ttl-security no
+		transparent-as yes
+		enforce neighbor-as no
+
+		announce as-4byte yes
+		announce IPv6 unicast
+		announce IPv4 none
+		announce add-path send best plus 5
+
+		set nexthop no-modify
+	}
+
+	neighbor 192.0.2.41 {
+		remote-as 4
+
+		rde evaluate all
+
+		passive
+		ttl-security no
+		transparent-as yes
+		enforce neighbor-as no
+
+		announce as-4byte yes
+		announce IPv6 none
+		announce IPv4 unicast
+		announce add-path send best plus 5
+
+		set nexthop no-modify
+	}
+
+	neighbor 2001:db8:1:1::41 {
+		remote-as 4
+
+		rde evaluate all
+
+		passive
+		ttl-security no
+		transparent-as yes
+		enforce neighbor-as no
+
+		announce as-4byte yes
+		announce IPv6 unicast
+		announce IPv4 none
+		announce add-path send best plus 5
+
+		set nexthop no-modify
+	}
+}
+
+
+
+# ---------------------------------------------------------
+# FILTERS
+
+# NO_ADVERTISE usage notes.
+# The NO_ADVERTISE well-know community is used here to handle
+# filters that span over multiple steps. At first it is added
+# to any route, then it is removed as filters conditions are
+# satisfied. Finally, if it is still present, it means that
+# the route should be discarded.
+
+
+
+
+
+prefix-set "bogons" {
+    0.0.0.0/0
+    0.0.0.0/8 prefixlen 8 - 32
+    10.0.0.0/8 prefixlen 8 - 32
+    127.0.0.0/8 prefixlen 8 - 32
+    169.254.0.0/16 prefixlen 16 - 32
+    172.16.0.0/12 prefixlen 12 - 32
+    192.0.2.0/24 prefixlen 24 - 32
+    192.88.99.0/24 prefixlen 24 - 32
+    192.168.0.0/16 prefixlen 16 - 32
+    198.18.0.0/15 prefixlen 15 - 32
+    198.51.100.0/24 prefixlen 24 - 32
+    203.0.113.0/24 prefixlen 24 - 32
+    224.0.0.0/3 prefixlen 3 - 32
+    100.64.0.0/10 prefixlen 10 - 32
+    ::/0
+    ::/8 prefixlen 8 - 128
+    64:ff9b::/96 prefixlen 96 - 128
+    100::/8 prefixlen 8 - 128
+    200::/7 prefixlen 7 - 128
+    400::/6 prefixlen 6 - 128
+    800::/5 prefixlen 5 - 128
+    1000::/4 prefixlen 4 - 128
+    2001::/33 prefixlen 33 - 128
+    2001:0:8000::/33 prefixlen 33 - 128
+    2001:2::/48 prefixlen 48 - 128
+    2001:3::/32 prefixlen 32 - 128
+    2001:10::/28 prefixlen 28 - 128
+    2001:20::/28 prefixlen 28 - 128
+    2001:db8::/32 prefixlen 32 - 128
+    2002::/16 prefixlen 16 - 128
+    3ffe::/16 prefixlen 16 - 128
+    4000::/3 prefixlen 3 - 128
+    5f00::/8 prefixlen 8 - 128
+    6000::/3 prefixlen 3 - 128
+    8000::/3 prefixlen 3 - 128
+    a000::/3 prefixlen 3 - 128
+    c000::/3 prefixlen 3 - 128
+    e000::/4 prefixlen 4 - 128
+    f000::/5 prefixlen 5 - 128
+    f800::/6 prefixlen 6 - 128
+    fc00::/7 prefixlen 7 - 128
+    fe80::/10 prefixlen 10 - 128
+    fec0::/10 prefixlen 10 - 128
+    ff00::/8 prefixlen 8 - 128
+
+}
+
+
+# =====================================================================================
+# Global rules.
+
+# This part of configuration is processed at the beginning of the filters.
+# The rules defined in this part are applied to all the clients, and not on a
+# client-by-client basis (see the 'match from group clients'), so only global policies
+# can be implemented here, that is no client-level configuration are allowed.
+
+
+
+# Scrub communities from inbound routes
+# reject_cause
+match from group clients set community delete 65520:*
+
+# reject_cause_map_6
+match from group clients set large-community delete 999:1101:7
+
+# rejected_route_announced_by
+match from group clients set ext-community delete rt 65520:*
+
+
+# Scrub internal communities from inbound routes
+match from group clients set {
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+# The main goal of this block is to enrich routes received from clients by attaching to them
+# internal informational communities which are used later by the rest of the filter rules.
+
+# Internal communities used for RFC1997 well-known communities handling
+
+# Transform NO_EXPORT into $INTCOMM_NO_EXPORT
+match from group clients community NO_EXPORT set { ext-community $INTCOMM_NO_EXPORT community delete NO_EXPORT }
+
+# Transform NO_ADVERTISE into $INTCOMM_NO_ADVERTISE
+match from group clients community NO_ADVERTISE set { ext-community $INTCOMM_NO_ADVERTISE community delete NO_ADVERTISE }
+
+
+
+
+
+
+
+
+
+# Set the 'rejected_route_announced_by' community for all the clients.
+# It will be removed later if the route is not invalid
+match from 192.0.2.11 set ext-community rt 65520:1
+
+match from 2001:db8:1:1::11 set ext-community rt 65520:1
+
+match from 192.0.2.21 set ext-community rt 65520:2
+
+match from 2001:db8:1:1::21 set ext-community rt 65520:2
+
+match from 192.0.2.31 set ext-community rt 65520:3
+
+match from 2001:db8:1:1::31 set ext-community rt 65520:3
+
+match from 192.0.2.41 set ext-community rt 65520:4
+
+match from 2001:db8:1:1::41 set ext-community rt 65520:4
+
+
+
+
+# AS_PATH: length
+# Reject inbound routes when 'from group clients max-as-len 32' - reject code: 1
+allow quick from group clients max-as-len 32 set {
+	localpref 1
+	community 65520:0
+	community 65520:1
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+# Prefix: only IPv6 Global Unicast space allowed
+match from group clients inet6 set community NO_ADVERTISE
+match from group clients prefix 2000::/3 or-longer set community delete NO_ADVERTISE
+# Reject inbound routes when 'from group clients community NO_ADVERTISE' - reject code: 10
+allow quick from group clients community NO_ADVERTISE set {
+	localpref 1
+	community 65520:0
+	community 65520:10
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# Prefix: bogon
+# Reject inbound routes when 'from group clients prefix-set bogons' - reject code: 2
+allow quick from group clients prefix-set bogons set {
+	localpref 1
+	community 65520:0
+	community 65520:2
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+
+# =====================================================================================
+# Per client rules.
+
+
+# ---------------------------------------------
+# client AS1_1, inbound
+
+
+
+# NEXT_HOP
+match from 192.0.2.11 set community NO_ADVERTISE
+match from 192.0.2.11 nexthop 192.0.2.11 set community delete NO_ADVERTISE
+# Reject inbound routes when 'from 192.0.2.11 community NO_ADVERTISE' - reject code: 5
+allow quick from 192.0.2.11 community NO_ADVERTISE set {
+	localpref 1
+	community 65520:0
+	community 65520:5
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: left-most ASN
+# Reject inbound routes when 'from 192.0.2.11 peer-as != 1' - reject code: 6
+# community from reject_cause_map
+allow quick from 192.0.2.11 peer-as != 1 set {
+	localpref 1
+	community 65520:0
+	community 65520:6
+	large-community 999:1101:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: invalid ASNs
+# Reject inbound routes when 'from 192.0.2.11 AS 23456' - reject code: 7
+allow quick from 192.0.2.11 AS 23456 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 192.0.2.11 AS 64496 - 131071' - reject code: 7
+allow quick from 192.0.2.11 AS 64496 - 131071 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 192.0.2.11 AS 4200000000 - 4294967295' - reject code: 7
+allow quick from 192.0.2.11 AS 4200000000 - 4294967295 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+
+
+
+
+
+
+
+
+
+# Prefix: length
+# Reject inbound routes when 'from 192.0.2.11 prefix 0.0.0.0/0 prefixlen 8 >< 24' - reject code: 13
+allow quick from 192.0.2.11 prefix 0.0.0.0/0 prefixlen 8 >< 24 set {
+	localpref 1
+	community 65520:0
+	community 65520:13
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+# Remove internal communities before accepting the route
+match from 192.0.2.11 set {
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+match from 192.0.2.11 set ext-community delete rt 65520:1
+
+
+
+allow quick from 192.0.2.11
+
+
+
+# ---------------------------------------------
+# client AS1_1, outbound
+
+deny quick to 192.0.2.11 community 65520:0
+
+
+
+# Blackhole request?
+# No blackhole filtering policy given
+deny quick to 192.0.2.11 community BLACKHOLE
+
+
+
+# NO_EXPORT and NO_ADVERTISE communities
+
+# BGP control communities
+allow to 192.0.2.11
+
+# do_not_announce_to_peer
+deny quick to 192.0.2.11 community 0:1
+
+
+# Add the $INTCOMM_PROCESS_PREPEND_COMMS ext community to signal that communities
+# for prepending can be processed. As soon as one prepending action is performed,
+# this internal community is removed, so that further actions are not processed.
+match to 192.0.2.11 set ext-community $INTCOMM_PROCESS_PREPEND_COMMS
+
+
+
+
+
+# ---------------------------------------------
+# client AS1_2, inbound
+
+
+
+# NEXT_HOP
+match from 2001:db8:1:1::11 set community NO_ADVERTISE
+match from 2001:db8:1:1::11 nexthop 2001:db8:1:1::11 set community delete NO_ADVERTISE
+# Reject inbound routes when 'from 2001:db8:1:1::11 community NO_ADVERTISE' - reject code: 5
+allow quick from 2001:db8:1:1::11 community NO_ADVERTISE set {
+	localpref 1
+	community 65520:0
+	community 65520:5
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: left-most ASN
+# Reject inbound routes when 'from 2001:db8:1:1::11 peer-as != 1' - reject code: 6
+# community from reject_cause_map
+allow quick from 2001:db8:1:1::11 peer-as != 1 set {
+	localpref 1
+	community 65520:0
+	community 65520:6
+	large-community 999:1101:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: invalid ASNs
+# Reject inbound routes when 'from 2001:db8:1:1::11 AS 23456' - reject code: 7
+allow quick from 2001:db8:1:1::11 AS 23456 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 2001:db8:1:1::11 AS 64496 - 131071' - reject code: 7
+allow quick from 2001:db8:1:1::11 AS 64496 - 131071 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 2001:db8:1:1::11 AS 4200000000 - 4294967295' - reject code: 7
+allow quick from 2001:db8:1:1::11 AS 4200000000 - 4294967295 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+
+
+
+
+
+
+
+
+
+# Prefix: length
+# Reject inbound routes when 'from 2001:db8:1:1::11 prefix ::/0 prefixlen 12 >< 48' - reject code: 13
+allow quick from 2001:db8:1:1::11 prefix ::/0 prefixlen 12 >< 48 set {
+	localpref 1
+	community 65520:0
+	community 65520:13
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+# Remove internal communities before accepting the route
+match from 2001:db8:1:1::11 set {
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+match from 2001:db8:1:1::11 set ext-community delete rt 65520:1
+
+
+
+allow quick from 2001:db8:1:1::11
+
+
+
+# ---------------------------------------------
+# client AS1_2, outbound
+
+deny quick to 2001:db8:1:1::11 community 65520:0
+
+
+
+# Blackhole request?
+# No blackhole filtering policy given
+deny quick to 2001:db8:1:1::11 community BLACKHOLE
+
+
+
+# NO_EXPORT and NO_ADVERTISE communities
+
+# BGP control communities
+allow to 2001:db8:1:1::11
+
+# do_not_announce_to_peer
+deny quick to 2001:db8:1:1::11 community 0:1
+
+
+# Add the $INTCOMM_PROCESS_PREPEND_COMMS ext community to signal that communities
+# for prepending can be processed. As soon as one prepending action is performed,
+# this internal community is removed, so that further actions are not processed.
+match to 2001:db8:1:1::11 set ext-community $INTCOMM_PROCESS_PREPEND_COMMS
+
+
+
+
+
+# ---------------------------------------------
+# client AS2_1, inbound
+
+
+
+# NEXT_HOP
+match from 192.0.2.21 set community NO_ADVERTISE
+match from 192.0.2.21 nexthop 192.0.2.21 set community delete NO_ADVERTISE
+# Reject inbound routes when 'from 192.0.2.21 community NO_ADVERTISE' - reject code: 5
+allow quick from 192.0.2.21 community NO_ADVERTISE set {
+	localpref 1
+	community 65520:0
+	community 65520:5
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: left-most ASN
+# Reject inbound routes when 'from 192.0.2.21 peer-as != 2' - reject code: 6
+# community from reject_cause_map
+allow quick from 192.0.2.21 peer-as != 2 set {
+	localpref 1
+	community 65520:0
+	community 65520:6
+	large-community 999:1101:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: invalid ASNs
+# Reject inbound routes when 'from 192.0.2.21 AS 23456' - reject code: 7
+allow quick from 192.0.2.21 AS 23456 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 192.0.2.21 AS 64496 - 131071' - reject code: 7
+allow quick from 192.0.2.21 AS 64496 - 131071 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 192.0.2.21 AS 4200000000 - 4294967295' - reject code: 7
+allow quick from 192.0.2.21 AS 4200000000 - 4294967295 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+
+
+
+
+
+
+
+
+
+# Prefix: length
+# Reject inbound routes when 'from 192.0.2.21 prefix 0.0.0.0/0 prefixlen 8 >< 24' - reject code: 13
+allow quick from 192.0.2.21 prefix 0.0.0.0/0 prefixlen 8 >< 24 set {
+	localpref 1
+	community 65520:0
+	community 65520:13
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+# Remove internal communities before accepting the route
+match from 192.0.2.21 set {
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+match from 192.0.2.21 set ext-community delete rt 65520:2
+
+
+
+allow quick from 192.0.2.21
+
+
+
+# ---------------------------------------------
+# client AS2_1, outbound
+
+deny quick to 192.0.2.21 community 65520:0
+
+
+
+# Blackhole request?
+# No blackhole filtering policy given
+deny quick to 192.0.2.21 community BLACKHOLE
+
+
+
+# NO_EXPORT and NO_ADVERTISE communities
+
+# BGP control communities
+allow to 192.0.2.21
+
+# do_not_announce_to_peer
+deny quick to 192.0.2.21 community 0:2
+
+
+# Add the $INTCOMM_PROCESS_PREPEND_COMMS ext community to signal that communities
+# for prepending can be processed. As soon as one prepending action is performed,
+# this internal community is removed, so that further actions are not processed.
+match to 192.0.2.21 set ext-community $INTCOMM_PROCESS_PREPEND_COMMS
+
+
+
+
+
+# ---------------------------------------------
+# client AS2_2, inbound
+
+
+
+# NEXT_HOP
+match from 2001:db8:1:1::21 set community NO_ADVERTISE
+match from 2001:db8:1:1::21 nexthop 2001:db8:1:1::21 set community delete NO_ADVERTISE
+# Reject inbound routes when 'from 2001:db8:1:1::21 community NO_ADVERTISE' - reject code: 5
+allow quick from 2001:db8:1:1::21 community NO_ADVERTISE set {
+	localpref 1
+	community 65520:0
+	community 65520:5
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: left-most ASN
+# Reject inbound routes when 'from 2001:db8:1:1::21 peer-as != 2' - reject code: 6
+# community from reject_cause_map
+allow quick from 2001:db8:1:1::21 peer-as != 2 set {
+	localpref 1
+	community 65520:0
+	community 65520:6
+	large-community 999:1101:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: invalid ASNs
+# Reject inbound routes when 'from 2001:db8:1:1::21 AS 23456' - reject code: 7
+allow quick from 2001:db8:1:1::21 AS 23456 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 2001:db8:1:1::21 AS 64496 - 131071' - reject code: 7
+allow quick from 2001:db8:1:1::21 AS 64496 - 131071 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 2001:db8:1:1::21 AS 4200000000 - 4294967295' - reject code: 7
+allow quick from 2001:db8:1:1::21 AS 4200000000 - 4294967295 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+
+
+
+
+
+
+
+
+
+# Prefix: length
+# Reject inbound routes when 'from 2001:db8:1:1::21 prefix ::/0 prefixlen 12 >< 48' - reject code: 13
+allow quick from 2001:db8:1:1::21 prefix ::/0 prefixlen 12 >< 48 set {
+	localpref 1
+	community 65520:0
+	community 65520:13
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+# Remove internal communities before accepting the route
+match from 2001:db8:1:1::21 set {
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+match from 2001:db8:1:1::21 set ext-community delete rt 65520:2
+
+
+
+allow quick from 2001:db8:1:1::21
+
+
+
+# ---------------------------------------------
+# client AS2_2, outbound
+
+deny quick to 2001:db8:1:1::21 community 65520:0
+
+
+
+# Blackhole request?
+# No blackhole filtering policy given
+deny quick to 2001:db8:1:1::21 community BLACKHOLE
+
+
+
+# NO_EXPORT and NO_ADVERTISE communities
+
+# BGP control communities
+allow to 2001:db8:1:1::21
+
+# do_not_announce_to_peer
+deny quick to 2001:db8:1:1::21 community 0:2
+
+
+# Add the $INTCOMM_PROCESS_PREPEND_COMMS ext community to signal that communities
+# for prepending can be processed. As soon as one prepending action is performed,
+# this internal community is removed, so that further actions are not processed.
+match to 2001:db8:1:1::21 set ext-community $INTCOMM_PROCESS_PREPEND_COMMS
+
+
+
+
+
+# ---------------------------------------------
+# client AS3_1, inbound
+
+
+
+# NEXT_HOP
+match from 192.0.2.31 set community NO_ADVERTISE
+match from 192.0.2.31 nexthop 192.0.2.31 set community delete NO_ADVERTISE
+# Reject inbound routes when 'from 192.0.2.31 community NO_ADVERTISE' - reject code: 5
+allow quick from 192.0.2.31 community NO_ADVERTISE set {
+	localpref 1
+	community 65520:0
+	community 65520:5
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: left-most ASN
+# Reject inbound routes when 'from 192.0.2.31 peer-as != 3' - reject code: 6
+# community from reject_cause_map
+allow quick from 192.0.2.31 peer-as != 3 set {
+	localpref 1
+	community 65520:0
+	community 65520:6
+	large-community 999:1101:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: invalid ASNs
+# Reject inbound routes when 'from 192.0.2.31 AS 23456' - reject code: 7
+allow quick from 192.0.2.31 AS 23456 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 192.0.2.31 AS 64496 - 131071' - reject code: 7
+allow quick from 192.0.2.31 AS 64496 - 131071 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 192.0.2.31 AS 4200000000 - 4294967295' - reject code: 7
+allow quick from 192.0.2.31 AS 4200000000 - 4294967295 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+
+
+
+
+
+
+
+
+
+# Prefix: length
+# Reject inbound routes when 'from 192.0.2.31 prefix 0.0.0.0/0 prefixlen 8 >< 24' - reject code: 13
+allow quick from 192.0.2.31 prefix 0.0.0.0/0 prefixlen 8 >< 24 set {
+	localpref 1
+	community 65520:0
+	community 65520:13
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+# Remove internal communities before accepting the route
+match from 192.0.2.31 set {
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+match from 192.0.2.31 set ext-community delete rt 65520:3
+
+
+
+allow quick from 192.0.2.31
+
+
+
+# ---------------------------------------------
+# client AS3_1, outbound
+
+deny quick to 192.0.2.31 community 65520:0
+
+
+
+# Blackhole request?
+# No blackhole filtering policy given
+deny quick to 192.0.2.31 community BLACKHOLE
+
+
+
+# NO_EXPORT and NO_ADVERTISE communities
+
+# BGP control communities
+allow to 192.0.2.31
+
+# do_not_announce_to_peer
+deny quick to 192.0.2.31 community 0:3
+
+
+# Add the $INTCOMM_PROCESS_PREPEND_COMMS ext community to signal that communities
+# for prepending can be processed. As soon as one prepending action is performed,
+# this internal community is removed, so that further actions are not processed.
+match to 192.0.2.31 set ext-community $INTCOMM_PROCESS_PREPEND_COMMS
+
+
+
+
+
+# ---------------------------------------------
+# client AS3_2, inbound
+
+
+
+# NEXT_HOP
+match from 2001:db8:1:1::31 set community NO_ADVERTISE
+match from 2001:db8:1:1::31 nexthop 2001:db8:1:1::31 set community delete NO_ADVERTISE
+# Reject inbound routes when 'from 2001:db8:1:1::31 community NO_ADVERTISE' - reject code: 5
+allow quick from 2001:db8:1:1::31 community NO_ADVERTISE set {
+	localpref 1
+	community 65520:0
+	community 65520:5
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: left-most ASN
+# Reject inbound routes when 'from 2001:db8:1:1::31 peer-as != 3' - reject code: 6
+# community from reject_cause_map
+allow quick from 2001:db8:1:1::31 peer-as != 3 set {
+	localpref 1
+	community 65520:0
+	community 65520:6
+	large-community 999:1101:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: invalid ASNs
+# Reject inbound routes when 'from 2001:db8:1:1::31 AS 23456' - reject code: 7
+allow quick from 2001:db8:1:1::31 AS 23456 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 2001:db8:1:1::31 AS 64496 - 131071' - reject code: 7
+allow quick from 2001:db8:1:1::31 AS 64496 - 131071 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 2001:db8:1:1::31 AS 4200000000 - 4294967295' - reject code: 7
+allow quick from 2001:db8:1:1::31 AS 4200000000 - 4294967295 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+
+
+
+
+
+
+
+
+
+# Prefix: length
+# Reject inbound routes when 'from 2001:db8:1:1::31 prefix ::/0 prefixlen 12 >< 48' - reject code: 13
+allow quick from 2001:db8:1:1::31 prefix ::/0 prefixlen 12 >< 48 set {
+	localpref 1
+	community 65520:0
+	community 65520:13
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+# Remove internal communities before accepting the route
+match from 2001:db8:1:1::31 set {
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+match from 2001:db8:1:1::31 set ext-community delete rt 65520:3
+
+
+
+allow quick from 2001:db8:1:1::31
+
+
+
+# ---------------------------------------------
+# client AS3_2, outbound
+
+deny quick to 2001:db8:1:1::31 community 65520:0
+
+
+
+# Blackhole request?
+# No blackhole filtering policy given
+deny quick to 2001:db8:1:1::31 community BLACKHOLE
+
+
+
+# NO_EXPORT and NO_ADVERTISE communities
+
+# BGP control communities
+allow to 2001:db8:1:1::31
+
+# do_not_announce_to_peer
+deny quick to 2001:db8:1:1::31 community 0:3
+
+
+# Add the $INTCOMM_PROCESS_PREPEND_COMMS ext community to signal that communities
+# for prepending can be processed. As soon as one prepending action is performed,
+# this internal community is removed, so that further actions are not processed.
+match to 2001:db8:1:1::31 set ext-community $INTCOMM_PROCESS_PREPEND_COMMS
+
+
+
+
+
+# ---------------------------------------------
+# client AS4_1, inbound
+
+
+
+# NEXT_HOP
+match from 192.0.2.41 set community NO_ADVERTISE
+match from 192.0.2.41 nexthop 192.0.2.41 set community delete NO_ADVERTISE
+# Reject inbound routes when 'from 192.0.2.41 community NO_ADVERTISE' - reject code: 5
+allow quick from 192.0.2.41 community NO_ADVERTISE set {
+	localpref 1
+	community 65520:0
+	community 65520:5
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: left-most ASN
+# Reject inbound routes when 'from 192.0.2.41 peer-as != 4' - reject code: 6
+# community from reject_cause_map
+allow quick from 192.0.2.41 peer-as != 4 set {
+	localpref 1
+	community 65520:0
+	community 65520:6
+	large-community 999:1101:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: invalid ASNs
+# Reject inbound routes when 'from 192.0.2.41 AS 23456' - reject code: 7
+allow quick from 192.0.2.41 AS 23456 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 192.0.2.41 AS 64496 - 131071' - reject code: 7
+allow quick from 192.0.2.41 AS 64496 - 131071 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 192.0.2.41 AS 4200000000 - 4294967295' - reject code: 7
+allow quick from 192.0.2.41 AS 4200000000 - 4294967295 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+
+
+
+
+
+
+
+
+
+# Prefix: length
+# Reject inbound routes when 'from 192.0.2.41 prefix 0.0.0.0/0 prefixlen 8 >< 24' - reject code: 13
+allow quick from 192.0.2.41 prefix 0.0.0.0/0 prefixlen 8 >< 24 set {
+	localpref 1
+	community 65520:0
+	community 65520:13
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+# Remove internal communities before accepting the route
+match from 192.0.2.41 set {
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+match from 192.0.2.41 set ext-community delete rt 65520:4
+
+
+
+allow quick from 192.0.2.41
+
+
+
+# ---------------------------------------------
+# client AS4_1, outbound
+
+deny quick to 192.0.2.41 community 65520:0
+
+
+
+# Blackhole request?
+# No blackhole filtering policy given
+deny quick to 192.0.2.41 community BLACKHOLE
+
+
+
+# NO_EXPORT and NO_ADVERTISE communities
+
+# BGP control communities
+allow to 192.0.2.41
+
+# do_not_announce_to_peer
+deny quick to 192.0.2.41 community 0:4
+
+
+# Add the $INTCOMM_PROCESS_PREPEND_COMMS ext community to signal that communities
+# for prepending can be processed. As soon as one prepending action is performed,
+# this internal community is removed, so that further actions are not processed.
+match to 192.0.2.41 set ext-community $INTCOMM_PROCESS_PREPEND_COMMS
+
+
+
+
+
+# ---------------------------------------------
+# client AS4_2, inbound
+
+
+
+# NEXT_HOP
+match from 2001:db8:1:1::41 set community NO_ADVERTISE
+match from 2001:db8:1:1::41 nexthop 2001:db8:1:1::41 set community delete NO_ADVERTISE
+# Reject inbound routes when 'from 2001:db8:1:1::41 community NO_ADVERTISE' - reject code: 5
+allow quick from 2001:db8:1:1::41 community NO_ADVERTISE set {
+	localpref 1
+	community 65520:0
+	community 65520:5
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: left-most ASN
+# Reject inbound routes when 'from 2001:db8:1:1::41 peer-as != 4' - reject code: 6
+# community from reject_cause_map
+allow quick from 2001:db8:1:1::41 peer-as != 4 set {
+	localpref 1
+	community 65520:0
+	community 65520:6
+	large-community 999:1101:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: invalid ASNs
+# Reject inbound routes when 'from 2001:db8:1:1::41 AS 23456' - reject code: 7
+allow quick from 2001:db8:1:1::41 AS 23456 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 2001:db8:1:1::41 AS 64496 - 131071' - reject code: 7
+allow quick from 2001:db8:1:1::41 AS 64496 - 131071 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 2001:db8:1:1::41 AS 4200000000 - 4294967295' - reject code: 7
+allow quick from 2001:db8:1:1::41 AS 4200000000 - 4294967295 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+
+
+
+
+
+
+
+
+
+# Prefix: length
+# Reject inbound routes when 'from 2001:db8:1:1::41 prefix ::/0 prefixlen 12 >< 48' - reject code: 13
+allow quick from 2001:db8:1:1::41 prefix ::/0 prefixlen 12 >< 48 set {
+	localpref 1
+	community 65520:0
+	community 65520:13
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+# Remove internal communities before accepting the route
+match from 2001:db8:1:1::41 set {
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+match from 2001:db8:1:1::41 set ext-community delete rt 65520:4
+
+
+
+allow quick from 2001:db8:1:1::41
+
+
+
+# ---------------------------------------------
+# client AS4_2, outbound
+
+deny quick to 2001:db8:1:1::41 community 65520:0
+
+
+
+# Blackhole request?
+# No blackhole filtering policy given
+deny quick to 2001:db8:1:1::41 community BLACKHOLE
+
+
+
+# NO_EXPORT and NO_ADVERTISE communities
+
+# BGP control communities
+allow to 2001:db8:1:1::41
+
+# do_not_announce_to_peer
+deny quick to 2001:db8:1:1::41 community 0:4
+
+
+# Add the $INTCOMM_PROCESS_PREPEND_COMMS ext community to signal that communities
+# for prepending can be processed. As soon as one prepending action is performed,
+# this internal community is removed, so that further actions are not processed.
+match to 2001:db8:1:1::41 set ext-community $INTCOMM_PROCESS_PREPEND_COMMS
+
+
+
+
+
+
+
+# Scrub communities from outbound routes
+# do_not_announce_to_peer
+match to group clients set community delete 0:*
+
+# reject_cause
+match to group clients set community delete 65520:*
+
+# reject_cause_map_6
+match to group clients set large-community delete 999:1101:7
+
+# rejected_route_announced_by
+match to group clients set ext-community delete rt 65520:*
+
+
+# Scrub prepending communities
+
+
+# RFC1997 NO_EXPORT/NO_ADVERTISE received from clients and propagated because of pass-through policy
+match to group clients ext-community $INTCOMM_NO_EXPORT set community NO_EXPORT
+match to group clients ext-community $INTCOMM_NO_ADVERTISE set community NO_ADVERTISE
+
+# Remove internal communities before announcing the route
+match to group clients set {
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
diff --git a/tests/live_tests/scenarios/path_hiding/configs/PathHidingScenario_MitigationOn_OpenBGPDIPv6/openbgpd77p.conf b/tests/live_tests/scenarios/path_hiding/configs/PathHidingScenario_MitigationOn_OpenBGPDIPv6/openbgpd77p.conf
new file mode 100644
index 00000000..7edb7c56
--- /dev/null
+++ b/tests/live_tests/scenarios/path_hiding/configs/PathHidingScenario_MitigationOn_OpenBGPDIPv6/openbgpd77p.conf
@@ -0,0 +1,2290 @@
+# built by ARouteServer
+AS 999
+router-id 192.0.2.2
+
+fib-update no
+log updates
+
+nexthop qualify via default
+
+rde evaluate all
+
+INTCOMM_PREF_OK_ROA="soo 65535:1"
+INTCOMM_ROUTE_OK_WL="soo 65535:2"
+INTCOMM_PREF_OK_ARINDB="soo 65535:3"
+INTCOMM_PREF_OK_REGISTROBRDB="soo 65535:12"
+
+INTCOMM_ORIGIN_OK="soo 65535:4"
+INTCOMM_ORIGIN_KO="soo 65535:5"
+INTCOMM_PREFIX_OK="soo 65535:6"
+INTCOMM_PREFIX_KO="soo 65535:7"
+INTCOMM_IRR_REJECT="soo 65535:8"
+
+INTCOMM_RPKI_UNKNOWN="soo 65535:9"
+INTCOMM_RPKI_INVALID="soo 65535:10"
+INTCOMM_RPKI_VALID="soo 65535:11"
+
+INTCOMM_PROCESS_PREPEND_COMMS="soo 65535:13"
+
+INTCOMM_NO_EXPORT="soo 65535:65281"
+INTCOMM_NO_ADVERTISE="soo 65535:65282"
+
+# ---------------------------------------------------------
+# IRRDB
+
+
+
+
+# ---------------------------------------------------------
+# MEMBERS
+
+group "clients" {
+
+	neighbor 192.0.2.11 {
+		remote-as 1
+
+		rde evaluate all
+
+		passive
+		ttl-security no
+		transparent-as yes
+		enforce neighbor-as no
+
+		announce as-4byte yes
+		announce IPv6 none
+		announce IPv4 unicast
+		announce add-path send best plus 5
+
+		set nexthop no-modify
+	}
+
+	neighbor 2001:db8:1:1::11 {
+		remote-as 1
+
+		rde evaluate all
+
+		passive
+		ttl-security no
+		transparent-as yes
+		enforce neighbor-as no
+
+		announce as-4byte yes
+		announce IPv6 unicast
+		announce IPv4 none
+		announce add-path send best plus 5
+
+		set nexthop no-modify
+	}
+
+	neighbor 192.0.2.21 {
+		remote-as 2
+
+		rde evaluate all
+
+		passive
+		ttl-security no
+		transparent-as yes
+		enforce neighbor-as no
+
+		announce as-4byte yes
+		announce IPv6 none
+		announce IPv4 unicast
+		announce add-path send best plus 5
+
+		set nexthop no-modify
+	}
+
+	neighbor 2001:db8:1:1::21 {
+		remote-as 2
+
+		rde evaluate all
+
+		passive
+		ttl-security no
+		transparent-as yes
+		enforce neighbor-as no
+
+		announce as-4byte yes
+		announce IPv6 unicast
+		announce IPv4 none
+		announce add-path send best plus 5
+
+		set nexthop no-modify
+	}
+
+	neighbor 192.0.2.31 {
+		remote-as 3
+
+		rde evaluate all
+
+		passive
+		ttl-security no
+		transparent-as yes
+		enforce neighbor-as no
+
+		announce as-4byte yes
+		announce IPv6 none
+		announce IPv4 unicast
+		announce add-path send best plus 5
+
+		set nexthop no-modify
+	}
+
+	neighbor 2001:db8:1:1::31 {
+		remote-as 3
+
+		rde evaluate all
+
+		passive
+		ttl-security no
+		transparent-as yes
+		enforce neighbor-as no
+
+		announce as-4byte yes
+		announce IPv6 unicast
+		announce IPv4 none
+		announce add-path send best plus 5
+
+		set nexthop no-modify
+	}
+
+	neighbor 192.0.2.41 {
+		remote-as 4
+
+		rde evaluate all
+
+		passive
+		ttl-security no
+		transparent-as yes
+		enforce neighbor-as no
+
+		announce as-4byte yes
+		announce IPv6 none
+		announce IPv4 unicast
+		announce add-path send best plus 5
+
+		set nexthop no-modify
+	}
+
+	neighbor 2001:db8:1:1::41 {
+		remote-as 4
+
+		rde evaluate all
+
+		passive
+		ttl-security no
+		transparent-as yes
+		enforce neighbor-as no
+
+		announce as-4byte yes
+		announce IPv6 unicast
+		announce IPv4 none
+		announce add-path send best plus 5
+
+		set nexthop no-modify
+	}
+}
+
+
+
+# ---------------------------------------------------------
+# FILTERS
+
+# NO_ADVERTISE usage notes.
+# The NO_ADVERTISE well-know community is used here to handle
+# filters that span over multiple steps. At first it is added
+# to any route, then it is removed as filters conditions are
+# satisfied. Finally, if it is still present, it means that
+# the route should be discarded.
+
+
+
+
+
+prefix-set "bogons" {
+    0.0.0.0/0
+    0.0.0.0/8 prefixlen 8 - 32
+    10.0.0.0/8 prefixlen 8 - 32
+    127.0.0.0/8 prefixlen 8 - 32
+    169.254.0.0/16 prefixlen 16 - 32
+    172.16.0.0/12 prefixlen 12 - 32
+    192.0.2.0/24 prefixlen 24 - 32
+    192.88.99.0/24 prefixlen 24 - 32
+    192.168.0.0/16 prefixlen 16 - 32
+    198.18.0.0/15 prefixlen 15 - 32
+    198.51.100.0/24 prefixlen 24 - 32
+    203.0.113.0/24 prefixlen 24 - 32
+    224.0.0.0/3 prefixlen 3 - 32
+    100.64.0.0/10 prefixlen 10 - 32
+    ::/0
+    ::/8 prefixlen 8 - 128
+    64:ff9b::/96 prefixlen 96 - 128
+    100::/8 prefixlen 8 - 128
+    200::/7 prefixlen 7 - 128
+    400::/6 prefixlen 6 - 128
+    800::/5 prefixlen 5 - 128
+    1000::/4 prefixlen 4 - 128
+    2001::/33 prefixlen 33 - 128
+    2001:0:8000::/33 prefixlen 33 - 128
+    2001:2::/48 prefixlen 48 - 128
+    2001:3::/32 prefixlen 32 - 128
+    2001:10::/28 prefixlen 28 - 128
+    2001:20::/28 prefixlen 28 - 128
+    2001:db8::/32 prefixlen 32 - 128
+    2002::/16 prefixlen 16 - 128
+    3ffe::/16 prefixlen 16 - 128
+    4000::/3 prefixlen 3 - 128
+    5f00::/8 prefixlen 8 - 128
+    6000::/3 prefixlen 3 - 128
+    8000::/3 prefixlen 3 - 128
+    a000::/3 prefixlen 3 - 128
+    c000::/3 prefixlen 3 - 128
+    e000::/4 prefixlen 4 - 128
+    f000::/5 prefixlen 5 - 128
+    f800::/6 prefixlen 6 - 128
+    fc00::/7 prefixlen 7 - 128
+    fe80::/10 prefixlen 10 - 128
+    fec0::/10 prefixlen 10 - 128
+    ff00::/8 prefixlen 8 - 128
+
+}
+
+
+# =====================================================================================
+# Global rules.
+
+# This part of configuration is processed at the beginning of the filters.
+# The rules defined in this part are applied to all the clients, and not on a
+# client-by-client basis (see the 'match from group clients'), so only global policies
+# can be implemented here, that is no client-level configuration are allowed.
+
+
+
+# Scrub communities from inbound routes
+# reject_cause
+match from group clients set community delete 65520:*
+
+# reject_cause_map_6
+match from group clients set large-community delete 999:1101:7
+
+# rejected_route_announced_by
+match from group clients set ext-community delete rt 65520:*
+
+
+# Scrub internal communities from inbound routes
+match from group clients set {
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+# The main goal of this block is to enrich routes received from clients by attaching to them
+# internal informational communities which are used later by the rest of the filter rules.
+
+# Internal communities used for RFC1997 well-known communities handling
+
+# Transform NO_EXPORT into $INTCOMM_NO_EXPORT
+match from group clients community NO_EXPORT set { ext-community $INTCOMM_NO_EXPORT community delete NO_EXPORT }
+
+# Transform NO_ADVERTISE into $INTCOMM_NO_ADVERTISE
+match from group clients community NO_ADVERTISE set { ext-community $INTCOMM_NO_ADVERTISE community delete NO_ADVERTISE }
+
+
+
+
+
+
+
+
+
+# Set the 'rejected_route_announced_by' community for all the clients.
+# It will be removed later if the route is not invalid
+match from 192.0.2.11 set ext-community rt 65520:1
+
+match from 2001:db8:1:1::11 set ext-community rt 65520:1
+
+match from 192.0.2.21 set ext-community rt 65520:2
+
+match from 2001:db8:1:1::21 set ext-community rt 65520:2
+
+match from 192.0.2.31 set ext-community rt 65520:3
+
+match from 2001:db8:1:1::31 set ext-community rt 65520:3
+
+match from 192.0.2.41 set ext-community rt 65520:4
+
+match from 2001:db8:1:1::41 set ext-community rt 65520:4
+
+
+
+
+# AS_PATH: length
+# Reject inbound routes when 'from group clients max-as-len 32' - reject code: 1
+allow quick from group clients max-as-len 32 set {
+	localpref 1
+	community 65520:0
+	community 65520:1
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+# Prefix: only IPv6 Global Unicast space allowed
+match from group clients inet6 set community NO_ADVERTISE
+match from group clients prefix 2000::/3 or-longer set community delete NO_ADVERTISE
+# Reject inbound routes when 'from group clients community NO_ADVERTISE' - reject code: 10
+allow quick from group clients community NO_ADVERTISE set {
+	localpref 1
+	community 65520:0
+	community 65520:10
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# Prefix: bogon
+# Reject inbound routes when 'from group clients prefix-set bogons' - reject code: 2
+allow quick from group clients prefix-set bogons set {
+	localpref 1
+	community 65520:0
+	community 65520:2
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+
+# =====================================================================================
+# Per client rules.
+
+
+# ---------------------------------------------
+# client AS1_1, inbound
+
+
+
+# NEXT_HOP
+match from 192.0.2.11 set community NO_ADVERTISE
+match from 192.0.2.11 nexthop 192.0.2.11 set community delete NO_ADVERTISE
+# Reject inbound routes when 'from 192.0.2.11 community NO_ADVERTISE' - reject code: 5
+allow quick from 192.0.2.11 community NO_ADVERTISE set {
+	localpref 1
+	community 65520:0
+	community 65520:5
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: left-most ASN
+# Reject inbound routes when 'from 192.0.2.11 peer-as != 1' - reject code: 6
+# community from reject_cause_map
+allow quick from 192.0.2.11 peer-as != 1 set {
+	localpref 1
+	community 65520:0
+	community 65520:6
+	large-community 999:1101:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: invalid ASNs
+# Reject inbound routes when 'from 192.0.2.11 AS 23456' - reject code: 7
+allow quick from 192.0.2.11 AS 23456 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 192.0.2.11 AS 64496 - 131071' - reject code: 7
+allow quick from 192.0.2.11 AS 64496 - 131071 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 192.0.2.11 AS 4200000000 - 4294967295' - reject code: 7
+allow quick from 192.0.2.11 AS 4200000000 - 4294967295 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+
+
+
+
+
+
+
+
+
+# Prefix: length
+# Reject inbound routes when 'from 192.0.2.11 prefix 0.0.0.0/0 prefixlen 8 >< 24' - reject code: 13
+allow quick from 192.0.2.11 prefix 0.0.0.0/0 prefixlen 8 >< 24 set {
+	localpref 1
+	community 65520:0
+	community 65520:13
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+# Remove internal communities before accepting the route
+match from 192.0.2.11 set {
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+match from 192.0.2.11 set ext-community delete rt 65520:1
+
+
+
+allow quick from 192.0.2.11
+
+
+
+# ---------------------------------------------
+# client AS1_1, outbound
+
+deny quick to 192.0.2.11 community 65520:0
+
+
+
+# Blackhole request?
+# No blackhole filtering policy given
+deny quick to 192.0.2.11 community BLACKHOLE
+
+
+
+# NO_EXPORT and NO_ADVERTISE communities
+
+# BGP control communities
+allow to 192.0.2.11
+
+# do_not_announce_to_peer
+deny quick to 192.0.2.11 community 0:1
+
+
+# Add the $INTCOMM_PROCESS_PREPEND_COMMS ext community to signal that communities
+# for prepending can be processed. As soon as one prepending action is performed,
+# this internal community is removed, so that further actions are not processed.
+match to 192.0.2.11 set ext-community $INTCOMM_PROCESS_PREPEND_COMMS
+
+
+
+
+
+# ---------------------------------------------
+# client AS1_2, inbound
+
+
+
+# NEXT_HOP
+match from 2001:db8:1:1::11 set community NO_ADVERTISE
+match from 2001:db8:1:1::11 nexthop 2001:db8:1:1::11 set community delete NO_ADVERTISE
+# Reject inbound routes when 'from 2001:db8:1:1::11 community NO_ADVERTISE' - reject code: 5
+allow quick from 2001:db8:1:1::11 community NO_ADVERTISE set {
+	localpref 1
+	community 65520:0
+	community 65520:5
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: left-most ASN
+# Reject inbound routes when 'from 2001:db8:1:1::11 peer-as != 1' - reject code: 6
+# community from reject_cause_map
+allow quick from 2001:db8:1:1::11 peer-as != 1 set {
+	localpref 1
+	community 65520:0
+	community 65520:6
+	large-community 999:1101:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: invalid ASNs
+# Reject inbound routes when 'from 2001:db8:1:1::11 AS 23456' - reject code: 7
+allow quick from 2001:db8:1:1::11 AS 23456 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 2001:db8:1:1::11 AS 64496 - 131071' - reject code: 7
+allow quick from 2001:db8:1:1::11 AS 64496 - 131071 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 2001:db8:1:1::11 AS 4200000000 - 4294967295' - reject code: 7
+allow quick from 2001:db8:1:1::11 AS 4200000000 - 4294967295 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+
+
+
+
+
+
+
+
+
+# Prefix: length
+# Reject inbound routes when 'from 2001:db8:1:1::11 prefix ::/0 prefixlen 12 >< 48' - reject code: 13
+allow quick from 2001:db8:1:1::11 prefix ::/0 prefixlen 12 >< 48 set {
+	localpref 1
+	community 65520:0
+	community 65520:13
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+# Remove internal communities before accepting the route
+match from 2001:db8:1:1::11 set {
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+match from 2001:db8:1:1::11 set ext-community delete rt 65520:1
+
+
+
+allow quick from 2001:db8:1:1::11
+
+
+
+# ---------------------------------------------
+# client AS1_2, outbound
+
+deny quick to 2001:db8:1:1::11 community 65520:0
+
+
+
+# Blackhole request?
+# No blackhole filtering policy given
+deny quick to 2001:db8:1:1::11 community BLACKHOLE
+
+
+
+# NO_EXPORT and NO_ADVERTISE communities
+
+# BGP control communities
+allow to 2001:db8:1:1::11
+
+# do_not_announce_to_peer
+deny quick to 2001:db8:1:1::11 community 0:1
+
+
+# Add the $INTCOMM_PROCESS_PREPEND_COMMS ext community to signal that communities
+# for prepending can be processed. As soon as one prepending action is performed,
+# this internal community is removed, so that further actions are not processed.
+match to 2001:db8:1:1::11 set ext-community $INTCOMM_PROCESS_PREPEND_COMMS
+
+
+
+
+
+# ---------------------------------------------
+# client AS2_1, inbound
+
+
+
+# NEXT_HOP
+match from 192.0.2.21 set community NO_ADVERTISE
+match from 192.0.2.21 nexthop 192.0.2.21 set community delete NO_ADVERTISE
+# Reject inbound routes when 'from 192.0.2.21 community NO_ADVERTISE' - reject code: 5
+allow quick from 192.0.2.21 community NO_ADVERTISE set {
+	localpref 1
+	community 65520:0
+	community 65520:5
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: left-most ASN
+# Reject inbound routes when 'from 192.0.2.21 peer-as != 2' - reject code: 6
+# community from reject_cause_map
+allow quick from 192.0.2.21 peer-as != 2 set {
+	localpref 1
+	community 65520:0
+	community 65520:6
+	large-community 999:1101:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: invalid ASNs
+# Reject inbound routes when 'from 192.0.2.21 AS 23456' - reject code: 7
+allow quick from 192.0.2.21 AS 23456 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 192.0.2.21 AS 64496 - 131071' - reject code: 7
+allow quick from 192.0.2.21 AS 64496 - 131071 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 192.0.2.21 AS 4200000000 - 4294967295' - reject code: 7
+allow quick from 192.0.2.21 AS 4200000000 - 4294967295 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+
+
+
+
+
+
+
+
+
+# Prefix: length
+# Reject inbound routes when 'from 192.0.2.21 prefix 0.0.0.0/0 prefixlen 8 >< 24' - reject code: 13
+allow quick from 192.0.2.21 prefix 0.0.0.0/0 prefixlen 8 >< 24 set {
+	localpref 1
+	community 65520:0
+	community 65520:13
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+# Remove internal communities before accepting the route
+match from 192.0.2.21 set {
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+match from 192.0.2.21 set ext-community delete rt 65520:2
+
+
+
+allow quick from 192.0.2.21
+
+
+
+# ---------------------------------------------
+# client AS2_1, outbound
+
+deny quick to 192.0.2.21 community 65520:0
+
+
+
+# Blackhole request?
+# No blackhole filtering policy given
+deny quick to 192.0.2.21 community BLACKHOLE
+
+
+
+# NO_EXPORT and NO_ADVERTISE communities
+
+# BGP control communities
+allow to 192.0.2.21
+
+# do_not_announce_to_peer
+deny quick to 192.0.2.21 community 0:2
+
+
+# Add the $INTCOMM_PROCESS_PREPEND_COMMS ext community to signal that communities
+# for prepending can be processed. As soon as one prepending action is performed,
+# this internal community is removed, so that further actions are not processed.
+match to 192.0.2.21 set ext-community $INTCOMM_PROCESS_PREPEND_COMMS
+
+
+
+
+
+# ---------------------------------------------
+# client AS2_2, inbound
+
+
+
+# NEXT_HOP
+match from 2001:db8:1:1::21 set community NO_ADVERTISE
+match from 2001:db8:1:1::21 nexthop 2001:db8:1:1::21 set community delete NO_ADVERTISE
+# Reject inbound routes when 'from 2001:db8:1:1::21 community NO_ADVERTISE' - reject code: 5
+allow quick from 2001:db8:1:1::21 community NO_ADVERTISE set {
+	localpref 1
+	community 65520:0
+	community 65520:5
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: left-most ASN
+# Reject inbound routes when 'from 2001:db8:1:1::21 peer-as != 2' - reject code: 6
+# community from reject_cause_map
+allow quick from 2001:db8:1:1::21 peer-as != 2 set {
+	localpref 1
+	community 65520:0
+	community 65520:6
+	large-community 999:1101:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: invalid ASNs
+# Reject inbound routes when 'from 2001:db8:1:1::21 AS 23456' - reject code: 7
+allow quick from 2001:db8:1:1::21 AS 23456 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 2001:db8:1:1::21 AS 64496 - 131071' - reject code: 7
+allow quick from 2001:db8:1:1::21 AS 64496 - 131071 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 2001:db8:1:1::21 AS 4200000000 - 4294967295' - reject code: 7
+allow quick from 2001:db8:1:1::21 AS 4200000000 - 4294967295 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+
+
+
+
+
+
+
+
+
+# Prefix: length
+# Reject inbound routes when 'from 2001:db8:1:1::21 prefix ::/0 prefixlen 12 >< 48' - reject code: 13
+allow quick from 2001:db8:1:1::21 prefix ::/0 prefixlen 12 >< 48 set {
+	localpref 1
+	community 65520:0
+	community 65520:13
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+# Remove internal communities before accepting the route
+match from 2001:db8:1:1::21 set {
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+match from 2001:db8:1:1::21 set ext-community delete rt 65520:2
+
+
+
+allow quick from 2001:db8:1:1::21
+
+
+
+# ---------------------------------------------
+# client AS2_2, outbound
+
+deny quick to 2001:db8:1:1::21 community 65520:0
+
+
+
+# Blackhole request?
+# No blackhole filtering policy given
+deny quick to 2001:db8:1:1::21 community BLACKHOLE
+
+
+
+# NO_EXPORT and NO_ADVERTISE communities
+
+# BGP control communities
+allow to 2001:db8:1:1::21
+
+# do_not_announce_to_peer
+deny quick to 2001:db8:1:1::21 community 0:2
+
+
+# Add the $INTCOMM_PROCESS_PREPEND_COMMS ext community to signal that communities
+# for prepending can be processed. As soon as one prepending action is performed,
+# this internal community is removed, so that further actions are not processed.
+match to 2001:db8:1:1::21 set ext-community $INTCOMM_PROCESS_PREPEND_COMMS
+
+
+
+
+
+# ---------------------------------------------
+# client AS3_1, inbound
+
+
+
+# NEXT_HOP
+match from 192.0.2.31 set community NO_ADVERTISE
+match from 192.0.2.31 nexthop 192.0.2.31 set community delete NO_ADVERTISE
+# Reject inbound routes when 'from 192.0.2.31 community NO_ADVERTISE' - reject code: 5
+allow quick from 192.0.2.31 community NO_ADVERTISE set {
+	localpref 1
+	community 65520:0
+	community 65520:5
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: left-most ASN
+# Reject inbound routes when 'from 192.0.2.31 peer-as != 3' - reject code: 6
+# community from reject_cause_map
+allow quick from 192.0.2.31 peer-as != 3 set {
+	localpref 1
+	community 65520:0
+	community 65520:6
+	large-community 999:1101:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: invalid ASNs
+# Reject inbound routes when 'from 192.0.2.31 AS 23456' - reject code: 7
+allow quick from 192.0.2.31 AS 23456 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 192.0.2.31 AS 64496 - 131071' - reject code: 7
+allow quick from 192.0.2.31 AS 64496 - 131071 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 192.0.2.31 AS 4200000000 - 4294967295' - reject code: 7
+allow quick from 192.0.2.31 AS 4200000000 - 4294967295 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+
+
+
+
+
+
+
+
+
+# Prefix: length
+# Reject inbound routes when 'from 192.0.2.31 prefix 0.0.0.0/0 prefixlen 8 >< 24' - reject code: 13
+allow quick from 192.0.2.31 prefix 0.0.0.0/0 prefixlen 8 >< 24 set {
+	localpref 1
+	community 65520:0
+	community 65520:13
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+# Remove internal communities before accepting the route
+match from 192.0.2.31 set {
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+match from 192.0.2.31 set ext-community delete rt 65520:3
+
+
+
+allow quick from 192.0.2.31
+
+
+
+# ---------------------------------------------
+# client AS3_1, outbound
+
+deny quick to 192.0.2.31 community 65520:0
+
+
+
+# Blackhole request?
+# No blackhole filtering policy given
+deny quick to 192.0.2.31 community BLACKHOLE
+
+
+
+# NO_EXPORT and NO_ADVERTISE communities
+
+# BGP control communities
+allow to 192.0.2.31
+
+# do_not_announce_to_peer
+deny quick to 192.0.2.31 community 0:3
+
+
+# Add the $INTCOMM_PROCESS_PREPEND_COMMS ext community to signal that communities
+# for prepending can be processed. As soon as one prepending action is performed,
+# this internal community is removed, so that further actions are not processed.
+match to 192.0.2.31 set ext-community $INTCOMM_PROCESS_PREPEND_COMMS
+
+
+
+
+
+# ---------------------------------------------
+# client AS3_2, inbound
+
+
+
+# NEXT_HOP
+match from 2001:db8:1:1::31 set community NO_ADVERTISE
+match from 2001:db8:1:1::31 nexthop 2001:db8:1:1::31 set community delete NO_ADVERTISE
+# Reject inbound routes when 'from 2001:db8:1:1::31 community NO_ADVERTISE' - reject code: 5
+allow quick from 2001:db8:1:1::31 community NO_ADVERTISE set {
+	localpref 1
+	community 65520:0
+	community 65520:5
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: left-most ASN
+# Reject inbound routes when 'from 2001:db8:1:1::31 peer-as != 3' - reject code: 6
+# community from reject_cause_map
+allow quick from 2001:db8:1:1::31 peer-as != 3 set {
+	localpref 1
+	community 65520:0
+	community 65520:6
+	large-community 999:1101:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: invalid ASNs
+# Reject inbound routes when 'from 2001:db8:1:1::31 AS 23456' - reject code: 7
+allow quick from 2001:db8:1:1::31 AS 23456 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 2001:db8:1:1::31 AS 64496 - 131071' - reject code: 7
+allow quick from 2001:db8:1:1::31 AS 64496 - 131071 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 2001:db8:1:1::31 AS 4200000000 - 4294967295' - reject code: 7
+allow quick from 2001:db8:1:1::31 AS 4200000000 - 4294967295 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+
+
+
+
+
+
+
+
+
+# Prefix: length
+# Reject inbound routes when 'from 2001:db8:1:1::31 prefix ::/0 prefixlen 12 >< 48' - reject code: 13
+allow quick from 2001:db8:1:1::31 prefix ::/0 prefixlen 12 >< 48 set {
+	localpref 1
+	community 65520:0
+	community 65520:13
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+# Remove internal communities before accepting the route
+match from 2001:db8:1:1::31 set {
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+match from 2001:db8:1:1::31 set ext-community delete rt 65520:3
+
+
+
+allow quick from 2001:db8:1:1::31
+
+
+
+# ---------------------------------------------
+# client AS3_2, outbound
+
+deny quick to 2001:db8:1:1::31 community 65520:0
+
+
+
+# Blackhole request?
+# No blackhole filtering policy given
+deny quick to 2001:db8:1:1::31 community BLACKHOLE
+
+
+
+# NO_EXPORT and NO_ADVERTISE communities
+
+# BGP control communities
+allow to 2001:db8:1:1::31
+
+# do_not_announce_to_peer
+deny quick to 2001:db8:1:1::31 community 0:3
+
+
+# Add the $INTCOMM_PROCESS_PREPEND_COMMS ext community to signal that communities
+# for prepending can be processed. As soon as one prepending action is performed,
+# this internal community is removed, so that further actions are not processed.
+match to 2001:db8:1:1::31 set ext-community $INTCOMM_PROCESS_PREPEND_COMMS
+
+
+
+
+
+# ---------------------------------------------
+# client AS4_1, inbound
+
+
+
+# NEXT_HOP
+match from 192.0.2.41 set community NO_ADVERTISE
+match from 192.0.2.41 nexthop 192.0.2.41 set community delete NO_ADVERTISE
+# Reject inbound routes when 'from 192.0.2.41 community NO_ADVERTISE' - reject code: 5
+allow quick from 192.0.2.41 community NO_ADVERTISE set {
+	localpref 1
+	community 65520:0
+	community 65520:5
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: left-most ASN
+# Reject inbound routes when 'from 192.0.2.41 peer-as != 4' - reject code: 6
+# community from reject_cause_map
+allow quick from 192.0.2.41 peer-as != 4 set {
+	localpref 1
+	community 65520:0
+	community 65520:6
+	large-community 999:1101:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: invalid ASNs
+# Reject inbound routes when 'from 192.0.2.41 AS 23456' - reject code: 7
+allow quick from 192.0.2.41 AS 23456 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 192.0.2.41 AS 64496 - 131071' - reject code: 7
+allow quick from 192.0.2.41 AS 64496 - 131071 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 192.0.2.41 AS 4200000000 - 4294967295' - reject code: 7
+allow quick from 192.0.2.41 AS 4200000000 - 4294967295 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+
+
+
+
+
+
+
+
+
+# Prefix: length
+# Reject inbound routes when 'from 192.0.2.41 prefix 0.0.0.0/0 prefixlen 8 >< 24' - reject code: 13
+allow quick from 192.0.2.41 prefix 0.0.0.0/0 prefixlen 8 >< 24 set {
+	localpref 1
+	community 65520:0
+	community 65520:13
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+# Remove internal communities before accepting the route
+match from 192.0.2.41 set {
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+match from 192.0.2.41 set ext-community delete rt 65520:4
+
+
+
+allow quick from 192.0.2.41
+
+
+
+# ---------------------------------------------
+# client AS4_1, outbound
+
+deny quick to 192.0.2.41 community 65520:0
+
+
+
+# Blackhole request?
+# No blackhole filtering policy given
+deny quick to 192.0.2.41 community BLACKHOLE
+
+
+
+# NO_EXPORT and NO_ADVERTISE communities
+
+# BGP control communities
+allow to 192.0.2.41
+
+# do_not_announce_to_peer
+deny quick to 192.0.2.41 community 0:4
+
+
+# Add the $INTCOMM_PROCESS_PREPEND_COMMS ext community to signal that communities
+# for prepending can be processed. As soon as one prepending action is performed,
+# this internal community is removed, so that further actions are not processed.
+match to 192.0.2.41 set ext-community $INTCOMM_PROCESS_PREPEND_COMMS
+
+
+
+
+
+# ---------------------------------------------
+# client AS4_2, inbound
+
+
+
+# NEXT_HOP
+match from 2001:db8:1:1::41 set community NO_ADVERTISE
+match from 2001:db8:1:1::41 nexthop 2001:db8:1:1::41 set community delete NO_ADVERTISE
+# Reject inbound routes when 'from 2001:db8:1:1::41 community NO_ADVERTISE' - reject code: 5
+allow quick from 2001:db8:1:1::41 community NO_ADVERTISE set {
+	localpref 1
+	community 65520:0
+	community 65520:5
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: left-most ASN
+# Reject inbound routes when 'from 2001:db8:1:1::41 peer-as != 4' - reject code: 6
+# community from reject_cause_map
+allow quick from 2001:db8:1:1::41 peer-as != 4 set {
+	localpref 1
+	community 65520:0
+	community 65520:6
+	large-community 999:1101:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: invalid ASNs
+# Reject inbound routes when 'from 2001:db8:1:1::41 AS 23456' - reject code: 7
+allow quick from 2001:db8:1:1::41 AS 23456 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 2001:db8:1:1::41 AS 64496 - 131071' - reject code: 7
+allow quick from 2001:db8:1:1::41 AS 64496 - 131071 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 2001:db8:1:1::41 AS 4200000000 - 4294967295' - reject code: 7
+allow quick from 2001:db8:1:1::41 AS 4200000000 - 4294967295 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+
+
+
+
+
+
+
+
+
+# Prefix: length
+# Reject inbound routes when 'from 2001:db8:1:1::41 prefix ::/0 prefixlen 12 >< 48' - reject code: 13
+allow quick from 2001:db8:1:1::41 prefix ::/0 prefixlen 12 >< 48 set {
+	localpref 1
+	community 65520:0
+	community 65520:13
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+# Remove internal communities before accepting the route
+match from 2001:db8:1:1::41 set {
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+match from 2001:db8:1:1::41 set ext-community delete rt 65520:4
+
+
+
+allow quick from 2001:db8:1:1::41
+
+
+
+# ---------------------------------------------
+# client AS4_2, outbound
+
+deny quick to 2001:db8:1:1::41 community 65520:0
+
+
+
+# Blackhole request?
+# No blackhole filtering policy given
+deny quick to 2001:db8:1:1::41 community BLACKHOLE
+
+
+
+# NO_EXPORT and NO_ADVERTISE communities
+
+# BGP control communities
+allow to 2001:db8:1:1::41
+
+# do_not_announce_to_peer
+deny quick to 2001:db8:1:1::41 community 0:4
+
+
+# Add the $INTCOMM_PROCESS_PREPEND_COMMS ext community to signal that communities
+# for prepending can be processed. As soon as one prepending action is performed,
+# this internal community is removed, so that further actions are not processed.
+match to 2001:db8:1:1::41 set ext-community $INTCOMM_PROCESS_PREPEND_COMMS
+
+
+
+
+
+
+
+# Scrub communities from outbound routes
+# do_not_announce_to_peer
+match to group clients set community delete 0:*
+
+# reject_cause
+match to group clients set community delete 65520:*
+
+# reject_cause_map_6
+match to group clients set large-community delete 999:1101:7
+
+# rejected_route_announced_by
+match to group clients set ext-community delete rt 65520:*
+
+
+# Scrub prepending communities
+
+
+# RFC1997 NO_EXPORT/NO_ADVERTISE received from clients and propagated because of pass-through policy
+match to group clients ext-community $INTCOMM_NO_EXPORT set community NO_EXPORT
+match to group clients ext-community $INTCOMM_NO_ADVERTISE set community NO_ADVERTISE
+
+# Remove internal communities before announcing the route
+match to group clients set {
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
diff --git a/tests/live_tests/scenarios/path_hiding/routes/PathHidingScenario_MitigationOff_OpenBGPDIPv4/openbgpd76p/AS1.txt b/tests/live_tests/scenarios/path_hiding/routes/PathHidingScenario_MitigationOff_OpenBGPDIPv4/openbgpd76p/AS1.txt
new file mode 100644
index 00000000..7fe4a1b3
--- /dev/null
+++ b/tests/live_tests/scenarios/path_hiding/routes/PathHidingScenario_MitigationOff_OpenBGPDIPv4/openbgpd76p/AS1.txt
@@ -0,0 +1,7 @@
+101.0.1.0/24, AS_PATH: 101, NEXT_HOP: 192.0.2.101, via 192.0.2.101
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
diff --git a/tests/live_tests/scenarios/path_hiding/routes/PathHidingScenario_MitigationOff_OpenBGPDIPv4/openbgpd76p/AS101.txt b/tests/live_tests/scenarios/path_hiding/routes/PathHidingScenario_MitigationOff_OpenBGPDIPv4/openbgpd76p/AS101.txt
new file mode 100644
index 00000000..e69de29b
diff --git a/tests/live_tests/scenarios/path_hiding/routes/PathHidingScenario_MitigationOff_OpenBGPDIPv4/openbgpd76p/AS2.txt b/tests/live_tests/scenarios/path_hiding/routes/PathHidingScenario_MitigationOff_OpenBGPDIPv4/openbgpd76p/AS2.txt
new file mode 100644
index 00000000..dd7e5651
--- /dev/null
+++ b/tests/live_tests/scenarios/path_hiding/routes/PathHidingScenario_MitigationOff_OpenBGPDIPv4/openbgpd76p/AS2.txt
@@ -0,0 +1,7 @@
+101.0.1.0/24, AS_PATH: 101 101 101 101, NEXT_HOP: 192.0.2.101, via 192.0.2.101
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
diff --git a/tests/live_tests/scenarios/path_hiding/routes/PathHidingScenario_MitigationOff_OpenBGPDIPv4/openbgpd76p/AS3.txt b/tests/live_tests/scenarios/path_hiding/routes/PathHidingScenario_MitigationOff_OpenBGPDIPv4/openbgpd76p/AS3.txt
new file mode 100644
index 00000000..e69de29b
diff --git a/tests/live_tests/scenarios/path_hiding/routes/PathHidingScenario_MitigationOff_OpenBGPDIPv4/openbgpd76p/AS4.txt b/tests/live_tests/scenarios/path_hiding/routes/PathHidingScenario_MitigationOff_OpenBGPDIPv4/openbgpd76p/AS4.txt
new file mode 100644
index 00000000..16373410
--- /dev/null
+++ b/tests/live_tests/scenarios/path_hiding/routes/PathHidingScenario_MitigationOff_OpenBGPDIPv4/openbgpd76p/AS4.txt
@@ -0,0 +1,7 @@
+101.0.1.0/24, AS_PATH: 2 101 101 101 101, NEXT_HOP: 192.0.2.21, via 192.0.2.2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
diff --git a/tests/live_tests/scenarios/path_hiding/routes/PathHidingScenario_MitigationOff_OpenBGPDIPv4/openbgpd76p/rs.txt b/tests/live_tests/scenarios/path_hiding/routes/PathHidingScenario_MitigationOff_OpenBGPDIPv4/openbgpd76p/rs.txt
new file mode 100644
index 00000000..12d72bc0
--- /dev/null
+++ b/tests/live_tests/scenarios/path_hiding/routes/PathHidingScenario_MitigationOff_OpenBGPDIPv4/openbgpd76p/rs.txt
@@ -0,0 +1,14 @@
+101.0.1.0/24, AS_PATH: 1 101, NEXT_HOP: 192.0.2.11, via 192.0.2.11
+  std comms: 0:3, 0:4
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+101.0.1.0/24, AS_PATH: 2 101 101 101 101, NEXT_HOP: 192.0.2.21, via 192.0.2.21
+  std comms:
+  ext comms:
+  lrg comms:
+  best: False, LOCAL_PREF: 100
+  filtered: False ()
+
diff --git a/tests/live_tests/scenarios/path_hiding/routes/PathHidingScenario_MitigationOff_OpenBGPDIPv4/openbgpd77p/AS1.txt b/tests/live_tests/scenarios/path_hiding/routes/PathHidingScenario_MitigationOff_OpenBGPDIPv4/openbgpd77p/AS1.txt
new file mode 100644
index 00000000..7fe4a1b3
--- /dev/null
+++ b/tests/live_tests/scenarios/path_hiding/routes/PathHidingScenario_MitigationOff_OpenBGPDIPv4/openbgpd77p/AS1.txt
@@ -0,0 +1,7 @@
+101.0.1.0/24, AS_PATH: 101, NEXT_HOP: 192.0.2.101, via 192.0.2.101
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
diff --git a/tests/live_tests/scenarios/path_hiding/routes/PathHidingScenario_MitigationOff_OpenBGPDIPv4/openbgpd77p/AS101.txt b/tests/live_tests/scenarios/path_hiding/routes/PathHidingScenario_MitigationOff_OpenBGPDIPv4/openbgpd77p/AS101.txt
new file mode 100644
index 00000000..e69de29b
diff --git a/tests/live_tests/scenarios/path_hiding/routes/PathHidingScenario_MitigationOff_OpenBGPDIPv4/openbgpd77p/AS2.txt b/tests/live_tests/scenarios/path_hiding/routes/PathHidingScenario_MitigationOff_OpenBGPDIPv4/openbgpd77p/AS2.txt
new file mode 100644
index 00000000..dd7e5651
--- /dev/null
+++ b/tests/live_tests/scenarios/path_hiding/routes/PathHidingScenario_MitigationOff_OpenBGPDIPv4/openbgpd77p/AS2.txt
@@ -0,0 +1,7 @@
+101.0.1.0/24, AS_PATH: 101 101 101 101, NEXT_HOP: 192.0.2.101, via 192.0.2.101
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
diff --git a/tests/live_tests/scenarios/path_hiding/routes/PathHidingScenario_MitigationOff_OpenBGPDIPv4/openbgpd77p/AS3.txt b/tests/live_tests/scenarios/path_hiding/routes/PathHidingScenario_MitigationOff_OpenBGPDIPv4/openbgpd77p/AS3.txt
new file mode 100644
index 00000000..e69de29b
diff --git a/tests/live_tests/scenarios/path_hiding/routes/PathHidingScenario_MitigationOff_OpenBGPDIPv4/openbgpd77p/AS4.txt b/tests/live_tests/scenarios/path_hiding/routes/PathHidingScenario_MitigationOff_OpenBGPDIPv4/openbgpd77p/AS4.txt
new file mode 100644
index 00000000..16373410
--- /dev/null
+++ b/tests/live_tests/scenarios/path_hiding/routes/PathHidingScenario_MitigationOff_OpenBGPDIPv4/openbgpd77p/AS4.txt
@@ -0,0 +1,7 @@
+101.0.1.0/24, AS_PATH: 2 101 101 101 101, NEXT_HOP: 192.0.2.21, via 192.0.2.2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
diff --git a/tests/live_tests/scenarios/path_hiding/routes/PathHidingScenario_MitigationOff_OpenBGPDIPv4/openbgpd77p/rs.txt b/tests/live_tests/scenarios/path_hiding/routes/PathHidingScenario_MitigationOff_OpenBGPDIPv4/openbgpd77p/rs.txt
new file mode 100644
index 00000000..12d72bc0
--- /dev/null
+++ b/tests/live_tests/scenarios/path_hiding/routes/PathHidingScenario_MitigationOff_OpenBGPDIPv4/openbgpd77p/rs.txt
@@ -0,0 +1,14 @@
+101.0.1.0/24, AS_PATH: 1 101, NEXT_HOP: 192.0.2.11, via 192.0.2.11
+  std comms: 0:3, 0:4
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+101.0.1.0/24, AS_PATH: 2 101 101 101 101, NEXT_HOP: 192.0.2.21, via 192.0.2.21
+  std comms:
+  ext comms:
+  lrg comms:
+  best: False, LOCAL_PREF: 100
+  filtered: False ()
+
diff --git a/tests/live_tests/scenarios/path_hiding/routes/PathHidingScenario_MitigationOff_OpenBGPDIPv6/openbgpd77p/AS1.txt b/tests/live_tests/scenarios/path_hiding/routes/PathHidingScenario_MitigationOff_OpenBGPDIPv6/openbgpd77p/AS1.txt
new file mode 100644
index 00000000..61c455e4
--- /dev/null
+++ b/tests/live_tests/scenarios/path_hiding/routes/PathHidingScenario_MitigationOff_OpenBGPDIPv6/openbgpd77p/AS1.txt
@@ -0,0 +1,7 @@
+2a01:1:1::/48, AS_PATH: 101, NEXT_HOP: 2001:db8:1:1::101, via 2001:db8:1:1::101
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
diff --git a/tests/live_tests/scenarios/path_hiding/routes/PathHidingScenario_MitigationOff_OpenBGPDIPv6/openbgpd77p/AS101.txt b/tests/live_tests/scenarios/path_hiding/routes/PathHidingScenario_MitigationOff_OpenBGPDIPv6/openbgpd77p/AS101.txt
new file mode 100644
index 00000000..e69de29b
diff --git a/tests/live_tests/scenarios/path_hiding/routes/PathHidingScenario_MitigationOff_OpenBGPDIPv6/openbgpd77p/AS2.txt b/tests/live_tests/scenarios/path_hiding/routes/PathHidingScenario_MitigationOff_OpenBGPDIPv6/openbgpd77p/AS2.txt
new file mode 100644
index 00000000..d2dd2ccd
--- /dev/null
+++ b/tests/live_tests/scenarios/path_hiding/routes/PathHidingScenario_MitigationOff_OpenBGPDIPv6/openbgpd77p/AS2.txt
@@ -0,0 +1,7 @@
+2a01:1:1::/48, AS_PATH: 101 101 101 101, NEXT_HOP: 2001:db8:1:1::101, via 2001:db8:1:1::101
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
diff --git a/tests/live_tests/scenarios/path_hiding/routes/PathHidingScenario_MitigationOff_OpenBGPDIPv6/openbgpd77p/AS3.txt b/tests/live_tests/scenarios/path_hiding/routes/PathHidingScenario_MitigationOff_OpenBGPDIPv6/openbgpd77p/AS3.txt
new file mode 100644
index 00000000..e69de29b
diff --git a/tests/live_tests/scenarios/path_hiding/routes/PathHidingScenario_MitigationOff_OpenBGPDIPv6/openbgpd77p/AS4.txt b/tests/live_tests/scenarios/path_hiding/routes/PathHidingScenario_MitigationOff_OpenBGPDIPv6/openbgpd77p/AS4.txt
new file mode 100644
index 00000000..430ef778
--- /dev/null
+++ b/tests/live_tests/scenarios/path_hiding/routes/PathHidingScenario_MitigationOff_OpenBGPDIPv6/openbgpd77p/AS4.txt
@@ -0,0 +1,7 @@
+2a01:1:1::/48, AS_PATH: 2 101 101 101 101, NEXT_HOP: 2001:db8:1:1::21, via 2001:db8:1:1::2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
diff --git a/tests/live_tests/scenarios/path_hiding/routes/PathHidingScenario_MitigationOff_OpenBGPDIPv6/openbgpd77p/rs.txt b/tests/live_tests/scenarios/path_hiding/routes/PathHidingScenario_MitigationOff_OpenBGPDIPv6/openbgpd77p/rs.txt
new file mode 100644
index 00000000..a3d81fe6
--- /dev/null
+++ b/tests/live_tests/scenarios/path_hiding/routes/PathHidingScenario_MitigationOff_OpenBGPDIPv6/openbgpd77p/rs.txt
@@ -0,0 +1,14 @@
+2a01:1:1::/48, AS_PATH: 1 101, NEXT_HOP: 2001:db8:1:1::11, via 2001:db8:1:1::11
+  std comms: 0:3, 0:4
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a01:1:1::/48, AS_PATH: 2 101 101 101 101, NEXT_HOP: 2001:db8:1:1::21, via 2001:db8:1:1::21
+  std comms:
+  ext comms:
+  lrg comms:
+  best: False, LOCAL_PREF: 100
+  filtered: False ()
+
diff --git a/tests/live_tests/scenarios/path_hiding/routes/PathHidingScenario_MitigationOn_OpenBGPDIPv4/openbgpd76p/AS1.txt b/tests/live_tests/scenarios/path_hiding/routes/PathHidingScenario_MitigationOn_OpenBGPDIPv4/openbgpd76p/AS1.txt
new file mode 100644
index 00000000..7fe4a1b3
--- /dev/null
+++ b/tests/live_tests/scenarios/path_hiding/routes/PathHidingScenario_MitigationOn_OpenBGPDIPv4/openbgpd76p/AS1.txt
@@ -0,0 +1,7 @@
+101.0.1.0/24, AS_PATH: 101, NEXT_HOP: 192.0.2.101, via 192.0.2.101
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
diff --git a/tests/live_tests/scenarios/path_hiding/routes/PathHidingScenario_MitigationOn_OpenBGPDIPv4/openbgpd76p/AS101.txt b/tests/live_tests/scenarios/path_hiding/routes/PathHidingScenario_MitigationOn_OpenBGPDIPv4/openbgpd76p/AS101.txt
new file mode 100644
index 00000000..e69de29b
diff --git a/tests/live_tests/scenarios/path_hiding/routes/PathHidingScenario_MitigationOn_OpenBGPDIPv4/openbgpd76p/AS2.txt b/tests/live_tests/scenarios/path_hiding/routes/PathHidingScenario_MitigationOn_OpenBGPDIPv4/openbgpd76p/AS2.txt
new file mode 100644
index 00000000..e69de29b
diff --git a/tests/live_tests/scenarios/path_hiding/routes/PathHidingScenario_MitigationOn_OpenBGPDIPv4/openbgpd76p/AS3.txt b/tests/live_tests/scenarios/path_hiding/routes/PathHidingScenario_MitigationOn_OpenBGPDIPv4/openbgpd76p/AS3.txt
new file mode 100644
index 00000000..e69de29b
diff --git a/tests/live_tests/scenarios/path_hiding/routes/PathHidingScenario_MitigationOn_OpenBGPDIPv4/openbgpd76p/AS4.txt b/tests/live_tests/scenarios/path_hiding/routes/PathHidingScenario_MitigationOn_OpenBGPDIPv4/openbgpd76p/AS4.txt
new file mode 100644
index 00000000..16373410
--- /dev/null
+++ b/tests/live_tests/scenarios/path_hiding/routes/PathHidingScenario_MitigationOn_OpenBGPDIPv4/openbgpd76p/AS4.txt
@@ -0,0 +1,7 @@
+101.0.1.0/24, AS_PATH: 2 101 101 101 101, NEXT_HOP: 192.0.2.21, via 192.0.2.2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
diff --git a/tests/live_tests/scenarios/path_hiding/routes/PathHidingScenario_MitigationOn_OpenBGPDIPv4/openbgpd76p/rs.txt b/tests/live_tests/scenarios/path_hiding/routes/PathHidingScenario_MitigationOn_OpenBGPDIPv4/openbgpd76p/rs.txt
new file mode 100644
index 00000000..1b00af92
--- /dev/null
+++ b/tests/live_tests/scenarios/path_hiding/routes/PathHidingScenario_MitigationOn_OpenBGPDIPv4/openbgpd76p/rs.txt
@@ -0,0 +1,7 @@
+101.0.1.0/24, AS_PATH: 1 101, NEXT_HOP: 192.0.2.11, via 192.0.2.11
+  std comms: 0:3, 0:4
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
diff --git a/tests/live_tests/scenarios/path_hiding/routes/PathHidingScenario_MitigationOn_OpenBGPDIPv4/openbgpd77p/AS1.txt b/tests/live_tests/scenarios/path_hiding/routes/PathHidingScenario_MitigationOn_OpenBGPDIPv4/openbgpd77p/AS1.txt
new file mode 100644
index 00000000..7fe4a1b3
--- /dev/null
+++ b/tests/live_tests/scenarios/path_hiding/routes/PathHidingScenario_MitigationOn_OpenBGPDIPv4/openbgpd77p/AS1.txt
@@ -0,0 +1,7 @@
+101.0.1.0/24, AS_PATH: 101, NEXT_HOP: 192.0.2.101, via 192.0.2.101
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
diff --git a/tests/live_tests/scenarios/path_hiding/routes/PathHidingScenario_MitigationOn_OpenBGPDIPv4/openbgpd77p/AS101.txt b/tests/live_tests/scenarios/path_hiding/routes/PathHidingScenario_MitigationOn_OpenBGPDIPv4/openbgpd77p/AS101.txt
new file mode 100644
index 00000000..e69de29b
diff --git a/tests/live_tests/scenarios/path_hiding/routes/PathHidingScenario_MitigationOn_OpenBGPDIPv4/openbgpd77p/AS2.txt b/tests/live_tests/scenarios/path_hiding/routes/PathHidingScenario_MitigationOn_OpenBGPDIPv4/openbgpd77p/AS2.txt
new file mode 100644
index 00000000..e69de29b
diff --git a/tests/live_tests/scenarios/path_hiding/routes/PathHidingScenario_MitigationOn_OpenBGPDIPv4/openbgpd77p/AS3.txt b/tests/live_tests/scenarios/path_hiding/routes/PathHidingScenario_MitigationOn_OpenBGPDIPv4/openbgpd77p/AS3.txt
new file mode 100644
index 00000000..e69de29b
diff --git a/tests/live_tests/scenarios/path_hiding/routes/PathHidingScenario_MitigationOn_OpenBGPDIPv4/openbgpd77p/AS4.txt b/tests/live_tests/scenarios/path_hiding/routes/PathHidingScenario_MitigationOn_OpenBGPDIPv4/openbgpd77p/AS4.txt
new file mode 100644
index 00000000..16373410
--- /dev/null
+++ b/tests/live_tests/scenarios/path_hiding/routes/PathHidingScenario_MitigationOn_OpenBGPDIPv4/openbgpd77p/AS4.txt
@@ -0,0 +1,7 @@
+101.0.1.0/24, AS_PATH: 2 101 101 101 101, NEXT_HOP: 192.0.2.21, via 192.0.2.2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
diff --git a/tests/live_tests/scenarios/path_hiding/routes/PathHidingScenario_MitigationOn_OpenBGPDIPv4/openbgpd77p/rs.txt b/tests/live_tests/scenarios/path_hiding/routes/PathHidingScenario_MitigationOn_OpenBGPDIPv4/openbgpd77p/rs.txt
new file mode 100644
index 00000000..1b00af92
--- /dev/null
+++ b/tests/live_tests/scenarios/path_hiding/routes/PathHidingScenario_MitigationOn_OpenBGPDIPv4/openbgpd77p/rs.txt
@@ -0,0 +1,7 @@
+101.0.1.0/24, AS_PATH: 1 101, NEXT_HOP: 192.0.2.11, via 192.0.2.11
+  std comms: 0:3, 0:4
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
diff --git a/tests/live_tests/scenarios/path_hiding/routes/PathHidingScenario_MitigationOn_OpenBGPDIPv6/openbgpd77p/AS1.txt b/tests/live_tests/scenarios/path_hiding/routes/PathHidingScenario_MitigationOn_OpenBGPDIPv6/openbgpd77p/AS1.txt
new file mode 100644
index 00000000..61c455e4
--- /dev/null
+++ b/tests/live_tests/scenarios/path_hiding/routes/PathHidingScenario_MitigationOn_OpenBGPDIPv6/openbgpd77p/AS1.txt
@@ -0,0 +1,7 @@
+2a01:1:1::/48, AS_PATH: 101, NEXT_HOP: 2001:db8:1:1::101, via 2001:db8:1:1::101
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
diff --git a/tests/live_tests/scenarios/path_hiding/routes/PathHidingScenario_MitigationOn_OpenBGPDIPv6/openbgpd77p/AS101.txt b/tests/live_tests/scenarios/path_hiding/routes/PathHidingScenario_MitigationOn_OpenBGPDIPv6/openbgpd77p/AS101.txt
new file mode 100644
index 00000000..e69de29b
diff --git a/tests/live_tests/scenarios/path_hiding/routes/PathHidingScenario_MitigationOn_OpenBGPDIPv6/openbgpd77p/AS2.txt b/tests/live_tests/scenarios/path_hiding/routes/PathHidingScenario_MitigationOn_OpenBGPDIPv6/openbgpd77p/AS2.txt
new file mode 100644
index 00000000..e69de29b
diff --git a/tests/live_tests/scenarios/path_hiding/routes/PathHidingScenario_MitigationOn_OpenBGPDIPv6/openbgpd77p/AS3.txt b/tests/live_tests/scenarios/path_hiding/routes/PathHidingScenario_MitigationOn_OpenBGPDIPv6/openbgpd77p/AS3.txt
new file mode 100644
index 00000000..e69de29b
diff --git a/tests/live_tests/scenarios/path_hiding/routes/PathHidingScenario_MitigationOn_OpenBGPDIPv6/openbgpd77p/AS4.txt b/tests/live_tests/scenarios/path_hiding/routes/PathHidingScenario_MitigationOn_OpenBGPDIPv6/openbgpd77p/AS4.txt
new file mode 100644
index 00000000..430ef778
--- /dev/null
+++ b/tests/live_tests/scenarios/path_hiding/routes/PathHidingScenario_MitigationOn_OpenBGPDIPv6/openbgpd77p/AS4.txt
@@ -0,0 +1,7 @@
+2a01:1:1::/48, AS_PATH: 2 101 101 101 101, NEXT_HOP: 2001:db8:1:1::21, via 2001:db8:1:1::2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
diff --git a/tests/live_tests/scenarios/path_hiding/routes/PathHidingScenario_MitigationOn_OpenBGPDIPv6/openbgpd77p/rs.txt b/tests/live_tests/scenarios/path_hiding/routes/PathHidingScenario_MitigationOn_OpenBGPDIPv6/openbgpd77p/rs.txt
new file mode 100644
index 00000000..819f293a
--- /dev/null
+++ b/tests/live_tests/scenarios/path_hiding/routes/PathHidingScenario_MitigationOn_OpenBGPDIPv6/openbgpd77p/rs.txt
@@ -0,0 +1,7 @@
+2a01:1:1::/48, AS_PATH: 1 101, NEXT_HOP: 2001:db8:1:1::11, via 2001:db8:1:1::11
+  std comms: 0:3, 0:4
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
diff --git a/tests/live_tests/scenarios/rich_example/configs/RichConfigExampleScenarioOpenBGPD_IPv4/openbgpd68.conf b/tests/live_tests/scenarios/rich_example/configs/RichConfigExampleScenarioOpenBGPD_IPv4/openbgpd68.conf
index 4690e27f..aa468449 100644
--- a/tests/live_tests/scenarios/rich_example/configs/RichConfigExampleScenarioOpenBGPD_IPv4/openbgpd68.conf
+++ b/tests/live_tests/scenarios/rich_example/configs/RichConfigExampleScenarioOpenBGPD_IPv4/openbgpd68.conf
@@ -185,7 +185,7 @@ prefix-set "bogons" {
 
 # never via route-servers ASNs
 as-set "neverviarouteserver" {
-	92, 174, 278, 680, 714, 1273, 1299, 1955, 2152, 2914, 3257, 3265, 3292, 3320, 3491, 3630, 3754, 5391, 5432, 5511, 6079, 6730, 6805, 6830, 6908, 7155, 7843, 7862, 8075, 8365, 8455, 8607, 8943, 9908, 10013, 11164, 11260, 11290, 11670, 12322, 12353, 12822, 13030, 13032, 14295, 15692, 16509, 17012, 18520, 19237, 20115, 20161, 21396, 23888, 23961, 24282, 24800, 27947, 29169, 30967, 30983, 31764, 33983, 34108, 34209, 34587, 35836, 35900, 36165, 36459, 37271, 37529, 38713, 39326, 39651, 40029, 40063, 43470, 46450, 47377, 47583, 48237, 48265, 48408, 49127, 49910, 49922, 51530, 51630, 53859, 54295, 55244, 57433, 57468, 57866, 58768, 60412, 60757, 61756, 62164, 62567, 62623, 63290, 131398, 131996, 132563, 132829, 132996, 133317, 134022, 135706, 135848, 136106, 136874, 137207, 137610, 138023, 138769, 138953, 139667, 140287, 141091, 141120, 141134, 141140, 141411, 141856, 141892, 142164, 142348, 142369, 146846, 146958, 147059, 149296, 149663, 149826, 201978, 202561, 202793, 206275, 207353, 207484, 208425, 209699, 210030, 210715, 212512, 212539, 212623, 212706, 212953, 213202, 262191, 262888, 263258, 263686, 263801, 263856, 264424, 265337, 265630, 267214, 267442, 267561, 268091, 269156, 269190, 269367, 269512, 269654, 269906, 270407, 270544, 270781, 270828, 271053, 271172, 271200, 272018, 272124, 327732, 328445, 328572, 328582, 328959, 393573, 393684, 396304, 396477, 398203, 399338
+	2914, 3491
 }
 
 # =====================================================================================
diff --git a/tests/live_tests/scenarios/rich_example/configs/RichConfigExampleScenarioOpenBGPD_IPv4/openbgpd70.conf b/tests/live_tests/scenarios/rich_example/configs/RichConfigExampleScenarioOpenBGPD_IPv4/openbgpd70.conf
index ae22c859..85c3af41 100644
--- a/tests/live_tests/scenarios/rich_example/configs/RichConfigExampleScenarioOpenBGPD_IPv4/openbgpd70.conf
+++ b/tests/live_tests/scenarios/rich_example/configs/RichConfigExampleScenarioOpenBGPD_IPv4/openbgpd70.conf
@@ -189,7 +189,7 @@ prefix-set "bogons" {
 
 # never via route-servers ASNs
 as-set "neverviarouteserver" {
-	92, 174, 278, 680, 714, 1273, 1299, 1955, 2152, 2914, 3257, 3265, 3292, 3320, 3491, 3630, 3754, 5391, 5432, 5511, 6079, 6730, 6805, 6830, 6908, 7155, 7843, 7862, 8075, 8365, 8455, 8607, 8943, 9908, 10013, 11164, 11260, 11290, 11670, 12322, 12353, 12822, 13030, 13032, 14295, 15692, 16509, 17012, 18520, 19237, 20115, 20161, 21396, 23888, 23961, 24282, 24800, 27947, 29169, 30967, 30983, 31764, 33983, 34108, 34209, 34587, 35836, 35900, 36165, 36459, 37271, 37529, 38713, 39326, 39651, 40029, 40063, 43470, 46450, 47377, 47583, 48237, 48265, 48408, 49127, 49910, 49922, 51530, 51630, 53859, 54295, 55244, 57433, 57468, 57866, 58768, 60412, 60757, 61756, 62164, 62567, 62623, 63290, 131398, 131996, 132563, 132829, 132996, 133317, 134022, 135706, 135848, 136106, 136874, 137207, 137610, 138023, 138769, 138953, 139667, 140287, 141091, 141120, 141134, 141140, 141411, 141856, 141892, 142164, 142348, 142369, 146846, 146958, 147059, 149296, 149663, 149826, 201978, 202561, 202793, 206275, 207353, 207484, 208425, 209699, 210030, 210715, 212512, 212539, 212623, 212706, 212953, 213202, 262191, 262888, 263258, 263686, 263801, 263856, 264424, 265337, 265630, 267214, 267442, 267561, 268091, 269156, 269190, 269367, 269512, 269654, 269906, 270407, 270544, 270781, 270828, 271053, 271172, 271200, 272018, 272124, 327732, 328445, 328572, 328582, 328959, 393573, 393684, 396304, 396477, 398203, 399338
+	2914, 3491
 }
 
 # =====================================================================================
diff --git a/tests/live_tests/scenarios/rich_example/configs/RichConfigExampleScenarioOpenBGPD_IPv4/openbgpd76p.conf b/tests/live_tests/scenarios/rich_example/configs/RichConfigExampleScenarioOpenBGPD_IPv4/openbgpd76p.conf
new file mode 100644
index 00000000..def3fa0e
--- /dev/null
+++ b/tests/live_tests/scenarios/rich_example/configs/RichConfigExampleScenarioOpenBGPD_IPv4/openbgpd76p.conf
@@ -0,0 +1,4015 @@
+# built by ARouteServer
+AS 999
+router-id 192.0.2.2
+
+fib-update no
+log updates
+
+nexthop qualify via default
+
+rde evaluate all
+
+INTCOMM_PREF_OK_ROA="soo 65535:1"
+INTCOMM_ROUTE_OK_WL="soo 65535:2"
+INTCOMM_PREF_OK_ARINDB="soo 65535:3"
+INTCOMM_PREF_OK_REGISTROBRDB="soo 65535:12"
+
+INTCOMM_ORIGIN_OK="soo 65535:4"
+INTCOMM_ORIGIN_KO="soo 65535:5"
+INTCOMM_PREFIX_OK="soo 65535:6"
+INTCOMM_PREFIX_KO="soo 65535:7"
+INTCOMM_IRR_REJECT="soo 65535:8"
+
+INTCOMM_RPKI_UNKNOWN="soo 65535:9"
+INTCOMM_RPKI_INVALID="soo 65535:10"
+INTCOMM_RPKI_VALID="soo 65535:11"
+
+INTCOMM_PROCESS_PREPEND_COMMS="soo 65535:13"
+
+INTCOMM_NO_EXPORT="soo 65535:65281"
+INTCOMM_NO_ADVERTISE="soo 65535:65282"
+
+# ---------------------------------------------------------
+# IRRDB
+
+# AS3333, used by client AS3333_1
+as-set "AS_SET_AS3333_asns" {
+    3333
+}
+prefix-set "AS_SET_AS3333_prefixes" {
+    2001:67c:2e8::/48 prefixlen 48 - 128
+}
+
+# AS10745, used by client AS10745_1, client AS10745_2
+as-set "AS_SET_AS10745_asns" {
+    10745
+}
+prefix-set "AS_SET_AS10745_prefixes" {
+    2001:500:4::/48 prefixlen 48 - 128
+}
+
+# AS-RIPENCC, used by client AS3333_1
+# no origin ASNs found for AS_RIPENCC
+# no prefixes found for AS_RIPENCC
+
+
+
+
+# ---------------------------------------------------------
+# MEMBERS
+
+group "clients" {
+
+	# RTT: 224 ms (normalized value: 224)
+	neighbor 192.0.2.22 {
+		remote-as 10745
+
+		rde evaluate all
+
+		passive
+		ttl-security yes
+		max-prefix 121 restart 30
+		transparent-as yes
+		enforce neighbor-as no
+
+		announce as-4byte yes
+		announce IPv6 none
+		announce IPv4 unicast
+		announce add-path send best plus 5
+
+		set nexthop no-modify
+	}
+
+	# RTT: 226 ms (normalized value: 226)
+	neighbor 2001:db8:1:1::22 {
+		remote-as 10745
+
+		rde evaluate all
+
+		passive
+		ttl-security yes
+		max-prefix 13915 restart 30
+		transparent-as yes
+		enforce neighbor-as no
+
+		announce as-4byte yes
+		announce IPv6 unicast
+		announce IPv4 none
+		announce add-path send best plus 5
+
+		set nexthop no-modify
+	}
+
+	# RTT: 114 ms (normalized value: 114)
+	neighbor 192.0.2.11 {
+		remote-as 3333
+
+		rde evaluate all
+
+		passive
+		ttl-security yes
+		max-prefix 150 restart 30
+		transparent-as yes
+		enforce neighbor-as no
+
+		announce as-4byte yes
+		announce IPv6 none
+		announce IPv4 unicast
+		announce add-path send best plus 5
+
+		set nexthop no-modify
+	}
+}
+
+
+
+# ---------------------------------------------------------
+# FILTERS
+
+# NO_ADVERTISE usage notes.
+# The NO_ADVERTISE well-know community is used here to handle
+# filters that span over multiple steps. At first it is added
+# to any route, then it is removed as filters conditions are
+# satisfied. Finally, if it is still present, it means that
+# the route should be discarded.
+
+
+
+
+prefix-set "global_black_list_pref" {
+    192.0.2.0/24 prefixlen 24 - 32
+    2001:db8:1:1::/64 prefixlen 64 - 128
+
+}
+
+prefix-set "bogons" {
+    0.0.0.0/0
+    0.0.0.0/8 prefixlen 8 - 32
+    10.0.0.0/8 prefixlen 8 - 32
+    127.0.0.0/8 prefixlen 8 - 32
+    169.254.0.0/16 prefixlen 16 - 32
+    172.16.0.0/12 prefixlen 12 - 32
+    192.0.2.0/24 prefixlen 24 - 32
+    192.88.99.0/24 prefixlen 24 - 32
+    192.168.0.0/16 prefixlen 16 - 32
+    198.18.0.0/15 prefixlen 15 - 32
+    198.51.100.0/24 prefixlen 24 - 32
+    203.0.113.0/24 prefixlen 24 - 32
+    224.0.0.0/3 prefixlen 3 - 32
+    100.64.0.0/10 prefixlen 10 - 32
+    ::/0
+    ::/8 prefixlen 8 - 128
+    64:ff9b::/96 prefixlen 96 - 128
+    100::/8 prefixlen 8 - 128
+    200::/7 prefixlen 7 - 128
+    400::/6 prefixlen 6 - 128
+    800::/5 prefixlen 5 - 128
+    1000::/4 prefixlen 4 - 128
+    2001::/33 prefixlen 33 - 128
+    2001:0:8000::/33 prefixlen 33 - 128
+    2001:2::/48 prefixlen 48 - 128
+    2001:3::/32 prefixlen 32 - 128
+    2001:10::/28 prefixlen 28 - 128
+    2001:20::/28 prefixlen 28 - 128
+    2001:db8::/32 prefixlen 32 - 128
+    2002::/16 prefixlen 16 - 128
+    3ffe::/16 prefixlen 16 - 128
+    4000::/3 prefixlen 3 - 128
+    5f00::/8 prefixlen 8 - 128
+    6000::/3 prefixlen 3 - 128
+    8000::/3 prefixlen 3 - 128
+    a000::/3 prefixlen 3 - 128
+    c000::/3 prefixlen 3 - 128
+    e000::/4 prefixlen 4 - 128
+    f000::/5 prefixlen 5 - 128
+    f800::/6 prefixlen 6 - 128
+    fc00::/7 prefixlen 7 - 128
+    fe80::/10 prefixlen 10 - 128
+    fec0::/10 prefixlen 10 - 128
+    ff00::/8 prefixlen 8 - 128
+
+}
+
+# never via route-servers ASNs
+as-set "neverviarouteserver" {
+	2914, 3491
+}
+
+# =====================================================================================
+# Global rules.
+
+# This part of configuration is processed at the beginning of the filters.
+# The rules defined in this part are applied to all the clients, and not on a
+# client-by-client basis (see the 'match from group clients'), so only global policies
+# can be implemented here, that is no client-level configuration are allowed.
+
+
+
+# Scrub communities from inbound routes
+# origin_not_present_in_as_set
+match from group clients set community delete 65530:0
+match from group clients set large-community delete 999:65530:0
+
+# origin_present_in_as_set
+match from group clients set community delete 65530:1
+match from group clients set large-community delete 999:65530:1
+
+# prefix_validated_via_arin_whois_db_dump
+match from group clients set community delete 65530:4
+match from group clients set large-community delete 999:65530:4
+
+# prefix_validated_via_rpki_roas
+match from group clients set community delete 65530:2
+match from group clients set large-community delete 999:65530:2
+
+# reject_cause
+match from group clients set community delete 65520:*
+
+# reject_cause_map_6
+match from group clients set large-community delete 999:1101:7
+
+# rejected_route_announced_by
+match from group clients set ext-community delete rt 65520:*
+
+# route_validated_via_white_list
+match from group clients set community delete 65530:3
+match from group clients set large-community delete 999:65530:3
+
+# from_europe
+match from group clients set community delete 65534:1
+match from group clients set ext-community delete rt 65534:1
+match from group clients set large-community delete 999:65534:1
+
+# from_usa
+match from group clients set community delete 65534:2
+match from group clients set ext-community delete rt 65534:2
+match from group clients set large-community delete 999:65534:2
+
+
+# Scrub internal communities from inbound routes
+match from group clients set {
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+# The main goal of this block is to enrich routes received from clients by attaching to them
+# internal informational communities which are used later by the rest of the filter rules.
+
+# Internal communities used for RFC1997 well-known communities handling
+
+# Transform NO_EXPORT into $INTCOMM_NO_EXPORT
+match from group clients community NO_EXPORT set { ext-community $INTCOMM_NO_EXPORT community delete NO_EXPORT }
+
+# Transform NO_ADVERTISE into $INTCOMM_NO_ADVERTISE
+match from group clients community NO_ADVERTISE set { ext-community $INTCOMM_NO_ADVERTISE community delete NO_ADVERTISE }
+
+
+# ---------------------------------------------------------
+# ROAs source
+
+
+roa-set {
+    193.0.0.0/21 source-as 3333
+    193.0.24.0/22 maxlen 26 source-as 3333
+    193.0.10.0/23 source-as 3333
+    193.0.12.0/23 source-as 3333
+    193.0.14.0/23 source-as 25152
+    193.0.18.0/23 source-as 3333
+    193.0.20.0/23 source-as 3333
+    193.0.22.0/23 source-as 3333
+    193.0.14.0/24 source-as 25152
+    193.0.24.0/24 source-as 3333
+    2001:7fd::/32 source-as 25152
+    2001:610:240::/42 source-as 3333
+    2001:67c:2e8::/48 source-as 3333
+    2001:7fd::/48 source-as 25152
+
+}
+
+
+
+# ---------------------------------------------------------
+# RPKI-based Origin Validation
+
+
+# Add $INTCOMM_RPKI_UNKNOWN, $INTCOMM_RPKI_INVALID and $INTCOMM_RPKI_VALID
+# ext community on the basis of ovs.
+match from group clients ovs not-found set {
+    ext-community $INTCOMM_RPKI_UNKNOWN
+    ext-community ovs not-found
+    
+}
+match from group clients ovs valid set {
+    ext-community $INTCOMM_RPKI_VALID
+    ext-community ovs valid
+    
+}
+match from group clients ovs invalid set {
+    ext-community $INTCOMM_RPKI_INVALID
+    ext-community ovs invalid
+    
+}
+
+
+
+# ---------------------------------------------------------
+# RPKI ROAs used as route objects.
+
+# Add the $INTCOMM_PREF_OK_ROA ext community to routes whose
+# origin ASN has a ROA for the announced prefix.
+# It will be used later during IRRDB validation in
+# case the origin ASN is authorized by a client's
+# AS-SET but the prefix is not.
+
+# Since RPKI-based Origin Validation is already performed above,
+# use the origin validation state to identify valid routes.
+match from group clients ovs valid set ext-community $INTCOMM_PREF_OK_ROA
+
+
+# ARIN Whois records used for preifx validation
+# ---------------------------------------------
+
+# Add the $INTCOMM_PREF_OK_ARINDB ext community to routes whose
+# origin ASN has an ARIN Whois record for the announced prefix.
+# It will be used later during IRRDB validation in
+# case the origin ASN is authorized by a client's
+# AS-SET but the prefix is not.
+origin-set "ARINDB" {
+192.136.136.0/24 prefixlen 24 - 32 source-as 10745
+192.149.252.0/24 prefixlen 24 - 32 source-as 10745
+199.43.0.0/24 prefixlen 24 - 32 source-as 10745
+2001:500:110::/48 prefixlen 48 - 128 source-as 10745
+2001:500:4::/48 prefixlen 48 - 128 source-as 10745
+}
+match from group clients origin-set ARINDB set ext-community $INTCOMM_PREF_OK_ARINDB
+
+
+
+
+# Set the 'rejected_route_announced_by' community for all the clients.
+# It will be removed later if the route is not invalid
+match from 192.0.2.22 set ext-community rt 65520:10745
+
+match from 2001:db8:1:1::22 set ext-community rt 65520:10745
+
+match from 192.0.2.11 set ext-community rt 65520:3333
+
+
+
+
+# AS_PATH: length
+# Reject inbound routes when 'from group clients max-as-len 32' - reject code: 1
+allow quick from group clients max-as-len 32 set {
+	localpref 1
+	community 65520:0
+	community 65520:1
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# Prefix: global blacklist
+# Reject inbound routes when 'from group clients prefix-set global_black_list_pref' - reject code: 3
+allow quick from group clients prefix-set global_black_list_pref set {
+	localpref 1
+	community 65520:0
+	community 65520:3
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# Prefix: only IPv6 Global Unicast space allowed
+match from group clients inet6 set community NO_ADVERTISE
+match from group clients prefix 2000::/3 or-longer set community delete NO_ADVERTISE
+# Reject inbound routes when 'from group clients community NO_ADVERTISE' - reject code: 10
+allow quick from group clients community NO_ADVERTISE set {
+	localpref 1
+	community 65520:0
+	community 65520:10
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# Prefix: bogon
+# Reject inbound routes when 'from group clients prefix-set bogons' - reject code: 2
+allow quick from group clients prefix-set bogons set {
+	localpref 1
+	community 65520:0
+	community 65520:2
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+
+# =====================================================================================
+# Per client rules.
+
+
+# ---------------------------------------------
+# client AS10745_1, inbound
+
+
+# Attach custom BGP communities
+# from_usa
+match from 192.0.2.22 set community 65534:2
+match from 192.0.2.22 set ext-community rt 65534:2
+match from 192.0.2.22 set large-community 999:65534:2
+
+# NEXT_HOP
+match from 192.0.2.22 set community NO_ADVERTISE
+match from 192.0.2.22 nexthop 192.0.2.22 set community delete NO_ADVERTISE
+# Reject inbound routes when 'from 192.0.2.22 community NO_ADVERTISE' - reject code: 5
+allow quick from 192.0.2.22 community NO_ADVERTISE set {
+	localpref 1
+	community 65520:0
+	community 65520:5
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: left-most ASN
+# Reject inbound routes when 'from 192.0.2.22 peer-as != 10745' - reject code: 6
+# community from reject_cause_map
+allow quick from 192.0.2.22 peer-as != 10745 set {
+	localpref 1
+	community 65520:0
+	community 65520:6
+	large-community 999:1101:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: invalid ASNs
+# Reject inbound routes when 'from 192.0.2.22 AS 23456' - reject code: 7
+allow quick from 192.0.2.22 AS 23456 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 192.0.2.22 AS 64496 - 131071' - reject code: 7
+allow quick from 192.0.2.22 AS 64496 - 131071 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 192.0.2.22 AS 4200000000 - 4294967295' - reject code: 7
+allow quick from 192.0.2.22 AS 4200000000 - 4294967295 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: transit-free ASNs
+# Reject inbound routes when 'from 192.0.2.22 AS { 174, 701, 1299, 2914, 3257, 3320, 3356, 5511, 6453, 6461, 6762, 6830, 7018, 12956 }' - reject code: 8
+allow quick from 192.0.2.22 AS { 174, 701, 1299, 2914, 3257, 3320, 3356, 5511, 6453, 6461, 6762, 6830, 7018, 12956 } set {
+	localpref 1
+	community 65520:0
+	community 65520:8
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: never via route-servers ASNs
+# Reject inbound routes when 'from 192.0.2.22 AS as-set neverviarouteserver' - reject code: 15
+allow quick from 192.0.2.22 AS as-set neverviarouteserver set {
+	localpref 1
+	community 65520:0
+	community 65520:15
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+match from 192.0.2.22 set ext-community $INTCOMM_IRR_REJECT
+
+# AS_PATH: check origin via AS-SET
+# IRRDB filters for AS10745_1, AS10745: asns
+# add $INTCOMM_ORIGIN_KO to any; it will be removed later if at least one AS-SET authorizes this object
+match from 192.0.2.22 set ext-community $INTCOMM_ORIGIN_KO
+# verifying if object is authorized by AS-SETs
+match from 192.0.2.22 source-as as-set AS_SET_AS10745_asns set {
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community $INTCOMM_ORIGIN_OK
+} # AS10745
+# adding not_present_in_as_set community to unauthorized routes
+match from 192.0.2.22 ext-community $INTCOMM_ORIGIN_KO set community 65530:0
+match from 192.0.2.22 ext-community $INTCOMM_ORIGIN_KO set large-community 999:65530:0
+# adding present_in_as_set community to authorized routes
+match from 192.0.2.22 ext-community $INTCOMM_ORIGIN_OK set community 65530:1
+match from 192.0.2.22 ext-community $INTCOMM_ORIGIN_OK set large-community 999:65530:1
+
+
+# Prefix: check prefix via AS-SET
+# IRRDB filters for AS10745_1, AS10745: prefixes
+# add $INTCOMM_PREFIX_KO to any; it will be removed later if at least one AS-SET authorizes this object
+match from 192.0.2.22 set ext-community $INTCOMM_PREFIX_KO
+# verifying if object is authorized by AS-SETs
+match from 192.0.2.22 prefix-set AS_SET_AS10745_prefixes set {
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community $INTCOMM_PREFIX_OK
+} # AS10745
+
+
+# routes tagged with $INTCOMM_PREF_OK_ROA community have the prefix validated by a ROA; origin ASN previously validated ($INTCOMM_ORIGIN_OK)
+match from 192.0.2.22 ext-community $INTCOMM_ORIGIN_OK ext-community $INTCOMM_PREF_OK_ROA set community 65530:2
+match from 192.0.2.22 ext-community $INTCOMM_ORIGIN_OK ext-community $INTCOMM_PREF_OK_ROA set large-community 999:65530:2
+
+match from 192.0.2.22 ext-community $INTCOMM_ORIGIN_OK ext-community $INTCOMM_PREF_OK_ROA set ext-community delete $INTCOMM_IRR_REJECT
+
+# routes tagged with $INTCOMM_PREF_OK_ARINDB community have the prefix validated by an ARIN Whois record; origin ASN previously validated ($INTCOMM_ORIGIN_OK)
+match from 192.0.2.22 ext-community $INTCOMM_ORIGIN_OK ext-community $INTCOMM_PREF_OK_ARINDB set community 65530:4
+match from 192.0.2.22 ext-community $INTCOMM_ORIGIN_OK ext-community $INTCOMM_PREF_OK_ARINDB set large-community 999:65530:4
+
+match from 192.0.2.22 ext-community $INTCOMM_ORIGIN_OK ext-community $INTCOMM_PREF_OK_ARINDB set ext-community delete $INTCOMM_IRR_REJECT
+
+
+
+# enforcing: origin ASN
+# Reject inbound routes when 'from 192.0.2.22 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_ORIGIN_KO' - reject code: 9
+allow quick from 192.0.2.22 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_ORIGIN_KO set {
+	localpref 1
+	community 65520:0
+	community 65520:9
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# enforcing: prefix
+# Reject inbound routes when 'from 192.0.2.22 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_PREFIX_KO' - reject code: 12
+allow quick from 192.0.2.22 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_PREFIX_KO set {
+	localpref 1
+	community 65520:0
+	community 65520:12
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# Blackhole request?
+match from 192.0.2.22 set ext-community delete rt 65520:10745
+
+
+# Remove internal communities before accepting the route
+match from 192.0.2.22 community BLACKHOLE set {
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+allow from 192.0.2.22 community 65534:0 set {
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+allow from 192.0.2.22 large-community 999:666:0 set {
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+allow quick from 192.0.2.22 community BLACKHOLE
+allow quick from 192.0.2.22 community 65534:0
+allow quick from 192.0.2.22 large-community 999:666:0
+
+
+match from 192.0.2.22 set ext-community rt 65520:10745
+
+
+# RPKI-based Origin Validation
+# Reject inbound routes when 'from 192.0.2.22 ext-community $INTCOMM_RPKI_INVALID' - reject code: 14
+allow quick from 192.0.2.22 ext-community $INTCOMM_RPKI_INVALID set {
+	localpref 1
+	community 65520:0
+	community 65520:14
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# Prefix: length
+# Reject inbound routes when 'from 192.0.2.22 prefix 0.0.0.0/0 prefixlen 8 >< 24' - reject code: 13
+allow quick from 192.0.2.22 prefix 0.0.0.0/0 prefixlen 8 >< 24 set {
+	localpref 1
+	community 65520:0
+	community 65520:13
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# Graceful shutdown
+match from 192.0.2.22 community GRACEFUL_SHUTDOWN set localpref 0
+
+# Remove internal communities before accepting the route
+match from 192.0.2.22 set {
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+match from 192.0.2.22 set ext-community delete rt 65520:10745
+
+
+
+allow quick from 192.0.2.22
+
+
+
+# ---------------------------------------------
+# client AS10745_1, outbound
+
+deny quick to 192.0.2.22 community 65520:0
+
+
+
+# Blackhole request?
+# Configured policy: rewrite-next-hop
+match to 192.0.2.22 community 65534:0 set community BLACKHOLE
+match to 192.0.2.22 large-community 999:666:0 set community BLACKHOLE
+
+match to 192.0.2.22 community BLACKHOLE set community NO_EXPORT
+match to 192.0.2.22 community BLACKHOLE set nexthop 192.0.2.66
+
+
+# RPKI-based Origin Validation
+# Do not announce INVALID to clients
+deny quick to 192.0.2.22 ext-community $INTCOMM_RPKI_INVALID
+
+# NO_EXPORT and NO_ADVERTISE communities
+# add_noexport_to_any
+match to 192.0.2.22 community 65507:999 set community NO_EXPORT
+match to 192.0.2.22 ext-community rt 65507:999 set community NO_EXPORT
+match to 192.0.2.22 large-community 999:65507:999 set community NO_EXPORT
+
+# add_noadvertise_to_any
+match to 192.0.2.22 community 65508:999 set community NO_ADVERTISE
+match to 192.0.2.22 ext-community rt 65508:999 set community NO_ADVERTISE
+match to 192.0.2.22 large-community 999:65508:999 set community NO_ADVERTISE
+
+# add_noexport_to_peer
+match to 192.0.2.22 community 65509:10745 set community NO_EXPORT
+match to 192.0.2.22 ext-community rt 65509:10745 set community NO_EXPORT
+match to 192.0.2.22 large-community 999:65509:10745 set community NO_EXPORT
+
+# add_noadvertise_to_peer
+match to 192.0.2.22 community 65510:10745 set community NO_ADVERTISE
+match to 192.0.2.22 ext-community rt 65510:10745 set community NO_ADVERTISE
+match to 192.0.2.22 large-community 999:65510:10745 set community NO_ADVERTISE
+
+
+# BGP control communities
+allow to 192.0.2.22
+
+# do_not_announce_to_any
+deny to 192.0.2.22 community 0:999
+deny to 192.0.2.22 ext-community rt 0:999
+deny to 192.0.2.22 large-community 999:0:999
+
+# do_not_announce_to_peer
+deny quick to 192.0.2.22 community 0:10745
+deny quick to 192.0.2.22 ext-community rt 0:10745
+deny quick to 192.0.2.22 large-community 999:0:10745
+
+# do_not_announce_to_peers_with_rtt_lower_than 500 ms
+deny to 192.0.2.22 community 64511:500
+deny to 192.0.2.22 ext-community rt 64511:500
+deny to 192.0.2.22 large-community 999:64511:500
+
+
+# announce_to_peers_with_rtt_lower_than 500 ms
+allow to 192.0.2.22 community 64513:500
+allow to 192.0.2.22 ext-community rt 64513:500
+allow to 192.0.2.22 large-community 999:64513:500
+
+
+# do_not_announce_to_peers_with_rtt_higher_than 5 ms
+deny to 192.0.2.22 community 64512:5
+deny to 192.0.2.22 ext-community rt 64512:5
+deny to 192.0.2.22 large-community 999:64512:5
+
+
+# do_not_announce_to_peers_with_rtt_higher_than 10 ms
+deny to 192.0.2.22 community 64512:10
+deny to 192.0.2.22 ext-community rt 64512:10
+deny to 192.0.2.22 large-community 999:64512:10
+
+
+# do_not_announce_to_peers_with_rtt_higher_than 15 ms
+deny to 192.0.2.22 community 64512:15
+deny to 192.0.2.22 ext-community rt 64512:15
+deny to 192.0.2.22 large-community 999:64512:15
+
+
+# do_not_announce_to_peers_with_rtt_higher_than 20 ms
+deny to 192.0.2.22 community 64512:20
+deny to 192.0.2.22 ext-community rt 64512:20
+deny to 192.0.2.22 large-community 999:64512:20
+
+
+# do_not_announce_to_peers_with_rtt_higher_than 30 ms
+deny to 192.0.2.22 community 64512:30
+deny to 192.0.2.22 ext-community rt 64512:30
+deny to 192.0.2.22 large-community 999:64512:30
+
+
+# do_not_announce_to_peers_with_rtt_higher_than 50 ms
+deny to 192.0.2.22 community 64512:50
+deny to 192.0.2.22 ext-community rt 64512:50
+deny to 192.0.2.22 large-community 999:64512:50
+
+
+# do_not_announce_to_peers_with_rtt_higher_than 100 ms
+deny to 192.0.2.22 community 64512:100
+deny to 192.0.2.22 ext-community rt 64512:100
+deny to 192.0.2.22 large-community 999:64512:100
+
+
+# do_not_announce_to_peers_with_rtt_higher_than 200 ms
+deny to 192.0.2.22 community 64512:200
+deny to 192.0.2.22 ext-community rt 64512:200
+deny to 192.0.2.22 large-community 999:64512:200
+
+
+# announce_to_peers_with_rtt_higher_than 5 ms
+allow to 192.0.2.22 community 64514:5
+allow to 192.0.2.22 ext-community rt 64514:5
+allow to 192.0.2.22 large-community 999:64514:5
+
+
+# announce_to_peers_with_rtt_higher_than 10 ms
+allow to 192.0.2.22 community 64514:10
+allow to 192.0.2.22 ext-community rt 64514:10
+allow to 192.0.2.22 large-community 999:64514:10
+
+
+# announce_to_peers_with_rtt_higher_than 15 ms
+allow to 192.0.2.22 community 64514:15
+allow to 192.0.2.22 ext-community rt 64514:15
+allow to 192.0.2.22 large-community 999:64514:15
+
+
+# announce_to_peers_with_rtt_higher_than 20 ms
+allow to 192.0.2.22 community 64514:20
+allow to 192.0.2.22 ext-community rt 64514:20
+allow to 192.0.2.22 large-community 999:64514:20
+
+
+# announce_to_peers_with_rtt_higher_than 30 ms
+allow to 192.0.2.22 community 64514:30
+allow to 192.0.2.22 ext-community rt 64514:30
+allow to 192.0.2.22 large-community 999:64514:30
+
+
+# announce_to_peers_with_rtt_higher_than 50 ms
+allow to 192.0.2.22 community 64514:50
+allow to 192.0.2.22 ext-community rt 64514:50
+allow to 192.0.2.22 large-community 999:64514:50
+
+
+# announce_to_peers_with_rtt_higher_than 100 ms
+allow to 192.0.2.22 community 64514:100
+allow to 192.0.2.22 ext-community rt 64514:100
+allow to 192.0.2.22 large-community 999:64514:100
+
+
+# announce_to_peers_with_rtt_higher_than 200 ms
+allow to 192.0.2.22 community 64514:200
+allow to 192.0.2.22 ext-community rt 64514:200
+allow to 192.0.2.22 large-community 999:64514:200
+
+
+# announce_to_peer
+allow to 192.0.2.22 community 999:10745
+allow to 192.0.2.22 ext-community rt 999:10745
+allow to 192.0.2.22 large-community 999:999:10745
+
+
+# Add the $INTCOMM_PROCESS_PREPEND_COMMS ext community to signal that communities
+# for prepending can be processed. As soon as one prepending action is performed,
+# this internal community is removed, so that further actions are not processed.
+match to 192.0.2.22 set ext-community $INTCOMM_PROCESS_PREPEND_COMMS
+
+# prepend_once_to_peer AS10745; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.22 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 65504:10745 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.22 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 65504:10745 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.22 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:65504:10745 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+# prepend_twice_to_peer AS10745; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.22 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 65505:10745 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.22 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 65505:10745 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.22 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:65505:10745 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+# prepend_thrice_to_peer AS10745; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.22 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 65506:10745 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.22 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 65506:10745 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.22 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:65506:10745 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_once_to_peers_with_rtt_higher_than 200 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.22 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64518:200 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.22 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64518:200 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.22 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64518:200 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_twice_to_peers_with_rtt_higher_than 200 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.22 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64519:200 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.22 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64519:200 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.22 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64519:200 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_thrice_to_peers_with_rtt_higher_than 200 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.22 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64520:200 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.22 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64520:200 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.22 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64520:200 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_once_to_peers_with_rtt_higher_than 100 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.22 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64518:100 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.22 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64518:100 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.22 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64518:100 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_twice_to_peers_with_rtt_higher_than 100 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.22 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64519:100 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.22 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64519:100 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.22 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64519:100 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_thrice_to_peers_with_rtt_higher_than 100 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.22 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64520:100 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.22 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64520:100 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.22 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64520:100 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_once_to_peers_with_rtt_higher_than 50 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.22 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64518:50 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.22 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64518:50 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.22 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64518:50 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_twice_to_peers_with_rtt_higher_than 50 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.22 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64519:50 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.22 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64519:50 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.22 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64519:50 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_thrice_to_peers_with_rtt_higher_than 50 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.22 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64520:50 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.22 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64520:50 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.22 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64520:50 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_once_to_peers_with_rtt_higher_than 30 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.22 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64518:30 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.22 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64518:30 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.22 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64518:30 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_twice_to_peers_with_rtt_higher_than 30 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.22 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64519:30 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.22 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64519:30 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.22 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64519:30 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_thrice_to_peers_with_rtt_higher_than 30 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.22 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64520:30 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.22 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64520:30 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.22 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64520:30 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_once_to_peers_with_rtt_higher_than 20 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.22 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64518:20 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.22 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64518:20 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.22 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64518:20 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_twice_to_peers_with_rtt_higher_than 20 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.22 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64519:20 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.22 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64519:20 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.22 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64519:20 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_thrice_to_peers_with_rtt_higher_than 20 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.22 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64520:20 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.22 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64520:20 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.22 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64520:20 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_once_to_peers_with_rtt_higher_than 15 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.22 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64518:15 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.22 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64518:15 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.22 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64518:15 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_twice_to_peers_with_rtt_higher_than 15 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.22 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64519:15 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.22 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64519:15 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.22 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64519:15 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_thrice_to_peers_with_rtt_higher_than 15 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.22 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64520:15 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.22 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64520:15 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.22 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64520:15 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_once_to_peers_with_rtt_higher_than 10 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.22 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64518:10 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.22 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64518:10 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.22 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64518:10 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_twice_to_peers_with_rtt_higher_than 10 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.22 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64519:10 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.22 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64519:10 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.22 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64519:10 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_thrice_to_peers_with_rtt_higher_than 10 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.22 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64520:10 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.22 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64520:10 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.22 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64520:10 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_once_to_peers_with_rtt_higher_than 5 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.22 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64518:5 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.22 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64518:5 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.22 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64518:5 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_twice_to_peers_with_rtt_higher_than 5 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.22 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64519:5 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.22 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64519:5 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.22 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64519:5 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_thrice_to_peers_with_rtt_higher_than 5 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.22 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64520:5 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.22 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64520:5 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.22 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64520:5 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_once_to_peers_with_rtt_lower_than 500 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.22 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64515:500 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.22 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64515:500 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.22 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64515:500 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_twice_to_peers_with_rtt_lower_than 500 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.22 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64516:500 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.22 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64516:500 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.22 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64516:500 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_thrice_to_peers_with_rtt_lower_than 500 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.22 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64517:500 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.22 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64517:500 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.22 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64517:500 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+
+# prepend_once_to_any; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.22 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 65501:999 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.22 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 65501:999 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.22 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:65501:999 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+# prepend_twice_to_any; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.22 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 65502:999 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.22 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 65502:999 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.22 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:65502:999 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+# prepend_thrice_to_any; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.22 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 65503:999 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.22 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 65503:999 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.22 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:65503:999 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+
+# ---------------------------------------------
+# client AS10745_2, inbound
+
+
+# Attach custom BGP communities
+# from_usa
+match from 2001:db8:1:1::22 set community 65534:2
+match from 2001:db8:1:1::22 set ext-community rt 65534:2
+match from 2001:db8:1:1::22 set large-community 999:65534:2
+
+# NEXT_HOP
+match from 2001:db8:1:1::22 set community NO_ADVERTISE
+match from 2001:db8:1:1::22 nexthop 2001:db8:1:1::22 set community delete NO_ADVERTISE
+# Reject inbound routes when 'from 2001:db8:1:1::22 community NO_ADVERTISE' - reject code: 5
+allow quick from 2001:db8:1:1::22 community NO_ADVERTISE set {
+	localpref 1
+	community 65520:0
+	community 65520:5
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: left-most ASN
+# Reject inbound routes when 'from 2001:db8:1:1::22 peer-as != 10745' - reject code: 6
+# community from reject_cause_map
+allow quick from 2001:db8:1:1::22 peer-as != 10745 set {
+	localpref 1
+	community 65520:0
+	community 65520:6
+	large-community 999:1101:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: invalid ASNs
+# Reject inbound routes when 'from 2001:db8:1:1::22 AS 23456' - reject code: 7
+allow quick from 2001:db8:1:1::22 AS 23456 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 2001:db8:1:1::22 AS 64496 - 131071' - reject code: 7
+allow quick from 2001:db8:1:1::22 AS 64496 - 131071 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 2001:db8:1:1::22 AS 4200000000 - 4294967295' - reject code: 7
+allow quick from 2001:db8:1:1::22 AS 4200000000 - 4294967295 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: transit-free ASNs
+# Reject inbound routes when 'from 2001:db8:1:1::22 AS { 174, 701, 1299, 2914, 3257, 3320, 3356, 5511, 6453, 6461, 6762, 6830, 7018, 12956 }' - reject code: 8
+allow quick from 2001:db8:1:1::22 AS { 174, 701, 1299, 2914, 3257, 3320, 3356, 5511, 6453, 6461, 6762, 6830, 7018, 12956 } set {
+	localpref 1
+	community 65520:0
+	community 65520:8
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: never via route-servers ASNs
+# Reject inbound routes when 'from 2001:db8:1:1::22 AS as-set neverviarouteserver' - reject code: 15
+allow quick from 2001:db8:1:1::22 AS as-set neverviarouteserver set {
+	localpref 1
+	community 65520:0
+	community 65520:15
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+match from 2001:db8:1:1::22 set ext-community $INTCOMM_IRR_REJECT
+
+# AS_PATH: check origin via AS-SET
+# IRRDB filters for AS10745_2, AS10745: asns
+# add $INTCOMM_ORIGIN_KO to any; it will be removed later if at least one AS-SET authorizes this object
+match from 2001:db8:1:1::22 set ext-community $INTCOMM_ORIGIN_KO
+# verifying if object is authorized by AS-SETs
+match from 2001:db8:1:1::22 source-as as-set AS_SET_AS10745_asns set {
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community $INTCOMM_ORIGIN_OK
+} # AS10745
+# adding not_present_in_as_set community to unauthorized routes
+match from 2001:db8:1:1::22 ext-community $INTCOMM_ORIGIN_KO set community 65530:0
+match from 2001:db8:1:1::22 ext-community $INTCOMM_ORIGIN_KO set large-community 999:65530:0
+# adding present_in_as_set community to authorized routes
+match from 2001:db8:1:1::22 ext-community $INTCOMM_ORIGIN_OK set community 65530:1
+match from 2001:db8:1:1::22 ext-community $INTCOMM_ORIGIN_OK set large-community 999:65530:1
+
+
+# Prefix: check prefix via AS-SET
+# IRRDB filters for AS10745_2, AS10745: prefixes
+# add $INTCOMM_PREFIX_KO to any; it will be removed later if at least one AS-SET authorizes this object
+match from 2001:db8:1:1::22 set ext-community $INTCOMM_PREFIX_KO
+# verifying if object is authorized by AS-SETs
+match from 2001:db8:1:1::22 prefix-set AS_SET_AS10745_prefixes set {
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community $INTCOMM_PREFIX_OK
+} # AS10745
+
+
+# routes tagged with $INTCOMM_PREF_OK_ROA community have the prefix validated by a ROA; origin ASN previously validated ($INTCOMM_ORIGIN_OK)
+match from 2001:db8:1:1::22 ext-community $INTCOMM_ORIGIN_OK ext-community $INTCOMM_PREF_OK_ROA set community 65530:2
+match from 2001:db8:1:1::22 ext-community $INTCOMM_ORIGIN_OK ext-community $INTCOMM_PREF_OK_ROA set large-community 999:65530:2
+
+match from 2001:db8:1:1::22 ext-community $INTCOMM_ORIGIN_OK ext-community $INTCOMM_PREF_OK_ROA set ext-community delete $INTCOMM_IRR_REJECT
+
+# routes tagged with $INTCOMM_PREF_OK_ARINDB community have the prefix validated by an ARIN Whois record; origin ASN previously validated ($INTCOMM_ORIGIN_OK)
+match from 2001:db8:1:1::22 ext-community $INTCOMM_ORIGIN_OK ext-community $INTCOMM_PREF_OK_ARINDB set community 65530:4
+match from 2001:db8:1:1::22 ext-community $INTCOMM_ORIGIN_OK ext-community $INTCOMM_PREF_OK_ARINDB set large-community 999:65530:4
+
+match from 2001:db8:1:1::22 ext-community $INTCOMM_ORIGIN_OK ext-community $INTCOMM_PREF_OK_ARINDB set ext-community delete $INTCOMM_IRR_REJECT
+
+
+
+# enforcing: origin ASN
+# Reject inbound routes when 'from 2001:db8:1:1::22 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_ORIGIN_KO' - reject code: 9
+allow quick from 2001:db8:1:1::22 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_ORIGIN_KO set {
+	localpref 1
+	community 65520:0
+	community 65520:9
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# enforcing: prefix
+# Reject inbound routes when 'from 2001:db8:1:1::22 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_PREFIX_KO' - reject code: 12
+allow quick from 2001:db8:1:1::22 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_PREFIX_KO set {
+	localpref 1
+	community 65520:0
+	community 65520:12
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# Blackhole request?
+match from 2001:db8:1:1::22 set ext-community delete rt 65520:10745
+
+
+# Remove internal communities before accepting the route
+match from 2001:db8:1:1::22 community BLACKHOLE set {
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+allow from 2001:db8:1:1::22 community 65534:0 set {
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+allow from 2001:db8:1:1::22 large-community 999:666:0 set {
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+allow quick from 2001:db8:1:1::22 community BLACKHOLE
+allow quick from 2001:db8:1:1::22 community 65534:0
+allow quick from 2001:db8:1:1::22 large-community 999:666:0
+
+
+match from 2001:db8:1:1::22 set ext-community rt 65520:10745
+
+
+# RPKI-based Origin Validation
+# Reject inbound routes when 'from 2001:db8:1:1::22 ext-community $INTCOMM_RPKI_INVALID' - reject code: 14
+allow quick from 2001:db8:1:1::22 ext-community $INTCOMM_RPKI_INVALID set {
+	localpref 1
+	community 65520:0
+	community 65520:14
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# Prefix: length
+# Reject inbound routes when 'from 2001:db8:1:1::22 prefix ::/0 prefixlen 12 >< 48' - reject code: 13
+allow quick from 2001:db8:1:1::22 prefix ::/0 prefixlen 12 >< 48 set {
+	localpref 1
+	community 65520:0
+	community 65520:13
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# Graceful shutdown
+match from 2001:db8:1:1::22 community GRACEFUL_SHUTDOWN set localpref 0
+
+# Remove internal communities before accepting the route
+match from 2001:db8:1:1::22 set {
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+match from 2001:db8:1:1::22 set ext-community delete rt 65520:10745
+
+
+
+allow quick from 2001:db8:1:1::22
+
+
+
+# ---------------------------------------------
+# client AS10745_2, outbound
+
+deny quick to 2001:db8:1:1::22 community 65520:0
+
+
+
+# Blackhole request?
+# Configured policy: rewrite-next-hop
+match to 2001:db8:1:1::22 community 65534:0 set community BLACKHOLE
+match to 2001:db8:1:1::22 large-community 999:666:0 set community BLACKHOLE
+
+match to 2001:db8:1:1::22 community BLACKHOLE set community NO_EXPORT
+match to 2001:db8:1:1::22 community BLACKHOLE set nexthop 2001:db8:1:1::66
+
+
+# RPKI-based Origin Validation
+# Do not announce INVALID to clients
+deny quick to 2001:db8:1:1::22 ext-community $INTCOMM_RPKI_INVALID
+
+# NO_EXPORT and NO_ADVERTISE communities
+# add_noexport_to_any
+match to 2001:db8:1:1::22 community 65507:999 set community NO_EXPORT
+match to 2001:db8:1:1::22 ext-community rt 65507:999 set community NO_EXPORT
+match to 2001:db8:1:1::22 large-community 999:65507:999 set community NO_EXPORT
+
+# add_noadvertise_to_any
+match to 2001:db8:1:1::22 community 65508:999 set community NO_ADVERTISE
+match to 2001:db8:1:1::22 ext-community rt 65508:999 set community NO_ADVERTISE
+match to 2001:db8:1:1::22 large-community 999:65508:999 set community NO_ADVERTISE
+
+# add_noexport_to_peer
+match to 2001:db8:1:1::22 community 65509:10745 set community NO_EXPORT
+match to 2001:db8:1:1::22 ext-community rt 65509:10745 set community NO_EXPORT
+match to 2001:db8:1:1::22 large-community 999:65509:10745 set community NO_EXPORT
+
+# add_noadvertise_to_peer
+match to 2001:db8:1:1::22 community 65510:10745 set community NO_ADVERTISE
+match to 2001:db8:1:1::22 ext-community rt 65510:10745 set community NO_ADVERTISE
+match to 2001:db8:1:1::22 large-community 999:65510:10745 set community NO_ADVERTISE
+
+
+# BGP control communities
+allow to 2001:db8:1:1::22
+
+# do_not_announce_to_any
+deny to 2001:db8:1:1::22 community 0:999
+deny to 2001:db8:1:1::22 ext-community rt 0:999
+deny to 2001:db8:1:1::22 large-community 999:0:999
+
+# do_not_announce_to_peer
+deny quick to 2001:db8:1:1::22 community 0:10745
+deny quick to 2001:db8:1:1::22 ext-community rt 0:10745
+deny quick to 2001:db8:1:1::22 large-community 999:0:10745
+
+# do_not_announce_to_peers_with_rtt_lower_than 500 ms
+deny to 2001:db8:1:1::22 community 64511:500
+deny to 2001:db8:1:1::22 ext-community rt 64511:500
+deny to 2001:db8:1:1::22 large-community 999:64511:500
+
+
+# announce_to_peers_with_rtt_lower_than 500 ms
+allow to 2001:db8:1:1::22 community 64513:500
+allow to 2001:db8:1:1::22 ext-community rt 64513:500
+allow to 2001:db8:1:1::22 large-community 999:64513:500
+
+
+# do_not_announce_to_peers_with_rtt_higher_than 5 ms
+deny to 2001:db8:1:1::22 community 64512:5
+deny to 2001:db8:1:1::22 ext-community rt 64512:5
+deny to 2001:db8:1:1::22 large-community 999:64512:5
+
+
+# do_not_announce_to_peers_with_rtt_higher_than 10 ms
+deny to 2001:db8:1:1::22 community 64512:10
+deny to 2001:db8:1:1::22 ext-community rt 64512:10
+deny to 2001:db8:1:1::22 large-community 999:64512:10
+
+
+# do_not_announce_to_peers_with_rtt_higher_than 15 ms
+deny to 2001:db8:1:1::22 community 64512:15
+deny to 2001:db8:1:1::22 ext-community rt 64512:15
+deny to 2001:db8:1:1::22 large-community 999:64512:15
+
+
+# do_not_announce_to_peers_with_rtt_higher_than 20 ms
+deny to 2001:db8:1:1::22 community 64512:20
+deny to 2001:db8:1:1::22 ext-community rt 64512:20
+deny to 2001:db8:1:1::22 large-community 999:64512:20
+
+
+# do_not_announce_to_peers_with_rtt_higher_than 30 ms
+deny to 2001:db8:1:1::22 community 64512:30
+deny to 2001:db8:1:1::22 ext-community rt 64512:30
+deny to 2001:db8:1:1::22 large-community 999:64512:30
+
+
+# do_not_announce_to_peers_with_rtt_higher_than 50 ms
+deny to 2001:db8:1:1::22 community 64512:50
+deny to 2001:db8:1:1::22 ext-community rt 64512:50
+deny to 2001:db8:1:1::22 large-community 999:64512:50
+
+
+# do_not_announce_to_peers_with_rtt_higher_than 100 ms
+deny to 2001:db8:1:1::22 community 64512:100
+deny to 2001:db8:1:1::22 ext-community rt 64512:100
+deny to 2001:db8:1:1::22 large-community 999:64512:100
+
+
+# do_not_announce_to_peers_with_rtt_higher_than 200 ms
+deny to 2001:db8:1:1::22 community 64512:200
+deny to 2001:db8:1:1::22 ext-community rt 64512:200
+deny to 2001:db8:1:1::22 large-community 999:64512:200
+
+
+# announce_to_peers_with_rtt_higher_than 5 ms
+allow to 2001:db8:1:1::22 community 64514:5
+allow to 2001:db8:1:1::22 ext-community rt 64514:5
+allow to 2001:db8:1:1::22 large-community 999:64514:5
+
+
+# announce_to_peers_with_rtt_higher_than 10 ms
+allow to 2001:db8:1:1::22 community 64514:10
+allow to 2001:db8:1:1::22 ext-community rt 64514:10
+allow to 2001:db8:1:1::22 large-community 999:64514:10
+
+
+# announce_to_peers_with_rtt_higher_than 15 ms
+allow to 2001:db8:1:1::22 community 64514:15
+allow to 2001:db8:1:1::22 ext-community rt 64514:15
+allow to 2001:db8:1:1::22 large-community 999:64514:15
+
+
+# announce_to_peers_with_rtt_higher_than 20 ms
+allow to 2001:db8:1:1::22 community 64514:20
+allow to 2001:db8:1:1::22 ext-community rt 64514:20
+allow to 2001:db8:1:1::22 large-community 999:64514:20
+
+
+# announce_to_peers_with_rtt_higher_than 30 ms
+allow to 2001:db8:1:1::22 community 64514:30
+allow to 2001:db8:1:1::22 ext-community rt 64514:30
+allow to 2001:db8:1:1::22 large-community 999:64514:30
+
+
+# announce_to_peers_with_rtt_higher_than 50 ms
+allow to 2001:db8:1:1::22 community 64514:50
+allow to 2001:db8:1:1::22 ext-community rt 64514:50
+allow to 2001:db8:1:1::22 large-community 999:64514:50
+
+
+# announce_to_peers_with_rtt_higher_than 100 ms
+allow to 2001:db8:1:1::22 community 64514:100
+allow to 2001:db8:1:1::22 ext-community rt 64514:100
+allow to 2001:db8:1:1::22 large-community 999:64514:100
+
+
+# announce_to_peers_with_rtt_higher_than 200 ms
+allow to 2001:db8:1:1::22 community 64514:200
+allow to 2001:db8:1:1::22 ext-community rt 64514:200
+allow to 2001:db8:1:1::22 large-community 999:64514:200
+
+
+# announce_to_peer
+allow to 2001:db8:1:1::22 community 999:10745
+allow to 2001:db8:1:1::22 ext-community rt 999:10745
+allow to 2001:db8:1:1::22 large-community 999:999:10745
+
+
+# Add the $INTCOMM_PROCESS_PREPEND_COMMS ext community to signal that communities
+# for prepending can be processed. As soon as one prepending action is performed,
+# this internal community is removed, so that further actions are not processed.
+match to 2001:db8:1:1::22 set ext-community $INTCOMM_PROCESS_PREPEND_COMMS
+
+# prepend_once_to_peer AS10745; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::22 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 65504:10745 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::22 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 65504:10745 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::22 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:65504:10745 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+# prepend_twice_to_peer AS10745; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::22 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 65505:10745 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::22 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 65505:10745 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::22 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:65505:10745 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+# prepend_thrice_to_peer AS10745; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::22 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 65506:10745 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::22 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 65506:10745 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::22 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:65506:10745 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_once_to_peers_with_rtt_higher_than 200 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::22 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64518:200 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::22 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64518:200 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::22 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64518:200 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_twice_to_peers_with_rtt_higher_than 200 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::22 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64519:200 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::22 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64519:200 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::22 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64519:200 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_thrice_to_peers_with_rtt_higher_than 200 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::22 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64520:200 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::22 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64520:200 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::22 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64520:200 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_once_to_peers_with_rtt_higher_than 100 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::22 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64518:100 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::22 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64518:100 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::22 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64518:100 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_twice_to_peers_with_rtt_higher_than 100 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::22 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64519:100 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::22 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64519:100 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::22 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64519:100 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_thrice_to_peers_with_rtt_higher_than 100 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::22 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64520:100 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::22 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64520:100 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::22 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64520:100 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_once_to_peers_with_rtt_higher_than 50 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::22 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64518:50 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::22 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64518:50 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::22 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64518:50 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_twice_to_peers_with_rtt_higher_than 50 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::22 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64519:50 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::22 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64519:50 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::22 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64519:50 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_thrice_to_peers_with_rtt_higher_than 50 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::22 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64520:50 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::22 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64520:50 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::22 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64520:50 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_once_to_peers_with_rtt_higher_than 30 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::22 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64518:30 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::22 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64518:30 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::22 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64518:30 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_twice_to_peers_with_rtt_higher_than 30 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::22 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64519:30 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::22 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64519:30 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::22 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64519:30 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_thrice_to_peers_with_rtt_higher_than 30 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::22 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64520:30 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::22 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64520:30 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::22 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64520:30 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_once_to_peers_with_rtt_higher_than 20 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::22 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64518:20 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::22 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64518:20 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::22 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64518:20 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_twice_to_peers_with_rtt_higher_than 20 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::22 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64519:20 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::22 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64519:20 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::22 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64519:20 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_thrice_to_peers_with_rtt_higher_than 20 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::22 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64520:20 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::22 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64520:20 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::22 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64520:20 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_once_to_peers_with_rtt_higher_than 15 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::22 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64518:15 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::22 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64518:15 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::22 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64518:15 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_twice_to_peers_with_rtt_higher_than 15 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::22 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64519:15 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::22 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64519:15 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::22 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64519:15 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_thrice_to_peers_with_rtt_higher_than 15 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::22 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64520:15 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::22 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64520:15 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::22 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64520:15 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_once_to_peers_with_rtt_higher_than 10 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::22 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64518:10 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::22 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64518:10 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::22 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64518:10 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_twice_to_peers_with_rtt_higher_than 10 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::22 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64519:10 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::22 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64519:10 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::22 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64519:10 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_thrice_to_peers_with_rtt_higher_than 10 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::22 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64520:10 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::22 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64520:10 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::22 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64520:10 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_once_to_peers_with_rtt_higher_than 5 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::22 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64518:5 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::22 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64518:5 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::22 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64518:5 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_twice_to_peers_with_rtt_higher_than 5 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::22 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64519:5 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::22 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64519:5 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::22 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64519:5 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_thrice_to_peers_with_rtt_higher_than 5 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::22 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64520:5 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::22 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64520:5 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::22 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64520:5 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_once_to_peers_with_rtt_lower_than 500 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::22 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64515:500 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::22 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64515:500 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::22 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64515:500 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_twice_to_peers_with_rtt_lower_than 500 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::22 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64516:500 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::22 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64516:500 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::22 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64516:500 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_thrice_to_peers_with_rtt_lower_than 500 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::22 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64517:500 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::22 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64517:500 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::22 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64517:500 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+
+# prepend_once_to_any; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::22 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 65501:999 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::22 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 65501:999 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::22 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:65501:999 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+# prepend_twice_to_any; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::22 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 65502:999 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::22 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 65502:999 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::22 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:65502:999 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+# prepend_thrice_to_any; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::22 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 65503:999 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::22 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 65503:999 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::22 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:65503:999 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+
+# ---------------------------------------------
+# client AS3333_1, inbound
+
+
+# Attach custom BGP communities
+# from_europe
+match from 192.0.2.11 set community 65534:1
+match from 192.0.2.11 set ext-community rt 65534:1
+match from 192.0.2.11 set large-community 999:65534:1
+
+# NEXT_HOP
+match from 192.0.2.11 set community NO_ADVERTISE
+match from 192.0.2.11 nexthop 192.0.2.11 set community delete NO_ADVERTISE
+# Reject inbound routes when 'from 192.0.2.11 community NO_ADVERTISE' - reject code: 5
+allow quick from 192.0.2.11 community NO_ADVERTISE set {
+	localpref 1
+	community 65520:0
+	community 65520:5
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: left-most ASN
+# Reject inbound routes when 'from 192.0.2.11 peer-as != 3333' - reject code: 6
+# community from reject_cause_map
+allow quick from 192.0.2.11 peer-as != 3333 set {
+	localpref 1
+	community 65520:0
+	community 65520:6
+	large-community 999:1101:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: invalid ASNs
+# Reject inbound routes when 'from 192.0.2.11 AS 23456' - reject code: 7
+allow quick from 192.0.2.11 AS 23456 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 192.0.2.11 AS 64496 - 131071' - reject code: 7
+allow quick from 192.0.2.11 AS 64496 - 131071 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 192.0.2.11 AS 4200000000 - 4294967295' - reject code: 7
+allow quick from 192.0.2.11 AS 4200000000 - 4294967295 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: transit-free ASNs
+# Reject inbound routes when 'from 192.0.2.11 AS { 174, 701, 1299, 2914, 3257, 3320, 3356, 5511, 6453, 6461, 6762, 6830, 7018, 12956 }' - reject code: 8
+allow quick from 192.0.2.11 AS { 174, 701, 1299, 2914, 3257, 3320, 3356, 5511, 6453, 6461, 6762, 6830, 7018, 12956 } set {
+	localpref 1
+	community 65520:0
+	community 65520:8
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: never via route-servers ASNs
+# Reject inbound routes when 'from 192.0.2.11 AS as-set neverviarouteserver' - reject code: 15
+allow quick from 192.0.2.11 AS as-set neverviarouteserver set {
+	localpref 1
+	community 65520:0
+	community 65520:15
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+match from 192.0.2.11 set ext-community $INTCOMM_IRR_REJECT
+
+# AS_PATH: check origin via AS-SET
+# IRRDB filters for AS3333_1, AS3333: asns
+# add $INTCOMM_ORIGIN_KO to any; it will be removed later if at least one AS-SET authorizes this object
+match from 192.0.2.11 set ext-community $INTCOMM_ORIGIN_KO
+# verifying if object is authorized by AS-SETs
+match from 192.0.2.11 source-as as-set AS_SET_AS3333_asns set {
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community $INTCOMM_ORIGIN_OK
+} # AS3333
+# AS-SET AS_RIPENCC referenced but empty.
+# adding not_present_in_as_set community to unauthorized routes
+match from 192.0.2.11 ext-community $INTCOMM_ORIGIN_KO set community 65530:0
+match from 192.0.2.11 ext-community $INTCOMM_ORIGIN_KO set large-community 999:65530:0
+# adding present_in_as_set community to authorized routes
+match from 192.0.2.11 ext-community $INTCOMM_ORIGIN_OK set community 65530:1
+match from 192.0.2.11 ext-community $INTCOMM_ORIGIN_OK set large-community 999:65530:1
+
+
+# Prefix: check prefix via AS-SET
+# IRRDB filters for AS3333_1, AS3333: prefixes
+# add $INTCOMM_PREFIX_KO to any; it will be removed later if at least one AS-SET authorizes this object
+match from 192.0.2.11 set ext-community $INTCOMM_PREFIX_KO
+# verifying if object is authorized by AS-SETs
+match from 192.0.2.11 prefix-set AS_SET_AS3333_prefixes set {
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community $INTCOMM_PREFIX_OK
+} # AS3333
+# AS-SET AS_RIPENCC referenced but empty.
+
+
+# routes tagged with $INTCOMM_PREF_OK_ROA community have the prefix validated by a ROA; origin ASN previously validated ($INTCOMM_ORIGIN_OK)
+match from 192.0.2.11 ext-community $INTCOMM_ORIGIN_OK ext-community $INTCOMM_PREF_OK_ROA set community 65530:2
+match from 192.0.2.11 ext-community $INTCOMM_ORIGIN_OK ext-community $INTCOMM_PREF_OK_ROA set large-community 999:65530:2
+
+match from 192.0.2.11 ext-community $INTCOMM_ORIGIN_OK ext-community $INTCOMM_PREF_OK_ROA set ext-community delete $INTCOMM_IRR_REJECT
+
+# routes tagged with $INTCOMM_PREF_OK_ARINDB community have the prefix validated by an ARIN Whois record; origin ASN previously validated ($INTCOMM_ORIGIN_OK)
+match from 192.0.2.11 ext-community $INTCOMM_ORIGIN_OK ext-community $INTCOMM_PREF_OK_ARINDB set community 65530:4
+match from 192.0.2.11 ext-community $INTCOMM_ORIGIN_OK ext-community $INTCOMM_PREF_OK_ARINDB set large-community 999:65530:4
+
+match from 192.0.2.11 ext-community $INTCOMM_ORIGIN_OK ext-community $INTCOMM_PREF_OK_ARINDB set ext-community delete $INTCOMM_IRR_REJECT
+
+
+
+# enforcing: origin ASN
+# Reject inbound routes when 'from 192.0.2.11 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_ORIGIN_KO' - reject code: 9
+allow quick from 192.0.2.11 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_ORIGIN_KO set {
+	localpref 1
+	community 65520:0
+	community 65520:9
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# enforcing: prefix
+# Reject inbound routes when 'from 192.0.2.11 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_PREFIX_KO' - reject code: 12
+allow quick from 192.0.2.11 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_PREFIX_KO set {
+	localpref 1
+	community 65520:0
+	community 65520:12
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# Blackhole request?
+match from 192.0.2.11 set ext-community delete rt 65520:3333
+
+
+# Remove internal communities before accepting the route
+match from 192.0.2.11 community BLACKHOLE set {
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+allow from 192.0.2.11 community 65534:0 set {
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+allow from 192.0.2.11 large-community 999:666:0 set {
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+allow quick from 192.0.2.11 community BLACKHOLE
+allow quick from 192.0.2.11 community 65534:0
+allow quick from 192.0.2.11 large-community 999:666:0
+
+
+match from 192.0.2.11 set ext-community rt 65520:3333
+
+
+# RPKI-based Origin Validation
+# Reject inbound routes when 'from 192.0.2.11 ext-community $INTCOMM_RPKI_INVALID' - reject code: 14
+allow quick from 192.0.2.11 ext-community $INTCOMM_RPKI_INVALID set {
+	localpref 1
+	community 65520:0
+	community 65520:14
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# Prefix: length
+# Reject inbound routes when 'from 192.0.2.11 prefix 0.0.0.0/0 prefixlen 8 >< 24' - reject code: 13
+allow quick from 192.0.2.11 prefix 0.0.0.0/0 prefixlen 8 >< 24 set {
+	localpref 1
+	community 65520:0
+	community 65520:13
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# Graceful shutdown
+match from 192.0.2.11 community GRACEFUL_SHUTDOWN set localpref 0
+
+# Remove internal communities before accepting the route
+match from 192.0.2.11 set {
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+match from 192.0.2.11 set ext-community delete rt 65520:3333
+
+
+
+allow quick from 192.0.2.11
+
+
+
+# ---------------------------------------------
+# client AS3333_1, outbound
+
+deny quick to 192.0.2.11 community 65520:0
+
+
+
+# Blackhole request?
+# Configured policy: rewrite-next-hop
+match to 192.0.2.11 community 65534:0 set community BLACKHOLE
+match to 192.0.2.11 large-community 999:666:0 set community BLACKHOLE
+
+match to 192.0.2.11 community BLACKHOLE set community NO_EXPORT
+match to 192.0.2.11 community BLACKHOLE set nexthop 192.0.2.66
+
+
+# RPKI-based Origin Validation
+# Do not announce INVALID to clients
+deny quick to 192.0.2.11 ext-community $INTCOMM_RPKI_INVALID
+
+# NO_EXPORT and NO_ADVERTISE communities
+# add_noexport_to_any
+match to 192.0.2.11 community 65507:999 set community NO_EXPORT
+match to 192.0.2.11 ext-community rt 65507:999 set community NO_EXPORT
+match to 192.0.2.11 large-community 999:65507:999 set community NO_EXPORT
+
+# add_noadvertise_to_any
+match to 192.0.2.11 community 65508:999 set community NO_ADVERTISE
+match to 192.0.2.11 ext-community rt 65508:999 set community NO_ADVERTISE
+match to 192.0.2.11 large-community 999:65508:999 set community NO_ADVERTISE
+
+# add_noexport_to_peer
+match to 192.0.2.11 community 65509:3333 set community NO_EXPORT
+match to 192.0.2.11 ext-community rt 65509:3333 set community NO_EXPORT
+match to 192.0.2.11 large-community 999:65509:3333 set community NO_EXPORT
+
+# add_noadvertise_to_peer
+match to 192.0.2.11 community 65510:3333 set community NO_ADVERTISE
+match to 192.0.2.11 ext-community rt 65510:3333 set community NO_ADVERTISE
+match to 192.0.2.11 large-community 999:65510:3333 set community NO_ADVERTISE
+
+
+# BGP control communities
+allow to 192.0.2.11
+
+# do_not_announce_to_any
+deny to 192.0.2.11 community 0:999
+deny to 192.0.2.11 ext-community rt 0:999
+deny to 192.0.2.11 large-community 999:0:999
+
+# do_not_announce_to_peer
+deny quick to 192.0.2.11 community 0:3333
+deny quick to 192.0.2.11 ext-community rt 0:3333
+deny quick to 192.0.2.11 large-community 999:0:3333
+
+# do_not_announce_to_peers_with_rtt_lower_than 200 ms
+deny to 192.0.2.11 community 64511:200
+deny to 192.0.2.11 ext-community rt 64511:200
+deny to 192.0.2.11 large-community 999:64511:200
+
+
+# do_not_announce_to_peers_with_rtt_lower_than 500 ms
+deny to 192.0.2.11 community 64511:500
+deny to 192.0.2.11 ext-community rt 64511:500
+deny to 192.0.2.11 large-community 999:64511:500
+
+
+# announce_to_peers_with_rtt_lower_than 200 ms
+allow to 192.0.2.11 community 64513:200
+allow to 192.0.2.11 ext-community rt 64513:200
+allow to 192.0.2.11 large-community 999:64513:200
+
+
+# announce_to_peers_with_rtt_lower_than 500 ms
+allow to 192.0.2.11 community 64513:500
+allow to 192.0.2.11 ext-community rt 64513:500
+allow to 192.0.2.11 large-community 999:64513:500
+
+
+# do_not_announce_to_peers_with_rtt_higher_than 5 ms
+deny to 192.0.2.11 community 64512:5
+deny to 192.0.2.11 ext-community rt 64512:5
+deny to 192.0.2.11 large-community 999:64512:5
+
+
+# do_not_announce_to_peers_with_rtt_higher_than 10 ms
+deny to 192.0.2.11 community 64512:10
+deny to 192.0.2.11 ext-community rt 64512:10
+deny to 192.0.2.11 large-community 999:64512:10
+
+
+# do_not_announce_to_peers_with_rtt_higher_than 15 ms
+deny to 192.0.2.11 community 64512:15
+deny to 192.0.2.11 ext-community rt 64512:15
+deny to 192.0.2.11 large-community 999:64512:15
+
+
+# do_not_announce_to_peers_with_rtt_higher_than 20 ms
+deny to 192.0.2.11 community 64512:20
+deny to 192.0.2.11 ext-community rt 64512:20
+deny to 192.0.2.11 large-community 999:64512:20
+
+
+# do_not_announce_to_peers_with_rtt_higher_than 30 ms
+deny to 192.0.2.11 community 64512:30
+deny to 192.0.2.11 ext-community rt 64512:30
+deny to 192.0.2.11 large-community 999:64512:30
+
+
+# do_not_announce_to_peers_with_rtt_higher_than 50 ms
+deny to 192.0.2.11 community 64512:50
+deny to 192.0.2.11 ext-community rt 64512:50
+deny to 192.0.2.11 large-community 999:64512:50
+
+
+# do_not_announce_to_peers_with_rtt_higher_than 100 ms
+deny to 192.0.2.11 community 64512:100
+deny to 192.0.2.11 ext-community rt 64512:100
+deny to 192.0.2.11 large-community 999:64512:100
+
+
+# announce_to_peers_with_rtt_higher_than 5 ms
+allow to 192.0.2.11 community 64514:5
+allow to 192.0.2.11 ext-community rt 64514:5
+allow to 192.0.2.11 large-community 999:64514:5
+
+
+# announce_to_peers_with_rtt_higher_than 10 ms
+allow to 192.0.2.11 community 64514:10
+allow to 192.0.2.11 ext-community rt 64514:10
+allow to 192.0.2.11 large-community 999:64514:10
+
+
+# announce_to_peers_with_rtt_higher_than 15 ms
+allow to 192.0.2.11 community 64514:15
+allow to 192.0.2.11 ext-community rt 64514:15
+allow to 192.0.2.11 large-community 999:64514:15
+
+
+# announce_to_peers_with_rtt_higher_than 20 ms
+allow to 192.0.2.11 community 64514:20
+allow to 192.0.2.11 ext-community rt 64514:20
+allow to 192.0.2.11 large-community 999:64514:20
+
+
+# announce_to_peers_with_rtt_higher_than 30 ms
+allow to 192.0.2.11 community 64514:30
+allow to 192.0.2.11 ext-community rt 64514:30
+allow to 192.0.2.11 large-community 999:64514:30
+
+
+# announce_to_peers_with_rtt_higher_than 50 ms
+allow to 192.0.2.11 community 64514:50
+allow to 192.0.2.11 ext-community rt 64514:50
+allow to 192.0.2.11 large-community 999:64514:50
+
+
+# announce_to_peers_with_rtt_higher_than 100 ms
+allow to 192.0.2.11 community 64514:100
+allow to 192.0.2.11 ext-community rt 64514:100
+allow to 192.0.2.11 large-community 999:64514:100
+
+
+# announce_to_peer
+allow to 192.0.2.11 community 999:3333
+allow to 192.0.2.11 ext-community rt 999:3333
+allow to 192.0.2.11 large-community 999:999:3333
+
+
+# Add the $INTCOMM_PROCESS_PREPEND_COMMS ext community to signal that communities
+# for prepending can be processed. As soon as one prepending action is performed,
+# this internal community is removed, so that further actions are not processed.
+match to 192.0.2.11 set ext-community $INTCOMM_PROCESS_PREPEND_COMMS
+
+# prepend_once_to_peer AS3333; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 65504:3333 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 65504:3333 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:65504:3333 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+# prepend_twice_to_peer AS3333; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 65505:3333 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 65505:3333 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:65505:3333 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+# prepend_thrice_to_peer AS3333; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 65506:3333 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 65506:3333 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:65506:3333 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_once_to_peers_with_rtt_higher_than 100 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64518:100 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64518:100 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64518:100 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_twice_to_peers_with_rtt_higher_than 100 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64519:100 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64519:100 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64519:100 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_thrice_to_peers_with_rtt_higher_than 100 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64520:100 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64520:100 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64520:100 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_once_to_peers_with_rtt_higher_than 50 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64518:50 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64518:50 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64518:50 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_twice_to_peers_with_rtt_higher_than 50 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64519:50 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64519:50 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64519:50 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_thrice_to_peers_with_rtt_higher_than 50 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64520:50 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64520:50 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64520:50 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_once_to_peers_with_rtt_higher_than 30 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64518:30 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64518:30 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64518:30 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_twice_to_peers_with_rtt_higher_than 30 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64519:30 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64519:30 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64519:30 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_thrice_to_peers_with_rtt_higher_than 30 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64520:30 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64520:30 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64520:30 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_once_to_peers_with_rtt_higher_than 20 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64518:20 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64518:20 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64518:20 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_twice_to_peers_with_rtt_higher_than 20 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64519:20 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64519:20 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64519:20 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_thrice_to_peers_with_rtt_higher_than 20 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64520:20 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64520:20 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64520:20 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_once_to_peers_with_rtt_higher_than 15 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64518:15 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64518:15 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64518:15 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_twice_to_peers_with_rtt_higher_than 15 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64519:15 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64519:15 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64519:15 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_thrice_to_peers_with_rtt_higher_than 15 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64520:15 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64520:15 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64520:15 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_once_to_peers_with_rtt_higher_than 10 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64518:10 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64518:10 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64518:10 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_twice_to_peers_with_rtt_higher_than 10 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64519:10 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64519:10 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64519:10 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_thrice_to_peers_with_rtt_higher_than 10 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64520:10 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64520:10 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64520:10 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_once_to_peers_with_rtt_higher_than 5 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64518:5 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64518:5 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64518:5 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_twice_to_peers_with_rtt_higher_than 5 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64519:5 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64519:5 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64519:5 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_thrice_to_peers_with_rtt_higher_than 5 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64520:5 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64520:5 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64520:5 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_once_to_peers_with_rtt_lower_than 200 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64515:200 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64515:200 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64515:200 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_twice_to_peers_with_rtt_lower_than 200 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64516:200 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64516:200 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64516:200 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_thrice_to_peers_with_rtt_lower_than 200 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64517:200 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64517:200 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64517:200 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_once_to_peers_with_rtt_lower_than 500 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64515:500 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64515:500 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64515:500 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_twice_to_peers_with_rtt_lower_than 500 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64516:500 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64516:500 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64516:500 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_thrice_to_peers_with_rtt_lower_than 500 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64517:500 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64517:500 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64517:500 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+
+# prepend_once_to_any; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 65501:999 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 65501:999 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:65501:999 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+# prepend_twice_to_any; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 65502:999 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 65502:999 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:65502:999 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+# prepend_thrice_to_any; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 65503:999 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 65503:999 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:65503:999 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+
+
+
+# Scrub communities from outbound routes
+# add_noadvertise_to_any
+match to group clients set community delete 65508:999
+match to group clients set ext-community delete rt 65508:999
+match to group clients set large-community delete 999:65508:999
+
+# add_noadvertise_to_peer
+match to group clients set community delete 65510:*
+match to group clients set ext-community delete rt 65510:*
+match to group clients set large-community delete 999:65510:*
+
+# add_noexport_to_any
+match to group clients set community delete 65507:999
+match to group clients set ext-community delete rt 65507:999
+match to group clients set large-community delete 999:65507:999
+
+# add_noexport_to_peer
+match to group clients set community delete 65509:*
+match to group clients set ext-community delete rt 65509:*
+match to group clients set large-community delete 999:65509:*
+
+# announce_to_peer
+match to group clients set community delete 999:*
+match to group clients set ext-community delete rt 999:*
+match to group clients set large-community delete 999:999:*
+
+# announce_to_peers_with_rtt_higher_than
+match to group clients set community delete 64514:*
+match to group clients set ext-community delete rt 64514:*
+match to group clients set large-community delete 999:64514:*
+
+# announce_to_peers_with_rtt_lower_than
+match to group clients set community delete 64513:*
+match to group clients set ext-community delete rt 64513:*
+match to group clients set large-community delete 999:64513:*
+
+# blackholing
+match to group clients set community delete 65534:0
+match to group clients set large-community delete 999:666:0
+
+# do_not_announce_to_any
+match to group clients set community delete 0:999
+match to group clients set ext-community delete rt 0:999
+match to group clients set large-community delete 999:0:999
+
+# do_not_announce_to_peer
+match to group clients set community delete 0:*
+match to group clients set ext-community delete rt 0:*
+match to group clients set large-community delete 999:0:*
+
+# do_not_announce_to_peers_with_rtt_higher_than
+match to group clients set community delete 64512:*
+match to group clients set ext-community delete rt 64512:*
+match to group clients set large-community delete 999:64512:*
+
+# do_not_announce_to_peers_with_rtt_lower_than
+match to group clients set community delete 64511:*
+match to group clients set ext-community delete rt 64511:*
+match to group clients set large-community delete 999:64511:*
+
+# prepend_once_to_any
+match to group clients set community delete 65501:999
+match to group clients set ext-community delete rt 65501:999
+match to group clients set large-community delete 999:65501:999
+
+# prepend_once_to_peer
+match to group clients set community delete 65504:*
+match to group clients set ext-community delete rt 65504:*
+match to group clients set large-community delete 999:65504:*
+
+# prepend_once_to_peers_with_rtt_higher_than
+match to group clients set community delete 64518:*
+match to group clients set ext-community delete rt 64518:*
+match to group clients set large-community delete 999:64518:*
+
+# prepend_once_to_peers_with_rtt_lower_than
+match to group clients set community delete 64515:*
+match to group clients set ext-community delete rt 64515:*
+match to group clients set large-community delete 999:64515:*
+
+# prepend_thrice_to_any
+match to group clients set community delete 65503:999
+match to group clients set ext-community delete rt 65503:999
+match to group clients set large-community delete 999:65503:999
+
+# prepend_thrice_to_peer
+match to group clients set community delete 65506:*
+match to group clients set ext-community delete rt 65506:*
+match to group clients set large-community delete 999:65506:*
+
+# prepend_thrice_to_peers_with_rtt_higher_than
+match to group clients set community delete 64520:*
+match to group clients set ext-community delete rt 64520:*
+match to group clients set large-community delete 999:64520:*
+
+# prepend_thrice_to_peers_with_rtt_lower_than
+match to group clients set community delete 64517:*
+match to group clients set ext-community delete rt 64517:*
+match to group clients set large-community delete 999:64517:*
+
+# prepend_twice_to_any
+match to group clients set community delete 65502:999
+match to group clients set ext-community delete rt 65502:999
+match to group clients set large-community delete 999:65502:999
+
+# prepend_twice_to_peer
+match to group clients set community delete 65505:*
+match to group clients set ext-community delete rt 65505:*
+match to group clients set large-community delete 999:65505:*
+
+# prepend_twice_to_peers_with_rtt_higher_than
+match to group clients set community delete 64519:*
+match to group clients set ext-community delete rt 64519:*
+match to group clients set large-community delete 999:64519:*
+
+# prepend_twice_to_peers_with_rtt_lower_than
+match to group clients set community delete 64516:*
+match to group clients set ext-community delete rt 64516:*
+match to group clients set large-community delete 999:64516:*
+
+# reject_cause
+match to group clients set community delete 65520:*
+
+# reject_cause_map_6
+match to group clients set large-community delete 999:1101:7
+
+# rejected_route_announced_by
+match to group clients set ext-community delete rt 65520:*
+
+
+# Scrub prepending communities
+match to group clients set {
+	community delete 65501:999
+	ext-community delete rt 65501:999
+	large-community delete 999:65501:999
+
+}
+match to group clients set {
+	community delete 65504:*
+	ext-community delete rt 65504:*
+	large-community delete 999:65504:*
+
+}
+match to group clients set {
+	community delete 64518:*
+	ext-community delete rt 64518:*
+	large-community delete 999:64518:*
+
+}
+match to group clients set {
+	community delete 64515:*
+	ext-community delete rt 64515:*
+	large-community delete 999:64515:*
+
+}
+match to group clients set {
+	community delete 65503:999
+	ext-community delete rt 65503:999
+	large-community delete 999:65503:999
+
+}
+match to group clients set {
+	community delete 65506:*
+	ext-community delete rt 65506:*
+	large-community delete 999:65506:*
+
+}
+match to group clients set {
+	community delete 64520:*
+	ext-community delete rt 64520:*
+	large-community delete 999:64520:*
+
+}
+match to group clients set {
+	community delete 64517:*
+	ext-community delete rt 64517:*
+	large-community delete 999:64517:*
+
+}
+match to group clients set {
+	community delete 65502:999
+	ext-community delete rt 65502:999
+	large-community delete 999:65502:999
+
+}
+match to group clients set {
+	community delete 65505:*
+	ext-community delete rt 65505:*
+	large-community delete 999:65505:*
+
+}
+match to group clients set {
+	community delete 64519:*
+	ext-community delete rt 64519:*
+	large-community delete 999:64519:*
+
+}
+match to group clients set {
+	community delete 64516:*
+	ext-community delete rt 64516:*
+	large-community delete 999:64516:*
+
+}
+
+
+# RFC1997 NO_EXPORT/NO_ADVERTISE received from clients and propagated because of pass-through policy
+match to group clients ext-community $INTCOMM_NO_EXPORT set community NO_EXPORT
+match to group clients ext-community $INTCOMM_NO_ADVERTISE set community NO_ADVERTISE
+
+# Remove internal communities before announcing the route
+match to group clients set {
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
diff --git a/tests/live_tests/scenarios/rich_example/configs/RichConfigExampleScenarioOpenBGPD_IPv4/openbgpd77p.conf b/tests/live_tests/scenarios/rich_example/configs/RichConfigExampleScenarioOpenBGPD_IPv4/openbgpd77p.conf
new file mode 100644
index 00000000..def3fa0e
--- /dev/null
+++ b/tests/live_tests/scenarios/rich_example/configs/RichConfigExampleScenarioOpenBGPD_IPv4/openbgpd77p.conf
@@ -0,0 +1,4015 @@
+# built by ARouteServer
+AS 999
+router-id 192.0.2.2
+
+fib-update no
+log updates
+
+nexthop qualify via default
+
+rde evaluate all
+
+INTCOMM_PREF_OK_ROA="soo 65535:1"
+INTCOMM_ROUTE_OK_WL="soo 65535:2"
+INTCOMM_PREF_OK_ARINDB="soo 65535:3"
+INTCOMM_PREF_OK_REGISTROBRDB="soo 65535:12"
+
+INTCOMM_ORIGIN_OK="soo 65535:4"
+INTCOMM_ORIGIN_KO="soo 65535:5"
+INTCOMM_PREFIX_OK="soo 65535:6"
+INTCOMM_PREFIX_KO="soo 65535:7"
+INTCOMM_IRR_REJECT="soo 65535:8"
+
+INTCOMM_RPKI_UNKNOWN="soo 65535:9"
+INTCOMM_RPKI_INVALID="soo 65535:10"
+INTCOMM_RPKI_VALID="soo 65535:11"
+
+INTCOMM_PROCESS_PREPEND_COMMS="soo 65535:13"
+
+INTCOMM_NO_EXPORT="soo 65535:65281"
+INTCOMM_NO_ADVERTISE="soo 65535:65282"
+
+# ---------------------------------------------------------
+# IRRDB
+
+# AS3333, used by client AS3333_1
+as-set "AS_SET_AS3333_asns" {
+    3333
+}
+prefix-set "AS_SET_AS3333_prefixes" {
+    2001:67c:2e8::/48 prefixlen 48 - 128
+}
+
+# AS10745, used by client AS10745_1, client AS10745_2
+as-set "AS_SET_AS10745_asns" {
+    10745
+}
+prefix-set "AS_SET_AS10745_prefixes" {
+    2001:500:4::/48 prefixlen 48 - 128
+}
+
+# AS-RIPENCC, used by client AS3333_1
+# no origin ASNs found for AS_RIPENCC
+# no prefixes found for AS_RIPENCC
+
+
+
+
+# ---------------------------------------------------------
+# MEMBERS
+
+group "clients" {
+
+	# RTT: 224 ms (normalized value: 224)
+	neighbor 192.0.2.22 {
+		remote-as 10745
+
+		rde evaluate all
+
+		passive
+		ttl-security yes
+		max-prefix 121 restart 30
+		transparent-as yes
+		enforce neighbor-as no
+
+		announce as-4byte yes
+		announce IPv6 none
+		announce IPv4 unicast
+		announce add-path send best plus 5
+
+		set nexthop no-modify
+	}
+
+	# RTT: 226 ms (normalized value: 226)
+	neighbor 2001:db8:1:1::22 {
+		remote-as 10745
+
+		rde evaluate all
+
+		passive
+		ttl-security yes
+		max-prefix 13915 restart 30
+		transparent-as yes
+		enforce neighbor-as no
+
+		announce as-4byte yes
+		announce IPv6 unicast
+		announce IPv4 none
+		announce add-path send best plus 5
+
+		set nexthop no-modify
+	}
+
+	# RTT: 114 ms (normalized value: 114)
+	neighbor 192.0.2.11 {
+		remote-as 3333
+
+		rde evaluate all
+
+		passive
+		ttl-security yes
+		max-prefix 150 restart 30
+		transparent-as yes
+		enforce neighbor-as no
+
+		announce as-4byte yes
+		announce IPv6 none
+		announce IPv4 unicast
+		announce add-path send best plus 5
+
+		set nexthop no-modify
+	}
+}
+
+
+
+# ---------------------------------------------------------
+# FILTERS
+
+# NO_ADVERTISE usage notes.
+# The NO_ADVERTISE well-know community is used here to handle
+# filters that span over multiple steps. At first it is added
+# to any route, then it is removed as filters conditions are
+# satisfied. Finally, if it is still present, it means that
+# the route should be discarded.
+
+
+
+
+prefix-set "global_black_list_pref" {
+    192.0.2.0/24 prefixlen 24 - 32
+    2001:db8:1:1::/64 prefixlen 64 - 128
+
+}
+
+prefix-set "bogons" {
+    0.0.0.0/0
+    0.0.0.0/8 prefixlen 8 - 32
+    10.0.0.0/8 prefixlen 8 - 32
+    127.0.0.0/8 prefixlen 8 - 32
+    169.254.0.0/16 prefixlen 16 - 32
+    172.16.0.0/12 prefixlen 12 - 32
+    192.0.2.0/24 prefixlen 24 - 32
+    192.88.99.0/24 prefixlen 24 - 32
+    192.168.0.0/16 prefixlen 16 - 32
+    198.18.0.0/15 prefixlen 15 - 32
+    198.51.100.0/24 prefixlen 24 - 32
+    203.0.113.0/24 prefixlen 24 - 32
+    224.0.0.0/3 prefixlen 3 - 32
+    100.64.0.0/10 prefixlen 10 - 32
+    ::/0
+    ::/8 prefixlen 8 - 128
+    64:ff9b::/96 prefixlen 96 - 128
+    100::/8 prefixlen 8 - 128
+    200::/7 prefixlen 7 - 128
+    400::/6 prefixlen 6 - 128
+    800::/5 prefixlen 5 - 128
+    1000::/4 prefixlen 4 - 128
+    2001::/33 prefixlen 33 - 128
+    2001:0:8000::/33 prefixlen 33 - 128
+    2001:2::/48 prefixlen 48 - 128
+    2001:3::/32 prefixlen 32 - 128
+    2001:10::/28 prefixlen 28 - 128
+    2001:20::/28 prefixlen 28 - 128
+    2001:db8::/32 prefixlen 32 - 128
+    2002::/16 prefixlen 16 - 128
+    3ffe::/16 prefixlen 16 - 128
+    4000::/3 prefixlen 3 - 128
+    5f00::/8 prefixlen 8 - 128
+    6000::/3 prefixlen 3 - 128
+    8000::/3 prefixlen 3 - 128
+    a000::/3 prefixlen 3 - 128
+    c000::/3 prefixlen 3 - 128
+    e000::/4 prefixlen 4 - 128
+    f000::/5 prefixlen 5 - 128
+    f800::/6 prefixlen 6 - 128
+    fc00::/7 prefixlen 7 - 128
+    fe80::/10 prefixlen 10 - 128
+    fec0::/10 prefixlen 10 - 128
+    ff00::/8 prefixlen 8 - 128
+
+}
+
+# never via route-servers ASNs
+as-set "neverviarouteserver" {
+	2914, 3491
+}
+
+# =====================================================================================
+# Global rules.
+
+# This part of configuration is processed at the beginning of the filters.
+# The rules defined in this part are applied to all the clients, and not on a
+# client-by-client basis (see the 'match from group clients'), so only global policies
+# can be implemented here, that is no client-level configuration are allowed.
+
+
+
+# Scrub communities from inbound routes
+# origin_not_present_in_as_set
+match from group clients set community delete 65530:0
+match from group clients set large-community delete 999:65530:0
+
+# origin_present_in_as_set
+match from group clients set community delete 65530:1
+match from group clients set large-community delete 999:65530:1
+
+# prefix_validated_via_arin_whois_db_dump
+match from group clients set community delete 65530:4
+match from group clients set large-community delete 999:65530:4
+
+# prefix_validated_via_rpki_roas
+match from group clients set community delete 65530:2
+match from group clients set large-community delete 999:65530:2
+
+# reject_cause
+match from group clients set community delete 65520:*
+
+# reject_cause_map_6
+match from group clients set large-community delete 999:1101:7
+
+# rejected_route_announced_by
+match from group clients set ext-community delete rt 65520:*
+
+# route_validated_via_white_list
+match from group clients set community delete 65530:3
+match from group clients set large-community delete 999:65530:3
+
+# from_europe
+match from group clients set community delete 65534:1
+match from group clients set ext-community delete rt 65534:1
+match from group clients set large-community delete 999:65534:1
+
+# from_usa
+match from group clients set community delete 65534:2
+match from group clients set ext-community delete rt 65534:2
+match from group clients set large-community delete 999:65534:2
+
+
+# Scrub internal communities from inbound routes
+match from group clients set {
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+# The main goal of this block is to enrich routes received from clients by attaching to them
+# internal informational communities which are used later by the rest of the filter rules.
+
+# Internal communities used for RFC1997 well-known communities handling
+
+# Transform NO_EXPORT into $INTCOMM_NO_EXPORT
+match from group clients community NO_EXPORT set { ext-community $INTCOMM_NO_EXPORT community delete NO_EXPORT }
+
+# Transform NO_ADVERTISE into $INTCOMM_NO_ADVERTISE
+match from group clients community NO_ADVERTISE set { ext-community $INTCOMM_NO_ADVERTISE community delete NO_ADVERTISE }
+
+
+# ---------------------------------------------------------
+# ROAs source
+
+
+roa-set {
+    193.0.0.0/21 source-as 3333
+    193.0.24.0/22 maxlen 26 source-as 3333
+    193.0.10.0/23 source-as 3333
+    193.0.12.0/23 source-as 3333
+    193.0.14.0/23 source-as 25152
+    193.0.18.0/23 source-as 3333
+    193.0.20.0/23 source-as 3333
+    193.0.22.0/23 source-as 3333
+    193.0.14.0/24 source-as 25152
+    193.0.24.0/24 source-as 3333
+    2001:7fd::/32 source-as 25152
+    2001:610:240::/42 source-as 3333
+    2001:67c:2e8::/48 source-as 3333
+    2001:7fd::/48 source-as 25152
+
+}
+
+
+
+# ---------------------------------------------------------
+# RPKI-based Origin Validation
+
+
+# Add $INTCOMM_RPKI_UNKNOWN, $INTCOMM_RPKI_INVALID and $INTCOMM_RPKI_VALID
+# ext community on the basis of ovs.
+match from group clients ovs not-found set {
+    ext-community $INTCOMM_RPKI_UNKNOWN
+    ext-community ovs not-found
+    
+}
+match from group clients ovs valid set {
+    ext-community $INTCOMM_RPKI_VALID
+    ext-community ovs valid
+    
+}
+match from group clients ovs invalid set {
+    ext-community $INTCOMM_RPKI_INVALID
+    ext-community ovs invalid
+    
+}
+
+
+
+# ---------------------------------------------------------
+# RPKI ROAs used as route objects.
+
+# Add the $INTCOMM_PREF_OK_ROA ext community to routes whose
+# origin ASN has a ROA for the announced prefix.
+# It will be used later during IRRDB validation in
+# case the origin ASN is authorized by a client's
+# AS-SET but the prefix is not.
+
+# Since RPKI-based Origin Validation is already performed above,
+# use the origin validation state to identify valid routes.
+match from group clients ovs valid set ext-community $INTCOMM_PREF_OK_ROA
+
+
+# ARIN Whois records used for preifx validation
+# ---------------------------------------------
+
+# Add the $INTCOMM_PREF_OK_ARINDB ext community to routes whose
+# origin ASN has an ARIN Whois record for the announced prefix.
+# It will be used later during IRRDB validation in
+# case the origin ASN is authorized by a client's
+# AS-SET but the prefix is not.
+origin-set "ARINDB" {
+192.136.136.0/24 prefixlen 24 - 32 source-as 10745
+192.149.252.0/24 prefixlen 24 - 32 source-as 10745
+199.43.0.0/24 prefixlen 24 - 32 source-as 10745
+2001:500:110::/48 prefixlen 48 - 128 source-as 10745
+2001:500:4::/48 prefixlen 48 - 128 source-as 10745
+}
+match from group clients origin-set ARINDB set ext-community $INTCOMM_PREF_OK_ARINDB
+
+
+
+
+# Set the 'rejected_route_announced_by' community for all the clients.
+# It will be removed later if the route is not invalid
+match from 192.0.2.22 set ext-community rt 65520:10745
+
+match from 2001:db8:1:1::22 set ext-community rt 65520:10745
+
+match from 192.0.2.11 set ext-community rt 65520:3333
+
+
+
+
+# AS_PATH: length
+# Reject inbound routes when 'from group clients max-as-len 32' - reject code: 1
+allow quick from group clients max-as-len 32 set {
+	localpref 1
+	community 65520:0
+	community 65520:1
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# Prefix: global blacklist
+# Reject inbound routes when 'from group clients prefix-set global_black_list_pref' - reject code: 3
+allow quick from group clients prefix-set global_black_list_pref set {
+	localpref 1
+	community 65520:0
+	community 65520:3
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# Prefix: only IPv6 Global Unicast space allowed
+match from group clients inet6 set community NO_ADVERTISE
+match from group clients prefix 2000::/3 or-longer set community delete NO_ADVERTISE
+# Reject inbound routes when 'from group clients community NO_ADVERTISE' - reject code: 10
+allow quick from group clients community NO_ADVERTISE set {
+	localpref 1
+	community 65520:0
+	community 65520:10
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# Prefix: bogon
+# Reject inbound routes when 'from group clients prefix-set bogons' - reject code: 2
+allow quick from group clients prefix-set bogons set {
+	localpref 1
+	community 65520:0
+	community 65520:2
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+
+# =====================================================================================
+# Per client rules.
+
+
+# ---------------------------------------------
+# client AS10745_1, inbound
+
+
+# Attach custom BGP communities
+# from_usa
+match from 192.0.2.22 set community 65534:2
+match from 192.0.2.22 set ext-community rt 65534:2
+match from 192.0.2.22 set large-community 999:65534:2
+
+# NEXT_HOP
+match from 192.0.2.22 set community NO_ADVERTISE
+match from 192.0.2.22 nexthop 192.0.2.22 set community delete NO_ADVERTISE
+# Reject inbound routes when 'from 192.0.2.22 community NO_ADVERTISE' - reject code: 5
+allow quick from 192.0.2.22 community NO_ADVERTISE set {
+	localpref 1
+	community 65520:0
+	community 65520:5
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: left-most ASN
+# Reject inbound routes when 'from 192.0.2.22 peer-as != 10745' - reject code: 6
+# community from reject_cause_map
+allow quick from 192.0.2.22 peer-as != 10745 set {
+	localpref 1
+	community 65520:0
+	community 65520:6
+	large-community 999:1101:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: invalid ASNs
+# Reject inbound routes when 'from 192.0.2.22 AS 23456' - reject code: 7
+allow quick from 192.0.2.22 AS 23456 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 192.0.2.22 AS 64496 - 131071' - reject code: 7
+allow quick from 192.0.2.22 AS 64496 - 131071 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 192.0.2.22 AS 4200000000 - 4294967295' - reject code: 7
+allow quick from 192.0.2.22 AS 4200000000 - 4294967295 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: transit-free ASNs
+# Reject inbound routes when 'from 192.0.2.22 AS { 174, 701, 1299, 2914, 3257, 3320, 3356, 5511, 6453, 6461, 6762, 6830, 7018, 12956 }' - reject code: 8
+allow quick from 192.0.2.22 AS { 174, 701, 1299, 2914, 3257, 3320, 3356, 5511, 6453, 6461, 6762, 6830, 7018, 12956 } set {
+	localpref 1
+	community 65520:0
+	community 65520:8
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: never via route-servers ASNs
+# Reject inbound routes when 'from 192.0.2.22 AS as-set neverviarouteserver' - reject code: 15
+allow quick from 192.0.2.22 AS as-set neverviarouteserver set {
+	localpref 1
+	community 65520:0
+	community 65520:15
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+match from 192.0.2.22 set ext-community $INTCOMM_IRR_REJECT
+
+# AS_PATH: check origin via AS-SET
+# IRRDB filters for AS10745_1, AS10745: asns
+# add $INTCOMM_ORIGIN_KO to any; it will be removed later if at least one AS-SET authorizes this object
+match from 192.0.2.22 set ext-community $INTCOMM_ORIGIN_KO
+# verifying if object is authorized by AS-SETs
+match from 192.0.2.22 source-as as-set AS_SET_AS10745_asns set {
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community $INTCOMM_ORIGIN_OK
+} # AS10745
+# adding not_present_in_as_set community to unauthorized routes
+match from 192.0.2.22 ext-community $INTCOMM_ORIGIN_KO set community 65530:0
+match from 192.0.2.22 ext-community $INTCOMM_ORIGIN_KO set large-community 999:65530:0
+# adding present_in_as_set community to authorized routes
+match from 192.0.2.22 ext-community $INTCOMM_ORIGIN_OK set community 65530:1
+match from 192.0.2.22 ext-community $INTCOMM_ORIGIN_OK set large-community 999:65530:1
+
+
+# Prefix: check prefix via AS-SET
+# IRRDB filters for AS10745_1, AS10745: prefixes
+# add $INTCOMM_PREFIX_KO to any; it will be removed later if at least one AS-SET authorizes this object
+match from 192.0.2.22 set ext-community $INTCOMM_PREFIX_KO
+# verifying if object is authorized by AS-SETs
+match from 192.0.2.22 prefix-set AS_SET_AS10745_prefixes set {
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community $INTCOMM_PREFIX_OK
+} # AS10745
+
+
+# routes tagged with $INTCOMM_PREF_OK_ROA community have the prefix validated by a ROA; origin ASN previously validated ($INTCOMM_ORIGIN_OK)
+match from 192.0.2.22 ext-community $INTCOMM_ORIGIN_OK ext-community $INTCOMM_PREF_OK_ROA set community 65530:2
+match from 192.0.2.22 ext-community $INTCOMM_ORIGIN_OK ext-community $INTCOMM_PREF_OK_ROA set large-community 999:65530:2
+
+match from 192.0.2.22 ext-community $INTCOMM_ORIGIN_OK ext-community $INTCOMM_PREF_OK_ROA set ext-community delete $INTCOMM_IRR_REJECT
+
+# routes tagged with $INTCOMM_PREF_OK_ARINDB community have the prefix validated by an ARIN Whois record; origin ASN previously validated ($INTCOMM_ORIGIN_OK)
+match from 192.0.2.22 ext-community $INTCOMM_ORIGIN_OK ext-community $INTCOMM_PREF_OK_ARINDB set community 65530:4
+match from 192.0.2.22 ext-community $INTCOMM_ORIGIN_OK ext-community $INTCOMM_PREF_OK_ARINDB set large-community 999:65530:4
+
+match from 192.0.2.22 ext-community $INTCOMM_ORIGIN_OK ext-community $INTCOMM_PREF_OK_ARINDB set ext-community delete $INTCOMM_IRR_REJECT
+
+
+
+# enforcing: origin ASN
+# Reject inbound routes when 'from 192.0.2.22 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_ORIGIN_KO' - reject code: 9
+allow quick from 192.0.2.22 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_ORIGIN_KO set {
+	localpref 1
+	community 65520:0
+	community 65520:9
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# enforcing: prefix
+# Reject inbound routes when 'from 192.0.2.22 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_PREFIX_KO' - reject code: 12
+allow quick from 192.0.2.22 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_PREFIX_KO set {
+	localpref 1
+	community 65520:0
+	community 65520:12
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# Blackhole request?
+match from 192.0.2.22 set ext-community delete rt 65520:10745
+
+
+# Remove internal communities before accepting the route
+match from 192.0.2.22 community BLACKHOLE set {
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+allow from 192.0.2.22 community 65534:0 set {
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+allow from 192.0.2.22 large-community 999:666:0 set {
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+allow quick from 192.0.2.22 community BLACKHOLE
+allow quick from 192.0.2.22 community 65534:0
+allow quick from 192.0.2.22 large-community 999:666:0
+
+
+match from 192.0.2.22 set ext-community rt 65520:10745
+
+
+# RPKI-based Origin Validation
+# Reject inbound routes when 'from 192.0.2.22 ext-community $INTCOMM_RPKI_INVALID' - reject code: 14
+allow quick from 192.0.2.22 ext-community $INTCOMM_RPKI_INVALID set {
+	localpref 1
+	community 65520:0
+	community 65520:14
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# Prefix: length
+# Reject inbound routes when 'from 192.0.2.22 prefix 0.0.0.0/0 prefixlen 8 >< 24' - reject code: 13
+allow quick from 192.0.2.22 prefix 0.0.0.0/0 prefixlen 8 >< 24 set {
+	localpref 1
+	community 65520:0
+	community 65520:13
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# Graceful shutdown
+match from 192.0.2.22 community GRACEFUL_SHUTDOWN set localpref 0
+
+# Remove internal communities before accepting the route
+match from 192.0.2.22 set {
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+match from 192.0.2.22 set ext-community delete rt 65520:10745
+
+
+
+allow quick from 192.0.2.22
+
+
+
+# ---------------------------------------------
+# client AS10745_1, outbound
+
+deny quick to 192.0.2.22 community 65520:0
+
+
+
+# Blackhole request?
+# Configured policy: rewrite-next-hop
+match to 192.0.2.22 community 65534:0 set community BLACKHOLE
+match to 192.0.2.22 large-community 999:666:0 set community BLACKHOLE
+
+match to 192.0.2.22 community BLACKHOLE set community NO_EXPORT
+match to 192.0.2.22 community BLACKHOLE set nexthop 192.0.2.66
+
+
+# RPKI-based Origin Validation
+# Do not announce INVALID to clients
+deny quick to 192.0.2.22 ext-community $INTCOMM_RPKI_INVALID
+
+# NO_EXPORT and NO_ADVERTISE communities
+# add_noexport_to_any
+match to 192.0.2.22 community 65507:999 set community NO_EXPORT
+match to 192.0.2.22 ext-community rt 65507:999 set community NO_EXPORT
+match to 192.0.2.22 large-community 999:65507:999 set community NO_EXPORT
+
+# add_noadvertise_to_any
+match to 192.0.2.22 community 65508:999 set community NO_ADVERTISE
+match to 192.0.2.22 ext-community rt 65508:999 set community NO_ADVERTISE
+match to 192.0.2.22 large-community 999:65508:999 set community NO_ADVERTISE
+
+# add_noexport_to_peer
+match to 192.0.2.22 community 65509:10745 set community NO_EXPORT
+match to 192.0.2.22 ext-community rt 65509:10745 set community NO_EXPORT
+match to 192.0.2.22 large-community 999:65509:10745 set community NO_EXPORT
+
+# add_noadvertise_to_peer
+match to 192.0.2.22 community 65510:10745 set community NO_ADVERTISE
+match to 192.0.2.22 ext-community rt 65510:10745 set community NO_ADVERTISE
+match to 192.0.2.22 large-community 999:65510:10745 set community NO_ADVERTISE
+
+
+# BGP control communities
+allow to 192.0.2.22
+
+# do_not_announce_to_any
+deny to 192.0.2.22 community 0:999
+deny to 192.0.2.22 ext-community rt 0:999
+deny to 192.0.2.22 large-community 999:0:999
+
+# do_not_announce_to_peer
+deny quick to 192.0.2.22 community 0:10745
+deny quick to 192.0.2.22 ext-community rt 0:10745
+deny quick to 192.0.2.22 large-community 999:0:10745
+
+# do_not_announce_to_peers_with_rtt_lower_than 500 ms
+deny to 192.0.2.22 community 64511:500
+deny to 192.0.2.22 ext-community rt 64511:500
+deny to 192.0.2.22 large-community 999:64511:500
+
+
+# announce_to_peers_with_rtt_lower_than 500 ms
+allow to 192.0.2.22 community 64513:500
+allow to 192.0.2.22 ext-community rt 64513:500
+allow to 192.0.2.22 large-community 999:64513:500
+
+
+# do_not_announce_to_peers_with_rtt_higher_than 5 ms
+deny to 192.0.2.22 community 64512:5
+deny to 192.0.2.22 ext-community rt 64512:5
+deny to 192.0.2.22 large-community 999:64512:5
+
+
+# do_not_announce_to_peers_with_rtt_higher_than 10 ms
+deny to 192.0.2.22 community 64512:10
+deny to 192.0.2.22 ext-community rt 64512:10
+deny to 192.0.2.22 large-community 999:64512:10
+
+
+# do_not_announce_to_peers_with_rtt_higher_than 15 ms
+deny to 192.0.2.22 community 64512:15
+deny to 192.0.2.22 ext-community rt 64512:15
+deny to 192.0.2.22 large-community 999:64512:15
+
+
+# do_not_announce_to_peers_with_rtt_higher_than 20 ms
+deny to 192.0.2.22 community 64512:20
+deny to 192.0.2.22 ext-community rt 64512:20
+deny to 192.0.2.22 large-community 999:64512:20
+
+
+# do_not_announce_to_peers_with_rtt_higher_than 30 ms
+deny to 192.0.2.22 community 64512:30
+deny to 192.0.2.22 ext-community rt 64512:30
+deny to 192.0.2.22 large-community 999:64512:30
+
+
+# do_not_announce_to_peers_with_rtt_higher_than 50 ms
+deny to 192.0.2.22 community 64512:50
+deny to 192.0.2.22 ext-community rt 64512:50
+deny to 192.0.2.22 large-community 999:64512:50
+
+
+# do_not_announce_to_peers_with_rtt_higher_than 100 ms
+deny to 192.0.2.22 community 64512:100
+deny to 192.0.2.22 ext-community rt 64512:100
+deny to 192.0.2.22 large-community 999:64512:100
+
+
+# do_not_announce_to_peers_with_rtt_higher_than 200 ms
+deny to 192.0.2.22 community 64512:200
+deny to 192.0.2.22 ext-community rt 64512:200
+deny to 192.0.2.22 large-community 999:64512:200
+
+
+# announce_to_peers_with_rtt_higher_than 5 ms
+allow to 192.0.2.22 community 64514:5
+allow to 192.0.2.22 ext-community rt 64514:5
+allow to 192.0.2.22 large-community 999:64514:5
+
+
+# announce_to_peers_with_rtt_higher_than 10 ms
+allow to 192.0.2.22 community 64514:10
+allow to 192.0.2.22 ext-community rt 64514:10
+allow to 192.0.2.22 large-community 999:64514:10
+
+
+# announce_to_peers_with_rtt_higher_than 15 ms
+allow to 192.0.2.22 community 64514:15
+allow to 192.0.2.22 ext-community rt 64514:15
+allow to 192.0.2.22 large-community 999:64514:15
+
+
+# announce_to_peers_with_rtt_higher_than 20 ms
+allow to 192.0.2.22 community 64514:20
+allow to 192.0.2.22 ext-community rt 64514:20
+allow to 192.0.2.22 large-community 999:64514:20
+
+
+# announce_to_peers_with_rtt_higher_than 30 ms
+allow to 192.0.2.22 community 64514:30
+allow to 192.0.2.22 ext-community rt 64514:30
+allow to 192.0.2.22 large-community 999:64514:30
+
+
+# announce_to_peers_with_rtt_higher_than 50 ms
+allow to 192.0.2.22 community 64514:50
+allow to 192.0.2.22 ext-community rt 64514:50
+allow to 192.0.2.22 large-community 999:64514:50
+
+
+# announce_to_peers_with_rtt_higher_than 100 ms
+allow to 192.0.2.22 community 64514:100
+allow to 192.0.2.22 ext-community rt 64514:100
+allow to 192.0.2.22 large-community 999:64514:100
+
+
+# announce_to_peers_with_rtt_higher_than 200 ms
+allow to 192.0.2.22 community 64514:200
+allow to 192.0.2.22 ext-community rt 64514:200
+allow to 192.0.2.22 large-community 999:64514:200
+
+
+# announce_to_peer
+allow to 192.0.2.22 community 999:10745
+allow to 192.0.2.22 ext-community rt 999:10745
+allow to 192.0.2.22 large-community 999:999:10745
+
+
+# Add the $INTCOMM_PROCESS_PREPEND_COMMS ext community to signal that communities
+# for prepending can be processed. As soon as one prepending action is performed,
+# this internal community is removed, so that further actions are not processed.
+match to 192.0.2.22 set ext-community $INTCOMM_PROCESS_PREPEND_COMMS
+
+# prepend_once_to_peer AS10745; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.22 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 65504:10745 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.22 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 65504:10745 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.22 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:65504:10745 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+# prepend_twice_to_peer AS10745; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.22 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 65505:10745 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.22 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 65505:10745 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.22 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:65505:10745 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+# prepend_thrice_to_peer AS10745; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.22 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 65506:10745 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.22 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 65506:10745 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.22 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:65506:10745 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_once_to_peers_with_rtt_higher_than 200 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.22 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64518:200 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.22 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64518:200 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.22 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64518:200 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_twice_to_peers_with_rtt_higher_than 200 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.22 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64519:200 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.22 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64519:200 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.22 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64519:200 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_thrice_to_peers_with_rtt_higher_than 200 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.22 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64520:200 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.22 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64520:200 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.22 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64520:200 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_once_to_peers_with_rtt_higher_than 100 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.22 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64518:100 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.22 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64518:100 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.22 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64518:100 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_twice_to_peers_with_rtt_higher_than 100 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.22 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64519:100 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.22 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64519:100 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.22 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64519:100 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_thrice_to_peers_with_rtt_higher_than 100 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.22 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64520:100 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.22 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64520:100 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.22 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64520:100 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_once_to_peers_with_rtt_higher_than 50 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.22 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64518:50 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.22 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64518:50 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.22 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64518:50 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_twice_to_peers_with_rtt_higher_than 50 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.22 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64519:50 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.22 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64519:50 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.22 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64519:50 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_thrice_to_peers_with_rtt_higher_than 50 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.22 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64520:50 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.22 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64520:50 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.22 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64520:50 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_once_to_peers_with_rtt_higher_than 30 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.22 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64518:30 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.22 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64518:30 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.22 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64518:30 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_twice_to_peers_with_rtt_higher_than 30 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.22 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64519:30 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.22 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64519:30 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.22 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64519:30 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_thrice_to_peers_with_rtt_higher_than 30 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.22 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64520:30 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.22 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64520:30 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.22 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64520:30 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_once_to_peers_with_rtt_higher_than 20 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.22 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64518:20 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.22 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64518:20 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.22 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64518:20 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_twice_to_peers_with_rtt_higher_than 20 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.22 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64519:20 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.22 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64519:20 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.22 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64519:20 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_thrice_to_peers_with_rtt_higher_than 20 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.22 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64520:20 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.22 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64520:20 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.22 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64520:20 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_once_to_peers_with_rtt_higher_than 15 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.22 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64518:15 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.22 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64518:15 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.22 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64518:15 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_twice_to_peers_with_rtt_higher_than 15 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.22 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64519:15 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.22 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64519:15 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.22 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64519:15 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_thrice_to_peers_with_rtt_higher_than 15 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.22 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64520:15 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.22 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64520:15 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.22 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64520:15 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_once_to_peers_with_rtt_higher_than 10 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.22 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64518:10 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.22 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64518:10 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.22 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64518:10 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_twice_to_peers_with_rtt_higher_than 10 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.22 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64519:10 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.22 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64519:10 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.22 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64519:10 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_thrice_to_peers_with_rtt_higher_than 10 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.22 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64520:10 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.22 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64520:10 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.22 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64520:10 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_once_to_peers_with_rtt_higher_than 5 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.22 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64518:5 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.22 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64518:5 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.22 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64518:5 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_twice_to_peers_with_rtt_higher_than 5 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.22 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64519:5 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.22 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64519:5 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.22 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64519:5 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_thrice_to_peers_with_rtt_higher_than 5 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.22 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64520:5 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.22 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64520:5 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.22 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64520:5 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_once_to_peers_with_rtt_lower_than 500 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.22 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64515:500 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.22 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64515:500 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.22 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64515:500 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_twice_to_peers_with_rtt_lower_than 500 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.22 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64516:500 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.22 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64516:500 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.22 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64516:500 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_thrice_to_peers_with_rtt_lower_than 500 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.22 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64517:500 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.22 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64517:500 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.22 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64517:500 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+
+# prepend_once_to_any; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.22 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 65501:999 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.22 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 65501:999 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.22 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:65501:999 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+# prepend_twice_to_any; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.22 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 65502:999 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.22 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 65502:999 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.22 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:65502:999 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+# prepend_thrice_to_any; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.22 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 65503:999 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.22 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 65503:999 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.22 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:65503:999 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+
+# ---------------------------------------------
+# client AS10745_2, inbound
+
+
+# Attach custom BGP communities
+# from_usa
+match from 2001:db8:1:1::22 set community 65534:2
+match from 2001:db8:1:1::22 set ext-community rt 65534:2
+match from 2001:db8:1:1::22 set large-community 999:65534:2
+
+# NEXT_HOP
+match from 2001:db8:1:1::22 set community NO_ADVERTISE
+match from 2001:db8:1:1::22 nexthop 2001:db8:1:1::22 set community delete NO_ADVERTISE
+# Reject inbound routes when 'from 2001:db8:1:1::22 community NO_ADVERTISE' - reject code: 5
+allow quick from 2001:db8:1:1::22 community NO_ADVERTISE set {
+	localpref 1
+	community 65520:0
+	community 65520:5
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: left-most ASN
+# Reject inbound routes when 'from 2001:db8:1:1::22 peer-as != 10745' - reject code: 6
+# community from reject_cause_map
+allow quick from 2001:db8:1:1::22 peer-as != 10745 set {
+	localpref 1
+	community 65520:0
+	community 65520:6
+	large-community 999:1101:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: invalid ASNs
+# Reject inbound routes when 'from 2001:db8:1:1::22 AS 23456' - reject code: 7
+allow quick from 2001:db8:1:1::22 AS 23456 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 2001:db8:1:1::22 AS 64496 - 131071' - reject code: 7
+allow quick from 2001:db8:1:1::22 AS 64496 - 131071 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 2001:db8:1:1::22 AS 4200000000 - 4294967295' - reject code: 7
+allow quick from 2001:db8:1:1::22 AS 4200000000 - 4294967295 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: transit-free ASNs
+# Reject inbound routes when 'from 2001:db8:1:1::22 AS { 174, 701, 1299, 2914, 3257, 3320, 3356, 5511, 6453, 6461, 6762, 6830, 7018, 12956 }' - reject code: 8
+allow quick from 2001:db8:1:1::22 AS { 174, 701, 1299, 2914, 3257, 3320, 3356, 5511, 6453, 6461, 6762, 6830, 7018, 12956 } set {
+	localpref 1
+	community 65520:0
+	community 65520:8
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: never via route-servers ASNs
+# Reject inbound routes when 'from 2001:db8:1:1::22 AS as-set neverviarouteserver' - reject code: 15
+allow quick from 2001:db8:1:1::22 AS as-set neverviarouteserver set {
+	localpref 1
+	community 65520:0
+	community 65520:15
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+match from 2001:db8:1:1::22 set ext-community $INTCOMM_IRR_REJECT
+
+# AS_PATH: check origin via AS-SET
+# IRRDB filters for AS10745_2, AS10745: asns
+# add $INTCOMM_ORIGIN_KO to any; it will be removed later if at least one AS-SET authorizes this object
+match from 2001:db8:1:1::22 set ext-community $INTCOMM_ORIGIN_KO
+# verifying if object is authorized by AS-SETs
+match from 2001:db8:1:1::22 source-as as-set AS_SET_AS10745_asns set {
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community $INTCOMM_ORIGIN_OK
+} # AS10745
+# adding not_present_in_as_set community to unauthorized routes
+match from 2001:db8:1:1::22 ext-community $INTCOMM_ORIGIN_KO set community 65530:0
+match from 2001:db8:1:1::22 ext-community $INTCOMM_ORIGIN_KO set large-community 999:65530:0
+# adding present_in_as_set community to authorized routes
+match from 2001:db8:1:1::22 ext-community $INTCOMM_ORIGIN_OK set community 65530:1
+match from 2001:db8:1:1::22 ext-community $INTCOMM_ORIGIN_OK set large-community 999:65530:1
+
+
+# Prefix: check prefix via AS-SET
+# IRRDB filters for AS10745_2, AS10745: prefixes
+# add $INTCOMM_PREFIX_KO to any; it will be removed later if at least one AS-SET authorizes this object
+match from 2001:db8:1:1::22 set ext-community $INTCOMM_PREFIX_KO
+# verifying if object is authorized by AS-SETs
+match from 2001:db8:1:1::22 prefix-set AS_SET_AS10745_prefixes set {
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community $INTCOMM_PREFIX_OK
+} # AS10745
+
+
+# routes tagged with $INTCOMM_PREF_OK_ROA community have the prefix validated by a ROA; origin ASN previously validated ($INTCOMM_ORIGIN_OK)
+match from 2001:db8:1:1::22 ext-community $INTCOMM_ORIGIN_OK ext-community $INTCOMM_PREF_OK_ROA set community 65530:2
+match from 2001:db8:1:1::22 ext-community $INTCOMM_ORIGIN_OK ext-community $INTCOMM_PREF_OK_ROA set large-community 999:65530:2
+
+match from 2001:db8:1:1::22 ext-community $INTCOMM_ORIGIN_OK ext-community $INTCOMM_PREF_OK_ROA set ext-community delete $INTCOMM_IRR_REJECT
+
+# routes tagged with $INTCOMM_PREF_OK_ARINDB community have the prefix validated by an ARIN Whois record; origin ASN previously validated ($INTCOMM_ORIGIN_OK)
+match from 2001:db8:1:1::22 ext-community $INTCOMM_ORIGIN_OK ext-community $INTCOMM_PREF_OK_ARINDB set community 65530:4
+match from 2001:db8:1:1::22 ext-community $INTCOMM_ORIGIN_OK ext-community $INTCOMM_PREF_OK_ARINDB set large-community 999:65530:4
+
+match from 2001:db8:1:1::22 ext-community $INTCOMM_ORIGIN_OK ext-community $INTCOMM_PREF_OK_ARINDB set ext-community delete $INTCOMM_IRR_REJECT
+
+
+
+# enforcing: origin ASN
+# Reject inbound routes when 'from 2001:db8:1:1::22 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_ORIGIN_KO' - reject code: 9
+allow quick from 2001:db8:1:1::22 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_ORIGIN_KO set {
+	localpref 1
+	community 65520:0
+	community 65520:9
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# enforcing: prefix
+# Reject inbound routes when 'from 2001:db8:1:1::22 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_PREFIX_KO' - reject code: 12
+allow quick from 2001:db8:1:1::22 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_PREFIX_KO set {
+	localpref 1
+	community 65520:0
+	community 65520:12
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# Blackhole request?
+match from 2001:db8:1:1::22 set ext-community delete rt 65520:10745
+
+
+# Remove internal communities before accepting the route
+match from 2001:db8:1:1::22 community BLACKHOLE set {
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+allow from 2001:db8:1:1::22 community 65534:0 set {
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+allow from 2001:db8:1:1::22 large-community 999:666:0 set {
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+allow quick from 2001:db8:1:1::22 community BLACKHOLE
+allow quick from 2001:db8:1:1::22 community 65534:0
+allow quick from 2001:db8:1:1::22 large-community 999:666:0
+
+
+match from 2001:db8:1:1::22 set ext-community rt 65520:10745
+
+
+# RPKI-based Origin Validation
+# Reject inbound routes when 'from 2001:db8:1:1::22 ext-community $INTCOMM_RPKI_INVALID' - reject code: 14
+allow quick from 2001:db8:1:1::22 ext-community $INTCOMM_RPKI_INVALID set {
+	localpref 1
+	community 65520:0
+	community 65520:14
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# Prefix: length
+# Reject inbound routes when 'from 2001:db8:1:1::22 prefix ::/0 prefixlen 12 >< 48' - reject code: 13
+allow quick from 2001:db8:1:1::22 prefix ::/0 prefixlen 12 >< 48 set {
+	localpref 1
+	community 65520:0
+	community 65520:13
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# Graceful shutdown
+match from 2001:db8:1:1::22 community GRACEFUL_SHUTDOWN set localpref 0
+
+# Remove internal communities before accepting the route
+match from 2001:db8:1:1::22 set {
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+match from 2001:db8:1:1::22 set ext-community delete rt 65520:10745
+
+
+
+allow quick from 2001:db8:1:1::22
+
+
+
+# ---------------------------------------------
+# client AS10745_2, outbound
+
+deny quick to 2001:db8:1:1::22 community 65520:0
+
+
+
+# Blackhole request?
+# Configured policy: rewrite-next-hop
+match to 2001:db8:1:1::22 community 65534:0 set community BLACKHOLE
+match to 2001:db8:1:1::22 large-community 999:666:0 set community BLACKHOLE
+
+match to 2001:db8:1:1::22 community BLACKHOLE set community NO_EXPORT
+match to 2001:db8:1:1::22 community BLACKHOLE set nexthop 2001:db8:1:1::66
+
+
+# RPKI-based Origin Validation
+# Do not announce INVALID to clients
+deny quick to 2001:db8:1:1::22 ext-community $INTCOMM_RPKI_INVALID
+
+# NO_EXPORT and NO_ADVERTISE communities
+# add_noexport_to_any
+match to 2001:db8:1:1::22 community 65507:999 set community NO_EXPORT
+match to 2001:db8:1:1::22 ext-community rt 65507:999 set community NO_EXPORT
+match to 2001:db8:1:1::22 large-community 999:65507:999 set community NO_EXPORT
+
+# add_noadvertise_to_any
+match to 2001:db8:1:1::22 community 65508:999 set community NO_ADVERTISE
+match to 2001:db8:1:1::22 ext-community rt 65508:999 set community NO_ADVERTISE
+match to 2001:db8:1:1::22 large-community 999:65508:999 set community NO_ADVERTISE
+
+# add_noexport_to_peer
+match to 2001:db8:1:1::22 community 65509:10745 set community NO_EXPORT
+match to 2001:db8:1:1::22 ext-community rt 65509:10745 set community NO_EXPORT
+match to 2001:db8:1:1::22 large-community 999:65509:10745 set community NO_EXPORT
+
+# add_noadvertise_to_peer
+match to 2001:db8:1:1::22 community 65510:10745 set community NO_ADVERTISE
+match to 2001:db8:1:1::22 ext-community rt 65510:10745 set community NO_ADVERTISE
+match to 2001:db8:1:1::22 large-community 999:65510:10745 set community NO_ADVERTISE
+
+
+# BGP control communities
+allow to 2001:db8:1:1::22
+
+# do_not_announce_to_any
+deny to 2001:db8:1:1::22 community 0:999
+deny to 2001:db8:1:1::22 ext-community rt 0:999
+deny to 2001:db8:1:1::22 large-community 999:0:999
+
+# do_not_announce_to_peer
+deny quick to 2001:db8:1:1::22 community 0:10745
+deny quick to 2001:db8:1:1::22 ext-community rt 0:10745
+deny quick to 2001:db8:1:1::22 large-community 999:0:10745
+
+# do_not_announce_to_peers_with_rtt_lower_than 500 ms
+deny to 2001:db8:1:1::22 community 64511:500
+deny to 2001:db8:1:1::22 ext-community rt 64511:500
+deny to 2001:db8:1:1::22 large-community 999:64511:500
+
+
+# announce_to_peers_with_rtt_lower_than 500 ms
+allow to 2001:db8:1:1::22 community 64513:500
+allow to 2001:db8:1:1::22 ext-community rt 64513:500
+allow to 2001:db8:1:1::22 large-community 999:64513:500
+
+
+# do_not_announce_to_peers_with_rtt_higher_than 5 ms
+deny to 2001:db8:1:1::22 community 64512:5
+deny to 2001:db8:1:1::22 ext-community rt 64512:5
+deny to 2001:db8:1:1::22 large-community 999:64512:5
+
+
+# do_not_announce_to_peers_with_rtt_higher_than 10 ms
+deny to 2001:db8:1:1::22 community 64512:10
+deny to 2001:db8:1:1::22 ext-community rt 64512:10
+deny to 2001:db8:1:1::22 large-community 999:64512:10
+
+
+# do_not_announce_to_peers_with_rtt_higher_than 15 ms
+deny to 2001:db8:1:1::22 community 64512:15
+deny to 2001:db8:1:1::22 ext-community rt 64512:15
+deny to 2001:db8:1:1::22 large-community 999:64512:15
+
+
+# do_not_announce_to_peers_with_rtt_higher_than 20 ms
+deny to 2001:db8:1:1::22 community 64512:20
+deny to 2001:db8:1:1::22 ext-community rt 64512:20
+deny to 2001:db8:1:1::22 large-community 999:64512:20
+
+
+# do_not_announce_to_peers_with_rtt_higher_than 30 ms
+deny to 2001:db8:1:1::22 community 64512:30
+deny to 2001:db8:1:1::22 ext-community rt 64512:30
+deny to 2001:db8:1:1::22 large-community 999:64512:30
+
+
+# do_not_announce_to_peers_with_rtt_higher_than 50 ms
+deny to 2001:db8:1:1::22 community 64512:50
+deny to 2001:db8:1:1::22 ext-community rt 64512:50
+deny to 2001:db8:1:1::22 large-community 999:64512:50
+
+
+# do_not_announce_to_peers_with_rtt_higher_than 100 ms
+deny to 2001:db8:1:1::22 community 64512:100
+deny to 2001:db8:1:1::22 ext-community rt 64512:100
+deny to 2001:db8:1:1::22 large-community 999:64512:100
+
+
+# do_not_announce_to_peers_with_rtt_higher_than 200 ms
+deny to 2001:db8:1:1::22 community 64512:200
+deny to 2001:db8:1:1::22 ext-community rt 64512:200
+deny to 2001:db8:1:1::22 large-community 999:64512:200
+
+
+# announce_to_peers_with_rtt_higher_than 5 ms
+allow to 2001:db8:1:1::22 community 64514:5
+allow to 2001:db8:1:1::22 ext-community rt 64514:5
+allow to 2001:db8:1:1::22 large-community 999:64514:5
+
+
+# announce_to_peers_with_rtt_higher_than 10 ms
+allow to 2001:db8:1:1::22 community 64514:10
+allow to 2001:db8:1:1::22 ext-community rt 64514:10
+allow to 2001:db8:1:1::22 large-community 999:64514:10
+
+
+# announce_to_peers_with_rtt_higher_than 15 ms
+allow to 2001:db8:1:1::22 community 64514:15
+allow to 2001:db8:1:1::22 ext-community rt 64514:15
+allow to 2001:db8:1:1::22 large-community 999:64514:15
+
+
+# announce_to_peers_with_rtt_higher_than 20 ms
+allow to 2001:db8:1:1::22 community 64514:20
+allow to 2001:db8:1:1::22 ext-community rt 64514:20
+allow to 2001:db8:1:1::22 large-community 999:64514:20
+
+
+# announce_to_peers_with_rtt_higher_than 30 ms
+allow to 2001:db8:1:1::22 community 64514:30
+allow to 2001:db8:1:1::22 ext-community rt 64514:30
+allow to 2001:db8:1:1::22 large-community 999:64514:30
+
+
+# announce_to_peers_with_rtt_higher_than 50 ms
+allow to 2001:db8:1:1::22 community 64514:50
+allow to 2001:db8:1:1::22 ext-community rt 64514:50
+allow to 2001:db8:1:1::22 large-community 999:64514:50
+
+
+# announce_to_peers_with_rtt_higher_than 100 ms
+allow to 2001:db8:1:1::22 community 64514:100
+allow to 2001:db8:1:1::22 ext-community rt 64514:100
+allow to 2001:db8:1:1::22 large-community 999:64514:100
+
+
+# announce_to_peers_with_rtt_higher_than 200 ms
+allow to 2001:db8:1:1::22 community 64514:200
+allow to 2001:db8:1:1::22 ext-community rt 64514:200
+allow to 2001:db8:1:1::22 large-community 999:64514:200
+
+
+# announce_to_peer
+allow to 2001:db8:1:1::22 community 999:10745
+allow to 2001:db8:1:1::22 ext-community rt 999:10745
+allow to 2001:db8:1:1::22 large-community 999:999:10745
+
+
+# Add the $INTCOMM_PROCESS_PREPEND_COMMS ext community to signal that communities
+# for prepending can be processed. As soon as one prepending action is performed,
+# this internal community is removed, so that further actions are not processed.
+match to 2001:db8:1:1::22 set ext-community $INTCOMM_PROCESS_PREPEND_COMMS
+
+# prepend_once_to_peer AS10745; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::22 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 65504:10745 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::22 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 65504:10745 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::22 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:65504:10745 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+# prepend_twice_to_peer AS10745; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::22 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 65505:10745 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::22 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 65505:10745 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::22 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:65505:10745 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+# prepend_thrice_to_peer AS10745; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::22 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 65506:10745 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::22 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 65506:10745 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::22 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:65506:10745 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_once_to_peers_with_rtt_higher_than 200 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::22 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64518:200 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::22 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64518:200 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::22 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64518:200 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_twice_to_peers_with_rtt_higher_than 200 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::22 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64519:200 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::22 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64519:200 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::22 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64519:200 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_thrice_to_peers_with_rtt_higher_than 200 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::22 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64520:200 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::22 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64520:200 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::22 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64520:200 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_once_to_peers_with_rtt_higher_than 100 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::22 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64518:100 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::22 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64518:100 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::22 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64518:100 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_twice_to_peers_with_rtt_higher_than 100 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::22 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64519:100 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::22 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64519:100 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::22 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64519:100 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_thrice_to_peers_with_rtt_higher_than 100 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::22 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64520:100 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::22 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64520:100 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::22 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64520:100 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_once_to_peers_with_rtt_higher_than 50 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::22 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64518:50 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::22 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64518:50 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::22 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64518:50 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_twice_to_peers_with_rtt_higher_than 50 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::22 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64519:50 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::22 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64519:50 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::22 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64519:50 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_thrice_to_peers_with_rtt_higher_than 50 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::22 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64520:50 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::22 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64520:50 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::22 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64520:50 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_once_to_peers_with_rtt_higher_than 30 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::22 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64518:30 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::22 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64518:30 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::22 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64518:30 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_twice_to_peers_with_rtt_higher_than 30 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::22 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64519:30 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::22 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64519:30 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::22 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64519:30 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_thrice_to_peers_with_rtt_higher_than 30 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::22 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64520:30 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::22 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64520:30 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::22 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64520:30 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_once_to_peers_with_rtt_higher_than 20 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::22 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64518:20 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::22 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64518:20 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::22 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64518:20 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_twice_to_peers_with_rtt_higher_than 20 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::22 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64519:20 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::22 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64519:20 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::22 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64519:20 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_thrice_to_peers_with_rtt_higher_than 20 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::22 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64520:20 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::22 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64520:20 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::22 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64520:20 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_once_to_peers_with_rtt_higher_than 15 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::22 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64518:15 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::22 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64518:15 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::22 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64518:15 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_twice_to_peers_with_rtt_higher_than 15 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::22 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64519:15 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::22 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64519:15 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::22 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64519:15 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_thrice_to_peers_with_rtt_higher_than 15 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::22 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64520:15 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::22 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64520:15 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::22 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64520:15 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_once_to_peers_with_rtt_higher_than 10 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::22 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64518:10 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::22 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64518:10 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::22 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64518:10 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_twice_to_peers_with_rtt_higher_than 10 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::22 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64519:10 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::22 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64519:10 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::22 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64519:10 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_thrice_to_peers_with_rtt_higher_than 10 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::22 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64520:10 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::22 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64520:10 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::22 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64520:10 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_once_to_peers_with_rtt_higher_than 5 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::22 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64518:5 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::22 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64518:5 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::22 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64518:5 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_twice_to_peers_with_rtt_higher_than 5 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::22 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64519:5 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::22 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64519:5 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::22 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64519:5 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_thrice_to_peers_with_rtt_higher_than 5 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::22 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64520:5 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::22 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64520:5 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::22 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64520:5 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_once_to_peers_with_rtt_lower_than 500 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::22 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64515:500 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::22 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64515:500 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::22 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64515:500 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_twice_to_peers_with_rtt_lower_than 500 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::22 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64516:500 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::22 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64516:500 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::22 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64516:500 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_thrice_to_peers_with_rtt_lower_than 500 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::22 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64517:500 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::22 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64517:500 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::22 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64517:500 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+
+# prepend_once_to_any; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::22 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 65501:999 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::22 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 65501:999 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::22 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:65501:999 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+# prepend_twice_to_any; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::22 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 65502:999 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::22 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 65502:999 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::22 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:65502:999 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+# prepend_thrice_to_any; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::22 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 65503:999 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::22 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 65503:999 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::22 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:65503:999 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+
+# ---------------------------------------------
+# client AS3333_1, inbound
+
+
+# Attach custom BGP communities
+# from_europe
+match from 192.0.2.11 set community 65534:1
+match from 192.0.2.11 set ext-community rt 65534:1
+match from 192.0.2.11 set large-community 999:65534:1
+
+# NEXT_HOP
+match from 192.0.2.11 set community NO_ADVERTISE
+match from 192.0.2.11 nexthop 192.0.2.11 set community delete NO_ADVERTISE
+# Reject inbound routes when 'from 192.0.2.11 community NO_ADVERTISE' - reject code: 5
+allow quick from 192.0.2.11 community NO_ADVERTISE set {
+	localpref 1
+	community 65520:0
+	community 65520:5
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: left-most ASN
+# Reject inbound routes when 'from 192.0.2.11 peer-as != 3333' - reject code: 6
+# community from reject_cause_map
+allow quick from 192.0.2.11 peer-as != 3333 set {
+	localpref 1
+	community 65520:0
+	community 65520:6
+	large-community 999:1101:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: invalid ASNs
+# Reject inbound routes when 'from 192.0.2.11 AS 23456' - reject code: 7
+allow quick from 192.0.2.11 AS 23456 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 192.0.2.11 AS 64496 - 131071' - reject code: 7
+allow quick from 192.0.2.11 AS 64496 - 131071 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 192.0.2.11 AS 4200000000 - 4294967295' - reject code: 7
+allow quick from 192.0.2.11 AS 4200000000 - 4294967295 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: transit-free ASNs
+# Reject inbound routes when 'from 192.0.2.11 AS { 174, 701, 1299, 2914, 3257, 3320, 3356, 5511, 6453, 6461, 6762, 6830, 7018, 12956 }' - reject code: 8
+allow quick from 192.0.2.11 AS { 174, 701, 1299, 2914, 3257, 3320, 3356, 5511, 6453, 6461, 6762, 6830, 7018, 12956 } set {
+	localpref 1
+	community 65520:0
+	community 65520:8
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: never via route-servers ASNs
+# Reject inbound routes when 'from 192.0.2.11 AS as-set neverviarouteserver' - reject code: 15
+allow quick from 192.0.2.11 AS as-set neverviarouteserver set {
+	localpref 1
+	community 65520:0
+	community 65520:15
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+match from 192.0.2.11 set ext-community $INTCOMM_IRR_REJECT
+
+# AS_PATH: check origin via AS-SET
+# IRRDB filters for AS3333_1, AS3333: asns
+# add $INTCOMM_ORIGIN_KO to any; it will be removed later if at least one AS-SET authorizes this object
+match from 192.0.2.11 set ext-community $INTCOMM_ORIGIN_KO
+# verifying if object is authorized by AS-SETs
+match from 192.0.2.11 source-as as-set AS_SET_AS3333_asns set {
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community $INTCOMM_ORIGIN_OK
+} # AS3333
+# AS-SET AS_RIPENCC referenced but empty.
+# adding not_present_in_as_set community to unauthorized routes
+match from 192.0.2.11 ext-community $INTCOMM_ORIGIN_KO set community 65530:0
+match from 192.0.2.11 ext-community $INTCOMM_ORIGIN_KO set large-community 999:65530:0
+# adding present_in_as_set community to authorized routes
+match from 192.0.2.11 ext-community $INTCOMM_ORIGIN_OK set community 65530:1
+match from 192.0.2.11 ext-community $INTCOMM_ORIGIN_OK set large-community 999:65530:1
+
+
+# Prefix: check prefix via AS-SET
+# IRRDB filters for AS3333_1, AS3333: prefixes
+# add $INTCOMM_PREFIX_KO to any; it will be removed later if at least one AS-SET authorizes this object
+match from 192.0.2.11 set ext-community $INTCOMM_PREFIX_KO
+# verifying if object is authorized by AS-SETs
+match from 192.0.2.11 prefix-set AS_SET_AS3333_prefixes set {
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community $INTCOMM_PREFIX_OK
+} # AS3333
+# AS-SET AS_RIPENCC referenced but empty.
+
+
+# routes tagged with $INTCOMM_PREF_OK_ROA community have the prefix validated by a ROA; origin ASN previously validated ($INTCOMM_ORIGIN_OK)
+match from 192.0.2.11 ext-community $INTCOMM_ORIGIN_OK ext-community $INTCOMM_PREF_OK_ROA set community 65530:2
+match from 192.0.2.11 ext-community $INTCOMM_ORIGIN_OK ext-community $INTCOMM_PREF_OK_ROA set large-community 999:65530:2
+
+match from 192.0.2.11 ext-community $INTCOMM_ORIGIN_OK ext-community $INTCOMM_PREF_OK_ROA set ext-community delete $INTCOMM_IRR_REJECT
+
+# routes tagged with $INTCOMM_PREF_OK_ARINDB community have the prefix validated by an ARIN Whois record; origin ASN previously validated ($INTCOMM_ORIGIN_OK)
+match from 192.0.2.11 ext-community $INTCOMM_ORIGIN_OK ext-community $INTCOMM_PREF_OK_ARINDB set community 65530:4
+match from 192.0.2.11 ext-community $INTCOMM_ORIGIN_OK ext-community $INTCOMM_PREF_OK_ARINDB set large-community 999:65530:4
+
+match from 192.0.2.11 ext-community $INTCOMM_ORIGIN_OK ext-community $INTCOMM_PREF_OK_ARINDB set ext-community delete $INTCOMM_IRR_REJECT
+
+
+
+# enforcing: origin ASN
+# Reject inbound routes when 'from 192.0.2.11 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_ORIGIN_KO' - reject code: 9
+allow quick from 192.0.2.11 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_ORIGIN_KO set {
+	localpref 1
+	community 65520:0
+	community 65520:9
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# enforcing: prefix
+# Reject inbound routes when 'from 192.0.2.11 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_PREFIX_KO' - reject code: 12
+allow quick from 192.0.2.11 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_PREFIX_KO set {
+	localpref 1
+	community 65520:0
+	community 65520:12
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# Blackhole request?
+match from 192.0.2.11 set ext-community delete rt 65520:3333
+
+
+# Remove internal communities before accepting the route
+match from 192.0.2.11 community BLACKHOLE set {
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+allow from 192.0.2.11 community 65534:0 set {
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+allow from 192.0.2.11 large-community 999:666:0 set {
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+allow quick from 192.0.2.11 community BLACKHOLE
+allow quick from 192.0.2.11 community 65534:0
+allow quick from 192.0.2.11 large-community 999:666:0
+
+
+match from 192.0.2.11 set ext-community rt 65520:3333
+
+
+# RPKI-based Origin Validation
+# Reject inbound routes when 'from 192.0.2.11 ext-community $INTCOMM_RPKI_INVALID' - reject code: 14
+allow quick from 192.0.2.11 ext-community $INTCOMM_RPKI_INVALID set {
+	localpref 1
+	community 65520:0
+	community 65520:14
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# Prefix: length
+# Reject inbound routes when 'from 192.0.2.11 prefix 0.0.0.0/0 prefixlen 8 >< 24' - reject code: 13
+allow quick from 192.0.2.11 prefix 0.0.0.0/0 prefixlen 8 >< 24 set {
+	localpref 1
+	community 65520:0
+	community 65520:13
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# Graceful shutdown
+match from 192.0.2.11 community GRACEFUL_SHUTDOWN set localpref 0
+
+# Remove internal communities before accepting the route
+match from 192.0.2.11 set {
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+match from 192.0.2.11 set ext-community delete rt 65520:3333
+
+
+
+allow quick from 192.0.2.11
+
+
+
+# ---------------------------------------------
+# client AS3333_1, outbound
+
+deny quick to 192.0.2.11 community 65520:0
+
+
+
+# Blackhole request?
+# Configured policy: rewrite-next-hop
+match to 192.0.2.11 community 65534:0 set community BLACKHOLE
+match to 192.0.2.11 large-community 999:666:0 set community BLACKHOLE
+
+match to 192.0.2.11 community BLACKHOLE set community NO_EXPORT
+match to 192.0.2.11 community BLACKHOLE set nexthop 192.0.2.66
+
+
+# RPKI-based Origin Validation
+# Do not announce INVALID to clients
+deny quick to 192.0.2.11 ext-community $INTCOMM_RPKI_INVALID
+
+# NO_EXPORT and NO_ADVERTISE communities
+# add_noexport_to_any
+match to 192.0.2.11 community 65507:999 set community NO_EXPORT
+match to 192.0.2.11 ext-community rt 65507:999 set community NO_EXPORT
+match to 192.0.2.11 large-community 999:65507:999 set community NO_EXPORT
+
+# add_noadvertise_to_any
+match to 192.0.2.11 community 65508:999 set community NO_ADVERTISE
+match to 192.0.2.11 ext-community rt 65508:999 set community NO_ADVERTISE
+match to 192.0.2.11 large-community 999:65508:999 set community NO_ADVERTISE
+
+# add_noexport_to_peer
+match to 192.0.2.11 community 65509:3333 set community NO_EXPORT
+match to 192.0.2.11 ext-community rt 65509:3333 set community NO_EXPORT
+match to 192.0.2.11 large-community 999:65509:3333 set community NO_EXPORT
+
+# add_noadvertise_to_peer
+match to 192.0.2.11 community 65510:3333 set community NO_ADVERTISE
+match to 192.0.2.11 ext-community rt 65510:3333 set community NO_ADVERTISE
+match to 192.0.2.11 large-community 999:65510:3333 set community NO_ADVERTISE
+
+
+# BGP control communities
+allow to 192.0.2.11
+
+# do_not_announce_to_any
+deny to 192.0.2.11 community 0:999
+deny to 192.0.2.11 ext-community rt 0:999
+deny to 192.0.2.11 large-community 999:0:999
+
+# do_not_announce_to_peer
+deny quick to 192.0.2.11 community 0:3333
+deny quick to 192.0.2.11 ext-community rt 0:3333
+deny quick to 192.0.2.11 large-community 999:0:3333
+
+# do_not_announce_to_peers_with_rtt_lower_than 200 ms
+deny to 192.0.2.11 community 64511:200
+deny to 192.0.2.11 ext-community rt 64511:200
+deny to 192.0.2.11 large-community 999:64511:200
+
+
+# do_not_announce_to_peers_with_rtt_lower_than 500 ms
+deny to 192.0.2.11 community 64511:500
+deny to 192.0.2.11 ext-community rt 64511:500
+deny to 192.0.2.11 large-community 999:64511:500
+
+
+# announce_to_peers_with_rtt_lower_than 200 ms
+allow to 192.0.2.11 community 64513:200
+allow to 192.0.2.11 ext-community rt 64513:200
+allow to 192.0.2.11 large-community 999:64513:200
+
+
+# announce_to_peers_with_rtt_lower_than 500 ms
+allow to 192.0.2.11 community 64513:500
+allow to 192.0.2.11 ext-community rt 64513:500
+allow to 192.0.2.11 large-community 999:64513:500
+
+
+# do_not_announce_to_peers_with_rtt_higher_than 5 ms
+deny to 192.0.2.11 community 64512:5
+deny to 192.0.2.11 ext-community rt 64512:5
+deny to 192.0.2.11 large-community 999:64512:5
+
+
+# do_not_announce_to_peers_with_rtt_higher_than 10 ms
+deny to 192.0.2.11 community 64512:10
+deny to 192.0.2.11 ext-community rt 64512:10
+deny to 192.0.2.11 large-community 999:64512:10
+
+
+# do_not_announce_to_peers_with_rtt_higher_than 15 ms
+deny to 192.0.2.11 community 64512:15
+deny to 192.0.2.11 ext-community rt 64512:15
+deny to 192.0.2.11 large-community 999:64512:15
+
+
+# do_not_announce_to_peers_with_rtt_higher_than 20 ms
+deny to 192.0.2.11 community 64512:20
+deny to 192.0.2.11 ext-community rt 64512:20
+deny to 192.0.2.11 large-community 999:64512:20
+
+
+# do_not_announce_to_peers_with_rtt_higher_than 30 ms
+deny to 192.0.2.11 community 64512:30
+deny to 192.0.2.11 ext-community rt 64512:30
+deny to 192.0.2.11 large-community 999:64512:30
+
+
+# do_not_announce_to_peers_with_rtt_higher_than 50 ms
+deny to 192.0.2.11 community 64512:50
+deny to 192.0.2.11 ext-community rt 64512:50
+deny to 192.0.2.11 large-community 999:64512:50
+
+
+# do_not_announce_to_peers_with_rtt_higher_than 100 ms
+deny to 192.0.2.11 community 64512:100
+deny to 192.0.2.11 ext-community rt 64512:100
+deny to 192.0.2.11 large-community 999:64512:100
+
+
+# announce_to_peers_with_rtt_higher_than 5 ms
+allow to 192.0.2.11 community 64514:5
+allow to 192.0.2.11 ext-community rt 64514:5
+allow to 192.0.2.11 large-community 999:64514:5
+
+
+# announce_to_peers_with_rtt_higher_than 10 ms
+allow to 192.0.2.11 community 64514:10
+allow to 192.0.2.11 ext-community rt 64514:10
+allow to 192.0.2.11 large-community 999:64514:10
+
+
+# announce_to_peers_with_rtt_higher_than 15 ms
+allow to 192.0.2.11 community 64514:15
+allow to 192.0.2.11 ext-community rt 64514:15
+allow to 192.0.2.11 large-community 999:64514:15
+
+
+# announce_to_peers_with_rtt_higher_than 20 ms
+allow to 192.0.2.11 community 64514:20
+allow to 192.0.2.11 ext-community rt 64514:20
+allow to 192.0.2.11 large-community 999:64514:20
+
+
+# announce_to_peers_with_rtt_higher_than 30 ms
+allow to 192.0.2.11 community 64514:30
+allow to 192.0.2.11 ext-community rt 64514:30
+allow to 192.0.2.11 large-community 999:64514:30
+
+
+# announce_to_peers_with_rtt_higher_than 50 ms
+allow to 192.0.2.11 community 64514:50
+allow to 192.0.2.11 ext-community rt 64514:50
+allow to 192.0.2.11 large-community 999:64514:50
+
+
+# announce_to_peers_with_rtt_higher_than 100 ms
+allow to 192.0.2.11 community 64514:100
+allow to 192.0.2.11 ext-community rt 64514:100
+allow to 192.0.2.11 large-community 999:64514:100
+
+
+# announce_to_peer
+allow to 192.0.2.11 community 999:3333
+allow to 192.0.2.11 ext-community rt 999:3333
+allow to 192.0.2.11 large-community 999:999:3333
+
+
+# Add the $INTCOMM_PROCESS_PREPEND_COMMS ext community to signal that communities
+# for prepending can be processed. As soon as one prepending action is performed,
+# this internal community is removed, so that further actions are not processed.
+match to 192.0.2.11 set ext-community $INTCOMM_PROCESS_PREPEND_COMMS
+
+# prepend_once_to_peer AS3333; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 65504:3333 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 65504:3333 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:65504:3333 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+# prepend_twice_to_peer AS3333; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 65505:3333 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 65505:3333 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:65505:3333 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+# prepend_thrice_to_peer AS3333; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 65506:3333 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 65506:3333 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:65506:3333 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_once_to_peers_with_rtt_higher_than 100 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64518:100 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64518:100 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64518:100 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_twice_to_peers_with_rtt_higher_than 100 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64519:100 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64519:100 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64519:100 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_thrice_to_peers_with_rtt_higher_than 100 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64520:100 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64520:100 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64520:100 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_once_to_peers_with_rtt_higher_than 50 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64518:50 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64518:50 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64518:50 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_twice_to_peers_with_rtt_higher_than 50 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64519:50 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64519:50 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64519:50 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_thrice_to_peers_with_rtt_higher_than 50 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64520:50 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64520:50 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64520:50 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_once_to_peers_with_rtt_higher_than 30 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64518:30 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64518:30 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64518:30 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_twice_to_peers_with_rtt_higher_than 30 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64519:30 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64519:30 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64519:30 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_thrice_to_peers_with_rtt_higher_than 30 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64520:30 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64520:30 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64520:30 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_once_to_peers_with_rtt_higher_than 20 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64518:20 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64518:20 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64518:20 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_twice_to_peers_with_rtt_higher_than 20 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64519:20 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64519:20 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64519:20 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_thrice_to_peers_with_rtt_higher_than 20 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64520:20 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64520:20 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64520:20 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_once_to_peers_with_rtt_higher_than 15 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64518:15 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64518:15 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64518:15 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_twice_to_peers_with_rtt_higher_than 15 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64519:15 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64519:15 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64519:15 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_thrice_to_peers_with_rtt_higher_than 15 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64520:15 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64520:15 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64520:15 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_once_to_peers_with_rtt_higher_than 10 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64518:10 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64518:10 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64518:10 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_twice_to_peers_with_rtt_higher_than 10 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64519:10 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64519:10 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64519:10 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_thrice_to_peers_with_rtt_higher_than 10 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64520:10 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64520:10 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64520:10 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_once_to_peers_with_rtt_higher_than 5 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64518:5 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64518:5 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64518:5 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_twice_to_peers_with_rtt_higher_than 5 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64519:5 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64519:5 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64519:5 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_thrice_to_peers_with_rtt_higher_than 5 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64520:5 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64520:5 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64520:5 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_once_to_peers_with_rtt_lower_than 200 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64515:200 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64515:200 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64515:200 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_twice_to_peers_with_rtt_lower_than 200 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64516:200 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64516:200 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64516:200 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_thrice_to_peers_with_rtt_lower_than 200 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64517:200 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64517:200 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64517:200 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_once_to_peers_with_rtt_lower_than 500 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64515:500 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64515:500 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64515:500 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_twice_to_peers_with_rtt_lower_than 500 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64516:500 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64516:500 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64516:500 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+# prepend_thrice_to_peers_with_rtt_lower_than 500 ms; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 64517:500 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 64517:500 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:64517:500 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+
+# prepend_once_to_any; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 65501:999 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 65501:999 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:65501:999 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+# prepend_twice_to_any; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 65502:999 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 65502:999 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:65502:999 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+# prepend_thrice_to_any; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 65503:999 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 65503:999 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:65503:999 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+
+
+
+# Scrub communities from outbound routes
+# add_noadvertise_to_any
+match to group clients set community delete 65508:999
+match to group clients set ext-community delete rt 65508:999
+match to group clients set large-community delete 999:65508:999
+
+# add_noadvertise_to_peer
+match to group clients set community delete 65510:*
+match to group clients set ext-community delete rt 65510:*
+match to group clients set large-community delete 999:65510:*
+
+# add_noexport_to_any
+match to group clients set community delete 65507:999
+match to group clients set ext-community delete rt 65507:999
+match to group clients set large-community delete 999:65507:999
+
+# add_noexport_to_peer
+match to group clients set community delete 65509:*
+match to group clients set ext-community delete rt 65509:*
+match to group clients set large-community delete 999:65509:*
+
+# announce_to_peer
+match to group clients set community delete 999:*
+match to group clients set ext-community delete rt 999:*
+match to group clients set large-community delete 999:999:*
+
+# announce_to_peers_with_rtt_higher_than
+match to group clients set community delete 64514:*
+match to group clients set ext-community delete rt 64514:*
+match to group clients set large-community delete 999:64514:*
+
+# announce_to_peers_with_rtt_lower_than
+match to group clients set community delete 64513:*
+match to group clients set ext-community delete rt 64513:*
+match to group clients set large-community delete 999:64513:*
+
+# blackholing
+match to group clients set community delete 65534:0
+match to group clients set large-community delete 999:666:0
+
+# do_not_announce_to_any
+match to group clients set community delete 0:999
+match to group clients set ext-community delete rt 0:999
+match to group clients set large-community delete 999:0:999
+
+# do_not_announce_to_peer
+match to group clients set community delete 0:*
+match to group clients set ext-community delete rt 0:*
+match to group clients set large-community delete 999:0:*
+
+# do_not_announce_to_peers_with_rtt_higher_than
+match to group clients set community delete 64512:*
+match to group clients set ext-community delete rt 64512:*
+match to group clients set large-community delete 999:64512:*
+
+# do_not_announce_to_peers_with_rtt_lower_than
+match to group clients set community delete 64511:*
+match to group clients set ext-community delete rt 64511:*
+match to group clients set large-community delete 999:64511:*
+
+# prepend_once_to_any
+match to group clients set community delete 65501:999
+match to group clients set ext-community delete rt 65501:999
+match to group clients set large-community delete 999:65501:999
+
+# prepend_once_to_peer
+match to group clients set community delete 65504:*
+match to group clients set ext-community delete rt 65504:*
+match to group clients set large-community delete 999:65504:*
+
+# prepend_once_to_peers_with_rtt_higher_than
+match to group clients set community delete 64518:*
+match to group clients set ext-community delete rt 64518:*
+match to group clients set large-community delete 999:64518:*
+
+# prepend_once_to_peers_with_rtt_lower_than
+match to group clients set community delete 64515:*
+match to group clients set ext-community delete rt 64515:*
+match to group clients set large-community delete 999:64515:*
+
+# prepend_thrice_to_any
+match to group clients set community delete 65503:999
+match to group clients set ext-community delete rt 65503:999
+match to group clients set large-community delete 999:65503:999
+
+# prepend_thrice_to_peer
+match to group clients set community delete 65506:*
+match to group clients set ext-community delete rt 65506:*
+match to group clients set large-community delete 999:65506:*
+
+# prepend_thrice_to_peers_with_rtt_higher_than
+match to group clients set community delete 64520:*
+match to group clients set ext-community delete rt 64520:*
+match to group clients set large-community delete 999:64520:*
+
+# prepend_thrice_to_peers_with_rtt_lower_than
+match to group clients set community delete 64517:*
+match to group clients set ext-community delete rt 64517:*
+match to group clients set large-community delete 999:64517:*
+
+# prepend_twice_to_any
+match to group clients set community delete 65502:999
+match to group clients set ext-community delete rt 65502:999
+match to group clients set large-community delete 999:65502:999
+
+# prepend_twice_to_peer
+match to group clients set community delete 65505:*
+match to group clients set ext-community delete rt 65505:*
+match to group clients set large-community delete 999:65505:*
+
+# prepend_twice_to_peers_with_rtt_higher_than
+match to group clients set community delete 64519:*
+match to group clients set ext-community delete rt 64519:*
+match to group clients set large-community delete 999:64519:*
+
+# prepend_twice_to_peers_with_rtt_lower_than
+match to group clients set community delete 64516:*
+match to group clients set ext-community delete rt 64516:*
+match to group clients set large-community delete 999:64516:*
+
+# reject_cause
+match to group clients set community delete 65520:*
+
+# reject_cause_map_6
+match to group clients set large-community delete 999:1101:7
+
+# rejected_route_announced_by
+match to group clients set ext-community delete rt 65520:*
+
+
+# Scrub prepending communities
+match to group clients set {
+	community delete 65501:999
+	ext-community delete rt 65501:999
+	large-community delete 999:65501:999
+
+}
+match to group clients set {
+	community delete 65504:*
+	ext-community delete rt 65504:*
+	large-community delete 999:65504:*
+
+}
+match to group clients set {
+	community delete 64518:*
+	ext-community delete rt 64518:*
+	large-community delete 999:64518:*
+
+}
+match to group clients set {
+	community delete 64515:*
+	ext-community delete rt 64515:*
+	large-community delete 999:64515:*
+
+}
+match to group clients set {
+	community delete 65503:999
+	ext-community delete rt 65503:999
+	large-community delete 999:65503:999
+
+}
+match to group clients set {
+	community delete 65506:*
+	ext-community delete rt 65506:*
+	large-community delete 999:65506:*
+
+}
+match to group clients set {
+	community delete 64520:*
+	ext-community delete rt 64520:*
+	large-community delete 999:64520:*
+
+}
+match to group clients set {
+	community delete 64517:*
+	ext-community delete rt 64517:*
+	large-community delete 999:64517:*
+
+}
+match to group clients set {
+	community delete 65502:999
+	ext-community delete rt 65502:999
+	large-community delete 999:65502:999
+
+}
+match to group clients set {
+	community delete 65505:*
+	ext-community delete rt 65505:*
+	large-community delete 999:65505:*
+
+}
+match to group clients set {
+	community delete 64519:*
+	ext-community delete rt 64519:*
+	large-community delete 999:64519:*
+
+}
+match to group clients set {
+	community delete 64516:*
+	ext-community delete rt 64516:*
+	large-community delete 999:64516:*
+
+}
+
+
+# RFC1997 NO_EXPORT/NO_ADVERTISE received from clients and propagated because of pass-through policy
+match to group clients ext-community $INTCOMM_NO_EXPORT set community NO_EXPORT
+match to group clients ext-community $INTCOMM_NO_ADVERTISE set community NO_ADVERTISE
+
+# Remove internal communities before announcing the route
+match to group clients set {
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
diff --git a/tests/live_tests/scenarios/rich_example/configs/RichConfigExampleScenarioOpenBGPD_IPv6/openbgpd68.conf b/tests/live_tests/scenarios/rich_example/configs/RichConfigExampleScenarioOpenBGPD_IPv6/openbgpd68.conf
index fb56d9e6..b416aa96 100644
--- a/tests/live_tests/scenarios/rich_example/configs/RichConfigExampleScenarioOpenBGPD_IPv6/openbgpd68.conf
+++ b/tests/live_tests/scenarios/rich_example/configs/RichConfigExampleScenarioOpenBGPD_IPv6/openbgpd68.conf
@@ -185,7 +185,7 @@ prefix-set "bogons" {
 
 # never via route-servers ASNs
 as-set "neverviarouteserver" {
-	92, 174, 278, 680, 714, 1273, 1299, 1955, 2152, 2914, 3257, 3265, 3292, 3320, 3491, 3630, 3754, 5391, 5432, 5511, 6079, 6730, 6805, 6830, 6908, 7155, 7843, 7862, 8075, 8365, 8455, 8607, 8943, 9908, 10013, 11164, 11260, 11290, 11670, 12322, 12353, 12822, 13030, 13032, 14295, 15692, 16509, 17012, 18520, 19237, 20115, 20161, 21396, 23888, 23961, 24282, 24800, 27947, 29169, 30967, 30983, 31764, 33983, 34108, 34209, 34587, 35836, 35900, 36165, 36459, 37271, 37529, 38713, 39326, 39651, 40029, 40063, 43470, 46450, 47377, 47583, 48237, 48265, 48408, 49127, 49910, 49922, 51530, 51630, 53859, 54295, 55244, 57433, 57468, 57866, 58768, 60412, 60757, 61756, 62164, 62567, 62623, 63290, 131398, 131996, 132563, 132829, 132996, 133317, 134022, 135706, 135848, 136106, 136874, 137207, 137610, 138023, 138769, 138953, 139667, 140287, 141091, 141120, 141134, 141140, 141411, 141856, 141892, 142164, 142348, 142369, 146846, 146958, 147059, 149296, 149663, 149826, 201978, 202561, 202793, 206275, 207353, 207484, 208425, 209699, 210030, 210715, 212512, 212539, 212623, 212706, 212953, 213202, 262191, 262888, 263258, 263686, 263801, 263856, 264424, 265337, 265630, 267214, 267442, 267561, 268091, 269156, 269190, 269367, 269512, 269654, 269906, 270407, 270544, 270781, 270828, 271053, 271172, 271200, 272018, 272124, 327732, 328445, 328572, 328582, 328959, 393573, 393684, 396304, 396477, 398203, 399338
+	2914, 3491
 }
 
 # =====================================================================================
diff --git a/tests/live_tests/scenarios/rich_example/configs/RichConfigExampleScenarioOpenBGPD_IPv6/openbgpd70.conf b/tests/live_tests/scenarios/rich_example/configs/RichConfigExampleScenarioOpenBGPD_IPv6/openbgpd70.conf
index 1ee7a311..97f2d27a 100644
--- a/tests/live_tests/scenarios/rich_example/configs/RichConfigExampleScenarioOpenBGPD_IPv6/openbgpd70.conf
+++ b/tests/live_tests/scenarios/rich_example/configs/RichConfigExampleScenarioOpenBGPD_IPv6/openbgpd70.conf
@@ -189,7 +189,7 @@ prefix-set "bogons" {
 
 # never via route-servers ASNs
 as-set "neverviarouteserver" {
-	92, 174, 278, 680, 714, 1273, 1299, 1955, 2152, 2914, 3257, 3265, 3292, 3320, 3491, 3630, 3754, 5391, 5432, 5511, 6079, 6730, 6805, 6830, 6908, 7155, 7843, 7862, 8075, 8365, 8455, 8607, 8943, 9908, 10013, 11164, 11260, 11290, 11670, 12322, 12353, 12822, 13030, 13032, 14295, 15692, 16509, 17012, 18520, 19237, 20115, 20161, 21396, 23888, 23961, 24282, 24800, 27947, 29169, 30967, 30983, 31764, 33983, 34108, 34209, 34587, 35836, 35900, 36165, 36459, 37271, 37529, 38713, 39326, 39651, 40029, 40063, 43470, 46450, 47377, 47583, 48237, 48265, 48408, 49127, 49910, 49922, 51530, 51630, 53859, 54295, 55244, 57433, 57468, 57866, 58768, 60412, 60757, 61756, 62164, 62567, 62623, 63290, 131398, 131996, 132563, 132829, 132996, 133317, 134022, 135706, 135848, 136106, 136874, 137207, 137610, 138023, 138769, 138953, 139667, 140287, 141091, 141120, 141134, 141140, 141411, 141856, 141892, 142164, 142348, 142369, 146846, 146958, 147059, 149296, 149663, 149826, 201978, 202561, 202793, 206275, 207353, 207484, 208425, 209699, 210030, 210715, 212512, 212539, 212623, 212706, 212953, 213202, 262191, 262888, 263258, 263686, 263801, 263856, 264424, 265337, 265630, 267214, 267442, 267561, 268091, 269156, 269190, 269367, 269512, 269654, 269906, 270407, 270544, 270781, 270828, 271053, 271172, 271200, 272018, 272124, 327732, 328445, 328572, 328582, 328959, 393573, 393684, 396304, 396477, 398203, 399338
+	2914, 3491
 }
 
 # =====================================================================================
diff --git a/tests/live_tests/scenarios/rich_example/configs/RichConfigExampleScenario_BIRD2IPv4/bird2.conf b/tests/live_tests/scenarios/rich_example/configs/RichConfigExampleScenario_BIRD2IPv4/bird2.conf
index c97c4229..fbce6a8d 100644
--- a/tests/live_tests/scenarios/rich_example/configs/RichConfigExampleScenario_BIRD2IPv4/bird2.conf
+++ b/tests/live_tests/scenarios/rich_example/configs/RichConfigExampleScenario_BIRD2IPv4/bird2.conf
@@ -79,10 +79,10 @@ define AS_SET_AS10745_prefixes_4 = [
 
 # ARIN Whois database records
 define ARIN_Whois_db_AS10745_4 = [
-	192.136.136.0/24{24,32}, 	192.149.252.0/24{24,32}, 	199.43.0.0/24{24,32}
+	192.136.136.0/24{24,32}, 	199.43.0.0/24{24,32}, 	192.149.252.0/24{24,32}
 ];
 define ARIN_Whois_db_AS10745_6 = [
-	2001:500:110::/48{48,128}, 	2001:500:4::/48{48,128}
+	2001:500:4::/48{48,128}, 	2001:500:110::/48{48,128}
 ];
 
 
@@ -1916,7 +1916,7 @@ filter receive_from_AS10745_1 {
 
 
 	# AS_PATH: never via route-servers ASNs
-	if bgp_path ~ [92, 174, 278, 680, 714, 1273, 1299, 1955, 2152, 2914, 3257, 3265, 3292, 3320, 3491, 3630, 3754, 5391, 5432, 5511, 6079, 6730, 6805, 6830, 6908, 7155, 7843, 7862, 8075, 8365, 8455, 8607, 8943, 9908, 10013, 11164, 11260, 11290, 11670, 12322, 12353, 12822, 13030, 13032, 14295, 15692, 16509, 17012, 18520, 19237, 20115, 20161, 21396, 23888, 23961, 24282, 24800, 27947, 29169, 30967, 30983, 31764, 33983, 34108, 34209, 34587, 35836, 35900, 36165, 36459, 37271, 37529, 38713, 39326, 39651, 40029, 40063, 43470, 46450, 47377, 47583, 48237, 48265, 48408, 49127, 49910, 49922, 51530, 51630, 53859, 54295, 55244, 57433, 57468, 57866, 58768, 60412, 60757, 61756, 62164, 62567, 62623, 63290, 131398, 131996, 132563, 132829, 132996, 133317, 134022, 135706, 135848, 136106, 136874, 137207, 137610, 138023, 138769, 138953, 139667, 140287, 141091, 141120, 141134, 141140, 141411, 141856, 141892, 142164, 142348, 142369, 146846, 146958, 147059, 149296, 149663, 149826, 201978, 202561, 202793, 206275, 207353, 207484, 208425, 209699, 210030, 210715, 212512, 212539, 212623, 212706, 212953, 213202, 262191, 262888, 263258, 263686, 263801, 263856, 264424, 265337, 265630, 267214, 267442, 267561, 268091, 269156, 269190, 269367, 269512, 269654, 269906, 270407, 270544, 270781, 270828, 271053, 271172, 271200, 272018, 272124, 327732, 328445, 328572, 328582, 328959, 393573, 393684, 396304, 396477, 398203, 399338] then
+	if bgp_path ~ [2914, 3491] then
 	reject "AS_PATH [", bgp_path ,"] contains never via route-servers ASN - REJECTING ", net;
 
 
@@ -2141,7 +2141,7 @@ filter receive_from_AS10745_2 {
 
 
 	# AS_PATH: never via route-servers ASNs
-	if bgp_path ~ [92, 174, 278, 680, 714, 1273, 1299, 1955, 2152, 2914, 3257, 3265, 3292, 3320, 3491, 3630, 3754, 5391, 5432, 5511, 6079, 6730, 6805, 6830, 6908, 7155, 7843, 7862, 8075, 8365, 8455, 8607, 8943, 9908, 10013, 11164, 11260, 11290, 11670, 12322, 12353, 12822, 13030, 13032, 14295, 15692, 16509, 17012, 18520, 19237, 20115, 20161, 21396, 23888, 23961, 24282, 24800, 27947, 29169, 30967, 30983, 31764, 33983, 34108, 34209, 34587, 35836, 35900, 36165, 36459, 37271, 37529, 38713, 39326, 39651, 40029, 40063, 43470, 46450, 47377, 47583, 48237, 48265, 48408, 49127, 49910, 49922, 51530, 51630, 53859, 54295, 55244, 57433, 57468, 57866, 58768, 60412, 60757, 61756, 62164, 62567, 62623, 63290, 131398, 131996, 132563, 132829, 132996, 133317, 134022, 135706, 135848, 136106, 136874, 137207, 137610, 138023, 138769, 138953, 139667, 140287, 141091, 141120, 141134, 141140, 141411, 141856, 141892, 142164, 142348, 142369, 146846, 146958, 147059, 149296, 149663, 149826, 201978, 202561, 202793, 206275, 207353, 207484, 208425, 209699, 210030, 210715, 212512, 212539, 212623, 212706, 212953, 213202, 262191, 262888, 263258, 263686, 263801, 263856, 264424, 265337, 265630, 267214, 267442, 267561, 268091, 269156, 269190, 269367, 269512, 269654, 269906, 270407, 270544, 270781, 270828, 271053, 271172, 271200, 272018, 272124, 327732, 328445, 328572, 328582, 328959, 393573, 393684, 396304, 396477, 398203, 399338] then
+	if bgp_path ~ [2914, 3491] then
 	reject "AS_PATH [", bgp_path ,"] contains never via route-servers ASN - REJECTING ", net;
 
 
@@ -2374,7 +2374,7 @@ filter receive_from_AS3333_1 {
 
 
 	# AS_PATH: never via route-servers ASNs
-	if bgp_path ~ [92, 174, 278, 680, 714, 1273, 1299, 1955, 2152, 2914, 3257, 3265, 3292, 3320, 3491, 3630, 3754, 5391, 5432, 5511, 6079, 6730, 6805, 6830, 6908, 7155, 7843, 7862, 8075, 8365, 8455, 8607, 8943, 9908, 10013, 11164, 11260, 11290, 11670, 12322, 12353, 12822, 13030, 13032, 14295, 15692, 16509, 17012, 18520, 19237, 20115, 20161, 21396, 23888, 23961, 24282, 24800, 27947, 29169, 30967, 30983, 31764, 33983, 34108, 34209, 34587, 35836, 35900, 36165, 36459, 37271, 37529, 38713, 39326, 39651, 40029, 40063, 43470, 46450, 47377, 47583, 48237, 48265, 48408, 49127, 49910, 49922, 51530, 51630, 53859, 54295, 55244, 57433, 57468, 57866, 58768, 60412, 60757, 61756, 62164, 62567, 62623, 63290, 131398, 131996, 132563, 132829, 132996, 133317, 134022, 135706, 135848, 136106, 136874, 137207, 137610, 138023, 138769, 138953, 139667, 140287, 141091, 141120, 141134, 141140, 141411, 141856, 141892, 142164, 142348, 142369, 146846, 146958, 147059, 149296, 149663, 149826, 201978, 202561, 202793, 206275, 207353, 207484, 208425, 209699, 210030, 210715, 212512, 212539, 212623, 212706, 212953, 213202, 262191, 262888, 263258, 263686, 263801, 263856, 264424, 265337, 265630, 267214, 267442, 267561, 268091, 269156, 269190, 269367, 269512, 269654, 269906, 270407, 270544, 270781, 270828, 271053, 271172, 271200, 272018, 272124, 327732, 328445, 328572, 328582, 328959, 393573, 393684, 396304, 396477, 398203, 399338] then
+	if bgp_path ~ [2914, 3491] then
 	reject "AS_PATH [", bgp_path ,"] contains never via route-servers ASN - REJECTING ", net;
 
 
diff --git a/tests/live_tests/scenarios/rich_example/configs/RichConfigExampleScenario_BIRD2IPv6/bird2.conf b/tests/live_tests/scenarios/rich_example/configs/RichConfigExampleScenario_BIRD2IPv6/bird2.conf
index bcc452ef..d1491374 100644
--- a/tests/live_tests/scenarios/rich_example/configs/RichConfigExampleScenario_BIRD2IPv6/bird2.conf
+++ b/tests/live_tests/scenarios/rich_example/configs/RichConfigExampleScenario_BIRD2IPv6/bird2.conf
@@ -79,10 +79,10 @@ define AS_SET_AS10745_prefixes_6 = [
 
 # ARIN Whois database records
 define ARIN_Whois_db_AS10745_4 = [
-	192.136.136.0/24{24,32}, 	192.149.252.0/24{24,32}, 	199.43.0.0/24{24,32}
+	192.136.136.0/24{24,32}, 	199.43.0.0/24{24,32}, 	192.149.252.0/24{24,32}
 ];
 define ARIN_Whois_db_AS10745_6 = [
-	2001:500:110::/48{48,128}, 	2001:500:4::/48{48,128}
+	2001:500:4::/48{48,128}, 	2001:500:110::/48{48,128}
 ];
 
 
@@ -1914,7 +1914,7 @@ filter receive_from_AS10745_1 {
 
 
 	# AS_PATH: never via route-servers ASNs
-	if bgp_path ~ [92, 174, 278, 680, 714, 1273, 1299, 1955, 2152, 2914, 3257, 3265, 3292, 3320, 3491, 3630, 3754, 5391, 5432, 5511, 6079, 6730, 6805, 6830, 6908, 7155, 7843, 7862, 8075, 8365, 8455, 8607, 8943, 9908, 10013, 11164, 11260, 11290, 11670, 12322, 12353, 12822, 13030, 13032, 14295, 15692, 16509, 17012, 18520, 19237, 20115, 20161, 21396, 23888, 23961, 24282, 24800, 27947, 29169, 30967, 30983, 31764, 33983, 34108, 34209, 34587, 35836, 35900, 36165, 36459, 37271, 37529, 38713, 39326, 39651, 40029, 40063, 43470, 46450, 47377, 47583, 48237, 48265, 48408, 49127, 49910, 49922, 51530, 51630, 53859, 54295, 55244, 57433, 57468, 57866, 58768, 60412, 60757, 61756, 62164, 62567, 62623, 63290, 131398, 131996, 132563, 132829, 132996, 133317, 134022, 135706, 135848, 136106, 136874, 137207, 137610, 138023, 138769, 138953, 139667, 140287, 141091, 141120, 141134, 141140, 141411, 141856, 141892, 142164, 142348, 142369, 146846, 146958, 147059, 149296, 149663, 149826, 201978, 202561, 202793, 206275, 207353, 207484, 208425, 209699, 210030, 210715, 212512, 212539, 212623, 212706, 212953, 213202, 262191, 262888, 263258, 263686, 263801, 263856, 264424, 265337, 265630, 267214, 267442, 267561, 268091, 269156, 269190, 269367, 269512, 269654, 269906, 270407, 270544, 270781, 270828, 271053, 271172, 271200, 272018, 272124, 327732, 328445, 328572, 328582, 328959, 393573, 393684, 396304, 396477, 398203, 399338] then
+	if bgp_path ~ [2914, 3491] then
 	reject "AS_PATH [", bgp_path ,"] contains never via route-servers ASN - REJECTING ", net;
 
 
@@ -2141,7 +2141,7 @@ filter receive_from_AS10745_2 {
 
 
 	# AS_PATH: never via route-servers ASNs
-	if bgp_path ~ [92, 174, 278, 680, 714, 1273, 1299, 1955, 2152, 2914, 3257, 3265, 3292, 3320, 3491, 3630, 3754, 5391, 5432, 5511, 6079, 6730, 6805, 6830, 6908, 7155, 7843, 7862, 8075, 8365, 8455, 8607, 8943, 9908, 10013, 11164, 11260, 11290, 11670, 12322, 12353, 12822, 13030, 13032, 14295, 15692, 16509, 17012, 18520, 19237, 20115, 20161, 21396, 23888, 23961, 24282, 24800, 27947, 29169, 30967, 30983, 31764, 33983, 34108, 34209, 34587, 35836, 35900, 36165, 36459, 37271, 37529, 38713, 39326, 39651, 40029, 40063, 43470, 46450, 47377, 47583, 48237, 48265, 48408, 49127, 49910, 49922, 51530, 51630, 53859, 54295, 55244, 57433, 57468, 57866, 58768, 60412, 60757, 61756, 62164, 62567, 62623, 63290, 131398, 131996, 132563, 132829, 132996, 133317, 134022, 135706, 135848, 136106, 136874, 137207, 137610, 138023, 138769, 138953, 139667, 140287, 141091, 141120, 141134, 141140, 141411, 141856, 141892, 142164, 142348, 142369, 146846, 146958, 147059, 149296, 149663, 149826, 201978, 202561, 202793, 206275, 207353, 207484, 208425, 209699, 210030, 210715, 212512, 212539, 212623, 212706, 212953, 213202, 262191, 262888, 263258, 263686, 263801, 263856, 264424, 265337, 265630, 267214, 267442, 267561, 268091, 269156, 269190, 269367, 269512, 269654, 269906, 270407, 270544, 270781, 270828, 271053, 271172, 271200, 272018, 272124, 327732, 328445, 328572, 328582, 328959, 393573, 393684, 396304, 396477, 398203, 399338] then
+	if bgp_path ~ [2914, 3491] then
 	reject "AS_PATH [", bgp_path ,"] contains never via route-servers ASN - REJECTING ", net;
 
 
@@ -2372,7 +2372,7 @@ filter receive_from_AS3333_1 {
 
 
 	# AS_PATH: never via route-servers ASNs
-	if bgp_path ~ [92, 174, 278, 680, 714, 1273, 1299, 1955, 2152, 2914, 3257, 3265, 3292, 3320, 3491, 3630, 3754, 5391, 5432, 5511, 6079, 6730, 6805, 6830, 6908, 7155, 7843, 7862, 8075, 8365, 8455, 8607, 8943, 9908, 10013, 11164, 11260, 11290, 11670, 12322, 12353, 12822, 13030, 13032, 14295, 15692, 16509, 17012, 18520, 19237, 20115, 20161, 21396, 23888, 23961, 24282, 24800, 27947, 29169, 30967, 30983, 31764, 33983, 34108, 34209, 34587, 35836, 35900, 36165, 36459, 37271, 37529, 38713, 39326, 39651, 40029, 40063, 43470, 46450, 47377, 47583, 48237, 48265, 48408, 49127, 49910, 49922, 51530, 51630, 53859, 54295, 55244, 57433, 57468, 57866, 58768, 60412, 60757, 61756, 62164, 62567, 62623, 63290, 131398, 131996, 132563, 132829, 132996, 133317, 134022, 135706, 135848, 136106, 136874, 137207, 137610, 138023, 138769, 138953, 139667, 140287, 141091, 141120, 141134, 141140, 141411, 141856, 141892, 142164, 142348, 142369, 146846, 146958, 147059, 149296, 149663, 149826, 201978, 202561, 202793, 206275, 207353, 207484, 208425, 209699, 210030, 210715, 212512, 212539, 212623, 212706, 212953, 213202, 262191, 262888, 263258, 263686, 263801, 263856, 264424, 265337, 265630, 267214, 267442, 267561, 268091, 269156, 269190, 269367, 269512, 269654, 269906, 270407, 270544, 270781, 270828, 271053, 271172, 271200, 272018, 272124, 327732, 328445, 328572, 328582, 328959, 393573, 393684, 396304, 396477, 398203, 399338] then
+	if bgp_path ~ [2914, 3491] then
 	reject "AS_PATH [", bgp_path ,"] contains never via route-servers ASN - REJECTING ", net;
 
 
diff --git a/tests/live_tests/scenarios/rich_example/configs/RichConfigExampleScenario_BIRDIPv4/bird16.conf b/tests/live_tests/scenarios/rich_example/configs/RichConfigExampleScenario_BIRDIPv4/bird16.conf
index 48940a04..f5c3ff6f 100644
--- a/tests/live_tests/scenarios/rich_example/configs/RichConfigExampleScenario_BIRDIPv4/bird16.conf
+++ b/tests/live_tests/scenarios/rich_example/configs/RichConfigExampleScenario_BIRDIPv4/bird16.conf
@@ -65,7 +65,7 @@ define AS_SET_AS10745_prefixes_4 = [
 
 # ARIN Whois database records
 define ARIN_Whois_db_AS10745_4 = [
-	199.43.0.0/24{24,32}, 	192.136.136.0/24{24,32}, 	192.149.252.0/24{24,32}
+	192.136.136.0/24{24,32}, 	192.149.252.0/24{24,32}, 	199.43.0.0/24{24,32}
 ];
 
 
@@ -1745,7 +1745,7 @@ filter receive_from_AS10745_1 {
 
 
 	# AS_PATH: never via route-servers ASNs
-	if bgp_path ~ [92, 174, 278, 680, 714, 1273, 1299, 1955, 2152, 2914, 3257, 3265, 3292, 3320, 3491, 3630, 3754, 5391, 5432, 5511, 6079, 6730, 6805, 6830, 6908, 7155, 7843, 7862, 8075, 8365, 8455, 8607, 8943, 9908, 10013, 11164, 11260, 11290, 11670, 12322, 12353, 12822, 13030, 13032, 14295, 15692, 16509, 17012, 18520, 19237, 20115, 20161, 21396, 23888, 23961, 24282, 24800, 27947, 29169, 30967, 30983, 31764, 33983, 34108, 34209, 34587, 35836, 35900, 36165, 36459, 37271, 37529, 38713, 39326, 39651, 40029, 40063, 43470, 46450, 47377, 47583, 48237, 48265, 48408, 49127, 49910, 49922, 51530, 51630, 53859, 54295, 55244, 57433, 57468, 57866, 58768, 60412, 60757, 61756, 62164, 62567, 62623, 63290, 131398, 131996, 132563, 132829, 132996, 133317, 134022, 135706, 135848, 136106, 136874, 137207, 137610, 138023, 138769, 138953, 139667, 140287, 141091, 141120, 141134, 141140, 141411, 141856, 141892, 142164, 142348, 142369, 146846, 146958, 147059, 149296, 149663, 149826, 201978, 202561, 202793, 206275, 207353, 207484, 208425, 209699, 210030, 210715, 212512, 212539, 212623, 212706, 212953, 213202, 262191, 262888, 263258, 263686, 263801, 263856, 264424, 265337, 265630, 267214, 267442, 267561, 268091, 269156, 269190, 269367, 269512, 269654, 269906, 270407, 270544, 270781, 270828, 271053, 271172, 271200, 272018, 272124, 327732, 328445, 328572, 328582, 328959, 393573, 393684, 396304, 396477, 398203, 399338] then
+	if bgp_path ~ [2914, 3491] then
 	reject "AS_PATH [", bgp_path ,"] contains never via route-servers ASN - REJECTING ", net;
 
 
@@ -1963,7 +1963,7 @@ filter receive_from_AS3333_1 {
 
 
 	# AS_PATH: never via route-servers ASNs
-	if bgp_path ~ [92, 174, 278, 680, 714, 1273, 1299, 1955, 2152, 2914, 3257, 3265, 3292, 3320, 3491, 3630, 3754, 5391, 5432, 5511, 6079, 6730, 6805, 6830, 6908, 7155, 7843, 7862, 8075, 8365, 8455, 8607, 8943, 9908, 10013, 11164, 11260, 11290, 11670, 12322, 12353, 12822, 13030, 13032, 14295, 15692, 16509, 17012, 18520, 19237, 20115, 20161, 21396, 23888, 23961, 24282, 24800, 27947, 29169, 30967, 30983, 31764, 33983, 34108, 34209, 34587, 35836, 35900, 36165, 36459, 37271, 37529, 38713, 39326, 39651, 40029, 40063, 43470, 46450, 47377, 47583, 48237, 48265, 48408, 49127, 49910, 49922, 51530, 51630, 53859, 54295, 55244, 57433, 57468, 57866, 58768, 60412, 60757, 61756, 62164, 62567, 62623, 63290, 131398, 131996, 132563, 132829, 132996, 133317, 134022, 135706, 135848, 136106, 136874, 137207, 137610, 138023, 138769, 138953, 139667, 140287, 141091, 141120, 141134, 141140, 141411, 141856, 141892, 142164, 142348, 142369, 146846, 146958, 147059, 149296, 149663, 149826, 201978, 202561, 202793, 206275, 207353, 207484, 208425, 209699, 210030, 210715, 212512, 212539, 212623, 212706, 212953, 213202, 262191, 262888, 263258, 263686, 263801, 263856, 264424, 265337, 265630, 267214, 267442, 267561, 268091, 269156, 269190, 269367, 269512, 269654, 269906, 270407, 270544, 270781, 270828, 271053, 271172, 271200, 272018, 272124, 327732, 328445, 328572, 328582, 328959, 393573, 393684, 396304, 396477, 398203, 399338] then
+	if bgp_path ~ [2914, 3491] then
 	reject "AS_PATH [", bgp_path ,"] contains never via route-servers ASN - REJECTING ", net;
 
 
diff --git a/tests/live_tests/scenarios/rich_example/configs/RichConfigExampleScenario_BIRDIPv6/bird16.conf b/tests/live_tests/scenarios/rich_example/configs/RichConfigExampleScenario_BIRDIPv6/bird16.conf
index bf14fcf8..f383ad04 100644
--- a/tests/live_tests/scenarios/rich_example/configs/RichConfigExampleScenario_BIRDIPv6/bird16.conf
+++ b/tests/live_tests/scenarios/rich_example/configs/RichConfigExampleScenario_BIRDIPv6/bird16.conf
@@ -45,7 +45,7 @@ define AS_SET_AS10745_prefixes_6 = [
 
 # ARIN Whois database records
 define ARIN_Whois_db_AS10745_6 = [
-	2001:500:110::/48{48,128}, 	2001:500:4::/48{48,128}
+	2001:500:4::/48{48,128}, 	2001:500:110::/48{48,128}
 ];
 
 
@@ -1772,7 +1772,7 @@ filter receive_from_AS10745_2 {
 
 
 	# AS_PATH: never via route-servers ASNs
-	if bgp_path ~ [92, 174, 278, 680, 714, 1273, 1299, 1955, 2152, 2914, 3257, 3265, 3292, 3320, 3491, 3630, 3754, 5391, 5432, 5511, 6079, 6730, 6805, 6830, 6908, 7155, 7843, 7862, 8075, 8365, 8455, 8607, 8943, 9908, 10013, 11164, 11260, 11290, 11670, 12322, 12353, 12822, 13030, 13032, 14295, 15692, 16509, 17012, 18520, 19237, 20115, 20161, 21396, 23888, 23961, 24282, 24800, 27947, 29169, 30967, 30983, 31764, 33983, 34108, 34209, 34587, 35836, 35900, 36165, 36459, 37271, 37529, 38713, 39326, 39651, 40029, 40063, 43470, 46450, 47377, 47583, 48237, 48265, 48408, 49127, 49910, 49922, 51530, 51630, 53859, 54295, 55244, 57433, 57468, 57866, 58768, 60412, 60757, 61756, 62164, 62567, 62623, 63290, 131398, 131996, 132563, 132829, 132996, 133317, 134022, 135706, 135848, 136106, 136874, 137207, 137610, 138023, 138769, 138953, 139667, 140287, 141091, 141120, 141134, 141140, 141411, 141856, 141892, 142164, 142348, 142369, 146846, 146958, 147059, 149296, 149663, 149826, 201978, 202561, 202793, 206275, 207353, 207484, 208425, 209699, 210030, 210715, 212512, 212539, 212623, 212706, 212953, 213202, 262191, 262888, 263258, 263686, 263801, 263856, 264424, 265337, 265630, 267214, 267442, 267561, 268091, 269156, 269190, 269367, 269512, 269654, 269906, 270407, 270544, 270781, 270828, 271053, 271172, 271200, 272018, 272124, 327732, 328445, 328572, 328582, 328959, 393573, 393684, 396304, 396477, 398203, 399338] then
+	if bgp_path ~ [2914, 3491] then
 	reject "AS_PATH [", bgp_path ,"] contains never via route-servers ASN - REJECTING ", net;
 
 
diff --git a/tests/live_tests/scenarios/rich_example/routes/RichConfigExampleScenarioOpenBGPD_IPv4/openbgpd77p/rs.txt b/tests/live_tests/scenarios/rich_example/routes/RichConfigExampleScenarioOpenBGPD_IPv4/openbgpd77p/rs.txt
new file mode 100644
index 00000000..e69de29b
diff --git a/tests/live_tests/scenarios/rpki_bov_comms/configs/RPKICustomBOVCommunitiesScenario_OpenBGPDPortableLatest_IPv4/openbgpd76p.conf b/tests/live_tests/scenarios/rpki_bov_comms/configs/RPKICustomBOVCommunitiesScenario_OpenBGPDPortableLatest_IPv4/openbgpd76p.conf
new file mode 100644
index 00000000..ca5f2e31
--- /dev/null
+++ b/tests/live_tests/scenarios/rpki_bov_comms/configs/RPKICustomBOVCommunitiesScenario_OpenBGPDPortableLatest_IPv4/openbgpd76p.conf
@@ -0,0 +1,1186 @@
+# built by ARouteServer
+AS 999
+router-id 192.0.2.2
+
+fib-update no
+log updates
+
+nexthop qualify via default
+
+rde evaluate all
+
+INTCOMM_PREF_OK_ROA="soo 65535:1"
+INTCOMM_ROUTE_OK_WL="soo 65535:2"
+INTCOMM_PREF_OK_ARINDB="soo 65535:3"
+INTCOMM_PREF_OK_REGISTROBRDB="soo 65535:12"
+
+INTCOMM_ORIGIN_OK="soo 65535:4"
+INTCOMM_ORIGIN_KO="soo 65535:5"
+INTCOMM_PREFIX_OK="soo 65535:6"
+INTCOMM_PREFIX_KO="soo 65535:7"
+INTCOMM_IRR_REJECT="soo 65535:8"
+
+INTCOMM_RPKI_UNKNOWN="soo 65535:9"
+INTCOMM_RPKI_INVALID="soo 65535:10"
+INTCOMM_RPKI_VALID="soo 65535:11"
+
+INTCOMM_PROCESS_PREPEND_COMMS="soo 65535:13"
+
+INTCOMM_NO_EXPORT="soo 65535:65281"
+INTCOMM_NO_ADVERTISE="soo 65535:65282"
+
+# ---------------------------------------------------------
+# IRRDB
+
+
+
+
+# ---------------------------------------------------------
+# MEMBERS
+
+group "clients" {
+
+	neighbor 192.0.2.11 {
+		remote-as 1
+
+		rde evaluate all
+
+		passive
+		ttl-security no
+		transparent-as yes
+		enforce neighbor-as no
+
+		announce as-4byte yes
+		announce IPv6 none
+		announce IPv4 unicast
+
+		set nexthop no-modify
+	}
+
+	neighbor 2001:db8:1:1::11 {
+		remote-as 1
+
+		rde evaluate all
+
+		passive
+		ttl-security no
+		transparent-as yes
+		enforce neighbor-as no
+
+		announce as-4byte yes
+		announce IPv6 unicast
+		announce IPv4 none
+
+		set nexthop no-modify
+	}
+
+	neighbor 192.0.2.22 {
+		remote-as 2
+
+		rde evaluate all
+
+		passive
+		ttl-security no
+		transparent-as yes
+		enforce neighbor-as no
+
+		announce as-4byte yes
+		announce IPv6 none
+		announce IPv4 unicast
+
+		set nexthop no-modify
+	}
+
+	neighbor 2001:db8:1:1::22 {
+		remote-as 2
+
+		rde evaluate all
+
+		passive
+		ttl-security no
+		transparent-as yes
+		enforce neighbor-as no
+
+		announce as-4byte yes
+		announce IPv6 unicast
+		announce IPv4 none
+
+		set nexthop no-modify
+	}
+
+	neighbor 192.0.2.33 {
+		remote-as 3
+
+		rde evaluate all
+
+		passive
+		ttl-security no
+		transparent-as yes
+		enforce neighbor-as no
+
+		announce as-4byte yes
+		announce IPv6 none
+		announce IPv4 unicast
+
+		set nexthop no-modify
+	}
+
+	neighbor 2001:db8:1:1::33 {
+		remote-as 3
+
+		rde evaluate all
+
+		passive
+		ttl-security no
+		transparent-as yes
+		enforce neighbor-as no
+
+		announce as-4byte yes
+		announce IPv6 unicast
+		announce IPv4 none
+
+		set nexthop no-modify
+	}
+
+	neighbor 192.0.2.44 {
+		remote-as 4
+
+		rde evaluate all
+
+		passive
+		ttl-security no
+		transparent-as yes
+		enforce neighbor-as no
+
+		announce as-4byte yes
+		announce IPv6 none
+		announce IPv4 unicast
+
+		set nexthop no-modify
+	}
+
+	neighbor 2001:db8:1:1::44 {
+		remote-as 4
+
+		rde evaluate all
+
+		passive
+		ttl-security no
+		transparent-as yes
+		enforce neighbor-as no
+
+		announce as-4byte yes
+		announce IPv6 unicast
+		announce IPv4 none
+
+		set nexthop no-modify
+	}
+}
+
+
+
+# ---------------------------------------------------------
+# FILTERS
+
+# NO_ADVERTISE usage notes.
+# The NO_ADVERTISE well-know community is used here to handle
+# filters that span over multiple steps. At first it is added
+# to any route, then it is removed as filters conditions are
+# satisfied. Finally, if it is still present, it means that
+# the route should be discarded.
+
+
+
+
+
+prefix-set "bogons" {
+    0.0.0.0/0
+    0.0.0.0/8 prefixlen 8 - 32
+    10.0.0.0/8 prefixlen 8 - 32
+    127.0.0.0/8 prefixlen 8 - 32
+    169.254.0.0/16 prefixlen 16 - 32
+    172.16.0.0/12 prefixlen 12 - 32
+    192.0.2.0/24 prefixlen 24 - 32
+    192.88.99.0/24 prefixlen 24 - 32
+    192.168.0.0/16 prefixlen 16 - 32
+    198.18.0.0/15 prefixlen 15 - 32
+    198.51.100.0/24 prefixlen 24 - 32
+    203.0.113.0/24 prefixlen 24 - 32
+    224.0.0.0/3 prefixlen 3 - 32
+    100.64.0.0/10 prefixlen 10 - 32
+    ::/0
+    ::/8 prefixlen 8 - 128
+    64:ff9b::/96 prefixlen 96 - 128
+    100::/8 prefixlen 8 - 128
+    200::/7 prefixlen 7 - 128
+    400::/6 prefixlen 6 - 128
+    800::/5 prefixlen 5 - 128
+    1000::/4 prefixlen 4 - 128
+    2001::/33 prefixlen 33 - 128
+    2001:0:8000::/33 prefixlen 33 - 128
+    2001:2::/48 prefixlen 48 - 128
+    2001:3::/32 prefixlen 32 - 128
+    2001:10::/28 prefixlen 28 - 128
+    2001:20::/28 prefixlen 28 - 128
+    2001:db8::/32 prefixlen 32 - 128
+    2002::/16 prefixlen 16 - 128
+    3ffe::/16 prefixlen 16 - 128
+    4000::/3 prefixlen 3 - 128
+    5f00::/8 prefixlen 8 - 128
+    6000::/3 prefixlen 3 - 128
+    8000::/3 prefixlen 3 - 128
+    a000::/3 prefixlen 3 - 128
+    c000::/3 prefixlen 3 - 128
+    e000::/4 prefixlen 4 - 128
+    f000::/5 prefixlen 5 - 128
+    f800::/6 prefixlen 6 - 128
+    fc00::/7 prefixlen 7 - 128
+    fe80::/10 prefixlen 10 - 128
+    fec0::/10 prefixlen 10 - 128
+    ff00::/8 prefixlen 8 - 128
+
+}
+
+
+# =====================================================================================
+# Global rules.
+
+# This part of configuration is processed at the beginning of the filters.
+# The rules defined in this part are applied to all the clients, and not on a
+# client-by-client basis (see the 'match from group clients'), so only global policies
+# can be implemented here, that is no client-level configuration are allowed.
+
+
+
+# Scrub communities from inbound routes
+# rpki_bgp_origin_validation_invalid
+match from group clients set community delete 64512:2
+
+# rpki_bgp_origin_validation_unknown
+match from group clients set community delete 64512:3
+
+# rpki_bgp_origin_validation_valid
+match from group clients set community delete 64512:1
+
+
+# Scrub internal communities from inbound routes
+match from group clients set {
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+# The main goal of this block is to enrich routes received from clients by attaching to them
+# internal informational communities which are used later by the rest of the filter rules.
+
+# Internal communities used for RFC1997 well-known communities handling
+
+# Transform NO_EXPORT into $INTCOMM_NO_EXPORT
+match from group clients community NO_EXPORT set { ext-community $INTCOMM_NO_EXPORT community delete NO_EXPORT }
+
+# Transform NO_ADVERTISE into $INTCOMM_NO_ADVERTISE
+match from group clients community NO_ADVERTISE set { ext-community $INTCOMM_NO_ADVERTISE community delete NO_ADVERTISE }
+
+
+# ---------------------------------------------------------
+# ROAs source
+
+
+roa-set {
+    2.0.128.0/20 maxlen 23 source-as 101
+    3.0.128.0/20 maxlen 23 source-as 103
+    2.0.8.0/24 source-as 101
+    2.0.9.0/24 source-as 102
+    3.0.8.0/24 source-as 103
+    3.0.9.0/24 source-as 102
+    3002:0:8000::/33 maxlen 34 source-as 101
+    3003:0:8000::/33 maxlen 34 source-as 103
+    3002:0:8::/48 source-as 101
+    3002:0:9::/48 source-as 102
+    3003:0:8::/48 source-as 103
+    3003:0:9::/48 source-as 102
+
+}
+
+
+
+# ---------------------------------------------------------
+# RPKI-based Origin Validation
+
+
+# Add $INTCOMM_RPKI_UNKNOWN, $INTCOMM_RPKI_INVALID and $INTCOMM_RPKI_VALID
+# ext community on the basis of ovs.
+match from group clients ovs not-found set {
+    ext-community $INTCOMM_RPKI_UNKNOWN
+    ext-community ovs not-found
+    community 64512:3
+}
+match from group clients ovs valid set {
+    ext-community $INTCOMM_RPKI_VALID
+    ext-community ovs valid
+    community 64512:1
+}
+match from group clients ovs invalid set {
+    ext-community $INTCOMM_RPKI_INVALID
+    ext-community ovs invalid
+    community 64512:2
+}
+
+
+
+
+
+
+
+
+
+
+
+# AS_PATH: length
+# Reject inbound routes when 'from group clients max-as-len 32' - reject code: 1
+deny quick from group clients max-as-len 32
+
+
+
+# Prefix: only IPv6 Global Unicast space allowed
+match from group clients inet6 set community NO_ADVERTISE
+match from group clients prefix 2000::/3 or-longer set community delete NO_ADVERTISE
+# Reject inbound routes when 'from group clients community NO_ADVERTISE' - reject code: 10
+deny quick from group clients community NO_ADVERTISE
+
+
+# Prefix: bogon
+# Reject inbound routes when 'from group clients prefix-set bogons' - reject code: 2
+deny quick from group clients prefix-set bogons
+
+
+
+
+# =====================================================================================
+# Per client rules.
+
+
+# ---------------------------------------------
+# client AS1_1, inbound
+
+
+
+# NEXT_HOP
+match from 192.0.2.11 set community NO_ADVERTISE
+match from 192.0.2.11 nexthop 192.0.2.11 set community delete NO_ADVERTISE
+# Reject inbound routes when 'from 192.0.2.11 community NO_ADVERTISE' - reject code: 5
+deny quick from 192.0.2.11 community NO_ADVERTISE
+
+
+# AS_PATH: left-most ASN
+# Reject inbound routes when 'from 192.0.2.11 peer-as != 1' - reject code: 6
+deny quick from 192.0.2.11 peer-as != 1
+
+
+# AS_PATH: invalid ASNs
+# Reject inbound routes when 'from 192.0.2.11 AS 23456' - reject code: 7
+deny quick from 192.0.2.11 AS 23456
+
+# Reject inbound routes when 'from 192.0.2.11 AS 64496 - 131071' - reject code: 7
+deny quick from 192.0.2.11 AS 64496 - 131071
+
+# Reject inbound routes when 'from 192.0.2.11 AS 4200000000 - 4294967295' - reject code: 7
+deny quick from 192.0.2.11 AS 4200000000 - 4294967295
+
+
+
+
+
+
+
+
+
+
+
+
+# Prefix: length
+# Reject inbound routes when 'from 192.0.2.11 prefix 0.0.0.0/0 prefixlen 8 >< 24' - reject code: 13
+deny quick from 192.0.2.11 prefix 0.0.0.0/0 prefixlen 8 >< 24
+
+
+
+# Remove internal communities before accepting the route
+match from 192.0.2.11 set {
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+
+allow quick from 192.0.2.11
+
+
+
+# ---------------------------------------------
+# client AS1_1, outbound
+
+
+# Blackhole request?
+# No blackhole filtering policy given
+deny quick to 192.0.2.11 community BLACKHOLE
+
+
+# RPKI-based Origin Validation
+# Do not announce INVALID to clients
+deny quick to 192.0.2.11 ext-community $INTCOMM_RPKI_INVALID
+
+# NO_EXPORT and NO_ADVERTISE communities
+
+# BGP control communities
+allow to 192.0.2.11
+
+
+# Add the $INTCOMM_PROCESS_PREPEND_COMMS ext community to signal that communities
+# for prepending can be processed. As soon as one prepending action is performed,
+# this internal community is removed, so that further actions are not processed.
+match to 192.0.2.11 set ext-community $INTCOMM_PROCESS_PREPEND_COMMS
+
+
+
+
+
+# ---------------------------------------------
+# client AS1_2, inbound
+
+
+
+# NEXT_HOP
+match from 2001:db8:1:1::11 set community NO_ADVERTISE
+match from 2001:db8:1:1::11 nexthop 2001:db8:1:1::11 set community delete NO_ADVERTISE
+# Reject inbound routes when 'from 2001:db8:1:1::11 community NO_ADVERTISE' - reject code: 5
+deny quick from 2001:db8:1:1::11 community NO_ADVERTISE
+
+
+# AS_PATH: left-most ASN
+# Reject inbound routes when 'from 2001:db8:1:1::11 peer-as != 1' - reject code: 6
+deny quick from 2001:db8:1:1::11 peer-as != 1
+
+
+# AS_PATH: invalid ASNs
+# Reject inbound routes when 'from 2001:db8:1:1::11 AS 23456' - reject code: 7
+deny quick from 2001:db8:1:1::11 AS 23456
+
+# Reject inbound routes when 'from 2001:db8:1:1::11 AS 64496 - 131071' - reject code: 7
+deny quick from 2001:db8:1:1::11 AS 64496 - 131071
+
+# Reject inbound routes when 'from 2001:db8:1:1::11 AS 4200000000 - 4294967295' - reject code: 7
+deny quick from 2001:db8:1:1::11 AS 4200000000 - 4294967295
+
+
+
+
+
+
+
+
+
+
+
+
+# Prefix: length
+# Reject inbound routes when 'from 2001:db8:1:1::11 prefix ::/0 prefixlen 12 >< 48' - reject code: 13
+deny quick from 2001:db8:1:1::11 prefix ::/0 prefixlen 12 >< 48
+
+
+
+# Remove internal communities before accepting the route
+match from 2001:db8:1:1::11 set {
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+
+allow quick from 2001:db8:1:1::11
+
+
+
+# ---------------------------------------------
+# client AS1_2, outbound
+
+
+# Blackhole request?
+# No blackhole filtering policy given
+deny quick to 2001:db8:1:1::11 community BLACKHOLE
+
+
+# RPKI-based Origin Validation
+# Do not announce INVALID to clients
+deny quick to 2001:db8:1:1::11 ext-community $INTCOMM_RPKI_INVALID
+
+# NO_EXPORT and NO_ADVERTISE communities
+
+# BGP control communities
+allow to 2001:db8:1:1::11
+
+
+# Add the $INTCOMM_PROCESS_PREPEND_COMMS ext community to signal that communities
+# for prepending can be processed. As soon as one prepending action is performed,
+# this internal community is removed, so that further actions are not processed.
+match to 2001:db8:1:1::11 set ext-community $INTCOMM_PROCESS_PREPEND_COMMS
+
+
+
+
+
+# ---------------------------------------------
+# client AS2_1, inbound
+
+
+
+# NEXT_HOP
+match from 192.0.2.22 set community NO_ADVERTISE
+match from 192.0.2.22 nexthop 192.0.2.22 set community delete NO_ADVERTISE
+# Reject inbound routes when 'from 192.0.2.22 community NO_ADVERTISE' - reject code: 5
+deny quick from 192.0.2.22 community NO_ADVERTISE
+
+
+# AS_PATH: left-most ASN
+# Reject inbound routes when 'from 192.0.2.22 peer-as != 2' - reject code: 6
+deny quick from 192.0.2.22 peer-as != 2
+
+
+# AS_PATH: invalid ASNs
+# Reject inbound routes when 'from 192.0.2.22 AS 23456' - reject code: 7
+deny quick from 192.0.2.22 AS 23456
+
+# Reject inbound routes when 'from 192.0.2.22 AS 64496 - 131071' - reject code: 7
+deny quick from 192.0.2.22 AS 64496 - 131071
+
+# Reject inbound routes when 'from 192.0.2.22 AS 4200000000 - 4294967295' - reject code: 7
+deny quick from 192.0.2.22 AS 4200000000 - 4294967295
+
+
+
+
+
+
+
+
+
+
+
+
+# Prefix: length
+# Reject inbound routes when 'from 192.0.2.22 prefix 0.0.0.0/0 prefixlen 8 >< 24' - reject code: 13
+deny quick from 192.0.2.22 prefix 0.0.0.0/0 prefixlen 8 >< 24
+
+
+
+# Remove internal communities before accepting the route
+match from 192.0.2.22 set {
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+
+allow quick from 192.0.2.22
+
+
+
+# ---------------------------------------------
+# client AS2_1, outbound
+
+
+# Blackhole request?
+# No blackhole filtering policy given
+deny quick to 192.0.2.22 community BLACKHOLE
+
+
+# RPKI-based Origin Validation
+# Do not announce INVALID to clients
+deny quick to 192.0.2.22 ext-community $INTCOMM_RPKI_INVALID
+
+# NO_EXPORT and NO_ADVERTISE communities
+
+# BGP control communities
+allow to 192.0.2.22
+
+
+# Add the $INTCOMM_PROCESS_PREPEND_COMMS ext community to signal that communities
+# for prepending can be processed. As soon as one prepending action is performed,
+# this internal community is removed, so that further actions are not processed.
+match to 192.0.2.22 set ext-community $INTCOMM_PROCESS_PREPEND_COMMS
+
+
+
+
+
+# ---------------------------------------------
+# client AS2_2, inbound
+
+
+
+# NEXT_HOP
+match from 2001:db8:1:1::22 set community NO_ADVERTISE
+match from 2001:db8:1:1::22 nexthop 2001:db8:1:1::22 set community delete NO_ADVERTISE
+# Reject inbound routes when 'from 2001:db8:1:1::22 community NO_ADVERTISE' - reject code: 5
+deny quick from 2001:db8:1:1::22 community NO_ADVERTISE
+
+
+# AS_PATH: left-most ASN
+# Reject inbound routes when 'from 2001:db8:1:1::22 peer-as != 2' - reject code: 6
+deny quick from 2001:db8:1:1::22 peer-as != 2
+
+
+# AS_PATH: invalid ASNs
+# Reject inbound routes when 'from 2001:db8:1:1::22 AS 23456' - reject code: 7
+deny quick from 2001:db8:1:1::22 AS 23456
+
+# Reject inbound routes when 'from 2001:db8:1:1::22 AS 64496 - 131071' - reject code: 7
+deny quick from 2001:db8:1:1::22 AS 64496 - 131071
+
+# Reject inbound routes when 'from 2001:db8:1:1::22 AS 4200000000 - 4294967295' - reject code: 7
+deny quick from 2001:db8:1:1::22 AS 4200000000 - 4294967295
+
+
+
+
+
+
+
+
+
+
+
+
+# Prefix: length
+# Reject inbound routes when 'from 2001:db8:1:1::22 prefix ::/0 prefixlen 12 >< 48' - reject code: 13
+deny quick from 2001:db8:1:1::22 prefix ::/0 prefixlen 12 >< 48
+
+
+
+# Remove internal communities before accepting the route
+match from 2001:db8:1:1::22 set {
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+
+allow quick from 2001:db8:1:1::22
+
+
+
+# ---------------------------------------------
+# client AS2_2, outbound
+
+
+# Blackhole request?
+# No blackhole filtering policy given
+deny quick to 2001:db8:1:1::22 community BLACKHOLE
+
+
+# RPKI-based Origin Validation
+# Do not announce INVALID to clients
+deny quick to 2001:db8:1:1::22 ext-community $INTCOMM_RPKI_INVALID
+
+# NO_EXPORT and NO_ADVERTISE communities
+
+# BGP control communities
+allow to 2001:db8:1:1::22
+
+
+# Add the $INTCOMM_PROCESS_PREPEND_COMMS ext community to signal that communities
+# for prepending can be processed. As soon as one prepending action is performed,
+# this internal community is removed, so that further actions are not processed.
+match to 2001:db8:1:1::22 set ext-community $INTCOMM_PROCESS_PREPEND_COMMS
+
+
+
+
+
+# ---------------------------------------------
+# client AS3_1, inbound
+
+
+
+# NEXT_HOP
+match from 192.0.2.33 set community NO_ADVERTISE
+match from 192.0.2.33 nexthop 192.0.2.33 set community delete NO_ADVERTISE
+# Reject inbound routes when 'from 192.0.2.33 community NO_ADVERTISE' - reject code: 5
+deny quick from 192.0.2.33 community NO_ADVERTISE
+
+
+# AS_PATH: left-most ASN
+# Reject inbound routes when 'from 192.0.2.33 peer-as != 3' - reject code: 6
+deny quick from 192.0.2.33 peer-as != 3
+
+
+# AS_PATH: invalid ASNs
+# Reject inbound routes when 'from 192.0.2.33 AS 23456' - reject code: 7
+deny quick from 192.0.2.33 AS 23456
+
+# Reject inbound routes when 'from 192.0.2.33 AS 64496 - 131071' - reject code: 7
+deny quick from 192.0.2.33 AS 64496 - 131071
+
+# Reject inbound routes when 'from 192.0.2.33 AS 4200000000 - 4294967295' - reject code: 7
+deny quick from 192.0.2.33 AS 4200000000 - 4294967295
+
+
+
+
+
+
+
+
+
+
+
+
+# Prefix: length
+# Reject inbound routes when 'from 192.0.2.33 prefix 0.0.0.0/0 prefixlen 8 >< 24' - reject code: 13
+deny quick from 192.0.2.33 prefix 0.0.0.0/0 prefixlen 8 >< 24
+
+
+
+# Remove internal communities before accepting the route
+match from 192.0.2.33 set {
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+
+allow quick from 192.0.2.33
+
+
+
+# ---------------------------------------------
+# client AS3_1, outbound
+
+
+# Blackhole request?
+# No blackhole filtering policy given
+deny quick to 192.0.2.33 community BLACKHOLE
+
+
+# RPKI-based Origin Validation
+# Do not announce INVALID to clients
+deny quick to 192.0.2.33 ext-community $INTCOMM_RPKI_INVALID
+
+# NO_EXPORT and NO_ADVERTISE communities
+
+# BGP control communities
+allow to 192.0.2.33
+
+
+# Add the $INTCOMM_PROCESS_PREPEND_COMMS ext community to signal that communities
+# for prepending can be processed. As soon as one prepending action is performed,
+# this internal community is removed, so that further actions are not processed.
+match to 192.0.2.33 set ext-community $INTCOMM_PROCESS_PREPEND_COMMS
+
+
+
+
+
+# ---------------------------------------------
+# client AS3_2, inbound
+
+
+
+# NEXT_HOP
+match from 2001:db8:1:1::33 set community NO_ADVERTISE
+match from 2001:db8:1:1::33 nexthop 2001:db8:1:1::33 set community delete NO_ADVERTISE
+# Reject inbound routes when 'from 2001:db8:1:1::33 community NO_ADVERTISE' - reject code: 5
+deny quick from 2001:db8:1:1::33 community NO_ADVERTISE
+
+
+# AS_PATH: left-most ASN
+# Reject inbound routes when 'from 2001:db8:1:1::33 peer-as != 3' - reject code: 6
+deny quick from 2001:db8:1:1::33 peer-as != 3
+
+
+# AS_PATH: invalid ASNs
+# Reject inbound routes when 'from 2001:db8:1:1::33 AS 23456' - reject code: 7
+deny quick from 2001:db8:1:1::33 AS 23456
+
+# Reject inbound routes when 'from 2001:db8:1:1::33 AS 64496 - 131071' - reject code: 7
+deny quick from 2001:db8:1:1::33 AS 64496 - 131071
+
+# Reject inbound routes when 'from 2001:db8:1:1::33 AS 4200000000 - 4294967295' - reject code: 7
+deny quick from 2001:db8:1:1::33 AS 4200000000 - 4294967295
+
+
+
+
+
+
+
+
+
+
+
+
+# Prefix: length
+# Reject inbound routes when 'from 2001:db8:1:1::33 prefix ::/0 prefixlen 12 >< 48' - reject code: 13
+deny quick from 2001:db8:1:1::33 prefix ::/0 prefixlen 12 >< 48
+
+
+
+# Remove internal communities before accepting the route
+match from 2001:db8:1:1::33 set {
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+
+allow quick from 2001:db8:1:1::33
+
+
+
+# ---------------------------------------------
+# client AS3_2, outbound
+
+
+# Blackhole request?
+# No blackhole filtering policy given
+deny quick to 2001:db8:1:1::33 community BLACKHOLE
+
+
+# RPKI-based Origin Validation
+# Do not announce INVALID to clients
+deny quick to 2001:db8:1:1::33 ext-community $INTCOMM_RPKI_INVALID
+
+# NO_EXPORT and NO_ADVERTISE communities
+
+# BGP control communities
+allow to 2001:db8:1:1::33
+
+
+# Add the $INTCOMM_PROCESS_PREPEND_COMMS ext community to signal that communities
+# for prepending can be processed. As soon as one prepending action is performed,
+# this internal community is removed, so that further actions are not processed.
+match to 2001:db8:1:1::33 set ext-community $INTCOMM_PROCESS_PREPEND_COMMS
+
+
+
+
+
+# ---------------------------------------------
+# client AS4_1, inbound
+
+
+
+# NEXT_HOP
+match from 192.0.2.44 set community NO_ADVERTISE
+match from 192.0.2.44 nexthop 192.0.2.44 set community delete NO_ADVERTISE
+# Reject inbound routes when 'from 192.0.2.44 community NO_ADVERTISE' - reject code: 5
+deny quick from 192.0.2.44 community NO_ADVERTISE
+
+
+# AS_PATH: left-most ASN
+# Reject inbound routes when 'from 192.0.2.44 peer-as != 4' - reject code: 6
+deny quick from 192.0.2.44 peer-as != 4
+
+
+# AS_PATH: invalid ASNs
+# Reject inbound routes when 'from 192.0.2.44 AS 23456' - reject code: 7
+deny quick from 192.0.2.44 AS 23456
+
+# Reject inbound routes when 'from 192.0.2.44 AS 64496 - 131071' - reject code: 7
+deny quick from 192.0.2.44 AS 64496 - 131071
+
+# Reject inbound routes when 'from 192.0.2.44 AS 4200000000 - 4294967295' - reject code: 7
+deny quick from 192.0.2.44 AS 4200000000 - 4294967295
+
+
+
+
+
+
+
+
+
+
+
+
+# Prefix: length
+# Reject inbound routes when 'from 192.0.2.44 prefix 0.0.0.0/0 prefixlen 8 >< 24' - reject code: 13
+deny quick from 192.0.2.44 prefix 0.0.0.0/0 prefixlen 8 >< 24
+
+
+
+# Remove internal communities before accepting the route
+match from 192.0.2.44 set {
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+
+allow quick from 192.0.2.44
+
+
+
+# ---------------------------------------------
+# client AS4_1, outbound
+
+
+# Blackhole request?
+# No blackhole filtering policy given
+deny quick to 192.0.2.44 community BLACKHOLE
+
+
+# RPKI-based Origin Validation
+# Do not announce INVALID to clients
+deny quick to 192.0.2.44 ext-community $INTCOMM_RPKI_INVALID
+
+# NO_EXPORT and NO_ADVERTISE communities
+
+# BGP control communities
+allow to 192.0.2.44
+
+
+# Add the $INTCOMM_PROCESS_PREPEND_COMMS ext community to signal that communities
+# for prepending can be processed. As soon as one prepending action is performed,
+# this internal community is removed, so that further actions are not processed.
+match to 192.0.2.44 set ext-community $INTCOMM_PROCESS_PREPEND_COMMS
+
+
+
+
+
+# ---------------------------------------------
+# client AS4_2, inbound
+
+
+
+# NEXT_HOP
+match from 2001:db8:1:1::44 set community NO_ADVERTISE
+match from 2001:db8:1:1::44 nexthop 2001:db8:1:1::44 set community delete NO_ADVERTISE
+# Reject inbound routes when 'from 2001:db8:1:1::44 community NO_ADVERTISE' - reject code: 5
+deny quick from 2001:db8:1:1::44 community NO_ADVERTISE
+
+
+# AS_PATH: left-most ASN
+# Reject inbound routes when 'from 2001:db8:1:1::44 peer-as != 4' - reject code: 6
+deny quick from 2001:db8:1:1::44 peer-as != 4
+
+
+# AS_PATH: invalid ASNs
+# Reject inbound routes when 'from 2001:db8:1:1::44 AS 23456' - reject code: 7
+deny quick from 2001:db8:1:1::44 AS 23456
+
+# Reject inbound routes when 'from 2001:db8:1:1::44 AS 64496 - 131071' - reject code: 7
+deny quick from 2001:db8:1:1::44 AS 64496 - 131071
+
+# Reject inbound routes when 'from 2001:db8:1:1::44 AS 4200000000 - 4294967295' - reject code: 7
+deny quick from 2001:db8:1:1::44 AS 4200000000 - 4294967295
+
+
+
+
+
+
+
+
+
+
+
+
+# Prefix: length
+# Reject inbound routes when 'from 2001:db8:1:1::44 prefix ::/0 prefixlen 12 >< 48' - reject code: 13
+deny quick from 2001:db8:1:1::44 prefix ::/0 prefixlen 12 >< 48
+
+
+
+# Remove internal communities before accepting the route
+match from 2001:db8:1:1::44 set {
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+
+allow quick from 2001:db8:1:1::44
+
+
+
+# ---------------------------------------------
+# client AS4_2, outbound
+
+
+# Blackhole request?
+# No blackhole filtering policy given
+deny quick to 2001:db8:1:1::44 community BLACKHOLE
+
+
+# RPKI-based Origin Validation
+# Do not announce INVALID to clients
+deny quick to 2001:db8:1:1::44 ext-community $INTCOMM_RPKI_INVALID
+
+# NO_EXPORT and NO_ADVERTISE communities
+
+# BGP control communities
+allow to 2001:db8:1:1::44
+
+
+# Add the $INTCOMM_PROCESS_PREPEND_COMMS ext community to signal that communities
+# for prepending can be processed. As soon as one prepending action is performed,
+# this internal community is removed, so that further actions are not processed.
+match to 2001:db8:1:1::44 set ext-community $INTCOMM_PROCESS_PREPEND_COMMS
+
+
+
+
+
+
+
+# Scrub communities from outbound routes
+# rpki_bgp_origin_validation_invalid
+match to group clients set community delete 64512:2
+
+# rpki_bgp_origin_validation_unknown
+match to group clients set community delete 64512:3
+
+# rpki_bgp_origin_validation_valid
+match to group clients set community delete 64512:1
+
+
+# Scrub prepending communities
+
+
+# RFC1997 NO_EXPORT/NO_ADVERTISE received from clients and propagated because of pass-through policy
+match to group clients ext-community $INTCOMM_NO_EXPORT set community NO_EXPORT
+match to group clients ext-community $INTCOMM_NO_ADVERTISE set community NO_ADVERTISE
+
+# Remove internal communities before announcing the route
+match to group clients set {
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
diff --git a/tests/live_tests/scenarios/rpki_bov_comms/configs/RPKICustomBOVCommunitiesScenario_OpenBGPDPortableLatest_IPv4/openbgpd77p.conf b/tests/live_tests/scenarios/rpki_bov_comms/configs/RPKICustomBOVCommunitiesScenario_OpenBGPDPortableLatest_IPv4/openbgpd77p.conf
new file mode 100644
index 00000000..ca5f2e31
--- /dev/null
+++ b/tests/live_tests/scenarios/rpki_bov_comms/configs/RPKICustomBOVCommunitiesScenario_OpenBGPDPortableLatest_IPv4/openbgpd77p.conf
@@ -0,0 +1,1186 @@
+# built by ARouteServer
+AS 999
+router-id 192.0.2.2
+
+fib-update no
+log updates
+
+nexthop qualify via default
+
+rde evaluate all
+
+INTCOMM_PREF_OK_ROA="soo 65535:1"
+INTCOMM_ROUTE_OK_WL="soo 65535:2"
+INTCOMM_PREF_OK_ARINDB="soo 65535:3"
+INTCOMM_PREF_OK_REGISTROBRDB="soo 65535:12"
+
+INTCOMM_ORIGIN_OK="soo 65535:4"
+INTCOMM_ORIGIN_KO="soo 65535:5"
+INTCOMM_PREFIX_OK="soo 65535:6"
+INTCOMM_PREFIX_KO="soo 65535:7"
+INTCOMM_IRR_REJECT="soo 65535:8"
+
+INTCOMM_RPKI_UNKNOWN="soo 65535:9"
+INTCOMM_RPKI_INVALID="soo 65535:10"
+INTCOMM_RPKI_VALID="soo 65535:11"
+
+INTCOMM_PROCESS_PREPEND_COMMS="soo 65535:13"
+
+INTCOMM_NO_EXPORT="soo 65535:65281"
+INTCOMM_NO_ADVERTISE="soo 65535:65282"
+
+# ---------------------------------------------------------
+# IRRDB
+
+
+
+
+# ---------------------------------------------------------
+# MEMBERS
+
+group "clients" {
+
+	neighbor 192.0.2.11 {
+		remote-as 1
+
+		rde evaluate all
+
+		passive
+		ttl-security no
+		transparent-as yes
+		enforce neighbor-as no
+
+		announce as-4byte yes
+		announce IPv6 none
+		announce IPv4 unicast
+
+		set nexthop no-modify
+	}
+
+	neighbor 2001:db8:1:1::11 {
+		remote-as 1
+
+		rde evaluate all
+
+		passive
+		ttl-security no
+		transparent-as yes
+		enforce neighbor-as no
+
+		announce as-4byte yes
+		announce IPv6 unicast
+		announce IPv4 none
+
+		set nexthop no-modify
+	}
+
+	neighbor 192.0.2.22 {
+		remote-as 2
+
+		rde evaluate all
+
+		passive
+		ttl-security no
+		transparent-as yes
+		enforce neighbor-as no
+
+		announce as-4byte yes
+		announce IPv6 none
+		announce IPv4 unicast
+
+		set nexthop no-modify
+	}
+
+	neighbor 2001:db8:1:1::22 {
+		remote-as 2
+
+		rde evaluate all
+
+		passive
+		ttl-security no
+		transparent-as yes
+		enforce neighbor-as no
+
+		announce as-4byte yes
+		announce IPv6 unicast
+		announce IPv4 none
+
+		set nexthop no-modify
+	}
+
+	neighbor 192.0.2.33 {
+		remote-as 3
+
+		rde evaluate all
+
+		passive
+		ttl-security no
+		transparent-as yes
+		enforce neighbor-as no
+
+		announce as-4byte yes
+		announce IPv6 none
+		announce IPv4 unicast
+
+		set nexthop no-modify
+	}
+
+	neighbor 2001:db8:1:1::33 {
+		remote-as 3
+
+		rde evaluate all
+
+		passive
+		ttl-security no
+		transparent-as yes
+		enforce neighbor-as no
+
+		announce as-4byte yes
+		announce IPv6 unicast
+		announce IPv4 none
+
+		set nexthop no-modify
+	}
+
+	neighbor 192.0.2.44 {
+		remote-as 4
+
+		rde evaluate all
+
+		passive
+		ttl-security no
+		transparent-as yes
+		enforce neighbor-as no
+
+		announce as-4byte yes
+		announce IPv6 none
+		announce IPv4 unicast
+
+		set nexthop no-modify
+	}
+
+	neighbor 2001:db8:1:1::44 {
+		remote-as 4
+
+		rde evaluate all
+
+		passive
+		ttl-security no
+		transparent-as yes
+		enforce neighbor-as no
+
+		announce as-4byte yes
+		announce IPv6 unicast
+		announce IPv4 none
+
+		set nexthop no-modify
+	}
+}
+
+
+
+# ---------------------------------------------------------
+# FILTERS
+
+# NO_ADVERTISE usage notes.
+# The NO_ADVERTISE well-know community is used here to handle
+# filters that span over multiple steps. At first it is added
+# to any route, then it is removed as filters conditions are
+# satisfied. Finally, if it is still present, it means that
+# the route should be discarded.
+
+
+
+
+
+prefix-set "bogons" {
+    0.0.0.0/0
+    0.0.0.0/8 prefixlen 8 - 32
+    10.0.0.0/8 prefixlen 8 - 32
+    127.0.0.0/8 prefixlen 8 - 32
+    169.254.0.0/16 prefixlen 16 - 32
+    172.16.0.0/12 prefixlen 12 - 32
+    192.0.2.0/24 prefixlen 24 - 32
+    192.88.99.0/24 prefixlen 24 - 32
+    192.168.0.0/16 prefixlen 16 - 32
+    198.18.0.0/15 prefixlen 15 - 32
+    198.51.100.0/24 prefixlen 24 - 32
+    203.0.113.0/24 prefixlen 24 - 32
+    224.0.0.0/3 prefixlen 3 - 32
+    100.64.0.0/10 prefixlen 10 - 32
+    ::/0
+    ::/8 prefixlen 8 - 128
+    64:ff9b::/96 prefixlen 96 - 128
+    100::/8 prefixlen 8 - 128
+    200::/7 prefixlen 7 - 128
+    400::/6 prefixlen 6 - 128
+    800::/5 prefixlen 5 - 128
+    1000::/4 prefixlen 4 - 128
+    2001::/33 prefixlen 33 - 128
+    2001:0:8000::/33 prefixlen 33 - 128
+    2001:2::/48 prefixlen 48 - 128
+    2001:3::/32 prefixlen 32 - 128
+    2001:10::/28 prefixlen 28 - 128
+    2001:20::/28 prefixlen 28 - 128
+    2001:db8::/32 prefixlen 32 - 128
+    2002::/16 prefixlen 16 - 128
+    3ffe::/16 prefixlen 16 - 128
+    4000::/3 prefixlen 3 - 128
+    5f00::/8 prefixlen 8 - 128
+    6000::/3 prefixlen 3 - 128
+    8000::/3 prefixlen 3 - 128
+    a000::/3 prefixlen 3 - 128
+    c000::/3 prefixlen 3 - 128
+    e000::/4 prefixlen 4 - 128
+    f000::/5 prefixlen 5 - 128
+    f800::/6 prefixlen 6 - 128
+    fc00::/7 prefixlen 7 - 128
+    fe80::/10 prefixlen 10 - 128
+    fec0::/10 prefixlen 10 - 128
+    ff00::/8 prefixlen 8 - 128
+
+}
+
+
+# =====================================================================================
+# Global rules.
+
+# This part of configuration is processed at the beginning of the filters.
+# The rules defined in this part are applied to all the clients, and not on a
+# client-by-client basis (see the 'match from group clients'), so only global policies
+# can be implemented here, that is no client-level configuration are allowed.
+
+
+
+# Scrub communities from inbound routes
+# rpki_bgp_origin_validation_invalid
+match from group clients set community delete 64512:2
+
+# rpki_bgp_origin_validation_unknown
+match from group clients set community delete 64512:3
+
+# rpki_bgp_origin_validation_valid
+match from group clients set community delete 64512:1
+
+
+# Scrub internal communities from inbound routes
+match from group clients set {
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+# The main goal of this block is to enrich routes received from clients by attaching to them
+# internal informational communities which are used later by the rest of the filter rules.
+
+# Internal communities used for RFC1997 well-known communities handling
+
+# Transform NO_EXPORT into $INTCOMM_NO_EXPORT
+match from group clients community NO_EXPORT set { ext-community $INTCOMM_NO_EXPORT community delete NO_EXPORT }
+
+# Transform NO_ADVERTISE into $INTCOMM_NO_ADVERTISE
+match from group clients community NO_ADVERTISE set { ext-community $INTCOMM_NO_ADVERTISE community delete NO_ADVERTISE }
+
+
+# ---------------------------------------------------------
+# ROAs source
+
+
+roa-set {
+    2.0.128.0/20 maxlen 23 source-as 101
+    3.0.128.0/20 maxlen 23 source-as 103
+    2.0.8.0/24 source-as 101
+    2.0.9.0/24 source-as 102
+    3.0.8.0/24 source-as 103
+    3.0.9.0/24 source-as 102
+    3002:0:8000::/33 maxlen 34 source-as 101
+    3003:0:8000::/33 maxlen 34 source-as 103
+    3002:0:8::/48 source-as 101
+    3002:0:9::/48 source-as 102
+    3003:0:8::/48 source-as 103
+    3003:0:9::/48 source-as 102
+
+}
+
+
+
+# ---------------------------------------------------------
+# RPKI-based Origin Validation
+
+
+# Add $INTCOMM_RPKI_UNKNOWN, $INTCOMM_RPKI_INVALID and $INTCOMM_RPKI_VALID
+# ext community on the basis of ovs.
+match from group clients ovs not-found set {
+    ext-community $INTCOMM_RPKI_UNKNOWN
+    ext-community ovs not-found
+    community 64512:3
+}
+match from group clients ovs valid set {
+    ext-community $INTCOMM_RPKI_VALID
+    ext-community ovs valid
+    community 64512:1
+}
+match from group clients ovs invalid set {
+    ext-community $INTCOMM_RPKI_INVALID
+    ext-community ovs invalid
+    community 64512:2
+}
+
+
+
+
+
+
+
+
+
+
+
+# AS_PATH: length
+# Reject inbound routes when 'from group clients max-as-len 32' - reject code: 1
+deny quick from group clients max-as-len 32
+
+
+
+# Prefix: only IPv6 Global Unicast space allowed
+match from group clients inet6 set community NO_ADVERTISE
+match from group clients prefix 2000::/3 or-longer set community delete NO_ADVERTISE
+# Reject inbound routes when 'from group clients community NO_ADVERTISE' - reject code: 10
+deny quick from group clients community NO_ADVERTISE
+
+
+# Prefix: bogon
+# Reject inbound routes when 'from group clients prefix-set bogons' - reject code: 2
+deny quick from group clients prefix-set bogons
+
+
+
+
+# =====================================================================================
+# Per client rules.
+
+
+# ---------------------------------------------
+# client AS1_1, inbound
+
+
+
+# NEXT_HOP
+match from 192.0.2.11 set community NO_ADVERTISE
+match from 192.0.2.11 nexthop 192.0.2.11 set community delete NO_ADVERTISE
+# Reject inbound routes when 'from 192.0.2.11 community NO_ADVERTISE' - reject code: 5
+deny quick from 192.0.2.11 community NO_ADVERTISE
+
+
+# AS_PATH: left-most ASN
+# Reject inbound routes when 'from 192.0.2.11 peer-as != 1' - reject code: 6
+deny quick from 192.0.2.11 peer-as != 1
+
+
+# AS_PATH: invalid ASNs
+# Reject inbound routes when 'from 192.0.2.11 AS 23456' - reject code: 7
+deny quick from 192.0.2.11 AS 23456
+
+# Reject inbound routes when 'from 192.0.2.11 AS 64496 - 131071' - reject code: 7
+deny quick from 192.0.2.11 AS 64496 - 131071
+
+# Reject inbound routes when 'from 192.0.2.11 AS 4200000000 - 4294967295' - reject code: 7
+deny quick from 192.0.2.11 AS 4200000000 - 4294967295
+
+
+
+
+
+
+
+
+
+
+
+
+# Prefix: length
+# Reject inbound routes when 'from 192.0.2.11 prefix 0.0.0.0/0 prefixlen 8 >< 24' - reject code: 13
+deny quick from 192.0.2.11 prefix 0.0.0.0/0 prefixlen 8 >< 24
+
+
+
+# Remove internal communities before accepting the route
+match from 192.0.2.11 set {
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+
+allow quick from 192.0.2.11
+
+
+
+# ---------------------------------------------
+# client AS1_1, outbound
+
+
+# Blackhole request?
+# No blackhole filtering policy given
+deny quick to 192.0.2.11 community BLACKHOLE
+
+
+# RPKI-based Origin Validation
+# Do not announce INVALID to clients
+deny quick to 192.0.2.11 ext-community $INTCOMM_RPKI_INVALID
+
+# NO_EXPORT and NO_ADVERTISE communities
+
+# BGP control communities
+allow to 192.0.2.11
+
+
+# Add the $INTCOMM_PROCESS_PREPEND_COMMS ext community to signal that communities
+# for prepending can be processed. As soon as one prepending action is performed,
+# this internal community is removed, so that further actions are not processed.
+match to 192.0.2.11 set ext-community $INTCOMM_PROCESS_PREPEND_COMMS
+
+
+
+
+
+# ---------------------------------------------
+# client AS1_2, inbound
+
+
+
+# NEXT_HOP
+match from 2001:db8:1:1::11 set community NO_ADVERTISE
+match from 2001:db8:1:1::11 nexthop 2001:db8:1:1::11 set community delete NO_ADVERTISE
+# Reject inbound routes when 'from 2001:db8:1:1::11 community NO_ADVERTISE' - reject code: 5
+deny quick from 2001:db8:1:1::11 community NO_ADVERTISE
+
+
+# AS_PATH: left-most ASN
+# Reject inbound routes when 'from 2001:db8:1:1::11 peer-as != 1' - reject code: 6
+deny quick from 2001:db8:1:1::11 peer-as != 1
+
+
+# AS_PATH: invalid ASNs
+# Reject inbound routes when 'from 2001:db8:1:1::11 AS 23456' - reject code: 7
+deny quick from 2001:db8:1:1::11 AS 23456
+
+# Reject inbound routes when 'from 2001:db8:1:1::11 AS 64496 - 131071' - reject code: 7
+deny quick from 2001:db8:1:1::11 AS 64496 - 131071
+
+# Reject inbound routes when 'from 2001:db8:1:1::11 AS 4200000000 - 4294967295' - reject code: 7
+deny quick from 2001:db8:1:1::11 AS 4200000000 - 4294967295
+
+
+
+
+
+
+
+
+
+
+
+
+# Prefix: length
+# Reject inbound routes when 'from 2001:db8:1:1::11 prefix ::/0 prefixlen 12 >< 48' - reject code: 13
+deny quick from 2001:db8:1:1::11 prefix ::/0 prefixlen 12 >< 48
+
+
+
+# Remove internal communities before accepting the route
+match from 2001:db8:1:1::11 set {
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+
+allow quick from 2001:db8:1:1::11
+
+
+
+# ---------------------------------------------
+# client AS1_2, outbound
+
+
+# Blackhole request?
+# No blackhole filtering policy given
+deny quick to 2001:db8:1:1::11 community BLACKHOLE
+
+
+# RPKI-based Origin Validation
+# Do not announce INVALID to clients
+deny quick to 2001:db8:1:1::11 ext-community $INTCOMM_RPKI_INVALID
+
+# NO_EXPORT and NO_ADVERTISE communities
+
+# BGP control communities
+allow to 2001:db8:1:1::11
+
+
+# Add the $INTCOMM_PROCESS_PREPEND_COMMS ext community to signal that communities
+# for prepending can be processed. As soon as one prepending action is performed,
+# this internal community is removed, so that further actions are not processed.
+match to 2001:db8:1:1::11 set ext-community $INTCOMM_PROCESS_PREPEND_COMMS
+
+
+
+
+
+# ---------------------------------------------
+# client AS2_1, inbound
+
+
+
+# NEXT_HOP
+match from 192.0.2.22 set community NO_ADVERTISE
+match from 192.0.2.22 nexthop 192.0.2.22 set community delete NO_ADVERTISE
+# Reject inbound routes when 'from 192.0.2.22 community NO_ADVERTISE' - reject code: 5
+deny quick from 192.0.2.22 community NO_ADVERTISE
+
+
+# AS_PATH: left-most ASN
+# Reject inbound routes when 'from 192.0.2.22 peer-as != 2' - reject code: 6
+deny quick from 192.0.2.22 peer-as != 2
+
+
+# AS_PATH: invalid ASNs
+# Reject inbound routes when 'from 192.0.2.22 AS 23456' - reject code: 7
+deny quick from 192.0.2.22 AS 23456
+
+# Reject inbound routes when 'from 192.0.2.22 AS 64496 - 131071' - reject code: 7
+deny quick from 192.0.2.22 AS 64496 - 131071
+
+# Reject inbound routes when 'from 192.0.2.22 AS 4200000000 - 4294967295' - reject code: 7
+deny quick from 192.0.2.22 AS 4200000000 - 4294967295
+
+
+
+
+
+
+
+
+
+
+
+
+# Prefix: length
+# Reject inbound routes when 'from 192.0.2.22 prefix 0.0.0.0/0 prefixlen 8 >< 24' - reject code: 13
+deny quick from 192.0.2.22 prefix 0.0.0.0/0 prefixlen 8 >< 24
+
+
+
+# Remove internal communities before accepting the route
+match from 192.0.2.22 set {
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+
+allow quick from 192.0.2.22
+
+
+
+# ---------------------------------------------
+# client AS2_1, outbound
+
+
+# Blackhole request?
+# No blackhole filtering policy given
+deny quick to 192.0.2.22 community BLACKHOLE
+
+
+# RPKI-based Origin Validation
+# Do not announce INVALID to clients
+deny quick to 192.0.2.22 ext-community $INTCOMM_RPKI_INVALID
+
+# NO_EXPORT and NO_ADVERTISE communities
+
+# BGP control communities
+allow to 192.0.2.22
+
+
+# Add the $INTCOMM_PROCESS_PREPEND_COMMS ext community to signal that communities
+# for prepending can be processed. As soon as one prepending action is performed,
+# this internal community is removed, so that further actions are not processed.
+match to 192.0.2.22 set ext-community $INTCOMM_PROCESS_PREPEND_COMMS
+
+
+
+
+
+# ---------------------------------------------
+# client AS2_2, inbound
+
+
+
+# NEXT_HOP
+match from 2001:db8:1:1::22 set community NO_ADVERTISE
+match from 2001:db8:1:1::22 nexthop 2001:db8:1:1::22 set community delete NO_ADVERTISE
+# Reject inbound routes when 'from 2001:db8:1:1::22 community NO_ADVERTISE' - reject code: 5
+deny quick from 2001:db8:1:1::22 community NO_ADVERTISE
+
+
+# AS_PATH: left-most ASN
+# Reject inbound routes when 'from 2001:db8:1:1::22 peer-as != 2' - reject code: 6
+deny quick from 2001:db8:1:1::22 peer-as != 2
+
+
+# AS_PATH: invalid ASNs
+# Reject inbound routes when 'from 2001:db8:1:1::22 AS 23456' - reject code: 7
+deny quick from 2001:db8:1:1::22 AS 23456
+
+# Reject inbound routes when 'from 2001:db8:1:1::22 AS 64496 - 131071' - reject code: 7
+deny quick from 2001:db8:1:1::22 AS 64496 - 131071
+
+# Reject inbound routes when 'from 2001:db8:1:1::22 AS 4200000000 - 4294967295' - reject code: 7
+deny quick from 2001:db8:1:1::22 AS 4200000000 - 4294967295
+
+
+
+
+
+
+
+
+
+
+
+
+# Prefix: length
+# Reject inbound routes when 'from 2001:db8:1:1::22 prefix ::/0 prefixlen 12 >< 48' - reject code: 13
+deny quick from 2001:db8:1:1::22 prefix ::/0 prefixlen 12 >< 48
+
+
+
+# Remove internal communities before accepting the route
+match from 2001:db8:1:1::22 set {
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+
+allow quick from 2001:db8:1:1::22
+
+
+
+# ---------------------------------------------
+# client AS2_2, outbound
+
+
+# Blackhole request?
+# No blackhole filtering policy given
+deny quick to 2001:db8:1:1::22 community BLACKHOLE
+
+
+# RPKI-based Origin Validation
+# Do not announce INVALID to clients
+deny quick to 2001:db8:1:1::22 ext-community $INTCOMM_RPKI_INVALID
+
+# NO_EXPORT and NO_ADVERTISE communities
+
+# BGP control communities
+allow to 2001:db8:1:1::22
+
+
+# Add the $INTCOMM_PROCESS_PREPEND_COMMS ext community to signal that communities
+# for prepending can be processed. As soon as one prepending action is performed,
+# this internal community is removed, so that further actions are not processed.
+match to 2001:db8:1:1::22 set ext-community $INTCOMM_PROCESS_PREPEND_COMMS
+
+
+
+
+
+# ---------------------------------------------
+# client AS3_1, inbound
+
+
+
+# NEXT_HOP
+match from 192.0.2.33 set community NO_ADVERTISE
+match from 192.0.2.33 nexthop 192.0.2.33 set community delete NO_ADVERTISE
+# Reject inbound routes when 'from 192.0.2.33 community NO_ADVERTISE' - reject code: 5
+deny quick from 192.0.2.33 community NO_ADVERTISE
+
+
+# AS_PATH: left-most ASN
+# Reject inbound routes when 'from 192.0.2.33 peer-as != 3' - reject code: 6
+deny quick from 192.0.2.33 peer-as != 3
+
+
+# AS_PATH: invalid ASNs
+# Reject inbound routes when 'from 192.0.2.33 AS 23456' - reject code: 7
+deny quick from 192.0.2.33 AS 23456
+
+# Reject inbound routes when 'from 192.0.2.33 AS 64496 - 131071' - reject code: 7
+deny quick from 192.0.2.33 AS 64496 - 131071
+
+# Reject inbound routes when 'from 192.0.2.33 AS 4200000000 - 4294967295' - reject code: 7
+deny quick from 192.0.2.33 AS 4200000000 - 4294967295
+
+
+
+
+
+
+
+
+
+
+
+
+# Prefix: length
+# Reject inbound routes when 'from 192.0.2.33 prefix 0.0.0.0/0 prefixlen 8 >< 24' - reject code: 13
+deny quick from 192.0.2.33 prefix 0.0.0.0/0 prefixlen 8 >< 24
+
+
+
+# Remove internal communities before accepting the route
+match from 192.0.2.33 set {
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+
+allow quick from 192.0.2.33
+
+
+
+# ---------------------------------------------
+# client AS3_1, outbound
+
+
+# Blackhole request?
+# No blackhole filtering policy given
+deny quick to 192.0.2.33 community BLACKHOLE
+
+
+# RPKI-based Origin Validation
+# Do not announce INVALID to clients
+deny quick to 192.0.2.33 ext-community $INTCOMM_RPKI_INVALID
+
+# NO_EXPORT and NO_ADVERTISE communities
+
+# BGP control communities
+allow to 192.0.2.33
+
+
+# Add the $INTCOMM_PROCESS_PREPEND_COMMS ext community to signal that communities
+# for prepending can be processed. As soon as one prepending action is performed,
+# this internal community is removed, so that further actions are not processed.
+match to 192.0.2.33 set ext-community $INTCOMM_PROCESS_PREPEND_COMMS
+
+
+
+
+
+# ---------------------------------------------
+# client AS3_2, inbound
+
+
+
+# NEXT_HOP
+match from 2001:db8:1:1::33 set community NO_ADVERTISE
+match from 2001:db8:1:1::33 nexthop 2001:db8:1:1::33 set community delete NO_ADVERTISE
+# Reject inbound routes when 'from 2001:db8:1:1::33 community NO_ADVERTISE' - reject code: 5
+deny quick from 2001:db8:1:1::33 community NO_ADVERTISE
+
+
+# AS_PATH: left-most ASN
+# Reject inbound routes when 'from 2001:db8:1:1::33 peer-as != 3' - reject code: 6
+deny quick from 2001:db8:1:1::33 peer-as != 3
+
+
+# AS_PATH: invalid ASNs
+# Reject inbound routes when 'from 2001:db8:1:1::33 AS 23456' - reject code: 7
+deny quick from 2001:db8:1:1::33 AS 23456
+
+# Reject inbound routes when 'from 2001:db8:1:1::33 AS 64496 - 131071' - reject code: 7
+deny quick from 2001:db8:1:1::33 AS 64496 - 131071
+
+# Reject inbound routes when 'from 2001:db8:1:1::33 AS 4200000000 - 4294967295' - reject code: 7
+deny quick from 2001:db8:1:1::33 AS 4200000000 - 4294967295
+
+
+
+
+
+
+
+
+
+
+
+
+# Prefix: length
+# Reject inbound routes when 'from 2001:db8:1:1::33 prefix ::/0 prefixlen 12 >< 48' - reject code: 13
+deny quick from 2001:db8:1:1::33 prefix ::/0 prefixlen 12 >< 48
+
+
+
+# Remove internal communities before accepting the route
+match from 2001:db8:1:1::33 set {
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+
+allow quick from 2001:db8:1:1::33
+
+
+
+# ---------------------------------------------
+# client AS3_2, outbound
+
+
+# Blackhole request?
+# No blackhole filtering policy given
+deny quick to 2001:db8:1:1::33 community BLACKHOLE
+
+
+# RPKI-based Origin Validation
+# Do not announce INVALID to clients
+deny quick to 2001:db8:1:1::33 ext-community $INTCOMM_RPKI_INVALID
+
+# NO_EXPORT and NO_ADVERTISE communities
+
+# BGP control communities
+allow to 2001:db8:1:1::33
+
+
+# Add the $INTCOMM_PROCESS_PREPEND_COMMS ext community to signal that communities
+# for prepending can be processed. As soon as one prepending action is performed,
+# this internal community is removed, so that further actions are not processed.
+match to 2001:db8:1:1::33 set ext-community $INTCOMM_PROCESS_PREPEND_COMMS
+
+
+
+
+
+# ---------------------------------------------
+# client AS4_1, inbound
+
+
+
+# NEXT_HOP
+match from 192.0.2.44 set community NO_ADVERTISE
+match from 192.0.2.44 nexthop 192.0.2.44 set community delete NO_ADVERTISE
+# Reject inbound routes when 'from 192.0.2.44 community NO_ADVERTISE' - reject code: 5
+deny quick from 192.0.2.44 community NO_ADVERTISE
+
+
+# AS_PATH: left-most ASN
+# Reject inbound routes when 'from 192.0.2.44 peer-as != 4' - reject code: 6
+deny quick from 192.0.2.44 peer-as != 4
+
+
+# AS_PATH: invalid ASNs
+# Reject inbound routes when 'from 192.0.2.44 AS 23456' - reject code: 7
+deny quick from 192.0.2.44 AS 23456
+
+# Reject inbound routes when 'from 192.0.2.44 AS 64496 - 131071' - reject code: 7
+deny quick from 192.0.2.44 AS 64496 - 131071
+
+# Reject inbound routes when 'from 192.0.2.44 AS 4200000000 - 4294967295' - reject code: 7
+deny quick from 192.0.2.44 AS 4200000000 - 4294967295
+
+
+
+
+
+
+
+
+
+
+
+
+# Prefix: length
+# Reject inbound routes when 'from 192.0.2.44 prefix 0.0.0.0/0 prefixlen 8 >< 24' - reject code: 13
+deny quick from 192.0.2.44 prefix 0.0.0.0/0 prefixlen 8 >< 24
+
+
+
+# Remove internal communities before accepting the route
+match from 192.0.2.44 set {
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+
+allow quick from 192.0.2.44
+
+
+
+# ---------------------------------------------
+# client AS4_1, outbound
+
+
+# Blackhole request?
+# No blackhole filtering policy given
+deny quick to 192.0.2.44 community BLACKHOLE
+
+
+# RPKI-based Origin Validation
+# Do not announce INVALID to clients
+deny quick to 192.0.2.44 ext-community $INTCOMM_RPKI_INVALID
+
+# NO_EXPORT and NO_ADVERTISE communities
+
+# BGP control communities
+allow to 192.0.2.44
+
+
+# Add the $INTCOMM_PROCESS_PREPEND_COMMS ext community to signal that communities
+# for prepending can be processed. As soon as one prepending action is performed,
+# this internal community is removed, so that further actions are not processed.
+match to 192.0.2.44 set ext-community $INTCOMM_PROCESS_PREPEND_COMMS
+
+
+
+
+
+# ---------------------------------------------
+# client AS4_2, inbound
+
+
+
+# NEXT_HOP
+match from 2001:db8:1:1::44 set community NO_ADVERTISE
+match from 2001:db8:1:1::44 nexthop 2001:db8:1:1::44 set community delete NO_ADVERTISE
+# Reject inbound routes when 'from 2001:db8:1:1::44 community NO_ADVERTISE' - reject code: 5
+deny quick from 2001:db8:1:1::44 community NO_ADVERTISE
+
+
+# AS_PATH: left-most ASN
+# Reject inbound routes when 'from 2001:db8:1:1::44 peer-as != 4' - reject code: 6
+deny quick from 2001:db8:1:1::44 peer-as != 4
+
+
+# AS_PATH: invalid ASNs
+# Reject inbound routes when 'from 2001:db8:1:1::44 AS 23456' - reject code: 7
+deny quick from 2001:db8:1:1::44 AS 23456
+
+# Reject inbound routes when 'from 2001:db8:1:1::44 AS 64496 - 131071' - reject code: 7
+deny quick from 2001:db8:1:1::44 AS 64496 - 131071
+
+# Reject inbound routes when 'from 2001:db8:1:1::44 AS 4200000000 - 4294967295' - reject code: 7
+deny quick from 2001:db8:1:1::44 AS 4200000000 - 4294967295
+
+
+
+
+
+
+
+
+
+
+
+
+# Prefix: length
+# Reject inbound routes when 'from 2001:db8:1:1::44 prefix ::/0 prefixlen 12 >< 48' - reject code: 13
+deny quick from 2001:db8:1:1::44 prefix ::/0 prefixlen 12 >< 48
+
+
+
+# Remove internal communities before accepting the route
+match from 2001:db8:1:1::44 set {
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+
+allow quick from 2001:db8:1:1::44
+
+
+
+# ---------------------------------------------
+# client AS4_2, outbound
+
+
+# Blackhole request?
+# No blackhole filtering policy given
+deny quick to 2001:db8:1:1::44 community BLACKHOLE
+
+
+# RPKI-based Origin Validation
+# Do not announce INVALID to clients
+deny quick to 2001:db8:1:1::44 ext-community $INTCOMM_RPKI_INVALID
+
+# NO_EXPORT and NO_ADVERTISE communities
+
+# BGP control communities
+allow to 2001:db8:1:1::44
+
+
+# Add the $INTCOMM_PROCESS_PREPEND_COMMS ext community to signal that communities
+# for prepending can be processed. As soon as one prepending action is performed,
+# this internal community is removed, so that further actions are not processed.
+match to 2001:db8:1:1::44 set ext-community $INTCOMM_PROCESS_PREPEND_COMMS
+
+
+
+
+
+
+
+# Scrub communities from outbound routes
+# rpki_bgp_origin_validation_invalid
+match to group clients set community delete 64512:2
+
+# rpki_bgp_origin_validation_unknown
+match to group clients set community delete 64512:3
+
+# rpki_bgp_origin_validation_valid
+match to group clients set community delete 64512:1
+
+
+# Scrub prepending communities
+
+
+# RFC1997 NO_EXPORT/NO_ADVERTISE received from clients and propagated because of pass-through policy
+match to group clients ext-community $INTCOMM_NO_EXPORT set community NO_EXPORT
+match to group clients ext-community $INTCOMM_NO_ADVERTISE set community NO_ADVERTISE
+
+# Remove internal communities before announcing the route
+match to group clients set {
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
diff --git a/tests/live_tests/scenarios/rpki_bov_comms/configs/RPKICustomBOVCommunitiesScenario_OpenBGPDPortableLatest_IPv6/openbgpd76p.conf b/tests/live_tests/scenarios/rpki_bov_comms/configs/RPKICustomBOVCommunitiesScenario_OpenBGPDPortableLatest_IPv6/openbgpd76p.conf
new file mode 100644
index 00000000..ca5f2e31
--- /dev/null
+++ b/tests/live_tests/scenarios/rpki_bov_comms/configs/RPKICustomBOVCommunitiesScenario_OpenBGPDPortableLatest_IPv6/openbgpd76p.conf
@@ -0,0 +1,1186 @@
+# built by ARouteServer
+AS 999
+router-id 192.0.2.2
+
+fib-update no
+log updates
+
+nexthop qualify via default
+
+rde evaluate all
+
+INTCOMM_PREF_OK_ROA="soo 65535:1"
+INTCOMM_ROUTE_OK_WL="soo 65535:2"
+INTCOMM_PREF_OK_ARINDB="soo 65535:3"
+INTCOMM_PREF_OK_REGISTROBRDB="soo 65535:12"
+
+INTCOMM_ORIGIN_OK="soo 65535:4"
+INTCOMM_ORIGIN_KO="soo 65535:5"
+INTCOMM_PREFIX_OK="soo 65535:6"
+INTCOMM_PREFIX_KO="soo 65535:7"
+INTCOMM_IRR_REJECT="soo 65535:8"
+
+INTCOMM_RPKI_UNKNOWN="soo 65535:9"
+INTCOMM_RPKI_INVALID="soo 65535:10"
+INTCOMM_RPKI_VALID="soo 65535:11"
+
+INTCOMM_PROCESS_PREPEND_COMMS="soo 65535:13"
+
+INTCOMM_NO_EXPORT="soo 65535:65281"
+INTCOMM_NO_ADVERTISE="soo 65535:65282"
+
+# ---------------------------------------------------------
+# IRRDB
+
+
+
+
+# ---------------------------------------------------------
+# MEMBERS
+
+group "clients" {
+
+	neighbor 192.0.2.11 {
+		remote-as 1
+
+		rde evaluate all
+
+		passive
+		ttl-security no
+		transparent-as yes
+		enforce neighbor-as no
+
+		announce as-4byte yes
+		announce IPv6 none
+		announce IPv4 unicast
+
+		set nexthop no-modify
+	}
+
+	neighbor 2001:db8:1:1::11 {
+		remote-as 1
+
+		rde evaluate all
+
+		passive
+		ttl-security no
+		transparent-as yes
+		enforce neighbor-as no
+
+		announce as-4byte yes
+		announce IPv6 unicast
+		announce IPv4 none
+
+		set nexthop no-modify
+	}
+
+	neighbor 192.0.2.22 {
+		remote-as 2
+
+		rde evaluate all
+
+		passive
+		ttl-security no
+		transparent-as yes
+		enforce neighbor-as no
+
+		announce as-4byte yes
+		announce IPv6 none
+		announce IPv4 unicast
+
+		set nexthop no-modify
+	}
+
+	neighbor 2001:db8:1:1::22 {
+		remote-as 2
+
+		rde evaluate all
+
+		passive
+		ttl-security no
+		transparent-as yes
+		enforce neighbor-as no
+
+		announce as-4byte yes
+		announce IPv6 unicast
+		announce IPv4 none
+
+		set nexthop no-modify
+	}
+
+	neighbor 192.0.2.33 {
+		remote-as 3
+
+		rde evaluate all
+
+		passive
+		ttl-security no
+		transparent-as yes
+		enforce neighbor-as no
+
+		announce as-4byte yes
+		announce IPv6 none
+		announce IPv4 unicast
+
+		set nexthop no-modify
+	}
+
+	neighbor 2001:db8:1:1::33 {
+		remote-as 3
+
+		rde evaluate all
+
+		passive
+		ttl-security no
+		transparent-as yes
+		enforce neighbor-as no
+
+		announce as-4byte yes
+		announce IPv6 unicast
+		announce IPv4 none
+
+		set nexthop no-modify
+	}
+
+	neighbor 192.0.2.44 {
+		remote-as 4
+
+		rde evaluate all
+
+		passive
+		ttl-security no
+		transparent-as yes
+		enforce neighbor-as no
+
+		announce as-4byte yes
+		announce IPv6 none
+		announce IPv4 unicast
+
+		set nexthop no-modify
+	}
+
+	neighbor 2001:db8:1:1::44 {
+		remote-as 4
+
+		rde evaluate all
+
+		passive
+		ttl-security no
+		transparent-as yes
+		enforce neighbor-as no
+
+		announce as-4byte yes
+		announce IPv6 unicast
+		announce IPv4 none
+
+		set nexthop no-modify
+	}
+}
+
+
+
+# ---------------------------------------------------------
+# FILTERS
+
+# NO_ADVERTISE usage notes.
+# The NO_ADVERTISE well-know community is used here to handle
+# filters that span over multiple steps. At first it is added
+# to any route, then it is removed as filters conditions are
+# satisfied. Finally, if it is still present, it means that
+# the route should be discarded.
+
+
+
+
+
+prefix-set "bogons" {
+    0.0.0.0/0
+    0.0.0.0/8 prefixlen 8 - 32
+    10.0.0.0/8 prefixlen 8 - 32
+    127.0.0.0/8 prefixlen 8 - 32
+    169.254.0.0/16 prefixlen 16 - 32
+    172.16.0.0/12 prefixlen 12 - 32
+    192.0.2.0/24 prefixlen 24 - 32
+    192.88.99.0/24 prefixlen 24 - 32
+    192.168.0.0/16 prefixlen 16 - 32
+    198.18.0.0/15 prefixlen 15 - 32
+    198.51.100.0/24 prefixlen 24 - 32
+    203.0.113.0/24 prefixlen 24 - 32
+    224.0.0.0/3 prefixlen 3 - 32
+    100.64.0.0/10 prefixlen 10 - 32
+    ::/0
+    ::/8 prefixlen 8 - 128
+    64:ff9b::/96 prefixlen 96 - 128
+    100::/8 prefixlen 8 - 128
+    200::/7 prefixlen 7 - 128
+    400::/6 prefixlen 6 - 128
+    800::/5 prefixlen 5 - 128
+    1000::/4 prefixlen 4 - 128
+    2001::/33 prefixlen 33 - 128
+    2001:0:8000::/33 prefixlen 33 - 128
+    2001:2::/48 prefixlen 48 - 128
+    2001:3::/32 prefixlen 32 - 128
+    2001:10::/28 prefixlen 28 - 128
+    2001:20::/28 prefixlen 28 - 128
+    2001:db8::/32 prefixlen 32 - 128
+    2002::/16 prefixlen 16 - 128
+    3ffe::/16 prefixlen 16 - 128
+    4000::/3 prefixlen 3 - 128
+    5f00::/8 prefixlen 8 - 128
+    6000::/3 prefixlen 3 - 128
+    8000::/3 prefixlen 3 - 128
+    a000::/3 prefixlen 3 - 128
+    c000::/3 prefixlen 3 - 128
+    e000::/4 prefixlen 4 - 128
+    f000::/5 prefixlen 5 - 128
+    f800::/6 prefixlen 6 - 128
+    fc00::/7 prefixlen 7 - 128
+    fe80::/10 prefixlen 10 - 128
+    fec0::/10 prefixlen 10 - 128
+    ff00::/8 prefixlen 8 - 128
+
+}
+
+
+# =====================================================================================
+# Global rules.
+
+# This part of configuration is processed at the beginning of the filters.
+# The rules defined in this part are applied to all the clients, and not on a
+# client-by-client basis (see the 'match from group clients'), so only global policies
+# can be implemented here, that is no client-level configuration are allowed.
+
+
+
+# Scrub communities from inbound routes
+# rpki_bgp_origin_validation_invalid
+match from group clients set community delete 64512:2
+
+# rpki_bgp_origin_validation_unknown
+match from group clients set community delete 64512:3
+
+# rpki_bgp_origin_validation_valid
+match from group clients set community delete 64512:1
+
+
+# Scrub internal communities from inbound routes
+match from group clients set {
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+# The main goal of this block is to enrich routes received from clients by attaching to them
+# internal informational communities which are used later by the rest of the filter rules.
+
+# Internal communities used for RFC1997 well-known communities handling
+
+# Transform NO_EXPORT into $INTCOMM_NO_EXPORT
+match from group clients community NO_EXPORT set { ext-community $INTCOMM_NO_EXPORT community delete NO_EXPORT }
+
+# Transform NO_ADVERTISE into $INTCOMM_NO_ADVERTISE
+match from group clients community NO_ADVERTISE set { ext-community $INTCOMM_NO_ADVERTISE community delete NO_ADVERTISE }
+
+
+# ---------------------------------------------------------
+# ROAs source
+
+
+roa-set {
+    2.0.128.0/20 maxlen 23 source-as 101
+    3.0.128.0/20 maxlen 23 source-as 103
+    2.0.8.0/24 source-as 101
+    2.0.9.0/24 source-as 102
+    3.0.8.0/24 source-as 103
+    3.0.9.0/24 source-as 102
+    3002:0:8000::/33 maxlen 34 source-as 101
+    3003:0:8000::/33 maxlen 34 source-as 103
+    3002:0:8::/48 source-as 101
+    3002:0:9::/48 source-as 102
+    3003:0:8::/48 source-as 103
+    3003:0:9::/48 source-as 102
+
+}
+
+
+
+# ---------------------------------------------------------
+# RPKI-based Origin Validation
+
+
+# Add $INTCOMM_RPKI_UNKNOWN, $INTCOMM_RPKI_INVALID and $INTCOMM_RPKI_VALID
+# ext community on the basis of ovs.
+match from group clients ovs not-found set {
+    ext-community $INTCOMM_RPKI_UNKNOWN
+    ext-community ovs not-found
+    community 64512:3
+}
+match from group clients ovs valid set {
+    ext-community $INTCOMM_RPKI_VALID
+    ext-community ovs valid
+    community 64512:1
+}
+match from group clients ovs invalid set {
+    ext-community $INTCOMM_RPKI_INVALID
+    ext-community ovs invalid
+    community 64512:2
+}
+
+
+
+
+
+
+
+
+
+
+
+# AS_PATH: length
+# Reject inbound routes when 'from group clients max-as-len 32' - reject code: 1
+deny quick from group clients max-as-len 32
+
+
+
+# Prefix: only IPv6 Global Unicast space allowed
+match from group clients inet6 set community NO_ADVERTISE
+match from group clients prefix 2000::/3 or-longer set community delete NO_ADVERTISE
+# Reject inbound routes when 'from group clients community NO_ADVERTISE' - reject code: 10
+deny quick from group clients community NO_ADVERTISE
+
+
+# Prefix: bogon
+# Reject inbound routes when 'from group clients prefix-set bogons' - reject code: 2
+deny quick from group clients prefix-set bogons
+
+
+
+
+# =====================================================================================
+# Per client rules.
+
+
+# ---------------------------------------------
+# client AS1_1, inbound
+
+
+
+# NEXT_HOP
+match from 192.0.2.11 set community NO_ADVERTISE
+match from 192.0.2.11 nexthop 192.0.2.11 set community delete NO_ADVERTISE
+# Reject inbound routes when 'from 192.0.2.11 community NO_ADVERTISE' - reject code: 5
+deny quick from 192.0.2.11 community NO_ADVERTISE
+
+
+# AS_PATH: left-most ASN
+# Reject inbound routes when 'from 192.0.2.11 peer-as != 1' - reject code: 6
+deny quick from 192.0.2.11 peer-as != 1
+
+
+# AS_PATH: invalid ASNs
+# Reject inbound routes when 'from 192.0.2.11 AS 23456' - reject code: 7
+deny quick from 192.0.2.11 AS 23456
+
+# Reject inbound routes when 'from 192.0.2.11 AS 64496 - 131071' - reject code: 7
+deny quick from 192.0.2.11 AS 64496 - 131071
+
+# Reject inbound routes when 'from 192.0.2.11 AS 4200000000 - 4294967295' - reject code: 7
+deny quick from 192.0.2.11 AS 4200000000 - 4294967295
+
+
+
+
+
+
+
+
+
+
+
+
+# Prefix: length
+# Reject inbound routes when 'from 192.0.2.11 prefix 0.0.0.0/0 prefixlen 8 >< 24' - reject code: 13
+deny quick from 192.0.2.11 prefix 0.0.0.0/0 prefixlen 8 >< 24
+
+
+
+# Remove internal communities before accepting the route
+match from 192.0.2.11 set {
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+
+allow quick from 192.0.2.11
+
+
+
+# ---------------------------------------------
+# client AS1_1, outbound
+
+
+# Blackhole request?
+# No blackhole filtering policy given
+deny quick to 192.0.2.11 community BLACKHOLE
+
+
+# RPKI-based Origin Validation
+# Do not announce INVALID to clients
+deny quick to 192.0.2.11 ext-community $INTCOMM_RPKI_INVALID
+
+# NO_EXPORT and NO_ADVERTISE communities
+
+# BGP control communities
+allow to 192.0.2.11
+
+
+# Add the $INTCOMM_PROCESS_PREPEND_COMMS ext community to signal that communities
+# for prepending can be processed. As soon as one prepending action is performed,
+# this internal community is removed, so that further actions are not processed.
+match to 192.0.2.11 set ext-community $INTCOMM_PROCESS_PREPEND_COMMS
+
+
+
+
+
+# ---------------------------------------------
+# client AS1_2, inbound
+
+
+
+# NEXT_HOP
+match from 2001:db8:1:1::11 set community NO_ADVERTISE
+match from 2001:db8:1:1::11 nexthop 2001:db8:1:1::11 set community delete NO_ADVERTISE
+# Reject inbound routes when 'from 2001:db8:1:1::11 community NO_ADVERTISE' - reject code: 5
+deny quick from 2001:db8:1:1::11 community NO_ADVERTISE
+
+
+# AS_PATH: left-most ASN
+# Reject inbound routes when 'from 2001:db8:1:1::11 peer-as != 1' - reject code: 6
+deny quick from 2001:db8:1:1::11 peer-as != 1
+
+
+# AS_PATH: invalid ASNs
+# Reject inbound routes when 'from 2001:db8:1:1::11 AS 23456' - reject code: 7
+deny quick from 2001:db8:1:1::11 AS 23456
+
+# Reject inbound routes when 'from 2001:db8:1:1::11 AS 64496 - 131071' - reject code: 7
+deny quick from 2001:db8:1:1::11 AS 64496 - 131071
+
+# Reject inbound routes when 'from 2001:db8:1:1::11 AS 4200000000 - 4294967295' - reject code: 7
+deny quick from 2001:db8:1:1::11 AS 4200000000 - 4294967295
+
+
+
+
+
+
+
+
+
+
+
+
+# Prefix: length
+# Reject inbound routes when 'from 2001:db8:1:1::11 prefix ::/0 prefixlen 12 >< 48' - reject code: 13
+deny quick from 2001:db8:1:1::11 prefix ::/0 prefixlen 12 >< 48
+
+
+
+# Remove internal communities before accepting the route
+match from 2001:db8:1:1::11 set {
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+
+allow quick from 2001:db8:1:1::11
+
+
+
+# ---------------------------------------------
+# client AS1_2, outbound
+
+
+# Blackhole request?
+# No blackhole filtering policy given
+deny quick to 2001:db8:1:1::11 community BLACKHOLE
+
+
+# RPKI-based Origin Validation
+# Do not announce INVALID to clients
+deny quick to 2001:db8:1:1::11 ext-community $INTCOMM_RPKI_INVALID
+
+# NO_EXPORT and NO_ADVERTISE communities
+
+# BGP control communities
+allow to 2001:db8:1:1::11
+
+
+# Add the $INTCOMM_PROCESS_PREPEND_COMMS ext community to signal that communities
+# for prepending can be processed. As soon as one prepending action is performed,
+# this internal community is removed, so that further actions are not processed.
+match to 2001:db8:1:1::11 set ext-community $INTCOMM_PROCESS_PREPEND_COMMS
+
+
+
+
+
+# ---------------------------------------------
+# client AS2_1, inbound
+
+
+
+# NEXT_HOP
+match from 192.0.2.22 set community NO_ADVERTISE
+match from 192.0.2.22 nexthop 192.0.2.22 set community delete NO_ADVERTISE
+# Reject inbound routes when 'from 192.0.2.22 community NO_ADVERTISE' - reject code: 5
+deny quick from 192.0.2.22 community NO_ADVERTISE
+
+
+# AS_PATH: left-most ASN
+# Reject inbound routes when 'from 192.0.2.22 peer-as != 2' - reject code: 6
+deny quick from 192.0.2.22 peer-as != 2
+
+
+# AS_PATH: invalid ASNs
+# Reject inbound routes when 'from 192.0.2.22 AS 23456' - reject code: 7
+deny quick from 192.0.2.22 AS 23456
+
+# Reject inbound routes when 'from 192.0.2.22 AS 64496 - 131071' - reject code: 7
+deny quick from 192.0.2.22 AS 64496 - 131071
+
+# Reject inbound routes when 'from 192.0.2.22 AS 4200000000 - 4294967295' - reject code: 7
+deny quick from 192.0.2.22 AS 4200000000 - 4294967295
+
+
+
+
+
+
+
+
+
+
+
+
+# Prefix: length
+# Reject inbound routes when 'from 192.0.2.22 prefix 0.0.0.0/0 prefixlen 8 >< 24' - reject code: 13
+deny quick from 192.0.2.22 prefix 0.0.0.0/0 prefixlen 8 >< 24
+
+
+
+# Remove internal communities before accepting the route
+match from 192.0.2.22 set {
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+
+allow quick from 192.0.2.22
+
+
+
+# ---------------------------------------------
+# client AS2_1, outbound
+
+
+# Blackhole request?
+# No blackhole filtering policy given
+deny quick to 192.0.2.22 community BLACKHOLE
+
+
+# RPKI-based Origin Validation
+# Do not announce INVALID to clients
+deny quick to 192.0.2.22 ext-community $INTCOMM_RPKI_INVALID
+
+# NO_EXPORT and NO_ADVERTISE communities
+
+# BGP control communities
+allow to 192.0.2.22
+
+
+# Add the $INTCOMM_PROCESS_PREPEND_COMMS ext community to signal that communities
+# for prepending can be processed. As soon as one prepending action is performed,
+# this internal community is removed, so that further actions are not processed.
+match to 192.0.2.22 set ext-community $INTCOMM_PROCESS_PREPEND_COMMS
+
+
+
+
+
+# ---------------------------------------------
+# client AS2_2, inbound
+
+
+
+# NEXT_HOP
+match from 2001:db8:1:1::22 set community NO_ADVERTISE
+match from 2001:db8:1:1::22 nexthop 2001:db8:1:1::22 set community delete NO_ADVERTISE
+# Reject inbound routes when 'from 2001:db8:1:1::22 community NO_ADVERTISE' - reject code: 5
+deny quick from 2001:db8:1:1::22 community NO_ADVERTISE
+
+
+# AS_PATH: left-most ASN
+# Reject inbound routes when 'from 2001:db8:1:1::22 peer-as != 2' - reject code: 6
+deny quick from 2001:db8:1:1::22 peer-as != 2
+
+
+# AS_PATH: invalid ASNs
+# Reject inbound routes when 'from 2001:db8:1:1::22 AS 23456' - reject code: 7
+deny quick from 2001:db8:1:1::22 AS 23456
+
+# Reject inbound routes when 'from 2001:db8:1:1::22 AS 64496 - 131071' - reject code: 7
+deny quick from 2001:db8:1:1::22 AS 64496 - 131071
+
+# Reject inbound routes when 'from 2001:db8:1:1::22 AS 4200000000 - 4294967295' - reject code: 7
+deny quick from 2001:db8:1:1::22 AS 4200000000 - 4294967295
+
+
+
+
+
+
+
+
+
+
+
+
+# Prefix: length
+# Reject inbound routes when 'from 2001:db8:1:1::22 prefix ::/0 prefixlen 12 >< 48' - reject code: 13
+deny quick from 2001:db8:1:1::22 prefix ::/0 prefixlen 12 >< 48
+
+
+
+# Remove internal communities before accepting the route
+match from 2001:db8:1:1::22 set {
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+
+allow quick from 2001:db8:1:1::22
+
+
+
+# ---------------------------------------------
+# client AS2_2, outbound
+
+
+# Blackhole request?
+# No blackhole filtering policy given
+deny quick to 2001:db8:1:1::22 community BLACKHOLE
+
+
+# RPKI-based Origin Validation
+# Do not announce INVALID to clients
+deny quick to 2001:db8:1:1::22 ext-community $INTCOMM_RPKI_INVALID
+
+# NO_EXPORT and NO_ADVERTISE communities
+
+# BGP control communities
+allow to 2001:db8:1:1::22
+
+
+# Add the $INTCOMM_PROCESS_PREPEND_COMMS ext community to signal that communities
+# for prepending can be processed. As soon as one prepending action is performed,
+# this internal community is removed, so that further actions are not processed.
+match to 2001:db8:1:1::22 set ext-community $INTCOMM_PROCESS_PREPEND_COMMS
+
+
+
+
+
+# ---------------------------------------------
+# client AS3_1, inbound
+
+
+
+# NEXT_HOP
+match from 192.0.2.33 set community NO_ADVERTISE
+match from 192.0.2.33 nexthop 192.0.2.33 set community delete NO_ADVERTISE
+# Reject inbound routes when 'from 192.0.2.33 community NO_ADVERTISE' - reject code: 5
+deny quick from 192.0.2.33 community NO_ADVERTISE
+
+
+# AS_PATH: left-most ASN
+# Reject inbound routes when 'from 192.0.2.33 peer-as != 3' - reject code: 6
+deny quick from 192.0.2.33 peer-as != 3
+
+
+# AS_PATH: invalid ASNs
+# Reject inbound routes when 'from 192.0.2.33 AS 23456' - reject code: 7
+deny quick from 192.0.2.33 AS 23456
+
+# Reject inbound routes when 'from 192.0.2.33 AS 64496 - 131071' - reject code: 7
+deny quick from 192.0.2.33 AS 64496 - 131071
+
+# Reject inbound routes when 'from 192.0.2.33 AS 4200000000 - 4294967295' - reject code: 7
+deny quick from 192.0.2.33 AS 4200000000 - 4294967295
+
+
+
+
+
+
+
+
+
+
+
+
+# Prefix: length
+# Reject inbound routes when 'from 192.0.2.33 prefix 0.0.0.0/0 prefixlen 8 >< 24' - reject code: 13
+deny quick from 192.0.2.33 prefix 0.0.0.0/0 prefixlen 8 >< 24
+
+
+
+# Remove internal communities before accepting the route
+match from 192.0.2.33 set {
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+
+allow quick from 192.0.2.33
+
+
+
+# ---------------------------------------------
+# client AS3_1, outbound
+
+
+# Blackhole request?
+# No blackhole filtering policy given
+deny quick to 192.0.2.33 community BLACKHOLE
+
+
+# RPKI-based Origin Validation
+# Do not announce INVALID to clients
+deny quick to 192.0.2.33 ext-community $INTCOMM_RPKI_INVALID
+
+# NO_EXPORT and NO_ADVERTISE communities
+
+# BGP control communities
+allow to 192.0.2.33
+
+
+# Add the $INTCOMM_PROCESS_PREPEND_COMMS ext community to signal that communities
+# for prepending can be processed. As soon as one prepending action is performed,
+# this internal community is removed, so that further actions are not processed.
+match to 192.0.2.33 set ext-community $INTCOMM_PROCESS_PREPEND_COMMS
+
+
+
+
+
+# ---------------------------------------------
+# client AS3_2, inbound
+
+
+
+# NEXT_HOP
+match from 2001:db8:1:1::33 set community NO_ADVERTISE
+match from 2001:db8:1:1::33 nexthop 2001:db8:1:1::33 set community delete NO_ADVERTISE
+# Reject inbound routes when 'from 2001:db8:1:1::33 community NO_ADVERTISE' - reject code: 5
+deny quick from 2001:db8:1:1::33 community NO_ADVERTISE
+
+
+# AS_PATH: left-most ASN
+# Reject inbound routes when 'from 2001:db8:1:1::33 peer-as != 3' - reject code: 6
+deny quick from 2001:db8:1:1::33 peer-as != 3
+
+
+# AS_PATH: invalid ASNs
+# Reject inbound routes when 'from 2001:db8:1:1::33 AS 23456' - reject code: 7
+deny quick from 2001:db8:1:1::33 AS 23456
+
+# Reject inbound routes when 'from 2001:db8:1:1::33 AS 64496 - 131071' - reject code: 7
+deny quick from 2001:db8:1:1::33 AS 64496 - 131071
+
+# Reject inbound routes when 'from 2001:db8:1:1::33 AS 4200000000 - 4294967295' - reject code: 7
+deny quick from 2001:db8:1:1::33 AS 4200000000 - 4294967295
+
+
+
+
+
+
+
+
+
+
+
+
+# Prefix: length
+# Reject inbound routes when 'from 2001:db8:1:1::33 prefix ::/0 prefixlen 12 >< 48' - reject code: 13
+deny quick from 2001:db8:1:1::33 prefix ::/0 prefixlen 12 >< 48
+
+
+
+# Remove internal communities before accepting the route
+match from 2001:db8:1:1::33 set {
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+
+allow quick from 2001:db8:1:1::33
+
+
+
+# ---------------------------------------------
+# client AS3_2, outbound
+
+
+# Blackhole request?
+# No blackhole filtering policy given
+deny quick to 2001:db8:1:1::33 community BLACKHOLE
+
+
+# RPKI-based Origin Validation
+# Do not announce INVALID to clients
+deny quick to 2001:db8:1:1::33 ext-community $INTCOMM_RPKI_INVALID
+
+# NO_EXPORT and NO_ADVERTISE communities
+
+# BGP control communities
+allow to 2001:db8:1:1::33
+
+
+# Add the $INTCOMM_PROCESS_PREPEND_COMMS ext community to signal that communities
+# for prepending can be processed. As soon as one prepending action is performed,
+# this internal community is removed, so that further actions are not processed.
+match to 2001:db8:1:1::33 set ext-community $INTCOMM_PROCESS_PREPEND_COMMS
+
+
+
+
+
+# ---------------------------------------------
+# client AS4_1, inbound
+
+
+
+# NEXT_HOP
+match from 192.0.2.44 set community NO_ADVERTISE
+match from 192.0.2.44 nexthop 192.0.2.44 set community delete NO_ADVERTISE
+# Reject inbound routes when 'from 192.0.2.44 community NO_ADVERTISE' - reject code: 5
+deny quick from 192.0.2.44 community NO_ADVERTISE
+
+
+# AS_PATH: left-most ASN
+# Reject inbound routes when 'from 192.0.2.44 peer-as != 4' - reject code: 6
+deny quick from 192.0.2.44 peer-as != 4
+
+
+# AS_PATH: invalid ASNs
+# Reject inbound routes when 'from 192.0.2.44 AS 23456' - reject code: 7
+deny quick from 192.0.2.44 AS 23456
+
+# Reject inbound routes when 'from 192.0.2.44 AS 64496 - 131071' - reject code: 7
+deny quick from 192.0.2.44 AS 64496 - 131071
+
+# Reject inbound routes when 'from 192.0.2.44 AS 4200000000 - 4294967295' - reject code: 7
+deny quick from 192.0.2.44 AS 4200000000 - 4294967295
+
+
+
+
+
+
+
+
+
+
+
+
+# Prefix: length
+# Reject inbound routes when 'from 192.0.2.44 prefix 0.0.0.0/0 prefixlen 8 >< 24' - reject code: 13
+deny quick from 192.0.2.44 prefix 0.0.0.0/0 prefixlen 8 >< 24
+
+
+
+# Remove internal communities before accepting the route
+match from 192.0.2.44 set {
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+
+allow quick from 192.0.2.44
+
+
+
+# ---------------------------------------------
+# client AS4_1, outbound
+
+
+# Blackhole request?
+# No blackhole filtering policy given
+deny quick to 192.0.2.44 community BLACKHOLE
+
+
+# RPKI-based Origin Validation
+# Do not announce INVALID to clients
+deny quick to 192.0.2.44 ext-community $INTCOMM_RPKI_INVALID
+
+# NO_EXPORT and NO_ADVERTISE communities
+
+# BGP control communities
+allow to 192.0.2.44
+
+
+# Add the $INTCOMM_PROCESS_PREPEND_COMMS ext community to signal that communities
+# for prepending can be processed. As soon as one prepending action is performed,
+# this internal community is removed, so that further actions are not processed.
+match to 192.0.2.44 set ext-community $INTCOMM_PROCESS_PREPEND_COMMS
+
+
+
+
+
+# ---------------------------------------------
+# client AS4_2, inbound
+
+
+
+# NEXT_HOP
+match from 2001:db8:1:1::44 set community NO_ADVERTISE
+match from 2001:db8:1:1::44 nexthop 2001:db8:1:1::44 set community delete NO_ADVERTISE
+# Reject inbound routes when 'from 2001:db8:1:1::44 community NO_ADVERTISE' - reject code: 5
+deny quick from 2001:db8:1:1::44 community NO_ADVERTISE
+
+
+# AS_PATH: left-most ASN
+# Reject inbound routes when 'from 2001:db8:1:1::44 peer-as != 4' - reject code: 6
+deny quick from 2001:db8:1:1::44 peer-as != 4
+
+
+# AS_PATH: invalid ASNs
+# Reject inbound routes when 'from 2001:db8:1:1::44 AS 23456' - reject code: 7
+deny quick from 2001:db8:1:1::44 AS 23456
+
+# Reject inbound routes when 'from 2001:db8:1:1::44 AS 64496 - 131071' - reject code: 7
+deny quick from 2001:db8:1:1::44 AS 64496 - 131071
+
+# Reject inbound routes when 'from 2001:db8:1:1::44 AS 4200000000 - 4294967295' - reject code: 7
+deny quick from 2001:db8:1:1::44 AS 4200000000 - 4294967295
+
+
+
+
+
+
+
+
+
+
+
+
+# Prefix: length
+# Reject inbound routes when 'from 2001:db8:1:1::44 prefix ::/0 prefixlen 12 >< 48' - reject code: 13
+deny quick from 2001:db8:1:1::44 prefix ::/0 prefixlen 12 >< 48
+
+
+
+# Remove internal communities before accepting the route
+match from 2001:db8:1:1::44 set {
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+
+allow quick from 2001:db8:1:1::44
+
+
+
+# ---------------------------------------------
+# client AS4_2, outbound
+
+
+# Blackhole request?
+# No blackhole filtering policy given
+deny quick to 2001:db8:1:1::44 community BLACKHOLE
+
+
+# RPKI-based Origin Validation
+# Do not announce INVALID to clients
+deny quick to 2001:db8:1:1::44 ext-community $INTCOMM_RPKI_INVALID
+
+# NO_EXPORT and NO_ADVERTISE communities
+
+# BGP control communities
+allow to 2001:db8:1:1::44
+
+
+# Add the $INTCOMM_PROCESS_PREPEND_COMMS ext community to signal that communities
+# for prepending can be processed. As soon as one prepending action is performed,
+# this internal community is removed, so that further actions are not processed.
+match to 2001:db8:1:1::44 set ext-community $INTCOMM_PROCESS_PREPEND_COMMS
+
+
+
+
+
+
+
+# Scrub communities from outbound routes
+# rpki_bgp_origin_validation_invalid
+match to group clients set community delete 64512:2
+
+# rpki_bgp_origin_validation_unknown
+match to group clients set community delete 64512:3
+
+# rpki_bgp_origin_validation_valid
+match to group clients set community delete 64512:1
+
+
+# Scrub prepending communities
+
+
+# RFC1997 NO_EXPORT/NO_ADVERTISE received from clients and propagated because of pass-through policy
+match to group clients ext-community $INTCOMM_NO_EXPORT set community NO_EXPORT
+match to group clients ext-community $INTCOMM_NO_ADVERTISE set community NO_ADVERTISE
+
+# Remove internal communities before announcing the route
+match to group clients set {
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
diff --git a/tests/live_tests/scenarios/rpki_bov_comms/configs/RPKICustomBOVCommunitiesScenario_OpenBGPDPortableLatest_IPv6/openbgpd77p.conf b/tests/live_tests/scenarios/rpki_bov_comms/configs/RPKICustomBOVCommunitiesScenario_OpenBGPDPortableLatest_IPv6/openbgpd77p.conf
new file mode 100644
index 00000000..ca5f2e31
--- /dev/null
+++ b/tests/live_tests/scenarios/rpki_bov_comms/configs/RPKICustomBOVCommunitiesScenario_OpenBGPDPortableLatest_IPv6/openbgpd77p.conf
@@ -0,0 +1,1186 @@
+# built by ARouteServer
+AS 999
+router-id 192.0.2.2
+
+fib-update no
+log updates
+
+nexthop qualify via default
+
+rde evaluate all
+
+INTCOMM_PREF_OK_ROA="soo 65535:1"
+INTCOMM_ROUTE_OK_WL="soo 65535:2"
+INTCOMM_PREF_OK_ARINDB="soo 65535:3"
+INTCOMM_PREF_OK_REGISTROBRDB="soo 65535:12"
+
+INTCOMM_ORIGIN_OK="soo 65535:4"
+INTCOMM_ORIGIN_KO="soo 65535:5"
+INTCOMM_PREFIX_OK="soo 65535:6"
+INTCOMM_PREFIX_KO="soo 65535:7"
+INTCOMM_IRR_REJECT="soo 65535:8"
+
+INTCOMM_RPKI_UNKNOWN="soo 65535:9"
+INTCOMM_RPKI_INVALID="soo 65535:10"
+INTCOMM_RPKI_VALID="soo 65535:11"
+
+INTCOMM_PROCESS_PREPEND_COMMS="soo 65535:13"
+
+INTCOMM_NO_EXPORT="soo 65535:65281"
+INTCOMM_NO_ADVERTISE="soo 65535:65282"
+
+# ---------------------------------------------------------
+# IRRDB
+
+
+
+
+# ---------------------------------------------------------
+# MEMBERS
+
+group "clients" {
+
+	neighbor 192.0.2.11 {
+		remote-as 1
+
+		rde evaluate all
+
+		passive
+		ttl-security no
+		transparent-as yes
+		enforce neighbor-as no
+
+		announce as-4byte yes
+		announce IPv6 none
+		announce IPv4 unicast
+
+		set nexthop no-modify
+	}
+
+	neighbor 2001:db8:1:1::11 {
+		remote-as 1
+
+		rde evaluate all
+
+		passive
+		ttl-security no
+		transparent-as yes
+		enforce neighbor-as no
+
+		announce as-4byte yes
+		announce IPv6 unicast
+		announce IPv4 none
+
+		set nexthop no-modify
+	}
+
+	neighbor 192.0.2.22 {
+		remote-as 2
+
+		rde evaluate all
+
+		passive
+		ttl-security no
+		transparent-as yes
+		enforce neighbor-as no
+
+		announce as-4byte yes
+		announce IPv6 none
+		announce IPv4 unicast
+
+		set nexthop no-modify
+	}
+
+	neighbor 2001:db8:1:1::22 {
+		remote-as 2
+
+		rde evaluate all
+
+		passive
+		ttl-security no
+		transparent-as yes
+		enforce neighbor-as no
+
+		announce as-4byte yes
+		announce IPv6 unicast
+		announce IPv4 none
+
+		set nexthop no-modify
+	}
+
+	neighbor 192.0.2.33 {
+		remote-as 3
+
+		rde evaluate all
+
+		passive
+		ttl-security no
+		transparent-as yes
+		enforce neighbor-as no
+
+		announce as-4byte yes
+		announce IPv6 none
+		announce IPv4 unicast
+
+		set nexthop no-modify
+	}
+
+	neighbor 2001:db8:1:1::33 {
+		remote-as 3
+
+		rde evaluate all
+
+		passive
+		ttl-security no
+		transparent-as yes
+		enforce neighbor-as no
+
+		announce as-4byte yes
+		announce IPv6 unicast
+		announce IPv4 none
+
+		set nexthop no-modify
+	}
+
+	neighbor 192.0.2.44 {
+		remote-as 4
+
+		rde evaluate all
+
+		passive
+		ttl-security no
+		transparent-as yes
+		enforce neighbor-as no
+
+		announce as-4byte yes
+		announce IPv6 none
+		announce IPv4 unicast
+
+		set nexthop no-modify
+	}
+
+	neighbor 2001:db8:1:1::44 {
+		remote-as 4
+
+		rde evaluate all
+
+		passive
+		ttl-security no
+		transparent-as yes
+		enforce neighbor-as no
+
+		announce as-4byte yes
+		announce IPv6 unicast
+		announce IPv4 none
+
+		set nexthop no-modify
+	}
+}
+
+
+
+# ---------------------------------------------------------
+# FILTERS
+
+# NO_ADVERTISE usage notes.
+# The NO_ADVERTISE well-know community is used here to handle
+# filters that span over multiple steps. At first it is added
+# to any route, then it is removed as filters conditions are
+# satisfied. Finally, if it is still present, it means that
+# the route should be discarded.
+
+
+
+
+
+prefix-set "bogons" {
+    0.0.0.0/0
+    0.0.0.0/8 prefixlen 8 - 32
+    10.0.0.0/8 prefixlen 8 - 32
+    127.0.0.0/8 prefixlen 8 - 32
+    169.254.0.0/16 prefixlen 16 - 32
+    172.16.0.0/12 prefixlen 12 - 32
+    192.0.2.0/24 prefixlen 24 - 32
+    192.88.99.0/24 prefixlen 24 - 32
+    192.168.0.0/16 prefixlen 16 - 32
+    198.18.0.0/15 prefixlen 15 - 32
+    198.51.100.0/24 prefixlen 24 - 32
+    203.0.113.0/24 prefixlen 24 - 32
+    224.0.0.0/3 prefixlen 3 - 32
+    100.64.0.0/10 prefixlen 10 - 32
+    ::/0
+    ::/8 prefixlen 8 - 128
+    64:ff9b::/96 prefixlen 96 - 128
+    100::/8 prefixlen 8 - 128
+    200::/7 prefixlen 7 - 128
+    400::/6 prefixlen 6 - 128
+    800::/5 prefixlen 5 - 128
+    1000::/4 prefixlen 4 - 128
+    2001::/33 prefixlen 33 - 128
+    2001:0:8000::/33 prefixlen 33 - 128
+    2001:2::/48 prefixlen 48 - 128
+    2001:3::/32 prefixlen 32 - 128
+    2001:10::/28 prefixlen 28 - 128
+    2001:20::/28 prefixlen 28 - 128
+    2001:db8::/32 prefixlen 32 - 128
+    2002::/16 prefixlen 16 - 128
+    3ffe::/16 prefixlen 16 - 128
+    4000::/3 prefixlen 3 - 128
+    5f00::/8 prefixlen 8 - 128
+    6000::/3 prefixlen 3 - 128
+    8000::/3 prefixlen 3 - 128
+    a000::/3 prefixlen 3 - 128
+    c000::/3 prefixlen 3 - 128
+    e000::/4 prefixlen 4 - 128
+    f000::/5 prefixlen 5 - 128
+    f800::/6 prefixlen 6 - 128
+    fc00::/7 prefixlen 7 - 128
+    fe80::/10 prefixlen 10 - 128
+    fec0::/10 prefixlen 10 - 128
+    ff00::/8 prefixlen 8 - 128
+
+}
+
+
+# =====================================================================================
+# Global rules.
+
+# This part of configuration is processed at the beginning of the filters.
+# The rules defined in this part are applied to all the clients, and not on a
+# client-by-client basis (see the 'match from group clients'), so only global policies
+# can be implemented here, that is no client-level configuration are allowed.
+
+
+
+# Scrub communities from inbound routes
+# rpki_bgp_origin_validation_invalid
+match from group clients set community delete 64512:2
+
+# rpki_bgp_origin_validation_unknown
+match from group clients set community delete 64512:3
+
+# rpki_bgp_origin_validation_valid
+match from group clients set community delete 64512:1
+
+
+# Scrub internal communities from inbound routes
+match from group clients set {
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+# The main goal of this block is to enrich routes received from clients by attaching to them
+# internal informational communities which are used later by the rest of the filter rules.
+
+# Internal communities used for RFC1997 well-known communities handling
+
+# Transform NO_EXPORT into $INTCOMM_NO_EXPORT
+match from group clients community NO_EXPORT set { ext-community $INTCOMM_NO_EXPORT community delete NO_EXPORT }
+
+# Transform NO_ADVERTISE into $INTCOMM_NO_ADVERTISE
+match from group clients community NO_ADVERTISE set { ext-community $INTCOMM_NO_ADVERTISE community delete NO_ADVERTISE }
+
+
+# ---------------------------------------------------------
+# ROAs source
+
+
+roa-set {
+    2.0.128.0/20 maxlen 23 source-as 101
+    3.0.128.0/20 maxlen 23 source-as 103
+    2.0.8.0/24 source-as 101
+    2.0.9.0/24 source-as 102
+    3.0.8.0/24 source-as 103
+    3.0.9.0/24 source-as 102
+    3002:0:8000::/33 maxlen 34 source-as 101
+    3003:0:8000::/33 maxlen 34 source-as 103
+    3002:0:8::/48 source-as 101
+    3002:0:9::/48 source-as 102
+    3003:0:8::/48 source-as 103
+    3003:0:9::/48 source-as 102
+
+}
+
+
+
+# ---------------------------------------------------------
+# RPKI-based Origin Validation
+
+
+# Add $INTCOMM_RPKI_UNKNOWN, $INTCOMM_RPKI_INVALID and $INTCOMM_RPKI_VALID
+# ext community on the basis of ovs.
+match from group clients ovs not-found set {
+    ext-community $INTCOMM_RPKI_UNKNOWN
+    ext-community ovs not-found
+    community 64512:3
+}
+match from group clients ovs valid set {
+    ext-community $INTCOMM_RPKI_VALID
+    ext-community ovs valid
+    community 64512:1
+}
+match from group clients ovs invalid set {
+    ext-community $INTCOMM_RPKI_INVALID
+    ext-community ovs invalid
+    community 64512:2
+}
+
+
+
+
+
+
+
+
+
+
+
+# AS_PATH: length
+# Reject inbound routes when 'from group clients max-as-len 32' - reject code: 1
+deny quick from group clients max-as-len 32
+
+
+
+# Prefix: only IPv6 Global Unicast space allowed
+match from group clients inet6 set community NO_ADVERTISE
+match from group clients prefix 2000::/3 or-longer set community delete NO_ADVERTISE
+# Reject inbound routes when 'from group clients community NO_ADVERTISE' - reject code: 10
+deny quick from group clients community NO_ADVERTISE
+
+
+# Prefix: bogon
+# Reject inbound routes when 'from group clients prefix-set bogons' - reject code: 2
+deny quick from group clients prefix-set bogons
+
+
+
+
+# =====================================================================================
+# Per client rules.
+
+
+# ---------------------------------------------
+# client AS1_1, inbound
+
+
+
+# NEXT_HOP
+match from 192.0.2.11 set community NO_ADVERTISE
+match from 192.0.2.11 nexthop 192.0.2.11 set community delete NO_ADVERTISE
+# Reject inbound routes when 'from 192.0.2.11 community NO_ADVERTISE' - reject code: 5
+deny quick from 192.0.2.11 community NO_ADVERTISE
+
+
+# AS_PATH: left-most ASN
+# Reject inbound routes when 'from 192.0.2.11 peer-as != 1' - reject code: 6
+deny quick from 192.0.2.11 peer-as != 1
+
+
+# AS_PATH: invalid ASNs
+# Reject inbound routes when 'from 192.0.2.11 AS 23456' - reject code: 7
+deny quick from 192.0.2.11 AS 23456
+
+# Reject inbound routes when 'from 192.0.2.11 AS 64496 - 131071' - reject code: 7
+deny quick from 192.0.2.11 AS 64496 - 131071
+
+# Reject inbound routes when 'from 192.0.2.11 AS 4200000000 - 4294967295' - reject code: 7
+deny quick from 192.0.2.11 AS 4200000000 - 4294967295
+
+
+
+
+
+
+
+
+
+
+
+
+# Prefix: length
+# Reject inbound routes when 'from 192.0.2.11 prefix 0.0.0.0/0 prefixlen 8 >< 24' - reject code: 13
+deny quick from 192.0.2.11 prefix 0.0.0.0/0 prefixlen 8 >< 24
+
+
+
+# Remove internal communities before accepting the route
+match from 192.0.2.11 set {
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+
+allow quick from 192.0.2.11
+
+
+
+# ---------------------------------------------
+# client AS1_1, outbound
+
+
+# Blackhole request?
+# No blackhole filtering policy given
+deny quick to 192.0.2.11 community BLACKHOLE
+
+
+# RPKI-based Origin Validation
+# Do not announce INVALID to clients
+deny quick to 192.0.2.11 ext-community $INTCOMM_RPKI_INVALID
+
+# NO_EXPORT and NO_ADVERTISE communities
+
+# BGP control communities
+allow to 192.0.2.11
+
+
+# Add the $INTCOMM_PROCESS_PREPEND_COMMS ext community to signal that communities
+# for prepending can be processed. As soon as one prepending action is performed,
+# this internal community is removed, so that further actions are not processed.
+match to 192.0.2.11 set ext-community $INTCOMM_PROCESS_PREPEND_COMMS
+
+
+
+
+
+# ---------------------------------------------
+# client AS1_2, inbound
+
+
+
+# NEXT_HOP
+match from 2001:db8:1:1::11 set community NO_ADVERTISE
+match from 2001:db8:1:1::11 nexthop 2001:db8:1:1::11 set community delete NO_ADVERTISE
+# Reject inbound routes when 'from 2001:db8:1:1::11 community NO_ADVERTISE' - reject code: 5
+deny quick from 2001:db8:1:1::11 community NO_ADVERTISE
+
+
+# AS_PATH: left-most ASN
+# Reject inbound routes when 'from 2001:db8:1:1::11 peer-as != 1' - reject code: 6
+deny quick from 2001:db8:1:1::11 peer-as != 1
+
+
+# AS_PATH: invalid ASNs
+# Reject inbound routes when 'from 2001:db8:1:1::11 AS 23456' - reject code: 7
+deny quick from 2001:db8:1:1::11 AS 23456
+
+# Reject inbound routes when 'from 2001:db8:1:1::11 AS 64496 - 131071' - reject code: 7
+deny quick from 2001:db8:1:1::11 AS 64496 - 131071
+
+# Reject inbound routes when 'from 2001:db8:1:1::11 AS 4200000000 - 4294967295' - reject code: 7
+deny quick from 2001:db8:1:1::11 AS 4200000000 - 4294967295
+
+
+
+
+
+
+
+
+
+
+
+
+# Prefix: length
+# Reject inbound routes when 'from 2001:db8:1:1::11 prefix ::/0 prefixlen 12 >< 48' - reject code: 13
+deny quick from 2001:db8:1:1::11 prefix ::/0 prefixlen 12 >< 48
+
+
+
+# Remove internal communities before accepting the route
+match from 2001:db8:1:1::11 set {
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+
+allow quick from 2001:db8:1:1::11
+
+
+
+# ---------------------------------------------
+# client AS1_2, outbound
+
+
+# Blackhole request?
+# No blackhole filtering policy given
+deny quick to 2001:db8:1:1::11 community BLACKHOLE
+
+
+# RPKI-based Origin Validation
+# Do not announce INVALID to clients
+deny quick to 2001:db8:1:1::11 ext-community $INTCOMM_RPKI_INVALID
+
+# NO_EXPORT and NO_ADVERTISE communities
+
+# BGP control communities
+allow to 2001:db8:1:1::11
+
+
+# Add the $INTCOMM_PROCESS_PREPEND_COMMS ext community to signal that communities
+# for prepending can be processed. As soon as one prepending action is performed,
+# this internal community is removed, so that further actions are not processed.
+match to 2001:db8:1:1::11 set ext-community $INTCOMM_PROCESS_PREPEND_COMMS
+
+
+
+
+
+# ---------------------------------------------
+# client AS2_1, inbound
+
+
+
+# NEXT_HOP
+match from 192.0.2.22 set community NO_ADVERTISE
+match from 192.0.2.22 nexthop 192.0.2.22 set community delete NO_ADVERTISE
+# Reject inbound routes when 'from 192.0.2.22 community NO_ADVERTISE' - reject code: 5
+deny quick from 192.0.2.22 community NO_ADVERTISE
+
+
+# AS_PATH: left-most ASN
+# Reject inbound routes when 'from 192.0.2.22 peer-as != 2' - reject code: 6
+deny quick from 192.0.2.22 peer-as != 2
+
+
+# AS_PATH: invalid ASNs
+# Reject inbound routes when 'from 192.0.2.22 AS 23456' - reject code: 7
+deny quick from 192.0.2.22 AS 23456
+
+# Reject inbound routes when 'from 192.0.2.22 AS 64496 - 131071' - reject code: 7
+deny quick from 192.0.2.22 AS 64496 - 131071
+
+# Reject inbound routes when 'from 192.0.2.22 AS 4200000000 - 4294967295' - reject code: 7
+deny quick from 192.0.2.22 AS 4200000000 - 4294967295
+
+
+
+
+
+
+
+
+
+
+
+
+# Prefix: length
+# Reject inbound routes when 'from 192.0.2.22 prefix 0.0.0.0/0 prefixlen 8 >< 24' - reject code: 13
+deny quick from 192.0.2.22 prefix 0.0.0.0/0 prefixlen 8 >< 24
+
+
+
+# Remove internal communities before accepting the route
+match from 192.0.2.22 set {
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+
+allow quick from 192.0.2.22
+
+
+
+# ---------------------------------------------
+# client AS2_1, outbound
+
+
+# Blackhole request?
+# No blackhole filtering policy given
+deny quick to 192.0.2.22 community BLACKHOLE
+
+
+# RPKI-based Origin Validation
+# Do not announce INVALID to clients
+deny quick to 192.0.2.22 ext-community $INTCOMM_RPKI_INVALID
+
+# NO_EXPORT and NO_ADVERTISE communities
+
+# BGP control communities
+allow to 192.0.2.22
+
+
+# Add the $INTCOMM_PROCESS_PREPEND_COMMS ext community to signal that communities
+# for prepending can be processed. As soon as one prepending action is performed,
+# this internal community is removed, so that further actions are not processed.
+match to 192.0.2.22 set ext-community $INTCOMM_PROCESS_PREPEND_COMMS
+
+
+
+
+
+# ---------------------------------------------
+# client AS2_2, inbound
+
+
+
+# NEXT_HOP
+match from 2001:db8:1:1::22 set community NO_ADVERTISE
+match from 2001:db8:1:1::22 nexthop 2001:db8:1:1::22 set community delete NO_ADVERTISE
+# Reject inbound routes when 'from 2001:db8:1:1::22 community NO_ADVERTISE' - reject code: 5
+deny quick from 2001:db8:1:1::22 community NO_ADVERTISE
+
+
+# AS_PATH: left-most ASN
+# Reject inbound routes when 'from 2001:db8:1:1::22 peer-as != 2' - reject code: 6
+deny quick from 2001:db8:1:1::22 peer-as != 2
+
+
+# AS_PATH: invalid ASNs
+# Reject inbound routes when 'from 2001:db8:1:1::22 AS 23456' - reject code: 7
+deny quick from 2001:db8:1:1::22 AS 23456
+
+# Reject inbound routes when 'from 2001:db8:1:1::22 AS 64496 - 131071' - reject code: 7
+deny quick from 2001:db8:1:1::22 AS 64496 - 131071
+
+# Reject inbound routes when 'from 2001:db8:1:1::22 AS 4200000000 - 4294967295' - reject code: 7
+deny quick from 2001:db8:1:1::22 AS 4200000000 - 4294967295
+
+
+
+
+
+
+
+
+
+
+
+
+# Prefix: length
+# Reject inbound routes when 'from 2001:db8:1:1::22 prefix ::/0 prefixlen 12 >< 48' - reject code: 13
+deny quick from 2001:db8:1:1::22 prefix ::/0 prefixlen 12 >< 48
+
+
+
+# Remove internal communities before accepting the route
+match from 2001:db8:1:1::22 set {
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+
+allow quick from 2001:db8:1:1::22
+
+
+
+# ---------------------------------------------
+# client AS2_2, outbound
+
+
+# Blackhole request?
+# No blackhole filtering policy given
+deny quick to 2001:db8:1:1::22 community BLACKHOLE
+
+
+# RPKI-based Origin Validation
+# Do not announce INVALID to clients
+deny quick to 2001:db8:1:1::22 ext-community $INTCOMM_RPKI_INVALID
+
+# NO_EXPORT and NO_ADVERTISE communities
+
+# BGP control communities
+allow to 2001:db8:1:1::22
+
+
+# Add the $INTCOMM_PROCESS_PREPEND_COMMS ext community to signal that communities
+# for prepending can be processed. As soon as one prepending action is performed,
+# this internal community is removed, so that further actions are not processed.
+match to 2001:db8:1:1::22 set ext-community $INTCOMM_PROCESS_PREPEND_COMMS
+
+
+
+
+
+# ---------------------------------------------
+# client AS3_1, inbound
+
+
+
+# NEXT_HOP
+match from 192.0.2.33 set community NO_ADVERTISE
+match from 192.0.2.33 nexthop 192.0.2.33 set community delete NO_ADVERTISE
+# Reject inbound routes when 'from 192.0.2.33 community NO_ADVERTISE' - reject code: 5
+deny quick from 192.0.2.33 community NO_ADVERTISE
+
+
+# AS_PATH: left-most ASN
+# Reject inbound routes when 'from 192.0.2.33 peer-as != 3' - reject code: 6
+deny quick from 192.0.2.33 peer-as != 3
+
+
+# AS_PATH: invalid ASNs
+# Reject inbound routes when 'from 192.0.2.33 AS 23456' - reject code: 7
+deny quick from 192.0.2.33 AS 23456
+
+# Reject inbound routes when 'from 192.0.2.33 AS 64496 - 131071' - reject code: 7
+deny quick from 192.0.2.33 AS 64496 - 131071
+
+# Reject inbound routes when 'from 192.0.2.33 AS 4200000000 - 4294967295' - reject code: 7
+deny quick from 192.0.2.33 AS 4200000000 - 4294967295
+
+
+
+
+
+
+
+
+
+
+
+
+# Prefix: length
+# Reject inbound routes when 'from 192.0.2.33 prefix 0.0.0.0/0 prefixlen 8 >< 24' - reject code: 13
+deny quick from 192.0.2.33 prefix 0.0.0.0/0 prefixlen 8 >< 24
+
+
+
+# Remove internal communities before accepting the route
+match from 192.0.2.33 set {
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+
+allow quick from 192.0.2.33
+
+
+
+# ---------------------------------------------
+# client AS3_1, outbound
+
+
+# Blackhole request?
+# No blackhole filtering policy given
+deny quick to 192.0.2.33 community BLACKHOLE
+
+
+# RPKI-based Origin Validation
+# Do not announce INVALID to clients
+deny quick to 192.0.2.33 ext-community $INTCOMM_RPKI_INVALID
+
+# NO_EXPORT and NO_ADVERTISE communities
+
+# BGP control communities
+allow to 192.0.2.33
+
+
+# Add the $INTCOMM_PROCESS_PREPEND_COMMS ext community to signal that communities
+# for prepending can be processed. As soon as one prepending action is performed,
+# this internal community is removed, so that further actions are not processed.
+match to 192.0.2.33 set ext-community $INTCOMM_PROCESS_PREPEND_COMMS
+
+
+
+
+
+# ---------------------------------------------
+# client AS3_2, inbound
+
+
+
+# NEXT_HOP
+match from 2001:db8:1:1::33 set community NO_ADVERTISE
+match from 2001:db8:1:1::33 nexthop 2001:db8:1:1::33 set community delete NO_ADVERTISE
+# Reject inbound routes when 'from 2001:db8:1:1::33 community NO_ADVERTISE' - reject code: 5
+deny quick from 2001:db8:1:1::33 community NO_ADVERTISE
+
+
+# AS_PATH: left-most ASN
+# Reject inbound routes when 'from 2001:db8:1:1::33 peer-as != 3' - reject code: 6
+deny quick from 2001:db8:1:1::33 peer-as != 3
+
+
+# AS_PATH: invalid ASNs
+# Reject inbound routes when 'from 2001:db8:1:1::33 AS 23456' - reject code: 7
+deny quick from 2001:db8:1:1::33 AS 23456
+
+# Reject inbound routes when 'from 2001:db8:1:1::33 AS 64496 - 131071' - reject code: 7
+deny quick from 2001:db8:1:1::33 AS 64496 - 131071
+
+# Reject inbound routes when 'from 2001:db8:1:1::33 AS 4200000000 - 4294967295' - reject code: 7
+deny quick from 2001:db8:1:1::33 AS 4200000000 - 4294967295
+
+
+
+
+
+
+
+
+
+
+
+
+# Prefix: length
+# Reject inbound routes when 'from 2001:db8:1:1::33 prefix ::/0 prefixlen 12 >< 48' - reject code: 13
+deny quick from 2001:db8:1:1::33 prefix ::/0 prefixlen 12 >< 48
+
+
+
+# Remove internal communities before accepting the route
+match from 2001:db8:1:1::33 set {
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+
+allow quick from 2001:db8:1:1::33
+
+
+
+# ---------------------------------------------
+# client AS3_2, outbound
+
+
+# Blackhole request?
+# No blackhole filtering policy given
+deny quick to 2001:db8:1:1::33 community BLACKHOLE
+
+
+# RPKI-based Origin Validation
+# Do not announce INVALID to clients
+deny quick to 2001:db8:1:1::33 ext-community $INTCOMM_RPKI_INVALID
+
+# NO_EXPORT and NO_ADVERTISE communities
+
+# BGP control communities
+allow to 2001:db8:1:1::33
+
+
+# Add the $INTCOMM_PROCESS_PREPEND_COMMS ext community to signal that communities
+# for prepending can be processed. As soon as one prepending action is performed,
+# this internal community is removed, so that further actions are not processed.
+match to 2001:db8:1:1::33 set ext-community $INTCOMM_PROCESS_PREPEND_COMMS
+
+
+
+
+
+# ---------------------------------------------
+# client AS4_1, inbound
+
+
+
+# NEXT_HOP
+match from 192.0.2.44 set community NO_ADVERTISE
+match from 192.0.2.44 nexthop 192.0.2.44 set community delete NO_ADVERTISE
+# Reject inbound routes when 'from 192.0.2.44 community NO_ADVERTISE' - reject code: 5
+deny quick from 192.0.2.44 community NO_ADVERTISE
+
+
+# AS_PATH: left-most ASN
+# Reject inbound routes when 'from 192.0.2.44 peer-as != 4' - reject code: 6
+deny quick from 192.0.2.44 peer-as != 4
+
+
+# AS_PATH: invalid ASNs
+# Reject inbound routes when 'from 192.0.2.44 AS 23456' - reject code: 7
+deny quick from 192.0.2.44 AS 23456
+
+# Reject inbound routes when 'from 192.0.2.44 AS 64496 - 131071' - reject code: 7
+deny quick from 192.0.2.44 AS 64496 - 131071
+
+# Reject inbound routes when 'from 192.0.2.44 AS 4200000000 - 4294967295' - reject code: 7
+deny quick from 192.0.2.44 AS 4200000000 - 4294967295
+
+
+
+
+
+
+
+
+
+
+
+
+# Prefix: length
+# Reject inbound routes when 'from 192.0.2.44 prefix 0.0.0.0/0 prefixlen 8 >< 24' - reject code: 13
+deny quick from 192.0.2.44 prefix 0.0.0.0/0 prefixlen 8 >< 24
+
+
+
+# Remove internal communities before accepting the route
+match from 192.0.2.44 set {
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+
+allow quick from 192.0.2.44
+
+
+
+# ---------------------------------------------
+# client AS4_1, outbound
+
+
+# Blackhole request?
+# No blackhole filtering policy given
+deny quick to 192.0.2.44 community BLACKHOLE
+
+
+# RPKI-based Origin Validation
+# Do not announce INVALID to clients
+deny quick to 192.0.2.44 ext-community $INTCOMM_RPKI_INVALID
+
+# NO_EXPORT and NO_ADVERTISE communities
+
+# BGP control communities
+allow to 192.0.2.44
+
+
+# Add the $INTCOMM_PROCESS_PREPEND_COMMS ext community to signal that communities
+# for prepending can be processed. As soon as one prepending action is performed,
+# this internal community is removed, so that further actions are not processed.
+match to 192.0.2.44 set ext-community $INTCOMM_PROCESS_PREPEND_COMMS
+
+
+
+
+
+# ---------------------------------------------
+# client AS4_2, inbound
+
+
+
+# NEXT_HOP
+match from 2001:db8:1:1::44 set community NO_ADVERTISE
+match from 2001:db8:1:1::44 nexthop 2001:db8:1:1::44 set community delete NO_ADVERTISE
+# Reject inbound routes when 'from 2001:db8:1:1::44 community NO_ADVERTISE' - reject code: 5
+deny quick from 2001:db8:1:1::44 community NO_ADVERTISE
+
+
+# AS_PATH: left-most ASN
+# Reject inbound routes when 'from 2001:db8:1:1::44 peer-as != 4' - reject code: 6
+deny quick from 2001:db8:1:1::44 peer-as != 4
+
+
+# AS_PATH: invalid ASNs
+# Reject inbound routes when 'from 2001:db8:1:1::44 AS 23456' - reject code: 7
+deny quick from 2001:db8:1:1::44 AS 23456
+
+# Reject inbound routes when 'from 2001:db8:1:1::44 AS 64496 - 131071' - reject code: 7
+deny quick from 2001:db8:1:1::44 AS 64496 - 131071
+
+# Reject inbound routes when 'from 2001:db8:1:1::44 AS 4200000000 - 4294967295' - reject code: 7
+deny quick from 2001:db8:1:1::44 AS 4200000000 - 4294967295
+
+
+
+
+
+
+
+
+
+
+
+
+# Prefix: length
+# Reject inbound routes when 'from 2001:db8:1:1::44 prefix ::/0 prefixlen 12 >< 48' - reject code: 13
+deny quick from 2001:db8:1:1::44 prefix ::/0 prefixlen 12 >< 48
+
+
+
+# Remove internal communities before accepting the route
+match from 2001:db8:1:1::44 set {
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+
+allow quick from 2001:db8:1:1::44
+
+
+
+# ---------------------------------------------
+# client AS4_2, outbound
+
+
+# Blackhole request?
+# No blackhole filtering policy given
+deny quick to 2001:db8:1:1::44 community BLACKHOLE
+
+
+# RPKI-based Origin Validation
+# Do not announce INVALID to clients
+deny quick to 2001:db8:1:1::44 ext-community $INTCOMM_RPKI_INVALID
+
+# NO_EXPORT and NO_ADVERTISE communities
+
+# BGP control communities
+allow to 2001:db8:1:1::44
+
+
+# Add the $INTCOMM_PROCESS_PREPEND_COMMS ext community to signal that communities
+# for prepending can be processed. As soon as one prepending action is performed,
+# this internal community is removed, so that further actions are not processed.
+match to 2001:db8:1:1::44 set ext-community $INTCOMM_PROCESS_PREPEND_COMMS
+
+
+
+
+
+
+
+# Scrub communities from outbound routes
+# rpki_bgp_origin_validation_invalid
+match to group clients set community delete 64512:2
+
+# rpki_bgp_origin_validation_unknown
+match to group clients set community delete 64512:3
+
+# rpki_bgp_origin_validation_valid
+match to group clients set community delete 64512:1
+
+
+# Scrub prepending communities
+
+
+# RFC1997 NO_EXPORT/NO_ADVERTISE received from clients and propagated because of pass-through policy
+match to group clients ext-community $INTCOMM_NO_EXPORT set community NO_EXPORT
+match to group clients ext-community $INTCOMM_NO_ADVERTISE set community NO_ADVERTISE
+
+# Remove internal communities before announcing the route
+match to group clients set {
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
diff --git a/tests/live_tests/scenarios/rpki_rtr_example/configs/RPKIRTRScenario_OpenBGPDIPv4/openbgpd76p.conf b/tests/live_tests/scenarios/rpki_rtr_example/configs/RPKIRTRScenario_OpenBGPDIPv4/openbgpd76p.conf
new file mode 100644
index 00000000..62594272
--- /dev/null
+++ b/tests/live_tests/scenarios/rpki_rtr_example/configs/RPKIRTRScenario_OpenBGPDIPv4/openbgpd76p.conf
@@ -0,0 +1,802 @@
+# built by ARouteServer
+AS 999
+router-id 192.0.2.2
+
+fib-update no
+log updates
+
+nexthop qualify via default
+
+rde evaluate all
+
+INTCOMM_PREF_OK_ROA="soo 65535:1"
+INTCOMM_ROUTE_OK_WL="soo 65535:2"
+INTCOMM_PREF_OK_ARINDB="soo 65535:3"
+INTCOMM_PREF_OK_REGISTROBRDB="soo 65535:12"
+
+INTCOMM_ORIGIN_OK="soo 65535:4"
+INTCOMM_ORIGIN_KO="soo 65535:5"
+INTCOMM_PREFIX_OK="soo 65535:6"
+INTCOMM_PREFIX_KO="soo 65535:7"
+INTCOMM_IRR_REJECT="soo 65535:8"
+
+INTCOMM_RPKI_UNKNOWN="soo 65535:9"
+INTCOMM_RPKI_INVALID="soo 65535:10"
+INTCOMM_RPKI_VALID="soo 65535:11"
+
+INTCOMM_PROCESS_PREPEND_COMMS="soo 65535:13"
+
+INTCOMM_NO_EXPORT="soo 65535:65281"
+INTCOMM_NO_ADVERTISE="soo 65535:65282"
+
+# ---------------------------------------------------------
+# IRRDB
+
+# AS3333, used by client AS3333_1
+# no origin ASNs found for AS3333
+# no prefixes found for AS3333
+
+# AS10745, used by client AS10745_1, client AS10745_2
+# no origin ASNs found for AS10745
+# no prefixes found for AS10745
+
+# AS1, used by client AS1_1
+# no origin ASNs found for AS1
+# no prefixes found for AS1
+
+
+
+
+# ---------------------------------------------------------
+# MEMBERS
+
+group "clients" {
+
+	neighbor 192.0.2.22 {
+		remote-as 10745
+
+		rde evaluate all
+
+		passive
+		ttl-security no
+		transparent-as yes
+		enforce neighbor-as no
+
+		announce as-4byte yes
+		announce IPv6 none
+		announce IPv4 unicast
+
+		set nexthop no-modify
+	}
+
+	neighbor 2001:db8:1:1::22 {
+		remote-as 10745
+
+		rde evaluate all
+
+		passive
+		ttl-security no
+		transparent-as yes
+		enforce neighbor-as no
+
+		announce as-4byte yes
+		announce IPv6 unicast
+		announce IPv4 none
+
+		set nexthop no-modify
+	}
+
+	neighbor 192.0.2.111 {
+		remote-as 1
+
+		rde evaluate all
+
+		passive
+		ttl-security no
+		transparent-as yes
+		enforce neighbor-as no
+
+		announce as-4byte yes
+		announce IPv6 none
+		announce IPv4 unicast
+
+		set nexthop no-modify
+	}
+
+	neighbor 192.0.2.11 {
+		remote-as 3333
+
+		rde evaluate all
+
+		passive
+		ttl-security no
+		transparent-as yes
+		enforce neighbor-as no
+
+		announce as-4byte yes
+		announce IPv6 none
+		announce IPv4 unicast
+
+		set nexthop no-modify
+	}
+}
+
+
+
+# ---------------------------------------------------------
+# FILTERS
+
+# NO_ADVERTISE usage notes.
+# The NO_ADVERTISE well-know community is used here to handle
+# filters that span over multiple steps. At first it is added
+# to any route, then it is removed as filters conditions are
+# satisfied. Finally, if it is still present, it means that
+# the route should be discarded.
+
+
+
+
+
+prefix-set "bogons" {
+    0.0.0.0/0
+    0.0.0.0/8 prefixlen 8 - 32
+    10.0.0.0/8 prefixlen 8 - 32
+    127.0.0.0/8 prefixlen 8 - 32
+    169.254.0.0/16 prefixlen 16 - 32
+    172.16.0.0/12 prefixlen 12 - 32
+    192.0.2.0/24 prefixlen 24 - 32
+    192.88.99.0/24 prefixlen 24 - 32
+    192.168.0.0/16 prefixlen 16 - 32
+    198.18.0.0/15 prefixlen 15 - 32
+    198.51.100.0/24 prefixlen 24 - 32
+    203.0.113.0/24 prefixlen 24 - 32
+    224.0.0.0/3 prefixlen 3 - 32
+    100.64.0.0/10 prefixlen 10 - 32
+    ::/0
+    ::/8 prefixlen 8 - 128
+    64:ff9b::/96 prefixlen 96 - 128
+    100::/8 prefixlen 8 - 128
+    200::/7 prefixlen 7 - 128
+    400::/6 prefixlen 6 - 128
+    800::/5 prefixlen 5 - 128
+    1000::/4 prefixlen 4 - 128
+    2001::/33 prefixlen 33 - 128
+    2001:0:8000::/33 prefixlen 33 - 128
+    2001:2::/48 prefixlen 48 - 128
+    2001:3::/32 prefixlen 32 - 128
+    2001:10::/28 prefixlen 28 - 128
+    2001:20::/28 prefixlen 28 - 128
+    2001:db8::/32 prefixlen 32 - 128
+    2002::/16 prefixlen 16 - 128
+    3ffe::/16 prefixlen 16 - 128
+    4000::/3 prefixlen 3 - 128
+    5f00::/8 prefixlen 8 - 128
+    6000::/3 prefixlen 3 - 128
+    8000::/3 prefixlen 3 - 128
+    a000::/3 prefixlen 3 - 128
+    c000::/3 prefixlen 3 - 128
+    e000::/4 prefixlen 4 - 128
+    f000::/5 prefixlen 5 - 128
+    f800::/6 prefixlen 6 - 128
+    fc00::/7 prefixlen 7 - 128
+    fe80::/10 prefixlen 10 - 128
+    fec0::/10 prefixlen 10 - 128
+    ff00::/8 prefixlen 8 - 128
+
+}
+
+
+# =====================================================================================
+# Global rules.
+
+# This part of configuration is processed at the beginning of the filters.
+# The rules defined in this part are applied to all the clients, and not on a
+# client-by-client basis (see the 'match from group clients'), so only global policies
+# can be implemented here, that is no client-level configuration are allowed.
+
+
+
+# Scrub communities from inbound routes
+
+# Scrub internal communities from inbound routes
+match from group clients set {
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+# The main goal of this block is to enrich routes received from clients by attaching to them
+# internal informational communities which are used later by the rest of the filter rules.
+
+# Internal communities used for RFC1997 well-known communities handling
+
+# Transform NO_EXPORT into $INTCOMM_NO_EXPORT
+match from group clients community NO_EXPORT set { ext-community $INTCOMM_NO_EXPORT community delete NO_EXPORT }
+
+# Transform NO_ADVERTISE into $INTCOMM_NO_ADVERTISE
+match from group clients community NO_ADVERTISE set { ext-community $INTCOMM_NO_ADVERTISE community delete NO_ADVERTISE }
+
+
+# ---------------------------------------------------------
+# ROAs source
+
+
+include "/etc/bgpd/rpki_rtr_config.local"
+
+
+
+# ---------------------------------------------------------
+# RPKI-based Origin Validation
+
+
+# Add $INTCOMM_RPKI_UNKNOWN, $INTCOMM_RPKI_INVALID and $INTCOMM_RPKI_VALID
+# ext community on the basis of ovs.
+match from group clients ovs not-found set {
+    ext-community $INTCOMM_RPKI_UNKNOWN
+    ext-community ovs not-found
+    
+}
+match from group clients ovs valid set {
+    ext-community $INTCOMM_RPKI_VALID
+    ext-community ovs valid
+    
+}
+match from group clients ovs invalid set {
+    ext-community $INTCOMM_RPKI_INVALID
+    ext-community ovs invalid
+    
+}
+
+
+
+
+
+
+
+
+
+
+
+# AS_PATH: length
+# Reject inbound routes when 'from group clients max-as-len 32' - reject code: 1
+deny quick from group clients max-as-len 32
+
+
+
+# Prefix: only IPv6 Global Unicast space allowed
+match from group clients inet6 set community NO_ADVERTISE
+match from group clients prefix 2000::/3 or-longer set community delete NO_ADVERTISE
+# Reject inbound routes when 'from group clients community NO_ADVERTISE' - reject code: 10
+deny quick from group clients community NO_ADVERTISE
+
+
+# Prefix: bogon
+# Reject inbound routes when 'from group clients prefix-set bogons' - reject code: 2
+deny quick from group clients prefix-set bogons
+
+
+
+
+# =====================================================================================
+# Per client rules.
+
+
+# ---------------------------------------------
+# client AS10745_1, inbound
+
+
+
+# NEXT_HOP
+match from 192.0.2.22 set community NO_ADVERTISE
+match from 192.0.2.22 nexthop 192.0.2.22 set community delete NO_ADVERTISE
+# Reject inbound routes when 'from 192.0.2.22 community NO_ADVERTISE' - reject code: 5
+deny quick from 192.0.2.22 community NO_ADVERTISE
+
+
+# AS_PATH: left-most ASN
+# Reject inbound routes when 'from 192.0.2.22 peer-as != 10745' - reject code: 6
+deny quick from 192.0.2.22 peer-as != 10745
+
+
+# AS_PATH: invalid ASNs
+# Reject inbound routes when 'from 192.0.2.22 AS 23456' - reject code: 7
+deny quick from 192.0.2.22 AS 23456
+
+# Reject inbound routes when 'from 192.0.2.22 AS 64496 - 131071' - reject code: 7
+deny quick from 192.0.2.22 AS 64496 - 131071
+
+# Reject inbound routes when 'from 192.0.2.22 AS 4200000000 - 4294967295' - reject code: 7
+deny quick from 192.0.2.22 AS 4200000000 - 4294967295
+
+
+
+
+
+match from 192.0.2.22 set ext-community $INTCOMM_IRR_REJECT
+
+# AS_PATH: check origin via AS-SET
+# IRRDB filters for AS10745_1, AS10745: asns
+# add $INTCOMM_ORIGIN_KO to any; it will be removed later if at least one AS-SET authorizes this object
+match from 192.0.2.22 set ext-community $INTCOMM_ORIGIN_KO
+# verifying if object is authorized by AS-SETs
+# AS-SET AS10745 referenced but empty.
+
+
+# Prefix: check prefix via AS-SET
+# IRRDB filters for AS10745_1, AS10745: prefixes
+# add $INTCOMM_PREFIX_KO to any; it will be removed later if at least one AS-SET authorizes this object
+match from 192.0.2.22 set ext-community $INTCOMM_PREFIX_KO
+# verifying if object is authorized by AS-SETs
+# AS-SET AS10745 referenced but empty.
+
+
+
+
+
+
+
+
+# RPKI-based Origin Validation
+# Reject inbound routes when 'from 192.0.2.22 ext-community $INTCOMM_RPKI_INVALID' - reject code: 14
+deny quick from 192.0.2.22 ext-community $INTCOMM_RPKI_INVALID
+
+
+# Prefix: length
+# Reject inbound routes when 'from 192.0.2.22 prefix 0.0.0.0/0 prefixlen 8 >< 24' - reject code: 13
+deny quick from 192.0.2.22 prefix 0.0.0.0/0 prefixlen 8 >< 24
+
+
+
+# Remove internal communities before accepting the route
+match from 192.0.2.22 set {
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+
+allow quick from 192.0.2.22
+
+
+
+# ---------------------------------------------
+# client AS10745_1, outbound
+
+
+# Blackhole request?
+# No blackhole filtering policy given
+deny quick to 192.0.2.22 community BLACKHOLE
+
+
+# RPKI-based Origin Validation
+# Do not announce INVALID to clients
+deny quick to 192.0.2.22 ext-community $INTCOMM_RPKI_INVALID
+
+# NO_EXPORT and NO_ADVERTISE communities
+
+# BGP control communities
+allow to 192.0.2.22
+
+
+# Add the $INTCOMM_PROCESS_PREPEND_COMMS ext community to signal that communities
+# for prepending can be processed. As soon as one prepending action is performed,
+# this internal community is removed, so that further actions are not processed.
+match to 192.0.2.22 set ext-community $INTCOMM_PROCESS_PREPEND_COMMS
+
+
+
+
+
+# ---------------------------------------------
+# client AS10745_2, inbound
+
+
+
+# NEXT_HOP
+match from 2001:db8:1:1::22 set community NO_ADVERTISE
+match from 2001:db8:1:1::22 nexthop 2001:db8:1:1::22 set community delete NO_ADVERTISE
+# Reject inbound routes when 'from 2001:db8:1:1::22 community NO_ADVERTISE' - reject code: 5
+deny quick from 2001:db8:1:1::22 community NO_ADVERTISE
+
+
+# AS_PATH: left-most ASN
+# Reject inbound routes when 'from 2001:db8:1:1::22 peer-as != 10745' - reject code: 6
+deny quick from 2001:db8:1:1::22 peer-as != 10745
+
+
+# AS_PATH: invalid ASNs
+# Reject inbound routes when 'from 2001:db8:1:1::22 AS 23456' - reject code: 7
+deny quick from 2001:db8:1:1::22 AS 23456
+
+# Reject inbound routes when 'from 2001:db8:1:1::22 AS 64496 - 131071' - reject code: 7
+deny quick from 2001:db8:1:1::22 AS 64496 - 131071
+
+# Reject inbound routes when 'from 2001:db8:1:1::22 AS 4200000000 - 4294967295' - reject code: 7
+deny quick from 2001:db8:1:1::22 AS 4200000000 - 4294967295
+
+
+
+
+
+match from 2001:db8:1:1::22 set ext-community $INTCOMM_IRR_REJECT
+
+# AS_PATH: check origin via AS-SET
+# IRRDB filters for AS10745_2, AS10745: asns
+# add $INTCOMM_ORIGIN_KO to any; it will be removed later if at least one AS-SET authorizes this object
+match from 2001:db8:1:1::22 set ext-community $INTCOMM_ORIGIN_KO
+# verifying if object is authorized by AS-SETs
+# AS-SET AS10745 referenced but empty.
+
+
+# Prefix: check prefix via AS-SET
+# IRRDB filters for AS10745_2, AS10745: prefixes
+# add $INTCOMM_PREFIX_KO to any; it will be removed later if at least one AS-SET authorizes this object
+match from 2001:db8:1:1::22 set ext-community $INTCOMM_PREFIX_KO
+# verifying if object is authorized by AS-SETs
+# AS-SET AS10745 referenced but empty.
+
+
+
+
+
+
+
+
+# RPKI-based Origin Validation
+# Reject inbound routes when 'from 2001:db8:1:1::22 ext-community $INTCOMM_RPKI_INVALID' - reject code: 14
+deny quick from 2001:db8:1:1::22 ext-community $INTCOMM_RPKI_INVALID
+
+
+# Prefix: length
+# Reject inbound routes when 'from 2001:db8:1:1::22 prefix ::/0 prefixlen 12 >< 48' - reject code: 13
+deny quick from 2001:db8:1:1::22 prefix ::/0 prefixlen 12 >< 48
+
+
+
+# Remove internal communities before accepting the route
+match from 2001:db8:1:1::22 set {
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+
+allow quick from 2001:db8:1:1::22
+
+
+
+# ---------------------------------------------
+# client AS10745_2, outbound
+
+
+# Blackhole request?
+# No blackhole filtering policy given
+deny quick to 2001:db8:1:1::22 community BLACKHOLE
+
+
+# RPKI-based Origin Validation
+# Do not announce INVALID to clients
+deny quick to 2001:db8:1:1::22 ext-community $INTCOMM_RPKI_INVALID
+
+# NO_EXPORT and NO_ADVERTISE communities
+
+# BGP control communities
+allow to 2001:db8:1:1::22
+
+
+# Add the $INTCOMM_PROCESS_PREPEND_COMMS ext community to signal that communities
+# for prepending can be processed. As soon as one prepending action is performed,
+# this internal community is removed, so that further actions are not processed.
+match to 2001:db8:1:1::22 set ext-community $INTCOMM_PROCESS_PREPEND_COMMS
+
+
+
+
+
+# ---------------------------------------------
+# client AS1_1, inbound
+
+
+
+# NEXT_HOP
+match from 192.0.2.111 set community NO_ADVERTISE
+match from 192.0.2.111 nexthop 192.0.2.111 set community delete NO_ADVERTISE
+# Reject inbound routes when 'from 192.0.2.111 community NO_ADVERTISE' - reject code: 5
+deny quick from 192.0.2.111 community NO_ADVERTISE
+
+
+# AS_PATH: left-most ASN
+# Reject inbound routes when 'from 192.0.2.111 peer-as != 1' - reject code: 6
+deny quick from 192.0.2.111 peer-as != 1
+
+
+# AS_PATH: invalid ASNs
+# Reject inbound routes when 'from 192.0.2.111 AS 23456' - reject code: 7
+deny quick from 192.0.2.111 AS 23456
+
+# Reject inbound routes when 'from 192.0.2.111 AS 64496 - 131071' - reject code: 7
+deny quick from 192.0.2.111 AS 64496 - 131071
+
+# Reject inbound routes when 'from 192.0.2.111 AS 4200000000 - 4294967295' - reject code: 7
+deny quick from 192.0.2.111 AS 4200000000 - 4294967295
+
+
+
+
+
+match from 192.0.2.111 set ext-community $INTCOMM_IRR_REJECT
+
+# AS_PATH: check origin via AS-SET
+# IRRDB filters for AS1_1, AS1: asns
+# add $INTCOMM_ORIGIN_KO to any; it will be removed later if at least one AS-SET authorizes this object
+match from 192.0.2.111 set ext-community $INTCOMM_ORIGIN_KO
+# verifying if object is authorized by AS-SETs
+# AS-SET AS1 referenced but empty.
+
+
+# Prefix: check prefix via AS-SET
+# IRRDB filters for AS1_1, AS1: prefixes
+# add $INTCOMM_PREFIX_KO to any; it will be removed later if at least one AS-SET authorizes this object
+match from 192.0.2.111 set ext-community $INTCOMM_PREFIX_KO
+# verifying if object is authorized by AS-SETs
+# AS-SET AS1 referenced but empty.
+
+
+
+
+
+
+
+
+# RPKI-based Origin Validation
+# Reject inbound routes when 'from 192.0.2.111 ext-community $INTCOMM_RPKI_INVALID' - reject code: 14
+deny quick from 192.0.2.111 ext-community $INTCOMM_RPKI_INVALID
+
+
+# Prefix: length
+# Reject inbound routes when 'from 192.0.2.111 prefix 0.0.0.0/0 prefixlen 8 >< 24' - reject code: 13
+deny quick from 192.0.2.111 prefix 0.0.0.0/0 prefixlen 8 >< 24
+
+
+
+# Remove internal communities before accepting the route
+match from 192.0.2.111 set {
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+
+allow quick from 192.0.2.111
+
+
+
+# ---------------------------------------------
+# client AS1_1, outbound
+
+
+# Blackhole request?
+# No blackhole filtering policy given
+deny quick to 192.0.2.111 community BLACKHOLE
+
+
+# RPKI-based Origin Validation
+# Do not announce INVALID to clients
+deny quick to 192.0.2.111 ext-community $INTCOMM_RPKI_INVALID
+
+# NO_EXPORT and NO_ADVERTISE communities
+
+# BGP control communities
+allow to 192.0.2.111
+
+
+# Add the $INTCOMM_PROCESS_PREPEND_COMMS ext community to signal that communities
+# for prepending can be processed. As soon as one prepending action is performed,
+# this internal community is removed, so that further actions are not processed.
+match to 192.0.2.111 set ext-community $INTCOMM_PROCESS_PREPEND_COMMS
+
+
+
+
+
+# ---------------------------------------------
+# client AS3333_1, inbound
+
+
+
+# NEXT_HOP
+match from 192.0.2.11 set community NO_ADVERTISE
+match from 192.0.2.11 nexthop 192.0.2.11 set community delete NO_ADVERTISE
+# Reject inbound routes when 'from 192.0.2.11 community NO_ADVERTISE' - reject code: 5
+deny quick from 192.0.2.11 community NO_ADVERTISE
+
+
+# AS_PATH: left-most ASN
+# Reject inbound routes when 'from 192.0.2.11 peer-as != 3333' - reject code: 6
+deny quick from 192.0.2.11 peer-as != 3333
+
+
+# AS_PATH: invalid ASNs
+# Reject inbound routes when 'from 192.0.2.11 AS 23456' - reject code: 7
+deny quick from 192.0.2.11 AS 23456
+
+# Reject inbound routes when 'from 192.0.2.11 AS 64496 - 131071' - reject code: 7
+deny quick from 192.0.2.11 AS 64496 - 131071
+
+# Reject inbound routes when 'from 192.0.2.11 AS 4200000000 - 4294967295' - reject code: 7
+deny quick from 192.0.2.11 AS 4200000000 - 4294967295
+
+
+
+
+
+match from 192.0.2.11 set ext-community $INTCOMM_IRR_REJECT
+
+# AS_PATH: check origin via AS-SET
+# IRRDB filters for AS3333_1, AS3333: asns
+# add $INTCOMM_ORIGIN_KO to any; it will be removed later if at least one AS-SET authorizes this object
+match from 192.0.2.11 set ext-community $INTCOMM_ORIGIN_KO
+# verifying if object is authorized by AS-SETs
+# AS-SET AS3333 referenced but empty.
+
+
+# Prefix: check prefix via AS-SET
+# IRRDB filters for AS3333_1, AS3333: prefixes
+# add $INTCOMM_PREFIX_KO to any; it will be removed later if at least one AS-SET authorizes this object
+match from 192.0.2.11 set ext-community $INTCOMM_PREFIX_KO
+# verifying if object is authorized by AS-SETs
+# AS-SET AS3333 referenced but empty.
+
+
+
+
+
+
+
+
+# RPKI-based Origin Validation
+# Reject inbound routes when 'from 192.0.2.11 ext-community $INTCOMM_RPKI_INVALID' - reject code: 14
+deny quick from 192.0.2.11 ext-community $INTCOMM_RPKI_INVALID
+
+
+# Prefix: length
+# Reject inbound routes when 'from 192.0.2.11 prefix 0.0.0.0/0 prefixlen 8 >< 24' - reject code: 13
+deny quick from 192.0.2.11 prefix 0.0.0.0/0 prefixlen 8 >< 24
+
+
+
+# Remove internal communities before accepting the route
+match from 192.0.2.11 set {
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+
+allow quick from 192.0.2.11
+
+
+
+# ---------------------------------------------
+# client AS3333_1, outbound
+
+
+# Blackhole request?
+# No blackhole filtering policy given
+deny quick to 192.0.2.11 community BLACKHOLE
+
+
+# RPKI-based Origin Validation
+# Do not announce INVALID to clients
+deny quick to 192.0.2.11 ext-community $INTCOMM_RPKI_INVALID
+
+# NO_EXPORT and NO_ADVERTISE communities
+
+# BGP control communities
+allow to 192.0.2.11
+
+
+# Add the $INTCOMM_PROCESS_PREPEND_COMMS ext community to signal that communities
+# for prepending can be processed. As soon as one prepending action is performed,
+# this internal community is removed, so that further actions are not processed.
+match to 192.0.2.11 set ext-community $INTCOMM_PROCESS_PREPEND_COMMS
+
+
+
+
+
+
+
+# Scrub communities from outbound routes
+
+# Scrub prepending communities
+
+
+# RFC1997 NO_EXPORT/NO_ADVERTISE received from clients and propagated because of pass-through policy
+match to group clients ext-community $INTCOMM_NO_EXPORT set community NO_EXPORT
+match to group clients ext-community $INTCOMM_NO_ADVERTISE set community NO_ADVERTISE
+
+# Remove internal communities before announcing the route
+match to group clients set {
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
diff --git a/tests/live_tests/scenarios/rpki_rtr_example/configs/RPKIRTRScenario_OpenBGPDIPv4/openbgpd77p.conf b/tests/live_tests/scenarios/rpki_rtr_example/configs/RPKIRTRScenario_OpenBGPDIPv4/openbgpd77p.conf
new file mode 100644
index 00000000..62594272
--- /dev/null
+++ b/tests/live_tests/scenarios/rpki_rtr_example/configs/RPKIRTRScenario_OpenBGPDIPv4/openbgpd77p.conf
@@ -0,0 +1,802 @@
+# built by ARouteServer
+AS 999
+router-id 192.0.2.2
+
+fib-update no
+log updates
+
+nexthop qualify via default
+
+rde evaluate all
+
+INTCOMM_PREF_OK_ROA="soo 65535:1"
+INTCOMM_ROUTE_OK_WL="soo 65535:2"
+INTCOMM_PREF_OK_ARINDB="soo 65535:3"
+INTCOMM_PREF_OK_REGISTROBRDB="soo 65535:12"
+
+INTCOMM_ORIGIN_OK="soo 65535:4"
+INTCOMM_ORIGIN_KO="soo 65535:5"
+INTCOMM_PREFIX_OK="soo 65535:6"
+INTCOMM_PREFIX_KO="soo 65535:7"
+INTCOMM_IRR_REJECT="soo 65535:8"
+
+INTCOMM_RPKI_UNKNOWN="soo 65535:9"
+INTCOMM_RPKI_INVALID="soo 65535:10"
+INTCOMM_RPKI_VALID="soo 65535:11"
+
+INTCOMM_PROCESS_PREPEND_COMMS="soo 65535:13"
+
+INTCOMM_NO_EXPORT="soo 65535:65281"
+INTCOMM_NO_ADVERTISE="soo 65535:65282"
+
+# ---------------------------------------------------------
+# IRRDB
+
+# AS3333, used by client AS3333_1
+# no origin ASNs found for AS3333
+# no prefixes found for AS3333
+
+# AS10745, used by client AS10745_1, client AS10745_2
+# no origin ASNs found for AS10745
+# no prefixes found for AS10745
+
+# AS1, used by client AS1_1
+# no origin ASNs found for AS1
+# no prefixes found for AS1
+
+
+
+
+# ---------------------------------------------------------
+# MEMBERS
+
+group "clients" {
+
+	neighbor 192.0.2.22 {
+		remote-as 10745
+
+		rde evaluate all
+
+		passive
+		ttl-security no
+		transparent-as yes
+		enforce neighbor-as no
+
+		announce as-4byte yes
+		announce IPv6 none
+		announce IPv4 unicast
+
+		set nexthop no-modify
+	}
+
+	neighbor 2001:db8:1:1::22 {
+		remote-as 10745
+
+		rde evaluate all
+
+		passive
+		ttl-security no
+		transparent-as yes
+		enforce neighbor-as no
+
+		announce as-4byte yes
+		announce IPv6 unicast
+		announce IPv4 none
+
+		set nexthop no-modify
+	}
+
+	neighbor 192.0.2.111 {
+		remote-as 1
+
+		rde evaluate all
+
+		passive
+		ttl-security no
+		transparent-as yes
+		enforce neighbor-as no
+
+		announce as-4byte yes
+		announce IPv6 none
+		announce IPv4 unicast
+
+		set nexthop no-modify
+	}
+
+	neighbor 192.0.2.11 {
+		remote-as 3333
+
+		rde evaluate all
+
+		passive
+		ttl-security no
+		transparent-as yes
+		enforce neighbor-as no
+
+		announce as-4byte yes
+		announce IPv6 none
+		announce IPv4 unicast
+
+		set nexthop no-modify
+	}
+}
+
+
+
+# ---------------------------------------------------------
+# FILTERS
+
+# NO_ADVERTISE usage notes.
+# The NO_ADVERTISE well-know community is used here to handle
+# filters that span over multiple steps. At first it is added
+# to any route, then it is removed as filters conditions are
+# satisfied. Finally, if it is still present, it means that
+# the route should be discarded.
+
+
+
+
+
+prefix-set "bogons" {
+    0.0.0.0/0
+    0.0.0.0/8 prefixlen 8 - 32
+    10.0.0.0/8 prefixlen 8 - 32
+    127.0.0.0/8 prefixlen 8 - 32
+    169.254.0.0/16 prefixlen 16 - 32
+    172.16.0.0/12 prefixlen 12 - 32
+    192.0.2.0/24 prefixlen 24 - 32
+    192.88.99.0/24 prefixlen 24 - 32
+    192.168.0.0/16 prefixlen 16 - 32
+    198.18.0.0/15 prefixlen 15 - 32
+    198.51.100.0/24 prefixlen 24 - 32
+    203.0.113.0/24 prefixlen 24 - 32
+    224.0.0.0/3 prefixlen 3 - 32
+    100.64.0.0/10 prefixlen 10 - 32
+    ::/0
+    ::/8 prefixlen 8 - 128
+    64:ff9b::/96 prefixlen 96 - 128
+    100::/8 prefixlen 8 - 128
+    200::/7 prefixlen 7 - 128
+    400::/6 prefixlen 6 - 128
+    800::/5 prefixlen 5 - 128
+    1000::/4 prefixlen 4 - 128
+    2001::/33 prefixlen 33 - 128
+    2001:0:8000::/33 prefixlen 33 - 128
+    2001:2::/48 prefixlen 48 - 128
+    2001:3::/32 prefixlen 32 - 128
+    2001:10::/28 prefixlen 28 - 128
+    2001:20::/28 prefixlen 28 - 128
+    2001:db8::/32 prefixlen 32 - 128
+    2002::/16 prefixlen 16 - 128
+    3ffe::/16 prefixlen 16 - 128
+    4000::/3 prefixlen 3 - 128
+    5f00::/8 prefixlen 8 - 128
+    6000::/3 prefixlen 3 - 128
+    8000::/3 prefixlen 3 - 128
+    a000::/3 prefixlen 3 - 128
+    c000::/3 prefixlen 3 - 128
+    e000::/4 prefixlen 4 - 128
+    f000::/5 prefixlen 5 - 128
+    f800::/6 prefixlen 6 - 128
+    fc00::/7 prefixlen 7 - 128
+    fe80::/10 prefixlen 10 - 128
+    fec0::/10 prefixlen 10 - 128
+    ff00::/8 prefixlen 8 - 128
+
+}
+
+
+# =====================================================================================
+# Global rules.
+
+# This part of configuration is processed at the beginning of the filters.
+# The rules defined in this part are applied to all the clients, and not on a
+# client-by-client basis (see the 'match from group clients'), so only global policies
+# can be implemented here, that is no client-level configuration are allowed.
+
+
+
+# Scrub communities from inbound routes
+
+# Scrub internal communities from inbound routes
+match from group clients set {
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+# The main goal of this block is to enrich routes received from clients by attaching to them
+# internal informational communities which are used later by the rest of the filter rules.
+
+# Internal communities used for RFC1997 well-known communities handling
+
+# Transform NO_EXPORT into $INTCOMM_NO_EXPORT
+match from group clients community NO_EXPORT set { ext-community $INTCOMM_NO_EXPORT community delete NO_EXPORT }
+
+# Transform NO_ADVERTISE into $INTCOMM_NO_ADVERTISE
+match from group clients community NO_ADVERTISE set { ext-community $INTCOMM_NO_ADVERTISE community delete NO_ADVERTISE }
+
+
+# ---------------------------------------------------------
+# ROAs source
+
+
+include "/etc/bgpd/rpki_rtr_config.local"
+
+
+
+# ---------------------------------------------------------
+# RPKI-based Origin Validation
+
+
+# Add $INTCOMM_RPKI_UNKNOWN, $INTCOMM_RPKI_INVALID and $INTCOMM_RPKI_VALID
+# ext community on the basis of ovs.
+match from group clients ovs not-found set {
+    ext-community $INTCOMM_RPKI_UNKNOWN
+    ext-community ovs not-found
+    
+}
+match from group clients ovs valid set {
+    ext-community $INTCOMM_RPKI_VALID
+    ext-community ovs valid
+    
+}
+match from group clients ovs invalid set {
+    ext-community $INTCOMM_RPKI_INVALID
+    ext-community ovs invalid
+    
+}
+
+
+
+
+
+
+
+
+
+
+
+# AS_PATH: length
+# Reject inbound routes when 'from group clients max-as-len 32' - reject code: 1
+deny quick from group clients max-as-len 32
+
+
+
+# Prefix: only IPv6 Global Unicast space allowed
+match from group clients inet6 set community NO_ADVERTISE
+match from group clients prefix 2000::/3 or-longer set community delete NO_ADVERTISE
+# Reject inbound routes when 'from group clients community NO_ADVERTISE' - reject code: 10
+deny quick from group clients community NO_ADVERTISE
+
+
+# Prefix: bogon
+# Reject inbound routes when 'from group clients prefix-set bogons' - reject code: 2
+deny quick from group clients prefix-set bogons
+
+
+
+
+# =====================================================================================
+# Per client rules.
+
+
+# ---------------------------------------------
+# client AS10745_1, inbound
+
+
+
+# NEXT_HOP
+match from 192.0.2.22 set community NO_ADVERTISE
+match from 192.0.2.22 nexthop 192.0.2.22 set community delete NO_ADVERTISE
+# Reject inbound routes when 'from 192.0.2.22 community NO_ADVERTISE' - reject code: 5
+deny quick from 192.0.2.22 community NO_ADVERTISE
+
+
+# AS_PATH: left-most ASN
+# Reject inbound routes when 'from 192.0.2.22 peer-as != 10745' - reject code: 6
+deny quick from 192.0.2.22 peer-as != 10745
+
+
+# AS_PATH: invalid ASNs
+# Reject inbound routes when 'from 192.0.2.22 AS 23456' - reject code: 7
+deny quick from 192.0.2.22 AS 23456
+
+# Reject inbound routes when 'from 192.0.2.22 AS 64496 - 131071' - reject code: 7
+deny quick from 192.0.2.22 AS 64496 - 131071
+
+# Reject inbound routes when 'from 192.0.2.22 AS 4200000000 - 4294967295' - reject code: 7
+deny quick from 192.0.2.22 AS 4200000000 - 4294967295
+
+
+
+
+
+match from 192.0.2.22 set ext-community $INTCOMM_IRR_REJECT
+
+# AS_PATH: check origin via AS-SET
+# IRRDB filters for AS10745_1, AS10745: asns
+# add $INTCOMM_ORIGIN_KO to any; it will be removed later if at least one AS-SET authorizes this object
+match from 192.0.2.22 set ext-community $INTCOMM_ORIGIN_KO
+# verifying if object is authorized by AS-SETs
+# AS-SET AS10745 referenced but empty.
+
+
+# Prefix: check prefix via AS-SET
+# IRRDB filters for AS10745_1, AS10745: prefixes
+# add $INTCOMM_PREFIX_KO to any; it will be removed later if at least one AS-SET authorizes this object
+match from 192.0.2.22 set ext-community $INTCOMM_PREFIX_KO
+# verifying if object is authorized by AS-SETs
+# AS-SET AS10745 referenced but empty.
+
+
+
+
+
+
+
+
+# RPKI-based Origin Validation
+# Reject inbound routes when 'from 192.0.2.22 ext-community $INTCOMM_RPKI_INVALID' - reject code: 14
+deny quick from 192.0.2.22 ext-community $INTCOMM_RPKI_INVALID
+
+
+# Prefix: length
+# Reject inbound routes when 'from 192.0.2.22 prefix 0.0.0.0/0 prefixlen 8 >< 24' - reject code: 13
+deny quick from 192.0.2.22 prefix 0.0.0.0/0 prefixlen 8 >< 24
+
+
+
+# Remove internal communities before accepting the route
+match from 192.0.2.22 set {
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+
+allow quick from 192.0.2.22
+
+
+
+# ---------------------------------------------
+# client AS10745_1, outbound
+
+
+# Blackhole request?
+# No blackhole filtering policy given
+deny quick to 192.0.2.22 community BLACKHOLE
+
+
+# RPKI-based Origin Validation
+# Do not announce INVALID to clients
+deny quick to 192.0.2.22 ext-community $INTCOMM_RPKI_INVALID
+
+# NO_EXPORT and NO_ADVERTISE communities
+
+# BGP control communities
+allow to 192.0.2.22
+
+
+# Add the $INTCOMM_PROCESS_PREPEND_COMMS ext community to signal that communities
+# for prepending can be processed. As soon as one prepending action is performed,
+# this internal community is removed, so that further actions are not processed.
+match to 192.0.2.22 set ext-community $INTCOMM_PROCESS_PREPEND_COMMS
+
+
+
+
+
+# ---------------------------------------------
+# client AS10745_2, inbound
+
+
+
+# NEXT_HOP
+match from 2001:db8:1:1::22 set community NO_ADVERTISE
+match from 2001:db8:1:1::22 nexthop 2001:db8:1:1::22 set community delete NO_ADVERTISE
+# Reject inbound routes when 'from 2001:db8:1:1::22 community NO_ADVERTISE' - reject code: 5
+deny quick from 2001:db8:1:1::22 community NO_ADVERTISE
+
+
+# AS_PATH: left-most ASN
+# Reject inbound routes when 'from 2001:db8:1:1::22 peer-as != 10745' - reject code: 6
+deny quick from 2001:db8:1:1::22 peer-as != 10745
+
+
+# AS_PATH: invalid ASNs
+# Reject inbound routes when 'from 2001:db8:1:1::22 AS 23456' - reject code: 7
+deny quick from 2001:db8:1:1::22 AS 23456
+
+# Reject inbound routes when 'from 2001:db8:1:1::22 AS 64496 - 131071' - reject code: 7
+deny quick from 2001:db8:1:1::22 AS 64496 - 131071
+
+# Reject inbound routes when 'from 2001:db8:1:1::22 AS 4200000000 - 4294967295' - reject code: 7
+deny quick from 2001:db8:1:1::22 AS 4200000000 - 4294967295
+
+
+
+
+
+match from 2001:db8:1:1::22 set ext-community $INTCOMM_IRR_REJECT
+
+# AS_PATH: check origin via AS-SET
+# IRRDB filters for AS10745_2, AS10745: asns
+# add $INTCOMM_ORIGIN_KO to any; it will be removed later if at least one AS-SET authorizes this object
+match from 2001:db8:1:1::22 set ext-community $INTCOMM_ORIGIN_KO
+# verifying if object is authorized by AS-SETs
+# AS-SET AS10745 referenced but empty.
+
+
+# Prefix: check prefix via AS-SET
+# IRRDB filters for AS10745_2, AS10745: prefixes
+# add $INTCOMM_PREFIX_KO to any; it will be removed later if at least one AS-SET authorizes this object
+match from 2001:db8:1:1::22 set ext-community $INTCOMM_PREFIX_KO
+# verifying if object is authorized by AS-SETs
+# AS-SET AS10745 referenced but empty.
+
+
+
+
+
+
+
+
+# RPKI-based Origin Validation
+# Reject inbound routes when 'from 2001:db8:1:1::22 ext-community $INTCOMM_RPKI_INVALID' - reject code: 14
+deny quick from 2001:db8:1:1::22 ext-community $INTCOMM_RPKI_INVALID
+
+
+# Prefix: length
+# Reject inbound routes when 'from 2001:db8:1:1::22 prefix ::/0 prefixlen 12 >< 48' - reject code: 13
+deny quick from 2001:db8:1:1::22 prefix ::/0 prefixlen 12 >< 48
+
+
+
+# Remove internal communities before accepting the route
+match from 2001:db8:1:1::22 set {
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+
+allow quick from 2001:db8:1:1::22
+
+
+
+# ---------------------------------------------
+# client AS10745_2, outbound
+
+
+# Blackhole request?
+# No blackhole filtering policy given
+deny quick to 2001:db8:1:1::22 community BLACKHOLE
+
+
+# RPKI-based Origin Validation
+# Do not announce INVALID to clients
+deny quick to 2001:db8:1:1::22 ext-community $INTCOMM_RPKI_INVALID
+
+# NO_EXPORT and NO_ADVERTISE communities
+
+# BGP control communities
+allow to 2001:db8:1:1::22
+
+
+# Add the $INTCOMM_PROCESS_PREPEND_COMMS ext community to signal that communities
+# for prepending can be processed. As soon as one prepending action is performed,
+# this internal community is removed, so that further actions are not processed.
+match to 2001:db8:1:1::22 set ext-community $INTCOMM_PROCESS_PREPEND_COMMS
+
+
+
+
+
+# ---------------------------------------------
+# client AS1_1, inbound
+
+
+
+# NEXT_HOP
+match from 192.0.2.111 set community NO_ADVERTISE
+match from 192.0.2.111 nexthop 192.0.2.111 set community delete NO_ADVERTISE
+# Reject inbound routes when 'from 192.0.2.111 community NO_ADVERTISE' - reject code: 5
+deny quick from 192.0.2.111 community NO_ADVERTISE
+
+
+# AS_PATH: left-most ASN
+# Reject inbound routes when 'from 192.0.2.111 peer-as != 1' - reject code: 6
+deny quick from 192.0.2.111 peer-as != 1
+
+
+# AS_PATH: invalid ASNs
+# Reject inbound routes when 'from 192.0.2.111 AS 23456' - reject code: 7
+deny quick from 192.0.2.111 AS 23456
+
+# Reject inbound routes when 'from 192.0.2.111 AS 64496 - 131071' - reject code: 7
+deny quick from 192.0.2.111 AS 64496 - 131071
+
+# Reject inbound routes when 'from 192.0.2.111 AS 4200000000 - 4294967295' - reject code: 7
+deny quick from 192.0.2.111 AS 4200000000 - 4294967295
+
+
+
+
+
+match from 192.0.2.111 set ext-community $INTCOMM_IRR_REJECT
+
+# AS_PATH: check origin via AS-SET
+# IRRDB filters for AS1_1, AS1: asns
+# add $INTCOMM_ORIGIN_KO to any; it will be removed later if at least one AS-SET authorizes this object
+match from 192.0.2.111 set ext-community $INTCOMM_ORIGIN_KO
+# verifying if object is authorized by AS-SETs
+# AS-SET AS1 referenced but empty.
+
+
+# Prefix: check prefix via AS-SET
+# IRRDB filters for AS1_1, AS1: prefixes
+# add $INTCOMM_PREFIX_KO to any; it will be removed later if at least one AS-SET authorizes this object
+match from 192.0.2.111 set ext-community $INTCOMM_PREFIX_KO
+# verifying if object is authorized by AS-SETs
+# AS-SET AS1 referenced but empty.
+
+
+
+
+
+
+
+
+# RPKI-based Origin Validation
+# Reject inbound routes when 'from 192.0.2.111 ext-community $INTCOMM_RPKI_INVALID' - reject code: 14
+deny quick from 192.0.2.111 ext-community $INTCOMM_RPKI_INVALID
+
+
+# Prefix: length
+# Reject inbound routes when 'from 192.0.2.111 prefix 0.0.0.0/0 prefixlen 8 >< 24' - reject code: 13
+deny quick from 192.0.2.111 prefix 0.0.0.0/0 prefixlen 8 >< 24
+
+
+
+# Remove internal communities before accepting the route
+match from 192.0.2.111 set {
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+
+allow quick from 192.0.2.111
+
+
+
+# ---------------------------------------------
+# client AS1_1, outbound
+
+
+# Blackhole request?
+# No blackhole filtering policy given
+deny quick to 192.0.2.111 community BLACKHOLE
+
+
+# RPKI-based Origin Validation
+# Do not announce INVALID to clients
+deny quick to 192.0.2.111 ext-community $INTCOMM_RPKI_INVALID
+
+# NO_EXPORT and NO_ADVERTISE communities
+
+# BGP control communities
+allow to 192.0.2.111
+
+
+# Add the $INTCOMM_PROCESS_PREPEND_COMMS ext community to signal that communities
+# for prepending can be processed. As soon as one prepending action is performed,
+# this internal community is removed, so that further actions are not processed.
+match to 192.0.2.111 set ext-community $INTCOMM_PROCESS_PREPEND_COMMS
+
+
+
+
+
+# ---------------------------------------------
+# client AS3333_1, inbound
+
+
+
+# NEXT_HOP
+match from 192.0.2.11 set community NO_ADVERTISE
+match from 192.0.2.11 nexthop 192.0.2.11 set community delete NO_ADVERTISE
+# Reject inbound routes when 'from 192.0.2.11 community NO_ADVERTISE' - reject code: 5
+deny quick from 192.0.2.11 community NO_ADVERTISE
+
+
+# AS_PATH: left-most ASN
+# Reject inbound routes when 'from 192.0.2.11 peer-as != 3333' - reject code: 6
+deny quick from 192.0.2.11 peer-as != 3333
+
+
+# AS_PATH: invalid ASNs
+# Reject inbound routes when 'from 192.0.2.11 AS 23456' - reject code: 7
+deny quick from 192.0.2.11 AS 23456
+
+# Reject inbound routes when 'from 192.0.2.11 AS 64496 - 131071' - reject code: 7
+deny quick from 192.0.2.11 AS 64496 - 131071
+
+# Reject inbound routes when 'from 192.0.2.11 AS 4200000000 - 4294967295' - reject code: 7
+deny quick from 192.0.2.11 AS 4200000000 - 4294967295
+
+
+
+
+
+match from 192.0.2.11 set ext-community $INTCOMM_IRR_REJECT
+
+# AS_PATH: check origin via AS-SET
+# IRRDB filters for AS3333_1, AS3333: asns
+# add $INTCOMM_ORIGIN_KO to any; it will be removed later if at least one AS-SET authorizes this object
+match from 192.0.2.11 set ext-community $INTCOMM_ORIGIN_KO
+# verifying if object is authorized by AS-SETs
+# AS-SET AS3333 referenced but empty.
+
+
+# Prefix: check prefix via AS-SET
+# IRRDB filters for AS3333_1, AS3333: prefixes
+# add $INTCOMM_PREFIX_KO to any; it will be removed later if at least one AS-SET authorizes this object
+match from 192.0.2.11 set ext-community $INTCOMM_PREFIX_KO
+# verifying if object is authorized by AS-SETs
+# AS-SET AS3333 referenced but empty.
+
+
+
+
+
+
+
+
+# RPKI-based Origin Validation
+# Reject inbound routes when 'from 192.0.2.11 ext-community $INTCOMM_RPKI_INVALID' - reject code: 14
+deny quick from 192.0.2.11 ext-community $INTCOMM_RPKI_INVALID
+
+
+# Prefix: length
+# Reject inbound routes when 'from 192.0.2.11 prefix 0.0.0.0/0 prefixlen 8 >< 24' - reject code: 13
+deny quick from 192.0.2.11 prefix 0.0.0.0/0 prefixlen 8 >< 24
+
+
+
+# Remove internal communities before accepting the route
+match from 192.0.2.11 set {
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+
+allow quick from 192.0.2.11
+
+
+
+# ---------------------------------------------
+# client AS3333_1, outbound
+
+
+# Blackhole request?
+# No blackhole filtering policy given
+deny quick to 192.0.2.11 community BLACKHOLE
+
+
+# RPKI-based Origin Validation
+# Do not announce INVALID to clients
+deny quick to 192.0.2.11 ext-community $INTCOMM_RPKI_INVALID
+
+# NO_EXPORT and NO_ADVERTISE communities
+
+# BGP control communities
+allow to 192.0.2.11
+
+
+# Add the $INTCOMM_PROCESS_PREPEND_COMMS ext community to signal that communities
+# for prepending can be processed. As soon as one prepending action is performed,
+# this internal community is removed, so that further actions are not processed.
+match to 192.0.2.11 set ext-community $INTCOMM_PROCESS_PREPEND_COMMS
+
+
+
+
+
+
+
+# Scrub communities from outbound routes
+
+# Scrub prepending communities
+
+
+# RFC1997 NO_EXPORT/NO_ADVERTISE received from clients and propagated because of pass-through policy
+match to group clients ext-community $INTCOMM_NO_EXPORT set community NO_EXPORT
+match to group clients ext-community $INTCOMM_NO_ADVERTISE set community NO_ADVERTISE
+
+# Remove internal communities before announcing the route
+match to group clients set {
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
diff --git a/tests/live_tests/scenarios/rpki_rtr_example/routes/RPKIRTRScenario_OpenBGPDIPv4/openbgpd77p/AS1_1.txt b/tests/live_tests/scenarios/rpki_rtr_example/routes/RPKIRTRScenario_OpenBGPDIPv4/openbgpd77p/AS1_1.txt
new file mode 100644
index 00000000..e69de29b
diff --git a/tests/live_tests/scenarios/rpki_rtr_example/routes/RPKIRTRScenario_OpenBGPDIPv4/openbgpd77p/rs.txt b/tests/live_tests/scenarios/rpki_rtr_example/routes/RPKIRTRScenario_OpenBGPDIPv4/openbgpd77p/rs.txt
new file mode 100644
index 00000000..e69de29b
diff --git a/tests/live_tests/scenarios/tag_as_set/configs/TagASSetScenario_EmptyAS_SETs_OpenBGPDIPv4/openbgpd76p.conf b/tests/live_tests/scenarios/tag_as_set/configs/TagASSetScenario_EmptyAS_SETs_OpenBGPDIPv4/openbgpd76p.conf
new file mode 100644
index 00000000..b896b0a1
--- /dev/null
+++ b/tests/live_tests/scenarios/tag_as_set/configs/TagASSetScenario_EmptyAS_SETs_OpenBGPDIPv4/openbgpd76p.conf
@@ -0,0 +1,3557 @@
+# built by ARouteServer
+AS 999
+router-id 192.0.2.2
+
+fib-update no
+log updates
+
+nexthop qualify via default
+
+rde evaluate all
+
+INTCOMM_PREF_OK_ROA="soo 65535:1"
+INTCOMM_ROUTE_OK_WL="soo 65535:2"
+INTCOMM_PREF_OK_ARINDB="soo 65535:3"
+INTCOMM_PREF_OK_REGISTROBRDB="soo 65535:12"
+
+INTCOMM_ORIGIN_OK="soo 65535:4"
+INTCOMM_ORIGIN_KO="soo 65535:5"
+INTCOMM_PREFIX_OK="soo 65535:6"
+INTCOMM_PREFIX_KO="soo 65535:7"
+INTCOMM_IRR_REJECT="soo 65535:8"
+
+INTCOMM_RPKI_UNKNOWN="soo 65535:9"
+INTCOMM_RPKI_INVALID="soo 65535:10"
+INTCOMM_RPKI_VALID="soo 65535:11"
+
+INTCOMM_PROCESS_PREPEND_COMMS="soo 65535:13"
+
+INTCOMM_NO_EXPORT="soo 65535:65281"
+INTCOMM_NO_ADVERTISE="soo 65535:65282"
+
+# ---------------------------------------------------------
+# IRRDB
+
+# WHITE_LIST_AS4_1, used by client AS4_1 white list
+as-set "AS_SET_WHITE_LIST_AS4_1_asns" {
+    41
+}
+prefix-set "AS_SET_WHITE_LIST_AS4_1_prefixes" {
+    4.2.0.0/16 prefixlen 16 - 32
+    2a04:2::/32 prefixlen 32 - 128
+}
+
+# AS4, used by client AS4_1, client AS4_2
+# no origin ASNs found for AS4
+# no prefixes found for AS4
+
+# WHITE_LIST_AS2_2, used by client AS2_2 white list
+as-set "AS_SET_WHITE_LIST_AS2_2_asns" {
+    21
+}
+prefix-set "AS_SET_WHITE_LIST_AS2_2_prefixes" {
+    2.2.0.0/16 prefixlen 16 - 32
+    2a02:2::/32 prefixlen 32 - 128
+}
+
+# AS-AS5_FROM_PDB, used by client AS5_1, client AS5_2
+# no origin ASNs found for AS_AS5_FROM_PDB
+# no prefixes found for AS_AS5_FROM_PDB
+
+# AS-AS4, used by client AS4_1, client AS4_2
+# no origin ASNs found for AS_AS4
+# no prefixes found for AS_AS4
+
+# AS2, used by client AS2_1, client AS2_2
+# no origin ASNs found for AS2
+# no prefixes found for AS2
+
+# WHITE_LIST_AS5_2, used by client AS5_2 white list
+as-set "AS_SET_WHITE_LIST_AS5_2_asns" {
+    51
+}
+prefix-set "AS_SET_WHITE_LIST_AS5_2_prefixes" {
+    5.2.0.0/16 prefixlen 16 - 32
+    2a05:2::/32 prefixlen 32 - 128
+}
+
+# AS5, used by client AS5_1, client AS5_2
+# no origin ASNs found for AS5
+# no prefixes found for AS5
+
+# AS6, used by client AS6_1, client AS6_2
+# no origin ASNs found for AS6
+# no prefixes found for AS6
+
+# WHITE_LIST_AS5_1, used by client AS5_1 white list
+as-set "AS_SET_WHITE_LIST_AS5_1_asns" {
+    51
+}
+prefix-set "AS_SET_WHITE_LIST_AS5_1_prefixes" {
+    5.2.0.0/16 prefixlen 16 - 32
+    2a05:2::/32 prefixlen 32 - 128
+}
+
+# WHITE_LIST_AS2_1, used by client AS2_1 white list
+as-set "AS_SET_WHITE_LIST_AS2_1_asns" {
+    21
+}
+prefix-set "AS_SET_WHITE_LIST_AS2_1_prefixes" {
+    2.2.0.0/16 prefixlen 16 - 32
+    2a02:2::/32 prefixlen 32 - 128
+}
+
+# AS1, used by client AS1_1, client AS1_2
+# no origin ASNs found for AS1
+# no prefixes found for AS1
+
+# WHITE_LIST_AS4_2, used by client AS4_2 white list
+as-set "AS_SET_WHITE_LIST_AS4_2_asns" {
+    41
+}
+prefix-set "AS_SET_WHITE_LIST_AS4_2_prefixes" {
+    4.2.0.0/16 prefixlen 16 - 32
+    2a04:2::/32 prefixlen 32 - 128
+}
+
+# AS-AS2, used by client AS2_1, client AS2_2
+# no origin ASNs found for AS_AS2
+# no prefixes found for AS_AS2
+
+
+
+
+# ---------------------------------------------------------
+# MEMBERS
+
+group "clients" {
+
+	neighbor 192.0.2.11 {
+		remote-as 1
+
+		rde evaluate all
+
+		descr "AS1_1 client, no AS-SET"
+		passive
+		ttl-security no
+		transparent-as yes
+		enforce neighbor-as no
+
+		announce as-4byte yes
+		announce IPv6 none
+		announce IPv4 unicast
+
+		set nexthop no-modify
+	}
+
+	neighbor 2001:db8:1:1::11 {
+		remote-as 1
+
+		rde evaluate all
+
+		descr "AS1_1 client, no AS-SET"
+		passive
+		ttl-security no
+		transparent-as yes
+		enforce neighbor-as no
+
+		announce as-4byte yes
+		announce IPv6 unicast
+		announce IPv4 none
+
+		set nexthop no-modify
+	}
+
+	neighbor 192.0.2.21 {
+		remote-as 2
+
+		rde evaluate all
+
+		descr "AS2_1 client, AS-SET from AS..."
+		passive
+		ttl-security no
+		transparent-as yes
+		enforce neighbor-as no
+
+		announce as-4byte yes
+		announce IPv6 none
+		announce IPv4 unicast
+
+		set nexthop no-modify
+	}
+
+	neighbor 2001:db8:1:1::21 {
+		remote-as 2
+
+		rde evaluate all
+
+		descr "AS2_1 client, AS-SET from AS..."
+		passive
+		ttl-security no
+		transparent-as yes
+		enforce neighbor-as no
+
+		announce as-4byte yes
+		announce IPv6 unicast
+		announce IPv4 none
+
+		set nexthop no-modify
+	}
+
+	neighbor 192.0.2.41 {
+		remote-as 4
+
+		rde evaluate all
+
+		descr "AS4_1 client, AS-SET configu..."
+		passive
+		ttl-security no
+		transparent-as yes
+		enforce neighbor-as no
+
+		announce as-4byte yes
+		announce IPv6 none
+		announce IPv4 unicast
+
+		set nexthop no-modify
+	}
+
+	neighbor 2001:db8:1:1::41 {
+		remote-as 4
+
+		rde evaluate all
+
+		descr "AS4_1 client, AS-SET configu..."
+		passive
+		ttl-security no
+		transparent-as yes
+		enforce neighbor-as no
+
+		announce as-4byte yes
+		announce IPv6 unicast
+		announce IPv4 none
+
+		set nexthop no-modify
+	}
+
+	neighbor 192.0.2.51 {
+		remote-as 5
+
+		rde evaluate all
+
+		descr "AS5_1 client, AS-SET from Pe..."
+		passive
+		ttl-security no
+		transparent-as yes
+		enforce neighbor-as no
+
+		announce as-4byte yes
+		announce IPv6 none
+		announce IPv4 unicast
+
+		set nexthop no-modify
+	}
+
+	neighbor 2001:db8:1:1::51 {
+		remote-as 5
+
+		rde evaluate all
+
+		descr "AS5_1 client, AS-SET from Pe..."
+		passive
+		ttl-security no
+		transparent-as yes
+		enforce neighbor-as no
+
+		announce as-4byte yes
+		announce IPv6 unicast
+		announce IPv4 none
+
+		set nexthop no-modify
+	}
+
+	neighbor 192.0.2.61 {
+		remote-as 6
+
+		rde evaluate all
+
+		descr "AS6_1 client"
+		passive
+		ttl-security no
+		transparent-as yes
+		enforce neighbor-as no
+
+		announce as-4byte yes
+		announce IPv6 none
+		announce IPv4 unicast
+
+		set nexthop no-modify
+	}
+
+	neighbor 2001:db8:1:1::61 {
+		remote-as 6
+
+		rde evaluate all
+
+		descr "AS6_1 client"
+		passive
+		ttl-security no
+		transparent-as yes
+		enforce neighbor-as no
+
+		announce as-4byte yes
+		announce IPv6 unicast
+		announce IPv4 none
+
+		set nexthop no-modify
+	}
+}
+
+
+
+# ---------------------------------------------------------
+# FILTERS
+
+# NO_ADVERTISE usage notes.
+# The NO_ADVERTISE well-know community is used here to handle
+# filters that span over multiple steps. At first it is added
+# to any route, then it is removed as filters conditions are
+# satisfied. Finally, if it is still present, it means that
+# the route should be discarded.
+
+
+
+
+
+prefix-set "bogons" {
+    0.0.0.0/0
+    0.0.0.0/8 prefixlen 8 - 32
+    10.0.0.0/8 prefixlen 8 - 32
+    127.0.0.0/8 prefixlen 8 - 32
+    169.254.0.0/16 prefixlen 16 - 32
+    172.16.0.0/12 prefixlen 12 - 32
+    192.0.2.0/24 prefixlen 24 - 32
+    192.88.99.0/24 prefixlen 24 - 32
+    192.168.0.0/16 prefixlen 16 - 32
+    198.18.0.0/15 prefixlen 15 - 32
+    198.51.100.0/24 prefixlen 24 - 32
+    203.0.113.0/24 prefixlen 24 - 32
+    224.0.0.0/3 prefixlen 3 - 32
+    100.64.0.0/10 prefixlen 10 - 32
+    ::/0
+    ::/8 prefixlen 8 - 128
+    64:ff9b::/96 prefixlen 96 - 128
+    100::/8 prefixlen 8 - 128
+    200::/7 prefixlen 7 - 128
+    400::/6 prefixlen 6 - 128
+    800::/5 prefixlen 5 - 128
+    1000::/4 prefixlen 4 - 128
+    2001::/33 prefixlen 33 - 128
+    2001:0:8000::/33 prefixlen 33 - 128
+    2001:2::/48 prefixlen 48 - 128
+    2001:3::/32 prefixlen 32 - 128
+    2001:10::/28 prefixlen 28 - 128
+    2001:20::/28 prefixlen 28 - 128
+    2001:db8::/32 prefixlen 32 - 128
+    2002::/16 prefixlen 16 - 128
+    3ffe::/16 prefixlen 16 - 128
+    4000::/3 prefixlen 3 - 128
+    5f00::/8 prefixlen 8 - 128
+    6000::/3 prefixlen 3 - 128
+    8000::/3 prefixlen 3 - 128
+    a000::/3 prefixlen 3 - 128
+    c000::/3 prefixlen 3 - 128
+    e000::/4 prefixlen 4 - 128
+    f000::/5 prefixlen 5 - 128
+    f800::/6 prefixlen 6 - 128
+    fc00::/7 prefixlen 7 - 128
+    fe80::/10 prefixlen 10 - 128
+    fec0::/10 prefixlen 10 - 128
+    ff00::/8 prefixlen 8 - 128
+
+}
+
+
+# =====================================================================================
+# Global rules.
+
+# This part of configuration is processed at the beginning of the filters.
+# The rules defined in this part are applied to all the clients, and not on a
+# client-by-client basis (see the 'match from group clients'), so only global policies
+# can be implemented here, that is no client-level configuration are allowed.
+
+
+
+# Scrub communities from inbound routes
+# origin_not_present_in_as_set
+match from group clients set community delete 999:64515
+match from group clients set large-community delete 999:0:64515
+
+# origin_present_in_as_set
+match from group clients set community delete 999:64514
+match from group clients set large-community delete 999:0:64514
+
+# prefix_not_present_in_as_set
+match from group clients set community delete 999:64513
+match from group clients set large-community delete 999:0:64513
+
+# prefix_present_in_as_set
+match from group clients set community delete 999:64512
+match from group clients set large-community delete 999:0:64512
+
+# prefix_validated_via_arin_whois_db_dump
+match from group clients set community delete 999:64518
+match from group clients set large-community delete 999:0:64518
+
+# prefix_validated_via_rpki_roas
+match from group clients set community delete 999:64516
+match from group clients set large-community delete 999:0:64516
+
+# reject_cause
+match from group clients set community delete 65520:*
+
+# reject_cause_map_6
+match from group clients set large-community delete 999:1101:7
+
+# rejected_route_announced_by
+match from group clients set ext-community delete rt 65520:*
+
+# route_validated_via_white_list
+match from group clients set community delete 999:64517
+match from group clients set large-community delete 999:0:64517
+
+
+# Scrub internal communities from inbound routes
+match from group clients set {
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+# The main goal of this block is to enrich routes received from clients by attaching to them
+# internal informational communities which are used later by the rest of the filter rules.
+
+# Internal communities used for RFC1997 well-known communities handling
+
+# Transform NO_EXPORT into $INTCOMM_NO_EXPORT
+match from group clients community NO_EXPORT set { ext-community $INTCOMM_NO_EXPORT community delete NO_EXPORT }
+
+# Transform NO_ADVERTISE into $INTCOMM_NO_ADVERTISE
+match from group clients community NO_ADVERTISE set { ext-community $INTCOMM_NO_ADVERTISE community delete NO_ADVERTISE }
+
+
+# ---------------------------------------------------------
+# ROAs source
+
+
+roa-set {
+
+}
+
+
+
+
+# ---------------------------------------------------------
+# RPKI ROAs used as route objects.
+
+# Add the $INTCOMM_PREF_OK_ROA ext community to routes whose
+# origin ASN has a ROA for the announced prefix.
+# It will be used later during IRRDB validation in
+# case the origin ASN is authorized by a client's
+# AS-SET but the prefix is not.
+
+match from group clients ovs valid set ext-community $INTCOMM_PREF_OK_ROA
+
+
+
+
+
+
+# Set the 'rejected_route_announced_by' community for all the clients.
+# It will be removed later if the route is not invalid
+match from 192.0.2.11 set ext-community rt 65520:1
+
+match from 2001:db8:1:1::11 set ext-community rt 65520:1
+
+match from 192.0.2.21 set ext-community rt 65520:2
+
+match from 2001:db8:1:1::21 set ext-community rt 65520:2
+
+match from 192.0.2.41 set ext-community rt 65520:4
+
+match from 2001:db8:1:1::41 set ext-community rt 65520:4
+
+match from 192.0.2.51 set ext-community rt 65520:5
+
+match from 2001:db8:1:1::51 set ext-community rt 65520:5
+
+match from 192.0.2.61 set ext-community rt 65520:6
+
+match from 2001:db8:1:1::61 set ext-community rt 65520:6
+
+
+
+
+# AS_PATH: length
+# Reject inbound routes when 'from group clients max-as-len 32' - reject code: 1
+allow quick from group clients max-as-len 32 set {
+	localpref 1
+	community 65520:0
+	community 65520:1
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+# Prefix: only IPv6 Global Unicast space allowed
+match from group clients inet6 set community NO_ADVERTISE
+match from group clients prefix 2000::/3 or-longer set community delete NO_ADVERTISE
+# Reject inbound routes when 'from group clients community NO_ADVERTISE' - reject code: 10
+allow quick from group clients community NO_ADVERTISE set {
+	localpref 1
+	community 65520:0
+	community 65520:10
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# Prefix: bogon
+# Reject inbound routes when 'from group clients prefix-set bogons' - reject code: 2
+allow quick from group clients prefix-set bogons set {
+	localpref 1
+	community 65520:0
+	community 65520:2
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+
+# =====================================================================================
+# Per client rules.
+
+
+# ---------------------------------------------
+# client AS1_1, inbound
+
+
+
+# NEXT_HOP
+match from 192.0.2.11 set community NO_ADVERTISE
+match from 192.0.2.11 nexthop 192.0.2.11 set community delete NO_ADVERTISE
+# Reject inbound routes when 'from 192.0.2.11 community NO_ADVERTISE' - reject code: 5
+allow quick from 192.0.2.11 community NO_ADVERTISE set {
+	localpref 1
+	community 65520:0
+	community 65520:5
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: left-most ASN
+# Reject inbound routes when 'from 192.0.2.11 peer-as != 1' - reject code: 6
+# community from reject_cause_map
+allow quick from 192.0.2.11 peer-as != 1 set {
+	localpref 1
+	community 65520:0
+	community 65520:6
+	large-community 999:1101:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: invalid ASNs
+# Reject inbound routes when 'from 192.0.2.11 AS 23456' - reject code: 7
+allow quick from 192.0.2.11 AS 23456 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 192.0.2.11 AS 64496 - 131071' - reject code: 7
+allow quick from 192.0.2.11 AS 64496 - 131071 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 192.0.2.11 AS 4200000000 - 4294967295' - reject code: 7
+allow quick from 192.0.2.11 AS 4200000000 - 4294967295 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+
+
+match from 192.0.2.11 set ext-community $INTCOMM_IRR_REJECT
+
+# AS_PATH: check origin via AS-SET
+# IRRDB filters for AS1_1, AS1: asns
+# add $INTCOMM_ORIGIN_KO to any; it will be removed later if at least one AS-SET authorizes this object
+match from 192.0.2.11 set ext-community $INTCOMM_ORIGIN_KO
+# verifying if object is authorized by AS-SETs
+# AS-SET AS1 referenced but empty.
+# adding not_present_in_as_set community to unauthorized routes
+match from 192.0.2.11 ext-community $INTCOMM_ORIGIN_KO set community 999:64515
+match from 192.0.2.11 ext-community $INTCOMM_ORIGIN_KO set large-community 999:0:64515
+# adding present_in_as_set community to authorized routes
+match from 192.0.2.11 ext-community $INTCOMM_ORIGIN_OK set community 999:64514
+match from 192.0.2.11 ext-community $INTCOMM_ORIGIN_OK set large-community 999:0:64514
+
+
+# Prefix: check prefix via AS-SET
+# IRRDB filters for AS1_1, AS1: prefixes
+# add $INTCOMM_PREFIX_KO to any; it will be removed later if at least one AS-SET authorizes this object
+match from 192.0.2.11 set ext-community $INTCOMM_PREFIX_KO
+# verifying if object is authorized by AS-SETs
+# AS-SET AS1 referenced but empty.
+# adding not_present_in_as_set community to unauthorized routes
+match from 192.0.2.11 ext-community $INTCOMM_PREFIX_KO set community 999:64513
+match from 192.0.2.11 ext-community $INTCOMM_PREFIX_KO set large-community 999:0:64513
+# adding present_in_as_set community to authorized routes
+match from 192.0.2.11 ext-community $INTCOMM_PREFIX_OK set community 999:64512
+match from 192.0.2.11 ext-community $INTCOMM_PREFIX_OK set large-community 999:0:64512
+
+
+# routes tagged with $INTCOMM_PREF_OK_ROA community have the prefix validated by a ROA; origin ASN previously validated ($INTCOMM_ORIGIN_OK)
+match from 192.0.2.11 ext-community $INTCOMM_ORIGIN_OK ext-community $INTCOMM_PREF_OK_ROA set community 999:64516
+match from 192.0.2.11 ext-community $INTCOMM_ORIGIN_OK ext-community $INTCOMM_PREF_OK_ROA set large-community 999:0:64516
+
+match from 192.0.2.11 ext-community $INTCOMM_ORIGIN_OK ext-community $INTCOMM_PREF_OK_ROA set ext-community delete $INTCOMM_IRR_REJECT
+
+
+
+
+
+
+
+# Prefix: length
+# Reject inbound routes when 'from 192.0.2.11 prefix 0.0.0.0/0 prefixlen 8 >< 24' - reject code: 13
+allow quick from 192.0.2.11 prefix 0.0.0.0/0 prefixlen 8 >< 24 set {
+	localpref 1
+	community 65520:0
+	community 65520:13
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+# Remove internal communities before accepting the route
+match from 192.0.2.11 set {
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+match from 192.0.2.11 set ext-community delete rt 65520:1
+
+
+
+allow quick from 192.0.2.11
+
+
+
+# ---------------------------------------------
+# client AS1_1, outbound
+
+deny quick to 192.0.2.11 community 65520:0
+
+
+
+# Blackhole request?
+# No blackhole filtering policy given
+deny quick to 192.0.2.11 community BLACKHOLE
+
+
+
+# NO_EXPORT and NO_ADVERTISE communities
+
+# BGP control communities
+allow to 192.0.2.11
+
+
+# Add the $INTCOMM_PROCESS_PREPEND_COMMS ext community to signal that communities
+# for prepending can be processed. As soon as one prepending action is performed,
+# this internal community is removed, so that further actions are not processed.
+match to 192.0.2.11 set ext-community $INTCOMM_PROCESS_PREPEND_COMMS
+
+
+
+
+
+# ---------------------------------------------
+# client AS1_2, inbound
+
+
+
+# NEXT_HOP
+match from 2001:db8:1:1::11 set community NO_ADVERTISE
+match from 2001:db8:1:1::11 nexthop 2001:db8:1:1::11 set community delete NO_ADVERTISE
+# Reject inbound routes when 'from 2001:db8:1:1::11 community NO_ADVERTISE' - reject code: 5
+allow quick from 2001:db8:1:1::11 community NO_ADVERTISE set {
+	localpref 1
+	community 65520:0
+	community 65520:5
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: left-most ASN
+# Reject inbound routes when 'from 2001:db8:1:1::11 peer-as != 1' - reject code: 6
+# community from reject_cause_map
+allow quick from 2001:db8:1:1::11 peer-as != 1 set {
+	localpref 1
+	community 65520:0
+	community 65520:6
+	large-community 999:1101:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: invalid ASNs
+# Reject inbound routes when 'from 2001:db8:1:1::11 AS 23456' - reject code: 7
+allow quick from 2001:db8:1:1::11 AS 23456 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 2001:db8:1:1::11 AS 64496 - 131071' - reject code: 7
+allow quick from 2001:db8:1:1::11 AS 64496 - 131071 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 2001:db8:1:1::11 AS 4200000000 - 4294967295' - reject code: 7
+allow quick from 2001:db8:1:1::11 AS 4200000000 - 4294967295 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+
+
+match from 2001:db8:1:1::11 set ext-community $INTCOMM_IRR_REJECT
+
+# AS_PATH: check origin via AS-SET
+# IRRDB filters for AS1_2, AS1: asns
+# add $INTCOMM_ORIGIN_KO to any; it will be removed later if at least one AS-SET authorizes this object
+match from 2001:db8:1:1::11 set ext-community $INTCOMM_ORIGIN_KO
+# verifying if object is authorized by AS-SETs
+# AS-SET AS1 referenced but empty.
+# adding not_present_in_as_set community to unauthorized routes
+match from 2001:db8:1:1::11 ext-community $INTCOMM_ORIGIN_KO set community 999:64515
+match from 2001:db8:1:1::11 ext-community $INTCOMM_ORIGIN_KO set large-community 999:0:64515
+# adding present_in_as_set community to authorized routes
+match from 2001:db8:1:1::11 ext-community $INTCOMM_ORIGIN_OK set community 999:64514
+match from 2001:db8:1:1::11 ext-community $INTCOMM_ORIGIN_OK set large-community 999:0:64514
+
+
+# Prefix: check prefix via AS-SET
+# IRRDB filters for AS1_2, AS1: prefixes
+# add $INTCOMM_PREFIX_KO to any; it will be removed later if at least one AS-SET authorizes this object
+match from 2001:db8:1:1::11 set ext-community $INTCOMM_PREFIX_KO
+# verifying if object is authorized by AS-SETs
+# AS-SET AS1 referenced but empty.
+# adding not_present_in_as_set community to unauthorized routes
+match from 2001:db8:1:1::11 ext-community $INTCOMM_PREFIX_KO set community 999:64513
+match from 2001:db8:1:1::11 ext-community $INTCOMM_PREFIX_KO set large-community 999:0:64513
+# adding present_in_as_set community to authorized routes
+match from 2001:db8:1:1::11 ext-community $INTCOMM_PREFIX_OK set community 999:64512
+match from 2001:db8:1:1::11 ext-community $INTCOMM_PREFIX_OK set large-community 999:0:64512
+
+
+# routes tagged with $INTCOMM_PREF_OK_ROA community have the prefix validated by a ROA; origin ASN previously validated ($INTCOMM_ORIGIN_OK)
+match from 2001:db8:1:1::11 ext-community $INTCOMM_ORIGIN_OK ext-community $INTCOMM_PREF_OK_ROA set community 999:64516
+match from 2001:db8:1:1::11 ext-community $INTCOMM_ORIGIN_OK ext-community $INTCOMM_PREF_OK_ROA set large-community 999:0:64516
+
+match from 2001:db8:1:1::11 ext-community $INTCOMM_ORIGIN_OK ext-community $INTCOMM_PREF_OK_ROA set ext-community delete $INTCOMM_IRR_REJECT
+
+
+
+
+
+
+
+# Prefix: length
+# Reject inbound routes when 'from 2001:db8:1:1::11 prefix ::/0 prefixlen 12 >< 48' - reject code: 13
+allow quick from 2001:db8:1:1::11 prefix ::/0 prefixlen 12 >< 48 set {
+	localpref 1
+	community 65520:0
+	community 65520:13
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+# Remove internal communities before accepting the route
+match from 2001:db8:1:1::11 set {
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+match from 2001:db8:1:1::11 set ext-community delete rt 65520:1
+
+
+
+allow quick from 2001:db8:1:1::11
+
+
+
+# ---------------------------------------------
+# client AS1_2, outbound
+
+deny quick to 2001:db8:1:1::11 community 65520:0
+
+
+
+# Blackhole request?
+# No blackhole filtering policy given
+deny quick to 2001:db8:1:1::11 community BLACKHOLE
+
+
+
+# NO_EXPORT and NO_ADVERTISE communities
+
+# BGP control communities
+allow to 2001:db8:1:1::11
+
+
+# Add the $INTCOMM_PROCESS_PREPEND_COMMS ext community to signal that communities
+# for prepending can be processed. As soon as one prepending action is performed,
+# this internal community is removed, so that further actions are not processed.
+match to 2001:db8:1:1::11 set ext-community $INTCOMM_PROCESS_PREPEND_COMMS
+
+
+
+
+
+# ---------------------------------------------
+# client AS2_1, inbound
+
+
+
+# NEXT_HOP
+match from 192.0.2.21 set community NO_ADVERTISE
+match from 192.0.2.21 nexthop 192.0.2.21 set community delete NO_ADVERTISE
+# Reject inbound routes when 'from 192.0.2.21 community NO_ADVERTISE' - reject code: 5
+allow quick from 192.0.2.21 community NO_ADVERTISE set {
+	localpref 1
+	community 65520:0
+	community 65520:5
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: left-most ASN
+# Reject inbound routes when 'from 192.0.2.21 peer-as != 2' - reject code: 6
+# community from reject_cause_map
+allow quick from 192.0.2.21 peer-as != 2 set {
+	localpref 1
+	community 65520:0
+	community 65520:6
+	large-community 999:1101:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: invalid ASNs
+# Reject inbound routes when 'from 192.0.2.21 AS 23456' - reject code: 7
+allow quick from 192.0.2.21 AS 23456 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 192.0.2.21 AS 64496 - 131071' - reject code: 7
+allow quick from 192.0.2.21 AS 64496 - 131071 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 192.0.2.21 AS 4200000000 - 4294967295' - reject code: 7
+allow quick from 192.0.2.21 AS 4200000000 - 4294967295 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+
+
+match from 192.0.2.21 set ext-community $INTCOMM_IRR_REJECT
+
+# AS_PATH: check origin via AS-SET
+# IRRDB filters for AS2_1, AS2: asns
+# add $INTCOMM_ORIGIN_KO to any; it will be removed later if at least one AS-SET authorizes this object
+match from 192.0.2.21 set ext-community $INTCOMM_ORIGIN_KO
+# verifying if object is authorized by AS-SETs
+# AS-SET AS2 referenced but empty.
+match from 192.0.2.21 source-as as-set AS_SET_WHITE_LIST_AS2_1_asns set {
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community $INTCOMM_ORIGIN_OK
+} # WHITE_LIST_AS2_1
+# AS-SET AS_AS2 referenced but empty.
+# adding not_present_in_as_set community to unauthorized routes
+match from 192.0.2.21 ext-community $INTCOMM_ORIGIN_KO set community 999:64515
+match from 192.0.2.21 ext-community $INTCOMM_ORIGIN_KO set large-community 999:0:64515
+# adding present_in_as_set community to authorized routes
+match from 192.0.2.21 ext-community $INTCOMM_ORIGIN_OK set community 999:64514
+match from 192.0.2.21 ext-community $INTCOMM_ORIGIN_OK set large-community 999:0:64514
+
+
+# Prefix: check prefix via AS-SET
+# IRRDB filters for AS2_1, AS2: prefixes
+# add $INTCOMM_PREFIX_KO to any; it will be removed later if at least one AS-SET authorizes this object
+match from 192.0.2.21 set ext-community $INTCOMM_PREFIX_KO
+# verifying if object is authorized by AS-SETs
+# AS-SET AS2 referenced but empty.
+match from 192.0.2.21 prefix-set AS_SET_WHITE_LIST_AS2_1_prefixes set {
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community $INTCOMM_PREFIX_OK
+} # WHITE_LIST_AS2_1
+# AS-SET AS_AS2 referenced but empty.
+# adding not_present_in_as_set community to unauthorized routes
+match from 192.0.2.21 ext-community $INTCOMM_PREFIX_KO set community 999:64513
+match from 192.0.2.21 ext-community $INTCOMM_PREFIX_KO set large-community 999:0:64513
+# adding present_in_as_set community to authorized routes
+match from 192.0.2.21 ext-community $INTCOMM_PREFIX_OK set community 999:64512
+match from 192.0.2.21 ext-community $INTCOMM_PREFIX_OK set large-community 999:0:64512
+
+
+# routes tagged with $INTCOMM_PREF_OK_ROA community have the prefix validated by a ROA; origin ASN previously validated ($INTCOMM_ORIGIN_OK)
+match from 192.0.2.21 ext-community $INTCOMM_ORIGIN_OK ext-community $INTCOMM_PREF_OK_ROA set community 999:64516
+match from 192.0.2.21 ext-community $INTCOMM_ORIGIN_OK ext-community $INTCOMM_PREF_OK_ROA set large-community 999:0:64516
+
+match from 192.0.2.21 ext-community $INTCOMM_ORIGIN_OK ext-community $INTCOMM_PREF_OK_ROA set ext-community delete $INTCOMM_IRR_REJECT
+
+
+
+
+
+
+
+# Prefix: length
+# Reject inbound routes when 'from 192.0.2.21 prefix 0.0.0.0/0 prefixlen 8 >< 24' - reject code: 13
+allow quick from 192.0.2.21 prefix 0.0.0.0/0 prefixlen 8 >< 24 set {
+	localpref 1
+	community 65520:0
+	community 65520:13
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+# Remove internal communities before accepting the route
+match from 192.0.2.21 set {
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+match from 192.0.2.21 set ext-community delete rt 65520:2
+
+
+
+allow quick from 192.0.2.21
+
+
+
+# ---------------------------------------------
+# client AS2_1, outbound
+
+deny quick to 192.0.2.21 community 65520:0
+
+
+
+# Blackhole request?
+# No blackhole filtering policy given
+deny quick to 192.0.2.21 community BLACKHOLE
+
+
+
+# NO_EXPORT and NO_ADVERTISE communities
+
+# BGP control communities
+allow to 192.0.2.21
+
+
+# Add the $INTCOMM_PROCESS_PREPEND_COMMS ext community to signal that communities
+# for prepending can be processed. As soon as one prepending action is performed,
+# this internal community is removed, so that further actions are not processed.
+match to 192.0.2.21 set ext-community $INTCOMM_PROCESS_PREPEND_COMMS
+
+
+
+
+
+# ---------------------------------------------
+# client AS2_2, inbound
+
+
+
+# NEXT_HOP
+match from 2001:db8:1:1::21 set community NO_ADVERTISE
+match from 2001:db8:1:1::21 nexthop 2001:db8:1:1::21 set community delete NO_ADVERTISE
+# Reject inbound routes when 'from 2001:db8:1:1::21 community NO_ADVERTISE' - reject code: 5
+allow quick from 2001:db8:1:1::21 community NO_ADVERTISE set {
+	localpref 1
+	community 65520:0
+	community 65520:5
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: left-most ASN
+# Reject inbound routes when 'from 2001:db8:1:1::21 peer-as != 2' - reject code: 6
+# community from reject_cause_map
+allow quick from 2001:db8:1:1::21 peer-as != 2 set {
+	localpref 1
+	community 65520:0
+	community 65520:6
+	large-community 999:1101:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: invalid ASNs
+# Reject inbound routes when 'from 2001:db8:1:1::21 AS 23456' - reject code: 7
+allow quick from 2001:db8:1:1::21 AS 23456 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 2001:db8:1:1::21 AS 64496 - 131071' - reject code: 7
+allow quick from 2001:db8:1:1::21 AS 64496 - 131071 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 2001:db8:1:1::21 AS 4200000000 - 4294967295' - reject code: 7
+allow quick from 2001:db8:1:1::21 AS 4200000000 - 4294967295 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+
+
+match from 2001:db8:1:1::21 set ext-community $INTCOMM_IRR_REJECT
+
+# AS_PATH: check origin via AS-SET
+# IRRDB filters for AS2_2, AS2: asns
+# add $INTCOMM_ORIGIN_KO to any; it will be removed later if at least one AS-SET authorizes this object
+match from 2001:db8:1:1::21 set ext-community $INTCOMM_ORIGIN_KO
+# verifying if object is authorized by AS-SETs
+match from 2001:db8:1:1::21 source-as as-set AS_SET_WHITE_LIST_AS2_2_asns set {
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community $INTCOMM_ORIGIN_OK
+} # WHITE_LIST_AS2_2
+# AS-SET AS2 referenced but empty.
+# AS-SET AS_AS2 referenced but empty.
+# adding not_present_in_as_set community to unauthorized routes
+match from 2001:db8:1:1::21 ext-community $INTCOMM_ORIGIN_KO set community 999:64515
+match from 2001:db8:1:1::21 ext-community $INTCOMM_ORIGIN_KO set large-community 999:0:64515
+# adding present_in_as_set community to authorized routes
+match from 2001:db8:1:1::21 ext-community $INTCOMM_ORIGIN_OK set community 999:64514
+match from 2001:db8:1:1::21 ext-community $INTCOMM_ORIGIN_OK set large-community 999:0:64514
+
+
+# Prefix: check prefix via AS-SET
+# IRRDB filters for AS2_2, AS2: prefixes
+# add $INTCOMM_PREFIX_KO to any; it will be removed later if at least one AS-SET authorizes this object
+match from 2001:db8:1:1::21 set ext-community $INTCOMM_PREFIX_KO
+# verifying if object is authorized by AS-SETs
+match from 2001:db8:1:1::21 prefix-set AS_SET_WHITE_LIST_AS2_2_prefixes set {
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community $INTCOMM_PREFIX_OK
+} # WHITE_LIST_AS2_2
+# AS-SET AS2 referenced but empty.
+# AS-SET AS_AS2 referenced but empty.
+# adding not_present_in_as_set community to unauthorized routes
+match from 2001:db8:1:1::21 ext-community $INTCOMM_PREFIX_KO set community 999:64513
+match from 2001:db8:1:1::21 ext-community $INTCOMM_PREFIX_KO set large-community 999:0:64513
+# adding present_in_as_set community to authorized routes
+match from 2001:db8:1:1::21 ext-community $INTCOMM_PREFIX_OK set community 999:64512
+match from 2001:db8:1:1::21 ext-community $INTCOMM_PREFIX_OK set large-community 999:0:64512
+
+
+# routes tagged with $INTCOMM_PREF_OK_ROA community have the prefix validated by a ROA; origin ASN previously validated ($INTCOMM_ORIGIN_OK)
+match from 2001:db8:1:1::21 ext-community $INTCOMM_ORIGIN_OK ext-community $INTCOMM_PREF_OK_ROA set community 999:64516
+match from 2001:db8:1:1::21 ext-community $INTCOMM_ORIGIN_OK ext-community $INTCOMM_PREF_OK_ROA set large-community 999:0:64516
+
+match from 2001:db8:1:1::21 ext-community $INTCOMM_ORIGIN_OK ext-community $INTCOMM_PREF_OK_ROA set ext-community delete $INTCOMM_IRR_REJECT
+
+
+
+
+
+
+
+# Prefix: length
+# Reject inbound routes when 'from 2001:db8:1:1::21 prefix ::/0 prefixlen 12 >< 48' - reject code: 13
+allow quick from 2001:db8:1:1::21 prefix ::/0 prefixlen 12 >< 48 set {
+	localpref 1
+	community 65520:0
+	community 65520:13
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+# Remove internal communities before accepting the route
+match from 2001:db8:1:1::21 set {
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+match from 2001:db8:1:1::21 set ext-community delete rt 65520:2
+
+
+
+allow quick from 2001:db8:1:1::21
+
+
+
+# ---------------------------------------------
+# client AS2_2, outbound
+
+deny quick to 2001:db8:1:1::21 community 65520:0
+
+
+
+# Blackhole request?
+# No blackhole filtering policy given
+deny quick to 2001:db8:1:1::21 community BLACKHOLE
+
+
+
+# NO_EXPORT and NO_ADVERTISE communities
+
+# BGP control communities
+allow to 2001:db8:1:1::21
+
+
+# Add the $INTCOMM_PROCESS_PREPEND_COMMS ext community to signal that communities
+# for prepending can be processed. As soon as one prepending action is performed,
+# this internal community is removed, so that further actions are not processed.
+match to 2001:db8:1:1::21 set ext-community $INTCOMM_PROCESS_PREPEND_COMMS
+
+
+
+
+
+# ---------------------------------------------
+# client AS4_1, inbound
+
+
+
+# NEXT_HOP
+match from 192.0.2.41 set community NO_ADVERTISE
+match from 192.0.2.41 nexthop 192.0.2.41 set community delete NO_ADVERTISE
+# Reject inbound routes when 'from 192.0.2.41 community NO_ADVERTISE' - reject code: 5
+allow quick from 192.0.2.41 community NO_ADVERTISE set {
+	localpref 1
+	community 65520:0
+	community 65520:5
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: left-most ASN
+# Reject inbound routes when 'from 192.0.2.41 peer-as != 4' - reject code: 6
+# community from reject_cause_map
+allow quick from 192.0.2.41 peer-as != 4 set {
+	localpref 1
+	community 65520:0
+	community 65520:6
+	large-community 999:1101:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: invalid ASNs
+# Reject inbound routes when 'from 192.0.2.41 AS 23456' - reject code: 7
+allow quick from 192.0.2.41 AS 23456 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 192.0.2.41 AS 64496 - 131071' - reject code: 7
+allow quick from 192.0.2.41 AS 64496 - 131071 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 192.0.2.41 AS 4200000000 - 4294967295' - reject code: 7
+allow quick from 192.0.2.41 AS 4200000000 - 4294967295 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+
+# client's white list
+# Add the $INTCOMM_ROUTE_OK_WL ext community to routes which
+# are validated by a client's white list entry.
+# It will be used later during IRRDB validation in
+# case the route is not authorized by a client's
+# AS-SET.
+match from 192.0.2.41 prefix 2a04:4::/32 source-as 44 set ext-community $INTCOMM_ROUTE_OK_WL	# None
+match from 192.0.2.41 prefix 2a04:5::/32 prefixlen 32 - 128 source-as 43 set ext-community $INTCOMM_ROUTE_OK_WL	# None
+match from 192.0.2.41 prefix 2a04:6::/32 prefixlen 32 - 128 set ext-community $INTCOMM_ROUTE_OK_WL	# None
+match from 192.0.2.41 prefix 4.4.0.0/16 source-as 44 set ext-community $INTCOMM_ROUTE_OK_WL	# None
+match from 192.0.2.41 prefix 4.5.0.0/16 prefixlen 16 - 32 source-as 43 set ext-community $INTCOMM_ROUTE_OK_WL	# None
+match from 192.0.2.41 prefix 4.6.0.0/16 prefixlen 16 - 32 set ext-community $INTCOMM_ROUTE_OK_WL	# None
+
+match from 192.0.2.41 set ext-community $INTCOMM_IRR_REJECT
+
+# AS_PATH: check origin via AS-SET
+# IRRDB filters for AS4_1, AS4: asns
+# add $INTCOMM_ORIGIN_KO to any; it will be removed later if at least one AS-SET authorizes this object
+match from 192.0.2.41 set ext-community $INTCOMM_ORIGIN_KO
+# verifying if object is authorized by AS-SETs
+match from 192.0.2.41 source-as as-set AS_SET_WHITE_LIST_AS4_1_asns set {
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community $INTCOMM_ORIGIN_OK
+} # WHITE_LIST_AS4_1
+# AS-SET AS4 referenced but empty.
+# AS-SET AS_AS4 referenced but empty.
+# adding not_present_in_as_set community to unauthorized routes
+match from 192.0.2.41 ext-community $INTCOMM_ORIGIN_KO set community 999:64515
+match from 192.0.2.41 ext-community $INTCOMM_ORIGIN_KO set large-community 999:0:64515
+# adding present_in_as_set community to authorized routes
+match from 192.0.2.41 ext-community $INTCOMM_ORIGIN_OK set community 999:64514
+match from 192.0.2.41 ext-community $INTCOMM_ORIGIN_OK set large-community 999:0:64514
+
+
+# Prefix: check prefix via AS-SET
+# IRRDB filters for AS4_1, AS4: prefixes
+# add $INTCOMM_PREFIX_KO to any; it will be removed later if at least one AS-SET authorizes this object
+match from 192.0.2.41 set ext-community $INTCOMM_PREFIX_KO
+# verifying if object is authorized by AS-SETs
+match from 192.0.2.41 prefix-set AS_SET_WHITE_LIST_AS4_1_prefixes set {
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community $INTCOMM_PREFIX_OK
+} # WHITE_LIST_AS4_1
+# AS-SET AS4 referenced but empty.
+# AS-SET AS_AS4 referenced but empty.
+# adding not_present_in_as_set community to unauthorized routes
+match from 192.0.2.41 ext-community $INTCOMM_PREFIX_KO set community 999:64513
+match from 192.0.2.41 ext-community $INTCOMM_PREFIX_KO set large-community 999:0:64513
+# adding present_in_as_set community to authorized routes
+match from 192.0.2.41 ext-community $INTCOMM_PREFIX_OK set community 999:64512
+match from 192.0.2.41 ext-community $INTCOMM_PREFIX_OK set large-community 999:0:64512
+
+
+# routes tagged with $INTCOMM_PREF_OK_ROA community have the prefix validated by a ROA; origin ASN previously validated ($INTCOMM_ORIGIN_OK)
+match from 192.0.2.41 ext-community $INTCOMM_ORIGIN_OK ext-community $INTCOMM_PREF_OK_ROA set community 999:64516
+match from 192.0.2.41 ext-community $INTCOMM_ORIGIN_OK ext-community $INTCOMM_PREF_OK_ROA set large-community 999:0:64516
+
+match from 192.0.2.41 ext-community $INTCOMM_ORIGIN_OK ext-community $INTCOMM_PREF_OK_ROA set ext-community delete $INTCOMM_IRR_REJECT
+
+
+
+# route authorized by a client's white list?
+match from 192.0.2.41 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_ROUTE_OK_WL set community 999:64517
+match from 192.0.2.41 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_ROUTE_OK_WL set large-community 999:0:64517
+
+match from 192.0.2.41 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_ROUTE_OK_WL set ext-community delete $INTCOMM_IRR_REJECT
+
+# enforcing: origin ASN
+# Reject inbound routes when 'from 192.0.2.41 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_ORIGIN_KO' - reject code: 9
+allow quick from 192.0.2.41 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_ORIGIN_KO set {
+	localpref 1
+	community 65520:0
+	community 65520:9
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+
+# Prefix: length
+# Reject inbound routes when 'from 192.0.2.41 prefix 0.0.0.0/0 prefixlen 8 >< 24' - reject code: 13
+allow quick from 192.0.2.41 prefix 0.0.0.0/0 prefixlen 8 >< 24 set {
+	localpref 1
+	community 65520:0
+	community 65520:13
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+# Remove internal communities before accepting the route
+match from 192.0.2.41 set {
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+match from 192.0.2.41 set ext-community delete rt 65520:4
+
+
+
+allow quick from 192.0.2.41
+
+
+
+# ---------------------------------------------
+# client AS4_1, outbound
+
+deny quick to 192.0.2.41 community 65520:0
+
+
+
+# Blackhole request?
+# No blackhole filtering policy given
+deny quick to 192.0.2.41 community BLACKHOLE
+
+
+
+# NO_EXPORT and NO_ADVERTISE communities
+
+# BGP control communities
+allow to 192.0.2.41
+
+
+# Add the $INTCOMM_PROCESS_PREPEND_COMMS ext community to signal that communities
+# for prepending can be processed. As soon as one prepending action is performed,
+# this internal community is removed, so that further actions are not processed.
+match to 192.0.2.41 set ext-community $INTCOMM_PROCESS_PREPEND_COMMS
+
+
+
+
+
+# ---------------------------------------------
+# client AS4_2, inbound
+
+
+
+# NEXT_HOP
+match from 2001:db8:1:1::41 set community NO_ADVERTISE
+match from 2001:db8:1:1::41 nexthop 2001:db8:1:1::41 set community delete NO_ADVERTISE
+# Reject inbound routes when 'from 2001:db8:1:1::41 community NO_ADVERTISE' - reject code: 5
+allow quick from 2001:db8:1:1::41 community NO_ADVERTISE set {
+	localpref 1
+	community 65520:0
+	community 65520:5
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: left-most ASN
+# Reject inbound routes when 'from 2001:db8:1:1::41 peer-as != 4' - reject code: 6
+# community from reject_cause_map
+allow quick from 2001:db8:1:1::41 peer-as != 4 set {
+	localpref 1
+	community 65520:0
+	community 65520:6
+	large-community 999:1101:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: invalid ASNs
+# Reject inbound routes when 'from 2001:db8:1:1::41 AS 23456' - reject code: 7
+allow quick from 2001:db8:1:1::41 AS 23456 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 2001:db8:1:1::41 AS 64496 - 131071' - reject code: 7
+allow quick from 2001:db8:1:1::41 AS 64496 - 131071 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 2001:db8:1:1::41 AS 4200000000 - 4294967295' - reject code: 7
+allow quick from 2001:db8:1:1::41 AS 4200000000 - 4294967295 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+
+# client's white list
+# Add the $INTCOMM_ROUTE_OK_WL ext community to routes which
+# are validated by a client's white list entry.
+# It will be used later during IRRDB validation in
+# case the route is not authorized by a client's
+# AS-SET.
+match from 2001:db8:1:1::41 prefix 2a04:4::/32 source-as 44 set ext-community $INTCOMM_ROUTE_OK_WL	# None
+match from 2001:db8:1:1::41 prefix 2a04:5::/32 prefixlen 32 - 128 source-as 43 set ext-community $INTCOMM_ROUTE_OK_WL	# None
+match from 2001:db8:1:1::41 prefix 2a04:6::/32 prefixlen 32 - 128 set ext-community $INTCOMM_ROUTE_OK_WL	# None
+match from 2001:db8:1:1::41 prefix 4.4.0.0/16 source-as 44 set ext-community $INTCOMM_ROUTE_OK_WL	# None
+match from 2001:db8:1:1::41 prefix 4.5.0.0/16 prefixlen 16 - 32 source-as 43 set ext-community $INTCOMM_ROUTE_OK_WL	# None
+match from 2001:db8:1:1::41 prefix 4.6.0.0/16 prefixlen 16 - 32 set ext-community $INTCOMM_ROUTE_OK_WL	# None
+
+match from 2001:db8:1:1::41 set ext-community $INTCOMM_IRR_REJECT
+
+# AS_PATH: check origin via AS-SET
+# IRRDB filters for AS4_2, AS4: asns
+# add $INTCOMM_ORIGIN_KO to any; it will be removed later if at least one AS-SET authorizes this object
+match from 2001:db8:1:1::41 set ext-community $INTCOMM_ORIGIN_KO
+# verifying if object is authorized by AS-SETs
+# AS-SET AS4 referenced but empty.
+# AS-SET AS_AS4 referenced but empty.
+match from 2001:db8:1:1::41 source-as as-set AS_SET_WHITE_LIST_AS4_2_asns set {
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community $INTCOMM_ORIGIN_OK
+} # WHITE_LIST_AS4_2
+# adding not_present_in_as_set community to unauthorized routes
+match from 2001:db8:1:1::41 ext-community $INTCOMM_ORIGIN_KO set community 999:64515
+match from 2001:db8:1:1::41 ext-community $INTCOMM_ORIGIN_KO set large-community 999:0:64515
+# adding present_in_as_set community to authorized routes
+match from 2001:db8:1:1::41 ext-community $INTCOMM_ORIGIN_OK set community 999:64514
+match from 2001:db8:1:1::41 ext-community $INTCOMM_ORIGIN_OK set large-community 999:0:64514
+
+
+# Prefix: check prefix via AS-SET
+# IRRDB filters for AS4_2, AS4: prefixes
+# add $INTCOMM_PREFIX_KO to any; it will be removed later if at least one AS-SET authorizes this object
+match from 2001:db8:1:1::41 set ext-community $INTCOMM_PREFIX_KO
+# verifying if object is authorized by AS-SETs
+# AS-SET AS4 referenced but empty.
+# AS-SET AS_AS4 referenced but empty.
+match from 2001:db8:1:1::41 prefix-set AS_SET_WHITE_LIST_AS4_2_prefixes set {
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community $INTCOMM_PREFIX_OK
+} # WHITE_LIST_AS4_2
+# adding not_present_in_as_set community to unauthorized routes
+match from 2001:db8:1:1::41 ext-community $INTCOMM_PREFIX_KO set community 999:64513
+match from 2001:db8:1:1::41 ext-community $INTCOMM_PREFIX_KO set large-community 999:0:64513
+# adding present_in_as_set community to authorized routes
+match from 2001:db8:1:1::41 ext-community $INTCOMM_PREFIX_OK set community 999:64512
+match from 2001:db8:1:1::41 ext-community $INTCOMM_PREFIX_OK set large-community 999:0:64512
+
+
+# routes tagged with $INTCOMM_PREF_OK_ROA community have the prefix validated by a ROA; origin ASN previously validated ($INTCOMM_ORIGIN_OK)
+match from 2001:db8:1:1::41 ext-community $INTCOMM_ORIGIN_OK ext-community $INTCOMM_PREF_OK_ROA set community 999:64516
+match from 2001:db8:1:1::41 ext-community $INTCOMM_ORIGIN_OK ext-community $INTCOMM_PREF_OK_ROA set large-community 999:0:64516
+
+match from 2001:db8:1:1::41 ext-community $INTCOMM_ORIGIN_OK ext-community $INTCOMM_PREF_OK_ROA set ext-community delete $INTCOMM_IRR_REJECT
+
+
+
+# route authorized by a client's white list?
+match from 2001:db8:1:1::41 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_ROUTE_OK_WL set community 999:64517
+match from 2001:db8:1:1::41 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_ROUTE_OK_WL set large-community 999:0:64517
+
+match from 2001:db8:1:1::41 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_ROUTE_OK_WL set ext-community delete $INTCOMM_IRR_REJECT
+
+# enforcing: origin ASN
+# Reject inbound routes when 'from 2001:db8:1:1::41 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_ORIGIN_KO' - reject code: 9
+allow quick from 2001:db8:1:1::41 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_ORIGIN_KO set {
+	localpref 1
+	community 65520:0
+	community 65520:9
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+
+# Prefix: length
+# Reject inbound routes when 'from 2001:db8:1:1::41 prefix ::/0 prefixlen 12 >< 48' - reject code: 13
+allow quick from 2001:db8:1:1::41 prefix ::/0 prefixlen 12 >< 48 set {
+	localpref 1
+	community 65520:0
+	community 65520:13
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+# Remove internal communities before accepting the route
+match from 2001:db8:1:1::41 set {
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+match from 2001:db8:1:1::41 set ext-community delete rt 65520:4
+
+
+
+allow quick from 2001:db8:1:1::41
+
+
+
+# ---------------------------------------------
+# client AS4_2, outbound
+
+deny quick to 2001:db8:1:1::41 community 65520:0
+
+
+
+# Blackhole request?
+# No blackhole filtering policy given
+deny quick to 2001:db8:1:1::41 community BLACKHOLE
+
+
+
+# NO_EXPORT and NO_ADVERTISE communities
+
+# BGP control communities
+allow to 2001:db8:1:1::41
+
+
+# Add the $INTCOMM_PROCESS_PREPEND_COMMS ext community to signal that communities
+# for prepending can be processed. As soon as one prepending action is performed,
+# this internal community is removed, so that further actions are not processed.
+match to 2001:db8:1:1::41 set ext-community $INTCOMM_PROCESS_PREPEND_COMMS
+
+
+
+
+
+# ---------------------------------------------
+# client AS5_1, inbound
+
+
+
+# NEXT_HOP
+match from 192.0.2.51 set community NO_ADVERTISE
+match from 192.0.2.51 nexthop 192.0.2.51 set community delete NO_ADVERTISE
+# Reject inbound routes when 'from 192.0.2.51 community NO_ADVERTISE' - reject code: 5
+allow quick from 192.0.2.51 community NO_ADVERTISE set {
+	localpref 1
+	community 65520:0
+	community 65520:5
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: left-most ASN
+# Reject inbound routes when 'from 192.0.2.51 peer-as != 5' - reject code: 6
+# community from reject_cause_map
+allow quick from 192.0.2.51 peer-as != 5 set {
+	localpref 1
+	community 65520:0
+	community 65520:6
+	large-community 999:1101:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: invalid ASNs
+# Reject inbound routes when 'from 192.0.2.51 AS 23456' - reject code: 7
+allow quick from 192.0.2.51 AS 23456 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 192.0.2.51 AS 64496 - 131071' - reject code: 7
+allow quick from 192.0.2.51 AS 64496 - 131071 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 192.0.2.51 AS 4200000000 - 4294967295' - reject code: 7
+allow quick from 192.0.2.51 AS 4200000000 - 4294967295 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+
+
+match from 192.0.2.51 set ext-community $INTCOMM_IRR_REJECT
+
+# AS_PATH: check origin via AS-SET
+# IRRDB filters for AS5_1, AS5: asns
+# add $INTCOMM_ORIGIN_KO to any; it will be removed later if at least one AS-SET authorizes this object
+match from 192.0.2.51 set ext-community $INTCOMM_ORIGIN_KO
+# verifying if object is authorized by AS-SETs
+# AS-SET AS_AS5_FROM_PDB referenced but empty.
+# AS-SET AS5 referenced but empty.
+match from 192.0.2.51 source-as as-set AS_SET_WHITE_LIST_AS5_1_asns set {
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community $INTCOMM_ORIGIN_OK
+} # WHITE_LIST_AS5_1
+# adding not_present_in_as_set community to unauthorized routes
+match from 192.0.2.51 ext-community $INTCOMM_ORIGIN_KO set community 999:64515
+match from 192.0.2.51 ext-community $INTCOMM_ORIGIN_KO set large-community 999:0:64515
+# adding present_in_as_set community to authorized routes
+match from 192.0.2.51 ext-community $INTCOMM_ORIGIN_OK set community 999:64514
+match from 192.0.2.51 ext-community $INTCOMM_ORIGIN_OK set large-community 999:0:64514
+
+
+# Prefix: check prefix via AS-SET
+# IRRDB filters for AS5_1, AS5: prefixes
+# add $INTCOMM_PREFIX_KO to any; it will be removed later if at least one AS-SET authorizes this object
+match from 192.0.2.51 set ext-community $INTCOMM_PREFIX_KO
+# verifying if object is authorized by AS-SETs
+# AS-SET AS_AS5_FROM_PDB referenced but empty.
+# AS-SET AS5 referenced but empty.
+match from 192.0.2.51 prefix-set AS_SET_WHITE_LIST_AS5_1_prefixes set {
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community $INTCOMM_PREFIX_OK
+} # WHITE_LIST_AS5_1
+# adding not_present_in_as_set community to unauthorized routes
+match from 192.0.2.51 ext-community $INTCOMM_PREFIX_KO set community 999:64513
+match from 192.0.2.51 ext-community $INTCOMM_PREFIX_KO set large-community 999:0:64513
+# adding present_in_as_set community to authorized routes
+match from 192.0.2.51 ext-community $INTCOMM_PREFIX_OK set community 999:64512
+match from 192.0.2.51 ext-community $INTCOMM_PREFIX_OK set large-community 999:0:64512
+
+
+# routes tagged with $INTCOMM_PREF_OK_ROA community have the prefix validated by a ROA; origin ASN previously validated ($INTCOMM_ORIGIN_OK)
+match from 192.0.2.51 ext-community $INTCOMM_ORIGIN_OK ext-community $INTCOMM_PREF_OK_ROA set community 999:64516
+match from 192.0.2.51 ext-community $INTCOMM_ORIGIN_OK ext-community $INTCOMM_PREF_OK_ROA set large-community 999:0:64516
+
+match from 192.0.2.51 ext-community $INTCOMM_ORIGIN_OK ext-community $INTCOMM_PREF_OK_ROA set ext-community delete $INTCOMM_IRR_REJECT
+
+
+
+
+# enforcing: prefix
+# Reject inbound routes when 'from 192.0.2.51 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_PREFIX_KO' - reject code: 12
+allow quick from 192.0.2.51 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_PREFIX_KO set {
+	localpref 1
+	community 65520:0
+	community 65520:12
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+
+# Prefix: length
+# Reject inbound routes when 'from 192.0.2.51 prefix 0.0.0.0/0 prefixlen 8 >< 24' - reject code: 13
+allow quick from 192.0.2.51 prefix 0.0.0.0/0 prefixlen 8 >< 24 set {
+	localpref 1
+	community 65520:0
+	community 65520:13
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+# Remove internal communities before accepting the route
+match from 192.0.2.51 set {
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+match from 192.0.2.51 set ext-community delete rt 65520:5
+
+
+
+allow quick from 192.0.2.51
+
+
+
+# ---------------------------------------------
+# client AS5_1, outbound
+
+deny quick to 192.0.2.51 community 65520:0
+
+
+
+# Blackhole request?
+# No blackhole filtering policy given
+deny quick to 192.0.2.51 community BLACKHOLE
+
+
+
+# NO_EXPORT and NO_ADVERTISE communities
+
+# BGP control communities
+allow to 192.0.2.51
+
+
+# Add the $INTCOMM_PROCESS_PREPEND_COMMS ext community to signal that communities
+# for prepending can be processed. As soon as one prepending action is performed,
+# this internal community is removed, so that further actions are not processed.
+match to 192.0.2.51 set ext-community $INTCOMM_PROCESS_PREPEND_COMMS
+
+
+
+
+
+# ---------------------------------------------
+# client AS5_2, inbound
+
+
+
+# NEXT_HOP
+match from 2001:db8:1:1::51 set community NO_ADVERTISE
+match from 2001:db8:1:1::51 nexthop 2001:db8:1:1::51 set community delete NO_ADVERTISE
+# Reject inbound routes when 'from 2001:db8:1:1::51 community NO_ADVERTISE' - reject code: 5
+allow quick from 2001:db8:1:1::51 community NO_ADVERTISE set {
+	localpref 1
+	community 65520:0
+	community 65520:5
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: left-most ASN
+# Reject inbound routes when 'from 2001:db8:1:1::51 peer-as != 5' - reject code: 6
+# community from reject_cause_map
+allow quick from 2001:db8:1:1::51 peer-as != 5 set {
+	localpref 1
+	community 65520:0
+	community 65520:6
+	large-community 999:1101:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: invalid ASNs
+# Reject inbound routes when 'from 2001:db8:1:1::51 AS 23456' - reject code: 7
+allow quick from 2001:db8:1:1::51 AS 23456 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 2001:db8:1:1::51 AS 64496 - 131071' - reject code: 7
+allow quick from 2001:db8:1:1::51 AS 64496 - 131071 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 2001:db8:1:1::51 AS 4200000000 - 4294967295' - reject code: 7
+allow quick from 2001:db8:1:1::51 AS 4200000000 - 4294967295 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+
+
+match from 2001:db8:1:1::51 set ext-community $INTCOMM_IRR_REJECT
+
+# AS_PATH: check origin via AS-SET
+# IRRDB filters for AS5_2, AS5: asns
+# add $INTCOMM_ORIGIN_KO to any; it will be removed later if at least one AS-SET authorizes this object
+match from 2001:db8:1:1::51 set ext-community $INTCOMM_ORIGIN_KO
+# verifying if object is authorized by AS-SETs
+# AS-SET AS_AS5_FROM_PDB referenced but empty.
+match from 2001:db8:1:1::51 source-as as-set AS_SET_WHITE_LIST_AS5_2_asns set {
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community $INTCOMM_ORIGIN_OK
+} # WHITE_LIST_AS5_2
+# AS-SET AS5 referenced but empty.
+# adding not_present_in_as_set community to unauthorized routes
+match from 2001:db8:1:1::51 ext-community $INTCOMM_ORIGIN_KO set community 999:64515
+match from 2001:db8:1:1::51 ext-community $INTCOMM_ORIGIN_KO set large-community 999:0:64515
+# adding present_in_as_set community to authorized routes
+match from 2001:db8:1:1::51 ext-community $INTCOMM_ORIGIN_OK set community 999:64514
+match from 2001:db8:1:1::51 ext-community $INTCOMM_ORIGIN_OK set large-community 999:0:64514
+
+
+# Prefix: check prefix via AS-SET
+# IRRDB filters for AS5_2, AS5: prefixes
+# add $INTCOMM_PREFIX_KO to any; it will be removed later if at least one AS-SET authorizes this object
+match from 2001:db8:1:1::51 set ext-community $INTCOMM_PREFIX_KO
+# verifying if object is authorized by AS-SETs
+# AS-SET AS_AS5_FROM_PDB referenced but empty.
+match from 2001:db8:1:1::51 prefix-set AS_SET_WHITE_LIST_AS5_2_prefixes set {
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community $INTCOMM_PREFIX_OK
+} # WHITE_LIST_AS5_2
+# AS-SET AS5 referenced but empty.
+# adding not_present_in_as_set community to unauthorized routes
+match from 2001:db8:1:1::51 ext-community $INTCOMM_PREFIX_KO set community 999:64513
+match from 2001:db8:1:1::51 ext-community $INTCOMM_PREFIX_KO set large-community 999:0:64513
+# adding present_in_as_set community to authorized routes
+match from 2001:db8:1:1::51 ext-community $INTCOMM_PREFIX_OK set community 999:64512
+match from 2001:db8:1:1::51 ext-community $INTCOMM_PREFIX_OK set large-community 999:0:64512
+
+
+# routes tagged with $INTCOMM_PREF_OK_ROA community have the prefix validated by a ROA; origin ASN previously validated ($INTCOMM_ORIGIN_OK)
+match from 2001:db8:1:1::51 ext-community $INTCOMM_ORIGIN_OK ext-community $INTCOMM_PREF_OK_ROA set community 999:64516
+match from 2001:db8:1:1::51 ext-community $INTCOMM_ORIGIN_OK ext-community $INTCOMM_PREF_OK_ROA set large-community 999:0:64516
+
+match from 2001:db8:1:1::51 ext-community $INTCOMM_ORIGIN_OK ext-community $INTCOMM_PREF_OK_ROA set ext-community delete $INTCOMM_IRR_REJECT
+
+
+
+
+# enforcing: prefix
+# Reject inbound routes when 'from 2001:db8:1:1::51 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_PREFIX_KO' - reject code: 12
+allow quick from 2001:db8:1:1::51 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_PREFIX_KO set {
+	localpref 1
+	community 65520:0
+	community 65520:12
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+
+# Prefix: length
+# Reject inbound routes when 'from 2001:db8:1:1::51 prefix ::/0 prefixlen 12 >< 48' - reject code: 13
+allow quick from 2001:db8:1:1::51 prefix ::/0 prefixlen 12 >< 48 set {
+	localpref 1
+	community 65520:0
+	community 65520:13
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+# Remove internal communities before accepting the route
+match from 2001:db8:1:1::51 set {
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+match from 2001:db8:1:1::51 set ext-community delete rt 65520:5
+
+
+
+allow quick from 2001:db8:1:1::51
+
+
+
+# ---------------------------------------------
+# client AS5_2, outbound
+
+deny quick to 2001:db8:1:1::51 community 65520:0
+
+
+
+# Blackhole request?
+# No blackhole filtering policy given
+deny quick to 2001:db8:1:1::51 community BLACKHOLE
+
+
+
+# NO_EXPORT and NO_ADVERTISE communities
+
+# BGP control communities
+allow to 2001:db8:1:1::51
+
+
+# Add the $INTCOMM_PROCESS_PREPEND_COMMS ext community to signal that communities
+# for prepending can be processed. As soon as one prepending action is performed,
+# this internal community is removed, so that further actions are not processed.
+match to 2001:db8:1:1::51 set ext-community $INTCOMM_PROCESS_PREPEND_COMMS
+
+
+
+
+
+# ---------------------------------------------
+# client AS6_1, inbound
+
+
+
+# NEXT_HOP
+match from 192.0.2.61 set community NO_ADVERTISE
+match from 192.0.2.61 nexthop 192.0.2.61 set community delete NO_ADVERTISE
+# Reject inbound routes when 'from 192.0.2.61 community NO_ADVERTISE' - reject code: 5
+allow quick from 192.0.2.61 community NO_ADVERTISE set {
+	localpref 1
+	community 65520:0
+	community 65520:5
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: left-most ASN
+# Reject inbound routes when 'from 192.0.2.61 peer-as != 6' - reject code: 6
+# community from reject_cause_map
+allow quick from 192.0.2.61 peer-as != 6 set {
+	localpref 1
+	community 65520:0
+	community 65520:6
+	large-community 999:1101:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: invalid ASNs
+# Reject inbound routes when 'from 192.0.2.61 AS 23456' - reject code: 7
+allow quick from 192.0.2.61 AS 23456 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 192.0.2.61 AS 64496 - 131071' - reject code: 7
+allow quick from 192.0.2.61 AS 64496 - 131071 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 192.0.2.61 AS 4200000000 - 4294967295' - reject code: 7
+allow quick from 192.0.2.61 AS 4200000000 - 4294967295 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+
+# client's white list
+# Add the $INTCOMM_ROUTE_OK_WL ext community to routes which
+# are validated by a client's white list entry.
+# It will be used later during IRRDB validation in
+# case the route is not authorized by a client's
+# AS-SET.
+match from 192.0.2.61 prefix 2a03:2::/32 prefixlen 32 - 128 source-as 3 set ext-community $INTCOMM_ROUTE_OK_WL	# None
+match from 192.0.2.61 prefix 3.2.0.0/16 prefixlen 16 - 32 source-as 3 set ext-community $INTCOMM_ROUTE_OK_WL	# None
+
+match from 192.0.2.61 set ext-community $INTCOMM_IRR_REJECT
+
+# AS_PATH: check origin via AS-SET
+# IRRDB filters for AS6_1, AS6: asns
+# add $INTCOMM_ORIGIN_KO to any; it will be removed later if at least one AS-SET authorizes this object
+match from 192.0.2.61 set ext-community $INTCOMM_ORIGIN_KO
+# verifying if object is authorized by AS-SETs
+# AS-SET AS6 referenced but empty.
+# adding not_present_in_as_set community to unauthorized routes
+match from 192.0.2.61 ext-community $INTCOMM_ORIGIN_KO set community 999:64515
+match from 192.0.2.61 ext-community $INTCOMM_ORIGIN_KO set large-community 999:0:64515
+# adding present_in_as_set community to authorized routes
+match from 192.0.2.61 ext-community $INTCOMM_ORIGIN_OK set community 999:64514
+match from 192.0.2.61 ext-community $INTCOMM_ORIGIN_OK set large-community 999:0:64514
+
+
+# Prefix: check prefix via AS-SET
+# IRRDB filters for AS6_1, AS6: prefixes
+# add $INTCOMM_PREFIX_KO to any; it will be removed later if at least one AS-SET authorizes this object
+match from 192.0.2.61 set ext-community $INTCOMM_PREFIX_KO
+# verifying if object is authorized by AS-SETs
+# AS-SET AS6 referenced but empty.
+# adding not_present_in_as_set community to unauthorized routes
+match from 192.0.2.61 ext-community $INTCOMM_PREFIX_KO set community 999:64513
+match from 192.0.2.61 ext-community $INTCOMM_PREFIX_KO set large-community 999:0:64513
+# adding present_in_as_set community to authorized routes
+match from 192.0.2.61 ext-community $INTCOMM_PREFIX_OK set community 999:64512
+match from 192.0.2.61 ext-community $INTCOMM_PREFIX_OK set large-community 999:0:64512
+
+
+# routes tagged with $INTCOMM_PREF_OK_ROA community have the prefix validated by a ROA; origin ASN previously validated ($INTCOMM_ORIGIN_OK)
+match from 192.0.2.61 ext-community $INTCOMM_ORIGIN_OK ext-community $INTCOMM_PREF_OK_ROA set community 999:64516
+match from 192.0.2.61 ext-community $INTCOMM_ORIGIN_OK ext-community $INTCOMM_PREF_OK_ROA set large-community 999:0:64516
+
+match from 192.0.2.61 ext-community $INTCOMM_ORIGIN_OK ext-community $INTCOMM_PREF_OK_ROA set ext-community delete $INTCOMM_IRR_REJECT
+
+
+
+# route authorized by a client's white list?
+match from 192.0.2.61 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_ROUTE_OK_WL set community 999:64517
+match from 192.0.2.61 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_ROUTE_OK_WL set large-community 999:0:64517
+
+match from 192.0.2.61 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_ROUTE_OK_WL set ext-community delete $INTCOMM_IRR_REJECT
+
+# enforcing: origin ASN
+# Reject inbound routes when 'from 192.0.2.61 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_ORIGIN_KO' - reject code: 9
+allow quick from 192.0.2.61 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_ORIGIN_KO set {
+	localpref 1
+	community 65520:0
+	community 65520:9
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# enforcing: prefix
+# Reject inbound routes when 'from 192.0.2.61 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_PREFIX_KO' - reject code: 12
+allow quick from 192.0.2.61 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_PREFIX_KO set {
+	localpref 1
+	community 65520:0
+	community 65520:12
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+
+# Prefix: length
+# Reject inbound routes when 'from 192.0.2.61 prefix 0.0.0.0/0 prefixlen 8 >< 24' - reject code: 13
+allow quick from 192.0.2.61 prefix 0.0.0.0/0 prefixlen 8 >< 24 set {
+	localpref 1
+	community 65520:0
+	community 65520:13
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+# Remove internal communities before accepting the route
+match from 192.0.2.61 set {
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+match from 192.0.2.61 set ext-community delete rt 65520:6
+
+
+
+allow quick from 192.0.2.61
+
+
+
+# ---------------------------------------------
+# client AS6_1, outbound
+
+deny quick to 192.0.2.61 community 65520:0
+
+
+
+# Blackhole request?
+# No blackhole filtering policy given
+deny quick to 192.0.2.61 community BLACKHOLE
+
+
+
+# NO_EXPORT and NO_ADVERTISE communities
+
+# BGP control communities
+allow to 192.0.2.61
+
+
+# Add the $INTCOMM_PROCESS_PREPEND_COMMS ext community to signal that communities
+# for prepending can be processed. As soon as one prepending action is performed,
+# this internal community is removed, so that further actions are not processed.
+match to 192.0.2.61 set ext-community $INTCOMM_PROCESS_PREPEND_COMMS
+
+
+
+
+
+# ---------------------------------------------
+# client AS6_2, inbound
+
+
+
+# NEXT_HOP
+match from 2001:db8:1:1::61 set community NO_ADVERTISE
+match from 2001:db8:1:1::61 nexthop 2001:db8:1:1::61 set community delete NO_ADVERTISE
+# Reject inbound routes when 'from 2001:db8:1:1::61 community NO_ADVERTISE' - reject code: 5
+allow quick from 2001:db8:1:1::61 community NO_ADVERTISE set {
+	localpref 1
+	community 65520:0
+	community 65520:5
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: left-most ASN
+# Reject inbound routes when 'from 2001:db8:1:1::61 peer-as != 6' - reject code: 6
+# community from reject_cause_map
+allow quick from 2001:db8:1:1::61 peer-as != 6 set {
+	localpref 1
+	community 65520:0
+	community 65520:6
+	large-community 999:1101:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: invalid ASNs
+# Reject inbound routes when 'from 2001:db8:1:1::61 AS 23456' - reject code: 7
+allow quick from 2001:db8:1:1::61 AS 23456 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 2001:db8:1:1::61 AS 64496 - 131071' - reject code: 7
+allow quick from 2001:db8:1:1::61 AS 64496 - 131071 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 2001:db8:1:1::61 AS 4200000000 - 4294967295' - reject code: 7
+allow quick from 2001:db8:1:1::61 AS 4200000000 - 4294967295 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+
+# client's white list
+# Add the $INTCOMM_ROUTE_OK_WL ext community to routes which
+# are validated by a client's white list entry.
+# It will be used later during IRRDB validation in
+# case the route is not authorized by a client's
+# AS-SET.
+match from 2001:db8:1:1::61 prefix 2a03:2::/32 prefixlen 32 - 128 source-as 3 set ext-community $INTCOMM_ROUTE_OK_WL	# None
+match from 2001:db8:1:1::61 prefix 3.2.0.0/16 prefixlen 16 - 32 source-as 3 set ext-community $INTCOMM_ROUTE_OK_WL	# None
+
+match from 2001:db8:1:1::61 set ext-community $INTCOMM_IRR_REJECT
+
+# AS_PATH: check origin via AS-SET
+# IRRDB filters for AS6_2, AS6: asns
+# add $INTCOMM_ORIGIN_KO to any; it will be removed later if at least one AS-SET authorizes this object
+match from 2001:db8:1:1::61 set ext-community $INTCOMM_ORIGIN_KO
+# verifying if object is authorized by AS-SETs
+# AS-SET AS6 referenced but empty.
+# adding not_present_in_as_set community to unauthorized routes
+match from 2001:db8:1:1::61 ext-community $INTCOMM_ORIGIN_KO set community 999:64515
+match from 2001:db8:1:1::61 ext-community $INTCOMM_ORIGIN_KO set large-community 999:0:64515
+# adding present_in_as_set community to authorized routes
+match from 2001:db8:1:1::61 ext-community $INTCOMM_ORIGIN_OK set community 999:64514
+match from 2001:db8:1:1::61 ext-community $INTCOMM_ORIGIN_OK set large-community 999:0:64514
+
+
+# Prefix: check prefix via AS-SET
+# IRRDB filters for AS6_2, AS6: prefixes
+# add $INTCOMM_PREFIX_KO to any; it will be removed later if at least one AS-SET authorizes this object
+match from 2001:db8:1:1::61 set ext-community $INTCOMM_PREFIX_KO
+# verifying if object is authorized by AS-SETs
+# AS-SET AS6 referenced but empty.
+# adding not_present_in_as_set community to unauthorized routes
+match from 2001:db8:1:1::61 ext-community $INTCOMM_PREFIX_KO set community 999:64513
+match from 2001:db8:1:1::61 ext-community $INTCOMM_PREFIX_KO set large-community 999:0:64513
+# adding present_in_as_set community to authorized routes
+match from 2001:db8:1:1::61 ext-community $INTCOMM_PREFIX_OK set community 999:64512
+match from 2001:db8:1:1::61 ext-community $INTCOMM_PREFIX_OK set large-community 999:0:64512
+
+
+# routes tagged with $INTCOMM_PREF_OK_ROA community have the prefix validated by a ROA; origin ASN previously validated ($INTCOMM_ORIGIN_OK)
+match from 2001:db8:1:1::61 ext-community $INTCOMM_ORIGIN_OK ext-community $INTCOMM_PREF_OK_ROA set community 999:64516
+match from 2001:db8:1:1::61 ext-community $INTCOMM_ORIGIN_OK ext-community $INTCOMM_PREF_OK_ROA set large-community 999:0:64516
+
+match from 2001:db8:1:1::61 ext-community $INTCOMM_ORIGIN_OK ext-community $INTCOMM_PREF_OK_ROA set ext-community delete $INTCOMM_IRR_REJECT
+
+
+
+# route authorized by a client's white list?
+match from 2001:db8:1:1::61 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_ROUTE_OK_WL set community 999:64517
+match from 2001:db8:1:1::61 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_ROUTE_OK_WL set large-community 999:0:64517
+
+match from 2001:db8:1:1::61 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_ROUTE_OK_WL set ext-community delete $INTCOMM_IRR_REJECT
+
+# enforcing: origin ASN
+# Reject inbound routes when 'from 2001:db8:1:1::61 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_ORIGIN_KO' - reject code: 9
+allow quick from 2001:db8:1:1::61 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_ORIGIN_KO set {
+	localpref 1
+	community 65520:0
+	community 65520:9
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# enforcing: prefix
+# Reject inbound routes when 'from 2001:db8:1:1::61 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_PREFIX_KO' - reject code: 12
+allow quick from 2001:db8:1:1::61 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_PREFIX_KO set {
+	localpref 1
+	community 65520:0
+	community 65520:12
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+
+# Prefix: length
+# Reject inbound routes when 'from 2001:db8:1:1::61 prefix ::/0 prefixlen 12 >< 48' - reject code: 13
+allow quick from 2001:db8:1:1::61 prefix ::/0 prefixlen 12 >< 48 set {
+	localpref 1
+	community 65520:0
+	community 65520:13
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+# Remove internal communities before accepting the route
+match from 2001:db8:1:1::61 set {
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+match from 2001:db8:1:1::61 set ext-community delete rt 65520:6
+
+
+
+allow quick from 2001:db8:1:1::61
+
+
+
+# ---------------------------------------------
+# client AS6_2, outbound
+
+deny quick to 2001:db8:1:1::61 community 65520:0
+
+
+
+# Blackhole request?
+# No blackhole filtering policy given
+deny quick to 2001:db8:1:1::61 community BLACKHOLE
+
+
+
+# NO_EXPORT and NO_ADVERTISE communities
+
+# BGP control communities
+allow to 2001:db8:1:1::61
+
+
+# Add the $INTCOMM_PROCESS_PREPEND_COMMS ext community to signal that communities
+# for prepending can be processed. As soon as one prepending action is performed,
+# this internal community is removed, so that further actions are not processed.
+match to 2001:db8:1:1::61 set ext-community $INTCOMM_PROCESS_PREPEND_COMMS
+
+
+
+
+
+
+
+# Scrub communities from outbound routes
+# reject_cause
+match to group clients set community delete 65520:*
+
+# reject_cause_map_6
+match to group clients set large-community delete 999:1101:7
+
+# rejected_route_announced_by
+match to group clients set ext-community delete rt 65520:*
+
+
+# Scrub prepending communities
+
+
+# RFC1997 NO_EXPORT/NO_ADVERTISE received from clients and propagated because of pass-through policy
+match to group clients ext-community $INTCOMM_NO_EXPORT set community NO_EXPORT
+match to group clients ext-community $INTCOMM_NO_ADVERTISE set community NO_ADVERTISE
+
+# Remove internal communities before announcing the route
+match to group clients set {
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
diff --git a/tests/live_tests/scenarios/tag_as_set/configs/TagASSetScenario_EmptyAS_SETs_OpenBGPDIPv4/openbgpd77p.conf b/tests/live_tests/scenarios/tag_as_set/configs/TagASSetScenario_EmptyAS_SETs_OpenBGPDIPv4/openbgpd77p.conf
new file mode 100644
index 00000000..b896b0a1
--- /dev/null
+++ b/tests/live_tests/scenarios/tag_as_set/configs/TagASSetScenario_EmptyAS_SETs_OpenBGPDIPv4/openbgpd77p.conf
@@ -0,0 +1,3557 @@
+# built by ARouteServer
+AS 999
+router-id 192.0.2.2
+
+fib-update no
+log updates
+
+nexthop qualify via default
+
+rde evaluate all
+
+INTCOMM_PREF_OK_ROA="soo 65535:1"
+INTCOMM_ROUTE_OK_WL="soo 65535:2"
+INTCOMM_PREF_OK_ARINDB="soo 65535:3"
+INTCOMM_PREF_OK_REGISTROBRDB="soo 65535:12"
+
+INTCOMM_ORIGIN_OK="soo 65535:4"
+INTCOMM_ORIGIN_KO="soo 65535:5"
+INTCOMM_PREFIX_OK="soo 65535:6"
+INTCOMM_PREFIX_KO="soo 65535:7"
+INTCOMM_IRR_REJECT="soo 65535:8"
+
+INTCOMM_RPKI_UNKNOWN="soo 65535:9"
+INTCOMM_RPKI_INVALID="soo 65535:10"
+INTCOMM_RPKI_VALID="soo 65535:11"
+
+INTCOMM_PROCESS_PREPEND_COMMS="soo 65535:13"
+
+INTCOMM_NO_EXPORT="soo 65535:65281"
+INTCOMM_NO_ADVERTISE="soo 65535:65282"
+
+# ---------------------------------------------------------
+# IRRDB
+
+# WHITE_LIST_AS4_1, used by client AS4_1 white list
+as-set "AS_SET_WHITE_LIST_AS4_1_asns" {
+    41
+}
+prefix-set "AS_SET_WHITE_LIST_AS4_1_prefixes" {
+    4.2.0.0/16 prefixlen 16 - 32
+    2a04:2::/32 prefixlen 32 - 128
+}
+
+# AS4, used by client AS4_1, client AS4_2
+# no origin ASNs found for AS4
+# no prefixes found for AS4
+
+# WHITE_LIST_AS2_2, used by client AS2_2 white list
+as-set "AS_SET_WHITE_LIST_AS2_2_asns" {
+    21
+}
+prefix-set "AS_SET_WHITE_LIST_AS2_2_prefixes" {
+    2.2.0.0/16 prefixlen 16 - 32
+    2a02:2::/32 prefixlen 32 - 128
+}
+
+# AS-AS5_FROM_PDB, used by client AS5_1, client AS5_2
+# no origin ASNs found for AS_AS5_FROM_PDB
+# no prefixes found for AS_AS5_FROM_PDB
+
+# AS-AS4, used by client AS4_1, client AS4_2
+# no origin ASNs found for AS_AS4
+# no prefixes found for AS_AS4
+
+# AS2, used by client AS2_1, client AS2_2
+# no origin ASNs found for AS2
+# no prefixes found for AS2
+
+# WHITE_LIST_AS5_2, used by client AS5_2 white list
+as-set "AS_SET_WHITE_LIST_AS5_2_asns" {
+    51
+}
+prefix-set "AS_SET_WHITE_LIST_AS5_2_prefixes" {
+    5.2.0.0/16 prefixlen 16 - 32
+    2a05:2::/32 prefixlen 32 - 128
+}
+
+# AS5, used by client AS5_1, client AS5_2
+# no origin ASNs found for AS5
+# no prefixes found for AS5
+
+# AS6, used by client AS6_1, client AS6_2
+# no origin ASNs found for AS6
+# no prefixes found for AS6
+
+# WHITE_LIST_AS5_1, used by client AS5_1 white list
+as-set "AS_SET_WHITE_LIST_AS5_1_asns" {
+    51
+}
+prefix-set "AS_SET_WHITE_LIST_AS5_1_prefixes" {
+    5.2.0.0/16 prefixlen 16 - 32
+    2a05:2::/32 prefixlen 32 - 128
+}
+
+# WHITE_LIST_AS2_1, used by client AS2_1 white list
+as-set "AS_SET_WHITE_LIST_AS2_1_asns" {
+    21
+}
+prefix-set "AS_SET_WHITE_LIST_AS2_1_prefixes" {
+    2.2.0.0/16 prefixlen 16 - 32
+    2a02:2::/32 prefixlen 32 - 128
+}
+
+# AS1, used by client AS1_1, client AS1_2
+# no origin ASNs found for AS1
+# no prefixes found for AS1
+
+# WHITE_LIST_AS4_2, used by client AS4_2 white list
+as-set "AS_SET_WHITE_LIST_AS4_2_asns" {
+    41
+}
+prefix-set "AS_SET_WHITE_LIST_AS4_2_prefixes" {
+    4.2.0.0/16 prefixlen 16 - 32
+    2a04:2::/32 prefixlen 32 - 128
+}
+
+# AS-AS2, used by client AS2_1, client AS2_2
+# no origin ASNs found for AS_AS2
+# no prefixes found for AS_AS2
+
+
+
+
+# ---------------------------------------------------------
+# MEMBERS
+
+group "clients" {
+
+	neighbor 192.0.2.11 {
+		remote-as 1
+
+		rde evaluate all
+
+		descr "AS1_1 client, no AS-SET"
+		passive
+		ttl-security no
+		transparent-as yes
+		enforce neighbor-as no
+
+		announce as-4byte yes
+		announce IPv6 none
+		announce IPv4 unicast
+
+		set nexthop no-modify
+	}
+
+	neighbor 2001:db8:1:1::11 {
+		remote-as 1
+
+		rde evaluate all
+
+		descr "AS1_1 client, no AS-SET"
+		passive
+		ttl-security no
+		transparent-as yes
+		enforce neighbor-as no
+
+		announce as-4byte yes
+		announce IPv6 unicast
+		announce IPv4 none
+
+		set nexthop no-modify
+	}
+
+	neighbor 192.0.2.21 {
+		remote-as 2
+
+		rde evaluate all
+
+		descr "AS2_1 client, AS-SET from AS..."
+		passive
+		ttl-security no
+		transparent-as yes
+		enforce neighbor-as no
+
+		announce as-4byte yes
+		announce IPv6 none
+		announce IPv4 unicast
+
+		set nexthop no-modify
+	}
+
+	neighbor 2001:db8:1:1::21 {
+		remote-as 2
+
+		rde evaluate all
+
+		descr "AS2_1 client, AS-SET from AS..."
+		passive
+		ttl-security no
+		transparent-as yes
+		enforce neighbor-as no
+
+		announce as-4byte yes
+		announce IPv6 unicast
+		announce IPv4 none
+
+		set nexthop no-modify
+	}
+
+	neighbor 192.0.2.41 {
+		remote-as 4
+
+		rde evaluate all
+
+		descr "AS4_1 client, AS-SET configu..."
+		passive
+		ttl-security no
+		transparent-as yes
+		enforce neighbor-as no
+
+		announce as-4byte yes
+		announce IPv6 none
+		announce IPv4 unicast
+
+		set nexthop no-modify
+	}
+
+	neighbor 2001:db8:1:1::41 {
+		remote-as 4
+
+		rde evaluate all
+
+		descr "AS4_1 client, AS-SET configu..."
+		passive
+		ttl-security no
+		transparent-as yes
+		enforce neighbor-as no
+
+		announce as-4byte yes
+		announce IPv6 unicast
+		announce IPv4 none
+
+		set nexthop no-modify
+	}
+
+	neighbor 192.0.2.51 {
+		remote-as 5
+
+		rde evaluate all
+
+		descr "AS5_1 client, AS-SET from Pe..."
+		passive
+		ttl-security no
+		transparent-as yes
+		enforce neighbor-as no
+
+		announce as-4byte yes
+		announce IPv6 none
+		announce IPv4 unicast
+
+		set nexthop no-modify
+	}
+
+	neighbor 2001:db8:1:1::51 {
+		remote-as 5
+
+		rde evaluate all
+
+		descr "AS5_1 client, AS-SET from Pe..."
+		passive
+		ttl-security no
+		transparent-as yes
+		enforce neighbor-as no
+
+		announce as-4byte yes
+		announce IPv6 unicast
+		announce IPv4 none
+
+		set nexthop no-modify
+	}
+
+	neighbor 192.0.2.61 {
+		remote-as 6
+
+		rde evaluate all
+
+		descr "AS6_1 client"
+		passive
+		ttl-security no
+		transparent-as yes
+		enforce neighbor-as no
+
+		announce as-4byte yes
+		announce IPv6 none
+		announce IPv4 unicast
+
+		set nexthop no-modify
+	}
+
+	neighbor 2001:db8:1:1::61 {
+		remote-as 6
+
+		rde evaluate all
+
+		descr "AS6_1 client"
+		passive
+		ttl-security no
+		transparent-as yes
+		enforce neighbor-as no
+
+		announce as-4byte yes
+		announce IPv6 unicast
+		announce IPv4 none
+
+		set nexthop no-modify
+	}
+}
+
+
+
+# ---------------------------------------------------------
+# FILTERS
+
+# NO_ADVERTISE usage notes.
+# The NO_ADVERTISE well-know community is used here to handle
+# filters that span over multiple steps. At first it is added
+# to any route, then it is removed as filters conditions are
+# satisfied. Finally, if it is still present, it means that
+# the route should be discarded.
+
+
+
+
+
+prefix-set "bogons" {
+    0.0.0.0/0
+    0.0.0.0/8 prefixlen 8 - 32
+    10.0.0.0/8 prefixlen 8 - 32
+    127.0.0.0/8 prefixlen 8 - 32
+    169.254.0.0/16 prefixlen 16 - 32
+    172.16.0.0/12 prefixlen 12 - 32
+    192.0.2.0/24 prefixlen 24 - 32
+    192.88.99.0/24 prefixlen 24 - 32
+    192.168.0.0/16 prefixlen 16 - 32
+    198.18.0.0/15 prefixlen 15 - 32
+    198.51.100.0/24 prefixlen 24 - 32
+    203.0.113.0/24 prefixlen 24 - 32
+    224.0.0.0/3 prefixlen 3 - 32
+    100.64.0.0/10 prefixlen 10 - 32
+    ::/0
+    ::/8 prefixlen 8 - 128
+    64:ff9b::/96 prefixlen 96 - 128
+    100::/8 prefixlen 8 - 128
+    200::/7 prefixlen 7 - 128
+    400::/6 prefixlen 6 - 128
+    800::/5 prefixlen 5 - 128
+    1000::/4 prefixlen 4 - 128
+    2001::/33 prefixlen 33 - 128
+    2001:0:8000::/33 prefixlen 33 - 128
+    2001:2::/48 prefixlen 48 - 128
+    2001:3::/32 prefixlen 32 - 128
+    2001:10::/28 prefixlen 28 - 128
+    2001:20::/28 prefixlen 28 - 128
+    2001:db8::/32 prefixlen 32 - 128
+    2002::/16 prefixlen 16 - 128
+    3ffe::/16 prefixlen 16 - 128
+    4000::/3 prefixlen 3 - 128
+    5f00::/8 prefixlen 8 - 128
+    6000::/3 prefixlen 3 - 128
+    8000::/3 prefixlen 3 - 128
+    a000::/3 prefixlen 3 - 128
+    c000::/3 prefixlen 3 - 128
+    e000::/4 prefixlen 4 - 128
+    f000::/5 prefixlen 5 - 128
+    f800::/6 prefixlen 6 - 128
+    fc00::/7 prefixlen 7 - 128
+    fe80::/10 prefixlen 10 - 128
+    fec0::/10 prefixlen 10 - 128
+    ff00::/8 prefixlen 8 - 128
+
+}
+
+
+# =====================================================================================
+# Global rules.
+
+# This part of configuration is processed at the beginning of the filters.
+# The rules defined in this part are applied to all the clients, and not on a
+# client-by-client basis (see the 'match from group clients'), so only global policies
+# can be implemented here, that is no client-level configuration are allowed.
+
+
+
+# Scrub communities from inbound routes
+# origin_not_present_in_as_set
+match from group clients set community delete 999:64515
+match from group clients set large-community delete 999:0:64515
+
+# origin_present_in_as_set
+match from group clients set community delete 999:64514
+match from group clients set large-community delete 999:0:64514
+
+# prefix_not_present_in_as_set
+match from group clients set community delete 999:64513
+match from group clients set large-community delete 999:0:64513
+
+# prefix_present_in_as_set
+match from group clients set community delete 999:64512
+match from group clients set large-community delete 999:0:64512
+
+# prefix_validated_via_arin_whois_db_dump
+match from group clients set community delete 999:64518
+match from group clients set large-community delete 999:0:64518
+
+# prefix_validated_via_rpki_roas
+match from group clients set community delete 999:64516
+match from group clients set large-community delete 999:0:64516
+
+# reject_cause
+match from group clients set community delete 65520:*
+
+# reject_cause_map_6
+match from group clients set large-community delete 999:1101:7
+
+# rejected_route_announced_by
+match from group clients set ext-community delete rt 65520:*
+
+# route_validated_via_white_list
+match from group clients set community delete 999:64517
+match from group clients set large-community delete 999:0:64517
+
+
+# Scrub internal communities from inbound routes
+match from group clients set {
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+# The main goal of this block is to enrich routes received from clients by attaching to them
+# internal informational communities which are used later by the rest of the filter rules.
+
+# Internal communities used for RFC1997 well-known communities handling
+
+# Transform NO_EXPORT into $INTCOMM_NO_EXPORT
+match from group clients community NO_EXPORT set { ext-community $INTCOMM_NO_EXPORT community delete NO_EXPORT }
+
+# Transform NO_ADVERTISE into $INTCOMM_NO_ADVERTISE
+match from group clients community NO_ADVERTISE set { ext-community $INTCOMM_NO_ADVERTISE community delete NO_ADVERTISE }
+
+
+# ---------------------------------------------------------
+# ROAs source
+
+
+roa-set {
+
+}
+
+
+
+
+# ---------------------------------------------------------
+# RPKI ROAs used as route objects.
+
+# Add the $INTCOMM_PREF_OK_ROA ext community to routes whose
+# origin ASN has a ROA for the announced prefix.
+# It will be used later during IRRDB validation in
+# case the origin ASN is authorized by a client's
+# AS-SET but the prefix is not.
+
+match from group clients ovs valid set ext-community $INTCOMM_PREF_OK_ROA
+
+
+
+
+
+
+# Set the 'rejected_route_announced_by' community for all the clients.
+# It will be removed later if the route is not invalid
+match from 192.0.2.11 set ext-community rt 65520:1
+
+match from 2001:db8:1:1::11 set ext-community rt 65520:1
+
+match from 192.0.2.21 set ext-community rt 65520:2
+
+match from 2001:db8:1:1::21 set ext-community rt 65520:2
+
+match from 192.0.2.41 set ext-community rt 65520:4
+
+match from 2001:db8:1:1::41 set ext-community rt 65520:4
+
+match from 192.0.2.51 set ext-community rt 65520:5
+
+match from 2001:db8:1:1::51 set ext-community rt 65520:5
+
+match from 192.0.2.61 set ext-community rt 65520:6
+
+match from 2001:db8:1:1::61 set ext-community rt 65520:6
+
+
+
+
+# AS_PATH: length
+# Reject inbound routes when 'from group clients max-as-len 32' - reject code: 1
+allow quick from group clients max-as-len 32 set {
+	localpref 1
+	community 65520:0
+	community 65520:1
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+# Prefix: only IPv6 Global Unicast space allowed
+match from group clients inet6 set community NO_ADVERTISE
+match from group clients prefix 2000::/3 or-longer set community delete NO_ADVERTISE
+# Reject inbound routes when 'from group clients community NO_ADVERTISE' - reject code: 10
+allow quick from group clients community NO_ADVERTISE set {
+	localpref 1
+	community 65520:0
+	community 65520:10
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# Prefix: bogon
+# Reject inbound routes when 'from group clients prefix-set bogons' - reject code: 2
+allow quick from group clients prefix-set bogons set {
+	localpref 1
+	community 65520:0
+	community 65520:2
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+
+# =====================================================================================
+# Per client rules.
+
+
+# ---------------------------------------------
+# client AS1_1, inbound
+
+
+
+# NEXT_HOP
+match from 192.0.2.11 set community NO_ADVERTISE
+match from 192.0.2.11 nexthop 192.0.2.11 set community delete NO_ADVERTISE
+# Reject inbound routes when 'from 192.0.2.11 community NO_ADVERTISE' - reject code: 5
+allow quick from 192.0.2.11 community NO_ADVERTISE set {
+	localpref 1
+	community 65520:0
+	community 65520:5
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: left-most ASN
+# Reject inbound routes when 'from 192.0.2.11 peer-as != 1' - reject code: 6
+# community from reject_cause_map
+allow quick from 192.0.2.11 peer-as != 1 set {
+	localpref 1
+	community 65520:0
+	community 65520:6
+	large-community 999:1101:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: invalid ASNs
+# Reject inbound routes when 'from 192.0.2.11 AS 23456' - reject code: 7
+allow quick from 192.0.2.11 AS 23456 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 192.0.2.11 AS 64496 - 131071' - reject code: 7
+allow quick from 192.0.2.11 AS 64496 - 131071 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 192.0.2.11 AS 4200000000 - 4294967295' - reject code: 7
+allow quick from 192.0.2.11 AS 4200000000 - 4294967295 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+
+
+match from 192.0.2.11 set ext-community $INTCOMM_IRR_REJECT
+
+# AS_PATH: check origin via AS-SET
+# IRRDB filters for AS1_1, AS1: asns
+# add $INTCOMM_ORIGIN_KO to any; it will be removed later if at least one AS-SET authorizes this object
+match from 192.0.2.11 set ext-community $INTCOMM_ORIGIN_KO
+# verifying if object is authorized by AS-SETs
+# AS-SET AS1 referenced but empty.
+# adding not_present_in_as_set community to unauthorized routes
+match from 192.0.2.11 ext-community $INTCOMM_ORIGIN_KO set community 999:64515
+match from 192.0.2.11 ext-community $INTCOMM_ORIGIN_KO set large-community 999:0:64515
+# adding present_in_as_set community to authorized routes
+match from 192.0.2.11 ext-community $INTCOMM_ORIGIN_OK set community 999:64514
+match from 192.0.2.11 ext-community $INTCOMM_ORIGIN_OK set large-community 999:0:64514
+
+
+# Prefix: check prefix via AS-SET
+# IRRDB filters for AS1_1, AS1: prefixes
+# add $INTCOMM_PREFIX_KO to any; it will be removed later if at least one AS-SET authorizes this object
+match from 192.0.2.11 set ext-community $INTCOMM_PREFIX_KO
+# verifying if object is authorized by AS-SETs
+# AS-SET AS1 referenced but empty.
+# adding not_present_in_as_set community to unauthorized routes
+match from 192.0.2.11 ext-community $INTCOMM_PREFIX_KO set community 999:64513
+match from 192.0.2.11 ext-community $INTCOMM_PREFIX_KO set large-community 999:0:64513
+# adding present_in_as_set community to authorized routes
+match from 192.0.2.11 ext-community $INTCOMM_PREFIX_OK set community 999:64512
+match from 192.0.2.11 ext-community $INTCOMM_PREFIX_OK set large-community 999:0:64512
+
+
+# routes tagged with $INTCOMM_PREF_OK_ROA community have the prefix validated by a ROA; origin ASN previously validated ($INTCOMM_ORIGIN_OK)
+match from 192.0.2.11 ext-community $INTCOMM_ORIGIN_OK ext-community $INTCOMM_PREF_OK_ROA set community 999:64516
+match from 192.0.2.11 ext-community $INTCOMM_ORIGIN_OK ext-community $INTCOMM_PREF_OK_ROA set large-community 999:0:64516
+
+match from 192.0.2.11 ext-community $INTCOMM_ORIGIN_OK ext-community $INTCOMM_PREF_OK_ROA set ext-community delete $INTCOMM_IRR_REJECT
+
+
+
+
+
+
+
+# Prefix: length
+# Reject inbound routes when 'from 192.0.2.11 prefix 0.0.0.0/0 prefixlen 8 >< 24' - reject code: 13
+allow quick from 192.0.2.11 prefix 0.0.0.0/0 prefixlen 8 >< 24 set {
+	localpref 1
+	community 65520:0
+	community 65520:13
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+# Remove internal communities before accepting the route
+match from 192.0.2.11 set {
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+match from 192.0.2.11 set ext-community delete rt 65520:1
+
+
+
+allow quick from 192.0.2.11
+
+
+
+# ---------------------------------------------
+# client AS1_1, outbound
+
+deny quick to 192.0.2.11 community 65520:0
+
+
+
+# Blackhole request?
+# No blackhole filtering policy given
+deny quick to 192.0.2.11 community BLACKHOLE
+
+
+
+# NO_EXPORT and NO_ADVERTISE communities
+
+# BGP control communities
+allow to 192.0.2.11
+
+
+# Add the $INTCOMM_PROCESS_PREPEND_COMMS ext community to signal that communities
+# for prepending can be processed. As soon as one prepending action is performed,
+# this internal community is removed, so that further actions are not processed.
+match to 192.0.2.11 set ext-community $INTCOMM_PROCESS_PREPEND_COMMS
+
+
+
+
+
+# ---------------------------------------------
+# client AS1_2, inbound
+
+
+
+# NEXT_HOP
+match from 2001:db8:1:1::11 set community NO_ADVERTISE
+match from 2001:db8:1:1::11 nexthop 2001:db8:1:1::11 set community delete NO_ADVERTISE
+# Reject inbound routes when 'from 2001:db8:1:1::11 community NO_ADVERTISE' - reject code: 5
+allow quick from 2001:db8:1:1::11 community NO_ADVERTISE set {
+	localpref 1
+	community 65520:0
+	community 65520:5
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: left-most ASN
+# Reject inbound routes when 'from 2001:db8:1:1::11 peer-as != 1' - reject code: 6
+# community from reject_cause_map
+allow quick from 2001:db8:1:1::11 peer-as != 1 set {
+	localpref 1
+	community 65520:0
+	community 65520:6
+	large-community 999:1101:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: invalid ASNs
+# Reject inbound routes when 'from 2001:db8:1:1::11 AS 23456' - reject code: 7
+allow quick from 2001:db8:1:1::11 AS 23456 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 2001:db8:1:1::11 AS 64496 - 131071' - reject code: 7
+allow quick from 2001:db8:1:1::11 AS 64496 - 131071 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 2001:db8:1:1::11 AS 4200000000 - 4294967295' - reject code: 7
+allow quick from 2001:db8:1:1::11 AS 4200000000 - 4294967295 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+
+
+match from 2001:db8:1:1::11 set ext-community $INTCOMM_IRR_REJECT
+
+# AS_PATH: check origin via AS-SET
+# IRRDB filters for AS1_2, AS1: asns
+# add $INTCOMM_ORIGIN_KO to any; it will be removed later if at least one AS-SET authorizes this object
+match from 2001:db8:1:1::11 set ext-community $INTCOMM_ORIGIN_KO
+# verifying if object is authorized by AS-SETs
+# AS-SET AS1 referenced but empty.
+# adding not_present_in_as_set community to unauthorized routes
+match from 2001:db8:1:1::11 ext-community $INTCOMM_ORIGIN_KO set community 999:64515
+match from 2001:db8:1:1::11 ext-community $INTCOMM_ORIGIN_KO set large-community 999:0:64515
+# adding present_in_as_set community to authorized routes
+match from 2001:db8:1:1::11 ext-community $INTCOMM_ORIGIN_OK set community 999:64514
+match from 2001:db8:1:1::11 ext-community $INTCOMM_ORIGIN_OK set large-community 999:0:64514
+
+
+# Prefix: check prefix via AS-SET
+# IRRDB filters for AS1_2, AS1: prefixes
+# add $INTCOMM_PREFIX_KO to any; it will be removed later if at least one AS-SET authorizes this object
+match from 2001:db8:1:1::11 set ext-community $INTCOMM_PREFIX_KO
+# verifying if object is authorized by AS-SETs
+# AS-SET AS1 referenced but empty.
+# adding not_present_in_as_set community to unauthorized routes
+match from 2001:db8:1:1::11 ext-community $INTCOMM_PREFIX_KO set community 999:64513
+match from 2001:db8:1:1::11 ext-community $INTCOMM_PREFIX_KO set large-community 999:0:64513
+# adding present_in_as_set community to authorized routes
+match from 2001:db8:1:1::11 ext-community $INTCOMM_PREFIX_OK set community 999:64512
+match from 2001:db8:1:1::11 ext-community $INTCOMM_PREFIX_OK set large-community 999:0:64512
+
+
+# routes tagged with $INTCOMM_PREF_OK_ROA community have the prefix validated by a ROA; origin ASN previously validated ($INTCOMM_ORIGIN_OK)
+match from 2001:db8:1:1::11 ext-community $INTCOMM_ORIGIN_OK ext-community $INTCOMM_PREF_OK_ROA set community 999:64516
+match from 2001:db8:1:1::11 ext-community $INTCOMM_ORIGIN_OK ext-community $INTCOMM_PREF_OK_ROA set large-community 999:0:64516
+
+match from 2001:db8:1:1::11 ext-community $INTCOMM_ORIGIN_OK ext-community $INTCOMM_PREF_OK_ROA set ext-community delete $INTCOMM_IRR_REJECT
+
+
+
+
+
+
+
+# Prefix: length
+# Reject inbound routes when 'from 2001:db8:1:1::11 prefix ::/0 prefixlen 12 >< 48' - reject code: 13
+allow quick from 2001:db8:1:1::11 prefix ::/0 prefixlen 12 >< 48 set {
+	localpref 1
+	community 65520:0
+	community 65520:13
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+# Remove internal communities before accepting the route
+match from 2001:db8:1:1::11 set {
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+match from 2001:db8:1:1::11 set ext-community delete rt 65520:1
+
+
+
+allow quick from 2001:db8:1:1::11
+
+
+
+# ---------------------------------------------
+# client AS1_2, outbound
+
+deny quick to 2001:db8:1:1::11 community 65520:0
+
+
+
+# Blackhole request?
+# No blackhole filtering policy given
+deny quick to 2001:db8:1:1::11 community BLACKHOLE
+
+
+
+# NO_EXPORT and NO_ADVERTISE communities
+
+# BGP control communities
+allow to 2001:db8:1:1::11
+
+
+# Add the $INTCOMM_PROCESS_PREPEND_COMMS ext community to signal that communities
+# for prepending can be processed. As soon as one prepending action is performed,
+# this internal community is removed, so that further actions are not processed.
+match to 2001:db8:1:1::11 set ext-community $INTCOMM_PROCESS_PREPEND_COMMS
+
+
+
+
+
+# ---------------------------------------------
+# client AS2_1, inbound
+
+
+
+# NEXT_HOP
+match from 192.0.2.21 set community NO_ADVERTISE
+match from 192.0.2.21 nexthop 192.0.2.21 set community delete NO_ADVERTISE
+# Reject inbound routes when 'from 192.0.2.21 community NO_ADVERTISE' - reject code: 5
+allow quick from 192.0.2.21 community NO_ADVERTISE set {
+	localpref 1
+	community 65520:0
+	community 65520:5
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: left-most ASN
+# Reject inbound routes when 'from 192.0.2.21 peer-as != 2' - reject code: 6
+# community from reject_cause_map
+allow quick from 192.0.2.21 peer-as != 2 set {
+	localpref 1
+	community 65520:0
+	community 65520:6
+	large-community 999:1101:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: invalid ASNs
+# Reject inbound routes when 'from 192.0.2.21 AS 23456' - reject code: 7
+allow quick from 192.0.2.21 AS 23456 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 192.0.2.21 AS 64496 - 131071' - reject code: 7
+allow quick from 192.0.2.21 AS 64496 - 131071 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 192.0.2.21 AS 4200000000 - 4294967295' - reject code: 7
+allow quick from 192.0.2.21 AS 4200000000 - 4294967295 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+
+
+match from 192.0.2.21 set ext-community $INTCOMM_IRR_REJECT
+
+# AS_PATH: check origin via AS-SET
+# IRRDB filters for AS2_1, AS2: asns
+# add $INTCOMM_ORIGIN_KO to any; it will be removed later if at least one AS-SET authorizes this object
+match from 192.0.2.21 set ext-community $INTCOMM_ORIGIN_KO
+# verifying if object is authorized by AS-SETs
+# AS-SET AS2 referenced but empty.
+match from 192.0.2.21 source-as as-set AS_SET_WHITE_LIST_AS2_1_asns set {
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community $INTCOMM_ORIGIN_OK
+} # WHITE_LIST_AS2_1
+# AS-SET AS_AS2 referenced but empty.
+# adding not_present_in_as_set community to unauthorized routes
+match from 192.0.2.21 ext-community $INTCOMM_ORIGIN_KO set community 999:64515
+match from 192.0.2.21 ext-community $INTCOMM_ORIGIN_KO set large-community 999:0:64515
+# adding present_in_as_set community to authorized routes
+match from 192.0.2.21 ext-community $INTCOMM_ORIGIN_OK set community 999:64514
+match from 192.0.2.21 ext-community $INTCOMM_ORIGIN_OK set large-community 999:0:64514
+
+
+# Prefix: check prefix via AS-SET
+# IRRDB filters for AS2_1, AS2: prefixes
+# add $INTCOMM_PREFIX_KO to any; it will be removed later if at least one AS-SET authorizes this object
+match from 192.0.2.21 set ext-community $INTCOMM_PREFIX_KO
+# verifying if object is authorized by AS-SETs
+# AS-SET AS2 referenced but empty.
+match from 192.0.2.21 prefix-set AS_SET_WHITE_LIST_AS2_1_prefixes set {
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community $INTCOMM_PREFIX_OK
+} # WHITE_LIST_AS2_1
+# AS-SET AS_AS2 referenced but empty.
+# adding not_present_in_as_set community to unauthorized routes
+match from 192.0.2.21 ext-community $INTCOMM_PREFIX_KO set community 999:64513
+match from 192.0.2.21 ext-community $INTCOMM_PREFIX_KO set large-community 999:0:64513
+# adding present_in_as_set community to authorized routes
+match from 192.0.2.21 ext-community $INTCOMM_PREFIX_OK set community 999:64512
+match from 192.0.2.21 ext-community $INTCOMM_PREFIX_OK set large-community 999:0:64512
+
+
+# routes tagged with $INTCOMM_PREF_OK_ROA community have the prefix validated by a ROA; origin ASN previously validated ($INTCOMM_ORIGIN_OK)
+match from 192.0.2.21 ext-community $INTCOMM_ORIGIN_OK ext-community $INTCOMM_PREF_OK_ROA set community 999:64516
+match from 192.0.2.21 ext-community $INTCOMM_ORIGIN_OK ext-community $INTCOMM_PREF_OK_ROA set large-community 999:0:64516
+
+match from 192.0.2.21 ext-community $INTCOMM_ORIGIN_OK ext-community $INTCOMM_PREF_OK_ROA set ext-community delete $INTCOMM_IRR_REJECT
+
+
+
+
+
+
+
+# Prefix: length
+# Reject inbound routes when 'from 192.0.2.21 prefix 0.0.0.0/0 prefixlen 8 >< 24' - reject code: 13
+allow quick from 192.0.2.21 prefix 0.0.0.0/0 prefixlen 8 >< 24 set {
+	localpref 1
+	community 65520:0
+	community 65520:13
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+# Remove internal communities before accepting the route
+match from 192.0.2.21 set {
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+match from 192.0.2.21 set ext-community delete rt 65520:2
+
+
+
+allow quick from 192.0.2.21
+
+
+
+# ---------------------------------------------
+# client AS2_1, outbound
+
+deny quick to 192.0.2.21 community 65520:0
+
+
+
+# Blackhole request?
+# No blackhole filtering policy given
+deny quick to 192.0.2.21 community BLACKHOLE
+
+
+
+# NO_EXPORT and NO_ADVERTISE communities
+
+# BGP control communities
+allow to 192.0.2.21
+
+
+# Add the $INTCOMM_PROCESS_PREPEND_COMMS ext community to signal that communities
+# for prepending can be processed. As soon as one prepending action is performed,
+# this internal community is removed, so that further actions are not processed.
+match to 192.0.2.21 set ext-community $INTCOMM_PROCESS_PREPEND_COMMS
+
+
+
+
+
+# ---------------------------------------------
+# client AS2_2, inbound
+
+
+
+# NEXT_HOP
+match from 2001:db8:1:1::21 set community NO_ADVERTISE
+match from 2001:db8:1:1::21 nexthop 2001:db8:1:1::21 set community delete NO_ADVERTISE
+# Reject inbound routes when 'from 2001:db8:1:1::21 community NO_ADVERTISE' - reject code: 5
+allow quick from 2001:db8:1:1::21 community NO_ADVERTISE set {
+	localpref 1
+	community 65520:0
+	community 65520:5
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: left-most ASN
+# Reject inbound routes when 'from 2001:db8:1:1::21 peer-as != 2' - reject code: 6
+# community from reject_cause_map
+allow quick from 2001:db8:1:1::21 peer-as != 2 set {
+	localpref 1
+	community 65520:0
+	community 65520:6
+	large-community 999:1101:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: invalid ASNs
+# Reject inbound routes when 'from 2001:db8:1:1::21 AS 23456' - reject code: 7
+allow quick from 2001:db8:1:1::21 AS 23456 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 2001:db8:1:1::21 AS 64496 - 131071' - reject code: 7
+allow quick from 2001:db8:1:1::21 AS 64496 - 131071 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 2001:db8:1:1::21 AS 4200000000 - 4294967295' - reject code: 7
+allow quick from 2001:db8:1:1::21 AS 4200000000 - 4294967295 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+
+
+match from 2001:db8:1:1::21 set ext-community $INTCOMM_IRR_REJECT
+
+# AS_PATH: check origin via AS-SET
+# IRRDB filters for AS2_2, AS2: asns
+# add $INTCOMM_ORIGIN_KO to any; it will be removed later if at least one AS-SET authorizes this object
+match from 2001:db8:1:1::21 set ext-community $INTCOMM_ORIGIN_KO
+# verifying if object is authorized by AS-SETs
+match from 2001:db8:1:1::21 source-as as-set AS_SET_WHITE_LIST_AS2_2_asns set {
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community $INTCOMM_ORIGIN_OK
+} # WHITE_LIST_AS2_2
+# AS-SET AS2 referenced but empty.
+# AS-SET AS_AS2 referenced but empty.
+# adding not_present_in_as_set community to unauthorized routes
+match from 2001:db8:1:1::21 ext-community $INTCOMM_ORIGIN_KO set community 999:64515
+match from 2001:db8:1:1::21 ext-community $INTCOMM_ORIGIN_KO set large-community 999:0:64515
+# adding present_in_as_set community to authorized routes
+match from 2001:db8:1:1::21 ext-community $INTCOMM_ORIGIN_OK set community 999:64514
+match from 2001:db8:1:1::21 ext-community $INTCOMM_ORIGIN_OK set large-community 999:0:64514
+
+
+# Prefix: check prefix via AS-SET
+# IRRDB filters for AS2_2, AS2: prefixes
+# add $INTCOMM_PREFIX_KO to any; it will be removed later if at least one AS-SET authorizes this object
+match from 2001:db8:1:1::21 set ext-community $INTCOMM_PREFIX_KO
+# verifying if object is authorized by AS-SETs
+match from 2001:db8:1:1::21 prefix-set AS_SET_WHITE_LIST_AS2_2_prefixes set {
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community $INTCOMM_PREFIX_OK
+} # WHITE_LIST_AS2_2
+# AS-SET AS2 referenced but empty.
+# AS-SET AS_AS2 referenced but empty.
+# adding not_present_in_as_set community to unauthorized routes
+match from 2001:db8:1:1::21 ext-community $INTCOMM_PREFIX_KO set community 999:64513
+match from 2001:db8:1:1::21 ext-community $INTCOMM_PREFIX_KO set large-community 999:0:64513
+# adding present_in_as_set community to authorized routes
+match from 2001:db8:1:1::21 ext-community $INTCOMM_PREFIX_OK set community 999:64512
+match from 2001:db8:1:1::21 ext-community $INTCOMM_PREFIX_OK set large-community 999:0:64512
+
+
+# routes tagged with $INTCOMM_PREF_OK_ROA community have the prefix validated by a ROA; origin ASN previously validated ($INTCOMM_ORIGIN_OK)
+match from 2001:db8:1:1::21 ext-community $INTCOMM_ORIGIN_OK ext-community $INTCOMM_PREF_OK_ROA set community 999:64516
+match from 2001:db8:1:1::21 ext-community $INTCOMM_ORIGIN_OK ext-community $INTCOMM_PREF_OK_ROA set large-community 999:0:64516
+
+match from 2001:db8:1:1::21 ext-community $INTCOMM_ORIGIN_OK ext-community $INTCOMM_PREF_OK_ROA set ext-community delete $INTCOMM_IRR_REJECT
+
+
+
+
+
+
+
+# Prefix: length
+# Reject inbound routes when 'from 2001:db8:1:1::21 prefix ::/0 prefixlen 12 >< 48' - reject code: 13
+allow quick from 2001:db8:1:1::21 prefix ::/0 prefixlen 12 >< 48 set {
+	localpref 1
+	community 65520:0
+	community 65520:13
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+# Remove internal communities before accepting the route
+match from 2001:db8:1:1::21 set {
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+match from 2001:db8:1:1::21 set ext-community delete rt 65520:2
+
+
+
+allow quick from 2001:db8:1:1::21
+
+
+
+# ---------------------------------------------
+# client AS2_2, outbound
+
+deny quick to 2001:db8:1:1::21 community 65520:0
+
+
+
+# Blackhole request?
+# No blackhole filtering policy given
+deny quick to 2001:db8:1:1::21 community BLACKHOLE
+
+
+
+# NO_EXPORT and NO_ADVERTISE communities
+
+# BGP control communities
+allow to 2001:db8:1:1::21
+
+
+# Add the $INTCOMM_PROCESS_PREPEND_COMMS ext community to signal that communities
+# for prepending can be processed. As soon as one prepending action is performed,
+# this internal community is removed, so that further actions are not processed.
+match to 2001:db8:1:1::21 set ext-community $INTCOMM_PROCESS_PREPEND_COMMS
+
+
+
+
+
+# ---------------------------------------------
+# client AS4_1, inbound
+
+
+
+# NEXT_HOP
+match from 192.0.2.41 set community NO_ADVERTISE
+match from 192.0.2.41 nexthop 192.0.2.41 set community delete NO_ADVERTISE
+# Reject inbound routes when 'from 192.0.2.41 community NO_ADVERTISE' - reject code: 5
+allow quick from 192.0.2.41 community NO_ADVERTISE set {
+	localpref 1
+	community 65520:0
+	community 65520:5
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: left-most ASN
+# Reject inbound routes when 'from 192.0.2.41 peer-as != 4' - reject code: 6
+# community from reject_cause_map
+allow quick from 192.0.2.41 peer-as != 4 set {
+	localpref 1
+	community 65520:0
+	community 65520:6
+	large-community 999:1101:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: invalid ASNs
+# Reject inbound routes when 'from 192.0.2.41 AS 23456' - reject code: 7
+allow quick from 192.0.2.41 AS 23456 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 192.0.2.41 AS 64496 - 131071' - reject code: 7
+allow quick from 192.0.2.41 AS 64496 - 131071 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 192.0.2.41 AS 4200000000 - 4294967295' - reject code: 7
+allow quick from 192.0.2.41 AS 4200000000 - 4294967295 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+
+# client's white list
+# Add the $INTCOMM_ROUTE_OK_WL ext community to routes which
+# are validated by a client's white list entry.
+# It will be used later during IRRDB validation in
+# case the route is not authorized by a client's
+# AS-SET.
+match from 192.0.2.41 prefix 2a04:4::/32 source-as 44 set ext-community $INTCOMM_ROUTE_OK_WL	# None
+match from 192.0.2.41 prefix 2a04:5::/32 prefixlen 32 - 128 source-as 43 set ext-community $INTCOMM_ROUTE_OK_WL	# None
+match from 192.0.2.41 prefix 2a04:6::/32 prefixlen 32 - 128 set ext-community $INTCOMM_ROUTE_OK_WL	# None
+match from 192.0.2.41 prefix 4.4.0.0/16 source-as 44 set ext-community $INTCOMM_ROUTE_OK_WL	# None
+match from 192.0.2.41 prefix 4.5.0.0/16 prefixlen 16 - 32 source-as 43 set ext-community $INTCOMM_ROUTE_OK_WL	# None
+match from 192.0.2.41 prefix 4.6.0.0/16 prefixlen 16 - 32 set ext-community $INTCOMM_ROUTE_OK_WL	# None
+
+match from 192.0.2.41 set ext-community $INTCOMM_IRR_REJECT
+
+# AS_PATH: check origin via AS-SET
+# IRRDB filters for AS4_1, AS4: asns
+# add $INTCOMM_ORIGIN_KO to any; it will be removed later if at least one AS-SET authorizes this object
+match from 192.0.2.41 set ext-community $INTCOMM_ORIGIN_KO
+# verifying if object is authorized by AS-SETs
+match from 192.0.2.41 source-as as-set AS_SET_WHITE_LIST_AS4_1_asns set {
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community $INTCOMM_ORIGIN_OK
+} # WHITE_LIST_AS4_1
+# AS-SET AS4 referenced but empty.
+# AS-SET AS_AS4 referenced but empty.
+# adding not_present_in_as_set community to unauthorized routes
+match from 192.0.2.41 ext-community $INTCOMM_ORIGIN_KO set community 999:64515
+match from 192.0.2.41 ext-community $INTCOMM_ORIGIN_KO set large-community 999:0:64515
+# adding present_in_as_set community to authorized routes
+match from 192.0.2.41 ext-community $INTCOMM_ORIGIN_OK set community 999:64514
+match from 192.0.2.41 ext-community $INTCOMM_ORIGIN_OK set large-community 999:0:64514
+
+
+# Prefix: check prefix via AS-SET
+# IRRDB filters for AS4_1, AS4: prefixes
+# add $INTCOMM_PREFIX_KO to any; it will be removed later if at least one AS-SET authorizes this object
+match from 192.0.2.41 set ext-community $INTCOMM_PREFIX_KO
+# verifying if object is authorized by AS-SETs
+match from 192.0.2.41 prefix-set AS_SET_WHITE_LIST_AS4_1_prefixes set {
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community $INTCOMM_PREFIX_OK
+} # WHITE_LIST_AS4_1
+# AS-SET AS4 referenced but empty.
+# AS-SET AS_AS4 referenced but empty.
+# adding not_present_in_as_set community to unauthorized routes
+match from 192.0.2.41 ext-community $INTCOMM_PREFIX_KO set community 999:64513
+match from 192.0.2.41 ext-community $INTCOMM_PREFIX_KO set large-community 999:0:64513
+# adding present_in_as_set community to authorized routes
+match from 192.0.2.41 ext-community $INTCOMM_PREFIX_OK set community 999:64512
+match from 192.0.2.41 ext-community $INTCOMM_PREFIX_OK set large-community 999:0:64512
+
+
+# routes tagged with $INTCOMM_PREF_OK_ROA community have the prefix validated by a ROA; origin ASN previously validated ($INTCOMM_ORIGIN_OK)
+match from 192.0.2.41 ext-community $INTCOMM_ORIGIN_OK ext-community $INTCOMM_PREF_OK_ROA set community 999:64516
+match from 192.0.2.41 ext-community $INTCOMM_ORIGIN_OK ext-community $INTCOMM_PREF_OK_ROA set large-community 999:0:64516
+
+match from 192.0.2.41 ext-community $INTCOMM_ORIGIN_OK ext-community $INTCOMM_PREF_OK_ROA set ext-community delete $INTCOMM_IRR_REJECT
+
+
+
+# route authorized by a client's white list?
+match from 192.0.2.41 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_ROUTE_OK_WL set community 999:64517
+match from 192.0.2.41 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_ROUTE_OK_WL set large-community 999:0:64517
+
+match from 192.0.2.41 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_ROUTE_OK_WL set ext-community delete $INTCOMM_IRR_REJECT
+
+# enforcing: origin ASN
+# Reject inbound routes when 'from 192.0.2.41 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_ORIGIN_KO' - reject code: 9
+allow quick from 192.0.2.41 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_ORIGIN_KO set {
+	localpref 1
+	community 65520:0
+	community 65520:9
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+
+# Prefix: length
+# Reject inbound routes when 'from 192.0.2.41 prefix 0.0.0.0/0 prefixlen 8 >< 24' - reject code: 13
+allow quick from 192.0.2.41 prefix 0.0.0.0/0 prefixlen 8 >< 24 set {
+	localpref 1
+	community 65520:0
+	community 65520:13
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+# Remove internal communities before accepting the route
+match from 192.0.2.41 set {
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+match from 192.0.2.41 set ext-community delete rt 65520:4
+
+
+
+allow quick from 192.0.2.41
+
+
+
+# ---------------------------------------------
+# client AS4_1, outbound
+
+deny quick to 192.0.2.41 community 65520:0
+
+
+
+# Blackhole request?
+# No blackhole filtering policy given
+deny quick to 192.0.2.41 community BLACKHOLE
+
+
+
+# NO_EXPORT and NO_ADVERTISE communities
+
+# BGP control communities
+allow to 192.0.2.41
+
+
+# Add the $INTCOMM_PROCESS_PREPEND_COMMS ext community to signal that communities
+# for prepending can be processed. As soon as one prepending action is performed,
+# this internal community is removed, so that further actions are not processed.
+match to 192.0.2.41 set ext-community $INTCOMM_PROCESS_PREPEND_COMMS
+
+
+
+
+
+# ---------------------------------------------
+# client AS4_2, inbound
+
+
+
+# NEXT_HOP
+match from 2001:db8:1:1::41 set community NO_ADVERTISE
+match from 2001:db8:1:1::41 nexthop 2001:db8:1:1::41 set community delete NO_ADVERTISE
+# Reject inbound routes when 'from 2001:db8:1:1::41 community NO_ADVERTISE' - reject code: 5
+allow quick from 2001:db8:1:1::41 community NO_ADVERTISE set {
+	localpref 1
+	community 65520:0
+	community 65520:5
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: left-most ASN
+# Reject inbound routes when 'from 2001:db8:1:1::41 peer-as != 4' - reject code: 6
+# community from reject_cause_map
+allow quick from 2001:db8:1:1::41 peer-as != 4 set {
+	localpref 1
+	community 65520:0
+	community 65520:6
+	large-community 999:1101:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: invalid ASNs
+# Reject inbound routes when 'from 2001:db8:1:1::41 AS 23456' - reject code: 7
+allow quick from 2001:db8:1:1::41 AS 23456 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 2001:db8:1:1::41 AS 64496 - 131071' - reject code: 7
+allow quick from 2001:db8:1:1::41 AS 64496 - 131071 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 2001:db8:1:1::41 AS 4200000000 - 4294967295' - reject code: 7
+allow quick from 2001:db8:1:1::41 AS 4200000000 - 4294967295 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+
+# client's white list
+# Add the $INTCOMM_ROUTE_OK_WL ext community to routes which
+# are validated by a client's white list entry.
+# It will be used later during IRRDB validation in
+# case the route is not authorized by a client's
+# AS-SET.
+match from 2001:db8:1:1::41 prefix 2a04:4::/32 source-as 44 set ext-community $INTCOMM_ROUTE_OK_WL	# None
+match from 2001:db8:1:1::41 prefix 2a04:5::/32 prefixlen 32 - 128 source-as 43 set ext-community $INTCOMM_ROUTE_OK_WL	# None
+match from 2001:db8:1:1::41 prefix 2a04:6::/32 prefixlen 32 - 128 set ext-community $INTCOMM_ROUTE_OK_WL	# None
+match from 2001:db8:1:1::41 prefix 4.4.0.0/16 source-as 44 set ext-community $INTCOMM_ROUTE_OK_WL	# None
+match from 2001:db8:1:1::41 prefix 4.5.0.0/16 prefixlen 16 - 32 source-as 43 set ext-community $INTCOMM_ROUTE_OK_WL	# None
+match from 2001:db8:1:1::41 prefix 4.6.0.0/16 prefixlen 16 - 32 set ext-community $INTCOMM_ROUTE_OK_WL	# None
+
+match from 2001:db8:1:1::41 set ext-community $INTCOMM_IRR_REJECT
+
+# AS_PATH: check origin via AS-SET
+# IRRDB filters for AS4_2, AS4: asns
+# add $INTCOMM_ORIGIN_KO to any; it will be removed later if at least one AS-SET authorizes this object
+match from 2001:db8:1:1::41 set ext-community $INTCOMM_ORIGIN_KO
+# verifying if object is authorized by AS-SETs
+# AS-SET AS4 referenced but empty.
+# AS-SET AS_AS4 referenced but empty.
+match from 2001:db8:1:1::41 source-as as-set AS_SET_WHITE_LIST_AS4_2_asns set {
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community $INTCOMM_ORIGIN_OK
+} # WHITE_LIST_AS4_2
+# adding not_present_in_as_set community to unauthorized routes
+match from 2001:db8:1:1::41 ext-community $INTCOMM_ORIGIN_KO set community 999:64515
+match from 2001:db8:1:1::41 ext-community $INTCOMM_ORIGIN_KO set large-community 999:0:64515
+# adding present_in_as_set community to authorized routes
+match from 2001:db8:1:1::41 ext-community $INTCOMM_ORIGIN_OK set community 999:64514
+match from 2001:db8:1:1::41 ext-community $INTCOMM_ORIGIN_OK set large-community 999:0:64514
+
+
+# Prefix: check prefix via AS-SET
+# IRRDB filters for AS4_2, AS4: prefixes
+# add $INTCOMM_PREFIX_KO to any; it will be removed later if at least one AS-SET authorizes this object
+match from 2001:db8:1:1::41 set ext-community $INTCOMM_PREFIX_KO
+# verifying if object is authorized by AS-SETs
+# AS-SET AS4 referenced but empty.
+# AS-SET AS_AS4 referenced but empty.
+match from 2001:db8:1:1::41 prefix-set AS_SET_WHITE_LIST_AS4_2_prefixes set {
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community $INTCOMM_PREFIX_OK
+} # WHITE_LIST_AS4_2
+# adding not_present_in_as_set community to unauthorized routes
+match from 2001:db8:1:1::41 ext-community $INTCOMM_PREFIX_KO set community 999:64513
+match from 2001:db8:1:1::41 ext-community $INTCOMM_PREFIX_KO set large-community 999:0:64513
+# adding present_in_as_set community to authorized routes
+match from 2001:db8:1:1::41 ext-community $INTCOMM_PREFIX_OK set community 999:64512
+match from 2001:db8:1:1::41 ext-community $INTCOMM_PREFIX_OK set large-community 999:0:64512
+
+
+# routes tagged with $INTCOMM_PREF_OK_ROA community have the prefix validated by a ROA; origin ASN previously validated ($INTCOMM_ORIGIN_OK)
+match from 2001:db8:1:1::41 ext-community $INTCOMM_ORIGIN_OK ext-community $INTCOMM_PREF_OK_ROA set community 999:64516
+match from 2001:db8:1:1::41 ext-community $INTCOMM_ORIGIN_OK ext-community $INTCOMM_PREF_OK_ROA set large-community 999:0:64516
+
+match from 2001:db8:1:1::41 ext-community $INTCOMM_ORIGIN_OK ext-community $INTCOMM_PREF_OK_ROA set ext-community delete $INTCOMM_IRR_REJECT
+
+
+
+# route authorized by a client's white list?
+match from 2001:db8:1:1::41 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_ROUTE_OK_WL set community 999:64517
+match from 2001:db8:1:1::41 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_ROUTE_OK_WL set large-community 999:0:64517
+
+match from 2001:db8:1:1::41 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_ROUTE_OK_WL set ext-community delete $INTCOMM_IRR_REJECT
+
+# enforcing: origin ASN
+# Reject inbound routes when 'from 2001:db8:1:1::41 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_ORIGIN_KO' - reject code: 9
+allow quick from 2001:db8:1:1::41 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_ORIGIN_KO set {
+	localpref 1
+	community 65520:0
+	community 65520:9
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+
+# Prefix: length
+# Reject inbound routes when 'from 2001:db8:1:1::41 prefix ::/0 prefixlen 12 >< 48' - reject code: 13
+allow quick from 2001:db8:1:1::41 prefix ::/0 prefixlen 12 >< 48 set {
+	localpref 1
+	community 65520:0
+	community 65520:13
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+# Remove internal communities before accepting the route
+match from 2001:db8:1:1::41 set {
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+match from 2001:db8:1:1::41 set ext-community delete rt 65520:4
+
+
+
+allow quick from 2001:db8:1:1::41
+
+
+
+# ---------------------------------------------
+# client AS4_2, outbound
+
+deny quick to 2001:db8:1:1::41 community 65520:0
+
+
+
+# Blackhole request?
+# No blackhole filtering policy given
+deny quick to 2001:db8:1:1::41 community BLACKHOLE
+
+
+
+# NO_EXPORT and NO_ADVERTISE communities
+
+# BGP control communities
+allow to 2001:db8:1:1::41
+
+
+# Add the $INTCOMM_PROCESS_PREPEND_COMMS ext community to signal that communities
+# for prepending can be processed. As soon as one prepending action is performed,
+# this internal community is removed, so that further actions are not processed.
+match to 2001:db8:1:1::41 set ext-community $INTCOMM_PROCESS_PREPEND_COMMS
+
+
+
+
+
+# ---------------------------------------------
+# client AS5_1, inbound
+
+
+
+# NEXT_HOP
+match from 192.0.2.51 set community NO_ADVERTISE
+match from 192.0.2.51 nexthop 192.0.2.51 set community delete NO_ADVERTISE
+# Reject inbound routes when 'from 192.0.2.51 community NO_ADVERTISE' - reject code: 5
+allow quick from 192.0.2.51 community NO_ADVERTISE set {
+	localpref 1
+	community 65520:0
+	community 65520:5
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: left-most ASN
+# Reject inbound routes when 'from 192.0.2.51 peer-as != 5' - reject code: 6
+# community from reject_cause_map
+allow quick from 192.0.2.51 peer-as != 5 set {
+	localpref 1
+	community 65520:0
+	community 65520:6
+	large-community 999:1101:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: invalid ASNs
+# Reject inbound routes when 'from 192.0.2.51 AS 23456' - reject code: 7
+allow quick from 192.0.2.51 AS 23456 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 192.0.2.51 AS 64496 - 131071' - reject code: 7
+allow quick from 192.0.2.51 AS 64496 - 131071 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 192.0.2.51 AS 4200000000 - 4294967295' - reject code: 7
+allow quick from 192.0.2.51 AS 4200000000 - 4294967295 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+
+
+match from 192.0.2.51 set ext-community $INTCOMM_IRR_REJECT
+
+# AS_PATH: check origin via AS-SET
+# IRRDB filters for AS5_1, AS5: asns
+# add $INTCOMM_ORIGIN_KO to any; it will be removed later if at least one AS-SET authorizes this object
+match from 192.0.2.51 set ext-community $INTCOMM_ORIGIN_KO
+# verifying if object is authorized by AS-SETs
+# AS-SET AS_AS5_FROM_PDB referenced but empty.
+# AS-SET AS5 referenced but empty.
+match from 192.0.2.51 source-as as-set AS_SET_WHITE_LIST_AS5_1_asns set {
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community $INTCOMM_ORIGIN_OK
+} # WHITE_LIST_AS5_1
+# adding not_present_in_as_set community to unauthorized routes
+match from 192.0.2.51 ext-community $INTCOMM_ORIGIN_KO set community 999:64515
+match from 192.0.2.51 ext-community $INTCOMM_ORIGIN_KO set large-community 999:0:64515
+# adding present_in_as_set community to authorized routes
+match from 192.0.2.51 ext-community $INTCOMM_ORIGIN_OK set community 999:64514
+match from 192.0.2.51 ext-community $INTCOMM_ORIGIN_OK set large-community 999:0:64514
+
+
+# Prefix: check prefix via AS-SET
+# IRRDB filters for AS5_1, AS5: prefixes
+# add $INTCOMM_PREFIX_KO to any; it will be removed later if at least one AS-SET authorizes this object
+match from 192.0.2.51 set ext-community $INTCOMM_PREFIX_KO
+# verifying if object is authorized by AS-SETs
+# AS-SET AS_AS5_FROM_PDB referenced but empty.
+# AS-SET AS5 referenced but empty.
+match from 192.0.2.51 prefix-set AS_SET_WHITE_LIST_AS5_1_prefixes set {
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community $INTCOMM_PREFIX_OK
+} # WHITE_LIST_AS5_1
+# adding not_present_in_as_set community to unauthorized routes
+match from 192.0.2.51 ext-community $INTCOMM_PREFIX_KO set community 999:64513
+match from 192.0.2.51 ext-community $INTCOMM_PREFIX_KO set large-community 999:0:64513
+# adding present_in_as_set community to authorized routes
+match from 192.0.2.51 ext-community $INTCOMM_PREFIX_OK set community 999:64512
+match from 192.0.2.51 ext-community $INTCOMM_PREFIX_OK set large-community 999:0:64512
+
+
+# routes tagged with $INTCOMM_PREF_OK_ROA community have the prefix validated by a ROA; origin ASN previously validated ($INTCOMM_ORIGIN_OK)
+match from 192.0.2.51 ext-community $INTCOMM_ORIGIN_OK ext-community $INTCOMM_PREF_OK_ROA set community 999:64516
+match from 192.0.2.51 ext-community $INTCOMM_ORIGIN_OK ext-community $INTCOMM_PREF_OK_ROA set large-community 999:0:64516
+
+match from 192.0.2.51 ext-community $INTCOMM_ORIGIN_OK ext-community $INTCOMM_PREF_OK_ROA set ext-community delete $INTCOMM_IRR_REJECT
+
+
+
+
+# enforcing: prefix
+# Reject inbound routes when 'from 192.0.2.51 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_PREFIX_KO' - reject code: 12
+allow quick from 192.0.2.51 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_PREFIX_KO set {
+	localpref 1
+	community 65520:0
+	community 65520:12
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+
+# Prefix: length
+# Reject inbound routes when 'from 192.0.2.51 prefix 0.0.0.0/0 prefixlen 8 >< 24' - reject code: 13
+allow quick from 192.0.2.51 prefix 0.0.0.0/0 prefixlen 8 >< 24 set {
+	localpref 1
+	community 65520:0
+	community 65520:13
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+# Remove internal communities before accepting the route
+match from 192.0.2.51 set {
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+match from 192.0.2.51 set ext-community delete rt 65520:5
+
+
+
+allow quick from 192.0.2.51
+
+
+
+# ---------------------------------------------
+# client AS5_1, outbound
+
+deny quick to 192.0.2.51 community 65520:0
+
+
+
+# Blackhole request?
+# No blackhole filtering policy given
+deny quick to 192.0.2.51 community BLACKHOLE
+
+
+
+# NO_EXPORT and NO_ADVERTISE communities
+
+# BGP control communities
+allow to 192.0.2.51
+
+
+# Add the $INTCOMM_PROCESS_PREPEND_COMMS ext community to signal that communities
+# for prepending can be processed. As soon as one prepending action is performed,
+# this internal community is removed, so that further actions are not processed.
+match to 192.0.2.51 set ext-community $INTCOMM_PROCESS_PREPEND_COMMS
+
+
+
+
+
+# ---------------------------------------------
+# client AS5_2, inbound
+
+
+
+# NEXT_HOP
+match from 2001:db8:1:1::51 set community NO_ADVERTISE
+match from 2001:db8:1:1::51 nexthop 2001:db8:1:1::51 set community delete NO_ADVERTISE
+# Reject inbound routes when 'from 2001:db8:1:1::51 community NO_ADVERTISE' - reject code: 5
+allow quick from 2001:db8:1:1::51 community NO_ADVERTISE set {
+	localpref 1
+	community 65520:0
+	community 65520:5
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: left-most ASN
+# Reject inbound routes when 'from 2001:db8:1:1::51 peer-as != 5' - reject code: 6
+# community from reject_cause_map
+allow quick from 2001:db8:1:1::51 peer-as != 5 set {
+	localpref 1
+	community 65520:0
+	community 65520:6
+	large-community 999:1101:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: invalid ASNs
+# Reject inbound routes when 'from 2001:db8:1:1::51 AS 23456' - reject code: 7
+allow quick from 2001:db8:1:1::51 AS 23456 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 2001:db8:1:1::51 AS 64496 - 131071' - reject code: 7
+allow quick from 2001:db8:1:1::51 AS 64496 - 131071 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 2001:db8:1:1::51 AS 4200000000 - 4294967295' - reject code: 7
+allow quick from 2001:db8:1:1::51 AS 4200000000 - 4294967295 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+
+
+match from 2001:db8:1:1::51 set ext-community $INTCOMM_IRR_REJECT
+
+# AS_PATH: check origin via AS-SET
+# IRRDB filters for AS5_2, AS5: asns
+# add $INTCOMM_ORIGIN_KO to any; it will be removed later if at least one AS-SET authorizes this object
+match from 2001:db8:1:1::51 set ext-community $INTCOMM_ORIGIN_KO
+# verifying if object is authorized by AS-SETs
+# AS-SET AS_AS5_FROM_PDB referenced but empty.
+match from 2001:db8:1:1::51 source-as as-set AS_SET_WHITE_LIST_AS5_2_asns set {
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community $INTCOMM_ORIGIN_OK
+} # WHITE_LIST_AS5_2
+# AS-SET AS5 referenced but empty.
+# adding not_present_in_as_set community to unauthorized routes
+match from 2001:db8:1:1::51 ext-community $INTCOMM_ORIGIN_KO set community 999:64515
+match from 2001:db8:1:1::51 ext-community $INTCOMM_ORIGIN_KO set large-community 999:0:64515
+# adding present_in_as_set community to authorized routes
+match from 2001:db8:1:1::51 ext-community $INTCOMM_ORIGIN_OK set community 999:64514
+match from 2001:db8:1:1::51 ext-community $INTCOMM_ORIGIN_OK set large-community 999:0:64514
+
+
+# Prefix: check prefix via AS-SET
+# IRRDB filters for AS5_2, AS5: prefixes
+# add $INTCOMM_PREFIX_KO to any; it will be removed later if at least one AS-SET authorizes this object
+match from 2001:db8:1:1::51 set ext-community $INTCOMM_PREFIX_KO
+# verifying if object is authorized by AS-SETs
+# AS-SET AS_AS5_FROM_PDB referenced but empty.
+match from 2001:db8:1:1::51 prefix-set AS_SET_WHITE_LIST_AS5_2_prefixes set {
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community $INTCOMM_PREFIX_OK
+} # WHITE_LIST_AS5_2
+# AS-SET AS5 referenced but empty.
+# adding not_present_in_as_set community to unauthorized routes
+match from 2001:db8:1:1::51 ext-community $INTCOMM_PREFIX_KO set community 999:64513
+match from 2001:db8:1:1::51 ext-community $INTCOMM_PREFIX_KO set large-community 999:0:64513
+# adding present_in_as_set community to authorized routes
+match from 2001:db8:1:1::51 ext-community $INTCOMM_PREFIX_OK set community 999:64512
+match from 2001:db8:1:1::51 ext-community $INTCOMM_PREFIX_OK set large-community 999:0:64512
+
+
+# routes tagged with $INTCOMM_PREF_OK_ROA community have the prefix validated by a ROA; origin ASN previously validated ($INTCOMM_ORIGIN_OK)
+match from 2001:db8:1:1::51 ext-community $INTCOMM_ORIGIN_OK ext-community $INTCOMM_PREF_OK_ROA set community 999:64516
+match from 2001:db8:1:1::51 ext-community $INTCOMM_ORIGIN_OK ext-community $INTCOMM_PREF_OK_ROA set large-community 999:0:64516
+
+match from 2001:db8:1:1::51 ext-community $INTCOMM_ORIGIN_OK ext-community $INTCOMM_PREF_OK_ROA set ext-community delete $INTCOMM_IRR_REJECT
+
+
+
+
+# enforcing: prefix
+# Reject inbound routes when 'from 2001:db8:1:1::51 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_PREFIX_KO' - reject code: 12
+allow quick from 2001:db8:1:1::51 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_PREFIX_KO set {
+	localpref 1
+	community 65520:0
+	community 65520:12
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+
+# Prefix: length
+# Reject inbound routes when 'from 2001:db8:1:1::51 prefix ::/0 prefixlen 12 >< 48' - reject code: 13
+allow quick from 2001:db8:1:1::51 prefix ::/0 prefixlen 12 >< 48 set {
+	localpref 1
+	community 65520:0
+	community 65520:13
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+# Remove internal communities before accepting the route
+match from 2001:db8:1:1::51 set {
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+match from 2001:db8:1:1::51 set ext-community delete rt 65520:5
+
+
+
+allow quick from 2001:db8:1:1::51
+
+
+
+# ---------------------------------------------
+# client AS5_2, outbound
+
+deny quick to 2001:db8:1:1::51 community 65520:0
+
+
+
+# Blackhole request?
+# No blackhole filtering policy given
+deny quick to 2001:db8:1:1::51 community BLACKHOLE
+
+
+
+# NO_EXPORT and NO_ADVERTISE communities
+
+# BGP control communities
+allow to 2001:db8:1:1::51
+
+
+# Add the $INTCOMM_PROCESS_PREPEND_COMMS ext community to signal that communities
+# for prepending can be processed. As soon as one prepending action is performed,
+# this internal community is removed, so that further actions are not processed.
+match to 2001:db8:1:1::51 set ext-community $INTCOMM_PROCESS_PREPEND_COMMS
+
+
+
+
+
+# ---------------------------------------------
+# client AS6_1, inbound
+
+
+
+# NEXT_HOP
+match from 192.0.2.61 set community NO_ADVERTISE
+match from 192.0.2.61 nexthop 192.0.2.61 set community delete NO_ADVERTISE
+# Reject inbound routes when 'from 192.0.2.61 community NO_ADVERTISE' - reject code: 5
+allow quick from 192.0.2.61 community NO_ADVERTISE set {
+	localpref 1
+	community 65520:0
+	community 65520:5
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: left-most ASN
+# Reject inbound routes when 'from 192.0.2.61 peer-as != 6' - reject code: 6
+# community from reject_cause_map
+allow quick from 192.0.2.61 peer-as != 6 set {
+	localpref 1
+	community 65520:0
+	community 65520:6
+	large-community 999:1101:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: invalid ASNs
+# Reject inbound routes when 'from 192.0.2.61 AS 23456' - reject code: 7
+allow quick from 192.0.2.61 AS 23456 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 192.0.2.61 AS 64496 - 131071' - reject code: 7
+allow quick from 192.0.2.61 AS 64496 - 131071 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 192.0.2.61 AS 4200000000 - 4294967295' - reject code: 7
+allow quick from 192.0.2.61 AS 4200000000 - 4294967295 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+
+# client's white list
+# Add the $INTCOMM_ROUTE_OK_WL ext community to routes which
+# are validated by a client's white list entry.
+# It will be used later during IRRDB validation in
+# case the route is not authorized by a client's
+# AS-SET.
+match from 192.0.2.61 prefix 2a03:2::/32 prefixlen 32 - 128 source-as 3 set ext-community $INTCOMM_ROUTE_OK_WL	# None
+match from 192.0.2.61 prefix 3.2.0.0/16 prefixlen 16 - 32 source-as 3 set ext-community $INTCOMM_ROUTE_OK_WL	# None
+
+match from 192.0.2.61 set ext-community $INTCOMM_IRR_REJECT
+
+# AS_PATH: check origin via AS-SET
+# IRRDB filters for AS6_1, AS6: asns
+# add $INTCOMM_ORIGIN_KO to any; it will be removed later if at least one AS-SET authorizes this object
+match from 192.0.2.61 set ext-community $INTCOMM_ORIGIN_KO
+# verifying if object is authorized by AS-SETs
+# AS-SET AS6 referenced but empty.
+# adding not_present_in_as_set community to unauthorized routes
+match from 192.0.2.61 ext-community $INTCOMM_ORIGIN_KO set community 999:64515
+match from 192.0.2.61 ext-community $INTCOMM_ORIGIN_KO set large-community 999:0:64515
+# adding present_in_as_set community to authorized routes
+match from 192.0.2.61 ext-community $INTCOMM_ORIGIN_OK set community 999:64514
+match from 192.0.2.61 ext-community $INTCOMM_ORIGIN_OK set large-community 999:0:64514
+
+
+# Prefix: check prefix via AS-SET
+# IRRDB filters for AS6_1, AS6: prefixes
+# add $INTCOMM_PREFIX_KO to any; it will be removed later if at least one AS-SET authorizes this object
+match from 192.0.2.61 set ext-community $INTCOMM_PREFIX_KO
+# verifying if object is authorized by AS-SETs
+# AS-SET AS6 referenced but empty.
+# adding not_present_in_as_set community to unauthorized routes
+match from 192.0.2.61 ext-community $INTCOMM_PREFIX_KO set community 999:64513
+match from 192.0.2.61 ext-community $INTCOMM_PREFIX_KO set large-community 999:0:64513
+# adding present_in_as_set community to authorized routes
+match from 192.0.2.61 ext-community $INTCOMM_PREFIX_OK set community 999:64512
+match from 192.0.2.61 ext-community $INTCOMM_PREFIX_OK set large-community 999:0:64512
+
+
+# routes tagged with $INTCOMM_PREF_OK_ROA community have the prefix validated by a ROA; origin ASN previously validated ($INTCOMM_ORIGIN_OK)
+match from 192.0.2.61 ext-community $INTCOMM_ORIGIN_OK ext-community $INTCOMM_PREF_OK_ROA set community 999:64516
+match from 192.0.2.61 ext-community $INTCOMM_ORIGIN_OK ext-community $INTCOMM_PREF_OK_ROA set large-community 999:0:64516
+
+match from 192.0.2.61 ext-community $INTCOMM_ORIGIN_OK ext-community $INTCOMM_PREF_OK_ROA set ext-community delete $INTCOMM_IRR_REJECT
+
+
+
+# route authorized by a client's white list?
+match from 192.0.2.61 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_ROUTE_OK_WL set community 999:64517
+match from 192.0.2.61 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_ROUTE_OK_WL set large-community 999:0:64517
+
+match from 192.0.2.61 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_ROUTE_OK_WL set ext-community delete $INTCOMM_IRR_REJECT
+
+# enforcing: origin ASN
+# Reject inbound routes when 'from 192.0.2.61 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_ORIGIN_KO' - reject code: 9
+allow quick from 192.0.2.61 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_ORIGIN_KO set {
+	localpref 1
+	community 65520:0
+	community 65520:9
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# enforcing: prefix
+# Reject inbound routes when 'from 192.0.2.61 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_PREFIX_KO' - reject code: 12
+allow quick from 192.0.2.61 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_PREFIX_KO set {
+	localpref 1
+	community 65520:0
+	community 65520:12
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+
+# Prefix: length
+# Reject inbound routes when 'from 192.0.2.61 prefix 0.0.0.0/0 prefixlen 8 >< 24' - reject code: 13
+allow quick from 192.0.2.61 prefix 0.0.0.0/0 prefixlen 8 >< 24 set {
+	localpref 1
+	community 65520:0
+	community 65520:13
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+# Remove internal communities before accepting the route
+match from 192.0.2.61 set {
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+match from 192.0.2.61 set ext-community delete rt 65520:6
+
+
+
+allow quick from 192.0.2.61
+
+
+
+# ---------------------------------------------
+# client AS6_1, outbound
+
+deny quick to 192.0.2.61 community 65520:0
+
+
+
+# Blackhole request?
+# No blackhole filtering policy given
+deny quick to 192.0.2.61 community BLACKHOLE
+
+
+
+# NO_EXPORT and NO_ADVERTISE communities
+
+# BGP control communities
+allow to 192.0.2.61
+
+
+# Add the $INTCOMM_PROCESS_PREPEND_COMMS ext community to signal that communities
+# for prepending can be processed. As soon as one prepending action is performed,
+# this internal community is removed, so that further actions are not processed.
+match to 192.0.2.61 set ext-community $INTCOMM_PROCESS_PREPEND_COMMS
+
+
+
+
+
+# ---------------------------------------------
+# client AS6_2, inbound
+
+
+
+# NEXT_HOP
+match from 2001:db8:1:1::61 set community NO_ADVERTISE
+match from 2001:db8:1:1::61 nexthop 2001:db8:1:1::61 set community delete NO_ADVERTISE
+# Reject inbound routes when 'from 2001:db8:1:1::61 community NO_ADVERTISE' - reject code: 5
+allow quick from 2001:db8:1:1::61 community NO_ADVERTISE set {
+	localpref 1
+	community 65520:0
+	community 65520:5
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: left-most ASN
+# Reject inbound routes when 'from 2001:db8:1:1::61 peer-as != 6' - reject code: 6
+# community from reject_cause_map
+allow quick from 2001:db8:1:1::61 peer-as != 6 set {
+	localpref 1
+	community 65520:0
+	community 65520:6
+	large-community 999:1101:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: invalid ASNs
+# Reject inbound routes when 'from 2001:db8:1:1::61 AS 23456' - reject code: 7
+allow quick from 2001:db8:1:1::61 AS 23456 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 2001:db8:1:1::61 AS 64496 - 131071' - reject code: 7
+allow quick from 2001:db8:1:1::61 AS 64496 - 131071 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 2001:db8:1:1::61 AS 4200000000 - 4294967295' - reject code: 7
+allow quick from 2001:db8:1:1::61 AS 4200000000 - 4294967295 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+
+# client's white list
+# Add the $INTCOMM_ROUTE_OK_WL ext community to routes which
+# are validated by a client's white list entry.
+# It will be used later during IRRDB validation in
+# case the route is not authorized by a client's
+# AS-SET.
+match from 2001:db8:1:1::61 prefix 2a03:2::/32 prefixlen 32 - 128 source-as 3 set ext-community $INTCOMM_ROUTE_OK_WL	# None
+match from 2001:db8:1:1::61 prefix 3.2.0.0/16 prefixlen 16 - 32 source-as 3 set ext-community $INTCOMM_ROUTE_OK_WL	# None
+
+match from 2001:db8:1:1::61 set ext-community $INTCOMM_IRR_REJECT
+
+# AS_PATH: check origin via AS-SET
+# IRRDB filters for AS6_2, AS6: asns
+# add $INTCOMM_ORIGIN_KO to any; it will be removed later if at least one AS-SET authorizes this object
+match from 2001:db8:1:1::61 set ext-community $INTCOMM_ORIGIN_KO
+# verifying if object is authorized by AS-SETs
+# AS-SET AS6 referenced but empty.
+# adding not_present_in_as_set community to unauthorized routes
+match from 2001:db8:1:1::61 ext-community $INTCOMM_ORIGIN_KO set community 999:64515
+match from 2001:db8:1:1::61 ext-community $INTCOMM_ORIGIN_KO set large-community 999:0:64515
+# adding present_in_as_set community to authorized routes
+match from 2001:db8:1:1::61 ext-community $INTCOMM_ORIGIN_OK set community 999:64514
+match from 2001:db8:1:1::61 ext-community $INTCOMM_ORIGIN_OK set large-community 999:0:64514
+
+
+# Prefix: check prefix via AS-SET
+# IRRDB filters for AS6_2, AS6: prefixes
+# add $INTCOMM_PREFIX_KO to any; it will be removed later if at least one AS-SET authorizes this object
+match from 2001:db8:1:1::61 set ext-community $INTCOMM_PREFIX_KO
+# verifying if object is authorized by AS-SETs
+# AS-SET AS6 referenced but empty.
+# adding not_present_in_as_set community to unauthorized routes
+match from 2001:db8:1:1::61 ext-community $INTCOMM_PREFIX_KO set community 999:64513
+match from 2001:db8:1:1::61 ext-community $INTCOMM_PREFIX_KO set large-community 999:0:64513
+# adding present_in_as_set community to authorized routes
+match from 2001:db8:1:1::61 ext-community $INTCOMM_PREFIX_OK set community 999:64512
+match from 2001:db8:1:1::61 ext-community $INTCOMM_PREFIX_OK set large-community 999:0:64512
+
+
+# routes tagged with $INTCOMM_PREF_OK_ROA community have the prefix validated by a ROA; origin ASN previously validated ($INTCOMM_ORIGIN_OK)
+match from 2001:db8:1:1::61 ext-community $INTCOMM_ORIGIN_OK ext-community $INTCOMM_PREF_OK_ROA set community 999:64516
+match from 2001:db8:1:1::61 ext-community $INTCOMM_ORIGIN_OK ext-community $INTCOMM_PREF_OK_ROA set large-community 999:0:64516
+
+match from 2001:db8:1:1::61 ext-community $INTCOMM_ORIGIN_OK ext-community $INTCOMM_PREF_OK_ROA set ext-community delete $INTCOMM_IRR_REJECT
+
+
+
+# route authorized by a client's white list?
+match from 2001:db8:1:1::61 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_ROUTE_OK_WL set community 999:64517
+match from 2001:db8:1:1::61 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_ROUTE_OK_WL set large-community 999:0:64517
+
+match from 2001:db8:1:1::61 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_ROUTE_OK_WL set ext-community delete $INTCOMM_IRR_REJECT
+
+# enforcing: origin ASN
+# Reject inbound routes when 'from 2001:db8:1:1::61 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_ORIGIN_KO' - reject code: 9
+allow quick from 2001:db8:1:1::61 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_ORIGIN_KO set {
+	localpref 1
+	community 65520:0
+	community 65520:9
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# enforcing: prefix
+# Reject inbound routes when 'from 2001:db8:1:1::61 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_PREFIX_KO' - reject code: 12
+allow quick from 2001:db8:1:1::61 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_PREFIX_KO set {
+	localpref 1
+	community 65520:0
+	community 65520:12
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+
+# Prefix: length
+# Reject inbound routes when 'from 2001:db8:1:1::61 prefix ::/0 prefixlen 12 >< 48' - reject code: 13
+allow quick from 2001:db8:1:1::61 prefix ::/0 prefixlen 12 >< 48 set {
+	localpref 1
+	community 65520:0
+	community 65520:13
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+# Remove internal communities before accepting the route
+match from 2001:db8:1:1::61 set {
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+match from 2001:db8:1:1::61 set ext-community delete rt 65520:6
+
+
+
+allow quick from 2001:db8:1:1::61
+
+
+
+# ---------------------------------------------
+# client AS6_2, outbound
+
+deny quick to 2001:db8:1:1::61 community 65520:0
+
+
+
+# Blackhole request?
+# No blackhole filtering policy given
+deny quick to 2001:db8:1:1::61 community BLACKHOLE
+
+
+
+# NO_EXPORT and NO_ADVERTISE communities
+
+# BGP control communities
+allow to 2001:db8:1:1::61
+
+
+# Add the $INTCOMM_PROCESS_PREPEND_COMMS ext community to signal that communities
+# for prepending can be processed. As soon as one prepending action is performed,
+# this internal community is removed, so that further actions are not processed.
+match to 2001:db8:1:1::61 set ext-community $INTCOMM_PROCESS_PREPEND_COMMS
+
+
+
+
+
+
+
+# Scrub communities from outbound routes
+# reject_cause
+match to group clients set community delete 65520:*
+
+# reject_cause_map_6
+match to group clients set large-community delete 999:1101:7
+
+# rejected_route_announced_by
+match to group clients set ext-community delete rt 65520:*
+
+
+# Scrub prepending communities
+
+
+# RFC1997 NO_EXPORT/NO_ADVERTISE received from clients and propagated because of pass-through policy
+match to group clients ext-community $INTCOMM_NO_EXPORT set community NO_EXPORT
+match to group clients ext-community $INTCOMM_NO_ADVERTISE set community NO_ADVERTISE
+
+# Remove internal communities before announcing the route
+match to group clients set {
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
diff --git a/tests/live_tests/scenarios/tag_as_set/configs/TagASSetScenario_EmptyAS_SETs_OpenBGPDIPv6/openbgpd76p.conf b/tests/live_tests/scenarios/tag_as_set/configs/TagASSetScenario_EmptyAS_SETs_OpenBGPDIPv6/openbgpd76p.conf
new file mode 100644
index 00000000..b896b0a1
--- /dev/null
+++ b/tests/live_tests/scenarios/tag_as_set/configs/TagASSetScenario_EmptyAS_SETs_OpenBGPDIPv6/openbgpd76p.conf
@@ -0,0 +1,3557 @@
+# built by ARouteServer
+AS 999
+router-id 192.0.2.2
+
+fib-update no
+log updates
+
+nexthop qualify via default
+
+rde evaluate all
+
+INTCOMM_PREF_OK_ROA="soo 65535:1"
+INTCOMM_ROUTE_OK_WL="soo 65535:2"
+INTCOMM_PREF_OK_ARINDB="soo 65535:3"
+INTCOMM_PREF_OK_REGISTROBRDB="soo 65535:12"
+
+INTCOMM_ORIGIN_OK="soo 65535:4"
+INTCOMM_ORIGIN_KO="soo 65535:5"
+INTCOMM_PREFIX_OK="soo 65535:6"
+INTCOMM_PREFIX_KO="soo 65535:7"
+INTCOMM_IRR_REJECT="soo 65535:8"
+
+INTCOMM_RPKI_UNKNOWN="soo 65535:9"
+INTCOMM_RPKI_INVALID="soo 65535:10"
+INTCOMM_RPKI_VALID="soo 65535:11"
+
+INTCOMM_PROCESS_PREPEND_COMMS="soo 65535:13"
+
+INTCOMM_NO_EXPORT="soo 65535:65281"
+INTCOMM_NO_ADVERTISE="soo 65535:65282"
+
+# ---------------------------------------------------------
+# IRRDB
+
+# WHITE_LIST_AS4_1, used by client AS4_1 white list
+as-set "AS_SET_WHITE_LIST_AS4_1_asns" {
+    41
+}
+prefix-set "AS_SET_WHITE_LIST_AS4_1_prefixes" {
+    4.2.0.0/16 prefixlen 16 - 32
+    2a04:2::/32 prefixlen 32 - 128
+}
+
+# AS4, used by client AS4_1, client AS4_2
+# no origin ASNs found for AS4
+# no prefixes found for AS4
+
+# WHITE_LIST_AS2_2, used by client AS2_2 white list
+as-set "AS_SET_WHITE_LIST_AS2_2_asns" {
+    21
+}
+prefix-set "AS_SET_WHITE_LIST_AS2_2_prefixes" {
+    2.2.0.0/16 prefixlen 16 - 32
+    2a02:2::/32 prefixlen 32 - 128
+}
+
+# AS-AS5_FROM_PDB, used by client AS5_1, client AS5_2
+# no origin ASNs found for AS_AS5_FROM_PDB
+# no prefixes found for AS_AS5_FROM_PDB
+
+# AS-AS4, used by client AS4_1, client AS4_2
+# no origin ASNs found for AS_AS4
+# no prefixes found for AS_AS4
+
+# AS2, used by client AS2_1, client AS2_2
+# no origin ASNs found for AS2
+# no prefixes found for AS2
+
+# WHITE_LIST_AS5_2, used by client AS5_2 white list
+as-set "AS_SET_WHITE_LIST_AS5_2_asns" {
+    51
+}
+prefix-set "AS_SET_WHITE_LIST_AS5_2_prefixes" {
+    5.2.0.0/16 prefixlen 16 - 32
+    2a05:2::/32 prefixlen 32 - 128
+}
+
+# AS5, used by client AS5_1, client AS5_2
+# no origin ASNs found for AS5
+# no prefixes found for AS5
+
+# AS6, used by client AS6_1, client AS6_2
+# no origin ASNs found for AS6
+# no prefixes found for AS6
+
+# WHITE_LIST_AS5_1, used by client AS5_1 white list
+as-set "AS_SET_WHITE_LIST_AS5_1_asns" {
+    51
+}
+prefix-set "AS_SET_WHITE_LIST_AS5_1_prefixes" {
+    5.2.0.0/16 prefixlen 16 - 32
+    2a05:2::/32 prefixlen 32 - 128
+}
+
+# WHITE_LIST_AS2_1, used by client AS2_1 white list
+as-set "AS_SET_WHITE_LIST_AS2_1_asns" {
+    21
+}
+prefix-set "AS_SET_WHITE_LIST_AS2_1_prefixes" {
+    2.2.0.0/16 prefixlen 16 - 32
+    2a02:2::/32 prefixlen 32 - 128
+}
+
+# AS1, used by client AS1_1, client AS1_2
+# no origin ASNs found for AS1
+# no prefixes found for AS1
+
+# WHITE_LIST_AS4_2, used by client AS4_2 white list
+as-set "AS_SET_WHITE_LIST_AS4_2_asns" {
+    41
+}
+prefix-set "AS_SET_WHITE_LIST_AS4_2_prefixes" {
+    4.2.0.0/16 prefixlen 16 - 32
+    2a04:2::/32 prefixlen 32 - 128
+}
+
+# AS-AS2, used by client AS2_1, client AS2_2
+# no origin ASNs found for AS_AS2
+# no prefixes found for AS_AS2
+
+
+
+
+# ---------------------------------------------------------
+# MEMBERS
+
+group "clients" {
+
+	neighbor 192.0.2.11 {
+		remote-as 1
+
+		rde evaluate all
+
+		descr "AS1_1 client, no AS-SET"
+		passive
+		ttl-security no
+		transparent-as yes
+		enforce neighbor-as no
+
+		announce as-4byte yes
+		announce IPv6 none
+		announce IPv4 unicast
+
+		set nexthop no-modify
+	}
+
+	neighbor 2001:db8:1:1::11 {
+		remote-as 1
+
+		rde evaluate all
+
+		descr "AS1_1 client, no AS-SET"
+		passive
+		ttl-security no
+		transparent-as yes
+		enforce neighbor-as no
+
+		announce as-4byte yes
+		announce IPv6 unicast
+		announce IPv4 none
+
+		set nexthop no-modify
+	}
+
+	neighbor 192.0.2.21 {
+		remote-as 2
+
+		rde evaluate all
+
+		descr "AS2_1 client, AS-SET from AS..."
+		passive
+		ttl-security no
+		transparent-as yes
+		enforce neighbor-as no
+
+		announce as-4byte yes
+		announce IPv6 none
+		announce IPv4 unicast
+
+		set nexthop no-modify
+	}
+
+	neighbor 2001:db8:1:1::21 {
+		remote-as 2
+
+		rde evaluate all
+
+		descr "AS2_1 client, AS-SET from AS..."
+		passive
+		ttl-security no
+		transparent-as yes
+		enforce neighbor-as no
+
+		announce as-4byte yes
+		announce IPv6 unicast
+		announce IPv4 none
+
+		set nexthop no-modify
+	}
+
+	neighbor 192.0.2.41 {
+		remote-as 4
+
+		rde evaluate all
+
+		descr "AS4_1 client, AS-SET configu..."
+		passive
+		ttl-security no
+		transparent-as yes
+		enforce neighbor-as no
+
+		announce as-4byte yes
+		announce IPv6 none
+		announce IPv4 unicast
+
+		set nexthop no-modify
+	}
+
+	neighbor 2001:db8:1:1::41 {
+		remote-as 4
+
+		rde evaluate all
+
+		descr "AS4_1 client, AS-SET configu..."
+		passive
+		ttl-security no
+		transparent-as yes
+		enforce neighbor-as no
+
+		announce as-4byte yes
+		announce IPv6 unicast
+		announce IPv4 none
+
+		set nexthop no-modify
+	}
+
+	neighbor 192.0.2.51 {
+		remote-as 5
+
+		rde evaluate all
+
+		descr "AS5_1 client, AS-SET from Pe..."
+		passive
+		ttl-security no
+		transparent-as yes
+		enforce neighbor-as no
+
+		announce as-4byte yes
+		announce IPv6 none
+		announce IPv4 unicast
+
+		set nexthop no-modify
+	}
+
+	neighbor 2001:db8:1:1::51 {
+		remote-as 5
+
+		rde evaluate all
+
+		descr "AS5_1 client, AS-SET from Pe..."
+		passive
+		ttl-security no
+		transparent-as yes
+		enforce neighbor-as no
+
+		announce as-4byte yes
+		announce IPv6 unicast
+		announce IPv4 none
+
+		set nexthop no-modify
+	}
+
+	neighbor 192.0.2.61 {
+		remote-as 6
+
+		rde evaluate all
+
+		descr "AS6_1 client"
+		passive
+		ttl-security no
+		transparent-as yes
+		enforce neighbor-as no
+
+		announce as-4byte yes
+		announce IPv6 none
+		announce IPv4 unicast
+
+		set nexthop no-modify
+	}
+
+	neighbor 2001:db8:1:1::61 {
+		remote-as 6
+
+		rde evaluate all
+
+		descr "AS6_1 client"
+		passive
+		ttl-security no
+		transparent-as yes
+		enforce neighbor-as no
+
+		announce as-4byte yes
+		announce IPv6 unicast
+		announce IPv4 none
+
+		set nexthop no-modify
+	}
+}
+
+
+
+# ---------------------------------------------------------
+# FILTERS
+
+# NO_ADVERTISE usage notes.
+# The NO_ADVERTISE well-know community is used here to handle
+# filters that span over multiple steps. At first it is added
+# to any route, then it is removed as filters conditions are
+# satisfied. Finally, if it is still present, it means that
+# the route should be discarded.
+
+
+
+
+
+prefix-set "bogons" {
+    0.0.0.0/0
+    0.0.0.0/8 prefixlen 8 - 32
+    10.0.0.0/8 prefixlen 8 - 32
+    127.0.0.0/8 prefixlen 8 - 32
+    169.254.0.0/16 prefixlen 16 - 32
+    172.16.0.0/12 prefixlen 12 - 32
+    192.0.2.0/24 prefixlen 24 - 32
+    192.88.99.0/24 prefixlen 24 - 32
+    192.168.0.0/16 prefixlen 16 - 32
+    198.18.0.0/15 prefixlen 15 - 32
+    198.51.100.0/24 prefixlen 24 - 32
+    203.0.113.0/24 prefixlen 24 - 32
+    224.0.0.0/3 prefixlen 3 - 32
+    100.64.0.0/10 prefixlen 10 - 32
+    ::/0
+    ::/8 prefixlen 8 - 128
+    64:ff9b::/96 prefixlen 96 - 128
+    100::/8 prefixlen 8 - 128
+    200::/7 prefixlen 7 - 128
+    400::/6 prefixlen 6 - 128
+    800::/5 prefixlen 5 - 128
+    1000::/4 prefixlen 4 - 128
+    2001::/33 prefixlen 33 - 128
+    2001:0:8000::/33 prefixlen 33 - 128
+    2001:2::/48 prefixlen 48 - 128
+    2001:3::/32 prefixlen 32 - 128
+    2001:10::/28 prefixlen 28 - 128
+    2001:20::/28 prefixlen 28 - 128
+    2001:db8::/32 prefixlen 32 - 128
+    2002::/16 prefixlen 16 - 128
+    3ffe::/16 prefixlen 16 - 128
+    4000::/3 prefixlen 3 - 128
+    5f00::/8 prefixlen 8 - 128
+    6000::/3 prefixlen 3 - 128
+    8000::/3 prefixlen 3 - 128
+    a000::/3 prefixlen 3 - 128
+    c000::/3 prefixlen 3 - 128
+    e000::/4 prefixlen 4 - 128
+    f000::/5 prefixlen 5 - 128
+    f800::/6 prefixlen 6 - 128
+    fc00::/7 prefixlen 7 - 128
+    fe80::/10 prefixlen 10 - 128
+    fec0::/10 prefixlen 10 - 128
+    ff00::/8 prefixlen 8 - 128
+
+}
+
+
+# =====================================================================================
+# Global rules.
+
+# This part of configuration is processed at the beginning of the filters.
+# The rules defined in this part are applied to all the clients, and not on a
+# client-by-client basis (see the 'match from group clients'), so only global policies
+# can be implemented here, that is no client-level configuration are allowed.
+
+
+
+# Scrub communities from inbound routes
+# origin_not_present_in_as_set
+match from group clients set community delete 999:64515
+match from group clients set large-community delete 999:0:64515
+
+# origin_present_in_as_set
+match from group clients set community delete 999:64514
+match from group clients set large-community delete 999:0:64514
+
+# prefix_not_present_in_as_set
+match from group clients set community delete 999:64513
+match from group clients set large-community delete 999:0:64513
+
+# prefix_present_in_as_set
+match from group clients set community delete 999:64512
+match from group clients set large-community delete 999:0:64512
+
+# prefix_validated_via_arin_whois_db_dump
+match from group clients set community delete 999:64518
+match from group clients set large-community delete 999:0:64518
+
+# prefix_validated_via_rpki_roas
+match from group clients set community delete 999:64516
+match from group clients set large-community delete 999:0:64516
+
+# reject_cause
+match from group clients set community delete 65520:*
+
+# reject_cause_map_6
+match from group clients set large-community delete 999:1101:7
+
+# rejected_route_announced_by
+match from group clients set ext-community delete rt 65520:*
+
+# route_validated_via_white_list
+match from group clients set community delete 999:64517
+match from group clients set large-community delete 999:0:64517
+
+
+# Scrub internal communities from inbound routes
+match from group clients set {
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+# The main goal of this block is to enrich routes received from clients by attaching to them
+# internal informational communities which are used later by the rest of the filter rules.
+
+# Internal communities used for RFC1997 well-known communities handling
+
+# Transform NO_EXPORT into $INTCOMM_NO_EXPORT
+match from group clients community NO_EXPORT set { ext-community $INTCOMM_NO_EXPORT community delete NO_EXPORT }
+
+# Transform NO_ADVERTISE into $INTCOMM_NO_ADVERTISE
+match from group clients community NO_ADVERTISE set { ext-community $INTCOMM_NO_ADVERTISE community delete NO_ADVERTISE }
+
+
+# ---------------------------------------------------------
+# ROAs source
+
+
+roa-set {
+
+}
+
+
+
+
+# ---------------------------------------------------------
+# RPKI ROAs used as route objects.
+
+# Add the $INTCOMM_PREF_OK_ROA ext community to routes whose
+# origin ASN has a ROA for the announced prefix.
+# It will be used later during IRRDB validation in
+# case the origin ASN is authorized by a client's
+# AS-SET but the prefix is not.
+
+match from group clients ovs valid set ext-community $INTCOMM_PREF_OK_ROA
+
+
+
+
+
+
+# Set the 'rejected_route_announced_by' community for all the clients.
+# It will be removed later if the route is not invalid
+match from 192.0.2.11 set ext-community rt 65520:1
+
+match from 2001:db8:1:1::11 set ext-community rt 65520:1
+
+match from 192.0.2.21 set ext-community rt 65520:2
+
+match from 2001:db8:1:1::21 set ext-community rt 65520:2
+
+match from 192.0.2.41 set ext-community rt 65520:4
+
+match from 2001:db8:1:1::41 set ext-community rt 65520:4
+
+match from 192.0.2.51 set ext-community rt 65520:5
+
+match from 2001:db8:1:1::51 set ext-community rt 65520:5
+
+match from 192.0.2.61 set ext-community rt 65520:6
+
+match from 2001:db8:1:1::61 set ext-community rt 65520:6
+
+
+
+
+# AS_PATH: length
+# Reject inbound routes when 'from group clients max-as-len 32' - reject code: 1
+allow quick from group clients max-as-len 32 set {
+	localpref 1
+	community 65520:0
+	community 65520:1
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+# Prefix: only IPv6 Global Unicast space allowed
+match from group clients inet6 set community NO_ADVERTISE
+match from group clients prefix 2000::/3 or-longer set community delete NO_ADVERTISE
+# Reject inbound routes when 'from group clients community NO_ADVERTISE' - reject code: 10
+allow quick from group clients community NO_ADVERTISE set {
+	localpref 1
+	community 65520:0
+	community 65520:10
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# Prefix: bogon
+# Reject inbound routes when 'from group clients prefix-set bogons' - reject code: 2
+allow quick from group clients prefix-set bogons set {
+	localpref 1
+	community 65520:0
+	community 65520:2
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+
+# =====================================================================================
+# Per client rules.
+
+
+# ---------------------------------------------
+# client AS1_1, inbound
+
+
+
+# NEXT_HOP
+match from 192.0.2.11 set community NO_ADVERTISE
+match from 192.0.2.11 nexthop 192.0.2.11 set community delete NO_ADVERTISE
+# Reject inbound routes when 'from 192.0.2.11 community NO_ADVERTISE' - reject code: 5
+allow quick from 192.0.2.11 community NO_ADVERTISE set {
+	localpref 1
+	community 65520:0
+	community 65520:5
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: left-most ASN
+# Reject inbound routes when 'from 192.0.2.11 peer-as != 1' - reject code: 6
+# community from reject_cause_map
+allow quick from 192.0.2.11 peer-as != 1 set {
+	localpref 1
+	community 65520:0
+	community 65520:6
+	large-community 999:1101:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: invalid ASNs
+# Reject inbound routes when 'from 192.0.2.11 AS 23456' - reject code: 7
+allow quick from 192.0.2.11 AS 23456 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 192.0.2.11 AS 64496 - 131071' - reject code: 7
+allow quick from 192.0.2.11 AS 64496 - 131071 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 192.0.2.11 AS 4200000000 - 4294967295' - reject code: 7
+allow quick from 192.0.2.11 AS 4200000000 - 4294967295 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+
+
+match from 192.0.2.11 set ext-community $INTCOMM_IRR_REJECT
+
+# AS_PATH: check origin via AS-SET
+# IRRDB filters for AS1_1, AS1: asns
+# add $INTCOMM_ORIGIN_KO to any; it will be removed later if at least one AS-SET authorizes this object
+match from 192.0.2.11 set ext-community $INTCOMM_ORIGIN_KO
+# verifying if object is authorized by AS-SETs
+# AS-SET AS1 referenced but empty.
+# adding not_present_in_as_set community to unauthorized routes
+match from 192.0.2.11 ext-community $INTCOMM_ORIGIN_KO set community 999:64515
+match from 192.0.2.11 ext-community $INTCOMM_ORIGIN_KO set large-community 999:0:64515
+# adding present_in_as_set community to authorized routes
+match from 192.0.2.11 ext-community $INTCOMM_ORIGIN_OK set community 999:64514
+match from 192.0.2.11 ext-community $INTCOMM_ORIGIN_OK set large-community 999:0:64514
+
+
+# Prefix: check prefix via AS-SET
+# IRRDB filters for AS1_1, AS1: prefixes
+# add $INTCOMM_PREFIX_KO to any; it will be removed later if at least one AS-SET authorizes this object
+match from 192.0.2.11 set ext-community $INTCOMM_PREFIX_KO
+# verifying if object is authorized by AS-SETs
+# AS-SET AS1 referenced but empty.
+# adding not_present_in_as_set community to unauthorized routes
+match from 192.0.2.11 ext-community $INTCOMM_PREFIX_KO set community 999:64513
+match from 192.0.2.11 ext-community $INTCOMM_PREFIX_KO set large-community 999:0:64513
+# adding present_in_as_set community to authorized routes
+match from 192.0.2.11 ext-community $INTCOMM_PREFIX_OK set community 999:64512
+match from 192.0.2.11 ext-community $INTCOMM_PREFIX_OK set large-community 999:0:64512
+
+
+# routes tagged with $INTCOMM_PREF_OK_ROA community have the prefix validated by a ROA; origin ASN previously validated ($INTCOMM_ORIGIN_OK)
+match from 192.0.2.11 ext-community $INTCOMM_ORIGIN_OK ext-community $INTCOMM_PREF_OK_ROA set community 999:64516
+match from 192.0.2.11 ext-community $INTCOMM_ORIGIN_OK ext-community $INTCOMM_PREF_OK_ROA set large-community 999:0:64516
+
+match from 192.0.2.11 ext-community $INTCOMM_ORIGIN_OK ext-community $INTCOMM_PREF_OK_ROA set ext-community delete $INTCOMM_IRR_REJECT
+
+
+
+
+
+
+
+# Prefix: length
+# Reject inbound routes when 'from 192.0.2.11 prefix 0.0.0.0/0 prefixlen 8 >< 24' - reject code: 13
+allow quick from 192.0.2.11 prefix 0.0.0.0/0 prefixlen 8 >< 24 set {
+	localpref 1
+	community 65520:0
+	community 65520:13
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+# Remove internal communities before accepting the route
+match from 192.0.2.11 set {
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+match from 192.0.2.11 set ext-community delete rt 65520:1
+
+
+
+allow quick from 192.0.2.11
+
+
+
+# ---------------------------------------------
+# client AS1_1, outbound
+
+deny quick to 192.0.2.11 community 65520:0
+
+
+
+# Blackhole request?
+# No blackhole filtering policy given
+deny quick to 192.0.2.11 community BLACKHOLE
+
+
+
+# NO_EXPORT and NO_ADVERTISE communities
+
+# BGP control communities
+allow to 192.0.2.11
+
+
+# Add the $INTCOMM_PROCESS_PREPEND_COMMS ext community to signal that communities
+# for prepending can be processed. As soon as one prepending action is performed,
+# this internal community is removed, so that further actions are not processed.
+match to 192.0.2.11 set ext-community $INTCOMM_PROCESS_PREPEND_COMMS
+
+
+
+
+
+# ---------------------------------------------
+# client AS1_2, inbound
+
+
+
+# NEXT_HOP
+match from 2001:db8:1:1::11 set community NO_ADVERTISE
+match from 2001:db8:1:1::11 nexthop 2001:db8:1:1::11 set community delete NO_ADVERTISE
+# Reject inbound routes when 'from 2001:db8:1:1::11 community NO_ADVERTISE' - reject code: 5
+allow quick from 2001:db8:1:1::11 community NO_ADVERTISE set {
+	localpref 1
+	community 65520:0
+	community 65520:5
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: left-most ASN
+# Reject inbound routes when 'from 2001:db8:1:1::11 peer-as != 1' - reject code: 6
+# community from reject_cause_map
+allow quick from 2001:db8:1:1::11 peer-as != 1 set {
+	localpref 1
+	community 65520:0
+	community 65520:6
+	large-community 999:1101:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: invalid ASNs
+# Reject inbound routes when 'from 2001:db8:1:1::11 AS 23456' - reject code: 7
+allow quick from 2001:db8:1:1::11 AS 23456 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 2001:db8:1:1::11 AS 64496 - 131071' - reject code: 7
+allow quick from 2001:db8:1:1::11 AS 64496 - 131071 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 2001:db8:1:1::11 AS 4200000000 - 4294967295' - reject code: 7
+allow quick from 2001:db8:1:1::11 AS 4200000000 - 4294967295 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+
+
+match from 2001:db8:1:1::11 set ext-community $INTCOMM_IRR_REJECT
+
+# AS_PATH: check origin via AS-SET
+# IRRDB filters for AS1_2, AS1: asns
+# add $INTCOMM_ORIGIN_KO to any; it will be removed later if at least one AS-SET authorizes this object
+match from 2001:db8:1:1::11 set ext-community $INTCOMM_ORIGIN_KO
+# verifying if object is authorized by AS-SETs
+# AS-SET AS1 referenced but empty.
+# adding not_present_in_as_set community to unauthorized routes
+match from 2001:db8:1:1::11 ext-community $INTCOMM_ORIGIN_KO set community 999:64515
+match from 2001:db8:1:1::11 ext-community $INTCOMM_ORIGIN_KO set large-community 999:0:64515
+# adding present_in_as_set community to authorized routes
+match from 2001:db8:1:1::11 ext-community $INTCOMM_ORIGIN_OK set community 999:64514
+match from 2001:db8:1:1::11 ext-community $INTCOMM_ORIGIN_OK set large-community 999:0:64514
+
+
+# Prefix: check prefix via AS-SET
+# IRRDB filters for AS1_2, AS1: prefixes
+# add $INTCOMM_PREFIX_KO to any; it will be removed later if at least one AS-SET authorizes this object
+match from 2001:db8:1:1::11 set ext-community $INTCOMM_PREFIX_KO
+# verifying if object is authorized by AS-SETs
+# AS-SET AS1 referenced but empty.
+# adding not_present_in_as_set community to unauthorized routes
+match from 2001:db8:1:1::11 ext-community $INTCOMM_PREFIX_KO set community 999:64513
+match from 2001:db8:1:1::11 ext-community $INTCOMM_PREFIX_KO set large-community 999:0:64513
+# adding present_in_as_set community to authorized routes
+match from 2001:db8:1:1::11 ext-community $INTCOMM_PREFIX_OK set community 999:64512
+match from 2001:db8:1:1::11 ext-community $INTCOMM_PREFIX_OK set large-community 999:0:64512
+
+
+# routes tagged with $INTCOMM_PREF_OK_ROA community have the prefix validated by a ROA; origin ASN previously validated ($INTCOMM_ORIGIN_OK)
+match from 2001:db8:1:1::11 ext-community $INTCOMM_ORIGIN_OK ext-community $INTCOMM_PREF_OK_ROA set community 999:64516
+match from 2001:db8:1:1::11 ext-community $INTCOMM_ORIGIN_OK ext-community $INTCOMM_PREF_OK_ROA set large-community 999:0:64516
+
+match from 2001:db8:1:1::11 ext-community $INTCOMM_ORIGIN_OK ext-community $INTCOMM_PREF_OK_ROA set ext-community delete $INTCOMM_IRR_REJECT
+
+
+
+
+
+
+
+# Prefix: length
+# Reject inbound routes when 'from 2001:db8:1:1::11 prefix ::/0 prefixlen 12 >< 48' - reject code: 13
+allow quick from 2001:db8:1:1::11 prefix ::/0 prefixlen 12 >< 48 set {
+	localpref 1
+	community 65520:0
+	community 65520:13
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+# Remove internal communities before accepting the route
+match from 2001:db8:1:1::11 set {
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+match from 2001:db8:1:1::11 set ext-community delete rt 65520:1
+
+
+
+allow quick from 2001:db8:1:1::11
+
+
+
+# ---------------------------------------------
+# client AS1_2, outbound
+
+deny quick to 2001:db8:1:1::11 community 65520:0
+
+
+
+# Blackhole request?
+# No blackhole filtering policy given
+deny quick to 2001:db8:1:1::11 community BLACKHOLE
+
+
+
+# NO_EXPORT and NO_ADVERTISE communities
+
+# BGP control communities
+allow to 2001:db8:1:1::11
+
+
+# Add the $INTCOMM_PROCESS_PREPEND_COMMS ext community to signal that communities
+# for prepending can be processed. As soon as one prepending action is performed,
+# this internal community is removed, so that further actions are not processed.
+match to 2001:db8:1:1::11 set ext-community $INTCOMM_PROCESS_PREPEND_COMMS
+
+
+
+
+
+# ---------------------------------------------
+# client AS2_1, inbound
+
+
+
+# NEXT_HOP
+match from 192.0.2.21 set community NO_ADVERTISE
+match from 192.0.2.21 nexthop 192.0.2.21 set community delete NO_ADVERTISE
+# Reject inbound routes when 'from 192.0.2.21 community NO_ADVERTISE' - reject code: 5
+allow quick from 192.0.2.21 community NO_ADVERTISE set {
+	localpref 1
+	community 65520:0
+	community 65520:5
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: left-most ASN
+# Reject inbound routes when 'from 192.0.2.21 peer-as != 2' - reject code: 6
+# community from reject_cause_map
+allow quick from 192.0.2.21 peer-as != 2 set {
+	localpref 1
+	community 65520:0
+	community 65520:6
+	large-community 999:1101:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: invalid ASNs
+# Reject inbound routes when 'from 192.0.2.21 AS 23456' - reject code: 7
+allow quick from 192.0.2.21 AS 23456 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 192.0.2.21 AS 64496 - 131071' - reject code: 7
+allow quick from 192.0.2.21 AS 64496 - 131071 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 192.0.2.21 AS 4200000000 - 4294967295' - reject code: 7
+allow quick from 192.0.2.21 AS 4200000000 - 4294967295 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+
+
+match from 192.0.2.21 set ext-community $INTCOMM_IRR_REJECT
+
+# AS_PATH: check origin via AS-SET
+# IRRDB filters for AS2_1, AS2: asns
+# add $INTCOMM_ORIGIN_KO to any; it will be removed later if at least one AS-SET authorizes this object
+match from 192.0.2.21 set ext-community $INTCOMM_ORIGIN_KO
+# verifying if object is authorized by AS-SETs
+# AS-SET AS2 referenced but empty.
+match from 192.0.2.21 source-as as-set AS_SET_WHITE_LIST_AS2_1_asns set {
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community $INTCOMM_ORIGIN_OK
+} # WHITE_LIST_AS2_1
+# AS-SET AS_AS2 referenced but empty.
+# adding not_present_in_as_set community to unauthorized routes
+match from 192.0.2.21 ext-community $INTCOMM_ORIGIN_KO set community 999:64515
+match from 192.0.2.21 ext-community $INTCOMM_ORIGIN_KO set large-community 999:0:64515
+# adding present_in_as_set community to authorized routes
+match from 192.0.2.21 ext-community $INTCOMM_ORIGIN_OK set community 999:64514
+match from 192.0.2.21 ext-community $INTCOMM_ORIGIN_OK set large-community 999:0:64514
+
+
+# Prefix: check prefix via AS-SET
+# IRRDB filters for AS2_1, AS2: prefixes
+# add $INTCOMM_PREFIX_KO to any; it will be removed later if at least one AS-SET authorizes this object
+match from 192.0.2.21 set ext-community $INTCOMM_PREFIX_KO
+# verifying if object is authorized by AS-SETs
+# AS-SET AS2 referenced but empty.
+match from 192.0.2.21 prefix-set AS_SET_WHITE_LIST_AS2_1_prefixes set {
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community $INTCOMM_PREFIX_OK
+} # WHITE_LIST_AS2_1
+# AS-SET AS_AS2 referenced but empty.
+# adding not_present_in_as_set community to unauthorized routes
+match from 192.0.2.21 ext-community $INTCOMM_PREFIX_KO set community 999:64513
+match from 192.0.2.21 ext-community $INTCOMM_PREFIX_KO set large-community 999:0:64513
+# adding present_in_as_set community to authorized routes
+match from 192.0.2.21 ext-community $INTCOMM_PREFIX_OK set community 999:64512
+match from 192.0.2.21 ext-community $INTCOMM_PREFIX_OK set large-community 999:0:64512
+
+
+# routes tagged with $INTCOMM_PREF_OK_ROA community have the prefix validated by a ROA; origin ASN previously validated ($INTCOMM_ORIGIN_OK)
+match from 192.0.2.21 ext-community $INTCOMM_ORIGIN_OK ext-community $INTCOMM_PREF_OK_ROA set community 999:64516
+match from 192.0.2.21 ext-community $INTCOMM_ORIGIN_OK ext-community $INTCOMM_PREF_OK_ROA set large-community 999:0:64516
+
+match from 192.0.2.21 ext-community $INTCOMM_ORIGIN_OK ext-community $INTCOMM_PREF_OK_ROA set ext-community delete $INTCOMM_IRR_REJECT
+
+
+
+
+
+
+
+# Prefix: length
+# Reject inbound routes when 'from 192.0.2.21 prefix 0.0.0.0/0 prefixlen 8 >< 24' - reject code: 13
+allow quick from 192.0.2.21 prefix 0.0.0.0/0 prefixlen 8 >< 24 set {
+	localpref 1
+	community 65520:0
+	community 65520:13
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+# Remove internal communities before accepting the route
+match from 192.0.2.21 set {
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+match from 192.0.2.21 set ext-community delete rt 65520:2
+
+
+
+allow quick from 192.0.2.21
+
+
+
+# ---------------------------------------------
+# client AS2_1, outbound
+
+deny quick to 192.0.2.21 community 65520:0
+
+
+
+# Blackhole request?
+# No blackhole filtering policy given
+deny quick to 192.0.2.21 community BLACKHOLE
+
+
+
+# NO_EXPORT and NO_ADVERTISE communities
+
+# BGP control communities
+allow to 192.0.2.21
+
+
+# Add the $INTCOMM_PROCESS_PREPEND_COMMS ext community to signal that communities
+# for prepending can be processed. As soon as one prepending action is performed,
+# this internal community is removed, so that further actions are not processed.
+match to 192.0.2.21 set ext-community $INTCOMM_PROCESS_PREPEND_COMMS
+
+
+
+
+
+# ---------------------------------------------
+# client AS2_2, inbound
+
+
+
+# NEXT_HOP
+match from 2001:db8:1:1::21 set community NO_ADVERTISE
+match from 2001:db8:1:1::21 nexthop 2001:db8:1:1::21 set community delete NO_ADVERTISE
+# Reject inbound routes when 'from 2001:db8:1:1::21 community NO_ADVERTISE' - reject code: 5
+allow quick from 2001:db8:1:1::21 community NO_ADVERTISE set {
+	localpref 1
+	community 65520:0
+	community 65520:5
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: left-most ASN
+# Reject inbound routes when 'from 2001:db8:1:1::21 peer-as != 2' - reject code: 6
+# community from reject_cause_map
+allow quick from 2001:db8:1:1::21 peer-as != 2 set {
+	localpref 1
+	community 65520:0
+	community 65520:6
+	large-community 999:1101:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: invalid ASNs
+# Reject inbound routes when 'from 2001:db8:1:1::21 AS 23456' - reject code: 7
+allow quick from 2001:db8:1:1::21 AS 23456 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 2001:db8:1:1::21 AS 64496 - 131071' - reject code: 7
+allow quick from 2001:db8:1:1::21 AS 64496 - 131071 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 2001:db8:1:1::21 AS 4200000000 - 4294967295' - reject code: 7
+allow quick from 2001:db8:1:1::21 AS 4200000000 - 4294967295 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+
+
+match from 2001:db8:1:1::21 set ext-community $INTCOMM_IRR_REJECT
+
+# AS_PATH: check origin via AS-SET
+# IRRDB filters for AS2_2, AS2: asns
+# add $INTCOMM_ORIGIN_KO to any; it will be removed later if at least one AS-SET authorizes this object
+match from 2001:db8:1:1::21 set ext-community $INTCOMM_ORIGIN_KO
+# verifying if object is authorized by AS-SETs
+match from 2001:db8:1:1::21 source-as as-set AS_SET_WHITE_LIST_AS2_2_asns set {
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community $INTCOMM_ORIGIN_OK
+} # WHITE_LIST_AS2_2
+# AS-SET AS2 referenced but empty.
+# AS-SET AS_AS2 referenced but empty.
+# adding not_present_in_as_set community to unauthorized routes
+match from 2001:db8:1:1::21 ext-community $INTCOMM_ORIGIN_KO set community 999:64515
+match from 2001:db8:1:1::21 ext-community $INTCOMM_ORIGIN_KO set large-community 999:0:64515
+# adding present_in_as_set community to authorized routes
+match from 2001:db8:1:1::21 ext-community $INTCOMM_ORIGIN_OK set community 999:64514
+match from 2001:db8:1:1::21 ext-community $INTCOMM_ORIGIN_OK set large-community 999:0:64514
+
+
+# Prefix: check prefix via AS-SET
+# IRRDB filters for AS2_2, AS2: prefixes
+# add $INTCOMM_PREFIX_KO to any; it will be removed later if at least one AS-SET authorizes this object
+match from 2001:db8:1:1::21 set ext-community $INTCOMM_PREFIX_KO
+# verifying if object is authorized by AS-SETs
+match from 2001:db8:1:1::21 prefix-set AS_SET_WHITE_LIST_AS2_2_prefixes set {
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community $INTCOMM_PREFIX_OK
+} # WHITE_LIST_AS2_2
+# AS-SET AS2 referenced but empty.
+# AS-SET AS_AS2 referenced but empty.
+# adding not_present_in_as_set community to unauthorized routes
+match from 2001:db8:1:1::21 ext-community $INTCOMM_PREFIX_KO set community 999:64513
+match from 2001:db8:1:1::21 ext-community $INTCOMM_PREFIX_KO set large-community 999:0:64513
+# adding present_in_as_set community to authorized routes
+match from 2001:db8:1:1::21 ext-community $INTCOMM_PREFIX_OK set community 999:64512
+match from 2001:db8:1:1::21 ext-community $INTCOMM_PREFIX_OK set large-community 999:0:64512
+
+
+# routes tagged with $INTCOMM_PREF_OK_ROA community have the prefix validated by a ROA; origin ASN previously validated ($INTCOMM_ORIGIN_OK)
+match from 2001:db8:1:1::21 ext-community $INTCOMM_ORIGIN_OK ext-community $INTCOMM_PREF_OK_ROA set community 999:64516
+match from 2001:db8:1:1::21 ext-community $INTCOMM_ORIGIN_OK ext-community $INTCOMM_PREF_OK_ROA set large-community 999:0:64516
+
+match from 2001:db8:1:1::21 ext-community $INTCOMM_ORIGIN_OK ext-community $INTCOMM_PREF_OK_ROA set ext-community delete $INTCOMM_IRR_REJECT
+
+
+
+
+
+
+
+# Prefix: length
+# Reject inbound routes when 'from 2001:db8:1:1::21 prefix ::/0 prefixlen 12 >< 48' - reject code: 13
+allow quick from 2001:db8:1:1::21 prefix ::/0 prefixlen 12 >< 48 set {
+	localpref 1
+	community 65520:0
+	community 65520:13
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+# Remove internal communities before accepting the route
+match from 2001:db8:1:1::21 set {
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+match from 2001:db8:1:1::21 set ext-community delete rt 65520:2
+
+
+
+allow quick from 2001:db8:1:1::21
+
+
+
+# ---------------------------------------------
+# client AS2_2, outbound
+
+deny quick to 2001:db8:1:1::21 community 65520:0
+
+
+
+# Blackhole request?
+# No blackhole filtering policy given
+deny quick to 2001:db8:1:1::21 community BLACKHOLE
+
+
+
+# NO_EXPORT and NO_ADVERTISE communities
+
+# BGP control communities
+allow to 2001:db8:1:1::21
+
+
+# Add the $INTCOMM_PROCESS_PREPEND_COMMS ext community to signal that communities
+# for prepending can be processed. As soon as one prepending action is performed,
+# this internal community is removed, so that further actions are not processed.
+match to 2001:db8:1:1::21 set ext-community $INTCOMM_PROCESS_PREPEND_COMMS
+
+
+
+
+
+# ---------------------------------------------
+# client AS4_1, inbound
+
+
+
+# NEXT_HOP
+match from 192.0.2.41 set community NO_ADVERTISE
+match from 192.0.2.41 nexthop 192.0.2.41 set community delete NO_ADVERTISE
+# Reject inbound routes when 'from 192.0.2.41 community NO_ADVERTISE' - reject code: 5
+allow quick from 192.0.2.41 community NO_ADVERTISE set {
+	localpref 1
+	community 65520:0
+	community 65520:5
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: left-most ASN
+# Reject inbound routes when 'from 192.0.2.41 peer-as != 4' - reject code: 6
+# community from reject_cause_map
+allow quick from 192.0.2.41 peer-as != 4 set {
+	localpref 1
+	community 65520:0
+	community 65520:6
+	large-community 999:1101:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: invalid ASNs
+# Reject inbound routes when 'from 192.0.2.41 AS 23456' - reject code: 7
+allow quick from 192.0.2.41 AS 23456 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 192.0.2.41 AS 64496 - 131071' - reject code: 7
+allow quick from 192.0.2.41 AS 64496 - 131071 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 192.0.2.41 AS 4200000000 - 4294967295' - reject code: 7
+allow quick from 192.0.2.41 AS 4200000000 - 4294967295 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+
+# client's white list
+# Add the $INTCOMM_ROUTE_OK_WL ext community to routes which
+# are validated by a client's white list entry.
+# It will be used later during IRRDB validation in
+# case the route is not authorized by a client's
+# AS-SET.
+match from 192.0.2.41 prefix 2a04:4::/32 source-as 44 set ext-community $INTCOMM_ROUTE_OK_WL	# None
+match from 192.0.2.41 prefix 2a04:5::/32 prefixlen 32 - 128 source-as 43 set ext-community $INTCOMM_ROUTE_OK_WL	# None
+match from 192.0.2.41 prefix 2a04:6::/32 prefixlen 32 - 128 set ext-community $INTCOMM_ROUTE_OK_WL	# None
+match from 192.0.2.41 prefix 4.4.0.0/16 source-as 44 set ext-community $INTCOMM_ROUTE_OK_WL	# None
+match from 192.0.2.41 prefix 4.5.0.0/16 prefixlen 16 - 32 source-as 43 set ext-community $INTCOMM_ROUTE_OK_WL	# None
+match from 192.0.2.41 prefix 4.6.0.0/16 prefixlen 16 - 32 set ext-community $INTCOMM_ROUTE_OK_WL	# None
+
+match from 192.0.2.41 set ext-community $INTCOMM_IRR_REJECT
+
+# AS_PATH: check origin via AS-SET
+# IRRDB filters for AS4_1, AS4: asns
+# add $INTCOMM_ORIGIN_KO to any; it will be removed later if at least one AS-SET authorizes this object
+match from 192.0.2.41 set ext-community $INTCOMM_ORIGIN_KO
+# verifying if object is authorized by AS-SETs
+match from 192.0.2.41 source-as as-set AS_SET_WHITE_LIST_AS4_1_asns set {
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community $INTCOMM_ORIGIN_OK
+} # WHITE_LIST_AS4_1
+# AS-SET AS4 referenced but empty.
+# AS-SET AS_AS4 referenced but empty.
+# adding not_present_in_as_set community to unauthorized routes
+match from 192.0.2.41 ext-community $INTCOMM_ORIGIN_KO set community 999:64515
+match from 192.0.2.41 ext-community $INTCOMM_ORIGIN_KO set large-community 999:0:64515
+# adding present_in_as_set community to authorized routes
+match from 192.0.2.41 ext-community $INTCOMM_ORIGIN_OK set community 999:64514
+match from 192.0.2.41 ext-community $INTCOMM_ORIGIN_OK set large-community 999:0:64514
+
+
+# Prefix: check prefix via AS-SET
+# IRRDB filters for AS4_1, AS4: prefixes
+# add $INTCOMM_PREFIX_KO to any; it will be removed later if at least one AS-SET authorizes this object
+match from 192.0.2.41 set ext-community $INTCOMM_PREFIX_KO
+# verifying if object is authorized by AS-SETs
+match from 192.0.2.41 prefix-set AS_SET_WHITE_LIST_AS4_1_prefixes set {
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community $INTCOMM_PREFIX_OK
+} # WHITE_LIST_AS4_1
+# AS-SET AS4 referenced but empty.
+# AS-SET AS_AS4 referenced but empty.
+# adding not_present_in_as_set community to unauthorized routes
+match from 192.0.2.41 ext-community $INTCOMM_PREFIX_KO set community 999:64513
+match from 192.0.2.41 ext-community $INTCOMM_PREFIX_KO set large-community 999:0:64513
+# adding present_in_as_set community to authorized routes
+match from 192.0.2.41 ext-community $INTCOMM_PREFIX_OK set community 999:64512
+match from 192.0.2.41 ext-community $INTCOMM_PREFIX_OK set large-community 999:0:64512
+
+
+# routes tagged with $INTCOMM_PREF_OK_ROA community have the prefix validated by a ROA; origin ASN previously validated ($INTCOMM_ORIGIN_OK)
+match from 192.0.2.41 ext-community $INTCOMM_ORIGIN_OK ext-community $INTCOMM_PREF_OK_ROA set community 999:64516
+match from 192.0.2.41 ext-community $INTCOMM_ORIGIN_OK ext-community $INTCOMM_PREF_OK_ROA set large-community 999:0:64516
+
+match from 192.0.2.41 ext-community $INTCOMM_ORIGIN_OK ext-community $INTCOMM_PREF_OK_ROA set ext-community delete $INTCOMM_IRR_REJECT
+
+
+
+# route authorized by a client's white list?
+match from 192.0.2.41 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_ROUTE_OK_WL set community 999:64517
+match from 192.0.2.41 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_ROUTE_OK_WL set large-community 999:0:64517
+
+match from 192.0.2.41 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_ROUTE_OK_WL set ext-community delete $INTCOMM_IRR_REJECT
+
+# enforcing: origin ASN
+# Reject inbound routes when 'from 192.0.2.41 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_ORIGIN_KO' - reject code: 9
+allow quick from 192.0.2.41 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_ORIGIN_KO set {
+	localpref 1
+	community 65520:0
+	community 65520:9
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+
+# Prefix: length
+# Reject inbound routes when 'from 192.0.2.41 prefix 0.0.0.0/0 prefixlen 8 >< 24' - reject code: 13
+allow quick from 192.0.2.41 prefix 0.0.0.0/0 prefixlen 8 >< 24 set {
+	localpref 1
+	community 65520:0
+	community 65520:13
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+# Remove internal communities before accepting the route
+match from 192.0.2.41 set {
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+match from 192.0.2.41 set ext-community delete rt 65520:4
+
+
+
+allow quick from 192.0.2.41
+
+
+
+# ---------------------------------------------
+# client AS4_1, outbound
+
+deny quick to 192.0.2.41 community 65520:0
+
+
+
+# Blackhole request?
+# No blackhole filtering policy given
+deny quick to 192.0.2.41 community BLACKHOLE
+
+
+
+# NO_EXPORT and NO_ADVERTISE communities
+
+# BGP control communities
+allow to 192.0.2.41
+
+
+# Add the $INTCOMM_PROCESS_PREPEND_COMMS ext community to signal that communities
+# for prepending can be processed. As soon as one prepending action is performed,
+# this internal community is removed, so that further actions are not processed.
+match to 192.0.2.41 set ext-community $INTCOMM_PROCESS_PREPEND_COMMS
+
+
+
+
+
+# ---------------------------------------------
+# client AS4_2, inbound
+
+
+
+# NEXT_HOP
+match from 2001:db8:1:1::41 set community NO_ADVERTISE
+match from 2001:db8:1:1::41 nexthop 2001:db8:1:1::41 set community delete NO_ADVERTISE
+# Reject inbound routes when 'from 2001:db8:1:1::41 community NO_ADVERTISE' - reject code: 5
+allow quick from 2001:db8:1:1::41 community NO_ADVERTISE set {
+	localpref 1
+	community 65520:0
+	community 65520:5
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: left-most ASN
+# Reject inbound routes when 'from 2001:db8:1:1::41 peer-as != 4' - reject code: 6
+# community from reject_cause_map
+allow quick from 2001:db8:1:1::41 peer-as != 4 set {
+	localpref 1
+	community 65520:0
+	community 65520:6
+	large-community 999:1101:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: invalid ASNs
+# Reject inbound routes when 'from 2001:db8:1:1::41 AS 23456' - reject code: 7
+allow quick from 2001:db8:1:1::41 AS 23456 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 2001:db8:1:1::41 AS 64496 - 131071' - reject code: 7
+allow quick from 2001:db8:1:1::41 AS 64496 - 131071 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 2001:db8:1:1::41 AS 4200000000 - 4294967295' - reject code: 7
+allow quick from 2001:db8:1:1::41 AS 4200000000 - 4294967295 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+
+# client's white list
+# Add the $INTCOMM_ROUTE_OK_WL ext community to routes which
+# are validated by a client's white list entry.
+# It will be used later during IRRDB validation in
+# case the route is not authorized by a client's
+# AS-SET.
+match from 2001:db8:1:1::41 prefix 2a04:4::/32 source-as 44 set ext-community $INTCOMM_ROUTE_OK_WL	# None
+match from 2001:db8:1:1::41 prefix 2a04:5::/32 prefixlen 32 - 128 source-as 43 set ext-community $INTCOMM_ROUTE_OK_WL	# None
+match from 2001:db8:1:1::41 prefix 2a04:6::/32 prefixlen 32 - 128 set ext-community $INTCOMM_ROUTE_OK_WL	# None
+match from 2001:db8:1:1::41 prefix 4.4.0.0/16 source-as 44 set ext-community $INTCOMM_ROUTE_OK_WL	# None
+match from 2001:db8:1:1::41 prefix 4.5.0.0/16 prefixlen 16 - 32 source-as 43 set ext-community $INTCOMM_ROUTE_OK_WL	# None
+match from 2001:db8:1:1::41 prefix 4.6.0.0/16 prefixlen 16 - 32 set ext-community $INTCOMM_ROUTE_OK_WL	# None
+
+match from 2001:db8:1:1::41 set ext-community $INTCOMM_IRR_REJECT
+
+# AS_PATH: check origin via AS-SET
+# IRRDB filters for AS4_2, AS4: asns
+# add $INTCOMM_ORIGIN_KO to any; it will be removed later if at least one AS-SET authorizes this object
+match from 2001:db8:1:1::41 set ext-community $INTCOMM_ORIGIN_KO
+# verifying if object is authorized by AS-SETs
+# AS-SET AS4 referenced but empty.
+# AS-SET AS_AS4 referenced but empty.
+match from 2001:db8:1:1::41 source-as as-set AS_SET_WHITE_LIST_AS4_2_asns set {
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community $INTCOMM_ORIGIN_OK
+} # WHITE_LIST_AS4_2
+# adding not_present_in_as_set community to unauthorized routes
+match from 2001:db8:1:1::41 ext-community $INTCOMM_ORIGIN_KO set community 999:64515
+match from 2001:db8:1:1::41 ext-community $INTCOMM_ORIGIN_KO set large-community 999:0:64515
+# adding present_in_as_set community to authorized routes
+match from 2001:db8:1:1::41 ext-community $INTCOMM_ORIGIN_OK set community 999:64514
+match from 2001:db8:1:1::41 ext-community $INTCOMM_ORIGIN_OK set large-community 999:0:64514
+
+
+# Prefix: check prefix via AS-SET
+# IRRDB filters for AS4_2, AS4: prefixes
+# add $INTCOMM_PREFIX_KO to any; it will be removed later if at least one AS-SET authorizes this object
+match from 2001:db8:1:1::41 set ext-community $INTCOMM_PREFIX_KO
+# verifying if object is authorized by AS-SETs
+# AS-SET AS4 referenced but empty.
+# AS-SET AS_AS4 referenced but empty.
+match from 2001:db8:1:1::41 prefix-set AS_SET_WHITE_LIST_AS4_2_prefixes set {
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community $INTCOMM_PREFIX_OK
+} # WHITE_LIST_AS4_2
+# adding not_present_in_as_set community to unauthorized routes
+match from 2001:db8:1:1::41 ext-community $INTCOMM_PREFIX_KO set community 999:64513
+match from 2001:db8:1:1::41 ext-community $INTCOMM_PREFIX_KO set large-community 999:0:64513
+# adding present_in_as_set community to authorized routes
+match from 2001:db8:1:1::41 ext-community $INTCOMM_PREFIX_OK set community 999:64512
+match from 2001:db8:1:1::41 ext-community $INTCOMM_PREFIX_OK set large-community 999:0:64512
+
+
+# routes tagged with $INTCOMM_PREF_OK_ROA community have the prefix validated by a ROA; origin ASN previously validated ($INTCOMM_ORIGIN_OK)
+match from 2001:db8:1:1::41 ext-community $INTCOMM_ORIGIN_OK ext-community $INTCOMM_PREF_OK_ROA set community 999:64516
+match from 2001:db8:1:1::41 ext-community $INTCOMM_ORIGIN_OK ext-community $INTCOMM_PREF_OK_ROA set large-community 999:0:64516
+
+match from 2001:db8:1:1::41 ext-community $INTCOMM_ORIGIN_OK ext-community $INTCOMM_PREF_OK_ROA set ext-community delete $INTCOMM_IRR_REJECT
+
+
+
+# route authorized by a client's white list?
+match from 2001:db8:1:1::41 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_ROUTE_OK_WL set community 999:64517
+match from 2001:db8:1:1::41 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_ROUTE_OK_WL set large-community 999:0:64517
+
+match from 2001:db8:1:1::41 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_ROUTE_OK_WL set ext-community delete $INTCOMM_IRR_REJECT
+
+# enforcing: origin ASN
+# Reject inbound routes when 'from 2001:db8:1:1::41 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_ORIGIN_KO' - reject code: 9
+allow quick from 2001:db8:1:1::41 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_ORIGIN_KO set {
+	localpref 1
+	community 65520:0
+	community 65520:9
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+
+# Prefix: length
+# Reject inbound routes when 'from 2001:db8:1:1::41 prefix ::/0 prefixlen 12 >< 48' - reject code: 13
+allow quick from 2001:db8:1:1::41 prefix ::/0 prefixlen 12 >< 48 set {
+	localpref 1
+	community 65520:0
+	community 65520:13
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+# Remove internal communities before accepting the route
+match from 2001:db8:1:1::41 set {
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+match from 2001:db8:1:1::41 set ext-community delete rt 65520:4
+
+
+
+allow quick from 2001:db8:1:1::41
+
+
+
+# ---------------------------------------------
+# client AS4_2, outbound
+
+deny quick to 2001:db8:1:1::41 community 65520:0
+
+
+
+# Blackhole request?
+# No blackhole filtering policy given
+deny quick to 2001:db8:1:1::41 community BLACKHOLE
+
+
+
+# NO_EXPORT and NO_ADVERTISE communities
+
+# BGP control communities
+allow to 2001:db8:1:1::41
+
+
+# Add the $INTCOMM_PROCESS_PREPEND_COMMS ext community to signal that communities
+# for prepending can be processed. As soon as one prepending action is performed,
+# this internal community is removed, so that further actions are not processed.
+match to 2001:db8:1:1::41 set ext-community $INTCOMM_PROCESS_PREPEND_COMMS
+
+
+
+
+
+# ---------------------------------------------
+# client AS5_1, inbound
+
+
+
+# NEXT_HOP
+match from 192.0.2.51 set community NO_ADVERTISE
+match from 192.0.2.51 nexthop 192.0.2.51 set community delete NO_ADVERTISE
+# Reject inbound routes when 'from 192.0.2.51 community NO_ADVERTISE' - reject code: 5
+allow quick from 192.0.2.51 community NO_ADVERTISE set {
+	localpref 1
+	community 65520:0
+	community 65520:5
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: left-most ASN
+# Reject inbound routes when 'from 192.0.2.51 peer-as != 5' - reject code: 6
+# community from reject_cause_map
+allow quick from 192.0.2.51 peer-as != 5 set {
+	localpref 1
+	community 65520:0
+	community 65520:6
+	large-community 999:1101:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: invalid ASNs
+# Reject inbound routes when 'from 192.0.2.51 AS 23456' - reject code: 7
+allow quick from 192.0.2.51 AS 23456 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 192.0.2.51 AS 64496 - 131071' - reject code: 7
+allow quick from 192.0.2.51 AS 64496 - 131071 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 192.0.2.51 AS 4200000000 - 4294967295' - reject code: 7
+allow quick from 192.0.2.51 AS 4200000000 - 4294967295 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+
+
+match from 192.0.2.51 set ext-community $INTCOMM_IRR_REJECT
+
+# AS_PATH: check origin via AS-SET
+# IRRDB filters for AS5_1, AS5: asns
+# add $INTCOMM_ORIGIN_KO to any; it will be removed later if at least one AS-SET authorizes this object
+match from 192.0.2.51 set ext-community $INTCOMM_ORIGIN_KO
+# verifying if object is authorized by AS-SETs
+# AS-SET AS_AS5_FROM_PDB referenced but empty.
+# AS-SET AS5 referenced but empty.
+match from 192.0.2.51 source-as as-set AS_SET_WHITE_LIST_AS5_1_asns set {
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community $INTCOMM_ORIGIN_OK
+} # WHITE_LIST_AS5_1
+# adding not_present_in_as_set community to unauthorized routes
+match from 192.0.2.51 ext-community $INTCOMM_ORIGIN_KO set community 999:64515
+match from 192.0.2.51 ext-community $INTCOMM_ORIGIN_KO set large-community 999:0:64515
+# adding present_in_as_set community to authorized routes
+match from 192.0.2.51 ext-community $INTCOMM_ORIGIN_OK set community 999:64514
+match from 192.0.2.51 ext-community $INTCOMM_ORIGIN_OK set large-community 999:0:64514
+
+
+# Prefix: check prefix via AS-SET
+# IRRDB filters for AS5_1, AS5: prefixes
+# add $INTCOMM_PREFIX_KO to any; it will be removed later if at least one AS-SET authorizes this object
+match from 192.0.2.51 set ext-community $INTCOMM_PREFIX_KO
+# verifying if object is authorized by AS-SETs
+# AS-SET AS_AS5_FROM_PDB referenced but empty.
+# AS-SET AS5 referenced but empty.
+match from 192.0.2.51 prefix-set AS_SET_WHITE_LIST_AS5_1_prefixes set {
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community $INTCOMM_PREFIX_OK
+} # WHITE_LIST_AS5_1
+# adding not_present_in_as_set community to unauthorized routes
+match from 192.0.2.51 ext-community $INTCOMM_PREFIX_KO set community 999:64513
+match from 192.0.2.51 ext-community $INTCOMM_PREFIX_KO set large-community 999:0:64513
+# adding present_in_as_set community to authorized routes
+match from 192.0.2.51 ext-community $INTCOMM_PREFIX_OK set community 999:64512
+match from 192.0.2.51 ext-community $INTCOMM_PREFIX_OK set large-community 999:0:64512
+
+
+# routes tagged with $INTCOMM_PREF_OK_ROA community have the prefix validated by a ROA; origin ASN previously validated ($INTCOMM_ORIGIN_OK)
+match from 192.0.2.51 ext-community $INTCOMM_ORIGIN_OK ext-community $INTCOMM_PREF_OK_ROA set community 999:64516
+match from 192.0.2.51 ext-community $INTCOMM_ORIGIN_OK ext-community $INTCOMM_PREF_OK_ROA set large-community 999:0:64516
+
+match from 192.0.2.51 ext-community $INTCOMM_ORIGIN_OK ext-community $INTCOMM_PREF_OK_ROA set ext-community delete $INTCOMM_IRR_REJECT
+
+
+
+
+# enforcing: prefix
+# Reject inbound routes when 'from 192.0.2.51 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_PREFIX_KO' - reject code: 12
+allow quick from 192.0.2.51 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_PREFIX_KO set {
+	localpref 1
+	community 65520:0
+	community 65520:12
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+
+# Prefix: length
+# Reject inbound routes when 'from 192.0.2.51 prefix 0.0.0.0/0 prefixlen 8 >< 24' - reject code: 13
+allow quick from 192.0.2.51 prefix 0.0.0.0/0 prefixlen 8 >< 24 set {
+	localpref 1
+	community 65520:0
+	community 65520:13
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+# Remove internal communities before accepting the route
+match from 192.0.2.51 set {
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+match from 192.0.2.51 set ext-community delete rt 65520:5
+
+
+
+allow quick from 192.0.2.51
+
+
+
+# ---------------------------------------------
+# client AS5_1, outbound
+
+deny quick to 192.0.2.51 community 65520:0
+
+
+
+# Blackhole request?
+# No blackhole filtering policy given
+deny quick to 192.0.2.51 community BLACKHOLE
+
+
+
+# NO_EXPORT and NO_ADVERTISE communities
+
+# BGP control communities
+allow to 192.0.2.51
+
+
+# Add the $INTCOMM_PROCESS_PREPEND_COMMS ext community to signal that communities
+# for prepending can be processed. As soon as one prepending action is performed,
+# this internal community is removed, so that further actions are not processed.
+match to 192.0.2.51 set ext-community $INTCOMM_PROCESS_PREPEND_COMMS
+
+
+
+
+
+# ---------------------------------------------
+# client AS5_2, inbound
+
+
+
+# NEXT_HOP
+match from 2001:db8:1:1::51 set community NO_ADVERTISE
+match from 2001:db8:1:1::51 nexthop 2001:db8:1:1::51 set community delete NO_ADVERTISE
+# Reject inbound routes when 'from 2001:db8:1:1::51 community NO_ADVERTISE' - reject code: 5
+allow quick from 2001:db8:1:1::51 community NO_ADVERTISE set {
+	localpref 1
+	community 65520:0
+	community 65520:5
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: left-most ASN
+# Reject inbound routes when 'from 2001:db8:1:1::51 peer-as != 5' - reject code: 6
+# community from reject_cause_map
+allow quick from 2001:db8:1:1::51 peer-as != 5 set {
+	localpref 1
+	community 65520:0
+	community 65520:6
+	large-community 999:1101:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: invalid ASNs
+# Reject inbound routes when 'from 2001:db8:1:1::51 AS 23456' - reject code: 7
+allow quick from 2001:db8:1:1::51 AS 23456 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 2001:db8:1:1::51 AS 64496 - 131071' - reject code: 7
+allow quick from 2001:db8:1:1::51 AS 64496 - 131071 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 2001:db8:1:1::51 AS 4200000000 - 4294967295' - reject code: 7
+allow quick from 2001:db8:1:1::51 AS 4200000000 - 4294967295 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+
+
+match from 2001:db8:1:1::51 set ext-community $INTCOMM_IRR_REJECT
+
+# AS_PATH: check origin via AS-SET
+# IRRDB filters for AS5_2, AS5: asns
+# add $INTCOMM_ORIGIN_KO to any; it will be removed later if at least one AS-SET authorizes this object
+match from 2001:db8:1:1::51 set ext-community $INTCOMM_ORIGIN_KO
+# verifying if object is authorized by AS-SETs
+# AS-SET AS_AS5_FROM_PDB referenced but empty.
+match from 2001:db8:1:1::51 source-as as-set AS_SET_WHITE_LIST_AS5_2_asns set {
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community $INTCOMM_ORIGIN_OK
+} # WHITE_LIST_AS5_2
+# AS-SET AS5 referenced but empty.
+# adding not_present_in_as_set community to unauthorized routes
+match from 2001:db8:1:1::51 ext-community $INTCOMM_ORIGIN_KO set community 999:64515
+match from 2001:db8:1:1::51 ext-community $INTCOMM_ORIGIN_KO set large-community 999:0:64515
+# adding present_in_as_set community to authorized routes
+match from 2001:db8:1:1::51 ext-community $INTCOMM_ORIGIN_OK set community 999:64514
+match from 2001:db8:1:1::51 ext-community $INTCOMM_ORIGIN_OK set large-community 999:0:64514
+
+
+# Prefix: check prefix via AS-SET
+# IRRDB filters for AS5_2, AS5: prefixes
+# add $INTCOMM_PREFIX_KO to any; it will be removed later if at least one AS-SET authorizes this object
+match from 2001:db8:1:1::51 set ext-community $INTCOMM_PREFIX_KO
+# verifying if object is authorized by AS-SETs
+# AS-SET AS_AS5_FROM_PDB referenced but empty.
+match from 2001:db8:1:1::51 prefix-set AS_SET_WHITE_LIST_AS5_2_prefixes set {
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community $INTCOMM_PREFIX_OK
+} # WHITE_LIST_AS5_2
+# AS-SET AS5 referenced but empty.
+# adding not_present_in_as_set community to unauthorized routes
+match from 2001:db8:1:1::51 ext-community $INTCOMM_PREFIX_KO set community 999:64513
+match from 2001:db8:1:1::51 ext-community $INTCOMM_PREFIX_KO set large-community 999:0:64513
+# adding present_in_as_set community to authorized routes
+match from 2001:db8:1:1::51 ext-community $INTCOMM_PREFIX_OK set community 999:64512
+match from 2001:db8:1:1::51 ext-community $INTCOMM_PREFIX_OK set large-community 999:0:64512
+
+
+# routes tagged with $INTCOMM_PREF_OK_ROA community have the prefix validated by a ROA; origin ASN previously validated ($INTCOMM_ORIGIN_OK)
+match from 2001:db8:1:1::51 ext-community $INTCOMM_ORIGIN_OK ext-community $INTCOMM_PREF_OK_ROA set community 999:64516
+match from 2001:db8:1:1::51 ext-community $INTCOMM_ORIGIN_OK ext-community $INTCOMM_PREF_OK_ROA set large-community 999:0:64516
+
+match from 2001:db8:1:1::51 ext-community $INTCOMM_ORIGIN_OK ext-community $INTCOMM_PREF_OK_ROA set ext-community delete $INTCOMM_IRR_REJECT
+
+
+
+
+# enforcing: prefix
+# Reject inbound routes when 'from 2001:db8:1:1::51 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_PREFIX_KO' - reject code: 12
+allow quick from 2001:db8:1:1::51 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_PREFIX_KO set {
+	localpref 1
+	community 65520:0
+	community 65520:12
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+
+# Prefix: length
+# Reject inbound routes when 'from 2001:db8:1:1::51 prefix ::/0 prefixlen 12 >< 48' - reject code: 13
+allow quick from 2001:db8:1:1::51 prefix ::/0 prefixlen 12 >< 48 set {
+	localpref 1
+	community 65520:0
+	community 65520:13
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+# Remove internal communities before accepting the route
+match from 2001:db8:1:1::51 set {
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+match from 2001:db8:1:1::51 set ext-community delete rt 65520:5
+
+
+
+allow quick from 2001:db8:1:1::51
+
+
+
+# ---------------------------------------------
+# client AS5_2, outbound
+
+deny quick to 2001:db8:1:1::51 community 65520:0
+
+
+
+# Blackhole request?
+# No blackhole filtering policy given
+deny quick to 2001:db8:1:1::51 community BLACKHOLE
+
+
+
+# NO_EXPORT and NO_ADVERTISE communities
+
+# BGP control communities
+allow to 2001:db8:1:1::51
+
+
+# Add the $INTCOMM_PROCESS_PREPEND_COMMS ext community to signal that communities
+# for prepending can be processed. As soon as one prepending action is performed,
+# this internal community is removed, so that further actions are not processed.
+match to 2001:db8:1:1::51 set ext-community $INTCOMM_PROCESS_PREPEND_COMMS
+
+
+
+
+
+# ---------------------------------------------
+# client AS6_1, inbound
+
+
+
+# NEXT_HOP
+match from 192.0.2.61 set community NO_ADVERTISE
+match from 192.0.2.61 nexthop 192.0.2.61 set community delete NO_ADVERTISE
+# Reject inbound routes when 'from 192.0.2.61 community NO_ADVERTISE' - reject code: 5
+allow quick from 192.0.2.61 community NO_ADVERTISE set {
+	localpref 1
+	community 65520:0
+	community 65520:5
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: left-most ASN
+# Reject inbound routes when 'from 192.0.2.61 peer-as != 6' - reject code: 6
+# community from reject_cause_map
+allow quick from 192.0.2.61 peer-as != 6 set {
+	localpref 1
+	community 65520:0
+	community 65520:6
+	large-community 999:1101:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: invalid ASNs
+# Reject inbound routes when 'from 192.0.2.61 AS 23456' - reject code: 7
+allow quick from 192.0.2.61 AS 23456 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 192.0.2.61 AS 64496 - 131071' - reject code: 7
+allow quick from 192.0.2.61 AS 64496 - 131071 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 192.0.2.61 AS 4200000000 - 4294967295' - reject code: 7
+allow quick from 192.0.2.61 AS 4200000000 - 4294967295 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+
+# client's white list
+# Add the $INTCOMM_ROUTE_OK_WL ext community to routes which
+# are validated by a client's white list entry.
+# It will be used later during IRRDB validation in
+# case the route is not authorized by a client's
+# AS-SET.
+match from 192.0.2.61 prefix 2a03:2::/32 prefixlen 32 - 128 source-as 3 set ext-community $INTCOMM_ROUTE_OK_WL	# None
+match from 192.0.2.61 prefix 3.2.0.0/16 prefixlen 16 - 32 source-as 3 set ext-community $INTCOMM_ROUTE_OK_WL	# None
+
+match from 192.0.2.61 set ext-community $INTCOMM_IRR_REJECT
+
+# AS_PATH: check origin via AS-SET
+# IRRDB filters for AS6_1, AS6: asns
+# add $INTCOMM_ORIGIN_KO to any; it will be removed later if at least one AS-SET authorizes this object
+match from 192.0.2.61 set ext-community $INTCOMM_ORIGIN_KO
+# verifying if object is authorized by AS-SETs
+# AS-SET AS6 referenced but empty.
+# adding not_present_in_as_set community to unauthorized routes
+match from 192.0.2.61 ext-community $INTCOMM_ORIGIN_KO set community 999:64515
+match from 192.0.2.61 ext-community $INTCOMM_ORIGIN_KO set large-community 999:0:64515
+# adding present_in_as_set community to authorized routes
+match from 192.0.2.61 ext-community $INTCOMM_ORIGIN_OK set community 999:64514
+match from 192.0.2.61 ext-community $INTCOMM_ORIGIN_OK set large-community 999:0:64514
+
+
+# Prefix: check prefix via AS-SET
+# IRRDB filters for AS6_1, AS6: prefixes
+# add $INTCOMM_PREFIX_KO to any; it will be removed later if at least one AS-SET authorizes this object
+match from 192.0.2.61 set ext-community $INTCOMM_PREFIX_KO
+# verifying if object is authorized by AS-SETs
+# AS-SET AS6 referenced but empty.
+# adding not_present_in_as_set community to unauthorized routes
+match from 192.0.2.61 ext-community $INTCOMM_PREFIX_KO set community 999:64513
+match from 192.0.2.61 ext-community $INTCOMM_PREFIX_KO set large-community 999:0:64513
+# adding present_in_as_set community to authorized routes
+match from 192.0.2.61 ext-community $INTCOMM_PREFIX_OK set community 999:64512
+match from 192.0.2.61 ext-community $INTCOMM_PREFIX_OK set large-community 999:0:64512
+
+
+# routes tagged with $INTCOMM_PREF_OK_ROA community have the prefix validated by a ROA; origin ASN previously validated ($INTCOMM_ORIGIN_OK)
+match from 192.0.2.61 ext-community $INTCOMM_ORIGIN_OK ext-community $INTCOMM_PREF_OK_ROA set community 999:64516
+match from 192.0.2.61 ext-community $INTCOMM_ORIGIN_OK ext-community $INTCOMM_PREF_OK_ROA set large-community 999:0:64516
+
+match from 192.0.2.61 ext-community $INTCOMM_ORIGIN_OK ext-community $INTCOMM_PREF_OK_ROA set ext-community delete $INTCOMM_IRR_REJECT
+
+
+
+# route authorized by a client's white list?
+match from 192.0.2.61 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_ROUTE_OK_WL set community 999:64517
+match from 192.0.2.61 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_ROUTE_OK_WL set large-community 999:0:64517
+
+match from 192.0.2.61 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_ROUTE_OK_WL set ext-community delete $INTCOMM_IRR_REJECT
+
+# enforcing: origin ASN
+# Reject inbound routes when 'from 192.0.2.61 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_ORIGIN_KO' - reject code: 9
+allow quick from 192.0.2.61 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_ORIGIN_KO set {
+	localpref 1
+	community 65520:0
+	community 65520:9
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# enforcing: prefix
+# Reject inbound routes when 'from 192.0.2.61 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_PREFIX_KO' - reject code: 12
+allow quick from 192.0.2.61 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_PREFIX_KO set {
+	localpref 1
+	community 65520:0
+	community 65520:12
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+
+# Prefix: length
+# Reject inbound routes when 'from 192.0.2.61 prefix 0.0.0.0/0 prefixlen 8 >< 24' - reject code: 13
+allow quick from 192.0.2.61 prefix 0.0.0.0/0 prefixlen 8 >< 24 set {
+	localpref 1
+	community 65520:0
+	community 65520:13
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+# Remove internal communities before accepting the route
+match from 192.0.2.61 set {
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+match from 192.0.2.61 set ext-community delete rt 65520:6
+
+
+
+allow quick from 192.0.2.61
+
+
+
+# ---------------------------------------------
+# client AS6_1, outbound
+
+deny quick to 192.0.2.61 community 65520:0
+
+
+
+# Blackhole request?
+# No blackhole filtering policy given
+deny quick to 192.0.2.61 community BLACKHOLE
+
+
+
+# NO_EXPORT and NO_ADVERTISE communities
+
+# BGP control communities
+allow to 192.0.2.61
+
+
+# Add the $INTCOMM_PROCESS_PREPEND_COMMS ext community to signal that communities
+# for prepending can be processed. As soon as one prepending action is performed,
+# this internal community is removed, so that further actions are not processed.
+match to 192.0.2.61 set ext-community $INTCOMM_PROCESS_PREPEND_COMMS
+
+
+
+
+
+# ---------------------------------------------
+# client AS6_2, inbound
+
+
+
+# NEXT_HOP
+match from 2001:db8:1:1::61 set community NO_ADVERTISE
+match from 2001:db8:1:1::61 nexthop 2001:db8:1:1::61 set community delete NO_ADVERTISE
+# Reject inbound routes when 'from 2001:db8:1:1::61 community NO_ADVERTISE' - reject code: 5
+allow quick from 2001:db8:1:1::61 community NO_ADVERTISE set {
+	localpref 1
+	community 65520:0
+	community 65520:5
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: left-most ASN
+# Reject inbound routes when 'from 2001:db8:1:1::61 peer-as != 6' - reject code: 6
+# community from reject_cause_map
+allow quick from 2001:db8:1:1::61 peer-as != 6 set {
+	localpref 1
+	community 65520:0
+	community 65520:6
+	large-community 999:1101:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: invalid ASNs
+# Reject inbound routes when 'from 2001:db8:1:1::61 AS 23456' - reject code: 7
+allow quick from 2001:db8:1:1::61 AS 23456 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 2001:db8:1:1::61 AS 64496 - 131071' - reject code: 7
+allow quick from 2001:db8:1:1::61 AS 64496 - 131071 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 2001:db8:1:1::61 AS 4200000000 - 4294967295' - reject code: 7
+allow quick from 2001:db8:1:1::61 AS 4200000000 - 4294967295 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+
+# client's white list
+# Add the $INTCOMM_ROUTE_OK_WL ext community to routes which
+# are validated by a client's white list entry.
+# It will be used later during IRRDB validation in
+# case the route is not authorized by a client's
+# AS-SET.
+match from 2001:db8:1:1::61 prefix 2a03:2::/32 prefixlen 32 - 128 source-as 3 set ext-community $INTCOMM_ROUTE_OK_WL	# None
+match from 2001:db8:1:1::61 prefix 3.2.0.0/16 prefixlen 16 - 32 source-as 3 set ext-community $INTCOMM_ROUTE_OK_WL	# None
+
+match from 2001:db8:1:1::61 set ext-community $INTCOMM_IRR_REJECT
+
+# AS_PATH: check origin via AS-SET
+# IRRDB filters for AS6_2, AS6: asns
+# add $INTCOMM_ORIGIN_KO to any; it will be removed later if at least one AS-SET authorizes this object
+match from 2001:db8:1:1::61 set ext-community $INTCOMM_ORIGIN_KO
+# verifying if object is authorized by AS-SETs
+# AS-SET AS6 referenced but empty.
+# adding not_present_in_as_set community to unauthorized routes
+match from 2001:db8:1:1::61 ext-community $INTCOMM_ORIGIN_KO set community 999:64515
+match from 2001:db8:1:1::61 ext-community $INTCOMM_ORIGIN_KO set large-community 999:0:64515
+# adding present_in_as_set community to authorized routes
+match from 2001:db8:1:1::61 ext-community $INTCOMM_ORIGIN_OK set community 999:64514
+match from 2001:db8:1:1::61 ext-community $INTCOMM_ORIGIN_OK set large-community 999:0:64514
+
+
+# Prefix: check prefix via AS-SET
+# IRRDB filters for AS6_2, AS6: prefixes
+# add $INTCOMM_PREFIX_KO to any; it will be removed later if at least one AS-SET authorizes this object
+match from 2001:db8:1:1::61 set ext-community $INTCOMM_PREFIX_KO
+# verifying if object is authorized by AS-SETs
+# AS-SET AS6 referenced but empty.
+# adding not_present_in_as_set community to unauthorized routes
+match from 2001:db8:1:1::61 ext-community $INTCOMM_PREFIX_KO set community 999:64513
+match from 2001:db8:1:1::61 ext-community $INTCOMM_PREFIX_KO set large-community 999:0:64513
+# adding present_in_as_set community to authorized routes
+match from 2001:db8:1:1::61 ext-community $INTCOMM_PREFIX_OK set community 999:64512
+match from 2001:db8:1:1::61 ext-community $INTCOMM_PREFIX_OK set large-community 999:0:64512
+
+
+# routes tagged with $INTCOMM_PREF_OK_ROA community have the prefix validated by a ROA; origin ASN previously validated ($INTCOMM_ORIGIN_OK)
+match from 2001:db8:1:1::61 ext-community $INTCOMM_ORIGIN_OK ext-community $INTCOMM_PREF_OK_ROA set community 999:64516
+match from 2001:db8:1:1::61 ext-community $INTCOMM_ORIGIN_OK ext-community $INTCOMM_PREF_OK_ROA set large-community 999:0:64516
+
+match from 2001:db8:1:1::61 ext-community $INTCOMM_ORIGIN_OK ext-community $INTCOMM_PREF_OK_ROA set ext-community delete $INTCOMM_IRR_REJECT
+
+
+
+# route authorized by a client's white list?
+match from 2001:db8:1:1::61 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_ROUTE_OK_WL set community 999:64517
+match from 2001:db8:1:1::61 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_ROUTE_OK_WL set large-community 999:0:64517
+
+match from 2001:db8:1:1::61 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_ROUTE_OK_WL set ext-community delete $INTCOMM_IRR_REJECT
+
+# enforcing: origin ASN
+# Reject inbound routes when 'from 2001:db8:1:1::61 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_ORIGIN_KO' - reject code: 9
+allow quick from 2001:db8:1:1::61 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_ORIGIN_KO set {
+	localpref 1
+	community 65520:0
+	community 65520:9
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# enforcing: prefix
+# Reject inbound routes when 'from 2001:db8:1:1::61 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_PREFIX_KO' - reject code: 12
+allow quick from 2001:db8:1:1::61 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_PREFIX_KO set {
+	localpref 1
+	community 65520:0
+	community 65520:12
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+
+# Prefix: length
+# Reject inbound routes when 'from 2001:db8:1:1::61 prefix ::/0 prefixlen 12 >< 48' - reject code: 13
+allow quick from 2001:db8:1:1::61 prefix ::/0 prefixlen 12 >< 48 set {
+	localpref 1
+	community 65520:0
+	community 65520:13
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+# Remove internal communities before accepting the route
+match from 2001:db8:1:1::61 set {
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+match from 2001:db8:1:1::61 set ext-community delete rt 65520:6
+
+
+
+allow quick from 2001:db8:1:1::61
+
+
+
+# ---------------------------------------------
+# client AS6_2, outbound
+
+deny quick to 2001:db8:1:1::61 community 65520:0
+
+
+
+# Blackhole request?
+# No blackhole filtering policy given
+deny quick to 2001:db8:1:1::61 community BLACKHOLE
+
+
+
+# NO_EXPORT and NO_ADVERTISE communities
+
+# BGP control communities
+allow to 2001:db8:1:1::61
+
+
+# Add the $INTCOMM_PROCESS_PREPEND_COMMS ext community to signal that communities
+# for prepending can be processed. As soon as one prepending action is performed,
+# this internal community is removed, so that further actions are not processed.
+match to 2001:db8:1:1::61 set ext-community $INTCOMM_PROCESS_PREPEND_COMMS
+
+
+
+
+
+
+
+# Scrub communities from outbound routes
+# reject_cause
+match to group clients set community delete 65520:*
+
+# reject_cause_map_6
+match to group clients set large-community delete 999:1101:7
+
+# rejected_route_announced_by
+match to group clients set ext-community delete rt 65520:*
+
+
+# Scrub prepending communities
+
+
+# RFC1997 NO_EXPORT/NO_ADVERTISE received from clients and propagated because of pass-through policy
+match to group clients ext-community $INTCOMM_NO_EXPORT set community NO_EXPORT
+match to group clients ext-community $INTCOMM_NO_ADVERTISE set community NO_ADVERTISE
+
+# Remove internal communities before announcing the route
+match to group clients set {
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
diff --git a/tests/live_tests/scenarios/tag_as_set/configs/TagASSetScenario_EmptyAS_SETs_OpenBGPDIPv6/openbgpd77p.conf b/tests/live_tests/scenarios/tag_as_set/configs/TagASSetScenario_EmptyAS_SETs_OpenBGPDIPv6/openbgpd77p.conf
new file mode 100644
index 00000000..b896b0a1
--- /dev/null
+++ b/tests/live_tests/scenarios/tag_as_set/configs/TagASSetScenario_EmptyAS_SETs_OpenBGPDIPv6/openbgpd77p.conf
@@ -0,0 +1,3557 @@
+# built by ARouteServer
+AS 999
+router-id 192.0.2.2
+
+fib-update no
+log updates
+
+nexthop qualify via default
+
+rde evaluate all
+
+INTCOMM_PREF_OK_ROA="soo 65535:1"
+INTCOMM_ROUTE_OK_WL="soo 65535:2"
+INTCOMM_PREF_OK_ARINDB="soo 65535:3"
+INTCOMM_PREF_OK_REGISTROBRDB="soo 65535:12"
+
+INTCOMM_ORIGIN_OK="soo 65535:4"
+INTCOMM_ORIGIN_KO="soo 65535:5"
+INTCOMM_PREFIX_OK="soo 65535:6"
+INTCOMM_PREFIX_KO="soo 65535:7"
+INTCOMM_IRR_REJECT="soo 65535:8"
+
+INTCOMM_RPKI_UNKNOWN="soo 65535:9"
+INTCOMM_RPKI_INVALID="soo 65535:10"
+INTCOMM_RPKI_VALID="soo 65535:11"
+
+INTCOMM_PROCESS_PREPEND_COMMS="soo 65535:13"
+
+INTCOMM_NO_EXPORT="soo 65535:65281"
+INTCOMM_NO_ADVERTISE="soo 65535:65282"
+
+# ---------------------------------------------------------
+# IRRDB
+
+# WHITE_LIST_AS4_1, used by client AS4_1 white list
+as-set "AS_SET_WHITE_LIST_AS4_1_asns" {
+    41
+}
+prefix-set "AS_SET_WHITE_LIST_AS4_1_prefixes" {
+    4.2.0.0/16 prefixlen 16 - 32
+    2a04:2::/32 prefixlen 32 - 128
+}
+
+# AS4, used by client AS4_1, client AS4_2
+# no origin ASNs found for AS4
+# no prefixes found for AS4
+
+# WHITE_LIST_AS2_2, used by client AS2_2 white list
+as-set "AS_SET_WHITE_LIST_AS2_2_asns" {
+    21
+}
+prefix-set "AS_SET_WHITE_LIST_AS2_2_prefixes" {
+    2.2.0.0/16 prefixlen 16 - 32
+    2a02:2::/32 prefixlen 32 - 128
+}
+
+# AS-AS5_FROM_PDB, used by client AS5_1, client AS5_2
+# no origin ASNs found for AS_AS5_FROM_PDB
+# no prefixes found for AS_AS5_FROM_PDB
+
+# AS-AS4, used by client AS4_1, client AS4_2
+# no origin ASNs found for AS_AS4
+# no prefixes found for AS_AS4
+
+# AS2, used by client AS2_1, client AS2_2
+# no origin ASNs found for AS2
+# no prefixes found for AS2
+
+# WHITE_LIST_AS5_2, used by client AS5_2 white list
+as-set "AS_SET_WHITE_LIST_AS5_2_asns" {
+    51
+}
+prefix-set "AS_SET_WHITE_LIST_AS5_2_prefixes" {
+    5.2.0.0/16 prefixlen 16 - 32
+    2a05:2::/32 prefixlen 32 - 128
+}
+
+# AS5, used by client AS5_1, client AS5_2
+# no origin ASNs found for AS5
+# no prefixes found for AS5
+
+# AS6, used by client AS6_1, client AS6_2
+# no origin ASNs found for AS6
+# no prefixes found for AS6
+
+# WHITE_LIST_AS5_1, used by client AS5_1 white list
+as-set "AS_SET_WHITE_LIST_AS5_1_asns" {
+    51
+}
+prefix-set "AS_SET_WHITE_LIST_AS5_1_prefixes" {
+    5.2.0.0/16 prefixlen 16 - 32
+    2a05:2::/32 prefixlen 32 - 128
+}
+
+# WHITE_LIST_AS2_1, used by client AS2_1 white list
+as-set "AS_SET_WHITE_LIST_AS2_1_asns" {
+    21
+}
+prefix-set "AS_SET_WHITE_LIST_AS2_1_prefixes" {
+    2.2.0.0/16 prefixlen 16 - 32
+    2a02:2::/32 prefixlen 32 - 128
+}
+
+# AS1, used by client AS1_1, client AS1_2
+# no origin ASNs found for AS1
+# no prefixes found for AS1
+
+# WHITE_LIST_AS4_2, used by client AS4_2 white list
+as-set "AS_SET_WHITE_LIST_AS4_2_asns" {
+    41
+}
+prefix-set "AS_SET_WHITE_LIST_AS4_2_prefixes" {
+    4.2.0.0/16 prefixlen 16 - 32
+    2a04:2::/32 prefixlen 32 - 128
+}
+
+# AS-AS2, used by client AS2_1, client AS2_2
+# no origin ASNs found for AS_AS2
+# no prefixes found for AS_AS2
+
+
+
+
+# ---------------------------------------------------------
+# MEMBERS
+
+group "clients" {
+
+	neighbor 192.0.2.11 {
+		remote-as 1
+
+		rde evaluate all
+
+		descr "AS1_1 client, no AS-SET"
+		passive
+		ttl-security no
+		transparent-as yes
+		enforce neighbor-as no
+
+		announce as-4byte yes
+		announce IPv6 none
+		announce IPv4 unicast
+
+		set nexthop no-modify
+	}
+
+	neighbor 2001:db8:1:1::11 {
+		remote-as 1
+
+		rde evaluate all
+
+		descr "AS1_1 client, no AS-SET"
+		passive
+		ttl-security no
+		transparent-as yes
+		enforce neighbor-as no
+
+		announce as-4byte yes
+		announce IPv6 unicast
+		announce IPv4 none
+
+		set nexthop no-modify
+	}
+
+	neighbor 192.0.2.21 {
+		remote-as 2
+
+		rde evaluate all
+
+		descr "AS2_1 client, AS-SET from AS..."
+		passive
+		ttl-security no
+		transparent-as yes
+		enforce neighbor-as no
+
+		announce as-4byte yes
+		announce IPv6 none
+		announce IPv4 unicast
+
+		set nexthop no-modify
+	}
+
+	neighbor 2001:db8:1:1::21 {
+		remote-as 2
+
+		rde evaluate all
+
+		descr "AS2_1 client, AS-SET from AS..."
+		passive
+		ttl-security no
+		transparent-as yes
+		enforce neighbor-as no
+
+		announce as-4byte yes
+		announce IPv6 unicast
+		announce IPv4 none
+
+		set nexthop no-modify
+	}
+
+	neighbor 192.0.2.41 {
+		remote-as 4
+
+		rde evaluate all
+
+		descr "AS4_1 client, AS-SET configu..."
+		passive
+		ttl-security no
+		transparent-as yes
+		enforce neighbor-as no
+
+		announce as-4byte yes
+		announce IPv6 none
+		announce IPv4 unicast
+
+		set nexthop no-modify
+	}
+
+	neighbor 2001:db8:1:1::41 {
+		remote-as 4
+
+		rde evaluate all
+
+		descr "AS4_1 client, AS-SET configu..."
+		passive
+		ttl-security no
+		transparent-as yes
+		enforce neighbor-as no
+
+		announce as-4byte yes
+		announce IPv6 unicast
+		announce IPv4 none
+
+		set nexthop no-modify
+	}
+
+	neighbor 192.0.2.51 {
+		remote-as 5
+
+		rde evaluate all
+
+		descr "AS5_1 client, AS-SET from Pe..."
+		passive
+		ttl-security no
+		transparent-as yes
+		enforce neighbor-as no
+
+		announce as-4byte yes
+		announce IPv6 none
+		announce IPv4 unicast
+
+		set nexthop no-modify
+	}
+
+	neighbor 2001:db8:1:1::51 {
+		remote-as 5
+
+		rde evaluate all
+
+		descr "AS5_1 client, AS-SET from Pe..."
+		passive
+		ttl-security no
+		transparent-as yes
+		enforce neighbor-as no
+
+		announce as-4byte yes
+		announce IPv6 unicast
+		announce IPv4 none
+
+		set nexthop no-modify
+	}
+
+	neighbor 192.0.2.61 {
+		remote-as 6
+
+		rde evaluate all
+
+		descr "AS6_1 client"
+		passive
+		ttl-security no
+		transparent-as yes
+		enforce neighbor-as no
+
+		announce as-4byte yes
+		announce IPv6 none
+		announce IPv4 unicast
+
+		set nexthop no-modify
+	}
+
+	neighbor 2001:db8:1:1::61 {
+		remote-as 6
+
+		rde evaluate all
+
+		descr "AS6_1 client"
+		passive
+		ttl-security no
+		transparent-as yes
+		enforce neighbor-as no
+
+		announce as-4byte yes
+		announce IPv6 unicast
+		announce IPv4 none
+
+		set nexthop no-modify
+	}
+}
+
+
+
+# ---------------------------------------------------------
+# FILTERS
+
+# NO_ADVERTISE usage notes.
+# The NO_ADVERTISE well-know community is used here to handle
+# filters that span over multiple steps. At first it is added
+# to any route, then it is removed as filters conditions are
+# satisfied. Finally, if it is still present, it means that
+# the route should be discarded.
+
+
+
+
+
+prefix-set "bogons" {
+    0.0.0.0/0
+    0.0.0.0/8 prefixlen 8 - 32
+    10.0.0.0/8 prefixlen 8 - 32
+    127.0.0.0/8 prefixlen 8 - 32
+    169.254.0.0/16 prefixlen 16 - 32
+    172.16.0.0/12 prefixlen 12 - 32
+    192.0.2.0/24 prefixlen 24 - 32
+    192.88.99.0/24 prefixlen 24 - 32
+    192.168.0.0/16 prefixlen 16 - 32
+    198.18.0.0/15 prefixlen 15 - 32
+    198.51.100.0/24 prefixlen 24 - 32
+    203.0.113.0/24 prefixlen 24 - 32
+    224.0.0.0/3 prefixlen 3 - 32
+    100.64.0.0/10 prefixlen 10 - 32
+    ::/0
+    ::/8 prefixlen 8 - 128
+    64:ff9b::/96 prefixlen 96 - 128
+    100::/8 prefixlen 8 - 128
+    200::/7 prefixlen 7 - 128
+    400::/6 prefixlen 6 - 128
+    800::/5 prefixlen 5 - 128
+    1000::/4 prefixlen 4 - 128
+    2001::/33 prefixlen 33 - 128
+    2001:0:8000::/33 prefixlen 33 - 128
+    2001:2::/48 prefixlen 48 - 128
+    2001:3::/32 prefixlen 32 - 128
+    2001:10::/28 prefixlen 28 - 128
+    2001:20::/28 prefixlen 28 - 128
+    2001:db8::/32 prefixlen 32 - 128
+    2002::/16 prefixlen 16 - 128
+    3ffe::/16 prefixlen 16 - 128
+    4000::/3 prefixlen 3 - 128
+    5f00::/8 prefixlen 8 - 128
+    6000::/3 prefixlen 3 - 128
+    8000::/3 prefixlen 3 - 128
+    a000::/3 prefixlen 3 - 128
+    c000::/3 prefixlen 3 - 128
+    e000::/4 prefixlen 4 - 128
+    f000::/5 prefixlen 5 - 128
+    f800::/6 prefixlen 6 - 128
+    fc00::/7 prefixlen 7 - 128
+    fe80::/10 prefixlen 10 - 128
+    fec0::/10 prefixlen 10 - 128
+    ff00::/8 prefixlen 8 - 128
+
+}
+
+
+# =====================================================================================
+# Global rules.
+
+# This part of configuration is processed at the beginning of the filters.
+# The rules defined in this part are applied to all the clients, and not on a
+# client-by-client basis (see the 'match from group clients'), so only global policies
+# can be implemented here, that is no client-level configuration are allowed.
+
+
+
+# Scrub communities from inbound routes
+# origin_not_present_in_as_set
+match from group clients set community delete 999:64515
+match from group clients set large-community delete 999:0:64515
+
+# origin_present_in_as_set
+match from group clients set community delete 999:64514
+match from group clients set large-community delete 999:0:64514
+
+# prefix_not_present_in_as_set
+match from group clients set community delete 999:64513
+match from group clients set large-community delete 999:0:64513
+
+# prefix_present_in_as_set
+match from group clients set community delete 999:64512
+match from group clients set large-community delete 999:0:64512
+
+# prefix_validated_via_arin_whois_db_dump
+match from group clients set community delete 999:64518
+match from group clients set large-community delete 999:0:64518
+
+# prefix_validated_via_rpki_roas
+match from group clients set community delete 999:64516
+match from group clients set large-community delete 999:0:64516
+
+# reject_cause
+match from group clients set community delete 65520:*
+
+# reject_cause_map_6
+match from group clients set large-community delete 999:1101:7
+
+# rejected_route_announced_by
+match from group clients set ext-community delete rt 65520:*
+
+# route_validated_via_white_list
+match from group clients set community delete 999:64517
+match from group clients set large-community delete 999:0:64517
+
+
+# Scrub internal communities from inbound routes
+match from group clients set {
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+# The main goal of this block is to enrich routes received from clients by attaching to them
+# internal informational communities which are used later by the rest of the filter rules.
+
+# Internal communities used for RFC1997 well-known communities handling
+
+# Transform NO_EXPORT into $INTCOMM_NO_EXPORT
+match from group clients community NO_EXPORT set { ext-community $INTCOMM_NO_EXPORT community delete NO_EXPORT }
+
+# Transform NO_ADVERTISE into $INTCOMM_NO_ADVERTISE
+match from group clients community NO_ADVERTISE set { ext-community $INTCOMM_NO_ADVERTISE community delete NO_ADVERTISE }
+
+
+# ---------------------------------------------------------
+# ROAs source
+
+
+roa-set {
+
+}
+
+
+
+
+# ---------------------------------------------------------
+# RPKI ROAs used as route objects.
+
+# Add the $INTCOMM_PREF_OK_ROA ext community to routes whose
+# origin ASN has a ROA for the announced prefix.
+# It will be used later during IRRDB validation in
+# case the origin ASN is authorized by a client's
+# AS-SET but the prefix is not.
+
+match from group clients ovs valid set ext-community $INTCOMM_PREF_OK_ROA
+
+
+
+
+
+
+# Set the 'rejected_route_announced_by' community for all the clients.
+# It will be removed later if the route is not invalid
+match from 192.0.2.11 set ext-community rt 65520:1
+
+match from 2001:db8:1:1::11 set ext-community rt 65520:1
+
+match from 192.0.2.21 set ext-community rt 65520:2
+
+match from 2001:db8:1:1::21 set ext-community rt 65520:2
+
+match from 192.0.2.41 set ext-community rt 65520:4
+
+match from 2001:db8:1:1::41 set ext-community rt 65520:4
+
+match from 192.0.2.51 set ext-community rt 65520:5
+
+match from 2001:db8:1:1::51 set ext-community rt 65520:5
+
+match from 192.0.2.61 set ext-community rt 65520:6
+
+match from 2001:db8:1:1::61 set ext-community rt 65520:6
+
+
+
+
+# AS_PATH: length
+# Reject inbound routes when 'from group clients max-as-len 32' - reject code: 1
+allow quick from group clients max-as-len 32 set {
+	localpref 1
+	community 65520:0
+	community 65520:1
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+# Prefix: only IPv6 Global Unicast space allowed
+match from group clients inet6 set community NO_ADVERTISE
+match from group clients prefix 2000::/3 or-longer set community delete NO_ADVERTISE
+# Reject inbound routes when 'from group clients community NO_ADVERTISE' - reject code: 10
+allow quick from group clients community NO_ADVERTISE set {
+	localpref 1
+	community 65520:0
+	community 65520:10
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# Prefix: bogon
+# Reject inbound routes when 'from group clients prefix-set bogons' - reject code: 2
+allow quick from group clients prefix-set bogons set {
+	localpref 1
+	community 65520:0
+	community 65520:2
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+
+# =====================================================================================
+# Per client rules.
+
+
+# ---------------------------------------------
+# client AS1_1, inbound
+
+
+
+# NEXT_HOP
+match from 192.0.2.11 set community NO_ADVERTISE
+match from 192.0.2.11 nexthop 192.0.2.11 set community delete NO_ADVERTISE
+# Reject inbound routes when 'from 192.0.2.11 community NO_ADVERTISE' - reject code: 5
+allow quick from 192.0.2.11 community NO_ADVERTISE set {
+	localpref 1
+	community 65520:0
+	community 65520:5
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: left-most ASN
+# Reject inbound routes when 'from 192.0.2.11 peer-as != 1' - reject code: 6
+# community from reject_cause_map
+allow quick from 192.0.2.11 peer-as != 1 set {
+	localpref 1
+	community 65520:0
+	community 65520:6
+	large-community 999:1101:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: invalid ASNs
+# Reject inbound routes when 'from 192.0.2.11 AS 23456' - reject code: 7
+allow quick from 192.0.2.11 AS 23456 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 192.0.2.11 AS 64496 - 131071' - reject code: 7
+allow quick from 192.0.2.11 AS 64496 - 131071 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 192.0.2.11 AS 4200000000 - 4294967295' - reject code: 7
+allow quick from 192.0.2.11 AS 4200000000 - 4294967295 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+
+
+match from 192.0.2.11 set ext-community $INTCOMM_IRR_REJECT
+
+# AS_PATH: check origin via AS-SET
+# IRRDB filters for AS1_1, AS1: asns
+# add $INTCOMM_ORIGIN_KO to any; it will be removed later if at least one AS-SET authorizes this object
+match from 192.0.2.11 set ext-community $INTCOMM_ORIGIN_KO
+# verifying if object is authorized by AS-SETs
+# AS-SET AS1 referenced but empty.
+# adding not_present_in_as_set community to unauthorized routes
+match from 192.0.2.11 ext-community $INTCOMM_ORIGIN_KO set community 999:64515
+match from 192.0.2.11 ext-community $INTCOMM_ORIGIN_KO set large-community 999:0:64515
+# adding present_in_as_set community to authorized routes
+match from 192.0.2.11 ext-community $INTCOMM_ORIGIN_OK set community 999:64514
+match from 192.0.2.11 ext-community $INTCOMM_ORIGIN_OK set large-community 999:0:64514
+
+
+# Prefix: check prefix via AS-SET
+# IRRDB filters for AS1_1, AS1: prefixes
+# add $INTCOMM_PREFIX_KO to any; it will be removed later if at least one AS-SET authorizes this object
+match from 192.0.2.11 set ext-community $INTCOMM_PREFIX_KO
+# verifying if object is authorized by AS-SETs
+# AS-SET AS1 referenced but empty.
+# adding not_present_in_as_set community to unauthorized routes
+match from 192.0.2.11 ext-community $INTCOMM_PREFIX_KO set community 999:64513
+match from 192.0.2.11 ext-community $INTCOMM_PREFIX_KO set large-community 999:0:64513
+# adding present_in_as_set community to authorized routes
+match from 192.0.2.11 ext-community $INTCOMM_PREFIX_OK set community 999:64512
+match from 192.0.2.11 ext-community $INTCOMM_PREFIX_OK set large-community 999:0:64512
+
+
+# routes tagged with $INTCOMM_PREF_OK_ROA community have the prefix validated by a ROA; origin ASN previously validated ($INTCOMM_ORIGIN_OK)
+match from 192.0.2.11 ext-community $INTCOMM_ORIGIN_OK ext-community $INTCOMM_PREF_OK_ROA set community 999:64516
+match from 192.0.2.11 ext-community $INTCOMM_ORIGIN_OK ext-community $INTCOMM_PREF_OK_ROA set large-community 999:0:64516
+
+match from 192.0.2.11 ext-community $INTCOMM_ORIGIN_OK ext-community $INTCOMM_PREF_OK_ROA set ext-community delete $INTCOMM_IRR_REJECT
+
+
+
+
+
+
+
+# Prefix: length
+# Reject inbound routes when 'from 192.0.2.11 prefix 0.0.0.0/0 prefixlen 8 >< 24' - reject code: 13
+allow quick from 192.0.2.11 prefix 0.0.0.0/0 prefixlen 8 >< 24 set {
+	localpref 1
+	community 65520:0
+	community 65520:13
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+# Remove internal communities before accepting the route
+match from 192.0.2.11 set {
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+match from 192.0.2.11 set ext-community delete rt 65520:1
+
+
+
+allow quick from 192.0.2.11
+
+
+
+# ---------------------------------------------
+# client AS1_1, outbound
+
+deny quick to 192.0.2.11 community 65520:0
+
+
+
+# Blackhole request?
+# No blackhole filtering policy given
+deny quick to 192.0.2.11 community BLACKHOLE
+
+
+
+# NO_EXPORT and NO_ADVERTISE communities
+
+# BGP control communities
+allow to 192.0.2.11
+
+
+# Add the $INTCOMM_PROCESS_PREPEND_COMMS ext community to signal that communities
+# for prepending can be processed. As soon as one prepending action is performed,
+# this internal community is removed, so that further actions are not processed.
+match to 192.0.2.11 set ext-community $INTCOMM_PROCESS_PREPEND_COMMS
+
+
+
+
+
+# ---------------------------------------------
+# client AS1_2, inbound
+
+
+
+# NEXT_HOP
+match from 2001:db8:1:1::11 set community NO_ADVERTISE
+match from 2001:db8:1:1::11 nexthop 2001:db8:1:1::11 set community delete NO_ADVERTISE
+# Reject inbound routes when 'from 2001:db8:1:1::11 community NO_ADVERTISE' - reject code: 5
+allow quick from 2001:db8:1:1::11 community NO_ADVERTISE set {
+	localpref 1
+	community 65520:0
+	community 65520:5
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: left-most ASN
+# Reject inbound routes when 'from 2001:db8:1:1::11 peer-as != 1' - reject code: 6
+# community from reject_cause_map
+allow quick from 2001:db8:1:1::11 peer-as != 1 set {
+	localpref 1
+	community 65520:0
+	community 65520:6
+	large-community 999:1101:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: invalid ASNs
+# Reject inbound routes when 'from 2001:db8:1:1::11 AS 23456' - reject code: 7
+allow quick from 2001:db8:1:1::11 AS 23456 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 2001:db8:1:1::11 AS 64496 - 131071' - reject code: 7
+allow quick from 2001:db8:1:1::11 AS 64496 - 131071 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 2001:db8:1:1::11 AS 4200000000 - 4294967295' - reject code: 7
+allow quick from 2001:db8:1:1::11 AS 4200000000 - 4294967295 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+
+
+match from 2001:db8:1:1::11 set ext-community $INTCOMM_IRR_REJECT
+
+# AS_PATH: check origin via AS-SET
+# IRRDB filters for AS1_2, AS1: asns
+# add $INTCOMM_ORIGIN_KO to any; it will be removed later if at least one AS-SET authorizes this object
+match from 2001:db8:1:1::11 set ext-community $INTCOMM_ORIGIN_KO
+# verifying if object is authorized by AS-SETs
+# AS-SET AS1 referenced but empty.
+# adding not_present_in_as_set community to unauthorized routes
+match from 2001:db8:1:1::11 ext-community $INTCOMM_ORIGIN_KO set community 999:64515
+match from 2001:db8:1:1::11 ext-community $INTCOMM_ORIGIN_KO set large-community 999:0:64515
+# adding present_in_as_set community to authorized routes
+match from 2001:db8:1:1::11 ext-community $INTCOMM_ORIGIN_OK set community 999:64514
+match from 2001:db8:1:1::11 ext-community $INTCOMM_ORIGIN_OK set large-community 999:0:64514
+
+
+# Prefix: check prefix via AS-SET
+# IRRDB filters for AS1_2, AS1: prefixes
+# add $INTCOMM_PREFIX_KO to any; it will be removed later if at least one AS-SET authorizes this object
+match from 2001:db8:1:1::11 set ext-community $INTCOMM_PREFIX_KO
+# verifying if object is authorized by AS-SETs
+# AS-SET AS1 referenced but empty.
+# adding not_present_in_as_set community to unauthorized routes
+match from 2001:db8:1:1::11 ext-community $INTCOMM_PREFIX_KO set community 999:64513
+match from 2001:db8:1:1::11 ext-community $INTCOMM_PREFIX_KO set large-community 999:0:64513
+# adding present_in_as_set community to authorized routes
+match from 2001:db8:1:1::11 ext-community $INTCOMM_PREFIX_OK set community 999:64512
+match from 2001:db8:1:1::11 ext-community $INTCOMM_PREFIX_OK set large-community 999:0:64512
+
+
+# routes tagged with $INTCOMM_PREF_OK_ROA community have the prefix validated by a ROA; origin ASN previously validated ($INTCOMM_ORIGIN_OK)
+match from 2001:db8:1:1::11 ext-community $INTCOMM_ORIGIN_OK ext-community $INTCOMM_PREF_OK_ROA set community 999:64516
+match from 2001:db8:1:1::11 ext-community $INTCOMM_ORIGIN_OK ext-community $INTCOMM_PREF_OK_ROA set large-community 999:0:64516
+
+match from 2001:db8:1:1::11 ext-community $INTCOMM_ORIGIN_OK ext-community $INTCOMM_PREF_OK_ROA set ext-community delete $INTCOMM_IRR_REJECT
+
+
+
+
+
+
+
+# Prefix: length
+# Reject inbound routes when 'from 2001:db8:1:1::11 prefix ::/0 prefixlen 12 >< 48' - reject code: 13
+allow quick from 2001:db8:1:1::11 prefix ::/0 prefixlen 12 >< 48 set {
+	localpref 1
+	community 65520:0
+	community 65520:13
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+# Remove internal communities before accepting the route
+match from 2001:db8:1:1::11 set {
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+match from 2001:db8:1:1::11 set ext-community delete rt 65520:1
+
+
+
+allow quick from 2001:db8:1:1::11
+
+
+
+# ---------------------------------------------
+# client AS1_2, outbound
+
+deny quick to 2001:db8:1:1::11 community 65520:0
+
+
+
+# Blackhole request?
+# No blackhole filtering policy given
+deny quick to 2001:db8:1:1::11 community BLACKHOLE
+
+
+
+# NO_EXPORT and NO_ADVERTISE communities
+
+# BGP control communities
+allow to 2001:db8:1:1::11
+
+
+# Add the $INTCOMM_PROCESS_PREPEND_COMMS ext community to signal that communities
+# for prepending can be processed. As soon as one prepending action is performed,
+# this internal community is removed, so that further actions are not processed.
+match to 2001:db8:1:1::11 set ext-community $INTCOMM_PROCESS_PREPEND_COMMS
+
+
+
+
+
+# ---------------------------------------------
+# client AS2_1, inbound
+
+
+
+# NEXT_HOP
+match from 192.0.2.21 set community NO_ADVERTISE
+match from 192.0.2.21 nexthop 192.0.2.21 set community delete NO_ADVERTISE
+# Reject inbound routes when 'from 192.0.2.21 community NO_ADVERTISE' - reject code: 5
+allow quick from 192.0.2.21 community NO_ADVERTISE set {
+	localpref 1
+	community 65520:0
+	community 65520:5
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: left-most ASN
+# Reject inbound routes when 'from 192.0.2.21 peer-as != 2' - reject code: 6
+# community from reject_cause_map
+allow quick from 192.0.2.21 peer-as != 2 set {
+	localpref 1
+	community 65520:0
+	community 65520:6
+	large-community 999:1101:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: invalid ASNs
+# Reject inbound routes when 'from 192.0.2.21 AS 23456' - reject code: 7
+allow quick from 192.0.2.21 AS 23456 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 192.0.2.21 AS 64496 - 131071' - reject code: 7
+allow quick from 192.0.2.21 AS 64496 - 131071 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 192.0.2.21 AS 4200000000 - 4294967295' - reject code: 7
+allow quick from 192.0.2.21 AS 4200000000 - 4294967295 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+
+
+match from 192.0.2.21 set ext-community $INTCOMM_IRR_REJECT
+
+# AS_PATH: check origin via AS-SET
+# IRRDB filters for AS2_1, AS2: asns
+# add $INTCOMM_ORIGIN_KO to any; it will be removed later if at least one AS-SET authorizes this object
+match from 192.0.2.21 set ext-community $INTCOMM_ORIGIN_KO
+# verifying if object is authorized by AS-SETs
+# AS-SET AS2 referenced but empty.
+match from 192.0.2.21 source-as as-set AS_SET_WHITE_LIST_AS2_1_asns set {
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community $INTCOMM_ORIGIN_OK
+} # WHITE_LIST_AS2_1
+# AS-SET AS_AS2 referenced but empty.
+# adding not_present_in_as_set community to unauthorized routes
+match from 192.0.2.21 ext-community $INTCOMM_ORIGIN_KO set community 999:64515
+match from 192.0.2.21 ext-community $INTCOMM_ORIGIN_KO set large-community 999:0:64515
+# adding present_in_as_set community to authorized routes
+match from 192.0.2.21 ext-community $INTCOMM_ORIGIN_OK set community 999:64514
+match from 192.0.2.21 ext-community $INTCOMM_ORIGIN_OK set large-community 999:0:64514
+
+
+# Prefix: check prefix via AS-SET
+# IRRDB filters for AS2_1, AS2: prefixes
+# add $INTCOMM_PREFIX_KO to any; it will be removed later if at least one AS-SET authorizes this object
+match from 192.0.2.21 set ext-community $INTCOMM_PREFIX_KO
+# verifying if object is authorized by AS-SETs
+# AS-SET AS2 referenced but empty.
+match from 192.0.2.21 prefix-set AS_SET_WHITE_LIST_AS2_1_prefixes set {
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community $INTCOMM_PREFIX_OK
+} # WHITE_LIST_AS2_1
+# AS-SET AS_AS2 referenced but empty.
+# adding not_present_in_as_set community to unauthorized routes
+match from 192.0.2.21 ext-community $INTCOMM_PREFIX_KO set community 999:64513
+match from 192.0.2.21 ext-community $INTCOMM_PREFIX_KO set large-community 999:0:64513
+# adding present_in_as_set community to authorized routes
+match from 192.0.2.21 ext-community $INTCOMM_PREFIX_OK set community 999:64512
+match from 192.0.2.21 ext-community $INTCOMM_PREFIX_OK set large-community 999:0:64512
+
+
+# routes tagged with $INTCOMM_PREF_OK_ROA community have the prefix validated by a ROA; origin ASN previously validated ($INTCOMM_ORIGIN_OK)
+match from 192.0.2.21 ext-community $INTCOMM_ORIGIN_OK ext-community $INTCOMM_PREF_OK_ROA set community 999:64516
+match from 192.0.2.21 ext-community $INTCOMM_ORIGIN_OK ext-community $INTCOMM_PREF_OK_ROA set large-community 999:0:64516
+
+match from 192.0.2.21 ext-community $INTCOMM_ORIGIN_OK ext-community $INTCOMM_PREF_OK_ROA set ext-community delete $INTCOMM_IRR_REJECT
+
+
+
+
+
+
+
+# Prefix: length
+# Reject inbound routes when 'from 192.0.2.21 prefix 0.0.0.0/0 prefixlen 8 >< 24' - reject code: 13
+allow quick from 192.0.2.21 prefix 0.0.0.0/0 prefixlen 8 >< 24 set {
+	localpref 1
+	community 65520:0
+	community 65520:13
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+# Remove internal communities before accepting the route
+match from 192.0.2.21 set {
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+match from 192.0.2.21 set ext-community delete rt 65520:2
+
+
+
+allow quick from 192.0.2.21
+
+
+
+# ---------------------------------------------
+# client AS2_1, outbound
+
+deny quick to 192.0.2.21 community 65520:0
+
+
+
+# Blackhole request?
+# No blackhole filtering policy given
+deny quick to 192.0.2.21 community BLACKHOLE
+
+
+
+# NO_EXPORT and NO_ADVERTISE communities
+
+# BGP control communities
+allow to 192.0.2.21
+
+
+# Add the $INTCOMM_PROCESS_PREPEND_COMMS ext community to signal that communities
+# for prepending can be processed. As soon as one prepending action is performed,
+# this internal community is removed, so that further actions are not processed.
+match to 192.0.2.21 set ext-community $INTCOMM_PROCESS_PREPEND_COMMS
+
+
+
+
+
+# ---------------------------------------------
+# client AS2_2, inbound
+
+
+
+# NEXT_HOP
+match from 2001:db8:1:1::21 set community NO_ADVERTISE
+match from 2001:db8:1:1::21 nexthop 2001:db8:1:1::21 set community delete NO_ADVERTISE
+# Reject inbound routes when 'from 2001:db8:1:1::21 community NO_ADVERTISE' - reject code: 5
+allow quick from 2001:db8:1:1::21 community NO_ADVERTISE set {
+	localpref 1
+	community 65520:0
+	community 65520:5
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: left-most ASN
+# Reject inbound routes when 'from 2001:db8:1:1::21 peer-as != 2' - reject code: 6
+# community from reject_cause_map
+allow quick from 2001:db8:1:1::21 peer-as != 2 set {
+	localpref 1
+	community 65520:0
+	community 65520:6
+	large-community 999:1101:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: invalid ASNs
+# Reject inbound routes when 'from 2001:db8:1:1::21 AS 23456' - reject code: 7
+allow quick from 2001:db8:1:1::21 AS 23456 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 2001:db8:1:1::21 AS 64496 - 131071' - reject code: 7
+allow quick from 2001:db8:1:1::21 AS 64496 - 131071 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 2001:db8:1:1::21 AS 4200000000 - 4294967295' - reject code: 7
+allow quick from 2001:db8:1:1::21 AS 4200000000 - 4294967295 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+
+
+match from 2001:db8:1:1::21 set ext-community $INTCOMM_IRR_REJECT
+
+# AS_PATH: check origin via AS-SET
+# IRRDB filters for AS2_2, AS2: asns
+# add $INTCOMM_ORIGIN_KO to any; it will be removed later if at least one AS-SET authorizes this object
+match from 2001:db8:1:1::21 set ext-community $INTCOMM_ORIGIN_KO
+# verifying if object is authorized by AS-SETs
+match from 2001:db8:1:1::21 source-as as-set AS_SET_WHITE_LIST_AS2_2_asns set {
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community $INTCOMM_ORIGIN_OK
+} # WHITE_LIST_AS2_2
+# AS-SET AS2 referenced but empty.
+# AS-SET AS_AS2 referenced but empty.
+# adding not_present_in_as_set community to unauthorized routes
+match from 2001:db8:1:1::21 ext-community $INTCOMM_ORIGIN_KO set community 999:64515
+match from 2001:db8:1:1::21 ext-community $INTCOMM_ORIGIN_KO set large-community 999:0:64515
+# adding present_in_as_set community to authorized routes
+match from 2001:db8:1:1::21 ext-community $INTCOMM_ORIGIN_OK set community 999:64514
+match from 2001:db8:1:1::21 ext-community $INTCOMM_ORIGIN_OK set large-community 999:0:64514
+
+
+# Prefix: check prefix via AS-SET
+# IRRDB filters for AS2_2, AS2: prefixes
+# add $INTCOMM_PREFIX_KO to any; it will be removed later if at least one AS-SET authorizes this object
+match from 2001:db8:1:1::21 set ext-community $INTCOMM_PREFIX_KO
+# verifying if object is authorized by AS-SETs
+match from 2001:db8:1:1::21 prefix-set AS_SET_WHITE_LIST_AS2_2_prefixes set {
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community $INTCOMM_PREFIX_OK
+} # WHITE_LIST_AS2_2
+# AS-SET AS2 referenced but empty.
+# AS-SET AS_AS2 referenced but empty.
+# adding not_present_in_as_set community to unauthorized routes
+match from 2001:db8:1:1::21 ext-community $INTCOMM_PREFIX_KO set community 999:64513
+match from 2001:db8:1:1::21 ext-community $INTCOMM_PREFIX_KO set large-community 999:0:64513
+# adding present_in_as_set community to authorized routes
+match from 2001:db8:1:1::21 ext-community $INTCOMM_PREFIX_OK set community 999:64512
+match from 2001:db8:1:1::21 ext-community $INTCOMM_PREFIX_OK set large-community 999:0:64512
+
+
+# routes tagged with $INTCOMM_PREF_OK_ROA community have the prefix validated by a ROA; origin ASN previously validated ($INTCOMM_ORIGIN_OK)
+match from 2001:db8:1:1::21 ext-community $INTCOMM_ORIGIN_OK ext-community $INTCOMM_PREF_OK_ROA set community 999:64516
+match from 2001:db8:1:1::21 ext-community $INTCOMM_ORIGIN_OK ext-community $INTCOMM_PREF_OK_ROA set large-community 999:0:64516
+
+match from 2001:db8:1:1::21 ext-community $INTCOMM_ORIGIN_OK ext-community $INTCOMM_PREF_OK_ROA set ext-community delete $INTCOMM_IRR_REJECT
+
+
+
+
+
+
+
+# Prefix: length
+# Reject inbound routes when 'from 2001:db8:1:1::21 prefix ::/0 prefixlen 12 >< 48' - reject code: 13
+allow quick from 2001:db8:1:1::21 prefix ::/0 prefixlen 12 >< 48 set {
+	localpref 1
+	community 65520:0
+	community 65520:13
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+# Remove internal communities before accepting the route
+match from 2001:db8:1:1::21 set {
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+match from 2001:db8:1:1::21 set ext-community delete rt 65520:2
+
+
+
+allow quick from 2001:db8:1:1::21
+
+
+
+# ---------------------------------------------
+# client AS2_2, outbound
+
+deny quick to 2001:db8:1:1::21 community 65520:0
+
+
+
+# Blackhole request?
+# No blackhole filtering policy given
+deny quick to 2001:db8:1:1::21 community BLACKHOLE
+
+
+
+# NO_EXPORT and NO_ADVERTISE communities
+
+# BGP control communities
+allow to 2001:db8:1:1::21
+
+
+# Add the $INTCOMM_PROCESS_PREPEND_COMMS ext community to signal that communities
+# for prepending can be processed. As soon as one prepending action is performed,
+# this internal community is removed, so that further actions are not processed.
+match to 2001:db8:1:1::21 set ext-community $INTCOMM_PROCESS_PREPEND_COMMS
+
+
+
+
+
+# ---------------------------------------------
+# client AS4_1, inbound
+
+
+
+# NEXT_HOP
+match from 192.0.2.41 set community NO_ADVERTISE
+match from 192.0.2.41 nexthop 192.0.2.41 set community delete NO_ADVERTISE
+# Reject inbound routes when 'from 192.0.2.41 community NO_ADVERTISE' - reject code: 5
+allow quick from 192.0.2.41 community NO_ADVERTISE set {
+	localpref 1
+	community 65520:0
+	community 65520:5
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: left-most ASN
+# Reject inbound routes when 'from 192.0.2.41 peer-as != 4' - reject code: 6
+# community from reject_cause_map
+allow quick from 192.0.2.41 peer-as != 4 set {
+	localpref 1
+	community 65520:0
+	community 65520:6
+	large-community 999:1101:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: invalid ASNs
+# Reject inbound routes when 'from 192.0.2.41 AS 23456' - reject code: 7
+allow quick from 192.0.2.41 AS 23456 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 192.0.2.41 AS 64496 - 131071' - reject code: 7
+allow quick from 192.0.2.41 AS 64496 - 131071 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 192.0.2.41 AS 4200000000 - 4294967295' - reject code: 7
+allow quick from 192.0.2.41 AS 4200000000 - 4294967295 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+
+# client's white list
+# Add the $INTCOMM_ROUTE_OK_WL ext community to routes which
+# are validated by a client's white list entry.
+# It will be used later during IRRDB validation in
+# case the route is not authorized by a client's
+# AS-SET.
+match from 192.0.2.41 prefix 2a04:4::/32 source-as 44 set ext-community $INTCOMM_ROUTE_OK_WL	# None
+match from 192.0.2.41 prefix 2a04:5::/32 prefixlen 32 - 128 source-as 43 set ext-community $INTCOMM_ROUTE_OK_WL	# None
+match from 192.0.2.41 prefix 2a04:6::/32 prefixlen 32 - 128 set ext-community $INTCOMM_ROUTE_OK_WL	# None
+match from 192.0.2.41 prefix 4.4.0.0/16 source-as 44 set ext-community $INTCOMM_ROUTE_OK_WL	# None
+match from 192.0.2.41 prefix 4.5.0.0/16 prefixlen 16 - 32 source-as 43 set ext-community $INTCOMM_ROUTE_OK_WL	# None
+match from 192.0.2.41 prefix 4.6.0.0/16 prefixlen 16 - 32 set ext-community $INTCOMM_ROUTE_OK_WL	# None
+
+match from 192.0.2.41 set ext-community $INTCOMM_IRR_REJECT
+
+# AS_PATH: check origin via AS-SET
+# IRRDB filters for AS4_1, AS4: asns
+# add $INTCOMM_ORIGIN_KO to any; it will be removed later if at least one AS-SET authorizes this object
+match from 192.0.2.41 set ext-community $INTCOMM_ORIGIN_KO
+# verifying if object is authorized by AS-SETs
+match from 192.0.2.41 source-as as-set AS_SET_WHITE_LIST_AS4_1_asns set {
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community $INTCOMM_ORIGIN_OK
+} # WHITE_LIST_AS4_1
+# AS-SET AS4 referenced but empty.
+# AS-SET AS_AS4 referenced but empty.
+# adding not_present_in_as_set community to unauthorized routes
+match from 192.0.2.41 ext-community $INTCOMM_ORIGIN_KO set community 999:64515
+match from 192.0.2.41 ext-community $INTCOMM_ORIGIN_KO set large-community 999:0:64515
+# adding present_in_as_set community to authorized routes
+match from 192.0.2.41 ext-community $INTCOMM_ORIGIN_OK set community 999:64514
+match from 192.0.2.41 ext-community $INTCOMM_ORIGIN_OK set large-community 999:0:64514
+
+
+# Prefix: check prefix via AS-SET
+# IRRDB filters for AS4_1, AS4: prefixes
+# add $INTCOMM_PREFIX_KO to any; it will be removed later if at least one AS-SET authorizes this object
+match from 192.0.2.41 set ext-community $INTCOMM_PREFIX_KO
+# verifying if object is authorized by AS-SETs
+match from 192.0.2.41 prefix-set AS_SET_WHITE_LIST_AS4_1_prefixes set {
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community $INTCOMM_PREFIX_OK
+} # WHITE_LIST_AS4_1
+# AS-SET AS4 referenced but empty.
+# AS-SET AS_AS4 referenced but empty.
+# adding not_present_in_as_set community to unauthorized routes
+match from 192.0.2.41 ext-community $INTCOMM_PREFIX_KO set community 999:64513
+match from 192.0.2.41 ext-community $INTCOMM_PREFIX_KO set large-community 999:0:64513
+# adding present_in_as_set community to authorized routes
+match from 192.0.2.41 ext-community $INTCOMM_PREFIX_OK set community 999:64512
+match from 192.0.2.41 ext-community $INTCOMM_PREFIX_OK set large-community 999:0:64512
+
+
+# routes tagged with $INTCOMM_PREF_OK_ROA community have the prefix validated by a ROA; origin ASN previously validated ($INTCOMM_ORIGIN_OK)
+match from 192.0.2.41 ext-community $INTCOMM_ORIGIN_OK ext-community $INTCOMM_PREF_OK_ROA set community 999:64516
+match from 192.0.2.41 ext-community $INTCOMM_ORIGIN_OK ext-community $INTCOMM_PREF_OK_ROA set large-community 999:0:64516
+
+match from 192.0.2.41 ext-community $INTCOMM_ORIGIN_OK ext-community $INTCOMM_PREF_OK_ROA set ext-community delete $INTCOMM_IRR_REJECT
+
+
+
+# route authorized by a client's white list?
+match from 192.0.2.41 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_ROUTE_OK_WL set community 999:64517
+match from 192.0.2.41 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_ROUTE_OK_WL set large-community 999:0:64517
+
+match from 192.0.2.41 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_ROUTE_OK_WL set ext-community delete $INTCOMM_IRR_REJECT
+
+# enforcing: origin ASN
+# Reject inbound routes when 'from 192.0.2.41 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_ORIGIN_KO' - reject code: 9
+allow quick from 192.0.2.41 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_ORIGIN_KO set {
+	localpref 1
+	community 65520:0
+	community 65520:9
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+
+# Prefix: length
+# Reject inbound routes when 'from 192.0.2.41 prefix 0.0.0.0/0 prefixlen 8 >< 24' - reject code: 13
+allow quick from 192.0.2.41 prefix 0.0.0.0/0 prefixlen 8 >< 24 set {
+	localpref 1
+	community 65520:0
+	community 65520:13
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+# Remove internal communities before accepting the route
+match from 192.0.2.41 set {
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+match from 192.0.2.41 set ext-community delete rt 65520:4
+
+
+
+allow quick from 192.0.2.41
+
+
+
+# ---------------------------------------------
+# client AS4_1, outbound
+
+deny quick to 192.0.2.41 community 65520:0
+
+
+
+# Blackhole request?
+# No blackhole filtering policy given
+deny quick to 192.0.2.41 community BLACKHOLE
+
+
+
+# NO_EXPORT and NO_ADVERTISE communities
+
+# BGP control communities
+allow to 192.0.2.41
+
+
+# Add the $INTCOMM_PROCESS_PREPEND_COMMS ext community to signal that communities
+# for prepending can be processed. As soon as one prepending action is performed,
+# this internal community is removed, so that further actions are not processed.
+match to 192.0.2.41 set ext-community $INTCOMM_PROCESS_PREPEND_COMMS
+
+
+
+
+
+# ---------------------------------------------
+# client AS4_2, inbound
+
+
+
+# NEXT_HOP
+match from 2001:db8:1:1::41 set community NO_ADVERTISE
+match from 2001:db8:1:1::41 nexthop 2001:db8:1:1::41 set community delete NO_ADVERTISE
+# Reject inbound routes when 'from 2001:db8:1:1::41 community NO_ADVERTISE' - reject code: 5
+allow quick from 2001:db8:1:1::41 community NO_ADVERTISE set {
+	localpref 1
+	community 65520:0
+	community 65520:5
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: left-most ASN
+# Reject inbound routes when 'from 2001:db8:1:1::41 peer-as != 4' - reject code: 6
+# community from reject_cause_map
+allow quick from 2001:db8:1:1::41 peer-as != 4 set {
+	localpref 1
+	community 65520:0
+	community 65520:6
+	large-community 999:1101:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: invalid ASNs
+# Reject inbound routes when 'from 2001:db8:1:1::41 AS 23456' - reject code: 7
+allow quick from 2001:db8:1:1::41 AS 23456 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 2001:db8:1:1::41 AS 64496 - 131071' - reject code: 7
+allow quick from 2001:db8:1:1::41 AS 64496 - 131071 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 2001:db8:1:1::41 AS 4200000000 - 4294967295' - reject code: 7
+allow quick from 2001:db8:1:1::41 AS 4200000000 - 4294967295 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+
+# client's white list
+# Add the $INTCOMM_ROUTE_OK_WL ext community to routes which
+# are validated by a client's white list entry.
+# It will be used later during IRRDB validation in
+# case the route is not authorized by a client's
+# AS-SET.
+match from 2001:db8:1:1::41 prefix 2a04:4::/32 source-as 44 set ext-community $INTCOMM_ROUTE_OK_WL	# None
+match from 2001:db8:1:1::41 prefix 2a04:5::/32 prefixlen 32 - 128 source-as 43 set ext-community $INTCOMM_ROUTE_OK_WL	# None
+match from 2001:db8:1:1::41 prefix 2a04:6::/32 prefixlen 32 - 128 set ext-community $INTCOMM_ROUTE_OK_WL	# None
+match from 2001:db8:1:1::41 prefix 4.4.0.0/16 source-as 44 set ext-community $INTCOMM_ROUTE_OK_WL	# None
+match from 2001:db8:1:1::41 prefix 4.5.0.0/16 prefixlen 16 - 32 source-as 43 set ext-community $INTCOMM_ROUTE_OK_WL	# None
+match from 2001:db8:1:1::41 prefix 4.6.0.0/16 prefixlen 16 - 32 set ext-community $INTCOMM_ROUTE_OK_WL	# None
+
+match from 2001:db8:1:1::41 set ext-community $INTCOMM_IRR_REJECT
+
+# AS_PATH: check origin via AS-SET
+# IRRDB filters for AS4_2, AS4: asns
+# add $INTCOMM_ORIGIN_KO to any; it will be removed later if at least one AS-SET authorizes this object
+match from 2001:db8:1:1::41 set ext-community $INTCOMM_ORIGIN_KO
+# verifying if object is authorized by AS-SETs
+# AS-SET AS4 referenced but empty.
+# AS-SET AS_AS4 referenced but empty.
+match from 2001:db8:1:1::41 source-as as-set AS_SET_WHITE_LIST_AS4_2_asns set {
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community $INTCOMM_ORIGIN_OK
+} # WHITE_LIST_AS4_2
+# adding not_present_in_as_set community to unauthorized routes
+match from 2001:db8:1:1::41 ext-community $INTCOMM_ORIGIN_KO set community 999:64515
+match from 2001:db8:1:1::41 ext-community $INTCOMM_ORIGIN_KO set large-community 999:0:64515
+# adding present_in_as_set community to authorized routes
+match from 2001:db8:1:1::41 ext-community $INTCOMM_ORIGIN_OK set community 999:64514
+match from 2001:db8:1:1::41 ext-community $INTCOMM_ORIGIN_OK set large-community 999:0:64514
+
+
+# Prefix: check prefix via AS-SET
+# IRRDB filters for AS4_2, AS4: prefixes
+# add $INTCOMM_PREFIX_KO to any; it will be removed later if at least one AS-SET authorizes this object
+match from 2001:db8:1:1::41 set ext-community $INTCOMM_PREFIX_KO
+# verifying if object is authorized by AS-SETs
+# AS-SET AS4 referenced but empty.
+# AS-SET AS_AS4 referenced but empty.
+match from 2001:db8:1:1::41 prefix-set AS_SET_WHITE_LIST_AS4_2_prefixes set {
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community $INTCOMM_PREFIX_OK
+} # WHITE_LIST_AS4_2
+# adding not_present_in_as_set community to unauthorized routes
+match from 2001:db8:1:1::41 ext-community $INTCOMM_PREFIX_KO set community 999:64513
+match from 2001:db8:1:1::41 ext-community $INTCOMM_PREFIX_KO set large-community 999:0:64513
+# adding present_in_as_set community to authorized routes
+match from 2001:db8:1:1::41 ext-community $INTCOMM_PREFIX_OK set community 999:64512
+match from 2001:db8:1:1::41 ext-community $INTCOMM_PREFIX_OK set large-community 999:0:64512
+
+
+# routes tagged with $INTCOMM_PREF_OK_ROA community have the prefix validated by a ROA; origin ASN previously validated ($INTCOMM_ORIGIN_OK)
+match from 2001:db8:1:1::41 ext-community $INTCOMM_ORIGIN_OK ext-community $INTCOMM_PREF_OK_ROA set community 999:64516
+match from 2001:db8:1:1::41 ext-community $INTCOMM_ORIGIN_OK ext-community $INTCOMM_PREF_OK_ROA set large-community 999:0:64516
+
+match from 2001:db8:1:1::41 ext-community $INTCOMM_ORIGIN_OK ext-community $INTCOMM_PREF_OK_ROA set ext-community delete $INTCOMM_IRR_REJECT
+
+
+
+# route authorized by a client's white list?
+match from 2001:db8:1:1::41 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_ROUTE_OK_WL set community 999:64517
+match from 2001:db8:1:1::41 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_ROUTE_OK_WL set large-community 999:0:64517
+
+match from 2001:db8:1:1::41 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_ROUTE_OK_WL set ext-community delete $INTCOMM_IRR_REJECT
+
+# enforcing: origin ASN
+# Reject inbound routes when 'from 2001:db8:1:1::41 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_ORIGIN_KO' - reject code: 9
+allow quick from 2001:db8:1:1::41 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_ORIGIN_KO set {
+	localpref 1
+	community 65520:0
+	community 65520:9
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+
+# Prefix: length
+# Reject inbound routes when 'from 2001:db8:1:1::41 prefix ::/0 prefixlen 12 >< 48' - reject code: 13
+allow quick from 2001:db8:1:1::41 prefix ::/0 prefixlen 12 >< 48 set {
+	localpref 1
+	community 65520:0
+	community 65520:13
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+# Remove internal communities before accepting the route
+match from 2001:db8:1:1::41 set {
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+match from 2001:db8:1:1::41 set ext-community delete rt 65520:4
+
+
+
+allow quick from 2001:db8:1:1::41
+
+
+
+# ---------------------------------------------
+# client AS4_2, outbound
+
+deny quick to 2001:db8:1:1::41 community 65520:0
+
+
+
+# Blackhole request?
+# No blackhole filtering policy given
+deny quick to 2001:db8:1:1::41 community BLACKHOLE
+
+
+
+# NO_EXPORT and NO_ADVERTISE communities
+
+# BGP control communities
+allow to 2001:db8:1:1::41
+
+
+# Add the $INTCOMM_PROCESS_PREPEND_COMMS ext community to signal that communities
+# for prepending can be processed. As soon as one prepending action is performed,
+# this internal community is removed, so that further actions are not processed.
+match to 2001:db8:1:1::41 set ext-community $INTCOMM_PROCESS_PREPEND_COMMS
+
+
+
+
+
+# ---------------------------------------------
+# client AS5_1, inbound
+
+
+
+# NEXT_HOP
+match from 192.0.2.51 set community NO_ADVERTISE
+match from 192.0.2.51 nexthop 192.0.2.51 set community delete NO_ADVERTISE
+# Reject inbound routes when 'from 192.0.2.51 community NO_ADVERTISE' - reject code: 5
+allow quick from 192.0.2.51 community NO_ADVERTISE set {
+	localpref 1
+	community 65520:0
+	community 65520:5
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: left-most ASN
+# Reject inbound routes when 'from 192.0.2.51 peer-as != 5' - reject code: 6
+# community from reject_cause_map
+allow quick from 192.0.2.51 peer-as != 5 set {
+	localpref 1
+	community 65520:0
+	community 65520:6
+	large-community 999:1101:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: invalid ASNs
+# Reject inbound routes when 'from 192.0.2.51 AS 23456' - reject code: 7
+allow quick from 192.0.2.51 AS 23456 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 192.0.2.51 AS 64496 - 131071' - reject code: 7
+allow quick from 192.0.2.51 AS 64496 - 131071 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 192.0.2.51 AS 4200000000 - 4294967295' - reject code: 7
+allow quick from 192.0.2.51 AS 4200000000 - 4294967295 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+
+
+match from 192.0.2.51 set ext-community $INTCOMM_IRR_REJECT
+
+# AS_PATH: check origin via AS-SET
+# IRRDB filters for AS5_1, AS5: asns
+# add $INTCOMM_ORIGIN_KO to any; it will be removed later if at least one AS-SET authorizes this object
+match from 192.0.2.51 set ext-community $INTCOMM_ORIGIN_KO
+# verifying if object is authorized by AS-SETs
+# AS-SET AS_AS5_FROM_PDB referenced but empty.
+# AS-SET AS5 referenced but empty.
+match from 192.0.2.51 source-as as-set AS_SET_WHITE_LIST_AS5_1_asns set {
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community $INTCOMM_ORIGIN_OK
+} # WHITE_LIST_AS5_1
+# adding not_present_in_as_set community to unauthorized routes
+match from 192.0.2.51 ext-community $INTCOMM_ORIGIN_KO set community 999:64515
+match from 192.0.2.51 ext-community $INTCOMM_ORIGIN_KO set large-community 999:0:64515
+# adding present_in_as_set community to authorized routes
+match from 192.0.2.51 ext-community $INTCOMM_ORIGIN_OK set community 999:64514
+match from 192.0.2.51 ext-community $INTCOMM_ORIGIN_OK set large-community 999:0:64514
+
+
+# Prefix: check prefix via AS-SET
+# IRRDB filters for AS5_1, AS5: prefixes
+# add $INTCOMM_PREFIX_KO to any; it will be removed later if at least one AS-SET authorizes this object
+match from 192.0.2.51 set ext-community $INTCOMM_PREFIX_KO
+# verifying if object is authorized by AS-SETs
+# AS-SET AS_AS5_FROM_PDB referenced but empty.
+# AS-SET AS5 referenced but empty.
+match from 192.0.2.51 prefix-set AS_SET_WHITE_LIST_AS5_1_prefixes set {
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community $INTCOMM_PREFIX_OK
+} # WHITE_LIST_AS5_1
+# adding not_present_in_as_set community to unauthorized routes
+match from 192.0.2.51 ext-community $INTCOMM_PREFIX_KO set community 999:64513
+match from 192.0.2.51 ext-community $INTCOMM_PREFIX_KO set large-community 999:0:64513
+# adding present_in_as_set community to authorized routes
+match from 192.0.2.51 ext-community $INTCOMM_PREFIX_OK set community 999:64512
+match from 192.0.2.51 ext-community $INTCOMM_PREFIX_OK set large-community 999:0:64512
+
+
+# routes tagged with $INTCOMM_PREF_OK_ROA community have the prefix validated by a ROA; origin ASN previously validated ($INTCOMM_ORIGIN_OK)
+match from 192.0.2.51 ext-community $INTCOMM_ORIGIN_OK ext-community $INTCOMM_PREF_OK_ROA set community 999:64516
+match from 192.0.2.51 ext-community $INTCOMM_ORIGIN_OK ext-community $INTCOMM_PREF_OK_ROA set large-community 999:0:64516
+
+match from 192.0.2.51 ext-community $INTCOMM_ORIGIN_OK ext-community $INTCOMM_PREF_OK_ROA set ext-community delete $INTCOMM_IRR_REJECT
+
+
+
+
+# enforcing: prefix
+# Reject inbound routes when 'from 192.0.2.51 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_PREFIX_KO' - reject code: 12
+allow quick from 192.0.2.51 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_PREFIX_KO set {
+	localpref 1
+	community 65520:0
+	community 65520:12
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+
+# Prefix: length
+# Reject inbound routes when 'from 192.0.2.51 prefix 0.0.0.0/0 prefixlen 8 >< 24' - reject code: 13
+allow quick from 192.0.2.51 prefix 0.0.0.0/0 prefixlen 8 >< 24 set {
+	localpref 1
+	community 65520:0
+	community 65520:13
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+# Remove internal communities before accepting the route
+match from 192.0.2.51 set {
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+match from 192.0.2.51 set ext-community delete rt 65520:5
+
+
+
+allow quick from 192.0.2.51
+
+
+
+# ---------------------------------------------
+# client AS5_1, outbound
+
+deny quick to 192.0.2.51 community 65520:0
+
+
+
+# Blackhole request?
+# No blackhole filtering policy given
+deny quick to 192.0.2.51 community BLACKHOLE
+
+
+
+# NO_EXPORT and NO_ADVERTISE communities
+
+# BGP control communities
+allow to 192.0.2.51
+
+
+# Add the $INTCOMM_PROCESS_PREPEND_COMMS ext community to signal that communities
+# for prepending can be processed. As soon as one prepending action is performed,
+# this internal community is removed, so that further actions are not processed.
+match to 192.0.2.51 set ext-community $INTCOMM_PROCESS_PREPEND_COMMS
+
+
+
+
+
+# ---------------------------------------------
+# client AS5_2, inbound
+
+
+
+# NEXT_HOP
+match from 2001:db8:1:1::51 set community NO_ADVERTISE
+match from 2001:db8:1:1::51 nexthop 2001:db8:1:1::51 set community delete NO_ADVERTISE
+# Reject inbound routes when 'from 2001:db8:1:1::51 community NO_ADVERTISE' - reject code: 5
+allow quick from 2001:db8:1:1::51 community NO_ADVERTISE set {
+	localpref 1
+	community 65520:0
+	community 65520:5
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: left-most ASN
+# Reject inbound routes when 'from 2001:db8:1:1::51 peer-as != 5' - reject code: 6
+# community from reject_cause_map
+allow quick from 2001:db8:1:1::51 peer-as != 5 set {
+	localpref 1
+	community 65520:0
+	community 65520:6
+	large-community 999:1101:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: invalid ASNs
+# Reject inbound routes when 'from 2001:db8:1:1::51 AS 23456' - reject code: 7
+allow quick from 2001:db8:1:1::51 AS 23456 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 2001:db8:1:1::51 AS 64496 - 131071' - reject code: 7
+allow quick from 2001:db8:1:1::51 AS 64496 - 131071 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 2001:db8:1:1::51 AS 4200000000 - 4294967295' - reject code: 7
+allow quick from 2001:db8:1:1::51 AS 4200000000 - 4294967295 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+
+
+match from 2001:db8:1:1::51 set ext-community $INTCOMM_IRR_REJECT
+
+# AS_PATH: check origin via AS-SET
+# IRRDB filters for AS5_2, AS5: asns
+# add $INTCOMM_ORIGIN_KO to any; it will be removed later if at least one AS-SET authorizes this object
+match from 2001:db8:1:1::51 set ext-community $INTCOMM_ORIGIN_KO
+# verifying if object is authorized by AS-SETs
+# AS-SET AS_AS5_FROM_PDB referenced but empty.
+match from 2001:db8:1:1::51 source-as as-set AS_SET_WHITE_LIST_AS5_2_asns set {
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community $INTCOMM_ORIGIN_OK
+} # WHITE_LIST_AS5_2
+# AS-SET AS5 referenced but empty.
+# adding not_present_in_as_set community to unauthorized routes
+match from 2001:db8:1:1::51 ext-community $INTCOMM_ORIGIN_KO set community 999:64515
+match from 2001:db8:1:1::51 ext-community $INTCOMM_ORIGIN_KO set large-community 999:0:64515
+# adding present_in_as_set community to authorized routes
+match from 2001:db8:1:1::51 ext-community $INTCOMM_ORIGIN_OK set community 999:64514
+match from 2001:db8:1:1::51 ext-community $INTCOMM_ORIGIN_OK set large-community 999:0:64514
+
+
+# Prefix: check prefix via AS-SET
+# IRRDB filters for AS5_2, AS5: prefixes
+# add $INTCOMM_PREFIX_KO to any; it will be removed later if at least one AS-SET authorizes this object
+match from 2001:db8:1:1::51 set ext-community $INTCOMM_PREFIX_KO
+# verifying if object is authorized by AS-SETs
+# AS-SET AS_AS5_FROM_PDB referenced but empty.
+match from 2001:db8:1:1::51 prefix-set AS_SET_WHITE_LIST_AS5_2_prefixes set {
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community $INTCOMM_PREFIX_OK
+} # WHITE_LIST_AS5_2
+# AS-SET AS5 referenced but empty.
+# adding not_present_in_as_set community to unauthorized routes
+match from 2001:db8:1:1::51 ext-community $INTCOMM_PREFIX_KO set community 999:64513
+match from 2001:db8:1:1::51 ext-community $INTCOMM_PREFIX_KO set large-community 999:0:64513
+# adding present_in_as_set community to authorized routes
+match from 2001:db8:1:1::51 ext-community $INTCOMM_PREFIX_OK set community 999:64512
+match from 2001:db8:1:1::51 ext-community $INTCOMM_PREFIX_OK set large-community 999:0:64512
+
+
+# routes tagged with $INTCOMM_PREF_OK_ROA community have the prefix validated by a ROA; origin ASN previously validated ($INTCOMM_ORIGIN_OK)
+match from 2001:db8:1:1::51 ext-community $INTCOMM_ORIGIN_OK ext-community $INTCOMM_PREF_OK_ROA set community 999:64516
+match from 2001:db8:1:1::51 ext-community $INTCOMM_ORIGIN_OK ext-community $INTCOMM_PREF_OK_ROA set large-community 999:0:64516
+
+match from 2001:db8:1:1::51 ext-community $INTCOMM_ORIGIN_OK ext-community $INTCOMM_PREF_OK_ROA set ext-community delete $INTCOMM_IRR_REJECT
+
+
+
+
+# enforcing: prefix
+# Reject inbound routes when 'from 2001:db8:1:1::51 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_PREFIX_KO' - reject code: 12
+allow quick from 2001:db8:1:1::51 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_PREFIX_KO set {
+	localpref 1
+	community 65520:0
+	community 65520:12
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+
+# Prefix: length
+# Reject inbound routes when 'from 2001:db8:1:1::51 prefix ::/0 prefixlen 12 >< 48' - reject code: 13
+allow quick from 2001:db8:1:1::51 prefix ::/0 prefixlen 12 >< 48 set {
+	localpref 1
+	community 65520:0
+	community 65520:13
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+# Remove internal communities before accepting the route
+match from 2001:db8:1:1::51 set {
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+match from 2001:db8:1:1::51 set ext-community delete rt 65520:5
+
+
+
+allow quick from 2001:db8:1:1::51
+
+
+
+# ---------------------------------------------
+# client AS5_2, outbound
+
+deny quick to 2001:db8:1:1::51 community 65520:0
+
+
+
+# Blackhole request?
+# No blackhole filtering policy given
+deny quick to 2001:db8:1:1::51 community BLACKHOLE
+
+
+
+# NO_EXPORT and NO_ADVERTISE communities
+
+# BGP control communities
+allow to 2001:db8:1:1::51
+
+
+# Add the $INTCOMM_PROCESS_PREPEND_COMMS ext community to signal that communities
+# for prepending can be processed. As soon as one prepending action is performed,
+# this internal community is removed, so that further actions are not processed.
+match to 2001:db8:1:1::51 set ext-community $INTCOMM_PROCESS_PREPEND_COMMS
+
+
+
+
+
+# ---------------------------------------------
+# client AS6_1, inbound
+
+
+
+# NEXT_HOP
+match from 192.0.2.61 set community NO_ADVERTISE
+match from 192.0.2.61 nexthop 192.0.2.61 set community delete NO_ADVERTISE
+# Reject inbound routes when 'from 192.0.2.61 community NO_ADVERTISE' - reject code: 5
+allow quick from 192.0.2.61 community NO_ADVERTISE set {
+	localpref 1
+	community 65520:0
+	community 65520:5
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: left-most ASN
+# Reject inbound routes when 'from 192.0.2.61 peer-as != 6' - reject code: 6
+# community from reject_cause_map
+allow quick from 192.0.2.61 peer-as != 6 set {
+	localpref 1
+	community 65520:0
+	community 65520:6
+	large-community 999:1101:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: invalid ASNs
+# Reject inbound routes when 'from 192.0.2.61 AS 23456' - reject code: 7
+allow quick from 192.0.2.61 AS 23456 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 192.0.2.61 AS 64496 - 131071' - reject code: 7
+allow quick from 192.0.2.61 AS 64496 - 131071 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 192.0.2.61 AS 4200000000 - 4294967295' - reject code: 7
+allow quick from 192.0.2.61 AS 4200000000 - 4294967295 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+
+# client's white list
+# Add the $INTCOMM_ROUTE_OK_WL ext community to routes which
+# are validated by a client's white list entry.
+# It will be used later during IRRDB validation in
+# case the route is not authorized by a client's
+# AS-SET.
+match from 192.0.2.61 prefix 2a03:2::/32 prefixlen 32 - 128 source-as 3 set ext-community $INTCOMM_ROUTE_OK_WL	# None
+match from 192.0.2.61 prefix 3.2.0.0/16 prefixlen 16 - 32 source-as 3 set ext-community $INTCOMM_ROUTE_OK_WL	# None
+
+match from 192.0.2.61 set ext-community $INTCOMM_IRR_REJECT
+
+# AS_PATH: check origin via AS-SET
+# IRRDB filters for AS6_1, AS6: asns
+# add $INTCOMM_ORIGIN_KO to any; it will be removed later if at least one AS-SET authorizes this object
+match from 192.0.2.61 set ext-community $INTCOMM_ORIGIN_KO
+# verifying if object is authorized by AS-SETs
+# AS-SET AS6 referenced but empty.
+# adding not_present_in_as_set community to unauthorized routes
+match from 192.0.2.61 ext-community $INTCOMM_ORIGIN_KO set community 999:64515
+match from 192.0.2.61 ext-community $INTCOMM_ORIGIN_KO set large-community 999:0:64515
+# adding present_in_as_set community to authorized routes
+match from 192.0.2.61 ext-community $INTCOMM_ORIGIN_OK set community 999:64514
+match from 192.0.2.61 ext-community $INTCOMM_ORIGIN_OK set large-community 999:0:64514
+
+
+# Prefix: check prefix via AS-SET
+# IRRDB filters for AS6_1, AS6: prefixes
+# add $INTCOMM_PREFIX_KO to any; it will be removed later if at least one AS-SET authorizes this object
+match from 192.0.2.61 set ext-community $INTCOMM_PREFIX_KO
+# verifying if object is authorized by AS-SETs
+# AS-SET AS6 referenced but empty.
+# adding not_present_in_as_set community to unauthorized routes
+match from 192.0.2.61 ext-community $INTCOMM_PREFIX_KO set community 999:64513
+match from 192.0.2.61 ext-community $INTCOMM_PREFIX_KO set large-community 999:0:64513
+# adding present_in_as_set community to authorized routes
+match from 192.0.2.61 ext-community $INTCOMM_PREFIX_OK set community 999:64512
+match from 192.0.2.61 ext-community $INTCOMM_PREFIX_OK set large-community 999:0:64512
+
+
+# routes tagged with $INTCOMM_PREF_OK_ROA community have the prefix validated by a ROA; origin ASN previously validated ($INTCOMM_ORIGIN_OK)
+match from 192.0.2.61 ext-community $INTCOMM_ORIGIN_OK ext-community $INTCOMM_PREF_OK_ROA set community 999:64516
+match from 192.0.2.61 ext-community $INTCOMM_ORIGIN_OK ext-community $INTCOMM_PREF_OK_ROA set large-community 999:0:64516
+
+match from 192.0.2.61 ext-community $INTCOMM_ORIGIN_OK ext-community $INTCOMM_PREF_OK_ROA set ext-community delete $INTCOMM_IRR_REJECT
+
+
+
+# route authorized by a client's white list?
+match from 192.0.2.61 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_ROUTE_OK_WL set community 999:64517
+match from 192.0.2.61 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_ROUTE_OK_WL set large-community 999:0:64517
+
+match from 192.0.2.61 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_ROUTE_OK_WL set ext-community delete $INTCOMM_IRR_REJECT
+
+# enforcing: origin ASN
+# Reject inbound routes when 'from 192.0.2.61 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_ORIGIN_KO' - reject code: 9
+allow quick from 192.0.2.61 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_ORIGIN_KO set {
+	localpref 1
+	community 65520:0
+	community 65520:9
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# enforcing: prefix
+# Reject inbound routes when 'from 192.0.2.61 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_PREFIX_KO' - reject code: 12
+allow quick from 192.0.2.61 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_PREFIX_KO set {
+	localpref 1
+	community 65520:0
+	community 65520:12
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+
+# Prefix: length
+# Reject inbound routes when 'from 192.0.2.61 prefix 0.0.0.0/0 prefixlen 8 >< 24' - reject code: 13
+allow quick from 192.0.2.61 prefix 0.0.0.0/0 prefixlen 8 >< 24 set {
+	localpref 1
+	community 65520:0
+	community 65520:13
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+# Remove internal communities before accepting the route
+match from 192.0.2.61 set {
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+match from 192.0.2.61 set ext-community delete rt 65520:6
+
+
+
+allow quick from 192.0.2.61
+
+
+
+# ---------------------------------------------
+# client AS6_1, outbound
+
+deny quick to 192.0.2.61 community 65520:0
+
+
+
+# Blackhole request?
+# No blackhole filtering policy given
+deny quick to 192.0.2.61 community BLACKHOLE
+
+
+
+# NO_EXPORT and NO_ADVERTISE communities
+
+# BGP control communities
+allow to 192.0.2.61
+
+
+# Add the $INTCOMM_PROCESS_PREPEND_COMMS ext community to signal that communities
+# for prepending can be processed. As soon as one prepending action is performed,
+# this internal community is removed, so that further actions are not processed.
+match to 192.0.2.61 set ext-community $INTCOMM_PROCESS_PREPEND_COMMS
+
+
+
+
+
+# ---------------------------------------------
+# client AS6_2, inbound
+
+
+
+# NEXT_HOP
+match from 2001:db8:1:1::61 set community NO_ADVERTISE
+match from 2001:db8:1:1::61 nexthop 2001:db8:1:1::61 set community delete NO_ADVERTISE
+# Reject inbound routes when 'from 2001:db8:1:1::61 community NO_ADVERTISE' - reject code: 5
+allow quick from 2001:db8:1:1::61 community NO_ADVERTISE set {
+	localpref 1
+	community 65520:0
+	community 65520:5
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: left-most ASN
+# Reject inbound routes when 'from 2001:db8:1:1::61 peer-as != 6' - reject code: 6
+# community from reject_cause_map
+allow quick from 2001:db8:1:1::61 peer-as != 6 set {
+	localpref 1
+	community 65520:0
+	community 65520:6
+	large-community 999:1101:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: invalid ASNs
+# Reject inbound routes when 'from 2001:db8:1:1::61 AS 23456' - reject code: 7
+allow quick from 2001:db8:1:1::61 AS 23456 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 2001:db8:1:1::61 AS 64496 - 131071' - reject code: 7
+allow quick from 2001:db8:1:1::61 AS 64496 - 131071 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 2001:db8:1:1::61 AS 4200000000 - 4294967295' - reject code: 7
+allow quick from 2001:db8:1:1::61 AS 4200000000 - 4294967295 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+
+# client's white list
+# Add the $INTCOMM_ROUTE_OK_WL ext community to routes which
+# are validated by a client's white list entry.
+# It will be used later during IRRDB validation in
+# case the route is not authorized by a client's
+# AS-SET.
+match from 2001:db8:1:1::61 prefix 2a03:2::/32 prefixlen 32 - 128 source-as 3 set ext-community $INTCOMM_ROUTE_OK_WL	# None
+match from 2001:db8:1:1::61 prefix 3.2.0.0/16 prefixlen 16 - 32 source-as 3 set ext-community $INTCOMM_ROUTE_OK_WL	# None
+
+match from 2001:db8:1:1::61 set ext-community $INTCOMM_IRR_REJECT
+
+# AS_PATH: check origin via AS-SET
+# IRRDB filters for AS6_2, AS6: asns
+# add $INTCOMM_ORIGIN_KO to any; it will be removed later if at least one AS-SET authorizes this object
+match from 2001:db8:1:1::61 set ext-community $INTCOMM_ORIGIN_KO
+# verifying if object is authorized by AS-SETs
+# AS-SET AS6 referenced but empty.
+# adding not_present_in_as_set community to unauthorized routes
+match from 2001:db8:1:1::61 ext-community $INTCOMM_ORIGIN_KO set community 999:64515
+match from 2001:db8:1:1::61 ext-community $INTCOMM_ORIGIN_KO set large-community 999:0:64515
+# adding present_in_as_set community to authorized routes
+match from 2001:db8:1:1::61 ext-community $INTCOMM_ORIGIN_OK set community 999:64514
+match from 2001:db8:1:1::61 ext-community $INTCOMM_ORIGIN_OK set large-community 999:0:64514
+
+
+# Prefix: check prefix via AS-SET
+# IRRDB filters for AS6_2, AS6: prefixes
+# add $INTCOMM_PREFIX_KO to any; it will be removed later if at least one AS-SET authorizes this object
+match from 2001:db8:1:1::61 set ext-community $INTCOMM_PREFIX_KO
+# verifying if object is authorized by AS-SETs
+# AS-SET AS6 referenced but empty.
+# adding not_present_in_as_set community to unauthorized routes
+match from 2001:db8:1:1::61 ext-community $INTCOMM_PREFIX_KO set community 999:64513
+match from 2001:db8:1:1::61 ext-community $INTCOMM_PREFIX_KO set large-community 999:0:64513
+# adding present_in_as_set community to authorized routes
+match from 2001:db8:1:1::61 ext-community $INTCOMM_PREFIX_OK set community 999:64512
+match from 2001:db8:1:1::61 ext-community $INTCOMM_PREFIX_OK set large-community 999:0:64512
+
+
+# routes tagged with $INTCOMM_PREF_OK_ROA community have the prefix validated by a ROA; origin ASN previously validated ($INTCOMM_ORIGIN_OK)
+match from 2001:db8:1:1::61 ext-community $INTCOMM_ORIGIN_OK ext-community $INTCOMM_PREF_OK_ROA set community 999:64516
+match from 2001:db8:1:1::61 ext-community $INTCOMM_ORIGIN_OK ext-community $INTCOMM_PREF_OK_ROA set large-community 999:0:64516
+
+match from 2001:db8:1:1::61 ext-community $INTCOMM_ORIGIN_OK ext-community $INTCOMM_PREF_OK_ROA set ext-community delete $INTCOMM_IRR_REJECT
+
+
+
+# route authorized by a client's white list?
+match from 2001:db8:1:1::61 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_ROUTE_OK_WL set community 999:64517
+match from 2001:db8:1:1::61 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_ROUTE_OK_WL set large-community 999:0:64517
+
+match from 2001:db8:1:1::61 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_ROUTE_OK_WL set ext-community delete $INTCOMM_IRR_REJECT
+
+# enforcing: origin ASN
+# Reject inbound routes when 'from 2001:db8:1:1::61 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_ORIGIN_KO' - reject code: 9
+allow quick from 2001:db8:1:1::61 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_ORIGIN_KO set {
+	localpref 1
+	community 65520:0
+	community 65520:9
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# enforcing: prefix
+# Reject inbound routes when 'from 2001:db8:1:1::61 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_PREFIX_KO' - reject code: 12
+allow quick from 2001:db8:1:1::61 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_PREFIX_KO set {
+	localpref 1
+	community 65520:0
+	community 65520:12
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+
+# Prefix: length
+# Reject inbound routes when 'from 2001:db8:1:1::61 prefix ::/0 prefixlen 12 >< 48' - reject code: 13
+allow quick from 2001:db8:1:1::61 prefix ::/0 prefixlen 12 >< 48 set {
+	localpref 1
+	community 65520:0
+	community 65520:13
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+# Remove internal communities before accepting the route
+match from 2001:db8:1:1::61 set {
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+match from 2001:db8:1:1::61 set ext-community delete rt 65520:6
+
+
+
+allow quick from 2001:db8:1:1::61
+
+
+
+# ---------------------------------------------
+# client AS6_2, outbound
+
+deny quick to 2001:db8:1:1::61 community 65520:0
+
+
+
+# Blackhole request?
+# No blackhole filtering policy given
+deny quick to 2001:db8:1:1::61 community BLACKHOLE
+
+
+
+# NO_EXPORT and NO_ADVERTISE communities
+
+# BGP control communities
+allow to 2001:db8:1:1::61
+
+
+# Add the $INTCOMM_PROCESS_PREPEND_COMMS ext community to signal that communities
+# for prepending can be processed. As soon as one prepending action is performed,
+# this internal community is removed, so that further actions are not processed.
+match to 2001:db8:1:1::61 set ext-community $INTCOMM_PROCESS_PREPEND_COMMS
+
+
+
+
+
+
+
+# Scrub communities from outbound routes
+# reject_cause
+match to group clients set community delete 65520:*
+
+# reject_cause_map_6
+match to group clients set large-community delete 999:1101:7
+
+# rejected_route_announced_by
+match to group clients set ext-community delete rt 65520:*
+
+
+# Scrub prepending communities
+
+
+# RFC1997 NO_EXPORT/NO_ADVERTISE received from clients and propagated because of pass-through policy
+match to group clients ext-community $INTCOMM_NO_EXPORT set community NO_EXPORT
+match to group clients ext-community $INTCOMM_NO_ADVERTISE set community NO_ADVERTISE
+
+# Remove internal communities before announcing the route
+match to group clients set {
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
diff --git a/tests/live_tests/scenarios/tag_as_set/configs/TagASSetScenario_WithAS_SETs_BIRD2IPv6/bird2.conf b/tests/live_tests/scenarios/tag_as_set/configs/TagASSetScenario_WithAS_SETs_BIRD2IPv6/bird2.conf
index 992ee7cd..00fca2e9 100644
--- a/tests/live_tests/scenarios/tag_as_set/configs/TagASSetScenario_WithAS_SETs_BIRD2IPv6/bird2.conf
+++ b/tests/live_tests/scenarios/tag_as_set/configs/TagASSetScenario_WithAS_SETs_BIRD2IPv6/bird2.conf
@@ -193,16 +193,16 @@ define AS_SET_AS_AS2_prefixes_6 = [
 
 # ARIN Whois database records
 define ARIN_Whois_db_AS2_4 = [
-	2.6.0.0/16{16,32}, 	2.7.0.0/16{16,32}, 	2.0.5.0/24{24,32}
+	2.7.0.0/16{16,32}, 	2.6.0.0/16{16,32}, 	2.0.5.0/24{24,32}
 ];
 define ARIN_Whois_db_AS2_6 = [
-	2a02:0:5::/48{48,128}, 	2a02:7::/32{32,128}, 	2a02:6::/32{32,128}
+	2a02:6::/32{32,128}, 	2a02:0:5::/48{48,128}, 	2a02:7::/32{32,128}
 ];
 define ARIN_Whois_db_AS3_4 = [
 	3.3.0.0/16{16,32}, 	3.2.0.0/16{16,32}
 ];
 define ARIN_Whois_db_AS3_6 = [
-	2a03:2::/32{32,128}, 	2a03:3::/32{32,128}
+	2a03:3::/32{32,128}, 	2a03:2::/32{32,128}
 ];
 define ARIN_Whois_db_AS6_4 = [
 	6.0.1.0/24{24,32}
diff --git a/tests/live_tests/scenarios/tag_as_set/configs/TagASSetScenario_WithAS_SETs_BIRDIPv4/bird16.conf b/tests/live_tests/scenarios/tag_as_set/configs/TagASSetScenario_WithAS_SETs_BIRDIPv4/bird16.conf
index fec2cfd8..95c4d947 100644
--- a/tests/live_tests/scenarios/tag_as_set/configs/TagASSetScenario_WithAS_SETs_BIRDIPv4/bird16.conf
+++ b/tests/live_tests/scenarios/tag_as_set/configs/TagASSetScenario_WithAS_SETs_BIRDIPv4/bird16.conf
@@ -126,10 +126,10 @@ define AS_SET_AS_AS2_prefixes_4 = [
 
 # ARIN Whois database records
 define ARIN_Whois_db_AS2_4 = [
-	2.7.0.0/16{16,32}, 	2.0.5.0/24{24,32}, 	2.6.0.0/16{16,32}
+	2.0.5.0/24{24,32}, 	2.6.0.0/16{16,32}, 	2.7.0.0/16{16,32}
 ];
 define ARIN_Whois_db_AS3_4 = [
-	3.2.0.0/16{16,32}, 	3.3.0.0/16{16,32}
+	3.3.0.0/16{16,32}, 	3.2.0.0/16{16,32}
 ];
 define ARIN_Whois_db_AS6_4 = [
 	6.0.1.0/24{24,32}
diff --git a/tests/live_tests/scenarios/tag_as_set/configs/TagASSetScenario_WithAS_SETs_BIRDIPv6/bird16.conf b/tests/live_tests/scenarios/tag_as_set/configs/TagASSetScenario_WithAS_SETs_BIRDIPv6/bird16.conf
index a820f223..4f578b82 100644
--- a/tests/live_tests/scenarios/tag_as_set/configs/TagASSetScenario_WithAS_SETs_BIRDIPv6/bird16.conf
+++ b/tests/live_tests/scenarios/tag_as_set/configs/TagASSetScenario_WithAS_SETs_BIRDIPv6/bird16.conf
@@ -126,10 +126,10 @@ define AS_SET_AS_AS2_prefixes_6 = [
 
 # ARIN Whois database records
 define ARIN_Whois_db_AS2_6 = [
-	2a02:7::/32{32,128}, 	2a02:6::/32{32,128}, 	2a02:0:5::/48{48,128}
+	2a02:6::/32{32,128}, 	2a02:0:5::/48{48,128}, 	2a02:7::/32{32,128}
 ];
 define ARIN_Whois_db_AS3_6 = [
-	2a03:2::/32{32,128}, 	2a03:3::/32{32,128}
+	2a03:3::/32{32,128}, 	2a03:2::/32{32,128}
 ];
 define ARIN_Whois_db_AS6_6 = [
 	2a06:0:1::/48{48,128}
diff --git a/tests/live_tests/scenarios/tag_as_set/configs/TagASSetScenario_WithAS_SETs_BIRDsIPv4/bird2.conf b/tests/live_tests/scenarios/tag_as_set/configs/TagASSetScenario_WithAS_SETs_BIRDsIPv4/bird2.conf
index bf38538e..81929d79 100644
--- a/tests/live_tests/scenarios/tag_as_set/configs/TagASSetScenario_WithAS_SETs_BIRDsIPv4/bird2.conf
+++ b/tests/live_tests/scenarios/tag_as_set/configs/TagASSetScenario_WithAS_SETs_BIRDsIPv4/bird2.conf
@@ -193,16 +193,16 @@ define AS_SET_AS_AS2_prefixes_4 = [
 
 # ARIN Whois database records
 define ARIN_Whois_db_AS2_4 = [
-	2.6.0.0/16{16,32}, 	2.7.0.0/16{16,32}, 	2.0.5.0/24{24,32}
+	2.7.0.0/16{16,32}, 	2.6.0.0/16{16,32}, 	2.0.5.0/24{24,32}
 ];
 define ARIN_Whois_db_AS2_6 = [
-	2a02:0:5::/48{48,128}, 	2a02:7::/32{32,128}, 	2a02:6::/32{32,128}
+	2a02:6::/32{32,128}, 	2a02:0:5::/48{48,128}, 	2a02:7::/32{32,128}
 ];
 define ARIN_Whois_db_AS3_4 = [
 	3.3.0.0/16{16,32}, 	3.2.0.0/16{16,32}
 ];
 define ARIN_Whois_db_AS3_6 = [
-	2a03:2::/32{32,128}, 	2a03:3::/32{32,128}
+	2a03:3::/32{32,128}, 	2a03:2::/32{32,128}
 ];
 define ARIN_Whois_db_AS6_4 = [
 	6.0.1.0/24{24,32}
diff --git a/tests/live_tests/scenarios/tag_as_set/configs/TagASSetScenario_WithAS_SETs_OpenBGPDIPv4/openbgpd76p.conf b/tests/live_tests/scenarios/tag_as_set/configs/TagASSetScenario_WithAS_SETs_OpenBGPDIPv4/openbgpd76p.conf
new file mode 100644
index 00000000..bd34f331
--- /dev/null
+++ b/tests/live_tests/scenarios/tag_as_set/configs/TagASSetScenario_WithAS_SETs_OpenBGPDIPv4/openbgpd76p.conf
@@ -0,0 +1,3741 @@
+# built by ARouteServer
+AS 999
+router-id 192.0.2.2
+
+fib-update no
+log updates
+
+nexthop qualify via default
+
+rde evaluate all
+
+INTCOMM_PREF_OK_ROA="soo 65535:1"
+INTCOMM_ROUTE_OK_WL="soo 65535:2"
+INTCOMM_PREF_OK_ARINDB="soo 65535:3"
+INTCOMM_PREF_OK_REGISTROBRDB="soo 65535:12"
+
+INTCOMM_ORIGIN_OK="soo 65535:4"
+INTCOMM_ORIGIN_KO="soo 65535:5"
+INTCOMM_PREFIX_OK="soo 65535:6"
+INTCOMM_PREFIX_KO="soo 65535:7"
+INTCOMM_IRR_REJECT="soo 65535:8"
+
+INTCOMM_RPKI_UNKNOWN="soo 65535:9"
+INTCOMM_RPKI_INVALID="soo 65535:10"
+INTCOMM_RPKI_VALID="soo 65535:11"
+
+INTCOMM_PROCESS_PREPEND_COMMS="soo 65535:13"
+
+INTCOMM_NO_EXPORT="soo 65535:65281"
+INTCOMM_NO_ADVERTISE="soo 65535:65282"
+
+# ---------------------------------------------------------
+# IRRDB
+
+# WHITE_LIST_AS4_1, used by client AS4_1 white list
+as-set "AS_SET_WHITE_LIST_AS4_1_asns" {
+    41
+}
+prefix-set "AS_SET_WHITE_LIST_AS4_1_prefixes" {
+    4.2.0.0/16 prefixlen 16 - 32
+    2a04:2::/32 prefixlen 32 - 128
+}
+
+# AS4, used by client AS4_1, client AS4_2
+# no origin ASNs found for AS4
+# no prefixes found for AS4
+
+# WHITE_LIST_AS2_2, used by client AS2_2 white list
+as-set "AS_SET_WHITE_LIST_AS2_2_asns" {
+    21
+}
+prefix-set "AS_SET_WHITE_LIST_AS2_2_prefixes" {
+    2.2.0.0/16 prefixlen 16 - 32
+    2a02:2::/32 prefixlen 32 - 128
+}
+
+# AS-AS5_FROM_PDB, used by client AS5_1, client AS5_2
+as-set "AS_SET_AS_AS5_FROM_PDB_asns" {
+    5
+}
+prefix-set "AS_SET_AS_AS5_FROM_PDB_prefixes" {
+    5.0.0.0/16 prefixlen 16 - 32
+}
+
+# AS-AS4, used by client AS4_1, client AS4_2
+as-set "AS_SET_AS_AS4_asns" {
+    4
+}
+prefix-set "AS_SET_AS_AS4_prefixes" {
+    4.0.0.0/16 prefixlen 16 - 32
+}
+
+# AS2, used by client AS2_1, client AS2_2
+# no origin ASNs found for AS2
+# no prefixes found for AS2
+
+# WHITE_LIST_AS5_2, used by client AS5_2 white list
+as-set "AS_SET_WHITE_LIST_AS5_2_asns" {
+    51
+}
+prefix-set "AS_SET_WHITE_LIST_AS5_2_prefixes" {
+    5.2.0.0/16 prefixlen 16 - 32
+    2a05:2::/32 prefixlen 32 - 128
+}
+
+# AS5, used by client AS5_1, client AS5_2
+# no origin ASNs found for AS5
+# no prefixes found for AS5
+
+# AS6, used by client AS6_1, client AS6_2
+as-set "AS_SET_AS6_asns" {
+    3 6
+}
+prefix-set "AS_SET_AS6_prefixes" {
+    6.0.0.0/16 prefixlen 16 - 32
+}
+
+# WHITE_LIST_AS5_1, used by client AS5_1 white list
+as-set "AS_SET_WHITE_LIST_AS5_1_asns" {
+    51
+}
+prefix-set "AS_SET_WHITE_LIST_AS5_1_prefixes" {
+    5.2.0.0/16 prefixlen 16 - 32
+    2a05:2::/32 prefixlen 32 - 128
+}
+
+# WHITE_LIST_AS2_1, used by client AS2_1 white list
+as-set "AS_SET_WHITE_LIST_AS2_1_asns" {
+    21
+}
+prefix-set "AS_SET_WHITE_LIST_AS2_1_prefixes" {
+    2.2.0.0/16 prefixlen 16 - 32
+    2a02:2::/32 prefixlen 32 - 128
+}
+
+# AS1, used by client AS1_1, client AS1_2
+as-set "AS_SET_AS1_asns" {
+    1
+}
+prefix-set "AS_SET_AS1_prefixes" {
+    1.0.0.0/16 prefixlen 16 - 32
+}
+
+# WHITE_LIST_AS4_2, used by client AS4_2 white list
+as-set "AS_SET_WHITE_LIST_AS4_2_asns" {
+    41
+}
+prefix-set "AS_SET_WHITE_LIST_AS4_2_prefixes" {
+    4.2.0.0/16 prefixlen 16 - 32
+    2a04:2::/32 prefixlen 32 - 128
+}
+
+# AS-AS2, used by client AS2_1, client AS2_2
+as-set "AS_SET_AS_AS2_asns" {
+    2
+}
+prefix-set "AS_SET_AS_AS2_prefixes" {
+    2.0.0.0/16 prefixlen 16 - 32
+}
+
+
+
+
+# ---------------------------------------------------------
+# MEMBERS
+
+group "clients" {
+
+	neighbor 192.0.2.11 {
+		remote-as 1
+
+		rde evaluate all
+
+		descr "AS1_1 client, no AS-SET"
+		passive
+		ttl-security no
+		transparent-as yes
+		enforce neighbor-as no
+
+		announce as-4byte yes
+		announce IPv6 none
+		announce IPv4 unicast
+
+		set nexthop no-modify
+	}
+
+	neighbor 2001:db8:1:1::11 {
+		remote-as 1
+
+		rde evaluate all
+
+		descr "AS1_1 client, no AS-SET"
+		passive
+		ttl-security no
+		transparent-as yes
+		enforce neighbor-as no
+
+		announce as-4byte yes
+		announce IPv6 unicast
+		announce IPv4 none
+
+		set nexthop no-modify
+	}
+
+	neighbor 192.0.2.21 {
+		remote-as 2
+
+		rde evaluate all
+
+		descr "AS2_1 client, AS-SET from AS..."
+		passive
+		ttl-security no
+		transparent-as yes
+		enforce neighbor-as no
+
+		announce as-4byte yes
+		announce IPv6 none
+		announce IPv4 unicast
+
+		set nexthop no-modify
+	}
+
+	neighbor 2001:db8:1:1::21 {
+		remote-as 2
+
+		rde evaluate all
+
+		descr "AS2_1 client, AS-SET from AS..."
+		passive
+		ttl-security no
+		transparent-as yes
+		enforce neighbor-as no
+
+		announce as-4byte yes
+		announce IPv6 unicast
+		announce IPv4 none
+
+		set nexthop no-modify
+	}
+
+	neighbor 192.0.2.41 {
+		remote-as 4
+
+		rde evaluate all
+
+		descr "AS4_1 client, AS-SET configu..."
+		passive
+		ttl-security no
+		transparent-as yes
+		enforce neighbor-as no
+
+		announce as-4byte yes
+		announce IPv6 none
+		announce IPv4 unicast
+
+		set nexthop no-modify
+	}
+
+	neighbor 2001:db8:1:1::41 {
+		remote-as 4
+
+		rde evaluate all
+
+		descr "AS4_1 client, AS-SET configu..."
+		passive
+		ttl-security no
+		transparent-as yes
+		enforce neighbor-as no
+
+		announce as-4byte yes
+		announce IPv6 unicast
+		announce IPv4 none
+
+		set nexthop no-modify
+	}
+
+	neighbor 192.0.2.51 {
+		remote-as 5
+
+		rde evaluate all
+
+		descr "AS5_1 client, AS-SET from Pe..."
+		passive
+		ttl-security no
+		transparent-as yes
+		enforce neighbor-as no
+
+		announce as-4byte yes
+		announce IPv6 none
+		announce IPv4 unicast
+
+		set nexthop no-modify
+	}
+
+	neighbor 2001:db8:1:1::51 {
+		remote-as 5
+
+		rde evaluate all
+
+		descr "AS5_1 client, AS-SET from Pe..."
+		passive
+		ttl-security no
+		transparent-as yes
+		enforce neighbor-as no
+
+		announce as-4byte yes
+		announce IPv6 unicast
+		announce IPv4 none
+
+		set nexthop no-modify
+	}
+
+	neighbor 192.0.2.61 {
+		remote-as 6
+
+		rde evaluate all
+
+		descr "AS6_1 client"
+		passive
+		ttl-security no
+		transparent-as yes
+		enforce neighbor-as no
+
+		announce as-4byte yes
+		announce IPv6 none
+		announce IPv4 unicast
+
+		set nexthop no-modify
+	}
+
+	neighbor 2001:db8:1:1::61 {
+		remote-as 6
+
+		rde evaluate all
+
+		descr "AS6_1 client"
+		passive
+		ttl-security no
+		transparent-as yes
+		enforce neighbor-as no
+
+		announce as-4byte yes
+		announce IPv6 unicast
+		announce IPv4 none
+
+		set nexthop no-modify
+	}
+}
+
+
+
+# ---------------------------------------------------------
+# FILTERS
+
+# NO_ADVERTISE usage notes.
+# The NO_ADVERTISE well-know community is used here to handle
+# filters that span over multiple steps. At first it is added
+# to any route, then it is removed as filters conditions are
+# satisfied. Finally, if it is still present, it means that
+# the route should be discarded.
+
+
+
+
+
+prefix-set "bogons" {
+    0.0.0.0/0
+    0.0.0.0/8 prefixlen 8 - 32
+    10.0.0.0/8 prefixlen 8 - 32
+    127.0.0.0/8 prefixlen 8 - 32
+    169.254.0.0/16 prefixlen 16 - 32
+    172.16.0.0/12 prefixlen 12 - 32
+    192.0.2.0/24 prefixlen 24 - 32
+    192.88.99.0/24 prefixlen 24 - 32
+    192.168.0.0/16 prefixlen 16 - 32
+    198.18.0.0/15 prefixlen 15 - 32
+    198.51.100.0/24 prefixlen 24 - 32
+    203.0.113.0/24 prefixlen 24 - 32
+    224.0.0.0/3 prefixlen 3 - 32
+    100.64.0.0/10 prefixlen 10 - 32
+    ::/0
+    ::/8 prefixlen 8 - 128
+    64:ff9b::/96 prefixlen 96 - 128
+    100::/8 prefixlen 8 - 128
+    200::/7 prefixlen 7 - 128
+    400::/6 prefixlen 6 - 128
+    800::/5 prefixlen 5 - 128
+    1000::/4 prefixlen 4 - 128
+    2001::/33 prefixlen 33 - 128
+    2001:0:8000::/33 prefixlen 33 - 128
+    2001:2::/48 prefixlen 48 - 128
+    2001:3::/32 prefixlen 32 - 128
+    2001:10::/28 prefixlen 28 - 128
+    2001:20::/28 prefixlen 28 - 128
+    2001:db8::/32 prefixlen 32 - 128
+    2002::/16 prefixlen 16 - 128
+    3ffe::/16 prefixlen 16 - 128
+    4000::/3 prefixlen 3 - 128
+    5f00::/8 prefixlen 8 - 128
+    6000::/3 prefixlen 3 - 128
+    8000::/3 prefixlen 3 - 128
+    a000::/3 prefixlen 3 - 128
+    c000::/3 prefixlen 3 - 128
+    e000::/4 prefixlen 4 - 128
+    f000::/5 prefixlen 5 - 128
+    f800::/6 prefixlen 6 - 128
+    fc00::/7 prefixlen 7 - 128
+    fe80::/10 prefixlen 10 - 128
+    fec0::/10 prefixlen 10 - 128
+    ff00::/8 prefixlen 8 - 128
+
+}
+
+
+# =====================================================================================
+# Global rules.
+
+# This part of configuration is processed at the beginning of the filters.
+# The rules defined in this part are applied to all the clients, and not on a
+# client-by-client basis (see the 'match from group clients'), so only global policies
+# can be implemented here, that is no client-level configuration are allowed.
+
+
+
+# Scrub communities from inbound routes
+# origin_not_present_in_as_set
+match from group clients set community delete 999:64515
+match from group clients set large-community delete 999:0:64515
+
+# origin_present_in_as_set
+match from group clients set community delete 999:64514
+match from group clients set large-community delete 999:0:64514
+
+# prefix_not_present_in_as_set
+match from group clients set community delete 999:64513
+match from group clients set large-community delete 999:0:64513
+
+# prefix_present_in_as_set
+match from group clients set community delete 999:64512
+match from group clients set large-community delete 999:0:64512
+
+# prefix_validated_via_arin_whois_db_dump
+match from group clients set community delete 999:64518
+match from group clients set large-community delete 999:0:64518
+
+# prefix_validated_via_rpki_roas
+match from group clients set community delete 999:64516
+match from group clients set large-community delete 999:0:64516
+
+# reject_cause
+match from group clients set community delete 65520:*
+
+# reject_cause_map_6
+match from group clients set large-community delete 999:1101:7
+
+# rejected_route_announced_by
+match from group clients set ext-community delete rt 65520:*
+
+# route_validated_via_white_list
+match from group clients set community delete 999:64517
+match from group clients set large-community delete 999:0:64517
+
+
+# Scrub internal communities from inbound routes
+match from group clients set {
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+# The main goal of this block is to enrich routes received from clients by attaching to them
+# internal informational communities which are used later by the rest of the filter rules.
+
+# Internal communities used for RFC1997 well-known communities handling
+
+# Transform NO_EXPORT into $INTCOMM_NO_EXPORT
+match from group clients community NO_EXPORT set { ext-community $INTCOMM_NO_EXPORT community delete NO_EXPORT }
+
+# Transform NO_ADVERTISE into $INTCOMM_NO_ADVERTISE
+match from group clients community NO_ADVERTISE set { ext-community $INTCOMM_NO_ADVERTISE community delete NO_ADVERTISE }
+
+
+# ---------------------------------------------------------
+# ROAs source
+
+
+roa-set {
+    2.4.0.0/16 source-as 2
+    2.5.0.0/16 source-as 2
+    2.7.0.0/16 source-as 2
+    3.1.0.0/16 source-as 3
+    3.3.0.0/16 source-as 3
+    2.0.4.0/24 source-as 2
+    6.0.1.0/24 source-as 6
+    2a02:4::/32 source-as 2
+    2a02:5::/32 source-as 2
+    2a02:7::/32 source-as 2
+    2a03:1::/32 source-as 3
+    2a03:3::/32 source-as 3
+    2a02:0:4::/48 source-as 2
+    2a06:0:1::/48 source-as 6
+
+}
+
+
+
+
+# ---------------------------------------------------------
+# RPKI ROAs used as route objects.
+
+# Add the $INTCOMM_PREF_OK_ROA ext community to routes whose
+# origin ASN has a ROA for the announced prefix.
+# It will be used later during IRRDB validation in
+# case the origin ASN is authorized by a client's
+# AS-SET but the prefix is not.
+
+origin-set "RPKI_ROA" {
+    2.4.0.0/16 source-as 2
+    2.5.0.0/16 source-as 2
+    2.7.0.0/16 source-as 2
+    3.1.0.0/16 source-as 3
+    3.3.0.0/16 source-as 3
+    2.0.4.0/24 source-as 2
+    6.0.1.0/24 source-as 6
+    2a02:4::/32 source-as 2
+    2a02:5::/32 source-as 2
+    2a02:7::/32 source-as 2
+    2a03:1::/32 source-as 3
+    2a03:3::/32 source-as 3
+    2a02:0:4::/48 source-as 2
+    2a06:0:1::/48 source-as 6
+
+}
+match from group clients origin-set RPKI_ROA set ext-community $INTCOMM_PREF_OK_ROA
+
+
+# ARIN Whois records used for preifx validation
+# ---------------------------------------------
+
+# Add the $INTCOMM_PREF_OK_ARINDB ext community to routes whose
+# origin ASN has an ARIN Whois record for the announced prefix.
+# It will be used later during IRRDB validation in
+# case the origin ASN is authorized by a client's
+# AS-SET but the prefix is not.
+origin-set "ARINDB" {
+2.0.5.0/24 prefixlen 24 - 32 source-as 2
+2.6.0.0/16 prefixlen 16 - 32 source-as 2
+2.7.0.0/16 prefixlen 16 - 32 source-as 2
+2a02:0:5::/48 prefixlen 48 - 128 source-as 2
+2a02:6::/32 prefixlen 32 - 128 source-as 2
+2a02:7::/32 prefixlen 32 - 128 source-as 2
+2a03:2::/32 prefixlen 32 - 128 source-as 3
+2a03:3::/32 prefixlen 32 - 128 source-as 3
+3.2.0.0/16 prefixlen 16 - 32 source-as 3
+3.3.0.0/16 prefixlen 16 - 32 source-as 3
+2a06:0:1::/48 prefixlen 48 - 128 source-as 6
+6.0.1.0/24 prefixlen 24 - 32 source-as 6
+}
+match from group clients origin-set ARINDB set ext-community $INTCOMM_PREF_OK_ARINDB
+
+
+
+
+# Set the 'rejected_route_announced_by' community for all the clients.
+# It will be removed later if the route is not invalid
+match from 192.0.2.11 set ext-community rt 65520:1
+
+match from 2001:db8:1:1::11 set ext-community rt 65520:1
+
+match from 192.0.2.21 set ext-community rt 65520:2
+
+match from 2001:db8:1:1::21 set ext-community rt 65520:2
+
+match from 192.0.2.41 set ext-community rt 65520:4
+
+match from 2001:db8:1:1::41 set ext-community rt 65520:4
+
+match from 192.0.2.51 set ext-community rt 65520:5
+
+match from 2001:db8:1:1::51 set ext-community rt 65520:5
+
+match from 192.0.2.61 set ext-community rt 65520:6
+
+match from 2001:db8:1:1::61 set ext-community rt 65520:6
+
+
+
+
+# AS_PATH: length
+# Reject inbound routes when 'from group clients max-as-len 32' - reject code: 1
+allow quick from group clients max-as-len 32 set {
+	localpref 1
+	community 65520:0
+	community 65520:1
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+# Prefix: only IPv6 Global Unicast space allowed
+match from group clients inet6 set community NO_ADVERTISE
+match from group clients prefix 2000::/3 or-longer set community delete NO_ADVERTISE
+# Reject inbound routes when 'from group clients community NO_ADVERTISE' - reject code: 10
+allow quick from group clients community NO_ADVERTISE set {
+	localpref 1
+	community 65520:0
+	community 65520:10
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# Prefix: bogon
+# Reject inbound routes when 'from group clients prefix-set bogons' - reject code: 2
+allow quick from group clients prefix-set bogons set {
+	localpref 1
+	community 65520:0
+	community 65520:2
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+
+# =====================================================================================
+# Per client rules.
+
+
+# ---------------------------------------------
+# client AS1_1, inbound
+
+
+
+# NEXT_HOP
+match from 192.0.2.11 set community NO_ADVERTISE
+match from 192.0.2.11 nexthop 192.0.2.11 set community delete NO_ADVERTISE
+# Reject inbound routes when 'from 192.0.2.11 community NO_ADVERTISE' - reject code: 5
+allow quick from 192.0.2.11 community NO_ADVERTISE set {
+	localpref 1
+	community 65520:0
+	community 65520:5
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: left-most ASN
+# Reject inbound routes when 'from 192.0.2.11 peer-as != 1' - reject code: 6
+# community from reject_cause_map
+allow quick from 192.0.2.11 peer-as != 1 set {
+	localpref 1
+	community 65520:0
+	community 65520:6
+	large-community 999:1101:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: invalid ASNs
+# Reject inbound routes when 'from 192.0.2.11 AS 23456' - reject code: 7
+allow quick from 192.0.2.11 AS 23456 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 192.0.2.11 AS 64496 - 131071' - reject code: 7
+allow quick from 192.0.2.11 AS 64496 - 131071 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 192.0.2.11 AS 4200000000 - 4294967295' - reject code: 7
+allow quick from 192.0.2.11 AS 4200000000 - 4294967295 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+
+
+match from 192.0.2.11 set ext-community $INTCOMM_IRR_REJECT
+
+# AS_PATH: check origin via AS-SET
+# IRRDB filters for AS1_1, AS1: asns
+# add $INTCOMM_ORIGIN_KO to any; it will be removed later if at least one AS-SET authorizes this object
+match from 192.0.2.11 set ext-community $INTCOMM_ORIGIN_KO
+# verifying if object is authorized by AS-SETs
+match from 192.0.2.11 source-as as-set AS_SET_AS1_asns set {
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community $INTCOMM_ORIGIN_OK
+} # AS1
+# adding not_present_in_as_set community to unauthorized routes
+match from 192.0.2.11 ext-community $INTCOMM_ORIGIN_KO set community 999:64515
+match from 192.0.2.11 ext-community $INTCOMM_ORIGIN_KO set large-community 999:0:64515
+# adding present_in_as_set community to authorized routes
+match from 192.0.2.11 ext-community $INTCOMM_ORIGIN_OK set community 999:64514
+match from 192.0.2.11 ext-community $INTCOMM_ORIGIN_OK set large-community 999:0:64514
+
+
+# Prefix: check prefix via AS-SET
+# IRRDB filters for AS1_1, AS1: prefixes
+# add $INTCOMM_PREFIX_KO to any; it will be removed later if at least one AS-SET authorizes this object
+match from 192.0.2.11 set ext-community $INTCOMM_PREFIX_KO
+# verifying if object is authorized by AS-SETs
+match from 192.0.2.11 prefix-set AS_SET_AS1_prefixes set {
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community $INTCOMM_PREFIX_OK
+} # AS1
+# adding not_present_in_as_set community to unauthorized routes
+match from 192.0.2.11 ext-community $INTCOMM_PREFIX_KO set community 999:64513
+match from 192.0.2.11 ext-community $INTCOMM_PREFIX_KO set large-community 999:0:64513
+# adding present_in_as_set community to authorized routes
+match from 192.0.2.11 ext-community $INTCOMM_PREFIX_OK set community 999:64512
+match from 192.0.2.11 ext-community $INTCOMM_PREFIX_OK set large-community 999:0:64512
+
+
+# routes tagged with $INTCOMM_PREF_OK_ROA community have the prefix validated by a ROA; origin ASN previously validated ($INTCOMM_ORIGIN_OK)
+match from 192.0.2.11 ext-community $INTCOMM_ORIGIN_OK ext-community $INTCOMM_PREF_OK_ROA set community 999:64516
+match from 192.0.2.11 ext-community $INTCOMM_ORIGIN_OK ext-community $INTCOMM_PREF_OK_ROA set large-community 999:0:64516
+
+match from 192.0.2.11 ext-community $INTCOMM_ORIGIN_OK ext-community $INTCOMM_PREF_OK_ROA set ext-community delete $INTCOMM_IRR_REJECT
+
+# routes tagged with $INTCOMM_PREF_OK_ARINDB community have the prefix validated by an ARIN Whois record; origin ASN previously validated ($INTCOMM_ORIGIN_OK)
+match from 192.0.2.11 ext-community $INTCOMM_ORIGIN_OK ext-community $INTCOMM_PREF_OK_ARINDB set community 999:64518
+match from 192.0.2.11 ext-community $INTCOMM_ORIGIN_OK ext-community $INTCOMM_PREF_OK_ARINDB set large-community 999:0:64518
+
+match from 192.0.2.11 ext-community $INTCOMM_ORIGIN_OK ext-community $INTCOMM_PREF_OK_ARINDB set ext-community delete $INTCOMM_IRR_REJECT
+
+
+
+
+
+
+# Prefix: length
+# Reject inbound routes when 'from 192.0.2.11 prefix 0.0.0.0/0 prefixlen 8 >< 24' - reject code: 13
+allow quick from 192.0.2.11 prefix 0.0.0.0/0 prefixlen 8 >< 24 set {
+	localpref 1
+	community 65520:0
+	community 65520:13
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+# Remove internal communities before accepting the route
+match from 192.0.2.11 set {
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+match from 192.0.2.11 set ext-community delete rt 65520:1
+
+
+
+allow quick from 192.0.2.11
+
+
+
+# ---------------------------------------------
+# client AS1_1, outbound
+
+deny quick to 192.0.2.11 community 65520:0
+
+
+
+# Blackhole request?
+# No blackhole filtering policy given
+deny quick to 192.0.2.11 community BLACKHOLE
+
+
+
+# NO_EXPORT and NO_ADVERTISE communities
+
+# BGP control communities
+allow to 192.0.2.11
+
+
+# Add the $INTCOMM_PROCESS_PREPEND_COMMS ext community to signal that communities
+# for prepending can be processed. As soon as one prepending action is performed,
+# this internal community is removed, so that further actions are not processed.
+match to 192.0.2.11 set ext-community $INTCOMM_PROCESS_PREPEND_COMMS
+
+
+
+
+
+# ---------------------------------------------
+# client AS1_2, inbound
+
+
+
+# NEXT_HOP
+match from 2001:db8:1:1::11 set community NO_ADVERTISE
+match from 2001:db8:1:1::11 nexthop 2001:db8:1:1::11 set community delete NO_ADVERTISE
+# Reject inbound routes when 'from 2001:db8:1:1::11 community NO_ADVERTISE' - reject code: 5
+allow quick from 2001:db8:1:1::11 community NO_ADVERTISE set {
+	localpref 1
+	community 65520:0
+	community 65520:5
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: left-most ASN
+# Reject inbound routes when 'from 2001:db8:1:1::11 peer-as != 1' - reject code: 6
+# community from reject_cause_map
+allow quick from 2001:db8:1:1::11 peer-as != 1 set {
+	localpref 1
+	community 65520:0
+	community 65520:6
+	large-community 999:1101:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: invalid ASNs
+# Reject inbound routes when 'from 2001:db8:1:1::11 AS 23456' - reject code: 7
+allow quick from 2001:db8:1:1::11 AS 23456 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 2001:db8:1:1::11 AS 64496 - 131071' - reject code: 7
+allow quick from 2001:db8:1:1::11 AS 64496 - 131071 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 2001:db8:1:1::11 AS 4200000000 - 4294967295' - reject code: 7
+allow quick from 2001:db8:1:1::11 AS 4200000000 - 4294967295 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+
+
+match from 2001:db8:1:1::11 set ext-community $INTCOMM_IRR_REJECT
+
+# AS_PATH: check origin via AS-SET
+# IRRDB filters for AS1_2, AS1: asns
+# add $INTCOMM_ORIGIN_KO to any; it will be removed later if at least one AS-SET authorizes this object
+match from 2001:db8:1:1::11 set ext-community $INTCOMM_ORIGIN_KO
+# verifying if object is authorized by AS-SETs
+match from 2001:db8:1:1::11 source-as as-set AS_SET_AS1_asns set {
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community $INTCOMM_ORIGIN_OK
+} # AS1
+# adding not_present_in_as_set community to unauthorized routes
+match from 2001:db8:1:1::11 ext-community $INTCOMM_ORIGIN_KO set community 999:64515
+match from 2001:db8:1:1::11 ext-community $INTCOMM_ORIGIN_KO set large-community 999:0:64515
+# adding present_in_as_set community to authorized routes
+match from 2001:db8:1:1::11 ext-community $INTCOMM_ORIGIN_OK set community 999:64514
+match from 2001:db8:1:1::11 ext-community $INTCOMM_ORIGIN_OK set large-community 999:0:64514
+
+
+# Prefix: check prefix via AS-SET
+# IRRDB filters for AS1_2, AS1: prefixes
+# add $INTCOMM_PREFIX_KO to any; it will be removed later if at least one AS-SET authorizes this object
+match from 2001:db8:1:1::11 set ext-community $INTCOMM_PREFIX_KO
+# verifying if object is authorized by AS-SETs
+match from 2001:db8:1:1::11 prefix-set AS_SET_AS1_prefixes set {
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community $INTCOMM_PREFIX_OK
+} # AS1
+# adding not_present_in_as_set community to unauthorized routes
+match from 2001:db8:1:1::11 ext-community $INTCOMM_PREFIX_KO set community 999:64513
+match from 2001:db8:1:1::11 ext-community $INTCOMM_PREFIX_KO set large-community 999:0:64513
+# adding present_in_as_set community to authorized routes
+match from 2001:db8:1:1::11 ext-community $INTCOMM_PREFIX_OK set community 999:64512
+match from 2001:db8:1:1::11 ext-community $INTCOMM_PREFIX_OK set large-community 999:0:64512
+
+
+# routes tagged with $INTCOMM_PREF_OK_ROA community have the prefix validated by a ROA; origin ASN previously validated ($INTCOMM_ORIGIN_OK)
+match from 2001:db8:1:1::11 ext-community $INTCOMM_ORIGIN_OK ext-community $INTCOMM_PREF_OK_ROA set community 999:64516
+match from 2001:db8:1:1::11 ext-community $INTCOMM_ORIGIN_OK ext-community $INTCOMM_PREF_OK_ROA set large-community 999:0:64516
+
+match from 2001:db8:1:1::11 ext-community $INTCOMM_ORIGIN_OK ext-community $INTCOMM_PREF_OK_ROA set ext-community delete $INTCOMM_IRR_REJECT
+
+# routes tagged with $INTCOMM_PREF_OK_ARINDB community have the prefix validated by an ARIN Whois record; origin ASN previously validated ($INTCOMM_ORIGIN_OK)
+match from 2001:db8:1:1::11 ext-community $INTCOMM_ORIGIN_OK ext-community $INTCOMM_PREF_OK_ARINDB set community 999:64518
+match from 2001:db8:1:1::11 ext-community $INTCOMM_ORIGIN_OK ext-community $INTCOMM_PREF_OK_ARINDB set large-community 999:0:64518
+
+match from 2001:db8:1:1::11 ext-community $INTCOMM_ORIGIN_OK ext-community $INTCOMM_PREF_OK_ARINDB set ext-community delete $INTCOMM_IRR_REJECT
+
+
+
+
+
+
+# Prefix: length
+# Reject inbound routes when 'from 2001:db8:1:1::11 prefix ::/0 prefixlen 12 >< 48' - reject code: 13
+allow quick from 2001:db8:1:1::11 prefix ::/0 prefixlen 12 >< 48 set {
+	localpref 1
+	community 65520:0
+	community 65520:13
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+# Remove internal communities before accepting the route
+match from 2001:db8:1:1::11 set {
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+match from 2001:db8:1:1::11 set ext-community delete rt 65520:1
+
+
+
+allow quick from 2001:db8:1:1::11
+
+
+
+# ---------------------------------------------
+# client AS1_2, outbound
+
+deny quick to 2001:db8:1:1::11 community 65520:0
+
+
+
+# Blackhole request?
+# No blackhole filtering policy given
+deny quick to 2001:db8:1:1::11 community BLACKHOLE
+
+
+
+# NO_EXPORT and NO_ADVERTISE communities
+
+# BGP control communities
+allow to 2001:db8:1:1::11
+
+
+# Add the $INTCOMM_PROCESS_PREPEND_COMMS ext community to signal that communities
+# for prepending can be processed. As soon as one prepending action is performed,
+# this internal community is removed, so that further actions are not processed.
+match to 2001:db8:1:1::11 set ext-community $INTCOMM_PROCESS_PREPEND_COMMS
+
+
+
+
+
+# ---------------------------------------------
+# client AS2_1, inbound
+
+
+
+# NEXT_HOP
+match from 192.0.2.21 set community NO_ADVERTISE
+match from 192.0.2.21 nexthop 192.0.2.21 set community delete NO_ADVERTISE
+# Reject inbound routes when 'from 192.0.2.21 community NO_ADVERTISE' - reject code: 5
+allow quick from 192.0.2.21 community NO_ADVERTISE set {
+	localpref 1
+	community 65520:0
+	community 65520:5
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: left-most ASN
+# Reject inbound routes when 'from 192.0.2.21 peer-as != 2' - reject code: 6
+# community from reject_cause_map
+allow quick from 192.0.2.21 peer-as != 2 set {
+	localpref 1
+	community 65520:0
+	community 65520:6
+	large-community 999:1101:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: invalid ASNs
+# Reject inbound routes when 'from 192.0.2.21 AS 23456' - reject code: 7
+allow quick from 192.0.2.21 AS 23456 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 192.0.2.21 AS 64496 - 131071' - reject code: 7
+allow quick from 192.0.2.21 AS 64496 - 131071 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 192.0.2.21 AS 4200000000 - 4294967295' - reject code: 7
+allow quick from 192.0.2.21 AS 4200000000 - 4294967295 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+
+
+match from 192.0.2.21 set ext-community $INTCOMM_IRR_REJECT
+
+# AS_PATH: check origin via AS-SET
+# IRRDB filters for AS2_1, AS2: asns
+# add $INTCOMM_ORIGIN_KO to any; it will be removed later if at least one AS-SET authorizes this object
+match from 192.0.2.21 set ext-community $INTCOMM_ORIGIN_KO
+# verifying if object is authorized by AS-SETs
+# AS-SET AS2 referenced but empty.
+match from 192.0.2.21 source-as as-set AS_SET_WHITE_LIST_AS2_1_asns set {
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community $INTCOMM_ORIGIN_OK
+} # WHITE_LIST_AS2_1
+match from 192.0.2.21 source-as as-set AS_SET_AS_AS2_asns set {
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community $INTCOMM_ORIGIN_OK
+} # AS_AS2
+# adding not_present_in_as_set community to unauthorized routes
+match from 192.0.2.21 ext-community $INTCOMM_ORIGIN_KO set community 999:64515
+match from 192.0.2.21 ext-community $INTCOMM_ORIGIN_KO set large-community 999:0:64515
+# adding present_in_as_set community to authorized routes
+match from 192.0.2.21 ext-community $INTCOMM_ORIGIN_OK set community 999:64514
+match from 192.0.2.21 ext-community $INTCOMM_ORIGIN_OK set large-community 999:0:64514
+
+
+# Prefix: check prefix via AS-SET
+# IRRDB filters for AS2_1, AS2: prefixes
+# add $INTCOMM_PREFIX_KO to any; it will be removed later if at least one AS-SET authorizes this object
+match from 192.0.2.21 set ext-community $INTCOMM_PREFIX_KO
+# verifying if object is authorized by AS-SETs
+# AS-SET AS2 referenced but empty.
+match from 192.0.2.21 prefix-set AS_SET_WHITE_LIST_AS2_1_prefixes set {
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community $INTCOMM_PREFIX_OK
+} # WHITE_LIST_AS2_1
+match from 192.0.2.21 prefix-set AS_SET_AS_AS2_prefixes set {
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community $INTCOMM_PREFIX_OK
+} # AS_AS2
+# adding not_present_in_as_set community to unauthorized routes
+match from 192.0.2.21 ext-community $INTCOMM_PREFIX_KO set community 999:64513
+match from 192.0.2.21 ext-community $INTCOMM_PREFIX_KO set large-community 999:0:64513
+# adding present_in_as_set community to authorized routes
+match from 192.0.2.21 ext-community $INTCOMM_PREFIX_OK set community 999:64512
+match from 192.0.2.21 ext-community $INTCOMM_PREFIX_OK set large-community 999:0:64512
+
+
+# routes tagged with $INTCOMM_PREF_OK_ROA community have the prefix validated by a ROA; origin ASN previously validated ($INTCOMM_ORIGIN_OK)
+match from 192.0.2.21 ext-community $INTCOMM_ORIGIN_OK ext-community $INTCOMM_PREF_OK_ROA set community 999:64516
+match from 192.0.2.21 ext-community $INTCOMM_ORIGIN_OK ext-community $INTCOMM_PREF_OK_ROA set large-community 999:0:64516
+
+match from 192.0.2.21 ext-community $INTCOMM_ORIGIN_OK ext-community $INTCOMM_PREF_OK_ROA set ext-community delete $INTCOMM_IRR_REJECT
+
+# routes tagged with $INTCOMM_PREF_OK_ARINDB community have the prefix validated by an ARIN Whois record; origin ASN previously validated ($INTCOMM_ORIGIN_OK)
+match from 192.0.2.21 ext-community $INTCOMM_ORIGIN_OK ext-community $INTCOMM_PREF_OK_ARINDB set community 999:64518
+match from 192.0.2.21 ext-community $INTCOMM_ORIGIN_OK ext-community $INTCOMM_PREF_OK_ARINDB set large-community 999:0:64518
+
+match from 192.0.2.21 ext-community $INTCOMM_ORIGIN_OK ext-community $INTCOMM_PREF_OK_ARINDB set ext-community delete $INTCOMM_IRR_REJECT
+
+
+
+
+
+
+# Prefix: length
+# Reject inbound routes when 'from 192.0.2.21 prefix 0.0.0.0/0 prefixlen 8 >< 24' - reject code: 13
+allow quick from 192.0.2.21 prefix 0.0.0.0/0 prefixlen 8 >< 24 set {
+	localpref 1
+	community 65520:0
+	community 65520:13
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+# Remove internal communities before accepting the route
+match from 192.0.2.21 set {
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+match from 192.0.2.21 set ext-community delete rt 65520:2
+
+
+
+allow quick from 192.0.2.21
+
+
+
+# ---------------------------------------------
+# client AS2_1, outbound
+
+deny quick to 192.0.2.21 community 65520:0
+
+
+
+# Blackhole request?
+# No blackhole filtering policy given
+deny quick to 192.0.2.21 community BLACKHOLE
+
+
+
+# NO_EXPORT and NO_ADVERTISE communities
+
+# BGP control communities
+allow to 192.0.2.21
+
+
+# Add the $INTCOMM_PROCESS_PREPEND_COMMS ext community to signal that communities
+# for prepending can be processed. As soon as one prepending action is performed,
+# this internal community is removed, so that further actions are not processed.
+match to 192.0.2.21 set ext-community $INTCOMM_PROCESS_PREPEND_COMMS
+
+
+
+
+
+# ---------------------------------------------
+# client AS2_2, inbound
+
+
+
+# NEXT_HOP
+match from 2001:db8:1:1::21 set community NO_ADVERTISE
+match from 2001:db8:1:1::21 nexthop 2001:db8:1:1::21 set community delete NO_ADVERTISE
+# Reject inbound routes when 'from 2001:db8:1:1::21 community NO_ADVERTISE' - reject code: 5
+allow quick from 2001:db8:1:1::21 community NO_ADVERTISE set {
+	localpref 1
+	community 65520:0
+	community 65520:5
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: left-most ASN
+# Reject inbound routes when 'from 2001:db8:1:1::21 peer-as != 2' - reject code: 6
+# community from reject_cause_map
+allow quick from 2001:db8:1:1::21 peer-as != 2 set {
+	localpref 1
+	community 65520:0
+	community 65520:6
+	large-community 999:1101:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: invalid ASNs
+# Reject inbound routes when 'from 2001:db8:1:1::21 AS 23456' - reject code: 7
+allow quick from 2001:db8:1:1::21 AS 23456 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 2001:db8:1:1::21 AS 64496 - 131071' - reject code: 7
+allow quick from 2001:db8:1:1::21 AS 64496 - 131071 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 2001:db8:1:1::21 AS 4200000000 - 4294967295' - reject code: 7
+allow quick from 2001:db8:1:1::21 AS 4200000000 - 4294967295 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+
+
+match from 2001:db8:1:1::21 set ext-community $INTCOMM_IRR_REJECT
+
+# AS_PATH: check origin via AS-SET
+# IRRDB filters for AS2_2, AS2: asns
+# add $INTCOMM_ORIGIN_KO to any; it will be removed later if at least one AS-SET authorizes this object
+match from 2001:db8:1:1::21 set ext-community $INTCOMM_ORIGIN_KO
+# verifying if object is authorized by AS-SETs
+match from 2001:db8:1:1::21 source-as as-set AS_SET_WHITE_LIST_AS2_2_asns set {
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community $INTCOMM_ORIGIN_OK
+} # WHITE_LIST_AS2_2
+# AS-SET AS2 referenced but empty.
+match from 2001:db8:1:1::21 source-as as-set AS_SET_AS_AS2_asns set {
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community $INTCOMM_ORIGIN_OK
+} # AS_AS2
+# adding not_present_in_as_set community to unauthorized routes
+match from 2001:db8:1:1::21 ext-community $INTCOMM_ORIGIN_KO set community 999:64515
+match from 2001:db8:1:1::21 ext-community $INTCOMM_ORIGIN_KO set large-community 999:0:64515
+# adding present_in_as_set community to authorized routes
+match from 2001:db8:1:1::21 ext-community $INTCOMM_ORIGIN_OK set community 999:64514
+match from 2001:db8:1:1::21 ext-community $INTCOMM_ORIGIN_OK set large-community 999:0:64514
+
+
+# Prefix: check prefix via AS-SET
+# IRRDB filters for AS2_2, AS2: prefixes
+# add $INTCOMM_PREFIX_KO to any; it will be removed later if at least one AS-SET authorizes this object
+match from 2001:db8:1:1::21 set ext-community $INTCOMM_PREFIX_KO
+# verifying if object is authorized by AS-SETs
+match from 2001:db8:1:1::21 prefix-set AS_SET_WHITE_LIST_AS2_2_prefixes set {
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community $INTCOMM_PREFIX_OK
+} # WHITE_LIST_AS2_2
+# AS-SET AS2 referenced but empty.
+match from 2001:db8:1:1::21 prefix-set AS_SET_AS_AS2_prefixes set {
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community $INTCOMM_PREFIX_OK
+} # AS_AS2
+# adding not_present_in_as_set community to unauthorized routes
+match from 2001:db8:1:1::21 ext-community $INTCOMM_PREFIX_KO set community 999:64513
+match from 2001:db8:1:1::21 ext-community $INTCOMM_PREFIX_KO set large-community 999:0:64513
+# adding present_in_as_set community to authorized routes
+match from 2001:db8:1:1::21 ext-community $INTCOMM_PREFIX_OK set community 999:64512
+match from 2001:db8:1:1::21 ext-community $INTCOMM_PREFIX_OK set large-community 999:0:64512
+
+
+# routes tagged with $INTCOMM_PREF_OK_ROA community have the prefix validated by a ROA; origin ASN previously validated ($INTCOMM_ORIGIN_OK)
+match from 2001:db8:1:1::21 ext-community $INTCOMM_ORIGIN_OK ext-community $INTCOMM_PREF_OK_ROA set community 999:64516
+match from 2001:db8:1:1::21 ext-community $INTCOMM_ORIGIN_OK ext-community $INTCOMM_PREF_OK_ROA set large-community 999:0:64516
+
+match from 2001:db8:1:1::21 ext-community $INTCOMM_ORIGIN_OK ext-community $INTCOMM_PREF_OK_ROA set ext-community delete $INTCOMM_IRR_REJECT
+
+# routes tagged with $INTCOMM_PREF_OK_ARINDB community have the prefix validated by an ARIN Whois record; origin ASN previously validated ($INTCOMM_ORIGIN_OK)
+match from 2001:db8:1:1::21 ext-community $INTCOMM_ORIGIN_OK ext-community $INTCOMM_PREF_OK_ARINDB set community 999:64518
+match from 2001:db8:1:1::21 ext-community $INTCOMM_ORIGIN_OK ext-community $INTCOMM_PREF_OK_ARINDB set large-community 999:0:64518
+
+match from 2001:db8:1:1::21 ext-community $INTCOMM_ORIGIN_OK ext-community $INTCOMM_PREF_OK_ARINDB set ext-community delete $INTCOMM_IRR_REJECT
+
+
+
+
+
+
+# Prefix: length
+# Reject inbound routes when 'from 2001:db8:1:1::21 prefix ::/0 prefixlen 12 >< 48' - reject code: 13
+allow quick from 2001:db8:1:1::21 prefix ::/0 prefixlen 12 >< 48 set {
+	localpref 1
+	community 65520:0
+	community 65520:13
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+# Remove internal communities before accepting the route
+match from 2001:db8:1:1::21 set {
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+match from 2001:db8:1:1::21 set ext-community delete rt 65520:2
+
+
+
+allow quick from 2001:db8:1:1::21
+
+
+
+# ---------------------------------------------
+# client AS2_2, outbound
+
+deny quick to 2001:db8:1:1::21 community 65520:0
+
+
+
+# Blackhole request?
+# No blackhole filtering policy given
+deny quick to 2001:db8:1:1::21 community BLACKHOLE
+
+
+
+# NO_EXPORT and NO_ADVERTISE communities
+
+# BGP control communities
+allow to 2001:db8:1:1::21
+
+
+# Add the $INTCOMM_PROCESS_PREPEND_COMMS ext community to signal that communities
+# for prepending can be processed. As soon as one prepending action is performed,
+# this internal community is removed, so that further actions are not processed.
+match to 2001:db8:1:1::21 set ext-community $INTCOMM_PROCESS_PREPEND_COMMS
+
+
+
+
+
+# ---------------------------------------------
+# client AS4_1, inbound
+
+
+
+# NEXT_HOP
+match from 192.0.2.41 set community NO_ADVERTISE
+match from 192.0.2.41 nexthop 192.0.2.41 set community delete NO_ADVERTISE
+# Reject inbound routes when 'from 192.0.2.41 community NO_ADVERTISE' - reject code: 5
+allow quick from 192.0.2.41 community NO_ADVERTISE set {
+	localpref 1
+	community 65520:0
+	community 65520:5
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: left-most ASN
+# Reject inbound routes when 'from 192.0.2.41 peer-as != 4' - reject code: 6
+# community from reject_cause_map
+allow quick from 192.0.2.41 peer-as != 4 set {
+	localpref 1
+	community 65520:0
+	community 65520:6
+	large-community 999:1101:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: invalid ASNs
+# Reject inbound routes when 'from 192.0.2.41 AS 23456' - reject code: 7
+allow quick from 192.0.2.41 AS 23456 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 192.0.2.41 AS 64496 - 131071' - reject code: 7
+allow quick from 192.0.2.41 AS 64496 - 131071 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 192.0.2.41 AS 4200000000 - 4294967295' - reject code: 7
+allow quick from 192.0.2.41 AS 4200000000 - 4294967295 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+
+# client's white list
+# Add the $INTCOMM_ROUTE_OK_WL ext community to routes which
+# are validated by a client's white list entry.
+# It will be used later during IRRDB validation in
+# case the route is not authorized by a client's
+# AS-SET.
+match from 192.0.2.41 prefix 2a04:4::/32 source-as 44 set ext-community $INTCOMM_ROUTE_OK_WL	# None
+match from 192.0.2.41 prefix 2a04:5::/32 prefixlen 32 - 128 source-as 43 set ext-community $INTCOMM_ROUTE_OK_WL	# None
+match from 192.0.2.41 prefix 2a04:6::/32 prefixlen 32 - 128 set ext-community $INTCOMM_ROUTE_OK_WL	# None
+match from 192.0.2.41 prefix 4.4.0.0/16 source-as 44 set ext-community $INTCOMM_ROUTE_OK_WL	# None
+match from 192.0.2.41 prefix 4.5.0.0/16 prefixlen 16 - 32 source-as 43 set ext-community $INTCOMM_ROUTE_OK_WL	# None
+match from 192.0.2.41 prefix 4.6.0.0/16 prefixlen 16 - 32 set ext-community $INTCOMM_ROUTE_OK_WL	# None
+
+match from 192.0.2.41 set ext-community $INTCOMM_IRR_REJECT
+
+# AS_PATH: check origin via AS-SET
+# IRRDB filters for AS4_1, AS4: asns
+# add $INTCOMM_ORIGIN_KO to any; it will be removed later if at least one AS-SET authorizes this object
+match from 192.0.2.41 set ext-community $INTCOMM_ORIGIN_KO
+# verifying if object is authorized by AS-SETs
+match from 192.0.2.41 source-as as-set AS_SET_WHITE_LIST_AS4_1_asns set {
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community $INTCOMM_ORIGIN_OK
+} # WHITE_LIST_AS4_1
+# AS-SET AS4 referenced but empty.
+match from 192.0.2.41 source-as as-set AS_SET_AS_AS4_asns set {
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community $INTCOMM_ORIGIN_OK
+} # AS_AS4
+# adding not_present_in_as_set community to unauthorized routes
+match from 192.0.2.41 ext-community $INTCOMM_ORIGIN_KO set community 999:64515
+match from 192.0.2.41 ext-community $INTCOMM_ORIGIN_KO set large-community 999:0:64515
+# adding present_in_as_set community to authorized routes
+match from 192.0.2.41 ext-community $INTCOMM_ORIGIN_OK set community 999:64514
+match from 192.0.2.41 ext-community $INTCOMM_ORIGIN_OK set large-community 999:0:64514
+
+
+# Prefix: check prefix via AS-SET
+# IRRDB filters for AS4_1, AS4: prefixes
+# add $INTCOMM_PREFIX_KO to any; it will be removed later if at least one AS-SET authorizes this object
+match from 192.0.2.41 set ext-community $INTCOMM_PREFIX_KO
+# verifying if object is authorized by AS-SETs
+match from 192.0.2.41 prefix-set AS_SET_WHITE_LIST_AS4_1_prefixes set {
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community $INTCOMM_PREFIX_OK
+} # WHITE_LIST_AS4_1
+# AS-SET AS4 referenced but empty.
+match from 192.0.2.41 prefix-set AS_SET_AS_AS4_prefixes set {
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community $INTCOMM_PREFIX_OK
+} # AS_AS4
+# adding not_present_in_as_set community to unauthorized routes
+match from 192.0.2.41 ext-community $INTCOMM_PREFIX_KO set community 999:64513
+match from 192.0.2.41 ext-community $INTCOMM_PREFIX_KO set large-community 999:0:64513
+# adding present_in_as_set community to authorized routes
+match from 192.0.2.41 ext-community $INTCOMM_PREFIX_OK set community 999:64512
+match from 192.0.2.41 ext-community $INTCOMM_PREFIX_OK set large-community 999:0:64512
+
+
+# routes tagged with $INTCOMM_PREF_OK_ROA community have the prefix validated by a ROA; origin ASN previously validated ($INTCOMM_ORIGIN_OK)
+match from 192.0.2.41 ext-community $INTCOMM_ORIGIN_OK ext-community $INTCOMM_PREF_OK_ROA set community 999:64516
+match from 192.0.2.41 ext-community $INTCOMM_ORIGIN_OK ext-community $INTCOMM_PREF_OK_ROA set large-community 999:0:64516
+
+match from 192.0.2.41 ext-community $INTCOMM_ORIGIN_OK ext-community $INTCOMM_PREF_OK_ROA set ext-community delete $INTCOMM_IRR_REJECT
+
+# routes tagged with $INTCOMM_PREF_OK_ARINDB community have the prefix validated by an ARIN Whois record; origin ASN previously validated ($INTCOMM_ORIGIN_OK)
+match from 192.0.2.41 ext-community $INTCOMM_ORIGIN_OK ext-community $INTCOMM_PREF_OK_ARINDB set community 999:64518
+match from 192.0.2.41 ext-community $INTCOMM_ORIGIN_OK ext-community $INTCOMM_PREF_OK_ARINDB set large-community 999:0:64518
+
+match from 192.0.2.41 ext-community $INTCOMM_ORIGIN_OK ext-community $INTCOMM_PREF_OK_ARINDB set ext-community delete $INTCOMM_IRR_REJECT
+
+
+# route authorized by a client's white list?
+match from 192.0.2.41 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_ROUTE_OK_WL set community 999:64517
+match from 192.0.2.41 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_ROUTE_OK_WL set large-community 999:0:64517
+
+match from 192.0.2.41 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_ROUTE_OK_WL set ext-community delete $INTCOMM_IRR_REJECT
+
+# enforcing: origin ASN
+# Reject inbound routes when 'from 192.0.2.41 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_ORIGIN_KO' - reject code: 9
+allow quick from 192.0.2.41 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_ORIGIN_KO set {
+	localpref 1
+	community 65520:0
+	community 65520:9
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+
+# Prefix: length
+# Reject inbound routes when 'from 192.0.2.41 prefix 0.0.0.0/0 prefixlen 8 >< 24' - reject code: 13
+allow quick from 192.0.2.41 prefix 0.0.0.0/0 prefixlen 8 >< 24 set {
+	localpref 1
+	community 65520:0
+	community 65520:13
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+# Remove internal communities before accepting the route
+match from 192.0.2.41 set {
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+match from 192.0.2.41 set ext-community delete rt 65520:4
+
+
+
+allow quick from 192.0.2.41
+
+
+
+# ---------------------------------------------
+# client AS4_1, outbound
+
+deny quick to 192.0.2.41 community 65520:0
+
+
+
+# Blackhole request?
+# No blackhole filtering policy given
+deny quick to 192.0.2.41 community BLACKHOLE
+
+
+
+# NO_EXPORT and NO_ADVERTISE communities
+
+# BGP control communities
+allow to 192.0.2.41
+
+
+# Add the $INTCOMM_PROCESS_PREPEND_COMMS ext community to signal that communities
+# for prepending can be processed. As soon as one prepending action is performed,
+# this internal community is removed, so that further actions are not processed.
+match to 192.0.2.41 set ext-community $INTCOMM_PROCESS_PREPEND_COMMS
+
+
+
+
+
+# ---------------------------------------------
+# client AS4_2, inbound
+
+
+
+# NEXT_HOP
+match from 2001:db8:1:1::41 set community NO_ADVERTISE
+match from 2001:db8:1:1::41 nexthop 2001:db8:1:1::41 set community delete NO_ADVERTISE
+# Reject inbound routes when 'from 2001:db8:1:1::41 community NO_ADVERTISE' - reject code: 5
+allow quick from 2001:db8:1:1::41 community NO_ADVERTISE set {
+	localpref 1
+	community 65520:0
+	community 65520:5
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: left-most ASN
+# Reject inbound routes when 'from 2001:db8:1:1::41 peer-as != 4' - reject code: 6
+# community from reject_cause_map
+allow quick from 2001:db8:1:1::41 peer-as != 4 set {
+	localpref 1
+	community 65520:0
+	community 65520:6
+	large-community 999:1101:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: invalid ASNs
+# Reject inbound routes when 'from 2001:db8:1:1::41 AS 23456' - reject code: 7
+allow quick from 2001:db8:1:1::41 AS 23456 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 2001:db8:1:1::41 AS 64496 - 131071' - reject code: 7
+allow quick from 2001:db8:1:1::41 AS 64496 - 131071 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 2001:db8:1:1::41 AS 4200000000 - 4294967295' - reject code: 7
+allow quick from 2001:db8:1:1::41 AS 4200000000 - 4294967295 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+
+# client's white list
+# Add the $INTCOMM_ROUTE_OK_WL ext community to routes which
+# are validated by a client's white list entry.
+# It will be used later during IRRDB validation in
+# case the route is not authorized by a client's
+# AS-SET.
+match from 2001:db8:1:1::41 prefix 2a04:4::/32 source-as 44 set ext-community $INTCOMM_ROUTE_OK_WL	# None
+match from 2001:db8:1:1::41 prefix 2a04:5::/32 prefixlen 32 - 128 source-as 43 set ext-community $INTCOMM_ROUTE_OK_WL	# None
+match from 2001:db8:1:1::41 prefix 2a04:6::/32 prefixlen 32 - 128 set ext-community $INTCOMM_ROUTE_OK_WL	# None
+match from 2001:db8:1:1::41 prefix 4.4.0.0/16 source-as 44 set ext-community $INTCOMM_ROUTE_OK_WL	# None
+match from 2001:db8:1:1::41 prefix 4.5.0.0/16 prefixlen 16 - 32 source-as 43 set ext-community $INTCOMM_ROUTE_OK_WL	# None
+match from 2001:db8:1:1::41 prefix 4.6.0.0/16 prefixlen 16 - 32 set ext-community $INTCOMM_ROUTE_OK_WL	# None
+
+match from 2001:db8:1:1::41 set ext-community $INTCOMM_IRR_REJECT
+
+# AS_PATH: check origin via AS-SET
+# IRRDB filters for AS4_2, AS4: asns
+# add $INTCOMM_ORIGIN_KO to any; it will be removed later if at least one AS-SET authorizes this object
+match from 2001:db8:1:1::41 set ext-community $INTCOMM_ORIGIN_KO
+# verifying if object is authorized by AS-SETs
+# AS-SET AS4 referenced but empty.
+match from 2001:db8:1:1::41 source-as as-set AS_SET_AS_AS4_asns set {
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community $INTCOMM_ORIGIN_OK
+} # AS_AS4
+match from 2001:db8:1:1::41 source-as as-set AS_SET_WHITE_LIST_AS4_2_asns set {
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community $INTCOMM_ORIGIN_OK
+} # WHITE_LIST_AS4_2
+# adding not_present_in_as_set community to unauthorized routes
+match from 2001:db8:1:1::41 ext-community $INTCOMM_ORIGIN_KO set community 999:64515
+match from 2001:db8:1:1::41 ext-community $INTCOMM_ORIGIN_KO set large-community 999:0:64515
+# adding present_in_as_set community to authorized routes
+match from 2001:db8:1:1::41 ext-community $INTCOMM_ORIGIN_OK set community 999:64514
+match from 2001:db8:1:1::41 ext-community $INTCOMM_ORIGIN_OK set large-community 999:0:64514
+
+
+# Prefix: check prefix via AS-SET
+# IRRDB filters for AS4_2, AS4: prefixes
+# add $INTCOMM_PREFIX_KO to any; it will be removed later if at least one AS-SET authorizes this object
+match from 2001:db8:1:1::41 set ext-community $INTCOMM_PREFIX_KO
+# verifying if object is authorized by AS-SETs
+# AS-SET AS4 referenced but empty.
+match from 2001:db8:1:1::41 prefix-set AS_SET_AS_AS4_prefixes set {
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community $INTCOMM_PREFIX_OK
+} # AS_AS4
+match from 2001:db8:1:1::41 prefix-set AS_SET_WHITE_LIST_AS4_2_prefixes set {
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community $INTCOMM_PREFIX_OK
+} # WHITE_LIST_AS4_2
+# adding not_present_in_as_set community to unauthorized routes
+match from 2001:db8:1:1::41 ext-community $INTCOMM_PREFIX_KO set community 999:64513
+match from 2001:db8:1:1::41 ext-community $INTCOMM_PREFIX_KO set large-community 999:0:64513
+# adding present_in_as_set community to authorized routes
+match from 2001:db8:1:1::41 ext-community $INTCOMM_PREFIX_OK set community 999:64512
+match from 2001:db8:1:1::41 ext-community $INTCOMM_PREFIX_OK set large-community 999:0:64512
+
+
+# routes tagged with $INTCOMM_PREF_OK_ROA community have the prefix validated by a ROA; origin ASN previously validated ($INTCOMM_ORIGIN_OK)
+match from 2001:db8:1:1::41 ext-community $INTCOMM_ORIGIN_OK ext-community $INTCOMM_PREF_OK_ROA set community 999:64516
+match from 2001:db8:1:1::41 ext-community $INTCOMM_ORIGIN_OK ext-community $INTCOMM_PREF_OK_ROA set large-community 999:0:64516
+
+match from 2001:db8:1:1::41 ext-community $INTCOMM_ORIGIN_OK ext-community $INTCOMM_PREF_OK_ROA set ext-community delete $INTCOMM_IRR_REJECT
+
+# routes tagged with $INTCOMM_PREF_OK_ARINDB community have the prefix validated by an ARIN Whois record; origin ASN previously validated ($INTCOMM_ORIGIN_OK)
+match from 2001:db8:1:1::41 ext-community $INTCOMM_ORIGIN_OK ext-community $INTCOMM_PREF_OK_ARINDB set community 999:64518
+match from 2001:db8:1:1::41 ext-community $INTCOMM_ORIGIN_OK ext-community $INTCOMM_PREF_OK_ARINDB set large-community 999:0:64518
+
+match from 2001:db8:1:1::41 ext-community $INTCOMM_ORIGIN_OK ext-community $INTCOMM_PREF_OK_ARINDB set ext-community delete $INTCOMM_IRR_REJECT
+
+
+# route authorized by a client's white list?
+match from 2001:db8:1:1::41 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_ROUTE_OK_WL set community 999:64517
+match from 2001:db8:1:1::41 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_ROUTE_OK_WL set large-community 999:0:64517
+
+match from 2001:db8:1:1::41 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_ROUTE_OK_WL set ext-community delete $INTCOMM_IRR_REJECT
+
+# enforcing: origin ASN
+# Reject inbound routes when 'from 2001:db8:1:1::41 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_ORIGIN_KO' - reject code: 9
+allow quick from 2001:db8:1:1::41 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_ORIGIN_KO set {
+	localpref 1
+	community 65520:0
+	community 65520:9
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+
+# Prefix: length
+# Reject inbound routes when 'from 2001:db8:1:1::41 prefix ::/0 prefixlen 12 >< 48' - reject code: 13
+allow quick from 2001:db8:1:1::41 prefix ::/0 prefixlen 12 >< 48 set {
+	localpref 1
+	community 65520:0
+	community 65520:13
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+# Remove internal communities before accepting the route
+match from 2001:db8:1:1::41 set {
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+match from 2001:db8:1:1::41 set ext-community delete rt 65520:4
+
+
+
+allow quick from 2001:db8:1:1::41
+
+
+
+# ---------------------------------------------
+# client AS4_2, outbound
+
+deny quick to 2001:db8:1:1::41 community 65520:0
+
+
+
+# Blackhole request?
+# No blackhole filtering policy given
+deny quick to 2001:db8:1:1::41 community BLACKHOLE
+
+
+
+# NO_EXPORT and NO_ADVERTISE communities
+
+# BGP control communities
+allow to 2001:db8:1:1::41
+
+
+# Add the $INTCOMM_PROCESS_PREPEND_COMMS ext community to signal that communities
+# for prepending can be processed. As soon as one prepending action is performed,
+# this internal community is removed, so that further actions are not processed.
+match to 2001:db8:1:1::41 set ext-community $INTCOMM_PROCESS_PREPEND_COMMS
+
+
+
+
+
+# ---------------------------------------------
+# client AS5_1, inbound
+
+
+
+# NEXT_HOP
+match from 192.0.2.51 set community NO_ADVERTISE
+match from 192.0.2.51 nexthop 192.0.2.51 set community delete NO_ADVERTISE
+# Reject inbound routes when 'from 192.0.2.51 community NO_ADVERTISE' - reject code: 5
+allow quick from 192.0.2.51 community NO_ADVERTISE set {
+	localpref 1
+	community 65520:0
+	community 65520:5
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: left-most ASN
+# Reject inbound routes when 'from 192.0.2.51 peer-as != 5' - reject code: 6
+# community from reject_cause_map
+allow quick from 192.0.2.51 peer-as != 5 set {
+	localpref 1
+	community 65520:0
+	community 65520:6
+	large-community 999:1101:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: invalid ASNs
+# Reject inbound routes when 'from 192.0.2.51 AS 23456' - reject code: 7
+allow quick from 192.0.2.51 AS 23456 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 192.0.2.51 AS 64496 - 131071' - reject code: 7
+allow quick from 192.0.2.51 AS 64496 - 131071 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 192.0.2.51 AS 4200000000 - 4294967295' - reject code: 7
+allow quick from 192.0.2.51 AS 4200000000 - 4294967295 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+
+
+match from 192.0.2.51 set ext-community $INTCOMM_IRR_REJECT
+
+# AS_PATH: check origin via AS-SET
+# IRRDB filters for AS5_1, AS5: asns
+# add $INTCOMM_ORIGIN_KO to any; it will be removed later if at least one AS-SET authorizes this object
+match from 192.0.2.51 set ext-community $INTCOMM_ORIGIN_KO
+# verifying if object is authorized by AS-SETs
+match from 192.0.2.51 source-as as-set AS_SET_AS_AS5_FROM_PDB_asns set {
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community $INTCOMM_ORIGIN_OK
+} # AS_AS5_FROM_PDB
+# AS-SET AS5 referenced but empty.
+match from 192.0.2.51 source-as as-set AS_SET_WHITE_LIST_AS5_1_asns set {
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community $INTCOMM_ORIGIN_OK
+} # WHITE_LIST_AS5_1
+# adding not_present_in_as_set community to unauthorized routes
+match from 192.0.2.51 ext-community $INTCOMM_ORIGIN_KO set community 999:64515
+match from 192.0.2.51 ext-community $INTCOMM_ORIGIN_KO set large-community 999:0:64515
+# adding present_in_as_set community to authorized routes
+match from 192.0.2.51 ext-community $INTCOMM_ORIGIN_OK set community 999:64514
+match from 192.0.2.51 ext-community $INTCOMM_ORIGIN_OK set large-community 999:0:64514
+
+
+# Prefix: check prefix via AS-SET
+# IRRDB filters for AS5_1, AS5: prefixes
+# add $INTCOMM_PREFIX_KO to any; it will be removed later if at least one AS-SET authorizes this object
+match from 192.0.2.51 set ext-community $INTCOMM_PREFIX_KO
+# verifying if object is authorized by AS-SETs
+match from 192.0.2.51 prefix-set AS_SET_AS_AS5_FROM_PDB_prefixes set {
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community $INTCOMM_PREFIX_OK
+} # AS_AS5_FROM_PDB
+# AS-SET AS5 referenced but empty.
+match from 192.0.2.51 prefix-set AS_SET_WHITE_LIST_AS5_1_prefixes set {
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community $INTCOMM_PREFIX_OK
+} # WHITE_LIST_AS5_1
+# adding not_present_in_as_set community to unauthorized routes
+match from 192.0.2.51 ext-community $INTCOMM_PREFIX_KO set community 999:64513
+match from 192.0.2.51 ext-community $INTCOMM_PREFIX_KO set large-community 999:0:64513
+# adding present_in_as_set community to authorized routes
+match from 192.0.2.51 ext-community $INTCOMM_PREFIX_OK set community 999:64512
+match from 192.0.2.51 ext-community $INTCOMM_PREFIX_OK set large-community 999:0:64512
+
+
+# routes tagged with $INTCOMM_PREF_OK_ROA community have the prefix validated by a ROA; origin ASN previously validated ($INTCOMM_ORIGIN_OK)
+match from 192.0.2.51 ext-community $INTCOMM_ORIGIN_OK ext-community $INTCOMM_PREF_OK_ROA set community 999:64516
+match from 192.0.2.51 ext-community $INTCOMM_ORIGIN_OK ext-community $INTCOMM_PREF_OK_ROA set large-community 999:0:64516
+
+match from 192.0.2.51 ext-community $INTCOMM_ORIGIN_OK ext-community $INTCOMM_PREF_OK_ROA set ext-community delete $INTCOMM_IRR_REJECT
+
+# routes tagged with $INTCOMM_PREF_OK_ARINDB community have the prefix validated by an ARIN Whois record; origin ASN previously validated ($INTCOMM_ORIGIN_OK)
+match from 192.0.2.51 ext-community $INTCOMM_ORIGIN_OK ext-community $INTCOMM_PREF_OK_ARINDB set community 999:64518
+match from 192.0.2.51 ext-community $INTCOMM_ORIGIN_OK ext-community $INTCOMM_PREF_OK_ARINDB set large-community 999:0:64518
+
+match from 192.0.2.51 ext-community $INTCOMM_ORIGIN_OK ext-community $INTCOMM_PREF_OK_ARINDB set ext-community delete $INTCOMM_IRR_REJECT
+
+
+
+# enforcing: prefix
+# Reject inbound routes when 'from 192.0.2.51 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_PREFIX_KO' - reject code: 12
+allow quick from 192.0.2.51 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_PREFIX_KO set {
+	localpref 1
+	community 65520:0
+	community 65520:12
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+
+# Prefix: length
+# Reject inbound routes when 'from 192.0.2.51 prefix 0.0.0.0/0 prefixlen 8 >< 24' - reject code: 13
+allow quick from 192.0.2.51 prefix 0.0.0.0/0 prefixlen 8 >< 24 set {
+	localpref 1
+	community 65520:0
+	community 65520:13
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+# Remove internal communities before accepting the route
+match from 192.0.2.51 set {
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+match from 192.0.2.51 set ext-community delete rt 65520:5
+
+
+
+allow quick from 192.0.2.51
+
+
+
+# ---------------------------------------------
+# client AS5_1, outbound
+
+deny quick to 192.0.2.51 community 65520:0
+
+
+
+# Blackhole request?
+# No blackhole filtering policy given
+deny quick to 192.0.2.51 community BLACKHOLE
+
+
+
+# NO_EXPORT and NO_ADVERTISE communities
+
+# BGP control communities
+allow to 192.0.2.51
+
+
+# Add the $INTCOMM_PROCESS_PREPEND_COMMS ext community to signal that communities
+# for prepending can be processed. As soon as one prepending action is performed,
+# this internal community is removed, so that further actions are not processed.
+match to 192.0.2.51 set ext-community $INTCOMM_PROCESS_PREPEND_COMMS
+
+
+
+
+
+# ---------------------------------------------
+# client AS5_2, inbound
+
+
+
+# NEXT_HOP
+match from 2001:db8:1:1::51 set community NO_ADVERTISE
+match from 2001:db8:1:1::51 nexthop 2001:db8:1:1::51 set community delete NO_ADVERTISE
+# Reject inbound routes when 'from 2001:db8:1:1::51 community NO_ADVERTISE' - reject code: 5
+allow quick from 2001:db8:1:1::51 community NO_ADVERTISE set {
+	localpref 1
+	community 65520:0
+	community 65520:5
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: left-most ASN
+# Reject inbound routes when 'from 2001:db8:1:1::51 peer-as != 5' - reject code: 6
+# community from reject_cause_map
+allow quick from 2001:db8:1:1::51 peer-as != 5 set {
+	localpref 1
+	community 65520:0
+	community 65520:6
+	large-community 999:1101:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: invalid ASNs
+# Reject inbound routes when 'from 2001:db8:1:1::51 AS 23456' - reject code: 7
+allow quick from 2001:db8:1:1::51 AS 23456 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 2001:db8:1:1::51 AS 64496 - 131071' - reject code: 7
+allow quick from 2001:db8:1:1::51 AS 64496 - 131071 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 2001:db8:1:1::51 AS 4200000000 - 4294967295' - reject code: 7
+allow quick from 2001:db8:1:1::51 AS 4200000000 - 4294967295 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+
+
+match from 2001:db8:1:1::51 set ext-community $INTCOMM_IRR_REJECT
+
+# AS_PATH: check origin via AS-SET
+# IRRDB filters for AS5_2, AS5: asns
+# add $INTCOMM_ORIGIN_KO to any; it will be removed later if at least one AS-SET authorizes this object
+match from 2001:db8:1:1::51 set ext-community $INTCOMM_ORIGIN_KO
+# verifying if object is authorized by AS-SETs
+match from 2001:db8:1:1::51 source-as as-set AS_SET_AS_AS5_FROM_PDB_asns set {
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community $INTCOMM_ORIGIN_OK
+} # AS_AS5_FROM_PDB
+match from 2001:db8:1:1::51 source-as as-set AS_SET_WHITE_LIST_AS5_2_asns set {
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community $INTCOMM_ORIGIN_OK
+} # WHITE_LIST_AS5_2
+# AS-SET AS5 referenced but empty.
+# adding not_present_in_as_set community to unauthorized routes
+match from 2001:db8:1:1::51 ext-community $INTCOMM_ORIGIN_KO set community 999:64515
+match from 2001:db8:1:1::51 ext-community $INTCOMM_ORIGIN_KO set large-community 999:0:64515
+# adding present_in_as_set community to authorized routes
+match from 2001:db8:1:1::51 ext-community $INTCOMM_ORIGIN_OK set community 999:64514
+match from 2001:db8:1:1::51 ext-community $INTCOMM_ORIGIN_OK set large-community 999:0:64514
+
+
+# Prefix: check prefix via AS-SET
+# IRRDB filters for AS5_2, AS5: prefixes
+# add $INTCOMM_PREFIX_KO to any; it will be removed later if at least one AS-SET authorizes this object
+match from 2001:db8:1:1::51 set ext-community $INTCOMM_PREFIX_KO
+# verifying if object is authorized by AS-SETs
+match from 2001:db8:1:1::51 prefix-set AS_SET_AS_AS5_FROM_PDB_prefixes set {
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community $INTCOMM_PREFIX_OK
+} # AS_AS5_FROM_PDB
+match from 2001:db8:1:1::51 prefix-set AS_SET_WHITE_LIST_AS5_2_prefixes set {
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community $INTCOMM_PREFIX_OK
+} # WHITE_LIST_AS5_2
+# AS-SET AS5 referenced but empty.
+# adding not_present_in_as_set community to unauthorized routes
+match from 2001:db8:1:1::51 ext-community $INTCOMM_PREFIX_KO set community 999:64513
+match from 2001:db8:1:1::51 ext-community $INTCOMM_PREFIX_KO set large-community 999:0:64513
+# adding present_in_as_set community to authorized routes
+match from 2001:db8:1:1::51 ext-community $INTCOMM_PREFIX_OK set community 999:64512
+match from 2001:db8:1:1::51 ext-community $INTCOMM_PREFIX_OK set large-community 999:0:64512
+
+
+# routes tagged with $INTCOMM_PREF_OK_ROA community have the prefix validated by a ROA; origin ASN previously validated ($INTCOMM_ORIGIN_OK)
+match from 2001:db8:1:1::51 ext-community $INTCOMM_ORIGIN_OK ext-community $INTCOMM_PREF_OK_ROA set community 999:64516
+match from 2001:db8:1:1::51 ext-community $INTCOMM_ORIGIN_OK ext-community $INTCOMM_PREF_OK_ROA set large-community 999:0:64516
+
+match from 2001:db8:1:1::51 ext-community $INTCOMM_ORIGIN_OK ext-community $INTCOMM_PREF_OK_ROA set ext-community delete $INTCOMM_IRR_REJECT
+
+# routes tagged with $INTCOMM_PREF_OK_ARINDB community have the prefix validated by an ARIN Whois record; origin ASN previously validated ($INTCOMM_ORIGIN_OK)
+match from 2001:db8:1:1::51 ext-community $INTCOMM_ORIGIN_OK ext-community $INTCOMM_PREF_OK_ARINDB set community 999:64518
+match from 2001:db8:1:1::51 ext-community $INTCOMM_ORIGIN_OK ext-community $INTCOMM_PREF_OK_ARINDB set large-community 999:0:64518
+
+match from 2001:db8:1:1::51 ext-community $INTCOMM_ORIGIN_OK ext-community $INTCOMM_PREF_OK_ARINDB set ext-community delete $INTCOMM_IRR_REJECT
+
+
+
+# enforcing: prefix
+# Reject inbound routes when 'from 2001:db8:1:1::51 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_PREFIX_KO' - reject code: 12
+allow quick from 2001:db8:1:1::51 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_PREFIX_KO set {
+	localpref 1
+	community 65520:0
+	community 65520:12
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+
+# Prefix: length
+# Reject inbound routes when 'from 2001:db8:1:1::51 prefix ::/0 prefixlen 12 >< 48' - reject code: 13
+allow quick from 2001:db8:1:1::51 prefix ::/0 prefixlen 12 >< 48 set {
+	localpref 1
+	community 65520:0
+	community 65520:13
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+# Remove internal communities before accepting the route
+match from 2001:db8:1:1::51 set {
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+match from 2001:db8:1:1::51 set ext-community delete rt 65520:5
+
+
+
+allow quick from 2001:db8:1:1::51
+
+
+
+# ---------------------------------------------
+# client AS5_2, outbound
+
+deny quick to 2001:db8:1:1::51 community 65520:0
+
+
+
+# Blackhole request?
+# No blackhole filtering policy given
+deny quick to 2001:db8:1:1::51 community BLACKHOLE
+
+
+
+# NO_EXPORT and NO_ADVERTISE communities
+
+# BGP control communities
+allow to 2001:db8:1:1::51
+
+
+# Add the $INTCOMM_PROCESS_PREPEND_COMMS ext community to signal that communities
+# for prepending can be processed. As soon as one prepending action is performed,
+# this internal community is removed, so that further actions are not processed.
+match to 2001:db8:1:1::51 set ext-community $INTCOMM_PROCESS_PREPEND_COMMS
+
+
+
+
+
+# ---------------------------------------------
+# client AS6_1, inbound
+
+
+
+# NEXT_HOP
+match from 192.0.2.61 set community NO_ADVERTISE
+match from 192.0.2.61 nexthop 192.0.2.61 set community delete NO_ADVERTISE
+# Reject inbound routes when 'from 192.0.2.61 community NO_ADVERTISE' - reject code: 5
+allow quick from 192.0.2.61 community NO_ADVERTISE set {
+	localpref 1
+	community 65520:0
+	community 65520:5
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: left-most ASN
+# Reject inbound routes when 'from 192.0.2.61 peer-as != 6' - reject code: 6
+# community from reject_cause_map
+allow quick from 192.0.2.61 peer-as != 6 set {
+	localpref 1
+	community 65520:0
+	community 65520:6
+	large-community 999:1101:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: invalid ASNs
+# Reject inbound routes when 'from 192.0.2.61 AS 23456' - reject code: 7
+allow quick from 192.0.2.61 AS 23456 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 192.0.2.61 AS 64496 - 131071' - reject code: 7
+allow quick from 192.0.2.61 AS 64496 - 131071 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 192.0.2.61 AS 4200000000 - 4294967295' - reject code: 7
+allow quick from 192.0.2.61 AS 4200000000 - 4294967295 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+
+# client's white list
+# Add the $INTCOMM_ROUTE_OK_WL ext community to routes which
+# are validated by a client's white list entry.
+# It will be used later during IRRDB validation in
+# case the route is not authorized by a client's
+# AS-SET.
+match from 192.0.2.61 prefix 2a03:2::/32 prefixlen 32 - 128 source-as 3 set ext-community $INTCOMM_ROUTE_OK_WL	# None
+match from 192.0.2.61 prefix 3.2.0.0/16 prefixlen 16 - 32 source-as 3 set ext-community $INTCOMM_ROUTE_OK_WL	# None
+
+match from 192.0.2.61 set ext-community $INTCOMM_IRR_REJECT
+
+# AS_PATH: check origin via AS-SET
+# IRRDB filters for AS6_1, AS6: asns
+# add $INTCOMM_ORIGIN_KO to any; it will be removed later if at least one AS-SET authorizes this object
+match from 192.0.2.61 set ext-community $INTCOMM_ORIGIN_KO
+# verifying if object is authorized by AS-SETs
+match from 192.0.2.61 source-as as-set AS_SET_AS6_asns set {
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community $INTCOMM_ORIGIN_OK
+} # AS6
+# adding not_present_in_as_set community to unauthorized routes
+match from 192.0.2.61 ext-community $INTCOMM_ORIGIN_KO set community 999:64515
+match from 192.0.2.61 ext-community $INTCOMM_ORIGIN_KO set large-community 999:0:64515
+# adding present_in_as_set community to authorized routes
+match from 192.0.2.61 ext-community $INTCOMM_ORIGIN_OK set community 999:64514
+match from 192.0.2.61 ext-community $INTCOMM_ORIGIN_OK set large-community 999:0:64514
+
+
+# Prefix: check prefix via AS-SET
+# IRRDB filters for AS6_1, AS6: prefixes
+# add $INTCOMM_PREFIX_KO to any; it will be removed later if at least one AS-SET authorizes this object
+match from 192.0.2.61 set ext-community $INTCOMM_PREFIX_KO
+# verifying if object is authorized by AS-SETs
+match from 192.0.2.61 prefix-set AS_SET_AS6_prefixes set {
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community $INTCOMM_PREFIX_OK
+} # AS6
+# adding not_present_in_as_set community to unauthorized routes
+match from 192.0.2.61 ext-community $INTCOMM_PREFIX_KO set community 999:64513
+match from 192.0.2.61 ext-community $INTCOMM_PREFIX_KO set large-community 999:0:64513
+# adding present_in_as_set community to authorized routes
+match from 192.0.2.61 ext-community $INTCOMM_PREFIX_OK set community 999:64512
+match from 192.0.2.61 ext-community $INTCOMM_PREFIX_OK set large-community 999:0:64512
+
+
+# routes tagged with $INTCOMM_PREF_OK_ROA community have the prefix validated by a ROA; origin ASN previously validated ($INTCOMM_ORIGIN_OK)
+match from 192.0.2.61 ext-community $INTCOMM_ORIGIN_OK ext-community $INTCOMM_PREF_OK_ROA set community 999:64516
+match from 192.0.2.61 ext-community $INTCOMM_ORIGIN_OK ext-community $INTCOMM_PREF_OK_ROA set large-community 999:0:64516
+
+match from 192.0.2.61 ext-community $INTCOMM_ORIGIN_OK ext-community $INTCOMM_PREF_OK_ROA set ext-community delete $INTCOMM_IRR_REJECT
+
+# routes tagged with $INTCOMM_PREF_OK_ARINDB community have the prefix validated by an ARIN Whois record; origin ASN previously validated ($INTCOMM_ORIGIN_OK)
+match from 192.0.2.61 ext-community $INTCOMM_ORIGIN_OK ext-community $INTCOMM_PREF_OK_ARINDB set community 999:64518
+match from 192.0.2.61 ext-community $INTCOMM_ORIGIN_OK ext-community $INTCOMM_PREF_OK_ARINDB set large-community 999:0:64518
+
+match from 192.0.2.61 ext-community $INTCOMM_ORIGIN_OK ext-community $INTCOMM_PREF_OK_ARINDB set ext-community delete $INTCOMM_IRR_REJECT
+
+
+# route authorized by a client's white list?
+match from 192.0.2.61 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_ROUTE_OK_WL set community 999:64517
+match from 192.0.2.61 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_ROUTE_OK_WL set large-community 999:0:64517
+
+match from 192.0.2.61 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_ROUTE_OK_WL set ext-community delete $INTCOMM_IRR_REJECT
+
+# enforcing: origin ASN
+# Reject inbound routes when 'from 192.0.2.61 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_ORIGIN_KO' - reject code: 9
+allow quick from 192.0.2.61 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_ORIGIN_KO set {
+	localpref 1
+	community 65520:0
+	community 65520:9
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# enforcing: prefix
+# Reject inbound routes when 'from 192.0.2.61 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_PREFIX_KO' - reject code: 12
+allow quick from 192.0.2.61 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_PREFIX_KO set {
+	localpref 1
+	community 65520:0
+	community 65520:12
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+
+# Prefix: length
+# Reject inbound routes when 'from 192.0.2.61 prefix 0.0.0.0/0 prefixlen 8 >< 24' - reject code: 13
+allow quick from 192.0.2.61 prefix 0.0.0.0/0 prefixlen 8 >< 24 set {
+	localpref 1
+	community 65520:0
+	community 65520:13
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+# Remove internal communities before accepting the route
+match from 192.0.2.61 set {
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+match from 192.0.2.61 set ext-community delete rt 65520:6
+
+
+
+allow quick from 192.0.2.61
+
+
+
+# ---------------------------------------------
+# client AS6_1, outbound
+
+deny quick to 192.0.2.61 community 65520:0
+
+
+
+# Blackhole request?
+# No blackhole filtering policy given
+deny quick to 192.0.2.61 community BLACKHOLE
+
+
+
+# NO_EXPORT and NO_ADVERTISE communities
+
+# BGP control communities
+allow to 192.0.2.61
+
+
+# Add the $INTCOMM_PROCESS_PREPEND_COMMS ext community to signal that communities
+# for prepending can be processed. As soon as one prepending action is performed,
+# this internal community is removed, so that further actions are not processed.
+match to 192.0.2.61 set ext-community $INTCOMM_PROCESS_PREPEND_COMMS
+
+
+
+
+
+# ---------------------------------------------
+# client AS6_2, inbound
+
+
+
+# NEXT_HOP
+match from 2001:db8:1:1::61 set community NO_ADVERTISE
+match from 2001:db8:1:1::61 nexthop 2001:db8:1:1::61 set community delete NO_ADVERTISE
+# Reject inbound routes when 'from 2001:db8:1:1::61 community NO_ADVERTISE' - reject code: 5
+allow quick from 2001:db8:1:1::61 community NO_ADVERTISE set {
+	localpref 1
+	community 65520:0
+	community 65520:5
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: left-most ASN
+# Reject inbound routes when 'from 2001:db8:1:1::61 peer-as != 6' - reject code: 6
+# community from reject_cause_map
+allow quick from 2001:db8:1:1::61 peer-as != 6 set {
+	localpref 1
+	community 65520:0
+	community 65520:6
+	large-community 999:1101:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: invalid ASNs
+# Reject inbound routes when 'from 2001:db8:1:1::61 AS 23456' - reject code: 7
+allow quick from 2001:db8:1:1::61 AS 23456 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 2001:db8:1:1::61 AS 64496 - 131071' - reject code: 7
+allow quick from 2001:db8:1:1::61 AS 64496 - 131071 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 2001:db8:1:1::61 AS 4200000000 - 4294967295' - reject code: 7
+allow quick from 2001:db8:1:1::61 AS 4200000000 - 4294967295 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+
+# client's white list
+# Add the $INTCOMM_ROUTE_OK_WL ext community to routes which
+# are validated by a client's white list entry.
+# It will be used later during IRRDB validation in
+# case the route is not authorized by a client's
+# AS-SET.
+match from 2001:db8:1:1::61 prefix 2a03:2::/32 prefixlen 32 - 128 source-as 3 set ext-community $INTCOMM_ROUTE_OK_WL	# None
+match from 2001:db8:1:1::61 prefix 3.2.0.0/16 prefixlen 16 - 32 source-as 3 set ext-community $INTCOMM_ROUTE_OK_WL	# None
+
+match from 2001:db8:1:1::61 set ext-community $INTCOMM_IRR_REJECT
+
+# AS_PATH: check origin via AS-SET
+# IRRDB filters for AS6_2, AS6: asns
+# add $INTCOMM_ORIGIN_KO to any; it will be removed later if at least one AS-SET authorizes this object
+match from 2001:db8:1:1::61 set ext-community $INTCOMM_ORIGIN_KO
+# verifying if object is authorized by AS-SETs
+match from 2001:db8:1:1::61 source-as as-set AS_SET_AS6_asns set {
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community $INTCOMM_ORIGIN_OK
+} # AS6
+# adding not_present_in_as_set community to unauthorized routes
+match from 2001:db8:1:1::61 ext-community $INTCOMM_ORIGIN_KO set community 999:64515
+match from 2001:db8:1:1::61 ext-community $INTCOMM_ORIGIN_KO set large-community 999:0:64515
+# adding present_in_as_set community to authorized routes
+match from 2001:db8:1:1::61 ext-community $INTCOMM_ORIGIN_OK set community 999:64514
+match from 2001:db8:1:1::61 ext-community $INTCOMM_ORIGIN_OK set large-community 999:0:64514
+
+
+# Prefix: check prefix via AS-SET
+# IRRDB filters for AS6_2, AS6: prefixes
+# add $INTCOMM_PREFIX_KO to any; it will be removed later if at least one AS-SET authorizes this object
+match from 2001:db8:1:1::61 set ext-community $INTCOMM_PREFIX_KO
+# verifying if object is authorized by AS-SETs
+match from 2001:db8:1:1::61 prefix-set AS_SET_AS6_prefixes set {
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community $INTCOMM_PREFIX_OK
+} # AS6
+# adding not_present_in_as_set community to unauthorized routes
+match from 2001:db8:1:1::61 ext-community $INTCOMM_PREFIX_KO set community 999:64513
+match from 2001:db8:1:1::61 ext-community $INTCOMM_PREFIX_KO set large-community 999:0:64513
+# adding present_in_as_set community to authorized routes
+match from 2001:db8:1:1::61 ext-community $INTCOMM_PREFIX_OK set community 999:64512
+match from 2001:db8:1:1::61 ext-community $INTCOMM_PREFIX_OK set large-community 999:0:64512
+
+
+# routes tagged with $INTCOMM_PREF_OK_ROA community have the prefix validated by a ROA; origin ASN previously validated ($INTCOMM_ORIGIN_OK)
+match from 2001:db8:1:1::61 ext-community $INTCOMM_ORIGIN_OK ext-community $INTCOMM_PREF_OK_ROA set community 999:64516
+match from 2001:db8:1:1::61 ext-community $INTCOMM_ORIGIN_OK ext-community $INTCOMM_PREF_OK_ROA set large-community 999:0:64516
+
+match from 2001:db8:1:1::61 ext-community $INTCOMM_ORIGIN_OK ext-community $INTCOMM_PREF_OK_ROA set ext-community delete $INTCOMM_IRR_REJECT
+
+# routes tagged with $INTCOMM_PREF_OK_ARINDB community have the prefix validated by an ARIN Whois record; origin ASN previously validated ($INTCOMM_ORIGIN_OK)
+match from 2001:db8:1:1::61 ext-community $INTCOMM_ORIGIN_OK ext-community $INTCOMM_PREF_OK_ARINDB set community 999:64518
+match from 2001:db8:1:1::61 ext-community $INTCOMM_ORIGIN_OK ext-community $INTCOMM_PREF_OK_ARINDB set large-community 999:0:64518
+
+match from 2001:db8:1:1::61 ext-community $INTCOMM_ORIGIN_OK ext-community $INTCOMM_PREF_OK_ARINDB set ext-community delete $INTCOMM_IRR_REJECT
+
+
+# route authorized by a client's white list?
+match from 2001:db8:1:1::61 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_ROUTE_OK_WL set community 999:64517
+match from 2001:db8:1:1::61 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_ROUTE_OK_WL set large-community 999:0:64517
+
+match from 2001:db8:1:1::61 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_ROUTE_OK_WL set ext-community delete $INTCOMM_IRR_REJECT
+
+# enforcing: origin ASN
+# Reject inbound routes when 'from 2001:db8:1:1::61 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_ORIGIN_KO' - reject code: 9
+allow quick from 2001:db8:1:1::61 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_ORIGIN_KO set {
+	localpref 1
+	community 65520:0
+	community 65520:9
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# enforcing: prefix
+# Reject inbound routes when 'from 2001:db8:1:1::61 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_PREFIX_KO' - reject code: 12
+allow quick from 2001:db8:1:1::61 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_PREFIX_KO set {
+	localpref 1
+	community 65520:0
+	community 65520:12
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+
+# Prefix: length
+# Reject inbound routes when 'from 2001:db8:1:1::61 prefix ::/0 prefixlen 12 >< 48' - reject code: 13
+allow quick from 2001:db8:1:1::61 prefix ::/0 prefixlen 12 >< 48 set {
+	localpref 1
+	community 65520:0
+	community 65520:13
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+# Remove internal communities before accepting the route
+match from 2001:db8:1:1::61 set {
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+match from 2001:db8:1:1::61 set ext-community delete rt 65520:6
+
+
+
+allow quick from 2001:db8:1:1::61
+
+
+
+# ---------------------------------------------
+# client AS6_2, outbound
+
+deny quick to 2001:db8:1:1::61 community 65520:0
+
+
+
+# Blackhole request?
+# No blackhole filtering policy given
+deny quick to 2001:db8:1:1::61 community BLACKHOLE
+
+
+
+# NO_EXPORT and NO_ADVERTISE communities
+
+# BGP control communities
+allow to 2001:db8:1:1::61
+
+
+# Add the $INTCOMM_PROCESS_PREPEND_COMMS ext community to signal that communities
+# for prepending can be processed. As soon as one prepending action is performed,
+# this internal community is removed, so that further actions are not processed.
+match to 2001:db8:1:1::61 set ext-community $INTCOMM_PROCESS_PREPEND_COMMS
+
+
+
+
+
+
+
+# Scrub communities from outbound routes
+# reject_cause
+match to group clients set community delete 65520:*
+
+# reject_cause_map_6
+match to group clients set large-community delete 999:1101:7
+
+# rejected_route_announced_by
+match to group clients set ext-community delete rt 65520:*
+
+
+# Scrub prepending communities
+
+
+# RFC1997 NO_EXPORT/NO_ADVERTISE received from clients and propagated because of pass-through policy
+match to group clients ext-community $INTCOMM_NO_EXPORT set community NO_EXPORT
+match to group clients ext-community $INTCOMM_NO_ADVERTISE set community NO_ADVERTISE
+
+# Remove internal communities before announcing the route
+match to group clients set {
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
diff --git a/tests/live_tests/scenarios/tag_as_set/configs/TagASSetScenario_WithAS_SETs_OpenBGPDIPv4/openbgpd77p.conf b/tests/live_tests/scenarios/tag_as_set/configs/TagASSetScenario_WithAS_SETs_OpenBGPDIPv4/openbgpd77p.conf
new file mode 100644
index 00000000..bd34f331
--- /dev/null
+++ b/tests/live_tests/scenarios/tag_as_set/configs/TagASSetScenario_WithAS_SETs_OpenBGPDIPv4/openbgpd77p.conf
@@ -0,0 +1,3741 @@
+# built by ARouteServer
+AS 999
+router-id 192.0.2.2
+
+fib-update no
+log updates
+
+nexthop qualify via default
+
+rde evaluate all
+
+INTCOMM_PREF_OK_ROA="soo 65535:1"
+INTCOMM_ROUTE_OK_WL="soo 65535:2"
+INTCOMM_PREF_OK_ARINDB="soo 65535:3"
+INTCOMM_PREF_OK_REGISTROBRDB="soo 65535:12"
+
+INTCOMM_ORIGIN_OK="soo 65535:4"
+INTCOMM_ORIGIN_KO="soo 65535:5"
+INTCOMM_PREFIX_OK="soo 65535:6"
+INTCOMM_PREFIX_KO="soo 65535:7"
+INTCOMM_IRR_REJECT="soo 65535:8"
+
+INTCOMM_RPKI_UNKNOWN="soo 65535:9"
+INTCOMM_RPKI_INVALID="soo 65535:10"
+INTCOMM_RPKI_VALID="soo 65535:11"
+
+INTCOMM_PROCESS_PREPEND_COMMS="soo 65535:13"
+
+INTCOMM_NO_EXPORT="soo 65535:65281"
+INTCOMM_NO_ADVERTISE="soo 65535:65282"
+
+# ---------------------------------------------------------
+# IRRDB
+
+# WHITE_LIST_AS4_1, used by client AS4_1 white list
+as-set "AS_SET_WHITE_LIST_AS4_1_asns" {
+    41
+}
+prefix-set "AS_SET_WHITE_LIST_AS4_1_prefixes" {
+    4.2.0.0/16 prefixlen 16 - 32
+    2a04:2::/32 prefixlen 32 - 128
+}
+
+# AS4, used by client AS4_1, client AS4_2
+# no origin ASNs found for AS4
+# no prefixes found for AS4
+
+# WHITE_LIST_AS2_2, used by client AS2_2 white list
+as-set "AS_SET_WHITE_LIST_AS2_2_asns" {
+    21
+}
+prefix-set "AS_SET_WHITE_LIST_AS2_2_prefixes" {
+    2.2.0.0/16 prefixlen 16 - 32
+    2a02:2::/32 prefixlen 32 - 128
+}
+
+# AS-AS5_FROM_PDB, used by client AS5_1, client AS5_2
+as-set "AS_SET_AS_AS5_FROM_PDB_asns" {
+    5
+}
+prefix-set "AS_SET_AS_AS5_FROM_PDB_prefixes" {
+    5.0.0.0/16 prefixlen 16 - 32
+}
+
+# AS-AS4, used by client AS4_1, client AS4_2
+as-set "AS_SET_AS_AS4_asns" {
+    4
+}
+prefix-set "AS_SET_AS_AS4_prefixes" {
+    4.0.0.0/16 prefixlen 16 - 32
+}
+
+# AS2, used by client AS2_1, client AS2_2
+# no origin ASNs found for AS2
+# no prefixes found for AS2
+
+# WHITE_LIST_AS5_2, used by client AS5_2 white list
+as-set "AS_SET_WHITE_LIST_AS5_2_asns" {
+    51
+}
+prefix-set "AS_SET_WHITE_LIST_AS5_2_prefixes" {
+    5.2.0.0/16 prefixlen 16 - 32
+    2a05:2::/32 prefixlen 32 - 128
+}
+
+# AS5, used by client AS5_1, client AS5_2
+# no origin ASNs found for AS5
+# no prefixes found for AS5
+
+# AS6, used by client AS6_1, client AS6_2
+as-set "AS_SET_AS6_asns" {
+    3 6
+}
+prefix-set "AS_SET_AS6_prefixes" {
+    6.0.0.0/16 prefixlen 16 - 32
+}
+
+# WHITE_LIST_AS5_1, used by client AS5_1 white list
+as-set "AS_SET_WHITE_LIST_AS5_1_asns" {
+    51
+}
+prefix-set "AS_SET_WHITE_LIST_AS5_1_prefixes" {
+    5.2.0.0/16 prefixlen 16 - 32
+    2a05:2::/32 prefixlen 32 - 128
+}
+
+# WHITE_LIST_AS2_1, used by client AS2_1 white list
+as-set "AS_SET_WHITE_LIST_AS2_1_asns" {
+    21
+}
+prefix-set "AS_SET_WHITE_LIST_AS2_1_prefixes" {
+    2.2.0.0/16 prefixlen 16 - 32
+    2a02:2::/32 prefixlen 32 - 128
+}
+
+# AS1, used by client AS1_1, client AS1_2
+as-set "AS_SET_AS1_asns" {
+    1
+}
+prefix-set "AS_SET_AS1_prefixes" {
+    1.0.0.0/16 prefixlen 16 - 32
+}
+
+# WHITE_LIST_AS4_2, used by client AS4_2 white list
+as-set "AS_SET_WHITE_LIST_AS4_2_asns" {
+    41
+}
+prefix-set "AS_SET_WHITE_LIST_AS4_2_prefixes" {
+    4.2.0.0/16 prefixlen 16 - 32
+    2a04:2::/32 prefixlen 32 - 128
+}
+
+# AS-AS2, used by client AS2_1, client AS2_2
+as-set "AS_SET_AS_AS2_asns" {
+    2
+}
+prefix-set "AS_SET_AS_AS2_prefixes" {
+    2.0.0.0/16 prefixlen 16 - 32
+}
+
+
+
+
+# ---------------------------------------------------------
+# MEMBERS
+
+group "clients" {
+
+	neighbor 192.0.2.11 {
+		remote-as 1
+
+		rde evaluate all
+
+		descr "AS1_1 client, no AS-SET"
+		passive
+		ttl-security no
+		transparent-as yes
+		enforce neighbor-as no
+
+		announce as-4byte yes
+		announce IPv6 none
+		announce IPv4 unicast
+
+		set nexthop no-modify
+	}
+
+	neighbor 2001:db8:1:1::11 {
+		remote-as 1
+
+		rde evaluate all
+
+		descr "AS1_1 client, no AS-SET"
+		passive
+		ttl-security no
+		transparent-as yes
+		enforce neighbor-as no
+
+		announce as-4byte yes
+		announce IPv6 unicast
+		announce IPv4 none
+
+		set nexthop no-modify
+	}
+
+	neighbor 192.0.2.21 {
+		remote-as 2
+
+		rde evaluate all
+
+		descr "AS2_1 client, AS-SET from AS..."
+		passive
+		ttl-security no
+		transparent-as yes
+		enforce neighbor-as no
+
+		announce as-4byte yes
+		announce IPv6 none
+		announce IPv4 unicast
+
+		set nexthop no-modify
+	}
+
+	neighbor 2001:db8:1:1::21 {
+		remote-as 2
+
+		rde evaluate all
+
+		descr "AS2_1 client, AS-SET from AS..."
+		passive
+		ttl-security no
+		transparent-as yes
+		enforce neighbor-as no
+
+		announce as-4byte yes
+		announce IPv6 unicast
+		announce IPv4 none
+
+		set nexthop no-modify
+	}
+
+	neighbor 192.0.2.41 {
+		remote-as 4
+
+		rde evaluate all
+
+		descr "AS4_1 client, AS-SET configu..."
+		passive
+		ttl-security no
+		transparent-as yes
+		enforce neighbor-as no
+
+		announce as-4byte yes
+		announce IPv6 none
+		announce IPv4 unicast
+
+		set nexthop no-modify
+	}
+
+	neighbor 2001:db8:1:1::41 {
+		remote-as 4
+
+		rde evaluate all
+
+		descr "AS4_1 client, AS-SET configu..."
+		passive
+		ttl-security no
+		transparent-as yes
+		enforce neighbor-as no
+
+		announce as-4byte yes
+		announce IPv6 unicast
+		announce IPv4 none
+
+		set nexthop no-modify
+	}
+
+	neighbor 192.0.2.51 {
+		remote-as 5
+
+		rde evaluate all
+
+		descr "AS5_1 client, AS-SET from Pe..."
+		passive
+		ttl-security no
+		transparent-as yes
+		enforce neighbor-as no
+
+		announce as-4byte yes
+		announce IPv6 none
+		announce IPv4 unicast
+
+		set nexthop no-modify
+	}
+
+	neighbor 2001:db8:1:1::51 {
+		remote-as 5
+
+		rde evaluate all
+
+		descr "AS5_1 client, AS-SET from Pe..."
+		passive
+		ttl-security no
+		transparent-as yes
+		enforce neighbor-as no
+
+		announce as-4byte yes
+		announce IPv6 unicast
+		announce IPv4 none
+
+		set nexthop no-modify
+	}
+
+	neighbor 192.0.2.61 {
+		remote-as 6
+
+		rde evaluate all
+
+		descr "AS6_1 client"
+		passive
+		ttl-security no
+		transparent-as yes
+		enforce neighbor-as no
+
+		announce as-4byte yes
+		announce IPv6 none
+		announce IPv4 unicast
+
+		set nexthop no-modify
+	}
+
+	neighbor 2001:db8:1:1::61 {
+		remote-as 6
+
+		rde evaluate all
+
+		descr "AS6_1 client"
+		passive
+		ttl-security no
+		transparent-as yes
+		enforce neighbor-as no
+
+		announce as-4byte yes
+		announce IPv6 unicast
+		announce IPv4 none
+
+		set nexthop no-modify
+	}
+}
+
+
+
+# ---------------------------------------------------------
+# FILTERS
+
+# NO_ADVERTISE usage notes.
+# The NO_ADVERTISE well-know community is used here to handle
+# filters that span over multiple steps. At first it is added
+# to any route, then it is removed as filters conditions are
+# satisfied. Finally, if it is still present, it means that
+# the route should be discarded.
+
+
+
+
+
+prefix-set "bogons" {
+    0.0.0.0/0
+    0.0.0.0/8 prefixlen 8 - 32
+    10.0.0.0/8 prefixlen 8 - 32
+    127.0.0.0/8 prefixlen 8 - 32
+    169.254.0.0/16 prefixlen 16 - 32
+    172.16.0.0/12 prefixlen 12 - 32
+    192.0.2.0/24 prefixlen 24 - 32
+    192.88.99.0/24 prefixlen 24 - 32
+    192.168.0.0/16 prefixlen 16 - 32
+    198.18.0.0/15 prefixlen 15 - 32
+    198.51.100.0/24 prefixlen 24 - 32
+    203.0.113.0/24 prefixlen 24 - 32
+    224.0.0.0/3 prefixlen 3 - 32
+    100.64.0.0/10 prefixlen 10 - 32
+    ::/0
+    ::/8 prefixlen 8 - 128
+    64:ff9b::/96 prefixlen 96 - 128
+    100::/8 prefixlen 8 - 128
+    200::/7 prefixlen 7 - 128
+    400::/6 prefixlen 6 - 128
+    800::/5 prefixlen 5 - 128
+    1000::/4 prefixlen 4 - 128
+    2001::/33 prefixlen 33 - 128
+    2001:0:8000::/33 prefixlen 33 - 128
+    2001:2::/48 prefixlen 48 - 128
+    2001:3::/32 prefixlen 32 - 128
+    2001:10::/28 prefixlen 28 - 128
+    2001:20::/28 prefixlen 28 - 128
+    2001:db8::/32 prefixlen 32 - 128
+    2002::/16 prefixlen 16 - 128
+    3ffe::/16 prefixlen 16 - 128
+    4000::/3 prefixlen 3 - 128
+    5f00::/8 prefixlen 8 - 128
+    6000::/3 prefixlen 3 - 128
+    8000::/3 prefixlen 3 - 128
+    a000::/3 prefixlen 3 - 128
+    c000::/3 prefixlen 3 - 128
+    e000::/4 prefixlen 4 - 128
+    f000::/5 prefixlen 5 - 128
+    f800::/6 prefixlen 6 - 128
+    fc00::/7 prefixlen 7 - 128
+    fe80::/10 prefixlen 10 - 128
+    fec0::/10 prefixlen 10 - 128
+    ff00::/8 prefixlen 8 - 128
+
+}
+
+
+# =====================================================================================
+# Global rules.
+
+# This part of configuration is processed at the beginning of the filters.
+# The rules defined in this part are applied to all the clients, and not on a
+# client-by-client basis (see the 'match from group clients'), so only global policies
+# can be implemented here, that is no client-level configuration are allowed.
+
+
+
+# Scrub communities from inbound routes
+# origin_not_present_in_as_set
+match from group clients set community delete 999:64515
+match from group clients set large-community delete 999:0:64515
+
+# origin_present_in_as_set
+match from group clients set community delete 999:64514
+match from group clients set large-community delete 999:0:64514
+
+# prefix_not_present_in_as_set
+match from group clients set community delete 999:64513
+match from group clients set large-community delete 999:0:64513
+
+# prefix_present_in_as_set
+match from group clients set community delete 999:64512
+match from group clients set large-community delete 999:0:64512
+
+# prefix_validated_via_arin_whois_db_dump
+match from group clients set community delete 999:64518
+match from group clients set large-community delete 999:0:64518
+
+# prefix_validated_via_rpki_roas
+match from group clients set community delete 999:64516
+match from group clients set large-community delete 999:0:64516
+
+# reject_cause
+match from group clients set community delete 65520:*
+
+# reject_cause_map_6
+match from group clients set large-community delete 999:1101:7
+
+# rejected_route_announced_by
+match from group clients set ext-community delete rt 65520:*
+
+# route_validated_via_white_list
+match from group clients set community delete 999:64517
+match from group clients set large-community delete 999:0:64517
+
+
+# Scrub internal communities from inbound routes
+match from group clients set {
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+# The main goal of this block is to enrich routes received from clients by attaching to them
+# internal informational communities which are used later by the rest of the filter rules.
+
+# Internal communities used for RFC1997 well-known communities handling
+
+# Transform NO_EXPORT into $INTCOMM_NO_EXPORT
+match from group clients community NO_EXPORT set { ext-community $INTCOMM_NO_EXPORT community delete NO_EXPORT }
+
+# Transform NO_ADVERTISE into $INTCOMM_NO_ADVERTISE
+match from group clients community NO_ADVERTISE set { ext-community $INTCOMM_NO_ADVERTISE community delete NO_ADVERTISE }
+
+
+# ---------------------------------------------------------
+# ROAs source
+
+
+roa-set {
+    2.4.0.0/16 source-as 2
+    2.5.0.0/16 source-as 2
+    2.7.0.0/16 source-as 2
+    3.1.0.0/16 source-as 3
+    3.3.0.0/16 source-as 3
+    2.0.4.0/24 source-as 2
+    6.0.1.0/24 source-as 6
+    2a02:4::/32 source-as 2
+    2a02:5::/32 source-as 2
+    2a02:7::/32 source-as 2
+    2a03:1::/32 source-as 3
+    2a03:3::/32 source-as 3
+    2a02:0:4::/48 source-as 2
+    2a06:0:1::/48 source-as 6
+
+}
+
+
+
+
+# ---------------------------------------------------------
+# RPKI ROAs used as route objects.
+
+# Add the $INTCOMM_PREF_OK_ROA ext community to routes whose
+# origin ASN has a ROA for the announced prefix.
+# It will be used later during IRRDB validation in
+# case the origin ASN is authorized by a client's
+# AS-SET but the prefix is not.
+
+origin-set "RPKI_ROA" {
+    2.4.0.0/16 source-as 2
+    2.5.0.0/16 source-as 2
+    2.7.0.0/16 source-as 2
+    3.1.0.0/16 source-as 3
+    3.3.0.0/16 source-as 3
+    2.0.4.0/24 source-as 2
+    6.0.1.0/24 source-as 6
+    2a02:4::/32 source-as 2
+    2a02:5::/32 source-as 2
+    2a02:7::/32 source-as 2
+    2a03:1::/32 source-as 3
+    2a03:3::/32 source-as 3
+    2a02:0:4::/48 source-as 2
+    2a06:0:1::/48 source-as 6
+
+}
+match from group clients origin-set RPKI_ROA set ext-community $INTCOMM_PREF_OK_ROA
+
+
+# ARIN Whois records used for preifx validation
+# ---------------------------------------------
+
+# Add the $INTCOMM_PREF_OK_ARINDB ext community to routes whose
+# origin ASN has an ARIN Whois record for the announced prefix.
+# It will be used later during IRRDB validation in
+# case the origin ASN is authorized by a client's
+# AS-SET but the prefix is not.
+origin-set "ARINDB" {
+2.0.5.0/24 prefixlen 24 - 32 source-as 2
+2.6.0.0/16 prefixlen 16 - 32 source-as 2
+2.7.0.0/16 prefixlen 16 - 32 source-as 2
+2a02:0:5::/48 prefixlen 48 - 128 source-as 2
+2a02:6::/32 prefixlen 32 - 128 source-as 2
+2a02:7::/32 prefixlen 32 - 128 source-as 2
+2a03:2::/32 prefixlen 32 - 128 source-as 3
+2a03:3::/32 prefixlen 32 - 128 source-as 3
+3.2.0.0/16 prefixlen 16 - 32 source-as 3
+3.3.0.0/16 prefixlen 16 - 32 source-as 3
+2a06:0:1::/48 prefixlen 48 - 128 source-as 6
+6.0.1.0/24 prefixlen 24 - 32 source-as 6
+}
+match from group clients origin-set ARINDB set ext-community $INTCOMM_PREF_OK_ARINDB
+
+
+
+
+# Set the 'rejected_route_announced_by' community for all the clients.
+# It will be removed later if the route is not invalid
+match from 192.0.2.11 set ext-community rt 65520:1
+
+match from 2001:db8:1:1::11 set ext-community rt 65520:1
+
+match from 192.0.2.21 set ext-community rt 65520:2
+
+match from 2001:db8:1:1::21 set ext-community rt 65520:2
+
+match from 192.0.2.41 set ext-community rt 65520:4
+
+match from 2001:db8:1:1::41 set ext-community rt 65520:4
+
+match from 192.0.2.51 set ext-community rt 65520:5
+
+match from 2001:db8:1:1::51 set ext-community rt 65520:5
+
+match from 192.0.2.61 set ext-community rt 65520:6
+
+match from 2001:db8:1:1::61 set ext-community rt 65520:6
+
+
+
+
+# AS_PATH: length
+# Reject inbound routes when 'from group clients max-as-len 32' - reject code: 1
+allow quick from group clients max-as-len 32 set {
+	localpref 1
+	community 65520:0
+	community 65520:1
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+# Prefix: only IPv6 Global Unicast space allowed
+match from group clients inet6 set community NO_ADVERTISE
+match from group clients prefix 2000::/3 or-longer set community delete NO_ADVERTISE
+# Reject inbound routes when 'from group clients community NO_ADVERTISE' - reject code: 10
+allow quick from group clients community NO_ADVERTISE set {
+	localpref 1
+	community 65520:0
+	community 65520:10
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# Prefix: bogon
+# Reject inbound routes when 'from group clients prefix-set bogons' - reject code: 2
+allow quick from group clients prefix-set bogons set {
+	localpref 1
+	community 65520:0
+	community 65520:2
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+
+# =====================================================================================
+# Per client rules.
+
+
+# ---------------------------------------------
+# client AS1_1, inbound
+
+
+
+# NEXT_HOP
+match from 192.0.2.11 set community NO_ADVERTISE
+match from 192.0.2.11 nexthop 192.0.2.11 set community delete NO_ADVERTISE
+# Reject inbound routes when 'from 192.0.2.11 community NO_ADVERTISE' - reject code: 5
+allow quick from 192.0.2.11 community NO_ADVERTISE set {
+	localpref 1
+	community 65520:0
+	community 65520:5
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: left-most ASN
+# Reject inbound routes when 'from 192.0.2.11 peer-as != 1' - reject code: 6
+# community from reject_cause_map
+allow quick from 192.0.2.11 peer-as != 1 set {
+	localpref 1
+	community 65520:0
+	community 65520:6
+	large-community 999:1101:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: invalid ASNs
+# Reject inbound routes when 'from 192.0.2.11 AS 23456' - reject code: 7
+allow quick from 192.0.2.11 AS 23456 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 192.0.2.11 AS 64496 - 131071' - reject code: 7
+allow quick from 192.0.2.11 AS 64496 - 131071 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 192.0.2.11 AS 4200000000 - 4294967295' - reject code: 7
+allow quick from 192.0.2.11 AS 4200000000 - 4294967295 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+
+
+match from 192.0.2.11 set ext-community $INTCOMM_IRR_REJECT
+
+# AS_PATH: check origin via AS-SET
+# IRRDB filters for AS1_1, AS1: asns
+# add $INTCOMM_ORIGIN_KO to any; it will be removed later if at least one AS-SET authorizes this object
+match from 192.0.2.11 set ext-community $INTCOMM_ORIGIN_KO
+# verifying if object is authorized by AS-SETs
+match from 192.0.2.11 source-as as-set AS_SET_AS1_asns set {
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community $INTCOMM_ORIGIN_OK
+} # AS1
+# adding not_present_in_as_set community to unauthorized routes
+match from 192.0.2.11 ext-community $INTCOMM_ORIGIN_KO set community 999:64515
+match from 192.0.2.11 ext-community $INTCOMM_ORIGIN_KO set large-community 999:0:64515
+# adding present_in_as_set community to authorized routes
+match from 192.0.2.11 ext-community $INTCOMM_ORIGIN_OK set community 999:64514
+match from 192.0.2.11 ext-community $INTCOMM_ORIGIN_OK set large-community 999:0:64514
+
+
+# Prefix: check prefix via AS-SET
+# IRRDB filters for AS1_1, AS1: prefixes
+# add $INTCOMM_PREFIX_KO to any; it will be removed later if at least one AS-SET authorizes this object
+match from 192.0.2.11 set ext-community $INTCOMM_PREFIX_KO
+# verifying if object is authorized by AS-SETs
+match from 192.0.2.11 prefix-set AS_SET_AS1_prefixes set {
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community $INTCOMM_PREFIX_OK
+} # AS1
+# adding not_present_in_as_set community to unauthorized routes
+match from 192.0.2.11 ext-community $INTCOMM_PREFIX_KO set community 999:64513
+match from 192.0.2.11 ext-community $INTCOMM_PREFIX_KO set large-community 999:0:64513
+# adding present_in_as_set community to authorized routes
+match from 192.0.2.11 ext-community $INTCOMM_PREFIX_OK set community 999:64512
+match from 192.0.2.11 ext-community $INTCOMM_PREFIX_OK set large-community 999:0:64512
+
+
+# routes tagged with $INTCOMM_PREF_OK_ROA community have the prefix validated by a ROA; origin ASN previously validated ($INTCOMM_ORIGIN_OK)
+match from 192.0.2.11 ext-community $INTCOMM_ORIGIN_OK ext-community $INTCOMM_PREF_OK_ROA set community 999:64516
+match from 192.0.2.11 ext-community $INTCOMM_ORIGIN_OK ext-community $INTCOMM_PREF_OK_ROA set large-community 999:0:64516
+
+match from 192.0.2.11 ext-community $INTCOMM_ORIGIN_OK ext-community $INTCOMM_PREF_OK_ROA set ext-community delete $INTCOMM_IRR_REJECT
+
+# routes tagged with $INTCOMM_PREF_OK_ARINDB community have the prefix validated by an ARIN Whois record; origin ASN previously validated ($INTCOMM_ORIGIN_OK)
+match from 192.0.2.11 ext-community $INTCOMM_ORIGIN_OK ext-community $INTCOMM_PREF_OK_ARINDB set community 999:64518
+match from 192.0.2.11 ext-community $INTCOMM_ORIGIN_OK ext-community $INTCOMM_PREF_OK_ARINDB set large-community 999:0:64518
+
+match from 192.0.2.11 ext-community $INTCOMM_ORIGIN_OK ext-community $INTCOMM_PREF_OK_ARINDB set ext-community delete $INTCOMM_IRR_REJECT
+
+
+
+
+
+
+# Prefix: length
+# Reject inbound routes when 'from 192.0.2.11 prefix 0.0.0.0/0 prefixlen 8 >< 24' - reject code: 13
+allow quick from 192.0.2.11 prefix 0.0.0.0/0 prefixlen 8 >< 24 set {
+	localpref 1
+	community 65520:0
+	community 65520:13
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+# Remove internal communities before accepting the route
+match from 192.0.2.11 set {
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+match from 192.0.2.11 set ext-community delete rt 65520:1
+
+
+
+allow quick from 192.0.2.11
+
+
+
+# ---------------------------------------------
+# client AS1_1, outbound
+
+deny quick to 192.0.2.11 community 65520:0
+
+
+
+# Blackhole request?
+# No blackhole filtering policy given
+deny quick to 192.0.2.11 community BLACKHOLE
+
+
+
+# NO_EXPORT and NO_ADVERTISE communities
+
+# BGP control communities
+allow to 192.0.2.11
+
+
+# Add the $INTCOMM_PROCESS_PREPEND_COMMS ext community to signal that communities
+# for prepending can be processed. As soon as one prepending action is performed,
+# this internal community is removed, so that further actions are not processed.
+match to 192.0.2.11 set ext-community $INTCOMM_PROCESS_PREPEND_COMMS
+
+
+
+
+
+# ---------------------------------------------
+# client AS1_2, inbound
+
+
+
+# NEXT_HOP
+match from 2001:db8:1:1::11 set community NO_ADVERTISE
+match from 2001:db8:1:1::11 nexthop 2001:db8:1:1::11 set community delete NO_ADVERTISE
+# Reject inbound routes when 'from 2001:db8:1:1::11 community NO_ADVERTISE' - reject code: 5
+allow quick from 2001:db8:1:1::11 community NO_ADVERTISE set {
+	localpref 1
+	community 65520:0
+	community 65520:5
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: left-most ASN
+# Reject inbound routes when 'from 2001:db8:1:1::11 peer-as != 1' - reject code: 6
+# community from reject_cause_map
+allow quick from 2001:db8:1:1::11 peer-as != 1 set {
+	localpref 1
+	community 65520:0
+	community 65520:6
+	large-community 999:1101:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: invalid ASNs
+# Reject inbound routes when 'from 2001:db8:1:1::11 AS 23456' - reject code: 7
+allow quick from 2001:db8:1:1::11 AS 23456 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 2001:db8:1:1::11 AS 64496 - 131071' - reject code: 7
+allow quick from 2001:db8:1:1::11 AS 64496 - 131071 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 2001:db8:1:1::11 AS 4200000000 - 4294967295' - reject code: 7
+allow quick from 2001:db8:1:1::11 AS 4200000000 - 4294967295 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+
+
+match from 2001:db8:1:1::11 set ext-community $INTCOMM_IRR_REJECT
+
+# AS_PATH: check origin via AS-SET
+# IRRDB filters for AS1_2, AS1: asns
+# add $INTCOMM_ORIGIN_KO to any; it will be removed later if at least one AS-SET authorizes this object
+match from 2001:db8:1:1::11 set ext-community $INTCOMM_ORIGIN_KO
+# verifying if object is authorized by AS-SETs
+match from 2001:db8:1:1::11 source-as as-set AS_SET_AS1_asns set {
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community $INTCOMM_ORIGIN_OK
+} # AS1
+# adding not_present_in_as_set community to unauthorized routes
+match from 2001:db8:1:1::11 ext-community $INTCOMM_ORIGIN_KO set community 999:64515
+match from 2001:db8:1:1::11 ext-community $INTCOMM_ORIGIN_KO set large-community 999:0:64515
+# adding present_in_as_set community to authorized routes
+match from 2001:db8:1:1::11 ext-community $INTCOMM_ORIGIN_OK set community 999:64514
+match from 2001:db8:1:1::11 ext-community $INTCOMM_ORIGIN_OK set large-community 999:0:64514
+
+
+# Prefix: check prefix via AS-SET
+# IRRDB filters for AS1_2, AS1: prefixes
+# add $INTCOMM_PREFIX_KO to any; it will be removed later if at least one AS-SET authorizes this object
+match from 2001:db8:1:1::11 set ext-community $INTCOMM_PREFIX_KO
+# verifying if object is authorized by AS-SETs
+match from 2001:db8:1:1::11 prefix-set AS_SET_AS1_prefixes set {
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community $INTCOMM_PREFIX_OK
+} # AS1
+# adding not_present_in_as_set community to unauthorized routes
+match from 2001:db8:1:1::11 ext-community $INTCOMM_PREFIX_KO set community 999:64513
+match from 2001:db8:1:1::11 ext-community $INTCOMM_PREFIX_KO set large-community 999:0:64513
+# adding present_in_as_set community to authorized routes
+match from 2001:db8:1:1::11 ext-community $INTCOMM_PREFIX_OK set community 999:64512
+match from 2001:db8:1:1::11 ext-community $INTCOMM_PREFIX_OK set large-community 999:0:64512
+
+
+# routes tagged with $INTCOMM_PREF_OK_ROA community have the prefix validated by a ROA; origin ASN previously validated ($INTCOMM_ORIGIN_OK)
+match from 2001:db8:1:1::11 ext-community $INTCOMM_ORIGIN_OK ext-community $INTCOMM_PREF_OK_ROA set community 999:64516
+match from 2001:db8:1:1::11 ext-community $INTCOMM_ORIGIN_OK ext-community $INTCOMM_PREF_OK_ROA set large-community 999:0:64516
+
+match from 2001:db8:1:1::11 ext-community $INTCOMM_ORIGIN_OK ext-community $INTCOMM_PREF_OK_ROA set ext-community delete $INTCOMM_IRR_REJECT
+
+# routes tagged with $INTCOMM_PREF_OK_ARINDB community have the prefix validated by an ARIN Whois record; origin ASN previously validated ($INTCOMM_ORIGIN_OK)
+match from 2001:db8:1:1::11 ext-community $INTCOMM_ORIGIN_OK ext-community $INTCOMM_PREF_OK_ARINDB set community 999:64518
+match from 2001:db8:1:1::11 ext-community $INTCOMM_ORIGIN_OK ext-community $INTCOMM_PREF_OK_ARINDB set large-community 999:0:64518
+
+match from 2001:db8:1:1::11 ext-community $INTCOMM_ORIGIN_OK ext-community $INTCOMM_PREF_OK_ARINDB set ext-community delete $INTCOMM_IRR_REJECT
+
+
+
+
+
+
+# Prefix: length
+# Reject inbound routes when 'from 2001:db8:1:1::11 prefix ::/0 prefixlen 12 >< 48' - reject code: 13
+allow quick from 2001:db8:1:1::11 prefix ::/0 prefixlen 12 >< 48 set {
+	localpref 1
+	community 65520:0
+	community 65520:13
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+# Remove internal communities before accepting the route
+match from 2001:db8:1:1::11 set {
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+match from 2001:db8:1:1::11 set ext-community delete rt 65520:1
+
+
+
+allow quick from 2001:db8:1:1::11
+
+
+
+# ---------------------------------------------
+# client AS1_2, outbound
+
+deny quick to 2001:db8:1:1::11 community 65520:0
+
+
+
+# Blackhole request?
+# No blackhole filtering policy given
+deny quick to 2001:db8:1:1::11 community BLACKHOLE
+
+
+
+# NO_EXPORT and NO_ADVERTISE communities
+
+# BGP control communities
+allow to 2001:db8:1:1::11
+
+
+# Add the $INTCOMM_PROCESS_PREPEND_COMMS ext community to signal that communities
+# for prepending can be processed. As soon as one prepending action is performed,
+# this internal community is removed, so that further actions are not processed.
+match to 2001:db8:1:1::11 set ext-community $INTCOMM_PROCESS_PREPEND_COMMS
+
+
+
+
+
+# ---------------------------------------------
+# client AS2_1, inbound
+
+
+
+# NEXT_HOP
+match from 192.0.2.21 set community NO_ADVERTISE
+match from 192.0.2.21 nexthop 192.0.2.21 set community delete NO_ADVERTISE
+# Reject inbound routes when 'from 192.0.2.21 community NO_ADVERTISE' - reject code: 5
+allow quick from 192.0.2.21 community NO_ADVERTISE set {
+	localpref 1
+	community 65520:0
+	community 65520:5
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: left-most ASN
+# Reject inbound routes when 'from 192.0.2.21 peer-as != 2' - reject code: 6
+# community from reject_cause_map
+allow quick from 192.0.2.21 peer-as != 2 set {
+	localpref 1
+	community 65520:0
+	community 65520:6
+	large-community 999:1101:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: invalid ASNs
+# Reject inbound routes when 'from 192.0.2.21 AS 23456' - reject code: 7
+allow quick from 192.0.2.21 AS 23456 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 192.0.2.21 AS 64496 - 131071' - reject code: 7
+allow quick from 192.0.2.21 AS 64496 - 131071 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 192.0.2.21 AS 4200000000 - 4294967295' - reject code: 7
+allow quick from 192.0.2.21 AS 4200000000 - 4294967295 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+
+
+match from 192.0.2.21 set ext-community $INTCOMM_IRR_REJECT
+
+# AS_PATH: check origin via AS-SET
+# IRRDB filters for AS2_1, AS2: asns
+# add $INTCOMM_ORIGIN_KO to any; it will be removed later if at least one AS-SET authorizes this object
+match from 192.0.2.21 set ext-community $INTCOMM_ORIGIN_KO
+# verifying if object is authorized by AS-SETs
+# AS-SET AS2 referenced but empty.
+match from 192.0.2.21 source-as as-set AS_SET_WHITE_LIST_AS2_1_asns set {
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community $INTCOMM_ORIGIN_OK
+} # WHITE_LIST_AS2_1
+match from 192.0.2.21 source-as as-set AS_SET_AS_AS2_asns set {
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community $INTCOMM_ORIGIN_OK
+} # AS_AS2
+# adding not_present_in_as_set community to unauthorized routes
+match from 192.0.2.21 ext-community $INTCOMM_ORIGIN_KO set community 999:64515
+match from 192.0.2.21 ext-community $INTCOMM_ORIGIN_KO set large-community 999:0:64515
+# adding present_in_as_set community to authorized routes
+match from 192.0.2.21 ext-community $INTCOMM_ORIGIN_OK set community 999:64514
+match from 192.0.2.21 ext-community $INTCOMM_ORIGIN_OK set large-community 999:0:64514
+
+
+# Prefix: check prefix via AS-SET
+# IRRDB filters for AS2_1, AS2: prefixes
+# add $INTCOMM_PREFIX_KO to any; it will be removed later if at least one AS-SET authorizes this object
+match from 192.0.2.21 set ext-community $INTCOMM_PREFIX_KO
+# verifying if object is authorized by AS-SETs
+# AS-SET AS2 referenced but empty.
+match from 192.0.2.21 prefix-set AS_SET_WHITE_LIST_AS2_1_prefixes set {
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community $INTCOMM_PREFIX_OK
+} # WHITE_LIST_AS2_1
+match from 192.0.2.21 prefix-set AS_SET_AS_AS2_prefixes set {
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community $INTCOMM_PREFIX_OK
+} # AS_AS2
+# adding not_present_in_as_set community to unauthorized routes
+match from 192.0.2.21 ext-community $INTCOMM_PREFIX_KO set community 999:64513
+match from 192.0.2.21 ext-community $INTCOMM_PREFIX_KO set large-community 999:0:64513
+# adding present_in_as_set community to authorized routes
+match from 192.0.2.21 ext-community $INTCOMM_PREFIX_OK set community 999:64512
+match from 192.0.2.21 ext-community $INTCOMM_PREFIX_OK set large-community 999:0:64512
+
+
+# routes tagged with $INTCOMM_PREF_OK_ROA community have the prefix validated by a ROA; origin ASN previously validated ($INTCOMM_ORIGIN_OK)
+match from 192.0.2.21 ext-community $INTCOMM_ORIGIN_OK ext-community $INTCOMM_PREF_OK_ROA set community 999:64516
+match from 192.0.2.21 ext-community $INTCOMM_ORIGIN_OK ext-community $INTCOMM_PREF_OK_ROA set large-community 999:0:64516
+
+match from 192.0.2.21 ext-community $INTCOMM_ORIGIN_OK ext-community $INTCOMM_PREF_OK_ROA set ext-community delete $INTCOMM_IRR_REJECT
+
+# routes tagged with $INTCOMM_PREF_OK_ARINDB community have the prefix validated by an ARIN Whois record; origin ASN previously validated ($INTCOMM_ORIGIN_OK)
+match from 192.0.2.21 ext-community $INTCOMM_ORIGIN_OK ext-community $INTCOMM_PREF_OK_ARINDB set community 999:64518
+match from 192.0.2.21 ext-community $INTCOMM_ORIGIN_OK ext-community $INTCOMM_PREF_OK_ARINDB set large-community 999:0:64518
+
+match from 192.0.2.21 ext-community $INTCOMM_ORIGIN_OK ext-community $INTCOMM_PREF_OK_ARINDB set ext-community delete $INTCOMM_IRR_REJECT
+
+
+
+
+
+
+# Prefix: length
+# Reject inbound routes when 'from 192.0.2.21 prefix 0.0.0.0/0 prefixlen 8 >< 24' - reject code: 13
+allow quick from 192.0.2.21 prefix 0.0.0.0/0 prefixlen 8 >< 24 set {
+	localpref 1
+	community 65520:0
+	community 65520:13
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+# Remove internal communities before accepting the route
+match from 192.0.2.21 set {
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+match from 192.0.2.21 set ext-community delete rt 65520:2
+
+
+
+allow quick from 192.0.2.21
+
+
+
+# ---------------------------------------------
+# client AS2_1, outbound
+
+deny quick to 192.0.2.21 community 65520:0
+
+
+
+# Blackhole request?
+# No blackhole filtering policy given
+deny quick to 192.0.2.21 community BLACKHOLE
+
+
+
+# NO_EXPORT and NO_ADVERTISE communities
+
+# BGP control communities
+allow to 192.0.2.21
+
+
+# Add the $INTCOMM_PROCESS_PREPEND_COMMS ext community to signal that communities
+# for prepending can be processed. As soon as one prepending action is performed,
+# this internal community is removed, so that further actions are not processed.
+match to 192.0.2.21 set ext-community $INTCOMM_PROCESS_PREPEND_COMMS
+
+
+
+
+
+# ---------------------------------------------
+# client AS2_2, inbound
+
+
+
+# NEXT_HOP
+match from 2001:db8:1:1::21 set community NO_ADVERTISE
+match from 2001:db8:1:1::21 nexthop 2001:db8:1:1::21 set community delete NO_ADVERTISE
+# Reject inbound routes when 'from 2001:db8:1:1::21 community NO_ADVERTISE' - reject code: 5
+allow quick from 2001:db8:1:1::21 community NO_ADVERTISE set {
+	localpref 1
+	community 65520:0
+	community 65520:5
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: left-most ASN
+# Reject inbound routes when 'from 2001:db8:1:1::21 peer-as != 2' - reject code: 6
+# community from reject_cause_map
+allow quick from 2001:db8:1:1::21 peer-as != 2 set {
+	localpref 1
+	community 65520:0
+	community 65520:6
+	large-community 999:1101:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: invalid ASNs
+# Reject inbound routes when 'from 2001:db8:1:1::21 AS 23456' - reject code: 7
+allow quick from 2001:db8:1:1::21 AS 23456 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 2001:db8:1:1::21 AS 64496 - 131071' - reject code: 7
+allow quick from 2001:db8:1:1::21 AS 64496 - 131071 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 2001:db8:1:1::21 AS 4200000000 - 4294967295' - reject code: 7
+allow quick from 2001:db8:1:1::21 AS 4200000000 - 4294967295 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+
+
+match from 2001:db8:1:1::21 set ext-community $INTCOMM_IRR_REJECT
+
+# AS_PATH: check origin via AS-SET
+# IRRDB filters for AS2_2, AS2: asns
+# add $INTCOMM_ORIGIN_KO to any; it will be removed later if at least one AS-SET authorizes this object
+match from 2001:db8:1:1::21 set ext-community $INTCOMM_ORIGIN_KO
+# verifying if object is authorized by AS-SETs
+match from 2001:db8:1:1::21 source-as as-set AS_SET_WHITE_LIST_AS2_2_asns set {
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community $INTCOMM_ORIGIN_OK
+} # WHITE_LIST_AS2_2
+# AS-SET AS2 referenced but empty.
+match from 2001:db8:1:1::21 source-as as-set AS_SET_AS_AS2_asns set {
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community $INTCOMM_ORIGIN_OK
+} # AS_AS2
+# adding not_present_in_as_set community to unauthorized routes
+match from 2001:db8:1:1::21 ext-community $INTCOMM_ORIGIN_KO set community 999:64515
+match from 2001:db8:1:1::21 ext-community $INTCOMM_ORIGIN_KO set large-community 999:0:64515
+# adding present_in_as_set community to authorized routes
+match from 2001:db8:1:1::21 ext-community $INTCOMM_ORIGIN_OK set community 999:64514
+match from 2001:db8:1:1::21 ext-community $INTCOMM_ORIGIN_OK set large-community 999:0:64514
+
+
+# Prefix: check prefix via AS-SET
+# IRRDB filters for AS2_2, AS2: prefixes
+# add $INTCOMM_PREFIX_KO to any; it will be removed later if at least one AS-SET authorizes this object
+match from 2001:db8:1:1::21 set ext-community $INTCOMM_PREFIX_KO
+# verifying if object is authorized by AS-SETs
+match from 2001:db8:1:1::21 prefix-set AS_SET_WHITE_LIST_AS2_2_prefixes set {
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community $INTCOMM_PREFIX_OK
+} # WHITE_LIST_AS2_2
+# AS-SET AS2 referenced but empty.
+match from 2001:db8:1:1::21 prefix-set AS_SET_AS_AS2_prefixes set {
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community $INTCOMM_PREFIX_OK
+} # AS_AS2
+# adding not_present_in_as_set community to unauthorized routes
+match from 2001:db8:1:1::21 ext-community $INTCOMM_PREFIX_KO set community 999:64513
+match from 2001:db8:1:1::21 ext-community $INTCOMM_PREFIX_KO set large-community 999:0:64513
+# adding present_in_as_set community to authorized routes
+match from 2001:db8:1:1::21 ext-community $INTCOMM_PREFIX_OK set community 999:64512
+match from 2001:db8:1:1::21 ext-community $INTCOMM_PREFIX_OK set large-community 999:0:64512
+
+
+# routes tagged with $INTCOMM_PREF_OK_ROA community have the prefix validated by a ROA; origin ASN previously validated ($INTCOMM_ORIGIN_OK)
+match from 2001:db8:1:1::21 ext-community $INTCOMM_ORIGIN_OK ext-community $INTCOMM_PREF_OK_ROA set community 999:64516
+match from 2001:db8:1:1::21 ext-community $INTCOMM_ORIGIN_OK ext-community $INTCOMM_PREF_OK_ROA set large-community 999:0:64516
+
+match from 2001:db8:1:1::21 ext-community $INTCOMM_ORIGIN_OK ext-community $INTCOMM_PREF_OK_ROA set ext-community delete $INTCOMM_IRR_REJECT
+
+# routes tagged with $INTCOMM_PREF_OK_ARINDB community have the prefix validated by an ARIN Whois record; origin ASN previously validated ($INTCOMM_ORIGIN_OK)
+match from 2001:db8:1:1::21 ext-community $INTCOMM_ORIGIN_OK ext-community $INTCOMM_PREF_OK_ARINDB set community 999:64518
+match from 2001:db8:1:1::21 ext-community $INTCOMM_ORIGIN_OK ext-community $INTCOMM_PREF_OK_ARINDB set large-community 999:0:64518
+
+match from 2001:db8:1:1::21 ext-community $INTCOMM_ORIGIN_OK ext-community $INTCOMM_PREF_OK_ARINDB set ext-community delete $INTCOMM_IRR_REJECT
+
+
+
+
+
+
+# Prefix: length
+# Reject inbound routes when 'from 2001:db8:1:1::21 prefix ::/0 prefixlen 12 >< 48' - reject code: 13
+allow quick from 2001:db8:1:1::21 prefix ::/0 prefixlen 12 >< 48 set {
+	localpref 1
+	community 65520:0
+	community 65520:13
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+# Remove internal communities before accepting the route
+match from 2001:db8:1:1::21 set {
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+match from 2001:db8:1:1::21 set ext-community delete rt 65520:2
+
+
+
+allow quick from 2001:db8:1:1::21
+
+
+
+# ---------------------------------------------
+# client AS2_2, outbound
+
+deny quick to 2001:db8:1:1::21 community 65520:0
+
+
+
+# Blackhole request?
+# No blackhole filtering policy given
+deny quick to 2001:db8:1:1::21 community BLACKHOLE
+
+
+
+# NO_EXPORT and NO_ADVERTISE communities
+
+# BGP control communities
+allow to 2001:db8:1:1::21
+
+
+# Add the $INTCOMM_PROCESS_PREPEND_COMMS ext community to signal that communities
+# for prepending can be processed. As soon as one prepending action is performed,
+# this internal community is removed, so that further actions are not processed.
+match to 2001:db8:1:1::21 set ext-community $INTCOMM_PROCESS_PREPEND_COMMS
+
+
+
+
+
+# ---------------------------------------------
+# client AS4_1, inbound
+
+
+
+# NEXT_HOP
+match from 192.0.2.41 set community NO_ADVERTISE
+match from 192.0.2.41 nexthop 192.0.2.41 set community delete NO_ADVERTISE
+# Reject inbound routes when 'from 192.0.2.41 community NO_ADVERTISE' - reject code: 5
+allow quick from 192.0.2.41 community NO_ADVERTISE set {
+	localpref 1
+	community 65520:0
+	community 65520:5
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: left-most ASN
+# Reject inbound routes when 'from 192.0.2.41 peer-as != 4' - reject code: 6
+# community from reject_cause_map
+allow quick from 192.0.2.41 peer-as != 4 set {
+	localpref 1
+	community 65520:0
+	community 65520:6
+	large-community 999:1101:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: invalid ASNs
+# Reject inbound routes when 'from 192.0.2.41 AS 23456' - reject code: 7
+allow quick from 192.0.2.41 AS 23456 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 192.0.2.41 AS 64496 - 131071' - reject code: 7
+allow quick from 192.0.2.41 AS 64496 - 131071 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 192.0.2.41 AS 4200000000 - 4294967295' - reject code: 7
+allow quick from 192.0.2.41 AS 4200000000 - 4294967295 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+
+# client's white list
+# Add the $INTCOMM_ROUTE_OK_WL ext community to routes which
+# are validated by a client's white list entry.
+# It will be used later during IRRDB validation in
+# case the route is not authorized by a client's
+# AS-SET.
+match from 192.0.2.41 prefix 2a04:4::/32 source-as 44 set ext-community $INTCOMM_ROUTE_OK_WL	# None
+match from 192.0.2.41 prefix 2a04:5::/32 prefixlen 32 - 128 source-as 43 set ext-community $INTCOMM_ROUTE_OK_WL	# None
+match from 192.0.2.41 prefix 2a04:6::/32 prefixlen 32 - 128 set ext-community $INTCOMM_ROUTE_OK_WL	# None
+match from 192.0.2.41 prefix 4.4.0.0/16 source-as 44 set ext-community $INTCOMM_ROUTE_OK_WL	# None
+match from 192.0.2.41 prefix 4.5.0.0/16 prefixlen 16 - 32 source-as 43 set ext-community $INTCOMM_ROUTE_OK_WL	# None
+match from 192.0.2.41 prefix 4.6.0.0/16 prefixlen 16 - 32 set ext-community $INTCOMM_ROUTE_OK_WL	# None
+
+match from 192.0.2.41 set ext-community $INTCOMM_IRR_REJECT
+
+# AS_PATH: check origin via AS-SET
+# IRRDB filters for AS4_1, AS4: asns
+# add $INTCOMM_ORIGIN_KO to any; it will be removed later if at least one AS-SET authorizes this object
+match from 192.0.2.41 set ext-community $INTCOMM_ORIGIN_KO
+# verifying if object is authorized by AS-SETs
+match from 192.0.2.41 source-as as-set AS_SET_WHITE_LIST_AS4_1_asns set {
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community $INTCOMM_ORIGIN_OK
+} # WHITE_LIST_AS4_1
+# AS-SET AS4 referenced but empty.
+match from 192.0.2.41 source-as as-set AS_SET_AS_AS4_asns set {
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community $INTCOMM_ORIGIN_OK
+} # AS_AS4
+# adding not_present_in_as_set community to unauthorized routes
+match from 192.0.2.41 ext-community $INTCOMM_ORIGIN_KO set community 999:64515
+match from 192.0.2.41 ext-community $INTCOMM_ORIGIN_KO set large-community 999:0:64515
+# adding present_in_as_set community to authorized routes
+match from 192.0.2.41 ext-community $INTCOMM_ORIGIN_OK set community 999:64514
+match from 192.0.2.41 ext-community $INTCOMM_ORIGIN_OK set large-community 999:0:64514
+
+
+# Prefix: check prefix via AS-SET
+# IRRDB filters for AS4_1, AS4: prefixes
+# add $INTCOMM_PREFIX_KO to any; it will be removed later if at least one AS-SET authorizes this object
+match from 192.0.2.41 set ext-community $INTCOMM_PREFIX_KO
+# verifying if object is authorized by AS-SETs
+match from 192.0.2.41 prefix-set AS_SET_WHITE_LIST_AS4_1_prefixes set {
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community $INTCOMM_PREFIX_OK
+} # WHITE_LIST_AS4_1
+# AS-SET AS4 referenced but empty.
+match from 192.0.2.41 prefix-set AS_SET_AS_AS4_prefixes set {
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community $INTCOMM_PREFIX_OK
+} # AS_AS4
+# adding not_present_in_as_set community to unauthorized routes
+match from 192.0.2.41 ext-community $INTCOMM_PREFIX_KO set community 999:64513
+match from 192.0.2.41 ext-community $INTCOMM_PREFIX_KO set large-community 999:0:64513
+# adding present_in_as_set community to authorized routes
+match from 192.0.2.41 ext-community $INTCOMM_PREFIX_OK set community 999:64512
+match from 192.0.2.41 ext-community $INTCOMM_PREFIX_OK set large-community 999:0:64512
+
+
+# routes tagged with $INTCOMM_PREF_OK_ROA community have the prefix validated by a ROA; origin ASN previously validated ($INTCOMM_ORIGIN_OK)
+match from 192.0.2.41 ext-community $INTCOMM_ORIGIN_OK ext-community $INTCOMM_PREF_OK_ROA set community 999:64516
+match from 192.0.2.41 ext-community $INTCOMM_ORIGIN_OK ext-community $INTCOMM_PREF_OK_ROA set large-community 999:0:64516
+
+match from 192.0.2.41 ext-community $INTCOMM_ORIGIN_OK ext-community $INTCOMM_PREF_OK_ROA set ext-community delete $INTCOMM_IRR_REJECT
+
+# routes tagged with $INTCOMM_PREF_OK_ARINDB community have the prefix validated by an ARIN Whois record; origin ASN previously validated ($INTCOMM_ORIGIN_OK)
+match from 192.0.2.41 ext-community $INTCOMM_ORIGIN_OK ext-community $INTCOMM_PREF_OK_ARINDB set community 999:64518
+match from 192.0.2.41 ext-community $INTCOMM_ORIGIN_OK ext-community $INTCOMM_PREF_OK_ARINDB set large-community 999:0:64518
+
+match from 192.0.2.41 ext-community $INTCOMM_ORIGIN_OK ext-community $INTCOMM_PREF_OK_ARINDB set ext-community delete $INTCOMM_IRR_REJECT
+
+
+# route authorized by a client's white list?
+match from 192.0.2.41 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_ROUTE_OK_WL set community 999:64517
+match from 192.0.2.41 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_ROUTE_OK_WL set large-community 999:0:64517
+
+match from 192.0.2.41 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_ROUTE_OK_WL set ext-community delete $INTCOMM_IRR_REJECT
+
+# enforcing: origin ASN
+# Reject inbound routes when 'from 192.0.2.41 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_ORIGIN_KO' - reject code: 9
+allow quick from 192.0.2.41 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_ORIGIN_KO set {
+	localpref 1
+	community 65520:0
+	community 65520:9
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+
+# Prefix: length
+# Reject inbound routes when 'from 192.0.2.41 prefix 0.0.0.0/0 prefixlen 8 >< 24' - reject code: 13
+allow quick from 192.0.2.41 prefix 0.0.0.0/0 prefixlen 8 >< 24 set {
+	localpref 1
+	community 65520:0
+	community 65520:13
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+# Remove internal communities before accepting the route
+match from 192.0.2.41 set {
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+match from 192.0.2.41 set ext-community delete rt 65520:4
+
+
+
+allow quick from 192.0.2.41
+
+
+
+# ---------------------------------------------
+# client AS4_1, outbound
+
+deny quick to 192.0.2.41 community 65520:0
+
+
+
+# Blackhole request?
+# No blackhole filtering policy given
+deny quick to 192.0.2.41 community BLACKHOLE
+
+
+
+# NO_EXPORT and NO_ADVERTISE communities
+
+# BGP control communities
+allow to 192.0.2.41
+
+
+# Add the $INTCOMM_PROCESS_PREPEND_COMMS ext community to signal that communities
+# for prepending can be processed. As soon as one prepending action is performed,
+# this internal community is removed, so that further actions are not processed.
+match to 192.0.2.41 set ext-community $INTCOMM_PROCESS_PREPEND_COMMS
+
+
+
+
+
+# ---------------------------------------------
+# client AS4_2, inbound
+
+
+
+# NEXT_HOP
+match from 2001:db8:1:1::41 set community NO_ADVERTISE
+match from 2001:db8:1:1::41 nexthop 2001:db8:1:1::41 set community delete NO_ADVERTISE
+# Reject inbound routes when 'from 2001:db8:1:1::41 community NO_ADVERTISE' - reject code: 5
+allow quick from 2001:db8:1:1::41 community NO_ADVERTISE set {
+	localpref 1
+	community 65520:0
+	community 65520:5
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: left-most ASN
+# Reject inbound routes when 'from 2001:db8:1:1::41 peer-as != 4' - reject code: 6
+# community from reject_cause_map
+allow quick from 2001:db8:1:1::41 peer-as != 4 set {
+	localpref 1
+	community 65520:0
+	community 65520:6
+	large-community 999:1101:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: invalid ASNs
+# Reject inbound routes when 'from 2001:db8:1:1::41 AS 23456' - reject code: 7
+allow quick from 2001:db8:1:1::41 AS 23456 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 2001:db8:1:1::41 AS 64496 - 131071' - reject code: 7
+allow quick from 2001:db8:1:1::41 AS 64496 - 131071 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 2001:db8:1:1::41 AS 4200000000 - 4294967295' - reject code: 7
+allow quick from 2001:db8:1:1::41 AS 4200000000 - 4294967295 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+
+# client's white list
+# Add the $INTCOMM_ROUTE_OK_WL ext community to routes which
+# are validated by a client's white list entry.
+# It will be used later during IRRDB validation in
+# case the route is not authorized by a client's
+# AS-SET.
+match from 2001:db8:1:1::41 prefix 2a04:4::/32 source-as 44 set ext-community $INTCOMM_ROUTE_OK_WL	# None
+match from 2001:db8:1:1::41 prefix 2a04:5::/32 prefixlen 32 - 128 source-as 43 set ext-community $INTCOMM_ROUTE_OK_WL	# None
+match from 2001:db8:1:1::41 prefix 2a04:6::/32 prefixlen 32 - 128 set ext-community $INTCOMM_ROUTE_OK_WL	# None
+match from 2001:db8:1:1::41 prefix 4.4.0.0/16 source-as 44 set ext-community $INTCOMM_ROUTE_OK_WL	# None
+match from 2001:db8:1:1::41 prefix 4.5.0.0/16 prefixlen 16 - 32 source-as 43 set ext-community $INTCOMM_ROUTE_OK_WL	# None
+match from 2001:db8:1:1::41 prefix 4.6.0.0/16 prefixlen 16 - 32 set ext-community $INTCOMM_ROUTE_OK_WL	# None
+
+match from 2001:db8:1:1::41 set ext-community $INTCOMM_IRR_REJECT
+
+# AS_PATH: check origin via AS-SET
+# IRRDB filters for AS4_2, AS4: asns
+# add $INTCOMM_ORIGIN_KO to any; it will be removed later if at least one AS-SET authorizes this object
+match from 2001:db8:1:1::41 set ext-community $INTCOMM_ORIGIN_KO
+# verifying if object is authorized by AS-SETs
+# AS-SET AS4 referenced but empty.
+match from 2001:db8:1:1::41 source-as as-set AS_SET_AS_AS4_asns set {
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community $INTCOMM_ORIGIN_OK
+} # AS_AS4
+match from 2001:db8:1:1::41 source-as as-set AS_SET_WHITE_LIST_AS4_2_asns set {
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community $INTCOMM_ORIGIN_OK
+} # WHITE_LIST_AS4_2
+# adding not_present_in_as_set community to unauthorized routes
+match from 2001:db8:1:1::41 ext-community $INTCOMM_ORIGIN_KO set community 999:64515
+match from 2001:db8:1:1::41 ext-community $INTCOMM_ORIGIN_KO set large-community 999:0:64515
+# adding present_in_as_set community to authorized routes
+match from 2001:db8:1:1::41 ext-community $INTCOMM_ORIGIN_OK set community 999:64514
+match from 2001:db8:1:1::41 ext-community $INTCOMM_ORIGIN_OK set large-community 999:0:64514
+
+
+# Prefix: check prefix via AS-SET
+# IRRDB filters for AS4_2, AS4: prefixes
+# add $INTCOMM_PREFIX_KO to any; it will be removed later if at least one AS-SET authorizes this object
+match from 2001:db8:1:1::41 set ext-community $INTCOMM_PREFIX_KO
+# verifying if object is authorized by AS-SETs
+# AS-SET AS4 referenced but empty.
+match from 2001:db8:1:1::41 prefix-set AS_SET_AS_AS4_prefixes set {
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community $INTCOMM_PREFIX_OK
+} # AS_AS4
+match from 2001:db8:1:1::41 prefix-set AS_SET_WHITE_LIST_AS4_2_prefixes set {
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community $INTCOMM_PREFIX_OK
+} # WHITE_LIST_AS4_2
+# adding not_present_in_as_set community to unauthorized routes
+match from 2001:db8:1:1::41 ext-community $INTCOMM_PREFIX_KO set community 999:64513
+match from 2001:db8:1:1::41 ext-community $INTCOMM_PREFIX_KO set large-community 999:0:64513
+# adding present_in_as_set community to authorized routes
+match from 2001:db8:1:1::41 ext-community $INTCOMM_PREFIX_OK set community 999:64512
+match from 2001:db8:1:1::41 ext-community $INTCOMM_PREFIX_OK set large-community 999:0:64512
+
+
+# routes tagged with $INTCOMM_PREF_OK_ROA community have the prefix validated by a ROA; origin ASN previously validated ($INTCOMM_ORIGIN_OK)
+match from 2001:db8:1:1::41 ext-community $INTCOMM_ORIGIN_OK ext-community $INTCOMM_PREF_OK_ROA set community 999:64516
+match from 2001:db8:1:1::41 ext-community $INTCOMM_ORIGIN_OK ext-community $INTCOMM_PREF_OK_ROA set large-community 999:0:64516
+
+match from 2001:db8:1:1::41 ext-community $INTCOMM_ORIGIN_OK ext-community $INTCOMM_PREF_OK_ROA set ext-community delete $INTCOMM_IRR_REJECT
+
+# routes tagged with $INTCOMM_PREF_OK_ARINDB community have the prefix validated by an ARIN Whois record; origin ASN previously validated ($INTCOMM_ORIGIN_OK)
+match from 2001:db8:1:1::41 ext-community $INTCOMM_ORIGIN_OK ext-community $INTCOMM_PREF_OK_ARINDB set community 999:64518
+match from 2001:db8:1:1::41 ext-community $INTCOMM_ORIGIN_OK ext-community $INTCOMM_PREF_OK_ARINDB set large-community 999:0:64518
+
+match from 2001:db8:1:1::41 ext-community $INTCOMM_ORIGIN_OK ext-community $INTCOMM_PREF_OK_ARINDB set ext-community delete $INTCOMM_IRR_REJECT
+
+
+# route authorized by a client's white list?
+match from 2001:db8:1:1::41 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_ROUTE_OK_WL set community 999:64517
+match from 2001:db8:1:1::41 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_ROUTE_OK_WL set large-community 999:0:64517
+
+match from 2001:db8:1:1::41 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_ROUTE_OK_WL set ext-community delete $INTCOMM_IRR_REJECT
+
+# enforcing: origin ASN
+# Reject inbound routes when 'from 2001:db8:1:1::41 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_ORIGIN_KO' - reject code: 9
+allow quick from 2001:db8:1:1::41 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_ORIGIN_KO set {
+	localpref 1
+	community 65520:0
+	community 65520:9
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+
+# Prefix: length
+# Reject inbound routes when 'from 2001:db8:1:1::41 prefix ::/0 prefixlen 12 >< 48' - reject code: 13
+allow quick from 2001:db8:1:1::41 prefix ::/0 prefixlen 12 >< 48 set {
+	localpref 1
+	community 65520:0
+	community 65520:13
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+# Remove internal communities before accepting the route
+match from 2001:db8:1:1::41 set {
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+match from 2001:db8:1:1::41 set ext-community delete rt 65520:4
+
+
+
+allow quick from 2001:db8:1:1::41
+
+
+
+# ---------------------------------------------
+# client AS4_2, outbound
+
+deny quick to 2001:db8:1:1::41 community 65520:0
+
+
+
+# Blackhole request?
+# No blackhole filtering policy given
+deny quick to 2001:db8:1:1::41 community BLACKHOLE
+
+
+
+# NO_EXPORT and NO_ADVERTISE communities
+
+# BGP control communities
+allow to 2001:db8:1:1::41
+
+
+# Add the $INTCOMM_PROCESS_PREPEND_COMMS ext community to signal that communities
+# for prepending can be processed. As soon as one prepending action is performed,
+# this internal community is removed, so that further actions are not processed.
+match to 2001:db8:1:1::41 set ext-community $INTCOMM_PROCESS_PREPEND_COMMS
+
+
+
+
+
+# ---------------------------------------------
+# client AS5_1, inbound
+
+
+
+# NEXT_HOP
+match from 192.0.2.51 set community NO_ADVERTISE
+match from 192.0.2.51 nexthop 192.0.2.51 set community delete NO_ADVERTISE
+# Reject inbound routes when 'from 192.0.2.51 community NO_ADVERTISE' - reject code: 5
+allow quick from 192.0.2.51 community NO_ADVERTISE set {
+	localpref 1
+	community 65520:0
+	community 65520:5
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: left-most ASN
+# Reject inbound routes when 'from 192.0.2.51 peer-as != 5' - reject code: 6
+# community from reject_cause_map
+allow quick from 192.0.2.51 peer-as != 5 set {
+	localpref 1
+	community 65520:0
+	community 65520:6
+	large-community 999:1101:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: invalid ASNs
+# Reject inbound routes when 'from 192.0.2.51 AS 23456' - reject code: 7
+allow quick from 192.0.2.51 AS 23456 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 192.0.2.51 AS 64496 - 131071' - reject code: 7
+allow quick from 192.0.2.51 AS 64496 - 131071 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 192.0.2.51 AS 4200000000 - 4294967295' - reject code: 7
+allow quick from 192.0.2.51 AS 4200000000 - 4294967295 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+
+
+match from 192.0.2.51 set ext-community $INTCOMM_IRR_REJECT
+
+# AS_PATH: check origin via AS-SET
+# IRRDB filters for AS5_1, AS5: asns
+# add $INTCOMM_ORIGIN_KO to any; it will be removed later if at least one AS-SET authorizes this object
+match from 192.0.2.51 set ext-community $INTCOMM_ORIGIN_KO
+# verifying if object is authorized by AS-SETs
+match from 192.0.2.51 source-as as-set AS_SET_AS_AS5_FROM_PDB_asns set {
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community $INTCOMM_ORIGIN_OK
+} # AS_AS5_FROM_PDB
+# AS-SET AS5 referenced but empty.
+match from 192.0.2.51 source-as as-set AS_SET_WHITE_LIST_AS5_1_asns set {
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community $INTCOMM_ORIGIN_OK
+} # WHITE_LIST_AS5_1
+# adding not_present_in_as_set community to unauthorized routes
+match from 192.0.2.51 ext-community $INTCOMM_ORIGIN_KO set community 999:64515
+match from 192.0.2.51 ext-community $INTCOMM_ORIGIN_KO set large-community 999:0:64515
+# adding present_in_as_set community to authorized routes
+match from 192.0.2.51 ext-community $INTCOMM_ORIGIN_OK set community 999:64514
+match from 192.0.2.51 ext-community $INTCOMM_ORIGIN_OK set large-community 999:0:64514
+
+
+# Prefix: check prefix via AS-SET
+# IRRDB filters for AS5_1, AS5: prefixes
+# add $INTCOMM_PREFIX_KO to any; it will be removed later if at least one AS-SET authorizes this object
+match from 192.0.2.51 set ext-community $INTCOMM_PREFIX_KO
+# verifying if object is authorized by AS-SETs
+match from 192.0.2.51 prefix-set AS_SET_AS_AS5_FROM_PDB_prefixes set {
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community $INTCOMM_PREFIX_OK
+} # AS_AS5_FROM_PDB
+# AS-SET AS5 referenced but empty.
+match from 192.0.2.51 prefix-set AS_SET_WHITE_LIST_AS5_1_prefixes set {
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community $INTCOMM_PREFIX_OK
+} # WHITE_LIST_AS5_1
+# adding not_present_in_as_set community to unauthorized routes
+match from 192.0.2.51 ext-community $INTCOMM_PREFIX_KO set community 999:64513
+match from 192.0.2.51 ext-community $INTCOMM_PREFIX_KO set large-community 999:0:64513
+# adding present_in_as_set community to authorized routes
+match from 192.0.2.51 ext-community $INTCOMM_PREFIX_OK set community 999:64512
+match from 192.0.2.51 ext-community $INTCOMM_PREFIX_OK set large-community 999:0:64512
+
+
+# routes tagged with $INTCOMM_PREF_OK_ROA community have the prefix validated by a ROA; origin ASN previously validated ($INTCOMM_ORIGIN_OK)
+match from 192.0.2.51 ext-community $INTCOMM_ORIGIN_OK ext-community $INTCOMM_PREF_OK_ROA set community 999:64516
+match from 192.0.2.51 ext-community $INTCOMM_ORIGIN_OK ext-community $INTCOMM_PREF_OK_ROA set large-community 999:0:64516
+
+match from 192.0.2.51 ext-community $INTCOMM_ORIGIN_OK ext-community $INTCOMM_PREF_OK_ROA set ext-community delete $INTCOMM_IRR_REJECT
+
+# routes tagged with $INTCOMM_PREF_OK_ARINDB community have the prefix validated by an ARIN Whois record; origin ASN previously validated ($INTCOMM_ORIGIN_OK)
+match from 192.0.2.51 ext-community $INTCOMM_ORIGIN_OK ext-community $INTCOMM_PREF_OK_ARINDB set community 999:64518
+match from 192.0.2.51 ext-community $INTCOMM_ORIGIN_OK ext-community $INTCOMM_PREF_OK_ARINDB set large-community 999:0:64518
+
+match from 192.0.2.51 ext-community $INTCOMM_ORIGIN_OK ext-community $INTCOMM_PREF_OK_ARINDB set ext-community delete $INTCOMM_IRR_REJECT
+
+
+
+# enforcing: prefix
+# Reject inbound routes when 'from 192.0.2.51 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_PREFIX_KO' - reject code: 12
+allow quick from 192.0.2.51 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_PREFIX_KO set {
+	localpref 1
+	community 65520:0
+	community 65520:12
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+
+# Prefix: length
+# Reject inbound routes when 'from 192.0.2.51 prefix 0.0.0.0/0 prefixlen 8 >< 24' - reject code: 13
+allow quick from 192.0.2.51 prefix 0.0.0.0/0 prefixlen 8 >< 24 set {
+	localpref 1
+	community 65520:0
+	community 65520:13
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+# Remove internal communities before accepting the route
+match from 192.0.2.51 set {
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+match from 192.0.2.51 set ext-community delete rt 65520:5
+
+
+
+allow quick from 192.0.2.51
+
+
+
+# ---------------------------------------------
+# client AS5_1, outbound
+
+deny quick to 192.0.2.51 community 65520:0
+
+
+
+# Blackhole request?
+# No blackhole filtering policy given
+deny quick to 192.0.2.51 community BLACKHOLE
+
+
+
+# NO_EXPORT and NO_ADVERTISE communities
+
+# BGP control communities
+allow to 192.0.2.51
+
+
+# Add the $INTCOMM_PROCESS_PREPEND_COMMS ext community to signal that communities
+# for prepending can be processed. As soon as one prepending action is performed,
+# this internal community is removed, so that further actions are not processed.
+match to 192.0.2.51 set ext-community $INTCOMM_PROCESS_PREPEND_COMMS
+
+
+
+
+
+# ---------------------------------------------
+# client AS5_2, inbound
+
+
+
+# NEXT_HOP
+match from 2001:db8:1:1::51 set community NO_ADVERTISE
+match from 2001:db8:1:1::51 nexthop 2001:db8:1:1::51 set community delete NO_ADVERTISE
+# Reject inbound routes when 'from 2001:db8:1:1::51 community NO_ADVERTISE' - reject code: 5
+allow quick from 2001:db8:1:1::51 community NO_ADVERTISE set {
+	localpref 1
+	community 65520:0
+	community 65520:5
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: left-most ASN
+# Reject inbound routes when 'from 2001:db8:1:1::51 peer-as != 5' - reject code: 6
+# community from reject_cause_map
+allow quick from 2001:db8:1:1::51 peer-as != 5 set {
+	localpref 1
+	community 65520:0
+	community 65520:6
+	large-community 999:1101:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: invalid ASNs
+# Reject inbound routes when 'from 2001:db8:1:1::51 AS 23456' - reject code: 7
+allow quick from 2001:db8:1:1::51 AS 23456 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 2001:db8:1:1::51 AS 64496 - 131071' - reject code: 7
+allow quick from 2001:db8:1:1::51 AS 64496 - 131071 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 2001:db8:1:1::51 AS 4200000000 - 4294967295' - reject code: 7
+allow quick from 2001:db8:1:1::51 AS 4200000000 - 4294967295 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+
+
+match from 2001:db8:1:1::51 set ext-community $INTCOMM_IRR_REJECT
+
+# AS_PATH: check origin via AS-SET
+# IRRDB filters for AS5_2, AS5: asns
+# add $INTCOMM_ORIGIN_KO to any; it will be removed later if at least one AS-SET authorizes this object
+match from 2001:db8:1:1::51 set ext-community $INTCOMM_ORIGIN_KO
+# verifying if object is authorized by AS-SETs
+match from 2001:db8:1:1::51 source-as as-set AS_SET_AS_AS5_FROM_PDB_asns set {
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community $INTCOMM_ORIGIN_OK
+} # AS_AS5_FROM_PDB
+match from 2001:db8:1:1::51 source-as as-set AS_SET_WHITE_LIST_AS5_2_asns set {
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community $INTCOMM_ORIGIN_OK
+} # WHITE_LIST_AS5_2
+# AS-SET AS5 referenced but empty.
+# adding not_present_in_as_set community to unauthorized routes
+match from 2001:db8:1:1::51 ext-community $INTCOMM_ORIGIN_KO set community 999:64515
+match from 2001:db8:1:1::51 ext-community $INTCOMM_ORIGIN_KO set large-community 999:0:64515
+# adding present_in_as_set community to authorized routes
+match from 2001:db8:1:1::51 ext-community $INTCOMM_ORIGIN_OK set community 999:64514
+match from 2001:db8:1:1::51 ext-community $INTCOMM_ORIGIN_OK set large-community 999:0:64514
+
+
+# Prefix: check prefix via AS-SET
+# IRRDB filters for AS5_2, AS5: prefixes
+# add $INTCOMM_PREFIX_KO to any; it will be removed later if at least one AS-SET authorizes this object
+match from 2001:db8:1:1::51 set ext-community $INTCOMM_PREFIX_KO
+# verifying if object is authorized by AS-SETs
+match from 2001:db8:1:1::51 prefix-set AS_SET_AS_AS5_FROM_PDB_prefixes set {
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community $INTCOMM_PREFIX_OK
+} # AS_AS5_FROM_PDB
+match from 2001:db8:1:1::51 prefix-set AS_SET_WHITE_LIST_AS5_2_prefixes set {
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community $INTCOMM_PREFIX_OK
+} # WHITE_LIST_AS5_2
+# AS-SET AS5 referenced but empty.
+# adding not_present_in_as_set community to unauthorized routes
+match from 2001:db8:1:1::51 ext-community $INTCOMM_PREFIX_KO set community 999:64513
+match from 2001:db8:1:1::51 ext-community $INTCOMM_PREFIX_KO set large-community 999:0:64513
+# adding present_in_as_set community to authorized routes
+match from 2001:db8:1:1::51 ext-community $INTCOMM_PREFIX_OK set community 999:64512
+match from 2001:db8:1:1::51 ext-community $INTCOMM_PREFIX_OK set large-community 999:0:64512
+
+
+# routes tagged with $INTCOMM_PREF_OK_ROA community have the prefix validated by a ROA; origin ASN previously validated ($INTCOMM_ORIGIN_OK)
+match from 2001:db8:1:1::51 ext-community $INTCOMM_ORIGIN_OK ext-community $INTCOMM_PREF_OK_ROA set community 999:64516
+match from 2001:db8:1:1::51 ext-community $INTCOMM_ORIGIN_OK ext-community $INTCOMM_PREF_OK_ROA set large-community 999:0:64516
+
+match from 2001:db8:1:1::51 ext-community $INTCOMM_ORIGIN_OK ext-community $INTCOMM_PREF_OK_ROA set ext-community delete $INTCOMM_IRR_REJECT
+
+# routes tagged with $INTCOMM_PREF_OK_ARINDB community have the prefix validated by an ARIN Whois record; origin ASN previously validated ($INTCOMM_ORIGIN_OK)
+match from 2001:db8:1:1::51 ext-community $INTCOMM_ORIGIN_OK ext-community $INTCOMM_PREF_OK_ARINDB set community 999:64518
+match from 2001:db8:1:1::51 ext-community $INTCOMM_ORIGIN_OK ext-community $INTCOMM_PREF_OK_ARINDB set large-community 999:0:64518
+
+match from 2001:db8:1:1::51 ext-community $INTCOMM_ORIGIN_OK ext-community $INTCOMM_PREF_OK_ARINDB set ext-community delete $INTCOMM_IRR_REJECT
+
+
+
+# enforcing: prefix
+# Reject inbound routes when 'from 2001:db8:1:1::51 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_PREFIX_KO' - reject code: 12
+allow quick from 2001:db8:1:1::51 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_PREFIX_KO set {
+	localpref 1
+	community 65520:0
+	community 65520:12
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+
+# Prefix: length
+# Reject inbound routes when 'from 2001:db8:1:1::51 prefix ::/0 prefixlen 12 >< 48' - reject code: 13
+allow quick from 2001:db8:1:1::51 prefix ::/0 prefixlen 12 >< 48 set {
+	localpref 1
+	community 65520:0
+	community 65520:13
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+# Remove internal communities before accepting the route
+match from 2001:db8:1:1::51 set {
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+match from 2001:db8:1:1::51 set ext-community delete rt 65520:5
+
+
+
+allow quick from 2001:db8:1:1::51
+
+
+
+# ---------------------------------------------
+# client AS5_2, outbound
+
+deny quick to 2001:db8:1:1::51 community 65520:0
+
+
+
+# Blackhole request?
+# No blackhole filtering policy given
+deny quick to 2001:db8:1:1::51 community BLACKHOLE
+
+
+
+# NO_EXPORT and NO_ADVERTISE communities
+
+# BGP control communities
+allow to 2001:db8:1:1::51
+
+
+# Add the $INTCOMM_PROCESS_PREPEND_COMMS ext community to signal that communities
+# for prepending can be processed. As soon as one prepending action is performed,
+# this internal community is removed, so that further actions are not processed.
+match to 2001:db8:1:1::51 set ext-community $INTCOMM_PROCESS_PREPEND_COMMS
+
+
+
+
+
+# ---------------------------------------------
+# client AS6_1, inbound
+
+
+
+# NEXT_HOP
+match from 192.0.2.61 set community NO_ADVERTISE
+match from 192.0.2.61 nexthop 192.0.2.61 set community delete NO_ADVERTISE
+# Reject inbound routes when 'from 192.0.2.61 community NO_ADVERTISE' - reject code: 5
+allow quick from 192.0.2.61 community NO_ADVERTISE set {
+	localpref 1
+	community 65520:0
+	community 65520:5
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: left-most ASN
+# Reject inbound routes when 'from 192.0.2.61 peer-as != 6' - reject code: 6
+# community from reject_cause_map
+allow quick from 192.0.2.61 peer-as != 6 set {
+	localpref 1
+	community 65520:0
+	community 65520:6
+	large-community 999:1101:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: invalid ASNs
+# Reject inbound routes when 'from 192.0.2.61 AS 23456' - reject code: 7
+allow quick from 192.0.2.61 AS 23456 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 192.0.2.61 AS 64496 - 131071' - reject code: 7
+allow quick from 192.0.2.61 AS 64496 - 131071 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 192.0.2.61 AS 4200000000 - 4294967295' - reject code: 7
+allow quick from 192.0.2.61 AS 4200000000 - 4294967295 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+
+# client's white list
+# Add the $INTCOMM_ROUTE_OK_WL ext community to routes which
+# are validated by a client's white list entry.
+# It will be used later during IRRDB validation in
+# case the route is not authorized by a client's
+# AS-SET.
+match from 192.0.2.61 prefix 2a03:2::/32 prefixlen 32 - 128 source-as 3 set ext-community $INTCOMM_ROUTE_OK_WL	# None
+match from 192.0.2.61 prefix 3.2.0.0/16 prefixlen 16 - 32 source-as 3 set ext-community $INTCOMM_ROUTE_OK_WL	# None
+
+match from 192.0.2.61 set ext-community $INTCOMM_IRR_REJECT
+
+# AS_PATH: check origin via AS-SET
+# IRRDB filters for AS6_1, AS6: asns
+# add $INTCOMM_ORIGIN_KO to any; it will be removed later if at least one AS-SET authorizes this object
+match from 192.0.2.61 set ext-community $INTCOMM_ORIGIN_KO
+# verifying if object is authorized by AS-SETs
+match from 192.0.2.61 source-as as-set AS_SET_AS6_asns set {
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community $INTCOMM_ORIGIN_OK
+} # AS6
+# adding not_present_in_as_set community to unauthorized routes
+match from 192.0.2.61 ext-community $INTCOMM_ORIGIN_KO set community 999:64515
+match from 192.0.2.61 ext-community $INTCOMM_ORIGIN_KO set large-community 999:0:64515
+# adding present_in_as_set community to authorized routes
+match from 192.0.2.61 ext-community $INTCOMM_ORIGIN_OK set community 999:64514
+match from 192.0.2.61 ext-community $INTCOMM_ORIGIN_OK set large-community 999:0:64514
+
+
+# Prefix: check prefix via AS-SET
+# IRRDB filters for AS6_1, AS6: prefixes
+# add $INTCOMM_PREFIX_KO to any; it will be removed later if at least one AS-SET authorizes this object
+match from 192.0.2.61 set ext-community $INTCOMM_PREFIX_KO
+# verifying if object is authorized by AS-SETs
+match from 192.0.2.61 prefix-set AS_SET_AS6_prefixes set {
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community $INTCOMM_PREFIX_OK
+} # AS6
+# adding not_present_in_as_set community to unauthorized routes
+match from 192.0.2.61 ext-community $INTCOMM_PREFIX_KO set community 999:64513
+match from 192.0.2.61 ext-community $INTCOMM_PREFIX_KO set large-community 999:0:64513
+# adding present_in_as_set community to authorized routes
+match from 192.0.2.61 ext-community $INTCOMM_PREFIX_OK set community 999:64512
+match from 192.0.2.61 ext-community $INTCOMM_PREFIX_OK set large-community 999:0:64512
+
+
+# routes tagged with $INTCOMM_PREF_OK_ROA community have the prefix validated by a ROA; origin ASN previously validated ($INTCOMM_ORIGIN_OK)
+match from 192.0.2.61 ext-community $INTCOMM_ORIGIN_OK ext-community $INTCOMM_PREF_OK_ROA set community 999:64516
+match from 192.0.2.61 ext-community $INTCOMM_ORIGIN_OK ext-community $INTCOMM_PREF_OK_ROA set large-community 999:0:64516
+
+match from 192.0.2.61 ext-community $INTCOMM_ORIGIN_OK ext-community $INTCOMM_PREF_OK_ROA set ext-community delete $INTCOMM_IRR_REJECT
+
+# routes tagged with $INTCOMM_PREF_OK_ARINDB community have the prefix validated by an ARIN Whois record; origin ASN previously validated ($INTCOMM_ORIGIN_OK)
+match from 192.0.2.61 ext-community $INTCOMM_ORIGIN_OK ext-community $INTCOMM_PREF_OK_ARINDB set community 999:64518
+match from 192.0.2.61 ext-community $INTCOMM_ORIGIN_OK ext-community $INTCOMM_PREF_OK_ARINDB set large-community 999:0:64518
+
+match from 192.0.2.61 ext-community $INTCOMM_ORIGIN_OK ext-community $INTCOMM_PREF_OK_ARINDB set ext-community delete $INTCOMM_IRR_REJECT
+
+
+# route authorized by a client's white list?
+match from 192.0.2.61 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_ROUTE_OK_WL set community 999:64517
+match from 192.0.2.61 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_ROUTE_OK_WL set large-community 999:0:64517
+
+match from 192.0.2.61 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_ROUTE_OK_WL set ext-community delete $INTCOMM_IRR_REJECT
+
+# enforcing: origin ASN
+# Reject inbound routes when 'from 192.0.2.61 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_ORIGIN_KO' - reject code: 9
+allow quick from 192.0.2.61 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_ORIGIN_KO set {
+	localpref 1
+	community 65520:0
+	community 65520:9
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# enforcing: prefix
+# Reject inbound routes when 'from 192.0.2.61 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_PREFIX_KO' - reject code: 12
+allow quick from 192.0.2.61 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_PREFIX_KO set {
+	localpref 1
+	community 65520:0
+	community 65520:12
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+
+# Prefix: length
+# Reject inbound routes when 'from 192.0.2.61 prefix 0.0.0.0/0 prefixlen 8 >< 24' - reject code: 13
+allow quick from 192.0.2.61 prefix 0.0.0.0/0 prefixlen 8 >< 24 set {
+	localpref 1
+	community 65520:0
+	community 65520:13
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+# Remove internal communities before accepting the route
+match from 192.0.2.61 set {
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+match from 192.0.2.61 set ext-community delete rt 65520:6
+
+
+
+allow quick from 192.0.2.61
+
+
+
+# ---------------------------------------------
+# client AS6_1, outbound
+
+deny quick to 192.0.2.61 community 65520:0
+
+
+
+# Blackhole request?
+# No blackhole filtering policy given
+deny quick to 192.0.2.61 community BLACKHOLE
+
+
+
+# NO_EXPORT and NO_ADVERTISE communities
+
+# BGP control communities
+allow to 192.0.2.61
+
+
+# Add the $INTCOMM_PROCESS_PREPEND_COMMS ext community to signal that communities
+# for prepending can be processed. As soon as one prepending action is performed,
+# this internal community is removed, so that further actions are not processed.
+match to 192.0.2.61 set ext-community $INTCOMM_PROCESS_PREPEND_COMMS
+
+
+
+
+
+# ---------------------------------------------
+# client AS6_2, inbound
+
+
+
+# NEXT_HOP
+match from 2001:db8:1:1::61 set community NO_ADVERTISE
+match from 2001:db8:1:1::61 nexthop 2001:db8:1:1::61 set community delete NO_ADVERTISE
+# Reject inbound routes when 'from 2001:db8:1:1::61 community NO_ADVERTISE' - reject code: 5
+allow quick from 2001:db8:1:1::61 community NO_ADVERTISE set {
+	localpref 1
+	community 65520:0
+	community 65520:5
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: left-most ASN
+# Reject inbound routes when 'from 2001:db8:1:1::61 peer-as != 6' - reject code: 6
+# community from reject_cause_map
+allow quick from 2001:db8:1:1::61 peer-as != 6 set {
+	localpref 1
+	community 65520:0
+	community 65520:6
+	large-community 999:1101:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: invalid ASNs
+# Reject inbound routes when 'from 2001:db8:1:1::61 AS 23456' - reject code: 7
+allow quick from 2001:db8:1:1::61 AS 23456 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 2001:db8:1:1::61 AS 64496 - 131071' - reject code: 7
+allow quick from 2001:db8:1:1::61 AS 64496 - 131071 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 2001:db8:1:1::61 AS 4200000000 - 4294967295' - reject code: 7
+allow quick from 2001:db8:1:1::61 AS 4200000000 - 4294967295 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+
+# client's white list
+# Add the $INTCOMM_ROUTE_OK_WL ext community to routes which
+# are validated by a client's white list entry.
+# It will be used later during IRRDB validation in
+# case the route is not authorized by a client's
+# AS-SET.
+match from 2001:db8:1:1::61 prefix 2a03:2::/32 prefixlen 32 - 128 source-as 3 set ext-community $INTCOMM_ROUTE_OK_WL	# None
+match from 2001:db8:1:1::61 prefix 3.2.0.0/16 prefixlen 16 - 32 source-as 3 set ext-community $INTCOMM_ROUTE_OK_WL	# None
+
+match from 2001:db8:1:1::61 set ext-community $INTCOMM_IRR_REJECT
+
+# AS_PATH: check origin via AS-SET
+# IRRDB filters for AS6_2, AS6: asns
+# add $INTCOMM_ORIGIN_KO to any; it will be removed later if at least one AS-SET authorizes this object
+match from 2001:db8:1:1::61 set ext-community $INTCOMM_ORIGIN_KO
+# verifying if object is authorized by AS-SETs
+match from 2001:db8:1:1::61 source-as as-set AS_SET_AS6_asns set {
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community $INTCOMM_ORIGIN_OK
+} # AS6
+# adding not_present_in_as_set community to unauthorized routes
+match from 2001:db8:1:1::61 ext-community $INTCOMM_ORIGIN_KO set community 999:64515
+match from 2001:db8:1:1::61 ext-community $INTCOMM_ORIGIN_KO set large-community 999:0:64515
+# adding present_in_as_set community to authorized routes
+match from 2001:db8:1:1::61 ext-community $INTCOMM_ORIGIN_OK set community 999:64514
+match from 2001:db8:1:1::61 ext-community $INTCOMM_ORIGIN_OK set large-community 999:0:64514
+
+
+# Prefix: check prefix via AS-SET
+# IRRDB filters for AS6_2, AS6: prefixes
+# add $INTCOMM_PREFIX_KO to any; it will be removed later if at least one AS-SET authorizes this object
+match from 2001:db8:1:1::61 set ext-community $INTCOMM_PREFIX_KO
+# verifying if object is authorized by AS-SETs
+match from 2001:db8:1:1::61 prefix-set AS_SET_AS6_prefixes set {
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community $INTCOMM_PREFIX_OK
+} # AS6
+# adding not_present_in_as_set community to unauthorized routes
+match from 2001:db8:1:1::61 ext-community $INTCOMM_PREFIX_KO set community 999:64513
+match from 2001:db8:1:1::61 ext-community $INTCOMM_PREFIX_KO set large-community 999:0:64513
+# adding present_in_as_set community to authorized routes
+match from 2001:db8:1:1::61 ext-community $INTCOMM_PREFIX_OK set community 999:64512
+match from 2001:db8:1:1::61 ext-community $INTCOMM_PREFIX_OK set large-community 999:0:64512
+
+
+# routes tagged with $INTCOMM_PREF_OK_ROA community have the prefix validated by a ROA; origin ASN previously validated ($INTCOMM_ORIGIN_OK)
+match from 2001:db8:1:1::61 ext-community $INTCOMM_ORIGIN_OK ext-community $INTCOMM_PREF_OK_ROA set community 999:64516
+match from 2001:db8:1:1::61 ext-community $INTCOMM_ORIGIN_OK ext-community $INTCOMM_PREF_OK_ROA set large-community 999:0:64516
+
+match from 2001:db8:1:1::61 ext-community $INTCOMM_ORIGIN_OK ext-community $INTCOMM_PREF_OK_ROA set ext-community delete $INTCOMM_IRR_REJECT
+
+# routes tagged with $INTCOMM_PREF_OK_ARINDB community have the prefix validated by an ARIN Whois record; origin ASN previously validated ($INTCOMM_ORIGIN_OK)
+match from 2001:db8:1:1::61 ext-community $INTCOMM_ORIGIN_OK ext-community $INTCOMM_PREF_OK_ARINDB set community 999:64518
+match from 2001:db8:1:1::61 ext-community $INTCOMM_ORIGIN_OK ext-community $INTCOMM_PREF_OK_ARINDB set large-community 999:0:64518
+
+match from 2001:db8:1:1::61 ext-community $INTCOMM_ORIGIN_OK ext-community $INTCOMM_PREF_OK_ARINDB set ext-community delete $INTCOMM_IRR_REJECT
+
+
+# route authorized by a client's white list?
+match from 2001:db8:1:1::61 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_ROUTE_OK_WL set community 999:64517
+match from 2001:db8:1:1::61 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_ROUTE_OK_WL set large-community 999:0:64517
+
+match from 2001:db8:1:1::61 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_ROUTE_OK_WL set ext-community delete $INTCOMM_IRR_REJECT
+
+# enforcing: origin ASN
+# Reject inbound routes when 'from 2001:db8:1:1::61 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_ORIGIN_KO' - reject code: 9
+allow quick from 2001:db8:1:1::61 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_ORIGIN_KO set {
+	localpref 1
+	community 65520:0
+	community 65520:9
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# enforcing: prefix
+# Reject inbound routes when 'from 2001:db8:1:1::61 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_PREFIX_KO' - reject code: 12
+allow quick from 2001:db8:1:1::61 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_PREFIX_KO set {
+	localpref 1
+	community 65520:0
+	community 65520:12
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+
+# Prefix: length
+# Reject inbound routes when 'from 2001:db8:1:1::61 prefix ::/0 prefixlen 12 >< 48' - reject code: 13
+allow quick from 2001:db8:1:1::61 prefix ::/0 prefixlen 12 >< 48 set {
+	localpref 1
+	community 65520:0
+	community 65520:13
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+# Remove internal communities before accepting the route
+match from 2001:db8:1:1::61 set {
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+match from 2001:db8:1:1::61 set ext-community delete rt 65520:6
+
+
+
+allow quick from 2001:db8:1:1::61
+
+
+
+# ---------------------------------------------
+# client AS6_2, outbound
+
+deny quick to 2001:db8:1:1::61 community 65520:0
+
+
+
+# Blackhole request?
+# No blackhole filtering policy given
+deny quick to 2001:db8:1:1::61 community BLACKHOLE
+
+
+
+# NO_EXPORT and NO_ADVERTISE communities
+
+# BGP control communities
+allow to 2001:db8:1:1::61
+
+
+# Add the $INTCOMM_PROCESS_PREPEND_COMMS ext community to signal that communities
+# for prepending can be processed. As soon as one prepending action is performed,
+# this internal community is removed, so that further actions are not processed.
+match to 2001:db8:1:1::61 set ext-community $INTCOMM_PROCESS_PREPEND_COMMS
+
+
+
+
+
+
+
+# Scrub communities from outbound routes
+# reject_cause
+match to group clients set community delete 65520:*
+
+# reject_cause_map_6
+match to group clients set large-community delete 999:1101:7
+
+# rejected_route_announced_by
+match to group clients set ext-community delete rt 65520:*
+
+
+# Scrub prepending communities
+
+
+# RFC1997 NO_EXPORT/NO_ADVERTISE received from clients and propagated because of pass-through policy
+match to group clients ext-community $INTCOMM_NO_EXPORT set community NO_EXPORT
+match to group clients ext-community $INTCOMM_NO_ADVERTISE set community NO_ADVERTISE
+
+# Remove internal communities before announcing the route
+match to group clients set {
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
diff --git a/tests/live_tests/scenarios/tag_as_set/configs/TagASSetScenario_WithAS_SETs_OpenBGPDIPv6/openbgpd76p.conf b/tests/live_tests/scenarios/tag_as_set/configs/TagASSetScenario_WithAS_SETs_OpenBGPDIPv6/openbgpd76p.conf
new file mode 100644
index 00000000..ecab7e3e
--- /dev/null
+++ b/tests/live_tests/scenarios/tag_as_set/configs/TagASSetScenario_WithAS_SETs_OpenBGPDIPv6/openbgpd76p.conf
@@ -0,0 +1,3741 @@
+# built by ARouteServer
+AS 999
+router-id 192.0.2.2
+
+fib-update no
+log updates
+
+nexthop qualify via default
+
+rde evaluate all
+
+INTCOMM_PREF_OK_ROA="soo 65535:1"
+INTCOMM_ROUTE_OK_WL="soo 65535:2"
+INTCOMM_PREF_OK_ARINDB="soo 65535:3"
+INTCOMM_PREF_OK_REGISTROBRDB="soo 65535:12"
+
+INTCOMM_ORIGIN_OK="soo 65535:4"
+INTCOMM_ORIGIN_KO="soo 65535:5"
+INTCOMM_PREFIX_OK="soo 65535:6"
+INTCOMM_PREFIX_KO="soo 65535:7"
+INTCOMM_IRR_REJECT="soo 65535:8"
+
+INTCOMM_RPKI_UNKNOWN="soo 65535:9"
+INTCOMM_RPKI_INVALID="soo 65535:10"
+INTCOMM_RPKI_VALID="soo 65535:11"
+
+INTCOMM_PROCESS_PREPEND_COMMS="soo 65535:13"
+
+INTCOMM_NO_EXPORT="soo 65535:65281"
+INTCOMM_NO_ADVERTISE="soo 65535:65282"
+
+# ---------------------------------------------------------
+# IRRDB
+
+# WHITE_LIST_AS4_1, used by client AS4_1 white list
+as-set "AS_SET_WHITE_LIST_AS4_1_asns" {
+    41
+}
+prefix-set "AS_SET_WHITE_LIST_AS4_1_prefixes" {
+    4.2.0.0/16 prefixlen 16 - 32
+    2a04:2::/32 prefixlen 32 - 128
+}
+
+# AS4, used by client AS4_1, client AS4_2
+# no origin ASNs found for AS4
+# no prefixes found for AS4
+
+# WHITE_LIST_AS2_2, used by client AS2_2 white list
+as-set "AS_SET_WHITE_LIST_AS2_2_asns" {
+    21
+}
+prefix-set "AS_SET_WHITE_LIST_AS2_2_prefixes" {
+    2.2.0.0/16 prefixlen 16 - 32
+    2a02:2::/32 prefixlen 32 - 128
+}
+
+# AS-AS5_FROM_PDB, used by client AS5_1, client AS5_2
+as-set "AS_SET_AS_AS5_FROM_PDB_asns" {
+    5
+}
+prefix-set "AS_SET_AS_AS5_FROM_PDB_prefixes" {
+    2a05::/32 prefixlen 32 - 128
+}
+
+# AS-AS4, used by client AS4_1, client AS4_2
+as-set "AS_SET_AS_AS4_asns" {
+    4
+}
+prefix-set "AS_SET_AS_AS4_prefixes" {
+    2a04::/32 prefixlen 32 - 128
+}
+
+# AS2, used by client AS2_1, client AS2_2
+# no origin ASNs found for AS2
+# no prefixes found for AS2
+
+# WHITE_LIST_AS5_2, used by client AS5_2 white list
+as-set "AS_SET_WHITE_LIST_AS5_2_asns" {
+    51
+}
+prefix-set "AS_SET_WHITE_LIST_AS5_2_prefixes" {
+    5.2.0.0/16 prefixlen 16 - 32
+    2a05:2::/32 prefixlen 32 - 128
+}
+
+# AS5, used by client AS5_1, client AS5_2
+# no origin ASNs found for AS5
+# no prefixes found for AS5
+
+# AS6, used by client AS6_1, client AS6_2
+as-set "AS_SET_AS6_asns" {
+    3 6
+}
+prefix-set "AS_SET_AS6_prefixes" {
+    2a06::/32 prefixlen 32 - 128
+}
+
+# WHITE_LIST_AS5_1, used by client AS5_1 white list
+as-set "AS_SET_WHITE_LIST_AS5_1_asns" {
+    51
+}
+prefix-set "AS_SET_WHITE_LIST_AS5_1_prefixes" {
+    5.2.0.0/16 prefixlen 16 - 32
+    2a05:2::/32 prefixlen 32 - 128
+}
+
+# WHITE_LIST_AS2_1, used by client AS2_1 white list
+as-set "AS_SET_WHITE_LIST_AS2_1_asns" {
+    21
+}
+prefix-set "AS_SET_WHITE_LIST_AS2_1_prefixes" {
+    2.2.0.0/16 prefixlen 16 - 32
+    2a02:2::/32 prefixlen 32 - 128
+}
+
+# AS1, used by client AS1_1, client AS1_2
+as-set "AS_SET_AS1_asns" {
+    1
+}
+prefix-set "AS_SET_AS1_prefixes" {
+    2a01::/32 prefixlen 32 - 128
+}
+
+# WHITE_LIST_AS4_2, used by client AS4_2 white list
+as-set "AS_SET_WHITE_LIST_AS4_2_asns" {
+    41
+}
+prefix-set "AS_SET_WHITE_LIST_AS4_2_prefixes" {
+    4.2.0.0/16 prefixlen 16 - 32
+    2a04:2::/32 prefixlen 32 - 128
+}
+
+# AS-AS2, used by client AS2_1, client AS2_2
+as-set "AS_SET_AS_AS2_asns" {
+    2
+}
+prefix-set "AS_SET_AS_AS2_prefixes" {
+    2a02::/32 prefixlen 32 - 128
+}
+
+
+
+
+# ---------------------------------------------------------
+# MEMBERS
+
+group "clients" {
+
+	neighbor 192.0.2.11 {
+		remote-as 1
+
+		rde evaluate all
+
+		descr "AS1_1 client, no AS-SET"
+		passive
+		ttl-security no
+		transparent-as yes
+		enforce neighbor-as no
+
+		announce as-4byte yes
+		announce IPv6 none
+		announce IPv4 unicast
+
+		set nexthop no-modify
+	}
+
+	neighbor 2001:db8:1:1::11 {
+		remote-as 1
+
+		rde evaluate all
+
+		descr "AS1_1 client, no AS-SET"
+		passive
+		ttl-security no
+		transparent-as yes
+		enforce neighbor-as no
+
+		announce as-4byte yes
+		announce IPv6 unicast
+		announce IPv4 none
+
+		set nexthop no-modify
+	}
+
+	neighbor 192.0.2.21 {
+		remote-as 2
+
+		rde evaluate all
+
+		descr "AS2_1 client, AS-SET from AS..."
+		passive
+		ttl-security no
+		transparent-as yes
+		enforce neighbor-as no
+
+		announce as-4byte yes
+		announce IPv6 none
+		announce IPv4 unicast
+
+		set nexthop no-modify
+	}
+
+	neighbor 2001:db8:1:1::21 {
+		remote-as 2
+
+		rde evaluate all
+
+		descr "AS2_1 client, AS-SET from AS..."
+		passive
+		ttl-security no
+		transparent-as yes
+		enforce neighbor-as no
+
+		announce as-4byte yes
+		announce IPv6 unicast
+		announce IPv4 none
+
+		set nexthop no-modify
+	}
+
+	neighbor 192.0.2.41 {
+		remote-as 4
+
+		rde evaluate all
+
+		descr "AS4_1 client, AS-SET configu..."
+		passive
+		ttl-security no
+		transparent-as yes
+		enforce neighbor-as no
+
+		announce as-4byte yes
+		announce IPv6 none
+		announce IPv4 unicast
+
+		set nexthop no-modify
+	}
+
+	neighbor 2001:db8:1:1::41 {
+		remote-as 4
+
+		rde evaluate all
+
+		descr "AS4_1 client, AS-SET configu..."
+		passive
+		ttl-security no
+		transparent-as yes
+		enforce neighbor-as no
+
+		announce as-4byte yes
+		announce IPv6 unicast
+		announce IPv4 none
+
+		set nexthop no-modify
+	}
+
+	neighbor 192.0.2.51 {
+		remote-as 5
+
+		rde evaluate all
+
+		descr "AS5_1 client, AS-SET from Pe..."
+		passive
+		ttl-security no
+		transparent-as yes
+		enforce neighbor-as no
+
+		announce as-4byte yes
+		announce IPv6 none
+		announce IPv4 unicast
+
+		set nexthop no-modify
+	}
+
+	neighbor 2001:db8:1:1::51 {
+		remote-as 5
+
+		rde evaluate all
+
+		descr "AS5_1 client, AS-SET from Pe..."
+		passive
+		ttl-security no
+		transparent-as yes
+		enforce neighbor-as no
+
+		announce as-4byte yes
+		announce IPv6 unicast
+		announce IPv4 none
+
+		set nexthop no-modify
+	}
+
+	neighbor 192.0.2.61 {
+		remote-as 6
+
+		rde evaluate all
+
+		descr "AS6_1 client"
+		passive
+		ttl-security no
+		transparent-as yes
+		enforce neighbor-as no
+
+		announce as-4byte yes
+		announce IPv6 none
+		announce IPv4 unicast
+
+		set nexthop no-modify
+	}
+
+	neighbor 2001:db8:1:1::61 {
+		remote-as 6
+
+		rde evaluate all
+
+		descr "AS6_1 client"
+		passive
+		ttl-security no
+		transparent-as yes
+		enforce neighbor-as no
+
+		announce as-4byte yes
+		announce IPv6 unicast
+		announce IPv4 none
+
+		set nexthop no-modify
+	}
+}
+
+
+
+# ---------------------------------------------------------
+# FILTERS
+
+# NO_ADVERTISE usage notes.
+# The NO_ADVERTISE well-know community is used here to handle
+# filters that span over multiple steps. At first it is added
+# to any route, then it is removed as filters conditions are
+# satisfied. Finally, if it is still present, it means that
+# the route should be discarded.
+
+
+
+
+
+prefix-set "bogons" {
+    0.0.0.0/0
+    0.0.0.0/8 prefixlen 8 - 32
+    10.0.0.0/8 prefixlen 8 - 32
+    127.0.0.0/8 prefixlen 8 - 32
+    169.254.0.0/16 prefixlen 16 - 32
+    172.16.0.0/12 prefixlen 12 - 32
+    192.0.2.0/24 prefixlen 24 - 32
+    192.88.99.0/24 prefixlen 24 - 32
+    192.168.0.0/16 prefixlen 16 - 32
+    198.18.0.0/15 prefixlen 15 - 32
+    198.51.100.0/24 prefixlen 24 - 32
+    203.0.113.0/24 prefixlen 24 - 32
+    224.0.0.0/3 prefixlen 3 - 32
+    100.64.0.0/10 prefixlen 10 - 32
+    ::/0
+    ::/8 prefixlen 8 - 128
+    64:ff9b::/96 prefixlen 96 - 128
+    100::/8 prefixlen 8 - 128
+    200::/7 prefixlen 7 - 128
+    400::/6 prefixlen 6 - 128
+    800::/5 prefixlen 5 - 128
+    1000::/4 prefixlen 4 - 128
+    2001::/33 prefixlen 33 - 128
+    2001:0:8000::/33 prefixlen 33 - 128
+    2001:2::/48 prefixlen 48 - 128
+    2001:3::/32 prefixlen 32 - 128
+    2001:10::/28 prefixlen 28 - 128
+    2001:20::/28 prefixlen 28 - 128
+    2001:db8::/32 prefixlen 32 - 128
+    2002::/16 prefixlen 16 - 128
+    3ffe::/16 prefixlen 16 - 128
+    4000::/3 prefixlen 3 - 128
+    5f00::/8 prefixlen 8 - 128
+    6000::/3 prefixlen 3 - 128
+    8000::/3 prefixlen 3 - 128
+    a000::/3 prefixlen 3 - 128
+    c000::/3 prefixlen 3 - 128
+    e000::/4 prefixlen 4 - 128
+    f000::/5 prefixlen 5 - 128
+    f800::/6 prefixlen 6 - 128
+    fc00::/7 prefixlen 7 - 128
+    fe80::/10 prefixlen 10 - 128
+    fec0::/10 prefixlen 10 - 128
+    ff00::/8 prefixlen 8 - 128
+
+}
+
+
+# =====================================================================================
+# Global rules.
+
+# This part of configuration is processed at the beginning of the filters.
+# The rules defined in this part are applied to all the clients, and not on a
+# client-by-client basis (see the 'match from group clients'), so only global policies
+# can be implemented here, that is no client-level configuration are allowed.
+
+
+
+# Scrub communities from inbound routes
+# origin_not_present_in_as_set
+match from group clients set community delete 999:64515
+match from group clients set large-community delete 999:0:64515
+
+# origin_present_in_as_set
+match from group clients set community delete 999:64514
+match from group clients set large-community delete 999:0:64514
+
+# prefix_not_present_in_as_set
+match from group clients set community delete 999:64513
+match from group clients set large-community delete 999:0:64513
+
+# prefix_present_in_as_set
+match from group clients set community delete 999:64512
+match from group clients set large-community delete 999:0:64512
+
+# prefix_validated_via_arin_whois_db_dump
+match from group clients set community delete 999:64518
+match from group clients set large-community delete 999:0:64518
+
+# prefix_validated_via_rpki_roas
+match from group clients set community delete 999:64516
+match from group clients set large-community delete 999:0:64516
+
+# reject_cause
+match from group clients set community delete 65520:*
+
+# reject_cause_map_6
+match from group clients set large-community delete 999:1101:7
+
+# rejected_route_announced_by
+match from group clients set ext-community delete rt 65520:*
+
+# route_validated_via_white_list
+match from group clients set community delete 999:64517
+match from group clients set large-community delete 999:0:64517
+
+
+# Scrub internal communities from inbound routes
+match from group clients set {
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+# The main goal of this block is to enrich routes received from clients by attaching to them
+# internal informational communities which are used later by the rest of the filter rules.
+
+# Internal communities used for RFC1997 well-known communities handling
+
+# Transform NO_EXPORT into $INTCOMM_NO_EXPORT
+match from group clients community NO_EXPORT set { ext-community $INTCOMM_NO_EXPORT community delete NO_EXPORT }
+
+# Transform NO_ADVERTISE into $INTCOMM_NO_ADVERTISE
+match from group clients community NO_ADVERTISE set { ext-community $INTCOMM_NO_ADVERTISE community delete NO_ADVERTISE }
+
+
+# ---------------------------------------------------------
+# ROAs source
+
+
+roa-set {
+    2.4.0.0/16 source-as 2
+    2.5.0.0/16 source-as 2
+    2.7.0.0/16 source-as 2
+    3.1.0.0/16 source-as 3
+    3.3.0.0/16 source-as 3
+    2.0.4.0/24 source-as 2
+    6.0.1.0/24 source-as 6
+    2a02:4::/32 source-as 2
+    2a02:5::/32 source-as 2
+    2a02:7::/32 source-as 2
+    2a03:1::/32 source-as 3
+    2a03:3::/32 source-as 3
+    2a02:0:4::/48 source-as 2
+    2a06:0:1::/48 source-as 6
+
+}
+
+
+
+
+# ---------------------------------------------------------
+# RPKI ROAs used as route objects.
+
+# Add the $INTCOMM_PREF_OK_ROA ext community to routes whose
+# origin ASN has a ROA for the announced prefix.
+# It will be used later during IRRDB validation in
+# case the origin ASN is authorized by a client's
+# AS-SET but the prefix is not.
+
+origin-set "RPKI_ROA" {
+    2.4.0.0/16 source-as 2
+    2.5.0.0/16 source-as 2
+    2.7.0.0/16 source-as 2
+    3.1.0.0/16 source-as 3
+    3.3.0.0/16 source-as 3
+    2.0.4.0/24 source-as 2
+    6.0.1.0/24 source-as 6
+    2a02:4::/32 source-as 2
+    2a02:5::/32 source-as 2
+    2a02:7::/32 source-as 2
+    2a03:1::/32 source-as 3
+    2a03:3::/32 source-as 3
+    2a02:0:4::/48 source-as 2
+    2a06:0:1::/48 source-as 6
+
+}
+match from group clients origin-set RPKI_ROA set ext-community $INTCOMM_PREF_OK_ROA
+
+
+# ARIN Whois records used for preifx validation
+# ---------------------------------------------
+
+# Add the $INTCOMM_PREF_OK_ARINDB ext community to routes whose
+# origin ASN has an ARIN Whois record for the announced prefix.
+# It will be used later during IRRDB validation in
+# case the origin ASN is authorized by a client's
+# AS-SET but the prefix is not.
+origin-set "ARINDB" {
+2.0.5.0/24 prefixlen 24 - 32 source-as 2
+2.6.0.0/16 prefixlen 16 - 32 source-as 2
+2.7.0.0/16 prefixlen 16 - 32 source-as 2
+2a02:0:5::/48 prefixlen 48 - 128 source-as 2
+2a02:6::/32 prefixlen 32 - 128 source-as 2
+2a02:7::/32 prefixlen 32 - 128 source-as 2
+2a03:2::/32 prefixlen 32 - 128 source-as 3
+2a03:3::/32 prefixlen 32 - 128 source-as 3
+3.2.0.0/16 prefixlen 16 - 32 source-as 3
+3.3.0.0/16 prefixlen 16 - 32 source-as 3
+2a06:0:1::/48 prefixlen 48 - 128 source-as 6
+6.0.1.0/24 prefixlen 24 - 32 source-as 6
+}
+match from group clients origin-set ARINDB set ext-community $INTCOMM_PREF_OK_ARINDB
+
+
+
+
+# Set the 'rejected_route_announced_by' community for all the clients.
+# It will be removed later if the route is not invalid
+match from 192.0.2.11 set ext-community rt 65520:1
+
+match from 2001:db8:1:1::11 set ext-community rt 65520:1
+
+match from 192.0.2.21 set ext-community rt 65520:2
+
+match from 2001:db8:1:1::21 set ext-community rt 65520:2
+
+match from 192.0.2.41 set ext-community rt 65520:4
+
+match from 2001:db8:1:1::41 set ext-community rt 65520:4
+
+match from 192.0.2.51 set ext-community rt 65520:5
+
+match from 2001:db8:1:1::51 set ext-community rt 65520:5
+
+match from 192.0.2.61 set ext-community rt 65520:6
+
+match from 2001:db8:1:1::61 set ext-community rt 65520:6
+
+
+
+
+# AS_PATH: length
+# Reject inbound routes when 'from group clients max-as-len 32' - reject code: 1
+allow quick from group clients max-as-len 32 set {
+	localpref 1
+	community 65520:0
+	community 65520:1
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+# Prefix: only IPv6 Global Unicast space allowed
+match from group clients inet6 set community NO_ADVERTISE
+match from group clients prefix 2000::/3 or-longer set community delete NO_ADVERTISE
+# Reject inbound routes when 'from group clients community NO_ADVERTISE' - reject code: 10
+allow quick from group clients community NO_ADVERTISE set {
+	localpref 1
+	community 65520:0
+	community 65520:10
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# Prefix: bogon
+# Reject inbound routes when 'from group clients prefix-set bogons' - reject code: 2
+allow quick from group clients prefix-set bogons set {
+	localpref 1
+	community 65520:0
+	community 65520:2
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+
+# =====================================================================================
+# Per client rules.
+
+
+# ---------------------------------------------
+# client AS1_1, inbound
+
+
+
+# NEXT_HOP
+match from 192.0.2.11 set community NO_ADVERTISE
+match from 192.0.2.11 nexthop 192.0.2.11 set community delete NO_ADVERTISE
+# Reject inbound routes when 'from 192.0.2.11 community NO_ADVERTISE' - reject code: 5
+allow quick from 192.0.2.11 community NO_ADVERTISE set {
+	localpref 1
+	community 65520:0
+	community 65520:5
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: left-most ASN
+# Reject inbound routes when 'from 192.0.2.11 peer-as != 1' - reject code: 6
+# community from reject_cause_map
+allow quick from 192.0.2.11 peer-as != 1 set {
+	localpref 1
+	community 65520:0
+	community 65520:6
+	large-community 999:1101:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: invalid ASNs
+# Reject inbound routes when 'from 192.0.2.11 AS 23456' - reject code: 7
+allow quick from 192.0.2.11 AS 23456 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 192.0.2.11 AS 64496 - 131071' - reject code: 7
+allow quick from 192.0.2.11 AS 64496 - 131071 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 192.0.2.11 AS 4200000000 - 4294967295' - reject code: 7
+allow quick from 192.0.2.11 AS 4200000000 - 4294967295 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+
+
+match from 192.0.2.11 set ext-community $INTCOMM_IRR_REJECT
+
+# AS_PATH: check origin via AS-SET
+# IRRDB filters for AS1_1, AS1: asns
+# add $INTCOMM_ORIGIN_KO to any; it will be removed later if at least one AS-SET authorizes this object
+match from 192.0.2.11 set ext-community $INTCOMM_ORIGIN_KO
+# verifying if object is authorized by AS-SETs
+match from 192.0.2.11 source-as as-set AS_SET_AS1_asns set {
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community $INTCOMM_ORIGIN_OK
+} # AS1
+# adding not_present_in_as_set community to unauthorized routes
+match from 192.0.2.11 ext-community $INTCOMM_ORIGIN_KO set community 999:64515
+match from 192.0.2.11 ext-community $INTCOMM_ORIGIN_KO set large-community 999:0:64515
+# adding present_in_as_set community to authorized routes
+match from 192.0.2.11 ext-community $INTCOMM_ORIGIN_OK set community 999:64514
+match from 192.0.2.11 ext-community $INTCOMM_ORIGIN_OK set large-community 999:0:64514
+
+
+# Prefix: check prefix via AS-SET
+# IRRDB filters for AS1_1, AS1: prefixes
+# add $INTCOMM_PREFIX_KO to any; it will be removed later if at least one AS-SET authorizes this object
+match from 192.0.2.11 set ext-community $INTCOMM_PREFIX_KO
+# verifying if object is authorized by AS-SETs
+match from 192.0.2.11 prefix-set AS_SET_AS1_prefixes set {
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community $INTCOMM_PREFIX_OK
+} # AS1
+# adding not_present_in_as_set community to unauthorized routes
+match from 192.0.2.11 ext-community $INTCOMM_PREFIX_KO set community 999:64513
+match from 192.0.2.11 ext-community $INTCOMM_PREFIX_KO set large-community 999:0:64513
+# adding present_in_as_set community to authorized routes
+match from 192.0.2.11 ext-community $INTCOMM_PREFIX_OK set community 999:64512
+match from 192.0.2.11 ext-community $INTCOMM_PREFIX_OK set large-community 999:0:64512
+
+
+# routes tagged with $INTCOMM_PREF_OK_ROA community have the prefix validated by a ROA; origin ASN previously validated ($INTCOMM_ORIGIN_OK)
+match from 192.0.2.11 ext-community $INTCOMM_ORIGIN_OK ext-community $INTCOMM_PREF_OK_ROA set community 999:64516
+match from 192.0.2.11 ext-community $INTCOMM_ORIGIN_OK ext-community $INTCOMM_PREF_OK_ROA set large-community 999:0:64516
+
+match from 192.0.2.11 ext-community $INTCOMM_ORIGIN_OK ext-community $INTCOMM_PREF_OK_ROA set ext-community delete $INTCOMM_IRR_REJECT
+
+# routes tagged with $INTCOMM_PREF_OK_ARINDB community have the prefix validated by an ARIN Whois record; origin ASN previously validated ($INTCOMM_ORIGIN_OK)
+match from 192.0.2.11 ext-community $INTCOMM_ORIGIN_OK ext-community $INTCOMM_PREF_OK_ARINDB set community 999:64518
+match from 192.0.2.11 ext-community $INTCOMM_ORIGIN_OK ext-community $INTCOMM_PREF_OK_ARINDB set large-community 999:0:64518
+
+match from 192.0.2.11 ext-community $INTCOMM_ORIGIN_OK ext-community $INTCOMM_PREF_OK_ARINDB set ext-community delete $INTCOMM_IRR_REJECT
+
+
+
+
+
+
+# Prefix: length
+# Reject inbound routes when 'from 192.0.2.11 prefix 0.0.0.0/0 prefixlen 8 >< 24' - reject code: 13
+allow quick from 192.0.2.11 prefix 0.0.0.0/0 prefixlen 8 >< 24 set {
+	localpref 1
+	community 65520:0
+	community 65520:13
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+# Remove internal communities before accepting the route
+match from 192.0.2.11 set {
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+match from 192.0.2.11 set ext-community delete rt 65520:1
+
+
+
+allow quick from 192.0.2.11
+
+
+
+# ---------------------------------------------
+# client AS1_1, outbound
+
+deny quick to 192.0.2.11 community 65520:0
+
+
+
+# Blackhole request?
+# No blackhole filtering policy given
+deny quick to 192.0.2.11 community BLACKHOLE
+
+
+
+# NO_EXPORT and NO_ADVERTISE communities
+
+# BGP control communities
+allow to 192.0.2.11
+
+
+# Add the $INTCOMM_PROCESS_PREPEND_COMMS ext community to signal that communities
+# for prepending can be processed. As soon as one prepending action is performed,
+# this internal community is removed, so that further actions are not processed.
+match to 192.0.2.11 set ext-community $INTCOMM_PROCESS_PREPEND_COMMS
+
+
+
+
+
+# ---------------------------------------------
+# client AS1_2, inbound
+
+
+
+# NEXT_HOP
+match from 2001:db8:1:1::11 set community NO_ADVERTISE
+match from 2001:db8:1:1::11 nexthop 2001:db8:1:1::11 set community delete NO_ADVERTISE
+# Reject inbound routes when 'from 2001:db8:1:1::11 community NO_ADVERTISE' - reject code: 5
+allow quick from 2001:db8:1:1::11 community NO_ADVERTISE set {
+	localpref 1
+	community 65520:0
+	community 65520:5
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: left-most ASN
+# Reject inbound routes when 'from 2001:db8:1:1::11 peer-as != 1' - reject code: 6
+# community from reject_cause_map
+allow quick from 2001:db8:1:1::11 peer-as != 1 set {
+	localpref 1
+	community 65520:0
+	community 65520:6
+	large-community 999:1101:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: invalid ASNs
+# Reject inbound routes when 'from 2001:db8:1:1::11 AS 23456' - reject code: 7
+allow quick from 2001:db8:1:1::11 AS 23456 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 2001:db8:1:1::11 AS 64496 - 131071' - reject code: 7
+allow quick from 2001:db8:1:1::11 AS 64496 - 131071 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 2001:db8:1:1::11 AS 4200000000 - 4294967295' - reject code: 7
+allow quick from 2001:db8:1:1::11 AS 4200000000 - 4294967295 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+
+
+match from 2001:db8:1:1::11 set ext-community $INTCOMM_IRR_REJECT
+
+# AS_PATH: check origin via AS-SET
+# IRRDB filters for AS1_2, AS1: asns
+# add $INTCOMM_ORIGIN_KO to any; it will be removed later if at least one AS-SET authorizes this object
+match from 2001:db8:1:1::11 set ext-community $INTCOMM_ORIGIN_KO
+# verifying if object is authorized by AS-SETs
+match from 2001:db8:1:1::11 source-as as-set AS_SET_AS1_asns set {
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community $INTCOMM_ORIGIN_OK
+} # AS1
+# adding not_present_in_as_set community to unauthorized routes
+match from 2001:db8:1:1::11 ext-community $INTCOMM_ORIGIN_KO set community 999:64515
+match from 2001:db8:1:1::11 ext-community $INTCOMM_ORIGIN_KO set large-community 999:0:64515
+# adding present_in_as_set community to authorized routes
+match from 2001:db8:1:1::11 ext-community $INTCOMM_ORIGIN_OK set community 999:64514
+match from 2001:db8:1:1::11 ext-community $INTCOMM_ORIGIN_OK set large-community 999:0:64514
+
+
+# Prefix: check prefix via AS-SET
+# IRRDB filters for AS1_2, AS1: prefixes
+# add $INTCOMM_PREFIX_KO to any; it will be removed later if at least one AS-SET authorizes this object
+match from 2001:db8:1:1::11 set ext-community $INTCOMM_PREFIX_KO
+# verifying if object is authorized by AS-SETs
+match from 2001:db8:1:1::11 prefix-set AS_SET_AS1_prefixes set {
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community $INTCOMM_PREFIX_OK
+} # AS1
+# adding not_present_in_as_set community to unauthorized routes
+match from 2001:db8:1:1::11 ext-community $INTCOMM_PREFIX_KO set community 999:64513
+match from 2001:db8:1:1::11 ext-community $INTCOMM_PREFIX_KO set large-community 999:0:64513
+# adding present_in_as_set community to authorized routes
+match from 2001:db8:1:1::11 ext-community $INTCOMM_PREFIX_OK set community 999:64512
+match from 2001:db8:1:1::11 ext-community $INTCOMM_PREFIX_OK set large-community 999:0:64512
+
+
+# routes tagged with $INTCOMM_PREF_OK_ROA community have the prefix validated by a ROA; origin ASN previously validated ($INTCOMM_ORIGIN_OK)
+match from 2001:db8:1:1::11 ext-community $INTCOMM_ORIGIN_OK ext-community $INTCOMM_PREF_OK_ROA set community 999:64516
+match from 2001:db8:1:1::11 ext-community $INTCOMM_ORIGIN_OK ext-community $INTCOMM_PREF_OK_ROA set large-community 999:0:64516
+
+match from 2001:db8:1:1::11 ext-community $INTCOMM_ORIGIN_OK ext-community $INTCOMM_PREF_OK_ROA set ext-community delete $INTCOMM_IRR_REJECT
+
+# routes tagged with $INTCOMM_PREF_OK_ARINDB community have the prefix validated by an ARIN Whois record; origin ASN previously validated ($INTCOMM_ORIGIN_OK)
+match from 2001:db8:1:1::11 ext-community $INTCOMM_ORIGIN_OK ext-community $INTCOMM_PREF_OK_ARINDB set community 999:64518
+match from 2001:db8:1:1::11 ext-community $INTCOMM_ORIGIN_OK ext-community $INTCOMM_PREF_OK_ARINDB set large-community 999:0:64518
+
+match from 2001:db8:1:1::11 ext-community $INTCOMM_ORIGIN_OK ext-community $INTCOMM_PREF_OK_ARINDB set ext-community delete $INTCOMM_IRR_REJECT
+
+
+
+
+
+
+# Prefix: length
+# Reject inbound routes when 'from 2001:db8:1:1::11 prefix ::/0 prefixlen 12 >< 48' - reject code: 13
+allow quick from 2001:db8:1:1::11 prefix ::/0 prefixlen 12 >< 48 set {
+	localpref 1
+	community 65520:0
+	community 65520:13
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+# Remove internal communities before accepting the route
+match from 2001:db8:1:1::11 set {
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+match from 2001:db8:1:1::11 set ext-community delete rt 65520:1
+
+
+
+allow quick from 2001:db8:1:1::11
+
+
+
+# ---------------------------------------------
+# client AS1_2, outbound
+
+deny quick to 2001:db8:1:1::11 community 65520:0
+
+
+
+# Blackhole request?
+# No blackhole filtering policy given
+deny quick to 2001:db8:1:1::11 community BLACKHOLE
+
+
+
+# NO_EXPORT and NO_ADVERTISE communities
+
+# BGP control communities
+allow to 2001:db8:1:1::11
+
+
+# Add the $INTCOMM_PROCESS_PREPEND_COMMS ext community to signal that communities
+# for prepending can be processed. As soon as one prepending action is performed,
+# this internal community is removed, so that further actions are not processed.
+match to 2001:db8:1:1::11 set ext-community $INTCOMM_PROCESS_PREPEND_COMMS
+
+
+
+
+
+# ---------------------------------------------
+# client AS2_1, inbound
+
+
+
+# NEXT_HOP
+match from 192.0.2.21 set community NO_ADVERTISE
+match from 192.0.2.21 nexthop 192.0.2.21 set community delete NO_ADVERTISE
+# Reject inbound routes when 'from 192.0.2.21 community NO_ADVERTISE' - reject code: 5
+allow quick from 192.0.2.21 community NO_ADVERTISE set {
+	localpref 1
+	community 65520:0
+	community 65520:5
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: left-most ASN
+# Reject inbound routes when 'from 192.0.2.21 peer-as != 2' - reject code: 6
+# community from reject_cause_map
+allow quick from 192.0.2.21 peer-as != 2 set {
+	localpref 1
+	community 65520:0
+	community 65520:6
+	large-community 999:1101:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: invalid ASNs
+# Reject inbound routes when 'from 192.0.2.21 AS 23456' - reject code: 7
+allow quick from 192.0.2.21 AS 23456 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 192.0.2.21 AS 64496 - 131071' - reject code: 7
+allow quick from 192.0.2.21 AS 64496 - 131071 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 192.0.2.21 AS 4200000000 - 4294967295' - reject code: 7
+allow quick from 192.0.2.21 AS 4200000000 - 4294967295 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+
+
+match from 192.0.2.21 set ext-community $INTCOMM_IRR_REJECT
+
+# AS_PATH: check origin via AS-SET
+# IRRDB filters for AS2_1, AS2: asns
+# add $INTCOMM_ORIGIN_KO to any; it will be removed later if at least one AS-SET authorizes this object
+match from 192.0.2.21 set ext-community $INTCOMM_ORIGIN_KO
+# verifying if object is authorized by AS-SETs
+# AS-SET AS2 referenced but empty.
+match from 192.0.2.21 source-as as-set AS_SET_WHITE_LIST_AS2_1_asns set {
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community $INTCOMM_ORIGIN_OK
+} # WHITE_LIST_AS2_1
+match from 192.0.2.21 source-as as-set AS_SET_AS_AS2_asns set {
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community $INTCOMM_ORIGIN_OK
+} # AS_AS2
+# adding not_present_in_as_set community to unauthorized routes
+match from 192.0.2.21 ext-community $INTCOMM_ORIGIN_KO set community 999:64515
+match from 192.0.2.21 ext-community $INTCOMM_ORIGIN_KO set large-community 999:0:64515
+# adding present_in_as_set community to authorized routes
+match from 192.0.2.21 ext-community $INTCOMM_ORIGIN_OK set community 999:64514
+match from 192.0.2.21 ext-community $INTCOMM_ORIGIN_OK set large-community 999:0:64514
+
+
+# Prefix: check prefix via AS-SET
+# IRRDB filters for AS2_1, AS2: prefixes
+# add $INTCOMM_PREFIX_KO to any; it will be removed later if at least one AS-SET authorizes this object
+match from 192.0.2.21 set ext-community $INTCOMM_PREFIX_KO
+# verifying if object is authorized by AS-SETs
+# AS-SET AS2 referenced but empty.
+match from 192.0.2.21 prefix-set AS_SET_WHITE_LIST_AS2_1_prefixes set {
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community $INTCOMM_PREFIX_OK
+} # WHITE_LIST_AS2_1
+match from 192.0.2.21 prefix-set AS_SET_AS_AS2_prefixes set {
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community $INTCOMM_PREFIX_OK
+} # AS_AS2
+# adding not_present_in_as_set community to unauthorized routes
+match from 192.0.2.21 ext-community $INTCOMM_PREFIX_KO set community 999:64513
+match from 192.0.2.21 ext-community $INTCOMM_PREFIX_KO set large-community 999:0:64513
+# adding present_in_as_set community to authorized routes
+match from 192.0.2.21 ext-community $INTCOMM_PREFIX_OK set community 999:64512
+match from 192.0.2.21 ext-community $INTCOMM_PREFIX_OK set large-community 999:0:64512
+
+
+# routes tagged with $INTCOMM_PREF_OK_ROA community have the prefix validated by a ROA; origin ASN previously validated ($INTCOMM_ORIGIN_OK)
+match from 192.0.2.21 ext-community $INTCOMM_ORIGIN_OK ext-community $INTCOMM_PREF_OK_ROA set community 999:64516
+match from 192.0.2.21 ext-community $INTCOMM_ORIGIN_OK ext-community $INTCOMM_PREF_OK_ROA set large-community 999:0:64516
+
+match from 192.0.2.21 ext-community $INTCOMM_ORIGIN_OK ext-community $INTCOMM_PREF_OK_ROA set ext-community delete $INTCOMM_IRR_REJECT
+
+# routes tagged with $INTCOMM_PREF_OK_ARINDB community have the prefix validated by an ARIN Whois record; origin ASN previously validated ($INTCOMM_ORIGIN_OK)
+match from 192.0.2.21 ext-community $INTCOMM_ORIGIN_OK ext-community $INTCOMM_PREF_OK_ARINDB set community 999:64518
+match from 192.0.2.21 ext-community $INTCOMM_ORIGIN_OK ext-community $INTCOMM_PREF_OK_ARINDB set large-community 999:0:64518
+
+match from 192.0.2.21 ext-community $INTCOMM_ORIGIN_OK ext-community $INTCOMM_PREF_OK_ARINDB set ext-community delete $INTCOMM_IRR_REJECT
+
+
+
+
+
+
+# Prefix: length
+# Reject inbound routes when 'from 192.0.2.21 prefix 0.0.0.0/0 prefixlen 8 >< 24' - reject code: 13
+allow quick from 192.0.2.21 prefix 0.0.0.0/0 prefixlen 8 >< 24 set {
+	localpref 1
+	community 65520:0
+	community 65520:13
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+# Remove internal communities before accepting the route
+match from 192.0.2.21 set {
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+match from 192.0.2.21 set ext-community delete rt 65520:2
+
+
+
+allow quick from 192.0.2.21
+
+
+
+# ---------------------------------------------
+# client AS2_1, outbound
+
+deny quick to 192.0.2.21 community 65520:0
+
+
+
+# Blackhole request?
+# No blackhole filtering policy given
+deny quick to 192.0.2.21 community BLACKHOLE
+
+
+
+# NO_EXPORT and NO_ADVERTISE communities
+
+# BGP control communities
+allow to 192.0.2.21
+
+
+# Add the $INTCOMM_PROCESS_PREPEND_COMMS ext community to signal that communities
+# for prepending can be processed. As soon as one prepending action is performed,
+# this internal community is removed, so that further actions are not processed.
+match to 192.0.2.21 set ext-community $INTCOMM_PROCESS_PREPEND_COMMS
+
+
+
+
+
+# ---------------------------------------------
+# client AS2_2, inbound
+
+
+
+# NEXT_HOP
+match from 2001:db8:1:1::21 set community NO_ADVERTISE
+match from 2001:db8:1:1::21 nexthop 2001:db8:1:1::21 set community delete NO_ADVERTISE
+# Reject inbound routes when 'from 2001:db8:1:1::21 community NO_ADVERTISE' - reject code: 5
+allow quick from 2001:db8:1:1::21 community NO_ADVERTISE set {
+	localpref 1
+	community 65520:0
+	community 65520:5
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: left-most ASN
+# Reject inbound routes when 'from 2001:db8:1:1::21 peer-as != 2' - reject code: 6
+# community from reject_cause_map
+allow quick from 2001:db8:1:1::21 peer-as != 2 set {
+	localpref 1
+	community 65520:0
+	community 65520:6
+	large-community 999:1101:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: invalid ASNs
+# Reject inbound routes when 'from 2001:db8:1:1::21 AS 23456' - reject code: 7
+allow quick from 2001:db8:1:1::21 AS 23456 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 2001:db8:1:1::21 AS 64496 - 131071' - reject code: 7
+allow quick from 2001:db8:1:1::21 AS 64496 - 131071 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 2001:db8:1:1::21 AS 4200000000 - 4294967295' - reject code: 7
+allow quick from 2001:db8:1:1::21 AS 4200000000 - 4294967295 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+
+
+match from 2001:db8:1:1::21 set ext-community $INTCOMM_IRR_REJECT
+
+# AS_PATH: check origin via AS-SET
+# IRRDB filters for AS2_2, AS2: asns
+# add $INTCOMM_ORIGIN_KO to any; it will be removed later if at least one AS-SET authorizes this object
+match from 2001:db8:1:1::21 set ext-community $INTCOMM_ORIGIN_KO
+# verifying if object is authorized by AS-SETs
+match from 2001:db8:1:1::21 source-as as-set AS_SET_WHITE_LIST_AS2_2_asns set {
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community $INTCOMM_ORIGIN_OK
+} # WHITE_LIST_AS2_2
+# AS-SET AS2 referenced but empty.
+match from 2001:db8:1:1::21 source-as as-set AS_SET_AS_AS2_asns set {
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community $INTCOMM_ORIGIN_OK
+} # AS_AS2
+# adding not_present_in_as_set community to unauthorized routes
+match from 2001:db8:1:1::21 ext-community $INTCOMM_ORIGIN_KO set community 999:64515
+match from 2001:db8:1:1::21 ext-community $INTCOMM_ORIGIN_KO set large-community 999:0:64515
+# adding present_in_as_set community to authorized routes
+match from 2001:db8:1:1::21 ext-community $INTCOMM_ORIGIN_OK set community 999:64514
+match from 2001:db8:1:1::21 ext-community $INTCOMM_ORIGIN_OK set large-community 999:0:64514
+
+
+# Prefix: check prefix via AS-SET
+# IRRDB filters for AS2_2, AS2: prefixes
+# add $INTCOMM_PREFIX_KO to any; it will be removed later if at least one AS-SET authorizes this object
+match from 2001:db8:1:1::21 set ext-community $INTCOMM_PREFIX_KO
+# verifying if object is authorized by AS-SETs
+match from 2001:db8:1:1::21 prefix-set AS_SET_WHITE_LIST_AS2_2_prefixes set {
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community $INTCOMM_PREFIX_OK
+} # WHITE_LIST_AS2_2
+# AS-SET AS2 referenced but empty.
+match from 2001:db8:1:1::21 prefix-set AS_SET_AS_AS2_prefixes set {
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community $INTCOMM_PREFIX_OK
+} # AS_AS2
+# adding not_present_in_as_set community to unauthorized routes
+match from 2001:db8:1:1::21 ext-community $INTCOMM_PREFIX_KO set community 999:64513
+match from 2001:db8:1:1::21 ext-community $INTCOMM_PREFIX_KO set large-community 999:0:64513
+# adding present_in_as_set community to authorized routes
+match from 2001:db8:1:1::21 ext-community $INTCOMM_PREFIX_OK set community 999:64512
+match from 2001:db8:1:1::21 ext-community $INTCOMM_PREFIX_OK set large-community 999:0:64512
+
+
+# routes tagged with $INTCOMM_PREF_OK_ROA community have the prefix validated by a ROA; origin ASN previously validated ($INTCOMM_ORIGIN_OK)
+match from 2001:db8:1:1::21 ext-community $INTCOMM_ORIGIN_OK ext-community $INTCOMM_PREF_OK_ROA set community 999:64516
+match from 2001:db8:1:1::21 ext-community $INTCOMM_ORIGIN_OK ext-community $INTCOMM_PREF_OK_ROA set large-community 999:0:64516
+
+match from 2001:db8:1:1::21 ext-community $INTCOMM_ORIGIN_OK ext-community $INTCOMM_PREF_OK_ROA set ext-community delete $INTCOMM_IRR_REJECT
+
+# routes tagged with $INTCOMM_PREF_OK_ARINDB community have the prefix validated by an ARIN Whois record; origin ASN previously validated ($INTCOMM_ORIGIN_OK)
+match from 2001:db8:1:1::21 ext-community $INTCOMM_ORIGIN_OK ext-community $INTCOMM_PREF_OK_ARINDB set community 999:64518
+match from 2001:db8:1:1::21 ext-community $INTCOMM_ORIGIN_OK ext-community $INTCOMM_PREF_OK_ARINDB set large-community 999:0:64518
+
+match from 2001:db8:1:1::21 ext-community $INTCOMM_ORIGIN_OK ext-community $INTCOMM_PREF_OK_ARINDB set ext-community delete $INTCOMM_IRR_REJECT
+
+
+
+
+
+
+# Prefix: length
+# Reject inbound routes when 'from 2001:db8:1:1::21 prefix ::/0 prefixlen 12 >< 48' - reject code: 13
+allow quick from 2001:db8:1:1::21 prefix ::/0 prefixlen 12 >< 48 set {
+	localpref 1
+	community 65520:0
+	community 65520:13
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+# Remove internal communities before accepting the route
+match from 2001:db8:1:1::21 set {
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+match from 2001:db8:1:1::21 set ext-community delete rt 65520:2
+
+
+
+allow quick from 2001:db8:1:1::21
+
+
+
+# ---------------------------------------------
+# client AS2_2, outbound
+
+deny quick to 2001:db8:1:1::21 community 65520:0
+
+
+
+# Blackhole request?
+# No blackhole filtering policy given
+deny quick to 2001:db8:1:1::21 community BLACKHOLE
+
+
+
+# NO_EXPORT and NO_ADVERTISE communities
+
+# BGP control communities
+allow to 2001:db8:1:1::21
+
+
+# Add the $INTCOMM_PROCESS_PREPEND_COMMS ext community to signal that communities
+# for prepending can be processed. As soon as one prepending action is performed,
+# this internal community is removed, so that further actions are not processed.
+match to 2001:db8:1:1::21 set ext-community $INTCOMM_PROCESS_PREPEND_COMMS
+
+
+
+
+
+# ---------------------------------------------
+# client AS4_1, inbound
+
+
+
+# NEXT_HOP
+match from 192.0.2.41 set community NO_ADVERTISE
+match from 192.0.2.41 nexthop 192.0.2.41 set community delete NO_ADVERTISE
+# Reject inbound routes when 'from 192.0.2.41 community NO_ADVERTISE' - reject code: 5
+allow quick from 192.0.2.41 community NO_ADVERTISE set {
+	localpref 1
+	community 65520:0
+	community 65520:5
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: left-most ASN
+# Reject inbound routes when 'from 192.0.2.41 peer-as != 4' - reject code: 6
+# community from reject_cause_map
+allow quick from 192.0.2.41 peer-as != 4 set {
+	localpref 1
+	community 65520:0
+	community 65520:6
+	large-community 999:1101:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: invalid ASNs
+# Reject inbound routes when 'from 192.0.2.41 AS 23456' - reject code: 7
+allow quick from 192.0.2.41 AS 23456 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 192.0.2.41 AS 64496 - 131071' - reject code: 7
+allow quick from 192.0.2.41 AS 64496 - 131071 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 192.0.2.41 AS 4200000000 - 4294967295' - reject code: 7
+allow quick from 192.0.2.41 AS 4200000000 - 4294967295 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+
+# client's white list
+# Add the $INTCOMM_ROUTE_OK_WL ext community to routes which
+# are validated by a client's white list entry.
+# It will be used later during IRRDB validation in
+# case the route is not authorized by a client's
+# AS-SET.
+match from 192.0.2.41 prefix 2a04:4::/32 source-as 44 set ext-community $INTCOMM_ROUTE_OK_WL	# None
+match from 192.0.2.41 prefix 2a04:5::/32 prefixlen 32 - 128 source-as 43 set ext-community $INTCOMM_ROUTE_OK_WL	# None
+match from 192.0.2.41 prefix 2a04:6::/32 prefixlen 32 - 128 set ext-community $INTCOMM_ROUTE_OK_WL	# None
+match from 192.0.2.41 prefix 4.4.0.0/16 source-as 44 set ext-community $INTCOMM_ROUTE_OK_WL	# None
+match from 192.0.2.41 prefix 4.5.0.0/16 prefixlen 16 - 32 source-as 43 set ext-community $INTCOMM_ROUTE_OK_WL	# None
+match from 192.0.2.41 prefix 4.6.0.0/16 prefixlen 16 - 32 set ext-community $INTCOMM_ROUTE_OK_WL	# None
+
+match from 192.0.2.41 set ext-community $INTCOMM_IRR_REJECT
+
+# AS_PATH: check origin via AS-SET
+# IRRDB filters for AS4_1, AS4: asns
+# add $INTCOMM_ORIGIN_KO to any; it will be removed later if at least one AS-SET authorizes this object
+match from 192.0.2.41 set ext-community $INTCOMM_ORIGIN_KO
+# verifying if object is authorized by AS-SETs
+match from 192.0.2.41 source-as as-set AS_SET_WHITE_LIST_AS4_1_asns set {
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community $INTCOMM_ORIGIN_OK
+} # WHITE_LIST_AS4_1
+# AS-SET AS4 referenced but empty.
+match from 192.0.2.41 source-as as-set AS_SET_AS_AS4_asns set {
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community $INTCOMM_ORIGIN_OK
+} # AS_AS4
+# adding not_present_in_as_set community to unauthorized routes
+match from 192.0.2.41 ext-community $INTCOMM_ORIGIN_KO set community 999:64515
+match from 192.0.2.41 ext-community $INTCOMM_ORIGIN_KO set large-community 999:0:64515
+# adding present_in_as_set community to authorized routes
+match from 192.0.2.41 ext-community $INTCOMM_ORIGIN_OK set community 999:64514
+match from 192.0.2.41 ext-community $INTCOMM_ORIGIN_OK set large-community 999:0:64514
+
+
+# Prefix: check prefix via AS-SET
+# IRRDB filters for AS4_1, AS4: prefixes
+# add $INTCOMM_PREFIX_KO to any; it will be removed later if at least one AS-SET authorizes this object
+match from 192.0.2.41 set ext-community $INTCOMM_PREFIX_KO
+# verifying if object is authorized by AS-SETs
+match from 192.0.2.41 prefix-set AS_SET_WHITE_LIST_AS4_1_prefixes set {
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community $INTCOMM_PREFIX_OK
+} # WHITE_LIST_AS4_1
+# AS-SET AS4 referenced but empty.
+match from 192.0.2.41 prefix-set AS_SET_AS_AS4_prefixes set {
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community $INTCOMM_PREFIX_OK
+} # AS_AS4
+# adding not_present_in_as_set community to unauthorized routes
+match from 192.0.2.41 ext-community $INTCOMM_PREFIX_KO set community 999:64513
+match from 192.0.2.41 ext-community $INTCOMM_PREFIX_KO set large-community 999:0:64513
+# adding present_in_as_set community to authorized routes
+match from 192.0.2.41 ext-community $INTCOMM_PREFIX_OK set community 999:64512
+match from 192.0.2.41 ext-community $INTCOMM_PREFIX_OK set large-community 999:0:64512
+
+
+# routes tagged with $INTCOMM_PREF_OK_ROA community have the prefix validated by a ROA; origin ASN previously validated ($INTCOMM_ORIGIN_OK)
+match from 192.0.2.41 ext-community $INTCOMM_ORIGIN_OK ext-community $INTCOMM_PREF_OK_ROA set community 999:64516
+match from 192.0.2.41 ext-community $INTCOMM_ORIGIN_OK ext-community $INTCOMM_PREF_OK_ROA set large-community 999:0:64516
+
+match from 192.0.2.41 ext-community $INTCOMM_ORIGIN_OK ext-community $INTCOMM_PREF_OK_ROA set ext-community delete $INTCOMM_IRR_REJECT
+
+# routes tagged with $INTCOMM_PREF_OK_ARINDB community have the prefix validated by an ARIN Whois record; origin ASN previously validated ($INTCOMM_ORIGIN_OK)
+match from 192.0.2.41 ext-community $INTCOMM_ORIGIN_OK ext-community $INTCOMM_PREF_OK_ARINDB set community 999:64518
+match from 192.0.2.41 ext-community $INTCOMM_ORIGIN_OK ext-community $INTCOMM_PREF_OK_ARINDB set large-community 999:0:64518
+
+match from 192.0.2.41 ext-community $INTCOMM_ORIGIN_OK ext-community $INTCOMM_PREF_OK_ARINDB set ext-community delete $INTCOMM_IRR_REJECT
+
+
+# route authorized by a client's white list?
+match from 192.0.2.41 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_ROUTE_OK_WL set community 999:64517
+match from 192.0.2.41 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_ROUTE_OK_WL set large-community 999:0:64517
+
+match from 192.0.2.41 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_ROUTE_OK_WL set ext-community delete $INTCOMM_IRR_REJECT
+
+# enforcing: origin ASN
+# Reject inbound routes when 'from 192.0.2.41 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_ORIGIN_KO' - reject code: 9
+allow quick from 192.0.2.41 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_ORIGIN_KO set {
+	localpref 1
+	community 65520:0
+	community 65520:9
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+
+# Prefix: length
+# Reject inbound routes when 'from 192.0.2.41 prefix 0.0.0.0/0 prefixlen 8 >< 24' - reject code: 13
+allow quick from 192.0.2.41 prefix 0.0.0.0/0 prefixlen 8 >< 24 set {
+	localpref 1
+	community 65520:0
+	community 65520:13
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+# Remove internal communities before accepting the route
+match from 192.0.2.41 set {
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+match from 192.0.2.41 set ext-community delete rt 65520:4
+
+
+
+allow quick from 192.0.2.41
+
+
+
+# ---------------------------------------------
+# client AS4_1, outbound
+
+deny quick to 192.0.2.41 community 65520:0
+
+
+
+# Blackhole request?
+# No blackhole filtering policy given
+deny quick to 192.0.2.41 community BLACKHOLE
+
+
+
+# NO_EXPORT and NO_ADVERTISE communities
+
+# BGP control communities
+allow to 192.0.2.41
+
+
+# Add the $INTCOMM_PROCESS_PREPEND_COMMS ext community to signal that communities
+# for prepending can be processed. As soon as one prepending action is performed,
+# this internal community is removed, so that further actions are not processed.
+match to 192.0.2.41 set ext-community $INTCOMM_PROCESS_PREPEND_COMMS
+
+
+
+
+
+# ---------------------------------------------
+# client AS4_2, inbound
+
+
+
+# NEXT_HOP
+match from 2001:db8:1:1::41 set community NO_ADVERTISE
+match from 2001:db8:1:1::41 nexthop 2001:db8:1:1::41 set community delete NO_ADVERTISE
+# Reject inbound routes when 'from 2001:db8:1:1::41 community NO_ADVERTISE' - reject code: 5
+allow quick from 2001:db8:1:1::41 community NO_ADVERTISE set {
+	localpref 1
+	community 65520:0
+	community 65520:5
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: left-most ASN
+# Reject inbound routes when 'from 2001:db8:1:1::41 peer-as != 4' - reject code: 6
+# community from reject_cause_map
+allow quick from 2001:db8:1:1::41 peer-as != 4 set {
+	localpref 1
+	community 65520:0
+	community 65520:6
+	large-community 999:1101:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: invalid ASNs
+# Reject inbound routes when 'from 2001:db8:1:1::41 AS 23456' - reject code: 7
+allow quick from 2001:db8:1:1::41 AS 23456 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 2001:db8:1:1::41 AS 64496 - 131071' - reject code: 7
+allow quick from 2001:db8:1:1::41 AS 64496 - 131071 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 2001:db8:1:1::41 AS 4200000000 - 4294967295' - reject code: 7
+allow quick from 2001:db8:1:1::41 AS 4200000000 - 4294967295 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+
+# client's white list
+# Add the $INTCOMM_ROUTE_OK_WL ext community to routes which
+# are validated by a client's white list entry.
+# It will be used later during IRRDB validation in
+# case the route is not authorized by a client's
+# AS-SET.
+match from 2001:db8:1:1::41 prefix 2a04:4::/32 source-as 44 set ext-community $INTCOMM_ROUTE_OK_WL	# None
+match from 2001:db8:1:1::41 prefix 2a04:5::/32 prefixlen 32 - 128 source-as 43 set ext-community $INTCOMM_ROUTE_OK_WL	# None
+match from 2001:db8:1:1::41 prefix 2a04:6::/32 prefixlen 32 - 128 set ext-community $INTCOMM_ROUTE_OK_WL	# None
+match from 2001:db8:1:1::41 prefix 4.4.0.0/16 source-as 44 set ext-community $INTCOMM_ROUTE_OK_WL	# None
+match from 2001:db8:1:1::41 prefix 4.5.0.0/16 prefixlen 16 - 32 source-as 43 set ext-community $INTCOMM_ROUTE_OK_WL	# None
+match from 2001:db8:1:1::41 prefix 4.6.0.0/16 prefixlen 16 - 32 set ext-community $INTCOMM_ROUTE_OK_WL	# None
+
+match from 2001:db8:1:1::41 set ext-community $INTCOMM_IRR_REJECT
+
+# AS_PATH: check origin via AS-SET
+# IRRDB filters for AS4_2, AS4: asns
+# add $INTCOMM_ORIGIN_KO to any; it will be removed later if at least one AS-SET authorizes this object
+match from 2001:db8:1:1::41 set ext-community $INTCOMM_ORIGIN_KO
+# verifying if object is authorized by AS-SETs
+# AS-SET AS4 referenced but empty.
+match from 2001:db8:1:1::41 source-as as-set AS_SET_AS_AS4_asns set {
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community $INTCOMM_ORIGIN_OK
+} # AS_AS4
+match from 2001:db8:1:1::41 source-as as-set AS_SET_WHITE_LIST_AS4_2_asns set {
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community $INTCOMM_ORIGIN_OK
+} # WHITE_LIST_AS4_2
+# adding not_present_in_as_set community to unauthorized routes
+match from 2001:db8:1:1::41 ext-community $INTCOMM_ORIGIN_KO set community 999:64515
+match from 2001:db8:1:1::41 ext-community $INTCOMM_ORIGIN_KO set large-community 999:0:64515
+# adding present_in_as_set community to authorized routes
+match from 2001:db8:1:1::41 ext-community $INTCOMM_ORIGIN_OK set community 999:64514
+match from 2001:db8:1:1::41 ext-community $INTCOMM_ORIGIN_OK set large-community 999:0:64514
+
+
+# Prefix: check prefix via AS-SET
+# IRRDB filters for AS4_2, AS4: prefixes
+# add $INTCOMM_PREFIX_KO to any; it will be removed later if at least one AS-SET authorizes this object
+match from 2001:db8:1:1::41 set ext-community $INTCOMM_PREFIX_KO
+# verifying if object is authorized by AS-SETs
+# AS-SET AS4 referenced but empty.
+match from 2001:db8:1:1::41 prefix-set AS_SET_AS_AS4_prefixes set {
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community $INTCOMM_PREFIX_OK
+} # AS_AS4
+match from 2001:db8:1:1::41 prefix-set AS_SET_WHITE_LIST_AS4_2_prefixes set {
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community $INTCOMM_PREFIX_OK
+} # WHITE_LIST_AS4_2
+# adding not_present_in_as_set community to unauthorized routes
+match from 2001:db8:1:1::41 ext-community $INTCOMM_PREFIX_KO set community 999:64513
+match from 2001:db8:1:1::41 ext-community $INTCOMM_PREFIX_KO set large-community 999:0:64513
+# adding present_in_as_set community to authorized routes
+match from 2001:db8:1:1::41 ext-community $INTCOMM_PREFIX_OK set community 999:64512
+match from 2001:db8:1:1::41 ext-community $INTCOMM_PREFIX_OK set large-community 999:0:64512
+
+
+# routes tagged with $INTCOMM_PREF_OK_ROA community have the prefix validated by a ROA; origin ASN previously validated ($INTCOMM_ORIGIN_OK)
+match from 2001:db8:1:1::41 ext-community $INTCOMM_ORIGIN_OK ext-community $INTCOMM_PREF_OK_ROA set community 999:64516
+match from 2001:db8:1:1::41 ext-community $INTCOMM_ORIGIN_OK ext-community $INTCOMM_PREF_OK_ROA set large-community 999:0:64516
+
+match from 2001:db8:1:1::41 ext-community $INTCOMM_ORIGIN_OK ext-community $INTCOMM_PREF_OK_ROA set ext-community delete $INTCOMM_IRR_REJECT
+
+# routes tagged with $INTCOMM_PREF_OK_ARINDB community have the prefix validated by an ARIN Whois record; origin ASN previously validated ($INTCOMM_ORIGIN_OK)
+match from 2001:db8:1:1::41 ext-community $INTCOMM_ORIGIN_OK ext-community $INTCOMM_PREF_OK_ARINDB set community 999:64518
+match from 2001:db8:1:1::41 ext-community $INTCOMM_ORIGIN_OK ext-community $INTCOMM_PREF_OK_ARINDB set large-community 999:0:64518
+
+match from 2001:db8:1:1::41 ext-community $INTCOMM_ORIGIN_OK ext-community $INTCOMM_PREF_OK_ARINDB set ext-community delete $INTCOMM_IRR_REJECT
+
+
+# route authorized by a client's white list?
+match from 2001:db8:1:1::41 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_ROUTE_OK_WL set community 999:64517
+match from 2001:db8:1:1::41 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_ROUTE_OK_WL set large-community 999:0:64517
+
+match from 2001:db8:1:1::41 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_ROUTE_OK_WL set ext-community delete $INTCOMM_IRR_REJECT
+
+# enforcing: origin ASN
+# Reject inbound routes when 'from 2001:db8:1:1::41 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_ORIGIN_KO' - reject code: 9
+allow quick from 2001:db8:1:1::41 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_ORIGIN_KO set {
+	localpref 1
+	community 65520:0
+	community 65520:9
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+
+# Prefix: length
+# Reject inbound routes when 'from 2001:db8:1:1::41 prefix ::/0 prefixlen 12 >< 48' - reject code: 13
+allow quick from 2001:db8:1:1::41 prefix ::/0 prefixlen 12 >< 48 set {
+	localpref 1
+	community 65520:0
+	community 65520:13
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+# Remove internal communities before accepting the route
+match from 2001:db8:1:1::41 set {
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+match from 2001:db8:1:1::41 set ext-community delete rt 65520:4
+
+
+
+allow quick from 2001:db8:1:1::41
+
+
+
+# ---------------------------------------------
+# client AS4_2, outbound
+
+deny quick to 2001:db8:1:1::41 community 65520:0
+
+
+
+# Blackhole request?
+# No blackhole filtering policy given
+deny quick to 2001:db8:1:1::41 community BLACKHOLE
+
+
+
+# NO_EXPORT and NO_ADVERTISE communities
+
+# BGP control communities
+allow to 2001:db8:1:1::41
+
+
+# Add the $INTCOMM_PROCESS_PREPEND_COMMS ext community to signal that communities
+# for prepending can be processed. As soon as one prepending action is performed,
+# this internal community is removed, so that further actions are not processed.
+match to 2001:db8:1:1::41 set ext-community $INTCOMM_PROCESS_PREPEND_COMMS
+
+
+
+
+
+# ---------------------------------------------
+# client AS5_1, inbound
+
+
+
+# NEXT_HOP
+match from 192.0.2.51 set community NO_ADVERTISE
+match from 192.0.2.51 nexthop 192.0.2.51 set community delete NO_ADVERTISE
+# Reject inbound routes when 'from 192.0.2.51 community NO_ADVERTISE' - reject code: 5
+allow quick from 192.0.2.51 community NO_ADVERTISE set {
+	localpref 1
+	community 65520:0
+	community 65520:5
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: left-most ASN
+# Reject inbound routes when 'from 192.0.2.51 peer-as != 5' - reject code: 6
+# community from reject_cause_map
+allow quick from 192.0.2.51 peer-as != 5 set {
+	localpref 1
+	community 65520:0
+	community 65520:6
+	large-community 999:1101:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: invalid ASNs
+# Reject inbound routes when 'from 192.0.2.51 AS 23456' - reject code: 7
+allow quick from 192.0.2.51 AS 23456 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 192.0.2.51 AS 64496 - 131071' - reject code: 7
+allow quick from 192.0.2.51 AS 64496 - 131071 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 192.0.2.51 AS 4200000000 - 4294967295' - reject code: 7
+allow quick from 192.0.2.51 AS 4200000000 - 4294967295 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+
+
+match from 192.0.2.51 set ext-community $INTCOMM_IRR_REJECT
+
+# AS_PATH: check origin via AS-SET
+# IRRDB filters for AS5_1, AS5: asns
+# add $INTCOMM_ORIGIN_KO to any; it will be removed later if at least one AS-SET authorizes this object
+match from 192.0.2.51 set ext-community $INTCOMM_ORIGIN_KO
+# verifying if object is authorized by AS-SETs
+match from 192.0.2.51 source-as as-set AS_SET_AS_AS5_FROM_PDB_asns set {
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community $INTCOMM_ORIGIN_OK
+} # AS_AS5_FROM_PDB
+# AS-SET AS5 referenced but empty.
+match from 192.0.2.51 source-as as-set AS_SET_WHITE_LIST_AS5_1_asns set {
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community $INTCOMM_ORIGIN_OK
+} # WHITE_LIST_AS5_1
+# adding not_present_in_as_set community to unauthorized routes
+match from 192.0.2.51 ext-community $INTCOMM_ORIGIN_KO set community 999:64515
+match from 192.0.2.51 ext-community $INTCOMM_ORIGIN_KO set large-community 999:0:64515
+# adding present_in_as_set community to authorized routes
+match from 192.0.2.51 ext-community $INTCOMM_ORIGIN_OK set community 999:64514
+match from 192.0.2.51 ext-community $INTCOMM_ORIGIN_OK set large-community 999:0:64514
+
+
+# Prefix: check prefix via AS-SET
+# IRRDB filters for AS5_1, AS5: prefixes
+# add $INTCOMM_PREFIX_KO to any; it will be removed later if at least one AS-SET authorizes this object
+match from 192.0.2.51 set ext-community $INTCOMM_PREFIX_KO
+# verifying if object is authorized by AS-SETs
+match from 192.0.2.51 prefix-set AS_SET_AS_AS5_FROM_PDB_prefixes set {
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community $INTCOMM_PREFIX_OK
+} # AS_AS5_FROM_PDB
+# AS-SET AS5 referenced but empty.
+match from 192.0.2.51 prefix-set AS_SET_WHITE_LIST_AS5_1_prefixes set {
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community $INTCOMM_PREFIX_OK
+} # WHITE_LIST_AS5_1
+# adding not_present_in_as_set community to unauthorized routes
+match from 192.0.2.51 ext-community $INTCOMM_PREFIX_KO set community 999:64513
+match from 192.0.2.51 ext-community $INTCOMM_PREFIX_KO set large-community 999:0:64513
+# adding present_in_as_set community to authorized routes
+match from 192.0.2.51 ext-community $INTCOMM_PREFIX_OK set community 999:64512
+match from 192.0.2.51 ext-community $INTCOMM_PREFIX_OK set large-community 999:0:64512
+
+
+# routes tagged with $INTCOMM_PREF_OK_ROA community have the prefix validated by a ROA; origin ASN previously validated ($INTCOMM_ORIGIN_OK)
+match from 192.0.2.51 ext-community $INTCOMM_ORIGIN_OK ext-community $INTCOMM_PREF_OK_ROA set community 999:64516
+match from 192.0.2.51 ext-community $INTCOMM_ORIGIN_OK ext-community $INTCOMM_PREF_OK_ROA set large-community 999:0:64516
+
+match from 192.0.2.51 ext-community $INTCOMM_ORIGIN_OK ext-community $INTCOMM_PREF_OK_ROA set ext-community delete $INTCOMM_IRR_REJECT
+
+# routes tagged with $INTCOMM_PREF_OK_ARINDB community have the prefix validated by an ARIN Whois record; origin ASN previously validated ($INTCOMM_ORIGIN_OK)
+match from 192.0.2.51 ext-community $INTCOMM_ORIGIN_OK ext-community $INTCOMM_PREF_OK_ARINDB set community 999:64518
+match from 192.0.2.51 ext-community $INTCOMM_ORIGIN_OK ext-community $INTCOMM_PREF_OK_ARINDB set large-community 999:0:64518
+
+match from 192.0.2.51 ext-community $INTCOMM_ORIGIN_OK ext-community $INTCOMM_PREF_OK_ARINDB set ext-community delete $INTCOMM_IRR_REJECT
+
+
+
+# enforcing: prefix
+# Reject inbound routes when 'from 192.0.2.51 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_PREFIX_KO' - reject code: 12
+allow quick from 192.0.2.51 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_PREFIX_KO set {
+	localpref 1
+	community 65520:0
+	community 65520:12
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+
+# Prefix: length
+# Reject inbound routes when 'from 192.0.2.51 prefix 0.0.0.0/0 prefixlen 8 >< 24' - reject code: 13
+allow quick from 192.0.2.51 prefix 0.0.0.0/0 prefixlen 8 >< 24 set {
+	localpref 1
+	community 65520:0
+	community 65520:13
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+# Remove internal communities before accepting the route
+match from 192.0.2.51 set {
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+match from 192.0.2.51 set ext-community delete rt 65520:5
+
+
+
+allow quick from 192.0.2.51
+
+
+
+# ---------------------------------------------
+# client AS5_1, outbound
+
+deny quick to 192.0.2.51 community 65520:0
+
+
+
+# Blackhole request?
+# No blackhole filtering policy given
+deny quick to 192.0.2.51 community BLACKHOLE
+
+
+
+# NO_EXPORT and NO_ADVERTISE communities
+
+# BGP control communities
+allow to 192.0.2.51
+
+
+# Add the $INTCOMM_PROCESS_PREPEND_COMMS ext community to signal that communities
+# for prepending can be processed. As soon as one prepending action is performed,
+# this internal community is removed, so that further actions are not processed.
+match to 192.0.2.51 set ext-community $INTCOMM_PROCESS_PREPEND_COMMS
+
+
+
+
+
+# ---------------------------------------------
+# client AS5_2, inbound
+
+
+
+# NEXT_HOP
+match from 2001:db8:1:1::51 set community NO_ADVERTISE
+match from 2001:db8:1:1::51 nexthop 2001:db8:1:1::51 set community delete NO_ADVERTISE
+# Reject inbound routes when 'from 2001:db8:1:1::51 community NO_ADVERTISE' - reject code: 5
+allow quick from 2001:db8:1:1::51 community NO_ADVERTISE set {
+	localpref 1
+	community 65520:0
+	community 65520:5
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: left-most ASN
+# Reject inbound routes when 'from 2001:db8:1:1::51 peer-as != 5' - reject code: 6
+# community from reject_cause_map
+allow quick from 2001:db8:1:1::51 peer-as != 5 set {
+	localpref 1
+	community 65520:0
+	community 65520:6
+	large-community 999:1101:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: invalid ASNs
+# Reject inbound routes when 'from 2001:db8:1:1::51 AS 23456' - reject code: 7
+allow quick from 2001:db8:1:1::51 AS 23456 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 2001:db8:1:1::51 AS 64496 - 131071' - reject code: 7
+allow quick from 2001:db8:1:1::51 AS 64496 - 131071 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 2001:db8:1:1::51 AS 4200000000 - 4294967295' - reject code: 7
+allow quick from 2001:db8:1:1::51 AS 4200000000 - 4294967295 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+
+
+match from 2001:db8:1:1::51 set ext-community $INTCOMM_IRR_REJECT
+
+# AS_PATH: check origin via AS-SET
+# IRRDB filters for AS5_2, AS5: asns
+# add $INTCOMM_ORIGIN_KO to any; it will be removed later if at least one AS-SET authorizes this object
+match from 2001:db8:1:1::51 set ext-community $INTCOMM_ORIGIN_KO
+# verifying if object is authorized by AS-SETs
+match from 2001:db8:1:1::51 source-as as-set AS_SET_AS_AS5_FROM_PDB_asns set {
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community $INTCOMM_ORIGIN_OK
+} # AS_AS5_FROM_PDB
+match from 2001:db8:1:1::51 source-as as-set AS_SET_WHITE_LIST_AS5_2_asns set {
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community $INTCOMM_ORIGIN_OK
+} # WHITE_LIST_AS5_2
+# AS-SET AS5 referenced but empty.
+# adding not_present_in_as_set community to unauthorized routes
+match from 2001:db8:1:1::51 ext-community $INTCOMM_ORIGIN_KO set community 999:64515
+match from 2001:db8:1:1::51 ext-community $INTCOMM_ORIGIN_KO set large-community 999:0:64515
+# adding present_in_as_set community to authorized routes
+match from 2001:db8:1:1::51 ext-community $INTCOMM_ORIGIN_OK set community 999:64514
+match from 2001:db8:1:1::51 ext-community $INTCOMM_ORIGIN_OK set large-community 999:0:64514
+
+
+# Prefix: check prefix via AS-SET
+# IRRDB filters for AS5_2, AS5: prefixes
+# add $INTCOMM_PREFIX_KO to any; it will be removed later if at least one AS-SET authorizes this object
+match from 2001:db8:1:1::51 set ext-community $INTCOMM_PREFIX_KO
+# verifying if object is authorized by AS-SETs
+match from 2001:db8:1:1::51 prefix-set AS_SET_AS_AS5_FROM_PDB_prefixes set {
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community $INTCOMM_PREFIX_OK
+} # AS_AS5_FROM_PDB
+match from 2001:db8:1:1::51 prefix-set AS_SET_WHITE_LIST_AS5_2_prefixes set {
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community $INTCOMM_PREFIX_OK
+} # WHITE_LIST_AS5_2
+# AS-SET AS5 referenced but empty.
+# adding not_present_in_as_set community to unauthorized routes
+match from 2001:db8:1:1::51 ext-community $INTCOMM_PREFIX_KO set community 999:64513
+match from 2001:db8:1:1::51 ext-community $INTCOMM_PREFIX_KO set large-community 999:0:64513
+# adding present_in_as_set community to authorized routes
+match from 2001:db8:1:1::51 ext-community $INTCOMM_PREFIX_OK set community 999:64512
+match from 2001:db8:1:1::51 ext-community $INTCOMM_PREFIX_OK set large-community 999:0:64512
+
+
+# routes tagged with $INTCOMM_PREF_OK_ROA community have the prefix validated by a ROA; origin ASN previously validated ($INTCOMM_ORIGIN_OK)
+match from 2001:db8:1:1::51 ext-community $INTCOMM_ORIGIN_OK ext-community $INTCOMM_PREF_OK_ROA set community 999:64516
+match from 2001:db8:1:1::51 ext-community $INTCOMM_ORIGIN_OK ext-community $INTCOMM_PREF_OK_ROA set large-community 999:0:64516
+
+match from 2001:db8:1:1::51 ext-community $INTCOMM_ORIGIN_OK ext-community $INTCOMM_PREF_OK_ROA set ext-community delete $INTCOMM_IRR_REJECT
+
+# routes tagged with $INTCOMM_PREF_OK_ARINDB community have the prefix validated by an ARIN Whois record; origin ASN previously validated ($INTCOMM_ORIGIN_OK)
+match from 2001:db8:1:1::51 ext-community $INTCOMM_ORIGIN_OK ext-community $INTCOMM_PREF_OK_ARINDB set community 999:64518
+match from 2001:db8:1:1::51 ext-community $INTCOMM_ORIGIN_OK ext-community $INTCOMM_PREF_OK_ARINDB set large-community 999:0:64518
+
+match from 2001:db8:1:1::51 ext-community $INTCOMM_ORIGIN_OK ext-community $INTCOMM_PREF_OK_ARINDB set ext-community delete $INTCOMM_IRR_REJECT
+
+
+
+# enforcing: prefix
+# Reject inbound routes when 'from 2001:db8:1:1::51 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_PREFIX_KO' - reject code: 12
+allow quick from 2001:db8:1:1::51 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_PREFIX_KO set {
+	localpref 1
+	community 65520:0
+	community 65520:12
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+
+# Prefix: length
+# Reject inbound routes when 'from 2001:db8:1:1::51 prefix ::/0 prefixlen 12 >< 48' - reject code: 13
+allow quick from 2001:db8:1:1::51 prefix ::/0 prefixlen 12 >< 48 set {
+	localpref 1
+	community 65520:0
+	community 65520:13
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+# Remove internal communities before accepting the route
+match from 2001:db8:1:1::51 set {
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+match from 2001:db8:1:1::51 set ext-community delete rt 65520:5
+
+
+
+allow quick from 2001:db8:1:1::51
+
+
+
+# ---------------------------------------------
+# client AS5_2, outbound
+
+deny quick to 2001:db8:1:1::51 community 65520:0
+
+
+
+# Blackhole request?
+# No blackhole filtering policy given
+deny quick to 2001:db8:1:1::51 community BLACKHOLE
+
+
+
+# NO_EXPORT and NO_ADVERTISE communities
+
+# BGP control communities
+allow to 2001:db8:1:1::51
+
+
+# Add the $INTCOMM_PROCESS_PREPEND_COMMS ext community to signal that communities
+# for prepending can be processed. As soon as one prepending action is performed,
+# this internal community is removed, so that further actions are not processed.
+match to 2001:db8:1:1::51 set ext-community $INTCOMM_PROCESS_PREPEND_COMMS
+
+
+
+
+
+# ---------------------------------------------
+# client AS6_1, inbound
+
+
+
+# NEXT_HOP
+match from 192.0.2.61 set community NO_ADVERTISE
+match from 192.0.2.61 nexthop 192.0.2.61 set community delete NO_ADVERTISE
+# Reject inbound routes when 'from 192.0.2.61 community NO_ADVERTISE' - reject code: 5
+allow quick from 192.0.2.61 community NO_ADVERTISE set {
+	localpref 1
+	community 65520:0
+	community 65520:5
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: left-most ASN
+# Reject inbound routes when 'from 192.0.2.61 peer-as != 6' - reject code: 6
+# community from reject_cause_map
+allow quick from 192.0.2.61 peer-as != 6 set {
+	localpref 1
+	community 65520:0
+	community 65520:6
+	large-community 999:1101:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: invalid ASNs
+# Reject inbound routes when 'from 192.0.2.61 AS 23456' - reject code: 7
+allow quick from 192.0.2.61 AS 23456 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 192.0.2.61 AS 64496 - 131071' - reject code: 7
+allow quick from 192.0.2.61 AS 64496 - 131071 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 192.0.2.61 AS 4200000000 - 4294967295' - reject code: 7
+allow quick from 192.0.2.61 AS 4200000000 - 4294967295 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+
+# client's white list
+# Add the $INTCOMM_ROUTE_OK_WL ext community to routes which
+# are validated by a client's white list entry.
+# It will be used later during IRRDB validation in
+# case the route is not authorized by a client's
+# AS-SET.
+match from 192.0.2.61 prefix 2a03:2::/32 prefixlen 32 - 128 source-as 3 set ext-community $INTCOMM_ROUTE_OK_WL	# None
+match from 192.0.2.61 prefix 3.2.0.0/16 prefixlen 16 - 32 source-as 3 set ext-community $INTCOMM_ROUTE_OK_WL	# None
+
+match from 192.0.2.61 set ext-community $INTCOMM_IRR_REJECT
+
+# AS_PATH: check origin via AS-SET
+# IRRDB filters for AS6_1, AS6: asns
+# add $INTCOMM_ORIGIN_KO to any; it will be removed later if at least one AS-SET authorizes this object
+match from 192.0.2.61 set ext-community $INTCOMM_ORIGIN_KO
+# verifying if object is authorized by AS-SETs
+match from 192.0.2.61 source-as as-set AS_SET_AS6_asns set {
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community $INTCOMM_ORIGIN_OK
+} # AS6
+# adding not_present_in_as_set community to unauthorized routes
+match from 192.0.2.61 ext-community $INTCOMM_ORIGIN_KO set community 999:64515
+match from 192.0.2.61 ext-community $INTCOMM_ORIGIN_KO set large-community 999:0:64515
+# adding present_in_as_set community to authorized routes
+match from 192.0.2.61 ext-community $INTCOMM_ORIGIN_OK set community 999:64514
+match from 192.0.2.61 ext-community $INTCOMM_ORIGIN_OK set large-community 999:0:64514
+
+
+# Prefix: check prefix via AS-SET
+# IRRDB filters for AS6_1, AS6: prefixes
+# add $INTCOMM_PREFIX_KO to any; it will be removed later if at least one AS-SET authorizes this object
+match from 192.0.2.61 set ext-community $INTCOMM_PREFIX_KO
+# verifying if object is authorized by AS-SETs
+match from 192.0.2.61 prefix-set AS_SET_AS6_prefixes set {
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community $INTCOMM_PREFIX_OK
+} # AS6
+# adding not_present_in_as_set community to unauthorized routes
+match from 192.0.2.61 ext-community $INTCOMM_PREFIX_KO set community 999:64513
+match from 192.0.2.61 ext-community $INTCOMM_PREFIX_KO set large-community 999:0:64513
+# adding present_in_as_set community to authorized routes
+match from 192.0.2.61 ext-community $INTCOMM_PREFIX_OK set community 999:64512
+match from 192.0.2.61 ext-community $INTCOMM_PREFIX_OK set large-community 999:0:64512
+
+
+# routes tagged with $INTCOMM_PREF_OK_ROA community have the prefix validated by a ROA; origin ASN previously validated ($INTCOMM_ORIGIN_OK)
+match from 192.0.2.61 ext-community $INTCOMM_ORIGIN_OK ext-community $INTCOMM_PREF_OK_ROA set community 999:64516
+match from 192.0.2.61 ext-community $INTCOMM_ORIGIN_OK ext-community $INTCOMM_PREF_OK_ROA set large-community 999:0:64516
+
+match from 192.0.2.61 ext-community $INTCOMM_ORIGIN_OK ext-community $INTCOMM_PREF_OK_ROA set ext-community delete $INTCOMM_IRR_REJECT
+
+# routes tagged with $INTCOMM_PREF_OK_ARINDB community have the prefix validated by an ARIN Whois record; origin ASN previously validated ($INTCOMM_ORIGIN_OK)
+match from 192.0.2.61 ext-community $INTCOMM_ORIGIN_OK ext-community $INTCOMM_PREF_OK_ARINDB set community 999:64518
+match from 192.0.2.61 ext-community $INTCOMM_ORIGIN_OK ext-community $INTCOMM_PREF_OK_ARINDB set large-community 999:0:64518
+
+match from 192.0.2.61 ext-community $INTCOMM_ORIGIN_OK ext-community $INTCOMM_PREF_OK_ARINDB set ext-community delete $INTCOMM_IRR_REJECT
+
+
+# route authorized by a client's white list?
+match from 192.0.2.61 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_ROUTE_OK_WL set community 999:64517
+match from 192.0.2.61 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_ROUTE_OK_WL set large-community 999:0:64517
+
+match from 192.0.2.61 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_ROUTE_OK_WL set ext-community delete $INTCOMM_IRR_REJECT
+
+# enforcing: origin ASN
+# Reject inbound routes when 'from 192.0.2.61 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_ORIGIN_KO' - reject code: 9
+allow quick from 192.0.2.61 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_ORIGIN_KO set {
+	localpref 1
+	community 65520:0
+	community 65520:9
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# enforcing: prefix
+# Reject inbound routes when 'from 192.0.2.61 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_PREFIX_KO' - reject code: 12
+allow quick from 192.0.2.61 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_PREFIX_KO set {
+	localpref 1
+	community 65520:0
+	community 65520:12
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+
+# Prefix: length
+# Reject inbound routes when 'from 192.0.2.61 prefix 0.0.0.0/0 prefixlen 8 >< 24' - reject code: 13
+allow quick from 192.0.2.61 prefix 0.0.0.0/0 prefixlen 8 >< 24 set {
+	localpref 1
+	community 65520:0
+	community 65520:13
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+# Remove internal communities before accepting the route
+match from 192.0.2.61 set {
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+match from 192.0.2.61 set ext-community delete rt 65520:6
+
+
+
+allow quick from 192.0.2.61
+
+
+
+# ---------------------------------------------
+# client AS6_1, outbound
+
+deny quick to 192.0.2.61 community 65520:0
+
+
+
+# Blackhole request?
+# No blackhole filtering policy given
+deny quick to 192.0.2.61 community BLACKHOLE
+
+
+
+# NO_EXPORT and NO_ADVERTISE communities
+
+# BGP control communities
+allow to 192.0.2.61
+
+
+# Add the $INTCOMM_PROCESS_PREPEND_COMMS ext community to signal that communities
+# for prepending can be processed. As soon as one prepending action is performed,
+# this internal community is removed, so that further actions are not processed.
+match to 192.0.2.61 set ext-community $INTCOMM_PROCESS_PREPEND_COMMS
+
+
+
+
+
+# ---------------------------------------------
+# client AS6_2, inbound
+
+
+
+# NEXT_HOP
+match from 2001:db8:1:1::61 set community NO_ADVERTISE
+match from 2001:db8:1:1::61 nexthop 2001:db8:1:1::61 set community delete NO_ADVERTISE
+# Reject inbound routes when 'from 2001:db8:1:1::61 community NO_ADVERTISE' - reject code: 5
+allow quick from 2001:db8:1:1::61 community NO_ADVERTISE set {
+	localpref 1
+	community 65520:0
+	community 65520:5
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: left-most ASN
+# Reject inbound routes when 'from 2001:db8:1:1::61 peer-as != 6' - reject code: 6
+# community from reject_cause_map
+allow quick from 2001:db8:1:1::61 peer-as != 6 set {
+	localpref 1
+	community 65520:0
+	community 65520:6
+	large-community 999:1101:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: invalid ASNs
+# Reject inbound routes when 'from 2001:db8:1:1::61 AS 23456' - reject code: 7
+allow quick from 2001:db8:1:1::61 AS 23456 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 2001:db8:1:1::61 AS 64496 - 131071' - reject code: 7
+allow quick from 2001:db8:1:1::61 AS 64496 - 131071 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 2001:db8:1:1::61 AS 4200000000 - 4294967295' - reject code: 7
+allow quick from 2001:db8:1:1::61 AS 4200000000 - 4294967295 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+
+# client's white list
+# Add the $INTCOMM_ROUTE_OK_WL ext community to routes which
+# are validated by a client's white list entry.
+# It will be used later during IRRDB validation in
+# case the route is not authorized by a client's
+# AS-SET.
+match from 2001:db8:1:1::61 prefix 2a03:2::/32 prefixlen 32 - 128 source-as 3 set ext-community $INTCOMM_ROUTE_OK_WL	# None
+match from 2001:db8:1:1::61 prefix 3.2.0.0/16 prefixlen 16 - 32 source-as 3 set ext-community $INTCOMM_ROUTE_OK_WL	# None
+
+match from 2001:db8:1:1::61 set ext-community $INTCOMM_IRR_REJECT
+
+# AS_PATH: check origin via AS-SET
+# IRRDB filters for AS6_2, AS6: asns
+# add $INTCOMM_ORIGIN_KO to any; it will be removed later if at least one AS-SET authorizes this object
+match from 2001:db8:1:1::61 set ext-community $INTCOMM_ORIGIN_KO
+# verifying if object is authorized by AS-SETs
+match from 2001:db8:1:1::61 source-as as-set AS_SET_AS6_asns set {
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community $INTCOMM_ORIGIN_OK
+} # AS6
+# adding not_present_in_as_set community to unauthorized routes
+match from 2001:db8:1:1::61 ext-community $INTCOMM_ORIGIN_KO set community 999:64515
+match from 2001:db8:1:1::61 ext-community $INTCOMM_ORIGIN_KO set large-community 999:0:64515
+# adding present_in_as_set community to authorized routes
+match from 2001:db8:1:1::61 ext-community $INTCOMM_ORIGIN_OK set community 999:64514
+match from 2001:db8:1:1::61 ext-community $INTCOMM_ORIGIN_OK set large-community 999:0:64514
+
+
+# Prefix: check prefix via AS-SET
+# IRRDB filters for AS6_2, AS6: prefixes
+# add $INTCOMM_PREFIX_KO to any; it will be removed later if at least one AS-SET authorizes this object
+match from 2001:db8:1:1::61 set ext-community $INTCOMM_PREFIX_KO
+# verifying if object is authorized by AS-SETs
+match from 2001:db8:1:1::61 prefix-set AS_SET_AS6_prefixes set {
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community $INTCOMM_PREFIX_OK
+} # AS6
+# adding not_present_in_as_set community to unauthorized routes
+match from 2001:db8:1:1::61 ext-community $INTCOMM_PREFIX_KO set community 999:64513
+match from 2001:db8:1:1::61 ext-community $INTCOMM_PREFIX_KO set large-community 999:0:64513
+# adding present_in_as_set community to authorized routes
+match from 2001:db8:1:1::61 ext-community $INTCOMM_PREFIX_OK set community 999:64512
+match from 2001:db8:1:1::61 ext-community $INTCOMM_PREFIX_OK set large-community 999:0:64512
+
+
+# routes tagged with $INTCOMM_PREF_OK_ROA community have the prefix validated by a ROA; origin ASN previously validated ($INTCOMM_ORIGIN_OK)
+match from 2001:db8:1:1::61 ext-community $INTCOMM_ORIGIN_OK ext-community $INTCOMM_PREF_OK_ROA set community 999:64516
+match from 2001:db8:1:1::61 ext-community $INTCOMM_ORIGIN_OK ext-community $INTCOMM_PREF_OK_ROA set large-community 999:0:64516
+
+match from 2001:db8:1:1::61 ext-community $INTCOMM_ORIGIN_OK ext-community $INTCOMM_PREF_OK_ROA set ext-community delete $INTCOMM_IRR_REJECT
+
+# routes tagged with $INTCOMM_PREF_OK_ARINDB community have the prefix validated by an ARIN Whois record; origin ASN previously validated ($INTCOMM_ORIGIN_OK)
+match from 2001:db8:1:1::61 ext-community $INTCOMM_ORIGIN_OK ext-community $INTCOMM_PREF_OK_ARINDB set community 999:64518
+match from 2001:db8:1:1::61 ext-community $INTCOMM_ORIGIN_OK ext-community $INTCOMM_PREF_OK_ARINDB set large-community 999:0:64518
+
+match from 2001:db8:1:1::61 ext-community $INTCOMM_ORIGIN_OK ext-community $INTCOMM_PREF_OK_ARINDB set ext-community delete $INTCOMM_IRR_REJECT
+
+
+# route authorized by a client's white list?
+match from 2001:db8:1:1::61 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_ROUTE_OK_WL set community 999:64517
+match from 2001:db8:1:1::61 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_ROUTE_OK_WL set large-community 999:0:64517
+
+match from 2001:db8:1:1::61 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_ROUTE_OK_WL set ext-community delete $INTCOMM_IRR_REJECT
+
+# enforcing: origin ASN
+# Reject inbound routes when 'from 2001:db8:1:1::61 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_ORIGIN_KO' - reject code: 9
+allow quick from 2001:db8:1:1::61 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_ORIGIN_KO set {
+	localpref 1
+	community 65520:0
+	community 65520:9
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# enforcing: prefix
+# Reject inbound routes when 'from 2001:db8:1:1::61 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_PREFIX_KO' - reject code: 12
+allow quick from 2001:db8:1:1::61 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_PREFIX_KO set {
+	localpref 1
+	community 65520:0
+	community 65520:12
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+
+# Prefix: length
+# Reject inbound routes when 'from 2001:db8:1:1::61 prefix ::/0 prefixlen 12 >< 48' - reject code: 13
+allow quick from 2001:db8:1:1::61 prefix ::/0 prefixlen 12 >< 48 set {
+	localpref 1
+	community 65520:0
+	community 65520:13
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+# Remove internal communities before accepting the route
+match from 2001:db8:1:1::61 set {
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+match from 2001:db8:1:1::61 set ext-community delete rt 65520:6
+
+
+
+allow quick from 2001:db8:1:1::61
+
+
+
+# ---------------------------------------------
+# client AS6_2, outbound
+
+deny quick to 2001:db8:1:1::61 community 65520:0
+
+
+
+# Blackhole request?
+# No blackhole filtering policy given
+deny quick to 2001:db8:1:1::61 community BLACKHOLE
+
+
+
+# NO_EXPORT and NO_ADVERTISE communities
+
+# BGP control communities
+allow to 2001:db8:1:1::61
+
+
+# Add the $INTCOMM_PROCESS_PREPEND_COMMS ext community to signal that communities
+# for prepending can be processed. As soon as one prepending action is performed,
+# this internal community is removed, so that further actions are not processed.
+match to 2001:db8:1:1::61 set ext-community $INTCOMM_PROCESS_PREPEND_COMMS
+
+
+
+
+
+
+
+# Scrub communities from outbound routes
+# reject_cause
+match to group clients set community delete 65520:*
+
+# reject_cause_map_6
+match to group clients set large-community delete 999:1101:7
+
+# rejected_route_announced_by
+match to group clients set ext-community delete rt 65520:*
+
+
+# Scrub prepending communities
+
+
+# RFC1997 NO_EXPORT/NO_ADVERTISE received from clients and propagated because of pass-through policy
+match to group clients ext-community $INTCOMM_NO_EXPORT set community NO_EXPORT
+match to group clients ext-community $INTCOMM_NO_ADVERTISE set community NO_ADVERTISE
+
+# Remove internal communities before announcing the route
+match to group clients set {
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
diff --git a/tests/live_tests/scenarios/tag_as_set/configs/TagASSetScenario_WithAS_SETs_OpenBGPDIPv6/openbgpd77p.conf b/tests/live_tests/scenarios/tag_as_set/configs/TagASSetScenario_WithAS_SETs_OpenBGPDIPv6/openbgpd77p.conf
new file mode 100644
index 00000000..ecab7e3e
--- /dev/null
+++ b/tests/live_tests/scenarios/tag_as_set/configs/TagASSetScenario_WithAS_SETs_OpenBGPDIPv6/openbgpd77p.conf
@@ -0,0 +1,3741 @@
+# built by ARouteServer
+AS 999
+router-id 192.0.2.2
+
+fib-update no
+log updates
+
+nexthop qualify via default
+
+rde evaluate all
+
+INTCOMM_PREF_OK_ROA="soo 65535:1"
+INTCOMM_ROUTE_OK_WL="soo 65535:2"
+INTCOMM_PREF_OK_ARINDB="soo 65535:3"
+INTCOMM_PREF_OK_REGISTROBRDB="soo 65535:12"
+
+INTCOMM_ORIGIN_OK="soo 65535:4"
+INTCOMM_ORIGIN_KO="soo 65535:5"
+INTCOMM_PREFIX_OK="soo 65535:6"
+INTCOMM_PREFIX_KO="soo 65535:7"
+INTCOMM_IRR_REJECT="soo 65535:8"
+
+INTCOMM_RPKI_UNKNOWN="soo 65535:9"
+INTCOMM_RPKI_INVALID="soo 65535:10"
+INTCOMM_RPKI_VALID="soo 65535:11"
+
+INTCOMM_PROCESS_PREPEND_COMMS="soo 65535:13"
+
+INTCOMM_NO_EXPORT="soo 65535:65281"
+INTCOMM_NO_ADVERTISE="soo 65535:65282"
+
+# ---------------------------------------------------------
+# IRRDB
+
+# WHITE_LIST_AS4_1, used by client AS4_1 white list
+as-set "AS_SET_WHITE_LIST_AS4_1_asns" {
+    41
+}
+prefix-set "AS_SET_WHITE_LIST_AS4_1_prefixes" {
+    4.2.0.0/16 prefixlen 16 - 32
+    2a04:2::/32 prefixlen 32 - 128
+}
+
+# AS4, used by client AS4_1, client AS4_2
+# no origin ASNs found for AS4
+# no prefixes found for AS4
+
+# WHITE_LIST_AS2_2, used by client AS2_2 white list
+as-set "AS_SET_WHITE_LIST_AS2_2_asns" {
+    21
+}
+prefix-set "AS_SET_WHITE_LIST_AS2_2_prefixes" {
+    2.2.0.0/16 prefixlen 16 - 32
+    2a02:2::/32 prefixlen 32 - 128
+}
+
+# AS-AS5_FROM_PDB, used by client AS5_1, client AS5_2
+as-set "AS_SET_AS_AS5_FROM_PDB_asns" {
+    5
+}
+prefix-set "AS_SET_AS_AS5_FROM_PDB_prefixes" {
+    2a05::/32 prefixlen 32 - 128
+}
+
+# AS-AS4, used by client AS4_1, client AS4_2
+as-set "AS_SET_AS_AS4_asns" {
+    4
+}
+prefix-set "AS_SET_AS_AS4_prefixes" {
+    2a04::/32 prefixlen 32 - 128
+}
+
+# AS2, used by client AS2_1, client AS2_2
+# no origin ASNs found for AS2
+# no prefixes found for AS2
+
+# WHITE_LIST_AS5_2, used by client AS5_2 white list
+as-set "AS_SET_WHITE_LIST_AS5_2_asns" {
+    51
+}
+prefix-set "AS_SET_WHITE_LIST_AS5_2_prefixes" {
+    5.2.0.0/16 prefixlen 16 - 32
+    2a05:2::/32 prefixlen 32 - 128
+}
+
+# AS5, used by client AS5_1, client AS5_2
+# no origin ASNs found for AS5
+# no prefixes found for AS5
+
+# AS6, used by client AS6_1, client AS6_2
+as-set "AS_SET_AS6_asns" {
+    3 6
+}
+prefix-set "AS_SET_AS6_prefixes" {
+    2a06::/32 prefixlen 32 - 128
+}
+
+# WHITE_LIST_AS5_1, used by client AS5_1 white list
+as-set "AS_SET_WHITE_LIST_AS5_1_asns" {
+    51
+}
+prefix-set "AS_SET_WHITE_LIST_AS5_1_prefixes" {
+    5.2.0.0/16 prefixlen 16 - 32
+    2a05:2::/32 prefixlen 32 - 128
+}
+
+# WHITE_LIST_AS2_1, used by client AS2_1 white list
+as-set "AS_SET_WHITE_LIST_AS2_1_asns" {
+    21
+}
+prefix-set "AS_SET_WHITE_LIST_AS2_1_prefixes" {
+    2.2.0.0/16 prefixlen 16 - 32
+    2a02:2::/32 prefixlen 32 - 128
+}
+
+# AS1, used by client AS1_1, client AS1_2
+as-set "AS_SET_AS1_asns" {
+    1
+}
+prefix-set "AS_SET_AS1_prefixes" {
+    2a01::/32 prefixlen 32 - 128
+}
+
+# WHITE_LIST_AS4_2, used by client AS4_2 white list
+as-set "AS_SET_WHITE_LIST_AS4_2_asns" {
+    41
+}
+prefix-set "AS_SET_WHITE_LIST_AS4_2_prefixes" {
+    4.2.0.0/16 prefixlen 16 - 32
+    2a04:2::/32 prefixlen 32 - 128
+}
+
+# AS-AS2, used by client AS2_1, client AS2_2
+as-set "AS_SET_AS_AS2_asns" {
+    2
+}
+prefix-set "AS_SET_AS_AS2_prefixes" {
+    2a02::/32 prefixlen 32 - 128
+}
+
+
+
+
+# ---------------------------------------------------------
+# MEMBERS
+
+group "clients" {
+
+	neighbor 192.0.2.11 {
+		remote-as 1
+
+		rde evaluate all
+
+		descr "AS1_1 client, no AS-SET"
+		passive
+		ttl-security no
+		transparent-as yes
+		enforce neighbor-as no
+
+		announce as-4byte yes
+		announce IPv6 none
+		announce IPv4 unicast
+
+		set nexthop no-modify
+	}
+
+	neighbor 2001:db8:1:1::11 {
+		remote-as 1
+
+		rde evaluate all
+
+		descr "AS1_1 client, no AS-SET"
+		passive
+		ttl-security no
+		transparent-as yes
+		enforce neighbor-as no
+
+		announce as-4byte yes
+		announce IPv6 unicast
+		announce IPv4 none
+
+		set nexthop no-modify
+	}
+
+	neighbor 192.0.2.21 {
+		remote-as 2
+
+		rde evaluate all
+
+		descr "AS2_1 client, AS-SET from AS..."
+		passive
+		ttl-security no
+		transparent-as yes
+		enforce neighbor-as no
+
+		announce as-4byte yes
+		announce IPv6 none
+		announce IPv4 unicast
+
+		set nexthop no-modify
+	}
+
+	neighbor 2001:db8:1:1::21 {
+		remote-as 2
+
+		rde evaluate all
+
+		descr "AS2_1 client, AS-SET from AS..."
+		passive
+		ttl-security no
+		transparent-as yes
+		enforce neighbor-as no
+
+		announce as-4byte yes
+		announce IPv6 unicast
+		announce IPv4 none
+
+		set nexthop no-modify
+	}
+
+	neighbor 192.0.2.41 {
+		remote-as 4
+
+		rde evaluate all
+
+		descr "AS4_1 client, AS-SET configu..."
+		passive
+		ttl-security no
+		transparent-as yes
+		enforce neighbor-as no
+
+		announce as-4byte yes
+		announce IPv6 none
+		announce IPv4 unicast
+
+		set nexthop no-modify
+	}
+
+	neighbor 2001:db8:1:1::41 {
+		remote-as 4
+
+		rde evaluate all
+
+		descr "AS4_1 client, AS-SET configu..."
+		passive
+		ttl-security no
+		transparent-as yes
+		enforce neighbor-as no
+
+		announce as-4byte yes
+		announce IPv6 unicast
+		announce IPv4 none
+
+		set nexthop no-modify
+	}
+
+	neighbor 192.0.2.51 {
+		remote-as 5
+
+		rde evaluate all
+
+		descr "AS5_1 client, AS-SET from Pe..."
+		passive
+		ttl-security no
+		transparent-as yes
+		enforce neighbor-as no
+
+		announce as-4byte yes
+		announce IPv6 none
+		announce IPv4 unicast
+
+		set nexthop no-modify
+	}
+
+	neighbor 2001:db8:1:1::51 {
+		remote-as 5
+
+		rde evaluate all
+
+		descr "AS5_1 client, AS-SET from Pe..."
+		passive
+		ttl-security no
+		transparent-as yes
+		enforce neighbor-as no
+
+		announce as-4byte yes
+		announce IPv6 unicast
+		announce IPv4 none
+
+		set nexthop no-modify
+	}
+
+	neighbor 192.0.2.61 {
+		remote-as 6
+
+		rde evaluate all
+
+		descr "AS6_1 client"
+		passive
+		ttl-security no
+		transparent-as yes
+		enforce neighbor-as no
+
+		announce as-4byte yes
+		announce IPv6 none
+		announce IPv4 unicast
+
+		set nexthop no-modify
+	}
+
+	neighbor 2001:db8:1:1::61 {
+		remote-as 6
+
+		rde evaluate all
+
+		descr "AS6_1 client"
+		passive
+		ttl-security no
+		transparent-as yes
+		enforce neighbor-as no
+
+		announce as-4byte yes
+		announce IPv6 unicast
+		announce IPv4 none
+
+		set nexthop no-modify
+	}
+}
+
+
+
+# ---------------------------------------------------------
+# FILTERS
+
+# NO_ADVERTISE usage notes.
+# The NO_ADVERTISE well-know community is used here to handle
+# filters that span over multiple steps. At first it is added
+# to any route, then it is removed as filters conditions are
+# satisfied. Finally, if it is still present, it means that
+# the route should be discarded.
+
+
+
+
+
+prefix-set "bogons" {
+    0.0.0.0/0
+    0.0.0.0/8 prefixlen 8 - 32
+    10.0.0.0/8 prefixlen 8 - 32
+    127.0.0.0/8 prefixlen 8 - 32
+    169.254.0.0/16 prefixlen 16 - 32
+    172.16.0.0/12 prefixlen 12 - 32
+    192.0.2.0/24 prefixlen 24 - 32
+    192.88.99.0/24 prefixlen 24 - 32
+    192.168.0.0/16 prefixlen 16 - 32
+    198.18.0.0/15 prefixlen 15 - 32
+    198.51.100.0/24 prefixlen 24 - 32
+    203.0.113.0/24 prefixlen 24 - 32
+    224.0.0.0/3 prefixlen 3 - 32
+    100.64.0.0/10 prefixlen 10 - 32
+    ::/0
+    ::/8 prefixlen 8 - 128
+    64:ff9b::/96 prefixlen 96 - 128
+    100::/8 prefixlen 8 - 128
+    200::/7 prefixlen 7 - 128
+    400::/6 prefixlen 6 - 128
+    800::/5 prefixlen 5 - 128
+    1000::/4 prefixlen 4 - 128
+    2001::/33 prefixlen 33 - 128
+    2001:0:8000::/33 prefixlen 33 - 128
+    2001:2::/48 prefixlen 48 - 128
+    2001:3::/32 prefixlen 32 - 128
+    2001:10::/28 prefixlen 28 - 128
+    2001:20::/28 prefixlen 28 - 128
+    2001:db8::/32 prefixlen 32 - 128
+    2002::/16 prefixlen 16 - 128
+    3ffe::/16 prefixlen 16 - 128
+    4000::/3 prefixlen 3 - 128
+    5f00::/8 prefixlen 8 - 128
+    6000::/3 prefixlen 3 - 128
+    8000::/3 prefixlen 3 - 128
+    a000::/3 prefixlen 3 - 128
+    c000::/3 prefixlen 3 - 128
+    e000::/4 prefixlen 4 - 128
+    f000::/5 prefixlen 5 - 128
+    f800::/6 prefixlen 6 - 128
+    fc00::/7 prefixlen 7 - 128
+    fe80::/10 prefixlen 10 - 128
+    fec0::/10 prefixlen 10 - 128
+    ff00::/8 prefixlen 8 - 128
+
+}
+
+
+# =====================================================================================
+# Global rules.
+
+# This part of configuration is processed at the beginning of the filters.
+# The rules defined in this part are applied to all the clients, and not on a
+# client-by-client basis (see the 'match from group clients'), so only global policies
+# can be implemented here, that is no client-level configuration are allowed.
+
+
+
+# Scrub communities from inbound routes
+# origin_not_present_in_as_set
+match from group clients set community delete 999:64515
+match from group clients set large-community delete 999:0:64515
+
+# origin_present_in_as_set
+match from group clients set community delete 999:64514
+match from group clients set large-community delete 999:0:64514
+
+# prefix_not_present_in_as_set
+match from group clients set community delete 999:64513
+match from group clients set large-community delete 999:0:64513
+
+# prefix_present_in_as_set
+match from group clients set community delete 999:64512
+match from group clients set large-community delete 999:0:64512
+
+# prefix_validated_via_arin_whois_db_dump
+match from group clients set community delete 999:64518
+match from group clients set large-community delete 999:0:64518
+
+# prefix_validated_via_rpki_roas
+match from group clients set community delete 999:64516
+match from group clients set large-community delete 999:0:64516
+
+# reject_cause
+match from group clients set community delete 65520:*
+
+# reject_cause_map_6
+match from group clients set large-community delete 999:1101:7
+
+# rejected_route_announced_by
+match from group clients set ext-community delete rt 65520:*
+
+# route_validated_via_white_list
+match from group clients set community delete 999:64517
+match from group clients set large-community delete 999:0:64517
+
+
+# Scrub internal communities from inbound routes
+match from group clients set {
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+# The main goal of this block is to enrich routes received from clients by attaching to them
+# internal informational communities which are used later by the rest of the filter rules.
+
+# Internal communities used for RFC1997 well-known communities handling
+
+# Transform NO_EXPORT into $INTCOMM_NO_EXPORT
+match from group clients community NO_EXPORT set { ext-community $INTCOMM_NO_EXPORT community delete NO_EXPORT }
+
+# Transform NO_ADVERTISE into $INTCOMM_NO_ADVERTISE
+match from group clients community NO_ADVERTISE set { ext-community $INTCOMM_NO_ADVERTISE community delete NO_ADVERTISE }
+
+
+# ---------------------------------------------------------
+# ROAs source
+
+
+roa-set {
+    2.4.0.0/16 source-as 2
+    2.5.0.0/16 source-as 2
+    2.7.0.0/16 source-as 2
+    3.1.0.0/16 source-as 3
+    3.3.0.0/16 source-as 3
+    2.0.4.0/24 source-as 2
+    6.0.1.0/24 source-as 6
+    2a02:4::/32 source-as 2
+    2a02:5::/32 source-as 2
+    2a02:7::/32 source-as 2
+    2a03:1::/32 source-as 3
+    2a03:3::/32 source-as 3
+    2a02:0:4::/48 source-as 2
+    2a06:0:1::/48 source-as 6
+
+}
+
+
+
+
+# ---------------------------------------------------------
+# RPKI ROAs used as route objects.
+
+# Add the $INTCOMM_PREF_OK_ROA ext community to routes whose
+# origin ASN has a ROA for the announced prefix.
+# It will be used later during IRRDB validation in
+# case the origin ASN is authorized by a client's
+# AS-SET but the prefix is not.
+
+origin-set "RPKI_ROA" {
+    2.4.0.0/16 source-as 2
+    2.5.0.0/16 source-as 2
+    2.7.0.0/16 source-as 2
+    3.1.0.0/16 source-as 3
+    3.3.0.0/16 source-as 3
+    2.0.4.0/24 source-as 2
+    6.0.1.0/24 source-as 6
+    2a02:4::/32 source-as 2
+    2a02:5::/32 source-as 2
+    2a02:7::/32 source-as 2
+    2a03:1::/32 source-as 3
+    2a03:3::/32 source-as 3
+    2a02:0:4::/48 source-as 2
+    2a06:0:1::/48 source-as 6
+
+}
+match from group clients origin-set RPKI_ROA set ext-community $INTCOMM_PREF_OK_ROA
+
+
+# ARIN Whois records used for preifx validation
+# ---------------------------------------------
+
+# Add the $INTCOMM_PREF_OK_ARINDB ext community to routes whose
+# origin ASN has an ARIN Whois record for the announced prefix.
+# It will be used later during IRRDB validation in
+# case the origin ASN is authorized by a client's
+# AS-SET but the prefix is not.
+origin-set "ARINDB" {
+2.0.5.0/24 prefixlen 24 - 32 source-as 2
+2.6.0.0/16 prefixlen 16 - 32 source-as 2
+2.7.0.0/16 prefixlen 16 - 32 source-as 2
+2a02:0:5::/48 prefixlen 48 - 128 source-as 2
+2a02:6::/32 prefixlen 32 - 128 source-as 2
+2a02:7::/32 prefixlen 32 - 128 source-as 2
+2a03:2::/32 prefixlen 32 - 128 source-as 3
+2a03:3::/32 prefixlen 32 - 128 source-as 3
+3.2.0.0/16 prefixlen 16 - 32 source-as 3
+3.3.0.0/16 prefixlen 16 - 32 source-as 3
+2a06:0:1::/48 prefixlen 48 - 128 source-as 6
+6.0.1.0/24 prefixlen 24 - 32 source-as 6
+}
+match from group clients origin-set ARINDB set ext-community $INTCOMM_PREF_OK_ARINDB
+
+
+
+
+# Set the 'rejected_route_announced_by' community for all the clients.
+# It will be removed later if the route is not invalid
+match from 192.0.2.11 set ext-community rt 65520:1
+
+match from 2001:db8:1:1::11 set ext-community rt 65520:1
+
+match from 192.0.2.21 set ext-community rt 65520:2
+
+match from 2001:db8:1:1::21 set ext-community rt 65520:2
+
+match from 192.0.2.41 set ext-community rt 65520:4
+
+match from 2001:db8:1:1::41 set ext-community rt 65520:4
+
+match from 192.0.2.51 set ext-community rt 65520:5
+
+match from 2001:db8:1:1::51 set ext-community rt 65520:5
+
+match from 192.0.2.61 set ext-community rt 65520:6
+
+match from 2001:db8:1:1::61 set ext-community rt 65520:6
+
+
+
+
+# AS_PATH: length
+# Reject inbound routes when 'from group clients max-as-len 32' - reject code: 1
+allow quick from group clients max-as-len 32 set {
+	localpref 1
+	community 65520:0
+	community 65520:1
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+# Prefix: only IPv6 Global Unicast space allowed
+match from group clients inet6 set community NO_ADVERTISE
+match from group clients prefix 2000::/3 or-longer set community delete NO_ADVERTISE
+# Reject inbound routes when 'from group clients community NO_ADVERTISE' - reject code: 10
+allow quick from group clients community NO_ADVERTISE set {
+	localpref 1
+	community 65520:0
+	community 65520:10
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# Prefix: bogon
+# Reject inbound routes when 'from group clients prefix-set bogons' - reject code: 2
+allow quick from group clients prefix-set bogons set {
+	localpref 1
+	community 65520:0
+	community 65520:2
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+
+# =====================================================================================
+# Per client rules.
+
+
+# ---------------------------------------------
+# client AS1_1, inbound
+
+
+
+# NEXT_HOP
+match from 192.0.2.11 set community NO_ADVERTISE
+match from 192.0.2.11 nexthop 192.0.2.11 set community delete NO_ADVERTISE
+# Reject inbound routes when 'from 192.0.2.11 community NO_ADVERTISE' - reject code: 5
+allow quick from 192.0.2.11 community NO_ADVERTISE set {
+	localpref 1
+	community 65520:0
+	community 65520:5
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: left-most ASN
+# Reject inbound routes when 'from 192.0.2.11 peer-as != 1' - reject code: 6
+# community from reject_cause_map
+allow quick from 192.0.2.11 peer-as != 1 set {
+	localpref 1
+	community 65520:0
+	community 65520:6
+	large-community 999:1101:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: invalid ASNs
+# Reject inbound routes when 'from 192.0.2.11 AS 23456' - reject code: 7
+allow quick from 192.0.2.11 AS 23456 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 192.0.2.11 AS 64496 - 131071' - reject code: 7
+allow quick from 192.0.2.11 AS 64496 - 131071 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 192.0.2.11 AS 4200000000 - 4294967295' - reject code: 7
+allow quick from 192.0.2.11 AS 4200000000 - 4294967295 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+
+
+match from 192.0.2.11 set ext-community $INTCOMM_IRR_REJECT
+
+# AS_PATH: check origin via AS-SET
+# IRRDB filters for AS1_1, AS1: asns
+# add $INTCOMM_ORIGIN_KO to any; it will be removed later if at least one AS-SET authorizes this object
+match from 192.0.2.11 set ext-community $INTCOMM_ORIGIN_KO
+# verifying if object is authorized by AS-SETs
+match from 192.0.2.11 source-as as-set AS_SET_AS1_asns set {
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community $INTCOMM_ORIGIN_OK
+} # AS1
+# adding not_present_in_as_set community to unauthorized routes
+match from 192.0.2.11 ext-community $INTCOMM_ORIGIN_KO set community 999:64515
+match from 192.0.2.11 ext-community $INTCOMM_ORIGIN_KO set large-community 999:0:64515
+# adding present_in_as_set community to authorized routes
+match from 192.0.2.11 ext-community $INTCOMM_ORIGIN_OK set community 999:64514
+match from 192.0.2.11 ext-community $INTCOMM_ORIGIN_OK set large-community 999:0:64514
+
+
+# Prefix: check prefix via AS-SET
+# IRRDB filters for AS1_1, AS1: prefixes
+# add $INTCOMM_PREFIX_KO to any; it will be removed later if at least one AS-SET authorizes this object
+match from 192.0.2.11 set ext-community $INTCOMM_PREFIX_KO
+# verifying if object is authorized by AS-SETs
+match from 192.0.2.11 prefix-set AS_SET_AS1_prefixes set {
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community $INTCOMM_PREFIX_OK
+} # AS1
+# adding not_present_in_as_set community to unauthorized routes
+match from 192.0.2.11 ext-community $INTCOMM_PREFIX_KO set community 999:64513
+match from 192.0.2.11 ext-community $INTCOMM_PREFIX_KO set large-community 999:0:64513
+# adding present_in_as_set community to authorized routes
+match from 192.0.2.11 ext-community $INTCOMM_PREFIX_OK set community 999:64512
+match from 192.0.2.11 ext-community $INTCOMM_PREFIX_OK set large-community 999:0:64512
+
+
+# routes tagged with $INTCOMM_PREF_OK_ROA community have the prefix validated by a ROA; origin ASN previously validated ($INTCOMM_ORIGIN_OK)
+match from 192.0.2.11 ext-community $INTCOMM_ORIGIN_OK ext-community $INTCOMM_PREF_OK_ROA set community 999:64516
+match from 192.0.2.11 ext-community $INTCOMM_ORIGIN_OK ext-community $INTCOMM_PREF_OK_ROA set large-community 999:0:64516
+
+match from 192.0.2.11 ext-community $INTCOMM_ORIGIN_OK ext-community $INTCOMM_PREF_OK_ROA set ext-community delete $INTCOMM_IRR_REJECT
+
+# routes tagged with $INTCOMM_PREF_OK_ARINDB community have the prefix validated by an ARIN Whois record; origin ASN previously validated ($INTCOMM_ORIGIN_OK)
+match from 192.0.2.11 ext-community $INTCOMM_ORIGIN_OK ext-community $INTCOMM_PREF_OK_ARINDB set community 999:64518
+match from 192.0.2.11 ext-community $INTCOMM_ORIGIN_OK ext-community $INTCOMM_PREF_OK_ARINDB set large-community 999:0:64518
+
+match from 192.0.2.11 ext-community $INTCOMM_ORIGIN_OK ext-community $INTCOMM_PREF_OK_ARINDB set ext-community delete $INTCOMM_IRR_REJECT
+
+
+
+
+
+
+# Prefix: length
+# Reject inbound routes when 'from 192.0.2.11 prefix 0.0.0.0/0 prefixlen 8 >< 24' - reject code: 13
+allow quick from 192.0.2.11 prefix 0.0.0.0/0 prefixlen 8 >< 24 set {
+	localpref 1
+	community 65520:0
+	community 65520:13
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+# Remove internal communities before accepting the route
+match from 192.0.2.11 set {
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+match from 192.0.2.11 set ext-community delete rt 65520:1
+
+
+
+allow quick from 192.0.2.11
+
+
+
+# ---------------------------------------------
+# client AS1_1, outbound
+
+deny quick to 192.0.2.11 community 65520:0
+
+
+
+# Blackhole request?
+# No blackhole filtering policy given
+deny quick to 192.0.2.11 community BLACKHOLE
+
+
+
+# NO_EXPORT and NO_ADVERTISE communities
+
+# BGP control communities
+allow to 192.0.2.11
+
+
+# Add the $INTCOMM_PROCESS_PREPEND_COMMS ext community to signal that communities
+# for prepending can be processed. As soon as one prepending action is performed,
+# this internal community is removed, so that further actions are not processed.
+match to 192.0.2.11 set ext-community $INTCOMM_PROCESS_PREPEND_COMMS
+
+
+
+
+
+# ---------------------------------------------
+# client AS1_2, inbound
+
+
+
+# NEXT_HOP
+match from 2001:db8:1:1::11 set community NO_ADVERTISE
+match from 2001:db8:1:1::11 nexthop 2001:db8:1:1::11 set community delete NO_ADVERTISE
+# Reject inbound routes when 'from 2001:db8:1:1::11 community NO_ADVERTISE' - reject code: 5
+allow quick from 2001:db8:1:1::11 community NO_ADVERTISE set {
+	localpref 1
+	community 65520:0
+	community 65520:5
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: left-most ASN
+# Reject inbound routes when 'from 2001:db8:1:1::11 peer-as != 1' - reject code: 6
+# community from reject_cause_map
+allow quick from 2001:db8:1:1::11 peer-as != 1 set {
+	localpref 1
+	community 65520:0
+	community 65520:6
+	large-community 999:1101:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: invalid ASNs
+# Reject inbound routes when 'from 2001:db8:1:1::11 AS 23456' - reject code: 7
+allow quick from 2001:db8:1:1::11 AS 23456 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 2001:db8:1:1::11 AS 64496 - 131071' - reject code: 7
+allow quick from 2001:db8:1:1::11 AS 64496 - 131071 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 2001:db8:1:1::11 AS 4200000000 - 4294967295' - reject code: 7
+allow quick from 2001:db8:1:1::11 AS 4200000000 - 4294967295 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+
+
+match from 2001:db8:1:1::11 set ext-community $INTCOMM_IRR_REJECT
+
+# AS_PATH: check origin via AS-SET
+# IRRDB filters for AS1_2, AS1: asns
+# add $INTCOMM_ORIGIN_KO to any; it will be removed later if at least one AS-SET authorizes this object
+match from 2001:db8:1:1::11 set ext-community $INTCOMM_ORIGIN_KO
+# verifying if object is authorized by AS-SETs
+match from 2001:db8:1:1::11 source-as as-set AS_SET_AS1_asns set {
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community $INTCOMM_ORIGIN_OK
+} # AS1
+# adding not_present_in_as_set community to unauthorized routes
+match from 2001:db8:1:1::11 ext-community $INTCOMM_ORIGIN_KO set community 999:64515
+match from 2001:db8:1:1::11 ext-community $INTCOMM_ORIGIN_KO set large-community 999:0:64515
+# adding present_in_as_set community to authorized routes
+match from 2001:db8:1:1::11 ext-community $INTCOMM_ORIGIN_OK set community 999:64514
+match from 2001:db8:1:1::11 ext-community $INTCOMM_ORIGIN_OK set large-community 999:0:64514
+
+
+# Prefix: check prefix via AS-SET
+# IRRDB filters for AS1_2, AS1: prefixes
+# add $INTCOMM_PREFIX_KO to any; it will be removed later if at least one AS-SET authorizes this object
+match from 2001:db8:1:1::11 set ext-community $INTCOMM_PREFIX_KO
+# verifying if object is authorized by AS-SETs
+match from 2001:db8:1:1::11 prefix-set AS_SET_AS1_prefixes set {
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community $INTCOMM_PREFIX_OK
+} # AS1
+# adding not_present_in_as_set community to unauthorized routes
+match from 2001:db8:1:1::11 ext-community $INTCOMM_PREFIX_KO set community 999:64513
+match from 2001:db8:1:1::11 ext-community $INTCOMM_PREFIX_KO set large-community 999:0:64513
+# adding present_in_as_set community to authorized routes
+match from 2001:db8:1:1::11 ext-community $INTCOMM_PREFIX_OK set community 999:64512
+match from 2001:db8:1:1::11 ext-community $INTCOMM_PREFIX_OK set large-community 999:0:64512
+
+
+# routes tagged with $INTCOMM_PREF_OK_ROA community have the prefix validated by a ROA; origin ASN previously validated ($INTCOMM_ORIGIN_OK)
+match from 2001:db8:1:1::11 ext-community $INTCOMM_ORIGIN_OK ext-community $INTCOMM_PREF_OK_ROA set community 999:64516
+match from 2001:db8:1:1::11 ext-community $INTCOMM_ORIGIN_OK ext-community $INTCOMM_PREF_OK_ROA set large-community 999:0:64516
+
+match from 2001:db8:1:1::11 ext-community $INTCOMM_ORIGIN_OK ext-community $INTCOMM_PREF_OK_ROA set ext-community delete $INTCOMM_IRR_REJECT
+
+# routes tagged with $INTCOMM_PREF_OK_ARINDB community have the prefix validated by an ARIN Whois record; origin ASN previously validated ($INTCOMM_ORIGIN_OK)
+match from 2001:db8:1:1::11 ext-community $INTCOMM_ORIGIN_OK ext-community $INTCOMM_PREF_OK_ARINDB set community 999:64518
+match from 2001:db8:1:1::11 ext-community $INTCOMM_ORIGIN_OK ext-community $INTCOMM_PREF_OK_ARINDB set large-community 999:0:64518
+
+match from 2001:db8:1:1::11 ext-community $INTCOMM_ORIGIN_OK ext-community $INTCOMM_PREF_OK_ARINDB set ext-community delete $INTCOMM_IRR_REJECT
+
+
+
+
+
+
+# Prefix: length
+# Reject inbound routes when 'from 2001:db8:1:1::11 prefix ::/0 prefixlen 12 >< 48' - reject code: 13
+allow quick from 2001:db8:1:1::11 prefix ::/0 prefixlen 12 >< 48 set {
+	localpref 1
+	community 65520:0
+	community 65520:13
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+# Remove internal communities before accepting the route
+match from 2001:db8:1:1::11 set {
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+match from 2001:db8:1:1::11 set ext-community delete rt 65520:1
+
+
+
+allow quick from 2001:db8:1:1::11
+
+
+
+# ---------------------------------------------
+# client AS1_2, outbound
+
+deny quick to 2001:db8:1:1::11 community 65520:0
+
+
+
+# Blackhole request?
+# No blackhole filtering policy given
+deny quick to 2001:db8:1:1::11 community BLACKHOLE
+
+
+
+# NO_EXPORT and NO_ADVERTISE communities
+
+# BGP control communities
+allow to 2001:db8:1:1::11
+
+
+# Add the $INTCOMM_PROCESS_PREPEND_COMMS ext community to signal that communities
+# for prepending can be processed. As soon as one prepending action is performed,
+# this internal community is removed, so that further actions are not processed.
+match to 2001:db8:1:1::11 set ext-community $INTCOMM_PROCESS_PREPEND_COMMS
+
+
+
+
+
+# ---------------------------------------------
+# client AS2_1, inbound
+
+
+
+# NEXT_HOP
+match from 192.0.2.21 set community NO_ADVERTISE
+match from 192.0.2.21 nexthop 192.0.2.21 set community delete NO_ADVERTISE
+# Reject inbound routes when 'from 192.0.2.21 community NO_ADVERTISE' - reject code: 5
+allow quick from 192.0.2.21 community NO_ADVERTISE set {
+	localpref 1
+	community 65520:0
+	community 65520:5
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: left-most ASN
+# Reject inbound routes when 'from 192.0.2.21 peer-as != 2' - reject code: 6
+# community from reject_cause_map
+allow quick from 192.0.2.21 peer-as != 2 set {
+	localpref 1
+	community 65520:0
+	community 65520:6
+	large-community 999:1101:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: invalid ASNs
+# Reject inbound routes when 'from 192.0.2.21 AS 23456' - reject code: 7
+allow quick from 192.0.2.21 AS 23456 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 192.0.2.21 AS 64496 - 131071' - reject code: 7
+allow quick from 192.0.2.21 AS 64496 - 131071 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 192.0.2.21 AS 4200000000 - 4294967295' - reject code: 7
+allow quick from 192.0.2.21 AS 4200000000 - 4294967295 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+
+
+match from 192.0.2.21 set ext-community $INTCOMM_IRR_REJECT
+
+# AS_PATH: check origin via AS-SET
+# IRRDB filters for AS2_1, AS2: asns
+# add $INTCOMM_ORIGIN_KO to any; it will be removed later if at least one AS-SET authorizes this object
+match from 192.0.2.21 set ext-community $INTCOMM_ORIGIN_KO
+# verifying if object is authorized by AS-SETs
+# AS-SET AS2 referenced but empty.
+match from 192.0.2.21 source-as as-set AS_SET_WHITE_LIST_AS2_1_asns set {
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community $INTCOMM_ORIGIN_OK
+} # WHITE_LIST_AS2_1
+match from 192.0.2.21 source-as as-set AS_SET_AS_AS2_asns set {
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community $INTCOMM_ORIGIN_OK
+} # AS_AS2
+# adding not_present_in_as_set community to unauthorized routes
+match from 192.0.2.21 ext-community $INTCOMM_ORIGIN_KO set community 999:64515
+match from 192.0.2.21 ext-community $INTCOMM_ORIGIN_KO set large-community 999:0:64515
+# adding present_in_as_set community to authorized routes
+match from 192.0.2.21 ext-community $INTCOMM_ORIGIN_OK set community 999:64514
+match from 192.0.2.21 ext-community $INTCOMM_ORIGIN_OK set large-community 999:0:64514
+
+
+# Prefix: check prefix via AS-SET
+# IRRDB filters for AS2_1, AS2: prefixes
+# add $INTCOMM_PREFIX_KO to any; it will be removed later if at least one AS-SET authorizes this object
+match from 192.0.2.21 set ext-community $INTCOMM_PREFIX_KO
+# verifying if object is authorized by AS-SETs
+# AS-SET AS2 referenced but empty.
+match from 192.0.2.21 prefix-set AS_SET_WHITE_LIST_AS2_1_prefixes set {
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community $INTCOMM_PREFIX_OK
+} # WHITE_LIST_AS2_1
+match from 192.0.2.21 prefix-set AS_SET_AS_AS2_prefixes set {
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community $INTCOMM_PREFIX_OK
+} # AS_AS2
+# adding not_present_in_as_set community to unauthorized routes
+match from 192.0.2.21 ext-community $INTCOMM_PREFIX_KO set community 999:64513
+match from 192.0.2.21 ext-community $INTCOMM_PREFIX_KO set large-community 999:0:64513
+# adding present_in_as_set community to authorized routes
+match from 192.0.2.21 ext-community $INTCOMM_PREFIX_OK set community 999:64512
+match from 192.0.2.21 ext-community $INTCOMM_PREFIX_OK set large-community 999:0:64512
+
+
+# routes tagged with $INTCOMM_PREF_OK_ROA community have the prefix validated by a ROA; origin ASN previously validated ($INTCOMM_ORIGIN_OK)
+match from 192.0.2.21 ext-community $INTCOMM_ORIGIN_OK ext-community $INTCOMM_PREF_OK_ROA set community 999:64516
+match from 192.0.2.21 ext-community $INTCOMM_ORIGIN_OK ext-community $INTCOMM_PREF_OK_ROA set large-community 999:0:64516
+
+match from 192.0.2.21 ext-community $INTCOMM_ORIGIN_OK ext-community $INTCOMM_PREF_OK_ROA set ext-community delete $INTCOMM_IRR_REJECT
+
+# routes tagged with $INTCOMM_PREF_OK_ARINDB community have the prefix validated by an ARIN Whois record; origin ASN previously validated ($INTCOMM_ORIGIN_OK)
+match from 192.0.2.21 ext-community $INTCOMM_ORIGIN_OK ext-community $INTCOMM_PREF_OK_ARINDB set community 999:64518
+match from 192.0.2.21 ext-community $INTCOMM_ORIGIN_OK ext-community $INTCOMM_PREF_OK_ARINDB set large-community 999:0:64518
+
+match from 192.0.2.21 ext-community $INTCOMM_ORIGIN_OK ext-community $INTCOMM_PREF_OK_ARINDB set ext-community delete $INTCOMM_IRR_REJECT
+
+
+
+
+
+
+# Prefix: length
+# Reject inbound routes when 'from 192.0.2.21 prefix 0.0.0.0/0 prefixlen 8 >< 24' - reject code: 13
+allow quick from 192.0.2.21 prefix 0.0.0.0/0 prefixlen 8 >< 24 set {
+	localpref 1
+	community 65520:0
+	community 65520:13
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+# Remove internal communities before accepting the route
+match from 192.0.2.21 set {
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+match from 192.0.2.21 set ext-community delete rt 65520:2
+
+
+
+allow quick from 192.0.2.21
+
+
+
+# ---------------------------------------------
+# client AS2_1, outbound
+
+deny quick to 192.0.2.21 community 65520:0
+
+
+
+# Blackhole request?
+# No blackhole filtering policy given
+deny quick to 192.0.2.21 community BLACKHOLE
+
+
+
+# NO_EXPORT and NO_ADVERTISE communities
+
+# BGP control communities
+allow to 192.0.2.21
+
+
+# Add the $INTCOMM_PROCESS_PREPEND_COMMS ext community to signal that communities
+# for prepending can be processed. As soon as one prepending action is performed,
+# this internal community is removed, so that further actions are not processed.
+match to 192.0.2.21 set ext-community $INTCOMM_PROCESS_PREPEND_COMMS
+
+
+
+
+
+# ---------------------------------------------
+# client AS2_2, inbound
+
+
+
+# NEXT_HOP
+match from 2001:db8:1:1::21 set community NO_ADVERTISE
+match from 2001:db8:1:1::21 nexthop 2001:db8:1:1::21 set community delete NO_ADVERTISE
+# Reject inbound routes when 'from 2001:db8:1:1::21 community NO_ADVERTISE' - reject code: 5
+allow quick from 2001:db8:1:1::21 community NO_ADVERTISE set {
+	localpref 1
+	community 65520:0
+	community 65520:5
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: left-most ASN
+# Reject inbound routes when 'from 2001:db8:1:1::21 peer-as != 2' - reject code: 6
+# community from reject_cause_map
+allow quick from 2001:db8:1:1::21 peer-as != 2 set {
+	localpref 1
+	community 65520:0
+	community 65520:6
+	large-community 999:1101:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: invalid ASNs
+# Reject inbound routes when 'from 2001:db8:1:1::21 AS 23456' - reject code: 7
+allow quick from 2001:db8:1:1::21 AS 23456 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 2001:db8:1:1::21 AS 64496 - 131071' - reject code: 7
+allow quick from 2001:db8:1:1::21 AS 64496 - 131071 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 2001:db8:1:1::21 AS 4200000000 - 4294967295' - reject code: 7
+allow quick from 2001:db8:1:1::21 AS 4200000000 - 4294967295 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+
+
+match from 2001:db8:1:1::21 set ext-community $INTCOMM_IRR_REJECT
+
+# AS_PATH: check origin via AS-SET
+# IRRDB filters for AS2_2, AS2: asns
+# add $INTCOMM_ORIGIN_KO to any; it will be removed later if at least one AS-SET authorizes this object
+match from 2001:db8:1:1::21 set ext-community $INTCOMM_ORIGIN_KO
+# verifying if object is authorized by AS-SETs
+match from 2001:db8:1:1::21 source-as as-set AS_SET_WHITE_LIST_AS2_2_asns set {
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community $INTCOMM_ORIGIN_OK
+} # WHITE_LIST_AS2_2
+# AS-SET AS2 referenced but empty.
+match from 2001:db8:1:1::21 source-as as-set AS_SET_AS_AS2_asns set {
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community $INTCOMM_ORIGIN_OK
+} # AS_AS2
+# adding not_present_in_as_set community to unauthorized routes
+match from 2001:db8:1:1::21 ext-community $INTCOMM_ORIGIN_KO set community 999:64515
+match from 2001:db8:1:1::21 ext-community $INTCOMM_ORIGIN_KO set large-community 999:0:64515
+# adding present_in_as_set community to authorized routes
+match from 2001:db8:1:1::21 ext-community $INTCOMM_ORIGIN_OK set community 999:64514
+match from 2001:db8:1:1::21 ext-community $INTCOMM_ORIGIN_OK set large-community 999:0:64514
+
+
+# Prefix: check prefix via AS-SET
+# IRRDB filters for AS2_2, AS2: prefixes
+# add $INTCOMM_PREFIX_KO to any; it will be removed later if at least one AS-SET authorizes this object
+match from 2001:db8:1:1::21 set ext-community $INTCOMM_PREFIX_KO
+# verifying if object is authorized by AS-SETs
+match from 2001:db8:1:1::21 prefix-set AS_SET_WHITE_LIST_AS2_2_prefixes set {
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community $INTCOMM_PREFIX_OK
+} # WHITE_LIST_AS2_2
+# AS-SET AS2 referenced but empty.
+match from 2001:db8:1:1::21 prefix-set AS_SET_AS_AS2_prefixes set {
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community $INTCOMM_PREFIX_OK
+} # AS_AS2
+# adding not_present_in_as_set community to unauthorized routes
+match from 2001:db8:1:1::21 ext-community $INTCOMM_PREFIX_KO set community 999:64513
+match from 2001:db8:1:1::21 ext-community $INTCOMM_PREFIX_KO set large-community 999:0:64513
+# adding present_in_as_set community to authorized routes
+match from 2001:db8:1:1::21 ext-community $INTCOMM_PREFIX_OK set community 999:64512
+match from 2001:db8:1:1::21 ext-community $INTCOMM_PREFIX_OK set large-community 999:0:64512
+
+
+# routes tagged with $INTCOMM_PREF_OK_ROA community have the prefix validated by a ROA; origin ASN previously validated ($INTCOMM_ORIGIN_OK)
+match from 2001:db8:1:1::21 ext-community $INTCOMM_ORIGIN_OK ext-community $INTCOMM_PREF_OK_ROA set community 999:64516
+match from 2001:db8:1:1::21 ext-community $INTCOMM_ORIGIN_OK ext-community $INTCOMM_PREF_OK_ROA set large-community 999:0:64516
+
+match from 2001:db8:1:1::21 ext-community $INTCOMM_ORIGIN_OK ext-community $INTCOMM_PREF_OK_ROA set ext-community delete $INTCOMM_IRR_REJECT
+
+# routes tagged with $INTCOMM_PREF_OK_ARINDB community have the prefix validated by an ARIN Whois record; origin ASN previously validated ($INTCOMM_ORIGIN_OK)
+match from 2001:db8:1:1::21 ext-community $INTCOMM_ORIGIN_OK ext-community $INTCOMM_PREF_OK_ARINDB set community 999:64518
+match from 2001:db8:1:1::21 ext-community $INTCOMM_ORIGIN_OK ext-community $INTCOMM_PREF_OK_ARINDB set large-community 999:0:64518
+
+match from 2001:db8:1:1::21 ext-community $INTCOMM_ORIGIN_OK ext-community $INTCOMM_PREF_OK_ARINDB set ext-community delete $INTCOMM_IRR_REJECT
+
+
+
+
+
+
+# Prefix: length
+# Reject inbound routes when 'from 2001:db8:1:1::21 prefix ::/0 prefixlen 12 >< 48' - reject code: 13
+allow quick from 2001:db8:1:1::21 prefix ::/0 prefixlen 12 >< 48 set {
+	localpref 1
+	community 65520:0
+	community 65520:13
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+# Remove internal communities before accepting the route
+match from 2001:db8:1:1::21 set {
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+match from 2001:db8:1:1::21 set ext-community delete rt 65520:2
+
+
+
+allow quick from 2001:db8:1:1::21
+
+
+
+# ---------------------------------------------
+# client AS2_2, outbound
+
+deny quick to 2001:db8:1:1::21 community 65520:0
+
+
+
+# Blackhole request?
+# No blackhole filtering policy given
+deny quick to 2001:db8:1:1::21 community BLACKHOLE
+
+
+
+# NO_EXPORT and NO_ADVERTISE communities
+
+# BGP control communities
+allow to 2001:db8:1:1::21
+
+
+# Add the $INTCOMM_PROCESS_PREPEND_COMMS ext community to signal that communities
+# for prepending can be processed. As soon as one prepending action is performed,
+# this internal community is removed, so that further actions are not processed.
+match to 2001:db8:1:1::21 set ext-community $INTCOMM_PROCESS_PREPEND_COMMS
+
+
+
+
+
+# ---------------------------------------------
+# client AS4_1, inbound
+
+
+
+# NEXT_HOP
+match from 192.0.2.41 set community NO_ADVERTISE
+match from 192.0.2.41 nexthop 192.0.2.41 set community delete NO_ADVERTISE
+# Reject inbound routes when 'from 192.0.2.41 community NO_ADVERTISE' - reject code: 5
+allow quick from 192.0.2.41 community NO_ADVERTISE set {
+	localpref 1
+	community 65520:0
+	community 65520:5
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: left-most ASN
+# Reject inbound routes when 'from 192.0.2.41 peer-as != 4' - reject code: 6
+# community from reject_cause_map
+allow quick from 192.0.2.41 peer-as != 4 set {
+	localpref 1
+	community 65520:0
+	community 65520:6
+	large-community 999:1101:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: invalid ASNs
+# Reject inbound routes when 'from 192.0.2.41 AS 23456' - reject code: 7
+allow quick from 192.0.2.41 AS 23456 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 192.0.2.41 AS 64496 - 131071' - reject code: 7
+allow quick from 192.0.2.41 AS 64496 - 131071 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 192.0.2.41 AS 4200000000 - 4294967295' - reject code: 7
+allow quick from 192.0.2.41 AS 4200000000 - 4294967295 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+
+# client's white list
+# Add the $INTCOMM_ROUTE_OK_WL ext community to routes which
+# are validated by a client's white list entry.
+# It will be used later during IRRDB validation in
+# case the route is not authorized by a client's
+# AS-SET.
+match from 192.0.2.41 prefix 2a04:4::/32 source-as 44 set ext-community $INTCOMM_ROUTE_OK_WL	# None
+match from 192.0.2.41 prefix 2a04:5::/32 prefixlen 32 - 128 source-as 43 set ext-community $INTCOMM_ROUTE_OK_WL	# None
+match from 192.0.2.41 prefix 2a04:6::/32 prefixlen 32 - 128 set ext-community $INTCOMM_ROUTE_OK_WL	# None
+match from 192.0.2.41 prefix 4.4.0.0/16 source-as 44 set ext-community $INTCOMM_ROUTE_OK_WL	# None
+match from 192.0.2.41 prefix 4.5.0.0/16 prefixlen 16 - 32 source-as 43 set ext-community $INTCOMM_ROUTE_OK_WL	# None
+match from 192.0.2.41 prefix 4.6.0.0/16 prefixlen 16 - 32 set ext-community $INTCOMM_ROUTE_OK_WL	# None
+
+match from 192.0.2.41 set ext-community $INTCOMM_IRR_REJECT
+
+# AS_PATH: check origin via AS-SET
+# IRRDB filters for AS4_1, AS4: asns
+# add $INTCOMM_ORIGIN_KO to any; it will be removed later if at least one AS-SET authorizes this object
+match from 192.0.2.41 set ext-community $INTCOMM_ORIGIN_KO
+# verifying if object is authorized by AS-SETs
+match from 192.0.2.41 source-as as-set AS_SET_WHITE_LIST_AS4_1_asns set {
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community $INTCOMM_ORIGIN_OK
+} # WHITE_LIST_AS4_1
+# AS-SET AS4 referenced but empty.
+match from 192.0.2.41 source-as as-set AS_SET_AS_AS4_asns set {
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community $INTCOMM_ORIGIN_OK
+} # AS_AS4
+# adding not_present_in_as_set community to unauthorized routes
+match from 192.0.2.41 ext-community $INTCOMM_ORIGIN_KO set community 999:64515
+match from 192.0.2.41 ext-community $INTCOMM_ORIGIN_KO set large-community 999:0:64515
+# adding present_in_as_set community to authorized routes
+match from 192.0.2.41 ext-community $INTCOMM_ORIGIN_OK set community 999:64514
+match from 192.0.2.41 ext-community $INTCOMM_ORIGIN_OK set large-community 999:0:64514
+
+
+# Prefix: check prefix via AS-SET
+# IRRDB filters for AS4_1, AS4: prefixes
+# add $INTCOMM_PREFIX_KO to any; it will be removed later if at least one AS-SET authorizes this object
+match from 192.0.2.41 set ext-community $INTCOMM_PREFIX_KO
+# verifying if object is authorized by AS-SETs
+match from 192.0.2.41 prefix-set AS_SET_WHITE_LIST_AS4_1_prefixes set {
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community $INTCOMM_PREFIX_OK
+} # WHITE_LIST_AS4_1
+# AS-SET AS4 referenced but empty.
+match from 192.0.2.41 prefix-set AS_SET_AS_AS4_prefixes set {
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community $INTCOMM_PREFIX_OK
+} # AS_AS4
+# adding not_present_in_as_set community to unauthorized routes
+match from 192.0.2.41 ext-community $INTCOMM_PREFIX_KO set community 999:64513
+match from 192.0.2.41 ext-community $INTCOMM_PREFIX_KO set large-community 999:0:64513
+# adding present_in_as_set community to authorized routes
+match from 192.0.2.41 ext-community $INTCOMM_PREFIX_OK set community 999:64512
+match from 192.0.2.41 ext-community $INTCOMM_PREFIX_OK set large-community 999:0:64512
+
+
+# routes tagged with $INTCOMM_PREF_OK_ROA community have the prefix validated by a ROA; origin ASN previously validated ($INTCOMM_ORIGIN_OK)
+match from 192.0.2.41 ext-community $INTCOMM_ORIGIN_OK ext-community $INTCOMM_PREF_OK_ROA set community 999:64516
+match from 192.0.2.41 ext-community $INTCOMM_ORIGIN_OK ext-community $INTCOMM_PREF_OK_ROA set large-community 999:0:64516
+
+match from 192.0.2.41 ext-community $INTCOMM_ORIGIN_OK ext-community $INTCOMM_PREF_OK_ROA set ext-community delete $INTCOMM_IRR_REJECT
+
+# routes tagged with $INTCOMM_PREF_OK_ARINDB community have the prefix validated by an ARIN Whois record; origin ASN previously validated ($INTCOMM_ORIGIN_OK)
+match from 192.0.2.41 ext-community $INTCOMM_ORIGIN_OK ext-community $INTCOMM_PREF_OK_ARINDB set community 999:64518
+match from 192.0.2.41 ext-community $INTCOMM_ORIGIN_OK ext-community $INTCOMM_PREF_OK_ARINDB set large-community 999:0:64518
+
+match from 192.0.2.41 ext-community $INTCOMM_ORIGIN_OK ext-community $INTCOMM_PREF_OK_ARINDB set ext-community delete $INTCOMM_IRR_REJECT
+
+
+# route authorized by a client's white list?
+match from 192.0.2.41 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_ROUTE_OK_WL set community 999:64517
+match from 192.0.2.41 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_ROUTE_OK_WL set large-community 999:0:64517
+
+match from 192.0.2.41 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_ROUTE_OK_WL set ext-community delete $INTCOMM_IRR_REJECT
+
+# enforcing: origin ASN
+# Reject inbound routes when 'from 192.0.2.41 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_ORIGIN_KO' - reject code: 9
+allow quick from 192.0.2.41 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_ORIGIN_KO set {
+	localpref 1
+	community 65520:0
+	community 65520:9
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+
+# Prefix: length
+# Reject inbound routes when 'from 192.0.2.41 prefix 0.0.0.0/0 prefixlen 8 >< 24' - reject code: 13
+allow quick from 192.0.2.41 prefix 0.0.0.0/0 prefixlen 8 >< 24 set {
+	localpref 1
+	community 65520:0
+	community 65520:13
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+# Remove internal communities before accepting the route
+match from 192.0.2.41 set {
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+match from 192.0.2.41 set ext-community delete rt 65520:4
+
+
+
+allow quick from 192.0.2.41
+
+
+
+# ---------------------------------------------
+# client AS4_1, outbound
+
+deny quick to 192.0.2.41 community 65520:0
+
+
+
+# Blackhole request?
+# No blackhole filtering policy given
+deny quick to 192.0.2.41 community BLACKHOLE
+
+
+
+# NO_EXPORT and NO_ADVERTISE communities
+
+# BGP control communities
+allow to 192.0.2.41
+
+
+# Add the $INTCOMM_PROCESS_PREPEND_COMMS ext community to signal that communities
+# for prepending can be processed. As soon as one prepending action is performed,
+# this internal community is removed, so that further actions are not processed.
+match to 192.0.2.41 set ext-community $INTCOMM_PROCESS_PREPEND_COMMS
+
+
+
+
+
+# ---------------------------------------------
+# client AS4_2, inbound
+
+
+
+# NEXT_HOP
+match from 2001:db8:1:1::41 set community NO_ADVERTISE
+match from 2001:db8:1:1::41 nexthop 2001:db8:1:1::41 set community delete NO_ADVERTISE
+# Reject inbound routes when 'from 2001:db8:1:1::41 community NO_ADVERTISE' - reject code: 5
+allow quick from 2001:db8:1:1::41 community NO_ADVERTISE set {
+	localpref 1
+	community 65520:0
+	community 65520:5
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: left-most ASN
+# Reject inbound routes when 'from 2001:db8:1:1::41 peer-as != 4' - reject code: 6
+# community from reject_cause_map
+allow quick from 2001:db8:1:1::41 peer-as != 4 set {
+	localpref 1
+	community 65520:0
+	community 65520:6
+	large-community 999:1101:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: invalid ASNs
+# Reject inbound routes when 'from 2001:db8:1:1::41 AS 23456' - reject code: 7
+allow quick from 2001:db8:1:1::41 AS 23456 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 2001:db8:1:1::41 AS 64496 - 131071' - reject code: 7
+allow quick from 2001:db8:1:1::41 AS 64496 - 131071 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 2001:db8:1:1::41 AS 4200000000 - 4294967295' - reject code: 7
+allow quick from 2001:db8:1:1::41 AS 4200000000 - 4294967295 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+
+# client's white list
+# Add the $INTCOMM_ROUTE_OK_WL ext community to routes which
+# are validated by a client's white list entry.
+# It will be used later during IRRDB validation in
+# case the route is not authorized by a client's
+# AS-SET.
+match from 2001:db8:1:1::41 prefix 2a04:4::/32 source-as 44 set ext-community $INTCOMM_ROUTE_OK_WL	# None
+match from 2001:db8:1:1::41 prefix 2a04:5::/32 prefixlen 32 - 128 source-as 43 set ext-community $INTCOMM_ROUTE_OK_WL	# None
+match from 2001:db8:1:1::41 prefix 2a04:6::/32 prefixlen 32 - 128 set ext-community $INTCOMM_ROUTE_OK_WL	# None
+match from 2001:db8:1:1::41 prefix 4.4.0.0/16 source-as 44 set ext-community $INTCOMM_ROUTE_OK_WL	# None
+match from 2001:db8:1:1::41 prefix 4.5.0.0/16 prefixlen 16 - 32 source-as 43 set ext-community $INTCOMM_ROUTE_OK_WL	# None
+match from 2001:db8:1:1::41 prefix 4.6.0.0/16 prefixlen 16 - 32 set ext-community $INTCOMM_ROUTE_OK_WL	# None
+
+match from 2001:db8:1:1::41 set ext-community $INTCOMM_IRR_REJECT
+
+# AS_PATH: check origin via AS-SET
+# IRRDB filters for AS4_2, AS4: asns
+# add $INTCOMM_ORIGIN_KO to any; it will be removed later if at least one AS-SET authorizes this object
+match from 2001:db8:1:1::41 set ext-community $INTCOMM_ORIGIN_KO
+# verifying if object is authorized by AS-SETs
+# AS-SET AS4 referenced but empty.
+match from 2001:db8:1:1::41 source-as as-set AS_SET_AS_AS4_asns set {
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community $INTCOMM_ORIGIN_OK
+} # AS_AS4
+match from 2001:db8:1:1::41 source-as as-set AS_SET_WHITE_LIST_AS4_2_asns set {
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community $INTCOMM_ORIGIN_OK
+} # WHITE_LIST_AS4_2
+# adding not_present_in_as_set community to unauthorized routes
+match from 2001:db8:1:1::41 ext-community $INTCOMM_ORIGIN_KO set community 999:64515
+match from 2001:db8:1:1::41 ext-community $INTCOMM_ORIGIN_KO set large-community 999:0:64515
+# adding present_in_as_set community to authorized routes
+match from 2001:db8:1:1::41 ext-community $INTCOMM_ORIGIN_OK set community 999:64514
+match from 2001:db8:1:1::41 ext-community $INTCOMM_ORIGIN_OK set large-community 999:0:64514
+
+
+# Prefix: check prefix via AS-SET
+# IRRDB filters for AS4_2, AS4: prefixes
+# add $INTCOMM_PREFIX_KO to any; it will be removed later if at least one AS-SET authorizes this object
+match from 2001:db8:1:1::41 set ext-community $INTCOMM_PREFIX_KO
+# verifying if object is authorized by AS-SETs
+# AS-SET AS4 referenced but empty.
+match from 2001:db8:1:1::41 prefix-set AS_SET_AS_AS4_prefixes set {
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community $INTCOMM_PREFIX_OK
+} # AS_AS4
+match from 2001:db8:1:1::41 prefix-set AS_SET_WHITE_LIST_AS4_2_prefixes set {
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community $INTCOMM_PREFIX_OK
+} # WHITE_LIST_AS4_2
+# adding not_present_in_as_set community to unauthorized routes
+match from 2001:db8:1:1::41 ext-community $INTCOMM_PREFIX_KO set community 999:64513
+match from 2001:db8:1:1::41 ext-community $INTCOMM_PREFIX_KO set large-community 999:0:64513
+# adding present_in_as_set community to authorized routes
+match from 2001:db8:1:1::41 ext-community $INTCOMM_PREFIX_OK set community 999:64512
+match from 2001:db8:1:1::41 ext-community $INTCOMM_PREFIX_OK set large-community 999:0:64512
+
+
+# routes tagged with $INTCOMM_PREF_OK_ROA community have the prefix validated by a ROA; origin ASN previously validated ($INTCOMM_ORIGIN_OK)
+match from 2001:db8:1:1::41 ext-community $INTCOMM_ORIGIN_OK ext-community $INTCOMM_PREF_OK_ROA set community 999:64516
+match from 2001:db8:1:1::41 ext-community $INTCOMM_ORIGIN_OK ext-community $INTCOMM_PREF_OK_ROA set large-community 999:0:64516
+
+match from 2001:db8:1:1::41 ext-community $INTCOMM_ORIGIN_OK ext-community $INTCOMM_PREF_OK_ROA set ext-community delete $INTCOMM_IRR_REJECT
+
+# routes tagged with $INTCOMM_PREF_OK_ARINDB community have the prefix validated by an ARIN Whois record; origin ASN previously validated ($INTCOMM_ORIGIN_OK)
+match from 2001:db8:1:1::41 ext-community $INTCOMM_ORIGIN_OK ext-community $INTCOMM_PREF_OK_ARINDB set community 999:64518
+match from 2001:db8:1:1::41 ext-community $INTCOMM_ORIGIN_OK ext-community $INTCOMM_PREF_OK_ARINDB set large-community 999:0:64518
+
+match from 2001:db8:1:1::41 ext-community $INTCOMM_ORIGIN_OK ext-community $INTCOMM_PREF_OK_ARINDB set ext-community delete $INTCOMM_IRR_REJECT
+
+
+# route authorized by a client's white list?
+match from 2001:db8:1:1::41 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_ROUTE_OK_WL set community 999:64517
+match from 2001:db8:1:1::41 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_ROUTE_OK_WL set large-community 999:0:64517
+
+match from 2001:db8:1:1::41 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_ROUTE_OK_WL set ext-community delete $INTCOMM_IRR_REJECT
+
+# enforcing: origin ASN
+# Reject inbound routes when 'from 2001:db8:1:1::41 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_ORIGIN_KO' - reject code: 9
+allow quick from 2001:db8:1:1::41 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_ORIGIN_KO set {
+	localpref 1
+	community 65520:0
+	community 65520:9
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+
+# Prefix: length
+# Reject inbound routes when 'from 2001:db8:1:1::41 prefix ::/0 prefixlen 12 >< 48' - reject code: 13
+allow quick from 2001:db8:1:1::41 prefix ::/0 prefixlen 12 >< 48 set {
+	localpref 1
+	community 65520:0
+	community 65520:13
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+# Remove internal communities before accepting the route
+match from 2001:db8:1:1::41 set {
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+match from 2001:db8:1:1::41 set ext-community delete rt 65520:4
+
+
+
+allow quick from 2001:db8:1:1::41
+
+
+
+# ---------------------------------------------
+# client AS4_2, outbound
+
+deny quick to 2001:db8:1:1::41 community 65520:0
+
+
+
+# Blackhole request?
+# No blackhole filtering policy given
+deny quick to 2001:db8:1:1::41 community BLACKHOLE
+
+
+
+# NO_EXPORT and NO_ADVERTISE communities
+
+# BGP control communities
+allow to 2001:db8:1:1::41
+
+
+# Add the $INTCOMM_PROCESS_PREPEND_COMMS ext community to signal that communities
+# for prepending can be processed. As soon as one prepending action is performed,
+# this internal community is removed, so that further actions are not processed.
+match to 2001:db8:1:1::41 set ext-community $INTCOMM_PROCESS_PREPEND_COMMS
+
+
+
+
+
+# ---------------------------------------------
+# client AS5_1, inbound
+
+
+
+# NEXT_HOP
+match from 192.0.2.51 set community NO_ADVERTISE
+match from 192.0.2.51 nexthop 192.0.2.51 set community delete NO_ADVERTISE
+# Reject inbound routes when 'from 192.0.2.51 community NO_ADVERTISE' - reject code: 5
+allow quick from 192.0.2.51 community NO_ADVERTISE set {
+	localpref 1
+	community 65520:0
+	community 65520:5
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: left-most ASN
+# Reject inbound routes when 'from 192.0.2.51 peer-as != 5' - reject code: 6
+# community from reject_cause_map
+allow quick from 192.0.2.51 peer-as != 5 set {
+	localpref 1
+	community 65520:0
+	community 65520:6
+	large-community 999:1101:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: invalid ASNs
+# Reject inbound routes when 'from 192.0.2.51 AS 23456' - reject code: 7
+allow quick from 192.0.2.51 AS 23456 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 192.0.2.51 AS 64496 - 131071' - reject code: 7
+allow quick from 192.0.2.51 AS 64496 - 131071 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 192.0.2.51 AS 4200000000 - 4294967295' - reject code: 7
+allow quick from 192.0.2.51 AS 4200000000 - 4294967295 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+
+
+match from 192.0.2.51 set ext-community $INTCOMM_IRR_REJECT
+
+# AS_PATH: check origin via AS-SET
+# IRRDB filters for AS5_1, AS5: asns
+# add $INTCOMM_ORIGIN_KO to any; it will be removed later if at least one AS-SET authorizes this object
+match from 192.0.2.51 set ext-community $INTCOMM_ORIGIN_KO
+# verifying if object is authorized by AS-SETs
+match from 192.0.2.51 source-as as-set AS_SET_AS_AS5_FROM_PDB_asns set {
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community $INTCOMM_ORIGIN_OK
+} # AS_AS5_FROM_PDB
+# AS-SET AS5 referenced but empty.
+match from 192.0.2.51 source-as as-set AS_SET_WHITE_LIST_AS5_1_asns set {
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community $INTCOMM_ORIGIN_OK
+} # WHITE_LIST_AS5_1
+# adding not_present_in_as_set community to unauthorized routes
+match from 192.0.2.51 ext-community $INTCOMM_ORIGIN_KO set community 999:64515
+match from 192.0.2.51 ext-community $INTCOMM_ORIGIN_KO set large-community 999:0:64515
+# adding present_in_as_set community to authorized routes
+match from 192.0.2.51 ext-community $INTCOMM_ORIGIN_OK set community 999:64514
+match from 192.0.2.51 ext-community $INTCOMM_ORIGIN_OK set large-community 999:0:64514
+
+
+# Prefix: check prefix via AS-SET
+# IRRDB filters for AS5_1, AS5: prefixes
+# add $INTCOMM_PREFIX_KO to any; it will be removed later if at least one AS-SET authorizes this object
+match from 192.0.2.51 set ext-community $INTCOMM_PREFIX_KO
+# verifying if object is authorized by AS-SETs
+match from 192.0.2.51 prefix-set AS_SET_AS_AS5_FROM_PDB_prefixes set {
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community $INTCOMM_PREFIX_OK
+} # AS_AS5_FROM_PDB
+# AS-SET AS5 referenced but empty.
+match from 192.0.2.51 prefix-set AS_SET_WHITE_LIST_AS5_1_prefixes set {
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community $INTCOMM_PREFIX_OK
+} # WHITE_LIST_AS5_1
+# adding not_present_in_as_set community to unauthorized routes
+match from 192.0.2.51 ext-community $INTCOMM_PREFIX_KO set community 999:64513
+match from 192.0.2.51 ext-community $INTCOMM_PREFIX_KO set large-community 999:0:64513
+# adding present_in_as_set community to authorized routes
+match from 192.0.2.51 ext-community $INTCOMM_PREFIX_OK set community 999:64512
+match from 192.0.2.51 ext-community $INTCOMM_PREFIX_OK set large-community 999:0:64512
+
+
+# routes tagged with $INTCOMM_PREF_OK_ROA community have the prefix validated by a ROA; origin ASN previously validated ($INTCOMM_ORIGIN_OK)
+match from 192.0.2.51 ext-community $INTCOMM_ORIGIN_OK ext-community $INTCOMM_PREF_OK_ROA set community 999:64516
+match from 192.0.2.51 ext-community $INTCOMM_ORIGIN_OK ext-community $INTCOMM_PREF_OK_ROA set large-community 999:0:64516
+
+match from 192.0.2.51 ext-community $INTCOMM_ORIGIN_OK ext-community $INTCOMM_PREF_OK_ROA set ext-community delete $INTCOMM_IRR_REJECT
+
+# routes tagged with $INTCOMM_PREF_OK_ARINDB community have the prefix validated by an ARIN Whois record; origin ASN previously validated ($INTCOMM_ORIGIN_OK)
+match from 192.0.2.51 ext-community $INTCOMM_ORIGIN_OK ext-community $INTCOMM_PREF_OK_ARINDB set community 999:64518
+match from 192.0.2.51 ext-community $INTCOMM_ORIGIN_OK ext-community $INTCOMM_PREF_OK_ARINDB set large-community 999:0:64518
+
+match from 192.0.2.51 ext-community $INTCOMM_ORIGIN_OK ext-community $INTCOMM_PREF_OK_ARINDB set ext-community delete $INTCOMM_IRR_REJECT
+
+
+
+# enforcing: prefix
+# Reject inbound routes when 'from 192.0.2.51 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_PREFIX_KO' - reject code: 12
+allow quick from 192.0.2.51 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_PREFIX_KO set {
+	localpref 1
+	community 65520:0
+	community 65520:12
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+
+# Prefix: length
+# Reject inbound routes when 'from 192.0.2.51 prefix 0.0.0.0/0 prefixlen 8 >< 24' - reject code: 13
+allow quick from 192.0.2.51 prefix 0.0.0.0/0 prefixlen 8 >< 24 set {
+	localpref 1
+	community 65520:0
+	community 65520:13
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+# Remove internal communities before accepting the route
+match from 192.0.2.51 set {
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+match from 192.0.2.51 set ext-community delete rt 65520:5
+
+
+
+allow quick from 192.0.2.51
+
+
+
+# ---------------------------------------------
+# client AS5_1, outbound
+
+deny quick to 192.0.2.51 community 65520:0
+
+
+
+# Blackhole request?
+# No blackhole filtering policy given
+deny quick to 192.0.2.51 community BLACKHOLE
+
+
+
+# NO_EXPORT and NO_ADVERTISE communities
+
+# BGP control communities
+allow to 192.0.2.51
+
+
+# Add the $INTCOMM_PROCESS_PREPEND_COMMS ext community to signal that communities
+# for prepending can be processed. As soon as one prepending action is performed,
+# this internal community is removed, so that further actions are not processed.
+match to 192.0.2.51 set ext-community $INTCOMM_PROCESS_PREPEND_COMMS
+
+
+
+
+
+# ---------------------------------------------
+# client AS5_2, inbound
+
+
+
+# NEXT_HOP
+match from 2001:db8:1:1::51 set community NO_ADVERTISE
+match from 2001:db8:1:1::51 nexthop 2001:db8:1:1::51 set community delete NO_ADVERTISE
+# Reject inbound routes when 'from 2001:db8:1:1::51 community NO_ADVERTISE' - reject code: 5
+allow quick from 2001:db8:1:1::51 community NO_ADVERTISE set {
+	localpref 1
+	community 65520:0
+	community 65520:5
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: left-most ASN
+# Reject inbound routes when 'from 2001:db8:1:1::51 peer-as != 5' - reject code: 6
+# community from reject_cause_map
+allow quick from 2001:db8:1:1::51 peer-as != 5 set {
+	localpref 1
+	community 65520:0
+	community 65520:6
+	large-community 999:1101:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: invalid ASNs
+# Reject inbound routes when 'from 2001:db8:1:1::51 AS 23456' - reject code: 7
+allow quick from 2001:db8:1:1::51 AS 23456 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 2001:db8:1:1::51 AS 64496 - 131071' - reject code: 7
+allow quick from 2001:db8:1:1::51 AS 64496 - 131071 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 2001:db8:1:1::51 AS 4200000000 - 4294967295' - reject code: 7
+allow quick from 2001:db8:1:1::51 AS 4200000000 - 4294967295 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+
+
+match from 2001:db8:1:1::51 set ext-community $INTCOMM_IRR_REJECT
+
+# AS_PATH: check origin via AS-SET
+# IRRDB filters for AS5_2, AS5: asns
+# add $INTCOMM_ORIGIN_KO to any; it will be removed later if at least one AS-SET authorizes this object
+match from 2001:db8:1:1::51 set ext-community $INTCOMM_ORIGIN_KO
+# verifying if object is authorized by AS-SETs
+match from 2001:db8:1:1::51 source-as as-set AS_SET_AS_AS5_FROM_PDB_asns set {
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community $INTCOMM_ORIGIN_OK
+} # AS_AS5_FROM_PDB
+match from 2001:db8:1:1::51 source-as as-set AS_SET_WHITE_LIST_AS5_2_asns set {
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community $INTCOMM_ORIGIN_OK
+} # WHITE_LIST_AS5_2
+# AS-SET AS5 referenced but empty.
+# adding not_present_in_as_set community to unauthorized routes
+match from 2001:db8:1:1::51 ext-community $INTCOMM_ORIGIN_KO set community 999:64515
+match from 2001:db8:1:1::51 ext-community $INTCOMM_ORIGIN_KO set large-community 999:0:64515
+# adding present_in_as_set community to authorized routes
+match from 2001:db8:1:1::51 ext-community $INTCOMM_ORIGIN_OK set community 999:64514
+match from 2001:db8:1:1::51 ext-community $INTCOMM_ORIGIN_OK set large-community 999:0:64514
+
+
+# Prefix: check prefix via AS-SET
+# IRRDB filters for AS5_2, AS5: prefixes
+# add $INTCOMM_PREFIX_KO to any; it will be removed later if at least one AS-SET authorizes this object
+match from 2001:db8:1:1::51 set ext-community $INTCOMM_PREFIX_KO
+# verifying if object is authorized by AS-SETs
+match from 2001:db8:1:1::51 prefix-set AS_SET_AS_AS5_FROM_PDB_prefixes set {
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community $INTCOMM_PREFIX_OK
+} # AS_AS5_FROM_PDB
+match from 2001:db8:1:1::51 prefix-set AS_SET_WHITE_LIST_AS5_2_prefixes set {
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community $INTCOMM_PREFIX_OK
+} # WHITE_LIST_AS5_2
+# AS-SET AS5 referenced but empty.
+# adding not_present_in_as_set community to unauthorized routes
+match from 2001:db8:1:1::51 ext-community $INTCOMM_PREFIX_KO set community 999:64513
+match from 2001:db8:1:1::51 ext-community $INTCOMM_PREFIX_KO set large-community 999:0:64513
+# adding present_in_as_set community to authorized routes
+match from 2001:db8:1:1::51 ext-community $INTCOMM_PREFIX_OK set community 999:64512
+match from 2001:db8:1:1::51 ext-community $INTCOMM_PREFIX_OK set large-community 999:0:64512
+
+
+# routes tagged with $INTCOMM_PREF_OK_ROA community have the prefix validated by a ROA; origin ASN previously validated ($INTCOMM_ORIGIN_OK)
+match from 2001:db8:1:1::51 ext-community $INTCOMM_ORIGIN_OK ext-community $INTCOMM_PREF_OK_ROA set community 999:64516
+match from 2001:db8:1:1::51 ext-community $INTCOMM_ORIGIN_OK ext-community $INTCOMM_PREF_OK_ROA set large-community 999:0:64516
+
+match from 2001:db8:1:1::51 ext-community $INTCOMM_ORIGIN_OK ext-community $INTCOMM_PREF_OK_ROA set ext-community delete $INTCOMM_IRR_REJECT
+
+# routes tagged with $INTCOMM_PREF_OK_ARINDB community have the prefix validated by an ARIN Whois record; origin ASN previously validated ($INTCOMM_ORIGIN_OK)
+match from 2001:db8:1:1::51 ext-community $INTCOMM_ORIGIN_OK ext-community $INTCOMM_PREF_OK_ARINDB set community 999:64518
+match from 2001:db8:1:1::51 ext-community $INTCOMM_ORIGIN_OK ext-community $INTCOMM_PREF_OK_ARINDB set large-community 999:0:64518
+
+match from 2001:db8:1:1::51 ext-community $INTCOMM_ORIGIN_OK ext-community $INTCOMM_PREF_OK_ARINDB set ext-community delete $INTCOMM_IRR_REJECT
+
+
+
+# enforcing: prefix
+# Reject inbound routes when 'from 2001:db8:1:1::51 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_PREFIX_KO' - reject code: 12
+allow quick from 2001:db8:1:1::51 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_PREFIX_KO set {
+	localpref 1
+	community 65520:0
+	community 65520:12
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+
+# Prefix: length
+# Reject inbound routes when 'from 2001:db8:1:1::51 prefix ::/0 prefixlen 12 >< 48' - reject code: 13
+allow quick from 2001:db8:1:1::51 prefix ::/0 prefixlen 12 >< 48 set {
+	localpref 1
+	community 65520:0
+	community 65520:13
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+# Remove internal communities before accepting the route
+match from 2001:db8:1:1::51 set {
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+match from 2001:db8:1:1::51 set ext-community delete rt 65520:5
+
+
+
+allow quick from 2001:db8:1:1::51
+
+
+
+# ---------------------------------------------
+# client AS5_2, outbound
+
+deny quick to 2001:db8:1:1::51 community 65520:0
+
+
+
+# Blackhole request?
+# No blackhole filtering policy given
+deny quick to 2001:db8:1:1::51 community BLACKHOLE
+
+
+
+# NO_EXPORT and NO_ADVERTISE communities
+
+# BGP control communities
+allow to 2001:db8:1:1::51
+
+
+# Add the $INTCOMM_PROCESS_PREPEND_COMMS ext community to signal that communities
+# for prepending can be processed. As soon as one prepending action is performed,
+# this internal community is removed, so that further actions are not processed.
+match to 2001:db8:1:1::51 set ext-community $INTCOMM_PROCESS_PREPEND_COMMS
+
+
+
+
+
+# ---------------------------------------------
+# client AS6_1, inbound
+
+
+
+# NEXT_HOP
+match from 192.0.2.61 set community NO_ADVERTISE
+match from 192.0.2.61 nexthop 192.0.2.61 set community delete NO_ADVERTISE
+# Reject inbound routes when 'from 192.0.2.61 community NO_ADVERTISE' - reject code: 5
+allow quick from 192.0.2.61 community NO_ADVERTISE set {
+	localpref 1
+	community 65520:0
+	community 65520:5
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: left-most ASN
+# Reject inbound routes when 'from 192.0.2.61 peer-as != 6' - reject code: 6
+# community from reject_cause_map
+allow quick from 192.0.2.61 peer-as != 6 set {
+	localpref 1
+	community 65520:0
+	community 65520:6
+	large-community 999:1101:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: invalid ASNs
+# Reject inbound routes when 'from 192.0.2.61 AS 23456' - reject code: 7
+allow quick from 192.0.2.61 AS 23456 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 192.0.2.61 AS 64496 - 131071' - reject code: 7
+allow quick from 192.0.2.61 AS 64496 - 131071 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 192.0.2.61 AS 4200000000 - 4294967295' - reject code: 7
+allow quick from 192.0.2.61 AS 4200000000 - 4294967295 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+
+# client's white list
+# Add the $INTCOMM_ROUTE_OK_WL ext community to routes which
+# are validated by a client's white list entry.
+# It will be used later during IRRDB validation in
+# case the route is not authorized by a client's
+# AS-SET.
+match from 192.0.2.61 prefix 2a03:2::/32 prefixlen 32 - 128 source-as 3 set ext-community $INTCOMM_ROUTE_OK_WL	# None
+match from 192.0.2.61 prefix 3.2.0.0/16 prefixlen 16 - 32 source-as 3 set ext-community $INTCOMM_ROUTE_OK_WL	# None
+
+match from 192.0.2.61 set ext-community $INTCOMM_IRR_REJECT
+
+# AS_PATH: check origin via AS-SET
+# IRRDB filters for AS6_1, AS6: asns
+# add $INTCOMM_ORIGIN_KO to any; it will be removed later if at least one AS-SET authorizes this object
+match from 192.0.2.61 set ext-community $INTCOMM_ORIGIN_KO
+# verifying if object is authorized by AS-SETs
+match from 192.0.2.61 source-as as-set AS_SET_AS6_asns set {
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community $INTCOMM_ORIGIN_OK
+} # AS6
+# adding not_present_in_as_set community to unauthorized routes
+match from 192.0.2.61 ext-community $INTCOMM_ORIGIN_KO set community 999:64515
+match from 192.0.2.61 ext-community $INTCOMM_ORIGIN_KO set large-community 999:0:64515
+# adding present_in_as_set community to authorized routes
+match from 192.0.2.61 ext-community $INTCOMM_ORIGIN_OK set community 999:64514
+match from 192.0.2.61 ext-community $INTCOMM_ORIGIN_OK set large-community 999:0:64514
+
+
+# Prefix: check prefix via AS-SET
+# IRRDB filters for AS6_1, AS6: prefixes
+# add $INTCOMM_PREFIX_KO to any; it will be removed later if at least one AS-SET authorizes this object
+match from 192.0.2.61 set ext-community $INTCOMM_PREFIX_KO
+# verifying if object is authorized by AS-SETs
+match from 192.0.2.61 prefix-set AS_SET_AS6_prefixes set {
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community $INTCOMM_PREFIX_OK
+} # AS6
+# adding not_present_in_as_set community to unauthorized routes
+match from 192.0.2.61 ext-community $INTCOMM_PREFIX_KO set community 999:64513
+match from 192.0.2.61 ext-community $INTCOMM_PREFIX_KO set large-community 999:0:64513
+# adding present_in_as_set community to authorized routes
+match from 192.0.2.61 ext-community $INTCOMM_PREFIX_OK set community 999:64512
+match from 192.0.2.61 ext-community $INTCOMM_PREFIX_OK set large-community 999:0:64512
+
+
+# routes tagged with $INTCOMM_PREF_OK_ROA community have the prefix validated by a ROA; origin ASN previously validated ($INTCOMM_ORIGIN_OK)
+match from 192.0.2.61 ext-community $INTCOMM_ORIGIN_OK ext-community $INTCOMM_PREF_OK_ROA set community 999:64516
+match from 192.0.2.61 ext-community $INTCOMM_ORIGIN_OK ext-community $INTCOMM_PREF_OK_ROA set large-community 999:0:64516
+
+match from 192.0.2.61 ext-community $INTCOMM_ORIGIN_OK ext-community $INTCOMM_PREF_OK_ROA set ext-community delete $INTCOMM_IRR_REJECT
+
+# routes tagged with $INTCOMM_PREF_OK_ARINDB community have the prefix validated by an ARIN Whois record; origin ASN previously validated ($INTCOMM_ORIGIN_OK)
+match from 192.0.2.61 ext-community $INTCOMM_ORIGIN_OK ext-community $INTCOMM_PREF_OK_ARINDB set community 999:64518
+match from 192.0.2.61 ext-community $INTCOMM_ORIGIN_OK ext-community $INTCOMM_PREF_OK_ARINDB set large-community 999:0:64518
+
+match from 192.0.2.61 ext-community $INTCOMM_ORIGIN_OK ext-community $INTCOMM_PREF_OK_ARINDB set ext-community delete $INTCOMM_IRR_REJECT
+
+
+# route authorized by a client's white list?
+match from 192.0.2.61 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_ROUTE_OK_WL set community 999:64517
+match from 192.0.2.61 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_ROUTE_OK_WL set large-community 999:0:64517
+
+match from 192.0.2.61 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_ROUTE_OK_WL set ext-community delete $INTCOMM_IRR_REJECT
+
+# enforcing: origin ASN
+# Reject inbound routes when 'from 192.0.2.61 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_ORIGIN_KO' - reject code: 9
+allow quick from 192.0.2.61 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_ORIGIN_KO set {
+	localpref 1
+	community 65520:0
+	community 65520:9
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# enforcing: prefix
+# Reject inbound routes when 'from 192.0.2.61 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_PREFIX_KO' - reject code: 12
+allow quick from 192.0.2.61 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_PREFIX_KO set {
+	localpref 1
+	community 65520:0
+	community 65520:12
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+
+# Prefix: length
+# Reject inbound routes when 'from 192.0.2.61 prefix 0.0.0.0/0 prefixlen 8 >< 24' - reject code: 13
+allow quick from 192.0.2.61 prefix 0.0.0.0/0 prefixlen 8 >< 24 set {
+	localpref 1
+	community 65520:0
+	community 65520:13
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+# Remove internal communities before accepting the route
+match from 192.0.2.61 set {
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+match from 192.0.2.61 set ext-community delete rt 65520:6
+
+
+
+allow quick from 192.0.2.61
+
+
+
+# ---------------------------------------------
+# client AS6_1, outbound
+
+deny quick to 192.0.2.61 community 65520:0
+
+
+
+# Blackhole request?
+# No blackhole filtering policy given
+deny quick to 192.0.2.61 community BLACKHOLE
+
+
+
+# NO_EXPORT and NO_ADVERTISE communities
+
+# BGP control communities
+allow to 192.0.2.61
+
+
+# Add the $INTCOMM_PROCESS_PREPEND_COMMS ext community to signal that communities
+# for prepending can be processed. As soon as one prepending action is performed,
+# this internal community is removed, so that further actions are not processed.
+match to 192.0.2.61 set ext-community $INTCOMM_PROCESS_PREPEND_COMMS
+
+
+
+
+
+# ---------------------------------------------
+# client AS6_2, inbound
+
+
+
+# NEXT_HOP
+match from 2001:db8:1:1::61 set community NO_ADVERTISE
+match from 2001:db8:1:1::61 nexthop 2001:db8:1:1::61 set community delete NO_ADVERTISE
+# Reject inbound routes when 'from 2001:db8:1:1::61 community NO_ADVERTISE' - reject code: 5
+allow quick from 2001:db8:1:1::61 community NO_ADVERTISE set {
+	localpref 1
+	community 65520:0
+	community 65520:5
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: left-most ASN
+# Reject inbound routes when 'from 2001:db8:1:1::61 peer-as != 6' - reject code: 6
+# community from reject_cause_map
+allow quick from 2001:db8:1:1::61 peer-as != 6 set {
+	localpref 1
+	community 65520:0
+	community 65520:6
+	large-community 999:1101:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: invalid ASNs
+# Reject inbound routes when 'from 2001:db8:1:1::61 AS 23456' - reject code: 7
+allow quick from 2001:db8:1:1::61 AS 23456 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 2001:db8:1:1::61 AS 64496 - 131071' - reject code: 7
+allow quick from 2001:db8:1:1::61 AS 64496 - 131071 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 2001:db8:1:1::61 AS 4200000000 - 4294967295' - reject code: 7
+allow quick from 2001:db8:1:1::61 AS 4200000000 - 4294967295 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+
+# client's white list
+# Add the $INTCOMM_ROUTE_OK_WL ext community to routes which
+# are validated by a client's white list entry.
+# It will be used later during IRRDB validation in
+# case the route is not authorized by a client's
+# AS-SET.
+match from 2001:db8:1:1::61 prefix 2a03:2::/32 prefixlen 32 - 128 source-as 3 set ext-community $INTCOMM_ROUTE_OK_WL	# None
+match from 2001:db8:1:1::61 prefix 3.2.0.0/16 prefixlen 16 - 32 source-as 3 set ext-community $INTCOMM_ROUTE_OK_WL	# None
+
+match from 2001:db8:1:1::61 set ext-community $INTCOMM_IRR_REJECT
+
+# AS_PATH: check origin via AS-SET
+# IRRDB filters for AS6_2, AS6: asns
+# add $INTCOMM_ORIGIN_KO to any; it will be removed later if at least one AS-SET authorizes this object
+match from 2001:db8:1:1::61 set ext-community $INTCOMM_ORIGIN_KO
+# verifying if object is authorized by AS-SETs
+match from 2001:db8:1:1::61 source-as as-set AS_SET_AS6_asns set {
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community $INTCOMM_ORIGIN_OK
+} # AS6
+# adding not_present_in_as_set community to unauthorized routes
+match from 2001:db8:1:1::61 ext-community $INTCOMM_ORIGIN_KO set community 999:64515
+match from 2001:db8:1:1::61 ext-community $INTCOMM_ORIGIN_KO set large-community 999:0:64515
+# adding present_in_as_set community to authorized routes
+match from 2001:db8:1:1::61 ext-community $INTCOMM_ORIGIN_OK set community 999:64514
+match from 2001:db8:1:1::61 ext-community $INTCOMM_ORIGIN_OK set large-community 999:0:64514
+
+
+# Prefix: check prefix via AS-SET
+# IRRDB filters for AS6_2, AS6: prefixes
+# add $INTCOMM_PREFIX_KO to any; it will be removed later if at least one AS-SET authorizes this object
+match from 2001:db8:1:1::61 set ext-community $INTCOMM_PREFIX_KO
+# verifying if object is authorized by AS-SETs
+match from 2001:db8:1:1::61 prefix-set AS_SET_AS6_prefixes set {
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community $INTCOMM_PREFIX_OK
+} # AS6
+# adding not_present_in_as_set community to unauthorized routes
+match from 2001:db8:1:1::61 ext-community $INTCOMM_PREFIX_KO set community 999:64513
+match from 2001:db8:1:1::61 ext-community $INTCOMM_PREFIX_KO set large-community 999:0:64513
+# adding present_in_as_set community to authorized routes
+match from 2001:db8:1:1::61 ext-community $INTCOMM_PREFIX_OK set community 999:64512
+match from 2001:db8:1:1::61 ext-community $INTCOMM_PREFIX_OK set large-community 999:0:64512
+
+
+# routes tagged with $INTCOMM_PREF_OK_ROA community have the prefix validated by a ROA; origin ASN previously validated ($INTCOMM_ORIGIN_OK)
+match from 2001:db8:1:1::61 ext-community $INTCOMM_ORIGIN_OK ext-community $INTCOMM_PREF_OK_ROA set community 999:64516
+match from 2001:db8:1:1::61 ext-community $INTCOMM_ORIGIN_OK ext-community $INTCOMM_PREF_OK_ROA set large-community 999:0:64516
+
+match from 2001:db8:1:1::61 ext-community $INTCOMM_ORIGIN_OK ext-community $INTCOMM_PREF_OK_ROA set ext-community delete $INTCOMM_IRR_REJECT
+
+# routes tagged with $INTCOMM_PREF_OK_ARINDB community have the prefix validated by an ARIN Whois record; origin ASN previously validated ($INTCOMM_ORIGIN_OK)
+match from 2001:db8:1:1::61 ext-community $INTCOMM_ORIGIN_OK ext-community $INTCOMM_PREF_OK_ARINDB set community 999:64518
+match from 2001:db8:1:1::61 ext-community $INTCOMM_ORIGIN_OK ext-community $INTCOMM_PREF_OK_ARINDB set large-community 999:0:64518
+
+match from 2001:db8:1:1::61 ext-community $INTCOMM_ORIGIN_OK ext-community $INTCOMM_PREF_OK_ARINDB set ext-community delete $INTCOMM_IRR_REJECT
+
+
+# route authorized by a client's white list?
+match from 2001:db8:1:1::61 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_ROUTE_OK_WL set community 999:64517
+match from 2001:db8:1:1::61 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_ROUTE_OK_WL set large-community 999:0:64517
+
+match from 2001:db8:1:1::61 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_ROUTE_OK_WL set ext-community delete $INTCOMM_IRR_REJECT
+
+# enforcing: origin ASN
+# Reject inbound routes when 'from 2001:db8:1:1::61 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_ORIGIN_KO' - reject code: 9
+allow quick from 2001:db8:1:1::61 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_ORIGIN_KO set {
+	localpref 1
+	community 65520:0
+	community 65520:9
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# enforcing: prefix
+# Reject inbound routes when 'from 2001:db8:1:1::61 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_PREFIX_KO' - reject code: 12
+allow quick from 2001:db8:1:1::61 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_PREFIX_KO set {
+	localpref 1
+	community 65520:0
+	community 65520:12
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+
+# Prefix: length
+# Reject inbound routes when 'from 2001:db8:1:1::61 prefix ::/0 prefixlen 12 >< 48' - reject code: 13
+allow quick from 2001:db8:1:1::61 prefix ::/0 prefixlen 12 >< 48 set {
+	localpref 1
+	community 65520:0
+	community 65520:13
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+# Remove internal communities before accepting the route
+match from 2001:db8:1:1::61 set {
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+match from 2001:db8:1:1::61 set ext-community delete rt 65520:6
+
+
+
+allow quick from 2001:db8:1:1::61
+
+
+
+# ---------------------------------------------
+# client AS6_2, outbound
+
+deny quick to 2001:db8:1:1::61 community 65520:0
+
+
+
+# Blackhole request?
+# No blackhole filtering policy given
+deny quick to 2001:db8:1:1::61 community BLACKHOLE
+
+
+
+# NO_EXPORT and NO_ADVERTISE communities
+
+# BGP control communities
+allow to 2001:db8:1:1::61
+
+
+# Add the $INTCOMM_PROCESS_PREPEND_COMMS ext community to signal that communities
+# for prepending can be processed. As soon as one prepending action is performed,
+# this internal community is removed, so that further actions are not processed.
+match to 2001:db8:1:1::61 set ext-community $INTCOMM_PROCESS_PREPEND_COMMS
+
+
+
+
+
+
+
+# Scrub communities from outbound routes
+# reject_cause
+match to group clients set community delete 65520:*
+
+# reject_cause_map_6
+match to group clients set large-community delete 999:1101:7
+
+# rejected_route_announced_by
+match to group clients set ext-community delete rt 65520:*
+
+
+# Scrub prepending communities
+
+
+# RFC1997 NO_EXPORT/NO_ADVERTISE received from clients and propagated because of pass-through policy
+match to group clients ext-community $INTCOMM_NO_EXPORT set community NO_EXPORT
+match to group clients ext-community $INTCOMM_NO_ADVERTISE set community NO_ADVERTISE
+
+# Remove internal communities before announcing the route
+match to group clients set {
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
diff --git a/tests/live_tests/scenarios/tag_as_set/routes/TagASSetScenario_EmptyAS_SETs_OpenBGPDIPv4/openbgpd77p/AS1.txt b/tests/live_tests/scenarios/tag_as_set/routes/TagASSetScenario_EmptyAS_SETs_OpenBGPDIPv4/openbgpd77p/AS1.txt
new file mode 100644
index 00000000..a8837f73
--- /dev/null
+++ b/tests/live_tests/scenarios/tag_as_set/routes/TagASSetScenario_EmptyAS_SETs_OpenBGPDIPv4/openbgpd77p/AS1.txt
@@ -0,0 +1,168 @@
+2.0.1.0/24, AS_PATH: 2, NEXT_HOP: 192.0.2.21, via 192.0.2.2
+  std comms: 999:64513, 999:64515
+  ext comms:
+  lrg comms: 999:0:64513, 999:0:64515
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2.0.2.0/24, AS_PATH: 2 3, NEXT_HOP: 192.0.2.21, via 192.0.2.2
+  std comms: 999:64513, 999:64515
+  ext comms:
+  lrg comms: 999:0:64513, 999:0:64515
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2.0.3.0/24, AS_PATH: 2 21, NEXT_HOP: 192.0.2.21, via 192.0.2.2
+  std comms: 999:64513, 999:64514
+  ext comms:
+  lrg comms: 999:0:64513, 999:0:64514
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2.0.4.0/24, AS_PATH: 2, NEXT_HOP: 192.0.2.21, via 192.0.2.2
+  std comms: 999:64513, 999:64515
+  ext comms:
+  lrg comms: 999:0:64513, 999:0:64515
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2.0.5.0/24, AS_PATH: 2, NEXT_HOP: 192.0.2.21, via 192.0.2.2
+  std comms: 999:64513, 999:64515
+  ext comms:
+  lrg comms: 999:0:64513, 999:0:64515
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2.1.0.0/24, AS_PATH: 2, NEXT_HOP: 192.0.2.21, via 192.0.2.2
+  std comms: 999:64513, 999:64515
+  ext comms:
+  lrg comms: 999:0:64513, 999:0:64515
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2.2.1.0/24, AS_PATH: 2, NEXT_HOP: 192.0.2.21, via 192.0.2.2
+  std comms: 999:64512, 999:64515
+  ext comms:
+  lrg comms: 999:0:64512, 999:0:64515
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2.2.2.0/24, AS_PATH: 2 3, NEXT_HOP: 192.0.2.21, via 192.0.2.2
+  std comms: 999:64512, 999:64515
+  ext comms:
+  lrg comms: 999:0:64512, 999:0:64515
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2.2.3.0/24, AS_PATH: 2 21, NEXT_HOP: 192.0.2.21, via 192.0.2.2
+  std comms: 999:64512, 999:64514
+  ext comms:
+  lrg comms: 999:0:64512, 999:0:64514
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2.3.1.0/24, AS_PATH: 2 21, NEXT_HOP: 192.0.2.21, via 192.0.2.2
+  std comms: 999:64513, 999:64514
+  ext comms:
+  lrg comms: 999:0:64513, 999:0:64514
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2.5.0.0/16, AS_PATH: 2, NEXT_HOP: 192.0.2.21, via 192.0.2.2
+  std comms: 999:64513, 999:64515
+  ext comms:
+  lrg comms: 999:0:64513, 999:0:64515
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2.6.0.0/16, AS_PATH: 2, NEXT_HOP: 192.0.2.21, via 192.0.2.2
+  std comms: 999:64513, 999:64515
+  ext comms:
+  lrg comms: 999:0:64513, 999:0:64515
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2.7.0.0/16, AS_PATH: 2, NEXT_HOP: 192.0.2.21, via 192.0.2.2
+  std comms: 999:64513, 999:64515
+  ext comms:
+  lrg comms: 999:0:64513, 999:0:64515
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+3.0.1.0/24, AS_PATH: 2 3, NEXT_HOP: 192.0.2.21, via 192.0.2.2
+  std comms: 999:64513, 999:64515
+  ext comms:
+  lrg comms: 999:0:64513, 999:0:64515
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+3.2.1.0/24, AS_PATH: 6 3, NEXT_HOP: 192.0.2.61, via 192.0.2.2
+  std comms: 999:64513, 999:64515, 999:64517
+  ext comms:
+  lrg comms: 999:0:64513, 999:0:64515, 999:0:64517
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+4.0.3.0/24, AS_PATH: 4 41, NEXT_HOP: 192.0.2.41, via 192.0.2.2
+  std comms: 999:64513, 999:64514
+  ext comms:
+  lrg comms: 999:0:64513, 999:0:64514
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+4.2.3.0/24, AS_PATH: 4 41, NEXT_HOP: 192.0.2.41, via 192.0.2.2
+  std comms: 999:64512, 999:64514
+  ext comms:
+  lrg comms: 999:0:64512, 999:0:64514
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+4.3.1.0/24, AS_PATH: 4 41, NEXT_HOP: 192.0.2.41, via 192.0.2.2
+  std comms: 999:64513, 999:64514
+  ext comms:
+  lrg comms: 999:0:64513, 999:0:64514
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+4.4.0.0/16, AS_PATH: 4 44, NEXT_HOP: 192.0.2.41, via 192.0.2.2
+  std comms: 999:64513, 999:64515, 999:64517
+  ext comms:
+  lrg comms: 999:0:64513, 999:0:64515, 999:0:64517
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+4.5.1.0/24, AS_PATH: 4 43, NEXT_HOP: 192.0.2.41, via 192.0.2.2
+  std comms: 999:64513, 999:64515, 999:64517
+  ext comms:
+  lrg comms: 999:0:64513, 999:0:64515, 999:0:64517
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+4.6.1.0/24, AS_PATH: 4 45, NEXT_HOP: 192.0.2.41, via 192.0.2.2
+  std comms: 999:64513, 999:64515, 999:64517
+  ext comms:
+  lrg comms: 999:0:64513, 999:0:64515, 999:0:64517
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+5.2.1.0/24, AS_PATH: 5, NEXT_HOP: 192.0.2.51, via 192.0.2.2
+  std comms: 999:64512, 999:64515
+  ext comms:
+  lrg comms: 999:0:64512, 999:0:64515
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+5.2.2.0/24, AS_PATH: 5 3, NEXT_HOP: 192.0.2.51, via 192.0.2.2
+  std comms: 999:64512, 999:64515
+  ext comms:
+  lrg comms: 999:0:64512, 999:0:64515
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+5.2.3.0/24, AS_PATH: 5 51, NEXT_HOP: 192.0.2.51, via 192.0.2.2
+  std comms: 999:64512, 999:64514
+  ext comms:
+  lrg comms: 999:0:64512, 999:0:64514
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
diff --git a/tests/live_tests/scenarios/tag_as_set/routes/TagASSetScenario_EmptyAS_SETs_OpenBGPDIPv4/openbgpd77p/AS2.txt b/tests/live_tests/scenarios/tag_as_set/routes/TagASSetScenario_EmptyAS_SETs_OpenBGPDIPv4/openbgpd77p/AS2.txt
new file mode 100644
index 00000000..e63496cd
--- /dev/null
+++ b/tests/live_tests/scenarios/tag_as_set/routes/TagASSetScenario_EmptyAS_SETs_OpenBGPDIPv4/openbgpd77p/AS2.txt
@@ -0,0 +1,70 @@
+3.2.1.0/24, AS_PATH: 6 3, NEXT_HOP: 192.0.2.61, via 192.0.2.2
+  std comms: 999:64513, 999:64515, 999:64517
+  ext comms:
+  lrg comms: 999:0:64513, 999:0:64515, 999:0:64517
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+4.0.3.0/24, AS_PATH: 4 41, NEXT_HOP: 192.0.2.41, via 192.0.2.2
+  std comms: 999:64513, 999:64514
+  ext comms:
+  lrg comms: 999:0:64513, 999:0:64514
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+4.2.3.0/24, AS_PATH: 4 41, NEXT_HOP: 192.0.2.41, via 192.0.2.2
+  std comms: 999:64512, 999:64514
+  ext comms:
+  lrg comms: 999:0:64512, 999:0:64514
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+4.3.1.0/24, AS_PATH: 4 41, NEXT_HOP: 192.0.2.41, via 192.0.2.2
+  std comms: 999:64513, 999:64514
+  ext comms:
+  lrg comms: 999:0:64513, 999:0:64514
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+4.4.0.0/16, AS_PATH: 4 44, NEXT_HOP: 192.0.2.41, via 192.0.2.2
+  std comms: 999:64513, 999:64515, 999:64517
+  ext comms:
+  lrg comms: 999:0:64513, 999:0:64515, 999:0:64517
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+4.5.1.0/24, AS_PATH: 4 43, NEXT_HOP: 192.0.2.41, via 192.0.2.2
+  std comms: 999:64513, 999:64515, 999:64517
+  ext comms:
+  lrg comms: 999:0:64513, 999:0:64515, 999:0:64517
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+4.6.1.0/24, AS_PATH: 4 45, NEXT_HOP: 192.0.2.41, via 192.0.2.2
+  std comms: 999:64513, 999:64515, 999:64517
+  ext comms:
+  lrg comms: 999:0:64513, 999:0:64515, 999:0:64517
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+5.2.1.0/24, AS_PATH: 5, NEXT_HOP: 192.0.2.51, via 192.0.2.2
+  std comms: 999:64512, 999:64515
+  ext comms:
+  lrg comms: 999:0:64512, 999:0:64515
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+5.2.2.0/24, AS_PATH: 5 3, NEXT_HOP: 192.0.2.51, via 192.0.2.2
+  std comms: 999:64512, 999:64515
+  ext comms:
+  lrg comms: 999:0:64512, 999:0:64515
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+5.2.3.0/24, AS_PATH: 5 51, NEXT_HOP: 192.0.2.51, via 192.0.2.2
+  std comms: 999:64512, 999:64514
+  ext comms:
+  lrg comms: 999:0:64512, 999:0:64514
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
diff --git a/tests/live_tests/scenarios/tag_as_set/routes/TagASSetScenario_EmptyAS_SETs_OpenBGPDIPv4/openbgpd77p/AS4.txt b/tests/live_tests/scenarios/tag_as_set/routes/TagASSetScenario_EmptyAS_SETs_OpenBGPDIPv4/openbgpd77p/AS4.txt
new file mode 100644
index 00000000..16590df8
--- /dev/null
+++ b/tests/live_tests/scenarios/tag_as_set/routes/TagASSetScenario_EmptyAS_SETs_OpenBGPDIPv4/openbgpd77p/AS4.txt
@@ -0,0 +1,126 @@
+2.0.1.0/24, AS_PATH: 2, NEXT_HOP: 192.0.2.21, via 192.0.2.2
+  std comms: 999:64513, 999:64515
+  ext comms:
+  lrg comms: 999:0:64513, 999:0:64515
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2.0.2.0/24, AS_PATH: 2 3, NEXT_HOP: 192.0.2.21, via 192.0.2.2
+  std comms: 999:64513, 999:64515
+  ext comms:
+  lrg comms: 999:0:64513, 999:0:64515
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2.0.3.0/24, AS_PATH: 2 21, NEXT_HOP: 192.0.2.21, via 192.0.2.2
+  std comms: 999:64513, 999:64514
+  ext comms:
+  lrg comms: 999:0:64513, 999:0:64514
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2.0.3.0/24, AS_PATH: 2 3, NEXT_HOP: 192.0.2.21, via 192.0.2.2
+  std comms: 999:64513, 999:64515
+  ext comms:
+  lrg comms: 999:0:64513, 999:0:64515
+  best: False, LOCAL_PREF: 100
+  filtered: False ()
+
+2.0.4.0/24, AS_PATH: 2, NEXT_HOP: 192.0.2.21, via 192.0.2.2
+  std comms: 999:64513, 999:64515
+  ext comms:
+  lrg comms: 999:0:64513, 999:0:64515
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2.0.5.0/24, AS_PATH: 2, NEXT_HOP: 192.0.2.21, via 192.0.2.2
+  std comms: 999:64513, 999:64515
+  ext comms:
+  lrg comms: 999:0:64513, 999:0:64515
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2.1.0.0/24, AS_PATH: 2, NEXT_HOP: 192.0.2.21, via 192.0.2.2
+  std comms: 999:64513, 999:64515
+  ext comms:
+  lrg comms: 999:0:64513, 999:0:64515
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2.2.1.0/24, AS_PATH: 2, NEXT_HOP: 192.0.2.21, via 192.0.2.2
+  std comms: 999:64512, 999:64515
+  ext comms:
+  lrg comms: 999:0:64512, 999:0:64515
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2.2.2.0/24, AS_PATH: 2 3, NEXT_HOP: 192.0.2.21, via 192.0.2.2
+  std comms: 999:64512, 999:64515
+  ext comms:
+  lrg comms: 999:0:64512, 999:0:64515
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2.2.3.0/24, AS_PATH: 2 21, NEXT_HOP: 192.0.2.21, via 192.0.2.2
+  std comms: 999:64512, 999:64514
+  ext comms:
+  lrg comms: 999:0:64512, 999:0:64514
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2.3.1.0/24, AS_PATH: 2 21, NEXT_HOP: 192.0.2.21, via 192.0.2.2
+  std comms: 999:64513, 999:64514
+  ext comms:
+  lrg comms: 999:0:64513, 999:0:64514
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2.5.0.0/16, AS_PATH: 2, NEXT_HOP: 192.0.2.21, via 192.0.2.2
+  std comms: 999:64513, 999:64515
+  ext comms:
+  lrg comms: 999:0:64513, 999:0:64515
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2.6.0.0/16, AS_PATH: 2, NEXT_HOP: 192.0.2.21, via 192.0.2.2
+  std comms: 999:64513, 999:64515
+  ext comms:
+  lrg comms: 999:0:64513, 999:0:64515
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2.7.0.0/16, AS_PATH: 2, NEXT_HOP: 192.0.2.21, via 192.0.2.2
+  std comms: 999:64513, 999:64515
+  ext comms:
+  lrg comms: 999:0:64513, 999:0:64515
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+3.2.1.0/24, AS_PATH: 6 3, NEXT_HOP: 192.0.2.61, via 192.0.2.2
+  std comms: 999:64513, 999:64515, 999:64517
+  ext comms:
+  lrg comms: 999:0:64513, 999:0:64515, 999:0:64517
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+5.2.1.0/24, AS_PATH: 5, NEXT_HOP: 192.0.2.51, via 192.0.2.2
+  std comms: 999:64512, 999:64515
+  ext comms:
+  lrg comms: 999:0:64512, 999:0:64515
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+5.2.2.0/24, AS_PATH: 5 3, NEXT_HOP: 192.0.2.51, via 192.0.2.2
+  std comms: 999:64512, 999:64515
+  ext comms:
+  lrg comms: 999:0:64512, 999:0:64515
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+5.2.3.0/24, AS_PATH: 5 51, NEXT_HOP: 192.0.2.51, via 192.0.2.2
+  std comms: 999:64512, 999:64514
+  ext comms:
+  lrg comms: 999:0:64512, 999:0:64514
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
diff --git a/tests/live_tests/scenarios/tag_as_set/routes/TagASSetScenario_EmptyAS_SETs_OpenBGPDIPv4/openbgpd77p/AS5.txt b/tests/live_tests/scenarios/tag_as_set/routes/TagASSetScenario_EmptyAS_SETs_OpenBGPDIPv4/openbgpd77p/AS5.txt
new file mode 100644
index 00000000..2e9887a9
--- /dev/null
+++ b/tests/live_tests/scenarios/tag_as_set/routes/TagASSetScenario_EmptyAS_SETs_OpenBGPDIPv4/openbgpd77p/AS5.txt
@@ -0,0 +1,147 @@
+2.0.1.0/24, AS_PATH: 2, NEXT_HOP: 192.0.2.21, via 192.0.2.2
+  std comms: 999:64513, 999:64515
+  ext comms:
+  lrg comms: 999:0:64513, 999:0:64515
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2.0.2.0/24, AS_PATH: 2 3, NEXT_HOP: 192.0.2.21, via 192.0.2.2
+  std comms: 999:64513, 999:64515
+  ext comms:
+  lrg comms: 999:0:64513, 999:0:64515
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2.0.3.0/24, AS_PATH: 2 21, NEXT_HOP: 192.0.2.21, via 192.0.2.2
+  std comms: 999:64513, 999:64514
+  ext comms:
+  lrg comms: 999:0:64513, 999:0:64514
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2.0.3.0/24, AS_PATH: 2 3, NEXT_HOP: 192.0.2.21, via 192.0.2.2
+  std comms: 999:64513, 999:64515
+  ext comms:
+  lrg comms: 999:0:64513, 999:0:64515
+  best: False, LOCAL_PREF: 100
+  filtered: False ()
+
+2.0.4.0/24, AS_PATH: 2, NEXT_HOP: 192.0.2.21, via 192.0.2.2
+  std comms: 999:64513, 999:64515
+  ext comms:
+  lrg comms: 999:0:64513, 999:0:64515
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2.0.5.0/24, AS_PATH: 2, NEXT_HOP: 192.0.2.21, via 192.0.2.2
+  std comms: 999:64513, 999:64515
+  ext comms:
+  lrg comms: 999:0:64513, 999:0:64515
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2.1.0.0/24, AS_PATH: 2, NEXT_HOP: 192.0.2.21, via 192.0.2.2
+  std comms: 999:64513, 999:64515
+  ext comms:
+  lrg comms: 999:0:64513, 999:0:64515
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2.2.1.0/24, AS_PATH: 2, NEXT_HOP: 192.0.2.21, via 192.0.2.2
+  std comms: 999:64512, 999:64515
+  ext comms:
+  lrg comms: 999:0:64512, 999:0:64515
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2.2.2.0/24, AS_PATH: 2 3, NEXT_HOP: 192.0.2.21, via 192.0.2.2
+  std comms: 999:64512, 999:64515
+  ext comms:
+  lrg comms: 999:0:64512, 999:0:64515
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2.2.3.0/24, AS_PATH: 2 21, NEXT_HOP: 192.0.2.21, via 192.0.2.2
+  std comms: 999:64512, 999:64514
+  ext comms:
+  lrg comms: 999:0:64512, 999:0:64514
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2.3.1.0/24, AS_PATH: 2 21, NEXT_HOP: 192.0.2.21, via 192.0.2.2
+  std comms: 999:64513, 999:64514
+  ext comms:
+  lrg comms: 999:0:64513, 999:0:64514
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2.5.0.0/16, AS_PATH: 2, NEXT_HOP: 192.0.2.21, via 192.0.2.2
+  std comms: 999:64513, 999:64515
+  ext comms:
+  lrg comms: 999:0:64513, 999:0:64515
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2.6.0.0/16, AS_PATH: 2, NEXT_HOP: 192.0.2.21, via 192.0.2.2
+  std comms: 999:64513, 999:64515
+  ext comms:
+  lrg comms: 999:0:64513, 999:0:64515
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2.7.0.0/16, AS_PATH: 2, NEXT_HOP: 192.0.2.21, via 192.0.2.2
+  std comms: 999:64513, 999:64515
+  ext comms:
+  lrg comms: 999:0:64513, 999:0:64515
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+3.2.1.0/24, AS_PATH: 6 3, NEXT_HOP: 192.0.2.61, via 192.0.2.2
+  std comms: 999:64513, 999:64515, 999:64517
+  ext comms:
+  lrg comms: 999:0:64513, 999:0:64515, 999:0:64517
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+4.0.3.0/24, AS_PATH: 4 41, NEXT_HOP: 192.0.2.41, via 192.0.2.2
+  std comms: 999:64513, 999:64514
+  ext comms:
+  lrg comms: 999:0:64513, 999:0:64514
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+4.2.3.0/24, AS_PATH: 4 41, NEXT_HOP: 192.0.2.41, via 192.0.2.2
+  std comms: 999:64512, 999:64514
+  ext comms:
+  lrg comms: 999:0:64512, 999:0:64514
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+4.3.1.0/24, AS_PATH: 4 41, NEXT_HOP: 192.0.2.41, via 192.0.2.2
+  std comms: 999:64513, 999:64514
+  ext comms:
+  lrg comms: 999:0:64513, 999:0:64514
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+4.4.0.0/16, AS_PATH: 4 44, NEXT_HOP: 192.0.2.41, via 192.0.2.2
+  std comms: 999:64513, 999:64515, 999:64517
+  ext comms:
+  lrg comms: 999:0:64513, 999:0:64515, 999:0:64517
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+4.5.1.0/24, AS_PATH: 4 43, NEXT_HOP: 192.0.2.41, via 192.0.2.2
+  std comms: 999:64513, 999:64515, 999:64517
+  ext comms:
+  lrg comms: 999:0:64513, 999:0:64515, 999:0:64517
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+4.6.1.0/24, AS_PATH: 4 45, NEXT_HOP: 192.0.2.41, via 192.0.2.2
+  std comms: 999:64513, 999:64515, 999:64517
+  ext comms:
+  lrg comms: 999:0:64513, 999:0:64515, 999:0:64517
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
diff --git a/tests/live_tests/scenarios/tag_as_set/routes/TagASSetScenario_EmptyAS_SETs_OpenBGPDIPv4/openbgpd77p/AS6.txt b/tests/live_tests/scenarios/tag_as_set/routes/TagASSetScenario_EmptyAS_SETs_OpenBGPDIPv4/openbgpd77p/AS6.txt
new file mode 100644
index 00000000..6460e7ee
--- /dev/null
+++ b/tests/live_tests/scenarios/tag_as_set/routes/TagASSetScenario_EmptyAS_SETs_OpenBGPDIPv4/openbgpd77p/AS6.txt
@@ -0,0 +1,161 @@
+2.0.1.0/24, AS_PATH: 2, NEXT_HOP: 192.0.2.21, via 192.0.2.2
+  std comms: 999:64513, 999:64515
+  ext comms:
+  lrg comms: 999:0:64513, 999:0:64515
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2.0.2.0/24, AS_PATH: 2 3, NEXT_HOP: 192.0.2.21, via 192.0.2.2
+  std comms: 999:64513, 999:64515
+  ext comms:
+  lrg comms: 999:0:64513, 999:0:64515
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2.0.3.0/24, AS_PATH: 2 21, NEXT_HOP: 192.0.2.21, via 192.0.2.2
+  std comms: 999:64513, 999:64514
+  ext comms:
+  lrg comms: 999:0:64513, 999:0:64514
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2.0.4.0/24, AS_PATH: 2, NEXT_HOP: 192.0.2.21, via 192.0.2.2
+  std comms: 999:64513, 999:64515
+  ext comms:
+  lrg comms: 999:0:64513, 999:0:64515
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2.0.5.0/24, AS_PATH: 2, NEXT_HOP: 192.0.2.21, via 192.0.2.2
+  std comms: 999:64513, 999:64515
+  ext comms:
+  lrg comms: 999:0:64513, 999:0:64515
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2.1.0.0/24, AS_PATH: 2, NEXT_HOP: 192.0.2.21, via 192.0.2.2
+  std comms: 999:64513, 999:64515
+  ext comms:
+  lrg comms: 999:0:64513, 999:0:64515
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2.2.1.0/24, AS_PATH: 2, NEXT_HOP: 192.0.2.21, via 192.0.2.2
+  std comms: 999:64512, 999:64515
+  ext comms:
+  lrg comms: 999:0:64512, 999:0:64515
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2.2.2.0/24, AS_PATH: 2 3, NEXT_HOP: 192.0.2.21, via 192.0.2.2
+  std comms: 999:64512, 999:64515
+  ext comms:
+  lrg comms: 999:0:64512, 999:0:64515
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2.2.3.0/24, AS_PATH: 2 21, NEXT_HOP: 192.0.2.21, via 192.0.2.2
+  std comms: 999:64512, 999:64514
+  ext comms:
+  lrg comms: 999:0:64512, 999:0:64514
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2.3.1.0/24, AS_PATH: 2 21, NEXT_HOP: 192.0.2.21, via 192.0.2.2
+  std comms: 999:64513, 999:64514
+  ext comms:
+  lrg comms: 999:0:64513, 999:0:64514
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2.5.0.0/16, AS_PATH: 2, NEXT_HOP: 192.0.2.21, via 192.0.2.2
+  std comms: 999:64513, 999:64515
+  ext comms:
+  lrg comms: 999:0:64513, 999:0:64515
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2.6.0.0/16, AS_PATH: 2, NEXT_HOP: 192.0.2.21, via 192.0.2.2
+  std comms: 999:64513, 999:64515
+  ext comms:
+  lrg comms: 999:0:64513, 999:0:64515
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2.7.0.0/16, AS_PATH: 2, NEXT_HOP: 192.0.2.21, via 192.0.2.2
+  std comms: 999:64513, 999:64515
+  ext comms:
+  lrg comms: 999:0:64513, 999:0:64515
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+3.0.1.0/24, AS_PATH: 2 3, NEXT_HOP: 192.0.2.21, via 192.0.2.2
+  std comms: 999:64513, 999:64515
+  ext comms:
+  lrg comms: 999:0:64513, 999:0:64515
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+4.0.3.0/24, AS_PATH: 4 41, NEXT_HOP: 192.0.2.41, via 192.0.2.2
+  std comms: 999:64513, 999:64514
+  ext comms:
+  lrg comms: 999:0:64513, 999:0:64514
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+4.2.3.0/24, AS_PATH: 4 41, NEXT_HOP: 192.0.2.41, via 192.0.2.2
+  std comms: 999:64512, 999:64514
+  ext comms:
+  lrg comms: 999:0:64512, 999:0:64514
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+4.3.1.0/24, AS_PATH: 4 41, NEXT_HOP: 192.0.2.41, via 192.0.2.2
+  std comms: 999:64513, 999:64514
+  ext comms:
+  lrg comms: 999:0:64513, 999:0:64514
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+4.4.0.0/16, AS_PATH: 4 44, NEXT_HOP: 192.0.2.41, via 192.0.2.2
+  std comms: 999:64513, 999:64515, 999:64517
+  ext comms:
+  lrg comms: 999:0:64513, 999:0:64515, 999:0:64517
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+4.5.1.0/24, AS_PATH: 4 43, NEXT_HOP: 192.0.2.41, via 192.0.2.2
+  std comms: 999:64513, 999:64515, 999:64517
+  ext comms:
+  lrg comms: 999:0:64513, 999:0:64515, 999:0:64517
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+4.6.1.0/24, AS_PATH: 4 45, NEXT_HOP: 192.0.2.41, via 192.0.2.2
+  std comms: 999:64513, 999:64515, 999:64517
+  ext comms:
+  lrg comms: 999:0:64513, 999:0:64515, 999:0:64517
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+5.2.1.0/24, AS_PATH: 5, NEXT_HOP: 192.0.2.51, via 192.0.2.2
+  std comms: 999:64512, 999:64515
+  ext comms:
+  lrg comms: 999:0:64512, 999:0:64515
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+5.2.2.0/24, AS_PATH: 5 3, NEXT_HOP: 192.0.2.51, via 192.0.2.2
+  std comms: 999:64512, 999:64515
+  ext comms:
+  lrg comms: 999:0:64512, 999:0:64515
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+5.2.3.0/24, AS_PATH: 5 51, NEXT_HOP: 192.0.2.51, via 192.0.2.2
+  std comms: 999:64512, 999:64514
+  ext comms:
+  lrg comms: 999:0:64512, 999:0:64514
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
diff --git a/tests/live_tests/scenarios/tag_as_set/routes/TagASSetScenario_EmptyAS_SETs_OpenBGPDIPv4/openbgpd77p/rs.txt b/tests/live_tests/scenarios/tag_as_set/routes/TagASSetScenario_EmptyAS_SETs_OpenBGPDIPv4/openbgpd77p/rs.txt
new file mode 100644
index 00000000..176237ed
--- /dev/null
+++ b/tests/live_tests/scenarios/tag_as_set/routes/TagASSetScenario_EmptyAS_SETs_OpenBGPDIPv4/openbgpd77p/rs.txt
@@ -0,0 +1,294 @@
+2.0.1.0/24, AS_PATH: 2, NEXT_HOP: 192.0.2.21, via 192.0.2.21
+  std comms: 999:64513, 999:64515
+  ext comms:
+  lrg comms: 999:0:64513, 999:0:64515
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2.0.2.0/24, AS_PATH: 2 3, NEXT_HOP: 192.0.2.21, via 192.0.2.21
+  std comms: 999:64513, 999:64515
+  ext comms:
+  lrg comms: 999:0:64513, 999:0:64515
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2.0.3.0/24, AS_PATH: 2 21, NEXT_HOP: 192.0.2.21, via 192.0.2.21
+  std comms: 999:64513, 999:64514
+  ext comms:
+  lrg comms: 999:0:64513, 999:0:64514
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2.0.4.0/24, AS_PATH: 2, NEXT_HOP: 192.0.2.21, via 192.0.2.21
+  std comms: 999:64513, 999:64515
+  ext comms:
+  lrg comms: 999:0:64513, 999:0:64515
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2.0.5.0/24, AS_PATH: 2, NEXT_HOP: 192.0.2.21, via 192.0.2.21
+  std comms: 999:64513, 999:64515
+  ext comms:
+  lrg comms: 999:0:64513, 999:0:64515
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2.1.0.0/24, AS_PATH: 2, NEXT_HOP: 192.0.2.21, via 192.0.2.21
+  std comms: 999:64513, 999:64515
+  ext comms:
+  lrg comms: 999:0:64513, 999:0:64515
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2.2.1.0/24, AS_PATH: 2, NEXT_HOP: 192.0.2.21, via 192.0.2.21
+  std comms: 999:64512, 999:64515
+  ext comms:
+  lrg comms: 999:0:64512, 999:0:64515
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2.2.2.0/24, AS_PATH: 2 3, NEXT_HOP: 192.0.2.21, via 192.0.2.21
+  std comms: 999:64512, 999:64515
+  ext comms:
+  lrg comms: 999:0:64512, 999:0:64515
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2.2.3.0/24, AS_PATH: 2 21, NEXT_HOP: 192.0.2.21, via 192.0.2.21
+  std comms: 999:64512, 999:64514
+  ext comms:
+  lrg comms: 999:0:64512, 999:0:64514
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2.3.1.0/24, AS_PATH: 2 21, NEXT_HOP: 192.0.2.21, via 192.0.2.21
+  std comms: 999:64513, 999:64514
+  ext comms:
+  lrg comms: 999:0:64513, 999:0:64514
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2.4.0.0/16, AS_PATH: 6 2, NEXT_HOP: 192.0.2.61, via 192.0.2.61
+  std comms: 999:64513, 999:64515
+  ext comms:
+  lrg comms: 999:0:64513, 999:0:64515
+  best: True, LOCAL_PREF: 1
+  filtered: True (9)
+
+2.5.0.0/16, AS_PATH: 2, NEXT_HOP: 192.0.2.21, via 192.0.2.21
+  std comms: 999:64513, 999:64515
+  ext comms:
+  lrg comms: 999:0:64513, 999:0:64515
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2.6.0.0/16, AS_PATH: 2, NEXT_HOP: 192.0.2.21, via 192.0.2.21
+  std comms: 999:64513, 999:64515
+  ext comms:
+  lrg comms: 999:0:64513, 999:0:64515
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2.7.0.0/16, AS_PATH: 2, NEXT_HOP: 192.0.2.21, via 192.0.2.21
+  std comms: 999:64513, 999:64515
+  ext comms:
+  lrg comms: 999:0:64513, 999:0:64515
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+3.0.1.0/24, AS_PATH: 2 3, NEXT_HOP: 192.0.2.21, via 192.0.2.21
+  std comms: 999:64513, 999:64515
+  ext comms:
+  lrg comms: 999:0:64513, 999:0:64515
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+3.0.1.0/24, AS_PATH: 4 3, NEXT_HOP: 192.0.2.41, via 192.0.2.41
+  std comms: 999:64513, 999:64515
+  ext comms:
+  lrg comms: 999:0:64513, 999:0:64515
+  best: False, LOCAL_PREF: 1
+  filtered: True (9)
+
+3.0.1.0/24, AS_PATH: 5 3, NEXT_HOP: 192.0.2.51, via 192.0.2.51
+  std comms: 999:64513, 999:64515
+  ext comms:
+  lrg comms: 999:0:64513, 999:0:64515
+  best: False, LOCAL_PREF: 1
+  filtered: True (12)
+
+3.1.0.0/16, AS_PATH: 6 3, NEXT_HOP: 192.0.2.61, via 192.0.2.61
+  std comms: 999:64513, 999:64515
+  ext comms:
+  lrg comms: 999:0:64513, 999:0:64515
+  best: True, LOCAL_PREF: 1
+  filtered: True (9)
+
+3.2.1.0/24, AS_PATH: 6 3, NEXT_HOP: 192.0.2.61, via 192.0.2.61
+  std comms: 999:64513, 999:64515, 999:64517
+  ext comms:
+  lrg comms: 999:0:64513, 999:0:64515, 999:0:64517
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+3.3.0.0/16, AS_PATH: 6 3, NEXT_HOP: 192.0.2.61, via 192.0.2.61
+  std comms: 999:64513, 999:64515
+  ext comms:
+  lrg comms: 999:0:64513, 999:0:64515
+  best: True, LOCAL_PREF: 1
+  filtered: True (9)
+
+4.0.1.0/24, AS_PATH: 4, NEXT_HOP: 192.0.2.41, via 192.0.2.41
+  std comms: 999:64513, 999:64515
+  ext comms:
+  lrg comms: 999:0:64513, 999:0:64515
+  best: True, LOCAL_PREF: 1
+  filtered: True (9)
+
+4.0.2.0/24, AS_PATH: 4 3, NEXT_HOP: 192.0.2.41, via 192.0.2.41
+  std comms: 999:64513, 999:64515
+  ext comms:
+  lrg comms: 999:0:64513, 999:0:64515
+  best: True, LOCAL_PREF: 1
+  filtered: True (9)
+
+4.0.3.0/24, AS_PATH: 4 41, NEXT_HOP: 192.0.2.41, via 192.0.2.41
+  std comms: 999:64513, 999:64514
+  ext comms:
+  lrg comms: 999:0:64513, 999:0:64514
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+4.1.0.0/24, AS_PATH: 4, NEXT_HOP: 192.0.2.41, via 192.0.2.41
+  std comms: 999:64513, 999:64515
+  ext comms:
+  lrg comms: 999:0:64513, 999:0:64515
+  best: True, LOCAL_PREF: 1
+  filtered: True (9)
+
+4.2.1.0/24, AS_PATH: 4, NEXT_HOP: 192.0.2.41, via 192.0.2.41
+  std comms: 999:64512, 999:64515
+  ext comms:
+  lrg comms: 999:0:64512, 999:0:64515
+  best: True, LOCAL_PREF: 1
+  filtered: True (9)
+
+4.2.2.0/24, AS_PATH: 4 3, NEXT_HOP: 192.0.2.41, via 192.0.2.41
+  std comms: 999:64512, 999:64515
+  ext comms:
+  lrg comms: 999:0:64512, 999:0:64515
+  best: True, LOCAL_PREF: 1
+  filtered: True (9)
+
+4.2.3.0/24, AS_PATH: 4 41, NEXT_HOP: 192.0.2.41, via 192.0.2.41
+  std comms: 999:64512, 999:64514
+  ext comms:
+  lrg comms: 999:0:64512, 999:0:64514
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+4.3.1.0/24, AS_PATH: 4 41, NEXT_HOP: 192.0.2.41, via 192.0.2.41
+  std comms: 999:64513, 999:64514
+  ext comms:
+  lrg comms: 999:0:64513, 999:0:64514
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+4.4.0.0/16, AS_PATH: 4 44, NEXT_HOP: 192.0.2.41, via 192.0.2.41
+  std comms: 999:64513, 999:64515, 999:64517
+  ext comms:
+  lrg comms: 999:0:64513, 999:0:64515, 999:0:64517
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+4.4.1.0/24, AS_PATH: 4 44, NEXT_HOP: 192.0.2.41, via 192.0.2.41
+  std comms: 999:64513, 999:64515
+  ext comms:
+  lrg comms: 999:0:64513, 999:0:64515
+  best: True, LOCAL_PREF: 1
+  filtered: True (9)
+
+4.5.1.0/24, AS_PATH: 4 43, NEXT_HOP: 192.0.2.41, via 192.0.2.41
+  std comms: 999:64513, 999:64515, 999:64517
+  ext comms:
+  lrg comms: 999:0:64513, 999:0:64515, 999:0:64517
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+4.5.2.0/24, AS_PATH: 4 45, NEXT_HOP: 192.0.2.41, via 192.0.2.41
+  std comms: 999:64513, 999:64515
+  ext comms:
+  lrg comms: 999:0:64513, 999:0:64515
+  best: True, LOCAL_PREF: 1
+  filtered: True (9)
+
+4.6.1.0/24, AS_PATH: 4 45, NEXT_HOP: 192.0.2.41, via 192.0.2.41
+  std comms: 999:64513, 999:64515, 999:64517
+  ext comms:
+  lrg comms: 999:0:64513, 999:0:64515, 999:0:64517
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+5.0.1.0/24, AS_PATH: 5, NEXT_HOP: 192.0.2.51, via 192.0.2.51
+  std comms: 999:64513, 999:64515
+  ext comms:
+  lrg comms: 999:0:64513, 999:0:64515
+  best: True, LOCAL_PREF: 1
+  filtered: True (12)
+
+5.0.2.0/24, AS_PATH: 5 3, NEXT_HOP: 192.0.2.51, via 192.0.2.51
+  std comms: 999:64513, 999:64515
+  ext comms:
+  lrg comms: 999:0:64513, 999:0:64515
+  best: True, LOCAL_PREF: 1
+  filtered: True (12)
+
+5.0.3.0/24, AS_PATH: 5 51, NEXT_HOP: 192.0.2.51, via 192.0.2.51
+  std comms: 999:64513, 999:64514
+  ext comms:
+  lrg comms: 999:0:64513, 999:0:64514
+  best: True, LOCAL_PREF: 1
+  filtered: True (12)
+
+5.1.0.0/24, AS_PATH: 5, NEXT_HOP: 192.0.2.51, via 192.0.2.51
+  std comms: 999:64513, 999:64515
+  ext comms:
+  lrg comms: 999:0:64513, 999:0:64515
+  best: True, LOCAL_PREF: 1
+  filtered: True (12)
+
+5.2.1.0/24, AS_PATH: 5, NEXT_HOP: 192.0.2.51, via 192.0.2.51
+  std comms: 999:64512, 999:64515
+  ext comms:
+  lrg comms: 999:0:64512, 999:0:64515
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+5.2.2.0/24, AS_PATH: 5 3, NEXT_HOP: 192.0.2.51, via 192.0.2.51
+  std comms: 999:64512, 999:64515
+  ext comms:
+  lrg comms: 999:0:64512, 999:0:64515
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+5.2.3.0/24, AS_PATH: 5 51, NEXT_HOP: 192.0.2.51, via 192.0.2.51
+  std comms: 999:64512, 999:64514
+  ext comms:
+  lrg comms: 999:0:64512, 999:0:64514
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+5.3.1.0/24, AS_PATH: 5 51, NEXT_HOP: 192.0.2.51, via 192.0.2.51
+  std comms: 999:64513, 999:64514
+  ext comms:
+  lrg comms: 999:0:64513, 999:0:64514
+  best: True, LOCAL_PREF: 1
+  filtered: True (12)
+
+6.0.1.0/24, AS_PATH: 6, NEXT_HOP: 192.0.2.61, via 192.0.2.61
+  std comms: 999:64513, 999:64515
+  ext comms:
+  lrg comms: 999:0:64513, 999:0:64515
+  best: True, LOCAL_PREF: 1
+  filtered: True (9)
+
diff --git a/tests/live_tests/scenarios/tag_as_set/routes/TagASSetScenario_EmptyAS_SETs_OpenBGPDIPv6/openbgpd77p/AS1.txt b/tests/live_tests/scenarios/tag_as_set/routes/TagASSetScenario_EmptyAS_SETs_OpenBGPDIPv6/openbgpd77p/AS1.txt
new file mode 100644
index 00000000..49691e25
--- /dev/null
+++ b/tests/live_tests/scenarios/tag_as_set/routes/TagASSetScenario_EmptyAS_SETs_OpenBGPDIPv6/openbgpd77p/AS1.txt
@@ -0,0 +1,168 @@
+2a02:0:1::/48, AS_PATH: 2, NEXT_HOP: 2001:db8:1:1::21, via 2001:db8:1:1::2
+  std comms: 999:64513, 999:64515
+  ext comms:
+  lrg comms: 999:0:64513, 999:0:64515
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a02:0:2::/48, AS_PATH: 2 3, NEXT_HOP: 2001:db8:1:1::21, via 2001:db8:1:1::2
+  std comms: 999:64513, 999:64515
+  ext comms:
+  lrg comms: 999:0:64513, 999:0:64515
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a02:0:3::/48, AS_PATH: 2 21, NEXT_HOP: 2001:db8:1:1::21, via 2001:db8:1:1::2
+  std comms: 999:64513, 999:64514
+  ext comms:
+  lrg comms: 999:0:64513, 999:0:64514
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a02:0:4::/48, AS_PATH: 2, NEXT_HOP: 2001:db8:1:1::21, via 2001:db8:1:1::2
+  std comms: 999:64513, 999:64515
+  ext comms:
+  lrg comms: 999:0:64513, 999:0:64515
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a02:0:5::/48, AS_PATH: 2, NEXT_HOP: 2001:db8:1:1::21, via 2001:db8:1:1::2
+  std comms: 999:64513, 999:64515
+  ext comms:
+  lrg comms: 999:0:64513, 999:0:64515
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a02:1::/48, AS_PATH: 2, NEXT_HOP: 2001:db8:1:1::21, via 2001:db8:1:1::2
+  std comms: 999:64513, 999:64515
+  ext comms:
+  lrg comms: 999:0:64513, 999:0:64515
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a02:2:1::/48, AS_PATH: 2, NEXT_HOP: 2001:db8:1:1::21, via 2001:db8:1:1::2
+  std comms: 999:64512, 999:64515
+  ext comms:
+  lrg comms: 999:0:64512, 999:0:64515
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a02:2:2::/48, AS_PATH: 2 3, NEXT_HOP: 2001:db8:1:1::21, via 2001:db8:1:1::2
+  std comms: 999:64512, 999:64515
+  ext comms:
+  lrg comms: 999:0:64512, 999:0:64515
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a02:2:3::/48, AS_PATH: 2 21, NEXT_HOP: 2001:db8:1:1::21, via 2001:db8:1:1::2
+  std comms: 999:64512, 999:64514
+  ext comms:
+  lrg comms: 999:0:64512, 999:0:64514
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a02:3:1::/48, AS_PATH: 2 21, NEXT_HOP: 2001:db8:1:1::21, via 2001:db8:1:1::2
+  std comms: 999:64513, 999:64514
+  ext comms:
+  lrg comms: 999:0:64513, 999:0:64514
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a02:5::/32, AS_PATH: 2, NEXT_HOP: 2001:db8:1:1::21, via 2001:db8:1:1::2
+  std comms: 999:64513, 999:64515
+  ext comms:
+  lrg comms: 999:0:64513, 999:0:64515
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a02:6::/32, AS_PATH: 2, NEXT_HOP: 2001:db8:1:1::21, via 2001:db8:1:1::2
+  std comms: 999:64513, 999:64515
+  ext comms:
+  lrg comms: 999:0:64513, 999:0:64515
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a02:7::/32, AS_PATH: 2, NEXT_HOP: 2001:db8:1:1::21, via 2001:db8:1:1::2
+  std comms: 999:64513, 999:64515
+  ext comms:
+  lrg comms: 999:0:64513, 999:0:64515
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a03:0:1::/48, AS_PATH: 2 3, NEXT_HOP: 2001:db8:1:1::21, via 2001:db8:1:1::2
+  std comms: 999:64513, 999:64515
+  ext comms:
+  lrg comms: 999:0:64513, 999:0:64515
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a03:2:1::/48, AS_PATH: 6 3, NEXT_HOP: 2001:db8:1:1::61, via 2001:db8:1:1::2
+  std comms: 999:64513, 999:64515, 999:64517
+  ext comms:
+  lrg comms: 999:0:64513, 999:0:64515, 999:0:64517
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a04:0:3::/48, AS_PATH: 4 41, NEXT_HOP: 2001:db8:1:1::41, via 2001:db8:1:1::2
+  std comms: 999:64513, 999:64514
+  ext comms:
+  lrg comms: 999:0:64513, 999:0:64514
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a04:2:3::/48, AS_PATH: 4 41, NEXT_HOP: 2001:db8:1:1::41, via 2001:db8:1:1::2
+  std comms: 999:64512, 999:64514
+  ext comms:
+  lrg comms: 999:0:64512, 999:0:64514
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a04:3:1::/48, AS_PATH: 4 41, NEXT_HOP: 2001:db8:1:1::41, via 2001:db8:1:1::2
+  std comms: 999:64513, 999:64514
+  ext comms:
+  lrg comms: 999:0:64513, 999:0:64514
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a04:4::/32, AS_PATH: 4 44, NEXT_HOP: 2001:db8:1:1::41, via 2001:db8:1:1::2
+  std comms: 999:64513, 999:64515, 999:64517
+  ext comms:
+  lrg comms: 999:0:64513, 999:0:64515, 999:0:64517
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a04:5:1::/48, AS_PATH: 4 43, NEXT_HOP: 2001:db8:1:1::41, via 2001:db8:1:1::2
+  std comms: 999:64513, 999:64515, 999:64517
+  ext comms:
+  lrg comms: 999:0:64513, 999:0:64515, 999:0:64517
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a04:6:1::/48, AS_PATH: 4 45, NEXT_HOP: 2001:db8:1:1::41, via 2001:db8:1:1::2
+  std comms: 999:64513, 999:64515, 999:64517
+  ext comms:
+  lrg comms: 999:0:64513, 999:0:64515, 999:0:64517
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a05:2:1::/48, AS_PATH: 5, NEXT_HOP: 2001:db8:1:1::51, via 2001:db8:1:1::2
+  std comms: 999:64512, 999:64515
+  ext comms:
+  lrg comms: 999:0:64512, 999:0:64515
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a05:2:2::/48, AS_PATH: 5 3, NEXT_HOP: 2001:db8:1:1::51, via 2001:db8:1:1::2
+  std comms: 999:64512, 999:64515
+  ext comms:
+  lrg comms: 999:0:64512, 999:0:64515
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a05:2:3::/48, AS_PATH: 5 51, NEXT_HOP: 2001:db8:1:1::51, via 2001:db8:1:1::2
+  std comms: 999:64512, 999:64514
+  ext comms:
+  lrg comms: 999:0:64512, 999:0:64514
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
diff --git a/tests/live_tests/scenarios/tag_as_set/routes/TagASSetScenario_EmptyAS_SETs_OpenBGPDIPv6/openbgpd77p/AS2.txt b/tests/live_tests/scenarios/tag_as_set/routes/TagASSetScenario_EmptyAS_SETs_OpenBGPDIPv6/openbgpd77p/AS2.txt
new file mode 100644
index 00000000..caf2fb62
--- /dev/null
+++ b/tests/live_tests/scenarios/tag_as_set/routes/TagASSetScenario_EmptyAS_SETs_OpenBGPDIPv6/openbgpd77p/AS2.txt
@@ -0,0 +1,70 @@
+2a03:2:1::/48, AS_PATH: 6 3, NEXT_HOP: 2001:db8:1:1::61, via 2001:db8:1:1::2
+  std comms: 999:64513, 999:64515, 999:64517
+  ext comms:
+  lrg comms: 999:0:64513, 999:0:64515, 999:0:64517
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a04:0:3::/48, AS_PATH: 4 41, NEXT_HOP: 2001:db8:1:1::41, via 2001:db8:1:1::2
+  std comms: 999:64513, 999:64514
+  ext comms:
+  lrg comms: 999:0:64513, 999:0:64514
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a04:2:3::/48, AS_PATH: 4 41, NEXT_HOP: 2001:db8:1:1::41, via 2001:db8:1:1::2
+  std comms: 999:64512, 999:64514
+  ext comms:
+  lrg comms: 999:0:64512, 999:0:64514
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a04:3:1::/48, AS_PATH: 4 41, NEXT_HOP: 2001:db8:1:1::41, via 2001:db8:1:1::2
+  std comms: 999:64513, 999:64514
+  ext comms:
+  lrg comms: 999:0:64513, 999:0:64514
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a04:4::/32, AS_PATH: 4 44, NEXT_HOP: 2001:db8:1:1::41, via 2001:db8:1:1::2
+  std comms: 999:64513, 999:64515, 999:64517
+  ext comms:
+  lrg comms: 999:0:64513, 999:0:64515, 999:0:64517
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a04:5:1::/48, AS_PATH: 4 43, NEXT_HOP: 2001:db8:1:1::41, via 2001:db8:1:1::2
+  std comms: 999:64513, 999:64515, 999:64517
+  ext comms:
+  lrg comms: 999:0:64513, 999:0:64515, 999:0:64517
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a04:6:1::/48, AS_PATH: 4 45, NEXT_HOP: 2001:db8:1:1::41, via 2001:db8:1:1::2
+  std comms: 999:64513, 999:64515, 999:64517
+  ext comms:
+  lrg comms: 999:0:64513, 999:0:64515, 999:0:64517
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a05:2:1::/48, AS_PATH: 5, NEXT_HOP: 2001:db8:1:1::51, via 2001:db8:1:1::2
+  std comms: 999:64512, 999:64515
+  ext comms:
+  lrg comms: 999:0:64512, 999:0:64515
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a05:2:2::/48, AS_PATH: 5 3, NEXT_HOP: 2001:db8:1:1::51, via 2001:db8:1:1::2
+  std comms: 999:64512, 999:64515
+  ext comms:
+  lrg comms: 999:0:64512, 999:0:64515
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a05:2:3::/48, AS_PATH: 5 51, NEXT_HOP: 2001:db8:1:1::51, via 2001:db8:1:1::2
+  std comms: 999:64512, 999:64514
+  ext comms:
+  lrg comms: 999:0:64512, 999:0:64514
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
diff --git a/tests/live_tests/scenarios/tag_as_set/routes/TagASSetScenario_EmptyAS_SETs_OpenBGPDIPv6/openbgpd77p/AS4.txt b/tests/live_tests/scenarios/tag_as_set/routes/TagASSetScenario_EmptyAS_SETs_OpenBGPDIPv6/openbgpd77p/AS4.txt
new file mode 100644
index 00000000..3d1aa72a
--- /dev/null
+++ b/tests/live_tests/scenarios/tag_as_set/routes/TagASSetScenario_EmptyAS_SETs_OpenBGPDIPv6/openbgpd77p/AS4.txt
@@ -0,0 +1,126 @@
+2a02:0:1::/48, AS_PATH: 2, NEXT_HOP: 2001:db8:1:1::21, via 2001:db8:1:1::2
+  std comms: 999:64513, 999:64515
+  ext comms:
+  lrg comms: 999:0:64513, 999:0:64515
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a02:0:2::/48, AS_PATH: 2 3, NEXT_HOP: 2001:db8:1:1::21, via 2001:db8:1:1::2
+  std comms: 999:64513, 999:64515
+  ext comms:
+  lrg comms: 999:0:64513, 999:0:64515
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a02:0:3::/48, AS_PATH: 2 21, NEXT_HOP: 2001:db8:1:1::21, via 2001:db8:1:1::2
+  std comms: 999:64513, 999:64514
+  ext comms:
+  lrg comms: 999:0:64513, 999:0:64514
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a02:0:4::/48, AS_PATH: 2, NEXT_HOP: 2001:db8:1:1::21, via 2001:db8:1:1::2
+  std comms: 999:64513, 999:64515
+  ext comms:
+  lrg comms: 999:0:64513, 999:0:64515
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a02:0:5::/48, AS_PATH: 2, NEXT_HOP: 2001:db8:1:1::21, via 2001:db8:1:1::2
+  std comms: 999:64513, 999:64515
+  ext comms:
+  lrg comms: 999:0:64513, 999:0:64515
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a02:1::/48, AS_PATH: 2, NEXT_HOP: 2001:db8:1:1::21, via 2001:db8:1:1::2
+  std comms: 999:64513, 999:64515
+  ext comms:
+  lrg comms: 999:0:64513, 999:0:64515
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a02:2:1::/48, AS_PATH: 2, NEXT_HOP: 2001:db8:1:1::21, via 2001:db8:1:1::2
+  std comms: 999:64512, 999:64515
+  ext comms:
+  lrg comms: 999:0:64512, 999:0:64515
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a02:2:2::/48, AS_PATH: 2 3, NEXT_HOP: 2001:db8:1:1::21, via 2001:db8:1:1::2
+  std comms: 999:64512, 999:64515
+  ext comms:
+  lrg comms: 999:0:64512, 999:0:64515
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a02:2:3::/48, AS_PATH: 2 21, NEXT_HOP: 2001:db8:1:1::21, via 2001:db8:1:1::2
+  std comms: 999:64512, 999:64514
+  ext comms:
+  lrg comms: 999:0:64512, 999:0:64514
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a02:3:1::/48, AS_PATH: 2 21, NEXT_HOP: 2001:db8:1:1::21, via 2001:db8:1:1::2
+  std comms: 999:64513, 999:64514
+  ext comms:
+  lrg comms: 999:0:64513, 999:0:64514
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a02:5::/32, AS_PATH: 2, NEXT_HOP: 2001:db8:1:1::21, via 2001:db8:1:1::2
+  std comms: 999:64513, 999:64515
+  ext comms:
+  lrg comms: 999:0:64513, 999:0:64515
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a02:6::/32, AS_PATH: 2, NEXT_HOP: 2001:db8:1:1::21, via 2001:db8:1:1::2
+  std comms: 999:64513, 999:64515
+  ext comms:
+  lrg comms: 999:0:64513, 999:0:64515
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a02:7::/32, AS_PATH: 2, NEXT_HOP: 2001:db8:1:1::21, via 2001:db8:1:1::2
+  std comms: 999:64513, 999:64515
+  ext comms:
+  lrg comms: 999:0:64513, 999:0:64515
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a03:2:1::/48, AS_PATH: 2 3, NEXT_HOP: 2001:db8:1:1::21, via 2001:db8:1:1::2
+  std comms: 999:64513, 999:64515
+  ext comms:
+  lrg comms: 999:0:64513, 999:0:64515
+  best: False, LOCAL_PREF: 100
+  filtered: False ()
+
+2a03:2:1::/48, AS_PATH: 6 3, NEXT_HOP: 2001:db8:1:1::61, via 2001:db8:1:1::2
+  std comms: 999:64513, 999:64515, 999:64517
+  ext comms:
+  lrg comms: 999:0:64513, 999:0:64515, 999:0:64517
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a05:2:1::/48, AS_PATH: 5, NEXT_HOP: 2001:db8:1:1::51, via 2001:db8:1:1::2
+  std comms: 999:64512, 999:64515
+  ext comms:
+  lrg comms: 999:0:64512, 999:0:64515
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a05:2:2::/48, AS_PATH: 5 3, NEXT_HOP: 2001:db8:1:1::51, via 2001:db8:1:1::2
+  std comms: 999:64512, 999:64515
+  ext comms:
+  lrg comms: 999:0:64512, 999:0:64515
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a05:2:3::/48, AS_PATH: 5 51, NEXT_HOP: 2001:db8:1:1::51, via 2001:db8:1:1::2
+  std comms: 999:64512, 999:64514
+  ext comms:
+  lrg comms: 999:0:64512, 999:0:64514
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
diff --git a/tests/live_tests/scenarios/tag_as_set/routes/TagASSetScenario_EmptyAS_SETs_OpenBGPDIPv6/openbgpd77p/AS5.txt b/tests/live_tests/scenarios/tag_as_set/routes/TagASSetScenario_EmptyAS_SETs_OpenBGPDIPv6/openbgpd77p/AS5.txt
new file mode 100644
index 00000000..e09d4eda
--- /dev/null
+++ b/tests/live_tests/scenarios/tag_as_set/routes/TagASSetScenario_EmptyAS_SETs_OpenBGPDIPv6/openbgpd77p/AS5.txt
@@ -0,0 +1,147 @@
+2a02:0:1::/48, AS_PATH: 2, NEXT_HOP: 2001:db8:1:1::21, via 2001:db8:1:1::2
+  std comms: 999:64513, 999:64515
+  ext comms:
+  lrg comms: 999:0:64513, 999:0:64515
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a02:0:2::/48, AS_PATH: 2 3, NEXT_HOP: 2001:db8:1:1::21, via 2001:db8:1:1::2
+  std comms: 999:64513, 999:64515
+  ext comms:
+  lrg comms: 999:0:64513, 999:0:64515
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a02:0:3::/48, AS_PATH: 2 21, NEXT_HOP: 2001:db8:1:1::21, via 2001:db8:1:1::2
+  std comms: 999:64513, 999:64514
+  ext comms:
+  lrg comms: 999:0:64513, 999:0:64514
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a02:0:4::/48, AS_PATH: 2, NEXT_HOP: 2001:db8:1:1::21, via 2001:db8:1:1::2
+  std comms: 999:64513, 999:64515
+  ext comms:
+  lrg comms: 999:0:64513, 999:0:64515
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a02:0:5::/48, AS_PATH: 2, NEXT_HOP: 2001:db8:1:1::21, via 2001:db8:1:1::2
+  std comms: 999:64513, 999:64515
+  ext comms:
+  lrg comms: 999:0:64513, 999:0:64515
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a02:1::/48, AS_PATH: 2, NEXT_HOP: 2001:db8:1:1::21, via 2001:db8:1:1::2
+  std comms: 999:64513, 999:64515
+  ext comms:
+  lrg comms: 999:0:64513, 999:0:64515
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a02:2:1::/48, AS_PATH: 2, NEXT_HOP: 2001:db8:1:1::21, via 2001:db8:1:1::2
+  std comms: 999:64512, 999:64515
+  ext comms:
+  lrg comms: 999:0:64512, 999:0:64515
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a02:2:2::/48, AS_PATH: 2 3, NEXT_HOP: 2001:db8:1:1::21, via 2001:db8:1:1::2
+  std comms: 999:64512, 999:64515
+  ext comms:
+  lrg comms: 999:0:64512, 999:0:64515
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a02:2:3::/48, AS_PATH: 2 21, NEXT_HOP: 2001:db8:1:1::21, via 2001:db8:1:1::2
+  std comms: 999:64512, 999:64514
+  ext comms:
+  lrg comms: 999:0:64512, 999:0:64514
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a02:3:1::/48, AS_PATH: 2 21, NEXT_HOP: 2001:db8:1:1::21, via 2001:db8:1:1::2
+  std comms: 999:64513, 999:64514
+  ext comms:
+  lrg comms: 999:0:64513, 999:0:64514
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a02:5::/32, AS_PATH: 2, NEXT_HOP: 2001:db8:1:1::21, via 2001:db8:1:1::2
+  std comms: 999:64513, 999:64515
+  ext comms:
+  lrg comms: 999:0:64513, 999:0:64515
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a02:6::/32, AS_PATH: 2, NEXT_HOP: 2001:db8:1:1::21, via 2001:db8:1:1::2
+  std comms: 999:64513, 999:64515
+  ext comms:
+  lrg comms: 999:0:64513, 999:0:64515
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a02:7::/32, AS_PATH: 2, NEXT_HOP: 2001:db8:1:1::21, via 2001:db8:1:1::2
+  std comms: 999:64513, 999:64515
+  ext comms:
+  lrg comms: 999:0:64513, 999:0:64515
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a03:2:1::/48, AS_PATH: 2 3, NEXT_HOP: 2001:db8:1:1::21, via 2001:db8:1:1::2
+  std comms: 999:64513, 999:64515
+  ext comms:
+  lrg comms: 999:0:64513, 999:0:64515
+  best: False, LOCAL_PREF: 100
+  filtered: False ()
+
+2a03:2:1::/48, AS_PATH: 6 3, NEXT_HOP: 2001:db8:1:1::61, via 2001:db8:1:1::2
+  std comms: 999:64513, 999:64515, 999:64517
+  ext comms:
+  lrg comms: 999:0:64513, 999:0:64515, 999:0:64517
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a04:0:3::/48, AS_PATH: 4 41, NEXT_HOP: 2001:db8:1:1::41, via 2001:db8:1:1::2
+  std comms: 999:64513, 999:64514
+  ext comms:
+  lrg comms: 999:0:64513, 999:0:64514
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a04:2:3::/48, AS_PATH: 4 41, NEXT_HOP: 2001:db8:1:1::41, via 2001:db8:1:1::2
+  std comms: 999:64512, 999:64514
+  ext comms:
+  lrg comms: 999:0:64512, 999:0:64514
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a04:3:1::/48, AS_PATH: 4 41, NEXT_HOP: 2001:db8:1:1::41, via 2001:db8:1:1::2
+  std comms: 999:64513, 999:64514
+  ext comms:
+  lrg comms: 999:0:64513, 999:0:64514
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a04:4::/32, AS_PATH: 4 44, NEXT_HOP: 2001:db8:1:1::41, via 2001:db8:1:1::2
+  std comms: 999:64513, 999:64515, 999:64517
+  ext comms:
+  lrg comms: 999:0:64513, 999:0:64515, 999:0:64517
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a04:5:1::/48, AS_PATH: 4 43, NEXT_HOP: 2001:db8:1:1::41, via 2001:db8:1:1::2
+  std comms: 999:64513, 999:64515, 999:64517
+  ext comms:
+  lrg comms: 999:0:64513, 999:0:64515, 999:0:64517
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a04:6:1::/48, AS_PATH: 4 45, NEXT_HOP: 2001:db8:1:1::41, via 2001:db8:1:1::2
+  std comms: 999:64513, 999:64515, 999:64517
+  ext comms:
+  lrg comms: 999:0:64513, 999:0:64515, 999:0:64517
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
diff --git a/tests/live_tests/scenarios/tag_as_set/routes/TagASSetScenario_EmptyAS_SETs_OpenBGPDIPv6/openbgpd77p/AS6.txt b/tests/live_tests/scenarios/tag_as_set/routes/TagASSetScenario_EmptyAS_SETs_OpenBGPDIPv6/openbgpd77p/AS6.txt
new file mode 100644
index 00000000..186e7a62
--- /dev/null
+++ b/tests/live_tests/scenarios/tag_as_set/routes/TagASSetScenario_EmptyAS_SETs_OpenBGPDIPv6/openbgpd77p/AS6.txt
@@ -0,0 +1,161 @@
+2a02:0:1::/48, AS_PATH: 2, NEXT_HOP: 2001:db8:1:1::21, via 2001:db8:1:1::2
+  std comms: 999:64513, 999:64515
+  ext comms:
+  lrg comms: 999:0:64513, 999:0:64515
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a02:0:2::/48, AS_PATH: 2 3, NEXT_HOP: 2001:db8:1:1::21, via 2001:db8:1:1::2
+  std comms: 999:64513, 999:64515
+  ext comms:
+  lrg comms: 999:0:64513, 999:0:64515
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a02:0:3::/48, AS_PATH: 2 21, NEXT_HOP: 2001:db8:1:1::21, via 2001:db8:1:1::2
+  std comms: 999:64513, 999:64514
+  ext comms:
+  lrg comms: 999:0:64513, 999:0:64514
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a02:0:4::/48, AS_PATH: 2, NEXT_HOP: 2001:db8:1:1::21, via 2001:db8:1:1::2
+  std comms: 999:64513, 999:64515
+  ext comms:
+  lrg comms: 999:0:64513, 999:0:64515
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a02:0:5::/48, AS_PATH: 2, NEXT_HOP: 2001:db8:1:1::21, via 2001:db8:1:1::2
+  std comms: 999:64513, 999:64515
+  ext comms:
+  lrg comms: 999:0:64513, 999:0:64515
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a02:1::/48, AS_PATH: 2, NEXT_HOP: 2001:db8:1:1::21, via 2001:db8:1:1::2
+  std comms: 999:64513, 999:64515
+  ext comms:
+  lrg comms: 999:0:64513, 999:0:64515
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a02:2:1::/48, AS_PATH: 2, NEXT_HOP: 2001:db8:1:1::21, via 2001:db8:1:1::2
+  std comms: 999:64512, 999:64515
+  ext comms:
+  lrg comms: 999:0:64512, 999:0:64515
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a02:2:2::/48, AS_PATH: 2 3, NEXT_HOP: 2001:db8:1:1::21, via 2001:db8:1:1::2
+  std comms: 999:64512, 999:64515
+  ext comms:
+  lrg comms: 999:0:64512, 999:0:64515
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a02:2:3::/48, AS_PATH: 2 21, NEXT_HOP: 2001:db8:1:1::21, via 2001:db8:1:1::2
+  std comms: 999:64512, 999:64514
+  ext comms:
+  lrg comms: 999:0:64512, 999:0:64514
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a02:3:1::/48, AS_PATH: 2 21, NEXT_HOP: 2001:db8:1:1::21, via 2001:db8:1:1::2
+  std comms: 999:64513, 999:64514
+  ext comms:
+  lrg comms: 999:0:64513, 999:0:64514
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a02:5::/32, AS_PATH: 2, NEXT_HOP: 2001:db8:1:1::21, via 2001:db8:1:1::2
+  std comms: 999:64513, 999:64515
+  ext comms:
+  lrg comms: 999:0:64513, 999:0:64515
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a02:6::/32, AS_PATH: 2, NEXT_HOP: 2001:db8:1:1::21, via 2001:db8:1:1::2
+  std comms: 999:64513, 999:64515
+  ext comms:
+  lrg comms: 999:0:64513, 999:0:64515
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a02:7::/32, AS_PATH: 2, NEXT_HOP: 2001:db8:1:1::21, via 2001:db8:1:1::2
+  std comms: 999:64513, 999:64515
+  ext comms:
+  lrg comms: 999:0:64513, 999:0:64515
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a03:0:1::/48, AS_PATH: 2 3, NEXT_HOP: 2001:db8:1:1::21, via 2001:db8:1:1::2
+  std comms: 999:64513, 999:64515
+  ext comms:
+  lrg comms: 999:0:64513, 999:0:64515
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a04:0:3::/48, AS_PATH: 4 41, NEXT_HOP: 2001:db8:1:1::41, via 2001:db8:1:1::2
+  std comms: 999:64513, 999:64514
+  ext comms:
+  lrg comms: 999:0:64513, 999:0:64514
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a04:2:3::/48, AS_PATH: 4 41, NEXT_HOP: 2001:db8:1:1::41, via 2001:db8:1:1::2
+  std comms: 999:64512, 999:64514
+  ext comms:
+  lrg comms: 999:0:64512, 999:0:64514
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a04:3:1::/48, AS_PATH: 4 41, NEXT_HOP: 2001:db8:1:1::41, via 2001:db8:1:1::2
+  std comms: 999:64513, 999:64514
+  ext comms:
+  lrg comms: 999:0:64513, 999:0:64514
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a04:4::/32, AS_PATH: 4 44, NEXT_HOP: 2001:db8:1:1::41, via 2001:db8:1:1::2
+  std comms: 999:64513, 999:64515, 999:64517
+  ext comms:
+  lrg comms: 999:0:64513, 999:0:64515, 999:0:64517
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a04:5:1::/48, AS_PATH: 4 43, NEXT_HOP: 2001:db8:1:1::41, via 2001:db8:1:1::2
+  std comms: 999:64513, 999:64515, 999:64517
+  ext comms:
+  lrg comms: 999:0:64513, 999:0:64515, 999:0:64517
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a04:6:1::/48, AS_PATH: 4 45, NEXT_HOP: 2001:db8:1:1::41, via 2001:db8:1:1::2
+  std comms: 999:64513, 999:64515, 999:64517
+  ext comms:
+  lrg comms: 999:0:64513, 999:0:64515, 999:0:64517
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a05:2:1::/48, AS_PATH: 5, NEXT_HOP: 2001:db8:1:1::51, via 2001:db8:1:1::2
+  std comms: 999:64512, 999:64515
+  ext comms:
+  lrg comms: 999:0:64512, 999:0:64515
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a05:2:2::/48, AS_PATH: 5 3, NEXT_HOP: 2001:db8:1:1::51, via 2001:db8:1:1::2
+  std comms: 999:64512, 999:64515
+  ext comms:
+  lrg comms: 999:0:64512, 999:0:64515
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a05:2:3::/48, AS_PATH: 5 51, NEXT_HOP: 2001:db8:1:1::51, via 2001:db8:1:1::2
+  std comms: 999:64512, 999:64514
+  ext comms:
+  lrg comms: 999:0:64512, 999:0:64514
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
diff --git a/tests/live_tests/scenarios/tag_as_set/routes/TagASSetScenario_EmptyAS_SETs_OpenBGPDIPv6/openbgpd77p/rs.txt b/tests/live_tests/scenarios/tag_as_set/routes/TagASSetScenario_EmptyAS_SETs_OpenBGPDIPv6/openbgpd77p/rs.txt
new file mode 100644
index 00000000..cd89e49a
--- /dev/null
+++ b/tests/live_tests/scenarios/tag_as_set/routes/TagASSetScenario_EmptyAS_SETs_OpenBGPDIPv6/openbgpd77p/rs.txt
@@ -0,0 +1,294 @@
+2a02:0:1::/48, AS_PATH: 2, NEXT_HOP: 2001:db8:1:1::21, via 2001:db8:1:1::21
+  std comms: 999:64513, 999:64515
+  ext comms:
+  lrg comms: 999:0:64513, 999:0:64515
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a02:0:2::/48, AS_PATH: 2 3, NEXT_HOP: 2001:db8:1:1::21, via 2001:db8:1:1::21
+  std comms: 999:64513, 999:64515
+  ext comms:
+  lrg comms: 999:0:64513, 999:0:64515
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a02:0:3::/48, AS_PATH: 2 21, NEXT_HOP: 2001:db8:1:1::21, via 2001:db8:1:1::21
+  std comms: 999:64513, 999:64514
+  ext comms:
+  lrg comms: 999:0:64513, 999:0:64514
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a02:0:4::/48, AS_PATH: 2, NEXT_HOP: 2001:db8:1:1::21, via 2001:db8:1:1::21
+  std comms: 999:64513, 999:64515
+  ext comms:
+  lrg comms: 999:0:64513, 999:0:64515
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a02:0:5::/48, AS_PATH: 2, NEXT_HOP: 2001:db8:1:1::21, via 2001:db8:1:1::21
+  std comms: 999:64513, 999:64515
+  ext comms:
+  lrg comms: 999:0:64513, 999:0:64515
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a02:1::/48, AS_PATH: 2, NEXT_HOP: 2001:db8:1:1::21, via 2001:db8:1:1::21
+  std comms: 999:64513, 999:64515
+  ext comms:
+  lrg comms: 999:0:64513, 999:0:64515
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a02:2:1::/48, AS_PATH: 2, NEXT_HOP: 2001:db8:1:1::21, via 2001:db8:1:1::21
+  std comms: 999:64512, 999:64515
+  ext comms:
+  lrg comms: 999:0:64512, 999:0:64515
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a02:2:2::/48, AS_PATH: 2 3, NEXT_HOP: 2001:db8:1:1::21, via 2001:db8:1:1::21
+  std comms: 999:64512, 999:64515
+  ext comms:
+  lrg comms: 999:0:64512, 999:0:64515
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a02:2:3::/48, AS_PATH: 2 21, NEXT_HOP: 2001:db8:1:1::21, via 2001:db8:1:1::21
+  std comms: 999:64512, 999:64514
+  ext comms:
+  lrg comms: 999:0:64512, 999:0:64514
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a02:3:1::/48, AS_PATH: 2 21, NEXT_HOP: 2001:db8:1:1::21, via 2001:db8:1:1::21
+  std comms: 999:64513, 999:64514
+  ext comms:
+  lrg comms: 999:0:64513, 999:0:64514
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a02:4::/32, AS_PATH: 6 2, NEXT_HOP: 2001:db8:1:1::61, via 2001:db8:1:1::61
+  std comms: 999:64513, 999:64515
+  ext comms:
+  lrg comms: 999:0:64513, 999:0:64515
+  best: True, LOCAL_PREF: 1
+  filtered: True (9)
+
+2a02:5::/32, AS_PATH: 2, NEXT_HOP: 2001:db8:1:1::21, via 2001:db8:1:1::21
+  std comms: 999:64513, 999:64515
+  ext comms:
+  lrg comms: 999:0:64513, 999:0:64515
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a02:6::/32, AS_PATH: 2, NEXT_HOP: 2001:db8:1:1::21, via 2001:db8:1:1::21
+  std comms: 999:64513, 999:64515
+  ext comms:
+  lrg comms: 999:0:64513, 999:0:64515
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a02:7::/32, AS_PATH: 2, NEXT_HOP: 2001:db8:1:1::21, via 2001:db8:1:1::21
+  std comms: 999:64513, 999:64515
+  ext comms:
+  lrg comms: 999:0:64513, 999:0:64515
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a03:0:1::/48, AS_PATH: 2 3, NEXT_HOP: 2001:db8:1:1::21, via 2001:db8:1:1::21
+  std comms: 999:64513, 999:64515
+  ext comms:
+  lrg comms: 999:0:64513, 999:0:64515
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a03:0:1::/48, AS_PATH: 4 3, NEXT_HOP: 2001:db8:1:1::41, via 2001:db8:1:1::41
+  std comms: 999:64513, 999:64515
+  ext comms:
+  lrg comms: 999:0:64513, 999:0:64515
+  best: False, LOCAL_PREF: 1
+  filtered: True (9)
+
+2a03:0:1::/48, AS_PATH: 5 3, NEXT_HOP: 2001:db8:1:1::51, via 2001:db8:1:1::51
+  std comms: 999:64513, 999:64515
+  ext comms:
+  lrg comms: 999:0:64513, 999:0:64515
+  best: False, LOCAL_PREF: 1
+  filtered: True (12)
+
+2a03:1::/32, AS_PATH: 6 3, NEXT_HOP: 2001:db8:1:1::61, via 2001:db8:1:1::61
+  std comms: 999:64513, 999:64515
+  ext comms:
+  lrg comms: 999:0:64513, 999:0:64515
+  best: True, LOCAL_PREF: 1
+  filtered: True (9)
+
+2a03:2:1::/48, AS_PATH: 6 3, NEXT_HOP: 2001:db8:1:1::61, via 2001:db8:1:1::61
+  std comms: 999:64513, 999:64515, 999:64517
+  ext comms:
+  lrg comms: 999:0:64513, 999:0:64515, 999:0:64517
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a03:3::/32, AS_PATH: 6 3, NEXT_HOP: 2001:db8:1:1::61, via 2001:db8:1:1::61
+  std comms: 999:64513, 999:64515
+  ext comms:
+  lrg comms: 999:0:64513, 999:0:64515
+  best: True, LOCAL_PREF: 1
+  filtered: True (9)
+
+2a04:0:1::/48, AS_PATH: 4, NEXT_HOP: 2001:db8:1:1::41, via 2001:db8:1:1::41
+  std comms: 999:64513, 999:64515
+  ext comms:
+  lrg comms: 999:0:64513, 999:0:64515
+  best: True, LOCAL_PREF: 1
+  filtered: True (9)
+
+2a04:0:2::/48, AS_PATH: 4 3, NEXT_HOP: 2001:db8:1:1::41, via 2001:db8:1:1::41
+  std comms: 999:64513, 999:64515
+  ext comms:
+  lrg comms: 999:0:64513, 999:0:64515
+  best: True, LOCAL_PREF: 1
+  filtered: True (9)
+
+2a04:0:3::/48, AS_PATH: 4 41, NEXT_HOP: 2001:db8:1:1::41, via 2001:db8:1:1::41
+  std comms: 999:64513, 999:64514
+  ext comms:
+  lrg comms: 999:0:64513, 999:0:64514
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a04:1::/48, AS_PATH: 4, NEXT_HOP: 2001:db8:1:1::41, via 2001:db8:1:1::41
+  std comms: 999:64513, 999:64515
+  ext comms:
+  lrg comms: 999:0:64513, 999:0:64515
+  best: True, LOCAL_PREF: 1
+  filtered: True (9)
+
+2a04:2:1::/48, AS_PATH: 4, NEXT_HOP: 2001:db8:1:1::41, via 2001:db8:1:1::41
+  std comms: 999:64512, 999:64515
+  ext comms:
+  lrg comms: 999:0:64512, 999:0:64515
+  best: True, LOCAL_PREF: 1
+  filtered: True (9)
+
+2a04:2:2::/48, AS_PATH: 4 3, NEXT_HOP: 2001:db8:1:1::41, via 2001:db8:1:1::41
+  std comms: 999:64512, 999:64515
+  ext comms:
+  lrg comms: 999:0:64512, 999:0:64515
+  best: True, LOCAL_PREF: 1
+  filtered: True (9)
+
+2a04:2:3::/48, AS_PATH: 4 41, NEXT_HOP: 2001:db8:1:1::41, via 2001:db8:1:1::41
+  std comms: 999:64512, 999:64514
+  ext comms:
+  lrg comms: 999:0:64512, 999:0:64514
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a04:3:1::/48, AS_PATH: 4 41, NEXT_HOP: 2001:db8:1:1::41, via 2001:db8:1:1::41
+  std comms: 999:64513, 999:64514
+  ext comms:
+  lrg comms: 999:0:64513, 999:0:64514
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a04:4:1::/48, AS_PATH: 4 44, NEXT_HOP: 2001:db8:1:1::41, via 2001:db8:1:1::41
+  std comms: 999:64513, 999:64515
+  ext comms:
+  lrg comms: 999:0:64513, 999:0:64515
+  best: True, LOCAL_PREF: 1
+  filtered: True (9)
+
+2a04:4::/32, AS_PATH: 4 44, NEXT_HOP: 2001:db8:1:1::41, via 2001:db8:1:1::41
+  std comms: 999:64513, 999:64515, 999:64517
+  ext comms:
+  lrg comms: 999:0:64513, 999:0:64515, 999:0:64517
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a04:5:1::/48, AS_PATH: 4 43, NEXT_HOP: 2001:db8:1:1::41, via 2001:db8:1:1::41
+  std comms: 999:64513, 999:64515, 999:64517
+  ext comms:
+  lrg comms: 999:0:64513, 999:0:64515, 999:0:64517
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a04:5:2::/48, AS_PATH: 4 45, NEXT_HOP: 2001:db8:1:1::41, via 2001:db8:1:1::41
+  std comms: 999:64513, 999:64515
+  ext comms:
+  lrg comms: 999:0:64513, 999:0:64515
+  best: True, LOCAL_PREF: 1
+  filtered: True (9)
+
+2a04:6:1::/48, AS_PATH: 4 45, NEXT_HOP: 2001:db8:1:1::41, via 2001:db8:1:1::41
+  std comms: 999:64513, 999:64515, 999:64517
+  ext comms:
+  lrg comms: 999:0:64513, 999:0:64515, 999:0:64517
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a05:0:1::/48, AS_PATH: 5, NEXT_HOP: 2001:db8:1:1::51, via 2001:db8:1:1::51
+  std comms: 999:64513, 999:64515
+  ext comms:
+  lrg comms: 999:0:64513, 999:0:64515
+  best: True, LOCAL_PREF: 1
+  filtered: True (12)
+
+2a05:0:2::/48, AS_PATH: 5 3, NEXT_HOP: 2001:db8:1:1::51, via 2001:db8:1:1::51
+  std comms: 999:64513, 999:64515
+  ext comms:
+  lrg comms: 999:0:64513, 999:0:64515
+  best: True, LOCAL_PREF: 1
+  filtered: True (12)
+
+2a05:0:3::/48, AS_PATH: 5 51, NEXT_HOP: 2001:db8:1:1::51, via 2001:db8:1:1::51
+  std comms: 999:64513, 999:64514
+  ext comms:
+  lrg comms: 999:0:64513, 999:0:64514
+  best: True, LOCAL_PREF: 1
+  filtered: True (12)
+
+2a05:1::/48, AS_PATH: 5, NEXT_HOP: 2001:db8:1:1::51, via 2001:db8:1:1::51
+  std comms: 999:64513, 999:64515
+  ext comms:
+  lrg comms: 999:0:64513, 999:0:64515
+  best: True, LOCAL_PREF: 1
+  filtered: True (12)
+
+2a05:2:1::/48, AS_PATH: 5, NEXT_HOP: 2001:db8:1:1::51, via 2001:db8:1:1::51
+  std comms: 999:64512, 999:64515
+  ext comms:
+  lrg comms: 999:0:64512, 999:0:64515
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a05:2:2::/48, AS_PATH: 5 3, NEXT_HOP: 2001:db8:1:1::51, via 2001:db8:1:1::51
+  std comms: 999:64512, 999:64515
+  ext comms:
+  lrg comms: 999:0:64512, 999:0:64515
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a05:2:3::/48, AS_PATH: 5 51, NEXT_HOP: 2001:db8:1:1::51, via 2001:db8:1:1::51
+  std comms: 999:64512, 999:64514
+  ext comms:
+  lrg comms: 999:0:64512, 999:0:64514
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a05:3:1::/48, AS_PATH: 5 51, NEXT_HOP: 2001:db8:1:1::51, via 2001:db8:1:1::51
+  std comms: 999:64513, 999:64514
+  ext comms:
+  lrg comms: 999:0:64513, 999:0:64514
+  best: True, LOCAL_PREF: 1
+  filtered: True (12)
+
+2a06:0:1::/48, AS_PATH: 6, NEXT_HOP: 2001:db8:1:1::61, via 2001:db8:1:1::61
+  std comms: 999:64513, 999:64515
+  ext comms:
+  lrg comms: 999:0:64513, 999:0:64515
+  best: True, LOCAL_PREF: 1
+  filtered: True (9)
+
diff --git a/tests/live_tests/scenarios/tag_as_set/routes/TagASSetScenario_WithAS_SETs_OpenBGPDIPv4/openbgpd77p/AS1.txt b/tests/live_tests/scenarios/tag_as_set/routes/TagASSetScenario_WithAS_SETs_OpenBGPDIPv4/openbgpd77p/AS1.txt
new file mode 100644
index 00000000..37ae5299
--- /dev/null
+++ b/tests/live_tests/scenarios/tag_as_set/routes/TagASSetScenario_WithAS_SETs_OpenBGPDIPv4/openbgpd77p/AS1.txt
@@ -0,0 +1,231 @@
+2.0.1.0/24, AS_PATH: 2, NEXT_HOP: 192.0.2.21, via 192.0.2.2
+  std comms: 999:64512, 999:64514
+  ext comms:
+  lrg comms: 999:0:64512, 999:0:64514
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2.0.2.0/24, AS_PATH: 2 3, NEXT_HOP: 192.0.2.21, via 192.0.2.2
+  std comms: 999:64512, 999:64515
+  ext comms:
+  lrg comms: 999:0:64512, 999:0:64515
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2.0.3.0/24, AS_PATH: 2 21, NEXT_HOP: 192.0.2.21, via 192.0.2.2
+  std comms: 999:64512, 999:64514
+  ext comms:
+  lrg comms: 999:0:64512, 999:0:64514
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2.0.4.0/24, AS_PATH: 2, NEXT_HOP: 192.0.2.21, via 192.0.2.2
+  std comms: 999:64512, 999:64514, 999:64516
+  ext comms:
+  lrg comms: 999:0:64512, 999:0:64514, 999:0:64516
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2.0.5.0/24, AS_PATH: 2, NEXT_HOP: 192.0.2.21, via 192.0.2.2
+  std comms: 999:64512, 999:64514, 999:64518
+  ext comms:
+  lrg comms: 999:0:64512, 999:0:64514, 999:0:64518
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2.1.0.0/24, AS_PATH: 2, NEXT_HOP: 192.0.2.21, via 192.0.2.2
+  std comms: 999:64513, 999:64514
+  ext comms:
+  lrg comms: 999:0:64513, 999:0:64514
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2.2.1.0/24, AS_PATH: 2, NEXT_HOP: 192.0.2.21, via 192.0.2.2
+  std comms: 999:64512, 999:64514
+  ext comms:
+  lrg comms: 999:0:64512, 999:0:64514
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2.2.2.0/24, AS_PATH: 2 3, NEXT_HOP: 192.0.2.21, via 192.0.2.2
+  std comms: 999:64512, 999:64515
+  ext comms:
+  lrg comms: 999:0:64512, 999:0:64515
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2.2.3.0/24, AS_PATH: 2 21, NEXT_HOP: 192.0.2.21, via 192.0.2.2
+  std comms: 999:64512, 999:64514
+  ext comms:
+  lrg comms: 999:0:64512, 999:0:64514
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2.3.1.0/24, AS_PATH: 2 21, NEXT_HOP: 192.0.2.21, via 192.0.2.2
+  std comms: 999:64513, 999:64514
+  ext comms:
+  lrg comms: 999:0:64513, 999:0:64514
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2.5.0.0/16, AS_PATH: 2, NEXT_HOP: 192.0.2.21, via 192.0.2.2
+  std comms: 999:64513, 999:64514, 999:64516
+  ext comms:
+  lrg comms: 999:0:64513, 999:0:64514, 999:0:64516
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2.6.0.0/16, AS_PATH: 2, NEXT_HOP: 192.0.2.21, via 192.0.2.2
+  std comms: 999:64513, 999:64514, 999:64518
+  ext comms:
+  lrg comms: 999:0:64513, 999:0:64514, 999:0:64518
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2.7.0.0/16, AS_PATH: 2, NEXT_HOP: 192.0.2.21, via 192.0.2.2
+  std comms: 999:64513, 999:64514, 999:64516, 999:64518
+  ext comms:
+  lrg comms: 999:0:64513, 999:0:64514, 999:0:64516, 999:0:64518
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+3.0.1.0/24, AS_PATH: 2 3, NEXT_HOP: 192.0.2.21, via 192.0.2.2
+  std comms: 999:64513, 999:64515
+  ext comms:
+  lrg comms: 999:0:64513, 999:0:64515
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+3.1.0.0/16, AS_PATH: 6 3, NEXT_HOP: 192.0.2.61, via 192.0.2.2
+  std comms: 999:64513, 999:64514, 999:64516
+  ext comms:
+  lrg comms: 999:0:64513, 999:0:64514, 999:0:64516
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+3.2.1.0/24, AS_PATH: 6 3, NEXT_HOP: 192.0.2.61, via 192.0.2.2
+  std comms: 999:64513, 999:64514, 999:64518
+  ext comms:
+  lrg comms: 999:0:64513, 999:0:64514, 999:0:64518
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+3.3.0.0/16, AS_PATH: 6 3, NEXT_HOP: 192.0.2.61, via 192.0.2.2
+  std comms: 999:64513, 999:64514, 999:64516, 999:64518
+  ext comms:
+  lrg comms: 999:0:64513, 999:0:64514, 999:0:64516, 999:0:64518
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+4.0.1.0/24, AS_PATH: 4, NEXT_HOP: 192.0.2.41, via 192.0.2.2
+  std comms: 999:64512, 999:64514
+  ext comms:
+  lrg comms: 999:0:64512, 999:0:64514
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+4.0.3.0/24, AS_PATH: 4 41, NEXT_HOP: 192.0.2.41, via 192.0.2.2
+  std comms: 999:64512, 999:64514
+  ext comms:
+  lrg comms: 999:0:64512, 999:0:64514
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+4.1.0.0/24, AS_PATH: 4, NEXT_HOP: 192.0.2.41, via 192.0.2.2
+  std comms: 999:64513, 999:64514
+  ext comms:
+  lrg comms: 999:0:64513, 999:0:64514
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+4.2.1.0/24, AS_PATH: 4, NEXT_HOP: 192.0.2.41, via 192.0.2.2
+  std comms: 999:64512, 999:64514
+  ext comms:
+  lrg comms: 999:0:64512, 999:0:64514
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+4.2.3.0/24, AS_PATH: 4 41, NEXT_HOP: 192.0.2.41, via 192.0.2.2
+  std comms: 999:64512, 999:64514
+  ext comms:
+  lrg comms: 999:0:64512, 999:0:64514
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+4.3.1.0/24, AS_PATH: 4 41, NEXT_HOP: 192.0.2.41, via 192.0.2.2
+  std comms: 999:64513, 999:64514
+  ext comms:
+  lrg comms: 999:0:64513, 999:0:64514
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+4.4.0.0/16, AS_PATH: 4 44, NEXT_HOP: 192.0.2.41, via 192.0.2.2
+  std comms: 999:64513, 999:64515, 999:64517
+  ext comms:
+  lrg comms: 999:0:64513, 999:0:64515, 999:0:64517
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+4.5.1.0/24, AS_PATH: 4 43, NEXT_HOP: 192.0.2.41, via 192.0.2.2
+  std comms: 999:64513, 999:64515, 999:64517
+  ext comms:
+  lrg comms: 999:0:64513, 999:0:64515, 999:0:64517
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+4.6.1.0/24, AS_PATH: 4 45, NEXT_HOP: 192.0.2.41, via 192.0.2.2
+  std comms: 999:64513, 999:64515, 999:64517
+  ext comms:
+  lrg comms: 999:0:64513, 999:0:64515, 999:0:64517
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+5.0.1.0/24, AS_PATH: 5, NEXT_HOP: 192.0.2.51, via 192.0.2.2
+  std comms: 999:64512, 999:64514
+  ext comms:
+  lrg comms: 999:0:64512, 999:0:64514
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+5.0.2.0/24, AS_PATH: 5 3, NEXT_HOP: 192.0.2.51, via 192.0.2.2
+  std comms: 999:64512, 999:64515
+  ext comms:
+  lrg comms: 999:0:64512, 999:0:64515
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+5.0.3.0/24, AS_PATH: 5 51, NEXT_HOP: 192.0.2.51, via 192.0.2.2
+  std comms: 999:64512, 999:64514
+  ext comms:
+  lrg comms: 999:0:64512, 999:0:64514
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+5.2.1.0/24, AS_PATH: 5, NEXT_HOP: 192.0.2.51, via 192.0.2.2
+  std comms: 999:64512, 999:64514
+  ext comms:
+  lrg comms: 999:0:64512, 999:0:64514
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+5.2.2.0/24, AS_PATH: 5 3, NEXT_HOP: 192.0.2.51, via 192.0.2.2
+  std comms: 999:64512, 999:64515
+  ext comms:
+  lrg comms: 999:0:64512, 999:0:64515
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+5.2.3.0/24, AS_PATH: 5 51, NEXT_HOP: 192.0.2.51, via 192.0.2.2
+  std comms: 999:64512, 999:64514
+  ext comms:
+  lrg comms: 999:0:64512, 999:0:64514
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+6.0.1.0/24, AS_PATH: 6, NEXT_HOP: 192.0.2.61, via 192.0.2.2
+  std comms: 999:64512, 999:64514, 999:64516, 999:64518
+  ext comms:
+  lrg comms: 999:0:64512, 999:0:64514, 999:0:64516, 999:0:64518
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
diff --git a/tests/live_tests/scenarios/tag_as_set/routes/TagASSetScenario_WithAS_SETs_OpenBGPDIPv4/openbgpd77p/AS2.txt b/tests/live_tests/scenarios/tag_as_set/routes/TagASSetScenario_WithAS_SETs_OpenBGPDIPv4/openbgpd77p/AS2.txt
new file mode 100644
index 00000000..fd45026e
--- /dev/null
+++ b/tests/live_tests/scenarios/tag_as_set/routes/TagASSetScenario_WithAS_SETs_OpenBGPDIPv4/openbgpd77p/AS2.txt
@@ -0,0 +1,133 @@
+3.1.0.0/16, AS_PATH: 6 3, NEXT_HOP: 192.0.2.61, via 192.0.2.2
+  std comms: 999:64513, 999:64514, 999:64516
+  ext comms:
+  lrg comms: 999:0:64513, 999:0:64514, 999:0:64516
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+3.2.1.0/24, AS_PATH: 6 3, NEXT_HOP: 192.0.2.61, via 192.0.2.2
+  std comms: 999:64513, 999:64514, 999:64518
+  ext comms:
+  lrg comms: 999:0:64513, 999:0:64514, 999:0:64518
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+3.3.0.0/16, AS_PATH: 6 3, NEXT_HOP: 192.0.2.61, via 192.0.2.2
+  std comms: 999:64513, 999:64514, 999:64516, 999:64518
+  ext comms:
+  lrg comms: 999:0:64513, 999:0:64514, 999:0:64516, 999:0:64518
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+4.0.1.0/24, AS_PATH: 4, NEXT_HOP: 192.0.2.41, via 192.0.2.2
+  std comms: 999:64512, 999:64514
+  ext comms:
+  lrg comms: 999:0:64512, 999:0:64514
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+4.0.3.0/24, AS_PATH: 4 41, NEXT_HOP: 192.0.2.41, via 192.0.2.2
+  std comms: 999:64512, 999:64514
+  ext comms:
+  lrg comms: 999:0:64512, 999:0:64514
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+4.1.0.0/24, AS_PATH: 4, NEXT_HOP: 192.0.2.41, via 192.0.2.2
+  std comms: 999:64513, 999:64514
+  ext comms:
+  lrg comms: 999:0:64513, 999:0:64514
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+4.2.1.0/24, AS_PATH: 4, NEXT_HOP: 192.0.2.41, via 192.0.2.2
+  std comms: 999:64512, 999:64514
+  ext comms:
+  lrg comms: 999:0:64512, 999:0:64514
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+4.2.3.0/24, AS_PATH: 4 41, NEXT_HOP: 192.0.2.41, via 192.0.2.2
+  std comms: 999:64512, 999:64514
+  ext comms:
+  lrg comms: 999:0:64512, 999:0:64514
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+4.3.1.0/24, AS_PATH: 4 41, NEXT_HOP: 192.0.2.41, via 192.0.2.2
+  std comms: 999:64513, 999:64514
+  ext comms:
+  lrg comms: 999:0:64513, 999:0:64514
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+4.4.0.0/16, AS_PATH: 4 44, NEXT_HOP: 192.0.2.41, via 192.0.2.2
+  std comms: 999:64513, 999:64515, 999:64517
+  ext comms:
+  lrg comms: 999:0:64513, 999:0:64515, 999:0:64517
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+4.5.1.0/24, AS_PATH: 4 43, NEXT_HOP: 192.0.2.41, via 192.0.2.2
+  std comms: 999:64513, 999:64515, 999:64517
+  ext comms:
+  lrg comms: 999:0:64513, 999:0:64515, 999:0:64517
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+4.6.1.0/24, AS_PATH: 4 45, NEXT_HOP: 192.0.2.41, via 192.0.2.2
+  std comms: 999:64513, 999:64515, 999:64517
+  ext comms:
+  lrg comms: 999:0:64513, 999:0:64515, 999:0:64517
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+5.0.1.0/24, AS_PATH: 5, NEXT_HOP: 192.0.2.51, via 192.0.2.2
+  std comms: 999:64512, 999:64514
+  ext comms:
+  lrg comms: 999:0:64512, 999:0:64514
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+5.0.2.0/24, AS_PATH: 5 3, NEXT_HOP: 192.0.2.51, via 192.0.2.2
+  std comms: 999:64512, 999:64515
+  ext comms:
+  lrg comms: 999:0:64512, 999:0:64515
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+5.0.3.0/24, AS_PATH: 5 51, NEXT_HOP: 192.0.2.51, via 192.0.2.2
+  std comms: 999:64512, 999:64514
+  ext comms:
+  lrg comms: 999:0:64512, 999:0:64514
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+5.2.1.0/24, AS_PATH: 5, NEXT_HOP: 192.0.2.51, via 192.0.2.2
+  std comms: 999:64512, 999:64514
+  ext comms:
+  lrg comms: 999:0:64512, 999:0:64514
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+5.2.2.0/24, AS_PATH: 5 3, NEXT_HOP: 192.0.2.51, via 192.0.2.2
+  std comms: 999:64512, 999:64515
+  ext comms:
+  lrg comms: 999:0:64512, 999:0:64515
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+5.2.3.0/24, AS_PATH: 5 51, NEXT_HOP: 192.0.2.51, via 192.0.2.2
+  std comms: 999:64512, 999:64514
+  ext comms:
+  lrg comms: 999:0:64512, 999:0:64514
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+6.0.1.0/24, AS_PATH: 6, NEXT_HOP: 192.0.2.61, via 192.0.2.2
+  std comms: 999:64512, 999:64514, 999:64516, 999:64518
+  ext comms:
+  lrg comms: 999:0:64512, 999:0:64514, 999:0:64516, 999:0:64518
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
diff --git a/tests/live_tests/scenarios/tag_as_set/routes/TagASSetScenario_WithAS_SETs_OpenBGPDIPv4/openbgpd77p/AS4.txt b/tests/live_tests/scenarios/tag_as_set/routes/TagASSetScenario_WithAS_SETs_OpenBGPDIPv4/openbgpd77p/AS4.txt
new file mode 100644
index 00000000..90a0ec35
--- /dev/null
+++ b/tests/live_tests/scenarios/tag_as_set/routes/TagASSetScenario_WithAS_SETs_OpenBGPDIPv4/openbgpd77p/AS4.txt
@@ -0,0 +1,168 @@
+2.0.1.0/24, AS_PATH: 2, NEXT_HOP: 192.0.2.21, via 192.0.2.2
+  std comms: 999:64512, 999:64514
+  ext comms:
+  lrg comms: 999:0:64512, 999:0:64514
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2.0.2.0/24, AS_PATH: 2 3, NEXT_HOP: 192.0.2.21, via 192.0.2.2
+  std comms: 999:64512, 999:64515
+  ext comms:
+  lrg comms: 999:0:64512, 999:0:64515
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2.0.3.0/24, AS_PATH: 2 21, NEXT_HOP: 192.0.2.21, via 192.0.2.2
+  std comms: 999:64512, 999:64514
+  ext comms:
+  lrg comms: 999:0:64512, 999:0:64514
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2.0.3.0/24, AS_PATH: 2 3, NEXT_HOP: 192.0.2.21, via 192.0.2.2
+  std comms: 999:64513, 999:64515
+  ext comms:
+  lrg comms: 999:0:64513, 999:0:64515
+  best: False, LOCAL_PREF: 100
+  filtered: False ()
+
+2.0.4.0/24, AS_PATH: 2, NEXT_HOP: 192.0.2.21, via 192.0.2.2
+  std comms: 999:64512, 999:64514, 999:64516
+  ext comms:
+  lrg comms: 999:0:64512, 999:0:64514, 999:0:64516
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2.0.5.0/24, AS_PATH: 2, NEXT_HOP: 192.0.2.21, via 192.0.2.2
+  std comms: 999:64512, 999:64514, 999:64518
+  ext comms:
+  lrg comms: 999:0:64512, 999:0:64514, 999:0:64518
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2.1.0.0/24, AS_PATH: 2, NEXT_HOP: 192.0.2.21, via 192.0.2.2
+  std comms: 999:64513, 999:64514
+  ext comms:
+  lrg comms: 999:0:64513, 999:0:64514
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2.2.1.0/24, AS_PATH: 2, NEXT_HOP: 192.0.2.21, via 192.0.2.2
+  std comms: 999:64512, 999:64514
+  ext comms:
+  lrg comms: 999:0:64512, 999:0:64514
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2.2.2.0/24, AS_PATH: 2 3, NEXT_HOP: 192.0.2.21, via 192.0.2.2
+  std comms: 999:64512, 999:64515
+  ext comms:
+  lrg comms: 999:0:64512, 999:0:64515
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2.2.3.0/24, AS_PATH: 2 21, NEXT_HOP: 192.0.2.21, via 192.0.2.2
+  std comms: 999:64512, 999:64514
+  ext comms:
+  lrg comms: 999:0:64512, 999:0:64514
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2.3.1.0/24, AS_PATH: 2 21, NEXT_HOP: 192.0.2.21, via 192.0.2.2
+  std comms: 999:64513, 999:64514
+  ext comms:
+  lrg comms: 999:0:64513, 999:0:64514
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2.5.0.0/16, AS_PATH: 2, NEXT_HOP: 192.0.2.21, via 192.0.2.2
+  std comms: 999:64513, 999:64514, 999:64516
+  ext comms:
+  lrg comms: 999:0:64513, 999:0:64514, 999:0:64516
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2.6.0.0/16, AS_PATH: 2, NEXT_HOP: 192.0.2.21, via 192.0.2.2
+  std comms: 999:64513, 999:64514, 999:64518
+  ext comms:
+  lrg comms: 999:0:64513, 999:0:64514, 999:0:64518
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2.7.0.0/16, AS_PATH: 2, NEXT_HOP: 192.0.2.21, via 192.0.2.2
+  std comms: 999:64513, 999:64514, 999:64516, 999:64518
+  ext comms:
+  lrg comms: 999:0:64513, 999:0:64514, 999:0:64516, 999:0:64518
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+3.1.0.0/16, AS_PATH: 6 3, NEXT_HOP: 192.0.2.61, via 192.0.2.2
+  std comms: 999:64513, 999:64514, 999:64516
+  ext comms:
+  lrg comms: 999:0:64513, 999:0:64514, 999:0:64516
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+3.2.1.0/24, AS_PATH: 6 3, NEXT_HOP: 192.0.2.61, via 192.0.2.2
+  std comms: 999:64513, 999:64514, 999:64518
+  ext comms:
+  lrg comms: 999:0:64513, 999:0:64514, 999:0:64518
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+3.3.0.0/16, AS_PATH: 6 3, NEXT_HOP: 192.0.2.61, via 192.0.2.2
+  std comms: 999:64513, 999:64514, 999:64516, 999:64518
+  ext comms:
+  lrg comms: 999:0:64513, 999:0:64514, 999:0:64516, 999:0:64518
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+5.0.1.0/24, AS_PATH: 5, NEXT_HOP: 192.0.2.51, via 192.0.2.2
+  std comms: 999:64512, 999:64514
+  ext comms:
+  lrg comms: 999:0:64512, 999:0:64514
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+5.0.2.0/24, AS_PATH: 5 3, NEXT_HOP: 192.0.2.51, via 192.0.2.2
+  std comms: 999:64512, 999:64515
+  ext comms:
+  lrg comms: 999:0:64512, 999:0:64515
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+5.0.3.0/24, AS_PATH: 5 51, NEXT_HOP: 192.0.2.51, via 192.0.2.2
+  std comms: 999:64512, 999:64514
+  ext comms:
+  lrg comms: 999:0:64512, 999:0:64514
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+5.2.1.0/24, AS_PATH: 5, NEXT_HOP: 192.0.2.51, via 192.0.2.2
+  std comms: 999:64512, 999:64514
+  ext comms:
+  lrg comms: 999:0:64512, 999:0:64514
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+5.2.2.0/24, AS_PATH: 5 3, NEXT_HOP: 192.0.2.51, via 192.0.2.2
+  std comms: 999:64512, 999:64515
+  ext comms:
+  lrg comms: 999:0:64512, 999:0:64515
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+5.2.3.0/24, AS_PATH: 5 51, NEXT_HOP: 192.0.2.51, via 192.0.2.2
+  std comms: 999:64512, 999:64514
+  ext comms:
+  lrg comms: 999:0:64512, 999:0:64514
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+6.0.1.0/24, AS_PATH: 6, NEXT_HOP: 192.0.2.61, via 192.0.2.2
+  std comms: 999:64512, 999:64514, 999:64516, 999:64518
+  ext comms:
+  lrg comms: 999:0:64512, 999:0:64514, 999:0:64516, 999:0:64518
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
diff --git a/tests/live_tests/scenarios/tag_as_set/routes/TagASSetScenario_WithAS_SETs_OpenBGPDIPv4/openbgpd77p/AS5.txt b/tests/live_tests/scenarios/tag_as_set/routes/TagASSetScenario_WithAS_SETs_OpenBGPDIPv4/openbgpd77p/AS5.txt
new file mode 100644
index 00000000..8d6a5ff6
--- /dev/null
+++ b/tests/live_tests/scenarios/tag_as_set/routes/TagASSetScenario_WithAS_SETs_OpenBGPDIPv4/openbgpd77p/AS5.txt
@@ -0,0 +1,189 @@
+2.0.1.0/24, AS_PATH: 2, NEXT_HOP: 192.0.2.21, via 192.0.2.2
+  std comms: 999:64512, 999:64514
+  ext comms:
+  lrg comms: 999:0:64512, 999:0:64514
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2.0.2.0/24, AS_PATH: 2 3, NEXT_HOP: 192.0.2.21, via 192.0.2.2
+  std comms: 999:64512, 999:64515
+  ext comms:
+  lrg comms: 999:0:64512, 999:0:64515
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2.0.3.0/24, AS_PATH: 2 21, NEXT_HOP: 192.0.2.21, via 192.0.2.2
+  std comms: 999:64512, 999:64514
+  ext comms:
+  lrg comms: 999:0:64512, 999:0:64514
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2.0.3.0/24, AS_PATH: 2 3, NEXT_HOP: 192.0.2.21, via 192.0.2.2
+  std comms: 999:64513, 999:64515
+  ext comms:
+  lrg comms: 999:0:64513, 999:0:64515
+  best: False, LOCAL_PREF: 100
+  filtered: False ()
+
+2.0.4.0/24, AS_PATH: 2, NEXT_HOP: 192.0.2.21, via 192.0.2.2
+  std comms: 999:64512, 999:64514, 999:64516
+  ext comms:
+  lrg comms: 999:0:64512, 999:0:64514, 999:0:64516
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2.0.5.0/24, AS_PATH: 2, NEXT_HOP: 192.0.2.21, via 192.0.2.2
+  std comms: 999:64512, 999:64514, 999:64518
+  ext comms:
+  lrg comms: 999:0:64512, 999:0:64514, 999:0:64518
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2.1.0.0/24, AS_PATH: 2, NEXT_HOP: 192.0.2.21, via 192.0.2.2
+  std comms: 999:64513, 999:64514
+  ext comms:
+  lrg comms: 999:0:64513, 999:0:64514
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2.2.1.0/24, AS_PATH: 2, NEXT_HOP: 192.0.2.21, via 192.0.2.2
+  std comms: 999:64512, 999:64514
+  ext comms:
+  lrg comms: 999:0:64512, 999:0:64514
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2.2.2.0/24, AS_PATH: 2 3, NEXT_HOP: 192.0.2.21, via 192.0.2.2
+  std comms: 999:64512, 999:64515
+  ext comms:
+  lrg comms: 999:0:64512, 999:0:64515
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2.2.3.0/24, AS_PATH: 2 21, NEXT_HOP: 192.0.2.21, via 192.0.2.2
+  std comms: 999:64512, 999:64514
+  ext comms:
+  lrg comms: 999:0:64512, 999:0:64514
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2.3.1.0/24, AS_PATH: 2 21, NEXT_HOP: 192.0.2.21, via 192.0.2.2
+  std comms: 999:64513, 999:64514
+  ext comms:
+  lrg comms: 999:0:64513, 999:0:64514
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2.5.0.0/16, AS_PATH: 2, NEXT_HOP: 192.0.2.21, via 192.0.2.2
+  std comms: 999:64513, 999:64514, 999:64516
+  ext comms:
+  lrg comms: 999:0:64513, 999:0:64514, 999:0:64516
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2.6.0.0/16, AS_PATH: 2, NEXT_HOP: 192.0.2.21, via 192.0.2.2
+  std comms: 999:64513, 999:64514, 999:64518
+  ext comms:
+  lrg comms: 999:0:64513, 999:0:64514, 999:0:64518
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2.7.0.0/16, AS_PATH: 2, NEXT_HOP: 192.0.2.21, via 192.0.2.2
+  std comms: 999:64513, 999:64514, 999:64516, 999:64518
+  ext comms:
+  lrg comms: 999:0:64513, 999:0:64514, 999:0:64516, 999:0:64518
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+3.1.0.0/16, AS_PATH: 6 3, NEXT_HOP: 192.0.2.61, via 192.0.2.2
+  std comms: 999:64513, 999:64514, 999:64516
+  ext comms:
+  lrg comms: 999:0:64513, 999:0:64514, 999:0:64516
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+3.2.1.0/24, AS_PATH: 6 3, NEXT_HOP: 192.0.2.61, via 192.0.2.2
+  std comms: 999:64513, 999:64514, 999:64518
+  ext comms:
+  lrg comms: 999:0:64513, 999:0:64514, 999:0:64518
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+3.3.0.0/16, AS_PATH: 6 3, NEXT_HOP: 192.0.2.61, via 192.0.2.2
+  std comms: 999:64513, 999:64514, 999:64516, 999:64518
+  ext comms:
+  lrg comms: 999:0:64513, 999:0:64514, 999:0:64516, 999:0:64518
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+4.0.1.0/24, AS_PATH: 4, NEXT_HOP: 192.0.2.41, via 192.0.2.2
+  std comms: 999:64512, 999:64514
+  ext comms:
+  lrg comms: 999:0:64512, 999:0:64514
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+4.0.3.0/24, AS_PATH: 4 41, NEXT_HOP: 192.0.2.41, via 192.0.2.2
+  std comms: 999:64512, 999:64514
+  ext comms:
+  lrg comms: 999:0:64512, 999:0:64514
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+4.1.0.0/24, AS_PATH: 4, NEXT_HOP: 192.0.2.41, via 192.0.2.2
+  std comms: 999:64513, 999:64514
+  ext comms:
+  lrg comms: 999:0:64513, 999:0:64514
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+4.2.1.0/24, AS_PATH: 4, NEXT_HOP: 192.0.2.41, via 192.0.2.2
+  std comms: 999:64512, 999:64514
+  ext comms:
+  lrg comms: 999:0:64512, 999:0:64514
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+4.2.3.0/24, AS_PATH: 4 41, NEXT_HOP: 192.0.2.41, via 192.0.2.2
+  std comms: 999:64512, 999:64514
+  ext comms:
+  lrg comms: 999:0:64512, 999:0:64514
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+4.3.1.0/24, AS_PATH: 4 41, NEXT_HOP: 192.0.2.41, via 192.0.2.2
+  std comms: 999:64513, 999:64514
+  ext comms:
+  lrg comms: 999:0:64513, 999:0:64514
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+4.4.0.0/16, AS_PATH: 4 44, NEXT_HOP: 192.0.2.41, via 192.0.2.2
+  std comms: 999:64513, 999:64515, 999:64517
+  ext comms:
+  lrg comms: 999:0:64513, 999:0:64515, 999:0:64517
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+4.5.1.0/24, AS_PATH: 4 43, NEXT_HOP: 192.0.2.41, via 192.0.2.2
+  std comms: 999:64513, 999:64515, 999:64517
+  ext comms:
+  lrg comms: 999:0:64513, 999:0:64515, 999:0:64517
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+4.6.1.0/24, AS_PATH: 4 45, NEXT_HOP: 192.0.2.41, via 192.0.2.2
+  std comms: 999:64513, 999:64515, 999:64517
+  ext comms:
+  lrg comms: 999:0:64513, 999:0:64515, 999:0:64517
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+6.0.1.0/24, AS_PATH: 6, NEXT_HOP: 192.0.2.61, via 192.0.2.2
+  std comms: 999:64512, 999:64514, 999:64516, 999:64518
+  ext comms:
+  lrg comms: 999:0:64512, 999:0:64514, 999:0:64516, 999:0:64518
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
diff --git a/tests/live_tests/scenarios/tag_as_set/routes/TagASSetScenario_WithAS_SETs_OpenBGPDIPv4/openbgpd77p/AS6.txt b/tests/live_tests/scenarios/tag_as_set/routes/TagASSetScenario_WithAS_SETs_OpenBGPDIPv4/openbgpd77p/AS6.txt
new file mode 100644
index 00000000..64d1581a
--- /dev/null
+++ b/tests/live_tests/scenarios/tag_as_set/routes/TagASSetScenario_WithAS_SETs_OpenBGPDIPv4/openbgpd77p/AS6.txt
@@ -0,0 +1,203 @@
+2.0.1.0/24, AS_PATH: 2, NEXT_HOP: 192.0.2.21, via 192.0.2.2
+  std comms: 999:64512, 999:64514
+  ext comms:
+  lrg comms: 999:0:64512, 999:0:64514
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2.0.2.0/24, AS_PATH: 2 3, NEXT_HOP: 192.0.2.21, via 192.0.2.2
+  std comms: 999:64512, 999:64515
+  ext comms:
+  lrg comms: 999:0:64512, 999:0:64515
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2.0.3.0/24, AS_PATH: 2 21, NEXT_HOP: 192.0.2.21, via 192.0.2.2
+  std comms: 999:64512, 999:64514
+  ext comms:
+  lrg comms: 999:0:64512, 999:0:64514
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2.0.4.0/24, AS_PATH: 2, NEXT_HOP: 192.0.2.21, via 192.0.2.2
+  std comms: 999:64512, 999:64514, 999:64516
+  ext comms:
+  lrg comms: 999:0:64512, 999:0:64514, 999:0:64516
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2.0.5.0/24, AS_PATH: 2, NEXT_HOP: 192.0.2.21, via 192.0.2.2
+  std comms: 999:64512, 999:64514, 999:64518
+  ext comms:
+  lrg comms: 999:0:64512, 999:0:64514, 999:0:64518
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2.1.0.0/24, AS_PATH: 2, NEXT_HOP: 192.0.2.21, via 192.0.2.2
+  std comms: 999:64513, 999:64514
+  ext comms:
+  lrg comms: 999:0:64513, 999:0:64514
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2.2.1.0/24, AS_PATH: 2, NEXT_HOP: 192.0.2.21, via 192.0.2.2
+  std comms: 999:64512, 999:64514
+  ext comms:
+  lrg comms: 999:0:64512, 999:0:64514
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2.2.2.0/24, AS_PATH: 2 3, NEXT_HOP: 192.0.2.21, via 192.0.2.2
+  std comms: 999:64512, 999:64515
+  ext comms:
+  lrg comms: 999:0:64512, 999:0:64515
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2.2.3.0/24, AS_PATH: 2 21, NEXT_HOP: 192.0.2.21, via 192.0.2.2
+  std comms: 999:64512, 999:64514
+  ext comms:
+  lrg comms: 999:0:64512, 999:0:64514
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2.3.1.0/24, AS_PATH: 2 21, NEXT_HOP: 192.0.2.21, via 192.0.2.2
+  std comms: 999:64513, 999:64514
+  ext comms:
+  lrg comms: 999:0:64513, 999:0:64514
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2.5.0.0/16, AS_PATH: 2, NEXT_HOP: 192.0.2.21, via 192.0.2.2
+  std comms: 999:64513, 999:64514, 999:64516
+  ext comms:
+  lrg comms: 999:0:64513, 999:0:64514, 999:0:64516
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2.6.0.0/16, AS_PATH: 2, NEXT_HOP: 192.0.2.21, via 192.0.2.2
+  std comms: 999:64513, 999:64514, 999:64518
+  ext comms:
+  lrg comms: 999:0:64513, 999:0:64514, 999:0:64518
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2.7.0.0/16, AS_PATH: 2, NEXT_HOP: 192.0.2.21, via 192.0.2.2
+  std comms: 999:64513, 999:64514, 999:64516, 999:64518
+  ext comms:
+  lrg comms: 999:0:64513, 999:0:64514, 999:0:64516, 999:0:64518
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+3.0.1.0/24, AS_PATH: 2 3, NEXT_HOP: 192.0.2.21, via 192.0.2.2
+  std comms: 999:64513, 999:64515
+  ext comms:
+  lrg comms: 999:0:64513, 999:0:64515
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+4.0.1.0/24, AS_PATH: 4, NEXT_HOP: 192.0.2.41, via 192.0.2.2
+  std comms: 999:64512, 999:64514
+  ext comms:
+  lrg comms: 999:0:64512, 999:0:64514
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+4.0.3.0/24, AS_PATH: 4 41, NEXT_HOP: 192.0.2.41, via 192.0.2.2
+  std comms: 999:64512, 999:64514
+  ext comms:
+  lrg comms: 999:0:64512, 999:0:64514
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+4.1.0.0/24, AS_PATH: 4, NEXT_HOP: 192.0.2.41, via 192.0.2.2
+  std comms: 999:64513, 999:64514
+  ext comms:
+  lrg comms: 999:0:64513, 999:0:64514
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+4.2.1.0/24, AS_PATH: 4, NEXT_HOP: 192.0.2.41, via 192.0.2.2
+  std comms: 999:64512, 999:64514
+  ext comms:
+  lrg comms: 999:0:64512, 999:0:64514
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+4.2.3.0/24, AS_PATH: 4 41, NEXT_HOP: 192.0.2.41, via 192.0.2.2
+  std comms: 999:64512, 999:64514
+  ext comms:
+  lrg comms: 999:0:64512, 999:0:64514
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+4.3.1.0/24, AS_PATH: 4 41, NEXT_HOP: 192.0.2.41, via 192.0.2.2
+  std comms: 999:64513, 999:64514
+  ext comms:
+  lrg comms: 999:0:64513, 999:0:64514
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+4.4.0.0/16, AS_PATH: 4 44, NEXT_HOP: 192.0.2.41, via 192.0.2.2
+  std comms: 999:64513, 999:64515, 999:64517
+  ext comms:
+  lrg comms: 999:0:64513, 999:0:64515, 999:0:64517
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+4.5.1.0/24, AS_PATH: 4 43, NEXT_HOP: 192.0.2.41, via 192.0.2.2
+  std comms: 999:64513, 999:64515, 999:64517
+  ext comms:
+  lrg comms: 999:0:64513, 999:0:64515, 999:0:64517
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+4.6.1.0/24, AS_PATH: 4 45, NEXT_HOP: 192.0.2.41, via 192.0.2.2
+  std comms: 999:64513, 999:64515, 999:64517
+  ext comms:
+  lrg comms: 999:0:64513, 999:0:64515, 999:0:64517
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+5.0.1.0/24, AS_PATH: 5, NEXT_HOP: 192.0.2.51, via 192.0.2.2
+  std comms: 999:64512, 999:64514
+  ext comms:
+  lrg comms: 999:0:64512, 999:0:64514
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+5.0.2.0/24, AS_PATH: 5 3, NEXT_HOP: 192.0.2.51, via 192.0.2.2
+  std comms: 999:64512, 999:64515
+  ext comms:
+  lrg comms: 999:0:64512, 999:0:64515
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+5.0.3.0/24, AS_PATH: 5 51, NEXT_HOP: 192.0.2.51, via 192.0.2.2
+  std comms: 999:64512, 999:64514
+  ext comms:
+  lrg comms: 999:0:64512, 999:0:64514
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+5.2.1.0/24, AS_PATH: 5, NEXT_HOP: 192.0.2.51, via 192.0.2.2
+  std comms: 999:64512, 999:64514
+  ext comms:
+  lrg comms: 999:0:64512, 999:0:64514
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+5.2.2.0/24, AS_PATH: 5 3, NEXT_HOP: 192.0.2.51, via 192.0.2.2
+  std comms: 999:64512, 999:64515
+  ext comms:
+  lrg comms: 999:0:64512, 999:0:64515
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+5.2.3.0/24, AS_PATH: 5 51, NEXT_HOP: 192.0.2.51, via 192.0.2.2
+  std comms: 999:64512, 999:64514
+  ext comms:
+  lrg comms: 999:0:64512, 999:0:64514
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
diff --git a/tests/live_tests/scenarios/tag_as_set/routes/TagASSetScenario_WithAS_SETs_OpenBGPDIPv4/openbgpd77p/rs.txt b/tests/live_tests/scenarios/tag_as_set/routes/TagASSetScenario_WithAS_SETs_OpenBGPDIPv4/openbgpd77p/rs.txt
new file mode 100644
index 00000000..a776c298
--- /dev/null
+++ b/tests/live_tests/scenarios/tag_as_set/routes/TagASSetScenario_WithAS_SETs_OpenBGPDIPv4/openbgpd77p/rs.txt
@@ -0,0 +1,294 @@
+2.0.1.0/24, AS_PATH: 2, NEXT_HOP: 192.0.2.21, via 192.0.2.21
+  std comms: 999:64512, 999:64514
+  ext comms:
+  lrg comms: 999:0:64512, 999:0:64514
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2.0.2.0/24, AS_PATH: 2 3, NEXT_HOP: 192.0.2.21, via 192.0.2.21
+  std comms: 999:64512, 999:64515
+  ext comms:
+  lrg comms: 999:0:64512, 999:0:64515
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2.0.3.0/24, AS_PATH: 2 21, NEXT_HOP: 192.0.2.21, via 192.0.2.21
+  std comms: 999:64512, 999:64514
+  ext comms:
+  lrg comms: 999:0:64512, 999:0:64514
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2.0.4.0/24, AS_PATH: 2, NEXT_HOP: 192.0.2.21, via 192.0.2.21
+  std comms: 999:64512, 999:64514, 999:64516
+  ext comms:
+  lrg comms: 999:0:64512, 999:0:64514, 999:0:64516
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2.0.5.0/24, AS_PATH: 2, NEXT_HOP: 192.0.2.21, via 192.0.2.21
+  std comms: 999:64512, 999:64514, 999:64518
+  ext comms:
+  lrg comms: 999:0:64512, 999:0:64514, 999:0:64518
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2.1.0.0/24, AS_PATH: 2, NEXT_HOP: 192.0.2.21, via 192.0.2.21
+  std comms: 999:64513, 999:64514
+  ext comms:
+  lrg comms: 999:0:64513, 999:0:64514
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2.2.1.0/24, AS_PATH: 2, NEXT_HOP: 192.0.2.21, via 192.0.2.21
+  std comms: 999:64512, 999:64514
+  ext comms:
+  lrg comms: 999:0:64512, 999:0:64514
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2.2.2.0/24, AS_PATH: 2 3, NEXT_HOP: 192.0.2.21, via 192.0.2.21
+  std comms: 999:64512, 999:64515
+  ext comms:
+  lrg comms: 999:0:64512, 999:0:64515
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2.2.3.0/24, AS_PATH: 2 21, NEXT_HOP: 192.0.2.21, via 192.0.2.21
+  std comms: 999:64512, 999:64514
+  ext comms:
+  lrg comms: 999:0:64512, 999:0:64514
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2.3.1.0/24, AS_PATH: 2 21, NEXT_HOP: 192.0.2.21, via 192.0.2.21
+  std comms: 999:64513, 999:64514
+  ext comms:
+  lrg comms: 999:0:64513, 999:0:64514
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2.4.0.0/16, AS_PATH: 6 2, NEXT_HOP: 192.0.2.61, via 192.0.2.61
+  std comms: 999:64513, 999:64515
+  ext comms:
+  lrg comms: 999:0:64513, 999:0:64515
+  best: True, LOCAL_PREF: 1
+  filtered: True (9)
+
+2.5.0.0/16, AS_PATH: 2, NEXT_HOP: 192.0.2.21, via 192.0.2.21
+  std comms: 999:64513, 999:64514, 999:64516
+  ext comms:
+  lrg comms: 999:0:64513, 999:0:64514, 999:0:64516
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2.6.0.0/16, AS_PATH: 2, NEXT_HOP: 192.0.2.21, via 192.0.2.21
+  std comms: 999:64513, 999:64514, 999:64518
+  ext comms:
+  lrg comms: 999:0:64513, 999:0:64514, 999:0:64518
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2.7.0.0/16, AS_PATH: 2, NEXT_HOP: 192.0.2.21, via 192.0.2.21
+  std comms: 999:64513, 999:64514, 999:64516, 999:64518
+  ext comms:
+  lrg comms: 999:0:64513, 999:0:64514, 999:0:64516, 999:0:64518
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+3.0.1.0/24, AS_PATH: 2 3, NEXT_HOP: 192.0.2.21, via 192.0.2.21
+  std comms: 999:64513, 999:64515
+  ext comms:
+  lrg comms: 999:0:64513, 999:0:64515
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+3.0.1.0/24, AS_PATH: 4 3, NEXT_HOP: 192.0.2.41, via 192.0.2.41
+  std comms: 999:64513, 999:64515
+  ext comms:
+  lrg comms: 999:0:64513, 999:0:64515
+  best: False, LOCAL_PREF: 1
+  filtered: True (9)
+
+3.0.1.0/24, AS_PATH: 5 3, NEXT_HOP: 192.0.2.51, via 192.0.2.51
+  std comms: 999:64513, 999:64515
+  ext comms:
+  lrg comms: 999:0:64513, 999:0:64515
+  best: False, LOCAL_PREF: 1
+  filtered: True (12)
+
+3.1.0.0/16, AS_PATH: 6 3, NEXT_HOP: 192.0.2.61, via 192.0.2.61
+  std comms: 999:64513, 999:64514, 999:64516
+  ext comms:
+  lrg comms: 999:0:64513, 999:0:64514, 999:0:64516
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+3.2.1.0/24, AS_PATH: 6 3, NEXT_HOP: 192.0.2.61, via 192.0.2.61
+  std comms: 999:64513, 999:64514, 999:64518
+  ext comms:
+  lrg comms: 999:0:64513, 999:0:64514, 999:0:64518
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+3.3.0.0/16, AS_PATH: 6 3, NEXT_HOP: 192.0.2.61, via 192.0.2.61
+  std comms: 999:64513, 999:64514, 999:64516, 999:64518
+  ext comms:
+  lrg comms: 999:0:64513, 999:0:64514, 999:0:64516, 999:0:64518
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+4.0.1.0/24, AS_PATH: 4, NEXT_HOP: 192.0.2.41, via 192.0.2.41
+  std comms: 999:64512, 999:64514
+  ext comms:
+  lrg comms: 999:0:64512, 999:0:64514
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+4.0.2.0/24, AS_PATH: 4 3, NEXT_HOP: 192.0.2.41, via 192.0.2.41
+  std comms: 999:64512, 999:64515
+  ext comms:
+  lrg comms: 999:0:64512, 999:0:64515
+  best: True, LOCAL_PREF: 1
+  filtered: True (9)
+
+4.0.3.0/24, AS_PATH: 4 41, NEXT_HOP: 192.0.2.41, via 192.0.2.41
+  std comms: 999:64512, 999:64514
+  ext comms:
+  lrg comms: 999:0:64512, 999:0:64514
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+4.1.0.0/24, AS_PATH: 4, NEXT_HOP: 192.0.2.41, via 192.0.2.41
+  std comms: 999:64513, 999:64514
+  ext comms:
+  lrg comms: 999:0:64513, 999:0:64514
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+4.2.1.0/24, AS_PATH: 4, NEXT_HOP: 192.0.2.41, via 192.0.2.41
+  std comms: 999:64512, 999:64514
+  ext comms:
+  lrg comms: 999:0:64512, 999:0:64514
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+4.2.2.0/24, AS_PATH: 4 3, NEXT_HOP: 192.0.2.41, via 192.0.2.41
+  std comms: 999:64512, 999:64515
+  ext comms:
+  lrg comms: 999:0:64512, 999:0:64515
+  best: True, LOCAL_PREF: 1
+  filtered: True (9)
+
+4.2.3.0/24, AS_PATH: 4 41, NEXT_HOP: 192.0.2.41, via 192.0.2.41
+  std comms: 999:64512, 999:64514
+  ext comms:
+  lrg comms: 999:0:64512, 999:0:64514
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+4.3.1.0/24, AS_PATH: 4 41, NEXT_HOP: 192.0.2.41, via 192.0.2.41
+  std comms: 999:64513, 999:64514
+  ext comms:
+  lrg comms: 999:0:64513, 999:0:64514
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+4.4.0.0/16, AS_PATH: 4 44, NEXT_HOP: 192.0.2.41, via 192.0.2.41
+  std comms: 999:64513, 999:64515, 999:64517
+  ext comms:
+  lrg comms: 999:0:64513, 999:0:64515, 999:0:64517
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+4.4.1.0/24, AS_PATH: 4 44, NEXT_HOP: 192.0.2.41, via 192.0.2.41
+  std comms: 999:64513, 999:64515
+  ext comms:
+  lrg comms: 999:0:64513, 999:0:64515
+  best: True, LOCAL_PREF: 1
+  filtered: True (9)
+
+4.5.1.0/24, AS_PATH: 4 43, NEXT_HOP: 192.0.2.41, via 192.0.2.41
+  std comms: 999:64513, 999:64515, 999:64517
+  ext comms:
+  lrg comms: 999:0:64513, 999:0:64515, 999:0:64517
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+4.5.2.0/24, AS_PATH: 4 45, NEXT_HOP: 192.0.2.41, via 192.0.2.41
+  std comms: 999:64513, 999:64515
+  ext comms:
+  lrg comms: 999:0:64513, 999:0:64515
+  best: True, LOCAL_PREF: 1
+  filtered: True (9)
+
+4.6.1.0/24, AS_PATH: 4 45, NEXT_HOP: 192.0.2.41, via 192.0.2.41
+  std comms: 999:64513, 999:64515, 999:64517
+  ext comms:
+  lrg comms: 999:0:64513, 999:0:64515, 999:0:64517
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+5.0.1.0/24, AS_PATH: 5, NEXT_HOP: 192.0.2.51, via 192.0.2.51
+  std comms: 999:64512, 999:64514
+  ext comms:
+  lrg comms: 999:0:64512, 999:0:64514
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+5.0.2.0/24, AS_PATH: 5 3, NEXT_HOP: 192.0.2.51, via 192.0.2.51
+  std comms: 999:64512, 999:64515
+  ext comms:
+  lrg comms: 999:0:64512, 999:0:64515
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+5.0.3.0/24, AS_PATH: 5 51, NEXT_HOP: 192.0.2.51, via 192.0.2.51
+  std comms: 999:64512, 999:64514
+  ext comms:
+  lrg comms: 999:0:64512, 999:0:64514
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+5.1.0.0/24, AS_PATH: 5, NEXT_HOP: 192.0.2.51, via 192.0.2.51
+  std comms: 999:64513, 999:64514
+  ext comms:
+  lrg comms: 999:0:64513, 999:0:64514
+  best: True, LOCAL_PREF: 1
+  filtered: True (12)
+
+5.2.1.0/24, AS_PATH: 5, NEXT_HOP: 192.0.2.51, via 192.0.2.51
+  std comms: 999:64512, 999:64514
+  ext comms:
+  lrg comms: 999:0:64512, 999:0:64514
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+5.2.2.0/24, AS_PATH: 5 3, NEXT_HOP: 192.0.2.51, via 192.0.2.51
+  std comms: 999:64512, 999:64515
+  ext comms:
+  lrg comms: 999:0:64512, 999:0:64515
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+5.2.3.0/24, AS_PATH: 5 51, NEXT_HOP: 192.0.2.51, via 192.0.2.51
+  std comms: 999:64512, 999:64514
+  ext comms:
+  lrg comms: 999:0:64512, 999:0:64514
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+5.3.1.0/24, AS_PATH: 5 51, NEXT_HOP: 192.0.2.51, via 192.0.2.51
+  std comms: 999:64513, 999:64514
+  ext comms:
+  lrg comms: 999:0:64513, 999:0:64514
+  best: True, LOCAL_PREF: 1
+  filtered: True (12)
+
+6.0.1.0/24, AS_PATH: 6, NEXT_HOP: 192.0.2.61, via 192.0.2.61
+  std comms: 999:64512, 999:64514, 999:64516, 999:64518
+  ext comms:
+  lrg comms: 999:0:64512, 999:0:64514, 999:0:64516, 999:0:64518
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
diff --git a/tests/live_tests/scenarios/tag_as_set/routes/TagASSetScenario_WithAS_SETs_OpenBGPDIPv6/openbgpd77p/AS1.txt b/tests/live_tests/scenarios/tag_as_set/routes/TagASSetScenario_WithAS_SETs_OpenBGPDIPv6/openbgpd77p/AS1.txt
new file mode 100644
index 00000000..b4c388d5
--- /dev/null
+++ b/tests/live_tests/scenarios/tag_as_set/routes/TagASSetScenario_WithAS_SETs_OpenBGPDIPv6/openbgpd77p/AS1.txt
@@ -0,0 +1,231 @@
+2a02:0:1::/48, AS_PATH: 2, NEXT_HOP: 2001:db8:1:1::21, via 2001:db8:1:1::2
+  std comms: 999:64512, 999:64514
+  ext comms:
+  lrg comms: 999:0:64512, 999:0:64514
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a02:0:2::/48, AS_PATH: 2 3, NEXT_HOP: 2001:db8:1:1::21, via 2001:db8:1:1::2
+  std comms: 999:64512, 999:64515
+  ext comms:
+  lrg comms: 999:0:64512, 999:0:64515
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a02:0:3::/48, AS_PATH: 2 21, NEXT_HOP: 2001:db8:1:1::21, via 2001:db8:1:1::2
+  std comms: 999:64512, 999:64514
+  ext comms:
+  lrg comms: 999:0:64512, 999:0:64514
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a02:0:4::/48, AS_PATH: 2, NEXT_HOP: 2001:db8:1:1::21, via 2001:db8:1:1::2
+  std comms: 999:64512, 999:64514, 999:64516
+  ext comms:
+  lrg comms: 999:0:64512, 999:0:64514, 999:0:64516
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a02:0:5::/48, AS_PATH: 2, NEXT_HOP: 2001:db8:1:1::21, via 2001:db8:1:1::2
+  std comms: 999:64512, 999:64514, 999:64518
+  ext comms:
+  lrg comms: 999:0:64512, 999:0:64514, 999:0:64518
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a02:1::/48, AS_PATH: 2, NEXT_HOP: 2001:db8:1:1::21, via 2001:db8:1:1::2
+  std comms: 999:64513, 999:64514
+  ext comms:
+  lrg comms: 999:0:64513, 999:0:64514
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a02:2:1::/48, AS_PATH: 2, NEXT_HOP: 2001:db8:1:1::21, via 2001:db8:1:1::2
+  std comms: 999:64512, 999:64514
+  ext comms:
+  lrg comms: 999:0:64512, 999:0:64514
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a02:2:2::/48, AS_PATH: 2 3, NEXT_HOP: 2001:db8:1:1::21, via 2001:db8:1:1::2
+  std comms: 999:64512, 999:64515
+  ext comms:
+  lrg comms: 999:0:64512, 999:0:64515
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a02:2:3::/48, AS_PATH: 2 21, NEXT_HOP: 2001:db8:1:1::21, via 2001:db8:1:1::2
+  std comms: 999:64512, 999:64514
+  ext comms:
+  lrg comms: 999:0:64512, 999:0:64514
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a02:3:1::/48, AS_PATH: 2 21, NEXT_HOP: 2001:db8:1:1::21, via 2001:db8:1:1::2
+  std comms: 999:64513, 999:64514
+  ext comms:
+  lrg comms: 999:0:64513, 999:0:64514
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a02:5::/32, AS_PATH: 2, NEXT_HOP: 2001:db8:1:1::21, via 2001:db8:1:1::2
+  std comms: 999:64513, 999:64514, 999:64516
+  ext comms:
+  lrg comms: 999:0:64513, 999:0:64514, 999:0:64516
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a02:6::/32, AS_PATH: 2, NEXT_HOP: 2001:db8:1:1::21, via 2001:db8:1:1::2
+  std comms: 999:64513, 999:64514, 999:64518
+  ext comms:
+  lrg comms: 999:0:64513, 999:0:64514, 999:0:64518
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a02:7::/32, AS_PATH: 2, NEXT_HOP: 2001:db8:1:1::21, via 2001:db8:1:1::2
+  std comms: 999:64513, 999:64514, 999:64516, 999:64518
+  ext comms:
+  lrg comms: 999:0:64513, 999:0:64514, 999:0:64516, 999:0:64518
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a03:0:1::/48, AS_PATH: 2 3, NEXT_HOP: 2001:db8:1:1::21, via 2001:db8:1:1::2
+  std comms: 999:64513, 999:64515
+  ext comms:
+  lrg comms: 999:0:64513, 999:0:64515
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a03:1::/32, AS_PATH: 6 3, NEXT_HOP: 2001:db8:1:1::61, via 2001:db8:1:1::2
+  std comms: 999:64513, 999:64514, 999:64516
+  ext comms:
+  lrg comms: 999:0:64513, 999:0:64514, 999:0:64516
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a03:2:1::/48, AS_PATH: 6 3, NEXT_HOP: 2001:db8:1:1::61, via 2001:db8:1:1::2
+  std comms: 999:64513, 999:64514, 999:64518
+  ext comms:
+  lrg comms: 999:0:64513, 999:0:64514, 999:0:64518
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a03:3::/32, AS_PATH: 6 3, NEXT_HOP: 2001:db8:1:1::61, via 2001:db8:1:1::2
+  std comms: 999:64513, 999:64514, 999:64516, 999:64518
+  ext comms:
+  lrg comms: 999:0:64513, 999:0:64514, 999:0:64516, 999:0:64518
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a04:0:1::/48, AS_PATH: 4, NEXT_HOP: 2001:db8:1:1::41, via 2001:db8:1:1::2
+  std comms: 999:64512, 999:64514
+  ext comms:
+  lrg comms: 999:0:64512, 999:0:64514
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a04:0:3::/48, AS_PATH: 4 41, NEXT_HOP: 2001:db8:1:1::41, via 2001:db8:1:1::2
+  std comms: 999:64512, 999:64514
+  ext comms:
+  lrg comms: 999:0:64512, 999:0:64514
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a04:1::/48, AS_PATH: 4, NEXT_HOP: 2001:db8:1:1::41, via 2001:db8:1:1::2
+  std comms: 999:64513, 999:64514
+  ext comms:
+  lrg comms: 999:0:64513, 999:0:64514
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a04:2:1::/48, AS_PATH: 4, NEXT_HOP: 2001:db8:1:1::41, via 2001:db8:1:1::2
+  std comms: 999:64512, 999:64514
+  ext comms:
+  lrg comms: 999:0:64512, 999:0:64514
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a04:2:3::/48, AS_PATH: 4 41, NEXT_HOP: 2001:db8:1:1::41, via 2001:db8:1:1::2
+  std comms: 999:64512, 999:64514
+  ext comms:
+  lrg comms: 999:0:64512, 999:0:64514
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a04:3:1::/48, AS_PATH: 4 41, NEXT_HOP: 2001:db8:1:1::41, via 2001:db8:1:1::2
+  std comms: 999:64513, 999:64514
+  ext comms:
+  lrg comms: 999:0:64513, 999:0:64514
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a04:4::/32, AS_PATH: 4 44, NEXT_HOP: 2001:db8:1:1::41, via 2001:db8:1:1::2
+  std comms: 999:64513, 999:64515, 999:64517
+  ext comms:
+  lrg comms: 999:0:64513, 999:0:64515, 999:0:64517
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a04:5:1::/48, AS_PATH: 4 43, NEXT_HOP: 2001:db8:1:1::41, via 2001:db8:1:1::2
+  std comms: 999:64513, 999:64515, 999:64517
+  ext comms:
+  lrg comms: 999:0:64513, 999:0:64515, 999:0:64517
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a04:6:1::/48, AS_PATH: 4 45, NEXT_HOP: 2001:db8:1:1::41, via 2001:db8:1:1::2
+  std comms: 999:64513, 999:64515, 999:64517
+  ext comms:
+  lrg comms: 999:0:64513, 999:0:64515, 999:0:64517
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a05:0:1::/48, AS_PATH: 5, NEXT_HOP: 2001:db8:1:1::51, via 2001:db8:1:1::2
+  std comms: 999:64512, 999:64514
+  ext comms:
+  lrg comms: 999:0:64512, 999:0:64514
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a05:0:2::/48, AS_PATH: 5 3, NEXT_HOP: 2001:db8:1:1::51, via 2001:db8:1:1::2
+  std comms: 999:64512, 999:64515
+  ext comms:
+  lrg comms: 999:0:64512, 999:0:64515
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a05:0:3::/48, AS_PATH: 5 51, NEXT_HOP: 2001:db8:1:1::51, via 2001:db8:1:1::2
+  std comms: 999:64512, 999:64514
+  ext comms:
+  lrg comms: 999:0:64512, 999:0:64514
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a05:2:1::/48, AS_PATH: 5, NEXT_HOP: 2001:db8:1:1::51, via 2001:db8:1:1::2
+  std comms: 999:64512, 999:64514
+  ext comms:
+  lrg comms: 999:0:64512, 999:0:64514
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a05:2:2::/48, AS_PATH: 5 3, NEXT_HOP: 2001:db8:1:1::51, via 2001:db8:1:1::2
+  std comms: 999:64512, 999:64515
+  ext comms:
+  lrg comms: 999:0:64512, 999:0:64515
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a05:2:3::/48, AS_PATH: 5 51, NEXT_HOP: 2001:db8:1:1::51, via 2001:db8:1:1::2
+  std comms: 999:64512, 999:64514
+  ext comms:
+  lrg comms: 999:0:64512, 999:0:64514
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a06:0:1::/48, AS_PATH: 6, NEXT_HOP: 2001:db8:1:1::61, via 2001:db8:1:1::2
+  std comms: 999:64512, 999:64514, 999:64516, 999:64518
+  ext comms:
+  lrg comms: 999:0:64512, 999:0:64514, 999:0:64516, 999:0:64518
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
diff --git a/tests/live_tests/scenarios/tag_as_set/routes/TagASSetScenario_WithAS_SETs_OpenBGPDIPv6/openbgpd77p/AS2.txt b/tests/live_tests/scenarios/tag_as_set/routes/TagASSetScenario_WithAS_SETs_OpenBGPDIPv6/openbgpd77p/AS2.txt
new file mode 100644
index 00000000..75c453dd
--- /dev/null
+++ b/tests/live_tests/scenarios/tag_as_set/routes/TagASSetScenario_WithAS_SETs_OpenBGPDIPv6/openbgpd77p/AS2.txt
@@ -0,0 +1,133 @@
+2a03:1::/32, AS_PATH: 6 3, NEXT_HOP: 2001:db8:1:1::61, via 2001:db8:1:1::2
+  std comms: 999:64513, 999:64514, 999:64516
+  ext comms:
+  lrg comms: 999:0:64513, 999:0:64514, 999:0:64516
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a03:2:1::/48, AS_PATH: 6 3, NEXT_HOP: 2001:db8:1:1::61, via 2001:db8:1:1::2
+  std comms: 999:64513, 999:64514, 999:64518
+  ext comms:
+  lrg comms: 999:0:64513, 999:0:64514, 999:0:64518
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a03:3::/32, AS_PATH: 6 3, NEXT_HOP: 2001:db8:1:1::61, via 2001:db8:1:1::2
+  std comms: 999:64513, 999:64514, 999:64516, 999:64518
+  ext comms:
+  lrg comms: 999:0:64513, 999:0:64514, 999:0:64516, 999:0:64518
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a04:0:1::/48, AS_PATH: 4, NEXT_HOP: 2001:db8:1:1::41, via 2001:db8:1:1::2
+  std comms: 999:64512, 999:64514
+  ext comms:
+  lrg comms: 999:0:64512, 999:0:64514
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a04:0:3::/48, AS_PATH: 4 41, NEXT_HOP: 2001:db8:1:1::41, via 2001:db8:1:1::2
+  std comms: 999:64512, 999:64514
+  ext comms:
+  lrg comms: 999:0:64512, 999:0:64514
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a04:1::/48, AS_PATH: 4, NEXT_HOP: 2001:db8:1:1::41, via 2001:db8:1:1::2
+  std comms: 999:64513, 999:64514
+  ext comms:
+  lrg comms: 999:0:64513, 999:0:64514
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a04:2:1::/48, AS_PATH: 4, NEXT_HOP: 2001:db8:1:1::41, via 2001:db8:1:1::2
+  std comms: 999:64512, 999:64514
+  ext comms:
+  lrg comms: 999:0:64512, 999:0:64514
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a04:2:3::/48, AS_PATH: 4 41, NEXT_HOP: 2001:db8:1:1::41, via 2001:db8:1:1::2
+  std comms: 999:64512, 999:64514
+  ext comms:
+  lrg comms: 999:0:64512, 999:0:64514
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a04:3:1::/48, AS_PATH: 4 41, NEXT_HOP: 2001:db8:1:1::41, via 2001:db8:1:1::2
+  std comms: 999:64513, 999:64514
+  ext comms:
+  lrg comms: 999:0:64513, 999:0:64514
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a04:4::/32, AS_PATH: 4 44, NEXT_HOP: 2001:db8:1:1::41, via 2001:db8:1:1::2
+  std comms: 999:64513, 999:64515, 999:64517
+  ext comms:
+  lrg comms: 999:0:64513, 999:0:64515, 999:0:64517
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a04:5:1::/48, AS_PATH: 4 43, NEXT_HOP: 2001:db8:1:1::41, via 2001:db8:1:1::2
+  std comms: 999:64513, 999:64515, 999:64517
+  ext comms:
+  lrg comms: 999:0:64513, 999:0:64515, 999:0:64517
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a04:6:1::/48, AS_PATH: 4 45, NEXT_HOP: 2001:db8:1:1::41, via 2001:db8:1:1::2
+  std comms: 999:64513, 999:64515, 999:64517
+  ext comms:
+  lrg comms: 999:0:64513, 999:0:64515, 999:0:64517
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a05:0:1::/48, AS_PATH: 5, NEXT_HOP: 2001:db8:1:1::51, via 2001:db8:1:1::2
+  std comms: 999:64512, 999:64514
+  ext comms:
+  lrg comms: 999:0:64512, 999:0:64514
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a05:0:2::/48, AS_PATH: 5 3, NEXT_HOP: 2001:db8:1:1::51, via 2001:db8:1:1::2
+  std comms: 999:64512, 999:64515
+  ext comms:
+  lrg comms: 999:0:64512, 999:0:64515
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a05:0:3::/48, AS_PATH: 5 51, NEXT_HOP: 2001:db8:1:1::51, via 2001:db8:1:1::2
+  std comms: 999:64512, 999:64514
+  ext comms:
+  lrg comms: 999:0:64512, 999:0:64514
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a05:2:1::/48, AS_PATH: 5, NEXT_HOP: 2001:db8:1:1::51, via 2001:db8:1:1::2
+  std comms: 999:64512, 999:64514
+  ext comms:
+  lrg comms: 999:0:64512, 999:0:64514
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a05:2:2::/48, AS_PATH: 5 3, NEXT_HOP: 2001:db8:1:1::51, via 2001:db8:1:1::2
+  std comms: 999:64512, 999:64515
+  ext comms:
+  lrg comms: 999:0:64512, 999:0:64515
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a05:2:3::/48, AS_PATH: 5 51, NEXT_HOP: 2001:db8:1:1::51, via 2001:db8:1:1::2
+  std comms: 999:64512, 999:64514
+  ext comms:
+  lrg comms: 999:0:64512, 999:0:64514
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a06:0:1::/48, AS_PATH: 6, NEXT_HOP: 2001:db8:1:1::61, via 2001:db8:1:1::2
+  std comms: 999:64512, 999:64514, 999:64516, 999:64518
+  ext comms:
+  lrg comms: 999:0:64512, 999:0:64514, 999:0:64516, 999:0:64518
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
diff --git a/tests/live_tests/scenarios/tag_as_set/routes/TagASSetScenario_WithAS_SETs_OpenBGPDIPv6/openbgpd77p/AS4.txt b/tests/live_tests/scenarios/tag_as_set/routes/TagASSetScenario_WithAS_SETs_OpenBGPDIPv6/openbgpd77p/AS4.txt
new file mode 100644
index 00000000..d3c83f17
--- /dev/null
+++ b/tests/live_tests/scenarios/tag_as_set/routes/TagASSetScenario_WithAS_SETs_OpenBGPDIPv6/openbgpd77p/AS4.txt
@@ -0,0 +1,168 @@
+2a02:0:1::/48, AS_PATH: 2, NEXT_HOP: 2001:db8:1:1::21, via 2001:db8:1:1::2
+  std comms: 999:64512, 999:64514
+  ext comms:
+  lrg comms: 999:0:64512, 999:0:64514
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a02:0:2::/48, AS_PATH: 2 3, NEXT_HOP: 2001:db8:1:1::21, via 2001:db8:1:1::2
+  std comms: 999:64512, 999:64515
+  ext comms:
+  lrg comms: 999:0:64512, 999:0:64515
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a02:0:3::/48, AS_PATH: 2 21, NEXT_HOP: 2001:db8:1:1::21, via 2001:db8:1:1::2
+  std comms: 999:64512, 999:64514
+  ext comms:
+  lrg comms: 999:0:64512, 999:0:64514
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a02:0:4::/48, AS_PATH: 2, NEXT_HOP: 2001:db8:1:1::21, via 2001:db8:1:1::2
+  std comms: 999:64512, 999:64514, 999:64516
+  ext comms:
+  lrg comms: 999:0:64512, 999:0:64514, 999:0:64516
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a02:0:5::/48, AS_PATH: 2, NEXT_HOP: 2001:db8:1:1::21, via 2001:db8:1:1::2
+  std comms: 999:64512, 999:64514, 999:64518
+  ext comms:
+  lrg comms: 999:0:64512, 999:0:64514, 999:0:64518
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a02:1::/48, AS_PATH: 2, NEXT_HOP: 2001:db8:1:1::21, via 2001:db8:1:1::2
+  std comms: 999:64513, 999:64514
+  ext comms:
+  lrg comms: 999:0:64513, 999:0:64514
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a02:2:1::/48, AS_PATH: 2, NEXT_HOP: 2001:db8:1:1::21, via 2001:db8:1:1::2
+  std comms: 999:64512, 999:64514
+  ext comms:
+  lrg comms: 999:0:64512, 999:0:64514
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a02:2:2::/48, AS_PATH: 2 3, NEXT_HOP: 2001:db8:1:1::21, via 2001:db8:1:1::2
+  std comms: 999:64512, 999:64515
+  ext comms:
+  lrg comms: 999:0:64512, 999:0:64515
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a02:2:3::/48, AS_PATH: 2 21, NEXT_HOP: 2001:db8:1:1::21, via 2001:db8:1:1::2
+  std comms: 999:64512, 999:64514
+  ext comms:
+  lrg comms: 999:0:64512, 999:0:64514
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a02:3:1::/48, AS_PATH: 2 21, NEXT_HOP: 2001:db8:1:1::21, via 2001:db8:1:1::2
+  std comms: 999:64513, 999:64514
+  ext comms:
+  lrg comms: 999:0:64513, 999:0:64514
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a02:5::/32, AS_PATH: 2, NEXT_HOP: 2001:db8:1:1::21, via 2001:db8:1:1::2
+  std comms: 999:64513, 999:64514, 999:64516
+  ext comms:
+  lrg comms: 999:0:64513, 999:0:64514, 999:0:64516
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a02:6::/32, AS_PATH: 2, NEXT_HOP: 2001:db8:1:1::21, via 2001:db8:1:1::2
+  std comms: 999:64513, 999:64514, 999:64518
+  ext comms:
+  lrg comms: 999:0:64513, 999:0:64514, 999:0:64518
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a02:7::/32, AS_PATH: 2, NEXT_HOP: 2001:db8:1:1::21, via 2001:db8:1:1::2
+  std comms: 999:64513, 999:64514, 999:64516, 999:64518
+  ext comms:
+  lrg comms: 999:0:64513, 999:0:64514, 999:0:64516, 999:0:64518
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a03:1::/32, AS_PATH: 6 3, NEXT_HOP: 2001:db8:1:1::61, via 2001:db8:1:1::2
+  std comms: 999:64513, 999:64514, 999:64516
+  ext comms:
+  lrg comms: 999:0:64513, 999:0:64514, 999:0:64516
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a03:2:1::/48, AS_PATH: 2 3, NEXT_HOP: 2001:db8:1:1::21, via 2001:db8:1:1::2
+  std comms: 999:64513, 999:64515
+  ext comms:
+  lrg comms: 999:0:64513, 999:0:64515
+  best: False, LOCAL_PREF: 100
+  filtered: False ()
+
+2a03:2:1::/48, AS_PATH: 6 3, NEXT_HOP: 2001:db8:1:1::61, via 2001:db8:1:1::2
+  std comms: 999:64513, 999:64514, 999:64518
+  ext comms:
+  lrg comms: 999:0:64513, 999:0:64514, 999:0:64518
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a03:3::/32, AS_PATH: 6 3, NEXT_HOP: 2001:db8:1:1::61, via 2001:db8:1:1::2
+  std comms: 999:64513, 999:64514, 999:64516, 999:64518
+  ext comms:
+  lrg comms: 999:0:64513, 999:0:64514, 999:0:64516, 999:0:64518
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a05:0:1::/48, AS_PATH: 5, NEXT_HOP: 2001:db8:1:1::51, via 2001:db8:1:1::2
+  std comms: 999:64512, 999:64514
+  ext comms:
+  lrg comms: 999:0:64512, 999:0:64514
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a05:0:2::/48, AS_PATH: 5 3, NEXT_HOP: 2001:db8:1:1::51, via 2001:db8:1:1::2
+  std comms: 999:64512, 999:64515
+  ext comms:
+  lrg comms: 999:0:64512, 999:0:64515
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a05:0:3::/48, AS_PATH: 5 51, NEXT_HOP: 2001:db8:1:1::51, via 2001:db8:1:1::2
+  std comms: 999:64512, 999:64514
+  ext comms:
+  lrg comms: 999:0:64512, 999:0:64514
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a05:2:1::/48, AS_PATH: 5, NEXT_HOP: 2001:db8:1:1::51, via 2001:db8:1:1::2
+  std comms: 999:64512, 999:64514
+  ext comms:
+  lrg comms: 999:0:64512, 999:0:64514
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a05:2:2::/48, AS_PATH: 5 3, NEXT_HOP: 2001:db8:1:1::51, via 2001:db8:1:1::2
+  std comms: 999:64512, 999:64515
+  ext comms:
+  lrg comms: 999:0:64512, 999:0:64515
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a05:2:3::/48, AS_PATH: 5 51, NEXT_HOP: 2001:db8:1:1::51, via 2001:db8:1:1::2
+  std comms: 999:64512, 999:64514
+  ext comms:
+  lrg comms: 999:0:64512, 999:0:64514
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a06:0:1::/48, AS_PATH: 6, NEXT_HOP: 2001:db8:1:1::61, via 2001:db8:1:1::2
+  std comms: 999:64512, 999:64514, 999:64516, 999:64518
+  ext comms:
+  lrg comms: 999:0:64512, 999:0:64514, 999:0:64516, 999:0:64518
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
diff --git a/tests/live_tests/scenarios/tag_as_set/routes/TagASSetScenario_WithAS_SETs_OpenBGPDIPv6/openbgpd77p/AS5.txt b/tests/live_tests/scenarios/tag_as_set/routes/TagASSetScenario_WithAS_SETs_OpenBGPDIPv6/openbgpd77p/AS5.txt
new file mode 100644
index 00000000..7578bd1a
--- /dev/null
+++ b/tests/live_tests/scenarios/tag_as_set/routes/TagASSetScenario_WithAS_SETs_OpenBGPDIPv6/openbgpd77p/AS5.txt
@@ -0,0 +1,189 @@
+2a02:0:1::/48, AS_PATH: 2, NEXT_HOP: 2001:db8:1:1::21, via 2001:db8:1:1::2
+  std comms: 999:64512, 999:64514
+  ext comms:
+  lrg comms: 999:0:64512, 999:0:64514
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a02:0:2::/48, AS_PATH: 2 3, NEXT_HOP: 2001:db8:1:1::21, via 2001:db8:1:1::2
+  std comms: 999:64512, 999:64515
+  ext comms:
+  lrg comms: 999:0:64512, 999:0:64515
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a02:0:3::/48, AS_PATH: 2 21, NEXT_HOP: 2001:db8:1:1::21, via 2001:db8:1:1::2
+  std comms: 999:64512, 999:64514
+  ext comms:
+  lrg comms: 999:0:64512, 999:0:64514
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a02:0:4::/48, AS_PATH: 2, NEXT_HOP: 2001:db8:1:1::21, via 2001:db8:1:1::2
+  std comms: 999:64512, 999:64514, 999:64516
+  ext comms:
+  lrg comms: 999:0:64512, 999:0:64514, 999:0:64516
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a02:0:5::/48, AS_PATH: 2, NEXT_HOP: 2001:db8:1:1::21, via 2001:db8:1:1::2
+  std comms: 999:64512, 999:64514, 999:64518
+  ext comms:
+  lrg comms: 999:0:64512, 999:0:64514, 999:0:64518
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a02:1::/48, AS_PATH: 2, NEXT_HOP: 2001:db8:1:1::21, via 2001:db8:1:1::2
+  std comms: 999:64513, 999:64514
+  ext comms:
+  lrg comms: 999:0:64513, 999:0:64514
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a02:2:1::/48, AS_PATH: 2, NEXT_HOP: 2001:db8:1:1::21, via 2001:db8:1:1::2
+  std comms: 999:64512, 999:64514
+  ext comms:
+  lrg comms: 999:0:64512, 999:0:64514
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a02:2:2::/48, AS_PATH: 2 3, NEXT_HOP: 2001:db8:1:1::21, via 2001:db8:1:1::2
+  std comms: 999:64512, 999:64515
+  ext comms:
+  lrg comms: 999:0:64512, 999:0:64515
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a02:2:3::/48, AS_PATH: 2 21, NEXT_HOP: 2001:db8:1:1::21, via 2001:db8:1:1::2
+  std comms: 999:64512, 999:64514
+  ext comms:
+  lrg comms: 999:0:64512, 999:0:64514
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a02:3:1::/48, AS_PATH: 2 21, NEXT_HOP: 2001:db8:1:1::21, via 2001:db8:1:1::2
+  std comms: 999:64513, 999:64514
+  ext comms:
+  lrg comms: 999:0:64513, 999:0:64514
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a02:5::/32, AS_PATH: 2, NEXT_HOP: 2001:db8:1:1::21, via 2001:db8:1:1::2
+  std comms: 999:64513, 999:64514, 999:64516
+  ext comms:
+  lrg comms: 999:0:64513, 999:0:64514, 999:0:64516
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a02:6::/32, AS_PATH: 2, NEXT_HOP: 2001:db8:1:1::21, via 2001:db8:1:1::2
+  std comms: 999:64513, 999:64514, 999:64518
+  ext comms:
+  lrg comms: 999:0:64513, 999:0:64514, 999:0:64518
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a02:7::/32, AS_PATH: 2, NEXT_HOP: 2001:db8:1:1::21, via 2001:db8:1:1::2
+  std comms: 999:64513, 999:64514, 999:64516, 999:64518
+  ext comms:
+  lrg comms: 999:0:64513, 999:0:64514, 999:0:64516, 999:0:64518
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a03:1::/32, AS_PATH: 6 3, NEXT_HOP: 2001:db8:1:1::61, via 2001:db8:1:1::2
+  std comms: 999:64513, 999:64514, 999:64516
+  ext comms:
+  lrg comms: 999:0:64513, 999:0:64514, 999:0:64516
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a03:2:1::/48, AS_PATH: 2 3, NEXT_HOP: 2001:db8:1:1::21, via 2001:db8:1:1::2
+  std comms: 999:64513, 999:64515
+  ext comms:
+  lrg comms: 999:0:64513, 999:0:64515
+  best: False, LOCAL_PREF: 100
+  filtered: False ()
+
+2a03:2:1::/48, AS_PATH: 6 3, NEXT_HOP: 2001:db8:1:1::61, via 2001:db8:1:1::2
+  std comms: 999:64513, 999:64514, 999:64518
+  ext comms:
+  lrg comms: 999:0:64513, 999:0:64514, 999:0:64518
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a03:3::/32, AS_PATH: 6 3, NEXT_HOP: 2001:db8:1:1::61, via 2001:db8:1:1::2
+  std comms: 999:64513, 999:64514, 999:64516, 999:64518
+  ext comms:
+  lrg comms: 999:0:64513, 999:0:64514, 999:0:64516, 999:0:64518
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a04:0:1::/48, AS_PATH: 4, NEXT_HOP: 2001:db8:1:1::41, via 2001:db8:1:1::2
+  std comms: 999:64512, 999:64514
+  ext comms:
+  lrg comms: 999:0:64512, 999:0:64514
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a04:0:3::/48, AS_PATH: 4 41, NEXT_HOP: 2001:db8:1:1::41, via 2001:db8:1:1::2
+  std comms: 999:64512, 999:64514
+  ext comms:
+  lrg comms: 999:0:64512, 999:0:64514
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a04:1::/48, AS_PATH: 4, NEXT_HOP: 2001:db8:1:1::41, via 2001:db8:1:1::2
+  std comms: 999:64513, 999:64514
+  ext comms:
+  lrg comms: 999:0:64513, 999:0:64514
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a04:2:1::/48, AS_PATH: 4, NEXT_HOP: 2001:db8:1:1::41, via 2001:db8:1:1::2
+  std comms: 999:64512, 999:64514
+  ext comms:
+  lrg comms: 999:0:64512, 999:0:64514
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a04:2:3::/48, AS_PATH: 4 41, NEXT_HOP: 2001:db8:1:1::41, via 2001:db8:1:1::2
+  std comms: 999:64512, 999:64514
+  ext comms:
+  lrg comms: 999:0:64512, 999:0:64514
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a04:3:1::/48, AS_PATH: 4 41, NEXT_HOP: 2001:db8:1:1::41, via 2001:db8:1:1::2
+  std comms: 999:64513, 999:64514
+  ext comms:
+  lrg comms: 999:0:64513, 999:0:64514
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a04:4::/32, AS_PATH: 4 44, NEXT_HOP: 2001:db8:1:1::41, via 2001:db8:1:1::2
+  std comms: 999:64513, 999:64515, 999:64517
+  ext comms:
+  lrg comms: 999:0:64513, 999:0:64515, 999:0:64517
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a04:5:1::/48, AS_PATH: 4 43, NEXT_HOP: 2001:db8:1:1::41, via 2001:db8:1:1::2
+  std comms: 999:64513, 999:64515, 999:64517
+  ext comms:
+  lrg comms: 999:0:64513, 999:0:64515, 999:0:64517
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a04:6:1::/48, AS_PATH: 4 45, NEXT_HOP: 2001:db8:1:1::41, via 2001:db8:1:1::2
+  std comms: 999:64513, 999:64515, 999:64517
+  ext comms:
+  lrg comms: 999:0:64513, 999:0:64515, 999:0:64517
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a06:0:1::/48, AS_PATH: 6, NEXT_HOP: 2001:db8:1:1::61, via 2001:db8:1:1::2
+  std comms: 999:64512, 999:64514, 999:64516, 999:64518
+  ext comms:
+  lrg comms: 999:0:64512, 999:0:64514, 999:0:64516, 999:0:64518
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
diff --git a/tests/live_tests/scenarios/tag_as_set/routes/TagASSetScenario_WithAS_SETs_OpenBGPDIPv6/openbgpd77p/AS6.txt b/tests/live_tests/scenarios/tag_as_set/routes/TagASSetScenario_WithAS_SETs_OpenBGPDIPv6/openbgpd77p/AS6.txt
new file mode 100644
index 00000000..d185074c
--- /dev/null
+++ b/tests/live_tests/scenarios/tag_as_set/routes/TagASSetScenario_WithAS_SETs_OpenBGPDIPv6/openbgpd77p/AS6.txt
@@ -0,0 +1,203 @@
+2a02:0:1::/48, AS_PATH: 2, NEXT_HOP: 2001:db8:1:1::21, via 2001:db8:1:1::2
+  std comms: 999:64512, 999:64514
+  ext comms:
+  lrg comms: 999:0:64512, 999:0:64514
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a02:0:2::/48, AS_PATH: 2 3, NEXT_HOP: 2001:db8:1:1::21, via 2001:db8:1:1::2
+  std comms: 999:64512, 999:64515
+  ext comms:
+  lrg comms: 999:0:64512, 999:0:64515
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a02:0:3::/48, AS_PATH: 2 21, NEXT_HOP: 2001:db8:1:1::21, via 2001:db8:1:1::2
+  std comms: 999:64512, 999:64514
+  ext comms:
+  lrg comms: 999:0:64512, 999:0:64514
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a02:0:4::/48, AS_PATH: 2, NEXT_HOP: 2001:db8:1:1::21, via 2001:db8:1:1::2
+  std comms: 999:64512, 999:64514, 999:64516
+  ext comms:
+  lrg comms: 999:0:64512, 999:0:64514, 999:0:64516
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a02:0:5::/48, AS_PATH: 2, NEXT_HOP: 2001:db8:1:1::21, via 2001:db8:1:1::2
+  std comms: 999:64512, 999:64514, 999:64518
+  ext comms:
+  lrg comms: 999:0:64512, 999:0:64514, 999:0:64518
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a02:1::/48, AS_PATH: 2, NEXT_HOP: 2001:db8:1:1::21, via 2001:db8:1:1::2
+  std comms: 999:64513, 999:64514
+  ext comms:
+  lrg comms: 999:0:64513, 999:0:64514
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a02:2:1::/48, AS_PATH: 2, NEXT_HOP: 2001:db8:1:1::21, via 2001:db8:1:1::2
+  std comms: 999:64512, 999:64514
+  ext comms:
+  lrg comms: 999:0:64512, 999:0:64514
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a02:2:2::/48, AS_PATH: 2 3, NEXT_HOP: 2001:db8:1:1::21, via 2001:db8:1:1::2
+  std comms: 999:64512, 999:64515
+  ext comms:
+  lrg comms: 999:0:64512, 999:0:64515
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a02:2:3::/48, AS_PATH: 2 21, NEXT_HOP: 2001:db8:1:1::21, via 2001:db8:1:1::2
+  std comms: 999:64512, 999:64514
+  ext comms:
+  lrg comms: 999:0:64512, 999:0:64514
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a02:3:1::/48, AS_PATH: 2 21, NEXT_HOP: 2001:db8:1:1::21, via 2001:db8:1:1::2
+  std comms: 999:64513, 999:64514
+  ext comms:
+  lrg comms: 999:0:64513, 999:0:64514
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a02:5::/32, AS_PATH: 2, NEXT_HOP: 2001:db8:1:1::21, via 2001:db8:1:1::2
+  std comms: 999:64513, 999:64514, 999:64516
+  ext comms:
+  lrg comms: 999:0:64513, 999:0:64514, 999:0:64516
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a02:6::/32, AS_PATH: 2, NEXT_HOP: 2001:db8:1:1::21, via 2001:db8:1:1::2
+  std comms: 999:64513, 999:64514, 999:64518
+  ext comms:
+  lrg comms: 999:0:64513, 999:0:64514, 999:0:64518
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a02:7::/32, AS_PATH: 2, NEXT_HOP: 2001:db8:1:1::21, via 2001:db8:1:1::2
+  std comms: 999:64513, 999:64514, 999:64516, 999:64518
+  ext comms:
+  lrg comms: 999:0:64513, 999:0:64514, 999:0:64516, 999:0:64518
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a03:0:1::/48, AS_PATH: 2 3, NEXT_HOP: 2001:db8:1:1::21, via 2001:db8:1:1::2
+  std comms: 999:64513, 999:64515
+  ext comms:
+  lrg comms: 999:0:64513, 999:0:64515
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a04:0:1::/48, AS_PATH: 4, NEXT_HOP: 2001:db8:1:1::41, via 2001:db8:1:1::2
+  std comms: 999:64512, 999:64514
+  ext comms:
+  lrg comms: 999:0:64512, 999:0:64514
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a04:0:3::/48, AS_PATH: 4 41, NEXT_HOP: 2001:db8:1:1::41, via 2001:db8:1:1::2
+  std comms: 999:64512, 999:64514
+  ext comms:
+  lrg comms: 999:0:64512, 999:0:64514
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a04:1::/48, AS_PATH: 4, NEXT_HOP: 2001:db8:1:1::41, via 2001:db8:1:1::2
+  std comms: 999:64513, 999:64514
+  ext comms:
+  lrg comms: 999:0:64513, 999:0:64514
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a04:2:1::/48, AS_PATH: 4, NEXT_HOP: 2001:db8:1:1::41, via 2001:db8:1:1::2
+  std comms: 999:64512, 999:64514
+  ext comms:
+  lrg comms: 999:0:64512, 999:0:64514
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a04:2:3::/48, AS_PATH: 4 41, NEXT_HOP: 2001:db8:1:1::41, via 2001:db8:1:1::2
+  std comms: 999:64512, 999:64514
+  ext comms:
+  lrg comms: 999:0:64512, 999:0:64514
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a04:3:1::/48, AS_PATH: 4 41, NEXT_HOP: 2001:db8:1:1::41, via 2001:db8:1:1::2
+  std comms: 999:64513, 999:64514
+  ext comms:
+  lrg comms: 999:0:64513, 999:0:64514
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a04:4::/32, AS_PATH: 4 44, NEXT_HOP: 2001:db8:1:1::41, via 2001:db8:1:1::2
+  std comms: 999:64513, 999:64515, 999:64517
+  ext comms:
+  lrg comms: 999:0:64513, 999:0:64515, 999:0:64517
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a04:5:1::/48, AS_PATH: 4 43, NEXT_HOP: 2001:db8:1:1::41, via 2001:db8:1:1::2
+  std comms: 999:64513, 999:64515, 999:64517
+  ext comms:
+  lrg comms: 999:0:64513, 999:0:64515, 999:0:64517
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a04:6:1::/48, AS_PATH: 4 45, NEXT_HOP: 2001:db8:1:1::41, via 2001:db8:1:1::2
+  std comms: 999:64513, 999:64515, 999:64517
+  ext comms:
+  lrg comms: 999:0:64513, 999:0:64515, 999:0:64517
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a05:0:1::/48, AS_PATH: 5, NEXT_HOP: 2001:db8:1:1::51, via 2001:db8:1:1::2
+  std comms: 999:64512, 999:64514
+  ext comms:
+  lrg comms: 999:0:64512, 999:0:64514
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a05:0:2::/48, AS_PATH: 5 3, NEXT_HOP: 2001:db8:1:1::51, via 2001:db8:1:1::2
+  std comms: 999:64512, 999:64515
+  ext comms:
+  lrg comms: 999:0:64512, 999:0:64515
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a05:0:3::/48, AS_PATH: 5 51, NEXT_HOP: 2001:db8:1:1::51, via 2001:db8:1:1::2
+  std comms: 999:64512, 999:64514
+  ext comms:
+  lrg comms: 999:0:64512, 999:0:64514
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a05:2:1::/48, AS_PATH: 5, NEXT_HOP: 2001:db8:1:1::51, via 2001:db8:1:1::2
+  std comms: 999:64512, 999:64514
+  ext comms:
+  lrg comms: 999:0:64512, 999:0:64514
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a05:2:2::/48, AS_PATH: 5 3, NEXT_HOP: 2001:db8:1:1::51, via 2001:db8:1:1::2
+  std comms: 999:64512, 999:64515
+  ext comms:
+  lrg comms: 999:0:64512, 999:0:64515
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a05:2:3::/48, AS_PATH: 5 51, NEXT_HOP: 2001:db8:1:1::51, via 2001:db8:1:1::2
+  std comms: 999:64512, 999:64514
+  ext comms:
+  lrg comms: 999:0:64512, 999:0:64514
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
diff --git a/tests/live_tests/scenarios/tag_as_set/routes/TagASSetScenario_WithAS_SETs_OpenBGPDIPv6/openbgpd77p/rs.txt b/tests/live_tests/scenarios/tag_as_set/routes/TagASSetScenario_WithAS_SETs_OpenBGPDIPv6/openbgpd77p/rs.txt
new file mode 100644
index 00000000..17b4fb3e
--- /dev/null
+++ b/tests/live_tests/scenarios/tag_as_set/routes/TagASSetScenario_WithAS_SETs_OpenBGPDIPv6/openbgpd77p/rs.txt
@@ -0,0 +1,294 @@
+2a02:0:1::/48, AS_PATH: 2, NEXT_HOP: 2001:db8:1:1::21, via 2001:db8:1:1::21
+  std comms: 999:64512, 999:64514
+  ext comms:
+  lrg comms: 999:0:64512, 999:0:64514
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a02:0:2::/48, AS_PATH: 2 3, NEXT_HOP: 2001:db8:1:1::21, via 2001:db8:1:1::21
+  std comms: 999:64512, 999:64515
+  ext comms:
+  lrg comms: 999:0:64512, 999:0:64515
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a02:0:3::/48, AS_PATH: 2 21, NEXT_HOP: 2001:db8:1:1::21, via 2001:db8:1:1::21
+  std comms: 999:64512, 999:64514
+  ext comms:
+  lrg comms: 999:0:64512, 999:0:64514
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a02:0:4::/48, AS_PATH: 2, NEXT_HOP: 2001:db8:1:1::21, via 2001:db8:1:1::21
+  std comms: 999:64512, 999:64514, 999:64516
+  ext comms:
+  lrg comms: 999:0:64512, 999:0:64514, 999:0:64516
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a02:0:5::/48, AS_PATH: 2, NEXT_HOP: 2001:db8:1:1::21, via 2001:db8:1:1::21
+  std comms: 999:64512, 999:64514, 999:64518
+  ext comms:
+  lrg comms: 999:0:64512, 999:0:64514, 999:0:64518
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a02:1::/48, AS_PATH: 2, NEXT_HOP: 2001:db8:1:1::21, via 2001:db8:1:1::21
+  std comms: 999:64513, 999:64514
+  ext comms:
+  lrg comms: 999:0:64513, 999:0:64514
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a02:2:1::/48, AS_PATH: 2, NEXT_HOP: 2001:db8:1:1::21, via 2001:db8:1:1::21
+  std comms: 999:64512, 999:64514
+  ext comms:
+  lrg comms: 999:0:64512, 999:0:64514
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a02:2:2::/48, AS_PATH: 2 3, NEXT_HOP: 2001:db8:1:1::21, via 2001:db8:1:1::21
+  std comms: 999:64512, 999:64515
+  ext comms:
+  lrg comms: 999:0:64512, 999:0:64515
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a02:2:3::/48, AS_PATH: 2 21, NEXT_HOP: 2001:db8:1:1::21, via 2001:db8:1:1::21
+  std comms: 999:64512, 999:64514
+  ext comms:
+  lrg comms: 999:0:64512, 999:0:64514
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a02:3:1::/48, AS_PATH: 2 21, NEXT_HOP: 2001:db8:1:1::21, via 2001:db8:1:1::21
+  std comms: 999:64513, 999:64514
+  ext comms:
+  lrg comms: 999:0:64513, 999:0:64514
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a02:4::/32, AS_PATH: 6 2, NEXT_HOP: 2001:db8:1:1::61, via 2001:db8:1:1::61
+  std comms: 999:64513, 999:64515
+  ext comms:
+  lrg comms: 999:0:64513, 999:0:64515
+  best: True, LOCAL_PREF: 1
+  filtered: True (9)
+
+2a02:5::/32, AS_PATH: 2, NEXT_HOP: 2001:db8:1:1::21, via 2001:db8:1:1::21
+  std comms: 999:64513, 999:64514, 999:64516
+  ext comms:
+  lrg comms: 999:0:64513, 999:0:64514, 999:0:64516
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a02:6::/32, AS_PATH: 2, NEXT_HOP: 2001:db8:1:1::21, via 2001:db8:1:1::21
+  std comms: 999:64513, 999:64514, 999:64518
+  ext comms:
+  lrg comms: 999:0:64513, 999:0:64514, 999:0:64518
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a02:7::/32, AS_PATH: 2, NEXT_HOP: 2001:db8:1:1::21, via 2001:db8:1:1::21
+  std comms: 999:64513, 999:64514, 999:64516, 999:64518
+  ext comms:
+  lrg comms: 999:0:64513, 999:0:64514, 999:0:64516, 999:0:64518
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a03:0:1::/48, AS_PATH: 2 3, NEXT_HOP: 2001:db8:1:1::21, via 2001:db8:1:1::21
+  std comms: 999:64513, 999:64515
+  ext comms:
+  lrg comms: 999:0:64513, 999:0:64515
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a03:0:1::/48, AS_PATH: 4 3, NEXT_HOP: 2001:db8:1:1::41, via 2001:db8:1:1::41
+  std comms: 999:64513, 999:64515
+  ext comms:
+  lrg comms: 999:0:64513, 999:0:64515
+  best: False, LOCAL_PREF: 1
+  filtered: True (9)
+
+2a03:0:1::/48, AS_PATH: 5 3, NEXT_HOP: 2001:db8:1:1::51, via 2001:db8:1:1::51
+  std comms: 999:64513, 999:64515
+  ext comms:
+  lrg comms: 999:0:64513, 999:0:64515
+  best: False, LOCAL_PREF: 1
+  filtered: True (12)
+
+2a03:1::/32, AS_PATH: 6 3, NEXT_HOP: 2001:db8:1:1::61, via 2001:db8:1:1::61
+  std comms: 999:64513, 999:64514, 999:64516
+  ext comms:
+  lrg comms: 999:0:64513, 999:0:64514, 999:0:64516
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a03:2:1::/48, AS_PATH: 6 3, NEXT_HOP: 2001:db8:1:1::61, via 2001:db8:1:1::61
+  std comms: 999:64513, 999:64514, 999:64518
+  ext comms:
+  lrg comms: 999:0:64513, 999:0:64514, 999:0:64518
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a03:3::/32, AS_PATH: 6 3, NEXT_HOP: 2001:db8:1:1::61, via 2001:db8:1:1::61
+  std comms: 999:64513, 999:64514, 999:64516, 999:64518
+  ext comms:
+  lrg comms: 999:0:64513, 999:0:64514, 999:0:64516, 999:0:64518
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a04:0:1::/48, AS_PATH: 4, NEXT_HOP: 2001:db8:1:1::41, via 2001:db8:1:1::41
+  std comms: 999:64512, 999:64514
+  ext comms:
+  lrg comms: 999:0:64512, 999:0:64514
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a04:0:2::/48, AS_PATH: 4 3, NEXT_HOP: 2001:db8:1:1::41, via 2001:db8:1:1::41
+  std comms: 999:64512, 999:64515
+  ext comms:
+  lrg comms: 999:0:64512, 999:0:64515
+  best: True, LOCAL_PREF: 1
+  filtered: True (9)
+
+2a04:0:3::/48, AS_PATH: 4 41, NEXT_HOP: 2001:db8:1:1::41, via 2001:db8:1:1::41
+  std comms: 999:64512, 999:64514
+  ext comms:
+  lrg comms: 999:0:64512, 999:0:64514
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a04:1::/48, AS_PATH: 4, NEXT_HOP: 2001:db8:1:1::41, via 2001:db8:1:1::41
+  std comms: 999:64513, 999:64514
+  ext comms:
+  lrg comms: 999:0:64513, 999:0:64514
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a04:2:1::/48, AS_PATH: 4, NEXT_HOP: 2001:db8:1:1::41, via 2001:db8:1:1::41
+  std comms: 999:64512, 999:64514
+  ext comms:
+  lrg comms: 999:0:64512, 999:0:64514
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a04:2:2::/48, AS_PATH: 4 3, NEXT_HOP: 2001:db8:1:1::41, via 2001:db8:1:1::41
+  std comms: 999:64512, 999:64515
+  ext comms:
+  lrg comms: 999:0:64512, 999:0:64515
+  best: True, LOCAL_PREF: 1
+  filtered: True (9)
+
+2a04:2:3::/48, AS_PATH: 4 41, NEXT_HOP: 2001:db8:1:1::41, via 2001:db8:1:1::41
+  std comms: 999:64512, 999:64514
+  ext comms:
+  lrg comms: 999:0:64512, 999:0:64514
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a04:3:1::/48, AS_PATH: 4 41, NEXT_HOP: 2001:db8:1:1::41, via 2001:db8:1:1::41
+  std comms: 999:64513, 999:64514
+  ext comms:
+  lrg comms: 999:0:64513, 999:0:64514
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a04:4:1::/48, AS_PATH: 4 44, NEXT_HOP: 2001:db8:1:1::41, via 2001:db8:1:1::41
+  std comms: 999:64513, 999:64515
+  ext comms:
+  lrg comms: 999:0:64513, 999:0:64515
+  best: True, LOCAL_PREF: 1
+  filtered: True (9)
+
+2a04:4::/32, AS_PATH: 4 44, NEXT_HOP: 2001:db8:1:1::41, via 2001:db8:1:1::41
+  std comms: 999:64513, 999:64515, 999:64517
+  ext comms:
+  lrg comms: 999:0:64513, 999:0:64515, 999:0:64517
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a04:5:1::/48, AS_PATH: 4 43, NEXT_HOP: 2001:db8:1:1::41, via 2001:db8:1:1::41
+  std comms: 999:64513, 999:64515, 999:64517
+  ext comms:
+  lrg comms: 999:0:64513, 999:0:64515, 999:0:64517
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a04:5:2::/48, AS_PATH: 4 45, NEXT_HOP: 2001:db8:1:1::41, via 2001:db8:1:1::41
+  std comms: 999:64513, 999:64515
+  ext comms:
+  lrg comms: 999:0:64513, 999:0:64515
+  best: True, LOCAL_PREF: 1
+  filtered: True (9)
+
+2a04:6:1::/48, AS_PATH: 4 45, NEXT_HOP: 2001:db8:1:1::41, via 2001:db8:1:1::41
+  std comms: 999:64513, 999:64515, 999:64517
+  ext comms:
+  lrg comms: 999:0:64513, 999:0:64515, 999:0:64517
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a05:0:1::/48, AS_PATH: 5, NEXT_HOP: 2001:db8:1:1::51, via 2001:db8:1:1::51
+  std comms: 999:64512, 999:64514
+  ext comms:
+  lrg comms: 999:0:64512, 999:0:64514
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a05:0:2::/48, AS_PATH: 5 3, NEXT_HOP: 2001:db8:1:1::51, via 2001:db8:1:1::51
+  std comms: 999:64512, 999:64515
+  ext comms:
+  lrg comms: 999:0:64512, 999:0:64515
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a05:0:3::/48, AS_PATH: 5 51, NEXT_HOP: 2001:db8:1:1::51, via 2001:db8:1:1::51
+  std comms: 999:64512, 999:64514
+  ext comms:
+  lrg comms: 999:0:64512, 999:0:64514
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a05:1::/48, AS_PATH: 5, NEXT_HOP: 2001:db8:1:1::51, via 2001:db8:1:1::51
+  std comms: 999:64513, 999:64514
+  ext comms:
+  lrg comms: 999:0:64513, 999:0:64514
+  best: True, LOCAL_PREF: 1
+  filtered: True (12)
+
+2a05:2:1::/48, AS_PATH: 5, NEXT_HOP: 2001:db8:1:1::51, via 2001:db8:1:1::51
+  std comms: 999:64512, 999:64514
+  ext comms:
+  lrg comms: 999:0:64512, 999:0:64514
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a05:2:2::/48, AS_PATH: 5 3, NEXT_HOP: 2001:db8:1:1::51, via 2001:db8:1:1::51
+  std comms: 999:64512, 999:64515
+  ext comms:
+  lrg comms: 999:0:64512, 999:0:64515
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a05:2:3::/48, AS_PATH: 5 51, NEXT_HOP: 2001:db8:1:1::51, via 2001:db8:1:1::51
+  std comms: 999:64512, 999:64514
+  ext comms:
+  lrg comms: 999:0:64512, 999:0:64514
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a05:3:1::/48, AS_PATH: 5 51, NEXT_HOP: 2001:db8:1:1::51, via 2001:db8:1:1::51
+  std comms: 999:64513, 999:64514
+  ext comms:
+  lrg comms: 999:0:64513, 999:0:64514
+  best: True, LOCAL_PREF: 1
+  filtered: True (12)
+
+2a06:0:1::/48, AS_PATH: 6, NEXT_HOP: 2001:db8:1:1::61, via 2001:db8:1:1::61
+  std comms: 999:64512, 999:64514, 999:64516, 999:64518
+  ext comms:
+  lrg comms: 999:0:64512, 999:0:64514, 999:0:64516, 999:0:64518
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
diff --git a/tests/live_tests/scenarios/tag_reject_policy/configs/TagRejectPolicyScenario_OpenBGPDIPv4/openbgpd76p.conf b/tests/live_tests/scenarios/tag_reject_policy/configs/TagRejectPolicyScenario_OpenBGPDIPv4/openbgpd76p.conf
new file mode 100644
index 00000000..c2cb47fc
--- /dev/null
+++ b/tests/live_tests/scenarios/tag_reject_policy/configs/TagRejectPolicyScenario_OpenBGPDIPv4/openbgpd76p.conf
@@ -0,0 +1,7608 @@
+# built by ARouteServer
+AS 999
+router-id 192.0.2.2
+
+fib-update no
+log updates
+
+nexthop qualify via default
+
+rde evaluate all
+
+INTCOMM_PREF_OK_ROA="soo 65535:1"
+INTCOMM_ROUTE_OK_WL="soo 65535:2"
+INTCOMM_PREF_OK_ARINDB="soo 65535:3"
+INTCOMM_PREF_OK_REGISTROBRDB="soo 65535:12"
+
+INTCOMM_ORIGIN_OK="soo 65535:4"
+INTCOMM_ORIGIN_KO="soo 65535:5"
+INTCOMM_PREFIX_OK="soo 65535:6"
+INTCOMM_PREFIX_KO="soo 65535:7"
+INTCOMM_IRR_REJECT="soo 65535:8"
+
+INTCOMM_RPKI_UNKNOWN="soo 65535:9"
+INTCOMM_RPKI_INVALID="soo 65535:10"
+INTCOMM_RPKI_VALID="soo 65535:11"
+
+INTCOMM_PROCESS_PREPEND_COMMS="soo 65535:13"
+
+INTCOMM_NO_EXPORT="soo 65535:65281"
+INTCOMM_NO_ADVERTISE="soo 65535:65282"
+
+# ---------------------------------------------------------
+# IRRDB
+
+# AS222, used by client AS222_1, client AS222_2
+# no origin ASNs found for AS222
+# no prefixes found for AS222
+
+# AS2, used by client AS2_1, client AS2_2
+# no origin ASNs found for AS2
+# no prefixes found for AS2
+
+# AS-AS1, AS-AS1_CUSTOMERS, used by client AS1_1, client AS1_2, client AS1_3, client AS1_4
+as-set "AS_SET_AS_AS1_AS_AS1_CUSTOMERS_asns" {
+    1 101
+}
+prefix-set "AS_SET_AS_AS1_AS_AS1_CUSTOMERS_prefixes" {
+    2a01::/32 prefixlen 32 - 128
+    2a99::/16 prefixlen 16 - 128
+    3101::/32 prefixlen 32 - 128
+}
+
+# AS-AS2, AS-AS2_CUSTOMERS, used by client AS2_1, client AS2_2
+as-set "AS_SET_AS_AS2_AS_AS2_CUSTOMERS_asns" {
+    2 101
+}
+prefix-set "AS_SET_AS_AS2_AS_AS2_CUSTOMERS_prefixes" {
+    2a02::/32 prefixlen 32 - 128
+    3101::/32 prefixlen 32 - 128
+}
+
+# WHITE_LIST_AS1_2, used by client AS1_2 white list
+as-set "AS_SET_WHITE_LIST_AS1_2_asns" {
+    1011
+}
+prefix-set "AS_SET_WHITE_LIST_AS1_2_prefixes" {
+    11.1.0.0/16 prefixlen 16 - 32
+    2a11:1::/32 prefixlen 32 - 128
+}
+
+# AS-AS222, used by client AS222_1, client AS222_2
+# no origin ASNs found for AS_AS222
+# no prefixes found for AS_AS222
+
+# AS1, used by client AS1_1, client AS1_2, client AS1_3, client AS1_4
+# no origin ASNs found for AS1
+# no prefixes found for AS1
+
+# WHITE_LIST_AS1_1, used by client AS1_1 white list
+as-set "AS_SET_WHITE_LIST_AS1_1_asns" {
+    1011
+}
+prefix-set "AS_SET_WHITE_LIST_AS1_1_prefixes" {
+    11.1.0.0/16 prefixlen 16 - 32
+    2a11:1::/32 prefixlen 32 - 128
+}
+
+
+
+
+# ---------------------------------------------------------
+# MEMBERS
+
+group "clients" {
+
+	neighbor 192.0.2.11 {
+		remote-as 1
+
+		rde evaluate all
+
+		descr "AS1_1 client"
+		passive
+		ttl-security no
+		transparent-as yes
+		enforce neighbor-as no
+
+		announce as-4byte yes
+		announce IPv6 none
+		announce IPv4 unicast
+
+		set nexthop no-modify
+	}
+
+	neighbor 2001:db8:1:1::11 {
+		remote-as 1
+
+		rde evaluate all
+
+		descr "AS1_1 client"
+		passive
+		ttl-security no
+		transparent-as yes
+		enforce neighbor-as no
+
+		announce as-4byte yes
+		announce IPv6 unicast
+		announce IPv4 none
+
+		set nexthop no-modify
+	}
+
+	neighbor 192.0.2.12 {
+		remote-as 1
+
+		rde evaluate all
+
+		descr "AS1_2 client"
+		passive
+		ttl-security no
+		transparent-as yes
+		enforce neighbor-as no
+
+		announce as-4byte yes
+		announce IPv6 none
+		announce IPv4 unicast
+
+		set nexthop no-modify
+	}
+
+	neighbor 2001:db8:1:1::12 {
+		remote-as 1
+
+		rde evaluate all
+
+		descr "AS1_2 client"
+		passive
+		ttl-security no
+		transparent-as yes
+		enforce neighbor-as no
+
+		announce as-4byte yes
+		announce IPv6 unicast
+		announce IPv4 none
+
+		set nexthop no-modify
+	}
+
+	neighbor 192.0.2.222 {
+		remote-as 222
+
+		rde evaluate all
+
+		descr "AS222_1 client"
+		ttl-security no
+		transparent-as yes
+		enforce neighbor-as no
+
+		announce as-4byte yes
+		announce IPv6 none
+		announce IPv4 unicast
+
+		set nexthop no-modify
+	}
+
+	neighbor 2001:db8:1:1::222 {
+		remote-as 222
+
+		rde evaluate all
+
+		descr "AS222_1 client"
+		ttl-security no
+		transparent-as yes
+		enforce neighbor-as no
+
+		announce as-4byte yes
+		announce IPv6 unicast
+		announce IPv4 none
+
+		set nexthop no-modify
+	}
+
+	neighbor 192.0.2.21 {
+		remote-as 2
+
+		rde evaluate all
+
+		descr "AS2_1 client"
+		passive
+		ttl-security no
+		transparent-as yes
+		enforce neighbor-as no
+
+		announce as-4byte yes
+		announce IPv6 none
+		announce IPv4 unicast
+
+		set nexthop no-modify
+	}
+
+	neighbor 2001:db8:1:1::21 {
+		remote-as 2
+
+		rde evaluate all
+
+		descr "AS2_1 client"
+		passive
+		ttl-security no
+		transparent-as yes
+		enforce neighbor-as no
+
+		announce as-4byte yes
+		announce IPv6 unicast
+		announce IPv4 none
+
+		set nexthop no-modify
+	}
+
+	neighbor 192.0.2.31 {
+		remote-as 3
+
+		rde evaluate all
+
+		descr "AS3_1 client"
+		ttl-security no
+		transparent-as no
+		enforce neighbor-as no
+
+		announce as-4byte yes
+		announce IPv6 none
+		announce IPv4 unicast
+		announce add-path send best plus 5
+
+		set nexthop no-modify
+	}
+
+	neighbor 2001:db8:1:1::31 {
+		remote-as 3
+
+		rde evaluate all
+
+		descr "AS3_1 client"
+		ttl-security no
+		transparent-as no
+		enforce neighbor-as no
+
+		announce as-4byte yes
+		announce IPv6 unicast
+		announce IPv4 none
+		announce add-path send best plus 5
+
+		set nexthop no-modify
+	}
+
+	neighbor 192.0.2.41 {
+		remote-as 4
+
+		rde evaluate all
+
+		descr "AS4_1 client"
+		passive
+		ttl-security no
+		transparent-as yes
+		enforce neighbor-as no
+
+		announce as-4byte yes
+		announce IPv6 none
+		announce IPv4 unicast
+
+		set nexthop no-modify
+	}
+
+	neighbor 2001:db8:1:1::41 {
+		remote-as 4
+
+		rde evaluate all
+
+		descr "AS4_1 client"
+		passive
+		ttl-security no
+		transparent-as yes
+		enforce neighbor-as no
+
+		announce as-4byte yes
+		announce IPv6 unicast
+		announce IPv4 none
+
+		set nexthop no-modify
+	}
+}
+
+include "/etc/bgpd/post-clients.local"
+
+
+
+# ---------------------------------------------------------
+# FILTERS
+
+# NO_ADVERTISE usage notes.
+# The NO_ADVERTISE well-know community is used here to handle
+# filters that span over multiple steps. At first it is added
+# to any route, then it is removed as filters conditions are
+# satisfied. Finally, if it is still present, it means that
+# the route should be discarded.
+
+
+
+
+prefix-set "global_black_list_pref" {
+    192.0.2.0/24 prefixlen 24 - 32
+    2001:db8::/32 prefixlen 32 - 128
+
+}
+
+prefix-set "bogons" {
+    0.0.0.0/0
+    0.0.0.0/8 prefixlen 8 - 32
+    10.0.0.0/8 prefixlen 8 - 32
+    127.0.0.0/8 prefixlen 8 - 32
+    169.254.0.0/16 prefixlen 16 - 32
+    172.16.0.0/12 prefixlen 12 - 32
+    192.0.2.0/24 prefixlen 24 - 32
+    192.88.99.0/24 prefixlen 24 - 32
+    192.168.0.0/16 prefixlen 16 - 32
+    198.18.0.0/15 prefixlen 15 - 32
+    198.51.100.0/24 prefixlen 24 - 32
+    203.0.113.0/24 prefixlen 24 - 32
+    224.0.0.0/3 prefixlen 3 - 32
+    100.64.0.0/10 prefixlen 10 - 32
+    ::/0
+    ::/8 prefixlen 8 - 128
+    64:ff9b::/96 prefixlen 96 - 128
+    100::/8 prefixlen 8 - 128
+    200::/7 prefixlen 7 - 128
+    400::/6 prefixlen 6 - 128
+    800::/5 prefixlen 5 - 128
+    1000::/4 prefixlen 4 - 128
+    2001::/33 prefixlen 33 - 128
+    2001:0:8000::/33 prefixlen 33 - 128
+    2001:2::/48 prefixlen 48 - 128
+    2001:3::/32 prefixlen 32 - 128
+    2001:10::/28 prefixlen 28 - 128
+    2001:20::/28 prefixlen 28 - 128
+    2001:db8::/32 prefixlen 32 - 128
+    2002::/16 prefixlen 16 - 128
+    3ffe::/16 prefixlen 16 - 128
+    4000::/3 prefixlen 3 - 128
+    5f00::/8 prefixlen 8 - 128
+    6000::/3 prefixlen 3 - 128
+    8000::/3 prefixlen 3 - 128
+    a000::/3 prefixlen 3 - 128
+    c000::/3 prefixlen 3 - 128
+    e000::/4 prefixlen 4 - 128
+    f000::/5 prefixlen 5 - 128
+    f800::/6 prefixlen 6 - 128
+    fc00::/7 prefixlen 7 - 128
+    fe80::/10 prefixlen 10 - 128
+    fec0::/10 prefixlen 10 - 128
+    ff00::/8 prefixlen 8 - 128
+
+}
+
+# never via route-servers ASNs
+as-set "neverviarouteserver" {
+	666, 777
+}
+
+# =====================================================================================
+# Global rules.
+
+# This part of configuration is processed at the beginning of the filters.
+# The rules defined in this part are applied to all the clients, and not on a
+# client-by-client basis (see the 'match from group clients'), so only global policies
+# can be implemented here, that is no client-level configuration are allowed.
+
+
+
+# Scrub communities from inbound routes
+# origin_not_present_in_as_set
+match from group clients set community delete 65530:0
+match from group clients set large-community delete 999:65530:0
+
+# origin_present_in_as_set
+match from group clients set community delete 65530:1
+match from group clients set large-community delete 999:65530:1
+
+# prefix_validated_via_arin_whois_db_dump
+match from group clients set community delete 65530:3
+match from group clients set large-community delete 999:65530:3
+
+# prefix_validated_via_rpki_roas
+match from group clients set community delete 65530:2
+match from group clients set large-community delete 999:65530:2
+
+# reject_cause
+match from group clients set community delete 65520:*
+
+# reject_cause_map_6
+match from group clients set large-community delete 999:1101:7
+
+# rejected_route_announced_by
+match from group clients set ext-community delete rt 65520:*
+
+# rpki_bgp_origin_validation_not_performed
+match from group clients set community delete 65530:4
+match from group clients set large-community delete 999:65530:4
+
+
+# Scrub internal communities from inbound routes
+match from group clients set {
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+# The main goal of this block is to enrich routes received from clients by attaching to them
+# internal informational communities which are used later by the rest of the filter rules.
+
+# Internal communities used for RFC1997 well-known communities handling
+
+# Transform NO_EXPORT into $INTCOMM_NO_EXPORT
+match from group clients community NO_EXPORT set { ext-community $INTCOMM_NO_EXPORT community delete NO_EXPORT }
+
+# Transform NO_ADVERTISE into $INTCOMM_NO_ADVERTISE
+match from group clients community NO_ADVERTISE set { ext-community $INTCOMM_NO_ADVERTISE community delete NO_ADVERTISE }
+
+
+# ---------------------------------------------------------
+# ROAs source
+
+
+roa-set {
+    101.3.0.0/16 maxlen 24 source-as 105 expires 4102444799
+    101.2.0.0/17 source-as 101 expires 4102444799
+    101.2.128.0/17 maxlen 24 source-as 101 expires 4102444799
+    101.0.128.0/20 maxlen 23 source-as 101 expires 4102444799
+    101.0.8.0/24 source-as 101 expires 4102444799
+    101.0.9.0/24 source-as 102 expires 4102444799
+    222.1.1.0/24 source-as 333 expires 4102444799
+    3101:3::/32 maxlen 48 source-as 105 expires 4102444799
+    3101:0:8000::/33 maxlen 34 source-as 101 expires 4102444799
+    3101:2:8000::/33 maxlen 48 source-as 101 expires 4102444799
+    3101:2::/33 source-as 101 expires 4102444799
+    3101:0:8::/48 source-as 101 expires 4102444799
+    3101:0:9::/48 source-as 102 expires 4102444799
+    3222:0:1::/48 source-as 333 expires 4102444799
+
+}
+
+
+
+# ---------------------------------------------------------
+# RPKI-based Origin Validation
+
+
+# Add $INTCOMM_RPKI_UNKNOWN, $INTCOMM_RPKI_INVALID and $INTCOMM_RPKI_VALID
+# ext community on the basis of ovs.
+match from group clients ovs not-found set {
+    ext-community $INTCOMM_RPKI_UNKNOWN
+    ext-community ovs not-found
+    
+}
+match from group clients ovs valid set {
+    ext-community $INTCOMM_RPKI_VALID
+    ext-community ovs valid
+    
+}
+match from group clients ovs invalid set {
+    ext-community $INTCOMM_RPKI_INVALID
+    ext-community ovs invalid
+    
+}
+
+
+
+# ---------------------------------------------------------
+# RPKI ROAs used as route objects.
+
+# Add the $INTCOMM_PREF_OK_ROA ext community to routes whose
+# origin ASN has a ROA for the announced prefix.
+# It will be used later during IRRDB validation in
+# case the origin ASN is authorized by a client's
+# AS-SET but the prefix is not.
+
+# Since RPKI-based Origin Validation is already performed above,
+# use the origin validation state to identify valid routes.
+match from group clients ovs valid set ext-community $INTCOMM_PREF_OK_ROA
+
+
+
+
+
+
+# Set the 'rejected_route_announced_by' community for all the clients.
+# It will be removed later if the route is not invalid
+match from 192.0.2.11 set ext-community rt 65520:1
+
+match from 2001:db8:1:1::11 set ext-community rt 65520:1
+
+match from 192.0.2.12 set ext-community rt 65520:1
+
+match from 2001:db8:1:1::12 set ext-community rt 65520:1
+
+match from 192.0.2.222 set ext-community rt 65520:222
+
+match from 2001:db8:1:1::222 set ext-community rt 65520:222
+
+match from 192.0.2.21 set ext-community rt 65520:2
+
+match from 2001:db8:1:1::21 set ext-community rt 65520:2
+
+match from 192.0.2.31 set ext-community rt 65520:3
+
+match from 2001:db8:1:1::31 set ext-community rt 65520:3
+
+match from 192.0.2.41 set ext-community rt 65520:4
+
+match from 2001:db8:1:1::41 set ext-community rt 65520:4
+
+
+
+
+# AS_PATH: length
+# Reject inbound routes when 'from group clients max-as-len 6' - reject code: 1
+allow quick from group clients max-as-len 6 set {
+	localpref 1
+	community 65520:0
+	community 65520:1
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# Prefix: global blacklist
+# Reject inbound routes when 'from group clients prefix-set global_black_list_pref' - reject code: 3
+allow quick from group clients prefix-set global_black_list_pref set {
+	localpref 1
+	community 65520:0
+	community 65520:3
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# Prefix: only IPv6 Global Unicast space allowed
+match from group clients inet6 set community NO_ADVERTISE
+match from group clients prefix 2000::/3 or-longer set community delete NO_ADVERTISE
+# Reject inbound routes when 'from group clients community NO_ADVERTISE' - reject code: 10
+allow quick from group clients community NO_ADVERTISE set {
+	localpref 1
+	community 65520:0
+	community 65520:10
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# Prefix: bogon
+# Reject inbound routes when 'from group clients prefix-set bogons' - reject code: 2
+allow quick from group clients prefix-set bogons set {
+	localpref 1
+	community 65520:0
+	community 65520:2
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+
+# =====================================================================================
+# Per client rules.
+
+
+# ---------------------------------------------
+# client AS1_1, inbound
+
+
+
+# NEXT_HOP
+match from 192.0.2.11 set community NO_ADVERTISE
+match from 192.0.2.11 nexthop 192.0.2.11 set community delete NO_ADVERTISE
+# Reject inbound routes when 'from 192.0.2.11 community NO_ADVERTISE' - reject code: 5
+allow quick from 192.0.2.11 community NO_ADVERTISE set {
+	localpref 1
+	community 65520:0
+	community 65520:5
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: left-most ASN
+# Reject inbound routes when 'from 192.0.2.11 peer-as != 1' - reject code: 6
+# community from reject_cause_map
+allow quick from 192.0.2.11 peer-as != 1 set {
+	localpref 1
+	community 65520:0
+	community 65520:6
+	large-community 999:1101:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: invalid ASNs
+# Reject inbound routes when 'from 192.0.2.11 AS 23456' - reject code: 7
+allow quick from 192.0.2.11 AS 23456 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 192.0.2.11 AS 64496 - 131071' - reject code: 7
+allow quick from 192.0.2.11 AS 64496 - 131071 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 192.0.2.11 AS 4200000000 - 4294967295' - reject code: 7
+allow quick from 192.0.2.11 AS 4200000000 - 4294967295 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: transit-free ASNs
+# Reject inbound routes when 'from 192.0.2.11 AS { 3, 174 }' - reject code: 8
+allow quick from 192.0.2.11 AS { 3, 174 } set {
+	localpref 1
+	community 65520:0
+	community 65520:8
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: never via route-servers ASNs
+# Reject inbound routes when 'from 192.0.2.11 AS as-set neverviarouteserver' - reject code: 15
+allow quick from 192.0.2.11 AS as-set neverviarouteserver set {
+	localpref 1
+	community 65520:0
+	community 65520:15
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# client's white list
+# Add the $INTCOMM_ROUTE_OK_WL ext community to routes which
+# are validated by a client's white list entry.
+# It will be used later during IRRDB validation in
+# case the route is not authorized by a client's
+# AS-SET.
+match from 192.0.2.11 prefix 11.3.0.0/16 source-as 1011 set ext-community $INTCOMM_ROUTE_OK_WL	# None
+match from 192.0.2.11 prefix 11.4.0.0/16 prefixlen 16 - 32 set ext-community $INTCOMM_ROUTE_OK_WL	# None
+match from 192.0.2.11 prefix 2a11:3::/32 source-as 1011 set ext-community $INTCOMM_ROUTE_OK_WL	# None
+match from 192.0.2.11 prefix 2a11:4::/32 prefixlen 32 - 128 set ext-community $INTCOMM_ROUTE_OK_WL	# None
+
+match from 192.0.2.11 set ext-community $INTCOMM_IRR_REJECT
+
+# AS_PATH: check origin via AS-SET
+# IRRDB filters for AS1_1, AS1: asns
+# add $INTCOMM_ORIGIN_KO to any; it will be removed later if at least one AS-SET authorizes this object
+match from 192.0.2.11 set ext-community $INTCOMM_ORIGIN_KO
+# verifying if object is authorized by AS-SETs
+match from 192.0.2.11 source-as as-set AS_SET_AS_AS1_AS_AS1_CUSTOMERS_asns set {
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community $INTCOMM_ORIGIN_OK
+} # AS_AS1_AS_AS1_CUSTOMERS
+# AS-SET AS1 referenced but empty.
+match from 192.0.2.11 source-as as-set AS_SET_WHITE_LIST_AS1_1_asns set {
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community $INTCOMM_ORIGIN_OK
+} # WHITE_LIST_AS1_1
+
+
+# Prefix: check prefix via AS-SET
+# IRRDB filters for AS1_1, AS1: prefixes
+# add $INTCOMM_PREFIX_KO to any; it will be removed later if at least one AS-SET authorizes this object
+match from 192.0.2.11 set ext-community $INTCOMM_PREFIX_KO
+# verifying if object is authorized by AS-SETs
+match from 192.0.2.11 prefix-set AS_SET_AS_AS1_AS_AS1_CUSTOMERS_prefixes set {
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community $INTCOMM_PREFIX_OK
+} # AS_AS1_AS_AS1_CUSTOMERS
+# AS-SET AS1 referenced but empty.
+match from 192.0.2.11 prefix-set AS_SET_WHITE_LIST_AS1_1_prefixes set {
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community $INTCOMM_PREFIX_OK
+} # WHITE_LIST_AS1_1
+
+
+# routes tagged with $INTCOMM_PREF_OK_ROA community have the prefix validated by a ROA; origin ASN previously validated ($INTCOMM_ORIGIN_OK)
+match from 192.0.2.11 ext-community $INTCOMM_ORIGIN_OK ext-community $INTCOMM_PREF_OK_ROA set ext-community delete $INTCOMM_IRR_REJECT
+
+
+
+# route authorized by a client's white list?
+match from 192.0.2.11 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_ROUTE_OK_WL set ext-community delete $INTCOMM_IRR_REJECT
+
+# enforcing: origin ASN
+# Reject inbound routes when 'from 192.0.2.11 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_ORIGIN_KO' - reject code: 9
+allow quick from 192.0.2.11 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_ORIGIN_KO set {
+	localpref 1
+	community 65520:0
+	community 65520:9
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# enforcing: prefix
+# Reject inbound routes when 'from 192.0.2.11 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_PREFIX_KO' - reject code: 12
+allow quick from 192.0.2.11 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_PREFIX_KO set {
+	localpref 1
+	community 65520:0
+	community 65520:12
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# Blackhole request?
+match from 192.0.2.11 set ext-community delete rt 65520:1
+
+
+# Remove internal communities before accepting the route
+match from 192.0.2.11 community BLACKHOLE set {
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+allow from 192.0.2.11 community 65534:0 set {
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+allow from 192.0.2.11 large-community 65534:0:0 set {
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# Add the rpki_bgp_origin_validation_not_performed community
+match from 192.0.2.11 community BLACKHOLE set community 65530:4
+match from 192.0.2.11 community BLACKHOLE set large-community 999:65530:4
+
+match from 192.0.2.11 community 65534:0 set { community 65530:4 large-community 999:65530:4}
+match from 192.0.2.11 large-community 65534:0:0 set { community 65530:4 large-community 999:65530:4}
+
+
+allow quick from 192.0.2.11 community BLACKHOLE
+allow quick from 192.0.2.11 community 65534:0
+allow quick from 192.0.2.11 large-community 65534:0:0
+
+
+match from 192.0.2.11 set ext-community rt 65520:1
+
+
+# RPKI-based Origin Validation
+# Reject inbound routes when 'from 192.0.2.11 ext-community $INTCOMM_RPKI_INVALID' - reject code: 14
+allow quick from 192.0.2.11 ext-community $INTCOMM_RPKI_INVALID set {
+	localpref 1
+	community 65520:0
+	community 65520:14
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# Prefix: length
+# Reject inbound routes when 'from 192.0.2.11 prefix 0.0.0.0/0 prefixlen 8 >< 24' - reject code: 13
+allow quick from 192.0.2.11 prefix 0.0.0.0/0 prefixlen 8 >< 24 set {
+	localpref 1
+	community 65520:0
+	community 65520:13
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# Graceful shutdown
+match from 192.0.2.11 community GRACEFUL_SHUTDOWN set localpref 5
+
+# Remove internal communities before accepting the route
+match from 192.0.2.11 set {
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+match from 192.0.2.11 set ext-community delete rt 65520:1
+
+
+
+allow quick from 192.0.2.11
+
+
+
+# ---------------------------------------------
+# client AS1_1, outbound
+
+deny quick to 192.0.2.11 community 65520:0
+
+
+
+# Blackhole request?
+# Configured policy: rewrite-next-hop
+match to 192.0.2.11 community 65534:0 set community BLACKHOLE
+match to 192.0.2.11 large-community 65534:0:0 set community BLACKHOLE
+
+match to 192.0.2.11 community BLACKHOLE set community NO_EXPORT
+match to 192.0.2.11 community BLACKHOLE set nexthop 192.0.2.66
+
+
+# RPKI-based Origin Validation
+# Do not announce INVALID to clients
+deny quick to 192.0.2.11 ext-community $INTCOMM_RPKI_INVALID
+
+# NO_EXPORT and NO_ADVERTISE communities
+# add_noexport_to_any
+match to 192.0.2.11 community 65507:999 set community NO_EXPORT
+match to 192.0.2.11 ext-community rt 65507:999 set community NO_EXPORT
+match to 192.0.2.11 large-community 999:65507:999 set community NO_EXPORT
+
+# add_noadvertise_to_any
+match to 192.0.2.11 community 65508:999 set community NO_ADVERTISE
+match to 192.0.2.11 ext-community rt 65508:999 set community NO_ADVERTISE
+match to 192.0.2.11 large-community 999:65508:999 set community NO_ADVERTISE
+
+# add_noexport_to_peer
+match to 192.0.2.11 community 65509:1 set community NO_EXPORT
+match to 192.0.2.11 ext-community rt 65509:1 set community NO_EXPORT
+match to 192.0.2.11 large-community 999:65509:1 set community NO_EXPORT
+
+# add_noadvertise_to_peer
+match to 192.0.2.11 community 65510:1 set community NO_ADVERTISE
+match to 192.0.2.11 ext-community rt 65510:1 set community NO_ADVERTISE
+match to 192.0.2.11 large-community 999:65510:1 set community NO_ADVERTISE
+
+
+# BGP control communities
+allow to 192.0.2.11
+
+# do_not_announce_to_any
+deny to 192.0.2.11 community 0:999
+deny to 192.0.2.11 ext-community rt 0:999
+deny to 192.0.2.11 large-community 999:0:999
+
+# do_not_announce_to_peer
+deny quick to 192.0.2.11 community 0:1
+deny quick to 192.0.2.11 ext-community rt 0:1
+deny quick to 192.0.2.11 large-community 999:0:1
+
+# announce_to_peer
+allow to 192.0.2.11 community 65501:1
+allow to 192.0.2.11 ext-community rt 65501:1
+allow to 192.0.2.11 large-community 999:65501:1
+
+
+# Add the $INTCOMM_PROCESS_PREPEND_COMMS ext community to signal that communities
+# for prepending can be processed. As soon as one prepending action is performed,
+# this internal community is removed, so that further actions are not processed.
+match to 192.0.2.11 set ext-community $INTCOMM_PROCESS_PREPEND_COMMS
+
+# prepend_once_to_peer AS1; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 65521:1 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 65521:1 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:65521:1 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+# prepend_twice_to_peer AS1; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 65522:1 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 65522:1 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:65522:1 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+# prepend_thrice_to_peer AS1; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 65523:1 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 65523:1 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:65523:1 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+
+# prepend_once_to_any; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 65521:65521 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 65521:65521 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:65521:65521 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+# prepend_twice_to_any; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 65522:65522 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 65522:65522 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:65522:65522 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+# prepend_thrice_to_any; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 65523:65523 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 65523:65523 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:65523:65523 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+
+# ---------------------------------------------
+# client AS1_2, inbound
+
+
+
+# NEXT_HOP
+match from 2001:db8:1:1::11 set community NO_ADVERTISE
+match from 2001:db8:1:1::11 nexthop 2001:db8:1:1::11 set community delete NO_ADVERTISE
+# Reject inbound routes when 'from 2001:db8:1:1::11 community NO_ADVERTISE' - reject code: 5
+allow quick from 2001:db8:1:1::11 community NO_ADVERTISE set {
+	localpref 1
+	community 65520:0
+	community 65520:5
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: left-most ASN
+# Reject inbound routes when 'from 2001:db8:1:1::11 peer-as != 1' - reject code: 6
+# community from reject_cause_map
+allow quick from 2001:db8:1:1::11 peer-as != 1 set {
+	localpref 1
+	community 65520:0
+	community 65520:6
+	large-community 999:1101:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: invalid ASNs
+# Reject inbound routes when 'from 2001:db8:1:1::11 AS 23456' - reject code: 7
+allow quick from 2001:db8:1:1::11 AS 23456 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 2001:db8:1:1::11 AS 64496 - 131071' - reject code: 7
+allow quick from 2001:db8:1:1::11 AS 64496 - 131071 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 2001:db8:1:1::11 AS 4200000000 - 4294967295' - reject code: 7
+allow quick from 2001:db8:1:1::11 AS 4200000000 - 4294967295 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: transit-free ASNs
+# Reject inbound routes when 'from 2001:db8:1:1::11 AS { 3, 174 }' - reject code: 8
+allow quick from 2001:db8:1:1::11 AS { 3, 174 } set {
+	localpref 1
+	community 65520:0
+	community 65520:8
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: never via route-servers ASNs
+# Reject inbound routes when 'from 2001:db8:1:1::11 AS as-set neverviarouteserver' - reject code: 15
+allow quick from 2001:db8:1:1::11 AS as-set neverviarouteserver set {
+	localpref 1
+	community 65520:0
+	community 65520:15
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# client's white list
+# Add the $INTCOMM_ROUTE_OK_WL ext community to routes which
+# are validated by a client's white list entry.
+# It will be used later during IRRDB validation in
+# case the route is not authorized by a client's
+# AS-SET.
+match from 2001:db8:1:1::11 prefix 11.3.0.0/16 source-as 1011 set ext-community $INTCOMM_ROUTE_OK_WL	# None
+match from 2001:db8:1:1::11 prefix 11.4.0.0/16 prefixlen 16 - 32 set ext-community $INTCOMM_ROUTE_OK_WL	# None
+match from 2001:db8:1:1::11 prefix 2a11:3::/32 source-as 1011 set ext-community $INTCOMM_ROUTE_OK_WL	# None
+match from 2001:db8:1:1::11 prefix 2a11:4::/32 prefixlen 32 - 128 set ext-community $INTCOMM_ROUTE_OK_WL	# None
+
+match from 2001:db8:1:1::11 set ext-community $INTCOMM_IRR_REJECT
+
+# AS_PATH: check origin via AS-SET
+# IRRDB filters for AS1_2, AS1: asns
+# add $INTCOMM_ORIGIN_KO to any; it will be removed later if at least one AS-SET authorizes this object
+match from 2001:db8:1:1::11 set ext-community $INTCOMM_ORIGIN_KO
+# verifying if object is authorized by AS-SETs
+match from 2001:db8:1:1::11 source-as as-set AS_SET_AS_AS1_AS_AS1_CUSTOMERS_asns set {
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community $INTCOMM_ORIGIN_OK
+} # AS_AS1_AS_AS1_CUSTOMERS
+match from 2001:db8:1:1::11 source-as as-set AS_SET_WHITE_LIST_AS1_2_asns set {
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community $INTCOMM_ORIGIN_OK
+} # WHITE_LIST_AS1_2
+# AS-SET AS1 referenced but empty.
+
+
+# Prefix: check prefix via AS-SET
+# IRRDB filters for AS1_2, AS1: prefixes
+# add $INTCOMM_PREFIX_KO to any; it will be removed later if at least one AS-SET authorizes this object
+match from 2001:db8:1:1::11 set ext-community $INTCOMM_PREFIX_KO
+# verifying if object is authorized by AS-SETs
+match from 2001:db8:1:1::11 prefix-set AS_SET_AS_AS1_AS_AS1_CUSTOMERS_prefixes set {
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community $INTCOMM_PREFIX_OK
+} # AS_AS1_AS_AS1_CUSTOMERS
+match from 2001:db8:1:1::11 prefix-set AS_SET_WHITE_LIST_AS1_2_prefixes set {
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community $INTCOMM_PREFIX_OK
+} # WHITE_LIST_AS1_2
+# AS-SET AS1 referenced but empty.
+
+
+# routes tagged with $INTCOMM_PREF_OK_ROA community have the prefix validated by a ROA; origin ASN previously validated ($INTCOMM_ORIGIN_OK)
+match from 2001:db8:1:1::11 ext-community $INTCOMM_ORIGIN_OK ext-community $INTCOMM_PREF_OK_ROA set ext-community delete $INTCOMM_IRR_REJECT
+
+
+
+# route authorized by a client's white list?
+match from 2001:db8:1:1::11 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_ROUTE_OK_WL set ext-community delete $INTCOMM_IRR_REJECT
+
+# enforcing: origin ASN
+# Reject inbound routes when 'from 2001:db8:1:1::11 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_ORIGIN_KO' - reject code: 9
+allow quick from 2001:db8:1:1::11 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_ORIGIN_KO set {
+	localpref 1
+	community 65520:0
+	community 65520:9
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# enforcing: prefix
+# Reject inbound routes when 'from 2001:db8:1:1::11 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_PREFIX_KO' - reject code: 12
+allow quick from 2001:db8:1:1::11 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_PREFIX_KO set {
+	localpref 1
+	community 65520:0
+	community 65520:12
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# Blackhole request?
+match from 2001:db8:1:1::11 set ext-community delete rt 65520:1
+
+
+# Remove internal communities before accepting the route
+match from 2001:db8:1:1::11 community BLACKHOLE set {
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+allow from 2001:db8:1:1::11 community 65534:0 set {
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+allow from 2001:db8:1:1::11 large-community 65534:0:0 set {
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# Add the rpki_bgp_origin_validation_not_performed community
+match from 2001:db8:1:1::11 community BLACKHOLE set community 65530:4
+match from 2001:db8:1:1::11 community BLACKHOLE set large-community 999:65530:4
+
+match from 2001:db8:1:1::11 community 65534:0 set { community 65530:4 large-community 999:65530:4}
+match from 2001:db8:1:1::11 large-community 65534:0:0 set { community 65530:4 large-community 999:65530:4}
+
+
+allow quick from 2001:db8:1:1::11 community BLACKHOLE
+allow quick from 2001:db8:1:1::11 community 65534:0
+allow quick from 2001:db8:1:1::11 large-community 65534:0:0
+
+
+match from 2001:db8:1:1::11 set ext-community rt 65520:1
+
+
+# RPKI-based Origin Validation
+# Reject inbound routes when 'from 2001:db8:1:1::11 ext-community $INTCOMM_RPKI_INVALID' - reject code: 14
+allow quick from 2001:db8:1:1::11 ext-community $INTCOMM_RPKI_INVALID set {
+	localpref 1
+	community 65520:0
+	community 65520:14
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# Prefix: length
+# Reject inbound routes when 'from 2001:db8:1:1::11 prefix ::/0 prefixlen 17 >< 48' - reject code: 13
+allow quick from 2001:db8:1:1::11 prefix ::/0 prefixlen 17 >< 48 set {
+	localpref 1
+	community 65520:0
+	community 65520:13
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# Graceful shutdown
+match from 2001:db8:1:1::11 community GRACEFUL_SHUTDOWN set localpref 5
+
+# Remove internal communities before accepting the route
+match from 2001:db8:1:1::11 set {
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+match from 2001:db8:1:1::11 set ext-community delete rt 65520:1
+
+
+
+allow quick from 2001:db8:1:1::11
+
+
+
+# ---------------------------------------------
+# client AS1_2, outbound
+
+deny quick to 2001:db8:1:1::11 community 65520:0
+
+
+
+# Blackhole request?
+# Configured policy: rewrite-next-hop
+match to 2001:db8:1:1::11 community 65534:0 set community BLACKHOLE
+match to 2001:db8:1:1::11 large-community 65534:0:0 set community BLACKHOLE
+
+match to 2001:db8:1:1::11 community BLACKHOLE set community NO_EXPORT
+match to 2001:db8:1:1::11 community BLACKHOLE set nexthop 2001:db8:1:1::66
+
+
+# RPKI-based Origin Validation
+# Do not announce INVALID to clients
+deny quick to 2001:db8:1:1::11 ext-community $INTCOMM_RPKI_INVALID
+
+# NO_EXPORT and NO_ADVERTISE communities
+# add_noexport_to_any
+match to 2001:db8:1:1::11 community 65507:999 set community NO_EXPORT
+match to 2001:db8:1:1::11 ext-community rt 65507:999 set community NO_EXPORT
+match to 2001:db8:1:1::11 large-community 999:65507:999 set community NO_EXPORT
+
+# add_noadvertise_to_any
+match to 2001:db8:1:1::11 community 65508:999 set community NO_ADVERTISE
+match to 2001:db8:1:1::11 ext-community rt 65508:999 set community NO_ADVERTISE
+match to 2001:db8:1:1::11 large-community 999:65508:999 set community NO_ADVERTISE
+
+# add_noexport_to_peer
+match to 2001:db8:1:1::11 community 65509:1 set community NO_EXPORT
+match to 2001:db8:1:1::11 ext-community rt 65509:1 set community NO_EXPORT
+match to 2001:db8:1:1::11 large-community 999:65509:1 set community NO_EXPORT
+
+# add_noadvertise_to_peer
+match to 2001:db8:1:1::11 community 65510:1 set community NO_ADVERTISE
+match to 2001:db8:1:1::11 ext-community rt 65510:1 set community NO_ADVERTISE
+match to 2001:db8:1:1::11 large-community 999:65510:1 set community NO_ADVERTISE
+
+
+# BGP control communities
+allow to 2001:db8:1:1::11
+
+# do_not_announce_to_any
+deny to 2001:db8:1:1::11 community 0:999
+deny to 2001:db8:1:1::11 ext-community rt 0:999
+deny to 2001:db8:1:1::11 large-community 999:0:999
+
+# do_not_announce_to_peer
+deny quick to 2001:db8:1:1::11 community 0:1
+deny quick to 2001:db8:1:1::11 ext-community rt 0:1
+deny quick to 2001:db8:1:1::11 large-community 999:0:1
+
+# announce_to_peer
+allow to 2001:db8:1:1::11 community 65501:1
+allow to 2001:db8:1:1::11 ext-community rt 65501:1
+allow to 2001:db8:1:1::11 large-community 999:65501:1
+
+
+# Add the $INTCOMM_PROCESS_PREPEND_COMMS ext community to signal that communities
+# for prepending can be processed. As soon as one prepending action is performed,
+# this internal community is removed, so that further actions are not processed.
+match to 2001:db8:1:1::11 set ext-community $INTCOMM_PROCESS_PREPEND_COMMS
+
+# prepend_once_to_peer AS1; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 65521:1 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 65521:1 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:65521:1 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+# prepend_twice_to_peer AS1; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 65522:1 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 65522:1 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:65522:1 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+# prepend_thrice_to_peer AS1; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 65523:1 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 65523:1 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:65523:1 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+
+# prepend_once_to_any; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 65521:65521 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 65521:65521 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:65521:65521 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+# prepend_twice_to_any; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 65522:65522 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 65522:65522 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:65522:65522 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+# prepend_thrice_to_any; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 65523:65523 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 65523:65523 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:65523:65523 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+
+# ---------------------------------------------
+# client AS1_3, inbound
+
+
+
+# NEXT_HOP
+match from 192.0.2.12 set community NO_ADVERTISE
+match from 192.0.2.12 nexthop 192.0.2.11 set community delete NO_ADVERTISE
+match from 192.0.2.12 nexthop 192.0.2.12 set community delete NO_ADVERTISE
+# Reject inbound routes when 'from 192.0.2.12 community NO_ADVERTISE' - reject code: 5
+allow quick from 192.0.2.12 community NO_ADVERTISE set {
+	localpref 1
+	community 65520:0
+	community 65520:5
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: left-most ASN
+# Reject inbound routes when 'from 192.0.2.12 peer-as != 1' - reject code: 6
+# community from reject_cause_map
+allow quick from 192.0.2.12 peer-as != 1 set {
+	localpref 1
+	community 65520:0
+	community 65520:6
+	large-community 999:1101:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: invalid ASNs
+# Reject inbound routes when 'from 192.0.2.12 AS 23456' - reject code: 7
+allow quick from 192.0.2.12 AS 23456 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 192.0.2.12 AS 64496 - 131071' - reject code: 7
+allow quick from 192.0.2.12 AS 64496 - 131071 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 192.0.2.12 AS 4200000000 - 4294967295' - reject code: 7
+allow quick from 192.0.2.12 AS 4200000000 - 4294967295 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: transit-free ASNs
+# Reject inbound routes when 'from 192.0.2.12 AS { 3, 174 }' - reject code: 8
+allow quick from 192.0.2.12 AS { 3, 174 } set {
+	localpref 1
+	community 65520:0
+	community 65520:8
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: never via route-servers ASNs
+# Reject inbound routes when 'from 192.0.2.12 AS as-set neverviarouteserver' - reject code: 15
+allow quick from 192.0.2.12 AS as-set neverviarouteserver set {
+	localpref 1
+	community 65520:0
+	community 65520:15
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+match from 192.0.2.12 set ext-community $INTCOMM_IRR_REJECT
+
+# AS_PATH: check origin via AS-SET
+# IRRDB filters for AS1_3, AS1: asns
+# add $INTCOMM_ORIGIN_KO to any; it will be removed later if at least one AS-SET authorizes this object
+match from 192.0.2.12 set ext-community $INTCOMM_ORIGIN_KO
+# verifying if object is authorized by AS-SETs
+match from 192.0.2.12 source-as as-set AS_SET_AS_AS1_AS_AS1_CUSTOMERS_asns set {
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community $INTCOMM_ORIGIN_OK
+} # AS_AS1_AS_AS1_CUSTOMERS
+# AS-SET AS1 referenced but empty.
+
+
+# Prefix: check prefix via AS-SET
+# IRRDB filters for AS1_3, AS1: prefixes
+# add $INTCOMM_PREFIX_KO to any; it will be removed later if at least one AS-SET authorizes this object
+match from 192.0.2.12 set ext-community $INTCOMM_PREFIX_KO
+# verifying if object is authorized by AS-SETs
+match from 192.0.2.12 prefix-set AS_SET_AS_AS1_AS_AS1_CUSTOMERS_prefixes set {
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community $INTCOMM_PREFIX_OK
+} # AS_AS1_AS_AS1_CUSTOMERS
+# AS-SET AS1 referenced but empty.
+
+
+# routes tagged with $INTCOMM_PREF_OK_ROA community have the prefix validated by a ROA; origin ASN previously validated ($INTCOMM_ORIGIN_OK)
+match from 192.0.2.12 ext-community $INTCOMM_ORIGIN_OK ext-community $INTCOMM_PREF_OK_ROA set ext-community delete $INTCOMM_IRR_REJECT
+
+
+
+
+# enforcing: origin ASN
+# Reject inbound routes when 'from 192.0.2.12 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_ORIGIN_KO' - reject code: 9
+allow quick from 192.0.2.12 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_ORIGIN_KO set {
+	localpref 1
+	community 65520:0
+	community 65520:9
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# enforcing: prefix
+# Reject inbound routes when 'from 192.0.2.12 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_PREFIX_KO' - reject code: 12
+allow quick from 192.0.2.12 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_PREFIX_KO set {
+	localpref 1
+	community 65520:0
+	community 65520:12
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# Blackhole request?
+match from 192.0.2.12 set ext-community delete rt 65520:1
+
+
+# Remove internal communities before accepting the route
+match from 192.0.2.12 community BLACKHOLE set {
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+allow from 192.0.2.12 community 65534:0 set {
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+allow from 192.0.2.12 large-community 65534:0:0 set {
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# Add the rpki_bgp_origin_validation_not_performed community
+match from 192.0.2.12 community BLACKHOLE set community 65530:4
+match from 192.0.2.12 community BLACKHOLE set large-community 999:65530:4
+
+match from 192.0.2.12 community 65534:0 set { community 65530:4 large-community 999:65530:4}
+match from 192.0.2.12 large-community 65534:0:0 set { community 65530:4 large-community 999:65530:4}
+
+
+allow quick from 192.0.2.12 community BLACKHOLE
+allow quick from 192.0.2.12 community 65534:0
+allow quick from 192.0.2.12 large-community 65534:0:0
+
+
+match from 192.0.2.12 set ext-community rt 65520:1
+
+
+# RPKI-based Origin Validation
+# Reject inbound routes when 'from 192.0.2.12 ext-community $INTCOMM_RPKI_INVALID' - reject code: 14
+allow quick from 192.0.2.12 ext-community $INTCOMM_RPKI_INVALID set {
+	localpref 1
+	community 65520:0
+	community 65520:14
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# Prefix: length
+# Reject inbound routes when 'from 192.0.2.12 prefix 0.0.0.0/0 prefixlen 8 >< 24' - reject code: 13
+allow quick from 192.0.2.12 prefix 0.0.0.0/0 prefixlen 8 >< 24 set {
+	localpref 1
+	community 65520:0
+	community 65520:13
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# Graceful shutdown
+match from 192.0.2.12 community GRACEFUL_SHUTDOWN set localpref 5
+
+# Remove internal communities before accepting the route
+match from 192.0.2.12 set {
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+match from 192.0.2.12 set ext-community delete rt 65520:1
+
+
+
+allow quick from 192.0.2.12
+
+
+
+# ---------------------------------------------
+# client AS1_3, outbound
+
+deny quick to 192.0.2.12 community 65520:0
+
+
+
+# Blackhole request?
+# Client not enabled to receive blackhole routes
+deny quick to 192.0.2.12 community BLACKHOLE
+deny quick to 192.0.2.12 community 65534:0
+deny quick to 192.0.2.12 large-community 65534:0:0
+
+
+# RPKI-based Origin Validation
+# Do not announce INVALID to clients
+deny quick to 192.0.2.12 ext-community $INTCOMM_RPKI_INVALID
+
+# NO_EXPORT and NO_ADVERTISE communities
+# add_noexport_to_any
+match to 192.0.2.12 community 65507:999 set community NO_EXPORT
+match to 192.0.2.12 ext-community rt 65507:999 set community NO_EXPORT
+match to 192.0.2.12 large-community 999:65507:999 set community NO_EXPORT
+
+# add_noadvertise_to_any
+match to 192.0.2.12 community 65508:999 set community NO_ADVERTISE
+match to 192.0.2.12 ext-community rt 65508:999 set community NO_ADVERTISE
+match to 192.0.2.12 large-community 999:65508:999 set community NO_ADVERTISE
+
+# add_noexport_to_peer
+match to 192.0.2.12 community 65509:1 set community NO_EXPORT
+match to 192.0.2.12 ext-community rt 65509:1 set community NO_EXPORT
+match to 192.0.2.12 large-community 999:65509:1 set community NO_EXPORT
+
+# add_noadvertise_to_peer
+match to 192.0.2.12 community 65510:1 set community NO_ADVERTISE
+match to 192.0.2.12 ext-community rt 65510:1 set community NO_ADVERTISE
+match to 192.0.2.12 large-community 999:65510:1 set community NO_ADVERTISE
+
+
+# BGP control communities
+allow to 192.0.2.12
+
+# do_not_announce_to_any
+deny to 192.0.2.12 community 0:999
+deny to 192.0.2.12 ext-community rt 0:999
+deny to 192.0.2.12 large-community 999:0:999
+
+# do_not_announce_to_peer
+deny quick to 192.0.2.12 community 0:1
+deny quick to 192.0.2.12 ext-community rt 0:1
+deny quick to 192.0.2.12 large-community 999:0:1
+
+# announce_to_peer
+allow to 192.0.2.12 community 65501:1
+allow to 192.0.2.12 ext-community rt 65501:1
+allow to 192.0.2.12 large-community 999:65501:1
+
+
+# Add the $INTCOMM_PROCESS_PREPEND_COMMS ext community to signal that communities
+# for prepending can be processed. As soon as one prepending action is performed,
+# this internal community is removed, so that further actions are not processed.
+match to 192.0.2.12 set ext-community $INTCOMM_PROCESS_PREPEND_COMMS
+
+# prepend_once_to_peer AS1; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 65521:1 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 65521:1 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:65521:1 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+# prepend_twice_to_peer AS1; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 65522:1 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 65522:1 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:65522:1 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+# prepend_thrice_to_peer AS1; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 65523:1 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 65523:1 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:65523:1 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+
+# prepend_once_to_any; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 65521:65521 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 65521:65521 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:65521:65521 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+# prepend_twice_to_any; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 65522:65522 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 65522:65522 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:65522:65522 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+# prepend_thrice_to_any; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 65523:65523 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 65523:65523 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:65523:65523 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+
+# ---------------------------------------------
+# client AS1_4, inbound
+
+
+
+# NEXT_HOP
+match from 2001:db8:1:1::12 set community NO_ADVERTISE
+match from 2001:db8:1:1::12 nexthop 2001:db8:1:1::11 set community delete NO_ADVERTISE
+match from 2001:db8:1:1::12 nexthop 2001:db8:1:1::12 set community delete NO_ADVERTISE
+# Reject inbound routes when 'from 2001:db8:1:1::12 community NO_ADVERTISE' - reject code: 5
+allow quick from 2001:db8:1:1::12 community NO_ADVERTISE set {
+	localpref 1
+	community 65520:0
+	community 65520:5
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: left-most ASN
+# Reject inbound routes when 'from 2001:db8:1:1::12 peer-as != 1' - reject code: 6
+# community from reject_cause_map
+allow quick from 2001:db8:1:1::12 peer-as != 1 set {
+	localpref 1
+	community 65520:0
+	community 65520:6
+	large-community 999:1101:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: invalid ASNs
+# Reject inbound routes when 'from 2001:db8:1:1::12 AS 23456' - reject code: 7
+allow quick from 2001:db8:1:1::12 AS 23456 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 2001:db8:1:1::12 AS 64496 - 131071' - reject code: 7
+allow quick from 2001:db8:1:1::12 AS 64496 - 131071 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 2001:db8:1:1::12 AS 4200000000 - 4294967295' - reject code: 7
+allow quick from 2001:db8:1:1::12 AS 4200000000 - 4294967295 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: transit-free ASNs
+# Reject inbound routes when 'from 2001:db8:1:1::12 AS { 3, 174 }' - reject code: 8
+allow quick from 2001:db8:1:1::12 AS { 3, 174 } set {
+	localpref 1
+	community 65520:0
+	community 65520:8
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: never via route-servers ASNs
+# Reject inbound routes when 'from 2001:db8:1:1::12 AS as-set neverviarouteserver' - reject code: 15
+allow quick from 2001:db8:1:1::12 AS as-set neverviarouteserver set {
+	localpref 1
+	community 65520:0
+	community 65520:15
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+match from 2001:db8:1:1::12 set ext-community $INTCOMM_IRR_REJECT
+
+# AS_PATH: check origin via AS-SET
+# IRRDB filters for AS1_4, AS1: asns
+# add $INTCOMM_ORIGIN_KO to any; it will be removed later if at least one AS-SET authorizes this object
+match from 2001:db8:1:1::12 set ext-community $INTCOMM_ORIGIN_KO
+# verifying if object is authorized by AS-SETs
+match from 2001:db8:1:1::12 source-as as-set AS_SET_AS_AS1_AS_AS1_CUSTOMERS_asns set {
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community $INTCOMM_ORIGIN_OK
+} # AS_AS1_AS_AS1_CUSTOMERS
+# AS-SET AS1 referenced but empty.
+
+
+# Prefix: check prefix via AS-SET
+# IRRDB filters for AS1_4, AS1: prefixes
+# add $INTCOMM_PREFIX_KO to any; it will be removed later if at least one AS-SET authorizes this object
+match from 2001:db8:1:1::12 set ext-community $INTCOMM_PREFIX_KO
+# verifying if object is authorized by AS-SETs
+match from 2001:db8:1:1::12 prefix-set AS_SET_AS_AS1_AS_AS1_CUSTOMERS_prefixes set {
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community $INTCOMM_PREFIX_OK
+} # AS_AS1_AS_AS1_CUSTOMERS
+# AS-SET AS1 referenced but empty.
+
+
+# routes tagged with $INTCOMM_PREF_OK_ROA community have the prefix validated by a ROA; origin ASN previously validated ($INTCOMM_ORIGIN_OK)
+match from 2001:db8:1:1::12 ext-community $INTCOMM_ORIGIN_OK ext-community $INTCOMM_PREF_OK_ROA set ext-community delete $INTCOMM_IRR_REJECT
+
+
+
+
+# enforcing: origin ASN
+# Reject inbound routes when 'from 2001:db8:1:1::12 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_ORIGIN_KO' - reject code: 9
+allow quick from 2001:db8:1:1::12 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_ORIGIN_KO set {
+	localpref 1
+	community 65520:0
+	community 65520:9
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# enforcing: prefix
+# Reject inbound routes when 'from 2001:db8:1:1::12 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_PREFIX_KO' - reject code: 12
+allow quick from 2001:db8:1:1::12 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_PREFIX_KO set {
+	localpref 1
+	community 65520:0
+	community 65520:12
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# Blackhole request?
+match from 2001:db8:1:1::12 set ext-community delete rt 65520:1
+
+
+# Remove internal communities before accepting the route
+match from 2001:db8:1:1::12 community BLACKHOLE set {
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+allow from 2001:db8:1:1::12 community 65534:0 set {
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+allow from 2001:db8:1:1::12 large-community 65534:0:0 set {
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# Add the rpki_bgp_origin_validation_not_performed community
+match from 2001:db8:1:1::12 community BLACKHOLE set community 65530:4
+match from 2001:db8:1:1::12 community BLACKHOLE set large-community 999:65530:4
+
+match from 2001:db8:1:1::12 community 65534:0 set { community 65530:4 large-community 999:65530:4}
+match from 2001:db8:1:1::12 large-community 65534:0:0 set { community 65530:4 large-community 999:65530:4}
+
+
+allow quick from 2001:db8:1:1::12 community BLACKHOLE
+allow quick from 2001:db8:1:1::12 community 65534:0
+allow quick from 2001:db8:1:1::12 large-community 65534:0:0
+
+
+match from 2001:db8:1:1::12 set ext-community rt 65520:1
+
+
+# RPKI-based Origin Validation
+# Reject inbound routes when 'from 2001:db8:1:1::12 ext-community $INTCOMM_RPKI_INVALID' - reject code: 14
+allow quick from 2001:db8:1:1::12 ext-community $INTCOMM_RPKI_INVALID set {
+	localpref 1
+	community 65520:0
+	community 65520:14
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# Prefix: length
+# Reject inbound routes when 'from 2001:db8:1:1::12 prefix ::/0 prefixlen 17 >< 48' - reject code: 13
+allow quick from 2001:db8:1:1::12 prefix ::/0 prefixlen 17 >< 48 set {
+	localpref 1
+	community 65520:0
+	community 65520:13
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# Graceful shutdown
+match from 2001:db8:1:1::12 community GRACEFUL_SHUTDOWN set localpref 5
+
+# Remove internal communities before accepting the route
+match from 2001:db8:1:1::12 set {
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+match from 2001:db8:1:1::12 set ext-community delete rt 65520:1
+
+
+
+allow quick from 2001:db8:1:1::12
+
+
+
+# ---------------------------------------------
+# client AS1_4, outbound
+
+deny quick to 2001:db8:1:1::12 community 65520:0
+
+
+
+# Blackhole request?
+# Client not enabled to receive blackhole routes
+deny quick to 2001:db8:1:1::12 community BLACKHOLE
+deny quick to 2001:db8:1:1::12 community 65534:0
+deny quick to 2001:db8:1:1::12 large-community 65534:0:0
+
+
+# RPKI-based Origin Validation
+# Do not announce INVALID to clients
+deny quick to 2001:db8:1:1::12 ext-community $INTCOMM_RPKI_INVALID
+
+# NO_EXPORT and NO_ADVERTISE communities
+# add_noexport_to_any
+match to 2001:db8:1:1::12 community 65507:999 set community NO_EXPORT
+match to 2001:db8:1:1::12 ext-community rt 65507:999 set community NO_EXPORT
+match to 2001:db8:1:1::12 large-community 999:65507:999 set community NO_EXPORT
+
+# add_noadvertise_to_any
+match to 2001:db8:1:1::12 community 65508:999 set community NO_ADVERTISE
+match to 2001:db8:1:1::12 ext-community rt 65508:999 set community NO_ADVERTISE
+match to 2001:db8:1:1::12 large-community 999:65508:999 set community NO_ADVERTISE
+
+# add_noexport_to_peer
+match to 2001:db8:1:1::12 community 65509:1 set community NO_EXPORT
+match to 2001:db8:1:1::12 ext-community rt 65509:1 set community NO_EXPORT
+match to 2001:db8:1:1::12 large-community 999:65509:1 set community NO_EXPORT
+
+# add_noadvertise_to_peer
+match to 2001:db8:1:1::12 community 65510:1 set community NO_ADVERTISE
+match to 2001:db8:1:1::12 ext-community rt 65510:1 set community NO_ADVERTISE
+match to 2001:db8:1:1::12 large-community 999:65510:1 set community NO_ADVERTISE
+
+
+# BGP control communities
+allow to 2001:db8:1:1::12
+
+# do_not_announce_to_any
+deny to 2001:db8:1:1::12 community 0:999
+deny to 2001:db8:1:1::12 ext-community rt 0:999
+deny to 2001:db8:1:1::12 large-community 999:0:999
+
+# do_not_announce_to_peer
+deny quick to 2001:db8:1:1::12 community 0:1
+deny quick to 2001:db8:1:1::12 ext-community rt 0:1
+deny quick to 2001:db8:1:1::12 large-community 999:0:1
+
+# announce_to_peer
+allow to 2001:db8:1:1::12 community 65501:1
+allow to 2001:db8:1:1::12 ext-community rt 65501:1
+allow to 2001:db8:1:1::12 large-community 999:65501:1
+
+
+# Add the $INTCOMM_PROCESS_PREPEND_COMMS ext community to signal that communities
+# for prepending can be processed. As soon as one prepending action is performed,
+# this internal community is removed, so that further actions are not processed.
+match to 2001:db8:1:1::12 set ext-community $INTCOMM_PROCESS_PREPEND_COMMS
+
+# prepend_once_to_peer AS1; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 65521:1 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 65521:1 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:65521:1 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+# prepend_twice_to_peer AS1; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 65522:1 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 65522:1 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:65522:1 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+# prepend_thrice_to_peer AS1; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 65523:1 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 65523:1 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:65523:1 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+
+# prepend_once_to_any; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 65521:65521 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 65521:65521 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:65521:65521 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+# prepend_twice_to_any; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 65522:65522 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 65522:65522 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:65522:65522 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+# prepend_thrice_to_any; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 65523:65523 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 65523:65523 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:65523:65523 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+
+# ---------------------------------------------
+# client AS222_1, inbound
+
+
+
+# NEXT_HOP
+match from 192.0.2.222 set community NO_ADVERTISE
+match from 192.0.2.222 nexthop 192.0.2.222 set community delete NO_ADVERTISE
+# Reject inbound routes when 'from 192.0.2.222 community NO_ADVERTISE' - reject code: 5
+allow quick from 192.0.2.222 community NO_ADVERTISE set {
+	localpref 1
+	community 65520:0
+	community 65520:5
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: left-most ASN
+# Reject inbound routes when 'from 192.0.2.222 peer-as != 222' - reject code: 6
+# community from reject_cause_map
+allow quick from 192.0.2.222 peer-as != 222 set {
+	localpref 1
+	community 65520:0
+	community 65520:6
+	large-community 999:1101:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: invalid ASNs
+# Reject inbound routes when 'from 192.0.2.222 AS 23456' - reject code: 7
+allow quick from 192.0.2.222 AS 23456 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 192.0.2.222 AS 64496 - 131071' - reject code: 7
+allow quick from 192.0.2.222 AS 64496 - 131071 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 192.0.2.222 AS 4200000000 - 4294967295' - reject code: 7
+allow quick from 192.0.2.222 AS 4200000000 - 4294967295 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: transit-free ASNs
+# Reject inbound routes when 'from 192.0.2.222 AS { 3, 174 }' - reject code: 8
+allow quick from 192.0.2.222 AS { 3, 174 } set {
+	localpref 1
+	community 65520:0
+	community 65520:8
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: never via route-servers ASNs
+# Reject inbound routes when 'from 192.0.2.222 AS as-set neverviarouteserver' - reject code: 15
+allow quick from 192.0.2.222 AS as-set neverviarouteserver set {
+	localpref 1
+	community 65520:0
+	community 65520:15
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# client's white list
+# Add the $INTCOMM_ROUTE_OK_WL ext community to routes which
+# are validated by a client's white list entry.
+# It will be used later during IRRDB validation in
+# case the route is not authorized by a client's
+# AS-SET.
+match from 192.0.2.222 prefix 222.1.1.0/24 set ext-community $INTCOMM_ROUTE_OK_WL	# None
+match from 192.0.2.222 prefix 3222:0:1::/48 set ext-community $INTCOMM_ROUTE_OK_WL	# None
+
+match from 192.0.2.222 set ext-community $INTCOMM_IRR_REJECT
+
+# AS_PATH: check origin via AS-SET
+# IRRDB filters for AS222_1, AS222: asns
+# add $INTCOMM_ORIGIN_KO to any; it will be removed later if at least one AS-SET authorizes this object
+match from 192.0.2.222 set ext-community $INTCOMM_ORIGIN_KO
+# verifying if object is authorized by AS-SETs
+# AS-SET AS222 referenced but empty.
+# AS-SET AS_AS222 referenced but empty.
+
+
+# Prefix: check prefix via AS-SET
+# IRRDB filters for AS222_1, AS222: prefixes
+# add $INTCOMM_PREFIX_KO to any; it will be removed later if at least one AS-SET authorizes this object
+match from 192.0.2.222 set ext-community $INTCOMM_PREFIX_KO
+# verifying if object is authorized by AS-SETs
+# AS-SET AS222 referenced but empty.
+# AS-SET AS_AS222 referenced but empty.
+
+
+# routes tagged with $INTCOMM_PREF_OK_ROA community have the prefix validated by a ROA; origin ASN previously validated ($INTCOMM_ORIGIN_OK)
+match from 192.0.2.222 ext-community $INTCOMM_ORIGIN_OK ext-community $INTCOMM_PREF_OK_ROA set ext-community delete $INTCOMM_IRR_REJECT
+
+
+
+# route authorized by a client's white list?
+match from 192.0.2.222 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_ROUTE_OK_WL set ext-community delete $INTCOMM_IRR_REJECT
+
+# enforcing: origin ASN
+# Reject inbound routes when 'from 192.0.2.222 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_ORIGIN_KO' - reject code: 9
+allow quick from 192.0.2.222 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_ORIGIN_KO set {
+	localpref 1
+	community 65520:0
+	community 65520:9
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# enforcing: prefix
+# Reject inbound routes when 'from 192.0.2.222 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_PREFIX_KO' - reject code: 12
+allow quick from 192.0.2.222 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_PREFIX_KO set {
+	localpref 1
+	community 65520:0
+	community 65520:12
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# Blackhole request?
+match from 192.0.2.222 set ext-community delete rt 65520:222
+
+
+# Remove internal communities before accepting the route
+match from 192.0.2.222 community BLACKHOLE set {
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+allow from 192.0.2.222 community 65534:0 set {
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+allow from 192.0.2.222 large-community 65534:0:0 set {
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# Add the rpki_bgp_origin_validation_not_performed community
+match from 192.0.2.222 community BLACKHOLE set community 65530:4
+match from 192.0.2.222 community BLACKHOLE set large-community 999:65530:4
+
+match from 192.0.2.222 community 65534:0 set { community 65530:4 large-community 999:65530:4}
+match from 192.0.2.222 large-community 65534:0:0 set { community 65530:4 large-community 999:65530:4}
+
+
+allow quick from 192.0.2.222 community BLACKHOLE
+allow quick from 192.0.2.222 community 65534:0
+allow quick from 192.0.2.222 large-community 65534:0:0
+
+
+match from 192.0.2.222 set ext-community rt 65520:222
+
+
+# RPKI-based Origin Validation
+# Reject inbound routes when 'from 192.0.2.222 ext-community $INTCOMM_RPKI_INVALID' - reject code: 14
+allow quick from 192.0.2.222 ext-community $INTCOMM_RPKI_INVALID set {
+	localpref 1
+	community 65520:0
+	community 65520:14
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# Prefix: length
+# Reject inbound routes when 'from 192.0.2.222 prefix 0.0.0.0/0 prefixlen 8 >< 24' - reject code: 13
+allow quick from 192.0.2.222 prefix 0.0.0.0/0 prefixlen 8 >< 24 set {
+	localpref 1
+	community 65520:0
+	community 65520:13
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# Graceful shutdown
+match from 192.0.2.222 community GRACEFUL_SHUTDOWN set localpref 5
+
+# Remove internal communities before accepting the route
+match from 192.0.2.222 set {
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+match from 192.0.2.222 set ext-community delete rt 65520:222
+
+
+
+allow quick from 192.0.2.222
+
+
+
+# ---------------------------------------------
+# client AS222_1, outbound
+
+deny quick to 192.0.2.222 community 65520:0
+
+
+
+# Blackhole request?
+# Configured policy: rewrite-next-hop
+match to 192.0.2.222 community 65534:0 set community BLACKHOLE
+match to 192.0.2.222 large-community 65534:0:0 set community BLACKHOLE
+
+match to 192.0.2.222 community BLACKHOLE set community NO_EXPORT
+match to 192.0.2.222 community BLACKHOLE set nexthop 192.0.2.66
+
+
+# RPKI-based Origin Validation
+# Do not announce INVALID to clients
+deny quick to 192.0.2.222 ext-community $INTCOMM_RPKI_INVALID
+
+# NO_EXPORT and NO_ADVERTISE communities
+# add_noexport_to_any
+match to 192.0.2.222 community 65507:999 set community NO_EXPORT
+match to 192.0.2.222 ext-community rt 65507:999 set community NO_EXPORT
+match to 192.0.2.222 large-community 999:65507:999 set community NO_EXPORT
+
+# add_noadvertise_to_any
+match to 192.0.2.222 community 65508:999 set community NO_ADVERTISE
+match to 192.0.2.222 ext-community rt 65508:999 set community NO_ADVERTISE
+match to 192.0.2.222 large-community 999:65508:999 set community NO_ADVERTISE
+
+# add_noexport_to_peer
+match to 192.0.2.222 community 65509:222 set community NO_EXPORT
+match to 192.0.2.222 ext-community rt 65509:222 set community NO_EXPORT
+match to 192.0.2.222 large-community 999:65509:222 set community NO_EXPORT
+
+# add_noadvertise_to_peer
+match to 192.0.2.222 community 65510:222 set community NO_ADVERTISE
+match to 192.0.2.222 ext-community rt 65510:222 set community NO_ADVERTISE
+match to 192.0.2.222 large-community 999:65510:222 set community NO_ADVERTISE
+
+
+# BGP control communities
+allow to 192.0.2.222
+
+# do_not_announce_to_any
+deny to 192.0.2.222 community 0:999
+deny to 192.0.2.222 ext-community rt 0:999
+deny to 192.0.2.222 large-community 999:0:999
+
+# do_not_announce_to_peer
+deny quick to 192.0.2.222 community 0:222
+deny quick to 192.0.2.222 ext-community rt 0:222
+deny quick to 192.0.2.222 large-community 999:0:222
+
+# announce_to_peer
+allow to 192.0.2.222 community 65501:222
+allow to 192.0.2.222 ext-community rt 65501:222
+allow to 192.0.2.222 large-community 999:65501:222
+
+
+# Add the $INTCOMM_PROCESS_PREPEND_COMMS ext community to signal that communities
+# for prepending can be processed. As soon as one prepending action is performed,
+# this internal community is removed, so that further actions are not processed.
+match to 192.0.2.222 set ext-community $INTCOMM_PROCESS_PREPEND_COMMS
+
+# prepend_once_to_peer AS222; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.222 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 65521:222 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.222 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 65521:222 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.222 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:65521:222 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+# prepend_twice_to_peer AS222; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.222 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 65522:222 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.222 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 65522:222 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.222 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:65522:222 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+# prepend_thrice_to_peer AS222; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.222 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 65523:222 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.222 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 65523:222 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.222 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:65523:222 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+
+# prepend_once_to_any; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.222 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 65521:65521 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.222 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 65521:65521 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.222 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:65521:65521 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+# prepend_twice_to_any; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.222 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 65522:65522 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.222 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 65522:65522 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.222 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:65522:65522 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+# prepend_thrice_to_any; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.222 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 65523:65523 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.222 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 65523:65523 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.222 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:65523:65523 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+
+# ---------------------------------------------
+# client AS222_2, inbound
+
+
+
+# NEXT_HOP
+match from 2001:db8:1:1::222 set community NO_ADVERTISE
+match from 2001:db8:1:1::222 nexthop 2001:db8:1:1::222 set community delete NO_ADVERTISE
+# Reject inbound routes when 'from 2001:db8:1:1::222 community NO_ADVERTISE' - reject code: 5
+allow quick from 2001:db8:1:1::222 community NO_ADVERTISE set {
+	localpref 1
+	community 65520:0
+	community 65520:5
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: left-most ASN
+# Reject inbound routes when 'from 2001:db8:1:1::222 peer-as != 222' - reject code: 6
+# community from reject_cause_map
+allow quick from 2001:db8:1:1::222 peer-as != 222 set {
+	localpref 1
+	community 65520:0
+	community 65520:6
+	large-community 999:1101:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: invalid ASNs
+# Reject inbound routes when 'from 2001:db8:1:1::222 AS 23456' - reject code: 7
+allow quick from 2001:db8:1:1::222 AS 23456 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 2001:db8:1:1::222 AS 64496 - 131071' - reject code: 7
+allow quick from 2001:db8:1:1::222 AS 64496 - 131071 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 2001:db8:1:1::222 AS 4200000000 - 4294967295' - reject code: 7
+allow quick from 2001:db8:1:1::222 AS 4200000000 - 4294967295 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: transit-free ASNs
+# Reject inbound routes when 'from 2001:db8:1:1::222 AS { 3, 174 }' - reject code: 8
+allow quick from 2001:db8:1:1::222 AS { 3, 174 } set {
+	localpref 1
+	community 65520:0
+	community 65520:8
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: never via route-servers ASNs
+# Reject inbound routes when 'from 2001:db8:1:1::222 AS as-set neverviarouteserver' - reject code: 15
+allow quick from 2001:db8:1:1::222 AS as-set neverviarouteserver set {
+	localpref 1
+	community 65520:0
+	community 65520:15
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# client's white list
+# Add the $INTCOMM_ROUTE_OK_WL ext community to routes which
+# are validated by a client's white list entry.
+# It will be used later during IRRDB validation in
+# case the route is not authorized by a client's
+# AS-SET.
+match from 2001:db8:1:1::222 prefix 222.1.1.0/24 set ext-community $INTCOMM_ROUTE_OK_WL	# None
+match from 2001:db8:1:1::222 prefix 3222:0:1::/48 set ext-community $INTCOMM_ROUTE_OK_WL	# None
+
+match from 2001:db8:1:1::222 set ext-community $INTCOMM_IRR_REJECT
+
+# AS_PATH: check origin via AS-SET
+# IRRDB filters for AS222_2, AS222: asns
+# add $INTCOMM_ORIGIN_KO to any; it will be removed later if at least one AS-SET authorizes this object
+match from 2001:db8:1:1::222 set ext-community $INTCOMM_ORIGIN_KO
+# verifying if object is authorized by AS-SETs
+# AS-SET AS222 referenced but empty.
+# AS-SET AS_AS222 referenced but empty.
+
+
+# Prefix: check prefix via AS-SET
+# IRRDB filters for AS222_2, AS222: prefixes
+# add $INTCOMM_PREFIX_KO to any; it will be removed later if at least one AS-SET authorizes this object
+match from 2001:db8:1:1::222 set ext-community $INTCOMM_PREFIX_KO
+# verifying if object is authorized by AS-SETs
+# AS-SET AS222 referenced but empty.
+# AS-SET AS_AS222 referenced but empty.
+
+
+# routes tagged with $INTCOMM_PREF_OK_ROA community have the prefix validated by a ROA; origin ASN previously validated ($INTCOMM_ORIGIN_OK)
+match from 2001:db8:1:1::222 ext-community $INTCOMM_ORIGIN_OK ext-community $INTCOMM_PREF_OK_ROA set ext-community delete $INTCOMM_IRR_REJECT
+
+
+
+# route authorized by a client's white list?
+match from 2001:db8:1:1::222 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_ROUTE_OK_WL set ext-community delete $INTCOMM_IRR_REJECT
+
+# enforcing: origin ASN
+# Reject inbound routes when 'from 2001:db8:1:1::222 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_ORIGIN_KO' - reject code: 9
+allow quick from 2001:db8:1:1::222 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_ORIGIN_KO set {
+	localpref 1
+	community 65520:0
+	community 65520:9
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# enforcing: prefix
+# Reject inbound routes when 'from 2001:db8:1:1::222 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_PREFIX_KO' - reject code: 12
+allow quick from 2001:db8:1:1::222 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_PREFIX_KO set {
+	localpref 1
+	community 65520:0
+	community 65520:12
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# Blackhole request?
+match from 2001:db8:1:1::222 set ext-community delete rt 65520:222
+
+
+# Remove internal communities before accepting the route
+match from 2001:db8:1:1::222 community BLACKHOLE set {
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+allow from 2001:db8:1:1::222 community 65534:0 set {
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+allow from 2001:db8:1:1::222 large-community 65534:0:0 set {
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# Add the rpki_bgp_origin_validation_not_performed community
+match from 2001:db8:1:1::222 community BLACKHOLE set community 65530:4
+match from 2001:db8:1:1::222 community BLACKHOLE set large-community 999:65530:4
+
+match from 2001:db8:1:1::222 community 65534:0 set { community 65530:4 large-community 999:65530:4}
+match from 2001:db8:1:1::222 large-community 65534:0:0 set { community 65530:4 large-community 999:65530:4}
+
+
+allow quick from 2001:db8:1:1::222 community BLACKHOLE
+allow quick from 2001:db8:1:1::222 community 65534:0
+allow quick from 2001:db8:1:1::222 large-community 65534:0:0
+
+
+match from 2001:db8:1:1::222 set ext-community rt 65520:222
+
+
+# RPKI-based Origin Validation
+# Reject inbound routes when 'from 2001:db8:1:1::222 ext-community $INTCOMM_RPKI_INVALID' - reject code: 14
+allow quick from 2001:db8:1:1::222 ext-community $INTCOMM_RPKI_INVALID set {
+	localpref 1
+	community 65520:0
+	community 65520:14
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# Prefix: length
+# Reject inbound routes when 'from 2001:db8:1:1::222 prefix ::/0 prefixlen 17 >< 48' - reject code: 13
+allow quick from 2001:db8:1:1::222 prefix ::/0 prefixlen 17 >< 48 set {
+	localpref 1
+	community 65520:0
+	community 65520:13
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# Graceful shutdown
+match from 2001:db8:1:1::222 community GRACEFUL_SHUTDOWN set localpref 5
+
+# Remove internal communities before accepting the route
+match from 2001:db8:1:1::222 set {
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+match from 2001:db8:1:1::222 set ext-community delete rt 65520:222
+
+
+
+allow quick from 2001:db8:1:1::222
+
+
+
+# ---------------------------------------------
+# client AS222_2, outbound
+
+deny quick to 2001:db8:1:1::222 community 65520:0
+
+
+
+# Blackhole request?
+# Configured policy: rewrite-next-hop
+match to 2001:db8:1:1::222 community 65534:0 set community BLACKHOLE
+match to 2001:db8:1:1::222 large-community 65534:0:0 set community BLACKHOLE
+
+match to 2001:db8:1:1::222 community BLACKHOLE set community NO_EXPORT
+match to 2001:db8:1:1::222 community BLACKHOLE set nexthop 2001:db8:1:1::66
+
+
+# RPKI-based Origin Validation
+# Do not announce INVALID to clients
+deny quick to 2001:db8:1:1::222 ext-community $INTCOMM_RPKI_INVALID
+
+# NO_EXPORT and NO_ADVERTISE communities
+# add_noexport_to_any
+match to 2001:db8:1:1::222 community 65507:999 set community NO_EXPORT
+match to 2001:db8:1:1::222 ext-community rt 65507:999 set community NO_EXPORT
+match to 2001:db8:1:1::222 large-community 999:65507:999 set community NO_EXPORT
+
+# add_noadvertise_to_any
+match to 2001:db8:1:1::222 community 65508:999 set community NO_ADVERTISE
+match to 2001:db8:1:1::222 ext-community rt 65508:999 set community NO_ADVERTISE
+match to 2001:db8:1:1::222 large-community 999:65508:999 set community NO_ADVERTISE
+
+# add_noexport_to_peer
+match to 2001:db8:1:1::222 community 65509:222 set community NO_EXPORT
+match to 2001:db8:1:1::222 ext-community rt 65509:222 set community NO_EXPORT
+match to 2001:db8:1:1::222 large-community 999:65509:222 set community NO_EXPORT
+
+# add_noadvertise_to_peer
+match to 2001:db8:1:1::222 community 65510:222 set community NO_ADVERTISE
+match to 2001:db8:1:1::222 ext-community rt 65510:222 set community NO_ADVERTISE
+match to 2001:db8:1:1::222 large-community 999:65510:222 set community NO_ADVERTISE
+
+
+# BGP control communities
+allow to 2001:db8:1:1::222
+
+# do_not_announce_to_any
+deny to 2001:db8:1:1::222 community 0:999
+deny to 2001:db8:1:1::222 ext-community rt 0:999
+deny to 2001:db8:1:1::222 large-community 999:0:999
+
+# do_not_announce_to_peer
+deny quick to 2001:db8:1:1::222 community 0:222
+deny quick to 2001:db8:1:1::222 ext-community rt 0:222
+deny quick to 2001:db8:1:1::222 large-community 999:0:222
+
+# announce_to_peer
+allow to 2001:db8:1:1::222 community 65501:222
+allow to 2001:db8:1:1::222 ext-community rt 65501:222
+allow to 2001:db8:1:1::222 large-community 999:65501:222
+
+
+# Add the $INTCOMM_PROCESS_PREPEND_COMMS ext community to signal that communities
+# for prepending can be processed. As soon as one prepending action is performed,
+# this internal community is removed, so that further actions are not processed.
+match to 2001:db8:1:1::222 set ext-community $INTCOMM_PROCESS_PREPEND_COMMS
+
+# prepend_once_to_peer AS222; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::222 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 65521:222 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::222 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 65521:222 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::222 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:65521:222 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+# prepend_twice_to_peer AS222; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::222 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 65522:222 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::222 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 65522:222 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::222 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:65522:222 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+# prepend_thrice_to_peer AS222; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::222 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 65523:222 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::222 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 65523:222 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::222 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:65523:222 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+
+# prepend_once_to_any; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::222 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 65521:65521 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::222 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 65521:65521 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::222 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:65521:65521 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+# prepend_twice_to_any; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::222 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 65522:65522 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::222 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 65522:65522 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::222 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:65522:65522 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+# prepend_thrice_to_any; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::222 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 65523:65523 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::222 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 65523:65523 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::222 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:65523:65523 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+
+# ---------------------------------------------
+# client AS2_1, inbound
+
+
+
+# NEXT_HOP
+match from 192.0.2.21 set community NO_ADVERTISE
+match from 192.0.2.21 nexthop 192.0.2.21 set community delete NO_ADVERTISE
+match from 192.0.2.21 nexthop 192.0.2.22 set community delete NO_ADVERTISE
+# Reject inbound routes when 'from 192.0.2.21 community NO_ADVERTISE' - reject code: 5
+allow quick from 192.0.2.21 community NO_ADVERTISE set {
+	localpref 1
+	community 65520:0
+	community 65520:5
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: left-most ASN
+# Reject inbound routes when 'from 192.0.2.21 peer-as != 2' - reject code: 6
+# community from reject_cause_map
+allow quick from 192.0.2.21 peer-as != 2 set {
+	localpref 1
+	community 65520:0
+	community 65520:6
+	large-community 999:1101:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: invalid ASNs
+# Reject inbound routes when 'from 192.0.2.21 AS 23456' - reject code: 7
+allow quick from 192.0.2.21 AS 23456 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 192.0.2.21 AS 64496 - 131071' - reject code: 7
+allow quick from 192.0.2.21 AS 64496 - 131071 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 192.0.2.21 AS 4200000000 - 4294967295' - reject code: 7
+allow quick from 192.0.2.21 AS 4200000000 - 4294967295 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: transit-free ASNs
+# Reject inbound routes when 'from 192.0.2.21 AS { 3, 174 }' - reject code: 8
+allow quick from 192.0.2.21 AS { 3, 174 } set {
+	localpref 1
+	community 65520:0
+	community 65520:8
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: never via route-servers ASNs
+# Reject inbound routes when 'from 192.0.2.21 AS as-set neverviarouteserver' - reject code: 15
+allow quick from 192.0.2.21 AS as-set neverviarouteserver set {
+	localpref 1
+	community 65520:0
+	community 65520:15
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+match from 192.0.2.21 set ext-community $INTCOMM_IRR_REJECT
+
+# AS_PATH: check origin via AS-SET
+# IRRDB filters for AS2_1, AS2: asns
+# add $INTCOMM_ORIGIN_KO to any; it will be removed later if at least one AS-SET authorizes this object
+match from 192.0.2.21 set ext-community $INTCOMM_ORIGIN_KO
+# verifying if object is authorized by AS-SETs
+# AS-SET AS2 referenced but empty.
+match from 192.0.2.21 source-as as-set AS_SET_AS_AS2_AS_AS2_CUSTOMERS_asns set {
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community $INTCOMM_ORIGIN_OK
+} # AS_AS2_AS_AS2_CUSTOMERS
+
+
+# Prefix: check prefix via AS-SET
+# IRRDB filters for AS2_1, AS2: prefixes
+# add $INTCOMM_PREFIX_KO to any; it will be removed later if at least one AS-SET authorizes this object
+match from 192.0.2.21 set ext-community $INTCOMM_PREFIX_KO
+# verifying if object is authorized by AS-SETs
+# AS-SET AS2 referenced but empty.
+match from 192.0.2.21 prefix-set AS_SET_AS_AS2_AS_AS2_CUSTOMERS_prefixes set {
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community $INTCOMM_PREFIX_OK
+} # AS_AS2_AS_AS2_CUSTOMERS
+
+
+# routes tagged with $INTCOMM_PREF_OK_ROA community have the prefix validated by a ROA; origin ASN previously validated ($INTCOMM_ORIGIN_OK)
+match from 192.0.2.21 ext-community $INTCOMM_ORIGIN_OK ext-community $INTCOMM_PREF_OK_ROA set ext-community delete $INTCOMM_IRR_REJECT
+
+
+
+
+# enforcing: origin ASN
+# Reject inbound routes when 'from 192.0.2.21 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_ORIGIN_KO' - reject code: 9
+allow quick from 192.0.2.21 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_ORIGIN_KO set {
+	localpref 1
+	community 65520:0
+	community 65520:9
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# enforcing: prefix
+# Reject inbound routes when 'from 192.0.2.21 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_PREFIX_KO' - reject code: 12
+allow quick from 192.0.2.21 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_PREFIX_KO set {
+	localpref 1
+	community 65520:0
+	community 65520:12
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# Blackhole request?
+match from 192.0.2.21 set ext-community delete rt 65520:2
+
+
+# Remove internal communities before accepting the route
+match from 192.0.2.21 community BLACKHOLE set {
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+allow from 192.0.2.21 community 65534:0 set {
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+allow from 192.0.2.21 large-community 65534:0:0 set {
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# Add the rpki_bgp_origin_validation_not_performed community
+match from 192.0.2.21 community BLACKHOLE set community 65530:4
+match from 192.0.2.21 community BLACKHOLE set large-community 999:65530:4
+
+match from 192.0.2.21 community 65534:0 set { community 65530:4 large-community 999:65530:4}
+match from 192.0.2.21 large-community 65534:0:0 set { community 65530:4 large-community 999:65530:4}
+
+
+allow quick from 192.0.2.21 community BLACKHOLE
+allow quick from 192.0.2.21 community 65534:0
+allow quick from 192.0.2.21 large-community 65534:0:0
+
+
+match from 192.0.2.21 set ext-community rt 65520:2
+
+
+# RPKI-based Origin Validation
+# Reject inbound routes when 'from 192.0.2.21 ext-community $INTCOMM_RPKI_INVALID' - reject code: 14
+allow quick from 192.0.2.21 ext-community $INTCOMM_RPKI_INVALID set {
+	localpref 1
+	community 65520:0
+	community 65520:14
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# Prefix: length
+# Reject inbound routes when 'from 192.0.2.21 prefix 0.0.0.0/0 prefixlen 8 >< 24' - reject code: 13
+allow quick from 192.0.2.21 prefix 0.0.0.0/0 prefixlen 8 >< 24 set {
+	localpref 1
+	community 65520:0
+	community 65520:13
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# Graceful shutdown
+match from 192.0.2.21 community GRACEFUL_SHUTDOWN set community delete GRACEFUL_SHUTDOWN
+
+# Remove internal communities before accepting the route
+match from 192.0.2.21 set {
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+match from 192.0.2.21 set ext-community delete rt 65520:2
+
+
+
+allow quick from 192.0.2.21
+
+
+
+# ---------------------------------------------
+# client AS2_1, outbound
+
+deny quick to 192.0.2.21 community 65520:0
+
+
+
+# Blackhole request?
+# Configured policy: rewrite-next-hop
+match to 192.0.2.21 community 65534:0 set community BLACKHOLE
+match to 192.0.2.21 large-community 65534:0:0 set community BLACKHOLE
+
+match to 192.0.2.21 community BLACKHOLE set community NO_EXPORT
+match to 192.0.2.21 community BLACKHOLE set nexthop 192.0.2.66
+
+
+# RPKI-based Origin Validation
+# Do not announce INVALID to clients
+deny quick to 192.0.2.21 ext-community $INTCOMM_RPKI_INVALID
+
+# NO_EXPORT and NO_ADVERTISE communities
+# add_noexport_to_any
+match to 192.0.2.21 community 65507:999 set community NO_EXPORT
+match to 192.0.2.21 ext-community rt 65507:999 set community NO_EXPORT
+match to 192.0.2.21 large-community 999:65507:999 set community NO_EXPORT
+
+# add_noadvertise_to_any
+match to 192.0.2.21 community 65508:999 set community NO_ADVERTISE
+match to 192.0.2.21 ext-community rt 65508:999 set community NO_ADVERTISE
+match to 192.0.2.21 large-community 999:65508:999 set community NO_ADVERTISE
+
+# add_noexport_to_peer
+match to 192.0.2.21 community 65509:2 set community NO_EXPORT
+match to 192.0.2.21 ext-community rt 65509:2 set community NO_EXPORT
+match to 192.0.2.21 large-community 999:65509:2 set community NO_EXPORT
+
+# add_noadvertise_to_peer
+match to 192.0.2.21 community 65510:2 set community NO_ADVERTISE
+match to 192.0.2.21 ext-community rt 65510:2 set community NO_ADVERTISE
+match to 192.0.2.21 large-community 999:65510:2 set community NO_ADVERTISE
+
+
+# BGP control communities
+allow to 192.0.2.21
+
+# do_not_announce_to_any
+deny to 192.0.2.21 community 0:999
+deny to 192.0.2.21 ext-community rt 0:999
+deny to 192.0.2.21 large-community 999:0:999
+
+# do_not_announce_to_peer
+deny quick to 192.0.2.21 community 0:2
+deny quick to 192.0.2.21 ext-community rt 0:2
+deny quick to 192.0.2.21 large-community 999:0:2
+
+# announce_to_peer
+allow to 192.0.2.21 community 65501:2
+allow to 192.0.2.21 ext-community rt 65501:2
+allow to 192.0.2.21 large-community 999:65501:2
+
+
+# Add the $INTCOMM_PROCESS_PREPEND_COMMS ext community to signal that communities
+# for prepending can be processed. As soon as one prepending action is performed,
+# this internal community is removed, so that further actions are not processed.
+match to 192.0.2.21 set ext-community $INTCOMM_PROCESS_PREPEND_COMMS
+
+# prepend_once_to_peer AS2; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 65521:2 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 65521:2 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:65521:2 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+# prepend_twice_to_peer AS2; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 65522:2 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 65522:2 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:65522:2 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+# prepend_thrice_to_peer AS2; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 65523:2 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 65523:2 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:65523:2 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+
+# prepend_once_to_any; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 65521:65521 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 65521:65521 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:65521:65521 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+# prepend_twice_to_any; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 65522:65522 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 65522:65522 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:65522:65522 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+# prepend_thrice_to_any; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 65523:65523 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 65523:65523 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:65523:65523 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+
+# ---------------------------------------------
+# client AS2_2, inbound
+
+
+
+# NEXT_HOP
+match from 2001:db8:1:1::21 set community NO_ADVERTISE
+match from 2001:db8:1:1::21 nexthop 2001:db8:1:1::21 set community delete NO_ADVERTISE
+match from 2001:db8:1:1::21 nexthop 2001:db8:1:1::22 set community delete NO_ADVERTISE
+# Reject inbound routes when 'from 2001:db8:1:1::21 community NO_ADVERTISE' - reject code: 5
+allow quick from 2001:db8:1:1::21 community NO_ADVERTISE set {
+	localpref 1
+	community 65520:0
+	community 65520:5
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: left-most ASN
+# Reject inbound routes when 'from 2001:db8:1:1::21 peer-as != 2' - reject code: 6
+# community from reject_cause_map
+allow quick from 2001:db8:1:1::21 peer-as != 2 set {
+	localpref 1
+	community 65520:0
+	community 65520:6
+	large-community 999:1101:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: invalid ASNs
+# Reject inbound routes when 'from 2001:db8:1:1::21 AS 23456' - reject code: 7
+allow quick from 2001:db8:1:1::21 AS 23456 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 2001:db8:1:1::21 AS 64496 - 131071' - reject code: 7
+allow quick from 2001:db8:1:1::21 AS 64496 - 131071 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 2001:db8:1:1::21 AS 4200000000 - 4294967295' - reject code: 7
+allow quick from 2001:db8:1:1::21 AS 4200000000 - 4294967295 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: transit-free ASNs
+# Reject inbound routes when 'from 2001:db8:1:1::21 AS { 3, 174 }' - reject code: 8
+allow quick from 2001:db8:1:1::21 AS { 3, 174 } set {
+	localpref 1
+	community 65520:0
+	community 65520:8
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: never via route-servers ASNs
+# Reject inbound routes when 'from 2001:db8:1:1::21 AS as-set neverviarouteserver' - reject code: 15
+allow quick from 2001:db8:1:1::21 AS as-set neverviarouteserver set {
+	localpref 1
+	community 65520:0
+	community 65520:15
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+match from 2001:db8:1:1::21 set ext-community $INTCOMM_IRR_REJECT
+
+# AS_PATH: check origin via AS-SET
+# IRRDB filters for AS2_2, AS2: asns
+# add $INTCOMM_ORIGIN_KO to any; it will be removed later if at least one AS-SET authorizes this object
+match from 2001:db8:1:1::21 set ext-community $INTCOMM_ORIGIN_KO
+# verifying if object is authorized by AS-SETs
+# AS-SET AS2 referenced but empty.
+match from 2001:db8:1:1::21 source-as as-set AS_SET_AS_AS2_AS_AS2_CUSTOMERS_asns set {
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community $INTCOMM_ORIGIN_OK
+} # AS_AS2_AS_AS2_CUSTOMERS
+
+
+# Prefix: check prefix via AS-SET
+# IRRDB filters for AS2_2, AS2: prefixes
+# add $INTCOMM_PREFIX_KO to any; it will be removed later if at least one AS-SET authorizes this object
+match from 2001:db8:1:1::21 set ext-community $INTCOMM_PREFIX_KO
+# verifying if object is authorized by AS-SETs
+# AS-SET AS2 referenced but empty.
+match from 2001:db8:1:1::21 prefix-set AS_SET_AS_AS2_AS_AS2_CUSTOMERS_prefixes set {
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community $INTCOMM_PREFIX_OK
+} # AS_AS2_AS_AS2_CUSTOMERS
+
+
+# routes tagged with $INTCOMM_PREF_OK_ROA community have the prefix validated by a ROA; origin ASN previously validated ($INTCOMM_ORIGIN_OK)
+match from 2001:db8:1:1::21 ext-community $INTCOMM_ORIGIN_OK ext-community $INTCOMM_PREF_OK_ROA set ext-community delete $INTCOMM_IRR_REJECT
+
+
+
+
+# enforcing: origin ASN
+# Reject inbound routes when 'from 2001:db8:1:1::21 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_ORIGIN_KO' - reject code: 9
+allow quick from 2001:db8:1:1::21 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_ORIGIN_KO set {
+	localpref 1
+	community 65520:0
+	community 65520:9
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# enforcing: prefix
+# Reject inbound routes when 'from 2001:db8:1:1::21 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_PREFIX_KO' - reject code: 12
+allow quick from 2001:db8:1:1::21 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_PREFIX_KO set {
+	localpref 1
+	community 65520:0
+	community 65520:12
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# Blackhole request?
+match from 2001:db8:1:1::21 set ext-community delete rt 65520:2
+
+
+# Remove internal communities before accepting the route
+match from 2001:db8:1:1::21 community BLACKHOLE set {
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+allow from 2001:db8:1:1::21 community 65534:0 set {
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+allow from 2001:db8:1:1::21 large-community 65534:0:0 set {
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# Add the rpki_bgp_origin_validation_not_performed community
+match from 2001:db8:1:1::21 community BLACKHOLE set community 65530:4
+match from 2001:db8:1:1::21 community BLACKHOLE set large-community 999:65530:4
+
+match from 2001:db8:1:1::21 community 65534:0 set { community 65530:4 large-community 999:65530:4}
+match from 2001:db8:1:1::21 large-community 65534:0:0 set { community 65530:4 large-community 999:65530:4}
+
+
+allow quick from 2001:db8:1:1::21 community BLACKHOLE
+allow quick from 2001:db8:1:1::21 community 65534:0
+allow quick from 2001:db8:1:1::21 large-community 65534:0:0
+
+
+match from 2001:db8:1:1::21 set ext-community rt 65520:2
+
+
+# RPKI-based Origin Validation
+# Reject inbound routes when 'from 2001:db8:1:1::21 ext-community $INTCOMM_RPKI_INVALID' - reject code: 14
+allow quick from 2001:db8:1:1::21 ext-community $INTCOMM_RPKI_INVALID set {
+	localpref 1
+	community 65520:0
+	community 65520:14
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# Prefix: length
+# Reject inbound routes when 'from 2001:db8:1:1::21 prefix ::/0 prefixlen 17 >< 48' - reject code: 13
+allow quick from 2001:db8:1:1::21 prefix ::/0 prefixlen 17 >< 48 set {
+	localpref 1
+	community 65520:0
+	community 65520:13
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# Graceful shutdown
+match from 2001:db8:1:1::21 community GRACEFUL_SHUTDOWN set community delete GRACEFUL_SHUTDOWN
+
+# Remove internal communities before accepting the route
+match from 2001:db8:1:1::21 set {
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+match from 2001:db8:1:1::21 set ext-community delete rt 65520:2
+
+
+
+allow quick from 2001:db8:1:1::21
+
+
+
+# ---------------------------------------------
+# client AS2_2, outbound
+
+deny quick to 2001:db8:1:1::21 community 65520:0
+
+
+
+# Blackhole request?
+# Configured policy: rewrite-next-hop
+match to 2001:db8:1:1::21 community 65534:0 set community BLACKHOLE
+match to 2001:db8:1:1::21 large-community 65534:0:0 set community BLACKHOLE
+
+match to 2001:db8:1:1::21 community BLACKHOLE set community NO_EXPORT
+match to 2001:db8:1:1::21 community BLACKHOLE set nexthop 2001:db8:1:1::66
+
+
+# RPKI-based Origin Validation
+# Do not announce INVALID to clients
+deny quick to 2001:db8:1:1::21 ext-community $INTCOMM_RPKI_INVALID
+
+# NO_EXPORT and NO_ADVERTISE communities
+# add_noexport_to_any
+match to 2001:db8:1:1::21 community 65507:999 set community NO_EXPORT
+match to 2001:db8:1:1::21 ext-community rt 65507:999 set community NO_EXPORT
+match to 2001:db8:1:1::21 large-community 999:65507:999 set community NO_EXPORT
+
+# add_noadvertise_to_any
+match to 2001:db8:1:1::21 community 65508:999 set community NO_ADVERTISE
+match to 2001:db8:1:1::21 ext-community rt 65508:999 set community NO_ADVERTISE
+match to 2001:db8:1:1::21 large-community 999:65508:999 set community NO_ADVERTISE
+
+# add_noexport_to_peer
+match to 2001:db8:1:1::21 community 65509:2 set community NO_EXPORT
+match to 2001:db8:1:1::21 ext-community rt 65509:2 set community NO_EXPORT
+match to 2001:db8:1:1::21 large-community 999:65509:2 set community NO_EXPORT
+
+# add_noadvertise_to_peer
+match to 2001:db8:1:1::21 community 65510:2 set community NO_ADVERTISE
+match to 2001:db8:1:1::21 ext-community rt 65510:2 set community NO_ADVERTISE
+match to 2001:db8:1:1::21 large-community 999:65510:2 set community NO_ADVERTISE
+
+
+# BGP control communities
+allow to 2001:db8:1:1::21
+
+# do_not_announce_to_any
+deny to 2001:db8:1:1::21 community 0:999
+deny to 2001:db8:1:1::21 ext-community rt 0:999
+deny to 2001:db8:1:1::21 large-community 999:0:999
+
+# do_not_announce_to_peer
+deny quick to 2001:db8:1:1::21 community 0:2
+deny quick to 2001:db8:1:1::21 ext-community rt 0:2
+deny quick to 2001:db8:1:1::21 large-community 999:0:2
+
+# announce_to_peer
+allow to 2001:db8:1:1::21 community 65501:2
+allow to 2001:db8:1:1::21 ext-community rt 65501:2
+allow to 2001:db8:1:1::21 large-community 999:65501:2
+
+
+# Add the $INTCOMM_PROCESS_PREPEND_COMMS ext community to signal that communities
+# for prepending can be processed. As soon as one prepending action is performed,
+# this internal community is removed, so that further actions are not processed.
+match to 2001:db8:1:1::21 set ext-community $INTCOMM_PROCESS_PREPEND_COMMS
+
+# prepend_once_to_peer AS2; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 65521:2 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 65521:2 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:65521:2 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+# prepend_twice_to_peer AS2; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 65522:2 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 65522:2 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:65522:2 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+# prepend_thrice_to_peer AS2; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 65523:2 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 65523:2 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:65523:2 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+
+# prepend_once_to_any; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 65521:65521 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 65521:65521 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:65521:65521 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+# prepend_twice_to_any; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 65522:65522 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 65522:65522 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:65522:65522 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+# prepend_thrice_to_any; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 65523:65523 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 65523:65523 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:65523:65523 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+
+# ---------------------------------------------
+# client AS3_1, inbound
+
+
+
+# NEXT_HOP
+match from 192.0.2.31 set community NO_ADVERTISE
+match from 192.0.2.31 nexthop 192.0.2.31 set community delete NO_ADVERTISE
+# Reject inbound routes when 'from 192.0.2.31 community NO_ADVERTISE' - reject code: 5
+allow quick from 192.0.2.31 community NO_ADVERTISE set {
+	localpref 1
+	community 65520:0
+	community 65520:5
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: left-most ASN
+# Reject inbound routes when 'from 192.0.2.31 peer-as != 3' - reject code: 6
+# community from reject_cause_map
+allow quick from 192.0.2.31 peer-as != 3 set {
+	localpref 1
+	community 65520:0
+	community 65520:6
+	large-community 999:1101:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: invalid ASNs
+# Reject inbound routes when 'from 192.0.2.31 AS 23456' - reject code: 7
+allow quick from 192.0.2.31 AS 23456 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 192.0.2.31 AS 64496 - 131071' - reject code: 7
+allow quick from 192.0.2.31 AS 64496 - 131071 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 192.0.2.31 AS 4200000000 - 4294967295' - reject code: 7
+allow quick from 192.0.2.31 AS 4200000000 - 4294967295 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: transit-free ASNs
+# Reject inbound routes when 'from 192.0.2.31 AS { 174 }' - reject code: 8
+allow quick from 192.0.2.31 AS { 174 } set {
+	localpref 1
+	community 65520:0
+	community 65520:8
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: never via route-servers ASNs
+# Reject inbound routes when 'from 192.0.2.31 AS as-set neverviarouteserver' - reject code: 15
+allow quick from 192.0.2.31 AS as-set neverviarouteserver set {
+	localpref 1
+	community 65520:0
+	community 65520:15
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+
+
+# Prefix: client's blacklist
+prefix-set "client_AS3_1_black_list_pref_ipv4" {
+    3.0.1.0/24 prefixlen 24 - 32
+
+}
+# Reject inbound routes when 'from 192.0.2.31 prefix-set client_AS3_1_black_list_pref_ipv4' - reject code: 11
+allow quick from 192.0.2.31 prefix-set client_AS3_1_black_list_pref_ipv4 set {
+	localpref 1
+	community 65520:0
+	community 65520:11
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+
+# Blackhole request?
+match from 192.0.2.31 set ext-community delete rt 65520:3
+
+
+# Remove internal communities before accepting the route
+match from 192.0.2.31 community BLACKHOLE set {
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+allow from 192.0.2.31 community 65534:0 set {
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+allow from 192.0.2.31 large-community 65534:0:0 set {
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# Add the rpki_bgp_origin_validation_not_performed community
+match from 192.0.2.31 community BLACKHOLE set community 65530:4
+match from 192.0.2.31 community BLACKHOLE set large-community 999:65530:4
+
+match from 192.0.2.31 community 65534:0 set { community 65530:4 large-community 999:65530:4}
+match from 192.0.2.31 large-community 65534:0:0 set { community 65530:4 large-community 999:65530:4}
+
+
+allow quick from 192.0.2.31 community BLACKHOLE
+allow quick from 192.0.2.31 community 65534:0
+allow quick from 192.0.2.31 large-community 65534:0:0
+
+
+match from 192.0.2.31 set ext-community rt 65520:3
+
+
+# RPKI-based Origin Validation
+# Reject inbound routes when 'from 192.0.2.31 ext-community $INTCOMM_RPKI_INVALID' - reject code: 14
+allow quick from 192.0.2.31 ext-community $INTCOMM_RPKI_INVALID set {
+	localpref 1
+	community 65520:0
+	community 65520:14
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# Prefix: length
+# Reject inbound routes when 'from 192.0.2.31 prefix 0.0.0.0/0 prefixlen 8 >< 24' - reject code: 13
+allow quick from 192.0.2.31 prefix 0.0.0.0/0 prefixlen 8 >< 24 set {
+	localpref 1
+	community 65520:0
+	community 65520:13
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# Graceful shutdown
+match from 192.0.2.31 community GRACEFUL_SHUTDOWN set localpref 5
+
+# Remove internal communities before accepting the route
+match from 192.0.2.31 set {
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+match from 192.0.2.31 set ext-community delete rt 65520:3
+
+
+
+allow quick from 192.0.2.31
+
+
+
+# ---------------------------------------------
+# client AS3_1, outbound
+
+deny quick to 192.0.2.31 community 65520:0
+
+
+
+# Blackhole request?
+# Configured policy: rewrite-next-hop
+match to 192.0.2.31 community 65534:0 set community BLACKHOLE
+match to 192.0.2.31 large-community 65534:0:0 set community BLACKHOLE
+
+match to 192.0.2.31 community BLACKHOLE set community NO_EXPORT
+match to 192.0.2.31 community BLACKHOLE set nexthop 192.0.2.66
+
+
+# RPKI-based Origin Validation
+# Do not announce INVALID to clients
+deny quick to 192.0.2.31 ext-community $INTCOMM_RPKI_INVALID
+
+# NO_EXPORT and NO_ADVERTISE communities
+# add_noexport_to_any
+match to 192.0.2.31 community 65507:999 set community NO_EXPORT
+match to 192.0.2.31 ext-community rt 65507:999 set community NO_EXPORT
+match to 192.0.2.31 large-community 999:65507:999 set community NO_EXPORT
+
+# add_noadvertise_to_any
+match to 192.0.2.31 community 65508:999 set community NO_ADVERTISE
+match to 192.0.2.31 ext-community rt 65508:999 set community NO_ADVERTISE
+match to 192.0.2.31 large-community 999:65508:999 set community NO_ADVERTISE
+
+# add_noexport_to_peer
+match to 192.0.2.31 community 65509:3 set community NO_EXPORT
+match to 192.0.2.31 ext-community rt 65509:3 set community NO_EXPORT
+match to 192.0.2.31 large-community 999:65509:3 set community NO_EXPORT
+
+# add_noadvertise_to_peer
+match to 192.0.2.31 community 65510:3 set community NO_ADVERTISE
+match to 192.0.2.31 ext-community rt 65510:3 set community NO_ADVERTISE
+match to 192.0.2.31 large-community 999:65510:3 set community NO_ADVERTISE
+
+
+# BGP control communities
+allow to 192.0.2.31
+
+# do_not_announce_to_any
+deny to 192.0.2.31 community 0:999
+deny to 192.0.2.31 ext-community rt 0:999
+deny to 192.0.2.31 large-community 999:0:999
+
+# do_not_announce_to_peer
+deny quick to 192.0.2.31 community 0:3
+deny quick to 192.0.2.31 ext-community rt 0:3
+deny quick to 192.0.2.31 large-community 999:0:3
+
+# announce_to_peer
+allow to 192.0.2.31 community 65501:3
+allow to 192.0.2.31 ext-community rt 65501:3
+allow to 192.0.2.31 large-community 999:65501:3
+
+
+# Add the $INTCOMM_PROCESS_PREPEND_COMMS ext community to signal that communities
+# for prepending can be processed. As soon as one prepending action is performed,
+# this internal community is removed, so that further actions are not processed.
+match to 192.0.2.31 set ext-community $INTCOMM_PROCESS_PREPEND_COMMS
+
+# prepend_once_to_peer AS3; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 65521:3 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 65521:3 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:65521:3 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+# prepend_twice_to_peer AS3; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 65522:3 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 65522:3 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:65522:3 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+# prepend_thrice_to_peer AS3; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 65523:3 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 65523:3 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:65523:3 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+
+# prepend_once_to_any; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 65521:65521 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 65521:65521 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:65521:65521 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+# prepend_twice_to_any; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 65522:65522 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 65522:65522 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:65522:65522 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+# prepend_thrice_to_any; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 65523:65523 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 65523:65523 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:65523:65523 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+
+# ---------------------------------------------
+# client AS3_2, inbound
+
+
+
+# NEXT_HOP
+match from 2001:db8:1:1::31 set community NO_ADVERTISE
+match from 2001:db8:1:1::31 nexthop 2001:db8:1:1::31 set community delete NO_ADVERTISE
+# Reject inbound routes when 'from 2001:db8:1:1::31 community NO_ADVERTISE' - reject code: 5
+allow quick from 2001:db8:1:1::31 community NO_ADVERTISE set {
+	localpref 1
+	community 65520:0
+	community 65520:5
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: left-most ASN
+# Reject inbound routes when 'from 2001:db8:1:1::31 peer-as != 3' - reject code: 6
+# community from reject_cause_map
+allow quick from 2001:db8:1:1::31 peer-as != 3 set {
+	localpref 1
+	community 65520:0
+	community 65520:6
+	large-community 999:1101:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: invalid ASNs
+# Reject inbound routes when 'from 2001:db8:1:1::31 AS 23456' - reject code: 7
+allow quick from 2001:db8:1:1::31 AS 23456 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 2001:db8:1:1::31 AS 64496 - 131071' - reject code: 7
+allow quick from 2001:db8:1:1::31 AS 64496 - 131071 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 2001:db8:1:1::31 AS 4200000000 - 4294967295' - reject code: 7
+allow quick from 2001:db8:1:1::31 AS 4200000000 - 4294967295 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: transit-free ASNs
+# Reject inbound routes when 'from 2001:db8:1:1::31 AS { 174 }' - reject code: 8
+allow quick from 2001:db8:1:1::31 AS { 174 } set {
+	localpref 1
+	community 65520:0
+	community 65520:8
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: never via route-servers ASNs
+# Reject inbound routes when 'from 2001:db8:1:1::31 AS as-set neverviarouteserver' - reject code: 15
+allow quick from 2001:db8:1:1::31 AS as-set neverviarouteserver set {
+	localpref 1
+	community 65520:0
+	community 65520:15
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+
+
+# Prefix: client's blacklist
+prefix-set "client_AS3_2_black_list_pref_ipv6" {
+    2a03:0:1::/48 prefixlen 48 - 128
+
+}
+# Reject inbound routes when 'from 2001:db8:1:1::31 prefix-set client_AS3_2_black_list_pref_ipv6' - reject code: 11
+allow quick from 2001:db8:1:1::31 prefix-set client_AS3_2_black_list_pref_ipv6 set {
+	localpref 1
+	community 65520:0
+	community 65520:11
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+
+# Blackhole request?
+match from 2001:db8:1:1::31 set ext-community delete rt 65520:3
+
+
+# Remove internal communities before accepting the route
+match from 2001:db8:1:1::31 community BLACKHOLE set {
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+allow from 2001:db8:1:1::31 community 65534:0 set {
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+allow from 2001:db8:1:1::31 large-community 65534:0:0 set {
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# Add the rpki_bgp_origin_validation_not_performed community
+match from 2001:db8:1:1::31 community BLACKHOLE set community 65530:4
+match from 2001:db8:1:1::31 community BLACKHOLE set large-community 999:65530:4
+
+match from 2001:db8:1:1::31 community 65534:0 set { community 65530:4 large-community 999:65530:4}
+match from 2001:db8:1:1::31 large-community 65534:0:0 set { community 65530:4 large-community 999:65530:4}
+
+
+allow quick from 2001:db8:1:1::31 community BLACKHOLE
+allow quick from 2001:db8:1:1::31 community 65534:0
+allow quick from 2001:db8:1:1::31 large-community 65534:0:0
+
+
+match from 2001:db8:1:1::31 set ext-community rt 65520:3
+
+
+# RPKI-based Origin Validation
+# Reject inbound routes when 'from 2001:db8:1:1::31 ext-community $INTCOMM_RPKI_INVALID' - reject code: 14
+allow quick from 2001:db8:1:1::31 ext-community $INTCOMM_RPKI_INVALID set {
+	localpref 1
+	community 65520:0
+	community 65520:14
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# Prefix: length
+# Reject inbound routes when 'from 2001:db8:1:1::31 prefix ::/0 prefixlen 17 >< 48' - reject code: 13
+allow quick from 2001:db8:1:1::31 prefix ::/0 prefixlen 17 >< 48 set {
+	localpref 1
+	community 65520:0
+	community 65520:13
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# Graceful shutdown
+match from 2001:db8:1:1::31 community GRACEFUL_SHUTDOWN set localpref 5
+
+# Remove internal communities before accepting the route
+match from 2001:db8:1:1::31 set {
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+match from 2001:db8:1:1::31 set ext-community delete rt 65520:3
+
+
+
+allow quick from 2001:db8:1:1::31
+
+
+
+# ---------------------------------------------
+# client AS3_2, outbound
+
+deny quick to 2001:db8:1:1::31 community 65520:0
+
+
+
+# Blackhole request?
+# Configured policy: rewrite-next-hop
+match to 2001:db8:1:1::31 community 65534:0 set community BLACKHOLE
+match to 2001:db8:1:1::31 large-community 65534:0:0 set community BLACKHOLE
+
+match to 2001:db8:1:1::31 community BLACKHOLE set community NO_EXPORT
+match to 2001:db8:1:1::31 community BLACKHOLE set nexthop 2001:db8:1:1::66
+
+
+# RPKI-based Origin Validation
+# Do not announce INVALID to clients
+deny quick to 2001:db8:1:1::31 ext-community $INTCOMM_RPKI_INVALID
+
+# NO_EXPORT and NO_ADVERTISE communities
+# add_noexport_to_any
+match to 2001:db8:1:1::31 community 65507:999 set community NO_EXPORT
+match to 2001:db8:1:1::31 ext-community rt 65507:999 set community NO_EXPORT
+match to 2001:db8:1:1::31 large-community 999:65507:999 set community NO_EXPORT
+
+# add_noadvertise_to_any
+match to 2001:db8:1:1::31 community 65508:999 set community NO_ADVERTISE
+match to 2001:db8:1:1::31 ext-community rt 65508:999 set community NO_ADVERTISE
+match to 2001:db8:1:1::31 large-community 999:65508:999 set community NO_ADVERTISE
+
+# add_noexport_to_peer
+match to 2001:db8:1:1::31 community 65509:3 set community NO_EXPORT
+match to 2001:db8:1:1::31 ext-community rt 65509:3 set community NO_EXPORT
+match to 2001:db8:1:1::31 large-community 999:65509:3 set community NO_EXPORT
+
+# add_noadvertise_to_peer
+match to 2001:db8:1:1::31 community 65510:3 set community NO_ADVERTISE
+match to 2001:db8:1:1::31 ext-community rt 65510:3 set community NO_ADVERTISE
+match to 2001:db8:1:1::31 large-community 999:65510:3 set community NO_ADVERTISE
+
+
+# BGP control communities
+allow to 2001:db8:1:1::31
+
+# do_not_announce_to_any
+deny to 2001:db8:1:1::31 community 0:999
+deny to 2001:db8:1:1::31 ext-community rt 0:999
+deny to 2001:db8:1:1::31 large-community 999:0:999
+
+# do_not_announce_to_peer
+deny quick to 2001:db8:1:1::31 community 0:3
+deny quick to 2001:db8:1:1::31 ext-community rt 0:3
+deny quick to 2001:db8:1:1::31 large-community 999:0:3
+
+# announce_to_peer
+allow to 2001:db8:1:1::31 community 65501:3
+allow to 2001:db8:1:1::31 ext-community rt 65501:3
+allow to 2001:db8:1:1::31 large-community 999:65501:3
+
+
+# Add the $INTCOMM_PROCESS_PREPEND_COMMS ext community to signal that communities
+# for prepending can be processed. As soon as one prepending action is performed,
+# this internal community is removed, so that further actions are not processed.
+match to 2001:db8:1:1::31 set ext-community $INTCOMM_PROCESS_PREPEND_COMMS
+
+# prepend_once_to_peer AS3; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 65521:3 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 65521:3 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:65521:3 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+# prepend_twice_to_peer AS3; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 65522:3 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 65522:3 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:65522:3 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+# prepend_thrice_to_peer AS3; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 65523:3 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 65523:3 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:65523:3 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+
+# prepend_once_to_any; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 65521:65521 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 65521:65521 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:65521:65521 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+# prepend_twice_to_any; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 65522:65522 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 65522:65522 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:65522:65522 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+# prepend_thrice_to_any; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 65523:65523 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 65523:65523 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:65523:65523 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+
+# ---------------------------------------------
+# client AS4_1, inbound
+
+
+
+# NEXT_HOP
+match from 192.0.2.41 set community NO_ADVERTISE
+match from 192.0.2.41 nexthop 192.0.2.41 set community delete NO_ADVERTISE
+# Reject inbound routes when 'from 192.0.2.41 community NO_ADVERTISE' - reject code: 5
+allow quick from 192.0.2.41 community NO_ADVERTISE set {
+	localpref 1
+	community 65520:0
+	community 65520:5
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: left-most ASN
+# Reject inbound routes when 'from 192.0.2.41 peer-as != 4' - reject code: 6
+# community from reject_cause_map
+allow quick from 192.0.2.41 peer-as != 4 set {
+	localpref 1
+	community 65520:0
+	community 65520:6
+	large-community 999:1101:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: invalid ASNs
+# Reject inbound routes when 'from 192.0.2.41 AS 23456' - reject code: 7
+allow quick from 192.0.2.41 AS 23456 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 192.0.2.41 AS 64496 - 131071' - reject code: 7
+allow quick from 192.0.2.41 AS 64496 - 131071 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 192.0.2.41 AS 4200000000 - 4294967295' - reject code: 7
+allow quick from 192.0.2.41 AS 4200000000 - 4294967295 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: transit-free ASNs
+# Reject inbound routes when 'from 192.0.2.41 AS { 3, 174 }' - reject code: 8
+allow quick from 192.0.2.41 AS { 3, 174 } set {
+	localpref 1
+	community 65520:0
+	community 65520:8
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: never via route-servers ASNs
+# Reject inbound routes when 'from 192.0.2.41 AS as-set neverviarouteserver' - reject code: 15
+allow quick from 192.0.2.41 AS as-set neverviarouteserver set {
+	localpref 1
+	community 65520:0
+	community 65520:15
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+
+
+
+
+
+# Blackhole request?
+match from 192.0.2.41 set ext-community delete rt 65520:4
+
+
+# Remove internal communities before accepting the route
+match from 192.0.2.41 community BLACKHOLE set {
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+allow from 192.0.2.41 community 65534:0 set {
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+allow from 192.0.2.41 large-community 65534:0:0 set {
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# Add the rpki_bgp_origin_validation_not_performed community
+match from 192.0.2.41 community BLACKHOLE set community 65530:4
+match from 192.0.2.41 community BLACKHOLE set large-community 999:65530:4
+
+match from 192.0.2.41 community 65534:0 set { community 65530:4 large-community 999:65530:4}
+match from 192.0.2.41 large-community 65534:0:0 set { community 65530:4 large-community 999:65530:4}
+
+
+allow quick from 192.0.2.41 community BLACKHOLE
+allow quick from 192.0.2.41 community 65534:0
+allow quick from 192.0.2.41 large-community 65534:0:0
+
+
+match from 192.0.2.41 set ext-community rt 65520:4
+
+
+# RPKI-based Origin Validation
+# Reject inbound routes when 'from 192.0.2.41 ext-community $INTCOMM_RPKI_INVALID' - reject code: 14
+allow quick from 192.0.2.41 ext-community $INTCOMM_RPKI_INVALID set {
+	localpref 1
+	community 65520:0
+	community 65520:14
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# Prefix: length
+# Reject inbound routes when 'from 192.0.2.41 prefix 0.0.0.0/0 prefixlen 8 >< 24' - reject code: 13
+allow quick from 192.0.2.41 prefix 0.0.0.0/0 prefixlen 8 >< 24 set {
+	localpref 1
+	community 65520:0
+	community 65520:13
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# Graceful shutdown
+match from 192.0.2.41 community GRACEFUL_SHUTDOWN set localpref 5
+
+# Remove internal communities before accepting the route
+match from 192.0.2.41 set {
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+match from 192.0.2.41 set ext-community delete rt 65520:4
+
+
+
+allow quick from 192.0.2.41
+
+
+
+# ---------------------------------------------
+# client AS4_1, outbound
+
+deny quick to 192.0.2.41 community 65520:0
+
+
+
+# Blackhole request?
+# Configured policy: rewrite-next-hop
+match to 192.0.2.41 community 65534:0 set community BLACKHOLE
+match to 192.0.2.41 large-community 65534:0:0 set community BLACKHOLE
+
+match to 192.0.2.41 community BLACKHOLE set community NO_EXPORT
+match to 192.0.2.41 community BLACKHOLE set nexthop 192.0.2.66
+
+
+# RPKI-based Origin Validation
+# Do not announce INVALID to clients
+deny quick to 192.0.2.41 ext-community $INTCOMM_RPKI_INVALID
+
+# NO_EXPORT and NO_ADVERTISE communities
+# add_noexport_to_any
+match to 192.0.2.41 community 65507:999 set community NO_EXPORT
+match to 192.0.2.41 ext-community rt 65507:999 set community NO_EXPORT
+match to 192.0.2.41 large-community 999:65507:999 set community NO_EXPORT
+
+# add_noadvertise_to_any
+match to 192.0.2.41 community 65508:999 set community NO_ADVERTISE
+match to 192.0.2.41 ext-community rt 65508:999 set community NO_ADVERTISE
+match to 192.0.2.41 large-community 999:65508:999 set community NO_ADVERTISE
+
+# add_noexport_to_peer
+match to 192.0.2.41 community 65509:4 set community NO_EXPORT
+match to 192.0.2.41 ext-community rt 65509:4 set community NO_EXPORT
+match to 192.0.2.41 large-community 999:65509:4 set community NO_EXPORT
+
+# add_noadvertise_to_peer
+match to 192.0.2.41 community 65510:4 set community NO_ADVERTISE
+match to 192.0.2.41 ext-community rt 65510:4 set community NO_ADVERTISE
+match to 192.0.2.41 large-community 999:65510:4 set community NO_ADVERTISE
+
+
+# BGP control communities
+allow to 192.0.2.41
+
+# do_not_announce_to_any
+deny to 192.0.2.41 community 0:999
+deny to 192.0.2.41 ext-community rt 0:999
+deny to 192.0.2.41 large-community 999:0:999
+
+# do_not_announce_to_peer
+deny quick to 192.0.2.41 community 0:4
+deny quick to 192.0.2.41 ext-community rt 0:4
+deny quick to 192.0.2.41 large-community 999:0:4
+
+# announce_to_peer
+allow to 192.0.2.41 community 65501:4
+allow to 192.0.2.41 ext-community rt 65501:4
+allow to 192.0.2.41 large-community 999:65501:4
+
+
+# Add the $INTCOMM_PROCESS_PREPEND_COMMS ext community to signal that communities
+# for prepending can be processed. As soon as one prepending action is performed,
+# this internal community is removed, so that further actions are not processed.
+match to 192.0.2.41 set ext-community $INTCOMM_PROCESS_PREPEND_COMMS
+
+# prepend_once_to_peer AS4; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 65521:4 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 65521:4 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:65521:4 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+# prepend_twice_to_peer AS4; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 65522:4 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 65522:4 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:65522:4 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+# prepend_thrice_to_peer AS4; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 65523:4 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 65523:4 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:65523:4 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+
+# prepend_once_to_any; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 65521:65521 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 65521:65521 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:65521:65521 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+# prepend_twice_to_any; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 65522:65522 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 65522:65522 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:65522:65522 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+# prepend_thrice_to_any; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 65523:65523 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 65523:65523 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:65523:65523 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+
+# ---------------------------------------------
+# client AS4_2, inbound
+
+
+
+# NEXT_HOP
+match from 2001:db8:1:1::41 set community NO_ADVERTISE
+match from 2001:db8:1:1::41 nexthop 2001:db8:1:1::41 set community delete NO_ADVERTISE
+# Reject inbound routes when 'from 2001:db8:1:1::41 community NO_ADVERTISE' - reject code: 5
+allow quick from 2001:db8:1:1::41 community NO_ADVERTISE set {
+	localpref 1
+	community 65520:0
+	community 65520:5
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: left-most ASN
+# Reject inbound routes when 'from 2001:db8:1:1::41 peer-as != 4' - reject code: 6
+# community from reject_cause_map
+allow quick from 2001:db8:1:1::41 peer-as != 4 set {
+	localpref 1
+	community 65520:0
+	community 65520:6
+	large-community 999:1101:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: invalid ASNs
+# Reject inbound routes when 'from 2001:db8:1:1::41 AS 23456' - reject code: 7
+allow quick from 2001:db8:1:1::41 AS 23456 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 2001:db8:1:1::41 AS 64496 - 131071' - reject code: 7
+allow quick from 2001:db8:1:1::41 AS 64496 - 131071 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 2001:db8:1:1::41 AS 4200000000 - 4294967295' - reject code: 7
+allow quick from 2001:db8:1:1::41 AS 4200000000 - 4294967295 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: transit-free ASNs
+# Reject inbound routes when 'from 2001:db8:1:1::41 AS { 3, 174 }' - reject code: 8
+allow quick from 2001:db8:1:1::41 AS { 3, 174 } set {
+	localpref 1
+	community 65520:0
+	community 65520:8
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: never via route-servers ASNs
+# Reject inbound routes when 'from 2001:db8:1:1::41 AS as-set neverviarouteserver' - reject code: 15
+allow quick from 2001:db8:1:1::41 AS as-set neverviarouteserver set {
+	localpref 1
+	community 65520:0
+	community 65520:15
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+
+
+
+
+
+# Blackhole request?
+match from 2001:db8:1:1::41 set ext-community delete rt 65520:4
+
+
+# Remove internal communities before accepting the route
+match from 2001:db8:1:1::41 community BLACKHOLE set {
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+allow from 2001:db8:1:1::41 community 65534:0 set {
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+allow from 2001:db8:1:1::41 large-community 65534:0:0 set {
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# Add the rpki_bgp_origin_validation_not_performed community
+match from 2001:db8:1:1::41 community BLACKHOLE set community 65530:4
+match from 2001:db8:1:1::41 community BLACKHOLE set large-community 999:65530:4
+
+match from 2001:db8:1:1::41 community 65534:0 set { community 65530:4 large-community 999:65530:4}
+match from 2001:db8:1:1::41 large-community 65534:0:0 set { community 65530:4 large-community 999:65530:4}
+
+
+allow quick from 2001:db8:1:1::41 community BLACKHOLE
+allow quick from 2001:db8:1:1::41 community 65534:0
+allow quick from 2001:db8:1:1::41 large-community 65534:0:0
+
+
+match from 2001:db8:1:1::41 set ext-community rt 65520:4
+
+
+# RPKI-based Origin Validation
+# Reject inbound routes when 'from 2001:db8:1:1::41 ext-community $INTCOMM_RPKI_INVALID' - reject code: 14
+allow quick from 2001:db8:1:1::41 ext-community $INTCOMM_RPKI_INVALID set {
+	localpref 1
+	community 65520:0
+	community 65520:14
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# Prefix: length
+# Reject inbound routes when 'from 2001:db8:1:1::41 prefix ::/0 prefixlen 17 >< 48' - reject code: 13
+allow quick from 2001:db8:1:1::41 prefix ::/0 prefixlen 17 >< 48 set {
+	localpref 1
+	community 65520:0
+	community 65520:13
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# Graceful shutdown
+match from 2001:db8:1:1::41 community GRACEFUL_SHUTDOWN set localpref 5
+
+# Remove internal communities before accepting the route
+match from 2001:db8:1:1::41 set {
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+match from 2001:db8:1:1::41 set ext-community delete rt 65520:4
+
+
+
+allow quick from 2001:db8:1:1::41
+
+
+
+# ---------------------------------------------
+# client AS4_2, outbound
+
+deny quick to 2001:db8:1:1::41 community 65520:0
+
+
+
+# Blackhole request?
+# Configured policy: rewrite-next-hop
+match to 2001:db8:1:1::41 community 65534:0 set community BLACKHOLE
+match to 2001:db8:1:1::41 large-community 65534:0:0 set community BLACKHOLE
+
+match to 2001:db8:1:1::41 community BLACKHOLE set community NO_EXPORT
+match to 2001:db8:1:1::41 community BLACKHOLE set nexthop 2001:db8:1:1::66
+
+
+# RPKI-based Origin Validation
+# Do not announce INVALID to clients
+deny quick to 2001:db8:1:1::41 ext-community $INTCOMM_RPKI_INVALID
+
+# NO_EXPORT and NO_ADVERTISE communities
+# add_noexport_to_any
+match to 2001:db8:1:1::41 community 65507:999 set community NO_EXPORT
+match to 2001:db8:1:1::41 ext-community rt 65507:999 set community NO_EXPORT
+match to 2001:db8:1:1::41 large-community 999:65507:999 set community NO_EXPORT
+
+# add_noadvertise_to_any
+match to 2001:db8:1:1::41 community 65508:999 set community NO_ADVERTISE
+match to 2001:db8:1:1::41 ext-community rt 65508:999 set community NO_ADVERTISE
+match to 2001:db8:1:1::41 large-community 999:65508:999 set community NO_ADVERTISE
+
+# add_noexport_to_peer
+match to 2001:db8:1:1::41 community 65509:4 set community NO_EXPORT
+match to 2001:db8:1:1::41 ext-community rt 65509:4 set community NO_EXPORT
+match to 2001:db8:1:1::41 large-community 999:65509:4 set community NO_EXPORT
+
+# add_noadvertise_to_peer
+match to 2001:db8:1:1::41 community 65510:4 set community NO_ADVERTISE
+match to 2001:db8:1:1::41 ext-community rt 65510:4 set community NO_ADVERTISE
+match to 2001:db8:1:1::41 large-community 999:65510:4 set community NO_ADVERTISE
+
+
+# BGP control communities
+allow to 2001:db8:1:1::41
+
+# do_not_announce_to_any
+deny to 2001:db8:1:1::41 community 0:999
+deny to 2001:db8:1:1::41 ext-community rt 0:999
+deny to 2001:db8:1:1::41 large-community 999:0:999
+
+# do_not_announce_to_peer
+deny quick to 2001:db8:1:1::41 community 0:4
+deny quick to 2001:db8:1:1::41 ext-community rt 0:4
+deny quick to 2001:db8:1:1::41 large-community 999:0:4
+
+# announce_to_peer
+allow to 2001:db8:1:1::41 community 65501:4
+allow to 2001:db8:1:1::41 ext-community rt 65501:4
+allow to 2001:db8:1:1::41 large-community 999:65501:4
+
+
+# Add the $INTCOMM_PROCESS_PREPEND_COMMS ext community to signal that communities
+# for prepending can be processed. As soon as one prepending action is performed,
+# this internal community is removed, so that further actions are not processed.
+match to 2001:db8:1:1::41 set ext-community $INTCOMM_PROCESS_PREPEND_COMMS
+
+# prepend_once_to_peer AS4; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 65521:4 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 65521:4 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:65521:4 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+# prepend_twice_to_peer AS4; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 65522:4 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 65522:4 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:65522:4 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+# prepend_thrice_to_peer AS4; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 65523:4 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 65523:4 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:65523:4 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+
+# prepend_once_to_any; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 65521:65521 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 65521:65521 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:65521:65521 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+# prepend_twice_to_any; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 65522:65522 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 65522:65522 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:65522:65522 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+# prepend_thrice_to_any; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 65523:65523 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 65523:65523 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:65523:65523 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+
+
+
+# Scrub communities from outbound routes
+# add_noadvertise_to_any
+match to group clients set community delete 65508:999
+match to group clients set ext-community delete rt 65508:999
+match to group clients set large-community delete 999:65508:999
+
+# add_noadvertise_to_peer
+match to group clients set community delete 65510:*
+match to group clients set ext-community delete rt 65510:*
+match to group clients set large-community delete 999:65510:*
+
+# add_noexport_to_any
+match to group clients set community delete 65507:999
+match to group clients set ext-community delete rt 65507:999
+match to group clients set large-community delete 999:65507:999
+
+# add_noexport_to_peer
+match to group clients set community delete 65509:*
+match to group clients set ext-community delete rt 65509:*
+match to group clients set large-community delete 999:65509:*
+
+# announce_to_peer
+match to group clients set community delete 65501:*
+match to group clients set ext-community delete rt 65501:*
+match to group clients set large-community delete 999:65501:*
+
+# announce_to_peers_with_rtt_higher_than
+match to group clients set community delete 64533:*
+match to group clients set ext-community delete rt 64533:*
+match to group clients set large-community delete 999:64533:*
+
+# announce_to_peers_with_rtt_lower_than
+match to group clients set community delete 64532:*
+match to group clients set ext-community delete rt 64532:*
+match to group clients set large-community delete 999:64532:*
+
+# blackholing
+match to group clients set community delete 65534:0
+match to group clients set large-community delete 65534:0:0
+
+# do_not_announce_to_any
+match to group clients set community delete 0:999
+match to group clients set ext-community delete rt 0:999
+match to group clients set large-community delete 999:0:999
+
+# do_not_announce_to_peer
+match to group clients set community delete 0:*
+match to group clients set ext-community delete rt 0:*
+match to group clients set large-community delete 999:0:*
+
+# do_not_announce_to_peers_with_rtt_higher_than
+match to group clients set community delete 64531:*
+match to group clients set ext-community delete rt 64531:*
+match to group clients set large-community delete 999:64531:*
+
+# do_not_announce_to_peers_with_rtt_lower_than
+match to group clients set community delete 64530:*
+match to group clients set ext-community delete rt 64530:*
+match to group clients set large-community delete 999:64530:*
+
+# prepend_once_to_any
+match to group clients set community delete 65521:65521
+match to group clients set ext-community delete rt 65521:65521
+match to group clients set large-community delete 999:65521:65521
+
+# prepend_once_to_peer
+match to group clients set community delete 65521:*
+match to group clients set ext-community delete rt 65521:*
+match to group clients set large-community delete 999:65521:*
+
+# prepend_once_to_peers_with_rtt_higher_than
+match to group clients set community delete 64537:*
+match to group clients set ext-community delete rt 64537:*
+match to group clients set large-community delete 999:64537:*
+
+# prepend_once_to_peers_with_rtt_lower_than
+match to group clients set community delete 64534:*
+match to group clients set ext-community delete rt 64534:*
+match to group clients set large-community delete 999:64534:*
+
+# prepend_thrice_to_any
+match to group clients set community delete 65523:65523
+match to group clients set ext-community delete rt 65523:65523
+match to group clients set large-community delete 999:65523:65523
+
+# prepend_thrice_to_peer
+match to group clients set community delete 65523:*
+match to group clients set ext-community delete rt 65523:*
+match to group clients set large-community delete 999:65523:*
+
+# prepend_thrice_to_peers_with_rtt_higher_than
+match to group clients set community delete 64539:*
+match to group clients set ext-community delete rt 64539:*
+match to group clients set large-community delete 999:64539:*
+
+# prepend_thrice_to_peers_with_rtt_lower_than
+match to group clients set community delete 64536:*
+match to group clients set ext-community delete rt 64536:*
+match to group clients set large-community delete 999:64536:*
+
+# prepend_twice_to_any
+match to group clients set community delete 65522:65522
+match to group clients set ext-community delete rt 65522:65522
+match to group clients set large-community delete 999:65522:65522
+
+# prepend_twice_to_peer
+match to group clients set community delete 65522:*
+match to group clients set ext-community delete rt 65522:*
+match to group clients set large-community delete 999:65522:*
+
+# prepend_twice_to_peers_with_rtt_higher_than
+match to group clients set community delete 64538:*
+match to group clients set ext-community delete rt 64538:*
+match to group clients set large-community delete 999:64538:*
+
+# prepend_twice_to_peers_with_rtt_lower_than
+match to group clients set community delete 64535:*
+match to group clients set ext-community delete rt 64535:*
+match to group clients set large-community delete 999:64535:*
+
+# reject_cause
+match to group clients set community delete 65520:*
+
+# reject_cause_map_6
+match to group clients set large-community delete 999:1101:7
+
+# rejected_route_announced_by
+match to group clients set ext-community delete rt 65520:*
+
+
+# Scrub prepending communities
+match to group clients set {
+	community delete 65521:65521
+	ext-community delete rt 65521:65521
+	large-community delete 999:65521:65521
+
+}
+match to group clients set {
+	community delete 65521:*
+	ext-community delete rt 65521:*
+	large-community delete 999:65521:*
+
+}
+match to group clients set {
+	community delete 64537:*
+	ext-community delete rt 64537:*
+	large-community delete 999:64537:*
+
+}
+match to group clients set {
+	community delete 64534:*
+	ext-community delete rt 64534:*
+	large-community delete 999:64534:*
+
+}
+match to group clients set {
+	community delete 65523:65523
+	ext-community delete rt 65523:65523
+	large-community delete 999:65523:65523
+
+}
+match to group clients set {
+	community delete 65523:*
+	ext-community delete rt 65523:*
+	large-community delete 999:65523:*
+
+}
+match to group clients set {
+	community delete 64539:*
+	ext-community delete rt 64539:*
+	large-community delete 999:64539:*
+
+}
+match to group clients set {
+	community delete 64536:*
+	ext-community delete rt 64536:*
+	large-community delete 999:64536:*
+
+}
+match to group clients set {
+	community delete 65522:65522
+	ext-community delete rt 65522:65522
+	large-community delete 999:65522:65522
+
+}
+match to group clients set {
+	community delete 65522:*
+	ext-community delete rt 65522:*
+	large-community delete 999:65522:*
+
+}
+match to group clients set {
+	community delete 64538:*
+	ext-community delete rt 64538:*
+	large-community delete 999:64538:*
+
+}
+match to group clients set {
+	community delete 64535:*
+	ext-community delete rt 64535:*
+	large-community delete 999:64535:*
+
+}
+
+
+# RFC1997 NO_EXPORT/NO_ADVERTISE received from clients and propagated because of pass-through policy
+match to group clients ext-community $INTCOMM_NO_EXPORT set community NO_EXPORT
+match to group clients ext-community $INTCOMM_NO_ADVERTISE set community NO_ADVERTISE
+
+# Remove internal communities before announcing the route
+match to group clients set {
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+include "/etc/bgpd/post-filters.local"
+
+
diff --git a/tests/live_tests/scenarios/tag_reject_policy/configs/TagRejectPolicyScenario_OpenBGPDIPv4/openbgpd77p.conf b/tests/live_tests/scenarios/tag_reject_policy/configs/TagRejectPolicyScenario_OpenBGPDIPv4/openbgpd77p.conf
new file mode 100644
index 00000000..c2cb47fc
--- /dev/null
+++ b/tests/live_tests/scenarios/tag_reject_policy/configs/TagRejectPolicyScenario_OpenBGPDIPv4/openbgpd77p.conf
@@ -0,0 +1,7608 @@
+# built by ARouteServer
+AS 999
+router-id 192.0.2.2
+
+fib-update no
+log updates
+
+nexthop qualify via default
+
+rde evaluate all
+
+INTCOMM_PREF_OK_ROA="soo 65535:1"
+INTCOMM_ROUTE_OK_WL="soo 65535:2"
+INTCOMM_PREF_OK_ARINDB="soo 65535:3"
+INTCOMM_PREF_OK_REGISTROBRDB="soo 65535:12"
+
+INTCOMM_ORIGIN_OK="soo 65535:4"
+INTCOMM_ORIGIN_KO="soo 65535:5"
+INTCOMM_PREFIX_OK="soo 65535:6"
+INTCOMM_PREFIX_KO="soo 65535:7"
+INTCOMM_IRR_REJECT="soo 65535:8"
+
+INTCOMM_RPKI_UNKNOWN="soo 65535:9"
+INTCOMM_RPKI_INVALID="soo 65535:10"
+INTCOMM_RPKI_VALID="soo 65535:11"
+
+INTCOMM_PROCESS_PREPEND_COMMS="soo 65535:13"
+
+INTCOMM_NO_EXPORT="soo 65535:65281"
+INTCOMM_NO_ADVERTISE="soo 65535:65282"
+
+# ---------------------------------------------------------
+# IRRDB
+
+# AS222, used by client AS222_1, client AS222_2
+# no origin ASNs found for AS222
+# no prefixes found for AS222
+
+# AS2, used by client AS2_1, client AS2_2
+# no origin ASNs found for AS2
+# no prefixes found for AS2
+
+# AS-AS1, AS-AS1_CUSTOMERS, used by client AS1_1, client AS1_2, client AS1_3, client AS1_4
+as-set "AS_SET_AS_AS1_AS_AS1_CUSTOMERS_asns" {
+    1 101
+}
+prefix-set "AS_SET_AS_AS1_AS_AS1_CUSTOMERS_prefixes" {
+    2a01::/32 prefixlen 32 - 128
+    2a99::/16 prefixlen 16 - 128
+    3101::/32 prefixlen 32 - 128
+}
+
+# AS-AS2, AS-AS2_CUSTOMERS, used by client AS2_1, client AS2_2
+as-set "AS_SET_AS_AS2_AS_AS2_CUSTOMERS_asns" {
+    2 101
+}
+prefix-set "AS_SET_AS_AS2_AS_AS2_CUSTOMERS_prefixes" {
+    2a02::/32 prefixlen 32 - 128
+    3101::/32 prefixlen 32 - 128
+}
+
+# WHITE_LIST_AS1_2, used by client AS1_2 white list
+as-set "AS_SET_WHITE_LIST_AS1_2_asns" {
+    1011
+}
+prefix-set "AS_SET_WHITE_LIST_AS1_2_prefixes" {
+    11.1.0.0/16 prefixlen 16 - 32
+    2a11:1::/32 prefixlen 32 - 128
+}
+
+# AS-AS222, used by client AS222_1, client AS222_2
+# no origin ASNs found for AS_AS222
+# no prefixes found for AS_AS222
+
+# AS1, used by client AS1_1, client AS1_2, client AS1_3, client AS1_4
+# no origin ASNs found for AS1
+# no prefixes found for AS1
+
+# WHITE_LIST_AS1_1, used by client AS1_1 white list
+as-set "AS_SET_WHITE_LIST_AS1_1_asns" {
+    1011
+}
+prefix-set "AS_SET_WHITE_LIST_AS1_1_prefixes" {
+    11.1.0.0/16 prefixlen 16 - 32
+    2a11:1::/32 prefixlen 32 - 128
+}
+
+
+
+
+# ---------------------------------------------------------
+# MEMBERS
+
+group "clients" {
+
+	neighbor 192.0.2.11 {
+		remote-as 1
+
+		rde evaluate all
+
+		descr "AS1_1 client"
+		passive
+		ttl-security no
+		transparent-as yes
+		enforce neighbor-as no
+
+		announce as-4byte yes
+		announce IPv6 none
+		announce IPv4 unicast
+
+		set nexthop no-modify
+	}
+
+	neighbor 2001:db8:1:1::11 {
+		remote-as 1
+
+		rde evaluate all
+
+		descr "AS1_1 client"
+		passive
+		ttl-security no
+		transparent-as yes
+		enforce neighbor-as no
+
+		announce as-4byte yes
+		announce IPv6 unicast
+		announce IPv4 none
+
+		set nexthop no-modify
+	}
+
+	neighbor 192.0.2.12 {
+		remote-as 1
+
+		rde evaluate all
+
+		descr "AS1_2 client"
+		passive
+		ttl-security no
+		transparent-as yes
+		enforce neighbor-as no
+
+		announce as-4byte yes
+		announce IPv6 none
+		announce IPv4 unicast
+
+		set nexthop no-modify
+	}
+
+	neighbor 2001:db8:1:1::12 {
+		remote-as 1
+
+		rde evaluate all
+
+		descr "AS1_2 client"
+		passive
+		ttl-security no
+		transparent-as yes
+		enforce neighbor-as no
+
+		announce as-4byte yes
+		announce IPv6 unicast
+		announce IPv4 none
+
+		set nexthop no-modify
+	}
+
+	neighbor 192.0.2.222 {
+		remote-as 222
+
+		rde evaluate all
+
+		descr "AS222_1 client"
+		ttl-security no
+		transparent-as yes
+		enforce neighbor-as no
+
+		announce as-4byte yes
+		announce IPv6 none
+		announce IPv4 unicast
+
+		set nexthop no-modify
+	}
+
+	neighbor 2001:db8:1:1::222 {
+		remote-as 222
+
+		rde evaluate all
+
+		descr "AS222_1 client"
+		ttl-security no
+		transparent-as yes
+		enforce neighbor-as no
+
+		announce as-4byte yes
+		announce IPv6 unicast
+		announce IPv4 none
+
+		set nexthop no-modify
+	}
+
+	neighbor 192.0.2.21 {
+		remote-as 2
+
+		rde evaluate all
+
+		descr "AS2_1 client"
+		passive
+		ttl-security no
+		transparent-as yes
+		enforce neighbor-as no
+
+		announce as-4byte yes
+		announce IPv6 none
+		announce IPv4 unicast
+
+		set nexthop no-modify
+	}
+
+	neighbor 2001:db8:1:1::21 {
+		remote-as 2
+
+		rde evaluate all
+
+		descr "AS2_1 client"
+		passive
+		ttl-security no
+		transparent-as yes
+		enforce neighbor-as no
+
+		announce as-4byte yes
+		announce IPv6 unicast
+		announce IPv4 none
+
+		set nexthop no-modify
+	}
+
+	neighbor 192.0.2.31 {
+		remote-as 3
+
+		rde evaluate all
+
+		descr "AS3_1 client"
+		ttl-security no
+		transparent-as no
+		enforce neighbor-as no
+
+		announce as-4byte yes
+		announce IPv6 none
+		announce IPv4 unicast
+		announce add-path send best plus 5
+
+		set nexthop no-modify
+	}
+
+	neighbor 2001:db8:1:1::31 {
+		remote-as 3
+
+		rde evaluate all
+
+		descr "AS3_1 client"
+		ttl-security no
+		transparent-as no
+		enforce neighbor-as no
+
+		announce as-4byte yes
+		announce IPv6 unicast
+		announce IPv4 none
+		announce add-path send best plus 5
+
+		set nexthop no-modify
+	}
+
+	neighbor 192.0.2.41 {
+		remote-as 4
+
+		rde evaluate all
+
+		descr "AS4_1 client"
+		passive
+		ttl-security no
+		transparent-as yes
+		enforce neighbor-as no
+
+		announce as-4byte yes
+		announce IPv6 none
+		announce IPv4 unicast
+
+		set nexthop no-modify
+	}
+
+	neighbor 2001:db8:1:1::41 {
+		remote-as 4
+
+		rde evaluate all
+
+		descr "AS4_1 client"
+		passive
+		ttl-security no
+		transparent-as yes
+		enforce neighbor-as no
+
+		announce as-4byte yes
+		announce IPv6 unicast
+		announce IPv4 none
+
+		set nexthop no-modify
+	}
+}
+
+include "/etc/bgpd/post-clients.local"
+
+
+
+# ---------------------------------------------------------
+# FILTERS
+
+# NO_ADVERTISE usage notes.
+# The NO_ADVERTISE well-know community is used here to handle
+# filters that span over multiple steps. At first it is added
+# to any route, then it is removed as filters conditions are
+# satisfied. Finally, if it is still present, it means that
+# the route should be discarded.
+
+
+
+
+prefix-set "global_black_list_pref" {
+    192.0.2.0/24 prefixlen 24 - 32
+    2001:db8::/32 prefixlen 32 - 128
+
+}
+
+prefix-set "bogons" {
+    0.0.0.0/0
+    0.0.0.0/8 prefixlen 8 - 32
+    10.0.0.0/8 prefixlen 8 - 32
+    127.0.0.0/8 prefixlen 8 - 32
+    169.254.0.0/16 prefixlen 16 - 32
+    172.16.0.0/12 prefixlen 12 - 32
+    192.0.2.0/24 prefixlen 24 - 32
+    192.88.99.0/24 prefixlen 24 - 32
+    192.168.0.0/16 prefixlen 16 - 32
+    198.18.0.0/15 prefixlen 15 - 32
+    198.51.100.0/24 prefixlen 24 - 32
+    203.0.113.0/24 prefixlen 24 - 32
+    224.0.0.0/3 prefixlen 3 - 32
+    100.64.0.0/10 prefixlen 10 - 32
+    ::/0
+    ::/8 prefixlen 8 - 128
+    64:ff9b::/96 prefixlen 96 - 128
+    100::/8 prefixlen 8 - 128
+    200::/7 prefixlen 7 - 128
+    400::/6 prefixlen 6 - 128
+    800::/5 prefixlen 5 - 128
+    1000::/4 prefixlen 4 - 128
+    2001::/33 prefixlen 33 - 128
+    2001:0:8000::/33 prefixlen 33 - 128
+    2001:2::/48 prefixlen 48 - 128
+    2001:3::/32 prefixlen 32 - 128
+    2001:10::/28 prefixlen 28 - 128
+    2001:20::/28 prefixlen 28 - 128
+    2001:db8::/32 prefixlen 32 - 128
+    2002::/16 prefixlen 16 - 128
+    3ffe::/16 prefixlen 16 - 128
+    4000::/3 prefixlen 3 - 128
+    5f00::/8 prefixlen 8 - 128
+    6000::/3 prefixlen 3 - 128
+    8000::/3 prefixlen 3 - 128
+    a000::/3 prefixlen 3 - 128
+    c000::/3 prefixlen 3 - 128
+    e000::/4 prefixlen 4 - 128
+    f000::/5 prefixlen 5 - 128
+    f800::/6 prefixlen 6 - 128
+    fc00::/7 prefixlen 7 - 128
+    fe80::/10 prefixlen 10 - 128
+    fec0::/10 prefixlen 10 - 128
+    ff00::/8 prefixlen 8 - 128
+
+}
+
+# never via route-servers ASNs
+as-set "neverviarouteserver" {
+	666, 777
+}
+
+# =====================================================================================
+# Global rules.
+
+# This part of configuration is processed at the beginning of the filters.
+# The rules defined in this part are applied to all the clients, and not on a
+# client-by-client basis (see the 'match from group clients'), so only global policies
+# can be implemented here, that is no client-level configuration are allowed.
+
+
+
+# Scrub communities from inbound routes
+# origin_not_present_in_as_set
+match from group clients set community delete 65530:0
+match from group clients set large-community delete 999:65530:0
+
+# origin_present_in_as_set
+match from group clients set community delete 65530:1
+match from group clients set large-community delete 999:65530:1
+
+# prefix_validated_via_arin_whois_db_dump
+match from group clients set community delete 65530:3
+match from group clients set large-community delete 999:65530:3
+
+# prefix_validated_via_rpki_roas
+match from group clients set community delete 65530:2
+match from group clients set large-community delete 999:65530:2
+
+# reject_cause
+match from group clients set community delete 65520:*
+
+# reject_cause_map_6
+match from group clients set large-community delete 999:1101:7
+
+# rejected_route_announced_by
+match from group clients set ext-community delete rt 65520:*
+
+# rpki_bgp_origin_validation_not_performed
+match from group clients set community delete 65530:4
+match from group clients set large-community delete 999:65530:4
+
+
+# Scrub internal communities from inbound routes
+match from group clients set {
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+# The main goal of this block is to enrich routes received from clients by attaching to them
+# internal informational communities which are used later by the rest of the filter rules.
+
+# Internal communities used for RFC1997 well-known communities handling
+
+# Transform NO_EXPORT into $INTCOMM_NO_EXPORT
+match from group clients community NO_EXPORT set { ext-community $INTCOMM_NO_EXPORT community delete NO_EXPORT }
+
+# Transform NO_ADVERTISE into $INTCOMM_NO_ADVERTISE
+match from group clients community NO_ADVERTISE set { ext-community $INTCOMM_NO_ADVERTISE community delete NO_ADVERTISE }
+
+
+# ---------------------------------------------------------
+# ROAs source
+
+
+roa-set {
+    101.3.0.0/16 maxlen 24 source-as 105 expires 4102444799
+    101.2.0.0/17 source-as 101 expires 4102444799
+    101.2.128.0/17 maxlen 24 source-as 101 expires 4102444799
+    101.0.128.0/20 maxlen 23 source-as 101 expires 4102444799
+    101.0.8.0/24 source-as 101 expires 4102444799
+    101.0.9.0/24 source-as 102 expires 4102444799
+    222.1.1.0/24 source-as 333 expires 4102444799
+    3101:3::/32 maxlen 48 source-as 105 expires 4102444799
+    3101:0:8000::/33 maxlen 34 source-as 101 expires 4102444799
+    3101:2:8000::/33 maxlen 48 source-as 101 expires 4102444799
+    3101:2::/33 source-as 101 expires 4102444799
+    3101:0:8::/48 source-as 101 expires 4102444799
+    3101:0:9::/48 source-as 102 expires 4102444799
+    3222:0:1::/48 source-as 333 expires 4102444799
+
+}
+
+
+
+# ---------------------------------------------------------
+# RPKI-based Origin Validation
+
+
+# Add $INTCOMM_RPKI_UNKNOWN, $INTCOMM_RPKI_INVALID and $INTCOMM_RPKI_VALID
+# ext community on the basis of ovs.
+match from group clients ovs not-found set {
+    ext-community $INTCOMM_RPKI_UNKNOWN
+    ext-community ovs not-found
+    
+}
+match from group clients ovs valid set {
+    ext-community $INTCOMM_RPKI_VALID
+    ext-community ovs valid
+    
+}
+match from group clients ovs invalid set {
+    ext-community $INTCOMM_RPKI_INVALID
+    ext-community ovs invalid
+    
+}
+
+
+
+# ---------------------------------------------------------
+# RPKI ROAs used as route objects.
+
+# Add the $INTCOMM_PREF_OK_ROA ext community to routes whose
+# origin ASN has a ROA for the announced prefix.
+# It will be used later during IRRDB validation in
+# case the origin ASN is authorized by a client's
+# AS-SET but the prefix is not.
+
+# Since RPKI-based Origin Validation is already performed above,
+# use the origin validation state to identify valid routes.
+match from group clients ovs valid set ext-community $INTCOMM_PREF_OK_ROA
+
+
+
+
+
+
+# Set the 'rejected_route_announced_by' community for all the clients.
+# It will be removed later if the route is not invalid
+match from 192.0.2.11 set ext-community rt 65520:1
+
+match from 2001:db8:1:1::11 set ext-community rt 65520:1
+
+match from 192.0.2.12 set ext-community rt 65520:1
+
+match from 2001:db8:1:1::12 set ext-community rt 65520:1
+
+match from 192.0.2.222 set ext-community rt 65520:222
+
+match from 2001:db8:1:1::222 set ext-community rt 65520:222
+
+match from 192.0.2.21 set ext-community rt 65520:2
+
+match from 2001:db8:1:1::21 set ext-community rt 65520:2
+
+match from 192.0.2.31 set ext-community rt 65520:3
+
+match from 2001:db8:1:1::31 set ext-community rt 65520:3
+
+match from 192.0.2.41 set ext-community rt 65520:4
+
+match from 2001:db8:1:1::41 set ext-community rt 65520:4
+
+
+
+
+# AS_PATH: length
+# Reject inbound routes when 'from group clients max-as-len 6' - reject code: 1
+allow quick from group clients max-as-len 6 set {
+	localpref 1
+	community 65520:0
+	community 65520:1
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# Prefix: global blacklist
+# Reject inbound routes when 'from group clients prefix-set global_black_list_pref' - reject code: 3
+allow quick from group clients prefix-set global_black_list_pref set {
+	localpref 1
+	community 65520:0
+	community 65520:3
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# Prefix: only IPv6 Global Unicast space allowed
+match from group clients inet6 set community NO_ADVERTISE
+match from group clients prefix 2000::/3 or-longer set community delete NO_ADVERTISE
+# Reject inbound routes when 'from group clients community NO_ADVERTISE' - reject code: 10
+allow quick from group clients community NO_ADVERTISE set {
+	localpref 1
+	community 65520:0
+	community 65520:10
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# Prefix: bogon
+# Reject inbound routes when 'from group clients prefix-set bogons' - reject code: 2
+allow quick from group clients prefix-set bogons set {
+	localpref 1
+	community 65520:0
+	community 65520:2
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+
+# =====================================================================================
+# Per client rules.
+
+
+# ---------------------------------------------
+# client AS1_1, inbound
+
+
+
+# NEXT_HOP
+match from 192.0.2.11 set community NO_ADVERTISE
+match from 192.0.2.11 nexthop 192.0.2.11 set community delete NO_ADVERTISE
+# Reject inbound routes when 'from 192.0.2.11 community NO_ADVERTISE' - reject code: 5
+allow quick from 192.0.2.11 community NO_ADVERTISE set {
+	localpref 1
+	community 65520:0
+	community 65520:5
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: left-most ASN
+# Reject inbound routes when 'from 192.0.2.11 peer-as != 1' - reject code: 6
+# community from reject_cause_map
+allow quick from 192.0.2.11 peer-as != 1 set {
+	localpref 1
+	community 65520:0
+	community 65520:6
+	large-community 999:1101:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: invalid ASNs
+# Reject inbound routes when 'from 192.0.2.11 AS 23456' - reject code: 7
+allow quick from 192.0.2.11 AS 23456 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 192.0.2.11 AS 64496 - 131071' - reject code: 7
+allow quick from 192.0.2.11 AS 64496 - 131071 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 192.0.2.11 AS 4200000000 - 4294967295' - reject code: 7
+allow quick from 192.0.2.11 AS 4200000000 - 4294967295 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: transit-free ASNs
+# Reject inbound routes when 'from 192.0.2.11 AS { 3, 174 }' - reject code: 8
+allow quick from 192.0.2.11 AS { 3, 174 } set {
+	localpref 1
+	community 65520:0
+	community 65520:8
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: never via route-servers ASNs
+# Reject inbound routes when 'from 192.0.2.11 AS as-set neverviarouteserver' - reject code: 15
+allow quick from 192.0.2.11 AS as-set neverviarouteserver set {
+	localpref 1
+	community 65520:0
+	community 65520:15
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# client's white list
+# Add the $INTCOMM_ROUTE_OK_WL ext community to routes which
+# are validated by a client's white list entry.
+# It will be used later during IRRDB validation in
+# case the route is not authorized by a client's
+# AS-SET.
+match from 192.0.2.11 prefix 11.3.0.0/16 source-as 1011 set ext-community $INTCOMM_ROUTE_OK_WL	# None
+match from 192.0.2.11 prefix 11.4.0.0/16 prefixlen 16 - 32 set ext-community $INTCOMM_ROUTE_OK_WL	# None
+match from 192.0.2.11 prefix 2a11:3::/32 source-as 1011 set ext-community $INTCOMM_ROUTE_OK_WL	# None
+match from 192.0.2.11 prefix 2a11:4::/32 prefixlen 32 - 128 set ext-community $INTCOMM_ROUTE_OK_WL	# None
+
+match from 192.0.2.11 set ext-community $INTCOMM_IRR_REJECT
+
+# AS_PATH: check origin via AS-SET
+# IRRDB filters for AS1_1, AS1: asns
+# add $INTCOMM_ORIGIN_KO to any; it will be removed later if at least one AS-SET authorizes this object
+match from 192.0.2.11 set ext-community $INTCOMM_ORIGIN_KO
+# verifying if object is authorized by AS-SETs
+match from 192.0.2.11 source-as as-set AS_SET_AS_AS1_AS_AS1_CUSTOMERS_asns set {
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community $INTCOMM_ORIGIN_OK
+} # AS_AS1_AS_AS1_CUSTOMERS
+# AS-SET AS1 referenced but empty.
+match from 192.0.2.11 source-as as-set AS_SET_WHITE_LIST_AS1_1_asns set {
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community $INTCOMM_ORIGIN_OK
+} # WHITE_LIST_AS1_1
+
+
+# Prefix: check prefix via AS-SET
+# IRRDB filters for AS1_1, AS1: prefixes
+# add $INTCOMM_PREFIX_KO to any; it will be removed later if at least one AS-SET authorizes this object
+match from 192.0.2.11 set ext-community $INTCOMM_PREFIX_KO
+# verifying if object is authorized by AS-SETs
+match from 192.0.2.11 prefix-set AS_SET_AS_AS1_AS_AS1_CUSTOMERS_prefixes set {
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community $INTCOMM_PREFIX_OK
+} # AS_AS1_AS_AS1_CUSTOMERS
+# AS-SET AS1 referenced but empty.
+match from 192.0.2.11 prefix-set AS_SET_WHITE_LIST_AS1_1_prefixes set {
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community $INTCOMM_PREFIX_OK
+} # WHITE_LIST_AS1_1
+
+
+# routes tagged with $INTCOMM_PREF_OK_ROA community have the prefix validated by a ROA; origin ASN previously validated ($INTCOMM_ORIGIN_OK)
+match from 192.0.2.11 ext-community $INTCOMM_ORIGIN_OK ext-community $INTCOMM_PREF_OK_ROA set ext-community delete $INTCOMM_IRR_REJECT
+
+
+
+# route authorized by a client's white list?
+match from 192.0.2.11 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_ROUTE_OK_WL set ext-community delete $INTCOMM_IRR_REJECT
+
+# enforcing: origin ASN
+# Reject inbound routes when 'from 192.0.2.11 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_ORIGIN_KO' - reject code: 9
+allow quick from 192.0.2.11 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_ORIGIN_KO set {
+	localpref 1
+	community 65520:0
+	community 65520:9
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# enforcing: prefix
+# Reject inbound routes when 'from 192.0.2.11 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_PREFIX_KO' - reject code: 12
+allow quick from 192.0.2.11 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_PREFIX_KO set {
+	localpref 1
+	community 65520:0
+	community 65520:12
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# Blackhole request?
+match from 192.0.2.11 set ext-community delete rt 65520:1
+
+
+# Remove internal communities before accepting the route
+match from 192.0.2.11 community BLACKHOLE set {
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+allow from 192.0.2.11 community 65534:0 set {
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+allow from 192.0.2.11 large-community 65534:0:0 set {
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# Add the rpki_bgp_origin_validation_not_performed community
+match from 192.0.2.11 community BLACKHOLE set community 65530:4
+match from 192.0.2.11 community BLACKHOLE set large-community 999:65530:4
+
+match from 192.0.2.11 community 65534:0 set { community 65530:4 large-community 999:65530:4}
+match from 192.0.2.11 large-community 65534:0:0 set { community 65530:4 large-community 999:65530:4}
+
+
+allow quick from 192.0.2.11 community BLACKHOLE
+allow quick from 192.0.2.11 community 65534:0
+allow quick from 192.0.2.11 large-community 65534:0:0
+
+
+match from 192.0.2.11 set ext-community rt 65520:1
+
+
+# RPKI-based Origin Validation
+# Reject inbound routes when 'from 192.0.2.11 ext-community $INTCOMM_RPKI_INVALID' - reject code: 14
+allow quick from 192.0.2.11 ext-community $INTCOMM_RPKI_INVALID set {
+	localpref 1
+	community 65520:0
+	community 65520:14
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# Prefix: length
+# Reject inbound routes when 'from 192.0.2.11 prefix 0.0.0.0/0 prefixlen 8 >< 24' - reject code: 13
+allow quick from 192.0.2.11 prefix 0.0.0.0/0 prefixlen 8 >< 24 set {
+	localpref 1
+	community 65520:0
+	community 65520:13
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# Graceful shutdown
+match from 192.0.2.11 community GRACEFUL_SHUTDOWN set localpref 5
+
+# Remove internal communities before accepting the route
+match from 192.0.2.11 set {
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+match from 192.0.2.11 set ext-community delete rt 65520:1
+
+
+
+allow quick from 192.0.2.11
+
+
+
+# ---------------------------------------------
+# client AS1_1, outbound
+
+deny quick to 192.0.2.11 community 65520:0
+
+
+
+# Blackhole request?
+# Configured policy: rewrite-next-hop
+match to 192.0.2.11 community 65534:0 set community BLACKHOLE
+match to 192.0.2.11 large-community 65534:0:0 set community BLACKHOLE
+
+match to 192.0.2.11 community BLACKHOLE set community NO_EXPORT
+match to 192.0.2.11 community BLACKHOLE set nexthop 192.0.2.66
+
+
+# RPKI-based Origin Validation
+# Do not announce INVALID to clients
+deny quick to 192.0.2.11 ext-community $INTCOMM_RPKI_INVALID
+
+# NO_EXPORT and NO_ADVERTISE communities
+# add_noexport_to_any
+match to 192.0.2.11 community 65507:999 set community NO_EXPORT
+match to 192.0.2.11 ext-community rt 65507:999 set community NO_EXPORT
+match to 192.0.2.11 large-community 999:65507:999 set community NO_EXPORT
+
+# add_noadvertise_to_any
+match to 192.0.2.11 community 65508:999 set community NO_ADVERTISE
+match to 192.0.2.11 ext-community rt 65508:999 set community NO_ADVERTISE
+match to 192.0.2.11 large-community 999:65508:999 set community NO_ADVERTISE
+
+# add_noexport_to_peer
+match to 192.0.2.11 community 65509:1 set community NO_EXPORT
+match to 192.0.2.11 ext-community rt 65509:1 set community NO_EXPORT
+match to 192.0.2.11 large-community 999:65509:1 set community NO_EXPORT
+
+# add_noadvertise_to_peer
+match to 192.0.2.11 community 65510:1 set community NO_ADVERTISE
+match to 192.0.2.11 ext-community rt 65510:1 set community NO_ADVERTISE
+match to 192.0.2.11 large-community 999:65510:1 set community NO_ADVERTISE
+
+
+# BGP control communities
+allow to 192.0.2.11
+
+# do_not_announce_to_any
+deny to 192.0.2.11 community 0:999
+deny to 192.0.2.11 ext-community rt 0:999
+deny to 192.0.2.11 large-community 999:0:999
+
+# do_not_announce_to_peer
+deny quick to 192.0.2.11 community 0:1
+deny quick to 192.0.2.11 ext-community rt 0:1
+deny quick to 192.0.2.11 large-community 999:0:1
+
+# announce_to_peer
+allow to 192.0.2.11 community 65501:1
+allow to 192.0.2.11 ext-community rt 65501:1
+allow to 192.0.2.11 large-community 999:65501:1
+
+
+# Add the $INTCOMM_PROCESS_PREPEND_COMMS ext community to signal that communities
+# for prepending can be processed. As soon as one prepending action is performed,
+# this internal community is removed, so that further actions are not processed.
+match to 192.0.2.11 set ext-community $INTCOMM_PROCESS_PREPEND_COMMS
+
+# prepend_once_to_peer AS1; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 65521:1 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 65521:1 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:65521:1 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+# prepend_twice_to_peer AS1; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 65522:1 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 65522:1 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:65522:1 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+# prepend_thrice_to_peer AS1; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 65523:1 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 65523:1 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:65523:1 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+
+# prepend_once_to_any; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 65521:65521 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 65521:65521 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:65521:65521 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+# prepend_twice_to_any; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 65522:65522 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 65522:65522 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:65522:65522 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+# prepend_thrice_to_any; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 65523:65523 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 65523:65523 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:65523:65523 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+
+# ---------------------------------------------
+# client AS1_2, inbound
+
+
+
+# NEXT_HOP
+match from 2001:db8:1:1::11 set community NO_ADVERTISE
+match from 2001:db8:1:1::11 nexthop 2001:db8:1:1::11 set community delete NO_ADVERTISE
+# Reject inbound routes when 'from 2001:db8:1:1::11 community NO_ADVERTISE' - reject code: 5
+allow quick from 2001:db8:1:1::11 community NO_ADVERTISE set {
+	localpref 1
+	community 65520:0
+	community 65520:5
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: left-most ASN
+# Reject inbound routes when 'from 2001:db8:1:1::11 peer-as != 1' - reject code: 6
+# community from reject_cause_map
+allow quick from 2001:db8:1:1::11 peer-as != 1 set {
+	localpref 1
+	community 65520:0
+	community 65520:6
+	large-community 999:1101:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: invalid ASNs
+# Reject inbound routes when 'from 2001:db8:1:1::11 AS 23456' - reject code: 7
+allow quick from 2001:db8:1:1::11 AS 23456 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 2001:db8:1:1::11 AS 64496 - 131071' - reject code: 7
+allow quick from 2001:db8:1:1::11 AS 64496 - 131071 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 2001:db8:1:1::11 AS 4200000000 - 4294967295' - reject code: 7
+allow quick from 2001:db8:1:1::11 AS 4200000000 - 4294967295 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: transit-free ASNs
+# Reject inbound routes when 'from 2001:db8:1:1::11 AS { 3, 174 }' - reject code: 8
+allow quick from 2001:db8:1:1::11 AS { 3, 174 } set {
+	localpref 1
+	community 65520:0
+	community 65520:8
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: never via route-servers ASNs
+# Reject inbound routes when 'from 2001:db8:1:1::11 AS as-set neverviarouteserver' - reject code: 15
+allow quick from 2001:db8:1:1::11 AS as-set neverviarouteserver set {
+	localpref 1
+	community 65520:0
+	community 65520:15
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# client's white list
+# Add the $INTCOMM_ROUTE_OK_WL ext community to routes which
+# are validated by a client's white list entry.
+# It will be used later during IRRDB validation in
+# case the route is not authorized by a client's
+# AS-SET.
+match from 2001:db8:1:1::11 prefix 11.3.0.0/16 source-as 1011 set ext-community $INTCOMM_ROUTE_OK_WL	# None
+match from 2001:db8:1:1::11 prefix 11.4.0.0/16 prefixlen 16 - 32 set ext-community $INTCOMM_ROUTE_OK_WL	# None
+match from 2001:db8:1:1::11 prefix 2a11:3::/32 source-as 1011 set ext-community $INTCOMM_ROUTE_OK_WL	# None
+match from 2001:db8:1:1::11 prefix 2a11:4::/32 prefixlen 32 - 128 set ext-community $INTCOMM_ROUTE_OK_WL	# None
+
+match from 2001:db8:1:1::11 set ext-community $INTCOMM_IRR_REJECT
+
+# AS_PATH: check origin via AS-SET
+# IRRDB filters for AS1_2, AS1: asns
+# add $INTCOMM_ORIGIN_KO to any; it will be removed later if at least one AS-SET authorizes this object
+match from 2001:db8:1:1::11 set ext-community $INTCOMM_ORIGIN_KO
+# verifying if object is authorized by AS-SETs
+match from 2001:db8:1:1::11 source-as as-set AS_SET_AS_AS1_AS_AS1_CUSTOMERS_asns set {
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community $INTCOMM_ORIGIN_OK
+} # AS_AS1_AS_AS1_CUSTOMERS
+match from 2001:db8:1:1::11 source-as as-set AS_SET_WHITE_LIST_AS1_2_asns set {
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community $INTCOMM_ORIGIN_OK
+} # WHITE_LIST_AS1_2
+# AS-SET AS1 referenced but empty.
+
+
+# Prefix: check prefix via AS-SET
+# IRRDB filters for AS1_2, AS1: prefixes
+# add $INTCOMM_PREFIX_KO to any; it will be removed later if at least one AS-SET authorizes this object
+match from 2001:db8:1:1::11 set ext-community $INTCOMM_PREFIX_KO
+# verifying if object is authorized by AS-SETs
+match from 2001:db8:1:1::11 prefix-set AS_SET_AS_AS1_AS_AS1_CUSTOMERS_prefixes set {
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community $INTCOMM_PREFIX_OK
+} # AS_AS1_AS_AS1_CUSTOMERS
+match from 2001:db8:1:1::11 prefix-set AS_SET_WHITE_LIST_AS1_2_prefixes set {
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community $INTCOMM_PREFIX_OK
+} # WHITE_LIST_AS1_2
+# AS-SET AS1 referenced but empty.
+
+
+# routes tagged with $INTCOMM_PREF_OK_ROA community have the prefix validated by a ROA; origin ASN previously validated ($INTCOMM_ORIGIN_OK)
+match from 2001:db8:1:1::11 ext-community $INTCOMM_ORIGIN_OK ext-community $INTCOMM_PREF_OK_ROA set ext-community delete $INTCOMM_IRR_REJECT
+
+
+
+# route authorized by a client's white list?
+match from 2001:db8:1:1::11 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_ROUTE_OK_WL set ext-community delete $INTCOMM_IRR_REJECT
+
+# enforcing: origin ASN
+# Reject inbound routes when 'from 2001:db8:1:1::11 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_ORIGIN_KO' - reject code: 9
+allow quick from 2001:db8:1:1::11 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_ORIGIN_KO set {
+	localpref 1
+	community 65520:0
+	community 65520:9
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# enforcing: prefix
+# Reject inbound routes when 'from 2001:db8:1:1::11 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_PREFIX_KO' - reject code: 12
+allow quick from 2001:db8:1:1::11 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_PREFIX_KO set {
+	localpref 1
+	community 65520:0
+	community 65520:12
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# Blackhole request?
+match from 2001:db8:1:1::11 set ext-community delete rt 65520:1
+
+
+# Remove internal communities before accepting the route
+match from 2001:db8:1:1::11 community BLACKHOLE set {
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+allow from 2001:db8:1:1::11 community 65534:0 set {
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+allow from 2001:db8:1:1::11 large-community 65534:0:0 set {
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# Add the rpki_bgp_origin_validation_not_performed community
+match from 2001:db8:1:1::11 community BLACKHOLE set community 65530:4
+match from 2001:db8:1:1::11 community BLACKHOLE set large-community 999:65530:4
+
+match from 2001:db8:1:1::11 community 65534:0 set { community 65530:4 large-community 999:65530:4}
+match from 2001:db8:1:1::11 large-community 65534:0:0 set { community 65530:4 large-community 999:65530:4}
+
+
+allow quick from 2001:db8:1:1::11 community BLACKHOLE
+allow quick from 2001:db8:1:1::11 community 65534:0
+allow quick from 2001:db8:1:1::11 large-community 65534:0:0
+
+
+match from 2001:db8:1:1::11 set ext-community rt 65520:1
+
+
+# RPKI-based Origin Validation
+# Reject inbound routes when 'from 2001:db8:1:1::11 ext-community $INTCOMM_RPKI_INVALID' - reject code: 14
+allow quick from 2001:db8:1:1::11 ext-community $INTCOMM_RPKI_INVALID set {
+	localpref 1
+	community 65520:0
+	community 65520:14
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# Prefix: length
+# Reject inbound routes when 'from 2001:db8:1:1::11 prefix ::/0 prefixlen 17 >< 48' - reject code: 13
+allow quick from 2001:db8:1:1::11 prefix ::/0 prefixlen 17 >< 48 set {
+	localpref 1
+	community 65520:0
+	community 65520:13
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# Graceful shutdown
+match from 2001:db8:1:1::11 community GRACEFUL_SHUTDOWN set localpref 5
+
+# Remove internal communities before accepting the route
+match from 2001:db8:1:1::11 set {
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+match from 2001:db8:1:1::11 set ext-community delete rt 65520:1
+
+
+
+allow quick from 2001:db8:1:1::11
+
+
+
+# ---------------------------------------------
+# client AS1_2, outbound
+
+deny quick to 2001:db8:1:1::11 community 65520:0
+
+
+
+# Blackhole request?
+# Configured policy: rewrite-next-hop
+match to 2001:db8:1:1::11 community 65534:0 set community BLACKHOLE
+match to 2001:db8:1:1::11 large-community 65534:0:0 set community BLACKHOLE
+
+match to 2001:db8:1:1::11 community BLACKHOLE set community NO_EXPORT
+match to 2001:db8:1:1::11 community BLACKHOLE set nexthop 2001:db8:1:1::66
+
+
+# RPKI-based Origin Validation
+# Do not announce INVALID to clients
+deny quick to 2001:db8:1:1::11 ext-community $INTCOMM_RPKI_INVALID
+
+# NO_EXPORT and NO_ADVERTISE communities
+# add_noexport_to_any
+match to 2001:db8:1:1::11 community 65507:999 set community NO_EXPORT
+match to 2001:db8:1:1::11 ext-community rt 65507:999 set community NO_EXPORT
+match to 2001:db8:1:1::11 large-community 999:65507:999 set community NO_EXPORT
+
+# add_noadvertise_to_any
+match to 2001:db8:1:1::11 community 65508:999 set community NO_ADVERTISE
+match to 2001:db8:1:1::11 ext-community rt 65508:999 set community NO_ADVERTISE
+match to 2001:db8:1:1::11 large-community 999:65508:999 set community NO_ADVERTISE
+
+# add_noexport_to_peer
+match to 2001:db8:1:1::11 community 65509:1 set community NO_EXPORT
+match to 2001:db8:1:1::11 ext-community rt 65509:1 set community NO_EXPORT
+match to 2001:db8:1:1::11 large-community 999:65509:1 set community NO_EXPORT
+
+# add_noadvertise_to_peer
+match to 2001:db8:1:1::11 community 65510:1 set community NO_ADVERTISE
+match to 2001:db8:1:1::11 ext-community rt 65510:1 set community NO_ADVERTISE
+match to 2001:db8:1:1::11 large-community 999:65510:1 set community NO_ADVERTISE
+
+
+# BGP control communities
+allow to 2001:db8:1:1::11
+
+# do_not_announce_to_any
+deny to 2001:db8:1:1::11 community 0:999
+deny to 2001:db8:1:1::11 ext-community rt 0:999
+deny to 2001:db8:1:1::11 large-community 999:0:999
+
+# do_not_announce_to_peer
+deny quick to 2001:db8:1:1::11 community 0:1
+deny quick to 2001:db8:1:1::11 ext-community rt 0:1
+deny quick to 2001:db8:1:1::11 large-community 999:0:1
+
+# announce_to_peer
+allow to 2001:db8:1:1::11 community 65501:1
+allow to 2001:db8:1:1::11 ext-community rt 65501:1
+allow to 2001:db8:1:1::11 large-community 999:65501:1
+
+
+# Add the $INTCOMM_PROCESS_PREPEND_COMMS ext community to signal that communities
+# for prepending can be processed. As soon as one prepending action is performed,
+# this internal community is removed, so that further actions are not processed.
+match to 2001:db8:1:1::11 set ext-community $INTCOMM_PROCESS_PREPEND_COMMS
+
+# prepend_once_to_peer AS1; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 65521:1 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 65521:1 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:65521:1 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+# prepend_twice_to_peer AS1; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 65522:1 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 65522:1 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:65522:1 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+# prepend_thrice_to_peer AS1; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 65523:1 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 65523:1 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:65523:1 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+
+# prepend_once_to_any; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 65521:65521 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 65521:65521 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:65521:65521 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+# prepend_twice_to_any; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 65522:65522 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 65522:65522 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:65522:65522 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+# prepend_thrice_to_any; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 65523:65523 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 65523:65523 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::11 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:65523:65523 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+
+# ---------------------------------------------
+# client AS1_3, inbound
+
+
+
+# NEXT_HOP
+match from 192.0.2.12 set community NO_ADVERTISE
+match from 192.0.2.12 nexthop 192.0.2.11 set community delete NO_ADVERTISE
+match from 192.0.2.12 nexthop 192.0.2.12 set community delete NO_ADVERTISE
+# Reject inbound routes when 'from 192.0.2.12 community NO_ADVERTISE' - reject code: 5
+allow quick from 192.0.2.12 community NO_ADVERTISE set {
+	localpref 1
+	community 65520:0
+	community 65520:5
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: left-most ASN
+# Reject inbound routes when 'from 192.0.2.12 peer-as != 1' - reject code: 6
+# community from reject_cause_map
+allow quick from 192.0.2.12 peer-as != 1 set {
+	localpref 1
+	community 65520:0
+	community 65520:6
+	large-community 999:1101:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: invalid ASNs
+# Reject inbound routes when 'from 192.0.2.12 AS 23456' - reject code: 7
+allow quick from 192.0.2.12 AS 23456 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 192.0.2.12 AS 64496 - 131071' - reject code: 7
+allow quick from 192.0.2.12 AS 64496 - 131071 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 192.0.2.12 AS 4200000000 - 4294967295' - reject code: 7
+allow quick from 192.0.2.12 AS 4200000000 - 4294967295 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: transit-free ASNs
+# Reject inbound routes when 'from 192.0.2.12 AS { 3, 174 }' - reject code: 8
+allow quick from 192.0.2.12 AS { 3, 174 } set {
+	localpref 1
+	community 65520:0
+	community 65520:8
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: never via route-servers ASNs
+# Reject inbound routes when 'from 192.0.2.12 AS as-set neverviarouteserver' - reject code: 15
+allow quick from 192.0.2.12 AS as-set neverviarouteserver set {
+	localpref 1
+	community 65520:0
+	community 65520:15
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+match from 192.0.2.12 set ext-community $INTCOMM_IRR_REJECT
+
+# AS_PATH: check origin via AS-SET
+# IRRDB filters for AS1_3, AS1: asns
+# add $INTCOMM_ORIGIN_KO to any; it will be removed later if at least one AS-SET authorizes this object
+match from 192.0.2.12 set ext-community $INTCOMM_ORIGIN_KO
+# verifying if object is authorized by AS-SETs
+match from 192.0.2.12 source-as as-set AS_SET_AS_AS1_AS_AS1_CUSTOMERS_asns set {
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community $INTCOMM_ORIGIN_OK
+} # AS_AS1_AS_AS1_CUSTOMERS
+# AS-SET AS1 referenced but empty.
+
+
+# Prefix: check prefix via AS-SET
+# IRRDB filters for AS1_3, AS1: prefixes
+# add $INTCOMM_PREFIX_KO to any; it will be removed later if at least one AS-SET authorizes this object
+match from 192.0.2.12 set ext-community $INTCOMM_PREFIX_KO
+# verifying if object is authorized by AS-SETs
+match from 192.0.2.12 prefix-set AS_SET_AS_AS1_AS_AS1_CUSTOMERS_prefixes set {
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community $INTCOMM_PREFIX_OK
+} # AS_AS1_AS_AS1_CUSTOMERS
+# AS-SET AS1 referenced but empty.
+
+
+# routes tagged with $INTCOMM_PREF_OK_ROA community have the prefix validated by a ROA; origin ASN previously validated ($INTCOMM_ORIGIN_OK)
+match from 192.0.2.12 ext-community $INTCOMM_ORIGIN_OK ext-community $INTCOMM_PREF_OK_ROA set ext-community delete $INTCOMM_IRR_REJECT
+
+
+
+
+# enforcing: origin ASN
+# Reject inbound routes when 'from 192.0.2.12 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_ORIGIN_KO' - reject code: 9
+allow quick from 192.0.2.12 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_ORIGIN_KO set {
+	localpref 1
+	community 65520:0
+	community 65520:9
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# enforcing: prefix
+# Reject inbound routes when 'from 192.0.2.12 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_PREFIX_KO' - reject code: 12
+allow quick from 192.0.2.12 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_PREFIX_KO set {
+	localpref 1
+	community 65520:0
+	community 65520:12
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# Blackhole request?
+match from 192.0.2.12 set ext-community delete rt 65520:1
+
+
+# Remove internal communities before accepting the route
+match from 192.0.2.12 community BLACKHOLE set {
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+allow from 192.0.2.12 community 65534:0 set {
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+allow from 192.0.2.12 large-community 65534:0:0 set {
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# Add the rpki_bgp_origin_validation_not_performed community
+match from 192.0.2.12 community BLACKHOLE set community 65530:4
+match from 192.0.2.12 community BLACKHOLE set large-community 999:65530:4
+
+match from 192.0.2.12 community 65534:0 set { community 65530:4 large-community 999:65530:4}
+match from 192.0.2.12 large-community 65534:0:0 set { community 65530:4 large-community 999:65530:4}
+
+
+allow quick from 192.0.2.12 community BLACKHOLE
+allow quick from 192.0.2.12 community 65534:0
+allow quick from 192.0.2.12 large-community 65534:0:0
+
+
+match from 192.0.2.12 set ext-community rt 65520:1
+
+
+# RPKI-based Origin Validation
+# Reject inbound routes when 'from 192.0.2.12 ext-community $INTCOMM_RPKI_INVALID' - reject code: 14
+allow quick from 192.0.2.12 ext-community $INTCOMM_RPKI_INVALID set {
+	localpref 1
+	community 65520:0
+	community 65520:14
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# Prefix: length
+# Reject inbound routes when 'from 192.0.2.12 prefix 0.0.0.0/0 prefixlen 8 >< 24' - reject code: 13
+allow quick from 192.0.2.12 prefix 0.0.0.0/0 prefixlen 8 >< 24 set {
+	localpref 1
+	community 65520:0
+	community 65520:13
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# Graceful shutdown
+match from 192.0.2.12 community GRACEFUL_SHUTDOWN set localpref 5
+
+# Remove internal communities before accepting the route
+match from 192.0.2.12 set {
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+match from 192.0.2.12 set ext-community delete rt 65520:1
+
+
+
+allow quick from 192.0.2.12
+
+
+
+# ---------------------------------------------
+# client AS1_3, outbound
+
+deny quick to 192.0.2.12 community 65520:0
+
+
+
+# Blackhole request?
+# Client not enabled to receive blackhole routes
+deny quick to 192.0.2.12 community BLACKHOLE
+deny quick to 192.0.2.12 community 65534:0
+deny quick to 192.0.2.12 large-community 65534:0:0
+
+
+# RPKI-based Origin Validation
+# Do not announce INVALID to clients
+deny quick to 192.0.2.12 ext-community $INTCOMM_RPKI_INVALID
+
+# NO_EXPORT and NO_ADVERTISE communities
+# add_noexport_to_any
+match to 192.0.2.12 community 65507:999 set community NO_EXPORT
+match to 192.0.2.12 ext-community rt 65507:999 set community NO_EXPORT
+match to 192.0.2.12 large-community 999:65507:999 set community NO_EXPORT
+
+# add_noadvertise_to_any
+match to 192.0.2.12 community 65508:999 set community NO_ADVERTISE
+match to 192.0.2.12 ext-community rt 65508:999 set community NO_ADVERTISE
+match to 192.0.2.12 large-community 999:65508:999 set community NO_ADVERTISE
+
+# add_noexport_to_peer
+match to 192.0.2.12 community 65509:1 set community NO_EXPORT
+match to 192.0.2.12 ext-community rt 65509:1 set community NO_EXPORT
+match to 192.0.2.12 large-community 999:65509:1 set community NO_EXPORT
+
+# add_noadvertise_to_peer
+match to 192.0.2.12 community 65510:1 set community NO_ADVERTISE
+match to 192.0.2.12 ext-community rt 65510:1 set community NO_ADVERTISE
+match to 192.0.2.12 large-community 999:65510:1 set community NO_ADVERTISE
+
+
+# BGP control communities
+allow to 192.0.2.12
+
+# do_not_announce_to_any
+deny to 192.0.2.12 community 0:999
+deny to 192.0.2.12 ext-community rt 0:999
+deny to 192.0.2.12 large-community 999:0:999
+
+# do_not_announce_to_peer
+deny quick to 192.0.2.12 community 0:1
+deny quick to 192.0.2.12 ext-community rt 0:1
+deny quick to 192.0.2.12 large-community 999:0:1
+
+# announce_to_peer
+allow to 192.0.2.12 community 65501:1
+allow to 192.0.2.12 ext-community rt 65501:1
+allow to 192.0.2.12 large-community 999:65501:1
+
+
+# Add the $INTCOMM_PROCESS_PREPEND_COMMS ext community to signal that communities
+# for prepending can be processed. As soon as one prepending action is performed,
+# this internal community is removed, so that further actions are not processed.
+match to 192.0.2.12 set ext-community $INTCOMM_PROCESS_PREPEND_COMMS
+
+# prepend_once_to_peer AS1; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 65521:1 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 65521:1 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:65521:1 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+# prepend_twice_to_peer AS1; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 65522:1 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 65522:1 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:65522:1 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+# prepend_thrice_to_peer AS1; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 65523:1 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 65523:1 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:65523:1 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+
+# prepend_once_to_any; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 65521:65521 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 65521:65521 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:65521:65521 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+# prepend_twice_to_any; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 65522:65522 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 65522:65522 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:65522:65522 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+# prepend_thrice_to_any; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 65523:65523 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 65523:65523 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:65523:65523 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+
+# ---------------------------------------------
+# client AS1_4, inbound
+
+
+
+# NEXT_HOP
+match from 2001:db8:1:1::12 set community NO_ADVERTISE
+match from 2001:db8:1:1::12 nexthop 2001:db8:1:1::11 set community delete NO_ADVERTISE
+match from 2001:db8:1:1::12 nexthop 2001:db8:1:1::12 set community delete NO_ADVERTISE
+# Reject inbound routes when 'from 2001:db8:1:1::12 community NO_ADVERTISE' - reject code: 5
+allow quick from 2001:db8:1:1::12 community NO_ADVERTISE set {
+	localpref 1
+	community 65520:0
+	community 65520:5
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: left-most ASN
+# Reject inbound routes when 'from 2001:db8:1:1::12 peer-as != 1' - reject code: 6
+# community from reject_cause_map
+allow quick from 2001:db8:1:1::12 peer-as != 1 set {
+	localpref 1
+	community 65520:0
+	community 65520:6
+	large-community 999:1101:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: invalid ASNs
+# Reject inbound routes when 'from 2001:db8:1:1::12 AS 23456' - reject code: 7
+allow quick from 2001:db8:1:1::12 AS 23456 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 2001:db8:1:1::12 AS 64496 - 131071' - reject code: 7
+allow quick from 2001:db8:1:1::12 AS 64496 - 131071 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 2001:db8:1:1::12 AS 4200000000 - 4294967295' - reject code: 7
+allow quick from 2001:db8:1:1::12 AS 4200000000 - 4294967295 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: transit-free ASNs
+# Reject inbound routes when 'from 2001:db8:1:1::12 AS { 3, 174 }' - reject code: 8
+allow quick from 2001:db8:1:1::12 AS { 3, 174 } set {
+	localpref 1
+	community 65520:0
+	community 65520:8
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: never via route-servers ASNs
+# Reject inbound routes when 'from 2001:db8:1:1::12 AS as-set neverviarouteserver' - reject code: 15
+allow quick from 2001:db8:1:1::12 AS as-set neverviarouteserver set {
+	localpref 1
+	community 65520:0
+	community 65520:15
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+match from 2001:db8:1:1::12 set ext-community $INTCOMM_IRR_REJECT
+
+# AS_PATH: check origin via AS-SET
+# IRRDB filters for AS1_4, AS1: asns
+# add $INTCOMM_ORIGIN_KO to any; it will be removed later if at least one AS-SET authorizes this object
+match from 2001:db8:1:1::12 set ext-community $INTCOMM_ORIGIN_KO
+# verifying if object is authorized by AS-SETs
+match from 2001:db8:1:1::12 source-as as-set AS_SET_AS_AS1_AS_AS1_CUSTOMERS_asns set {
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community $INTCOMM_ORIGIN_OK
+} # AS_AS1_AS_AS1_CUSTOMERS
+# AS-SET AS1 referenced but empty.
+
+
+# Prefix: check prefix via AS-SET
+# IRRDB filters for AS1_4, AS1: prefixes
+# add $INTCOMM_PREFIX_KO to any; it will be removed later if at least one AS-SET authorizes this object
+match from 2001:db8:1:1::12 set ext-community $INTCOMM_PREFIX_KO
+# verifying if object is authorized by AS-SETs
+match from 2001:db8:1:1::12 prefix-set AS_SET_AS_AS1_AS_AS1_CUSTOMERS_prefixes set {
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community $INTCOMM_PREFIX_OK
+} # AS_AS1_AS_AS1_CUSTOMERS
+# AS-SET AS1 referenced but empty.
+
+
+# routes tagged with $INTCOMM_PREF_OK_ROA community have the prefix validated by a ROA; origin ASN previously validated ($INTCOMM_ORIGIN_OK)
+match from 2001:db8:1:1::12 ext-community $INTCOMM_ORIGIN_OK ext-community $INTCOMM_PREF_OK_ROA set ext-community delete $INTCOMM_IRR_REJECT
+
+
+
+
+# enforcing: origin ASN
+# Reject inbound routes when 'from 2001:db8:1:1::12 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_ORIGIN_KO' - reject code: 9
+allow quick from 2001:db8:1:1::12 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_ORIGIN_KO set {
+	localpref 1
+	community 65520:0
+	community 65520:9
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# enforcing: prefix
+# Reject inbound routes when 'from 2001:db8:1:1::12 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_PREFIX_KO' - reject code: 12
+allow quick from 2001:db8:1:1::12 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_PREFIX_KO set {
+	localpref 1
+	community 65520:0
+	community 65520:12
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# Blackhole request?
+match from 2001:db8:1:1::12 set ext-community delete rt 65520:1
+
+
+# Remove internal communities before accepting the route
+match from 2001:db8:1:1::12 community BLACKHOLE set {
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+allow from 2001:db8:1:1::12 community 65534:0 set {
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+allow from 2001:db8:1:1::12 large-community 65534:0:0 set {
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# Add the rpki_bgp_origin_validation_not_performed community
+match from 2001:db8:1:1::12 community BLACKHOLE set community 65530:4
+match from 2001:db8:1:1::12 community BLACKHOLE set large-community 999:65530:4
+
+match from 2001:db8:1:1::12 community 65534:0 set { community 65530:4 large-community 999:65530:4}
+match from 2001:db8:1:1::12 large-community 65534:0:0 set { community 65530:4 large-community 999:65530:4}
+
+
+allow quick from 2001:db8:1:1::12 community BLACKHOLE
+allow quick from 2001:db8:1:1::12 community 65534:0
+allow quick from 2001:db8:1:1::12 large-community 65534:0:0
+
+
+match from 2001:db8:1:1::12 set ext-community rt 65520:1
+
+
+# RPKI-based Origin Validation
+# Reject inbound routes when 'from 2001:db8:1:1::12 ext-community $INTCOMM_RPKI_INVALID' - reject code: 14
+allow quick from 2001:db8:1:1::12 ext-community $INTCOMM_RPKI_INVALID set {
+	localpref 1
+	community 65520:0
+	community 65520:14
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# Prefix: length
+# Reject inbound routes when 'from 2001:db8:1:1::12 prefix ::/0 prefixlen 17 >< 48' - reject code: 13
+allow quick from 2001:db8:1:1::12 prefix ::/0 prefixlen 17 >< 48 set {
+	localpref 1
+	community 65520:0
+	community 65520:13
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# Graceful shutdown
+match from 2001:db8:1:1::12 community GRACEFUL_SHUTDOWN set localpref 5
+
+# Remove internal communities before accepting the route
+match from 2001:db8:1:1::12 set {
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+match from 2001:db8:1:1::12 set ext-community delete rt 65520:1
+
+
+
+allow quick from 2001:db8:1:1::12
+
+
+
+# ---------------------------------------------
+# client AS1_4, outbound
+
+deny quick to 2001:db8:1:1::12 community 65520:0
+
+
+
+# Blackhole request?
+# Client not enabled to receive blackhole routes
+deny quick to 2001:db8:1:1::12 community BLACKHOLE
+deny quick to 2001:db8:1:1::12 community 65534:0
+deny quick to 2001:db8:1:1::12 large-community 65534:0:0
+
+
+# RPKI-based Origin Validation
+# Do not announce INVALID to clients
+deny quick to 2001:db8:1:1::12 ext-community $INTCOMM_RPKI_INVALID
+
+# NO_EXPORT and NO_ADVERTISE communities
+# add_noexport_to_any
+match to 2001:db8:1:1::12 community 65507:999 set community NO_EXPORT
+match to 2001:db8:1:1::12 ext-community rt 65507:999 set community NO_EXPORT
+match to 2001:db8:1:1::12 large-community 999:65507:999 set community NO_EXPORT
+
+# add_noadvertise_to_any
+match to 2001:db8:1:1::12 community 65508:999 set community NO_ADVERTISE
+match to 2001:db8:1:1::12 ext-community rt 65508:999 set community NO_ADVERTISE
+match to 2001:db8:1:1::12 large-community 999:65508:999 set community NO_ADVERTISE
+
+# add_noexport_to_peer
+match to 2001:db8:1:1::12 community 65509:1 set community NO_EXPORT
+match to 2001:db8:1:1::12 ext-community rt 65509:1 set community NO_EXPORT
+match to 2001:db8:1:1::12 large-community 999:65509:1 set community NO_EXPORT
+
+# add_noadvertise_to_peer
+match to 2001:db8:1:1::12 community 65510:1 set community NO_ADVERTISE
+match to 2001:db8:1:1::12 ext-community rt 65510:1 set community NO_ADVERTISE
+match to 2001:db8:1:1::12 large-community 999:65510:1 set community NO_ADVERTISE
+
+
+# BGP control communities
+allow to 2001:db8:1:1::12
+
+# do_not_announce_to_any
+deny to 2001:db8:1:1::12 community 0:999
+deny to 2001:db8:1:1::12 ext-community rt 0:999
+deny to 2001:db8:1:1::12 large-community 999:0:999
+
+# do_not_announce_to_peer
+deny quick to 2001:db8:1:1::12 community 0:1
+deny quick to 2001:db8:1:1::12 ext-community rt 0:1
+deny quick to 2001:db8:1:1::12 large-community 999:0:1
+
+# announce_to_peer
+allow to 2001:db8:1:1::12 community 65501:1
+allow to 2001:db8:1:1::12 ext-community rt 65501:1
+allow to 2001:db8:1:1::12 large-community 999:65501:1
+
+
+# Add the $INTCOMM_PROCESS_PREPEND_COMMS ext community to signal that communities
+# for prepending can be processed. As soon as one prepending action is performed,
+# this internal community is removed, so that further actions are not processed.
+match to 2001:db8:1:1::12 set ext-community $INTCOMM_PROCESS_PREPEND_COMMS
+
+# prepend_once_to_peer AS1; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 65521:1 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 65521:1 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:65521:1 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+# prepend_twice_to_peer AS1; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 65522:1 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 65522:1 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:65522:1 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+# prepend_thrice_to_peer AS1; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 65523:1 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 65523:1 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:65523:1 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+
+# prepend_once_to_any; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 65521:65521 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 65521:65521 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:65521:65521 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+# prepend_twice_to_any; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 65522:65522 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 65522:65522 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:65522:65522 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+# prepend_thrice_to_any; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 65523:65523 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 65523:65523 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::12 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:65523:65523 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+
+# ---------------------------------------------
+# client AS222_1, inbound
+
+
+
+# NEXT_HOP
+match from 192.0.2.222 set community NO_ADVERTISE
+match from 192.0.2.222 nexthop 192.0.2.222 set community delete NO_ADVERTISE
+# Reject inbound routes when 'from 192.0.2.222 community NO_ADVERTISE' - reject code: 5
+allow quick from 192.0.2.222 community NO_ADVERTISE set {
+	localpref 1
+	community 65520:0
+	community 65520:5
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: left-most ASN
+# Reject inbound routes when 'from 192.0.2.222 peer-as != 222' - reject code: 6
+# community from reject_cause_map
+allow quick from 192.0.2.222 peer-as != 222 set {
+	localpref 1
+	community 65520:0
+	community 65520:6
+	large-community 999:1101:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: invalid ASNs
+# Reject inbound routes when 'from 192.0.2.222 AS 23456' - reject code: 7
+allow quick from 192.0.2.222 AS 23456 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 192.0.2.222 AS 64496 - 131071' - reject code: 7
+allow quick from 192.0.2.222 AS 64496 - 131071 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 192.0.2.222 AS 4200000000 - 4294967295' - reject code: 7
+allow quick from 192.0.2.222 AS 4200000000 - 4294967295 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: transit-free ASNs
+# Reject inbound routes when 'from 192.0.2.222 AS { 3, 174 }' - reject code: 8
+allow quick from 192.0.2.222 AS { 3, 174 } set {
+	localpref 1
+	community 65520:0
+	community 65520:8
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: never via route-servers ASNs
+# Reject inbound routes when 'from 192.0.2.222 AS as-set neverviarouteserver' - reject code: 15
+allow quick from 192.0.2.222 AS as-set neverviarouteserver set {
+	localpref 1
+	community 65520:0
+	community 65520:15
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# client's white list
+# Add the $INTCOMM_ROUTE_OK_WL ext community to routes which
+# are validated by a client's white list entry.
+# It will be used later during IRRDB validation in
+# case the route is not authorized by a client's
+# AS-SET.
+match from 192.0.2.222 prefix 222.1.1.0/24 set ext-community $INTCOMM_ROUTE_OK_WL	# None
+match from 192.0.2.222 prefix 3222:0:1::/48 set ext-community $INTCOMM_ROUTE_OK_WL	# None
+
+match from 192.0.2.222 set ext-community $INTCOMM_IRR_REJECT
+
+# AS_PATH: check origin via AS-SET
+# IRRDB filters for AS222_1, AS222: asns
+# add $INTCOMM_ORIGIN_KO to any; it will be removed later if at least one AS-SET authorizes this object
+match from 192.0.2.222 set ext-community $INTCOMM_ORIGIN_KO
+# verifying if object is authorized by AS-SETs
+# AS-SET AS222 referenced but empty.
+# AS-SET AS_AS222 referenced but empty.
+
+
+# Prefix: check prefix via AS-SET
+# IRRDB filters for AS222_1, AS222: prefixes
+# add $INTCOMM_PREFIX_KO to any; it will be removed later if at least one AS-SET authorizes this object
+match from 192.0.2.222 set ext-community $INTCOMM_PREFIX_KO
+# verifying if object is authorized by AS-SETs
+# AS-SET AS222 referenced but empty.
+# AS-SET AS_AS222 referenced but empty.
+
+
+# routes tagged with $INTCOMM_PREF_OK_ROA community have the prefix validated by a ROA; origin ASN previously validated ($INTCOMM_ORIGIN_OK)
+match from 192.0.2.222 ext-community $INTCOMM_ORIGIN_OK ext-community $INTCOMM_PREF_OK_ROA set ext-community delete $INTCOMM_IRR_REJECT
+
+
+
+# route authorized by a client's white list?
+match from 192.0.2.222 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_ROUTE_OK_WL set ext-community delete $INTCOMM_IRR_REJECT
+
+# enforcing: origin ASN
+# Reject inbound routes when 'from 192.0.2.222 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_ORIGIN_KO' - reject code: 9
+allow quick from 192.0.2.222 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_ORIGIN_KO set {
+	localpref 1
+	community 65520:0
+	community 65520:9
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# enforcing: prefix
+# Reject inbound routes when 'from 192.0.2.222 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_PREFIX_KO' - reject code: 12
+allow quick from 192.0.2.222 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_PREFIX_KO set {
+	localpref 1
+	community 65520:0
+	community 65520:12
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# Blackhole request?
+match from 192.0.2.222 set ext-community delete rt 65520:222
+
+
+# Remove internal communities before accepting the route
+match from 192.0.2.222 community BLACKHOLE set {
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+allow from 192.0.2.222 community 65534:0 set {
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+allow from 192.0.2.222 large-community 65534:0:0 set {
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# Add the rpki_bgp_origin_validation_not_performed community
+match from 192.0.2.222 community BLACKHOLE set community 65530:4
+match from 192.0.2.222 community BLACKHOLE set large-community 999:65530:4
+
+match from 192.0.2.222 community 65534:0 set { community 65530:4 large-community 999:65530:4}
+match from 192.0.2.222 large-community 65534:0:0 set { community 65530:4 large-community 999:65530:4}
+
+
+allow quick from 192.0.2.222 community BLACKHOLE
+allow quick from 192.0.2.222 community 65534:0
+allow quick from 192.0.2.222 large-community 65534:0:0
+
+
+match from 192.0.2.222 set ext-community rt 65520:222
+
+
+# RPKI-based Origin Validation
+# Reject inbound routes when 'from 192.0.2.222 ext-community $INTCOMM_RPKI_INVALID' - reject code: 14
+allow quick from 192.0.2.222 ext-community $INTCOMM_RPKI_INVALID set {
+	localpref 1
+	community 65520:0
+	community 65520:14
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# Prefix: length
+# Reject inbound routes when 'from 192.0.2.222 prefix 0.0.0.0/0 prefixlen 8 >< 24' - reject code: 13
+allow quick from 192.0.2.222 prefix 0.0.0.0/0 prefixlen 8 >< 24 set {
+	localpref 1
+	community 65520:0
+	community 65520:13
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# Graceful shutdown
+match from 192.0.2.222 community GRACEFUL_SHUTDOWN set localpref 5
+
+# Remove internal communities before accepting the route
+match from 192.0.2.222 set {
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+match from 192.0.2.222 set ext-community delete rt 65520:222
+
+
+
+allow quick from 192.0.2.222
+
+
+
+# ---------------------------------------------
+# client AS222_1, outbound
+
+deny quick to 192.0.2.222 community 65520:0
+
+
+
+# Blackhole request?
+# Configured policy: rewrite-next-hop
+match to 192.0.2.222 community 65534:0 set community BLACKHOLE
+match to 192.0.2.222 large-community 65534:0:0 set community BLACKHOLE
+
+match to 192.0.2.222 community BLACKHOLE set community NO_EXPORT
+match to 192.0.2.222 community BLACKHOLE set nexthop 192.0.2.66
+
+
+# RPKI-based Origin Validation
+# Do not announce INVALID to clients
+deny quick to 192.0.2.222 ext-community $INTCOMM_RPKI_INVALID
+
+# NO_EXPORT and NO_ADVERTISE communities
+# add_noexport_to_any
+match to 192.0.2.222 community 65507:999 set community NO_EXPORT
+match to 192.0.2.222 ext-community rt 65507:999 set community NO_EXPORT
+match to 192.0.2.222 large-community 999:65507:999 set community NO_EXPORT
+
+# add_noadvertise_to_any
+match to 192.0.2.222 community 65508:999 set community NO_ADVERTISE
+match to 192.0.2.222 ext-community rt 65508:999 set community NO_ADVERTISE
+match to 192.0.2.222 large-community 999:65508:999 set community NO_ADVERTISE
+
+# add_noexport_to_peer
+match to 192.0.2.222 community 65509:222 set community NO_EXPORT
+match to 192.0.2.222 ext-community rt 65509:222 set community NO_EXPORT
+match to 192.0.2.222 large-community 999:65509:222 set community NO_EXPORT
+
+# add_noadvertise_to_peer
+match to 192.0.2.222 community 65510:222 set community NO_ADVERTISE
+match to 192.0.2.222 ext-community rt 65510:222 set community NO_ADVERTISE
+match to 192.0.2.222 large-community 999:65510:222 set community NO_ADVERTISE
+
+
+# BGP control communities
+allow to 192.0.2.222
+
+# do_not_announce_to_any
+deny to 192.0.2.222 community 0:999
+deny to 192.0.2.222 ext-community rt 0:999
+deny to 192.0.2.222 large-community 999:0:999
+
+# do_not_announce_to_peer
+deny quick to 192.0.2.222 community 0:222
+deny quick to 192.0.2.222 ext-community rt 0:222
+deny quick to 192.0.2.222 large-community 999:0:222
+
+# announce_to_peer
+allow to 192.0.2.222 community 65501:222
+allow to 192.0.2.222 ext-community rt 65501:222
+allow to 192.0.2.222 large-community 999:65501:222
+
+
+# Add the $INTCOMM_PROCESS_PREPEND_COMMS ext community to signal that communities
+# for prepending can be processed. As soon as one prepending action is performed,
+# this internal community is removed, so that further actions are not processed.
+match to 192.0.2.222 set ext-community $INTCOMM_PROCESS_PREPEND_COMMS
+
+# prepend_once_to_peer AS222; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.222 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 65521:222 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.222 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 65521:222 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.222 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:65521:222 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+# prepend_twice_to_peer AS222; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.222 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 65522:222 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.222 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 65522:222 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.222 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:65522:222 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+# prepend_thrice_to_peer AS222; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.222 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 65523:222 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.222 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 65523:222 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.222 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:65523:222 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+
+# prepend_once_to_any; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.222 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 65521:65521 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.222 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 65521:65521 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.222 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:65521:65521 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+# prepend_twice_to_any; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.222 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 65522:65522 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.222 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 65522:65522 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.222 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:65522:65522 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+# prepend_thrice_to_any; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.222 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 65523:65523 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.222 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 65523:65523 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.222 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:65523:65523 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+
+# ---------------------------------------------
+# client AS222_2, inbound
+
+
+
+# NEXT_HOP
+match from 2001:db8:1:1::222 set community NO_ADVERTISE
+match from 2001:db8:1:1::222 nexthop 2001:db8:1:1::222 set community delete NO_ADVERTISE
+# Reject inbound routes when 'from 2001:db8:1:1::222 community NO_ADVERTISE' - reject code: 5
+allow quick from 2001:db8:1:1::222 community NO_ADVERTISE set {
+	localpref 1
+	community 65520:0
+	community 65520:5
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: left-most ASN
+# Reject inbound routes when 'from 2001:db8:1:1::222 peer-as != 222' - reject code: 6
+# community from reject_cause_map
+allow quick from 2001:db8:1:1::222 peer-as != 222 set {
+	localpref 1
+	community 65520:0
+	community 65520:6
+	large-community 999:1101:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: invalid ASNs
+# Reject inbound routes when 'from 2001:db8:1:1::222 AS 23456' - reject code: 7
+allow quick from 2001:db8:1:1::222 AS 23456 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 2001:db8:1:1::222 AS 64496 - 131071' - reject code: 7
+allow quick from 2001:db8:1:1::222 AS 64496 - 131071 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 2001:db8:1:1::222 AS 4200000000 - 4294967295' - reject code: 7
+allow quick from 2001:db8:1:1::222 AS 4200000000 - 4294967295 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: transit-free ASNs
+# Reject inbound routes when 'from 2001:db8:1:1::222 AS { 3, 174 }' - reject code: 8
+allow quick from 2001:db8:1:1::222 AS { 3, 174 } set {
+	localpref 1
+	community 65520:0
+	community 65520:8
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: never via route-servers ASNs
+# Reject inbound routes when 'from 2001:db8:1:1::222 AS as-set neverviarouteserver' - reject code: 15
+allow quick from 2001:db8:1:1::222 AS as-set neverviarouteserver set {
+	localpref 1
+	community 65520:0
+	community 65520:15
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# client's white list
+# Add the $INTCOMM_ROUTE_OK_WL ext community to routes which
+# are validated by a client's white list entry.
+# It will be used later during IRRDB validation in
+# case the route is not authorized by a client's
+# AS-SET.
+match from 2001:db8:1:1::222 prefix 222.1.1.0/24 set ext-community $INTCOMM_ROUTE_OK_WL	# None
+match from 2001:db8:1:1::222 prefix 3222:0:1::/48 set ext-community $INTCOMM_ROUTE_OK_WL	# None
+
+match from 2001:db8:1:1::222 set ext-community $INTCOMM_IRR_REJECT
+
+# AS_PATH: check origin via AS-SET
+# IRRDB filters for AS222_2, AS222: asns
+# add $INTCOMM_ORIGIN_KO to any; it will be removed later if at least one AS-SET authorizes this object
+match from 2001:db8:1:1::222 set ext-community $INTCOMM_ORIGIN_KO
+# verifying if object is authorized by AS-SETs
+# AS-SET AS222 referenced but empty.
+# AS-SET AS_AS222 referenced but empty.
+
+
+# Prefix: check prefix via AS-SET
+# IRRDB filters for AS222_2, AS222: prefixes
+# add $INTCOMM_PREFIX_KO to any; it will be removed later if at least one AS-SET authorizes this object
+match from 2001:db8:1:1::222 set ext-community $INTCOMM_PREFIX_KO
+# verifying if object is authorized by AS-SETs
+# AS-SET AS222 referenced but empty.
+# AS-SET AS_AS222 referenced but empty.
+
+
+# routes tagged with $INTCOMM_PREF_OK_ROA community have the prefix validated by a ROA; origin ASN previously validated ($INTCOMM_ORIGIN_OK)
+match from 2001:db8:1:1::222 ext-community $INTCOMM_ORIGIN_OK ext-community $INTCOMM_PREF_OK_ROA set ext-community delete $INTCOMM_IRR_REJECT
+
+
+
+# route authorized by a client's white list?
+match from 2001:db8:1:1::222 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_ROUTE_OK_WL set ext-community delete $INTCOMM_IRR_REJECT
+
+# enforcing: origin ASN
+# Reject inbound routes when 'from 2001:db8:1:1::222 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_ORIGIN_KO' - reject code: 9
+allow quick from 2001:db8:1:1::222 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_ORIGIN_KO set {
+	localpref 1
+	community 65520:0
+	community 65520:9
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# enforcing: prefix
+# Reject inbound routes when 'from 2001:db8:1:1::222 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_PREFIX_KO' - reject code: 12
+allow quick from 2001:db8:1:1::222 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_PREFIX_KO set {
+	localpref 1
+	community 65520:0
+	community 65520:12
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# Blackhole request?
+match from 2001:db8:1:1::222 set ext-community delete rt 65520:222
+
+
+# Remove internal communities before accepting the route
+match from 2001:db8:1:1::222 community BLACKHOLE set {
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+allow from 2001:db8:1:1::222 community 65534:0 set {
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+allow from 2001:db8:1:1::222 large-community 65534:0:0 set {
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# Add the rpki_bgp_origin_validation_not_performed community
+match from 2001:db8:1:1::222 community BLACKHOLE set community 65530:4
+match from 2001:db8:1:1::222 community BLACKHOLE set large-community 999:65530:4
+
+match from 2001:db8:1:1::222 community 65534:0 set { community 65530:4 large-community 999:65530:4}
+match from 2001:db8:1:1::222 large-community 65534:0:0 set { community 65530:4 large-community 999:65530:4}
+
+
+allow quick from 2001:db8:1:1::222 community BLACKHOLE
+allow quick from 2001:db8:1:1::222 community 65534:0
+allow quick from 2001:db8:1:1::222 large-community 65534:0:0
+
+
+match from 2001:db8:1:1::222 set ext-community rt 65520:222
+
+
+# RPKI-based Origin Validation
+# Reject inbound routes when 'from 2001:db8:1:1::222 ext-community $INTCOMM_RPKI_INVALID' - reject code: 14
+allow quick from 2001:db8:1:1::222 ext-community $INTCOMM_RPKI_INVALID set {
+	localpref 1
+	community 65520:0
+	community 65520:14
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# Prefix: length
+# Reject inbound routes when 'from 2001:db8:1:1::222 prefix ::/0 prefixlen 17 >< 48' - reject code: 13
+allow quick from 2001:db8:1:1::222 prefix ::/0 prefixlen 17 >< 48 set {
+	localpref 1
+	community 65520:0
+	community 65520:13
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# Graceful shutdown
+match from 2001:db8:1:1::222 community GRACEFUL_SHUTDOWN set localpref 5
+
+# Remove internal communities before accepting the route
+match from 2001:db8:1:1::222 set {
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+match from 2001:db8:1:1::222 set ext-community delete rt 65520:222
+
+
+
+allow quick from 2001:db8:1:1::222
+
+
+
+# ---------------------------------------------
+# client AS222_2, outbound
+
+deny quick to 2001:db8:1:1::222 community 65520:0
+
+
+
+# Blackhole request?
+# Configured policy: rewrite-next-hop
+match to 2001:db8:1:1::222 community 65534:0 set community BLACKHOLE
+match to 2001:db8:1:1::222 large-community 65534:0:0 set community BLACKHOLE
+
+match to 2001:db8:1:1::222 community BLACKHOLE set community NO_EXPORT
+match to 2001:db8:1:1::222 community BLACKHOLE set nexthop 2001:db8:1:1::66
+
+
+# RPKI-based Origin Validation
+# Do not announce INVALID to clients
+deny quick to 2001:db8:1:1::222 ext-community $INTCOMM_RPKI_INVALID
+
+# NO_EXPORT and NO_ADVERTISE communities
+# add_noexport_to_any
+match to 2001:db8:1:1::222 community 65507:999 set community NO_EXPORT
+match to 2001:db8:1:1::222 ext-community rt 65507:999 set community NO_EXPORT
+match to 2001:db8:1:1::222 large-community 999:65507:999 set community NO_EXPORT
+
+# add_noadvertise_to_any
+match to 2001:db8:1:1::222 community 65508:999 set community NO_ADVERTISE
+match to 2001:db8:1:1::222 ext-community rt 65508:999 set community NO_ADVERTISE
+match to 2001:db8:1:1::222 large-community 999:65508:999 set community NO_ADVERTISE
+
+# add_noexport_to_peer
+match to 2001:db8:1:1::222 community 65509:222 set community NO_EXPORT
+match to 2001:db8:1:1::222 ext-community rt 65509:222 set community NO_EXPORT
+match to 2001:db8:1:1::222 large-community 999:65509:222 set community NO_EXPORT
+
+# add_noadvertise_to_peer
+match to 2001:db8:1:1::222 community 65510:222 set community NO_ADVERTISE
+match to 2001:db8:1:1::222 ext-community rt 65510:222 set community NO_ADVERTISE
+match to 2001:db8:1:1::222 large-community 999:65510:222 set community NO_ADVERTISE
+
+
+# BGP control communities
+allow to 2001:db8:1:1::222
+
+# do_not_announce_to_any
+deny to 2001:db8:1:1::222 community 0:999
+deny to 2001:db8:1:1::222 ext-community rt 0:999
+deny to 2001:db8:1:1::222 large-community 999:0:999
+
+# do_not_announce_to_peer
+deny quick to 2001:db8:1:1::222 community 0:222
+deny quick to 2001:db8:1:1::222 ext-community rt 0:222
+deny quick to 2001:db8:1:1::222 large-community 999:0:222
+
+# announce_to_peer
+allow to 2001:db8:1:1::222 community 65501:222
+allow to 2001:db8:1:1::222 ext-community rt 65501:222
+allow to 2001:db8:1:1::222 large-community 999:65501:222
+
+
+# Add the $INTCOMM_PROCESS_PREPEND_COMMS ext community to signal that communities
+# for prepending can be processed. As soon as one prepending action is performed,
+# this internal community is removed, so that further actions are not processed.
+match to 2001:db8:1:1::222 set ext-community $INTCOMM_PROCESS_PREPEND_COMMS
+
+# prepend_once_to_peer AS222; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::222 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 65521:222 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::222 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 65521:222 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::222 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:65521:222 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+# prepend_twice_to_peer AS222; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::222 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 65522:222 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::222 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 65522:222 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::222 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:65522:222 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+# prepend_thrice_to_peer AS222; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::222 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 65523:222 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::222 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 65523:222 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::222 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:65523:222 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+
+# prepend_once_to_any; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::222 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 65521:65521 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::222 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 65521:65521 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::222 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:65521:65521 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+# prepend_twice_to_any; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::222 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 65522:65522 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::222 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 65522:65522 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::222 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:65522:65522 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+# prepend_thrice_to_any; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::222 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 65523:65523 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::222 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 65523:65523 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::222 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:65523:65523 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+
+# ---------------------------------------------
+# client AS2_1, inbound
+
+
+
+# NEXT_HOP
+match from 192.0.2.21 set community NO_ADVERTISE
+match from 192.0.2.21 nexthop 192.0.2.21 set community delete NO_ADVERTISE
+match from 192.0.2.21 nexthop 192.0.2.22 set community delete NO_ADVERTISE
+# Reject inbound routes when 'from 192.0.2.21 community NO_ADVERTISE' - reject code: 5
+allow quick from 192.0.2.21 community NO_ADVERTISE set {
+	localpref 1
+	community 65520:0
+	community 65520:5
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: left-most ASN
+# Reject inbound routes when 'from 192.0.2.21 peer-as != 2' - reject code: 6
+# community from reject_cause_map
+allow quick from 192.0.2.21 peer-as != 2 set {
+	localpref 1
+	community 65520:0
+	community 65520:6
+	large-community 999:1101:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: invalid ASNs
+# Reject inbound routes when 'from 192.0.2.21 AS 23456' - reject code: 7
+allow quick from 192.0.2.21 AS 23456 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 192.0.2.21 AS 64496 - 131071' - reject code: 7
+allow quick from 192.0.2.21 AS 64496 - 131071 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 192.0.2.21 AS 4200000000 - 4294967295' - reject code: 7
+allow quick from 192.0.2.21 AS 4200000000 - 4294967295 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: transit-free ASNs
+# Reject inbound routes when 'from 192.0.2.21 AS { 3, 174 }' - reject code: 8
+allow quick from 192.0.2.21 AS { 3, 174 } set {
+	localpref 1
+	community 65520:0
+	community 65520:8
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: never via route-servers ASNs
+# Reject inbound routes when 'from 192.0.2.21 AS as-set neverviarouteserver' - reject code: 15
+allow quick from 192.0.2.21 AS as-set neverviarouteserver set {
+	localpref 1
+	community 65520:0
+	community 65520:15
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+match from 192.0.2.21 set ext-community $INTCOMM_IRR_REJECT
+
+# AS_PATH: check origin via AS-SET
+# IRRDB filters for AS2_1, AS2: asns
+# add $INTCOMM_ORIGIN_KO to any; it will be removed later if at least one AS-SET authorizes this object
+match from 192.0.2.21 set ext-community $INTCOMM_ORIGIN_KO
+# verifying if object is authorized by AS-SETs
+# AS-SET AS2 referenced but empty.
+match from 192.0.2.21 source-as as-set AS_SET_AS_AS2_AS_AS2_CUSTOMERS_asns set {
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community $INTCOMM_ORIGIN_OK
+} # AS_AS2_AS_AS2_CUSTOMERS
+
+
+# Prefix: check prefix via AS-SET
+# IRRDB filters for AS2_1, AS2: prefixes
+# add $INTCOMM_PREFIX_KO to any; it will be removed later if at least one AS-SET authorizes this object
+match from 192.0.2.21 set ext-community $INTCOMM_PREFIX_KO
+# verifying if object is authorized by AS-SETs
+# AS-SET AS2 referenced but empty.
+match from 192.0.2.21 prefix-set AS_SET_AS_AS2_AS_AS2_CUSTOMERS_prefixes set {
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community $INTCOMM_PREFIX_OK
+} # AS_AS2_AS_AS2_CUSTOMERS
+
+
+# routes tagged with $INTCOMM_PREF_OK_ROA community have the prefix validated by a ROA; origin ASN previously validated ($INTCOMM_ORIGIN_OK)
+match from 192.0.2.21 ext-community $INTCOMM_ORIGIN_OK ext-community $INTCOMM_PREF_OK_ROA set ext-community delete $INTCOMM_IRR_REJECT
+
+
+
+
+# enforcing: origin ASN
+# Reject inbound routes when 'from 192.0.2.21 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_ORIGIN_KO' - reject code: 9
+allow quick from 192.0.2.21 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_ORIGIN_KO set {
+	localpref 1
+	community 65520:0
+	community 65520:9
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# enforcing: prefix
+# Reject inbound routes when 'from 192.0.2.21 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_PREFIX_KO' - reject code: 12
+allow quick from 192.0.2.21 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_PREFIX_KO set {
+	localpref 1
+	community 65520:0
+	community 65520:12
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# Blackhole request?
+match from 192.0.2.21 set ext-community delete rt 65520:2
+
+
+# Remove internal communities before accepting the route
+match from 192.0.2.21 community BLACKHOLE set {
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+allow from 192.0.2.21 community 65534:0 set {
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+allow from 192.0.2.21 large-community 65534:0:0 set {
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# Add the rpki_bgp_origin_validation_not_performed community
+match from 192.0.2.21 community BLACKHOLE set community 65530:4
+match from 192.0.2.21 community BLACKHOLE set large-community 999:65530:4
+
+match from 192.0.2.21 community 65534:0 set { community 65530:4 large-community 999:65530:4}
+match from 192.0.2.21 large-community 65534:0:0 set { community 65530:4 large-community 999:65530:4}
+
+
+allow quick from 192.0.2.21 community BLACKHOLE
+allow quick from 192.0.2.21 community 65534:0
+allow quick from 192.0.2.21 large-community 65534:0:0
+
+
+match from 192.0.2.21 set ext-community rt 65520:2
+
+
+# RPKI-based Origin Validation
+# Reject inbound routes when 'from 192.0.2.21 ext-community $INTCOMM_RPKI_INVALID' - reject code: 14
+allow quick from 192.0.2.21 ext-community $INTCOMM_RPKI_INVALID set {
+	localpref 1
+	community 65520:0
+	community 65520:14
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# Prefix: length
+# Reject inbound routes when 'from 192.0.2.21 prefix 0.0.0.0/0 prefixlen 8 >< 24' - reject code: 13
+allow quick from 192.0.2.21 prefix 0.0.0.0/0 prefixlen 8 >< 24 set {
+	localpref 1
+	community 65520:0
+	community 65520:13
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# Graceful shutdown
+match from 192.0.2.21 community GRACEFUL_SHUTDOWN set community delete GRACEFUL_SHUTDOWN
+
+# Remove internal communities before accepting the route
+match from 192.0.2.21 set {
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+match from 192.0.2.21 set ext-community delete rt 65520:2
+
+
+
+allow quick from 192.0.2.21
+
+
+
+# ---------------------------------------------
+# client AS2_1, outbound
+
+deny quick to 192.0.2.21 community 65520:0
+
+
+
+# Blackhole request?
+# Configured policy: rewrite-next-hop
+match to 192.0.2.21 community 65534:0 set community BLACKHOLE
+match to 192.0.2.21 large-community 65534:0:0 set community BLACKHOLE
+
+match to 192.0.2.21 community BLACKHOLE set community NO_EXPORT
+match to 192.0.2.21 community BLACKHOLE set nexthop 192.0.2.66
+
+
+# RPKI-based Origin Validation
+# Do not announce INVALID to clients
+deny quick to 192.0.2.21 ext-community $INTCOMM_RPKI_INVALID
+
+# NO_EXPORT and NO_ADVERTISE communities
+# add_noexport_to_any
+match to 192.0.2.21 community 65507:999 set community NO_EXPORT
+match to 192.0.2.21 ext-community rt 65507:999 set community NO_EXPORT
+match to 192.0.2.21 large-community 999:65507:999 set community NO_EXPORT
+
+# add_noadvertise_to_any
+match to 192.0.2.21 community 65508:999 set community NO_ADVERTISE
+match to 192.0.2.21 ext-community rt 65508:999 set community NO_ADVERTISE
+match to 192.0.2.21 large-community 999:65508:999 set community NO_ADVERTISE
+
+# add_noexport_to_peer
+match to 192.0.2.21 community 65509:2 set community NO_EXPORT
+match to 192.0.2.21 ext-community rt 65509:2 set community NO_EXPORT
+match to 192.0.2.21 large-community 999:65509:2 set community NO_EXPORT
+
+# add_noadvertise_to_peer
+match to 192.0.2.21 community 65510:2 set community NO_ADVERTISE
+match to 192.0.2.21 ext-community rt 65510:2 set community NO_ADVERTISE
+match to 192.0.2.21 large-community 999:65510:2 set community NO_ADVERTISE
+
+
+# BGP control communities
+allow to 192.0.2.21
+
+# do_not_announce_to_any
+deny to 192.0.2.21 community 0:999
+deny to 192.0.2.21 ext-community rt 0:999
+deny to 192.0.2.21 large-community 999:0:999
+
+# do_not_announce_to_peer
+deny quick to 192.0.2.21 community 0:2
+deny quick to 192.0.2.21 ext-community rt 0:2
+deny quick to 192.0.2.21 large-community 999:0:2
+
+# announce_to_peer
+allow to 192.0.2.21 community 65501:2
+allow to 192.0.2.21 ext-community rt 65501:2
+allow to 192.0.2.21 large-community 999:65501:2
+
+
+# Add the $INTCOMM_PROCESS_PREPEND_COMMS ext community to signal that communities
+# for prepending can be processed. As soon as one prepending action is performed,
+# this internal community is removed, so that further actions are not processed.
+match to 192.0.2.21 set ext-community $INTCOMM_PROCESS_PREPEND_COMMS
+
+# prepend_once_to_peer AS2; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 65521:2 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 65521:2 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:65521:2 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+# prepend_twice_to_peer AS2; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 65522:2 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 65522:2 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:65522:2 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+# prepend_thrice_to_peer AS2; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 65523:2 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 65523:2 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:65523:2 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+
+# prepend_once_to_any; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 65521:65521 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 65521:65521 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:65521:65521 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+# prepend_twice_to_any; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 65522:65522 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 65522:65522 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:65522:65522 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+# prepend_thrice_to_any; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 65523:65523 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 65523:65523 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:65523:65523 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+
+# ---------------------------------------------
+# client AS2_2, inbound
+
+
+
+# NEXT_HOP
+match from 2001:db8:1:1::21 set community NO_ADVERTISE
+match from 2001:db8:1:1::21 nexthop 2001:db8:1:1::21 set community delete NO_ADVERTISE
+match from 2001:db8:1:1::21 nexthop 2001:db8:1:1::22 set community delete NO_ADVERTISE
+# Reject inbound routes when 'from 2001:db8:1:1::21 community NO_ADVERTISE' - reject code: 5
+allow quick from 2001:db8:1:1::21 community NO_ADVERTISE set {
+	localpref 1
+	community 65520:0
+	community 65520:5
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: left-most ASN
+# Reject inbound routes when 'from 2001:db8:1:1::21 peer-as != 2' - reject code: 6
+# community from reject_cause_map
+allow quick from 2001:db8:1:1::21 peer-as != 2 set {
+	localpref 1
+	community 65520:0
+	community 65520:6
+	large-community 999:1101:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: invalid ASNs
+# Reject inbound routes when 'from 2001:db8:1:1::21 AS 23456' - reject code: 7
+allow quick from 2001:db8:1:1::21 AS 23456 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 2001:db8:1:1::21 AS 64496 - 131071' - reject code: 7
+allow quick from 2001:db8:1:1::21 AS 64496 - 131071 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 2001:db8:1:1::21 AS 4200000000 - 4294967295' - reject code: 7
+allow quick from 2001:db8:1:1::21 AS 4200000000 - 4294967295 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: transit-free ASNs
+# Reject inbound routes when 'from 2001:db8:1:1::21 AS { 3, 174 }' - reject code: 8
+allow quick from 2001:db8:1:1::21 AS { 3, 174 } set {
+	localpref 1
+	community 65520:0
+	community 65520:8
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: never via route-servers ASNs
+# Reject inbound routes when 'from 2001:db8:1:1::21 AS as-set neverviarouteserver' - reject code: 15
+allow quick from 2001:db8:1:1::21 AS as-set neverviarouteserver set {
+	localpref 1
+	community 65520:0
+	community 65520:15
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+match from 2001:db8:1:1::21 set ext-community $INTCOMM_IRR_REJECT
+
+# AS_PATH: check origin via AS-SET
+# IRRDB filters for AS2_2, AS2: asns
+# add $INTCOMM_ORIGIN_KO to any; it will be removed later if at least one AS-SET authorizes this object
+match from 2001:db8:1:1::21 set ext-community $INTCOMM_ORIGIN_KO
+# verifying if object is authorized by AS-SETs
+# AS-SET AS2 referenced but empty.
+match from 2001:db8:1:1::21 source-as as-set AS_SET_AS_AS2_AS_AS2_CUSTOMERS_asns set {
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community $INTCOMM_ORIGIN_OK
+} # AS_AS2_AS_AS2_CUSTOMERS
+
+
+# Prefix: check prefix via AS-SET
+# IRRDB filters for AS2_2, AS2: prefixes
+# add $INTCOMM_PREFIX_KO to any; it will be removed later if at least one AS-SET authorizes this object
+match from 2001:db8:1:1::21 set ext-community $INTCOMM_PREFIX_KO
+# verifying if object is authorized by AS-SETs
+# AS-SET AS2 referenced but empty.
+match from 2001:db8:1:1::21 prefix-set AS_SET_AS_AS2_AS_AS2_CUSTOMERS_prefixes set {
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community $INTCOMM_PREFIX_OK
+} # AS_AS2_AS_AS2_CUSTOMERS
+
+
+# routes tagged with $INTCOMM_PREF_OK_ROA community have the prefix validated by a ROA; origin ASN previously validated ($INTCOMM_ORIGIN_OK)
+match from 2001:db8:1:1::21 ext-community $INTCOMM_ORIGIN_OK ext-community $INTCOMM_PREF_OK_ROA set ext-community delete $INTCOMM_IRR_REJECT
+
+
+
+
+# enforcing: origin ASN
+# Reject inbound routes when 'from 2001:db8:1:1::21 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_ORIGIN_KO' - reject code: 9
+allow quick from 2001:db8:1:1::21 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_ORIGIN_KO set {
+	localpref 1
+	community 65520:0
+	community 65520:9
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# enforcing: prefix
+# Reject inbound routes when 'from 2001:db8:1:1::21 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_PREFIX_KO' - reject code: 12
+allow quick from 2001:db8:1:1::21 ext-community $INTCOMM_IRR_REJECT ext-community $INTCOMM_PREFIX_KO set {
+	localpref 1
+	community 65520:0
+	community 65520:12
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# Blackhole request?
+match from 2001:db8:1:1::21 set ext-community delete rt 65520:2
+
+
+# Remove internal communities before accepting the route
+match from 2001:db8:1:1::21 community BLACKHOLE set {
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+allow from 2001:db8:1:1::21 community 65534:0 set {
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+allow from 2001:db8:1:1::21 large-community 65534:0:0 set {
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# Add the rpki_bgp_origin_validation_not_performed community
+match from 2001:db8:1:1::21 community BLACKHOLE set community 65530:4
+match from 2001:db8:1:1::21 community BLACKHOLE set large-community 999:65530:4
+
+match from 2001:db8:1:1::21 community 65534:0 set { community 65530:4 large-community 999:65530:4}
+match from 2001:db8:1:1::21 large-community 65534:0:0 set { community 65530:4 large-community 999:65530:4}
+
+
+allow quick from 2001:db8:1:1::21 community BLACKHOLE
+allow quick from 2001:db8:1:1::21 community 65534:0
+allow quick from 2001:db8:1:1::21 large-community 65534:0:0
+
+
+match from 2001:db8:1:1::21 set ext-community rt 65520:2
+
+
+# RPKI-based Origin Validation
+# Reject inbound routes when 'from 2001:db8:1:1::21 ext-community $INTCOMM_RPKI_INVALID' - reject code: 14
+allow quick from 2001:db8:1:1::21 ext-community $INTCOMM_RPKI_INVALID set {
+	localpref 1
+	community 65520:0
+	community 65520:14
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# Prefix: length
+# Reject inbound routes when 'from 2001:db8:1:1::21 prefix ::/0 prefixlen 17 >< 48' - reject code: 13
+allow quick from 2001:db8:1:1::21 prefix ::/0 prefixlen 17 >< 48 set {
+	localpref 1
+	community 65520:0
+	community 65520:13
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# Graceful shutdown
+match from 2001:db8:1:1::21 community GRACEFUL_SHUTDOWN set community delete GRACEFUL_SHUTDOWN
+
+# Remove internal communities before accepting the route
+match from 2001:db8:1:1::21 set {
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+match from 2001:db8:1:1::21 set ext-community delete rt 65520:2
+
+
+
+allow quick from 2001:db8:1:1::21
+
+
+
+# ---------------------------------------------
+# client AS2_2, outbound
+
+deny quick to 2001:db8:1:1::21 community 65520:0
+
+
+
+# Blackhole request?
+# Configured policy: rewrite-next-hop
+match to 2001:db8:1:1::21 community 65534:0 set community BLACKHOLE
+match to 2001:db8:1:1::21 large-community 65534:0:0 set community BLACKHOLE
+
+match to 2001:db8:1:1::21 community BLACKHOLE set community NO_EXPORT
+match to 2001:db8:1:1::21 community BLACKHOLE set nexthop 2001:db8:1:1::66
+
+
+# RPKI-based Origin Validation
+# Do not announce INVALID to clients
+deny quick to 2001:db8:1:1::21 ext-community $INTCOMM_RPKI_INVALID
+
+# NO_EXPORT and NO_ADVERTISE communities
+# add_noexport_to_any
+match to 2001:db8:1:1::21 community 65507:999 set community NO_EXPORT
+match to 2001:db8:1:1::21 ext-community rt 65507:999 set community NO_EXPORT
+match to 2001:db8:1:1::21 large-community 999:65507:999 set community NO_EXPORT
+
+# add_noadvertise_to_any
+match to 2001:db8:1:1::21 community 65508:999 set community NO_ADVERTISE
+match to 2001:db8:1:1::21 ext-community rt 65508:999 set community NO_ADVERTISE
+match to 2001:db8:1:1::21 large-community 999:65508:999 set community NO_ADVERTISE
+
+# add_noexport_to_peer
+match to 2001:db8:1:1::21 community 65509:2 set community NO_EXPORT
+match to 2001:db8:1:1::21 ext-community rt 65509:2 set community NO_EXPORT
+match to 2001:db8:1:1::21 large-community 999:65509:2 set community NO_EXPORT
+
+# add_noadvertise_to_peer
+match to 2001:db8:1:1::21 community 65510:2 set community NO_ADVERTISE
+match to 2001:db8:1:1::21 ext-community rt 65510:2 set community NO_ADVERTISE
+match to 2001:db8:1:1::21 large-community 999:65510:2 set community NO_ADVERTISE
+
+
+# BGP control communities
+allow to 2001:db8:1:1::21
+
+# do_not_announce_to_any
+deny to 2001:db8:1:1::21 community 0:999
+deny to 2001:db8:1:1::21 ext-community rt 0:999
+deny to 2001:db8:1:1::21 large-community 999:0:999
+
+# do_not_announce_to_peer
+deny quick to 2001:db8:1:1::21 community 0:2
+deny quick to 2001:db8:1:1::21 ext-community rt 0:2
+deny quick to 2001:db8:1:1::21 large-community 999:0:2
+
+# announce_to_peer
+allow to 2001:db8:1:1::21 community 65501:2
+allow to 2001:db8:1:1::21 ext-community rt 65501:2
+allow to 2001:db8:1:1::21 large-community 999:65501:2
+
+
+# Add the $INTCOMM_PROCESS_PREPEND_COMMS ext community to signal that communities
+# for prepending can be processed. As soon as one prepending action is performed,
+# this internal community is removed, so that further actions are not processed.
+match to 2001:db8:1:1::21 set ext-community $INTCOMM_PROCESS_PREPEND_COMMS
+
+# prepend_once_to_peer AS2; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 65521:2 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 65521:2 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:65521:2 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+# prepend_twice_to_peer AS2; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 65522:2 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 65522:2 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:65522:2 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+# prepend_thrice_to_peer AS2; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 65523:2 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 65523:2 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:65523:2 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+
+# prepend_once_to_any; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 65521:65521 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 65521:65521 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:65521:65521 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+# prepend_twice_to_any; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 65522:65522 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 65522:65522 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:65522:65522 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+# prepend_thrice_to_any; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 65523:65523 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 65523:65523 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::21 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:65523:65523 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+
+# ---------------------------------------------
+# client AS3_1, inbound
+
+
+
+# NEXT_HOP
+match from 192.0.2.31 set community NO_ADVERTISE
+match from 192.0.2.31 nexthop 192.0.2.31 set community delete NO_ADVERTISE
+# Reject inbound routes when 'from 192.0.2.31 community NO_ADVERTISE' - reject code: 5
+allow quick from 192.0.2.31 community NO_ADVERTISE set {
+	localpref 1
+	community 65520:0
+	community 65520:5
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: left-most ASN
+# Reject inbound routes when 'from 192.0.2.31 peer-as != 3' - reject code: 6
+# community from reject_cause_map
+allow quick from 192.0.2.31 peer-as != 3 set {
+	localpref 1
+	community 65520:0
+	community 65520:6
+	large-community 999:1101:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: invalid ASNs
+# Reject inbound routes when 'from 192.0.2.31 AS 23456' - reject code: 7
+allow quick from 192.0.2.31 AS 23456 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 192.0.2.31 AS 64496 - 131071' - reject code: 7
+allow quick from 192.0.2.31 AS 64496 - 131071 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 192.0.2.31 AS 4200000000 - 4294967295' - reject code: 7
+allow quick from 192.0.2.31 AS 4200000000 - 4294967295 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: transit-free ASNs
+# Reject inbound routes when 'from 192.0.2.31 AS { 174 }' - reject code: 8
+allow quick from 192.0.2.31 AS { 174 } set {
+	localpref 1
+	community 65520:0
+	community 65520:8
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: never via route-servers ASNs
+# Reject inbound routes when 'from 192.0.2.31 AS as-set neverviarouteserver' - reject code: 15
+allow quick from 192.0.2.31 AS as-set neverviarouteserver set {
+	localpref 1
+	community 65520:0
+	community 65520:15
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+
+
+# Prefix: client's blacklist
+prefix-set "client_AS3_1_black_list_pref_ipv4" {
+    3.0.1.0/24 prefixlen 24 - 32
+
+}
+# Reject inbound routes when 'from 192.0.2.31 prefix-set client_AS3_1_black_list_pref_ipv4' - reject code: 11
+allow quick from 192.0.2.31 prefix-set client_AS3_1_black_list_pref_ipv4 set {
+	localpref 1
+	community 65520:0
+	community 65520:11
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+
+# Blackhole request?
+match from 192.0.2.31 set ext-community delete rt 65520:3
+
+
+# Remove internal communities before accepting the route
+match from 192.0.2.31 community BLACKHOLE set {
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+allow from 192.0.2.31 community 65534:0 set {
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+allow from 192.0.2.31 large-community 65534:0:0 set {
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# Add the rpki_bgp_origin_validation_not_performed community
+match from 192.0.2.31 community BLACKHOLE set community 65530:4
+match from 192.0.2.31 community BLACKHOLE set large-community 999:65530:4
+
+match from 192.0.2.31 community 65534:0 set { community 65530:4 large-community 999:65530:4}
+match from 192.0.2.31 large-community 65534:0:0 set { community 65530:4 large-community 999:65530:4}
+
+
+allow quick from 192.0.2.31 community BLACKHOLE
+allow quick from 192.0.2.31 community 65534:0
+allow quick from 192.0.2.31 large-community 65534:0:0
+
+
+match from 192.0.2.31 set ext-community rt 65520:3
+
+
+# RPKI-based Origin Validation
+# Reject inbound routes when 'from 192.0.2.31 ext-community $INTCOMM_RPKI_INVALID' - reject code: 14
+allow quick from 192.0.2.31 ext-community $INTCOMM_RPKI_INVALID set {
+	localpref 1
+	community 65520:0
+	community 65520:14
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# Prefix: length
+# Reject inbound routes when 'from 192.0.2.31 prefix 0.0.0.0/0 prefixlen 8 >< 24' - reject code: 13
+allow quick from 192.0.2.31 prefix 0.0.0.0/0 prefixlen 8 >< 24 set {
+	localpref 1
+	community 65520:0
+	community 65520:13
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# Graceful shutdown
+match from 192.0.2.31 community GRACEFUL_SHUTDOWN set localpref 5
+
+# Remove internal communities before accepting the route
+match from 192.0.2.31 set {
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+match from 192.0.2.31 set ext-community delete rt 65520:3
+
+
+
+allow quick from 192.0.2.31
+
+
+
+# ---------------------------------------------
+# client AS3_1, outbound
+
+deny quick to 192.0.2.31 community 65520:0
+
+
+
+# Blackhole request?
+# Configured policy: rewrite-next-hop
+match to 192.0.2.31 community 65534:0 set community BLACKHOLE
+match to 192.0.2.31 large-community 65534:0:0 set community BLACKHOLE
+
+match to 192.0.2.31 community BLACKHOLE set community NO_EXPORT
+match to 192.0.2.31 community BLACKHOLE set nexthop 192.0.2.66
+
+
+# RPKI-based Origin Validation
+# Do not announce INVALID to clients
+deny quick to 192.0.2.31 ext-community $INTCOMM_RPKI_INVALID
+
+# NO_EXPORT and NO_ADVERTISE communities
+# add_noexport_to_any
+match to 192.0.2.31 community 65507:999 set community NO_EXPORT
+match to 192.0.2.31 ext-community rt 65507:999 set community NO_EXPORT
+match to 192.0.2.31 large-community 999:65507:999 set community NO_EXPORT
+
+# add_noadvertise_to_any
+match to 192.0.2.31 community 65508:999 set community NO_ADVERTISE
+match to 192.0.2.31 ext-community rt 65508:999 set community NO_ADVERTISE
+match to 192.0.2.31 large-community 999:65508:999 set community NO_ADVERTISE
+
+# add_noexport_to_peer
+match to 192.0.2.31 community 65509:3 set community NO_EXPORT
+match to 192.0.2.31 ext-community rt 65509:3 set community NO_EXPORT
+match to 192.0.2.31 large-community 999:65509:3 set community NO_EXPORT
+
+# add_noadvertise_to_peer
+match to 192.0.2.31 community 65510:3 set community NO_ADVERTISE
+match to 192.0.2.31 ext-community rt 65510:3 set community NO_ADVERTISE
+match to 192.0.2.31 large-community 999:65510:3 set community NO_ADVERTISE
+
+
+# BGP control communities
+allow to 192.0.2.31
+
+# do_not_announce_to_any
+deny to 192.0.2.31 community 0:999
+deny to 192.0.2.31 ext-community rt 0:999
+deny to 192.0.2.31 large-community 999:0:999
+
+# do_not_announce_to_peer
+deny quick to 192.0.2.31 community 0:3
+deny quick to 192.0.2.31 ext-community rt 0:3
+deny quick to 192.0.2.31 large-community 999:0:3
+
+# announce_to_peer
+allow to 192.0.2.31 community 65501:3
+allow to 192.0.2.31 ext-community rt 65501:3
+allow to 192.0.2.31 large-community 999:65501:3
+
+
+# Add the $INTCOMM_PROCESS_PREPEND_COMMS ext community to signal that communities
+# for prepending can be processed. As soon as one prepending action is performed,
+# this internal community is removed, so that further actions are not processed.
+match to 192.0.2.31 set ext-community $INTCOMM_PROCESS_PREPEND_COMMS
+
+# prepend_once_to_peer AS3; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 65521:3 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 65521:3 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:65521:3 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+# prepend_twice_to_peer AS3; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 65522:3 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 65522:3 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:65522:3 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+# prepend_thrice_to_peer AS3; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 65523:3 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 65523:3 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:65523:3 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+
+# prepend_once_to_any; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 65521:65521 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 65521:65521 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:65521:65521 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+# prepend_twice_to_any; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 65522:65522 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 65522:65522 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:65522:65522 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+# prepend_thrice_to_any; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 65523:65523 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 65523:65523 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:65523:65523 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+
+# ---------------------------------------------
+# client AS3_2, inbound
+
+
+
+# NEXT_HOP
+match from 2001:db8:1:1::31 set community NO_ADVERTISE
+match from 2001:db8:1:1::31 nexthop 2001:db8:1:1::31 set community delete NO_ADVERTISE
+# Reject inbound routes when 'from 2001:db8:1:1::31 community NO_ADVERTISE' - reject code: 5
+allow quick from 2001:db8:1:1::31 community NO_ADVERTISE set {
+	localpref 1
+	community 65520:0
+	community 65520:5
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: left-most ASN
+# Reject inbound routes when 'from 2001:db8:1:1::31 peer-as != 3' - reject code: 6
+# community from reject_cause_map
+allow quick from 2001:db8:1:1::31 peer-as != 3 set {
+	localpref 1
+	community 65520:0
+	community 65520:6
+	large-community 999:1101:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: invalid ASNs
+# Reject inbound routes when 'from 2001:db8:1:1::31 AS 23456' - reject code: 7
+allow quick from 2001:db8:1:1::31 AS 23456 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 2001:db8:1:1::31 AS 64496 - 131071' - reject code: 7
+allow quick from 2001:db8:1:1::31 AS 64496 - 131071 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 2001:db8:1:1::31 AS 4200000000 - 4294967295' - reject code: 7
+allow quick from 2001:db8:1:1::31 AS 4200000000 - 4294967295 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: transit-free ASNs
+# Reject inbound routes when 'from 2001:db8:1:1::31 AS { 174 }' - reject code: 8
+allow quick from 2001:db8:1:1::31 AS { 174 } set {
+	localpref 1
+	community 65520:0
+	community 65520:8
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: never via route-servers ASNs
+# Reject inbound routes when 'from 2001:db8:1:1::31 AS as-set neverviarouteserver' - reject code: 15
+allow quick from 2001:db8:1:1::31 AS as-set neverviarouteserver set {
+	localpref 1
+	community 65520:0
+	community 65520:15
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+
+
+# Prefix: client's blacklist
+prefix-set "client_AS3_2_black_list_pref_ipv6" {
+    2a03:0:1::/48 prefixlen 48 - 128
+
+}
+# Reject inbound routes when 'from 2001:db8:1:1::31 prefix-set client_AS3_2_black_list_pref_ipv6' - reject code: 11
+allow quick from 2001:db8:1:1::31 prefix-set client_AS3_2_black_list_pref_ipv6 set {
+	localpref 1
+	community 65520:0
+	community 65520:11
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+
+# Blackhole request?
+match from 2001:db8:1:1::31 set ext-community delete rt 65520:3
+
+
+# Remove internal communities before accepting the route
+match from 2001:db8:1:1::31 community BLACKHOLE set {
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+allow from 2001:db8:1:1::31 community 65534:0 set {
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+allow from 2001:db8:1:1::31 large-community 65534:0:0 set {
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# Add the rpki_bgp_origin_validation_not_performed community
+match from 2001:db8:1:1::31 community BLACKHOLE set community 65530:4
+match from 2001:db8:1:1::31 community BLACKHOLE set large-community 999:65530:4
+
+match from 2001:db8:1:1::31 community 65534:0 set { community 65530:4 large-community 999:65530:4}
+match from 2001:db8:1:1::31 large-community 65534:0:0 set { community 65530:4 large-community 999:65530:4}
+
+
+allow quick from 2001:db8:1:1::31 community BLACKHOLE
+allow quick from 2001:db8:1:1::31 community 65534:0
+allow quick from 2001:db8:1:1::31 large-community 65534:0:0
+
+
+match from 2001:db8:1:1::31 set ext-community rt 65520:3
+
+
+# RPKI-based Origin Validation
+# Reject inbound routes when 'from 2001:db8:1:1::31 ext-community $INTCOMM_RPKI_INVALID' - reject code: 14
+allow quick from 2001:db8:1:1::31 ext-community $INTCOMM_RPKI_INVALID set {
+	localpref 1
+	community 65520:0
+	community 65520:14
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# Prefix: length
+# Reject inbound routes when 'from 2001:db8:1:1::31 prefix ::/0 prefixlen 17 >< 48' - reject code: 13
+allow quick from 2001:db8:1:1::31 prefix ::/0 prefixlen 17 >< 48 set {
+	localpref 1
+	community 65520:0
+	community 65520:13
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# Graceful shutdown
+match from 2001:db8:1:1::31 community GRACEFUL_SHUTDOWN set localpref 5
+
+# Remove internal communities before accepting the route
+match from 2001:db8:1:1::31 set {
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+match from 2001:db8:1:1::31 set ext-community delete rt 65520:3
+
+
+
+allow quick from 2001:db8:1:1::31
+
+
+
+# ---------------------------------------------
+# client AS3_2, outbound
+
+deny quick to 2001:db8:1:1::31 community 65520:0
+
+
+
+# Blackhole request?
+# Configured policy: rewrite-next-hop
+match to 2001:db8:1:1::31 community 65534:0 set community BLACKHOLE
+match to 2001:db8:1:1::31 large-community 65534:0:0 set community BLACKHOLE
+
+match to 2001:db8:1:1::31 community BLACKHOLE set community NO_EXPORT
+match to 2001:db8:1:1::31 community BLACKHOLE set nexthop 2001:db8:1:1::66
+
+
+# RPKI-based Origin Validation
+# Do not announce INVALID to clients
+deny quick to 2001:db8:1:1::31 ext-community $INTCOMM_RPKI_INVALID
+
+# NO_EXPORT and NO_ADVERTISE communities
+# add_noexport_to_any
+match to 2001:db8:1:1::31 community 65507:999 set community NO_EXPORT
+match to 2001:db8:1:1::31 ext-community rt 65507:999 set community NO_EXPORT
+match to 2001:db8:1:1::31 large-community 999:65507:999 set community NO_EXPORT
+
+# add_noadvertise_to_any
+match to 2001:db8:1:1::31 community 65508:999 set community NO_ADVERTISE
+match to 2001:db8:1:1::31 ext-community rt 65508:999 set community NO_ADVERTISE
+match to 2001:db8:1:1::31 large-community 999:65508:999 set community NO_ADVERTISE
+
+# add_noexport_to_peer
+match to 2001:db8:1:1::31 community 65509:3 set community NO_EXPORT
+match to 2001:db8:1:1::31 ext-community rt 65509:3 set community NO_EXPORT
+match to 2001:db8:1:1::31 large-community 999:65509:3 set community NO_EXPORT
+
+# add_noadvertise_to_peer
+match to 2001:db8:1:1::31 community 65510:3 set community NO_ADVERTISE
+match to 2001:db8:1:1::31 ext-community rt 65510:3 set community NO_ADVERTISE
+match to 2001:db8:1:1::31 large-community 999:65510:3 set community NO_ADVERTISE
+
+
+# BGP control communities
+allow to 2001:db8:1:1::31
+
+# do_not_announce_to_any
+deny to 2001:db8:1:1::31 community 0:999
+deny to 2001:db8:1:1::31 ext-community rt 0:999
+deny to 2001:db8:1:1::31 large-community 999:0:999
+
+# do_not_announce_to_peer
+deny quick to 2001:db8:1:1::31 community 0:3
+deny quick to 2001:db8:1:1::31 ext-community rt 0:3
+deny quick to 2001:db8:1:1::31 large-community 999:0:3
+
+# announce_to_peer
+allow to 2001:db8:1:1::31 community 65501:3
+allow to 2001:db8:1:1::31 ext-community rt 65501:3
+allow to 2001:db8:1:1::31 large-community 999:65501:3
+
+
+# Add the $INTCOMM_PROCESS_PREPEND_COMMS ext community to signal that communities
+# for prepending can be processed. As soon as one prepending action is performed,
+# this internal community is removed, so that further actions are not processed.
+match to 2001:db8:1:1::31 set ext-community $INTCOMM_PROCESS_PREPEND_COMMS
+
+# prepend_once_to_peer AS3; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 65521:3 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 65521:3 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:65521:3 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+# prepend_twice_to_peer AS3; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 65522:3 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 65522:3 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:65522:3 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+# prepend_thrice_to_peer AS3; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 65523:3 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 65523:3 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:65523:3 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+
+# prepend_once_to_any; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 65521:65521 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 65521:65521 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:65521:65521 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+# prepend_twice_to_any; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 65522:65522 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 65522:65522 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:65522:65522 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+# prepend_thrice_to_any; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 65523:65523 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 65523:65523 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::31 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:65523:65523 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+
+# ---------------------------------------------
+# client AS4_1, inbound
+
+
+
+# NEXT_HOP
+match from 192.0.2.41 set community NO_ADVERTISE
+match from 192.0.2.41 nexthop 192.0.2.41 set community delete NO_ADVERTISE
+# Reject inbound routes when 'from 192.0.2.41 community NO_ADVERTISE' - reject code: 5
+allow quick from 192.0.2.41 community NO_ADVERTISE set {
+	localpref 1
+	community 65520:0
+	community 65520:5
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: left-most ASN
+# Reject inbound routes when 'from 192.0.2.41 peer-as != 4' - reject code: 6
+# community from reject_cause_map
+allow quick from 192.0.2.41 peer-as != 4 set {
+	localpref 1
+	community 65520:0
+	community 65520:6
+	large-community 999:1101:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: invalid ASNs
+# Reject inbound routes when 'from 192.0.2.41 AS 23456' - reject code: 7
+allow quick from 192.0.2.41 AS 23456 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 192.0.2.41 AS 64496 - 131071' - reject code: 7
+allow quick from 192.0.2.41 AS 64496 - 131071 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 192.0.2.41 AS 4200000000 - 4294967295' - reject code: 7
+allow quick from 192.0.2.41 AS 4200000000 - 4294967295 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: transit-free ASNs
+# Reject inbound routes when 'from 192.0.2.41 AS { 3, 174 }' - reject code: 8
+allow quick from 192.0.2.41 AS { 3, 174 } set {
+	localpref 1
+	community 65520:0
+	community 65520:8
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: never via route-servers ASNs
+# Reject inbound routes when 'from 192.0.2.41 AS as-set neverviarouteserver' - reject code: 15
+allow quick from 192.0.2.41 AS as-set neverviarouteserver set {
+	localpref 1
+	community 65520:0
+	community 65520:15
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+
+
+
+
+
+# Blackhole request?
+match from 192.0.2.41 set ext-community delete rt 65520:4
+
+
+# Remove internal communities before accepting the route
+match from 192.0.2.41 community BLACKHOLE set {
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+allow from 192.0.2.41 community 65534:0 set {
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+allow from 192.0.2.41 large-community 65534:0:0 set {
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# Add the rpki_bgp_origin_validation_not_performed community
+match from 192.0.2.41 community BLACKHOLE set community 65530:4
+match from 192.0.2.41 community BLACKHOLE set large-community 999:65530:4
+
+match from 192.0.2.41 community 65534:0 set { community 65530:4 large-community 999:65530:4}
+match from 192.0.2.41 large-community 65534:0:0 set { community 65530:4 large-community 999:65530:4}
+
+
+allow quick from 192.0.2.41 community BLACKHOLE
+allow quick from 192.0.2.41 community 65534:0
+allow quick from 192.0.2.41 large-community 65534:0:0
+
+
+match from 192.0.2.41 set ext-community rt 65520:4
+
+
+# RPKI-based Origin Validation
+# Reject inbound routes when 'from 192.0.2.41 ext-community $INTCOMM_RPKI_INVALID' - reject code: 14
+allow quick from 192.0.2.41 ext-community $INTCOMM_RPKI_INVALID set {
+	localpref 1
+	community 65520:0
+	community 65520:14
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# Prefix: length
+# Reject inbound routes when 'from 192.0.2.41 prefix 0.0.0.0/0 prefixlen 8 >< 24' - reject code: 13
+allow quick from 192.0.2.41 prefix 0.0.0.0/0 prefixlen 8 >< 24 set {
+	localpref 1
+	community 65520:0
+	community 65520:13
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# Graceful shutdown
+match from 192.0.2.41 community GRACEFUL_SHUTDOWN set localpref 5
+
+# Remove internal communities before accepting the route
+match from 192.0.2.41 set {
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+match from 192.0.2.41 set ext-community delete rt 65520:4
+
+
+
+allow quick from 192.0.2.41
+
+
+
+# ---------------------------------------------
+# client AS4_1, outbound
+
+deny quick to 192.0.2.41 community 65520:0
+
+
+
+# Blackhole request?
+# Configured policy: rewrite-next-hop
+match to 192.0.2.41 community 65534:0 set community BLACKHOLE
+match to 192.0.2.41 large-community 65534:0:0 set community BLACKHOLE
+
+match to 192.0.2.41 community BLACKHOLE set community NO_EXPORT
+match to 192.0.2.41 community BLACKHOLE set nexthop 192.0.2.66
+
+
+# RPKI-based Origin Validation
+# Do not announce INVALID to clients
+deny quick to 192.0.2.41 ext-community $INTCOMM_RPKI_INVALID
+
+# NO_EXPORT and NO_ADVERTISE communities
+# add_noexport_to_any
+match to 192.0.2.41 community 65507:999 set community NO_EXPORT
+match to 192.0.2.41 ext-community rt 65507:999 set community NO_EXPORT
+match to 192.0.2.41 large-community 999:65507:999 set community NO_EXPORT
+
+# add_noadvertise_to_any
+match to 192.0.2.41 community 65508:999 set community NO_ADVERTISE
+match to 192.0.2.41 ext-community rt 65508:999 set community NO_ADVERTISE
+match to 192.0.2.41 large-community 999:65508:999 set community NO_ADVERTISE
+
+# add_noexport_to_peer
+match to 192.0.2.41 community 65509:4 set community NO_EXPORT
+match to 192.0.2.41 ext-community rt 65509:4 set community NO_EXPORT
+match to 192.0.2.41 large-community 999:65509:4 set community NO_EXPORT
+
+# add_noadvertise_to_peer
+match to 192.0.2.41 community 65510:4 set community NO_ADVERTISE
+match to 192.0.2.41 ext-community rt 65510:4 set community NO_ADVERTISE
+match to 192.0.2.41 large-community 999:65510:4 set community NO_ADVERTISE
+
+
+# BGP control communities
+allow to 192.0.2.41
+
+# do_not_announce_to_any
+deny to 192.0.2.41 community 0:999
+deny to 192.0.2.41 ext-community rt 0:999
+deny to 192.0.2.41 large-community 999:0:999
+
+# do_not_announce_to_peer
+deny quick to 192.0.2.41 community 0:4
+deny quick to 192.0.2.41 ext-community rt 0:4
+deny quick to 192.0.2.41 large-community 999:0:4
+
+# announce_to_peer
+allow to 192.0.2.41 community 65501:4
+allow to 192.0.2.41 ext-community rt 65501:4
+allow to 192.0.2.41 large-community 999:65501:4
+
+
+# Add the $INTCOMM_PROCESS_PREPEND_COMMS ext community to signal that communities
+# for prepending can be processed. As soon as one prepending action is performed,
+# this internal community is removed, so that further actions are not processed.
+match to 192.0.2.41 set ext-community $INTCOMM_PROCESS_PREPEND_COMMS
+
+# prepend_once_to_peer AS4; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 65521:4 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 65521:4 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:65521:4 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+# prepend_twice_to_peer AS4; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 65522:4 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 65522:4 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:65522:4 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+# prepend_thrice_to_peer AS4; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 65523:4 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 65523:4 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:65523:4 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+
+# prepend_once_to_any; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 65521:65521 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 65521:65521 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:65521:65521 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+# prepend_twice_to_any; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 65522:65522 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 65522:65522 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:65522:65522 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+# prepend_thrice_to_any; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 192.0.2.41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 65523:65523 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 65523:65523 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 192.0.2.41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:65523:65523 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+
+# ---------------------------------------------
+# client AS4_2, inbound
+
+
+
+# NEXT_HOP
+match from 2001:db8:1:1::41 set community NO_ADVERTISE
+match from 2001:db8:1:1::41 nexthop 2001:db8:1:1::41 set community delete NO_ADVERTISE
+# Reject inbound routes when 'from 2001:db8:1:1::41 community NO_ADVERTISE' - reject code: 5
+allow quick from 2001:db8:1:1::41 community NO_ADVERTISE set {
+	localpref 1
+	community 65520:0
+	community 65520:5
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: left-most ASN
+# Reject inbound routes when 'from 2001:db8:1:1::41 peer-as != 4' - reject code: 6
+# community from reject_cause_map
+allow quick from 2001:db8:1:1::41 peer-as != 4 set {
+	localpref 1
+	community 65520:0
+	community 65520:6
+	large-community 999:1101:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: invalid ASNs
+# Reject inbound routes when 'from 2001:db8:1:1::41 AS 23456' - reject code: 7
+allow quick from 2001:db8:1:1::41 AS 23456 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 2001:db8:1:1::41 AS 64496 - 131071' - reject code: 7
+allow quick from 2001:db8:1:1::41 AS 64496 - 131071 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+# Reject inbound routes when 'from 2001:db8:1:1::41 AS 4200000000 - 4294967295' - reject code: 7
+allow quick from 2001:db8:1:1::41 AS 4200000000 - 4294967295 set {
+	localpref 1
+	community 65520:0
+	community 65520:7
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: transit-free ASNs
+# Reject inbound routes when 'from 2001:db8:1:1::41 AS { 3, 174 }' - reject code: 8
+allow quick from 2001:db8:1:1::41 AS { 3, 174 } set {
+	localpref 1
+	community 65520:0
+	community 65520:8
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# AS_PATH: never via route-servers ASNs
+# Reject inbound routes when 'from 2001:db8:1:1::41 AS as-set neverviarouteserver' - reject code: 15
+allow quick from 2001:db8:1:1::41 AS as-set neverviarouteserver set {
+	localpref 1
+	community 65520:0
+	community 65520:15
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+
+
+
+
+
+
+# Blackhole request?
+match from 2001:db8:1:1::41 set ext-community delete rt 65520:4
+
+
+# Remove internal communities before accepting the route
+match from 2001:db8:1:1::41 community BLACKHOLE set {
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+allow from 2001:db8:1:1::41 community 65534:0 set {
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+allow from 2001:db8:1:1::41 large-community 65534:0:0 set {
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# Add the rpki_bgp_origin_validation_not_performed community
+match from 2001:db8:1:1::41 community BLACKHOLE set community 65530:4
+match from 2001:db8:1:1::41 community BLACKHOLE set large-community 999:65530:4
+
+match from 2001:db8:1:1::41 community 65534:0 set { community 65530:4 large-community 999:65530:4}
+match from 2001:db8:1:1::41 large-community 65534:0:0 set { community 65530:4 large-community 999:65530:4}
+
+
+allow quick from 2001:db8:1:1::41 community BLACKHOLE
+allow quick from 2001:db8:1:1::41 community 65534:0
+allow quick from 2001:db8:1:1::41 large-community 65534:0:0
+
+
+match from 2001:db8:1:1::41 set ext-community rt 65520:4
+
+
+# RPKI-based Origin Validation
+# Reject inbound routes when 'from 2001:db8:1:1::41 ext-community $INTCOMM_RPKI_INVALID' - reject code: 14
+allow quick from 2001:db8:1:1::41 ext-community $INTCOMM_RPKI_INVALID set {
+	localpref 1
+	community 65520:0
+	community 65520:14
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# Prefix: length
+# Reject inbound routes when 'from 2001:db8:1:1::41 prefix ::/0 prefixlen 17 >< 48' - reject code: 13
+allow quick from 2001:db8:1:1::41 prefix ::/0 prefixlen 17 >< 48 set {
+	localpref 1
+	community 65520:0
+	community 65520:13
+	community delete NO_ADVERTISE
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+
+# Graceful shutdown
+match from 2001:db8:1:1::41 community GRACEFUL_SHUTDOWN set localpref 5
+
+# Remove internal communities before accepting the route
+match from 2001:db8:1:1::41 set {
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+match from 2001:db8:1:1::41 set ext-community delete rt 65520:4
+
+
+
+allow quick from 2001:db8:1:1::41
+
+
+
+# ---------------------------------------------
+# client AS4_2, outbound
+
+deny quick to 2001:db8:1:1::41 community 65520:0
+
+
+
+# Blackhole request?
+# Configured policy: rewrite-next-hop
+match to 2001:db8:1:1::41 community 65534:0 set community BLACKHOLE
+match to 2001:db8:1:1::41 large-community 65534:0:0 set community BLACKHOLE
+
+match to 2001:db8:1:1::41 community BLACKHOLE set community NO_EXPORT
+match to 2001:db8:1:1::41 community BLACKHOLE set nexthop 2001:db8:1:1::66
+
+
+# RPKI-based Origin Validation
+# Do not announce INVALID to clients
+deny quick to 2001:db8:1:1::41 ext-community $INTCOMM_RPKI_INVALID
+
+# NO_EXPORT and NO_ADVERTISE communities
+# add_noexport_to_any
+match to 2001:db8:1:1::41 community 65507:999 set community NO_EXPORT
+match to 2001:db8:1:1::41 ext-community rt 65507:999 set community NO_EXPORT
+match to 2001:db8:1:1::41 large-community 999:65507:999 set community NO_EXPORT
+
+# add_noadvertise_to_any
+match to 2001:db8:1:1::41 community 65508:999 set community NO_ADVERTISE
+match to 2001:db8:1:1::41 ext-community rt 65508:999 set community NO_ADVERTISE
+match to 2001:db8:1:1::41 large-community 999:65508:999 set community NO_ADVERTISE
+
+# add_noexport_to_peer
+match to 2001:db8:1:1::41 community 65509:4 set community NO_EXPORT
+match to 2001:db8:1:1::41 ext-community rt 65509:4 set community NO_EXPORT
+match to 2001:db8:1:1::41 large-community 999:65509:4 set community NO_EXPORT
+
+# add_noadvertise_to_peer
+match to 2001:db8:1:1::41 community 65510:4 set community NO_ADVERTISE
+match to 2001:db8:1:1::41 ext-community rt 65510:4 set community NO_ADVERTISE
+match to 2001:db8:1:1::41 large-community 999:65510:4 set community NO_ADVERTISE
+
+
+# BGP control communities
+allow to 2001:db8:1:1::41
+
+# do_not_announce_to_any
+deny to 2001:db8:1:1::41 community 0:999
+deny to 2001:db8:1:1::41 ext-community rt 0:999
+deny to 2001:db8:1:1::41 large-community 999:0:999
+
+# do_not_announce_to_peer
+deny quick to 2001:db8:1:1::41 community 0:4
+deny quick to 2001:db8:1:1::41 ext-community rt 0:4
+deny quick to 2001:db8:1:1::41 large-community 999:0:4
+
+# announce_to_peer
+allow to 2001:db8:1:1::41 community 65501:4
+allow to 2001:db8:1:1::41 ext-community rt 65501:4
+allow to 2001:db8:1:1::41 large-community 999:65501:4
+
+
+# Add the $INTCOMM_PROCESS_PREPEND_COMMS ext community to signal that communities
+# for prepending can be processed. As soon as one prepending action is performed,
+# this internal community is removed, so that further actions are not processed.
+match to 2001:db8:1:1::41 set ext-community $INTCOMM_PROCESS_PREPEND_COMMS
+
+# prepend_once_to_peer AS4; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 65521:4 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 65521:4 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:65521:4 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+# prepend_twice_to_peer AS4; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 65522:4 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 65522:4 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:65522:4 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+# prepend_thrice_to_peer AS4; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 65523:4 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 65523:4 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:65523:4 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+
+# prepend_once_to_any; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 65521:65521 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 65521:65521 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:65521:65521 set {
+	prepend-neighbor 1
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+# prepend_twice_to_any; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 65522:65522 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 65522:65522 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:65522:65522 set {
+	prepend-neighbor 2
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+# prepend_thrice_to_any; remove INTCOMM_PROCESS_PREPEND_COMMS to prevent further prepending actions
+match to 2001:db8:1:1::41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS community 65523:65523 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS ext-community rt 65523:65523 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+match to 2001:db8:1:1::41 ext-community $INTCOMM_PROCESS_PREPEND_COMMS large-community 999:65523:65523 set {
+	prepend-neighbor 3
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+}
+
+
+
+
+
+# Scrub communities from outbound routes
+# add_noadvertise_to_any
+match to group clients set community delete 65508:999
+match to group clients set ext-community delete rt 65508:999
+match to group clients set large-community delete 999:65508:999
+
+# add_noadvertise_to_peer
+match to group clients set community delete 65510:*
+match to group clients set ext-community delete rt 65510:*
+match to group clients set large-community delete 999:65510:*
+
+# add_noexport_to_any
+match to group clients set community delete 65507:999
+match to group clients set ext-community delete rt 65507:999
+match to group clients set large-community delete 999:65507:999
+
+# add_noexport_to_peer
+match to group clients set community delete 65509:*
+match to group clients set ext-community delete rt 65509:*
+match to group clients set large-community delete 999:65509:*
+
+# announce_to_peer
+match to group clients set community delete 65501:*
+match to group clients set ext-community delete rt 65501:*
+match to group clients set large-community delete 999:65501:*
+
+# announce_to_peers_with_rtt_higher_than
+match to group clients set community delete 64533:*
+match to group clients set ext-community delete rt 64533:*
+match to group clients set large-community delete 999:64533:*
+
+# announce_to_peers_with_rtt_lower_than
+match to group clients set community delete 64532:*
+match to group clients set ext-community delete rt 64532:*
+match to group clients set large-community delete 999:64532:*
+
+# blackholing
+match to group clients set community delete 65534:0
+match to group clients set large-community delete 65534:0:0
+
+# do_not_announce_to_any
+match to group clients set community delete 0:999
+match to group clients set ext-community delete rt 0:999
+match to group clients set large-community delete 999:0:999
+
+# do_not_announce_to_peer
+match to group clients set community delete 0:*
+match to group clients set ext-community delete rt 0:*
+match to group clients set large-community delete 999:0:*
+
+# do_not_announce_to_peers_with_rtt_higher_than
+match to group clients set community delete 64531:*
+match to group clients set ext-community delete rt 64531:*
+match to group clients set large-community delete 999:64531:*
+
+# do_not_announce_to_peers_with_rtt_lower_than
+match to group clients set community delete 64530:*
+match to group clients set ext-community delete rt 64530:*
+match to group clients set large-community delete 999:64530:*
+
+# prepend_once_to_any
+match to group clients set community delete 65521:65521
+match to group clients set ext-community delete rt 65521:65521
+match to group clients set large-community delete 999:65521:65521
+
+# prepend_once_to_peer
+match to group clients set community delete 65521:*
+match to group clients set ext-community delete rt 65521:*
+match to group clients set large-community delete 999:65521:*
+
+# prepend_once_to_peers_with_rtt_higher_than
+match to group clients set community delete 64537:*
+match to group clients set ext-community delete rt 64537:*
+match to group clients set large-community delete 999:64537:*
+
+# prepend_once_to_peers_with_rtt_lower_than
+match to group clients set community delete 64534:*
+match to group clients set ext-community delete rt 64534:*
+match to group clients set large-community delete 999:64534:*
+
+# prepend_thrice_to_any
+match to group clients set community delete 65523:65523
+match to group clients set ext-community delete rt 65523:65523
+match to group clients set large-community delete 999:65523:65523
+
+# prepend_thrice_to_peer
+match to group clients set community delete 65523:*
+match to group clients set ext-community delete rt 65523:*
+match to group clients set large-community delete 999:65523:*
+
+# prepend_thrice_to_peers_with_rtt_higher_than
+match to group clients set community delete 64539:*
+match to group clients set ext-community delete rt 64539:*
+match to group clients set large-community delete 999:64539:*
+
+# prepend_thrice_to_peers_with_rtt_lower_than
+match to group clients set community delete 64536:*
+match to group clients set ext-community delete rt 64536:*
+match to group clients set large-community delete 999:64536:*
+
+# prepend_twice_to_any
+match to group clients set community delete 65522:65522
+match to group clients set ext-community delete rt 65522:65522
+match to group clients set large-community delete 999:65522:65522
+
+# prepend_twice_to_peer
+match to group clients set community delete 65522:*
+match to group clients set ext-community delete rt 65522:*
+match to group clients set large-community delete 999:65522:*
+
+# prepend_twice_to_peers_with_rtt_higher_than
+match to group clients set community delete 64538:*
+match to group clients set ext-community delete rt 64538:*
+match to group clients set large-community delete 999:64538:*
+
+# prepend_twice_to_peers_with_rtt_lower_than
+match to group clients set community delete 64535:*
+match to group clients set ext-community delete rt 64535:*
+match to group clients set large-community delete 999:64535:*
+
+# reject_cause
+match to group clients set community delete 65520:*
+
+# reject_cause_map_6
+match to group clients set large-community delete 999:1101:7
+
+# rejected_route_announced_by
+match to group clients set ext-community delete rt 65520:*
+
+
+# Scrub prepending communities
+match to group clients set {
+	community delete 65521:65521
+	ext-community delete rt 65521:65521
+	large-community delete 999:65521:65521
+
+}
+match to group clients set {
+	community delete 65521:*
+	ext-community delete rt 65521:*
+	large-community delete 999:65521:*
+
+}
+match to group clients set {
+	community delete 64537:*
+	ext-community delete rt 64537:*
+	large-community delete 999:64537:*
+
+}
+match to group clients set {
+	community delete 64534:*
+	ext-community delete rt 64534:*
+	large-community delete 999:64534:*
+
+}
+match to group clients set {
+	community delete 65523:65523
+	ext-community delete rt 65523:65523
+	large-community delete 999:65523:65523
+
+}
+match to group clients set {
+	community delete 65523:*
+	ext-community delete rt 65523:*
+	large-community delete 999:65523:*
+
+}
+match to group clients set {
+	community delete 64539:*
+	ext-community delete rt 64539:*
+	large-community delete 999:64539:*
+
+}
+match to group clients set {
+	community delete 64536:*
+	ext-community delete rt 64536:*
+	large-community delete 999:64536:*
+
+}
+match to group clients set {
+	community delete 65522:65522
+	ext-community delete rt 65522:65522
+	large-community delete 999:65522:65522
+
+}
+match to group clients set {
+	community delete 65522:*
+	ext-community delete rt 65522:*
+	large-community delete 999:65522:*
+
+}
+match to group clients set {
+	community delete 64538:*
+	ext-community delete rt 64538:*
+	large-community delete 999:64538:*
+
+}
+match to group clients set {
+	community delete 64535:*
+	ext-community delete rt 64535:*
+	large-community delete 999:64535:*
+
+}
+
+
+# RFC1997 NO_EXPORT/NO_ADVERTISE received from clients and propagated because of pass-through policy
+match to group clients ext-community $INTCOMM_NO_EXPORT set community NO_EXPORT
+match to group clients ext-community $INTCOMM_NO_ADVERTISE set community NO_ADVERTISE
+
+# Remove internal communities before announcing the route
+match to group clients set {
+	ext-community delete $INTCOMM_PREF_OK_ROA
+	ext-community delete $INTCOMM_ROUTE_OK_WL
+	ext-community delete $INTCOMM_PREF_OK_ARINDB
+	ext-community delete $INTCOMM_PREF_OK_REGISTROBRDB
+	ext-community delete $INTCOMM_ORIGIN_OK
+	ext-community delete $INTCOMM_ORIGIN_KO
+	ext-community delete $INTCOMM_PREFIX_OK
+	ext-community delete $INTCOMM_PREFIX_KO
+	ext-community delete $INTCOMM_IRR_REJECT
+	ext-community delete $INTCOMM_RPKI_UNKNOWN
+	ext-community delete $INTCOMM_RPKI_INVALID
+	ext-community delete $INTCOMM_RPKI_VALID
+	ext-community delete $INTCOMM_NO_EXPORT
+	ext-community delete $INTCOMM_NO_ADVERTISE
+	ext-community delete $INTCOMM_PROCESS_PREPEND_COMMS
+
+}
+
+include "/etc/bgpd/post-filters.local"
+
+
diff --git a/tests/live_tests/scenarios/tag_reject_policy/routes/TagRejectPolicyScenario_OpenBGPDIPv4/openbgpd77p/AS101.txt b/tests/live_tests/scenarios/tag_reject_policy/routes/TagRejectPolicyScenario_OpenBGPDIPv4/openbgpd77p/AS101.txt
new file mode 100644
index 00000000..33ec3bbb
--- /dev/null
+++ b/tests/live_tests/scenarios/tag_reject_policy/routes/TagRejectPolicyScenario_OpenBGPDIPv4/openbgpd77p/AS101.txt
@@ -0,0 +1,406 @@
+2001::/48, AS_PATH: 1, NEXT_HOP: 2001:db8:1:1::11, via 2001:db8:1:1::11
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2001:db8:1::/48, AS_PATH: 1, NEXT_HOP: 2001:db8:1:1::11, via 2001:db8:1:1::11
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a01:0:1::/48, AS_PATH: 1, NEXT_HOP: 2001:db8:1:1::11, via 2001:db8:1:1::11
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a01:0:1::/48, AS_PATH: 1, NEXT_HOP: 2001:db8:1:1::12, via 2001:db8:1:1::12
+  std comms:
+  ext comms:
+  lrg comms:
+  best: False, LOCAL_PREF: 100
+  filtered: False ()
+
+2a01:0:1::/48, AS_PATH: 2 1, NEXT_HOP: 2001:db8:1:1::21, via 2001:db8:1:1::21
+  std comms:
+  ext comms:
+  lrg comms:
+  best: False, LOCAL_PREF: 100
+  filtered: False ()
+
+2a01:0:2::/48, AS_PATH: 1, NEXT_HOP: 2001:db8:1:1::11, via 2001:db8:1:1::11
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a01:0:2::/48, AS_PATH: 1, NEXT_HOP: 2001:db8:1:1::12, via 2001:db8:1:1::12
+  std comms:
+  ext comms:
+  lrg comms:
+  best: False, LOCAL_PREF: 100
+  filtered: False ()
+
+2a01:0:2::/48, AS_PATH: 2 1, NEXT_HOP: 2001:db8:1:1::21, via 2001:db8:1:1::21
+  std comms:
+  ext comms:
+  lrg comms:
+  best: False, LOCAL_PREF: 100
+  filtered: False ()
+
+2a01:0:3::/48, AS_PATH: 1, NEXT_HOP: 2001:db8:1:1::12, via 2001:db8:1:1::12
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a01:0:3::/48, AS_PATH: 2 1, NEXT_HOP: 2001:db8:1:1::21, via 2001:db8:1:1::21
+  std comms:
+  ext comms:
+  lrg comms:
+  best: False, LOCAL_PREF: 100
+  filtered: False ()
+
+2a02:0:1::/48, AS_PATH: 1 2, NEXT_HOP: 2001:db8:1:1::11, via 2001:db8:1:1::11
+  std comms:
+  ext comms:
+  lrg comms:
+  best: False, LOCAL_PREF: 100
+  filtered: False ()
+
+2a02:0:1::/48, AS_PATH: 1 2, NEXT_HOP: 2001:db8:1:1::12, via 2001:db8:1:1::12
+  std comms:
+  ext comms:
+  lrg comms:
+  best: False, LOCAL_PREF: 100
+  filtered: False ()
+
+2a02:0:1::/48, AS_PATH: 2, NEXT_HOP: 2001:db8:1:1::21, via 2001:db8:1:1::21
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a02:0:2::/48, AS_PATH: 1 2, NEXT_HOP: 2001:db8:1:1::11, via 2001:db8:1:1::11
+  std comms:
+  ext comms:
+  lrg comms:
+  best: False, LOCAL_PREF: 100
+  filtered: False ()
+
+2a02:0:2::/48, AS_PATH: 1 2, NEXT_HOP: 2001:db8:1:1::12, via 2001:db8:1:1::12
+  std comms:
+  ext comms:
+  lrg comms:
+  best: False, LOCAL_PREF: 100
+  filtered: False ()
+
+2a02:0:2::/48, AS_PATH: 2, NEXT_HOP: 2001:db8:1:1::21, via 2001:db8:1:1::21
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a02:0:3::1/128, AS_PATH: 2, NEXT_HOP: 2001:db8:1:1::21, via 2001:db8:1:1::21
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a02:0:3::2/128, AS_PATH: 2, NEXT_HOP: 2001:db8:1:1::21, via 2001:db8:1:1::21
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a02:0:3::3/128, AS_PATH: 2, NEXT_HOP: 2001:db8:1:1::21, via 2001:db8:1:1::21
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a02:0:4::/48, AS_PATH: 1 2, NEXT_HOP: 2001:db8:1:1::11, via 2001:db8:1:1::11
+  std comms:
+  ext comms:
+  lrg comms:
+  best: False, LOCAL_PREF: 100
+  filtered: False ()
+
+2a02:0:4::/48, AS_PATH: 1 2, NEXT_HOP: 2001:db8:1:1::12, via 2001:db8:1:1::12
+  std comms:
+  ext comms:
+  lrg comms:
+  best: False, LOCAL_PREF: 100
+  filtered: False ()
+
+2a02:0:4::/48, AS_PATH: 2, NEXT_HOP: 2001:db8:1:1::21, via 2001:db8:1:1::21
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a02:0:5::/48, AS_PATH: 2, NEXT_HOP: 2001:db8:1:1::21, via 2001:db8:1:1::21
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a03:0:2::/48, AS_PATH: 1 3, NEXT_HOP: 2001:db8:1:1::11, via 2001:db8:1:1::11
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a03:0:2::/48, AS_PATH: 1 3, NEXT_HOP: 2001:db8:1:1::12, via 2001:db8:1:1::12
+  std comms:
+  ext comms:
+  lrg comms:
+  best: False, LOCAL_PREF: 100
+  filtered: False ()
+
+2a03:0:3::/48, AS_PATH: 2 3, NEXT_HOP: 2001:db8:1:1::21, via 2001:db8:1:1::21
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a03:0:5::/48, AS_PATH: 1 3 3, NEXT_HOP: 2001:db8:1:1::11, via 2001:db8:1:1::11
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a03:0:5::/48, AS_PATH: 1 3 3, NEXT_HOP: 2001:db8:1:1::12, via 2001:db8:1:1::12
+  std comms:
+  ext comms:
+  lrg comms:
+  best: False, LOCAL_PREF: 100
+  filtered: False ()
+
+2a03:0:5::/48, AS_PATH: 2 3 3, NEXT_HOP: 2001:db8:1:1::21, via 2001:db8:1:1::21
+  std comms:
+  ext comms:
+  lrg comms:
+  best: False, LOCAL_PREF: 100
+  filtered: False ()
+
+2a03:0:6::/48, AS_PATH: 1 3 3 3, NEXT_HOP: 2001:db8:1:1::11, via 2001:db8:1:1::11
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a03:0:6::/48, AS_PATH: 1 3 3 3, NEXT_HOP: 2001:db8:1:1::12, via 2001:db8:1:1::12
+  std comms:
+  ext comms:
+  lrg comms:
+  best: False, LOCAL_PREF: 100
+  filtered: False ()
+
+2a03:0:6::/48, AS_PATH: 2 3 3 3, NEXT_HOP: 2001:db8:1:1::21, via 2001:db8:1:1::21
+  std comms:
+  ext comms:
+  lrg comms:
+  best: False, LOCAL_PREF: 100
+  filtered: False ()
+
+2a03:0:7::/48, AS_PATH: 1 3 3 3 3, NEXT_HOP: 2001:db8:1:1::11, via 2001:db8:1:1::11
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a03:0:7::/48, AS_PATH: 1 3 3 3 3, NEXT_HOP: 2001:db8:1:1::12, via 2001:db8:1:1::12
+  std comms:
+  ext comms:
+  lrg comms:
+  best: False, LOCAL_PREF: 100
+  filtered: False ()
+
+2a03:0:7::/48, AS_PATH: 2 3 3 3 3, NEXT_HOP: 2001:db8:1:1::21, via 2001:db8:1:1::21
+  std comms:
+  ext comms:
+  lrg comms:
+  best: False, LOCAL_PREF: 100
+  filtered: False ()
+
+2a03:0:8::/48, AS_PATH: 1 3 3, NEXT_HOP: 2001:db8:1:1::11, via 2001:db8:1:1::11
+  std comms:
+  ext comms:
+  lrg comms:
+  best: False, LOCAL_PREF: 100
+  filtered: False ()
+
+2a03:0:8::/48, AS_PATH: 1 3 3, NEXT_HOP: 2001:db8:1:1::12, via 2001:db8:1:1::12
+  std comms:
+  ext comms:
+  lrg comms:
+  best: False, LOCAL_PREF: 100
+  filtered: False ()
+
+2a03:0:8::/48, AS_PATH: 2 3, NEXT_HOP: 2001:db8:1:1::21, via 2001:db8:1:1::21
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a03:0:9::/48, AS_PATH: 1 3, NEXT_HOP: 2001:db8:1:1::11, via 2001:db8:1:1::11
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a03:0:9::/48, AS_PATH: 1 3, NEXT_HOP: 2001:db8:1:1::12, via 2001:db8:1:1::12
+  std comms:
+  ext comms:
+  lrg comms:
+  best: False, LOCAL_PREF: 100
+  filtered: False ()
+
+2a03:0:9::/48, AS_PATH: 2 3 3 3, NEXT_HOP: 2001:db8:1:1::21, via 2001:db8:1:1::21
+  std comms:
+  ext comms:
+  lrg comms:
+  best: False, LOCAL_PREF: 100
+  filtered: False ()
+
+2a03:0:a::/48, AS_PATH: 1 3 3 3 3, NEXT_HOP: 2001:db8:1:1::11, via 2001:db8:1:1::11
+  std comms:
+  ext comms:
+  lrg comms:
+  best: False, LOCAL_PREF: 100
+  filtered: False ()
+
+2a03:0:a::/48, AS_PATH: 1 3 3 3 3, NEXT_HOP: 2001:db8:1:1::12, via 2001:db8:1:1::12
+  std comms:
+  ext comms:
+  lrg comms:
+  best: False, LOCAL_PREF: 100
+  filtered: False ()
+
+2a03:0:a::/48, AS_PATH: 2 3 3, NEXT_HOP: 2001:db8:1:1::21, via 2001:db8:1:1::21
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a03:0:c::/48, AS_PATH: 2 3 3 3 3, NEXT_HOP: 2001:db8:1:1::21, via 2001:db8:1:1::21
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a11:1:1::/48, AS_PATH: 1, NEXT_HOP: 2001:db8:1:1::11, via 2001:db8:1:1::11
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a11:1:1::/48, AS_PATH: 2 1 1011, NEXT_HOP: 2001:db8:1:1::21, via 2001:db8:1:1::21
+  std comms:
+  ext comms:
+  lrg comms:
+  best: False, LOCAL_PREF: 100
+  filtered: False ()
+
+2a11:1:2::/48, AS_PATH: 1, NEXT_HOP: 2001:db8:1:1::11, via 2001:db8:1:1::11
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a11:2:1::/48, AS_PATH: 1, NEXT_HOP: 2001:db8:1:1::11, via 2001:db8:1:1::11
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a11:3:1::/48, AS_PATH: 1, NEXT_HOP: 2001:db8:1:1::11, via 2001:db8:1:1::11
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a11:3::/32, AS_PATH: 1, NEXT_HOP: 2001:db8:1:1::11, via 2001:db8:1:1::11
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a11:3::/32, AS_PATH: 2 1 1011, NEXT_HOP: 2001:db8:1:1::21, via 2001:db8:1:1::21
+  std comms:
+  ext comms:
+  lrg comms:
+  best: False, LOCAL_PREF: 100
+  filtered: False ()
+
+2a11:4:1::/48, AS_PATH: 1, NEXT_HOP: 2001:db8:1:1::11, via 2001:db8:1:1::11
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a11:4:1::/48, AS_PATH: 2 1 1000, NEXT_HOP: 2001:db8:1:1::21, via 2001:db8:1:1::21
+  std comms:
+  ext comms:
+  lrg comms:
+  best: False, LOCAL_PREF: 100
+  filtered: False ()
+
+2a99:1::/48, AS_PATH: 1, NEXT_HOP: 2001:db8:1:1::11, via 2001:db8:1:1::11
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a99:2::/48, AS_PATH: 1, NEXT_HOP: 2001:db8:1:1::11, via 2001:db8:1:1::11
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a99::/16, AS_PATH: 1, NEXT_HOP: 2001:db8:1:1::11, via 2001:db8:1:1::11
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a99::/32, AS_PATH: 1, NEXT_HOP: 2001:db8:1:1::11, via 2001:db8:1:1::11
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
diff --git a/tests/live_tests/scenarios/tag_reject_policy/routes/TagRejectPolicyScenario_OpenBGPDIPv4/openbgpd77p/AS1_1.txt b/tests/live_tests/scenarios/tag_reject_policy/routes/TagRejectPolicyScenario_OpenBGPDIPv4/openbgpd77p/AS1_1.txt
new file mode 100644
index 00000000..5a4a4b4c
--- /dev/null
+++ b/tests/live_tests/scenarios/tag_reject_policy/routes/TagRejectPolicyScenario_OpenBGPDIPv4/openbgpd77p/AS1_1.txt
@@ -0,0 +1,280 @@
+2a02:0:1::/48, AS_PATH: 2, NEXT_HOP: 2001:db8:1:1::21, via 2001:db8:1:1::2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a02:0:2::/48, AS_PATH: 2, NEXT_HOP: 2001:db8:1:1::21, via 2001:db8:1:1::2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a02:0:3::1/128, AS_PATH: 2, NEXT_HOP: 2001:db8:1:1::66, via 2001:db8:1:1::2
+  std comms: 65530:4, 65535:65281, 65535:666
+  ext comms:
+  lrg comms: 999:65530:4
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a02:0:3::2/128, AS_PATH: 2, NEXT_HOP: 2001:db8:1:1::66, via 2001:db8:1:1::2
+  std comms: 65530:4, 65535:65281, 65535:666
+  ext comms:
+  lrg comms: 999:65530:4
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a02:0:3::3/128, AS_PATH: 2, NEXT_HOP: 2001:db8:1:1::66, via 2001:db8:1:1::2
+  std comms: 65530:4, 65535:65281, 65535:666
+  ext comms:
+  lrg comms: 999:65530:4
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a02:0:4::/48, AS_PATH: 2, NEXT_HOP: 2001:db8:1:1::22, via 2001:db8:1:1::2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a03:0:2::/48, AS_PATH: 3, NEXT_HOP: 2001:db8:1:1::31, via 2001:db8:1:1::2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a03:0:5::/48, AS_PATH: 3 3, NEXT_HOP: 2001:db8:1:1::31, via 2001:db8:1:1::2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a03:0:6::/48, AS_PATH: 3 3 3, NEXT_HOP: 2001:db8:1:1::31, via 2001:db8:1:1::2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a03:0:7::/48, AS_PATH: 3 3 3 3, NEXT_HOP: 2001:db8:1:1::31, via 2001:db8:1:1::2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a03:0:8::/48, AS_PATH: 3 3, NEXT_HOP: 2001:db8:1:1::31, via 2001:db8:1:1::2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a03:0:9::/48, AS_PATH: 3, NEXT_HOP: 2001:db8:1:1::31, via 2001:db8:1:1::2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a03:0:a::/48, AS_PATH: 3 3 3 3, NEXT_HOP: 2001:db8:1:1::31, via 2001:db8:1:1::2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a03:0:b::/48, AS_PATH: 3, NEXT_HOP: 2001:db8:1:1::31, via 2001:db8:1:1::2
+  std comms: 65535:65281
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a03:0:c::/48, AS_PATH: 3, NEXT_HOP: 2001:db8:1:1::31, via 2001:db8:1:1::2
+  std comms: 65535:65281
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a03:0:d::/48, AS_PATH: 3, NEXT_HOP: 2001:db8:1:1::31, via 2001:db8:1:1::2
+  std comms: 65535:65281
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+3101:0:10::/48, AS_PATH: 101 666, NEXT_HOP: 2001:db8:1:1::101, via 2001:db8:1:1::101
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+3101:0:11::/48, AS_PATH: 101 777, NEXT_HOP: 2001:db8:1:1::101, via 2001:db8:1:1::101
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+3101:0:1::/48, AS_PATH: 101, NEXT_HOP: 2001:db8:1:1::101, via 2001:db8:1:1::101
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+3101:0:2::/48, AS_PATH: 101, NEXT_HOP: 2001:db8:1:1::101, via 2001:db8:1:1::101
+  std comms: 65530:0
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+3101:0:3::/48, AS_PATH: 101, NEXT_HOP: 2001:db8:1:1::101, via 2001:db8:1:1::101
+  std comms:
+  ext comms:
+  lrg comms: 999:65530:0
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+3101:0:4::/48, AS_PATH: 101, NEXT_HOP: 2001:db8:1:1::101, via 2001:db8:1:1::101
+  std comms: 888:0
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+3101:0:5::/48, AS_PATH: 101, NEXT_HOP: 2001:db8:1:1::101, via 2001:db8:1:1::101
+  std comms:
+  ext comms:
+  lrg comms: 888:0:0
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+3101:0:6::/48, AS_PATH: 101, NEXT_HOP: 2001:db8:1:1::101, via 2001:db8:1:1::101
+  std comms: 65530:1, 777:0
+  ext comms:
+  lrg comms: 777:0:0, 999:65530:1
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+3101:0:7::/48, AS_PATH: 101 174, NEXT_HOP: 2001:db8:1:1::101, via 2001:db8:1:1::101
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+3101:0:8000::/48, AS_PATH: 101, NEXT_HOP: 2001:db8:1:1::101, via 2001:db8:1:1::101
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+3101:0:8000::1/128, AS_PATH: 101, NEXT_HOP: 2001:db8:1:1::101, via 2001:db8:1:1::101
+  std comms: 65535:666
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+3101:0:8::/48, AS_PATH: 101, NEXT_HOP: 2001:db8:1:1::101, via 2001:db8:1:1::101
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+3101:0:9::/48, AS_PATH: 101, NEXT_HOP: 2001:db8:1:1::101, via 2001:db8:1:1::101
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+3101:1::/48, AS_PATH: 101, NEXT_HOP: 2001:db8:1:1::101, via 2001:db8:1:1::101
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+3101:2:4000::/34, AS_PATH: 101, NEXT_HOP: 2001:db8:1:1::101, via 2001:db8:1:1::101
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+3101:2:8000::/48, AS_PATH: 101, NEXT_HOP: 2001:db8:1:1::101, via 2001:db8:1:1::101
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+3101:2::/33, AS_PATH: 101, NEXT_HOP: 2001:db8:1:1::101, via 2001:db8:1:1::101
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+3101:3:1::/48, AS_PATH: 101 105, NEXT_HOP: 2001:db8:1:1::101, via 2001:db8:1:1::101
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+3102:0:1::/48, AS_PATH: 101 102, NEXT_HOP: 2001:db8:1:1::101, via 2001:db8:1:1::101
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+3103:0:1::/48, AS_PATH: 101 103, NEXT_HOP: 2001:db8:1:1::101, via 2001:db8:1:1::101
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+3103:0:2::/48, AS_PATH: 101 101 103, NEXT_HOP: 2001:db8:1:1::101, via 2001:db8:1:1::101
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+3104:0:1::/48, AS_PATH: 101 104, NEXT_HOP: 2001:db8:1:1::101, via 2001:db8:1:1::101
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+3104:1:1::/48, AS_PATH: 101 104, NEXT_HOP: 2001:db8:1:1::101, via 2001:db8:1:1::101
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+8000:1::/32, AS_PATH: 101, NEXT_HOP: 2001:db8:1:1::101, via 2001:db8:1:1::101
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
diff --git a/tests/live_tests/scenarios/tag_reject_policy/routes/TagRejectPolicyScenario_OpenBGPDIPv4/openbgpd77p/AS1_2.txt b/tests/live_tests/scenarios/tag_reject_policy/routes/TagRejectPolicyScenario_OpenBGPDIPv4/openbgpd77p/AS1_2.txt
new file mode 100644
index 00000000..86b7ea6c
--- /dev/null
+++ b/tests/live_tests/scenarios/tag_reject_policy/routes/TagRejectPolicyScenario_OpenBGPDIPv4/openbgpd77p/AS1_2.txt
@@ -0,0 +1,259 @@
+2a02:0:1::/48, AS_PATH: 2, NEXT_HOP: 2001:db8:1:1::21, via 2001:db8:1:1::2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a02:0:2::/48, AS_PATH: 2, NEXT_HOP: 2001:db8:1:1::21, via 2001:db8:1:1::2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a02:0:4::/48, AS_PATH: 2, NEXT_HOP: 2001:db8:1:1::22, via 2001:db8:1:1::2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a03:0:2::/48, AS_PATH: 3, NEXT_HOP: 2001:db8:1:1::31, via 2001:db8:1:1::2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a03:0:5::/48, AS_PATH: 3 3, NEXT_HOP: 2001:db8:1:1::31, via 2001:db8:1:1::2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a03:0:6::/48, AS_PATH: 3 3 3, NEXT_HOP: 2001:db8:1:1::31, via 2001:db8:1:1::2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a03:0:7::/48, AS_PATH: 3 3 3 3, NEXT_HOP: 2001:db8:1:1::31, via 2001:db8:1:1::2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a03:0:8::/48, AS_PATH: 3 3, NEXT_HOP: 2001:db8:1:1::31, via 2001:db8:1:1::2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a03:0:9::/48, AS_PATH: 3, NEXT_HOP: 2001:db8:1:1::31, via 2001:db8:1:1::2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a03:0:a::/48, AS_PATH: 3 3 3 3, NEXT_HOP: 2001:db8:1:1::31, via 2001:db8:1:1::2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a03:0:b::/48, AS_PATH: 3, NEXT_HOP: 2001:db8:1:1::31, via 2001:db8:1:1::2
+  std comms: 65535:65281
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a03:0:c::/48, AS_PATH: 3, NEXT_HOP: 2001:db8:1:1::31, via 2001:db8:1:1::2
+  std comms: 65535:65281
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a03:0:d::/48, AS_PATH: 3, NEXT_HOP: 2001:db8:1:1::31, via 2001:db8:1:1::2
+  std comms: 65535:65281
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+3101:0:10::/48, AS_PATH: 101 666, NEXT_HOP: 2001:db8:1:1::101, via 2001:db8:1:1::101
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+3101:0:11::/48, AS_PATH: 101 777, NEXT_HOP: 2001:db8:1:1::101, via 2001:db8:1:1::101
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+3101:0:1::/48, AS_PATH: 101, NEXT_HOP: 2001:db8:1:1::101, via 2001:db8:1:1::101
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+3101:0:2::/48, AS_PATH: 101, NEXT_HOP: 2001:db8:1:1::101, via 2001:db8:1:1::101
+  std comms: 65530:0
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+3101:0:3::/48, AS_PATH: 101, NEXT_HOP: 2001:db8:1:1::101, via 2001:db8:1:1::101
+  std comms:
+  ext comms:
+  lrg comms: 999:65530:0
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+3101:0:4::/48, AS_PATH: 101, NEXT_HOP: 2001:db8:1:1::101, via 2001:db8:1:1::101
+  std comms: 888:0
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+3101:0:5::/48, AS_PATH: 101, NEXT_HOP: 2001:db8:1:1::101, via 2001:db8:1:1::101
+  std comms:
+  ext comms:
+  lrg comms: 888:0:0
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+3101:0:6::/48, AS_PATH: 101, NEXT_HOP: 2001:db8:1:1::101, via 2001:db8:1:1::101
+  std comms: 65530:1, 777:0
+  ext comms:
+  lrg comms: 777:0:0, 999:65530:1
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+3101:0:7::/48, AS_PATH: 101 174, NEXT_HOP: 2001:db8:1:1::101, via 2001:db8:1:1::101
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+3101:0:8000::/48, AS_PATH: 101, NEXT_HOP: 2001:db8:1:1::101, via 2001:db8:1:1::101
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+3101:0:8000::1/128, AS_PATH: 101, NEXT_HOP: 2001:db8:1:1::101, via 2001:db8:1:1::101
+  std comms: 65535:666
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+3101:0:8::/48, AS_PATH: 101, NEXT_HOP: 2001:db8:1:1::101, via 2001:db8:1:1::101
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+3101:0:9::/48, AS_PATH: 101, NEXT_HOP: 2001:db8:1:1::101, via 2001:db8:1:1::101
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+3101:1::/48, AS_PATH: 101, NEXT_HOP: 2001:db8:1:1::101, via 2001:db8:1:1::101
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+3101:2:4000::/34, AS_PATH: 101, NEXT_HOP: 2001:db8:1:1::101, via 2001:db8:1:1::101
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+3101:2:8000::/48, AS_PATH: 101, NEXT_HOP: 2001:db8:1:1::101, via 2001:db8:1:1::101
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+3101:2::/33, AS_PATH: 101, NEXT_HOP: 2001:db8:1:1::101, via 2001:db8:1:1::101
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+3101:3:1::/48, AS_PATH: 101 105, NEXT_HOP: 2001:db8:1:1::101, via 2001:db8:1:1::101
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+3102:0:1::/48, AS_PATH: 101 102, NEXT_HOP: 2001:db8:1:1::101, via 2001:db8:1:1::101
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+3103:0:1::/48, AS_PATH: 101 103, NEXT_HOP: 2001:db8:1:1::101, via 2001:db8:1:1::101
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+3103:0:2::/48, AS_PATH: 101 101 103, NEXT_HOP: 2001:db8:1:1::101, via 2001:db8:1:1::101
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+3104:0:1::/48, AS_PATH: 101 104, NEXT_HOP: 2001:db8:1:1::101, via 2001:db8:1:1::101
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+3104:1:1::/48, AS_PATH: 101 104, NEXT_HOP: 2001:db8:1:1::101, via 2001:db8:1:1::101
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+8000:1::/32, AS_PATH: 101, NEXT_HOP: 2001:db8:1:1::101, via 2001:db8:1:1::101
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
diff --git a/tests/live_tests/scenarios/tag_reject_policy/routes/TagRejectPolicyScenario_OpenBGPDIPv4/openbgpd77p/AS2.txt b/tests/live_tests/scenarios/tag_reject_policy/routes/TagRejectPolicyScenario_OpenBGPDIPv4/openbgpd77p/AS2.txt
new file mode 100644
index 00000000..aafa6dae
--- /dev/null
+++ b/tests/live_tests/scenarios/tag_reject_policy/routes/TagRejectPolicyScenario_OpenBGPDIPv4/openbgpd77p/AS2.txt
@@ -0,0 +1,350 @@
+2a01:0:1::/48, AS_PATH: 1, NEXT_HOP: 2001:db8:1:1::11, via 2001:db8:1:1::2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a01:0:2::/48, AS_PATH: 1, NEXT_HOP: 2001:db8:1:1::11, via 2001:db8:1:1::2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a01:0:3::/48, AS_PATH: 1, NEXT_HOP: 2001:db8:1:1::11, via 2001:db8:1:1::2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a03:0:3::/48, AS_PATH: 3, NEXT_HOP: 2001:db8:1:1::31, via 2001:db8:1:1::2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a03:0:5::/48, AS_PATH: 3 3, NEXT_HOP: 2001:db8:1:1::31, via 2001:db8:1:1::2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a03:0:6::/48, AS_PATH: 3 3 3, NEXT_HOP: 2001:db8:1:1::31, via 2001:db8:1:1::2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a03:0:7::/48, AS_PATH: 3 3 3 3, NEXT_HOP: 2001:db8:1:1::31, via 2001:db8:1:1::2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a03:0:8::/48, AS_PATH: 3, NEXT_HOP: 2001:db8:1:1::31, via 2001:db8:1:1::2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a03:0:9::/48, AS_PATH: 3 3 3, NEXT_HOP: 2001:db8:1:1::31, via 2001:db8:1:1::2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a03:0:a::/48, AS_PATH: 3 3, NEXT_HOP: 2001:db8:1:1::31, via 2001:db8:1:1::2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a03:0:b::/48, AS_PATH: 3, NEXT_HOP: 2001:db8:1:1::31, via 2001:db8:1:1::2
+  std comms: 65535:65281
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a03:0:c::/48, AS_PATH: 3 3 3 3, NEXT_HOP: 2001:db8:1:1::31, via 2001:db8:1:1::2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a03:0:d::/48, AS_PATH: 3, NEXT_HOP: 2001:db8:1:1::31, via 2001:db8:1:1::2
+  std comms: 65535:65281
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a11:1:1::/48, AS_PATH: 1 1011, NEXT_HOP: 2001:db8:1:1::11, via 2001:db8:1:1::2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a11:3::/32, AS_PATH: 1 1011, NEXT_HOP: 2001:db8:1:1::11, via 2001:db8:1:1::2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a11:4:1::/48, AS_PATH: 1 1000, NEXT_HOP: 2001:db8:1:1::11, via 2001:db8:1:1::2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+3101:0:10::/48, AS_PATH: 101 666, NEXT_HOP: 2001:db8:1:1::101, via 2001:db8:1:1::101
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+3101:0:11::/48, AS_PATH: 101 777, NEXT_HOP: 2001:db8:1:1::101, via 2001:db8:1:1::101
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+3101:0:1::/48, AS_PATH: 1 101, NEXT_HOP: 2001:db8:1:1::11, via 2001:db8:1:1::2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: False, LOCAL_PREF: 100
+  filtered: False ()
+
+3101:0:1::/48, AS_PATH: 101, NEXT_HOP: 2001:db8:1:1::101, via 2001:db8:1:1::101
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+3101:0:2::/48, AS_PATH: 1 101, NEXT_HOP: 2001:db8:1:1::11, via 2001:db8:1:1::2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: False, LOCAL_PREF: 100
+  filtered: False ()
+
+3101:0:2::/48, AS_PATH: 101, NEXT_HOP: 2001:db8:1:1::101, via 2001:db8:1:1::101
+  std comms: 65530:0
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+3101:0:3::/48, AS_PATH: 1 101, NEXT_HOP: 2001:db8:1:1::11, via 2001:db8:1:1::2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: False, LOCAL_PREF: 100
+  filtered: False ()
+
+3101:0:3::/48, AS_PATH: 101, NEXT_HOP: 2001:db8:1:1::101, via 2001:db8:1:1::101
+  std comms:
+  ext comms:
+  lrg comms: 999:65530:0
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+3101:0:4::/48, AS_PATH: 1 101, NEXT_HOP: 2001:db8:1:1::11, via 2001:db8:1:1::2
+  std comms: 888:0
+  ext comms:
+  lrg comms:
+  best: False, LOCAL_PREF: 100
+  filtered: False ()
+
+3101:0:4::/48, AS_PATH: 101, NEXT_HOP: 2001:db8:1:1::101, via 2001:db8:1:1::101
+  std comms: 888:0
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+3101:0:5::/48, AS_PATH: 1 101, NEXT_HOP: 2001:db8:1:1::11, via 2001:db8:1:1::2
+  std comms:
+  ext comms:
+  lrg comms: 888:0:0
+  best: False, LOCAL_PREF: 100
+  filtered: False ()
+
+3101:0:5::/48, AS_PATH: 101, NEXT_HOP: 2001:db8:1:1::101, via 2001:db8:1:1::101
+  std comms:
+  ext comms:
+  lrg comms: 888:0:0
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+3101:0:6::/48, AS_PATH: 1 101, NEXT_HOP: 2001:db8:1:1::11, via 2001:db8:1:1::2
+  std comms: 777:0
+  ext comms:
+  lrg comms: 777:0:0
+  best: False, LOCAL_PREF: 100
+  filtered: False ()
+
+3101:0:6::/48, AS_PATH: 101, NEXT_HOP: 2001:db8:1:1::101, via 2001:db8:1:1::101
+  std comms: 65530:1, 777:0
+  ext comms:
+  lrg comms: 777:0:0, 999:65530:1
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+3101:0:7::/48, AS_PATH: 101 174, NEXT_HOP: 2001:db8:1:1::101, via 2001:db8:1:1::101
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+3101:0:8000::/48, AS_PATH: 101, NEXT_HOP: 2001:db8:1:1::101, via 2001:db8:1:1::101
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+3101:0:8000::1/128, AS_PATH: 1 101, NEXT_HOP: 2001:db8:1:1::66, via 2001:db8:1:1::2
+  std comms: 65530:4, 65535:65281, 65535:666
+  ext comms:
+  lrg comms: 999:65530:4
+  best: False, LOCAL_PREF: 100
+  filtered: False ()
+
+3101:0:8000::1/128, AS_PATH: 101, NEXT_HOP: 2001:db8:1:1::101, via 2001:db8:1:1::101
+  std comms: 65535:666
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+3101:0:8::/48, AS_PATH: 1 101, NEXT_HOP: 2001:db8:1:1::11, via 2001:db8:1:1::2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: False, LOCAL_PREF: 100
+  filtered: False ()
+
+3101:0:8::/48, AS_PATH: 101, NEXT_HOP: 2001:db8:1:1::101, via 2001:db8:1:1::101
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+3101:0:9::/48, AS_PATH: 101, NEXT_HOP: 2001:db8:1:1::101, via 2001:db8:1:1::101
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+3101:1::/48, AS_PATH: 101, NEXT_HOP: 2001:db8:1:1::101, via 2001:db8:1:1::101
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+3101:2:4000::/34, AS_PATH: 101, NEXT_HOP: 2001:db8:1:1::101, via 2001:db8:1:1::101
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+3101:2:8000::/48, AS_PATH: 1 101, NEXT_HOP: 2001:db8:1:1::11, via 2001:db8:1:1::2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: False, LOCAL_PREF: 100
+  filtered: False ()
+
+3101:2:8000::/48, AS_PATH: 101, NEXT_HOP: 2001:db8:1:1::101, via 2001:db8:1:1::101
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+3101:2::/33, AS_PATH: 1 101, NEXT_HOP: 2001:db8:1:1::11, via 2001:db8:1:1::2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: False, LOCAL_PREF: 100
+  filtered: False ()
+
+3101:2::/33, AS_PATH: 101, NEXT_HOP: 2001:db8:1:1::101, via 2001:db8:1:1::101
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+3101:3:1::/48, AS_PATH: 101 105, NEXT_HOP: 2001:db8:1:1::101, via 2001:db8:1:1::101
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+3102:0:1::/48, AS_PATH: 101 102, NEXT_HOP: 2001:db8:1:1::101, via 2001:db8:1:1::101
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+3103:0:1::/48, AS_PATH: 101 101 103, NEXT_HOP: 2001:db8:1:1::101, via 2001:db8:1:1::101
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+3103:0:2::/48, AS_PATH: 101 103, NEXT_HOP: 2001:db8:1:1::101, via 2001:db8:1:1::101
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+3104:0:1::/48, AS_PATH: 101 104, NEXT_HOP: 2001:db8:1:1::101, via 2001:db8:1:1::101
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+3104:1:1::/48, AS_PATH: 101 104, NEXT_HOP: 2001:db8:1:1::101, via 2001:db8:1:1::101
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+8000:1::/32, AS_PATH: 101, NEXT_HOP: 2001:db8:1:1::101, via 2001:db8:1:1::101
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
diff --git a/tests/live_tests/scenarios/tag_reject_policy/routes/TagRejectPolicyScenario_OpenBGPDIPv4/openbgpd77p/AS3.txt b/tests/live_tests/scenarios/tag_reject_policy/routes/TagRejectPolicyScenario_OpenBGPDIPv4/openbgpd77p/AS3.txt
new file mode 100644
index 00000000..43cf4811
--- /dev/null
+++ b/tests/live_tests/scenarios/tag_reject_policy/routes/TagRejectPolicyScenario_OpenBGPDIPv4/openbgpd77p/AS3.txt
@@ -0,0 +1,238 @@
+2a01:0:1::/48, AS_PATH: 999 1, NEXT_HOP: 2001:db8:1:1::11, via 2001:db8:1:1::2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 101
+  filtered: False ()
+
+2a01:0:1::/48, AS_PATH: 999 1, NEXT_HOP: 2001:db8:1:1::12, via 2001:db8:1:1::2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: False, LOCAL_PREF: 101
+  filtered: False ()
+
+2a01:0:2::/48, AS_PATH: 999 1, NEXT_HOP: 2001:db8:1:1::11, via 2001:db8:1:1::2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 101
+  filtered: False ()
+
+2a01:0:2::/48, AS_PATH: 999 1, NEXT_HOP: 2001:db8:1:1::12, via 2001:db8:1:1::2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: False, LOCAL_PREF: 101
+  filtered: False ()
+
+2a01:0:3::/48, AS_PATH: 999 1, NEXT_HOP: 2001:db8:1:1::11, via 2001:db8:1:1::2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 101
+  filtered: False ()
+
+2a02:0:1::/48, AS_PATH: 999 2, NEXT_HOP: 2001:db8:1:1::21, via 2001:db8:1:1::2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a02:0:2::/48, AS_PATH: 999 2, NEXT_HOP: 2001:db8:1:1::21, via 2001:db8:1:1::2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a02:0:3::1/128, AS_PATH: 999 2, NEXT_HOP: 2001:db8:1:1::66, via 2001:db8:1:1::2
+  std comms: 65530:4, 65535:65281, 65535:666
+  ext comms:
+  lrg comms: 999:65530:4
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a02:0:3::2/128, AS_PATH: 999 2, NEXT_HOP: 2001:db8:1:1::66, via 2001:db8:1:1::2
+  std comms: 65530:4, 65535:65281, 65535:666
+  ext comms:
+  lrg comms: 999:65530:4
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a02:0:3::3/128, AS_PATH: 999 2, NEXT_HOP: 2001:db8:1:1::66, via 2001:db8:1:1::2
+  std comms: 65530:4, 65535:65281, 65535:666
+  ext comms:
+  lrg comms: 999:65530:4
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a02:0:4::/48, AS_PATH: 999 2, NEXT_HOP: 2001:db8:1:1::22, via 2001:db8:1:1::2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a11:1:1::/48, AS_PATH: 999 1 1011, NEXT_HOP: 2001:db8:1:1::11, via 2001:db8:1:1::2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 101
+  filtered: False ()
+
+2a11:3::/32, AS_PATH: 999 1 1011, NEXT_HOP: 2001:db8:1:1::11, via 2001:db8:1:1::2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 101
+  filtered: False ()
+
+2a11:4:1::/48, AS_PATH: 999 1 1000, NEXT_HOP: 2001:db8:1:1::11, via 2001:db8:1:1::2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 101
+  filtered: False ()
+
+3101:0:1::/48, AS_PATH: 999 1 101, NEXT_HOP: 2001:db8:1:1::11, via 2001:db8:1:1::2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 101
+  filtered: False ()
+
+3101:0:1::/48, AS_PATH: 999 2 101, NEXT_HOP: 2001:db8:1:1::21, via 2001:db8:1:1::2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: False, LOCAL_PREF: 100
+  filtered: False ()
+
+3101:0:2::/48, AS_PATH: 999 1 101, NEXT_HOP: 2001:db8:1:1::11, via 2001:db8:1:1::2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 101
+  filtered: False ()
+
+3101:0:2::/48, AS_PATH: 999 2 101, NEXT_HOP: 2001:db8:1:1::21, via 2001:db8:1:1::2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: False, LOCAL_PREF: 100
+  filtered: False ()
+
+3101:0:3::/48, AS_PATH: 999 1 101, NEXT_HOP: 2001:db8:1:1::11, via 2001:db8:1:1::2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 101
+  filtered: False ()
+
+3101:0:3::/48, AS_PATH: 999 2 101, NEXT_HOP: 2001:db8:1:1::21, via 2001:db8:1:1::2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: False, LOCAL_PREF: 100
+  filtered: False ()
+
+3101:0:4::/48, AS_PATH: 999 1 101, NEXT_HOP: 2001:db8:1:1::11, via 2001:db8:1:1::2
+  std comms: 888:0
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 101
+  filtered: False ()
+
+3101:0:4::/48, AS_PATH: 999 2 101, NEXT_HOP: 2001:db8:1:1::21, via 2001:db8:1:1::2
+  std comms: 888:0
+  ext comms:
+  lrg comms:
+  best: False, LOCAL_PREF: 100
+  filtered: False ()
+
+3101:0:5::/48, AS_PATH: 999 1 101, NEXT_HOP: 2001:db8:1:1::11, via 2001:db8:1:1::2
+  std comms:
+  ext comms:
+  lrg comms: 888:0:0
+  best: True, LOCAL_PREF: 101
+  filtered: False ()
+
+3101:0:5::/48, AS_PATH: 999 2 101, NEXT_HOP: 2001:db8:1:1::21, via 2001:db8:1:1::2
+  std comms:
+  ext comms:
+  lrg comms: 888:0:0
+  best: False, LOCAL_PREF: 100
+  filtered: False ()
+
+3101:0:6::/48, AS_PATH: 999 1 101, NEXT_HOP: 2001:db8:1:1::11, via 2001:db8:1:1::2
+  std comms: 777:0
+  ext comms:
+  lrg comms: 777:0:0
+  best: True, LOCAL_PREF: 101
+  filtered: False ()
+
+3101:0:6::/48, AS_PATH: 999 2 101, NEXT_HOP: 2001:db8:1:1::21, via 2001:db8:1:1::2
+  std comms: 777:0
+  ext comms:
+  lrg comms: 777:0:0
+  best: False, LOCAL_PREF: 100
+  filtered: False ()
+
+3101:0:8000::1/128, AS_PATH: 999 1 101, NEXT_HOP: 2001:db8:1:1::66, via 2001:db8:1:1::2
+  std comms: 65530:4, 65535:65281, 65535:666
+  ext comms:
+  lrg comms: 999:65530:4
+  best: True, LOCAL_PREF: 101
+  filtered: False ()
+
+3101:0:8000::1/128, AS_PATH: 999 2 101, NEXT_HOP: 2001:db8:1:1::66, via 2001:db8:1:1::2
+  std comms: 65530:4, 65535:65281, 65535:666
+  ext comms:
+  lrg comms: 999:65530:4
+  best: False, LOCAL_PREF: 100
+  filtered: False ()
+
+3101:0:8::/48, AS_PATH: 999 1 101, NEXT_HOP: 2001:db8:1:1::11, via 2001:db8:1:1::2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 101
+  filtered: False ()
+
+3101:0:8::/48, AS_PATH: 999 2 101, NEXT_HOP: 2001:db8:1:1::21, via 2001:db8:1:1::2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: False, LOCAL_PREF: 100
+  filtered: False ()
+
+3101:2:8000::/48, AS_PATH: 999 1 101, NEXT_HOP: 2001:db8:1:1::11, via 2001:db8:1:1::2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 101
+  filtered: False ()
+
+3101:2:8000::/48, AS_PATH: 999 2 101, NEXT_HOP: 2001:db8:1:1::21, via 2001:db8:1:1::2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: False, LOCAL_PREF: 100
+  filtered: False ()
+
+3101:2::/33, AS_PATH: 999 1 101, NEXT_HOP: 2001:db8:1:1::11, via 2001:db8:1:1::2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: True, LOCAL_PREF: 101
+  filtered: False ()
+
+3101:2::/33, AS_PATH: 999 2 101, NEXT_HOP: 2001:db8:1:1::21, via 2001:db8:1:1::2
+  std comms:
+  ext comms:
+  lrg comms:
+  best: False, LOCAL_PREF: 100
+  filtered: False ()
+
diff --git a/tests/live_tests/scenarios/tag_reject_policy/routes/TagRejectPolicyScenario_OpenBGPDIPv4/openbgpd77p/rc.txt b/tests/live_tests/scenarios/tag_reject_policy/routes/TagRejectPolicyScenario_OpenBGPDIPv4/openbgpd77p/rc.txt
new file mode 100644
index 00000000..df8ece37
--- /dev/null
+++ b/tests/live_tests/scenarios/tag_reject_policy/routes/TagRejectPolicyScenario_OpenBGPDIPv4/openbgpd77p/rc.txt
@@ -0,0 +1,259 @@
+2001::/48, AS_PATH: 1, NEXT_HOP: 2001:db8:1:1::11, via 2001:db8:1:1::2
+  std comms: 65520:0, 65520:2
+  ext comms: rt:65520:1
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2001:db8:1::/48, AS_PATH: 1, NEXT_HOP: 2001:db8:1:1::11, via 2001:db8:1:1::2
+  std comms: 65520:0, 65520:3
+  ext comms: rt:65520:1
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a02:0:5::/48, AS_PATH: 2, NEXT_HOP: 2001:db8:1:1::23, via 2001:db8:1:1::2
+  std comms: 65520:0, 65520:5
+  ext comms: rt:65520:2
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a03:0:1::/48, AS_PATH: 3, NEXT_HOP: 2001:db8:1:1::31, via 2001:db8:1:1::2
+  std comms: 65520:0, 65520:11
+  ext comms: rt:65520:3
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a03:0:e::/48, AS_PATH: 3 174 33, NEXT_HOP: 2001:db8:1:1::31, via 2001:db8:1:1::2
+  std comms: 65520:0, 65520:8
+  ext comms: rt:65520:3
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a11:1:2::/48, AS_PATH: 1 1000, NEXT_HOP: 2001:db8:1:1::11, via 2001:db8:1:1::2
+  std comms: 65520:0, 65520:9
+  ext comms: rt:65520:1
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a11:2:1::/48, AS_PATH: 1 1011, NEXT_HOP: 2001:db8:1:1::11, via 2001:db8:1:1::2
+  std comms: 65520:0, 65520:12
+  ext comms: rt:65520:1
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a11:3:1::/48, AS_PATH: 1 1011, NEXT_HOP: 2001:db8:1:1::11, via 2001:db8:1:1::2
+  std comms: 65520:0, 65520:12
+  ext comms: rt:65520:1
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a99:1::/48, AS_PATH: 1 65536 1, NEXT_HOP: 2001:db8:1:1::11, via 2001:db8:1:1::2
+  std comms: 65520:0, 65520:7
+  ext comms: rt:65520:1
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a99:2::/48, AS_PATH: 1 2 2 2 2 2 2 1, NEXT_HOP: 2001:db8:1:1::11, via 2001:db8:1:1::2
+  std comms: 65520:0, 65520:1
+  ext comms: rt:65520:1
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a99::/16, AS_PATH: 1, NEXT_HOP: 2001:db8:1:1::11, via 2001:db8:1:1::2
+  std comms: 65520:0, 65520:13
+  ext comms: rt:65520:1
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a99::/32, AS_PATH: 2 1, NEXT_HOP: 2001:db8:1:1::11, via 2001:db8:1:1::2
+  std comms: 65520:0, 65520:6
+  ext comms: rt:65520:1
+  lrg comms: 999:1101:7
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+3101:0:10::/48, AS_PATH: 1 101 666, NEXT_HOP: 2001:db8:1:1::11, via 2001:db8:1:1::2
+  std comms: 65520:0, 65520:15
+  ext comms: rt:65520:1
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+3101:0:11::/48, AS_PATH: 1 101 777, NEXT_HOP: 2001:db8:1:1::11, via 2001:db8:1:1::2
+  std comms: 65520:0, 65520:15
+  ext comms: rt:65520:1
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+3101:0:1::/48, AS_PATH: 1 101, NEXT_HOP: 2001:db8:1:1::101, via 2001:db8:1:1::2
+  std comms: 65520:0, 65520:5
+  ext comms: rt:65520:1
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+3101:0:2::/48, AS_PATH: 1 101, NEXT_HOP: 2001:db8:1:1::101, via 2001:db8:1:1::2
+  std comms: 65520:0, 65520:5
+  ext comms: rt:65520:1
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+3101:0:3::/48, AS_PATH: 1 101, NEXT_HOP: 2001:db8:1:1::101, via 2001:db8:1:1::2
+  std comms: 65520:0, 65520:5
+  ext comms: rt:65520:1
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+3101:0:4::/48, AS_PATH: 1 101, NEXT_HOP: 2001:db8:1:1::101, via 2001:db8:1:1::2
+  std comms: 65520:0, 65520:5, 888:0
+  ext comms: rt:65520:1
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+3101:0:5::/48, AS_PATH: 1 101, NEXT_HOP: 2001:db8:1:1::101, via 2001:db8:1:1::2
+  std comms: 65520:0, 65520:5
+  ext comms: rt:65520:1
+  lrg comms: 888:0:0
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+3101:0:6::/48, AS_PATH: 1 101, NEXT_HOP: 2001:db8:1:1::101, via 2001:db8:1:1::2
+  std comms: 65520:0, 65520:5, 777:0
+  ext comms: rt:65520:1
+  lrg comms: 777:0:0
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+3101:0:7::/48, AS_PATH: 1 101 174, NEXT_HOP: 2001:db8:1:1::11, via 2001:db8:1:1::2
+  std comms: 65520:0, 65520:8
+  ext comms: rt:65520:1
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+3101:0:8000::/48, AS_PATH: 1 101, NEXT_HOP: 2001:db8:1:1::11, via 2001:db8:1:1::2
+  std comms: 65520:0, 65520:14
+  ext comms: rt:65520:1
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+3101:0:8000::1/128, AS_PATH: 1 101, NEXT_HOP: 2001:db8:1:1::101, via 2001:db8:1:1::2
+  std comms: 65520:0, 65520:5, 65535:666
+  ext comms: rt:65520:1
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+3101:0:8::/48, AS_PATH: 1 101, NEXT_HOP: 2001:db8:1:1::101, via 2001:db8:1:1::2
+  std comms: 65520:0, 65520:5
+  ext comms: rt:65520:1
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+3101:0:9::/48, AS_PATH: 1 101, NEXT_HOP: 2001:db8:1:1::11, via 2001:db8:1:1::2
+  std comms: 65520:0, 65520:14
+  ext comms: rt:65520:1
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+3101:1::/48, AS_PATH: 1 101, NEXT_HOP: 2001:db8:1:1::11, via 2001:db8:1:1::2
+  std comms: 65520:0, 65520:12
+  ext comms: rt:65520:1
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+3101:2:4000::/34, AS_PATH: 1 101, NEXT_HOP: 2001:db8:1:1::11, via 2001:db8:1:1::2
+  std comms: 65520:0, 65520:12
+  ext comms: rt:65520:1
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+3101:2:8000::/48, AS_PATH: 1 101, NEXT_HOP: 2001:db8:1:1::101, via 2001:db8:1:1::2
+  std comms: 65520:0, 65520:5
+  ext comms: rt:65520:1
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+3101:2::/33, AS_PATH: 1 101, NEXT_HOP: 2001:db8:1:1::101, via 2001:db8:1:1::2
+  std comms: 65520:0, 65520:5
+  ext comms: rt:65520:1
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+3101:3:1::/48, AS_PATH: 1 101 105, NEXT_HOP: 2001:db8:1:1::11, via 2001:db8:1:1::2
+  std comms: 65520:0, 65520:9
+  ext comms: rt:65520:1
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+3102:0:1::/48, AS_PATH: 1 101 102, NEXT_HOP: 2001:db8:1:1::11, via 2001:db8:1:1::2
+  std comms: 65520:0, 65520:9
+  ext comms: rt:65520:1
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+3103:0:1::/48, AS_PATH: 1 101 103, NEXT_HOP: 2001:db8:1:1::11, via 2001:db8:1:1::2
+  std comms: 65520:0, 65520:9, 65535:0
+  ext comms: rt:65520:1
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+3103:0:2::/48, AS_PATH: 2 101 103, NEXT_HOP: 2001:db8:1:1::21, via 2001:db8:1:1::2
+  std comms: 65520:0, 65520:9, 65535:0
+  ext comms: rt:65520:2
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+3104:0:1::/48, AS_PATH: 1 101 104, NEXT_HOP: 2001:db8:1:1::11, via 2001:db8:1:1::2
+  std comms: 65520:0, 65520:9
+  ext comms: rt:65520:1
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+3104:1:1::/48, AS_PATH: 1 101 104, NEXT_HOP: 2001:db8:1:1::11, via 2001:db8:1:1::2
+  std comms: 65520:0, 65520:9
+  ext comms: rt:65520:1
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+8000:1::/32, AS_PATH: 1 101, NEXT_HOP: 2001:db8:1:1::11, via 2001:db8:1:1::2
+  std comms: 65520:0, 65520:10
+  ext comms: rt:65520:1
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+::/0, AS_PATH: 3, NEXT_HOP: 2001:db8:1:1::31, via 2001:db8:1:1::2
+  std comms: 65520:0, 65520:10
+  ext comms: rt:65520:3
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
diff --git a/tests/live_tests/scenarios/tag_reject_policy/routes/TagRejectPolicyScenario_OpenBGPDIPv4/openbgpd77p/rs.txt b/tests/live_tests/scenarios/tag_reject_policy/routes/TagRejectPolicyScenario_OpenBGPDIPv4/openbgpd77p/rs.txt
new file mode 100644
index 00000000..a5b956f1
--- /dev/null
+++ b/tests/live_tests/scenarios/tag_reject_policy/routes/TagRejectPolicyScenario_OpenBGPDIPv4/openbgpd77p/rs.txt
@@ -0,0 +1,777 @@
+2001::/48, AS_PATH: 1, NEXT_HOP: 2001:db8:1:1::11, via 2001:db8:1:1::11
+  std comms: 65520:0, 65520:2
+  ext comms: rfc8097-not-found, rt:65520:1
+  lrg comms:
+  best: True, LOCAL_PREF: 1
+  filtered: False ()
+
+2001:db8:1::/48, AS_PATH: 1, NEXT_HOP: 2001:db8:1:1::11, via 2001:db8:1:1::11
+  std comms: 65520:0, 65520:3
+  ext comms: rfc8097-not-found, rt:65520:1
+  lrg comms:
+  best: True, LOCAL_PREF: 1
+  filtered: False ()
+
+2a01:0:1::/48, AS_PATH: 1, NEXT_HOP: 2001:db8:1:1::11, via 2001:db8:1:1::11
+  std comms:
+  ext comms: rfc8097-not-found
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a01:0:1::/48, AS_PATH: 1, NEXT_HOP: 2001:db8:1:1::12, via 2001:db8:1:1::12
+  std comms:
+  ext comms: rfc8097-not-found
+  lrg comms:
+  best: False, LOCAL_PREF: 100
+  filtered: False ()
+
+2a01:0:2::/48, AS_PATH: 1, NEXT_HOP: 2001:db8:1:1::11, via 2001:db8:1:1::11
+  std comms:
+  ext comms: rfc8097-not-found
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a01:0:2::/48, AS_PATH: 1, NEXT_HOP: 2001:db8:1:1::12, via 2001:db8:1:1::12
+  std comms:
+  ext comms: rfc8097-not-found
+  lrg comms:
+  best: False, LOCAL_PREF: 100
+  filtered: False ()
+
+2a01:0:3::/48, AS_PATH: 1, NEXT_HOP: 2001:db8:1:1::11, via 2001:db8:1:1::12
+  std comms:
+  ext comms: rfc8097-not-found
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a02:0:1::/48, AS_PATH: 2, NEXT_HOP: 2001:db8:1:1::21, via 2001:db8:1:1::21
+  std comms:
+  ext comms: rfc8097-not-found
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a02:0:2::/48, AS_PATH: 2, NEXT_HOP: 2001:db8:1:1::21, via 2001:db8:1:1::21
+  std comms:
+  ext comms: rfc8097-not-found
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a02:0:3::1/128, AS_PATH: 2, NEXT_HOP: 2001:db8:1:1::21, via 2001:db8:1:1::21
+  std comms: 65530:4, 65535:666
+  ext comms: rfc8097-not-found
+  lrg comms: 999:65530:4
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a02:0:3::2/128, AS_PATH: 2, NEXT_HOP: 2001:db8:1:1::21, via 2001:db8:1:1::21
+  std comms: 65530:4, 65534:0
+  ext comms: rfc8097-not-found
+  lrg comms: 999:65530:4
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a02:0:3::3/128, AS_PATH: 2, NEXT_HOP: 2001:db8:1:1::21, via 2001:db8:1:1::21
+  std comms: 65530:4
+  ext comms: rfc8097-not-found
+  lrg comms: 65534:0:0, 999:65530:4
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a02:0:4::/48, AS_PATH: 2, NEXT_HOP: 2001:db8:1:1::22, via 2001:db8:1:1::21
+  std comms:
+  ext comms: rfc8097-not-found
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a02:0:5::/48, AS_PATH: 2, NEXT_HOP: 2001:db8:1:1::23, via 2001:db8:1:1::21
+  std comms: 65520:0, 65520:5
+  ext comms: rfc8097-not-found, rt:65520:2
+  lrg comms:
+  best: True, LOCAL_PREF: 1
+  filtered: False ()
+
+2a03:0:1::/48, AS_PATH: 3, NEXT_HOP: 2001:db8:1:1::31, via 2001:db8:1:1::31
+  std comms: 65520:0, 65520:11
+  ext comms: rfc8097-not-found, rt:65520:3
+  lrg comms:
+  best: True, LOCAL_PREF: 1
+  filtered: False ()
+
+2a03:0:2::/48, AS_PATH: 3, NEXT_HOP: 2001:db8:1:1::31, via 2001:db8:1:1::31
+  std comms: 0:999, 65501:1
+  ext comms: rfc8097-not-found
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a03:0:3::/48, AS_PATH: 3, NEXT_HOP: 2001:db8:1:1::31, via 2001:db8:1:1::31
+  std comms: 0:1
+  ext comms: rfc8097-not-found
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a03:0:4::/48, AS_PATH: 3, NEXT_HOP: 2001:db8:1:1::31, via 2001:db8:1:1::31
+  std comms: 0:999
+  ext comms: rfc8097-not-found
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a03:0:5::/48, AS_PATH: 3, NEXT_HOP: 2001:db8:1:1::31, via 2001:db8:1:1::31
+  std comms: 65521:65521
+  ext comms: rfc8097-not-found
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a03:0:6::/48, AS_PATH: 3, NEXT_HOP: 2001:db8:1:1::31, via 2001:db8:1:1::31
+  std comms: 65522:65522
+  ext comms: rfc8097-not-found
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a03:0:7::/48, AS_PATH: 3, NEXT_HOP: 2001:db8:1:1::31, via 2001:db8:1:1::31
+  std comms: 65523:65523
+  ext comms: rfc8097-not-found
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a03:0:8::/48, AS_PATH: 3, NEXT_HOP: 2001:db8:1:1::31, via 2001:db8:1:1::31
+  std comms: 65521:1
+  ext comms: rfc8097-not-found
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a03:0:9::/48, AS_PATH: 3, NEXT_HOP: 2001:db8:1:1::31, via 2001:db8:1:1::31
+  std comms: 65522:2
+  ext comms: rfc8097-not-found
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a03:0:a::/48, AS_PATH: 3, NEXT_HOP: 2001:db8:1:1::31, via 2001:db8:1:1::31
+  std comms: 65521:65521, 65523:1
+  ext comms: rfc8097-not-found
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a03:0:b::/48, AS_PATH: 3, NEXT_HOP: 2001:db8:1:1::31, via 2001:db8:1:1::31
+  std comms: 65507:999
+  ext comms: rfc8097-not-found
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a03:0:c::/48, AS_PATH: 3, NEXT_HOP: 2001:db8:1:1::31, via 2001:db8:1:1::31
+  std comms: 65509:1, 65523:2
+  ext comms: rfc8097-not-found
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a03:0:d::/48, AS_PATH: 3, NEXT_HOP: 2001:db8:1:1::31, via 2001:db8:1:1::31
+  std comms:
+  ext comms: rfc8097-not-found, soo:65535:65281
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a03:0:e::/48, AS_PATH: 3 174 33, NEXT_HOP: 2001:db8:1:1::31, via 2001:db8:1:1::31
+  std comms: 65520:0, 65520:8
+  ext comms: rfc8097-not-found, rt:65520:3
+  lrg comms:
+  best: True, LOCAL_PREF: 1
+  filtered: False ()
+
+2a11:1:1::/48, AS_PATH: 1 1011, NEXT_HOP: 2001:db8:1:1::11, via 2001:db8:1:1::11
+  std comms:
+  ext comms: rfc8097-not-found
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a11:1:2::/48, AS_PATH: 1 1000, NEXT_HOP: 2001:db8:1:1::11, via 2001:db8:1:1::11
+  std comms: 65520:0, 65520:9
+  ext comms: rfc8097-not-found, rt:65520:1
+  lrg comms:
+  best: True, LOCAL_PREF: 1
+  filtered: False ()
+
+2a11:2:1::/48, AS_PATH: 1 1011, NEXT_HOP: 2001:db8:1:1::11, via 2001:db8:1:1::11
+  std comms: 65520:0, 65520:12
+  ext comms: rfc8097-not-found, rt:65520:1
+  lrg comms:
+  best: True, LOCAL_PREF: 1
+  filtered: False ()
+
+2a11:3:1::/48, AS_PATH: 1 1011, NEXT_HOP: 2001:db8:1:1::11, via 2001:db8:1:1::11
+  std comms: 65520:0, 65520:12
+  ext comms: rfc8097-not-found, rt:65520:1
+  lrg comms:
+  best: True, LOCAL_PREF: 1
+  filtered: False ()
+
+2a11:3::/32, AS_PATH: 1 1011, NEXT_HOP: 2001:db8:1:1::11, via 2001:db8:1:1::11
+  std comms:
+  ext comms: rfc8097-not-found
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a11:4:1::/48, AS_PATH: 1 1000, NEXT_HOP: 2001:db8:1:1::11, via 2001:db8:1:1::11
+  std comms:
+  ext comms: rfc8097-not-found
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+2a99:1::/48, AS_PATH: 1 65536 1, NEXT_HOP: 2001:db8:1:1::11, via 2001:db8:1:1::11
+  std comms: 65520:0, 65520:7
+  ext comms: rfc8097-not-found, rt:65520:1
+  lrg comms:
+  best: True, LOCAL_PREF: 1
+  filtered: False ()
+
+2a99:2::/48, AS_PATH: 1 2 2 2 2 2 2 1, NEXT_HOP: 2001:db8:1:1::11, via 2001:db8:1:1::11
+  std comms: 65520:0, 65520:1
+  ext comms: rfc8097-not-found, rt:65520:1
+  lrg comms:
+  best: True, LOCAL_PREF: 1
+  filtered: False ()
+
+2a99::/16, AS_PATH: 1, NEXT_HOP: 2001:db8:1:1::11, via 2001:db8:1:1::11
+  std comms: 65520:0, 65520:13
+  ext comms: rfc8097-not-found, rt:65520:1
+  lrg comms:
+  best: True, LOCAL_PREF: 1
+  filtered: False ()
+
+2a99::/32, AS_PATH: 2 1, NEXT_HOP: 2001:db8:1:1::11, via 2001:db8:1:1::11
+  std comms: 65520:0, 65520:6
+  ext comms: rfc8097-not-found, rt:65520:1
+  lrg comms: 999:1101:7
+  best: True, LOCAL_PREF: 1
+  filtered: False ()
+
+3101:0:10::/48, AS_PATH: 1 101 666, NEXT_HOP: 2001:db8:1:1::101, via 2001:db8:1:1::12
+  std comms: 65520:0, 65520:5
+  ext comms: rfc8097-not-found, rt:65520:1
+  lrg comms:
+  best: False, LOCAL_PREF: 1
+  filtered: False ()
+
+3101:0:10::/48, AS_PATH: 1 101 666, NEXT_HOP: 2001:db8:1:1::11, via 2001:db8:1:1::11
+  std comms: 65520:0, 65520:15
+  ext comms: rfc8097-not-found, rt:65520:1
+  lrg comms:
+  best: True, LOCAL_PREF: 1
+  filtered: False ()
+
+3101:0:10::/48, AS_PATH: 2 101 666, NEXT_HOP: 2001:db8:1:1::21, via 2001:db8:1:1::21
+  std comms: 65520:0, 65520:15
+  ext comms: rfc8097-not-found, rt:65520:2
+  lrg comms:
+  best: False, LOCAL_PREF: 1
+  filtered: False ()
+
+3101:0:11::/48, AS_PATH: 1 101 777, NEXT_HOP: 2001:db8:1:1::101, via 2001:db8:1:1::12
+  std comms: 65520:0, 65520:5
+  ext comms: rfc8097-not-found, rt:65520:1
+  lrg comms:
+  best: False, LOCAL_PREF: 1
+  filtered: False ()
+
+3101:0:11::/48, AS_PATH: 1 101 777, NEXT_HOP: 2001:db8:1:1::11, via 2001:db8:1:1::11
+  std comms: 65520:0, 65520:15
+  ext comms: rfc8097-not-found, rt:65520:1
+  lrg comms:
+  best: True, LOCAL_PREF: 1
+  filtered: False ()
+
+3101:0:11::/48, AS_PATH: 2 101 777, NEXT_HOP: 2001:db8:1:1::21, via 2001:db8:1:1::21
+  std comms: 65520:0, 65520:15
+  ext comms: rfc8097-not-found, rt:65520:2
+  lrg comms:
+  best: False, LOCAL_PREF: 1
+  filtered: False ()
+
+3101:0:1::/48, AS_PATH: 1 101, NEXT_HOP: 2001:db8:1:1::101, via 2001:db8:1:1::12
+  std comms: 65520:0, 65520:5
+  ext comms: rfc8097-not-found, rt:65520:1
+  lrg comms:
+  best: False, LOCAL_PREF: 1
+  filtered: False ()
+
+3101:0:1::/48, AS_PATH: 1 101, NEXT_HOP: 2001:db8:1:1::11, via 2001:db8:1:1::11
+  std comms:
+  ext comms: rfc8097-not-found
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+3101:0:1::/48, AS_PATH: 2 101, NEXT_HOP: 2001:db8:1:1::21, via 2001:db8:1:1::21
+  std comms:
+  ext comms: rfc8097-not-found
+  lrg comms:
+  best: False, LOCAL_PREF: 100
+  filtered: False ()
+
+3101:0:2::/48, AS_PATH: 1 101, NEXT_HOP: 2001:db8:1:1::101, via 2001:db8:1:1::12
+  std comms: 65520:0, 65520:5
+  ext comms: rfc8097-not-found, rt:65520:1
+  lrg comms:
+  best: False, LOCAL_PREF: 1
+  filtered: False ()
+
+3101:0:2::/48, AS_PATH: 1 101, NEXT_HOP: 2001:db8:1:1::11, via 2001:db8:1:1::11
+  std comms:
+  ext comms: rfc8097-not-found
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+3101:0:2::/48, AS_PATH: 2 101, NEXT_HOP: 2001:db8:1:1::21, via 2001:db8:1:1::21
+  std comms:
+  ext comms: rfc8097-not-found
+  lrg comms:
+  best: False, LOCAL_PREF: 100
+  filtered: False ()
+
+3101:0:3::/48, AS_PATH: 1 101, NEXT_HOP: 2001:db8:1:1::101, via 2001:db8:1:1::12
+  std comms: 65520:0, 65520:5
+  ext comms: rfc8097-not-found, rt:65520:1
+  lrg comms:
+  best: False, LOCAL_PREF: 1
+  filtered: False ()
+
+3101:0:3::/48, AS_PATH: 1 101, NEXT_HOP: 2001:db8:1:1::11, via 2001:db8:1:1::11
+  std comms:
+  ext comms: rfc8097-not-found
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+3101:0:3::/48, AS_PATH: 2 101, NEXT_HOP: 2001:db8:1:1::21, via 2001:db8:1:1::21
+  std comms:
+  ext comms: rfc8097-not-found
+  lrg comms:
+  best: False, LOCAL_PREF: 100
+  filtered: False ()
+
+3101:0:4::/48, AS_PATH: 1 101, NEXT_HOP: 2001:db8:1:1::101, via 2001:db8:1:1::12
+  std comms: 65520:0, 65520:5, 888:0
+  ext comms: rfc8097-not-found, rt:65520:1
+  lrg comms:
+  best: False, LOCAL_PREF: 1
+  filtered: False ()
+
+3101:0:4::/48, AS_PATH: 1 101, NEXT_HOP: 2001:db8:1:1::11, via 2001:db8:1:1::11
+  std comms: 888:0
+  ext comms: rfc8097-not-found
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+3101:0:4::/48, AS_PATH: 2 101, NEXT_HOP: 2001:db8:1:1::21, via 2001:db8:1:1::21
+  std comms: 888:0
+  ext comms: rfc8097-not-found
+  lrg comms:
+  best: False, LOCAL_PREF: 100
+  filtered: False ()
+
+3101:0:5::/48, AS_PATH: 1 101, NEXT_HOP: 2001:db8:1:1::101, via 2001:db8:1:1::12
+  std comms: 65520:0, 65520:5
+  ext comms: rfc8097-not-found, rt:65520:1
+  lrg comms: 888:0:0
+  best: False, LOCAL_PREF: 1
+  filtered: False ()
+
+3101:0:5::/48, AS_PATH: 1 101, NEXT_HOP: 2001:db8:1:1::11, via 2001:db8:1:1::11
+  std comms:
+  ext comms: rfc8097-not-found
+  lrg comms: 888:0:0
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+3101:0:5::/48, AS_PATH: 2 101, NEXT_HOP: 2001:db8:1:1::21, via 2001:db8:1:1::21
+  std comms:
+  ext comms: rfc8097-not-found
+  lrg comms: 888:0:0
+  best: False, LOCAL_PREF: 100
+  filtered: False ()
+
+3101:0:6::/48, AS_PATH: 1 101, NEXT_HOP: 2001:db8:1:1::101, via 2001:db8:1:1::12
+  std comms: 65520:0, 65520:5, 777:0
+  ext comms: rfc8097-not-found, rt:65520:1
+  lrg comms: 777:0:0
+  best: False, LOCAL_PREF: 1
+  filtered: False ()
+
+3101:0:6::/48, AS_PATH: 1 101, NEXT_HOP: 2001:db8:1:1::11, via 2001:db8:1:1::11
+  std comms: 777:0
+  ext comms: rfc8097-not-found
+  lrg comms: 777:0:0
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+3101:0:6::/48, AS_PATH: 2 101, NEXT_HOP: 2001:db8:1:1::21, via 2001:db8:1:1::21
+  std comms: 777:0
+  ext comms: rfc8097-not-found
+  lrg comms: 777:0:0
+  best: False, LOCAL_PREF: 100
+  filtered: False ()
+
+3101:0:7::/48, AS_PATH: 1 101 174, NEXT_HOP: 2001:db8:1:1::101, via 2001:db8:1:1::12
+  std comms: 65520:0, 65520:5
+  ext comms: rfc8097-not-found, rt:65520:1
+  lrg comms:
+  best: False, LOCAL_PREF: 1
+  filtered: False ()
+
+3101:0:7::/48, AS_PATH: 1 101 174, NEXT_HOP: 2001:db8:1:1::11, via 2001:db8:1:1::11
+  std comms: 65520:0, 65520:8
+  ext comms: rfc8097-not-found, rt:65520:1
+  lrg comms:
+  best: True, LOCAL_PREF: 1
+  filtered: False ()
+
+3101:0:7::/48, AS_PATH: 2 101 174, NEXT_HOP: 2001:db8:1:1::21, via 2001:db8:1:1::21
+  std comms: 65520:0, 65520:8
+  ext comms: rfc8097-not-found, rt:65520:2
+  lrg comms:
+  best: False, LOCAL_PREF: 1
+  filtered: False ()
+
+3101:0:8000::/48, AS_PATH: 1 101, NEXT_HOP: 2001:db8:1:1::101, via 2001:db8:1:1::12
+  std comms: 65520:0, 65520:5
+  ext comms: rfc8097-invalid, rt:65520:1
+  lrg comms:
+  best: False, LOCAL_PREF: 1
+  filtered: False ()
+
+3101:0:8000::/48, AS_PATH: 1 101, NEXT_HOP: 2001:db8:1:1::11, via 2001:db8:1:1::11
+  std comms: 65520:0, 65520:14
+  ext comms: rfc8097-invalid, rt:65520:1
+  lrg comms:
+  best: True, LOCAL_PREF: 1
+  filtered: False ()
+
+3101:0:8000::/48, AS_PATH: 2 101, NEXT_HOP: 2001:db8:1:1::21, via 2001:db8:1:1::21
+  std comms: 65520:0, 65520:14
+  ext comms: rfc8097-invalid, rt:65520:2
+  lrg comms:
+  best: False, LOCAL_PREF: 1
+  filtered: False ()
+
+3101:0:8000::1/128, AS_PATH: 1 101, NEXT_HOP: 2001:db8:1:1::101, via 2001:db8:1:1::12
+  std comms: 65520:0, 65520:5, 65535:666
+  ext comms: rfc8097-invalid, rt:65520:1
+  lrg comms:
+  best: False, LOCAL_PREF: 1
+  filtered: False ()
+
+3101:0:8000::1/128, AS_PATH: 1 101, NEXT_HOP: 2001:db8:1:1::11, via 2001:db8:1:1::11
+  std comms: 65530:4, 65535:666
+  ext comms: rfc8097-invalid
+  lrg comms: 999:65530:4
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+3101:0:8000::1/128, AS_PATH: 2 101, NEXT_HOP: 2001:db8:1:1::21, via 2001:db8:1:1::21
+  std comms: 65530:4, 65535:666
+  ext comms: rfc8097-invalid
+  lrg comms: 999:65530:4
+  best: False, LOCAL_PREF: 100
+  filtered: False ()
+
+3101:0:8::/48, AS_PATH: 1 101, NEXT_HOP: 2001:db8:1:1::101, via 2001:db8:1:1::12
+  std comms: 65520:0, 65520:5
+  ext comms: rfc8097-valid, rt:65520:1
+  lrg comms:
+  best: False, LOCAL_PREF: 1
+  filtered: False ()
+
+3101:0:8::/48, AS_PATH: 1 101, NEXT_HOP: 2001:db8:1:1::11, via 2001:db8:1:1::11
+  std comms:
+  ext comms: rfc8097-valid
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+3101:0:8::/48, AS_PATH: 2 101, NEXT_HOP: 2001:db8:1:1::21, via 2001:db8:1:1::21
+  std comms:
+  ext comms: rfc8097-valid
+  lrg comms:
+  best: False, LOCAL_PREF: 100
+  filtered: False ()
+
+3101:0:9::/48, AS_PATH: 1 101, NEXT_HOP: 2001:db8:1:1::101, via 2001:db8:1:1::12
+  std comms: 65520:0, 65520:5
+  ext comms: rfc8097-invalid, rt:65520:1
+  lrg comms:
+  best: False, LOCAL_PREF: 1
+  filtered: False ()
+
+3101:0:9::/48, AS_PATH: 1 101, NEXT_HOP: 2001:db8:1:1::11, via 2001:db8:1:1::11
+  std comms: 65520:0, 65520:14
+  ext comms: rfc8097-invalid, rt:65520:1
+  lrg comms:
+  best: True, LOCAL_PREF: 1
+  filtered: False ()
+
+3101:0:9::/48, AS_PATH: 2 101, NEXT_HOP: 2001:db8:1:1::21, via 2001:db8:1:1::21
+  std comms: 65520:0, 65520:14
+  ext comms: rfc8097-invalid, rt:65520:2
+  lrg comms:
+  best: False, LOCAL_PREF: 1
+  filtered: False ()
+
+3101:1::/48, AS_PATH: 1 101, NEXT_HOP: 2001:db8:1:1::101, via 2001:db8:1:1::12
+  std comms: 65520:0, 65520:5
+  ext comms: rfc8097-not-found, rt:65520:1
+  lrg comms:
+  best: False, LOCAL_PREF: 1
+  filtered: False ()
+
+3101:1::/48, AS_PATH: 1 101, NEXT_HOP: 2001:db8:1:1::11, via 2001:db8:1:1::11
+  std comms: 65520:0, 65520:12
+  ext comms: rfc8097-not-found, rt:65520:1
+  lrg comms:
+  best: True, LOCAL_PREF: 1
+  filtered: False ()
+
+3101:1::/48, AS_PATH: 2 101, NEXT_HOP: 2001:db8:1:1::21, via 2001:db8:1:1::21
+  std comms: 65520:0, 65520:12
+  ext comms: rfc8097-not-found, rt:65520:2
+  lrg comms:
+  best: False, LOCAL_PREF: 1
+  filtered: False ()
+
+3101:2:4000::/34, AS_PATH: 1 101, NEXT_HOP: 2001:db8:1:1::101, via 2001:db8:1:1::12
+  std comms: 65520:0, 65520:5
+  ext comms: rfc8097-invalid, rt:65520:1
+  lrg comms:
+  best: False, LOCAL_PREF: 1
+  filtered: False ()
+
+3101:2:4000::/34, AS_PATH: 1 101, NEXT_HOP: 2001:db8:1:1::11, via 2001:db8:1:1::11
+  std comms: 65520:0, 65520:12
+  ext comms: rfc8097-invalid, rt:65520:1
+  lrg comms:
+  best: True, LOCAL_PREF: 1
+  filtered: False ()
+
+3101:2:4000::/34, AS_PATH: 2 101, NEXT_HOP: 2001:db8:1:1::21, via 2001:db8:1:1::21
+  std comms: 65520:0, 65520:12
+  ext comms: rfc8097-invalid, rt:65520:2
+  lrg comms:
+  best: False, LOCAL_PREF: 1
+  filtered: False ()
+
+3101:2:8000::/48, AS_PATH: 1 101, NEXT_HOP: 2001:db8:1:1::101, via 2001:db8:1:1::12
+  std comms: 65520:0, 65520:5
+  ext comms: rfc8097-valid, rt:65520:1
+  lrg comms:
+  best: False, LOCAL_PREF: 1
+  filtered: False ()
+
+3101:2:8000::/48, AS_PATH: 1 101, NEXT_HOP: 2001:db8:1:1::11, via 2001:db8:1:1::11
+  std comms:
+  ext comms: rfc8097-valid
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+3101:2:8000::/48, AS_PATH: 2 101, NEXT_HOP: 2001:db8:1:1::21, via 2001:db8:1:1::21
+  std comms:
+  ext comms: rfc8097-valid
+  lrg comms:
+  best: False, LOCAL_PREF: 100
+  filtered: False ()
+
+3101:2::/33, AS_PATH: 1 101, NEXT_HOP: 2001:db8:1:1::101, via 2001:db8:1:1::12
+  std comms: 65520:0, 65520:5
+  ext comms: rfc8097-valid, rt:65520:1
+  lrg comms:
+  best: False, LOCAL_PREF: 1
+  filtered: False ()
+
+3101:2::/33, AS_PATH: 1 101, NEXT_HOP: 2001:db8:1:1::11, via 2001:db8:1:1::11
+  std comms:
+  ext comms: rfc8097-valid
+  lrg comms:
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
+
+3101:2::/33, AS_PATH: 2 101, NEXT_HOP: 2001:db8:1:1::21, via 2001:db8:1:1::21
+  std comms:
+  ext comms: rfc8097-valid
+  lrg comms:
+  best: False, LOCAL_PREF: 100
+  filtered: False ()
+
+3101:3:1::/48, AS_PATH: 1 101 105, NEXT_HOP: 2001:db8:1:1::101, via 2001:db8:1:1::12
+  std comms: 65520:0, 65520:5
+  ext comms: rfc8097-valid, rt:65520:1
+  lrg comms:
+  best: False, LOCAL_PREF: 1
+  filtered: False ()
+
+3101:3:1::/48, AS_PATH: 1 101 105, NEXT_HOP: 2001:db8:1:1::11, via 2001:db8:1:1::11
+  std comms: 65520:0, 65520:9
+  ext comms: rfc8097-valid, rt:65520:1
+  lrg comms:
+  best: True, LOCAL_PREF: 1
+  filtered: False ()
+
+3101:3:1::/48, AS_PATH: 2 101 105, NEXT_HOP: 2001:db8:1:1::21, via 2001:db8:1:1::21
+  std comms: 65520:0, 65520:9
+  ext comms: rfc8097-valid, rt:65520:2
+  lrg comms:
+  best: False, LOCAL_PREF: 1
+  filtered: False ()
+
+3102:0:1::/48, AS_PATH: 1 101 102, NEXT_HOP: 2001:db8:1:1::101, via 2001:db8:1:1::12
+  std comms: 65520:0, 65520:5
+  ext comms: rfc8097-not-found, rt:65520:1
+  lrg comms:
+  best: False, LOCAL_PREF: 1
+  filtered: False ()
+
+3102:0:1::/48, AS_PATH: 1 101 102, NEXT_HOP: 2001:db8:1:1::11, via 2001:db8:1:1::11
+  std comms: 65520:0, 65520:9
+  ext comms: rfc8097-not-found, rt:65520:1
+  lrg comms:
+  best: True, LOCAL_PREF: 1
+  filtered: False ()
+
+3102:0:1::/48, AS_PATH: 2 101 102, NEXT_HOP: 2001:db8:1:1::21, via 2001:db8:1:1::21
+  std comms: 65520:0, 65520:9
+  ext comms: rfc8097-not-found, rt:65520:2
+  lrg comms:
+  best: False, LOCAL_PREF: 1
+  filtered: False ()
+
+3103:0:1::/48, AS_PATH: 1 101 103, NEXT_HOP: 2001:db8:1:1::101, via 2001:db8:1:1::12
+  std comms: 65520:0, 65520:5, 65535:0
+  ext comms: rfc8097-not-found, rt:65520:1
+  lrg comms:
+  best: False, LOCAL_PREF: 1
+  filtered: False ()
+
+3103:0:1::/48, AS_PATH: 1 101 103, NEXT_HOP: 2001:db8:1:1::11, via 2001:db8:1:1::11
+  std comms: 65520:0, 65520:9, 65535:0
+  ext comms: rfc8097-not-found, rt:65520:1
+  lrg comms:
+  best: True, LOCAL_PREF: 1
+  filtered: False ()
+
+3103:0:1::/48, AS_PATH: 2 101 101 103, NEXT_HOP: 2001:db8:1:1::21, via 2001:db8:1:1::21
+  std comms: 65520:0, 65520:9
+  ext comms: rfc8097-not-found, rt:65520:2
+  lrg comms:
+  best: False, LOCAL_PREF: 1
+  filtered: False ()
+
+3103:0:2::/48, AS_PATH: 1 101 101 103, NEXT_HOP: 2001:db8:1:1::101, via 2001:db8:1:1::12
+  std comms: 65520:0, 65520:5
+  ext comms: rfc8097-not-found, rt:65520:1
+  lrg comms:
+  best: False, LOCAL_PREF: 1
+  filtered: False ()
+
+3103:0:2::/48, AS_PATH: 1 101 101 103, NEXT_HOP: 2001:db8:1:1::11, via 2001:db8:1:1::11
+  std comms: 65520:0, 65520:9
+  ext comms: rfc8097-not-found, rt:65520:1
+  lrg comms:
+  best: False, LOCAL_PREF: 1
+  filtered: False ()
+
+3103:0:2::/48, AS_PATH: 2 101 103, NEXT_HOP: 2001:db8:1:1::21, via 2001:db8:1:1::21
+  std comms: 65520:0, 65520:9, 65535:0
+  ext comms: rfc8097-not-found, rt:65520:2
+  lrg comms:
+  best: True, LOCAL_PREF: 1
+  filtered: False ()
+
+3104:0:1::/48, AS_PATH: 1 101 104, NEXT_HOP: 2001:db8:1:1::101, via 2001:db8:1:1::12
+  std comms: 65520:0, 65520:5
+  ext comms: rfc8097-not-found, rt:65520:1
+  lrg comms:
+  best: False, LOCAL_PREF: 1
+  filtered: False ()
+
+3104:0:1::/48, AS_PATH: 1 101 104, NEXT_HOP: 2001:db8:1:1::11, via 2001:db8:1:1::11
+  std comms: 65520:0, 65520:9
+  ext comms: rfc8097-not-found, rt:65520:1
+  lrg comms:
+  best: True, LOCAL_PREF: 1
+  filtered: False ()
+
+3104:0:1::/48, AS_PATH: 2 101 104, NEXT_HOP: 2001:db8:1:1::21, via 2001:db8:1:1::21
+  std comms: 65520:0, 65520:9
+  ext comms: rfc8097-not-found, rt:65520:2
+  lrg comms:
+  best: False, LOCAL_PREF: 1
+  filtered: False ()
+
+3104:1:1::/48, AS_PATH: 1 101 104, NEXT_HOP: 2001:db8:1:1::101, via 2001:db8:1:1::12
+  std comms: 65520:0, 65520:5
+  ext comms: rfc8097-not-found, rt:65520:1
+  lrg comms:
+  best: False, LOCAL_PREF: 1
+  filtered: False ()
+
+3104:1:1::/48, AS_PATH: 1 101 104, NEXT_HOP: 2001:db8:1:1::11, via 2001:db8:1:1::11
+  std comms: 65520:0, 65520:9
+  ext comms: rfc8097-not-found, rt:65520:1
+  lrg comms:
+  best: True, LOCAL_PREF: 1
+  filtered: False ()
+
+3104:1:1::/48, AS_PATH: 2 101 104, NEXT_HOP: 2001:db8:1:1::21, via 2001:db8:1:1::21
+  std comms: 65520:0, 65520:9
+  ext comms: rfc8097-not-found, rt:65520:2
+  lrg comms:
+  best: False, LOCAL_PREF: 1
+  filtered: False ()
+
+8000:1::/32, AS_PATH: 1 101, NEXT_HOP: 2001:db8:1:1::101, via 2001:db8:1:1::12
+  std comms: 65520:0, 65520:10
+  ext comms: rfc8097-not-found, rt:65520:1
+  lrg comms:
+  best: False, LOCAL_PREF: 1
+  filtered: False ()
+
+8000:1::/32, AS_PATH: 1 101, NEXT_HOP: 2001:db8:1:1::11, via 2001:db8:1:1::11
+  std comms: 65520:0, 65520:10
+  ext comms: rfc8097-not-found, rt:65520:1
+  lrg comms:
+  best: True, LOCAL_PREF: 1
+  filtered: False ()
+
+8000:1::/32, AS_PATH: 2 101, NEXT_HOP: 2001:db8:1:1::21, via 2001:db8:1:1::21
+  std comms: 65520:0, 65520:10
+  ext comms: rfc8097-not-found, rt:65520:2
+  lrg comms:
+  best: False, LOCAL_PREF: 1
+  filtered: False ()
+
+::/0, AS_PATH: 3, NEXT_HOP: 2001:db8:1:1::31, via 2001:db8:1:1::31
+  std comms: 65520:0, 65520:10
+  ext comms: rfc8097-not-found, rt:65520:3
+  lrg comms:
+  best: True, LOCAL_PREF: 1
+  filtered: False ()
+